From 5a32a8491df9d81d54c3eb12e7b86abac7091bba Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 18 Feb 2003 05:08:09 +0000
Subject: We don't use mkproto stuff for the python extensions anymore. (This
 used to be commit 8d166ae093655a5a14a7478c7a84474b43e8ee97)

---
 source3/Makefile.in | 29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index c3b70f9986..bd41d9636c 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1067,35 +1067,6 @@ PYTHON_OBJS = $(LIB_OBJ) $(LIBSMB_OBJ) $(RPC_PARSE_OBJ) $(UBIQX_OBJ) \
 	$(PARAM_OBJ) $(LIBMSRPC_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
 	$(SECRETS_OBJ) $(KRBCLIENT_OBJ)
 
-PY_SPOOLSS_PROTO_OBJ = python/py_spoolss.o \
-		python/py_spoolss_printers.o python/py_spoolss_printers_conv.o\
-		python/py_spoolss_forms.o python/py_spoolss_forms_conv.o \
-		python/py_spoolss_ports.o python/py_spoolss_ports_conv.o \
-		python/py_spoolss_drivers.o python/py_spoolss_drivers_conv.o \
-		python/py_spoolss_jobs.o python/py_spoolss_jobs_conv.o \
-		python/py_spoolss_printerdata.o
-
-PY_LSA_PROTO_OBJ = python/py_lsa.o
-
-PY_COMMON_PROTO_OBJ = python/py_common.c python/py_ntsec.c
-
-python_proto: python_spoolss_proto python_lsa_proto python_common_proto
-
-python_spoolss_proto:
-	@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-		-h _PY_SPOOLSS_PROTO_H python/py_spoolss_proto.h \
-		$(PY_SPOOLSS_PROTO_OBJ)
-
-python_lsa_proto:
-	@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-		-h _PY_LSA_PROTO_H python/py_lsa_proto.h \
-		$(PY_LSA_PROTO_OBJ)
-
-python_common_proto:
-	@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-		-h _PY_COMMON_PROTO_H python/py_common_proto.h \
-		$(PY_COMMON_PROTO_OBJ)
-
 python_ext: $(PYTHON_OBJS)
 	@if test -z "$(PYTHON)"; then \
 		echo Use the option --with-python to configure python; \
-- 
cgit 


From 030beddfb3c5208256c08b3cd2620332113f6308 Mon Sep 17 00:00:00 2001
From: Rafal Szczesniak <mimir@samba.org>
Date: Tue, 18 Feb 2003 14:59:21 +0000
Subject: Fix of two warnings. pull_ucs2_talloc function takes char** pointer,
 not (here explicitly casted) void** one.

Rafal
(This used to be commit e77c44efd95d42a8194f5c3d36c043f8e84dfd1d)
---
 source3/libads/ldap_printer.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c
index 87ea058896..f5cd4f2885 100644
--- a/source3/libads/ldap_printer.c
+++ b/source3/libads/ldap_printer.c
@@ -85,8 +85,7 @@ static BOOL map_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 		return False;
 
 	if (value->size && *((smb_ucs2_t *) value->data_p)) {
-		pull_ucs2_talloc(ctx, (void **) &str_value, 
-				 (const smb_ucs2_t *) value->data_p);
+		pull_ucs2_talloc(ctx, &str_value, (const smb_ucs2_t *) value->data_p);
 		status = ads_mod_str(ctx, mods, value->valuename, str_value);
 		return ADS_ERR_OK(status);
 	}
@@ -155,9 +154,8 @@ static BOOL map_multi_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 
 		cur_str = (smb_ucs2_t *) value->data_p;
 		for (i=0; i < num_vals; i++)
-			cur_str += pull_ucs2_talloc(ctx, 
-						    (void **) &str_values[i], 
-						    cur_str);
+			cur_str += pull_ucs2_talloc(ctx, &str_values[i],
+			                            cur_str);
 
 		status = ads_mod_strlist(ctx, mods, value->valuename, 
 					 (const char **) str_values);
-- 
cgit 


From c536b88b2b71c264a1e31ada51e463fee5cb949b Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 18:34:48 +0000
Subject: Use the new modules stuff to load dynrpc modules. Basically this
 means: - calling the initialization function in the module init_module()
 instead of rpc_pipe_init() - calling smb_load_module() to do the dlopen(),
 dlsym() and init_module() calls

I'll merge this to 3.0, together with the smb_load_module() function.

Discussed with Anthony.
(This used to be commit 3757ed8df06ca2b306bef336bdb9c7671f5e6a65)
---
 source3/rpc_server/srv_dfs.c     |  2 +-
 source3/rpc_server/srv_lsa.c     |  2 +-
 source3/rpc_server/srv_netlog.c  |  2 +-
 source3/rpc_server/srv_pipe.c    | 31 ++++++-------------------------
 source3/rpc_server/srv_reg.c     |  2 +-
 source3/rpc_server/srv_samr.c    |  2 +-
 source3/rpc_server/srv_spoolss.c |  2 +-
 source3/rpc_server/srv_srvsvc.c  |  2 +-
 source3/rpc_server/srv_wkssvc.c  |  2 +-
 9 files changed, 14 insertions(+), 33 deletions(-)

diff --git a/source3/rpc_server/srv_dfs.c b/source3/rpc_server/srv_dfs.c
index f6e9ca3d56..14c1cb4088 100644
--- a/source3/rpc_server/srv_dfs.c
+++ b/source3/rpc_server/srv_dfs.c
@@ -159,7 +159,7 @@ static BOOL api_dfs_enum(pipes_struct *p)
 ********************************************************************/
 
 #ifdef RPC_DFS_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_dfs_init(void)
 #endif
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index fad8f5641a..0e4039326b 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -772,7 +772,7 @@ static BOOL api_lsa_remove_acct_rights(pipes_struct *p)
  ***************************************************************************/
 
 #ifdef RPC_LSA_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_lsa_init(void)
 #endif
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index f377d3952b..c9e4fc1b1f 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -322,7 +322,7 @@ static BOOL api_net_logon_ctrl(pipes_struct *p)
  ********************************************************************/
 
 #ifdef RPC_NETLOG_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_net_init(void)
 #endif
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 50127005a1..0b8b7b229a 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -794,42 +794,23 @@ int rpc_pipe_register_commands(const char *clnt, const char *srv, const struct a
 /*******************************************************************
  Register commands to an RPC pipe
 *******************************************************************/
-int rpc_load_module(const char *module)
+NTSTATUS rpc_load_module(const char *module)
 {
-#ifdef HAVE_DLOPEN
-        void *handle;
-        int (*module_init)(void);
         pstring full_path;
-        char *error;
+		NTSTATUS status;
         
         pstrcpy(full_path, lib_path("rpc"));
         pstrcat(full_path, "/librpc_");
         pstrcat(full_path, module);
         pstrcat(full_path, ".");
         pstrcat(full_path, shlib_ext());
-
-        handle = sys_dlopen(full_path, RTLD_LAZY);
-        if (!handle) {
+		
+		if (!NT_STATUS_IS_OK(status = smb_load_module(full_path)))  {
                 DEBUG(0, ("Could not load requested pipe %s as %s\n", 
                     module, full_path));
-                DEBUG(0, (" Error: %s\n", dlerror()));
-                return 0;
         }
         
-        DEBUG(3, ("Module '%s' loaded\n", full_path));
-        
-        module_init = sys_dlsym(handle, "rpc_pipe_init");
-        if ((error = sys_dlerror()) != NULL) {
-                DEBUG(0, ("Error trying to resolve symbol 'rpc_pipe_init' in %s: %s\n",
-                          full_path, error));
-                return 0;
-        }
-        
-        return module_init();
-#else
-        DEBUG(0,("Attempting to load a dynamic RPC pipe when dlopen isn't available\n"));
-        return 0;
-#endif
+		return status;
 }
 
 /*******************************************************************
@@ -877,7 +858,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
                        }
                 }
 
-                if (!api_fd_commands[i].name && !rpc_load_module(p->name)) {
+                if (!api_fd_commands[i].name && !NT_STATUS_IS_OK(rpc_load_module(p->name))) {
                        DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
                                 p->name ));
                        if(!setup_bind_nak(p))
diff --git a/source3/rpc_server/srv_reg.c b/source3/rpc_server/srv_reg.c
index 04960f8e3a..8fc1d42b2f 100644
--- a/source3/rpc_server/srv_reg.c
+++ b/source3/rpc_server/srv_reg.c
@@ -374,7 +374,7 @@ static BOOL api_reg_save_key(pipes_struct *p)
  ********************************************************************/
 
 #ifdef RPC_REG_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_reg_init(void)
 #endif
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 3a31ec82e1..b75195ceef 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -1444,7 +1444,7 @@ static BOOL api_samr_set_dom_info(pipes_struct *p)
  ********************************************************************/
 
 #ifdef RPC_SAMR_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_samr_init(void)
 #endif
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
index 5832ae876b..3023922a5b 100755
--- a/source3/rpc_server/srv_spoolss.c
+++ b/source3/rpc_server/srv_spoolss.c
@@ -1581,7 +1581,7 @@ static BOOL api_spoolss_replycloseprinter(pipes_struct *p)
 ********************************************************************/
 
 #ifdef RPC_SPOOLSS_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_spoolss_init(void)
 #endif
diff --git a/source3/rpc_server/srv_srvsvc.c b/source3/rpc_server/srv_srvsvc.c
index 983c660965..7c5e317c87 100644
--- a/source3/rpc_server/srv_srvsvc.c
+++ b/source3/rpc_server/srv_srvsvc.c
@@ -527,7 +527,7 @@ static BOOL api_srv_net_file_set_secdesc(pipes_struct *p)
 ********************************************************************/
 
 #ifdef RPC_SVC_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_srv_init(void)
 #endif
diff --git a/source3/rpc_server/srv_wkssvc.c b/source3/rpc_server/srv_wkssvc.c
index 1fed2cc6db..e0d662ea80 100644
--- a/source3/rpc_server/srv_wkssvc.c
+++ b/source3/rpc_server/srv_wkssvc.c
@@ -61,7 +61,7 @@ static BOOL api_wks_query_info(pipes_struct *p)
  ********************************************************************/
 
 #ifdef RPC_WKS_DYNAMIC
-int rpc_pipe_init(void)
+int init_module(void)
 #else
 int rpc_wks_init(void)
 #endif
-- 
cgit 


From 5eb7b6113b8d4b59de5177e8b1485dc0c3ae19db Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 18:43:59 +0000
Subject: Add -V option (to print out version) to utilities where possible
 (pdbedit already has a -V option..) (This used to be commit
 5de622968d95c1436dbd34edc8d0a9bbff68916b)

---
 source3/Makefile.in           | 2 +-
 source3/nsswitch/wbinfo.c     | 1 +
 source3/rpcclient/rpcclient.c | 1 +
 source3/rpcclient/samsync.c   | 1 +
 source3/torture/samtest.c     | 1 +
 source3/torture/vfstest.c     | 1 +
 source3/utils/net.c           | 1 +
 source3/utils/ntlm_auth.c     | 1 +
 source3/utils/status.c        | 1 +
 9 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index bd41d9636c..e04550cf21 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -597,7 +597,7 @@ WINBINDD_OBJ = \
 		$(PROFILE_OBJ) $(UNIGRP_OBJ) \
 		$(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ)
 
-WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o
+WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o $(POPT_LIB_OBJ)
 
 WINBIND_NSS_OBJ = nsswitch/winbind_nss.o nsswitch/wb_common.o @WINBIND_NSS_EXTRA_OBJS@
 
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index f03b0493de..68dc178bcd 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -711,6 +711,7 @@ int main(int argc, char **argv)
 		{ "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
 		{ "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
 		{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
+		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ 0, 0, 0, 0 }
 	};
 
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 81bb62486a..37ce597d4e 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -585,6 +585,7 @@ out_free:
 		{"dest-ip", 'I', POPT_ARG_STRING,   &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_configfile },
+		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ NULL }
 	};
 
diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c
index f941d70e5e..a4061d2a87 100644
--- a/source3/rpcclient/samsync.c
+++ b/source3/rpcclient/samsync.c
@@ -632,6 +632,7 @@ struct poptOption popt_common_interactive[] = {
 		  "Replicate SAM changes" },
 		{ "serial", 0, POPT_ARG_INT, &serial, 0, "SAM serial number" },
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
+		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_auth_info },
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_interactive },
 		POPT_AUTOHELP
diff --git a/source3/torture/samtest.c b/source3/torture/samtest.c
index 17444c0757..a1ccec098b 100644
--- a/source3/torture/samtest.c
+++ b/source3/torture/samtest.c
@@ -369,6 +369,7 @@ int main(int argc, char *argv[])
 		{"command",	'e', POPT_ARG_STRING,	&cmdstr, 'e', "Execute semicolon seperated cmds"},
 		{"logfile",	'l', POPT_ARG_STRING,	&opt_logfile, 'l', "Logfile to use instead of stdout"},
 		{"configfile", 'c', POPT_ARG_STRING, &config_file, 0,"use different configuration file",NULL},
+		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ 0, 0, 0, 0}
 	};
 
diff --git a/source3/torture/vfstest.c b/source3/torture/vfstest.c
index 78d22a07ac..fef189844b 100644
--- a/source3/torture/vfstest.c
+++ b/source3/torture/vfstest.c
@@ -495,6 +495,7 @@ int main(int argc, char *argv[])
 		{"command",	'c', POPT_ARG_STRING,	&cmdstr, 0, "Execute specified list of commands" },
 		{"logfile",	'l', POPT_ARG_STRING,	&opt_logfile, 'l', "Write output to specified logfile" },
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
+		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ 0, 0, 0, 0}
 	};
 
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 33195375f5..ada0ed53e1 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -537,6 +537,7 @@ static struct functable net_func[] = {
 		{"timeout",	't', POPT_ARG_INT,    &opt_timeout},
 		{"machine-pass",'P', POPT_ARG_NONE,   &opt_machine_pass},
 		{"debuglevel",  'd', POPT_ARG_STRING, &debuglevel},
+		{NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ 0, 0, 0, 0}
 	};
 
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 9e4318def3..b76308c55f 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -466,6 +466,7 @@ int main(int argc, const char **argv)
 		{ "password", 0, POPT_ARG_STRING, &password, OPT_PASSWORD, "User's plaintext password"},		
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_configfile },
+		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ 0, 0, 0, 0 }
 	};
 
diff --git a/source3/utils/status.c b/source3/utils/status.c
index 094dc0ff1c..8014b133d9 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -560,6 +560,7 @@ static int traverse_sessionid(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, vo
 #endif /* WITH_PROFILE */
 		{"byterange",	'B', POPT_ARG_NONE,	&show_brl, 'B', "Include byte range locks"},
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
+		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_configfile },
 		{ 0, 0, 0, 0}
 	};
-- 
cgit 


From e657bccd25a33a7382c0a9a355b37c8dd3c1d536 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 20:12:20 +0000
Subject: Update introduction (This used to be commit
 46c99ff855ba273568785f118cd19a2788430c1e)

---
 docs/docbook/projdoc/passdb.sgml | 102 ++++++++++++++++++++++++---------------
 1 file changed, 64 insertions(+), 38 deletions(-)

diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml
index e058439388..4e0ee93a55 100644
--- a/docs/docbook/projdoc/passdb.sgml
+++ b/docs/docbook/projdoc/passdb.sgml
@@ -37,18 +37,32 @@
 
 <sect1>
 	<title>Introduction</title>
+
+	<para>Old windows clients send plain text passwords over the wire. 
+	Samba can check these passwords by crypting them and comparing them 
+	to the hash stored in the unix user database.
+	</para>
 	
-	<para>Newer windows clients send encrypted passwords over 
+	<para>
+	Newer windows clients send encrypted passwords (so-called 
+	Lanman and NT hashes) over 
 	the wire, instead of plain text passwords. The newest clients 
 	will only send encrypted passwords and refuse to send plain text 
-	passwords, unless their registry is tweaked.</para>
+	passwords, unless their registry is tweaked.
+	</para>
 
 	<para>These passwords can't be converted to unix style encrypted 
 	passwords. Because of that you can't use the standard unix 
 	user database, and you have to store the Lanman and NT hashes 
-	somewhere else. Also, windows stores some data for each user 
-	that is not stored by unix. Thus, samba has it's own user database.
-	This user database is maintained by a "passdb backend". Commonly
+	somewhere else. </para>
+	
+	<para>Next to a differently encrypted passwords, 
+	windows also stores certain data for each user 
+	that is not stored in a unix user database, e.g. 
+	workstations the user may logon from, the location where his/her 
+	profile is stored, etc.
+	Samba retrieves and stores this information using a "passdb backend".
+	Commonly
 	available backends are LDAP, plain text file, MySQL and nisplus.
 	For more information, see the documentation about the 
 	<command>passdb backend = </command> parameter.
@@ -68,7 +82,8 @@
 	password from them, but they could potentially be used in a modified 
 	client to gain access to a server. This would require considerable 
 	technical knowledge on behalf of the attacker but is perfectly possible. 
-	You should thus treat the smbpasswd file as though it contained the 
+	You should thus treat the data stored in whatever 
+	passdb backend you use (smbpasswd file, ldap, mysql) as though it contained the 
 	cleartext passwords of all your users. Its contents must be kept 
 	secret, and the file should be protected accordingly.</para>
 	
@@ -89,17 +104,17 @@
 		<para>Other Microsoft operating systems which also exhibit 
 		this behavior includes</para>
 		
-		<itemizedlist>
-			<listitem><para>MS DOS Network client 3.0 with 
-			the basic network redirector installed</para></listitem>
+		<simplelist>
+			<member>MS DOS Network client 3.0 with 
+			the basic network redirector installed</member>
 			
-			<listitem><para>Windows 95 with the network redirector 
-			update installed</para></listitem>
+			<member>Windows 95 with the network redirector 
+			update installed</member>
 			
-			<listitem><para>Windows 98 [se]</para></listitem>
+			<member>Windows 98 [se]</member>
 			
-			<listitem><para>Windows 2000</para></listitem>
-		</itemizedlist>
+			<member>Windows 2000</member>
+		</simplelist>
 		
 		<para><emphasis>Note :</emphasis>All current release of 
 		Microsoft SMB/CIFS clients support authentication via the
@@ -111,38 +126,37 @@
 	<sect2>
 		<title>Advantages of SMB Encryption</title>
 
-		<itemizedlist>
-			<listitem><para>plain text passwords are not passed across 
+		<simplelist>
+			<member>plain text passwords are not passed across 
 			the network. Someone using a network sniffer cannot just 
-			record passwords going to the SMB server.</para>
-			</listitem>
+			record passwords going to the SMB server.</member>
 		 
-			<listitem><para>WinNT doesn't like talking to a server 
+			<member>WinNT doesn't like talking to a server 
 			that isn't using SMB encrypted passwords. It will refuse 
 			to browse the server if the server is also in user level 
 			security mode. It will insist on prompting the user for the 
 			password on each connection, which is very annoying. The
 			only things you can do to stop this is to use SMB encryption.
-			</para></listitem>
-		</itemizedlist>
+			</member>
+		</simplelist>
 	</sect2>
 
 
 	<sect2>
 		<title>Advantages of non-encrypted passwords</title>
 
-		<itemizedlist>
-			<listitem><para>plain text passwords are not kept 
-			on disk. </para></listitem>
+		<simplelist>
+			<member>plain text passwords are not kept 
+			on disk. </member>
 			
-			<listitem><para>uses same password file as other unix 
-			services such as login and ftp</para></listitem>
+			<member>uses same password file as other unix 
+			services such as login and ftp</member>
 			
-			<listitem><para>you are probably already using other 
+			<member>you are probably already using other 
 			services (such as telnet and ftp) which send plain text 
 			passwords over the net, so sending them for SMB isn't 
-			such a big deal.</para></listitem>
-		</itemizedlist>
+			such a big deal.</member>
+		</simplelist>
 	</sect2>
 </sect1>
 
@@ -150,17 +164,16 @@
 <sect1>
 	<title>The smbpasswd Command</title>
 	
-	<para>The smbpasswd command maintains the two 32 byte password fields 
-	in the smbpasswd file. If you wish to make it similar to the unix 
-	<command>passwd</command> or <command>yppasswd</command> programs, 
-	install it in <filename>/usr/local/samba/bin/</filename> (or your 
-	main Samba binary directory).</para> FIXME
+	<para>The smbpasswd utility is a utility similar to the 
+	<command>passwd</command> or <command>yppasswd</command> programs.
+	It maintains the two 32 byte password fields 
+	in the passdb backend. </para>
 
-	<para><command>smbpasswd</command> now works in a client-server mode 
+	<para><command>smbpasswd</command> works in a client-server mode 
 	where it contacts the local smbd to change the user's password on its 
 	behalf. This has enormous benefits - as follows.</para>
 
-	<para><command>smbpasswd</command> now has the capability 
+	<para><command>smbpasswd</command> has the capability 
 	to change passwords on Windows NT servers (this only works when 
 	the request is sent to the NT Primary Domain Controller if you 
 	are changing an NT Domain user's password).</para>
@@ -205,7 +218,20 @@ FIXME
 
 <sect1>
 <title>Plain text</title>
-FIXME
+<para>
+Older versions of samba retrieved user information from the unix user database 
+and eventually some other fields from the file <filename>/etc/samba/smbpasswd</filename>
+or <filename>/etc/smbpasswd</filename>. When password encryption is disabled, no 
+data is stored at all.
+</para>
+</sect1>
+
+<sect1>
+<title>TDB</title>
+<para>Samba can also store the user data in a "TDB" (Trivial Database). Using this backend 
+doesn't require any additional configuration. This backend is recommended for new installations who 
+don't require LDAP.
+</para>
 </sect1>
 
 <sect1>
@@ -759,7 +785,7 @@ ntPassword: 878D8014606CDA29677A44EFA1353FC7
 </sect1>
 
 <sect1>
-<title>Passdb MySQL plugin</title>
+<title>MySQL</title>
 
 <sect2>
 <title>Building</title>
-- 
cgit 


From 9c6a290512c7a326cbc437b058c229a88dd6fad7 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 21:12:28 +0000
Subject: Move all password database stuff to one document - hope this makes it
 somewhat more understandable for the user. Comments are welcome! (This used
 to be commit 847d05085147431de923c735b7ab6ea752e592c2)

---
 docs/docbook/projdoc/ENCRYPTION.sgml       | 189 ---------
 docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml | 593 -----------------------------
 docs/docbook/projdoc/pdb_mysql.sgml        | 159 --------
 docs/docbook/projdoc/pdb_xml.sgml          |  42 --
 docs/docbook/projdoc/samba-doc.sgml        |  10 +-
 5 files changed, 2 insertions(+), 991 deletions(-)
 delete mode 100644 docs/docbook/projdoc/ENCRYPTION.sgml
 delete mode 100644 docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
 delete mode 100644 docs/docbook/projdoc/pdb_mysql.sgml
 delete mode 100644 docs/docbook/projdoc/pdb_xml.sgml

diff --git a/docs/docbook/projdoc/ENCRYPTION.sgml b/docs/docbook/projdoc/ENCRYPTION.sgml
deleted file mode 100644
index f903d7d334..0000000000
--- a/docs/docbook/projdoc/ENCRYPTION.sgml
+++ /dev/null
@@ -1,189 +0,0 @@
-<chapter id="pwencrypt">
-
-
-<chapterinfo>
-	<author>
-		<firstname>Jeremy</firstname><surname>Allison</surname>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-			<address>
-				<email>jra@samba.org</email>
-			</address>
-		</affiliation>
-	</author>
-
-	<author>
-		<firstname>Jelmer</firstname><surname>Vernooij</surname>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-			<address>
-				<email>jelmer@samba.org</email>
-			</address>
-		</affiliation>
-	</author>
-
-	<pubdate>4 November 2002</pubdate>
-</chapterinfo>
-	
-<title>LanMan and NT Password Encryption in Samba</title>
-
-
-<sect1>
-	<title>Introduction</title>
-	
-	<para>Newer windows clients send encrypted passwords over 
-	the wire, instead of plain text passwords. The newest clients 
-	will only send encrypted passwords and refuse to send plain text 
-	passwords, unless their registry is tweaked.</para>
-
-	<para>These passwords can't be converted to unix style encrypted 
-	passwords. Because of that you can't use the standard unix 
-	user database, and you have to store the Lanman and NT hashes 
-	somewhere else. For more information, see the documentation 
-	about the <command>passdb backend = </command> parameter.
-	</para>
-
-</sect1>
-
-<sect1>
-	<title>Important Notes About Security</title>
-	
-	<para>The unix and SMB password encryption techniques seem similar 
-	on the surface. This similarity is, however, only skin deep. The unix 
-	scheme typically sends clear text passwords over the network when 
-	logging in. This is bad. The SMB encryption scheme never sends the 
-	cleartext password over the network but it does store the 16 byte 
-	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
-	values are a "password equivalent". You cannot derive the user's 
-	password from them, but they could potentially be used in a modified 
-	client to gain access to a server. This would require considerable 
-	technical knowledge on behalf of the attacker but is perfectly possible. 
-	You should thus treat the smbpasswd file as though it contained the 
-	cleartext passwords of all your users. Its contents must be kept 
-	secret, and the file should be protected accordingly.</para>
-	
-	<para>Ideally we would like a password scheme which neither requires 
-	plain text passwords on the net or on disk. Unfortunately this 
-	is not available as Samba is stuck with being compatible with 
-	other SMB systems (WinNT, WfWg, Win95 etc). </para>
-
-	<warning>
-		<para>Note that Windows NT 4.0 Service pack 3 changed the 
-		default for permissible authentication so that plaintext 
-		passwords are <emphasis>never</emphasis> sent over the wire. 
-		The solution to this is either to switch to encrypted passwords 
-		with Samba or edit the Windows NT registry to re-enable plaintext 
-		passwords. See the document WinNT.txt for details on how to do 
-		this.</para>
-		
-		<para>Other Microsoft operating systems which also exhibit 
-		this behavior includes</para>
-		
-		<itemizedlist>
-			<listitem><para>MS DOS Network client 3.0 with 
-			the basic network redirector installed</para></listitem>
-			
-			<listitem><para>Windows 95 with the network redirector 
-			update installed</para></listitem>
-			
-			<listitem><para>Windows 98 [se]</para></listitem>
-			
-			<listitem><para>Windows 2000</para></listitem>
-		</itemizedlist>
-		
-		<para><emphasis>Note :</emphasis>All current release of 
-		Microsoft SMB/CIFS clients support authentication via the
-		SMB Challenge/Response mechanism described here.  Enabling
-		clear text authentication does not disable the ability
-		of the client to participate in encrypted authentication.</para>
-	</warning>
-
-	<sect2>
-		<title>Advantages of SMB Encryption</title>
-
-		<itemizedlist>
-			<listitem><para>plain text passwords are not passed across 
-			the network. Someone using a network sniffer cannot just 
-			record passwords going to the SMB server.</para>
-			</listitem>
-		 
-			<listitem><para>WinNT doesn't like talking to a server 
-			that isn't using SMB encrypted passwords. It will refuse 
-			to browse the server if the server is also in user level 
-			security mode. It will insist on prompting the user for the 
-			password on each connection, which is very annoying. The
-			only things you can do to stop this is to use SMB encryption.
-			</para></listitem>
-		</itemizedlist>
-	</sect2>
-
-
-	<sect2>
-		<title>Advantages of non-encrypted passwords</title>
-
-		<itemizedlist>
-			<listitem><para>plain text passwords are not kept 
-			on disk. </para></listitem>
-			
-			<listitem><para>uses same password file as other unix 
-			services such as login and ftp</para></listitem>
-			
-			<listitem><para>you are probably already using other 
-			services (such as telnet and ftp) which send plain text 
-			passwords over the net, so sending them for SMB isn't 
-			such a big deal.</para></listitem>
-		</itemizedlist>
-	</sect2>
-</sect1>
-
-
-<sect1>
-	<title>The smbpasswd Command</title>
-	
-	<para>The smbpasswd command maintains the two 32 byte password fields 
-	in the smbpasswd file. If you wish to make it similar to the unix 
-	<command>passwd</command> or <command>yppasswd</command> programs, 
-	install it in <filename>/usr/local/samba/bin/</filename> (or your 
-	main Samba binary directory).</para>
-
-	<para><command>smbpasswd</command> now works in a client-server mode 
-	where it contacts the local smbd to change the user's password on its 
-	behalf. This has enormous benefits - as follows.</para>
-
-	<para><command>smbpasswd</command> now has the capability 
-	to change passwords on Windows NT servers (this only works when 
-	the request is sent to the NT Primary Domain Controller if you 
-	are changing an NT Domain user's password).</para>
-	
-	<para>To run smbpasswd as a normal user just type :</para>
-	
-	<para><prompt>$ </prompt><userinput>smbpasswd</userinput></para>
-	<para><prompt>Old SMB password: </prompt><userinput>&lt;type old value here - 
-	or hit return if there was no old password&gt;</userinput></para>
-	<para><prompt>New SMB Password: </prompt><userinput>&lt;type new value&gt;
-	</userinput></para>
-	<para><prompt>Repeat New SMB Password: </prompt><userinput>&lt;re-type new value
-	</userinput></para>
-	
-	<para>If the old value does not match the current value stored for 
-	that user, or the two new values do not match each other, then the 
-	password will not be changed.</para>
-	
-	<para>If invoked by an ordinary user it will only allow the user 
-	to change his or her own Samba password.</para>
-	
-	<para>If run by the root user smbpasswd may take an optional 
-	argument, specifying the user name whose SMB password you wish to 
-	change.  Note that when run as root smbpasswd does not prompt for 
-	or check the old password value, thus allowing root to set passwords 
-	for users who have forgotten their passwords.</para>
-	
-	<para><command>smbpasswd</command> is designed to work in the same way 
-	and be familiar to UNIX users who use the <command>passwd</command> or 
-	<command>yppasswd</command> commands.</para>
-
-	<para>For more details on using <command>smbpasswd</command> refer 
-	to the man page which will always be the definitive reference.</para>
-</sect1>
-
-</chapter>
diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
deleted file mode 100644
index f294ddd1ff..0000000000
--- a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
+++ /dev/null
@@ -1,593 +0,0 @@
-<chapter id="samba-ldap-howto">
-
-<chapterinfo>
-	<author>
-		<firstname>Gerald (Jerry)</firstname><surname>Carter</surname>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-			<address><email>jerry@samba.org</email></address>
-		</affiliation>
-		<firstname>Olivier (lem)</firstname><surname>Lemaire</surname>
-		<affiliation>
-			<orgname>IDEALX</orgname>
-			<address><email>olem@IDEALX.org</email></address>
-		</affiliation>
-	</author>
-
-
-	<pubdate> (13 Jan 2002) </pubdate>
-</chapterinfo>
-
-<title>Storing Samba's User/Machine Account information in an LDAP Directory</title>
-
-<sect1>
-<title>Purpose</title>
-
-<para>
-This document describes how to use an LDAP directory for storing Samba user
-account information traditionally stored in the smbpasswd(5) file.  It is
-assumed that the reader already has a basic understanding of LDAP concepts
-and has a working directory server already installed.  For more information
-on LDAP architectures and Directories, please refer to the following sites.
-</para>
-
-<itemizedlist>
-	<listitem><para>OpenLDAP - <ulink url="http://www.openldap.org/">http://www.openldap.org/</ulink></para></listitem>
-	<listitem><para>iPlanet Directory Server - <ulink url="http://iplanet.netscape.com/directory">http://iplanet.netscape.com/directory</ulink></para></listitem>
-</itemizedlist>
-
-<para>
-Note that <ulink url="http://www.ora.com/">O'Reilly Publishing</ulink> is working on
-a guide to LDAP for System Administrators which has a planned release date of
-early summer, 2002.
-</para>
-
-<para>
-Two additional Samba resources which may prove to be helpful are
-</para>
-
-<itemizedlist>
-	<listitem><para>The <ulink url="http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html">Samba-PDC-LDAP-HOWTO</ulink>
-	maintained by Ignacio Coupeau.</para></listitem>
-
-	<listitem><para>The NT migration scripts from <ulink url="http://samba.idealx.org/">IDEALX</ulink> that are
-	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
-	</para></listitem>
-</itemizedlist>
-
-</sect1>
-
-
-<sect1>
-<title>Introduction</title>
-
-<para>
-Traditionally, when configuring <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">"encrypt
-passwords = yes"</ulink> in Samba's <filename>smb.conf</filename> file, user account
-information such as username, LM/NT password hashes, password change times, and account
-flags have been stored in the <filename>smbpasswd(5)</filename> file.  There are several
-disadvantages to this approach for sites with very large numbers of users (counted
-in the thousands).
-</para>
-
-<itemizedlist>
-<listitem><para>
-The first is that all lookups must be performed sequentially.  Given that
-there are approximately two lookups per domain logon (one for a normal
-session connection such as when mapping a network drive or printer), this
-is a performance bottleneck for lareg sites.  What is needed is an indexed approach
-such as is used in databases.
-</para></listitem>
-
-<listitem><para>
-The second problem is that administrators who desired to replicate a
-smbpasswd file to more than one Samba server were left to use external
-tools such as <command>rsync(1)</command> and <command>ssh(1)</command>
-and wrote custom, in-house scripts.
-</para></listitem>
-
-<listitem><para>
-And finally, the amount of information which is stored in an
-smbpasswd entry leaves no room for additional attributes such as
-a home directory, password expiration time, or even a Relative
-Identified (RID).
-</para></listitem>
-</itemizedlist>
-
-<para>
-As a result of these defeciencies, a more robust means of storing user attributes
-used by smbd was developed.  The API which defines access to user accounts
-is commonly referred to as the samdb interface (previously this was called the passdb
-API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
-for a samdb backend (e.g. <parameter>--with-ldapsam</parameter> or
-<parameter>--with-tdbsam</parameter>) requires compile time support.
-</para>
-
-<para>
-When compiling Samba to include the <parameter>--with-ldapsam</parameter> autoconf
-option, smbd (and associated tools) will store and lookup user accounts in
-an LDAP directory.  In reality, this is very easy to understand.  If you are
-comfortable with using an smbpasswd file, simply replace "smbpasswd" with
-"LDAP directory" in all the documentation.
-</para>
-
-<para>
-There are a few points to stress about what the <parameter>--with-ldapsam</parameter>
-does not provide.  The LDAP support referred to in the this documentation does not
-include:
-</para>
-
-<itemizedlist>
-	<listitem><para>A means of retrieving user account information from
-	an Windows 2000 Active Directory server.</para></listitem>
-	<listitem><para>A means of replacing /etc/passwd.</para></listitem>
-</itemizedlist>
-
-<para>
-The second item can be accomplished by using LDAP NSS and PAM modules.  LGPL
-versions of these libraries can be obtained from PADL Software
-(<ulink url="http://www.padl.com/">http://www.padl.com/</ulink>).  However,
-the details of configuring these packages are beyond the scope of this document.
-</para>
-
-</sect1>
-
-<sect1>
-<title>Supported LDAP Servers</title>
-
-<para>
-The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
-2.0 server and client libraries.  The same code should be able to work with
-Netscape's Directory Server and client SDK. However, due to lack of testing
-so far, there are bound to be compile errors and bugs.  These should not be
-hard to fix. If you are so inclined, please be sure to forward all patches to
-<ulink url="samba-patches@samba.org">samba-patches@samba.org</ulink> and
-<ulink url="jerry@samba.org">jerry@samba.org</ulink>.
-</para>
-
-</sect1>
-
-
-
-
-<sect1>
-<title>Schema and Relationship to the RFC 2307 posixAccount</title>
-
-
-<para>
-Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
-<filename>examples/LDAP/samba.schema</filename>.  (Note that this schema
-file has been modified since the experimental support initially included
-in 2.2.2).  The sambaAccount objectclass is given here:
-</para>
-
-<para><programlisting>
-objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-     DESC 'Samba Account'
-     MUST ( uid $ rid )
-     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-            description $ userWorkstations $ primaryGroupID $ domain ))
-</programlisting></para>
-
-<para>
-The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
-owned by the Samba Team and as such is legal to be openly published.
-If you translate the schema to be used with Netscape DS, please
-submit the modified schema file as a patch to <ulink
-url="jerry@samba.org">jerry@samba.org</ulink>
-</para>
-
-<para>
-Just as the smbpasswd file is mean to store information which supplements a
-user's <filename>/etc/passwd</filename> entry, so is the sambaAccount object
-meant to supplement the UNIX user account information.  A sambaAccount is a
-<constant>STRUCTURAL</constant> objectclass so it can be stored individually
-in the directory.  However, there are several fields (e.g. uid) which overlap
-with the posixAccount objectclass outlined in RFC2307.  This is by design.
-</para>
-
-<!--olem: we should perhaps have a note about shadowAccounts too as many
-systems use them, isn'it ? -->
-
-<para>
-In order to store all user account information (UNIX and Samba) in the directory,
-it is necessary to use the sambaAccount and posixAccount objectclasses in
-combination.  However, smbd will still obtain the user's UNIX account
-information via the standard C library calls (e.g. getpwnam(), et. al.).
-This means that the Samba server must also have the LDAP NSS library installed
-and functioning correctly.  This division of information makes it possible to
-store all Samba account information in LDAP, but still maintain UNIX account
-information in NIS while the network is transitioning to a full LDAP infrastructure.
-</para>
-</sect1>
-
-<sect1>
-<title>Configuring Samba with LDAP</title>
-
-
-<sect2>
-<title>OpenLDAP configuration</title>
-
-<para>
-To include support for the sambaAccount object in an OpenLDAP directory
-server, first copy the samba.schema file to slapd's configuration directory.
-</para>
-
-<para>
-<prompt>root# </prompt><command>cp samba.schema /etc/openldap/schema/</command>
-</para>
-
-<para>
-Next, include the <filename>samba.schema</filename> file in <filename>slapd.conf</filename>.
-The sambaAccount object contains two attributes which depend upon other schema
-files.  The 'uid' attribute is defined in <filename>cosine.schema</filename> and
-the 'displayName' attribute is defined in the <filename>inetorgperson.schema</filename>
-file.  Both of these must be included before the <filename>samba.schema</filename> file.
-</para>
-
-<para><programlisting>
-## /etc/openldap/slapd.conf
-
-## schema files (core.schema is required by default)
-include	           /etc/openldap/schema/core.schema
-
-## needed for sambaAccount
-include            /etc/openldap/schema/cosine.schema
-include            /etc/openldap/schema/inetorgperson.schema
-include            /etc/openldap/schema/samba.schema
-
-## uncomment this line if you want to support the RFC2307 (NIS) schema
-## include         /etc/openldap/schema/nis.schema
-
-....
-</programlisting></para>
-
-<para>
-It is recommended that you maintain some indices on some of the most usefull attributes,
-like in the following example, to speed up searches made on sambaAccount objectclasses
-(and possibly posixAccount and posixGroup as well).
-</para>
-<para><programlisting>
-# Indices to maintain
-## required by OpenLDAP 2.0
-index objectclass   eq
-
-## support pb_getsampwnam()
-index uid           pres,eq
-## support pdb_getsambapwrid()
-index rid           eq
-
-## uncomment these if you are storing posixAccount and
-## posixGroup entries in the directory as well
-##index uidNumber     eq
-##index gidNumber     eq
-##index cn            eq
-##index memberUid     eq
-</programlisting></para>
-</sect2>
-
-
-<sect2>
-<title>Configuring Samba</title>
-<!--lem: <title>smb.conf LDAP parameters</title> -->
-
-<para>
-The following parameters are available in smb.conf only with <parameter>--with-ldapsam</parameter>
-was included with compiling Samba.
-</para>
-
-<itemizedlist>
-	<listitem><para><ulink url="smb.conf.5.html#LDAPSSL">ldap ssl</ulink></para></listitem>
-	<listitem><para><ulink url="smb.conf.5.html#LDAPSERVER">ldap server</ulink></para></listitem>
-	<listitem><para><ulink url="smb.conf.5.html#LDAPADMINDN">ldap admin dn</ulink></para></listitem>
-	<listitem><para><ulink url="smb.conf.5.html#LDAPSUFFIX">ldap suffix</ulink></para></listitem>
-	<listitem><para><ulink url="smb.conf.5.html#LDAPFILTER">ldap filter</ulink></para></listitem>
-	<listitem><para><ulink url="smb.conf.5.html#LDAPPORT">ldap port</ulink></para></listitem>
-</itemizedlist>
-
-<para>
-These are described in the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> man
-page and so will not be repeated here.  However, a sample smb.conf file for
-use with an LDAP directory could appear as
-</para>
-
-<para><programlisting>
-## /usr/local/samba/lib/smb.conf
-[global]
-     security = user
-     encrypt passwords = yes
-
-     netbios name = TASHTEGO
-     workgroup = NARNIA
-
-     # ldap related parameters
-
-     # define the DN to use when binding to the directory servers
-     # The password for this DN is not stored in smb.conf.  Rather it
-     # must be set by using 'smbpasswd -w <replaceable>secretpw</replaceable>' to store the
-     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
-     # changes, this password will need to be reset.
-     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
-
-     #  specify the LDAP server's hostname (defaults to locahost)
-     ldap server = ahab.samba.org
-
-     # Define the SSL option when connecting to the directory
-     # ('off', 'start tls', or 'on' (default))
-     ldap ssl = start tls
-
-     # define the port to use in the LDAP session (defaults to 636 when
-     # "ldap ssl = on")
-     ldap port = 389
-
-     # specify the base DN to use when searching the directory
-     ldap suffix = "ou=people,dc=samba,dc=org"
-
-     # generally the default ldap search filter is ok
-     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"
-</programlisting></para>
-
-
-</sect2>
-</sect1>
-
-
-<sect1>
-<title>Accounts and Groups management</title>
-
-<para>
-As users accounts are managed thru the sambaAccount objectclass, you should
-modify you existing administration tools to deal with sambaAccount attributes.
-</para>
-
-<para>
-Machines accounts are managed with the sambaAccount objectclass, just
-like users accounts. However, it's up to you to stored thoses accounts
-in a different tree of you LDAP namespace: you should use
-"ou=Groups,dc=plainjoe,dc=org" to store groups and
-"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
-NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
-file).
-</para>
-
-<para>
-In Samba release 2.2.3, the group management system is based on posix
-groups. This meand that Samba make usage of the posixGroup objectclass.
-For now, there is no NT-like group system management (global and local
-groups).
-</para>
-
-</sect1>
-
-<sect1>
-<title>Security and sambaAccount</title>
-
-
-<para>
-There are two important points to remember when discussing the security
-of sambaAccount entries in the directory.
-</para>
-
-<itemizedlist>
-	<listitem><para><emphasis>Never</emphasis> retrieve the lmPassword or
-	ntPassword attribute values over an unencrypted LDAP session.</para></listitem>
-	<listitem><para><emphasis>Never</emphasis> allow non-admin users to
-	view the lmPassword or ntPassword attribute values.</para></listitem>
-</itemizedlist>
-
-<para>
-These password hashes are clear text equivalents and can be used to impersonate
-the user without deriving the original clear text strings.  For more information
-on the details of LM/NT password hashes, refer to the <ulink
-url="ENCRYPTION.html">ENCRYPTION chapter</ulink> of the Samba-HOWTO-Collection.
-</para>
-
-<para>
-To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
-to require an encrypted session (<command>ldap ssl = on</command>) using
-the default port of 636
-when contacting the directory server.  When using an OpenLDAP 2.0 server, it
-is possible to use the use the StartTLS LDAP extended  operation in the place of
-LDAPS.  In either case, you are strongly discouraged to disable this security
-(<command>ldap ssl = off</command>).
-</para>
-
-<para>
-Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
-extended operation.  However, the OpenLDAP library still provides support for
-the older method of securing communication between clients and servers.
-</para>
-
-<para>
-The second security precaution is to prevent non-administrative users from
-harvesting password hashes from the directory.  This can be done using the
-following ACL in <filename>slapd.conf</filename>:
-</para>
-
-<para><programlisting>
-## allow the "ldap admin dn" access, but deny everyone else
-access to attrs=lmPassword,ntPassword
-     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
-     by * none
-</programlisting></para>
-
-
-</sect1>
-
-
-
-<sect1>
-<title>LDAP specials attributes for sambaAccounts</title>
-
-<para>
-The sambaAccount objectclass is composed of the following attributes:
-</para>
-
-<itemizedlist>
-
-	<listitem><para><constant>lmPassword</constant>: the LANMAN password 16-byte hash stored as a character
-	representation of a hexidecimal string.</para></listitem>
-
-	<listitem><para><constant>ntPassword</constant>: the NT password hash 16-byte stored as a character
-	representation of a hexidecimal string.</para></listitem>
-
-	<listitem><para><constant>pwdLastSet</constant>: The integer time in seconds since 1970 when the
-	<constant>lmPassword</constant> and <constant>ntPassword</constant> attributes were last set.
-	</para></listitem>
-
-	<listitem><para><constant>acctFlags</constant>: string of 11 characters surrounded by square brackets []
-	representing account flags such as U (user), W(workstation), X(no password expiration), and
-	D(disabled).</para></listitem>
-
-	<listitem><para><constant>logonTime</constant>: Integer value currently unused</para></listitem>
-
-	<listitem><para><constant>logoffTime</constant>: Integer value currently unused</para></listitem>
-
-	<listitem><para><constant>kickoffTime</constant>: Integer value currently unused</para></listitem>
-
-	<listitem><para><constant>pwdCanChange</constant>: Integer value currently unused</para></listitem>
-
-	<listitem><para><constant>pwdMustChange</constant>: Integer value currently unused</para></listitem>
-
-	<listitem><para><constant>homeDrive</constant>: specifies the drive letter to which to map the
-	UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
-	where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
-	smb.conf(5) man page for more information.</para></listitem>
-
-	<listitem><para><constant>scriptPath</constant>: The scriptPath property specifies the path of
-	the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
-	is relative to the netlogon share.  Refer to the "logon script" parameter in the
-	smb.conf(5) man page for more information.</para></listitem>
-
-	<listitem><para><constant>profilePath</constant>: specifies a path to the user's profile.
-	This value can be a null string, a local absolute path, or a UNC path.  Refer to the
-	"logon path" parameter in the smb.conf(5) man page for more information.</para></listitem>
-
-	<listitem><para><constant>smbHome</constant>: The homeDirectory property specifies the path of
-	the home directory for the user. The string can be null. If homeDrive is set and specifies
-	a drive letter, homeDirectory should be a UNC path. The path must be a network
-	UNC path of the form \\server\share\directory. This value can be a null string.
-	Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
-	</para></listitem>
-
-	<listitem><para><constant>userWorkstation</constant>: character string value currently unused.
-	</para></listitem>
-
-	<listitem><para><constant>rid</constant>: the integer representation of the user's relative identifier
-	(RID).</para></listitem>
-
-	<listitem><para><constant>primaryGroupID</constant>: the relative identifier (RID) of the primary group
-	of the user.</para></listitem>
-
-</itemizedlist>
-
-<para>
-The majority of these parameters are only used when Samba is acting as a PDC of
-a domain (refer to the <ulink url="Samba-PDC-HOWTO.html">Samba-PDC-HOWTO</ulink> for details on
-how to configure Samba as a Primary Domain Controller). The following four attributes
-are only stored with the sambaAccount entry if the values are non-default values:
-</para>
-
-<itemizedlist>
-	<listitem><para>smbHome</para></listitem>
-	<listitem><para>scriptPath</para></listitem>
-	<listitem><para>logonPath</para></listitem>
-	<listitem><para>homeDrive</para></listitem>
-</itemizedlist>
-
-<para>
-These attributes are only stored with the sambaAccount entry if
-the values are non-default values.  For example, assume TASHTEGO has now been
-configured as a PDC and that <command>logon home = \\%L\%u</command> was defined in
-its <filename>smb.conf</filename> file. When a user named "becky" logons to the domain,
-the <parameter>logon home</parameter> string is expanded to \\TASHTEGO\becky.
-If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
-this value is used.  However, if this attribute does not exist, then the value
-of the <parameter>logon home</parameter> parameter is used in its place.  Samba
-will only write the attribute value to the directory entry is the value is
-something other than the default (e.g. \\MOBY\becky).
-</para>
-
-
-</sect1>
-
-
-
-<sect1>
-<title>Example LDIF Entries for a sambaAccount</title>
-
-
-<para>
-The following is a working LDIF with the inclusion of the posixAccount objectclass:
-</para>
-
-<para><programlisting>
-dn: uid=guest2, ou=people,dc=plainjoe,dc=org
-ntPassword: 878D8014606CDA29677A44EFA1353FC7
-pwdMustChange: 2147483647
-primaryGroupID: 1201
-lmPassword: 552902031BEDE9EFAAD3B435B51404EE
-pwdLastSet: 1010179124
-logonTime: 0
-objectClass: sambaAccount
-uid: guest2
-kickoffTime: 2147483647
-acctFlags: [UX         ]
-logoffTime: 2147483647
-rid: 19006
-pwdCanChange: 0
-</programlisting></para>
-
-<para>
-The following is an LDIF entry for using both the sambaAccount and
-posixAccount objectclasses:
-</para>
-
-<para><programlisting>
-dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
-logonTime: 0
-displayName: Gerald Carter
-lmPassword: 552902031BEDE9EFAAD3B435B51404EE
-primaryGroupID: 1201
-objectClass: posixAccount
-objectClass: sambaAccount
-acctFlags: [UX         ]
-userPassword: {crypt}BpM2ej8Rkzogo
-uid: gcarter
-uidNumber: 9000
-cn: Gerald Carter
-loginShell: /bin/bash
-logoffTime: 2147483647
-gidNumber: 100
-kickoffTime: 2147483647
-pwdLastSet: 1010179230
-rid: 19000
-homeDirectory: /home/tashtego/gcarter
-pwdCanChange: 0
-pwdMustChange: 2147483647
-ntPassword: 878D8014606CDA29677A44EFA1353FC7
-</programlisting></para>
-
-
-</sect1>
-
-
-
-<sect1>
-<title>Comments</title>
-
-
-<para>
-Please mail all comments regarding this HOWTO to <ulink
-url="mailto:jerry@samba.org">jerry@samba.org</ulink>.  This documents was
-last updated to reflect the Samba 2.2.3 release.
-
-</para>
-
-
-</sect1>
-
-
-</chapter>
diff --git a/docs/docbook/projdoc/pdb_mysql.sgml b/docs/docbook/projdoc/pdb_mysql.sgml
deleted file mode 100644
index 66c12a2339..0000000000
--- a/docs/docbook/projdoc/pdb_mysql.sgml
+++ /dev/null
@@ -1,159 +0,0 @@
-<chapter id="pdb-mysql">
-<chapterinfo>
-	<author>
-		<firstname>Jelmer</firstname><surname>Vernooij</surname>
-		<affiliation>
-			<orgname>The Samba Team</orgname>
-			<address><email>jelmer@samba.org</email></address>
-		</affiliation>
-	</author>
-	<pubdate>November 2002</pubdate>
-</chapterinfo>
-
-<title>Passdb MySQL plugin</title>
-
-<sect1>
-<title>Building</title>
-
-<para>To build the plugin, run <command>make bin/pdb_mysql.so</command>
-in the <filename>source/</filename> directory of samba distribution. 
-</para>
-
-<para>Next, copy pdb_mysql.so to any location you want. I 
-strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</para>
-
-</sect1>
-
-<sect1>
-<title>Creating the database</title>
-
-<para>
-You either can set up your own table and specify the field names to pdb_mysql (see below
-for the column names) or use the default table. The file <filename>examples/pdb/mysql/mysql.dump</filename> 
-contains the correct queries to create the required tables. Use the command :
-
-<command>mysql -u<replaceable>username</replaceable> -h<replaceable>hostname</replaceable> -p<replaceable>password</replaceable> <replaceable>databasename</replaceable> < <filename>/path/to/samba/examples/pdb/mysql/mysql.dump</filename></command>
-
-</para>
-</sect1>
-
-<sect1>
-<title>Configuring</title>
-
-<para>This plugin lacks some good documentation, but here is some short info:</para>
-
-<para>Add a the following to the <command>passdb backend</command> variable in your <filename>smb.conf</filename>:
-<programlisting>
-passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]
-</programlisting>
-</para>
-
-<para>The identifier can be any string you like, as long as it doesn't collide with 
-the identifiers of other plugins or other instances of pdb_mysql. If you 
-specify multiple pdb_mysql.so entries in 'passdb backend', you also need to 
-use different identifiers!
-</para>
-
-<para>
-Additional options can be given thru the smb.conf file in the [global] section.
-</para>
-
-<para><programlisting>
-identifier:mysql host                     - host name, defaults to 'localhost'
-identifier:mysql password
-identifier:mysql user                     - defaults to 'samba'
-identifier:mysql database                 - defaults to 'samba'
-identifier:mysql port                     - defaults to 3306
-identifier:table                          - Name of the table containing users
-</programlisting></para>
-
-<para>
-<emphasis>
-WARNING: since the password for the mysql user is stored in the 
-smb.conf file, you should make the the smb.conf file 
-readable only to the user that runs samba. This is considered a security 
-bug and will be fixed soon.</emphasis>
-</para>
-
-<para>Names of the columns in this table(I've added column types those columns should have first):</para>
-
-<para><programlisting>
-identifier:logon time column             - int(9)
-identifier:logoff time column            - int(9)
-identifier:kickoff time column           - int(9)
-identifier:pass last set time column     - int(9)
-identifier:pass can change time column   - int(9)
-identifier:pass must change time column  - int(9)
-identifier:username column               - varchar(255) - unix username
-identifier:domain column                 - varchar(255) - NT domain user is part of
-identifier:nt username column            - varchar(255) - NT username
-identifier:fullname column            - varchar(255) - Full name of user
-identifier:home dir column               - varchar(255) - Unix homedir path
-identifier:dir drive column              - varchar(2) - Directory drive path (eg: 'H:')
-identifier:logon script column           - varchar(255) - Batch file to run on client side when logging on
-identifier:profile path column           - varchar(255) - Path of profile
-identifier:acct desc column              - varchar(255) - Some ASCII NT user data
-identifier:workstations column           - varchar(255) - Workstations user can logon to (or NULL for all)
-identifier:unknown string column         - varchar(255) - unknown string
-identifier:munged dial column            - varchar(255) - ?
-identifier:uid column                    - int(9) - Unix user ID (uid)
-identifier:gid column                    - int(9) - Unix user group (gid)
-identifier:user sid column               - varchar(255) - NT user SID
-identifier:group sid column              - varchar(255) - NT group ID
-identifier:lanman pass column            - varchar(255) - encrypted lanman password
-identifier:nt pass column                - varchar(255) - encrypted nt passwd
-identifier:plain pass column             - varchar(255) - plaintext password
-identifier:acct control column           - int(9) - nt user data
-identifier:unknown 3 column              - int(9) - unknown
-identifier:logon divs column             - int(9) - ?
-identifier:hours len column              - int(9) - ?
-identifier:unknown 5 column              - int(9) - unknown
-identifier:unknown 6 column              - int(9) - unknown
-</programlisting></para>
-
-<para>
-Eventually, you can put a colon (:) after the name of each column, which 
-should specify the column to update when updating the table. You can also
-specify nothing behind the colon - then the data from the field will not be 
-updated. 
-</para>
-
-</sect1>
-
-<sect1>
-<title>Using plaintext passwords or encrypted password</title>
-
-<para>
-I strongly discourage the use of plaintext passwords, however, you can use them:
-</para>
-
-<para>
-If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. 
-</para>
-
-<para>
-If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.
-</para>
-
-</sect1>
-
-<sect1>
-<title>Getting non-column data from the table</title>
-
-<para>
-It is possible to have not all data in the database and making some 'constant'.
-</para>
-
-<para>
-For example, you can set 'identifier:fullname column' to : 
-<command>CONCAT(First_name,' ',Sur_name)</command>
-</para>
-
-<para>
-Or, set 'identifier:workstations column' to :
-<command>NULL</command></para>
-
-<para>See the MySQL documentation for more language constructs.</para>
-
-</sect1>
-</chapter>
diff --git a/docs/docbook/projdoc/pdb_xml.sgml b/docs/docbook/projdoc/pdb_xml.sgml
deleted file mode 100644
index 87afb7b401..0000000000
--- a/docs/docbook/projdoc/pdb_xml.sgml
+++ /dev/null
@@ -1,42 +0,0 @@
-<chapter id="pdb-xml">
-<chapterinfo>
-	<author>
-		<firstname>Jelmer</firstname><surname>Vernooij</surname>
-		<affiliation>
-			<orgname>The Samba Team</orgname>
-			<address><email>jelmer@samba.org</email></address>
-		</affiliation>
-	</author>
-	<pubdate>November 2002</pubdate>
-</chapterinfo>
-
-<title>Passdb XML plugin</title>
-
-<sect1>
-<title>Building</title>
-
-<para>This module requires libxml2 to be installed.</para>
-
-<para>To build pdb_xml, run: <command>make bin/pdb_xml.so</command> in 
-the directory <filename>source/</filename>. </para>
-
-</sect1>
-
-<sect1>
-<title>Usage</title>
-
-<para>The usage of pdb_xml is pretty straightforward. To export data, use:
-
-<command>pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</command>
-
-(where filename is the name of the file to put the data in)
-</para>
-
-<para>
-To import data, use:
-<command>pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</command>
-
-Where filename is the name to read the data from and current-pdb to put it in.
-</para>
-</sect1>
-</chapter>
diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml
index e645a88f1d..e80b049fb7 100644
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@@ -1,6 +1,5 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
 <!ENTITY UNIX-INSTALL SYSTEM "UNIX_INSTALL.sgml">
-<!ENTITY ENCRYPTION SYSTEM "ENCRYPTION.sgml">
 <!ENTITY MS-Dfs-Setup SYSTEM "msdfs_setup.sgml">
 <!ENTITY PRINTER-DRIVER2 SYSTEM "printer_driver2.sgml">
 <!ENTITY DOMAIN-MEMBER SYSTEM "DOMAIN_MEMBER.sgml">
@@ -11,7 +10,6 @@
 <!ENTITY CVS-Access SYSTEM "CVS-Access.sgml">
 <!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml">
 <!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml">
-<!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml">
 <!ENTITY Diagnosis SYSTEM "Diagnosis.sgml">
 <!ENTITY BUGS SYSTEM "Bugs.sgml">
 <!ENTITY SECURITY-LEVEL SYSTEM "security_level.sgml">
@@ -22,8 +20,7 @@
 <!ENTITY Portability SYSTEM "Portability.sgml">
 <!ENTITY Other-Clients SYSTEM "Other-Clients.sgml">
 <!ENTITY ADS-HOWTO SYSTEM "ADS-HOWTO.sgml">
-<!ENTITY pdb-mysql SYSTEM "pdb_mysql.sgml">
-<!ENTITY pdb-xml SYSTEM "pdb_xml.sgml">
+<!ENTITY Passdb SYSTEM "passdb.sgml">
 <!ENTITY VFS SYSTEM "VFS.sgml">
 <!ENTITY GroupProfiles SYSTEM "GroupProfiles.sgml">
 ]>
@@ -81,7 +78,7 @@ PLEASE read this.</para>
 &UNIX-INSTALL;
 &BROWSING;
 &BROWSING-Quick;
-&ENCRYPTION;
+&Passdb;
 </part>
 
 <part id="type">
@@ -113,10 +110,7 @@ part each cover one specific feature.</para>
 &MS-Dfs-Setup;
 &PRINTER-DRIVER2;
 &WINBIND;
-&pdb-mysql;
-&pdb-xml;
 &VFS;
-&Samba-LDAP;
 &CVS-Access;
 &GROUP-MAPPING-HOWTO;
 &SPEED;
-- 
cgit 


From 7212d2be00b3d565751db8232de9c5affa1924e2 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 21:32:26 +0000
Subject: Use sgml syntax for warnings (This used to be commit
 73def167a806d482472fcb137c64ee9fe4b6400c)

---
 docs/docbook/projdoc/passdb.sgml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml
index 4e0ee93a55..222b4010ab 100644
--- a/docs/docbook/projdoc/passdb.sgml
+++ b/docs/docbook/projdoc/passdb.sgml
@@ -842,13 +842,14 @@ identifier:mysql port                     - defaults to 3306
 identifier:table                          - Name of the table containing users
 </programlisting></para>
 
+<warning>
 <para>
-<emphasis>
-WARNING: since the password for the mysql user is stored in the 
+Since the password for the mysql user is stored in the 
 smb.conf file, you should make the the smb.conf file 
 readable only to the user that runs samba. This is considered a security 
-bug and will be fixed soon.</emphasis>
+bug and will be fixed soon.
 </para>
+</warning>
 
 <para>Names of the columns in this table(I've added column types those columns should have first):</para>
 
-- 
cgit 


From 95e79295fd5ee1604d607028f0ca922afcffcdae Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 21:44:34 +0000
Subject: Few small cosmetic changes (This used to be commit
 a99e4bd2c0299851a1308158a50e24e69cab1158)

---
 docs/docbook/projdoc/CVS-Access.sgml      | 2 +-
 docs/docbook/projdoc/NT_Security.sgml     | 6 ------
 docs/docbook/projdoc/Samba-PDC-HOWTO.sgml | 2 +-
 docs/docbook/projdoc/samba-doc.sgml       | 2 +-
 4 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/docs/docbook/projdoc/CVS-Access.sgml b/docs/docbook/projdoc/CVS-Access.sgml
index 98ef925f20..3c1adfd17a 100644
--- a/docs/docbook/projdoc/CVS-Access.sgml
+++ b/docs/docbook/projdoc/CVS-Access.sgml
@@ -12,7 +12,7 @@
 	<pubdate> (22 May 2001) </pubdate>
 </chapterinfo>
 
-<title>HOWTO Access Samba source code via CVS</title>
+<title>Access Samba source code via CVS</title>
 
 <sect1>
 <title>Introduction</title>
diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml
index 2259dae029..2843331519 100644
--- a/docs/docbook/projdoc/NT_Security.sgml
+++ b/docs/docbook/projdoc/NT_Security.sgml
@@ -31,12 +31,6 @@
 	the security of the UNIX host Samba is running on, and 
 	still obeys all the file permission rules that a Samba 
 	administrator can set.</para>
-
-	<para>In Samba 2.0.4 and above the default value of the 
-	parameter <ulink url="smb.conf.5.html#NTACLSUPPORT"><parameter>
-	nt acl support</parameter></ulink> has been changed from 
-	<constant>false</constant> to <constant>true</constant>, so 
- 	manipulation of permissions is turned on by default.</para>
 </sect1>
 
 <sect1>
diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
index e6d6573924..c0be81d989 100644
--- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
@@ -19,7 +19,7 @@
 </chapterinfo>
 
 <title>
-How to Configure Samba as a NT4 Primary Domain Controller
+Samba as a NT4 or Win2k Primary Domain Controller
 </title>
 
 
diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml
index e80b049fb7..54650f1ed9 100644
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@@ -76,7 +76,6 @@ and how to configure the parts of samba you will most likely need.
 PLEASE read this.</para>
 </partintro>
 &UNIX-INSTALL;
-&BROWSING;
 &BROWSING-Quick;
 &Passdb;
 </part>
@@ -110,6 +109,7 @@ part each cover one specific feature.</para>
 &MS-Dfs-Setup;
 &PRINTER-DRIVER2;
 &WINBIND;
+&BROWSING;
 &VFS;
 &CVS-Access;
 &GROUP-MAPPING-HOWTO;
-- 
cgit 


From 6b8c232c56f3ddd6e2de72ec3e166d82d544020c Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 21:49:00 +0000
Subject: Document -k (This used to be commit
 44a862e55c426292f0226f5eec8719388d2c0de2)

---
 docs/docbook/manpages/smbclient.1.sgml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml
index 7e908e5d70..a08f6999e4 100644
--- a/docs/docbook/manpages/smbclient.1.sgml
+++ b/docs/docbook/manpages/smbclient.1.sgml
@@ -38,6 +38,7 @@
 		<arg choice="opt">-R &lt;name resolve order&gt;</arg>
 		<arg choice="opt">-s &lt;smb config file&gt;</arg>
 		<arg choice="opt">-T&lt;c|x&gt;IXFqgbNan</arg>
+		<arg choice="opt">-k</arg>
 	</cmdsynopsis>
 </refsynopsisdiv>
 
@@ -587,6 +588,14 @@ domain = &lt;value&gt;
 		<para>This is particularly useful in scripts and for printing stdin 
 		to the server, e.g. <command>-c 'print -'</command>. </para></listitem>
 		</varlistentry>
+
+		<varlistentry>
+		<term>-k</term>
+		<listitem><para>
+		Try to authenticate with kerberos. Only useful in 
+		an Active Directory environment.
+		</para></listitem>
+		</varlistentry>
 	</variablelist>
 </refsect1>
 
-- 
cgit 


From 4668623d62b3a7b133e26dd1397b956c4ddac335 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 21:50:31 +0000
Subject: Update to current status (This used to be commit
 424cfccec2acb9a96538b67100915bfb00f84fd4)

---
 docs/docs-status | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/docs/docs-status b/docs/docs-status
index d4a7d976e5..30e9d40796 100644
--- a/docs/docs-status
+++ b/docs/docs-status
@@ -9,12 +9,10 @@ docs/docbook/devdoc/* - most of these docs are outdated and need updates...
 docs/docbook/manpages/net.8.sgml - Still not finished
 docs/docbook/manpages/rpcclient.1.sgml - Command documentation might be outdated
 docs/docbook/manpages/samba.7.sgml - Listing of samba programs is not complete
-docs/docbook/manpages/smbclient.1.sgml - document -k (kerberos authentication)
 docs/docbook/manpages/smbcontrol.1.sgml - Document -s, samsync, samrepl, pool-usage, dmalloc-mark, dmalloc-log-changed, shutdown, change_id
 docs/docbook/manpages/smb.conf.5.sgml - 'restrict anonymous' isn't documented properly
 docs/docbook/projdoc/DOMAIN_MEMBER.sgml - Needs update to 3.0
 docs/docbook/projdoc/ADS-HOWTO.sgml - seems outdated (it says we require 'ads server' when in ads mode, though that's not true, according to the manpages...)
-docs/docbook/projdoc/ENCRYPTION.sgml - contains useless old info about smbpasswd
 docs/docbook/projdoc/Integrating-with-Windows.sgml - Should slowly go a way. Contains a little bit information about wins, a little bit about domain membership, a little about winbind, etc
 docs/docbook/projdoc/NT_Security.sgml - probably outdated
 docs/docbook/projdoc/Diagnosis.sgml - Needs extension
@@ -27,6 +25,7 @@ docs/docbook/projdoc/Speed.sgml - contains outdated and invalid information
 docs/docbook/projdoc/UNIX_INSTALL.sgml - Needs a lot of updating (swat, ADS, PDC, etc)
 docs/docbook/projdoc/printer_driver2.sgml - Needs integration with printing.sgml, still up to date?
 docs/docbook/projdoc/security_level.sgml - information about ads and domain should be added (currently only contains pointers to the ads and domain_member docs)
+docs/docbook/projdoc/upgrading-to-3.0.sgml - not finished yet
 docs/docbook/projdoc/winbind.sgml - needs documentation for ADS
 docs/textdocs/CUPS-PrintingInfo.txt - needs to be converted to sgml - Kurt Pfeifle
 docs/textdocs/PROFILES.txt - needs to be converted to sgml
@@ -49,7 +48,6 @@ docs/docbook/manpages/testprns.1.sgml
 docs/docbook/manpages/wbinfo.1.sgml
 
 Stuff that needs to be documented:
-Merge the various docs about wins and browsing
 Windows NT 4.0 Style Trust Relationship
 One Time Migration script from a Windows NT 4.0 PDC to a Samba PDC
 ldap passwd sync
-- 
cgit 


From ff78c3bf5c3a73cf90f6517d9b2d6b8c12d22d68 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 22:14:04 +0000
Subject: Regenerate (This used to be commit
 1ab5a3b17feb677425bb1071357c3dbabcc46c7e)

---
 docs/Samba-Developers-Guide.pdf           |  3778 +++++-----
 docs/Samba-HOWTO-Collection.pdf           | 10647 ++++++++++++++--------------
 docs/announce                             |     3 +
 docs/faq/samba-faq.html                   |    97 +-
 docs/htmldocs/Samba-Developers-Guide.html |   145 +-
 docs/htmldocs/Samba-HOWTO-Collection.html |  8652 +++++++++++-----------
 docs/htmldocs/ads.html                    |    86 +-
 docs/htmldocs/appendixes.html             |   177 +-
 docs/htmldocs/browsing-quick.html         |    70 +-
 docs/htmldocs/bugreport.html              |    31 +-
 docs/htmldocs/cvs-access.html             |    35 +-
 docs/htmldocs/diagnosis.html              |    67 +-
 docs/htmldocs/domain-security.html        |   227 +-
 docs/htmldocs/findsmb.1.html              |   195 +-
 docs/htmldocs/groupmapping.html           |    11 +-
 docs/htmldocs/groupprofiles.html          |   565 ++
 docs/htmldocs/improved-browsing.html      |    81 +-
 docs/htmldocs/install.html                |    89 +-
 docs/htmldocs/integrate-ms-networks.html  |   105 +-
 docs/htmldocs/introduction.html           |   213 +-
 docs/htmldocs/lmhosts.5.html              |    94 +-
 docs/htmldocs/msdfs.html                  |    15 +-
 docs/htmldocs/net.8.html                  |    45 +-
 docs/htmldocs/nmbd.8.html                 |   370 +-
 docs/htmldocs/nmblookup.1.html            |    95 +-
 docs/htmldocs/optional.html               |   608 +-
 docs/htmldocs/other-clients.html          |    59 +-
 docs/htmldocs/pam.html                    |    19 +-
 docs/htmldocs/passdb.html                 |  1646 +++++
 docs/htmldocs/pdb-mysql.html              |    67 +-
 docs/htmldocs/pdb-xml.html                |    15 +-
 docs/htmldocs/pdbedit.8.html              |   215 +-
 docs/htmldocs/portability.html            |    23 +-
 docs/htmldocs/printing.html               |   107 +-
 docs/htmldocs/pwencrypt.html              |    39 +-
 docs/htmldocs/rpcclient.1.html            |   100 +-
 docs/htmldocs/samba-bdc.html              |    62 +-
 docs/htmldocs/samba-howto-collection.html |   673 +-
 docs/htmldocs/samba-ldap-howto.html       |    55 +-
 docs/htmldocs/samba-pdc.html              |   121 +-
 docs/htmldocs/samba.7.html                |   160 +-
 docs/htmldocs/securitylevels.html         |    11 +-
 docs/htmldocs/smb.conf.5.html             |  3246 +++++----
 docs/htmldocs/smbcacls.1.html             |    77 +-
 docs/htmldocs/smbclient.1.html            |   177 +-
 docs/htmldocs/smbcontrol.1.html           |    96 +-
 docs/htmldocs/smbd.8.html                 |   345 +-
 docs/htmldocs/smbgroupedit.8.html         |   156 +-
 docs/htmldocs/smbmnt.8.html               |    25 +-
 docs/htmldocs/smbmount.8.html             |    84 +-
 docs/htmldocs/smbpasswd.5.html            |    67 +-
 docs/htmldocs/smbpasswd.8.html            |   216 +-
 docs/htmldocs/smbsh.1.html                |   179 +-
 docs/htmldocs/smbspool.8.html             |    61 +-
 docs/htmldocs/smbstatus.1.html            |    79 +-
 docs/htmldocs/smbtar.1.html               |   120 +-
 docs/htmldocs/smbumount.8.html            |    23 +-
 docs/htmldocs/speed.html                  |    57 +-
 docs/htmldocs/swat.8.html                 |   115 +-
 docs/htmldocs/testparm.1.html             |   136 +-
 docs/htmldocs/testprns.1.html             |    87 +-
 docs/htmldocs/type.html                   |   182 +-
 docs/htmldocs/unix-permissions.html       |    63 +-
 docs/htmldocs/vfs.html                    |    59 +-
 docs/htmldocs/vfstest.1.html              |    51 +-
 docs/htmldocs/wbinfo.1.html               |   189 +-
 docs/htmldocs/winbind.html                |   169 +-
 docs/htmldocs/winbindd.8.html             |   230 +-
 docs/manpages/findsmb.1                   |    39 +-
 docs/manpages/lmhosts.5                   |    24 +-
 docs/manpages/net.8                       |    20 +-
 docs/manpages/nmbd.8                      |    70 +-
 docs/manpages/nmblookup.1                 |    25 +-
 docs/manpages/pdbedit.8                   |    75 +-
 docs/manpages/rpcclient.1                 |    50 +-
 docs/manpages/samba.7                     |    56 +-
 docs/manpages/smb.conf.5                  |  1127 ++-
 docs/manpages/smbcacls.1                  |    16 +-
 docs/manpages/smbclient.1                 |    64 +-
 docs/manpages/smbcontrol.1                |    22 +-
 docs/manpages/smbd.8                      |    64 +-
 docs/manpages/smbgroupedit.8              |    23 +-
 docs/manpages/smbmnt.8                    |     9 +-
 docs/manpages/smbmount.8                  |    32 +-
 docs/manpages/smbpasswd.5                 |    22 +-
 docs/manpages/smbpasswd.8                 |    67 +-
 docs/manpages/smbsh.1                     |    52 +-
 docs/manpages/smbspool.8                  |    17 +-
 docs/manpages/smbstatus.1                 |    19 +-
 docs/manpages/smbtar.1                    |    25 +-
 docs/manpages/smbumount.8                 |     9 +-
 docs/manpages/swat.8                      |    30 +-
 docs/manpages/testparm.1                  |    28 +-
 docs/manpages/testprns.1                  |    19 +-
 docs/manpages/vfstest.1                   |     5 +-
 docs/manpages/wbinfo.1                    |    49 +-
 docs/manpages/winbindd.8                  |    63 +-
 97 files changed, 21072 insertions(+), 17211 deletions(-)
 create mode 100644 docs/htmldocs/groupprofiles.html
 create mode 100644 docs/htmldocs/passdb.html

diff --git a/docs/Samba-Developers-Guide.pdf b/docs/Samba-Developers-Guide.pdf
index bb93380217..3b467e0ec1 100644
--- a/docs/Samba-Developers-Guide.pdf
+++ b/docs/Samba-Developers-Guide.pdf
@@ -1,6 +1,6 @@
 %PDF-1.3
 %âãÏÓ
-1 0 obj<</Producer(htmldoc 1.8.22 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)/CreationDate(D:20030115201051+0600)/Title(SAMBA Developers Guide)/Creator(Modular DocBook HTML Stylesheet Version 1.77)>>endobj
+1 0 obj<</Producer(htmldoc 1.8.22 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)/CreationDate(D:20030218221725-0100)/Title(SAMBA Developers Guide)/Creator(Modular DocBook HTML Stylesheet Version 1.77+)>>endobj
 2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj
 3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj
 4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj
@@ -12,48 +12,48 @@
 10 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
 11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
 12 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
-13 0 obj<</Subtype/Link/Rect[72.0 684.0 197.9 697.0]/Border[0 0 0]/Dest[524 0 R/XYZ 0 734 0]>>endobj
-14 0 obj<</Subtype/Link/Rect[108.0 670.8 174.9 683.8]/Border[0 0 0]/Dest[524 0 R/XYZ 0 696 0]>>endobj
-15 0 obj<</Subtype/Link/Rect[72.0 644.4 112.9 657.4]/Border[0 0 0]/Dest[526 0 R/XYZ 0 734 0]>>endobj
-16 0 obj<</Subtype/Link/Rect[72.0 618.0 409.3 631.0]/Border[0 0 0]/Dest[532 0 R/XYZ 0 734 0]>>endobj
-17 0 obj<</Subtype/Link/Rect[108.0 604.8 173.7 617.8]/Border[0 0 0]/Dest[532 0 R/XYZ 0 672 0]>>endobj
-18 0 obj<</Subtype/Link/Rect[108.0 591.6 237.6 604.6]/Border[0 0 0]/Dest[532 0 R/XYZ 0 201 0]>>endobj
-19 0 obj<</Subtype/Link/Rect[108.0 578.4 200.3 591.4]/Border[0 0 0]/Dest[534 0 R/XYZ 0 705 0]>>endobj
-20 0 obj<</Subtype/Link/Rect[72.0 552.0 219.9 565.0]/Border[0 0 0]/Dest[536 0 R/XYZ 0 734 0]>>endobj
-21 0 obj<</Subtype/Link/Rect[108.0 538.8 181.6 551.8]/Border[0 0 0]/Dest[536 0 R/XYZ 0 696 0]>>endobj
-22 0 obj<</Subtype/Link/Rect[108.0 525.6 244.6 538.6]/Border[0 0 0]/Dest[536 0 R/XYZ 0 529 0]>>endobj
-23 0 obj<</Subtype/Link/Rect[108.0 512.4 199.0 525.4]/Border[0 0 0]/Dest[536 0 R/XYZ 0 335 0]>>endobj
-24 0 obj<</Subtype/Link/Rect[108.0 499.2 200.3 512.2]/Border[0 0 0]/Dest[538 0 R/XYZ 0 734 0]>>endobj
-25 0 obj<</Subtype/Link/Rect[108.0 486.0 186.2 499.0]/Border[0 0 0]/Dest[538 0 R/XYZ 0 434 0]>>endobj
-26 0 obj<</Subtype/Link/Rect[72.0 459.6 252.9 472.6]/Border[0 0 0]/Dest[540 0 R/XYZ 0 734 0]>>endobj
-27 0 obj<</Subtype/Link/Rect[108.0 446.4 214.6 459.4]/Border[0 0 0]/Dest[540 0 R/XYZ 0 696 0]>>endobj
-28 0 obj<</Subtype/Link/Rect[108.0 433.2 223.8 446.2]/Border[0 0 0]/Dest[542 0 R/XYZ 0 734 0]>>endobj
-29 0 obj<</Subtype/Link/Rect[108.0 420.0 247.6 433.0]/Border[0 0 0]/Dest[544 0 R/XYZ 0 734 0]>>endobj
-30 0 obj<</Subtype/Link/Rect[108.0 406.8 245.2 419.8]/Border[0 0 0]/Dest[544 0 R/XYZ 0 514 0]>>endobj
-31 0 obj<</Subtype/Link/Rect[108.0 393.6 194.2 406.6]/Border[0 0 0]/Dest[546 0 R/XYZ 0 734 0]>>endobj
-32 0 obj<</Subtype/Link/Rect[126.0 380.4 193.8 393.4]/Border[0 0 0]/Dest[546 0 R/XYZ 0 700 0]>>endobj
-33 0 obj<</Subtype/Link/Rect[126.0 367.2 192.0 380.2]/Border[0 0 0]/Dest[546 0 R/XYZ 0 602 0]>>endobj
-34 0 obj<</Subtype/Link/Rect[126.0 354.0 244.5 367.0]/Border[0 0 0]/Dest[546 0 R/XYZ 0 491 0]>>endobj
-35 0 obj<</Subtype/Link/Rect[72.0 327.6 216.8 340.6]/Border[0 0 0]/Dest[548 0 R/XYZ 0 734 0]>>endobj
-36 0 obj<</Subtype/Link/Rect[72.0 301.2 202.8 314.2]/Border[0 0 0]/Dest[552 0 R/XYZ 0 734 0]>>endobj
-37 0 obj<</Subtype/Link/Rect[108.0 288.0 213.7 301.0]/Border[0 0 0]/Dest[552 0 R/XYZ 0 696 0]>>endobj
-38 0 obj<</Subtype/Link/Rect[108.0 274.8 209.1 287.8]/Border[0 0 0]/Dest[552 0 R/XYZ 0 568 0]>>endobj
-39 0 obj<</Subtype/Link/Rect[108.0 261.6 224.7 274.6]/Border[0 0 0]/Dest[554 0 R/XYZ 0 705 0]>>endobj
-40 0 obj<</Subtype/Link/Rect[126.0 248.4 223.5 261.4]/Border[0 0 0]/Dest[554 0 R/XYZ 0 630 0]>>endobj
-41 0 obj<</Subtype/Link/Rect[126.0 235.2 222.2 248.2]/Border[0 0 0]/Dest[554 0 R/XYZ 0 571 0]>>endobj
-42 0 obj<</Subtype/Link/Rect[126.0 222.0 245.8 235.0]/Border[0 0 0]/Dest[554 0 R/XYZ 0 513 0]>>endobj
-43 0 obj<</Subtype/Link/Rect[126.0 208.8 222.2 221.8]/Border[0 0 0]/Dest[554 0 R/XYZ 0 455 0]>>endobj
-44 0 obj<</Subtype/Link/Rect[126.0 195.6 219.8 208.6]/Border[0 0 0]/Dest[554 0 R/XYZ 0 383 0]>>endobj
-45 0 obj<</Subtype/Link/Rect[126.0 182.4 228.4 195.4]/Border[0 0 0]/Dest[554 0 R/XYZ 0 325 0]>>endobj
-46 0 obj<</Subtype/Link/Rect[126.0 169.2 225.9 182.2]/Border[0 0 0]/Dest[554 0 R/XYZ 0 266 0]>>endobj
-47 0 obj<</Subtype/Link/Rect[126.0 156.0 244.5 169.0]/Border[0 0 0]/Dest[554 0 R/XYZ 0 208 0]>>endobj
-48 0 obj<</Subtype/Link/Rect[126.0 142.8 242.1 155.8]/Border[0 0 0]/Dest[554 0 R/XYZ 0 149 0]>>endobj
-49 0 obj<</Subtype/Link/Rect[126.0 129.6 256.2 142.6]/Border[0 0 0]/Dest[556 0 R/XYZ 0 734 0]>>endobj
-50 0 obj<</Subtype/Link/Rect[126.0 116.4 253.7 129.4]/Border[0 0 0]/Dest[556 0 R/XYZ 0 675 0]>>endobj
-51 0 obj<</Subtype/Link/Rect[126.0 103.2 235.1 116.2]/Border[0 0 0]/Dest[556 0 R/XYZ 0 617 0]>>endobj
-52 0 obj<</Subtype/Link/Rect[126.0 90.0 232.6 103.0]/Border[0 0 0]/Dest[556 0 R/XYZ 0 558 0]>>endobj
-53 0 obj<</Subtype/Link/Rect[126.0 76.8 257.4 89.8]/Border[0 0 0]/Dest[556 0 R/XYZ 0 500 0]>>endobj
-54 0 obj<</Subtype/Link/Rect[126.0 63.6 254.9 76.6]/Border[0 0 0]/Dest[556 0 R/XYZ 0 428 0]>>endobj
+13 0 obj<</Subtype/Link/Rect[72.0 684.0 197.9 697.0]/Border[0 0 0]/Dest[533 0 R/XYZ 0 734 0]>>endobj
+14 0 obj<</Subtype/Link/Rect[108.0 670.8 174.9 683.8]/Border[0 0 0]/Dest[533 0 R/XYZ 0 696 0]>>endobj
+15 0 obj<</Subtype/Link/Rect[72.0 644.4 112.9 657.4]/Border[0 0 0]/Dest[535 0 R/XYZ 0 734 0]>>endobj
+16 0 obj<</Subtype/Link/Rect[72.0 618.0 409.3 631.0]/Border[0 0 0]/Dest[541 0 R/XYZ 0 734 0]>>endobj
+17 0 obj<</Subtype/Link/Rect[108.0 604.8 173.7 617.8]/Border[0 0 0]/Dest[541 0 R/XYZ 0 672 0]>>endobj
+18 0 obj<</Subtype/Link/Rect[108.0 591.6 237.6 604.6]/Border[0 0 0]/Dest[541 0 R/XYZ 0 201 0]>>endobj
+19 0 obj<</Subtype/Link/Rect[108.0 578.4 200.3 591.4]/Border[0 0 0]/Dest[543 0 R/XYZ 0 705 0]>>endobj
+20 0 obj<</Subtype/Link/Rect[72.0 552.0 219.9 565.0]/Border[0 0 0]/Dest[545 0 R/XYZ 0 734 0]>>endobj
+21 0 obj<</Subtype/Link/Rect[108.0 538.8 181.6 551.8]/Border[0 0 0]/Dest[545 0 R/XYZ 0 696 0]>>endobj
+22 0 obj<</Subtype/Link/Rect[108.0 525.6 244.6 538.6]/Border[0 0 0]/Dest[545 0 R/XYZ 0 529 0]>>endobj
+23 0 obj<</Subtype/Link/Rect[108.0 512.4 199.0 525.4]/Border[0 0 0]/Dest[545 0 R/XYZ 0 335 0]>>endobj
+24 0 obj<</Subtype/Link/Rect[108.0 499.2 200.3 512.2]/Border[0 0 0]/Dest[547 0 R/XYZ 0 734 0]>>endobj
+25 0 obj<</Subtype/Link/Rect[108.0 486.0 186.2 499.0]/Border[0 0 0]/Dest[547 0 R/XYZ 0 434 0]>>endobj
+26 0 obj<</Subtype/Link/Rect[72.0 459.6 252.9 472.6]/Border[0 0 0]/Dest[549 0 R/XYZ 0 734 0]>>endobj
+27 0 obj<</Subtype/Link/Rect[108.0 446.4 214.6 459.4]/Border[0 0 0]/Dest[549 0 R/XYZ 0 696 0]>>endobj
+28 0 obj<</Subtype/Link/Rect[108.0 433.2 223.8 446.2]/Border[0 0 0]/Dest[551 0 R/XYZ 0 734 0]>>endobj
+29 0 obj<</Subtype/Link/Rect[108.0 420.0 247.6 433.0]/Border[0 0 0]/Dest[553 0 R/XYZ 0 734 0]>>endobj
+30 0 obj<</Subtype/Link/Rect[108.0 406.8 245.2 419.8]/Border[0 0 0]/Dest[553 0 R/XYZ 0 514 0]>>endobj
+31 0 obj<</Subtype/Link/Rect[108.0 393.6 194.2 406.6]/Border[0 0 0]/Dest[555 0 R/XYZ 0 734 0]>>endobj
+32 0 obj<</Subtype/Link/Rect[126.0 380.4 193.8 393.4]/Border[0 0 0]/Dest[555 0 R/XYZ 0 700 0]>>endobj
+33 0 obj<</Subtype/Link/Rect[126.0 367.2 192.0 380.2]/Border[0 0 0]/Dest[555 0 R/XYZ 0 602 0]>>endobj
+34 0 obj<</Subtype/Link/Rect[126.0 354.0 244.5 367.0]/Border[0 0 0]/Dest[555 0 R/XYZ 0 491 0]>>endobj
+35 0 obj<</Subtype/Link/Rect[72.0 327.6 216.8 340.6]/Border[0 0 0]/Dest[557 0 R/XYZ 0 734 0]>>endobj
+36 0 obj<</Subtype/Link/Rect[72.0 301.2 202.8 314.2]/Border[0 0 0]/Dest[561 0 R/XYZ 0 734 0]>>endobj
+37 0 obj<</Subtype/Link/Rect[108.0 288.0 213.7 301.0]/Border[0 0 0]/Dest[561 0 R/XYZ 0 696 0]>>endobj
+38 0 obj<</Subtype/Link/Rect[108.0 274.8 209.1 287.8]/Border[0 0 0]/Dest[561 0 R/XYZ 0 568 0]>>endobj
+39 0 obj<</Subtype/Link/Rect[108.0 261.6 224.7 274.6]/Border[0 0 0]/Dest[563 0 R/XYZ 0 705 0]>>endobj
+40 0 obj<</Subtype/Link/Rect[126.0 248.4 223.5 261.4]/Border[0 0 0]/Dest[563 0 R/XYZ 0 630 0]>>endobj
+41 0 obj<</Subtype/Link/Rect[126.0 235.2 222.2 248.2]/Border[0 0 0]/Dest[563 0 R/XYZ 0 571 0]>>endobj
+42 0 obj<</Subtype/Link/Rect[126.0 222.0 245.8 235.0]/Border[0 0 0]/Dest[563 0 R/XYZ 0 513 0]>>endobj
+43 0 obj<</Subtype/Link/Rect[126.0 208.8 222.2 221.8]/Border[0 0 0]/Dest[563 0 R/XYZ 0 455 0]>>endobj
+44 0 obj<</Subtype/Link/Rect[126.0 195.6 219.8 208.6]/Border[0 0 0]/Dest[563 0 R/XYZ 0 383 0]>>endobj
+45 0 obj<</Subtype/Link/Rect[126.0 182.4 228.4 195.4]/Border[0 0 0]/Dest[563 0 R/XYZ 0 325 0]>>endobj
+46 0 obj<</Subtype/Link/Rect[126.0 169.2 225.9 182.2]/Border[0 0 0]/Dest[563 0 R/XYZ 0 266 0]>>endobj
+47 0 obj<</Subtype/Link/Rect[126.0 156.0 244.5 169.0]/Border[0 0 0]/Dest[563 0 R/XYZ 0 208 0]>>endobj
+48 0 obj<</Subtype/Link/Rect[126.0 142.8 242.1 155.8]/Border[0 0 0]/Dest[563 0 R/XYZ 0 149 0]>>endobj
+49 0 obj<</Subtype/Link/Rect[126.0 129.6 256.2 142.6]/Border[0 0 0]/Dest[565 0 R/XYZ 0 734 0]>>endobj
+50 0 obj<</Subtype/Link/Rect[126.0 116.4 253.7 129.4]/Border[0 0 0]/Dest[565 0 R/XYZ 0 675 0]>>endobj
+51 0 obj<</Subtype/Link/Rect[126.0 103.2 235.1 116.2]/Border[0 0 0]/Dest[565 0 R/XYZ 0 617 0]>>endobj
+52 0 obj<</Subtype/Link/Rect[126.0 90.0 232.6 103.0]/Border[0 0 0]/Dest[565 0 R/XYZ 0 558 0]>>endobj
+53 0 obj<</Subtype/Link/Rect[126.0 76.8 257.4 89.8]/Border[0 0 0]/Dest[565 0 R/XYZ 0 500 0]>>endobj
+54 0 obj<</Subtype/Link/Rect[126.0 63.6 254.9 76.6]/Border[0 0 0]/Dest[565 0 R/XYZ 0 428 0]>>endobj
 55 0 obj[13 0 R
 14 0 R
 15 0 R
@@ -96,50 +96,50 @@
 52 0 R
 53 0 R
 54 0 R]endobj
-56 0 obj<</Subtype/Link/Rect[72.0 684.0 202.8 697.0]/Border[0 0 0]/Dest[552 0 R/XYZ 0 734 0]>>endobj
-57 0 obj<</Subtype/Link/Rect[108.0 670.8 244.9 683.8]/Border[0 0 0]/Dest[556 0 R/XYZ 0 370 0]>>endobj
-58 0 obj<</Subtype/Link/Rect[126.0 657.6 202.4 670.6]/Border[0 0 0]/Dest[556 0 R/XYZ 0 220 0]>>endobj
-59 0 obj<</Subtype/Link/Rect[126.0 644.4 210.0 657.4]/Border[0 0 0]/Dest[558 0 R/XYZ 0 441 0]>>endobj
-60 0 obj<</Subtype/Link/Rect[108.0 631.2 217.7 644.2]/Border[0 0 0]/Dest[560 0 R/XYZ 0 734 0]>>endobj
-61 0 obj<</Subtype/Link/Rect[72.0 604.8 205.8 617.8]/Border[0 0 0]/Dest[562 0 R/XYZ 0 734 0]>>endobj
-62 0 obj<</Subtype/Link/Rect[108.0 591.6 201.5 604.6]/Border[0 0 0]/Dest[562 0 R/XYZ 0 696 0]>>endobj
-63 0 obj<</Subtype/Link/Rect[126.0 578.4 260.4 591.4]/Border[0 0 0]/Dest[562 0 R/XYZ 0 423 0]>>endobj
-64 0 obj<</Subtype/Link/Rect[126.0 565.2 289.5 578.2]/Border[0 0 0]/Dest[562 0 R/XYZ 0 259 0]>>endobj
-65 0 obj<</Subtype/Link/Rect[126.0 552.0 266.6 565.0]/Border[0 0 0]/Dest[564 0 R/XYZ 0 652 0]>>endobj
-66 0 obj<</Subtype/Link/Rect[108.0 538.8 157.8 551.8]/Border[0 0 0]/Dest[564 0 R/XYZ 0 240 0]>>endobj
-67 0 obj<</Subtype/Link/Rect[126.0 525.6 223.2 538.6]/Border[0 0 0]/Dest[566 0 R/XYZ 0 665 0]>>endobj
-68 0 obj<</Subtype/Link/Rect[72.0 499.2 246.5 512.2]/Border[0 0 0]/Dest[568 0 R/XYZ 0 734 0]>>endobj
-69 0 obj<</Subtype/Link/Rect[108.0 486.0 181.6 499.0]/Border[0 0 0]/Dest[568 0 R/XYZ 0 696 0]>>endobj
-70 0 obj<</Subtype/Link/Rect[108.0 472.8 176.1 485.8]/Border[0 0 0]/Dest[568 0 R/XYZ 0 595 0]>>endobj
-71 0 obj<</Subtype/Link/Rect[108.0 459.6 195.4 472.6]/Border[0 0 0]/Dest[568 0 R/XYZ 0 216 0]>>endobj
-72 0 obj<</Subtype/Link/Rect[108.0 446.4 173.7 459.4]/Border[0 0 0]/Dest[570 0 R/XYZ 0 692 0]>>endobj
-73 0 obj<</Subtype/Link/Rect[108.0 433.2 163.9 446.2]/Border[0 0 0]/Dest[570 0 R/XYZ 0 458 0]>>endobj
-74 0 obj<</Subtype/Link/Rect[108.0 420.0 183.8 433.0]/Border[0 0 0]/Dest[572 0 R/XYZ 0 734 0]>>endobj
-75 0 obj<</Subtype/Link/Rect[108.0 406.8 194.8 419.8]/Border[0 0 0]/Dest[572 0 R/XYZ 0 566 0]>>endobj
-76 0 obj<</Subtype/Link/Rect[108.0 393.6 186.2 406.6]/Border[0 0 0]/Dest[572 0 R/XYZ 0 438 0]>>endobj
-77 0 obj<</Subtype/Link/Rect[108.0 380.4 219.2 393.4]/Border[0 0 0]/Dest[572 0 R/XYZ 0 178 0]>>endobj
-78 0 obj<</Subtype/Link/Rect[72.0 354.0 253.5 367.0]/Border[0 0 0]/Dest[576 0 R/XYZ 0 734 0]>>endobj
-79 0 obj<</Subtype/Link/Rect[72.0 327.6 212.9 340.6]/Border[0 0 0]/Dest[580 0 R/XYZ 0 734 0]>>endobj
-80 0 obj<</Subtype/Link/Rect[108.0 314.4 181.6 327.4]/Border[0 0 0]/Dest[580 0 R/XYZ 0 696 0]>>endobj
-81 0 obj<</Subtype/Link/Rect[126.0 301.2 188.3 314.2]/Border[0 0 0]/Dest[582 0 R/XYZ 0 626 0]>>endobj
-82 0 obj<</Subtype/Link/Rect[126.0 288.0 185.3 301.0]/Border[0 0 0]/Dest[582 0 R/XYZ 0 516 0]>>endobj
-83 0 obj<</Subtype/Link/Rect[108.0 274.8 218.9 287.8]/Border[0 0 0]/Dest[582 0 R/XYZ 0 394 0]>>endobj
-84 0 obj<</Subtype/Link/Rect[126.0 261.6 179.2 274.6]/Border[0 0 0]/Dest[582 0 R/XYZ 0 360 0]>>endobj
-85 0 obj<</Subtype/Link/Rect[126.0 248.4 214.6 261.4]/Border[0 0 0]/Dest[584 0 R/XYZ 0 718 0]>>endobj
-86 0 obj<</Subtype/Link/Rect[126.0 235.2 198.1 248.2]/Border[0 0 0]/Dest[584 0 R/XYZ 0 235 0]>>endobj
-87 0 obj<</Subtype/Link/Rect[108.0 222.0 283.7 235.0]/Border[0 0 0]/Dest[604 0 R/XYZ 0 428 0]>>endobj
-88 0 obj<</Subtype/Link/Rect[126.0 208.8 216.8 221.8]/Border[0 0 0]/Dest[604 0 R/XYZ 0 366 0]>>endobj
-89 0 obj<</Subtype/Link/Rect[126.0 195.6 185.3 208.6]/Border[0 0 0]/Dest[606 0 R/XYZ 0 567 0]>>endobj
-90 0 obj<</Subtype/Link/Rect[126.0 182.4 171.2 195.4]/Border[0 0 0]/Dest[614 0 R/XYZ 0 531 0]>>endobj
-91 0 obj<</Subtype/Link/Rect[126.0 169.2 249.5 182.2]/Border[0 0 0]/Dest[614 0 R/XYZ 0 407 0]>>endobj
-92 0 obj<</Subtype/Link/Rect[126.0 156.0 286.4 169.0]/Border[0 0 0]/Dest[616 0 R/XYZ 0 548 0]>>endobj
-93 0 obj<</Subtype/Link/Rect[126.0 142.8 231.7 155.8]/Border[0 0 0]/Dest[616 0 R/XYZ 0 140 0]>>endobj
-94 0 obj<</Subtype/Link/Rect[126.0 129.6 256.5 142.6]/Border[0 0 0]/Dest[618 0 R/XYZ 0 492 0]>>endobj
-95 0 obj<</Subtype/Link/Rect[126.0 116.4 303.5 129.4]/Border[0 0 0]/Dest[618 0 R/XYZ 0 145 0]>>endobj
-96 0 obj<</Subtype/Link/Rect[126.0 103.2 231.1 116.2]/Border[0 0 0]/Dest[620 0 R/XYZ 0 586 0]>>endobj
-97 0 obj<</Subtype/Link/Rect[126.0 90.0 207.6 103.0]/Border[0 0 0]/Dest[620 0 R/XYZ 0 301 0]>>endobj
-98 0 obj<</Subtype/Link/Rect[126.0 76.8 243.3 89.8]/Border[0 0 0]/Dest[622 0 R/XYZ 0 734 0]>>endobj
-99 0 obj<</Subtype/Link/Rect[126.0 63.6 250.0 76.6]/Border[0 0 0]/Dest[622 0 R/XYZ 0 249 0]>>endobj
+56 0 obj<</Subtype/Link/Rect[72.0 684.0 202.8 697.0]/Border[0 0 0]/Dest[561 0 R/XYZ 0 734 0]>>endobj
+57 0 obj<</Subtype/Link/Rect[108.0 670.8 244.9 683.8]/Border[0 0 0]/Dest[565 0 R/XYZ 0 370 0]>>endobj
+58 0 obj<</Subtype/Link/Rect[126.0 657.6 202.4 670.6]/Border[0 0 0]/Dest[565 0 R/XYZ 0 220 0]>>endobj
+59 0 obj<</Subtype/Link/Rect[126.0 644.4 210.0 657.4]/Border[0 0 0]/Dest[567 0 R/XYZ 0 441 0]>>endobj
+60 0 obj<</Subtype/Link/Rect[108.0 631.2 217.7 644.2]/Border[0 0 0]/Dest[569 0 R/XYZ 0 734 0]>>endobj
+61 0 obj<</Subtype/Link/Rect[72.0 604.8 205.8 617.8]/Border[0 0 0]/Dest[571 0 R/XYZ 0 734 0]>>endobj
+62 0 obj<</Subtype/Link/Rect[108.0 591.6 201.5 604.6]/Border[0 0 0]/Dest[571 0 R/XYZ 0 696 0]>>endobj
+63 0 obj<</Subtype/Link/Rect[126.0 578.4 260.4 591.4]/Border[0 0 0]/Dest[571 0 R/XYZ 0 423 0]>>endobj
+64 0 obj<</Subtype/Link/Rect[126.0 565.2 289.5 578.2]/Border[0 0 0]/Dest[571 0 R/XYZ 0 259 0]>>endobj
+65 0 obj<</Subtype/Link/Rect[126.0 552.0 266.6 565.0]/Border[0 0 0]/Dest[573 0 R/XYZ 0 652 0]>>endobj
+66 0 obj<</Subtype/Link/Rect[108.0 538.8 157.8 551.8]/Border[0 0 0]/Dest[573 0 R/XYZ 0 240 0]>>endobj
+67 0 obj<</Subtype/Link/Rect[126.0 525.6 223.2 538.6]/Border[0 0 0]/Dest[575 0 R/XYZ 0 665 0]>>endobj
+68 0 obj<</Subtype/Link/Rect[72.0 499.2 246.5 512.2]/Border[0 0 0]/Dest[577 0 R/XYZ 0 734 0]>>endobj
+69 0 obj<</Subtype/Link/Rect[108.0 486.0 181.6 499.0]/Border[0 0 0]/Dest[577 0 R/XYZ 0 696 0]>>endobj
+70 0 obj<</Subtype/Link/Rect[108.0 472.8 176.1 485.8]/Border[0 0 0]/Dest[577 0 R/XYZ 0 595 0]>>endobj
+71 0 obj<</Subtype/Link/Rect[108.0 459.6 195.4 472.6]/Border[0 0 0]/Dest[577 0 R/XYZ 0 216 0]>>endobj
+72 0 obj<</Subtype/Link/Rect[108.0 446.4 173.7 459.4]/Border[0 0 0]/Dest[579 0 R/XYZ 0 692 0]>>endobj
+73 0 obj<</Subtype/Link/Rect[108.0 433.2 163.9 446.2]/Border[0 0 0]/Dest[579 0 R/XYZ 0 458 0]>>endobj
+74 0 obj<</Subtype/Link/Rect[108.0 420.0 183.8 433.0]/Border[0 0 0]/Dest[581 0 R/XYZ 0 734 0]>>endobj
+75 0 obj<</Subtype/Link/Rect[108.0 406.8 194.8 419.8]/Border[0 0 0]/Dest[581 0 R/XYZ 0 566 0]>>endobj
+76 0 obj<</Subtype/Link/Rect[108.0 393.6 186.2 406.6]/Border[0 0 0]/Dest[581 0 R/XYZ 0 438 0]>>endobj
+77 0 obj<</Subtype/Link/Rect[108.0 380.4 219.2 393.4]/Border[0 0 0]/Dest[581 0 R/XYZ 0 178 0]>>endobj
+78 0 obj<</Subtype/Link/Rect[72.0 354.0 253.5 367.0]/Border[0 0 0]/Dest[585 0 R/XYZ 0 734 0]>>endobj
+79 0 obj<</Subtype/Link/Rect[72.0 327.6 212.9 340.6]/Border[0 0 0]/Dest[589 0 R/XYZ 0 734 0]>>endobj
+80 0 obj<</Subtype/Link/Rect[108.0 314.4 181.6 327.4]/Border[0 0 0]/Dest[589 0 R/XYZ 0 696 0]>>endobj
+81 0 obj<</Subtype/Link/Rect[126.0 301.2 188.3 314.2]/Border[0 0 0]/Dest[591 0 R/XYZ 0 626 0]>>endobj
+82 0 obj<</Subtype/Link/Rect[126.0 288.0 185.3 301.0]/Border[0 0 0]/Dest[591 0 R/XYZ 0 516 0]>>endobj
+83 0 obj<</Subtype/Link/Rect[108.0 274.8 218.9 287.8]/Border[0 0 0]/Dest[591 0 R/XYZ 0 394 0]>>endobj
+84 0 obj<</Subtype/Link/Rect[126.0 261.6 179.2 274.6]/Border[0 0 0]/Dest[591 0 R/XYZ 0 360 0]>>endobj
+85 0 obj<</Subtype/Link/Rect[126.0 248.4 214.6 261.4]/Border[0 0 0]/Dest[593 0 R/XYZ 0 718 0]>>endobj
+86 0 obj<</Subtype/Link/Rect[126.0 235.2 198.1 248.2]/Border[0 0 0]/Dest[593 0 R/XYZ 0 235 0]>>endobj
+87 0 obj<</Subtype/Link/Rect[108.0 222.0 283.7 235.0]/Border[0 0 0]/Dest[613 0 R/XYZ 0 428 0]>>endobj
+88 0 obj<</Subtype/Link/Rect[126.0 208.8 216.8 221.8]/Border[0 0 0]/Dest[613 0 R/XYZ 0 366 0]>>endobj
+89 0 obj<</Subtype/Link/Rect[126.0 195.6 185.3 208.6]/Border[0 0 0]/Dest[615 0 R/XYZ 0 567 0]>>endobj
+90 0 obj<</Subtype/Link/Rect[126.0 182.4 171.2 195.4]/Border[0 0 0]/Dest[623 0 R/XYZ 0 531 0]>>endobj
+91 0 obj<</Subtype/Link/Rect[126.0 169.2 249.5 182.2]/Border[0 0 0]/Dest[623 0 R/XYZ 0 407 0]>>endobj
+92 0 obj<</Subtype/Link/Rect[126.0 156.0 286.4 169.0]/Border[0 0 0]/Dest[625 0 R/XYZ 0 548 0]>>endobj
+93 0 obj<</Subtype/Link/Rect[126.0 142.8 231.7 155.8]/Border[0 0 0]/Dest[625 0 R/XYZ 0 140 0]>>endobj
+94 0 obj<</Subtype/Link/Rect[126.0 129.6 256.5 142.6]/Border[0 0 0]/Dest[627 0 R/XYZ 0 492 0]>>endobj
+95 0 obj<</Subtype/Link/Rect[126.0 116.4 303.5 129.4]/Border[0 0 0]/Dest[627 0 R/XYZ 0 145 0]>>endobj
+96 0 obj<</Subtype/Link/Rect[126.0 103.2 231.1 116.2]/Border[0 0 0]/Dest[629 0 R/XYZ 0 586 0]>>endobj
+97 0 obj<</Subtype/Link/Rect[126.0 90.0 207.6 103.0]/Border[0 0 0]/Dest[629 0 R/XYZ 0 301 0]>>endobj
+98 0 obj<</Subtype/Link/Rect[126.0 76.8 243.3 89.8]/Border[0 0 0]/Dest[631 0 R/XYZ 0 734 0]>>endobj
+99 0 obj<</Subtype/Link/Rect[126.0 63.6 250.0 76.6]/Border[0 0 0]/Dest[631 0 R/XYZ 0 249 0]>>endobj
 100 0 obj[56 0 R
 57 0 R
 58 0 R
@@ -184,50 +184,50 @@
 97 0 R
 98 0 R
 99 0 R]endobj
-101 0 obj<</Subtype/Link/Rect[72.0 684.0 212.9 697.0]/Border[0 0 0]/Dest[580 0 R/XYZ 0 734 0]>>endobj
-102 0 obj<</Subtype/Link/Rect[108.0 670.8 301.4 683.8]/Border[0 0 0]/Dest[624 0 R/XYZ 0 413 0]>>endobj
-103 0 obj<</Subtype/Link/Rect[126.0 657.6 259.8 670.6]/Border[0 0 0]/Dest[626 0 R/XYZ 0 665 0]>>endobj
-104 0 obj<</Subtype/Link/Rect[126.0 644.4 241.5 657.4]/Border[0 0 0]/Dest[626 0 R/XYZ 0 273 0]>>endobj
-105 0 obj<</Subtype/Link/Rect[126.0 631.2 267.5 644.2]/Border[0 0 0]/Dest[628 0 R/XYZ 0 531 0]>>endobj
-106 0 obj<</Subtype/Link/Rect[126.0 618.0 232.3 631.0]/Border[0 0 0]/Dest[628 0 R/XYZ 0 165 0]>>endobj
-107 0 obj<</Subtype/Link/Rect[126.0 604.8 234.2 617.8]/Border[0 0 0]/Dest[630 0 R/XYZ 0 353 0]>>endobj
-108 0 obj<</Subtype/Link/Rect[108.0 591.6 269.6 604.6]/Border[0 0 0]/Dest[632 0 R/XYZ 0 734 0]>>endobj
-109 0 obj<</Subtype/Link/Rect[126.0 578.4 220.7 591.4]/Border[0 0 0]/Dest[632 0 R/XYZ 0 658 0]>>endobj
-110 0 obj<</Subtype/Link/Rect[126.0 565.2 208.8 578.2]/Border[0 0 0]/Dest[634 0 R/XYZ 0 734 0]>>endobj
-111 0 obj<</Subtype/Link/Rect[108.0 552.0 267.5 565.0]/Border[0 0 0]/Dest[636 0 R/XYZ 0 705 0]>>endobj
-112 0 obj<</Subtype/Link/Rect[126.0 538.8 226.2 551.8]/Border[0 0 0]/Dest[636 0 R/XYZ 0 577 0]>>endobj
-113 0 obj<</Subtype/Link/Rect[126.0 525.6 240.6 538.6]/Border[0 0 0]/Dest[638 0 R/XYZ 0 734 0]>>endobj
-114 0 obj<</Subtype/Link/Rect[108.0 512.4 346.9 525.4]/Border[0 0 0]/Dest[638 0 R/XYZ 0 433 0]>>endobj
-115 0 obj<</Subtype/Link/Rect[126.0 499.2 203.0 512.2]/Border[0 0 0]/Dest[638 0 R/XYZ 0 400 0]>>endobj
-116 0 obj<</Subtype/Link/Rect[126.0 486.0 190.8 499.0]/Border[0 0 0]/Dest[640 0 R/XYZ 0 734 0]>>endobj
-117 0 obj<</Subtype/Link/Rect[126.0 472.8 201.2 485.8]/Border[0 0 0]/Dest[640 0 R/XYZ 0 385 0]>>endobj
-118 0 obj<</Subtype/Link/Rect[108.0 459.6 193.9 472.6]/Border[0 0 0]/Dest[640 0 R/XYZ 0 128 0]>>endobj
-119 0 obj<</Subtype/Link/Rect[126.0 446.4 235.8 459.4]/Border[0 0 0]/Dest[642 0 R/XYZ 0 633 0]>>endobj
-120 0 obj<</Subtype/Link/Rect[126.0 433.2 238.8 446.2]/Border[0 0 0]/Dest[644 0 R/XYZ 0 665 0]>>endobj
-121 0 obj<</Subtype/Link/Rect[72.0 406.8 250.1 419.8]/Border[0 0 0]/Dest[648 0 R/XYZ 0 734 0]>>endobj
-122 0 obj<</Subtype/Link/Rect[108.0 393.6 170.0 406.6]/Border[0 0 0]/Dest[648 0 R/XYZ 0 696 0]>>endobj
-123 0 obj<</Subtype/Link/Rect[108.0 380.4 307.2 393.4]/Border[0 0 0]/Dest[648 0 R/XYZ 0 621 0]>>endobj
-124 0 obj<</Subtype/Link/Rect[108.0 367.2 216.6 380.2]/Border[0 0 0]/Dest[648 0 R/XYZ 0 361 0]>>endobj
-125 0 obj<</Subtype/Link/Rect[108.0 354.0 358.2 367.0]/Border[0 0 0]/Dest[652 0 R/XYZ 0 692 0]>>endobj
-126 0 obj<</Subtype/Link/Rect[108.0 340.8 309.3 353.8]/Border[0 0 0]/Dest[652 0 R/XYZ 0 630 0]>>endobj
-127 0 obj<</Subtype/Link/Rect[72.0 314.4 240.4 327.4]/Border[0 0 0]/Dest[658 0 R/XYZ 0 734 0]>>endobj
-128 0 obj<</Subtype/Link/Rect[108.0 301.2 200.3 314.2]/Border[0 0 0]/Dest[658 0 R/XYZ 0 696 0]>>endobj
-129 0 obj<</Subtype/Link/Rect[72.0 274.8 263.3 287.8]/Border[0 0 0]/Dest[660 0 R/XYZ 0 734 0]>>endobj
-130 0 obj<</Subtype/Link/Rect[108.0 261.6 248.5 274.6]/Border[0 0 0]/Dest[660 0 R/XYZ 0 696 0]>>endobj
-131 0 obj<</Subtype/Link/Rect[108.0 248.4 236.0 261.4]/Border[0 0 0]/Dest[662 0 R/XYZ 0 639 0]>>endobj
-132 0 obj<</Subtype/Link/Rect[108.0 235.2 291.6 248.2]/Border[0 0 0]/Dest[662 0 R/XYZ 0 498 0]>>endobj
-133 0 obj<</Subtype/Link/Rect[108.0 222.0 162.7 235.0]/Border[0 0 0]/Dest[662 0 R/XYZ 0 198 0]>>endobj
-134 0 obj<</Subtype/Link/Rect[126.0 208.8 210.9 221.8]/Border[0 0 0]/Dest[662 0 R/XYZ 0 165 0]>>endobj
-135 0 obj<</Subtype/Link/Rect[126.0 195.6 224.7 208.6]/Border[0 0 0]/Dest[664 0 R/XYZ 0 734 0]>>endobj
-136 0 obj<</Subtype/Link/Rect[126.0 182.4 224.1 195.4]/Border[0 0 0]/Dest[664 0 R/XYZ 0 596 0]>>endobj
-137 0 obj<</Subtype/Link/Rect[108.0 169.2 197.8 182.2]/Border[0 0 0]/Dest[664 0 R/XYZ 0 485 0]>>endobj
-138 0 obj<</Subtype/Link/Rect[126.0 156.0 287.3 169.0]/Border[0 0 0]/Dest[664 0 R/XYZ 0 451 0]>>endobj
-139 0 obj<</Subtype/Link/Rect[126.0 142.8 196.9 155.8]/Border[0 0 0]/Dest[664 0 R/XYZ 0 366 0]>>endobj
-140 0 obj<</Subtype/Link/Rect[108.0 129.6 230.8 142.6]/Border[0 0 0]/Dest[664 0 R/XYZ 0 229 0]>>endobj
-141 0 obj<</Subtype/Link/Rect[108.0 116.4 165.8 129.4]/Border[0 0 0]/Dest[666 0 R/XYZ 0 489 0]>>endobj
-142 0 obj<</Subtype/Link/Rect[72.0 90.0 313.7 103.0]/Border[0 0 0]/Dest[668 0 R/XYZ 0 734 0]>>endobj
-143 0 obj<</Subtype/Link/Rect[108.0 76.8 187.1 89.8]/Border[0 0 0]/Dest[668 0 R/XYZ 0 696 0]>>endobj
-144 0 obj<</Subtype/Link/Rect[108.0 63.6 216.2 76.6]/Border[0 0 0]/Dest[668 0 R/XYZ 0 568 0]>>endobj
+101 0 obj<</Subtype/Link/Rect[72.0 684.0 212.9 697.0]/Border[0 0 0]/Dest[589 0 R/XYZ 0 734 0]>>endobj
+102 0 obj<</Subtype/Link/Rect[108.0 670.8 301.4 683.8]/Border[0 0 0]/Dest[633 0 R/XYZ 0 413 0]>>endobj
+103 0 obj<</Subtype/Link/Rect[126.0 657.6 259.8 670.6]/Border[0 0 0]/Dest[635 0 R/XYZ 0 665 0]>>endobj
+104 0 obj<</Subtype/Link/Rect[126.0 644.4 241.5 657.4]/Border[0 0 0]/Dest[635 0 R/XYZ 0 273 0]>>endobj
+105 0 obj<</Subtype/Link/Rect[126.0 631.2 267.5 644.2]/Border[0 0 0]/Dest[637 0 R/XYZ 0 531 0]>>endobj
+106 0 obj<</Subtype/Link/Rect[126.0 618.0 232.3 631.0]/Border[0 0 0]/Dest[637 0 R/XYZ 0 165 0]>>endobj
+107 0 obj<</Subtype/Link/Rect[126.0 604.8 234.2 617.8]/Border[0 0 0]/Dest[639 0 R/XYZ 0 353 0]>>endobj
+108 0 obj<</Subtype/Link/Rect[108.0 591.6 269.6 604.6]/Border[0 0 0]/Dest[641 0 R/XYZ 0 734 0]>>endobj
+109 0 obj<</Subtype/Link/Rect[126.0 578.4 220.7 591.4]/Border[0 0 0]/Dest[641 0 R/XYZ 0 658 0]>>endobj
+110 0 obj<</Subtype/Link/Rect[126.0 565.2 208.8 578.2]/Border[0 0 0]/Dest[643 0 R/XYZ 0 734 0]>>endobj
+111 0 obj<</Subtype/Link/Rect[108.0 552.0 267.5 565.0]/Border[0 0 0]/Dest[645 0 R/XYZ 0 705 0]>>endobj
+112 0 obj<</Subtype/Link/Rect[126.0 538.8 226.2 551.8]/Border[0 0 0]/Dest[645 0 R/XYZ 0 577 0]>>endobj
+113 0 obj<</Subtype/Link/Rect[126.0 525.6 240.6 538.6]/Border[0 0 0]/Dest[647 0 R/XYZ 0 734 0]>>endobj
+114 0 obj<</Subtype/Link/Rect[108.0 512.4 346.9 525.4]/Border[0 0 0]/Dest[647 0 R/XYZ 0 433 0]>>endobj
+115 0 obj<</Subtype/Link/Rect[126.0 499.2 203.0 512.2]/Border[0 0 0]/Dest[647 0 R/XYZ 0 400 0]>>endobj
+116 0 obj<</Subtype/Link/Rect[126.0 486.0 190.8 499.0]/Border[0 0 0]/Dest[649 0 R/XYZ 0 734 0]>>endobj
+117 0 obj<</Subtype/Link/Rect[126.0 472.8 201.2 485.8]/Border[0 0 0]/Dest[649 0 R/XYZ 0 385 0]>>endobj
+118 0 obj<</Subtype/Link/Rect[108.0 459.6 193.9 472.6]/Border[0 0 0]/Dest[649 0 R/XYZ 0 128 0]>>endobj
+119 0 obj<</Subtype/Link/Rect[126.0 446.4 235.8 459.4]/Border[0 0 0]/Dest[651 0 R/XYZ 0 633 0]>>endobj
+120 0 obj<</Subtype/Link/Rect[126.0 433.2 238.8 446.2]/Border[0 0 0]/Dest[653 0 R/XYZ 0 665 0]>>endobj
+121 0 obj<</Subtype/Link/Rect[72.0 406.8 250.1 419.8]/Border[0 0 0]/Dest[657 0 R/XYZ 0 734 0]>>endobj
+122 0 obj<</Subtype/Link/Rect[108.0 393.6 170.0 406.6]/Border[0 0 0]/Dest[657 0 R/XYZ 0 696 0]>>endobj
+123 0 obj<</Subtype/Link/Rect[108.0 380.4 307.2 393.4]/Border[0 0 0]/Dest[657 0 R/XYZ 0 621 0]>>endobj
+124 0 obj<</Subtype/Link/Rect[108.0 367.2 216.6 380.2]/Border[0 0 0]/Dest[657 0 R/XYZ 0 361 0]>>endobj
+125 0 obj<</Subtype/Link/Rect[108.0 354.0 365.6 367.0]/Border[0 0 0]/Dest[661 0 R/XYZ 0 692 0]>>endobj
+126 0 obj<</Subtype/Link/Rect[108.0 340.8 309.3 353.8]/Border[0 0 0]/Dest[661 0 R/XYZ 0 630 0]>>endobj
+127 0 obj<</Subtype/Link/Rect[72.0 314.4 240.4 327.4]/Border[0 0 0]/Dest[667 0 R/XYZ 0 734 0]>>endobj
+128 0 obj<</Subtype/Link/Rect[108.0 301.2 200.3 314.2]/Border[0 0 0]/Dest[667 0 R/XYZ 0 696 0]>>endobj
+129 0 obj<</Subtype/Link/Rect[72.0 274.8 263.3 287.8]/Border[0 0 0]/Dest[669 0 R/XYZ 0 734 0]>>endobj
+130 0 obj<</Subtype/Link/Rect[108.0 261.6 248.5 274.6]/Border[0 0 0]/Dest[669 0 R/XYZ 0 696 0]>>endobj
+131 0 obj<</Subtype/Link/Rect[108.0 248.4 236.0 261.4]/Border[0 0 0]/Dest[671 0 R/XYZ 0 639 0]>>endobj
+132 0 obj<</Subtype/Link/Rect[108.0 235.2 291.6 248.2]/Border[0 0 0]/Dest[671 0 R/XYZ 0 498 0]>>endobj
+133 0 obj<</Subtype/Link/Rect[108.0 222.0 162.7 235.0]/Border[0 0 0]/Dest[671 0 R/XYZ 0 198 0]>>endobj
+134 0 obj<</Subtype/Link/Rect[126.0 208.8 210.9 221.8]/Border[0 0 0]/Dest[671 0 R/XYZ 0 165 0]>>endobj
+135 0 obj<</Subtype/Link/Rect[126.0 195.6 224.7 208.6]/Border[0 0 0]/Dest[673 0 R/XYZ 0 734 0]>>endobj
+136 0 obj<</Subtype/Link/Rect[126.0 182.4 224.1 195.4]/Border[0 0 0]/Dest[673 0 R/XYZ 0 596 0]>>endobj
+137 0 obj<</Subtype/Link/Rect[108.0 169.2 197.8 182.2]/Border[0 0 0]/Dest[673 0 R/XYZ 0 485 0]>>endobj
+138 0 obj<</Subtype/Link/Rect[126.0 156.0 287.3 169.0]/Border[0 0 0]/Dest[673 0 R/XYZ 0 451 0]>>endobj
+139 0 obj<</Subtype/Link/Rect[126.0 142.8 196.9 155.8]/Border[0 0 0]/Dest[673 0 R/XYZ 0 366 0]>>endobj
+140 0 obj<</Subtype/Link/Rect[108.0 129.6 230.8 142.6]/Border[0 0 0]/Dest[673 0 R/XYZ 0 229 0]>>endobj
+141 0 obj<</Subtype/Link/Rect[108.0 116.4 165.8 129.4]/Border[0 0 0]/Dest[675 0 R/XYZ 0 489 0]>>endobj
+142 0 obj<</Subtype/Link/Rect[72.0 90.0 313.7 103.0]/Border[0 0 0]/Dest[677 0 R/XYZ 0 734 0]>>endobj
+143 0 obj<</Subtype/Link/Rect[108.0 76.8 187.1 89.8]/Border[0 0 0]/Dest[677 0 R/XYZ 0 696 0]>>endobj
+144 0 obj<</Subtype/Link/Rect[108.0 63.6 216.2 76.6]/Border[0 0 0]/Dest[677 0 R/XYZ 0 568 0]>>endobj
 145 0 obj[101 0 R
 102 0 R
 103 0 R
@@ -272,57 +272,60 @@
 142 0 R
 143 0 R
 144 0 R]endobj
-146 0 obj<</Subtype/Link/Rect[72.0 684.0 313.7 697.0]/Border[0 0 0]/Dest[668 0 R/XYZ 0 734 0]>>endobj
-147 0 obj<</Subtype/Link/Rect[108.0 670.8 220.7 683.8]/Border[0 0 0]/Dest[670 0 R/XYZ 0 718 0]>>endobj
-148 0 obj[146 0 R
-147 0 R]endobj
-149 0 obj<</S/URI/URI(http://devel.samba.org/)>>endobj
-150 0 obj<</Subtype/Link/Rect[139.5 617.8 243.7 630.8]/Border[0 0 0]/A 149 0 R>>endobj
-151 0 obj<</S/URI/URI(mailto:jelmer@samba.org)>>endobj
-152 0 obj<</Subtype/Link/Rect[347.9 617.8 434.4 630.8]/Border[0 0 0]/A 151 0 R>>endobj
-153 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
-154 0 obj<</Subtype/Link/Rect[72.0 565.0 223.3 578.0]/Border[0 0 0]/A 153 0 R>>endobj
-155 0 obj<</Subtype/Link/Rect[80.2 525.4 351.6 538.4]/Border[0 0 0]/Dest[532 0 R/XYZ 0 734 0]>>endobj
-156 0 obj<</Subtype/Link/Rect[124.5 512.2 171.2 525.2]/Border[0 0 0]/Dest[532 0 R/XYZ 0 672 0]>>endobj
-157 0 obj<</Subtype/Link/Rect[124.5 499.0 230.8 512.0]/Border[0 0 0]/Dest[532 0 R/XYZ 0 201 0]>>endobj
-158 0 obj<</Subtype/Link/Rect[124.5 485.8 196.0 498.8]/Border[0 0 0]/Dest[534 0 R/XYZ 0 705 0]>>endobj
-159 0 obj<</Subtype/Link/Rect[80.2 472.6 170.7 485.6]/Border[0 0 0]/Dest[536 0 R/XYZ 0 734 0]>>endobj
-160 0 obj<</Subtype/Link/Rect[124.5 459.4 182.2 472.4]/Border[0 0 0]/Dest[536 0 R/XYZ 0 696 0]>>endobj
-161 0 obj<</Subtype/Link/Rect[124.5 446.2 245.8 459.2]/Border[0 0 0]/Dest[536 0 R/XYZ 0 529 0]>>endobj
-162 0 obj<</Subtype/Link/Rect[124.5 433.0 199.1 446.0]/Border[0 0 0]/Dest[536 0 R/XYZ 0 335 0]>>endobj
-163 0 obj<</Subtype/Link/Rect[124.5 419.8 200.3 432.8]/Border[0 0 0]/Dest[538 0 R/XYZ 0 734 0]>>endobj
-164 0 obj<</Subtype/Link/Rect[124.5 406.6 185.6 419.6]/Border[0 0 0]/Dest[538 0 R/XYZ 0 434 0]>>endobj
-165 0 obj<</Subtype/Link/Rect[80.2 393.4 203.1 406.4]/Border[0 0 0]/Dest[540 0 R/XYZ 0 734 0]>>endobj
-166 0 obj<</Subtype/Link/Rect[124.5 380.2 212.2 393.2]/Border[0 0 0]/Dest[540 0 R/XYZ 0 696 0]>>endobj
-167 0 obj<</Subtype/Link/Rect[124.5 367.0 223.2 380.0]/Border[0 0 0]/Dest[542 0 R/XYZ 0 734 0]>>endobj
-168 0 obj<</Subtype/Link/Rect[124.5 353.8 245.8 366.8]/Border[0 0 0]/Dest[544 0 R/XYZ 0 734 0]>>endobj
-169 0 obj<</Subtype/Link/Rect[124.5 340.6 242.1 353.6]/Border[0 0 0]/Dest[544 0 R/XYZ 0 514 0]>>endobj
-170 0 obj<</Subtype/Link/Rect[124.5 327.4 193.6 340.4]/Border[0 0 0]/Dest[546 0 R/XYZ 0 734 0]>>endobj
-171 0 obj<</Subtype/Link/Rect[168.8 314.2 211.2 327.2]/Border[0 0 0]/Dest[546 0 R/XYZ 0 700 0]>>endobj
-172 0 obj<</Subtype/Link/Rect[168.8 301.0 210.6 314.0]/Border[0 0 0]/Dest[546 0 R/XYZ 0 602 0]>>endobj
-173 0 obj<</Subtype/Link/Rect[168.8 287.8 261.9 300.8]/Border[0 0 0]/Dest[546 0 R/XYZ 0 491 0]>>endobj
-174 0 obj<</Subtype/Link/Rect[80.2 274.6 170.7 287.6]/Border[0 0 0]/Dest[548 0 R/XYZ 0 734 0]>>endobj
-175 0 obj<</Subtype/Link/Rect[80.2 261.4 155.4 274.4]/Border[0 0 0]/Dest[552 0 R/XYZ 0 734 0]>>endobj
-176 0 obj<</Subtype/Link/Rect[124.5 248.2 216.8 261.2]/Border[0 0 0]/Dest[552 0 R/XYZ 0 696 0]>>endobj
-177 0 obj<</Subtype/Link/Rect[124.5 235.0 207.3 248.0]/Border[0 0 0]/Dest[552 0 R/XYZ 0 568 0]>>endobj
-178 0 obj<</Subtype/Link/Rect[124.5 221.8 225.9 234.8]/Border[0 0 0]/Dest[554 0 R/XYZ 0 705 0]>>endobj
-179 0 obj<</Subtype/Link/Rect[168.8 208.6 237.8 221.6]/Border[0 0 0]/Dest[554 0 R/XYZ 0 630 0]>>endobj
-180 0 obj<</Subtype/Link/Rect[168.8 195.4 237.2 208.4]/Border[0 0 0]/Dest[554 0 R/XYZ 0 571 0]>>endobj
-181 0 obj<</Subtype/Link/Rect[168.8 182.2 259.5 195.2]/Border[0 0 0]/Dest[554 0 R/XYZ 0 513 0]>>endobj
-182 0 obj<</Subtype/Link/Rect[168.8 169.0 236.0 182.0]/Border[0 0 0]/Dest[554 0 R/XYZ 0 455 0]>>endobj
-183 0 obj<</Subtype/Link/Rect[168.8 155.8 234.1 168.8]/Border[0 0 0]/Dest[554 0 R/XYZ 0 383 0]>>endobj
-184 0 obj<</Subtype/Link/Rect[168.8 142.6 241.5 155.6]/Border[0 0 0]/Dest[554 0 R/XYZ 0 325 0]>>endobj
-185 0 obj<</Subtype/Link/Rect[168.8 129.4 239.6 142.4]/Border[0 0 0]/Dest[554 0 R/XYZ 0 266 0]>>endobj
-186 0 obj<</Subtype/Link/Rect[168.8 116.2 257.7 129.2]/Border[0 0 0]/Dest[554 0 R/XYZ 0 208 0]>>endobj
-187 0 obj<</Subtype/Link/Rect[168.8 103.0 255.8 116.0]/Border[0 0 0]/Dest[554 0 R/XYZ 0 149 0]>>endobj
-188 0 obj<</Subtype/Link/Rect[174.2 89.8 268.7 102.8]/Border[0 0 0]/Dest[556 0 R/XYZ 0 734 0]>>endobj
-189 0 obj<</Subtype/Link/Rect[174.2 76.6 266.8 89.6]/Border[0 0 0]/Dest[556 0 R/XYZ 0 675 0]>>endobj
-190 0 obj<</Subtype/Link/Rect[174.2 63.4 248.2 76.4]/Border[0 0 0]/Dest[556 0 R/XYZ 0 617 0]>>endobj
-191 0 obj[150 0 R
-152 0 R
-154 0 R
+146 0 obj<</Subtype/Link/Rect[72.0 684.0 313.7 697.0]/Border[0 0 0]/Dest[677 0 R/XYZ 0 734 0]>>endobj
+147 0 obj<</Subtype/Link/Rect[108.0 670.8 226.9 683.8]/Border[0 0 0]/Dest[679 0 R/XYZ 0 718 0]>>endobj
+148 0 obj<</Subtype/Link/Rect[72.0 644.4 245.3 657.4]/Border[0 0 0]/Dest[683 0 R/XYZ 0 734 0]>>endobj
+149 0 obj<</Subtype/Link/Rect[108.0 631.2 160.2 644.2]/Border[0 0 0]/Dest[683 0 R/XYZ 0 696 0]>>endobj
+150 0 obj<</Subtype/Link/Rect[108.0 618.0 213.7 631.0]/Border[0 0 0]/Dest[683 0 R/XYZ 0 595 0]>>endobj
+151 0 obj[146 0 R
+147 0 R
+148 0 R
+149 0 R
+150 0 R]endobj
+152 0 obj<</S/URI/URI(http://devel.samba.org/)>>endobj
+153 0 obj<</Subtype/Link/Rect[139.5 617.8 243.7 630.8]/Border[0 0 0]/A 152 0 R>>endobj
+154 0 obj<</S/URI/URI(mailto:jelmer@samba.org)>>endobj
+155 0 obj<</Subtype/Link/Rect[347.9 617.8 434.4 630.8]/Border[0 0 0]/A 154 0 R>>endobj
+156 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
+157 0 obj<</Subtype/Link/Rect[72.0 565.0 223.3 578.0]/Border[0 0 0]/A 156 0 R>>endobj
+158 0 obj<</Subtype/Link/Rect[80.2 525.4 351.6 538.4]/Border[0 0 0]/Dest[541 0 R/XYZ 0 734 0]>>endobj
+159 0 obj<</Subtype/Link/Rect[124.5 512.2 171.2 525.2]/Border[0 0 0]/Dest[541 0 R/XYZ 0 672 0]>>endobj
+160 0 obj<</Subtype/Link/Rect[124.5 499.0 230.8 512.0]/Border[0 0 0]/Dest[541 0 R/XYZ 0 201 0]>>endobj
+161 0 obj<</Subtype/Link/Rect[124.5 485.8 196.0 498.8]/Border[0 0 0]/Dest[543 0 R/XYZ 0 705 0]>>endobj
+162 0 obj<</Subtype/Link/Rect[80.2 472.6 170.7 485.6]/Border[0 0 0]/Dest[545 0 R/XYZ 0 734 0]>>endobj
+163 0 obj<</Subtype/Link/Rect[124.5 459.4 182.2 472.4]/Border[0 0 0]/Dest[545 0 R/XYZ 0 696 0]>>endobj
+164 0 obj<</Subtype/Link/Rect[124.5 446.2 245.8 459.2]/Border[0 0 0]/Dest[545 0 R/XYZ 0 529 0]>>endobj
+165 0 obj<</Subtype/Link/Rect[124.5 433.0 199.1 446.0]/Border[0 0 0]/Dest[545 0 R/XYZ 0 335 0]>>endobj
+166 0 obj<</Subtype/Link/Rect[124.5 419.8 200.3 432.8]/Border[0 0 0]/Dest[547 0 R/XYZ 0 734 0]>>endobj
+167 0 obj<</Subtype/Link/Rect[124.5 406.6 185.6 419.6]/Border[0 0 0]/Dest[547 0 R/XYZ 0 434 0]>>endobj
+168 0 obj<</Subtype/Link/Rect[80.2 393.4 203.1 406.4]/Border[0 0 0]/Dest[549 0 R/XYZ 0 734 0]>>endobj
+169 0 obj<</Subtype/Link/Rect[124.5 380.2 212.2 393.2]/Border[0 0 0]/Dest[549 0 R/XYZ 0 696 0]>>endobj
+170 0 obj<</Subtype/Link/Rect[124.5 367.0 223.2 380.0]/Border[0 0 0]/Dest[551 0 R/XYZ 0 734 0]>>endobj
+171 0 obj<</Subtype/Link/Rect[124.5 353.8 245.8 366.8]/Border[0 0 0]/Dest[553 0 R/XYZ 0 734 0]>>endobj
+172 0 obj<</Subtype/Link/Rect[124.5 340.6 242.1 353.6]/Border[0 0 0]/Dest[553 0 R/XYZ 0 514 0]>>endobj
+173 0 obj<</Subtype/Link/Rect[124.5 327.4 193.6 340.4]/Border[0 0 0]/Dest[555 0 R/XYZ 0 734 0]>>endobj
+174 0 obj<</Subtype/Link/Rect[168.8 314.2 211.2 327.2]/Border[0 0 0]/Dest[555 0 R/XYZ 0 700 0]>>endobj
+175 0 obj<</Subtype/Link/Rect[168.8 301.0 210.6 314.0]/Border[0 0 0]/Dest[555 0 R/XYZ 0 602 0]>>endobj
+176 0 obj<</Subtype/Link/Rect[168.8 287.8 261.9 300.8]/Border[0 0 0]/Dest[555 0 R/XYZ 0 491 0]>>endobj
+177 0 obj<</Subtype/Link/Rect[80.2 274.6 170.7 287.6]/Border[0 0 0]/Dest[557 0 R/XYZ 0 734 0]>>endobj
+178 0 obj<</Subtype/Link/Rect[80.2 261.4 155.4 274.4]/Border[0 0 0]/Dest[561 0 R/XYZ 0 734 0]>>endobj
+179 0 obj<</Subtype/Link/Rect[124.5 248.2 216.8 261.2]/Border[0 0 0]/Dest[561 0 R/XYZ 0 696 0]>>endobj
+180 0 obj<</Subtype/Link/Rect[124.5 235.0 207.3 248.0]/Border[0 0 0]/Dest[561 0 R/XYZ 0 568 0]>>endobj
+181 0 obj<</Subtype/Link/Rect[124.5 221.8 225.9 234.8]/Border[0 0 0]/Dest[563 0 R/XYZ 0 705 0]>>endobj
+182 0 obj<</Subtype/Link/Rect[168.8 208.6 237.8 221.6]/Border[0 0 0]/Dest[563 0 R/XYZ 0 630 0]>>endobj
+183 0 obj<</Subtype/Link/Rect[168.8 195.4 237.2 208.4]/Border[0 0 0]/Dest[563 0 R/XYZ 0 571 0]>>endobj
+184 0 obj<</Subtype/Link/Rect[168.8 182.2 259.5 195.2]/Border[0 0 0]/Dest[563 0 R/XYZ 0 513 0]>>endobj
+185 0 obj<</Subtype/Link/Rect[168.8 169.0 236.0 182.0]/Border[0 0 0]/Dest[563 0 R/XYZ 0 455 0]>>endobj
+186 0 obj<</Subtype/Link/Rect[168.8 155.8 234.1 168.8]/Border[0 0 0]/Dest[563 0 R/XYZ 0 383 0]>>endobj
+187 0 obj<</Subtype/Link/Rect[168.8 142.6 241.5 155.6]/Border[0 0 0]/Dest[563 0 R/XYZ 0 325 0]>>endobj
+188 0 obj<</Subtype/Link/Rect[168.8 129.4 239.6 142.4]/Border[0 0 0]/Dest[563 0 R/XYZ 0 266 0]>>endobj
+189 0 obj<</Subtype/Link/Rect[168.8 116.2 257.7 129.2]/Border[0 0 0]/Dest[563 0 R/XYZ 0 208 0]>>endobj
+190 0 obj<</Subtype/Link/Rect[168.8 103.0 255.8 116.0]/Border[0 0 0]/Dest[563 0 R/XYZ 0 149 0]>>endobj
+191 0 obj<</Subtype/Link/Rect[174.2 89.8 268.7 102.8]/Border[0 0 0]/Dest[565 0 R/XYZ 0 734 0]>>endobj
+192 0 obj<</Subtype/Link/Rect[174.2 76.6 266.8 89.6]/Border[0 0 0]/Dest[565 0 R/XYZ 0 675 0]>>endobj
+193 0 obj<</Subtype/Link/Rect[174.2 63.4 248.2 76.4]/Border[0 0 0]/Dest[565 0 R/XYZ 0 617 0]>>endobj
+194 0 obj[153 0 R
 155 0 R
-156 0 R
 157 0 R
 158 0 R
 159 0 R
@@ -356,62 +359,62 @@
 187 0 R
 188 0 R
 189 0 R
-190 0 R]endobj
-192 0 obj<</Subtype/Link/Rect[174.2 721.0 246.4 734.0]/Border[0 0 0]/Dest[556 0 R/XYZ 0 558 0]>>endobj
-193 0 obj<</Subtype/Link/Rect[174.2 707.8 269.9 720.8]/Border[0 0 0]/Dest[556 0 R/XYZ 0 500 0]>>endobj
-194 0 obj<</Subtype/Link/Rect[174.2 694.6 268.0 707.6]/Border[0 0 0]/Dest[556 0 R/XYZ 0 428 0]>>endobj
-195 0 obj<</Subtype/Link/Rect[124.5 681.4 243.0 694.4]/Border[0 0 0]/Dest[556 0 R/XYZ 0 370 0]>>endobj
-196 0 obj<</Subtype/Link/Rect[168.8 668.2 222.8 681.2]/Border[0 0 0]/Dest[556 0 R/XYZ 0 220 0]>>endobj
-197 0 obj<</Subtype/Link/Rect[168.8 655.0 228.0 668.0]/Border[0 0 0]/Dest[558 0 R/XYZ 0 441 0]>>endobj
-198 0 obj<</Subtype/Link/Rect[124.5 641.8 220.7 654.8]/Border[0 0 0]/Dest[560 0 R/XYZ 0 734 0]>>endobj
-199 0 obj<</Subtype/Link/Rect[80.2 628.6 158.5 641.6]/Border[0 0 0]/Dest[562 0 R/XYZ 0 734 0]>>endobj
-200 0 obj<</Subtype/Link/Rect[124.5 615.4 199.7 628.4]/Border[0 0 0]/Dest[562 0 R/XYZ 0 696 0]>>endobj
-201 0 obj<</Subtype/Link/Rect[168.8 602.2 277.8 615.2]/Border[0 0 0]/Dest[562 0 R/XYZ 0 423 0]>>endobj
-202 0 obj<</Subtype/Link/Rect[168.8 589.0 307.5 602.0]/Border[0 0 0]/Dest[562 0 R/XYZ 0 259 0]>>endobj
-203 0 obj<</Subtype/Link/Rect[168.8 575.8 284.6 588.8]/Border[0 0 0]/Dest[564 0 R/XYZ 0 652 0]>>endobj
-204 0 obj<</Subtype/Link/Rect[124.5 562.6 156.6 575.6]/Border[0 0 0]/Dest[564 0 R/XYZ 0 240 0]>>endobj
-205 0 obj<</Subtype/Link/Rect[168.8 549.4 241.2 562.4]/Border[0 0 0]/Dest[566 0 R/XYZ 0 665 0]>>endobj
-206 0 obj<</Subtype/Link/Rect[80.2 536.2 196.0 549.2]/Border[0 0 0]/Dest[568 0 R/XYZ 0 734 0]>>endobj
-207 0 obj<</Subtype/Link/Rect[124.5 523.0 182.2 536.0]/Border[0 0 0]/Dest[568 0 R/XYZ 0 696 0]>>endobj
-208 0 obj<</Subtype/Link/Rect[124.5 509.8 176.7 522.8]/Border[0 0 0]/Dest[568 0 R/XYZ 0 595 0]>>endobj
-209 0 obj<</Subtype/Link/Rect[124.5 496.6 196.0 509.6]/Border[0 0 0]/Dest[568 0 R/XYZ 0 216 0]>>endobj
-210 0 obj<</Subtype/Link/Rect[124.5 483.4 174.9 496.4]/Border[0 0 0]/Dest[570 0 R/XYZ 0 692 0]>>endobj
-211 0 obj<</Subtype/Link/Rect[124.5 470.2 162.7 483.2]/Border[0 0 0]/Dest[570 0 R/XYZ 0 458 0]>>endobj
-212 0 obj<</Subtype/Link/Rect[124.5 457.0 182.5 470.0]/Border[0 0 0]/Dest[572 0 R/XYZ 0 734 0]>>endobj
-213 0 obj<</Subtype/Link/Rect[124.5 443.8 196.0 456.8]/Border[0 0 0]/Dest[572 0 R/XYZ 0 566 0]>>endobj
-214 0 obj<</Subtype/Link/Rect[124.5 430.6 187.4 443.6]/Border[0 0 0]/Dest[572 0 R/XYZ 0 438 0]>>endobj
-215 0 obj<</Subtype/Link/Rect[124.5 417.4 218.6 430.4]/Border[0 0 0]/Dest[572 0 R/XYZ 0 178 0]>>endobj
-216 0 obj<</Subtype/Link/Rect[80.2 404.2 204.9 417.2]/Border[0 0 0]/Dest[576 0 R/XYZ 0 734 0]>>endobj
-217 0 obj<</Subtype/Link/Rect[80.2 391.0 164.8 404.0]/Border[0 0 0]/Dest[580 0 R/XYZ 0 734 0]>>endobj
-218 0 obj<</Subtype/Link/Rect[124.5 377.8 182.2 390.8]/Border[0 0 0]/Dest[580 0 R/XYZ 0 696 0]>>endobj
-219 0 obj<</Subtype/Link/Rect[168.8 364.6 206.3 377.6]/Border[0 0 0]/Dest[582 0 R/XYZ 0 626 0]>>endobj
-220 0 obj<</Subtype/Link/Rect[168.8 351.4 203.9 364.4]/Border[0 0 0]/Dest[582 0 R/XYZ 0 516 0]>>endobj
-221 0 obj<</Subtype/Link/Rect[124.5 338.2 219.5 351.2]/Border[0 0 0]/Dest[582 0 R/XYZ 0 394 0]>>endobj
-222 0 obj<</Subtype/Link/Rect[168.8 325.0 196.6 338.0]/Border[0 0 0]/Dest[582 0 R/XYZ 0 360 0]>>endobj
-223 0 obj<</Subtype/Link/Rect[168.8 311.8 233.2 324.8]/Border[0 0 0]/Dest[584 0 R/XYZ 0 718 0]>>endobj
-224 0 obj<</Subtype/Link/Rect[168.8 298.6 216.7 311.6]/Border[0 0 0]/Dest[584 0 R/XYZ 0 235 0]>>endobj
-225 0 obj<</Subtype/Link/Rect[124.5 285.4 283.7 298.4]/Border[0 0 0]/Dest[604 0 R/XYZ 0 428 0]>>endobj
-226 0 obj<</Subtype/Link/Rect[168.8 272.2 234.1 285.2]/Border[0 0 0]/Dest[604 0 R/XYZ 0 366 0]>>endobj
-227 0 obj<</Subtype/Link/Rect[168.8 259.0 204.5 272.0]/Border[0 0 0]/Dest[606 0 R/XYZ 0 567 0]>>endobj
-228 0 obj<</Subtype/Link/Rect[168.8 245.8 189.2 258.8]/Border[0 0 0]/Dest[614 0 R/XYZ 0 531 0]>>endobj
-229 0 obj<</Subtype/Link/Rect[168.8 232.6 264.4 245.6]/Border[0 0 0]/Dest[614 0 R/XYZ 0 407 0]>>endobj
-230 0 obj<</Subtype/Link/Rect[168.8 219.4 302.0 232.4]/Border[0 0 0]/Dest[616 0 R/XYZ 0 548 0]>>endobj
-231 0 obj<</Subtype/Link/Rect[168.8 206.2 247.3 219.2]/Border[0 0 0]/Dest[616 0 R/XYZ 0 140 0]>>endobj
-232 0 obj<</Subtype/Link/Rect[168.8 193.0 271.4 206.0]/Border[0 0 0]/Dest[618 0 R/XYZ 0 492 0]>>endobj
-233 0 obj<</Subtype/Link/Rect[168.8 179.8 319.7 192.8]/Border[0 0 0]/Dest[618 0 R/XYZ 0 145 0]>>endobj
-234 0 obj<</Subtype/Link/Rect[168.8 166.6 246.7 179.6]/Border[0 0 0]/Dest[620 0 R/XYZ 0 586 0]>>endobj
-235 0 obj<</Subtype/Link/Rect[174.2 153.4 223.1 166.4]/Border[0 0 0]/Dest[620 0 R/XYZ 0 301 0]>>endobj
-236 0 obj<</Subtype/Link/Rect[174.2 140.2 256.4 153.2]/Border[0 0 0]/Dest[622 0 R/XYZ 0 734 0]>>endobj
-237 0 obj<</Subtype/Link/Rect[174.2 127.0 263.8 140.0]/Border[0 0 0]/Dest[622 0 R/XYZ 0 249 0]>>endobj
-238 0 obj<</Subtype/Link/Rect[124.5 113.8 300.8 126.8]/Border[0 0 0]/Dest[624 0 R/XYZ 0 413 0]>>endobj
-239 0 obj<</Subtype/Link/Rect[168.8 100.6 275.4 113.6]/Border[0 0 0]/Dest[626 0 R/XYZ 0 665 0]>>endobj
-240 0 obj<</Subtype/Link/Rect[168.8 87.4 256.4 100.4]/Border[0 0 0]/Dest[626 0 R/XYZ 0 273 0]>>endobj
-241 0 obj<</Subtype/Link/Rect[168.8 74.2 283.6 87.2]/Border[0 0 0]/Dest[628 0 R/XYZ 0 531 0]>>endobj
-242 0 obj<</Subtype/Link/Rect[168.8 61.0 244.8 74.0]/Border[0 0 0]/Dest[628 0 R/XYZ 0 165 0]>>endobj
-243 0 obj[192 0 R
-193 0 R
-194 0 R
-195 0 R
+190 0 R
+191 0 R
+192 0 R
+193 0 R]endobj
+195 0 obj<</Subtype/Link/Rect[174.2 721.0 246.4 734.0]/Border[0 0 0]/Dest[565 0 R/XYZ 0 558 0]>>endobj
+196 0 obj<</Subtype/Link/Rect[174.2 707.8 269.9 720.8]/Border[0 0 0]/Dest[565 0 R/XYZ 0 500 0]>>endobj
+197 0 obj<</Subtype/Link/Rect[174.2 694.6 268.0 707.6]/Border[0 0 0]/Dest[565 0 R/XYZ 0 428 0]>>endobj
+198 0 obj<</Subtype/Link/Rect[124.5 681.4 243.0 694.4]/Border[0 0 0]/Dest[565 0 R/XYZ 0 370 0]>>endobj
+199 0 obj<</Subtype/Link/Rect[168.8 668.2 222.8 681.2]/Border[0 0 0]/Dest[565 0 R/XYZ 0 220 0]>>endobj
+200 0 obj<</Subtype/Link/Rect[168.8 655.0 228.0 668.0]/Border[0 0 0]/Dest[567 0 R/XYZ 0 441 0]>>endobj
+201 0 obj<</Subtype/Link/Rect[124.5 641.8 220.7 654.8]/Border[0 0 0]/Dest[569 0 R/XYZ 0 734 0]>>endobj
+202 0 obj<</Subtype/Link/Rect[80.2 628.6 158.5 641.6]/Border[0 0 0]/Dest[571 0 R/XYZ 0 734 0]>>endobj
+203 0 obj<</Subtype/Link/Rect[124.5 615.4 199.7 628.4]/Border[0 0 0]/Dest[571 0 R/XYZ 0 696 0]>>endobj
+204 0 obj<</Subtype/Link/Rect[168.8 602.2 277.8 615.2]/Border[0 0 0]/Dest[571 0 R/XYZ 0 423 0]>>endobj
+205 0 obj<</Subtype/Link/Rect[168.8 589.0 307.5 602.0]/Border[0 0 0]/Dest[571 0 R/XYZ 0 259 0]>>endobj
+206 0 obj<</Subtype/Link/Rect[168.8 575.8 284.6 588.8]/Border[0 0 0]/Dest[573 0 R/XYZ 0 652 0]>>endobj
+207 0 obj<</Subtype/Link/Rect[124.5 562.6 156.6 575.6]/Border[0 0 0]/Dest[573 0 R/XYZ 0 240 0]>>endobj
+208 0 obj<</Subtype/Link/Rect[168.8 549.4 241.2 562.4]/Border[0 0 0]/Dest[575 0 R/XYZ 0 665 0]>>endobj
+209 0 obj<</Subtype/Link/Rect[80.2 536.2 196.0 549.2]/Border[0 0 0]/Dest[577 0 R/XYZ 0 734 0]>>endobj
+210 0 obj<</Subtype/Link/Rect[124.5 523.0 182.2 536.0]/Border[0 0 0]/Dest[577 0 R/XYZ 0 696 0]>>endobj
+211 0 obj<</Subtype/Link/Rect[124.5 509.8 176.7 522.8]/Border[0 0 0]/Dest[577 0 R/XYZ 0 595 0]>>endobj
+212 0 obj<</Subtype/Link/Rect[124.5 496.6 196.0 509.6]/Border[0 0 0]/Dest[577 0 R/XYZ 0 216 0]>>endobj
+213 0 obj<</Subtype/Link/Rect[124.5 483.4 174.9 496.4]/Border[0 0 0]/Dest[579 0 R/XYZ 0 692 0]>>endobj
+214 0 obj<</Subtype/Link/Rect[124.5 470.2 162.7 483.2]/Border[0 0 0]/Dest[579 0 R/XYZ 0 458 0]>>endobj
+215 0 obj<</Subtype/Link/Rect[124.5 457.0 182.5 470.0]/Border[0 0 0]/Dest[581 0 R/XYZ 0 734 0]>>endobj
+216 0 obj<</Subtype/Link/Rect[124.5 443.8 196.0 456.8]/Border[0 0 0]/Dest[581 0 R/XYZ 0 566 0]>>endobj
+217 0 obj<</Subtype/Link/Rect[124.5 430.6 187.4 443.6]/Border[0 0 0]/Dest[581 0 R/XYZ 0 438 0]>>endobj
+218 0 obj<</Subtype/Link/Rect[124.5 417.4 218.6 430.4]/Border[0 0 0]/Dest[581 0 R/XYZ 0 178 0]>>endobj
+219 0 obj<</Subtype/Link/Rect[80.2 404.2 204.9 417.2]/Border[0 0 0]/Dest[585 0 R/XYZ 0 734 0]>>endobj
+220 0 obj<</Subtype/Link/Rect[80.2 391.0 164.8 404.0]/Border[0 0 0]/Dest[589 0 R/XYZ 0 734 0]>>endobj
+221 0 obj<</Subtype/Link/Rect[124.5 377.8 182.2 390.8]/Border[0 0 0]/Dest[589 0 R/XYZ 0 696 0]>>endobj
+222 0 obj<</Subtype/Link/Rect[168.8 364.6 206.3 377.6]/Border[0 0 0]/Dest[591 0 R/XYZ 0 626 0]>>endobj
+223 0 obj<</Subtype/Link/Rect[168.8 351.4 203.9 364.4]/Border[0 0 0]/Dest[591 0 R/XYZ 0 516 0]>>endobj
+224 0 obj<</Subtype/Link/Rect[124.5 338.2 219.5 351.2]/Border[0 0 0]/Dest[591 0 R/XYZ 0 394 0]>>endobj
+225 0 obj<</Subtype/Link/Rect[168.8 325.0 196.6 338.0]/Border[0 0 0]/Dest[591 0 R/XYZ 0 360 0]>>endobj
+226 0 obj<</Subtype/Link/Rect[168.8 311.8 233.2 324.8]/Border[0 0 0]/Dest[593 0 R/XYZ 0 718 0]>>endobj
+227 0 obj<</Subtype/Link/Rect[168.8 298.6 216.7 311.6]/Border[0 0 0]/Dest[593 0 R/XYZ 0 235 0]>>endobj
+228 0 obj<</Subtype/Link/Rect[124.5 285.4 283.7 298.4]/Border[0 0 0]/Dest[613 0 R/XYZ 0 428 0]>>endobj
+229 0 obj<</Subtype/Link/Rect[168.8 272.2 234.1 285.2]/Border[0 0 0]/Dest[613 0 R/XYZ 0 366 0]>>endobj
+230 0 obj<</Subtype/Link/Rect[168.8 259.0 204.5 272.0]/Border[0 0 0]/Dest[615 0 R/XYZ 0 567 0]>>endobj
+231 0 obj<</Subtype/Link/Rect[168.8 245.8 189.2 258.8]/Border[0 0 0]/Dest[623 0 R/XYZ 0 531 0]>>endobj
+232 0 obj<</Subtype/Link/Rect[168.8 232.6 264.4 245.6]/Border[0 0 0]/Dest[623 0 R/XYZ 0 407 0]>>endobj
+233 0 obj<</Subtype/Link/Rect[168.8 219.4 302.0 232.4]/Border[0 0 0]/Dest[625 0 R/XYZ 0 548 0]>>endobj
+234 0 obj<</Subtype/Link/Rect[168.8 206.2 247.3 219.2]/Border[0 0 0]/Dest[625 0 R/XYZ 0 140 0]>>endobj
+235 0 obj<</Subtype/Link/Rect[168.8 193.0 271.4 206.0]/Border[0 0 0]/Dest[627 0 R/XYZ 0 492 0]>>endobj
+236 0 obj<</Subtype/Link/Rect[168.8 179.8 319.7 192.8]/Border[0 0 0]/Dest[627 0 R/XYZ 0 145 0]>>endobj
+237 0 obj<</Subtype/Link/Rect[168.8 166.6 246.7 179.6]/Border[0 0 0]/Dest[629 0 R/XYZ 0 586 0]>>endobj
+238 0 obj<</Subtype/Link/Rect[174.2 153.4 223.1 166.4]/Border[0 0 0]/Dest[629 0 R/XYZ 0 301 0]>>endobj
+239 0 obj<</Subtype/Link/Rect[174.2 140.2 256.4 153.2]/Border[0 0 0]/Dest[631 0 R/XYZ 0 734 0]>>endobj
+240 0 obj<</Subtype/Link/Rect[174.2 127.0 263.8 140.0]/Border[0 0 0]/Dest[631 0 R/XYZ 0 249 0]>>endobj
+241 0 obj<</Subtype/Link/Rect[124.5 113.8 300.8 126.8]/Border[0 0 0]/Dest[633 0 R/XYZ 0 413 0]>>endobj
+242 0 obj<</Subtype/Link/Rect[168.8 100.6 275.4 113.6]/Border[0 0 0]/Dest[635 0 R/XYZ 0 665 0]>>endobj
+243 0 obj<</Subtype/Link/Rect[168.8 87.4 256.4 100.4]/Border[0 0 0]/Dest[635 0 R/XYZ 0 273 0]>>endobj
+244 0 obj<</Subtype/Link/Rect[168.8 74.2 283.6 87.2]/Border[0 0 0]/Dest[637 0 R/XYZ 0 531 0]>>endobj
+245 0 obj<</Subtype/Link/Rect[168.8 61.0 244.8 74.0]/Border[0 0 0]/Dest[637 0 R/XYZ 0 165 0]>>endobj
+246 0 obj[195 0 R
 196 0 R
 197 0 R
 198 0 R
@@ -458,50 +461,53 @@
 239 0 R
 240 0 R
 241 0 R
-242 0 R]endobj
-244 0 obj<</Subtype/Link/Rect[168.8 721.0 245.5 734.0]/Border[0 0 0]/Dest[630 0 R/XYZ 0 353 0]>>endobj
-245 0 obj<</Subtype/Link/Rect[124.5 707.8 261.7 720.8]/Border[0 0 0]/Dest[632 0 R/XYZ 0 734 0]>>endobj
-246 0 obj<</Subtype/Link/Rect[168.8 694.6 239.3 707.6]/Border[0 0 0]/Dest[632 0 R/XYZ 0 658 0]>>endobj
-247 0 obj<</Subtype/Link/Rect[168.8 681.4 223.8 694.4]/Border[0 0 0]/Dest[634 0 R/XYZ 0 734 0]>>endobj
-248 0 obj<</Subtype/Link/Rect[124.5 668.2 264.4 681.2]/Border[0 0 0]/Dest[636 0 R/XYZ 0 705 0]>>endobj
-249 0 obj<</Subtype/Link/Rect[168.8 655.0 243.6 668.0]/Border[0 0 0]/Dest[636 0 R/XYZ 0 577 0]>>endobj
-250 0 obj<</Subtype/Link/Rect[168.8 641.8 257.3 654.8]/Border[0 0 0]/Dest[638 0 R/XYZ 0 734 0]>>endobj
-251 0 obj<</Subtype/Link/Rect[124.5 628.6 345.7 641.6]/Border[0 0 0]/Dest[638 0 R/XYZ 0 433 0]>>endobj
-252 0 obj<</Subtype/Link/Rect[168.8 615.4 220.4 628.4]/Border[0 0 0]/Dest[638 0 R/XYZ 0 400 0]>>endobj
-253 0 obj<</Subtype/Link/Rect[168.8 602.2 210.0 615.2]/Border[0 0 0]/Dest[640 0 R/XYZ 0 734 0]>>endobj
-254 0 obj<</Subtype/Link/Rect[168.8 589.0 217.9 602.0]/Border[0 0 0]/Dest[640 0 R/XYZ 0 385 0]>>endobj
-255 0 obj<</Subtype/Link/Rect[124.5 575.8 193.2 588.8]/Border[0 0 0]/Dest[640 0 R/XYZ 0 128 0]>>endobj
-256 0 obj<</Subtype/Link/Rect[168.8 562.6 251.9 575.6]/Border[0 0 0]/Dest[642 0 R/XYZ 0 633 0]>>endobj
-257 0 obj<</Subtype/Link/Rect[168.8 549.4 254.4 562.4]/Border[0 0 0]/Dest[644 0 R/XYZ 0 665 0]>>endobj
-258 0 obj<</Subtype/Link/Rect[85.8 536.2 200.3 549.2]/Border[0 0 0]/Dest[648 0 R/XYZ 0 734 0]>>endobj
-259 0 obj<</Subtype/Link/Rect[130.0 523.0 170.0 536.0]/Border[0 0 0]/Dest[648 0 R/XYZ 0 696 0]>>endobj
-260 0 obj<</Subtype/Link/Rect[130.0 509.8 308.4 522.8]/Border[0 0 0]/Dest[648 0 R/XYZ 0 621 0]>>endobj
-261 0 obj<</Subtype/Link/Rect[130.0 496.6 217.0 509.6]/Border[0 0 0]/Dest[648 0 R/XYZ 0 361 0]>>endobj
-262 0 obj<</Subtype/Link/Rect[130.0 483.4 360.7 496.4]/Border[0 0 0]/Dest[652 0 R/XYZ 0 692 0]>>endobj
-263 0 obj<</Subtype/Link/Rect[130.0 470.2 306.3 483.2]/Border[0 0 0]/Dest[652 0 R/XYZ 0 630 0]>>endobj
-264 0 obj<</Subtype/Link/Rect[85.8 457.0 189.3 470.0]/Border[0 0 0]/Dest[658 0 R/XYZ 0 734 0]>>endobj
-265 0 obj<</Subtype/Link/Rect[130.0 443.8 199.0 456.8]/Border[0 0 0]/Dest[658 0 R/XYZ 0 696 0]>>endobj
-266 0 obj<</Subtype/Link/Rect[85.8 430.6 211.0 443.6]/Border[0 0 0]/Dest[660 0 R/XYZ 0 734 0]>>endobj
-267 0 obj<</Subtype/Link/Rect[130.0 417.4 245.6 430.4]/Border[0 0 0]/Dest[660 0 R/XYZ 0 696 0]>>endobj
-268 0 obj<</Subtype/Link/Rect[130.0 404.2 234.2 417.2]/Border[0 0 0]/Dest[662 0 R/XYZ 0 639 0]>>endobj
-269 0 obj<</Subtype/Link/Rect[130.0 391.0 289.8 404.0]/Border[0 0 0]/Dest[662 0 R/XYZ 0 498 0]>>endobj
-270 0 obj<</Subtype/Link/Rect[130.0 377.8 162.7 390.8]/Border[0 0 0]/Dest[662 0 R/XYZ 0 198 0]>>endobj
-271 0 obj<</Subtype/Link/Rect[174.2 364.6 228.3 377.6]/Border[0 0 0]/Dest[662 0 R/XYZ 0 165 0]>>endobj
-272 0 obj<</Subtype/Link/Rect[174.2 351.4 240.8 364.4]/Border[0 0 0]/Dest[664 0 R/XYZ 0 734 0]>>endobj
-273 0 obj<</Subtype/Link/Rect[174.2 338.2 239.0 351.2]/Border[0 0 0]/Dest[664 0 R/XYZ 0 596 0]>>endobj
-274 0 obj<</Subtype/Link/Rect[130.0 325.0 194.8 338.0]/Border[0 0 0]/Dest[664 0 R/XYZ 0 485 0]>>endobj
-275 0 obj<</Subtype/Link/Rect[174.2 311.8 305.9 324.8]/Border[0 0 0]/Dest[664 0 R/XYZ 0 451 0]>>endobj
-276 0 obj<</Subtype/Link/Rect[174.2 298.6 215.5 311.6]/Border[0 0 0]/Dest[664 0 R/XYZ 0 366 0]>>endobj
-277 0 obj<</Subtype/Link/Rect[130.0 285.4 229.6 298.4]/Border[0 0 0]/Dest[664 0 R/XYZ 0 229 0]>>endobj
-278 0 obj<</Subtype/Link/Rect[130.0 272.2 165.1 285.2]/Border[0 0 0]/Dest[666 0 R/XYZ 0 489 0]>>endobj
-279 0 obj<</Subtype/Link/Rect[85.8 259.0 259.0 272.0]/Border[0 0 0]/Dest[668 0 R/XYZ 0 734 0]>>endobj
-280 0 obj<</Subtype/Link/Rect[130.0 245.8 187.8 258.8]/Border[0 0 0]/Dest[668 0 R/XYZ 0 696 0]>>endobj
-281 0 obj<</Subtype/Link/Rect[130.0 232.6 215.6 245.6]/Border[0 0 0]/Dest[668 0 R/XYZ 0 568 0]>>endobj
-282 0 obj<</Subtype/Link/Rect[130.0 219.4 218.9 221.4]/Border[0 0 0]/Dest[670 0 R/XYZ 0 718 0]>>endobj
-283 0 obj[244 0 R
-245 0 R
-246 0 R
-247 0 R
+242 0 R
+243 0 R
+244 0 R
+245 0 R]endobj
+247 0 obj<</Subtype/Link/Rect[168.8 721.0 245.5 734.0]/Border[0 0 0]/Dest[639 0 R/XYZ 0 353 0]>>endobj
+248 0 obj<</Subtype/Link/Rect[124.5 707.8 261.7 720.8]/Border[0 0 0]/Dest[641 0 R/XYZ 0 734 0]>>endobj
+249 0 obj<</Subtype/Link/Rect[168.8 694.6 239.3 707.6]/Border[0 0 0]/Dest[641 0 R/XYZ 0 658 0]>>endobj
+250 0 obj<</Subtype/Link/Rect[168.8 681.4 223.8 694.4]/Border[0 0 0]/Dest[643 0 R/XYZ 0 734 0]>>endobj
+251 0 obj<</Subtype/Link/Rect[124.5 668.2 264.4 681.2]/Border[0 0 0]/Dest[645 0 R/XYZ 0 705 0]>>endobj
+252 0 obj<</Subtype/Link/Rect[168.8 655.0 243.6 668.0]/Border[0 0 0]/Dest[645 0 R/XYZ 0 577 0]>>endobj
+253 0 obj<</Subtype/Link/Rect[168.8 641.8 257.3 654.8]/Border[0 0 0]/Dest[647 0 R/XYZ 0 734 0]>>endobj
+254 0 obj<</Subtype/Link/Rect[124.5 628.6 345.7 641.6]/Border[0 0 0]/Dest[647 0 R/XYZ 0 433 0]>>endobj
+255 0 obj<</Subtype/Link/Rect[168.8 615.4 220.4 628.4]/Border[0 0 0]/Dest[647 0 R/XYZ 0 400 0]>>endobj
+256 0 obj<</Subtype/Link/Rect[168.8 602.2 210.0 615.2]/Border[0 0 0]/Dest[649 0 R/XYZ 0 734 0]>>endobj
+257 0 obj<</Subtype/Link/Rect[168.8 589.0 217.9 602.0]/Border[0 0 0]/Dest[649 0 R/XYZ 0 385 0]>>endobj
+258 0 obj<</Subtype/Link/Rect[124.5 575.8 193.2 588.8]/Border[0 0 0]/Dest[649 0 R/XYZ 0 128 0]>>endobj
+259 0 obj<</Subtype/Link/Rect[168.8 562.6 251.9 575.6]/Border[0 0 0]/Dest[651 0 R/XYZ 0 633 0]>>endobj
+260 0 obj<</Subtype/Link/Rect[168.8 549.4 254.4 562.4]/Border[0 0 0]/Dest[653 0 R/XYZ 0 665 0]>>endobj
+261 0 obj<</Subtype/Link/Rect[85.8 536.2 200.3 549.2]/Border[0 0 0]/Dest[657 0 R/XYZ 0 734 0]>>endobj
+262 0 obj<</Subtype/Link/Rect[130.0 523.0 170.0 536.0]/Border[0 0 0]/Dest[657 0 R/XYZ 0 696 0]>>endobj
+263 0 obj<</Subtype/Link/Rect[130.0 509.8 308.4 522.8]/Border[0 0 0]/Dest[657 0 R/XYZ 0 621 0]>>endobj
+264 0 obj<</Subtype/Link/Rect[130.0 496.6 217.0 509.6]/Border[0 0 0]/Dest[657 0 R/XYZ 0 361 0]>>endobj
+265 0 obj<</Subtype/Link/Rect[130.0 483.4 368.6 496.4]/Border[0 0 0]/Dest[661 0 R/XYZ 0 692 0]>>endobj
+266 0 obj<</Subtype/Link/Rect[130.0 470.2 306.3 483.2]/Border[0 0 0]/Dest[661 0 R/XYZ 0 630 0]>>endobj
+267 0 obj<</Subtype/Link/Rect[85.8 457.0 189.3 470.0]/Border[0 0 0]/Dest[667 0 R/XYZ 0 734 0]>>endobj
+268 0 obj<</Subtype/Link/Rect[130.0 443.8 199.0 456.8]/Border[0 0 0]/Dest[667 0 R/XYZ 0 696 0]>>endobj
+269 0 obj<</Subtype/Link/Rect[85.8 430.6 211.0 443.6]/Border[0 0 0]/Dest[669 0 R/XYZ 0 734 0]>>endobj
+270 0 obj<</Subtype/Link/Rect[130.0 417.4 245.6 430.4]/Border[0 0 0]/Dest[669 0 R/XYZ 0 696 0]>>endobj
+271 0 obj<</Subtype/Link/Rect[130.0 404.2 234.2 417.2]/Border[0 0 0]/Dest[671 0 R/XYZ 0 639 0]>>endobj
+272 0 obj<</Subtype/Link/Rect[130.0 391.0 289.8 404.0]/Border[0 0 0]/Dest[671 0 R/XYZ 0 498 0]>>endobj
+273 0 obj<</Subtype/Link/Rect[130.0 377.8 162.7 390.8]/Border[0 0 0]/Dest[671 0 R/XYZ 0 198 0]>>endobj
+274 0 obj<</Subtype/Link/Rect[174.2 364.6 228.3 377.6]/Border[0 0 0]/Dest[671 0 R/XYZ 0 165 0]>>endobj
+275 0 obj<</Subtype/Link/Rect[174.2 351.4 240.8 364.4]/Border[0 0 0]/Dest[673 0 R/XYZ 0 734 0]>>endobj
+276 0 obj<</Subtype/Link/Rect[174.2 338.2 239.0 351.2]/Border[0 0 0]/Dest[673 0 R/XYZ 0 596 0]>>endobj
+277 0 obj<</Subtype/Link/Rect[130.0 325.0 194.8 338.0]/Border[0 0 0]/Dest[673 0 R/XYZ 0 485 0]>>endobj
+278 0 obj<</Subtype/Link/Rect[174.2 311.8 305.9 324.8]/Border[0 0 0]/Dest[673 0 R/XYZ 0 451 0]>>endobj
+279 0 obj<</Subtype/Link/Rect[174.2 298.6 215.5 311.6]/Border[0 0 0]/Dest[673 0 R/XYZ 0 366 0]>>endobj
+280 0 obj<</Subtype/Link/Rect[130.0 285.4 229.6 298.4]/Border[0 0 0]/Dest[673 0 R/XYZ 0 229 0]>>endobj
+281 0 obj<</Subtype/Link/Rect[130.0 272.2 165.1 285.2]/Border[0 0 0]/Dest[675 0 R/XYZ 0 489 0]>>endobj
+282 0 obj<</Subtype/Link/Rect[85.8 259.0 259.0 272.0]/Border[0 0 0]/Dest[677 0 R/XYZ 0 734 0]>>endobj
+283 0 obj<</Subtype/Link/Rect[130.0 245.8 187.8 258.8]/Border[0 0 0]/Dest[677 0 R/XYZ 0 696 0]>>endobj
+284 0 obj<</Subtype/Link/Rect[130.0 232.6 215.6 245.6]/Border[0 0 0]/Dest[677 0 R/XYZ 0 568 0]>>endobj
+285 0 obj<</Subtype/Link/Rect[130.0 219.4 226.3 221.4]/Border[0 0 0]/Dest[679 0 R/XYZ 0 718 0]>>endobj
+286 0 obj<</Subtype/Link/Rect[85.8 206.2 197.9 219.2]/Border[0 0 0]/Dest[683 0 R/XYZ 0 734 0]>>endobj
+287 0 obj<</Subtype/Link/Rect[130.0 193.0 159.0 206.0]/Border[0 0 0]/Dest[683 0 R/XYZ 0 696 0]>>endobj
+288 0 obj<</Subtype/Link/Rect[130.0 179.8 213.7 192.8]/Border[0 0 0]/Dest[683 0 R/XYZ 0 595 0]>>endobj
+289 0 obj[247 0 R
 248 0 R
 249 0 R
 250 0 R
@@ -536,418 +542,438 @@
 279 0 R
 280 0 R
 281 0 R
-282 0 R]endobj
-284 0 obj<</S/URI/URI(http://lxr.linux.no/source/Documentation/CodingStyle)>>endobj
-285 0 obj<</Subtype/Link/Rect[72.0 499.0 310.3 512.0]/Border[0 0 0]/A 284 0 R>>endobj
-286 0 obj<</S/URI/URI(http://www.fsf.org/prep/standards_toc.html)>>endobj
-287 0 obj<</Subtype/Link/Rect[72.0 472.6 263.0 485.6]/Border[0 0 0]/A 286 0 R>>endobj
-288 0 obj[285 0 R
-287 0 R]endobj
-289 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/cifsntdomain.txt)>>endobj
-290 0 obj<</Subtype/Link/Rect[226.0 637.0 433.6 650.0]/Border[0 0 0]/A 289 0 R>>endobj
-291 0 obj<</S/URI/URI(http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708;L=ntbugtraq;O=A;P=2935)>>endobj
-292 0 obj<</Subtype/Link/Rect[72.0 386.2 451.3 399.2]/Border[0 0 0]/A 291 0 R>>endobj
-293 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/crypt.html)>>endobj
-294 0 obj<</Subtype/Link/Rect[72.0 359.8 250.6 372.8]/Border[0 0 0]/A 293 0 R>>endobj
-295 0 obj<</S/URI/URI(mailto:linus@incolumitas.se)>>endobj
-296 0 obj<</Subtype/Link/Rect[244.7 333.4 317.4 346.4]/Border[0 0 0]/A 295 0 R>>endobj
-297 0 obj<</S/URI/URI(http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html)>>endobj
-298 0 obj<</Subtype/Link/Rect[72.0 307.0 346.5 320.0]/Border[0 0 0]/A 297 0 R>>endobj
-299 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/crypt.txt)>>endobj
-300 0 obj<</Subtype/Link/Rect[72.0 280.6 242.0 293.6]/Border[0 0 0]/A 299 0 R>>endobj
-301 0 obj[290 0 R
-292 0 R
-294 0 R
-296 0 R
+282 0 R
+283 0 R
+284 0 R
+285 0 R
+286 0 R
+287 0 R
+288 0 R]endobj
+290 0 obj<</S/URI/URI(http://lxr.linux.no/source/Documentation/CodingStyle)>>endobj
+291 0 obj<</Subtype/Link/Rect[72.0 499.0 310.3 512.0]/Border[0 0 0]/A 290 0 R>>endobj
+292 0 obj<</S/URI/URI(http://www.fsf.org/prep/standards_toc.html)>>endobj
+293 0 obj<</Subtype/Link/Rect[72.0 472.6 263.0 485.6]/Border[0 0 0]/A 292 0 R>>endobj
+294 0 obj[291 0 R
+293 0 R]endobj
+295 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/cifsntdomain.txt)>>endobj
+296 0 obj<</Subtype/Link/Rect[226.0 637.0 433.6 650.0]/Border[0 0 0]/A 295 0 R>>endobj
+297 0 obj<</S/URI/URI(http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708;L=ntbugtraq;O=A;P=2935)>>endobj
+298 0 obj<</Subtype/Link/Rect[72.0 386.2 451.3 399.2]/Border[0 0 0]/A 297 0 R>>endobj
+299 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/crypt.html)>>endobj
+300 0 obj<</Subtype/Link/Rect[72.0 359.8 250.6 372.8]/Border[0 0 0]/A 299 0 R>>endobj
+301 0 obj<</S/URI/URI(mailto:linus@incolumitas.se)>>endobj
+302 0 obj<</Subtype/Link/Rect[244.7 333.4 317.4 346.4]/Border[0 0 0]/A 301 0 R>>endobj
+303 0 obj<</S/URI/URI(http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html)>>endobj
+304 0 obj<</Subtype/Link/Rect[72.0 307.0 346.5 320.0]/Border[0 0 0]/A 303 0 R>>endobj
+305 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/crypt.txt)>>endobj
+306 0 obj<</Subtype/Link/Rect[72.0 280.6 242.0 293.6]/Border[0 0 0]/A 305 0 R>>endobj
+307 0 obj[296 0 R
 298 0 R
-300 0 R]endobj
-302 0 obj<</Dests 303 0 R>>endobj
-303 0 obj<</Kids[304 0 R]>>endobj
-304 0 obj<</Limits[(aen1008)(wins)]/Names[(aen1008)305 0 R(aen1019)306 0 R(aen103)307 0 R(aen1040)308 0 R(aen1053)309 0 R(aen1100)310 0 R(aen1127)311 0 R(aen1138)312 0 R(aen1177)313 0 R(aen1208)314 0 R(aen128)315 0 R(aen1365)316 0 R(aen1388)317 0 R(aen1399)318 0 R(aen1445)319 0 R(aen151)320 0 R(aen1571)321 0 R(aen1574)322 0 R(aen1588)323 0 R(aen159)324 0 R(aen1649)325 0 R(aen1688)326 0 R(aen1693)327 0 R(aen1704)328 0 R(aen1744)329 0 R(aen1755)330 0 R(aen179)331 0 R(aen1799)332 0 R(aen181)333 0 R(aen1819)334 0 R(aen184)335 0 R(aen1842)336 0 R(aen1854)337 0 R(aen188)338 0 R(aen1898)339 0 R(aen1939)340 0 R(aen1943)341 0 R(aen1962)342 0 R(aen1973)343 0 R(aen1977)344 0 R(aen1988)345 0 R(aen2001)346 0 R(aen2003)347 0 R(aen2006)348 0 R(aen2025)349 0 R(aen2027)350 0 R(aen2030)351 0 R(aen2054)352 0 R(aen2056)353 0 R(aen2063)354 0 R(aen2071)355 0 R(aen2075)356 0 R(aen2102)357 0 R(aen2130)358 0 R(aen2134)359 0 R(aen2165)360 0 R(aen2193)361 0 R(aen2232)362 0 R(aen2240)363 0 R(aen2259)364 0 R(aen2267)365 0 R(aen2275)366 0 R(aen2294)367 0 R(aen2306)368 0 R(aen2316)369 0 R(aen2327)370 0 R(aen2335)371 0 R(aen2339)372 0 R(aen2346)373 0 R(aen2359)374 0 R(aen2363)375 0 R(aen2370)376 0 R(aen2382)377 0 R(aen2386)378 0 R(aen2390)379 0 R(aen24)380 0 R(aen2425)381 0 R(aen2460)382 0 R(aen2468)383 0 R(aen2519)384 0 R(aen2550)385 0 R(aen2562)386 0 R(aen2568)387 0 R(aen2603)388 0 R(aen2623)389 0 R(aen2627)390 0 R(aen2638)391 0 R(aen2654)392 0 R(aen2656)393 0 R(aen2699)394 0 R(aen2709)395 0 R(aen2716)396 0 R(aen2724)397 0 R(aen2726)398 0 R(aen2761)399 0 R(aen2812)400 0 R(aen2815)401 0 R(aen2829)402 0 R(aen284)403 0 R(aen2847)404 0 R(aen288)405 0 R(aen2896)406 0 R(aen2899)407 0 R(aen2925)408 0 R(aen2959)409 0 R(aen2962)410 0 R(aen3033)411 0 R(aen3054)412 0 R(aen3071)413 0 R(aen3075)414 0 R(aen3086)415 0 R(aen3088)416 0 R(aen3091)417 0 R(aen3095)418 0 R(aen3098)419 0 R(aen3100)420 0 R(aen3103)421 0 R(aen3107)422 0 R(aen3121)423 0 R(aen3147)424 0 R(aen3151)425 0 R(aen3162)426 0 R(aen317)427 0 R(aen320)428 0 R(aen323)429 0 R(aen326)430 0 R(aen329)431 0 R(aen332)432 0 R(aen335)433 0 R(aen338)434 0 R(aen341)435 0 R(aen344)436 0 R(aen347)437 0 R(aen35)438 0 R(aen350)439 0 R(aen353)440 0 R(aen356)441 0 R(aen359)442 0 R(aen362)443 0 R(aen365)444 0 R(aen371)445 0 R(aen39)446 0 R(aen4)447 0 R(aen406)448 0 R(aen420)449 0 R(aen451)450 0 R(aen472)451 0 R(aen484)452 0 R(aen495)453 0 R(aen515)454 0 R(aen530)455 0 R(aen54)456 0 R(aen540)457 0 R(aen544)458 0 R(aen552)459 0 R(aen557)460 0 R(aen563)461 0 R(aen571)462 0 R(aen575)463 0 R(aen579)464 0 R(aen584)465 0 R(aen65)466 0 R(aen652)467 0 R(aen688)468 0 R(aen695)469 0 R(aen70)470 0 R(aen702)471 0 R(aen704)472 0 R(aen717)473 0 R(aen719)474 0 R(aen739)475 0 R(aen775)476 0 R(aen777)477 0 R(aen780)478 0 R(aen783)479 0 R(aen786)480 0 R(aen789)481 0 R(aen8)482 0 R(aen814)483 0 R(aen817)484 0 R(aen832)485 0 R(aen843)486 0 R(aen850)487 0 R(aen86)488 0 R(aen861)489 0 R(aen884)490 0 R(aen911)491 0 R(aen918)492 0 R(aen92)493 0 R(aen941)494 0 R(aen960)495 0 R(aen987)496 0 R(architecture)497 0 R(codingsuggestions)498 0 R(debug)499 0 R(internals)500 0 R(netbios)501 0 R(ntdomain)502 0 R(parsing)503 0 R(printing)504 0 R(pwencrypt)505 0 R(sam)506 0 R(samba-developers-guide)507 0 R(samba-developers-guide.html)508 0 R(smbpasswdfileformat)509 0 R(tracing)510 0 R(unix-smb)511 0 R(wins)512 0 R]>>endobj
-305 0 obj<</D[592 0 R/XYZ 0 734 0]>>endobj
-306 0 obj<</D[592 0 R/XYZ 0 639 0]>>endobj
-307 0 obj<</D[540 0 R/XYZ 0 696 0]>>endobj
-308 0 obj<</D[592 0 R/XYZ 0 439 0]>>endobj
-309 0 obj<</D[592 0 R/XYZ 0 292 0]>>endobj
-310 0 obj<</D[594 0 R/XYZ 0 626 0]>>endobj
-311 0 obj<</D[594 0 R/XYZ 0 345 0]>>endobj
-312 0 obj<</D[594 0 R/XYZ 0 251 0]>>endobj
-313 0 obj<</D[596 0 R/XYZ 0 639 0]>>endobj
-314 0 obj<</D[596 0 R/XYZ 0 413 0]>>endobj
-315 0 obj<</D[542 0 R/XYZ 0 734 0]>>endobj
-316 0 obj<</D[600 0 R/XYZ 0 679 0]>>endobj
-317 0 obj<</D[600 0 R/XYZ 0 438 0]>>endobj
-318 0 obj<</D[600 0 R/XYZ 0 344 0]>>endobj
-319 0 obj<</D[602 0 R/XYZ 0 639 0]>>endobj
-320 0 obj<</D[544 0 R/XYZ 0 734 0]>>endobj
-321 0 obj<</D[604 0 R/XYZ 0 428 0]>>endobj
-322 0 obj<</D[604 0 R/XYZ 0 366 0]>>endobj
-323 0 obj<</D[606 0 R/XYZ 0 567 0]>>endobj
-324 0 obj<</D[544 0 R/XYZ 0 514 0]>>endobj
-325 0 obj<</D[610 0 R/XYZ 0 734 0]>>endobj
-326 0 obj<</D[610 0 R/XYZ 0 467 0]>>endobj
-327 0 obj<</D[610 0 R/XYZ 0 378 0]>>endobj
-328 0 obj<</D[610 0 R/XYZ 0 283 0]>>endobj
-329 0 obj<</D[612 0 R/XYZ 0 639 0]>>endobj
-330 0 obj<</D[612 0 R/XYZ 0 545 0]>>endobj
-331 0 obj<</D[546 0 R/XYZ 0 734 0]>>endobj
-332 0 obj<</D[612 0 R/XYZ 0 213 0]>>endobj
-333 0 obj<</D[546 0 R/XYZ 0 700 0]>>endobj
-334 0 obj<</D[614 0 R/XYZ 0 705 0]>>endobj
-335 0 obj<</D[546 0 R/XYZ 0 602 0]>>endobj
-336 0 obj<</D[614 0 R/XYZ 0 531 0]>>endobj
-337 0 obj<</D[614 0 R/XYZ 0 407 0]>>endobj
-338 0 obj<</D[546 0 R/XYZ 0 491 0]>>endobj
-339 0 obj<</D[616 0 R/XYZ 0 548 0]>>endobj
-340 0 obj<</D[616 0 R/XYZ 0 140 0]>>endobj
-341 0 obj<</D[618 0 R/XYZ 0 734 0]>>endobj
-342 0 obj<</D[618 0 R/XYZ 0 586 0]>>endobj
-343 0 obj<</D[618 0 R/XYZ 0 492 0]>>endobj
-344 0 obj<</D[618 0 R/XYZ 0 433 0]>>endobj
-345 0 obj<</D[618 0 R/XYZ 0 339 0]>>endobj
-346 0 obj<</D[618 0 R/XYZ 0 145 0]>>endobj
-347 0 obj<</D[618 0 R/XYZ 0 115 0]>>endobj
-348 0 obj<</D[620 0 R/XYZ 0 734 0]>>endobj
-349 0 obj<</D[620 0 R/XYZ 0 586 0]>>endobj
-350 0 obj<</D[620 0 R/XYZ 0 556 0]>>endobj
-351 0 obj<</D[620 0 R/XYZ 0 501 0]>>endobj
-352 0 obj<</D[620 0 R/XYZ 0 301 0]>>endobj
-353 0 obj<</D[620 0 R/XYZ 0 271 0]>>endobj
-354 0 obj<</D[620 0 R/XYZ 0 203 0]>>endobj
-355 0 obj<</D[622 0 R/XYZ 0 734 0]>>endobj
-356 0 obj<</D[622 0 R/XYZ 0 675 0]>>endobj
-357 0 obj<</D[622 0 R/XYZ 0 475 0]>>endobj
-358 0 obj<</D[622 0 R/XYZ 0 249 0]>>endobj
-359 0 obj<</D[622 0 R/XYZ 0 190 0]>>endobj
-360 0 obj<</D[624 0 R/XYZ 0 639 0]>>endobj
-361 0 obj<</D[624 0 R/XYZ 0 413 0]>>endobj
-362 0 obj<</D[626 0 R/XYZ 0 665 0]>>endobj
-363 0 obj<</D[626 0 R/XYZ 0 515 0]>>endobj
-364 0 obj<</D[626 0 R/XYZ 0 367 0]>>endobj
-365 0 obj<</D[626 0 R/XYZ 0 273 0]>>endobj
-366 0 obj<</D[626 0 R/XYZ 0 135 0]>>endobj
-367 0 obj<</D[628 0 R/XYZ 0 652 0]>>endobj
-368 0 obj<</D[628 0 R/XYZ 0 531 0]>>endobj
-369 0 obj<</D[628 0 R/XYZ 0 354 0]>>endobj
-370 0 obj<</D[628 0 R/XYZ 0 260 0]>>endobj
-371 0 obj<</D[628 0 R/XYZ 0 165 0]>>endobj
-372 0 obj<</D[630 0 R/XYZ 0 734 0]>>endobj
-373 0 obj<</D[630 0 R/XYZ 0 665 0]>>endobj
-374 0 obj<</D[630 0 R/XYZ 0 353 0]>>endobj
-375 0 obj<</D[630 0 R/XYZ 0 281 0]>>endobj
-376 0 obj<</D[630 0 R/XYZ 0 213 0]>>endobj
-377 0 obj<</D[632 0 R/XYZ 0 734 0]>>endobj
-378 0 obj<</D[632 0 R/XYZ 0 658 0]>>endobj
-379 0 obj<</D[632 0 R/XYZ 0 600 0]>>endobj
-380 0 obj<</D[532 0 R/XYZ 0 672 0]>>endobj
-381 0 obj<</D[632 0 R/XYZ 0 347 0]>>endobj
-382 0 obj<</D[634 0 R/XYZ 0 734 0]>>endobj
-383 0 obj<</D[634 0 R/XYZ 0 622 0]>>endobj
-384 0 obj<</D[634 0 R/XYZ 0 264 0]>>endobj
-385 0 obj<</D[636 0 R/XYZ 0 705 0]>>endobj
-386 0 obj<</D[636 0 R/XYZ 0 577 0]>>endobj
-387 0 obj<</D[636 0 R/XYZ 0 492 0]>>endobj
-388 0 obj<</D[636 0 R/XYZ 0 239 0]>>endobj
-389 0 obj<</D[638 0 R/XYZ 0 734 0]>>endobj
-390 0 obj<</D[638 0 R/XYZ 0 675 0]>>endobj
-391 0 obj<</D[638 0 R/XYZ 0 581 0]>>endobj
-392 0 obj<</D[638 0 R/XYZ 0 433 0]>>endobj
-393 0 obj<</D[638 0 R/XYZ 0 400 0]>>endobj
-394 0 obj<</D[640 0 R/XYZ 0 734 0]>>endobj
-395 0 obj<</D[640 0 R/XYZ 0 385 0]>>endobj
-396 0 obj<</D[640 0 R/XYZ 0 128 0]>>endobj
-397 0 obj<</D[642 0 R/XYZ 0 633 0]>>endobj
-398 0 obj<</D[642 0 R/XYZ 0 603 0]>>endobj
-399 0 obj<</D[642 0 R/XYZ 0 351 0]>>endobj
-400 0 obj<</D[644 0 R/XYZ 0 665 0]>>endobj
-401 0 obj<</D[644 0 R/XYZ 0 594 0]>>endobj
-402 0 obj<</D[644 0 R/XYZ 0 407 0]>>endobj
-403 0 obj<</D[552 0 R/XYZ 0 696 0]>>endobj
-404 0 obj<</D[644 0 R/XYZ 0 141 0]>>endobj
-405 0 obj<</D[552 0 R/XYZ 0 568 0]>>endobj
-406 0 obj<</D[648 0 R/XYZ 0 696 0]>>endobj
-407 0 obj<</D[648 0 R/XYZ 0 621 0]>>endobj
-408 0 obj<</D[648 0 R/XYZ 0 361 0]>>endobj
-409 0 obj<</D[652 0 R/XYZ 0 692 0]>>endobj
-410 0 obj<</D[652 0 R/XYZ 0 630 0]>>endobj
-411 0 obj<</D[658 0 R/XYZ 0 696 0]>>endobj
-412 0 obj<</D[660 0 R/XYZ 0 696 0]>>endobj
-413 0 obj<</D[662 0 R/XYZ 0 639 0]>>endobj
-414 0 obj<</D[662 0 R/XYZ 0 498 0]>>endobj
-415 0 obj<</D[662 0 R/XYZ 0 198 0]>>endobj
-416 0 obj<</D[662 0 R/XYZ 0 165 0]>>endobj
-417 0 obj<</D[664 0 R/XYZ 0 734 0]>>endobj
-418 0 obj<</D[664 0 R/XYZ 0 596 0]>>endobj
-419 0 obj<</D[664 0 R/XYZ 0 485 0]>>endobj
-420 0 obj<</D[664 0 R/XYZ 0 451 0]>>endobj
-421 0 obj<</D[664 0 R/XYZ 0 366 0]>>endobj
-422 0 obj<</D[664 0 R/XYZ 0 229 0]>>endobj
-423 0 obj<</D[666 0 R/XYZ 0 489 0]>>endobj
-424 0 obj<</D[668 0 R/XYZ 0 696 0]>>endobj
-425 0 obj<</D[668 0 R/XYZ 0 568 0]>>endobj
-426 0 obj<</D[670 0 R/XYZ 0 718 0]>>endobj
-427 0 obj<</D[554 0 R/XYZ 0 705 0]>>endobj
-428 0 obj<</D[554 0 R/XYZ 0 630 0]>>endobj
-429 0 obj<</D[554 0 R/XYZ 0 571 0]>>endobj
-430 0 obj<</D[554 0 R/XYZ 0 513 0]>>endobj
-431 0 obj<</D[554 0 R/XYZ 0 455 0]>>endobj
-432 0 obj<</D[554 0 R/XYZ 0 383 0]>>endobj
-433 0 obj<</D[554 0 R/XYZ 0 325 0]>>endobj
-434 0 obj<</D[554 0 R/XYZ 0 266 0]>>endobj
-435 0 obj<</D[554 0 R/XYZ 0 208 0]>>endobj
-436 0 obj<</D[554 0 R/XYZ 0 149 0]>>endobj
-437 0 obj<</D[556 0 R/XYZ 0 734 0]>>endobj
-438 0 obj<</D[532 0 R/XYZ 0 201 0]>>endobj
-439 0 obj<</D[556 0 R/XYZ 0 675 0]>>endobj
-440 0 obj<</D[556 0 R/XYZ 0 617 0]>>endobj
-441 0 obj<</D[556 0 R/XYZ 0 558 0]>>endobj
-442 0 obj<</D[556 0 R/XYZ 0 500 0]>>endobj
-443 0 obj<</D[556 0 R/XYZ 0 428 0]>>endobj
-444 0 obj<</D[556 0 R/XYZ 0 370 0]>>endobj
-445 0 obj<</D[556 0 R/XYZ 0 220 0]>>endobj
-446 0 obj<</D[534 0 R/XYZ 0 705 0]>>endobj
-447 0 obj<</D[524 0 R/XYZ 0 696 0]>>endobj
-448 0 obj<</D[558 0 R/XYZ 0 441 0]>>endobj
-449 0 obj<</D[560 0 R/XYZ 0 734 0]>>endobj
-450 0 obj<</D[562 0 R/XYZ 0 696 0]>>endobj
-451 0 obj<</D[562 0 R/XYZ 0 423 0]>>endobj
-452 0 obj<</D[562 0 R/XYZ 0 259 0]>>endobj
-453 0 obj<</D[564 0 R/XYZ 0 652 0]>>endobj
-454 0 obj<</D[564 0 R/XYZ 0 240 0]>>endobj
-455 0 obj<</D[566 0 R/XYZ 0 665 0]>>endobj
-456 0 obj<</D[536 0 R/XYZ 0 696 0]>>endobj
-457 0 obj<</D[568 0 R/XYZ 0 696 0]>>endobj
-458 0 obj<</D[568 0 R/XYZ 0 595 0]>>endobj
-459 0 obj<</D[568 0 R/XYZ 0 216 0]>>endobj
-460 0 obj<</D[570 0 R/XYZ 0 692 0]>>endobj
-461 0 obj<</D[570 0 R/XYZ 0 458 0]>>endobj
-462 0 obj<</D[572 0 R/XYZ 0 734 0]>>endobj
-463 0 obj<</D[572 0 R/XYZ 0 566 0]>>endobj
-464 0 obj<</D[572 0 R/XYZ 0 438 0]>>endobj
-465 0 obj<</D[572 0 R/XYZ 0 178 0]>>endobj
-466 0 obj<</D[536 0 R/XYZ 0 529 0]>>endobj
-467 0 obj<</D[580 0 R/XYZ 0 696 0]>>endobj
-468 0 obj<</D[582 0 R/XYZ 0 626 0]>>endobj
-469 0 obj<</D[582 0 R/XYZ 0 516 0]>>endobj
-470 0 obj<</D[536 0 R/XYZ 0 335 0]>>endobj
-471 0 obj<</D[582 0 R/XYZ 0 394 0]>>endobj
-472 0 obj<</D[582 0 R/XYZ 0 360 0]>>endobj
-473 0 obj<</D[584 0 R/XYZ 0 718 0]>>endobj
-474 0 obj<</D[584 0 R/XYZ 0 688 0]>>endobj
-475 0 obj<</D[584 0 R/XYZ 0 515 0]>>endobj
-476 0 obj<</D[584 0 R/XYZ 0 235 0]>>endobj
-477 0 obj<</D[584 0 R/XYZ 0 205 0]>>endobj
-478 0 obj<</D[584 0 R/XYZ 0 151 0]>>endobj
-479 0 obj<</D[586 0 R/XYZ 0 734 0]>>endobj
-480 0 obj<</D[586 0 R/XYZ 0 665 0]>>endobj
-481 0 obj<</D[586 0 R/XYZ 0 611 0]>>endobj
-482 0 obj<</D[526 0 R/XYZ 0 734 0]>>endobj
-483 0 obj<</D[586 0 R/XYZ 0 411 0]>>endobj
-484 0 obj<</D[586 0 R/XYZ 0 356 0]>>endobj
-485 0 obj<</D[586 0 R/XYZ 0 235 0]>>endobj
-486 0 obj<</D[586 0 R/XYZ 0 141 0]>>endobj
-487 0 obj<</D[588 0 R/XYZ 0 734 0]>>endobj
-488 0 obj<</D[538 0 R/XYZ 0 734 0]>>endobj
-489 0 obj<</D[588 0 R/XYZ 0 639 0]>>endobj
-490 0 obj<</D[588 0 R/XYZ 0 465 0]>>endobj
-491 0 obj<</D[588 0 R/XYZ 0 265 0]>>endobj
-492 0 obj<</D[588 0 R/XYZ 0 197 0]>>endobj
-493 0 obj<</D[538 0 R/XYZ 0 434 0]>>endobj
-494 0 obj<</D[590 0 R/XYZ 0 665 0]>>endobj
-495 0 obj<</D[590 0 R/XYZ 0 518 0]>>endobj
-496 0 obj<</D[590 0 R/XYZ 0 279 0]>>endobj
-497 0 obj<</D[536 0 R/XYZ 0 734 0]>>endobj
-498 0 obj<</D[548 0 R/XYZ 0 734 0]>>endobj
-499 0 obj<</D[540 0 R/XYZ 0 734 0]>>endobj
-500 0 obj<</D[552 0 R/XYZ 0 734 0]>>endobj
-501 0 obj<</D[532 0 R/XYZ 0 734 0]>>endobj
-502 0 obj<</D[580 0 R/XYZ 0 734 0]>>endobj
-503 0 obj<</D[562 0 R/XYZ 0 734 0]>>endobj
-504 0 obj<</D[648 0 R/XYZ 0 734 0]>>endobj
-505 0 obj<</D[668 0 R/XYZ 0 734 0]>>endobj
-506 0 obj<</D[660 0 R/XYZ 0 734 0]>>endobj
-507 0 obj<</D[524 0 R/XYZ 0 734 0]>>endobj
-508 0 obj<</D[524 0 R/XYZ 0 734 0]>>endobj
-509 0 obj<</D[670 0 R/XYZ 0 718 0]>>endobj
-510 0 obj<</D[576 0 R/XYZ 0 734 0]>>endobj
-511 0 obj<</D[568 0 R/XYZ 0 734 0]>>endobj
-512 0 obj<</D[658 0 R/XYZ 0 734 0]>>endobj
-513 0 obj<</Type/Pages/Count 80/Kids[514 0 R
-516 0 R
-518 0 R
-520 0 R
-522 0 R
-524 0 R
-526 0 R
-528 0 R
-530 0 R
-532 0 R
-534 0 R
-536 0 R
-538 0 R
-540 0 R
-542 0 R
-544 0 R
-546 0 R
-548 0 R
-550 0 R
-552 0 R
-554 0 R
-556 0 R
-558 0 R
-560 0 R
-562 0 R
-564 0 R
-566 0 R
-568 0 R
-570 0 R
-572 0 R
-574 0 R
-576 0 R
-578 0 R
-580 0 R
-582 0 R
-584 0 R
-586 0 R
-588 0 R
-590 0 R
-592 0 R
-594 0 R
-596 0 R
-598 0 R
-600 0 R
-602 0 R
-604 0 R
-606 0 R
-608 0 R
-610 0 R
-612 0 R
-614 0 R
-616 0 R
-618 0 R
-620 0 R
-622 0 R
-624 0 R
-626 0 R
-628 0 R
-630 0 R
-632 0 R
-634 0 R
-636 0 R
-638 0 R
-640 0 R
-642 0 R
-644 0 R
-646 0 R
-648 0 R
-650 0 R
-652 0 R
-654 0 R
-656 0 R
-658 0 R
-660 0 R
-662 0 R
-664 0 R
-666 0 R
-668 0 R
-670 0 R
-672 0 R
+300 0 R
+302 0 R
+304 0 R
+306 0 R]endobj
+308 0 obj<</Dests 309 0 R>>endobj
+309 0 obj<</Kids[310 0 R]>>endobj
+310 0 obj<</Limits[(aen1008)(wins)]/Names[(aen1008)311 0 R(aen1019)312 0 R(aen103)313 0 R(aen1040)314 0 R(aen1053)315 0 R(aen1100)316 0 R(aen1127)317 0 R(aen1138)318 0 R(aen1177)319 0 R(aen1208)320 0 R(aen128)321 0 R(aen1365)322 0 R(aen1388)323 0 R(aen1399)324 0 R(aen1445)325 0 R(aen151)326 0 R(aen1571)327 0 R(aen1574)328 0 R(aen1588)329 0 R(aen159)330 0 R(aen1649)331 0 R(aen1688)332 0 R(aen1693)333 0 R(aen1704)334 0 R(aen1744)335 0 R(aen1755)336 0 R(aen179)337 0 R(aen1799)338 0 R(aen181)339 0 R(aen1819)340 0 R(aen184)341 0 R(aen1842)342 0 R(aen1854)343 0 R(aen188)344 0 R(aen1898)345 0 R(aen1939)346 0 R(aen1943)347 0 R(aen1962)348 0 R(aen1973)349 0 R(aen1977)350 0 R(aen1988)351 0 R(aen2001)352 0 R(aen2003)353 0 R(aen2006)354 0 R(aen2025)355 0 R(aen2027)356 0 R(aen2030)357 0 R(aen2054)358 0 R(aen2056)359 0 R(aen2063)360 0 R(aen2071)361 0 R(aen2075)362 0 R(aen2102)363 0 R(aen2130)364 0 R(aen2134)365 0 R(aen2165)366 0 R(aen2193)367 0 R(aen2232)368 0 R(aen2240)369 0 R(aen2259)370 0 R(aen2267)371 0 R(aen2275)372 0 R(aen2294)373 0 R(aen2306)374 0 R(aen2316)375 0 R(aen2327)376 0 R(aen2335)377 0 R(aen2339)378 0 R(aen2346)379 0 R(aen2359)380 0 R(aen2363)381 0 R(aen2370)382 0 R(aen2382)383 0 R(aen2386)384 0 R(aen2390)385 0 R(aen24)386 0 R(aen2425)387 0 R(aen2460)388 0 R(aen2468)389 0 R(aen2519)390 0 R(aen2550)391 0 R(aen2562)392 0 R(aen2568)393 0 R(aen2603)394 0 R(aen2623)395 0 R(aen2627)396 0 R(aen2638)397 0 R(aen2654)398 0 R(aen2656)399 0 R(aen2699)400 0 R(aen2709)401 0 R(aen2716)402 0 R(aen2724)403 0 R(aen2726)404 0 R(aen2761)405 0 R(aen2812)406 0 R(aen2815)407 0 R(aen2829)408 0 R(aen284)409 0 R(aen2847)410 0 R(aen288)411 0 R(aen2896)412 0 R(aen2899)413 0 R(aen2925)414 0 R(aen2959)415 0 R(aen2962)416 0 R(aen3033)417 0 R(aen3054)418 0 R(aen3071)419 0 R(aen3075)420 0 R(aen3086)421 0 R(aen3088)422 0 R(aen3091)423 0 R(aen3095)424 0 R(aen3098)425 0 R(aen3100)426 0 R(aen3103)427 0 R(aen3107)428 0 R(aen3121)429 0 R(aen3147)430 0 R(aen3151)431 0 R(aen3162)432 0 R(aen317)433 0 R(aen320)434 0 R(aen3225)435 0 R(aen3228)436 0 R(aen323)437 0 R(aen326)438 0 R(aen329)439 0 R(aen332)440 0 R(aen335)441 0 R(aen338)442 0 R(aen341)443 0 R(aen344)444 0 R(aen347)445 0 R(aen35)446 0 R(aen350)447 0 R(aen353)448 0 R(aen356)449 0 R(aen359)450 0 R(aen362)451 0 R(aen365)452 0 R(aen371)453 0 R(aen39)454 0 R(aen4)455 0 R(aen406)456 0 R(aen420)457 0 R(aen451)458 0 R(aen472)459 0 R(aen484)460 0 R(aen495)461 0 R(aen515)462 0 R(aen530)463 0 R(aen54)464 0 R(aen540)465 0 R(aen544)466 0 R(aen552)467 0 R(aen557)468 0 R(aen563)469 0 R(aen571)470 0 R(aen575)471 0 R(aen579)472 0 R(aen584)473 0 R(aen65)474 0 R(aen652)475 0 R(aen688)476 0 R(aen695)477 0 R(aen70)478 0 R(aen702)479 0 R(aen704)480 0 R(aen717)481 0 R(aen719)482 0 R(aen739)483 0 R(aen775)484 0 R(aen777)485 0 R(aen780)486 0 R(aen783)487 0 R(aen786)488 0 R(aen789)489 0 R(aen8)490 0 R(aen814)491 0 R(aen817)492 0 R(aen832)493 0 R(aen843)494 0 R(aen850)495 0 R(aen86)496 0 R(aen861)497 0 R(aen884)498 0 R(aen911)499 0 R(aen918)500 0 R(aen92)501 0 R(aen941)502 0 R(aen960)503 0 R(aen987)504 0 R(architecture)505 0 R(codingsuggestions)506 0 R(debug)507 0 R(internals)508 0 R(netbios)509 0 R(ntdomain)510 0 R(parsing)511 0 R(printing)512 0 R(pwencrypt)513 0 R(rpc-plugin)514 0 R(sam)515 0 R(samba-developers-guide)516 0 R(samba-developers-guide.html)517 0 R(smbpasswdfileformat)518 0 R(tracing)519 0 R(unix-smb)520 0 R(wins)521 0 R]>>endobj
+311 0 obj<</D[601 0 R/XYZ 0 734 0]>>endobj
+312 0 obj<</D[601 0 R/XYZ 0 639 0]>>endobj
+313 0 obj<</D[549 0 R/XYZ 0 696 0]>>endobj
+314 0 obj<</D[601 0 R/XYZ 0 439 0]>>endobj
+315 0 obj<</D[601 0 R/XYZ 0 292 0]>>endobj
+316 0 obj<</D[603 0 R/XYZ 0 626 0]>>endobj
+317 0 obj<</D[603 0 R/XYZ 0 345 0]>>endobj
+318 0 obj<</D[603 0 R/XYZ 0 251 0]>>endobj
+319 0 obj<</D[605 0 R/XYZ 0 639 0]>>endobj
+320 0 obj<</D[605 0 R/XYZ 0 413 0]>>endobj
+321 0 obj<</D[551 0 R/XYZ 0 734 0]>>endobj
+322 0 obj<</D[609 0 R/XYZ 0 679 0]>>endobj
+323 0 obj<</D[609 0 R/XYZ 0 438 0]>>endobj
+324 0 obj<</D[609 0 R/XYZ 0 344 0]>>endobj
+325 0 obj<</D[611 0 R/XYZ 0 639 0]>>endobj
+326 0 obj<</D[553 0 R/XYZ 0 734 0]>>endobj
+327 0 obj<</D[613 0 R/XYZ 0 428 0]>>endobj
+328 0 obj<</D[613 0 R/XYZ 0 366 0]>>endobj
+329 0 obj<</D[615 0 R/XYZ 0 567 0]>>endobj
+330 0 obj<</D[553 0 R/XYZ 0 514 0]>>endobj
+331 0 obj<</D[619 0 R/XYZ 0 734 0]>>endobj
+332 0 obj<</D[619 0 R/XYZ 0 467 0]>>endobj
+333 0 obj<</D[619 0 R/XYZ 0 378 0]>>endobj
+334 0 obj<</D[619 0 R/XYZ 0 283 0]>>endobj
+335 0 obj<</D[621 0 R/XYZ 0 639 0]>>endobj
+336 0 obj<</D[621 0 R/XYZ 0 545 0]>>endobj
+337 0 obj<</D[555 0 R/XYZ 0 734 0]>>endobj
+338 0 obj<</D[621 0 R/XYZ 0 213 0]>>endobj
+339 0 obj<</D[555 0 R/XYZ 0 700 0]>>endobj
+340 0 obj<</D[623 0 R/XYZ 0 705 0]>>endobj
+341 0 obj<</D[555 0 R/XYZ 0 602 0]>>endobj
+342 0 obj<</D[623 0 R/XYZ 0 531 0]>>endobj
+343 0 obj<</D[623 0 R/XYZ 0 407 0]>>endobj
+344 0 obj<</D[555 0 R/XYZ 0 491 0]>>endobj
+345 0 obj<</D[625 0 R/XYZ 0 548 0]>>endobj
+346 0 obj<</D[625 0 R/XYZ 0 140 0]>>endobj
+347 0 obj<</D[627 0 R/XYZ 0 734 0]>>endobj
+348 0 obj<</D[627 0 R/XYZ 0 586 0]>>endobj
+349 0 obj<</D[627 0 R/XYZ 0 492 0]>>endobj
+350 0 obj<</D[627 0 R/XYZ 0 433 0]>>endobj
+351 0 obj<</D[627 0 R/XYZ 0 339 0]>>endobj
+352 0 obj<</D[627 0 R/XYZ 0 145 0]>>endobj
+353 0 obj<</D[627 0 R/XYZ 0 115 0]>>endobj
+354 0 obj<</D[629 0 R/XYZ 0 734 0]>>endobj
+355 0 obj<</D[629 0 R/XYZ 0 586 0]>>endobj
+356 0 obj<</D[629 0 R/XYZ 0 556 0]>>endobj
+357 0 obj<</D[629 0 R/XYZ 0 501 0]>>endobj
+358 0 obj<</D[629 0 R/XYZ 0 301 0]>>endobj
+359 0 obj<</D[629 0 R/XYZ 0 271 0]>>endobj
+360 0 obj<</D[629 0 R/XYZ 0 203 0]>>endobj
+361 0 obj<</D[631 0 R/XYZ 0 734 0]>>endobj
+362 0 obj<</D[631 0 R/XYZ 0 675 0]>>endobj
+363 0 obj<</D[631 0 R/XYZ 0 475 0]>>endobj
+364 0 obj<</D[631 0 R/XYZ 0 249 0]>>endobj
+365 0 obj<</D[631 0 R/XYZ 0 190 0]>>endobj
+366 0 obj<</D[633 0 R/XYZ 0 639 0]>>endobj
+367 0 obj<</D[633 0 R/XYZ 0 413 0]>>endobj
+368 0 obj<</D[635 0 R/XYZ 0 665 0]>>endobj
+369 0 obj<</D[635 0 R/XYZ 0 515 0]>>endobj
+370 0 obj<</D[635 0 R/XYZ 0 367 0]>>endobj
+371 0 obj<</D[635 0 R/XYZ 0 273 0]>>endobj
+372 0 obj<</D[635 0 R/XYZ 0 135 0]>>endobj
+373 0 obj<</D[637 0 R/XYZ 0 652 0]>>endobj
+374 0 obj<</D[637 0 R/XYZ 0 531 0]>>endobj
+375 0 obj<</D[637 0 R/XYZ 0 354 0]>>endobj
+376 0 obj<</D[637 0 R/XYZ 0 260 0]>>endobj
+377 0 obj<</D[637 0 R/XYZ 0 165 0]>>endobj
+378 0 obj<</D[639 0 R/XYZ 0 734 0]>>endobj
+379 0 obj<</D[639 0 R/XYZ 0 665 0]>>endobj
+380 0 obj<</D[639 0 R/XYZ 0 353 0]>>endobj
+381 0 obj<</D[639 0 R/XYZ 0 281 0]>>endobj
+382 0 obj<</D[639 0 R/XYZ 0 213 0]>>endobj
+383 0 obj<</D[641 0 R/XYZ 0 734 0]>>endobj
+384 0 obj<</D[641 0 R/XYZ 0 658 0]>>endobj
+385 0 obj<</D[641 0 R/XYZ 0 600 0]>>endobj
+386 0 obj<</D[541 0 R/XYZ 0 672 0]>>endobj
+387 0 obj<</D[641 0 R/XYZ 0 347 0]>>endobj
+388 0 obj<</D[643 0 R/XYZ 0 734 0]>>endobj
+389 0 obj<</D[643 0 R/XYZ 0 622 0]>>endobj
+390 0 obj<</D[643 0 R/XYZ 0 264 0]>>endobj
+391 0 obj<</D[645 0 R/XYZ 0 705 0]>>endobj
+392 0 obj<</D[645 0 R/XYZ 0 577 0]>>endobj
+393 0 obj<</D[645 0 R/XYZ 0 492 0]>>endobj
+394 0 obj<</D[645 0 R/XYZ 0 239 0]>>endobj
+395 0 obj<</D[647 0 R/XYZ 0 734 0]>>endobj
+396 0 obj<</D[647 0 R/XYZ 0 675 0]>>endobj
+397 0 obj<</D[647 0 R/XYZ 0 581 0]>>endobj
+398 0 obj<</D[647 0 R/XYZ 0 433 0]>>endobj
+399 0 obj<</D[647 0 R/XYZ 0 400 0]>>endobj
+400 0 obj<</D[649 0 R/XYZ 0 734 0]>>endobj
+401 0 obj<</D[649 0 R/XYZ 0 385 0]>>endobj
+402 0 obj<</D[649 0 R/XYZ 0 128 0]>>endobj
+403 0 obj<</D[651 0 R/XYZ 0 633 0]>>endobj
+404 0 obj<</D[651 0 R/XYZ 0 603 0]>>endobj
+405 0 obj<</D[651 0 R/XYZ 0 351 0]>>endobj
+406 0 obj<</D[653 0 R/XYZ 0 665 0]>>endobj
+407 0 obj<</D[653 0 R/XYZ 0 594 0]>>endobj
+408 0 obj<</D[653 0 R/XYZ 0 407 0]>>endobj
+409 0 obj<</D[561 0 R/XYZ 0 696 0]>>endobj
+410 0 obj<</D[653 0 R/XYZ 0 141 0]>>endobj
+411 0 obj<</D[561 0 R/XYZ 0 568 0]>>endobj
+412 0 obj<</D[657 0 R/XYZ 0 696 0]>>endobj
+413 0 obj<</D[657 0 R/XYZ 0 621 0]>>endobj
+414 0 obj<</D[657 0 R/XYZ 0 361 0]>>endobj
+415 0 obj<</D[661 0 R/XYZ 0 692 0]>>endobj
+416 0 obj<</D[661 0 R/XYZ 0 630 0]>>endobj
+417 0 obj<</D[667 0 R/XYZ 0 696 0]>>endobj
+418 0 obj<</D[669 0 R/XYZ 0 696 0]>>endobj
+419 0 obj<</D[671 0 R/XYZ 0 639 0]>>endobj
+420 0 obj<</D[671 0 R/XYZ 0 498 0]>>endobj
+421 0 obj<</D[671 0 R/XYZ 0 198 0]>>endobj
+422 0 obj<</D[671 0 R/XYZ 0 165 0]>>endobj
+423 0 obj<</D[673 0 R/XYZ 0 734 0]>>endobj
+424 0 obj<</D[673 0 R/XYZ 0 596 0]>>endobj
+425 0 obj<</D[673 0 R/XYZ 0 485 0]>>endobj
+426 0 obj<</D[673 0 R/XYZ 0 451 0]>>endobj
+427 0 obj<</D[673 0 R/XYZ 0 366 0]>>endobj
+428 0 obj<</D[673 0 R/XYZ 0 229 0]>>endobj
+429 0 obj<</D[675 0 R/XYZ 0 489 0]>>endobj
+430 0 obj<</D[677 0 R/XYZ 0 696 0]>>endobj
+431 0 obj<</D[677 0 R/XYZ 0 568 0]>>endobj
+432 0 obj<</D[679 0 R/XYZ 0 718 0]>>endobj
+433 0 obj<</D[563 0 R/XYZ 0 705 0]>>endobj
+434 0 obj<</D[563 0 R/XYZ 0 630 0]>>endobj
+435 0 obj<</D[683 0 R/XYZ 0 696 0]>>endobj
+436 0 obj<</D[683 0 R/XYZ 0 595 0]>>endobj
+437 0 obj<</D[563 0 R/XYZ 0 571 0]>>endobj
+438 0 obj<</D[563 0 R/XYZ 0 513 0]>>endobj
+439 0 obj<</D[563 0 R/XYZ 0 455 0]>>endobj
+440 0 obj<</D[563 0 R/XYZ 0 383 0]>>endobj
+441 0 obj<</D[563 0 R/XYZ 0 325 0]>>endobj
+442 0 obj<</D[563 0 R/XYZ 0 266 0]>>endobj
+443 0 obj<</D[563 0 R/XYZ 0 208 0]>>endobj
+444 0 obj<</D[563 0 R/XYZ 0 149 0]>>endobj
+445 0 obj<</D[565 0 R/XYZ 0 734 0]>>endobj
+446 0 obj<</D[541 0 R/XYZ 0 201 0]>>endobj
+447 0 obj<</D[565 0 R/XYZ 0 675 0]>>endobj
+448 0 obj<</D[565 0 R/XYZ 0 617 0]>>endobj
+449 0 obj<</D[565 0 R/XYZ 0 558 0]>>endobj
+450 0 obj<</D[565 0 R/XYZ 0 500 0]>>endobj
+451 0 obj<</D[565 0 R/XYZ 0 428 0]>>endobj
+452 0 obj<</D[565 0 R/XYZ 0 370 0]>>endobj
+453 0 obj<</D[565 0 R/XYZ 0 220 0]>>endobj
+454 0 obj<</D[543 0 R/XYZ 0 705 0]>>endobj
+455 0 obj<</D[533 0 R/XYZ 0 696 0]>>endobj
+456 0 obj<</D[567 0 R/XYZ 0 441 0]>>endobj
+457 0 obj<</D[569 0 R/XYZ 0 734 0]>>endobj
+458 0 obj<</D[571 0 R/XYZ 0 696 0]>>endobj
+459 0 obj<</D[571 0 R/XYZ 0 423 0]>>endobj
+460 0 obj<</D[571 0 R/XYZ 0 259 0]>>endobj
+461 0 obj<</D[573 0 R/XYZ 0 652 0]>>endobj
+462 0 obj<</D[573 0 R/XYZ 0 240 0]>>endobj
+463 0 obj<</D[575 0 R/XYZ 0 665 0]>>endobj
+464 0 obj<</D[545 0 R/XYZ 0 696 0]>>endobj
+465 0 obj<</D[577 0 R/XYZ 0 696 0]>>endobj
+466 0 obj<</D[577 0 R/XYZ 0 595 0]>>endobj
+467 0 obj<</D[577 0 R/XYZ 0 216 0]>>endobj
+468 0 obj<</D[579 0 R/XYZ 0 692 0]>>endobj
+469 0 obj<</D[579 0 R/XYZ 0 458 0]>>endobj
+470 0 obj<</D[581 0 R/XYZ 0 734 0]>>endobj
+471 0 obj<</D[581 0 R/XYZ 0 566 0]>>endobj
+472 0 obj<</D[581 0 R/XYZ 0 438 0]>>endobj
+473 0 obj<</D[581 0 R/XYZ 0 178 0]>>endobj
+474 0 obj<</D[545 0 R/XYZ 0 529 0]>>endobj
+475 0 obj<</D[589 0 R/XYZ 0 696 0]>>endobj
+476 0 obj<</D[591 0 R/XYZ 0 626 0]>>endobj
+477 0 obj<</D[591 0 R/XYZ 0 516 0]>>endobj
+478 0 obj<</D[545 0 R/XYZ 0 335 0]>>endobj
+479 0 obj<</D[591 0 R/XYZ 0 394 0]>>endobj
+480 0 obj<</D[591 0 R/XYZ 0 360 0]>>endobj
+481 0 obj<</D[593 0 R/XYZ 0 718 0]>>endobj
+482 0 obj<</D[593 0 R/XYZ 0 688 0]>>endobj
+483 0 obj<</D[593 0 R/XYZ 0 515 0]>>endobj
+484 0 obj<</D[593 0 R/XYZ 0 235 0]>>endobj
+485 0 obj<</D[593 0 R/XYZ 0 205 0]>>endobj
+486 0 obj<</D[593 0 R/XYZ 0 151 0]>>endobj
+487 0 obj<</D[595 0 R/XYZ 0 734 0]>>endobj
+488 0 obj<</D[595 0 R/XYZ 0 665 0]>>endobj
+489 0 obj<</D[595 0 R/XYZ 0 611 0]>>endobj
+490 0 obj<</D[535 0 R/XYZ 0 734 0]>>endobj
+491 0 obj<</D[595 0 R/XYZ 0 411 0]>>endobj
+492 0 obj<</D[595 0 R/XYZ 0 356 0]>>endobj
+493 0 obj<</D[595 0 R/XYZ 0 235 0]>>endobj
+494 0 obj<</D[595 0 R/XYZ 0 141 0]>>endobj
+495 0 obj<</D[597 0 R/XYZ 0 734 0]>>endobj
+496 0 obj<</D[547 0 R/XYZ 0 734 0]>>endobj
+497 0 obj<</D[597 0 R/XYZ 0 639 0]>>endobj
+498 0 obj<</D[597 0 R/XYZ 0 465 0]>>endobj
+499 0 obj<</D[597 0 R/XYZ 0 265 0]>>endobj
+500 0 obj<</D[597 0 R/XYZ 0 197 0]>>endobj
+501 0 obj<</D[547 0 R/XYZ 0 434 0]>>endobj
+502 0 obj<</D[599 0 R/XYZ 0 665 0]>>endobj
+503 0 obj<</D[599 0 R/XYZ 0 518 0]>>endobj
+504 0 obj<</D[599 0 R/XYZ 0 279 0]>>endobj
+505 0 obj<</D[545 0 R/XYZ 0 734 0]>>endobj
+506 0 obj<</D[557 0 R/XYZ 0 734 0]>>endobj
+507 0 obj<</D[549 0 R/XYZ 0 734 0]>>endobj
+508 0 obj<</D[561 0 R/XYZ 0 734 0]>>endobj
+509 0 obj<</D[541 0 R/XYZ 0 734 0]>>endobj
+510 0 obj<</D[589 0 R/XYZ 0 734 0]>>endobj
+511 0 obj<</D[571 0 R/XYZ 0 734 0]>>endobj
+512 0 obj<</D[657 0 R/XYZ 0 734 0]>>endobj
+513 0 obj<</D[677 0 R/XYZ 0 734 0]>>endobj
+514 0 obj<</D[683 0 R/XYZ 0 734 0]>>endobj
+515 0 obj<</D[669 0 R/XYZ 0 734 0]>>endobj
+516 0 obj<</D[533 0 R/XYZ 0 734 0]>>endobj
+517 0 obj<</D[533 0 R/XYZ 0 734 0]>>endobj
+518 0 obj<</D[679 0 R/XYZ 0 718 0]>>endobj
+519 0 obj<</D[585 0 R/XYZ 0 734 0]>>endobj
+520 0 obj<</D[577 0 R/XYZ 0 734 0]>>endobj
+521 0 obj<</D[667 0 R/XYZ 0 734 0]>>endobj
+522 0 obj<</Type/Pages/Count 81/Kids[523 0 R
+525 0 R
+527 0 R
+529 0 R
+531 0 R
+533 0 R
+535 0 R
+537 0 R
+539 0 R
+541 0 R
+543 0 R
+545 0 R
+547 0 R
+549 0 R
+551 0 R
+553 0 R
+555 0 R
+557 0 R
+559 0 R
+561 0 R
+563 0 R
+565 0 R
+567 0 R
+569 0 R
+571 0 R
+573 0 R
+575 0 R
+577 0 R
+579 0 R
+581 0 R
+583 0 R
+585 0 R
+587 0 R
+589 0 R
+591 0 R
+593 0 R
+595 0 R
+597 0 R
+599 0 R
+601 0 R
+603 0 R
+605 0 R
+607 0 R
+609 0 R
+611 0 R
+613 0 R
+615 0 R
+617 0 R
+619 0 R
+621 0 R
+623 0 R
+625 0 R
+627 0 R
+629 0 R
+631 0 R
+633 0 R
+635 0 R
+637 0 R
+639 0 R
+641 0 R
+643 0 R
+645 0 R
+647 0 R
+649 0 R
+651 0 R
+653 0 R
+655 0 R
+657 0 R
+659 0 R
+661 0 R
+663 0 R
+665 0 R
+667 0 R
+669 0 R
+671 0 R
+673 0 R
+675 0 R
+677 0 R
+679 0 R
+681 0 R
+683 0 R
 ]>>endobj
-514 0 obj<</Type/Page/Parent 513 0 R/Contents 515 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-515 0 obj<</Filter/FlateDecode/Length 93        >>stream
+523 0 obj<</Type/Page/Parent 522 0 R/Contents 524 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+524 0 obj<</Filter/FlateDecode/Length 93        >>stream
 x
+ä2T0BCs#c3…ä\.§.}7K#…�4CCK=ccS=3…�= D²F°£¯“£‚KjYjN~AjQ±‚{ifJªfH—kW SÙ?endstream
 endobj
-516 0 obj<</Type/Page/Parent 513 0 R/Contents 517 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 55 0 R>>endobj
-517 0 obj<</Filter/FlateDecode/Length 2523      >>stream
-x
Õ[moGþî_±S Rvö}?ú%Éh’ž¥ë§…l­m,)'¯zÍ¿ïCrfÈ]%H�ÃyÝHõèYÎ�É™Uþsæ’ÿ¹¤Î’¼Jn·gé<Å7ñ¯ëwôMR-þÞ&y;¯=xLgn“¶˜†3p›¸¬œ·†Ì+4/ç
­Ë¹ó€5‚iF‚ü$‘¬LÚb¦mR¤D1TÙäAO—ðz¸MÊÓ)g lh1¤rBç ®’ƒ-k(eXƒÁb¤�¬ÁÛ$ËÒynd-
KËŒIóÁ¼ƒÍëÁÈì÷²"eàˆŒÆe@N2�üî°ÒJŠ`YÍ«(È@=ç2G.Œ¤Å¶*1‚²2lA&}è°žk
-’‹œ�4kÈÈHRŒ”®6�À@Ás²ò‘3p›4%
9À,ŽéŠšLŒ¤�uP§2P#<ç«°"’,X´©:U@91K”´öc¶–5l�a|••IkŠVïò‚�Nê9—RÜ)i19�¬¬[Ð3Ë@‡õœ&’‡µ,"+ÖŽ“#´` Ãz®¡-¤œ�Ô‘ZJR€Eg4ç
�	×3(Sȃ<ŸB$-^„81_Z�ç"i1Ø¢‚ï
k0XhŽÅŒ²â¤].êÏÕ”R‹ÈH
-µä�HZL
-q„D–§ÌÛF—R@œ2pˆ¬%�d(Ä œÓ”´,V­1¢2%v^æœ�Né9™2r’ÖK-‹ºRV¦ÄºÅ]›3Ð)='sDÎ@š’Ò¤
-ZLSæp�²2eÙè~Ï蔞ãÅSÎ@še4¨
-pZ^” uCneÀ+¢�Ùç‘,Y0§ÑÎü$ô-¦ˆ¤:éD��
-zŽRO™ä‘¤a²–‚Íï;
$Çû.p¼ï”3‰¹Æ+g ­F
ó•äùªŠ
”	è|ž“	"g /YäyY"óå)ÍI^߬”„£XMh ÚŒ†<Ág A!¥¤
-õcœftPÏq`*g &¤
-«œ�d»4*f¦ÔgtBÏ5´ñ•3�©ÒphwÄ„ð,ÔA)3'MÇ“šÐ@t4?ÉÚ° ÊTŒàŒ�
-zÎaI¡j$9‚b‡Ò
O! 
-ŽvpƒœLOÆåË ÈO¨ CR•f”'U°’R/32PAÏQs�#)ªâKÊÿ"È@=çÐrˆzRgÌ¥ ‹ ôœC¶ˆzR‘,Ô9TÐs²½)­X礤P•�
-zÎÕTI]$ÙFœ(/ ³Ëè(Q±.ŠàRQÍFê"3ü™E$D»)R<S%•�ãÏQÈ3®Ê¡_¤X¨”ÚÄBü9
-yF–,R,„­L¾`!þ…<ã�OÐÐcD±ºÙèþ…<ã:Eêbyöú-pš,ïwHËeRÕE²\ó9_ß¾Z®n»d—\îw}·ëŸ~XþR%Z#’šy±YFb¯ç.Îé	ä„:£#"¾L®ºß»ÇýçîÀÂPµjõî¸Yw$�aŸ·�̧þãÄHl
-1²i`(U䑉ÎUÞÄe·Ú²Õ¼iŠbFp£7G×,Í’’(/ÙùÍSXÝö¼jͼ._˜òÁˆÑÿ3Òw–³ÂіˇÕç¾;°)hÇ΀nN_a1C<Þmv›~³ßÑ׸ hRytyrÞºÜ?ý±ë/ÞZð£å¼ÌZÿýχ}¿¿Ý?2�6„Âj·¦¯ÐúMÆXm9ÊQöQKý—×ÝÓþñÔ@ikª0ƇýºãÍ‚Ö)/þ‡mQ’*¯ßÆHÎPO±Ä1šÝÜû¦B}ï||³ŒöV/0ؤm6°#“5V;.®?�_]ž/–äÜUäÑ»vEóy>Ý~SrßЖ|lËÇ‹�€‡´©ÃB™ÀÌæ(=òýh£<;¬$ä4Û ÓPÈ…„ó­Mê0lÒÅj{³¢¡pƒçŠœç‡Û‡MßÝöÇo(t;“g¬z´ÇœKuƒaaÆ‹ù~×öëãmÜù/+å²93œZÍöÂQolŇãc¿éÝj½ÙÝóÓê‘ø$èБä¾&º¢8ü„ÍøÜá)ÖQÏjÓ ²ìؾ¥5
½qróÓöF<Ž‡>•?·ãùÄ(\m*þ²M»—gSC!5;±©Û´»ÙÊràôËøU÷´¹ßqöÀ¥AëËðØm“`¶Ë6Ðh4¾›}t†Ü¸|�žç§X
žb¾DISG¼¹ø×;ò�žKž¾<õ÷«((qƒ>«;ZRÊ4&®€B��CÔx™?vÿ%‰,Ÿ—.4kŸŽýç£4®ÖæÅ—]¿úƒí
Î3Ü×<«uÃÉØÖ™ÜåORª_VÜz5e(xW´€¿¾úõ^D“†>¬nû`d3e	q)©1sݱ]ï¤TÛSûί®‚‰¨;uRm´R^N‘lŸ�°hõж¯¤ÖoØöÓ/?Û¨	-B5´¶¥¥ßÙøù£hÜ°b‹ý•Ý÷ö¸ã†Ï)¸Îò’f�œ
«zÐU“U’Uð†$ôŒÉúæ¾ïþèÃ
-á}Æ”;É,ø·��´12âa}6ÐÕË1b¬ ·Z&óá)G˜5ânØ®úßÖÝÍñþ7»&ÓToÑÜÖi\=R{õ½cŒÏ¡T_îC{ŒÛñ6^,Ž÷÷Ý�xûàvòó›Ë%�ãm8�F¿g§ÏÁNmîíq
G�î°[=JŽÀíKL7¾ÁK
ž!M8½JÀ‘•®Èäf	©®LÃü8è<úó’GÑN}ãÆͲó8¥­ÙØù&}ejðÝ ÍãTXMQ‡MfÄGodÛjR	)ŬWXŽ<\!ÔñÚm³£8Ç;kí’o¾ôÝþ°îóâð²¨-§\HÇw(³vÐt�…§ìò—sô7Ç»?K¬é‡Y¸©úì¹PÐ}ØS�ò§…ëç¿�ò§k1pý�¿¯Åýx5IýõŽwh¯ÙoGOŠíâïãx©3¶Sxª¼ôzF=Ê7WO4+±Ï¡˜¯¾êúÅxÇÒÉi2íCàÐKîQäÔ'ê“óOÔÇ[ù	õ�¾?I—͉ú‹Aä›M;ÉÙ%xE‹ZËpýA�Óžª>ˆ{U½á·SDOT¿êîRVž^vù°HØï7ª=׸gVÞùK`üqìv´´�ªCÞ¨>I¢�Ê�ÆIyµš_‚Ý7ø	ÃT{5¨ž6ã
-…È»ýzî^ù	ódT½äØõR`‡®ø^ƒ†~´úìt‡†cÕ¥¼Ux^UŸn«¾~‹6ÉO1ð9\–U5ý�?üÃüÀ$‰?(ÉSü
ÜÎê´¥'7`o–gÿ<ûá¿ñ'endstream
-endobj
-518 0 obj<</Type/Page/Parent 513 0 R/Contents 519 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 100 0 R>>endobj
-519 0 obj<</Filter/FlateDecode/Length 3034      >>stream
-x
Í[MsG½ëWÌm½ÑÓ=ßGYŽUɶlʵgš¢c®EŽ–Nüï÷
èn`†Êjw«L*©Jøøˆn �Ð=£�¹,Ç¿.k|VÔÙ|u–Or|“þóñWú&«Ëÿ]eE7q
ÜgÓ3WY•8WY[M
-#èÓ˜®È'­!‹š&,*|‰Aý¤
-€&4p•5ͤ3œ�«Ì¹nÒÒb°§´¬Á`?¸*I!ï'5jZR–
)d a	†M¤æ¾Œ‚T0pÎ9L¤Å4lK
-$–¨êj¬aX 
i�"åªL91¨wÒb°e…åSQŠ�ªîØ%ìt
4£�!”ãˆr�ƒÂʈù\�PÒbZ€3++PÕ쉊�.@àÚ–¦Lœ�´-@"ÙYUY¨³$gEÎÁ¿Ð•I¤Å¤k9d
¬¬LŠ°!Wr,UtÒÀ…IiqšTY™4ÊV
vŸì^eÞ5´IVT—´ßE%ªRà\î(Fi1Tª6‘a
Û•pž²âÑœÜCš
M*2"A9Úše—ëÖ�”�œÃ$Òb¨SQlª(…{Y—ìŽo
$h`wå8Ü£\WA)åÄ|y3 -ëÈHµlɺ²vl‰Á`›ÞTY^Øæ‘7y%�¤�¤RG*ñ/ÙNÊÂeѨG¨`à\^"ï+)3zòoœ‘�
-Y¶ÌÊÄm<íC%ePÎ’qP:hà$ËD²`ÑQ‚’`ä:
-WåDÑ–Ö­` r�k¨"*g ¬€­!eP$¾å4pœÛ•3�–ÆÓ IP­Z]ï‚�¸¦ÀO”3�4¥`WRE ÊÅqR0ÐA×Q}VÎ@Z64h¤]U .§FB�É»*r¼�”3p•a«c¹y’3�V†‚FI‹Ábâü$j1Ø–Ê¡Ê’®ÖP³r’®‘cå”3p•Õ-tUÎ@Ì—SH*i1Ø2G4*Ëîðˆ­ä
¤{'r²‹
IùÑ×Ò*p2@‚bFà"ü’GeÁª`gÉ/¨`àœ+H0‘¢*–,Ÿg ª®eg ¼L¥Yå¤µ©im’ ×+ï¥M¨¦�£$‹%O¤BýÔ�y*8WR()‚¹)Úž�
-Îa.D@"ym\+¥•ý& ­Mä8)g yŠ¶ª’ƒ…r�e
ÛRYƒ© ‚®,Ûé�'È•¼²’�‘sŽ‚YI‹Éa%FPV†­MÍvtØÀIh))‚H*Éa”aÊL‡x�:‰9´D©É¢&͹À¹Ü#–•´vÀ›X¼$j1ØÂÓ¤Êmæ@Ö`°8ºTFVFƒžZ0êÎs£pàh×ÂÛ‰´˜&¥.ðƒEvs–5˜b�ÚX••°ƒ4èÚ.¬Y"-Ƥ¾%…•5˜¦C›²<)wŠ!þøsš202C¢ĈðB•)§�f£‚¨œBp-µQ‰cEP!Ràñç¤H`dæDH“y˜¦œBšŒj¢r
-ᇂêRâX’Éü9)™9Qb2^qå’’|¼§áiHž¬’ëA'©„Š ÄÎL”�àpŠG›Åx@´«C<¦©Å
%)É%Êqj‰Z¢"KO먂óðü9M=QB]9…à�QYixòÕíÙË7¨Jyvû…—1Ç­ESf·w|—‚¯ç/ngŸïYÿ%»ì×»Åz·ýûí?!…�ïHêœVbçžÄ^\~�=ìú
J��Aî^dÕ„¾‚ˆÀélõyÆ?ª&8´‡o¯0Áf=»S`#˸Åñ˜
uÍÓ`hïd´1&ã]_¼£Ñ<îkªøÝÛÙzö»¨B«[–s£>v>|{qsŶ¡“ï&GýÇ54ÿ9åÂfd¬csqä!öÞÌ6³Õ«ÅK…ö-2GUy<Y0¡©à—�·ü�
»ýfÍ`½ð}v¿_°'Ñ×åí)ü`�r­ø„®&…pÖ¼ìïDïjÒ51Êç_á¦yظxÉ«ƒ;ÚTl'FFl³WíÌÇüì:ÒÄnièJŽ;‡ÿ°©kvkÚÔ·_£IyÛ„@Ý®>OæýúÍ€•÷qm¾,e
èÒ ¿>¦Ñã¹|.‹�’�^�ÏÑ‹µêóëÅŸËùìžäP0š"¤�ì)ìÇvÉ[w U\ ñ”ÇÅbà9î+l(“Y‡éå·Ùúî~¹þ�½†v#eÉž‰†»sEðð?¾.w‹íÃlÎÎGƒÐvGŽç`]·Ž=v˜xþÓ®—k‰h\¬'{©.×ûÙnÙsþBwZ¶¡Šü\�F;qλ°àØ´â¿Ò#ù<:òÃ~¹ù&A‹'mHU?פ8ºwjè%†Å[p¼é¦?Ö»ÙŸ¼ç‚âqŒgñÿ`·¿©’‡›ìâs¿ß±!ðB,ìTØ·“9�cÅ‘·Òp
½'5…¡åÐ{ª04ⵘëß-v¯®ÞOi0Ô€ÊÇD¹ä
DÙÍ£46Ü¢“�ëñi½dgSgW×1åô›û;^!|}øv¨úOF¾�•IÕÂáZÙT‹æ°Z ¹ÝôwûyÊ'uíh}ÄžsEFì¾O[jÐWNhËŸ“
“I°q’¶!�3È›Øyà²/…Ôû?Öh¦¿.8Hñ°ô¸ùoäƒM¸¶·µ
5glÖÍl»ý£ß܉k8�ž´«46ðG_ÒÒž×Ã"�]36亟½uO²çÇ£�CpÎ4QZam_/Ö?È`¤Êª‰‰ë-N	ìÔ<òz>¦ùŠ�ƒ§pÃ(‰\ͺÝÌîúžø8%ÔmÌñŸ®^³eHÔy}’ôaH«öN;¹›~Õ˜n$ÓÑe½_}l\e”±
<œæèßDo56»£6ý®Ÿ÷|>Áƒ™<•ÝË~õp�³ËŽ÷‡e<±Ý™PìôHáO5Á‹1™óxd±ÖnÓUžøÄ+…lûc»[¬(èqõ]¹pÓ�á8'·O	Çߟ>Ü
5ÝÓæGóßÝ’1x¢¡~~ݯfÒb
Üÿñæòo’„Ð=�üèíÃåƒvRx0oR+.Ç�ý¼;)¶ç»jdÄá
`Úï7óPžÁ
ˆìÅ‚ïAÎñÚ‹=c’ÏÒ—›ÅÝR.„é
Òó)ÕÁˆÆ$H\!�ãè]�‹®Ñx»)¦÷Wa'ÕE<•Lw4îûMè{ñP¬:íá3ˆ{™Ôƒ��‡1¦6žâ˜ô—õ$è/×£ìâņï[Ø[š§ím¹¯h©1¨x3ŠîãO«|ØèÁ„ÖppXz;E¹à2‰¨;<ë¿Ës¼Óã»xÕ‹¼Þ⺛~�‚Sûx±ôF9®ÛR{³|àË5¼Ób£eIÊxÍ4<Mu8$n�ÇM'µµÑ=qÊöàÉ«mÛÉœÃmôÛbvÌ=«\]ò%Ó9º™�„V�³µ½Ñ¼�-¹—Å››§½{$«•5Eý9Þ¸ä´Öf„ý„—¾ÒÓ WK©9°V†¾¤ñp$µ¬�þêbþ�~G›¨>Ê%ôÐø`7½Ü7Ž@9×[¾»½ž^�¶8Öã5Žp™÷ÿ§�Î'm”¡+¯F©RÎüÖÂ`ù6�¶Þ?,Ödôà"ি_Îå~k€×ö((Ú†§ƒí'ÿ§lû°_lØ
-z
;=ÿºZéÙbœ¡ÒÕÇÐâêèÝHåzÎ[å ù”­±
‘Ç\ø‹‰\#x�äT8<¶N/ Èù‹‹^Mú¹E.Zˆ·²Æ{QΊOYøh¤NóÍB.GN©r°rãHu9§XŠÀØž<¶
/ïû­<ÌÃòħÐGÙb�ORŠ9¸?Ä"†p†|šë¾ÿ¶ç»j¼œ©/L¯^O%×üÜP{ܤJŽŽã7X¸»’~ä)'ý…YÔ@ò6âÇjGé­…b×Ë7x”ßG”ø.~¯oGL/Þ¾ºÈ^/¾/îû\f¿î—ò2H�?ø(Q¤Î›¼£—–KrÎ/·gÎþ
1î)�endstream
-endobj
-520 0 obj<</Type/Page/Parent 513 0 R/Contents 521 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 145 0 R>>endobj
-521 0 obj<</Filter/FlateDecode/Length 3464      >>stream
-x
Í[ÛrI}÷WôÓÂ>Xôý²/ÆƱÆ0Hó@ÄF#·±Ií‘å!øû=™Y••-Ùà˜E¶™ÐéÓuÉKeeeõü¹—D1þK¢*�²2š.öâQŒ'ú×»Wô$*ó/¢¬%Ì£ñž�‹¨ˆœ�‹¨¬œ�‹(‰ëQj:µl�Ãf%M'+F5¦S¤£Â
šŽ�h˜4&¿I¤Å`³„º
¬Á`«aÇ/¢4®=[6mF¹é¹ÈiÂi:*1áªÆ¼ÐœÄ q:Êi1Xè
²r?,ŽÁ`ëjбÓLü  Žsƒ(i1º-2M`
&¶¡))˃M‰&nP
:¨çd�@ZŒn³lTE†5,t6`
Û˜Rh+Sª3v^ÖvÁ LÉqn
-JZŒnÓÞšZ¶Œa¸ÀÊ P¹¨Ê ê87ˆ’ë �•Iø¶e
-=Êòº(Š’ÝŒ‚Ô@RQ…wIþYäYp
a¶ŽK`hÿ&‘Ólsê–ßeÖ`°9[MYQQWau\¤[%-F·�º6¬(!©ØÜ"5êÖÀEÔÔ$ŠrR§<W%-[e¤÷ÀVüOY‘3ÎŒ+0r:FÉAéEâD§iAC*i1XŒaY2oâoè�žã1g 
I�*�ƒÍ+¬2Ãѽ4,%¯H@±¨Q<—$<(¿I¤Åè›M…¦ƒ-(RÖ`�RèY¦èæ”ÆäE¡­ÅˆçUŽµXÑoIJw«;gôë8Úbâ(�Òó¢�”ÃBÎ 4tœ“[Ii˜Q„÷
„†ŽK°õ@	JŠæy!zÍ3 †¼rÇAP­r€èÆqðhˆ¯œ�ÐkJ»h e¦IbIÎ ÌÔqd<èFI‹É\´ËÝfX¤ªr
ڭ礛@ZLÝ’�K‰MV%¬VÎdP¯Bsü9p"�ÄÔ%wBíÄxmú�´,\ 1,++hí`HŠO¨[]ì
-œ´ËY^ÜŽAhç8Þ˜3å¤©ZÙ_…¦ƒ­K8�a
ÆòI(«	¬Å`‘€!óÔI‰0ÐYZ¤f„q\�’ò”3J2Ò»’“0´QV†L$¿•!„!— LÀ(JZLƒÒ2¬Á4(ë(´5,46hk0Xv|Ó³Á¤AÊ�k1Xôýê¸",öTΞÙæ‚°Ž£TÝ*i1¦„~àö�5,’’²cJhe{¶˜Äa5jÏ´FÓJòX^”h¾º58^£¾/ÊÀˆ¹"¡®ÝÔ©Å$I�eš²úR„uO
ª>ÏÕ”/Î@²†µÉ"B2‰ÈÄ ˆè8‘I9±+”HŠSå¤ñª
i1XWLU›Z¶Ih®ÊŠR—e’ÿ¤‚ÇÙDàD§8ða¶ÚÐbš.O(°ƒE"iµ,/LÏ2]„N=¸%ƒ0]ÇQ.["VÑ›DZŒnq�“Ö`°Øï1%eeÐXr[()ƒ0¨ã�Ñ«r¢Sœ^áyJZ1lÀ®a;¶,6+<ôl0؆ÎJ†5«�jÒ¶,*�=)¥aQ¨¨žÃš«ø�³zyC§Lš|¾¦TJµ3ÓÁ¾ÔRâ¼E›¤¼É 4t\’ÐÆL'³Rj0i(¥ù(+Ý"‹%?‘n„nçºUÒbé6�q¨j*êÉ$Uõ0 Î@²„¬ô¢ÒCtŠì’()sEâE:—¹2su\cåhNoi1Íuƒ5˜MÇ®ÐVEÝ#ŒAÔq²z%Y
í¸ÎAø75c8;Z)M“ÎJqwµä—Ü
ÿÖ#e(¾bEhùŠSDµÄ3M•	éå>Ê„¹AÁ8}R×Ô��à8	\€àj²hà„âóž©Ë‹Gº]óo•×1RÚRŠa“Q�óomäN™”	óÃî‹@°\
’ÌEå‡(”îùdïÙKŠ4ÑäœÝ-F±¨Ê£É×ñxútÒ~šwQöËu·\_ýsò_´*0µÚ'/E³ý”š==¼h/×ÝŠÞ!Û�@'gO£fD�ÐDàé„!Â}Ú¸GGý¢�-é1Êfáñ»·‡OÜ�X)2$J8`h:ç£w,鞶7À‹ÉÉ›WoN©?”aÊ4sÄêrÊCc7n*÷l²j—Wítí/Ÿ¶‹îŒžbiIí^;»ìè!–mž¹é�võ§Hh¨ýG\(ÙJœ°ÌØz+/ôÉø€ç•�
-Uë»îÏëîŠEC NšÔ	
CÍçÝò3K‚T·ªv-Ɇ†ŠTÃF�nH–ÞI²ƒëõüq6m×,‚MS:é¸oU:‡Û{×ÐË–äC“ewlÜ­þrKæEzÛ^]}íWìŽXÅMâ=zܱu¤8�sÑ]Ë'ý™³ rÅ
Êzü‘oŽ^³¿bÙÖ~-žôŸû%=Å¡©®s±çýÈcGñ²!°nÊVÜ͈·Èv~þ„ËÅp)ªøÉhI£ñçõÁñÉøäÍäãÇÓôW¬Iî|Ðjng¿‹Bf�MtcÒÛ‘ð·ënõÍ)G#Î{Þ˜�8•.«£Cz�c¹‹£;“àû;ù¡M˜GíeËݾ»lP_,±7ò.øýñvÊ%«i¬0%‹bÜküîýø=ëå¥Â-öèonÇHõp×rŸ’•x$ÝF\²m»ä©ÓÈË2/éø¢]I*�ó¿¦#/–×öI”œ’{hÃ%œ|¨lH·í“7Jwã>öê=/Ï{–¨©ËP6æ²kXÔΖƒåWmzìáêÛåºÿ¼j//fœHR¥I-w5;sÆ£¼ò¹nÏuô°e»ô‡PÝÅCú;HÓL’3“}±ÄŽ„¼âç.p'}Šë��©q‹¾~ŽºóÙr¶Æt8/ÇGpþŸ;�¿cl'BE·Ë&€âždK‚·«~ÝOû9Y§”G1}¹hØQ¬Úa;o<ìËï5ë»Í6nòTF̾Þ\Bãã#v›¶KÎká~!8¾óï¡ÎQºíú¶Áïë¹·¼jCÈíuò¡›Ï÷¿,û¯K²*
-Y©?@ªPËtyï}	 ã”±Ä;z7$Ù^/·K�©”‚(n�J> Û‚"$YsúnIåFšºMGÚŧ–žáÊ+Éý©úíj†Sæò3TÀñ¾£²Z¶söf|7¡®«J¾‡eFózöR‹#ô’uNˆé|Óý>]­W®Ü�Íæ1o«(‘hÆ8&¤p~饰f�iìÏÃl–óv*•
,óÌš“ìÄYì—âûv5ë¯Ù‚¨ÿ…cÁóvú…‹ÊnVxOè–gü&T¼Ë=Ï)
‹a3ƒÜF0Ð
O37‹ÃÏ5�¯´|09z.u4: x߶j¿Ïß^:Ô 7\Õ¼€¨R¡Du|Äk¯
-õ�Ѓ�!ç3쇬#`tØN/ÜÚÅNÒ­’2v(WwAÅP+e”œ®-%<Ô=}•ñS�¥œkSÜIÞ¼.>Ì–gýW	6¶þs:y–þ›f†JZH1o“F4ʯãx¡®}Ú¯gçþÄ\W;Ý•D`±S”Ã)iøaÄ–@öÈýáøț£XKÃh�ÿ@§ä’6`gæÈ
ŸÞˆÖ*êaj®—ílÞû"!®|šÝF£;Æ/Z¸€EïdX‰íÆ°“9HáfL-øûå´_¸ÅL_^i�ÛDpZÑU;þvµîø�Í\û¸£ ÿïk%'òÖÆ(nè¡ŸÛlØxÜM¯W³µ¬?¦äBdèPô&߆®‚°O–ÝWzˆ‚^\øÊ´ò„bs¬ .JØßÊGðå'^>aŒÆk¤ÿí¼_²`°¬&RÑùª—Rö7­šü~zü‡¬ÂÚÙå6|»#T.†‡Û¨�/©†Âý
-Ùæ�$(i©àÆ’I0p¥¦×Mwô
ïXZÜôŸ"ÜË!×+»C¥llë'í·n%:ádõaLx»qGNºÑßD–.}íìÓƒËË9ÝBù
×oä”*‘›?¾•·‡qÄþiçï½Ä^Ã“h|¢ñ@»¥HTÉ%è°ÉÒÈjû‘4¯û³k·q:z²Ð
C×ÚH÷n²Š‘Ãf³jö‡ùá¬SŃ-Ö¶§]vÓY+u7ðÑE®QP\þ_µ‹ÿ\âÞóìQøä"Ëvš™zý9‰èë£�õãïc¬ÇÑ,[9>žj¢¡¶çGœj†›ÓënÑË=-‹`ŽvÙ~ÈjÇ·�¾æát�ÿz[¤ÉÀ½¤2¯9Äß8øs_Ù>²-¥â/Ì™@Ý)3–g2ã“vùº]òRAZõpùDŠ›‡ÚŸoøÊfð
ÔzKñb9¥«�°‡yf'¦®2À$È(ßÂa¶™"cCZ!ŠOu†¾ÇªbD˜}šCŠ��Z†Kí×^2t›Èžõ.ÝÇÜz4ãE‡Oêüš‹ðÕÇ—_H_(ÝÜSTÙ¶~xËá{Gþ§«<Çÿ¦É€ã[,l[Ï¢£î¯nÞ_"É‹^]»K±ߤ6äóUÜÐW[³ÙŒ„z1Ùûmï¿Èendstream
-endobj
-522 0 obj<</Type/Page/Parent 513 0 R/Contents 523 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 148 0 R>>endobj
-523 0 obj<</Filter/FlateDecode/Length 385       >>stream
-x
ÅSËr‚@¼ós4Ç}²ìQ�z‰©$ò¨Xš0bLåï3³"µ~A 
-ª»çÙ,_‰A·§@§°©�‚˜þñ±`RãéY�ö(;p„UÁ
-¬Å4Ò"X�÷¨#-‚Hé1‹Ä“ªÝ£aR3û¨F¸e$º¨²NyÍ)4nÖ^%‚8‡¾d-‚<�ä]BcLªÉ¸e¯Nòd4÷ ä;�–\´�:ù6˜Lôf�ëc	ͦM})ëKû”R–%g8kØ¥
§
¦ûât)ÏÃöS=*²Ð\ÈœLñμõ²¨™4�Ð]`Qo™SM¦:î5¹d‰òõV´íOs±†üp|T¸Ñ¬ÞœO—CJ�榟“‰ó4¯FÅ‘ô¾Í¤îmò}úз÷)Ûj}âV¡‘ÕhúF»Ãñn�-Ýñ.gxîÑ<ëvÕ
-Sï鯹mº/'cx.¯å±9•ç߇m˜]�Ú’)NxöäpåB³<yOþ9ÄPendstream
-endobj
-524 0 obj<</Type/Page/Parent 513 0 R/Contents 525 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-525 0 obj<</Filter/FlateDecode/Length 155       >>stream
+525 0 obj<</Type/Page/Parent 522 0 R/Contents 526 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 55 0 R>>endobj
+526 0 obj<</Filter/FlateDecode/Length 2528      >>stream
+x
Õ[moGþî_±S Úììû~ôK’Ð$=K×O
+ÙZÛ:XRN–zÍ¿ïCrfÈ]%H�ÃyÝHõèYÎ�É™Uþsæ’ÿ¹¤É“¢Nn7gYšá›ø×õ;ú&©Ëo’¢K“ù™�›¤+ÓÒpn—WigÈ¢¦A‹*m1hS¥ÎÔ@f9	ò“D²2Y‡™6I™Å PU[=]"Àëà&©2L§œ�°¡Ã�ÊUœƒºJZ¶j ”a
‹‘²o’<ÏÒÂÈZV–5+’ƒy-[4ƒ‘ÙïUMÊÀ9�Ë€œd ùÝa¥•ÁªNë(È@=çrG.Œ¤Å¶®0‚²2lI&}è°žkK’‹œ�4oÉÈHRŒT®1�À@Ás²ò‘3p“´UšûAHÎ@ÌW6db#°êTj„çbVD’Ë.S§
+ˆ‚�#'‰’ClÃβƒmrŒ¯²2iCÑê]^2ÐI=ç2Š;%-&§“ƒ••aënÃ2Ða=燉¤Å4,­eY¶r¼˜¡%Ös-m!åÄ ŽÔR’¤Ì)¢8£9hL¸.@˜A™Bäù"i9’!Î@Ì—•ä¹HZ¶¬á{Ãšc1£¬8©G—‹�:Às
¥Ô2r’By'’“B!‘å)‹®Õ¥§"«DI Ù
+1(ç4%-‹Uk�¨L‰]FE†—¹` SzN¦Œœ�dG‰õRA‹Á¢®Ô†•)±nq×tJÏÉ‘3�¦¤4©‚Ó”\£¬LYµºß:¥çxñ”3ƒæ9
ª‚%œV”HÓ’[ðŠ($Aöy$+,h4„3?É@=GK‡)")‚N:d ‚ž£ÔS%E$i˜¼£`óûNÉñ¾ï;åDbn°ÆÊH«QÂ|%y¾ºfe:Ÿçd‚ÈèA9D^žÄ|EFóE’×7¯¤á(@ˆ6£%OðƒÄHFPH))ƒBý§9Ôs˜Êˆ	©Â*g YÁ.�ƒÊ„¹)õ9�Ðs-m|åäFª2Ú�1!|
uP
+ÄÜIÀñ$€&4�
ÃO²6,ˆ2#8g ‚žsXR¨IŽ`‡Ø¡tÃSˆ‚�£Ü"'Ó“qFù2ò*È�T¥åI¬¥ÔËŒTÐsÔ\`ÆHŠªø’ò¿2PAÏ9´\%¢‡žÔ)È"È@=燢€žTA$uôœloJ+Ö9éTe ‚žs
URI¶çÊèìr:JÔ¬‹"¸TAT³•ºÈ&F	ÑnŠÏTKeãÇøsòŒ«è)ª¤6±ŽBž‘%‹a+“/Xˆ?G!Ï8äôôQ,„(:‚?G!ϸ–ÎD‘ºXœ½~œ%‹;ÄÒr•ÔM™,V|ŽÃ×·¯Ë›Ç>ÙÝ%—»í¡ßž~XüRZ#’šy±YNb¯æç.Îé	ä„&§#"¾L®úßûÇÝç~ÏÂPµnõî¸^õ$�cŸw­¤Sÿqb$6…Ù¶0”*òÈDçjoâ¢_nØŒ:mÛò…˜ÜèÍÑ5Ëòd†$ÊKv~ótØ/o¼jmÚT/Lù`Äèÿ9é;+XáhËåÃòó¡ß³)hÇ΀.¥¯°˜!ïÖÛõa½ÛÒ׸ h3yty2í\áŸþØ.Þšó£UZå�ÿþçýî°»Ý=2�6„Âr»¢¯Ðú”mÆXn8ÊQöQKý—×ýÓîñÔ@ikë0ƇݪçÍ‚Ö©(ÿ‡mQ‘*¯ßÆHÎQO±Ä1š]ê}S£>Šw>¾YD{ëlÒ‰6Ø‘Ë«ןί.Ïçr
î*Šè]»¢EZL·_ŇÜ7´¥Ûòñâ# Â!k›°P&0ó¥G¾m”g‡µ„œfd
+¹�p¾µIý†M:_nn–4nð\‚ó|û°>ô·‡ãž7º�É3V3ÚcÎeºÁ°0ãÅ|¿=ìw«ãmÜù/+å²93œZÍöÂQolŇããa}xØ÷ËÕz{Ï{L«Gâ“ CGRør˜èŠâð6ãs‡§XG=«MƒÈ²cûÖ4ôÆ]ÈÍO›Ið8úTþÜFŒç£p8´©üË6m_žM-…ÔìĦjlÓöf#Ë�ÓC,ãWýÓú~ËÙ—�/Ãc·M‚Ù.Û@£ÑønnôÑrãâAzfœŸb5xŠù%Mñæâ_ïÈtR{.yúòtè¹_EA‰ôYÝÑ‘R¦1q%Üzl¢ÆËü±ÿ/IäEZ¹Ð¬}:>¥qµ6Ï¿lË?xñÑÞà<Ã}ͳZ7œŒm�É]®±ñ$¥úeÅ­W[…‚wEøë«_àE4ièÃòv¿F¶S–—‘3çÐÛ5üJJå°=µïüê*˜ˆºÓ´!ÕFÑ!ÕÉÖñÙ	‹ÖmûJjý†m?ýòS°�šÐ2TCk[Vù�=Œ›ÿ7ŠÆ
‹!¶Ø_Ù}o�[naøœ‚»á¼x!iÖÉÙ°n]5Y%YoHBϘ¬nîý‡°BxŸ1åN2þm#$mŒŒxXíƒ
tõòBŒHƒôVËd¾Ê·[Öˆ»Ý~³<ü¶êoŽ÷¿Ù5™¦z‹æ¶Nãê‘Ú«ïc|f¥úrÚcÜŽwñB`~¼¿ïŸèÀÛ7°“Ÿß\!ioÃé4ú=;}Žvjso�k8êôûíòQr.h_B`ºñ¥^j˜ðiÂéUŽ¬tE&7KHuUÎàÿÀAçÑŸ�<ÊnêC¸7n6��Ç)ýkÍÆÖ7Yè+›Pƒïi§ÂzŠ:l2#>z#»N“JH)fÕ¸Âräá
+¡‰×nk>à�µvÉ7_ýn¿ê÷éí
¼,êª)Òñʬ4dái
»üåýÅÍñîÇÏ»'éúanª‡>{.tö¤üiáúù4³¶`Í®ÿñ÷壸¯ &©¿Þñíõ ›áí(ïý�îÇK�±Ê¿?U^z½	£囫'š•ØçPÌ×_uý|¼céä4™ö!pè%÷(ršõÉù'êã­ü„úGߟ¤ËöDýùÜ�Ù´“œ]‚çQ´¨µ×8ݩꃸWÕ[~{0EôDõË¡î.cåée—‹„ý®q£Ús�{få�¿ÆÇnG[@ûx ú0ä�ê“$ú¨ü(`œ”W«ùõ Ø}s€Ÿ0LµWƒêY;®Pˆü±Û¯áî•Ÿ0OFåÑKŽ]/vèú�ï5hèG«Ï¾Awh8V]ÊëPõ�çUõé¶êë·øa“ü?‘ÃeYÝÐùï1ÌL’øƒ’"ÿÀ�á¬É:zrM
öfqöϳ?
æšñ'endstream
+endobj
+527 0 obj<</Type/Page/Parent 522 0 R/Contents 528 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 100 0 R>>endobj
+528 0 obj<</Filter/FlateDecode/Length 3031      >>stream
+x
Í[Ms9½ûWôm³)Ýìï£ãLf\å8N¤ÔžeY™h#©½úÈLþý>$�nyÖ»[É3U‰žž@€ìο.²$ÅÿYR»$¯’ùú"§ø&þñéWú&©Š®“¼g¬’É…�ë¤L{œ�ë¤)ÇÎȸN²<7†Ì+š0/ñ%uãÒšÐÀuR×ãÖpbЬ׆´,Æ),k0ØÚõ.Rȹq…ꆔe@
+(–`ØHŠ`Úb® È@=—eéI‹i؆ˆ,/PÙVXR¿@âÊ•‰rbP—õH‹Á%–OE)ʪe—°ÓÐŒúPŽc ÈÕVÎ@Ì—UX%-¦È1³²²eÅá�(èx®ihÊÈHÐÒD’�U¹:K@tVà2øºò/‰´˜t-ú¬Á`¡‚••I±
È•K%�Ôs~’HZ'UV&
²e=Î83x�¸¬¦uˆ²¢¾¤ý.*1P•<—¥ÅH$-†JU†MdXƒÁ¶œ§¬x4%7‡�f@“Šƒ=‡Ì�HPŽ¶fѦº5De—a÷„_i1Ô))6U”½¨
+ö
+Ç·4Ї»rîA®-¡”rb¾´î‘ƒÍÈHµlÁº²vl‰Á`ëÞTY^Øæ‘7y%�¤�¤RK*ñ/ÙNÊÂE^«G¨ ç²´@ÞWRftäß0#ô²l‘‘3Ú8Ú‡JÊ œ%àtPÏI‘dÁ¼¥<àDÁÀµ®Ê‰¢-®[Î@å<WSETÎ@X
5CÊ H|1Ês:¨ç8·+g -�£A£ Z6ºÞ9ÔsuŽŸ(g iJÁ®¤Š"@•‹ã$g ƒz®¥ú¬œ�´¨iÐ(H»*G]Ž�„“wUàx)gà:ÁVÇró $g ­�’ƒÅ2„ùIÔb°
•C•%]¬¡ fåD]ÇÊ)gà:©誜�˜/¥�TÒb°EŠhT–Ýá[ÑHöNàd’ò£«¤Uàd.€
ÄŒ(À¹ÿ%�Ê‚eÎÎ’_2PAÏeYN‚‘U±d1ÆUÕs
›9áe*Í*g ­MEk¹^9'Í€hÊ@5õ%Y,y$EêÇîÌ1PAÏeÅ�’"˜š¢í¨ ç2Ì…ˆ$¯MÖHie¿	ˆk8NFÊHž¢­ª¤Å`¡\kYƒÁ6BFÖ`ꨠ+ËvfÈäJ^Y
ÑÎÀe³’“Ã
+Œ ¬[™š�1Ða='¡¥¤"©D‡Q†)ôâêDNäÐÅ&‹š4gä<—¥±¬¤Å°ÞÄâEQ‹ÁæŽ&UÖ`°h3{²ƒÅÑ¥4²¢0ôØ‚Qwž…=G»ÞŽ¤Å4)u†5,²[fYƒ)¨�UYQ	;Hc��®½çüšEÒbLêRXYƒIa:´)Ë“r§èã�?Ç)=#3DÊ@Œ/”‰r
+i6*ˆÊ)×P9V"ŽŠxFfŽ”�4™ƒiÊ)¤É¨&*§~È©.EŽA!‰‘ÌŸ£"ž‘™#e &ãWN!)ÉÇ{ž†äÉJi�°t’òA¨BìÌH§x´ùAŒD»J1ÄCðgšJQ0R2 —’\¢§–À¡%Ê“Èñd°Ž*8ÏŸãdž‘Ñ#e áÑ•Sù••†§!ßL/^¿CUJ“é^Æ·u‘Lø._Ï_Mg÷«EÒ}I®ºÍ~±Ùïþ>ý'¤°ñ3’ÑêCläHìÕÕ×Ùã~±¥ß Ôe 0Èë¤ÓW8™­ïgü£rŒC»ÿöl7³•ŸY¦À-ŽÃ¨kŽC{'£Uˆ1ïæò–Fså8/Ãwïg›Ùï¢
+­nQÍ�úØ:ÿíåÝ5kØ`„V¾Ÿô¿¬¦ùG”ë�±›‹#±÷n¶�­X-^*´o�9©ÊÃɼ	u	¿ô¼åŽø´Ø¶Žë…ï³ÕaÁžD_—6çðƒ5*kÄ'teÐ3ɇ³àU÷ z—ã¶Q>ÿ
+7ÍývÀÅKZ†ÜÓ¦b;12b›½jg>åç¬%Mì–†®´á¸sø›ºb·ÆM=ýLJ›Úên}?žw›/4NTÎ…µù²” KƒÜÿú”Fçr©,BL:tz5>GK,ÖªÏo.ç³É¡`Ô¹OÉ%RØ�Ý’·&î@Ë°@Ã)O‹ÅÀî+l(“YÇéå·ÙæaµÜüÎ^C»³dÇŽDÃÝf¹÷ð?¾.÷‹ÝãlÎÎGƒÐ´'Žgo]·=vœxþÓn–‰h\¬G{©.7‡Ù~ÙqþBwZ4¾Šü\�;qκ0çØ´â¿Ò#¹48òãa¹ý&A‹'�OU?פ0ºË(ÔÐKô‹¶àpÓM~lö³?yÏyÅÃ/âoo·¿±’Ç›ìò¾;ìÙx!öG*ì»ñœ¿Ç±âÄ[©¿†Î‘½ÂÐpè=WjñZÈõ·‹ý›ë5 t!Q.yQ6Aó(�
7…èäÃz|Þ,ÙÙÔÙUUH9ÝvõÀ+„ƒ¯óßöUÿÉÈå²2±Zd¸V6Õ¢>®hn·ÝÃaóÆY];X±g„£Hψ£Ý÷yG
úzÁimùK²a<öV NâÖÃ#¤ay:\öÅ�úðÇÍô×å#)–ž6ÿ
Üa ·	×ö¶¶¡æͺ›ívtÛq
çѳv•Æþè
+ZÚQÕ/ÒØ5CCnºù7ß{P÷${~8Ú±7çLe¾ÖæðíbóƒFª,ë�¸Þã”ÀþA}À#¯—cš+Ù9x
+×�2ŸÈÕ¬évöøÐu|ÀÇ)¡jBŽÿ|ý–-C¢N«³ �CÂ[u´wšaÈÝu[®Ät#�.›ÃúÞ°q•Q„ðxš“¼UÛl�ŒÚvûnÞñùfÒXv¯ºõã
+g—=(î‹pb=¹%2¡ØÓë3�Ÿk2¼C"2çáÈb­ÝÅ«&<ñ	W
+ÉîÇn¿XSÐãê»ÌüMC‚ãœÜ>Q$œ~:T·Ï›ïýÌ¿�’1x¢¡~~Û­gÒbõÜÿéîêo’„Ð=�ýèíüåƒvRx0oR+.‡�ý²;)¶g„]50âø0éÛ¹¯/àDöbÎ÷ #¼öbϘä…ã³ôÕvñ°”az€ôrJµ7¢6	WÈÃ8ºípqÁ5o7…ôžàêÃï¤*§’É~‹Æý°õ}/Š•ç=|zq/{2ð8ÆÔÆs“þ²žxýåâºgÂq”ý‚B¼Øò}{KBó¼½m.÷
5F=õ�/b±Ã}üy•÷Ý›ÐXŽKï'(\&Ñå~‡'Ýwy®‚wz\®zQ€7;\wÓ¯Qp*.–nq`”ãº-µwËG¾\ÃK1
6êI–¤×LýÓT‹CâñÖyÚtR[Ý3§<ož¼Ú¶�Ì9ÞF¿-fþÁÜ‹ÊÕ_2�ðÐÍl$´jœ­í�æt¶ä^onž÷Z쉬VTõ#¼qÓËh­�Ìðû	/}ŧAo–Rs`­>}M#âáHlYŸüÕåüýŽ6Qu’Kè¾ñÞnz¹o�r®·¼�ÞL.I[ëñ‡¿ÌûÿÓF›�&m¾+/©RÎüÖBoù6ž¶><.6dtï"à®[-çr?€µÀûk{lÃS€Þö“ƒÿs¶}<,¶l½†Ÿ]o¾tl1ÎPñê£oqyòn¤ð�rg�ž­r�|ÎÖІÈc®t\¤Á&¥Âá±u|
AÎ_\,�ðjÒÏ-rÁB¼•5Ü‹rV|ÎÂ'#u²˜or9ræH•ƒU6ŒÔ,åKÚ“§¶áÕªÛÉÃ<,Ox
+}’-öô$…˜ƒû³^,âagÈg¬¹éºo¾«ÆË™úÂÁäúíDrÍÏ
µ§M*åè8|ƒ…»+éGžsÒ_˜E
$o#~¬v’NÑZ(v½~‡·Aù}$ü€ÿ‚‹ßkÆÛ“Ë÷o.“·‹ï‹U÷ˆÃä×ÃR^Éñ>
+©Q�¶ôâÒrIÎùezññâßûˆ)�endstream
+endobj
+529 0 obj<</Type/Page/Parent 522 0 R/Contents 530 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 145 0 R>>endobj
+530 0 obj<</Filter/FlateDecode/Length 3471      >>stream
+x
Í[ÛrÇ}×Wì›�Â{¿ä%E‘²Ì
+EËlçÁU©Jˆ
,‚Véïsú2=½ )±ƒ’\%áà`fú6==½ëÿ>Ë’ÿeI“'E�Ì×ÏÒIŠoì¯7/雤.;ü½NŠn’)X%Óg®“*q®“ºq®“,m'¹›Ôc°e:é[Ô$NQMZˆSå“J
‰ã f­É¿$Òc°EFÓFÖa°Íxb�×Iž6£™=›w“ÒÍ\•$pžOjÜ´�[Éä MóIáH�ÁÂЕçauÛ6£‰eÑ”$	‹2ˆ‹*§‹é1¦­3rMd&¶#‘ŒåE«®Æ]T€-8Y$’cÚ¢˜4‰c›�X‡ÁvDŠcE¤¶ààekW¢HÊ©FzŒióчz¶Ná¸ÈÊ¢0…¨,Ê .ªœ.b¤Ç¶hdEˆ0¶ÎaçÊXÞUUs˜ñF@‹:H&jðGR|VeCE@”V¹Ž¿$Òc’¶¤iù·Ì:¶d¯+&*R*â¢ÊeiE¶5ÒcL­[ÇŠ²†Ý-Z3 i\']Kªç Mʲé1ئ »GÖa°ÆŠžiáB�AÔS98¥D¥ç &Í+ZÒH�Áb
Ïò’e—Æ|#À–¯9iIJT‘ôlÙ`—9Öa°ÈîµcÙ)eC
+jÆ`N	\–ñ¢üK"=Æ´8lŠ$õlE™Ê±›HqfQeÊSŠ¢8Öcäó¦ÄÞ�¬Ø·&£ëî.Dû*GGLšDRB.:H9-”â@åTo#e`A>d*—áè�ŒËóF–g@y;”ÊÁgœƒØ*©oœƒ°kN§h$EÒ,‹¹¤d%UŽœÛé1¹‹öAdyÚ›ÔL.À¦
œLI�iZòsd©°)šŒÍÊ•ŒšÕAX®B<GÎAX'¥)yç Ö+èÐ�¤Ç`™cÙYEE{KR~@Ó:¨¹+r2®¬d{ñ8qœr|0Æ9H¢ŽzÕ_‘Ä¡ƒmk�cÆöɨª‰¬Ç`Q€¡ò4¡DØ�<-Z3ˆÊ(×æd<ã„@YAv7ÒcR†ªÈÊ’™Ô·²$ƒ¸¤rÒœb¤Ç˜–wˆc‹†žq¬Ã`;ªxë0l„#ÛX�É‚-Ù7²ƒÅL~¬(‹	¹zfŸ3ˆÊ*G¥œj¤Çó ì#ë0X%•guṳ̈NÀ¤NCêØÌ´GóFêXÞ”H^u�FŽ÷hÇ›2rBVÔ­®@“zLš´ØVq(›/G±ð`æ\Kõbä¤%Éc‘d¡¹DtbUTNt2ÎAœ
+5(7ÎAZ¯‘ƒE$BTê1Ø.#Y�äZeRüä¢
”ãj"rbR\ø ­
ô˜Äe�"ë0X’~Q�ÁBñÊÍ,â"péÁ#Dq•£Z¶F®¢_é1¦Å
AY‡Á⼇HÆÊ¢©Ô¶œPrqQå��1«qbRÜ^yFz9lÄ:¡á'ö,+8<Îì0X$(Y‡±;‘f`&cYUº{RIê
+0U‡=×ð%5eóò�N•4Å|K©Q�sâ ›uŽ”�¸oÑ!)¿d*—et0Óͬ‡:LÊIceZT±'2-ƒ8­r:­‘Ë´œCóÐP1O!¥¢˜‡
qò’5t¥ê’
bRTÿÐÄH‘…Ù\deeU.ƒ³J§_é1ɺÇ:LŽ¦kW+‹¢ïÆ .ªœìÞÌH6AG'®¦alePÚÕ‰1‘˜t'0Š§k¥¾ä	ø³M§b¶MŒ¡üŠaí+þLC�Õ²Àp65&"”[Tûdƒ�qû¤©i:Áq¹ÁµäÑÈE×"Ó8Ö_ÙqÍŸM_e¤µeÂ!c6çÏ6H.™Œ‰òáôE 	X¯I炲‡q‚CÊ#÷|öì»ï)Ó$³+·Í¢¦Lf—Ü_Ä×óogýÛÕ"®’“a³[lv7›ý£*¬C£Ž(J1ì(§aßž¼ï¯w‹-ý†|“\~›tú
+C^Ì"Ýç�~u:¬û冾FÛ,~ýæõÉ7º$vŠ,‰ÖîXšîù˜ÛD¦§£Ex1;ÿñå�4Ú0u^(±½žóÒ8�»F¿›mûÍM?ßéâñÇýzqIßbkWY«?½¼^Зضe¡âOõ§Êh©£W\Ùkœ±Î8z› ôùô˜å*&•™õÍâ¿·‹V
‰:ërUŽZ­›w¬I	k4‡ÖdÏBU.Šá Î÷4Ë¥Ùñíî=âq9ïw¬’MW«v<7”ª5àöÖ>4ºeåØeÅ£›.¶èB„•^÷77†-‡#vq—…ˆž.Ø»JœNCôÐúÉüU¡D­¸çAÙ�Ÿ‹Íéñ+ŽWlÛ6ìÅóáÝ°¡oÑOlÛRüù4úøU‚nH¬ûºU�sâº]]}Ê•â¸wÚ‘ãDµ,¦ÑßðçÕñÙùôüÇÙo¿]¼ ¿bbÍJ�Ao¹ƒ}®*‘‡èžÐw3áO·‹íG54®Fš®>˜P8U�m«ÓúçrÍ£ÓàÓ«~ÈÐ.Í£÷r'Ü>¹mÐ_¬q6ò)øéõÊV5;«ë¼25«âÂkúæ—é/l´—*ÝìÉŸ<ŽQêáYËSj^5‘8XÇû¨žÜ
ÉMӨˊ éô}¿•R÷+G^lnדõM£§Th/$T?tF½•;1y¯v÷žc/ï±ÃÙæj`�ñ5×
+eO–CêU_Ž¶_³±'Û�×»áݶ¿~¿äB’:M湛奸3�”M¨uÎøè£Ç#[Ë_\Bí�åï¨LsEÎRÎÅ'ꊿvƒ«ö9ïŒ\�§èw\}º¸Zn–;ˆÃu9^"@ðÿµâüg«
+
=]v	�Mîhðz;ì†ù°"�ã–òUˆO*WÇ šU{*Ü­O†õ:\ÆÊ'­úò�
+Om¤‘ôíþšž�ràøê°ßp]‹ð‹ÉñMøúµ×-þTß!ªö”¼»O~]¬VG¿o†ò*Yy¸@šÐËÔº÷©°uêTò½{šÜÝ/kMi´‚¿PÞžÔ|Aö
	dHòdúdKíFÝ—#ýúmOßá‘WV†[õëí·ÌÍ;"¨�b19C?d»éWÍxoÂB׌üê‚äúî{kŽÐ[H>8¡¦Æf¸ú¿½ÙmµÝ�ÃækHÞÞP¢Ñ6ŒLh¡q´ðn�yîÃì–«~.�
8¬ÌŽ‹œÄE¶â/ýv9ܲÑÿ‹×‚çýüw2,:»E"a±¹ä_â²ÐÀć<óÔnôv˜ÁzŒlÀb–.`qù¹eåñvƒµf§Ï¥�F„ÛÞìOù9h‡ô^¨jã (ˆ.ZTg§¼÷šØß¹ï¼8Y-q"²5œŠÉI?¯»g},¸î)Ë8¤´ó‚ž¡õʨ<Ý®{*yhú
+i»ûË®Xµ\ks4”ýÁ	gk£!Øâ×åærø ÉÆ÷.fßåÿ$¹ÐI‹%æCºˆEùç¸^Xh_»åU¸1·ÍAO%ÑØeìípÒý³[Ùg3ö¯gSÖ0Ÿ¤ÖXgk$ø/tK®ù¢ává®HN{ÙÚ”A?ÌÜõ}¿\
¡IˆG>Ýa³Ñ#sCP->€GåXÉíα³÷r‘“1óàÏ×óa­[™Þ¼²whˆà¶b{vúñf·àk4s›ã‘Šü¿?«¹�÷>Fs#æq<¾àÒ#”LÉt1¿Ý.w²ÿ|’’"£MoŠmØ**ûÍfñ�¾DC/­BgVù†¿ÄáØ~�>¸áèN=‚7‡ö´ß!�÷«aÊÁ³VH%WÛAZ!8߬kòóÅÙ¿T±{ç�ÇðÃ�ÐhýŒ÷e
+Þ¤+÷t[-¤À@›ÈZ÷�`oP´H��Gjö¸é‘1BÚ›acàUlÃÃ*vÇFÙ;ÖÏû�‹­Ø„‹ÕÃKö°#ïeTz¢¿¯ˆl]zÛ9”…Ç××+z
+˃§°õ½r‡/U~¼+?ª)r<(•ÍçåQâÃŒ‹h¼¢ñ…NKQ¨‘‡ ãF$ÞZ,u·}N›WÃå­nBÜŽ¾
+]è…€qhí•{÷yÅéákÙàõ/ô¯z§IGG*,΄#ß\/æË^únà-£‹^§¤>zøÓ¯ÿ}�çž—o‰B…\­Lƒ
U#zûhoÿ„ç1^+’²—›á×ÓMTZÄ�f|8½Z¬yNFÛ"º£ßôïÔ_d³ã]ÈÐózƒ/òl^Ò™·
+j†wÂ-�/R_Ù‘Òð	î΃ UK9á*ãó~óªßðVÁÖõÐz"Ç“‡6ÜïyËfô
.Ôö”âÅfN�6☃¸º)H
W £}3J‡Å~‰Œi‹,>7	¿øk†eŽpiŽ%>^joµ©Ð}!{9h¹‡¹íAÐ’7^©{.Á[¿ÿƒì…ÖÍ%@Óí·à9¼ïÈ/cávU–øß4ùp¼‹…cëùqrºøc±®Qä%/oõ¡X�wR;Šù&íè­­årIJ½˜=ûéÙÿfÎtendstream
+endobj
+531 0 obj<</Type/Page/Parent 522 0 R/Contents 532 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 151 0 R>>endobj
+532 0 obj<</Filter/FlateDecode/Length 598       >>stream
+x
ÅTË’Ú0¼û+t$´²–uIKv¹„„ìúˆ]R~^[ùûÌŒmY¤*¹UP=­ñL÷Œü+I™€oʬd*c›:\@$ü¼,0Â2íà·fÊñ´{M"X3cxq¬™s\E\k–¦Žçc`•½e#lnnÙ×Lê”ÛèÉ*C)
+S Ý<”ÁšåeÒAä"Ø5d"0°Fs±džp\óŒæõ\çVà"ݤØià"ˆÝ.#2ÆÀZ…¾‡T2À¸Rz:¸<‡¼‘ëòrE;@Nc^Ï9Ü�‘‹ 4CÓÉÇ"yxvL
+VìÀ7X0°ÑjVliÿ ¼™åºò¬Ý±yÛœ}s>}*~B–�¥Á¬iŸ6•˜6™¿—‡³?âÜLx<d;
“8ÆÒÕE¾–Ͳl0¨·Bõá²ÙbL
+®sÙǾ”Û"]Z•§ÓG{¤³Úrgña¡§fsü}8ï[zôó}Âý±úU`=œ„ÿ®'9”ù\¼{ª
;j†B§z}ÀZTÉ(®C¥Ý¾¢ã 	®.UçwøX�=ßDsiØTf°òÿ‰þ{$/«9é7\™aL«êòö†+€X(ä–íöRyZ-¸Éí=<°Y§~³ÒÜ‚ú0fx��Î0æÙº½œ1ïm/ósûgÉNÒÔHšb¤CÞêXøÆËŠ”Àû/&öýê�×½ÿ �Á«PÝ[ã0£¼¿Š*ç©s,óa=_gËÇû⯾jþxb‹Ë~KÛ¦„€E„+k…Óû+Jz*’Ét�†Ÿendstream
+endobj
+533 0 obj<</Type/Page/Parent 522 0 R/Contents 534 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+534 0 obj<</Filter/FlateDecode/Length 155       >>stream
 x
}Ž»Â0E÷|Åa ØiHÃØŠÇÄ€ð 6•Š¨€"ø~\Ú‰
Y–,ßã#?ƒ´¹CPu†,!d+ëác®³Óîš1pdÝoPŠYîÖpiÔò©¡ÒM5;‡²À&½ÓõvOýûW[§¹\¾WìÇ«EÆj–zÂ%�»‰`ž�àƒÜ”>’�ÑëŠñ`ØŠ9šÒ°7~endstream
 endobj
-526 0 obj<</Type/Page/Parent 513 0 R/Contents 527 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F7 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 191 0 R>>endobj
-527 0 obj<</Filter/FlateDecode/Length 1731      >>stream
-x
�WÛRÛH}ç+úmIU–d]ÌÓrIØT
a±“§T¥d{l++i¼ÒÂßïéYÛ¹lQŸîÓ—éiÉÿžø4Â�OI@aL‹òdä�ðIÿëéö$N¼ˆ¢4ðR*ÉO|/éPAÓ“ ‰¼Iφqà�:…üž‘ï…bÏÔh<Á¾¤(òâ0åÀ’â
¬!s„æ(EVébŽÈ‘ÖÁ`ã	òqXƒ�$¨Óa\R0æž¬‹Á&“ýr6N\ÒD¢
-�R…‹Ç¶E~Â	bÒw0—#Åöl$®¨‰ÏÇãÓX{:Ž
Ë;$w>L�cIãwWû9©¦Ü‚ž³ñ Å'æû#V4ÔáûR£ø¬*Hêp0\Ç>ç:°›„|¤=+QC¤"34bW‹DØÁ\g²ÇZ×tlך
-r\wl�bžµ®˜uîŽ3¡P{:�ûÂf yªC÷éD`?bâ'(È2ç@—ÃÄì â…Ò
‰ Ž<á8’¾'\ª’èራ‚Ö‰%“.‹ƒGâ=këé:*‡¬‘ ×?aÙžt1XÜyÈö¬•õyŽÑVÑ0ÈvÏzÞ“.†¬ÌÈÀZÙ/‘�¬€A¶ãü�ç(ìI³ìˆkéY‘
&¼Ò ËÍ´@dGÌwì�“˜m1'|áý�ÿZÄž–Ä“�FBð4�,»6�à‚˜äÙ
- &÷6DV05`woNÜ‚Xª�û7¾ýb…ˆFÏÙê1ÞRÄh„9±£ï`”8–nô¬u…	—(Ç`O"Ó€Kê9rß"\É�Q?åÖ"׉[À¢„#ô‡t1Ø(Üs•ãà�â®úqy‹X×’±}H1	]A‰'�4(åËîÈ°Ûë²³}AØÍíã™éc„
äÈ®g~HAVPONºŒsLz*ípáú詸[¡8æ”0å�ø">?”�zñpg0p¸‰Òâ½0pØšò0Hbˆ`îjvrþs5¢Ù
-/q’Òl)ïødqz9oL�-Ì›Ù7ØÅX!Öî
,Oï²ÆЧí23ÊÚŒ;›Sº {]ÑTmqMq”Ax…t}3ãA	ØzDg2ÂЙmò†æZÿCø›ÑB…Z˜zEK½hKU™†Ì&3Tæë�¡¹¢¶Q«¶ •®i«ô¶P´TϪÐÛ¼ZS“•óŒ@™�nå•QµjŒZâß.¸\_jqÐ}04Ti³áJ]+ŽXý"¡—:7FU4ív¨eÌuk Я²¢A5±Ÿ³:×mCÛ¬F}(Öæ�UKñœÞ_ѶÖF£#]z�É‹E,t‰’�òh†¥ÆAÔj�6Ñ3¢w­C%Mß¿ƒÐT†.®t‹`èëƘíÅù¹TàIž®×ç=*C»VÎ'¡é›*JUÿÙ[z?:ÓÝÙer˜œLŽ‘Êç-Ÿ+> E·ŸèVUªÎ
-zlçE¾ »Å ì—ÓÛÇ»/oúª�.1 ÛWî|ª‚«¸!zT´KÄyÉÍƶS†¢Ñm½À°ì2A¯zͽ¦èê¬È+…æéZõòòâ­š•´©‹Ûœ¯·…g¾wW&q®¯uõlŽIEî×3‰©fí½Ëµ›KߣµÊ«|w”¹úðqJ�ÝD�ÉCV*zR�.Z±»×K%šø’p6HAìáÝŒÝjÁòèêéãåÍõåtF]Œ#£þWS—?s#@d*ݽ¬›Üàö¶µœÍ¾ÒøP™Z/[¹Þæ{`—'6œG÷mapbµÊ–|¹H‘>È)ð�Ó¬7kÊùòÈbìZT?²ˆ<ªæå�nòµl†½²$f_J»ywõé–šW¬‘’C¹¥…wX½ÐÇÖlq璘•É¾$„'´½®¢ôåc}Ÿ-j}dÖ…³Ë››_XJ…ŠÄòîóÝ/,Q)ç÷¾­¤õG3z×°œ¯�únXè(-<UÅ`³¬Â#qìã23_—jÞ®¿ºRgøæÚŸ4ò¾Ör¾Óv½ÆfÆ-””œi@Æv¦02ªæzØuÉøz“ñC
-«ä/Ì
-nìú qI›·d…úWný{Á�»œolt£t�ýämŽƒÊa_¾D»çíêíV7GÍÂ7ëñ·Fˆ:Ý“zûœ?”C˦Çrîõá hÚ‡c«ƒBc+5=ÈÿP+±Z¿3K¡¶—ÙOK˜Àr/»Áò06¾µZÕ!ú`|P¾‚ZÝÿc‹SyÚËÖ6ûü=^'åýFæ4˜Øuí¾�S¼ù¥c¼(a�Ë+Ì»ÙÉß'ÿ
…%VŒendstream
-endobj
-528 0 obj<</Type/Page/Parent 513 0 R/Contents 529 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 8 0 R/F8 10 0 R>>/XObject<<>>>>/Annots 243 0 R>>endobj
-529 0 obj<</Filter/FlateDecode/Length 2012      >>stream
-x
uXÛrÓH}ÏWÌÛBº_�ØTåØ,/¼(²B´Ø’W–�üýžÓciÚv(ª §ïÝÓ3òg�ññ'0Yh¢ÔTë3ßóñ?Ó_Ÿ?œ~è…&ÍSÏ7kd±ïÑÊÌG6½œl‘y…I)6)¼TXÚH‘MB/1iœÂàÚd	í
- § Ìù$)f›pRÕ˜
t:±EŠHÓ(‚
-Uý	Ñ°%CäO2,’ ñª0U%™‰µÉø´Žd$^
’Œƒ43 ‰Ôlœ{™bsÄ™‘Ô/ÌPhUÁµI¨9NÁµAë´žDšä¾”=Ï`ÚÚT�‘f4*’$¥:IšÙÒÅ�‹H
-³:!Ì+Váµ	ýer¬5œ°.¬€¤�¬5äX…¡‹éDÄŽUn£„…˜Xë6æ@5(˜� q«0
lÅ*ÃAÈ*Nºˆ	~P=N}“àŠðÁl(…$N‹.¢û+³àsØ׃‹hPQAÌBÀÚOœ‚ãœ8NÆfoc†®Lœ‚Œ”Ýq¤¤ç¹mYà#(‹$æ£öRXŸ=±È‘ŠÅÉ"ˆ�SptéHëçC*‡­T˜X�³Š³8…O�†«ÍX€xäÑ´‘Ljœ¢ŸKXm±‰�Sp
-u"%Ô¨HlŽ¬ƒâÑAzäÚs¤UÌyx�û	�B-U$g#’yY›˜Ce
õDÁ3/Rœ‚°ésá9E�ÁF¬¸cÅ£,A€u‹У‚˜8ž
Ç)ˆym8ÎfïïªH�¤ÏÕaËUÅÌC�#{•QÀH‘´f}»ò±Í (€œ‚‡Æ§ Îí«H†bÒìUÁCnÑN˜ÙË Àx‡Æ"G¦v§1OG(hŠ5Äq–
à[ Š"ž€GÇ‘ƒÅ’+4«0Xœ[/^hXcn³àЭdí×>
-ÂDUaFwÅʆ
eu€Ä%Æ"IGì¢ËvýÒ~(h"ùœ�nã–�äq‘qª0ìÆ<VVX…ɲ©šu,6N Y…Áb>cÅJ:
ºl L‚$n¶†CÍÂðˆQb?£ÛIWc°§Ê±Ö-Þ1òd	2f+HÜ*ÌlœbfP	Cžt­ád\âbX�2<²Ø´ˆØ±
-ÃpÊ5ªX…Áâ !¨I׺Edcã‘� åvda¨Ð¬Â,#÷½ÓÕ,Nl¦Xë]’‘²e¤ÜŽ¬-›cfyf¹eöã(/d>Re.ˆE$–†.«¨£c­®$ÖÊ
-Rº#‹—3t«0teš+–1ÁvA1(
ÎîȉÇ9£E€.MœlRÜ ¶q!ª Àp‚PÃ㣂‚Â9_¾â´
-Ç~î!¸�æ&›ÒÍÔÞ°�4S€
…“<r‰|XPP8é.BË&=1‰¥‹bR€39rXìx—QP8Ç.Lœ˜ŒøŒ%&8“#‡-…k‰‚Â9=¼#øF9‘
v5®¬‘wáþKMÜ	pîF·*.
-Zw´ýÁå0r‹³·ï±@³xägbšgf±”ODß,ªWØ(®"óùúŸÙÍ·W»Ç7›nûíõëÅ¿gç¾9BÁÊÅ�›Ïµà›ŸåêÂ	…¬*a|­*Ó°{3»3·e[~¯{3/×¥™}¼fÇ’�g>–}¹®‡ºßRà ÈØá¶v}kÚ®–<m °ËnY›ê	v*˜1Cù°:•L=³xªÍvýàU]ûh+¤­¥⹩7U¹2³¶\=o‰êXb—írÕ´ßM÷h¾>5C½Ý”•¸U)Ð Rв7M[#âvhÚ]94]{”5UÐÁ1ói×ô?$šóÃpà`þÜåïãã`0¡ÙC·̆eÞz•”£35,óÌ]=\\ßÏMÓšÒ|i›ßækׯ–ÇöpMzæºún¹«^�Ï|ÙÖ}‹†wO]ϼGÑÍý¯Í~j6G™ãIÏiØnuýòT�¾éª(ù‰z{U·Ïæƒpªˆ}¹Yv]o¾\_�
-äpÛõƒiwë‡Ó1Ä�(àûnèªn…έ7+LÈð,…Ô�€ø©8[™ùíóv¨×ô:v
-“wsÕ­KÔüóÇË¿D@[ÃírZìc
ˆÌ»]_�dMm4㲯—Í ¶†+
-
tZƒ16ó¡GCw½5sèDFHD�ÊN°òU«{™äÓ$C6ýÐúQàoç(€é~âè¢~í§ØÜa‚–æc³‘uVܨD�S¯Xr8su¹¬û“˜qó¢Me³z�áBD$
JòÖþ3«~HŸÕ™ÆÝàaï7óÙŸÖ»–òPJßoꣶj*;=GV1¨”ú´«ûgœ³ÇNɉbÖ(:¿F ;Ûr?R/Õ#7Å0¯«¾^(
žü"u¹ê¶ÇËŒ‰à†þ¦ë~ì6f~}5É
-êO_{)6S":ê=ê}÷nqsÿáþÎô›êOÅ<ì~ÌîÓøçú¿]½ÌåÎWÝ~?
W®ŠÎvÃS��[•Cm“€ñõjMÎëžS8î 3·5:ì&Þô{éÙ-2ün7øÛ÷x7˵àÇÄ´À¯¹\µóÙíÅëég½ê6Ø.æîYJ¬ç
ÞO”<Ïü‚·òìa;ðc€1¾…ó<ÆïÁ "þÏ»ÅÙ§³ÿ
þó§endstream
-endobj
-530 0 obj<</Type/Page/Parent 513 0 R/Contents 531 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 8 0 R/F8 10 0 R>>/XObject<<>>>>/Annots 283 0 R>>endobj
-531 0 obj<</Filter/FlateDecode/Length 1845      >>stream
-x
}XMoÛF½ëWÌ©iføMª—±“Ô¨í¤‘šô `$Êf#’*%×ð¿ï{³wdM;/o¾gvv¥&‘„øIK’Ë¢�„Aˆÿ|z?™æA)y™¡´EňÖ2›X6�!åd•5l‘™a³˜°ˆad9
Š=¢ªóšMƒœd\Ю"µk°óš[^l^‰a�á4R5SÉ9ÃC5‹˜ìȺ€“$ˆ¡:MÈ)Ðx=„b’1‚‘´˜M™¸g
;�šg]¼1ZÂx£”^i¼ƒMša
[DjÔu†Cvw4¬È>°(
{Ö`èæ)‹èYƒÁ–ë?²ZÄÕs�e^êÀPMCÊ°ƒÕîÖ`U[6¸•áÄƲÅ`1¨…aµRYº‘IKüvHÏf2E”¨WEžÌR×¼4C�2E$]%�Pä(H¦€œ�5Õ9á1Ž˜‰'5œ-o–18E´ÕbÊxFÖ¥‰‰Ò“áDÕ[rH3Ïrú³�¡´¢çÅ
jØ
-†
.U�œ�L¥Ä¤x2c-Ó’?Q¨è¸‚§
\�`RädG˜¤'-‹™‰-k0Xø.-k0¦$â:ó–-›pÃxÖœó¢
-	9ZáE…Ó‘´,fEYgVG$¦:—TíZLÃ+áYƒi¸`6ž5lÉ�2¬Á`Ñœ#˳šÞhÙb°¨ia,»„°?õ8aP"I¹„<†[Ý †5,!{]ƒá6L�X‹rŠI4ºï4æå¶o“Ž÷�Ã¢*HÎ@„zÃèHºLCŽ&B§E

„¢ÞvéHbîJI°8JÈ9Ü*£œ6'¨F=„Ñ0C
<i1XœkVcMôÐã¸qÅ8@³Òl‰ŽyÒbfºÖ`°¹#]ƒÁb)#��n]H¸:uP¢¿E$#ƒ¡Šª bÏ6��t�á̽wt—$
-4Wn¡å,áHZ'õˆ5lÆ�Ñ5,rE:Þ²Á`qyY6³«/4¯ëÒÁ“H7eHMZ¦PS�÷¯,øCwYº§'Š”�=FL¸^QbÏ:Ë¡{+ENV‘Ñ=°8™¨ÅÈjÄñÔ½xÐïH ¦�pŠ³T2R§1îNæ%l–CêÔ`°Å3Ö`.€Ùè:ËùþÕ‚wU&±"Zv
gî} + g œ¢Ë¹xÒ)".Î0ºˆL¸p™wNÆ
v@zˆ—7€çÄàñðœ�¬OÆú¨çÐc°ØðÖ¬ÇJKñ]+Òxx9GHU/·Åq€–Ð
Â*ÖnjH‹Áb³%–5,ªžV#ŠJ÷\A÷ ©€N
ã=„b¢²ž´˜fs´Ú³»‹×�+
ðPËjòf>yý
D2_ñóR^2_êg¥P拧Ad�\ÏÎev~#×ý]¿Zý4ÿ{r†OVgH%†8¤ ónί®g×æ_¿Þ¾å�ùõ‡÷n)ÿ\<
-ä÷‡zx’U?ÈÇËÊ„Çã`ôÙ½à2ýéóìó…̇ªÛV‹�ÜVm½”�ͦ>u™py[ïdv_!õ·ÝC{âïç½L=ü[òâWݪÁ{ÈÅð´ÙõwCµ¹o²m–µô+¹�ËeßVM'ç»ûºÛ5‹j×ôšÁqp1rY¯š®¡Àö$ô;��C¿ëýú6A}Û‡ê>kI‰ú\]n¥ê–ò	ÿ �ãp«ò¥^¯Ï¾wýc§â'nJa„`jF¡3LË8842«ÚoÂm�rw‡ºíê¡«Ö'~!·ç߶»
=SS¦ñ`5ikeU-jÙõò¹šþa+oªÅw©»¥š>ÖEI4×C-óË7¯^�JQ¸ûª»«¯.å¹X7(¡\T‹{Žª	ôŸ½Ú±}gǾ0ó_šnÙ?nÑô×ño£š³-·ý®Y=i‚¶î²wµúru;ûŸ:áY”yW5ëyjµšß×òÇfÑ·ž‡tö´ÝÕ:ÜGnqçÀq½xšÝ“`>1�òª«©ôŠ¦mz¸C!½ÃðTë¾ÃªúVþ¸½úó¤aq€¢ÿ
-Áu½6´k{p°·j=¸®žêát>ð)L'd³Y›³s\ªá!Y3ÈKrÓ/œFþ¬$èá3‰
VmS/šj½7ô³l«ö¯MµÝ.¿�zÅ#?P�ÊÍçÑ©Œð%N 7uÛcóÝT]uWóøžZÁz™×[¤Ó¨‘ÕuÕA[�6öÍG„òØK,µwÒÛ›y Xj±8HØšb•£�ý£,{vo'°øý—ç‘á.ø?êØmÛo,ÃãRVÍZ;ðú]¹¿LøµY>åGqÞp¸$Pç7çØwÿÖë~ƒ¾Ëû¬LM/*J•=+Â)EírHñEY¦øBDJñ·óÉï“ÿ¥rendstream
-endobj
-532 0 obj<</Type/Page/Parent 513 0 R/Contents 533 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-533 0 obj<</Filter/FlateDecode/Length 1571      >>stream
+535 0 obj<</Type/Page/Parent 522 0 R/Contents 536 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F7 9 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 194 0 R>>endobj
+536 0 obj<</Filter/FlateDecode/Length 1735      >>stream
+x
�WÛnÛF}÷WÌ[ ¦ER¼ÈOõ%q
ØŽk)y
+PÒJbJrUriÇß3³¹’Ò¤0`ûèÌœ¹ìì�úçħ~|J
+cZ”'#o„Oú_Ï·'qâE¥�—RI~â{I‡
+šžIäMz6Œoì°Ð¡(äßðŒ|/ì{¦^@ãÉö%E‘w€)–Ç`
™s 4G)²HsDŽì°O��Ã:ì$A�ëà’‚1÷d`]6™ì—°q’ à’&®[€”*\<¶-òNX“¾ƒ¹)¶g#qEM|.8ŸÆØÓ�pXÞ!9ƒ0AŽ%�GÜ]
ìç@¤šrzÎƃŸ˜ï�XEÐP‡ïK�~೪ ©ÃÁpûœëÀ:lò‘ö¬D
‘ŠÌЈ]-as�Ék]Ó±\k*ÈqݱAŠa{ÖºbÖ¹G8΄B
ìé@îC›�ä©qPÜ#¤u€ýˆ‰Ÿ  kÈœeD\³ƒˆJ$‚8ò„ãHúžp©H¢„#®
+Z'–Lº,‰÷¬­?¤ë¨²Dv€\ÿ„e{ÒÅ`qç!Û³VÖç9F[EGÀ Ûq<#èyOº²2#keG¼Dv²ÙŽóCž£°']̲#®¥gE6˜ðJƒ,7Ó‘ 1ß±CNb¶Åœð…÷Cþk{ZkL	ÁSÐ@"°ìÚt‚kb’g+€šÜÛYYÀÔx€Ý½8qb©Bîw @Üøö[ˆ"=g«ÇxK£æ,ÄŽ¾ƒQâXºÑ³Ö&\¢s €=ˆL.©çÈ}‹p%RDý”[‹\S$n
‹:ŽÐÒÅ`£pÏUŽƒŠ»êÇä-b]KÆö!Å$t
$žÒ ”/»/h Ãn¯ËÎö
d`7·�g¦�b4�#»žù!YA=9éV0Ì1	è©´[Ài„ë# §ân…â˜SÀ”?â#ˆøüP>êÅÃ�ÁÀá&Jkˆ÷2ÀÀakÊà ‰!"€¹«ÙÉùÌÕˆf+¼\ÄIJ³¥¼Sà“Åéå¼1u¶0ïfß`c…X»3°<½ÏCŸ¶ËÌ(k3îlNé‚tESµÅ5ÅQ^áEÒõÍŒ%`ë�ÉCg¶Éšký7áoF]jarè-õ¢-Ue2›ÌP™¯7†æŠÚF­Ú‚Vº¦­ÒÛBÑR½¨BoójMMVÎ3e6ºQ”WFÕª1j‰»àr	|©ÅA{tg~k¨ÒfÔºV±úIB¯unŒªhþÖì2P5ʘëÖ@ ^eEƒjb¿du®Û†¶Y�úP¬Í;«–â9}¸¢m­�FGºô“ŠXè%åÑ!J�ƒ¨Õm¢DïZ‡Jš¾¡¨]\éÁÐ×�1Û‹ós©À“4<]¯Ï=z*T†6
+v­œ5NBÓ7U”ªþ£·ô~t¦»³Ëä09™#•Ï[>	V|@Šn?Ñ­ªT�ôÔ΋|A÷9ŠAØ/§·O÷_ÞõU]b@¶oÜ-øTWqC(ô¨h—ˆóš›�m§E£Ûz�aÙe‚^õš{MÑÕY‘W
+Í9ÒµêõõÕ[5+iS·9_oÏ|ï®Lâ\^ë<êÙ“ŠÜ¯5fSÍÚ{—k7—¾G7j•Wùî"<*su÷qJOÝD�ÉcV*zV�.Z±{ÐK%šø’p6HAìñýŒÝjÁòèêùãåÍõåtF]Œ#£þW�S—?s#@d*ݽ¬›Üàö¶µœÍ¾Ò¸«L­—­\os†=°ËΣ‡¶08±ZeK¾‡\¤HäxÈiÖ›5å|yd1v-ªYDUór‰N7ùZ6Ã^Y³/¥Ý¼¿útKÍÖHÉ¡ÜÒB�;¬^éck¶¸÷Ó·ÊdßÂÚ^WQúrŠ±~ȵ>2ëŠÙåÍÍO,¥BEbyÿùþ'–¨”óûÐVÒú£	½ˆkXÎ×F}7,t”žªb°YÖ;Þ==V@æXÈef¾.Õ¼]uµÎðÕµ?j$~­å€§íz�ÕŒk(99〔íPafTÍô°í’òõ&ã§vÉŸ\ÙõAæ’7¯É
+
X¹
؆Üå8xu`¥¥k,(osTNûúó%ú=oW¿ousÔ-nºõôK#D�îIýþ’?”C˦Çrî	pP4íîØê ÐØJMò?ÔJ¬Ö¯ÌR¨íeöŸ%L`¹—Ý`y_[­ê}0>(ßA­îÿ±Å©<ïek›}þ
ï“ò‚#sLì¾vß�Æ)^ýÒ1Þ”°Èåæýì䯓
…˜V¸endstream
+endobj
+537 0 obj<</Type/Page/Parent 522 0 R/Contents 538 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 8 0 R/F8 10 0 R>>/XObject<<>>>>/Annots 246 0 R>>endobj
+538 0 obj<</Filter/FlateDecode/Length 2009      >>stream
+x
uXÛrÓH}ÏWÌÛBÝ/�&\6U¹�Íò‹"+‰6¶ä•e ¿çôXš¶Š*¨Ãé{÷ôŒüßY`|ü	Lš(5ÕúÌ÷|üÏô××Ïg�z¡IóÔóÍÚYìÅ{´2ó‘ÍB/'[d^aRAŠM
+/–6RAd“ÐKL§0¸6YB»È)³A>IŠY…Á&
œT5fÀ
�Nl‘"Ò4Š BUB4lÉù“†$H¼*LUIfbm2>­#‰W€$ã ÍÆh"5ç^¦Øq&E$õ3TÁZUpmÒjŽSpmÐ:­'‘&¹/eÏ3˜¶€6d¤�Š$I©N’f¶tqàÆ"’�¬NóŠUxmB?A™k
'¬+ †)Ã#k
9Vaèb:±c†Û(a!&Öº�9P
+æ#HÜ*LÃ[±
+Ãp²Š“.b‚T�SŸÇä¸"<E0J!‰S…Á¢‹èþÄÊ,øöµÁà"Z
TT³°ö§à8'Ž“±ÙÛĘ¡+§ #ew))Æyn[øÊ"‰†ùǨ½ÖgO,r$‚bq²b
ä]:ÒºÄù�Êa+&䬢Á,NáӣDž¡Ä*G3 y4-„Gä1"§èç’V[lb
äœB�H	5*›#ë`�xt�¹öis¤Á~DÄ£ƒPÄBKÉÙˆd^Ö&æPY@=QðÌ‹§ lú\xNQc°+îXñ(K FÝ"
ô¨ &ŽgÃq
+"C^Ž³ÙÇû»D†*$ésµFØÁr•D1óäÈÀ^%A0RA$­Yß®|l3(
+ § ¡qÇ)È‚sû*’ᄘ4{Uð�[4…fö20Þ¡±È‘©ÝéAÌÓ
+šb
qœe8Lj¢ƒˆ'àÑq¤Æ`±ä
+Í*çÁ‹Ö˜Û,8t+™Fûµ�Âð QU†ÑÝ@±²aCY 1@‰±HÒ»è²]¿´
+šH>'¤Û¸e#y\¤Fœ*»1†•Va²lªf‹�hVa°˜ÏX±’N€….S† ‰[…­áP³0<b”ØÏèvÒÕlÄ©r¬u‹wŒ<Y‚ŒÙ
+·
+3[§X…TÂ�']k8—¸¤�,6-"v¬Â0œr�*Va°8HjÒµnÙØxä#H¹Y*4«0ËÈ}ït5‹›)ÖºE—d¤lÙ)·#kËæX…YFžYn™ý8Ê™�T™‹0b‘‰e…¡‹Ç*êèX«+‰€µ²‚”îÈâå]Ç*]™&ÅŠeL°]PJ€³;rbÆqÂh K'›7¨m\ˆ*°œ Ô0Áø¨  p‚Ã×�¯8mCDZŸ{.¤¹É¦t3µ7l Í`Cá$�\"ÎAº‹Ð²IOL"E题àLŽ;ÞeÎÁ±'&#>ã@‰I
ÎäÈaKáZ¢ pBï¾FÎAd€]�+käÄ]¸ÿRwœ»‘íŠËƒ‚ÖÝmp9ŒÜûÅÙ»OX �YÜó31Í3³XÊ'¢oÕ+lW‘ùzñÏìòÇ«»Ýý›M·ýñúõâß³·¾y.„‚•‹!7ŸkÁ7?ËÕ„
+XUÂøZU¦a÷rvm®Ê¶|¨{3/×w¥™Ý^0ˆcÉÀ3·e_®ë¡î·82öB¸­‡]ß„¶«%�Cì¼[Ö¦z„�
+fÌPÞ­N%SÏ,k³]ßyU×Þ›ûÆ
+ik©‡x.ëßMU®Ì¬-WÏÛF¢:‚Øße»\5íƒéîÍ÷Çf¨·›²·*D
+Zö²ikDÜM»+‡¦k�²¦
+:x"f¾ìšþI¢y{ÌŸÛ¡ü}\`&4»ëvƒÙ°Ì[¯’bt¦†ež¹®‡÷7sÓ´¦4ßÚæ·ùÞõ«å±=\“ž¹h‡¾[îªBÇ£Á3߶uߢ¡ÇÝÄS×3ŸPtsó«E³›ÍQæxÒs¶Û_]¿<UG£/»ê	%?ÑCo?Ôí³¹Â œ*"ÁE_n–]×›oNr¸íúÁ´»õÝéâGð}7tU·BçÖ›&dx–BêNÀüTœ‰­Ìüöy;ÔkƒaZ;…Éë…ùЭKÔüëíù_" ­áv9-ö±DæÝ®¯N²¦6šqÞ×ËfÛCƒ…:­Á›ùУ¡»Þš9t"#$¢Ge§
XùˆªÕ½Lòi’!›~hý(ðWsÀt?qtQ¿v‹Sl®1AKsÛläDF„7*QàÔ+–Î\].ëþ$fܼhSÙ¬¤}ê¨båsþÊû5ygÿ™UO/ØÀ,^/.ç³?¬w-
c@)}³©[ŒÚª©dzŽ¼cN)ôeW÷Ï8f÷ÝŸE1jk_#Žfm¹Ÿ(Ûð#ó¹)†y]õõðBbxò‹ÔùªÛÚzdWœ\vÝÓncææ/™Aèl/ÅnÚ˜;‰z_\\Þ|¾¹6ý¦úS5�•ö!|­ÿÛÕÛÁœ?â€ÕíÃñòÅ;—ƒÀ8f»á±ÆÊ­Ê¡6áIÀø|µróºçŽKÈÌ_(Þô{áÙ|°üÝ'¼›åZðcbZà‡×\®Úùìêýëég½ê6Ø.æó®YÚÒx?Qòm漕gwÛ�wã‹ñ-œç1~ñ>.ξœýì¤ó§endstream
+endobj
+539 0 obj<</Type/Page/Parent 522 0 R/Contents 540 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 8 0 R/F8 10 0 R>>/XObject<<>>>>/Annots 289 0 R>>endobj
+540 0 obj<</Filter/FlateDecode/Length 1946      >>stream
+x
}X]SÛF}÷¯Ø·¤(ú–܇vøH(S0;I2Ó¶j,É•í0üûžs×Ö^a¦Ép8÷ûÞ½»æßQ`|üLš(5ózä{>~Ó¹¿�S/7ižz¾©Md=Z™éHc°q)++¬Â`³ÈK›„„Yƒ ó±—íU­×dì¥$ÃŒv‰]…­×T³ðzÀ`ÓÌ‹k
Ç©‹aß›T�5ì0T“€Éö¬
8Š¼ªãˆœ‰×A(F	#èI�ј‰;Va°ã¡9ÖÆ¢%Œ7ˆéU�Ä«0ؘ¡)Va°YÀ z]kØgw{”á‹À°c†n³ˆŽUlž°þ=+ELP=ÛXæeÑ¡þÕØG¡«0XéŽbfPùвµ	N¨,kƒš)V*•ä¾™8Çw‹¤ñ,`‚!ãP‘xäÈ$¶Í‹Ô)DÒV9±
YŠ‚$È)ˆQ½žSÀ™8RÂÁù�ò&	ƒD«�ÂPÍÆŒ§gmš˜(9VT�R=°9‡4q,§?ñJmä¼X@Mkƒa€K$§ SÉ1)ŽLXË8çWÔÀ
*Z.ãi—!˜X9Ù&éH�ÁbfBÍ*¾sÍ*Œ)	¸Îœe�ÁFÜ0Žµ
§<‚¨BDN€TÁA8EQá´'5‹BQzÖš•‘‰©NM,ˆv5r«0XôÙ8]…Ábæ¬Âö4iË<M6ÐVgYc°˜:³MûSŽ%0± ›�ÃJ6¨b‹C˜i]…r<`5ÅÙùåxÇ!/·ýx[À˜d¼fÃ&‚äD@¸:a´'m¦>G!Ó"€Š
+BQn»¸'1w¹‰Ð
Žrö÷€Š
+Â(§Í
+ŠQaÔOPGj§F›•X#9ô8nì®4« Íæè˜#5f&¬«bgC]…Áb)#‰�nmH¸:ePß#A$…¡Šª bÇ*6
ºÖpbß;²K"
’+7�…PR–°'5‹“:`›ðE£t‹\‘Ž³¬0X\žË
+cvå…ætm:xɦô©)@ÊäKêáþ•èŽ Å"KûTâ÷H�°¡Ãˆ	×+JìXkÙ·o¥ÀÊ
+Rº'µèY‰8Ûú`IPSA8ÅYʈÓw's
"6Ë"qª0Øì«0@„ƒ¬t­åtÿjÁ»*1¡ Z¶
'ö} 
+ § œ¢Ë©q¤UD\œat™
+°á27l�8t/nÇ)ˆ
Àãá8YŸ„õÖ¡Ã`s6ű6T+)mÀ«$$ñðr�ª\n
Šc
9,¡„U¬ÝX‘ƒÅf‹4«0XT=U¬Däö¹‚ob&§B5E=©1X¼ÇàT±H�oeöšàЬ‚¨-ï(Ç)£¸[ÇŠ´±ÊW(²²�W¼xÿ”áìÈÉnµ�˜dOòL°‰|$I³ðSWšåèl6úð	¥
+ÌlÉOviž™ÙB>Õùf6?öb/ñÌõôÔLOoÌuûØ.—¿Ìþ�à3à	ŠBR�ùŽ7§W×ÓëÛÙ÷ï“�ü2»¾½¼�Pþµxà™Ï»²{1˶3wçbÓš½Þió†Ïôý×é×s3ëŠfSÌ·fRÔåÂÜUëòØgêÁç¤ÜšéS�Ü?6»úØ)Þú{¡²ûYvæòWͲ}Ã}æ™óîe½m»býTÍͦZ”¦]šÉÌ\´uQ5æt·}*›m5/¶U+)Ë€KÌ3å²j*
+lèePwÏÜuí¶�·«7Ø1´u
¢ûª)9
+tu±1E³0÷ø�†
àöÌ·rµ:ùÑ´Ï�ˆ¹É„‚©)…N0/ýà€›iQ?·BÊÍ#ê¶-»¦Xù…,Üž>l¶š&¦TÖ`%imeYÌK³mÍ×¢«ÚÝÆœó¦l6ë¡2j"!p¾v¥™]œ½±¡TŒÊ=Ícyu!õ9_U¨¢9/æOŒm#
¶¿«ûÍ`î¿UÍ¢}Þ íÂ?{-kÜLÚmµ|‘uåäo«õíj2ýŸJá”ùTT«#ylÕš=•æËzÞÖŒ�uú²Ù–2ß·¸!Ḝïºjûb0¡˜Oó®)Ÿ©ôŽ¦uz¸ñ!½Åø«¶ÁºèÚÚ|™\ýuÔ²ÐCÕÿ€àªÜ�¶98ØÛ?6�&\/ew<!øÌ(3²^¯ÔéKxHV�#ò–Æ‚Ü´‹‚“È_•=|%q$Àª­ËyU¬ö†~5›¢þ{]l6‹‡c¯X÷žû	}e›ë¦¬[l¿›¢)Kàc+X0³rãt5²º.hËðbãÜ!”ç¶[`¯Í¹•ÞØ7ØÖÈÅêP‹ùAB×ëmlŸÍ¢e÷¶üþ:2ܼ÷ÞüƹÛÔ¬ÃóÂ,«•´`°†ðÕÜß�›»Õîñ±xX•ºƒºØŽ?´»£ZH§/˦ìЀ[‚ŸUùÌ>|Â(wÿž˜Žñ<µäNBKÏN±\–«v�3—;ìg©d�å"{’ùc^_zÅøÛMžÇøK'ˆ˜âg£Ï£ÿzT²endstream
+endobj
+541 0 obj<</Type/Page/Parent 522 0 R/Contents 542 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+542 0 obj<</Filter/FlateDecode/Length 1571      >>stream
 x
•WÛRÛH}ç+ú�¤Ê–-c°!O@`ËU,8±©¤*Ù‡±4²'Hef„ãýú==º ´Ùl¥r
[ӷӧϴ¾…4ÆŸ�f:9£(;ø8›šÎgø}‚FRrtµ>ÝžÓdLë&g³9­cÂñ1¾‰Þ\ïDᤡ0 ÷2Q¹rJ示—îjñ°¢¥ÑNG:%‘Ço×ߎÆ4œLáâͽÈ$}”V§¥·ùSÇÒò	ΪpÓ)RÂé0@„û›5û¬M)ëC“Ypæ]Ö1M™[ÒÏHËíPƒNS½Wù–œy¡�³´¾^ŽËw>Í›ÇgG‹åçÑjù9 •È6‚tž¨´Ò¶µ°Ëº†ð¤Ê«òЭ6K'TŠÈ¹�[=j�WÒZÆf%ͳŠdûý{áÄÖˆ¬y0ð¹Ôðõ¢1fv@VJ2IŽÇaà~8oP}žðç ¶šœÒ€…kT–±oC'+©h:¤²"•™Ì�ð
q;
׌Ýq�¬%§i#‘IîH—®—g‹ýñ^yL2ÛÈ8–1í•Û©œîî®É·hêKv¹v Ý÷68º“9àç¾5\òn+X{
›P!©×Z™H#6)°~XsÂ*·½„Løh$r.E<k…ûàÕ¤ðà¥VÓoäXuòÿ’
E{Å4!™®–ùJež‚=tÐ%	Le�
 à@1|’@^:O;|8P*…uƒ##�¡¯ÜßTöûRz‘€Ž_!^çs܇æË'nQmÃ}ú¤ò˜Ùr~:ð¹îòƒ(Ôa›NwfÍ—S{@v¼ÂÄÆ2eêZfÚ&r;u;ô72˜P6:xWlm=�-ÐД‰\låºÖIŽ‡Ú#�'j[šŠìpÖ0ï¯&Zw~XÊDQ¤*òç-}}cËhÇ[V‹¯o!z §¢Œo
 †œ�%PùCðl
hõç
#ƒÂ(L�Ý	üܲƒœD¯!Mrj@k.3+QZ”
@@ -958,16 +984,16 @@ x

 Iˆ„פæ‰!jX
�HcÔ½­X�q]nw ,þíe
 t2•£KÀsg^˜F·óÎëʼz]ù­w'òý³÷¥é|ÌçS¼œá=é”K½Y}8ú3l�lendstream
 endobj
-534 0 obj<</Type/Page/Parent 513 0 R/Contents 535 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-535 0 obj<</Filter/FlateDecode/Length 1468      >>stream
+543 0 obj<</Type/Page/Parent 522 0 R/Contents 544 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+544 0 obj<</Filter/FlateDecode/Length 1468      >>stream
 x
…V]oÛ6}ϯ¸{J8²åx¶³
’nݬndhŠŠ¸H¢FRvýïw.)9ŽÚa(âÔ‘x?Î9÷\þs–ÒÿRZLézN²:›$š/æÉ”fËþ?Å�U”‡ÓÉ÷ø:xp·9˜QšÒ&G¬ùrA›Œg2¡�¼p{áåÈä´µFdR8OÞŠ<×ò»¿’ËÍß8~C)Nññ«ëY2C€‹4¹Nhu·ZÓJù»ûOëøæk¢«é"™ó›6—éd’&þ‹§L9iõV¹‰ÊÔÏÈe�Þ’/4¾�ð[‘®šRUªöÂkS“¨3j�B…8Dç]:Z‰JÑZÙ�–ê<Ô‰êÒk ƒœ«Íøv�¹²ŽÎt�™½£ûÚ+[+ÿö,í-ÒŽò¶,ÔÕ;ž’4¨D‹Ú�hÛz*„ÃOFÞ�/Š>Ié%5@#!CÙ{í’Êz¡ë#ªQ´#üÁØŒ»6T!iÏ"}B�¹±¤¾aÄO2%JG!ÐdµêY;ÐR‚ßRù¨w]>Q–œ3ÓŒp¥½8¸„î¡´¤Ñp·Jd`�¥À_?ji�3¹§‡ûU ÷¤[
ü¦Ê†r]¢).›
D½h¹t�—=)Óy”ÌA#‘à‘c’‹Qdë�!ÀRŸ¨Lí�}éÕ2ôì3�(Ø™²åÖÑLäçk„š–�YN
ªãþnðUïq„W¹v‹¬Ä<+¼b
8äp®TG�4
È�£ƒi-ý~»©vnW#–ŽŠ�Ñ
]ÎÜ¡°yÿy|ÿù¤ŽFȤ÷P¨š³@};Dzƒëó�âYjpÌŠAŸ[¼¿Ezt!
&
 Hp
§èãQr7ÔÖ)Ö�ËÊxÄ)°¬1&¾0ʨφ£,!¶ì(\rLÙiâ®À
f;í4*Nh3¨óIŠú)BàØä‘´k5$(²	Ñ�f=	/¶%>^´®ç‡  §dkµ?²BûÎÔ�KªôsÁ3‚A‰°9ÍÃÚ´Þ³|Ü™©x®SkÊ’mú�^ÿ2{�úFaŽbɃ¬]áÑ^˜`W˜¶Ì¨6œ b°g
BZèTQ¥*… û^/cAf·2ðÕFXøÖÙÇ	QÙ
C¥%#5à†kh¬Ù
´b@$:Ï[ÇþÌYKÄyÄ”	¶Åž�#_˜ [9^dì0Rê(øÎÂ�£}ó�9Z}Ú�Ô´�fDj‡ÐÁ™p��…ïôpÜ œ0Ak¢�{Ë`�	Ýr>ÕJeîéÛI;_Ú*)xT¿Qo7„QùaÆã
 yuO¯%„µ·(̳7Â÷Ý„BÐ$K¡«èÓ0”èÄV
S^x°ë×V
µk%švqO…“h9ì”Q”ŠÒC:šÜÕÀäúT+Þ,r¸ÝQ*Gl/�¯`ñ"Èž-ðT3t‰Ü7	dWE‚}2Îìó8_¥iìøýý‡õ˜Ïóöá;À�¡ËõÇ»°7Æ�…ÅB÷¿c|Âus~õñ’ôÂÂAóCyDÇ%x,M„UÆÄš›>줽°Ypü#˜Œà²”[SQçÁ<±ŽÒëÅËPbz}ÓÏA­ø#\+Ç�bD…Ù£M‹-�{Îp1àIáb©öYuk�=›WA0ÈP!¶LØmx;Ü2”çqÇe¬jT6˜ƒíáÈ
¤'£ïãD}ûâvÒ:
 ¢#VºÖ•†–y:jÅ*‚	òÈqdíî€=½vÃPöF°N«'2Ž¸rž³Ç‚Ž·Š“¿1-|-ëó×{ÑWL³ÂãÕ0ÎÛ9ü"^:¡G4“
�x¤7‰¯†'Pá |.üíî
 ´òÉ
ÿ¿5An_MˆÎ
Æ–Ý�;],“ùÍ
Ínº«éúöãÝ-ýçƒEúkWåCWý»W‹ÉÍÞ±gËI²\ÎpÇ=wÎç~Ùœýqö/M5øþendstream
 endobj
-536 0 obj<</Type/Page/Parent 513 0 R/Contents 537 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-537 0 obj<</Filter/FlateDecode/Length 1660      >>stream
+545 0 obj<</Type/Page/Parent 522 0 R/Contents 546 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+546 0 obj<</Filter/FlateDecode/Length 1660      >>stream
 x
…W]oÛ8|ϯطK€Duçë^Š¶¸yhÑC|ÈK€‚–(‹‰TIʪï×ß%ÙŽÓáHaÅ"wwfvvóãäRføw)·s¹º‘¼9™e3YÜßgw²¸»Åç9~¼–2}q5»þõ×÷<öúÀÇåÉ»Ï÷2ŸÉ²DŒ›Û;Y‚ûgøM~ú©RmÔ
äQ5+%|^™¨óØy}¶ü;¾¼_\-²9ŽŸÎ³ËLlô®èòhœÞ\Èååøæü6»á›ËÊ)\Þ5ÚFY›�¢d­­öª·Ñ~ct/®”Êõc
 ½ó/AŒE^VÕõ6“e¥Çï–Z5R© Ñ]Ht’»&%:“‹Ë«!½®•ÞÄ
 �WèZúÊä• ‘ˆ{V:Di]fUkžn½kLà±×ÚŠ®õZÙ\Ÿã-ÕÊÔ&nÏ%è¼óø$Ê"nu3w6D¯�5Rop?²[mSD¹•F‡°•Ç/ÓùOŸ�£Ë]�=¤?¿ÉÄì!ŠªƒK%"g‡¡G
•)VQzý£¤5ò	/ˆ…§@&‚„Ūð;o…šö׆ÃT‰*(ÖwÖ»gå/k~¾OPÿÜþ#m­bé|ó^ž*…„V®‹)²wøy0Y›5Ø4!tú=ƒ]€}ˆª8…8øŒÇ%ß¼ñ@Ž8±ˆ¦«#8òZŒo¬l”7®Ò*ñJä«‹¡Òã‹Ÿª­XdT©�áA㸊šàæ€\PƒX༮îѹ<=|}<O鬼ëx]ÀÕ‡�3hÿb~-Tâgž!�/¯ógi»|ß}þE'|Ó®…àHb4PˆMˆ
@öè¬!äàtíE†Ä’øA2º?éÈš\-ˆÀx²„Ç.â?:t.
:ècU,@Q!¡Y™XüÏ–P¯‚¸Ño(‰›‹r¢ô®«!èƒ$ŽU»„*C…Žaž
0
í0 HÓ
íº¢©:5z„¢@ŸçiT‡sQ½h‚€$Y‚‚¬;[ W*õ¨ÌçÓQöò¸µQýÄÕƒ\‰5ÅÔ£w
çóú£,qIôžT$ÅiOÜÙôÒjxN4´)PJTkÊÈ»Uⶣè¬l€�¨!k"IVRö(`¥sÕÁcLœ€Ø9ú»pü.}¼hݲ!r8Wj"­“Ù~TS¬r4W�«k
»�CÊSó†LžGöª_©üepàY³DÄÞ³œtñ|6–6™i­�]±‘W¶<Ž
ø"ØNšI´�s`‹§¾#áê…å$
êJCƒ©‡ö:;u�œÂ$âàEÓhèp¡v0Åó�ž�«ZÁÏÇÇ	¨„Zzû‰¬©ÄÅCý1ž$ê?œDS„°0‹
9JÜÙ¤¯Ôü¿�i³†+‚¯b£ D|N�²·ôæÞH`4Ë�#bðKûø %æ$ÚU6#þ#BžÓ«ÄCÖ;&ÀAÍÛ1‘%ë,Påe°†á$ç.§
@@ -975,8 +1001,8 @@ x

 cË[vÿ8ûŽJê
죓àÁ�š„µl	(2�°¾
bÖu�^º& «Úåì•L¾:{1=	æ¼Ù¨
s“W
‡yh0›£ÄÈ®Ú(“Z‚¦�øê_zå C+a÷'P;v?7ÚJ‘9b0%j9,ƒIಣx½JÞŠ•°Qk&FBBÅÀôïO¾bé)ar#̃ˆ¤
”îU!ž•Þ "ìY°Ë1Wà “í0§ddÀ¶Õ0`�H;^®î‡UtêÜJ®çX ±¨PÑ ÿ·È=h˜Á…át ãvSËÊþc‡°eQS£±–¥TÓhLûÒØ<9¨Lñn�†Õø0íïšsü{Z[8²ÆTÁÆ·°¡Ϲ%²ô]!S,ö[Ð$0ÂØ¢ǎM(K¡CîM!€Ú4œ0)S&ÜáßÀ9O¿JVº–¾	²ÒÛÒvÍ
 —ºòˆïQ	o»~›Ø‚ÓW:`”û$fzGMê
zlÔ?aR¥”9ÖÜçS¨5)i,ñ<yØdx»TÒþy3­owã$i}»áŸS ýÿäYÜͲ»»Å°ËÞ²ö?–'žü)l(endstream
 endobj
-538 0 obj<</Type/Page/Parent 513 0 R/Contents 539 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-539 0 obj<</Filter/FlateDecode/Length 1662      >>stream
+547 0 obj<</Type/Page/Parent 522 0 R/Contents 548 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+548 0 obj<</Filter/FlateDecode/Length 1662      >>stream
 x
uWÛnÛF}÷Wú°XÉql¹/…’ôâ"MRXAú` X’#i#r—Ù]ZÑß÷Ì,©D‹ ²MîÎåÌ™3£¯gšãß‚n¯èå
UíÙ¼˜Óõü•|.oñy…ÿ�i£/ËëâfúâõúìÇ_ïhqKë
lÝ,´®	væsZWçWÅuAë]`S[·%×–õÅú®\Ó'åÊìêf×õùzg#|ßÔT2ÙšMsIeŸhË)RìÝžÊ#u>$SÚƦ#BûÚÛÀ-»±+ÖnŠk±¶ruà¥`¹¦äélb2”8&JQ¤Æ–Á„#m|ÐØðÂ$ê#®x×ɸhgo¨ò.¦ÐWãñ¼�’Iäô¥íp@ó�ßÅËâJü6Þmñæñ¢ OvSïLbØŠ¾eúðÀ‘jÞ0Ü$ÉDl•Äìp[®LÓÈ#S#‘qOƒ3¨GÜá�?pr}ã€Ã)¦ª
 Œw‘Œ>ŽÉT{¤`ºf\BT«û¿©öjÜF	Z«Ðš=
¬ÐãL†¼aØ�Bž`›x·mçc´eÃ=xI!ö�Ü%DK¾§°ºÆ$@Ó¢Ü<T|gž`Yûšs)JŸvt°øÈú‹ïÓÄåÐ¥1‚NÓ�±-ùÍ)`
Û’•Q'UÃ!|ÁùDÆÖXwD‰Ü¶b6l˜‰û`Pk™‘\àV¤�‰‰C1!¥„‰Æ"†À(P´Þ]W(Úó{˜_Ò‰´Ñ8&Îåšiæ1jèЧêQ8¥d€È¯å´óõãÅp}ì�7» ¨Œí;®P#Ô
 íæ8Ú£Ý
 q�_nKS‚©¦ûGRzBg2ØŽS|•™úxŽçê~t&þüx¡%+Ò’©äª�Gðòýv—sƒY}¼¸)lu/$¤AàÊ ]s­�‚IÓ¡W‚ú\+Æã8ùÊ7(p‡Î™±¹S6}êÑh5wìT¹ÐAãç—Ä©*�Ä*hÓ%¢FÛ�¼“„3p9V {’·'†ìTMßÆcfo	´�¸ÚAoìÏa>;¦V›á¦c\Ì©#¢OÎ~vÞëµ0õ
‚|xÈõÍžE"Ä%¥˜0c%ï²0¤Ú±é²Kƒ84
$AŸ;-Z«ö¢1Ü‘>½ý8`•}›ìÇ‚~7OR	A
æ~3�ê;}àv”íüíòQš§¶Á´ÀŽ�HtÝ«nü'´¾GŸâê
�꣕…ÒÅ%j»†¿M\guGÅ!�àT:0gœb*è3êk„xAÔ\²5ÕŽF)åÈÉ
.[n=ÀˆGˆ@«Ãéùœœ½¼ÎcêªxU�+ÛšÞj»I`ÿ9?»µJ
@@ -985,21 +1011,21 @@ q
 ôü­G<âk6ž�ÝÎïdiÿŸ¯)×Ëy±\^ãK
 Î,åæ/볿Îþ�­lQendstream
 endobj
-540 0 obj<</Type/Page/Parent 513 0 R/Contents 541 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-541 0 obj<</Filter/FlateDecode/Length 1191      >>stream
-x
�VmoÛ6þî_qßä¶bÉïF: i�Î@êb¨:ˆƒ€’h››Dj"ÇößwGJ~k2ËbêøÜÝsÏÝéÏV=ü`BIÞêù=èþ“1þâoÉaݺ�Z×wS{­ñÆh<�(´îáIÒþ°e…á%ô}ˆ¶4Ëcç·ß>�ÞkÃó«èwŒ@·?ðC„h÷ýÀ‡%ßÁ—Ê•�¯{iØ‹3@ÔæáØ‘¹E·& ÖÀ åqµÙ¹�Lm`-2BcÈEÉ5—†§ÀôÌ¡õ`Ú€
ü
�
üdïÓµ˜½{Õ'¹ÞÜÀßt¯Ý0p¾sûК»ëÛ´¼
oµ’^}ÛðsóÆekl/{D‹Ïsð:ÜÏ�߃÷èÁÝâ�f<Ü}[~ˆ_–�ÞF“Ŭ®¼7�­×³,2!1¯·ÒpO)ëhþ[äpL�òîX'ä•�6%‘�Ü'[V²‹®�¿$Y•Ò¹ÁâK¾#è£�ß<r´»\Ž¬�H2þÌ3B¥£œkÍ6Vm&A`7¨,!í³’I|Òóý ·ºº¶lÚ0�@ÃòâÒIJ[»–,ç�O«œu©rØmE²µ¾¬6Ñ옆
—¼d¨ª`ëRI”º’‰JÂÿ‡´å®á,Ÿ²Êc$¢&ɇ9bs¡ÐÑ+3Çøl5�—±Þ2-–eû抗ìMüŒ™2©1Û/8ºa]°÷o´YÎRUA!�q¥­Ë.6/‡´�
N
-À�Ý ïº~Î�ã³;ÄÜ	ƒ-Gô˜L�”íK}ˆ¶š¨?jpK1‘Nfï�‘·.6nã­Vä!ªæ<<Ö¤!Ní$æ8W4ì„qr8hÊÆä‚U·\&™Òj6Æùƒmïû qOš#
vréXèÓjc}Ž‚lãLŠ°VY¦vŽŸÙ¼p†�ši	#Š Q™’Îß™`mS�ìÎìÉùF¡m¹Æ§.¦Dᬮ“‚¾péëÃG^piÇCU`KV¢ò³/;öÓ¡[¬óœí!Æ) ´¦‘²jCâ8ô•1.œ==5ãòé	…””ŠäM­Œw¥2PIñŒÃŠ„"/2Û6<í@Š#E˜zš�h‡!î?»šº–OS+6„>Ñìw^*P%ä
-W&ñ¡;ÀIèç\²fBôh»dàÄØ
‡ÇÆû™—ÜC­+TüÇ®7e÷ä¿ì4€‡`:�\÷ð§A8gá°Á#È<Nýd¶j�†ÓÕUÃ`Ï¥ökÉM,R†ÂÔ¼DÊ€h£YøS?˜vqµ²¬ØÒ.`åÉ,Îp>¨b_ŠÍÖÀ{™–¸ß£R¤ŽcƒtñÏøÿ¯GÞÄíÎR`n£�úoD¿�–‰ï¤œM¦b–‘n1ZTäðúî‡í¶T‡�ÂZË,VÏGÂI¯g
-Å=ˆ&MeßmR¨E]Ï
ª<u#3Xº˜'¬Ò)ئžÎÙyK# ®¾¯Ÿ°�)Îi;1:iZRŵôèª(TIsœÃi4ôÖ#×ö„•ÜõÝäøb5ÝËÍzƒL°Æ“�ëSr0�Z¿´þ
ÄÍ"¥endstream
+549 0 obj<</Type/Page/Parent 522 0 R/Contents 550 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+550 0 obj<</Filter/FlateDecode/Length 1191      >>stream
+x
�Vmoã6þž_ÁoN�Ä��÷ 7àÚKo
z9ç4E!ÛJ¢Í–<KišößGJvÞÚÃú†F¦’’þ³@¿†Ð@’7:~º�?‚Þhˆÿ†ø[rX6n£ÆõýÂDK¼1Ž J
­;x’4ïÖ¬0¼„®ÑšƒfyÌàÓôöûgÐ;mx~ýn
‚¡hw{~ˆÍ®ø0ç[øº1ÅÆÀ·�4ìÕ™÷ *ópèÈÜ¢[PK`�òx³Z	¹‚L­`)2BcÈEÉ5—†§ÀôÄ¡u`\ƒõü�
üdïÓµ˜|øU'¹^ÝÀßt¯í0p¾ksûК»ëë´¼
o±�^uÛðWssá²5¶—½G¢Ù—)x-¦¿NÀ{òà~ö€Gï¿Ïï¢Ù×ù‚7Ñd6Ç‹+ï²õz’E&$æu)
÷”²Ž¦¿E.
ÇÔ1ïŽu2@^hSÙÈ}²f%K°èøk’mR:7X|É·}0ð뀎v—+‘µIÆ_xF¨t”s­ÙŠÃ¢É$,â
+•%¤}V2‰O:¾tWçÀ–M¦bX^œ›Xv+×’å¼öi•³,UÛµHÖÖ—ÕÆ>š-Ó°â’—Uõ¶*‘D),721BIøÿ�¶ÜœåSnò‰¨HrÁaŽØ\(tôÊÌ!>DÅãy¬·L‹„eÙ®…¹â%{?c¦LjÌÀöŽƒvXìã…6ËYÊaSPH'\ië²�Í‹Ã!mbƒ“ðc;躮Ÿ2äøä1w„Ç`ͽ&S e»ÁR¢­æê�ÜRL¤“Ä;`ä­��[{«¹�ª>�Õ©FˆS9‰9Î
[aœöš²1¹àßÕ-—I¦4F†š�±GþàFÛð«>¨Ý“æHƒ­½\Zú¸ÚXŸƒ ëÆ8‘",U–©­ã§†D6Ïœa£æBZˆ"HT¦¤ów"XÛ$»{2A¾Qhk®ñ©‹)Q8««Æ¤ ßðnëÃ'^piçæÀž °Då¦_¶ì§}»Xï9ÛAŒc@hM3eцԱo>ª1bœ%øü\ÏËçgTRR*Ò7õ2Þ•ÊÀFŠœV¤|y‘Ù¾áiRœ)ÂTã„TÛq
ÚÝ´î`¿}ê"Xµ!ô‘hðR�*!W¸3‰ÝNJ?%“Õ#r/HÛ&=§ÆvØ?tÞϼäŠ]á¤â¯8Ïp¿)»(ÿe©
<ãñ躃?]ÂI¿?	û-ž@æqê'“EsÐ/®j;.]°_snb¡�2T¦æ%RD
³ÀûÁ¸�»•eÅš–
+�†ap‚s§Š])VkeZâ‚�J‘®8Î®×Æ?Ãwü¿y÷	×;KQ�¹�~8è^ˆ~&…,?H9«LÅ,#áb.´©Èáõý›õ6W§ÍÂJÌ,V/ÂI¯'
+ÅEˆ&Me_nR¨D]
ª<µ#3Xº˜'l£	þ\°u=�³ÓžF@Ü}ß>Ï`&SÔv
+btR·¤ŠkéЛ¢P%
rÇ]PÓ[Í\ÛVr×÷£Ã›U/to7ÿé®7Â�zn®�ÉÁ4jüÒøgæ"Òendstream
 endobj
-542 0 obj<</Type/Page/Parent 513 0 R/Contents 543 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-543 0 obj<</Filter/FlateDecode/Length 1137      >>stream
+551 0 obj<</Type/Page/Parent 522 0 R/Contents 552 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+552 0 obj<</Filter/FlateDecode/Length 1137      >>stream
 x
¥V]oã6|÷¯X(âEr¤O	.¹½´(êë=Ô} $ÊæYu"Ÿÿ}g)Ég'u�Có
Ø"¹;;;;â×^D!~#šérLIу�F“`D£é‡ø¯%e½Ûyïâ~FÑ„æNŒ§ÍSÂî0¤y2¸†
ÍW’ÞßÝ~ú°,NéQ$µ>�Á¹EØÎç·“`Œ“ƒOF’ÎÈ)ø)C®LV¢\Ê4ØhÅZ²M•¨E!­¬M“4Sµ±|ŽÃÒ±””Ë'™Ÿñ#�Ô@rj#]¦ÝöX§[F"(CV«tI‰Ès²º
'c·Œ|AÝzÐÆŽAâÍWžBÐÌU.Ÿ¯ÿ"k‰uQ’ü&Š*—´Y©dE…ØÒJæRÇÊô�ÑV;Úh—§´©•õÀ/îCšuä�šŒU­J›-ÔŸ¯P5þýdºÊƒÅ¢ìŸQ?eè}Zœþü²¾(ÑH0Á¬ig+g¹jcS|ñÄ•oÔv�Â3z3ªÆ0}M”©\tƒ.µ*u]ˆœ:^ ¾ŒŸX‹v�4‰¨ œ�®×Ï{ó›¶õ¨§ô<ˆX?É]£8¥¯­ã¶Q3n¤g+豚`Ûå�D¾[Óêrvú»F±Ä¶g¤š	8�,Ï’a•¤k’_jkõ¸ÌuŒoO"w-´�wÝ}lÛµÃû\òVXYÈÒIUëñ1\/„¼ÓAËë!�2cIFcúVÌm®Öòº‘×K™~þŽf³éE8¹¸„ÍŒ¯Ãðú*:£ðŸ¦‡Éu7T‹A4œ.N;Üa0åÑâ_éDÞ´¿¥ËÃ?4/ë;�áêfø»%µ	<*¥Ü`ðD*kzçJæúÝþ€ŸÔ%2¥xëWµ|RÚaÂ[_ØÅìжƒª”Jm‰gj£ì
 ©N0‹'
ý¾›®Cs¯+Á½@¦Z»%ŸÙ“nì²(¿ÀÞ,wf…Í°¶zû,»U…lŠËU)9²,íJØ$û(Ü…s·±ê‘•Ý"¼,÷|k\©L½¨<[ªdsÀ‚Q0°ç™EU¡ä—z
 ‚ fOiüôCóôÅÁªýš»t‰!~°´ �×Tå"
F™‡÷ÃŽgZaK,��A•nì‘ßVa¸`Ó©¹³ÎvÌÆ”º"†5t.Üj|­Ð.ÿ™ýpR�9.	êwöUu·߃ÃK$Ê«¥uu	¤ì¾�ÏñhOÖŠý›wûwËå·ñ½­ö絓ý£ñdnv/º½4Ô±ØĸØv<ÈA>ÿùžï?&í3DŠ¼°Õ¶új”ƒ%îëb…»‚ÝÕ»cÈ¢(äh¬%×zí-•y•ù·ûÊðj|„Ýýê&j�¿ÉsÔ¿Pãÿ=ŽŽ”pÌ?û†2剥ÂÁ18í]É¿;Xû1„ã«û,Ü/ÎeÑž¶7·h2
Ƴ�¯Znþ¼y¼½¡÷|ÇÒ.bôÁ©ÔWyÞí=Ÿ„¸¸¤¯Þ
G“Q0Oq3ÄÆ(d–îæ½?zÿ
ƒ!;endstream
 endobj
-544 0 obj<</Type/Page/Parent 513 0 R/Contents 545 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-545 0 obj<</Filter/FlateDecode/Length 1174      >>stream
+553 0 obj<</Type/Page/Parent 522 0 R/Contents 554 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+554 0 obj<</Filter/FlateDecode/Length 1174      >>stream
 x
•VkãFý?Ÿb8`+’åøG
 I“9ÚR÷ ÔŬ¤•¬FÚõ­¤8¦ô»÷Íʲåœîì&ØزôföÍ{3óåÂ#ÿM†ä�)Ì/\Ç¥ÑôÆá}‚ÏC¼Œ¤Øþp3uÆo¯ßÏ/®š‘7¡y¨ñÔ£yD€q]š‡=ßñš¯$=<ÞÿþáîáaÑ[\Ñ'}5ÿ�ŽÈÃüè`8
ü<ê}T$¢(-S­¨ÔTâé笊¹¥BgUûz`ô³T”¥JÒÚè “9E²MȈD _dŸ
p„´ Aa&…Ú£ØÌ8
÷|gÈÁ�òÌ9ORòEJ¤’F”’aVRDÒ8ô±¤Mše$Ök©"ܸ¡R¾–MÖaeŒT%2
 ª„rY"‘4Eiü&.Ÿ2Ö&%U# –ùºÜÖü[UŠWÒ±å£#KÜÎ…È%	þ¤öÝLü›˜öxN]—fMF¨>˜ üÙ8‹¹}Zô.ç+ÙʼnSS”–xg±P—„ª.®~h¸Îô¾¥�¡q\?†i(W©9üÒp,+™_ŒŽªPß;ËŸÞl6½v'×>?¾uÝÛ¯Oî_§™tÂÛ¸R!kkÑ»ñ†®ZG!(¹“�ŽcßÛ>çÉ›['¯Ïs°×À·¥ñ�QËUOŸŸÎpÕÏ°ÈN;§o¹:èÉ‚Ô’ß4
@@ -1007,96 +1033,108 @@ x

 B)ª@!Y|á6Ú<'FWk\`åö;ëÁâ'ا$Ó
‡Ü2fŸáŒïkØe}‘Qïù}iÁW;7tˆ•+qÜÈv¢ÒdñLà4ÒEU‘ª¤ñ J `•¶óûlôXg™Þ§)$ŸML'Yl[�k¸7À!tÕEø%.êð†¶oõ‡¯1�
 °ºÏë,¸•@»X-¼ŽrÝQ‘æi&L�š7I%‚lK*
¡v´~£E¸²}Q£dò`¨Æ˜uŸ­›Gí/#Ëʨ‚æ¦Âd²=½‘án5Ó"øÈ<Ãøà®®"–_*‘5c¦Ög­Œ§ÇÏ�Oô"²Š•ª¿£Š4†,ý6Mòkš4öU'ú§ãZ$<éÎÕS×`hAü/�À:O?'@ÎÖMοÌW‡�½9ôþØ0t3rì¬]g=6¢@ÂÐÎ~
Çõ<ÆÃXc¿(Ʀ!¢�� á®Ì[4R„+™K[t¬sƒÖ“hÜ׸e-
—#ŒV±æþËù°†ac‹zžCü_÷;Ѻ¢Âè4!V èˤð"ë8n¦JQŠð™º[Š,~ Ù‘�4)Ö9pЀø|œÀðë0Þ1Üm7´ø8‡E7ö	L@½déª\äœ-Bc¹(kNyÒ�k]Àén5õn|g<›ÑØŸÕêowŸîïè��©ÁgA*L¾šÅ	vdÜ;˜¸Ø§¢Sûïh2r&ãéŽy�!ç¿^üK¯mÕendstream
 endobj
-546 0 obj<</Type/Page/Parent 513 0 R/Contents 547 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-547 0 obj<</Filter/FlateDecode/Length 836       >>stream
+555 0 obj<</Type/Page/Parent 522 0 R/Contents 556 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+556 0 obj<</Filter/FlateDecode/Length 836       >>stream
 x
…UËnÛ0¼û+ö˜	kÙŽåäÑi�¢j{	P"e3•IW¤âúï;KÊy(iò,’;»3³«_£ŒÆød”Oh:§j=‹1�äS\g‹×	¾­¦:.Ìæ™X¼·0=‹ùpá¼}¸:¥,§¢È|‘Q¡ã1ÕÁTœú¬·tÕÙ*gýañ�NÌÒ‰ã)G-TÜš	Rå2èßáîàî0m�Q†˜üxuP¬Œ§º�G›ÖØàIé²[ÒZ{/—š8Ga¥û•Ú4šî¤U´qÞ›²Ùñ¿ó�[ÞÒ£‘qwíÚµTvu­[AÅJsÀΦbÂèOÀ�מ$=ÊÖÈÁe»ìÖÚjŒôÐáÒ˜Ÿ:%Xs=äZºà<3þƒ“±›.
 Šuh…HKö	Pç�]rbƒ,}¤¸ûœŽˆëÃnKé=¢!Vªè>t¿§VÐMM;×
@ÓÅåù·ëÛï·1G~¸5Mƒ„\‰Âvä©*�Ú‘«ãýžø”ï
EyÒ;¸MzO¢Þ+ÕþOnÄZîň´mMˆ¼¥¥bí>Æ_hk[¸ 
 þ+û¬ñnP-ÎÁMfR¡¯üÁºqd½Þ„ȧJ‚8pú¢—=¼ê*øÄ‚µ.@vA_5G×T¹5[ÇCýA/"
šÖÅ[»È+·Ä<±yMÄ8l:67'^µJ”µ²Ê´º
 Í^ˆ‡aEå.Ù!z�ÝÍqvq-ûO1§â}¯¥Cï·1”äƒ¦z×ØÔ´¢Š©ù€¢“þ‰·ÔÞLs÷ž
á¹…l0
™0 VÛÊu6è–3°zÛ«ýàÞá¨ýªV²•¶±Ö5N¨£„?d>õfÜô6?O€§ŠŸúvßö‹’5‡ôr[�^e©b‹Ã
 –
sŲԠB/�µ<1ЖZV+˜ÁGÇ c™¾„/aÒÖw‰í>fOù‹BeŒÊ˜™fÍcu»2«--ÒÜôcuPxŠ„Á—±èçz–/Äüô”¦³<½¾ž}:?à|Ô�Û°>×�Q±ŠãýÞã||ºŸ!o_/³|&òùoŒ™lÂp—ÅèËè‘;6Iendstream
 endobj
-548 0 obj<</Type/Page/Parent 513 0 R/Contents 549 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 288 0 R>>endobj
-549 0 obj<</Filter/FlateDecode/Length 1893      >>stream
-x
…WÛnä6}÷W²ë	lµÛv|™·¯�õCâYwo�,l‰j1¦H
IuOçësŠÕÆh]È:uêÔ)êëÑ”ÎðoJ×çtqEe{tVœáÎøçùG¾C—W—øÛÒùÅMq1\iš¥g×ÅžMo§üf¼âgŸçG“‡[:?£y�W×74¯âÖ¸Sß5¢ÒÑeAw¶RfI³~¹”>(kü‡ùïX|IÓiZ|z~SœcùñÌÒÆö´&P°$ªŠJ[Iþ=íBPQ¼øŒNϯŠK^òd$ÙšB#©½	*ÿæ©%_êœ]:Ѷ€#B�m—^²´v*È¡¶n¡<õ¦’Îa"pl=Äœ^$˜+á”í=¯ä¥5+‰ÈÈŒz/+Zl€ÇzI­õ�DÔJ’2$Àü.ËPм‘xcwíZº´Doö†¡i˜¨‘ºCÕb/l,º´¹uA,”VasBH ý$ä†8^yìPn2]Ì,Ã@•-û)ÐZi}{ Œk0¾&¨–ë¼Ok
`86¶Héç]Ê��‚r¤ ZÔ+Q‘JºKÈAèw[	D’ß:ð‡ü
¨l„YJòZ-› ‘ÙŠ‰@ˆ“H”DYøµ¥³kå`¤ž´Î`±°} »ðeïkÓø‹äA"Öœ­-`€N®~&Å£Ÿ< ß¢¬�=+vâmïJ9QÝ`„öÞO/fý3ÖýµÐwÖÚÞ.•
$[àý«�X
-ý‚ÆQŒUhÈÒn#òÃÖ�I[èÌ9©“úµO=ÊÅè÷a£#m wC:#nÌJŒ%Í€	TÛX(>uS$NúØñ;I…zðý‚;áT–²‹
ïwž=R# m”FºךoJ®2ל¥Å…O^Ê–-$ú\ÖÒ9¼Ž^KâJìçÄ3§�u´VS¬RN‹ÐHØ«Såaú'Ps[‡Ó¯½å—sÒž°ËÇA·Ù“šº�“‰þæ
-­Lÿ­06ëà_C§Å‚Lî¢�̘à¿Þb½^µ¯ë–¤×M¢+	Wù×`Ë¢	mn×û3� ¦l¿„™ö/”ªê£³rÒ­0ªT
þØ £Á1=­›Š�.N-z¤Ÿ	ÍA¬ÖvÝœz‹ßï™È·ol¯+¶HlÊ^•¢�¬8·._Ѓ‚ýƆx%»è@O® nÊv]O„Cú¿l]�»�€j´»‡‰E2 ¨{¯²®áy…‘¨¶{Ãûm'F]Ãg	01W‚eÕ&8y
]‡åÈôîña6™ýô™ÝQ±	£ƒÀ±Ñ¦ø¯mð¬¶ýÇ�
-‹äÂ%ù.z¥+<6à4òVŠž�Fþâ¹*…Ö±õH«…ã¼s~ikNMªÌʾ%ÙçT†¨\Œ‚>iÄÜ*‰gLBÌZ9ˆýµçAºÕržpòTj…¬÷r‚† =t¬ï;6Ù“dÀÖ�*ª£œ€VÒìçÇO‘ǃˆsY6F!Uzæ¦Ç\“ôrŒAÇ‹`ïˆëè'U:ëѵ°·üÒ¶q‡—�<uãÂÚ·q0¡d3ÿh´—‘a€5lKo›àß™ ¨Ë„!ÇñÐUŠSØxrá>¨^¡MjT$ª¨„t‡O$•òÐ<Q~ãœ÷#I#0d(ÁžÂC1…Bƒœ0>9¹ÆhìÅ2KîÞŠ3:Å”Ê÷¦Eœ]¸³nöéáþõáùþ~]í¤¡Àk{�¨Ýh'¦G);�5ú>G™°:>߆ɑ+kþ¢²H—4ŽÎö²@þÿ»~z�ÍŸÿ{7�n°sýžÅÕ±°¦¿<ÍÍÙŘÿ/¦®ì6qgüÔPÁË1WÅ‹Z¾~O²^	ÜþåLJÚÊ*̤ݬ={g<€¸>�pǼqfLLïû¼—'¼jk–'‘ˆ—cÇÂŽaäêïœKöýá}œ”´*Œ`Ñý¼ÐªFwD[é„k©Þ³Ã³S°í³œãs†2Ÿ”¶z9f}¯aR1þÎT�‚�`^¡/1(†�¥@{IúG%k�]k±Imµ+«my¬Ä)‘Ñ	Z‰W
Ïe“ÆŽÂ�0h„Á/
ã·øàê@	Ü{°\�brAÙ~ùôz÷ôå·—cÔ2J‡áï ÏG³Å
ùd‡	”Ò—|š…K·=à 5epܯ~*ØĆ¡‚O&`vÿã/¤êƒ üµ{ š	Ó‘s¿ÞÒqq‹/0ôÜ Äi=“âvo€"cßê„Ó&\ízxlÜ’{äfj_Ÿ;R¦Ô=†ë1Áo­4Œ¢¹~ž¦§ÃÕ0í#;qmü.¦
-ÒPaÙÂQ¾!’/š1­8·ÓÇKÔhÊ@o·Ø3sÉSv°ÃñpöâA
â£)x ÁE—ÒðٵÇÛw­x㣤
ö;`
 ø»h¶püº«â‡ßô,
œ<ÜߧÓ[<?½<OEýÛåËëËâúê&Yèô‚ƒßÏ�þsô'«c5endstream
-endobj
-550 0 obj<</Type/Page/Parent 513 0 R/Contents 551 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-551 0 obj<</Filter/FlateDecode/Length 1709      >>stream
-x
mWasÚ8ýž_±ßš¦à%�Ü7BÒN皶7¡s_2“¶À:dÉ'Éî×ß[‡a:™&FÖî¾}ïíòïÅ�ø7¤éˆ>O(-.É€FãA2¡ñí”Ç�“´º¸_\\ÓpH‹Ÿ�ÜNi‘δH/+/IšL	C^¬$"uÖÓ.—†*SŠt£ÌšžŸî=½\z)i¹ÒºLº$'a2R&Hg„öIfÓ—�ˆ*¼5�±áã⟋
õ‡Ÿ“b^Ê­t{k$!¦§oxOó‰þp’ÜPsh8LˆŸÆ‡ýÑ$ó«?l�ôÛ¨Ôf’TQj•Š ¬ñdW”æÂy(G:š³­=I,¡gd_VZ¿^ÅÄËÊçõ¯'y¦Ö ÓðêƒãÛV•Ic¬¤­�sGÍüThõ_üåL)£s¥<Xó!�ð¾*$=šµV>'kô¾½�óK»•Ç+Ѫìu i[¸=KbkUd9ce®m¨N™rëÚ*(ä" V¨œ¡L�^«) æ�S
­Q¦|÷úËǘI§•M“ç M*˜C>ˆ¥Ò*ì©tv©eá�Ù7©ÇÝšÞ>_�ª©-÷N­óÀÌQ)Òñ©s2
=ÊjØÊd¥…SÙZ~ðdP WyË%e*cˆc1	}[ÑÞVœL'á0õ Âá3Ùû7(…Ó‰—©€êP¡•oÊã´
-y<ì$þóøÅgQ,}ýõ]fñ’äLÝ7çꞃ¾
-:BÓÄZòu³ÅìõþûOhmeiiÖèK™ª•Âõ,½>·ìÈÄöcÔš+“nȦ
.Od[aÂ!dÈ–u0¾v)ÐH­p¦aKËIhÂiÒýi¤é¹H–§è£¯aš=½ÎæóŸ¿,ÀW¥à·Š»«÷=>³'ŸÛJ£N$ßDÍ[%¨Ì–¯k’$y¹„Ã@æ'íäp€æ@“½?ƒSM:SJƒÐð¶[MCѺš4—é†�Ä»ƒ¶Ù“Xe@	æš-{$ôNì={]|_~m^�uDƒZ‰TFÊtØÙ¨K[ˆú-¨ÔÕz}Øÿ6é»sIŒ�¾„•…9�«ËÚß 3(jÕü
ãG_J뽂Š�±"«Fƒn &üoD0ÖBÓè…4ÁÓ5]ÁH@‘1·çŸ>u>»®ir…Ít@ß×µ´:çX…8�"ʳ±µò›ßݱ÷˜L¸¬GÞ¬fUmaQ̨Tš]0³QôÌ­2�
-g¤::;~PFGÁ-)¬
-bû�B�ýúÖ*¦†³e¸'ùVj°ƒ}9Òâ�wÔ¦Ã�Á•NÃ{Žr@Q7JÈ„
hƒÉ™:ŒA©úJàù$܆c¡-ѱR®ÐÌ>prM4 x;ÜáÞÕ@d‚D6ï£ÿA�¥J7PcU„èÁ¾í×Ò !ž8Œž¬qÏF9£w3ðóL²?¥,#®òçì.¡_TH�±#~7{¯·Â)�"<'Žù7Þ(Z®&ô7…ÇÄ	’;ØÙÊÅiá±Ò0¿µ®‚Ìz˜}…Í*
ã¯í'[H†
-4�9mªb‰0à°|«WÌê­:ꣃ^ë<êµ)ŸÃåÝ,opa%5W Çh°OKlcìNK>Þê

 *�¦–JòÄDŽõ†ä­(�»Ã—
>'ÈÔC5âöæÞ]Ç·5É`ËÁdG" ¼$jÄ]Ñ“¶Ð;NÇ0žú5}x–ÆÙrtåÄdéÅ}�ï, �€Ÿ˜;vmùÒ«µ
ãQ€g§Œ`Gðb.@
üf—*-n'aˆGÉÒmfjú¾ÀSC‹^ã5ë`1!Š�
Ž…s¼_uÜ´rôn×¹%·L|0Ül )'WXD÷‡FîXmÐûNiÍ×#b;ãþIÍ%cÉ˲ø· a¹aQgè/VÉßïPr׌TlÉðù3·¶WÁ3°'tÛO
-øR§¸ÆñG‡…¦?¼ÃêÞoj^ÀÈ<¶£¸›Ç%6®qž¡�P(Lúx¤GKБgíöì©…ØS.uÉôu2«ÒÆ<h¯Ì)‹�Ä4Þ°ôáý†ŒÜðà|СTÊŒoÀ¦
˜£#cé€:€(¾;êp1wK%.ðUÉMo>ˆ®~B¨Ã7%ÞRÑx	~ýåöð]k8½M&Nã›imzϳ§û=À³4Lãèk…õ�_ê7gûÓÁÓdž‹¼"phncîÏGÌø�ñtœL'·øÈßÆüèqqñ×ÅÿYŠendstream
-endobj
-552 0 obj<</Type/Page/Parent 513 0 R/Contents 553 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-553 0 obj<</Filter/FlateDecode/Length 1910      >>stream
-x
}XÛNÜH}ç+J<‘ˆ1Ì�™ìÛ†-R6h—áa%$Ô¶Ûã^ìnÇm3Ìßï©jÛc†l¢`»»«êœS—Î�“)]âÏ”V3š_QRž\F—´œŠ´X¯ðûkMÙÉçÍÉÅÍ'š]Ò&Ö«Õš6)aù%Þ$g×¹ª]Ó2¢{UÆŠn-­*ü‡Í¿²sº
-;'óE4ÃÞ³e4�ûj•ðÎ?”Mc·aý‚¦Ónýl]ñúMn<y�4ÆYJµOjkOÉp‚×
åÝ)dlp䜔'SV….5\J‡4GhXM*v/š­^Òdv…ÈaëÖR“kª”oºxr•Ò‹®÷¤ÒIî’ÿ1‹èÕ jòÚµÛܵ�œ•¸TÓ_ȶ¥Æ'¸®Š€,Oç
•]n’œgaŒÝ­Tݘ¤-TM¾©��§Æ]dµ+éËÝ=¦ºR[í#ڰõ‹)
©&Wbw€À:ü³'—Q£Æ™LÖÝ›VccëG>@¦¾v†ÈÕÔZó:¼`ÃXVpÄŽY³Í›RÁ,lIÐÁ“Ú„‰«à‘iò#ë£@åA,¯aðzJŒ[mu­
-`çu´ò‰ÆÚþ–Ñ,bõŽ²ÖŠh:)þTZ`+ýÞ7@oçêgDdž5P4þ76ƒôÔ
Ú„ÿ�%Æzzƒô9öSÆè´ÿ.¾xMü¥l‹ÆLâ}£û¯�*þ¬YvŒ=Ä|Pª3c�a¼—Eb¡_zJ®’¼À	¾Œ#è't&H£ž_¤‰7C$°ÆfE¢(�êæFÞfUÖ“ÞIðœb£ìþh�0�ÓZ�#R­fÖó>¿zW2WnÇ*„b+(Ýè÷0—-²Ïº*²�Bdß¾}ó¤_]5Ä>!ÑJcGΑM¦—Ñ|½@yB
-«.ÚðjÈ/94Ö´šÄ†O.+lGΈÜèºç䜼ëxaó¾Q¶é¾qà�[×ØEÄÇA2ǸȆ>,2ÒEš0ËúGk^T�·ýÁýÎk;²
-¼#3~Oæ.Ç®½k©­)'»
-œ»5Øi:r€m¬��Æ*»E�A‚®6[ [t[Þ¡›ü]ň"ÎÄÕ5*v±§Ü(µ]âHÅïJž…aG®›;Bñ2’
¬`!4
&'³å¡ZÞ @ýª¸¼ŸÓÃæf²f1sž î£¶—eœò
ز^²2laU?\ßÏàwwY{�ÕɨB‹¸�3‚»HEBtZµ-jû�µé:â†y†²Ôçàt.mp`-¤Š£ŠSk ÊJQ�Û,ôt AÁÐHCh…¬¥�©1À`úå Ñ	¤„¾QoàL*¥W0æ\éßæŸøÁ·7Í_‚àz×

\¯úœa«#£Uëó§¡wýJ–Z¶‚—.§$8AÀ<Ϥ>~
)Ô&�|duïßZöò|°"
š;ƒØÙˆÃ($ÃÇüÀÛr¨d\š�£’KSˆ™%wll`D¶6Õ5פlɦඨU¶vap;÷RQÆÚ; Õ(t'E1gyåK/�¦	íÊ;Î"v&kh½÷~F£Ož1-õ3 6n÷ÂÌw»’¢I®“g9,+&’Ìh˜”ò
õ‡Ó¶q�W=”€T‡z�†<ébæ…g4
-%-zÄžbjeˆkCV#Š}¨IîP+	9„w(_€�ýNRnà}xVRÀ°ëýãÚ£XKŒI˜[çE&¸žÏsgË]2À¸ùûéáûíõÝ—¯œx÷xüýþúöVÎÅ8vƒ—ìPAGN/˜á#K…‰ñé‚�ƒX»Zqí²W(âIôáëù]hcLÅQÑűìxzâÏG&q<nmÆ�Ì@‹0»Å<jC‡
ôý`@KÅ[cÊ'ÆÀ"Ò¼MüŒÃóý{ä¹¼?¨„s<[Tvñþ]I�]F€79��ïivP	E7Û2`ж	 þ¾h‹nêFöí\Èû%Á�·ñý̃‡Ð2Šd	9ôàyÌ-æöw�$Œ§*Äõxöø��‘Él�A•ÛÂâP^¦Ëu¸ƒl�«±Ùb¶çDÙ9ÜÅJ-

R2Ÿõã�œ(†ÁŒîaeø¾5J§ø1J·¡¼Ëu‚óR+ë…ºDYn‡Ê{¨¥­o¡…ª�ˤ̶<PDt—5h’ƒrÔ
CªJ®^º¡A.?C œÕ,3.›1
-©-—\ü¸õ”³>u˜×à×ã™×#á¶Ø3rï;¶©üsÈÎnpð,žœ…)ç„‚¡Çê‘›`Mòú©dþ"ºíµ�ð#7C�Q+¨ÝqÚI|ÂlZ)…¾â¹h[É(�i+çYw‡"îihì]ÝB×o2DÉ8’áF:4§¾áÒÍAò`%ÝŠKCQš-Ï÷;h§ik”0¾½u"	]¸T[“Ð)R½¸DBíªä‚-ñm�
·­a»
-6/nÖÝM]æ2Ñóõ/ÿ;`±ZD««uë¦Köýëæ䯓ÿÚxrœendstream
-endobj
-554 0 obj<</Type/Page/Parent 513 0 R/Contents 555 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-555 0 obj<</Filter/FlateDecode/Length 662       >>stream
+557 0 obj<</Type/Page/Parent 522 0 R/Contents 558 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 294 0 R>>endobj
+558 0 obj<</Filter/FlateDecode/Length 1887      >>stream
+x
…W]oã6|ϯX´õ‰'i>îí.MÚ<´¹ÆnÑ
Z¢,6©#)ûÜ_ßYR’m¥hq¸Àú wwvf–ú|4£Sü›ÑÕ�_R^�f§¸3üyú�ïÐÅåþÖtv~��wWšæéÙùUv‰g³›¿¯øÙÇÅÑôþ†ÎNiQ"ÆåÕ5-Š¸5îä“ÛJ4A:ºÈèÖʬhÞ®VÒe�·ø‹/h6K‹Oή³3,ŸÌ-mmKaK¢((·…äßsQ/eYÆ‹Oéäì2»à%�F’-)T’
+ÑšÀ¡‚ð¯žJ‘ó… ÆÙ•u�tD²nÒK–6N™"”Öu!”§ÖÒù LL[w1gç)͵pʶžWr„ÜšµDdTF­—-·ÈÇzIµõ�DÔZ’21I$ó—ÌCF‹Jâ�ýµéÒ½l
§¤!äD•Ô
¢¨{ac©�¡K›[ÄRi¶Ç„ÒOBmˆã•Çù¶‡‹‘å4Ppaó¶F	´QZ�bw�q†×•rÓïS[¤�d86¶è@i×�Ë�†r¤ jô+A‘ZºÈ(ô›­"É/
ðCýH(¯„YIòZ­ª QÙš�@ˆã”D[øµ•³íàL=i)œÁbiÛ@véóÖ�{Ëéð‹à�"ö˜m,ÒœÜýOœýôz‹´žxfìÔÛÖårªÔ`„öÞO/öüŸp®‡kÁïžk»—W l�ï¿mÄ„PЄ£8W¡A;P»Ž™�¥’¶à)�sRõs›4ÊÍíà÷a«#lwK
”7f&Æ–ö	tÛX0>©Œ¡G&Nú¨ø½¢B>øvÉJ8”¹l¢à½`åàÙUÔFk¤[s¯ù¦ä.sÏ™ZÜh±ô䥬9ÐRBç²”Îáuh-‘+¡ßÞcúPF›a6ž ä´BÂ^�ÊÇåS@ÏmN>·–_î‹ö„]Þw¼í=©
+¡y?�ê/.ÓÊ´_2c{|ß)-6dz
dÎÿû›Í&+}™Y·š¢¼f]I¸Â¿›gU¨{¹ö±?‚Ñè
ê`È[Ø£Âþ…VmtV.ºfK…*�ÛxÔ9¦§MeS3 ‚àÔ²Eù= }Ð{«µÝD·¦ÞB㇚‰xûʶº`‹Ä¦ìe`)d`%ÈsçòÝ+Øo”0È+ÙE;xú⦬—ÑõDÃÿi炬vªàîANL’.ƒ²5ð*kàžW‰n»W¼_7bpÑ
|–�&æJ°ÌÚdÇoRƒê°•Þ>ÜϧóŸ>²;jdlÂà plÈÿµ
žÙÖ@¬TX$7.ÑwÙ*]à±
¦·\´œhÄo·«EP.´ŽÒ#­–ŽëîëK[s�©2kûšhß—ÒEåfdôA#æŽI<cRÆÌ•QìÏ-ÒP󔋧\+T}P8îA±¾mØd�“e g °©T^Qé„l%Í~øqE\ȼ2
+¥Ò‹sMÒóƒŽÁÞ×ÑO*wÖCµ°·þ¥�p»—Ÿ>6 ãÒÚ×a0¡esÿÚó»Qd`	ÛÒÛ±~ì
Šü·j=‘¥8…
'ÖAñnšP¢ð QD&¤;|")”/à‰ò× à¼ïI±„!ƒ	öŠ))øä„ñÉÉ5Fc+V½±ôÊá­¸¢L©þÞ,‹³w’›¸¿{¹º»ÛÏ®tR©Àk[�¨Í`'¦E+�5ú>G™°˜œíÂô‘k¾	‘ÙË¿¥K‡²½-PÿŸwO�/óÅÓ¯·‹è{ןàYÜÝ!æô§ÇùÃï}u1æùÅôÁåÍ6,xžpW¼(åË·$AëµÀíàŸß
qx¨­­ÂLÚ¯zÙ²wƈkÓ	w¨g`Ήá}[÷Jbà„mÍê8ÑàrP,ì¨#Fßý½sÉA¡ß½
‚“’V¹âƒÌ!º_À€Z•PG´•F¸šá=1±w
+¶}¦s|ÃP¦á“’ÁVÏæ÷&Åñ÷†zœ|ó
+²Äœè"æê’ôu!KO]±MªÚçàå.ÿ~ªÄ!Ñ''h-^4,—=;
+¼@Î}e8}‹/
nˆÀÒƒã
+ô’ûÉžðÛ‡—ÛÇO<OÐÊÈœQö=¾Ñk1¿?>ÇY¢´9faÒu‹tPš28m
Ö¿;;ìaÝLÁ0¿ûá7Rå((ìD	D/a8úÚ¯vpœßàò�ä8LBÒ±(V{…¬1úÜ÷¸�6á°	“…ZǧÆøQ"×»P‡ôÜã�2¹n1ûxVWˆ	|K¥áãàÌm÷ó$=í®ºaщkãgQ7¤Ð�z…eGûºH>«†²âØNß.¼hŸ57»Ü{ä’¥ìåÃÃÑ{hˆ4ˆMð<ƒ‰®¤á£=z‡ï¶¯jñÊ'IìWÈ	ÅßYµs€Qâo²»Ì¾Û9ëiJpzÝ}œÌnðüäâ,5õ¿“/®.²«Ëëä ³s~·8úåèñ4ëendstream
+endobj
+559 0 obj<</Type/Page/Parent 522 0 R/Contents 560 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+560 0 obj<</Filter/FlateDecode/Length 1703      >>stream
+x
mWasÚ8ýž_±ß.MÁ
J ¹o„¤�Î5moBç¾d&#l�uÈ’O’!¾_oelÇt2MŒ¬Ý}ûÞÛ埋!
ðoHÓ}šPZ\’
�ƃdBãÛ)ÿŽ'iuq¿¸¸þ<¦á�+>;¹�Ò"#œh‘^V^’4™†¼XI*D꬧].
U¦éF™5=?Ý{z¹ôRÒ²ÒºLº$'a2R&Hg„öIfÓ—ˆ*¼5¿“±áÃâï‹
õ‡Ÿ’b^Ê­tµ5’ÓÓW¼§ùD8In¨=4&ÄOãÃþh’ŒùÕï6HúeTj3Iª(µJEPÖx²+Jsá¼”#ÍÙ6‰ž$–Ð3²/+­_¯bâeåóæד<Sk�ixõÁñm«Ê¤1VÒÕƹ£f~*´ú7þr¦”ѹR¬ù-�ð¾*$=šµV>'ktÝÝÎyŠ¥ÝÊÕhUv	ˆŽ i
[¸š‚%±µ*²œ±2׶
+T
+'
+‰L¹u]r+TÎP&‚@¯UŠPóΩ€Ö(S¾{ýåÃ	Bm�ç`M*˜B>ˆ¥Ò*ÔT:»Ô²ð‡äÛL‡ããüÛÖ>_�©©-k§Öy`â¨YˆøÔ9™†e
je	®Ò©l-ódPiëÊ%e*c„c-	}]Qm«“üq„Ã4g‡Ïdäß N'^¦ªC…V¾)�Ó*äñ°“øÄãŸE±ôåç7™ÅK’3ußœ«{ö*È=kÉ×=̳×ûo? µ•u¤¥Y# /eªV
+׳òúܱ;ØQªLŽC¶
Xpy"Û
+ö!C¶l‚ñµK�Fj…3-Y:JBH“Ö§‘¦ç"íIž¢�¾�iöô:›Ïüú¾W\•‚~Ü*î®®{|¦&ŸÛJ£N$ßDÍ[%¨Ì–¯k’$y¹„Á@å'íä0€ö@›½?ƒSM:SJ‹Ððö¸š–¢M5i.Ó
!hwì²'±Ê€Ìþ4[öHè�¨=[]|_~m_�uDZ‰T6”92ÊV^ÚBÌÐoA¥®Öë½Â
è²¾;—õÞ8áKXYX‘ÈÑ!#кlü
Bƒ¤Ví0~4¦´Þ+Èø+Òj48Ô†ÿ…ƺBhšÞ¢�&xº¦+	8#2&÷üãǣϮž…\¡I3Ðøu£­£s¬‚BœNåÙØ:ýÍïîØ|L&\Ö#oaV³¬¶p
+¨(fT*Í.˜Ù¨z&WH…3Z�?{(£¥à–Ö
	±ýG¥Î~~í$ÓÀÙQÜ“|+5èÁ¾ùaшÖ<×áÇ Ë	©a>= ‰¨Ž%t–´AåLíÇ ƒV}¥ð|nñЖhY)Whf8¹¶	P¼Ž>âÞÕ@d‚D:×Ñ!ÈR¥ȱ*áBô`ßêµ4Hˆg£'+@|„g+�Ñ»øé
+&ÙR–
Ûy„sv—Ђ/*¤ÀX‡¿›½×[á”@žÇ€ˆ
+oWúŽÂsâÉüŽlåâ¸ðXi˜ßZWAf	=
+̾Âf•†ó7þ“‹-$CšÆœ6U±DpX¾5«fõVuú8¯sóºŒÏÁòn”·°°�Ú+�b4ا¥
ãµ1v§%/Í|•FOK%yb"ÅfAòVTÇÍá}„Ëž`š¡áa[sï®ãÛÚd°ä`²#0
V%�âªèI[ȧcOý†=<Kãl9	ºrb
®ôâºÆwPGÀOÌ»ñŒ|éÕÚ€ð(¸³SF°¡aX1 ~ó˜)n'aˆ÷FÉÊmgjú¾À=
÷Ó@‹Vã5ëà0!j�ý�us¼^5¸måèÝ®s3Jn™÷ ¸Ù@RN®°‡ÖûFîXl�ûNiÍ7#b7ãþIÍ%cÇ˲øÂw a¹aMgè/Võ?î·;2\þÌ¥ÝMp,„€	�ÅrÄs®tT[ë÷£ý>ÓÞaqï·%/`cc
+ËQÜÌã
+·8Ïȃ?¨}8Ò£%X„H@³ñzvÔBÔ”K]2{�̪´µNÖ+sJb'1Œ7,|8¿!#w{884(•2ã°gåèÇØ9 ŠozÚ_Ì
ÁN‰|UrÏÛ¢§Ÿðiÿ=‰—T´NŸ_¾ÝÓNo“	FÓøfÚXÞóìé~Fp,
ËÃ0úRaûã—úíÙþtpÇ,™ç¢­šÛ˜ûó
3~c<'ÓÉ-¾
ò·‚1?z\\üyñxD‰Âendstream
+endobj
+561 0 obj<</Type/Page/Parent 522 0 R/Contents 562 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+562 0 obj<</Filter/FlateDecode/Length 1908      >>stream
+x
}X]OÜ8}çW\ñD+&00t߶´h‘º­vVBBNâL¼$v;óï÷Üë$3lUª’Äö½÷œs?ÜŸGS:ÇŸ)-g4¿¤¬>:OÎébþ)YÐâj‰ßgøÛj*Ž>¯ŽÎn>ÑìœV¶\.¯h•–ŸãMvr]ª&è–.ºSuªèÖâѪÊXý+;§Ë¸s2_$3ì=¹H¦	a_«2Þù‡²yeì:®_ÐtÚ¯Ÿ-“K^¿*�'¯³`œ¥\û¬5©ö”�'x¨ìO!c£#§¤<™º©t­áR>~ 9BÃjR©{Ölõœ&³KD[·–B©©Q>ôñ”*§gÝnIå“ÒeÿcÑg* 
+eëºuéº ge.×´Á²]­ñ	®«*âËÓyDeSš¬¤ÌYcwÕ“u•jɇøx
+î¬h]M_~Üaa®µÖ>¡;ܺ‘�
+¥Ã0¸
ÖáŸ-¹‚‚®g2Eô`ZícX?ò92wðµ7D®¥Îš—ñƲŠ#v¤Èšuj³°%AGOZWd®�G&”Ö÷Í”±¼†Á(�0®µÕ­ª€�×IÔÊ'Ú×–ðw‘Ì" Vo¨è¬ˆ¦—â»Ò+Xé·>½�kŸ‘yÒ@ÑøßØÒcThþ?Ž”ë
è�ÒçØ�£ãá»øâ5ñ—º«‚™¤Û ‡¯‘*þ¬YvŒ=Ä|P®c�aº•EbaXzL®‘¼À	¾Nè§t&H£�_¤‰7c$°ÆfE¢¨�êæF^gU1�ÞKð”R£ìö`�0�Ó:�#r­fÖË!¿W
+WUnÃ*„b(Ýè·0ײϺ٠Ù÷ûoß<é—L7�Ø'$Zm¬âÈ9²Éô<™_-Pž�ª�6¾óKM5-'©á“ëÛ‘3"7º89%ïz^ؼʆþgÀ¸u�½PDz$s<�›‘lèÃ"“!]¤	³¬væYUx;<ÒＶ{6 …7d¦oÉܔصuu
 åaW�sÿ F;¡'ئh¬²ka%èZ³²U¿å
ºÙ¯ÑUŒ(âÌ\Û¢bW[*]…RÛ'ŽTü¾DÁaàYÆAp亹!/#À
+Bóhr2»ØU˨_—÷Sº_ÝL®XÌœ'¨û¨íµƒ„ö2Nyƒwì
Y/Y·°ªï¯ïf𻃻¬½7¬Š¶‚›8E>ôRµJûŽ´éUÂýòUiHÁé\ºàHZÌG
gÖÈ”•ššvEÙé1‚€!‘@è„,¥�i0°`öå ½H	{{=æUüœHµ´
+†œýë”àó#=øöª×âKÔÛà: �ë
B„3‡V›Î—�c1îû•¬´ìÝE/]NIt(8�‰€<œìH}øR¬M‚ù^¬+¸ÿÚ²—ç�iÐܹÅÞÎÈF!>æ;â.f‘K&lÕ\šbÐ,¹Cc#%`²³¹n¹– `K6E·E­²µƒÛ¹—Š2Ù‹f‡TPèNŠRÎòÆ
–AMÚ•wœEì&L¶z?îþüŒFŸ=aZf„QnÜî…&ï]»’¢Y©³'9¬¨&’Âh˜”ò
‡Ó.8h‹«J@®c½FÉžô±óÂ…’½gW1µ2Dĵ1«Å6ÖŠ¬t¨•„$Â;”/@ŒÇag)7ð!<+�9`Øõ„þqÝA¬5Æ$Ì­Ž#‹\ό繳ã.a\ýýxÿýöúÇ—¯œywxüýîúöVÎÅ8vƒ—ìPAGÎϘáK•IñéŒ�ƒX›Vqí³)W(âQôáÛgù]hcLÅQÑÙ¡ìxzâÏ&q<nkÆ�Â@‹0»Æ<jûì‡È€—‹×֔ό�I$z—ùÇ/ö‡÷Hty¿“+çDx²(íâ¾¥=¦÷Æ¿>#À›œÇ§÷ŒŠ4{¨„"Œ›]�0hÛ‰P€ŸµE7
u{æí
\É2ûœdÑ›×á½æÎChU²†ð<æ…s{ð~Æ
+HÇc{8yøÀÞÈh¶À¤Ê�a±«/Ó‹«x	Y!YS³ÆpÏ™*ºs¸ŒÕZ"<¤¤>wꇞ9Q
£™Üã@Ê,2ðCsÚÕÎwP‰½™‘æ¼ÔÊza.S–Û¡òjéAºAl¡ªÂÃã2)³-	ý(z„ä u`O`]HU)Õs?4ÈågŒƒ³šUÆe3Eá"µæ’‹×¢žrÖçóüz8ñZc$\W[Bî}‡6•ŠÙÙžÅS².åœX0ô¾zä&T³²}¬™¾„n)$üÈÍÐcÔŠjó¦pK€Ê�ÔBßð`Œ	´kd–ƸUò°»Á5´öèG@Ûo2EÉ<RàJ:v§¡áÖÍQòd)íŠkCÕìº-øh't-j_ßz‘Ä6\«µÉèÊc)_\#!wUsÅ–×ÎÆëÖ8Ž]F›g7WýU]3Ñóõ/ÿ?`±\$ËË«8×M/Ø÷¯«£¿Žþ)ÄrÉendstream
+endobj
+563 0 obj<</Type/Page/Parent 522 0 R/Contents 564 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+564 0 obj<</Filter/FlateDecode/Length 662       >>stream
 x
µUMsÚ0½ó+vr)™‰Ë6þ8’¦i;ÓL?p{â"ì5V2•dþ}W�Ð	qHHé0ÆöH»ûÞÛ'ïïŸ~’ŠyÏg>ÄÏ҄žº4Bµ^ð9½v,¢€Å]Qu§Š‚
K»"ÂÁAöDD&,êJÅ“¬.ün¸qðíEÞ;¿Š€sÈ+'Rœ&�—@Bù>äE_Ìf°¬T­*¬l”
+~!´JÞ‚±Zª©apÙ¨7ŠF-Q[¸©QÁBC‹`°5ÎOóŸ=�ŠPβŸ0pïçWpªV�À#âI«2¸…nH“•ÅF—¨Y½ºëSXBD)$¯¥
ƒw¡DSh9ABZ#Ì׉J¬¤Âr'!ƒ¼F³Ý$È
 ­¡]xkQ¹ÄÙÊE¸<#1Ÿ€Êò�t¤²ES"Û2!ðñóBþ—gðöÇðÓ¸?i«³EcƧ\*�¶ÕN\*僰ÐT•A7ÒÖN‹¶ªP»BQŒœ:^E-´(,©´OÀàËÁx–bÖ"¡Ù¥…0ö®Á«…sÄŠT§Ï
¡�(sFUžT‡d8@²Ü2ýï—#"¯—ÃõjËÚÔ
YÜç1L¤ŸÂLZ;CU)©QQžk+ƒávïŽÙHòÉàÄvvoæhåœl®‘LA Þ䊓¿å'û™|<ó0pŒ_Éw¯[ãu{F‡Ÿ­]]6ž<Rwö¢¥¯š“ôhÿŸ¢))úÀñ/;vGv¹sêOhF€õ@Àÿ"åfv=‚šn¦%ORgÄ46é>^_áij4ÔÞ·²Dgï~§—ø™ÛºÄEIÄ’8]ÏJ»ïòÞ×ÞÑ.’ëendstream
 endobj
-556 0 obj<</Type/Page/Parent 513 0 R/Contents 557 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-557 0 obj<</Filter/FlateDecode/Length 968       >>stream
-x
µVÛrÛ6}×WìäIöX)Ò¤ä>ÉmÓz&N]KÍ“f2 	JhI@Á8þû€¤uµs­<’I‚Ø={v÷,þäã/ dLaLY5ð=Ÿâ(öÆM\�ñÕœ
-·p‰G““ã©�Zˆ’N˜
-§Ïì£gvÓàØÇõbðúÍ”‚ˆ‰'¸È	Aø>-²á¥z�ïÑ|þ~öv¾¦Mq±QõÅGV.ÏÎcsDAÐn�lÖÜÔdÖœêµÒ†–à ¦T˜åÕb%yN¥0¦ä#.sÁ$	iøŠkb†TQ`3Á
=³’à¯Àþ‘QÎ(<7œðëµî·ØG¡�è o¾t‹1[Ì_
uõXÇÝ[‚Ÿø}–[ÍM£eKoË„3ຑ¹G¤§bõ•T†Ùh-³?mGóÇYF÷(ý²’ýß8µå»_º>�‚2�‚ÕEŽÆÀ;¬¦WÍÿã~ñê3i¸´!îåá{BüæDæôJ`õdF}O"%ogïè–IfÛ}Ϊ”Ñìîæ„Šx±ee±5Õ<3BIÊy�i‘ò¶ô‹FºÇ5IÞòV±8±=÷w?SÆÊÒ#gIÈBéŠ9kk–Sʹ´¾wò RÄU¨ô‘ø'V	)äʵW‹6S9œH$
-·Œy„B¹ÊšŠKã¼xtc¬6eNR8<p—)4mî2�=Bóò£¢,-y—|Ÿ¦½¶vDÚˆ>°�X!œ´Ñ™4VC)ß^V;�«îyïÛǹÔ}²5Ót¾ašUÔÞäÌ°þú\ï-�k»¸<ûé8iÛ”õÉ!¤/ç…#Rž•Qz™£¥©‘IˆÿüöšŒf²fmšÑ
6@dRóJ°½/õAäAçï,zn¸®�a¹‰´@º\î%b˜Çè³B•¥z¨¯ì&ÌîÑ8nKÕ‘wår,›*E­BcÓGĸر“òâªmTÖÆsC3’½ÇíS‡»$<kÓ’Šò8m
ÃáÐZ›ßÖ\Å>‰ª©èe¨k‘­ûbL9صs„ç{¸!ìGžv€¿àÉðE> ‡>£WHùFÙ³€î'ýÓ(€>fxhÍB9aÌ!|ÎL|l¦­ûC[ˆm¬¥ê€ÚáïÑ÷·c‹ÓêwåíJÊQ¿#>ÛÆÆI©jjt4G+¨Œ¡
pª©BKèǧZë§GÒ¢ýfÒ�Ä‚ËЋ§SŠ“®Ùç³ÛëýÂ?òRm€„~k ;@�LÜ»£Ä‡Òtg§—|QyI<é*=±F~]þüƒìM|endstream
+565 0 obj<</Type/Page/Parent 522 0 R/Contents 566 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+566 0 obj<</Filter/FlateDecode/Length 968       >>stream
+x
µVÛr›H}×WtåIvƒä}’“Í®«âÄkió¤ªÔƒ4»0h‡!Žÿ>g°îÎuå’Ó}út÷éùoà“‡?Ÿâ¥åÀs=ŠÂÈQ8Žq=ÂWqÊíÂ%��.Œ&nxl!Œ}8b*˜œØ„'vøÿÐÇõ|ðòÍ„ü�æ9‰Æ¸ÈAxÍÓ᥸¾çÒlöaúv¶&M~±®ê‹O¬Xœ�ÍÿÁæ�|¿ÝìŒblÖ\פWœêU¥4-†~D‰Ð‹3ªÅRòŒ
+¡uÁ.3Á$	©ù’+bšª<Çf‚zz%$Á_Ž5ü#]Y£ðÜp¯ۺß`wXÐ>@ßüèc02˜¿êò'°Ž\º7?ñ{’[Åu£dKoËDfÀu#;rHOÄò;©þ
+³
ÐfÚŽæ_Ž14ŒîPúm%û¿qjÊw·t=rü2�‚UEŽÆÀ;¬¦Ïþ|?ñ•4\šwòð3!þp"³z%0zâaß“HÉÛé;ºe’™vŸ±2a4½»9¢"ndX™¯DM5Oµ¨$e¼N•Hx[úy#íãš$oy+Ù¿œØŽ‡û»W”²¢pÉZ2¯TɬµË(á\ß[y¨Í„Q¨ä‘øgV
+)äÒ¶W‹6­28‘H:n;#ò…²*mJ.µõâÒ�6ØÉJÃáž»´BÓf6óØ#/1*
+Á’‚wÉ÷hÒkkG¤‰è#[‹ÅÂIk•J}a4”²Íe¹õ¸ìž÷¾= �KÝ']1Eçk¦XyAíMÆ4ë¯ÏÕÎÒ¹2‹‹³ß“¶IYŸBú2ž[B!åi!¥›ZZš™„øÏn¯I+&kÖ¦`D&/+
¶×â¹>]èü�AÏ5Wõ!,;‘æH—�þDó}–WEQ=ÔWff·3ŠÚRµä]Ù˦LP«ÐØäQ1.¶ì$|‰¸j•±á`bhfC@2÷¸}êp›„“6
©(�ãÖ0ö­µùmÍ•ì³(›’ž‡ú°éª/Æ„ƒ]3Gx¶ƒÂ~àiø3žlßä*°ïÃ2z…”¯+sPý¤ßbe
ЇLC÷­(GŒY„§ÌD‡fÚºß3´�ØÆú Pª˜6 -þ}Ïp[0¦8�q[Þ¶¤ð-íÙô5JeS£¡9:¡Jºg¡šJt„z|*µ~xÄ-ø—oÆÝAÌ¿Üh2¡(îz}6½½žÒkþ‰Õ@è�²cü;~<¶ï:±¡éŽNÏ�÷Â8tãhÜzlŒü>ü5øI�MOendstream
 endobj
-558 0 obj<</Type/Page/Parent 513 0 R/Contents 559 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-559 0 obj<</Filter/FlateDecode/Length 1562      >>stream
+567 0 obj<</Type/Page/Parent 522 0 R/Contents 568 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+568 0 obj<</Filter/FlateDecode/Length 1561      >>stream
 x
•W]oÛF|÷¯Xø¥6`1’,KrÞ”¶)$AZ-Z0ŽäѺ„¼Sy¤Uå×wö>(ŠVŒ�Jº�ÝÙ™Ùåßgãß„SºžSV��“1Í&ÓdJ³åÏSüÕ’
 ÷ÃÍøå÷ïÖgoÞÏh2¡uÁgÌ—Zç„sÆcZgu.ñ–m�Ò�¬©1½»�Ê6´SeI©$+þÙ­ä‡f#qyÓÖZæÄç$´ÆW™(Kd
 ÷ô(¶êáâáòrýålL£É5b\çUkÊ%–šL4g)K•¬L½Oxéǵ˄ÜWÓ]ß&sÞ�‹¬$�Ü9Š­¨E%¾%òÞ´dÚ§�ØJ�_‘Òn©©sö©šÄv+±Yg2.è΢±}}ËW¸ÑtžÌø敦V[õÄIO攪;ù„SWŸïH·U*ë„þDvcÚ2÷¸q~Ï¢l%àl6tÿûêã’Ð冴iè«6»
L»�ô)"Y²uIçÒfµJeþ¬‰ðõ#^Ýÿxw÷Ù¦Vú	¸»Ýü8@/T•)Z�5Êh
-Åù?¬>ÑG¡rv…éÕ57Y[IÝÞêùP¨µî`½
-%|¹•õ3 Ó¨jdÉT•j�¨„O!`<¥Â"€v»5z€Ÿò2à€O¹ºå•Ã™70]�ˆ¬Á¯åQZ\Ó�k>=€	¼
-ª»á·8%ô´ì(	5Eåt—A�ùÅõá¦Hÿ•æ¸÷¼�Ùuµbí]½^1Æj€àQÑ°½pF”Îï]uÎIhÆÞ™ž”ÎÊ6�ô9o?ÈgYž÷‚ìrŠ9ÌiEL_Ñ‘ëI=ËÀõÍÉ3Ý7øÆÂLÛ¢qv,(øS…€½µÌ$öñŠA’oè§{>å¸D6¡Ïµ´m%RÁùQÐ/ŠÅZP”¡­ò:ÓM ¨—t·pp';æ@Í-Âps@æ¿P˶iGªhvÝíNÑ]
ªÓñjp¦Ü_¹Ô†qz_`ùôMÖ†J©ŸšÍ‹:Î}´£�SfrW¡¬T’‘(wbo]ðÿÇ>àñ@l¾aÜÁ=-5+aÃP‰„ß r=êEáåë=|çÖõ&\Ë?¾yKu�Æ9ºžxϾIf	4ü›kVÞ†ýÚرvÊ�‘ûJ‡b�ÐôpádÎ$K÷T;E>\ƾ‚VÒu–^OAƒú?
Ä?3ðO¥=÷ûÎöƒ
±9¼O3+DÎÉ�z®ì9;Žûµ×_O·‘A�f/æÕȲô1‰Ê´ø0ø€Ãì`£uRó
-ó]EòGFsç0z1”äòâ‰�Ó;a[œc1Ÿ—C±�#ØFÔM´‡ãN’'èf#¼_ôêf!nAçAÙÑéÙášÂ&p7ÄݦM�6‚•Em*^‹fé(1È™”ëëL%kkXG]°Y`’81W¯ëÔ�¢×–n¦ÉÒM' ×&˜¤Ÿø“,%ײ«Qç‚=;‰˜a&q²¥åqÏZ•–ì�ã”›ÓÄ~�”5¿Twfy¸Ø›vwô�|¡á9ÊŒ0×¹3
¿Ý^Ýùd€uh“ýÑC¹†�þ€j±‘³Ë—MÐ2åþ1ÈY8ò[ÝxÁñÀP3)A‡#íAXϺó|=÷³�·ˆ«ñÃ幫{L˜!Ùe¬„ÎóƒÇP…®ÏA›9>eʧIJĹ3�Æ‹PéÚà¹ó…B‹ÄÌ4Hl ™X–¾ÅÒ·;'‰ù9màÂ$ÈàùyÍ…rè;h¾N!™ñl†0¸;•…Á(„ŧð8Ê‘v”=^z pBŸŒ{—Q¹Z�/¹·
`
èû�¹7˜nœ*Ô?�ÙFÔ�Û¦æa�5ݵ¸Lh®—ˉyilÛ‚9™ ¤S÷ëýpá÷jÝg¨;îÝ Nc7u¡{ϵPõ0‹
ò
->G�6T̓`ñ~×….äÓë6A
-Ró'/»üÖd‡—â•nfè7ï—áÕs²X&óÛ[šÏœMݯ>¾[ÑO<7š-¿¶ýÒªÜquWŽã[v´ïôîÙb–,æKty¬™,9ˆŸ×g¿žýãæ=endstream
-endobj
-560 0 obj<</Type/Page/Parent 513 0 R/Contents 561 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-561 0 obj<</Filter/FlateDecode/Length 550       >>stream
+Åù?¬>ÑG¡rÄ››¬­¤nïôt(T�Rw¨^…
+
¾ÛÊúÈi”%²dªJ5HL§/žRaq»Ý=¸’Oyo€'F\	ÝŠòÊÁ̘­‡@DÖà×r�(-®é0�%Ÿ0�ü^ÅÔ]€ð[�
+zVvŒ„˜¢pºË ÇüâúpSdÿJs\~{ÚÆìºR±ô®^/c5@ð¨hØ^8Jç÷®:ç$4cï¼
OJge›Göœ·ä³,Ï{Av9Åf‡´"¦¯Èȃõ¤žeàˆúæÔ™î|_á
+¦mQ€8;Öì©…@@ÞZfûx'9ê9Nú©Åž�9®‘Mès-m[‰Lp~ô‹jñ�el«¼Îtê%Ý- ËŽ9�»êŒ8Ü ù/ܲmÚ±*š]wû�TtW€ët¼¤)÷W.µaœÞX}“µ¡Rê§fó¢�síh`Å”™Ü•(+ÔŸd$Ê�Ø[×
üÿ±x<›owpOCÍJØ0d"á7ˆ\�zQøBù‚ß9ƒu½	×ò�oÞßÒF] qŽ®'Þ³o’Yÿæš•·a¿6vF¬�rcä¾Ò¡Øc4=\ø™3ËÒ=ÕN’—±¯ •t�¥×SРþOñÌÏTiOþ¾µý`ClïÓÄ
+‘sr}î{ÆŽã~íõ×Ó-Cä_УÙ̃{5²,}L¢2-¾>à0;ØèG�Ô¼Â|D‘ü‘Ñ݇A¤ä	ꉑÓ;a›œ£1˜C²�'ØFÔM4ˆã N²'g#¼cô
+†!nAïAÝÑêÙ	ašÂ&�7ÄݦM�F‚•Em*^‹né8Á‰öŒ™”ì\%kk˜G]°[`”81X·ëä�¢×˜n¦ÉÒ�'à'ؤø“,%³+Rgƒ=?‰˜a(qº¥åyÏZ•–l‚ó”ÔÄ~�”5˜¿Tny¸ØÛvwô�}¡åYÊŒ0×¹s
¿Ý^áù!l€uh”ýáC¹–��j±“³Í—M2å2ÈY8ò[Ý€ÁñÀQ3)A‡#ñAXÏÂó|=÷Ã�÷ˆ«ñÃ幫›L"Ùf¬„ÐóƒÉP…¶ÏAŸ9>eʧIJÄÁ3�Æ«PéÚà¹ó…B“ÄÔ4Hl ™X–¾ÇÒ·;+‰ù9màÂ(Èàù‰Í…rh<h¿N!™ñlŽ0¸;•…Á0„ŧð8Ê‘v”=^z pBŸŒ{™Q¹Z�1¹×
`èû�¹W˜n *Ô?�ÙFÔ�Û¦æi�5Ýõ¸Lh®—ˉyilÛ‚9™ ¤S÷ëýpá÷jÝg¨;îÝ Nc7w¡}ϵPõ0�
ò
+Fg�6TÍ“`ñ†×…6äÓë6A
+Róg/»üÚd‡—â�n¦è7ï—áÝs²X&óÛ[šÏœMݯ>¾[ÑO<9š-¿·ýÒªÜÏlqåh1¾eGûNóž-fÉb¾D›ÇšÉ’ƒøy}öëÙ¿U^æjendstream
+endobj
+569 0 obj<</Type/Page/Parent 522 0 R/Contents 570 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+570 0 obj<</Filter/FlateDecode/Length 550       >>stream
 x
•TMoÛ0½ûWð˜¬ÚŽã�]‚$]‡Y�¡véE¶éXƒ#e’ܬýõ£œ ­klXaÄ�ò½Gò1¿¼zBH#˜'Pí½€g1‹è�Ò9¢�Fh¼uá]ßæ¦P4”’d!5Px@QÍlÁ`£j„ªåšW5X^vxUü¤ÄBŠw‰~”²„RgÔ–	5·ŒÕ}e{�8ÑÕh*-J¬¡|†=ri@5°zØÜݽ¸X!w*%�éø–Ø0(Z48@Ùv�@Äᜪ"âwÁŸœB*Þ�»ßû|@â¶�°¶Ce-¸„^±“¤KH‹;Ô.קҨõ,dàît½pÝV¥zi�~Ó—oê<¶¢j¡Q]§Ž#˜h
 sC0�êõ‡%ͧXkÂ*{œ…mA¬P’wg�øû@S0T"7`5�kðÐz¨ÅNXóx5’O)^FrUÓ´`}{ÿ}»òÆ^Hn‰ã4Ëùè}»¿àI%ýô†ç¬4ÂJ¦X%Ð_%
î;wâ4¨7 �’h8(çÚ
EëCÆvž¸Ê¾iP/—Ë‘ÐlŠ±…åŽD;âæ5¬Àÿ`åS¬d¿/I¹ð‚%d£ôž»é¢A»u½KØâìêà„w}›�—8\ä,ÌsˆÂa_V_×+¸Á'ìÔ
µ�/½¨‡¥óÃ4c	Eúi�»
ùç¿DœÆ,M²3kîúó¹ð¾yd`endstream
 endobj
-562 0 obj<</Type/Page/Parent 513 0 R/Contents 563 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-563 0 obj<</Filter/FlateDecode/Length 1254      >>stream
-x
�VËnã6Ýç+.Ð…m Vüª�L1‹™ AÈ¢E
Ì¢ÚÐm³‘H�H%ñ|}Ͻ”,?’™&ÈÃyçžsÈoWcá{L‹	M甕W£dDÓ»Y2¡ÙíÿOðSiZË‹ÉttùâóòêæáŽ&#Z®k¾¸¥eNˆ3“¬¿U» +š'´Üjòå*Éœ]ÓÚz°üWöŽqïpʉ—yžŒzÔ¯&S}²ªØ{ããê�ÇÍêÉ"™óêÏÊóÂbM
)82O»ÊeÚ{�“³¤¨0VÓjßüÅ/¡9Å
ºº¢°ßiOn-k<‚© /+�¹�5ß
-
�ƒKÑp<�åM¥Š+ýŽfÓþNUªôI–>ðb€;œÌ“™”[(ûÔ¤Ò#ÊòH‚2ÖØ
Š-öô²5Aû�ÊtÂÛ‡èhæ}ÀŸññ�üÞ•¥¶á,àJoŒ•x/&lIãêRäui†™+‰ãÏ;WÛœ¼ÙXÝû­ÇO{¿ôÒÁiÞÉeÞ¿uÂlµÊšáõÔös–^!ÛN[òßj{U©ìIÎøÏEªéeª?LÍ,úI–=9é3ÛbG†
	r,Á‰\¯U]D�dÌI:8
v³'¿vƒâ�kSù@áÅ	¶ÊæX _³¢öæYcT‘tÎ�kža¶% ë* ƒºÊ(�Bn…c
-'#ë€tÄ*Ÿ)k‘lí*~sL¡!µè[#ÊøE†Ô!x¹á�ÙoxVE}–¢Ñ9X>J	�F÷¤-t¨D„Á‰:Eq–Nˆ“öüƒÇ%«%9/•9ÅxgåæÙäŒQåJ$E
62S
é4øV»?PïcO8Íf5†Ù¬†ÓqÔ$´õÏWD¸¦¯	rΛ‡ãa-vØmÀ0( 'å	VDzØç™{`¹H;í§Z×6ê(í{­)c6¤ýé}:ÀKðLï3à
×±úEøsHÅzJSE‰Õ¶ïQœð•qZéLÕ˜“	Ül0k¹I0ÃùxxU :¦‹áœãÄ•
‡èX$}l“ãt&€ÀÑ€O]å
7kyÍSï¨"¤¥Rí[£$c¡!ØíqÞ„>
ùÎ:‰­Ï°÷ó~ ~FžÌ•;H“O�ÞˆÉãèˆ=P=”ܺý‘^ZKÿrRMpHÞµ!4f²<ñTŸuµRÁ”R¦Çͦ
-À2UUFm4øêÊž×Þ:œ�S¯0õka¶Fça§­téžu~ÑÑɶ=<ÂÇ™úŒ|¨”�‰²›hQmq&�:9ä jü´›˜Å±Üã±ÜA:ºÇ1hl
Tœ4ü†êjô§gÏ)Y˜¾^ȲÒ`~³Y—Yå<ã0;L9®‚M°â¯p,ùBùí{`G¬Ó”-9¹…�mÅ<Ùh÷bÚ´’ƒž‹Óº3Z€‚÷´ÀiT§pФ}ëì°CR>±£óYûpPgùÉ1ÉÕ(:´$w#û¦�¼6çâ‹�|€;ò&Þ¨8¿³™
-Ϊå2ÁÚÎêªjoï�	= 4ýªJ.× ›‡ݵ··Y´^j¾¤ú¨Ô�G­DÍøP17Ó´�Ì(ákf¿Ý,uñHO"HŸrH.Œ_]]°‚Њ›ƒ¾WÚÿ)‹«øa·Ý¥uÖ\qïr/ž-fÉb~¯}“—øûò꯫ÿ§j§òendstream
-endobj
-564 0 obj<</Type/Page/Parent 513 0 R/Contents 565 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-565 0 obj<</Filter/FlateDecode/Length 1000      >>stream
+571 0 obj<</Type/Page/Parent 522 0 R/Contents 572 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+572 0 obj<</Filter/FlateDecode/Length 1256      >>stream
+x
�VËnã6Ýç+.Ð…m Rüª�L1‹™ AÈ¢E
Ì¢ÚÐ2m³‘H�H%ñ|}Ͻ”,?’™&ÈÃyçžsÈoW#â{Dó1Mf”—WÃtH“»i:¦éíÿ�ñSiZË‹ñdxùâóâêæáŽÆCZ¬k6¿¥ÅŠgˆ'yÿ~«vAW4Ki±ÕäËeš;»¦µ)ô`ñ¯ìÍãÞd‰«þ,¥ô¨_M®
+údU±÷ÆÇÕS�šÕãy:ãÕŸ•ç…ÅþšRpd2žv•Ëµ÷zEÎ’¢ÂXMË}ó[¼T„æ7èêŠÂ~§=¹µ¬ñ¦‚¼¬tî6Ö|G(@.eHÉhË-šJWúÍfý�ªTéÓ<|àÅ7ÏÒ©”[(ûÔ¤Hèey$AkìÅ{zÙš ýNå:åí	zš«>`áÏøxH~ïÊRÛpp©7ÆJ¼¶¤ñu)òº4Iî
+@âøóÎÕvEÞl,ŠîýÖ㧽_zÙà4ïø2ïß:a¶Z­šáõÔös–^!ÛN[òßj{Y©üIÎøÏEªÉeª?LÍ,úI–=9é3ßbGŽ
)r,À‰•^«ºˆ ɘÓlpì4fMÆ¿vƒâ�kSù@áÅ	¶Ê®
+°@¿æEíͳƨ"#èœ×<Ã|K@ÖU@u•Q…
+Ü
+ÇNFÖ
.èˆU>WÖ"ÙÚUüæ˜B	µè[#ÊøEê¼ÜðÆl�7<«¢>KÑŒè,¥„N#‰ƒ{Ò:T"ÂàD�"Œ8K'ÄÉúþÁã’Õ’ž—J€œb
<‚3ŒVæÙ¬£Ê•HŠld¦Òið­v ÞÇžpšÍj!²Y%“QÔ$´õÏWD¸¦¯	rΛ‡ãa-vØmÀ0(`Eʬˆô°Ï3÷Àr‘vÖÏ´®mÔQÖ÷ZSÎlÈú“ûl€—à™ÞfÀ®cõ‹ðç�Šõ”eŠ«mߣ8á+ã´Ô¹ª1'¸Ù`Ö&r“4`†óñð8ª@uL9Ã9lj)*ѱHú"Ø&ÇéL�£
ŸºÊnÖòš§ÞQEHK¥Ú·FIÆBC°Ûã¼)}ò�u[Ÿaïçý@�™),wåÚä#ì„9bô8;bX5·v$˜ÖÓ¿œ”²w}�™-O<Ög]-U0¥Ô)ˆÅy³«±\U•Q
…º²gÌ?”çãØ+ŒýZ¨‡­ÑzØj+]ºg½ºèáÈeÛaäÌ}†>TʈŽÐDÙM´(·8”Nž‡rR5†Ú©MÜâXo€ñXo�`Ýã4¶*N~Cv�5úÓÃç”-Ì_/lYjP?€Ú,̼r�q˜¦WÁ'X
ó—8—|¡üö=°#ÖYƧ–ÝBȶbžlô{qmZÊIÏÅ�iÝ!-@�†-ð_Ù)œ4Yß:›t¨CˇIw|>köÊà0?9'¹E‡–ärdßô‘×æ`|1Ð0cKÞÄ+çw6WÁY€¢Ü&XÜy]Uíµã½30¥”¦_U	Àåtó0¤»öú6�ÞKÍ—T¥úñ¨•¨*æf–µ“¦|Ïì·›¥.éÉ@éSÉ�ñ««6CZ±esÐ÷Jû?eq?¬à¶»µN›;îýO.ÆÓù4�Ïnã½o<ä_\ýuõ¤õ¨endstream
+endobj
+573 0 obj<</Type/Page/Parent 522 0 R/Contents 574 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+574 0 obj<</Filter/FlateDecode/Length 1000      >>stream
 x
µV]oâF}çWÜ7“¼ØPC¶›H¤MV•²Y­–Vª–<önìê±Ãf«þ÷ž;c‹š>”(‰±ïǹçÞsÇvà' qHÈâ¼3ð…CD£É×!~IKû |}ñàzÖys;¢  Ù±¢É˜f	!Î`@³¸{¯KIåZ”ø#Ip´ôI’ÙˆXZê,ÓÛT­ø9mu‘�gÊ7¼2o
 i¤*›çZÕŽ´�åVJÕ“Pðœãã�Íþè¨ýPº©²¡K½¡,U²G›¬2öÖRW!C,eÒdp¶i¹ö¨ö42ÖÎÎ>Í»¿KÓ£_¼œb]í�¥*
NQ¦Zùó³B�H@¸ƒ+ÌÙº²&¯E!âRÆ2’®”.dBZÑ"êÑ&Ã#¤uÌ‘Ä¥^"Hž#�ñi¶–ÏÖ÷\«ìùüEÑ(J¯Tú
1¹T‚*œ�¹Aò\"»Ëã³ó›Û
 €–›ØxäþÐ'‹ÿ§}üŸª´x4Îo×ü~ÈÍozŽF·Í•_E¾Éä[ç1 ‹:Q8r‰¨þXd¤€Ž.ióId:oç‚æó¦Ø�?á|ìûÝ›\º-ñ€üºÜ}؇
£”§I’Iç“:Wº<gD
 4d¯=ÁXTFRZL—iaJ΋R+QÖÌÌží¦ÚTûœ"ã5$4„ý÷
“Àe
J—ºhfê`þ‡1âÛd§û%›Ó}z�¯siNÔk9Ü!b|–Íð*jõ´–"©…Գ͎3mx›, ðGYbcxÞüŒ)Çt˜Ö<Lùå)…mÛuгúäUˆ))Yñ|Í«§™ùf«ª—†*699P\¾´¨Éiì�V¢Xˆ•ü¾~‰Îz´*tC{$Þ먀JN�µÃÍ*b™?4uíiù w{I± °_Ü‚²{5òCŸ>?cï~=†5ö[UkÒ°iò…�N,!YHm�°Ý¦:=NDïØúª©�ÿ¿½¼$ú‹ÞÕå\Ñßtóñö¨žÝóÆÙ:6·É
ÐG²…·{
Ok½
 ï‹G÷Ó7„Q;öyÖù8ûK�~›ÞýzC÷wÇZ¯…Ic‘eÏ<Þ`+—Bñù)JvÀkC¿9æDËhMPµaÆ¿ÉB¶LŽ®? |´!X#(b�ãL1ƒPÌVÒ£’[›e~fAox£Hº�Oœ_Û#~Úæ�{¹�TêÚì’;¤ÈfÄ�9n&õkNðÃÐ�..(nÈ>O?\Oégù$3½áCý}�³S?O¬m<À¡—t_q¤ŽÆ#M\¹aÀanf�O��±Ý™endstream
 endobj
-566 0 obj<</Type/Page/Parent 513 0 R/Contents 567 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-567 0 obj<</Filter/FlateDecode/Length 527       >>stream
+575 0 obj<</Type/Page/Parent 522 0 R/Contents 576 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+576 0 obj<</Filter/FlateDecode/Length 527       >>stream
 x
}SÁŽÚ0¼ós[X�7	!�CAe{Ù]©jº§\Œã€Û`³±CËß÷Ù
í–JU)ØïÍ›™7¼�bDôÄÈÌ3ˆÃ(b²yÆ2¤Ëœ¾z;‰&\,²ý¼¹X—£‡ÇqŒ²ñ Ù2GYƒ€¢¥°R8e4ö’ײƒ²PµÔN5JÖØžÁ5ÌQj¥wØv\ü”ŽŽj8Ù”æn(r{	Ñû¡Š¡ÜËIùcaÏYBcÇRû"jy)ž7ïs,|ÿ…ó=3"|mš3ø#:™%K=N�#ïøA	´JKϺV'"^CigÀ‡	ž(Çkñô}èà¾Q�u÷�o=oaÕŽÄé0=ÀXéq�´7¼=½@¹éÌ!”ÀŸžÁß–phù+ Š=�
 ϵ¿<áîªJßU“”¦ƒÒ‡ÇbÒÙ�àfiJû&ÑKXÌPlMïý–	Oô}Áduâ÷;&ë}I؇icat£vhTìâØ*‡^÷Ö;¡œMNaêý~ÈÂVþžâÌ…˜R¥5z
 éÃÚ¸½¿S‚Ú¸æíÙª[»ª±\ûÈT“–+�”]cºÃ�›°F’ÁðÊÛ^ÚÀ 5”Ä'ÅACÚ-…ŽÌ%FtN
*d//¹Žó%ËVdÚü’³oÅóºÀgy’-e·³øÒS6|ÓìZ;Ë£Õ]Mó”åÙ’þ€äg’øæM9ú:úqendstream
 endobj
-568 0 obj<</Type/Page/Parent 513 0 R/Contents 569 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-569 0 obj<</Filter/FlateDecode/Length 1712      >>stream
+577 0 obj<</Type/Page/Parent 522 0 R/Contents 578 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+578 0 obj<</Filter/FlateDecode/Length 1712      >>stream
 x
�W]oÛ6}ϯ¸00Ì\%vÒ8¶
kÑ
¶¥[\ôÅ/´DYl$Q#);þ÷;÷Š´]µ†¦@"‘÷ãœs?ôÏÅœ®ðoNË]ßRÞ\\eWôæöMvG7wKü¾À§©”sy4zñvuqyÿ-®hUÂÖíòŽVÁΞäÓw•ê‚v´ÌèOÞ><>‘iIÑÇÖ¼Ð'ëêâÕê³X˜/¯¯o²lL—Ù<£‡68[ôy0¶NÞÐ|O.–Ù-Ÿ\UÆ~ùʺ@…ÍûF·�B¥ð—ö¹3íÉÛF“-ñXã¸ïñHNä¶-�ÅyEO¼%ÓtµæûŠ½~zD;#ÕJ°Wôz~=„XÙ==©f£(·¬íM¨Øz“ѪÒjÔ�*]wÔi›´¯,)àY[ûlÚ-!:6ýóë_?¼.
 fœÚ˜Ú„CÆùÂÙâ6»á,í|8‚n)ØÁ´í9n\ó”¤Câ€:…W)¾OÈ·Õ€t—¼0ƒçø‹¿e¶Èè£×®U�öÿ
¾Ô:gƒÍmM‚´m}@TÈÓkê£
ö›ë.dô^9¼g¬Ó-Oë©ïóŠpùÝãßï¿
6?þðûǧõ+¸ØijíW–PU×p°BZ­X|''ymÀ+â+B ›.�€Î\K–gü®§�rÁä}-
wN8:;�X˜sæ 4ÎÚ©ÚÐ
“{
 Ì°æ€ÃN»1¯R
@@ -1107,8 +1145,8 @@ z
 6ÞQµÂf c‡Ã.hÃÆ
 �"3æP<ì
âNµ�9KÅ�kžXòÜkî|c�=}KØ°ô×Â=ç¡�Óèõ[ZÎ``Ÿ‚YE„áXR§.$3Ü)¸+ÎY>P•X)O¯àk”þ(÷
Ýãbã´Â†îã÷‚ŒbŽi 6í`Ò¸Øy,àÆ`±BŒÃK{¹î�‰–ÊÔÒ4I>ôeÉj�Õ¤À6…}ËvòyTT÷méB[§OµyÆ&Ѩg=`ç‚Q€tä]–g$=g¶Un.ïïNŸj×WÃÓÿû¼YÞdËÛ;|Oâ»gqÍîÞ¯.þºøuªìÀendstream
 endobj
-570 0 obj<</Type/Page/Parent 513 0 R/Contents 571 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-571 0 obj<</Filter/FlateDecode/Length 1643      >>stream
+579 0 obj<</Type/Page/Parent 522 0 R/Contents 580 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+580 0 obj<</Filter/FlateDecode/Length 1643      >>stream
 x
}WÛnÛ8}ÏWò²i‘(¶ãµ“Ç^ÒE€&éÖîòBI”Å–"U’²ë¿ïRr¼Ú`8H$r.gÎœÿ<™Ò?SZÎèjAEs2É&´X\á÷üz‰ß3|œ¤*¾˜Ïn²ùK/n&ÙlüüíúäòÃœ¦SZWð±¸^Òº$ØŸLh]œ­k	»/·Ò	M­õ^å¬î‚²ÆS°jå©u/šsR¦Ð]©Ì†:/��¤F´-œ“0%UÖüV�oe¡*U¼Z?™ÐÅô
 ®Ë³Ã5œ¤V¸ ŠNG¾F(>ãÓ—nhŠ`9ê‹«92ƽe6Ïè“ð~g]éÓ±çä.fËlÁÇî…ÙÓêþ-ZI<um+]!¼„³þ2åÎ9o3	µl2º£Zl%Kª”‚võ©Ë=•	0
ˆù€ôô~”Õ×ê+\
·úÙY£÷¤ªø 
l¤®3&!pƒ-¬¦�“>pPz÷øùöÓÇ/«s”cäÍæ[e;ÏVL™?}ï|ˆJ!s·'gQE#9b¥QÎ\£ff€;[$p¿õë&E„yÔVf´.U,:0š�ú%ËtêØßV†܃3cW+Ñä÷ø¶TØVÒN…a–|Oÿ…Î3<Œäéà�4¨ªOɶLOÔH5l!OÉ0–íÖrŒYU¡zå!Ëä²kÅA†DWœ0]“ý­RvŠ±‘þœÀW÷RT©¨CX#Ç)H¡µÝ	V)°s+´BÅ8™­è SoDQ£rôtö­*py�ŽúªÌìe=½zXZËŒÛ
6i
 ·O˜52Զ䖜ÎQ«dô`ƒÄE�…os•
Â`d”Ö‘Iû^Îz[22 Cpé´e”�Á:Ì×Ç|<mµ`ªÈ_�äÏN
P÷4£5S¡‘‚%ñŒ|GÖÓën?{Mªá„…AÐÄ÷èwÈ!‘Â7y
ò¤ o…5
n{v)Ã|sÏŽ¼¢9KÁòØgm`�šC²O	­(º¤ŠÞ>¼ûüíÓúîñ!H�¯aÝ)%ÜëÿÕº?3úhF‘ƒ8–ñƒÒ­ Å ml§Y6ƒLÄ?HL8ʨ“9žvRëb/‹H>θ`¢,ǼZ#¯á23Ñ“Ø"üˆDgJtŠ ÷�«K°³dŠK³UΆ!jNÓ¡Gu6ð˜?

:èÏàwGñ@Ï|4…V?dê÷§WTÔÖ&¥°‘²\>”¡ޅ	úéÇrŒÐž…îßÙ„±º‚Pu>7ÇpÔe‚ᥳ[Å	P®Âô ¤�hÚF|çÑ–&&+}dci}´å£öåQ"]ÍØ
@@ -1118,8 +1156,8 @@ R
 
 ø°«>èCèÁ_lri†ò6	PÌü6®%\Ë^�X÷°û¨Š´Ãe[�Ê{ÌÜK°¦ïEçdŒK½>˜N+Kœ�½¢^~¸î¿·L—×Ùâ憓k^ïWoîß¾¡÷¼bmtžþê°­s<ÃÉ‹åäæå/óå<[.®ñ­–fs¾u»>ùûä7BP…endstream
 endobj
-572 0 obj<</Type/Page/Parent 513 0 R/Contents 573 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-573 0 obj<</Filter/FlateDecode/Length 1775      >>stream
+581 0 obj<</Type/Page/Parent 522 0 R/Contents 582 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+582 0 obj<</Filter/FlateDecode/Length 1775      >>stream
 x
}W]O;}çWŒòR*AJ MàåJ|^U*ЖTèJ•®œ]oÖe×ÞÚ^Bþý=3Þ„°ÀUÕ*õÚž™3gÎŒÿìŒèF4=¤£	eõÎÁð€>Mñïø˜ÿ=Ä_¯©�ビ·?ŒÆo|8›í|º:¡Ñ”fŒLŽG4Ë	h–íN‡“!]h»¢k—ëðqöÛÇ4Â.Þ¾ˆ
8°{_jKŠî®Ï(«Œ¶‘\£mÀRa*M&’
 �
 ç±Ô(MÖVÊÓ ç»kÜ= èh®©©T¦sr–b‰�pzH³R-»ÄØ
Ùî¯Ý‹Ë›þ½¹½¹Ü#ùùãòô¢ûyÿãËl½|úõk·zu~FÊæi÷Åíݯ��™bEËREqˀʢq$”®­rvPU•[ÂÃù
@@ -1131,8 +1169,8 @@ x
}W]O;}
 .ž^²‡�——fÝ­A	ÆeiÐZ`nËáD¹¤$À™µÀ•0&tyÑÌ—ª÷ÐÍHûJÐ]o+¸à)Ó<u±—1ÛÞÎ\/k|þ�ùá�À»è2Wѹ¨Í“‰«tà�Áä|aÍ'T¹;[�áU¬ùÂâ·þ†Ø9¦Í`£Á™|ÁÓ%­•™ZU°KL9•çÒQ{Q+º6™wÁ¢à˜™Qid’
©M'
ÆÖøº6 \æê‡v¼ðºã
 ÏG=“›}€x Ÿ�@7?N`ƒoÊT£æ®sõv§×ã4+æf˜MH0cjð0;”ƒ=˜Çhı¤KµBÓ+@w^¬dÅ Ä!Ë þ|ñkŸÓäú`tbjà‰F£‹<‰€à•µà'ë-fŽ$™àÜÚ)Ôø1&¯ˆZ=ÈdQ£\h:�Ä^ìßm�çѧ«ãî8š'''4™NÓ{ìîôúìFpƒýô7FÍ8í¯÷îONøññÆÓr<§“c<,ñýð3»œí|ßùÝ^èúendstream
 endobj
-574 0 obj<</Type/Page/Parent 513 0 R/Contents 575 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-575 0 obj<</Filter/FlateDecode/Length 1041      >>stream
+583 0 obj<</Type/Page/Parent 522 0 R/Contents 584 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+584 0 obj<</Filter/FlateDecode/Length 1041      >>stream
 x
mUÁnã6½û+¾4
lÅvÛ9&»I`½íÂÚC.”4ŠØH¤JR6¼_ß7”ìÍj‹ ‰M9oÞ¼yüw4§~æ´^Ð튲z4Kf´œ/’-7k|^à×1£ÇýèæyIó9íYmÖ´Ï	á³í³«�ªSE¡T�|[ì<ÎÖXÑžgÓŠë	ÙP²#Ïî 
¾ÍJRžþÒæëžrk~“ÃMc] FĉÊi´5d‹~)SUu½ÿg4£éü0÷ù•29é@%®RUm} Œ]PÚT'J™
)*Yå*+Qˆu´ÝQŽû+ÛŠ`/I�ŽêRæ’o·}$Ɇ)K9æ=(])T–ô‹U²@{TÉr€TjÛ@«;ÛP%YÇ$ycUž´ÁåS�¤`3[ÑëH3ož*ý·À“	DG§¿^'´³5å.óŒ[³ªÍ™ÊÖäŽs/Õø6�­É„M�¸+8…�‘¶l
 ÄͳŸ#'ŠÏÖÿé´	ßòe�ö+‡{�«ŸL[¼‡ª’¬À
(Ôᥣ
 ‹M‡ rš)CY©ÌGŽê$ÿOt´î=¡­2ø.‡sû�
õ—r‹¤h�µAgëN+‘f?ÆUhÛ‡ë}pmZÇ}G
s.íOǺá¼F!÷2AU”¢…‹_“Kã>¶õÂnB/!´Èpƽ¥B¹×ëžéf×�ŸZ“ÐÓ
’�ÁþÃH(�ÌÝP{þ¬uŽM@æK%m#µFиü˳;_Œe6£ì&t,5æã*1Ö0¶ƒ
Qz’!½¿pÄá½MîúÒfïÏ#ß©96£�3Õ¨TW:hF
@@ -1142,8 +1180,8 @@ Iag
 }át¿Ä9Qø ft–�†÷2¶OÏVn³VzêÏ4ööëƒÆüÂû}dí]Ü´`Í —J¯À
 xdWpN¸·¼(£8”ÐÈl¨Žƒ�J�¦HJÅÄ'	±ìH.BTÑÍó¦NçëM²º¿§Åf%ÏÇîaûø@Ÿ<Q¿·è·à™ž#§ëÙ½„®“U‚H´|ksŽ˜—ëe²^mðFc±’cOûѷѤќÕendstream
 endobj
-576 0 obj<</Type/Page/Parent 513 0 R/Contents 577 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-577 0 obj<</Filter/FlateDecode/Length 1533      >>stream
+585 0 obj<</Type/Page/Parent 522 0 R/Contents 586 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+586 0 obj<</Filter/FlateDecode/Length 1533      >>stream
 x
�WkoÛ6ýž_qç�8®íºNZ`ÖuM·xø%Q6‰ÔH*ŽÿýÎ%)?”ÖHä}�sϽúçbJü�ÒõŒ^/(¯/>¬.^}zK³	­J¼Y\ßЪ Éx2Á“|øëV4^ZºÓÊŠ\é
9Qg‚ÜÞyYS.ªÊ½\}‡‘9M§ÑÈÕìf<ƒ™áj«•ª’TH—[•IG[³#o¨0tf„<ÌK2šî‚}Ù{O¦õ´Û
 OÊ;\âvÖè
âaãø§�§ÒXbBWÓ×ѵßJ*…ÒžLI[)¬Q[ª¤½iIXIVŠ‚íy6„óúð¦±&Yµç°i…—ãd~¶Ï9³_rß"õ}‹#Ž2QðöÌÿEf$ÕâI+OδºÑ÷Öyä¡/=ÉÇFæ>œE–
‚CÒ™¤i÷ÔXéýžÞ]­_ö\ßÞ�``§ÃéÖ)-�Ó­FñÊ`,SŃÐ^làO[­b¡džŠ÷¤Qd�T(7µ¤�òÛ0ý’„Z¯*…È‚
Ü3;ê†Øk£•76X;åG:‹œÌÆŠšACYPú#ˆòÑ[YK„Âm~h!³v³áwB£Î•3€µjØ
ä¼Ý(ÏX³GÑk	xq	>b•xD:ÖLƒ9žµNö2NI05Ù‡ù(4,;%BÕU	¯À\Óð×çÊ
 d8±$©+!bâþ‘ª,¥•`kˆ é“gñr™>+Ýž`‰¦H&\h Îw×ê)ßµúöŽæ�¬éx<Méý·?æäü�š|Ñz¨t^µ¡Aœ©„UnýòÜ@˼‹j”¤W»wƸw“ßû³0»vâ•Ê¢5"ZÜ¢µ®PÃØq¯â÷“¦¼f†0ï,i�–*Ìn¢–Ø1-AÜ)”Ë,C”I� éòW„s-øi,(wtú
a°5£ÁÒÆX…8¸
YY®R”à·dieü…‹Z±çßïÉÅe^‡ëÌí
4…ÙÛ5µV¹DyJ)|kåŽ}A�¸Rÿ¤�‘q0âTÝ ´8‚(Û'&?q8¯>½Iò=ìÒíëú�¢Èþà¨Ì·¡+mu£`ØѱíÆņ`"T3è:ëBÑ"=ÏçÛgõB°QÌî?f# ìXiT¢#ƒ\ž¡ŸÔ­WæN}¢"s±ÙjÙV~LßXt!leÂÌk¤†RjDÔ];4ÿÓ€Gµ‘ž*ƒ€Ž±÷¼§Ìƒn•*8’<,°�
´3°’@Ñ–å!Ž·2qháœÛbŠ:³hO”Oú%ÛhcûBFÜzØê
@@ -1152,15 +1190,15 @@ Eº
 ‰´1.!Öϰડ¯Ë�ç
9Ðh-†Œ†HnAã^T uHÊ+ÛíMÎc¼ÙŽI¡�êI肃¸€²cLcb¡k�¨Î5�÷Âåe�ÔSôœçnÃxd&¾vŠ˜	›P¾*		¿¾Á–ýþE‚~M;Ïÿä‚ë6¯ÿïéÄÍÞ¿˜>ëí‹ñqE\•ƒ´µW±0ߎ#ì0BÂÂïFiý:ÝûÂð{xè-æ^ÞZ^gzuLèÆMœ§a¾UU�ƒÜ6@è“i•Öú
D&<~:¬!�Å:Ï�3PÇšw
 º Œ·QɺÉû~Â~Ðó�I¾¿benŽ,oÒËþÜ™_ÏÇ׋|1Aaf×lð·ÕÅïÿ¥­\Œendstream
 endobj
-578 0 obj<</Type/Page/Parent 513 0 R/Contents 579 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-579 0 obj<</Filter/FlateDecode/Length 815       >>stream
+587 0 obj<</Type/Page/Parent 522 0 R/Contents 588 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+588 0 obj<</Filter/FlateDecode/Length 815       >>stream
 x
�TÑnÛ8|÷W,òä±l«†­8’4)´—61P—Ã�‘V1/©’T|þûÎRVšú¥…aX¹³³³³ûm4§>sZåôfIe3še3Z,O³‚Å
 Ï9¾ž©�¯GÓ«Íç´®²,V´®×g3Z—ã[2í\G
 ·UŒªÜp•^Ä
[*•¥ÊÑv£"?³'Ir–pJ¥Ñl#Uz[ª.hûH­w†›@ÊöH[mÌñú¿ÑŒ&ó7YŽüãRµ±“ŒÆ$¨°‘¤3&ô€¡y¨¨QO²}l¾Ì{çhã¶BKxkÙ·ž…£äЙþ¤÷lÙmG×XùrƒsïºGùer]l»Hµó¢ë}Ökz²ÀƤÚ�Ä·¢Š 쫤�\³!£+`ñÿªi
Ÿ�®‘W58}I¢ë 	`ã†Zö�A;›„TTk]ÓÖu¦¸‚ØA⤲\
dUè;Ñ{…îëÅ�sOèdÚyÔl+á`´…–tfè{BÕå“43:È¡O×&*y+¥×mDu¶kØ÷}=ª�1n{”¬1ˆ X0Œƒ }U��ÚìMS¸:læ9ïHÇ
˜H;“òP�«É›°�ÕQ«¨Ÿ9£µ£G<ô¦µ¤+VäêžÇ`dÑ@j–þ¢X¨Ö…µšE¸ZðJ¤s€ÁöŽ�¨éf-
ÐxZñóÔv½¡ÖX2@YtÑ£‹[¯#+´ü¼4´•Ù@çZX-ö† ZAqÄ
¯;Õ<¨·CÚÓ~l'ù¢7ÿß­®(/òeñOÒù~|ôBéè„nþ½}÷åöþ˜ˆþÀ´ÑåÙÅÅåÝ�?½¸Ž*¶š«ûã!ïKcõKä/·7}ø
 ìßBþ¡
Æ>_J†u?6%‡�ŒçwƒÚ‡ØÛf¨ûWr{VÕ$É,F·|üwÖì2:‡Á“ºðŠØªaeÃϸ¯6Ñ‹zý�aSŽái°´¥óžËøzj“…§WÅÞóU‘-OO)Ï‹ý~:ûx~Fï°/
&
óò¾ƒI~2Ü�¬fhl5¾ÀöÀú¢TaB‘#Hûéõ>”ÈÅj‘­–8¢òB^]®GŸGß
ýQçœendstream
 endobj
-580 0 obj<</Type/Page/Parent 513 0 R/Contents 581 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 301 0 R>>endobj
-581 0 obj<</Filter/FlateDecode/Length 1651      >>stream
+589 0 obj<</Type/Page/Parent 522 0 R/Contents 590 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>/Annots 307 0 R>>endobj
+590 0 obj<</Filter/FlateDecode/Length 1651      >>stream
 x
�WmOGþίåK@Âw>l„*B€¢âbWi*KÕÞÝÚÞr·{ÙÝ3øK{ŸÙ;;`Ò´ ^öm^ž™yfüu/¡.¾ö¨? ¬ÜëF]ìlÝ_ï%ÇGQ—Ý~—¸•DƒvUЄïSÿ8‰z|6Eývµ=ëE'8K†'x×+>K†½hH½ÑIt„Ó^··+>}¾ÆéÑ1n5w7r{xÏöô†Gü2¬¶g¸?:Ù:~= >{?Ý‹¯FPFÓ9¼Ohšg±“í_,E奥QDwSú`J¡4Ý�/Þºƒé_áe2l^vúGpxšï�¢$¢í­ÉëÌ+£››G”$íÍÞÊqsºTŽr“Õ¥Ôž2£=¤;Rznl)ø)yC•5+•KšMx4öÁùæðQù%f
“œ´+•IwH¼ijO~)IK™„á-Ñ¥NÒoŒ„$~"-Lõ3øº[”aϱf3§¥÷Õ»8†ÏÅÒ8eie¦Œÿ.²"ÎÔÜiŸH"ÿäƒÖ”¦kº­dÔªí
,x]Ö¸ ©2Ω´�줓…Ì<	À ^Šœ­Áç…5uE³}øʦ¾Dâ­£éÅ8¾CŽ÷J/Üì>ç;N‹9‡’Ÿ›´Pá�]“•©10Þ¯+	è¡®2Z”ò�*áÏ_Ùáäêˆ»y]k^MXÿv5W••™žÃ¸¦9â’Šì�€óÚÔ–äS%­’òBa$b‚ȳ‚Cv%¼øœ*ØÉŒ…@Nלæ¹
 «Å€6ˆÚdÙn@¦£‚%Ò#¥Ë¬J½¥´’2$¢$…Sð/‡}+Î&kJ„!X„K01)ÎSpk�‹Î“Fbv°cÐ�ô¥Ñ‘|’}15¼-Š&Oa*�áy–ƒÍ}ì
 O¨‰l	„dn�)9dˆÇÕlP)Ö;Js™TPHœËéí§ëOw‡T8a«, çìÊ­2šZ¡�@Vª’.¢—õɵú¤à¤©:s,“¥‘¬!T®2:ÏË«…¢-@¥½xyã*°Z:vš‘·"“¡pµH¤åãReË€áŽòB=È*
ÂÄåd™�VŒ„ÿ0)ÎgBLX`m2\•U!SÁó–	où´0 -["ÙdÛ&¥Øq?³ëÊ›…ìÞ±¸Ös¹‡ MIÔøG{•ªûN,Ä
@@ -1171,38 +1209,36 @@ lIU
 xÿo¯®‘±‹8[¨Nªt\Î]ÜMâê8�†ñh(êEÜí�’ïÙûM)¸‰n´ë%§4èåõ­£æ1@÷dæþÖrÛ¾XJõûZ¡Y=ç£-¸¡f©‘‡,†¥U¼i´ÏuÐ]K>m:s®dK%™WÑ0ÛÞ*`Ž6jYæýåõŸ“?Ц
 5¼¦¹fºOÉ<|…üŠ¯0°mÇ‹¶ÙþüËíÇÙlòe2½Äß‹CûLèÑéqÔ
³¨
ÌèÙl,,Z¨¼p¯åÞè¶û @¸	‘äÞSÛêÝšÊ$Lê�±KvV‡v?Gí24·ÀЃöÆuµ‘½ãËä|•€¨XÒ›[%RU Ìß½!‘šU3ÄWÏg¯œ÷RXî%jˆ£»H˜·¡Z<µT{ç6=j)À�ÌçÆ*ž¸xTÐt>¾�ÝE㌕È"Œ
LhôøiiØ›wÐWB®-ÏlRc´¡îšvžË9�â©†± €Ø°ð†Z‘2²pò‘UíRÑ«¾…äÒ†J‰ö–bÇ Âc!Hîð8	¬è£Â@†8‚,›ÉÑ(ê¥(Ùt$øT*îJÞ„ÔÃG„ΆÛ>Šª‚`4§û›°?]˜¦\;5ð˜ÚႳƒ`x‰‹Y;ßÇØÌ0a¹S?ÿé7Ldtó!ÐÂõØì^‡‘0l¿ÔkÅW'mòvzÇÔéó¨ùñH„ÏÃÁIcQoÄ]N÷~ÝûÊ5³endstream
 endobj
-582 0 obj<</Type/Page/Parent 513 0 R/Contents 583 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-583 0 obj<</Filter/FlateDecode/Length 1753      >>stream
-x
�WMsÛ8½ûWtå²N•Éè[ÖÌ)O¦Re;Þ•¦ö°ÞD¶$ŒI€€v4¿~_ƒ„¾’�Ö+Rèîׯ_7ÿs5¤
þ†4ÑxFE}5È4]Ìñ9¹•Ïþ9¦M| KÓ=Ï&ùâòÁ§ÕÕ‡Ïiµ‘Ûg·sZ•ƒ
­ŠëÕŽ‰¿©"PÍÊh³ýPòF´5d7ôªœ¶­§ZmuA…5>(<YGlÚš�’�>¿úã*ƒ\Z^�s’ßø™
ÇùH–ÄŽã¦Ú;‡Ã…-™”)©õ,vÂN…ÓGo;6¤èͺXŒÞ¬¹°5{¬Ö\¯ÙÉ1E¥­•6Ñüàhîù:XZ3•ì§×\R¥»ç÷9}Vºj�&68­3°­ý™m]Uø{àõ©ˆÀºÐ9«i/vO̪ʱ*÷g.Ê�“�F³|" LŽ8�ùL–dwáöM°[§š0÷HE„˜9¸%»WvOÊ{xV.9˺”7ô†ý;8ÜV%©ª²o—
\ÂŠ�2[&�œ6ý�9­‘ôaJ–JAlËFRÞ!SY³Í€jMž½¼ð>§}d¨±X[WôJŽÿ`.Â~ð]¸ðÂÜD—ÁAÕVáûäο¿ƒqÚÁøáó‚†ÀuCÙhJÙtžß
-¢‹|ˆ?ZÚÖv,ˆa>�°ý6~csñ<WNa'mœ­ñÚ¢@Ùçk�^LOªxA½ŠËjm_ùù}Šp–fS±ÚVôÑï0‘]÷-ÈtÏz++Cõ ÍŽÞ=®è.Ò÷Rtq	›·|^Ê”™ék £Boü,ßÂw&ÿÇfÐh”öŸ@Ô‡>å·€ Çi”Ó/ŽK�Anÿœž�ž>ÀŸ¨²ªDL›˜.zÓa'°ÑC‡ÛÏÔš’�èF	}‰ùEàª&è¢+n¿÷�ëŸQ’vl
-Náõú¡ë¦â#©V}i‘o›Xš¼«‚È®žðÑ:½Õe±§µ�÷]k
-eh	WýFsUJloYů\!�ªÚ{¹hCË<ýBOºáNùÎ’v¯
óÅ	‘ÚþD�³e[HèEe/KºZ'ßð�òÿOmJûæ{ò:È<±�à@�UÝe	´‡¨ƒö)§ÓcN‘ÑGD5AÃepm
ÉKe�êî��þ,ò‘TK<sÎ
4�l$Íãú‹H&Óòá“”ŠñÒ=Áâ†<šÞí¼»9‘`pžoH5
+'b}ždë=ÔDUzk 0‘;¸û"ùbiae‡ã"¬�P.äô«4/ä´Ëú©i2Œ+ãÕ>2g,u\hÏ8ñbìzœ»0–8“‚.–ôÀÈfékI¯{,~¿{¢ÇÕý×ß¾>ÒŒ¯lø?à�ÁqáX§‹<µt¿hí;dä´täÔ�Á„ä|Š§Z~¹‹"]S†u5@^fŽ_µ¨z†v¿¥d‡™|Žò<—ïÇœ8ßFK']p™
³i6�³Ét–Íoéÿy40EÃ’…ô+Ôíú`è ìÉå“9"¹¬Ì^ô¤EäwÝn è6Ú aPi}�«
ÿ“�%Ý…åƒôÛѼ£Òxá!¦š€â²™£3¢È¥ˆòÀ2@óªª6vÀ=ù]
-ôjM¤TNƒo˜®0Ó
#´F®£•ÒÆèášG׳ÐP颅roGñä*Ó>ÀE�¿ßߧÕ>^JÇ`"�»ˆ4
-VD¢b³
»ˆò‰á/>ç8
-ÄÜ�øl0È‚oE¦‚L'¶:E‘-GDåô×5-Î ü|Ý•ÙiÀ
Ê[ìæù½Ø‰ŠRªVÌQu?‡à2®
Ü¢xCô+|½¶Jr¤;D_é~ù‘–.jçÞnÑ |
†UÆh#�^&HRbÈ_  ó�C(]mȤ§DMÀv‚ˆ„yaS":‹æ(UÈðNtÐøNòÐt”sj/E}î†O–"µPäUå¶;èù…9F“
JÚ¶˜ÆHÊ †jêj1únî¦�ðŸºøû>�Ì©T2>÷ê	½S¯RÁ(ft£8¥*̤Ý3`%ü‹ù¹pú@c4¨ÊÛ¸/²´iðCÇ:à‚•�ïSæü˜7}Í'óF“4ôä–<]ú‘¶ ’ºÆ@`Ñ16V†ê4Äœœ‘+z¶P’›ƒÝ9¤f�Wƒ“T÷ƒ0E�¨w:Ù_Û¥¼õ`¢q(=�«6�¥z¥üaìG¥³»¹ŸbГæ}–oû—ÂátœÏš�Æùx÷ ~>}¤»nØQý­ÅKˆ•
ç·qw6,ÒÔx>]Oæ“|>»íßrê×ÕÕ߯þ2Cº¼endstream
-endobj
-584 0 obj<</Type/Page/Parent 513 0 R/Contents 585 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-585 0 obj<</Filter/FlateDecode/Length 537       >>stream
+591 0 obj<</Type/Page/Parent 522 0 R/Contents 592 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+592 0 obj<</Filter/FlateDecode/Length 1751      >>stream
+x
�WMsÛF½ëWtù²r•“àwr²£8å*IV–Lía•Ãh’
df ™ùõy=ÀðKÞ¶T&Mp¦?^¿~ÝüójHü
i–ÑhJyu5H4YÌð:žËk†–i¾�G“ï}1šŽÓÅåŸVW>�i8¤ÕF¬Oç3Zƒ
­òëÕŽ‰¿©ÜSÅÊh³ýPðFíum¨ÞЋ²ºnUj«sÊkã¼2ÞQm‰M[±UrÒ¥ïW\%ð£Åõ(%ùŒ�Ép”fòHüXnÊ=±µ¸œ×“2µŽÅ�ß)úÕëŽ
)z­í3<†hÖœ×;<­¸Z³•kŠŠºRÚˆ»ÁÑÛÓµ¯iÍT°Ë­^sA¥òlŸÞ§ôY鲘8`Ù·ÖÀµvg®uY"ßgœAЧ �Úú.VíI»�õ‰_UZVÅþ,D1Òy)›¦c
e|Äi´H§òHNçvßøzkU³æN©€Ó{»dûÂöQ9‡ÐŠ%{`YU€ò†^q~‡ˆÛ² U–õëe0
ƒ|§Ì–I£¤Mo2¥• ?"M)R!ˆmÙHÅ;dÊÚl Z‘cç„/ϼOé¿_jj<[—ô…WË0ø`?„.TxfnBÄ  jK†}ç÷7(N:?|^аn(É&”Lfé\]¤CüѲnmΡ`Ç~¦ãQ†ãóðŽÃù3à\Y…“´±u%€W5º
Œ}ºäuÎô¨òg´«„¬Öõ?½�NÓÁt"^Û’>º�&rê®™îXoåÉ¿Ð<¨²¥w+º
ì}‚ä]^B¦ƒ•ÏKù]fúH(×7Mý7ÿÆåÿ8eñü	D}ê£,�‚§,¥Ÿ, ƒXÿœQž>Á¨¬U�œ6¡\ôªýN`£û·©5[‘�òê‹ÄUŒ×y×Ûnï<W?¢%7lÙäÓëåCWMÉGb;¬úÎ"×6¡5
x×�]<ácmõVtÅžÖ
+tþÜ·­É•¡%BuÍe!¹½&%¿p‰:ªrïÄІî—ÿ~ü‰uÃ�ð�íNèåzµý�[m.©çIP½@,ALèZ�\Ã]ýÏ,ýG›¢~u=w-Ô�Ô�À@žUÕ	¬‡¤ƒõ±¤“cIQЇڋf‚…KoÛŠ» ¶|Ž�ú,ÒLš%Ü9§FG’Éè¸þ"ŠÉ´¼ÿ$�bœÌŽF ¸!}¦wG?ïnN”çRMÃÊŠ–@žÇÉz1Q¥ÞL l_Ô^<í «lq]tƒµ%ðÉú”~–Ñ…’vE?uM†a2˜ìQ8S#P˹vŒϦ~Å„³Î"e"A0âZ9,S-ªu�Åo·�ô°ºûúË׺Ç|qeíÿ8²38.‹àt™Ç�€Ù¼½AFnË<ŽóLˆÁÇ|:í¡å—ÛÐ2ƒ±cÔ¶ÈËÄò‹QO0l»tì0‘×,MSyH‰ÓíEœËd˜L’a6JÆ“i2›/âÿÓ`‚i%ã	ÕWèÚõÁÏAÖcÄ'KDŒX™½¨I/‰(ïºÝ@/0k´Á –Ò:/¦
âþ‹mMºËÊy+$è�ct�qBC¬4DP<é¾^p01Ä(’<�ȼ¨²
óoOnS
»Z•ÒàV+,tƒA†ÁÈUðRÔ!{„�Ññf"¢ÏEÅlGð)ÓÎ#E¿ÝÝŧ}º¯ÁC¼w‘hP«DÉfëw
ä“,¿tðœÃ(lw7²Áj \+åe
8ñÕé‰9*·¿®¨iqÏà§ë7Mæ±\¡÷p¢Þ<½7AN
+åÁ	�ªêwØâªÑ@-7$@¿ QСª”F&C•î–iùñþ‚�wõS
ª×`Oe¬52äeW‚E~ü²ûXdÒ5†l9J¤œa+€H–>%£³lŽ:…ïD�ëôGY«öÒÑça¸è)^zn»ƒ˜_¸cЧ m‹MŒdˆ¡	*Hæ¡«Ù›•s8˜tªàï‡
+§bwÈêÜKw óN½Hÿ¢•1ŠÂ{0��vß
+¡_¨ÏEÐc:•®çR K›Ö?Œ;¡˜„zŸ2çû¼é;>º¿p…¡ç¶Ôé2Žx™T–!‹q±©eŸŽÌÉ1Ñã°…ŽÜ\8ìî¡4kü*8)u/;HSDðˆz§’½Á0+嶋ÎÓ¯jQ
+©—ʶÀ^µÎlj?Á’'“û°(Ïû߃ÃÉ(�.4ÍFéhΠ>}¤ÛnÓIý¥ÅïI*Îæát2,âÆx¾Y�gãt6�÷?rëçÕÕ¯Wëö¹Ûendstream
+endobj
+593 0 obj<</Type/Page/Parent 522 0 R/Contents 594 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+594 0 obj<</Filter/FlateDecode/Length 537       >>stream
 x
�”ooÓ0Æß÷SÜK˜;Áqx×n+L¢c´�·(sÜÖ¬ù3ÇAƒOÏ%nYË"wŠ*Uò=?ßÝs¾Ç	…?
 	ƒˆƒ,'!	�‹”Ä‹ÿ3üëá ï‰;`!'|ì€2:®à=ü¿+fÙäÝ<C¶Æ¬8¨Í
 ÀœÂ2ù&%?¸®ºR™Üêºjßf?�ˆ:QÀ”ì#)�Åjyw	ŸT^(öw£œ úOÀ±X”Ⱥ,óª„ßc¬®Àn”­i$4¹|P¶ÆøKÂp×�¥zìTk?œ^„Ý
hDXSø†§�àøø€i¬Où9ì,g¦«ÂϘ½Š1•~̥àCg‡’˜p½uÆ¡uÎŽ;×N]­k'±#뛯òJW¨×½-Žá.ß´ [誢–8•UÅiú!lïè\›ÖÎM¾ñ'NO
'^|Î_Cð¹p[Ûü|±'‡¥’KÕÃ…‡q[/º�ÕÍN=y›A}ƒ‰¥ÌksS¨²ñBØȺ63‰�õBb?ä[§ýí{ýaŸ¶Fôy#+k:i;£|k$"¸F¾¹¹‚×à‘amõ…CÚG]ôã1¸×¶%Npxýh=Üä67ç°}LOÇP±g4„§)p¬mØ.«éb6…+õKíêF™>b«†µbƒ$LŸ·ä‹}'1I¸ÀŒË*žÇu6ù:ù‡µendstream
 endobj
-586 0 obj<</Type/Page/Parent 513 0 R/Contents 587 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-587 0 obj<</Filter/FlateDecode/Length 701       >>stream
+595 0 obj<</Type/Page/Parent 522 0 R/Contents 596 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+596 0 obj<</Filter/FlateDecode/Length 701       >>stream
 x
­UÁr›0½û+ö˜t‚ŠÈ-§­q¦5éÅÉd0ˆX#\$Òäﻂ›ì6Óaì�Ñj÷½§·«_#
 6>|\I>²‰
Ìe„�øøîà¯ä�Õ〒 oÁ\pL’žTŽÍˆÓ·@é@
Ï}_û<}þ¥eȃ>D) Û†(9
 ‰C\|à:š^^Gí½F[#ÆÕ« ¸,…V' d*’XyZä¿Añ¤�©%dÂÁ¦±¤¡oH‹¤Ê¹Ô<5a‰È#úIÃÍnÑ¢�à’1lâ{~Rÿ6XÔEþXܵoŽImKÄr‚ZÃÀ#0‹öRh–
æÕþü
’1�ÉÕåÝ|:A~i‘ÇHÙ|(]V‰®J~sÜpa=2Og‘ëtO
M÷ª„¬r(2PÕÒŠ+½*J¡WFÔm¡nrkwû5¦†³”%Êœ–ZòòãÉþÔ»FË`ù¬‘|V”;ìÁ‚iŠV™à%œ½ˆôübŸVòwªP¶�w(«QUí)º•ùí!ô(Õ6ϬÐüôŠïâDî´_+þ{ÅK~ÈçŒÀ<úa:G—Ø{­—zZ¶f|C²ŠËÅ-œâ«¬ÖkKó226�Ùä3îŠU"D' Aòqx̦ß&U%ER¤¼Í¶âqÊËd«>¶v+�q$eǼæò^¯ªnæµÛiq(e?ÁÓîkM�WÉ푾Q­v\wd­nÎ�p°YW
 –U–¡—7…À	ºWÌú†ÅìJÍáìQòçÕtòi_º-Û7 ›Mí°îáÖÜ‹va4ËbO{›º-b: cëàe
 SÏ!,��½æ^™Ÿ]žŸÁ„?òu±Á6€¯•H¹afQ?¨c-ßÍÕ\A0o'¼2QžïŸxçš+¬êÑèûèÓW>?endstream
 endobj
-588 0 obj<</Type/Page/Parent 513 0 R/Contents 589 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-589 0 obj<</Filter/FlateDecode/Length 683       >>stream
+597 0 obj<</Type/Page/Parent 522 0 R/Contents 598 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+598 0 obj<</Filter/FlateDecode/Length 683       >>stream
 x
­VÛrÚ0}ç+ö‘tjÕ·Ú憴¡ ÅN_’NÆ‘(c,"Ëiøû®°I€“K‡a±òÙݳgw}×rÀÆ�¡^tѲ‰
�cü(Äß.~‡éÚà{
	^2¸‡N=¢—´¾|ë€ã@2EïABÂ=Û6$´Ý!.ñÆ£îð®ÚÏgzn‰œ	šjΠÌ•ŒC¡•ÈgW''É-"�ˆ–1ÛƒQ⹕ٯ͘§åx˜ Ú+d�Ó=È]@kûé—ƒæe–Yš«…È×ÑVQn;¡óT¥¯¤‚Ù�±öäFUð5�‹Ñ N&.R‘fb–¿•�¨)ÚeÊ’ZÂŒë=À·nVšÃÆí_¡ç ç†ùTi“’9ÄÃÌyʸªÓÙTâqMµX¤ðÎz4ÁÚ`aRLÒrÁsÏ‘Ò6A½3ºfµl«c-ê'q׆K`ÜûqÝM’	ŠCÞÜrª!ÕØ7¥æÅ:Ã~p"d®Nùª-r0J@H9ÍÊJ3XüúÆTðŒ5•ÿ÷xÐÿt¸iL™””˜P˜„T+Lh)–Lí§±#«WàÖ¼äé‚¿ôØÜ0Ñ>ÑŒ Û
 ûh¸§¥zŒT‰¥RýǸáïJlktƒ]\pu/(?.8�ÀÏñùõÙ¨��Ç]XÊLÐÌÓœe|?s¤i3‰�ª/]»alî �Ä'ЯãAßÌE&)JOf)”T—Š6ÇÏRáÄDk½6¢<V÷¯XwãC¯–5Yïuo™I£ÁYҰ¶2ß]‹õH®˜|9ÌõZ9Ü“¡«G¢z¡:¾K‚N‚0 ‘ÙªqwØëBŸßóL.qÉÁ÷R°5_–âûÞµB»c®V;âMÍ
 í‡>	ƒ_
ð†ç™¿N“Ö¯Ö?+CO-endstream
 endobj
-590 0 obj<</Type/Page/Parent 513 0 R/Contents 591 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-591 0 obj<</Filter/FlateDecode/Length 765       >>stream
+599 0 obj<</Type/Page/Parent 522 0 R/Contents 600 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+600 0 obj<</Filter/FlateDecode/Length 765       >>stream
 x
ÕV]OÛ0}ﯸ“€‰„&
I»=ñ1P¥R´6ã©2ÎMã-µKì4ðïw�„Ò"¨˜x@ªH{ÝsÏ=çØî}ǃ.ýyùÐ�/:]·a/tCú=ûô*ÒºônðZÁnÿµBºþËÏOãÎÑEžqJÍÃ~qÔ¸Û…˜ï�•Áo`2¤¶B®dšnàM…(m
J)¸J´)„œC†,Á˜L^«
 £1O�i0
 ªLðÌ>”éßAü»ÓÇëÑ8Ù2œ™5pŽrn2—P‰K%ò$"5QĆ„Ñ*_aⶠ~HòÈz˜ÏÁ<.i’WBª
@@ -1213,14 +1249,14 @@ c3l(
 ~äÂÙhßN'7ÁßÈ’þÜÔÿOûL®­c»bÐo//ðÝp0€Ð¯¯ÜéÉÕé	œã
 sEg�†ËR$h“ãxQ¿^éDÝ�½X›[
¦O·W}°QàFaŸ~JЊ^`¿ø#îüìüm‡×endstream
 endobj
-592 0 obj<</Type/Page/Parent 513 0 R/Contents 593 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-593 0 obj<</Filter/FlateDecode/Length 762       >>stream
+601 0 obj<</Type/Page/Parent 522 0 R/Contents 602 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+602 0 obj<</Filter/FlateDecode/Length 762       >>stream
 x
ÝVQoÚ0~çWÜc»Aš„,„½Líh;¤[I»‡vB®cÀk§¶SÄ¿ß9	ª&¨/Ó4P$ˆÏßÝw÷ÝÙO-lü:Ðs¡ëMZ¶eƒïØ–^ÐÃß.>’Á¼Xðê\¿‹v¯vœ…­“‹>8„stâ=#@¶
!=ê[®ÕµœÀ‚¯×çƒ)ÜQÉ"–jNbAó„�Ò$Éî��Ã߈å¿`u\ßòíˆ.‰¼~•ë^µŽL:N)ƒ-æ>Hg×ê&ŽÎëA¶¡”6R†”¡T|úÈçjΆ㋉‹¤“ÏL¶�ƹ!!™S�Köòf'¢c¡ÙgX-YÊô’«-�,cD*à),×SΔnÃZä�äJƒ&�¨ÈÖ æ¸™Uát(‰iÍ"؉ð´·9”Œ2þÌ¢6<0JrÅÂV<Žñ
þ�Œc•?(ãIn¡€.}TVá3“LåIa­M�E
 ÈBHO5>@ÒW®IŽ®Ð”!VÌN'©‰C[Õž�&ŠôO¯oËZ½)Š²$� ,¤$aªÜ°QÙ¾@†ã0¸kÐÙü@F¢ˆ§‹6Ì…¯ó°Ö˜ö˜/ÒÄdeÅõ¦£3X21Y„½õž»ÛÉpð¡>þL`¾Œ
 ÄFVÛŒ«&Ü¢ÓêqK�Öˆ[²Ò°i‡¤¡\{§vú€P*òÕùß6üsq5¹,æQ}åc±Àn¬jƒÝ<¥í›Íð7UäX0ÁÏT7£f.¶£¯
fD@ŒS1§a€j)-g<šð™ÓÀýf<ü6¸®Od$Ì0+æ	ä)§"bU¿7�âtéºõ ‘$Áñ�j)â8¾W�SVy8h‚8Àµ-ßËîäJÈÇ…yöNÜâìwü†¡L$õàj“Ÿð�(…ž¢îû€Au›pz�å÷ûà÷<+0WŠééèìFq"cxê^æ<*bgcÛéÙ}cZÞ	`º9ô‹#ÆC žà•-ºŸL@çaëGë´Î¾Cendstream
 endobj
-594 0 obj<</Type/Page/Parent 513 0 R/Contents 595 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-595 0 obj<</Filter/FlateDecode/Length 766       >>stream
+603 0 obj<</Type/Page/Parent 522 0 R/Contents 604 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+604 0 obj<</Filter/FlateDecode/Length 766       >>stream
 x
­VßoÚ0~篸·µÓHó«I覶”
i…­M·—JÈ$xKlf'íдÿ}g'ÙÊ
 AÝ
 "ßÝçï>ß�ùÖsÀÆ·¡^Iѳ-Ž!>ýH?]üH
@@ -1233,8 +1269,8 @@ T
 É	Ž-‡Ë)Ì×zdz–„§ø}ì´\ÛëÃÙœ¾Ãéåìêb„`Íœ”4£’ò„šÖhQZÂZ§fBìi�Š§"©
 l5M¯ÊšvÙWÂ]:òªÀ)ÔPL¡&­ÞtÈúžïŠçãì¹Ø¾ùH~Ž2ˆPɨ꠽¯ |Ä|ºx[¾þÛm	KJR*kÊQs9¾kƒ
a ÛoŸ³Sê
#VT*x[áøÕ!}'ŒŒg?´qX´W\·w‘ÑÂ}+"üï�ž™dqïcïß~LIendstream
 endobj
-596 0 obj<</Type/Page/Parent 513 0 R/Contents 597 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-597 0 obj<</Filter/FlateDecode/Length 686       >>stream
+605 0 obj<</Type/Page/Parent 522 0 R/Contents 606 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+606 0 obj<</Filter/FlateDecode/Length 686       >>stream
 x
ÅVMoÚ@½ó+æVÕ®mÛô%"i9@Ô`z	U´ñ®a‹½Kw×Aù÷$Á-ª*d	Éã÷Þ̼ÙÙ_ü¹zÐ É;Ží@à:¶~âÅ ­^ô¢žm¿¸Ž;Ÿnp]ˆSÄ
 ¢b
 ˆã8'Ýéxøupï=ˆ"T,}¤2×–ûã,þ‰ŸùÍgÈm¹=$�iƒ˜b"a0–p
…à‰¤´Q\ÌaÁeJׯÄÖ&rNâûý
® 9Û?:¸=N†ƒV"”~܈î7iW¢½Èö˼û¶gc	.l(™†ãÛ;˜u¥\¤ò#dì™ez@… سÀ²`³³ÙY[»–ÔÈÓá8Žh½¼¼„¡´¬®‘0g|ëéÅ0 Ÿ‹œ	knØ
¢È&£ë¦mÖv�×
ŽkCÓÛŒ‰9òœƒ÷p¿ß
çûå‚ʤ(‹ñnÍÊB�ö§"EçÂJrŒPôÿzçÕþGÓÔSÐrפmŽÁ¬Ûž²m;µÛŒÂþR5ȨºŽ9døÀ†éäæþÕñ…Æfr.”®ßÖ±aë±4ì3p´¦,2
@@ -1242,14 +1278,14 @@ O
 '¢,y²”§Ã¬ˆÖk©(dDÐ8ý'êzLˆ€dAÄÛrZÁÞ ó5‡Y¯žý�,
±cq°U;í0ð4W‘eðOjêDñ•ÙÚ`§«_)™òŒáFÀ“¸}*œ¾�¸s)W,1R½‚�š%éúžôû„^>pQN®F×W0(—¡\áE¾œVÃh¹aTÅZ¡Óß©01ªHL¡Xµýзà »
 ‚õ²�7qç[ç7	�y*endstream
 endobj
-598 0 obj<</Type/Page/Parent 513 0 R/Contents 599 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-599 0 obj<</Filter/FlateDecode/Length 551       >>stream
+607 0 obj<</Type/Page/Parent 522 0 R/Contents 608 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+608 0 obj<</Filter/FlateDecode/Length 551       >>stream
 x
­–ßoÚ0Çßù+îmÝ$²Pž¦VÙX¤–j%쥚PˆðìÌ?Øøïw&©ÖVÅ
�xŠ8üõÝ×çûÝÀÇ_ц!›ÞMÖûø%„ €¬ÄÂ8‚Œ€ïù¾Yq5Ÿ¦_“‡÷ÙOŒµQ¸°½
^­Å†a’ZÈɶg… ”–Œ¯`MsBeÃxÚ©ÿ2O§YÞ¤+Á¡†ë3(Ëœ@�+õGHrl88,i®¨„4é�ã"L¤0õyn6°²åÐñý>M>>ˆáDfC¹¦–¦,ñ\µ`ø)A‹ï9ø¶x®s›©²ÊW.‘Å:—�AøáÓbUŠ¡~Ñ�KQ‡g;!o‹È“½zœˆMÎøÉðSjÕœ¢Ýˆ¡µ›¢9ò²OòÈw$yä£äg~¨sBì
^î4U”FI�þ­snëðɱY—-|èúw!ôšÊ…bD¹h‰™Îoo‘÷Rûï÷€6U³4QN?OÓYöà¸úÖÐ<Ƕ÷Ò:®\ƒ|§0¿UF·f/$«õ×R”¬¢ØPõú‚ØWÏÉå2ü
 üÖ;å*`G�;ªOÒäÑ:¾éØŽ[¸ÆKá’Ôå)G—;ûfs`“û»^¼&"nçˆ Š½p<Æ™c?JÌ®ïn®!¡[Z‰šJõKúO‘ýÈÛ©cì
¼¡3-Ma[ÒþiE#/
 cb0bÛ…Ÿ³Þ·Þ?áFglendstream
 endobj
-600 0 obj<</Type/Page/Parent 513 0 R/Contents 601 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-601 0 obj<</Filter/FlateDecode/Length 694       >>stream
+609 0 obj<</Type/Page/Parent 522 0 R/Contents 610 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+610 0 obj<</Filter/FlateDecode/Length 694       >>stream
 x
­UßS›@~Ï_±�Ú)W�>´£FÛ<˜h‚}ÑN†Âa®Ê…Ãjÿúî
И¤Ž“aÈp»ßî~ûÝîï
<lâl`\' >8¾‡ÿ-|
 i}à˜
¡«lêïùÁa8øt⥦Ýõ=À¦	a¼“È,âf£ánøMÝÖÔ@[ƒÚÄBë�áätŽ—¢Êæ%OÊ�möÉTª+`‰Z~ilƒ.®åGãÄ"Â#0û6�O&s:?§pµ“K.+JPnÙ»EzÊE„$p‘J(UÁÅuyµÛOÚÃrè±TlJÆ æiYD¹EԽ±âRì}„<ºf@MÒ/…ǶÅ#>¾1ERY`hNçê!×áGŠ•Á�—7µ?Æ¥.1Ý=íA×xœaÚ
 Î+V±—ŽÖÇ!»ãñ
@@ -1257,8 +1293,8 @@ x

 ë[{µÛ+wÁ“„éclCKÛ“Z^ðö}2~èsÛUTM¨`JDÚvënãGÐ_û�íÉñb4mkxÝ-ê—LÛ¬ñšP‰DÆUÆP`Éó:º9nSBÁ²¨¸éWËLƒ·Ðë„ïw…?«…ÿ&±_ŒG轉‘%Ý•à±LX{�éÙ†õ­‚<ò2Æö¼š—ƒéñãL8
 §ýnw.z3b)Î1=¸Z`›±
gå~_F¿M"ÒJ9n@¦,Jú8ÿ%G�tX¥)+4Híú8¥V&ÿù=ÒŸÔ…Æ_VÈ^¯,‰M„n—Qo\v|Ö윆E†Ízxœ$åš~-Cà¥yCˆvù4üv¯QÇ"n€ëí‘Àª·Ûìàôðpr³[™ë]öµâI=×êùµµá™ÁrÂLU¬ª‚Õé;îs×G5àV±ï8œþ
v£8{endstream
 endobj
-602 0 obj<</Type/Page/Parent 513 0 R/Contents 603 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-603 0 obj<</Filter/FlateDecode/Length 888       >>stream
+611 0 obj<</Type/Page/Parent 522 0 R/Contents 612 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+612 0 obj<</Filter/FlateDecode/Length 888       >>stream
 x
¥V[�¢H~÷WœÇÙdd
‰â¾�âÆ´€
ÕmO6‚P¶µƒ”Sc÷¿ŸÃ­íNf×Ú]�D±8_}—:UßFèø6`fÂd
 Ùi¤k:L
]3Á²gøÝÄ� p¹dôëj
 †
ä€�Lí�p¸®É>=¬bÿñç/ä/fõðäؘ`-’:§yÎÊg�ž©„ºdÏ)TR4w­ñþURHö\Ò.Lñ¯THà�G
@@ -1271,8 +1307,8 @@ $;ÑŠ
 7¬«œá~Q!ø§}aèO^°~RE´ñ‰–ì¥7Ia-ä–1èzOÔKîV»[5щ7+mv¬Ìù7Wé
�Éíé£&:µ‘F‰[Ór¡Îf/ h|âFáaopkäzã&�©„,-›nÐîN{�±Ñª·
×YÜ=lÁ]ßšÝ{,¥Õä;1Á]_�'¦¡üw`
ÿjh
-â
E¯­¡tßé¨Äm.ÐÂÍ:&Il¾t�v
 2f¶6�ÏñˆØžƒbÇwXRlwüLE¿×,oûÃx9žéóë‘	b)êLÖ‚¶-ךYÚljã™U–Þ`ydt?ú
ÌRç
endstream
 endobj
-604 0 obj<</Type/Page/Parent 513 0 R/Contents 605 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-605 0 obj<</Filter/FlateDecode/Length 1261      >>stream
+613 0 obj<</Type/Page/Parent 522 0 R/Contents 614 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+614 0 obj<</Filter/FlateDecode/Length 1261      >>stream
 x
­VÛRÛH}ç+ºò[X‘lÇ—G°qU ›Ô¦Ö[ÔXÁ$òŒ¢دßÓ3òu¹U톊¤q÷éÓ}Nϯ½„bü$ÔoS§Gé|/Žbê‡øìúølã%)/:ühçÅñdïýY—’„&9é
ú4É�â˜&é~üÐÅoü�Nu=—•p’Œ.IjW)ii.ªŸ2£w…IEñî`ò
{MÀ"¶’NÔFÌýñ·›É÷ËÓ›“/çG£‹›Ó‹ëópz#ýêpü0i7󞘹PÚF4¹“TڿDzZÈŠ„Îø¯ð–JQ‰¹t²´Ú:šIº¸þü9zY»uÙõèbÒi?æªoQY—›j~£²'b-«üöetòÛó¡J£4°‘3¤
ó…@¯‚¤¹øa*Výbu9–ÒÿK,÷XJš®ºEÍ”£\É"›¼òíÌ¥f>Çø½ëúb4ž\½ÐR»Hâä†[€Òk­R“I²˜h}K&'&ëµ½žå†Ó4x_ÊÔyjJ—“Å1øó¯PõSš)E–1~ÌÖ­t»Uu[³GhWêVC¯÷ÊÝ¡`Q9®×APãócº“"“UƒbH	Ì '¯âN7heu":_]~$Ãâ›TB[‘:º—]ª²ê%BH§Ý�z¬³3X&�P……‡¬’>â�”ªÜö"÷Ðtx ×–×ê$k4Éç¶Ûôø䜚# V–R£³:u€ëKÚ×¾‚Áq?‹”	
 aa¶Þ(÷§ÓËÑåétº�m?¢ï¦¶“«
 æcf¨V“ ¤Ç*à〴ìh®
@@ -1281,24 +1317,24 @@ Iw
 ËÖ¡� µ’‡y'kmjµ¹¾Ínñtð3.@ðÃ
 U€Í…üWÓpî„YDJ‡uãGè�.Gô†Ì[BiJœî³CpÜé
ŠõY¶ÚNÐ!§æcŸ¼ëîT‘›¢0÷€e,O2€Pø¡€Oì¢çYiCÓÇ^Ù\4ümg!ŠšÙ–¡nàÁü¯r1\8>º�]âÂø\I[mqabeøQ—³ð”xºÀ“U~
�KQek%®ÎAÞ¸™�÷iîÂ;Ï÷%üÉÆ»nä»­m‰®‚kw' Dßj–EÖ¢ -ùÈÁØ:*¤€Ãµ·×Êt¿¬ÌLÌpAgzÀýBå­yƒiLq(³¬°?|ƒÇÎÞ,QX¯	+ÌXªÍ¦23¿Ÿ³&EØi|#`œXkŒsµíV`c©p¥Ó¢{_ÛÜ’µº{îúšñðEï�ë‡Ü?Ïíû³A³$’þ ê
‡ÔûÐo.ÀGçÇGt"²€¹ã~ú{�v3¸Öòl«y]½qËvûݨß`#â;Ý„C�Nö¾îý©,—»endstream
 endobj
-606 0 obj<</Type/Page/Parent 513 0 R/Contents 607 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-607 0 obj<</Filter/FlateDecode/Length 944       >>stream
+615 0 obj<</Type/Page/Parent 522 0 R/Contents 616 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+616 0 obj<</Filter/FlateDecode/Length 944       >>stream
 x
ÅVÛŽÛ6}÷WLƒ>8@¤ÕÍ·ÍÓîf�Ø8n­ê>еfV&’¶×ŸC]Ò…³N
 AmX–EÎÌ™3g†þÜ)À;¤QDñ�²m/ðÄc?¢d<Â}„�æTô®ÓÞÅ4¡0¤´€Ép<¢4'lJ³þThc_“´|m3%ÿ$\$ϬP’„¡-Ë9YEvÃi¶¸ù•Ì†iîSŠßOvnwÆÒš7ÛwFÈ{â2ÓÇÊòüeú©�Æ@—æýŠsP:7¯H*KYÉ™ö,´µSÙ�Q˜
À8•¨šØn-¹¥9ÛòœxNï˜ÌKNKË,?‰ÙÁ3\ºlË56"Û|õê"iÎò£K–e¯,]-fÈq»…_ãÓ3¶<:x¹#++•áÎÊùôÛxÑÐO\Ž©rdhnT¹çùåÉjù�•A(Õ~2rP(VU Áņ�=BžWVÒúh¹iA;ä®,A˜Þ
 ‰LsZ­³ÅíjE\P¡à»~_Ü4t�Pñ‘•;¸3œK2Š
 DEA©ÆùZóRj¼Ó€&�h¼(iÒ¢ö%$°
hhʤùg8µ—݆:úú(xŒ†T1Ͷ¦c#ü±ãª³y±Â«Édµ*
ÓUö¢[ûç;xàm¿ÆòÇ%p·Iâž^wÙ~ϹÑ{³Þù(v‡µÇ[ܵóÁ�‹×Î/¦
 Qd×M^Œ¶ÊûÒöéäõð´ã¼Èu\ÿ/ÓöTSbÍZXË¡ãB•àÜuŒæÐ�*
ò€ÂÓ›�Ì\sZ&M!x™ÿ}¢¥™„@½³G;ñKÕ¶ <{@QsfœWØ­²ºµ
Ù…˜˜�SŒ$V–”xNnµÈ£æÖõjÇjÛÂxµ‹ùÛ�–ˆÁ´ÚÉü—t)„h,ÓuNœ¡ß�›Sç<½[^ÕQæ·é݇·æµzóZ²2¼ÒÐAØM+ÆÁ×æuM¦ŠI¶ë݈ë#Ÿ¦ÏX|dZ°5f„=VüÃ?fótüc[Çæ7¶òjÍoÙ'ôßžkƒÞ=ëëòð¬ÅÏC7È…üÈ£ÿ
yÔ"‡¬+%1Œk¹Û³HαŸµøy¬ÇÀ¾jNß©f÷´Ö;ä€8Õק�[Y½<‹î\>ÉY‹çÿ‹B>ÛÁ#fI;L¼ïžÛ¸íæp4ö‡“	þ–Í	³¼z}EoøçP….¢·;‘ק¹×íõF
Î¥g¦n2JüÑpŒ¹ŒÕ¤Nä6íýÖûv•Ýendstream
 endobj
-608 0 obj<</Type/Page/Parent 513 0 R/Contents 609 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-609 0 obj<</Filter/FlateDecode/Length 506       >>stream
+617 0 obj<</Type/Page/Parent 522 0 R/Contents 618 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+618 0 obj<</Filter/FlateDecode/Length 506       >>stream
 x
µUËŽœ0¼ó-åÂÆ
†ðØœf7ÏC¢<HN#E^hG`Ïb³ÊæëÓfÈCZ,ffHà.QEu—o½:CH#X'Pv^ÀHrºÅYJ÷ˆ®¡ö®
 ïé«g†PÔ„H²Š
 ¨: (}U×ÍåEñ�Êâ©Ì‡ ;¼ù\E	‹	êå½à7-‚¹ßãà—·ï‹0YWÜðàºç»¥�åÎ4°[ZüDØú7÷õö„,¡A^a\V`¸h™óƒ.}'â?êHLCEÉ�PrRê$ã¢íD,Ó_GËàY{JÞ¶ *˾Ø3è¸)ÔFd–u~�ª­AªrŸ>\�žlO,St¶ßÙúHžšliuá|û‘²A?º
Ãø
 Ï0Û€û5Yxh¿RIƒ?Ì?®:i9Zñ.N«ŽH™ÙN´:J.Kl¡Tƒ4'“N�ˆåù9—´�”ÈûV ¾¤ ^уÆþ«ç40ôp; 6´¤örèhY#“
 k!QŸ>@G�œu…�Çòß™µEÞ›cloý�¢p �«EõŸáú6×”æ‡/eÓƦKò’(g‘Ýl>oÞ]màÞa«öØkx=PYÐêwí*
r[š³5‹¼w[§1K“Œþ5­Ækûêeá}ô~
"Êð\endstream
 endobj
-610 0 obj<</Type/Page/Parent 513 0 R/Contents 611 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-611 0 obj<</Filter/FlateDecode/Length 985       >>stream
+619 0 obj<</Type/Page/Parent 522 0 R/Contents 620 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+620 0 obj<</Filter/FlateDecode/Length 985       >>stream
 x
�VMoã6½ûWöÒ¤ˆUR¢õq*ìÄisH±M¼è¡)
 Z¢lmôá%'î¯ï)fãfm§‹À#g8o޼ᗆ"‚ÒjÄ<"ˆ½DáÚÇ_« 7�Hhûí†?oOÌ£Ÿ®à9	ã`Æ`‘ž%^àù÷àîãåßeú¨:È›£}é•î.p¡7M­Õ,‹:‰?»Hëæ©TÙJUªîΟ1Nøg쇞ÀHgŸn~[Ä°U­.šº’Ÿ­¡1Ý1Ç�e«6å´¬Hí.gì™MÎ÷Œ_ÜQÔß‚½#D·Û¨ÃΛZA“C·Vp{Op.ÐTÝWúäåóR®«ÿ	
3åšam.‘
 Ì¿w¶z'S
@@ -1308,64 +1344,64 @@ Z
 âå0ôZeîƦÉ7¶GMí®Û­Þ¦6
‰Uª±/ìíåRc¡ÓÎH�˜¾¸¾Œ
ÙùUÀÈÑZD“isŸÖq<çá|vml9Y`KCEg^Ljc¸“#¸$0ñ4Ž'WLÐ	Î/~9Ÿ
§ãyœO!1g¾ûN~}Wp‡:!g¼[Ä+«7ñ»?l‚5r¹ëÔŸ<üë0+�Äd¤‰¶û.ߨ"²zPÞÃN÷J¼çÖeõ
.	›ê)¸Üœvý‡A‡˜,s¤£¡ðZI"z‘d†'$—q]XŽ»1ÖòÂÙéuÓ—8’Œ.Sy‡aBg§éã>>¯®E=�pVò¹ÓÅ?GT-Šª¯¬ÖT…¦1fdŒ¦ÐYà ï@t‡“ðD@lýT[ø(—ßË.µnÒÕ193…ì°+WmÓoPL&§Ó@÷È>UšÁdj³,M‰°ÎÞÂå:ÇuÃêbqÒ•ç¹;–ÄëÙåì_´mhîÓ	ÅtM½Ãø¬Þ��³Ç|ÖHVY>É�F"¢òŸÎIV¸Ë2ž;\ø^˜$ø
 hz?½�MáJmUÙlð�¿ô8aˆµcáûmÇCĔ—üj:…,D$¼(ŒñQ‡»BЧùbôûè_Q#ÜFendstream
 endobj
-612 0 obj<</Type/Page/Parent 513 0 R/Contents 613 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-613 0 obj<</Filter/FlateDecode/Length 804       >>stream
+621 0 obj<</Type/Page/Parent 522 0 R/Contents 622 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+622 0 obj<</Filter/FlateDecode/Length 804       >>stream
 x
½VÁNÛ@½ç+戸vHçÐiiË
DÁ¨‡RU{�¸µ½fwƒ¾¾ob’‚�BÊÎΛy3ófï{¹øx4ЉOQÞs—|Ïu4Æø€?-)ÙŒ¼‘¼và'/¦aïß<� ~0¦0&¸.…ÑÁíùeüüuþ�Ù°6C}ïèa|0ìÏÖV’ÈÒy‘ËÂR)â8-æÇ$æ"-Œ¥›‹)-¤ˆ¥®¼4`ým7G$fÆjÙ>noÎèúêÓïóDD²»Xæ$Š˜¤6©„pWj¾CQ–r0©¡¥A4�È€-L"õÛ [HÔBi”¤D¦ŸÔämÒÎ�Ù›8 Ñ9›lOãXKcèúÇn¸.õ~eÏåð|Êd1·‹vbªsfÄ.$�WPr¢lÉ¥¡b™e¦ò´Vu—¥TºªGå¥sIÌÔƒ1õ™$î�ã]T3Cù^jüŠški¦)*ÝPÓtâ5ŒúJU€}¡Ì¸D‚<7,T-ÈQU–e¶F¯F¥ÝÇv.VÖ¤��hD(üû¥4ÿ9Üéóº€p©ßÒåÉðFEó4n¯Ð£Ôj7×�ÐŽÈÈH1æW?M`Ý“íN™L¾Á�[µ&ßP,M¤ÓÊ,…Æt5Ù{iÌm˜#Øefë¹lZi[�8)ØÍÐ:˜¡ÚœîÜ•ëÝvpøž©@ªÈÚ‹S�W�»ô‘DÉÒîÍ`ãYUtyæógÏ…B0›ŸL)£4IeÜ	sD�êšuaÅê©áöH>W¦¹IõÕD«¼ê­ñëÐÛq#*÷—Рý¢’c‘a}5zZ©ÆKiaÉ—ØEkRæ›ïW5aK·¸ex|³LE¬ vÎ9w�&c—3Š…,j¬±uG¿º`u-Ñr+W@l„í)lŠ×Ö”Æø‰««ªw–·FS%¦¨=!UJ]�ÔÃÆæ�:=C¥8m~!„W[úÔûÕŽ?™�?ⵃ{sz1=¥Ï¨LÆ€†¾.‘GÕolûcwò¼ŽéÛÓke'c?ÀÈŸ:#¾tö¾÷þ
o°¬Äendstream
 endobj
-614 0 obj<</Type/Page/Parent 513 0 R/Contents 615 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-615 0 obj<</Filter/FlateDecode/Length 1020      >>stream
+623 0 obj<</Type/Page/Parent 522 0 R/Contents 624 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+624 0 obj<</Filter/FlateDecode/Length 1020      >>stream
 x
µVÛrÛ6}×Wì¸/r§b¨K))}èØ­›x&Q\›™ö�3ˆ-ÔI d÷ë{ ÑvT硺Œ(r±—³gpßRˆ÷�¦#G”nzaR4�‚MfS\�ðÕ’r÷àÇpD/=OgÏWœÇ½7¿Mh8¤8gïÑlJqFˆ†§}A•H拉LV²Èda©,È®$Uª’Tˆ�¤¤_ér)–ëG÷@Vê\¤29%Qdî^YQQo–R'§§ñß9oBs0šDíσq0
 f
]_ýò×µ4‹Roèú¿"jV„°�¼ýçËE<‘X¯Ët…°Þð šÁÙówdÔ?’ÊÜecl½¤LXAª å£•¦Â%Õ.å È*-MZ¢´‡£aØ 	«ScOŠqS¹’X†L4쾖ƶ€´å=‹=£T©\§e}¼Bo† °û�‡ðÎ9_½•Ù1ì9º.TàC–©âöbß“øóÍÅÛ+GŸcÞ™LZn„½tÛ"-«õ£_ª€99dÆÃ/Tµîúfz0…û1Ü‚±ìPŠtÕ:^ÄnÎ/ñ‡Oï>-‰3ÇgÃ+í”]½íxÀºÀ½ºQ™Å-aš Ì¯®�g­�¾îEK[k¦P&½ÑWa˜¸y¡sàGoüÏYz×õ¼G“åL	(†›c]¦ÒÆGS¦
 Ü-n�O¡Ÿò¤/ƒ[J’«Ë«‹$Y¡«ÃÍ0‘ «EarôÎ<‚ù'Lré²FØéKV�C×)Šƒ> �¬$µ®Jý*5e%·+eŸº¸+Ê]tq<èÅ¢´ò­sÒH†Cáæã9Åœ”Hm;gìŽ'Ógmw%ÕP¶
ÐX­1—.ãsÊ•6–×`ŠÂQôgpP
g$æ;cþ—«µ¤ô?¾w2ÃÀ¸gȧ„zþy˜”©ÊÂHWÙÖ³‘,�†6âÁ²ŽýÀWÚ)¬kÛ­ÂEÓR'1�6Îóí"±ä¸¬Qæ“bZ÷Í
 �ä=#é±8„ÖÛRÛrßñƒ#q›�­r¿Ü·}®M�0ôF;)…BøÜ®¾îVÂõˆE·Þo[ÒÒ±úI…,q
 Ô[Jl~GBQŽÜ¾Ä�¨*&Þ^©32%åB£4§=R…²J¬ißÕFÉÅxiû9D°-ò‰ÀtÄá$ÁËO[’½5Ûô„KêlÕûÑêXƦ±~qS阣eúµ®1øæõž½Lü?¾wwæ �õ·@Òî¯Mý‰ý¬9§'8‡Íç8Q¹ÈÍÙÇó3úUnåZ€a~WƒlÜÔÁ3¶LÃù—c½—"[L¦“`Ípľ6‰øÖEÜû½÷/áfêRendstream
 endobj
-616 0 obj<</Type/Page/Parent 513 0 R/Contents 617 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-617 0 obj<</Filter/FlateDecode/Length 812       >>stream
+625 0 obj<</Type/Page/Parent 522 0 R/Contents 626 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+626 0 obj<</Filter/FlateDecode/Length 812       >>stream
 x
�UïoÚ0ýÎ_qªö¡•ŠIBH ß -[¥µ£%“ö¡Òd’d;��µü÷;Â�Ò‚4röó»»wÏ/
z»zÐ ^4æ@Çí±øÝ�~{ô)Rp]—¹:ß?D�Ö0×…(¥3‚nQ„ï8ÅçRãD3„§Ñõï�ç¨!-ù4G1Õ3Xàb‚%d&’þjZ8ÈDOøR¡ÒÀé·}Ð�çB¾æ˜L(4,*
 ÆRhž‰‹èOÃ�¦Ûf�}n0Öè2µˆ´!£ìˆ
$\óK:.Ϋ$SÞa6Cž`Ébkèo²jz
ó
öšÖ•Yà2¿íAÓY—¾Mp“¡	7
¥€9A§ŽÑf“Š
nFUH¡ð¡U
ÝöÀ%²)¿bØöj†=ÖfÑ÷q¢’Åc
|�	Œ²ó6Ý<7íS¦!"F šÒ¦Œ¸‚æs U1SPðò“n•æ“<S3à¦o-hi[p7ºþjF»áù||?дä×óƒJ!бå²ÐıàJ½Ê2Q¶C{þQ.l“M*ðš­õ$(=8{¦×èntk¾sÅË">c0Ö’N4‚I³aFjËñû§ª¥²³ì’JBâä0&EoKß,Pºš %8o~ÛqAÇv·Ó
 K~$ó,^ÒZåï’[GVÈi_\[~{+×Í
�–K¸©„ýcÔ% ŽÙ‡¤:Ôë\ªÊe¿këŠõ�êo0Í*He¹ÍgbF6]Öe§ŠýZ[»~³™Ìwe´c´ar½�?8o^¼zm[ÍÝð‡å:
 ç„'ànEµÀÒè!*É·HÈ7rAÆ¥ŽÃZ§Ø&{ÀÒªfŒq‰ú(Pšžà÷]ÊyUÀøîæ8£tmŸÖm
d¦áҩܬ†Žfå8«¬6ngšØ&…Ç2F°÷³µ_²ÏÚÛöŽ*V#¸ò
ˆIæ²4±$£»b)+ȳùJñ­aw}=¸a—½~‡u\{Œû÷ƒ>Üà_Ìe�¥‚¯IÚ߬W7C§W3=eÉ~è³0èÒõJ©ùVm·Qã±ñŽ	4žendstream
 endobj
-618 0 obj<</Type/Page/Parent 513 0 R/Contents 619 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-619 0 obj<</Filter/FlateDecode/Length 703       >>stream
+627 0 obj<</Type/Page/Parent 522 0 R/Contents 628 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+628 0 obj<</Filter/FlateDecode/Length 703       >>stream
 x
­T[oÚ0~çWœ·ÒixqœÐ—‰Švcj¡wOH•IÌH	µ�^4í¿ï8÷uÒ@(Æçä\¾ó}ç±AÁÃ/…ȇ€A2oxăv;"!„q„gJ¤2„,À¿»^HØ.C@=âï2PÊvº�û”7>�w€Rà,—Åð°TÏž4;$ ŒP7ò±”Úóôgoþ-ŸaLž6¿û½ÎÖVìºE,Íãr2‘
 E–©Ö£´Vïý[~ãï�¤¥zÂH¹˜KhA™gI‘JÐFeù|eìá93S0Ï�FGú@¾áé·û.ç7ûã™SŒK#E»ëxp xŠ%§RgJ¦ ’Dê:Ør~ì uØû{½(r-×Ûðà
ü«áÅý×Ao·]Ä~–%¯0y:Ûµ6
%M©òý±0/dyš%±]®·�d˜@¯bŽÞ¶°%\—R½B?ŸpUU³Ý‘¥_sPy|*1ú&3¡5Q-˜—ÚÀX‚Am™ 4ž…±NöN9¶‰®ElÛè=¼þ¯ÐZzP¶Ú•nGM1Óˆõ±}¯·´E˜ˆ¼‡0Qk™§ERÎ%j5…÷K÷_º[Nm¥åjÀÕ–דó óÆ'?t²Ð¨íd
 £æŸW*8^\‰±%P"´„àÄbµyÛÞ¼ý¹áÕ^Þ÷çCH‹¹Àšlš�0“Or¦!”´1»ÀÕ½¤_]ïJª_uPŸâòÆ‚œ¨?è„!Ê]ÜÇN:±“ÎYŽóP(9à
 É�séUåm,|Õ¯$dUo|¹š­[½¸óä‹QRa„#W\/pÅ„u:Às°Þv/O»Ð³P©4|)³´Ú%­¥o+òpd®tæJ.d¾¢÷0
 IÄbÝÂئ<ã�ëÆo>“â�endstream
 endobj
-620 0 obj<</Type/Page/Parent 513 0 R/Contents 621 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-621 0 obj<</Filter/FlateDecode/Length 527       >>stream
+629 0 obj<</Type/Page/Parent 522 0 R/Contents 630 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+630 0 obj<</Filter/FlateDecode/Length 527       >>stream
 x
åTMoÛ0½çW=¥«’íÚò1mº k»Å»4IA=8R*ÙC¶_?Ú²·´u³Ým¡øH¾÷ÈûŠyIr3£„ÂéiNRHyŽ¿cü:
ë>�æ1ɦñs
–§Óœ’ø1ÒY9;yScP®±«ŒçP*ÀŽ(…RÎ’NbŸ´ßZãõqù
²ß	Qœaߥš~U&q§CÇ‹X‚E1N!mÚ�v¢©¬
iM£wÍC¼h?ãeˆ�«´Gº„z%TãZß@eÖÖmúà9Ý´ÎvÇ;)eÇ>2zt­@Ù�¨Œ?ßJ©½GÔ@*ª€L®¡'!a�ÖN€‚Àåj
×[m`¥%•ÿÈÅ�l½Za�Z÷­öóQ
T`Bî�%ñŒï×þWâ·FY‰ú£ì¯•ê¿ƒê-1ŠÌtGÏ{�%éà1´ÔøÞ ‡ü…>Øw£Á^çµ×{ÒXøî±³&ÎÀÍõå—wWËçWckëJþ€;aT­¡±ðUƒìJ¦k‡‘÷œˆõ_bÅ¿6@=Ò*ÂÃfn碮á§vÖßwLÒŽÙ•Q•
Þ�a‹Ã¸|8{,ç$+
 Èï¶rµøp¶€¥þ®k»ÕÎÃÛ¶
 ;�/£œãó ÇÅp+5”ÝaÂÓ±§£«•â‰Ï3ŽñÓ¢û뢜}œý8-�Ëendstream
 endobj
-622 0 obj<</Type/Page/Parent 513 0 R/Contents 623 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-623 0 obj<</Filter/FlateDecode/Length 588       >>stream
+631 0 obj<</Type/Page/Parent 522 0 R/Contents 632 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+632 0 obj<</Filter/FlateDecode/Length 588       >>stream
 x
Õ•Ýn›@…ïýséT…²kº@ï9i-9vÓÞ$‘…a¬ÐKXˆä·ï`Ö?$&­Õ´ReYBÚÝÃ93³=ý8´g™[˜lסgNÿaµY°»8óL÷Ø	&˜i?]8÷{ï.=`6ø+z»pé!z³e�ö=s`2fÂd>„‰”?ªæãÑüÌÿNÇ0Ö3¸CÇúSYâȪt�YYĨ ÎȱÊe¦ÒJ•°DPAŠ¨çû*T¥Ùh“¥�¶K¶I]{!7׸ÙúÜ…hv~žMŸ¦£fÝÖJTSƒ
¨˜$UÇÉe‡k¸²(Á¶”q¸÷ëxêx·ÖAÜT¾ÍÆ£7Ý"UÉ°J©lA$Ó€
 G…†eµZaA^cZ)^W?«ûpÚnÂÞA—iíVA)ë~'Ä
¥ªrÝÚc
Í®”·­¿¯C—Ô–ÀVÃÂû ¸aâ®»Ú¡LóKLÖíLÀr]¢zÂàF�·)ä5…
Øí®X`p�aêúâ²Û‡X õ³wßJ[²•îᶟĪ&*XÊG¼={Aö>›™¿äUÃÂ[´ü²Ê„—¢Š¬
 ™nÈ[h×G÷ý(Uš¥�H“Q`YÍ[ƒ&d‡
Aª
 CTª	²ÉÆ ÛÛùGÜÌâ)}ÂúÀÖtÍß¿ÆÜü?‡ñ	½|¥Of?ÊŽN\WßQÌæ¦ð<}
÷çëó!Œð™c¡àcG›»Ê`Ž»Ùi8–·ƒãøEm;¶é—h#ˆÞ[u¢¿÷¥÷ŽçNendstream
 endobj
-624 0 obj<</Type/Page/Parent 513 0 R/Contents 625 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-625 0 obj<</Filter/FlateDecode/Length 903       >>stream
+633 0 obj<</Type/Page/Parent 522 0 R/Contents 634 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+634 0 obj<</Filter/FlateDecode/Length 903       >>stream
 x
µ–ooÚHÆßó)FU_$§xëµMßœÐj \pÛ“šª2ö8¸5»Î®�–o³‹IpKH«ÓE <ûÛÙgž™å¶ç€M/B¼ÒuÏf6ŽÍ\ð£�>»ô/róÀ‹<ýøà<î½x€ã@œ+ˆBˆ3 ŽmCœž¼¿œŒþ8�¿P�ßÑN–ãÑqvÒðL¤Íy�db�x²FX6yŽ*QÐ#¹ìv±ö	³Átü‘7ëÏÄ�ªO�o¦Á
 j
K„Rˆ¯´eS±#ìt•È�G€�ì—›šèäI©°Ü@-®ÊDl1�ªe“Ö�Ä?·ö[5Ìa܈ùZŽ>ó˜ã2—ÁªJp…Ýìl°Ü`:ºœ~¾¿~ü´­šIGä)R!;b¾›ÌbÏ}œ¹§3\Ÿ”…Ò§K–â¯O»™v°¿c‚_.üÿ”«Ñu2úEKµ"S�	’K±¦ÊÝ6¨ê3èÊsÌgÿõ([µÆ�H.ãÔŠ<+Rr Õ¤)*µ­Y�šTw«åù;ãùfãøâòÍåd•B¬í›¤5̨k2˜UëÅ]k/†,ж�WJ[ÛLä@Ë
 2/ÔÉWä 8Ô«BAEH$¾ÒY8Ì÷\Cˆè�u²$ÁV�@*8GCнZ{2>E͈$òbz^SÈ?ק…@›ÊM¥�X%J}2SFkÊÏ	˜¼ÔtJ#áp5šƒÀ·¢^²™5Ï®éo>™�õûN„gµ uyQ"¬ž•ø3»à7?�‘œ:¸/ üe4¨(úpöwß³mƒ´ºùê€aYÐPƒá*)Kä7HiêÅb°3Yç™Év�òŽææÃ-v]¦�žJÄRŠªoqÓ‚I!Í4$Ž»‡h…Ðßï­ÉݬËôÅ{”E¾¹O]"Uã!í…¼ƒù­
 ƒaò¾ËÚ„Èø)ì`
 â†óöwÓm¹yþ·#° Sv]»-ðO–a^pjÎ\HZÐvÈU�DÜùŠúJntãhaöïÚû»à #L›¾uíï¶ß…uƵƵ™·-¥Kv<ÜÕè8¦½|^õ&¯û’çxÛt¢ö–u|—ý>!]±‘§GÂb0=Àï°JoR^/³œ02ÑVh÷uh{-›î¸ Me¦¢§~è³0ˆh˜RàKG¯ǽ¿{ÿí\¨kendstream
 endobj
-626 0 obj<</Type/Page/Parent 513 0 R/Contents 627 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-627 0 obj<</Filter/FlateDecode/Length 933       >>stream
+635 0 obj<</Type/Page/Parent 522 0 R/Contents 636 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+636 0 obj<</Filter/FlateDecode/Length 933       >>stream
 x
¥Vß�Ú8~ç¯éÊž MBB߶ímµ»{W¸¾”SåuâÛ`ÓØÙ”ÿþf‡Â6ÝV:!Áóã›™o>óeAˆ¯æ1ÌRà»Q„�ÎÒ …$›ã÷ßµ€Â$Ù« :˜Í²a�8I‚xÈ#
 r¼Y�^^¥E°.VšÍa�B
 CXóñru	—�-!~}±þMoŠÐ§Ñ­óqø5,ºÓ>Ðôô˜b,õV+x«•­uõ|(Ñ…Z@”&jø��AD
PÄâK#Œ…·%«*¡¶Þ­GÂ4¦RÆ·ÚŠ×P¹üFÔ�¢ÅvŒeµ5ÐJ,ζ^l6/€—¬fÜŠÚS9HÍ~�œ.
 ›vXNóJ
 eÉÞ–vŒ—R‰	(mÝ
&v's©¤•¬‚%S7L±-æÛ3cZ]çP2SN€m™TXk[JŽhÑ�vUSNiL#òÉ“ô®L�¹Ÿ”´FTlÆ•n}Y›‹€""áZYUp/8Fîc¢%õzÕõíÏÕJØÍ…Gã¼NãH3�Ša¤pÑ©¶O `.ƒø]üЭ�ƒnÀj`UËr�½èÆ‚…šÕ±›±(�€åÍo ÷Õ·»«T8k¬íIV VJ¿¾¼BjyºOãì”XH-O«Îð”L~êï®ßýÞ�­B£rÍ›’Aäpß
SK|tˆ¾­ÚÙ†ü}{½ZˆöŒ¾�’\çÄàÚ·÷ÿ…õäýå°´$Ÿ²~ŒÖ<r´³ì»î*?ï{L}7{­ÌÀûÆÿ4«_].¡¶©ŠÜW.—ijÀ4œcŽ�æ É©â ¼^q°Îü°Nr"7ÈÂ{a[!®A§S¤'µ/rBüç
-Šcpß°Z䔀U¸EdÏKÁÈbw”| ¬ˆ°ßéÎyzŒˆnßâàÓR¾ÖT& uµ¯Å£Ô�©ˆŠùˆ|ý†_™ïTO‰íç¢b[Ô	å*è+ë5È­-£Te±·q�BÒ€]ƒgÙƒ\ïý‚?_á>‰ØÄ	VI¨½¤QÙ¨æêIçLsoh:¨Üï8?[‰ÕžñaÍózÓUô3½XÞ½ÿ|}{u×lH2|×¥}Aì"Rºóé)v¦gÛ�y=‹æø—`±€tã¼ûV—7o.á�x•ÆkÌÀûÓPØio;�‡‹_¹Y“yÌÓ·ã¾rìÿc=úkôxf•4endstream
 endobj
-628 0 obj<</Type/Page/Parent 513 0 R/Contents 629 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-629 0 obj<</Filter/FlateDecode/Length 920       >>stream
+637 0 obj<</Type/Page/Parent 522 0 R/Contents 638 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+638 0 obj<</Filter/FlateDecode/Length 920       >>stream
 x
­VÛrâF}ç+úW,Y, y·ÔVÙN²(Oë”k<j�‚˜ÑÎÂߧg$n68û�¢¨1ÝÓçôéÓ|ïÅÑ+†ai|ً²$
0
ésBo…Pú®£$ÌNý�&ק#’4¦'RÅiv:Õp&ïnòÞÕÃâòÒÕ™�†�@µFä¼Ïë
 …	8«¹­™Á¸Â‚U¬Öùß�uÑ
…qJwäEÿÏ/ÏùèÛ_퉃ü»
+ŠJÌÀHoƒÀêj&`]™9hÔ
YÂôéæÈ
 Tá\–&çï8{-k6Ó}–T¼CÒ>zé[mY
+V[„JCôa§ÞÅeùrÑ&BLFÔ‚8aB/øŠº‘Bãq…IÖžäs¦¾�>!C£Z¡:¤öÿ‚«Ù’˜ÕvGA%Huß-jãïð]ÛªÐX%H¶
T¢¨8ѤA[ÎQëJVÕ–Û2eÅBȵè
@@ -1374,33 +1410,33 @@ T
 "«íî%ì†Àçi'ã°g—þ<Ÿ#_¸K`3V	mÜ—n܎ǧc/}3'Ä�’ŽxF]p”4
 W•´ºÞPU«•G? ‡e¼\œÆç2|0ê('ùe=»¥’Ë€gFßCu»ûME:û	âw85Rêât=iai=láÚÉe³q3¿Ïzîîø9*¼¤®qF¹À
ùG];yЃ‚Dü¾û¦�ø…
fé<ù‰Ü©§a|�FûR¯¶ïDr0îi»q÷ÓóQÀÝ´ß>>ç¯_ž~kOœ2¿Ž´ÊiÙ•põ®¢J”òø’#‡õ¦ò‰§ÍOV’Û%!ƶ{�­ÁüW»ýz7=�ñ£Ô­ü¼XÈã—
°¦A¦HÞ~¦i
HZ/¾	?lL¿�cßzÇŽ2và[�]µžñ§AçO“'x”3éå²ßh®û®D¾W¯$,åÖD®Üº([½º‡Â[-9ÆεæLÏý|ùH(¥òâîì—ôYÈ%9D§¹Q·dbÚÓÙxLÿhýéäéfw¸ÂZ6HTýjI7U°=£ñ~#yÇ�ìÕ�àWã`8‡Ùˆš’^§.Á}Þû£÷/®Ì�„endstream
 endobj
-630 0 obj<</Type/Page/Parent 513 0 R/Contents 631 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-631 0 obj<</Filter/FlateDecode/Length 758       >>stream
+639 0 obj<</Type/Page/Parent 522 0 R/Contents 640 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+640 0 obj<</Filter/FlateDecode/Length 758       >>stream
 x
ÝUMo›@½ûWÌѩ–/cÜ*ç«�”:jŒ{Š„,ÉVx×YÀMZõ¿w†…[D=U•jd¼ÃÌ›·oÞ>Ž°ñr`ê‚@ºÙ̆ÀX~8Å{¿šCÞ,x®Ç¡wâ2whÁ	ýá…Àcþá'ÑèíÅ¢Qá¢‘mC”ŽgÌÇËapÃk^VGÑ7Œ^â-7ÀœQ6^Î?Ç—‹‹kà·
ØŸåxˆ#Êd‹ÊJ×iUkn"»Ò…º¡IfªºTµÜ(Y¶±e¿^_ž½y½f-3•Ök.+žÁ]�ç\ÃF	|Ôû�4å;¤§7çgËד–\o1Oªy†‰ER”Úÿ*±æØa²Þ@²ÙðD—P)¸ã î¥Âxf²Ú0#ºMÏH0Ñ#r¸o“Bdq�Ùn�(ÔFúlÜ~\ÿyðígu¹ˆœÀ<x`Aù]Té`¦ËÊL¤I%ä=¬–ç7Íív AÓ+AIB›lRIë×
 s¶”Q/i€í¢¨(Ô½’&Wz�h”l_qÔ<öFõ¨Ï¥;+ÎëêAiQaô–ã0¼G…Z°@`´þa ‹æ(-IY(²mŸ—PÖiÊËòꯃg^©õ8ù3íT¨O:ƒ–|d«RAÃÄ[A=!ôÊâõöŽšýô»À,;f_©ÛÆ¿ÊæÓ©Aø´Q¼ŒæÑj/®ãåêôSL°:�bvsA�“¹XºLÖxÊ„ÁÕrèp…âÈsÚ‰}c!#/TÅß�a-¹+ž�¡zàôÚ�”A”ĺÈœôcHd	ÎSZk�3Z<Cß	n�€k­p„UFâ"Éð¬ÓBkW8�TÊ £ôB6š.û–¹çZ“â•ö¿z¥±ÈöŒi‡{&ÚÉf{;y"
 <cº
DËi÷-lO&g²`6Ãs×7þŠš:™ÃßòBm8÷ÇZdÍÁcu±ÖÔFß6ö÷,I=þÔgÓ D¥cÐħ¿Î£Ñ—ÑoE'-Nendstream
 endobj
-632 0 obj<</Type/Page/Parent 513 0 R/Contents 633 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-633 0 obj<</Filter/FlateDecode/Length 659       >>stream
+641 0 obj<</Type/Page/Parent 522 0 R/Contents 642 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+642 0 obj<</Filter/FlateDecode/Length 659       >>stream
 x
ÕUQoÚ0~çWÜc+A›�„iš+«� ¬Å<�iJÙBLcC׿³CR²¶À´ía "“³ï¾ûî»ó}ƒ€�_…¶Ѻa[6¸´k9àø®)þrcèxÿ¾`hߢ/ÜÎsO}Öxó±Ä¶Àà®O€Å€�mXtѵ:Ìñ3î
GÓÑ„ÍçÁ@?Øhr=	.Ù7<îÁSúx‹z–‹.¡ø[X‡I*S¡$<$i
 ‘ÈT˜dbr#2É«MPVI´µâOv¹Û4†;’gÊ2FæK® àª?œL5LÚ˜3ÎÂ5‡DÂíàf6˜²¯Ao<xGí÷MôΑ»Ã÷zŸŽfΈ…Y¯Ãh•dס21ÍÛœßo¹TV‘/Òåìóm¤Ãjžˆ7[ž?ÂBäðéêÃä<Q°Ïe"²&ŒÆ
Sâ;7Kj›% MI!âÖ8¥Î-Ô˜R·Lv<Óû
 Â~
XÄ?ˆo‹Tžƒs‹�³aÀˆ[˜�}aQ�Áö”†­c¹¶LÙíëÞJºu	ê�Î÷QñTÊíˆ#��ÿùËë€6a'ÙRË‘¶îž&Ë¬V Qz
 P)e¤½ ʨažÿ‘ºFܦ¯®„t"ëc5­øG>öÒ-|`�	JhM„T‹°èÿz<=?~G…=T¡ñ„Ý€õ:Ò|µÂœ]˜_`{m7žG¡äóË:ÜšÓÿPX'ôTyf†ã‰¼Ï’'’YίœG‡W\93¸Nr{–|ÿiŒr2Ÿ•‡¿—?q¨åv»à¶©åëé?í�û=¸â;ž
 Ô•„ëm›Ñ×"žoö¶<»[Þ)'î^Çs,ÏõñæE×�Ž®Ó€5n?
„X8bendstream
 endobj
-634 0 obj<</Type/Page/Parent 513 0 R/Contents 635 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-635 0 obj<</Filter/FlateDecode/Length 608       >>stream
+643 0 obj<</Type/Page/Parent 522 0 R/Contents 644 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+644 0 obj<</Filter/FlateDecode/Length 608       >>stream
 x
ÅUïo›0ýž¿â¾µ“
 Cø±/Q«nS¤6Òö©�&œ„•Ø)6Ͷ¿~g 4Þ˜TiKé*_Þ½{çw~¹ààŸ!
/€t3rlƱgûàG!Æ¿%ƒe}@¼1þûÛÁU2zû!ׇd‰XA„Aˆã8�¤ç±=¶‰
‹Ë[¸+Áß$ß0?×mò-bþùL(ö64]çœ
§9ÇÊr+¸ÄX¶d)ËX?@íœÝߟAº¦%M+¥­�°H€Ü;ÀYòŒg¹àps;K”xduHœ:4jPìS­H]œJŒV^åÏŒë<}T²§ŠIu¼V%YÙ1o²
ö²ÚЇÉ5¨:^+Ú)5-5Rº6ÌJÙöþy:KÜ 9ö[¥q¼–ëÙDkã|w—€uj*ÖaòX«	¤¢âʤdâ̦‹d~šÔáì_
ÓM¡£—Gwç64/d!z{B¡=rº'ZbÇpêx¡ÒA�À2�Œ8,¦× 󟬧?íŠ;™g_uÞ—Óô^/@,µù:L±ÆP/N5g‰T£»ä	~`K³,ç+Pü	�	Xh‘¯8ìrµ©h©té½Öµ³zŠö‰Ýy½G™¡ËÜ-‰Wa´Û¥ÁÀÕX¹�Vƽ8o7œYï`�
1®½ì¡—÷HZîÛÖœá?ö#R܉òG®pƒ*+©þÆ4Û;¬_SC³Ù
oý�»µÃ
#;ˆcÂv}ãô®.áš=³Blñù‚�UžÕÝYû\+tb½É�½®~èÛaá[Œ	ãúxŸŒ>�~
«{Vendstream
 endobj
-636 0 obj<</Type/Page/Parent 513 0 R/Contents 637 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-637 0 obj<</Filter/FlateDecode/Length 755       >>stream
+645 0 obj<</Type/Page/Parent 522 0 R/Contents 646 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+646 0 obj<</Filter/FlateDecode/Length 755       >>stream
 x
ÕUMsÚ0½ó+öH:ŵ�c›\:ù.3
iÁÉ¥t2Š½µXr%9
ýõ]ÙÐØBÒca`+=í¾÷võ£ç�Ko"†!¤EÏu\£Ðñ!ˆ#zöé£ò:pÄ»A8t‚];|ÏuÂ]�¡ÿ눓¤÷î"σ$·é„qI”’ëB’ö?^ù®‘ßQ$ßhå<Šç0 ¥ƒa@	$Yä„̦·³ÛSHš¥&¬À>ñ›�Û3\øåGûÎ0ç5äR�Yr
%­~<Cax¾æbA#ü¨P­�)<j�ÂM¶)l2˜ �Ù’–À¹¨Šî�6SoH҉wAêB¶áÕ*¸$ıÈå>,ï°‰)ÄÖï‰Ï�]™µ°l÷'Òà躀>à
 ˜È@ÿä&]Â[U\Ô\(Ô¥-PÒ¯ª`÷«uÓÄ80MÏ’üÙ@ôiãØLÛ„Õ'¦<׊•¾c
ÌûSÃ¥€Ãù
l
÷2‡/¸!)™Ö\&R„%*¬kCÔÖ±Øq»rª}ŠõÙ]Â[IÜ^�ÏÞ<Op)¹0$żo$èFA5¾Ÿt!;ÞLƳdê?ÛBÚ3ž$ñ—¯ÏÔ,Ëj‡JX�W*ÁS™!h£ì¿Áà~mH�_⎔\6¦ŒeÕ{vuBT²Ն̭1ºQ&Ã}õ<Ùæ…zö¢´Ì¶æ•’‘`³ÇÓó»ñäâúλ;M¦{@w/ÝŒvÿ6-©/J] Q¡8ê=è7/ðG]”£R¤RÁyQ°B± ½æ4.rz�ýÚzŽz½ö{-Q×ñ¾u|ÓžÝtZ–)™Öèbü›%þ71ç})hŠQK‘<ߌÂZçÒ( «AH1ø…J6:4ìo†¿BS)AWꀆ^ÆSfèNÑUš¢Þø"ÞˆæE±ŽF†^sÌŽ¯NŽáÌŽ\Y¢ÒpYÑíc™l×"wôÊK.ˆ'
 cÊ„fúadaΓÞçÞo1ž!�endstream
 endobj
-638 0 obj<</Type/Page/Parent 513 0 R/Contents 639 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-639 0 obj<</Filter/FlateDecode/Length 914       >>stream
+647 0 obj<</Type/Page/Parent 522 0 R/Contents 648 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+648 0 obj<</Filter/FlateDecode/Length 914       >>stream
 x
•VQ�›8~ϯ˜‡>�¸@X •úÀ&Ù*ÚmÚ&´÷PV+×8nÁ¦²ÊýúÉ]Ú,«S‰àñ7Ÿ¿ùfœŸ#lü8¸0ñ�#›Øà{>qÁ|vñ[qضWW	/-x¶Gü‹áïï¯ãÑÛ›)8Ä[Lî‡ø�&¶mˆ™1%˜�ÀŠ×°áÕžWð
—b+Çñ_¸ÓÇévZn€;�•¬ù;Èùžç�)¨w-8ìiÞp 
 2Ѿ¬øφ«št0HàM¡ÏìXw‘¿çó»À¯«å&^»Ýº×¡~–3AáIuÄÒ8±þõu¹Š'C(ÏYÍvÝÉÎI·0îm”lÍU)…ú%¥
–{äý¿Å>ãýíÓrþǡ/e&j,[-a³X[¬–«›OŽíhq1r@Úý‰!E~š¦<…l½ìíZYWÚ
B
 ëo^Éd¬“wºõjT¼n*�´Ð!iÆhͨ†1®ÔInt˜6©5ñŽ	̪CYËÇŠ–»Œ�ÊRr«沠趨AŠZCfRœ°zÃ[›¢õ[@Ðms¾ÍD¦#û´GÑuåZ‡Giš‘cFnwŒ·7—”Y¢ê9ü8ÔȦJy…š 2-°¦ÇdUµI3ñ^øŒ‘mƒÐª¢‘T¤õ®<29+ÿ"1nÍù“ùb‹Ù5pÁ´Rx2M ìR¦´¦0‡FiA÷î‰àvÀy!Ÿ·‰1”óŽ
@@ -1410,8 +1446,8 @@ E
 0Ö
 ìé¿×îK¾x$ðCœÁˆzj„E<ú2úra¡endstream
 endobj
-640 0 obj<</Type/Page/Parent 513 0 R/Contents 641 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-641 0 obj<</Filter/FlateDecode/Length 1362      >>stream
+649 0 obj<</Type/Page/Parent 522 0 R/Contents 650 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+650 0 obj<</Filter/FlateDecode/Length 1362      >>stream
 x
•VÛrÛ6|÷Wœ§FN(V²e]<ÓÌ(LÒz_*Ñ“‡(0™ŒIBÀ¨úûî
E™fÜN;�u98—Ý=>
i€×�&'t:&Y
Â
�ž�…SM'x‚?£hí˜ÍÂQ÷ûwñѯg4Q¼FªñoBšÁ€bÙ›…“ð$¤£�–:?Ž¿#|DÃaÞ?™ ¼õß.i¡£TäA$iÙQd9z@ý“1ÊrýBK’ºØTN‘UÖfº¤µ£O–~£«ÞÍ—¯³0ž}êƒ0æI²êE2ˆìê˜_Ý´ç´�8…¸O
¬ŽÉ·4¯\ªJ—IáT€ %B¹ÔS(R$¬UÆ­zœ¦ý#ò “Ç¢ó}ááixÂóŽ!eû˜o³ÓäuIßuVfå=¡%Jt!²Ò¿•y†i›å9é�$"Ïw$œSÅÆ‘Ó$SQÞ+Êœ¥
jnµIH”I;‘Ô¥3:Ï•¡Bì:}µ®¬âLÕ&
ÈD‰Ú¨2áv@�Q÷™ufNœÃw6¤8ÍlÝ“È­&-eeh«Ô·¶vÊl…IlØ™2:‡f€oœjÕchòUï…|ØY*óC™›ýHKå@Ñ« –A§a䈉ý
 9L‚!‘z»^õP€šö	¸ ß•ƒ¯ùfÈLž·¨F_-Òö�¡åNñ˜õÒÌSèùDÕÙYô‹	X+O•l§Rs nÈë§:HÞB‘çt
 \úÄú
>ÛTYæ2×÷¬ Ý–Áª—•2K '‘¨d+™¢‚h¬,/¯�Z€�Yu‘AuÉKö?h½Rî³¾×åRþÃêmÚŸyŽƒÒyjoÀÄpì—ó'öµ@õŸ˜íÛlo#‹ÍqË¥Ëh—óËš¢gèðT;ÝÁyš7ÍaìžÉʵ^õ@à·ÒdÜ^¼–ïm œßˆ¶b ÍN·OŽåK´òÿ‹à9GÛÜû§ÃÚ‰ÙÕOCŠtQ@+Þ§_puxÖ:3Öý“sµ\ê*OèN5öŽ÷0Šr§KE9ÌEy몀
°TŽ%ÉÒÄÇΰ…�i†ƒ
5”"LÀ~`‘¥Þ–ôCä•
@@ -1419,26 +1455,26 @@ x

 èºY2LÜ|�Óõ¢óæÔðÎ/ý�ÞÔðäÉO¬ýÓQcjÓ°«j
Uqo_Çüäæ%×DùöÞ’hY±!r•[µ…¾Ô¾ÞtÿÈ;œLÃñlFãñÏØœj~ùnNï
Z®7Ž~¯p
så~ÛŸfú³ôh2
 'ã)ÆÀïg3>ö!>úóèo×Ü«:endstream
 endobj
-642 0 obj<</Type/Page/Parent 513 0 R/Contents 643 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-643 0 obj<</Filter/FlateDecode/Length 659       >>stream
+651 0 obj<</Type/Page/Parent 522 0 R/Contents 652 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+652 0 obj<</Filter/FlateDecode/Length 659       >>stream
 x
�•moÚ0Çßó)î%•f7NBöÆZUjÓ­dê&!M^0#«±['�òíwNš–nÈ�%àóïþ÷àËÓ€�‡ƒØ‡ ‚|3ð¨‘Ò„IŒÏ>~�€U³øŒÆÿ.L³ÁùEŒA¶BV”Ä�-
9žY>œÀüjE	\AšÁ\äµ)ª=àŸ‹a)Ìno~Z“²2u^ÕF,Î(dk±ŽŽõ
 ª5ú×fóñ,û3`4| ~L¼gË¡Û¢,´"iJæõ¯I]­Y÷àw
¥Ôî&Q/½Ûê=§Ÿn“óŸ
 ÊUÉý‡F®�§fcgMD€úˆ¨1…À”`€Jïðî„äU±˜™Ss‡7Ì„U}~1¶é%
ú¶âÇ4¡ˆ½R’–�NËWó—j`¢ÞŒÑü›B¦ävÇ6F¯e$~ÔúIk)m	[rWglÂÚT`Nñˆ×trhq¯�\º
ˆp®uÎ¥à;
ŸŒà•6p»SÂ`†Ý¬à$Ö¥Ñõã	,æì½®¹0X��þ	ÈVÞÉÈÀ�\S<`µ*žê¦=gîü…í2vmÓ†M/øÉaßúÔƒ“{0ƒîØìÝžGŽ(f—õcÏ~âªV*ª�6}Wu¦¼Ê×}W-®T%Ïí¤èü”áè‘´}Q佈¨õq1QZí7º.¯õo­CþÀAÙi!ío(Eiçr_¯ŒHìðñÅèç¾’“Ä
hûÿ@áRox¡ ת2ZJ<n<Ïu­ª~¡.?‹aãÃï~Ј|'?ZÑÉËa¡O£ñ_Ÿ>e��ÙóÉÍt3±R?â̆˺X6#,Nc{ã·ñ~ì]Æ!�£ßËHŒšû9|üP�_endstream
 endobj
-644 0 obj<</Type/Page/Parent 513 0 R/Contents 645 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-645 0 obj<</Filter/FlateDecode/Length 553       >>stream
+653 0 obj<</Type/Page/Parent 522 0 R/Contents 654 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+654 0 obj<</Filter/FlateDecode/Length 553       >>stream
 x
½UÛnÚ@}ç+æÑ‘X×ëËÚô¥22 K\Zl”$Ë…%qklâµÓôï;kLJb ­‚BÂÌΙ3s³
 ¾)Ø:VÛŽ¦jÀ¦20¿ëø)8lê€Å,|<0lGÕO(ÕÛ�~Øù4d@)„¬ÎÂ5`eMƒp¥,•iYž‘*K*¾'–77áL2›$äJ¨�ÈáZ	%Ñž¨ETUÝŸ;€“ãƒK¥_%iI’Öù6N²K¨¢AÕµ=b¨)éÖˆUña­ôTl[…[ž¦äg–ÿÊ`î{ÁKª]ö§¸2‰€Dõ�ÄUyŸIùã´â]ˆì⢄|<)ïy�ßëB^RÆ_`.ã£"¯vNtŸsdÜ›M¢‘ïIXö0 QÕª¬
 ¬Ñà,‚Á<ò§ÃYD¡.îÆù]ž¡øb—g‚7“Å94²Ý9ž}=¨/Ä~ÖQÛgÕ=dñ–~9/EváúÓ¨&‰=F®7ñ§gq¾à«¡=¡—åNÔFÔv
 šg‹ü;ÙÑb„gq®HÖÚ9«GË—p']óAFóÙâkô¬Hãóã½Z—ú
ß”ä/]é¤aKÏ
 ÿlk}]ý
­¿tœ&¸‚Þá!wì»ÁU<ä4+…âÕÃz=`ÌnîwÒwÁã�<Íw¸�`T%k.[%‡³ÄÖz—÷·i›ªÍ¼�ps³Z×AØùÖù[ÞË_endstream
 endobj
-646 0 obj<</Type/Page/Parent 513 0 R/Contents 647 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-647 0 obj<</Filter/FlateDecode/Length 324       >>stream
+655 0 obj<</Type/Page/Parent 522 0 R/Contents 656 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F5 7 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+656 0 obj<</Filter/FlateDecode/Length 324       >>stream
 x
½•_KÃ0Åßû)îã|hL³4I}‘¬«£¸­µI>Ù2P÷ÏÉÔ�ïu›ø0ú „6B8çÞròD@qE ôÌ×
%8#¸’¸eøï,ƒ�
®ïbˆ"°Kt%Á.Õ”‚�÷ª|xse_PÃÏšPÆèéìÏ2A8:{£ýö°Û<­Ý…mXLt>mô8צÁºMm²Ê´ºÅï¢ýB®öæ-´Qk“ÐŽêÌØNp™ܲ˜eUw#îû`ÖiZÔSÛe'sæ>˜Í£±Ù¤+äØrYåÝ
Yø èô¾.»²ô�\eå8Oµ-ªÖjN�š¨sFGR‘$ âSÙèÉ@ÃÐ}¸Õvçöï0:</Ü�)üÕ†’&?Ò„(ÂÌÜj¾n¶ŸÀT=ÞG.9‘Bá+�2qL©ÌÁ7%Ûˆendstream
 endobj
-648 0 obj<</Type/Page/Parent 513 0 R/Contents 649 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
-649 0 obj<</Filter/FlateDecode/Length 1454      >>stream
+657 0 obj<</Type/Page/Parent 522 0 R/Contents 658 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+658 0 obj<</Filter/FlateDecode/Length 1454      >>stream
 x
­WMsÛ6½ûWìä%Ó’¬Zv{Šó1õ!‰Ó(mžÑ€ ("!	-kúçû%[ö´�$ñdF$Èýxûöíòú`BcüMh>¥ã’ÍÁ8Ó/gÓlJ³Ó9~Oñß**ÃÁññ#狃£·g4Ó¢„­“ù)-
 ‚�1îÈÑ«Jt^YšŒ3ú$š\Ð¥Õ­×íŠ.Z´¢vÏ_ƒ�É<Ú8<ž!€E1ÂK“Œ^æÎ[!}|lF“Izl:ÏNø±E¥¨ëmgœ"S’¯´£ÂȾQ­'üö†:knt¡È™F‘n�^U8jq‚zêðD
 «ì[éµA`ÚoH´!D#ìL‡“ã\¡œ´:Wð»ªÈJ:@*ë…n©TÂ÷V…{é¶0kG²ÖÕà-{,÷YÊ}ší�U
@@ -1451,8 +1487,8 @@ d)
 °~Ä.„¡Á0Ì]Ø|…~	…-:©5À°PcÐR8l÷½{ùeyùÇÅûÅòõù§å‡Ë7ïYJ�—*ÁNÏ"ØY𬊘¸«A�² @$¸º­0éÂn&À&q#tZ>ìÚ¸ýtÞX�ö"¶Û79l�\!Ö â©têV*U`Ï@²�ÄZƒ8þEL¸„ïзwøô9ºX%£c.óz¶2ÂØ„~l°yñöÅBª‰]!  �p0É8+øZl#·®´¬ðþ°Að Iôƒgè“%JY‚-.REµE  Jã¹ïUm;«íí‡Ñè+l«Ø'rqB¹áqB:]ò,
 ±0¶[ÿQP¨Q¾2ˆuPDU‰´1ÅØv§å7dÖw”oÐ]Jö�løžð%±ÓÙ°‰Ïâ&vô¡Èº/`%,!Û¨èùÑ�ý8ão„QÜãcïï�Sú×éb‰�Y¿ìGd Ü’°ØW¡7[xx¬"Â|„£`†sŠãÂPwWÏ®�ü¯FÊ÷Æ9plYîcÆECGoOw«1ö‰ðÑò?ŒfóY6?9�«êÉ1côfqðñà,n@Âendstream
 endobj
-650 0 obj<</Type/Page/Parent 513 0 R/Contents 651 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-651 0 obj<</Filter/FlateDecode/Length 1640      >>stream
+659 0 obj<</Type/Page/Parent 522 0 R/Contents 660 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 6 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+660 0 obj<</Filter/FlateDecode/Length 1640      >>stream
 x
�WÛnÛF}÷WòÙ°dIQ$')ZøZ¨õ%�•&„¹²Ø�»
 —´âù÷ž™Ý•d9¶¡½$Ïœ9så×­µñÓ¡A—^õ))¶G[{§mzC£)nô÷ñKJíV»Ý¦QÒ ð¯Ê
 =®ÈUª¬ø÷w´·C‹™6TÍ4ýc'þ–NÉÍ­Í3sC;{Û£¶ÚÔì´[û]beF€ªÚ	
@@ -1465,36 +1501,31 @@ I
 µÅ£3œ‡ÏØRÍBh²«ò”6j)¸¹²ÆÎ,ëqðfM&_ÇkE®n°±ÜØ÷ÍîëU�º°ðSö
DÍ™Ûo;ÒqãÒ¿ô,·4ø8=ÃÀ’†Æ²0ˆÂæ¤ò¨Çr'Šá	:ÜëÒÔPéq�Œsß
Y8ÇúÄ¢ËUZ:!Æ¥õ{¦ŒxcM3ÕSUçÕ£cÍûé96J$»³	è”Y5·|¸�-bzT&ï„“Â4M�)¼üÛvf’¼æ�N‘·°aV†À_εyï·â“o<tѤ
)㢞8�¹h*ŒOWOŠ¬bzJš&¯Â�>öY	«ã¯€Þ͵Œ5ÄfÃt`˜b€úœ¦K¢ô4µ’é¸JÚ
 ­Öñ°'#Ï΄ûCË\ÚÜOqÇ×%VM,ôü…ÀKýƒðj|‡'$r’/{§ûa¢wû­þ›7Ôü®}up~xÀrëÜb+rô{�¥â}3>Û´ù«ºq4SsþÁ1]©b¢HÀBùëĨܱl½A¯5èïû
ÙïñÑÉh믭ÿ
‚¸¯endstream
 endobj
-652 0 obj<</Type/Page/Parent 513 0 R/Contents 653 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
-653 0 obj<</Filter/FlateDecode/Length 1508      >>stream
-x
¥WïoGýî¿b>Õ$5gÀpÔTJˆ‰Ü*àâ“¢ªTÑr·˜M–[²{gìþõ}³»‡11‘"ç—"Î7óæÍ›7÷£6µð»Mý�õ([µ’õzgø·;èãßþZI‹ð ÕþþÁ»ôètÔ¥v›Òbõ}JsBœV‹Ò¬1)ô=¦hær!*]Ò{y«2IM.I ´+�•9mT¹¤µUEI_ÌÜ‘*¨\ÊøÉ·JV’Ò÷ïšàS»QNžøç!Ú‹ôËQ‹ší³¤ƒä
[92óR¨ÁÖ¬ÂI‹'_dVÒf)CšL+‰ÌʹJ:ôA–˜ù¬¡å­Ôôæ
uf/Àp¸2ál§£sj£R.¹yÖMºœ·ÝJº	
—¢¸‘—ï醰C‘-UqCfAW\!\cW¢T¦álvúI�Ãý“šƒ{¥5j!ZàÕ”þUBŸT‘›�£qzÚùs›/€¢±)Õâþ`ÆOÌÇÆدŒÖwä!Ú¯Hr'¤˜)ZçÔ\ ± ,ôÎI{‹òJC•“4½ò�,rî¾È–Ö¦r`§_™g*
8•yRÄ¥ã·cZŸ&“–[’!�@à­hH”¥Uóª”.¡t	ˆ™(˜A@YTzÛíýì¡I…”¹Ï÷µ0ˆE”(ª�–#-…C �#ò½*g�e(ÿF
ðñø§r‹G6°´—ÚCdzmøÀDžp£d…àOn
-IàDY‰‰2¶\šSí)‚ÀPæ:‡@T8`4Ëø÷RnÕ¹Ó5 á¥�ÆtzAÐ)¢"šÊÐ’勆;æÓs Vk-W<8OuÃ͹á+ÛxS¹B]#(t¤¬+ã0HAšw4kÐt4ºŽiö‚œŽ²è.Í~2`ÇÂlÌ:½>…§õäø‡[xH5–w?Ê4~n&.g¨�“O”ƒZFÃç&˜Êµ¾Ÿ¬e<‡DÚÅúŒPs6•+Ýò‰Â}¡–Ÿmb³3HÚ犙@ô˜9ÅF	­³¡`Ä­PZ°÷`ÄɦsB}~ZÀ;léüÞjíbnmŒÆ3~
Kè5—ÿHŸ¡(�Kš5~Nƒûðy€Ìº¨Vaüµæ!‚)oÄ(ñÄfô[
-¾¦ŠLW¹<µëì³ë\²d”;CY3Ny®K�1Wÿ	‹¨+	‡€
,¼ý²¡¯ývýÞewL–}“—®É¤Ãþ\ÄÔõbµòF9ì ŽÌñ©Á‡›çh
÷É¡n­±ŽBàãá1ÌÖ7.8ø ãëí“ÐÍ„Þj½—^ZËoš"èÁÁ7oaPìËR«•*`y\Ï-:�Û¹·óð5ù_à]�ò¼°ú½Åhâ'uúV2`Ï	¯S”Ý*á¡»‘„ÍigD/îX9Ø?ZמŠãÀG¹Ž0¦
Fõ~Í
-ºZå; ‚!×­o‡‹ .áÚ/ÔÚ&ã]"ø¸±°fyOÄè@)‘�AⳆòè÷-nb¿ÂŽkù@4p¹2…ÂAwÂdÎsDt5½§ÓÏãIz9úûóä*½œŒ¯qøÙ*+«°%øØ£}æ]ÏZã¢|fÄî&–mL—�×í&œ>ÐÕÃÏËÖðUê…ƒ[“ÝÃï3>Y<èC=K�ã·—¸:Œ§j…{Ñ_JÆæ/Ç Ë‚�G>Òá8Äc¬aàä¢âg�rY9L*¤h¡œ8°õýƒ0¸e†—#Pç
ÏÏ×FjÍ,CI|fmO«=2ío/ÐZ:� îW_«Ž«�EÀõY¼®Vo=BõPñõôp|1¹Êô§ahí#cZ�;qƒCnï½zzK`
L®qÁ9rUæ]+ÖoˆÝ£�Mto’8N”
Õ‰–団Ä!�ŽøZ؃TÛ—YfËÐô
-^Œ	ãÍß,àÆÜØ([™µsÈòOœŽñj÷Iïüß²b×o?¾{Ëß©¤†ü¬£•ÊýÝÕ¬¶ÙoÁ
-Ÿóí¤Ûï&ýÞ \^½Wé"=úëè{¦_êendstream
-endobj
-654 0 obj<</Type/Page/Parent 513 0 R/Contents 655 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
-655 0 obj<</Filter/FlateDecode/Length 1693      >>stream
-x
¥X]oÛ6}ϯàÓæ�b»©íô-qæ5@—d‰�¡˜ƒ–h›­Dª$•Ôûõ;—¤,Ù‰4i_K¾çÞ{νù~Ôc]üï±aŸ½°´8ºœ�NºìœM—x0ᇌu“n·Ë¦içá#óÿ¦kÁ¬0�Â0#Ê\
-Ëž¤[3®7†oØÃÝííçùÍíôzòe~}3¹�_]L/Ž§_�ºì¤×MF0Û	¶³ÎT©«¬Ì:©VŽK%2&a칡æíÙq
ö{É€Žcx×Kæaºæj%˜ÒN.eÊ�ÔŠá£,LZ&Bô¹àÎúÊ�Sd¨{”MÆwã¤ý½Ö½óŽ"V¨Ìâ�{@²çÚŠ;#•fÖ™0í°O¿1§CÜÁÝRëÆ>é'+¯�2MùI{À¤â„%[]´Í!e½t *@›Õ€¸5wþµÒˆG©«ƒVÛ("àñÄ-�Ë
-nìšç9`Lµ1"uù&»ä@¤Ú­RŠTPJwÜÛ|2Z­êÚÖÍòB륱õÁ{˜Ïÿ§æb˜uîn?_�¿Ì?Ý\ÍŽ
NÆ2
«”Ÿlز2èó’õf=Bˆm·¢HØã]†¾`øý«^øTO'g¬×cwÒ÷íLS–VXçÒ:i§™£[•¥6.tñ/œ¥(ò= +d€Þ?x!•T«]´_äÈUª:‹÷IŸɚǹ-µÎ­�+—¤ôü€¸’3zãŸûh6soæïè­ÓIÓ8&#¢¼>ë†,<­“ôOzÑ@xƒ­“þ(é�7Ñýµ]ºT§À�º}žê*‚ZI§�ÈÞ1[,2_iÝBXËÁ¨›tVäKƺ
-è$aT–XŽ=Øš¢Ã…3\ÙB:ªÇ<‚/ª-ѯ¥Ñ)zïumZÐDRíQK
²Ê5Ϩ¦W—{~+3µ.ºÕåÐ,Ô¦0ùèdDz
-m·ò®Eщs­K�®Kt7’ö…ÅK§¡²Iꂬ.+•ƒnù¡nÌHÓ+D›þ¼°+â<ÿeo²®.MÔ<Æeý+-�ÍEøf"•–øù>­04,4”Ldv$†˜�µO?B<臈Ès(²´ §LÔtdPLˆlÊt½‡"‡�Å6±ÈO{ÚàŽ@íOÈGОD¹b¢€ tÒ�/EÊ+‹Z9Vjk%Æ�R�!‘ŒŠ…ü‹*w²Ä!k‹©6͇qmP¢vÀ¤pÊ!ÿʺ½T	2ȶ£^
j܉•6¤âACrÅA
ïQüFL±ï
-x–M,±,;c@¥Ùóî…Ý";ät7f<…ld”-‚!ØcNµXëEÜ‚{y½-…ºkÔµV‹š ¦°êY÷Ê2ȧ8h•ŠBñ~ïÍVÚ)´˜{	qÄ~5ñÐfÃB6b…
-LXŒè•Ð’˜<ϬÔÐ*ôa»¥=[ákÙ블R…˜çú‰=ò¼ŠýîÅÕ�
-„»äÆ
-E–sˆËýä¦�ýÞúð¶xž­ƒ5–@Á/ŽE ;©¨,~YûŸûpõË­Õγ‚õZ�:uDö#=Ø//è×Óqì2ç+¡�"vÐt&–~e¥ÇvíE†¨
-c*ñÖrBÆ]ôHœ°TU,¨…–óåGSEžåé7ï°–¿Ð)l‡ï†t»ä7ËLg_œžgð’a·)‰ó	D\û|�”coîÃÎØìOñÚ£~&½Ýýƒb�ðR�¡�ÀzVÓƒâõN¨:ž…6s¿êVŠ®&•PUVú…˜¾Àª»¨œ?M^OB¥ó�ɶ•ÿnýlo° .q£§Ì©§+UïøøäõÌ:K
¹–™—%š�®÷ØÔ4”È4…£�xñüûdÅ'“$ŒX–j(�›qSiìÑë¸4_¶îI×”x3bä¢n9œNâ4Ì'wk‰½¯x™Øó%-²+z[EÁ©7�ñ0¥ÚR•°¸Ð‡;Û	\
-°°ï¯+£C1ÊŒ?
-Œàߘr}TP›(+€@ˆ…Îp3#Gh#®3 ù<iAƒ§ƒ°Q¾xÖìÞúáöo�£HѽÝäC÷œ
 âþï\^°+”3×�kË~¯0’Þwo8JçØù‡ø.\‰g	#Ž•¸¾b¿°q¸¡Ç<Ô<·v½+0gód8…Ce0 ë¿M�þ<úMšbendstream
-endobj
-656 0 obj<</Type/Page/Parent 513 0 R/Contents 657 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
-657 0 obj<</Filter/FlateDecode/Length 304       >>stream
-x
5�ËnÂ0E÷ùŠ»ª@"Æi– bÑ—šî²	‰C\‡Ú‰~}'<dydÙgŽgæ7à´d„Y‚êpÆ‘$3Šq*)F´­B,ó`º‰!òf`“T"¯A<çÈ«QÞ*8ý§ ”ö­²(Fe1á¼Õf�N™½o¡
¾ß¶Ùûj�¦·÷G7!~÷à¯"ƒÝÅ+‡¾¹ITu²Ú_ÆùOÀŠ‹¨‚Q­\eõÑ÷v²£Š$üj®K_â\v'åØ�5ÝT÷BÉR�‡¢ˆ‰�Þ
ñÌÙ3Ÿ#ºþñµx].°RgÕõGe^NºVCF(dÊ’ù¡$šÊœÅY[š½Ú®ð„¬ÓÊxdeÕ3 f>hžæ³5Ôþ¡ôº7ƒ*–1“IJµ“&‘ÃÕ:>ƒv8endstream
-endobj
-658 0 obj<</Type/Page/Parent 513 0 R/Contents 659 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-659 0 obj<</Filter/FlateDecode/Length 1223      >>stream
+661 0 obj<</Type/Page/Parent 522 0 R/Contents 662 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+662 0 obj<</Filter/FlateDecode/Length 1508      >>stream
+x
¥WïoGýî¿b¾™¤æ˜ŽšJ	1‘[\|RT•*Zî³é²Knï î_ß7»{)r~)â|3oÞ¼y3|=iS¿ÛÔïÐE�²ÕI+iQ¯w�»ƒ>þíào!i´Úß?x—žœ�ºÔnSº@¬Þ OiNˆÓjQš5&Fß“±¦™Ë…¨tIïåFe’>Ú\’@hWÚBæ´Uå’Ö…2%}±sGÊP¹”ñ“¯•¬$¥ïß%4Á§ÅV9y柇h/Ò/'-j¶/’’7|låÈÎK¡‚/
+»z'<ù"³’¶KÒdZIdVÎUÒ‘ ²üÝÎg
-7RÓ›7Ô™½ÀáÊ„³��.©�J¹äæE7érÞv+é&4\
+s'¯ß“09
Cà¡È–ÊÜ‘]Ð
××fa‹•(•5!à‡ÍN?éqÀ¿SKs°¯´F D¼úÏ�¼Jè“2¹Ý:§ç�?vù,ÛR-î�füÄŒlmñ/£õ=yˆöšÜ)æŠÖÖ95×h�ºçd±Ay¥¥ÊIšÞù¿N‚áîM¶,¬±•c{Ë<gÐ	À©Ì“B Þ”ŽßŽi}šLÜÔ�y˜ä�lH”e¡æU)]Bé3a˜A@YTz×ïÃì¡IFÊÜçû×Ø-ä"Jeä–IKáäˆ<G/€Šå„Ê¿S¼ÃF|þ©¼À£"°t�ÚCdz]øÀDžp£d…àOn�$p¢
+‰™²E¹´wÖí)‚ÀPæ:‡@T8`´ËøRîô¹×5 #áÅ�ÆtzAÒ)¢"šÊÐ’勆ž:æÓs Vk-W<:Ouã͹á,»xS¹B]#(t¤
+WÆa�‚4¯¾Ñ¬AÓÑèf8¦Ùp>Ê¢¿4ûÉ€=³1ëôúžÖ“ãî\à!ÕX~ûQ¦ñs3q9Cm�|¢Ô2>7ÁT®õýd-MLðRië3BYÌÙT.
+é–Oül›�AÒ¾|PÌ¢ÇÌ)6Jh�
³ 6BiÁÞƒI'›Îaôù©�wA¤ó{?¨µ‹¹µµÏø¬¡×\þ#}†¢@R,iÖø9
Âç
²kS­ÂøkÍCSÞˆQâˆÝè÷|M™LW¹</ÖÙgÖ¹dÉ(÷†².fœ>ò\?– c®þ¢®$6°ðöˆ¾öûõ{—Ý3YöM^»6“tS׫µ�wÊaq´`ŽO
>Ü<Gk¸Ouk�uŸOùc¶ž¸sÙÀÁ�Þîž„n&ôVëƒô²(øMk‚|sƒb_–Z­”�ýåqA·è2îçNÜÏÃ×äMü]€w=JÈóÂè÷£‰ŸÔé[É€='¼NQn´QÂCw%"‰"§½½úÆÊÁþѺöTœ>Êm„1•h0ª÷kVÐFh•ï�
+†\·¾.‚º„[¿Pk›Œ—IˆàãÊšå=� #¥D<‰,ÌÈ£ß/´¸‹ý
+;:¬å#ÑÀåÊ…“îŒÉœ5æˆ$èfz=N¯¦ŸÇ“ôzô×çÉMz=ßâô+ª¬¬Â–àkà€fô™w=k�‹ò™1 O¸›X¶1]B^·ÛpúAW?/[Ëw©®Mv¿Ïødñ �õ,Ž__âê°žª.F)Ù"ù]>ùhH‡7à�±†�“ˆŠŸ5Êeåü9©x�Ž …râÀÖ÷Âà–^�@�7<?_[©5³%ñ™µ;­Èt¸E¼@ké<‚xX}­:®>
×gñºZ½õÕCÅ×ÓÃñÅä)ÓŸ†¡µ�ŒiîĹƒ÷êéa,�0¹ÆçÈU™w­XK¼!öÏv6уIâ8Q6T$Z–oZŒ‡t:âkáRm{\.d™-CÓ+x1$Œ7·€sc£le~$ÔÞ!Ë?q>ĨÝ$½ËK|ÏŠuܾýøî-«’ò+}¨Tîï®fý³Í~Vø¼ï'Ý~7é÷áöê½bPWéÉŸ'ÿ´¹bendstream
+endobj
+663 0 obj<</Type/Page/Parent 522 0 R/Contents 664 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+664 0 obj<</Filter/FlateDecode/Length 1692      >>stream
+x
¥X]O9}çWømƒT†$¥Iè„Í©,DZU›UäÌ8‰Û{j{ é¯ßsmOfÈJ…ö2“ûqî½çÜË÷£ëâ�
ûìý€¥ÅÑåôètÒeçlºÄƒÁ?d¬›t»]6M;™ÿ7]f…y†QæRXö$ÝšqŸ1|Ãîno?Ïon§×“/óë›Éíüêbzq<ýzÔe'½n2‚ÙN°Å˜u¦J]e`eÖIµr\*‘1	cÏ
5oÏŽ“h°ßKdpû^2‡Ó5W+Á”vr)Sî¤Ve¹`Ò2¢Ï·p¶ØÐW˜"CåØ£äˆh2¾ß íï•°î�w¡°BeoÜ’Í8×VÜ©œ0³Îìø€éh‡-xú�9âî–ÒX—0öI?ùXyí”iÊOÚ&',ÙÒè¢m)ë¥U
ڬĭ¹ó¯•F<J]´ÚFñ�'n	\Vpc×<Ï
cª�©Ë7ÐØ%"Õh•R¤‚RʸãÞæ“ÑjU׶n–Z/%ˆ­Þìxþ?5?ìswûùzüeþéæjvp2–iX¥Ä¨ ødÖ•Aw˜—¬0ëBl»EÂï2ôÃï_õ§z:9c½^»“¾ogš²´ À:—ÖH;Í�ت,µq¡‹x±à,E‘è
]!ô¶øÁ©¤Zí¢åø"G®RÕY¼Oú4HÖ<Îm©uní\¹$¥ÇàÄ•œÑóÿÜG³™{3ÿüKo�NÒ˜ÆÉ0½àõY0dái�¤xÒ‹þÂl�ôGI）îïuèòÐ¥:†Ô%èóTW9ð¬ÐJ:mDöŽÙb‘ùJÓèÂZÎ@ݤ³"_2¾ÐU�@'	£²ÄrìÁÖ.œáÊÒQ]8æ|Qm‰&x-�NáÐ{¯kÓŠ€&’j�Zj�U®yF-0½ºÜó[ù˜©uÑ¥¨&(‡f¡6…ÉG';–Uh»•wýŠN<˜k]‚t�X¢»‘´/,^:
•MR?duY©”tËu«`Fš^!’Øôç…]çù/{“uui¢æ1.ë_i±xl.Â7©´Ä×È÷i-€¡a¡¡¤`"³#1Ä¬}zøâ¡@?DDžC‘¥=e¢¦#ƒbB\`S¦ë=94,¶‰Í@~ÚÓ–'0pjB>‚ö$Ê¡“äx)R^YÔʱR[+1†”
+Œù(ЈÔ`T,ä_T¹“%^Y[Lµi>Œ£hƒµ&…SùWÖí¥J�A¶õ
+PãN¬´!2Ú�+^jx�â7bŠÝxWÀ³lb‰eÙ*Ížw/ìÙ!§û»1ã)d#£lÁsªÅZ/âFØËëm)Ô]£®µZÔ5…•PϺWv�A>¥0À±@«TŠ÷{�h¶ÒN¡ÅÜKˆ³ ö𫉟€6¾²+P€`ÂbD¯„–Ääyf¥†V¡Û-íÙ
+_#È^Ç¥”z(Ä<×Oì‘çUìw/®~T Ü%7^P(²œC\î'7íì÷Ö‡·Åól¬±
+~q¤(ÙIEeñËÚ¯øÜ×€‹¨7Xn½¨vž…¬×zÔ©#²éÁ~yA¿žŽˆc—9_a¥€”±ƒ¦3±ô++=¶k/2DU³P‰·–2î¢Gâ<€¥ªbA-´d˜/?º˜*zð,O¿y‡µü-€Na;|ÿ0¤Û%¿Yf:Ûøâô<ƒ—»MIœO â’Øç{¤{#pvÆfŠ¿Ðõ+éíîC(h„—j…¶Ð³š|¯wBÕñ,´™ûU·R$p5©„ªŠ0°Ò/ÄôîPÝEåüiòzB*�ï€L¶­ü¹õ³½Á‚ºÄ�ž2§ž®T½ãã“×#0ëp,äZf^–hBºÞcSÓPj Ó|Ž6àÅóï“9ŸL’0bYª-P tnÆM¥±G¯ãÒ|Ù¸']Sâ͈‘‹ºåp:‰Ð0{œ8Ü­%ö"¼âebÏk”´È®èm§nÜx<ÆÔRhKUÂâBîl'p(À"@À¾¿V¬dŒÅ(3þ(0‚c2ÈõQA!Hl¢\¬!:ÃÍŒ¡�¸Î€vTäó¤mžÂFùâY³{|è‡Û¿uŒ"E÷>t“Ýs6€ˆû¿<\üyyÁ®PÎ\C®-û£ÂHzß½á(œcçâ¸0p%ž%lŒ8VâúÊ÷ì8\Ñcª	¦Œû»Þ•˜³áY2ŒÂ©2�ýߧGý1cendstream
+endobj
+665 0 obj<</Type/Page/Parent 522 0 R/Contents 666 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+666 0 obj<</Filter/FlateDecode/Length 304       >>stream
+x
5�K�‚0…÷üŠ³ÄDk‹ØâRQ'.æ•avlŠt‚Å)ÕÄùõsñ‘¦7M{î×sÏo Ài	¨3‰òpÆ!åŒjœ(ªm§Q«,˜nc�¬´2QÈ*�žsde˜5½ùÓ0=´ñ�vÈÃ"�Žè½3ö€VÛƒo`,¾ßvéûzƒºs�Ç~LúýSYì¯^÷èê;D—ggüu”ý1c9+Ý—Îœ|çÆ Z–á7rUø—¢=ëž
]Ómù`¢X"ðDä‘T¸’‡@Ì9›ó¢Û_Ë×Õk}ÑmwÒ®ÇËÙTz蘕0¹X`¢HMvg1CÚö wk¶BÚm=Ò¢l†hœŠÃSB;K
o:;Àb3%rO ©†«M|ÿðwEendstream
+endobj
+667 0 obj<</Type/Page/Parent 522 0 R/Contents 668 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+668 0 obj<</Filter/FlateDecode/Length 1223      >>stream
 x
�VmOë6þί8â˸7´¥kË•øPv/S¥
6èÝ>À„ÜÄi½%v°�¤ýø=ÇNhZÆ„Æ‹š¸¶Ï9Ï˱úÔÃoŸÆ:QZô¼~?JF4œŒñ<À¿•”\ÌN.ÏhУyŽ%£ñ„æaz#éÑ+Qyi©ßOèV”A¿Ï®ni¦1¨Eá>Ìÿëûã¸þãé0`‡#,À’0ùR¨Â¬¥�s‡Ø«™;#Ì�¯$¥µµRû&Hj2¹NReœ“üGž'‰J,T¡ü3yC5¾_ZSWŽLC9iˆ'On%P¢ Ô”¥Ñ½Gû§1?-Jé*‘céJú‹Ùõ-ñ(pY*ç­ðÊh:À3Eͯ	q®XQŠ‚*a1�ÑqÏÚ‹'R
=:k+&C®�šÆãáöËÍo_n~™ÞLnÆÏ)Òø‹ùõM3ôðÓìvN´é÷&èn”v
9|cu´Íîå󜦟?ßÜ}šO|+0Ox™ßy8'U=ˆ,³ô7å�Ùì{ycç΢íã9
y¥—o&Ü‚³]ÂOç�d�˜÷÷î»7ÜžÝåïÿ䲫ܠÛ)9UV…$ù$Â'd(h-
 •Q}�à=jú}Ü-³Å[`w7;§þÙ é�&ð× ó|ÊUÿK’3¬#×ì®àmˆáWŽ2™+-3R:¸@´*Ä;Û­€
ŽÉ•‹Œ„sj	=	^#ê‡-Pïá·‡	Mù­E½1¶‡A36j0i#ÅàU½™íø.ºÑ›¥Dl›Ð×
 ös^X_WǤ9‹�*
@@ -1505,14 +1536,20 @@ L
 Œl˜�u•LU®Òný¬1¾¤ÄüâÕ¡ÓÃJaÿýH/3èÂPecÏk ib‚o�²“OÛýbxG9Eãy‘z™%tÍ0Å{UsD)²ã†ÙÐrC›Ùz¶à}v
 à[Ô«ÛÓÉVú
…{O›Ò*
å{Ñû=*•®½tMÿšl¯‹ýÑ86å÷\J‡ãa2Mp¥Åmi4á0_æ¿ü[ueendstream
 endobj
-660 0 obj<</Type/Page/Parent 513 0 R/Contents 661 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-661 0 obj<</Filter/FlateDecode/Length 1633      >>stream
-x
�W]O*I}÷WÔÛ¨AtõÞd_\Åìͺ˜]0wLH3S@_gºÇî�¿§º%ãÍfc‚Àt×Ç©S§Š×£!
ð7¤ë]\Q^ý6;:¿ÿJ£
Í–xruý…f
úƒ
¾É�oתìh8êÓlÍôTç¶ÒfEÓ›?iºó�«“Ù�hbx�Lœ]\öG0rŒ;Ã>M9oœ;Ò†,d†·r;K÷.i8lï�®ûWrïÑ0Ùe<¼Ð«û@µ³‹’+O[ÖT+ï‹iO:dx©j<cTÐÖÈÕÌ·N³>Ýä9{O¹5ÁÙR.ጢL9¦�m$Š
�
/RÌÎÚ@*Dç•£-”×¾GÊðGkåÉX±—sÄÛdF7·^2žJýÂTªöªÂñ‚‚%U”Uj¥óì¿\g”¯9ñý6¬ÑUÿR ùÎ0b_âß°Û‘g§mãËm×lhËäƒr�ÚZ÷’¢¸m\“‡	ãvÁ^¯Œœ(£AT5-z´t6–ó±±r¶AòMݧ±Ê×”«²”¤ä™ð@ Q€a>{üc<‰@=ë%9.y£Lx>ÁwH;UBp\ 4ÀÕóĈ„]§(ùFˆ3¯•Sƒ‰=².V\ç: {ßÔu©ql±‹ñØÅÎ-XHš<rÑ…ó6øM	oz	?0!¦•H9 ¯{N^¦üº�nЗ9žÌ¦³›ÙÓ”PãùŠÃ®R˜/vsƒHŸ�AðÌo'³ñ?3:ò[è	y|ødqþ4ÿÝbxšBŸû¦G�6ábÔæ3olí€2ÊÑia+¥M¯c5E‘NH\½ÑÍííãêõûÍäîaL§âM¢>Iù6elÉ*ÝF˜à¥ÉÓÃ=Ç®ðÔx”@x^–v+õ±.œó›ü“ÊxA
-ÒÔ4Új[*Þ�gÂ*iÎ}mG.,hêuÕ”AŽ”Oa‚¤ûö�ð`ˆ
€ÑiÕøp*aúšs½Aú4±®‚�Äì é¸mb#C¨:~.Ïz©5$YUz+¦­J»Pe'ÀÌGDë¦òvÉv\[8á<X]CWA|´()º&H´­å¹Íɇf¹ü™ÙTós‰WŠK¢i�
S(‡|Ç �6„6Xƒ´×j#ï˜ZªÐsýI²ñP ²†üáJaMÔî¦Û˜×F•ÓLê]{P
­À{¥–ü`DÔ/êÌÁ%š~»óÏ'Ý|¾3ô"Åy�J>�[«×FD0"†8cÁ¦ªZ¨-P>d`
¨„Àƒsý¼#ˆ¸ÇB7Èôz»Öùº“UëzßÖÝàjZPƒG`Ä{á!¬lÑ”œ&¥cå&L•x8S»á,f�žf·Ty”ed–*@ªZ–¯Áiª-ΑoT#]E%L"^‚9ðaZhT#íÒ,)°Ö,ªa£#ê0„ã½�	ñV0…ƒ13ùÜ	À4ÀM¸‰ÉRÆJ{év…za²è<N]¹Ä&9aT­XEãl1ÿñõ~‣”¡b^ÿê;±Ò¶À!êf"È»ê@<—ËXœ¾z¹diíή D'ÙJ
ë /�îªys7íÉÖ "(a¿Ô;6„Ò:|6ÖœM§"ÃH’¤G$ã°Jä�§ÂrÚv'tN—Psǯ
†¤ìžÎ¤“'�-Yº8ŽíÚ–:߉¦¶µOô‹‹c/Ð(›Qh©(zÒý·ï’IÙšKtO&í›s…@”}em±Ÿ”"–¤6VÂì…Ÿ¶”çãûÆIž•u˜4ûÓ{ÆTíPËå€�Ñ>6sÝxÙA@‘µ-£¢rþ£p€Àð…�MKÍY7	œ�©l\QF#8íxx¬6"GâFäŠ
- ›cwø4Fâr“”`'ŠáÄ},ÍjTù¾Æ®Jh]d²B@QÒìK~2ˆO!¬¢x·× �09èd‘a$�§ÓùÝxòm|»RŠ,ëd+È�vaœÂܶ9�–.âÞókùÕ®V‚Þ&Jú;:nÓtLñ}ÏE(v­ ‚¾	y”În}„8k×,‰¨†€§Ð´Øì�=�ÚËÄoÀ”6ÀŽë�uÐ`:gQÎï¿|ü¸üE­ÿùäòú²}õ¿`pçê«øÏŽþ:ú^<‡endstream
-endobj
-662 0 obj<</Type/Page/Parent 513 0 R/Contents 663 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
-663 0 obj<</Filter/FlateDecode/Length 1678      >>stream
+669 0 obj<</Type/Page/Parent 522 0 R/Contents 670 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+670 0 obj<</Filter/FlateDecode/Length 1630      >>stream
+x
�WßO"I~÷¯¨·Aƒèê˜Ûœ‡¹³÷`Bš™z�é»{`ùïï«îAÉìær1A`ºëÇW_}U¼�Œhˆ¿ÝŒéòšòêä·ùÉÅÃi¾Â“ë›Ï4/h8ñMÞ»Û¨:°£Ñx@ó
Ós�ÛJ›5Ínÿ¤ÙÞ®Nçߣ‰ÑM2q~y5ÃHwFšqÞ8ö¤
XÈïäv–î]ÑhÔÞß®åÞ“a²«xx©×kö�jg—%Wžv:l¨VÞKÒžtÈðRÕxÆ&¨ ­‘«™o�fºÍsöžrk‚³¥\ÂE™rL{ÛHC:]¦˜�µ�TˆÎ++F3Z*¯}Ÿ”)à�6Ê“±b/ç:ˆ·éœnï½d<•ú•©,TíU…ãKª((«ÔZçÙ¹Î(ßpþêmXãëÁ•@ò�aľ",Ä¿e·'ÏNÛÆ—{ÚmØÐŽÉå´³î5E+pÚ>¸&
Æ킽^9'PFƒ¨jZôiål,ç bcílƒä›z@•o(We)IÉ3á�@¢ÃbþôÇd�zéé9.y«Lx9ÅwH;UBp\ 4ÀÕóĈ„]§(ùVˆ3¯•Sƒ‰}².V\ç: {ßÔu©ql¹�ñØåwÎ-YHš<rÑ…ó
6ø‡Þô~`BL+‘rH_œ¼J˜ÎgóÛùóŒPÓŚæ
JX,÷ƒÈ^z ˆ
+8wOÓùäŸ9�	çøGèY|8ä7H‹õ×ólòw‹ÙY
+uì+›>5Ú„Ëqÿ¢E¬µŠ(Gg…­”6ýŽÕE:!qõcD·wwOÏpøûíôþqBgâM¢9Mù7alÁ9*ÛFXà¤éóã#½ôbxj< ^—¥ÝI=¬üCþI%<‡ hjµ-oÈ3a‘4ã!ƒ¶—´ôºjÊ GŠ§0AÊC;Hx	0ÄÀè¬j|8“0}͹^�šZWÁGâvЊtÜ6±q!L¾�gýÔ
+’¬*½SŠÖ¥]ª²`æ£ì¡USy»ä:
+®-œp,®¡£ ºˆZ
$ÚVòÜæäC³ZýÊlªù…Ä+Å%Ñ0´½)”C¾“-�@ÛA¬AÚµ•wL-U蕹Žþ¤ïØx(Ù@îp¥°&jwÓmÌ[£Êˆi&u�®=¨€Vàƒ2K~0"juåè;Þû—Ón>ßúQŠb¼A%I‚­Õ[#¢Cœ±`3U-UŸ–(2°T‰âAÐÁ9„~
ÞÄ
+Üc¡d
+ú¼Ûè|Óɪu}hënpG5Œ‚,¨Á#0âƒÐˆðU¶hJN“ѱò
¦H<œ©¥Ýr³@O³[©<Ê02K Õ	-Ë7à4Õç�ÈWª‘®¢&‘¯Àø0-4ª‘vi–‰”XkÕ0ŒQuBŠñˆ^È„xk˜ÂÁ˜™|î`à&ÜÄ$)c¥½t»B½0It§,‡\b“œ0„Ö¬¢qv˜÷øú0aÀQaJŽP1Ÿu‹�Xi[àu
3ä]å� žËU,Î_
+½Z±´vg7�…¡“l¥€u�„Fǃ
Õ¼½ŸõeK”0„_êBi>kÎg³Gƒá#IÒ’qXrÈSárÚv'tN—PsÇo
†¢ìžÎ¥“'�-Yº8ŽéÚ–:ß‹¦¶µOô‹‹cÐ(›Qh©(zÒý·ï’IÙ†KtO&í›s…@”}mmq˜Œ"–¤¶VÂì�?m%/½‡ÆIž•u˜4ûÒ{ÆTíQËå€�Ñ>6sÝxÙ9@‘�-£¢rþ£p€Àð…�MKÌy7	œ�¨lXQF#8í8xK¬2"GâFäŠ
+ ›cWøiŒÄe&)
ÀNÃ?ˆ5úXšÕ¨ò}m
\•ÐºÈde€¢¤Ù—üdŸ,.>X=ñî AarÐÉ"ÃHžÌf‹ûÉôëä>v¥YÖÇV�!íÂ8…½·m+r-]Ä=-æ×ò«]¥½m”ôwþtܦé˜&âû¾ž‹Pì[A}ò(�ÝùqÖ®UQ
O¡i±Ù!{%.´—‰ß€)m€×ëŸÁt΢\<|þXÿ?}J‹ÑÿüÉqus5¸¹þŒß,X¦®¿ˆ·Éü䯓
â/9}endstream
+endobj
+671 0 obj<</Type/Page/Parent 522 0 R/Contents 672 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>/XObject<<>>>>>>endobj
+672 0 obj<</Filter/FlateDecode/Length 1678      >>stream
 x
�VÑnÛ8|ÏWì›’ÀVlÇ°“¾¥Ms íÝÕ>ô”DÙ¬)RGRqü÷7KÊNêÅ¡-Ú†Ôrwvfvÿ=Ó¿Æ4ŸÐåŒÊæd”�h6åš^Íñï	þ8Iu<˜Î®ñß7Æ8˜¾u0›þéýòäânJã1-k<>»šÓ²"<<Ѳ<ý¶–†v¶£ÌË�‘0d‹ï²ôpZ
 ­•Y‘Íc×V"ÈGQ–¶3ááŒÂZ’2A:#4U2¥=	ä.VB꼬rú(Ê5•kaVˆp¶ü~2¢áøi.«ÓµðTH¼ßˆ
 lÚ?8«µX­d5 o	÷qK<YU‘¥¤ÒšJe�G¾ÏšÆVªV²ÂQÓZ#MðÈV˜êèíCœ'eµ\§0;’ÏÁ	ºùð	mø·SN6�šeè¸\ù`QíéV.NÒ§Û›?ÉK÷$ÝÃYÞ?7™¡S(õN
'½ÐVÒZ<IZI#�*ñwxô²|¬¤/NSªˆrôCg;¤(SùZÛ-'š°ç\aTÛqÖì_Þƒ¼\K/©²¤­Ýt-è
W´¸¿�—/î®iV0=†—Ó”ðx’OrZ '4p¤ÚÙ†þþrÿWöšQÃÉ<Ÿq�à–­#­S�p;
@@ -1527,8 +1564,8 @@ RdQ
 ï«‚g$—Ìd¼À®«ë‡³
]»„uT€ö¸§J•:h½È*ivX6ÑRÞàz\¸_)ÜmmË
KÁáš«üÑ@ø�ý¾ó
 ’ýZ3œ\åãkNûE»Í4§Ob½'ðpkZZ€Fi›‰—Æð·¶…"ãjõ#ÐX–&¼KŸÆž³ë‚K`VSð²*ˆ‹ê˜³<Çâ�dù ˆ§Œ»%7 v�7›¶*$öYò*@˜K¶B¶ìÈtàaL„—Y‘æÖ<^¤Ø·3ßÂa{c·Ø$V2c׉B²…ä-A›(¸‹»«ž^ãùU>»¾¦Ùe\\ñÈûºEþš5áé·ãˆ3îoç£kÆá×+ãt>Íç³+옸:q„�Ë“¿Nþëç-�endstream
 endobj
-664 0 obj<</Type/Page/Parent 513 0 R/Contents 665 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-665 0 obj<</Filter/FlateDecode/Length 1820      >>stream
+673 0 obj<</Type/Page/Parent 522 0 R/Contents 674 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+674 0 obj<</Filter/FlateDecode/Length 1820      >>stream
 x
}W]oÛ8|ϯØ7'…­ú+vronÓ;hp=Ô@_´DÙ¬%RGRv|¿þfIú£jîдIj‘»;;;;úûfDCüÑ|L“åõÍ0ÒýlŽ§üï­¤2|0½¿ÏÞú`2™gÓ·>=>þzâÃòæýï�4šÒ²DôÙ~(‘‡CZæ·£q6ÍÆ}]¼Ð³öÒ–"—wË84¥Ñ(Œç8t»Ü*G•ÜËŠzæ ]�üVÒ^XeZG[¡‹J’ó¶Í}k¥ë‡�7Ò¿wÒ“5­WZ:2ÿoÜõ“„£ÔX³WàK›v]©œóÒ`4ÉÆ_�òËh‰gDÓàán¬ÄQZªÅ‘”V^‰Jýƒ¨—œyõÈÔÐ×
 çdÁ¿ˆªÂ£©Þsr}’2TÈR´•ïw2p²*§Né
¥tP¸\ËYÉ‚Sd´ÄÑ!±Ré"†¤­i¬^ÒZä;‰ÊkS´@®46Ôî…Ûõ’NpoÐÙK{Ö¶ m<W¢e¬¨nó-õvÚ*Yld/£gOnkÚª ­ó'€C+ÿn•ÅA±FÃD@ÄeŒ}LÇu¢¯ee!-Ö
 ½9'¬ì	tªŒ(€J–ÎŽg *÷M'Σ1Ωuu$Q´øø™ò­ÌwŒ£@-	0iÁthoTA…r¹•�Ð9¯4©º©d-µ��OɆˆ×<LF1v ø$ü%*{“Þ½/€(€ÍM]·šé%Ñ[¿
È\3®|¹¯Ž}­�–ƒáDÕÆ\Í8æ8ŽHµÇCp¹ÒyG¥5uuæfà:òJ…|‰k\c4#™š€~¸
@@ -1538,8 +1575,8 @@ x
}W]o
 #MCìp|(åMÖÎyuuB¢“!HXV�ø‘V§Ú0QExÞK ž
A“ñE:1.zɆ-hF_¢bM‡ƒ=ÁÍ]ÑI3biî‡õÚ‰¥¿Ïtr¡'DÃFä%UcÂzL…ÃõÅéB?4ˆ”À…˜®SÍÝ
H,¼4œÓGÚ •Á°Ãan“Hò¬/¾<ïÆ?_q2:- ^S¬¿sV·«»v$&°S%V8+8xXÈês�o ûæú¹ïŸt['à!›ì™\¥6[–0G‰YÙ’™ê–êNÞ½95>xõâƒ+ ¯èˆÃUh2[“v £Iå�ÊUËK>T¶:øm‡å‡%h/¾`©A[(OUu§›öÓËùd*£¯Ç°¨œ'
 ÕÄ÷&–S]|û7vP@8¨
/@�ªË/@Ы/ôî]Rž‡ôÒ7š?d³ÇGšÍãËd䞢Ž°²ÿÑb´9×ÁéÙÁ|ø˜ìÑÛï”Óù4›Ï`º`¢æ#>üiyó×Í¿Ãœî¬endstream
 endobj
-666 0 obj<</Type/Page/Parent 513 0 R/Contents 667 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-667 0 obj<</Filter/FlateDecode/Length 1196      >>stream
+675 0 obj<</Type/Page/Parent 522 0 R/Contents 676 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+676 0 obj<</Filter/FlateDecode/Length 1196      >>stream
 x
�VÑNëF}ç+æ¡RB”˜$ä&�‡J
BË-µ1Ò}ˆmì1l±½éî:�¿ïÛ�bÚ
 !ÐÊ»;söÌ93üu4 >~4Ò阢ì¨ôi4îCM'Xñk™’rcr*»¿_„G'×#(Lj<�PÂôûFíkc‰_U¶Mùü8ügûtVí
GÁ‡Û‹p·%9•­Scž‹íÚéxÕŽLî<-gwëËûE8ÿRŸ<¿ú.U{‹pý°œÿ±ï›/$~Ÿzƒ~0•°EìÜÚ›gλÎnoï/×—áêdœ­#ÿzˆru·^Þ\QYñíIYêtr•q·²Ð¹?RÇï·¼:®ÞóþöÞp,yCõÌŽ” ¨ä
©45‘òLþ‰©%‘[d€éåI•—Gök<ȹ_oö_ä§
ÿ[Ôà§~[MZÌN[6ÊÔ5âI
TÒ&eš]^Þ? ˯³ÅÕí$Öþ“«YMŒðõ¤ò8eÂ_rÞXp(lÕÔi“¿Š¥R¾¾Ô †ãJM7ØÔùsuD"$I^tþø5
r^d¦Ý4Øàä9þ@&ub“)�—ì	ûƒ1�/eÚ´©¼Zx5Ÿë’öni�çóÅÃÝ;ãî@ù
àH±fï´tÛ`L
 ÙyP"àÿißÞpT"®öI;Úi¯RÒ9*³§­æˆÉ$äLâ_”ånY°¥Ê6JGl=Þ”î)70~Ä[�Òt““Hê1GR)�£œ_Ô�¢ÝÀ8®Ø¸½óœÁŒêîàx	…G±ç®ÀJ{ÉÄÊi¤ñ*:ÕyÌ[ÆŸÜ<Sˆ*™¶Öx™Ô5eš
@@ -1550,8 +1587,8 @@ kAj
 þüÖßTìÎÓXmÏONgÃ`0žƒàl\]ü4nVíÒNR颰Õ!P8+»qùyvµ¬)€ÿQ_)\Æ¥€P¥à­rJ¡|˜NIùE` ÄvÇöÐPþ
y=´e°FÅìfAjBS.…û±Ã”ýeÕ¶¿äF]7ÅrÁ‘Í.y
 Ø ‹�f—·´QP­�!�²’�ºÝRQÒ-ꮓ=úäµÑÞ*»¯oWªJŒmh%7/¢äu0Ù‹ZâŒÚ0%Æ“ëi]ÖÁdŒÏÎh<üV50@¼˜Ñï8C;ú¥@’½ÃÙÞ¤�âö§.<šŒ‚ÉxŠ>�ÝÉP.Íãß�þÅÖþ endstream
 endobj
-668 0 obj<</Type/Page/Parent 513 0 R/Contents 669 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-669 0 obj<</Filter/FlateDecode/Length 1654      >>stream
+677 0 obj<</Type/Page/Parent 522 0 R/Contents 678 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+678 0 obj<</Filter/FlateDecode/Length 1654      >>stream
 x
•W]o7|÷¯Xø% Ë–¿ä<͇Û�“Ö
 ’y¡î(ã;òBò¬øßwvÉ;Ig·@a�O$wvvv–÷ã`F§ø™ÑüŒÎ¯¨hN§§tyþjzA×s|>ß״:x½88¹yEg§´XaËÕüš%aù)žGo*ÕFíiv>¥?”ý ,)[Òí‚>©6ΗôÎþ±�ÆÙ—‹ïrØlž;>¿˜žá¸#ìžMé½�Þ•]±]zA³Y^z6Ÿ^ñÒ/&V+M¥~еkm#¹U®ÖÀ¾[ºM` …kZͲÖÔö˜ô€‰VÎÓ�j–jB&’	d݆�žÒ1`	<Å{££U›REM]@˜ÂY«l cIÿTE¬[P�¦�z$HíBC¬d8åAûiŽvvö‘ᢈÒ�¤VêPx³Ô�*·‘Ãï>¼~6U¯�;
�ö{
›JqN¡Ã~�†Š*ü©ÄN‚Eå\0v�õš—Ñ£ë€Ì"k$f¦ô7ž…Êuu	e¨’Ù*pÚª«ëÇ	éÐêÂ(|�­ò‘ÔÒu‘‚.:à„ÓGä~úëã�|÷æãíÝ!/g
+¬¼]±?\•)ý6J‡´ƒóý%‰ëÅ$YŠ2vÊŽƒk´Lcjå9ÙÏ·ï¿>Çî”Ð\*3Âu]È*ˆÊX�7ÊKQ¥B¥KVM§Y¢Jtó"çó¡À�ߌF¬]‚=uÏ•QÃò
¢þ‡�0ßš9JÕLœ0�#Z@)£ïl
ýó™Žfˆ
JlUYŽo¸½,Jš–e„yWNxÁ@ÉâŽG—W´4qüí»;º×�Xá(³Žü_4jmŠ¤ÍºŠ!9á.l‹¢ŽÂkS™¢b†Bt>´-ÄÓ¤‹ÚÀàEÚerûKM÷èk˜“ô
æÚô†p8nÂ�.Ý
Ê
 ðàõGú¡êF•²&4(Š³Á¡å.�$déÃÛÑ9ħÏÖ®w
| @õ,“ÝÊg¿ÊePupÔŠGŠ{ª8™œhL
³Ç‰Sa^O²«4CIdÑ·£m‹Lb_ü‚ÆúÍ»®
Ûç¯.Y;[~¾½¤��Ð¥Ô�ë`j$±W*½yІÝl)*¹.¼$¸ÎúÛK1à•ñ!âáXVä.ÛÚ¬˜„Õk
š%lDW¸¬Á阺”Ô
[OnÞ��¸
€ç�lðºeÓrøzɑ囄;ï[k«½ÄåÃTÛj[²ÉÒµèuBÏ]3
@@ -1563,971 +1600,994 @@ x

 =”GãæÖ̆4®Ú{	Œa‘½E¢ô7mQ|òÑ,é{«Ó¹pޣɆûRš:L×~µ2gÇœåèвÖá2²Ä«Æ&³�ǪƒNk<ãkPQ ýÁÝ
 S71Q–”Fî"ðß’¿O%£C-Gѹ‰´5ÛÓó÷½Ý2¨aäí	Û²ÃK0¹ä‰dS]ŠZãVÎ÷ÈiÆcúÞaøîð4‚•Ípzžèe*"¿!üÊ÷ák€¶�Ù_µØõž«‚4>	úQÔˆÉù‚Œ‰’LÓjÜ=ý=ñhE1^è´’fí+'b:¹¹Þy‡¼JïsoþïKëÅüb:¿ºÆû/ÞÏæçŒïÝâàσo™endstream
 endobj
-670 0 obj<</Type/Page/Parent 513 0 R/Contents 671 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 6 0 R/F5 7 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
-671 0 obj<</Filter/FlateDecode/Length 1549      >>stream
-x
µWÛnÛF}÷W‚–
‰ºX–l£ 4uaÀIÚZi\ÄyX“+ik’«ì.­èÇ÷Ì.II´
'uÀæ^æÌ™3—ýz0¤
þ
i:¢ã	ÅÙÁ Ðäô,ÓøtŠßGøo$-ÞÌúg4œÒ|�#“ÉItJó„p`0 yÜGÇÑÑüŸƒÍW’lv·ÖnZ¨Tò÷þ؆Ãp¼7šFï\æ¤M"
-´¡k‘Ý	ršÖÂ8«µp’TN÷‰;ý im´Ó±NI9Ê
-ëèŽWRɇR­ï©XûÝÃ	Ý•8¼v%zi!-ƒP@Glz©dN‚
-ó¹ÈdDsÀpE»iÙ%aýeß_Þœ
Ôp)K"µÇu.i#JoŠE;¥sºí(Ü”ªmVekm­ª@錒ðŒ}ŒS	Çå7Gzá?0´C»µ óV�‰½ã­ÊÝ
-Y	☳lÍýŽÛ±Î�P¹Ê—0
7jª<G
©÷rí"škÊ°5SÖSÌ™¥�r+F‡onñªˆa[¶KKé_®×"Hm™Ç]ïšw Èô²èô¥‹ûþ¾d_0yâ�µN4*kïg0LIáTª\Ù
ë'µ%Ê‘]µNw9¼�ÚƒJ §yy‡Á¥Ì¥§Œï©œFg0úƒ¾1VŸ9°1š õ N0ߘáx?e¨Ô…¡ý{(d3,vÏãB§©Þpœb�eÌîùþM;X~
-+ʼ³èø cáh'fôo‹VzMýš~ªc‘ö-gwmÔ$Úo
-—×¥¡çooh¸\¼$�dŠÜ‹ÉÞKëdO€.YzyÝåß~܉rÍnÕýÌW¦ïÔëniDÆ\è�©
-`(Ž1�%%ÊÈØiSFô¦¤D.D‘º�X
±¾ð>®?Ç jÜú|Ä4j;b�¿¤7H�º†íG¤óìÕû:èl]$»ÒEšp©·Òq¥7ZÃÙº$¬¥A�²¨ºŘ¯ÙÉUTàGÇ'èX·�`°	K¼ÊtB¼ôÄÂÛ£vÒ^©{¹A­|:¹E9ñÉWåÀ“.2wðµôN>ããAmS4˜<ï#/5*yÑ)(ºb†$©ºRs¶VÈä]©B+DOB¤ÐX7F¬×pe%
:áeþ*÷Vîœ2w¦$„0œVíøù·o0º=
- tVOãP5¹_r'?/Tr~óÂÏËØkiàG�U?ŸgqŒÌ„˵ür~õ˼÷s*¬ëÅ+‘/eÏ©L¾>¿Ò(®fŸaÜw<	÷ÍR‡°-ÑÂó´Üén£ºKÕîìßÐéVE»Oµûå£-ô7�l|_#»N·6á¿w’Ž3³ušÚµ®@jûÁ	cj½UË\-T,@2_Æßx¼ƒœ ý‚ëäQó„ØÂØÕ¿˜Ô\Ò_—óÙÕÕßm»<Ždž|3q,WN¿ãÞBjDì¤aU»
[üàsx¾·\¡Ï[_z-bøèVÌìY¨êìæª4¥…P)—8Lc*áQNä¥O…&ç&šrí�g
ò	€Ö²»Ý„™ŽóYÌÎ;PC·1Þ·+‘c ØÎu<eVMbxDëàÎö~Ry¢7h¿ó–Å0†ŠÜ®�ŸV�{S#ß	w_�Àº·ÁÃf
-欲aÂ\<ŽÒn?lAòÓn¢,,0d&Vı´ø•©¶‘ÇX=¸š‰-è?�‰–4BâsÜac¥Z¶Wò›Hd¬2‘¢ê/•³¨™ƒÞY—f½4Ž
-&3Ö9¨÷7àÙµ6øˆiÝ¿(ªâ[�ëЦv¬À‡í×FÍ_;˜/¹™Vn¸×S¾3ÎßvXf30ʃ0¿1d‚†Ê*®†I TèÅÀ›
-Ì&a™†±~«¼#õ+¢rÖ¿zxKÿ¢™e_½ÿ@¿Ï®¯?}øóí«°V�‰Ї—Ih_í¤­úqÿâ´Êùáô4šœ�á=ëGêëÙ»73z‹ÇVªÑp,ý†.á«s¯ÞÙ›ÐR’ð–}æ;žŽ£éä4LÀÓ1ãúu~ðÇÁt…ºïendstream
-endobj
-672 0 obj<</Type/Page/Parent 513 0 R/Contents 673 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F6 8 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
-673 0 obj<</Filter/FlateDecode/Length 816       >>stream
-x
m•[oÛH…ßý+ÎÛ*€­ÈŽk;ú�ô²(°½ìÆ‹-P÷a$Ñ–šÑ0«‘ìêß/9ò%õF~14òðã!õï`ŒD~cÌ'¸™!«÷«Áõû)Æc¬6r2[̱ʑÄI’`•Eï¹ý4Õ“¥!FfÉÔh
-“ñ~ÏuŽ�\i=ÕH9¢(=|•†S9+-�\SwØsksXæGØò‘°¼Zý�Ô	nûÌ£É4žJî‡GÂ-ÇI²üô_îþùü×Û¯/=Ë—^>·üö÷1&ð}ùÇ›ÕHªÏòžÓß<6­µp¦¢åµd-øðÇdm/óLht3‹ªó÷05ÁXËûÒm¯œH tF‘qU—롧F˼w'�~âUFX'7ÛrGš?Áh|O4«’öxÆ¥+›Rtð¬a;äÇ
-³¬ü¥;O5íJný)#ö9d…q[/W{UŽöYOÍ^G¹&­†\Nùú*Æ1‚äP+(‰�H<±ƒí!¾:Ø,:;äWº‘hämm*T­o�
-ÙT$á2vŽ²æBV¯ø…àùeÜÜPÅFÕ˜¦÷ë¾l
-
uÂã�ëó©ê´ƒÉóÀEÜnKw²ì±éÊdÖ{Ö©�Ž�<^£#ÿ«„g—{Õø¶µœû]ì�5¥ˆã�¢R6±”»é‡g†"h_táܤ,}õ9S—9y¡%_jÚP-ÕtÃfÚ˜Ì4¤�ê׋7rÚ˜Ö6§”yJb(¥¡ZKû?g�yI
!¢øsGuÜW?;-–ªO,¹Ãœª+E¶…/¢�Þ‹AC9$`‡L&Mµ‹qç:–~„š,#f.€
-12ã°ŽÂ19n·ÅƒGÇ{Kù–ŽÌ5glýú
-[#UŸ£†¢>ÞK›Ba"•z¥¢¸)dœ*–àÉy™C�8™'!긮LØϧו?Ñ£‘-vntMMvÝïËþäLE‹9�\®�ç‹xv{‹ÉtÏt!<Ü}¼¿Ã[Ú‘å'Ý
¿·ent¼;š'²dóHvÈMôŸ×’¦Ð´Óù4žÏò	�‹óWúêÝjðçà?}˜ò£endstream
-endobj
-674 0 obj<</Count 16/First 675 0 R/Last 801 0 R>>endobj
-675 0 obj<</Parent 674 0 R/Title(Table of Contents)/Dest[516 0 R/XYZ 0 756 0]/Next 676 0 R>>endobj
-676 0 obj<</Parent 674 0 R/Count -1/First 677 0 R/Last 677 0 R/Title(SAMBA Developers Guide)/Dest[524 0 R/XYZ 0 786 0]/Prev 675 0 R/Next 678 0 R>>endobj
-677 0 obj<</Parent 676 0 R/Title(SAMBA Team)/Dest[524 0 R/XYZ 0 762 0]>>endobj
-678 0 obj<</Parent 674 0 R/Title(Abstract)/Dest[526 0 R/XYZ 0 786 0]/Prev 676 0 R/Next 679 0 R>>endobj
-679 0 obj<</Parent 674 0 R/Count -3/First 680 0 R/Last 682 0 R/Title(Chapter 1. Definition of NetBIOS Protocol and Name Resolution Modes)/Dest[532 0 R/XYZ 0 786 0]/Prev 678 0 R/Next 683 0 R>>endobj
-680 0 obj<</Parent 679 0 R/Title(1.1. NETBIOS)/Dest[532 0 R/XYZ 0 738 0]/Next 681 0 R>>endobj
-681 0 obj<</Parent 679 0 R/Title(1.2. BROADCAST NetBIOS)/Dest[532 0 R/XYZ 0 254 0]/Prev 680 0 R/Next 682 0 R>>endobj
-682 0 obj<</Parent 679 0 R/Title(1.3. NBNS NetBIOS)/Dest[534 0 R/XYZ 0 758 0]/Prev 681 0 R>>endobj
-683 0 obj<</Parent 674 0 R/Count -5/First 684 0 R/Last 688 0 R/Title(Chapter 2. Samba Architecture)/Dest[536 0 R/XYZ 0 786 0]/Prev 679 0 R/Next 689 0 R>>endobj
-684 0 obj<</Parent 683 0 R/Title(2.1. Introduction)/Dest[536 0 R/XYZ 0 762 0]/Next 685 0 R>>endobj
-685 0 obj<</Parent 683 0 R/Title(2.2. Multithreading and Samba)/Dest[536 0 R/XYZ 0 581 0]/Prev 684 0 R/Next 686 0 R>>endobj
-686 0 obj<</Parent 683 0 R/Title(2.3. Threading smbd)/Dest[536 0 R/XYZ 0 387 0]/Prev 685 0 R/Next 687 0 R>>endobj
-687 0 obj<</Parent 683 0 R/Title(2.4. Threading nmbd)/Dest[538 0 R/XYZ 0 786 0]/Prev 686 0 R/Next 688 0 R>>endobj
-688 0 obj<</Parent 683 0 R/Title(2.5. nbmd Design)/Dest[538 0 R/XYZ 0 487 0]/Prev 687 0 R>>endobj
-689 0 obj<</Parent 674 0 R/Count -5/First 690 0 R/Last 694 0 R/Title(Chapter 3. The samba DEBUG system)/Dest[540 0 R/XYZ 0 786 0]/Prev 683 0 R/Next 698 0 R>>endobj
-690 0 obj<</Parent 689 0 R/Title(3.1. New Output Syntax)/Dest[540 0 R/XYZ 0 762 0]/Next 691 0 R>>endobj
-691 0 obj<</Parent 689 0 R/Title(3.2. The DEBUG\(\) Macro)/Dest[542 0 R/XYZ 0 786 0]/Prev 690 0 R/Next 692 0 R>>endobj
-692 0 obj<</Parent 689 0 R/Title(3.3. The DEBUGADD\(\) Macro)/Dest[544 0 R/XYZ 0 786 0]/Prev 691 0 R/Next 693 0 R>>endobj
-693 0 obj<</Parent 689 0 R/Title(3.4. The DEBUGLVL\(\) Macro)/Dest[544 0 R/XYZ 0 567 0]/Prev 692 0 R/Next 694 0 R>>endobj
-694 0 obj<</Parent 689 0 R/Count -3/First 695 0 R/Last 697 0 R/Title(3.5. New Functions)/Dest[546 0 R/XYZ 0 786 0]/Prev 693 0 R>>endobj
-695 0 obj<</Parent 694 0 R/Title(3.5.1. dbgtext\(\))/Dest[546 0 R/XYZ 0 766 0]/Next 696 0 R>>endobj
-696 0 obj<</Parent 694 0 R/Title(3.5.2. dbghdr\(\))/Dest[546 0 R/XYZ 0 655 0]/Prev 695 0 R/Next 697 0 R>>endobj
-697 0 obj<</Parent 694 0 R/Title(3.5.3. format_debug_text\(\))/Dest[546 0 R/XYZ 0 543 0]/Prev 696 0 R>>endobj
-698 0 obj<</Parent 674 0 R/Title(Chapter 4. Coding Suggestions)/Dest[548 0 R/XYZ 0 786 0]/Prev 689 0 R/Next 699 0 R>>endobj
-699 0 obj<</Parent 674 0 R/Count -5/First 700 0 R/Last 721 0 R/Title(Chapter 5. Samba Internals)/Dest[552 0 R/XYZ 0 786 0]/Prev 698 0 R/Next 722 0 R>>endobj
-700 0 obj<</Parent 699 0 R/Title(5.1. Character Handling)/Dest[552 0 R/XYZ 0 762 0]/Next 701 0 R>>endobj
-701 0 obj<</Parent 699 0 R/Title(5.2. The new functions)/Dest[552 0 R/XYZ 0 621 0]/Prev 700 0 R/Next 702 0 R>>endobj
-702 0 obj<</Parent 699 0 R/Count -15/First 703 0 R/Last 717 0 R/Title(5.3. Macros in byteorder.h)/Dest[554 0 R/XYZ 0 758 0]/Prev 701 0 R/Next 718 0 R>>endobj
-703 0 obj<</Parent 702 0 R/Title(5.3.1. CVAL\(buf,pos\))/Dest[554 0 R/XYZ 0 683 0]/Next 704 0 R>>endobj
-704 0 obj<</Parent 702 0 R/Title(5.3.2. PVAL\(buf,pos\))/Dest[554 0 R/XYZ 0 624 0]/Prev 703 0 R/Next 705 0 R>>endobj
-705 0 obj<</Parent 702 0 R/Title(5.3.3. SCVAL\(buf,pos,val\))/Dest[554 0 R/XYZ 0 566 0]/Prev 704 0 R/Next 706 0 R>>endobj
-706 0 obj<</Parent 702 0 R/Title(5.3.4. SVAL\(buf,pos\))/Dest[554 0 R/XYZ 0 507 0]/Prev 705 0 R/Next 707 0 R>>endobj
-707 0 obj<</Parent 702 0 R/Title(5.3.5. IVAL\(buf,pos\))/Dest[554 0 R/XYZ 0 436 0]/Prev 706 0 R/Next 708 0 R>>endobj
-708 0 obj<</Parent 702 0 R/Title(5.3.6. SVALS\(buf,pos\))/Dest[554 0 R/XYZ 0 377 0]/Prev 707 0 R/Next 709 0 R>>endobj
-709 0 obj<</Parent 702 0 R/Title(5.3.7. IVALS\(buf,pos\))/Dest[554 0 R/XYZ 0 319 0]/Prev 708 0 R/Next 710 0 R>>endobj
-710 0 obj<</Parent 702 0 R/Title(5.3.8. SSVAL\(buf,pos,val\))/Dest[554 0 R/XYZ 0 261 0]/Prev 709 0 R/Next 711 0 R>>endobj
-711 0 obj<</Parent 702 0 R/Title(5.3.9. SIVAL\(buf,pos,val\))/Dest[554 0 R/XYZ 0 202 0]/Prev 710 0 R/Next 712 0 R>>endobj
-712 0 obj<</Parent 702 0 R/Title(5.3.10. SSVALS\(buf,pos,val\))/Dest[556 0 R/XYZ 0 786 0]/Prev 711 0 R/Next 713 0 R>>endobj
-713 0 obj<</Parent 702 0 R/Title(5.3.11. SIVALS\(buf,pos,val\))/Dest[556 0 R/XYZ 0 728 0]/Prev 712 0 R/Next 714 0 R>>endobj
-714 0 obj<</Parent 702 0 R/Title(5.3.12. RSVAL\(buf,pos\))/Dest[556 0 R/XYZ 0 669 0]/Prev 713 0 R/Next 715 0 R>>endobj
-715 0 obj<</Parent 702 0 R/Title(5.3.13. RIVAL\(buf,pos\))/Dest[556 0 R/XYZ 0 611 0]/Prev 714 0 R/Next 716 0 R>>endobj
-716 0 obj<</Parent 702 0 R/Title(5.3.14. RSSVAL\(buf,pos,val\))/Dest[556 0 R/XYZ 0 553 0]/Prev 715 0 R/Next 717 0 R>>endobj
-717 0 obj<</Parent 702 0 R/Title(5.3.15. RSIVAL\(buf,pos,val\))/Dest[556 0 R/XYZ 0 481 0]/Prev 716 0 R>>endobj
-718 0 obj<</Parent 699 0 R/Count -2/First 719 0 R/Last 720 0 R/Title(5.4. LAN Manager Samba API)/Dest[556 0 R/XYZ 0 423 0]/Prev 702 0 R/Next 721 0 R>>endobj
-719 0 obj<</Parent 718 0 R/Title(5.4.1. Parameters)/Dest[556 0 R/XYZ 0 273 0]/Next 720 0 R>>endobj
-720 0 obj<</Parent 718 0 R/Title(5.4.2. Return value)/Dest[558 0 R/XYZ 0 494 0]/Prev 719 0 R>>endobj
-721 0 obj<</Parent 699 0 R/Title(5.5. Code character table)/Dest[560 0 R/XYZ 0 786 0]/Prev 718 0 R>>endobj
-722 0 obj<</Parent 674 0 R/Count -2/First 723 0 R/Last 727 0 R/Title(Chapter 6. The smb.conf file)/Dest[562 0 R/XYZ 0 786 0]/Prev 699 0 R/Next 729 0 R>>endobj
-723 0 obj<</Parent 722 0 R/Count -3/First 724 0 R/Last 726 0 R/Title(6.1. Lexical Analysis)/Dest[562 0 R/XYZ 0 762 0]/Next 727 0 R>>endobj
-724 0 obj<</Parent 723 0 R/Title(6.1.1. Handling of Whitespace)/Dest[562 0 R/XYZ 0 476 0]/Next 725 0 R>>endobj
-725 0 obj<</Parent 723 0 R/Title(6.1.2. Handling of Line Continuation)/Dest[562 0 R/XYZ 0 312 0]/Prev 724 0 R/Next 726 0 R>>endobj
-726 0 obj<</Parent 723 0 R/Title(6.1.3. Line Continuation Quirks)/Dest[564 0 R/XYZ 0 705 0]/Prev 725 0 R>>endobj
-727 0 obj<</Parent 722 0 R/Count -1/First 728 0 R/Last 728 0 R/Title(6.2. Syntax)/Dest[564 0 R/XYZ 0 293 0]/Prev 723 0 R>>endobj
-728 0 obj<</Parent 727 0 R/Title(6.2.1. About params.c)/Dest[566 0 R/XYZ 0 718 0]>>endobj
-729 0 obj<</Parent 674 0 R/Count -9/First 730 0 R/Last 738 0 R/Title(Chapter 7. NetBIOS in a Unix World)/Dest[568 0 R/XYZ 0 786 0]/Prev 722 0 R/Next 739 0 R>>endobj
-730 0 obj<</Parent 729 0 R/Title(7.1. Introduction)/Dest[568 0 R/XYZ 0 762 0]/Next 731 0 R>>endobj
-731 0 obj<</Parent 729 0 R/Title(7.2. Usernames)/Dest[568 0 R/XYZ 0 647 0]/Prev 730 0 R/Next 732 0 R>>endobj
-732 0 obj<</Parent 729 0 R/Title(7.3. File Ownership)/Dest[568 0 R/XYZ 0 269 0]/Prev 731 0 R/Next 733 0 R>>endobj
-733 0 obj<</Parent 729 0 R/Title(7.4. Passwords)/Dest[570 0 R/XYZ 0 745 0]/Prev 732 0 R/Next 734 0 R>>endobj
-734 0 obj<</Parent 729 0 R/Title(7.5. Locking)/Dest[570 0 R/XYZ 0 511 0]/Prev 733 0 R/Next 735 0 R>>endobj
-735 0 obj<</Parent 729 0 R/Title(7.6. Deny Modes)/Dest[572 0 R/XYZ 0 786 0]/Prev 734 0 R/Next 736 0 R>>endobj
-736 0 obj<</Parent 729 0 R/Title(7.7. Trapdoor UIDs)/Dest[572 0 R/XYZ 0 619 0]/Prev 735 0 R/Next 737 0 R>>endobj
-737 0 obj<</Parent 729 0 R/Title(7.8. Port numbers)/Dest[572 0 R/XYZ 0 491 0]/Prev 736 0 R/Next 738 0 R>>endobj
-738 0 obj<</Parent 729 0 R/Title(7.9. Protocol Complexity)/Dest[572 0 R/XYZ 0 231 0]/Prev 737 0 R>>endobj
-739 0 obj<</Parent 674 0 R/Title(Chapter 8. Tracing samba system calls)/Dest[576 0 R/XYZ 0 786 0]/Prev 729 0 R/Next 740 0 R>>endobj
-740 0 obj<</Parent 674 0 R/Count -8/First 741 0 R/Last 777 0 R/Title(Chapter 9. NT Domain RPC's)/Dest[580 0 R/XYZ 0 786 0]/Prev 739 0 R/Next 780 0 R>>endobj
-741 0 obj<</Parent 740 0 R/Count -2/First 742 0 R/Last 743 0 R/Title(9.1. Introduction)/Dest[580 0 R/XYZ 0 762 0]/Next 744 0 R>>endobj
-742 0 obj<</Parent 741 0 R/Title(9.1.1. Sources)/Dest[582 0 R/XYZ 0 679 0]/Next 743 0 R>>endobj
-743 0 obj<</Parent 741 0 R/Title(9.1.2. Credits)/Dest[582 0 R/XYZ 0 569 0]/Prev 742 0 R>>endobj
-744 0 obj<</Parent 740 0 R/Count -3/First 745 0 R/Last 747 0 R/Title(9.2. Notes and Structures)/Dest[582 0 R/XYZ 0 447 0]/Prev 741 0 R/Next 748 0 R>>endobj
-745 0 obj<</Parent 744 0 R/Title(9.2.1. Notes)/Dest[582 0 R/XYZ 0 426 0]/Next 746 0 R>>endobj
-746 0 obj<</Parent 744 0 R/Title(9.2.2. Enumerations)/Dest[584 0 R/XYZ 0 771 0]/Prev 745 0 R/Next 747 0 R>>endobj
-747 0 obj<</Parent 744 0 R/Title(9.2.3. Structures)/Dest[584 0 R/XYZ 0 288 0]/Prev 746 0 R>>endobj
-748 0 obj<</Parent 740 0 R/Count -12/First 749 0 R/Last 760 0 R/Title(9.3. MSRPC over Transact Named Pipe)/Dest[604 0 R/XYZ 0 481 0]/Prev 744 0 R/Next 761 0 R>>endobj
-749 0 obj<</Parent 748 0 R/Title(9.3.1. MSRPC Pipes)/Dest[604 0 R/XYZ 0 419 0]/Next 750 0 R>>endobj
-750 0 obj<</Parent 748 0 R/Title(9.3.2. Header)/Dest[606 0 R/XYZ 0 620 0]/Prev 749 0 R/Next 751 0 R>>endobj
-751 0 obj<</Parent 748 0 R/Title(9.3.3. Tail)/Dest[614 0 R/XYZ 0 584 0]/Prev 750 0 R/Next 752 0 R>>endobj
-752 0 obj<</Parent 748 0 R/Title(9.3.4. RPC Bind / Bind Ack)/Dest[614 0 R/XYZ 0 460 0]/Prev 751 0 R/Next 753 0 R>>endobj
-753 0 obj<</Parent 748 0 R/Title(9.3.5. NTLSA Transact Named Pipe)/Dest[616 0 R/XYZ 0 601 0]/Prev 752 0 R/Next 754 0 R>>endobj
-754 0 obj<</Parent 748 0 R/Title(9.3.6. LSA Open Policy)/Dest[616 0 R/XYZ 0 193 0]/Prev 753 0 R/Next 755 0 R>>endobj
-755 0 obj<</Parent 748 0 R/Title(9.3.7. LSA Query Info Policy)/Dest[618 0 R/XYZ 0 545 0]/Prev 754 0 R/Next 756 0 R>>endobj
-756 0 obj<</Parent 748 0 R/Title(9.3.8. LSA Enumerate Trusted Domains)/Dest[618 0 R/XYZ 0 198 0]/Prev 755 0 R/Next 757 0 R>>endobj
-757 0 obj<</Parent 748 0 R/Title(9.3.9. LSA Open Secret)/Dest[620 0 R/XYZ 0 639 0]/Prev 756 0 R/Next 758 0 R>>endobj
-758 0 obj<</Parent 748 0 R/Title(9.3.10. LSA Close)/Dest[620 0 R/XYZ 0 354 0]/Prev 757 0 R/Next 759 0 R>>endobj
-759 0 obj<</Parent 748 0 R/Title(9.3.11. LSA Lookup SIDS)/Dest[622 0 R/XYZ 0 786 0]/Prev 758 0 R/Next 760 0 R>>endobj
-760 0 obj<</Parent 748 0 R/Title(9.3.12. LSA Lookup Names)/Dest[622 0 R/XYZ 0 301 0]/Prev 759 0 R>>endobj
-761 0 obj<</Parent 740 0 R/Count -5/First 762 0 R/Last 766 0 R/Title(9.4. NETLOGON rpc Transact Named Pipe)/Dest[624 0 R/XYZ 0 465 0]/Prev 748 0 R/Next 767 0 R>>endobj
-762 0 obj<</Parent 761 0 R/Title(9.4.1. LSA Request Challenge)/Dest[626 0 R/XYZ 0 718 0]/Next 763 0 R>>endobj
-763 0 obj<</Parent 761 0 R/Title(9.4.2. LSA Authenticate 2)/Dest[626 0 R/XYZ 0 326 0]/Prev 762 0 R/Next 764 0 R>>endobj
-764 0 obj<</Parent 761 0 R/Title(9.4.3. LSA Server Password Set)/Dest[628 0 R/XYZ 0 584 0]/Prev 763 0 R/Next 765 0 R>>endobj
-765 0 obj<</Parent 761 0 R/Title(9.4.4. LSA SAM Logon)/Dest[628 0 R/XYZ 0 218 0]/Prev 764 0 R/Next 766 0 R>>endobj
-766 0 obj<</Parent 761 0 R/Title(9.4.5. LSA SAM Logoff)/Dest[630 0 R/XYZ 0 406 0]/Prev 765 0 R>>endobj
-767 0 obj<</Parent 740 0 R/Count -2/First 768 0 R/Last 769 0 R/Title(9.5. \\\\MAILSLOT\\NET\\NTLOGON)/Dest[632 0 R/XYZ 0 786 0]/Prev 761 0 R/Next 770 0 R>>endobj
-768 0 obj<</Parent 767 0 R/Title(9.5.1. Query for PDC)/Dest[632 0 R/XYZ 0 711 0]/Next 769 0 R>>endobj
-769 0 obj<</Parent 767 0 R/Title(9.5.2. SAM Logon)/Dest[634 0 R/XYZ 0 786 0]/Prev 768 0 R>>endobj
-770 0 obj<</Parent 740 0 R/Count -2/First 771 0 R/Last 772 0 R/Title(9.6. SRVSVC Transact Named Pipe)/Dest[636 0 R/XYZ 0 758 0]/Prev 767 0 R/Next 773 0 R>>endobj
-771 0 obj<</Parent 770 0 R/Title(9.6.1. Net Share Enum)/Dest[636 0 R/XYZ 0 630 0]/Next 772 0 R>>endobj
-772 0 obj<</Parent 770 0 R/Title(9.6.2. Net Server Get Info)/Dest[638 0 R/XYZ 0 786 0]/Prev 771 0 R>>endobj
-773 0 obj<</Parent 740 0 R/Count -3/First 774 0 R/Last 776 0 R/Title(9.7. Cryptographic side of NT Domain Authentication)/Dest[638 0 R/XYZ 0 486 0]/Prev 770 0 R/Next 777 0 R>>endobj
-774 0 obj<</Parent 773 0 R/Title(9.7.1. Definitions)/Dest[638 0 R/XYZ 0 466 0]/Next 775 0 R>>endobj
-775 0 obj<</Parent 773 0 R/Title(9.7.2. Protocol)/Dest[640 0 R/XYZ 0 786 0]/Prev 774 0 R/Next 776 0 R>>endobj
-776 0 obj<</Parent 773 0 R/Title(9.7.3. Comments)/Dest[640 0 R/XYZ 0 437 0]/Prev 775 0 R>>endobj
-777 0 obj<</Parent 740 0 R/Count -2/First 778 0 R/Last 779 0 R/Title(9.8. SIDs and RIDs)/Dest[640 0 R/XYZ 0 181 0]/Prev 773 0 R>>endobj
-778 0 obj<</Parent 777 0 R/Title(9.8.1. Well-known SIDs)/Dest[642 0 R/XYZ 0 686 0]/Next 779 0 R>>endobj
-779 0 obj<</Parent 777 0 R/Title(9.8.2. Well-known RIDS)/Dest[644 0 R/XYZ 0 718 0]/Prev 778 0 R>>endobj
-780 0 obj<</Parent 674 0 R/Count -5/First 781 0 R/Last 785 0 R/Title(Chapter 10. Samba Printing Internals)/Dest[648 0 R/XYZ 0 786 0]/Prev 740 0 R/Next 786 0 R>>endobj
-781 0 obj<</Parent 780 0 R/Title(10.1. Abstract)/Dest[648 0 R/XYZ 0 762 0]/Next 782 0 R>>endobj
-782 0 obj<</Parent 780 0 R/Title(10.2. Printing Interface to Various Back ends)/Dest[648 0 R/XYZ 0 674 0]/Prev 781 0 R/Next 783 0 R>>endobj
-783 0 obj<</Parent 780 0 R/Title(10.3. Print Queue TDB's)/Dest[648 0 R/XYZ 0 414 0]/Prev 782 0 R/Next 784 0 R>>endobj
-784 0 obj<</Parent 780 0 R/Title(10.4. ChangeID & Client Caching of Printer Information)/Dest[652 0 R/XYZ 0 745 0]/Prev 783 0 R/Next 785 0 R>>endobj
-785 0 obj<</Parent 780 0 R/Title(10.5. Windows NT/2K Printer Change Notify)/Dest[652 0 R/XYZ 0 683 0]/Prev 784 0 R>>endobj
-786 0 obj<</Parent 674 0 R/Count -1/First 787 0 R/Last 787 0 R/Title(Chapter 11. Samba WINS Internals)/Dest[658 0 R/XYZ 0 786 0]/Prev 780 0 R/Next 788 0 R>>endobj
-787 0 obj<</Parent 786 0 R/Title(11.1. WINS Failover)/Dest[658 0 R/XYZ 0 762 0]>>endobj
-788 0 obj<</Parent 674 0 R/Count -7/First 789 0 R/Last 800 0 R/Title(Chapter 12. The Upcoming SAM System)/Dest[660 0 R/XYZ 0 786 0]/Prev 786 0 R/Next 801 0 R>>endobj
-789 0 obj<</Parent 788 0 R/Title(12.1. Security in the 'new SAM')/Dest[660 0 R/XYZ 0 762 0]/Next 790 0 R>>endobj
-790 0 obj<</Parent 788 0 R/Title(12.2. Standalone from UNIX)/Dest[662 0 R/XYZ 0 692 0]/Prev 789 0 R/Next 791 0 R>>endobj
-791 0 obj<</Parent 788 0 R/Title(12.3. Handles and Races in the new SAM)/Dest[662 0 R/XYZ 0 551 0]/Prev 790 0 R/Next 792 0 R>>endobj
-792 0 obj<</Parent 788 0 R/Count -3/First 793 0 R/Last 795 0 R/Title(12.4. Layers)/Dest[662 0 R/XYZ 0 251 0]/Prev 791 0 R/Next 796 0 R>>endobj
-793 0 obj<</Parent 792 0 R/Title(12.4.1. Application)/Dest[662 0 R/XYZ 0 231 0]/Next 794 0 R>>endobj
-794 0 obj<</Parent 792 0 R/Title(12.4.2. SAM Interface)/Dest[664 0 R/XYZ 0 786 0]/Prev 793 0 R/Next 795 0 R>>endobj
-795 0 obj<</Parent 792 0 R/Title(12.4.3. SAM Modules)/Dest[664 0 R/XYZ 0 649 0]/Prev 794 0 R>>endobj
-796 0 obj<</Parent 788 0 R/Count -2/First 797 0 R/Last 798 0 R/Title(12.5. SAM Modules)/Dest[664 0 R/XYZ 0 537 0]/Prev 792 0 R/Next 799 0 R>>endobj
-797 0 obj<</Parent 796 0 R/Title(12.5.1. Special Module: sam_passdb)/Dest[664 0 R/XYZ 0 517 0]/Next 798 0 R>>endobj
-798 0 obj<</Parent 796 0 R/Title(12.5.2. sam_ads)/Dest[664 0 R/XYZ 0 419 0]/Prev 797 0 R>>endobj
-799 0 obj<</Parent 788 0 R/Title(12.6. Memory Management)/Dest[664 0 R/XYZ 0 281 0]/Prev 796 0 R/Next 800 0 R>>endobj
-800 0 obj<</Parent 788 0 R/Title(12.7. Testing)/Dest[666 0 R/XYZ 0 542 0]/Prev 799 0 R>>endobj
-801 0 obj<</Parent 674 0 R/Count -3/First 802 0 R/Last 804 0 R/Title(Chapter 13. LanMan and NT Password Encryption)/Dest[668 0 R/XYZ 0 786 0]/Prev 788 0 R>>endobj
-802 0 obj<</Parent 801 0 R/Title(13.1. Introduction)/Dest[668 0 R/XYZ 0 762 0]/Next 803 0 R>>endobj
-803 0 obj<</Parent 801 0 R/Title(13.2. How does it work?)/Dest[668 0 R/XYZ 0 621 0]/Prev 802 0 R/Next 804 0 R>>endobj
-804 0 obj<</Parent 801 0 R/Title(13.3. The smbpasswd file)/Dest[670 0 R/XYZ 0 771 0]/Prev 803 0 R>>endobj
-805 0 obj<</Type/Catalog/Pages 513 0 R/PageLayout/SinglePage/Outlines 674 0 R/OpenAction[524 0 R/XYZ null null 0]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>5<</S/D/St 1/P()>>6<</S/D/St 2/P()>>9<</S/D/St 5/P()>>11<</S/D/St 7/P()>>13<</S/D/St 9/P()>>17<</S/D/St 13/P()>>19<</S/D/St 15/P()>>24<</S/D/St 20/P()>>27<</S/D/St 23/P()>>31<</S/D/St 27/P()>>33<</S/D/St 29/P()>>67<</S/D/St 63/P()>>72<</S/D/St 68/P()>>73<</S/D/St 69/P()>>77<</S/D/St 73/P()>>]>>>>endobj
+679 0 obj<</Type/Page/Parent 522 0 R/Contents 680 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 6 0 R/F5 7 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+680 0 obj<</Filter/FlateDecode/Length 1550      >>stream
+x
µWÛnÛF}÷W‚–
‰ºX–l£ 4uaÀIÚZi\ÄyX“+ik’«ì.­èÇ÷Ì.II´
'uÀæ^æÌ™3—ýz0¤
þ
i:¢ã	ÅÙÁ Ðäô,ÓøtŠßGøo$-ÞÌúg4œÒ|�#“ÉItJó„p`0 yÜGÇÑÑüŸƒ½ž¯$Ùìn-¬Ý$´P©ä…þ؆Ãp¾7šFœï\æ¤M"
-´¡k‘Ý	ršÖÂ8«µp’TN÷‰;ý im´Ó±NI9Ê
+ëèŽWRɇR­ï©XûÝÃ	Ý•8¼v%zi!-ƒPHGlz©dN‚
+ó¹ÈdDsÀpE»iÙ%aýeß_Þœ
Ôp)K"µÇu.i#JoŠE;¥sºí(Ü”ªmVekm­ª@錒ðŒ}ŒS	Çå7Gzá?0´C»µ óV�‰½ã­ÊÝ
-Y	☳lÍýŽÛ±Î�P¹Ê—0
7jª<G
©÷rí"škÊ°5SÖSÌ™¥�r+F‡onñªˆa[¶KKé_®×"Hm™Ç]ïšw È
+ô²èô¥‹ûþ¾d_0yâ�µN4*kïg0LIáTª\Ù
ë'µ%Ê‘]µNw9¼�ÚƒJ §yy‡Á¥Ì¥§Œï©œFg0úƒ¾1VŸ:°1š ÷ N0ߘáx?e¨Ô…¡ý{(d3,vÏãB§©Þpœb�e`÷|ÿ¢(?…•aÅÝYt|‚
+Œ±p´2ú·Å*½¦~aM?Õ±Hû–“»¿6ê

+í7þ„ËëÊÐó·7,\.N’@	2Eî5‹Üí¥u2ƒ#@�,½¿¼îòo?îD¹f7‚èþæ«
+ÓwJ�e·4"c.t
ÕWõ/ÔF‹�Ç’edì´)#zSR"¢H]È«†X_w—‹c5n}>â?µ±À_ÒäG]Âö#Òyöê}t¶.’]é"M¸Ò[é¸Ð­ál]ÖÒ >Y]‹ZÌ×ì¤*
+ð£ãƒt¬ÛN0Ø„%^e:!^zbáíQ;g¯Ô½Ü T>ˆÜ¢šøÜ«ràI™;øZz'Ÿññ‰ ¶)Lž÷‘—•¼èM1C’TM©9[+dò®T¡¢%!Rè«#Ök¸²’�𲉆[+7N™;SBN«vü|‰Û7ÝÐ:«‡‰q(šÜ.¹‘Ÿ*9¿yáçå
l†µ4ð£N‡ªŸÏ³8FfBŠåZ~9¿úeÞû9Öõâ•È—²çT&_Ÿ_iÔV³Ï0î;ž„ûf©CØ–èàyZî4·Qݤjwöoèt«š¿Ý§ÚíòÑz�Œ›G6>‡/�‘]§[›¿ðß;IÇ™Ù:Mm‚ZW µýÜ„©
+µÞªe®* ™/ão<ÝAN�á^AŒuò¨wBlaêê_Lj.é¯Ëùìêêï¶]žÆŒcC¾™8–+§ßñˆo	!5"vÒ°ªÝ†…�-~î9<ß[®P�ç­/½1|t+fö,TuvcUšÒB¨”K†1•ð$'òÒ'‰B“óM¹vÈ3ÌŒù@kÙÝnÂHÇù¬F稡ÛïÛ•È1lÇ:2«Š&1;¢upg
+{?©<Ñ´ßyËâCEnWÈO«ŠÀ½¡‘oŒ�„»ˆ/H`ÝÛàa³�sVÙ0`.Gi·¶ ùa7Q2+âXZüÊÔÛ�Èc¬^\ÍÄ–
+ôŸÀDK!ñ9nˆˆ°±R-Û+ùM$2V™HQõ—ÊYÔÌAï¬K³Þ	GƒëÔûðìZ|Ä°îUñ­§uŽ
+è
+C;ÖàÃöc£æ¯Œ—ÜL+7
Üë)ß™æo;,3ŒeŽ9˜Ÿ2ACeW³$Ï�*ôbàMf“°ÌÃT¿U^‹‘úQ9ë=¼¥ÑŒ²¯Þ ßg×ן>üùöUX«ÇÄèÃäﳯ…vÒVý¸qZåüpzMÎÎðžõõõìÝ›½Å[+Õh8–~C—ðÕ¹WïìMh)IxË>÷ŒOÇÑtrFàé˜�ý:?øãà?5Ä»Kendstream
+endobj
+681 0 obj<</Type/Page/Parent 522 0 R/Contents 682 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F5 7 0 R/F6 8 0 R/F8 10 0 R>>/XObject<<>>>>>>endobj
+682 0 obj<</Filter/FlateDecode/Length 839       >>stream
+x
m•ÝnÛH…ïýç®
+`+²ãÈŽ�H¶í¢@Óv7.v�º#‰²´Íd5’U½}É‘R72š	yøñ�ù4EÄŸ)3\ÅH«QF˜_ÇaŒùrÁ¿gü­	ùèn=º|?ÇtŠuÎ/XgàëQ„u¼·5自ž4�ÑX¤šT�¦ <)ç:[gÈùJë¨Fb“1ŠÒÁU‰?å³RÈ4u�ζ:ƒ¶öº|$¬.Öÿqê7CæÉlÎ9w€ýÃáVÓ(Z}úŒ/·ÿ|þûí¿/=«—^>·úöõø¾úøÇzÂÕùgug“Wy«5ŒªhuÉY»ÿá
+Òz�y"4¹ŠÃ¥èü�£·-cTZÛ®4[ÏÁ	'â)�P¤¶ª”ÉäÐQ#‡e
Û™#H7öñ*Ŭ”áÛrG’?ÂdzÎ$«�vxÆ¥)›’ôpVÂöÈ,ŒmP¨‹°ÂŸ»£ðTÓ®´­;fDW�AZ(³ñ|uPe¨;Ëzlö&�È5I5d2Ê6!>°8‡XA˜p$�„ã±8èñzo³àä�_é¬ÑnkU¡j]ƒ„É&l —Zc(mÎd
Š_ž�ÇÍUÖ@‰Õ~íʦ`PG!Þ™!Ÿ¨Nz¨,ó\Øíº4GËÊà®ÌâÁ³Ft€äð=¹_%<»<¨Æ·­¶‰ÒßÙiS²8›*ar¹ù0<›À3dA]Ñûs•Xî«Kɨº´à“Zò¥¦œj®¦Ÿ1“Ƥª!iÔ0¸Ž½‘Q®ZÝkæ	±- ”Æb-iìoÎ:ñâ|DöçŽêp¨>>.–#ªO–sï‡ÿ0U
Ö‚ÜoWøEÁ½g/4Œ†2pÀ)OšjâÖô–ûá¨Ò”œŸ9ÊÇH•Á&ðÇdl»-Î<Ûiʶt`.©ljµÛ\`«¸êST_ÔÃý·ÉÆRyoÊ^cÅMÁãTY^
ŽŒã9”‰ãyb¢ÆÖ•òÛãùôšò4¼žýÎ
.©I/‡}9œœ¨Hš=Éåþút±ã›ÌæS^æ¼nïïnñ–v¤í“ì†?Û2ó79Ü�,"^²YÀ;ä*Ä)à´—$‡ä�/æá"^òÿ¾¹¸–WïÖ£¿F?
æN÷êendstream
+endobj
+683 0 obj<</Type/Page/Parent 522 0 R/Contents 684 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 6 0 R/F6 8 0 R/F8 10 0 R/F9 11 0 R>>/XObject<<>>>>>>endobj
+684 0 obj<</Filter/FlateDecode/Length 926       >>stream
+x
•Uao"7üίxßJN°
B€´§“®Q¯ªÔS¯µ_"!¯×˺ñÚ[ÛJ}Çön`s¹S›„àyÞ¼™ñÛ¿FsšáNëݬˆ×£Y6£ÛÕm¶¡åf�ϼ¬ rôýntýáŽ3Ú•8²ZohWÊgø†�ï+Öxai¾Ìè·O÷ôIµ‡Ë• �¦h•pW»?#À|�¦7Ël
ˆ1NÌ3zŸ›Ö§š%Íç]Íb�­BÍ®’Ž
+ÃÛZhO…pÜÊ\8ªÌ‘¼¡š=
+j� _	Òâø:*ó­Å1SÒ–Õ9£›l–Q�g4�ß$NÌòJzÁC9™#V¢­¤æV°®Uͤöx±\*éOg\¦”9J}HDdƒž8›ËØGý¢¡
³Ìu¢Òš:Ðéþ÷-å–i^¢€iÈN*EL9ƒ74ÅIi‹)ÐÀçIèÂØؼhY¶š{i4‹ÔA/Iâ+kÚCE
œJí²dÊ]·ìŒ[dô£ÐÂ2E¿<	û$Å1•¿âá•ÐÄt”„ƒ+ÁRìDkWçÅ$¾“·2©¥+ˆ‘«˜…bJB{¢ü”LfµH��Þ>-½{¡¶áû·
„×(|—93¤5M+¦ä3d&ñ)I"\F8ý�§G
1»|}V©u§N}06`_„¢y&&ôóö}„F~�£„R„†ÔÇaå˜sŸsÍ¢óˆÜ@Š ’«L«(HŽôˆg˜gAí­±·Æøw×hz
™^“u.D³¼uãc~¢BAª lv/5ÔêCDG‰àÅæCš§˜PX¬²˜šŸRÑë0“èFïu7^lý\oÅA:ȿ禮á {?\¥K|fã±@;)q1iú‹Éì!.÷m/Ö]¿s–‰(®öyØWºrŸ‰#žô†+í'tù�³O“€šÏ°M±Äèëé´ó¶åžX#÷ÝÇ7¼.ÜÎzròñpõ]b¼:—d 1t+ýy¥ïî•.܉°«ÂWásAÁÐ!êôò,†ù:ðwËÿ‡Ñ¾ŒÌpë!1˜žå®2��ßÄEbl�õ«H·u.Ò¦{ŽdÈM‡Þk5œ
+j~¹y'¢¾$£ÂÒO·­Ÿ "÷ߊtO\”åòí Œcý1SÃöÚã·ÒØ°îê°Å߬n°›0z·‚ÒÓ
+³»ÝZÞ\„àö6÷?=Š—ëe¶^mð$G2׫ Ã»Ñ¯£
Ȇ€endstream
+endobj
+685 0 obj<</Count 17/First 686 0 R/Last 816 0 R>>endobj
+686 0 obj<</Parent 685 0 R/Title(Table of Contents)/Dest[525 0 R/XYZ 0 756 0]/Next 687 0 R>>endobj
+687 0 obj<</Parent 685 0 R/Count -1/First 688 0 R/Last 688 0 R/Title(SAMBA Developers Guide)/Dest[533 0 R/XYZ 0 786 0]/Prev 686 0 R/Next 689 0 R>>endobj
+688 0 obj<</Parent 687 0 R/Title(SAMBA Team)/Dest[533 0 R/XYZ 0 762 0]>>endobj
+689 0 obj<</Parent 685 0 R/Title(Abstract)/Dest[535 0 R/XYZ 0 786 0]/Prev 687 0 R/Next 690 0 R>>endobj
+690 0 obj<</Parent 685 0 R/Count -3/First 691 0 R/Last 693 0 R/Title(Chapter 1. Definition of NetBIOS Protocol and Name Resolution Modes)/Dest[541 0 R/XYZ 0 786 0]/Prev 689 0 R/Next 694 0 R>>endobj
+691 0 obj<</Parent 690 0 R/Title(1.1. NETBIOS)/Dest[541 0 R/XYZ 0 738 0]/Next 692 0 R>>endobj
+692 0 obj<</Parent 690 0 R/Title(1.2. BROADCAST NetBIOS)/Dest[541 0 R/XYZ 0 254 0]/Prev 691 0 R/Next 693 0 R>>endobj
+693 0 obj<</Parent 690 0 R/Title(1.3. NBNS NetBIOS)/Dest[543 0 R/XYZ 0 758 0]/Prev 692 0 R>>endobj
+694 0 obj<</Parent 685 0 R/Count -5/First 695 0 R/Last 699 0 R/Title(Chapter 2. Samba Architecture)/Dest[545 0 R/XYZ 0 786 0]/Prev 690 0 R/Next 700 0 R>>endobj
+695 0 obj<</Parent 694 0 R/Title(2.1. Introduction)/Dest[545 0 R/XYZ 0 762 0]/Next 696 0 R>>endobj
+696 0 obj<</Parent 694 0 R/Title(2.2. Multithreading and Samba)/Dest[545 0 R/XYZ 0 581 0]/Prev 695 0 R/Next 697 0 R>>endobj
+697 0 obj<</Parent 694 0 R/Title(2.3. Threading smbd)/Dest[545 0 R/XYZ 0 387 0]/Prev 696 0 R/Next 698 0 R>>endobj
+698 0 obj<</Parent 694 0 R/Title(2.4. Threading nmbd)/Dest[547 0 R/XYZ 0 786 0]/Prev 697 0 R/Next 699 0 R>>endobj
+699 0 obj<</Parent 694 0 R/Title(2.5. nbmd Design)/Dest[547 0 R/XYZ 0 487 0]/Prev 698 0 R>>endobj
+700 0 obj<</Parent 685 0 R/Count -5/First 701 0 R/Last 705 0 R/Title(Chapter 3. The samba DEBUG system)/Dest[549 0 R/XYZ 0 786 0]/Prev 694 0 R/Next 709 0 R>>endobj
+701 0 obj<</Parent 700 0 R/Title(3.1. New Output Syntax)/Dest[549 0 R/XYZ 0 762 0]/Next 702 0 R>>endobj
+702 0 obj<</Parent 700 0 R/Title(3.2. The DEBUG\(\) Macro)/Dest[551 0 R/XYZ 0 786 0]/Prev 701 0 R/Next 703 0 R>>endobj
+703 0 obj<</Parent 700 0 R/Title(3.3. The DEBUGADD\(\) Macro)/Dest[553 0 R/XYZ 0 786 0]/Prev 702 0 R/Next 704 0 R>>endobj
+704 0 obj<</Parent 700 0 R/Title(3.4. The DEBUGLVL\(\) Macro)/Dest[553 0 R/XYZ 0 567 0]/Prev 703 0 R/Next 705 0 R>>endobj
+705 0 obj<</Parent 700 0 R/Count -3/First 706 0 R/Last 708 0 R/Title(3.5. New Functions)/Dest[555 0 R/XYZ 0 786 0]/Prev 704 0 R>>endobj
+706 0 obj<</Parent 705 0 R/Title(3.5.1. dbgtext\(\))/Dest[555 0 R/XYZ 0 766 0]/Next 707 0 R>>endobj
+707 0 obj<</Parent 705 0 R/Title(3.5.2. dbghdr\(\))/Dest[555 0 R/XYZ 0 655 0]/Prev 706 0 R/Next 708 0 R>>endobj
+708 0 obj<</Parent 705 0 R/Title(3.5.3. format_debug_text\(\))/Dest[555 0 R/XYZ 0 543 0]/Prev 707 0 R>>endobj
+709 0 obj<</Parent 685 0 R/Title(Chapter 4. Coding Suggestions)/Dest[557 0 R/XYZ 0 786 0]/Prev 700 0 R/Next 710 0 R>>endobj
+710 0 obj<</Parent 685 0 R/Count -5/First 711 0 R/Last 732 0 R/Title(Chapter 5. Samba Internals)/Dest[561 0 R/XYZ 0 786 0]/Prev 709 0 R/Next 733 0 R>>endobj
+711 0 obj<</Parent 710 0 R/Title(5.1. Character Handling)/Dest[561 0 R/XYZ 0 762 0]/Next 712 0 R>>endobj
+712 0 obj<</Parent 710 0 R/Title(5.2. The new functions)/Dest[561 0 R/XYZ 0 621 0]/Prev 711 0 R/Next 713 0 R>>endobj
+713 0 obj<</Parent 710 0 R/Count -15/First 714 0 R/Last 728 0 R/Title(5.3. Macros in byteorder.h)/Dest[563 0 R/XYZ 0 758 0]/Prev 712 0 R/Next 729 0 R>>endobj
+714 0 obj<</Parent 713 0 R/Title(5.3.1. CVAL\(buf,pos\))/Dest[563 0 R/XYZ 0 683 0]/Next 715 0 R>>endobj
+715 0 obj<</Parent 713 0 R/Title(5.3.2. PVAL\(buf,pos\))/Dest[563 0 R/XYZ 0 624 0]/Prev 714 0 R/Next 716 0 R>>endobj
+716 0 obj<</Parent 713 0 R/Title(5.3.3. SCVAL\(buf,pos,val\))/Dest[563 0 R/XYZ 0 566 0]/Prev 715 0 R/Next 717 0 R>>endobj
+717 0 obj<</Parent 713 0 R/Title(5.3.4. SVAL\(buf,pos\))/Dest[563 0 R/XYZ 0 507 0]/Prev 716 0 R/Next 718 0 R>>endobj
+718 0 obj<</Parent 713 0 R/Title(5.3.5. IVAL\(buf,pos\))/Dest[563 0 R/XYZ 0 436 0]/Prev 717 0 R/Next 719 0 R>>endobj
+719 0 obj<</Parent 713 0 R/Title(5.3.6. SVALS\(buf,pos\))/Dest[563 0 R/XYZ 0 377 0]/Prev 718 0 R/Next 720 0 R>>endobj
+720 0 obj<</Parent 713 0 R/Title(5.3.7. IVALS\(buf,pos\))/Dest[563 0 R/XYZ 0 319 0]/Prev 719 0 R/Next 721 0 R>>endobj
+721 0 obj<</Parent 713 0 R/Title(5.3.8. SSVAL\(buf,pos,val\))/Dest[563 0 R/XYZ 0 261 0]/Prev 720 0 R/Next 722 0 R>>endobj
+722 0 obj<</Parent 713 0 R/Title(5.3.9. SIVAL\(buf,pos,val\))/Dest[563 0 R/XYZ 0 202 0]/Prev 721 0 R/Next 723 0 R>>endobj
+723 0 obj<</Parent 713 0 R/Title(5.3.10. SSVALS\(buf,pos,val\))/Dest[565 0 R/XYZ 0 786 0]/Prev 722 0 R/Next 724 0 R>>endobj
+724 0 obj<</Parent 713 0 R/Title(5.3.11. SIVALS\(buf,pos,val\))/Dest[565 0 R/XYZ 0 728 0]/Prev 723 0 R/Next 725 0 R>>endobj
+725 0 obj<</Parent 713 0 R/Title(5.3.12. RSVAL\(buf,pos\))/Dest[565 0 R/XYZ 0 669 0]/Prev 724 0 R/Next 726 0 R>>endobj
+726 0 obj<</Parent 713 0 R/Title(5.3.13. RIVAL\(buf,pos\))/Dest[565 0 R/XYZ 0 611 0]/Prev 725 0 R/Next 727 0 R>>endobj
+727 0 obj<</Parent 713 0 R/Title(5.3.14. RSSVAL\(buf,pos,val\))/Dest[565 0 R/XYZ 0 553 0]/Prev 726 0 R/Next 728 0 R>>endobj
+728 0 obj<</Parent 713 0 R/Title(5.3.15. RSIVAL\(buf,pos,val\))/Dest[565 0 R/XYZ 0 481 0]/Prev 727 0 R>>endobj
+729 0 obj<</Parent 710 0 R/Count -2/First 730 0 R/Last 731 0 R/Title(5.4. LAN Manager Samba API)/Dest[565 0 R/XYZ 0 423 0]/Prev 713 0 R/Next 732 0 R>>endobj
+730 0 obj<</Parent 729 0 R/Title(5.4.1. Parameters)/Dest[565 0 R/XYZ 0 273 0]/Next 731 0 R>>endobj
+731 0 obj<</Parent 729 0 R/Title(5.4.2. Return value)/Dest[567 0 R/XYZ 0 494 0]/Prev 730 0 R>>endobj
+732 0 obj<</Parent 710 0 R/Title(5.5. Code character table)/Dest[569 0 R/XYZ 0 786 0]/Prev 729 0 R>>endobj
+733 0 obj<</Parent 685 0 R/Count -2/First 734 0 R/Last 738 0 R/Title(Chapter 6. The smb.conf file)/Dest[571 0 R/XYZ 0 786 0]/Prev 710 0 R/Next 740 0 R>>endobj
+734 0 obj<</Parent 733 0 R/Count -3/First 735 0 R/Last 737 0 R/Title(6.1. Lexical Analysis)/Dest[571 0 R/XYZ 0 762 0]/Next 738 0 R>>endobj
+735 0 obj<</Parent 734 0 R/Title(6.1.1. Handling of Whitespace)/Dest[571 0 R/XYZ 0 476 0]/Next 736 0 R>>endobj
+736 0 obj<</Parent 734 0 R/Title(6.1.2. Handling of Line Continuation)/Dest[571 0 R/XYZ 0 312 0]/Prev 735 0 R/Next 737 0 R>>endobj
+737 0 obj<</Parent 734 0 R/Title(6.1.3. Line Continuation Quirks)/Dest[573 0 R/XYZ 0 705 0]/Prev 736 0 R>>endobj
+738 0 obj<</Parent 733 0 R/Count -1/First 739 0 R/Last 739 0 R/Title(6.2. Syntax)/Dest[573 0 R/XYZ 0 293 0]/Prev 734 0 R>>endobj
+739 0 obj<</Parent 738 0 R/Title(6.2.1. About params.c)/Dest[575 0 R/XYZ 0 718 0]>>endobj
+740 0 obj<</Parent 685 0 R/Count -9/First 741 0 R/Last 749 0 R/Title(Chapter 7. NetBIOS in a Unix World)/Dest[577 0 R/XYZ 0 786 0]/Prev 733 0 R/Next 750 0 R>>endobj
+741 0 obj<</Parent 740 0 R/Title(7.1. Introduction)/Dest[577 0 R/XYZ 0 762 0]/Next 742 0 R>>endobj
+742 0 obj<</Parent 740 0 R/Title(7.2. Usernames)/Dest[577 0 R/XYZ 0 647 0]/Prev 741 0 R/Next 743 0 R>>endobj
+743 0 obj<</Parent 740 0 R/Title(7.3. File Ownership)/Dest[577 0 R/XYZ 0 269 0]/Prev 742 0 R/Next 744 0 R>>endobj
+744 0 obj<</Parent 740 0 R/Title(7.4. Passwords)/Dest[579 0 R/XYZ 0 745 0]/Prev 743 0 R/Next 745 0 R>>endobj
+745 0 obj<</Parent 740 0 R/Title(7.5. Locking)/Dest[579 0 R/XYZ 0 511 0]/Prev 744 0 R/Next 746 0 R>>endobj
+746 0 obj<</Parent 740 0 R/Title(7.6. Deny Modes)/Dest[581 0 R/XYZ 0 786 0]/Prev 745 0 R/Next 747 0 R>>endobj
+747 0 obj<</Parent 740 0 R/Title(7.7. Trapdoor UIDs)/Dest[581 0 R/XYZ 0 619 0]/Prev 746 0 R/Next 748 0 R>>endobj
+748 0 obj<</Parent 740 0 R/Title(7.8. Port numbers)/Dest[581 0 R/XYZ 0 491 0]/Prev 747 0 R/Next 749 0 R>>endobj
+749 0 obj<</Parent 740 0 R/Title(7.9. Protocol Complexity)/Dest[581 0 R/XYZ 0 231 0]/Prev 748 0 R>>endobj
+750 0 obj<</Parent 685 0 R/Title(Chapter 8. Tracing samba system calls)/Dest[585 0 R/XYZ 0 786 0]/Prev 740 0 R/Next 751 0 R>>endobj
+751 0 obj<</Parent 685 0 R/Count -8/First 752 0 R/Last 788 0 R/Title(Chapter 9. NT Domain RPC's)/Dest[589 0 R/XYZ 0 786 0]/Prev 750 0 R/Next 791 0 R>>endobj
+752 0 obj<</Parent 751 0 R/Count -2/First 753 0 R/Last 754 0 R/Title(9.1. Introduction)/Dest[589 0 R/XYZ 0 762 0]/Next 755 0 R>>endobj
+753 0 obj<</Parent 752 0 R/Title(9.1.1. Sources)/Dest[591 0 R/XYZ 0 679 0]/Next 754 0 R>>endobj
+754 0 obj<</Parent 752 0 R/Title(9.1.2. Credits)/Dest[591 0 R/XYZ 0 569 0]/Prev 753 0 R>>endobj
+755 0 obj<</Parent 751 0 R/Count -3/First 756 0 R/Last 758 0 R/Title(9.2. Notes and Structures)/Dest[591 0 R/XYZ 0 447 0]/Prev 752 0 R/Next 759 0 R>>endobj
+756 0 obj<</Parent 755 0 R/Title(9.2.1. Notes)/Dest[591 0 R/XYZ 0 426 0]/Next 757 0 R>>endobj
+757 0 obj<</Parent 755 0 R/Title(9.2.2. Enumerations)/Dest[593 0 R/XYZ 0 771 0]/Prev 756 0 R/Next 758 0 R>>endobj
+758 0 obj<</Parent 755 0 R/Title(9.2.3. Structures)/Dest[593 0 R/XYZ 0 288 0]/Prev 757 0 R>>endobj
+759 0 obj<</Parent 751 0 R/Count -12/First 760 0 R/Last 771 0 R/Title(9.3. MSRPC over Transact Named Pipe)/Dest[613 0 R/XYZ 0 481 0]/Prev 755 0 R/Next 772 0 R>>endobj
+760 0 obj<</Parent 759 0 R/Title(9.3.1. MSRPC Pipes)/Dest[613 0 R/XYZ 0 419 0]/Next 761 0 R>>endobj
+761 0 obj<</Parent 759 0 R/Title(9.3.2. Header)/Dest[615 0 R/XYZ 0 620 0]/Prev 760 0 R/Next 762 0 R>>endobj
+762 0 obj<</Parent 759 0 R/Title(9.3.3. Tail)/Dest[623 0 R/XYZ 0 584 0]/Prev 761 0 R/Next 763 0 R>>endobj
+763 0 obj<</Parent 759 0 R/Title(9.3.4. RPC Bind / Bind Ack)/Dest[623 0 R/XYZ 0 460 0]/Prev 762 0 R/Next 764 0 R>>endobj
+764 0 obj<</Parent 759 0 R/Title(9.3.5. NTLSA Transact Named Pipe)/Dest[625 0 R/XYZ 0 601 0]/Prev 763 0 R/Next 765 0 R>>endobj
+765 0 obj<</Parent 759 0 R/Title(9.3.6. LSA Open Policy)/Dest[625 0 R/XYZ 0 193 0]/Prev 764 0 R/Next 766 0 R>>endobj
+766 0 obj<</Parent 759 0 R/Title(9.3.7. LSA Query Info Policy)/Dest[627 0 R/XYZ 0 545 0]/Prev 765 0 R/Next 767 0 R>>endobj
+767 0 obj<</Parent 759 0 R/Title(9.3.8. LSA Enumerate Trusted Domains)/Dest[627 0 R/XYZ 0 198 0]/Prev 766 0 R/Next 768 0 R>>endobj
+768 0 obj<</Parent 759 0 R/Title(9.3.9. LSA Open Secret)/Dest[629 0 R/XYZ 0 639 0]/Prev 767 0 R/Next 769 0 R>>endobj
+769 0 obj<</Parent 759 0 R/Title(9.3.10. LSA Close)/Dest[629 0 R/XYZ 0 354 0]/Prev 768 0 R/Next 770 0 R>>endobj
+770 0 obj<</Parent 759 0 R/Title(9.3.11. LSA Lookup SIDS)/Dest[631 0 R/XYZ 0 786 0]/Prev 769 0 R/Next 771 0 R>>endobj
+771 0 obj<</Parent 759 0 R/Title(9.3.12. LSA Lookup Names)/Dest[631 0 R/XYZ 0 301 0]/Prev 770 0 R>>endobj
+772 0 obj<</Parent 751 0 R/Count -5/First 773 0 R/Last 777 0 R/Title(9.4. NETLOGON rpc Transact Named Pipe)/Dest[633 0 R/XYZ 0 465 0]/Prev 759 0 R/Next 778 0 R>>endobj
+773 0 obj<</Parent 772 0 R/Title(9.4.1. LSA Request Challenge)/Dest[635 0 R/XYZ 0 718 0]/Next 774 0 R>>endobj
+774 0 obj<</Parent 772 0 R/Title(9.4.2. LSA Authenticate 2)/Dest[635 0 R/XYZ 0 326 0]/Prev 773 0 R/Next 775 0 R>>endobj
+775 0 obj<</Parent 772 0 R/Title(9.4.3. LSA Server Password Set)/Dest[637 0 R/XYZ 0 584 0]/Prev 774 0 R/Next 776 0 R>>endobj
+776 0 obj<</Parent 772 0 R/Title(9.4.4. LSA SAM Logon)/Dest[637 0 R/XYZ 0 218 0]/Prev 775 0 R/Next 777 0 R>>endobj
+777 0 obj<</Parent 772 0 R/Title(9.4.5. LSA SAM Logoff)/Dest[639 0 R/XYZ 0 406 0]/Prev 776 0 R>>endobj
+778 0 obj<</Parent 751 0 R/Count -2/First 779 0 R/Last 780 0 R/Title(9.5. \\\\MAILSLOT\\NET\\NTLOGON)/Dest[641 0 R/XYZ 0 786 0]/Prev 772 0 R/Next 781 0 R>>endobj
+779 0 obj<</Parent 778 0 R/Title(9.5.1. Query for PDC)/Dest[641 0 R/XYZ 0 711 0]/Next 780 0 R>>endobj
+780 0 obj<</Parent 778 0 R/Title(9.5.2. SAM Logon)/Dest[643 0 R/XYZ 0 786 0]/Prev 779 0 R>>endobj
+781 0 obj<</Parent 751 0 R/Count -2/First 782 0 R/Last 783 0 R/Title(9.6. SRVSVC Transact Named Pipe)/Dest[645 0 R/XYZ 0 758 0]/Prev 778 0 R/Next 784 0 R>>endobj
+782 0 obj<</Parent 781 0 R/Title(9.6.1. Net Share Enum)/Dest[645 0 R/XYZ 0 630 0]/Next 783 0 R>>endobj
+783 0 obj<</Parent 781 0 R/Title(9.6.2. Net Server Get Info)/Dest[647 0 R/XYZ 0 786 0]/Prev 782 0 R>>endobj
+784 0 obj<</Parent 751 0 R/Count -3/First 785 0 R/Last 787 0 R/Title(9.7. Cryptographic side of NT Domain Authentication)/Dest[647 0 R/XYZ 0 486 0]/Prev 781 0 R/Next 788 0 R>>endobj
+785 0 obj<</Parent 784 0 R/Title(9.7.1. Definitions)/Dest[647 0 R/XYZ 0 466 0]/Next 786 0 R>>endobj
+786 0 obj<</Parent 784 0 R/Title(9.7.2. Protocol)/Dest[649 0 R/XYZ 0 786 0]/Prev 785 0 R/Next 787 0 R>>endobj
+787 0 obj<</Parent 784 0 R/Title(9.7.3. Comments)/Dest[649 0 R/XYZ 0 437 0]/Prev 786 0 R>>endobj
+788 0 obj<</Parent 751 0 R/Count -2/First 789 0 R/Last 790 0 R/Title(9.8. SIDs and RIDs)/Dest[649 0 R/XYZ 0 181 0]/Prev 784 0 R>>endobj
+789 0 obj<</Parent 788 0 R/Title(9.8.1. Well-known SIDs)/Dest[651 0 R/XYZ 0 686 0]/Next 790 0 R>>endobj
+790 0 obj<</Parent 788 0 R/Title(9.8.2. Well-known RIDS)/Dest[653 0 R/XYZ 0 718 0]/Prev 789 0 R>>endobj
+791 0 obj<</Parent 685 0 R/Count -5/First 792 0 R/Last 796 0 R/Title(Chapter 10. Samba Printing Internals)/Dest[657 0 R/XYZ 0 786 0]/Prev 751 0 R/Next 797 0 R>>endobj
+792 0 obj<</Parent 791 0 R/Title(10.1. Abstract)/Dest[657 0 R/XYZ 0 762 0]/Next 793 0 R>>endobj
+793 0 obj<</Parent 791 0 R/Title(10.2. Printing Interface to Various Back ends)/Dest[657 0 R/XYZ 0 674 0]/Prev 792 0 R/Next 794 0 R>>endobj
+794 0 obj<</Parent 791 0 R/Title(10.3. Print Queue TDB's)/Dest[657 0 R/XYZ 0 414 0]/Prev 793 0 R/Next 795 0 R>>endobj
+795 0 obj<</Parent 791 0 R/Title(10.4. ChangeID and Client Caching of Printer Information)/Dest[661 0 R/XYZ 0 745 0]/Prev 794 0 R/Next 796 0 R>>endobj
+796 0 obj<</Parent 791 0 R/Title(10.5. Windows NT/2K Printer Change Notify)/Dest[661 0 R/XYZ 0 683 0]/Prev 795 0 R>>endobj
+797 0 obj<</Parent 685 0 R/Count -1/First 798 0 R/Last 798 0 R/Title(Chapter 11. Samba WINS Internals)/Dest[667 0 R/XYZ 0 786 0]/Prev 791 0 R/Next 799 0 R>>endobj
+798 0 obj<</Parent 797 0 R/Title(11.1. WINS Failover)/Dest[667 0 R/XYZ 0 762 0]>>endobj
+799 0 obj<</Parent 685 0 R/Count -7/First 800 0 R/Last 811 0 R/Title(Chapter 12. The Upcoming SAM System)/Dest[669 0 R/XYZ 0 786 0]/Prev 797 0 R/Next 812 0 R>>endobj
+800 0 obj<</Parent 799 0 R/Title(12.1. Security in the 'new SAM')/Dest[669 0 R/XYZ 0 762 0]/Next 801 0 R>>endobj
+801 0 obj<</Parent 799 0 R/Title(12.2. Standalone from UNIX)/Dest[671 0 R/XYZ 0 692 0]/Prev 800 0 R/Next 802 0 R>>endobj
+802 0 obj<</Parent 799 0 R/Title(12.3. Handles and Races in the new SAM)/Dest[671 0 R/XYZ 0 551 0]/Prev 801 0 R/Next 803 0 R>>endobj
+803 0 obj<</Parent 799 0 R/Count -3/First 804 0 R/Last 806 0 R/Title(12.4. Layers)/Dest[671 0 R/XYZ 0 251 0]/Prev 802 0 R/Next 807 0 R>>endobj
+804 0 obj<</Parent 803 0 R/Title(12.4.1. Application)/Dest[671 0 R/XYZ 0 231 0]/Next 805 0 R>>endobj
+805 0 obj<</Parent 803 0 R/Title(12.4.2. SAM Interface)/Dest[673 0 R/XYZ 0 786 0]/Prev 804 0 R/Next 806 0 R>>endobj
+806 0 obj<</Parent 803 0 R/Title(12.4.3. SAM Modules)/Dest[673 0 R/XYZ 0 649 0]/Prev 805 0 R>>endobj
+807 0 obj<</Parent 799 0 R/Count -2/First 808 0 R/Last 809 0 R/Title(12.5. SAM Modules)/Dest[673 0 R/XYZ 0 537 0]/Prev 803 0 R/Next 810 0 R>>endobj
+808 0 obj<</Parent 807 0 R/Title(12.5.1. Special Module: sam_passdb)/Dest[673 0 R/XYZ 0 517 0]/Next 809 0 R>>endobj
+809 0 obj<</Parent 807 0 R/Title(12.5.2. sam_ads)/Dest[673 0 R/XYZ 0 419 0]/Prev 808 0 R>>endobj
+810 0 obj<</Parent 799 0 R/Title(12.6. Memory Management)/Dest[673 0 R/XYZ 0 281 0]/Prev 807 0 R/Next 811 0 R>>endobj
+811 0 obj<</Parent 799 0 R/Title(12.7. Testing)/Dest[675 0 R/XYZ 0 542 0]/Prev 810 0 R>>endobj
+812 0 obj<</Parent 685 0 R/Count -3/First 813 0 R/Last 815 0 R/Title(Chapter 13. LanMan and NT Password Encryption)/Dest[677 0 R/XYZ 0 786 0]/Prev 799 0 R/Next 816 0 R>>endobj
+813 0 obj<</Parent 812 0 R/Title(13.1. Introduction)/Dest[677 0 R/XYZ 0 762 0]/Next 814 0 R>>endobj
+814 0 obj<</Parent 812 0 R/Title(13.2. How does it work?)/Dest[677 0 R/XYZ 0 621 0]/Prev 813 0 R/Next 815 0 R>>endobj
+815 0 obj<</Parent 812 0 R/Title(13.3. >The smbpasswd file)/Dest[679 0 R/XYZ 0 771 0]/Prev 814 0 R>>endobj
+816 0 obj<</Parent 685 0 R/Count -2/First 817 0 R/Last 818 0 R/Title(Chapter 14. RPC Pluggable Modules)/Dest[683 0 R/XYZ 0 786 0]/Prev 812 0 R>>endobj
+817 0 obj<</Parent 816 0 R/Title(14.1. About)/Dest[683 0 R/XYZ 0 762 0]/Next 818 0 R>>endobj
+818 0 obj<</Parent 816 0 R/Title(14.2. General Overview)/Dest[683 0 R/XYZ 0 647 0]/Prev 817 0 R>>endobj
+819 0 obj<</Type/Catalog/Pages 522 0 R/PageLayout/SinglePage/Outlines 685 0 R/OpenAction[533 0 R/XYZ null null 0]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>5<</S/D/St 1/P()>>6<</S/D/St 2/P()>>9<</S/D/St 5/P()>>11<</S/D/St 7/P()>>13<</S/D/St 9/P()>>17<</S/D/St 13/P()>>19<</S/D/St 15/P()>>24<</S/D/St 20/P()>>27<</S/D/St 23/P()>>31<</S/D/St 27/P()>>33<</S/D/St 29/P()>>67<</S/D/St 63/P()>>72<</S/D/St 68/P()>>73<</S/D/St 69/P()>>77<</S/D/St 73/P()>>80<</S/D/St 76/P()>>]>>>>endobj
 xref
-0 806 
+0 820 
 0000000000 65535 f 
 0000000015 00000 n 
-0000000243 00000 n 
-0000001809 00000 n 
-0000001883 00000 n 
-0000001962 00000 n 
-0000002044 00000 n 
-0000002122 00000 n 
-0000002199 00000 n 
-0000002278 00000 n 
-0000002361 00000 n 
-0000002438 00000 n 
-0000002520 00000 n 
-0000002579 00000 n 
-0000002680 00000 n 
-0000002782 00000 n 
-0000002883 00000 n 
-0000002984 00000 n 
-0000003086 00000 n 
-0000003188 00000 n 
-0000003290 00000 n 
-0000003391 00000 n 
-0000003493 00000 n 
-0000003595 00000 n 
-0000003697 00000 n 
-0000003799 00000 n 
-0000003901 00000 n 
-0000004002 00000 n 
-0000004104 00000 n 
-0000004206 00000 n 
-0000004308 00000 n 
-0000004410 00000 n 
-0000004512 00000 n 
-0000004614 00000 n 
-0000004716 00000 n 
-0000004818 00000 n 
-0000004919 00000 n 
-0000005020 00000 n 
-0000005122 00000 n 
-0000005224 00000 n 
-0000005326 00000 n 
-0000005428 00000 n 
-0000005530 00000 n 
-0000005632 00000 n 
-0000005734 00000 n 
-0000005836 00000 n 
-0000005938 00000 n 
-0000006040 00000 n 
-0000006142 00000 n 
-0000006244 00000 n 
-0000006346 00000 n 
-0000006448 00000 n 
-0000006550 00000 n 
-0000006651 00000 n 
-0000006751 00000 n 
-0000006851 00000 n 
-0000007161 00000 n 
-0000007262 00000 n 
-0000007364 00000 n 
-0000007466 00000 n 
-0000007568 00000 n 
-0000007670 00000 n 
-0000007771 00000 n 
-0000007873 00000 n 
-0000007975 00000 n 
-0000008077 00000 n 
-0000008179 00000 n 
-0000008281 00000 n 
-0000008383 00000 n 
-0000008484 00000 n 
-0000008586 00000 n 
-0000008688 00000 n 
-0000008790 00000 n 
-0000008892 00000 n 
-0000008994 00000 n 
-0000009096 00000 n 
-0000009198 00000 n 
-0000009300 00000 n 
-0000009402 00000 n 
-0000009503 00000 n 
-0000009604 00000 n 
-0000009706 00000 n 
-0000009808 00000 n 
-0000009910 00000 n 
-0000010012 00000 n 
-0000010114 00000 n 
-0000010216 00000 n 
-0000010318 00000 n 
-0000010420 00000 n 
-0000010522 00000 n 
-0000010624 00000 n 
-0000010726 00000 n 
-0000010828 00000 n 
-0000010930 00000 n 
-0000011032 00000 n 
-0000011134 00000 n 
-0000011236 00000 n 
-0000011338 00000 n 
-0000011439 00000 n 
-0000011539 00000 n 
-0000011639 00000 n 
-0000011964 00000 n 
-0000012066 00000 n 
-0000012169 00000 n 
-0000012272 00000 n 
-0000012375 00000 n 
-0000012478 00000 n 
-0000012581 00000 n 
-0000012684 00000 n 
-0000012787 00000 n 
-0000012890 00000 n 
-0000012993 00000 n 
-0000013096 00000 n 
-0000013199 00000 n 
-0000013302 00000 n 
-0000013405 00000 n 
-0000013508 00000 n 
-0000013611 00000 n 
-0000013714 00000 n 
-0000013817 00000 n 
-0000013920 00000 n 
-0000014023 00000 n 
-0000014125 00000 n 
-0000014228 00000 n 
-0000014331 00000 n 
-0000014434 00000 n 
-0000014537 00000 n 
-0000014640 00000 n 
-0000014742 00000 n 
-0000014845 00000 n 
-0000014947 00000 n 
-0000015050 00000 n 
-0000015153 00000 n 
-0000015256 00000 n 
-0000015359 00000 n 
-0000015462 00000 n 
-0000015565 00000 n 
-0000015668 00000 n 
-0000015771 00000 n 
-0000015874 00000 n 
-0000015977 00000 n 
-0000016080 00000 n 
-0000016183 00000 n 
-0000016284 00000 n 
-0000016385 00000 n 
-0000016486 00000 n 
-0000016855 00000 n 
-0000016957 00000 n 
-0000017060 00000 n 
-0000017093 00000 n 
-0000017148 00000 n 
-0000017235 00000 n 
-0000017290 00000 n 
-0000017377 00000 n 
-0000017444 00000 n 
-0000017530 00000 n 
-0000017632 00000 n 
-0000017735 00000 n 
-0000017838 00000 n 
-0000017941 00000 n 
-0000018043 00000 n 
-0000018146 00000 n 
-0000018249 00000 n 
-0000018352 00000 n 
-0000018455 00000 n 
-0000018558 00000 n 
-0000018660 00000 n 
-0000018763 00000 n 
-0000018866 00000 n 
-0000018969 00000 n 
-0000019072 00000 n 
-0000019175 00000 n 
-0000019278 00000 n 
-0000019381 00000 n 
-0000019484 00000 n 
-0000019586 00000 n 
-0000019688 00000 n 
-0000019791 00000 n 
-0000019894 00000 n 
-0000019997 00000 n 
-0000020100 00000 n 
-0000020203 00000 n 
-0000020306 00000 n 
-0000020409 00000 n 
-0000020512 00000 n 
-0000020615 00000 n 
-0000020718 00000 n 
-0000020821 00000 n 
-0000020924 00000 n 
-0000021026 00000 n 
-0000021127 00000 n 
-0000021228 00000 n 
-0000021557 00000 n 
-0000021660 00000 n 
-0000021763 00000 n 
-0000021866 00000 n 
-0000021969 00000 n 
-0000022072 00000 n 
-0000022175 00000 n 
-0000022278 00000 n 
-0000022380 00000 n 
-0000022483 00000 n 
-0000022586 00000 n 
-0000022689 00000 n 
-0000022792 00000 n 
-0000022895 00000 n 
-0000022998 00000 n 
-0000023100 00000 n 
-0000023203 00000 n 
-0000023306 00000 n 
-0000023409 00000 n 
-0000023512 00000 n 
-0000023615 00000 n 
-0000023718 00000 n 
-0000023821 00000 n 
-0000023924 00000 n 
-0000024027 00000 n 
-0000024129 00000 n 
-0000024231 00000 n 
-0000024334 00000 n 
-0000024437 00000 n 
-0000024540 00000 n 
-0000024643 00000 n 
-0000024746 00000 n 
-0000024849 00000 n 
-0000024952 00000 n 
-0000025055 00000 n 
-0000025158 00000 n 
-0000025261 00000 n 
-0000025364 00000 n 
-0000025467 00000 n 
-0000025570 00000 n 
-0000025673 00000 n 
-0000025776 00000 n 
-0000025879 00000 n 
-0000025982 00000 n 
-0000026085 00000 n 
-0000026188 00000 n 
-0000026291 00000 n 
-0000026394 00000 n 
-0000026497 00000 n 
-0000026599 00000 n 
-0000026700 00000 n 
-0000026801 00000 n 
-0000027226 00000 n 
-0000027329 00000 n 
-0000027432 00000 n 
-0000027535 00000 n 
-0000027638 00000 n 
-0000027741 00000 n 
-0000027844 00000 n 
-0000027947 00000 n 
-0000028050 00000 n 
-0000028153 00000 n 
-0000028256 00000 n 
-0000028359 00000 n 
-0000028462 00000 n 
-0000028565 00000 n 
-0000028668 00000 n 
-0000028770 00000 n 
-0000028873 00000 n 
-0000028976 00000 n 
-0000029079 00000 n 
-0000029182 00000 n 
-0000029285 00000 n 
-0000029387 00000 n 
-0000029490 00000 n 
-0000029592 00000 n 
-0000029695 00000 n 
-0000029798 00000 n 
-0000029901 00000 n 
-0000030004 00000 n 
-0000030107 00000 n 
-0000030210 00000 n 
-0000030313 00000 n 
-0000030416 00000 n 
-0000030519 00000 n 
-0000030622 00000 n 
-0000030725 00000 n 
-0000030828 00000 n 
-0000030930 00000 n 
-0000031033 00000 n 
-0000031136 00000 n 
-0000031239 00000 n 
-0000031568 00000 n 
-0000031652 00000 n 
-0000031738 00000 n 
-0000031812 00000 n 
-0000031898 00000 n 
-0000031931 00000 n 
-0000032009 00000 n 
-0000032096 00000 n 
-0000032202 00000 n 
-0000032288 00000 n 
-0000032360 00000 n 
-0000032446 00000 n 
-0000032505 00000 n 
-0000032592 00000 n 
-0000032683 00000 n 
-0000032769 00000 n 
-0000032840 00000 n 
-0000032926 00000 n 
-0000032991 00000 n 
+0000000244 00000 n 
+0000001810 00000 n 
+0000001884 00000 n 
+0000001963 00000 n 
+0000002045 00000 n 
+0000002123 00000 n 
+0000002200 00000 n 
+0000002279 00000 n 
+0000002362 00000 n 
+0000002439 00000 n 
+0000002521 00000 n 
+0000002580 00000 n 
+0000002681 00000 n 
+0000002783 00000 n 
+0000002884 00000 n 
+0000002985 00000 n 
+0000003087 00000 n 
+0000003189 00000 n 
+0000003291 00000 n 
+0000003392 00000 n 
+0000003494 00000 n 
+0000003596 00000 n 
+0000003698 00000 n 
+0000003800 00000 n 
+0000003902 00000 n 
+0000004003 00000 n 
+0000004105 00000 n 
+0000004207 00000 n 
+0000004309 00000 n 
+0000004411 00000 n 
+0000004513 00000 n 
+0000004615 00000 n 
+0000004717 00000 n 
+0000004819 00000 n 
+0000004920 00000 n 
+0000005021 00000 n 
+0000005123 00000 n 
+0000005225 00000 n 
+0000005327 00000 n 
+0000005429 00000 n 
+0000005531 00000 n 
+0000005633 00000 n 
+0000005735 00000 n 
+0000005837 00000 n 
+0000005939 00000 n 
+0000006041 00000 n 
+0000006143 00000 n 
+0000006245 00000 n 
+0000006347 00000 n 
+0000006449 00000 n 
+0000006551 00000 n 
+0000006652 00000 n 
+0000006752 00000 n 
+0000006852 00000 n 
+0000007162 00000 n 
+0000007263 00000 n 
+0000007365 00000 n 
+0000007467 00000 n 
+0000007569 00000 n 
+0000007671 00000 n 
+0000007772 00000 n 
+0000007874 00000 n 
+0000007976 00000 n 
+0000008078 00000 n 
+0000008180 00000 n 
+0000008282 00000 n 
+0000008384 00000 n 
+0000008485 00000 n 
+0000008587 00000 n 
+0000008689 00000 n 
+0000008791 00000 n 
+0000008893 00000 n 
+0000008995 00000 n 
+0000009097 00000 n 
+0000009199 00000 n 
+0000009301 00000 n 
+0000009403 00000 n 
+0000009504 00000 n 
+0000009605 00000 n 
+0000009707 00000 n 
+0000009809 00000 n 
+0000009911 00000 n 
+0000010013 00000 n 
+0000010115 00000 n 
+0000010217 00000 n 
+0000010319 00000 n 
+0000010421 00000 n 
+0000010523 00000 n 
+0000010625 00000 n 
+0000010727 00000 n 
+0000010829 00000 n 
+0000010931 00000 n 
+0000011033 00000 n 
+0000011135 00000 n 
+0000011237 00000 n 
+0000011339 00000 n 
+0000011440 00000 n 
+0000011540 00000 n 
+0000011640 00000 n 
+0000011965 00000 n 
+0000012067 00000 n 
+0000012170 00000 n 
+0000012273 00000 n 
+0000012376 00000 n 
+0000012479 00000 n 
+0000012582 00000 n 
+0000012685 00000 n 
+0000012788 00000 n 
+0000012891 00000 n 
+0000012994 00000 n 
+0000013097 00000 n 
+0000013200 00000 n 
+0000013303 00000 n 
+0000013406 00000 n 
+0000013509 00000 n 
+0000013612 00000 n 
+0000013715 00000 n 
+0000013818 00000 n 
+0000013921 00000 n 
+0000014024 00000 n 
+0000014126 00000 n 
+0000014229 00000 n 
+0000014332 00000 n 
+0000014435 00000 n 
+0000014538 00000 n 
+0000014641 00000 n 
+0000014743 00000 n 
+0000014846 00000 n 
+0000014948 00000 n 
+0000015051 00000 n 
+0000015154 00000 n 
+0000015257 00000 n 
+0000015360 00000 n 
+0000015463 00000 n 
+0000015566 00000 n 
+0000015669 00000 n 
+0000015772 00000 n 
+0000015875 00000 n 
+0000015978 00000 n 
+0000016081 00000 n 
+0000016184 00000 n 
+0000016285 00000 n 
+0000016386 00000 n 
+0000016487 00000 n 
+0000016856 00000 n 
+0000016958 00000 n 
+0000017061 00000 n 
+0000017163 00000 n 
+0000017266 00000 n 
+0000017369 00000 n 
+0000017426 00000 n 
+0000017481 00000 n 
+0000017568 00000 n 
+0000017623 00000 n 
+0000017710 00000 n 
+0000017777 00000 n 
+0000017863 00000 n 
+0000017965 00000 n 
+0000018068 00000 n 
+0000018171 00000 n 
+0000018274 00000 n 
+0000018376 00000 n 
+0000018479 00000 n 
+0000018582 00000 n 
+0000018685 00000 n 
+0000018788 00000 n 
+0000018891 00000 n 
+0000018993 00000 n 
+0000019096 00000 n 
+0000019199 00000 n 
+0000019302 00000 n 
+0000019405 00000 n 
+0000019508 00000 n 
+0000019611 00000 n 
+0000019714 00000 n 
+0000019817 00000 n 
+0000019919 00000 n 
+0000020021 00000 n 
+0000020124 00000 n 
+0000020227 00000 n 
+0000020330 00000 n 
+0000020433 00000 n 
+0000020536 00000 n 
+0000020639 00000 n 
+0000020742 00000 n 
+0000020845 00000 n 
+0000020948 00000 n 
+0000021051 00000 n 
+0000021154 00000 n 
+0000021257 00000 n 
+0000021359 00000 n 
+0000021460 00000 n 
+0000021561 00000 n 
+0000021890 00000 n 
+0000021993 00000 n 
+0000022096 00000 n 
+0000022199 00000 n 
+0000022302 00000 n 
+0000022405 00000 n 
+0000022508 00000 n 
+0000022611 00000 n 
+0000022713 00000 n 
+0000022816 00000 n 
+0000022919 00000 n 
+0000023022 00000 n 
+0000023125 00000 n 
+0000023228 00000 n 
+0000023331 00000 n 
+0000023433 00000 n 
+0000023536 00000 n 
+0000023639 00000 n 
+0000023742 00000 n 
+0000023845 00000 n 
+0000023948 00000 n 
+0000024051 00000 n 
+0000024154 00000 n 
+0000024257 00000 n 
+0000024360 00000 n 
+0000024462 00000 n 
+0000024564 00000 n 
+0000024667 00000 n 
+0000024770 00000 n 
+0000024873 00000 n 
+0000024976 00000 n 
+0000025079 00000 n 
+0000025182 00000 n 
+0000025285 00000 n 
+0000025388 00000 n 
+0000025491 00000 n 
+0000025594 00000 n 
+0000025697 00000 n 
+0000025800 00000 n 
+0000025903 00000 n 
+0000026006 00000 n 
+0000026109 00000 n 
+0000026212 00000 n 
+0000026315 00000 n 
+0000026418 00000 n 
+0000026521 00000 n 
+0000026624 00000 n 
+0000026727 00000 n 
+0000026830 00000 n 
+0000026932 00000 n 
+0000027033 00000 n 
+0000027134 00000 n 
+0000027559 00000 n 
+0000027662 00000 n 
+0000027765 00000 n 
+0000027868 00000 n 
+0000027971 00000 n 
+0000028074 00000 n 
+0000028177 00000 n 
+0000028280 00000 n 
+0000028383 00000 n 
+0000028486 00000 n 
+0000028589 00000 n 
+0000028692 00000 n 
+0000028795 00000 n 
+0000028898 00000 n 
+0000029001 00000 n 
+0000029103 00000 n 
+0000029206 00000 n 
+0000029309 00000 n 
+0000029412 00000 n 
+0000029515 00000 n 
+0000029618 00000 n 
+0000029720 00000 n 
+0000029823 00000 n 
+0000029925 00000 n 
+0000030028 00000 n 
+0000030131 00000 n 
+0000030234 00000 n 
+0000030337 00000 n 
+0000030440 00000 n 
+0000030543 00000 n 
+0000030646 00000 n 
+0000030749 00000 n 
+0000030852 00000 n 
+0000030955 00000 n 
+0000031058 00000 n 
+0000031161 00000 n 
+0000031263 00000 n 
+0000031366 00000 n 
+0000031469 00000 n 
+0000031572 00000 n 
+0000031674 00000 n 
+0000031777 00000 n 
+0000031880 00000 n 
+0000032233 00000 n 
+0000032317 00000 n 
+0000032403 00000 n 
+0000032477 00000 n 
+0000032563 00000 n 
+0000032596 00000 n 
+0000032674 00000 n 
+0000032761 00000 n 
+0000032867 00000 n 
+0000032953 00000 n 
 0000033025 00000 n 
-0000033059 00000 n 
-0000036406 00000 n 
-0000036449 00000 n 
-0000036492 00000 n 
-0000036535 00000 n 
-0000036578 00000 n 
-0000036621 00000 n 
-0000036664 00000 n 
-0000036707 00000 n 
-0000036750 00000 n 
-0000036793 00000 n 
-0000036836 00000 n 
-0000036879 00000 n 
-0000036922 00000 n 
-0000036965 00000 n 
-0000037008 00000 n 
-0000037051 00000 n 
-0000037094 00000 n 
-0000037137 00000 n 
-0000037180 00000 n 
-0000037223 00000 n 
-0000037266 00000 n 
-0000037309 00000 n 
-0000037352 00000 n 
-0000037395 00000 n 
-0000037438 00000 n 
-0000037481 00000 n 
-0000037524 00000 n 
-0000037567 00000 n 
-0000037610 00000 n 
-0000037653 00000 n 
-0000037696 00000 n 
-0000037739 00000 n 
-0000037782 00000 n 
-0000037825 00000 n 
-0000037868 00000 n 
-0000037911 00000 n 
-0000037954 00000 n 
-0000037997 00000 n 
-0000038040 00000 n 
-0000038083 00000 n 
-0000038126 00000 n 
-0000038169 00000 n 
-0000038212 00000 n 
-0000038255 00000 n 
-0000038298 00000 n 
-0000038341 00000 n 
-0000038384 00000 n 
-0000038427 00000 n 
-0000038470 00000 n 
-0000038513 00000 n 
-0000038556 00000 n 
-0000038599 00000 n 
-0000038642 00000 n 
-0000038685 00000 n 
-0000038728 00000 n 
-0000038771 00000 n 
-0000038814 00000 n 
-0000038857 00000 n 
-0000038900 00000 n 
-0000038943 00000 n 
-0000038986 00000 n 
-0000039029 00000 n 
-0000039072 00000 n 
-0000039115 00000 n 
-0000039158 00000 n 
-0000039201 00000 n 
-0000039244 00000 n 
-0000039287 00000 n 
-0000039330 00000 n 
-0000039373 00000 n 
-0000039416 00000 n 
-0000039459 00000 n 
-0000039502 00000 n 
-0000039545 00000 n 
-0000039588 00000 n 
-0000039631 00000 n 
-0000039674 00000 n 
-0000039717 00000 n 
-0000039760 00000 n 
-0000039803 00000 n 
-0000039846 00000 n 
-0000039889 00000 n 
-0000039932 00000 n 
-0000039975 00000 n 
-0000040018 00000 n 
-0000040061 00000 n 
-0000040104 00000 n 
-0000040147 00000 n 
-0000040190 00000 n 
-0000040233 00000 n 
-0000040276 00000 n 
-0000040319 00000 n 
-0000040362 00000 n 
-0000040405 00000 n 
-0000040448 00000 n 
-0000040491 00000 n 
-0000040534 00000 n 
-0000040577 00000 n 
-0000040620 00000 n 
-0000040663 00000 n 
-0000040706 00000 n 
-0000040749 00000 n 
-0000040792 00000 n 
-0000040835 00000 n 
-0000040878 00000 n 
-0000040921 00000 n 
-0000040964 00000 n 
-0000041007 00000 n 
-0000041050 00000 n 
-0000041093 00000 n 
-0000041136 00000 n 
-0000041179 00000 n 
-0000041222 00000 n 
-0000041265 00000 n 
-0000041308 00000 n 
-0000041351 00000 n 
-0000041394 00000 n 
-0000041437 00000 n 
-0000041480 00000 n 
-0000041523 00000 n 
-0000041566 00000 n 
-0000041609 00000 n 
-0000041652 00000 n 
-0000041695 00000 n 
-0000041738 00000 n 
-0000041781 00000 n 
-0000041824 00000 n 
-0000041867 00000 n 
-0000041910 00000 n 
-0000041953 00000 n 
-0000041996 00000 n 
-0000042039 00000 n 
-0000042082 00000 n 
-0000042125 00000 n 
-0000042168 00000 n 
-0000042211 00000 n 
-0000042254 00000 n 
-0000042297 00000 n 
-0000042340 00000 n 
-0000042383 00000 n 
-0000042426 00000 n 
-0000042469 00000 n 
-0000042512 00000 n 
-0000042555 00000 n 
-0000042598 00000 n 
-0000042641 00000 n 
-0000042684 00000 n 
-0000042727 00000 n 
-0000042770 00000 n 
-0000042813 00000 n 
-0000042856 00000 n 
-0000042899 00000 n 
-0000042942 00000 n 
-0000042985 00000 n 
-0000043028 00000 n 
-0000043071 00000 n 
-0000043114 00000 n 
-0000043157 00000 n 
-0000043200 00000 n 
-0000043243 00000 n 
-0000043286 00000 n 
-0000043329 00000 n 
-0000043372 00000 n 
-0000043415 00000 n 
-0000043458 00000 n 
-0000043501 00000 n 
-0000043544 00000 n 
-0000043587 00000 n 
-0000043630 00000 n 
-0000043673 00000 n 
-0000043716 00000 n 
-0000043759 00000 n 
-0000043802 00000 n 
-0000043845 00000 n 
-0000043888 00000 n 
-0000043931 00000 n 
-0000043974 00000 n 
-0000044017 00000 n 
-0000044060 00000 n 
-0000044103 00000 n 
-0000044146 00000 n 
-0000044189 00000 n 
-0000044232 00000 n 
-0000044275 00000 n 
-0000044318 00000 n 
-0000044361 00000 n 
-0000044404 00000 n 
-0000044447 00000 n 
-0000044490 00000 n 
-0000044533 00000 n 
-0000044576 00000 n 
-0000044619 00000 n 
-0000044662 00000 n 
-0000044705 00000 n 
-0000044748 00000 n 
-0000044791 00000 n 
-0000044834 00000 n 
-0000044877 00000 n 
-0000044920 00000 n 
-0000044963 00000 n 
-0000045006 00000 n 
-0000045049 00000 n 
-0000045092 00000 n 
-0000045135 00000 n 
-0000045178 00000 n 
-0000045221 00000 n 
-0000045264 00000 n 
-0000045307 00000 n 
-0000045350 00000 n 
-0000046037 00000 n 
+0000033111 00000 n 
+0000033170 00000 n 
+0000033257 00000 n 
+0000033348 00000 n 
+0000033434 00000 n 
+0000033505 00000 n 
+0000033591 00000 n 
+0000033656 00000 n 
+0000033690 00000 n 
+0000033724 00000 n 
+0000037122 00000 n 
+0000037165 00000 n 
+0000037208 00000 n 
+0000037251 00000 n 
+0000037294 00000 n 
+0000037337 00000 n 
+0000037380 00000 n 
+0000037423 00000 n 
+0000037466 00000 n 
+0000037509 00000 n 
+0000037552 00000 n 
+0000037595 00000 n 
+0000037638 00000 n 
+0000037681 00000 n 
+0000037724 00000 n 
+0000037767 00000 n 
+0000037810 00000 n 
+0000037853 00000 n 
+0000037896 00000 n 
+0000037939 00000 n 
+0000037982 00000 n 
+0000038025 00000 n 
+0000038068 00000 n 
+0000038111 00000 n 
+0000038154 00000 n 
+0000038197 00000 n 
+0000038240 00000 n 
+0000038283 00000 n 
+0000038326 00000 n 
+0000038369 00000 n 
+0000038412 00000 n 
+0000038455 00000 n 
+0000038498 00000 n 
+0000038541 00000 n 
+0000038584 00000 n 
+0000038627 00000 n 
+0000038670 00000 n 
+0000038713 00000 n 
+0000038756 00000 n 
+0000038799 00000 n 
+0000038842 00000 n 
+0000038885 00000 n 
+0000038928 00000 n 
+0000038971 00000 n 
+0000039014 00000 n 
+0000039057 00000 n 
+0000039100 00000 n 
+0000039143 00000 n 
+0000039186 00000 n 
+0000039229 00000 n 
+0000039272 00000 n 
+0000039315 00000 n 
+0000039358 00000 n 
+0000039401 00000 n 
+0000039444 00000 n 
+0000039487 00000 n 
+0000039530 00000 n 
+0000039573 00000 n 
+0000039616 00000 n 
+0000039659 00000 n 
+0000039702 00000 n 
+0000039745 00000 n 
+0000039788 00000 n 
+0000039831 00000 n 
+0000039874 00000 n 
+0000039917 00000 n 
+0000039960 00000 n 
+0000040003 00000 n 
+0000040046 00000 n 
+0000040089 00000 n 
+0000040132 00000 n 
+0000040175 00000 n 
+0000040218 00000 n 
+0000040261 00000 n 
+0000040304 00000 n 
+0000040347 00000 n 
+0000040390 00000 n 
+0000040433 00000 n 
+0000040476 00000 n 
+0000040519 00000 n 
+0000040562 00000 n 
+0000040605 00000 n 
+0000040648 00000 n 
+0000040691 00000 n 
+0000040734 00000 n 
+0000040777 00000 n 
+0000040820 00000 n 
+0000040863 00000 n 
+0000040906 00000 n 
+0000040949 00000 n 
+0000040992 00000 n 
+0000041035 00000 n 
+0000041078 00000 n 
+0000041121 00000 n 
+0000041164 00000 n 
+0000041207 00000 n 
+0000041250 00000 n 
+0000041293 00000 n 
+0000041336 00000 n 
+0000041379 00000 n 
+0000041422 00000 n 
+0000041465 00000 n 
+0000041508 00000 n 
+0000041551 00000 n 
+0000041594 00000 n 
+0000041637 00000 n 
+0000041680 00000 n 
+0000041723 00000 n 
+0000041766 00000 n 
+0000041809 00000 n 
+0000041852 00000 n 
+0000041895 00000 n 
+0000041938 00000 n 
+0000041981 00000 n 
+0000042024 00000 n 
+0000042067 00000 n 
+0000042110 00000 n 
+0000042153 00000 n 
+0000042196 00000 n 
+0000042239 00000 n 
+0000042282 00000 n 
+0000042325 00000 n 
+0000042368 00000 n 
+0000042411 00000 n 
+0000042454 00000 n 
+0000042497 00000 n 
+0000042540 00000 n 
+0000042583 00000 n 
+0000042626 00000 n 
+0000042669 00000 n 
+0000042712 00000 n 
+0000042755 00000 n 
+0000042798 00000 n 
+0000042841 00000 n 
+0000042884 00000 n 
+0000042927 00000 n 
+0000042970 00000 n 
+0000043013 00000 n 
+0000043056 00000 n 
+0000043099 00000 n 
+0000043142 00000 n 
+0000043185 00000 n 
+0000043228 00000 n 
+0000043271 00000 n 
+0000043314 00000 n 
+0000043357 00000 n 
+0000043400 00000 n 
+0000043443 00000 n 
+0000043486 00000 n 
+0000043529 00000 n 
+0000043572 00000 n 
+0000043615 00000 n 
+0000043658 00000 n 
+0000043701 00000 n 
+0000043744 00000 n 
+0000043787 00000 n 
+0000043830 00000 n 
+0000043873 00000 n 
+0000043916 00000 n 
+0000043959 00000 n 
+0000044002 00000 n 
+0000044045 00000 n 
+0000044088 00000 n 
+0000044131 00000 n 
+0000044174 00000 n 
+0000044217 00000 n 
+0000044260 00000 n 
+0000044303 00000 n 
+0000044346 00000 n 
+0000044389 00000 n 
+0000044432 00000 n 
+0000044475 00000 n 
+0000044518 00000 n 
+0000044561 00000 n 
+0000044604 00000 n 
+0000044647 00000 n 
+0000044690 00000 n 
+0000044733 00000 n 
+0000044776 00000 n 
+0000044819 00000 n 
+0000044862 00000 n 
+0000044905 00000 n 
+0000044948 00000 n 
+0000044991 00000 n 
+0000045034 00000 n 
+0000045077 00000 n 
+0000045120 00000 n 
+0000045163 00000 n 
+0000045206 00000 n 
+0000045249 00000 n 
+0000045292 00000 n 
+0000045335 00000 n 
+0000045378 00000 n 
+0000045421 00000 n 
+0000045464 00000 n 
+0000045507 00000 n 
+0000045550 00000 n 
+0000045593 00000 n 
+0000045636 00000 n 
+0000045679 00000 n 
+0000045722 00000 n 
+0000045765 00000 n 
+0000045808 00000 n 
+0000045851 00000 n 
+0000045894 00000 n 
+0000045937 00000 n 
+0000045980 00000 n 
+0000046023 00000 n 
+0000046066 00000 n 
+0000046109 00000 n 
+0000046152 00000 n 
 0000046195 00000 n 
-0000046362 00000 n 
-0000046552 00000 n 
-0000049149 00000 n 
-0000049340 00000 n 
-0000052448 00000 n 
-0000052639 00000 n 
-0000056177 00000 n 
-0000056368 00000 n 
-0000056827 00000 n 
-0000056985 00000 n 
-0000057214 00000 n 
-0000057414 00000 n 
-0000059219 00000 n 
-0000059391 00000 n 
-0000061477 00000 n 
-0000061649 00000 n 
-0000063568 00000 n 
-0000063735 00000 n 
-0000065380 00000 n 
-0000065547 00000 n 
-0000067089 00000 n 
-0000067256 00000 n 
-0000068990 00000 n 
-0000069157 00000 n 
-0000070893 00000 n 
-0000071069 00000 n 
-0000072334 00000 n 
-0000072510 00000 n 
-0000073721 00000 n 
-0000073897 00000 n 
-0000075145 00000 n 
-0000075312 00000 n 
-0000076222 00000 n 
-0000076413 00000 n 
-0000078380 00000 n 
-0000078537 00000 n 
-0000080320 00000 n 
-0000080487 00000 n 
-0000082471 00000 n 
-0000082638 00000 n 
-0000083374 00000 n 
-0000083550 00000 n 
-0000084592 00000 n 
-0000084759 00000 n 
-0000086395 00000 n 
-0000086562 00000 n 
-0000087186 00000 n 
-0000087362 00000 n 
-0000088690 00000 n 
-0000088866 00000 n 
-0000089940 00000 n 
-0000090107 00000 n 
-0000090708 00000 n 
-0000090875 00000 n 
-0000092661 00000 n 
-0000092828 00000 n 
-0000094545 00000 n 
-0000094712 00000 n 
-0000096561 00000 n 
-0000096718 00000 n 
-0000097833 00000 n 
-0000098018 00000 n 
-0000099625 00000 n 
-0000099791 00000 n 
-0000100680 00000 n 
-0000100880 00000 n 
-0000102605 00000 n 
-0000102781 00000 n 
-0000104608 00000 n 
-0000104784 00000 n 
-0000105395 00000 n 
-0000105571 00000 n 
-0000106346 00000 n 
-0000106522 00000 n 
-0000107279 00000 n 
-0000107455 00000 n 
-0000108294 00000 n 
-0000108470 00000 n 
-0000109306 00000 n 
-0000109491 00000 n 
-0000110331 00000 n 
-0000110507 00000 n 
-0000111267 00000 n 
-0000111433 00000 n 
-0000112058 00000 n 
-0000112243 00000 n 
-0000113011 00000 n 
-0000113187 00000 n 
-0000114149 00000 n 
-0000114334 00000 n 
-0000115669 00000 n 
-0000115854 00000 n 
-0000116872 00000 n 
-0000117038 00000 n 
-0000117618 00000 n 
-0000117803 00000 n 
-0000118862 00000 n 
-0000119038 00000 n 
-0000119916 00000 n 
-0000120092 00000 n 
-0000121186 00000 n 
-0000121371 00000 n 
-0000122257 00000 n 
-0000122442 00000 n 
-0000123219 00000 n 
-0000123395 00000 n 
-0000123996 00000 n 
-0000124172 00000 n 
-0000124834 00000 n 
-0000125019 00000 n 
+0000046890 00000 n 
+0000047048 00000 n 
+0000047215 00000 n 
+0000047405 00000 n 
+0000050007 00000 n 
+0000050198 00000 n 
+0000053303 00000 n 
+0000053494 00000 n 
+0000057039 00000 n 
+0000057230 00000 n 
+0000057902 00000 n 
+0000058060 00000 n 
+0000058289 00000 n 
+0000058489 00000 n 
+0000060298 00000 n 
+0000060470 00000 n 
+0000062553 00000 n 
+0000062725 00000 n 
+0000064745 00000 n 
+0000064912 00000 n 
+0000066557 00000 n 
+0000066724 00000 n 
+0000068266 00000 n 
+0000068433 00000 n 
+0000070167 00000 n 
+0000070334 00000 n 
+0000072070 00000 n 
+0000072246 00000 n 
+0000073511 00000 n 
+0000073687 00000 n 
+0000074898 00000 n 
+0000075074 00000 n 
+0000076322 00000 n 
+0000076489 00000 n 
+0000077399 00000 n 
+0000077590 00000 n 
+0000079551 00000 n 
+0000079708 00000 n 
+0000081485 00000 n 
+0000081652 00000 n 
+0000083634 00000 n 
+0000083801 00000 n 
+0000084537 00000 n 
+0000084713 00000 n 
+0000085755 00000 n 
+0000085922 00000 n 
+0000087557 00000 n 
+0000087724 00000 n 
+0000088348 00000 n 
+0000088524 00000 n 
+0000089854 00000 n 
+0000090030 00000 n 
+0000091104 00000 n 
+0000091271 00000 n 
+0000091872 00000 n 
+0000092039 00000 n 
+0000093825 00000 n 
+0000093992 00000 n 
+0000095709 00000 n 
+0000095876 00000 n 
+0000097725 00000 n 
+0000097882 00000 n 
+0000098997 00000 n 
+0000099182 00000 n 
+0000100789 00000 n 
+0000100955 00000 n 
+0000101844 00000 n 
+0000102044 00000 n 
+0000103769 00000 n 
+0000103945 00000 n 
+0000105770 00000 n 
+0000105946 00000 n 
+0000106557 00000 n 
+0000106733 00000 n 
+0000107508 00000 n 
+0000107684 00000 n 
+0000108441 00000 n 
+0000108617 00000 n 
+0000109456 00000 n 
+0000109632 00000 n 
+0000110468 00000 n 
+0000110653 00000 n 
+0000111493 00000 n 
+0000111669 00000 n 
+0000112429 00000 n 
+0000112595 00000 n 
+0000113220 00000 n 
+0000113405 00000 n 
+0000114173 00000 n 
+0000114349 00000 n 
+0000115311 00000 n 
+0000115496 00000 n 
+0000116831 00000 n 
+0000117016 00000 n 
+0000118034 00000 n 
+0000118200 00000 n 
+0000118780 00000 n 
+0000118965 00000 n 
+0000120024 00000 n 
+0000120200 00000 n 
+0000121078 00000 n 
+0000121254 00000 n 
+0000122348 00000 n 
+0000122533 00000 n 
+0000123419 00000 n 
+0000123604 00000 n 
+0000124381 00000 n 
+0000124557 00000 n 
+0000125158 00000 n 
+0000125334 00000 n 
 0000125996 00000 n 
-0000126172 00000 n 
-0000127179 00000 n 
-0000127355 00000 n 
-0000128349 00000 n 
-0000128534 00000 n 
-0000129366 00000 n 
-0000129542 00000 n 
-0000130275 00000 n 
-0000130451 00000 n 
-0000131133 00000 n 
-0000131309 00000 n 
-0000132138 00000 n 
-0000132314 00000 n 
-0000133302 00000 n 
-0000133469 00000 n 
-0000134905 00000 n 
-0000135090 00000 n 
-0000135823 00000 n 
-0000136008 00000 n 
-0000136635 00000 n 
-0000136801 00000 n 
-0000137199 00000 n 
-0000137385 00000 n 
-0000138913 00000 n 
-0000139088 00000 n 
-0000140802 00000 n 
-0000140988 00000 n 
-0000142570 00000 n 
-0000142746 00000 n 
-0000144513 00000 n 
-0000144680 00000 n 
-0000145058 00000 n 
-0000145234 00000 n 
-0000146531 00000 n 
-0000146707 00000 n 
-0000148414 00000 n 
-0000148591 00000 n 
-0000150343 00000 n 
-0000150510 00000 n 
-0000152404 00000 n 
-0000152589 00000 n 
-0000153859 00000 n 
-0000154035 00000 n 
-0000155763 00000 n 
-0000155975 00000 n 
-0000157598 00000 n 
-0000157782 00000 n 
-0000158672 00000 n 
-0000158728 00000 n 
-0000158827 00000 n 
-0000158980 00000 n 
-0000159059 00000 n 
-0000159162 00000 n 
-0000159360 00000 n 
-0000159454 00000 n 
-0000159571 00000 n 
-0000159670 00000 n 
-0000159830 00000 n 
-0000159929 00000 n 
-0000160053 00000 n 
-0000160167 00000 n 
-0000160281 00000 n 
-0000160379 00000 n 
-0000160543 00000 n 
-0000160647 00000 n 
-0000160766 00000 n 
-0000160888 00000 n 
-0000161010 00000 n 
-0000161146 00000 n 
-0000161246 00000 n 
-0000161358 00000 n 
-0000161468 00000 n 
-0000161592 00000 n 
-0000161749 00000 n 
-0000161854 00000 n 
-0000161971 00000 n 
-0000162129 00000 n 
-0000162233 00000 n 
-0000162350 00000 n 
-0000162472 00000 n 
-0000162589 00000 n 
-0000162706 00000 n 
-0000162824 00000 n 
-0000162942 00000 n 
-0000163064 00000 n 
-0000163186 00000 n 
-0000163310 00000 n 
-0000163434 00000 n 
-0000163553 00000 n 
-0000163672 00000 n 
-0000163796 00000 n 
-0000163907 00000 n 
-0000164064 00000 n 
-0000164163 00000 n 
-0000164264 00000 n 
-0000164371 00000 n 
-0000164530 00000 n 
-0000164669 00000 n 
-0000164780 00000 n 
-0000164911 00000 n 
-0000165024 00000 n 
-0000165153 00000 n 
-0000165243 00000 n 
-0000165408 00000 n 
-0000165507 00000 n 
-0000165616 00000 n 
-0000165730 00000 n 
-0000165839 00000 n 
-0000165946 00000 n 
-0000166056 00000 n 
-0000166169 00000 n 
-0000166281 00000 n 
-0000166387 00000 n 
-0000166519 00000 n 
-0000166676 00000 n 
-0000166811 00000 n 
-0000166907 00000 n 
-0000167003 00000 n 
-0000167159 00000 n 
-0000167253 00000 n 
-0000167367 00000 n 
-0000167466 00000 n 
-0000167633 00000 n 
-0000167733 00000 n 
-0000167841 00000 n 
-0000167947 00000 n 
-0000168068 00000 n 
-0000168195 00000 n 
-0000168312 00000 n 
-0000168435 00000 n 
-0000168566 00000 n 
-0000168683 00000 n 
-0000168795 00000 n 
-0000168913 00000 n 
-0000169019 00000 n 
-0000169187 00000 n 
-0000169297 00000 n 
-0000169417 00000 n 
-0000169542 00000 n 
-0000169657 00000 n 
-0000169760 00000 n 
-0000169922 00000 n 
-0000170024 00000 n 
-0000170122 00000 n 
-0000170284 00000 n 
-0000170387 00000 n 
-0000170495 00000 n 
-0000170677 00000 n 
-0000170777 00000 n 
-0000170887 00000 n 
-0000170984 00000 n 
-0000171120 00000 n 
-0000171224 00000 n 
-0000171328 00000 n 
-0000171495 00000 n 
-0000171591 00000 n 
-0000171731 00000 n 
-0000171849 00000 n 
-0000171998 00000 n 
-0000172121 00000 n 
-0000172284 00000 n 
-0000172372 00000 n 
-0000172538 00000 n 
+0000126181 00000 n 
+0000127158 00000 n 
+0000127334 00000 n 
+0000128341 00000 n 
+0000128517 00000 n 
+0000129511 00000 n 
+0000129696 00000 n 
+0000130528 00000 n 
+0000130704 00000 n 
+0000131437 00000 n 
+0000131613 00000 n 
+0000132295 00000 n 
+0000132471 00000 n 
+0000133300 00000 n 
+0000133476 00000 n 
+0000134464 00000 n 
+0000134631 00000 n 
+0000136067 00000 n 
+0000136252 00000 n 
+0000136985 00000 n 
+0000137170 00000 n 
+0000137797 00000 n 
+0000137963 00000 n 
+0000138361 00000 n 
+0000138547 00000 n 
+0000140075 00000 n 
+0000140250 00000 n 
+0000141964 00000 n 
+0000142150 00000 n 
+0000143732 00000 n 
+0000143908 00000 n 
+0000145674 00000 n 
+0000145841 00000 n 
+0000146219 00000 n 
+0000146395 00000 n 
+0000147692 00000 n 
+0000147868 00000 n 
+0000149572 00000 n 
+0000149749 00000 n 
+0000151501 00000 n 
+0000151668 00000 n 
+0000153562 00000 n 
+0000153747 00000 n 
+0000155017 00000 n 
+0000155193 00000 n 
+0000156921 00000 n 
+0000157133 00000 n 
+0000158757 00000 n 
+0000158941 00000 n 
+0000159854 00000 n 
+0000160039 00000 n 
+0000161039 00000 n 
+0000161095 00000 n 
+0000161194 00000 n 
+0000161347 00000 n 
+0000161426 00000 n 
+0000161529 00000 n 
+0000161727 00000 n 
+0000161821 00000 n 
+0000161938 00000 n 
+0000162037 00000 n 
+0000162197 00000 n 
+0000162296 00000 n 
+0000162420 00000 n 
+0000162534 00000 n 
+0000162648 00000 n 
+0000162746 00000 n 
+0000162910 00000 n 
+0000163014 00000 n 
+0000163133 00000 n 
+0000163255 00000 n 
+0000163377 00000 n 
+0000163513 00000 n 
+0000163613 00000 n 
+0000163725 00000 n 
+0000163835 00000 n 
+0000163959 00000 n 
+0000164116 00000 n 
+0000164221 00000 n 
+0000164338 00000 n 
+0000164496 00000 n 
+0000164600 00000 n 
+0000164717 00000 n 
+0000164839 00000 n 
+0000164956 00000 n 
+0000165073 00000 n 
+0000165191 00000 n 
+0000165309 00000 n 
+0000165431 00000 n 
+0000165553 00000 n 
+0000165677 00000 n 
+0000165801 00000 n 
+0000165920 00000 n 
+0000166039 00000 n 
+0000166163 00000 n 
+0000166274 00000 n 
+0000166431 00000 n 
+0000166530 00000 n 
+0000166631 00000 n 
+0000166738 00000 n 
+0000166897 00000 n 
+0000167036 00000 n 
+0000167147 00000 n 
+0000167278 00000 n 
+0000167391 00000 n 
+0000167520 00000 n 
+0000167610 00000 n 
+0000167775 00000 n 
+0000167874 00000 n 
+0000167983 00000 n 
+0000168097 00000 n 
+0000168206 00000 n 
+0000168313 00000 n 
+0000168423 00000 n 
+0000168536 00000 n 
+0000168648 00000 n 
+0000168754 00000 n 
+0000168886 00000 n 
+0000169043 00000 n 
+0000169178 00000 n 
+0000169274 00000 n 
+0000169370 00000 n 
+0000169526 00000 n 
+0000169620 00000 n 
+0000169734 00000 n 
+0000169833 00000 n 
+0000170000 00000 n 
+0000170100 00000 n 
+0000170208 00000 n 
+0000170314 00000 n 
+0000170435 00000 n 
+0000170562 00000 n 
+0000170679 00000 n 
+0000170802 00000 n 
+0000170933 00000 n 
+0000171050 00000 n 
+0000171162 00000 n 
+0000171280 00000 n 
+0000171386 00000 n 
+0000171554 00000 n 
+0000171664 00000 n 
+0000171784 00000 n 
+0000171909 00000 n 
+0000172024 00000 n 
+0000172127 00000 n 
+0000172289 00000 n 
+0000172391 00000 n 
+0000172489 00000 n 
 0000172651 00000 n 
-0000172772 00000 n 
-0000172905 00000 n 
-0000173048 00000 n 
-0000173149 00000 n 
-0000173265 00000 n 
-0000173366 00000 n 
-0000173514 00000 n 
-0000173630 00000 n 
-0000173727 00000 n 
-0000173845 00000 n 
-0000173940 00000 n 
-0000174103 00000 n 
-0000174203 00000 n 
-0000174321 00000 n 
-0000174427 00000 n 
+0000172754 00000 n 
+0000172862 00000 n 
+0000173044 00000 n 
+0000173144 00000 n 
+0000173254 00000 n 
+0000173351 00000 n 
+0000173487 00000 n 
+0000173591 00000 n 
+0000173695 00000 n 
+0000173862 00000 n 
+0000173958 00000 n 
+0000174098 00000 n 
+0000174216 00000 n 
+0000174367 00000 n 
+0000174490 00000 n 
+0000174653 00000 n 
+0000174741 00000 n 
+0000174907 00000 n 
+0000175020 00000 n 
+0000175141 00000 n 
+0000175274 00000 n 
+0000175417 00000 n 
+0000175518 00000 n 
+0000175634 00000 n 
+0000175735 00000 n 
+0000175883 00000 n 
+0000175999 00000 n 
+0000176096 00000 n 
+0000176214 00000 n 
+0000176309 00000 n 
+0000176485 00000 n 
+0000176585 00000 n 
+0000176703 00000 n 
+0000176810 00000 n 
+0000176961 00000 n 
+0000177054 00000 n 
+0000177158 00000 n 
 trailer
-<</Size 806/Root 805 0 R/Info 1 0 R/ID[<7fd6ff3b92a5faaa32c7fae07a75de5e><7fd6ff3b92a5faaa32c7fae07a75de5e>]>>
+<</Size 820/Root 819 0 R/Info 1 0 R/ID[<7b9583ab0e3792f751adca5026f42dd3><7b9583ab0e3792f751adca5026f42dd3>]>>
 startxref
-174907
+177658
 %%EOF
diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf
index 1dedb444bd..fb5e53a515 100644
--- a/docs/Samba-HOWTO-Collection.pdf
+++ b/docs/Samba-HOWTO-Collection.pdf
@@ -1,6 +1,6 @@
 %PDF-1.3
 %âãÏÓ
-1 0 obj<</Producer(htmldoc 1.8.22 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)/CreationDate(D:20030115201049+0600)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.77)>>endobj
+1 0 obj<</Producer(htmldoc 1.8.22 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)/CreationDate(D:20030218225925-0100)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.77+)>>endobj
 2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj
 3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj
 4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj
@@ -13,48 +13,55 @@
 11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
 12 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
 13 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
-14 0 obj<</Subtype/Link/Rect[72.0 684.0 223.5 697.0]/Border[0 0 0]/Dest[1384 0 R/XYZ 0 734 0]>>endobj
-15 0 obj<</Subtype/Link/Rect[108.0 670.8 174.9 683.8]/Border[0 0 0]/Dest[1384 0 R/XYZ 0 696 0]>>endobj
-16 0 obj<</Subtype/Link/Rect[72.0 644.4 112.9 657.4]/Border[0 0 0]/Dest[1386 0 R/XYZ 0 734 0]>>endobj
-17 0 obj<</Subtype/Link/Rect[72.0 618.0 175.0 631.0]/Border[0 0 0]/Dest[1394 0 R/XYZ 0 734 0]>>endobj
-18 0 obj<</Subtype/Link/Rect[72.0 591.6 131.9 604.6]/Border[0 0 0]/Dest[1396 0 R/XYZ 0 734 0]>>endobj
-19 0 obj<</Subtype/Link/Rect[72.0 565.2 277.3 578.2]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 734 0]>>endobj
-20 0 obj<</Subtype/Link/Rect[108.0 552.0 215.5 565.0]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 696 0]>>endobj
-21 0 obj<</Subtype/Link/Rect[108.0 538.8 221.4 551.8]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 568 0]>>endobj
-22 0 obj<</Subtype/Link/Rect[108.0 525.6 224.1 538.6]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 163 0]>>endobj
-23 0 obj<</Subtype/Link/Rect[108.0 512.4 275.4 525.4]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 734 0]>>endobj
-24 0 obj<</Subtype/Link/Rect[108.0 499.2 280.3 512.2]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 385 0]>>endobj
-25 0 obj<</Subtype/Link/Rect[108.0 486.0 251.3 499.0]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 257 0]>>endobj
-26 0 obj<</Subtype/Link/Rect[126.0 472.8 259.5 485.8]/Border[0 0 0]/Dest[1404 0 R/XYZ 0 734 0]>>endobj
-27 0 obj<</Subtype/Link/Rect[126.0 459.6 307.8 472.6]/Border[0 0 0]/Dest[1404 0 R/XYZ 0 247 0]>>endobj
-28 0 obj<</Subtype/Link/Rect[108.0 446.4 328.6 459.4]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 665 0]>>endobj
-29 0 obj<</Subtype/Link/Rect[108.0 433.2 282.2 446.2]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 498 0]>>endobj
-30 0 obj<</Subtype/Link/Rect[108.0 420.0 478.0 433.0]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 330 0]>>endobj
-31 0 obj<</Subtype/Link/Rect[108.0 406.8 259.4 419.8]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 734 0]>>endobj
-32 0 obj<</Subtype/Link/Rect[126.0 393.6 254.0 406.6]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 553 0]>>endobj
-33 0 obj<</Subtype/Link/Rect[126.0 380.4 204.5 393.4]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 494 0]>>endobj
-34 0 obj<</Subtype/Link/Rect[126.0 367.2 285.2 380.2]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 409 0]>>endobj
-35 0 obj<</Subtype/Link/Rect[126.0 354.0 313.6 367.0]/Border[0 0 0]/Dest[1410 0 R/XYZ 0 734 0]>>endobj
-36 0 obj<</Subtype/Link/Rect[126.0 340.8 195.7 353.8]/Border[0 0 0]/Dest[1410 0 R/XYZ 0 583 0]>>endobj
-37 0 obj<</Subtype/Link/Rect[126.0 327.6 250.3 340.6]/Border[0 0 0]/Dest[1410 0 R/XYZ 0 128 0]>>endobj
-38 0 obj<</Subtype/Link/Rect[72.0 301.2 262.7 314.2]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 734 0]>>endobj
-39 0 obj<</Subtype/Link/Rect[108.0 288.0 226.2 301.0]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 696 0]>>endobj
-40 0 obj<</Subtype/Link/Rect[108.0 274.8 247.9 287.8]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 515 0]>>endobj
-41 0 obj<</Subtype/Link/Rect[108.0 261.6 211.3 274.6]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 137 0]>>endobj
-42 0 obj<</Subtype/Link/Rect[108.0 248.4 236.0 261.4]/Border[0 0 0]/Dest[1416 0 R/XYZ 0 533 0]>>endobj
-43 0 obj<</Subtype/Link/Rect[126.0 235.2 331.3 248.2]/Border[0 0 0]/Dest[1416 0 R/XYZ 0 273 0]>>endobj
-44 0 obj<</Subtype/Link/Rect[108.0 222.0 240.3 235.0]/Border[0 0 0]/Dest[1422 0 R/XYZ 0 560 0]>>endobj
-45 0 obj<</Subtype/Link/Rect[108.0 208.8 310.3 221.8]/Border[0 0 0]/Dest[1424 0 R/XYZ 0 613 0]>>endobj
-46 0 obj<</Subtype/Link/Rect[108.0 195.6 284.6 208.6]/Border[0 0 0]/Dest[1426 0 R/XYZ 0 622 0]>>endobj
-47 0 obj<</Subtype/Link/Rect[108.0 182.4 265.0 195.4]/Border[0 0 0]/Dest[1426 0 R/XYZ 0 266 0]>>endobj
-48 0 obj<</Subtype/Link/Rect[108.0 169.2 276.3 182.2]/Border[0 0 0]/Dest[1428 0 R/XYZ 0 520 0]>>endobj
-49 0 obj<</Subtype/Link/Rect[108.0 156.0 271.1 169.0]/Border[0 0 0]/Dest[1430 0 R/XYZ 0 734 0]>>endobj
-50 0 obj<</Subtype/Link/Rect[108.0 142.8 216.2 155.8]/Border[0 0 0]/Dest[1430 0 R/XYZ 0 645 0]>>endobj
-51 0 obj<</Subtype/Link/Rect[72.0 116.4 163.4 129.4]/Border[0 0 0]/Dest[1432 0 R/XYZ 0 734 0]>>endobj
-52 0 obj<</Subtype/Link/Rect[108.0 103.2 209.1 116.2]/Border[0 0 0]/Dest[1432 0 R/XYZ 0 696 0]>>endobj
-53 0 obj[14 0 R
-15 0 R
-16 0 R
+14 0 obj<</Type/XObject/Subtype/Image/ColorSpace/DeviceGray/Interpolate true/Filter/FlateDecode/Width 24/Height 24/BitsPerComponent 8/Length 250       >>stream
+x
UQ+–1¼ßÊ‘kGŽl;2²®À"c#‘‘X$G`IwèÙ�׺(¾qOÑ%ùsÛN Š�o$•¦š™àQ�Ü4FÛ¾Qz'`Ô/‹ËÞ~
Läòì,û¯vuÓGo¡²— u›“jc™\ß±
ÚXI�3+cðÑEd‚Jk{Ãó÷çQÐ[ëòñ^X„àê¾øRƒo8ÐzÍ‘uá(dö*“GÉs(y›î
üêõxÞ‹ÇYgäÚ(�ï‘{E“ó䢡	{_‰3–û^ô¨žSd´î§é8ãæ„×<##~æ­•$:sð»›0Bˆ3ïå9÷dendstream
+endobj
+15 0 obj<</Type/XObject/Subtype/Image/ColorSpace[/Indexed/DeviceRGB 53<0800001000001800002100002900003100004200004A00005200005A00006B00007300007B00008400008C0000940000947B7B9C52529C5A5A9C7B7BA50000A53939A54A4AA58484A59494A5A5A5AD0000AD3131AD9494B50000B52929B59C9CB5A5A5B5B5B5BD0000BDADADC60000C61010C61818C6C6C6CE0000CE2929D60000D62929D6D6D6DE0000DEDEDEE70000E72121EF0808EFEFEFF70000F7F7F7FFFFFF>]/Interpolate true/Filter/FlateDecode/Width 24/Height 24/BitsPerComponent 8/Length 223       >>stream
+x
UQ‡‚05âÀ�â8@‹´öÿÍÚ4¥¦wo%w•R+©8¸çóCŒ+N"]ׂ*³ÏW
,D¶1Ž|áŠØi"%õ~öÄ0íÈ)ûÜ��1ªlN!3€Ž1ˆìTÆ4HÔ†ÞË<ê <~õZ>ynõ¯.ŒHãê«>LÜê…K·ùbØŽ¼ÑŸ'4¦øËûŽžY}Íü�-?f&tïA¿Â{2é“»�7L}On4žïàKùIÿˆ" Ÿä	õP†B‡hïG]áz˜$>—ÐÔ³å.mcoendstream
+endobj
+16 0 obj<</Subtype/Link/Rect[72.0 684.0 223.5 697.0]/Border[0 0 0]/Dest[1389 0 R/XYZ 0 734 0]>>endobj
+17 0 obj<</Subtype/Link/Rect[108.0 670.8 174.9 683.8]/Border[0 0 0]/Dest[1389 0 R/XYZ 0 696 0]>>endobj
+18 0 obj<</Subtype/Link/Rect[72.0 644.4 112.9 657.4]/Border[0 0 0]/Dest[1391 0 R/XYZ 0 734 0]>>endobj
+19 0 obj<</Subtype/Link/Rect[72.0 618.0 175.0 631.0]/Border[0 0 0]/Dest[1399 0 R/XYZ 0 734 0]>>endobj
+20 0 obj<</Subtype/Link/Rect[72.0 591.6 131.9 604.6]/Border[0 0 0]/Dest[1401 0 R/XYZ 0 734 0]>>endobj
+21 0 obj<</Subtype/Link/Rect[72.0 565.2 277.3 578.2]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 734 0]>>endobj
+22 0 obj<</Subtype/Link/Rect[108.0 552.0 215.5 565.0]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 696 0]>>endobj
+23 0 obj<</Subtype/Link/Rect[108.0 538.8 221.4 551.8]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 568 0]>>endobj
+24 0 obj<</Subtype/Link/Rect[108.0 525.6 224.1 538.6]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 163 0]>>endobj
+25 0 obj<</Subtype/Link/Rect[108.0 512.4 275.4 525.4]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 734 0]>>endobj
+26 0 obj<</Subtype/Link/Rect[108.0 499.2 280.3 512.2]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 385 0]>>endobj
+27 0 obj<</Subtype/Link/Rect[108.0 486.0 251.3 499.0]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 257 0]>>endobj
+28 0 obj<</Subtype/Link/Rect[126.0 472.8 259.5 485.8]/Border[0 0 0]/Dest[1409 0 R/XYZ 0 734 0]>>endobj
+29 0 obj<</Subtype/Link/Rect[126.0 459.6 307.8 472.6]/Border[0 0 0]/Dest[1409 0 R/XYZ 0 247 0]>>endobj
+30 0 obj<</Subtype/Link/Rect[108.0 446.4 328.6 459.4]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 665 0]>>endobj
+31 0 obj<</Subtype/Link/Rect[108.0 433.2 282.2 446.2]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 498 0]>>endobj
+32 0 obj<</Subtype/Link/Rect[108.0 420.0 478.0 433.0]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 330 0]>>endobj
+33 0 obj<</Subtype/Link/Rect[108.0 406.8 259.4 419.8]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 734 0]>>endobj
+34 0 obj<</Subtype/Link/Rect[126.0 393.6 254.0 406.6]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 553 0]>>endobj
+35 0 obj<</Subtype/Link/Rect[126.0 380.4 204.5 393.4]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 494 0]>>endobj
+36 0 obj<</Subtype/Link/Rect[126.0 367.2 285.2 380.2]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 409 0]>>endobj
+37 0 obj<</Subtype/Link/Rect[126.0 354.0 313.6 367.0]/Border[0 0 0]/Dest[1415 0 R/XYZ 0 734 0]>>endobj
+38 0 obj<</Subtype/Link/Rect[126.0 340.8 195.7 353.8]/Border[0 0 0]/Dest[1415 0 R/XYZ 0 583 0]>>endobj
+39 0 obj<</Subtype/Link/Rect[126.0 327.6 250.3 340.6]/Border[0 0 0]/Dest[1415 0 R/XYZ 0 128 0]>>endobj
+40 0 obj<</Subtype/Link/Rect[72.0 301.2 435.9 314.2]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 734 0]>>endobj
+41 0 obj<</Subtype/Link/Rect[108.0 288.0 175.5 301.0]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 604 0]>>endobj
+42 0 obj<</Subtype/Link/Rect[108.0 274.8 313.1 287.8]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 159 0]>>endobj
+43 0 obj<</Subtype/Link/Rect[108.0 261.6 326.2 274.6]/Border[0 0 0]/Dest[1421 0 R/XYZ 0 509 0]>>endobj
+44 0 obj<</Subtype/Link/Rect[108.0 248.4 187.1 261.4]/Border[0 0 0]/Dest[1421 0 R/XYZ 0 331 0]>>endobj
+45 0 obj<</Subtype/Link/Rect[108.0 235.2 425.7 248.2]/Border[0 0 0]/Dest[1423 0 R/XYZ 0 494 0]>>endobj
+46 0 obj<</Subtype/Link/Rect[108.0 222.0 232.3 235.0]/Border[0 0 0]/Dest[1423 0 R/XYZ 0 213 0]>>endobj
+47 0 obj<</Subtype/Link/Rect[72.0 195.6 250.1 208.6]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 734 0]>>endobj
+48 0 obj<</Subtype/Link/Rect[108.0 182.4 181.6 195.4]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 696 0]>>endobj
+49 0 obj<</Subtype/Link/Rect[108.0 169.2 268.7 182.2]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 449 0]>>endobj
+50 0 obj<</Subtype/Link/Rect[126.0 156.0 295.0 169.0]/Border[0 0 0]/Dest[1429 0 R/XYZ 0 676 0]>>endobj
+51 0 obj<</Subtype/Link/Rect[126.0 142.8 334.7 155.8]/Border[0 0 0]/Dest[1429 0 R/XYZ 0 559 0]>>endobj
+52 0 obj<</Subtype/Link/Rect[108.0 129.6 246.4 142.6]/Border[0 0 0]/Dest[1429 0 R/XYZ 0 452 0]>>endobj
+53 0 obj<</Subtype/Link/Rect[108.0 116.4 169.1 129.4]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 639 0]>>endobj
+54 0 obj<</Subtype/Link/Rect[108.0 103.2 149.2 116.2]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 551 0]>>endobj
+55 0 obj<</Subtype/Link/Rect[108.0 90.0 156.0 103.0]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 475 0]>>endobj
+56 0 obj<</Subtype/Link/Rect[126.0 76.8 207.9 89.8]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 442 0]>>endobj
+57 0 obj<</Subtype/Link/Rect[126.0 63.6 207.9 76.6]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 185 0]>>endobj
+58 0 obj[16 0 R
 17 0 R
 18 0 R
 19 0 R
@@ -90,55 +97,56 @@
 49 0 R
 50 0 R
 51 0 R
-52 0 R]endobj
-54 0 obj<</Subtype/Link/Rect[72.0 684.0 435.9 697.0]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 734 0]>>endobj
-55 0 obj<</Subtype/Link/Rect[108.0 670.8 175.5 683.8]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 604 0]>>endobj
-56 0 obj<</Subtype/Link/Rect[108.0 657.6 313.1 670.6]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 159 0]>>endobj
-57 0 obj<</Subtype/Link/Rect[108.0 644.4 326.2 657.4]/Border[0 0 0]/Dest[1436 0 R/XYZ 0 483 0]>>endobj
-58 0 obj<</Subtype/Link/Rect[108.0 631.2 187.1 644.2]/Border[0 0 0]/Dest[1436 0 R/XYZ 0 305 0]>>endobj
-59 0 obj<</Subtype/Link/Rect[108.0 618.0 425.7 631.0]/Border[0 0 0]/Dest[1438 0 R/XYZ 0 467 0]>>endobj
-60 0 obj<</Subtype/Link/Rect[108.0 604.8 232.3 617.8]/Border[0 0 0]/Dest[1438 0 R/XYZ 0 187 0]>>endobj
-61 0 obj<</Subtype/Link/Rect[72.0 578.4 355.3 591.4]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 734 0]>>endobj
-62 0 obj<</Subtype/Link/Rect[108.0 565.2 181.6 578.2]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 672 0]>>endobj
-63 0 obj<</Subtype/Link/Rect[108.0 552.0 268.7 565.0]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 531 0]>>endobj
-64 0 obj<</Subtype/Link/Rect[126.0 538.8 295.0 551.8]/Border[0 0 0]/Dest[1444 0 R/XYZ 0 734 0]>>endobj
-65 0 obj<</Subtype/Link/Rect[126.0 525.6 334.7 538.6]/Border[0 0 0]/Dest[1444 0 R/XYZ 0 609 0]>>endobj
-66 0 obj<</Subtype/Link/Rect[108.0 512.4 246.4 525.4]/Border[0 0 0]/Dest[1444 0 R/XYZ 0 511 0]>>endobj
-67 0 obj<</Subtype/Link/Rect[72.0 486.0 177.1 499.0]/Border[0 0 0]/Dest[1448 0 R/XYZ 0 734 0]>>endobj
-68 0 obj<</Subtype/Link/Rect[72.0 459.6 131.9 472.6]/Border[0 0 0]/Dest[1450 0 R/XYZ 0 734 0]>>endobj
-69 0 obj<</Subtype/Link/Rect[72.0 433.2 423.4 446.2]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 734 0]>>endobj
-70 0 obj<</Subtype/Link/Rect[108.0 420.0 219.2 433.0]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 672 0]>>endobj
-71 0 obj<</Subtype/Link/Rect[108.0 406.8 181.0 419.8]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 584 0]>>endobj
-72 0 obj<</Subtype/Link/Rect[108.0 393.6 316.1 406.6]/Border[0 0 0]/Dest[1454 0 R/XYZ 0 718 0]>>endobj
-73 0 obj<</Subtype/Link/Rect[108.0 380.4 430.0 393.4]/Border[0 0 0]/Dest[1456 0 R/XYZ 0 613 0]>>endobj
-74 0 obj<</Subtype/Link/Rect[126.0 367.2 351.2 380.2]/Border[0 0 0]/Dest[1456 0 R/XYZ 0 227 0]>>endobj
-75 0 obj<</Subtype/Link/Rect[126.0 354.0 380.5 367.0]/Border[0 0 0]/Dest[1458 0 R/XYZ 0 319 0]>>endobj
-76 0 obj<</Subtype/Link/Rect[126.0 340.8 297.4 353.8]/Border[0 0 0]/Dest[1460 0 R/XYZ 0 734 0]>>endobj
-77 0 obj<</Subtype/Link/Rect[108.0 327.6 261.4 340.6]/Border[0 0 0]/Dest[1460 0 R/XYZ 0 385 0]>>endobj
-78 0 obj<</Subtype/Link/Rect[108.0 314.4 252.8 327.4]/Border[0 0 0]/Dest[1462 0 R/XYZ 0 129 0]>>endobj
-79 0 obj<</Subtype/Link/Rect[108.0 301.2 243.6 314.2]/Border[0 0 0]/Dest[1464 0 R/XYZ 0 124 0]>>endobj
-80 0 obj<</Subtype/Link/Rect[108.0 288.0 292.9 301.0]/Border[0 0 0]/Dest[1470 0 R/XYZ 0 507 0]>>endobj
-81 0 obj<</Subtype/Link/Rect[126.0 274.8 350.0 287.8]/Border[0 0 0]/Dest[1472 0 R/XYZ 0 520 0]>>endobj
-82 0 obj<</Subtype/Link/Rect[126.0 261.6 424.2 274.6]/Border[0 0 0]/Dest[1474 0 R/XYZ 0 734 0]>>endobj
-83 0 obj<</Subtype/Link/Rect[108.0 248.4 431.0 261.4]/Border[0 0 0]/Dest[1482 0 R/XYZ 0 718 0]>>endobj
-84 0 obj<</Subtype/Link/Rect[72.0 222.0 512.6 235.0]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 734 0]>>endobj
-85 0 obj<</Subtype/Link/Rect[108.0 208.8 219.2 221.8]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 672 0]>>endobj
-86 0 obj<</Subtype/Link/Rect[108.0 195.6 181.0 208.6]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 597 0]>>endobj
-87 0 obj<</Subtype/Link/Rect[108.0 182.4 359.1 195.4]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 225 0]>>endobj
-88 0 obj<</Subtype/Link/Rect[126.0 169.2 382.3 182.2]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 734 0]>>endobj
-89 0 obj<</Subtype/Link/Rect[126.0 156.0 269.0 169.0]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 609 0]>>endobj
-90 0 obj<</Subtype/Link/Rect[108.0 142.8 325.8 155.8]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 524 0]>>endobj
-91 0 obj<</Subtype/Link/Rect[108.0 129.6 268.1 142.6]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 383 0]>>endobj
-92 0 obj<</Subtype/Link/Rect[126.0 116.4 327.6 129.4]/Border[0 0 0]/Dest[1490 0 R/XYZ 0 620 0]>>endobj
-93 0 obj<</Subtype/Link/Rect[72.0 90.0 282.8 103.0]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 734 0]>>endobj
-94 0 obj<</Subtype/Link/Rect[108.0 76.8 317.6 89.8]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 524 0]>>endobj
-95 0 obj<</Subtype/Link/Rect[108.0 63.6 319.4 76.6]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 417 0]>>endobj
-96 0 obj[54 0 R
+52 0 R
+53 0 R
+54 0 R
 55 0 R
 56 0 R
-57 0 R
-58 0 R
-59 0 R
+57 0 R]endobj
+59 0 obj<</Subtype/Link/Rect[72.0 684.0 250.1 697.0]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 734 0]>>endobj
+60 0 obj<</Subtype/Link/Rect[126.0 670.8 265.9 683.8]/Border[0 0 0]/Dest[1433 0 R/XYZ 0 349 0]>>endobj
+61 0 obj<</Subtype/Link/Rect[126.0 657.6 405.0 670.6]/Border[0 0 0]/Dest[1433 0 R/XYZ 0 251 0]>>endobj
+62 0 obj<</Subtype/Link/Rect[126.0 644.4 293.8 657.4]/Border[0 0 0]/Dest[1435 0 R/XYZ 0 547 0]>>endobj
+63 0 obj<</Subtype/Link/Rect[126.0 631.2 307.8 644.2]/Border[0 0 0]/Dest[1439 0 R/XYZ 0 734 0]>>endobj
+64 0 obj<</Subtype/Link/Rect[126.0 618.0 276.9 631.0]/Border[0 0 0]/Dest[1439 0 R/XYZ 0 543 0]>>endobj
+65 0 obj<</Subtype/Link/Rect[126.0 604.8 351.5 617.8]/Border[0 0 0]/Dest[1439 0 R/XYZ 0 164 0]>>endobj
+66 0 obj<</Subtype/Link/Rect[126.0 591.6 345.0 604.6]/Border[0 0 0]/Dest[1441 0 R/XYZ 0 151 0]>>endobj
+67 0 obj<</Subtype/Link/Rect[108.0 578.4 163.3 591.4]/Border[0 0 0]/Dest[1443 0 R/XYZ 0 322 0]>>endobj
+68 0 obj<</Subtype/Link/Rect[126.0 565.2 192.0 578.2]/Border[0 0 0]/Dest[1443 0 R/XYZ 0 289 0]>>endobj
+69 0 obj<</Subtype/Link/Rect[126.0 552.0 248.2 565.0]/Border[0 0 0]/Dest[1443 0 R/XYZ 0 191 0]>>endobj
+70 0 obj<</Subtype/Link/Rect[126.0 538.8 207.3 551.8]/Border[0 0 0]/Dest[1445 0 R/XYZ 0 734 0]>>endobj
+71 0 obj<</Subtype/Link/Rect[126.0 525.6 371.9 538.6]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 679 0]>>endobj
+72 0 obj<</Subtype/Link/Rect[126.0 512.4 330.5 525.4]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 528 0]>>endobj
+73 0 obj<</Subtype/Link/Rect[108.0 499.2 215.9 512.2]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 390 0]>>endobj
+74 0 obj<</Subtype/Link/Rect[126.0 486.0 192.0 499.0]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 357 0]>>endobj
+75 0 obj<</Subtype/Link/Rect[126.0 472.8 181.0 485.8]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 272 0]>>endobj
+76 0 obj<</Subtype/Link/Rect[72.0 446.4 177.1 459.4]/Border[0 0 0]/Dest[1449 0 R/XYZ 0 734 0]>>endobj
+77 0 obj<</Subtype/Link/Rect[72.0 420.0 131.9 433.0]/Border[0 0 0]/Dest[1451 0 R/XYZ 0 734 0]>>endobj
+78 0 obj<</Subtype/Link/Rect[72.0 393.6 398.6 406.6]/Border[0 0 0]/Dest[1453 0 R/XYZ 0 734 0]>>endobj
+79 0 obj<</Subtype/Link/Rect[72.0 367.2 384.0 380.2]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 734 0]>>endobj
+80 0 obj<</Subtype/Link/Rect[108.0 354.0 219.2 367.0]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 672 0]>>endobj
+81 0 obj<</Subtype/Link/Rect[108.0 340.8 181.0 353.8]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 584 0]>>endobj
+82 0 obj<</Subtype/Link/Rect[108.0 327.6 316.1 340.6]/Border[0 0 0]/Dest[1459 0 R/XYZ 0 718 0]>>endobj
+83 0 obj<</Subtype/Link/Rect[108.0 314.4 430.0 327.4]/Border[0 0 0]/Dest[1461 0 R/XYZ 0 613 0]>>endobj
+84 0 obj<</Subtype/Link/Rect[126.0 301.2 351.2 314.2]/Border[0 0 0]/Dest[1461 0 R/XYZ 0 227 0]>>endobj
+85 0 obj<</Subtype/Link/Rect[126.0 288.0 380.5 301.0]/Border[0 0 0]/Dest[1463 0 R/XYZ 0 315 0]>>endobj
+86 0 obj<</Subtype/Link/Rect[126.0 274.8 297.4 287.8]/Border[0 0 0]/Dest[1465 0 R/XYZ 0 734 0]>>endobj
+87 0 obj<</Subtype/Link/Rect[108.0 261.6 261.4 274.6]/Border[0 0 0]/Dest[1465 0 R/XYZ 0 385 0]>>endobj
+88 0 obj<</Subtype/Link/Rect[108.0 248.4 252.8 261.4]/Border[0 0 0]/Dest[1467 0 R/XYZ 0 129 0]>>endobj
+89 0 obj<</Subtype/Link/Rect[108.0 235.2 243.6 248.2]/Border[0 0 0]/Dest[1469 0 R/XYZ 0 124 0]>>endobj
+90 0 obj<</Subtype/Link/Rect[108.0 222.0 292.9 235.0]/Border[0 0 0]/Dest[1475 0 R/XYZ 0 507 0]>>endobj
+91 0 obj<</Subtype/Link/Rect[126.0 208.8 350.0 221.8]/Border[0 0 0]/Dest[1477 0 R/XYZ 0 520 0]>>endobj
+92 0 obj<</Subtype/Link/Rect[126.0 195.6 424.2 208.6]/Border[0 0 0]/Dest[1479 0 R/XYZ 0 734 0]>>endobj
+93 0 obj<</Subtype/Link/Rect[108.0 182.4 431.0 195.4]/Border[0 0 0]/Dest[1487 0 R/XYZ 0 734 0]>>endobj
+94 0 obj<</Subtype/Link/Rect[72.0 156.0 512.6 169.0]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 734 0]>>endobj
+95 0 obj<</Subtype/Link/Rect[108.0 142.8 219.2 155.8]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 672 0]>>endobj
+96 0 obj<</Subtype/Link/Rect[108.0 129.6 181.0 142.6]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 597 0]>>endobj
+97 0 obj<</Subtype/Link/Rect[108.0 116.4 359.1 129.4]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 225 0]>>endobj
+98 0 obj<</Subtype/Link/Rect[126.0 103.2 382.3 116.2]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 734 0]>>endobj
+99 0 obj<</Subtype/Link/Rect[126.0 90.0 269.0 103.0]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 609 0]>>endobj
+100 0 obj<</Subtype/Link/Rect[108.0 76.8 391.8 89.8]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 524 0]>>endobj
+101 0 obj<</Subtype/Link/Rect[108.0 63.6 268.1 76.6]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 323 0]>>endobj
+102 0 obj[59 0 R
 60 0 R
 61 0 R
 62 0 R
@@ -174,57 +182,56 @@
 92 0 R
 93 0 R
 94 0 R
-95 0 R]endobj
-97 0 obj<</Subtype/Link/Rect[72.0 684.0 282.8 697.0]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 734 0]>>endobj
-98 0 obj<</Subtype/Link/Rect[108.0 670.8 197.8 683.8]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 241 0]>>endobj
-99 0 obj<</Subtype/Link/Rect[108.0 657.6 239.4 670.6]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 556 0]>>endobj
-100 0 obj<</Subtype/Link/Rect[108.0 644.4 253.4 657.4]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 240 0]>>endobj
-101 0 obj<</Subtype/Link/Rect[126.0 631.2 218.6 644.2]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 151 0]>>endobj
-102 0 obj<</Subtype/Link/Rect[108.0 618.0 224.7 631.0]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 692 0]>>endobj
-103 0 obj<</Subtype/Link/Rect[108.0 604.8 228.1 617.8]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 603 0]>>endobj
-104 0 obj<</Subtype/Link/Rect[108.0 591.6 152.9 604.6]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 528 0]>>endobj
-105 0 obj<</Subtype/Link/Rect[72.0 565.2 281.6 578.2]/Border[0 0 0]/Dest[1498 0 R/XYZ 0 734 0]>>endobj
-106 0 obj<</Subtype/Link/Rect[108.0 552.0 299.9 565.0]/Border[0 0 0]/Dest[1498 0 R/XYZ 0 696 0]>>endobj
-107 0 obj<</Subtype/Link/Rect[108.0 538.8 288.0 551.8]/Border[0 0 0]/Dest[1500 0 R/XYZ 0 362 0]>>endobj
-108 0 obj<</Subtype/Link/Rect[108.0 525.6 307.9 538.6]/Border[0 0 0]/Dest[1500 0 R/XYZ 0 155 0]>>endobj
-109 0 obj<</Subtype/Link/Rect[72.0 499.2 198.2 512.2]/Border[0 0 0]/Dest[1504 0 R/XYZ 0 734 0]>>endobj
-110 0 obj<</Subtype/Link/Rect[72.0 472.8 131.9 485.8]/Border[0 0 0]/Dest[1506 0 R/XYZ 0 734 0]>>endobj
-111 0 obj<</Subtype/Link/Rect[72.0 446.4 354.3 459.4]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 734 0]>>endobj
-112 0 obj<</Subtype/Link/Rect[108.0 433.2 167.0 446.2]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 672 0]>>endobj
-113 0 obj<</Subtype/Link/Rect[108.0 420.0 333.2 433.0]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 439 0]>>endobj
-114 0 obj<</Subtype/Link/Rect[126.0 406.8 200.6 419.8]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 311 0]>>endobj
-115 0 obj<</Subtype/Link/Rect[126.0 393.6 227.1 406.6]/Border[0 0 0]/Dest[1514 0 R/XYZ 0 441 0]>>endobj
-116 0 obj<</Subtype/Link/Rect[126.0 380.4 218.6 393.4]/Border[0 0 0]/Dest[1514 0 R/XYZ 0 303 0]>>endobj
-117 0 obj<</Subtype/Link/Rect[126.0 367.2 238.7 380.2]/Border[0 0 0]/Dest[1514 0 R/XYZ 0 157 0]>>endobj
-118 0 obj<</Subtype/Link/Rect[108.0 354.0 387.9 367.0]/Border[0 0 0]/Dest[1516 0 R/XYZ 0 339 0]>>endobj
-119 0 obj<</Subtype/Link/Rect[126.0 340.8 279.1 353.8]/Border[0 0 0]/Dest[1518 0 R/XYZ 0 266 0]>>endobj
-120 0 obj<</Subtype/Link/Rect[126.0 327.6 247.6 340.6]/Border[0 0 0]/Dest[1520 0 R/XYZ 0 734 0]>>endobj
-121 0 obj<</Subtype/Link/Rect[126.0 314.4 211.2 327.4]/Border[0 0 0]/Dest[1522 0 R/XYZ 0 459 0]>>endobj
-122 0 obj<</Subtype/Link/Rect[126.0 301.2 218.0 314.2]/Border[0 0 0]/Dest[1522 0 R/XYZ 0 361 0]>>endobj
-123 0 obj<</Subtype/Link/Rect[126.0 288.0 224.1 301.0]/Border[0 0 0]/Dest[1522 0 R/XYZ 0 224 0]>>endobj
-124 0 obj<</Subtype/Link/Rect[108.0 274.8 528.7 287.8]/Border[0 0 0]/Dest[1524 0 R/XYZ 0 670 0]>>endobj
-125 0 obj<</Subtype/Link/Rect[108.0 261.6 503.4 274.6]/Border[0 0 0]/Dest[1524 0 R/XYZ 0 126 0]>>endobj
-126 0 obj<</Subtype/Link/Rect[126.0 248.4 376.8 261.4]/Border[0 0 0]/Dest[1528 0 R/XYZ 0 734 0]>>endobj
-127 0 obj<</Subtype/Link/Rect[126.0 235.2 442.5 248.2]/Border[0 0 0]/Dest[1528 0 R/XYZ 0 484 0]>>endobj
-128 0 obj<</Subtype/Link/Rect[126.0 222.0 356.0 235.0]/Border[0 0 0]/Dest[1528 0 R/XYZ 0 132 0]>>endobj
-129 0 obj<</Subtype/Link/Rect[108.0 208.8 187.1 221.8]/Border[0 0 0]/Dest[1530 0 R/XYZ 0 263 0]>>endobj
-130 0 obj<</Subtype/Link/Rect[72.0 182.4 418.2 195.4]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 734 0]>>endobj
-131 0 obj<</Subtype/Link/Rect[108.0 169.2 450.2 182.2]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 672 0]>>endobj
-132 0 obj<</Subtype/Link/Rect[108.0 156.0 324.6 169.0]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 497 0]>>endobj
-133 0 obj<</Subtype/Link/Rect[108.0 142.8 236.6 155.8]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 330 0]>>endobj
-134 0 obj<</Subtype/Link/Rect[108.0 129.6 297.7 142.6]/Border[0 0 0]/Dest[1534 0 R/XYZ 0 665 0]>>endobj
-135 0 obj<</Subtype/Link/Rect[126.0 116.4 232.0 129.4]/Border[0 0 0]/Dest[1534 0 R/XYZ 0 432 0]>>endobj
-136 0 obj<</Subtype/Link/Rect[126.0 103.2 257.1 116.2]/Border[0 0 0]/Dest[1534 0 R/XYZ 0 189 0]>>endobj
-137 0 obj<</Subtype/Link/Rect[108.0 90.0 306.9 103.0]/Border[0 0 0]/Dest[1536 0 R/XYZ 0 692 0]>>endobj
-138 0 obj<</Subtype/Link/Rect[108.0 76.8 397.6 89.8]/Border[0 0 0]/Dest[1536 0 R/XYZ 0 260 0]>>endobj
-139 0 obj<</Subtype/Link/Rect[108.0 63.6 389.7 76.6]/Border[0 0 0]/Dest[1540 0 R/XYZ 0 599 0]>>endobj
-140 0 obj[97 0 R
+95 0 R
+96 0 R
+97 0 R
 98 0 R
 99 0 R
 100 0 R
-101 0 R
-102 0 R
-103 0 R
+101 0 R]endobj
+103 0 obj<</Subtype/Link/Rect[72.0 684.0 512.6 697.0]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 734 0]>>endobj
+104 0 obj<</Subtype/Link/Rect[126.0 670.8 327.6 683.8]/Border[0 0 0]/Dest[1495 0 R/XYZ 0 541 0]>>endobj
+105 0 obj<</Subtype/Link/Rect[126.0 657.6 282.4 670.6]/Border[0 0 0]/Dest[1495 0 R/XYZ 0 390 0]>>endobj
+106 0 obj<</Subtype/Link/Rect[72.0 631.2 282.8 644.2]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 734 0]>>endobj
+107 0 obj<</Subtype/Link/Rect[108.0 618.0 317.6 631.0]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 551 0]>>endobj
+108 0 obj<</Subtype/Link/Rect[108.0 604.8 319.4 617.8]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 444 0]>>endobj
+109 0 obj<</Subtype/Link/Rect[108.0 591.6 197.8 604.6]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 267 0]>>endobj
+110 0 obj<</Subtype/Link/Rect[108.0 578.4 239.4 591.4]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 580 0]>>endobj
+111 0 obj<</Subtype/Link/Rect[108.0 565.2 253.4 578.2]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 264 0]>>endobj
+112 0 obj<</Subtype/Link/Rect[126.0 552.0 218.6 565.0]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 202 0]>>endobj
+113 0 obj<</Subtype/Link/Rect[108.0 538.8 224.7 551.8]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 734 0]>>endobj
+114 0 obj<</Subtype/Link/Rect[108.0 525.6 228.1 538.6]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 645 0]>>endobj
+115 0 obj<</Subtype/Link/Rect[108.0 512.4 152.9 525.4]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 570 0]>>endobj
+116 0 obj<</Subtype/Link/Rect[72.0 486.0 329.3 499.0]/Border[0 0 0]/Dest[1503 0 R/XYZ 0 734 0]>>endobj
+117 0 obj<</Subtype/Link/Rect[108.0 472.8 299.9 485.8]/Border[0 0 0]/Dest[1503 0 R/XYZ 0 672 0]>>endobj
+118 0 obj<</Subtype/Link/Rect[108.0 459.6 288.0 472.6]/Border[0 0 0]/Dest[1505 0 R/XYZ 0 494 0]>>endobj
+119 0 obj<</Subtype/Link/Rect[108.0 446.4 307.9 459.4]/Border[0 0 0]/Dest[1505 0 R/XYZ 0 405 0]>>endobj
+120 0 obj<</Subtype/Link/Rect[72.0 420.0 198.2 433.0]/Border[0 0 0]/Dest[1509 0 R/XYZ 0 734 0]>>endobj
+121 0 obj<</Subtype/Link/Rect[72.0 393.6 131.9 406.6]/Border[0 0 0]/Dest[1511 0 R/XYZ 0 734 0]>>endobj
+122 0 obj<</Subtype/Link/Rect[72.0 367.2 348.8 380.2]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 734 0]>>endobj
+123 0 obj<</Subtype/Link/Rect[108.0 354.0 161.5 367.0]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 672 0]>>endobj
+124 0 obj<</Subtype/Link/Rect[108.0 340.8 327.7 353.8]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 439 0]>>endobj
+125 0 obj<</Subtype/Link/Rect[126.0 327.6 195.1 340.6]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 311 0]>>endobj
+126 0 obj<</Subtype/Link/Rect[126.0 314.4 221.6 327.4]/Border[0 0 0]/Dest[1519 0 R/XYZ 0 441 0]>>endobj
+127 0 obj<</Subtype/Link/Rect[126.0 301.2 213.1 314.2]/Border[0 0 0]/Dest[1519 0 R/XYZ 0 303 0]>>endobj
+128 0 obj<</Subtype/Link/Rect[126.0 288.0 233.2 301.0]/Border[0 0 0]/Dest[1519 0 R/XYZ 0 157 0]>>endobj
+129 0 obj<</Subtype/Link/Rect[108.0 274.8 382.4 287.8]/Border[0 0 0]/Dest[1521 0 R/XYZ 0 339 0]>>endobj
+130 0 obj<</Subtype/Link/Rect[126.0 261.6 273.6 274.6]/Border[0 0 0]/Dest[1523 0 R/XYZ 0 266 0]>>endobj
+131 0 obj<</Subtype/Link/Rect[126.0 248.4 242.1 261.4]/Border[0 0 0]/Dest[1525 0 R/XYZ 0 734 0]>>endobj
+132 0 obj<</Subtype/Link/Rect[126.0 235.2 205.8 248.2]/Border[0 0 0]/Dest[1527 0 R/XYZ 0 459 0]>>endobj
+133 0 obj<</Subtype/Link/Rect[126.0 222.0 212.5 235.0]/Border[0 0 0]/Dest[1527 0 R/XYZ 0 361 0]>>endobj
+134 0 obj<</Subtype/Link/Rect[126.0 208.8 218.6 221.8]/Border[0 0 0]/Dest[1527 0 R/XYZ 0 224 0]>>endobj
+135 0 obj<</Subtype/Link/Rect[108.0 195.6 523.2 208.6]/Border[0 0 0]/Dest[1529 0 R/XYZ 0 670 0]>>endobj
+136 0 obj<</Subtype/Link/Rect[108.0 182.4 497.9 195.4]/Border[0 0 0]/Dest[1529 0 R/XYZ 0 126 0]>>endobj
+137 0 obj<</Subtype/Link/Rect[126.0 169.2 371.3 182.2]/Border[0 0 0]/Dest[1533 0 R/XYZ 0 734 0]>>endobj
+138 0 obj<</Subtype/Link/Rect[126.0 156.0 437.0 169.0]/Border[0 0 0]/Dest[1533 0 R/XYZ 0 484 0]>>endobj
+139 0 obj<</Subtype/Link/Rect[126.0 142.8 350.5 155.8]/Border[0 0 0]/Dest[1533 0 R/XYZ 0 132 0]>>endobj
+140 0 obj<</Subtype/Link/Rect[108.0 129.6 181.6 142.6]/Border[0 0 0]/Dest[1535 0 R/XYZ 0 263 0]>>endobj
+141 0 obj<</Subtype/Link/Rect[72.0 103.2 418.2 116.2]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 734 0]>>endobj
+142 0 obj<</Subtype/Link/Rect[108.0 90.0 450.2 103.0]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 672 0]>>endobj
+143 0 obj<</Subtype/Link/Rect[108.0 76.8 324.6 89.8]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 537 0]>>endobj
+144 0 obj<</Subtype/Link/Rect[108.0 63.6 236.6 76.6]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 369 0]>>endobj
+145 0 obj[103 0 R
 104 0 R
 105 0 R
 106 0 R
@@ -260,57 +267,57 @@
 136 0 R
 137 0 R
 138 0 R
-139 0 R]endobj
-141 0 obj<</Subtype/Link/Rect[72.0 684.0 466.2 697.0]/Border[0 0 0]/Dest[1542 0 R/XYZ 0 734 0]>>endobj
-142 0 obj<</Subtype/Link/Rect[108.0 670.8 207.9 683.8]/Border[0 0 0]/Dest[1542 0 R/XYZ 0 672 0]>>endobj
-143 0 obj<</Subtype/Link/Rect[108.0 657.6 250.4 670.6]/Border[0 0 0]/Dest[1544 0 R/XYZ 0 148 0]>>endobj
-144 0 obj<</Subtype/Link/Rect[108.0 644.4 275.8 657.4]/Border[0 0 0]/Dest[1546 0 R/XYZ 0 705 0]>>endobj
-145 0 obj<</Subtype/Link/Rect[72.0 618.0 407.8 631.0]/Border[0 0 0]/Dest[1548 0 R/XYZ 0 734 0]>>endobj
-146 0 obj<</Subtype/Link/Rect[108.0 604.8 184.7 617.8]/Border[0 0 0]/Dest[1548 0 R/XYZ 0 672 0]>>endobj
-147 0 obj<</Subtype/Link/Rect[126.0 591.6 184.7 604.6]/Border[0 0 0]/Dest[1550 0 R/XYZ 0 652 0]>>endobj
-148 0 obj<</Subtype/Link/Rect[72.0 565.2 210.7 578.2]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 734 0]>>endobj
-149 0 obj<</Subtype/Link/Rect[108.0 552.0 187.1 565.0]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 696 0]>>endobj
-150 0 obj<</Subtype/Link/Rect[108.0 538.8 194.5 551.8]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 317 0]>>endobj
-151 0 obj<</Subtype/Link/Rect[126.0 525.6 233.2 538.6]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 131 0]>>endobj
-152 0 obj<</Subtype/Link/Rect[126.0 512.4 317.9 525.4]/Border[0 0 0]/Dest[1556 0 R/XYZ 0 583 0]>>endobj
-153 0 obj<</Subtype/Link/Rect[126.0 499.2 310.8 512.2]/Border[0 0 0]/Dest[1556 0 R/XYZ 0 169 0]>>endobj
-154 0 obj<</Subtype/Link/Rect[126.0 486.0 374.4 499.0]/Border[0 0 0]/Dest[1558 0 R/XYZ 0 470 0]>>endobj
-155 0 obj<</Subtype/Link/Rect[126.0 472.8 265.6 485.8]/Border[0 0 0]/Dest[1560 0 R/XYZ 0 297 0]>>endobj
-156 0 obj<</Subtype/Link/Rect[108.0 459.6 225.6 472.6]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 734 0]>>endobj
-157 0 obj<</Subtype/Link/Rect[126.0 446.4 237.8 459.4]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 632 0]>>endobj
-158 0 obj<</Subtype/Link/Rect[126.0 433.2 304.7 446.2]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 507 0]>>endobj
-159 0 obj<</Subtype/Link/Rect[126.0 420.0 245.8 433.0]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 423 0]>>endobj
-160 0 obj<</Subtype/Link/Rect[126.0 406.8 258.0 419.8]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 325 0]>>endobj
-161 0 obj<</Subtype/Link/Rect[108.0 393.6 176.8 406.6]/Border[0 0 0]/Dest[1564 0 R/XYZ 0 440 0]>>endobj
-162 0 obj<</Subtype/Link/Rect[126.0 380.4 213.4 393.4]/Border[0 0 0]/Dest[1564 0 R/XYZ 0 406 0]>>endobj
-163 0 obj<</Subtype/Link/Rect[126.0 367.2 283.7 380.2]/Border[0 0 0]/Dest[1566 0 R/XYZ 0 479 0]>>endobj
-164 0 obj<</Subtype/Link/Rect[126.0 354.0 267.7 367.0]/Border[0 0 0]/Dest[1568 0 R/XYZ 0 692 0]>>endobj
-165 0 obj<</Subtype/Link/Rect[126.0 340.8 318.8 353.8]/Border[0 0 0]/Dest[1568 0 R/XYZ 0 511 0]>>endobj
-166 0 obj<</Subtype/Link/Rect[126.0 327.6 242.1 340.6]/Border[0 0 0]/Dest[1570 0 R/XYZ 0 734 0]>>endobj
-167 0 obj<</Subtype/Link/Rect[126.0 314.4 262.9 327.4]/Border[0 0 0]/Dest[1570 0 R/XYZ 0 394 0]>>endobj
-168 0 obj<</Subtype/Link/Rect[126.0 301.2 261.1 314.2]/Border[0 0 0]/Dest[1572 0 R/XYZ 0 718 0]>>endobj
-169 0 obj<</Subtype/Link/Rect[126.0 288.0 241.8 301.0]/Border[0 0 0]/Dest[1572 0 R/XYZ 0 633 0]>>endobj
-170 0 obj<</Subtype/Link/Rect[126.0 274.8 228.4 287.8]/Border[0 0 0]/Dest[1572 0 R/XYZ 0 535 0]>>endobj
-171 0 obj<</Subtype/Link/Rect[72.0 248.4 197.9 261.4]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 734 0]>>endobj
-172 0 obj<</Subtype/Link/Rect[108.0 235.2 187.1 248.2]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 696 0]>>endobj
-173 0 obj<</Subtype/Link/Rect[108.0 222.0 329.2 235.0]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 467 0]>>endobj
-174 0 obj<</Subtype/Link/Rect[72.0 195.6 431.7 208.6]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 734 0]>>endobj
-175 0 obj<</Subtype/Link/Rect[108.0 182.4 170.0 195.4]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 672 0]>>endobj
-176 0 obj<</Subtype/Link/Rect[108.0 169.2 187.1 182.2]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 544 0]>>endobj
-177 0 obj<</Subtype/Link/Rect[108.0 156.0 239.1 169.0]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 231 0]>>endobj
-178 0 obj<</Subtype/Link/Rect[126.0 142.8 211.8 155.8]/Border[0 0 0]/Dest[1580 0 R/XYZ 0 560 0]>>endobj
-179 0 obj<</Subtype/Link/Rect[108.0 129.6 227.5 142.6]/Border[0 0 0]/Dest[1580 0 R/XYZ 0 409 0]>>endobj
-180 0 obj<</Subtype/Link/Rect[126.0 116.4 312.1 129.4]/Border[0 0 0]/Dest[1580 0 R/XYZ 0 294 0]>>endobj
-181 0 obj<</Subtype/Link/Rect[126.0 103.2 254.3 116.2]/Border[0 0 0]/Dest[1582 0 R/XYZ 0 734 0]>>endobj
-182 0 obj<</Subtype/Link/Rect[126.0 90.0 312.4 103.0]/Border[0 0 0]/Dest[1582 0 R/XYZ 0 292 0]>>endobj
-183 0 obj<</Subtype/Link/Rect[126.0 76.8 292.8 89.8]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 665 0]>>endobj
-184 0 obj<</Subtype/Link/Rect[126.0 63.6 226.5 76.6]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 488 0]>>endobj
-185 0 obj[141 0 R
+139 0 R
+140 0 R
+141 0 R
 142 0 R
 143 0 R
-144 0 R
-145 0 R
-146 0 R
+144 0 R]endobj
+146 0 obj<</Subtype/Link/Rect[72.0 684.0 418.2 697.0]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 734 0]>>endobj
+147 0 obj<</Subtype/Link/Rect[108.0 670.8 297.7 683.8]/Border[0 0 0]/Dest[1539 0 R/XYZ 0 705 0]>>endobj
+148 0 obj<</Subtype/Link/Rect[126.0 657.6 232.0 670.6]/Border[0 0 0]/Dest[1539 0 R/XYZ 0 471 0]>>endobj
+149 0 obj<</Subtype/Link/Rect[126.0 644.4 257.1 657.4]/Border[0 0 0]/Dest[1539 0 R/XYZ 0 228 0]>>endobj
+150 0 obj<</Subtype/Link/Rect[108.0 631.2 306.9 644.2]/Border[0 0 0]/Dest[1541 0 R/XYZ 0 718 0]>>endobj
+151 0 obj<</Subtype/Link/Rect[108.0 618.0 397.6 631.0]/Border[0 0 0]/Dest[1541 0 R/XYZ 0 287 0]>>endobj
+152 0 obj<</Subtype/Link/Rect[108.0 604.8 389.7 617.8]/Border[0 0 0]/Dest[1545 0 R/XYZ 0 652 0]>>endobj
+153 0 obj<</Subtype/Link/Rect[72.0 578.4 466.2 591.4]/Border[0 0 0]/Dest[1547 0 R/XYZ 0 734 0]>>endobj
+154 0 obj<</Subtype/Link/Rect[108.0 565.2 207.9 578.2]/Border[0 0 0]/Dest[1547 0 R/XYZ 0 672 0]>>endobj
+155 0 obj<</Subtype/Link/Rect[108.0 552.0 250.4 565.0]/Border[0 0 0]/Dest[1549 0 R/XYZ 0 148 0]>>endobj
+156 0 obj<</Subtype/Link/Rect[108.0 538.8 275.8 551.8]/Border[0 0 0]/Dest[1551 0 R/XYZ 0 705 0]>>endobj
+157 0 obj<</Subtype/Link/Rect[72.0 512.4 407.8 525.4]/Border[0 0 0]/Dest[1553 0 R/XYZ 0 734 0]>>endobj
+158 0 obj<</Subtype/Link/Rect[108.0 499.2 184.7 512.2]/Border[0 0 0]/Dest[1553 0 R/XYZ 0 672 0]>>endobj
+159 0 obj<</Subtype/Link/Rect[126.0 486.0 184.7 499.0]/Border[0 0 0]/Dest[1555 0 R/XYZ 0 652 0]>>endobj
+160 0 obj<</Subtype/Link/Rect[72.0 459.6 210.7 472.6]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 734 0]>>endobj
+161 0 obj<</Subtype/Link/Rect[108.0 446.4 187.1 459.4]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 696 0]>>endobj
+162 0 obj<</Subtype/Link/Rect[108.0 433.2 194.5 446.2]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 317 0]>>endobj
+163 0 obj<</Subtype/Link/Rect[126.0 420.0 233.2 433.0]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 127 0]>>endobj
+164 0 obj<</Subtype/Link/Rect[126.0 406.8 317.9 419.8]/Border[0 0 0]/Dest[1561 0 R/XYZ 0 531 0]>>endobj
+165 0 obj<</Subtype/Link/Rect[126.0 393.6 310.8 406.6]/Border[0 0 0]/Dest[1563 0 R/XYZ 0 734 0]>>endobj
+166 0 obj<</Subtype/Link/Rect[126.0 380.4 374.4 393.4]/Border[0 0 0]/Dest[1563 0 R/XYZ 0 363 0]>>endobj
+167 0 obj<</Subtype/Link/Rect[126.0 367.2 265.6 380.2]/Border[0 0 0]/Dest[1565 0 R/XYZ 0 184 0]>>endobj
+168 0 obj<</Subtype/Link/Rect[108.0 354.0 225.6 367.0]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 692 0]>>endobj
+169 0 obj<</Subtype/Link/Rect[126.0 340.8 237.8 353.8]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 590 0]>>endobj
+170 0 obj<</Subtype/Link/Rect[126.0 327.6 304.7 340.6]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 466 0]>>endobj
+171 0 obj<</Subtype/Link/Rect[126.0 314.4 245.8 327.4]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 381 0]>>endobj
+172 0 obj<</Subtype/Link/Rect[126.0 301.2 258.0 314.2]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 283 0]>>endobj
+173 0 obj<</Subtype/Link/Rect[108.0 288.0 176.8 301.0]/Border[0 0 0]/Dest[1569 0 R/XYZ 0 397 0]>>endobj
+174 0 obj<</Subtype/Link/Rect[126.0 274.8 213.4 287.8]/Border[0 0 0]/Dest[1569 0 R/XYZ 0 363 0]>>endobj
+175 0 obj<</Subtype/Link/Rect[126.0 261.6 283.7 274.6]/Border[0 0 0]/Dest[1571 0 R/XYZ 0 429 0]>>endobj
+176 0 obj<</Subtype/Link/Rect[126.0 248.4 267.7 261.4]/Border[0 0 0]/Dest[1573 0 R/XYZ 0 665 0]>>endobj
+177 0 obj<</Subtype/Link/Rect[126.0 235.2 318.8 248.2]/Border[0 0 0]/Dest[1573 0 R/XYZ 0 485 0]>>endobj
+178 0 obj<</Subtype/Link/Rect[126.0 222.0 242.1 235.0]/Border[0 0 0]/Dest[1575 0 R/XYZ 0 734 0]>>endobj
+179 0 obj<</Subtype/Link/Rect[126.0 208.8 262.9 221.8]/Border[0 0 0]/Dest[1575 0 R/XYZ 0 394 0]>>endobj
+180 0 obj<</Subtype/Link/Rect[126.0 195.6 261.1 208.6]/Border[0 0 0]/Dest[1577 0 R/XYZ 0 718 0]>>endobj
+181 0 obj<</Subtype/Link/Rect[126.0 182.4 241.8 195.4]/Border[0 0 0]/Dest[1577 0 R/XYZ 0 633 0]>>endobj
+182 0 obj<</Subtype/Link/Rect[126.0 169.2 228.4 182.2]/Border[0 0 0]/Dest[1577 0 R/XYZ 0 535 0]>>endobj
+183 0 obj<</Subtype/Link/Rect[72.0 142.8 431.7 155.8]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 734 0]>>endobj
+184 0 obj<</Subtype/Link/Rect[108.0 129.6 170.0 142.6]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 672 0]>>endobj
+185 0 obj<</Subtype/Link/Rect[108.0 116.4 187.1 129.4]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 544 0]>>endobj
+186 0 obj<</Subtype/Link/Rect[108.0 103.2 239.1 116.2]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 231 0]>>endobj
+187 0 obj<</Subtype/Link/Rect[126.0 90.0 211.8 103.0]/Border[0 0 0]/Dest[1581 0 R/XYZ 0 560 0]>>endobj
+188 0 obj<</Subtype/Link/Rect[108.0 76.8 227.5 89.8]/Border[0 0 0]/Dest[1581 0 R/XYZ 0 409 0]>>endobj
+189 0 obj<</Subtype/Link/Rect[126.0 63.6 312.1 76.6]/Border[0 0 0]/Dest[1581 0 R/XYZ 0 294 0]>>endobj
+190 0 obj[146 0 R
 147 0 R
 148 0 R
 149 0 R
@@ -348,55 +355,56 @@
 181 0 R
 182 0 R
 183 0 R
-184 0 R]endobj
-186 0 obj<</Subtype/Link/Rect[72.0 684.0 431.7 697.0]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 734 0]>>endobj
-187 0 obj<</Subtype/Link/Rect[108.0 670.8 265.4 683.8]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 351 0]>>endobj
-188 0 obj<</Subtype/Link/Rect[126.0 657.6 213.4 670.6]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 209 0]>>endobj
-189 0 obj<</Subtype/Link/Rect[126.0 644.4 220.1 657.4]/Border[0 0 0]/Dest[1586 0 R/XYZ 0 599 0]>>endobj
-190 0 obj<</Subtype/Link/Rect[126.0 631.2 244.6 644.2]/Border[0 0 0]/Dest[1586 0 R/XYZ 0 330 0]>>endobj
-191 0 obj<</Subtype/Link/Rect[108.0 618.0 183.5 631.0]/Border[0 0 0]/Dest[1600 0 R/XYZ 0 296 0]>>endobj
-192 0 obj<</Subtype/Link/Rect[108.0 604.8 182.9 617.8]/Border[0 0 0]/Dest[1602 0 R/XYZ 0 734 0]>>endobj
-193 0 obj<</Subtype/Link/Rect[72.0 578.4 236.7 591.4]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 734 0]>>endobj
-194 0 obj<</Subtype/Link/Rect[108.0 565.2 171.3 578.2]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 696 0]>>endobj
-195 0 obj<</Subtype/Link/Rect[108.0 552.0 186.5 565.0]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 595 0]>>endobj
-196 0 obj<</Subtype/Link/Rect[108.0 538.8 351.2 551.8]/Border[0 0 0]/Dest[1606 0 R/XYZ 0 568 0]>>endobj
-197 0 obj<</Subtype/Link/Rect[108.0 525.6 309.7 538.6]/Border[0 0 0]/Dest[1606 0 R/XYZ 0 414 0]>>endobj
-198 0 obj<</Subtype/Link/Rect[72.0 499.2 224.5 512.2]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 734 0]>>endobj
-199 0 obj<</Subtype/Link/Rect[108.0 486.0 171.3 499.0]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 696 0]>>endobj
-200 0 obj<</Subtype/Link/Rect[108.0 472.8 160.2 485.8]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 608 0]>>endobj
-201 0 obj<</Subtype/Link/Rect[72.0 446.4 484.2 459.4]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 734 0]>>endobj
-202 0 obj<</Subtype/Link/Rect[108.0 433.2 168.2 446.2]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 672 0]>>endobj
-203 0 obj<</Subtype/Link/Rect[108.0 420.0 187.1 433.0]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 412 0]>>endobj
-204 0 obj<</Subtype/Link/Rect[108.0 406.8 245.2 419.8]/Border[0 0 0]/Dest[1612 0 R/XYZ 0 573 0]>>endobj
-205 0 obj<</Subtype/Link/Rect[108.0 393.6 384.2 406.6]/Border[0 0 0]/Dest[1612 0 R/XYZ 0 471 0]>>endobj
-206 0 obj<</Subtype/Link/Rect[108.0 380.4 273.0 393.4]/Border[0 0 0]/Dest[1614 0 R/XYZ 0 734 0]>>endobj
-207 0 obj<</Subtype/Link/Rect[126.0 367.2 273.6 380.2]/Border[0 0 0]/Dest[1614 0 R/XYZ 0 700 0]>>endobj
-208 0 obj<</Subtype/Link/Rect[126.0 354.0 245.5 367.0]/Border[0 0 0]/Dest[1614 0 R/XYZ 0 143 0]>>endobj
-209 0 obj<</Subtype/Link/Rect[108.0 340.8 287.0 353.8]/Border[0 0 0]/Dest[1616 0 R/XYZ 0 243 0]>>endobj
-210 0 obj<</Subtype/Link/Rect[108.0 327.6 256.2 340.6]/Border[0 0 0]/Dest[1618 0 R/XYZ 0 718 0]>>endobj
-211 0 obj<</Subtype/Link/Rect[108.0 314.4 330.7 327.4]/Border[0 0 0]/Dest[1618 0 R/XYZ 0 336 0]>>endobj
-212 0 obj<</Subtype/Link/Rect[108.0 301.2 324.3 314.2]/Border[0 0 0]/Dest[1620 0 R/XYZ 0 322 0]>>endobj
-213 0 obj<</Subtype/Link/Rect[108.0 288.0 185.9 301.0]/Border[0 0 0]/Dest[1622 0 R/XYZ 0 492 0]>>endobj
-214 0 obj<</Subtype/Link/Rect[72.0 261.6 342.4 274.6]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 734 0]>>endobj
-215 0 obj<</Subtype/Link/Rect[108.0 248.4 187.1 261.4]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 672 0]>>endobj
-216 0 obj<</Subtype/Link/Rect[108.0 235.2 247.6 248.2]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 557 0]>>endobj
-217 0 obj<</Subtype/Link/Rect[126.0 222.0 248.8 235.0]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 469 0]>>endobj
-218 0 obj<</Subtype/Link/Rect[126.0 208.8 223.8 221.8]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 358 0]>>endobj
-219 0 obj<</Subtype/Link/Rect[72.0 182.4 252.6 195.4]/Border[0 0 0]/Dest[1628 0 R/XYZ 0 734 0]>>endobj
-220 0 obj<</Subtype/Link/Rect[72.0 156.0 255.6 169.0]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 734 0]>>endobj
-221 0 obj<</Subtype/Link/Rect[108.0 142.8 190.8 155.8]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 696 0]>>endobj
-222 0 obj<</Subtype/Link/Rect[108.0 129.6 169.4 142.6]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 449 0]>>endobj
-223 0 obj<</Subtype/Link/Rect[126.0 116.4 202.4 129.4]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 416 0]>>endobj
-224 0 obj<</Subtype/Link/Rect[126.0 103.2 229.0 116.2]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 146 0]>>endobj
-225 0 obj<</Subtype/Link/Rect[126.0 90.0 328.3 103.0]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 652 0]>>endobj
-226 0 obj<</Subtype/Link/Rect[108.0 76.8 197.8 89.8]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 515 0]>>endobj
-227 0 obj<</Subtype/Link/Rect[108.0 63.6 175.2 76.6]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 255 0]>>endobj
-228 0 obj[186 0 R
+184 0 R
+185 0 R
+186 0 R
 187 0 R
 188 0 R
-189 0 R
-190 0 R
-191 0 R
+189 0 R]endobj
+191 0 obj<</Subtype/Link/Rect[72.0 684.0 431.7 697.0]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 734 0]>>endobj
+192 0 obj<</Subtype/Link/Rect[126.0 670.8 319.4 683.8]/Border[0 0 0]/Dest[1583 0 R/XYZ 0 734 0]>>endobj
+193 0 obj<</Subtype/Link/Rect[126.0 657.6 254.3 670.6]/Border[0 0 0]/Dest[1583 0 R/XYZ 0 635 0]>>endobj
+194 0 obj<</Subtype/Link/Rect[126.0 644.4 312.4 657.4]/Border[0 0 0]/Dest[1583 0 R/XYZ 0 194 0]>>endobj
+195 0 obj<</Subtype/Link/Rect[126.0 631.2 292.8 644.2]/Border[0 0 0]/Dest[1585 0 R/XYZ 0 560 0]>>endobj
+196 0 obj<</Subtype/Link/Rect[126.0 618.0 226.5 631.0]/Border[0 0 0]/Dest[1585 0 R/XYZ 0 383 0]>>endobj
+197 0 obj<</Subtype/Link/Rect[108.0 604.8 265.4 617.8]/Border[0 0 0]/Dest[1585 0 R/XYZ 0 245 0]>>endobj
+198 0 obj<</Subtype/Link/Rect[126.0 591.6 213.4 604.6]/Border[0 0 0]/Dest[1587 0 R/XYZ 0 734 0]>>endobj
+199 0 obj<</Subtype/Link/Rect[126.0 578.4 220.1 591.4]/Border[0 0 0]/Dest[1587 0 R/XYZ 0 451 0]>>endobj
+200 0 obj<</Subtype/Link/Rect[126.0 565.2 244.6 578.2]/Border[0 0 0]/Dest[1587 0 R/XYZ 0 181 0]>>endobj
+201 0 obj<</Subtype/Link/Rect[108.0 552.0 183.5 565.0]/Border[0 0 0]/Dest[1603 0 R/XYZ 0 734 0]>>endobj
+202 0 obj<</Subtype/Link/Rect[108.0 538.8 182.9 551.8]/Border[0 0 0]/Dest[1603 0 R/XYZ 0 513 0]>>endobj
+203 0 obj<</Subtype/Link/Rect[72.0 512.4 268.2 525.4]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 734 0]>>endobj
+204 0 obj<</Subtype/Link/Rect[108.0 499.2 231.7 512.2]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 696 0]>>endobj
+205 0 obj<</Subtype/Link/Rect[108.0 486.0 253.4 499.0]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 515 0]>>endobj
+206 0 obj<</Subtype/Link/Rect[108.0 472.8 216.8 485.8]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 137 0]>>endobj
+207 0 obj<</Subtype/Link/Rect[108.0 459.6 241.5 472.6]/Border[0 0 0]/Dest[1607 0 R/XYZ 0 533 0]>>endobj
+208 0 obj<</Subtype/Link/Rect[126.0 446.4 336.8 459.4]/Border[0 0 0]/Dest[1607 0 R/XYZ 0 273 0]>>endobj
+209 0 obj<</Subtype/Link/Rect[108.0 433.2 245.8 446.2]/Border[0 0 0]/Dest[1613 0 R/XYZ 0 560 0]>>endobj
+210 0 obj<</Subtype/Link/Rect[108.0 420.0 315.8 433.0]/Border[0 0 0]/Dest[1615 0 R/XYZ 0 613 0]>>endobj
+211 0 obj<</Subtype/Link/Rect[108.0 406.8 290.1 419.8]/Border[0 0 0]/Dest[1617 0 R/XYZ 0 622 0]>>endobj
+212 0 obj<</Subtype/Link/Rect[108.0 393.6 270.5 406.6]/Border[0 0 0]/Dest[1617 0 R/XYZ 0 266 0]>>endobj
+213 0 obj<</Subtype/Link/Rect[108.0 380.4 281.8 393.4]/Border[0 0 0]/Dest[1619 0 R/XYZ 0 520 0]>>endobj
+214 0 obj<</Subtype/Link/Rect[108.0 367.2 276.6 380.2]/Border[0 0 0]/Dest[1621 0 R/XYZ 0 734 0]>>endobj
+215 0 obj<</Subtype/Link/Rect[108.0 354.0 221.7 367.0]/Border[0 0 0]/Dest[1621 0 R/XYZ 0 645 0]>>endobj
+216 0 obj<</Subtype/Link/Rect[72.0 327.6 241.6 340.6]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 734 0]>>endobj
+217 0 obj<</Subtype/Link/Rect[108.0 314.4 267.8 327.4]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 696 0]>>endobj
+218 0 obj<</Subtype/Link/Rect[108.0 301.2 211.3 314.2]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 385 0]>>endobj
+219 0 obj<</Subtype/Link/Rect[126.0 288.0 181.0 301.0]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 351 0]>>endobj
+220 0 obj<</Subtype/Link/Rect[126.0 274.8 190.8 287.8]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 215 0]>>endobj
+221 0 obj<</Subtype/Link/Rect[126.0 261.6 193.8 274.6]/Border[0 0 0]/Dest[1625 0 R/XYZ 0 560 0]>>endobj
+222 0 obj<</Subtype/Link/Rect[108.0 248.4 282.1 261.4]/Border[0 0 0]/Dest[1625 0 R/XYZ 0 430 0]>>endobj
+223 0 obj<</Subtype/Link/Rect[126.0 235.2 211.5 248.2]/Border[0 0 0]/Dest[1625 0 R/XYZ 0 315 0]>>endobj
+224 0 obj<</Subtype/Link/Rect[126.0 222.0 184.0 235.0]/Border[0 0 0]/Dest[1627 0 R/XYZ 0 734 0]>>endobj
+225 0 obj<</Subtype/Link/Rect[72.0 195.6 295.6 208.6]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 734 0]>>endobj
+226 0 obj<</Subtype/Link/Rect[108.0 182.4 187.1 195.4]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 696 0]>>endobj
+227 0 obj<</Subtype/Link/Rect[108.0 169.2 247.6 182.2]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 581 0]>>endobj
+228 0 obj<</Subtype/Link/Rect[126.0 156.0 248.8 169.0]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 493 0]>>endobj
+229 0 obj<</Subtype/Link/Rect[126.0 142.8 223.8 155.8]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 382 0]>>endobj
+230 0 obj<</Subtype/Link/Rect[72.0 116.4 252.6 129.4]/Border[0 0 0]/Dest[1633 0 R/XYZ 0 734 0]>>endobj
+231 0 obj<</Subtype/Link/Rect[72.0 90.0 255.6 103.0]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 734 0]>>endobj
+232 0 obj<</Subtype/Link/Rect[108.0 76.8 190.8 89.8]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 696 0]>>endobj
+233 0 obj<</Subtype/Link/Rect[108.0 63.6 197.8 76.6]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 449 0]>>endobj
+234 0 obj[191 0 R
 192 0 R
 193 0 R
 194 0 R
@@ -432,55 +440,57 @@
 224 0 R
 225 0 R
 226 0 R
-227 0 R]endobj
-229 0 obj<</Subtype/Link/Rect[72.0 684.0 255.6 697.0]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 734 0]>>endobj
-230 0 obj<</Subtype/Link/Rect[108.0 670.8 175.8 683.8]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 718 0]>>endobj
-231 0 obj<</Subtype/Link/Rect[108.0 657.6 169.4 670.6]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 537 0]>>endobj
-232 0 obj<</Subtype/Link/Rect[108.0 644.4 189.3 657.4]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 409 0]>>endobj
-233 0 obj<</Subtype/Link/Rect[108.0 631.2 174.6 644.2]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 189 0]>>endobj
-234 0 obj<</Subtype/Link/Rect[108.0 618.0 180.1 631.0]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 734 0]>>endobj
-235 0 obj<</Subtype/Link/Rect[108.0 604.8 180.1 617.8]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 645 0]>>endobj
-236 0 obj<</Subtype/Link/Rect[108.0 591.6 182.5 604.6]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 477 0]>>endobj
-237 0 obj<</Subtype/Link/Rect[108.0 578.4 208.2 591.4]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 349 0]>>endobj
-238 0 obj<</Subtype/Link/Rect[108.0 565.2 217.4 578.2]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 129 0]>>endobj
-239 0 obj<</Subtype/Link/Rect[108.0 552.0 194.8 565.0]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 639 0]>>endobj
-240 0 obj<</Subtype/Link/Rect[108.0 538.8 194.2 551.8]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 511 0]>>endobj
-241 0 obj<</Subtype/Link/Rect[108.0 525.6 196.0 538.6]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 436 0]>>endobj
-242 0 obj<</Subtype/Link/Rect[108.0 512.4 188.7 525.4]/Border[0 0 0]/Dest[1640 0 R/XYZ 0 388 0]>>endobj
-243 0 obj<</Subtype/Link/Rect[72.0 486.0 144.7 499.0]/Border[0 0 0]/Dest[1642 0 R/XYZ 0 734 0]>>endobj
-244 0 obj<</Subtype/Link/Rect[72.0 459.6 181.1 472.6]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 734 0]>>endobj
-245 0 obj<</Subtype/Link/Rect[108.0 446.4 162.7 459.4]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 655 0]>>endobj
-246 0 obj<</Subtype/Link/Rect[108.0 433.2 178.9 446.2]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 408 0]>>endobj
-247 0 obj<</Subtype/Link/Rect[108.0 420.0 160.2 433.0]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 293 0]>>endobj
-248 0 obj<</Subtype/Link/Rect[108.0 406.8 260.5 419.8]/Border[0 0 0]/Dest[1646 0 R/XYZ 0 228 0]>>endobj
-249 0 obj<</Subtype/Link/Rect[72.0 380.4 271.5 393.4]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 734 0]>>endobj
-250 0 obj<</Subtype/Link/Rect[108.0 367.2 215.5 380.2]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 668 0]>>endobj
-251 0 obj<</Subtype/Link/Rect[108.0 354.0 182.0 367.0]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 461 0]>>endobj
-252 0 obj<</Subtype/Link/Rect[126.0 340.8 514.3 353.8]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 427 0]>>endobj
-253 0 obj<</Subtype/Link/Rect[126.0 327.6 519.5 340.6]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 734 0]>>endobj
-254 0 obj<</Subtype/Link/Rect[126.0 314.4 470.9 327.4]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 523 0]>>endobj
-255 0 obj<</Subtype/Link/Rect[126.0 301.2 440.7 314.2]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 408 0]>>endobj
-256 0 obj<</Subtype/Link/Rect[108.0 288.0 248.2 301.0]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 151 0]>>endobj
-257 0 obj<</Subtype/Link/Rect[126.0 274.8 333.5 287.8]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 118 0]>>endobj
-258 0 obj<</Subtype/Link/Rect[126.0 261.6 332.5 274.6]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 626 0]>>endobj
-259 0 obj<</Subtype/Link/Rect[126.0 248.4 316.3 261.4]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 475 0]>>endobj
-260 0 obj<</Subtype/Link/Rect[126.0 235.2 282.1 248.2]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 377 0]>>endobj
-261 0 obj<</Subtype/Link/Rect[108.0 222.0 206.7 235.0]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 292 0]>>endobj
-262 0 obj<</Subtype/Link/Rect[108.0 208.8 267.8 221.8]/Border[0 0 0]/Dest[1654 0 R/XYZ 0 718 0]>>endobj
-263 0 obj<</Subtype/Link/Rect[72.0 182.4 204.0 195.4]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 734 0]>>endobj
-264 0 obj<</Subtype/Link/Rect[108.0 169.2 187.1 182.2]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 696 0]>>endobj
-265 0 obj<</Subtype/Link/Rect[108.0 156.0 188.0 169.0]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 423 0]>>endobj
-266 0 obj<</Subtype/Link/Rect[108.0 142.8 190.5 155.8]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 282 0]>>endobj
-267 0 obj<</Subtype/Link/Rect[108.0 129.6 195.4 142.6]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 613 0]>>endobj
-268 0 obj<</Subtype/Link/Rect[108.0 116.4 267.8 129.4]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 260 0]>>endobj
-269 0 obj<</Subtype/Link/Rect[108.0 103.2 166.4 116.2]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 159 0]>>endobj
-270 0 obj[229 0 R
+227 0 R
+228 0 R
+229 0 R
 230 0 R
 231 0 R
 232 0 R
-233 0 R
-234 0 R
-235 0 R
+233 0 R]endobj
+235 0 obj<</Subtype/Link/Rect[72.0 684.0 255.6 697.0]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 734 0]>>endobj
+236 0 obj<</Subtype/Link/Rect[108.0 670.8 175.2 683.8]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 189 0]>>endobj
+237 0 obj<</Subtype/Link/Rect[108.0 657.6 175.8 670.6]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 639 0]>>endobj
+238 0 obj<</Subtype/Link/Rect[108.0 644.4 174.6 657.4]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 458 0]>>endobj
+239 0 obj<</Subtype/Link/Rect[108.0 631.2 174.6 644.2]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 383 0]>>endobj
+240 0 obj<</Subtype/Link/Rect[108.0 618.0 177.0 631.0]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 215 0]>>endobj
+241 0 obj<</Subtype/Link/Rect[108.0 604.8 189.3 617.8]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 734 0]>>endobj
+242 0 obj<</Subtype/Link/Rect[108.0 591.6 188.7 604.6]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 605 0]>>endobj
+243 0 obj<</Subtype/Link/Rect[108.0 578.4 196.0 591.4]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 530 0]>>endobj
+244 0 obj<</Subtype/Link/Rect[72.0 552.0 244.6 565.0]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 734 0]>>endobj
+245 0 obj<</Subtype/Link/Rect[108.0 538.8 190.6 551.8]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 696 0]>>endobj
+246 0 obj<</Subtype/Link/Rect[108.0 525.6 200.6 538.6]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 463 0]>>endobj
+247 0 obj<</Subtype/Link/Rect[126.0 512.4 223.8 525.4]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 160 0]>>endobj
+248 0 obj<</Subtype/Link/Rect[126.0 499.2 243.6 512.2]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 734 0]>>endobj
+249 0 obj<</Subtype/Link/Rect[126.0 486.0 219.8 499.0]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 662 0]>>endobj
+250 0 obj<</Subtype/Link/Rect[126.0 472.8 195.4 485.8]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 590 0]>>endobj
+251 0 obj<</Subtype/Link/Rect[108.0 459.6 216.8 472.6]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 426 0]>>endobj
+252 0 obj<</Subtype/Link/Rect[72.0 433.2 144.7 446.2]/Border[0 0 0]/Dest[1649 0 R/XYZ 0 734 0]>>endobj
+253 0 obj<</Subtype/Link/Rect[72.0 406.8 181.1 419.8]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 734 0]>>endobj
+254 0 obj<</Subtype/Link/Rect[108.0 393.6 162.7 406.6]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 655 0]>>endobj
+255 0 obj<</Subtype/Link/Rect[108.0 380.4 178.9 393.4]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 408 0]>>endobj
+256 0 obj<</Subtype/Link/Rect[108.0 367.2 160.2 380.2]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 293 0]>>endobj
+257 0 obj<</Subtype/Link/Rect[108.0 354.0 260.5 367.0]/Border[0 0 0]/Dest[1653 0 R/XYZ 0 228 0]>>endobj
+258 0 obj<</Subtype/Link/Rect[72.0 327.6 271.5 340.6]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 734 0]>>endobj
+259 0 obj<</Subtype/Link/Rect[108.0 314.4 215.5 327.4]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 668 0]>>endobj
+260 0 obj<</Subtype/Link/Rect[108.0 301.2 182.0 314.2]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 461 0]>>endobj
+261 0 obj<</Subtype/Link/Rect[126.0 288.0 514.3 301.0]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 427 0]>>endobj
+262 0 obj<</Subtype/Link/Rect[126.0 274.8 519.5 287.8]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 734 0]>>endobj
+263 0 obj<</Subtype/Link/Rect[126.0 261.6 470.9 274.6]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 523 0]>>endobj
+264 0 obj<</Subtype/Link/Rect[126.0 248.4 440.7 261.4]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 408 0]>>endobj
+265 0 obj<</Subtype/Link/Rect[108.0 235.2 248.2 248.2]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 151 0]>>endobj
+266 0 obj<</Subtype/Link/Rect[126.0 222.0 333.5 235.0]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 118 0]>>endobj
+267 0 obj<</Subtype/Link/Rect[126.0 208.8 332.5 221.8]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 626 0]>>endobj
+268 0 obj<</Subtype/Link/Rect[126.0 195.6 316.3 208.6]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 475 0]>>endobj
+269 0 obj<</Subtype/Link/Rect[126.0 182.4 282.1 195.4]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 377 0]>>endobj
+270 0 obj<</Subtype/Link/Rect[108.0 169.2 206.7 182.2]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 292 0]>>endobj
+271 0 obj<</Subtype/Link/Rect[108.0 156.0 267.8 169.0]/Border[0 0 0]/Dest[1661 0 R/XYZ 0 718 0]>>endobj
+272 0 obj<</Subtype/Link/Rect[72.0 129.6 204.0 142.6]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 734 0]>>endobj
+273 0 obj<</Subtype/Link/Rect[108.0 116.4 187.1 129.4]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 696 0]>>endobj
+274 0 obj<</Subtype/Link/Rect[108.0 103.2 188.0 116.2]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 423 0]>>endobj
+275 0 obj<</Subtype/Link/Rect[108.0 90.0 190.5 103.0]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 282 0]>>endobj
+276 0 obj<</Subtype/Link/Rect[108.0 76.8 195.4 89.8]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 613 0]>>endobj
+277 0 obj<</Subtype/Link/Rect[108.0 63.6 267.8 76.6]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 260 0]>>endobj
+278 0 obj[235 0 R
 236 0 R
 237 0 R
 238 0 R
@@ -514,93 +524,96 @@
 266 0 R
 267 0 R
 268 0 R
-269 0 R]endobj
-271 0 obj<</Subtype/Link/Rect[72.0 684.0 273.0 697.0]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 734 0]>>endobj
-272 0 obj<</Subtype/Link/Rect[108.0 670.8 187.1 683.8]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 696 0]>>endobj
-273 0 obj<</Subtype/Link/Rect[108.0 657.6 190.2 670.6]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 529 0]>>endobj
-274 0 obj<</Subtype/Link/Rect[108.0 644.4 156.0 657.4]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 199 0]>>endobj
-275 0 obj<</Subtype/Link/Rect[126.0 631.2 186.2 644.2]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 165 0]>>endobj
-276 0 obj<</Subtype/Link/Rect[126.0 618.0 186.2 631.0]/Border[0 0 0]/Dest[1662 0 R/XYZ 0 734 0]>>endobj
-277 0 obj<</Subtype/Link/Rect[126.0 604.8 186.2 617.8]/Border[0 0 0]/Dest[1662 0 R/XYZ 0 530 0]>>endobj
-278 0 obj<</Subtype/Link/Rect[126.0 591.6 186.2 604.6]/Border[0 0 0]/Dest[1664 0 R/XYZ 0 626 0]>>endobj
-279 0 obj<</Subtype/Link/Rect[126.0 578.4 186.2 591.4]/Border[0 0 0]/Dest[1664 0 R/XYZ 0 475 0]>>endobj
-280 0 obj<</Subtype/Link/Rect[126.0 565.2 186.2 578.2]/Border[0 0 0]/Dest[1664 0 R/XYZ 0 351 0]>>endobj
-281 0 obj<</Subtype/Link/Rect[126.0 552.0 186.2 565.0]/Border[0 0 0]/Dest[1666 0 R/XYZ 0 734 0]>>endobj
-282 0 obj<</Subtype/Link/Rect[126.0 538.8 186.2 551.8]/Border[0 0 0]/Dest[1666 0 R/XYZ 0 371 0]>>endobj
-283 0 obj<</Subtype/Link/Rect[126.0 525.6 186.2 538.6]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 705 0]>>endobj
-284 0 obj<</Subtype/Link/Rect[126.0 512.4 197.2 525.4]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 515 0]>>endobj
-285 0 obj<</Subtype/Link/Rect[126.0 499.2 197.2 512.2]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 377 0]>>endobj
-286 0 obj<</Subtype/Link/Rect[108.0 486.0 226.9 499.0]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 239 0]>>endobj
-287 0 obj[271 0 R
+269 0 R
+270 0 R
+271 0 R
 272 0 R
 273 0 R
 274 0 R
 275 0 R
 276 0 R
-277 0 R
-278 0 R
-279 0 R
+277 0 R]endobj
+279 0 obj<</Subtype/Link/Rect[72.0 684.0 204.0 697.0]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 734 0]>>endobj
+280 0 obj<</Subtype/Link/Rect[108.0 670.8 166.4 683.8]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 159 0]>>endobj
+281 0 obj<</Subtype/Link/Rect[72.0 644.4 273.0 657.4]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 734 0]>>endobj
+282 0 obj<</Subtype/Link/Rect[108.0 631.2 187.1 644.2]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 696 0]>>endobj
+283 0 obj<</Subtype/Link/Rect[108.0 618.0 190.2 631.0]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 529 0]>>endobj
+284 0 obj<</Subtype/Link/Rect[108.0 604.8 156.0 617.8]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 199 0]>>endobj
+285 0 obj<</Subtype/Link/Rect[126.0 591.6 186.2 604.6]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 165 0]>>endobj
+286 0 obj<</Subtype/Link/Rect[126.0 578.4 186.2 591.4]/Border[0 0 0]/Dest[1669 0 R/XYZ 0 734 0]>>endobj
+287 0 obj<</Subtype/Link/Rect[126.0 565.2 186.2 578.2]/Border[0 0 0]/Dest[1669 0 R/XYZ 0 530 0]>>endobj
+288 0 obj<</Subtype/Link/Rect[126.0 552.0 186.2 565.0]/Border[0 0 0]/Dest[1671 0 R/XYZ 0 626 0]>>endobj
+289 0 obj<</Subtype/Link/Rect[126.0 538.8 186.2 551.8]/Border[0 0 0]/Dest[1671 0 R/XYZ 0 475 0]>>endobj
+290 0 obj<</Subtype/Link/Rect[126.0 525.6 186.2 538.6]/Border[0 0 0]/Dest[1671 0 R/XYZ 0 351 0]>>endobj
+291 0 obj<</Subtype/Link/Rect[126.0 512.4 186.2 525.4]/Border[0 0 0]/Dest[1673 0 R/XYZ 0 734 0]>>endobj
+292 0 obj<</Subtype/Link/Rect[126.0 499.2 186.2 512.2]/Border[0 0 0]/Dest[1673 0 R/XYZ 0 371 0]>>endobj
+293 0 obj<</Subtype/Link/Rect[126.0 486.0 186.2 499.0]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 705 0]>>endobj
+294 0 obj<</Subtype/Link/Rect[126.0 472.8 197.2 485.8]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 515 0]>>endobj
+295 0 obj<</Subtype/Link/Rect[126.0 459.6 197.2 472.6]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 377 0]>>endobj
+296 0 obj<</Subtype/Link/Rect[108.0 446.4 226.9 459.4]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 239 0]>>endobj
+297 0 obj[279 0 R
 280 0 R
 281 0 R
 282 0 R
 283 0 R
 284 0 R
 285 0 R
-286 0 R]endobj
-288 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
-289 0 obj<</Subtype/Link/Rect[185.6 631.0 289.8 644.0]/Border[0 0 0]/A 288 0 R>>endobj
-290 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
-291 0 obj<</Subtype/Link/Rect[72.0 617.8 148.4 630.8]/Border[0 0 0]/A 290 0 R>>endobj
-292 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
-293 0 obj<</Subtype/Link/Rect[72.0 565.0 223.3 578.0]/Border[0 0 0]/A 292 0 R>>endobj
-294 0 obj<</Subtype/Link/Rect[78.4 499.0 170.1 512.0]/Border[0 0 0]/Dest[1392 0 R/XYZ 0 258 0]>>endobj
-295 0 obj<</Subtype/Link/Rect[116.2 485.8 259.9 498.8]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 734 0]>>endobj
-296 0 obj<</Subtype/Link/Rect[160.5 472.6 252.2 485.6]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 696 0]>>endobj
-297 0 obj<</Subtype/Link/Rect[160.5 459.4 257.4 472.4]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 568 0]>>endobj
-298 0 obj<</Subtype/Link/Rect[160.5 446.2 260.7 459.2]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 163 0]>>endobj
-299 0 obj<</Subtype/Link/Rect[160.5 433.0 312.1 446.0]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 734 0]>>endobj
-300 0 obj<</Subtype/Link/Rect[160.5 419.8 315.1 432.8]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 385 0]>>endobj
-301 0 obj<</Subtype/Link/Rect[160.5 406.6 287.3 419.6]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 257 0]>>endobj
-302 0 obj<</Subtype/Link/Rect[160.5 393.4 367.0 406.4]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 665 0]>>endobj
-303 0 obj<</Subtype/Link/Rect[160.5 380.2 316.3 393.2]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 498 0]>>endobj
-304 0 obj<</Subtype/Link/Rect[160.5 367.0 503.0 380.0]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 330 0]>>endobj
-305 0 obj<</Subtype/Link/Rect[166.0 353.8 293.3 366.8]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 734 0]>>endobj
-306 0 obj<</Subtype/Link/Rect[116.2 340.6 247.6 353.6]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 734 0]>>endobj
-307 0 obj<</Subtype/Link/Rect[160.5 327.4 260.4 340.4]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 696 0]>>endobj
-308 0 obj<</Subtype/Link/Rect[160.5 314.2 284.6 327.2]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 515 0]>>endobj
-309 0 obj<</Subtype/Link/Rect[160.5 301.0 248.5 314.0]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 137 0]>>endobj
-310 0 obj<</Subtype/Link/Rect[160.5 287.8 272.6 300.8]/Border[0 0 0]/Dest[1416 0 R/XYZ 0 533 0]>>endobj
-311 0 obj<</Subtype/Link/Rect[160.5 274.6 274.5 287.6]/Border[0 0 0]/Dest[1422 0 R/XYZ 0 560 0]>>endobj
-312 0 obj<</Subtype/Link/Rect[160.5 261.4 343.2 274.4]/Border[0 0 0]/Dest[1424 0 R/XYZ 0 613 0]>>endobj
-313 0 obj<</Subtype/Link/Rect[160.5 248.2 317.6 261.2]/Border[0 0 0]/Dest[1426 0 R/XYZ 0 622 0]>>endobj
-314 0 obj<</Subtype/Link/Rect[160.5 235.0 303.5 248.0]/Border[0 0 0]/Dest[1426 0 R/XYZ 0 266 0]>>endobj
-315 0 obj<</Subtype/Link/Rect[160.5 221.8 313.0 234.8]/Border[0 0 0]/Dest[1428 0 R/XYZ 0 520 0]>>endobj
-316 0 obj<</Subtype/Link/Rect[166.0 208.6 310.2 221.6]/Border[0 0 0]/Dest[1430 0 R/XYZ 0 734 0]>>endobj
-317 0 obj<</Subtype/Link/Rect[166.0 195.4 252.2 208.4]/Border[0 0 0]/Dest[1430 0 R/XYZ 0 645 0]>>endobj
-318 0 obj<</Subtype/Link/Rect[116.2 182.2 155.0 195.2]/Border[0 0 0]/Dest[1432 0 R/XYZ 0 734 0]>>endobj
-319 0 obj<</Subtype/Link/Rect[160.5 169.0 245.7 182.0]/Border[0 0 0]/Dest[1432 0 R/XYZ 0 696 0]>>endobj
-320 0 obj<</Subtype/Link/Rect[116.2 155.8 410.5 168.8]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 734 0]>>endobj
-321 0 obj<</Subtype/Link/Rect[160.5 142.6 211.5 155.6]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 604 0]>>endobj
-322 0 obj<</Subtype/Link/Rect[160.5 129.4 348.1 142.4]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 159 0]>>endobj
-323 0 obj<</Subtype/Link/Rect[160.5 116.2 360.7 129.2]/Border[0 0 0]/Dest[1436 0 R/XYZ 0 483 0]>>endobj
-324 0 obj<</Subtype/Link/Rect[160.5 103.0 220.1 116.0]/Border[0 0 0]/Dest[1436 0 R/XYZ 0 305 0]>>endobj
-325 0 obj<</Subtype/Link/Rect[160.5 89.8 458.7 102.8]/Border[0 0 0]/Dest[1438 0 R/XYZ 0 467 0]>>endobj
-326 0 obj<</Subtype/Link/Rect[160.5 76.6 268.4 89.6]/Border[0 0 0]/Dest[1438 0 R/XYZ 0 187 0]>>endobj
-327 0 obj<</Subtype/Link/Rect[116.2 63.4 333.5 76.4]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 734 0]>>endobj
-328 0 obj[289 0 R
+286 0 R
+287 0 R
+288 0 R
+289 0 R
+290 0 R
 291 0 R
+292 0 R
 293 0 R
 294 0 R
 295 0 R
-296 0 R
-297 0 R
-298 0 R
-299 0 R
-300 0 R
+296 0 R]endobj
+298 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+299 0 obj<</Subtype/Link/Rect[185.6 631.0 289.8 644.0]/Border[0 0 0]/A 298 0 R>>endobj
+300 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
+301 0 obj<</Subtype/Link/Rect[72.0 617.8 148.4 630.8]/Border[0 0 0]/A 300 0 R>>endobj
+302 0 obj<</S/URI/URI(mailto:jelmer@samba.org)>>endobj
+303 0 obj<</Subtype/Link/Rect[160.3 617.8 246.8 630.8]/Border[0 0 0]/A 302 0 R>>endobj
+304 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
+305 0 obj<</Subtype/Link/Rect[72.0 565.0 223.3 578.0]/Border[0 0 0]/A 304 0 R>>endobj
+306 0 obj<</Subtype/Link/Rect[78.4 499.0 170.1 512.0]/Border[0 0 0]/Dest[1397 0 R/XYZ 0 483 0]>>endobj
+307 0 obj<</Subtype/Link/Rect[116.2 485.8 259.9 498.8]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 734 0]>>endobj
+308 0 obj<</Subtype/Link/Rect[160.5 472.6 252.2 485.6]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 696 0]>>endobj
+309 0 obj<</Subtype/Link/Rect[160.5 459.4 257.4 472.4]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 568 0]>>endobj
+310 0 obj<</Subtype/Link/Rect[160.5 446.2 260.7 459.2]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 163 0]>>endobj
+311 0 obj<</Subtype/Link/Rect[160.5 433.0 312.1 446.0]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 734 0]>>endobj
+312 0 obj<</Subtype/Link/Rect[160.5 419.8 315.1 432.8]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 385 0]>>endobj
+313 0 obj<</Subtype/Link/Rect[160.5 406.6 287.3 419.6]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 257 0]>>endobj
+314 0 obj<</Subtype/Link/Rect[160.5 393.4 367.0 406.4]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 665 0]>>endobj
+315 0 obj<</Subtype/Link/Rect[160.5 380.2 316.3 393.2]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 498 0]>>endobj
+316 0 obj<</Subtype/Link/Rect[160.5 367.0 503.0 380.0]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 330 0]>>endobj
+317 0 obj<</Subtype/Link/Rect[166.0 353.8 293.3 366.8]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 734 0]>>endobj
+318 0 obj<</Subtype/Link/Rect[116.2 340.6 410.5 353.6]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 734 0]>>endobj
+319 0 obj<</Subtype/Link/Rect[160.5 327.4 211.5 340.4]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 604 0]>>endobj
+320 0 obj<</Subtype/Link/Rect[160.5 314.2 348.1 327.2]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 159 0]>>endobj
+321 0 obj<</Subtype/Link/Rect[160.5 301.0 360.7 314.0]/Border[0 0 0]/Dest[1421 0 R/XYZ 0 509 0]>>endobj
+322 0 obj<</Subtype/Link/Rect[160.5 287.8 220.1 300.8]/Border[0 0 0]/Dest[1421 0 R/XYZ 0 331 0]>>endobj
+323 0 obj<</Subtype/Link/Rect[160.5 274.6 458.7 287.6]/Border[0 0 0]/Dest[1423 0 R/XYZ 0 494 0]>>endobj
+324 0 obj<</Subtype/Link/Rect[160.5 261.4 268.4 274.4]/Border[0 0 0]/Dest[1423 0 R/XYZ 0 213 0]>>endobj
+325 0 obj<</Subtype/Link/Rect[116.2 248.2 237.6 261.2]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 734 0]>>endobj
+326 0 obj<</Subtype/Link/Rect[160.5 235.0 218.2 248.0]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 696 0]>>endobj
+327 0 obj<</Subtype/Link/Rect[160.5 221.8 302.9 234.8]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 449 0]>>endobj
+328 0 obj<</Subtype/Link/Rect[160.5 208.6 280.6 221.6]/Border[0 0 0]/Dest[1429 0 R/XYZ 0 452 0]>>endobj
+329 0 obj<</Subtype/Link/Rect[160.5 195.4 205.7 208.4]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 639 0]>>endobj
+330 0 obj<</Subtype/Link/Rect[160.5 182.2 184.0 195.2]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 551 0]>>endobj
+331 0 obj<</Subtype/Link/Rect[160.5 169.0 190.8 182.0]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 475 0]>>endobj
+332 0 obj<</Subtype/Link/Rect[160.5 155.8 196.9 168.8]/Border[0 0 0]/Dest[1443 0 R/XYZ 0 322 0]>>endobj
+333 0 obj<</Subtype/Link/Rect[160.5 142.6 250.6 155.6]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 390 0]>>endobj
+334 0 obj<</Subtype/Link/Rect[82.1 129.4 170.4 142.4]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 163 0]>>endobj
+335 0 obj<</Subtype/Link/Rect[116.2 116.2 378.7 129.2]/Border[0 0 0]/Dest[1453 0 R/XYZ 0 734 0]>>endobj
+336 0 obj<</Subtype/Link/Rect[116.2 103.0 361.6 116.0]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 734 0]>>endobj
+337 0 obj<</Subtype/Link/Rect[160.5 89.8 257.0 102.8]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 672 0]>>endobj
+338 0 obj<</Subtype/Link/Rect[160.5 76.6 217.0 89.6]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 584 0]>>endobj
+339 0 obj<</Subtype/Link/Rect[160.5 63.4 353.3 76.4]/Border[0 0 0]/Dest[1459 0 R/XYZ 0 718 0]>>endobj
+340 0 obj[299 0 R
 301 0 R
-302 0 R
 303 0 R
-304 0 R
 305 0 R
 306 0 R
 307 0 R
@@ -623,59 +636,9 @@
 324 0 R
 325 0 R
 326 0 R
-327 0 R]endobj
-329 0 obj<</Subtype/Link/Rect[160.5 721.0 218.2 734.0]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 672 0]>>endobj
-330 0 obj<</Subtype/Link/Rect[160.5 707.8 302.9 720.8]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 531 0]>>endobj
-331 0 obj<</Subtype/Link/Rect[160.5 694.6 280.6 707.6]/Border[0 0 0]/Dest[1444 0 R/XYZ 0 511 0]>>endobj
-332 0 obj<</Subtype/Link/Rect[82.1 681.4 170.4 694.4]/Border[0 0 0]/Dest[1446 0 R/XYZ 0 681 0]>>endobj
-333 0 obj<</Subtype/Link/Rect[116.2 668.2 400.4 681.2]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 734 0]>>endobj
-334 0 obj<</Subtype/Link/Rect[160.5 655.0 257.0 668.0]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 672 0]>>endobj
-335 0 obj<</Subtype/Link/Rect[160.5 641.8 217.0 654.8]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 584 0]>>endobj
-336 0 obj<</Subtype/Link/Rect[160.5 628.6 353.3 641.6]/Border[0 0 0]/Dest[1454 0 R/XYZ 0 718 0]>>endobj
-337 0 obj<</Subtype/Link/Rect[160.5 615.4 467.3 628.4]/Border[0 0 0]/Dest[1456 0 R/XYZ 0 613 0]>>endobj
-338 0 obj<</Subtype/Link/Rect[160.5 602.2 299.2 615.2]/Border[0 0 0]/Dest[1460 0 R/XYZ 0 385 0]>>endobj
-339 0 obj<</Subtype/Link/Rect[160.5 589.0 288.8 602.0]/Border[0 0 0]/Dest[1462 0 R/XYZ 0 129 0]>>endobj
-340 0 obj<</Subtype/Link/Rect[160.5 575.8 280.9 588.8]/Border[0 0 0]/Dest[1464 0 R/XYZ 0 124 0]>>endobj
-341 0 obj<</Subtype/Link/Rect[160.5 562.6 326.4 575.6]/Border[0 0 0]/Dest[1470 0 R/XYZ 0 507 0]>>endobj
-342 0 obj<</Subtype/Link/Rect[160.5 549.4 459.7 562.4]/Border[0 0 0]/Dest[1482 0 R/XYZ 0 718 0]>>endobj
-343 0 obj<</Subtype/Link/Rect[116.2 536.2 485.4 549.2]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 734 0]>>endobj
-344 0 obj<</Subtype/Link/Rect[160.5 523.0 257.0 536.0]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 672 0]>>endobj
-345 0 obj<</Subtype/Link/Rect[160.5 509.8 217.0 522.8]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 597 0]>>endobj
-346 0 obj<</Subtype/Link/Rect[160.5 496.6 396.4 509.6]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 225 0]>>endobj
-347 0 obj<</Subtype/Link/Rect[160.5 483.4 364.3 496.4]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 524 0]>>endobj
-348 0 obj<</Subtype/Link/Rect[160.5 470.2 304.1 483.2]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 383 0]>>endobj
-349 0 obj<</Subtype/Link/Rect[116.2 457.0 266.6 470.0]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 734 0]>>endobj
-350 0 obj<</Subtype/Link/Rect[160.5 443.8 356.7 456.8]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 524 0]>>endobj
-351 0 obj<</Subtype/Link/Rect[160.5 430.6 357.9 443.6]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 417 0]>>endobj
-352 0 obj<</Subtype/Link/Rect[160.5 417.4 233.2 430.4]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 241 0]>>endobj
-353 0 obj<</Subtype/Link/Rect[160.5 404.2 274.2 417.2]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 556 0]>>endobj
-354 0 obj<</Subtype/Link/Rect[160.5 391.0 291.3 404.0]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 240 0]>>endobj
-355 0 obj<</Subtype/Link/Rect[160.5 377.8 260.7 390.8]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 692 0]>>endobj
-356 0 obj<</Subtype/Link/Rect[160.5 364.6 262.3 377.6]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 603 0]>>endobj
-357 0 obj<</Subtype/Link/Rect[160.5 351.4 188.3 364.4]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 528 0]>>endobj
-358 0 obj<</Subtype/Link/Rect[116.2 338.2 265.4 351.2]/Border[0 0 0]/Dest[1498 0 R/XYZ 0 734 0]>>endobj
-359 0 obj<</Subtype/Link/Rect[160.5 325.0 335.3 338.0]/Border[0 0 0]/Dest[1498 0 R/XYZ 0 696 0]>>endobj
-360 0 obj<</Subtype/Link/Rect[160.5 311.8 322.8 324.8]/Border[0 0 0]/Dest[1500 0 R/XYZ 0 362 0]>>endobj
-361 0 obj<</Subtype/Link/Rect[160.5 298.6 345.7 311.6]/Border[0 0 0]/Dest[1500 0 R/XYZ 0 155 0]>>endobj
-362 0 obj<</Subtype/Link/Rect[85.7 285.4 190.2 298.4]/Border[0 0 0]/Dest[1502 0 R/XYZ 0 337 0]>>endobj
-363 0 obj<</Subtype/Link/Rect[121.8 272.2 331.4 285.2]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 734 0]>>endobj
-364 0 obj<</Subtype/Link/Rect[166.0 259.0 202.4 272.0]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 672 0]>>endobj
-365 0 obj<</Subtype/Link/Rect[166.0 245.8 367.4 258.8]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 439 0]>>endobj
-366 0 obj<</Subtype/Link/Rect[166.0 232.6 420.2 245.6]/Border[0 0 0]/Dest[1516 0 R/XYZ 0 339 0]>>endobj
-367 0 obj<</Subtype/Link/Rect[166.0 219.4 532.1 232.4]/Border[0 0 0]/Dest[1524 0 R/XYZ 0 670 0]>>endobj
-368 0 obj<</Subtype/Link/Rect[144.0 206.2 173.9 219.2]/Border[0 0 0]/Dest[1524 0 R/XYZ 0 670 0]>>endobj
-369 0 obj<</Subtype/Link/Rect[166.0 193.0 536.9 206.0]/Border[0 0 0]/Dest[1524 0 R/XYZ 0 126 0]>>endobj
-370 0 obj<</Subtype/Link/Rect[166.0 179.8 223.1 192.8]/Border[0 0 0]/Dest[1530 0 R/XYZ 0 263 0]>>endobj
-371 0 obj<</Subtype/Link/Rect[121.8 166.6 394.0 179.6]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 734 0]>>endobj
-372 0 obj<</Subtype/Link/Rect[166.0 153.4 483.2 166.4]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 672 0]>>endobj
-373 0 obj<</Subtype/Link/Rect[166.0 140.2 360.0 153.2]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 497 0]>>endobj
-374 0 obj<</Subtype/Link/Rect[166.0 127.0 270.2 140.0]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 330 0]>>endobj
-375 0 obj<</Subtype/Link/Rect[166.0 113.8 332.5 126.8]/Border[0 0 0]/Dest[1534 0 R/XYZ 0 665 0]>>endobj
-376 0 obj<</Subtype/Link/Rect[166.0 100.6 341.7 113.6]/Border[0 0 0]/Dest[1536 0 R/XYZ 0 692 0]>>endobj
-377 0 obj<</Subtype/Link/Rect[166.0 87.4 438.5 100.4]/Border[0 0 0]/Dest[1536 0 R/XYZ 0 260 0]>>endobj
-378 0 obj<</Subtype/Link/Rect[166.0 74.2 428.8 87.2]/Border[0 0 0]/Dest[1540 0 R/XYZ 0 599 0]>>endobj
-379 0 obj<</Subtype/Link/Rect[121.8 61.0 437.7 74.0]/Border[0 0 0]/Dest[1542 0 R/XYZ 0 734 0]>>endobj
-380 0 obj[329 0 R
+327 0 R
+328 0 R
+329 0 R
 330 0 R
 331 0 R
 332 0 R
@@ -685,9 +648,59 @@
 336 0 R
 337 0 R
 338 0 R
-339 0 R
-340 0 R
-341 0 R
+339 0 R]endobj
+341 0 obj<</Subtype/Link/Rect[160.5 721.0 467.3 734.0]/Border[0 0 0]/Dest[1461 0 R/XYZ 0 613 0]>>endobj
+342 0 obj<</Subtype/Link/Rect[160.5 707.8 299.2 720.8]/Border[0 0 0]/Dest[1465 0 R/XYZ 0 385 0]>>endobj
+343 0 obj<</Subtype/Link/Rect[160.5 694.6 288.8 707.6]/Border[0 0 0]/Dest[1467 0 R/XYZ 0 129 0]>>endobj
+344 0 obj<</Subtype/Link/Rect[160.5 681.4 280.9 694.4]/Border[0 0 0]/Dest[1469 0 R/XYZ 0 124 0]>>endobj
+345 0 obj<</Subtype/Link/Rect[160.5 668.2 326.4 681.2]/Border[0 0 0]/Dest[1475 0 R/XYZ 0 507 0]>>endobj
+346 0 obj<</Subtype/Link/Rect[160.5 655.0 459.7 668.0]/Border[0 0 0]/Dest[1487 0 R/XYZ 0 734 0]>>endobj
+347 0 obj<</Subtype/Link/Rect[116.2 641.8 485.4 654.8]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 734 0]>>endobj
+348 0 obj<</Subtype/Link/Rect[160.5 628.6 257.0 641.6]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 672 0]>>endobj
+349 0 obj<</Subtype/Link/Rect[160.5 615.4 217.0 628.4]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 597 0]>>endobj
+350 0 obj<</Subtype/Link/Rect[160.5 602.2 396.4 615.2]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 225 0]>>endobj
+351 0 obj<</Subtype/Link/Rect[160.5 589.0 430.3 602.0]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 524 0]>>endobj
+352 0 obj<</Subtype/Link/Rect[160.5 575.8 304.1 588.8]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 323 0]>>endobj
+353 0 obj<</Subtype/Link/Rect[116.2 562.6 266.6 575.6]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 734 0]>>endobj
+354 0 obj<</Subtype/Link/Rect[160.5 549.4 356.7 562.4]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 551 0]>>endobj
+355 0 obj<</Subtype/Link/Rect[160.5 536.2 357.9 549.2]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 444 0]>>endobj
+356 0 obj<</Subtype/Link/Rect[160.5 523.0 233.2 536.0]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 267 0]>>endobj
+357 0 obj<</Subtype/Link/Rect[160.5 509.8 274.2 522.8]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 580 0]>>endobj
+358 0 obj<</Subtype/Link/Rect[160.5 496.6 291.3 509.6]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 264 0]>>endobj
+359 0 obj<</Subtype/Link/Rect[160.5 483.4 260.7 496.4]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 734 0]>>endobj
+360 0 obj<</Subtype/Link/Rect[160.5 470.2 262.3 483.2]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 645 0]>>endobj
+361 0 obj<</Subtype/Link/Rect[160.5 457.0 188.3 470.0]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 570 0]>>endobj
+362 0 obj<</Subtype/Link/Rect[116.2 443.8 308.7 456.8]/Border[0 0 0]/Dest[1503 0 R/XYZ 0 734 0]>>endobj
+363 0 obj<</Subtype/Link/Rect[160.5 430.6 335.3 443.6]/Border[0 0 0]/Dest[1503 0 R/XYZ 0 672 0]>>endobj
+364 0 obj<</Subtype/Link/Rect[160.5 417.4 322.8 430.4]/Border[0 0 0]/Dest[1505 0 R/XYZ 0 494 0]>>endobj
+365 0 obj<</Subtype/Link/Rect[160.5 404.2 345.7 417.2]/Border[0 0 0]/Dest[1505 0 R/XYZ 0 405 0]>>endobj
+366 0 obj<</Subtype/Link/Rect[85.7 391.0 190.2 404.0]/Border[0 0 0]/Dest[1507 0 R/XYZ 0 641 0]>>endobj
+367 0 obj<</Subtype/Link/Rect[116.2 377.8 325.9 390.8]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 734 0]>>endobj
+368 0 obj<</Subtype/Link/Rect[160.5 364.6 196.9 377.6]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 672 0]>>endobj
+369 0 obj<</Subtype/Link/Rect[160.5 351.4 361.9 364.4]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 439 0]>>endobj
+370 0 obj<</Subtype/Link/Rect[160.5 338.2 414.7 351.2]/Border[0 0 0]/Dest[1521 0 R/XYZ 0 339 0]>>endobj
+371 0 obj<</Subtype/Link/Rect[160.5 325.0 526.6 338.0]/Border[0 0 0]/Dest[1529 0 R/XYZ 0 670 0]>>endobj
+372 0 obj<</Subtype/Link/Rect[144.0 311.8 173.9 324.8]/Border[0 0 0]/Dest[1529 0 R/XYZ 0 670 0]>>endobj
+373 0 obj<</Subtype/Link/Rect[160.5 298.6 531.4 311.6]/Border[0 0 0]/Dest[1529 0 R/XYZ 0 126 0]>>endobj
+374 0 obj<</Subtype/Link/Rect[160.5 285.4 217.6 298.4]/Border[0 0 0]/Dest[1535 0 R/XYZ 0 263 0]>>endobj
+375 0 obj<</Subtype/Link/Rect[121.8 272.2 394.0 285.2]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 734 0]>>endobj
+376 0 obj<</Subtype/Link/Rect[166.0 259.0 483.2 272.0]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 672 0]>>endobj
+377 0 obj<</Subtype/Link/Rect[166.0 245.8 360.0 258.8]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 537 0]>>endobj
+378 0 obj<</Subtype/Link/Rect[166.0 232.6 270.2 245.6]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 369 0]>>endobj
+379 0 obj<</Subtype/Link/Rect[166.0 219.4 332.5 232.4]/Border[0 0 0]/Dest[1539 0 R/XYZ 0 705 0]>>endobj
+380 0 obj<</Subtype/Link/Rect[166.0 206.2 341.7 219.2]/Border[0 0 0]/Dest[1541 0 R/XYZ 0 718 0]>>endobj
+381 0 obj<</Subtype/Link/Rect[166.0 193.0 438.5 206.0]/Border[0 0 0]/Dest[1541 0 R/XYZ 0 287 0]>>endobj
+382 0 obj<</Subtype/Link/Rect[166.0 179.8 428.8 192.8]/Border[0 0 0]/Dest[1545 0 R/XYZ 0 652 0]>>endobj
+383 0 obj<</Subtype/Link/Rect[121.8 166.6 437.7 179.6]/Border[0 0 0]/Dest[1547 0 R/XYZ 0 734 0]>>endobj
+384 0 obj<</Subtype/Link/Rect[166.0 153.4 243.3 166.4]/Border[0 0 0]/Dest[1547 0 R/XYZ 0 672 0]>>endobj
+385 0 obj<</Subtype/Link/Rect[166.0 140.2 286.4 153.2]/Border[0 0 0]/Dest[1549 0 R/XYZ 0 148 0]>>endobj
+386 0 obj<</Subtype/Link/Rect[166.0 127.0 309.9 140.0]/Border[0 0 0]/Dest[1551 0 R/XYZ 0 705 0]>>endobj
+387 0 obj<</Subtype/Link/Rect[121.8 113.8 386.0 126.8]/Border[0 0 0]/Dest[1553 0 R/XYZ 0 734 0]>>endobj
+388 0 obj<</Subtype/Link/Rect[166.0 100.6 221.3 113.6]/Border[0 0 0]/Dest[1553 0 R/XYZ 0 672 0]>>endobj
+389 0 obj<</Subtype/Link/Rect[121.8 87.4 198.8 100.4]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 734 0]>>endobj
+390 0 obj<</Subtype/Link/Rect[166.0 74.2 223.8 87.2]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 696 0]>>endobj
+391 0 obj<</Subtype/Link/Rect[166.0 61.0 231.1 74.0]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 317 0]>>endobj
+392 0 obj[341 0 R
 342 0 R
 343 0 R
 344 0 R
@@ -725,59 +738,9 @@
 376 0 R
 377 0 R
 378 0 R
-379 0 R]endobj
-381 0 obj<</Subtype/Link/Rect[166.0 721.0 243.3 734.0]/Border[0 0 0]/Dest[1542 0 R/XYZ 0 672 0]>>endobj
-382 0 obj<</Subtype/Link/Rect[166.0 707.8 286.4 720.8]/Border[0 0 0]/Dest[1544 0 R/XYZ 0 148 0]>>endobj
-383 0 obj<</Subtype/Link/Rect[166.0 694.6 309.9 707.6]/Border[0 0 0]/Dest[1546 0 R/XYZ 0 705 0]>>endobj
-384 0 obj<</Subtype/Link/Rect[121.8 681.4 386.0 694.4]/Border[0 0 0]/Dest[1548 0 R/XYZ 0 734 0]>>endobj
-385 0 obj<</Subtype/Link/Rect[166.0 668.2 221.3 681.2]/Border[0 0 0]/Dest[1548 0 R/XYZ 0 672 0]>>endobj
-386 0 obj<</Subtype/Link/Rect[121.8 655.0 198.8 668.0]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 734 0]>>endobj
-387 0 obj<</Subtype/Link/Rect[166.0 641.8 223.8 654.8]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 696 0]>>endobj
-388 0 obj<</Subtype/Link/Rect[166.0 628.6 231.1 641.6]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 317 0]>>endobj
-389 0 obj<</Subtype/Link/Rect[166.0 615.4 260.4 628.4]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 734 0]>>endobj
-390 0 obj<</Subtype/Link/Rect[166.0 602.2 213.4 615.2]/Border[0 0 0]/Dest[1564 0 R/XYZ 0 440 0]>>endobj
-391 0 obj<</Subtype/Link/Rect[121.8 589.0 188.3 602.0]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 734 0]>>endobj
-392 0 obj<</Subtype/Link/Rect[166.0 575.8 223.8 588.8]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 696 0]>>endobj
-393 0 obj<</Subtype/Link/Rect[166.0 562.6 364.0 575.6]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 467 0]>>endobj
-394 0 obj<</Subtype/Link/Rect[121.8 549.4 405.0 562.4]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 734 0]>>endobj
-395 0 obj<</Subtype/Link/Rect[166.0 536.2 206.0 549.2]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 672 0]>>endobj
-396 0 obj<</Subtype/Link/Rect[166.0 523.0 223.8 536.0]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 544 0]>>endobj
-397 0 obj<</Subtype/Link/Rect[166.0 509.8 273.9 522.8]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 231 0]>>endobj
-398 0 obj<</Subtype/Link/Rect[166.0 496.6 260.4 509.6]/Border[0 0 0]/Dest[1580 0 R/XYZ 0 409 0]>>endobj
-399 0 obj<</Subtype/Link/Rect[166.0 483.4 303.8 496.4]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 351 0]>>endobj
-400 0 obj<</Subtype/Link/Rect[166.0 470.2 218.9 483.2]/Border[0 0 0]/Dest[1600 0 R/XYZ 0 296 0]>>endobj
-401 0 obj<</Subtype/Link/Rect[166.0 457.0 218.9 470.0]/Border[0 0 0]/Dest[1602 0 R/XYZ 0 734 0]>>endobj
-402 0 obj<</Subtype/Link/Rect[121.8 443.8 223.5 456.8]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 734 0]>>endobj
-403 0 obj<</Subtype/Link/Rect[166.0 430.6 206.6 443.6]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 696 0]>>endobj
-404 0 obj<</Subtype/Link/Rect[166.0 417.4 222.5 430.4]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 595 0]>>endobj
-405 0 obj<</Subtype/Link/Rect[166.0 404.2 389.1 417.2]/Border[0 0 0]/Dest[1606 0 R/XYZ 0 568 0]>>endobj
-406 0 obj<</Subtype/Link/Rect[166.0 391.0 347.6 404.0]/Border[0 0 0]/Dest[1606 0 R/XYZ 0 414 0]>>endobj
-407 0 obj<</Subtype/Link/Rect[121.8 377.8 211.9 390.8]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 734 0]>>endobj
-408 0 obj<</Subtype/Link/Rect[166.0 364.6 206.6 377.6]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 696 0]>>endobj
-409 0 obj<</Subtype/Link/Rect[166.0 351.4 196.9 364.4]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 608 0]>>endobj
-410 0 obj<</Subtype/Link/Rect[121.8 338.2 456.2 351.2]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 734 0]>>endobj
-411 0 obj<</Subtype/Link/Rect[166.0 325.0 205.4 338.0]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 672 0]>>endobj
-412 0 obj<</Subtype/Link/Rect[166.0 311.8 223.8 324.8]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 412 0]>>endobj
-413 0 obj<</Subtype/Link/Rect[166.0 298.6 280.0 311.6]/Border[0 0 0]/Dest[1612 0 R/XYZ 0 573 0]>>endobj
-414 0 obj<</Subtype/Link/Rect[166.0 285.4 418.4 298.4]/Border[0 0 0]/Dest[1612 0 R/XYZ 0 471 0]>>endobj
-415 0 obj<</Subtype/Link/Rect[166.0 272.2 307.2 285.2]/Border[0 0 0]/Dest[1614 0 R/XYZ 0 734 0]>>endobj
-416 0 obj<</Subtype/Link/Rect[166.0 259.0 323.0 272.0]/Border[0 0 0]/Dest[1616 0 R/XYZ 0 243 0]>>endobj
-417 0 obj<</Subtype/Link/Rect[166.0 245.8 291.6 258.8]/Border[0 0 0]/Dest[1618 0 R/XYZ 0 718 0]>>endobj
-418 0 obj<</Subtype/Link/Rect[166.0 232.6 366.8 245.6]/Border[0 0 0]/Dest[1618 0 R/XYZ 0 336 0]>>endobj
-419 0 obj<</Subtype/Link/Rect[166.0 219.4 360.3 232.4]/Border[0 0 0]/Dest[1620 0 R/XYZ 0 322 0]>>endobj
-420 0 obj<</Subtype/Link/Rect[171.5 206.2 220.7 219.2]/Border[0 0 0]/Dest[1622 0 R/XYZ 0 492 0]>>endobj
-421 0 obj<</Subtype/Link/Rect[121.8 193.0 323.1 206.0]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 734 0]>>endobj
-422 0 obj<</Subtype/Link/Rect[166.0 179.8 223.8 192.8]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 672 0]>>endobj
-423 0 obj<</Subtype/Link/Rect[166.0 166.6 281.8 179.6]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 557 0]>>endobj
-424 0 obj<</Subtype/Link/Rect[121.8 153.4 236.3 166.4]/Border[0 0 0]/Dest[1628 0 R/XYZ 0 734 0]>>endobj
-425 0 obj<</Subtype/Link/Rect[121.8 140.2 242.4 153.2]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 734 0]>>endobj
-426 0 obj<</Subtype/Link/Rect[166.0 127.0 227.4 140.0]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 696 0]>>endobj
-427 0 obj<</Subtype/Link/Rect[166.0 113.8 204.8 126.8]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 449 0]>>endobj
-428 0 obj<</Subtype/Link/Rect[166.0 100.6 232.6 113.6]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 515 0]>>endobj
-429 0 obj<</Subtype/Link/Rect[166.0 87.4 210.6 100.4]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 255 0]>>endobj
-430 0 obj<</Subtype/Link/Rect[166.0 74.2 210.0 87.2]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 718 0]>>endobj
-431 0 obj<</Subtype/Link/Rect[166.0 61.0 204.2 74.0]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 537 0]>>endobj
-432 0 obj[381 0 R
+379 0 R
+380 0 R
+381 0 R
 382 0 R
 383 0 R
 384 0 R
@@ -787,9 +750,59 @@
 388 0 R
 389 0 R
 390 0 R
-391 0 R
-392 0 R
-393 0 R
+391 0 R]endobj
+393 0 obj<</Subtype/Link/Rect[166.0 721.0 260.4 734.0]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 692 0]>>endobj
+394 0 obj<</Subtype/Link/Rect[166.0 707.8 213.4 720.8]/Border[0 0 0]/Dest[1569 0 R/XYZ 0 397 0]>>endobj
+395 0 obj<</Subtype/Link/Rect[121.8 694.6 405.0 707.6]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 734 0]>>endobj
+396 0 obj<</Subtype/Link/Rect[166.0 681.4 206.0 694.4]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 672 0]>>endobj
+397 0 obj<</Subtype/Link/Rect[166.0 668.2 223.8 681.2]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 544 0]>>endobj
+398 0 obj<</Subtype/Link/Rect[166.0 655.0 273.9 668.0]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 231 0]>>endobj
+399 0 obj<</Subtype/Link/Rect[166.0 641.8 260.4 654.8]/Border[0 0 0]/Dest[1581 0 R/XYZ 0 409 0]>>endobj
+400 0 obj<</Subtype/Link/Rect[166.0 628.6 303.8 641.6]/Border[0 0 0]/Dest[1585 0 R/XYZ 0 245 0]>>endobj
+401 0 obj<</Subtype/Link/Rect[166.0 615.4 218.9 628.4]/Border[0 0 0]/Dest[1603 0 R/XYZ 0 734 0]>>endobj
+402 0 obj<</Subtype/Link/Rect[166.0 602.2 218.9 615.2]/Border[0 0 0]/Dest[1603 0 R/XYZ 0 513 0]>>endobj
+403 0 obj<</Subtype/Link/Rect[121.8 589.0 253.1 602.0]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 734 0]>>endobj
+404 0 obj<</Subtype/Link/Rect[166.0 575.8 265.9 588.8]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 696 0]>>endobj
+405 0 obj<</Subtype/Link/Rect[166.0 562.6 290.1 575.6]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 515 0]>>endobj
+406 0 obj<</Subtype/Link/Rect[166.0 549.4 254.0 562.4]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 137 0]>>endobj
+407 0 obj<</Subtype/Link/Rect[166.0 536.2 278.1 549.2]/Border[0 0 0]/Dest[1607 0 R/XYZ 0 533 0]>>endobj
+408 0 obj<</Subtype/Link/Rect[166.0 523.0 280.0 536.0]/Border[0 0 0]/Dest[1613 0 R/XYZ 0 560 0]>>endobj
+409 0 obj<</Subtype/Link/Rect[166.0 509.8 348.7 522.8]/Border[0 0 0]/Dest[1615 0 R/XYZ 0 613 0]>>endobj
+410 0 obj<</Subtype/Link/Rect[166.0 496.6 323.1 509.6]/Border[0 0 0]/Dest[1617 0 R/XYZ 0 622 0]>>endobj
+411 0 obj<</Subtype/Link/Rect[166.0 483.4 309.0 496.4]/Border[0 0 0]/Dest[1617 0 R/XYZ 0 266 0]>>endobj
+412 0 obj<</Subtype/Link/Rect[166.0 470.2 318.5 483.2]/Border[0 0 0]/Dest[1619 0 R/XYZ 0 520 0]>>endobj
+413 0 obj<</Subtype/Link/Rect[171.5 457.0 315.7 470.0]/Border[0 0 0]/Dest[1621 0 R/XYZ 0 734 0]>>endobj
+414 0 obj<</Subtype/Link/Rect[171.5 443.8 257.7 456.8]/Border[0 0 0]/Dest[1621 0 R/XYZ 0 645 0]>>endobj
+415 0 obj<</Subtype/Link/Rect[121.8 430.6 228.4 443.6]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 734 0]>>endobj
+416 0 obj<</Subtype/Link/Rect[166.0 417.4 305.6 430.4]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 696 0]>>endobj
+417 0 obj<</Subtype/Link/Rect[166.0 404.2 246.7 417.2]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 385 0]>>endobj
+418 0 obj<</Subtype/Link/Rect[166.0 391.0 317.5 404.0]/Border[0 0 0]/Dest[1625 0 R/XYZ 0 430 0]>>endobj
+419 0 obj<</Subtype/Link/Rect[121.8 377.8 281.2 390.8]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 734 0]>>endobj
+420 0 obj<</Subtype/Link/Rect[166.0 364.6 223.8 377.6]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 696 0]>>endobj
+421 0 obj<</Subtype/Link/Rect[166.0 351.4 281.8 364.4]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 581 0]>>endobj
+422 0 obj<</Subtype/Link/Rect[121.8 338.2 236.3 351.2]/Border[0 0 0]/Dest[1633 0 R/XYZ 0 734 0]>>endobj
+423 0 obj<</Subtype/Link/Rect[121.8 325.0 242.4 338.0]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 734 0]>>endobj
+424 0 obj<</Subtype/Link/Rect[166.0 311.8 227.4 324.8]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 696 0]>>endobj
+425 0 obj<</Subtype/Link/Rect[166.0 298.6 232.6 311.6]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 449 0]>>endobj
+426 0 obj<</Subtype/Link/Rect[166.0 285.4 210.6 298.4]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 189 0]>>endobj
+427 0 obj<</Subtype/Link/Rect[166.0 272.2 210.0 285.2]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 639 0]>>endobj
+428 0 obj<</Subtype/Link/Rect[166.0 259.0 209.4 272.0]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 458 0]>>endobj
+429 0 obj<</Subtype/Link/Rect[166.0 245.8 211.2 258.8]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 383 0]>>endobj
+430 0 obj<</Subtype/Link/Rect[166.0 232.6 213.1 245.6]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 215 0]>>endobj
+431 0 obj<</Subtype/Link/Rect[166.0 219.4 224.1 232.4]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 734 0]>>endobj
+432 0 obj<</Subtype/Link/Rect[166.0 206.2 222.8 219.2]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 605 0]>>endobj
+433 0 obj<</Subtype/Link/Rect[171.5 193.0 232.0 206.0]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 530 0]>>endobj
+434 0 obj<</Subtype/Link/Rect[121.8 179.8 232.7 192.8]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 734 0]>>endobj
+435 0 obj<</Subtype/Link/Rect[166.0 166.6 224.6 179.6]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 696 0]>>endobj
+436 0 obj<</Subtype/Link/Rect[166.0 153.4 233.5 166.4]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 463 0]>>endobj
+437 0 obj<</Subtype/Link/Rect[166.0 140.2 250.3 153.2]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 426 0]>>endobj
+438 0 obj<</Subtype/Link/Rect[85.1 127.0 138.6 140.0]/Border[0 0 0]/Dest[1647 0 R/XYZ 0 308 0]>>endobj
+439 0 obj<</Subtype/Link/Rect[121.8 113.8 172.2 126.8]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 734 0]>>endobj
+440 0 obj<</Subtype/Link/Rect[166.0 100.6 198.1 113.6]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 655 0]>>endobj
+441 0 obj<</Subtype/Link/Rect[166.0 87.4 213.7 100.4]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 408 0]>>endobj
+442 0 obj<</Subtype/Link/Rect[166.0 74.2 194.4 87.2]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 293 0]>>endobj
+443 0 obj<</Subtype/Link/Rect[166.0 61.0 296.5 74.0]/Border[0 0 0]/Dest[1653 0 R/XYZ 0 228 0]>>endobj
+444 0 obj[393 0 R
 394 0 R
 395 0 R
 396 0 R
@@ -827,43 +840,9 @@
 428 0 R
 429 0 R
 430 0 R
-431 0 R]endobj
-433 0 obj<</Subtype/Link/Rect[166.0 721.0 225.3 734.0]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 409 0]>>endobj
-434 0 obj<</Subtype/Link/Rect[166.0 707.8 209.4 720.8]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 189 0]>>endobj
-435 0 obj<</Subtype/Link/Rect[166.0 694.6 214.9 707.6]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 734 0]>>endobj
-436 0 obj<</Subtype/Link/Rect[171.5 681.4 216.7 694.4]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 645 0]>>endobj
-437 0 obj<</Subtype/Link/Rect[171.5 668.2 218.6 681.2]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 477 0]>>endobj
-438 0 obj<</Subtype/Link/Rect[171.5 655.0 244.8 668.0]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 349 0]>>endobj
-439 0 obj<</Subtype/Link/Rect[171.5 641.8 252.2 654.8]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 129 0]>>endobj
-440 0 obj<</Subtype/Link/Rect[171.5 628.6 229.6 641.6]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 639 0]>>endobj
-441 0 obj<</Subtype/Link/Rect[171.5 615.4 228.3 628.4]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 511 0]>>endobj
-442 0 obj<</Subtype/Link/Rect[171.5 602.2 232.0 615.2]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 436 0]>>endobj
-443 0 obj<</Subtype/Link/Rect[171.5 589.0 222.8 602.0]/Border[0 0 0]/Dest[1640 0 R/XYZ 0 388 0]>>endobj
-444 0 obj<</Subtype/Link/Rect[85.1 575.8 138.6 588.8]/Border[0 0 0]/Dest[1640 0 R/XYZ 0 170 0]>>endobj
-445 0 obj<</Subtype/Link/Rect[121.8 562.6 172.2 575.6]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 734 0]>>endobj
-446 0 obj<</Subtype/Link/Rect[166.0 549.4 198.1 562.4]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 655 0]>>endobj
-447 0 obj<</Subtype/Link/Rect[166.0 536.2 213.7 549.2]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 408 0]>>endobj
-448 0 obj<</Subtype/Link/Rect[166.0 523.0 194.4 536.0]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 293 0]>>endobj
-449 0 obj<</Subtype/Link/Rect[166.0 509.8 296.5 522.8]/Border[0 0 0]/Dest[1646 0 R/XYZ 0 228 0]>>endobj
-450 0 obj<</Subtype/Link/Rect[121.8 496.6 257.1 509.6]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 734 0]>>endobj
-451 0 obj<</Subtype/Link/Rect[166.0 483.4 252.2 496.4]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 668 0]>>endobj
-452 0 obj<</Subtype/Link/Rect[166.0 470.2 217.3 483.2]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 461 0]>>endobj
-453 0 obj<</Subtype/Link/Rect[166.0 457.0 281.8 470.0]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 151 0]>>endobj
-454 0 obj<</Subtype/Link/Rect[166.0 443.8 241.6 456.8]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 292 0]>>endobj
-455 0 obj<</Subtype/Link/Rect[166.0 430.6 301.9 443.6]/Border[0 0 0]/Dest[1654 0 R/XYZ 0 718 0]>>endobj
-456 0 obj<</Subtype/Link/Rect[121.8 417.4 193.2 430.4]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 734 0]>>endobj
-457 0 obj<</Subtype/Link/Rect[166.0 404.2 223.8 417.2]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 696 0]>>endobj
-458 0 obj<</Subtype/Link/Rect[166.0 391.0 224.7 404.0]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 423 0]>>endobj
-459 0 obj<</Subtype/Link/Rect[166.0 377.8 225.9 390.8]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 282 0]>>endobj
-460 0 obj<</Subtype/Link/Rect[166.0 364.6 234.4 377.6]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 613 0]>>endobj
-461 0 obj<</Subtype/Link/Rect[166.0 351.4 305.0 364.4]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 260 0]>>endobj
-462 0 obj<</Subtype/Link/Rect[166.0 338.2 203.6 351.2]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 159 0]>>endobj
-463 0 obj<</Subtype/Link/Rect[121.8 325.0 260.5 338.0]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 734 0]>>endobj
-464 0 obj<</Subtype/Link/Rect[166.0 311.8 223.8 324.8]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 696 0]>>endobj
-465 0 obj<</Subtype/Link/Rect[166.0 298.6 224.4 311.6]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 529 0]>>endobj
-466 0 obj<</Subtype/Link/Rect[166.0 285.4 191.4 298.4]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 199 0]>>endobj
-467 0 obj<</Subtype/Link/Rect[166.0 272.2 263.5 285.2]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 239 0]>>endobj
-468 0 obj[433 0 R
+431 0 R
+432 0 R
+433 0 R
 434 0 R
 435 0 R
 436 0 R
@@ -873,9 +852,26 @@
 440 0 R
 441 0 R
 442 0 R
-443 0 R
-444 0 R
-445 0 R
+443 0 R]endobj
+445 0 obj<</Subtype/Link/Rect[121.8 721.0 257.1 734.0]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 734 0]>>endobj
+446 0 obj<</Subtype/Link/Rect[166.0 707.8 252.2 720.8]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 668 0]>>endobj
+447 0 obj<</Subtype/Link/Rect[166.0 694.6 217.3 707.6]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 461 0]>>endobj
+448 0 obj<</Subtype/Link/Rect[166.0 681.4 281.8 694.4]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 151 0]>>endobj
+449 0 obj<</Subtype/Link/Rect[166.0 668.2 241.6 681.2]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 292 0]>>endobj
+450 0 obj<</Subtype/Link/Rect[166.0 655.0 301.9 668.0]/Border[0 0 0]/Dest[1661 0 R/XYZ 0 718 0]>>endobj
+451 0 obj<</Subtype/Link/Rect[121.8 641.8 193.2 654.8]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 734 0]>>endobj
+452 0 obj<</Subtype/Link/Rect[166.0 628.6 223.8 641.6]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 696 0]>>endobj
+453 0 obj<</Subtype/Link/Rect[166.0 615.4 224.7 628.4]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 423 0]>>endobj
+454 0 obj<</Subtype/Link/Rect[166.0 602.2 225.9 615.2]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 282 0]>>endobj
+455 0 obj<</Subtype/Link/Rect[166.0 589.0 234.4 602.0]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 613 0]>>endobj
+456 0 obj<</Subtype/Link/Rect[166.0 575.8 305.0 588.8]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 260 0]>>endobj
+457 0 obj<</Subtype/Link/Rect[166.0 562.6 203.6 575.6]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 159 0]>>endobj
+458 0 obj<</Subtype/Link/Rect[121.8 549.4 260.5 562.4]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 734 0]>>endobj
+459 0 obj<</Subtype/Link/Rect[166.0 536.2 223.8 549.2]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 696 0]>>endobj
+460 0 obj<</Subtype/Link/Rect[166.0 523.0 224.4 536.0]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 529 0]>>endobj
+461 0 obj<</Subtype/Link/Rect[166.0 509.8 191.4 522.8]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 199 0]>>endobj
+462 0 obj<</Subtype/Link/Rect[166.0 496.6 263.5 509.6]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 239 0]>>endobj
+463 0 obj[445 0 R
 446 0 R
 447 0 R
 448 0 R
@@ -892,57 +888,57 @@
 459 0 R
 460 0 R
 461 0 R
-462 0 R
-463 0 R
-464 0 R
+462 0 R]endobj
+464 0 obj<</Subtype/Link/Rect[80.2 631.0 223.9 644.0]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 734 0]>>endobj
+465 0 obj<</Subtype/Link/Rect[124.5 617.8 216.2 630.8]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 696 0]>>endobj
+466 0 obj<</Subtype/Link/Rect[124.5 604.6 221.4 617.6]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 568 0]>>endobj
+467 0 obj<</Subtype/Link/Rect[124.5 591.4 224.7 604.4]/Border[0 0 0]/Dest[1405 0 R/XYZ 0 163 0]>>endobj
+468 0 obj<</Subtype/Link/Rect[124.5 578.2 276.1 591.2]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 734 0]>>endobj
+469 0 obj<</Subtype/Link/Rect[124.5 565.0 279.1 578.0]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 385 0]>>endobj
+470 0 obj<</Subtype/Link/Rect[124.5 551.8 251.3 564.8]/Border[0 0 0]/Dest[1407 0 R/XYZ 0 257 0]>>endobj
+471 0 obj<</Subtype/Link/Rect[168.8 538.6 276.9 551.6]/Border[0 0 0]/Dest[1409 0 R/XYZ 0 734 0]>>endobj
+472 0 obj<</Subtype/Link/Rect[168.8 525.4 328.3 538.4]/Border[0 0 0]/Dest[1409 0 R/XYZ 0 247 0]>>endobj
+473 0 obj<</Subtype/Link/Rect[124.5 512.2 331.0 525.2]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 665 0]>>endobj
+474 0 obj<</Subtype/Link/Rect[124.5 499.0 280.3 512.0]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 498 0]>>endobj
+475 0 obj<</Subtype/Link/Rect[124.5 485.8 467.0 498.8]/Border[0 0 0]/Dest[1411 0 R/XYZ 0 330 0]>>endobj
+476 0 obj<</Subtype/Link/Rect[130.0 472.6 257.3 485.6]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 734 0]>>endobj
+477 0 obj<</Subtype/Link/Rect[174.2 459.4 273.2 472.4]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 553 0]>>endobj
+478 0 obj<</Subtype/Link/Rect[174.2 446.2 221.9 459.2]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 494 0]>>endobj
+479 0 obj<</Subtype/Link/Rect[174.2 433.0 303.2 446.0]/Border[0 0 0]/Dest[1413 0 R/XYZ 0 409 0]>>endobj
+480 0 obj<</Subtype/Link/Rect[174.2 419.8 331.6 432.8]/Border[0 0 0]/Dest[1415 0 R/XYZ 0 734 0]>>endobj
+481 0 obj<</Subtype/Link/Rect[174.2 406.6 212.4 419.6]/Border[0 0 0]/Dest[1415 0 R/XYZ 0 583 0]>>endobj
+482 0 obj<</Subtype/Link/Rect[174.2 393.4 269.0 406.4]/Border[0 0 0]/Dest[1415 0 R/XYZ 0 128 0]>>endobj
+483 0 obj<</Subtype/Link/Rect[80.2 380.2 374.5 393.2]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 734 0]>>endobj
+484 0 obj<</Subtype/Link/Rect[124.5 367.0 175.5 380.0]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 604 0]>>endobj
+485 0 obj<</Subtype/Link/Rect[124.5 353.8 312.1 366.8]/Border[0 0 0]/Dest[1419 0 R/XYZ 0 159 0]>>endobj
+486 0 obj<</Subtype/Link/Rect[124.5 340.6 324.7 353.6]/Border[0 0 0]/Dest[1421 0 R/XYZ 0 509 0]>>endobj
+487 0 obj<</Subtype/Link/Rect[124.5 327.4 184.1 340.4]/Border[0 0 0]/Dest[1421 0 R/XYZ 0 331 0]>>endobj
+488 0 obj<</Subtype/Link/Rect[124.5 314.2 422.7 327.2]/Border[0 0 0]/Dest[1423 0 R/XYZ 0 494 0]>>endobj
+489 0 obj<</Subtype/Link/Rect[124.5 301.0 232.4 314.0]/Border[0 0 0]/Dest[1423 0 R/XYZ 0 213 0]>>endobj
+490 0 obj<</Subtype/Link/Rect[80.2 287.8 201.6 300.8]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 734 0]>>endobj
+491 0 obj<</Subtype/Link/Rect[124.5 274.6 182.2 287.6]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 696 0]>>endobj
+492 0 obj<</Subtype/Link/Rect[124.5 261.4 266.9 274.4]/Border[0 0 0]/Dest[1427 0 R/XYZ 0 449 0]>>endobj
+493 0 obj<</Subtype/Link/Rect[168.8 248.2 309.9 261.2]/Border[0 0 0]/Dest[1429 0 R/XYZ 0 676 0]>>endobj
+494 0 obj<</Subtype/Link/Rect[168.8 235.0 353.4 248.0]/Border[0 0 0]/Dest[1429 0 R/XYZ 0 559 0]>>endobj
+495 0 obj<</Subtype/Link/Rect[124.5 221.8 244.6 234.8]/Border[0 0 0]/Dest[1429 0 R/XYZ 0 452 0]>>endobj
+496 0 obj<</Subtype/Link/Rect[124.5 208.6 169.7 221.6]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 639 0]>>endobj
+497 0 obj<</Subtype/Link/Rect[124.5 195.4 148.0 208.4]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 551 0]>>endobj
+498 0 obj<</Subtype/Link/Rect[124.5 182.2 154.8 195.2]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 475 0]>>endobj
+499 0 obj<</Subtype/Link/Rect[168.8 169.0 226.5 182.0]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 442 0]>>endobj
+500 0 obj<</Subtype/Link/Rect[168.8 155.8 226.5 168.8]/Border[0 0 0]/Dest[1431 0 R/XYZ 0 185 0]>>endobj
+501 0 obj<</Subtype/Link/Rect[168.8 142.6 282.7 155.6]/Border[0 0 0]/Dest[1433 0 R/XYZ 0 349 0]>>endobj
+502 0 obj<</Subtype/Link/Rect[168.8 129.4 421.1 142.4]/Border[0 0 0]/Dest[1433 0 R/XYZ 0 251 0]>>endobj
+503 0 obj<</Subtype/Link/Rect[168.8 116.2 309.9 129.2]/Border[0 0 0]/Dest[1435 0 R/XYZ 0 547 0]>>endobj
+504 0 obj<</Subtype/Link/Rect[168.8 103.0 325.8 116.0]/Border[0 0 0]/Dest[1439 0 R/XYZ 0 734 0]>>endobj
+505 0 obj<</Subtype/Link/Rect[168.8 89.8 294.3 102.8]/Border[0 0 0]/Dest[1439 0 R/XYZ 0 543 0]>>endobj
+506 0 obj<</Subtype/Link/Rect[168.8 76.6 369.5 89.6]/Border[0 0 0]/Dest[1439 0 R/XYZ 0 164 0]>>endobj
+507 0 obj<</Subtype/Link/Rect[168.8 63.4 363.1 76.4]/Border[0 0 0]/Dest[1441 0 R/XYZ 0 151 0]>>endobj
+508 0 obj[464 0 R
 465 0 R
 466 0 R
-467 0 R]endobj
-469 0 obj<</Subtype/Link/Rect[80.2 631.0 223.9 644.0]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 734 0]>>endobj
-470 0 obj<</Subtype/Link/Rect[124.5 617.8 216.2 630.8]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 696 0]>>endobj
-471 0 obj<</Subtype/Link/Rect[124.5 604.6 221.4 617.6]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 568 0]>>endobj
-472 0 obj<</Subtype/Link/Rect[124.5 591.4 224.7 604.4]/Border[0 0 0]/Dest[1400 0 R/XYZ 0 163 0]>>endobj
-473 0 obj<</Subtype/Link/Rect[124.5 578.2 276.1 591.2]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 734 0]>>endobj
-474 0 obj<</Subtype/Link/Rect[124.5 565.0 279.1 578.0]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 385 0]>>endobj
-475 0 obj<</Subtype/Link/Rect[124.5 551.8 251.3 564.8]/Border[0 0 0]/Dest[1402 0 R/XYZ 0 257 0]>>endobj
-476 0 obj<</Subtype/Link/Rect[168.8 538.6 276.9 551.6]/Border[0 0 0]/Dest[1404 0 R/XYZ 0 734 0]>>endobj
-477 0 obj<</Subtype/Link/Rect[168.8 525.4 328.2 538.4]/Border[0 0 0]/Dest[1404 0 R/XYZ 0 247 0]>>endobj
-478 0 obj<</Subtype/Link/Rect[124.5 512.2 331.0 525.2]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 665 0]>>endobj
-479 0 obj<</Subtype/Link/Rect[124.5 499.0 280.3 512.0]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 498 0]>>endobj
-480 0 obj<</Subtype/Link/Rect[124.5 485.8 467.0 498.8]/Border[0 0 0]/Dest[1406 0 R/XYZ 0 330 0]>>endobj
-481 0 obj<</Subtype/Link/Rect[130.0 472.6 257.3 485.6]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 734 0]>>endobj
-482 0 obj<</Subtype/Link/Rect[174.2 459.4 273.2 472.4]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 553 0]>>endobj
-483 0 obj<</Subtype/Link/Rect[174.2 446.2 221.9 459.2]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 494 0]>>endobj
-484 0 obj<</Subtype/Link/Rect[174.2 433.0 303.2 446.0]/Border[0 0 0]/Dest[1408 0 R/XYZ 0 409 0]>>endobj
-485 0 obj<</Subtype/Link/Rect[174.2 419.8 331.6 432.8]/Border[0 0 0]/Dest[1410 0 R/XYZ 0 734 0]>>endobj
-486 0 obj<</Subtype/Link/Rect[174.2 406.6 212.4 419.6]/Border[0 0 0]/Dest[1410 0 R/XYZ 0 583 0]>>endobj
-487 0 obj<</Subtype/Link/Rect[174.2 393.4 269.0 406.4]/Border[0 0 0]/Dest[1410 0 R/XYZ 0 128 0]>>endobj
-488 0 obj<</Subtype/Link/Rect[80.2 380.2 211.6 393.2]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 734 0]>>endobj
-489 0 obj<</Subtype/Link/Rect[124.5 367.0 224.4 380.0]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 696 0]>>endobj
-490 0 obj<</Subtype/Link/Rect[124.5 353.8 248.6 366.8]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 515 0]>>endobj
-491 0 obj<</Subtype/Link/Rect[124.5 340.6 212.5 353.6]/Border[0 0 0]/Dest[1414 0 R/XYZ 0 137 0]>>endobj
-492 0 obj<</Subtype/Link/Rect[124.5 327.4 236.6 340.4]/Border[0 0 0]/Dest[1416 0 R/XYZ 0 533 0]>>endobj
-493 0 obj<</Subtype/Link/Rect[168.8 314.2 349.3 327.2]/Border[0 0 0]/Dest[1416 0 R/XYZ 0 273 0]>>endobj
-494 0 obj<</Subtype/Link/Rect[124.5 301.0 238.5 314.0]/Border[0 0 0]/Dest[1422 0 R/XYZ 0 560 0]>>endobj
-495 0 obj<</Subtype/Link/Rect[124.5 287.8 307.2 300.8]/Border[0 0 0]/Dest[1424 0 R/XYZ 0 613 0]>>endobj
-496 0 obj<</Subtype/Link/Rect[124.5 274.6 281.6 287.6]/Border[0 0 0]/Dest[1426 0 R/XYZ 0 622 0]>>endobj
-497 0 obj<</Subtype/Link/Rect[124.5 261.4 267.5 274.4]/Border[0 0 0]/Dest[1426 0 R/XYZ 0 266 0]>>endobj
-498 0 obj<</Subtype/Link/Rect[124.5 248.2 277.0 261.2]/Border[0 0 0]/Dest[1428 0 R/XYZ 0 520 0]>>endobj
-499 0 obj<</Subtype/Link/Rect[130.0 235.0 274.2 248.0]/Border[0 0 0]/Dest[1430 0 R/XYZ 0 734 0]>>endobj
-500 0 obj<</Subtype/Link/Rect[130.0 221.8 216.2 234.8]/Border[0 0 0]/Dest[1430 0 R/XYZ 0 645 0]>>endobj
-501 0 obj<</Subtype/Link/Rect[80.2 208.6 119.0 221.6]/Border[0 0 0]/Dest[1432 0 R/XYZ 0 734 0]>>endobj
-502 0 obj<</Subtype/Link/Rect[124.5 195.4 209.7 208.4]/Border[0 0 0]/Dest[1432 0 R/XYZ 0 696 0]>>endobj
-503 0 obj<</Subtype/Link/Rect[80.2 182.2 374.5 195.2]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 734 0]>>endobj
-504 0 obj<</Subtype/Link/Rect[124.5 169.0 175.5 182.0]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 604 0]>>endobj
-505 0 obj<</Subtype/Link/Rect[124.5 155.8 312.1 168.8]/Border[0 0 0]/Dest[1434 0 R/XYZ 0 159 0]>>endobj
-506 0 obj<</Subtype/Link/Rect[124.5 142.6 324.7 155.6]/Border[0 0 0]/Dest[1436 0 R/XYZ 0 483 0]>>endobj
-507 0 obj<</Subtype/Link/Rect[124.5 129.4 184.1 142.4]/Border[0 0 0]/Dest[1436 0 R/XYZ 0 305 0]>>endobj
-508 0 obj<</Subtype/Link/Rect[124.5 116.2 422.7 129.2]/Border[0 0 0]/Dest[1438 0 R/XYZ 0 467 0]>>endobj
-509 0 obj<</Subtype/Link/Rect[124.5 103.0 232.4 116.0]/Border[0 0 0]/Dest[1438 0 R/XYZ 0 187 0]>>endobj
-510 0 obj<</Subtype/Link/Rect[80.2 89.8 297.5 102.8]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 734 0]>>endobj
-511 0 obj<</Subtype/Link/Rect[124.5 76.6 182.2 89.6]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 672 0]>>endobj
-512 0 obj<</Subtype/Link/Rect[124.5 63.4 266.9 76.4]/Border[0 0 0]/Dest[1442 0 R/XYZ 0 531 0]>>endobj
-513 0 obj[469 0 R
+467 0 R
+468 0 R
+469 0 R
 470 0 R
 471 0 R
 472 0 R
@@ -980,413 +976,384 @@
 504 0 R
 505 0 R
 506 0 R
-507 0 R
-508 0 R
-509 0 R
+507 0 R]endobj
+509 0 obj<</Subtype/Link/Rect[124.5 721.0 160.9 734.0]/Border[0 0 0]/Dest[1443 0 R/XYZ 0 322 0]>>endobj
+510 0 obj<</Subtype/Link/Rect[168.8 707.8 209.4 720.8]/Border[0 0 0]/Dest[1443 0 R/XYZ 0 289 0]>>endobj
+511 0 obj<</Subtype/Link/Rect[168.8 694.6 269.3 707.6]/Border[0 0 0]/Dest[1443 0 R/XYZ 0 191 0]>>endobj
+512 0 obj<</Subtype/Link/Rect[168.8 681.4 225.3 694.4]/Border[0 0 0]/Dest[1445 0 R/XYZ 0 734 0]>>endobj
+513 0 obj<</Subtype/Link/Rect[168.8 668.2 391.8 681.2]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 679 0]>>endobj
+514 0 obj<</Subtype/Link/Rect[168.8 655.0 350.3 668.0]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 528 0]>>endobj
+515 0 obj<</Subtype/Link/Rect[124.5 641.8 214.6 654.8]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 390 0]>>endobj
+516 0 obj<</Subtype/Link/Rect[168.8 628.6 209.4 641.6]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 357 0]>>endobj
+517 0 obj<</Subtype/Link/Rect[168.8 615.4 199.6 628.4]/Border[0 0 0]/Dest[1447 0 R/XYZ 0 272 0]>>endobj
+518 0 obj[509 0 R
 510 0 R
 511 0 R
-512 0 R]endobj
-514 0 obj<</Subtype/Link/Rect[168.8 721.0 309.9 734.0]/Border[0 0 0]/Dest[1444 0 R/XYZ 0 734 0]>>endobj
-515 0 obj<</Subtype/Link/Rect[168.8 707.8 353.4 720.8]/Border[0 0 0]/Dest[1444 0 R/XYZ 0 609 0]>>endobj
-516 0 obj<</Subtype/Link/Rect[124.5 694.6 244.6 707.6]/Border[0 0 0]/Dest[1444 0 R/XYZ 0 511 0]>>endobj
-517 0 obj[514 0 R
+512 0 R
+513 0 R
+514 0 R
 515 0 R
-516 0 R]endobj
-518 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
-519 0 obj<</Subtype/Link/Rect[367.1 584.2 468.3 597.2]/Border[0 0 0]/A 518 0 R>>endobj
-520 0 obj[519 0 R]endobj
-521 0 obj<</S/Launch/F(Diagnosis.html)>>endobj
-522 0 obj<</Subtype/Link/Rect[280.4 510.2 327.1 523.2]/Border[0 0 0]/A 521 0 R>>endobj
-523 0 obj[522 0 R]endobj
-524 0 obj<</Subtype/Link/Rect[80.2 631.0 364.4 644.0]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 734 0]>>endobj
-525 0 obj<</Subtype/Link/Rect[124.5 617.8 221.0 630.8]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 672 0]>>endobj
-526 0 obj<</Subtype/Link/Rect[124.5 604.6 181.0 617.6]/Border[0 0 0]/Dest[1452 0 R/XYZ 0 584 0]>>endobj
-527 0 obj<</Subtype/Link/Rect[124.5 591.4 317.3 604.4]/Border[0 0 0]/Dest[1454 0 R/XYZ 0 718 0]>>endobj
-528 0 obj<</Subtype/Link/Rect[124.5 578.2 431.3 591.2]/Border[0 0 0]/Dest[1456 0 R/XYZ 0 613 0]>>endobj
-529 0 obj<</Subtype/Link/Rect[168.8 565.0 369.2 578.0]/Border[0 0 0]/Dest[1456 0 R/XYZ 0 227 0]>>endobj
-530 0 obj<</Subtype/Link/Rect[168.8 551.8 400.6 564.8]/Border[0 0 0]/Dest[1458 0 R/XYZ 0 319 0]>>endobj
-531 0 obj<</Subtype/Link/Rect[168.8 538.6 316.0 551.6]/Border[0 0 0]/Dest[1460 0 R/XYZ 0 734 0]>>endobj
-532 0 obj<</Subtype/Link/Rect[124.5 525.4 263.2 538.4]/Border[0 0 0]/Dest[1460 0 R/XYZ 0 385 0]>>endobj
-533 0 obj<</Subtype/Link/Rect[124.5 512.2 252.8 525.2]/Border[0 0 0]/Dest[1462 0 R/XYZ 0 129 0]>>endobj
-534 0 obj<</Subtype/Link/Rect[124.5 499.0 244.9 512.0]/Border[0 0 0]/Dest[1464 0 R/XYZ 0 124 0]>>endobj
-535 0 obj<</Subtype/Link/Rect[124.5 485.8 290.4 498.8]/Border[0 0 0]/Dest[1470 0 R/XYZ 0 507 0]>>endobj
-536 0 obj<</Subtype/Link/Rect[168.8 472.6 368.0 485.6]/Border[0 0 0]/Dest[1472 0 R/XYZ 0 520 0]>>endobj
-537 0 obj<</Subtype/Link/Rect[168.8 459.4 444.1 472.4]/Border[0 0 0]/Dest[1474 0 R/XYZ 0 734 0]>>endobj
-538 0 obj<</Subtype/Link/Rect[124.5 446.2 423.7 459.2]/Border[0 0 0]/Dest[1482 0 R/XYZ 0 718 0]>>endobj
-539 0 obj<</Subtype/Link/Rect[80.2 433.0 449.4 446.0]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 734 0]>>endobj
-540 0 obj<</Subtype/Link/Rect[124.5 419.8 221.0 432.8]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 672 0]>>endobj
-541 0 obj<</Subtype/Link/Rect[124.5 406.6 181.0 419.6]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 597 0]>>endobj
-542 0 obj<</Subtype/Link/Rect[124.5 393.4 360.4 406.4]/Border[0 0 0]/Dest[1486 0 R/XYZ 0 225 0]>>endobj
-543 0 obj<</Subtype/Link/Rect[168.8 380.2 401.0 393.2]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 734 0]>>endobj
-544 0 obj<</Subtype/Link/Rect[168.8 367.0 287.0 380.0]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 609 0]>>endobj
-545 0 obj<</Subtype/Link/Rect[124.5 353.8 328.3 366.8]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 524 0]>>endobj
-546 0 obj<</Subtype/Link/Rect[124.5 340.6 268.1 353.6]/Border[0 0 0]/Dest[1488 0 R/XYZ 0 383 0]>>endobj
-547 0 obj<</Subtype/Link/Rect[168.8 327.4 345.7 340.4]/Border[0 0 0]/Dest[1490 0 R/XYZ 0 620 0]>>endobj
-548 0 obj<</Subtype/Link/Rect[80.2 314.2 230.6 327.2]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 734 0]>>endobj
-549 0 obj<</Subtype/Link/Rect[124.5 301.0 320.7 314.0]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 524 0]>>endobj
-550 0 obj<</Subtype/Link/Rect[124.5 287.8 321.9 300.8]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 417 0]>>endobj
-551 0 obj<</Subtype/Link/Rect[124.5 274.6 197.2 287.6]/Border[0 0 0]/Dest[1492 0 R/XYZ 0 241 0]>>endobj
-552 0 obj<</Subtype/Link/Rect[124.5 261.4 238.2 274.4]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 556 0]>>endobj
-553 0 obj<</Subtype/Link/Rect[124.5 248.2 255.3 261.2]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 240 0]>>endobj
-554 0 obj<</Subtype/Link/Rect[168.8 235.0 239.0 248.0]/Border[0 0 0]/Dest[1494 0 R/XYZ 0 151 0]>>endobj
-555 0 obj<</Subtype/Link/Rect[124.5 221.8 224.7 234.8]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 692 0]>>endobj
-556 0 obj<</Subtype/Link/Rect[124.5 208.6 226.3 221.6]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 603 0]>>endobj
-557 0 obj<</Subtype/Link/Rect[124.5 195.4 152.3 208.4]/Border[0 0 0]/Dest[1496 0 R/XYZ 0 528 0]>>endobj
-558 0 obj<</Subtype/Link/Rect[80.2 182.2 229.4 195.2]/Border[0 0 0]/Dest[1498 0 R/XYZ 0 734 0]>>endobj
-559 0 obj<</Subtype/Link/Rect[124.5 169.0 299.3 182.0]/Border[0 0 0]/Dest[1498 0 R/XYZ 0 696 0]>>endobj
-560 0 obj<</Subtype/Link/Rect[124.5 155.8 286.8 168.8]/Border[0 0 0]/Dest[1500 0 R/XYZ 0 362 0]>>endobj
-561 0 obj<</Subtype/Link/Rect[124.5 142.6 309.7 155.6]/Border[0 0 0]/Dest[1500 0 R/XYZ 0 155 0]>>endobj
-562 0 obj[524 0 R
-525 0 R
-526 0 R
-527 0 R
+516 0 R
+517 0 R]endobj
+519 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+520 0 obj<</Subtype/Link/Rect[367.1 584.2 468.3 597.2]/Border[0 0 0]/A 519 0 R>>endobj
+521 0 obj[520 0 R]endobj
+522 0 obj<</S/Launch/F(Diagnosis.html)>>endobj
+523 0 obj<</Subtype/Link/Rect[280.4 510.2 327.1 523.2]/Border[0 0 0]/A 522 0 R>>endobj
+524 0 obj[523 0 R]endobj
+525 0 obj<</S/URI/URI(http://www.openldap.org/)>>endobj
+526 0 obj<</Subtype/Link/Rect[169.5 333.4 285.9 346.4]/Border[0 0 0]/A 525 0 R>>endobj
+527 0 obj<</S/URI/URI(http://iplanet.netscape.com/directory)>>endobj
+528 0 obj<</Subtype/Link/Rect[223.9 320.2 387.9 333.2]/Border[0 0 0]/A 527 0 R>>endobj
+529 0 obj<</S/URI/URI(http://www.ora.com/)>>endobj
+530 0 obj<</Subtype/Link/Rect[112.6 293.8 202.0 306.8]/Border[0 0 0]/A 529 0 R>>endobj
+531 0 obj<</S/URI/URI(http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html)>>endobj
+532 0 obj<</Subtype/Link/Rect[125.1 227.8 267.5 240.8]/Border[0 0 0]/A 531 0 R>>endobj
+533 0 obj<</S/URI/URI(http://samba.idealx.org/)>>endobj
+534 0 obj<</Subtype/Link/Rect[243.7 214.6 287.3 227.6]/Border[0 0 0]/A 533 0 R>>endobj
+535 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+536 0 obj<</Subtype/Link/Rect[212.8 143.0 332.5 156.0]/Border[0 0 0]/A 535 0 R>>endobj
+537 0 obj[526 0 R
 528 0 R
-529 0 R
 530 0 R
-531 0 R
 532 0 R
-533 0 R
 534 0 R
-535 0 R
-536 0 R
-537 0 R
-538 0 R
-539 0 R
-540 0 R
+536 0 R]endobj
+538 0 obj<</S/URI/URI(http://www.padl.com/)>>endobj
+539 0 obj<</Subtype/Link/Rect[284.3 377.8 380.9 390.8]/Border[0 0 0]/A 538 0 R>>endobj
+540 0 obj<</S/Launch/F(samba-patches@samba.org)>>endobj
+541 0 obj<</Subtype/Link/Rect[332.3 266.6 458.0 279.6]/Border[0 0 0]/A 540 0 R>>endobj
+542 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
+543 0 obj<</Subtype/Link/Rect[476.6 266.6 555.8 279.6]/Border[0 0 0]/A 542 0 R>>endobj
+544 0 obj[539 0 R
 541 0 R
-542 0 R
-543 0 R
-544 0 R
-545 0 R
-546 0 R
-547 0 R
-548 0 R
-549 0 R
-550 0 R
+543 0 R]endobj
+545 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
+546 0 obj<</Subtype/Link/Rect[271.2 721.0 350.4 734.0]/Border[0 0 0]/A 545 0 R>>endobj
+547 0 obj[546 0 R]endobj
+548 0 obj<</S/Launch/F(#LDAPSSL)>>endobj
+549 0 obj<</Subtype/Link/Rect[108.0 553.4 141.3 566.4]/Border[0 0 0]/A 548 0 R>>endobj
+550 0 obj<</S/Launch/F(#LDAPSERVER)>>endobj
+551 0 obj<</Subtype/Link/Rect[108.0 540.2 156.6 553.2]/Border[0 0 0]/A 550 0 R>>endobj
+552 0 obj<</S/Launch/F(#LDAPADMINDN)>>endobj
+553 0 obj<</Subtype/Link/Rect[108.0 527.0 170.9 540.0]/Border[0 0 0]/A 552 0 R>>endobj
+554 0 obj<</S/Launch/F(#LDAPSUFFIX)>>endobj
+555 0 obj<</Subtype/Link/Rect[108.0 513.8 155.4 526.8]/Border[0 0 0]/A 554 0 R>>endobj
+556 0 obj<</S/Launch/F(#LDAPFILTER)>>endobj
+557 0 obj<</Subtype/Link/Rect[108.0 500.6 151.1 513.6]/Border[0 0 0]/A 556 0 R>>endobj
+558 0 obj<</S/Launch/F(#LDAPPORT)>>endobj
+559 0 obj<</Subtype/Link/Rect[108.0 487.4 147.4 500.4]/Border[0 0 0]/A 558 0 R>>endobj
+560 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+561 0 obj<</Subtype/Link/Rect[186.9 461.0 243.1 474.0]/Border[0 0 0]/A 560 0 R>>endobj
+562 0 obj[549 0 R
 551 0 R
-552 0 R
 553 0 R
-554 0 R
 555 0 R
-556 0 R
 557 0 R
-558 0 R
 559 0 R
-560 0 R
 561 0 R]endobj
-563 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-564 0 obj<</Subtype/Link/Rect[153.2 599.8 225.8 612.8]/Border[0 0 0]/A 563 0 R>>endobj
-565 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-566 0 obj<</Subtype/Link/Rect[303.1 599.8 389.9 612.8]/Border[0 0 0]/A 565 0 R>>endobj
-567 0 obj<</S/Launch/F(UNIX_INSTALL.html)>>endobj
-568 0 obj<</Subtype/Link/Rect[333.5 442.5 438.0 455.5]/Border[0 0 0]/A 567 0 R>>endobj
-569 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-570 0 obj<</Subtype/Link/Rect[440.4 429.3 541.8 442.3]/Border[0 0 0]/A 569 0 R>>endobj
-571 0 obj[564 0 R
-566 0 R
-568 0 R
-570 0 R]endobj
-572 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-573 0 obj<</Subtype/Link/Rect[465.5 659.0 546.8 672.0]/Border[0 0 0]/A 572 0 R>>endobj
-574 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-575 0 obj<</Subtype/Link/Rect[72.0 645.8 92.8 658.8]/Border[0 0 0]/A 574 0 R>>endobj
-576 0 obj<</S/Launch/F(#NETBIOSNAME)>>endobj
-577 0 obj<</Subtype/Link/Rect[93.6 573.4 158.4 584.4]/Border[0 0 0]/A 576 0 R>>endobj
-578 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
-579 0 obj<</Subtype/Link/Rect[93.6 562.6 142.2 573.6]/Border[0 0 0]/A 578 0 R>>endobj
-580 0 obj<</S/Launch/F(#OSLEVEL)>>endobj
-581 0 obj<</Subtype/Link/Rect[93.6 530.2 136.8 541.2]/Border[0 0 0]/A 580 0 R>>endobj
-582 0 obj<</S/Launch/F(#PERFERREDMASTER)>>endobj
-583 0 obj<</Subtype/Link/Rect[93.6 519.4 180.0 530.4]/Border[0 0 0]/A 582 0 R>>endobj
-584 0 obj<</S/Launch/F(#DOMAINMASTER)>>endobj
-585 0 obj<</Subtype/Link/Rect[93.6 508.6 163.8 519.6]/Border[0 0 0]/A 584 0 R>>endobj
-586 0 obj<</S/Launch/F(#LOCALMASTER)>>endobj
-587 0 obj<</Subtype/Link/Rect[93.6 497.8 158.4 508.8]/Border[0 0 0]/A 586 0 R>>endobj
-588 0 obj<</S/Launch/F(#SECURITYEQUALSUSER)>>endobj
-589 0 obj<</Subtype/Link/Rect[93.6 465.4 136.8 476.4]/Border[0 0 0]/A 588 0 R>>endobj
-590 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-591 0 obj<</Subtype/Link/Rect[93.6 433.0 185.4 444.0]/Border[0 0 0]/A 590 0 R>>endobj
-592 0 obj<</S/Launch/F(#DOMAINLOGONS)>>endobj
-593 0 obj<</Subtype/Link/Rect[93.6 400.6 163.8 411.6]/Border[0 0 0]/A 592 0 R>>endobj
-594 0 obj<</S/Launch/F(#LOGONPATH)>>endobj
-595 0 obj<</Subtype/Link/Rect[93.6 368.2 147.6 379.2]/Border[0 0 0]/A 594 0 R>>endobj
-596 0 obj<</S/Launch/F(#LOGONDRIVE)>>endobj
-597 0 obj<</Subtype/Link/Rect[93.6 325.0 153.0 336.0]/Border[0 0 0]/A 596 0 R>>endobj
-598 0 obj<</S/Launch/F(#LOGONHOME)>>endobj
-599 0 obj<</Subtype/Link/Rect[93.6 314.2 147.6 325.2]/Border[0 0 0]/A 598 0 R>>endobj
-600 0 obj<</S/Launch/F(#LOGONSCRIPT)>>endobj
-601 0 obj<</Subtype/Link/Rect[93.6 271.0 158.4 282.0]/Border[0 0 0]/A 600 0 R>>endobj
-602 0 obj<</S/Launch/F(#PATH)>>endobj
-603 0 obj<</Subtype/Link/Rect[93.6 227.8 115.2 238.8]/Border[0 0 0]/A 602 0 R>>endobj
-604 0 obj<</S/Launch/F(#READONLY)>>endobj
-605 0 obj<</Subtype/Link/Rect[93.6 217.0 142.2 228.0]/Border[0 0 0]/A 604 0 R>>endobj
-606 0 obj<</S/Launch/F(#WRITELIST)>>endobj
-607 0 obj<</Subtype/Link/Rect[93.6 206.2 147.6 217.2]/Border[0 0 0]/A 606 0 R>>endobj
-608 0 obj<</S/Launch/F(#PATH)>>endobj
-609 0 obj<</Subtype/Link/Rect[93.6 163.0 115.2 174.0]/Border[0 0 0]/A 608 0 R>>endobj
-610 0 obj<</S/Launch/F(#READONLY)>>endobj
-611 0 obj<</Subtype/Link/Rect[93.6 152.2 142.2 163.2]/Border[0 0 0]/A 610 0 R>>endobj
-612 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
-613 0 obj<</Subtype/Link/Rect[93.6 141.4 153.0 152.4]/Border[0 0 0]/A 612 0 R>>endobj
-614 0 obj<</S/Launch/F(#DIRECTORYMASK)>>endobj
-615 0 obj<</Subtype/Link/Rect[93.6 130.6 169.2 141.6]/Border[0 0 0]/A 614 0 R>>endobj
-616 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-617 0 obj<</Subtype/Link/Rect[108.0 65.0 200.6 78.0]/Border[0 0 0]/A 616 0 R>>endobj
-618 0 obj[573 0 R
+563 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+564 0 obj<</Subtype/Link/Rect[72.0 395.0 176.8 408.0]/Border[0 0 0]/A 563 0 R>>endobj
+565 0 obj[564 0 R]endobj
+566 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
+567 0 obj<</Subtype/Link/Rect[72.0 351.4 176.7 364.4]/Border[0 0 0]/A 566 0 R>>endobj
+568 0 obj[567 0 R]endobj
+569 0 obj<</Subtype/Link/Rect[80.2 631.0 342.7 644.0]/Border[0 0 0]/Dest[1453 0 R/XYZ 0 734 0]>>endobj
+570 0 obj<</Subtype/Link/Rect[80.2 617.8 325.6 630.8]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 734 0]>>endobj
+571 0 obj<</Subtype/Link/Rect[124.5 604.6 221.0 617.6]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 672 0]>>endobj
+572 0 obj<</Subtype/Link/Rect[124.5 591.4 181.0 604.4]/Border[0 0 0]/Dest[1457 0 R/XYZ 0 584 0]>>endobj
+573 0 obj<</Subtype/Link/Rect[124.5 578.2 317.3 591.2]/Border[0 0 0]/Dest[1459 0 R/XYZ 0 718 0]>>endobj
+574 0 obj<</Subtype/Link/Rect[124.5 565.0 431.3 578.0]/Border[0 0 0]/Dest[1461 0 R/XYZ 0 613 0]>>endobj
+575 0 obj<</Subtype/Link/Rect[168.8 551.8 369.2 564.8]/Border[0 0 0]/Dest[1461 0 R/XYZ 0 227 0]>>endobj
+576 0 obj<</Subtype/Link/Rect[168.8 538.6 400.6 551.6]/Border[0 0 0]/Dest[1463 0 R/XYZ 0 315 0]>>endobj
+577 0 obj<</Subtype/Link/Rect[168.8 525.4 316.0 538.4]/Border[0 0 0]/Dest[1465 0 R/XYZ 0 734 0]>>endobj
+578 0 obj<</Subtype/Link/Rect[124.5 512.2 263.2 525.2]/Border[0 0 0]/Dest[1465 0 R/XYZ 0 385 0]>>endobj
+579 0 obj<</Subtype/Link/Rect[124.5 499.0 252.8 512.0]/Border[0 0 0]/Dest[1467 0 R/XYZ 0 129 0]>>endobj
+580 0 obj<</Subtype/Link/Rect[124.5 485.8 244.9 498.8]/Border[0 0 0]/Dest[1469 0 R/XYZ 0 124 0]>>endobj
+581 0 obj<</Subtype/Link/Rect[124.5 472.6 290.4 485.6]/Border[0 0 0]/Dest[1475 0 R/XYZ 0 507 0]>>endobj
+582 0 obj<</Subtype/Link/Rect[168.8 459.4 368.0 472.4]/Border[0 0 0]/Dest[1477 0 R/XYZ 0 520 0]>>endobj
+583 0 obj<</Subtype/Link/Rect[168.8 446.2 444.1 459.2]/Border[0 0 0]/Dest[1479 0 R/XYZ 0 734 0]>>endobj
+584 0 obj<</Subtype/Link/Rect[124.5 433.0 423.7 446.0]/Border[0 0 0]/Dest[1487 0 R/XYZ 0 734 0]>>endobj
+585 0 obj<</Subtype/Link/Rect[80.2 419.8 449.4 432.8]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 734 0]>>endobj
+586 0 obj<</Subtype/Link/Rect[124.5 406.6 221.0 419.6]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 672 0]>>endobj
+587 0 obj<</Subtype/Link/Rect[124.5 393.4 181.0 406.4]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 597 0]>>endobj
+588 0 obj<</Subtype/Link/Rect[124.5 380.2 360.4 393.2]/Border[0 0 0]/Dest[1491 0 R/XYZ 0 225 0]>>endobj
+589 0 obj<</Subtype/Link/Rect[168.8 367.0 401.0 380.0]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 734 0]>>endobj
+590 0 obj<</Subtype/Link/Rect[168.8 353.8 287.0 366.8]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 609 0]>>endobj
+591 0 obj<</Subtype/Link/Rect[124.5 340.6 394.3 353.6]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 524 0]>>endobj
+592 0 obj<</Subtype/Link/Rect[124.5 327.4 268.1 340.4]/Border[0 0 0]/Dest[1493 0 R/XYZ 0 323 0]>>endobj
+593 0 obj<</Subtype/Link/Rect[168.8 314.2 345.7 327.2]/Border[0 0 0]/Dest[1495 0 R/XYZ 0 541 0]>>endobj
+594 0 obj<</Subtype/Link/Rect[168.8 301.0 300.5 314.0]/Border[0 0 0]/Dest[1495 0 R/XYZ 0 390 0]>>endobj
+595 0 obj<</Subtype/Link/Rect[80.2 287.8 230.6 300.8]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 734 0]>>endobj
+596 0 obj<</Subtype/Link/Rect[124.5 274.6 320.7 287.6]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 551 0]>>endobj
+597 0 obj<</Subtype/Link/Rect[124.5 261.4 321.9 274.4]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 444 0]>>endobj
+598 0 obj<</Subtype/Link/Rect[124.5 248.2 197.2 261.2]/Border[0 0 0]/Dest[1497 0 R/XYZ 0 267 0]>>endobj
+599 0 obj<</Subtype/Link/Rect[124.5 235.0 238.2 248.0]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 580 0]>>endobj
+600 0 obj<</Subtype/Link/Rect[124.5 221.8 255.3 234.8]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 264 0]>>endobj
+601 0 obj<</Subtype/Link/Rect[168.8 208.6 239.0 221.6]/Border[0 0 0]/Dest[1499 0 R/XYZ 0 202 0]>>endobj
+602 0 obj<</Subtype/Link/Rect[124.5 195.4 224.7 208.4]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 734 0]>>endobj
+603 0 obj<</Subtype/Link/Rect[124.5 182.2 226.3 195.2]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 645 0]>>endobj
+604 0 obj<</Subtype/Link/Rect[124.5 169.0 152.3 182.0]/Border[0 0 0]/Dest[1501 0 R/XYZ 0 570 0]>>endobj
+605 0 obj<</Subtype/Link/Rect[80.2 155.8 272.7 168.8]/Border[0 0 0]/Dest[1503 0 R/XYZ 0 734 0]>>endobj
+606 0 obj<</Subtype/Link/Rect[124.5 142.6 299.3 155.6]/Border[0 0 0]/Dest[1503 0 R/XYZ 0 672 0]>>endobj
+607 0 obj<</Subtype/Link/Rect[124.5 129.4 286.8 142.4]/Border[0 0 0]/Dest[1505 0 R/XYZ 0 494 0]>>endobj
+608 0 obj<</Subtype/Link/Rect[124.5 116.2 309.7 129.2]/Border[0 0 0]/Dest[1505 0 R/XYZ 0 405 0]>>endobj
+609 0 obj[569 0 R
+570 0 R
+571 0 R
+572 0 R
+573 0 R
+574 0 R
 575 0 R
+576 0 R
 577 0 R
+578 0 R
 579 0 R
+580 0 R
 581 0 R
+582 0 R
 583 0 R
+584 0 R
 585 0 R
+586 0 R
 587 0 R
+588 0 R
 589 0 R
+590 0 R
 591 0 R
+592 0 R
 593 0 R
+594 0 R
 595 0 R
+596 0 R
 597 0 R
+598 0 R
 599 0 R
+600 0 R
 601 0 R
+602 0 R
 603 0 R
+604 0 R
 605 0 R
+606 0 R
 607 0 R
-609 0 R
-611 0 R
+608 0 R]endobj
+610 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+611 0 obj<</Subtype/Link/Rect[153.2 599.8 225.8 612.8]/Border[0 0 0]/A 610 0 R>>endobj
+612 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+613 0 obj<</Subtype/Link/Rect[303.1 599.8 389.9 612.8]/Border[0 0 0]/A 612 0 R>>endobj
+614 0 obj<</S/Launch/F(UNIX_INSTALL.html)>>endobj
+615 0 obj<</Subtype/Link/Rect[333.5 442.5 438.0 455.5]/Border[0 0 0]/A 614 0 R>>endobj
+616 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+617 0 obj<</Subtype/Link/Rect[440.4 429.3 541.8 442.3]/Border[0 0 0]/A 616 0 R>>endobj
+618 0 obj[611 0 R
 613 0 R
 615 0 R
 617 0 R]endobj
-619 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
-620 0 obj<</Subtype/Link/Rect[494.2 641.8 530.0 654.8]/Border[0 0 0]/A 619 0 R>>endobj
-621 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
-622 0 obj<</Subtype/Link/Rect[72.0 628.6 127.9 641.6]/Border[0 0 0]/A 621 0 R>>endobj
-623 0 obj[620 0 R
-622 0 R]endobj
-624 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
-625 0 obj<</Subtype/Link/Rect[72.0 512.2 138.6 525.2]/Border[0 0 0]/A 624 0 R>>endobj
-626 0 obj<</S/Launch/F(#ADDUSERSCRIPT)>>endobj
-627 0 obj<</Subtype/Link/Rect[420.0 223.7 486.9 236.7]/Border[0 0 0]/A 626 0 R>>endobj
-628 0 obj[625 0 R
-627 0 R]endobj
-629 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj
-630 0 obj<</Subtype/Link/Rect[139.8 721.0 387.6 734.0]/Border[0 0 0]/A 629 0 R>>endobj
-631 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj
-632 0 obj<</Subtype/Link/Rect[285.2 179.8 540.0 192.8]/Border[0 0 0]/A 631 0 R>>endobj
-633 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj
-634 0 obj<</Subtype/Link/Rect[230.8 140.2 505.8 153.2]/Border[0 0 0]/A 633 0 R>>endobj
-635 0 obj[630 0 R
+619 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+620 0 obj<</Subtype/Link/Rect[465.5 659.0 546.8 672.0]/Border[0 0 0]/A 619 0 R>>endobj
+621 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+622 0 obj<</Subtype/Link/Rect[72.0 645.8 92.8 658.8]/Border[0 0 0]/A 621 0 R>>endobj
+623 0 obj<</S/Launch/F(#NETBIOSNAME)>>endobj
+624 0 obj<</Subtype/Link/Rect[93.6 573.4 158.4 584.4]/Border[0 0 0]/A 623 0 R>>endobj
+625 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
+626 0 obj<</Subtype/Link/Rect[93.6 562.6 142.2 573.6]/Border[0 0 0]/A 625 0 R>>endobj
+627 0 obj<</S/Launch/F(#OSLEVEL)>>endobj
+628 0 obj<</Subtype/Link/Rect[93.6 530.2 136.8 541.2]/Border[0 0 0]/A 627 0 R>>endobj
+629 0 obj<</S/Launch/F(#PERFERREDMASTER)>>endobj
+630 0 obj<</Subtype/Link/Rect[93.6 519.4 180.0 530.4]/Border[0 0 0]/A 629 0 R>>endobj
+631 0 obj<</S/Launch/F(#DOMAINMASTER)>>endobj
+632 0 obj<</Subtype/Link/Rect[93.6 508.6 163.8 519.6]/Border[0 0 0]/A 631 0 R>>endobj
+633 0 obj<</S/Launch/F(#LOCALMASTER)>>endobj
+634 0 obj<</Subtype/Link/Rect[93.6 497.8 158.4 508.8]/Border[0 0 0]/A 633 0 R>>endobj
+635 0 obj<</S/Launch/F(#SECURITYEQUALSUSER)>>endobj
+636 0 obj<</Subtype/Link/Rect[93.6 465.4 136.8 476.4]/Border[0 0 0]/A 635 0 R>>endobj
+637 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+638 0 obj<</Subtype/Link/Rect[93.6 433.0 185.4 444.0]/Border[0 0 0]/A 637 0 R>>endobj
+639 0 obj<</S/Launch/F(#DOMAINLOGONS)>>endobj
+640 0 obj<</Subtype/Link/Rect[93.6 400.6 163.8 411.6]/Border[0 0 0]/A 639 0 R>>endobj
+641 0 obj<</S/Launch/F(#LOGONPATH)>>endobj
+642 0 obj<</Subtype/Link/Rect[93.6 368.2 147.6 379.2]/Border[0 0 0]/A 641 0 R>>endobj
+643 0 obj<</S/Launch/F(#LOGONDRIVE)>>endobj
+644 0 obj<</Subtype/Link/Rect[93.6 325.0 153.0 336.0]/Border[0 0 0]/A 643 0 R>>endobj
+645 0 obj<</S/Launch/F(#LOGONHOME)>>endobj
+646 0 obj<</Subtype/Link/Rect[93.6 314.2 147.6 325.2]/Border[0 0 0]/A 645 0 R>>endobj
+647 0 obj<</S/Launch/F(#LOGONSCRIPT)>>endobj
+648 0 obj<</Subtype/Link/Rect[93.6 271.0 158.4 282.0]/Border[0 0 0]/A 647 0 R>>endobj
+649 0 obj<</S/Launch/F(#PATH)>>endobj
+650 0 obj<</Subtype/Link/Rect[93.6 227.8 115.2 238.8]/Border[0 0 0]/A 649 0 R>>endobj
+651 0 obj<</S/Launch/F(#READONLY)>>endobj
+652 0 obj<</Subtype/Link/Rect[93.6 217.0 142.2 228.0]/Border[0 0 0]/A 651 0 R>>endobj
+653 0 obj<</S/Launch/F(#WRITELIST)>>endobj
+654 0 obj<</Subtype/Link/Rect[93.6 206.2 147.6 217.2]/Border[0 0 0]/A 653 0 R>>endobj
+655 0 obj<</S/Launch/F(#PATH)>>endobj
+656 0 obj<</Subtype/Link/Rect[93.6 163.0 115.2 174.0]/Border[0 0 0]/A 655 0 R>>endobj
+657 0 obj<</S/Launch/F(#READONLY)>>endobj
+658 0 obj<</Subtype/Link/Rect[93.6 152.2 142.2 163.2]/Border[0 0 0]/A 657 0 R>>endobj
+659 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
+660 0 obj<</Subtype/Link/Rect[93.6 141.4 153.0 152.4]/Border[0 0 0]/A 659 0 R>>endobj
+661 0 obj<</S/Launch/F(#DIRECTORYMASK)>>endobj
+662 0 obj<</Subtype/Link/Rect[93.6 130.6 169.2 141.6]/Border[0 0 0]/A 661 0 R>>endobj
+663 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+664 0 obj<</Subtype/Link/Rect[108.0 65.0 200.6 78.0]/Border[0 0 0]/A 663 0 R>>endobj
+665 0 obj[620 0 R
+622 0 R
+624 0 R
+626 0 R
+628 0 R
+630 0 R
 632 0 R
-634 0 R]endobj
-636 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj
-637 0 obj<</Subtype/Link/Rect[349.4 417.4 455.4 430.4]/Border[0 0 0]/A 636 0 R>>endobj
-638 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj
-639 0 obj<</Subtype/Link/Rect[424.5 404.2 536.6 417.2]/Border[0 0 0]/A 638 0 R>>endobj
-640 0 obj[637 0 R
-639 0 R]endobj
-641 0 obj<</S/URI/URI(http://samba.org)>>endobj
-642 0 obj<</Subtype/Link/Rect[233.5 549.4 308.1 562.4]/Border[0 0 0]/A 641 0 R>>endobj
-643 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj
-644 0 obj<</Subtype/Link/Rect[144.0 496.6 346.1 509.6]/Border[0 0 0]/A 643 0 R>>endobj
-645 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj
-646 0 obj<</Subtype/Link/Rect[179.7 470.2 342.3 483.2]/Border[0 0 0]/A 645 0 R>>endobj
-647 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj
-648 0 obj<</Subtype/Link/Rect[282.1 457.0 378.7 470.0]/Border[0 0 0]/A 647 0 R>>endobj
-649 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj
-650 0 obj<</Subtype/Link/Rect[241.5 443.8 408.5 456.8]/Border[0 0 0]/A 649 0 R>>endobj
-651 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj
-652 0 obj<</Subtype/Link/Rect[277.5 430.6 469.1 443.6]/Border[0 0 0]/A 651 0 R>>endobj
-653 0 obj<</S/URI/URI(http://samba.org)>>endobj
-654 0 obj<</Subtype/Link/Rect[358.2 377.8 432.8 390.8]/Border[0 0 0]/A 653 0 R>>endobj
-655 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj
-656 0 obj<</Subtype/Link/Rect[298.4 338.2 422.8 351.2]/Border[0 0 0]/A 655 0 R>>endobj
-657 0 obj[642 0 R
+634 0 R
+636 0 R
+638 0 R
+640 0 R
+642 0 R
 644 0 R
 646 0 R
 648 0 R
 650 0 R
 652 0 R
 654 0 R
-656 0 R]endobj
-658 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj
-659 0 obj<</Subtype/Link/Rect[132.8 575.8 227.8 588.8]/Border[0 0 0]/A 658 0 R>>endobj
-660 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj
-661 0 obj<</Subtype/Link/Rect[306.3 562.6 328.0 575.6]/Border[0 0 0]/A 660 0 R>>endobj
-662 0 obj[659 0 R
-661 0 R]endobj
-663 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
-664 0 obj<</Subtype/Link/Rect[210.4 613.0 317.8 626.0]/Border[0 0 0]/A 663 0 R>>endobj
-665 0 obj[664 0 R]endobj
-666 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
-667 0 obj<</Subtype/Link/Rect[218.7 452.2 284.9 465.2]/Border[0 0 0]/A 666 0 R>>endobj
-668 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-669 0 obj<</Subtype/Link/Rect[350.3 135.4 422.9 148.4]/Border[0 0 0]/A 668 0 R>>endobj
-670 0 obj<</S/Launch/F(#SECURITY)>>endobj
-671 0 obj<</Subtype/Link/Rect[169.1 95.8 235.1 108.8]/Border[0 0 0]/A 670 0 R>>endobj
-672 0 obj[667 0 R
-669 0 R
-671 0 R]endobj
-673 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
-674 0 obj<</Subtype/Link/Rect[146.2 721.0 225.4 734.0]/Border[0 0 0]/A 673 0 R>>endobj
-675 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-676 0 obj<</Subtype/Link/Rect[224.7 641.8 336.9 654.8]/Border[0 0 0]/A 675 0 R>>endobj
-677 0 obj<</S/Launch/F(#PASSWORDSERVER)>>endobj
-678 0 obj<</Subtype/Link/Rect[188.7 602.2 300.9 615.2]/Border[0 0 0]/A 677 0 R>>endobj
-679 0 obj<</S/Launch/F(#SECURITYEQUALSSERVER)>>endobj
-680 0 obj<</Subtype/Link/Rect[275.2 69.0 351.3 82.0]/Border[0 0 0]/A 679 0 R>>endobj
-681 0 obj[674 0 R
-676 0 R
-678 0 R
-680 0 R]endobj
-682 0 obj<</S/Launch/F(winbind.html)>>endobj
-683 0 obj<</Subtype/Link/Rect[151.1 681.4 219.5 694.4]/Border[0 0 0]/A 682 0 R>>endobj
-684 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj
-685 0 obj<</Subtype/Link/Rect[438.0 364.6 495.1 377.6]/Border[0 0 0]/A 684 0 R>>endobj
-686 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj
-687 0 obj<</Subtype/Link/Rect[72.0 351.4 186.6 364.4]/Border[0 0 0]/A 686 0 R>>endobj
-688 0 obj[683 0 R
-685 0 R
-687 0 R]endobj
-689 0 obj<</Subtype/Link/Rect[85.8 631.0 295.4 644.0]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 734 0]>>endobj
-690 0 obj<</Subtype/Link/Rect[130.0 617.8 166.4 630.8]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 672 0]>>endobj
-691 0 obj<</Subtype/Link/Rect[130.0 604.6 331.4 617.6]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 439 0]>>endobj
-692 0 obj<</Subtype/Link/Rect[177.0 591.4 243.0 604.4]/Border[0 0 0]/Dest[1512 0 R/XYZ 0 311 0]>>endobj
-693 0 obj<</Subtype/Link/Rect[177.0 578.2 282.6 591.2]/Border[0 0 0]/Dest[1514 0 R/XYZ 0 441 0]>>endobj
-694 0 obj<</Subtype/Link/Rect[177.0 565.0 269.4 578.0]/Border[0 0 0]/Dest[1514 0 R/XYZ 0 303 0]>>endobj
-695 0 obj<</Subtype/Link/Rect[177.0 551.8 295.8 564.8]/Border[0 0 0]/Dest[1514 0 R/XYZ 0 157 0]>>endobj
-696 0 obj<</Subtype/Link/Rect[130.0 538.6 384.2 551.6]/Border[0 0 0]/Dest[1516 0 R/XYZ 0 339 0]>>endobj
-697 0 obj<</Subtype/Link/Rect[174.2 525.4 294.6 538.4]/Border[0 0 0]/Dest[1518 0 R/XYZ 0 266 0]>>endobj
-698 0 obj<</Subtype/Link/Rect[174.2 512.2 261.3 525.2]/Border[0 0 0]/Dest[1520 0 R/XYZ 0 734 0]>>endobj
-699 0 obj<</Subtype/Link/Rect[174.2 499.0 226.8 512.0]/Border[0 0 0]/Dest[1522 0 R/XYZ 0 459 0]>>endobj
-700 0 obj<</Subtype/Link/Rect[174.2 485.8 233.5 498.8]/Border[0 0 0]/Dest[1522 0 R/XYZ 0 361 0]>>endobj
-701 0 obj<</Subtype/Link/Rect[174.2 472.6 238.4 485.6]/Border[0 0 0]/Dest[1522 0 R/XYZ 0 224 0]>>endobj
-702 0 obj<</Subtype/Link/Rect[130.0 459.4 528.8 472.4]/Border[0 0 0]/Dest[1524 0 R/XYZ 0 670 0]>>endobj
-703 0 obj<</Subtype/Link/Rect[130.0 446.2 500.9 459.2]/Border[0 0 0]/Dest[1524 0 R/XYZ 0 126 0]>>endobj
-704 0 obj<</Subtype/Link/Rect[174.2 433.0 393.6 446.0]/Border[0 0 0]/Dest[1528 0 R/XYZ 0 734 0]>>endobj
-705 0 obj<</Subtype/Link/Rect[174.2 419.8 455.6 432.8]/Border[0 0 0]/Dest[1528 0 R/XYZ 0 484 0]>>endobj
-706 0 obj<</Subtype/Link/Rect[174.2 406.6 377.1 419.6]/Border[0 0 0]/Dest[1528 0 R/XYZ 0 132 0]>>endobj
-707 0 obj<</Subtype/Link/Rect[130.0 393.4 187.1 406.4]/Border[0 0 0]/Dest[1530 0 R/XYZ 0 263 0]>>endobj
-708 0 obj<</Subtype/Link/Rect[85.8 380.2 358.0 393.2]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 734 0]>>endobj
-709 0 obj<</Subtype/Link/Rect[130.0 367.0 447.2 380.0]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 672 0]>>endobj
-710 0 obj<</Subtype/Link/Rect[130.0 353.8 324.0 366.8]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 497 0]>>endobj
-711 0 obj<</Subtype/Link/Rect[130.0 340.6 234.2 353.6]/Border[0 0 0]/Dest[1532 0 R/XYZ 0 330 0]>>endobj
-712 0 obj<</Subtype/Link/Rect[130.0 327.4 296.5 340.4]/Border[0 0 0]/Dest[1534 0 R/XYZ 0 665 0]>>endobj
-713 0 obj<</Subtype/Link/Rect[174.2 314.2 251.2 327.2]/Border[0 0 0]/Dest[1534 0 R/XYZ 0 432 0]>>endobj
-714 0 obj<</Subtype/Link/Rect[174.2 301.0 276.3 314.0]/Border[0 0 0]/Dest[1534 0 R/XYZ 0 189 0]>>endobj
-715 0 obj<</Subtype/Link/Rect[130.0 287.8 305.7 300.8]/Border[0 0 0]/Dest[1536 0 R/XYZ 0 692 0]>>endobj
-716 0 obj<</Subtype/Link/Rect[130.0 274.6 402.5 287.6]/Border[0 0 0]/Dest[1536 0 R/XYZ 0 260 0]>>endobj
-717 0 obj<</Subtype/Link/Rect[130.0 261.4 392.8 274.4]/Border[0 0 0]/Dest[1540 0 R/XYZ 0 599 0]>>endobj
-718 0 obj<</Subtype/Link/Rect[85.8 248.2 401.7 261.2]/Border[0 0 0]/Dest[1542 0 R/XYZ 0 734 0]>>endobj
-719 0 obj<</Subtype/Link/Rect[130.0 235.0 207.3 248.0]/Border[0 0 0]/Dest[1542 0 R/XYZ 0 672 0]>>endobj
-720 0 obj<</Subtype/Link/Rect[130.0 221.8 250.4 234.8]/Border[0 0 0]/Dest[1544 0 R/XYZ 0 148 0]>>endobj
-721 0 obj<</Subtype/Link/Rect[130.0 208.6 273.9 221.6]/Border[0 0 0]/Dest[1546 0 R/XYZ 0 705 0]>>endobj
-722 0 obj<</Subtype/Link/Rect[85.8 195.4 350.0 208.4]/Border[0 0 0]/Dest[1548 0 R/XYZ 0 734 0]>>endobj
-723 0 obj<</Subtype/Link/Rect[130.0 182.2 185.3 195.2]/Border[0 0 0]/Dest[1548 0 R/XYZ 0 672 0]>>endobj
-724 0 obj<</Subtype/Link/Rect[174.2 169.0 202.1 182.0]/Border[0 0 0]/Dest[1550 0 R/XYZ 0 652 0]>>endobj
-725 0 obj<</Subtype/Link/Rect[85.8 155.8 162.8 168.8]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 734 0]>>endobj
-726 0 obj<</Subtype/Link/Rect[130.0 142.6 187.8 155.6]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 696 0]>>endobj
-727 0 obj<</Subtype/Link/Rect[130.0 129.4 195.1 142.4]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 317 0]>>endobj
-728 0 obj<</Subtype/Link/Rect[174.2 116.2 254.3 129.2]/Border[0 0 0]/Dest[1552 0 R/XYZ 0 131 0]>>endobj
-729 0 obj<</Subtype/Link/Rect[174.2 103.0 337.1 116.0]/Border[0 0 0]/Dest[1556 0 R/XYZ 0 583 0]>>endobj
-730 0 obj<</Subtype/Link/Rect[174.2 89.8 331.3 102.8]/Border[0 0 0]/Dest[1556 0 R/XYZ 0 169 0]>>endobj
-731 0 obj<</Subtype/Link/Rect[174.2 76.6 386.9 89.6]/Border[0 0 0]/Dest[1558 0 R/XYZ 0 470 0]>>endobj
-732 0 obj<</Subtype/Link/Rect[174.2 63.4 287.3 76.4]/Border[0 0 0]/Dest[1560 0 R/XYZ 0 297 0]>>endobj
-733 0 obj[689 0 R
-690 0 R
+656 0 R
+658 0 R
+660 0 R
+662 0 R
+664 0 R]endobj
+666 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
+667 0 obj<</Subtype/Link/Rect[494.2 641.8 530.0 654.8]/Border[0 0 0]/A 666 0 R>>endobj
+668 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
+669 0 obj<</Subtype/Link/Rect[72.0 628.6 127.9 641.6]/Border[0 0 0]/A 668 0 R>>endobj
+670 0 obj[667 0 R
+669 0 R]endobj
+671 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
+672 0 obj<</Subtype/Link/Rect[72.0 512.2 138.6 525.2]/Border[0 0 0]/A 671 0 R>>endobj
+673 0 obj<</S/Launch/F(#ADDUSERSCRIPT)>>endobj
+674 0 obj<</Subtype/Link/Rect[420.0 219.7 486.9 232.7]/Border[0 0 0]/A 673 0 R>>endobj
+675 0 obj[672 0 R
+674 0 R]endobj
+676 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj
+677 0 obj<</Subtype/Link/Rect[139.8 721.0 387.6 734.0]/Border[0 0 0]/A 676 0 R>>endobj
+678 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj
+679 0 obj<</Subtype/Link/Rect[285.2 179.8 540.0 192.8]/Border[0 0 0]/A 678 0 R>>endobj
+680 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj
+681 0 obj<</Subtype/Link/Rect[230.8 140.2 505.8 153.2]/Border[0 0 0]/A 680 0 R>>endobj
+682 0 obj[677 0 R
+679 0 R
+681 0 R]endobj
+683 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj
+684 0 obj<</Subtype/Link/Rect[349.4 417.4 455.4 430.4]/Border[0 0 0]/A 683 0 R>>endobj
+685 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj
+686 0 obj<</Subtype/Link/Rect[424.5 404.2 536.6 417.2]/Border[0 0 0]/A 685 0 R>>endobj
+687 0 obj[684 0 R
+686 0 R]endobj
+688 0 obj<</S/URI/URI(http://samba.org)>>endobj
+689 0 obj<</Subtype/Link/Rect[233.5 549.4 308.1 562.4]/Border[0 0 0]/A 688 0 R>>endobj
+690 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj
+691 0 obj<</Subtype/Link/Rect[144.0 496.6 346.1 509.6]/Border[0 0 0]/A 690 0 R>>endobj
+692 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj
+693 0 obj<</Subtype/Link/Rect[179.7 470.2 342.3 483.2]/Border[0 0 0]/A 692 0 R>>endobj
+694 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj
+695 0 obj<</Subtype/Link/Rect[282.1 457.0 378.7 470.0]/Border[0 0 0]/A 694 0 R>>endobj
+696 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj
+697 0 obj<</Subtype/Link/Rect[241.5 443.8 408.5 456.8]/Border[0 0 0]/A 696 0 R>>endobj
+698 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj
+699 0 obj<</Subtype/Link/Rect[277.5 430.6 469.1 443.6]/Border[0 0 0]/A 698 0 R>>endobj
+700 0 obj<</S/URI/URI(http://samba.org)>>endobj
+701 0 obj<</Subtype/Link/Rect[358.2 377.8 432.8 390.8]/Border[0 0 0]/A 700 0 R>>endobj
+702 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj
+703 0 obj<</Subtype/Link/Rect[298.4 338.2 422.8 351.2]/Border[0 0 0]/A 702 0 R>>endobj
+704 0 obj[689 0 R
 691 0 R
-692 0 R
 693 0 R
-694 0 R
 695 0 R
-696 0 R
 697 0 R
-698 0 R
 699 0 R
-700 0 R
 701 0 R
-702 0 R
-703 0 R
-704 0 R
-705 0 R
-706 0 R
-707 0 R
-708 0 R
-709 0 R
-710 0 R
-711 0 R
-712 0 R
-713 0 R
-714 0 R
-715 0 R
+703 0 R]endobj
+705 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj
+706 0 obj<</Subtype/Link/Rect[132.8 575.8 227.8 588.8]/Border[0 0 0]/A 705 0 R>>endobj
+707 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj
+708 0 obj<</Subtype/Link/Rect[306.3 562.6 328.0 575.6]/Border[0 0 0]/A 707 0 R>>endobj
+709 0 obj[706 0 R
+708 0 R]endobj
+710 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
+711 0 obj<</Subtype/Link/Rect[210.4 613.0 317.8 626.0]/Border[0 0 0]/A 710 0 R>>endobj
+712 0 obj[711 0 R]endobj
+713 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+714 0 obj<</Subtype/Link/Rect[191.8 573.4 264.4 586.4]/Border[0 0 0]/A 713 0 R>>endobj
+715 0 obj<</S/Launch/F(#SECURITY)>>endobj
+716 0 obj<</Subtype/Link/Rect[169.1 547.0 235.1 560.0]/Border[0 0 0]/A 715 0 R>>endobj
+717 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
+718 0 obj<</Subtype/Link/Rect[146.2 481.0 225.4 494.0]/Border[0 0 0]/A 717 0 R>>endobj
+719 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+720 0 obj<</Subtype/Link/Rect[224.7 401.8 336.9 414.8]/Border[0 0 0]/A 719 0 R>>endobj
+721 0 obj<</S/Launch/F(#PASSWORDSERVER)>>endobj
+722 0 obj<</Subtype/Link/Rect[188.7 362.2 300.9 375.2]/Border[0 0 0]/A 721 0 R>>endobj
+723 0 obj[714 0 R
 716 0 R
-717 0 R
 718 0 R
-719 0 R
 720 0 R
-721 0 R
-722 0 R
-723 0 R
-724 0 R
-725 0 R
-726 0 R
+722 0 R]endobj
+724 0 obj<</S/Launch/F(net.8.html)>>endobj
+725 0 obj<</Subtype/Link/Rect[218.7 694.6 247.7 707.6]/Border[0 0 0]/A 724 0 R>>endobj
+726 0 obj<</S/Launch/F(#SECURITYEQUALSSERVER)>>endobj
+727 0 obj<</Subtype/Link/Rect[275.2 319.8 351.3 332.8]/Border[0 0 0]/A 726 0 R>>endobj
+728 0 obj<</S/Launch/F(winbind.html)>>endobj
+729 0 obj<</Subtype/Link/Rect[151.1 267.0 219.5 280.0]/Border[0 0 0]/A 728 0 R>>endobj
+730 0 obj[725 0 R
 727 0 R
-728 0 R
-729 0 R
-730 0 R
-731 0 R
-732 0 R]endobj
-734 0 obj<</Subtype/Link/Rect[130.0 721.0 224.4 734.0]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 734 0]>>endobj
-735 0 obj<</Subtype/Link/Rect[174.2 707.8 255.8 720.8]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 632 0]>>endobj
-736 0 obj<</Subtype/Link/Rect[174.2 694.6 327.6 707.6]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 507 0]>>endobj
-737 0 obj<</Subtype/Link/Rect[174.2 681.4 263.8 694.4]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 423 0]>>endobj
-738 0 obj<</Subtype/Link/Rect[174.2 668.2 276.6 681.2]/Border[0 0 0]/Dest[1562 0 R/XYZ 0 325 0]>>endobj
-739 0 obj<</Subtype/Link/Rect[130.0 655.0 177.4 668.0]/Border[0 0 0]/Dest[1564 0 R/XYZ 0 440 0]>>endobj
-740 0 obj<</Subtype/Link/Rect[174.2 641.8 232.0 654.8]/Border[0 0 0]/Dest[1564 0 R/XYZ 0 406 0]>>endobj
-741 0 obj<</Subtype/Link/Rect[174.2 628.6 302.9 641.6]/Border[0 0 0]/Dest[1566 0 R/XYZ 0 479 0]>>endobj
-742 0 obj<</Subtype/Link/Rect[174.2 615.4 287.0 628.4]/Border[0 0 0]/Dest[1568 0 R/XYZ 0 692 0]>>endobj
-743 0 obj<</Subtype/Link/Rect[174.2 602.2 339.2 615.2]/Border[0 0 0]/Dest[1568 0 R/XYZ 0 511 0]>>endobj
-744 0 obj<</Subtype/Link/Rect[174.2 589.0 260.7 602.0]/Border[0 0 0]/Dest[1570 0 R/XYZ 0 734 0]>>endobj
-745 0 obj<</Subtype/Link/Rect[174.2 575.8 282.7 588.8]/Border[0 0 0]/Dest[1570 0 R/XYZ 0 394 0]>>endobj
-746 0 obj<</Subtype/Link/Rect[174.2 562.6 279.7 575.6]/Border[0 0 0]/Dest[1572 0 R/XYZ 0 718 0]>>endobj
-747 0 obj<</Subtype/Link/Rect[174.2 549.4 259.8 562.4]/Border[0 0 0]/Dest[1572 0 R/XYZ 0 633 0]>>endobj
-748 0 obj<</Subtype/Link/Rect[174.2 536.2 246.4 549.2]/Border[0 0 0]/Dest[1572 0 R/XYZ 0 535 0]>>endobj
-749 0 obj<</Subtype/Link/Rect[85.8 523.0 152.3 536.0]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 734 0]>>endobj
-750 0 obj<</Subtype/Link/Rect[130.0 509.8 187.8 522.8]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 696 0]>>endobj
-751 0 obj<</Subtype/Link/Rect[130.0 496.6 328.0 509.6]/Border[0 0 0]/Dest[1574 0 R/XYZ 0 467 0]>>endobj
-752 0 obj<</Subtype/Link/Rect[85.8 483.4 369.0 496.4]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 734 0]>>endobj
-753 0 obj<</Subtype/Link/Rect[130.0 470.2 170.0 483.2]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 672 0]>>endobj
-754 0 obj<</Subtype/Link/Rect[130.0 457.0 187.8 470.0]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 544 0]>>endobj
-755 0 obj<</Subtype/Link/Rect[130.0 443.8 237.9 456.8]/Border[0 0 0]/Dest[1578 0 R/XYZ 0 231 0]>>endobj
-756 0 obj<</Subtype/Link/Rect[174.2 430.6 230.5 443.6]/Border[0 0 0]/Dest[1580 0 R/XYZ 0 560 0]>>endobj
-757 0 obj<</Subtype/Link/Rect[130.0 417.4 224.4 430.4]/Border[0 0 0]/Dest[1580 0 R/XYZ 0 409 0]>>endobj
-758 0 obj<</Subtype/Link/Rect[174.2 404.2 330.7 417.2]/Border[0 0 0]/Dest[1580 0 R/XYZ 0 294 0]>>endobj
-759 0 obj<</Subtype/Link/Rect[174.2 391.0 269.9 404.0]/Border[0 0 0]/Dest[1582 0 R/XYZ 0 734 0]>>endobj
-760 0 obj<</Subtype/Link/Rect[174.2 377.8 330.4 390.8]/Border[0 0 0]/Dest[1582 0 R/XYZ 0 292 0]>>endobj
-761 0 obj<</Subtype/Link/Rect[174.2 364.6 312.0 377.6]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 665 0]>>endobj
-762 0 obj<</Subtype/Link/Rect[174.2 351.4 244.5 364.4]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 488 0]>>endobj
-763 0 obj<</Subtype/Link/Rect[130.0 338.2 267.8 351.2]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 351 0]>>endobj
-764 0 obj<</Subtype/Link/Rect[174.2 325.0 232.0 338.0]/Border[0 0 0]/Dest[1584 0 R/XYZ 0 209 0]>>endobj
-765 0 obj<</Subtype/Link/Rect[174.2 311.8 237.5 324.8]/Border[0 0 0]/Dest[1586 0 R/XYZ 0 599 0]>>endobj
-766 0 obj<</Subtype/Link/Rect[174.2 298.6 261.3 311.6]/Border[0 0 0]/Dest[1586 0 R/XYZ 0 330 0]>>endobj
-767 0 obj<</Subtype/Link/Rect[130.0 285.4 182.9 298.4]/Border[0 0 0]/Dest[1600 0 R/XYZ 0 296 0]>>endobj
-768 0 obj<</Subtype/Link/Rect[130.0 272.2 182.9 285.2]/Border[0 0 0]/Dest[1602 0 R/XYZ 0 734 0]>>endobj
-769 0 obj<</Subtype/Link/Rect[85.8 259.0 187.5 272.0]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 734 0]>>endobj
-770 0 obj<</Subtype/Link/Rect[130.0 245.8 170.6 258.8]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 696 0]>>endobj
-771 0 obj<</Subtype/Link/Rect[130.0 232.6 186.5 245.6]/Border[0 0 0]/Dest[1604 0 R/XYZ 0 595 0]>>endobj
-772 0 obj<</Subtype/Link/Rect[130.0 219.4 353.1 232.4]/Border[0 0 0]/Dest[1606 0 R/XYZ 0 568 0]>>endobj
-773 0 obj<</Subtype/Link/Rect[130.0 206.2 311.6 219.2]/Border[0 0 0]/Dest[1606 0 R/XYZ 0 414 0]>>endobj
-774 0 obj<</Subtype/Link/Rect[85.8 193.0 175.9 206.0]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 734 0]>>endobj
-775 0 obj<</Subtype/Link/Rect[130.0 179.8 170.6 192.8]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 696 0]>>endobj
-776 0 obj<</Subtype/Link/Rect[130.0 166.6 160.9 179.6]/Border[0 0 0]/Dest[1608 0 R/XYZ 0 608 0]>>endobj
-777 0 obj<</Subtype/Link/Rect[85.8 153.4 420.2 166.4]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 734 0]>>endobj
-778 0 obj<</Subtype/Link/Rect[130.0 140.2 169.4 153.2]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 672 0]>>endobj
-779 0 obj<</Subtype/Link/Rect[130.0 127.0 187.8 140.0]/Border[0 0 0]/Dest[1610 0 R/XYZ 0 412 0]>>endobj
-780 0 obj<</Subtype/Link/Rect[130.0 113.8 244.0 126.8]/Border[0 0 0]/Dest[1612 0 R/XYZ 0 573 0]>>endobj
-781 0 obj<</Subtype/Link/Rect[130.0 100.6 382.4 113.6]/Border[0 0 0]/Dest[1612 0 R/XYZ 0 471 0]>>endobj
-782 0 obj<</Subtype/Link/Rect[130.0 87.4 271.2 100.4]/Border[0 0 0]/Dest[1614 0 R/XYZ 0 734 0]>>endobj
-783 0 obj<</Subtype/Link/Rect[174.2 74.2 291.0 87.2]/Border[0 0 0]/Dest[1614 0 R/XYZ 0 700 0]>>endobj
-784 0 obj<</Subtype/Link/Rect[174.2 61.0 263.5 74.0]/Border[0 0 0]/Dest[1614 0 R/XYZ 0 143 0]>>endobj
-785 0 obj[734 0 R
-735 0 R
-736 0 R
+729 0 R]endobj
+731 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj
+732 0 obj<</Subtype/Link/Rect[438.0 668.2 495.1 681.2]/Border[0 0 0]/A 731 0 R>>endobj
+733 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj
+734 0 obj<</Subtype/Link/Rect[72.0 655.0 186.6 668.0]/Border[0 0 0]/A 733 0 R>>endobj
+735 0 obj[732 0 R
+734 0 R]endobj
+736 0 obj<</Subtype/Link/Rect[80.2 631.0 289.9 644.0]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 734 0]>>endobj
+737 0 obj<</Subtype/Link/Rect[124.5 617.8 160.9 630.8]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 672 0]>>endobj
+738 0 obj<</Subtype/Link/Rect[124.5 604.6 325.9 617.6]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 439 0]>>endobj
+739 0 obj<</Subtype/Link/Rect[171.5 591.4 237.5 604.4]/Border[0 0 0]/Dest[1517 0 R/XYZ 0 311 0]>>endobj
+740 0 obj<</Subtype/Link/Rect[171.5 578.2 277.1 591.2]/Border[0 0 0]/Dest[1519 0 R/XYZ 0 441 0]>>endobj
+741 0 obj<</Subtype/Link/Rect[171.5 565.0 263.9 578.0]/Border[0 0 0]/Dest[1519 0 R/XYZ 0 303 0]>>endobj
+742 0 obj<</Subtype/Link/Rect[171.5 551.8 290.3 564.8]/Border[0 0 0]/Dest[1519 0 R/XYZ 0 157 0]>>endobj
+743 0 obj<</Subtype/Link/Rect[124.5 538.6 378.7 551.6]/Border[0 0 0]/Dest[1521 0 R/XYZ 0 339 0]>>endobj
+744 0 obj<</Subtype/Link/Rect[168.8 525.4 289.1 538.4]/Border[0 0 0]/Dest[1523 0 R/XYZ 0 266 0]>>endobj
+745 0 obj<</Subtype/Link/Rect[168.8 512.2 255.8 525.2]/Border[0 0 0]/Dest[1525 0 R/XYZ 0 734 0]>>endobj
+746 0 obj<</Subtype/Link/Rect[168.8 499.0 221.3 512.0]/Border[0 0 0]/Dest[1527 0 R/XYZ 0 459 0]>>endobj
+747 0 obj<</Subtype/Link/Rect[168.8 485.8 228.0 498.8]/Border[0 0 0]/Dest[1527 0 R/XYZ 0 361 0]>>endobj
+748 0 obj<</Subtype/Link/Rect[168.8 472.6 232.9 485.6]/Border[0 0 0]/Dest[1527 0 R/XYZ 0 224 0]>>endobj
+749 0 obj<</Subtype/Link/Rect[124.5 459.4 523.3 472.4]/Border[0 0 0]/Dest[1529 0 R/XYZ 0 670 0]>>endobj
+750 0 obj<</Subtype/Link/Rect[124.5 446.2 495.4 459.2]/Border[0 0 0]/Dest[1529 0 R/XYZ 0 126 0]>>endobj
+751 0 obj<</Subtype/Link/Rect[168.8 433.0 388.1 446.0]/Border[0 0 0]/Dest[1533 0 R/XYZ 0 734 0]>>endobj
+752 0 obj<</Subtype/Link/Rect[168.8 419.8 450.1 432.8]/Border[0 0 0]/Dest[1533 0 R/XYZ 0 484 0]>>endobj
+753 0 obj<</Subtype/Link/Rect[168.8 406.6 371.6 419.6]/Border[0 0 0]/Dest[1533 0 R/XYZ 0 132 0]>>endobj
+754 0 obj<</Subtype/Link/Rect[124.5 393.4 181.6 406.4]/Border[0 0 0]/Dest[1535 0 R/XYZ 0 263 0]>>endobj
+755 0 obj<</Subtype/Link/Rect[85.8 380.2 358.0 393.2]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 734 0]>>endobj
+756 0 obj<</Subtype/Link/Rect[130.0 367.0 447.2 380.0]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 672 0]>>endobj
+757 0 obj<</Subtype/Link/Rect[130.0 353.8 324.0 366.8]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 537 0]>>endobj
+758 0 obj<</Subtype/Link/Rect[130.0 340.6 234.2 353.6]/Border[0 0 0]/Dest[1537 0 R/XYZ 0 369 0]>>endobj
+759 0 obj<</Subtype/Link/Rect[130.0 327.4 296.5 340.4]/Border[0 0 0]/Dest[1539 0 R/XYZ 0 705 0]>>endobj
+760 0 obj<</Subtype/Link/Rect[174.2 314.2 251.2 327.2]/Border[0 0 0]/Dest[1539 0 R/XYZ 0 471 0]>>endobj
+761 0 obj<</Subtype/Link/Rect[174.2 301.0 276.3 314.0]/Border[0 0 0]/Dest[1539 0 R/XYZ 0 228 0]>>endobj
+762 0 obj<</Subtype/Link/Rect[130.0 287.8 305.7 300.8]/Border[0 0 0]/Dest[1541 0 R/XYZ 0 718 0]>>endobj
+763 0 obj<</Subtype/Link/Rect[130.0 274.6 402.5 287.6]/Border[0 0 0]/Dest[1541 0 R/XYZ 0 287 0]>>endobj
+764 0 obj<</Subtype/Link/Rect[130.0 261.4 392.8 274.4]/Border[0 0 0]/Dest[1545 0 R/XYZ 0 652 0]>>endobj
+765 0 obj<</Subtype/Link/Rect[85.8 248.2 401.7 261.2]/Border[0 0 0]/Dest[1547 0 R/XYZ 0 734 0]>>endobj
+766 0 obj<</Subtype/Link/Rect[130.0 235.0 207.3 248.0]/Border[0 0 0]/Dest[1547 0 R/XYZ 0 672 0]>>endobj
+767 0 obj<</Subtype/Link/Rect[130.0 221.8 250.4 234.8]/Border[0 0 0]/Dest[1549 0 R/XYZ 0 148 0]>>endobj
+768 0 obj<</Subtype/Link/Rect[130.0 208.6 273.9 221.6]/Border[0 0 0]/Dest[1551 0 R/XYZ 0 705 0]>>endobj
+769 0 obj<</Subtype/Link/Rect[85.8 195.4 350.0 208.4]/Border[0 0 0]/Dest[1553 0 R/XYZ 0 734 0]>>endobj
+770 0 obj<</Subtype/Link/Rect[130.0 182.2 185.3 195.2]/Border[0 0 0]/Dest[1553 0 R/XYZ 0 672 0]>>endobj
+771 0 obj<</Subtype/Link/Rect[174.2 169.0 202.1 182.0]/Border[0 0 0]/Dest[1555 0 R/XYZ 0 652 0]>>endobj
+772 0 obj<</Subtype/Link/Rect[85.8 155.8 162.8 168.8]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 734 0]>>endobj
+773 0 obj<</Subtype/Link/Rect[130.0 142.6 187.8 155.6]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 696 0]>>endobj
+774 0 obj<</Subtype/Link/Rect[130.0 129.4 195.1 142.4]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 317 0]>>endobj
+775 0 obj<</Subtype/Link/Rect[174.2 116.2 254.3 129.2]/Border[0 0 0]/Dest[1557 0 R/XYZ 0 127 0]>>endobj
+776 0 obj<</Subtype/Link/Rect[174.2 103.0 337.1 116.0]/Border[0 0 0]/Dest[1561 0 R/XYZ 0 531 0]>>endobj
+777 0 obj<</Subtype/Link/Rect[174.2 89.8 331.3 102.8]/Border[0 0 0]/Dest[1563 0 R/XYZ 0 734 0]>>endobj
+778 0 obj<</Subtype/Link/Rect[174.2 76.6 386.9 89.6]/Border[0 0 0]/Dest[1563 0 R/XYZ 0 363 0]>>endobj
+779 0 obj<</Subtype/Link/Rect[174.2 63.4 287.3 76.4]/Border[0 0 0]/Dest[1565 0 R/XYZ 0 184 0]>>endobj
+780 0 obj[736 0 R
 737 0 R
 738 0 R
 739 0 R
@@ -1429,45 +1396,64 @@
 776 0 R
 777 0 R
 778 0 R
-779 0 R
-780 0 R
-781 0 R
+779 0 R]endobj
+781 0 obj<</Subtype/Link/Rect[130.0 721.0 224.4 734.0]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 692 0]>>endobj
+782 0 obj<</Subtype/Link/Rect[174.2 707.8 255.8 720.8]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 590 0]>>endobj
+783 0 obj<</Subtype/Link/Rect[174.2 694.6 327.6 707.6]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 466 0]>>endobj
+784 0 obj<</Subtype/Link/Rect[174.2 681.4 263.8 694.4]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 381 0]>>endobj
+785 0 obj<</Subtype/Link/Rect[174.2 668.2 276.6 681.2]/Border[0 0 0]/Dest[1567 0 R/XYZ 0 283 0]>>endobj
+786 0 obj<</Subtype/Link/Rect[130.0 655.0 177.4 668.0]/Border[0 0 0]/Dest[1569 0 R/XYZ 0 397 0]>>endobj
+787 0 obj<</Subtype/Link/Rect[174.2 641.8 232.0 654.8]/Border[0 0 0]/Dest[1569 0 R/XYZ 0 363 0]>>endobj
+788 0 obj<</Subtype/Link/Rect[174.2 628.6 302.9 641.6]/Border[0 0 0]/Dest[1571 0 R/XYZ 0 429 0]>>endobj
+789 0 obj<</Subtype/Link/Rect[174.2 615.4 287.0 628.4]/Border[0 0 0]/Dest[1573 0 R/XYZ 0 665 0]>>endobj
+790 0 obj<</Subtype/Link/Rect[174.2 602.2 339.2 615.2]/Border[0 0 0]/Dest[1573 0 R/XYZ 0 485 0]>>endobj
+791 0 obj<</Subtype/Link/Rect[174.2 589.0 260.7 602.0]/Border[0 0 0]/Dest[1575 0 R/XYZ 0 734 0]>>endobj
+792 0 obj<</Subtype/Link/Rect[174.2 575.8 282.7 588.8]/Border[0 0 0]/Dest[1575 0 R/XYZ 0 394 0]>>endobj
+793 0 obj<</Subtype/Link/Rect[174.2 562.6 279.7 575.6]/Border[0 0 0]/Dest[1577 0 R/XYZ 0 718 0]>>endobj
+794 0 obj<</Subtype/Link/Rect[174.2 549.4 259.8 562.4]/Border[0 0 0]/Dest[1577 0 R/XYZ 0 633 0]>>endobj
+795 0 obj<</Subtype/Link/Rect[174.2 536.2 246.4 549.2]/Border[0 0 0]/Dest[1577 0 R/XYZ 0 535 0]>>endobj
+796 0 obj<</Subtype/Link/Rect[85.8 523.0 369.0 536.0]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 734 0]>>endobj
+797 0 obj<</Subtype/Link/Rect[130.0 509.8 170.0 522.8]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 672 0]>>endobj
+798 0 obj<</Subtype/Link/Rect[130.0 496.6 187.8 509.6]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 544 0]>>endobj
+799 0 obj<</Subtype/Link/Rect[130.0 483.4 237.9 496.4]/Border[0 0 0]/Dest[1579 0 R/XYZ 0 231 0]>>endobj
+800 0 obj<</Subtype/Link/Rect[174.2 470.2 230.5 483.2]/Border[0 0 0]/Dest[1581 0 R/XYZ 0 560 0]>>endobj
+801 0 obj<</Subtype/Link/Rect[130.0 457.0 224.4 470.0]/Border[0 0 0]/Dest[1581 0 R/XYZ 0 409 0]>>endobj
+802 0 obj<</Subtype/Link/Rect[174.2 443.8 330.7 456.8]/Border[0 0 0]/Dest[1581 0 R/XYZ 0 294 0]>>endobj
+803 0 obj<</Subtype/Link/Rect[174.2 430.6 334.9 443.6]/Border[0 0 0]/Dest[1583 0 R/XYZ 0 734 0]>>endobj
+804 0 obj<</Subtype/Link/Rect[174.2 417.4 269.9 430.4]/Border[0 0 0]/Dest[1583 0 R/XYZ 0 635 0]>>endobj
+805 0 obj<</Subtype/Link/Rect[174.2 404.2 330.4 417.2]/Border[0 0 0]/Dest[1583 0 R/XYZ 0 194 0]>>endobj
+806 0 obj<</Subtype/Link/Rect[174.2 391.0 312.0 404.0]/Border[0 0 0]/Dest[1585 0 R/XYZ 0 560 0]>>endobj
+807 0 obj<</Subtype/Link/Rect[174.2 377.8 244.5 390.8]/Border[0 0 0]/Dest[1585 0 R/XYZ 0 383 0]>>endobj
+808 0 obj<</Subtype/Link/Rect[130.0 364.6 267.8 377.6]/Border[0 0 0]/Dest[1585 0 R/XYZ 0 245 0]>>endobj
+809 0 obj<</Subtype/Link/Rect[174.2 351.4 232.0 364.4]/Border[0 0 0]/Dest[1587 0 R/XYZ 0 734 0]>>endobj
+810 0 obj<</Subtype/Link/Rect[174.2 338.2 237.5 351.2]/Border[0 0 0]/Dest[1587 0 R/XYZ 0 451 0]>>endobj
+811 0 obj<</Subtype/Link/Rect[174.2 325.0 261.3 338.0]/Border[0 0 0]/Dest[1587 0 R/XYZ 0 181 0]>>endobj
+812 0 obj<</Subtype/Link/Rect[130.0 311.8 182.9 324.8]/Border[0 0 0]/Dest[1603 0 R/XYZ 0 734 0]>>endobj
+813 0 obj<</Subtype/Link/Rect[130.0 298.6 182.9 311.6]/Border[0 0 0]/Dest[1603 0 R/XYZ 0 513 0]>>endobj
+814 0 obj<</Subtype/Link/Rect[85.8 285.4 217.1 298.4]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 734 0]>>endobj
+815 0 obj<</Subtype/Link/Rect[130.0 272.2 229.9 285.2]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 696 0]>>endobj
+816 0 obj<</Subtype/Link/Rect[130.0 259.0 254.1 272.0]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 515 0]>>endobj
+817 0 obj<</Subtype/Link/Rect[130.0 245.8 218.0 258.8]/Border[0 0 0]/Dest[1605 0 R/XYZ 0 137 0]>>endobj
+818 0 obj<</Subtype/Link/Rect[130.0 232.6 242.1 245.6]/Border[0 0 0]/Dest[1607 0 R/XYZ 0 533 0]>>endobj
+819 0 obj<</Subtype/Link/Rect[174.2 219.4 354.8 232.4]/Border[0 0 0]/Dest[1607 0 R/XYZ 0 273 0]>>endobj
+820 0 obj<</Subtype/Link/Rect[130.0 206.2 244.0 219.2]/Border[0 0 0]/Dest[1613 0 R/XYZ 0 560 0]>>endobj
+821 0 obj<</Subtype/Link/Rect[130.0 193.0 312.7 206.0]/Border[0 0 0]/Dest[1615 0 R/XYZ 0 613 0]>>endobj
+822 0 obj<</Subtype/Link/Rect[130.0 179.8 287.1 192.8]/Border[0 0 0]/Dest[1617 0 R/XYZ 0 622 0]>>endobj
+823 0 obj<</Subtype/Link/Rect[130.0 166.6 273.0 179.6]/Border[0 0 0]/Dest[1617 0 R/XYZ 0 266 0]>>endobj
+824 0 obj<</Subtype/Link/Rect[130.0 153.4 282.5 166.4]/Border[0 0 0]/Dest[1619 0 R/XYZ 0 520 0]>>endobj
+825 0 obj<</Subtype/Link/Rect[135.5 140.2 279.7 153.2]/Border[0 0 0]/Dest[1621 0 R/XYZ 0 734 0]>>endobj
+826 0 obj<</Subtype/Link/Rect[135.5 127.0 221.7 140.0]/Border[0 0 0]/Dest[1621 0 R/XYZ 0 645 0]>>endobj
+827 0 obj<</Subtype/Link/Rect[85.8 113.8 192.4 126.8]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 734 0]>>endobj
+828 0 obj<</Subtype/Link/Rect[130.0 100.6 269.6 113.6]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 696 0]>>endobj
+829 0 obj<</Subtype/Link/Rect[130.0 87.4 210.7 100.4]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 385 0]>>endobj
+830 0 obj<</Subtype/Link/Rect[174.2 74.2 199.6 87.2]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 351 0]>>endobj
+831 0 obj<</Subtype/Link/Rect[174.2 61.0 208.8 74.0]/Border[0 0 0]/Dest[1623 0 R/XYZ 0 215 0]>>endobj
+832 0 obj[781 0 R
 782 0 R
 783 0 R
-784 0 R]endobj
-786 0 obj<</Subtype/Link/Rect[130.0 721.0 287.0 734.0]/Border[0 0 0]/Dest[1616 0 R/XYZ 0 243 0]>>endobj
-787 0 obj<</Subtype/Link/Rect[130.0 707.8 255.6 720.8]/Border[0 0 0]/Dest[1618 0 R/XYZ 0 718 0]>>endobj
-788 0 obj<</Subtype/Link/Rect[130.0 694.6 330.8 707.6]/Border[0 0 0]/Dest[1618 0 R/XYZ 0 336 0]>>endobj
-789 0 obj<</Subtype/Link/Rect[130.0 681.4 324.3 694.4]/Border[0 0 0]/Dest[1620 0 R/XYZ 0 322 0]>>endobj
-790 0 obj<</Subtype/Link/Rect[135.5 668.2 184.7 681.2]/Border[0 0 0]/Dest[1622 0 R/XYZ 0 492 0]>>endobj
-791 0 obj<</Subtype/Link/Rect[85.8 655.0 287.1 668.0]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 734 0]>>endobj
-792 0 obj<</Subtype/Link/Rect[130.0 641.8 187.8 654.8]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 672 0]>>endobj
-793 0 obj<</Subtype/Link/Rect[130.0 628.6 245.8 641.6]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 557 0]>>endobj
-794 0 obj<</Subtype/Link/Rect[174.2 615.4 263.2 628.4]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 469 0]>>endobj
-795 0 obj<</Subtype/Link/Rect[174.2 602.2 239.9 615.2]/Border[0 0 0]/Dest[1624 0 R/XYZ 0 358 0]>>endobj
-796 0 obj<</Subtype/Link/Rect[85.8 589.0 200.3 602.0]/Border[0 0 0]/Dest[1628 0 R/XYZ 0 734 0]>>endobj
-797 0 obj<</Subtype/Link/Rect[85.8 575.8 206.4 588.8]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 734 0]>>endobj
-798 0 obj<</Subtype/Link/Rect[130.0 562.6 191.4 575.6]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 696 0]>>endobj
-799 0 obj<</Subtype/Link/Rect[130.0 549.4 168.8 562.4]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 449 0]>>endobj
-800 0 obj<</Subtype/Link/Rect[174.2 536.2 219.2 549.2]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 416 0]>>endobj
-801 0 obj<</Subtype/Link/Rect[174.2 523.0 245.1 536.0]/Border[0 0 0]/Dest[1630 0 R/XYZ 0 146 0]>>endobj
-802 0 obj<</Subtype/Link/Rect[174.2 509.8 348.3 522.8]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 652 0]>>endobj
-803 0 obj<</Subtype/Link/Rect[130.0 496.6 196.6 509.6]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 515 0]>>endobj
-804 0 obj<</Subtype/Link/Rect[130.0 483.4 174.6 496.4]/Border[0 0 0]/Dest[1632 0 R/XYZ 0 255 0]>>endobj
-805 0 obj<</Subtype/Link/Rect[130.0 470.2 174.0 483.2]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 718 0]>>endobj
-806 0 obj<</Subtype/Link/Rect[130.0 457.0 168.2 470.0]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 537 0]>>endobj
-807 0 obj<</Subtype/Link/Rect[130.0 443.8 189.3 456.8]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 409 0]>>endobj
-808 0 obj<</Subtype/Link/Rect[130.0 430.6 173.4 443.6]/Border[0 0 0]/Dest[1634 0 R/XYZ 0 189 0]>>endobj
-809 0 obj<</Subtype/Link/Rect[130.0 417.4 178.9 430.4]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 734 0]>>endobj
-810 0 obj<</Subtype/Link/Rect[135.5 404.2 180.7 417.2]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 645 0]>>endobj
-811 0 obj<</Subtype/Link/Rect[135.5 391.0 182.6 404.0]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 477 0]>>endobj
-812 0 obj<</Subtype/Link/Rect[135.5 377.8 208.8 390.8]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 349 0]>>endobj
-813 0 obj<</Subtype/Link/Rect[135.5 364.6 216.2 377.6]/Border[0 0 0]/Dest[1636 0 R/XYZ 0 129 0]>>endobj
-814 0 obj<</Subtype/Link/Rect[135.5 351.4 193.6 364.4]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 639 0]>>endobj
-815 0 obj<</Subtype/Link/Rect[135.5 338.2 192.3 351.2]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 511 0]>>endobj
-816 0 obj<</Subtype/Link/Rect[135.5 325.0 196.0 338.0]/Border[0 0 0]/Dest[1638 0 R/XYZ 0 436 0]>>endobj
-817 0 obj<</Subtype/Link/Rect[135.5 311.8 186.8 324.8]/Border[0 0 0]/Dest[1640 0 R/XYZ 0 388 0]>>endobj
-818 0 obj[786 0 R
+784 0 R
+785 0 R
+786 0 R
 787 0 R
 788 0 R
 789 0 R
@@ -1498,266 +1484,280 @@
 814 0 R
 815 0 R
 816 0 R
-817 0 R]endobj
-819 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-820 0 obj<</Subtype/Link/Rect[174.0 562.6 270.6 575.6]/Border[0 0 0]/A 819 0 R>>endobj
-821 0 obj<</S/Launch/F(#PASSWORDLEVEL)>>endobj
-822 0 obj<</Subtype/Link/Rect[72.0 300.6 153.0 311.6]/Border[0 0 0]/A 821 0 R>>endobj
-823 0 obj<</S/Launch/F(#USERNAMELEVEL)>>endobj
-824 0 obj<</Subtype/Link/Rect[72.0 289.8 147.6 300.8]/Border[0 0 0]/A 823 0 R>>endobj
-825 0 obj[820 0 R
+817 0 R
+818 0 R
+819 0 R
+820 0 R
+821 0 R
 822 0 R
-824 0 R]endobj
-826 0 obj<</S/Launch/F(winbind.html)>>endobj
-827 0 obj<</Subtype/Link/Rect[503.4 161.0 544.6 174.0]/Border[0 0 0]/A 826 0 R>>endobj
-828 0 obj<</S/Launch/F(winbind.html)>>endobj
-829 0 obj<</Subtype/Link/Rect[72.0 147.8 115.4 160.8]/Border[0 0 0]/A 828 0 R>>endobj
-830 0 obj[827 0 R
-829 0 R]endobj
-831 0 obj<</S/Launch/F(#NTACLSUPPORT)>>endobj
-832 0 obj<</Subtype/Link/Rect[339.9 526.6 438.9 539.6]/Border[0 0 0]/A 831 0 R>>endobj
-833 0 obj[832 0 R]endobj
-834 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
-835 0 obj<</Subtype/Link/Rect[493.0 707.8 545.8 720.8]/Border[0 0 0]/A 834 0 R>>endobj
-836 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
-837 0 obj<</Subtype/Link/Rect[72.0 694.6 98.4 707.6]/Border[0 0 0]/A 836 0 R>>endobj
-838 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
-839 0 obj<</Subtype/Link/Rect[356.1 615.4 428.7 628.4]/Border[0 0 0]/A 838 0 R>>endobj
-840 0 obj<</S/Launch/F(#FORCESECURITYMODE)>>endobj
-841 0 obj<</Subtype/Link/Rect[424.3 562.6 549.7 575.6]/Border[0 0 0]/A 840 0 R>>endobj
-842 0 obj<</S/Launch/F(#FORCECREATEMODE)>>endobj
-843 0 obj<</Subtype/Link/Rect[356.1 483.4 468.3 496.4]/Border[0 0 0]/A 842 0 R>>endobj
-844 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-845 0 obj<</Subtype/Link/Rect[72.0 206.2 144.6 219.2]/Border[0 0 0]/A 844 0 R>>endobj
-846 0 obj[835 0 R
+823 0 R
+824 0 R
+825 0 R
+826 0 R
+827 0 R
+828 0 R
+829 0 R
+830 0 R
+831 0 R]endobj
+833 0 obj<</Subtype/Link/Rect[174.2 721.0 212.4 734.0]/Border[0 0 0]/Dest[1625 0 R/XYZ 0 560 0]>>endobj
+834 0 obj<</Subtype/Link/Rect[130.0 707.8 281.5 720.8]/Border[0 0 0]/Dest[1625 0 R/XYZ 0 430 0]>>endobj
+835 0 obj<</Subtype/Link/Rect[174.2 694.6 231.4 707.6]/Border[0 0 0]/Dest[1625 0 R/XYZ 0 315 0]>>endobj
+836 0 obj<</Subtype/Link/Rect[174.2 681.4 202.0 694.4]/Border[0 0 0]/Dest[1627 0 R/XYZ 0 734 0]>>endobj
+837 0 obj<</Subtype/Link/Rect[85.8 668.2 245.2 681.2]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 734 0]>>endobj
+838 0 obj<</Subtype/Link/Rect[130.0 655.0 187.8 668.0]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 696 0]>>endobj
+839 0 obj<</Subtype/Link/Rect[130.0 641.8 245.8 654.8]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 581 0]>>endobj
+840 0 obj<</Subtype/Link/Rect[174.2 628.6 263.2 641.6]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 493 0]>>endobj
+841 0 obj<</Subtype/Link/Rect[174.2 615.4 239.9 628.4]/Border[0 0 0]/Dest[1629 0 R/XYZ 0 382 0]>>endobj
+842 0 obj<</Subtype/Link/Rect[85.8 602.2 200.3 615.2]/Border[0 0 0]/Dest[1633 0 R/XYZ 0 734 0]>>endobj
+843 0 obj<</Subtype/Link/Rect[85.8 589.0 206.4 602.0]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 734 0]>>endobj
+844 0 obj<</Subtype/Link/Rect[130.0 575.8 191.4 588.8]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 696 0]>>endobj
+845 0 obj<</Subtype/Link/Rect[130.0 562.6 196.6 575.6]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 449 0]>>endobj
+846 0 obj<</Subtype/Link/Rect[130.0 549.4 174.6 562.4]/Border[0 0 0]/Dest[1635 0 R/XYZ 0 189 0]>>endobj
+847 0 obj<</Subtype/Link/Rect[130.0 536.2 174.0 549.2]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 639 0]>>endobj
+848 0 obj<</Subtype/Link/Rect[130.0 523.0 173.4 536.0]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 458 0]>>endobj
+849 0 obj<</Subtype/Link/Rect[130.0 509.8 175.2 522.8]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 383 0]>>endobj
+850 0 obj<</Subtype/Link/Rect[130.0 496.6 177.1 509.6]/Border[0 0 0]/Dest[1637 0 R/XYZ 0 215 0]>>endobj
+851 0 obj<</Subtype/Link/Rect[130.0 483.4 188.1 496.4]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 734 0]>>endobj
+852 0 obj<</Subtype/Link/Rect[130.0 470.2 186.8 483.2]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 605 0]>>endobj
+853 0 obj<</Subtype/Link/Rect[135.5 457.0 196.0 470.0]/Border[0 0 0]/Dest[1639 0 R/XYZ 0 530 0]>>endobj
+854 0 obj<</Subtype/Link/Rect[85.8 443.8 196.7 456.8]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 734 0]>>endobj
+855 0 obj<</Subtype/Link/Rect[130.0 430.6 188.6 443.6]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 696 0]>>endobj
+856 0 obj<</Subtype/Link/Rect[130.0 417.4 197.5 430.4]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 463 0]>>endobj
+857 0 obj<</Subtype/Link/Rect[174.2 404.2 241.8 417.2]/Border[0 0 0]/Dest[1643 0 R/XYZ 0 160 0]>>endobj
+858 0 obj<</Subtype/Link/Rect[174.2 391.0 262.2 404.0]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 734 0]>>endobj
+859 0 obj<</Subtype/Link/Rect[174.2 377.8 236.6 390.8]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 662 0]>>endobj
+860 0 obj<</Subtype/Link/Rect[174.2 364.6 212.7 377.6]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 590 0]>>endobj
+861 0 obj<</Subtype/Link/Rect[130.0 351.4 214.3 364.4]/Border[0 0 0]/Dest[1645 0 R/XYZ 0 426 0]>>endobj
+862 0 obj[833 0 R
+834 0 R
+835 0 R
+836 0 R
 837 0 R
+838 0 R
 839 0 R
+840 0 R
 841 0 R
+842 0 R
 843 0 R
-845 0 R]endobj
-847 0 obj<</S/URI/URI(http://rsync.samba.org/)>>endobj
-848 0 obj<</Subtype/Link/Rect[118.1 89.0 222.3 102.0]/Border[0 0 0]/A 847 0 R>>endobj
-849 0 obj[848 0 R]endobj
-850 0 obj<</S/Launch/F(#OBEYPAMRESTRICTIONS)>>endobj
-851 0 obj<</Subtype/Link/Rect[235.4 659.0 332.9 672.0]/Border[0 0 0]/A 850 0 R>>endobj
-852 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-853 0 obj<</Subtype/Link/Rect[338.7 579.8 449.4 592.8]/Border[0 0 0]/A 852 0 R>>endobj
-854 0 obj[851 0 R
-853 0 R]endobj
-855 0 obj<</S/URI/URI(http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp)>>endobj
-856 0 obj<</Subtype/Link/Rect[72.0 586.6 183.5 599.6]/Border[0 0 0]/A 855 0 R>>endobj
-857 0 obj<</S/Launch/F(#HOSTMSDFS)>>endobj
-858 0 obj<</Subtype/Link/Rect[345.1 507.4 417.7 520.4]/Border[0 0 0]/A 857 0 R>>endobj
-859 0 obj<</S/Launch/F(#MSDFSROOT)>>endobj
-860 0 obj<</Subtype/Link/Rect[380.8 494.2 453.4 507.2]/Border[0 0 0]/A 859 0 R>>endobj
-861 0 obj[856 0 R
+844 0 R
+845 0 R
+846 0 R
+847 0 R
+848 0 R
+849 0 R
+850 0 R
+851 0 R
+852 0 R
+853 0 R
+854 0 R
+855 0 R
+856 0 R
+857 0 R
 858 0 R
-860 0 R]endobj
-862 0 obj<</S/URI/URI(http://imprints.sourceforge.net)>>endobj
-863 0 obj<</Subtype/Link/Rect[143.7 544.6 280.3 557.6]/Border[0 0 0]/A 862 0 R>>endobj
-864 0 obj<</S/URI/URI(http://msdn.microsoft.com/)>>endobj
-865 0 obj<</Subtype/Link/Rect[218.6 518.2 341.1 531.2]/Border[0 0 0]/A 864 0 R>>endobj
-866 0 obj<</S/URI/URI(http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP)>>endobj
-867 0 obj<</Subtype/Link/Rect[72.0 333.4 355.9 346.4]/Border[0 0 0]/A 866 0 R>>endobj
-868 0 obj[863 0 R
-865 0 R
-867 0 R]endobj
-869 0 obj<</S/Launch/F(#WRITELIST)>>endobj
-870 0 obj<</Subtype/Link/Rect[91.9 471.4 157.9 484.4]/Border[0 0 0]/A 869 0 R>>endobj
-871 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-872 0 obj<</Subtype/Link/Rect[184.4 458.2 285.8 471.2]/Border[0 0 0]/A 871 0 R>>endobj
-873 0 obj<</S/Launch/F(#GUESTOK)>>endobj
-874 0 obj<</Subtype/Link/Rect[160.6 431.8 228.6 444.8]/Border[0 0 0]/A 873 0 R>>endobj
-875 0 obj<</S/Launch/F(#MAPTOGUEST)>>endobj
-876 0 obj<</Subtype/Link/Rect[501.3 321.9 536.7 334.9]/Border[0 0 0]/A 875 0 R>>endobj
-877 0 obj<</S/Launch/F(#MAPTOGUEST)>>endobj
-878 0 obj<</Subtype/Link/Rect[94.2 308.7 174.1 321.7]/Border[0 0 0]/A 877 0 R>>endobj
-879 0 obj[870 0 R
-872 0 R
-874 0 R
-876 0 R
+859 0 R
+860 0 R
+861 0 R]endobj
+863 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
+864 0 obj<</Subtype/Link/Rect[174.0 562.6 270.6 575.6]/Border[0 0 0]/A 863 0 R>>endobj
+865 0 obj<</S/Launch/F(#PASSWORDLEVEL)>>endobj
+866 0 obj<</Subtype/Link/Rect[72.0 300.6 153.0 311.6]/Border[0 0 0]/A 865 0 R>>endobj
+867 0 obj<</S/Launch/F(#USERNAMELEVEL)>>endobj
+868 0 obj<</Subtype/Link/Rect[72.0 289.8 147.6 300.8]/Border[0 0 0]/A 867 0 R>>endobj
+869 0 obj[864 0 R
+866 0 R
+868 0 R]endobj
+870 0 obj<</S/Launch/F(winbind.html)>>endobj
+871 0 obj<</Subtype/Link/Rect[503.4 161.0 544.6 174.0]/Border[0 0 0]/A 870 0 R>>endobj
+872 0 obj<</S/Launch/F(winbind.html)>>endobj
+873 0 obj<</Subtype/Link/Rect[72.0 147.8 115.4 160.8]/Border[0 0 0]/A 872 0 R>>endobj
+874 0 obj[871 0 R
+873 0 R]endobj
+875 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
+876 0 obj<</Subtype/Link/Rect[493.0 75.0 545.8 88.0]/Border[0 0 0]/A 875 0 R>>endobj
+877 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
+878 0 obj<</Subtype/Link/Rect[72.0 61.8 98.4 74.8]/Border[0 0 0]/A 877 0 R>>endobj
+879 0 obj[876 0 R
 878 0 R]endobj
-880 0 obj<</S/Launch/F(#PRINTERADMIN)>>endobj
-881 0 obj<</Subtype/Link/Rect[451.3 719.6 537.1 732.6]/Border[0 0 0]/A 880 0 R>>endobj
-882 0 obj<</S/Launch/F(rpcclient.1.html)>>endobj
-883 0 obj<</Subtype/Link/Rect[233.6 99.7 379.3 112.7]/Border[0 0 0]/A 882 0 R>>endobj
-884 0 obj[881 0 R
-883 0 R]endobj
-885 0 obj<</S/Launch/F(#SHOWADDPRINTERWIZARD)>>endobj
-886 0 obj<</Subtype/Link/Rect[108.0 361.4 299.4 374.4]/Border[0 0 0]/A 885 0 R>>endobj
-887 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
-888 0 obj<</Subtype/Link/Rect[453.9 335.0 526.5 348.0]/Border[0 0 0]/A 887 0 R>>endobj
-889 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
-890 0 obj<</Subtype/Link/Rect[72.0 321.8 118.2 334.8]/Border[0 0 0]/A 889 0 R>>endobj
-891 0 obj<</S/Launch/F(#DELETEPRINTERCOMMAND)>>endobj
-892 0 obj<</Subtype/Link/Rect[189.3 216.2 334.5 229.2]/Border[0 0 0]/A 891 0 R>>endobj
-893 0 obj<</S/Launch/F(#ADDPRINTERCOMMAN)>>endobj
-894 0 obj<</Subtype/Link/Rect[200.6 189.8 326.0 202.8]/Border[0 0 0]/A 893 0 R>>endobj
-895 0 obj[886 0 R
-888 0 R
-890 0 R
-892 0 R
-894 0 R]endobj
-896 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
-897 0 obj<</Subtype/Link/Rect[451.4 149.0 510.8 162.0]/Border[0 0 0]/A 896 0 R>>endobj
-898 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
-899 0 obj<</Subtype/Link/Rect[72.0 135.8 118.2 148.8]/Border[0 0 0]/A 898 0 R>>endobj
-900 0 obj[897 0 R
-899 0 R]endobj
-901 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
-902 0 obj<</Subtype/Link/Rect[297.8 674.2 437.4 687.2]/Border[0 0 0]/A 901 0 R>>endobj
-903 0 obj[902 0 R]endobj
-904 0 obj<</S/Launch/F(#SECURITY)>>endobj
-905 0 obj<</Subtype/Link/Rect[72.0 615.0 115.2 626.0]/Border[0 0 0]/A 904 0 R>>endobj
-906 0 obj<</S/Launch/F(DOMAIN_MEMBER.html)>>endobj
-907 0 obj<</Subtype/Link/Rect[430.0 589.0 554.1 602.0]/Border[0 0 0]/A 906 0 R>>endobj
-908 0 obj<</S/Launch/F(ADS-HOWTO.html)>>endobj
-909 0 obj<</Subtype/Link/Rect[223.0 562.6 317.8 575.6]/Border[0 0 0]/A 908 0 R>>endobj
+880 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
+881 0 obj<</Subtype/Link/Rect[356.1 655.0 428.7 668.0]/Border[0 0 0]/A 880 0 R>>endobj
+882 0 obj<</S/Launch/F(#FORCESECURITYMODE)>>endobj
+883 0 obj<</Subtype/Link/Rect[424.3 602.2 549.7 615.2]/Border[0 0 0]/A 882 0 R>>endobj
+884 0 obj<</S/Launch/F(#FORCECREATEMODE)>>endobj
+885 0 obj<</Subtype/Link/Rect[356.1 523.0 468.3 536.0]/Border[0 0 0]/A 884 0 R>>endobj
+886 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+887 0 obj<</Subtype/Link/Rect[72.0 245.8 144.6 258.8]/Border[0 0 0]/A 886 0 R>>endobj
+888 0 obj[881 0 R
+883 0 R
+885 0 R
+887 0 R]endobj
+889 0 obj<</S/URI/URI(http://rsync.samba.org/)>>endobj
+890 0 obj<</Subtype/Link/Rect[118.1 89.0 222.3 102.0]/Border[0 0 0]/A 889 0 R>>endobj
+891 0 obj[890 0 R]endobj
+892 0 obj<</S/Launch/F(#OBEYPAMRESTRICTIONS)>>endobj
+893 0 obj<</Subtype/Link/Rect[235.4 659.0 332.9 672.0]/Border[0 0 0]/A 892 0 R>>endobj
+894 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
+895 0 obj<</Subtype/Link/Rect[338.7 579.8 449.4 592.8]/Border[0 0 0]/A 894 0 R>>endobj
+896 0 obj[893 0 R
+895 0 R]endobj
+897 0 obj<</S/URI/URI(http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp)>>endobj
+898 0 obj<</Subtype/Link/Rect[72.0 586.6 183.5 599.6]/Border[0 0 0]/A 897 0 R>>endobj
+899 0 obj<</S/Launch/F(#HOSTMSDFS)>>endobj
+900 0 obj<</Subtype/Link/Rect[345.1 507.4 417.7 520.4]/Border[0 0 0]/A 899 0 R>>endobj
+901 0 obj<</S/Launch/F(#MSDFSROOT)>>endobj
+902 0 obj<</Subtype/Link/Rect[380.8 494.2 453.4 507.2]/Border[0 0 0]/A 901 0 R>>endobj
+903 0 obj[898 0 R
+900 0 R
+902 0 R]endobj
+904 0 obj<</S/URI/URI(http://imprints.sourceforge.net)>>endobj
+905 0 obj<</Subtype/Link/Rect[143.7 544.6 280.3 557.6]/Border[0 0 0]/A 904 0 R>>endobj
+906 0 obj<</S/URI/URI(http://msdn.microsoft.com/)>>endobj
+907 0 obj<</Subtype/Link/Rect[218.6 518.2 341.1 531.2]/Border[0 0 0]/A 906 0 R>>endobj
+908 0 obj<</S/URI/URI(http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP)>>endobj
+909 0 obj<</Subtype/Link/Rect[72.0 333.4 355.9 346.4]/Border[0 0 0]/A 908 0 R>>endobj
 910 0 obj[905 0 R
 907 0 R
 909 0 R]endobj
-911 0 obj<</S/URI/URI(mailto:jtrostel@snapserver.com)>>endobj
-912 0 obj<</Subtype/Link/Rect[197.9 304.6 310.1 317.6]/Border[0 0 0]/A 911 0 R>>endobj
-913 0 obj[912 0 R]endobj
-914 0 obj<</S/URI/URI(http://samba.org/)>>endobj
-915 0 obj<</Subtype/Link/Rect[151.1 438.2 262.3 451.2]/Border[0 0 0]/A 914 0 R>>endobj
-916 0 obj[915 0 R]endobj
-917 0 obj<</S/Launch/F(winbindd.8.html)>>endobj
-918 0 obj<</Subtype/Link/Rect[306.3 235.8 363.4 248.8]/Border[0 0 0]/A 917 0 R>>endobj
-919 0 obj<</S/Launch/F(#WINBINDSEPARATOR)>>endobj
-920 0 obj<</Subtype/Link/Rect[99.0 165.8 190.8 176.8]/Border[0 0 0]/A 919 0 R>>endobj
-921 0 obj<</S/Launch/F(#WINBINDUID)>>endobj
-922 0 obj<</Subtype/Link/Rect[99.0 144.2 158.4 155.2]/Border[0 0 0]/A 921 0 R>>endobj
-923 0 obj<</S/Launch/F(#WINBINDGID)>>endobj
-924 0 obj<</Subtype/Link/Rect[99.0 122.6 158.4 133.6]/Border[0 0 0]/A 923 0 R>>endobj
-925 0 obj<</S/Launch/F(#WINBINDENUMUSERS)>>endobj
-926 0 obj<</Subtype/Link/Rect[99.0 101.0 196.2 112.0]/Border[0 0 0]/A 925 0 R>>endobj
-927 0 obj<</S/Launch/F(#WINBINDENUMGROUP)>>endobj
-928 0 obj<</Subtype/Link/Rect[99.0 90.2 201.6 101.2]/Border[0 0 0]/A 927 0 R>>endobj
-929 0 obj<</S/Launch/F(#TEMPLATEHOMEDIR)>>endobj
-930 0 obj<</Subtype/Link/Rect[99.0 68.6 185.4 79.6]/Border[0 0 0]/A 929 0 R>>endobj
-931 0 obj<</S/Launch/F(#TEMPLATESHELL)>>endobj
-932 0 obj<</Subtype/Link/Rect[99.0 57.8 174.6 68.8]/Border[0 0 0]/A 931 0 R>>endobj
-933 0 obj[918 0 R
-920 0 R
-922 0 R
-924 0 R
-926 0 R
-928 0 R
+911 0 obj<</S/Launch/F(#WRITELIST)>>endobj
+912 0 obj<</Subtype/Link/Rect[91.9 445.0 157.9 458.0]/Border[0 0 0]/A 911 0 R>>endobj
+913 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+914 0 obj<</Subtype/Link/Rect[184.4 431.8 285.8 444.8]/Border[0 0 0]/A 913 0 R>>endobj
+915 0 obj<</S/Launch/F(#GUESTOK)>>endobj
+916 0 obj<</Subtype/Link/Rect[160.6 405.4 228.6 418.4]/Border[0 0 0]/A 915 0 R>>endobj
+917 0 obj<</S/Launch/F(#MAPTOGUEST)>>endobj
+918 0 obj<</Subtype/Link/Rect[501.3 291.5 536.7 304.5]/Border[0 0 0]/A 917 0 R>>endobj
+919 0 obj<</S/Launch/F(#MAPTOGUEST)>>endobj
+920 0 obj<</Subtype/Link/Rect[94.2 278.3 174.1 291.3]/Border[0 0 0]/A 919 0 R>>endobj
+921 0 obj[912 0 R
+914 0 R
+916 0 R
+918 0 R
+920 0 R]endobj
+922 0 obj<</S/Launch/F(#PRINTERADMIN)>>endobj
+923 0 obj<</Subtype/Link/Rect[451.3 680.0 497.5 693.0]/Border[0 0 0]/A 922 0 R>>endobj
+924 0 obj<</S/Launch/F(#PRINTERADMIN)>>endobj
+925 0 obj<</Subtype/Link/Rect[130.2 666.8 163.2 679.8]/Border[0 0 0]/A 924 0 R>>endobj
+926 0 obj[923 0 R
+925 0 R]endobj
+927 0 obj<</S/Launch/F(rpcclient.1.html)>>endobj
+928 0 obj<</Subtype/Link/Rect[233.6 664.6 379.3 677.6]/Border[0 0 0]/A 927 0 R>>endobj
+929 0 obj<</S/Launch/F(#SHOWADDPRINTERWIZARD)>>endobj
+930 0 obj<</Subtype/Link/Rect[108.0 254.6 299.4 267.6]/Border[0 0 0]/A 929 0 R>>endobj
+931 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
+932 0 obj<</Subtype/Link/Rect[453.9 228.2 526.5 241.2]/Border[0 0 0]/A 931 0 R>>endobj
+933 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
+934 0 obj<</Subtype/Link/Rect[72.0 215.0 118.2 228.0]/Border[0 0 0]/A 933 0 R>>endobj
+935 0 obj<</S/Launch/F(#DELETEPRINTERCOMMAND)>>endobj
+936 0 obj<</Subtype/Link/Rect[189.3 109.4 334.5 122.4]/Border[0 0 0]/A 935 0 R>>endobj
+937 0 obj<</S/Launch/F(#ADDPRINTERCOMMAN)>>endobj
+938 0 obj<</Subtype/Link/Rect[200.6 83.0 326.0 96.0]/Border[0 0 0]/A 937 0 R>>endobj
+939 0 obj[928 0 R
 930 0 R
-932 0 R]endobj
-934 0 obj<</S/URI/URI(http://www.openldap.org/)>>endobj
-935 0 obj<</Subtype/Link/Rect[169.5 560.2 285.9 573.2]/Border[0 0 0]/A 934 0 R>>endobj
-936 0 obj<</S/URI/URI(http://iplanet.netscape.com/directory)>>endobj
-937 0 obj<</Subtype/Link/Rect[223.9 547.0 387.9 560.0]/Border[0 0 0]/A 936 0 R>>endobj
-938 0 obj<</S/URI/URI(http://www.ora.com/)>>endobj
-939 0 obj<</Subtype/Link/Rect[112.6 520.6 202.0 533.6]/Border[0 0 0]/A 938 0 R>>endobj
-940 0 obj<</S/URI/URI(http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html)>>endobj
-941 0 obj<</Subtype/Link/Rect[125.1 454.6 267.5 467.6]/Border[0 0 0]/A 940 0 R>>endobj
-942 0 obj<</S/URI/URI(http://samba.idealx.org/)>>endobj
-943 0 obj<</Subtype/Link/Rect[243.7 441.4 287.3 454.4]/Border[0 0 0]/A 942 0 R>>endobj
-944 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-945 0 obj<</Subtype/Link/Rect[212.8 366.2 332.5 379.2]/Border[0 0 0]/A 944 0 R>>endobj
-946 0 obj[935 0 R
-937 0 R
-939 0 R
-941 0 R
+932 0 R
+934 0 R
+936 0 R
+938 0 R]endobj
+940 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
+941 0 obj<</Subtype/Link/Rect[451.4 721.0 510.8 734.0]/Border[0 0 0]/A 940 0 R>>endobj
+942 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
+943 0 obj<</Subtype/Link/Rect[72.0 707.8 118.2 720.8]/Border[0 0 0]/A 942 0 R>>endobj
+944 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
+945 0 obj<</Subtype/Link/Rect[297.8 632.6 437.4 645.6]/Border[0 0 0]/A 944 0 R>>endobj
+946 0 obj[941 0 R
 943 0 R
 945 0 R]endobj
-947 0 obj<</S/URI/URI(http://www.padl.com/)>>endobj
-948 0 obj<</Subtype/Link/Rect[284.3 602.2 380.9 615.2]/Border[0 0 0]/A 947 0 R>>endobj
-949 0 obj<</S/Launch/F(samba-patches@samba.org)>>endobj
-950 0 obj<</Subtype/Link/Rect[332.3 487.4 458.0 500.4]/Border[0 0 0]/A 949 0 R>>endobj
-951 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
-952 0 obj<</Subtype/Link/Rect[476.6 487.4 555.8 500.4]/Border[0 0 0]/A 951 0 R>>endobj
-953 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
-954 0 obj<</Subtype/Link/Rect[271.2 237.0 350.4 250.0]/Border[0 0 0]/A 953 0 R>>endobj
-955 0 obj[948 0 R
-950 0 R
-952 0 R
-954 0 R]endobj
-956 0 obj<</S/Launch/F(#LDAPSSL)>>endobj
-957 0 obj<</Subtype/Link/Rect[108.0 61.4 141.3 74.4]/Border[0 0 0]/A 956 0 R>>endobj
-958 0 obj[957 0 R]endobj
-959 0 obj<</S/Launch/F(#LDAPSERVER)>>endobj
-960 0 obj<</Subtype/Link/Rect[108.0 721.0 156.6 734.0]/Border[0 0 0]/A 959 0 R>>endobj
-961 0 obj<</S/Launch/F(#LDAPADMINDN)>>endobj
-962 0 obj<</Subtype/Link/Rect[108.0 707.8 170.9 720.8]/Border[0 0 0]/A 961 0 R>>endobj
-963 0 obj<</S/Launch/F(#LDAPSUFFIX)>>endobj
-964 0 obj<</Subtype/Link/Rect[108.0 694.6 155.4 707.6]/Border[0 0 0]/A 963 0 R>>endobj
-965 0 obj<</S/Launch/F(#LDAPFILTER)>>endobj
-966 0 obj<</Subtype/Link/Rect[108.0 681.4 151.1 694.4]/Border[0 0 0]/A 965 0 R>>endobj
-967 0 obj<</S/Launch/F(#LDAPPORT)>>endobj
-968 0 obj<</Subtype/Link/Rect[108.0 668.2 147.4 681.2]/Border[0 0 0]/A 967 0 R>>endobj
-969 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-970 0 obj<</Subtype/Link/Rect[186.9 641.8 243.1 654.8]/Border[0 0 0]/A 969 0 R>>endobj
-971 0 obj[960 0 R
-962 0 R
-964 0 R
-966 0 R
-968 0 R
-970 0 R]endobj
-972 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-973 0 obj<</Subtype/Link/Rect[72.0 566.6 176.8 579.6]/Border[0 0 0]/A 972 0 R>>endobj
-974 0 obj[973 0 R]endobj
-975 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
-976 0 obj<</Subtype/Link/Rect[72.0 523.0 176.7 536.0]/Border[0 0 0]/A 975 0 R>>endobj
-977 0 obj[976 0 R]endobj
-978 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
-979 0 obj<</Subtype/Link/Rect[302.7 445.4 381.8 458.4]/Border[0 0 0]/A 978 0 R>>endobj
-980 0 obj[979 0 R]endobj
-981 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj
-982 0 obj<</Subtype/Link/Rect[354.3 573.4 500.7 586.4]/Border[0 0 0]/A 981 0 R>>endobj
-983 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj
-984 0 obj<</Subtype/Link/Rect[135.9 373.8 283.2 386.8]/Border[0 0 0]/A 983 0 R>>endobj
-985 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj
-986 0 obj<</Subtype/Link/Rect[391.6 262.6 498.2 275.6]/Border[0 0 0]/A 985 0 R>>endobj
-987 0 obj[982 0 R
-984 0 R
-986 0 R]endobj
-988 0 obj<</Subtype/Link/Rect[85.8 670.6 136.2 683.6]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 734 0]>>endobj
-989 0 obj<</Subtype/Link/Rect[130.0 657.4 162.1 670.4]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 655 0]>>endobj
-990 0 obj<</Subtype/Link/Rect[130.0 644.2 177.7 657.2]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 408 0]>>endobj
-991 0 obj<</Subtype/Link/Rect[130.0 631.0 158.4 644.0]/Border[0 0 0]/Dest[1644 0 R/XYZ 0 293 0]>>endobj
-992 0 obj<</Subtype/Link/Rect[130.0 617.8 260.5 630.8]/Border[0 0 0]/Dest[1646 0 R/XYZ 0 228 0]>>endobj
-993 0 obj<</Subtype/Link/Rect[85.8 604.6 221.1 617.6]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 734 0]>>endobj
-994 0 obj<</Subtype/Link/Rect[130.0 591.4 216.2 604.4]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 668 0]>>endobj
-995 0 obj<</Subtype/Link/Rect[130.0 578.2 181.3 591.2]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 461 0]>>endobj
-996 0 obj<</Subtype/Link/Rect[174.2 565.0 533.6 578.0]/Border[0 0 0]/Dest[1648 0 R/XYZ 0 427 0]>>endobj
-997 0 obj<</Subtype/Link/Rect[174.2 551.8 536.9 564.8]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 734 0]>>endobj
-998 0 obj<</Subtype/Link/Rect[174.2 538.6 490.2 551.6]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 523 0]>>endobj
-999 0 obj<</Subtype/Link/Rect[174.2 525.4 459.3 538.4]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 408 0]>>endobj
-1000 0 obj<</Subtype/Link/Rect[130.0 512.2 245.8 525.2]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 151 0]>>endobj
-1001 0 obj<</Subtype/Link/Rect[174.2 499.0 351.5 512.0]/Border[0 0 0]/Dest[1650 0 R/XYZ 0 118 0]>>endobj
-1002 0 obj<</Subtype/Link/Rect[174.2 485.8 351.2 498.8]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 626 0]>>endobj
-1003 0 obj<</Subtype/Link/Rect[174.2 472.6 332.5 485.6]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 475 0]>>endobj
-1004 0 obj<</Subtype/Link/Rect[174.2 459.4 301.4 472.4]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 377 0]>>endobj
-1005 0 obj<</Subtype/Link/Rect[130.0 446.2 205.6 459.2]/Border[0 0 0]/Dest[1652 0 R/XYZ 0 292 0]>>endobj
-1006 0 obj<</Subtype/Link/Rect[130.0 433.0 265.9 446.0]/Border[0 0 0]/Dest[1654 0 R/XYZ 0 718 0]>>endobj
-1007 0 obj<</Subtype/Link/Rect[85.8 419.8 157.2 432.8]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 734 0]>>endobj
-1008 0 obj<</Subtype/Link/Rect[130.0 406.6 187.8 419.6]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 696 0]>>endobj
-1009 0 obj<</Subtype/Link/Rect[130.0 393.4 188.7 406.4]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 423 0]>>endobj
-1010 0 obj<</Subtype/Link/Rect[130.0 380.2 189.9 393.2]/Border[0 0 0]/Dest[1656 0 R/XYZ 0 282 0]>>endobj
-1011 0 obj<</Subtype/Link/Rect[130.0 367.0 198.4 380.0]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 613 0]>>endobj
-1012 0 obj<</Subtype/Link/Rect[130.0 353.8 269.0 366.8]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 260 0]>>endobj
-1013 0 obj<</Subtype/Link/Rect[130.0 340.6 167.6 353.6]/Border[0 0 0]/Dest[1658 0 R/XYZ 0 159 0]>>endobj
-1014 0 obj<</Subtype/Link/Rect[85.8 327.4 224.5 340.4]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 734 0]>>endobj
-1015 0 obj<</Subtype/Link/Rect[130.0 314.2 187.8 327.2]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 696 0]>>endobj
-1016 0 obj<</Subtype/Link/Rect[130.0 301.0 188.4 314.0]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 529 0]>>endobj
-1017 0 obj<</Subtype/Link/Rect[130.0 287.8 155.4 300.8]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 199 0]>>endobj
-1018 0 obj<</Subtype/Link/Rect[174.2 274.6 203.6 287.6]/Border[0 0 0]/Dest[1660 0 R/XYZ 0 165 0]>>endobj
-1019 0 obj<</Subtype/Link/Rect[174.2 261.4 203.6 274.4]/Border[0 0 0]/Dest[1662 0 R/XYZ 0 734 0]>>endobj
-1020 0 obj<</Subtype/Link/Rect[174.2 248.2 203.6 261.2]/Border[0 0 0]/Dest[1662 0 R/XYZ 0 530 0]>>endobj
-1021 0 obj<</Subtype/Link/Rect[174.2 235.0 203.6 248.0]/Border[0 0 0]/Dest[1664 0 R/XYZ 0 626 0]>>endobj
-1022 0 obj<</Subtype/Link/Rect[174.2 221.8 203.6 234.8]/Border[0 0 0]/Dest[1664 0 R/XYZ 0 475 0]>>endobj
-1023 0 obj<</Subtype/Link/Rect[174.2 208.6 203.6 221.6]/Border[0 0 0]/Dest[1664 0 R/XYZ 0 351 0]>>endobj
-1024 0 obj<</Subtype/Link/Rect[174.2 195.4 203.6 208.4]/Border[0 0 0]/Dest[1666 0 R/XYZ 0 734 0]>>endobj
-1025 0 obj<</Subtype/Link/Rect[174.2 182.2 203.6 195.2]/Border[0 0 0]/Dest[1666 0 R/XYZ 0 371 0]>>endobj
-1026 0 obj<</Subtype/Link/Rect[174.2 169.0 203.6 182.0]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 705 0]>>endobj
-1027 0 obj<</Subtype/Link/Rect[179.8 155.8 214.6 168.8]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 515 0]>>endobj
-1028 0 obj<</Subtype/Link/Rect[179.8 142.6 214.6 155.6]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 377 0]>>endobj
-1029 0 obj<</Subtype/Link/Rect[130.0 129.4 227.5 142.4]/Border[0 0 0]/Dest[1668 0 R/XYZ 0 239 0]>>endobj
-1030 0 obj[988 0 R
+947 0 obj<</S/URI/URI(mailto:jtrostel@snapserver.com)>>endobj
+948 0 obj<</Subtype/Link/Rect[197.9 199.0 310.1 212.0]/Border[0 0 0]/A 947 0 R>>endobj
+949 0 obj[948 0 R]endobj
+950 0 obj<</S/URI/URI(http://samba.org/)>>endobj
+951 0 obj<</Subtype/Link/Rect[151.1 289.4 262.3 302.4]/Border[0 0 0]/A 950 0 R>>endobj
+952 0 obj[951 0 R]endobj
+953 0 obj<</S/Launch/F(winbindd.8.html)>>endobj
+954 0 obj<</Subtype/Link/Rect[306.3 76.6 363.4 89.6]/Border[0 0 0]/A 953 0 R>>endobj
+955 0 obj[954 0 R]endobj
+956 0 obj<</S/Launch/F(#WINBINDSEPARATOR)>>endobj
+957 0 obj<</Subtype/Link/Rect[99.0 690.6 190.8 701.6]/Border[0 0 0]/A 956 0 R>>endobj
+958 0 obj<</S/Launch/F(#WINBINDUID)>>endobj
+959 0 obj<</Subtype/Link/Rect[99.0 669.0 158.4 680.0]/Border[0 0 0]/A 958 0 R>>endobj
+960 0 obj<</S/Launch/F(#WINBINDGID)>>endobj
+961 0 obj<</Subtype/Link/Rect[99.0 647.4 158.4 658.4]/Border[0 0 0]/A 960 0 R>>endobj
+962 0 obj<</S/Launch/F(#WINBINDENUMUSERS)>>endobj
+963 0 obj<</Subtype/Link/Rect[99.0 625.8 196.2 636.8]/Border[0 0 0]/A 962 0 R>>endobj
+964 0 obj<</S/Launch/F(#WINBINDENUMGROUP)>>endobj
+965 0 obj<</Subtype/Link/Rect[99.0 615.0 201.6 626.0]/Border[0 0 0]/A 964 0 R>>endobj
+966 0 obj<</S/Launch/F(#TEMPLATEHOMEDIR)>>endobj
+967 0 obj<</Subtype/Link/Rect[99.0 593.4 185.4 604.4]/Border[0 0 0]/A 966 0 R>>endobj
+968 0 obj<</S/Launch/F(#TEMPLATESHELL)>>endobj
+969 0 obj<</Subtype/Link/Rect[99.0 582.6 174.6 593.6]/Border[0 0 0]/A 968 0 R>>endobj
+970 0 obj[957 0 R
+959 0 R
+961 0 R
+963 0 R
+965 0 R
+967 0 R
+969 0 R]endobj
+971 0 obj<</S/URI/URI(http://www.css.tayloru.edu/~elorimer/databasefs/index.php)>>endobj
+972 0 obj<</Subtype/Link/Rect[97.1 272.5 360.6 285.5]/Border[0 0 0]/A 971 0 R>>endobj
+973 0 obj<</S/URI/URI(mailto:elorimer@css.tayloru.edu)>>endobj
+974 0 obj<</Subtype/Link/Rect[84.8 246.1 144.7 259.1]/Border[0 0 0]/A 973 0 R>>endobj
+975 0 obj[972 0 R
+974 0 R]endobj
+976 0 obj<</S/URI/URI(http://www.openantivirus.org/)>>endobj
+977 0 obj<</Subtype/Link/Rect[97.1 691.0 233.0 704.0]/Border[0 0 0]/A 976 0 R>>endobj
+978 0 obj[977 0 R]endobj
+979 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj
+980 0 obj<</Subtype/Link/Rect[354.3 597.4 500.7 610.4]/Border[0 0 0]/A 979 0 R>>endobj
+981 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj
+982 0 obj<</Subtype/Link/Rect[135.9 397.8 283.2 410.8]/Border[0 0 0]/A 981 0 R>>endobj
+983 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj
+984 0 obj<</Subtype/Link/Rect[391.6 286.6 498.2 299.6]/Border[0 0 0]/A 983 0 R>>endobj
+985 0 obj[980 0 R
+982 0 R
+984 0 R]endobj
+986 0 obj<</Subtype/Link/Rect[85.8 670.6 136.2 683.6]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 734 0]>>endobj
+987 0 obj<</Subtype/Link/Rect[130.0 657.4 162.1 670.4]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 655 0]>>endobj
+988 0 obj<</Subtype/Link/Rect[130.0 644.2 177.7 657.2]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 408 0]>>endobj
+989 0 obj<</Subtype/Link/Rect[130.0 631.0 158.4 644.0]/Border[0 0 0]/Dest[1651 0 R/XYZ 0 293 0]>>endobj
+990 0 obj<</Subtype/Link/Rect[130.0 617.8 260.5 630.8]/Border[0 0 0]/Dest[1653 0 R/XYZ 0 228 0]>>endobj
+991 0 obj<</Subtype/Link/Rect[85.8 604.6 221.1 617.6]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 734 0]>>endobj
+992 0 obj<</Subtype/Link/Rect[130.0 591.4 216.2 604.4]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 668 0]>>endobj
+993 0 obj<</Subtype/Link/Rect[130.0 578.2 181.3 591.2]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 461 0]>>endobj
+994 0 obj<</Subtype/Link/Rect[174.2 565.0 533.6 578.0]/Border[0 0 0]/Dest[1655 0 R/XYZ 0 427 0]>>endobj
+995 0 obj<</Subtype/Link/Rect[174.2 551.8 536.9 564.8]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 734 0]>>endobj
+996 0 obj<</Subtype/Link/Rect[174.2 538.6 490.2 551.6]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 523 0]>>endobj
+997 0 obj<</Subtype/Link/Rect[174.2 525.4 459.3 538.4]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 408 0]>>endobj
+998 0 obj<</Subtype/Link/Rect[130.0 512.2 245.8 525.2]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 151 0]>>endobj
+999 0 obj<</Subtype/Link/Rect[174.2 499.0 351.5 512.0]/Border[0 0 0]/Dest[1657 0 R/XYZ 0 118 0]>>endobj
+1000 0 obj<</Subtype/Link/Rect[174.2 485.8 351.2 498.8]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 626 0]>>endobj
+1001 0 obj<</Subtype/Link/Rect[174.2 472.6 332.5 485.6]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 475 0]>>endobj
+1002 0 obj<</Subtype/Link/Rect[174.2 459.4 301.4 472.4]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 377 0]>>endobj
+1003 0 obj<</Subtype/Link/Rect[130.0 446.2 205.6 459.2]/Border[0 0 0]/Dest[1659 0 R/XYZ 0 292 0]>>endobj
+1004 0 obj<</Subtype/Link/Rect[130.0 433.0 265.9 446.0]/Border[0 0 0]/Dest[1661 0 R/XYZ 0 718 0]>>endobj
+1005 0 obj<</Subtype/Link/Rect[85.8 419.8 157.2 432.8]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 734 0]>>endobj
+1006 0 obj<</Subtype/Link/Rect[130.0 406.6 187.8 419.6]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 696 0]>>endobj
+1007 0 obj<</Subtype/Link/Rect[130.0 393.4 188.7 406.4]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 423 0]>>endobj
+1008 0 obj<</Subtype/Link/Rect[130.0 380.2 189.9 393.2]/Border[0 0 0]/Dest[1663 0 R/XYZ 0 282 0]>>endobj
+1009 0 obj<</Subtype/Link/Rect[130.0 367.0 198.4 380.0]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 613 0]>>endobj
+1010 0 obj<</Subtype/Link/Rect[130.0 353.8 269.0 366.8]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 260 0]>>endobj
+1011 0 obj<</Subtype/Link/Rect[130.0 340.6 167.6 353.6]/Border[0 0 0]/Dest[1665 0 R/XYZ 0 159 0]>>endobj
+1012 0 obj<</Subtype/Link/Rect[85.8 327.4 224.5 340.4]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 734 0]>>endobj
+1013 0 obj<</Subtype/Link/Rect[130.0 314.2 187.8 327.2]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 696 0]>>endobj
+1014 0 obj<</Subtype/Link/Rect[130.0 301.0 188.4 314.0]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 529 0]>>endobj
+1015 0 obj<</Subtype/Link/Rect[130.0 287.8 155.4 300.8]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 199 0]>>endobj
+1016 0 obj<</Subtype/Link/Rect[174.2 274.6 203.6 287.6]/Border[0 0 0]/Dest[1667 0 R/XYZ 0 165 0]>>endobj
+1017 0 obj<</Subtype/Link/Rect[174.2 261.4 203.6 274.4]/Border[0 0 0]/Dest[1669 0 R/XYZ 0 734 0]>>endobj
+1018 0 obj<</Subtype/Link/Rect[174.2 248.2 203.6 261.2]/Border[0 0 0]/Dest[1669 0 R/XYZ 0 530 0]>>endobj
+1019 0 obj<</Subtype/Link/Rect[174.2 235.0 203.6 248.0]/Border[0 0 0]/Dest[1671 0 R/XYZ 0 626 0]>>endobj
+1020 0 obj<</Subtype/Link/Rect[174.2 221.8 203.6 234.8]/Border[0 0 0]/Dest[1671 0 R/XYZ 0 475 0]>>endobj
+1021 0 obj<</Subtype/Link/Rect[174.2 208.6 203.6 221.6]/Border[0 0 0]/Dest[1671 0 R/XYZ 0 351 0]>>endobj
+1022 0 obj<</Subtype/Link/Rect[174.2 195.4 203.6 208.4]/Border[0 0 0]/Dest[1673 0 R/XYZ 0 734 0]>>endobj
+1023 0 obj<</Subtype/Link/Rect[174.2 182.2 203.6 195.2]/Border[0 0 0]/Dest[1673 0 R/XYZ 0 371 0]>>endobj
+1024 0 obj<</Subtype/Link/Rect[174.2 169.0 203.6 182.0]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 705 0]>>endobj
+1025 0 obj<</Subtype/Link/Rect[179.8 155.8 214.6 168.8]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 515 0]>>endobj
+1026 0 obj<</Subtype/Link/Rect[179.8 142.6 214.6 155.6]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 377 0]>>endobj
+1027 0 obj<</Subtype/Link/Rect[130.0 129.4 227.5 142.4]/Border[0 0 0]/Dest[1675 0 R/XYZ 0 239 0]>>endobj
+1028 0 obj[986 0 R
+987 0 R
+988 0 R
 989 0 R
 990 0 R
 991 0 R
@@ -1796,719 +1796,731 @@
 1024 0 R
 1025 0 R
 1026 0 R
-1027 0 R
-1028 0 R
-1029 0 R]endobj
-1031 0 obj<</S/URI/URI(http://www.thursby.com/)>>endobj
-1032 0 obj<</Subtype/Link/Rect[91.9 621.8 131.3 634.8]/Border[0 0 0]/A 1031 0 R>>endobj
-1033 0 obj<</S/URI/URI(http://www.umich.edu/~rsug/netatalk/)>>endobj
-1034 0 obj<</Subtype/Link/Rect[72.0 503.0 109.3 516.0]/Border[0 0 0]/A 1033 0 R>>endobj
-1035 0 obj<</S/URI/URI(http://www.cs.mu.oz.au/appletalk/atalk.html)>>endobj
-1036 0 obj<</Subtype/Link/Rect[130.7 503.0 154.8 516.0]/Border[0 0 0]/A 1035 0 R>>endobj
-1037 0 obj<</S/URI/URI(http://www.eats.com/linux_mac_win.html)>>endobj
-1038 0 obj<</Subtype/Link/Rect[72.0 476.6 258.1 489.6]/Border[0 0 0]/A 1037 0 R>>endobj
-1039 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj
-1040 0 obj<</Subtype/Link/Rect[325.6 367.8 544.5 380.8]/Border[0 0 0]/A 1039 0 R>>endobj
-1041 0 obj[1032 0 R
+1027 0 R]endobj
+1029 0 obj<</S/URI/URI(http://www.thursby.com/)>>endobj
+1030 0 obj<</Subtype/Link/Rect[91.9 621.8 131.3 634.8]/Border[0 0 0]/A 1029 0 R>>endobj
+1031 0 obj<</S/URI/URI(http://www.umich.edu/~rsug/netatalk/)>>endobj
+1032 0 obj<</Subtype/Link/Rect[72.0 503.0 109.3 516.0]/Border[0 0 0]/A 1031 0 R>>endobj
+1033 0 obj<</S/URI/URI(http://www.cs.mu.oz.au/appletalk/atalk.html)>>endobj
+1034 0 obj<</Subtype/Link/Rect[130.7 503.0 154.8 516.0]/Border[0 0 0]/A 1033 0 R>>endobj
+1035 0 obj<</S/URI/URI(http://www.eats.com/linux_mac_win.html)>>endobj
+1036 0 obj<</Subtype/Link/Rect[72.0 476.6 258.1 489.6]/Border[0 0 0]/A 1035 0 R>>endobj
+1037 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj
+1038 0 obj<</Subtype/Link/Rect[325.6 367.8 544.5 380.8]/Border[0 0 0]/A 1037 0 R>>endobj
+1039 0 obj[1030 0 R
+1032 0 R
 1034 0 R
 1036 0 R
-1038 0 R
-1040 0 R]endobj
-1042 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj
-1043 0 obj<</Subtype/Link/Rect[72.0 661.0 319.2 674.0]/Border[0 0 0]/A 1042 0 R>>endobj
-1044 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj
-1045 0 obj<</Subtype/Link/Rect[340.6 661.0 538.7 674.0]/Border[0 0 0]/A 1044 0 R>>endobj
-1046 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj
-1047 0 obj<</Subtype/Link/Rect[173.1 538.6 363.5 551.6]/Border[0 0 0]/A 1046 0 R>>endobj
-1048 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj
-1049 0 obj<</Subtype/Link/Rect[220.2 450.2 429.3 463.2]/Border[0 0 0]/A 1048 0 R>>endobj
-1050 0 obj[1043 0 R
+1038 0 R]endobj
+1040 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj
+1041 0 obj<</Subtype/Link/Rect[72.0 661.0 319.2 674.0]/Border[0 0 0]/A 1040 0 R>>endobj
+1042 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj
+1043 0 obj<</Subtype/Link/Rect[340.6 661.0 538.7 674.0]/Border[0 0 0]/A 1042 0 R>>endobj
+1044 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj
+1045 0 obj<</Subtype/Link/Rect[173.1 538.6 363.5 551.6]/Border[0 0 0]/A 1044 0 R>>endobj
+1046 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj
+1047 0 obj<</Subtype/Link/Rect[220.2 450.2 429.3 463.2]/Border[0 0 0]/A 1046 0 R>>endobj
+1048 0 obj[1041 0 R
+1043 0 R
 1045 0 R
-1047 0 R
-1049 0 R]endobj
-1051 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-1052 0 obj<</Subtype/Link/Rect[218.7 321.4 275.0 334.4]/Border[0 0 0]/A 1051 0 R>>endobj
-1053 0 obj[1052 0 R]endobj
-1054 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-1055 0 obj<</Subtype/Link/Rect[493.6 579.8 549.8 592.8]/Border[0 0 0]/A 1054 0 R>>endobj
-1056 0 obj[1055 0 R]endobj
-1057 0 obj<</S/Launch/F(samba@samba.org)>>endobj
-1058 0 obj<</Subtype/Link/Rect[311.8 650.2 398.3 663.2]/Border[0 0 0]/A 1057 0 R>>endobj
-1059 0 obj<</S/URI/URI(mailto:samba-technical@samba.org)>>endobj
-1060 0 obj<</Subtype/Link/Rect[126.4 637.0 258.8 650.0]/Border[0 0 0]/A 1059 0 R>>endobj
-1061 0 obj<</S/URI/URI(http://samba.org/samba/)>>endobj
-1062 0 obj<</Subtype/Link/Rect[161.5 439.0 270.3 452.0]/Border[0 0 0]/A 1061 0 R>>endobj
-1063 0 obj<</S/Launch/F(Diagnosis.html)>>endobj
-1064 0 obj<</Subtype/Link/Rect[185.0 337.4 229.3 350.4]/Border[0 0 0]/A 1063 0 R>>endobj
-1065 0 obj[1058 0 R
+1047 0 R]endobj
+1049 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+1050 0 obj<</Subtype/Link/Rect[218.7 321.4 274.9 334.4]/Border[0 0 0]/A 1049 0 R>>endobj
+1051 0 obj[1050 0 R]endobj
+1052 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
+1053 0 obj<</Subtype/Link/Rect[493.6 579.8 549.8 592.8]/Border[0 0 0]/A 1052 0 R>>endobj
+1054 0 obj[1053 0 R]endobj
+1055 0 obj<</S/Launch/F(samba@samba.org)>>endobj
+1056 0 obj<</Subtype/Link/Rect[311.8 650.2 398.3 663.2]/Border[0 0 0]/A 1055 0 R>>endobj
+1057 0 obj<</S/URI/URI(mailto:samba-technical@samba.org)>>endobj
+1058 0 obj<</Subtype/Link/Rect[126.4 637.0 258.8 650.0]/Border[0 0 0]/A 1057 0 R>>endobj
+1059 0 obj<</S/URI/URI(http://samba.org/samba/)>>endobj
+1060 0 obj<</Subtype/Link/Rect[161.5 439.0 270.3 452.0]/Border[0 0 0]/A 1059 0 R>>endobj
+1061 0 obj<</S/Launch/F(Diagnosis.html)>>endobj
+1062 0 obj<</Subtype/Link/Rect[185.0 337.4 229.3 350.4]/Border[0 0 0]/A 1061 0 R>>endobj
+1063 0 obj[1056 0 R
+1058 0 R
 1060 0 R
-1062 0 R
-1064 0 R]endobj
-1066 0 obj<</S/URI/URI(mailto:samba@samba.org)>>endobj
-1067 0 obj<</Subtype/Link/Rect[164.2 180.2 250.8 193.2]/Border[0 0 0]/A 1066 0 R>>endobj
-1068 0 obj<</S/URI/URI(http://samba.org/samba)>>endobj
-1069 0 obj<</Subtype/Link/Rect[233.0 167.0 338.7 180.0]/Border[0 0 0]/A 1068 0 R>>endobj
-1070 0 obj[1067 0 R
-1069 0 R]endobj
-1071 0 obj<</Dests 1072 0 R>>endobj
-1072 0 obj<</Kids[1073 0 R]>>endobj
-1073 0 obj<</Limits[(10)(winbind)]/Names[(10)1074 0 R(11)1075 0 R(16)1076 0 R(17)1077 0 R(3)1078 0 R(31)1079 0 R(4)1080 0 R(ads)1081 0 R(aen1005)1082 0 R(aen1013)1083 0 R(aen1020)1084 0 R(aen1056)1085 0 R(aen1069)1086 0 R(aen1072)1087 0 R(aen1082)1088 0 R(aen1118)1089 0 R(aen1122)1090 0 R(aen1130)1091 0 R(aen1133)1092 0 R(aen1136)1093 0 R(aen1139)1094 0 R(aen1143)1095 0 R(aen1160)1096 0 R(aen1178)1097 0 R(aen1184)1098 0 R(aen1193)1099 0 R(aen1205)1100 0 R(aen1215)1101 0 R(aen1219)1102 0 R(aen1231)1103 0 R(aen1236)1104 0 R(aen1239)1105 0 R(aen1261)1106 0 R(aen128)1107 0 R(aen1325)1108 0 R(aen1330)1109 0 R(aen1346)1110 0 R(aen1348)1111 0 R(aen1362)1112 0 R(aen1384)1113 0 R(aen1400)1114 0 R(aen1416)1115 0 R(aen1427)1116 0 R(aen1435)1117 0 R(aen144)1118 0 R(aen1447)1119 0 R(aen1459)1120 0 R(aen1464)1121 0 R(aen1472)1122 0 R(aen1477)1123 0 R(aen1480)1124 0 R(aen1492)1125 0 R(aen1502)1126 0 R(aen153)1127 0 R(aen1530)1128 0 R(aen1538)1129 0 R(aen1555)1130 0 R(aen1562)1131 0 R(aen1567)1132 0 R(aen1572)1133 0 R(aen1593)1134 0 R(aen1602)1135 0 R(aen1613)1136 0 R(aen1633)1137 0 R(aen1648)1138 0 R(aen1662)1139 0 R(aen1669)1140 0 R(aen169)1141 0 R(aen1691)1142 0 R(aen1755)1143 0 R(aen1776)1144 0 R(aen18)1145 0 R(aen1820)1146 0 R(aen1827)1147 0 R(aen183)1148 0 R(aen1847)1149 0 R(aen188)1150 0 R(aen1882)1151 0 R(aen1908)1152 0 R(aen192)1153 0 R(aen1930)1154 0 R(aen1938)1155 0 R(aen195)1156 0 R(aen1973)1157 0 R(aen1989)1158 0 R(aen20)1159 0 R(aen2000)1160 0 R(aen2030)1161 0 R(aen2038)1162 0 R(aen204)1163 0 R(aen2042)1164 0 R(aen2052)1165 0 R(aen2055)1166 0 R(aen2059)1167 0 R(aen2081)1168 0 R(aen2083)1169 0 R(aen209)1170 0 R(aen2099)1171 0 R(aen2108)1172 0 R(aen2116)1173 0 R(aen2144)1174 0 R(aen2155)1175 0 R(aen2167)1176 0 R(aen2170)1177 0 R(aen2173)1178 0 R(aen218)1179 0 R(aen2186)1180 0 R(aen2197)1181 0 R(aen2249)1182 0 R(aen2253)1183 0 R(aen2266)1184 0 R(aen2273)1185 0 R(aen2277)1186 0 R(aen228)1187 0 R(aen2282)1188 0 R(aen2286)1189 0 R(aen2302)1190 0 R(aen2310)1191 0 R(aen2314)1192 0 R(aen2317)1193 0 R(aen232)1194 0 R(aen2324)1195 0 R(aen2337)1196 0 R(aen2351)1197 0 R(aen2362)1198 0 R(aen2381)1199 0 R(aen241)1200 0 R(aen2414)1201 0 R(aen2430)1202 0 R(aen2441)1203 0 R(aen2477)1204 0 R(aen2479)1205 0 R(aen248)1206 0 R(aen2496)1207 0 R(aen25)1208 0 R(aen2503)1209 0 R(aen2509)1210 0 R(aen2526)1211 0 R(aen253)1212 0 R(aen2559)1213 0 R(aen2566)1214 0 R(aen2576)1215 0 R(aen2590)1216 0 R(aen2596)1217 0 R(aen2611)1218 0 R(aen2616)1219 0 R(aen2635)1220 0 R(aen2641)1221 0 R(aen2664)1222 0 R(aen2684)1223 0 R(aen2713)1224 0 R(aen2718)1225 0 R(aen2730)1226 0 R(aen2732)1227 0 R(aen2749)1228 0 R(aen2777)1229 0 R(aen2782)1230 0 R(aen2802)1231 0 R(aen2872)1232 0 R(aen288)1233 0 R(aen2880)1234 0 R(aen2891)1235 0 R(aen2896)1236 0 R(aen2899)1237 0 R(aen2904)1238 0 R(aen2982)1239 0 R(aen2988)1240 0 R(aen2990)1241 0 R(aen2998)1242 0 R(aen3004)1243 0 R(aen3008)1244 0 R(aen3015)1245 0 R(aen3020)1246 0 R(aen3025)1247 0 R(aen3029)1248 0 R(aen3034)1249 0 R(aen3037)1250 0 R(aen3040)1251 0 R(aen3045)1252 0 R(aen3049)1253 0 R(aen3056)1254 0 R(aen3061)1255 0 R(aen3065)1256 0 R(aen3068)1257 0 R(aen307)1258 0 R(aen3100)1259 0 R(aen3106)1260 0 R(aen3115)1261 0 R(aen3121)1262 0 R(aen3125)1263 0 R(aen3154)1264 0 R(aen3175)1265 0 R(aen3184)1266 0 R(aen3186)1267 0 R(aen3201)1268 0 R(aen3210)1269 0 R(aen3214)1270 0 R(aen3224)1271 0 R(aen3226)1272 0 R(aen3231)1273 0 R(aen3236)1274 0 R(aen3240)1275 0 R(aen3245)1276 0 R(aen325)1277 0 R(aen3261)1278 0 R(aen3285)1279 0 R(aen3295)1280 0 R(aen3301)1281 0 R(aen3318)1282 0 R(aen3328)1283 0 R(aen3331)1284 0 R(aen335)1285 0 R(aen3354)1286 0 R(aen3359)1287 0 R(aen3369)1288 0 R(aen3371)1289 0 R(aen3377)1290 0 R(aen3383)1291 0 R(aen3398)1292 0 R(aen3403)1293 0 R(aen3409)1294 0 R(aen3417)1295 0 R(aen344)1296 0 R(aen3443)1297 0 R(aen3460)1298 0 R(aen3468)1299 0 R(aen3474)1300 0 R(aen3479)1301 0 R(aen35)1302 0 R(aen362)1303 0 R(aen365)1304 0 R(aen377)1305 0 R(aen392)1306 0 R(aen4)1307 0 R(aen400)1308 0 R(aen414)1309 0 R(aen419)1310 0 R(aen430)1311 0 R(aen436)1312 0 R(aen472)1313 0 R(aen477)1314 0 R(aen496)1315 0 R(aen503)1316 0 R(aen512)1317 0 R(aen544)1318 0 R(aen546)1319 0 R(aen566)1320 0 R(aen572)1321 0 R(aen611)1322 0 R(aen63)1323 0 R(aen654)1324 0 R(aen67)1325 0 R(aen673)1326 0 R(aen714)1327 0 R(aen723)1328 0 R(aen738)1329 0 R(aen786)1330 0 R(aen8)1331 0 R(aen81)1332 0 R(aen830)1333 0 R(aen89)1334 0 R(aen944)1335 0 R(aen970)1336 0 R(aen989)1337 0 R(aen99)1338 0 R(aen997)1339 0 R(browsing-quick)1340 0 R(bugreport)1341 0 R(cvs-access)1342 0 R(diagnosis)1343 0 R(domain-security)1344 0 R(groupmapping)1345 0 R(improved-browsing)1346 0 R(install)1347 0 R(integrate-ms-networks)1348 0 R(msdfs)1349 0 R(oplocks)1350 0 R(other-clients)1351 0 R(pam)1352 0 R(pdb-mysql)1353 0 R(pdb-xml)1354 0 R(portability)1355 0 R(printing)1356 0 R(pwencrypt)1357 0 R(samba-bdc)1358 0 R(samba-howto-collection)1359 0 R(samba-howto-collection.html)1360 0 R(samba-ldap-howto)1361 0 R(samba-pdc)1362 0 R(securitylevels)1363 0 R(speed)1364 0 R(unix-permissions)1365 0 R(winbind)1366 0 R]>>endobj
-1074 0 obj<</D[1448 0 R/XYZ 0 734 0]>>endobj
-1075 0 obj<</D[1450 0 R/XYZ 0 734 0]>>endobj
-1076 0 obj<</D[1504 0 R/XYZ 0 734 0]>>endobj
-1077 0 obj<</D[1506 0 R/XYZ 0 734 0]>>endobj
-1078 0 obj<</D[1394 0 R/XYZ 0 734 0]>>endobj
-1079 0 obj<</D[1642 0 R/XYZ 0 734 0]>>endobj
-1080 0 obj<</D[1396 0 R/XYZ 0 734 0]>>endobj
-1081 0 obj<</D[1492 0 R/XYZ 0 734 0]>>endobj
-1082 0 obj<</D[1474 0 R/XYZ 0 366 0]>>endobj
-1083 0 obj<</D[1474 0 R/XYZ 0 142 0]>>endobj
-1084 0 obj<</D[1476 0 R/XYZ 0 678 0]>>endobj
-1085 0 obj<</D[1478 0 R/XYZ 0 362 0]>>endobj
-1086 0 obj<</D[1480 0 R/XYZ 0 451 0]>>endobj
-1087 0 obj<</D[1480 0 R/XYZ 0 370 0]>>endobj
-1088 0 obj<</D[1482 0 R/XYZ 0 718 0]>>endobj
-1089 0 obj<</D[1486 0 R/XYZ 0 672 0]>>endobj
-1090 0 obj<</D[1486 0 R/XYZ 0 597 0]>>endobj
-1091 0 obj<</D[1486 0 R/XYZ 0 225 0]>>endobj
-1092 0 obj<</D[1488 0 R/XYZ 0 734 0]>>endobj
-1093 0 obj<</D[1488 0 R/XYZ 0 609 0]>>endobj
-1094 0 obj<</D[1488 0 R/XYZ 0 524 0]>>endobj
-1095 0 obj<</D[1488 0 R/XYZ 0 383 0]>>endobj
-1096 0 obj<</D[1490 0 R/XYZ 0 620 0]>>endobj
-1097 0 obj<</D[1492 0 R/XYZ 0 524 0]>>endobj
-1098 0 obj<</D[1492 0 R/XYZ 0 417 0]>>endobj
-1099 0 obj<</D[1492 0 R/XYZ 0 241 0]>>endobj
-1100 0 obj<</D[1494 0 R/XYZ 0 556 0]>>endobj
-1101 0 obj<</D[1494 0 R/XYZ 0 240 0]>>endobj
-1102 0 obj<</D[1494 0 R/XYZ 0 151 0]>>endobj
-1103 0 obj<</D[1496 0 R/XYZ 0 692 0]>>endobj
-1104 0 obj<</D[1496 0 R/XYZ 0 603 0]>>endobj
-1105 0 obj<</D[1496 0 R/XYZ 0 528 0]>>endobj
-1106 0 obj<</D[1498 0 R/XYZ 0 696 0]>>endobj
-1107 0 obj<</D[1404 0 R/XYZ 0 247 0]>>endobj
-1108 0 obj<</D[1500 0 R/XYZ 0 362 0]>>endobj
-1109 0 obj<</D[1500 0 R/XYZ 0 155 0]>>endobj
-1110 0 obj<</D[1502 0 R/XYZ 0 337 0]>>endobj
-1111 0 obj<</D[1504 0 R/XYZ 0 696 0]>>endobj
-1112 0 obj<</D[1512 0 R/XYZ 0 672 0]>>endobj
-1113 0 obj<</D[1512 0 R/XYZ 0 439 0]>>endobj
-1114 0 obj<</D[1512 0 R/XYZ 0 311 0]>>endobj
-1115 0 obj<</D[1514 0 R/XYZ 0 441 0]>>endobj
-1116 0 obj<</D[1514 0 R/XYZ 0 303 0]>>endobj
-1117 0 obj<</D[1514 0 R/XYZ 0 157 0]>>endobj
-1118 0 obj<</D[1406 0 R/XYZ 0 665 0]>>endobj
-1119 0 obj<</D[1516 0 R/XYZ 0 339 0]>>endobj
-1120 0 obj<</D[1518 0 R/XYZ 0 266 0]>>endobj
-1121 0 obj<</D[1520 0 R/XYZ 0 734 0]>>endobj
-1122 0 obj<</D[1522 0 R/XYZ 0 459 0]>>endobj
-1123 0 obj<</D[1522 0 R/XYZ 0 361 0]>>endobj
-1124 0 obj<</D[1522 0 R/XYZ 0 224 0]>>endobj
-1125 0 obj<</D[1524 0 R/XYZ 0 670 0]>>endobj
-1126 0 obj<</D[1524 0 R/XYZ 0 126 0]>>endobj
-1127 0 obj<</D[1406 0 R/XYZ 0 498 0]>>endobj
-1128 0 obj<</D[1528 0 R/XYZ 0 734 0]>>endobj
-1129 0 obj<</D[1528 0 R/XYZ 0 484 0]>>endobj
-1130 0 obj<</D[1528 0 R/XYZ 0 132 0]>>endobj
-1131 0 obj<</D[1530 0 R/XYZ 0 523 0]>>endobj
-1132 0 obj<</D[1530 0 R/XYZ 0 377 0]>>endobj
-1133 0 obj<</D[1530 0 R/XYZ 0 263 0]>>endobj
-1134 0 obj<</D[1532 0 R/XYZ 0 672 0]>>endobj
-1135 0 obj<</D[1532 0 R/XYZ 0 497 0]>>endobj
-1136 0 obj<</D[1532 0 R/XYZ 0 330 0]>>endobj
-1137 0 obj<</D[1534 0 R/XYZ 0 665 0]>>endobj
-1138 0 obj<</D[1534 0 R/XYZ 0 432 0]>>endobj
-1139 0 obj<</D[1534 0 R/XYZ 0 189 0]>>endobj
-1140 0 obj<</D[1536 0 R/XYZ 0 692 0]>>endobj
-1141 0 obj<</D[1406 0 R/XYZ 0 330 0]>>endobj
-1142 0 obj<</D[1536 0 R/XYZ 0 260 0]>>endobj
-1143 0 obj<</D[1540 0 R/XYZ 0 599 0]>>endobj
-1144 0 obj<</D[1542 0 R/XYZ 0 672 0]>>endobj
-1145 0 obj<</D[1392 0 R/XYZ 0 258 0]>>endobj
-1146 0 obj<</D[1544 0 R/XYZ 0 148 0]>>endobj
-1147 0 obj<</D[1546 0 R/XYZ 0 705 0]>>endobj
-1148 0 obj<</D[1408 0 R/XYZ 0 734 0]>>endobj
-1149 0 obj<</D[1548 0 R/XYZ 0 672 0]>>endobj
-1150 0 obj<</D[1408 0 R/XYZ 0 553 0]>>endobj
-1151 0 obj<</D[1550 0 R/XYZ 0 652 0]>>endobj
-1152 0 obj<</D[1552 0 R/XYZ 0 696 0]>>endobj
-1153 0 obj<</D[1408 0 R/XYZ 0 494 0]>>endobj
-1154 0 obj<</D[1552 0 R/XYZ 0 317 0]>>endobj
-1155 0 obj<</D[1552 0 R/XYZ 0 131 0]>>endobj
-1156 0 obj<</D[1408 0 R/XYZ 0 409 0]>>endobj
-1157 0 obj<</D[1556 0 R/XYZ 0 583 0]>>endobj
-1158 0 obj<</D[1556 0 R/XYZ 0 169 0]>>endobj
-1159 0 obj<</D[1394 0 R/XYZ 0 696 0]>>endobj
-1160 0 obj<</D[1558 0 R/XYZ 0 470 0]>>endobj
-1161 0 obj<</D[1560 0 R/XYZ 0 297 0]>>endobj
-1162 0 obj<</D[1562 0 R/XYZ 0 734 0]>>endobj
-1163 0 obj<</D[1410 0 R/XYZ 0 734 0]>>endobj
-1164 0 obj<</D[1562 0 R/XYZ 0 632 0]>>endobj
-1165 0 obj<</D[1562 0 R/XYZ 0 507 0]>>endobj
-1166 0 obj<</D[1562 0 R/XYZ 0 423 0]>>endobj
-1167 0 obj<</D[1562 0 R/XYZ 0 325 0]>>endobj
-1168 0 obj<</D[1564 0 R/XYZ 0 440 0]>>endobj
-1169 0 obj<</D[1564 0 R/XYZ 0 406 0]>>endobj
-1170 0 obj<</D[1410 0 R/XYZ 0 583 0]>>endobj
-1171 0 obj<</D[1566 0 R/XYZ 0 479 0]>>endobj
-1172 0 obj<</D[1568 0 R/XYZ 0 692 0]>>endobj
-1173 0 obj<</D[1568 0 R/XYZ 0 511 0]>>endobj
-1174 0 obj<</D[1570 0 R/XYZ 0 734 0]>>endobj
-1175 0 obj<</D[1570 0 R/XYZ 0 394 0]>>endobj
-1176 0 obj<</D[1572 0 R/XYZ 0 718 0]>>endobj
-1177 0 obj<</D[1572 0 R/XYZ 0 633 0]>>endobj
-1178 0 obj<</D[1572 0 R/XYZ 0 535 0]>>endobj
-1179 0 obj<</D[1410 0 R/XYZ 0 128 0]>>endobj
-1180 0 obj<</D[1574 0 R/XYZ 0 696 0]>>endobj
-1181 0 obj<</D[1574 0 R/XYZ 0 467 0]>>endobj
-1182 0 obj<</D[1578 0 R/XYZ 0 672 0]>>endobj
-1183 0 obj<</D[1578 0 R/XYZ 0 544 0]>>endobj
-1184 0 obj<</D[1578 0 R/XYZ 0 231 0]>>endobj
-1185 0 obj<</D[1580 0 R/XYZ 0 560 0]>>endobj
-1186 0 obj<</D[1580 0 R/XYZ 0 409 0]>>endobj
-1187 0 obj<</D[1414 0 R/XYZ 0 696 0]>>endobj
-1188 0 obj<</D[1580 0 R/XYZ 0 294 0]>>endobj
-1189 0 obj<</D[1582 0 R/XYZ 0 734 0]>>endobj
-1190 0 obj<</D[1582 0 R/XYZ 0 292 0]>>endobj
-1191 0 obj<</D[1584 0 R/XYZ 0 665 0]>>endobj
-1192 0 obj<</D[1584 0 R/XYZ 0 488 0]>>endobj
-1193 0 obj<</D[1584 0 R/XYZ 0 351 0]>>endobj
-1194 0 obj<</D[1414 0 R/XYZ 0 515 0]>>endobj
-1195 0 obj<</D[1584 0 R/XYZ 0 209 0]>>endobj
-1196 0 obj<</D[1586 0 R/XYZ 0 599 0]>>endobj
-1197 0 obj<</D[1586 0 R/XYZ 0 330 0]>>endobj
-1198 0 obj<</D[1586 0 R/XYZ 0 192 0]>>endobj
-1199 0 obj<</D[1588 0 R/XYZ 0 692 0]>>endobj
-1200 0 obj<</D[1414 0 R/XYZ 0 137 0]>>endobj
-1201 0 obj<</D[1588 0 R/XYZ 0 288 0]>>endobj
-1202 0 obj<</D[1590 0 R/XYZ 0 718 0]>>endobj
-1203 0 obj<</D[1590 0 R/XYZ 0 571 0]>>endobj
-1204 0 obj<</D[1592 0 R/XYZ 0 527 0]>>endobj
-1205 0 obj<</D[1592 0 R/XYZ 0 501 0]>>endobj
-1206 0 obj<</D[1416 0 R/XYZ 0 533 0]>>endobj
-1207 0 obj<</D[1594 0 R/XYZ 0 600 0]>>endobj
-1208 0 obj<</D[1400 0 R/XYZ 0 696 0]>>endobj
-1209 0 obj<</D[1596 0 R/XYZ 0 686 0]>>endobj
-1210 0 obj<</D[1596 0 R/XYZ 0 620 0]>>endobj
-1211 0 obj<</D[1596 0 R/XYZ 0 381 0]>>endobj
-1212 0 obj<</D[1416 0 R/XYZ 0 273 0]>>endobj
-1213 0 obj<</D[1598 0 R/XYZ 0 429 0]>>endobj
-1214 0 obj<</D[1600 0 R/XYZ 0 296 0]>>endobj
-1215 0 obj<</D[1602 0 R/XYZ 0 734 0]>>endobj
-1216 0 obj<</D[1604 0 R/XYZ 0 696 0]>>endobj
-1217 0 obj<</D[1604 0 R/XYZ 0 595 0]>>endobj
-1218 0 obj<</D[1606 0 R/XYZ 0 568 0]>>endobj
-1219 0 obj<</D[1606 0 R/XYZ 0 414 0]>>endobj
-1220 0 obj<</D[1608 0 R/XYZ 0 696 0]>>endobj
-1221 0 obj<</D[1608 0 R/XYZ 0 608 0]>>endobj
-1222 0 obj<</D[1610 0 R/XYZ 0 672 0]>>endobj
-1223 0 obj<</D[1610 0 R/XYZ 0 412 0]>>endobj
-1224 0 obj<</D[1612 0 R/XYZ 0 573 0]>>endobj
-1225 0 obj<</D[1612 0 R/XYZ 0 471 0]>>endobj
-1226 0 obj<</D[1614 0 R/XYZ 0 734 0]>>endobj
-1227 0 obj<</D[1614 0 R/XYZ 0 700 0]>>endobj
-1228 0 obj<</D[1614 0 R/XYZ 0 143 0]>>endobj
-1229 0 obj<</D[1616 0 R/XYZ 0 243 0]>>endobj
-1230 0 obj<</D[1618 0 R/XYZ 0 718 0]>>endobj
-1231 0 obj<</D[1618 0 R/XYZ 0 336 0]>>endobj
-1232 0 obj<</D[1620 0 R/XYZ 0 322 0]>>endobj
-1233 0 obj<</D[1422 0 R/XYZ 0 560 0]>>endobj
-1234 0 obj<</D[1622 0 R/XYZ 0 492 0]>>endobj
-1235 0 obj<</D[1624 0 R/XYZ 0 672 0]>>endobj
-1236 0 obj<</D[1624 0 R/XYZ 0 557 0]>>endobj
-1237 0 obj<</D[1624 0 R/XYZ 0 469 0]>>endobj
-1238 0 obj<</D[1624 0 R/XYZ 0 358 0]>>endobj
-1239 0 obj<</D[1630 0 R/XYZ 0 696 0]>>endobj
-1240 0 obj<</D[1630 0 R/XYZ 0 449 0]>>endobj
-1241 0 obj<</D[1630 0 R/XYZ 0 416 0]>>endobj
-1242 0 obj<</D[1630 0 R/XYZ 0 146 0]>>endobj
-1243 0 obj<</D[1632 0 R/XYZ 0 652 0]>>endobj
-1244 0 obj<</D[1632 0 R/XYZ 0 515 0]>>endobj
-1245 0 obj<</D[1632 0 R/XYZ 0 255 0]>>endobj
-1246 0 obj<</D[1634 0 R/XYZ 0 718 0]>>endobj
-1247 0 obj<</D[1634 0 R/XYZ 0 537 0]>>endobj
-1248 0 obj<</D[1634 0 R/XYZ 0 409 0]>>endobj
-1249 0 obj<</D[1634 0 R/XYZ 0 189 0]>>endobj
-1250 0 obj<</D[1636 0 R/XYZ 0 734 0]>>endobj
-1251 0 obj<</D[1636 0 R/XYZ 0 645 0]>>endobj
-1252 0 obj<</D[1636 0 R/XYZ 0 477 0]>>endobj
-1253 0 obj<</D[1636 0 R/XYZ 0 349 0]>>endobj
-1254 0 obj<</D[1636 0 R/XYZ 0 129 0]>>endobj
-1255 0 obj<</D[1638 0 R/XYZ 0 639 0]>>endobj
-1256 0 obj<</D[1638 0 R/XYZ 0 511 0]>>endobj
-1257 0 obj<</D[1638 0 R/XYZ 0 436 0]>>endobj
-1258 0 obj<</D[1424 0 R/XYZ 0 613 0]>>endobj
-1259 0 obj<</D[1640 0 R/XYZ 0 388 0]>>endobj
-1260 0 obj<</D[1640 0 R/XYZ 0 170 0]>>endobj
-1261 0 obj<</D[1644 0 R/XYZ 0 655 0]>>endobj
-1262 0 obj<</D[1644 0 R/XYZ 0 408 0]>>endobj
-1263 0 obj<</D[1644 0 R/XYZ 0 293 0]>>endobj
-1264 0 obj<</D[1646 0 R/XYZ 0 228 0]>>endobj
-1265 0 obj<</D[1648 0 R/XYZ 0 668 0]>>endobj
-1266 0 obj<</D[1648 0 R/XYZ 0 461 0]>>endobj
-1267 0 obj<</D[1648 0 R/XYZ 0 427 0]>>endobj
-1268 0 obj<</D[1650 0 R/XYZ 0 734 0]>>endobj
-1269 0 obj<</D[1650 0 R/XYZ 0 523 0]>>endobj
-1270 0 obj<</D[1650 0 R/XYZ 0 408 0]>>endobj
-1271 0 obj<</D[1650 0 R/XYZ 0 151 0]>>endobj
-1272 0 obj<</D[1650 0 R/XYZ 0 118 0]>>endobj
-1273 0 obj<</D[1652 0 R/XYZ 0 626 0]>>endobj
-1274 0 obj<</D[1652 0 R/XYZ 0 475 0]>>endobj
-1275 0 obj<</D[1652 0 R/XYZ 0 377 0]>>endobj
-1276 0 obj<</D[1652 0 R/XYZ 0 292 0]>>endobj
-1277 0 obj<</D[1426 0 R/XYZ 0 622 0]>>endobj
-1278 0 obj<</D[1654 0 R/XYZ 0 718 0]>>endobj
-1279 0 obj<</D[1656 0 R/XYZ 0 696 0]>>endobj
-1280 0 obj<</D[1656 0 R/XYZ 0 423 0]>>endobj
-1281 0 obj<</D[1656 0 R/XYZ 0 282 0]>>endobj
-1282 0 obj<</D[1658 0 R/XYZ 0 613 0]>>endobj
-1283 0 obj<</D[1658 0 R/XYZ 0 260 0]>>endobj
-1284 0 obj<</D[1658 0 R/XYZ 0 159 0]>>endobj
-1285 0 obj<</D[1426 0 R/XYZ 0 266 0]>>endobj
-1286 0 obj<</D[1660 0 R/XYZ 0 696 0]>>endobj
-1287 0 obj<</D[1660 0 R/XYZ 0 529 0]>>endobj
-1288 0 obj<</D[1660 0 R/XYZ 0 199 0]>>endobj
-1289 0 obj<</D[1660 0 R/XYZ 0 165 0]>>endobj
-1290 0 obj<</D[1662 0 R/XYZ 0 734 0]>>endobj
-1291 0 obj<</D[1662 0 R/XYZ 0 530 0]>>endobj
-1292 0 obj<</D[1664 0 R/XYZ 0 626 0]>>endobj
-1293 0 obj<</D[1664 0 R/XYZ 0 475 0]>>endobj
-1294 0 obj<</D[1664 0 R/XYZ 0 351 0]>>endobj
-1295 0 obj<</D[1666 0 R/XYZ 0 734 0]>>endobj
-1296 0 obj<</D[1428 0 R/XYZ 0 520 0]>>endobj
-1297 0 obj<</D[1666 0 R/XYZ 0 371 0]>>endobj
-1298 0 obj<</D[1668 0 R/XYZ 0 705 0]>>endobj
-1299 0 obj<</D[1668 0 R/XYZ 0 515 0]>>endobj
-1300 0 obj<</D[1668 0 R/XYZ 0 377 0]>>endobj
-1301 0 obj<</D[1668 0 R/XYZ 0 239 0]>>endobj
-1302 0 obj<</D[1400 0 R/XYZ 0 568 0]>>endobj
-1303 0 obj<</D[1430 0 R/XYZ 0 734 0]>>endobj
-1304 0 obj<</D[1430 0 R/XYZ 0 645 0]>>endobj
-1305 0 obj<</D[1432 0 R/XYZ 0 696 0]>>endobj
-1306 0 obj<</D[1434 0 R/XYZ 0 604 0]>>endobj
-1307 0 obj<</D[1384 0 R/XYZ 0 696 0]>>endobj
-1308 0 obj<</D[1434 0 R/XYZ 0 159 0]>>endobj
-1309 0 obj<</D[1436 0 R/XYZ 0 483 0]>>endobj
-1310 0 obj<</D[1436 0 R/XYZ 0 305 0]>>endobj
-1311 0 obj<</D[1438 0 R/XYZ 0 467 0]>>endobj
-1312 0 obj<</D[1438 0 R/XYZ 0 187 0]>>endobj
-1313 0 obj<</D[1442 0 R/XYZ 0 672 0]>>endobj
-1314 0 obj<</D[1442 0 R/XYZ 0 531 0]>>endobj
-1315 0 obj<</D[1444 0 R/XYZ 0 734 0]>>endobj
-1316 0 obj<</D[1444 0 R/XYZ 0 609 0]>>endobj
-1317 0 obj<</D[1444 0 R/XYZ 0 511 0]>>endobj
-1318 0 obj<</D[1446 0 R/XYZ 0 681 0]>>endobj
-1319 0 obj<</D[1448 0 R/XYZ 0 696 0]>>endobj
-1320 0 obj<</D[1452 0 R/XYZ 0 672 0]>>endobj
-1321 0 obj<</D[1452 0 R/XYZ 0 584 0]>>endobj
-1322 0 obj<</D[1454 0 R/XYZ 0 718 0]>>endobj
-1323 0 obj<</D[1400 0 R/XYZ 0 163 0]>>endobj
-1324 0 obj<</D[1456 0 R/XYZ 0 613 0]>>endobj
-1325 0 obj<</D[1402 0 R/XYZ 0 734 0]>>endobj
-1326 0 obj<</D[1456 0 R/XYZ 0 227 0]>>endobj
-1327 0 obj<</D[1458 0 R/XYZ 0 319 0]>>endobj
-1328 0 obj<</D[1460 0 R/XYZ 0 734 0]>>endobj
-1329 0 obj<</D[1460 0 R/XYZ 0 385 0]>>endobj
-1330 0 obj<</D[1462 0 R/XYZ 0 129 0]>>endobj
-1331 0 obj<</D[1386 0 R/XYZ 0 734 0]>>endobj
-1332 0 obj<</D[1402 0 R/XYZ 0 385 0]>>endobj
-1333 0 obj<</D[1464 0 R/XYZ 0 124 0]>>endobj
-1334 0 obj<</D[1402 0 R/XYZ 0 257 0]>>endobj
-1335 0 obj<</D[1470 0 R/XYZ 0 507 0]>>endobj
-1336 0 obj<</D[1472 0 R/XYZ 0 520 0]>>endobj
-1337 0 obj<</D[1474 0 R/XYZ 0 734 0]>>endobj
-1338 0 obj<</D[1404 0 R/XYZ 0 734 0]>>endobj
-1339 0 obj<</D[1474 0 R/XYZ 0 540 0]>>endobj
-1340 0 obj<</D[1434 0 R/XYZ 0 734 0]>>endobj
-1341 0 obj<</D[1656 0 R/XYZ 0 734 0]>>endobj
-1342 0 obj<</D[1624 0 R/XYZ 0 734 0]>>endobj
-1343 0 obj<</D[1660 0 R/XYZ 0 734 0]>>endobj
-1344 0 obj<</D[1498 0 R/XYZ 0 734 0]>>endobj
-1345 0 obj<</D[1628 0 R/XYZ 0 734 0]>>endobj
-1346 0 obj<</D[1414 0 R/XYZ 0 734 0]>>endobj
-1347 0 obj<</D[1400 0 R/XYZ 0 734 0]>>endobj
-1348 0 obj<</D[1512 0 R/XYZ 0 734 0]>>endobj
-1349 0 obj<</D[1548 0 R/XYZ 0 734 0]>>endobj
-1350 0 obj<</D[1432 0 R/XYZ 0 734 0]>>endobj
-1351 0 obj<</D[1648 0 R/XYZ 0 734 0]>>endobj
-1352 0 obj<</D[1542 0 R/XYZ 0 734 0]>>endobj
-1353 0 obj<</D[1604 0 R/XYZ 0 734 0]>>endobj
-1354 0 obj<</D[1608 0 R/XYZ 0 734 0]>>endobj
-1355 0 obj<</D[1644 0 R/XYZ 0 734 0]>>endobj
-1356 0 obj<</D[1552 0 R/XYZ 0 734 0]>>endobj
-1357 0 obj<</D[1442 0 R/XYZ 0 734 0]>>endobj
-1358 0 obj<</D[1486 0 R/XYZ 0 734 0]>>endobj
-1359 0 obj<</D[1384 0 R/XYZ 0 734 0]>>endobj
-1360 0 obj<</D[1384 0 R/XYZ 0 734 0]>>endobj
-1361 0 obj<</D[1610 0 R/XYZ 0 734 0]>>endobj
-1362 0 obj<</D[1452 0 R/XYZ 0 734 0]>>endobj
-1363 0 obj<</D[1574 0 R/XYZ 0 734 0]>>endobj
-1364 0 obj<</D[1630 0 R/XYZ 0 734 0]>>endobj
-1365 0 obj<</D[1532 0 R/XYZ 0 734 0]>>endobj
-1366 0 obj<</D[1578 0 R/XYZ 0 734 0]>>endobj
-1367 0 obj<</Type/Pages/Count 151/Kids[1368 0 R
-1370 0 R
-1372 0 R
-1374 0 R
-1376 0 R
-1378 0 R
-1380 0 R
-1382 0 R
-1384 0 R
-1386 0 R
-1388 0 R
-1390 0 R
-1392 0 R
-1394 0 R
-1396 0 R
-1398 0 R
-1400 0 R
-1402 0 R
-1404 0 R
-1406 0 R
-1408 0 R
-1410 0 R
-1412 0 R
-1414 0 R
-1416 0 R
-1418 0 R
-1420 0 R
-1422 0 R
-1424 0 R
-1426 0 R
-1428 0 R
-1430 0 R
-1432 0 R
-1434 0 R
-1436 0 R
-1438 0 R
-1440 0 R
-1442 0 R
-1444 0 R
-1446 0 R
-1448 0 R
-1450 0 R
-1452 0 R
-1454 0 R
-1456 0 R
-1458 0 R
-1460 0 R
-1462 0 R
-1464 0 R
-1466 0 R
-1468 0 R
-1470 0 R
-1472 0 R
-1474 0 R
-1476 0 R
-1478 0 R
-1480 0 R
-1482 0 R
-1484 0 R
-1486 0 R
-1488 0 R
-1490 0 R
-1492 0 R
-1494 0 R
-1496 0 R
-1498 0 R
-1500 0 R
-1502 0 R
-1504 0 R
-1506 0 R
-1508 0 R
-1510 0 R
-1512 0 R
-1514 0 R
-1516 0 R
-1518 0 R
-1520 0 R
-1522 0 R
-1524 0 R
-1526 0 R
-1528 0 R
-1530 0 R
-1532 0 R
-1534 0 R
-1536 0 R
-1538 0 R
-1540 0 R
-1542 0 R
-1544 0 R
-1546 0 R
-1548 0 R
-1550 0 R
-1552 0 R
-1554 0 R
-1556 0 R
-1558 0 R
-1560 0 R
-1562 0 R
-1564 0 R
-1566 0 R
-1568 0 R
-1570 0 R
-1572 0 R
-1574 0 R
-1576 0 R
-1578 0 R
-1580 0 R
-1582 0 R
-1584 0 R
-1586 0 R
-1588 0 R
-1590 0 R
-1592 0 R
-1594 0 R
-1596 0 R
-1598 0 R
-1600 0 R
-1602 0 R
-1604 0 R
-1606 0 R
-1608 0 R
-1610 0 R
-1612 0 R
-1614 0 R
-1616 0 R
-1618 0 R
-1620 0 R
-1622 0 R
-1624 0 R
-1626 0 R
-1628 0 R
-1630 0 R
-1632 0 R
-1634 0 R
-1636 0 R
-1638 0 R
-1640 0 R
-1642 0 R
-1644 0 R
-1646 0 R
-1648 0 R
-1650 0 R
-1652 0 R
-1654 0 R
-1656 0 R
-1658 0 R
-1660 0 R
-1662 0 R
-1664 0 R
-1666 0 R
-1668 0 R
+1062 0 R]endobj
+1064 0 obj<</S/URI/URI(mailto:samba@samba.org)>>endobj
+1065 0 obj<</Subtype/Link/Rect[164.2 180.2 250.8 193.2]/Border[0 0 0]/A 1064 0 R>>endobj
+1066 0 obj<</S/URI/URI(http://samba.org/samba)>>endobj
+1067 0 obj<</Subtype/Link/Rect[233.0 167.0 338.7 180.0]/Border[0 0 0]/A 1066 0 R>>endobj
+1068 0 obj[1065 0 R
+1067 0 R]endobj
+1069 0 obj<</Dests 1070 0 R>>endobj
+1070 0 obj<</Kids[1071 0 R]>>endobj
+1071 0 obj<</Limits[(15)(winbind)]/Names[(15)1072 0 R(16)1073 0 R(29)1074 0 R(3)1075 0 R(4)1076 0 R(8)1077 0 R(9)1078 0 R(ads)1079 0 R(aen100)1080 0 R(aen1100)1081 0 R(aen1126)1082 0 R(aen1145)1083 0 R(aen1153)1084 0 R(aen1161)1085 0 R(aen1169)1086 0 R(aen1176)1087 0 R(aen1212)1088 0 R(aen1225)1089 0 R(aen1228)1090 0 R(aen1238)1091 0 R(aen1274)1092 0 R(aen1278)1093 0 R(aen1286)1094 0 R(aen1289)1095 0 R(aen129)1096 0 R(aen1292)1097 0 R(aen1295)1098 0 R(aen1300)1099 0 R(aen1317)1100 0 R(aen1321)1101 0 R(aen1339)1102 0 R(aen1346)1103 0 R(aen1356)1104 0 R(aen1371)1105 0 R(aen1381)1106 0 R(aen1385)1107 0 R(aen1393)1108 0 R(aen1398)1109 0 R(aen1401)1110 0 R(aen1423)1111 0 R(aen145)1112 0 R(aen1478)1113 0 R(aen1481)1114 0 R(aen1499)1115 0 R(aen1513)1116 0 R(aen1535)1117 0 R(aen154)1118 0 R(aen1551)1119 0 R(aen1567)1120 0 R(aen1578)1121 0 R(aen1586)1122 0 R(aen1598)1123 0 R(aen1610)1124 0 R(aen1615)1125 0 R(aen1623)1126 0 R(aen1628)1127 0 R(aen1631)1128 0 R(aen1643)1129 0 R(aen1653)1130 0 R(aen1681)1131 0 R(aen1689)1132 0 R(aen170)1133 0 R(aen1706)1134 0 R(aen1713)1135 0 R(aen1718)1136 0 R(aen1723)1137 0 R(aen1744)1138 0 R(aen1748)1139 0 R(aen1759)1140 0 R(aen1779)1141 0 R(aen1794)1142 0 R(aen1808)1143 0 R(aen1815)1144 0 R(aen1837)1145 0 R(aen184)1146 0 R(aen189)1147 0 R(aen1901)1148 0 R(aen1922)1149 0 R(aen193)1150 0 R(aen196)1151 0 R(aen1966)1152 0 R(aen1973)1153 0 R(aen1993)1154 0 R(aen2028)1155 0 R(aen205)1156 0 R(aen2054)1157 0 R(aen2076)1158 0 R(aen2084)1159 0 R(aen21)1160 0 R(aen210)1161 0 R(aen2119)1162 0 R(aen2135)1163 0 R(aen2146)1164 0 R(aen2176)1165 0 R(aen2184)1166 0 R(aen2188)1167 0 R(aen219)1168 0 R(aen2198)1169 0 R(aen2201)1170 0 R(aen2205)1171 0 R(aen2227)1172 0 R(aen2229)1173 0 R(aen2245)1174 0 R(aen2254)1175 0 R(aen2262)1176 0 R(aen2290)1177 0 R(aen230)1178 0 R(aen2301)1179 0 R(aen2313)1180 0 R(aen2316)1181 0 R(aen2319)1182 0 R(aen2360)1183 0 R(aen2364)1184 0 R(aen2377)1185 0 R(aen238)1186 0 R(aen2384)1187 0 R(aen2388)1188 0 R(aen2393)1189 0 R(aen2397)1190 0 R(aen2400)1191 0 R(aen2416)1192 0 R(aen2424)1193 0 R(aen2428)1194 0 R(aen2431)1195 0 R(aen2438)1196 0 R(aen2451)1197 0 R(aen2465)1198 0 R(aen2476)1199 0 R(aen2495)1200 0 R(aen252)1201 0 R(aen2528)1202 0 R(aen2544)1203 0 R(aen2555)1204 0 R(aen257)1205 0 R(aen2591)1206 0 R(aen2593)1207 0 R(aen26)1208 0 R(aen2610)1209 0 R(aen2617)1210 0 R(aen2623)1211 0 R(aen2640)1212 0 R(aen2673)1213 0 R(aen268)1214 0 R(aen2680)1215 0 R(aen2690)1216 0 R(aen2700)1217 0 R(aen2704)1218 0 R(aen2713)1219 0 R(aen2720)1220 0 R(aen2725)1221 0 R(aen274)1222 0 R(aen2760)1223 0 R(aen2779)1224 0 R(aen2797)1225 0 R(aen2807)1226 0 R(aen2816)1227 0 R(aen2834)1228 0 R(aen2837)1229 0 R(aen2855)1230 0 R(aen2864)1231 0 R(aen2866)1232 0 R(aen2874)1233 0 R(aen2911)1234 0 R(aen2918)1235 0 R(aen2922)1236 0 R(aen2930)1237 0 R(aen2942)1238 0 R(aen2947)1239 0 R(aen2950)1240 0 R(aen2955)1241 0 R(aen3033)1242 0 R(aen3039)1243 0 R(aen3046)1244 0 R(aen3051)1245 0 R(aen3056)1246 0 R(aen3059)1247 0 R(aen3064)1248 0 R(aen3068)1249 0 R(aen3072)1250 0 R(aen3075)1251 0 R(aen3123)1252 0 R(aen3132)1253 0 R(aen3155)1254 0 R(aen3159)1255 0 R(aen3162)1256 0 R(aen3165)1257 0 R(aen3170)1258 0 R(aen324)1259 0 R(aen3251)1260 0 R(aen3257)1261 0 R(aen3261)1262 0 R(aen3290)1263 0 R(aen331)1264 0 R(aen3311)1265 0 R(aen3320)1266 0 R(aen3322)1267 0 R(aen3337)1268 0 R(aen3346)1269 0 R(aen3350)1270 0 R(aen3360)1271 0 R(aen3362)1272 0 R(aen3367)1273 0 R(aen3372)1274 0 R(aen3376)1275 0 R(aen3381)1276 0 R(aen3397)1277 0 R(aen3421)1278 0 R(aen3431)1279 0 R(aen3437)1280 0 R(aen3454)1281 0 R(aen346)1282 0 R(aen3464)1283 0 R(aen3467)1284 0 R(aen3490)1285 0 R(aen3495)1286 0 R(aen3505)1287 0 R(aen3507)1288 0 R(aen351)1289 0 R(aen3513)1290 0 R(aen3519)1291 0 R(aen3534)1292 0 R(aen3539)1293 0 R(aen3545)1294 0 R(aen3553)1295 0 R(aen357)1296 0 R(aen3579)1297 0 R(aen3596)1298 0 R(aen36)1299 0 R(aen3604)1300 0 R(aen3610)1301 0 R(aen3615)1302 0 R(aen388)1303 0 R(aen393)1304 0 R(aen396)1305 0 R(aen398)1306 0 R(aen4)1307 0 R(aen418)1308 0 R(aen447)1309 0 R(aen452)1310 0 R(aen464)1311 0 R(aen466)1312 0 R(aen483)1313 0 R(aen511)1314 0 R(aen516)1315 0 R(aen536)1316 0 R(aen606)1317 0 R(aen614)1318 0 R(aen616)1319 0 R(aen622)1320 0 R(aen632)1321 0 R(aen64)1322 0 R(aen649)1323 0 R(aen654)1324 0 R(aen662)1325 0 R(aen664)1326 0 R(aen670)1327 0 R(aen678)1328 0 R(aen68)1329 0 R(aen722)1330 0 R(aen728)1331 0 R(aen767)1332 0 R(aen8)1333 0 R(aen810)1334 0 R(aen82)1335 0 R(aen829)1336 0 R(aen870)1337 0 R(aen879)1338 0 R(aen894)1339 0 R(aen90)1340 0 R(aen942)1341 0 R(aen986)1342 0 R(appendixes)1343 0 R(browsing-quick)1344 0 R(bugreport)1345 0 R(cvs-access)1346 0 R(diagnosis)1347 0 R(domain-security)1348 0 R(groupmapping)1349 0 R(groupprofiles)1350 0 R(improved-browsing)1351 0 R(install)1352 0 R(integrate-ms-networks)1353 0 R(introduction)1354 0 R(msdfs)1355 0 R(optional)1356 0 R(other-clients)1357 0 R(pam)1358 0 R(passdb)1359 0 R(portability)1360 0 R(printing)1361 0 R(samba-bdc)1362 0 R(samba-howto-collection)1363 0 R(samba-howto-collection.html)1364 0 R(samba-pdc)1365 0 R(securitylevels)1366 0 R(speed)1367 0 R(type)1368 0 R(unix-permissions)1369 0 R(vfs)1370 0 R(winbind)1371 0 R]>>endobj
+1072 0 obj<</D[1509 0 R/XYZ 0 734 0]>>endobj
+1073 0 obj<</D[1511 0 R/XYZ 0 734 0]>>endobj
+1074 0 obj<</D[1649 0 R/XYZ 0 734 0]>>endobj
+1075 0 obj<</D[1399 0 R/XYZ 0 734 0]>>endobj
+1076 0 obj<</D[1401 0 R/XYZ 0 734 0]>>endobj
+1077 0 obj<</D[1449 0 R/XYZ 0 734 0]>>endobj
+1078 0 obj<</D[1451 0 R/XYZ 0 734 0]>>endobj
+1079 0 obj<</D[1497 0 R/XYZ 0 734 0]>>endobj
+1080 0 obj<</D[1409 0 R/XYZ 0 734 0]>>endobj
+1081 0 obj<</D[1475 0 R/XYZ 0 507 0]>>endobj
+1082 0 obj<</D[1477 0 R/XYZ 0 520 0]>>endobj
+1083 0 obj<</D[1479 0 R/XYZ 0 734 0]>>endobj
+1084 0 obj<</D[1479 0 R/XYZ 0 536 0]>>endobj
+1085 0 obj<</D[1479 0 R/XYZ 0 362 0]>>endobj
+1086 0 obj<</D[1479 0 R/XYZ 0 138 0]>>endobj
+1087 0 obj<</D[1481 0 R/XYZ 0 674 0]>>endobj
+1088 0 obj<</D[1483 0 R/XYZ 0 362 0]>>endobj
+1089 0 obj<</D[1485 0 R/XYZ 0 465 0]>>endobj
+1090 0 obj<</D[1485 0 R/XYZ 0 383 0]>>endobj
+1091 0 obj<</D[1487 0 R/XYZ 0 734 0]>>endobj
+1092 0 obj<</D[1491 0 R/XYZ 0 672 0]>>endobj
+1093 0 obj<</D[1491 0 R/XYZ 0 597 0]>>endobj
+1094 0 obj<</D[1491 0 R/XYZ 0 225 0]>>endobj
+1095 0 obj<</D[1493 0 R/XYZ 0 734 0]>>endobj
+1096 0 obj<</D[1409 0 R/XYZ 0 247 0]>>endobj
+1097 0 obj<</D[1493 0 R/XYZ 0 609 0]>>endobj
+1098 0 obj<</D[1493 0 R/XYZ 0 524 0]>>endobj
+1099 0 obj<</D[1493 0 R/XYZ 0 323 0]>>endobj
+1100 0 obj<</D[1495 0 R/XYZ 0 541 0]>>endobj
+1101 0 obj<</D[1495 0 R/XYZ 0 390 0]>>endobj
+1102 0 obj<</D[1497 0 R/XYZ 0 551 0]>>endobj
+1103 0 obj<</D[1497 0 R/XYZ 0 444 0]>>endobj
+1104 0 obj<</D[1497 0 R/XYZ 0 267 0]>>endobj
+1105 0 obj<</D[1499 0 R/XYZ 0 580 0]>>endobj
+1106 0 obj<</D[1499 0 R/XYZ 0 264 0]>>endobj
+1107 0 obj<</D[1499 0 R/XYZ 0 202 0]>>endobj
+1108 0 obj<</D[1501 0 R/XYZ 0 734 0]>>endobj
+1109 0 obj<</D[1501 0 R/XYZ 0 645 0]>>endobj
+1110 0 obj<</D[1501 0 R/XYZ 0 570 0]>>endobj
+1111 0 obj<</D[1503 0 R/XYZ 0 672 0]>>endobj
+1112 0 obj<</D[1411 0 R/XYZ 0 665 0]>>endobj
+1113 0 obj<</D[1505 0 R/XYZ 0 494 0]>>endobj
+1114 0 obj<</D[1505 0 R/XYZ 0 405 0]>>endobj
+1115 0 obj<</D[1509 0 R/XYZ 0 696 0]>>endobj
+1116 0 obj<</D[1517 0 R/XYZ 0 672 0]>>endobj
+1117 0 obj<</D[1517 0 R/XYZ 0 439 0]>>endobj
+1118 0 obj<</D[1411 0 R/XYZ 0 498 0]>>endobj
+1119 0 obj<</D[1517 0 R/XYZ 0 311 0]>>endobj
+1120 0 obj<</D[1519 0 R/XYZ 0 441 0]>>endobj
+1121 0 obj<</D[1519 0 R/XYZ 0 303 0]>>endobj
+1122 0 obj<</D[1519 0 R/XYZ 0 157 0]>>endobj
+1123 0 obj<</D[1521 0 R/XYZ 0 339 0]>>endobj
+1124 0 obj<</D[1523 0 R/XYZ 0 266 0]>>endobj
+1125 0 obj<</D[1525 0 R/XYZ 0 734 0]>>endobj
+1126 0 obj<</D[1527 0 R/XYZ 0 459 0]>>endobj
+1127 0 obj<</D[1527 0 R/XYZ 0 361 0]>>endobj
+1128 0 obj<</D[1527 0 R/XYZ 0 224 0]>>endobj
+1129 0 obj<</D[1529 0 R/XYZ 0 670 0]>>endobj
+1130 0 obj<</D[1529 0 R/XYZ 0 126 0]>>endobj
+1131 0 obj<</D[1533 0 R/XYZ 0 734 0]>>endobj
+1132 0 obj<</D[1533 0 R/XYZ 0 484 0]>>endobj
+1133 0 obj<</D[1411 0 R/XYZ 0 330 0]>>endobj
+1134 0 obj<</D[1533 0 R/XYZ 0 132 0]>>endobj
+1135 0 obj<</D[1535 0 R/XYZ 0 523 0]>>endobj
+1136 0 obj<</D[1535 0 R/XYZ 0 377 0]>>endobj
+1137 0 obj<</D[1535 0 R/XYZ 0 263 0]>>endobj
+1138 0 obj<</D[1537 0 R/XYZ 0 672 0]>>endobj
+1139 0 obj<</D[1537 0 R/XYZ 0 537 0]>>endobj
+1140 0 obj<</D[1537 0 R/XYZ 0 369 0]>>endobj
+1141 0 obj<</D[1539 0 R/XYZ 0 705 0]>>endobj
+1142 0 obj<</D[1539 0 R/XYZ 0 471 0]>>endobj
+1143 0 obj<</D[1539 0 R/XYZ 0 228 0]>>endobj
+1144 0 obj<</D[1541 0 R/XYZ 0 718 0]>>endobj
+1145 0 obj<</D[1541 0 R/XYZ 0 287 0]>>endobj
+1146 0 obj<</D[1413 0 R/XYZ 0 734 0]>>endobj
+1147 0 obj<</D[1413 0 R/XYZ 0 553 0]>>endobj
+1148 0 obj<</D[1545 0 R/XYZ 0 652 0]>>endobj
+1149 0 obj<</D[1547 0 R/XYZ 0 672 0]>>endobj
+1150 0 obj<</D[1413 0 R/XYZ 0 494 0]>>endobj
+1151 0 obj<</D[1413 0 R/XYZ 0 409 0]>>endobj
+1152 0 obj<</D[1549 0 R/XYZ 0 148 0]>>endobj
+1153 0 obj<</D[1551 0 R/XYZ 0 705 0]>>endobj
+1154 0 obj<</D[1553 0 R/XYZ 0 672 0]>>endobj
+1155 0 obj<</D[1555 0 R/XYZ 0 652 0]>>endobj
+1156 0 obj<</D[1415 0 R/XYZ 0 734 0]>>endobj
+1157 0 obj<</D[1557 0 R/XYZ 0 696 0]>>endobj
+1158 0 obj<</D[1557 0 R/XYZ 0 317 0]>>endobj
+1159 0 obj<</D[1557 0 R/XYZ 0 127 0]>>endobj
+1160 0 obj<</D[1399 0 R/XYZ 0 696 0]>>endobj
+1161 0 obj<</D[1415 0 R/XYZ 0 583 0]>>endobj
+1162 0 obj<</D[1561 0 R/XYZ 0 531 0]>>endobj
+1163 0 obj<</D[1563 0 R/XYZ 0 734 0]>>endobj
+1164 0 obj<</D[1563 0 R/XYZ 0 363 0]>>endobj
+1165 0 obj<</D[1565 0 R/XYZ 0 184 0]>>endobj
+1166 0 obj<</D[1567 0 R/XYZ 0 692 0]>>endobj
+1167 0 obj<</D[1567 0 R/XYZ 0 590 0]>>endobj
+1168 0 obj<</D[1415 0 R/XYZ 0 128 0]>>endobj
+1169 0 obj<</D[1567 0 R/XYZ 0 466 0]>>endobj
+1170 0 obj<</D[1567 0 R/XYZ 0 381 0]>>endobj
+1171 0 obj<</D[1567 0 R/XYZ 0 283 0]>>endobj
+1172 0 obj<</D[1569 0 R/XYZ 0 397 0]>>endobj
+1173 0 obj<</D[1569 0 R/XYZ 0 363 0]>>endobj
+1174 0 obj<</D[1571 0 R/XYZ 0 429 0]>>endobj
+1175 0 obj<</D[1573 0 R/XYZ 0 665 0]>>endobj
+1176 0 obj<</D[1573 0 R/XYZ 0 485 0]>>endobj
+1177 0 obj<</D[1575 0 R/XYZ 0 734 0]>>endobj
+1178 0 obj<</D[1419 0 R/XYZ 0 604 0]>>endobj
+1179 0 obj<</D[1575 0 R/XYZ 0 394 0]>>endobj
+1180 0 obj<</D[1577 0 R/XYZ 0 718 0]>>endobj
+1181 0 obj<</D[1577 0 R/XYZ 0 633 0]>>endobj
+1182 0 obj<</D[1577 0 R/XYZ 0 535 0]>>endobj
+1183 0 obj<</D[1579 0 R/XYZ 0 672 0]>>endobj
+1184 0 obj<</D[1579 0 R/XYZ 0 544 0]>>endobj
+1185 0 obj<</D[1579 0 R/XYZ 0 231 0]>>endobj
+1186 0 obj<</D[1419 0 R/XYZ 0 159 0]>>endobj
+1187 0 obj<</D[1581 0 R/XYZ 0 560 0]>>endobj
+1188 0 obj<</D[1581 0 R/XYZ 0 409 0]>>endobj
+1189 0 obj<</D[1581 0 R/XYZ 0 294 0]>>endobj
+1190 0 obj<</D[1583 0 R/XYZ 0 734 0]>>endobj
+1191 0 obj<</D[1583 0 R/XYZ 0 635 0]>>endobj
+1192 0 obj<</D[1583 0 R/XYZ 0 194 0]>>endobj
+1193 0 obj<</D[1585 0 R/XYZ 0 560 0]>>endobj
+1194 0 obj<</D[1585 0 R/XYZ 0 383 0]>>endobj
+1195 0 obj<</D[1585 0 R/XYZ 0 245 0]>>endobj
+1196 0 obj<</D[1587 0 R/XYZ 0 734 0]>>endobj
+1197 0 obj<</D[1587 0 R/XYZ 0 451 0]>>endobj
+1198 0 obj<</D[1587 0 R/XYZ 0 181 0]>>endobj
+1199 0 obj<</D[1589 0 R/XYZ 0 718 0]>>endobj
+1200 0 obj<</D[1589 0 R/XYZ 0 533 0]>>endobj
+1201 0 obj<</D[1421 0 R/XYZ 0 509 0]>>endobj
+1202 0 obj<</D[1589 0 R/XYZ 0 129 0]>>endobj
+1203 0 obj<</D[1591 0 R/XYZ 0 567 0]>>endobj
+1204 0 obj<</D[1591 0 R/XYZ 0 420 0]>>endobj
+1205 0 obj<</D[1421 0 R/XYZ 0 331 0]>>endobj
+1206 0 obj<</D[1593 0 R/XYZ 0 375 0]>>endobj
+1207 0 obj<</D[1593 0 R/XYZ 0 349 0]>>endobj
+1208 0 obj<</D[1405 0 R/XYZ 0 696 0]>>endobj
+1209 0 obj<</D[1595 0 R/XYZ 0 441 0]>>endobj
+1210 0 obj<</D[1597 0 R/XYZ 0 524 0]>>endobj
+1211 0 obj<</D[1597 0 R/XYZ 0 458 0]>>endobj
+1212 0 obj<</D[1597 0 R/XYZ 0 219 0]>>endobj
+1213 0 obj<</D[1599 0 R/XYZ 0 262 0]>>endobj
+1214 0 obj<</D[1423 0 R/XYZ 0 494 0]>>endobj
+1215 0 obj<</D[1603 0 R/XYZ 0 734 0]>>endobj
+1216 0 obj<</D[1603 0 R/XYZ 0 513 0]>>endobj
+1217 0 obj<</D[1605 0 R/XYZ 0 696 0]>>endobj
+1218 0 obj<</D[1605 0 R/XYZ 0 515 0]>>endobj
+1219 0 obj<</D[1605 0 R/XYZ 0 137 0]>>endobj
+1220 0 obj<</D[1607 0 R/XYZ 0 533 0]>>endobj
+1221 0 obj<</D[1607 0 R/XYZ 0 273 0]>>endobj
+1222 0 obj<</D[1423 0 R/XYZ 0 213 0]>>endobj
+1223 0 obj<</D[1613 0 R/XYZ 0 560 0]>>endobj
+1224 0 obj<</D[1615 0 R/XYZ 0 613 0]>>endobj
+1225 0 obj<</D[1617 0 R/XYZ 0 622 0]>>endobj
+1226 0 obj<</D[1617 0 R/XYZ 0 266 0]>>endobj
+1227 0 obj<</D[1619 0 R/XYZ 0 520 0]>>endobj
+1228 0 obj<</D[1621 0 R/XYZ 0 734 0]>>endobj
+1229 0 obj<</D[1621 0 R/XYZ 0 645 0]>>endobj
+1230 0 obj<</D[1623 0 R/XYZ 0 696 0]>>endobj
+1231 0 obj<</D[1623 0 R/XYZ 0 385 0]>>endobj
+1232 0 obj<</D[1623 0 R/XYZ 0 351 0]>>endobj
+1233 0 obj<</D[1623 0 R/XYZ 0 215 0]>>endobj
+1234 0 obj<</D[1625 0 R/XYZ 0 560 0]>>endobj
+1235 0 obj<</D[1625 0 R/XYZ 0 430 0]>>endobj
+1236 0 obj<</D[1625 0 R/XYZ 0 315 0]>>endobj
+1237 0 obj<</D[1627 0 R/XYZ 0 734 0]>>endobj
+1238 0 obj<</D[1629 0 R/XYZ 0 696 0]>>endobj
+1239 0 obj<</D[1629 0 R/XYZ 0 581 0]>>endobj
+1240 0 obj<</D[1629 0 R/XYZ 0 493 0]>>endobj
+1241 0 obj<</D[1629 0 R/XYZ 0 382 0]>>endobj
+1242 0 obj<</D[1635 0 R/XYZ 0 696 0]>>endobj
+1243 0 obj<</D[1635 0 R/XYZ 0 449 0]>>endobj
+1244 0 obj<</D[1635 0 R/XYZ 0 189 0]>>endobj
+1245 0 obj<</D[1637 0 R/XYZ 0 639 0]>>endobj
+1246 0 obj<</D[1637 0 R/XYZ 0 458 0]>>endobj
+1247 0 obj<</D[1637 0 R/XYZ 0 383 0]>>endobj
+1248 0 obj<</D[1637 0 R/XYZ 0 215 0]>>endobj
+1249 0 obj<</D[1639 0 R/XYZ 0 734 0]>>endobj
+1250 0 obj<</D[1639 0 R/XYZ 0 605 0]>>endobj
+1251 0 obj<</D[1639 0 R/XYZ 0 530 0]>>endobj
+1252 0 obj<</D[1643 0 R/XYZ 0 696 0]>>endobj
+1253 0 obj<</D[1643 0 R/XYZ 0 463 0]>>endobj
+1254 0 obj<</D[1643 0 R/XYZ 0 160 0]>>endobj
+1255 0 obj<</D[1645 0 R/XYZ 0 734 0]>>endobj
+1256 0 obj<</D[1645 0 R/XYZ 0 662 0]>>endobj
+1257 0 obj<</D[1645 0 R/XYZ 0 590 0]>>endobj
+1258 0 obj<</D[1645 0 R/XYZ 0 426 0]>>endobj
+1259 0 obj<</D[1427 0 R/XYZ 0 696 0]>>endobj
+1260 0 obj<</D[1651 0 R/XYZ 0 655 0]>>endobj
+1261 0 obj<</D[1651 0 R/XYZ 0 408 0]>>endobj
+1262 0 obj<</D[1651 0 R/XYZ 0 293 0]>>endobj
+1263 0 obj<</D[1653 0 R/XYZ 0 228 0]>>endobj
+1264 0 obj<</D[1427 0 R/XYZ 0 449 0]>>endobj
+1265 0 obj<</D[1655 0 R/XYZ 0 668 0]>>endobj
+1266 0 obj<</D[1655 0 R/XYZ 0 461 0]>>endobj
+1267 0 obj<</D[1655 0 R/XYZ 0 427 0]>>endobj
+1268 0 obj<</D[1657 0 R/XYZ 0 734 0]>>endobj
+1269 0 obj<</D[1657 0 R/XYZ 0 523 0]>>endobj
+1270 0 obj<</D[1657 0 R/XYZ 0 408 0]>>endobj
+1271 0 obj<</D[1657 0 R/XYZ 0 151 0]>>endobj
+1272 0 obj<</D[1657 0 R/XYZ 0 118 0]>>endobj
+1273 0 obj<</D[1659 0 R/XYZ 0 626 0]>>endobj
+1274 0 obj<</D[1659 0 R/XYZ 0 475 0]>>endobj
+1275 0 obj<</D[1659 0 R/XYZ 0 377 0]>>endobj
+1276 0 obj<</D[1659 0 R/XYZ 0 292 0]>>endobj
+1277 0 obj<</D[1661 0 R/XYZ 0 718 0]>>endobj
+1278 0 obj<</D[1663 0 R/XYZ 0 696 0]>>endobj
+1279 0 obj<</D[1663 0 R/XYZ 0 423 0]>>endobj
+1280 0 obj<</D[1663 0 R/XYZ 0 282 0]>>endobj
+1281 0 obj<</D[1665 0 R/XYZ 0 613 0]>>endobj
+1282 0 obj<</D[1429 0 R/XYZ 0 676 0]>>endobj
+1283 0 obj<</D[1665 0 R/XYZ 0 260 0]>>endobj
+1284 0 obj<</D[1665 0 R/XYZ 0 159 0]>>endobj
+1285 0 obj<</D[1667 0 R/XYZ 0 696 0]>>endobj
+1286 0 obj<</D[1667 0 R/XYZ 0 529 0]>>endobj
+1287 0 obj<</D[1667 0 R/XYZ 0 199 0]>>endobj
+1288 0 obj<</D[1667 0 R/XYZ 0 165 0]>>endobj
+1289 0 obj<</D[1429 0 R/XYZ 0 559 0]>>endobj
+1290 0 obj<</D[1669 0 R/XYZ 0 734 0]>>endobj
+1291 0 obj<</D[1669 0 R/XYZ 0 530 0]>>endobj
+1292 0 obj<</D[1671 0 R/XYZ 0 626 0]>>endobj
+1293 0 obj<</D[1671 0 R/XYZ 0 475 0]>>endobj
+1294 0 obj<</D[1671 0 R/XYZ 0 351 0]>>endobj
+1295 0 obj<</D[1673 0 R/XYZ 0 734 0]>>endobj
+1296 0 obj<</D[1429 0 R/XYZ 0 452 0]>>endobj
+1297 0 obj<</D[1673 0 R/XYZ 0 371 0]>>endobj
+1298 0 obj<</D[1675 0 R/XYZ 0 705 0]>>endobj
+1299 0 obj<</D[1405 0 R/XYZ 0 568 0]>>endobj
+1300 0 obj<</D[1675 0 R/XYZ 0 515 0]>>endobj
+1301 0 obj<</D[1675 0 R/XYZ 0 377 0]>>endobj
+1302 0 obj<</D[1675 0 R/XYZ 0 239 0]>>endobj
+1303 0 obj<</D[1431 0 R/XYZ 0 639 0]>>endobj
+1304 0 obj<</D[1431 0 R/XYZ 0 551 0]>>endobj
+1305 0 obj<</D[1431 0 R/XYZ 0 475 0]>>endobj
+1306 0 obj<</D[1431 0 R/XYZ 0 442 0]>>endobj
+1307 0 obj<</D[1389 0 R/XYZ 0 696 0]>>endobj
+1308 0 obj<</D[1431 0 R/XYZ 0 185 0]>>endobj
+1309 0 obj<</D[1433 0 R/XYZ 0 349 0]>>endobj
+1310 0 obj<</D[1433 0 R/XYZ 0 251 0]>>endobj
+1311 0 obj<</D[1435 0 R/XYZ 0 547 0]>>endobj
+1312 0 obj<</D[1435 0 R/XYZ 0 517 0]>>endobj
+1313 0 obj<</D[1437 0 R/XYZ 0 632 0]>>endobj
+1314 0 obj<</D[1439 0 R/XYZ 0 734 0]>>endobj
+1315 0 obj<</D[1439 0 R/XYZ 0 543 0]>>endobj
+1316 0 obj<</D[1439 0 R/XYZ 0 164 0]>>endobj
+1317 0 obj<</D[1441 0 R/XYZ 0 151 0]>>endobj
+1318 0 obj<</D[1443 0 R/XYZ 0 322 0]>>endobj
+1319 0 obj<</D[1443 0 R/XYZ 0 289 0]>>endobj
+1320 0 obj<</D[1443 0 R/XYZ 0 191 0]>>endobj
+1321 0 obj<</D[1445 0 R/XYZ 0 734 0]>>endobj
+1322 0 obj<</D[1405 0 R/XYZ 0 163 0]>>endobj
+1323 0 obj<</D[1447 0 R/XYZ 0 679 0]>>endobj
+1324 0 obj<</D[1447 0 R/XYZ 0 528 0]>>endobj
+1325 0 obj<</D[1447 0 R/XYZ 0 390 0]>>endobj
+1326 0 obj<</D[1447 0 R/XYZ 0 357 0]>>endobj
+1327 0 obj<</D[1447 0 R/XYZ 0 272 0]>>endobj
+1328 0 obj<</D[1449 0 R/XYZ 0 696 0]>>endobj
+1329 0 obj<</D[1407 0 R/XYZ 0 734 0]>>endobj
+1330 0 obj<</D[1457 0 R/XYZ 0 672 0]>>endobj
+1331 0 obj<</D[1457 0 R/XYZ 0 584 0]>>endobj
+1332 0 obj<</D[1459 0 R/XYZ 0 718 0]>>endobj
+1333 0 obj<</D[1391 0 R/XYZ 0 734 0]>>endobj
+1334 0 obj<</D[1461 0 R/XYZ 0 613 0]>>endobj
+1335 0 obj<</D[1407 0 R/XYZ 0 385 0]>>endobj
+1336 0 obj<</D[1461 0 R/XYZ 0 227 0]>>endobj
+1337 0 obj<</D[1463 0 R/XYZ 0 315 0]>>endobj
+1338 0 obj<</D[1465 0 R/XYZ 0 734 0]>>endobj
+1339 0 obj<</D[1465 0 R/XYZ 0 385 0]>>endobj
+1340 0 obj<</D[1407 0 R/XYZ 0 257 0]>>endobj
+1341 0 obj<</D[1467 0 R/XYZ 0 129 0]>>endobj
+1342 0 obj<</D[1469 0 R/XYZ 0 124 0]>>endobj
+1343 0 obj<</D[1647 0 R/XYZ 0 308 0]>>endobj
+1344 0 obj<</D[1419 0 R/XYZ 0 734 0]>>endobj
+1345 0 obj<</D[1663 0 R/XYZ 0 734 0]>>endobj
+1346 0 obj<</D[1629 0 R/XYZ 0 734 0]>>endobj
+1347 0 obj<</D[1667 0 R/XYZ 0 734 0]>>endobj
+1348 0 obj<</D[1503 0 R/XYZ 0 734 0]>>endobj
+1349 0 obj<</D[1633 0 R/XYZ 0 734 0]>>endobj
+1350 0 obj<</D[1643 0 R/XYZ 0 734 0]>>endobj
+1351 0 obj<</D[1605 0 R/XYZ 0 734 0]>>endobj
+1352 0 obj<</D[1405 0 R/XYZ 0 734 0]>>endobj
+1353 0 obj<</D[1517 0 R/XYZ 0 734 0]>>endobj
+1354 0 obj<</D[1397 0 R/XYZ 0 483 0]>>endobj
+1355 0 obj<</D[1553 0 R/XYZ 0 734 0]>>endobj
+1356 0 obj<</D[1507 0 R/XYZ 0 641 0]>>endobj
+1357 0 obj<</D[1655 0 R/XYZ 0 734 0]>>endobj
+1358 0 obj<</D[1547 0 R/XYZ 0 734 0]>>endobj
+1359 0 obj<</D[1427 0 R/XYZ 0 734 0]>>endobj
+1360 0 obj<</D[1651 0 R/XYZ 0 734 0]>>endobj
+1361 0 obj<</D[1557 0 R/XYZ 0 734 0]>>endobj
+1362 0 obj<</D[1491 0 R/XYZ 0 734 0]>>endobj
+1363 0 obj<</D[1389 0 R/XYZ 0 734 0]>>endobj
+1364 0 obj<</D[1389 0 R/XYZ 0 734 0]>>endobj
+1365 0 obj<</D[1457 0 R/XYZ 0 734 0]>>endobj
+1366 0 obj<</D[1453 0 R/XYZ 0 734 0]>>endobj
+1367 0 obj<</D[1635 0 R/XYZ 0 734 0]>>endobj
+1368 0 obj<</D[1447 0 R/XYZ 0 163 0]>>endobj
+1369 0 obj<</D[1537 0 R/XYZ 0 734 0]>>endobj
+1370 0 obj<</D[1623 0 R/XYZ 0 734 0]>>endobj
+1371 0 obj<</D[1579 0 R/XYZ 0 734 0]>>endobj
+1372 0 obj<</Type/Pages/Count 152/Kids[1373 0 R
+1375 0 R
+1377 0 R
+1379 0 R
+1381 0 R
+1383 0 R
+1385 0 R
+1387 0 R
+1389 0 R
+1391 0 R
+1393 0 R
+1395 0 R
+1397 0 R
+1399 0 R
+1401 0 R
+1403 0 R
+1405 0 R
+1407 0 R
+1409 0 R
+1411 0 R
+1413 0 R
+1415 0 R
+1417 0 R
+1419 0 R
+1421 0 R
+1423 0 R
+1425 0 R
+1427 0 R
+1429 0 R
+1431 0 R
+1433 0 R
+1435 0 R
+1437 0 R
+1439 0 R
+1441 0 R
+1443 0 R
+1445 0 R
+1447 0 R
+1449 0 R
+1451 0 R
+1453 0 R
+1455 0 R
+1457 0 R
+1459 0 R
+1461 0 R
+1463 0 R
+1465 0 R
+1467 0 R
+1469 0 R
+1471 0 R
+1473 0 R
+1475 0 R
+1477 0 R
+1479 0 R
+1481 0 R
+1483 0 R
+1485 0 R
+1487 0 R
+1489 0 R
+1491 0 R
+1493 0 R
+1495 0 R
+1497 0 R
+1499 0 R
+1501 0 R
+1503 0 R
+1505 0 R
+1507 0 R
+1509 0 R
+1511 0 R
+1513 0 R
+1515 0 R
+1517 0 R
+1519 0 R
+1521 0 R
+1523 0 R
+1525 0 R
+1527 0 R
+1529 0 R
+1531 0 R
+1533 0 R
+1535 0 R
+1537 0 R
+1539 0 R
+1541 0 R
+1543 0 R
+1545 0 R
+1547 0 R
+1549 0 R
+1551 0 R
+1553 0 R
+1555 0 R
+1557 0 R
+1559 0 R
+1561 0 R
+1563 0 R
+1565 0 R
+1567 0 R
+1569 0 R
+1571 0 R
+1573 0 R
+1575 0 R
+1577 0 R
+1579 0 R
+1581 0 R
+1583 0 R
+1585 0 R
+1587 0 R
+1589 0 R
+1591 0 R
+1593 0 R
+1595 0 R
+1597 0 R
+1599 0 R
+1601 0 R
+1603 0 R
+1605 0 R
+1607 0 R
+1609 0 R
+1611 0 R
+1613 0 R
+1615 0 R
+1617 0 R
+1619 0 R
+1621 0 R
+1623 0 R
+1625 0 R
+1627 0 R
+1629 0 R
+1631 0 R
+1633 0 R
+1635 0 R
+1637 0 R
+1639 0 R
+1641 0 R
+1643 0 R
+1645 0 R
+1647 0 R
+1649 0 R
+1651 0 R
+1653 0 R
+1655 0 R
+1657 0 R
+1659 0 R
+1661 0 R
+1663 0 R
+1665 0 R
+1667 0 R
+1669 0 R
+1671 0 R
+1673 0 R
+1675 0 R
 ]>>endobj
-1368 0 obj<</Type/Page/Parent 1367 0 R/Contents 1369 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1369 0 obj<</Filter/FlateDecode/Length 94        >>stream
+1373 0 obj<</Type/Page/Parent 1372 0 R/Contents 1374 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1374 0 obj<</Filter/FlateDecode/Length 94        >>stream
 x
+ä2T0BCs#c3…ä\.§.}7K#…�4K=3cS’¢` g`NÖvôurT(ÊÏJM.QpÉO.ÍMÍ+I,ÉÌÏÓÉâr
á
 ä«endstream
 endobj
-1370 0 obj<</Type/Page/Parent 1367 0 R/Contents 1371 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 53 0 R>>endobj
-1371 0 obj<</Filter/FlateDecode/Length 3678      >>stream
-x
Í[ÛrÇ}×Wì[œªÂÞ�¼¤t‰V,QéR^— (°Jößçœî™ž^€TÑ–HÉ®²uö`fú6==½«ÿ=ɳ1þͳ¶ÈÊ&›­žŒGc<±ÿ¼ý‰O²¦šâ¿«¬œŽÚ–ÙéWYÛ8WY^ç£Úl8iY�&˜´­GyœÔA£©#E˜ñtTa\5&%€ãHÕ“RälíÏ2£!j!¥þŒ”ƒ\Œ£)3ÖͨÁbõ‹Õl±r<*Ô(yV £Dˆacä„Þ§´q®²IÓ$ÎAˆ™OaÌDzf�6­Ç`ÚÓ±¯²b\�JÇ–tS�ÓšP¥àªD•¡JËY�sp•M+›„ã¤*5Ýa=¦*å`INbÔ¨8’8�›ò'µqrI±�‘sIÆV*KVÓ±ÆUV`KF®-0.qŠ3sÇÁ™bÁ2ÇÜi Ç`¡eü-—Tq`^Æ¿X �Ä	Ü„FOœƒ˜t̸M¤Ç`‹|È:¬ôcfü”´‚‰¤â6•lW@7pˆ}HdœƒˆŸ–&0ÎA
-;¡žFz¶ª)NbÛ08Öaª2¡¢6VUA³­P	Hª±q�sKŽNj¤Ç`KîMÇ:£}i¬Ã`Ûé`æZü_¶š`'ø_%€â¶	b`."é1X$,šX‡ÁNÚ
«‹•l]E@Z4py)âé1¦m¦”7±ƒÅÄp[b+[Õ±“�0ÎÒX‡ár9�«.Ïs·Ù$—®ÍérãÄ’cŽO¤Ç`‘ù°ûm¨Ç`q:Á‰u˜ÊŒéòÄ:Ìøë1Ø¢a¨%Öa°rÌ%VQŠ­BÖQ`†ˆœhž8!nQÀö‰ô˜ªV%Ç:¶ÃçŽu¬úŽuÊ ßûuU™I�6r) )8•Þ8M#ƒ2ad^qO¥i=Æغ„íë0•a¼8Öa*C¿%Öcú­¬ë1Øépf�QÙ!&nf�ÁÖ´WZ×c°²×ë0Ë4VŽsÊ)Îü]
-$ˆc“‰$qJQ�€°q(*"¤sÒ,œÔcš?ýVX‡i~ž­ibIie=‘”	I8ÒADŽ„FzÌiêi¬N+Ç‘è‰i¤i—ç,FzÌEY‘¤¡:-²,Uñ¤i—Sªb¤Ç˜V–s¬ÃÔ…§ªcf„–ƒ™U$T¬<7U$
I¤ÀqA#=¦H,Ãë0X\6¼i¬Ãx‚üìX‡ÁNyq¬ÃP§emf�ÁV,ÞÒXUE4C[•�”
\^”Œ#e`1-R˜)°�‘˱M[leþ’¤Ç´‹–IJÒ-šFÂA®%
-8ÐAätÖ,‰s;�…EâÄz‰ôlͽäX‡iwæôÄJ^.�­ÀR@a¥tŒΡ©Ž?$ç &E²¯é1âNCuIXÂî…€´dà°iœƒ˜´äe#‘ƒ……`Zê1XÜu§ŽU�àb¹qr?ð VO«
ÿ{ÎA
-$³�:)¶¥Ý¸G+1žN8UË81)r*ÂÀH�Á¢L†�ŒÕp–kî†,7
4¬ƒ(×ûDzÌE¹“ë0XÀð¦Mì1Xd\„Ibæ¶æ	�X�Ábf„¦�õ˜¬Ø×X±/Ï
\E‘ý¯‚\ü!9iV)‰ô˜,AÏ&¶dEìX‡Á6ô\bUÜÖ]¢s
IÜÀ©|Æ9hâÄ
#ä(±c,ÒZN‰u˜âòÔw¬Ã°=Tƒ26V•A5h†¥¢Û0
-‘ŒÅöÆ9hÊ”	³e«ÊDV…O¬Ã¦LbU™0¶È¢I`U5¾mT^ÜFUeØÿIœƒX²à­ ‘ƒ•nƒc‹¢af‹zLexùu¬Ã`Ñdñ¬*ƒ{KI3¼ä)ë(ŒÊ§Ê„qAx#=¦2
í�X‡Á¢C$Öa®GžUqÑê�MÌtÏ>ˆnTTmB\6dç –D/“Ú@�ÁÊéãX‡Áâ`õ«@²ïa?‘@€lÓq>ó8ÔAÎAL
-‡"«Ø@ÖrŸ�Nn®æ(
…b@~%k±4cäaŒHˆäb–?ËžN�A_Í]þŠLBœ½Fc‚ب¥Ý çgOžþˆcrœ�]Š(%1{[egÒ¨ÆãÙgÝùržõ—Ù‹~½›¯wÛ¿žýŠQ�œ£ŽÂ°£‚Ã~8}öêù3þz·{àx˜½Ùô¿Îg;yŽkV5
Ï_ö³›æìv‹~Mí©I©äèÛü“«z8N‚zè£ÖÐ’µ÷ž~hè=ÎæÝŠãpöM&Õ7•ÿÐjA£ä°q‘ARñ׳óínÓ×à°«¿3áÕ‘'­}ÄÓ¾‰º�$„Fã"Æ×Oóõ|Ó-ùíµ¦®Éëí®[.-ì�/ʲýÎToDGÔmNÃõnÓ_ÜÌâv©'ß™ÌûîjEˆiNzqÕ]ïæ>gjDÂÑ‘‹ó°éþ«ÿÄŸ ŸC2Ûõ|‚ÆÚ4)";V?ÊdŨÇçÝúBF�GÕ¤3žÍ·’€pNXºBx<êÎ�R¾§?¦4ùË3è{ªAx«IÞÎ;Õ
-Ù½ŽwWs±
-^|L£¦«Nr)ËÆž]wïç’¹4–£•÷½õxXÔ?âñY”.ö•~~³X^,Öï©$ZEä6ÅŸ/ÖÝf¡z27L¿ñ–Z¢º¶Ü×ò,x÷eó,ò“xíŒèìÅêºß캵Ä1ŠåÚÝv7¿–_c†&œJ�çÍÁJQéÁ±‰þè¾Î/6ón'Á‹J¹Š'émnݮΩ‹¿Iðh6ë×—‹÷7KáxÛ:ÎC:Ì.˹®‡]U=^A‘�)èQÞ‚ºÞWÝR‘ß¡¿÷7’ùIÕä¤xëœbƒú‰»q‰±døi±»;¡:GKì�õ®»�T'Ø“<�—=ˆ¦hÙ6²ò	
-ïãt×mva‡£:­ÍÅw„‚æ@¤EûaÈö9Êu;á׫sý!ߣIþ|%ï˜3ê>ÌmHÑ¢»?ÓîTþrÓkEY�pÑ
-'Àb=ß]Œô3ú´mûXîšæRLÂ�(‡÷ܪ©Û+÷l‰ƒ~�úqþw
-Œ7ELÉ
-°äv45,ÇIrC¤Æ4–urn
ÎýŽÓáýžY梛¯ô�7�l”hƒ)ªšx-@Wk?®Ï6¿SÊAT.[ut¥>{˜m¯ºM8ÊðÓ2–´ÝÇn±ä•LBŸFÄÌ©êC 3å­e;ß|Ôò/*Æu8Nïä?û8×ú¼ÀÅÒ™hr!º×¸*†„Àwò–ÕoOp·@7ëÅo4RiÊ„³å7MyŒ¶ý#í›`¶Õ†ûeú…¶¸5?l‹—'§�-fï.ß½—gØ(U«©w‹õô7{\ÅJ�_Ÿéc_«ãqñáð×'§OyŠŽvºÏw3„‘H�ÎhÃÕ¹;6úø΀†,ÑÕ伕PO‡ù>®Û¸Ö±äK~�d�ήa’X�ÊR�¼ì׉ãÛx›x×o>üƒ«à¥^æ¼SЯLä%¾%áB=Nø9ZLž/Ýûu¿�›ï"Úèa´`�4V¢2zWvGþÊò~fº¨
-n ÃrªèááU9�õ×’ã�¦Rž?~©‡
zÕñ|øÌŠN•ðâe¸»¡‘Öø^£W½¹˜¢a¦»Û
-¸k×Ïú%½�»©¹+ûyþq.OÑõhâíù��žã=>�xPR‹z¯ä›Íb“7êM|¶”¼5aýòúø¿²±ü	g÷ü´-Û‹”ÌUŒÿ7/8[ŽðŽÅáƒX&¯tSâõü~2ÒZß[äç~öÁÊ[5ƃõ&
ò£åp¶Zž{ù_u××Aþ
-å†%”_PI¬»•–(ø¶Ó.£@�/þ©jâ»Ñø>�JÅžà]í¦ÐhˆÙñxu½é?ÎåÊ]R/å|ÓŠù7^Y…x^¬%ÔÐ�²}¼íVç©8',e}±Š÷› —n¡o(ÕUÚ¬x³²_oœ 
-ü¸˜K—�Šq£özXú6ÛÀø4¼ù–-nÕôˆß3»Í‡sö5|î]7h–Ü\³�"‰Çß<¢GSÞ1�¢¢±‹öýò•~µåÍØûó …Îw*58/p‡è—7±aŒ¦QßÊ|%	ÿÄ4Q)|Àé+
d—{û°›mú­ÖoþìØޜ㎬Ïñ‚®…ìŸ�ñˆäÚøÎñ©óÀm¸Í‹ŠþšœZÝé¦чn­oV›ÊøX#u€Ue	fôÑ,=ölé:ÁŸPÍò׃I¤¼ÅÇò>!£ÀulèîƒÆØé|gžγÌz£ÍMw·=¨Þ¿>#ø>Ùà²û­Þð¡)ˆ`´ê	Ä~¨ß_÷;›�I)ƒÚéäí¿z{òË/îí
Ì—ü]£mñ‹Ÿ¡ïú%�¤ÿË“WÏŽ_Sy|Œa»è.ñ¿ÒóBû!ø˜Ò‡ÀA?äÇ~3‹¥"^“Û^¶cuYjßR'ŸkW¸t=ÃÛ.«ïô2ð#µBÔ”Ñø~
‘W�•Í÷°Å-] ‹~ÕéŽ`O0ÖmÝííàWòóg¦)JÆ^
o¿Ü€z"ÄžËë^ߊàˆHçAwÞßh_ßoØK=äøîbgJ8ãJ‰wÅz¥ì..pðoCqÎëþ#ž„E¸á•Œ¿_@ÕpøE)_Ý,w‹ëÐÊÄûyW\#>/»™ÉÿX7Ý;¨:ù‹þÝ}.¡P‹�“ë%îƒR ð•ó4„å�ë>>QÔŒ&w“ÀI;·�YöÏ­[;nh]sü�
-ü­‹“½ª®�4|ôˆïåî²bÔŸæÉ×>¸¸�ñýQƒ/&öµOüz);øZ©Äß1ª˜ÆÚñ”?_Pçž=ùÏ“ÿÿ5¤endstream
-endobj
-1372 0 obj<</Type/Page/Parent 1367 0 R/Contents 1373 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 96 0 R>>endobj
-1373 0 obj<</Filter/FlateDecode/Length 4622      >>stream
-x
Õ\MsǽëWlù�’ öä’¢H9aÊ¢d‘)]\•AP‚M`iŒ­Ÿ×=3Ýo
Ð&)QN’*[ogvº§§¿få_žYŽÿY[fÕ0›.žå9~±¼û»ü’
ë1þ¹ÈªñAÁuvöŒà"kòGp‘�Šƒ!�#¸ÈŠ¢8(‰d¶níýòJÆ`ÇõAÅc	/²2Ï{33[ŽF4–1ØѨ?–0ôP5
�evXŒ™Š2‚
-›RF*yBœ¼ê‘•,K(/
Tà#×–u64Ž t¯*2Ž ¼0—ÉXt_ˆÎºç—Ê^$ýáY˜Š�
¢äc<’DQà¢D.¬Ý8‚Iã‚(q\\º‘ŒMgƒ(il;3r–°˜Q+J2–1ئC1VmÆCü
ÀMœJæÁ(¨s*hW
4ëdxá¨ÒªæÔ(ðFn8:h3ç.2ì]NAè´!’1X¼Ä,a°Í¨?–0ضQl¹ŒÁŽËÞ‚CïUÙËX̯�éúÌŒÁëÞªãøê^úXÆ`›ª·ª þ¡ø’´ß
-\ý‘ƒÓƒ�#(J”“æ$c°Ãæé¬x䦮ô(©@ÞH«�ìAlx%»¦“È8‚x_!.ÃIƲֲÏ;ÒµÚÄŒeÓä\øÌŒeÓF½33áUÅWââ“â¸â#W`?‡YcdXH\IøÀÈ�G2Î8‚�³”ñN2Û´²VÊ,¼N¢±ð ˜
-¾_L®£@D+Ùt'ƒ…Íã¥6”1ض賄¡ÜRü‡�Õ%Õã\#�®![RâÂœdœ–D¬.1�-ageæ,c,i(ÇßYݶÃ"H¶m‰SOêA,¨”(ì$cÑ‘„0gå ÕM�‚õ o$ŸÐâô:Gp

ä…:‰Œ#ˆ9sqåNêûÊ:„û±Ì©@Æ	UÁÅØõ� Áxæ�Ó3ŸÆAºqœDÆDÄ/îãb™ù¡¾]2¥‰? –0XÄ.~)c°ð;�%(†P…ÏÌl#É(±„ÁŽ·XÂâÄl´�UÛªF�î´ÆÐDZ‚X0r
èIŸTU‹dŠ26L‹ƒf±¡RàÓFN\ö×È0±Ò¿J�Œ\h$c¬ÖŽõ8K,œ¶ÆYÂ`ᤠ^g	C½uÝcÂqºípV
-|Á‘lA¼²’ãçƒÕ(H,a,(—cã,c°po°Q{-c°’ßË,Ò�ÞX°$¸Û–ff¶�Óïïe,V8’]·U©Ó­Nå�«Ó
@”HªÐÐIÆ`›F–¤óÈPƢƶÏ5ŽÄ&l,c°Ø Kl;k³±Ah@ÜgX¿'rŒ	ú7’1ŒãCt–0رÄab	Ë‚Åc:Ë,ÒÀKXvVRWÄ�Ƕ(])pq"WRþ9ÉFql(c°pbØ;g	ƒ…ƒ€°Î;Rïã,a‹³%«'VlÛ\L"Žº¼Äi)ãA¼²–úÑIÆA˜‚YõÐiÞb$Å �
‚
™ƒª3_Pä ÖP�-pñJõp>�±,Wv†XÂ`‘ºŽˆ
R%W*ðE나ÆĤðK�ÒHƲ\q²Ä–劓%–0XÄvèÁg&¦Álµ‹%½¥&rÈùZxDyP8‚²\©×œd,Ëc"–0XìLÅ&f,Ö™ËΫ‡­Dfc‡-Y’º’ÄÉ––8çò¤�Œ1m.ÆYÆ`±@Ë,ÞÃcÃ’°Ar`Âø’"—`$c[’±qIqlð°¥³êa–KF@,a°ãB¶ÎÇ–P$Õ�³Œ%©*ll082?Œ
-DØà"²¿ÒHÆb…RÑ1ëÖ¢ÃYÆ"l.'Çff3CÎÂbïŒa1¡
-g	‹*$b9+™·«MµMŒ™·sšy§qšj;G0fÞÎiæ�ƹt�dí¡ˆ%R�˜%vØ@4–0´‹0Á,c°š(úXÆ`µÅA,á°o,Q8eáiÙ·²'/c°H¯Z3cZèeòšƒ…51«^´¡æV‹À<q!ãw’1Ô¨¿³aZd¦U%mz5ãw2ÄlvàdjŠ~
ÂóH°qŽ &E’ÔÉ,¼wÅ,a°0“½”1¶
‡…YÆ`i&Q c°Úò™ƒÅÑb�ÔÍJæoIp2¯zÝÄy‰�á$cV5b	ƒÕF
-±„Áj߃X¢
-‰)Î2UÈʉ%¾…×ÌX¬_zg>6¨¢ý‡ »WEä¢MÉâ Ñ„—:KXT!Ý'b	ƒE‰q|,aQ”¸EgƒkI;ka%~¨"‡s‡q
-T‡˜¾Fl$c°ðqØWg	ƒ…�«™%¥ÞXÂØÍ|fƲsâ*œUQÑ&·s®6A#ÓJ¶`Œ#ô_%¸ãŒ¸mg‰ìÒI0Š H.Ç×9‡à`Ý%qE'rN|œCpZò§æˆ¶µx(µFý³cdÂ14Š &Ô†ŽsÁi2àœCY¤ÙÎ98&Î!6
’VΔ
•gsJ”Ç/äõÏ"›ÆøÈhL7Æ‚¸¶^e¼Œ
B—;̆#‚~nbaåÜ�"U"
#(Ú�ÅÇ9„Tp!4N­W]ÖÒ?›•FF-ÎGxÜ>Z 2�"QÍRã‚‹5:çP–(Í8‚àÐ:§Ë/©¦¶åGFlŒ£´|£Âò㨰|çtù‰Óõ:ç0-߸°ü8®ÔèiÜËóg/¾CU“gçWZÙç¸FlëìüRoØñóôùùäâz–uWÙQ·ÜÌ–›õ·ç?abm!£ÒÀ°A)Þ}œÜlf+yFì&¹|žÕò†øÃí|ú³>„Ó:*ã¯G«n­Óãâ{XÕñ׳ۋål£ÃïÓ/Wݯëùòƒ�ªãó/äøŒ|ô»Ó¾ïV?Xu·7ú8®Wm‚;gþp;¿œÉãÈ&Ú2NpÏÿ•Cùâ;xÿ ¸
-³”P,¸¡”JÂ2ƒšŽçëéíz=ï–2�ùHÜó•OýXiÅ‘å¶ÿZ«Î�ù�š$Xw%áœ�‹*ʺùC¿aœâ›w³E·ÑßqëfŸ=\.»Ûåtö�Ì"ç¢N{}3YM³h�8«ˆ,aÌ“è"* D‹µ·‘ÕWÐ�Z©ªN¨2Íž}ZNU-8Ch&F…m«¥MÌ—VKÙÊ–Jdp}ÛŽÀmûžfñþäôL¦„Ïj«h_zÑ�˜/ÊÙ¶lúÍö¶wjælÒ§oÎU„cÛ³ÛxBPNÙqXt+Ý\¤IþàæãD=
²Ý¡’n¢�ùÌŸ?~«ïF˜k“g¼Yu›nÚ]
ïì/þŽ¨Môµ*©ë°N?½Ÿ//áre0Ú|~p“éÇùrä¯Å#v©É´ƒ
-ùVßl†Û*=Åñ–gaÞy‘ÌûÝlÝ]ßn¢ŸDÚƒkÉhùoV—!ÁÛZHxĆæ� àVØ„¶šÿÿNàŒ6•¢Þ÷“åë`¨YÛ<9ÏÉòR•É-šžª¡aó2ùÍ·“õú×n¥Ï"fŽÛ4í«åtõéƈOSL�sµ8qÕöÓÙdq1‘÷á&eø˜í¾[™U.óR””{<ÑSŠ’péÛ&q²Ü¬ºËÛ©/ÿ	]þÝKßÏ�hv÷„؉’'‹›nµ™,5Ñ©á1ì,Ÿ"êá‚ô#{xÑ݆¤ß—¤#z6›Þ®æ›Oº7¨‹“}ì_Úþ5J*ßäm‰v}s/‡—ÿ�¨“A0ÔmÃQ2Å=©ÁÙë—jÝ0K³î¾Å¢Ílæù…ÅêMW²�A!w[B†}¼�Ën9˜…c8ÓŠÏßFek
<œÜàe‘î¦3Ý[Þç‚(žÜÄõ¤ÛÉgÎc²Æ9Ýzqq#þE�fDmÞå¨[,¢‡‚בCÓÛÏ]íƒÆÑØ
£Å!“ÿ=9	nÑXápþé&Äd-£´{ìs¾\o&××s@�õ#¢àƒzÐÃUìw}tv<çkš­áó®j•¢ù¶ÝUoƼ!9•t¿ª!´	¹— ¨p¯ænCâ%Y„ecñ,#šèiÄ�@“Nc¦až7yäÓs]3zEþÌÛÕ|1Y©“Æý^�²³ãn1	Á7
³¥ì^u××!‹Áª*$�??U#
- ÀZ!¢Ò!GÄÙŽ«oW³Õì—ÛùzJ04tÊq:ïf“ËX}Ë'_5ÒìZR�nP¹g
-pÑÛ½œLµæÙRÊ¿w§û~‰ôóvÛ"$�ºoàšÌøö•Ðn¹ÈÕ¬fp[Ãæy½Ý·5ÉB’­?…F*íˆJt9˜¢A¾#ôjç{=¸­²Üèu¨=Ä´‘và=†ËóÕíZ³#D2Ïr§S´
Bi¥sNRîØÔÿìæËdà|è�®ç©†æ­e™ù�ûöƒ4�<�‡ÿþê­B�­_qõŽojq‚RávÊ=î©:cS‰Õ¹'¶}††ñåän3Dáq…ÅÇ;©Ã’óf9€úß]Ònˆ\›õ%ùqmÕÄtÿýÝ}²
-µ±þ5Ž­Þ�å¾Ëj÷™b°d�‹è·¦“þC–¶ìÓgÕX–:ÀM<oþNÏE’ÍhÚ\!¿]uèc/BþŒ¿=`IÞ¾³ÿjµêVú(j.kbïnÍÓü’Å'À}¿¸Ó9û´ÞÌ¢üu-óÕÙÛîz>�‡Ú
-_F{îºOV(æj~Æ,É
>�l{g­µèà3$ÞÙv;
-¼ÿ8	>1ÏzZ,[¯z�²�³kíë÷eÓÐ8‘ŽˆuŽNDyˆ8–é}˜mþ¦GAŽì�÷Š÷ÀëXcâš›¸fÝVÅ’=Q\Ínßî5®:U¾4rõÝÕÔÿöâõ+�
Çák$wuÈí·+k‘z·}�’ «¸ð]¬—›'(ÇV¡´þ«È€¯�¬óp:Û ö³üÜ˾ï>tK=òˆêù®PkM¾%̱¢‘9ï„®Ïîl¶IiR/7	—\Üß}×M)¡‚¼VÝ¢+NŠ;$=�h‹›Ùu’½�ªc¼cÔo^žœþûèÍéù»7ßl~Ó3¯
-¥ “…]õ~nv—Ç(7Öxhþ"–‚î§Ϩéîòþºhb‡Ó.P«`žÖ‰¸«¤�þða%íá4¨O.ƒRr|�²U
-¥`4¨FEéºû½jÚ»öt�·Kä·(¸¯CËù´9bW3‡6«Pv»L¾8Ümìm25¥l&ÕÀ5ú!| ñ¡×¶9þÁA¼~Œk¸m‰þ‡‹à(A¿F³s[„½™À/(uæW1í‘�)S&š2h<Úd*{glµô.HvoÈöeÔøNA‚‹&híŒò/�þ'Ïu#‹¸o²(³T?\x¿Ëò¹ì²‹×ø*ÑN™FV�|�n¦µ2q$LmW¸
”„Oá=ÚÎC=�àâ	襵²�—Zè�Z'+(ß\$Ï’„|Ì¿›JÖ4Ø®�Älvƒëû�³¥ŠÀׇs�ûø0Éãà¾Ý}{|¤CQi[±´œÍ.g—*2m�‘ãÁc¢àò
Õ…ˆuÛÇå(Þó¶¹{å¾ÐE¸J–Ê=] îXÅn*üá™R%ác�ÿ)�‡÷/ï¡�d[ß ÚVÈþã!›Ë9ÒNm°Ÿ!á/{Oi7µÚQØ~U¿<>R�È·NÍ×,4’ÙôïéDK÷õ#¨¨Õìè$~¹W\¦‹ê}çêî‹#)LUIøxh\<¦í}³Ñʃn†äKZq±éj讄,Öc)!ómæ„åÉÖáñYô+æ*É�Rs=[Ì!?G|+S:|?ë‘fûê@þ6
Ç T¢áë�tï!5®ÄR‰Á
—}& ÷«pï)_¦äÑEd7HDÓ51¾xȇéûŠÙãÙÅ<¸:©~š'²è2h�ë±7,R)÷g+áÝìò¡OòU”ðâ;|t>hÄù@é8ë· g‡¯_f(šM7Ùq7½] sn©…þ•'|ž7h¡F|
3ŸË)xuþì‡gÿ�g¶[endstream
-endobj
-1374 0 obj<</Type/Page/Parent 1367 0 R/Contents 1375 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 140 0 R>>endobj
-1375 0 obj<</Filter/FlateDecode/Length 4304      >>stream
-x
Í\Érǽó+ú(ö¾.¦EIÉ"dù:‰1Óð,¤ô÷~™U•ùz0I“eGXxóºª+³²r«–ÿû Èrü·Èº2«Úl¾z�ŸæøÅþç§È/Y[øßUV
§EWÙëWY“O8‚«¬oN+XÚœCwÚGp•yko—2[å“¡ŒÁ¶²æ°rKx••Åtl¥/ªLQÊÓ&kÈH‚«l¨DLãâ•¥Œw2LZ–§­MªÀ'�\Ÿ‹~Œ#(:¨D[F2)»ÓšØðÊ|À�IþÊÈõµhÇ8‚òÊ\^i$c°u-¯t–0ؾ˜°�¼§ZL¸Êºú	@D‹Ï8ÉX^ÚB‹ÎªœM_aò(g&gâºZfÕõ•±—öÒ9‚xaÙžvD2›`6,fæÓ(ðåD®W!�#(ÈEF#Ë+[Y­±á•øÑŒ«Qௌ¬iÈœ“óÜàäÈ~è
@†ŒçÙ9=Ïiœžgçô<'N°s!ƒžg'ƒ-‘_×&Ëa–ãq–0Î3Ì‘ÇíÙ‡×NäúNÆGP–+NÂIÆ`ƒÁÚPÆ`¡ýšÇÓ‡ýøXÂâœä9ËlÙɆÚØ *¼„Ûž5ra›Œ#(¢ÊøÆHÆ`k]®³„E˜
-þ’Æaĵ:«Ë­1õxr°å&®ÓvŽ ŠNçŠ(
´ç$c°•¸Sb	ƒ…»˜%v(§3”]ó™ƒEÈà™åÖ­x#y«Hª@íÞ!44È0ãb|d1Rç¬ä˜¤q
-dN¥Ô¬â©¯¥§>@ÓwG¯ÃÏMæƒÕhL,a°]7KXLº’ý´×2[w"¦³„Áö%‚§³j_Õ ~âôPsj_áý›	ÆáPhDÑø¸ÈÁE`NãŠ$;É,ŽMÏ,a°ê!h,aQ Ab	‹u•“™ƒmhÃÇjL®ºB
‘œ• Ž™ŠêœC,¨ìaµ>0L
-…˹³(ðI§³8çPtÐ ÈUF†Ik9ÐiR>iâtçbRÍ*#äИXHX©Ÿ4q:‹s1i+.¨22˜Oòd¬&¢@&%˜tj\Pq'Î	b$c‘£‘W:KX¤ûá,a°Ã€óGc	Ã@Ê vËXÌGÒ,b	ÛÀ{
Äí‹
-ÚUàÚ�\‘×òR#‹°âLj%Ñ`ÂÆ‚sIì|¬.©„³6ÓÀ–”¸°'ã¥ØÇ2#–°,I\§³á¥]ÈÄU¥iäŠR¢“Œ1-ÜsEl˜ÆgÆ[*ði#W #ʱwò¤�Œ1-γaÚ&äÓaµ
-|ÚÈØî"+�d,**'¬žŠ"hH’S€L«§"qpâ˜UÔW:ĤZV9É,2ↆ2«6�%,†"+s–1XlöÛÅ,T0K¬F%Kg‰å@33‹™:f	Kô–ã33^eu)õ–³ŒÁ"¤LfV#@¡¹˜n�ßžÈiòUGP¶§Ã7’1Xd,ØYg	ƒj±ng	C‰E)j2–1تž¼—1X8ÇÉXÂ`‘bó|fÂP1Ò˜”±ŒÁ X"Æ`µÜ¢±„±
•äˆÎ†cWTßJ~ì"=‘‘Œe$üûPÆ`Q)a×},a°Èd Ž³„eƒ$èKX6Hš>Î2�ˆóc33†¢àþyÍAÚyˆq£Tઈ\
«À’ŒdŒ£
a�%þ	úw–°«ÞYÂå„5–±¨B-±„ÁÂVa�>–°(JÝ�³„ÁBå“™	‹5ªm,c°].–l¬*¹Ðœ#*9Srâ
-jÛ�Ý’1…’£b–0X¸‡’YÂ`{	h43a‹ÖÄ2‹È„v¥­JË”Ÿ^�kxI\ˆRNJ9$†¤•zœ�qc9䜖CiŠÎ&N¢ês!k±$ÈXÔ'¹'±„EAÒ["–0T€&	¿–1XÈ4a	‹úÄûøÌŒ¡‡R|¢³ŒÁ"aà5ÕÃø¬Ì*¸ê#‡J†dAˆŠ&lÁHÆ¢&i‹K¬¶ˆ%,Š÷ï,c°�tx‰%,j’R‹XÂPzX±ŒEM»},c°(Ú D“7(ñÓjN	žáÄû�Lï4Ž v¤±©Æ¡#�`P0´o¤(8a°èIà8K,”’ž•]eæ�Íñ±„ÁbP¿³„¡`�¬Î2ŸÌï
JBJï‡\�[Zä‚iGÒ.Ta$c°ð_x¥±úJ¤"–éßöÂÈèŒq”ÞfTxY%usž9çãà®kâŠÒ¤ú³qêÉõ<GG®Ë5{�LHŒ"(B‹4N'DÍhu…þmFFz²¸�Ç„"ˆ	5s0N•�i¶­›#”nAL‘Ѽ—)ÂË‚C§ípã‚CüDS×8‡P#Ÿ´Ã㜺H8k³-ýÛ™"ï±/F”…äØ炃ÓD÷N¦W
‚Ã�aÎ!‰JÁ4Ž 84�˜s·Ì9„ï�2‰SÁµ…»dú·	™ ©Q“àΩàiœJêœÃ$¸s*x$5Ž ìœ¦¢"½,“ .Ývç‚Ãç!#LãŸ=xøLr±ìì�V'9îúº:;»Ð{Oü<ÿîlv~µÈÆ7Ù“q½[¬wÛ¿œýŠQ…Œ:‘¢ÃNJöÝ“ËÙõn±‘g$y�I.¾ËúSù	C|=[�Ïô!$Üuzh¦s#¥mÊ!>¨á„¥G=}-ÃPÙu駋q5[®u2<˜Wqäj±:yøA .=ª¡/±jé|caýiV&KXÛ“qu½¼ZÈ„5:ó¶:_3rƒ&>}úmÿÓ4²Ì“¾g‰êC‰^/vûkUGÞG9÷ºO¨—†"iíáb7ønsÞœÎÇõƒ|,OÛqßÂ6­Š§ž&æ›ÖŠød³˜ítϤªl£ˆ»Ký	ñ×ñ·9¶wMõ*ŠHÌæóq¿ÞÉá›&Úê=ÊlâÈZ¨´ló?ŽÛíçR‹¶_0ÞÅf3nôáf¬/£"îQ~U’§ÈyïÚý;[lUëÈ�ZÛ¦£Ö¹]lÞ‡3-×£e2Ú­Ù7Ü>ßPUðBîí曆Æàd»c2/×ouÿ�Ë$ßóa¹»”ßp&+;¨ÛÕùüj	×+rjSÒ½‰E/2	Õ)Ó‘ŒÞýè«q·H–øçð–$†þd¡XÖÃP‘�ÿa$ÂV~q${uVëN£½–ÜköÑP†4¨îcl<”æk㦗õqðDs
�ØöñýЬÿ9.×nÖÙ×2ü7ê½è©^�éOè;XðyÊ‘Ü=öÑCáÑ’y
ôtV´dÚ;÷}AA'ÒÄÁ
&µ”‡j9¾ØÙúB‹lÌ´òËr}1~Ðcƒàäqm«\æ ÔžE‹¥½—€Õ²Œ½‚�}#�úåò÷¸bßô¥®�Ò¼Oaww„,×:_ìbˆFë,Dï.gjH“H±]Ì÷›åN_†´¸éRôÿ«¼¾?šdr!|üM~FØwë•‚¦È» Ür÷òüùó`%ˆ¦‹®wËq=»’bûqÍ‹$cË·ûÍLxaQ¤çC”ëküÏœ¯-dA'rsžÏ×»Íx±Ÿ§å61éüÌ©ïëñV½Æ	ViÜVÈÀvE\¤”)fCÖÅ[Ù™ÎQNû±}ùZFŸ =ÍPéÐfëÅîøyN3òUóæý8P¸CÁ¯_W¹­–äöK¹5 £.÷ªƒ2¥Ô�Þ.Ö©œK¹Ì}íÝÇß$:iàI¦b?mb¼š­4¡Fn™©Júi±¯öfÇèIY®ŠN|Šã©š*
mEÛ½ëý&̉Èdnìçõò·‡/–ëýobÒl2¸Ò¨€…ªw�ÊFu”¸sº¡�°±UL¬µ¼·¡æG=ÿçØÛ(Z²7Övt²þ�là{/gq�t·~ÿ
²�­ÜBcˆ “Å‹òméÍ=%~·—Ž\ËR¸Ü!ª3˜,{½ÝÂmÍ/méÒëÿFZO—fíTãAß|üÕzìø£u—Ž@›UyûývÎ.wTÄÇöúF)+ÍbdइCç~14¤ø‚kõÅŽ¡
…j‰æÝÁ!BŽ6T-TýOvû(¸šM�¯ìÕb÷øù߸&ÍŽzÑ'³y˜Bêöþ¾,¡Õ
-J¹áb£EóI2¾xùý¯ÏTƉ—~ûƒ(óÍ÷ßrjîæç6fáè�J½ížÉ Ù±E’Áò•»Yì§ÌÚius‚7á†9FÿB=}¥[µЋq|zœr¡x_v‹dI˜#'4.q=�Ö˜ýò<Hƒßüp‘8¸Z¾¥<Qùj`jja_Ì}~?~�l›â¹ëùµlô['ñf¿ÖÚ ¤»ÔÒÊŽÅ—qjîîFͬ9ùºX\_�¡äžÀv'7º6Ü\Y³áØ‹0ƒd²ñq¸�¾Nµã­¢ì“€hùé²o觭ˆ.L5rLvJÁ4LŸŸ n­€G­'UɸÎævÌÍÎÃ'*9U¢ªPiQä©
-0‘¥¶¶ŽÌ›Q/Äz¬0ß.««Å6l>.ö,¦,S)Š\\çUÅ-¡.*±’益v	Ao8÷Ÿ·º^¸KÙg(øH¯êHø½‰I“k¶ÇÄz·œ{áŽÛVR„õ³áš¿Î�CW‰©ã:n*æfÔ{9{Ž·YŽïä�ÚÆoØ*¼Ëª›Q¯�PYXÁ¡ÖÃÊí¿/Óþ­OT|uqpðnq×é稹ª¸Q!Ìß0)\‡jK&|»cV|‹úÔÜ?¦–O7©_³©bf#M±[
-×5æ– öü
->o\«<Iè¤ÃoøÏNûéÔo+àë?ÞÏ	΂ú9?¿zþ1×I@þq±Y-qç’A÷p�—¡>–|,»ŠÑŸ‘Õ©ŠÏ8¿çÖOô.øÆ.ÍçÑ?âß‚p壯¦íATãË^,c�Ž�uÜßÿ?]ƒî°ï#™­BqØôù÷rñ!…v\“[ÇãX\�£oû6=ŒïêÍ
’®ñ�vlv^›®£‰y’��¶Çîy�øìÛ½Ærv5¾Õ·AßUýé�ô µº:è,Ë�Ž$0ï¡RÍS8‡²<�oJn•$Ø'b�ש2#·¤Ž»§íå,vªðé�u¢ºJ¸Xö2ÈâÔ¿š—¹Í¸Ž*cü°^l¶—KýÄ
%zÝÄþÕ½;£(žü»ˆSñråÏ/$PO/–›Å|7n4Ù­Ñ‚IW‡G…ï×ÇÚÅžV;LÎŒøFÐ|–
-g$bÖ
-qߚλy“ã/¼Ë_“0øW±&é.^�4
žN6‚³á›BUõÝoÅT3I¤‚Ss<,5Æ‹å›ß“ÆÖ¤Ì";~Þ¾À ñE{>­†¦KþrÔÅO0†iô:HcäÒf3óû)Äi+dìÆ…?Â8bPY¢ZÜh-…OÅüÒซ�Û7JrÃ�§ÐÕlûN½>:þ]ú¬àz¶ÁmÖŽ®\¾HkQ)ú5÷Ô—)æx¿…^ŽÙl·Û,Ïñ¡–¦bœì¬f××ÉV¡ôö–ñ“-©Ó^ÚÃgøÞ?~$ˆÿ‡—ºèð%$þ)	¾~ôòñ£ìÇÍø+¼nötœïW(ꬤC�zÚHº|�Ç—Ë¥,úïgþõàœÅàGendstream
-endobj
-1376 0 obj<</Type/Page/Parent 1367 0 R/Contents 1377 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 185 0 R>>endobj
-1377 0 obj<</Filter/FlateDecode/Length 3777      >>stream
-x
Í[M“Ç
½ëWÌ!§*KÏ÷Ç)µ–,[©HµÑ®K©JåÀåŽV´IΆä®ìŸ Àp(Ë*‰+ÛUß¼én�F£Ñ£ÿ=É’ÿgI“'E�,ÖOÒYŠ'úÇëèIR—þ\'E7ËX%—O\'U5«çà:ɲjÖ:Òc°e1jê1Ø:�•¾­Ãë$GÏ^$�ÁÅh\�Á6­êFêx]ó±T“%ÊYî¤*jêª 5a
-î—
õëà:éÒY^$ÎA¨šv³Â‘ƒE‡�ceÈ<‡íâ�lÈÀeYJÝ*I²GV€}••n!I©Ý2°n×–4kÊ9HSÊž¢¤Ç:¥ÆÊ”†~ó”'MYrÀª-Ì
�<쀑c�3ÎAX½ÒNØêÉêÌc
=[e˜SÇ:JÉxÆz6oGm=[W˜×Öa°m=’Êc¸_šÂøÖÖc°ìzŽ%ç¬êÎœS€Niä²,‡w:²¤†UÍ.†	†¸¨¡ƒ°’4T’ç¬ 7£¥‚Z1°9œL’rbΚYåÚ9ˆñŠ–Õ†ì´UÖ°“ðz`Ž"¤aÄÒ°iØãÂ"ªXÃÀeX ÇH2M‰åK«�m!€:QóËÖH�ÁÖŒdlÅÝ6
¯>é‡�u¸,k©¡’£Ûª A�u˜í ‹cŸömɧ#[R²¶"pM¾íÀÀ\–ÓB*•ô˜¬Ä"9Ö0©Cý»¶ƒåYp¬Ã¤Mœ±ƒ…#y©D¬qÚîÄþL�Àe9ùx©¤Ç	[5Öa°m:f&ujø¶kë0ÆJƒýµg�ÁV
©c¬Ã`Š8Žu˜bJ¯3VLQP‡ÑÌ�˲šDRÒc¨ƒ`T{Öa°u‹0çÚ:L¦ =ØX^æ%”nyH$^õ‘ƒãC"~‘8Ñ)¿'=‹•‚!µ©X!ËÜ‚d`Víª0½’£[¸5Öa°ý¾-Zt´Âƒéè ‘“`b¤Ç¤K]ë0Ø–’:Ç:Lƒ¶cE¤–6Î()pYZ"ÂJzŒAËÖa°
mýÖVm(pÄAØ �ƒ(é1Ù¡ÆôÆ:Lv =ÀXv²î¤N&€e'‹
iùM&)vˆ�”9qì`Ò.+É�Œ5ap›nÖ0p’JzE°v €±SàÈhB••A3IìEZ6hàÄ‘%=Æ e±ë0‰DnïX‡‰m°ø=k,’6¬ãŠÀ©¤Ø"08p²JzŒn‹ŒD2Öa°
åçŽu,–&ÎÚ:L¦Ðl¬Ç`Ëš¼EÛ²:y'é;«#@Õ‰\†¸\$Fz‘ò
-{‰c&e;ÌŽce3ÇŠH�¤þ")pA%=V‘Œ‘b[¸@Š­ˆF¡ŽÉE"F[ìÝ�cE¤º¶¥‘30‘—¥ä‡FzŒn‘YBSmê1XL£gePlër6hàÈ—jlºô&ëâ0ºåŒÛXé3 Ñ,g`Ý.È®¤Ç¤E3kÊæË
-<¹v΀zEÐ+pœ\ç`ȵ�ã\;¶#ÔX§.s@(Zq@@:A9×6’kÖº$]€6Œ\¯Æ¤Ð‹Á6¢Ó¼Á5Òc°p«Â³ƒí(ÙvmÆåÓš±ƒÅÞéÛ’ÕÉui“`3P«GŽÍlœƒ°zA]r'ÔÎAÈÊg#=&=iq¬Ãˆ(s0Öc°˜‡ë0éIÙ§kë0XLJåY‡aL¸—Êc°U7êYÜ
Û…h/‘ À~$f¢mÍ8iWȉC^d`n8ñ¿LIiˆc-kiÈÀNüO9ay¬†R/ÔÐc°ØÑ2Çò’§å«K^µä9’fç7¹[‡É(hËš ¥
-ÿV=Óæ�EC¤…¥­Œc
Z—þòo•?0ä�e¢”ƒbÏÁD
’§–P[Û9®L!¿r,2Í‘ø·
-˜a
-µ.zM̨‚pÓ8ƒà`׎ƒ!tàß:X`(üS}$º‚AtØqÙC9ƒ¢ªF‘ãÁ�ª�ðo,02ûJ9ˆÁrÚŒ3�',êž-bÂ;Ê„�8¡Ð™$´c!!ÉåØsù·
-˜òé5LviE‡xd*‘ûîêɷϱ¯¤ÉÕ[‰<´Jê¦L®n¸þŒÇ‹o®æ׫>Þ&O‡Í¾ßìw½ú­�2juš�åÔ웧ïæwû~KïPDFèäæXgFÏpJ�OÐÝÛåíýv¹¹%EÇðöÅùKzFÛLׄgoî=س›ån¿]^ßïûzÊ5ÚžòˆÐµŒc. ÿv¾ZýFN=¹ö¾žoæ·ÒUÞ…Qç÷ûwh´\Ì÷ËaCÍ�PtЕ՚ýÞmJ¯ûÑX,U`Ú+ŒvØ&ÉØ(y»œ¯¯çÔ„º‹OçVûI]„q“h ë1]—å÷äü|N4=뺑r2ãªÜ³ƒ¹ÂI+NËùÔÈõã+Õfdú³!’ùi*ÆÓ�_n£wFo67)geCW;äýKöþŠ´
�vëëÙK€ÆDaªhmÛ\üRW0ûhÌë÷Ö°ØÁ­á‡Ý>¬_¬vl‚rìĈÿq‚_.Ûa7¼åY¶³ªŽÌ¡WÀ¦ºöž/W=‰Š h¦¼üm·ï×ôpQÅ~öÛ^ÞÅn �Ë‚ÅöVÔÁŸ[b8Œ„öé -Ä„º´sl-dB]ÛÅáÚ~±A¨º_PáZ™ÿúø_¾…ht†Dsäû¤†)J…£±_
ûž•È¿Â2ý�îmyàÖT#!e>êÖ%/oçÖØ”¢_ÓækÞsw7lÅ‹Ñyv‰‰túçmuàˆYŠ
-“wD”úÆÑë¶ÀáF<‘Ç%tza?:‚hsÖ4n!a“Ë?�´ØOƒg~t„¿@v=ZE¤Ãt=ÝöØ-$ûÁžc›ûîÈÿþò_šœÔýN,ü‘îƒ>Hã�
-Ñ‹§Å‡…Ë~õÁ�¿&Iɳíò¡ßrÀÀ½CSÄÜ*ftÈ·šŸ¿ÿi±-…×dìÕ�¸ó‘úsµ
Yþ•Š?”ýo¤²\½X:À 
-ÿš°­æÛ[Ù �£ª6÷ëë�,ûÍlà¬éB—ÅŒ˜]"ªÂÇ"'Ìú¢p ;&¸žšÌûùÍMœ1öÉy^õïÉŒ8åVYLz&±ÓéaÉCÎ4ïEâMŒž½Ynn†÷ìJHßÍ<¯®øUœjÕbçox|, 4äaŸémKâ SøE51‰¥Íäi­ðï^`Ÿ‘=‰d{ÒÙ>4KÛ±žTã<˜ýƒDø*Ì
-#qI^¬ÙUeŠP ÓlîjV»ž÷ND‡:ûš©CÇG³3.±ZΆ<ñH˜~ónÎB#�°0µdý�`hRÅÿNƃsE8š÷Ô8(—!~ìBØ('žúÁ](¬UÒft•hÎ�Q‘Šqûb¾øh™vlÙ‰�3QIÜ*O”œ†éOrÔ]¿ÅvE
-â{=9œzÖFýGípï6ÎåP2œÌàQåpÚ@�CO£î´‘<]-QÑ`ýÚYk#£ñO	¢ntÅQÑÌÕæ·›a'+
÷vE'Üñ>UãNŠn*µ˜fz“”›OY_W› îÝåŸÆˆgýõýímØãñ]‹¥5!-	A"Õ4în; j¸–p€8ôH¥ŽK(Iâ›Cµ¦Qáhd±ä£
-ÃÍ@Zâ€1yAPôÕ”ãÝü¡çð�+vÏGô×® YP»Ê&Ó9
ÊÓïï5dc,æüœ¾öÓr鱚$¿L=PÊg<‘h*æÄ)è„Û~´ÁAÚŽ‚÷$dþc¸fUq©åÝìÿÄÏóX¹ÛLf}¸ßßIi³}áSÃÇg¾ß•$èY†]Ö§/¸ŒúUQŸšoä�‚S§%íNa”¾7�EMñeüXÓf¢éë¹8ð
ˆ®È(/Ûåïw¸ÚTùYè\ZG~£7Ÿ93¸yÇ•èÄÕ‹±níD·ó›‡ùfî'p—TÆJë…+U!\•écFS6j3qÈn¢Êë~¾âeæçéÆï0˜&M«mˆÇû%ÊŒ®¸pâÆ~òÑJ¢DWI¼ì¸áÚË}*‰zLZõýŠ£"�+Nœ,ÿAÓu5Í‹»°j[·èP/ç¹Ôm’Õüy4Ñd\HDJ0–ÿå°•ŠŒ?Ø-†õݪß3�kËhnúÇ‘p8Ê‚ŽÔkvnâ©2¤™‘›x]àU§HãLÚ²‘�»¯ìÎ}Ú,ß.%êŒÊ[ÿnÃ5bŽ…Ôë~ÿ¾ï7äEHDðu”(—øª
ù:n®¡jãwá�XЕOÜi’Ÿ^½ø7õ‰Â›- û]ÈGqIÜfn¤k”ˆX|L€TàÍÛq�Ç­�_™ŒR|”¨Æ~t~M;ç‚w$I§™Ñ?¸„�¼&�á~ÝgÄ8�Œµø3¯f©»�®P.Ë4™‡ã©;p5„½!¹ØK,hv*woyÄz'}¦fR©!妧È+*!‹—¹ÂËO»p—ÏÒ¯¾�t¡rxx	…Äd<[?’«ávJK䘬7Ãö™),ÿxwÒiù@çªÜÁ÷
¤Üt¶ÆWÞªçë~�ûSö=O-�Ã)‘àÝËž„Èr¼§¨äHªðåjÙÇuŒ*⌃E¼…ów¯ækÙ?ñÙ�Vø/Q<[.D;×sù~¹_¼c¥q§P†k�ãR|ù§Y*_þPõP³iaàb…r}öÄûˆ•ž’#ªà¤¯3û÷ª«PÅ?÷<¡³ªBGfjzàGŒ�z¦¿‹9v„ÿa;H`´Õ¾xFv Ï(4}=_­û$
-¥¼ºw<_~òb�¸Ú&9Î2ú‚üp§gü×ýî~%áÒŽäé|ñ.ÞVáµ8wq�Çû;¨óís|TÊ߇á{°¶À÷�üU>>ù<ùÝ9íU?÷‹}òlXܯQ·Õ’nA÷ƒ”™4iG-È:ß_=ùדÿ�;	âendstream
-endobj
-1378 0 obj<</Type/Page/Parent 1367 0 R/Contents 1379 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 228 0 R>>endobj
-1379 0 obj<</Filter/FlateDecode/Length 3497      >>stream
-x
Í[[—ÓF~çWè-ìõîz侜Â›¼�”Ø–ã—ýõûUuwUÉ6™YxHÎ
—>uwUuݺZü}Ï%)þwI�%y•Ì÷ÒIŠ'òÇ›çô$©Š.’¼�¸@Ì“‹{†\$e9©fÈEÒæ“Ì`†\$.OG ¥�ÖnR˜¡–^$™kFc-
4¯Æ¨¡�–Õ¤63[hSOJ‹zpåˆ+K-ÛÑÌX*ÌËI–�¤BCBX—Nòð&�DCoa¤ËšIkQCc,”
-Eñ»<qAëd6e‘4ÍÃa†ÄÀ‚5,`ÉÓ³Å�LèÀ€¹¢!k�–-é<ô„Œ˜ËȦ´4ø)s(Á †Z“DŠ²nË&Ç„A·ž`�ª#æœÃ†*èV­nJÉ„mB›(ȼ¤ìà%4ŽýÁ“ÁcˆXK*WÌ��0ψm™ÔÒ@«¶¥¨ƒ](ÊÏ„Š°¶%­
-æǹÚè�	0ç
-Ò›€~`š½1¡‡�‚RÀtÁ�€–¦=®HãŠhÓ`mƒš|¾�µ4к…uêX¦hSvvEOˆ0ƒs5‰b†Ce†I´4	CælPCmkX‚A

v]ε4‰ZÃ%Ã,`ä~l‰ž YS16Ì8Ž-Q1C‚WG΢ ¥½JƒzÕ–N
¬`BU06LÅü8ˆ&Á²`BÇÛ­ÆÒÃÇÅ-&Tú€yq3dHS:ŽÓ”'!"+´--�½HÚGA-
´¨È54ö*-IA-
ž7B

4§¨fÆ([ƒA
½À(¶[]—ÒTÞ’ZC(ñ„h>bâãË›RwÚ:.`YÓ%
-ú�Hð²Õ9:0`.eÖ´4íù�µ4PøŠë…¯S^d—Ï™ÐEÖR=£˜!1)‚"&•�–¦%)GÔÐ@‘¬Z‹š)%ÉÌ–šQ@0¨¡ÉÌR„Ž54m·¢^2QL¨"æ3@. ¥!NAöiPCE--jh–ƒŽå
-"Gþ“
-ÂÄ×,sh˜–ß$ÐÒ~ZhIP?-¢Õ~&tÚ€¹"…-æZš¶5§Eõ
-„óªù2¡
-˜K3¸?¹u“0·†Æ´¨†`Š(ªT؃¢††¤ð((PPf)k}Ñ;HOKã4£˜!±¤#oSÐÒ@Y�Šú%‘WÅŒ(É,¨ç `
m™b†$P±  ¥�Ö)B¯A
MQp5¨¡¡!ð`Çzv+_¤zþ˜P
i©M2Á)ì
-Ø
#]EV­C-MÂT¤kh†‹A
MÂ�!)ê…A}L†]‘ufL�0†Ä´($ �€”,³¬âȵ�'hœ!C© 'Ë8Ž¬º³Ð@KcEðVy
F
MJ DmPC“ÿR�«¨¥�¢vl,jh S£±†
-˱ëzB9j¼LÇÞ8æSÕ_Þ²ý@ÄjÉ•¨3cõ
k2¸¯b†¤]aG“�–
-Ÿ¯Šš4HéIQŽqŽ‹ìã<A’°
EÌñ‘YAKcZ”Ï9¬�ÜÑo›Ò´hÕ+êEX¤èWaB
XXD@KË¢Šz&âXÔ‰XTP²]J:Rèy‚ÖdÛ�«b†¯‹3$qCò(hi 
en2_åúå™Pnæ—Ì�(;)ë8Á‰õ¼Ž´4qCõ€e³t©)ž=Aì°=GŒ6kò›Ì+Yb[p@àù·§	E¨QÐøŠ›7ŸÓ¥H�är±8•¯1ù5þ-ƒâPä¢ûB¯dHÒ§`<!Ô)¹�Ë„
q8LâK¯ñ„JbB8…‚)	qÚLI`PN¸2NI
-a%®`††ŽÃoÇ{†ŒTü›¸ä�Œ‚Nx‹¥ˆ}ª+ò‘É”·�ò
Í#°Ä–ˆ(…é d =º¼÷àRGš\^Cõ¨¡°/u‘\^q—�g÷/§ïæ]2\'�‡å¶[n7ÿºü£àaŽF�…ag
»ÿøÃtµíÖô9æÃ$W÷¡ê	=Ã_ñÉÛeÝwWü&졩Û/‡÷Ã’�°m“…Çïºí§®[ÒëÐF–·áùïýòjøÄïãÜUWÔó¤½äõP%eñÕé’WCVÈ´o}ñ³/-#k»M¿|OOa,�‹Ã±Ò;,FÏ<+¢øTš %=�f±2‰È²f‘õËÍv:ŸO·ýÀüSG!.x‚ÃVyX‡¢¯û÷»µ@¶oªÊ£“üçRGRB$”WåžhŽ…£VS”áÅr»®v3‘õWÀNÀì±%¢(÷ÙÏØÓý½ë×Ý"Ú6
-<ÍVtlîþ¥k¿Íö4Ÿ°~Ùm¶ÁT©�7äòzB{*m‚]�ï¶41¢oQÛüᘢ\T…ìY•â0/ûE¿eëg!Œ¿˜éîè§K[Þ�¥üضjÞ^<›#’øü1n–EÓ›d°Aœî" *úã^HÆ_O7›«w4Y „ßW_.~{IOq變h˜«ùî}¿ä—)‡Èj8;ÅOÜxé%†;ˆm÷²žø '{ùh×ϯ‚£Qö¹Ëðp ¢ ϲÄÈ"Q÷X$ç• HLwžúA ®MÀ«'>Üɼ•¤Œ2Erúj>íQ–|æÈf¶&YÁ.?
ë+_4“²	4¸:Ac´uyˆŒÝr¶þ‚º…“;Ê—E$N朣 ùž6ëœ�ô±ÖÏã}{Þm�Eùå°<›
óÝ‚
-õ_QÆ
-âjº�Çt°¹¯×„à ùöCGÏàÐùÆ—N[ªøøM\„7„QùM¢K]Ê
7Æ¡†UtsúãG!T¼…춉BHõY¨„€7̉Æ
©ÙT“Ô‰°‘w°c[øÉ#Ës‰pÒKñv3}ï-ŒN‚wWjßÙ9ãàŠã6FÙîåÅvXÇúÌžq.¦‹wÓ_|hBŸMO#›nýàÕt†ú�Õƒsp-'�‡³Ù°[Æ@§§•~y=¬rX@ hëx
-òÉ–bŽgÞ»§Kvxt~â‘"yùäákzˆžz%Qà	jâøÿBõÙê
-}¸6Ø3åçH
j8ŽMàõn½6,¥)]�oÈéŸqÎÐ�•ª¸`‹qpöùYÌ9J0Jª8ªŽÙ¿Ø­VÃ:&¾ÚXŽØZ@bNÝúc·f»EMN§ÜDH24XÖÞ)×{²Í>tNƒ¸BÔôìÄý¦ó§ó͇~E³Ã‡Ô;¶=‚‰¼É±¬ùæÙczwv’†³<­ù³êÝFß6®\Áçb6þf=F¥d{ƺ׈ˆ�…X¢ê•BŠC1;
-Ÿúí–WrŽ<fßÌúm¢}NŒœ¡9;
-+¸tæm·
‰óU·ŒL¢—µ±·4;è¬ÀºËPëÝ–“o~ïë"6%nµUn±¢o~3Wß0P9ôÁ½“|0tŸépb–�8æ…Ï×Ãnåƒv5:E²˜.Q-P{†®Y5'²èJ{{«÷z`øúo/Ît³ÝºßržDÏSëÌc2n(ó[÷GbMOe€a«q=\‰{F6Iû²ZÎ\щð݉&�ͪ›õӹߨQdÝn×ý»Ý¶óÛ�Ë)&P¡Ð’TÝÊyĪ‚Gàë�³µQà�n+­¯×DÚ§Ÿ§‹•?ùPÃ=ž�Q½xFÜ£¬‡¤§hzö^R¤B=J“”“P­q>±¢Ó̸xÈŒà3.ÞëŒ?ô³Â£ã„
-Þ„ÿBš ø$øNv«ØƒO(ˆQsJD�~óm~fŽˆÿ>ÿýòœž�.
-àŒÝÆ3ö1�‡`͇ˆEÒÀÚ»õÌ­è¶H4›
Wþ8c�Ö{Þw0ÐHê|üŸV:.×ÚЖ½•nñî	½š¤­•Á0mA�ìá?oõê…9³Õ+Øß+¾U›ºC_ÙÎ#E;ádXóM5}â.ßBÙßë•°igôµ¥9÷³¨‡uÍWdSCÓðÕ|ê¸-‹PÖ¦'¼<òªÁðå¹íJ²d‡åÎÿ!Ùì#;+n1ðõÔ�õÄÛ¤Gàð%Ã-šhÉí…%.{èå9¦/¦«Uì8ã¬.·�Ä—ÊS_ã 1Jœž94nlÒaë÷D=TWÝš;KY©��Å;«~³Ùù,‹ì[㲜´Yä²ý®‚Ä8¦â ŸGcâ@]M×ý&\bWéO’Hƒ,gøHÉF¸ç˜ÿóÕ|˜ýå"Úæ§Uø
q5ÊPÊp-ÏѪøØwŸÈ±k?Á¥Md_wíoÁaH|Ù}ìæ|?€¸ ¥†ÝôÊO}vÐ
ŠÂ8ú†m_œÃ«êó9_® ÏÅ�H~¹žþåË&äæpðö÷GDô2ËØËVñœõå{ˆäŒ^¤÷bƒóª[¡s9
M­ßpUß¹Ôb%àËZùlt¨@ÈÛï°Á™:>¹Ž+^ïewÔIÓ­¿¢DM£§$´×V{ÓMýg4%¾{‰G‡Mÿ_ÞIúŽåʨQäA�éÁ3|Çß+Uø2«Á?Ããï–ñ¹ÎÅÃW�&¯×ßèv'O†ÙŽÎ@ÒMÏqn*ZN5nþðúGÚó§—÷~»÷?
ðô0endstream
-endobj
-1380 0 obj<</Type/Page/Parent 1367 0 R/Contents 1381 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 270 0 R>>endobj
-1381 0 obj<</Filter/FlateDecode/Length 3564      >>stream
-x
Õ[MsÇ
½ëWÌÍRU¸šï�SJ¢b›U–͈t˜ƒ.£Ý¡8öîÌfv)9ÿ>@7³\ÆrÅ»ÊÖ›·�iÝ=ú׳$ŠñoUi”•Ñró,^Äx¢ÿy÷=‰Ê¼Á7QÖ,ÖÑÅ37QQ,Jø‰šxQÎÀM”¹¾�„Z¶Îfb³’~œ�‡WÖ
-h¤�›¨Ž�û!qBhœÑ|X
-ëÁBÓoòB¡ŽkªE•ÊÉdâý8aœãjšo©œ�˜LR-2C²Ð¢)©*@…z®ªE8ICR&�"¶$/²�
-A¨ãêœÆ)g 	­áþ@ŠÐ²a_”͆
	5¾¨á‹À¨Bu -Jö…Ha„:®I`¶B9ɦ1ÍFIšgì(Ê uœLM9!RÒ¨PR„f1;J„2B—Ä9ÙMI‹!6/0­ÀŠX,
-r•ˆeÄ:N&§œ�Š5ZG…’"”—½Ê uœHQÎ@
-(ÉBslfÚ6<S
*ÔsMýg 	¥íHZÑFóB¡Ž«¸8WÎ@MÊEeHŠay‘°I“B
É4pƒ0HÃø‡Äñ0Ì�ôãX—3 Ê@l(
-}�3SÁ®‡òa Åš<IBÌ@ByczvÅ\ø‡üB—5utœçêïœ�4™;1�lìáH€ ÔqXÈÂdª„w>Ï:cÆ9®É¡gà$ÏÓ~¤Å`ñÊ°䋌·Šó…ž
YØslüÀèÒPà8
ùq	,
ù
$ÔbÌþöïgÖ`°e	K˜±ƒmÒD%‹Ñ³Ôx’A0žã’¸¢))i1Ä"A¬²"6‘D->aÄ:©0‹2å„PNè©$çæ,–t‹d€é0 ¡b rœ©¤Å`ÓrÎ:À|a¬Á`±Å+˼‰RD#8_ÇZ1ºÖ`°H:V²Å`QJ;Ö`,Aø†RɃÍ(âÖ`°y:³†Å`as;g‹Á–	íàð^ƒÁÖ¼kð&Ê‘‡¬¾ƒÅ¬ì{Ùõi#EûZ€ºÞsâê@Zì]oXv½ŽeWÖ`ïzòëýXqu`-ö®7,»^Çf],0Æ´‹k0Œ3Ö†µ,§ù0Öb°(¤s;Ö`°e
çš±ƒ…ö³÷±5³c
&×73É“ë«™5Äõ•ÔµâzÁõŽ£BfTÒbr=e
Ã6§\dXƒÉõ
k0S°¬Å`S6”ÎÊbrn6k0ت˜id1Œœ°‘U²Å`‘äáÜÀF†ƒk0X,1«‘Å`9¡˜±ƒEU`-)îÃOè!îcÜç8·S•´˜ÜG•DXƒÅ¹p½ayyÉ9…ÃLÎ¥|iXƒÉ¹”nk1¹/¥½©ïµ,Ž
pA`
†¡8hÖb°ˆ=p�Žµ˜\PÏ4âtKkIK'
ddξž££¼Ã¿$Òb˜"a³Ö`1V…²âYÔtúÏ2žuœ1R%-†XÄ(x6°ƒEÔ�ýk0XXS
-¬Á°?ÊiØPY‹Á"YaÍ(+ê !P�-ê0ê8.�X,'%-&u¨B0¬Á`±³°$ÂXƒÁ¢>Æ„k0&ÌÏk1©C§ÌÀŠ:‰œ2EAÇ%•©’Ó„k²`
ÆK¹à	¬Å`±Ï ŽŽ•)ÅrF•)1SrœÛúJZŒ)!MaÂ�5¬¸5°cJ()±Ø”å�“Ôr¾å�"€¦d ÄòÆ	¤Å`QRUpÉ¡¡"¶¢ÆŽëp$‚XÇ91JZ±ÈXƒISr®a
‹É–5lCÛ*Œ¥B;A s.vDâë ;\ÊY:kúqtžóRˆ´oD@³¬˜vÓÎ1eó‰åGÛóQR¦r~–_2¶uTÄä”3³Á™³QR„""‡1B‡c&£œ�$”Âg Y(*mäñŸU¤c0¯8R& Èã3©R,u¿ö÷øÏ*Î1\•2�&HÝ�À(/K‡w;±%6\€à0ã:p<Id'õ*ÿY'éè„Ö%ýŠ˜×—Ï^~‹¬G—×!ã"*«<º\qó�—Ï/Ûë.¯£ÓqØwÃ~÷âòŒ‚¹uB�ÃNRöüô¦Ý~C«„¬ž#<.èœïŸ\´›-ÿ«,÷O·Ýt=N›vXvÄac¥iídô»Ýmç^�íç^�æVSÕ˜ÕsxÞTð»ÒÔ�{ÛþF²@4Iæžý¶é÷ü«¹®äáâ)üƒ32Íë¤,g*•s•~—¿öÃGú%aØÈOaú˜ƒj@iѺ¥šëpqÓNìdŠ­�óA´WâãG•Â¹ë±5ó*¡j¯æ:Õs�~Ù'i¼È+ºT¡¥¿î>uk^k8%¥ÍÓ_kÍ\§«~%nÂÞ­J¯T?87aWaë?•ˆÄÍÛ�ǹ£P~°(7‹_Þu튡V-üéýLÏ�OJ“{ññ–ºO«äP««©ßßÝUA­'³§(P8­P}8K²ƒ÷ËQgm§nÕ/÷ý8�ÏÐ8Ð<òh>ó:5Í,ô!9¬¾·ÝfœþÍóÆÍIævP´i·[Ø‘?·ßG¯wœ<”*t±yë¤ØNH^²ÇN×½/èX]?‰@�†Ùý÷‡ëÎUaÝÕ
-Q¾¸ù¿PÊÕA)ñ
-/Hè|œ‹ö·ƒ_z¸¨÷!ñq–ž{«ºj^à¡æ;ÜN¼•¶cŸa£wÝîv-å*aR—�U¼<Iš»­ ©­�í….×Ðgÿ`íÐdl´ˆxµÝvêÿM’.n´«ê)Uƨè*ñîB¶JÝ{0�Èhçã´o?ôë~Ï>Å5lݸ4`^óXD“Fܧ'�ƒR§7YœþøñýùÏÿ¤!t#ðtôpös꜠�:‹…8L͵¸8ý‰”@/[“lôóÐû“UéOz�åû^¯ι³r=[¸4ì]óæÇ3vM(4¬˜Gþ³×M6›{Ñzš{æ]·ú¾åÃ,Z¡’ý¡nÅ;8Ÿ› ¸ù0µÃjrvFþÄ
»öÙúëè‹v”l ÐA@ƒŒŸ�÷†
-QÜ„Šã=¨ÇK‡°Ú{zÜßHWbvØ<=ûö‚ŠöSìÛKS³ çã[o�$ËÄ2Z’ò`[b÷Í�ÿ¶]öÃ~ÜÝÐH¬”¤ñ;5þJõ†
-§ßÃëqì
N·“;¥$2ó\£Ÿ.x} [“©KLÁR�½ç+?ójájÆîQRJe‚~ô½+�áD­÷—í@¢Â%ñP6fXyÑr®û�·Ò-Ak¿‰½“ºx)Ö²E÷U;mI(–zRû.ºwC·”0�›¿ª£‘{uøê%ôƾ\hN¯A3ÑŸÒZ.Šg¸ÅW™Ž¬K??]®èú±!pïªMÞÞ²€ñ8¿³€½õ³—œ‡ö—eõdìÏ[Û˜êýóa”¤í9/½ñ2¾ªS”:ê\Âñ/ñ¥Ž:
D²%C«õˆ�ÓçK×
µ_´~�aÓ‹N2ÜýÍò,-É´Öü¯dýÒT3W»F•¥[�k}Ú¾šãÀm»&´„Ñ.YîóMÇÛ
-%¬¦£|ÿܽñ&Õ&ä§nÚ¡«ðþé‡khOö²ÂÑ•÷]ãèv×I¾±ýå/ß	¼¾1ûü÷(jp|£sg½Kr´?oV#¯�Œ&Gô;ÑæcÇëK#$“í„,ãÚú¸MÒºšzØŠD’ý5‚­ÆÏÃz”öµeüʉ>�“ö­m:¶øŽúk–ÕðM8:ÿ_ÞzTûe±éÎàªtž�®ú

-°£)Øj¨<6É+(ôqo·üs|fã^âËgä·Òÿö¯W‚½5ƒþ0b—ÅÏ;Þqø­žñ£u»ïvŽðí‘ž:/OÏ_ž�ó&Àµô¹d·o—¿²Óí^¼žÆ
?´ùím¿œÆÝxͲé›é‡è{ýSú²íÐwóÀ›nÝI�ð¹�¯‹ígéÒûÜzݯ]‹×ôš§Úk·è:Ióð¶Ýí°¶9`Í„H²¼i‡�lo´Špþç¯�$+Èê'G•¿…‘aL-�o‘|Ÿ'ºº¾b÷Ùªá^½ Öjí»E(;Ë»CóúÑ—ÀAÏ…ìê>meyÓAUÃŽ�mŽœécßxMÏ꯱lÜLÅ_åJµÄ'Z÷î‹Nß4ÅËošš]Ø,²ìÁò¥±Ê«D‡e¾)îgïÓ‹p+	®ÔluÑMŸz¹ÆßÛ	%ù�HÖí\ãz¸üzmgüíò€íîášêÿîáVŒb
-²wÝ�0·Ç
-T‰šˆ^ß~äåI_)øî—zå
~‡¯Dg=·â¯vX�ã‚žaφý4®nõêÆÇ ˜ÜéT9©*S àš`>ýﺡ›ZÎøƬ(}8é‡k.¯pý›Ôîá{ÿŸÿkÕèàê™{®Ô›îí|P`<¾¼–ņ�zðiÈ×®mŽZä~¥‚%Z7
ÎUøÐØ'ûnšÆIÔBtz€¬|tÚÿõa’qì¾s+…è1wÔ«=ʯfÕõ^Š{µsrçø=Ýz˃h©·�Æe·c“ °æ_ñ˯8}H4�½œ·ûå�”dûŸÈóNuj¼ü_÷ñ§IÈäY†¿ÒÉß¹âC�‹Wo_¿ŠÎ§ñôa¢7ãòvƒ»ÑÖ__gT†PõZÅ
}7ò©§ ú·Ëgö
Rendstream
-endobj
-1382 0 obj<</Type/Page/Parent 1367 0 R/Contents 1383 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 287 0 R>>endobj
-1383 0 obj<</Filter/FlateDecode/Length 903       >>stream
-x
ÕXËnÛ0¼û+xLVøÅS‘GSôP müŽã$,+õ#@ÿ¾»KjIÇ@íÜ:	``8ÜÑ—ZQú9PB¿^S‹I;�•„þùñGDmü¶Â„J%0·ƒ¶Â¹ª.¸¶B)Y…‚,1°ÆU¾dl�׎àEKÜ
--Õkj„ Ð@º®a€‘Ä”z¡™ä…µ} �˜8¥šJ‹šÉxE*Ë�r`â‹Ùd¡5ˆµ8�Æ2•/ÎD²Äèc;Ô‘lc@¼—%�e—d˜,1Ë2e¡¸®1=Y6qI†É³,³QÖÕ´êQ–@–M\’a²Ä,Ël”µ†je	dÙÄ%&K̲ÌFY#‹’Ȳ‰K2L–˜e™�²Ê%#�e—d˜,1Ë2e¥)JF Ë&.É0Yb–e–dm�¹d°lÏE™L–¸—Íl”õ>–÷™%@²b ‚9™,1°ÚAu2ek¼G`ß’�,›¸$Ãd‰Y–Yºé­ÃÞ“ºE(Km¦ç<vÌÌ0:
›¤‚�xÉ©‡‚½
Îo4<1zš¢µ·btOý†'g£ñÝ|*ºqÕ-ÖÓÅzõaôQ
£†)l¨1ììêiü²ž.qvrБû3¡ë
-ÇT]õ#׳ñã¢[Í�H@k7*¤É¿º
)h[ù~újÜÞ�IÖTF6iæjº|MWÓ•Ti¸:öŸ2
S9¿±¼
-µƒ¥0°%À-˜UdWë”ç—ÅzÙÝo&ëY·ˆv#qìD÷ê''Cï·Ò×Ûé_¬V›ö“§ê;ÏuÙ{�#Oàü¦TVÀl[MWqë›êȹý•|oD7»FâfÂÞÞß
è÷‘VUúM¦p:¾ûW·Á>ƒ½'ÞT&n¯½†ôɲSm¯!ónYº{ö²§gˆî‚Ý
-¹Ã¹wc(>P÷V¨~7†üaò§gˆúÔî–k3Ô¼Cá0Ct6:©ç�¥Æ»[!ø„€‹�ßþüd¥¶¯tåNâÙª’/ß<Wá°˜j’'ç§i¶üÄgŸ¡o׳ùíÁ¡G†þ
àiüš^!|gá³·7ðÞ²úˆ
VW¶þ_îT¬ó›&½+À²7Æí<¾+Ü^|½¼ß–Ýót²×ÝdÓÂKÖ¸Q0ðmÇÁì¡—
§¿ÎfèèÓhð}ð‘åtendstream
-endobj
-1384 0 obj<</Type/Page/Parent 1367 0 R/Contents 1385 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1385 0 obj<</Filter/FlateDecode/Length 159       >>stream
+1375 0 obj<</Type/Page/Parent 1372 0 R/Contents 1376 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 58 0 R>>endobj
+1376 0 obj<</Filter/FlateDecode/Length 3865      >>stream
+x
Í[ÛrÇ}×Wlå%vUaïؼ¤(ÒvXe],Â¥<øe	‚$,b—ÁE²þ>çôÌôô cÙ"©¤ÊæÙƒ™éÛôôô®ÿû,MÆøšÔY’WÉlùl<ã‰þãí|’TEƒ.“¼ÕÜ&çÏ\&u5à\&i™ŽJ;°â¤y9š`Òº¥pR1pœ�CŠ0ãfT`\1&%€ãH•“\ä¬õo™QÕ�ÒýŒ”�\Œ£#)3–Õ¨ÂbeƒÅJ
ºX>eÎ(iR
+ £ˆacä„Þ§Ôq.“IÓDÎ@ˆ™60f$-³@	�Öb°íiXƒ—I6.G¹asº©LiM¨’qU
¢J„P¥æ¬Ê¸LšB'á8©JIwè@‹©J>XÒ‰'1jœ8¢8žkø“R9¹¤ØGI‹¹$c+•%‹fìb€*; K®Î0.rŠ3SÃÁ™
bÁ<ÅÜq Å`¡eø-—tâÀ¼Œ±@! Šã¹	�91é˜qI‹Áfé�5,6XnÇÌøÉiɉ[²Mœ¸¢¸žCìC"åDüÔ4�rRØ	õTÒb°EIq"k0ØŠ©À°S•	Õ±N¤1Ý
+…€¨Šç+W9±ä¸â¤JZ6çÞ4¬Á`1
+ÑÇ¶n3—âÿ¼v	v‚(n!¦"’’ƒE2Á¢‘5줰nѬ�ÍâVõ\š‹xJZŒi«†òFÖ`°˜n‹¬Á`e«Ö`²ÆYk0\.çQd�ËÓÔl6
Ñåž«Sº\9±ä˜ã#i1Xd>ì~j1XœN0Dd
¦2cº<²3~ÅÄÊZ6«j‘5¬s‘Cäb+ŸuPCN4�œ�7Ë`ûHZLU„’a
[�ásÃV}Ãe�ïíºN™I7r. *ã9'½rª2JzeüÈ´àžŠÓZŒ±eÛÖ`*Ãx1¬ÁT†~‹¬Åô[6X×b°Ípf‹QÙ!&ff‹Á–´W\×b°²×
k0Ë4V†sÊ)Îü�Dˆc“‰$rJQ�€Ðq(*¤sâ,œÔbš?þVXƒi~ž­qbIiy9‘”	I8Ò@DŽ„JZÌi3ꩬ›VŽ#ÑÓ
+ˆÓz.M%X”´˜‹²"‰CÝ´xȲԉ' Në¹4k¨Š’cZYΰSžª†5˜šfv"¡bå¹éDEò·tQÒbŠÄ2Ü°ƒÅeÁÇL�'Èφ5lÃ[ˆa
†:™(«3[¶`ñÇ:eQD3´�²¢²žK³œÑ¢¤Ìš,†™:0p)¶i�­Ì_’´˜v`ÑYVºYUI8ȵÄ
49�5Kä„T1rb= ™!-‹ã*¬/²L»”U¤Ö`XVjÔÈZL¯°B0¬Á`á_+•ÅHV8åK3Öb°÷[œYN‹ZË>(±´�ãÝÓÊ/žÌr¬¬wâ@ÏÉM!rJÁDòCŽCDûÁBXPI‹iû”zDÖ`gû²°}À.ª:ÖÙ�'÷`îR–.þœ
<çdWÎÀ ŠrN?΋®¤ÅªJd�*a¬ùÈÌ0b…ŵ,¶EÇ:E‘ÀôvÅlVÈFsŠzÎi¦œ�AQ圢~¯·°¬’nA	u_X¹8�A⹊5oäô÷ëÈÁ•<?Žúâ¤òXÛ(²ƒÅi5k0X\ò Jk0X$(+°Å°;Î;Öb†_ÉÐÕ™-‹™•Êbl_éűƒÅî´R‰ùyâëæv@Í8$½RJƒ±Ä‚�4"wZh1XTª¹a™‘ùŒ[	,õ€+è3²û¡HÃÆáv<1ã¤4l}Ä�ƒÅæóÈ’LRLÓðDx.…]+ÿË8·8²5x…ËâNqÁÉÊ)rBšŒ–�¤Å`Ëš–Ói-ÛðŒ¬ l]ЕÐ6@a
Ä@¨0¤Å`{XT‡Zõæ€5‘‰3êèX'O'ƒ€(’ç¼JZ¬"EÖ‰èÇf)Íž*k17·ad%à‘ 4‘ËßêmÏH:S&"È‚jh†^(>Ò8<C”“¥°Q4²äo]Ê3H
+—c#ò]ed6d=
7ù[góÆg‰22Fî->Dåoãäg´8y»Æ]š£ËpÖL„
+‚ª(!x{ö”+ÞÜA~†û‡3PDa�R/¦ÏžÏ4—L¯ë¨�ѯ‹dz)Ýw<ž}3m/nçI•œôÝfÞmÖßNÅ(¤¢”£Žü°£ŒÃ¾9?~ù☿@"©36öñ0y³ê�Ï6òwÇ¢ñÏOûÙv‰9ÛÍ¢ïÈ2�äŽ=ÍÿR§v§W§e	-y¡ØÑ]*¯ÇtÞ.9‡ødR<©üûVóE‡�³ä’Š¿Ž/Ö›Uë]ƒó½üÊ„ßWGžd´öQ.«.g#	¡Ñ8ñõü›¯Ú[>Fϰʽk’E·Þ´··vØ<y^eªW¢#Þ=Eo�u›U¹�…íRN¾2™wÝU‹S�trÓÞmæ+>g­�„ãRD*ÎæsðßýGþMÒ’ɦçÔ’MêSDræü(“á�‡çmw)£Ç£b’ù§óµ$ Üðãš®�ºsÊ÷üû˜fØ÷7yÍ\g�
+ÙÇ™äí¼uZ¡:(ÃÃÍÍ\¬‚·9MÐtÙJ.E
Pé³»öz.™åN¬¼ë­Çâþk‚l t¶«ô‹íâörÑ]SIœuYä�â/]»Z8=™š'ÞÒ^Ë¡9Ð2ßÕr꽈‹ºzùI<‹ÛBpöbyׯ6m'qŒ
+¬ÔD·ÞÌïäט¡ò§Òãys°RPzpl¢¸ÚÕùd5o7¼¸»á$=äÖõò‚º±¦�x�&³¾»Z\oWšÂQdŽSŸ“«ÅíÜ­‡]U<^A‘Ž)èQZ
Ü]©ÈîÐOýV²â ?959)^¥ÇØ ~ân\š4~\lnÄNè¿�ƒ%6ÈzwíJªl‰Iê�Æ�ËSÔliù…w�q¾iW¿ÃѾ.ÕÅ÷„‚Ë�H‹úCŸíS¼zÂwË÷C¶^$>„’÷Ìtæ6¤hÑÝži÷*µê]EYŒp¿ô'À¢›o.GŒ	úÍçº~,wzMS)&áN”Ã;nu©Û*w|‹ƒ¾Ãý0ÿ'Æ')9A
ÝŽï/4ÇIrC¤†4–´rn
Îý–ÓᥥZæ²�/Ý
·¢6J°Aƒª&\ÒQ½×ÓÕ'J9ˆÊÛÅZC/÷0[ß´+”á§y(iÛíâ–W2	
|ï2§S©)f”õ|õÁ•_hW�KœÞÈöqêêóKc¢É1¢»ÃUÑ'~h Yýp‚;Pm»Åo4RiÌ„³Ûnšòï"ißxC¤õî~iþ¢-懽mqúúü¢±fÁäÝÕ»ky†�Rä¡šz·èšßôq*I<~5u�m­ŽÇÙûý_¿>žÉSôâÝx¾™!ŒD
+t³®ÆرÁÇ÷œ7dŽÆÊ ïེó´O‘ïnÚàã²k�I¾ä'Wúhzƒ“Ä‚Tƒä´ïþÆ×á6ñ®_½ÿWAǸôsÞ+è&ÒœH¸ÐÆ'üÆ.$ÏÓE{Ýõë°yÐd¬ƒ‡Ñ‚AÒXŠÊø¬AïÈ_XÞß™.¨‚È°æ·âE«Êù¬¿“‡4óüÙ©;ð†1œ¿³âƒS^%t؆§!4r5¾Õèä¦W×À
fîbw¨Ð�»6ý¬¿¥÷q7Uw%?Î?Ìå)_…Ûó+<Ç{|<ñ ¤+ê­’oV‹.$oÔ›øÏ+y0aýüêì?²±ì	§÷ü¸-÷ÛILæ�"Äÿ›Άn´^Ä2iá6%¾9ØMF®Ö·ù±Ÿ½×òÖãA„úŒI½üh9ì…­+Ï­ü/Û»;/�rCÊϨ$ºvéJ|°ª—ÑÏä/ÿÔib»Ñøè‚J…þæ}í&ßhÙñ§íbö^"wQm�¬úµä›A:ß^ —ãäÒîŪÿ2/^Xi~Jžó§xG¡w²ÃÓò”¹^õ[¹Çã-gœàÞ™¯·‹K—#‘R³Ïì¦Ò_4-¨‰ÙÆ^�î)§‹õl»^ûf=�þu´�#§ÒNMSø
+iW	.=‚¯iâ…ºw‚í-ÊÊ{‹k†kZ U”¡(?îº~ÛÍæWc—áþ�»7öˆox¢eƒ›ÓšÌ€_@›Ä„*øl Q*–Å;¯Ø <ÿÔÍÄ,ØCY~ŸYêÀü匰3Aê:Ð>qÆö^?ê†Å»³Wçô2jÜ:÷uòΚO
½žumC¯ñtêZè¶YüêõTÔ±Må­ß!¶»´ìW.ÕØnn´šûÎí/ÛŽùå›ô—oe×áÈÔ"üÎ9x[YûwÙ—bt^¦õ°Ç-ä)—³²œÒ>ز�¡¸÷çR†–ןðR:á´G9¾t†Í^û궷·ép‹IÞÎ×ýíVßÒ PÒbïõêÒ_¿ñN>	�1NA{pâí/ËòÿwpúTNV
¢>^Ôh�bÑ]õ«¥¶fq˜5Z6\¶›ö¢u
Æz"‚#$“6­9úø_X?çûGßÞ«·'�ûÞ0q
+áK“öÑrØMûgƒHÚ@{…cÍ•:³�/ú­«tÌ%ó|>Û®énÙÿ^é¾$á5å—…;ªî7W�/?à]Ixñ…w¼Õ$„í�óþüå	d|U¡àwÝlõé.ìãqöñ—Ôiw®Ì7YùUꎒΣƒ&ëg)ÙõÝÑÜ)5—þ8ú)“,¼T¹k×ë�ýêÒåTÔ°Ò&óêñ#æ�v{EÊôÀ[1¼)Ex|Iï#'ý/>å9Êo~ÅòØmÿÑ(xŽï1âA)w7â›ÛvÑùp‹…þfþ›ì6Û3Þ
Ž'Ùëéâ³Á�j{5ÆôÔí£øæþÉD¾ga¯	_'TÙ;Û<=~C'™ëð=S>Ñc¯	kÑMö³áÞ
&Ùåñ÷ÈÐT^$f½²åxG¸Ÿç¾fñŸ�/=ås1tˆÇø€­Â?‡Ÿ¿%{Ÿ»å¸–t]=nøuÙ‚ÑöÝôÙOÏþ�|#žendstream
+endobj
+1377 0 obj<</Type/Page/Parent 1372 0 R/Contents 1378 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 102 0 R>>endobj
+1378 0 obj<</Filter/FlateDecode/Length 4477      >>stream
+x
Õ\ÛrG}÷WLíÖó šs%¹/[¾f½eÙŠ¥”÷!U[45²˜ð¢�Tlÿýžƒî0:‘lÙÉ&U¶»@£Ñzä_ïåÙÿçÙ¨ÈÊ&›-ï
C|¢¼þžŸdM5ÁŸË¬œòÙé=—Y=ìp.³Q5»q.³¼,;¤Ç`Gãî´Å)kÁ´cŽ@qÄÀ¢Œé1Øz<(<ë0ØI9˜8¶–‡Šч
+°‡F.Ï›A™5JzŒi!)„7ÖáðÐÎX‘ð2+†žnc=[i	�Ùc°U5¨<ë0ØFÕÆ:ŒÇêx™ƒ)†L˜ì/ÀL9*ñ•ôÊ6cNk¬Ã4Å°;Öa*›seu¬ˆTO,h))qyA]Œô­8­c;j`aÇ:‘Ä�
"�ù¸$’)ryN?¬•ô-å¡Æ:Œ‡Â%&nlx(VO·F-À¹<ò¡JzL;Œ¨©±ƒ�äƒÚ³S¤v«�õìhÒ®ÛVµ8r9ܻɌôXÖ¡Q�4v,Ëj¬ÃTgOs3;¬Ö±Ñâqæb$î¤,ÞU•²5ꂪ
+ :.3˜Ï4ŽÑ¥.¹&ÉY˜"GµÓ7eR˜�œ—	°�‘Ësî×ZI�a8/¬k¬Ã`áèpeâ
³“´ì¡‘¾VRVØÉDÐ�‰ËáDãÌH�¹Ú<ŠëpXÏƳXÏ„¹žt@ë1Øšvp¬Ã`'ì6cƒ:£‘ÂJ€©¹<¯øP%=¦yéDŽu˜êp‰ë0D’àa¬Ç`KF}Ç:LeÇ©Äy«¦'o
€ê8¸ÌÆ<z�sâ梌ÌÂ�ƒ…ÇÂÊÖ¹¹o%À,¹à÷F†�%½$º`%ÀF.ÇzÃ|JrûTy.K†¿Ê‚¨
+qè�(¨|‘œƒKxõWÎAh8¬þŒäóJXˆ§@M÷	€s
+…5àf�4ª �ãy`̪Œ“¬*q’Fç bO_ㄘÝH�Á6{¬Ã`Çœ’n¬ÃôHF1c=[5ð9Ç:Žá¥ò,ÂPg¬Ã`ÇUG*�a_¤‚~f±}Yˆ«Û0ÛG.[9e@Qå°È	ÂöôL㤋ð”0Òc®Ì„’ê´ƒ­
+ji¬Ã`a’TÅcXG€ë1Xxg‡uöË‹ŽÌ+JL(~̓.>UbEâBä6Òcª#Ë<b{±¶·u˜G€M¹°­K%EžbÒs€L\h¤Ç4>ѱƒ­ë0X¤Ÿ¹g†y‘p{6ŒlˆItX€	9”§œƒx¤Äs#=Û0…v¬ÃHª	c=‹<Ù�õ˜¾2†Ün¬Ã`±�±Ó�
ŒÜX�égŒ­6³Ç`ñœ¡cå(—ö@#J%˜¸<gT6Òc®kM‘dõ˜fuY‡iÆ1}BÇzÔa‹U…·éØ NíJ†B€©¹\ª7#=†ÀˆDPV‡z±64Öa
+ÌbÄX�ÁÊÁíX‡¹²Ì'Œ
ê ºê]0u"Ç
VRÒcŒÔêë0X	SŽu숩…c;fôq¬ÃP{N®Ï
;VΑ´cP�°�#'eh¡œƒxd5¤�”ô8(U�…2	S\Fcƒ@°�…
&Pä VƒèÏ/’s“†§¤ÇWVÆX‡)[6qhª˜`
&Päà÷PK91)â´TÒcŠ+AÖX‡)®Yc‹Óv0Öa°p
ÏŠ2ô=áPe‡rf$®4ë:HqYÛ@�).Ï+Ç:Ï®=ë0½sˆ=cce³±’ÐÍÅ•P˜8.i!5ÇXäõÓ¹al¨Ç`! ë1X<Ç�
"áÐÑj�'R#O
"E.Š ¤Ç*’²Q¤86DX›Øc
+ÌôÚ±ƒEŽ¥³™æQÄ\ÀX�y‰)tlp¤3º™Û„
'[!@úOG#=&Ë^§g
C`é^ë1•â�Žu,f†)T(�ƒ²X;e©lÂ`±Ë¼ÌÓLm,së
:nDO¨#€žè`¬kŒ“Ü:�C!ïÖq"ïfGÌ8a?É­�ô,ªel)�Öc°ÐÒOì1X©�ÜX‡a]d¢°®Îì1XIë0Xé³9Öá°nÉž4aÜeò$®órë1X¬gÇü£ŒE$ô2{ÞãÙààÒ—‰Ç_Hå-F.|l¤Ç0#DÀ®’ïŠG0ãGKƒ1Bö‰ü¬“F&déJ‰,hâé^“ŸuPdäXQÆý€µŽRÒØ4Î`ð�Úqp�±N8$ç 8›„B:ñ¸²9‡�Ÿ'
]rmÊÏœQÂidòa�½£”ƒTŽ¥•qÁ¡Í�+NÏ)'=;ãRqnuå¤âì&g†“ÓAºµtÿ“,¢8’tFQU~VÅ#œJ)¡š—h”s
+QÎ —&ªrÁ¡â@ëS9ƒ4
+“åÄ)qa ¥«ü̧‰_G&ôöø-_šea;G#tŽ"å Åç5—qÁ!l¡É§ã‚kŠÎ8ƒ°¿õ:ÎAp8'ÙþŠ²8gÛf‰3ê9Y§q:8Èõ-µ8§˜²�11žü¬¦ŒÚ?HØø-1¥"t_x*cC¼1Šhbj¤”ƒ417ºqÁaÛ ˆHb8Hós»g\h¤q�Îî=x†"h˜�]HQ3¬³fTegçr‹�g÷Ϧom¶¾È¯W»vµÛ~wö3FáDË9ꈵ†vÿñåôj×nø» 0Éùý¬ð#	ðÇmø¶æ¨œÄç«‹õf9ÝÍ×+~^?¥
çÓÝôítÛ†‡#áG|çx8Â`Áç”äò(Îœ~z}uµÞìÚsŽÆQ`Ó¾xòð„–ëú¬Óvó[»=±+ëzä|“ÿŠ’ò@¡1åï(Võ›]¶Ë©(€´}ÔDCNW¢)ökSVñ³×íB,»½œ_q¬[6iÀnÍ�à‹¨¦ã÷w—bkÜ+ç“"Íñì1¿‡|°NÓåp$Ÿ9s_­·óg³õõjG®ÉˆvaŽÏ±a4	;±ÅžIêžIà¥ów×›ùêŸ�K²ºHv:]¾
ÖB	¤Z½Ÿï.E¤Èª~rôEÕ[>Gö›Ž)*Šp”³-³§cÓÓ1ÚV<Åf1Å:´ðßoÖ×WÁ™Ñ¡Ië�-§«é»v‰
-f‘?ŽÛå¦"ßò{E4»^=ê©wÚΰ~»�ü>‚H•—¿£Þ–kê�­Lê8à–~ÆדR¸�Ùß­ãž^ɧ:Áf{ÕÎæÓEX Î&Þí6ó·×»6,3"›z,Â$mƒjÉö¼·ƒŒ¡T/ïvI£¶È¯ºK8é©úôÃtyµ�Â3»N‘øÅ“çÏ(:;ªÎÓ4
jâX›èrRS¶/:KêÇ^oÎŒ>é�ìBBÜQ�¡³7ƒë"D&õŽ?žþðBÜ–%ŸuŸáT_kH1¦hGåȯ¢·z�®ç‹ó@±
Ó9úµäºñ¼Q
ô÷–¡è©ðxÓâ¸gkJõ—CçšO.xç
+ÿþök•cY¸§]?¡ér84¾½ÈÝ…+&â^ã¼ë^ý¬åÇm\®C=œ¯Ó9Ìr!h$�²«évû~½9qKóœs3ÚÕlóhHõ�¼éðHÓPHL�׸îÆbåPÔf	Ý=¹ˆznù}»K^‰—]ÒÆÊVëÕÑl½¸^®8R³J,ú&?dëE¿Ø¬—ò!:Ï¿ëÙHšCÆð¦ú:n�€*Â¥«áøs±ñËxþ–R#È[¢õŸc	˜�ájqýn.¦àH²gGõp
Ò]^´H{ËûW
œQ‡ýÀ‰.CO…·HÅ·¤ù³ƒŠ…˜ ƒ/<ÑÎC¤”ÎJ¿çÏE—Nsöñ*è‚#zœ’äõÕÃ÷,Ó˜¯¶»é"H$Ñú™T±ê1	þÌŸÊœrñ^Š‰¦*�Ôi}~=³šùn‚ÚWRµ,D$hªÁ§áØøý†A,wp)U�S�zz9ÝÈš»Ð‘m]E�l`˜§*wÑþÖ.(ÚIºSOÎœjdt,´+€&C
+¦ˆÝrb¡Ø¶³,/ºXJ%2	âØp)U<_/qÞýô."}Q˜+K1lºhÜp0©q­.F…X%	§rà¢Õoô¾/ϤleC@Ïñx(ã=™ÞÌWÅ/�í”Ô98ÙÌ—Ó�y¸àS3?»$«è¬l>mÖ‹Eháý<¼ÆðÅ®^Ö|΃gÚN*|[„ˆbùýɦݴ¿^Ï·ó�øÚ°V|¿n§š4c¡‡ß¬=¸YƒnGxÅÚNeH»¯Ñ£éì—wè„ŽQªÓÎø­?Œà†ÜåÃx»p_…~2lÎx(Û7o÷] ó;tÞ¬6íúÞÔýñ5ÌQ†I�ûDŸlà•�žÒŸªoŽ§³ËùJ¼“I´6WÏ6×[	Th#kG+»U'éßëù*U…>P<^ÌS_˜õ»†¼v�åQ{
c¼½¹yËP�Ë+]OAH³ùVðñtu=•ˆ�b¾Lþž…r1ô�;åâ�dá,Ì x·Ýä¨|§%Cwé'v{µ:Âv8z¶øø7†=Þ$kæé�+¯:vôo¾¾ýo–¡‘Q MÛß&ýZùS^{(4O¦uø>¬ž„·wdÔvÍÝ.tß
+ƒA*n¼�ãc|<ÜíÔz¼^.£kã-Èt.e'›5ŠÃe(«+W’ê"?ÝlÖáJKz­sH¨¯ñYR”ç~g‹‡Þ¸«2O?nw­Ôƨ¯5Vg'ëÅ|–zŒì¦bà�®0ÌÅ|’˜%å1_C³OÌY…¦ÞIò+Ûë7¾¹œ†˜ŽÅÖæÀž-ýaDz‹p—íBî}ØÐm?›®èìÌ]5%~.ÁÁuÝßµ»Ê–À‘“[GçO(x«�«Xü }ì&h½&ƒ;KœâÔ‚a_ï½u˜‘¬ž¯ß§]a5âäÃã§2^†O›èVjÜòË•äÖ½+!\î8×R¤·§¨õíFó9êÛM¨·ÿ xH›O/ÛÚk’Ÿw2†ëwë•Ø
§úðŽ{G•¤ÞGü•ÊîŽ>Ô“øåN]ÃÍç&ײpm¬fx½ž.SÃúj„Ыj9ºI:!BN¡Û7Jª�ì•ò
+�vÎ��íçzO^?|þò¿�_½<{ýêÅ`Z¤òþP:d²°ªƒ±^`~Ê�_žqýñ&Š]«ÝrÓü]&ðwÅ–Qã=Uâ7÷öZ‚�ëì”Á=ÿ°Œ�Ñ?½#ð¯õ{ŠæÓ==¹m?œIÈD›Ý’㔺,”‚Ó >çéJÙlÇ"þSå*ÞÚÔDü½�“ëM»ןþ>ÌÌì�6­P¤å�7ìmÛ›p¸Åá{='­¥!ã*à
+
&¿!Qðì»ãÿQÔëÁ(­ö5úÁQƒnœÞqqyÏÁLàW”:ó‹˜ötÊšÞ5ªs•gl»t^�	¥� ‡2êU8\$�@›g<¼ƒô?E–h›‚¿—æ²BZ§_øYpÐ|.;_‡$ÿ�ŇžiÞàpD{X[¬¸1Mav�dAb…úþÐ<¼#ÓXz®m-ï3Ó®V0ÞÉI‘%)ù9×%e:Ú¯�h˜~]ø沕$�—qz¾ÍåÜÇû�vZÝ“'á… TÚZ,­Úö¼=}p—ª=Ÿ£Ç­ÇDÅùJZÇ!úí“�ø²¿«ËfáÕ÷…ÞJ+…k©‹Þów6ÀÆÚT¸ýžÒãJÍ–ÅÝ?ÿÀŽ…9:®S+õÖÖ‹’÷à_èn«^ayxOIzà«^A±mÃ	ŒK5~?ëYùðú<Jšã„«¿euÌôà^Þï"¢0®rüû x'Q^…<}xüè!«ìŸÛÙ.{²ž]óm+�#òË%ê»n¢q5ŸÓpOÏîýpï•ztendstream
+endobj
+1379 0 obj<</Type/Page/Parent 1372 0 R/Contents 1380 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 145 0 R>>endobj
+1380 0 obj<</Filter/FlateDecode/Length 4477      >>stream
+x
Í\ÛrG}÷WÌcöA4g8ׇ­-_6mÙŽ7V6ûJQc‹1/
+/qò÷{€îÎ�T,Ç’�¤*åÃ3}
�Ðíüò(ÏÆø7Ïš"›ÔÙlùh<ãûÏÿ’_²ºìðße6éFy‹ìÍ#‚ˬ8‚ˬ)Gµ#¸ÌÚzÔGp™åãÚF—
ƒÍÛQEMƒ-†3[W£šÛ^fÅxÈ2[5qƒ­»�@ŒÁ6í@"ÆÐo^XÆ`Ëf bÆˬ�1[Ùª”�&¦ŠåieÆ
+DËe	
+ÖHƲµê,aY‚‰�¢ËGX–`2j¸-a°M7—0Ô8™Œ&Ô–±,�.ŸÍ*[˜jV�¹®YmAL(Ø„‘ŒÁæݨ¤¦ŒÁNtÕ½-a°U.úw–0Xìl:g	CÔ|<WvkÕÕ#îÖDRÝ­‰ÓíéAìÈ
+Í�#¸ÌºSuŽ fª»ÕIÆ¢ƒñ )c°Ø5iæj*„ƒ”<ìDÜBÕŠuÁñð
HK‚˜®øçbÈ\Ú;É,ú)™%¶«ƒ2–é惞ƒ-Å:}Ü Œz�$Œ&raöÆ4aŒŒÂÄ–Qgƒ0‰
Â8KØ„16
+ÛðIP“±A˜J¼BF�¹n«®Œ#a
+ñKN†NË	FJ�*ðN#׎á*ã¢ÓñDÌÚHÆ`k•ÃØ0$LV6R0)>däZq¤•qeHiï$c°e)ª³¦ŒÁ¶ù€UVå�š¼zèdBѧ"Õ/…d,ƒÊÒ8ä„jär*p9#¯ƒ^�#¨N
kiœB‚ÇpC$c°’Y�NÙÉY§€M'qm‹•v°ˆP4 í�d,CÖ˜ž³aÈF–?
©À‡Œ¬©ËJãÄÓ–ðÔ ÍÔÓ&N]«s£§uN=mj§®Õ9‚�A=­“ŒÁ�ȯs“é0[ŠÊ‰%òA“Þ–°ø‚
+jr–1XÄEXk4;‘#iV�k6rm#ó5Ž ˆ*dž“ŒÁª±K,–ÓµŽ‹¨­(ÂYÂÁíq[q{	ƒ-$ô¶AÔ¢$»Uà¢F.,±qETÙ†¥‘ŒÁ–:]g	‹0HÔ–°#¦³aº*QZ>ÝÈ5â-Jãjàõ‡À=AE
ÅHÆ`½ÁÈœ%®ºu–0ØNÎeb	Cб®’µe!÷,[x‚%�-Ë®#Ð=ã’P4|¨rˆvðoHž´!µÏª
† *0jRàó›M¥#@'™”s1œî|'Ëd*ì@b	ƒm$» –°ØˆøPgƒ-s,/±„ÁÂ0ZbÕ¾&‰->@µ'áZâÚ΀ªAÌtÛ1�€·‹Gt¢@8‚s’ËrÉ,Žx¨ÈYÂ`¡ìA[¢@±[jKJ€OàžƒENÚ¸zž0^ËIqô<OœÊæAL	Už9:E¦$gYèE�w¹Ð‹qECr|F†Në�S„Nx§‘½GP:Íe¦F†N«Á‡Nx§‘½G�Ö9Ö£0RÍ®À^2ó	@:ÕØ&q¡ýP8‚¢S	-¼!c‘CB:b	Ë„t=¬cÆ`;‰©-ar¨ÝÚ2ói`ñÄ–º�d�ÎíÂ3¹q)píF®GUGPD-DF2ÛäC–0¦?̇	!árÃTàŠ\˜�q1¤‹…‘ŒeBâ6�
Cjžö‚2rRÀœF2F·8›ZbµÛ!Š¸65ܬÛÄÉé]!Œ—/…dŒna7̆náOÄtC·
+¼ÛÈåcÙ�â‰ÚØ­céVÖÜYÝyMñtÒ­îˆÄéÉîAtZHZå$c°µX5±„Á¶mKX̤ôÌXv„¸LoË,âžc°z"Q[Â`‘á–Ü3a©³ÉIèmËÉ-DZ„QgÃ)ŠuU�‹’ƒEl<èYλ\Sè‡àË9l®<~¨á*†ý2É,¼#,Bû‘¦Œey¤ôG,a¨i,Y‘³ŒÁ"Íàqƒ…�Ú‹x	‹g³b,îLÊeÎ2‹É1ÛèÒZÏŒ±ˆ°xƆm7‘Ü6m;ªdUMäÔåÆ”�ƒßIÆ`k‰øˆ%Ç,„±Žƒ…mÁšœ%,Ë#ù†³ŒÁ¢&ƒÝcmƒEm“çQ„t6ø®ˆÈIÀ‰)ÉÆña�%Þ	Úw–0XØ&ì,aQ…$‰Ä†88¹-c°°TØ¢õÌ,jP…³„EQøKÖ†ž¹-c°¸T€[ÏAÉØTî丒#'I¶–‘Œ¡
+dش΋sv–°(Yb	CXx>,�µe,ŠRßf¬.ˆa¬V£aôh‰L8°Œ’ü¨ÿ
+õèm’üYÚ8‚+Ôú}biÒ‰+ŸÄ 猒!ÂDñ>QÁéžsΡhDN(çBb,/
GPt%™µ#%nÒ\ŠÉHAÃ8‚à°!HU0¤×,J\¢þYlÕ7‰áŒqÑÔ1EPT¢µRé\:$NpÞΡˆ-Ô8‚à�P¢Ÿú$(*‘ò…s!6|Šƒã\ŠJä–È9‡à`�(JZ;-rÈ]
+,H‹A’#XP�±ŒqEJxjŒ£ H©ƒÄîD‘‚CQ�†"
+ávÁÁxQ-³>‚ÃàR¨Hã9„"5 7Ž 8l</äC±!
+AjSër«BEû1Fí'2IP#‚˜"Â<Dø©Ã§�ÛáHÊ.ÞÂA!óÇÞhÊìâJo“ñó웋éå¢ÏÖo³gëÕ®_í¶»ø­pšäÒê,6;+¤Ù7Ï®§7»~#߈k@èäꛬÉOhàwë‚QkÒ»uøbÔå“øÕ“ÙNÃé4éâoSYWUØOòl*õôt:{¿¿‘qa×æé³çëåt¾’ŸÔŒ­µˆµY/aÒX
++|�²TáÂħc½ÞoúÅï:ßfþfº¼ÔOafy™&fC]I„xe“â“{ü-½ Zq,USCÇRÁ€
G¹j’5çÊDÜçy´‰]˜?—1QYµ9nú›Å|6ÝõB@%u‘ô¾»Öß$BíŠØávyy3Ýn?Oýí|ÑÿCú@å¨Ë›ðýèžÿ©Já,—ËÝj¨�âH!ϦºÌpÙ®à#ñ�5´»žãÂö°5›.*iòÃ|w-¿árw2n£~^<òZµ +^GMÞ³ŽºZ¡ÍX ÏýÀÛüávlTg¶O›ë¶Ú“çoT´�¯l›a÷ãdSË~y¶L­¨£ÚŽ$ºçªJ¦G[J‹�d@¸ô
+ª�˜$lñóÕv‡UŸ¯ÞI[\÷ù"ŸÚ›þ—ý|Óë¾€Ë+ÇiÇÜÀ
MßõjR8ÿÆuàíZý#òdÙÜaÐçýå<X-ò¤®z ]í�œÁP|áòè/¡„ú«ï¦êò¿Š&‡Jx¶^ÞÀ¹©À?šOðí‚ °ŠËzÏ–û©ÝÅum[^ÖòP¢7ý.œŒ¨z·æ»~_ïÕ"áÐü{Üïf�ßo.«Ñl½z+:@ümÇæ§Nïs¿¯j™Á™\Š²ÿG0(â³MÏ4Ü(”i�Ú¹3,ï>+ØæEw]6�ÍÖûU0Ä;&ÒŸ+Ã'´7q®êÔáÿz½ÝΡ‰zÄýX¤Òo6ë�:Yë"*âæpŸŸ&yò1›g
+Ýõ^ô[Õ:rïÚ"�“Ö¹í7¿†ãá‘ËÖì'žGªs½OAîÜWÕƒ/Ï2Ç“w(s<k:X¸v2È@6[Ì„Kß8SLIwžÖ=~hjèm1*ŒípK¾ZïÂ1KükxËC5Y(�ja¨¢¢œ)„÷S�cþ;Q¯.JYOÜ
+zNC\LYHÿÓ|U¼×mŸäq~Jjn�¶ªyJý™¸je6\H$ÍÚãÈêßëùÊMÝó¢ø Éqa_]HßÈØ=_ñ	¢zbrr£øZ µ6O‚ L{EHW?¸?Ú9ËqYŽMMj9ŠµNOvºÒ�EõšMàjý!D”xna©®ÁT2Î
+ƒºÂ·¨±Õ_ä«:Qð™>Ò}[ýt­Y3fì‹Ó/dçm:ŠOæd—ý.Ûp(�Û»ë˜÷ñé±ígûÍ|Rt¸‹¸ÿ.3EáÔ¶R8RB«ÉÖSM‘Ç)°ÊærÎÏσÅéaºøþf7_¯¦š�JZb•
	Ðæïö›©ð"–\æuÑE|æ&ÿÜæu,q‰K'—«ý,M·úBÙàŸ”¥.TÌÒ$¸­ÌÕ…UKGÂ9*fïdYB.‰š§ïÙ—o¤WÔL¬no»ϲҎÍVýîÃzó>leÔd̘ëã“ý	~½oÍÖ‡ù´¼^à€5¿ÃÓÿÉ»~u•Ša)¾ù“Kñ Í‚PgRú#Ÿ¹%y5]jœ��sœ§ÂÏýv½Ø›)£æd!¸Õ½‚ z@ÚÖðD1ä^ž€ü¸šÿöøÅ|µÿM(¹€2'KXèÁ w¢íE¸Q#‡Õ6QI,?Z §iâõzê°†¿Ê
+GðBüpUcÁp(ÂF–ñWÏuµÙ×KFuHxqÇу¬@8J=”¶°ÉW±äý »å.�ÆÉëEŸE>2÷P�8˜û
+eåùnvm󗢇=}ÿ@ˆ8wy¤7ÔüQsÒ¨™;@
?í‡,f¸M°¸m¿
uÃAáE¼zðøKm
+T³x^pmšã�‘NÜ,OîÁQÔ!£-àŽ†;
+q»zJŽ>/â^õ¥Yöªß==ÿ^�=Î]³“z|6�….$¿o¿œ5ԚԜ᱉Çìx-ƒ�‰øâåwß¿¹P^[îHô¸ÇšTvû|ªŽ¡yŽ@,Ý'‰`Ñ�PßDÀ#{�>I3à‡˜ç]ûl4ã9¾b Qt2$ÑóWº$¼z/ÖëtI¨öü]½H¥Á»ŽC§
+œ<õŸÎƒ8âls‘<¸¡î¾Ü†9µ^Qü¶µ£jô©‹ËË
Üè¹^âí~¥	Cƒ©ö•�Ê”¯ã3§‚vÃl[0»Âè:ä†\(ÀP,©âªÜ+§BÞÆÏC¶eªÍÜ*Ê>	ˆ
+“o0Üáñºö°>Ñ„<ª”›oVêQýûΉ[sãµfšªéÁö)ÜQÓ)GU7ˆìµ³{2“¯Âk5§.ɶ}¿\ôÛ`
xfaÆ?OyVHå�i~ë‰59‘—vª<>Ç~Ü¿ÍçØ'høDëDp¢þ5ÝãÆbµ“ûù”ÓãÁŠ/¨ü
}_ÍDÎ(¼äÀqw ™3“O}9}.Áœ^Ë£¤Ç/ƒQÊóÎZ¯™ä½…EH'Tóyê¿ÕæéÞ7°Gûï”›£ß¢ê&ñþÝXøGÁÞ�h½&ì<C5C¾EjñÓËÝMéëýV\Ìp
+vMG×;�{¶€ó[¯T $5©ñëý±Ñ<Õãä=%6ÁÇ.
ð„U;¿ÐùñÕùÿä§Áñüºß,縩
+±¡{º§ó�;˃SK󣧕',)ÉÏ8ÜçúPt2x*f�šžÌfÑOÊMº¹Z,€¼uÒÙá®ÐvÙ‹yÌßåo&áýן	†šÃÒ�œ²—AMѹF¿œýwÞHç<.×­ rꌙ¡²û.}Œ*¾ùAÒµ?Ûº1]G3ó˜;;}ôžº>áºo÷óébýNGƒ¾'åÝkíAkgÒ„uÝmÒÕ©@éD4ó+T*k‹`Ñ‹„·ó]Ê­’û„ûò´UzäŠÕiµ½žÆBž*?X
"ª«Èq6PXt²Ia·×Ie¬?¬úÍöz®O‘±—Õz¾uäíÒÂ[o}
)[üSô/õáùß›'/Ÿ>É^oÖ?÷³]ö|=Û/#X„ ÿß™ªƒ!5x܃Ïçó¹¬Ý?/ýçÑÿ
¦hBendstream
+endobj
+1381 0 obj<</Type/Page/Parent 1372 0 R/Contents 1382 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 190 0 R>>endobj
+1382 0 obj<</Filter/FlateDecode/Length 3987      >>stream
+x
Í[M“ÜÆ
½ëWð�ƒS•³ùÍSj-Y±R–j#­£T¥ràÎpW´w†›™Y)þ÷yºÑàpôaI³vReï›ÇîÐh
Òÿ}ä’ÿwI�%y•,×�ÒEŠ_ô/ÿF¿$UÑâŸë$o΃ÛäÕ#×IY.*øNšjQÎÀuâ
+·Èi1Ø*›²ƒm²EmǼN²¬�,k1Ø¢ž²ƒmÜ¢03[;dé¢1¬Å`‹j"s^‘	óC`¦F
™ÐÀuÒ6dB~�8¡ª‹³i1Øl:­Å`디щ-&3•dDeË‚$Ì2È‚�+H´ª�˜6-È”´lÅž£¬L›¶�$LË Në9‡mÚJZŒi›’U–�[¶dqo\
4-7p.­±
‘´Ó™e
›×XÔŒ5lÝÂV†5æÍ‹EkX¸Éù@‰„¢Àžsi[•JZL"¥Ø5Ã.ˆEãXƒÁâNXƒ!°cut¬Å`rÒ8³Å`ëbÊLdžbD+¦¨Úx0JÑžóª+i±š"²bŠ0VT�¬ÁjŠÈŠ)üX¯º²ÓÎÖØÄ(²ÅdŠŠ¶/Ž5¦p5mŸ²tVÊ"çÃÁaUYÂ@e#ÇQ6ŒsŽBL$-&—ÈÉø¼Mk1XœVHYƒ¡f†ÿ+k1Ù!Ÿ¬k1Ù�B“k0¹ÄT*‹Á¶~âXqlo<ì¢Ãx®åáœ�P±#OJ%-‹8ˆ³¡¬,‰Ý¢ü'Ç•A\ÒsÎ¥4­’„!{`¡5쫬L›’á´â´žCÄÅ®)g m)åãHZ¬[ªCýûy3þwKXÔut@
$;`àØã"g òW©“Ð8Éê9ÌZ¶t°„a
†q$Œ¬Å`‘ûìX‹ÁVØÍXƒÁâ¸[©,†û¥)ŒÇZ–3¦a)Ay¬ßR
º¥�sŽªCRÂ- 1¹gX
4Ð@XIò“Dòžeä tTà
+¢ôA#r²g~\KUPäÄzyC‚ÆIYCG•QÐ�AÔÐsy �’ìí9ê5�8‡r¡„.ô$“dš)_M#€86Mà„lý“DZE*ª1ãP®Eòš|Î[\@œÖsΑ$‘´˜¼6§EùY^Ô`Z”ÊOÃ,>mÇ’O¶ (ÇŠÀ?Z“å¢Àžs)I‹!WÄ–eÃX¬eubg0Æ"ˆV–5˜Ôá�Ó±ƒ…#Y©D訵`Î ªã9‡B ¤Å			Ž¬Á`›tÊLêTðm3Ö`Œ“ûë̃-©”4¬Á`kŠ8†5˜bJ­#+¦Èé–\‘A4…ç¨à‡HJZuŒ°;‘5lÕ ÌÖ`2åàÈÊiE¨)/g@"aƒ±žCº€DʈI‘ê,i1Xœ,©CÅ
+©\‘ä`3ˆVðeU˜^I‹1-Ü‹FÖ`°ýv,/šµæ¢#@
œ“HZLºÔÐÅ°ƒmÈŽ†5˜¥‚ÈŠH¸?èÁÈD‘<'w­HZŒEº™Ö`°5•‘•E+¹B±ñ3qQÏùE”´˜ì@oj1Ù�’GdÙÉ2¸�:™Z”�,p´¤å'™¤”�!¿iì¥õ5 £80«°Yþ¤eâ@ÏI	I‹¡ÎСSàp´¡ÊŠm�öb[qQω#gJZŒEÑœÈ09ÍCC-&‘Èí
k0±5¿e#‹*
ëÌ"0
+�Gƒ(°ç$FÒbL›;I‡Z
	,YƒÁâˆ`ã"k0Y˜Bsd-‹Û¼EDz:®‘ò�í/@Õ	œC\α4=É6"áæZZÖ`R–:f¬Á¢¬3¬ˆÄgÐû¡È(’ç¼HŒŒH�"k0… ±YƒÁ"w·†‘ðˆ
_±!Ähž£¦	4UÒbL‹ÊšFÖ`°ØFËÊ¢pl�uäÕâß²¨çÈw*>Þù
&M)Ä¡2-š.êÀŽA4¯ç¼ìJZLºP4‹CÙœÜBòµ6=Þ°…°ÛÐËs\\GÎ@Ü�r2žŽ3ëñ�3’ƒE�	it¨Åt$¨J�¬Å`j'¬Á`¡gmÇç
~¯ëZ; Ì·RY¶l'3sÄÇ…ž|Œ#<ÿMÛ÷@ÓDíX?†ÿÖ1ž‘ë†R<QZ/ü·ò\ÍÖpшÆÆIBw7P‚C0Eû1pìlØc½žðßêjž!ùÐì¡Çˆ2�ö�ÜW9–‰KÛü·Êî´¹ézåý/"’�R„R‚Ã*¸ë…a,;îÎzæùo•Ý3ä‡ÆôË¡Ãr°�‡ä“…ø0Î@pE
+ù•ûîòÑ·O)¤'—×õ^ÔEr¹â7øyùÍewuÛ'ãuòxÜìûÍ~÷çËŸ1
+¾éhÔ™v–Ñ°o¿éîöý–ž¡Ã‰ù0Éê8ò‚~C%~ùéųñc(+ËðãE¿]»Ý0nˆ‚�ª6ó3|7ÈÒ¸f¥Míì6+zÅfÑ„_›ÕøŽÅDJª+zÓB"¼¸d	PCd­ÿé|¹ìwü$imf M·ã-K‡„èrÿø�Ã.¨�Ã'êgðß&«`
+1Xš¬k¦ûçп674Ì_å…Ÿîz¸íY$lž®1²íPË´úÓjØöËý¸ý•gÀ%¦òÜ©µX‡ÁF¨ÅéþWW$Æ‚ÿ�ÎŽµ¦`vóiP­
+BÇ-¡q{
+9�Ðï›9(ƒ{K]è“Íôy2Ù´=ÔcæJåÅé·bªUЯ	¦ª”Sw|>®†ë_ƒCbkR/iòÕ²X©ß÷©¬_
ÕµxcÛLv¯šªü‘kÛ-÷!®àˆêÖ½öohô¿rµÄþ�œÌjá4íöˆ6Ý–Îqê‚Ù^uë«Ž¦À•2Æ«å¶ïö<Z?i"ÖºÛýÂË¡ÍT‡Ðt×m»uåH F‘Õ¼Q²MÄ©+Ô¿¿]Ž:Y·ßo‡«{±GŒ‡ëîî.ø*Œ^ù úÙT·d}“¿rÎIg¸7~8�Ix3	Yâz¸¹ßzéP{£³ï#óÅùsÞd¼jjÃÎ_ûÐŽœ¤¿­�QDqv+$¼Zç€9hT˜U"ê	xÛÝÞJ*@¥­3­»MwÓ‹s¢ØÐ×Ý×7ûaÙïGÕÞ"YsRü ›TL¥¹.GÅú“[ˆQ4Ó?	>I“"!Ò'Á@ˆþ¨7>.ËýbR4=kmJCßzzXžì‡a[ÎçFþ¢üy
+5ŽöëÌ!8A²X�¸E>Õ$ŘVRÁ›£› xk€6슘ICän}µXâ�îoÞ<Ø66™ø¥– ôF�ÝGÏ°ì¨9Ã?Œ»½?¿u±H8œãª6øù°ÜŽ»ñšO$%Ø*0‡^
›êÙõ•§jÊW¿îöýš4À�#×Êw¿í%Y ¼ÕÉ¥F=Ÿkù�nüŸ›\L¨G;kqe´Nƒ{ÎÔižmªî9‡†j3˜çóÜõëŽ�Îp‡žø>©1/L_Œûž•@áþ{Ç5CS¸55"I™�ºµoãÖHJÁ¯éÖ½çþînÜŠcòÚ_„T†ÿ£)Ñ¥hãZGÌ玈ËÙJ<‘‡#ôà²ÏmÎêÚD_\§iiñˆ'ó)ö¯Ú	“SD:ÌOÑcªpcm“û¿ïÈÿþôÚ4ùÔýVZÍëƒ>Ä¡S!{ó¶Øûê«~ô¡~€fƒ'Ûá­¯Íñr¯ÎCû Tt¨·jH’ïÿ‡2áXJá3fÁ™�yO`”&\ŠÜ�J ˜¨¾©Šå'@¼]Ó‚í¶ÛÞH‚B�ªØܯ¯|·Ç&³‘«‚Iƒ]"¨�Âß½ž0ò6
ùÞ¥:
&hŸÌöý|µ
+;Æ~‚%/úw4	Úz¥^õ61ÞàÞl1Äàxa<v‰´Í)4´Çã›S¶t~ñš×Ç
JýEñ}Å[ojüB:¿8z§=ZÉÓY÷>`ï¿È3’cQH†æÜ*ð‰Ã¾ã¡3‰«Öt÷
+áKÍG$d‘äÙš]•E§k¾Vs—ãx»ë9w":T_vEÿDMÞ÷XËW³3þf(ú¨Â�„é×o:eDSë‡Cã�*þWò:¼¶Îss}Ÿ§úÝ+ç?²PÈ¥ÖSß›…üY%m&�‰æü3^털}Ñ-ÁZ¶ÉÁ�ø:”ħ3%çaú79ê®ß"]qìÀ÷–¡ö;Õn�7h‡ÏLà<üU·
ô9ô6ŠÞv¨‘’Ç·:¬_³p¡7rTŽSüt;è³âíÏ´Î{2t7›q''�ÞDüAj<±I+Í‚ŸLw߯Ì$ú§Ó’›oY'Ìߟ°o^
|Ür(ÿ¼°{Ò_ÝßÜø��8cYãË$R-ãî¶#^{­% =ÐE©åÖ2>d;TkŽFv¯K>é0¬FÒ¯©‚#&Ïèô=µ
+yÓ½í9üã
!²ç)+´ƒns’½+7ÛÎyÀx_�~w¨!cÙñïôI­¶K�U2ü0Í@%_ØñD¢©˜· ¦ý`ƒvZ¶‹yyö÷ñŠUµ/3wŠñâgYxµ°™íúx¿¿“Ö2v9øÂÁvœ¶	zæ�emù‚÷½³Øó骢?Õmä’‚[g,Ú�Âh}?l)ºšâ?ò›j*¯bl%󲓾²Òy�å«åv¸ã|‡ÏrTþD:wüQßè«öSo]˜¿åÎ
tâîÅT·f¶‹ç«·ÝféßOà+¸Â—WÉ…iU!\�ú}a�þðßA›™C¶3U^ö€†qŸV6Ã`›´¬>\è!°(cÞqñ÷äÈ'í$J¬5�ÄŸ6Ãõ Û6éü8ÞŒ›�c¢O^õûw}¿¡Ã�HŽ/@%…$öÚû‘o2|dž|Òqô[‘û�Oè>sf¥+|Âà�.béo,SZþ¾áÛ§ÚÏñÅɤF
+’¾ö:¿¢Ð³ä#Š,ó‡ªóào¢Ñ^PÚ’=vmÕbVäýqôðLúª¸ Nå?Z
ÁñÔø:)½�‹íøvXÉmϾøyˆÓi×ðŠÍ®º¤Ü¼¿¤œx™¹¹þ´óï2²EzâK«ýøß­o=vñÑšîÖ£$;&í1¾g³^�Û_$ÔàS±ßå:ëuUå^°’róÝš¾3DcPõ|Ù¯ñŠB2^ì!Â)‘!ï·Ì ‡Ä$ùWa¶þ[«¯ÕüÐþ}ûßõÊ÷m5¦ÿ‘:ÿ×ø¼íÕùóïΑµÇŸñMZòd\Þ¯Qwê==§¦/EË:mék¸á-©ùýå£<ú?F\­Ãendstream
+endobj
+1383 0 obj<</Type/Page/Parent 1372 0 R/Contents 1384 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 234 0 R>>endobj
+1384 0 obj<</Filter/FlateDecode/Length 3539      >>stream
+x
Í[[w7~÷¯˜ÇìƒÕáÜçi�“lRŸ­ãlì4û:–äD�¤qu±Oÿý~H#É[w×—´çÄþæ’	€ 8þýÈ%)þwI�%y•ŒGé(ÅýçÓ{z’TE‹IÞŽœóäâÈÀER–£Êp.’6e†3p‘¸<�ƒ­Ý¨0M-^$™km-›WCÖ`°e5ªMσmêQiYƒ1®He1زô\4…y9j0…MA21 )4P¦Ê*IS0Ø*#‘"k0Nk}—:¶l1dE¤,Ã’‘D‘<ç\>Ê“JI‹!Û…a
Ûdƒ¶2hÚBÎ0(ƒ8¨ç\îhÆ”´ݶl…‘5˜4å9S–-[²?¨4pØ$‘´ƒfÄ6¬Á`ËšÖ`°°áʲCà,Œ+79;›GÉ 
+ì9#tI$-&‘
+XKdaûiRV-aÙ( n
DC—’.ü&‘„3mé²fÔZÖ`´…gc–´­èGS3+D]<ç
+róHJÂz«Æ 6ôœ+š%¥!‡”Ð�Alè9‡iÇ„(i1Í™½a
[“ãDVæÖÕ¼d2™hPin-Š’Ò0ÍÍ¢0ˆ
=G‹€iW’d/jòi”P;Ê�ã(9!LZ`ÜHZL3@#Ö`°ˆ=Ö`°ìn±-«YTù°O�í	P5G"8CZŒnÙplj1	LQ7²2hI‘$Ê ê9‡Y-“BI‹Ñ-æ3·¬Á4h
+K0m
Û�UGVDÊ)ΑD‘<×ò)g :-xÙ””N³‚}L&—AìÔs^/%-&=É
+‹È.�9R–ݬ€5«
+ A9fÎ¥
M
¿I¤Å4¨£É�¬Á`y‡6¬Á`ò|ÃŒ¨Šž Žöl1XÄç̲ƒ…¥Ú¶<Ã9AÍW€ÎpàZ§ˆœ�7-až‘´,o³†5,–	KÀ“h0ØšV.²"nSFÃÏDq='ò)g Š«¤×·tpYƒÑ–ÃLâ¦X7ÃŒ¹G$‡2Ú³(ƒ
S]&g•ñœH¯œ�ªŒ’^ßÒ+YQ&°"|d
Ve"+Êø¶”ŽBUeEø(m‡ìª9ƒ¨ŒçZZ¼Èˆ!3J$#i1XÄ©ÝZá)·¬Á`«
+NnÚægYQ¦ D8(à *ã9‘^9Ñ©(£¤Å`‹Œæ!²ƒÅþ‡‰ˆ¬Á0$d€–qóŒ�¸¢ˆŸ3 q
DÒPcy"g †t"i1XÞ�k0	D!:²"�“ƒ•HÀ 
+ä9Ùs%-¦9¢m/²”d­$öœ
+ ^
ÄŠÑq-r¢OˆšÒb°Y�cS‹Áb§°³šY-I?Û¼5“ÀIúI‹Ñ-oG†5,ŒªI"+ƒÂ|5bgâ žÃÑ
Š*g 
I;$yÏË�RBÁ›œêÔ@4„éaøM‘ÎzÓóŸ€ØÐsñj0Š
qÒÐô9czÎe #)úcQßÌp§”[„”äEÎ@¨�NÛÔÐb°0ÙÂ4µÆŽ|ÕVæ.¥“D˜;QÏѤ—ðz“¥¥¹spB�t
Ú0pÎQ¬ˆ$ù�«(;ó²j‡!œrlø‘3‚’,‘3�f§€DÒb°H(ZËã 
	d1XÚA[ƒ1³Y�⸼Ԏ�÷>àÉ£¥œøS$¥an’rÇ 6ôœ«œ��•SòØÐb°ˆüˆÆ`=
[SŠ,Ûˆ™·
Ô’ý+pä&™7OîÖ`t‹árËLƒVð”رÊGÿ0(ƒ8¨çü JZ¬ƒFV
m‘Q`PeÉ6ùhàM“§Ù2=Ö¨LDÞ,•a«ôm$J*e D„sW2,
E2 S­êñï*ƒgxTe"BE�‹ÔžÚD„qxJµ‘�$¯rl‚8ùknÇ¿S‡¼QxF¢¢RÛL…
+D%±‚#›0�{T`"‚œr(õúòè§wˆ�iryÍ;xŠ[]$—.ƒâñøÕew5Ÿ&ýuò¦_n¦ËÍúo—¿¡bƒ£VÇ´ñ£ÙqFÍ^½ùÖÝl¦+z‡Ö:™¼‚#Žè<&<ù¼œ]Ϧ~åƦöoþÒí—<”m›Ì?¾šnî¦Ó%½ŽÙÀ6៙-'ý¿_ ¦YQQ—üpÉãaV²ðj·äÑPû(´ÛÏNÿÍ"`IË Úv=[~¥§pÙÆ…æé
+ƒÑóŸÞÁ³Eý¬Â)®l1TæÅÈÐ.ÏÚR}%ôy6¯úu½¡ö�žê%=of·SQ¼®üã·³Õt¼éWpƒbÔ¦a*.¦«ÛÙx*s„„-o¤ÉèñÿkýصnGÁ|OÁÝ‚•È`ÎK”xQY9
uÕ.îf›ñ7¯s]äO¦À=Sô¢l¶;X;±T»vçÛ¯_É
x)`eaQO¶›op‰Ù¸ÛÌz¶Í
+‡]Ù³~²�Ë:¡0›W~iï‘éÿ{4ÂáqW¡ro­>¯ÅE±�–ºVÞ=°ŸTªÁûU¿½áe²þqú–ÁÐsu™“ù¼�³€ºäSZ¥ÎTÛ’ Çtvƒ£
—±ÚÓúÓt½�³ÿaq›°É›nüÍû;…¬ »òŒ¿}hOê#k˜…pº\oºù\Í®ÄÑ.å¡uD쾞}Ý®´
X��çQ0è–7».‡JþÞZ�.7+xB£øª_AÁçwo—¦ll
maÖÔÊÑþÓô÷-â÷"ì—Ø$BÐØëø9áÛlGôý8~9]o‚; d«º$‘-·iðç[v(õ‹ÂçsèÆzQÞ»ÈÅÿÕc~™-f6VÂ8Lèëå~¢.̦U#qÚVÍŽ¡JÀ�Çsd'Þ'¢Ó¿œìad¯ƒMéîêðeáK
%¶™Ôðtq³êo%7D…ÇÁj%©»Z!ÕóÆI9T¬s¶ä	%h¤¡òîº[\uô•.ÝЂ´OøÕ¤ˆ”!Ûe
ñN—õü–2ºéµ#µ2Ÿ!ëj¹ðh0(`T^ß'Ôèp×^Ïc'ML	ÁPu{m—¹‰fãëíÍM¿’íØÄ]Éct%qn)ÂDê	žªžÈRcØ/G9UÏ�«	â‚—ÇKUs5]÷ómØÆP¯Í0_l¡O ëºTup Ô²‡ÁæÞ•ëè$#[
<\súõöj9•ã!¢q–¿Àv0ÂU1­À1jÓƒÅÂÍê^ŠñsχR–æ|ɤ—tŸ|´ÁÒU‡ç˜ñŠº4nÛŠ:œ;þ‰¿Æ®»~õ�Þtòwz‚úÞ£ŸàÂDdð™�eÞI%/¦Ýïs?%ïÇÉHSŽ¦tÞ!öË釞{8ÀÑáŒ5E	9÷ÇúXæc½‚ëD¾J_1Y—ÝI	®ù½®p ZíÏÒù§¾ÿtþù#¯5ŠŸ¡(òX
+Ç~`ö¬z–îˆ`‡ÎýLº¿=?;9ý@2¡H«¾~ôßPè•ÅGp¸øÍpÞõ«qHsQgRÿÕ͆Έz¼ÝôÔ+.Ôã®tÅÕøGŒ(ðkØÂÕíÝ:ÔÃpðµ¤GW{¯C�ÜØîø;œˆ³îû_˜‡NúE'~€¯ó4XôÖzÛžœ�úxY||°£4rQ¢Pï	)ã‡~#õ*ÿ»«^4x1®!bz7c!©|~KqÝd‚
~ík<¸®	ùÀ£êu 3çjQµÚ©`!¹”­Î¨z†²ÇìÆ—¯P7i3lóºóµDhV=]l: ÄÎ#¯“=B �DǺ?=BHd7Gˆ‹M7þ®%;\Þk}ù×w¼gQéK“´Å P‡«ÔÈÐP駵ç¤PqûBP:î^‰&«[ó¡"Ðx¯„ˆôŒiš×�ollÆ^µ«N¹þ³Å~³N(#•(Á¿`&=‚§É¹;ƒâ)´ŸovÛÉŒ#LÑéE%7ž”À�ýî¢ìßbàJâ�±Êñ-‚ørmWƒýòŽ(J§œŠ¿@rj&>üêœT±Q¹lZÕî3D.œM´Êa<WñØÙÝv³¹Æ¿lT„k¥é|=½û6]É]¾yžIJ:Üîi¹ï+o±FWÝz*±šMóEý%ˆ¿ïéðe^ö¾èv=î–œn<å�O°ŸýÄÞ²»Ä{Û‡–çää`öÖ“19ÿãÀ¯%µà†DSŒu¿]�ÙØðÑRÖ†[Þq?ÙϾng|xÂPM8'o~•íYZúÔÛ2JY»[0Ò†¸cƒÝݨvn)~Œ€ˆ�I49®‡âïì³fnu½îYÜ >)�úß”Ûjìƒòq^
+zÂ?±µ­;ð=ºE³‹)?¦ænzEÖ€¯
ÚôÙýXC%j/I³ýˆó4ß²ëâÆŸ˜¿X¢®ã¾zHª/çxŽâµ-_-º››pS€‹jýŠãçó/—ç¼®ˆRås×(QÚ§±�Ž~ª‘“ºQõâ`ˆ½Á®_-º¥ÄY\í¢ê'+›ÌÖë­/iâ ˆ¿t|ÖmßîTTÀ¹2®w†1õM¿¸éV³µÿ_1þAÕërŒOm–‰oh‡ò_ôãïSÎóéâIë@ý
Ý
„]SËH�ÿÇ^tyð}Í„¿?HüÅ#±Œ+»‹“³×'	®6~çHÉÛ~¼¥mýˆ §o�¶˜[3^¿¥ÅþÇåÑ¿Žþ÷Zendstream
+endobj
+1385 0 obj<</Type/Page/Parent 1372 0 R/Contents 1386 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 278 0 R>>endobj
+1386 0 obj<</Filter/FlateDecode/Length 3761      >>stream
+x
Õ[MsÇ
½ëWÌÍrU¸Üùž9¥d*’YeÙŠHG>è2Z¥µ¹;ÌìRRòëót˜Ý¥­RI$“T%|ó¶Ñ�@èß�ÒdŽÿ¦I�%y•,V�æ³9¾èÿ¼zN_’ªhñ¿«$ogiWÉÙ#WIYÎ*Ç9¸JÚù¬qœƒ«$-í�„z¶É'bóŠ~œ—�‡.ÔÒÁU‚vEø!qBè<ŸeŽ¡Y†ž¢P&4pÍ|Ö&•rŠP(©¤�·FÊÀ„®nfeR)ç 	¥AÉB˶ÂðƒP
*4r¬¯qF¡FŠPü„LÌ“X20¡�khÚ�s�„–ho¤­Z3TÉÀ„N†¦œƒšÖ³<±†"´¬ÌP%8‘¢œƒ$´šÕpW’B
EhAþ²‚SÀ%â„çð~ã„ÐŒ¼ØHZ5%F¯«F÷G‹(r¼LŒsýµð6ãDyN¶àH¨Ç`krcEEx½®š’
µƒŽü
}*é1Í\Cb•e±V³®
*6r"ÆH�iîæ°²c&–:5–ÃEQ×l®¦ÀJ@�:ˆ†s²°‘“X2¸c[¦˜+c¥ÓŠzCháNX§�Kš ‹’Cl�Ò�”±è‹ÜDÄ20±�K‹šÆ£¤4ÌéclÈÀ.Ì´’ë$(+…+›A�Xö“"pAŒ’ClQÐh•¥Å�·
O^JaBIup…,„…i7ÃŒ‘ŽœjrÔÌA„,Ê<Æ9ˆ¡ ®¦Žd
sè¢
+P
#¯ÆXø‡Ü!å�¼(-š°v�k2ê�
qÒ`*¬.#e0yfÑ<g`B×ÐÜ'íRÉÉl—œ�µ\[`¼Æ9mo¤,Á`Ñeéš’-²V2$O¾êÑÁ`ãر§}ãDi
+�ô,úˆýS—ƒ­*øˆkë0XÄÍÒ±<yYíò²�¼È¥óš†Ä¿äN†XäˆUVÄ¢gÍÌ8
ybœƒšò<[CJ*Y)™™ãƒê ÎXÚH�ÁfÕ”u,œÓǽ°žƒE¤­=ëð*É�RÇz6g]U²Ç`‘ó½d�Á6*mT#Àqfh̃͋ɨ<[d“Ùð,B+ì£cöl•b;Öa°
Ç:¼JŠy1Ñ×c°•ï—#|¿×/ÀL¸`jFl>q…ÈŠ©�uXMo¬˜>¶Së°š^Ù`úÐ6˜ÚXqe)º˜BYn’K^íÖÖaL2¦Ç`Ñ­±ƒÅ>ËÄX‡ÁV%×X‡ÁBûI¿ƒEl…ù¬­Ãdz*åŒõ˜L_OfCLCQŽ’eÎÀL8ÚÇ`•ô˜V=e
Ç:¶ \äX‡iÕSRr¬ÃdzÖÚ¯Ç`3ž(c&ãÒÞË${¶.'yŒINy’U²Ç`QoÀ¸Æ:“ë0X¸˜•Ç`�azkë0XT6~&Å|©ì'Ä|Ì|�+WI�É|TIdÆ:,Æ…éË+(JF
†Ðj¬Ãd\VÇX‡É¸´Ë³¶“ù2
+¼ÚÖc°mJ&0ÖaL”me=‹Øë0™ ™h$évN‹=ìY34É\	„²¼£1Òc°ØÑ`µ©Ç2Qð
+eÙ²i#»:¶¬µläRĨ5ý’H�!1iÂ:Q§ñm‹Í<ë0æåtîX�Á"Y•ŽujÙŠ:L�À¥[Ãmè—¬ŽÃ¤UŽu,VVáY‡Á¢>Æ€M²Ã0¯8c=&u椎¶uðQÃfÊÀÔ	\šSia¤Ç4à†æ_›zŒN¹à1Öc°XgPGÛÊ�ièhAf˜�
)p²ôi—W‡¡zN0†„4…
ë0X1«±cH()álÊòÂIQ éÂ@Câ…9Y(FzŒN!
Fg9ÔTÄf²“9Llà‚%=†Xä
+ˆ5ÖaÒ”‚ªc‹å°¶ƒmyY)K…6r4ù
+’v*³&ŠÂn†ÅzÐ>3´¡­\@”ƒè
+‘Ëq<5¨fõ�ÿÖ‰	­±4QŠ!æ©•øomè„ÓAú1†0rá 4R,›1;᣿U\`°#ÃÉTd‘8Š“J±¸Bvællþ[Åã™'Ê‚89l!
ÔˆÅñ1OŒå´?Wq�‘ Ê€(i|´37Πt†DERß
‚ÃRE:SÎ 8Œ‰0r?œ?:~†<?OÎ/9ªÍqj[ÉùŸ—ãóâñy÷öªO†ËädXoûõvóýùïh¯L©ÕC4;ʨÙã“÷Ýõ¶é7ä‚  äâ1:žÑ7X0~9ëVo;þœ¤ˆ_¯ûñrWÝzчÅ�eM�±ÜlnúÐ=–LèÇ…mÝ`Tƒ¡+ô”s_Yڽ껖!‘”±£Íò¿ÜÿÅÞgá?8u¥ÁUÕD§bªÓ‹î«„£Í4z~Z-·ü«©åãCÐh–få!•Ê©J?
ïxôóYQÓ¹ÍUÿ¡¿â¯ØdíÃשšêtÐõÆî#©ô=ï ™ê©J¯Çå–W¥±6¸Yb:µeðLJàzêy¨´£\Œh¦Z�]
lŠXyâ}'WËð¨poŠ‡á8úâå„sº¥$Èjà;¨–ÙrÍQôÿC'Ôz¨òfá�¨!cðN¶7ëåšCöMô÷ê…ÁR>["Mað§ÉwE ,YžŒ}·
Ú¡ÏtÝ=‡›kú1îÎZÈ–z9—Ë+É•(D”¸ËÉÀQ
�ëø™¥jª¯Ý*„šét¾^®/†�ìœÐÒ2Ûw-g;T@åIlA»#ìí¦eŸ§ÑÏçlaì�4}sÚ‡gD+Þ¥±vûŠêÑíÕ®~b3:ƒŒòly!
Ar«µ·W�t1­Þúó°§Dª5ßnßw€£z-Í
+ðGœ²ý¼v/ºõE·Æÿ�Åè¶2�*^ûe†b½	çh ]¤YKã:â»ÊH!ì•Y
ú›M?ÎúOR`§d`Ž*ò.ÿˆÃo³;H½ë‡þ¼çê–ʦ<º³Ó§¼ŽËÚw9úý¾¢>xG‚åá]kgSr[¨ÃÉÜüø·—¤U�›¦ü^ëø �Ï_¸"$Åb
+;ý—¤*Dk-ÚŸ\_÷ë‹å'Yêx“RשrwFÃ)/ÜÁS˜‹Jݶ‰ÅA{›åå—øíÞ.¯–Ûšö>—“Ó
âІÆëR0õ^™î&à_þú5qën*ò>QPçÇõ“µ…ÓãiÒ=;ù…”À]‰&™ä×õ2x*qŸÊľ£R8ÖšdÚt÷ãéϧll»Ž‡íj�CÜ©í[¼ê/~ì8Œ£,µÃ˜Ÿ–ë±Î’â6?yÕ¯ÞŽH¾Û£ÓS²'ƒš¸7‹ÛÿÇ4Y@vÚ…Xÿn
â’yÞõØUq談dؾ—´ÉûäôÙÿ7‘Zd-ܧ±±–ü¶³BÒqJ.3cÕ}µ³,qÕ7]–/ºÅr½6ï©%<%EÒ—ýJPãïDÐÁi*¬o¯Ç¡‚nGüXÆ»s¬uƒýËXÜbZÝ+‡ÁRªâ¡~îø[T—Õ»Jí—ô?†ã„P-¶ÝšÔB
f%°,Ló¼d1¬/—ïnF®.i7�FþåìXf˱¼îFÞ¾ÂÕÓ&žúá¤yÝ/$Là¦-zu2ÈŽÏUôÓçeÅÝAÜ´t¼ÍÄ-ÆÇѵ+/Å/wm™à„š'ÛÑ:žñq¶80>{g?oðœjwþ÷7÷:ÿôÜT½y¼ØØ!ÙÙl°Ò›ïÿF“�×�M'ã U�¦ù—8 W# ËñLZEuÀÆÙŒsƒ‹¥i€&:m\cx³Jå¸[žäYZÓûÛ¤'â¿4Ô<Ô®	EeÙæâC¿vk®ü&»àþÆÁ®/2Ÿå>¾ïyY¡ø4o:8�o‡ÎoìèC?n–ÃúÍ÷¤ÞÙn{)ŽÛ xh’`ë'ùÆß|þJ`ÿÆè‹,,Õ8½ûÿ¯Ž7`{þ¾¿¹;äïûF®;Ôd/Ú¼{ÂÊ%“ëY&\AáÒRWèŸÄ\‘HšÝÄãÀi}5È
ÞY¸û8ŒÄE…9ßA{M²þÉn©>£­ó—ÏÝ62úªf Û¶‘‡ù
+½£óBöºøÄÚç�hßÆ_ò%ê•bmMà ®0¹^p{�ä×
¯8üVt“«‡HŽð¶Mw�ç'/�OyߌçêusÉfÛ-þ`£ûµx9+þèóÛ‹åb6Ã%˦.ñ-Nâ¢þ½œÜ�€ý<ð´¿êåº<Š_g×åV,æV=íŵҲª»ë
Ãòðu·ÙÀ·9LÎ’ï»õ;žoÜà}Æ×÷�4—›‹ƒÊïGadWKà­[<ÔO^_¾fóùªáV½ ÖÅ•­ä´úfg*Q?zi¾ôàN{Þ}Ò‰{ÓF5&¬Ä�
4U—¤ñ¤^‰ózÆk˜z~'Woª%ž)íh¹³Ý»-:}×–Çßµ
›×õ÷{ÈEQ,ªDÿ
+mº(w.©oÓˆŽíB@Áª–]ÍY?~XÊ;
+IZ2¼ŒÉ›�Kc<e¨îî’�ÜhÈþtÏC þ_žƒÉRuÙ«þ'aa�•¨µ@ÿáæ»'½Ž‰;Ü/É_©Mš³×¹#1ü“7oñ˜…4Þ®·ãpq³Ø¢È¢éŠ1è+
èËÅUŽêÚX‘ftøÏûu?vœ-ð†±¬¢s.×—\^Ñ%\ó@”T£éÅ6\gçðüiÿöFnz}�Ç�EÄÙð†Ϙ9hËÛ•Ú	–p´~\SáÒ6&û~‡QÔBtúYùà°ÿô#þ­-…£Ý[,¥©÷=Ù¢üz/®}u½•â@=ÌÚÛ~�7k½ÒÇ„h©‡{·E¿á)A`-îðÁIPüø^ÓÊû3Üdi�Wsô$O–Ξ¼øáI‚øßq‚‘<7+¼!Áå½D�œ8Õ}õ¼¥ŸXÒDþãüÑ?ýÕëôÈendstream
+endobj
+1387 0 obj<</Type/Page/Parent 1372 0 R/Contents 1388 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 297 0 R>>endobj
+1388 0 obj<</Filter/FlateDecode/Length 1014      >>stream
+x
ÕXÉnÛ0½û+xLfÅUâ©Hº¡‡mãp7qY©-èßw8鸨}ià$€�ǧyš�›~M”hà_‰VãÅ¢Ÿ4²�þùö1Žoüö©܋ëI{áœôWÁ^¨Æ³J4¬1°Fï±6NvðJ×EA´¬`/‚•¶âÐÓ&ÀXöAñ”¸äs_T#ƒðLÖ8zêd[³ÖÇ,U¶î…nÔ‹Qºà¥ÎQ&ÀQfN)Y/d2ì¨Qz‚bHœRˆ2‚SœW‡ ×YЮ8„ÎC}{
h"ˆv„4’WÈÇÔî›:”µë•tYâH†É³,³IÖ4˜×$‹ ÈG2LÖ˜e™M²ªÅ¬'YE–8’a²Æ,Ël’mÖ$É"(²Ä‘“5fYfQÖ†¦”,
–Í\’)d�³la“lÛ–’YE–8’a²Æ,Ël’õ±=¨Á,‚"KÉ0Yc–e6ɺ8í²,‚"KÉ0Yc–e6Éš6•,Î&‹eŒ†
+UÈ«Ä[Ø$«m*ê (²Ä‘“5fYfqÒ[ô„V‹¢,.¦™kãÚ^¸
+¦H LT‰†ñ•®‡Š½šM^°à‰Ù aQt·VÌnpg�áÅÅlþý~)†âí°—ëqûjö¬$-ZMÉlª£ÙÅÛ»ùøÜÄgâžz rs!´‘qLy™G¾-†Í¸ZßÆq×H«={µ»¥—Øü’vÕÁËTô@Σ Ödôe>.î–h—zz‹<“?e“´�œj�÷¯¼Ù§y{·šß®‡mNœ“FÊÁïa‡™‡–Ê	Ûyÿ}Žå0Ò4=¹]n©J°£Cf±Jÿ=YÊ6)
\Xå!	\U+Õ~U?­ÇÍp³[Œ«a�}r.u¥H¦m»ç¾Þwÿr»ÝõÑylL×r]þ{ª�¼€ý؆UÒDåy5[nÓ”¯šêˆö³Ò9Ý’š)ò¢£‰}¤•ô!/*ŽÀqÁ=×48– “{Ík¶×Ñ€ôù„9ž”šíh@æÅ”–ë£
Ùó›æ°Bî´–s/& tn8Z!ÿbjO«P{~
á´>l¹î´€ºP8- <"ž×>„ëÔa…àÓKL~uÐßYñ¸§´tg±·*›âi›'û*\’N‹·±³‹§«oFð¥
ƒáÜõ¸º¿�áÁ¡§	ùp7¤+|Ó+g!8nïྷ}
¬–Ö?ÓÕààLDÅzý¡£K ¤½3Fhøçã•éúòóÕ¥ø²~.£x7,v=\Oçùª`àË ƒç§mâã�«UŒéýlòuò9ÍI¯endstream
+endobj
+1389 0 obj<</Type/Page/Parent 1372 0 R/Contents 1390 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1390 0 obj<</Filter/FlateDecode/Length 159       >>stream
 x
…ŽA‚0…ïûï¨g;æ˜Gˆz3Ѹ?@ÆH$
"ÁÿoN^LÓ¤é{ïk_ŠARŒÜ sˆ�"MpÙA[XŸËl¤Ç„fió+”Aí/GBh„år�PC8$›¸yײÀmÚ'œ†øîR?UÓsè·¡ýFÙ.Ñ]Æ‚õš	©ê‹ójqÖéùÀ?®õ¤½·ò�xyÆœƒº«•ã;Òendstream
 endobj
-1386 0 obj<</Type/Page/Parent 1367 0 R/Contents 1387 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 328 0 R>>endobj
-1387 0 obj<</Filter/FlateDecode/Length 2699      >>stream
-x
}™ËrÛHE÷úŠ
-oFaCøöfF¶ÚnÅX�¶èÐÆ„$X$À
@Ëúû9™E ’’g¢#l_ÞÊwVeú?G±ð_즉N\¶9D~éÿøúù(Ž‡ÑÄ�ç“hà6.‰§Ñl�ÖîFÖ»ñ,á·�›N¢ÑôÔPl\<Ž£¡+NVŽ&#åFã(Ù¡ܸù,Š-7’¥ã�š›ˆ'¨Êqe.rºP8ñ%Ÿi1l2ïmˆ¨ÅÇ€8Œ¬Á°³i47ìl�Ýh8%bv(¤"Ul0¬¦Æ°‹Ù8šZYƒÅì@\î5{³ÉˆC©PÔÅÓaX²M<�5X�¥N=ëÇ1Ö špEªØ`1›ˆÙÀ;™‰ÙÀ,fgmϪÙ!­ �”ˆy�|<
#JF–5v,õ1²ÓÚÉ€rÖbØÑ€€ë�š�´ãÁœù\,N%¢8°ÃNd÷Ö`XZ÷@³Á85�md-—‡âro×»<�};&’<Täó0fG‰d*°‹Ë³CÖ`Xì`6ÈŒS±t\`½Sã™oÖÁD2¥Èç1`'’©À;Ò †5Xœj6§u¹×l±ä1–pk0,ǘõÊbØùøÀ+®žq8åÃUdÂíXº“dÖ`diöA`
†Å,û °ã‡8êY‹%Ü‘T¨g½Ëô¬n?ï²"ãrÇzk°Ô ³�5Xع˜5lÀâòDÂíY‹Åå™ì’ÀË|:�5xㆱ6s/k1ìX÷n`
†åä¥çkðÆ�C錞µvÈÎeŠq¥1gQ‡üîXعTW×z6`XÒXƒ}šIF`I{‡I§+EèYZ
r0Ö#ïT V
D-Q²GzÒbX£G6v*úƒ¬6\2Oü‘0ò·G*j°W<µ,Š;‹&+ëëF�ôŠÅ;™Sˆ$°‹bédÃ,½šO`½Ù‰¿@ùyœ(R³:Ÿ=F1w¨1GŠ¬Ö‹ÒsÚÞcEÆãŽåš»$°ãÓ` >õ¬W<”á‚UªN°Š¼O
K¢¤<†5–!s k°Ä#[ÏÈ,NÉæ
-¬wŠÁä/.ê„"ãTÇz'k0fÙ‡(¬Á°óš
ö™YÉ\‡akÔkö.s•Ó+‘Ï£"ãrÇzkpïr`½Ë�¬w1°÷.÷ìÞå½lÂINýzÖ»¬Qa–HØ0Š¼Ë
Ã2óˆ6°ò'Èr`
–€tÖ`X®s´M`
& ÎF«Y]Žg2þå>:G½ ïrÀ°ã	'˜a
†¥ÿÆ–5Xò(×Ò k1,cŸ·RoWìx*¯#3RQ¬H�2– 8°ÃrÔÅ–5Xr!5²Þìd°?ejÄŠÔì0`ÓCˆö¬žºñhªÍ:“ë’"éS¬â�Ü–bE>š€a©¬Á°D95¬7Ê<Ó'âPò @ô²´ƒr™E°'-£òž1¬ÁbT.†5–w	š
&Áì‚íY‹a9‹­]‹åò ó2ÈZKé¬fŸcÞIÚ1·�ŠúP\=ûhÄ‘S é�`â9i
-\€’¤1•	\€’"¹A.@‚Lħž3Ž…qà4Æ�Š›
-‚›§~.ÀÎÍÀ©›�œú¸¥Rr	í9áô}¸ápzä4ž,þ>+!(!tœú¸	�fäTå¸{ÊD�WÙCÄxhðùD* ¨”“+pÀÄC8}M.@¸¹|X\€>cãÀIÆöN=½œ�pD½7.~(Ù”íä„›Ë>\€ìÞ�|êb7P.Ò2vzNÓÉqëOÖ	æhÊxì!¡³9åK
•PÒ¢™:N�!"–íÅÛoHü[¤Bˆ+;ƒ§£„Óú.@qD6^à$':
-zÎ@8~fvö„›è츋£“OظÅßì&Ó™[¬ôS¿dǧ˦­Ó¬ýcñƒu¼õëÞ¡<aåñ—´iÝ·í*ms¿†SM×»÷nñ°s§»{¦'-ú~4{?»�gЉ¬¸wzåAÏâ¡hܲª§.«Öë<k‹ªtÕ�ûëêvqÅÏ«U¾rmånÒÍ2u«*Ûmò²Mý²ŸyíÚ‡Ü=çiÝDîܵõ³,ÎËfWçPiëÒõzoWï-ØM¡²]]£ç­[îZ×T›¼-6y£ÊÔ™uZߣüGµ-xTæn›×
ÎeÀMZàDQFÄ›»MEBê<C¡Ã¥fBK|/Lwþ«’eîîª]¹rxùжÛ÷''OOOQ#‘FU}‚UõèÍ™
û�Û¦÷yä®×yÚä®ÉÑ°ÓjàõÂà�¼®ŸÿÕ«Œ~W‚Î)ŸTÂ_t@AfH=þí“üùò›ûœ—y�®Ýõn¹.2÷¥ f|ø~üùúË÷?úà“È�RÏí³T’½p
-QÃTQfë�”ø©h4X_è¦ÚÕY<!¥½N)@Ÿ»ª|·.(NªýJwuU6½kî4Ÿ{»ÍÉývµ¿:‰®?>äï­Óœ‰Ë'Ÿ¸EôÝ/‡€tmº\ç×Ǫl©¸–ø`ŸtœG}¾Š²iiDÍ°hæyïh¹¿ª'iÛs¿Ê¥Tt‘ÓS7§N_¯Gâkž²-¤÷H†ôÃËNc®FîîX¯Šò^W~(Ê´.üÂw&QÜ;|ã +6ÛªnS¹ió틺ÅÑ(rëœ�¯›Í’*—wÅý®öÍsW¬sí±CcH<ÏTu/ád©Vý0ÓÇ®eå6­7þ÷îü9T8‰ÜM›Ömž°�H[É?^y=Å<Ú¶î88^~¦ÅÚ´ôÞ5y͇g^á–rH‘Ó¾cweñËeë‚fxezþJì®®6œvgW7oÝíÝí=åü—þu¹Ð¿’Ç·îêæ$yëò6‹¢È(?tŠÿÿànå�;¿ã ©Æ�Uå?Zw[Õ�ÿÔ l§Ñç›m]ýd¿-ëê©‘0ŠÒéñ «ÓfWäâg‘?I¿w/bäYN£uÚšÝVè@«éµDzíº®ØBN̦Zïä$WO–Ñh½Î4««¦qÍnYæ~»,¥¹nòVK²Û’ÙÛóËNÅ®Œk¥oÂÚÞ9@îêë¿?½úvýÚèŠ�]]œž_¾J
-ýò©ª3É°¦Wö7‡–ß²ì-m±ßh•‹ôÑ°»W•L6ùo%¤ü—›1]VŒ1
-”®2ÎLM’Û¼:xRԋݺ-¶ì>fX^ߥÙþL°Õ§LWÛu•=ê¹rÈ B›Næhå½î5
-ø÷®È9/¤x7Z¼PÓ“ýïÒ¨÷uEáúbÜNkuaõ¬h²]#ãõEºù¶¹o"?nÜ›¯ùFòrZ–Ø,—‘Y§ù×;›ÜoEÕ�ÜÝ<—Ùÿ•&νaé»W~Ñœg•»¼Z¸îm*+ñ÷‰ïÇ13“ýØVÜ}dØ_ÜÈa°bgRòŒ
ýª‚£ˆ¾$&@·{ÜU֮͌µ)Ãô—´¼`>ÈÁx¹p×iÓ<UõÊýYfõóV¯P4—\‘>ù4Û�»w¢G?
3ðì}pÄw€ÙlÄ­Bïs.Žþ>ú/(Îendstream
-endobj
-1388 0 obj<</Type/Page/Parent 1367 0 R/Contents 1389 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 380 0 R>>endobj
-1389 0 obj<</Filter/FlateDecode/Length 3545      >>stream
-x
�š[o×…ßý+ÎSÑ>˜æýR (ä\±ãÆJÓ·‚"Gc^”á0¶þ}¿µg΢”F
7Kkö}Ÿ}öŒôë‹Aêó¿Aš
ÓhšV»ý^ŸŸtÿüø�óyo’¦ói¯Ÿvi0žö†g´MÎälØ›‹MDév:ê
œ5»^²†wi8ê÷&›}š,zS™íÏ0?
f
ËlŸ§Œ5Œâþü’íË‚£x4V8
¤×à.�'ÊJÇÜ¥ÅqãBÍh„²1È×Òip—fï8ƒ„1œÊ`G:†%xu;ôf.kXìB¹-š
+A%¨cÃŽ´…±†aÑD‹¬a²;Œ4ul®é�ÞSMI(fEM
ÃÎ'2Û±Y´?Í]È£��$äd1B_ÖÛOµz[;à°±†aѱpÖ0ÁŽÔÀEÖ1ì|Л�š÷£Ït÷8M…S†1Kµ¦Î–S³KÖ°êÓ§òE³cXº†€:»Ža“KYêž_‘u¬“£ój¬aØÉL©êì:†Å©êØœ*ŠŽÏ`¤†›Ê©*X©šÈla
+U™-¬aÂÊBa³ÙÉ8·ãp@oM…YÃ(f¤àTa
Ë)�c
cv ®-l6Kºb ÆúI 0kÅüœ¶)¬a9ýXX𤳅5,6ralÁ¸ÌÌ$Ë›]&}qÀ˜St\ œ©‚åÔè’5Kf¨|‘5¬
/XÇ°dŸdt²Ù)ò¥A>ìë‚š’SŽÅF�Œ-XŠÃla
ÃNu;šfô2Cˆdt²ŽuH"…5¬C¢1f²†a©�k뎙0«»;&EKÃü™#¥œ�âroéŠ)œAjC’p§t;˜©6…5;]ʆ]ÄÐ-²†I0mF];Ö±Š£›ÍXÃ*NœË"k–
Ã#rL‚‡ãÍŽa,m¾•FÇìƒÑ…ÏÑ‹cþ-7[FÍ7]ÇÆÍVØ,:çq7Û8�D3É�>š¤q ÐkX%Ðì3Ö0,Çpì¬aE§Æ:V	4IŠfÇ*Á¥WŽa™:3—5œKà^åpÇÚp™~Ä©@®aر­±†s2P\dIF‹s2pª°1£2†],ºgîai
-YÇ°tœ{•Š¥Åµã8P®_Á°Ã‰²\XðìCg
ÃŽ5½MÖ0,‡bá¬a±š…&k˜€è—u¬dè*²1£ÆLqƒÙT’
­Á]š/ÔÉg�¥¹W8ƒ8ËBHö;AÇ°mõƆ]Œ/dsm¸éò‹Mœ�@Q–VTµì8Z±°†¥¸¯Ö°r¤�²°ŽaÑD&:YÇ°s�¨Â†ËÚžb„‹—;6\4Öpë²±ár+›],¬ãÖec#„N–ñ¶ˆ
ošäUvy>$›˜å…`ÂÍ&.†�]¼°Y4Úr ]u(D
ÃŽô’g¬a<f9ÐÛ¯½øDsÄ´fу”}*XŠgøj¬aXv~œ*²†1;вSØs*.¦Ù(P˜5,³C%ª°†aYô0[XÃrj~Áf³±ÌCõ–”WùmÁ°\?xÏk–&q6+f»�Òòÿ��$£`ÔϯÄqö3gð<
+1391 0 obj<</Type/Page/Parent 1372 0 R/Contents 1392 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 340 0 R>>endobj
+1392 0 obj<</Filter/FlateDecode/Length 2638      >>stream
+x
}YÉRÜJÝóoÓ8šjz›n0m?:0`W9è…7ªª,�­¡žcþ¾Ï¹YRÞG‡#€£“÷æ�3%ÿ}™ÿ"3‹M25›ò$B<|ùxEI05“Å4Miâh̨0K®7“yŒg¥™MƒôHÍçA2rÑ,¥œ¬åJ—&šD\)ˆÕ¤ÓT¸tÄ@JÁÒ,æA¤¹”K'¡Ø2¥™ˆJaç‚r²�œ‚°%¢MžÔl¼÷ ¨Æô#„JVa°óY°P,Â31i2Cp¹mBR�(V¬„F±
+sÛ(˜iY…¹mH“GÍnÛ8EŒA„BÐàÏ€Á"Úðdz
+Sñ„yY§8Š°ÈP.H+ÌmcnëY…ÁNY8ŠU˜ÛÎéí(+Û&(©¤˜Û;äüñ¢BªY…ÁN˜%«0ê>‘.Ïj6
á�g�Qs–<‡ä8äbá1�Š©Ø³
+ƒ�²µ«0X”î‘f…aTȶò²Óä„&�û:“g‘+ÇxŠ '‚\=ƶiÌHyVaš<?f‹}°­—UFE¬8Ï:£&sW¬á”‘äâè1'SFʳ
+ƒ�$(Å*L£ÒcÍ
+èXL5kÌ8Ft׳
+ƒÅÓViv19²Ê¹+3F9w)wÕ‰`xVaȢОU,¶ExVa…	��¬Æt7e†FÖ™Œš•ös&R&¬3ѳ
+3·õ¬ÂdÜV±Óä)ÝY�iòœ]âY…ÁâH:’U¸4I$Å<Êjv"½ëY…Ábò¢æ<«piÒ0aeŒ¬Æ`“èHvÁÓ�›Ë@Á,�ëN�*ÌtdWÖ:Öc° ³gvaF0<‹°¡ÂtEF¥2œÈȘ%äpW¡“ãd$5›ð0R¬Â`QºZ±Æ4xBw¼f…Y	›dd5;åEC±
+3óâì(«1Ø„§·—•6ˆ1Ò¡H‡GJ‚9ÍbA’…ÁFDJ±
+Sñ³F±
+ƒÅý+Ö¬ÂLo^Vc°X)Ö™Œ€¸¶“)“Ö™èY…G“=ëLd�‰žU˜éãXašBÃ}5+g®bÈQÖ9„þt'²8$H94°Î
Ï*‡0=©‘uŠ‘q¹Æ…)wä{Q$sÍ*LÅSº’F:Írb*VaÈ.x}T¬Â.Ž¨ÇÑ*ÆqÀ`åxS¬Â`qzVHf”yø)Y…Á.غŠU-„[a´JcOÞ8<ëÂŒk‰4æ=¶$aVÁ@Ò!êY…*êð¬1^[á8
Ô« c^˜<©17åô¬³7ä`éR)ˆz…Œà¡#:"Æ #g¦^îªX…Ábâ±
+#þxMX(Y·-&³+UÞÐ#A²­ÜÐæ¶!V)Va(ÆÌÒ¬SŒ%.9ÉT�:p§0'	’ãY'šÎ$ü‘4|$ÈÇ	Ç�QÎn8I…îHLéª /	—ÄUd/¹‚ÄU…a¶C <«0Ø™¸êY^ôqÓS˜»¿©Õ#ß4˜¬"㑼³¦Š¡ôÌX{ò7e¤ô^§n�`
+?ô”‚àpÅUb
+Ò+ÞñÆÍ'
â9‡Š9W`+cÄmæu*¹ÉBÛ© 8¼ª'JÎCDJ¥Sz‘a9à¤X°_]1xTÜY&žñÁ§…£ŒG$/I#¥ 8¹£yÎCpò>æ9Ù%¼YŽœ‚àpX©ý“§^Nê|rx•D)á[
K�/èSpõÁ·˜�1¼‹H`>jHñî‚)/Ý*”€A#ŽÜ7eezÎCìæN.9á"„I9p
+Ò9^«Fîburö
£<4«>DMgs³ÚÊ÷'<Ùœž¯Û®É6Ý›Õw¬ÃȉܺwPcåéuÖvæë~›uÖ­IkNÍŸæÞnͲ
+�@.4ïäH€Ôê1oͺ®üÎ̦.
+»éòº2õÎüu{¿ºÅãíâ]m–Y¹Î̶Þô¥­ºÌ-ûiÓ=Zól³¦
Ì•éšg.¶UÛ7TÖ™¬(ûÊ�‚}3P›¾i ç­Y÷�iëÒvyi[Q&ÆYóåßë5µÀ¢Êš½mZ·
,³FäU`Vؾ¬á~c7Ph`R{p¡ƒ/¶ì%kkvu_m
¬|ìºýŸggOOOAKOƒºy8îbÑ—Úí?Ì>{°�¹+lÖZÓZhè%ö°¿~±áwÛ4ÏÿUš>Ù¢´�ü.-ƒ¡.ÐÉ6G
äˆÒ
›�ÿxóÕ|´•m²ÂÜõë"ߘëq€]ßN?Þ]{3$Ì9r¼fv‘´†BTÄ°U^mŠžiÊ»G	€K~[÷ÍÆzKæQ'“2Ƴ®Þ9–IÅ¢â†Ì«(ïÚ�Äø°o{ö°/‚î× 1ÔèûG‹„¾EÐGš|ö
çæXÿ¼Ä°’³uaé×ûºêP’ö£N,¸
+ÆxåUÛ¡8%ÂÔŒ/¿£¡Q`þªŸXÊWn•É�å•E�-Ï?]œ¿^‰/6C«°ÖÈËêÃ	ÌEŸÛ¼z�•y•5¹[øN
+ÓÁ•64y¹¯›.Cq·�Ý¿È[¤�yßX´¾hlË5²\íò‡¾qųË;Ô؆(˜@?ÝyFR†+%éÇ�>5Vtχ
tlð40Ë.kºÁ5‚ÎBÔ*üñÊè¶Ç¬(PÕ£À#&ÎÏ,/\>+g]kt5Uï8w:àmŹ…�ŽÛWù/³)rÔ«­¯ÄvM]b^Þ.ßšûÝý~æÕâ—üºYɯøÇ[s»<‹ßÛm‚ PÊ��‡ssϹwµÃl‚Q­¹¬«tæ¾n~üSœÐ…†‚øÜç›HaݶfÙ¯+Û™‹¦~jéÐÙá9…šºß{ê¡Ï·ÒÄÇêP‡—y»é[NÁ—1ÃI˜¯n˜?¾Ø²FáœWáÆr´5†ñëpǬÈ߈Š©Ö,Ÿ«ÍiUÎxÅ…ï¯n–/r‚÷0X]››Û•éa]Y»ÃÃ�ýo§Æؾ©»Ggò§%´EŒÐjùU§Å
Êñž )Ûºè帺m06_eÀ¹Õ`êíê¦t-ƒƒ4[c¸s±/^BpÊU]So{9)_8‚×'ðc»Þ ¶­9_×8ã–G^ÞÉS‘Áç"”#fÚeŸµíÓ3¬Ä‘–Ñ¥•0†w=´ã8'‡†Æè¹¼xeâp}y~÷ê9ðÓóòóõ+]uC¶kóßO×f_ô¹«#üçØ8¯0GWÏ{)¤ÿ7G]Ú™Kö7ŽKSØŸ¶À)…¨ã!;¼5UÝ!hÅmÍþÛZ§ƒ'ÝY”ñÆr³Jy ¢âæ®ÉË#åRDå$hx£‘Œë$â=.6¶±÷y›£ü9¸Ñm/B�÷QLël#�çò¡‡/ô˜»‡AËVåàw¶ýÖ‚³x»’së)_'qré«]Š/£óyŠ ˆ˜Öü{uòùäÈþ¶ïendstream
+endobj
+1393 0 obj<</Type/Page/Parent 1372 0 R/Contents 1394 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 392 0 R>>endobj
+1394 0 obj<</Filter/FlateDecode/Length 3570      >>stream
+x
�šYoäÆ…ßõ+ê)H¦§ö 43v¢À³d$Çy¨nJ¢§»)³ÙžÑ¿Ïwo5«%Ã08stx÷¥Š”~¹˜„1ÿ›„å4Ìa³¿�Æü$ýçó?.V«Ñ<,V‹Ñ8ìÃd6g´×Ša—“ÑBYÁ°ëå�¼Ób<ZŠ¬bØùz´VV0ìz>”¼³éz`W1,vU³bØùr4»Ša±36¦j9­<UR¶pS•±¥jnf3+ØR57³™L¸Óåh*l4KFfv:Áü‘›» ¶Ê
+6§Ö¦8Ë
+Æìd1ÐÍÑIamâÈÍ
+†%É´Mf›SS‹6³‚aWc3›YÁÆz.„Í—Ç+Ërb£Ë³Q":]X×8Š™ÊØœš
YÁ°d†ÊgYÁV é€U;/,I6:5µÂ˜ÇÖ=Gæ”bc½@ÂflŠÝlfÃ.|�3+˜V{ð‰UlCâÉȬ`’¹5UfÃR!Ҝآ°Ãœ
ÉbiÑ:°hî)¥+'pÖë¶Ä	¤6$	w©v²´ÚdV0ì|6”»ž$ß½c“àØÔI³b+ÎÄÒ�YÁVŸËÌ
+†]O^)&ÁÓb Y1,‹¥Ï·ù¬xŠÉÌz1Ùõ^œ¯gq•sþ?"W0ÉXYÕ3EN_<
+éÈD#Iy}ð|7̹^ÁVÛ}Â
+†ee“¨±@YV±•À6‰°‚­¶Á„K(KeǨW1\æÜÏLú§y¸‚	¨°¡VpLŠ³,ÉèqLNeÖwTÄ°ëuzÖí
+& ™�ÆYV±…kó)¬`ØõÊJ”ì*&“	K7³Š-UCYÅ°óÕ 1‘–Ÿ¨ƒ¹£Ø7îtn.gV0ìlJï	+¶°ÎV0,ÃH@Y³`cm+›1©¢#UV±ÁN¾,ë»qÎñn'ùra’,Z�û°Z[¯&N »Ñömæâ,k˜ª'AÅ°s;Ì…».²±6Ì®<Ç¢Ž¼6‚-|2+Ø�­è™l9šY«Md"³‚aW¶3]¦$¾†¢‹ŽÄåž�.fVpr9³Ñå³ìÙÅÄ*N.g6ºÜ˲V	7±îrÁ}•0<ó‘»,§Xf£è²8�Ý‘G.:ÉÑÙŠÚ
++�¹” 8ÉFÅXë/œ�Ž¢OîEϲf
+ecve‡¢È
+ÆìÄ.Y™�f‹Ul8ߢ…#7+Øâ™Z¢2+Ø55³™lN­l4;³crjgcá(F›1,ÇgV0¬7If£bîŠ^Zn׈:2ž
 
-£ •‹³_8ƒxCv©LX_
Ã2ð©ja
+�îÂF$CÂË
¡M+£PÌžÐbD鬾³†e¶<²†eV�oš
«]ÆÓÂ:Ö©Ó[„±†a¹ÁFÆæ€Ès´Ztø0PHž1NÅúe¬aØùˆF4Ö0f™[˜í4;†�½¡°Ù)<ÍËŒ–
-ù�çÄ`P0f™óg
ÃŽ44MÖ0,Ûð…¬aؘt&k—y»p¯ÃæZw>;†�iÙ7Í
É�Ží7�„äÁg—‘ÅxRõažâƒ&^‡™]ô[ (ža‰êkX™Ð1Ö0þöõúQXÇÊ„^lŒ5Ëw·ËÕŠ*J ø¸‘‘\ÎdÔŸ¸»‘”›±`X¾,Òš…5››¯°†ay« o…5ŒÇœ.âéXÇ°S-+ƆåÆuŸ# üY¦
(£PÇréÌqMKc°†�ÖEc
c–
�u˦8qÖ0,ï°g
+ Ý}Å®c¶rc·›ÃeÉs~&³�" Þ[L@q…kX
�n'ë6®&c
Ãr¡Ì\Ö0l\Á&k–ÉC¸Å®aÂ%‚�±ŽaGº×Š¬cX®+ÊÛivÌ["Z›åÊ1,k¸Û¥Õq’OùØkïÎH¢¹“óæ`@-�r
-¦Ü9X-¬aXî¬Ö°j ©SXǪ�>k–9;uÖ0ìLŸ”LÖ0y¤Öä±óÊ1,Õt»ŽaIœGä8¿©S¿N³ÞÜ[¬Œ/¼Êi¦µâÞäSŠEù¢Ö|žÔý…û$*€8ƒä8`!«>Z£Œ5Ë€ ÖN±c²È+$9îXÇ°¬Ód±°†UŸÁ…fÇ°üJÃí:V}¢9;Í9OÜ[1XN1(ÚÑ°Â�òÖ0,£õBÖ°Ò:U4;†åÓ.wšã2_æ¨^Ç:Î
Q„Â`k	–‹Þ5;†eßá¤YÃj8�àÂæTÅ('Ü<-å“Ó³es½
-kX‰Ôý6(¬aX>KÒ…5Lªr2:Ö1,[g³°†U„¹YXðL1÷Ê1lž´�l$ƒ‰“×µM€Ò5-o«…+P-££×q¡’ã—ßâ¥2@QÙr¡£p*yêÑÂHá|ÇÌÁOŠ\¸2=¿�óvÆ凞UI¹[¸á¸Fƈ9v~íØê4(WÜ�®pÒâ|òÇ/r²+TäñY·ã
-„‹õªÈˆ9¾NécüY§A8âátÇGCè­\�œ+F³~±pæ±�ñåºå"<¶þ¸*#¼%¼–‹x
-W`^á"¼³\Ž§ã¶á.Âkåør«¯8&_†*<-lgŽn^8zSo!ù˜ptyLjð
-$„È…+.¾
®@¸x“.\�„_•;ΠB¿ðÅ \|&-rªzúxÓq¯¯_¼ú–a5H×·ú»„é|–®×ñ7	ýt½ú3²{é;©ëÓªÙö¹þåE?½¤?†<?„ß=êf¹oÒ»CSÓÕÍáÔ¤ÕêTošÇg£^º¾¯Òqwó°<?­ÓW‡Ýn¹_ëÁ—øÐ)ó†'ªt¸M›ý±Yn·ËÖþ€¢{nÚKß>¥æ€¦ýíæîTWéÃrw³LËcZ¦w×ãô¾Þì–õcúú°[nözŽ�¶Ûª–ÑK]ü¾®êê×Óæ¸iªôcµ\oöwOÂà/3zéõrõñ®>œ²ï–jÓëœA85œ]ú]^^ÈŽ‘­+BEðíru¿ÙWéº>›tµZa­!ªý:ýó°Ù둯¶›J?#~™Éž¹;‘C»ÝaOt‡›mµËJ¾©ëC}|ö4)ýðxlª]zØnVª*“ˆÞn¶U<éó¬—~¾_6é€uº¯¶iµÜ§7é®jþþLý¼÷¤éöP§Ÿ7ûõáÓ1->¿zû�d.M,úáíÕ›wÿýê‡w×?þð}¯ùܤ¿vbﮟ*ýSÎy¨ò"ãì¹a®VMn•òôðD
ýAãÑBïi©í㹂]ó¬-ח꿬‡Xðÿ ‡¸
Î9ýõ´Ünn£¿ã UÙ÷UóéPŒ\{ÞøhJå)En¿›Špþ_°OÅF”3µ>PÉcÕ$R´<kzýõWÙ˜‡Naíä]}ý!­ó‰ÛU»›ç§�ÛIã%Žv{LâäÕÕ:=P’å�§ÞøººÙ,ŸN¶�/ÿ±Z·lžö`œŠz:ûý¤SÙª	¨jûñpªÓ«ªY½úXßLz+&ͳ‡uÆtp«¨Èê°{85´Ð2ŸÚçÖ9e×Ç:t«ú7&˧‡gšéX=©}Ú4÷ž«8öÏ•R‚ÃÁxm8?VMÅ?¬
¿»îu3†þ)Ç+<ȪXÕŸøÊ…ÛÙab´gzØçOÝòhz6=ø6¯NL†Ø=ÿÜT�òÖÜcöx¾FÒßøOe(7Ýå=ÁEñî†å6©2º~÷ªà£“®³êN´Æë‡ÎÃó
:æGx
-Í3ˆ49¹º«öëå“°¡ˆûÝr§ãxØžäMº�~Úo>¿ú~³?}NÓm¾ìlê#OB¾.òÜ_§#GAg=÷–ž;BÏj¼ÝÔSy{ÚÇÝ�gø}¾*×ÕÃöð˜8z\1Üù‰ìDORðÄB—šK÷i~ó¯+Û!êraº­P{%ê|«jÇÅr$eçê<Û5H†é»ÚâÖaŸûè¢>Tç§woþ“ÞWõnsÔCéõæ|]¶�Hs�ʪ´¤ï7Ç&”=Ñ…¶oªOJ¡.¿íx'&:ª‘~¬)Œò.òõf¹=Ü…bÏï¤Ýõóê“nÔ"…Ëí„=Þ/ëêIòy¥¥OZ·Bôði_ÕÇûÍÓ©¡OSO­ÓzSW«æÀ.d<7¢jÖ›ÛGE–Í|±,UÒ«—Ñuù<)9ôýU¯Ïch•GånyüȬ¯9:È<DÁðû}áå²iêÍ
c7í–8¯Ð^^–ôSù˜
-îýÕÛ¸aÖtA]'¤KUÍÊùˆ¦=÷Ð:-OD±o6«n´¼úV_L´;kÿïÏy]œÇ^üáêíë+­K¿�læÞê´C²“{©—==þrÖ_h�¾ºÁ8ù’·cýyØ|ÌŸ
-CŒô“o®_üëÅÿ›

ñendstream
-endobj
-1390 0 obj<</Type/Page/Parent 1367 0 R/Contents 1391 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 432 0 R>>endobj
-1391 0 obj<</Filter/FlateDecode/Length 2338      >>stream
-x
}YËrÛÆÝë+fw“…`¼Kù!GUVì˜tœ-BÀ@KÊ×çœÓ •TªRut¦ß==
úÿ�ññ_`²ÐD©©v¾çã/óÿ¾~¼(bÏ7ižâÿ;„©—ÐÖ¬.4'^¡Y…Áf�)Ö*ÎB/§â8¥¨ Q¬ð΄AìÅŠµ¢Iá¥
-’‚DTa°yì%šUl‘À¼’Uf£ŒN͚ょáY³yÆhЪ‚;-©âd¤�(Rc:$éžÕjló€`f–y9b°q6ûG—4›f§4›L¢Ó¬ðÎD°ƒ&˜Yëdy¡”®`&ѬÍRˆ&b–
-œIH–D¬h&äs&­VŸ™$QRȤˆlÉQ’ÀXäÈÜ—ÂAA$‰Ã¦ÞVa°yNÖZEæl ÌQ"ˆŠ%Ð$ajhŽJX@NAh
Rz$'�»±¯M92d± ‰ä¤&DRc°iÛŠU˜Í’Ðê,«1X$_kÖ˜Í3gNVa°E¸°k!w‰H˜
’çpfòÎA2@U‘_Ç*£~¸P¬1Ø Ç`r²ƒ�r:<kÖlÊ­X…Á¢ç²
-ãf í5kÆlÃDì�DÐ\Ú­!£TÜ"Gf±m
-¹± cÝ}c1ëÎË¥X…á0슗â4°
dÈ¢E¢Xa(NØvŠU¬\ÇZÅ1oH($Š¦Ç|7«0ËûîX«8J·Ž/C,Èå)dÒª�‚HJ'Æ~.IĤ�Œä„ \,GjµA0¢g¶É‰ª¦Æ"Gæ¡MCâC2äÈ”c�FÙ,‘ ’ƒÅ‹4«0r„)ų¬Æ`q›µf�ÁâY
´¬ÂîÙ‚•ìGÉñÁç›g‘uÙa¸ŒŽX°
-Óe¾tNVc°6�b‡š5‹<jÍ3 >°N³”=Ší*!u¶€z„Ã~Á<ÉI	Ga°Q�Vs¬ÍDxX3¬¿‚(jILvéþ0¦¤ ’Ö!ß>�𜀃CG“Äî5“3¿â�cFBÎ<'«1Ø<‚kŠU,Ü_È*Œ–@ç£Ùf»sæ-íjáêˆ$Oaa×�ã2†q¢9‰a¦Ÿ|‹‰7M^BÔÌǨ&"(ŒD¡£CÍ*Œ`Ž–µ.¡Ã¤t> ‰b…¡‡bÇ*l§Š¥¡#‹E´Ð¬Â`£·ÃiÖ¬,�ŠU,rŒ4Î^iŒ
-ÈžæX.vY™AJ`œHÂU˜
Ç–U¬Â0볓«1âÀv¬5‹þ–A
ƒˆV�ͲÃÌ2$Å*ëÆBVafJê7k¶fƒÃrq&„‚¬Y‡iVzʱ
-C1Ê…bά(ŠãbÆam‘(–{<³)_Å*Ì4fVc°òH8Y�Á‹\i¶NI; ©¿xb[[…ÁZ'«0“œ¡PJVaæ‚Ë—c5¦Ë̶b‹G
©šíUácÐîÔœ%1�28ƒÄ®HwÈ)‘ph•“Ç1X,.ˆÆ±
-ā
4«°�U›e¬GÌXùä9̓E3jͶ<ña©“�/$ñðj7ö+–WÀ"‰G¾fy9žVaăýo!«0|Â�ÅemŠ±/ËW,Ë ‡¯¾#dŠ¥è3©1�J
fÖªõíÒ&ûO @ÔÊu8püàÅå˜I�¡6ãXv¬dP¾7À%	8
Ô*Tfw½@.º€™J¹$0~‚ ¥ ƒà÷Õ̉F
yäg
"æ Äðòã	gkؤ¡¥n¬Ëzää3dæÄš,nÔh0T™bo×o®Ñt�YßóÇ™4ÏÌz#?Ìøf]ý„–<³*ww¥)Û�ùruûóúÏß\ÊÇîzágÞ7ã44wû©Þ˜«ýôX·SS•SÓµçÇ#�jÌ»®½oöƒœ2MkÆÝ�Wá�”¸Ä¯DÎ$~éÆ©iLin›jèÆî~Z½n¶µY½ŒS½3ÓPצk­ÛÔv¢Ý´ðw_ÑÁñÜ^‡!Ààjß÷Ý0�©‰™˜›vº�Õ#jtb°žxË(ydy‘­ks³ëio4ë®ÛŽµX[„Kï›ò¡íÆæ‡Ô¨®öC3½˜mý£ÞÊ™EØÉkþj¸Pž¹í†ÚTÝ®ßÖSm6õX
MÏ,™îÞŒç&–uJ=ó­mî4Á§î
©5wõôT×­ùÞ´›îi4¿®¥�¾ýzó‡Ù�Ì/˜;�gùÅÒ♫;”©¬Îò‘Ò×Óäë`p<óý±œŽúQÐîGƒ€ÎÊ„Åšíõ4ŸüÞ
½vIfÛ”Û­mYÞ‡EŸ–?|xæS³k&�K'3i�j‹TØ›²Ì'è/å8nîÌíËê·O¦ßî¹Q‹ÒbÃñÌÛ}³Ý ¡§N`ÿr]ø*�L}“RôÛMX?O¦‡Õ§nØŒ¦LÝVÃKÏ›}üóY±gxæc=É�i»ö²ê¶û]k6åTšû¡Ã�D—OåݶÙ…ûùå·ÿcþ_1æŒñÛX>¼¢½ÀÕ˜:Ü.\eŽ±ÿ�8YonËê±iksUUݾ�0€î»a7£²5ŸÞ_}Á¥ê
-ò/ô{á6žv8¾ún³º²ÑÿÝŸø%~ÙÑÂÛBS«zøQg]‚ߪp´z¬wv­mÿ��Mo¦N2ûõúb?3p¦y>„tÚ	X‡�pëOÍô(œUk)® ÍÏ(÷öãÐíûÑìʹÞaÈŸÛ@ÏΣˆ7ddÒÿÕ#Ô^bûºjÊ-¬L‡wd4¨ÇBúüNâ³Ç3žKŽ+è¹¹60�›ÚÊ–ésO±pãþî†U­Ë‹ÍÒüòùûú3P�ã!Yc·*NÈMm~4¥y÷ûŠŠO$_yTw@5¯äï«£jQ²äuƒ\ßÅ¡LÒŽ¬÷=ÛXÜ:	ÔÁþ¤‘[¸ÙŒãÞN¼…ƒò¦#ò¾šñøjåIÿÜo»ÊÂ%ÇÎSO¦“§á¬.p-ûµ.QýæïÓËÁeMùlž1ÏãàÌ„úèzs�•R¶ü*æçüw�ÊO««Û·Wêâzš÷]µgåúRåe€_Ïyü2óž×/IŒŸìó<Æ?H�ˆyüÃúâ·‹‚°ÿendstream
-endobj
-1392 0 obj<</Type/Page/Parent 1367 0 R/Contents 1393 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 468 0 R>>endobj
-1393 0 obj<</Filter/FlateDecode/Length 1344      >>stream
-x
mWËrÛF¼ó+ææä@ÏpJQRd«ÊŠ‘ŽrÁ•›´¤¿OÏ,ˆ]>JUR5z{v¦wö¡ÿ&
ùø	(
)RTn'¾çãËøëéó$�=ŸT¦ð{KAzñ€64Ÿ¸ly‘ÃizKƒÈËI	©ƒÁF)Y#MrO‰4gR�‘Zirà‘Ís/!+H@†1“‚L³4öR‡5Ò(òB‘*&©Å,UÈͲFÂ:;« gÖ+Uª‘5R_›¢Œ$RcÖÌGn–i’GƦ�ÿdfµÒ$=b�ñŒM2T�#=°‰Âº&#k¤*lʽ€AFj1fUìˆe�4ážH\A"u0'ìÑIJÏóÇ-)vßVÆ9
¹B}6É &¥—’ *UF�%ýÀÔ¤è�D�IÈbÄ�4„e%nœeÎÎ0hŒ§ñ°¨l³A7²˜Í0»Ã:xK!:8qX)5V�”šñv4€ã:�màt-éb°0ëˆu0§Äýàh6Kà¡e�qfŽyûÄ‚¤V³”×ƲF%ƒý	ç$H¤�Å�Æ	ºÐ²FŠIZ	çRd¶˜Ë	9°e‡}îËšÀ~6,�ä>°ŠO¨xdEå‰éCÉÉ +Y,aFë`dœ§¨ËaÌ=ÁKkY3›ã±¬tL$½±¥\¡›àœˆI�Œ’·i„å8L$_A–ÄÉ`ìçC>dJµø`¿e�K8¶å^yCF‚Dê`–ò­aY#E�²Ñ£�ót˜õ€!U¼9,k¤8bäÀ‹ø–ˆ©Å<+Ÿ2ë`fù„sY‹ÁÂR¬��ì`¬
®x:²&)¸q"ÞÕ‘ NJ.̇;Ÿ32H2v0f…kG¬ƒ9c>a­ƒÁâKVr
-Óá>’e7ˆ§5¤âã�ã²Å¡ KÂ,±8à[:dIì	é&À˜S�Tã`Ä�y”Ã:li¯“«;…Û„/ü’QYJ‹•¼b|Z”¿aÛ§Í×E«iÛ¬t÷ûâÇħ) !2Ÿyôµy¥�þ¥7çlîÑsµÒ´©j#ž«ߣ']¬¨-ÞÎÕAy[õú@ŸªÃA½kõª*ûª©/‰<zÐÛ¦ý m±ÛUõë…11ªÜ4ot³©tÝ_(ç©�b«úÒå
jê÷õåYàåÃêíö3Çž�fÞÿãÑl·Óõªz7fáa9²x¡ÐcÓöŲÚTý×pBì/�ßÿeæÈ'¬r¿ùFßëêý´v<;=ºýë^dîÚD<yÒ«/EO_«zÿ°]¶E½ê§÷÷2ÉÑüì`±]„ÔôkÝÒÍýÝœJëèÉxäûP”UÝ7Ýú0ì�ÓübNþÛ<¼=§‘þsU¯š·Ž^š–ž›öçkÛìw²DG>àcÇ~Ê“«Oyvë|ˆúxÑÏuû«*5=åO
-ÏëÆø'½ÃÂ`Éézÿ*óUŠߣûºo›Õ~ìÑ£Ìp‡{ôY׺-6TÕ/ÍiZ¸¾±Jz¹6ÚYÿ%\æÐm�ºm›öÂä:ëû¢\s®}Cµûš{•vmSêî‚]ýXôåzؽG…�»­Š×ºé8ÄG³o©“èà™n¹ˆ“ñŒp{N±³®Ûow¼—ÏÒÁ›×£…îÎ7(®&ô__m6´.~Iyh‚åFwÒQWwÙpÈá�ágx¥|Má›Ï®gôØ6?tÙÓmSî·8ŠÃQ2
ð:gÁ4õs?[v}[”=ãE–e1þ
‘ð—?“¿'ÿ½Ú,fendstream
-endobj
-1394 0 obj<</Type/Page/Parent 1367 0 R/Contents 1395 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1395 0 obj<</Filter/FlateDecode/Length 113       >>stream
+ù|ö#0NàydÎWA/糟9�xCv©Œ[ðHÃ’°±²‚aIØJYÁ§7SÖ,˜ªÎ즙ízìM*6“Ý#ŠéÍØœ²1V0,çÑ@V°95%\‘l­V°ˆ3«–ˆ•²‚a9ugÂÆ€Vf³¼~ᔣPÆ°œ)8•YÁ°«M,¬`Ì’_Ì&YÅ°~·ÉltÊ�*Oì@�9Š¥ÏØ\¶ãNXÁ°3[¸Â
+†åR7�Ë؇; Ý®`\æTR¯ÃÆZ'YÅ°K{AÍ9¾l´¸3-¸Y0«qi²2—éc7ãfc篘 @´c)“Šaùn@§º�T°åÁs˜YÁ–o‘Ä*†å�DíÆÂú'ó*éÈÌF’Í_ÑíB1sä>ñ¯#º°±V0ìÒ'/Ë
+†åvH+fV0³™IqbÃrP0™Ë:ë}Ì
�Ï/ðA:’€z–û;NeV°ä#�YÁ°„ddV0NñŒâ&V1,wGʬ`XZžñɬ`®¿]ízýL$ž¶’#ŠáfŒË´õRYÁ�$"+§‚‰°Š-\«_–UË¢™++–õ4`Ç7……ÈÚ›B�aI³ú¬–«ÝLeó^ËÅHs¥–“¡·c™ä;{�*®^ë3J-g;Þϧ±ÝÎ"òF”›ŠüYgÃ2Xͬ`2ÅÔS¿Ä*†-ìã¡°‚a9~©_–Ën,”l5°c$Ë*†å+…ÚUˎЈ“å±íó¬Y±ÕÀ®™�­NóôŸPìÈIÑÄÕÑ®`¬ÚÑ�qɱŸÎ¤bXkUËÙB¯fV0Yäå—«–~ë=4§[}&ÍŠa™Eµ«˜û�0Ûå%Œ‚°ç}%p+ì#o8Á®·EfÃråÈ
+¶€ì2•5+†åc.'ÍŠq™ÏI´cbÇ€(Bf	°·Ë1¯šÃ2£}ô¯bZŠõÑk26¦Êï:„Ëw>;òT	†�õˬ`K¤}SYÁ°|H¥3²¬`R“‘XÅ°\ºÙ'™lEð½œYÁ°|†P¯Ã2P¤*Éz2â¯`pÙû$¢Ü7‰eÜô‡}†pV0²´ëTب˜í?XCN‰âž�Š2+Øòhí*²‚‰‡M‹Ù$«8æb.ltŠ_?ù;§*¿ärãɳ|rÂåÌ
+†åç3ecÖ¿;dYÅæ”Ý"2�B½�®L5ãñVj¯Ž$½g¹7c6³‚qÊ_„ŒY>|"«�d9iVKר]ÅŒw^J²Ša9
¨Abc¸\¨ýÛ]ÏQ¬�‡Û³1¼Ì
+Náf6†{–=‡—XÅ)ÜÌÆð{Y>i¬9¶ÍGój*ØÂ�[@‰UË;}“Xz8;aêÉ£#W0
ùÏ…ë…ë/ñÂ
+&\—“]Å–Œ¡WŠa¹äÒ7YV°U×î—™�ÕåòßríåÁÞ¥Š¸1üWk[@viV0lœ¨$û´›¨]ñ'ŽbÛd£Åãĺ¨ÿ®IÿœáÀ3„c‹ÌCæ2„óc0sb�Ó�å¼â\?¬¿ù%×Ìn&±�2â%Ò=1YpF1QÍ
;á3—a{ž¹XcŽfY	—!S%®„ãË[!rÚ|qWè¿“~›fÀ²ìá–a=Á›ŸÅíßÆdDlt_ê{Êõù;”Ÿ¬LÊ)žö…É…Ñ.¹ç}ùææâõ÷,ÌI¸¹³?_X¬–áfëº07›?³Gám[•]}¸ïËÍC}¨ÂM{:vár³iN‡îÊÃ6ü«©öÈÛ]]ÙϺ&tUx×ìËú𗛟/^�Ã+ßõh�£µÙï›CøÔ6·»jµ|׶M{´ÇO/FáúéØUûð©ÙÕ›ºŠO#zW流Ï/Gᧇ²
.´á¡Ú=†MyWá¾êþþBûjtv—]ÛìÂ]Ó†Ÿêöùzëo¯ß÷2€5Bß_^}øßÛ�n>üaÔ}ëÂ_“؇›çJÿ®Ëýméªø+‘”‚ûgóÕv¹éBIháM¹ùrz|¦`G(õ
öÓ©­vOQ[ïò®ÚJ®‡ê'#’\µÕ/§úXwUø\•[Jõ,‹Ñtä†ï[ªº}1+ïœÔ_N宾óü†‡TÔê~¨º¯Mûåy²ù„Bá)…§"ÜV¿,áIùéÝ[W¤-Ä!ó¶m¨ë±ê	+Ïzßôšš"Zõ_¾»[oΰ¯ö·Uk
'oW‡cWîvÖØ•ç°%Õ�¨¼§
­SÞU·uù¢ÇyËúƒòŸ«í?ËîY9X„>"�4xôûŤòºêû©9µáuÕm^ioç£Ms¸{ñ°
œ�qå�lšýã©£¡Ê8Ãö¸f—
7
+7Cîº�Uû+“åÓãÍäÕž´}­»‡pÜßn|	¼Tʤ}hº8°¯4ÙR›7Eˆ8ýòûEâ6J«'6KÜ8Ñ•¨“¿Exæ4Wïd�ÝÕ�útÌ_mEùç;…ûœµÿS¨Ymüç¶ê,ÝV�ÕæÔÖÝSøÿ´LÅne�¦!¿ºº…��]ÝÊ]°
+Õ÷§–­Úxãh.Ø,W‡®º7Övîuòï<TG	Î
+“�Ëûê°õE#[”s„ì—{›ÿc³;™é¸OÙ'áÇCýíõõáô-0¸;Ÿÿ�4ñ»t›¥¤Ó‘i°²³™^zzÞ2ÚY\ŽâÜÞ¶lWðîtؘ3q§?ÄU¸­wÍS`ú8ü€á'•Á$z2Ïjë5ö3^³Gê^*XãXîksž:ŸðcUí9gŽäë\˜X¶A‚˜Î�ͧÆ<´8¯�áÇWÿ
Ÿªv_í¡ð¦>Ÿž}²ì8Uͪü(ú¡>v®L«Œ.ÊüŸºúj	´ãwCÞp�É„UÈ~lÛå)ðm]îšûç]Ž^šä|ýŠú`çk–Âå~Åʶz–fÄé’Þ-m¾ªöøPûÚÐ>àYaøl¶u[mº¦}
+ÂK+VÍf[ß=YhÑΖ¥L6^méMGɲC«Ñ^íö¼ˆ6qYîËã¶}ËÜ «*U'
+ÖßÑç^–]×Ö·,Þ°/qþe—PWJïÛÁ‚ûtùÞ;pKDÑm@AØpÉj9™žÐtà$Ú†òD‡®ÞüæRᛚÏ;–~Aïó´ò–Ï�Fì\¾Ð¨‘óBϽ÷zwÝ®m€t
GÀ›+ex_oÚæØÜu£ßûy/{][U�žK#=˜
>sĶ=Åýñ2™æaËÌZ&¯O��MëÇì@Í,ªaضQ�«ÑH¹´æ¢¤ì¾þž÷T¿6ó22^Ù°úÝöúòý›K»ÕþL'sšlN{Ê’Ä^ÙïöìñWËñÚî—·T–f4³µZü-1ÄÌ~òÝÍÅ¿/þSιendstream
+endobj
+1395 0 obj<</Type/Page/Parent 1372 0 R/Contents 1396 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 444 0 R>>endobj
+1396 0 obj<</Filter/FlateDecode/Length 2210      >>stream
+x
}YËvÛHÝû+°ëî…¾KÇ™$>�Ø™H‰³¥$ÚaGÕ$e{æëç« É=§Ï±ûúP·PRþ¾ˆ(Ä1%9-7aâ/îÇ×U„”—9~n(Š’ > 5Í.,›%AbYƒÁ–e�VqP²ã4bR;N+ü9Ϫ YfAvÌÃ8Ä])ŠfE»?¼¡8Œ�[6*ƒÂØZ6)9.γÅ`óüh_‹ÁVɱ­ÁJ’cV㔲C(‘tâ)	‹˜É,â¨	ò$"©“ß¹üœ…LlΫk0‡QPVw
sM]Tp‰cƒYSÁùñ¬Á`µ&+Ž3„ƒÓ¥ìX‘86,B\XÖ`N‡ÂÛªã2Ô "|e‚\œ²¼Ð *)ˆI©Ä,ã°on°§€ƒá!‘Òb>Ludj1Ø2
+"c«rÓPÇ�+Hâ`0L³º
k0XÄÒÚªã˜sR	2Ž'¶Èp›3ÏÌŠsø0¬Á?îÎãluÛ(u5SAºmÊ®&¶ŒjϪ)
+P*\2Š'¶àüfž5˜‹8gMŽÇ)
+PoG�Ã*Ç�>aÝ)²¬ÁÌVn­Ø¶(�xãÙ`Åû{VE©&^E2¢&VExÖ`Í{V:¸b°•ϳ³(n¸ÞÖb°_<Ϫä<Ò’RÉ‚Œä‰U‰ž5ØIö¬JžlU¢g
v’{�|°�Ñ‘?Ǫä”ï+¶MbÔV*H$6Oø´ž5,î¢ìYƒù@|k0KN¹lœ­Å`“âȳJN²Ã5àBO©d�Y2÷>ÃÌ’¥â¼­ÁØÞÚZ½…ál«ŠaÌŽcž[Š4õƒE[‚cY+¬Á`‘Ìܲó¶’g«ÛâæÈË!‚4Ã1HŸc¥›'U&ÅŠ_	)`Kaˆ)Òb>
�ccÊã!Aç’‚’1¬H�Êùpl¹µÂÌiçÙçm%íI^ÒÎéW¤Gõšp›ê)„Jr"ŽC"HL
æãd(TÃ¶âHÖ`N7Ïj„S}ÖID
¼«�p	ØÔ‘ƒÅ°ÇY=k0XtvdzƒEã¨,k0‡Mo«qŠõ©©O¨D+V2:<¾ð#Hƒè1+®8±ž5,TG¶«&„ØÙjC}Öám½$ˆÂ-.¢ïH‹ySn1ž·q¥BI†—›‰Óç¸'-†[™«ž• ñX�ûˆÚIeH”ä"£kÊ‹#æbQ$4Xc”Vý¢QÈ­Šø)SƒaŠ‡
L«¦è¡òj�¼qG�ERd°š†Òo•UÓX|ü
§¢X�îê1›¬É±jžm*P�<±h[1Ú-¯eVLµ
ÂoÌ9V$¦ƒ•©éY5-�+yyE‚tWžAŠašÅù]Ñ�4L²T�1�XiØ‘c¥	GÙô|ªØ¯ ì1v•ž•2ŒR}äTüpP Š<ä8$ìVVª[�ÕmaX�þú¶-ØT�˜"UÖ8`WǪ)B§Y*ȘN¬|¨�<k0kŠPàžUÇxOéëU2Ž'ƒ8¡È°\élÅg›\ÿŸí$~X-×-ä翦d¿\Ç[óƒW€£�½LòÑŠ�‘�l‡ò§š‰�R¬œþ«ç›È€Iøš
+�r´Khôœ‡è|¸<Üà„íÞÎ/Þ¼Gf"š?ð·yYÐ|%ßH„4_þŽë˜4ÿÙÐÍf×·Ûq y×­‡fücþ×EH—òÅ|ÅÓ€Þµõã¶Ú�ÙK|Åáy°ß¶íCÛ¬èS÷ØmZ4ãsÓlé¾Ý®ºç�nçToWôíöæí‡vûÈÌ$;;ñtµƾ^ž	Iƒ8 ›íØw«ýrl»í©Rôè€îÖã䟾ôÝS»jTµ=îx@»g·ò¾ëɲãUï8Œõz]óŽrŽënûÐ>î{ù˹†< Oí¦…~mç" ¸X®
+=Ãq<yK¤¤{B@=âÇ
k·4Ô›E}1Œþ€îžšþ©mž©{p&§Âpsz;ùö»]×�G~íÉñ 8z‹u³¡¾ºõþµˆcB§õ²ï†�†ýbÛŒgÁÄÀ
+hÖŒ#Ÿg¿£šîong4@zÓŸ«EÍb'�€áÝ×??|½ûöåÜÁýG³wwŸ¯nnÙæòø¬e@ï»~ÉÂ$Ê4v(bq;6õ0¾&¯
+èsýËX`íªÛÔÐ÷O&QtÛ�
Õ‹n?r¢êÕî©^­âá•2Ev‘ÞÏûõØîÖ
²-õò°òèêp¼Æzù«FÊèûûmpMÖºòd!\Úk$E½üE�ëÍCÉ®P”ÆñQñ†ìÎT?ÕíZô4h,Ï?›¾‘àÉA®–8Ñ@3.pº}¿lhÙ­zjkºþ>c£›“#œÖ
(¸dßg“käStý㹤ÿCß¡$7õnÇ)ýxw?¿;õ‰Œ«ÂrÐõ›z™í0ì_‰1†6_òÍ®îÛ
-ñÜôͺå¯f¤nÇ7ë•%ˆæצ^ÑÐþWâfkO8.ÀzA§9÷Ž›†^Lëæ©YËy�mQ+⹯ŸÏm‘�û¾E™¾Ê"V³5úæõºm04ÎÍ9L¼û·¯�Šo�Ó¸ß"ڢϦߤÒuß "št¢‡ö•bÆRzš3¿U/§‡ÅDzZ€A”ž(ƇI‡aø懴•KM7än¾£Jw»f»j_ÎÓ�G%}A7­íºÿÃ;�ß™`Ø|ùöãLÞ‹×õOPÑnò¯PöCóT2¾áç®>bÒ}j·û€Í¢ÇŒ/onxõ›÷åaôã³xXò¿%Äÿ¿Ï®>¿½â¾þW³é]·Üo�E7È.#|[ËË/‹°âõv§øš·,Sü3	ã¿æÿ¾ø”o£ùendstream
+endobj
+1397 0 obj<</Type/Page/Parent 1372 0 R/Contents 1398 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 463 0 R>>endobj
+1398 0 obj<</Filter/FlateDecode/Length 850       >>stream
+x
mVMoÛF½ëWÌ-íÁk~ì.ÉS!Çu�CÐ4�3M­%&é.)ý÷}3ki—±aÀÆÓ›7o†”ÿYå”á'§ª ÒRwZe*Ã'×_ß>­t£j²µU�¨.”~GÚ¬x¢<ËU•�)[TK6Á`M©lªM0ØÚ¨<a�flU 1�ºTÅ+âžRÌÒlÁ©iP
dn¸'A"M0'6ªLØ Õ€,+nI�HÖœ8²	>Q‘‰¥W6$.yŒkbAIâk¹s{eƒ´À¢TP"½°6çEF6Á(ÛTìidŒŽYí•M1³�jm¸˜ÌÊz«Y
ÜSQi±ºHò^MçÀr¿
‰RH¬3ØÏË7‚¨³”í�¬¸dl.,6�HÌÒ³D6H
×YHa]ª^0XËGdƒTgbC^6ðÁ
+Òˆ¹*G%l‚™m¸ã¨M0XXŠa#›`ì§O¯lh
+ÏžX\æøkqS²8“ë`qVrO‚¤ã£*\CÕÈ_¢¹ãš�Šl‚ÁÖ5{qeCOx{Èý‡µâ²Bj(d
X¬¦€"Yé`qÞ0)(’¸òð¨kÔÔ‚dT¿`t¤ù66Á`›üËÚ»íêöÁâíAÛ'~mÚº¢íNÞšm»ßŠBѦ==¶Ô;çƒóôñóƺcï†yú}ûcÙMÎOüvÇñ¹¢/m×ó8.ap\¶Câ¿6}”<oéRÑ÷~Ø�ÿNô4zú>úŸ{?žŸ¥âÍ2•Ž±sû¡©ßæ31¦Èð½°qþ¥ï}m»ŸTpüÍbÔÿæžG?÷ÞîÎû·“–<éçaöãîÜÍý8H’´3x¢è“œo�ÔOã¯m•
+eîÝãyOG÷âŽRd™
³¡†óR8ïGÿNf[ÏsÛ¸×y¤–üy<û±sÓ;«0ùÜœpËÑQò¾o÷Ã8qŠÿƳ§IN`‚gÎó«ô{F¤Shöa=MçÓ3ûô¦Í6lÝÎi©D3›¹?éоÈx8‚Ç£›ä¢nê×ÓmŒÊê’
+ù"ÂnÖ_îÖôÕ�?\7ÓýØ�O8×öº¦oPÜTYÃw»~œfßv3§ñ*®k�&@þäÏíêïÕÿø“çendstream
+endobj
+1399 0 obj<</Type/Page/Parent 1372 0 R/Contents 1400 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1400 0 obj<</Filter/FlateDecode/Length 113       >>stream
 x
+ä2T0BCs#c3…ä\.§.}7K#…�4 Œ™¹…BHŠ‚�ž�
P$YÃSOÁ=5/µ(1G!3¯¸$1''±$3?O3$¨ÍBÁТM¢Ÿr= !)f \C¸¹˜T&lendstream
 endobj
-1396 0 obj<</Type/Page/Parent 1367 0 R/Contents 1397 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 513 0 R>>endobj
-1397 0 obj<</Filter/FlateDecode/Length 2872      >>stream
-x
}YËnÛHÝû+.z3i aDR¢¤Ùœ8é1:~t¤ ³è
-Ñ6'"©!)»ý÷sÎ-²êÊ
-
ÞgÝG‘ùßY,ü‰ežHšÉ¦:›DüÆÿõõ·³E”Èl™E©$�£Åv²:3°’iņ3°’ùâN	å¬d™zä¬$Ž§Qj-;‹£¥agI4“Ù"��09'§@M“êŽç¤ÉY47‚ƒ�Né­u&³e”Á$\G‘Œ‚“%#ñ¤ÅT»Œ¦†ujg~‰H4é
-4’+Yd4é9¡4MhÒ“ƒ…
ÄéYg§–ÀäbÆ(Ф�Œ$¦¯ž´l¢gXƒÁ.¦<¢À\I2™2Ï:—RT#³�"Ç3š…‘øŒZ=g ÊX³ž´,ŒYµƒÍfÌ`�5˜îÎé®g�»1ÍÁ¥	³«@k!@¨�d¬MOZÇvÄV`4Èv®UæYd±O#ÏØ…Šè“ÅT¼`k°;8åYU<E�,Pú4‡T±Á`ËcÖ`°K6¦‘5fcZ¬ÅdH²e‹ÒN§f2ÅX`�Ï'h5—&dÍ=©á6ž3Õ£¬Á`§Ì¢a
f°<<ÃÌϘ
-¯Ùb°ÉâÈ+‹¬&Ù˺`3ι1X!Ø�c¿ÂaOZÌp8k0XÅéYƒÁ.bXƒì­XçðŒ™V¸ÁAOZL‡g4XƒépJ£�5˜Ol`
†Ãq‚.
-¬Å`§Zl^Öb°Ø8ÙÀÌ¥ÊñX‹Ábã Þ¼¬Å`³9«"°ƒ]²ã‹–Lç:0zGÀ$¨›«’Ãb!Ò„�Š{Òb—b$1°Hñˆ™bTÃN²Ét˜#YE4£ƒGÌŠ‰=RÖÉÆ14@3î"xV‘²ƒÅ~Å
VeÓ%óA–CÁ!•5lÆè
k0½š"›�µ,¼8Òìì"×,óxc~¥ŠœÝ€i—KØ°ƒÅ™Àn�5Øyµ4,½1ؘgd-;åÊ°ƒE�ÙuᎢ+fÊy�*
-g”¢îtO ”¯"oÀŒˆƒ5°¼w¦h_ž®‘4P—?BÓÉa3�:1eF-Ο€Á¦‹Õ”bݲ(à
"Q jtjˆ'ifÄ`¡ÇŠ:µØUz/P=
-‚Ú�‹Ó”™÷¤ÅP«£Ì°ƒ�g</ëŒb£ø‹iª@�òžê Õr÷R,&ž˜&Á
ïíÈÅXHK	¤ÅP‹¹ŸV/	®'Ú¬ÉÍêõÆÓ#–§a
¦bê0¬Á,ü	ͪj¶˜¥Í×	ÃšbË»Õʺ<eî½cm
yZ59d‘Î@ƒ+¤´lÊ¥D-f"¸6ëÂß,3ç�‚àÐÀ9<g ”"#PêI‹ÁÎ4ÎÀL‡¸QŒ¬ÁÈnŸÆËâÒÝUÜ8çŸçôîzrpw�Ü
¬swd�{�5îâ}
ÇæYç.VŸ¶o󉺫w}áR•H‹Á¢Å¶µ˜á°‰
k0ØŒgkXƒÁb×[ÍÎa�ôȯ¶ªÍo€tÍçI‹Á¢¡6°ƒ�óÓ°3‡¼~V¯ìHÎWÜ¡W�º ÔêËr -‹k
úÔ‹ZL£šϪÑ/Æ:}¹ðЃjQú‰!¹)b}ëÄ·
®&(§¹�3÷ö3ç�ß
r¢÷y£œ�°‡;ÒÜ�jOo¸¸qÖ¸k	uX	®
ÓÉ{\´�3�ññòH‹ÉrøY6`°~Òµ˜­ÍLÖb°sÞùk0"ÅqYÍ.µ©{q‰ñ¾	RQÈ;ê•g‰RƒQš÷Q\)sä9uãL<‡y2Bf�¯�´ì’·ÃŒ8!‹zÅ.xn`笂àìÀ9ï<gàè¬çœ³ƒÜàœ'-æ‘qq¡dº“,f—ðSK`-ß‘?/«¡à+gŸF¢?û@F÷L@ðïN1¿ºMÕU‡þçU ãÍI¦º€:§�g¢:^<e 8¬™Ìp
‚›ñ[C�Ò53\€àô5=ȈTá˜9Yl/g 8¼E˜dOpÍx9ÁáUÏ$LS‰¬éD�ÀšþÌTâåu@L
-…<e 8cžãš¹×|ºÀÇ/þL}
áÐ8
<ÐÐxžÑ´Å	ÍSÂÄjè’�oX£<‹
"‰	wžç4x§Ò7ÔÞ,	è½R¸°êöÖ$&ƒ–º^P~ÑS@*~¸­3ŠHùzåå>¬ÏÞžÈú_׳ùBÖ[ý¨ŽßlÞ\Ö}Ûl›¾lê_×ÿų˜c±{ö”$xúÍú±ìdŸ·½lšºÏ˺“‡¢.Ú|'e}ßHSËcó,}Øõùn']^Ýå’×Û‘€à}ùphéÕÕIs?<÷Ò乄XÕt=½˜È;]ò°½+»©‹bÉí—Oç«OÒùzÊ.r.c<x—Y­t9¿Û´ðuß¹'11Ç'Gq$ÿvÎ_ÎÓíuÑõ²:¿úpNAüw„w’"ùê<(¤ÊkDóP¨~ã6J$ån[Öó‡²ÎÛÒ=øîèÉ4’5’¼•Õ¾iû¼î¥ë‹ý«TàSw$|ï²ØUw<ÍkΔûrWhNŽôÏ Ÿá Íí  O"çýãqßH�'qÔÕq¾ŽÎ"Yõ(‡148²ÕîñÃi¾pC2÷mS¡NŠ~Ñù“ñšÉù®/ÚA=ÿD*[e/y'¹ló¢råúîød戴}‘]Ùßó¶€ÐS^î\MÔ.]Ñ>í‰ù…S
×ê]�Ãc–ôuù—lv%ÊéDly"¦qærq³z+ßï¿?àï²^þ¥ÿ\¯õŸäÇ[¹Y½OÞJÑo¢(2Ê�Žù!ßó^.ïQ*pª“‹¦þG/ß›öÇ¿N3Žç‘ò‹2¨›Ž1ܶ
ú¡:­RN&ΦÙry¡ü‰iÔçÇÇÆ)b÷BYßlš�|)žŠÝI* uzÛ–µ¦Oóðíúò?œ¹|ÔüÉíGÊ�˜B©~i6?àòÏÔ¢î®òýž
}ÃñÕy5´þÇÐ÷'¹¬ömóTlå®mž5þ²v£æuªpˆäuðTÏ£Ä+óØ«hçQ[wسMQÅA«é8¼†0~Í8fU×ìãxµ
ãŽht曶é:éwh
=[Ú|žrPm”³}Øû,ϨÑr8ê\jqÄE¯ÇqØã¾_^¯ä§
€ïÊGÏú˜+än¾þþÛ×›o·¯W´¿»¸¹:¿¼>I)ZísÓnxœn_ @îÜh«rÌ¿×͉ïÖ,VÇ(€jÜ66ñO%Ø9×
f~×z¦*ßnð¨äÛ-Ž¦;ܨ$úê°ëË=6Š¸hïóÍPhöLpÈ7ûªõä´ðIkèWÌiÜC§ç‚ãÿãPn~`¦óèWzô¡ÊÞ¿g�?´
ÎÆáܯkY+ä¢ì6‡®¶¹)J¼OFì9›ø—¯˜¡ÈËy]7‡zSüÂ¥Œ†:M;>SýTR½)dõRoþNQfYu¯Šx0§¹¾YË
ÎU�Þ°T›º�?ßÄþ*èe7n°à®Vœ¢[t5|ƒIxºOñ©GŽH°¤ÇÖ“›vëÊé¨18mòú
-Ö¸ò¯×r›wšh+ŸêMû²×�ŠÚZñ6ó:Ýø¿LšW×'“p|aÒI4ìsa'çZ…«bshËþ…*ß^wu
S½¿¼V<Åz±˜â‡ËÍœ‚ŸÖgœýAk†endstream
-endobj
-1398 0 obj<</Type/Page/Parent 1367 0 R/Contents 1399 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 517 0 R>>endobj
-1399 0 obj<</Filter/FlateDecode/Length 343       >>stream
-x
]’ÁRƒ0†ïyŠ=ê�4	±ÕÖñеy
$A혤ÕñíÝЖf†Ÿïßü»	_„ËC% —Ð:Â(Ã/óãå�Ô’*�JRxÉfõ	;’j¤RP~öN4ÑHq�<¥‰v òŠÖ	=ÅVãæØI%±zŠ¹ÒDÇ… gšj¤ŠÓ"¡¥ %Ȳ¦c+‡�DLM$¶$
-ô\aª‘b\JqGA5.W¨
-ßÞ½…Ž¬4Yl$pº‹§ UÚL'À@·7%Å-¥°4ß�›7;@è`·]ÁÚ·ýïaüþVï	ƒŒç8¦6S…ø_áƒÏì©Â84Ãðz3ÄÒ>)Î)èwƒ{�\î‚s�7Ѻبs§<甩§ÁÝÃÐÝr»ZÂSö¶á>´Gg±ßK{—85ú³ŠÕÑÿèÇ>˜c{1
-ÿ+U࿈PŬµ&Ïäª�×endstream
-endobj
-1400 0 obj<</Type/Page/Parent 1367 0 R/Contents 1401 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 520 0 R>>endobj
-1401 0 obj<</Filter/FlateDecode/Length 1086      >>stream
+1401 0 obj<</Type/Page/Parent 1372 0 R/Contents 1402 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 508 0 R>>endobj
+1402 0 obj<</Filter/FlateDecode/Length 2740      >>stream
+x
…YÛrÛÈ}×WLíK¼UŒ	’yIéboTeË^S[Îþ@$$!&mëïsN0Ý�M¹ÊòÑA_§§»
ÿç,q1þ$n‘º,w›ú,Žbü&üõù·³e”ºù*�bW»,‰–#عõ™�µ›eQb8k·˜AÜ+¡œ�µ[eÁ9k—$³(3‚ƒ�'ÑÊ°ó4š»ù2…�0¹ '@L*„Iq'pÒä<ZA‹ÁÎfô6ˆz“ù*Êa®#ÆH&ÁxÅHi1Õ®¢™a½ÚyŽ_"Iº‰Daí–9MÎ@(ÍRš¤Å`aq֛ĩ¥0¹œ3J
4i #Ièk -›Ê™(k0ØåŒG¤¬ÁµKã£	¬w)C52r< YPˆÄçÔ8éPΚ
¤Å`a̪µl>gUÖ`º» »�õî&4—bfW€Ô‚B¨�sÖf -‹c;b
+0ª²ƒ]H•™@ì1c¤â9o¡ úd1/™De
öG§+Šg’JŸbç‘(6ìruÌvÅ‹id
†Ù„”µ˜ìI¶¬b°(íÌ°pjîfh,ðE€T“B¸ÇÈšRÂ1l²`8¢GXƒÁΘEÃÌ`yx†5˜9ž3A³Å`Óå‘W3XIr�õÁæìsS°4Ø‘ã}…Ã�´˜ádÌ¡²r7=£8e
»L¬²3Øå‘fï𜙟 �Üè` -¦ÃsUÖ`:,á(k0ŽQFÖ`8œ¤¸EÊZv–ÉZó'ìZÌ¡Êö¥¬Å`1qPoAÖb°ù‚U¡¬Á`W¼ñÊâJfih½`’
”I†ƒ•Éa°MiBCEŠi±O1’¨,R<a¦˜
Õ°qJ6��}Dn¬ šMü
Ùs²ÊzÙ$�hÆ.V�Èó ¬Èf+æƒ,›‚G"k0ØœÑÖ`ÖñÙTÖb°ðâH³·‹\³Ì“Y‚þ•	òvÓ.‡°a
‹3�]•5Ø{µ2,½š0Ø„g¢²ƒ�q�2¬Á`qÇ�ìúˆ°£Èˆ™±_g‚$"Ï¢îdN ”¯ ¯bFÄƪ,÷Î×—§‹rÊF@Ak‡´@©<HÎ@Ô1
+g ³Ïf ¤ÅdW¨rË*‹F;·¬ÁÈVkÖb°Þ
Õl1"EƬfé‹V)TÌ_�‚«'1¥i¦4*€ÜB!ö¹Œ9
+œ�ȯ†r2l‰JZvÅS7¬Á¬£˜F½³˜q,ï�uvä¼w�3pr6pÞÙQnt.�óÈø
+“)k0œ•ÕSY‹ÁÂwä/ÈJ()†·¬çüáAeâÄwå„C(‰ôJ±À±àsn2©*59àýTÎ@*�Q\JZ`nYƒÁιŠYƒÁ"_sËV6#k0ò‡ŠM�¬Å,î=*k1X´[‘ż.|GRY‹Áb.Ú4úçþ]ÓV0Å2Q"H‹Áæ¼ßF”ÁA7o!"%€Z
Ä-äû‚rBgʾª¤w5ó/–<E˜D­žÄfýá€@Î@j“�´,æ+RÖ`°x-F‚++¿å¦æ­Z6—Ò–1#¬Á`ñ–ŠUÖ`ÖŠTa`½Y¬àÒ½YAÆìÄz3ÊŠ0°cŽ²)¶S\`%ÅôTZ+_¹= Uy!Ÿ¸InH‹+�e½Zy—EäHIˆZ…8Õ*W9/'u9°/BÊyNvÔËÐ/4ä${Iæß’9ß¾=R2õ;÷H
+R¯¸~®sR'‚Hò3È„$×LÃŒ¼£x§gƒbÔ–l“Q«Z±9ƆSH�Üö‚œ�àR¦\9…¬
ÎJå‚CµÌ§œÜU•Sˆ/›Bà$ã(&YJåýB€„§Ðß‚Ø)‡R!Ì!Ñåd¼ANÌa<Èí@ƒXrtÄÎg3@f“Õ¥œBppÞÊ)„9øl81‡2’õÓƒs¼¹iŽ¿VN!TâDðUe’•Ø„¥ÎЯðRB *B¥ì¿Ê)„JÔÞI&9iŽ¢r
+ÁášáÕk’WðžíK“yà£prE9qe’CÆÌ¡‘SH7¹úÎ@ºÉÝN9…t“¯Ò�»¼;{ó­9vwøz›/–în+mñ›Í«›fèÚía3TmóëÝ¿ñì{�öJR<ýêî©êݾè·i›¡¨šÞ=–MÙ;W5­k÷Ô~wCØÅnçú¢¾/\Ñl'‚Õã¡+ÝðTŠ®ÞµãsÏíÁ}¯ V·ý@/bw.=¶wÕ×r÷ìš²ÜFîÓû·ë·®+‹-ôT}ä]FÇ.sÎÑåâ~WÒÂ<.›¡÷O¢½NON’ÈýÓ;3:O·ïÊ~pë‹—ÄçîಹÏÞƒÒÕEƒhKÑoÜÆ�ŽÜå¡Úm«æQb¾¬š¢«üƒçGOf‘»CR˜·ªÞ·ÝP4ƒë‡rÿ":‘»BðƒÏb_ßó@$¯Ð=T»Rrr¤ýiîF
y9žŽ3øÊ
xG]çëØá<rë
å0…G¶rØ
þqš/,Fà¡kkÔI9l#:#¾�Dîb7”]ƒ ¾•G*F[ÕàŠÞn[”µ/×óã“Y ÒîÙíª^}{*ºBߊjçk¢ñ‰èËî[Ù�˜_zp­)q+pxÌ’œà¡©~¸Í®B9�ˆ­NÄ$ÎÂ]\¿v_¾<âïªYý�·wò#ýúÚ}\¿I_»rØDQd”'Ë}y*wó€R�S½»n›¿
îKÛ}ýÇiÆÙá"w]�MÛ3†O]‹ûPŸV)žDº×›v_º›káOL£>¯žZ¯ˆ·ʆvÓîÜûò[¹;IT¢N?uU#é“<üq{ó/ö‡Â]Iþܧ+Ê�˜B©¾o7_áòÏÔ¢î>û=úÇ×õx�ð?Rá~"œßÕæ+nJÛ÷n}¸G­¹Ë®ý.™x3þž™{ìÚÃ^©ÇCµ-_&Ë)3Ùo}?öHs¹ðªÑv¦æ—ϨL\Ï‹¦iͦü…­n¢š_„±öSIq´tëçfóWÂÈðhöËÍíúD7òxݺÛ�wîçêVú.ZUÛ”îÏWÉŸ¿ºýtˆhÖ¬Í-2„~¶A}�v)¬I‘»E$h}}»;H»ùØm}\G×ÐÇÕÉhèjߘ¶ÅPÜýIvñŸ`‘{9ƒL~ñí	|hŠ·Èmï.îÛšs¹9tÕðüòÀ(¥Ûoh£ìÌ<›õ‡K÷¶ÙtÏûiн03ÇMÛœ—^¢Üâûþ{Ûmý±M/œ¸ú8z4Ayj‹‘Sc,H#<²Â[±ÃôD�ýñ²ƒ`žCÍõå‹“Äw;܈ë‹O§QJWýËÔI'ý?OÀùõaÏ¡ƒ(iye_|Ù)èü_ožÊÚöÏåNζªö¼Ú,ÿÏï®°sÆ·G·øq±ÙàœFŠoè(ãàâe^˶ }vŠõ(q9³0jC+Çxþ�7—ÕÚà„ëÓ†Lw1¦ÙIþ·Ohü¿/7U±ƒ�aèªû+î¡íüª29ñ“cÂxû£¨÷X;Þ_ß¼C¹A|”-Ž¤)üæÞ¼d9gó½¬-/Ok†/
Ëå‹všßÞ�ý~ö_>$..endstream
+endobj
+1403 0 obj<</Type/Page/Parent 1372 0 R/Contents 1404 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 518 0 R>>endobj
+1404 0 obj<</Filter/FlateDecode/Length 536       >>stream
+x
}”ËnÛ0E÷úŠY63)‘Ô2N› @$µt«H²«@W´ùûÎŒ\‰F�€�«3œ¹¼¤ü3Aâ'«@È›@
+‰O–¯o�A¬DÆ!¡
çDr5ìƒÄÆ*ün ÔVDgµÂ8†¡Ã_Ê`¨W�K㈭ÔÓH+´Gç©‘Ái´TdµNÕZ(‚*¦¾¬xª§‘‹›ò¨§P¡Á+õ5Rå.:û©�(§e®¯Ðar±vÞ�ÂÔ9(ΛÕÔª)Š�b\©§É²¦±õ5Òù|Vêi¤˜£ßÙ×´!G)/kçK!éøñRpŒ,ȱ'ÑpÒ^èk¤‘¢¡å$â„œ d³ZN6vr>ve±hV)¼ØJ|ñ|…º/álÓàöÁ HtÇ�³�|Å%¤ù'-¬€ÝÇþåé&}°`ƒ!*,a
+ØNU]Tí‘°¼¤JÀ}_f#R”Pdcö–
å•R�¥]{¨ŽS½W$àu F§:«Ú±ü=Â)†_]_ÐõP¶yÿqËby|eJ,à±ÙOÛµ›¼«§¦e[p軆M¢Åšn.7ë<ãÀâ
¾ïžÐÅt¬Ú#qâ‘8�‘¼Ù‘Ü>¸sîI,¤Óø:Ò¡a´û»Ýöžûî½ÌGøÜåSS¶#ÙñÈ
¿™¸`ceBõ_Û±ïŠ)ÿ[á-p.¿.„Ž\~Iƒ—à@ûendstream
+endobj
+1405 0 obj<</Type/Page/Parent 1372 0 R/Contents 1406 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 521 0 R>>endobj
+1406 0 obj<</Filter/FlateDecode/Length 1086      >>stream
 x
­VMoã6½ûWL·6bÚ²ì-)ºÛ=´‹n|é‘–(‹µDª$µ^ûãû†”ç£
Ú�[$‡oÞ¼y£¿FMñ—ÑrFù‚Šv4S<¹û÷ùÃh¶¾]Í×bF-åë…ȇ_
Ýò~ºÊ×bNóÕßgø8EU\Èò9=³�ÏÄâñó›Íhò~M³)m*`Z,W´)#<).~ªe”£LÐ/ö@ÁÒGãƒl’¦¤�ò�n¯½¹þqógŒ“-SœqÄ°)/2�£Ÿ•,)ÔŠZi¨“;åÓþ9eÙ°¶6ìßœï¢Rûàô¶ª¤ƒuºŒ
 k‚Ô†<ÙŠz¯ª¾!m*‹kdÀ^ ¬UÓ1â�
 t´=
·C A+þͦ4Îr�…‹KkÞÚdY§L£¾CÌø
w$o[jmvÔè½z—RA9ïRY .ˆøCZɆ•µÈ¯À08¦o·¥X=¤á‚¬£‡ážAå³<…1ÎV�ï£Ñ7j­SO‚²M‰"öFU^ðúx
8‹œÆ³
ì'¤ç�Zï
@@ -2516,16 +2528,16 @@ t
 ¥éèÁÑYúÍm€›H¢›Õm{O_”ól?pøÔd\ÝVïê�—›%úu´|ngØÜé{c9kTÞqRRš[…©id{š.’ÞÄx‰eøîûÚíà{²Øó¥è	HO¯¡I+^¦o ­Ò˜½ìƒ§dA&¥„ݸïR„g7�
L<½uÛY¤AËõÈ&@Ùi_‡tºa§’SõðÝJ…¢æŸÎ«¦Âí&<å³ ÇQé´ÙÇý«ºí›èŠ‚>¨í‘Ytü�òò÷³ž;+š‹åæ–ŽcW·˜N(Þ
 Šýñã-Ñ00¶°©c4W˜DtœÌ0âÒØO><\†ÂÇQ…�Ð^4›dÈñ½ÆûCœà(F›¼_ÝÏùyžæü¿yGš¯¦bµš§
¾æZý¼ý>úí.tendstream
 endobj
-1402 0 obj<</Type/Page/Parent 1367 0 R/Contents 1403 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1403 0 obj<</Filter/FlateDecode/Length 1387      >>stream
+1407 0 obj<</Type/Page/Parent 1372 0 R/Contents 1408 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1408 0 obj<</Filter/FlateDecode/Length 1387      >>stream
 x
•VÛn7}÷WLòˆWWKN�>$iA.�´F\Ü]j—1—”I®ý}Ï�»•½U4†mÅ$çræÌ™¹=™Ò_SZÍh¾¤¢9™dšŸ�eç´8_áóßNÒ&Ìf«ã«y¶>x¹>¿yNÓ­7ð±<ŸÒº$ØŸLh]Œ¦Ù"£WNŠ )Ô’|“SaÍFU­AYC¥eötý
f4Åk6sŠ–04Z×q	|{Ñlµ<òØ“2Ѷü¯xòm^*'‹`ݾ?,•Nå-ûÌèwªJú@{Û"sQ²…†Ã€óé<›±ó~7­Ö{ò6^,„!/%Õv=Ú-›óTY
 ¶’0áØßÖ‰"¨Bft‰Ëœvƒ‡[Q
aëHh}ÿuLžS^Ý”2yÅÉ"¼ÖsG²¦�muI9€±
<+S‘V7ìNù_žzÞùH¶©û÷µÒ6ú¯>á	
 ×ý1~כּ©œm·ô+½¿zûùã—OÝåÙ4•æÞå¯5bð?±†»UËùØØ3öÇ~q3–ÃÀÞ_}@�ù2»«UQw0R”Ä2¨z,I¾'aöÖHÚ©Pã3‰¢°­A‰-^º;éž
a†N⊇ʑ¶ªhD#ɺ>ÔŽ�cª�IøXC¶‚JÇË]�>ØHt@1¡A/C¼xÀ3Ô8½M.Hy°Â!¤M¢ÊËÏÿ¸¼øð6ßÃÀ/§”A(í¯Ÿö•èó¯SþûøÍY×F#ЄPÆà“Îú
ÐÐØП“ tB»p„^͸W‡/cÇÒÇH‰Æ±T¤W±�œ—z3$õ{ŽÄ·ècn¸m›@é=Dè;�.i«På»~+µQp”Ú|$怆A^�¸ïJ¹­FŽ¨–E]í
ß»×â+†é�ÝqëÝXÛBè1ÊÅX«|<prýt˜æ˜k,²T–›¤p"·È×Ë¢u*@Kd œ�ZÀAvÝC¾f�Cß/Ñæ#„…Ó°EÛH3äÄ—þ}ùúÕ—Ïë+æL§£9>�w�?ÍÎ2Zw‚ç:=I°Çþ8£>è¶^ˆ/Âm³µ.4Q$1—‡Æï„V%çg7\77´¯õÃCjBNµ"j+'hõæðG×?¨àÇwìÞp#¥5„>¤­(Áš®C}4ùÞ]¬Ô&‹!éWMz�ôÀ[ØgïÂð¸@sÀ½ýÈ.Ö.o�È1©r	
  žÎhT|hû…Þ‰½g«‡E%ÀÅ'Äèµ0˜nþÊGéÚÑê/!0
RÃZ£nò2æaðáaIîMß+„дÀ³¨­)AGh	ž÷â	I,…lx Ð�³›z¤Œo£Œ~³æ	°Ä¬†ýÒRnCýˆ^'E
 ƒ‚óî¤9Ò¸ÑÇQÝâ²ÕEMJüÀ8(%æ3fé>
ñóxŸqr±6ˆ#¡í²ÄÛ�Æ#B_Ø&ºÓˆ”mÑŠ±+²(?‹¸†;E’n6ôÓí¾“A<ÝÒ9`Mæù£ŠVˆËJЯC”ƒóI¼vÌvì")ó^ö±| xëʤT	Œ8ÙÐl†—žˆè=¹- m>¢iÎÚ$[ƒ
¨á>åĆ÷&ˆJ4þ‹Ä\€ÄÌ^û/ÑGÝìç~À¶ˆ²HÊ‘HEµÅÔáAŸz}f§“~kÁ¯UU,-Qÿo[UÜà?€4QF%â×-(pxËQ§ØçÝÌ�.±�ŸÏi9[¤%çòÅû—/蓳߰ؠSÒˆs…ã8휮&ØõÊÿ³o/V‹lµ<ǶÍï&lîõúä÷“ù
»ôendstream
 endobj
-1404 0 obj<</Type/Page/Parent 1367 0 R/Contents 1405 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1405 0 obj<</Filter/FlateDecode/Length 1295      >>stream
+1409 0 obj<</Type/Page/Parent 1372 0 R/Contents 1410 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1410 0 obj<</Filter/FlateDecode/Length 1295      >>stream
 x
•VïoGýÎ_1v?”(æà€v?9JÒZjצŠ"Eª–»=³öÝ-ÝÝ3ðß÷Íî]ŒÏP;‰‚Q<¿öÍ›7óo'¦
þÆ4ÒhBIÑDÆÓhFãÙ”¿ãŸ‘”uÞÏ;ýO§�ižÁe2×”`>Ð<éÆÑ$Š#ºqÂ8UÞRftAª”.�]foæwpS÷Þp
 ÷îå—ùÇßh¾D�çzÍžk•ç´�”ª,“F–ŽTF[]Qe%]^Ü�6üã-9
ëŒZTN¦d¥yP‰´Tˆ•�8á€zÃIÄuvÿÔúž„ã8†B1x¶/¦Û—.é7ÞOíFôu	7e)•ž“r�•6ŽâÑiß%«ˆ.2*µ[ré;fn)K)ì)‡>îe]S<Š†\|ìYÈïSWèJÛžµe“ëim;¯³ªP¹0ù0XOûUºò˜Ù¥®ò”–âA’(	hš­¯ååÄ¥m"Ì{)7Ždªþ×C袀€ÜZ{ˆ,Y]È$£E;øè´áÍ84”Zvá'¤(ÝAgÖå­õ+kú¹NDÞ·¢XˆþB•}[,@þhº3÷Ñ�V|j–ôÖ <CüBð’ãú�gŽ&!
s_nDâÈnK'6¤³½ü<Œãƒ0
 ¬_H·–à\Uª�´5Œ	ô”Æ7Ÿ-U¹3˜ž1¢y{ÍÌÛJ¥²=B<«gtƒÕ9HäÀ9Ýv1µ8ºo]
Ö?ë{ÓÁÍd·T›h#¿¿á*(¯œÃoºjUYTìSámLŸˆÇ"²Ïü0ÌP›BxVÊ‚ iÒƒ7ïGéK	ãr‹žÂ¨°~±‰  ˆÄRƈ«ÒI“	ÈÖ1é•Sš{Ã|ôªÉ¦v%•m½ùÅOŒ‘Ö¶ àYæ…°÷L ¯r�¡#º®ÊðÚw�èATY—ÕmøÿF™1–6LK-º©.ut�9¢5+!W½0Z¤‰ú<VŸù=ýOM(T£u<íL�/¬â ¬’h"r˜ª$§
@@ -2533,8 +2545,8 @@ yBPvʄ
 Z÷ìy˜t}y4”ìz9~ÆD^Ö°™ÑÖ³ÁÑ{¾J¼”c@Ö2Ïk®?^D½QVŸBÈÎs N=È3òïö|ÃÐJ…,t=”ÍðñF÷gÑcßtÀß5xÑŽ×nïH0äµiß¾
 Žb”8±þp�àV©ÛÐÈïΰúÜРLõ‹_ÞÅ¿…Õºl`<°R/äÞ¯Î\ÓÏøúþÔ¾O®ÍfۂѬÌ�qpIndR9±È%nNç‹}Ô®.%ËRñvZñnV}ª}s�ÏG‡xÜ)wOZðê¯1�¡_–¿œCˆ¦7áD5I䯗ð»Y­äñgúlD“IÎÊ›óÏïÏéÊè;H#}Љzð0Э×8ô¦Uék.÷ñtM'3œýls
ç�¿:ÿ
Wÿ§¦endstream
 endobj
-1406 0 obj<</Type/Page/Parent 1367 0 R/Contents 1407 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1407 0 obj<</Filter/FlateDecode/Length 1161      >>stream
+1411 0 obj<</Type/Page/Parent 1372 0 R/Contents 1412 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1412 0 obj<</Filter/FlateDecode/Length 1161      >>stream
 x
­V]o7|÷¯Ø-*ÖI')úðC�¤Ž�‰ÝV×EÕꎒhÝ‘
 ɳ­ŸYRgK–“ºEØ9‰Çݙݙ%?Ÿ¤ÔÅ¿”F=ê)¯NºI—†ýa2¤Áx„ç~­¤EX'øøÂB¿›&ƒ—BŒgÞe'�Ë
¥)e$ŽG”„ÄÝ.ey+3´VeIÊ““º ?:µÔ¢$oȯ$m¬É¥sÒ�f·ˆöf­Eºšñ»&C‹„Þ}õôš;~-ám]j÷† ’­«ëìý9}XÐÖÔT;òNÿøm@ÎoKIJ3­ó²â%Þ«Ä–JµÆˆJcÖ$|Ø!¡Ò�tK>ˆjSJ×qwvÐv^X_oaIÚOzŒÄåVmÇP%z*ª¹ ²+Ê�G Ð¹œPŠ’rmÛýA$“&£„2ËàœWz@¹•°Ò‘¸ªsP2�„EÝí�´‡˜¹2#Èx¾�+éŽÍ$é¿A.ZÍóRIí©ý‘âKý†2ªhWÆy-*yÈ´<ÖýO”Û­L]´”žæ"Gn2¬|sÒ4¬0úÇPzMÎTÒ¯˜´r(Yn¬•¹/· ‰ª7moŠ}e<·:ô
ïóVSP.4‰ÒšKÖBÁÍpRÒ=¿Ø`‚Oji K…þ$´Xâ1ÇѬåê|E"¨w¯Ñ7‹›åì´AÔq'Á|eTˆì–Jy'KÈk«üöP~ÓQ(V~®¥óè3m„s÷Æ`±0@	ݳÕX„û²'òJh
 ¢»Õ}«=vû°�-¨T#ÕSÃX*¤‡¼\Òl$.$¾ÎCr6É.uSÄ{…z×þìö.Q�„ÍÆ+¨¶ýûÍdÈM…ük	ɯÐÃÀQ�5v�O~EÚèv,OÔº›�F/zg½“­¡Î‚ &Tkõ°ëkÐxüßù%î}4u:û~éF©òo'ÛnT.J›�ň½¶_ea³AÙ¼�ýÉFãgö+$.!î�Ò˜Te)_5MQú#/ÓhÁ—ŒvOyB³;å�y%î$”iÃzJïlÊͳ'Aƒ‘÷Óð_¨’u€ÑÇ�ö	Uœì·58†ø‚þZaT¸¿ÙXAVJÇhM’=„_I÷Ü»—pÀnØSL,™PZhsŽa®ø„ŠðJ³½ˆÏÑ‚.W>vÈo7òüQ3&^1•;��®ÃqcœFî»üt\LŽ$¿°¦‚-/®§gă
@@ -2542,8 +2554,8 @@ x

 åÖrùuÂ?ŸÏf7®.®o¦³ÙO‘Os&�Ód²;”4>¾‹sšá'ú�+Ÿ�]÷>žGkcqÔÂ÷ÿ+ rãÓ0mŒ)ìÞ¨¯ýØ+ùì¸.”’IÇ25Õ?
 )K9·ÂË3‚pÃõÓ@м^â¸1ÖŒws%â’8îÓ0Mã]eúöÓ»·ô‹5·ð]˜¼®pl'ÞÙn6´GÝ	_þëÅd0$£á8Þ;ÒÇ~Ÿ�üzòù2Eendstream
 endobj
-1408 0 obj<</Type/Page/Parent 1367 0 R/Contents 1409 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 523 0 R>>endobj
-1409 0 obj<</Filter/FlateDecode/Length 1504      >>stream
+1413 0 obj<</Type/Page/Parent 1372 0 R/Contents 1414 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 524 0 R>>endobj
+1414 0 obj<</Filter/FlateDecode/Length 1504      >>stream
 x
…V]oÛ8|ϯXä¥)�¨þ¶[àpp¾
 ‰›Ö:ä…–h›
Eº"ÇÿþfIÉMÔŠ †e‘»³³³Cþ8éR]÷¨?¢¬8é$öúÉ„“1¾÷ð_JZó,=~|û|ÒëL’

ÆäGõ†Ã¤[?iZ„@ƒÑ�Wüˆú“N2úÝ‹q÷×
—éɇÛ�ÔSºØѤKi t(ÍκI·“Ðr+<ÍÖ”n•Ù8º¶æ�§¥-Ÿþ~Ÿ~Çþ
u±�÷_ôÆÈ�ægXm¬çõ´ÇBGÂät°9/JOÞ¿|¢ÓýÖÒ¾´^òŽvJK²kò¥pÛSü&
ÍÈU›�t>È-bÈõHl„2ôx†ÐŒÙ»}Ð…ìáÍã{òJë°)º ÜîMR¯ì�ÀV¦œ€qj³õè†È9)­Çõlúyþe1[$þŇ
 øÕíôkÂlð.�ö¹�Åù*{Šx}y1
@@ -2555,8 +2567,8 @@ y@
 *Ì�\¹?4¥ŸÐÕÖFíp&èÇÛÌjº“ÏR3âߨ(ÅÂÅý%÷=.æq-„A÷”Ð2óQ«²Ä8€Íè'®Úílé
Ï	ÉrõåÛÍyø|¸ûgqNwÓùýtÞ=oñ†£¬yÚmmpÌzÆeHÚóŒâEUñ ¨ª
4ÞKÙŽ“³×=úYñY0gÖ¼&”µE#žA\óŠ��Ø(IÏ…ønKåG¯l×13duŽ
ƒí9#8V䎕÷Œc»¶Ut#Ù—EœEÖóÉLF¼Z*ºP¦ÜÛÐ ¤ ³Â:îVð|øŸÌ¡«P�±{ìu‡Ë“ÄŠì(þ׳VáµiZ‘X£­´¥Ä‰eXÍ"Æ´‰M8Š›
 "©ÀÌ·µ+—U8
1¡l“ËõrƒîJ'Ëgö`ô' ÑN8‡±ÈÛ‡Q8óøدE{©HGà´7ê«¿ôpŒ†FÇ!]Eˆíæ˜
d
 O¦ÉQK«F€*ι‚ŒëdÂ^yÄiÔbÐþ:¥h,ÏPpH×Öë�‰{ËZk@˜¼FìÌŸ¶l¸d¸;ŒßÖ)´Â„:Vró‰]*?´çoYë<eJðôqˆkB]ls¹YÈx 7sôx†EÀj*¡Ñ´—¡ÌV}ÕhG˜ãbö‰ÒŸƒº+løG%+n;›GÃ#ÏB8#�RŒN-8½zø0{ 4–eÑŒmÓöV“bïYN	ÝaྙŠ/-ù´œÃÓe¥Úa¡F³Â–p%ƒ¼~‡ÚšVÞ�Çp½,`–qÐXÏU!V˜1¾ª6�¦·“Ú¨º#Üæ'}�ø	Ÿè‹éýå”mû;|÷åW·NyÑl¸w>ï¸fƃd<šà’Í—Œ>ǹIO¾žüÚêaendstream
 endobj
-1410 0 obj<</Type/Page/Parent 1367 0 R/Contents 1411 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1411 0 obj<</Filter/FlateDecode/Length 1741      >>stream
+1415 0 obj<</Type/Page/Parent 1372 0 R/Contents 1416 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1416 0 obj<</Filter/FlateDecode/Length 1741      >>stream
 x
•WMoÛF½ûWt©XŒ$+’}ÈÁ_
‚:¶kÉI)Vä2Ú„ä2»K+ú÷}3K*
 íŠ"-îÎÇ›÷f†?Æ4ÂcšOèxFiy0JFôæÍqrBÓ“9ž'øç4åòâô4™ö?_¼~wJã)-s˜š�à!#˜�h™Ž“ñ(™&tçLLõ•rgKz¸yÿ7KŠ.
 £«@w¯–ß`hJãq44œÌaèpi©ñk6 …µ
@@ -2571,350 +2583,380 @@ ZÉ°
 ßÛJp�cØŸùÒFy«æ©�ªrý�wÍ̈;œP©ò°ç�ƒ7	P®1VTíJƒ½jÃKÄn!R)‹¦ëÐ!Êo7àš7%xª*mß©Ú`‚ÈNAgÝbµ*/�£çñòêæó?7·7WG$�÷Wg—íã§û÷Ë+žnòâìúzX—dÁÁÈåui®LaB»õÜ´K²Xzwq."•?.1ù쯡³„>I.ÕöÖ
 ›·ˆø……Ã�?EdqéfX`¾Æ[ÝX¾»ˆ]‚«‡KüÀÁß ·žž› JÀ•î, ÷Ô`Ë[yǘîã¦[ä±r'X
sž™T+ì‘Ü®÷¿=^¿;i?ÊÆ3|žÓlŽO:þYœ}8?ç�ýÆ‹Í¥M^¢„AÒ°»0œ�NùüÿúœÎ§É|v‚oJ¾9eƒW˃¿þ®ÂÓÚendstream
 endobj
-1412 0 obj<</Type/Page/Parent 1367 0 R/Contents 1413 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R>>/XObject<<>>>>>>endobj
-1413 0 obj<</Filter/FlateDecode/Length 166       >>stream
+1417 0 obj<</Type/Page/Parent 1372 0 R/Contents 1418 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R>>/XObject<<>>>>>>endobj
+1418 0 obj<</Filter/FlateDecode/Length 166       >>stream
 x
5ÎQ‚0à÷ýŠóh®M×6Õ
 z(Œô*Sc’Ždýÿ&—‡{ùà¾	‹Ã¡2äv"Œ2H]P
¡UìYÌÒc •!Û£ç0¸Œ7�C±¦CDŒÁØäVž«ÍâÇÞì½ýLýÚàü¼1#Iÿ.ýÁ„SΨ Q¸9¸ù‰añî—ÓÁ£EýrÑ£©W-” Jêø¯é¾[WC®ä51†endstream
 endobj
-1414 0 obj<</Type/Page/Parent 1367 0 R/Contents 1415 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1415 0 obj<</Filter/FlateDecode/Length 1600      >>stream
-x
�WMSãF½ó+º¸UF؆`²7ØÍVqX³)œÊ!¤R#idMVšQf$¼þ÷ûºGFì&)
-0h¦?^¿~ÝúçhAs|-hµ¤ËkÊê£y2§«›ëä?Wø¼Ä·×TȃÅ|•ÜLÜmŽ.>þLË9m
-غ^ÝÐ&'Ø™ã?ÙéûR5­ö0D÷uãݳÎ)õnŒÝ’±T�ª³Íßbd±ŠFÎ/¯’%Ìœ.“EBÏÚ?½#WŒWã�+Z,úËbÆ�ÇOwdu»sþ{`�&×�Õ:+•5¡¦tO»Òd%e•Ñ¶
”)K*Ëtàs•	-»ªUV‹«ˆR
6g$ÁÎé|qCî<SU…´Ž%/-ŽÚ”&Dc™³­26¼˜lKÕ’°^«|O­ƒÃ(¦Ò¤l~á<B7¶¥À¹#29Ó–ÚsæîÇ(w¦E¸„#C¬B‡ð[ÊX×"•¬êrýHÄ
‘Ø“–²ÎãC[íI¥ˆQåN@d­
-_B2q¾�³ƒ¤		—Z=Xè–ªŠ¸&=Ô	½w¶0ÛΫÖ8Ë8óÓ‘¥
-”jm¹pˆ¡Æ©Œ
-7Í:¸ZÓ#S‡ù0ƒ_›!dÆ<wYW#�!ÚåurÅÔ¸h·3jý°!f	™‚¬‚9¯ƒ«:‰ªð®¦µnïîå¡Àÿ™TžãXš#¤Eg3¾4�&sÀ2–	ý4ç©è÷ûõã€'Ce¶%�Â1W#Þ€
re𸄃ËC0OLð§³Ã &ŽÇ“è@·Á\íZ
ï[†f(‡°*erŽ‹¿Ú}£AÏ@�„°Ü&[ª'>û.‹·{rLT4œçü^©kÆa»K…–	db,SèšÆy&í¡J|¯ç…Öí¨è* Ú_“úŠs'ôLÙ	ÑÈQ[§9wóWUÁ7¬wÒÔ °kÖ�IÚ\¦P§	Ž±uŸNƒ~ùßÓéOOgOgSFÞFÍ�
-ˆæ8hÈÐJµ
-¬˜œaŠn½ë	�=ªÔT¦ÝËsQO.â€Uîj.f嶈x.g2o(2e¼Ô³27{B�üÃçÛûuÒ~mÅzí P‡,^9ø—ÌF•õéõ—úĤ*oì3²Føå’VÍP
-ò²2âæœdV½…�ËÅÝÐ;Ü(áC²5%h�Ïûhbd‡Í!]øÌÂYEg@J½Ÿ¸¯ªa˜?Ü(€–MÏXxñùU{³ì§èŽHh)éÞu~ô1{­S„×ÜÄîQ(]WåÒ“A·½ "ë4üö)ŸÄ
-ë­Ð˜Pú”ù8%úzC„XïÐŒoa�GTw<<-šPcjS©€�³z Í„

ŽŒŸMPõz«|^ñP††ìJ�8}êz3ë³å&Gd‡_'¹ú]€@ŠÔOÖ)¼@,ºÀ}
-<¹ÇylA1¤c´|Fi‡RKµyÈZÍ›„ò2×C£3S^d(•×t¬Mh½¹}”Íä�w¡Ì«³`1óÑ¡Vœ ’~iÔöÙxgYù' £œ˜KÜ"·Ü"3\�r—KÌeÊŒŽN«ɖ©&J”ÑAúëÍÆÄ1�G’¼öŸ>™Fœ’\ä?¢lG #øsZÒ�£-Úc˜¬—2ù9«ãØõ�
v¡SU¬ªèÏpfÈüxäìq?ÞΆq.ÀY?NÀa´ÿx·'pÊ㺢¨Qv®˜FÇ…Ì%îVÙx0çϱ­ã¡¾ðp×IÓ]a4¡IÆä¹â`)÷RèR¬Ê¨SwBŒ7²%=G!ËšT
€äbý¤³Ú	5�o¤wðbv#ͬÃyf$Ó²¬=ÜÎøâÄ©þªêfFÇýÊ2Ø9Žòú2^±ÅbOT[-ˆý`¡¸Lès\%6*v{ññ;›Ä}A¼Z"W¨¯x¼Wº¥Ò5:®œ	†lÆÉ/D)uÕˆ¶^e_``ò~™Å„ƒ((ÊuÚm'©WÐKÔ´ %æ]
-ª<Sú—Þ…ÑM·<VQ½~pýÒ>,òö"µ€Þ€õXuZŒñ8›tì5#9íJyõèßdâLrwè‹�7//Z—óøÞó¿_ì®VWÉêúï†ØÁל÷/›£_�¾
:(ϳendstream
-endobj
-1416 0 obj<</Type/Page/Parent 1367 0 R/Contents 1417 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1417 0 obj<</Filter/FlateDecode/Length 1738      >>stream
-x
­WÛnÛF}÷WŒµ‰eŲóRøÔq][m^+r)mLrîR‚|ÏI™bâ¦(Ê8/»;3gÎœ}=i„!MÇtzFQv0
-Fô~4	Îhr>ÅýÿKM‰|O¾óájvpòqBaH³g��OiÎ�hÝ[¯É¯”'“�ñ[íòŸ=mlùL‰-ik«
èœïÈ­l•Æä¼ISZhR‹Û-ùmÁÇhrº\ë’r•á££9®§ÛÇ?oÉädz/#†§Á>%&Õ™ÊÕëÅÀ
-öuîñ¨ò˜ºŸ³±qEª¶b(5ΓMH­•IÅ
·R¥vAce|LØÊ“…'…¶MÎ]”vãL¾¤‚ˆTåÄù-¢çØWj]³LíB¥t¸¬4Œ©(²Uî£ç˜­Ujâö}k¸
ïQg:[Hl@—±¹{¸þ‰"›ç:òÆæx‡‡“ϵÿd»!è‰Ý� áW•“d\[û²ª‡mãkëSÆeê,ΣÔ
-v
,€�–Ú{ea¼G®5ÈEi‘àŒqöÖ²µ¥B•H.²äHbÐ)סÀm,ͳEÜóÇäÈ¿öq€ð“€f+DéK=s¸À2‡CœW¨HsRüFÃ
FÍàÇ�yšéåÆcí¼V1ÛÆ4žzæeó«>gx%¸ï. {½!�×!7ˆ­ŽƒœÜnÀ–’2‹‡Ô<ëðXÄ]–H%„X¨�²g\Sq¤˜<pHY©8QÝ€œ…ë8ß±qÃ1€“LÃ\ëXÇýά+‘ª%µ	j2)¼`D™YXd°êÕ…Ö,üÈ”{&T÷Ý5Þp"6¥æG®Ð‘IŒîgqcüJ’ph¸LÎÕa› Dâ²…$x~Ì8œ|¼ jò3<�Ôå8&
]µ%¨¢Ò:G®ZÀ'WozÕªáx
-¡C
ní–:ÕŠ“󤲅¢0¸ÂéüH¥ÅJ…‚²Zصž7V¡S©*bå58d¡1¢P<¸ª(l)hõ’Wê"5‘öÁ è§ŸëuÏqZ@bU¨��(²1²ˆŒ×Üuu½Š@»vBE+£EgÌN³Zé�òp�JÄÚE¥Y€+Ð�=fùáJ´òYL£Ø$‰s</àZÞÛVÿŒ÷êý@„)¨ºœf×' C“°Àè ¥,R¤¹ð@HCi+©Ù\kf¡�Ç×zHúR%‰‰�î!¢`üf
DF¡F�ŽÏw÷O0Ä
„%bïgØñG7XÅ�é^û«»ßž¤×¸o*>M톭»ŠÑë0nå.­Œ/hg"¼0¶¼U
S.púZérˤCIõ½4BÛN[Cb䘵Q»Û7ЮèqC6…ráé”=ê
-•5r€Ï”@ë9^Õ5�ríƒÌ5ϾëDU©‡Ì£EÿËè[Ÿ±}—Cð«´™x'ñ3"­k=ÓÂ×LM,‡Í2iœØšS´á¡�•¾38@mÚ´[Dx»û6°ÚÕgô³ �‹hu¾ºj–¶äoÛñ@°”b–={
-Äé‰ÞI{
cëЀ]‡;[úŒQs]¼ìîïg}"kµNÕ¬v5÷wóE‡‹ ×~~—fÍ
Pè‘q^Aü_¯QŸRo¼Dß­TÚC…{¬YV(Wž2æGLø{ñ^4	wpQ éüWwÙ¦úJ[èÒCÉMî`� ÒŠ
-Š˜Ï“°zv{G¶Ý@&9icÒ0•Õ!|ía@¿BÜxø¤nBj­â<‰¿°Áî4‹ÁýáºÓE^· 8ųI­â(ÁXå‘ðæ•É…Ï(Óaf×ü�óÐð;ž°ÀeõŒ|2ì‘M|/Zõ.1nµÂ(„Da„’jõ—:h4ž«Î4œªç¹š©Zr{B¹Çœdz*º¿‚Àƒ
P5~Õ3ÍŠQw>èƒtÄAÃ36£
-io`ÔPò0ßr°ì¸Þ5®1æ€jûØWË6ÄÁ²Â:úPçdDM^ÇM§§_ó£›OWõ°À:
-Î9›{ûîÿ.븻j?áþº¹ÇíMçõmÕ÷£—v%uo»÷�ôòæYÃÿv½yÞž;�Z†¯¾îݽíÕ;xõno훲ôMw^C`ò(]¿>¿¹š/c|xyÿNÿ›G{}ãOïÅÛÉ1
¾ì}çjÞž¾¾’cN>ž7¿�Ã3üà>?Å/èö—å姫K‚b~ááÆFU†éKD—‘¶†Ój#>úÑè;™N‚éÙ9¦e,§|Æíìà÷ƒ¿
~5Ô7endstream
-endobj
-1418 0 obj<</Type/Page/Parent 1367 0 R/Contents 1419 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1419 0 obj<</Filter/FlateDecode/Length 1763      >>stream
-x
}X]O#7}çWÜ7@JfóA�VU¥–
-µ
-¬öiåÌ8ÄËdœÚRªþøžk{&v�&ÉŒ}?Ͻ÷˜¿†4Àß�ÎF4>¥|u0}<øt5 Ÿéq�§çøRÐ ô˜õ?¼(\¾ï¼8~ü~0 þp��C<¤þç÷vïñQŠ�ð²ûeûˆŸ¦2g£o"ܧþ~�5øq‰�æš�y.|Á¢ø�úO/)•Ú¼ì|>}½ž=<óÒOW'4†ØõG§ìÜ…®¬²NUϤ4&[Ï+é,=
{4êÑøé˜r]U2w² ù¹�&£k'
/ºÇªûÖôÉ-¥•Thª´£µ°–æF‹"ÖÙŒ¼\6�³«_
-K?ÑJäKUIKº"åzÑ¿>i_·/ÆÉ‹Œ&ÖÖ+ImØZ镬¾
-G¢,ƒm‰êV©0’]\¨çÚÀG§i.IU^��ºÑæå>¯á0k°jµ.U®œ‚ÉV¼È§ãŒn‚4~»`?B �]eÅ]pïR¯”Ý LÒÐÔè�ÅçÓ‘’bAós]–ÂIo‚ŠT"i¶õ·µpÇà)Q­l×Shgl¾B§¨Š&X¤EÓžÞ‡ÈÈgX€5X¨ͤ›^ß>P…xYí–©f—Å'£Óì„S?±�6¸³“Œ¹Ö¶zÝ#Yx
-õ®®B�B€?‡к¹ä°K¤�‘Ì(pK#ebGÄw‹‘¨=än£ ­“À^¨Òä1Jƒãå«0y5¦~¢Ƥ>¾TzS2Pê\”ðß³õ,‘]ãT^—¸ó5”3¹4$¯¢râ™›h…Y×5r4ö)êúÉë8@ÄJ‡àóï½àLy»'ê„& ´½mjC5¾+6½XFv)ËXT¹Ç€�x„PÊpã-q’‘é%ðæçFDF�?pÛ%©Ç‘‘¹T¯¾È�¬V3G¹ )�D7vhS4h[ˆ<vŽv)„³5O4Þ±exÁ5Ì»ƒD?$j.Б©
~iFWÚ$&8–ƒ+
Çл=¯±>|ö&ÜVûjlëЇ}…Àî3ål
-˜j0 ç·„=ol\Éî£5ZUHnÇ¢vKm”Y9ôõ[yì2Ê%öÄZzU"½Mc9tÌe.jdX4ÑAVdåGÛGpayï$&ÊW5’¹
˜�g?ª@F—[Ö>û‚��YzÔ¢-«…ó
0ÒêÚ䲉ø0ŽÐ›Îðm»©=È
E³·ö�?):ÈÓœ6KÄ Ì™XIè=ðYŒÜ×´™ò¤Ÿsð
-…Ø»ò-„²á
®=ø�;Îj¥«þnfÚ¹ÀU„<­µò#¼
_y¥Ö/Üš˜‰˜„˜”¡êYI§ð,½é“».6Šç9˜¦/%É«¤z^εYj]�Zø½¬c#º"Ê@t[q“Yƒ}ŒgƒÁË2;ä´?:	ƒî!PŸ-'›†G>ÑŸ¨£Æ È9ÝnÙ%¶xÎ’=AÏp»ÉS‘íOžL³á·©¿_øû¥¿Ž²FÃÌÓ k´Ý˜êÎo–þêï,kK7v¥Œ;»˜´v.æ¸Ø	‚ëï,+B ßQÕXA€´Gu‘¦+„fz�•˜› L=䦭sìð¥.r£AOEõÖtÙ¸5…âLoHþ#Và¦
Ÿ1s «60žÄh* œ€{{ Äx
-4F4s5Lý&�±žCÑ�Xi²oU¾4ºRÿÀ {�zô+£kÆ�ié+ìüïZš·XÀ;äîéˆó¢™]ß%zEQ Å ,Öê\!v…×á}šuè}½½ÿã÷ûÛ/w¿
§¿Æ¾Ê¼�6DÃÃY

5PˆD×.ÝA
3TaG¯p‡—nã�0²’@ÓlÝV €§L®Â,mœŠŒ0ò™D=¤:Y–žþø–	 p+Ù›IÄ/q&€§Äßʪàð‹Hè'U¥kØå�#k‘¿€ZÁ
A_.ïÐጣáø�…_ølB/ÎÛ¼2Í-hžRŸ
’5!9žÁ®êÕl ,cV‚WìÊ^"ç!ƒYz[Dá,x<žûP&û‰‘‘�7/Â&‰j;�yÉ�ç·û¢
6_Ê¢.
ã”am
€’3ÇœEm°TŽ6¸£O.zBÆÉ‚&sÃN$½hÀ˜(4ê™÷wê)=¤ù1S*-~aï?]�Ç“óðô,œ�ñ¿€}˜ÜL'tgôw@„9Ç1|œ­å}ýfyÿlÀÿ«8e'Y8åùä…NÛo89;ÉÎNÏñÏ
,žó£Ï�üÆzbþendstream
-endobj
-1420 0 obj<</Type/Page/Parent 1367 0 R/Contents 1421 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1421 0 obj<</Filter/FlateDecode/Length 912       >>stream
-x
íWK�Ú0¾ó+æIó ÀöÆc÷Ô®Z©$d‚Ùxì®í€¶¿¾3v‚ÙˆªÝöR©$gb23ßØão&��ü¥0Ê B±ïL�·7	\Áb‹Ç(l ‰“$�EÑýR­%·®©VGÃá#3–kœþ Œí-î;	Di�Q¹¹+¨€Ÿ¨Gœ'©¥ãý¤Aé6]ÍÂ>Oú4NÝ8sãÜ�×}hY;W¼(ßf«É²ûfÙCÙjÄYçN¬-gi<¤Ø<Î,%õð„8Ѳ7êF™­æ/ƇÑ6H0ä žð¥+�í§«ëŸC͸Û|5O5wPs·¤ùŠ â퀹>pmà(l	œ#`[Ú|[ò=0ÍA*±Ê–Jˬ8àÛs“©·7HSŸ\QæÖpbQUø¦„´P2¿SêAÈ;’Ì
-
˜uG¥ð.îʵҥRPŒKHƒ¬4dk·Ã90¼£&Ê/¾ºV¶ì7+ŸÇíŸ÷v²ymÁ’%wOÎXË�G¤Ž�w&|6ŒdtA~1bÔ}¬¸,8¨-ð—Ö &fAE¥ù¶ˆÙ%ŒTG?iÜùÛ©‚í`ïÏÕÚ�2†¼ȲK›µìÅðµä„ó$‹R+)¾sÞìðtÖ{G>6jÏp…[NÐ¥[�ŒÜq|Ÿîl1[ž1,-ÐEXÄ´LnPC!3„é,†‰K—x%3ç7>£ÐóÌ)DÁ"Ê4Fž[.ŸEC©‚�=ð:¿NÜe¿ÿ=i�²¾fäóSQ&*hHù ˆ'¾¡d#¬wæ¿ãæ¸]\¾óIw–êÒòÛÔýò
ûãö/óyÃÆ—ù)¾Å¦’k$¬~]DΨçwh=”b¯¬ëÊb-³�·	þFHtþÔw¤x‘¨‰Ù½=,JH¨ÔTôjÈËÀîˆx]ýÏNg,­k¡suNóB`Yq(öÂ*˜¾ÞAMÊ1ÔP!r¬ŠœË;5¶Á†µ™#6±Å ±¥�HãTÀ5ß«Ö'
-¢¬Ný\í_m·Á~ÆÃÒ‰Œá=íÍY'ùÊÆØ÷y"m²ö•�ÃGÂ9e^”ÿ²$ýißûÊóMß>®ûöt8Š“qÃá»úhòq:�OZÝóÂÂ\Õé%)Ó£F!%ô1ÙÍâASêh‰°X¡•ÁVÐ÷ñ¤0
âÑpŒ_ŸørzES׋ÎçÎ"¿aendstream
-endobj
-1422 0 obj<</Type/Page/Parent 1367 0 R/Contents 1423 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1423 0 obj<</Filter/FlateDecode/Length 1571      >>stream
-x
�W]OãF}ϯ¸âe©„M �ª‹Ë"ñ°YZ¢VUÕ‡‰=Žg×ö¤3cØô×÷ÜñL⪮*”„Øžûqî=çÞü5šÐšOélFY=§cº8›àýürŽ÷)^FR1º]ŽNïÏi2¡e�#³Ë9-sÂãã1-³ã§m“•F7êoá”n,­¤{‘²!WJÊu-TCµ°NZýbñ)šœ*�‰jpÃÒ‹ª*ÊtãTÓJršt–µæ„V­ûaùe4¦dr–NáÿØ•Ê’-u[åðH‚àAä[|'É*×úpÒpl:KÏùØCAR!2CF·Ó/ÒxŸR!Te}Ð…®*ý¢šuŽáG¶ ’hh!jiIˆ¶Þ°%|iHŠ¬„ó\ò@5"ˤµjUIj€Œ6_©0b]ËÆ…|>£äð’9GØA¶•F4Âr©j@ã¤=�iï!m¤Z—+ÝšRkÀ«¬³>ù…‹ MRbø²ËãÆ9Yo
-Àð�Ìÿ‹Øí ú}¢¾JŒ—/L…‡Ãßh´ãŠYëgÎÇèš�&ÅÛƒñ=qO_Ç�BêfóQtEÖ:À_xÏ>¸ßO„Æ{–h%åBY›jë;‡+ƒŒ»:…Ç|1•{]nZÛ®:rßRk¹Mº‰²ºBó¡�y†ž§…t·ŸŸ¨
<@´L’”–è
Y@ےͬªU%TÞ•‚³
_¼«%ÇKw»¬v…ŽÝyÖ
vzEе@½/(™�ÓK&Á4½HéI:°lMí¦z±ÿ>ß“é<�ñ©�o=‰z%вY‰†eöà¼jrp›KØeœw·káQ¶ÒyOȶï@h@îpÕ[$} ]Ïñ^˜´Õ-Õ-0y§­Þ0È¡�ÉÖ«��~P¨4_öVVÀµŠ.<Á{-ØõǺÒ+QÙ?q"óV£»
-ÉwX]ì´qÇ*¨Ô©Ýl´qôž¶ÒwÒ!¬A‘~…txÝD‘;d7F>+ÝzJNÒ«,çˆÞÞƒVbáÊe!ÚÊ“æS!’R<C
›-é*ÇS(E´>À¶ó8pÊì¤	ì`]uô5øaÛõZBYso»Ý¬�€¶¡!..þ
-4?ñm€`-\n©’Üþ\Y\xÞçCïýŽ‹" üx¢*Ò©*{úS×p,š®¤£Cì�ÿñ㣎ö_¥ä†g}dZ±Û>I-XºÆ=i�³w„ ê¨ƒ'$X²a²fXŽ�ßQ™0¬4ËÏçÅG8áVñ¤IéNÓâó2âö’½Dk
]�|4,”ƒ »â¯á^Ä90²Ó…W¼fúö�ÑH …b†Ü¸vTU™¤wd×h‹å ”\g-C?®=’¹Ä(¬ÐÒ�Qî°§/Þp'2�zdgä¦RO}Dà°FPzÔ¶ãŒÄÀkÄ…Ï@ZBà ½ð½’ß‚ª“lžØÀ!¦tcé“ÊŒ¶ºpp\´èWXˆ9„Ž�Ö·£�Î4�®ˆŸÇ%vûèpéLm8�N‚à¡g�‰î)ºÑa©BU´®íê
Exõ¾’ëΥǯg‘bL ž—j/"~Áx)Œ2вßN‡3`à.‹KY@õUË`›ë¥ì™À³¼ß”‘-^θŸŽ^ÜK@O²÷ºÇCÞ,š�‰ï%b[ñ²ÊB­�`§t~°ÈÆî!…NDaê‰h˜(X	ür‡iþ
-��í¨(<´°øÒëúŽ.ÒD)7{!R¨ò`òžð@«âèÁ8Ž³íáqç/tËÑ£Qµ€N÷Øt{ÛtØ\�>`
7ºØ|�¬’k¨g›\?ÆŽN®—“냹•^[Ž12øê‚GEü¶Xú
ÀI$òfׂ™~�àÂõÒ1öP{c
à	Íìä³aŽïÇxÐþ¸²äUÁ’ß	Nïÿu¾w¡½§k¿Þ!­}„?±Á7çý´I¾y„k~œpÈ<X:ÃÝO‰~²±²ð‰-µç×·ýéýeXI&3ü”»<£Ùì¼[ýžn>ÝÞŠö…ý»¾örÄI<�ÌÇWßµ*žÏÏÓùì?y±³‘�ËÑÏ£k¯¤Yendstream
-endobj
-1424 0 obj<</Type/Page/Parent 1367 0 R/Contents 1425 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1425 0 obj<</Filter/FlateDecode/Length 1414      >>stream
-x
ÍWËnÛFÝë+.¼©ÈŒ$Û’\4âæ
£ˆ“Æ²hº‘C‰	9£Ì�Qõ÷=w”ÄH)²jmøÉ™û<çÜË/ƒ1�ð9¦Ù„.§”ÕƒQ2¢ëùe2§«ù¿Oðe$ƒÛtðäå�Ç”¸2�Ï(Í	ÇG#J³ó{ÝHjV¢Á·ÒRU*I¯ß?¤tÿ&¥Ûôð"¥Rá¡$[/’L«‚Š²’¤÷ÏQ/Yi¾JC"kJµ$aÝ£w÷áÉ£ôÓ`DãËdïçeceU$tWÐV·8ÓÐB7+wëŒÏ>yy">ߔʒm×kmzJ[iý�˜ÒùéuSjEBåß±à#|J¿*QË_NÙ@žŠT½È{oʪ¢B”5šl#L“„“irÅ9¥+‰z|5Mkmm¹@™l&•0¥¶ThÙº
-µkÊŽ ±…âì�ÞX”.!˜A}�m(—
üáÈñ;½£âBln´ùLhŒ(nʇRåpB7×CòMãzÅÿÞ§T‹l…îsï€NDé†-å²52G[{>×(ã@ì›y®kxô‰X‰ëù¿eÒeϱ‡ÈC!þž_ë½Xׄ'/ohT3¼/.¯|;&É4¡‡]énC…̈÷Í»ß_½{óþ-[Þ§ÇÅd–L];Ñf4æT£N–¹«"üà2в�=ŸCWX¡Neå8¡$*ÎXóAhÐò€jÞ0ÓÒ—‚^Û€‚.OüüxŽîí3ä~N?îyeŒ`Ò
-zkÊZ˜m´ùàctUI3$Q5+Ý.W.E]圅�:­+±µžÐ¸,íÇG
=Çüȃ'$Pû�‘âEŽ¼—‡ô0‘�(Û€MF×TéLT®Ë<\´®5`«ËÌÑ«�[ð•øŠ¤#ꉱ\fåZ8~Åc-�n×	ÎéîhDLô€°•;è‡xzéÆ´$XY¿Ñm•3>„BºšÍ©ó9¤V	–‡>´�ž}Žø¢‰Ry�œ60ÓóËUXi¥²¡ÜQ†¢OúZ|ÿ�*ÓNÑXÇÄ.̾Þ±ïFR}-�VµT<bäa‘:÷uÅãJ ¨óš1r'´ª¶½q‰{r<«5ªÓ”Xù
ÅŽT‡Î<ŽÚö|2)9—èÔPË8‚nþ\Vz!ª¿À^LD¨Z–‡ôg¶º›t¯8Kƒ82ôöΦ'kj
XàKTóÈÈB<m¹Ìü1ò¸!…éLz£v°Bü&G%Ý«O	¹ÕáTQlÜ~¨*#º	Š>	ŠNáãDqx½aýÁ(Ž'2ìªxä`¨Ø´ä{‡1Ê+$]a™^ûÆ]ĵ%,'Y‹®
¢ùíÎ4¤Ò¯GF~iK#ûD»—7C¿?ùFƒâ˜ÓhÆ·“™ˆ:/‚q`��
-æÎfà+67�ÿƒšEÑå{�guÄJè´h·BP@ó9X®H@hKn—Š‹ÇÍuÆbfuCö¡W�TýEb¸ûŒ\hÌ74L#e]àä�€ó²ùɺñj[謠¥Ö9•¹¬¢-›dÃn"i8þÜW\Ù¯@/ëX�ÿ
-êª#àÿéϵ+wè¯Ó× ²ÑßZ …{p]á†l=$6b�1À‹†4¿VlV%šùíhs»Ž´,Ž”>]Rœ;ÛïíÏ|LÞšë¸
³Hù.Ü6Cg}Ñ8£Laý
Ì/>p(c´EÉ*Î(-¿P`[ìÞ`¢ÆìÇÐÅW%ö0©Ü:Ð;—M¬�„Onuèû�»ó<¼h�§xmœ_Ò¯”ÐЇg¯oŸaÔŸ&öÁ¬å	ŽíH»½õ"¿˜� ÔùùìÛW³«d6�c[ç{cûE:øcð£ÔÉendstream
-endobj
-1426 0 obj<</Type/Page/Parent 1367 0 R/Contents 1427 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1427 0 obj<</Filter/FlateDecode/Length 1346      >>stream
-x
½WMSãF½ó+:>AÕZkË`C*›*›…Ä>²VŠCÈa$�°@Ò�„Wÿ>¯gFFf‹\ØÖL¾÷ºùç`L#|�iæÓdJQ~0òFtr6ñŽéøt†×>~JI‰yàOfo,‚ƒÏ—Ç4S�ÀÖôtFAL°3Q.jTMkñ"ItP.¢uZHRUkIºYᥨÌÉMª×T)
-¥yœ©Hd¸£+YRXª�Æ_Ü+Ìá&ãT‹0“GÁãÁˆ†ã‰ç#€Ã•ÈCAI©rXŠTž$h¯µ°!-«ŠOp@‰Ê2µáwê¹JU¡)µ‘þõ�©PdãtÄH%|¡çXç¡©"¡$Í$ýÌO?_ŽèÌ–g裄ˆ�ÜW¬r
û.Á/T¨ÖÞÈ;íÜ	ýçžK™È²”ñl*M™|‘}¡‘
ôŒÆè7r81qúÞÌ£•+OýLn
Aúzs5_^Û«¯ú3oʱ»æ HÄ1ß²mA_d©¹Í‚îÒ"†M†ÆW[Œm{óZW¨HÅý!8;÷Ihmµ\ÛwËéðâÑ¢¡X&¢ÎªO»oË4eÓz>WEU¢ÿÀX¢JNÐFTˆ\R
-w™V{zîNõPÊ¬ù6üÜ’¢Ág¨„¦Mše@´O”&ýÔJù�2äQ#@ÒÚï¥Úóv-«ÅòfE&ÔûCÛ™_Ç‹_î�àªZÓÝòz…®Áªˆtéöë¹çÌúSÌKDm9©IÁ¹ÉÁ@�µ€vÀr/9²Nó`Ëp2†OܯÝn£]Ä?Ì5Öè•ŽÊ4”±G�BÑž€Ÿcx»Ã‡V'Ö{î¹~‡Ñô?q¸‘º
¨Gö=$~ÿp‡ÅÓ6ØÕã¡ßeb+®VŽwKš¤k[=™9�3¸qz
48Áf.8ÕfioûÍu¨mFŽ�F_ô,J\c
ç!¯xažhËMeñ†±EVõªØؤ*c†Ônã0œ²ìae—B(k
±•uÁöˆ±ž+|K€:s)"
--­óVé—7ßΗ׿Ñj~µ˜SpC‹‹¶u.Ñà÷ºš¯‚‹oL¤Ø'Vwvh³›‡—Ë<dæÛñBNÒP}
ÁpÔ´rÂÅâºÆ/“—¥˜È6¢Ñ<O]Þ|òÍøtX0³OÜô¬b™oÉÕÂ…”an` oGkÏé^vví{¥ÿDÉ“íÚ
˜[ùrÕêÌÓ]¥àÉI{è…O;<Ú7
­}ß;5¸‰¸BÚ,¯ËŠõú–‚nÞ­y­aÈZYìJø€'�(Kl+˜ß(ˆÐVA«HjMµ¿hŠˆ#¬E`Ð6ªí¹^#žEôQt²�ÖQQ3¼][Rb­SØØ:Ç{¬c(S$cYD’îÃThŒAk…¡¬×ªÎb»ÖÙõ¨ç·
»;{Æj�ü
?
KA×
«Z×<(øPkÄl
-�¼ˆPÕø]4<‹d¦å;,Ûˆ¢rîÐls][c­�-+G²;ž[ýýÛY;H"‰âÙ¶¾Û�sY¡‚fË0
�<úÓô
-›ÔÆ”ËL²´2ñ0™_óSÌ&¦Tㆮn0¨sÔ]~�äsÕ~Ê€ëUÚžÔ?ݹ-æ,Çm^h·ß‹"”èñ]r‡Åe‡$��|¢åå�ë:˜¯<š›¿­1ˆÜvdzh¼ÍÄo«Ò†@Äsñ=Íëü•b@ºâ†Õ©cñxŠÿ8N'4�šÅ×Jím©1�°Eu.±{ðæÍ>‡íñál„å:>üè¦z<;öfp�OpÉg[ÁÁÿê$Öendstream
-endobj
-1428 0 obj<</Type/Page/Parent 1367 0 R/Contents 1429 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1429 0 obj<</Filter/FlateDecode/Length 1591      >>stream
-x
�WMoÛF½ûWt©HŒ$Ë’] m�ÒÂ*Œ¹¬È•Ä„Üe¹¤ýû¾™]ÊÔJ.Ú"‰cQÜùzoÞÌþu5¡1þLh1¥›9¥åÕ8Óì~’Ìhv·ÀïSü«5müód?\]}ü4£É„V˜šß-h•̌ǴJ¯Ÿ6t°-í•iÈ©r­¨±´±uªIÒ…N›ÜÂ_רºi«!5;�Oºá_hPÕz£ëZgT*×èz@Û®UA¶’“9Þ-×Ijͦ?¬¾]�i4¹I¦ãzpÐn�г8ÞçEá�ïÔ+Ü“+òí®!•½":µÕd_uMnkªl£M“Ã�wKëÚî�®,(œAMŒmè]ä8:”ÐNãdî¨Rµ*5¡}Þì(…¥!)G¹/”„Öì-í¬k}½Þï´„q»ÏM†Pèþ–lMËUäϤÎ_?pQ¹„ø¨©°)rqíÚ °kä(–.”Ié•®s›å°P “ªÝä¦åÏ‘{	S*}2 ²u†Ìa~­S‹°8>ÚiÅ’`v:
äE­ÄAfK˧ç!ò¼!Ô¼fg¥6X$ð1%Uá¬á-ÿ(orÀá†j jÕIÏdI“Y’Qt1¦»$ºßÙ$ kúõa‰rD._ðLða³i‰R]¬㛃#vo˜�*KÑ HתA¢ë³BJA*ë\¾F0H�;'߶ 4ÓÎg¢£ÀuKªitY¡O0{?Ñ®�ã®W@z“׈Ð÷@0	µš
Í	@™�'ô€7|sž)GßÂŒ*Ú#ÚE»¤‘é�n©¡íB¤Ï­æãTÀ‚e¡ï™™¥ŠZ«ìÀaG~/;ãæñÝ¡ò‚]±"Ôö5ÏPÕ6àr“§ lÖšL™ô0$·³mÁahJ[!„ôÄvä7èmØ
÷ñÓ=M ʬΣ›™ï§irŸÐgõ=7Û�Û?³ÛWöÑt
õG/®â7}‹¹ÊO*æ{jÐ�ͳa9k l‹&¯À?ORGhEiLy‘O¥˜6EÂqzºÙkž¢d@ëO´2¿\ªï]_ª}ÃBeDë7¼DÉÆOÄ“‚r¹ëFKB�ÊôF!pîÎ^ëCƒNêÖ¿“®%&‰OŽU' ¹ü²íyîFâEês!ímý}[[4‰”hR1ƒø¨8ðåŠ~aŒÃy‘é*nÁ½ó1Cùé©žsfQ~Ž,¼¡Œ±­I5ôUV©²¸üv‡Ñá[
˜¿¡ß0§6µ-/*¸ 4žÇ[¦A4>”§·ƒIwµ59ĺO¾¸ïÍ®À	ªìÇÐâØn5Dìd‚ðÛë¨@‚Å€vX+H£*ø²é™	��bw\‚öŸ7Ÿ·‘ªÜB0¹Å;^Šð
X¼»MÅù¾‘³›“@eƒÖ½ÎMZ´ÙQ€ŒÌú"dsAÔÖñ;Š^ž–Ïá8çYkŒ»ÔÍãÓ—ç([f*ÚÕú¬ò"e
¸á�+?ÇD9Îl
-ßQ'
ƒÇV*³u¾E.~d·XeG]ûIŽ—VŒpŠó1*ÌBü¨Ÿ»ÍÏoi¡õ%d-¬e
�r
‹Wç FØ’»y8IˆOáÉ1T~
-C;UUä`csÈX8»ØF{LŒ>³=wʈf	ÃÐÏï4Õ!e¸QoEMá®{ü¤$ªÌñ€¬WDãõ‹êYvSŸÝhz‹™sïçÆÓfˆ ö,ð‚Š1É¥>'.pÌÃþŸ
æ]5Å	cáV -,“#H‚au­õ–UŽï’¡lcÄ�
-z‘	K=ת×CŸÞ%zæb?Õ9:GBø
w�Š½õQRY #¾„ÊžJSð}¡£~�b¸M˜7’¿ÌoñÿÓÊWªãQ¾ŒË÷€èIÇ?“Œ³ïÐ:R�â"lzøq±NX+7v#ãó$~*í#Ñ¢	:Up:p¾“�U9Pý㧻p	žÌpi¾»¡ùôÖßBŸ>?>Ðoµý†Û.ÆrÚò¬Ävd�j2ÇMF‹ñ=/Xÿr9›-fÉb~‡µŽÏÜ°©_VW¿_ý
:Ù>¤endstream
-endobj
-1430 0 obj<</Type/Page/Parent 1367 0 R/Contents 1431 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1431 0 obj<</Filter/FlateDecode/Length 481       >>stream
-x
�RÁnÛ0½ç+rizˆf%Ž�[lvè°!zÉE¶éD�-y’<¯?ªIš.†Á�m�äãã{ü1‘Hø‘ÈXf¨ºI"d2¤ëœÿ|¡y
¬RÉ׫ÀC1ùðù2GÑ0V¶–(j0N’ ¨f!�¯6Ti‡€ÒYUWʨºvä=ùÛâ™1RH.�óE.2F™}iðbCa´î€�“¡0M¦(•§úo0lg�u _ªë[‚n ÈÔÚpe²½EØ“‰°uÛ§p_¹äÁ¹oïlÙRçž´©íèAŸ˜ÂÎÙ¡÷¨-16Àu~è{ëx&$7þ=-S_zEXU¶/h•y¨pÕ—µ½6;(ŽÕZk±áhÍMà·;ˆ£ZÅçËT¤‘5K-‡6è×ÙM רêúnTW*žc<ó÷èTµ×†§uØ£;ƒ�Ðo Gw°W?é’xIøSè«I
±{¬;ó0½ÔMaû ­‰Žù®•5ML�_½x¹ Ø½Å·³;Mª)(Ýú“JëÓNÉŒ—y½„\åG‡7÷�÷øæì3U
m5td‚Š}#Óù¹`ž'w'mÿk�Ó<y¶æ%Ž†¤ëS1ù>ù
ïÿ;endstream
-endobj
-1432 0 obj<</Type/Page/Parent 1367 0 R/Contents 1433 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1433 0 obj<</Filter/FlateDecode/Length 1657      >>stream
-x
…WkoÛ6ýž_qá/MŠD�KÒOÃí–¡È°ÆE: À@KTÌZ"U’²ç¿s/ÅØÑVM�H¢îãœsþz2¥Kü›ÒõŒæWT¶'—.oæø\Ü\ãs†ÿ^S}òãòäÍû·4»¤e�W®®ohYŽ_âNyúÓZuQ{šô{׸rΖ_ä�éuzãb¾(fxçt^LzX«H
-–]:ý}:¾ ét8>».®øøÃZ[RT6FÛˆãÚ\Ö¦Ñd"•Ê"¾¯½0gi’ÌMÈùt¤Ñ*è‚–k?�§ÑQ0mטz3+Ïðû©G,6jM‘³ŽÃ¹¤‹é<Åì¬&ÝMkp€°†­õMTV»>4û‚nHÓ¸]:7„
¯ÖE
-ÚVsO}W©¨9{°†3l9h¿Õþ|@\÷
‰V}iì¶:îœß¤8TYꎀ¼jh¸~<u¶äŒ†p›�,U¹Ö�gýðŒ­¼V›	ã´èÿŠ Ç&i0	ø!òC®uÓ‡5Ê•keŸ�ìJ•ò(K
-é2Ñ)ñ�jgƒ	|ŒB Q
nlàSÄ‹¡ºø5Â⨕i¯C缸Fr*ìm¹ö΂±C,³g¨XV+=r_:ï{¨~~ÕÙIì½%W×YÉvˆÎÔÔièQ‹Î×jË̱VÌE’_P×y·jtŠÁåìªX°ø?ÙF˜…í­ !‹œÔ¢�@Ó÷¿ÜÒíÇÛÏð\Ñcû¿Å%gãl³'H…>ÝÝ~"o®;¨œŸ·®Î�g£TñÈrjP¿MRt–ä%Æe½¬
6lé^µ+%õbíÔQÔMÃ(ÄTŽ#§®,{�ÇçYGU™d20VÞm´
-›ÙÈ‘¤XMݯ�ç¦ d\p³Ø»
mµ€1ržLCRK)H^µCŠ¨ûЮª„0…·FÑÝû{A¦_
U.rß[Ëï'"pN¨L²VF¾‡(Ê‚RwñÖ j¬‰É=ßs•F@£/=ßa˜¹.8‚Ô&Ï�	Ø>€	´ŒÝ*/
õ‚‹µèçwwþõðñvùŽ.F
îÖgZ
0“1–ÚØqrCCÐíL\ÓÎÔëÐ�TÍóA˜ÍÜmSÿäŽ:Ô/Þc˜FÎqk$\ßT¨Iª�[v hÂq®[ã�³ÒÞõ…£žXƒm…Zb€Ë ×{‹µÇŸÁT`äf¤s×ÕÿŸ0Ì“uH=Ûp
ýÖc&¡f¤î… Æ´hU/Ɔ´‚QÖjµw-x|0¶â‘Â~•˜{ÝÂÑë$lP«:·R @P žÛ9ˆ@?&Ä<¡\*ÑGCŽKH—‘Å�în$4VÐ{½;6‹0�p¶Ù˜
go¹D§·ðSkn€|ªô“©5hÛ-z•D�4Fé	bc"`Ju^•ÑÈôBü&ØW½"„¼£Êí2ó•»åäˆAª¯aœ1ÃI·“Õbô<Š¸ˆåÔÏ·hzI|
-	ÆaÂ×uБf©Íc=gßY+yÀ8qÅI¤²Ù¡é=£•Ó?0ÚuàÇàHéP·ÛÑ@7ÅKÂáEAA#äî–Ü‹ÔÊm1Îó«Åöê!ì'©a8!	ð(ΓMæF£FAÓ|Êk¹šË_,2~>¼Ž�	9E×ÉC3V
fY5t®ô
-/ÿUs«=0õHœôù$OÞØÁËœ+ÇŒc¨!æ`AýHÇ!�ßÌ•*-¾tm§#w†”0\XúÂ%éõ¨œLÛêÊîfÜ.DÂysÃ^ [E×ñIx~Ãi²Ž‚™ÏunÝa�íÃœîQgh;Ø4Ñ,s “ÑݪÆ$œ%´uË\Y8žêÒÆfät$axX>wÆðÈ…H
-í2hä
èÅæ0Á¹¦o1�Á>Z!Ô~ZneSx6
- a‡
h¸Ÿ+ïΡ¶r�{ÞÀ¸µ£#¥ñÆî0x"M6­l’Žc7HCdí<Ê…?Ž!�AY²õ¡—j®œæn0
-ŒÛ�삼cã7c‘_³Á´[g²S_�Y=)ÔëqfK2g…Pž¸c$Æ‘k.—,Ág€sq¡:ÒüGyÉBpÎ…–÷€¼3æúÁaq÷F\§mðÍû›Ã—¢éÛyÁ_¼¾ñ}kq½(®¯nðýGfßq ï–'œü7x —endstream
-endobj
-1434 0 obj<</Type/Page/Parent 1367 0 R/Contents 1435 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1435 0 obj<</Filter/FlateDecode/Length 1631      >>stream
+1419 0 obj<</Type/Page/Parent 1372 0 R/Contents 1420 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1420 0 obj<</Filter/FlateDecode/Length 1631      >>stream
 x
¥WMoÛ8½çWzi
-´Ší¸qºÀ6í°MÓµ‹6{ %ÚbC‘Z’Šë¿oHÊV” ÀbH$r>Þ¼y3úçdJüLi1£ó*›“I1¡·‹·Åœæ—ü>Ã'i_LÏ'ÅÅøÅÕêäìã;šMhµ�­‹Å%­*‚�	ž”§ïkÑéh^ЗN•÷ôÞYïiÙ­�tåìÎ+³¥³ôüÕêûÉ„ÞÌæ°qúͺû­³]{<¶íT%ùÐÙÇ9M§Éå›Ùe1ã«ZyªlÙ5ÒòµítEk‰DEÊPiÍ÷ΔAYC;ê£]a*jÄžq/
	O¡FÞÂ
-N îèš‚Í!NÏ“OÕ´Z²?Îbݧ#ʘ¥�Yzbógdåç»>3Ow§x\ÙF(ãï^ôíúfIHƒ½¯%{·VÓƺ‘_'½Õ]LÅnèF†«ëÏK2¢‘¸kéú–DUIï¥?Ú¼ù¼V?ȈGW’VpS#FÍ9È¥l­÷´û‘SxbìÖ‚jm‹kE*Ê;š.rQÎç Š2/¦}P¾ì¼ðéÜ°xp
-ç>*çƒÞ¿&¡5}ZÒ7e*�ƒ@†‹C,ká;ê·ütì–Ò=€\Ÿ‰ØJºÒ¶¼¿{•O

-<åàøô(•ÃK¶z("lw‘�PÜÍZøÔHšR´¾Ó"_²ÌêýíÙõm�F.ûŒZg«®žJaPzà/wÊËâh;f9ȼC™]¢*™‘Ç๛�,Q0æ^*æÈo#ÀaŽ‚
-5Èí:cÏž5ƒ°Á;àÝ}ýpûH~˜¼# ŽÛ=Û7Ä1J»3ŠŽì྾Hœ¸±®A™Qlkô¾?EGã]²ÎÔß	W¡2@j1
¥Wh�N66Ht—±hkù‚Zá@O–›'}ê›u�þßP-u[eø>®·Â8Å÷Ùz®y¹M¯”FŠ¨Fiá8tíü>È\¿7å0NtÔ!²c©ûbBµ43œOÔ̘2Zc\—)VÔ.Ô|Èá{ÚÕBžéœô%‚Ï�äSYÖÆj»EïóifsµVk
Cͺʚ:J¢ÉȪmçRoZ#Ñ›S4b#ÊZá¯,§QÜ’3.!˜Ö@mÑ�¤ð{Ö•DÖ$YMGî¤yPΚÄçë
n–uŸf_%nêALQìUxéÉî ±¥±Äº1`2ñÂ÷”@[Œ«¬ê‰	GµGØ,QQŸÀæ( l¬¯}O­qßY1JóÀåHƽíÜ‘)¥å¸ö@"Ö“ÁäÆA¡�+Î.¥ˆ¿´†ñÌ£–çÈ`dÉÊëöãÀWe7Sºk[ëÔòMŒÚÉVC3˜ï=E¤0ÌW˜•%Qo±$ƒ —ˆ)�ìY‰ßtÐÍ"dŒ"Ÿ9Xé»

ÇåB›[L>¯¯ÅƒŒ¨Ž<6�
-ûÀSŠyÖ1,"Ug*aÊ=Ï}‘ClÑhiW@Ïð²‹ËÖsè'Láý±c%Ÿ�1É«OÛ^Ú0€XO#Ôq4úR«¨‰;¥õ(áh\E†¯ÐiÁç�Š1¬ˆŠù÷
K~ío¦µ€[$ÞC
YÀ(ÿ3jÞ_ä¥U‡—T&;áUn‰—\õÇö3¿À'P	mÂttPÐÒ‚yóšÖ]ÀóQʬ; ':*2¦År@XÍzã±�º¤Õw§Jþè¥ÚÄ•Fjä½Jû—äKi„S_¶ÞOÆ?0-ã �.r@¹¹ú¼©�ìÐq+‰ñÅs
IwÆI­5Î>Z€J¬(_CwI8ö0JKŒÍ¡#„ŒDcq
MßR£oœ»,ÚÇŽ„r3-âÖLA¥Ýk+"Q¾F˜ƒÈ#'p
ƒ}äœwnB@‰ùÁÿņ,É×<Û�3–-Ú~�Ïæˆ&�<³…Î
-ú:P¾?ÓîðÛÓÝ�c{üy‘7ÔÕ³’~Ði.Ãa–çå%¶0ò@󗘢¼2zLÉ\Æ
6o-﨧ÁÓ§É#¨ophV?4®@‘â±cñ£o…§ÊpŒXù_R¶z×Kåµ�ò¿ÑŽE¿’(°Iý%‹M±-ê¿©(2ð—Ço²ù´àÁÿøýG?ûæ›/æÅââ™°;»àÈ_�|9ùÎÌåkendstream
-endobj
-1436 0 obj<</Type/Page/Parent 1367 0 R/Contents 1437 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1437 0 obj<</Filter/FlateDecode/Length 1580      >>stream
-x
�WÛnÛF}÷WüRˆ6¢,Kr€>ØhRõ%�E]+rEnLî*»¤ý}Ïì’²L)Ð8¶er9—3gÎ¿%4ÄWBÓ�N(­Ž†bHã³±Ñx6Åç¾�¢U¸1šž‰YÿÆåâèÝÇ1%	-V°5™Mi‘ì‡´HO¾Z÷õÍâÎé<ŒÆbŒC'Ôþsª²µ"iŒmLªèW’b)R‘½»¿ûüÇïŸï¾|¢¿•X‰\O—þ!!D4ýä~0š°åm¡œzoNö±áftÜš‡ÇŒZ»Ï

ŒAr
-`K{Rº†Aº¾¹¤‡“k›Ê’n¤¯qùÒÙ­Wîá
]}"™eNyO6_:+³Ô×O×WÁL›²QõÖºÇ�ÆðÀ¥z¿w÷²¦ä|$’ÉL$"¾íŒw¾RÛ”-åz£Ip|tvF
�`þ*éI{Î÷À£ô¾©TFµe;£1-uí‘(Ý÷ðá� ûˆ^Ñ*ej˜¥JfŠ­ð‘˜<@ê;ë0z
RåvTX€¶Õe	G©B^d·§{ó‚<⿱ÚïB5¹Nje�ê¹lL¦¼vrY"¬¦F˜;NÔÀ¶÷þôŠ¶Š2K·wz4v28,è³`Aƒ–{½‡œÙóö§´²ëZ["1Si8¢–jœ¬ÝbväÎ6ëXs0Á>‹£#]­hgj<Ð/úÙ?Y1²’¯™àÇLùVÕ—Wws`”Ú$<ãc-E,¥µ�ÚäTêǾ+XadK‹Û�yïþ-œŽì�.‡ÂA¿Ø²a(hí,*T�òpä‹Ž×rcu¦²ñsJ 1+
-ˆO†�$téXœ
-ú“mrÇŸ£¨Äæ¤ùΤǴ–¹ gŸ—}0šŠ Ðö¸¥6苾&ÿüQvà+È“5+æÒm³W/d-�.ˆE]

Æ5/ú€-Î
/ºþÅS‡|€¥Ô¡ê"e.«¥dƒ‚®"¢žîn¯ÿbâÂÅû�!t.Àg
`¸{�IÇ‘{]5e-�²�/wÁ
-«Ê‚i©E^åÜn�FuÊH!�ZþØCþsÜ´où?Á
ðO³àeÉž”¾›œÕ�Vÿ¬{¹ŸTÉÀ3J¬A‰Ÿ4«§Ø=ÛT±y÷±#&øtÚŽ8üÚÓòþêvþ2‹–x-uùd·M"5\ã9J7sº×&-évAóXl¾�Ùƒ<
-�($ÓV(w}`5íßѬkp§rpM9h)³0°¯¶¹
-Þbö‘¿Ö»µ¢�,lŒ‚‹ÏÁª
%ã~|Ám4f¹î‹?ÓRn¤.Y‹©ü=úµ2�Lj$ÄOPcôwø}8áj…@†?†§HœÃ
M!Ko_5„yàr�1¬bl°”¦’Fæh€·–µæIѶS—ËÃI×ì•|ÄÝBBº‚T­�6
À}f,~AzØÂóˆzÉuŠ°w1´Þže8ÂÐ�¶vºö»ÀdìêÈ ìiÐføMÎ(El2�55T*“×ÏË(¹]!�X`•ˆ2Æ`°Ê£„ü‘M÷2àFã)u
-(
>I	VÇÎ_[Ž³Ÿp–åbSX‡pøoÓÐC˜ƒÿÀ5¿–ÊíÑó�œ�Œ{_‚4¥×‘8ŒÉc`!ЇmÒ²É:¼9·ˆ„6 s…t¬ÁŽÓC:´Og_c¯`T ‡æC¢€0ÉŽÐ7ûÒr^PZjÞŽ[‰Í…“+m©Å‡sTŸ^¶ì”·5>¢h½'1|1P&	&D´²�]©£×ƒ(×6‡°wLÞ§w¨ž_/7(À~{£ÚÉÕJ§�é9—=©~¬U¦kœC"qró*lÍ�óÁö‰p0å9/LH¬	=Ç¡½dê,èN�[‰epA£ÐøHú bas²1a}±áU�6ZFÌ‚pò_¾F�±¶—}9äI®óÆá©ã²âÅÓÓJ—LBf/On êa—‡#ã+
-½Œ»°\zÅ)#0®S»§ÌÚ�d‚7©Ù)M&çñ�b~qsyAŸœý}£ßlŠÕƒ”éÇ€ºÓ!^™þÏn3žŽÅt2ÃûMÙê‡ÅÑŸGÿ�…wendstream
-endobj
-1438 0 obj<</Type/Page/Parent 1367 0 R/Contents 1439 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1439 0 obj<</Filter/FlateDecode/Length 1642      >>stream
-x
�W]oÛF|÷¯Øú%Ó’,KJ€>رÝ°%7VšMQœÈ£t1yÇ�Võï;»$%‹q€¢È‡Š·;;;»súû O=üêÓx@§#Šóƒ^Ô£áé$Ñp2Æ¿øã5¥òAÿl
º\ÌN®‡ÔïÓ<E¬ÑdLó„§×£y|ôùfú@*+•Ú?é’ÂJSQù•š\J©ó±±KZx·Æ“Ì”�Ê��WÞYSª`œ¥Å2º½»xUFõÊ«½õëù·ƒ÷O�pž!‹ñ{A×&¬$ùåÝ}=J\®Œ¥\•A·/ú¯¯IÙ„óJgE�y)82‰¶Á¤2áUIˆÑŦ“6Ñ©±F@‡•)im€{íü#9›mð_<µ¤¨DÉ™–O–ÞUEDS4à© _DG+UÒt6ÿp3ý¥“ð'áiÍ1�ÚëT{¯†ŽsÊÒÝ}66
Ï4�Ó¥ÑýÈ“€Cª>¦m08‡¦Å•7¡[§¶O
ÊÁ”Âmef%-xsò¤¡7v6x—eH‚~ïµÅX<Éë>3GQSÙ`
¹‘Ÿj™HKvlÆ¥Å
”
-¯&¥«ß®>~¡83iþþþäæž
-ï‚‹]FePñ£Ð·ÐÚà¤fY5äTÈôF%¡HÖŸ@tçvÓ—&q+¬ôãxµŠêµ˜c+a–“2ôNVL�Jbh’ªDï¬Ê5(]b*|ÍI¾\mhÊ•ÓRC8Ž­[“Z¸
-Ý@k±Þ@ê1Ä'¨B'ïJ=i©§Î¥™õ}©2Y
Œ’$^—%eÎ=V©t^„’GÖ�Tß�ÆúãˆYÖIÌïh(@$s³‚nÉ©8æÐP±óeWs·k#=¨|¡Då{p¿ñŽB:\Y…ó�~¦�.[‰–ù"bAPÊ2þc™¹ÖÕŸ¬|Fñò‚†–¶—Hë¢à5è
BEH%dã*O{H:<½Œëäz´]¼ÇíÄ\ÎxIÈ@p�Ýr>"fx�¾üˆ¨ˆ{&�o8ûm¡|0q•)�éã¨x™ÉRì`vkK˜ÂF"BäÉõ[êà Ø)ŽO‡õˆ£³ëHP3Âœå‘[LˆÆªîc-oGv°ÛcMÂA¯Ô*|¿ldŒahX&çê1.ϧV<H¼‡‹@–E¦s^že•AÆ©w9A;
þÃ/ìC{Jök‡€vÛ6¸ºRº0S.nfíxRP�0H�Œ¼XÀÈ!S˜:cIšÄ.jxª°uA�–`ý3ʱb‚æ•	XlT…ËÇ^×Þ(Þû ]Œ"Ñx„õ>w>��¹À²eûƒ+ðþÆ4ÙŽnã5H9qSp'³¯êcõ´"NËÜHVûê4²÷Ú-Ç•æŽ�¾2A¡7mèúp%&æØ[yÙ¡ŠUUvëÀ^/¾
ÒÝFÌ‘¥[³r˜ºj¹‡U8$†„KL¡Ìœ'¸f¼mŸÕA|ÞX0˜ªXËöeü¼}™DÕAÕVÿöŸmQ[k‘!m\Œ‹º¹ÿ½•!ÅOä.ÐHG[¦&©aÉÑV™]&϶ҖóDšûâq4³öÓ\©¢Ð¶|C0[ó|PÆŸˆ%ct;õÊVÙGǯ[9Ãrf7ƒÖÐ&~s¤–Ü-©u‰ü3ÒV5ð²¿X˜:À‡8€­â~!SÎwOÄDqu[ÕW>c0NµjåUAkîkp�*ÓÊŠo4w.>ݪrïÞã
-Ý8:jåÛmÓm!¯]dµÊÙp_’l©R
ľBA¬/�BSܳp	@r=¦OW4›Þ~Á_Wtÿq6Ÿ½ŸÝþÄ°°�G¸�ò½ã£.]V‰ÏxÔGvWýíZ}ö"p´M㻋\w€ÿÇX”õŠË0$�y(²U¾¨wMr	Ÿ?“ë»K‡‚ž°™ö’þ6…Ƹì.–ÊëwŒ¾
Obü„!ð-ê�HcÁTç2a†¿IŒ¢ÞèŒ_º½û0{˜ã=è[î&q3�^v&�àýÒ¶hwð¢½Í½ã[Ò§K¸!f—�³sÂe\Æ/aJÅÞáºãuÎ_J½äÛu}ï9¹ž4>ß�E£³>�ÆgQ$5<œß]œÓ½wß`ðѸâƒr…âšQ¾ÈMNéxÜ{Ëåü»m÷”l•áx�G9b&œêj~ðëÁ¿ Ò§ endstream
-endobj
-1440 0 obj<</Type/Page/Parent 1367 0 R/Contents 1441 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1441 0 obj<</Filter/FlateDecode/Length 673       >>stream
-x
¥TQOÛ0~ï¯8õ)H4MÒ�¤=€6Þ`›ši/•�ë8ÄàØ�íPòïwç´F‘&­mÒ(¾ûÎ÷}ßù×$…¿)”,
-àÝ$‰ÈÓE\B¾,ñ9ÃË
-h&WÕd~�CšBÕ`J±,¡ª
Ó*]*/¬f^>	èÓLšu³�Q½—FƒÔ\õµp'ÕÃ$�óE³¬Œ—ø_ÕÑ\x>o�óî¤ç�ŸBËl
Þ@Ǥöx�Ó5(Æ](p燭@èÆj³´ˆ“âŒ?ß®ƒ{cjà­‘\À¦÷ûtáœÐ^2õPLH³w¼az'½p°cÚÓ¦°9o%÷€¥@óØo]Øß!€=YÃÆVsæü;J¼eM#yU+`J„ºXÄ�•@’jl-ì¶ÌbrM!Å÷V0­P[¼Y1â¸
™z¦e@e8Žä˜_'p>j;Ëò8'þ`ÿyÑñŸ`'QdÕÁ`š£gÚþk£Ì²‚ îŒ½—þ§Ì¸Ÿu$”ì$º
•+“%¨úúäƒúDo-Ö+�Ìý[Ço9֩¾å±ýPüƒŠ1ìH˜RÖ±a]„Dù3*¾5µƒÞ	tÉ–hùnp^td1Ùm•èЧañ^`‚ó›�4YGc¿dú½]š^ó0kœ)En@›àOÛá‹
¸ÑÞ¥ÆrEÆ©~™ÀÚ·}E§p,Z;·“ž·Ç2hÞæ¼Úh˜öÑÜÇrÃί—û'-ð0Z. [æñÙ‚µº¼¹º„oÖ<?Ã{â�£©&žcƬLÐÖu„y1†Áí׊؆Π6¾eŒ°ŽÒõ	l­ñ†…¯àf?¥®ÍÎáÉÃ[©…#ܼÌã²Xâ	ˆ˜Ù9½úRM¾O~«�š»endstream
-endobj
-1442 0 obj<</Type/Page/Parent 1367 0 R/Contents 1443 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1443 0 obj<</Filter/FlateDecode/Length 1568      >>stream
-x
­WïoÛ6ýž¿âÐ/M�Dñ¯Ø΀ah»(°¤Ûì!Ö} )Êâ,‘*IÅõßw¤d7jlØ°$ŠïîÝ»wçOgcá¿1-&4�“¬ÏFÙˆ®G“lB³åOð¿STÄóE¶>³>»º½¡ÉˆÖ®š/–´Î	׌ðDž¿-E”£ëŒ~æN&§û5ý,¼ß[—Ó;#Ý¡	ÚÒæÕú¯³]Nf¸ä|%ê�à'0^$€ËéÁáíu6Îè½	Îæ­äÏÓÉ�ÇÝÉÉ"›óÉ{µG{mr»÷$+­LðäQ	\åÔtñx²�8J…/œº@P>(‘“-¨©„6Ôçp:žÑG
 |è¢OS„=Ò^WYSþ“Iqªh½¢`Ó±çÀ.¨5•òžÃÓ_lµî@Ú Ã^‰�ʳîñdžEF*N©Ja^Ú(’Ö ëßý™|8Tê9~2z£¤àHÁH(E ƒm)Ýã/Õ �ž@©ãÅ8ã(Al„½œ9_PŠÇ”{°ÐÓ½Ô'½”Â#xò¶VûRሪ¼ÊèÖ:ªñÅR›ÂºZ°,.@gº0·²­Qûø˜Äƶ��øÓ«ÛëN7ç‘ž|C!w,‘ïÓû^WüÞ‰ZAÔ‘Ý¡6#Ï×ÙÚ¬ë�z {úë¸R²u:žÞÊšïÔŠ%¢˜™ÕÝ›c¹úbp§%K£?µÌˆR5y]ëJ8¨,Rç[W	z֥Ɖô Ê•v¯Pì‹
eI ;<WªI²NJ�¥ªÁà¡ÑRT�Š¹�Ÿ6éwŒ
-èî¡V†*»Ýj³E+¥ˆÈq#ò„È	wMÉyú„m8àØQú	û	ô·ÈTWÊ-sÔ‹j€<žÓæÄqåô(*f¸¹ö»Ž=D'*oSˆåᇣþY¤Ïß  OA/úF ªO­”ø"£ßSó‹P•ÓÜ,4ÉK*}álÍ/êâ¼ð×
=ÛVð-h˃FƇ9x¦è›PUïEµÍu¡ñ.™·ù–ÍLHýÄ"^`‚æ.í}¼Ýq¬Hþà5â˜B´@;c÷•Ê·ð)EUÀér>"n'££�r…’
bj¬÷·&&|aCÙ¢ÐNÁ\øk_o"•9ø‚E`ÛmÉõEd
‰°s}c<Q¢Od‚â(gÅ–ã"Ë�ŠiÀ×ıP·>:âN5
ŒH§B2)$Âw1‚ìÆ�|	×dR1Ù øê0tà÷¹Š¥Úc¼ÄT+½c­ôRé¿/µ,1V4`ÙècÀÛ3¨oz´Á
{õbú�1´FÖûþ±ìÄ£€wpaAlœ¹üƇV¢}��ÂróJ[7pN>ŸÚ÷«?`BÖž>ž?hs¿ËCñ°½ ¼º¹&äÇW‘“	vŒÑ8ÚÞr:»$CÍq6Žj¬	3ì+èRKž[ˆhJ²f›ê�–)D[Bn¬©Z'1‘hÚB&¯GûòÅJ"™y sùÔÕíü8¢ù¤‡§!€í
l³+±.xSHþåmÕÆ]
Ö“Ü‘;˜CYñ×qñÆt\C"É©HNåÐ:C}ÅÍqüã>§.•‰E|&«F_€õ‘/½_g
{
™+tT}³‚£ÍS2C1ˆ¸ÓÒYoð�€pˆ¥—D’qôOõ¹Ô›˜ÔÅ^ñ¨�¥�¬Ú\Åýèe¿©Ü­èÇ+ºïÆHçZS¨!òÂL`Ð-’�CÍïÄÆQÁ—RÑdWÉËE¶ä}áÇÉ|AOK_í²g’=â=ƒÔ6XdT\ÿ/À%ýáÕŸÿ=ò	ðrK¯óËÉ2ßœ
-»ñ»§�¿†sb}q,~§°¤-ð¤ØÁÕÛ÷·«Ó–Ý6¼
òQ‹¨fœgˆ¯~0 thð«_•o0vÕXv„Ѿ†2½tzƒæç0ÃoH>šÓi´~œÿqºjŸ¦×7cBltÅËQÜg1ëâ–=6=Xˆ†íq�O=;ȦÛ—½Îzk[Üd7Ðôö/%fbf‹Y¶˜/“j§± ïÖg¿œ}
<wendstream
-endobj
-1444 0 obj<</Type/Page/Parent 1367 0 R/Contents 1445 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1445 0 obj<</Filter/FlateDecode/Length 1532      >>stream
-x
�WQoÛ6~ϯ¸‡
u�H¶lÇv†a@»µ@šu‹‡í!/´DÙl$Ò%©¸þ÷ûŽ”dÙÍ�¢$&y÷ÝÝwß�¿\e4ÁOFË)Í”×W“tB7«I:¥ùj‰¿§øµ’Êp0_M¿=x»¾¿¿¥lNë¶+üQìL&´ÎG7é4ÍRzS<	íÅV:2%Ý|Kïtn�{¯Œ~½þsÊ26
Ét	£}%”&/¿zÚçÆŽÐh?‘‰ÜçÈïð©ô¸ò˜Ò½©¥Ñ’§ô–Dw@N«²”–r¡ÙÂçÆyv�L(Éf.­Ìáeànk؆7ÁÃvÒ>I›FÌy‹9Y¦«Œ:#ÓŒ΃
-çÉt‘rrFÿ(}·¦ÂH§_yªÔ£$/ªÇÖ“h}À¥ð¤Â�
-û—1m½ÏIJ<TU¡Reã`Ì°÷AXkü9²ñ“*ÏþC^+géÆ{K•|’®æ�UþHµ)äɉÒN9OFÓÞšäÁ2¿¼ð[Ž:¨üHŠ|G¹ÑZæ\ük:ì>QŽ�×#qmŽ0™Ò6�®Ž°€ÿMÃ¥CÞ¸Λ=Ÿ¸—°ƒSΠ[ðólÅf·é‚2¨XÇädºJ³[J– eX<½d±6:y¦ç•ÿN:?Ê}Hi¡Üã³PÑLg8»v‰Ìꨇ¸9QËžTªJ’@Û¡F–­¾¨œo6È<Î*³Eé….¨ôûˆÿœÚßç�+Äý	^lÄ•••¢8¶�0
ƒó‡QçÞË
-ÍÛùxÝRÂIzN.Jn@œ@3¹&И¶¬¬‰9ÈTˆ�]ÒFm©�¢z6Õ]2ÏY
I*¡L‘óe$ÎM:‹Duõ&�¼ ßL]#“ç,@/NÛ'LëÓí<Þ¦Rçñ¥BF³)mŽþ¬�²‚²$ž™à£;ËÐ åvßö- 1Ê“Sµª’õŒÉqÞ´B6Š¼¹@?":{üþtï¸�ñžÇ‰÷Öl­¨Ý5€:¨ZÅ~�9Þì	"?7ÎŽ+“‹jºnÄx£ôøÒÖÃ(ú((fC²èžŸ¡�Z@5
-åöÆ^·%í�ræ[Ùí³~éG›ñèÉ”WJjŸ´JÉâBJð‘@¸¼È},SÀÏÅ,8£ùNèmY–ÂW—Ê4A¹UÉô�fíÐ…R[›†O´,ùJÂÍYšª‚|ÿ`\l˜ù’‹½Ø¨Šåü„µƒuЄ©TÀa4ÅÐ=ŒXa£
-Ç!�œÂAY¬üÒH\FóùŽ`0õɪš+ô»aŠ£;´·‹Ô	FHw,äoÚ»1‹½’µ¥tmÈ6zÐMˆãYUd<ãÉ÷’~>'àÀÊOñó;Pó6�Ý`��Ú^ð¥ãnnô¬ú£*‚¾t¹luæ²lžÞ¶	H<‰ª‘H• ¹hjYé«ÛÉ¶�6„ë0i
õ«Jçï×ÿ
ìN²Oíòô"2�
Ù…ÍÞw×IɽÄnò’ƒE–f]èV&!úÞG„Ý�±$‹—û´BϘ¶§dñº6¿ZxL­ÀéÆZf[Ì&6‹µ(î@Çô¹æäòUVÔÞµã‚WÀhŠ7F3àsU×ü2ªm—ì¸fñÓ
Z*4|sÀ' WúÉ<ˆ÷@À4â`D,"aW«
ôÚÃÃÙ©3CÛ�x`º»Å3¹à�-YxÁ\O`Š3',Ýèa·M�üafîe®J^»NX4o‡�‰›ÔE~:$ÙÓæ#¥;ƒ±–× 
T°NˆúrÆ%2”
µÊw2 ZÞŠÒ;
õæê@+Cx°�:lÝMOì<H»ãP ²Oø.cìÖx+«ìéò(,ô®�Nm5Š
߬‘ý€ùCÞy­[J�Ù«âðýûîÿXÈ!ÇŽè×K£xÕêU¶À÷´ÕŒËðÝâþÍÇ·o ºæ3"”4%Ý÷,ôY¼ž,'·ÝfûßÏæËyº\¬¢0Î2†ún}õçÕÛ…o˜endstream
-endobj
-1446 0 obj<</Type/Page/Parent 1367 0 R/Contents 1447 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1447 0 obj<</Filter/FlateDecode/Length 257       >>stream
-x
m�Á’‚0Dï|EÙƒ1 {ÄZ½Yµ[ò1–D)þ~ƒÊmkŽóº§{~ƒÜO„,Æ.…ìƒClO{DÊÚoÒ<CY�3Î9JÎà ¬�ª�òæ¹äÍ…�¦ï…®,[›8e‰†'3¢7#¡"'Tga4îVéæe°
-aûëÿÎ#Õ4¸–ào`
aj•l1©®ƒè&1[\éITT+­œzžJÒ’ž¡¶§ü�6J3Æó’ü•ñRœ¾Gs#éðeä½'í„SF/)7+¿ÉøçÒiÏb1ÕCx¬!_ªÆå|ÀQËqV]’%,KsÿD¯ÙÅ‹Õ±~‚?�0jÇendstream
-endobj
-1448 0 obj<</Type/Page/Parent 1367 0 R/Contents 1449 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1449 0 obj<</Filter/FlateDecode/Length 115       >>stream
-x
+ä2T0BCs#c3…ä\.§.}7K#…�4 Œ™¹…BHŠ‚�ž�
P$YÃÓSO!¤² U!?M!3¯¸$1''±$3?O3$¨ÏBÁТO¢¯zs=s3 -!)ÆÆ #\C¸¹øà&äendstream
-endobj
-1450 0 obj<</Type/Page/Parent 1367 0 R/Contents 1451 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 562 0 R>>endobj
-1451 0 obj<</Filter/FlateDecode/Length 2756      >>stream
-x
�Y]oÛF}÷¯ô¡H�5#J¤(X,;ÙfÑ8ÞÄE^
-,h‰¶¹E…¢Öõ¿ßsîP3‡VZmƒœž¹s¿ïÌP_ÏR7Á?©+¦n6w«æl’LðÂÿy¶H¦._Γ‰kÜ,MظOg—Í’T8��[N’\8��K§cAÅ`gyRˆ¨b°Ð²TV0ØyžÌ•ܸé$‡OÞ3:£,v:úm¬`°Ëi’‰l>¥‹)¢µ“%Õ¢¨bš¼¤ÚÀzÑ9E¼(HCõd>‡²@:î‹ÅGvšÓàÈ
-†l^0P‘éEî"+˜¡È“™°Þ(‹2›1h“@l‹Ü!�TvžŽYÁÌNƼYÅ`Q3p'²‚Áæ˱¬`°ËÙH¯bT8ôêΊÁNS*èUz¨À"Šè–º‰Ù›Íh”!Ëž`°……*²‚Á.æ4*²‚Œ�
-¬b#³‚Œ‚Ud½É)
g†rŠ2“CtR°�«lº`,"+˜F-Ù0‘v‘�YÁÌÁ‚ù²Þä	“Ê(['òQŽl¶`"+la&GV0Ø…uud39sXÅ`³Œ¡
-¬uP†)ȶ^ry`!ÝY"ñ‘TQK•v™"µQÖ+-˜ïÆ!¢— R�œÒÚH*kå-¬`°‹Éhc¯tÎ
‡xæ.3@¥!ˆ¾Ë„TL“8 ¢¨bš”QiØX1ØÜâYÁ`‹)#XopN/ìØ*\fÀR3AõxH“Š€H*¦I3”Uý;b£ZÐ*ETËnÌf…/pLÉ#2µ‚!:µðÛZ²ŠÁΟ±‚Á¢‘�ö k}•¡ììñj‰Ú�ÔV16¶‰ãw2£Ó(žLÂ
-F³§F*ì¬ì,cEEV0X¤EXŸÚ”Õ€Ì-ª†¼Cƒ-xúg‘“1{`T`ƒµ$¬`°…Q”“1SQb�UÌ`ðê ¬`°¨k•å½m¶\XçÙEÍ:+p¸·E…›9H>Ê	D7Ï°u”ˆñ’"@‘ˆØ¦<7"©lÎkŒ°‚=›‘U̼ð®(¬`°(Õ«,.?#V0ØÙY0"�)­6+‹)›‰¬•álÁ‘wí®è‘•¡`°vWŒ¬-xoò¢°ØE=™sv£vf€œ�Z!ˆ²AŠ©,æÌ�¬`°v…V0@¯"«˜	àüV0Xq„8èUì VÙpšábj½Œ©‡r3dA“í€V0Xt
6Ž²‚¡vÂþ‰¬b:TÐÝ «˜¥cYÁ`‹9Ý�²‚Q3Svzd½»$v“D!#Ž†¼»Ã!ÌÀ¹²‚é.�‘Ön�Â
-†Éh'ôú‚ÃaÅBFûC«
+¸±í„ó2’ŠÁ¢‘� ª¬³Â
-;Ÿ�eÃà	;%Ê*‹W«¼;¸Ç±¹�
¸jÀ܉ÃmÉN nsN‚À	¤£<z"©˜Žòá!¬`°x-Œd3ùXV0XX�~W£Ã–jÙ;þ={ÇcªåÌV0ØŒ7XaƒÅw´³`°8™r•ÌÜ°+ãΊÁ¢Ø
-ayÒMÎ`œfDº#°Á3‡*m!9��Ãý[N ÎŽŠœ@ø�øÁÒ ¨,Æ™ŠZ�Mqõ`ãéI4G S6P$sÛŒ.QÅ`±bYÁvF«¬½ˆ"ë
ÆŸv6ƒ
Dƒn00�ŠƒÁ‘õe½�‘ì`ð ;Å	g‹¿À;Èìb|¥938B˜dßGüJ«#ñΰ㓦È!»GÁÉ”©	¤b°,RXob>¼ºÀà¶xu!·µ’¤b°8(`Bdƒ]ðµY;.¦“ã‡Þl=¢Öt1íåm,²f/ß'a¨{`a`M9èÈ@N 6…û…�ŠÁB‡²^¥ è5>sxýž;Q„Äåh&¤bn›�X¿-®¬L(ž¥�4`Û"ðiæŸÂ6"< %p˜‘³‰q”³9�PÇc)ra'λ£v*TL/ØdQÔ{acÛrÒù™l^DÈàðvIÅT×z¥S)Ë^dƒÅí1UV0Û“7Š(«,ŽkÞì§^ïf&ËËêŸsásÍvð�îðáIÅ`‘;T_ULƒyò+˜ó’Yo^vîg€æÂ\ÐiàÒ\NÕH*‹—Š*kÃPdƒÅg˜Ô*†3>ë�U�ytZ`90[ñým†®Ç]åîÎ^ßœ½|‹):q7wø9`^,ÜÍÚ~ÀÿY½x·í»v}Xõu»ýéæ¿X‹Ì¤~í9.ñS¬~qóPïÝ®ìz·j·}Yo÷®ÞÞµ]SRÌáßþÞÞ»}ÙÜ– \é~quã2×vîÕå§ßrë¶�\âÞݹ§öàëýƒë[׶ƒT¹w%
˜¸s›„Pëe\S5·UÇ­./þ§Êµë*Wîv]»ë겯Üê¡ÜõXÕýÑÖÄ»ƒwØ	t§¼ÝT®½sð¦Úö{¿³é¸òhÁ<q¿´�4KïêûBúÉœ¤¹îê&s×]ݔݓ»4mË®ÝlªŽ›âw—à
.j	VW]õõPïkXý® lϼÆ“¸×åêË}׶ëv–cs†Â›ôMÎ%žp²`OÁ÷åê¡ÞVî¦;ì{÷jµ‚¶^m×î_m½å’‹MÍðЪñ
-NýÂGèÛmåfØžEq÷'(ÿÜ*xüÇí9”œ¿Ý<ýð�»<s
�9Nk½ñ§¶Ÿ�“’3œM‹¯»uÑø¼éº¶³ÂiAA|zÚ÷Uã®ÛM½ª+¿¢wõ¦²õcߊÄ}~({פÎ=T›�[•[÷ÎÝWý?Nr»HžÕ‘C—¹ÏõvÝ>îÝò�—ïßœ†<–„ïÈwÛ}ßù¦Þÿ쮪þ±í¾¸_Ûûv{êšü¯å?U½UÌaç>¶eÃÊømoF^�£º„#Þ¿zwõŸ‹W7?üšôôîçà
-†Ã¸\Ý�¾Š­:t/phÁW«ÞYÛ±9`ËxtœŸ<×hÒÍÓÐìpkÇõŸToñ�]‰ûÄ_t%Â!Ï_Ñõ�ÕÅ7D•±4·>!–ÿ±¯ø@çý]·,-÷yÛ÷>©w(W£×~Ô¬Ž¾uωæÀÜÏÕÖarSåõåÔVëjm‹GM€[	
-UéçÈ-f«
 oÅøTˆ	Z·(ê}Õ;H•ÃN¯//¾á#~x‘®Ú¡‘8Äi澹ݕûýãÚ±Ÿ¼©øý:Q4ˆÌ_-Ç`øCâysXk°ÊÍæ8,mþvÕÚêKy�0³Ç.«Ûº´PúÝ:ã»Ä?Vë_ÊþY?ã''.;¸âÍ>Y€À£»2Š�{Yõ«—_ºÛ<AnïNsTqzûP­Úfwà¡WúÑ}ê»úºÝïkžwU˜h£ä㛸›
-G€™€¾þöD";î¨ÓßIýR†ò±î˜®•�§K‘©«¶F¢9Fƒ¤�GèPÏßN!¾gƹŽ�“Ã,ð[M“é³háô mŽ#�¡ÉЗ'ÃöÌ“oôÍ-æbÑ?@í¾ZººrÇ_"«Í—oq}³Kƒ�)>)ÎyÃx~«ÊpÙ,æÜ¿@Î2Úúææìßgÿît£ˆendstream
-endobj
-1452 0 obj<</Type/Page/Parent 1367 0 R/Contents 1453 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 571 0 R>>endobj
-1453 0 obj<</Filter/FlateDecode/Length 1693      >>stream
-x
¥WÛrÚH}ç+ºò²v•ƒ
ûæK²qmâ81Ù샫¶i@“He$Aøû==#�À›ªlR©`„4}9}útëkoHüÒ4 QHQÖˆ
~Ù|ø£7Š€&áXÌ(£ád„¿þ*¥Ç^0Šáþn0Žïv®3
§bÞ9/4™Lð9žMñà¿U´êáPLh<˜âÇÂ�qWìrÎĘFó±áî8‹°¹â»Ýk܇xÊ?ëîv®q7œ#ÜÃÝëEïòÕœ‚
-V@%œÎh;0ðKtv“È¢R–BA¯Í–*C7&_éu� e¶”$K’t¿Ÿ/>÷ÔÆ8ö`u&íŽnM&uÎg*kÒTY~Šý
§Þ_4Ò8Š¡ «¬úZëRWŠ>(ë|íOŒi8lNS$�×jeÅÎÔÁ¾Îk(Ý‚Ï*Ñ%E>ü*R%KE™ü¢¨äà«DVî¬ÄEd2تä2U´ÕUÂ]’ðOKYê¨Én8òÑ®tªJ*•Ýè_à®Ì–‚O‘ÌcJ<T*wùg:×%CYȲÜ“Ê#»+*mr6àдHT	‹ÕÖìBGå‰gî8Å>KE!0Ú!tÖFòt6y:?Fïä…\+e•(zyˆ¡ÁŠÌÊc÷úݧÅ;”e‹8Hám×ÎU;� k}Y[Sç±.lâ	† Æ\F®ÔWu•û[I÷¦R¿ŸF¸àºÅ&ª3•W„ï’˳ԹtH!º[¹Ñ1üå¹Éaå…ç!ÜÐÃí
¹°_p‚lŒlkÖ<w¿hYùêêýÄmPïÖ¼�e]([ª/w“+—ŸÎTÌ|:áYÀS2p>”Âjc¹W¬ò´ãØ}»F")E²�K�êJs­
ɨò�ôIç±Ùš�¡Ç}t’С«èé©?�úÄìÝ"´E±‘S�ÒÄÎ`«óH!Ü•Ž4‚AºØOh
œïúï—Õ.U'ncßÓ©YsÒ+k²“SŽ\­¡`m�R�b–Ìn.¨­t„N3u•êœ
ÑEI¹B;•¬æÄo·'}†Nz�¸ ;Ç”Ãi@šÈ
2'tÚîb‚;–[°-�Î L4~„Àµ·+€ÅÌ“¨ÖžVN5œõÜ0hij¶`Ê!‰&/ןïïþþçîþqqõæ�Hª,ýŽ�8…¨Y'/–e¬ÕÜ_­E?¦;ZzýCa#¥X)]!¢GÖÆÄ _	+(´C Ü(”Ó(ÑÚ³ºÓ%€àsbHŽ’§21u;HÙ(XíºC´„˜Oår<cÔå8ëËWQ£}´Ïf˜y
-Âi£k­ò»›ûf.Rq€rϽù·†fZ�BSª6
-ìVQmQºŸ÷eUeµÚxw)Dœ;�=€Ê�v=P×5‚lxÆB¶M0ÿvy¿8Jý¢1.’§3k$fÊúéÜg¸©ôó–Ûh½öøÞ§r‡Į̂0)ÄB¹iô£ë31œ¸qL­Bs¯3”Ç$c±âÆÒy”Ö,Á
}YC=}ƺnäÐr·sT¶.«ÿï1ïÞÂ_�´ýàq{A×äùÙzSB‰µP¼ô‚ÃDpóÏ…ûW¨Óq×x}›AœJÙNíã¾hÇØw[£mÁ«˜Å !èFK§L¹!ÞÊo�ÐûÐ
Ÿ+¨"7 è×ÜÏ@i1ùSÙ¥²Æw
‡@ßjV3cwÿ�ô÷Äà”Z~΂7Íf×F´W;žX A•!G?Ù2†çÈÒÍr?›ö†–[:ŧ­×a/ÙÊD&u·cõJÓR
A›
êä�ÇP¥ ê±^­`›�Ó“Ã^Ý–ÿø0S+A	–Jåû�3�ot'Uš°èl/ö-Uîºã¯KÙÓÁí½2u“qaçrÍYh	ñ‰ýÌvˆtGÖ’ýîÌ ì�yßǒꊊmŸ¯q¹×ô€ï8•É(Áb@®…±EXX*O›Ïk4h×l,²ìãrä+©»&G
-0üœ„~žXUR§Xçë(a>»áÑÊéÅ©^�ª"!ÜûŒ½àðjÑÒ«]BtêFN‡+e¡"��ËmaXØeÖ¸†©�³¥“o‡!YÎÞü>ƒ• R…ß©pf«Ó,àŒ;ÝfƒÕ5&“s1ÆVøËœm¶ùYç½j"¦£	Oßé;YPO^ôÆÓ±˜†3_ðÑ„ƒ{¹è½ïýV2º°endstream
-endobj
-1454 0 obj<</Type/Page/Parent 1367 0 R/Contents 1455 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 618 0 R>>endobj
-1455 0 obj<</Filter/FlateDecode/Length 1427      >>stream
-x
•W[sÚF~çWœ—N‰']°Íd:Îʼnj»1/�8‹´€Ý"-&î¯ïwÎJH7�â1èì¹ßWßG¹øó(ò))ÎG®ãR8_83šÍ#<ûø¯5­
ÒÃק£`8çú3�ä4sNÔBÝ�†0°ç�ã
±ØhæÌX1Âsq–“Ï?¡,Ö÷œ�΃9ÌiâÇ=Î�@‘Sä:>�pÀÍç8Ì)duèqó™ÈôÜ9ü™	Ô#£@„.<f Ç…¾*ÆÌèq�+B­B
¸`ÁŠrò¼4ê‘áy¯0 Ç�x1I À
ç/8vˆŒ‡ô¸hÑóùô¸ ´|Q_€Î[Xg¬Ö=nÎÒFÛ ÇE^¯Ï ÇùÖy+S€çE–�3è	Ðã\6°õÏà€Cr9ñæ–gƈ+¼Dz1õf9š^.È‹h¹F„ˆòœ–‰¹KËx:�CoËb�nvuZlÈl5Ý©|¥è]™«´`¤©Ë,Óõ‹åWH›Á^+m"•·LÆKð¬Óº1Ô]˜âZ+ÃâíËú?Y¡·ïÞRÚ�)iW$,ªHDg¥j•kƒ#*t¬›FÕ�,©ÉWNûº¢}šel„K”GÆEiH£óÊ°ÐZOô�*c»Ù‘�ЭF‹+hÞêGRxÎK|™­¢¿ï”ÑÙ#ÅåèVÌü�rÊUq¤¸RíÐeYƒ§xÐEª‹X¿<Ѫ4­´.(K‹o¼OÍVˆTlv*ë5$º‰ë´2iY8­*Ÿë>~dÓ4U�þ¡ò*ÓdS�©&©wvÚã.CcZÃ<(’D€Ÿýß:ÖE—Dž	Ðòy“•+•}i•Ë4Â1áóŠÞ¨&�©Ñ5ƒÃ"¦”Y5éˆmVi‰"•ŒÓëÖT”+ëßÞ|¸9¶ ãæJÙÔå®zžõúâÓõÕÅæ‰U/ß[÷ÈÛ¶Üe	»Þ¦œ[Ì\mY#ð¹B­Ö´ªË=Üb©O]�™~ÐRoìF8c®<ÖPVÕz­k.+ª3úQK`”­îÿ"Úu$ìY?£eÍã!t?ÎwhÂÂa‹}-ðý‹S;’Nóñó³ÚPÞõceàn¥š©JPPÜRè¹ï»´Ö¹.Œ-8.³Sm­€ž½SÛìY­Í®ªÊÚtéËÊMY<Swm„{4gìgr÷200Ãc@"VÕå:Ítóû©í"–›mgô=>¿\ßßwL€vŒ{Ö«�;X4ýÚжÌ5%ˆZý˜G(KKÔVnjXØ †l®xlí
-΂2ÿjgR§‡öû(
?�d}a†¾0lÛû§ž4•ŽÓ5¦�.t�™`ÅÙÙeÓŸeâåqXÌa�HÔ:ÊÀx<;{wswv&áå΃÷3&‰Hþ‚^F™±©Oûs¨·sDÎœ8Oøà(¯kEDŠ±má`„vÜ X½§Ëaºkê©4ð´áå9ÍÒÕ´ó�Y2±*‹ì±3ûtbìÑ×+£‘28�¢…QIžÊJš^ºv´žøÛ{ÉEÎ;àI™Yõ¹«dYOcýÄSìWtä+gZ˜–éHÖ‰‡EyD!÷³j¾uQpC×=¢êä	ad	û«HçzÈsyi7½Œ¦ËÛ²\SU¦…‘{®
-[l³¿±Rí’W+,}ÞârBM¶/“n¿fúɬEGêB­2�ØË€Ü*mTš5H2}Ï5�pY§ÍKK,
œtž¶×˜÷×o?ýu»¼º¹v¶&Ïä0½ŒÛý>‰œ¹GÝ•çÞ£v«Î[/óE€ûßú„»‹?Þ\Ðm]~Å„ÁM.ÞñxßXóÄñâ3h¹ØËÉÿ¾òÛLÎq¥s²Ì÷ËÑŸ£aE³Âendstream
-endobj
-1456 0 obj<</Type/Page/Parent 1367 0 R/Contents 1457 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 623 0 R>>endobj
-1457 0 obj<</Filter/FlateDecode/Length 1752      >>stream
-x
�WÙnG|×W4”¦qyI$•7IŽ¾b1ÈCÃÝ¡¸öî=3+šùúTÏÁcMÙA`[Ö^}TWW÷|:P4ÒhLy}ÒÏú¸³ýñþç“‹á0Ò¸?ΦTÓÅå4ëÇ«Šîø}º¼ec<N²ËxÁ�ö.kº¼Ì®öžùϦ#˜¼˜N`bˆFÒÂÛ\M¾|p3;齸 Á€fŽu<�Ьð¡öi–wfKIVšGi¨n¬#Û¬VÚ8*t-JE•~ÐÊ’P	:›}€1äí�uþTÒùç…ÉK‡ìRnæñí.bcÔfEç~8žD[éÿ°;
1¼ÐŽi.É!ÌR-¬C´s£×œ¤6~YhC”ªÀmÊ«R*GN#�\¸ð}LS Ž­O[‡Ïo3zWIa%Ð\À>d��”º±ôFºµ6é†}–ê
¡äM
•Z!„¼j
-YкtK|XZ*JëL9oüsDÖrXH'ÊÊfÇ0Ž³‹'`ê§ÙàŠº—C@][ºõ\€CÄ$-)íH/8A¹®W•Dò%ÿ¿W/èÁèfEµX­8›9Ò“RmÑ{3/øº·"ÿ]•ŸÓÓûŽÏé)ªjCŸšî¼ß’a/HùyU1•ðW€L.»¹¼?;§�nøVS‡À‡R·\‹¢†�º­çY®Õ‚VˆI†ú—
-Xס*H3G\Ž3<}è|Í&ì)Y·©$‰<×�r©W4@o,@Òîè"Ô¥Èè6Yy-òe©$ÍwÊuüÚ7ǯºTìèÖÏ"ïü°,1�B¡æ‰ùp††ûj¢ Á�óbx|E¬sºå–ÂñýÆŒEûÊyйò�þÉÜ}Ç<­—‚‹€¯ÌýÙ.ÆÔwcàSh•Œ^îH
ˆ��FÃoÎÇáÿ£ÒkXäOoA·†�ÉN‘Ð3˜_	kÑJHŠoR€‡ùŠÜÁ 0Äû^I
-(Jé|‹ã×’’Õ�ℹcãíC¼×Þ·Z9£«JšŒfÜ�Qo¨tZ€$l\]ùÈÂ
˜Å jSþˆS [?¤cY¸yùöŽ_,Œ®[„ýIÁ‰Dñb!}@70WPLi™*é!×¥øm³ý¦ä�‡}šP__þ–Ëè
¢öœ D[KWŸ·
-ÍŠ‘Ñ/RåòIº}‡±R…F%Õ²žãJ/ZžEÊb.s�L¨ä!%i¥­å\Ÿ(9<#5·„Ô.Qx¥[ußÂ~T ©¼-Æ]oóy÷üM¯
â‘h²mApb‰âZ%ÞË–ñMF×±/`朖zÍ€œGƒ-¾a~
’	ãP$º)1Q~d˜ÍÝ$ýÉ]dAôT¤ø<ùü`cîÇ^	õšÛHBÀ·�@—Èú¾ƒ¶1àvµao»1¾×'UÿYÞHÕ¹?ã¾IÚƒ¢XSØf—Á’VŒ`;€£ƒ.ÉΓûÀŽ\#v»ÒªàÆñ3h‹�Û¬ <~|�=J‡)vzÒå½£©eæEãÛßH¿
XˆIUÊÇ2®l®»”’Avý|‘í½èioüM)mv"<ÜŽ¾Hšü£«0+P(¶,ÂfBk±ñ:ã9._°liD‡¤VÝh¿¾l�²>
¼w4ß qUq´Ìÿmç;}«º`NwQmN÷BÚÑîhR^ɇáγ�9°Qe”°ËpïЕPlÜN“"ÇbªÊ÷ƒÐxv`­L£b7øø#yIÅ›V�¥.PWn”–³¯`X‹
¶¯mИ8{©ÀqíKTmŽ›Úc¯°Â`w\@Iâ¢È',Š¼Ç2Š¿õ
¤CøõÑ�&°3	€ò©Á/æ‹Òð1ÁÉËQ
-0–Œ§ÚSÚêzø~¬ÁÍÝ0)ü…À¶G�§[-NúŠ€�µ­áÕ=¸Lgz,WëÃl;8O:
’úL^ÙÌ3¿o„!6/Å{&ÂÇkn+ä؉J®Ô
-óüˆºÏRÆ›ˆÂŠ,xE÷û� W¥j>Ó§‘â`ó
| ܉
Fk÷];³^cMÏÎK…_¤áLº4ÀöÐ-¨WÈÇžj sÝ<b:J�œ¦NÃvõ‘W¿Çõ^ì0ëZê±Ý…¨l<楯÷z,šù›M´bû>\§22¿âŽx4“ ÜÔ­Ú¡~ÛÅ>…£‹·Š~¸¹{Nv×ÄþóQ¼<<Ë—ìüá WaWŒ%˜F¬c§#Oâ
-wýúæšÞýAæûþÞ)‘S“þUêËÿy¾ðñíN“‹l2ž†öhÂÞ~š�üvò/}š3endstream
-endobj
-1458 0 obj<</Type/Page/Parent 1367 0 R/Contents 1459 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 628 0 R>>endobj
-1459 0 obj<</Filter/FlateDecode/Length 1581      >>stream
-x
�WioÛFýî_1uRD),ê´¤¨'u›¢IÚXAP4E±"WÒÆä®Â%-«¿¾oö�(96ŠÂ�!r�™yóæÍèóI�ºøëѸOƒ¥ÅI7éâÍîß»Ÿø

Çã¤O�FÉ(<ätå–úϺI�†“1¶õñ)%-NÃ	¾ö&“dŒSwÌ?ñ±æ3VqtöºÕÆsAÃÞ0yÖXeo&ÝäüØâÅì¤s	“=š-Ñh2¦YæéÒ,m•ÆT�žÎ>aÓyØÔ¢tµÖR[Щ_Ä¥B¤+¥åßZòèÔãé7Ó^·‡Ow:íâïƒ)¯m%*eôá-]j÷€m–µ¸oÚÉäMG×y>íعÒmr³T:¸4Ü…Ôî�’!_6[Iò–b¼­Ž¬Ò³ÉüJ<Ö"©«rK•ç”+[Q…ÓÁâð°T­<>%±^K�ÉìŒ6F?©h%n$–ÜŦä×|
¿e+�øqdWÿ…ÎHZ\ž©R¦•)·	]š’ä­(Ö9ßÙt!£'™Y¯·O`¶Î³`Vÿç Žøhsu-¨²ÓˆÓ3O‹vè1töOo§çÝs|zacŸÜÆ}¾Tz½ç@7¬6SÆ[ˆÜšDÜáRÄÉz>77ò,„ҿïƒûãa0Shš&½¥LÚ´TëJ!._àÈILs…hÏH%29£ae�ç¦Xו,y´Ø€è.÷vÅÜšÇó-5ÈØÔY]¼z{åí›EÃ<U†7}2¨–Œx{f
-¡tB3|­Ž¸/Žd‹§0‚ˆ¯D1žÚTP™Ô,µúǧ™„mPª*áú‘Q‘¦¦Ö•CÅåÆÓà�ÙÀcá«"5e)íÚèLé%½×ê–Â10Ò"L©)-¥¨¸@8N-o+²•\“²…_tKÞÝx);ò‡�ûRjt¸Ø&¿Ý „Ú×Úl4áe¥D¾«ØΧX•Œ3ìÊdFKªm¸Í“ *^ƒ¶˜{¹øØš||ê·íi�š¢à*FÔvÅž¬d)wµ5v'H_×�Ö×v*à
…�æéÙ°Ý{kg§ÍñdËå
Š?±Ìõ„|÷ê%
-k¹‰[w¨É¥Ô²ä,ålQšÂ¥èýþŠû9
-0bßï'ýnª0N&×~A͸늇TQÈLÁ‹|{˜Nâ(éŽÎY]^]‹Õê¨ÇIß+ë!["%_!«•É"Vòs­nDé`Xî»çŠHl£aðƒÒ™ÙëýöòÅž|tz%ËY¼KYž¢D+…怺۬Tºr(Ä+•=²J.Ê„;¹?Àc
B
"÷^|\JWB/¥«åŒ¶¦.ã®;Æn꜓?G�B> Â
-í³Î[`€›Ç=¨¢
ºk¦ì†åÖÚ”´„ž3<GÁ)Í×RèòÅÙ)æ²´‘£�p\óµ)™º‚Ñ\”K,—¥Ä«�‡ŸJCm
-7Žp¶NWG6=d6¡?Lí{­“¶�(¡á_ñæÎ%F.Ìð5ðvÐ�¼Å’ô:}«Û´}™oOéË" öⵟ�hÆ2LϽðº¤v.c¥r�ó€æf-‡Ø|l±ä°°ƒú<…||J±=`eœ¸m™ÊVa°ˆHZž;U—¡g8ÄîèoS­:-%l‚�PyN` ®þbs˜Æ™ìJéT’DèÁê=Et¨64$ï~å8c>ùå^/ê
-ý´R)úq*î¡st,ø][¯
¶^¯1+dß".¼ÞùÔjYCêBæ8l‘ežG~ê ƒÉyUa¶�ça+Iø*Oœ˜áVhK{±ñmÛÅ�þ‰¶"¡
ß>€j
éÇlåFŒ G M¹ �û…d Z”p:˜ôNf?CxFÌUº¾%»E/‚\‡�ù&Å?—¹™‹ü¯h¸›L˜¸Dôˆ¾K’¤”<ì°B€ûkQ¢î1~Y¬üp÷È1ºßS§¶¥Ÿû¹zy½�Ñî'
µ—„Ô¶ÔÙMšÔ~M_ס-NÂHÙáØd@£Þ$é
Øëç¯/ 9¥ù„	œ^š´æùÐ%›Cñ'Úã.†Þ¬õÿëz8&ãÑ?»pÍ`·ÿ8;ùýä_nendstream
-endobj
-1460 0 obj<</Type/Page/Parent 1367 0 R/Contents 1461 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1461 0 obj<</Filter/FlateDecode/Length 1617      >>stream
+´Š�¸qºÀ6í°MÓµ‹6{ %ÚbC‘Z’²ë¿oHÊV” ÀbH$r>Þ¼y3úçdJüLi~N—T6'“bBoço‹Í®æøýÿ�¤u|1½˜—ã×Ë“³�ïè|BË5l]ίhYìLð¤<}_‹6HCô¥Så½wÖ{Zt+#];»óÊlè,=µü~2¡7ç3Ø8ýfÝÃÆÙ®=Ûtª’|èì㌦ÓäòÍùUqΖµòTÙ²k¤	äkÛéŠV	ˆŠ”¡Òšï�)ƒ²†v*ÔG»ÂTÔˆ=âAžB�¼…œ@ÜÑ5›Cœ^$ŸªiµdœÅªOG”1K³ôÄæÏÈ:ÊÏw}fžîOñ¸²�PÆß¿*èÛÍí‚�{_Iön­¦µu#¿Nz«»˜Š]Ó­×7ŸdD#q×Ò͉ª’ÞK´yûy	¶VoeÄ#†+I+¸©£æä�R¶�V{Ú‰ýÈ)<±vëÁµ¶Åµ"åMç¹(3�E9/¦}P¾ì¼ðéÜ°xsp
+ç>*çƒÞ¿&¡5}ZÐ7e*�ƒ@†‹C,+á;ê·øt
ìÒmA®OˆDl$]k[>ܿʧžrp|z”Êá%[=¶»ÈÇ(nŠf%Žü
j$M)Zßi‹¯Yfùþîìæ®@#—}F­³UWO¥0(=ð�;åeq´³dÞ¡ŽÌ.Q•ÌÈcð\‰õZ–(s/sä·à0GA…äv�1ŒgÏšAØàðˆî¾~¸{
+$?LÞÇ¿Šíˆžíâ%ˆÝÅ
Gvp__&NÜZ× Ì(¶5zߟ¢£qŽ.Ygêï„«P 5€˜€ÒK´Ç'$ºËX´µ|A­p 'ËÍ“>õͪ@ÿ¯©–º�-‚2|×[aœâûl=W�¼Ü¤W[%†ƒ"ªQZ8N];¿2—ÇïM9ŒuˆìÀÂX꾘P-Íç53¦ŒÖ×…DŠµµrøžvµ„�g:'}‰às#ùÔFA–µ±ÚnÐû|šÙÜB­ÕJÃP³ª²¦ŽR„h2²jÓ¹Ô›ÖHôæ�؈²Vø+Ëi·äŒK¦5P[ô_ )üžu%‘5É_VÓ‘;i¶ÊY“ø|³ÆͲîÓì«ÄM=ˆ)Š½
+/=Ù¤#¶ô –X7L&>Bøžhƒq•U=1á¨ö›%*êØ„�õµï©õ"‚á›!+Fi¸ɸ·�;2e­´×HÄz2øƒÜ8(´sÅÙ¥ñ�vÃ0þo€yÔò|
Œ,YyÝ~âøÊ¢ìÆbJwmk]€Z¾‰Q;Ùjh󽧈†ù*³Ò Ä!ê-ö‚dä1å‚=«#ñ›º
B„ŒQäó€#+}7 á£Ü@hs‹ÉçU@àµØʈêÈcÓé °<¥˜gÃ"Ru¦¦ÜóÜG9Ä�–vô/±X±l=‡~¾Ð;VòÙÉ0“¼Šð´í¥
ˆõ4Bç@¡/µŠš¸SZ�Ž€ÆU€`ø
+�VLqÞ¨óÇꀨ˜°äà×þfZ[¸Eâ=�<€ò?£æýE.PZuxAe2±®Qåöq�xÉUl?ó|•Ð&LGm -˜7¯iÕ<¥Ìºr¢£"cZ,‡
„Õ¬7Û©KZ}ªä/@�^ªu\i¤FÞk¡´I¾”F8e±ðeëýdüÓ2è"”«‘«Ï›È±’_<�tgœÔJ°Pãì£5
¨ÄŠò5t—�c£´”ÁØÜ
+!d$‹ó¸hhú–e0xãÜeÑ>v$”›i·f
+*í†X[‰ò5ÂD9�ì#ç¼sŠJÌÎø/6¤`I¾æÙœ±laÐö{ôx6G4ùkä™- _Ê÷gÚ~{º;pl�?/ò†º|VÒ:Íe8Ìò¼¼ÄFhþS”WF�)™¸Áæí£åõ#xú4yõ
�ÀꇂÆè R#vŒ ~ô­ðTŽ+ÿKÊvBïúo©¼¶Sþ7Ú±èW6©¢¢¿d±.6Eý7EþêøM6›ü!ø¿ÿègß|³ù¬˜_^á#v§—ùïË“/'ÿ”Ùåbendstream
+endobj
+1421 0 obj<</Type/Page/Parent 1372 0 R/Contents 1422 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1422 0 obj<</Filter/FlateDecode/Length 1680      >>stream
+x
•WÛnÛF}÷Wü¨hR–%'@l$)Œú’F
+Œ¢.‚¹"7&w•]RŠþ¾gvI]h#@ãØ–Éå\Îœ93üq’PŒ¯„¦#:ŸPZ�ÄQLãË8šàçŸGø¶’–þÆy<ŠFý×ó“³OcJš/akr9¥yF°Ç4OߌýövþgbzŽGãhŒCjÿYY™Z’ÐÚ4:•ô;‰h¥QvöøðåÏ?¾<|ýLÿÈhåQ±¿ô/EQLïÝG¶¼)¤•ïÃÍÉ.6ÜŽ[óð˜Qk÷ØÀ&çH¶”#©j$ü Û»kzÜšT”t'\�Ë×Ölœ´Ooéæ3‰,³Ò92áø‘¥®Þ__z3mÊZÖcŸ}ñ�Kù~çîEMÉ»Q”L.£$Jâß:ã�¯Ô4eFI¹ZKMÂ]\�GÄ¿J¸gRŽó=ð(œk*™QmØÎhLU;$ŠÇ£î;~zÑc
D¯h•Ô5ÌR%2ÉVøHH õ�u½†ɵ´[*@Û¨²„£T"/2�ÝQ„½¹ˆæ<â¿6Êm}5¹Nri¬d—Ã�I§¬X”ˆ«©ç–3Õ0Cµ¤�¤ÌÐýÃœžµÙø+z-xÐ’¯ã×ð�4;âþ’WfU+£Á$&b*4GÔr�³5ML�ÜšfŠ*˜£8:ÑÍ’¶¦¡Æ
þ§�ýÞŠ |Í?¦=Ê÷²¾¾y˜
£´P áŠ!(b)�yV:§R=÷]Á
+#[Üö<@È;÷¿Á‰'Éér¨>4Œ)†‚VÖ B8G®èˆ-ÖFe2kG	DfIñóVLFÑyD_a²MîôKP•Ð�4Ûêô”VÂ"4íqY€Ôh
+ÍC·ÏÁÛÓ–Ûà/›Üñ£ìÀUÐ'£—L>¤áûf'_ÈZh¬W‹º
+Œk^4[.¬Ñ
+^TýÆQ‡¼‡¥T¾êÂe&ª…`ƒÝD=ÜßþÍÄ…/
+÷¡Ch\€ÏBÀp÷º/�Ž#wªjÊZhiWn½–7”ÁÓR‹œÌ¹ß:‘êD”‘Bµø¹ƒü׸)×*òËIðòÁýxYª½Äwƒ‚³9é_u-÷‘,pF‡ÀKð^¬zRÝC¯�ô“³O!Á£=Ç;:>ÞÜÏ^fÑ®¥,Ÿ�Þ¶I„búk<@énF�Jg #ÝÏiŠÌ·1t�G¡ò„Rš
+¥âN¡�,£½à;zu�meŽIeöyÖÕ&—ž»=þâ·z»’´eƒU€ñƒ0pѹX®¡`|S�/صÂW}Õg:ŠµP%kpD2ÏD~-„L!“	ñÔhõ~Ÿ\-Hü3>Gâ®oQ:óª!´Æ‹0—m´fõbƒ¥Ð•Ð"GÓ¼•¨Oˆ¶�º\ž]“Wâw
Éòµ²J{w™±èùæïaÖ!ê×)ÀÞÅÐz;Êp„i2lítmw…‘ØÕ‘@XРÉð›\PŠØDjª©”:¯”Aj»BZå!°Àä‹Á`uG	ù#›îe0Ä�ÆQj%P|‚ìŒ�¿¶Wzë?á,ËD¦0áðߺ ƒ {ÿžkn%0ŒÛå¡ç;¹w¾"RØ�^Gâ0&‡A…@ŸJ§e“uxsn
	¥Aç
+é�妇´o?žÊ®ÆBÁ¨@5ÍûD
¡’-¡ov¥å¼¢´T¼y(6+'Wš‹æ >½lÙ)¯i|ÂGÑ2„{O`èb. LLhåKRG-®)QnMAK=,O=¿N¬Q€ÝÚFµË¥J=Ós.;zRþ\ÉLÕ8‡DÂÄæ
+ØF4Îk_ ÂÁtç¼0±ôûö©5Øœ;An%–Á�|ã#郊ù�ÉhÄ„µ	‹ÃšWZ+0óÂɹƾ^öå�'¸Ê‹§NËŠ7NwJKU2	™½<±�¨ƒ]ŠŒw¨(ô2,Ábá$§ŒÀ¸N¯2È«“/ ›E¤�]0	Ï ž)“²]4|a÷;�§%ë;Æ`~ƒ�×ÿ
+�íöÑ„e�ŒúþbçüëKf*�ð*À�¼óû/]žo…,W!Z^ÀU@ kµÄšÌƒV"ºöpž}ºl߯’	^/Ïñ8
+oY³«»ë+úlÍw¨9}0)Þ0°.p³qù‡ÝÃiŒ7Ãlðÿ7¸ñtM'—xíÄãÉ”­~œŸüuòLÇÆendstream
+endobj
+1423 0 obj<</Type/Page/Parent 1372 0 R/Contents 1424 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1424 0 obj<</Filter/FlateDecode/Length 1576      >>stream
+x
�WaoÛ6ýž_qË—e@£ØŽc;ö!i’5@bgµº®X‡�–([
Ez$/ÿ~ïHÉNT†¶j‰w�ïÞ½»ü}Чþôi< ÓeÕA/éÑptÆŸ“1>øg%áA2LFÝ—éÁÉÍ�ú}JÄMÆ”æ„8½¥ÙQ.‹R—¾4šüªt´)•¢�±�d´zÆñ­&A®ÔK%Ó¥5õ:¡©ñg„LJ¤ÜT/VÂyiiaÍÆáçJ8šÎÒ÷·Ó_~J¿ô踚àÈ	áiÃ1�ÚÊBZ+sÂ3œšîçô©Ô9bÑ4¥«�"¡é”à48$â1©3€Á9r2«méŸ;ù¤~*­Ñ•Ô	K\…Q_Ý_ÆóŽó7Í2£½5J!IaÚû�*�j|S‰@s”4™£dÈ7ûè$™‚>ÝNç/ØÌ®–yPx-ºþíúÃgÊTÉ�Òw'·´¶Æ›Ì(r^d��¾…”š§(—uCN�ÀÚ¹aHÒŸ¤=q	]èç6x(—BOß�!Ç9³Pê:0ËIz'+*-òU§…p¨�•¥K0e#GŽ‰E…¾J<Ó”oNK	ázÔfCbaj뺅Ö8b½A-2ˆO¢68ßÉ»O2Ü'æ’L
‹
+xAD¼F!J�±BòÜJçHóX¯Ix/«µw´@e@ªmHcýqD¥:‰ù	H€dN¸WP­ ‘e*6Öuu‘š]i.ª…*÷k
"��7¥väêõÚXO?Ó³t‡­D]µHXT°ŒÿX*³ÊýÉÊgÿ!/hhiÛGZEÐ@ˆ‰“<y6µ¥WH:<íÇur3ÚZÑqÛ1W36‰ÐdgWGÄ/P—ïqÍBåξA»Ö—Y­„E÷qÔlf�Û�®ƒÙl4¡‰"OnΩËdï<>Æ$g	ì( f„Ë
"ÕèI_Žú_~Úµ2œuçcMÂA/jþúÚÈ4ÃÉa&„vF?˜ªBœ¨8˜KðW¾c¡dÅæéjÖT°((R)~á5´­¿ Xð×
­Û6¸ºRº`¦Ò_ÞÎæm{’�’˜däEû!GèÀ”Š%	(ÝÁk¿qWÁuA�ÁúgTÁb¼dË‚„=¼³*FáëÃ×¥-û>hƒ"—ø
+¢Ÿ›C
ȼ†Ù–y˜
+ìßè&qàè6^ƒ”7îd¶u<»qZ~0� \@�eð½Öåø¦•A»ºôµiCÇÀ•—?àÙÊEÀ-VuWˆVzž¦,QÂ’ÝB¤ÈÒ½³rX˜z¹‡µ?$†dÈ­¥À0Ù
ãmù´ôaΗ"“Á}?»/“(:t´·?ÿg{©íh	MÚL1¾ÔíÃï­Q(þ&ì�t¤fjò+m•Ùe‚ñloÚrž‡âî=Žb:`÷š+±^KíÞ†-‡Ù”ñ“0’Ѻ�ûWy�Ž_çM)Ê™§$°�6ñ—¿mÉÝ’¯È�˜‘ö–I3öÏ�á„
+´YX<*^àD ËÃ>âÃÅ궊+7Z‰vŠª
¯"ÚGr]½éܲ¨u˜ÍÎŧ[U6{\Ü{ÌZ6�Í[bSí@^kdQå<p÷IÖ‰B¢5l�±¾
+-°ga	(y‘DAŽéãüšfÓ»Ïø¸¦‡³tönv÷ÃþŽ�°�òÞñA:£ê0ŠgìñÈnùÝÚê‹�£-ï.aÜÍü?ƒQF‹Sh’fxÒuµˆ^Sa™„§/¤´wiáP�ÀœéUÒ¿üóZ¾Z,…•o}?žÂ8˜à'/7oƒ4L¥7Ffxµ%½Ñ¿twÿ~6Oñè»IÖt 
žÉ›:ûK[¢ÝÁËv›{Ëëèã¦!z—�óäÄ”1Š¯À”ȬÁºceÅ¿
+8¹äí:î=Çß¿P°�=	Ç+)°Ý€ùf[ÜV­Ô™ªséÂÝOn&Í®Ðáw�É)�Æ£äì<lÙó‹ûËz°æ+FfqVsò°†1o #9÷Ι’ÿ?²[¯Î4“ñh‚e1ûNu�üzð/T•mâendstream
+endobj
+1425 0 obj<</Type/Page/Parent 1372 0 R/Contents 1426 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1426 0 obj<</Filter/FlateDecode/Length 645       >>stream
+x
�TËnÛ0¼û+>)@LK¶üH€´¹%ma½hŠŠ˜H¤KÒqü÷Ý•b´i�j[†@rgvggùc�!¥o†ÅÓ9T;HEŠ<OE†|¹ ÷	=^£\ƒñMŽ,CQ!ùt‚ùr&fó%Š–¦(T2ÖQ�kb¸„	QF£ÎQK_":´ÒØHÏ9¤-ÑHõ`e«ïãa«alåΊÇAŠQ6é|FÐÉÇ»U%ñà\	U;£46»ø®CÐ6Ùü
$iÔg:š,Ä’2&¸[i&ꀽ´‘“ò:DoTQ¡qîi·
]~ÇòÙ™ïd©dˆG¹f�³ˆ^V•QE­1äzŽULEGÚ�}Öp¾Ô~ˆ­ôt&jϹ
+^ˈZ7[úóºÇ	Rê…·ãµç<�sÉ”ã›Ü Rp’‹œætÞâöÆ4m×(lº¢ø½Ç8v™Aæqïüýÿãû¬ݘÖXÉÊ÷Œl
f]Ÿ½ÃËr–º’»&’Rÿ®ð¯ùµÄ¾ÜŽô&�=+�!G
	«Ò>t³ø”´!Õ©eµ+vA“Ýö7k^!ê–­dÚm£[òc·ùÀ
!n܃uÒ×Éæ~µEµ³ª3�’MÃ]';ÐÏ:ßÒÂ
ÊÙè]ÓôtÇô#økÒ«ÞÖ•œãÔiÂÞDUŸŠ`ÿ�ù-Ñnª{ŸŠíFm|³<Þsº9–SLfK‘MÙ@««Ûë+|ñîQó˜9µc�HUg™“¦½�-R²o™LÄLÐ1Ü}.Xm´Žzkiá¬Æ:ÉÖgØz�r
-áv…ïÆ–nè†Qµ±:0n¾ÈÅ‚.(º™Ê$»à¥OÅàëà'ªƒNendstream
+endobj
+1427 0 obj<</Type/Page/Parent 1372 0 R/Contents 1428 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I15 15 0 R>>>>>>endobj
+1428 0 obj<</Filter/FlateDecode/Length 1703      >>stream
+x
�WÛnÛF}÷Wú�iÝ,9E‘K
HœR`MVäRÜŠÜ¥w—Vø÷=³KÊ£ E`DX.çræÌ™áÓÅ„Æø7¡å”fJ«‹q2¦ùtœ,h~»Äï)þ¬¤üâ‰&Ëd¯ó�Ir‹¾‚·®ï'7ôÁЗ‹wë‹ë»74Ó:ÇåÅò–ÖÁê'éåûBÔ^Zš%ôÕá¥sc+á•Ñ”	/6ÂÉ×ë‚�É2Ú¸šÍáo�]Î’IB÷Ú[“5)¿oÎi2énN—7?—í•ÎÌÞQZ*©½#'uFu)”&/¿{ª…s{c3Gæ‘øBâ+Z‰j#(šÒB¦;~âäÑõMK©mk¯ô–ÓÕdÄÍŠܤ¦ª…Å~¹"o‚ùB¸‚œ7VfH<5Z}§†‘è³O:›ÓE2çTäOÏ&#uˆÖ^rùvéÌU*ʧ…®�ô°&ö.ݷק鎉óRdƒTL~«„ÖÀI#&çÈîUY’Ñe1>Ç`eŽLŒA)®ÉŒ¨Ñ¥tŽ‘Rïo•ó¶%…“½;™
ÁBp'¥B_yÚHD£È À}Ýù¶”t&Ö„ÞÉTp¤ÀÀÂSk¦,…ø‹ÀУ²;�ô„Í¢á“jŽúl Ï1w®¨ý¹ò�3•ÜWdéä0¿&.2”©<Ç-í�ú™$FƈÒ
pvŠVÌæ¡ñHŠ´ˆô‰XmüEÅ 4?ÒuD2Ù&„FÚ
nÊP®h´-•f‹Þέ©F!ëÒ¤±Ýc–…r×H—jkr…‚ „Ø!0ìÓ>ÿ¾ÁbkZé­’ÏHˆiÕåæaéDNÇý'èæS¶¡�Hw�€_zoª*ÐU<UŠ
ÜvaÑ«ûñÃÛ?FÇÍÀqŽèS»úò1 •«ËÆ%tD+®î‘ª�@öXî̤M…‚ÅìÅÆ4(eäÒõÝM§a—¡•³Í÷.<ú•Ï¯ïzÅãÛVTŠ�bå=VÍ  Ð&¨fUÔ^{z0À½
îW2m¬òí©U0»×QnöPszõéÝAhzαn{™Z=50‹\+rªªŠ
+ººæ
+uá¥Qaö(¤
ò�b²cªJYGщ]I®€g[+¹¨8¬ñ&ëZzæ'�qšù¸eb(#xFˆ‘E�œp×[œ§‹¾5$,2=ø>qý¢°½ç
j­<e†1ê`ày² MëeÔ錞EɈÂo¦Ü®CÑ…~!>ío­“è¼0ºïw¯ò©Qp^¢1þŒBÇ�I«X°˜O¯ÜKé¹—ù
šóÂ/DÓ`äÖà–ö*¢‹àªHe ^
+ÏâhfAÛ²,‰4
jÏúŸ€¹K{¬[ŽÉ@Ë�B|¡q#ùÀÚi³ÇÔÛB·5$¿e¤ËùïY
+lˆˆÖÒæ2e!­�s
+r‘pEpë‹…¶ƒ€ßÚ%
+§„„8Už×<;0�«M˜oE)3Q�¨jÝS‰Ñ,˜R¦ÙÌäÉjÍ3~¤È‘ƒ%û²¡JР{l:ü"êà
T
f6ʲ“54^¦�Ñ8žØ|ß.cÜ�Yž—(
+XƒŽ)Û^�ûÕä>“¡Ô{lN
ªRí˜kýï;f_(Œ-ñeîgw±(h‚šöìdò•·Fßh@�ªEå�£ëEÑ
eœ,:¾Á·‡äÏÍö3Ï¥Ž§&DÆýîZlC•C¥•~X…é1ÜŽ�ÞÜð|úö:`2�&Óñ$Èæí,¬ª¬²œÁÝ°†b›cY^�×*åuÍ°a
+½í*œÉ\4¥ƒœ¬T$#‰Ñ¡­âÜ@�áÜ0OTè0Ë®ï‡éÄ‹M¬c@›U�™—à5~9S6a3Gƒö wEĉži1çg¶‘r,oØÍ®Ž°9,w°`å•Ô¡»Y
ÜôáWƒñÊF։ǢÄN&ÑCeÐQÌ–š,&3$ógdé“J­q&(
F5ÈÒS"Ò8è¯ü^¨MH‚ç´æYÁ—ÒiÙd2ôÝ$™ƒ	<H;F|ZчÏ+zèfQ'}3P"ð’áÀÇ�JÑ'qZá+
j—bZÀ0v+^é{ÉxqÃ_=‚ ãÁÌM
Ùâ½ä?íÜÒ_NþýS?S|ÇñÃë;|ý…¯®«é,YÌæt5Ÿ$“9Ž²ÿý‘7_Γå⟉xiìþ¾¾ørñ/®“Ùendstream
+endobj
+1429 0 obj<</Type/Page/Parent 1372 0 R/Contents 1430 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1430 0 obj<</Filter/FlateDecode/Length 1510      >>stream
+x
¥WMoÛ8½çWÌa�¦@¬Xþöb±@Úm€ší6ö’%Q6k‰TI*®ÿ}ß�’ì¸Åv±‹"h’3oÞ¼ùð—«”Æø—ÒrBÓåõÕ8Ób¶HÖ4[-ñû?VRæS>þÁÁl2Mf—o6W·÷JSÚ”4™$“qJ‹Õ<™/V´)¦ÆcÚä×ÆKúõõæ3®Ïºë×wUEyk­Ôþ+)œ$SÒ•[ãLééñÛ۷ïï)¯.9rmÓëI´~‡?¨\xe4=+Aøßgc¥Ód×ow¢ª¤ÞÊÛOÒ5FÃC-ó�ÐÊÕTH—[•É‚vÒÊ„Þi‘UJoáN
+K^~ýÎSa¤#m<»�ù)”Ã[PˆLUÊ9±“7ÔȪàBi’:·ÇÆÃýËp’HÓšÒ³:êhM'Éj¢BpIšÐ]ñ,´[@‚/�‚Ipò’ê4™áåh²
+ÿƒ—¦@"l„scG"@lÀé£â4¸ƒ–Wö	=šZ-©uÌ“ î€œVe)-åB³…Ï­ã”æ0{‘�“·­a ¥Ë9iŸ¥
ÑjÉx1ç$þ­ôƘzýÊS¥öàYTûî¹èÂŽð¤Â��9‘<xN轧ƒ‚ø¬,[(2küÛN^à� HÅ\öŸÀUå'ï-UòYV€
1sâkS@M½¥��icMÝøº/K�áC×.H‘ï(7ZËœµ~C‡�Â_”#�u$æû“	m`Æèê{øìèhZNxã�7
Ÿ8~‰Ï÷?°|)»N3/U7¹T�6zôŽÿ�üö²	t¡¦ö
×Ù Gõg¥Bå	
˜´Ôjõ5HBå|³Y8«ÌÙº Ò7=ŃQæŠÕ�e¨cÐZY)Šc§óh˜“l>]÷V½¬P
½Ù§×]rœ„Ÿ–˜AÒØûyïàüÃÊ
AQü²HM,ÎQÔtôI™Ú¢q‰ê”®eè}ºæ§&1�¢puäUÐ[S× àerÀîd™,¸ÐXB§Û­�}‚ÔpªV7ÇP·ÑÒ¼oèQÆö¯É„�oïO÷ŽMDôÉ5ó¿µ¢v¡zj´(�ŸØ‚Ѐ=,;úËj§T²BãÆÖ•T‘Q&ò=Híèê!pÐŒ3=|	†;^°&º>êÊŸë™ÆÌ å¹6½È1œØier�NPg3ăf‡Wû+÷u®`!“W%g
œï Z©�­MË'Z–|eÄb.MU¡_ý‡˜Ø(ãÌEÓ�©ΞHT’&4Ý>�7†íèé:4�Ðd"9 !�ÍÔ�MC+¿´=Q@о›úhU-жþ0œ]R{‹`P¶è°}Ú¸
+нð¦»{ÁàÓë¾7ô‰Ü²­>0bÅ„ƒH	¿ŽcÉ›aÁZ6—39üe�v'ëd:Çöô½Nú§£pcPÓŸUj¶ç²Ûyzsi:KÖ�Á߃ϢjeXB�_ý²²Ò·VwƒJ; m×à¨34,:½¿ß#üÝY`ò�}ìæýO‘i<È.l¾{â?ÉFbôþÌÁ"MÒ>t+G!úÁG„ݯ†è÷áò@ëû8Odõ‹Õ£ÃMw«ddÏb‰‰èX7L._åf2¸v<"yk‰¦xà2š3=‡þÃ/O­…W¦¸EðÓ%Š=6š3Ú�\ég³–ŒÇ5  Ãs
I"Óa	E…]ÕÀpvªLî¬hØ4=Š:C/¹¬xä:€7ÕÀæ†F‡@q&°F1l$F£B„ݶ5ªs¨‘¹*y«8aÑ<q;׆~zñ…
+>(‡|ôÍ/¡^ýÃnºCƒ”¬¢!�qG
+iCÀùNæû¢Óýíýª+Ìt�¯.«)-–ëd½Zs…>Þ}xs‡c>cWBÛÈC<á+†¨â“ÑrîÿË5z¶œ%K|Ÿ	]`’²©w›«¿®¾
ý
+7endstream
+endobj
+1431 0 obj<</Type/Page/Parent 1372 0 R/Contents 1432 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 537 0 R>>endobj
+1432 0 obj<</Filter/FlateDecode/Length 1718      >>stream
+x
�WMoÛF½ûW|‰X”H}Qzp¢$5�Än¬ 9ø²"—ÒÆ$WÝ%­èß÷Í.)Sª´…aCô.çãÍ›7£¿.Bâ'¤YD£)%ÅÅ0Ò4�ã>Gø5’2w0‰Â >w0Oƒé™†ÍŸ/.æ³`BÑ<ÆTPŽ‚yó”ÓýE8	ù9žÀwA£prxâÓñ¢IÿÅŸà³ÎcAáˆSx>œŒ‚�Âyä^çDàŸœÏYÌ(œÍaœ#š£æ‰OÙP89“Yˆhb
+‡1.Àc²÷äŒvža4bãϧÝgœŽâãÓÎ3N§C÷`ùÍòbð~LaHËe›Æ3Z¦â!-“ÞVX»Ó&¥'‘×òŠªMmIä¹Þ©rMFëŠ*MVVÔÞ´”iCµ•ÆÒn£i#žPkmÖºªd	R™çËÁë倈šúÑ¥\¦=[¬œÉÔßhC쑲”J«Ö¥LÙ7¢{$å“…¤�Ø“(SZÁ­(T®„á{_?ß|ï„…9–c÷=Ø?\js|oH}0-â0÷ÛóQ&º(…u	â~›Ö{€ShÐ?••P¹%]"*€yì¡G/æod&]FŸà1¯‘õF%Ú©<Gy�åüùF*3UªJ¡
+îMY&²A}bú²÷Gc�ú(t—Tþ¬Ž±ç4fàÒ¾ÍSñ„"+]"‰Œ±_	¸¨Œ’O(
3uAåQáeF.¢ºT?ýq**±¨×o•U
níÉjÔQ#z‡{íLÉ<ÃZS™Ê%ù ÑWŽB½�¬’�‹fð"†(ÂÙ·^à\@ß6ànKq†f¿uY)ˆ:!¦ÊŠU.Ó+*5q‚LX[¡ä)‰Š{çWèOZ.Þ¼û½9AÑEnÑwlÖcÊh{o8£K¹¤‡ÞÒ¨'%rZ4@?¼è+³
/!¬•H% Oµ´å«
+Õû«V°(ÊýIV"MÁ!]ÂV¢ËL­k㪊p»†`ÓH¦>¬"_V‚Rî@[!q÷†W…Twý}\\ßý
+•i@|ÅÃÖB X¬úÐeÇÆQ0
€nÊÊè´N8Ð32o]´©NjDX±Ž$F­¤¥�Þ±H°*\vF)�HðÞ¥ÁP3n¾ŽÜ"It
+’Ÿ VÑÂƬö$hµªåÚCoòðš˜ÉÈÖ ¯Ö">¨Û„á6Rp»‰œ?ì!©¸ƒâY•P
 
Ð-SŽNg'¸LP±Dn+¼„Zû—Y5ù…ç$A ´óÁGS2™t�¬N¢,[mI:ä&Ù¨
+°Õ ²»Eƒ¢’öŠ¶¹än?R°L·ÓÄâM¯—Ø‚y»•¥Ë¢O›ªÚþ6ìv»@ã¿y*¶
ËÀ×:i ?bÞAPí‡h:k½�îð Þ
+RWbxµQîéÞÃpp¦¶îF€[6[€ÝƒjÿÅs?ŠƒpþœØg]qï¢Ä·¯¾H÷žîêU®ì†´5Ô‚ÖµJq]{nrcÝïm%ºNè»Õ@/n.ž¾È:¦ä	%ŒôU€Z@d3’Â09k4­¹¢h8Œ\+¢ªíÌZî4uÀ·
+¬k“ ÌÞe�±»5cAböld¾ÍjL#ã†l·¤KPÚéß-Þö¹¸ý?n¿-o1ÍT‰©È“}µ§›u)¥é­®·RÔ�@üŸ2³ÃÏK*ÔÚ«qÛsC¸Ar³xwýñ»/¢¥5áîÓ<]y¶r·{6¯
bámÃÖ@Yœ ësrd]hΡ³$å9ëX6ϧ]):¬mµ®åÎxü,xÑ¿¼®]¡V˜cm(̳Ëf–†›¥ßi/í%gézeOg%Æ*Ú tZó¼<öœ†]ùÉÞhã	@]
ñZw½ÄÞvE?
P¤Ã�‡7N4Ú4ÙˆÕ¨TÁÿfqi8ËÅΛæJJ§ýQ:Ö]�üa[8¬N†ýa«>#q’‡"~-–ƒÈC>} ë
¦¸q*¶h
bp{:5ÃBVmxMÚS.ÌÚuB'²².VL-t¡çØCÏ�°¯™ÕFשZLnî´�2ñg±pB‚K¹Ö�õÖRQã}¸•áð8±˜î˜zØò}@°òÖìGL“ŸËà§ÂÆ&¡	ÕNŸ°5£XÅs½†@=ôtéÖ|HUÉ+_w–—Cf[‰‰ÀÛš;pÆĞ̣ÿ¸¿Ïô¾%¹E/Ä÷šx>¢éÔí÷ןÞ\Ó�Ñ?àŒ͈w+î‡S|÷ŒGÔŸ
ç<ÎlºãÙ8˜Mc?;¢ˆ_{·¼øóâoJCxFendstream
+endobj
+1433 0 obj<</Type/Page/Parent 1372 0 R/Contents 1434 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 544 0 R>>endobj
+1434 0 obj<</Filter/FlateDecode/Length 2088      >>stream
+x
•X]oÛ¸}ϯ
â±üYÛÙ§ë�›n°I×7v·¸€_(‰²ÙH¢–¤âøßß3¤ì8îÇ¢Û&XIäÌðÌ™3ÃþsÖ£.þôhܧÁˆ’â¬uñæðëñãY¿×�4ö£	4èN¢ëæ)§¯§Aï߆“1þ¿�#);ë�ºØÖô¢o›Œø£âmÃîï÷_‡“
¼~e£ý~ï[£¿/Ï:·Cêõh™qÀ£É˜–©�·Kˤ•õ,IªŒ*�4«Ë+re	UÒdÚ¢L$ÅÚ¹\–2y"¼£\¹&«œ´}ÙÇ;J)S™ú½%©2•/2½\~=kw©ÝD}¸n‰ª2Z$²5~	勇¼«¤T8“¼ëhÓr#ÉÊD—)Õq.vâØ­HU*ëŒpÚXÚn4¥Ò*‹NÙ*W‰p§±E\	k·)e*—üµÐ@VJÒ¥<
t!Š›¤y–†¶+s™9Þ†pI¾­Räxֹ݆mtnß7x·ÈØ]™¬Z½Õeø²ÏD‹Dé‘9^líæGKik4Î�ÔÖéâ
+Pµ7Qœ d£*ÀëÜ&Míq4éQ
þU4¦·ÁøïíÁ5ø…S`œ)œ,ß1\¡ëÒ‘ÎàÖ³Á)]g…ô!	ˆˆ±Föã+IJtfÄij/�­&ÎIÈ"MÛ�Â9£â„Ú£‰œmt!)E6¸A@>�Ú¤À¿RH9‡âT!¯˜ÃòY"
+z”9>€Öw)¢P™
+$<¢Óªõx7[]z–ýPíþ$ê]Sû=W6CÅ5b¤­sÀ1R™ÉDÉ?ö
+ß=ÇÀY¤Ž
+)JËH2hª\3“ÌñÁ}!Ä;Æ1¥-Š#Å™r]Éô{1�ß5y€SU8‘$Ò¢0<Ga9I8w¾Æ]ºÌw8“¦)xà[Q¤1RJgµ¾jUF>+P,ß�$Ì‹G–€!\cØÎIÁ~„ƒƒ>ž*ÏÉj*EØÁoþ^�3RZ`Ow%…ëGÐË+’¥ˆsÅÖU¥�ó2#N܇Hc‘<I8Zµd´Ž:÷÷U×no•Û´óTTXþ–ë-æIxuºÞ¥ñ·ËW—ÀëŸĉuQyáßöAîÓ²/¯/P0,䣄"ªLò:e±‘?pÿƒpEí4t/#]1Ù¯5V-Æ°ëDAÜXê BvØO!ãõyɵ~ª«†tjø½ŸMç¯uæ“c¤È•ó"€„â/tpGRØ�çÔÝX‡0°8£�®	áÄ5€@ÉCÓ!·œ¸fTÞk1N¥ŠÊs³Ê™€ïBò.l|÷6Àw^oÀ0àyâ3ÕI] î½6œ¦g¹aG (ÌLn©Ò ½¯4®ëÚ¡¨ÐX~9U©öRç¸E=«TFwäo(}êq%B?Ù¡/¯7G ƒÙ†C¿±´òöžsÓW]1ŠÊ=HKÈ2ÐzUîÌ@‰‘‚/hÐzk©ßÅ3M¼bÎöJÛô½ï*$‡Ÿô‘}Ÿg•ƒêH—tBþ%Ó{åÝ™�mæ
L Ĩ¤IÅqÁ#e7(	Èh ›ÏÀ§ÅÂ×À|úINëœç–û�ó{¦µEey]F
+¾éª¹Š�ª,yÞ‹Ž�€Ú¢M2’óéìž:s[¦Õªµq®ú­ÓÙn·Q%Ò<BD–»?ôZnBOM%L`l@+àâVëšÛÁ	=|0×äI¬YÛa>–;ž�˜)6A[`o(Ó zM=tû“j¤oüƒh
"ZqEô–…o,{~�±«Ïcb‹aüõ
"ÑP0Õ6mÐb	¹;ô(0ú7R€žý«’¥7“n3N±z%9º¤;9ó
ìP<dL=ìÖbàÉ‘T$™Õ’ºÕæ)ˆÃ'él"*yaé•Àád>¤à‰³?_Ópâ7­½MÐôÉcŠC0_ÑÀ2rÖèô� 9’ ó˜�áÑ“×kð
+¸ahB.µãÅ�©û2õŠyâ¿ÑOvÈeÎô°ƒñ	v°ÙÖpÏ›µ
Í ü�¾J¸~ø5`ŠE»yñÿiÃB›ÒWD·{}÷s‚A-„ß)”ÆFU솳ùx{ƒ{Gwé´êeôåô	Ýo€´7Ò¦
Ü! µÍÄ_~ÇÑÞRDvqÝò×—–|¨ni;L§N8f0ñ6€–?äѼÇ<öË›xIÇ_1Q&9:(w¶5¦Å’¸7xqíÜvéº)Ÿþ0”ÏñŽU‹z¨¥^ô?CüŒ{£÷bð‡>M>Ðű³Z|ž¾ŠËÇÏ7ËÏ�Óû}ö»a�$þoöaqC
³&΋ï­{ø¼XBg¨V)�“Áïp»àóÛ{˜þ�x]RbY^ÌùêÓó9•îè¡Ú¦÷º…t¼L¯u¹äùæü{®}œäWeYXFO*yÒ‡'X»å
®TkØ <>`ð=<C Ým.Öö§öSeÑ0vŸ¸øÏyàùƒo
çþ20óV¼õw�¹ÀP
7F3‡ÂÓOÇÅÐoã[ùŸƒ¾@D0Åðh…˜ø\€˜�®«»^¤º€ÖáÓk¤¿/¸³ù Ž¡ï²"ž<(Ü_w3Èk»ÞrOA×â24XJÁ­Úß�èáõ—g07—ke‘@?àù¾ª1Fs<f¸—6çK0›nÂD=c�¿pøÑl/¢4[앇‘ìÜNšòë�ðÏ“
�ÆÍUr1}ø}Js£¹–hv<wñÎö~C{ÜE5¥­í@Ãñ0�&èZXÝ°‘˳ÿžý_\cendstream
+endobj
+1435 0 obj<</Type/Page/Parent 1372 0 R/Contents 1436 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 547 0 R>>endobj
+1436 0 obj<</Filter/FlateDecode/Length 1476      >>stream
+x
�W]oÛF|ׯX –
™ú°#Éouœºu‘º©¥}Py'ù’ÇÜ-ëßwöHÊ-!hì؈dÞîìììÜê{oL#|�i6¡Ë)%Yo�ðÎþ×ão½ñõu4¡é|�(£Él]Õ¯RZðóô~<‹æt5ŸáÿüXEëÞ‡eoxwEã1-×H1�Ïh)Cä-“¾+ãL{òOŠ2#õZ+I.yR™ µN	G‚
+á“'ò†¾*kw¿8‘Å"2vs¾üÚÑÅd
+(KÙÿ£tžp0—Å…pn+«0ÚQ¦DÎ1œ7¦óµ±™ðÚä´}ÒïÊ¢HU¦rÏ)K§ì™#Î0¼3
~¨|2¬âVi
+ëÎÙÝ€œ©A�/Á@!sÀØo’Ä”¹'U‰ˆP: íS‡g¿<Üÿ�¨´ÐFtC�€&ˆC˜ ¤É¾X>~¹]~y¼ùÔÅ[aHR�Є$à'sÌ�AR?kYŠ4ÝáE&µncwýn¶êYÙ
¿:~¿!R®Ré:4¬ú*ÚDTj¹:¯	7x<mµGsѳÂ8ýÒ”ÕÆgJŸê<€¢Ç»ÛÉåhÑò	•ã_¼#©œÞäQ�²‘Ã}NÆJe_›ŽZNòJ«~à]ä’Ü,àì–=`š�2W‰rN؇†R}§ÞƒqÌSÅ)‘Sb²XçAŽ-n!b	z€Úyþmb/jL•>;I«Þj†žµ;(ÂJº¥TÇ–+H@ŠCñ¡=å‹m.²Uu> å#i´:¯Éæ	b5‹0¯�Ü�3hÀ¢«”…IL¡«'ñè¡Oo>ÓÃb±O¬s ISt•éY—yÂèó
È°¬³2Mf!:T³î$mÍeâsé™i§cxÇ~عï¾#Åô3¸
Å¥¯‰Î@s šíä<âá~Áºæ´�r®üÖØo,oÁšnj&8[	@�`…ó¶L|iUPððîšÆð3vË‹Ëqem—Ñ4zÑ­É×zSZf©*(‡b”áhm´6Ú~upÑ_…ÊCʤŽÄV�j\¬å¥KXBž¤¥Ä\Ã�ŒõìDtÄÊÀ!ÜcŸcoµ 0sNL�™9>,QÛö¹uð	>ÀKûÈ5W�5· [cü»ª°÷�qSRT®Ùd	NnÀI*E1¬RO²ñ ^<†¿&„\=Údï‡q¯cFé×Pþæ×qu�¬z°~„e<̪„¦¶�‘÷VC²ªkµÕu&Š“T<7@lÛת«rœÁŽÏ^±Z¥Z7NÛ)1�;çêD�<Âoûz&µ+R±{™:�ç�H„kfS(ëL~"%¯}@mðN¾ƒ;¬î”äZ·a¬ áj@;Åý¨{µ]׃9¹ªóÝ;êHé ­,Ëq4åIÄ“-…³åÂç>™z«¾—¸`eu£­E™úÕySÁ›oµéõ«“>ìNÃVè:BF®”Džç¶Ê~:UGLøÿ„{ªß?ªÛÉÃà–1ïx(ç­‚ôšv¦¤­àw«eŒíŽeY/èìAÕÀQhl·-G{’k×’rW„/ŽÙÞ“±Ôr¿ïþ�Û0 æ®…ë—ñîï(g2V¼ÔXJÓ^W#��®‹]!Ü8¯Ž1@åßøP¨rmÒÔlq§4…Õ««zVbìx`¥€hà&0ta¡1ìÓw§{kTa«Ä#«~½ùð}¼;\�ð—Nº°!ýf
’`‰ßª4ÅæQñ2¢7sG÷uÅ×PѬՇƴgj;á³IçI°§^êµ¼Z‰‰Ô÷ú¡Öä4Waÿ‹U	•ï·¥£
a¯¯sJ…Un°�ÚŒÛB}Á²	‹bk±*c
ãÀûy}‘�§øp5¿¤élV}¼XÜüùá†>[>Q|4IÉêÞßíÍ�‹Ù6ûÀ�‰«ÙU4›Î±�àÈäŠ1üºìýÝû2þoÍendstream
+endobj
+1437 0 obj<</Type/Page/Parent 1372 0 R/Contents 1438 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 562 0 R>>endobj
+1438 0 obj<</Filter/FlateDecode/Length 1352      >>stream
+x
¥WßsÛ6~÷_�‹o‹sË–ÈöƒÜ¥i{×f]ã=Í{ $ÚVK‘*)Õõ?”d'õzëš\S €À�þÜ	aˆ¿!ÌF0Ž É;Ã`ÑpŒÏÉ|†ÏþY	[àÖöñáUg¡l΃	ä0�‹z¡à±s¶Ì!Zã3™×NƒQ«Ç‹“^-›O‚¦­Œõ&BTûó‹V¯‘ÍÉôIv¶Ìa1Gœ'™·9›óÖ&/N6kÙ|ŒaNZ™×‹¦°Á‹“^-›-‚&­ÌëMG§œMxqÒ«e³)ùkeaHù�Œ(å9„³�¬òŠ4©hcø´f/Ö�Áý°Þb•£9~H¹†CX'½L§ò+Ø,…Ó�ü|³þØBbhë´×íB¥“çR—P�máh*HW›éÆe_WIb*Ü%tZ	‡˜Wo„w¼²¦*-ÙL:È4„4³2A;GR©o”=Ð*Kª<––Ѷ@O>ü¶ÝÛ–èSÐÿj-—äñÏ:G~Ûà~
aèsÚq€ã 
+�t
üfô6ÛUœ”G‘Ç‚‚ÜOÎ",,æd�¡o�RæÀ	Vä²”Öq^Å‘)+L¶—ÇA‚vÁhu„CVîÁ[ÕV{ý>½í«TNäO]öà€yÍt¢ªT¦¬Þ$xŒm‚H°ºE¦#HŒÃ �ôb¤dœãºî“ÚiÌiz �Í(šÕ�š@YØkÞ‚´_¤õàþ·‘昑Tÿ¤Wm·Ùן4²Íì'�Æ–?b	„‹Sq�FØ’Ô‹©t‰Íb¬qÝX
o6½éær¡¡;Ü«Sp‰ hSB,qÀR”¨¹—VðÚ$–ê �
+%	 ΄¦œ�aÀ‰-Tˆ�‰‰NÞÞ­ÞŸ55Ε‚(ЃÅ÷±¶3©?šx’áœTΔI„ ÛXT_
„z¢üµS&êïg¯¹§�L°
Ë#,	ˆÀך~zèÄ‹âÜÁØÔáÞ£dpg³�·jYÆ™q ±?q×zõøzýòÕï—£¥O;qKxX}xx³ªw5Ô
v�ÛÁJÅ)/Úο¼9•ÛLKž”wPŸë½ÔãÀ£®ÅwOç(�åk¢yxhî4asíÊ}æMã“è@#Ýs¨I}ðA Sõy2»�WŽyä$þ;"B‚u�úì(…þ¡�X|õ°DV–Å�BnO¨Þ5…Âþ) Kî2ôbo�Cþüð¶\P¦1á¾ÙrF®8ÑÍȸ‚/BUm‘Ÿ¥%Ù½“î1m‚|—HLBãNÁyB>ÏÂ_H”«D/yžÂ;¡±ïì­©–…4ØN·i²d†ÓcwW—+®�I¶=r,ÜU¾°×öÆ•LÈMù!*U:HÍC¢ÍÍ¥ä�MaÄ'ö"E€.#¸;qïññ-˜¢ÌŒ†‘$�Çö%þ]òÝ…MïÚl·×·È‹RX¼K(‡œ×F_£´Žcsó=ðN!òVÿ2賆¡áJy¡ñT³¥Î£sI땳á¡G±]ÆïÉ„Ç "0úê;(ÙëÆóÅe€çe�‰ÈÏúÚá¤LöœÙóëÑ%X¾¤|˜å~”a;©¥
+o<@<“üxò ¨¡ðŒ£Ù`>]P³zBØô~Ýôðª¶ü¥ÂRöLüY’(œ³žòõ%‘ÊÌ´ÜÏëEá÷�ù"¼,ó½äqõîÅ
+Þ[C&àÎ$]Bq� ô…þlHÛž¿„}{ó'žÔ&³I0‹æþæ2šÒ«—ëÎ�—¡—*endstream
+endobj
+1439 0 obj<</Type/Page/Parent 1372 0 R/Contents 1440 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 565 0 R>>endobj
+1440 0 obj<</Filter/FlateDecode/Length 1696      >>stream
+x
•WÛnÛ8}ÏWÒ‡u¶â[m§@Ü{‰“­
䅖蘩$ª$e׿gHÉVÔËvı-j8<sΙÑ׳
õñ; é�FŠ³³~Ô§ƒq4¤ñlŠ÷CüI¾€¥Ç—OïýÒÑ„oÈhrM�?¤´<k|ÌhÐG³ÆE^4½ˆÆí-^­Î.Þ]Ò`L«
²šÌð&ñ{öiwFÑ¿4�c]æÎ’ÈzotYXÊD.d&s÷|õˆ cB�ÞpŠ �¹¥ÒJƒ›ŽwãTᶄÜÖ”x‘dE¶Õ¤×�2vq*¬íÒA—d·ºLÊt¢6ÿ�ü¦¬SùïÚ§Þ`Ü°›H2•ãŠN霜֩Å+%R¤´Wnût#áœQëÒIU�† ƒ@7"Þª\þ$mé×i?–ÖQª¾ÈÖñ#ú ÷r'M—”ûà­# [>2þY§�dŒ´m&¢r 6ÒvrFJÒÓõ›ùå"“¶±|ÙÄEhmt®Ë«PÅn_©Pù£–ü^›‡ócô*ÍEç[î¤.R¿ìç·øŠGô0hmë|£JP‡4´X.=›îæ7ž &AMÓÝwJ[Š4=%”¹�.¾HQD‚ê8¡Î•Êûçí~ÌiÉ´‚ŒR)¬¤QÔïú`þH
î’=X'3R–ÖX˜¸Sh«¾U‡�hµÅµLŠtÚ
+WÎÄ—6ª¥…¸œ´�á1nr:¢wÚP®÷>@�й¦Åªçù’«2:é˜<¤z
£-TSãûP¨
+‡¦ž{£A`5yÑRÆ¥Qîà¡o*�Ãþ@ë-¨Fn¯Ie…6N€z…Vl ª�dkih¿•9ÈiãÒZ”Ò£`ëí€Js7}�µC‰[gJ”�	hsðe½x7©œnÙ«Uº`!=Mºƒ\8êÉ¢ivÙkƒšswüt”>íDZ"	�P„Ê\æ±94ðz‚ø,̤J#®ÒèM£{8¼â~8™RÈ¢NÒ_<ºÒÓ»õuÏ{Þ´*›–;%÷ÿ/÷ßJ­væÞp
.O¢¸�FQ£´_øbÇP�!'¿9’_KœP0\‚Äjí­
þä)
‹×¹p
uÖ¿·[]:x¯Q»Š­k£Tê6¶‚yc±
"Éà€ ÇF›,(�MeM¤
+ÖF]ß\,Víü»`
ü‘sÃòÖ®o¯?ýs·úx» x+PhSëÕÛEïÃíçÕmïµNS°®<šLͺUà{rð©l”�Ó9®¬-ep™s¶+²6='›­ƒoÂÀžyËDnD™Öò
¾,±š¨ÉWñ®•ü}'0íEÅÃN½	]ÁµÂµºÔ�ûç U-ÃjC¨Ö8>ðJòr…—:�“Vr=
+‡2EDŸYÔ!2¼-dÎÂh%ÆóJ¸�;{ÜϪu
+Jhf·G«þ¿t¸Õõ2H“y¾[ȪuW¶�{;å—}ôGlt|‰¦4cØv˜ئÀ!íû;ú,Ùó…OˆÝüX²_BºÙ|‡©—[ƒíi�®ÀÔô‰Ra´Ó±N‡D°2h#a§Ûˆœ¨j¼x7¢#ßqšZxó^u)0h¬�0\¥)o¾S	TlËÂWúñ¹ébDÃH
¬áÆÞ™Q÷XgY™+$ÉcÓZº½DÉãT±â[³þC¡¿›šVÈ	1µ_QõöÒÇ ¾Øñàr´¾j^ƒcû¹�6Fg´àžñÚÚö×[91GÞVݺò¨Dç¸f÷²Ö{þ4}ÍõåÅ`ìçÖŽME‘x­†G-½¬^Öóí84ÕgÏ(x9'4=ÉÏy¨Aûè†Lð ?w¬§$ÓÓDÖǘÎÓ«_Ìqw²W§æÕ=u®úäÕ=Ä?ë%ùÕyœ_…�gÎcpÃZñóam�	à茭`rqüÅÖÁYò1‹ªÞXÈX	ñ±�Zb²5Û¼çÏ�§Š'ëš#Ëœ„ƒ°)„aêT¹ÓfÇ¢„ê5gƒxíB™Î7óʼn[ƒIo}€Ž¹ÿÕ“·À¹¸E¸#tcXÇÔ­ZцD]Œêñc‹Ç’ˆdhi¡�ý°5×O+�Á¡æ_êNó´ê';/ýÚ}�êCTOÿ�?520ýz¾™U2ŒfÑìrD“©ZZÎo^ÍéÎh~n£7:.ù‰ÐÃÄQ{ƒ	žhg#êMûPO Ðo=PŽ§ãh:™…9k8á`oWgŸý_žÛKendstream
+endobj
+1441 0 obj<</Type/Page/Parent 1372 0 R/Contents 1442 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 568 0 R>>endobj
+1442 0 obj<</Filter/FlateDecode/Length 1805      >>stream
+x
ÅXïoÛ6ýž¿â``˜
+Äše»¶ Ò8i´ëÖxh‡ih‰¶ÙH¢+JuóßïIÉŽãnÉ~t-8Å»{w÷î‘ŸŽ"êáDã>
F”äG½°‡oÚ_ï^ñ74ˆFá�rŠzÃpìÿÊèÆ>‹úQ8¡ádŒu}ü”’G/gG?\)Šh¶à�G“1ÍR»q�fI`ªRËðÙì#ÖÁ
»®GÝhö±0XoÒ×ÂT7²rKš­‚Sš­$©¢’KYR¥rþƒŒLt‘2ªH$E'ãmV² 
+kïÛ²ü'aÌF—éÞÎ$ŠtqQ^¼ã©¨ʼ®¤¡�Dì܆?•�-ñ±uÇá$¢&¼¸?ïٲϻ}Æñ‹$©.3±4{Nž’CŽô‚7NV¢I%K„^—¥®‹T¦4¿#ó©pfŽ§·²2ôÛïÈ˺”F€'ì�Å-;™:Y‘0ôÅAmd?;¦÷qÈnM%*¥þæCšÖK’_Öªl2”Ó8H•óL¦ñ³†F¦—º˜!×иö…ðYdµ¤ ÀìŽêžûßO
Ê/
¾Š“ ¶¸X|S“·*¹ýÖ6Ñfç¢8_‰bùí°…Ñ7µ©¾±Õ•Îå´TŸÆiÖ2Q…fºHy
e²BWQ¥Á#
+퀹XÛ¿üxŽ²¯VÔ¼gÎn¯J™Tº¼³Õ¾ÓQLY÷öÍ?ÍåÎ 1¶¾ÐeN�§æ/4ðRÎ-ïÚ~ë¤s*¤wra}åîèî˜å•Û;Îz~—"—™·gòyê\ÄÁóøB,°diÝ \þ*Ø#Û×[¸á«¯6Ôà$qÇ™¤Tk°iµzÐÃŒÎö1­K½–e»—¹ŸYé{C.4÷ê1…ço¦ø}ñáâ˜tÉVv _žÍh¡2ÚùáI4A¼ÈBQg™ûÞ
â¥Ì3ê3Š…¬¼1.öh·=ÄÎ�ΞáÿqàÈ
„|­pµìãôÀúW€á¹Õa%,Z~
+“@‘‘˜�a>ˆ¾Zq6°®i›Ãà1ðO/Ï=kÿ^±æó+Ðo¿U1^zÜkôÇ+¿@iC
Üá¶jj[t{A*ÍëY³–š�È«VvÓ¸Ë/ÇnykÓ¬t��¦¤Ë[Üå	§þrBªeÅS¿Í«nËR1þ!†Ï±á¶ˆã6ʃ•³(w�¯£Ã5Á!?½&þ’²Fú*e=ïCÏ‚²8Cï·¢çA5´â«Ñd‡EÈAÞ|œ
+)Õ¾H=µø7ò·•t– ›ìø&n9L¥,ú0àJºw×Ó¯¨±Ç¹´.U.Ê»WКëëéL¸:þÄpã¢ß…–¼Mó¥í·ãŸK¶æ0ÐíOÂè„ZÑ̃$u©0=\©¹�y†P¤¤–‡‡î„p#ò¹à!m…1>ÑOÓs~_Pªs�I¥±ÿ^Ûºx¥{õöýì­mðTVBeÆЉž"<dÕ²†Î"ô5ì80iêÌœë¢*u–±ä>D
<Óör¡kpêöäÑf ?84}¹0Þ™û(ƒòŽ”ëa[¬’BÝT.D�UŽìÍ)Ljc[-tÂUˈ�ËŽ;Ð4‚z;àŸ’áû{ؼ�gÇ�–FŸâÅ�:C]ý‡ð‡tù@ÁÈ/"_g#טevvs5»xõ–V(¥E6—8ð¶e–ò	ÎU2ƪ•ð'éçþ@xùĈÐb6ÿî5~j‡LÓc
m„=„îˆ)ÔŠ*Peè…³¥{¡9Ä�¤ÜßÇ©¯÷|,Ü€%Т)uæ2¹½ë8w v�âr�wl‹ØíÔowJŒýÞ7ág§Úw‡S€[Øœm°‹ck;$XÛ-®Ê·©Å±V„èÕ²m 6ºF§Vé»Í±®_¬¥æ$¥ÉÛyüA—ËÇÑ*)|`þ	éJo$Æç±kIæ ¦£A<8ŽºrXŠ=Ãì°›8~*?¦Mê\i2¹ÎDuëj£0Ÿ-[n@¨�°·uÐYvÉÚs¬U
ä	Ç�`ÜˆÒ s€4¦±'«!HKÞ½á 8�á2´™zóöå¯>KíØ:¡w$Ü[u‘».„£ð$¤×#ôzz}I`;>Ô±à÷ˆÐ
ÕT8¶éóåT0ƒ[Šåt«vÔnØ’*.™²Úङ\kmÔ—†eõü#N�	î��òýÖ‰÷·?tþ¦Å)qÝ,kiª>ònå ªø¨m¡xt{N•l¯¤Ni2žL'½h8ê�Χgý“Ñx|6^\žEƒçƒËóñÞ«÷Þ§Ô�†ãád0Úu?\N|ƒE#\åM¸³ó&oÎÞ¼<ðÒ†Uþ)ÜM[è6/tÇ=šOÏ	Ç£	RŠ×ûÖŸ‹ÙÑÏGå9<endstream
+endobj
+1443 0 obj<</Type/Page/Parent 1372 0 R/Contents 1444 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1444 0 obj<</Filter/FlateDecode/Length 1123      >>stream
+x
¥VÛnÛF}×WÌCÀâ]$%ÔºbÉ ESKr%­Mré½Àf‹þ{gIJ–h71P6dîìì™3gÎòqà‚ƒ"üÒbàXxß
+ ˆ#ó…m³à†®¿µú¯ŸÏ7{íÀ6[<"ŒñK˜Þq`“+Á
+"ê�‚ëêj9×sÜ›û�#×Ád›l˜·DÊ'.²)ŒÇÞÄñß�¯–«Éj=›-ýyà�çc7p‚Õª·µzÊ>©î¨ÂÌ~¢‰ë½ œïx¹a�‚Ó[âÉ=MÕ"Çó§ I‘�Yšr]ª^œfˆm§©T^oå�¥|»mÓ{n±Q/Š¤©Zçd‡§üþõ~þè…¤?Í%wâ8ao7’± åbOÊÝ¡T{€ë¶�y¡a{³Ç.ó<çO¬Ü
“@Jø´¼Z-•¨qI€–f)áj
+£OyÁè*.ÙsG´¦†B*§Ò‰F^€
+ÃS³r
+Hâå.%BQq
\_V”W9½ÈÒË*'¬¼çÍw.v½º~пŒIÜ[ßÓÜ�T�<ƒEsB?ÇÿÐØÏ|&£Svz(ÎâNiíŽS.ZRñ2:§¢®Ô?óêÚ£÷ñ—‡¿PL½¼­ŒÛ¼^ºÑEBÅPZý9I±}?¤—ïXy·§y>;a¥�¹ï�ð.qïXv€á¾Bñ¾Y{Ã<¿_Ðqˆú{^Ð%è
+\ÔXŒùßVX�¢;nwòíUöÆà�Ø®^k©sùŸQª—^ÆQ¼Œ7�p±œy“0ŠfA€vèúc½hìÅ^OÀ�ºÙö›)ó­È‚ëúîó'ƒ°	ÀçÆ–G¾c5ãoB\æšåNywj˜M‚Cb"šù¯r�ݽ¡Ë6|ÜyÊ
+ò@Áô»Ê’?‹Z>æ–lD÷b<C`e“¦Ý‹—PãGCɵH©}`Ù�{àÛÖyð‘T‚%Z1^Z&ËñÂÖWn賺€”W5œBÅÑ©jÈyJÌ6¨¹†'R*®³ñr—×xߥ¼((:+¥"yÞ8¢2€¹ý²Z_}³s–Ý¡®oy†[KaVìf„»°G®ÝœáÚ³`!(‚@G5fšEp8èyݦ¢†øß'e( Ec–T�®z
ü	y$IN–MÙ¶nrnÅV•h‚Ò~$¾%ÅþP4ûÆØ
€”çºhi4ÚUÔìýþ
KEó§-Pº%:Wí‘l̵Áððø±�ô™èâÒ(ÀnÐþµ2]TçEñìR¡Ó#ʈ0cÖãöQSÁÚ:RÃ[FÐG�Â@=¤_;”¦�æJê.že1ÂH·üƒêŒešbÛÇ/á£Æ­ìõ1pÏ¥z3°+êXuï.½:}~+ǯ‰î
•]µ·ïõNãn«âË[ìCèwíÝìz>ƒ[ÁÍ‹
,yªQઃptØ0Šó¢6<·|}±¢0FÃÀ%/6;V›ÁçÁ¿d\ò2endstream
+endobj
+1445 0 obj<</Type/Page/Parent 1372 0 R/Contents 1446 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I15 15 0 R>>>>>>endobj
+1446 0 obj<</Filter/FlateDecode/Length 1443      >>stream
+x
�XÛnÛH}ÏWpŸìµ|¿$Àb‘6l€¶hûP‹±.öÔ’F�%õßïáHªåXr‚:1äá!yxHŽýãbHü
i>¢ñŒüäâ
çÞ¨xÊo†Þ‚&é7áû÷Ã)Ý*ú|ñvyÑ¿»¢á„–ÏxÐÀ´ô»coî�=z§ÒHnr-ÓÍåò;,&4½ÑÝåVÊâ|#SŠ…¿3dTÒF©€åçI˜Za¥JßÐ:·´
uH°p‡ÌViK2�Ô5£¨7š!N Þ
	²Û�"Çê	þÉ*~P„1-ÃèR&Œ	Ö´†ë0
ŽƒìÒ£ÐR¬c¸Li¯rMÅ
æ²èšdíùÈñ™�§7 «*×I×±7ú“¾*Ĥ{
æ[ÉÄu?V¾ËºoU?Öÿ%{ó#öŒº–
‘‘õsÛãÁˆþ`ä‹”Ö!‰tOÆr]8/Šå.|CÂP¬ðÿ¥û¡I;–|0z’vë(= R¹ÊÀñ@sð>C<(Eñ±L�©:‹CBt9ÿ&}í)Éc+3ð}8b!c-aŠ"tŽì¼qæ"Æ©4]ýj¾QòÜ„È(‚nRhåæ�2Κd$ëLĤ2~c¨äj#ÙëÜ¥_Õœ"Yƒeöu«µˆ¿‘	}6öŠjœ*àÁµ«)m•±Ôôê¥"Ai‚0àÆ°Š;,Ž˜í:×4)¸>
g¶ž”þÅKÛ9°¤›b Þ±g#’µxÑk ¬Xÿüõ[h7yÓëm<ÌÚé@@(Vë«GA3«™‹YF_[!Sn¦Ç­Øhä�CLœ¹7;¡?HèÛÙW¬cøh÷ ¨´#™g—U:XÍììHN…œ1×ò8 Dì
+¼ú±*Ų»œu(—ŸJã}9ç\Ìp ,éZv•óÈ�[Ä€äÔÂqÖ,F´Ýc¢ùÓ­Ç<%"ùŒ*õÜ«%½(’fÚ\OsŒ˜y_.38q<®º÷�Gœ Tq‚ì>ƒ•…„FeÒ[�ÑÔÆ®.[ÇhMç±Ú()Q½¼^äb±«îÕê²âí´!Bá›!^ƒ°“þ®â5¬¬?LÚ“P^�ÀËߊtÝ¥ój„$GM¯A`�ó¸jªa”`›Z¯º£étu‰y*:¡²U{…• ›Qq?.±½œMÕs™ÀQnOó~8U
–Ùðb‡�Ê =ò(�ãF ïpšÜq"oÞò%)�º™”ì/L5[±Q&춛OK¯¼ŽíŠx+5vžÒûÒˆÁiÕ
7×ÔùçºóRë¥d|-3wÏÀô¨uoÝS)˜·ÂúÛbñbb°šß�%ïvžgô´ÅªFGã:¹ÁgíIfZ¹Ùé¢=™
®?qZ¨KiØŽ,|—§Ðø/ÒW&õÀµ¼yxwO¥¨ˆ7h»lô®Så%Å
Ýó´ý[7p-Á“¢�
+Åžúøåý{·°DŸ«YžîRõ„ª·ÇgÔ5wlОU’cnáÒ/q{†Šì€ÿjÇÊå¯]Sc¦z{˜e€u�á8¹¿°<—ýæw€7Zå°a|Û
7dßL@¥–‡ûÛv*
+çm°
´µ°9‡‹4�„ÜÞzU±ÂÔ×ûÌ¢À5ÓóWSôt>²!òƒ�ÒôéÌÅ7‹y§´9h@w6üYDu>t7ø©Uƒ˜�ôW.žZ¾j¢q£8ŽË£íŠ(ú>��|
ä[ÕîÿÖ™ÃUã΂qÛ‚êT/¼=ƒRå5}åż*,üŒqšÖqD5¬þÝ¢ü6?œÍ½ÁbL³ùÌ[̦ü…êáæÃÛú¤Õw¬8üðQû=‚ùíU&½ù_õƒ–Ÿ=&ó‰7Ÿ-ð3	ŽŒ®ØòïåÅç‹ÿ
P?^endstream
+endobj
+1447 0 obj<</Type/Page/Parent 1372 0 R/Contents 1448 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1448 0 obj<</Filter/FlateDecode/Length 1043      >>stream
+x
¥VÛnÛ8}÷WÌ›À’oŠooI·YHzA\ì.  %ÊbC‘
+/qü÷;Cɵ-»E�""‰äÌ™3çóÒÁF0Ãd
+iÙÆC˜&‹xÉ|†Ïcü5ò°�,øzaa2ÅÉ¥…q29?q»êî�`•cöé|«0óp«´÷þ•+ç™”»>ì´‡”)¨¼©–ZÁSoùt,wÜ€+8(VrÐ9p–´Å—ªÛBà›-´—ØŠ§"ß…Ýõp|•1ǯVß;CˆF“xŒ(zÛ‚«zE¨M8àØZòþk�0iõ�€J»‚ö­9þÉöñcDÏ*|À$r£Ëð–Ž€¶BJÀíäkÞ€ÊbZÜ-`”Ô$Eb
NâYœÄðÕRÞJ2¡sP1k·Úd´
®R³«Ï~|®Ã8�ÆÄyïXg´ÚÈd¦Ú¶á
§·�Ó	úPè-åæÐÚŒõ–˦žñ´Æú!
܆&HñŒ»�vÜ|1¬åº"ÃædÉ,%S%µ+kÚÚ†,ïQuåûõŸ˜­ûñëý}5³ÅàBq/^;nID­p
×iFŒq,2zn$”jå�þF'­Ô*=E©µØ!>Îfû@|Pºãz/üe‘1¬
+aAØB
+�ñœyé~­¶ëþæÎQ�J«¨©þTÖÁ$”àØØ{‘9L•¶V “H{EÛj´4Ú ¯¬B�)Ù3å´íÝE²­cÊuÛ,Þ‘ÞßXYI~d[J¹—2Œ‰|—@±î®›9ÔƒwŸ>¾»Y=õîmïw¡Ûô&¼<]�××èüz¡�ÍøŒˆ�@à{y^LKýiäG^Ûña÷øå2�úý¢BŽ•—‡3eãɸ�$ãSgEŸÓ��&É~~ÌcøŒžÊÖðïÃ=ZÑo„ª
�›a<­ÇÍ<Åpë…Ì°ç@Ã	
++u汿†¿xa¸)Öo¥SÑ8ØõOJ^�¶#¬p™¢C•­¿á�>¯Îšƒbà°jÐ슭>ÅÒÃÁ.&O�6;¨7àõ.šžÅñ–òAëØ�©óI;�Ç4i‘ÚÓC„¾©'6­ÓýÓ b7h˜
W&6…ÃNm™ÉЉµZiã‚êû4Ï*Å0<¢öÕTwj9ðÖ�Û�eåšñ±Ì…ä$ÛS°=~§K¼Y'„í™FkÔ)ºhÃd [K¨Zô§ÝåïV uýf,Roª;BÚ%üCÐG„²¿ª/–ƒ%Îê«ø0¢hœEߊ,Õ`ÞÈd4Å{渞6æ~¼y¸½�ÏFGYÁ_Ç$@Ñþ@4.þì‚NfI<›ÎÑ­tÏ)úûUçKçzEüÑendstream
+endobj
+1449 0 obj<</Type/Page/Parent 1372 0 R/Contents 1450 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1450 0 obj<</Filter/FlateDecode/Length 115       >>stream
+x
+ä2T0BCs#c3…ä\.§.}7K#…�4 Œ™¹…BHŠ‚�ž�
P$YÃÓSO!¤² U!?M!3¯¸$1''±$3?O3$¨ÏBÁТO¢¯zs=s3 -!)Ɔ #\C¸¹øÌ&âendstream
+endobj
+1451 0 obj<</Type/Page/Parent 1372 0 R/Contents 1452 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 609 0 R>>endobj
+1452 0 obj<</Filter/FlateDecode/Length 2971      >>stream
+x
�Z]oÛF}÷¯ôa‘>˜¿D©Àb‘8ÉÖEâxc/òR`AK´­�$:×ÿ~ϹCÎYIQ,Ú¦=>sgî÷Ü¡ûõ$uü•º*sùÔ-6'“d‚Ÿ„?>ýód–d®œO“‰Û¸<KŠ
¬ÝÕ‰À�+Ód*œÀ�›aGán\šV‚ŠÁi’Š¨b°ÓÉ�BŠÁ΋d®²‚7.KÓ¤V1Ø,?PY1Ø<Mr•¶šìlœeÉ,&TÉ=(Ì“R8�75eƒœ@x7§'pã,p‘ÿdSèIÅô픑Û*†�“âàPÅ`¡;’!È–-›ÎñCl<á¿=¢ƒ-æt¼­%ëEË)Nó¢ 
E²È¡h 
�ûbñÈf%͉¬`È–ãYÁ`á6$adÃØ¢d2Ökœ3åás“
ê$Ûæ%HÅ`ãV°÷?²7ÈÒÿ#‹ì…9‘ÌèÌÃZ*¥ìÜbe£àÝY1ûƒUk�UçÂQ�…‘~)ÿ¤3r*eÈ¢'le®Š¬`°³)•Š¬`:cÆèV1�Q²‚錊Yd½Êzˆ*)jÈTÑIÅD¬b°éŒ¾ˆ¬`*e%YÁ`g%Ë)²‚ƒó&°¦r1g£¤—Y‰y/G¶˜!Â
+[Qeaƒ�QeaÓ%¢YÅ`‹®Š¬UPQÑõ¨ ’œ
j,�æÌøH*¯¥Ê
+;O±”õ‡N©	Zª©k€‡
+„`fÚR1XëEdƒÅÕ?ÖZò‡"6x¨@Z¿�¤bªÄ%¬`ªTðа±b°¸©á‡È
+[eôp`½Â9¯l„†÷\aÀB!UªHÅT)g.QÅ`Q¿¬`dJ¥YŸàŠ%8º$l5D�ØEGÑÌÜXÅ`1MŒk)«,ÎA"Y,†»{ü1†äØ�Ž	¬bll§ˆ¬`*Å›IXÁ(ötBOYÅ`ó‚YÁ`Z$M`-´ù|fÀÛ~æ<òE̬à•+¬`¨Œv™«¬µ («¬ÍNÂ
+†Ê評쬘ÎàèeƒE^«,§²|ÆÊ $�5@cbbËá¥È	ÄT6�#'ÕÌ
2rÑ^8>FN |‹yXƒ-9ÆDQÅðžu‰È*f\Jz ˜©,2[ÏU3×
+쌇ì,ÞE—V�ƒEk/DÖ§aÅáæÚ¬˜²4ÖfÅÈzÑ’íÁ‹BcCõ$f5Ö«õÖÜ9�D!â�T}
êFV0XŒSe3L·(«˜
`ÿV0X4q¸8œ«Ø@µ²æ”£Òx™¥èzH7CæDÁ`í‚V0XT
6Ž²‚qì„Ý"²ŠiPEsƒ¬b”Ê
+[Min”ŒœÉ¬ÒëÍŽ`“$~4äÍ�¡"B‘Lsy+¬M�Â
+†Ê(/8#ììƒå�S
XÂEˆm'Ö/©,Òˆ¬`°vÍ
++ì”OCaCá	‹,²ŠÁzÓùŠÁNyyˆ¬`°pÌ\YÁ`çÏd3¶³5œkn¤‹Y01ù™#DS�#t~!9�ö΄C¾Œ�æÓÁ|ð+,^)²‚é~ºAdƒ…©°–ÄYÅ^ÉcY³ù$Ž˜Ç²W+,¾*Ê
+‹WùÁ΂Áâþ/UV0s‚Ý ž«˜Qç.²Þ Ö„p­!<†Ì Á8^…#+lÎ6#¬`°¸Š¦Ê
+‹»ã@V0XäTŽç
+†AÖ�#Ë‘!C>²ËØ—hŽÀáCNäìCÎ(‡AÚ&”ˆfkŠœ@hŠ„€ëƒ bú€�¾Èú¢Á½kc:o¬Ì�Ä“v„LÙ‰"©˜ÛÌ• ª,vBzGV0œ‡�‘I�UÖž–‘õ
+ãÙÂ*÷ˆ
+Ü ` …#ë
e½‚‘ì ð ›aÖ€±�õ
+ÃF{£òÍõ™µ%$Ñ¡’}hŠ¤œøÏC¨vdƒ
Z*‚“Œ¡	¤b°ÈYdc`m[>œ˜œx¯föŠš™>¹-kد䙊ÁbÀ¨”ßsa­Âù°Y-çáÙÆ‚©/ÇÚÈz}íûíp;ú�·æn衵îräpä±)Â
mm;R0Xœ¡¬?²ðŸf|¦()‚˜2af s[Edý¶Ö�áy¶ißžm[Æ
•:†¤¬cŒœµˆÈ	>ýFÎ:Æ(gßz#'ЇÛá<Ž¡wbHÿéwÜ5ÅeçDV0ê9·ÖÛ�—“ƒ?,6`öGH·r�¤b°œTT1�ÎÖ ²‚Áb€O•ÌÂf¢¬b°˜˜² ²™cßi‡:²ÿ6cXUã¿¿J ´Aâ”~!ÅRSÞ¾Q.BêÉçAàL<
í½BÆþ›;V
AEŽ'�‰Gá`)�àðÄ1�à�ß™ÈEÍD�̆7¨"¾ôT‘cóÃ=Œ¯8¨;ÜÎø§kÜíÉëë“—ïÐe'îú¿—šV3w½´_Gá'‹çÛ¾k—ûE¿j·?_ÿk‘©_{Š»:ÃêWõæ¦v‹zëÚ‡¦«ûÆ­¶î[Ý­ÚýÎ]}xí¶MÿØv_v‰»¾_íÜCÝõnÑnûzµÝaímÛmjžàð7~~»ºÛw«í�ÛÙÆ ÇݨÂÄ�ZÛÇÁÍöÛªk·›fÛï¯Ê$¨ÇüŪëúfݸöÖ�áH.õ+QnãÊq¿"qÿÞ5�«·Kwu_ÃA»f
Uú'·n¾5k÷û*ƒ%ßšnç¶mOKk·l70å÷ŸŸ©W&λ¦ÞaÑÅuá üyµÍ¾¸Ënµ©»'÷Æ$M³®]¯›Ž[à÷‚ÁD|ïN°ºéš¯ûÕnß~jê%œstV–¸×õâË]×î·Ë#6OxHðlßº}Wñq™À+g]ƒ!"êÅýjÛ¸ën¿ëݫŇõ°û­]m¹äl½¢“]ß:žâ÷?6¿H°Ýv_¯‡íÿÛœpd
+&q?}ÜžâŒÓw맟þ¿Mà–Qo*ëu?Výô0$ìY»Ù@áË®Erm¼Þv]ÛYvøoŠ4xÚõÍÆ]¶ëÕbÕøÕ½]­›ãõUâ>ß×½k¡Qçî›õƒÕÖ¹»kú9b–<K"ÇE–-ÛÇ�›ÿñòÃÛcç£wÇ|ð¥w¾Ýõ�/ôÝ/îÂW¬{ßÞµÛcQø.Õô–/û÷©­7Ì«,5ú™Sç0äã‡Wçÿ9ûxqýéãû¤ÿ£w¿S.®Ÿú7ŸÂ4ï`/8ü×ö‘Q|µè�+º%»¯ßË}׬Ÿ†‚`—°Z\þ wñ†üK%‰iñOJ †8E	¬n--¾£ ’Œ™9´P‹¿&#·�:´wÙ2³ÜgvÚÞõiàV(Æ¥ï3‹Ñ¶îy"q¨ûù¾Ù:´hyùæÇ6Ëfi‹Ÿ¹˜]
ß7¸›ÿÐÇV"~ØÑo%õ�árTß�£µöqª‡}_‡[OôC¤kPU¼u¨ônsóPïv�KÇâ:¶…Wü>�l­×k÷¸êïÝû7¯.½~øŸ3BF9Jõæjtæ¦ÙÜ7ìŠá`1a[¦=•²æÝ5KÜ|‹/õÂÄ}Óܬj»UOŘ•ÿ¢ü§fùkÝ?k˜¬X™›Xïõ>Z€È¡<áå§vß¹—M¿xù¥»)$ÇíÑb¶:6ïÝ6Þ÷¼!}ççr�
¦0+Žv·[ñÒmBG<È®Ü ¦‚¿OûýÑp?WÒ•$xa7W:­ð¢í}G=8„„ðà"
+ãû±´69Þ>…‡bªø=ñK‡gJ[wDý�½Süd(ðç¿æeí=ùÒCNÞ ÂÍý=N
3È߇ÉÃrôå;Ø6À˜©ø¤d³Øó�­ÀäZMgí0	å5}{}ò¯“ÿ
G@jendstream
+endobj
+1453 0 obj<</Type/Page/Parent 1372 0 R/Contents 1454 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1454 0 obj<</Filter/FlateDecode/Length 1884      >>stream
+x
•XMoÛF½ûWt‰
ز-»¶[ ‡¦©
’¢°Š €/+r%mLî2Ü¥ýû¾™]~håŠ$(’óñæÍ›Y~?¹¦+ü¹¦ûÝÜQQŸ|\ž\>þL‹+Z®qçîþ�–%]ͯ®ðKqúûV5A·t;§¿=þW¶¤ç­j5y]t­	{ªô›®èåtíڳ巓+ºXÜÂÆ)Ó­'ëKŠJW+c_Îø©ËÇ[º¾Ž>/ó¿ñ=þÃü]UžÂVSQm©@>¨6t
í¶¸˜F0#?žÚÎZc7sZn5ÂäPÃΑk‚qÖã-‰^‚ž¥x¯o¢NnÖqšñöœ¾nM±%·æ8|44‰¨Õ…6oÚ“Z¯ub´;µŸF�Ç-…Öà©àHu|L¡‚Îœ›àuµžÓSPxša+
\„jŸd¶a÷´i5Ð?Œ½œ‰¿ÞﳪWªQ,õ8Á6½Z·ÃãÀÉø,Ze7úœV€´FD\¸�	ÛIF—©>ªiZ§":(Œ[)ØÐîáÁn¸Æš`�l)Ì)œ
­«*\®ö™û×sy–¯“«BYr00'&¡DÀ‹zS¦R«
+åF	w[�—™«¤
+®:¢ªÊít9O^ws!éÓX,µ/Z³Ò4Ö~¤÷Ú´> $ä<¼©›J·’í{O�Y7˜ö
)æª÷‰×àoλÂÕ5>)7÷ÛÆÁ®"«7Ž‘„¦62b0ÑOHMⶪŽé7Êû�kKé€	„Þee�ŠB7�\K­þ²Á+˜Å©±ÁËÞ¼Õ+c“ÿ/. øAü6¡37üÓP³-³ŽL©•”)ó»0Gܱ¡C©Pêÿ'i%*wNæ�­·#ÜÍb—1úx‚º'þ9ÉqÚ_Ø=;¿z”$?t
U‚ò•§×sâk\^ôúÀ/Õ ¼±){þ!©“¤fÖ¯[WXZDK‹ŸFÿO")}ubQ?Ž¢â4!!£+ý£‰jãœÚ©Úu,’‡ˆíËiç9ű@”û$f¡Õˆ:â
+6Í Üâ]ïaج÷òõ¥I|JÑAlÙCmÍf‹¶®s0’Cæñ8£èÇ@ /œYÖG]*Ê®*0 qh$îtŒ0?¡�ü¥Óê®
+
š¹¿wÚÏ’žÐLâÒjß8[r{ÓFÔ
eôÓÁ”3æ%râdYbFIçGHhï·QìÉdŽe�'"w1õ‘gž3ëÜóP}Ñeé;Vý—Ó¯Æ~ú$*g1K-Ž®i*ž6×N&¿ç0Oë$…¾ž£cwýdHØ8èEóÞ»1åæ$^Ì°8Ó`¡Q-†Úš«¦yjˆ¡¾Î=71û¦ªÙ3âíÀdDòò‡�AŒLºàåL8;ŒQ� ¤Q�3�{‚F‚«k4"Nb;mò؇„ò{WÄa7†*a�g�-uƒÉÀkM\.DŒ’°×ZAÕ…@^†9k)\@Ô_‰ÛTÖŸ!è‰2`Z¬ {Ú)’—ùÅ;‚ÄÊòœY¦È°–�²8§g‡‘ÂÃI·È«šlg„Šˆ¸¾,yÈFÍÆà‰dnû:úqÂ	@‚�p9/n’=ßâ"Pˆî$ê¬ù‘wž/¶ºÎ;»@´6¯ÇŠQæ{cë’ûRšvÅaÎzºöó™Õ663ywÒ�42jwhø÷RyØÃ{[ËL6ßTeÊÓ¡ü¼­aÐö£jÂ,ŽØ
-¸†_E•ñB»Ù ¥ý}?›ècL,s‚ب!€'Ÿ$Œ³ˆ´*Ù³‹ÎÅK6”D÷˜=~}gÒ£™к«X-2ÿ[¦dÜ“/Õ^¼9q!8	/ÉMæ
+ÿH¿ÎÈ׫9Äs�û=°D8=bL
Iü)^Ó»]k3ÏjÃË–´´ÿ}ì0Õ$= 5`t�‰\FÓœ~R}Ü8 [œ™içÊöˆ•‹·!ÌG9ÅsI&É“[ÃvK±w†9׸VDAî¥hDeb{€ŒV–öaOÌ/
MDöhÁå¤ú­º„à·8Âai^æAõ;:óÊ�îŸèFn
ž¿¨}ºnbf•Û 
a×(mÂ@…Ñ›áÐ!mÊê�1)'+˜Ì|µQ‡æh¨�Â.+ÞEh*78î'¬Qã„f:÷š–•[H—¹h“ô�OZ3noŒ)3ŠO7bñ°è@PÂk\…Çãuæ˜js„XÎÇ\ár]ØyƒÝéA@þâ1]9®Îg2>ˆsýÿãx/CmÀ)ÒNˆ™…jìù 3Gß ´xÇwM亶E»—ƒ¿”·ÒúÚŸ1cî©!d0)ÂQŸ+2×3±öª÷�É%R^‘4a3ê5®úB
+RPèY='q«ÞŸoêÆ`[‹µfçìóòñaü:rs=ço2ÿóSLÂ9~GÙŸ~~¹½¿�ßß=Ä“ÎÍ
ûücyò×É¿[X,^endstream
+endobj
+1455 0 obj<</Type/Page/Parent 1372 0 R/Contents 1456 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1456 0 obj<</Filter/FlateDecode/Length 605       >>stream
+x
…TAnÛ0¼ëŸ Q$[µÜCIÛ=¤ha½äBK”ÅT"’Š«ßw(Û-b¤(¹»3;;ëç(EÂ_Š|�å
+e%q‚wy¯�­s~/x¬DÝÑõ}†4EQ3eµÎQT`x’ (çR—vì½2R‹m++x7ô½±¾Qµ~°òBWÍ€F¼ÈÕ	¥=œì…^ÂuÛ^8·¯P«Vb¯|ƒÍÃÝEñ%¸J—ñ‚ðsçG>±	9¥[¹Ÿ=ˆ9‘2;+úF•¢mG¨®7Î)2ÐÞ
+íÚX[ÓaÐê^

1î?ÐŒb[­oÌ°kØ­¤d‚Ç™Ž•…²vD&h'´ØÉNjW6üpØŽØ“Þ”¿7(ÍÐVØJü”½?k™2¹Q—ññz±Š³ ÄÌÉr°Ê�¸¡ˆöEÚ:ÉæÈFxlD·d˜¯Ñ*R8¾ªI+;h­ôD˜
¬�ÎTr†íà!J?Lê�ÉØÔõ-¾Bì\{
+=ùÀÊçAºœÐ&¨òªð�fŒ"˜#+ËÒ‚6¨**ˆ–µ¢“>džf{|¨‚›Ù¡ÑÞÐKS‡ÄcUÖ8£õ–ºü;%™p'æ“‚ocû'?”®ÌÞáKqÃe°‚Å,4…y‘ôB)ú°#Ôñ
óž¶fñõýú¸séŠû¸^"]äÜNŽ|sûpw‹¯Ö<ÉÒã£)‡àªIûÀóê”p•'ïCü‡Fô�Eã{oXÃM3Ùôä�V’ç5[:èäÀÉKT&,êãE(žåYœ¯Öü#`áe®>Ñ·è7Fo+endstream
+endobj
+1457 0 obj<</Type/Page/Parent 1372 0 R/Contents 1458 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<</I14 14 0 R>>>>/Annots 618 0 R>>endobj
+1458 0 obj<</Filter/FlateDecode/Length 1719      >>stream
+x
¥WÙnÛF}×W\ä¥6`�EŠÚúæ%n�&Îb¥éƒ�b4I“fHZÑß÷ÜR› MDEÎ]Ï9÷òk/¢>þE4Ži0"•÷ú¢�_¶ëM"Óp”ˆ	å
ø®2zèŃHDÛ»ñ$>¼»w�Ó ‹éÞYx¡ápˆÏd2ÆgŒÿNÓ¢÷•ðd"ã/Œ&Ó¾!À‹»(¡Kzñ(CJúc|ÂúhÄ–üG6MDBƒi"¸›Ä‰µW|wÿw“ž
+Ïú»{׸;š"€ÝÝ«YïâvJqŸf9Oh–úšáur½’e­
=È|.IV$é~–�uôÙñ½w&—ns:ûÒëÓyœàüÉ�Í¥)èÚµ³Y¦ße?Ñ8ø9$¨žŠHÀ„vúkc*Skú¨ejŠe8‘Pµ'â1’Ɖ+½°¨ìÆ6¤`ß�F¥ý‚Ïze*R!ì3*3-+M¹|ÒT58V¯díÏJ\(›ÃV-癦µ©Wlpa–�ƒšËʨ6«h¢]˜LWTi÷l¾À]•ÏŸ"Y¤´²kª-éÂ[ä_dš›ÂT\ÂRVÕÚº·•Û”µ±ðe4[é
+ëµ……Ò¨êÈs÷uJC–šB…x_¡“.’Ç“áãéaõNP€¢”Kí£¬Wš^ïbhkEvj÷û»Ï³whÚ¦8HlöÎwy(bAWR=-�mŠ4<7jã‰c÷#b*úßê˦^Y÷KE÷¶Ö¿G8ã¾¥V5¹.jÂwÉí™›BúJ!ºùlRø+
+[ÀÊ«H¸¡÷7×äÃ~ÅV�®_Ü‚ö¹ûˆæQy{ùáâ¶èwçÞ‡ª)µ«tŠÏ7¡¶Ð>ÿóm:c1	éü‰gQžŠB)�
+§ì8¶•LQ}·D")YʹÉLm¸×–¤ª£@¥Ô®Qš%`~Ë©6⣤v¬¢Ç¤þx*@Ed³-ˆèŸÑÍFN%Z“zW([S(�pFƒtK Ÿ@
¦òžÿóªÞdúÈmª—Ù%'½p6?:åÁÕŠû�^•4³btsC]m˜f›:3@5ÊŠ
+
:UPæÈï>'C†^ƒ�¸ ;�”Ýi”t%Ÿ‘9�iOÌâp‚Ëìdr�á0`íÈíÅbäItkO¯Þza¹hYf×@Ê.‰6/ÏÏO÷wý}wÿ0»|óF¬ê<ûŽ9…¨9//–e¬•#¸QÖ9ð1ÛÐ<è«´f¥t‰ˆV8²´6ø*XA£½¢Â­By]`!€-ª÷˜2CBN\’ƒä©ZÙ&K}IÙ(PíÙ‹{�0— ÊGàx�¨‹<pÖ·ªUŠsPŠG7Ì<Æ£q«k�òû›[B—™T Üboú­…‡Ö Ñ”ég
tk¯ý\ú9_N×Îèçà.ƒˆ3ÓÙ ]aÑt=d‹3"`°#ÁôÛÅýì õŸÏÜYÉ㉳3eùx²üTúyË]´A{÷©Ú€™9•6ƒXh?�~´ŠçñDDÓ6¡Uæ:—òd,VL,S¨¬a	náËÚêéÔíG-÷ê^»¦ªÿS¼‡{¸|%ÒƒÇïûŽ Ïí Ù	q%6Bà2ÁÏÿ-îgG\¿Â#à	oqªd7µyÑ�²ïR££àeÊbÐôÙH¯LŸ˜oe
Æ;/ô!ôÿQŸK¨"�tWOîEéjò‡vsíl`
‡@ßV3ë6ÿžô÷ÄàZïÃœnÚÍ®‹h«
+<v°,‚:G,~²CÏ?,�•Ÿåa6µèÛ
-¿Ê¥:ÌúÖVÙÌW¸«»PZJµm¨—wCµ†¨§f±Àn‡ÍÇë	ì#´fh­Ð‚¹ÖÅv ÃLëìá¤*›£,&ߊ}•»ýñ·Y…éà÷^™ùIƒ¸°sy2BÖbšC|Ò0³}EöGØ°Ý�¹(["p&çXR}S±íó5.·š~�â{LåR­°�§0v#……¥°ùb±FvíFÁ"Ë>BU`%õ×ñð@�B˜“ÐO”'Õµ4ÖùF­Ï~xtrzv¬€g¤k%„ ß1öÁ×3¯¼º%ÄdÝ«PÇܪÔÊ`çò[Ø®,ì2o]ÃÔÆ[‚ÒÉõÞ"�åBã½ ì3X	”.ÃN…3k“e@
g¼‡N¿Ù`uMÉÜGŒ±þbEP¸¸�ì½W
Åx0äéûã/{/�#HƉ�&¡Ñƒ!ÿôzÖûÐûu<¼>endstream
+endobj
+1459 0 obj<</Type/Page/Parent 1372 0 R/Contents 1460 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 665 0 R>>endobj
+1460 0 obj<</Filter/FlateDecode/Length 1427      >>stream
+x
•WÉrÛF½ë+ú’
+­2A,@ÆåJÉ‹l")/)ˇ!0ac30­|}^÷¸Ä©P%=½ïƒïg¹øó(ò))ÎÏ\Ç¥p6w¦4�Exöñ_kZ1¤»¯O΂yà\PèOA’ÓÔ�;Qet6„�½oˆÀÀFSg6ÀŠž‹³œ|þ	`±¾ç„tÌ``N³?èq~Šœ"×ñéB€n:¿ÀaN!«³@�›ME¦çÎàÏT "tî1£=.ôÅP1f*@�\j
+°ÃsV”“ç ±P�/z…�=.Ä‹ˆI
v8αCd<üX ÇEóžÏ Ç¡åãˆúìpÞÜ:8eµèq3.�6Úž=.òz}ž=ηÎ[™ô8/²|œAO€ç²�­ž;’ˉŸ3·<3F\Aà%ÒЃˆ1À¨7‹³ÉÕœ¼ˆ+4Aˆ(Ïh‘H‘»´ˆGNàÐÛ²X¥�›:-ɬ5Ý«|©è]™«´`¤©Ë,Óõ‹ÅWH›Â^+m,•·HFð¬Òº1Ô]˜âZ+ÃâmËú?Y¡wïÞRÚ�)iS$,ªHDg¥j•kƒ#*t¬›FÕÏ,©É—Nûº¦mšel„Kc”GFEiH£óÊ°ÐZ�õ�*c»Ù‘�еF‹+h^ëgRxÎK|™µ¢¿o”ÑÙ3ÅåèVÌü�rÊUq ¸R�Ú¡«²Oñ¤‹T±~y¤U=iZj]P–ß x›šµ©ØlTÖkHt×ieÒ²pZU>×
|üȦ#hª ýCåU¦É¦SMR1êì´Ç]†F´‚yP$‰?!ú¿u¬ó.‰< åócV.Uö¥U.ÓÇ„Ï+z£š4¦F×~‹l˜RfÕ¸#.´Y¦%2ˆT2vD¯[SQ®¬otwûáöЂŽ›+å±.7ÕiÖ›ËO7×—{Ìc«^¾w¶n‘·u¹Év½M9%¶˜¹Ú²2Fàs…Z­iY—[¸ÅR÷]�™~ÒRoìF8e®<ÖPVÕz¥k.+ª3úYK`”­îÿ"Úu 줟�ŽÑ²æy—zå4áá°Å¾øáű‹I§Œùøù¤6”wý\¸[©¦Aª·zîû&­u®cŽËìX[+ gïÔ¶
;©µÙTUY›.}YùX'ê®�p�æŒýLîVÆ
FcxHĪº\¥™n~?¶]Ãr³îŒ~Àç—›‡‡Ž	Іq'½°Ú¸ƒEÓ¯
­Ë\S‚¨ÅÐ�y„²´Dm妆…
jȶá’ÇÖ¦à,(ó¯v&uú´k¿�ÒðIÖ6`èö½êISé8]Á`zÔ…®1¬8;»lú³L¼<ìë�Y#‰ZgX�ççïnïÏÏ%¼<Ãyð~Æ$É_ÐË(36u¿?‡z;Gä̉ó„2ñj°VD¤ÛFø`Ç
‚ÕÛqlÁ°&›¦žHO^ž“,]N:˜u «1¡²Èž;³�'Æ}­±2)ƒã)Z•ä©¬¤É•kGë‘¿½—\ä¼öÊüÀªÏ]%ËØ�õž§Ø¯èÈ	VΤ0-Ó�¬#‹ò€Bî(fÕ|ë¢à†®{@Õ7Èad	û«HçzÈsya7½Œ¦ËÛ²\QU¦…‘{®
+kl³¿±Rí’WK,}ÞârBM¶/ãn¿?1ýdÖ¢#u¡–™Nìe@n‰6*Í$�¾åšN¸¬Óæ%†%–N:OÛkÌû›·Ÿþº[\ßÞ8k“gr˜\Åí~GÎÌ£îÊóà‡Q»Ug-�‡—…Ù<ÀýŽoýÂýåo.é®.¿bÂà&ox<‹o¬yì…xñ™4Ž\ìåä_ùm&
+g¸R‚9YæûÅÙŸgÿV®³Àendstream
+endobj
+1461 0 obj<</Type/Page/Parent 1372 0 R/Contents 1462 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 670 0 R>>endobj
+1462 0 obj<</Filter/FlateDecode/Length 1753      >>stream
+x
�WÙnG|×W4”¦qyŠ¤ò&Éqı1ÈCÃÝ¡¸öî=3+šùúTÏÁcMÙA`[Ö^}TWW÷|8P4ÒhBy}ÖÏú¸³ûñÛ÷gãá0Ò¤?ÉfTÓøj–õãUE÷ü>]]�²	ž
§ÙU¼àG—5]]e×Ïüg³LŽgS˜⟑´ôö×ÓOÜÎÏz¯Æ4Ð|ɱNfSš>Ô>ÍóÎ|%ÉJó$
Õ�ud›õZG…®E©¨Ò�ZYª Aów0†¼½±ÎŸJ:ÿü¯ð yé�]	#ÃÍ<¾ÝElŒÚ¼è<'Óh+}âv# †Ú1-$9„Cª…uˆvaô�‚Ô¦À/Kmè�R¸MyUJåÈi$�¾�i
+¤Ã±õiçðå]Fo+)¬šK؇ìñI˜R7–~‘n£Í{ºeŸ¥zD(ySÃp¥V!¯šB´)Ý
+––ŠÒ:S.ÿ‘µÒ‰²²Ù)Œ†“lüLÝá,\S÷jˆB¨K÷¢^ð`ˆ˜¤%¥é%§ (×õº’H¾äÿ÷áê%=ݬ©ë5g³@zRªz¿Ìþî­ÈWåÇôô¡ãsEºFŠªÚÒ‡¦„;ï·dØR~\WL%ü`“Ë®E...i«¾ÕTÅ1ð¡Ô-×¢¨a#„nëE–kµ¤µ0¢F’¡þ¥Öu¨
+ÒÌ—ãÏ_:ß°	{NÖm+I"Ïu£\*Ã5
ÐK�´;‡\eãŒî’•×"_•JÒÜp§Üį}sü¤KÅŽî<ñ,òŽÁûÁÓ)jž˜ghø‰¯&
+8ï †GÀWÄ:§[n%ßolÀX4°¯œ�+èŸÌ=tŒÀsÐz%¸øÊ<\ìcL}Ç1>…VÉèÇ=)1°Óhøíeà8ü¿Wz‹àùèÖp!"0Ùy‚ zóka-Z©IñM
+ð8_‘;†xß+I
…B)�oqüÚ@ò@²ºQœ0w`l¼CˆÚûN+gtUI“Ñœ»Ó#ê
•nKK�„M‚«k#ŸX8S£TmÊq
+tçÇ‚t,·?¾¹'ÅK£ëaßERp"Q¼XHÑ
ÌSZ¦JzÈué~ÇBÛì°)ùãaƒ&Ô×—¿å2z„¨½$(ÑÎÒõÇ��B³bdôƒT¹¼DE’€îÞa¬@aA�QIµ¬¸ÒË–g‘²XÈ\ *yˆDIZkk9×gJÏHÍ­ µ+^éVÝw°ŸÔè@*o‹q7»|Þ¾¼CÓkƒx$šlWÐ#œX¢¸V	„ßä#Ëø6£›Ø0sI+½a@.£Á_0¿
É„q(	]‚”˜(ß²	Ìæn’þä.² z*R|ž|~°1÷a‡‰C?õšÛHBÀw�@WÈú¡ƒ¶1àvµeoû1~Ð'UÿYÞHÕy¸à¾IÚƒ¢XSØf—Á’VŒ`;€“ƒ.ÉγûÀŽ\#v»ÖªàÆñ3h‡�Û®!<~|�=JÇ)vzÒ当©eæUãÛßH¿
XˆIUʧ2®l®{”’Avý|‘í½èyoüM)möp"<ÞŽ>Hšü£ë0+P(¶,ÂfB±õ:ã9-Ÿ°liD‡¤VÝj¿¾ì
+�²>¼w´Ø¢qUq²Ìÿmç;£º`NwYmÏBÚÓîdR^ɇáγ�9pQe”°ËpЕPlÜN“"ÇbªÊ÷ƒÐxv`­L£b?øø#yIÅ›V�•.PWn”–³Ï`X‹-¶¯]И8©ÀqíKTmO›Úã °Â`w\BIâ¢È',Š¼Ç2Š¿ó
¤CøõÉ�&°3	€ò©Á/æËÒð1ÁÉ5ËQ
+0–Œ§ÚsÚêzü~¬Á'ÍÝ0)ü…ÀvG�ç[-NúŠ€�µ­áÕ=¸Jgz*×›ãl;8O:
’úB^ÙÌ¿o„!6/Å{&ÂÇkn+ä؉JnŽÔ
+óüˆºÏRÆ›ˆÂŠ,xE÷û� ŸKÕ|¤N#ÅÑ:æøH¸ŒÖî«vf½Æšž]”
+¿HÙti€í¡[P¯�O=Õ@çºyÄt” 9O�†íê=¯6~�ë½ÚcÖµÔc»KQÙxÌK_ôX4ó7›hÅöu¸Ned~Åñd&A¹©[µCý²‹C
+Go}s{ÿ’ì$®1ˆý!æ¢xyx‘¯ØùÂA®Â®K0‹X
&8„ÏF4™Æþþæõí
½5ú�ÌöýƒS"§ÜMt§ýëÔ—ÿó|áãÛŸ(ÆÓq6�ÌÂ	{4eoßÍÏ~=ûl|3endstream
+endobj
+1463 0 obj<</Type/Page/Parent 1372 0 R/Contents 1464 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I15 15 0 R>>>>/Annots 675 0 R>>endobj
+1464 0 obj<</Filter/FlateDecode/Length 1609      >>stream
+x
�Wk�ÚFý¾¿âv“*¤Zi+e“¦MÕ$M–(ªšªì
&±gˆÇ^–þúž;0䡪B <�û<÷Üë�g)õñIi2 á˜²ò¬Ÿô±²ÿyý3¯Ðh2ITÒxœŒÃCA×g)åu'‚ÿ¤É”†“)þARïYzIO½rÓq’Òh:�´
¾•¤åÙp4Åßt:J&>tÒýKo?cW'á¬Ûm=—4JGɃÖ.='—§¯æg½§P™Ò|	»ÇÓ	ÍsçoŸæY§2¦¾sþ‡.áeë�°–º‚ÎýÖ0n•"[+-ÿÖ¢”'·îýßþlÖÇç­©>ØZÔÊèc)}ê¦C„lžw¾"oÖËåMO7E1ëÙ…Ò=m
+³R:˜4Ú»ÔŒ“›¯%yMÑßNOÖY��Ùæ~'^ë�Ôuµ£­*
+*”­©Æí`±{تׄÜ='±ÙH�Ëü‚¶Fß«i-n$¶œ`Sñ2‹áUÖÒòO;@v-ñ+tNÚÐÚ@x®*™Õ¦Ú%ôÔT$oE¹)XfÛ„œîåf³Ù݃ڦȃZýŸ�lâ½-Ô	G•�Å8=ð°èF>†NßÝÙí첉oÈ<äKeè‡ÝvÊ8cKQØ“w˜4s²-Ì�¼® �>¿ ?^2…¦¤w”K›UjS+¤Âåk‰8r³BÁÛR‰L.èJXYâù±)7M-«Ä{5¶Bô)zÅš׋•
ÀXÕY_={yíõ›eK=Õ†½7¨–œøxnJ¡tBsü¬N°G°Å[_Q�¯E¹ÚÔ`™Ì¬´úǧ™„mAª®`ú‰R‘e¦Ñµ‹ŠË�‡Á³…ÅÂWEfªJÚ�ѹÒ+z£Õ-…k@¤…›RSVIQs�°ŸZÞÖdk¹!eٿ鶼¹ñ:Rvb_÷	¤Ìèáb�¼ºE	u?h³Õ„ÅZ‰b_+α½M±*9ÎÐ “-©±AšAd¼l¹ðtñ®3}wß;À 3eÉU¯íš-YËJîk)rìž�>K®{
̯Ý2TÀW6ªo¥gËz¿X;{nŽ7;.ˆa€ø={„\È×ÏžP€°–ÛxtUDr%µ¬8Ë'9[V¦t)zsñeÌ„Œ±’A?+<H¦ž~EÍ8q
GÅCª,e®`E±;Î'ÍõD•wž݈Õê ÇI?0ë1Z"$à_)ëµÉc¬äÇF݈ÔÁa9È9q>òõ±T£¡ð­Ò¹Ù"ÖsúýÉãøèüZV7²"X)V²:Gˆ!¬šƒpUÚmÁr»VÙÚ%–#Û×\ä	wõp0D�Eˆä{öq]([½’nùÄ�X<´3Mï@ÙMSpöhRHhX¡69¼`
áöUÑŠ:wÓ]l”åNÛf¸„¹h)Í×5rèBËé)²²¤-w\÷µS2MM‚õ´£Wˆjÿ媒8±D&`¶Ò`ŸÒ�'ì‘m`3›Ð¦ñÝÖ‘ÛVT`ñoXlï)†.LK 6 w8H¦C7Í\&£d�ÐùKÝ…oݧÅîœs’0±Þç~z¢91=òÔk½ØX«\å<¢¹iÆ‚ÍA7ï:L:Lí?Ï!ïîÓVìŽpùYZ³U-Ed­(¯ËÐ5\È>aà6_—LuZJè$�ÎQ]BôgÛ[ÈrœÊ®•Î$I¸´~ÖRx‡zC›
d¾Ì(_¥ÜíES££Ö*ãRjãd¹/XFÙQÏ‚Ý�õì`›ÍÓBþ‚å½
ˆúR­�]Èyî‘ãç2˜=�W¦Û8s¶ªTŸ°¨ãwBc:Ð�oÜÎtP4	vxø•8 �~LWnÈ<p4*çäik¿’x‹Žc§&½–ù/hùcŒæ¿)ÝÜ’Ý¡‰—�°Ã�Çø³âŸ«Â,DñWTÜÇË€KDwèû$I*ÉãS°¿J˜ÅÎ�Ÿ^9�îÔklå'®WÞïæ´) îŠðªA]K½ý¬IÝçômã4•é¯`Ó!�Q°iêL¼~ôü
+4S™÷ÂñÊ–5<"ºl³eÝx¥;é»vòÿ{4Á«ÞxŠ7/Df8eé?ÍÏ^�ý)”v‚endstream
+endobj
+1465 0 obj<</Type/Page/Parent 1372 0 R/Contents 1466 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1466 0 obj<</Filter/FlateDecode/Length 1618      >>stream
 x
­WÛnÛF}÷WL�V
 ‹Ö]r
-´°åP€¦)¬"( —¹’6&w•]ÒŠþ¾gv¹²ÄØEÄ7Èär.gÎœ~=ëRß]÷¨?¢´8ë$ê‡É„“1>÷ðk%­ÎnçgW÷×ÔÐ|…GF|ÈÇ;š§­Q2Hú	}0J+½¦r#iš+©K*�ÿïÎBé·ó/03 n7˜i÷Æ0ÓšãøÖšTf;3–¾Ô†¥'f2o†ž„UÒÑN•oýIZ§Œ&³¢ÏJgfç’àjT»Bví‚doõ	ê!ö6R{Ó•“–d.ÓÒq.˜¿þ— Õeô͹[œçL„&‘¦¦Bg´ÎíŒÍØq‡ÚÝ~Òã˜Ê�(I9<©žT.×2;q$tC¢X
-Y
 ]iE©žäÁÁ¢¥™\’ˆÇjÇÞúF¸†SkLùìÑäÂH¨.ÞRQ¹’–’PLi×ñÍVrxl§òœVBå¤Vœ1TZØ=1z
¯
d»Fð:!_þ�Y¹ÁÍxÎmL•g�“žNÀ[­Vˆ�F8Ü"ú¦3çLªD‰¸ùÎÕ=Øî¹×º’ezå÷µxfe‹3µûK‰“ieU¹Ggt U…‹dâØ�tž}�rÏ|Æð•2	æ’À�†«Ôî·C~š	ƒ,˺‡É’­�"Ý(-©´\¢¯ç‹·B™dŠl£Û¶½Ê‘­iÖ©Úfþ*ª`=Ç3Ùžä7Ð.vWZƒÙ'“.uûžÊ‹Þh\ƒ»ÏßnwÃ@öØ€ç¡&QŽq�_ÉàÅ
-¡+‘û}gê§V*
Ôœ‚khE!u8üMjYÑ¢�—´¬Jt4i4Gº‘é£/èÒ|£ó©Ç
í5EWhº©;¬…;/OÉ9Í8�8¿ç¥‡‘«ür‚x�sª
‡“APkI¨)éø¯°Á*ìµúÿ ôXä~lõht
·W]/?3dšii „Ü@‘^¬ï%qoª d®Únóý³Dž(iÃU” ƒ ê2[¼­gKƒýÝ	¦&¤üˆÿ˜—˜o+¨Å$é^C퇵Ü�’aÂ$* �Ÿ¬Yæ²`9Èè½µÆz�¾º�Ýãg×8±ñ¥™™J§y•AúéâÍþÇHfqbì¬#Áº¡‹ãƒþÙE«ÜoÑ0h#~hÊÿ"”
bÇa&‡¨Äv+u&³„î­”·wl™›<N½E‹s6¨¨%Ü&·w%�ø
A쌾@ÿņóSØ�ûCÂxJY:${”â<¬Œ*ÏT£QïºAQĵÅ¡»
-ñýÄùZó�N%€Ìд=êGÌdiWÿù>¡s©™Ë!Bù`‹\N7¢Ã8zèImwáZ,P‹;SfðyŒÈ0EÃ2c	ýa£w>´Û˜¼Ž;€­
ífâçê	ù\oX|
a�3•V_+Iñ’3»£ŸBT§Ì¾î…½éˆØ‘šµ°w†‘�k?¢1®Ïÿ†�846‚—J�Ö’†“­0Á×96�Û/Y¡Ç½xrÚ^ÕEî{ã˜C¾Ÿ´ÖW¹JQ5Þ
-y¶ò¨b1QÙ�ïbÏ(¾øÜ/§ãó´.'¬—6žÓŽ×{§r i쬓´Â:èëo«ÒÉœ¥¬
;?*ß`‹–LÖ	jˆžÊ(Ú(Ñ%ð-Èmjºh
ÀÙ§é\>Yä>ÝMÃN°2ynvœ{
-åa缶5\ZY°ŽB
-HË’ 8;*ž{0Š
-q„ÑôÝbñyöñã|±ø5z&=ÌyÒýLW��ëÈÀ}eÁm‹î;�ÿ€[o½ƒ@
-Y,AY�ð]º¶¦Ú^ä°Fs8V#/IØøB T#_®"Ã_8­¥ÈHeRG¾éW[OkžçV=±–o¿Vx»’÷¼¡&ÎãHËó¿áMžl$,ã…(y�Ø!îKì˜KläXßQf–Xã•éåaW©×{r8	];g(¼®òèðNs³ö©�&‹ÖS²Ó½¾ÅXÃW(ÚiÿãïdªMjëö1ñ®û4Õ®n~¿½áyö]Nw&­°t•~
c»í“>µÇ�k¶ù?^ãA2Mðæ‰çú×lîýüìϳ({ Øendstream
-endobj
-1462 0 obj<</Type/Page/Parent 1367 0 R/Contents 1463 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1463 0 obj<</Filter/FlateDecode/Length 1858      >>stream
-x
�WkO9ýί¸ªZ5•ÂäÑlø²‚RvQU`!­©òÌ8‰ËÌ8µ=„üû=×ö�t(«RU„Éø>Ï9÷úÇÁ€úø7 É�>Ž)+ú	þì÷“!�¦|â¿‘´88�ôÎG4ÐlÁšå„÷û}še�ú®U%sr+I¹.…ªÈÖY&­]ÔE±¥´v$Nª×K#rU-ÉiTÉ
>Jc•®H/¼…[Q¦‚2�Kº ¥tüðÃìûÁaŸÞ,ï”°-–²Kofði·ÖÉ’2QQ¥zI[]LÎ;Ÿdpt:ÿÐ¥ëB
-+É™-|/9Lmਲuáø„‰–ØÛž3‘—ªRÖá´yC›•¬H8x\»˜	<ê*i‚Ž“9[)K:Ëjcá½úÜ^œ‘…9T
aðÉÞ9ÊïKÜYõ(œìÝ_Ý|ùëæêî:Áëá�¦
‚íl%ª¥Ì:GòI”ëBv[Ás!Œ,õ#òF©ª�$ª<Xû£ñH¶Lã³�Q;4Ó©Lp3#“
]CmeBWÆ×Y%v#Ök®F*²v@mܪL*ÝF¢z±ã–1–Lº4»üËŸáÿþ|rF©U¶
- ˜w¸©Ffº,e•Ë|þ!!n»®ÖFl�¥–ŸL¼ï‘Ck£Óè@½€9#}Õ}-´QKU‰¢Á,÷…Ü«VsV(Y9Z]6`܃G|‰s6’™à�Ð;Çâî½ÊQ—"[�-@amA‹,Ó5Û†cÇxA–ëš©"ªajÎ�O€ LJ—øoœ	r‹þšÆÁ_ƒÀ{†ê…<rçØ|â1âgvQ¤S`Sào…Ö*üÿú&¡û•pïA£«åŸñp­çË^»2Q[ð#EƒQ·ë³O>ï•xdœ	HŒréÿº¢	],žÑY[OÔ #½óáËΈ<'xƒdF­G¶Ó¼
-äV§#
š¾
S\bß¹�®fsÂ8f›p¤­Dè×F›pµU°ÏЇlpÄjc	º††óa¤Ðœn*vR)(ú(AµKØ“Õ—)âø5
-H*EU{:Ǹå
B¸q)S3Ð<=…Š­÷¹¯½_Åø¢FŠ,0ÞçÀn ‘~
Ô¯4ˆuª³Ön ¬KliU(Œt×Ñ"àKÖ@4ôò/sQ%(5s-àJÆÞïy«�*”ÛvQŽ‡¶¿]fœPã¡¥ô‚g
A.¥;½¸º%ÿÝt(ß¿}OPB¯S`­NI÷¤ áù7>ý–¢¦

-%ËBÊ"«‰:¥Æ{Òe½X.ïç&t«æZj‚V}‹Œ\C•}ñœÏ>¨
-‹›­Ó
-³¶öÁÂ}Ðivêj@´ŸEúrFQ½ÝÀÔ–GOŠHç„Z¨�eLbž{10^|ªÑ6gG‰Ë"q'Ét@ƒ£)�Ùùp<‰´‘\ÿõáp0ÛB”Á8³¹-ج…¼ƒ„üÎÂÚâ%^ÐålÔ»~ñ´³üÒU7.#âY,Eª±×”ÛVÚ
bRɸ˕e�
-¼ß)
-ó©!ñë²'èúä+†J
=�ÖKæLˆw˜ðèÄ„8ø/,(ô„·ð7ÀtF�M+8»ÅÒ¢K3,V€Y]!à8HÈ®Ðì,*àPÊ2eQôÝ·lœ!•Ê�,¬º(ôɶ|IcxZUq³Â‚‘ ìÇÄÎS ¹äOIvŒOßbÕæ�áx:ÿÀyÓÝå—Ë«ûKú|ssuã'ä9n¹yDzý.>ljz‚‰ªL ’Œ«Á'?/8>}B]Á]6Ð;ÿi!Š\;”´ó±ka§‹Z ú~›Ò‹jŽµ¨½€ùu‘E2(+ó::~VÖ&ê^Hs.í¡~`9`¦ÃÉó`
îw™9µlÆGH m�è#<mVƒŸqF´(£)|Ý,ž{òŦLòžå}¼m'ì‘�o¾õMá
öˆïîQØ�)þÄpæµâ­7þpï×Ò”Ê%Öoq»ÃÊÇqâ)GùF@¨Plh¼¼óª¹†g äTêE�_ð!ûåò‰;ýb¿~Ý)ºªxAEgð­uØ·ØÃkV7yú"‘Ž_W!u~Qf…c
œ0®y`¾n°®ÔÓKƒ2®¤ôkû~˜Œ–.S{|Ž–Q_jP›1þO·.à‹;úK™ŽÆ-™=¢
n€tyšŽøW?t{œŒ1ƒÂÖr­•ñÊÁ*~m4Û·?Èq2I¼õ¯5Öýx
T
_< C‚ÅU/ÔHñw÷K7Ú/†w`ö³?–Ÿ(ñìzàQÃ�8€A{ø3æ"�¡gWqy@
ý;
-×>¯ƒ‚î±êé�…TÒWå`0¡Au»òòŠS¼TMãàŒq³ž~¤ñ$^doO¾žžp¸ßù¾r¦³šóó¹sÀ‡Í�ÃIÔÊ;¿UáÑd”LÆSð'F}6ôyvðÏÁÛm´endstream
-endobj
-1464 0 obj<</Type/Page/Parent 1367 0 R/Contents 1465 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 635 0 R>>endobj
-1465 0 obj<</Filter/FlateDecode/Length 1937      >>stream
-x
¥XÛrÛ8}×Wô›”)›uW^¶r±g\;™H™d·ø‘�„1	h	Ò²þ~N$M1©¹Ô&eÙ$.Ý8}útCÿë…4Âÿ�cšÌ)Îz£`„7ÍÇçŸ{óE°¤ùrŒ(£p2&ÕSJë^û£óÕåhë£ËE°j¯m=g4Ï‚Yk´ýŒÑɼñ‚í¶Ÿ1ºƒE{m룫U¶G[ÏMÂY0o�†“`Lát
-{MçKœÛ?¹óΖxŽf˜ƒÑɤyâQàF«Y0¥)Ž6¢1~rI»ÞÛMox;¥0¤ÍpÏ—Ú$åmâAq�t:¨BÒQeNwÙ1•™Ô…Ò{ú”›�J¥%¡údR+<(M_•NÌÉÒƦ0$ž„JÅ6…½Üdt¯âÜX³+‚W›ß{#ºÏá×&ü"á’À�5þHU(£EJ‰,°ƒ}Íó‡·óÊ[°¢Yúõ 
-[SmãΧ3Ý`#“ÿ˯~9k³xc(Î¥À!MN“ÉOº–�.b£wjMz¹Ë€Î¦¤¬´•VÃ…C¯eþ°.Ì_ù…³zOÂ^l+�ϲ»'�¤,¿¿@.îHé8-™ÐI‡–¡mYø-jh¤MÁ¾šüÑ‚qì	hs`¼Âwé)�WàÀì×õÆ–ªðQl@�¢ëÇ{“	0ÂA
v|çÄm™´üŠDZL¹?8k­f×b¡iëðº€GL�¦ó\wÎ=ôѸ⃜Tš:hNÀ¥A‘ðÔÝÊXÔaÌå^Ù"?Ó£<Ã'ñÝñQeA[F~ð&øS"C@%Ð/æ$Aƒ+7ìÅñÿ’$Î¥¼ÔtÇ£JÏ$µƒ�ƒàbÖ:(Ç$ ÿ€qZâ´̆¥-B]Ql²Ìè@$Yr—¬�•'¥uñƒ¹
ݹàƒýOR+¤=†Ž Ÿ¡8Þ§åßO¼ù£"è+ñë(r–¢Hé]×­šó�¦%Ø*-‡PjÌ#í@4dTjÈŽ…3)bŽ7ùIYYËI�--Rk°êà>•ËbpfN÷*I¤î×kÚÀvÍ@äPYNVØç|á=/s‘Ýež©XÒ'?Ò„¢
Ë"s!�^9×_öìà‘èæ¹ÈEì¡õ–¶I¨Ù°ÞÊF´€LŸ;H‚è�ÜqûU¾½¬~(¦ö8˜ñüƒ¥ÎËÊǘ§l¢-D�üecH+a­‰°Ác•1o¢�c ³ÐÄw+Izh0YX:É4­ˆÙ�ÑÅåh¬U\kÀT!�ÁŠÉF;)ZdR}Üí¹ÕÂ%ÇI-�@Ç3™]{¡g@Í–šfo �` v¯§&v‚ËTqBͶÿ+sCo’LiV?þo(R«6Â�ÚáÊám\ÕŽk´=!…«%Íh<_T™V«¿¾‡!:
ÌxÍõ ¥‰i„¸S
9¸5ýï´“Swò}nÊc
Ü
ÑKqRFŒ7|vj @ÌiÍ„Îô�"ƇçÉKz÷IãÉZkVK;¢¨0&µQ”Kû¨Š(Ò(úŒWUÂÖá98P9ziÚ—/ï_œ:ÑÚž;LIL	Š\c8~äNæÒ«�ÛVƒïuŠ¶/vŽ*,Ò{®oÌ—­‘cŒÊªžÈJÔ×]uü#lY ÕqåÒù€¾hÀ[”¹�bP¸öBìYì8£aDW–s…LÄ…×NáP¿¬FÇ�c?‡ÿª¡&â»NøØLå’«$ÌåNY²å~/-þ@Ž¸�£[—ÈÑMTòÚ­¨ÈàÇeÇêx„¹6qõìD¦ò!E‚pêìs±Ý"s]ÍÊ"ºíœïßåBȽïŸen®Å4'΂;>õ¿@ëè^h±—yß´Ï"ÞzÉ·ûã&IÖЉ}<P®s€Ê3¶iufà¼6§+:´í2h¶]FùNÉö]¿ÐAªë–ËÞVÊ6-5%,/
-}S�p‹Ö¯Ò1nP9Ç(öÝ’–Ï¥u¶•Ï$/K˜ßDfFöl¡Ð¶¦L­zœÁof�dU]¹i·å—hz0ƒ>�&\:\Üf£*ë½nšßv°Ú€ý»Þ ±)è7%OÒѳŬ¿ðïz<
VÐÞÆÁw¬&ä»——ÚãPäÈÐ'&3îK´+Ž¯‡C|YsB¿6\ãN”ªíð~ýáöîÃÍzøpóíË:¸ùvSÑ¡ÎW¿¾c]FúOèõCš»[WSŠ:仼´Ñ“|Ÿ—û(ëÏ¿m>~üÐœ¦…³¯fK¾Õ^fðŠBÜFw¨LË \áW¸òm,rW>_z2=‚ÔÚçu§´qš,p�ÆÞÀ­ºafBŸqÍ,óy‚*¡7yæùßà€·.z<Ä“p“I¹Z°BÙ+ú|û®ïﾉ‰K¾»õMÃÔ*n˜
ç.qÆ�š¯o¬Vd[ñ’³œªèµqÙÕÐ3í�IÐýàF�z€Qçë^j™ãV¼¾‹DYa]Æ}QTݾp×Ö_�Œ–øJdá€]¿¹û†ïì¿£¦÷m—9à×õôëÅhÅ`ý
�§‹i°˜/}
-OCÞæfÓûµ÷«O\endstream
-endobj
-1466 0 obj<</Type/Page/Parent 1367 0 R/Contents 1467 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 640 0 R>>endobj
-1467 0 obj<</Filter/FlateDecode/Length 2008      >>stream
-x
¥X]oÛF}÷¯¸/…œB¢>#Ù}Y8qÒ5'ÝJ»A
½ŒÈ!519Ãr†VŒÝþ÷ž;CR4Ý<‹ ²Å�ûyιwüÇÅœfø7§Í‚–kŠ‹‹Y4Õîã·Ÿ/›M´¢åÕŸ~.»o9m/–¯Ñk¼{-pwµ^Eëæß}³»˜¾_Ñ|N»~ÖWÚ%ÞüŒvñå¡2'«t½Ú}ÁƒëæAD2Y¬áf—\~>
-G¢’dM!)Q"ÓÆ:[rÆä–î(šj+ñ�y¨3rG<h
-¡4å&3šÊÊÄÒZ:¡ÓQ¿sG©Ò	{žÑd¾Düp‡w‹„hÎawÁ|Ò’Lê¤u½pšhRS… 2dÅ~¹,,)K[Q)gežFô»©Ïq#ÜIB¦tÊèA8lï`Ü‘lqH|üšAª¶”±JŸ�ê3
-‰çòQæ#Â…ÓQÅG~¬ªuD[‰êÀK�¬K‘IK(
-[³»I/}o�Ë„»QltJAaP2¥ñk!8H~Ý{ôY†ÀmD;®»ï€Ä'X	�IJ+SÐ|�Ûž‹�RQçnÿŠ£�Ïh9uÖžL•Øý+�ÜÂãF£:²¢£Ì˴Ω�îhPÌ´ ªÛ±)J•G¾5ÃŽ‹zýºAÞ%eqL“,\mpIi.2N¦N*ÏQŒ8¯ÿr¯z!ù~¡ANò ´¨êÎ¥ynNô *áœ@§²äÀßøYtLsl¾ãSòiÑÝ ¨
-²a�öï·ÈçzâÚÇ¡ŽÖù6ŽA€
-(Τóž{·Øb!<lm*´ŒýZ�Vlìª|"r7Id.�ôyf†ï$æ„„ÔRÌWf„­ÓTÅJj‡¦³¹Ö�[M[z•
�:	àÂ}�ir°À“I-+ÁÎiôÁŠwº.vUm�Ln½Ø‘‡h%Eêd5¦<H“åÃá?÷Ü”jûüe%QX_$|z`8÷çµoŠ$­­‹€;áþ8­£x”zäÈ¢!‚hž?‘=š
-—˜ö*
~¹¦fÂlÍ@¤ƒt'‰øÊ~3€2È“oFˆVÄ®f{ì¶Ïx÷TrD°ƒ*ÈC ÚØ×™e’¡Ù ”Ñ‹*8¥k9$â–å2Ì$á 8	ƒŽððÉT §³Ÿ8Œ¾Ì;Ü+E%
-úŸ—¾?}7´œÌçÑl¹Ä�Dï¯gî·mnw*ŽjŹGÖäM§ÿÕÒ”±¤‚„6XY=ÊêÏïs2Y¬¢ëõæ<+n4mïß�Ô*Ÿ,Z/Žq™ÔEÉ(�Båü@Á£såOÓéétŠüCedªlÑ;�&‘s³¼¢ql=dªVŠø
аZ¥)XϤþ·V_=?+½\гю½ò‰Ì½ÜˆÁyî9‡L½"‡ÈÃV¾‡]W‰8 Ÿ~^àºWqe¬IÁ¬[(ʘ>€Pº7Z9¼ ?ˆˆPôÂhàôYþ–Þg»·<Â@·ª³úöv„ŒØûÙ'&7˜‚”AŽßÞ¶ŒDG¶ø:
-ãhPÄ^‡Bp0á±GU²®¤ü¶×gFšÈU…·Õ„~"äìgJ
1±ÈYE'Úe¢ÌÛ"J®†/TEV©ˆy ò‚P(צ¶@}"1ßüí
*Ù~™0ËÍ ?£¡>|Xó½àà�÷Ö9ºÊš‹½¥‚„�0ç&9O–ff93‘ÄÐã®õþ‘�?[`9¢7½ïh¾œ-”Ãü—"ì-§JAš›²¹Ø$8€#Ùzöؾ‰®æ~á¼
-|éØóyAôL–×k¾ÿOLÓÄ`�kÑ0úø�#ž)P2ä÷ù<ýˆGb‡©ë¯œû·7¿»€4®g“Cg“ÛÚLThö5jÚu	Ö³Ú8Y6ëQjxø³.¸	—ÅEh"ýg…]<Z®®ÇÍR¾Gë™6/©�×ü,}ñÌÐÍó¢àµÁvsÀø©s‹“* dAvÂÒÕÁ4íêˆO™ºÝo¹o~Fj‰Æû­ö[šÒÂÑ`åyÁñ~Ÿ?2”²;°@ñØóãìì¸ÿZhçÏÌ‚¬Σ‡íXˆá¨Á+�²œ_Žýl`zëFöY8v¿¾ÅجLN¿
--s|o!ÊU�
-Ç\¼Iüq¤Ç„ïœ{[ü8,sC¼LËOó\ÅL�ѧ_FC~§ó·Þjv¸.ÉgÉÿŸ^‰âþý<`0´}ÅLÀY/hl	©ùN¿/§=;Å(+±{ÿ
C½„ñšÆ<‘_6jH;cúGkô½üaûûv÷îþ·OŸv?ì÷Û'hB±\ì÷:Éý�Ñ�á�v¥¹ÊN†¯õ·5(nÐnã�Á›€È«ÃÀ'ö)ÔÊî÷Ë��4.×+=VyQ=Ñ퇣0ýø}–ªpŸ)͆zKI³�ðª–ÌA±(]
5|�ïµ§¸;¬ØíA¦íŸ§\ÐÀpÒï·Gÿ°¦z^‡#‚×–»ÙJKŽ®_Ìûf_ihîW$~¾g¿‡¦!~üZ,7ø{‡_J»!uÕô|¾¼Š®®—´Z­ÂŸ2¶7÷onpf2_˜¤·&®è‹?ŠùÐæëM4»ZÒd3»f›ëh‘ÿûÇùŒë‡êÙü¬ZmVÑf}ãՂͼÛ]üëâ/§Ã¢Tendstream
-endobj
-1468 0 obj<</Type/Page/Parent 1367 0 R/Contents 1469 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 657 0 R>>endobj
-1469 0 obj<</Filter/FlateDecode/Length 2191      >>stream
+´°åP€¦)¬"( —¹’6&w•]ÒŠþ¾gv¹²ÄØEÄ7Èär.gÎœ~=ëRß]÷¨?¢´8ë$ê‡É„“1>÷ðk%­ÎnçgW÷×ÔÐ|…GF|ÈÇ;š§­a2Hú	}0J+½¦r#iš+©K*�ÿïÎBé·ó/03 n7˜i÷Æ0ÓšãøÖšTf;3–¾Ô†¥'f2o†ž„UÒÑN•oýIZ§Œ&³¢ÏJgfç’àjT»BvíÞ(á [õ	ê!ö6R{Ó•“–d.ÓÒq.˜¿þ— Õeô͹[œçL„&‘¦¦Bg´ÎíŒÍØq‡ÚÝ~Òã˜Ê�(I9<©žT.×2;q$tC¢X
+Y
 ]iE©žäÁÁ¢¥™\’ˆÇjÇÞúF¸†SkLùìÑäÂH¨.ÞRQ¹’–’PLi×ñÍVrxl§òœVBå¤Vœ1TZØ=1z
¯
d»Fð:!_þ�Y¹ÁÍxÎmL•g�“žNÀ[­Vˆ�F8Ü"ú¦3çLªD‰¸ùÎÕ=Øî¹×º’ezå÷µxfe‹3µûK‰“ieU¹Ggt ê¹Ä¡;é<ùåž	øá+UL%�
O©Ýo=„ü4óI–u5r9äZ;)DºQZRi¹B5\
Ío…*
ÇÉ0"F·l{•#YÓ,SµÍü!TÁzŽg²=Éo`]l®´Æ²=N&]êö=“½Ñ¸Æ:6Ÿ¿Ýî†�ë±ÿ>ÎCI¢´�p�_ÉàÅ
+¡+‘û{gʧV*
Ìœ‚kHE!u(üKjUÑ¢�—´¬J44iôFº‘é£/èÒ|£ó©Ç
Ý5E{W躩¬Ö„;¯NÉ9Í8p8¿§¥‡‘«ür‚x�s*
‡“AOkE¨)éø¯°Á*ìµúÿ ôXã~lõht
·W]/?2dšii „Ü@‘^,ïqoª d®Únóý³Bž)»bFUŽ´ãaD]f‹·õliп;ÁÔ„”5æ%æÛ
+r1Iº×°;¬å~˜fQ
íüdÍ2—ëAFï­5ÖëôÕ}l?»ÆɈ�Ï@)ÍÔT:Í«ÒOo.ð>D†0�ëckuÖ
]ôÏ.Zå~‹ŽAAðCWþ¡l;39D%¶[©3™%to¥¼}¸k”rÑâ”
*j	wÉí]	 ~C;£/бáüöÓþ�/žR–¹e8ÛƒÊ#ÕhÔ»nPÔpmEqè®B<B?q¾–|£S	34-Dsú#YÚ¦¾OèÁBjRå¡�|°E.§‡
Ðaœ<ô¤¶»p-Ö§Å�)3ø<
+Fd¢a—‚±„þ°Ñ;ÚmL^Ç0�V�øífâçê	ù\/X|
a�2•V_+IñŽ3»£ŸBT§Ä¾î…µéˆ×‘™µ°w†‘œk?¡1­Ïÿ†�846‚wJ�Ö’÷…“¥0Á×96pÛïX¡Ç½xrÚ^ÕEÞ\a|;+H%Œ¯r•¢h¼òhåIÅøa ²}ßÞP|ñ¹[N§çiYNH*m<£/9Œ!¶ÎäÀÒØW'&i…eЗ5ÞV¥“9¯IY!v~,?G€-Z2Y'¨!Z*£[¢D—À¹ ·¨é¢gŸ¦opùd�ût7
;ÁÊä¹Ùqò)„‡½óÖÆ>�ceÁ:
+% -Kn€àì¨xî])
+ÄHÓw‹ÅçÙÇ�óÅâ×pè™ô0çI÷3]5®#÷•·-ºïtþ{,½õ	(d±e¡?ÂwéÚšj{
”ÃÍýáXŒ¼"a[à�P�|¹Œ_|ßX´–"#•I
ù¦ßl=­yžXõÄZB»ýZáí2HÞð†š8SHŒ -sÌÿ†K4yf°‘°Š¢ä5b‡¸/±b.±�c{Gi˜Zb�7¦—gM\¥^ïÉá$t휡ðºÊ“Ã;ÍÍÚ§š,ZSLÉN÷úS
_¡h§ý�÷»“¡6©u¬ÛÇÀ»îÓhT»z¸ùýö†ÇÙt9Ý™´ÂÒUú5Œí¶»#¼QNúÔw®ÙæÿxgŒÉx4Á‹'žë_³¹÷ó³?Ïþ
s ¨endstream
+endobj
+1467 0 obj<</Type/Page/Parent 1372 0 R/Contents 1468 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1468 0 obj<</Filter/FlateDecode/Length 1858      >>stream
+x
�WkO9ýί¸ªZ5Haò M_VPJU<‚ÐJH•gÆI\fÆ©í!äßﹶ‡„«RU„Éø>Ï9÷ú÷N�ºø×£QŸö‡”•;Ýv»IŸã>÷ñßHšîOv:§êõh2åw‡ãMrÂûÝ.M²ÖýÒª’9¹¹¤\—BUdë,“ÖNë¢XQZ;S'
Õ‹™¹ªfä4	ªä¥±JW¤§ÞÂ�(SA™Î%�ÑL:~¸;ùµÓ¥½Þ>¢›ä­¦ÅL¶éÃ.íÊ:YR&*ª´£BÏh¥k‚ÅûÖWÄØíßï¶éª�ÂJrf×3ŽRø©l]8>a¢¥-g"/U¥¬3Âió�–sY‘pð¸p1xÔUÂÇöd˜8ÈÉ\YÒYVm”çæì„,Ì¡hƒOvNQ}_áÖ¨GádçîòúÇ÷ëËÛ«¯‡wš.´¶³¹¨f2OèyÈ'Q.
+ÙÞ
+žad©‘7J5U…$QåÁÚ—Æ#Ù2�ÏÖDíÐK§2Á=ÌŒDL64
µ•	]_g
�Ø¥X,¸©ÈØ
Mµqó­`Ré–Õ‹
·±dÔ¦ÉÅw†#üûÛÑ	¥FTÙ<`à¾ÅM52Óe)«\æ÷»	qÛu…°–b(mùÉ´Áû8´0:-€Ô�3ÒWÝ×B5S•(ÈrOPÈ�jE,g…’•£©ÑåXŒ/qÎF2<:§ÃXÜ
ØrÔ¥Èæ PX[°"ËtͶáØ1^�å¢f¦H…jĆšs
ä Èñá%þ'A…Ü¢¿¦q¼c¨žyÀ#wŽÍ'#~&E:65
þQh[…ÿÿ@?$t7î3è`t5û+~Á—�ve¢¶àGŠ£nW'_}ÞsñÈ8PåÒ»¢	�MŸÑY[OÔ #�ÓþëΈ<'xƒdF-G¶–¼
+äæú¦#
š¾
S\bß¹¥®fsÂ8f›p¤ÍEè×R›pu«`ß > 'ØàˆÕ&Æt

çÃH¡9ÝTì¨R*PôQ‚
+j�°'«/SÄðk�TŠªötŽqË„6pãR¦f yz
+«Æg#½çâ
tA#CÖo�S`/PŠÈ¾€éwúòÑYk—–%è5Œl(4ÝÐà+Ö 4´ê/sM%5SàBÆÖox«�*”[µQ�ï�U»Éo�gÔ¸¨D)½„àYC�éŽÏ.oÈ·]
ÊÏ?”Ðëø‡V'�¤nžÿäÓ)j P²,¤,Ò±œ(Tªa¼#]Ö‰õb±áð^V0¡�0Rcp7óòM2r
YöåctV<ü +¬n¶N+ÌÚRØÿA¨ÙGè¸
Õ~Vé‹	EUôvU·ZçYùœÐn`£˜GÇFŒŸk´ÍiÇQã²ÈܽQ2îQï`Ìsö¾?ÅÚh®ÿz¯ßë…u!ê`ÚÜLlCÞAB~'amñ/èb2èÜõxÞY‚骗ñ¬–"ÕØkÊÕVÚ
dRÉÈË•e‘
+Ä_KÊ«=áMÝtutŽ©R@P „õŒYâí'<;1¡þ=á-¼Áßõ0žQc³œ]akÑ%ÏV+ମpœ$dçè––
+ð(e™²*úî[6Î�ˆRågv
+]z‰d·|Icx\UqµÂ†‘ ì‡ÄÎS@¹äOIvˆO?cÕî[ýáø~—ó>¤Û‹—wôíúúòÚ�È[r¸åæëö§øðY1R•	L’Qc5å§À‡¢OÈ+ÈË:§/6¢H¶=Ikë¶Ú¨ªïç±)½ªæØ‹ü¶É<¿0²NmefGÏ�¶6QŸñFš³ti=ðÛ
SNžÜm3s¦jÖÌ��@3ÛZÑExÚì->ãŒ.hZFSøºÙ<7ô)ªM™äËûø¶�°Ht¾ùÖ7…Wؾ#ð
+2K0ÅŸÀü»V¼öÆîýBšR¹Äú5n]`XÙ&žâq–/„
+µÁŠÆÛ;ïšKaxX
JN¥^Öù²ß.Ÿ¸Ó¯ì÷�¢«Š7Q„p6J²Ðaßbï]æé«<Z~]…ÒùE™„n¸æ‰ù¾ÁºRO¯
"Æp¸’Ò¯íQ2VÚLì5ì9XÆ|©A,Æ,÷/î\@÷óM‘í†["{@=Üÿ¦èñ8éð¯nèõ—dˆ––+]¨Œ7Öð+£Ù¾}	"FÉ(ñÖÏklûñú§*Œ
¾w@…*‹›^(‘âû
®îM×Úï…·àõ³?Ÿ(ðìz£JQÁ�8pAwø3¦"¡gWqy@
ý;
+·>¯‚‚î°é饅PÒå`0¡Ás;÷âŠS¼S�ãØê
q¯ïÓpï±7GçÇGî/¾®œè¬æü|îð^s`oÔ±òÖUx0$£á,ĉA—
}›ìü³ó™'Xendstream
+endobj
+1469 0 obj<</Type/Page/Parent 1372 0 R/Contents 1470 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 682 0 R>>endobj
+1470 0 obj<</Filter/FlateDecode/Length 1938      >>stream
+x
¥XÛrÛF}çWô™”¼Ó/[¾H‰j-ÙkÒqv‹/C`HNÌ @ÿ~OÏk³IÅ.QæÒ=§OŸîáï½�FøÒbL“9EioŒð¦ùøòSo¾–4_΃¥NÆÁ¤zJhÝk?ct¾ºm=ct¹Víµ­ç”ÆãY0k�¶Ÿ1:™7^°Ýö3F—a°h¯m=ctµ
+Âöhë9¥I8æíÑpŒ)œNa/¥é|‰sû'wÞÙïÃÑs0:™4O<
+Üh5¦4ÅÑF4ÆO.iß{·é
o§†´ÙîùrA›Ø¡<¢M4(Ž’NGUHÊD&sºK³D¦RJèsnö*‘–„Žé³IT¤ð 4}S:6'KšÂ�x*»ör“Ò½Šrc;~ØüÖÑõx¿6ñàg	—~¬IñG«B-Še�ìž?¼�WÞ‚ÍÒoGQ�Ø™²hw>�é™ü~õËY›ÅCQ.ir’˜L~*Ðu°t½W‡ 3Éå.:›’ÒÒTZI½–ùÀº0åÎê=	{±­@>Ëîž@<:’²üø¸°¥£¤ŒeL'U[vveáw¨‘�6OøfòG[†±c# Í‘áVˆÞ¥£d4^=l?lL@s°_Ç[ªÂÇ 9ø@‰®L*À¸ñ�·eÈò+Iq4åáè¬é³šu<‹„¦�Cëœ0
–ÎqÝ9öÐÇâŠÏqRIâ�9
–DÄÁw'#Q1—e‹üL�òŸ„;ýu˪£©,hÇÃÈÞJäˆdúÙœ$Hpå†}š8ö_RĹ”—šŽ"ËTr&©²–II@ÿß´Äi=˜
G[tº¢È¤©Ñ�ˆÓä.U;+OJë╹
ݹ؃ûOR+$=†2p‚ÏPœïÓòïGÞƒüQôŽ•èÍvë,m·Jï»nÕŒ‡Ø0+ÙÀNi�8„ci¢a ¥RCt,œIs¼ÉOÊÊZLêdy0Èg‘Xƒ5Ð÷«\F�‚3SºTq,u¿^X«Ð¶k"…ªÈrªÂ>§ïy™Šì.óLE’>‹è‘&´°(2òíÎõ—=;¸A"ºy.ryh=„¥mêE4¬·’ÁˆÉásI=��;n¿Ê·—ÕÅÔfs�ϯ,u^V ÷8Æ\8™`mî_@òWt�!a¬„µ&RÀ�UÆT¼Ù‹™… ¾;IÒCƒÉÂÒI&IEÌ®[.0™±Vq©
UQƒtb+&[íähe‘Yõi¿GèV—dµ@eg2ûöBO�š.5ÏÞBAAì^NL䗹ℚmÿGæ†ÞÆ©Ò,+~üŸ�¤Vi„µÃ¯ÕÉámT•Žkt=!…«%×Ìíx¾¨R­V7|=C4˜ñ¢	îALcÓ(ñÿ.†wÚÉ©;ø!7eVãvDô”
ãýž�(ÐsZ3¡ó
}ä„…ˆñÙyò’Þ@Òx²ÖšÕÒŽí¶0&±Ûm.í£*¶[�’Ïpm·•°uxTŽ^šöÕËû%N´vg^Û2›¹ÆpôÈ}Ì¥W·!¬ßëìZìSX¤\ߘ.%#G•V‘•(¯ûêølY ÕqåÒù€¾jÀ[”¹�bP¹ôBìYì8b£aDW–s…TDG…×NáP¿¬FÇ�#?‡ÿª¡Zðîö�ð±™>Ê%WI6˜ËNY²åá -þ@Š¸�£[f±Käí-TüÆ­¨ÈàÇeÇêx„¹&qõìD¦ò!A~pær±Û!q]ÍÊ"ºíœïߥBÈ�ï%î®Á4'N‚;>õ¿Bëè^hq�yß´Ï"ÞzÉ¿tÇ,�5fk‰�<R®s„Ê3öiuf ½6§+:¶
3jÆ]JùVÉö]ÃÐ�ªë—ËÞ¶;MKM1ë‹BãÆ$$Æ¢÷«„ŒTÎ2Š|¿¤åsi�qåsÉëæ7±™‘=[h´­ISËÞ‡ð›Y`Y•CWpÚmù%žÎFÆ P£É—¹Ù¨ÊúA¯†›î·®6bo×´6ý¢äI:‚¶¸õü»OƒÄ·qð=ë	ùþå¥ø8	9rô‰éŒûí‹ìÍpˆÏ m®Bè؆k܉µÞ¯?ÞÞ}¼Yn~ýºn~½©øP³�Á¯C„…ïX—‘þ~½JtwëjjQ‡}——6zR‚Oà3óOeýå—ͧO›Ó´pöålÉ·ÚË^QˆÛèY·Â~…+_ÒfÁ" wåóµ÷(“¤Ö>³_©mÜ£±7p«n˜©Ðg\3Ë<Bž ÌCêMžzþ78à­‹ñ$Üe®¬QöŠ¾Ü¾ïû»ol¢’/Ån}Ó2]TœÎ}(âŒ5ßßX¬Hwâ%g9UÑm㲫9 g:£ÿÁ�
£Î׃Ô2Ç­x}ÿ)ˆÂÂÊŒû¢¨ú=|	à®­!¾-ñ•ÈÂ
»~{ÿî-ßÙCLÚ.sÀ¯ëé׋ъÁú OÓ`1_úž†¼Íͦ÷¯Þ
'ó\endstream
+endobj
+1471 0 obj<</Type/Page/Parent 1372 0 R/Contents 1472 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 687 0 R>>endobj
+1472 0 obj<</Filter/FlateDecode/Length 2011      >>stream
+x
¥XÛrÛF}×WôKŠrŠ¯"¥¼lÉ–�UŲ³!w]©âË�°€3­ÚÝßÓ=	AɃkËeJÄ¥¯çœîÑSšàß”V3š/)..&ÑWN¿ý|1[­¢ͯgø,ðs~ú–Óúb~5‹®ðîM4ÃÝÅr-›o|÷íæbüaAÓ)mRøY^¯h“ˆù	mâË]e�.3ûèÍæ+\6"’Ñl	7›äòËAyR•&gMI¦öÆ:ŸÅŽ¼µ¹£{Š•¡Úi|§Dïê=ù´…Êåvo
••�µs¤LBǃ†1~çžÒÌ$ìyB£éñÃÞ-þ¢9‡}
+æ³ÑdSq°ÓÎwÂi¢Im‚Ø#+ö»Ëuá(s´VÅNQæ�ÎÓˆ~·õ9n„;JÈ–>³¦ÛÛY Wì‰ßð/HÕ•:ÎÒgäƒúBâ¹~Òù€páxÈâ?VÕ&¢µFuà¥@Ö¥ÚkG(
+[²»Q'}±ÎeÂÝ(¶&%Ž °(Yfðk¡8H~]<J–!pцë.�@$ÁJ™½¦´²M{¹m¹Øx!Uuî·o8Ú鄶—S°WGåÜÑV‰Û¾¤ à·ÕÑt^¦uN…ö‹b¦�Q}ØŽmQf9p$�¨v\”Ðë«y—´�cíÃÕ
—”æjÏ	ÂÔ1Ës#ÎëD^îT/$ß- ÈIî2£ªuçÒª<·Gz•ò^¡SûdÇßøYtÌplÒñ1IGGtߪ‚ì_B£åýù\O\û´!ÔñÑyi㨀â½öâ¹s‹-êQ`ÓkPatÌ0ˆè×
+´â`c_å#•ûQ¢síµä¹·|'±GÔ ¤Ö�rg¿1#\�¦YœiãÑt`6×Êù!c«iK§²!PŸA¸p_aZBxöÚèJ±s|t꽩‹MU;¯“;7ˆVZ¥^WÃ~ʽ4Y><þsÏÀMm 6ñ¡ä‡(+�ÂJ‘ð)ÀØqî/kß6I:W
wʳ¿.õ8¯ƒzÒfàÉ¡#Šiž?“;Ø
+—˜÷YslÍŒYÛ!�H;í�
–ÝnfÐ'éFWžf{½<ýsÉÁ¨ �jC©3Ë$C³A)£U𙩵‘ão™¸f}†3ÇÀ8(NÊ �\<A3³=°gö?q]�÷¸WªJôѾ?þ7¼M§Ñd>Ç�FogW
+÷[†6·O2ŽjŹ@kô‘Æãíw™ud‚„88]=éê¿ßçd4[D7ËÕyXÜZ?¼%md>!Xt¢Ž˜q™ÔEÉ0WO*Ëù� ‚ïËŸÆããñÉCed«ý8¢÷'•s³DÒ8¶ö²VªøÐp&KSОYýO“}8~ÉÌ|FG7é™|¹U	‚	î8‡N¾*‡Ê}Qý»¾Rq€*>e`àzÈâÊ:›z‚;Xw�”!}!+ô`Mæñ.�þ¨"BÑk€ÓUøS~ŸíÞñߪ“ÕwwdÄÞÏ>1Ò¸�À´zü$:²Æ×A˜G½"v:‚ƒY(�;d%;@Êo‹@»0ƒÐD®B(¼;QM™gBÎ2Tj¨‰CÎYHÑiZ™·EÔ\
)dEW©Šy¢ò†Pd.®mí€úDcÀÉ=dºý:aÖί+"Ö@0$~˜“fpô|ëmeÕÅæRAÄ�‹Fšs«œç‹3ó«™Jb(ò©÷òH¯ ®ÞÁrDo!{GÞÒ¤ž-–àUØ\ŽUqnêèb—àRe'ìÐ}]Oe弄ëØóyE”Fó›%ßÿ;æib±Ðµp|z‰È
OhòûržÄCñª›oœ{o÷ë
+Ü}À´Iâd”ÛU¨ö5Šâu	Þ³Þx]6Rjyþ³®S¸‰—zÕEè"ýk�u<š/n†Í^ʾàõLœ×äÀk2N_=Ówó²*x-€°]0€êˆÀî”в <aï:
5=E3yº,º=o2&�Fçe±ý+Ui
�h°õ¼by·�/é‹Ù=h�ñà“‰vöàÿ\h#G¦Á-¶
+/ðá@O<D�pÚà­&sœ_w’ýlazí†öYxw¿¾Ãä¬lN¿*£s|o1ÊUON(¸x›È‰¤C…ïœ|kŒü8ìs}¼NKzžÅ�Ì�Áç_}~§ówb‹
5kÜ)ÉÉÿŸ^�âþùD`0´}ÅTÀq/¨l	­ùN¿¯ç=;Å0+±~ÿ
CEÃxQcžèo–jˆ;cü
§k9ý^þ°þ}½yÿðÛçÏ›¶Ûõ34¡˜Ï¶[ÆäöÇèÇðF»Ô\eGÛ£7h·•Ep¦ :ÇîÐs‰…
+¥rÛmÏðIGš—K‰¥˼ªžéîãÇAü>+U¸ÏŒîEÓ,$¼ë„-³@¬J_C_E ­èl�÷X²Û£LÛ>a\�ÀpÖ?ém‡ýaQZ‡C‚HK‡Ül¥eG×—ÍÂÒ°\v$~¾c¿¦>|dÍæ+üÅC¶ÒÓ�ºnZ>�_G×7sZ,á�ëÛ‡··85Ù¯ÌÑ;×äEcÚt¹Š&×s­&7ló*ZE$
9Ÿre¨Þó¡MfÕbµˆVËë°/flæýæâÿ¡Í¢­endstream
+endobj
+1473 0 obj<</Type/Page/Parent 1372 0 R/Contents 1474 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 704 0 R>>endobj
+1474 0 obj<</Filter/FlateDecode/Length 2189      >>stream
 x
­XÛrÛF}×WtR”S"x
EJ~ÙÒ%vT»²“YWj¹C`HLÌ0˜�hîÃ~{N÷”DÅÙdåR•$`fúrºût~=P?š)SVõ“>Þì}|{4’S:Œ’U4LÇÉ`÷TÒôh2Lú4–1/NFXŒO¼8èO’	�ÒÓd(«ý$Ý=ñêpÐçÝC–PQÚó^y’³ãs¨õÏ’3^…ÚöIÎöOñœžŸŠÞô|IñIVÏÆИŽ†ñì¸�¿ñIV‡c¸’öS±*=•UyâÕËÙQï͈š-–ñÙ„f¹@Ò§YvüÖGÓ ê@]šêŒ]yü{ål¨]I”Õ%žßé°qõ�lªïM¦yÓEž¿šýÙNAw0HúiŠÌòãùð´Oq½5`·Ü°±Ø2ե΅BS§Õpë¬	®¦‹•¶¡CÊ攕&»#g©óþï�äe*¯Db�¬¹UüÄåj¹±^RÿÉØÜm<½›Ñ' èƒ
 šGHcñT–tuM›B[Z×®Z�ÿEåÝá(9Ohë;·¡Ì­·¢iJk	ÑÑÛÂ\ßëÚéÛéÏÓÙ÷·ß¿Ÿ};ŸO·>è*ÎçV‡ÊÙùü»ä;
 Ž
ï?Hÿ3‡vÐ>v˜éu µ®+ã=0ð¤<m]C¹ÖÕ�µëÚ¨ i‰lÀ¶š¼	:¡Ÿqbc›Õ:'•WÆjÀz¯©6«"ø}hg´pŸáÕ�Å~öJÀ…;R6ÈÁ™ÛÇ
™€
|XíÃvþYD´¡âˆBŽÔöJ¦*ÎÔ„Û€ãäÕõ�[óãù\,Œƒs¥ß£ý*¡Y¡kMÀP­±¾#zTº8äð:Äè	å5\®eÏÞeä’Y2\š,c�e^È`“;5>AÑ?ÏEì+X�ë„ÑÙ!!BËî£Ü€WYº
ŸGJ‡M*t¹^6%ýôñðÉà€eM¥±wþ5ÆÞåßÝ’¦ªZ(‰;!¬_÷zžß$®^%ôIS¡sE•©k$‰ÕJ2…¾ayÿ?-Á‹(`¼ãµcºÖ÷ºtë
-‘ŽK-¥¾¬á÷mÒE›£I¦!!‰×¹ê%�‘Ù‹RW	Ý,É»2"òŠíÅ¥"�äÑ]<äHHø_´,ûDÜÁTKdÃ4s!Э®k.0oª¦Dæq>^^_ÑBo Õ¡Å»àl6›Äß™õz› E{ˆmó¹ç«E²ƒKŠP•/·õ¢…kV¡Ó¢Ç UVYV¨hxÊÕ–©Eч뫺†Í9]*k
–Ç�Ök©£(
»8¦�°FIã<$Ƥ[>¿×	Ð@ðt¢ó&QMLFZ9Nvf)KÁ»Õ_!&·Æg±<¸H¯nÞLQ{õ{X½Ì,}ïe‰�uí*…w~²æs
Þ–@N²Å É\Õûoy—•=rüÿ2­ofb‰3„®ÌÁ
-ÓÛKòk�ù×´”²Çï¤2Yí¼[ÂèÜDÝËëU�ÑùSVtÓa2™Lh0â)N¦tÎh[í“äl€v7á);~@]€"oh…îÅ,ö@õ
-Çž9Îÿ-Ji‰áq‹Zç²Ud›j
÷ÜVk®°œžˆJè-8ÙµØï9ïäa&aÂÓ^Šñ1ïè�Ik÷‡¢�§{R›6뵫ŸÚÿ>'¬ü»–?Åàø°Ù¾A„m`²´‘ÀøÁÕÈš³woQN�\FauÝ`WLû=ºáB÷ #xVk‘ü„(Ÿ·½ÜÙff‡½jáš5vY#Ô'�%LZU;s$®‡>€µ¡'ÊDëÑÞƒ-X†³Ò³X”¤u©•Ç»…�‡èxhŽ«Æä¼Ñ‚ižõ¿‹r£¶îUZÒåKmàÞ•�
]á„Ńö�dÖÁcÎÛr‹Æˆ9�CóˆãV�ªŸeÓÑ’ò&ãü\ã*`2Ð>æ
-­BÃIž¾¦Âva1_â¿�¬¸³@di…øúk{œ“l+8Ü•«õú@Û�þ g¥ç±.wµ­uÃ�nòdÉå%E#‘bÓÏŠÙÙç0…b‚Á+/C¯´
̈¯pj,)N�}§Ì¬…Z”[‰²D‰¬ï
&Ü,¦6�
-Eó[Ù¥i'%ç„´ôC„Ü:EþkUBEùogð—K¾%¡M‘�ûrðn0ã湑¡d—þ;ì0�Äw‹€‚@iÅÒ¼7Š®þ9Ý�2œæ9�çruáŠ(áØ¡SY¡³;È0�š¯Ðg5rQ¬ÔÚ,_
-Ú²ËñøÇ‹‹Úèå	Æf¾	,ñ×®ÀœÎrµ0׶G¼PzŽàáíAØݵÑZÊ9h„�Gsú�rO-<Ø�¶™Ë!}ÇžæÇ;$3r>^u3WÂè] Å%îÛh‚ÿÁô£YÞüÕWˆrŒ$_~öä„I†¬Y†-un:­…+
F&ß�·ÈÿQ®&:‰x{fØw`>ç·Ya
,ì„}”õ4¹§=�O=ŸÉÿÂ�
çÀûâÀŸ$˜Ë1veß78+……äÚÁÌÆÔ�¿œd'å_àz©-8Ó$`2é>µÇ ¬H%]u¢œØ�tVX“©2¡[2\k‡!À¥¸²-±øfá³Ú,˜k1b'2„#$V³©<kðĺ� ²å,¤†>Õ¶œ
zP	`bÜàÞ/ƒ¶¬á1õz\¦X¸Ì¾,é¡k±*º\ðP£!8عÀ§ D0תÄ[¾wÂ!Å®ë‘ôûálÉyÏßíÀŨdœš÷×Ùn¤ø,vžâ³ãïB·—ô¡v¿0ñ]ï.XråçãIÒ?K©;éŸó~|kC20WÆK¥Li\u2´É`6ÂǼÉø,~š¥,æûÙÑ�G¿
l‹oendstream
-endobj
-1470 0 obj<</Type/Page/Parent 1367 0 R/Contents 1471 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 662 0 R>>endobj
-1471 0 obj<</Filter/FlateDecode/Length 2134      >>stream
-x
¥XïsÛ¸ýî¿b¿UéH´$Ëúq×iǾKRÏÔŽé&×�H�DLJÑß·¨Ðjg:�›$vDÀîÛ÷Þ.õíjFSü™ÑjN7KJë«i2Å•ó�ϯ–ÓdM·þYÓìööü©¢íÕüf‘ÜÐí|•,qw~»L¦ñßÅ>´X­“9-Ö+üŽFR~u¿»ºþ° ÙŒv9Ÿ½\¯h—ùs§´KG¹6Ga2RŽtCøD'Ý%ïv_¯&SšÌn°ã.ýKwT«¢t¤š´ê2É\XÆ}GÔ
-㔨Âåþ¸Uº \UÒÒÑ(çdC‘ L*y�YéÈi–ê.-ù÷|šÐs%…•”éæOŽ7Äbe“‘+%ÉÆ)äÈgì;‡�º+JÞ«PéŸHuãäwd–‡Æ ¿ZZ+
-i}’×Ò˜Ãd6K¦77Ô§ü2¿�ÒÛ|â“ù2Y0*/£gm­ÚW§—wô�3rT
-œ-(Õu[I'©‘®°ÎˆTÒˈr£kŒne£š¢�­U-bÖƒ8_ÞñéÃ*ðþ©hYDàÏÉ/wÏ`Æí(«ê�'‘w¥j^qš‘yWU'ÚKp™9'RÜ*¸Š:íjÁ—¯!YU%ô‹n¬Ê¤
%¬ã¹TF¢Ø¢¹,%³Æ‚R1ï½ÎN=±J	í°ÜŠz/ˆ÷ç
+e±ªV 
•]
”»z�#QçVj?Fp—è!Ž‰ªBIdæKÔúÓ€ª![ï°%G0°21SÊ@±Ôisú[àÂ%]Î\øA—^“ù"Ù,W4¹Ù@³àËßõqÑà¼Î)ßdéÖ÷ûït –�¶5cZë2ñŒÿ£qĈ%µ“�YtŒe‚>–ú÷Ôè죸t®ýéúÚcžø:$ÚcJ+•¾²e„€$ˆb<ÂKL~6ç§v·g»Øvm«�§ÃwÑÿX7ÔÂÖS¼¼
1Öc8JèÈ(M)ZéH*¥ñþ5@wh7ÔjÎ$ºD¯I"{õŒÖ�C�ÿ8ª@¬¯žñwriŠ¼{Š£ +²ˆYXB×À-Xkl�NùCªc=Èh5
-w§$I‚!k•¬g´™G3šƒj!õ
Í`ò9ȳNf¸8H´fâWB¿j Õ°N�Ñ•·ü/ªÉôÑÒæûõãû·ðÍçÉ|:ÃV¸£ï,È\W•>2êP 
[-¶�.
WU¨FTôë§Ç»‡§ÄÁ‹¹ OyPº³0–ØP2:*W’/ë%¹1Ä-kÔÛ Ó�²´G‹È˜ƒGÆÎszà%ú5dÒËqDÛV¦¼ô}¦8æ1ýf9æÛ¬GcÚŸè³JKôF¾õ†z¸ØJääjใÄ=ÀLfAGm^£»– ’ßEê�ôY’l³…7ijËI¢aðÚT7ƒf*§dý"qÏÁq
•�¡F¡Š=Î@ƒL…/O&p™;*Vk5p`ÝxÌÙÉ9â±ç
-Ú…®
-’ˆÔÓÑm,¡»ÊêñâƒFÂT¾„Ks»‚"
-ó‚è¬4ð|o~'²�<ô˜AÌH `:ùi!à‰>�RcõAš‹Ó_FO»xÇ{ˆFîðô“u žiòã!ü@*;æÞ™iÌ( �.0‚vO©ÑÇ—w=Ï^lïÙÝØGXŽNŽÖÁ)ֿĶÈ^~ë\¨‚¯¦ƒÆBôÙĦÓ/´¥î*pÈ´—óLœ
V,?Õ =CøBO¢¼k¼JE¥œïy!DŽèŠªàoXãG¹
»øIÜF6ê¼éþó§/Û‡§�¬ë„ÅÈQðF£Üã@Ԟɞ¹Ú¡#ãJ®'ÔÌbiCQ.Ñ~°¶Cqz«�žÊÒ¨ä$¬ì5Së%
bH;Ëöà:"�F•ÄâFpå™û„òÛ‚ýÆ1ÀÔ¨Ö1aó˜ý:Œ·<8?n©7Rþ8À•ŸÜÝümv€oà†¸¦]¢�F.wŽ1Ë;“õœF¸§äˆ�Ù6 %Ë·§ÔQÙž¡Æ´�ªˆ,e¶ù
C¬µè‹á™Ì'W�é†Ô ŒlQMÌlJ’¾ê}@çªÁsp¦Â-Œ‚p0h,¶kV
š,¶Q6LÄ¡¥‹¬V¸„�Sf{q"›($3Ï8 ‚vÍ38O×üàÕe]תS92N�Äq,¸ÿûh}	‡ÎÖ‚ÃàOðÝQÊK^÷
T"Þ%Û:ÌÃëÌéGÙ£!AdbrʧŽ%µ•Õ�݆qÁõTµÐmè}Áwu™y†�ɬ.1K^z€¥o�Bª}³@³å·
F%­4Žån{Ð8=:´�KÅ…¶ˆPÑ/r€‡~`ý”Ãn^‹W?Cšh–W¹ïi›ƒRJx„CIj?‡¥=ÑM~^Ôv/Èï'„#ÚvŒ²ïÉŠÂÈÒT 1?†“1SĉúdÒ¾:�¦‹çÀÃ]Þk!º^5÷ᥦðÇ؈ã9ü. ŠXwì�·P®=Þ‚!T¶0¨Ä«´æ¹íÃWåì~œŠ0]dŠy”
,ˆýÄ÷ñ½À9´ÔûËY©<-ÆøžîgÉ8"Ùn˜b˜ª�
-·„øþņ<.â«¥Ÿ¤¼æþáÓ–üÛF˜àþ2KÿÊmrx»'i‚QÄ€ÓRƒmÁ‚w€@-¸ë‡`¼hŸ_²gIY×ñÕ`¶À7ëZ.ñ=Çò–‡ÖíÝãý=ýÃô^:}a8øÉ�ò’Éjºù¿†ÜÅj‘¬–k|+ƒSÞìýîêŸWÿÆ\·Àendstream
-endobj
-1472 0 obj<</Type/Page/Parent 1367 0 R/Contents 1473 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1473 0 obj<</Filter/FlateDecode/Length 1934      >>stream
-x
�XkoÛÊýî_1p[T
dF’e=
-…Ÿ÷¸vÜXin
}Y‘Kkc’«Ë%£èß÷Ì,—–hA› €øšç9gfóÇÉ�ø;¤éˆÎ'ç'ƒh@ãù0Óx6Åïþ•šRyp1�¦ÝûW‹“�wci‘²�ÉlJ‹„`g0 EÜ3¾�µù®]Ÿ¶k¯)¶E¥Lá¨ZkzÔÕÕý§g*T®É¦r/³/¶ §ËﺤÊRí4™B¥¶ÌUÅ/.ñçùöó¿n?GßNÎt6<�FpÞ[Ànœ]TüMÁWphqŸ{Ó}‚#Gpµì%V;R=?\9휮êÍï˸“3¡ÙãžÃû§ë?“[+TjÙ«�)^[\ÃŽ�5
-Ž"b¸s6š ØG‚öq}¾¾ºJ}AÌ¿I]JýG­]ªYêª4å•úì—e+ÿê8I[tvqi6Õ»°ÎÖa-¥>,Ÿ>ÌiUÆk„f!(Ã…MȤ,à"µ5.ùVŒ‚¯4ð¡’~'@¼óïê:®+�Ðj'‰úþFt™Vxéïݧĸ6Ò´´¹<C-÷b}—ýøçÙ;]$H‡»Â
ùEW÷Ejª´ÄãK·ðÜBâ¿iÈÚêR®¦‡ïsÇ›žmJ)…Ü”65™v=›"Öb°Ônc°C€-Í8–@©°U`åu¼î8Í-ÀË„<dp-q|5Åü÷†^Ž¾</�¤3IKQ6@’cb@ýÊ–»¶Ô
ìo¥>ŸG“cøoÛ×äö..�PkmøMÈÀ‡cØUu	½±uÕÅÙÎÖC·Ñ±I=´ŽxâžKÇ„_ŒÝ�ªÖÝ
áú‡Ê7™î‹"!wˆÖr™–:Y.£6Œû”ë½/R\붰¬Â
ñŽøÚ°Õ"¦“wõ›ü¼~Gð.µ¾Tm:�Èc´îÆŸYûê)~ýéñîþ—èéÓož‚›™Ø0ÿ�׈îYÔÁç@ý~£L{¯G
B9õ‰~¼›Ó2™B//èl<ö˜™D³hѵ-RóR—ª2óûÂUeóo÷7fêÖ–¯$ÄwœÄÛ¸‚‚�xZÉÀÈ1’ iªKÍüZáC�á¡èéæZâTì'vëhþëjÃtæÕ^H”§ûÂ@lþI9‡P‚ùr·‘Xñ*ó’õ\I„`ÿÕ� àã]ÜÛ³i4ãù�ø—£ÉTÊ[nò°�ˆo�|¸mÉ›Xñ¾±xÎQ®âµ) eí*Rq¡®Üÿäõl„†ÌßrÆ$.5ÆØ¡èYå+_Í­É2R™³ðOÌ®·JÛx¿hr�¢Ñ€‡&Ò;—Yï0JSí(·� ff®�„U‰Né²Óraà$L.š¾ƒhL6E©Þ¢�9N…\½Š¤¡c~©ÔeCŽÕà‡êò0ˆHr¤5²X1^X[)Ñ+UaŸ�0öV¦½q®–eg»Ö¸.	*Â0ðóѾ²œHé¦lR¤+(Þ«Òf¾f*‘c‹]²�E¬{²«õ¾`{:äCO’ÁB”í­6‹›´�F%È�µYÇëÂÄ*Š•ç˜èÞnëêù×ËÏ·_Ò0¾·Wœ�J }kàæÓÃåýc×w»ëI6Âî‹‚�`œãC¨’ü&@§ïª4^; ØeR†¥*kë @dÁhֵ˸ªÙKú–⇠:ÎØddŒsÓ$
-ó ëž9‡‚eH^õmö@�µ(…
R¹/¥0a¶ »Ñ,ƒ¼€2«n®#úº†3¶r…ˆB·¼1õÍ
-�§:>ýPc‹ŽÁ½ì)Yº�~ßÓÌ/¼	%>pÙ8ἂøò.†ˆâ
-.ƒ¾V”ָýü#«ëúÅZ¬Ž‰V¡³ýÛ­m�%hb®ó““wz.„ZêXêø”'¸)ØùÓpupÖ`¨‡ý¡Œ²™ò˜•²meò§hCfc¦·w‰
-7c!¼ÑèªÏû¥6nÝN|Ò)n3\ÄÖÕ_)RžN¡8P’m�ßõÞÄ�?ób;>ú˜iœ´>Ú-­T,ÊŸ´
-,Iß,¡ØH戤p•:mYôwaÉ©Ì÷FÛ;™­- �Šžb­fÝc®5à‚"ÈY«·ßUf.3/-l„Ïp<à›mÛ/ü�ÝñË,¤”'‹CÛûF¸
-E³,{|uº	Ú‡tŠóßkÁã^vcµÂúèc‘Jà“Ž_ßÎ:¢ùü/á4[™ãOZê£uQ�/È­Ñóˆ¸SûUð„–IäÙÕqz m~ÿ:m5ákj‰ƒ5S!ζ"ÛœÿÞ™;`øq¢Zöä¸Þñ§2ÞÛv2ïŽ$ЧҼ¬«,?ðwL­ÁEXZ<ìcneÅj– FK¤…Á)Î~‰NMa<rý>Áw¯°×	V G(\3§ý.Â[#"*ÛªÝF-£ÀƒF“AªVs}hÍj2kæéKél6¢	4ƒ¹¬•Ï—W—ôTÚo@.ÝظæíB&�Tg8Á±ÌÎél:˜ó:ò­³ãé8šNf~_°áÛÅÉ?Oþ>¿¿,endstream
-endobj
-1474 0 obj<</Type/Page/Parent 1367 0 R/Contents 1475 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1475 0 obj<</Filter/FlateDecode/Length 1449      >>stream
-x
¥Wï�ÓFý~Å€tâ�“_MrHýÀQh‘hJ!¨­B{}Ùží
Þ5áþû¾™õ:¹„RD9!9ñîÎÌ›÷Þl>ž
i€¿!ÍF4žRZž
’
ý0&cšÌgxá­)—ãñìË/†Ãñé‹«åÙ£ç—4œÐ2G�é!À`@ËôbšÌ“QBOm•›ë¦VÞØŠ^TÎ×MÊÏî1½ÑޛꚚ-½¶ªäÇ·N×ôª¶¹)´{¸ü!¦4rˆÑ(
†ÔÍ“Éx„X‹ß–Ïî…E“vÑEwÒ¶=„\³ÝÚÚ“q”™<×µ®<嶦?Luù'©*ã§Å2á“ú]”Y2Q®4kìuiã'¹±;ò–Ò¶4Mu›}ŒÙ##ñ§ó¦àµNkÙv“Ò ©t@}À,…™r[è’óôíЭ|Sk')bÝhš0Øá´öÄ@)ŠÚ3Š?kÿ¢Ê-ºû±Ñ'Y>‹êO€Ÿ®µOH²~à(æN…M¥Y	ýbw‹{¼‘Á9ÈÉlÑCÀbµ£ÊzÚ¨O„-[…@[…®ëÓƒ)7ºÈzd«âVrj3ØØùmT­ZnЮR«Êa…òGÑCÝ]ÆØ�2Á,“z�qmkÍ}2ÕÉñ™©uêm}û(ËØŽ(ß<ùõ¥½u_¿z±ìÑncÒ
À+ƒKU݆ªZ_¥E“qü¤dFæ¨nIœl~˜o,ÑLâ¸êÛè-‚51‹ $fQPê0advç@Ü‘-çüèy”Ø
ÿ– v«.ìÝãÇ H)ï®»VÅ{*¢ç]¹NX:ø.0·EawØê‚KÒŸóõðq< Ë`1ýÑ$d\HG¶ÊoèGZá_DAȽÿÈ\ê>ñòÕêüíjUBÏíþòå1,K´&Ó¹jŠ`ž)i·âcxâ°ç‹p`{X�*Uj�šß9U®UPÛjÅçw]2ÜT-ëç|À¨?™ôXfˆ“Ö?X­oK3U"¬ƒrÞ±fÃ+»z‘Ó­mˆшW�ƒœˆ¬€î_æ\¬'Ë?”�óŽ¨Yª-kE’ä¶:5 q{{Єu
Úhµ.´ÈêÔCß7iA£©j®/§Ô§Ü�ý‚MÕÂb¸>Î	'”¾èÈÝ-UtfDqXU-§‚³eß!Ãà”×Úï´® ¶kH6àwƒ@˜)\tLÍ0†’%?KÄœIÞÖ`þ‰œösã2Î� +ŒÀ(+›ï‘¶µ„fIšÈJzs?t�ip‰Õà˜×uBo¤éÅÞ¼Cí(<7ŸQ‰ã1 <ݯô±«âÌGá Þ³³õ�#°ÓEÑ“1i<F�µ=ø ÆÄDþ/9´
‰³êê¶e$ÓoŸõ>éPÝ©—o›pKŒ€"7²�•…é%³ãÄÜã<½j<í”ñ÷XuLF<.n„þL-œÓ©çÔ˜¾bg�[½÷4&ÈØ–¤lëüeð�$VHuÇiÙŠYÅ™Æ;KÔÄÎe�7¸eÀ€“ÂÔ‘0¤ß¬;d؀堻€»ŠÎŽ4Ô¥cö›†çÜ
Û4b”´1Y¦«ÕÃãAºÀ] �ì
-|Y#§à,ìz@’µ*ÀDæ–èTá-§¦âU‡3—†£)|+áhÆì¾ç›<?JÙæa†òU¨§G•‚`JØ,I".ß0º{߃ßñ�×T6
-ÈÅð`÷à­…(
-gŠG±÷)³Az+†{(�ë+cx,~qx/ýFÓø¶ÏDŽ9RJ2X[ŒÊ  î¾Û‘³Œ—›¸¬c8S´ÂG³Ø\õù~~ÿoÌ[oNñKe>¦é?OƬ\Ê®žðÏ„¿1è'›6|Y–[+gØ�;ú³
®ñ†sÈïø-2™M’ÙtŽ;8s2åPÏ–g¿ŸýváWéendstream
-endobj
-1476 0 obj<</Type/Page/Parent 1367 0 R/Contents 1477 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1477 0 obj<</Filter/FlateDecode/Length 1917      >>stream
-x
�Xk�ÛFü¾¿¢!à 5 Ñ’Vû2`vœFâÇ�µÈ"#Q#i¼ä33\­€üø«î!)…kAl,öArº»ººº¨ßϦ4Áÿ)]ÏèâŠòòl’Mèj~›]Ðüæ?Ïðå5mÎ^/Ξÿ8¡[ZlðÄÕ
~XîžLh‘Ÿnë,U*îè%-ñï_?/—•wSè€ßîž-¾àù9M§|Àl–Í&SÏ®³ùÅ'�¿¥�zÐd]¤|§ó{½¦ýNEZ©šžï\©‡´v:B½_ຶ4H‘ùâ€L €ÛU µr:KAo› ã.êmv“¢^e7Ù,›gô‹±k·tû_ú˜²¦O:ÖÕŸÓž ã«lÎùþÂÁgæic|ˆ„DËÉOQÜ
=  ·fo^-8ËÜkõz$©2¼®Xkhð)*é�¶õ`ıqz‘	Bƒ7:ÜGW
F4@Ž[¯Ê0 e×4x¯ãιõ £ÅN«µñ:�Î`Å7 ã)w6jíMQÐJS©ý–q6è§Y¸\½¨HË8`qnF�ù‹årŸð:í1CaU©€P¯‚þ½F4†ÅØÔ½±[‰S:À…ùòÆ»’´ÊwýÏÕ½à’¨Õ��€³üu[¸•*>“«¢d6¨<Šö`O®PüK:èÀ …�–_»˜P“»ƒ¶ÁDƒ‡_ö‚[B¡��áø¥26âQ*UA…Ž‘›†?I¨¼¶øEÙ¹�TÚL@Û_!ä	‰Ð­#-„$Ü#Ä@ÛÐ"®–Q®b£½¶¹½ÝÐÁÕè[@ßi»q>×`#“‘On
gi
-Î2¾W!Ÿ-Œ”Ð	bŸ½{õ¼kÖ…๒öÞDœŸ#zàˆqóCR„£‹V²îà°å;cõˆ¶xÎÑ÷(л‚>*«úßCØãDÔ WŽ¸Crí,"¨Ze˜H¾Ú+‚Aòà(¿FKp* ðN•L·(2œÆùøiD«:BIè7ÈÍoµÛKÌÜ•U�žr¢^¯œ‹Rà¢ÕNá4#Nùç5c\Qò=ªÿ¾02ÎÓ;“{Ü&Rs9Ði|"
(àÈ‚„
v[9¤M|㘦C;5B
y‰¬¤ÔGoJå„gðš8<fÐÃõi>8õˆ`’œ
FþoAØJç,A8ž]Òør–Ý°œÞYž²#mFÇÖ+m¶…Sk´XãI-ÝPÈyr:Û+ï¤pz�]�qkqŠh'"·+LRÆÚ–{SÅNDû©a2}{â'V%ßN}K¡f|¿™)
[¤M_M§•ð>("áíÌѸW´¢•ÁzܲÂ$B@or�jþ42ik�È$�Qá«¢­¢í"Ô:a`1<¬ƒ#ËžR‡	e\¹GÙB¢p¿²üŒà’ŒÐdæîgHhˆZ­9§/uèÏ{ï±Ï ú¡Ò¬»Üõ Êë ãÙLG’(àòS&ÚŒ}{ééËðèGbR†•VöÀƒžœÔÈÉwP5Ž´Ñä¼ÔOðÅx4ð¸t\êSÆ .°–)M÷÷B7Ä“ª°[«
-‹
«&.Ÿ�dA¤9§Åë¢
µß´è¶à$éï`”V>&Ô"훺(ô 
-³Nî„m¹xÛIy*ÛðÖ)eIâÃn°>­�Íh¥ñ$¬çn9£áZ»Ó›AßtT¾ïš=@Cìùá7+<É;O*u‡ª+äßžurT#É;¼.Öì‹Ô
-v
zªy‰¤<:óV"¯^q­á:P¨tn6•6Œl*[ã�èt�¥Øj6¼l�>õze	¿á[¿‘<µ´¸qœ}¸Ð4X¦Ö~¶ª’cg£0‚·²N0&oPWB‘äÁÛ>%ì6Zž7ýd‘³ÃEZ÷1ÃS%¶¬Z��E�•x
K/ÆËgâÍŽÊ"ÒP,UR{ÞøgL¸X±1{1–ñÏ”z¯iR­x`)¯õj]§OÆ´cLw1Ñ �éÎq°
-¹¦´¯yêÈKlõ^C’Û:x4Ž…M2;¼~ß&•–uÂ0K1íAÏŦ…œ›fž
-e³ï’§Ä"ÜÂFjï¼m·m÷·—=øcÇìHúÄIóO5äÊ›¹¬ U¦#ÐiGñÝL¯KsÙ ŸÑk £¢nÿpe½Ø,ãM†^³‚­‰@„DÛý7J¯’æΚÇôVi_š�^j8	è?\üÎTäÍv‡d„šŒz‘�“ÞRaÔ>p
-é_5	C`Êæ-�]ªÈf´åFäÊ6ôítAÖr�jáL©@
ª`‰­4|l¸5òž*~]‚à0KV?v¯«ÒûC·É"	ÓØ€Ìð^h)v÷–õlá–|Ò/[¿�|þãMó’=½Â§7tu=ÍfW—ìí>½z÷úû¹/ìí߸¼.±,¿¼1¸ãö‘ñõ„?T8O/åü¦°1ÛÚË�ô¦À×¹¼ñ½àwó(ÀUôŸÆéßñBF~-³7¿žg×W7ø°gί9Ô‹³Ÿý˜+�Ñendstream
-endobj
-1478 0 obj<</Type/Page/Parent 1367 0 R/Contents 1479 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1479 0 obj<</Filter/FlateDecode/Length 1945      >>stream
-x
•W]oÛH|÷¯h8¬HŒ>lIö=yãd×XÛ›ÛèÎ8D�1"GâD$G;CJÑ¿ßê™!EÑ·— Ž-“ÓÝUÕÕ=^Œhˆ¿#š�i2¥8¿FCšL&øz5ŸáëÿŒ¤õÅÏ‹‹÷Ÿ®h4¢ÅšŸ�Îg´Hχ´ˆ/UaK)ÒkÊôf£Š
©‚ª"‘†ÊTÒ×ÊJÓ§�°ö MÒ§DçBß(Q/à7FZKÒÆb'£w‹ïÄÂÑÉå("þ?F“hÌ™ªp§¹‘‰*#ùCâ½1"ï“(ä ·Hà–_Ò`<�®ø½_ûøß×Çß?Ü=¾>Ý}øõáùãrù¢ŠDìrù¡2F失JËåg£×*“�Ê–�cŽº¢ƒÊ2Zã]Ä#¼fŽ}ZkCRÄ)ùb�E8ã³(Óˆžu)]Ú±.J¼b­2U–¶òHËËLmev¤RÓJ:�y]q|»\êLQ*g†œ9P!r¹|×ç“Jd&C>´ßeÇTùg¥ŒL\–êB_?þPe�-*7Gb„µùÖ�r3ö`Ž=/ï?Mƒ,CÃëhÊP¿Üýñüðü×qÎ%
P`’>Q–	§t~‰üb=R†�*´ÄϵËY^:è€^·ÿ6a·|vNŠÉf©ØK�z$•ï´)EQ‚g M!írQ%Øm©wÖU$Ró…“ð„-…))—Eµ™ùûrÏÌÅ–´ñ¶Úq†œ—S
š’“ê„@¶�2‘Éò]—Ú+ÍÉÖUÈxÊõ8ó�Fæz_Ó‘éXd¤AGt
M¦*I .{¹‹¼|çõs·ì(ÓI&ÈôÄ&zH4þçø>P/ÙëS¯�eªuÂßžÀ빞îá<îpÛƒ”3‹m$9»ñ¾09YE­R+…AGrkrDn˜Ÿ,EŸ_3ÄèY®�­¥Öj¸³Ðð¡Çà;\pãSW§àµ
-àl×é
-È;Ÿ¡›kŠ3…ö?ûúíÛq*c§Í7ýQ#»ƒ¯€'+%õÊäOz¬ÌبÄ*VzïÜ�]±eŒCÄÜé.kî7OwÏ�6n}ú‚¬Ý¤©¦®}ꌯi0¹ñ¦ð
ƒ}™YÈW¨Ìö
w™ág+ò•5‰\U"”É=žô~X$ô7qB
½É¿çÎãQ Pv¼•ð-#âftÔh+È€uï’*w]±åºàéÑš\1w™4†�—ì
^i-›D!<¼UÄ1�.Ø6&Áó‚€ìžgäVDcK|Tú×h‘³Î}ÖUãª@&Ž?ŒïtÍ9×–£=‰-Üé¬à>ã ðÙ~¾ð÷;H¹�Šå¨{g€¡š&€/�%tH…³þp‰‚K`2¢Jbq¯;÷ÀÙ‹Röäyø]Âï?Ý„¡À ÍýÀ˜FóhAèaär/ÚlÑè%&.]EC}-À_LáÚ7`
-¼¬kVàþ7':j´­=Œ�U‡ÉÑ®éÎîä‹Aì
-ƪdw2VkËÔèj“:W9k¾�€Ia‡Äx�‡X]Ƴh>qËË×lg4Šjs3Ã@TÀ�„HÊÚ�]cCQKüq�1ðªZ.S�óà{òec´9§Òsˆ]u*ZÉXÆeƒà
-8Ê	˜÷±ÿ¼5cF˜
Ìò`º¿ºÐßȦN©B?%¢x-tù
-SÓÖ­--±b±*˜£•ôýËpk#Htj œïém±ÿxlUzHQ¡WÊãŒø8Þ~:Ujimtþ6ó°È¼åBÀù8š»+PèñÄg̽ØòÄ
-�ÅÁ8Ö�ô9,d·µ
'Fíe�Å…wmª«,a± Ú^zÛëäLG£,,üvèËæ]Äs{ˆù^ž™¦y¨C3K½SµÔ+0ªôëj3х輺<¯ÍöŠÒK@³Ñ7žOeÅ´	uóŠÃRaZà!â41;e2º™Õu÷yÆñý8–b^½}&·Oâ™É„+fPCuz9…Uw'M®,¿ÇÐzîëë*Ë:áC¾@ÇÍMž‰¬#¿NœŒí<l:o[víZ'tXvN!ìf|B'vƒ¨ëL‰+‡Oqg:KªÊEQaLC­û„c[@N¼Añ€ß•‘ƒSTH[åPͪòðtÂ3‹¥äeš]Ñ=1D5‰‡.”º2¸I'öï8'î �¥¸¹Æ®Â°ñ΀„È�ºà
-ÀôØ	/J,Ž;§þEgño]Ž�¯ý˜8Œ§CÀ1klä¤öÏšçó�}k·¦Æƒ¦5í
}=>K9_GÂFÉÐXÑ"z(›zw»]¦Â,¸¥ðû¨ëUl0§�¶SsïÞ_x™}>íµ_Ü¥à	—‚°×Â=ü^{6Œ€·•Ùš1àëû°5Ê´�×W°)níó	Mg“h:½æ‹Ø—»§Ÿïøæô�Wý{C%ðyV+ç;…W³á
?ï§4}ÐÅZm*ãeý€ë½©œéØ[ú&Vš?ÂJóovvi.%W³«h6�û+üÕœC}\\üëâ/¢t_�endstream
-endobj
-1480 0 obj<</Type/Page/Parent 1367 0 R/Contents 1481 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1481 0 obj<</Filter/FlateDecode/Length 1817      >>stream
-x
}WkoÛFüî_±P4
lZ’eI�y
P«n¬ ªÂ8‘'‹yÇÜ#ëßwv�¤eæÑ"im�nwggf÷¾žŒhˆG4ÓÅ”Òòd˜i2'—4™Ïðÿcüqš6òÁÅd”\ô?x½<9ÿcB£-7¸k:ŸÑ2#Ü3Ò2}¶°a››{RU¥•ó,­5ù`�Î(7¶š’›··”åN§øõá””ÁGÁSU»ÊzM¹§´vN›P¨6;c÷&y¾ür2¤³ñ4™ à³Ï¶¦Tªqžï¼=ø KzcMp¶ etÁÁS[HQaSUPåì&/4á�Å/½*×ø[»oÚÑê™×šKúSN´‡ýäÖ]$cŽUáq¹ªÔšïÛÐ&w\v]I6©Eúi�°!ÇeMå?Ìrcl½zžÐ•´)H¦¦¼.¸ÐnU@³Œ*9òb	(\òöÕ’Ën~º~µ P;Vm=HEŠ/�ºbüQ«tAƒñpˆgÉüBêü·Ø¥�†ª¾¿šÑådlÈSF¡‘è'ëv>()1è¢ðT6æ�Û˜¡s…U™0¢Ë`ãlIªW–/잊ÜìÚo5ZêW0Öi¨U
.p£Såõ)
²ÇSŒÅ1o<µf“ß×.æ”{_ã´òtÐÒÄ3P¨íbìÓXM©vÚ÷kºc2ïîâ	ŽÎ	JJ$ùºøS©BàŒ™í½Âœö¶ø¦³ÿúŽèŽ;tÕ†¯ˆ¤Ìò{íª
�|eM¦MÊe#·™6¶6YTŽBO-©Ü•:;í% Íj¨e)ƒ/°(¹1eìÆS1Ô¦ÐÞÓÀk1z)a"Õ
rq‡ê;<+åýÞºÌãôAûA#)†M¸ünñæÃç›åû¿Ix«çÜÄãQˆMŒö²Fž½’^R^%*ËŽO ¿úq‹ew
˜²„Þå‚
ŠÿÂ*lµ³Ï‹fÎq~ 22o©ÜÆrISƃ�>1�Ú3³ÿ‚Ê 'u�.4Ø׶J{daë ßçöq€c&B’lB¢kHÌ•Âv§¿Ö0Ɍև^‚h?ú]À`Ï‚~�¡~ƱËVÁ%|L)ÙD<Ì#Õ9¨IjÍé
…–&/$WÖ›×Ýzç]¤º¿kéÜʉIŸïÊÚ‡;f<·ÀíGÖdÝ©$¯°Æš›OÛs0­XÇùWÍœ9ë¼éªõ¦i2OÆÉ4¡O¹�͈toÅÊÝãÕÍŒ%d"zeÅpãÐYL¦ŠÝ—|¥Ó|s§2@¶¨6ÇùÅ
t.’g‰8�ánúß[pÀE‰�“+¾ØcRjë"k#ÅÛùÂÚÇA‰‰ñt<‰ã)äµ~{ýº†˜[aQLNòÅg½°Qä몲mÿ
G¥™�xó �ÇAqž%t»U2ânâõhpØkmèÓÕ¥øBoL’aìÄeÓÄ®‡Ý|¹±�I/l
Á°(禠 ›v8ðY¬þioECÓd8½ä©üõ³=wc_Ûû\ƒÝ[õMóü¢Lšå!�E}ÈS–Iy•^=ç�tëRE_ñÅ�ªžê÷¼0C0vVøç·þ|LXAÇ#1º&CYAüØœF=hm·üô:5àËÄaÎbÓV+fF¼æ¥i@ù昬(•éØe
-üâ†�ø�|g±ìþˆ(t=¬Ob|
H
ÈX0Q'@Žõ TY€íW�W«†áA¨!ÆÑ$þ	N¿¨¥»R`�ÃnÑFî†Ë•×d[ù1šrÛíñ}„ðÚ+#Íñ AÜ%Ñ,”A¹@×ÚÔtNoµß±Q°‘3ßEÜ?ÆepÔ�—=”ÞÝ®ž
=]º„Ì[4–äÌ©ýZ¥;ÞI2Á»Éo!ë”ç‹%laF‡D?èþ!â=l”ÅÜÕ&N¦QúbµÚçÆPvi¬€M“(ªîgFÚ®¿å¶ö²¢?®rì-ì_½ÚaÓW—gÖàüÖúðݤZ�.›®ˆP¥n¯oÔ�x*°[6p}X`¥°éÅ�HV_~J�žG€.>;¤­
{Éu…	Q¾7ªfUëÆ(W˜/²tÊš!�Ë^$Êñö‹Yq4^OÙó×x;I³þŠ/4y©ÏÙ1£ 2Ì–<z˜ì~hˆ¬àlR9:b4?dêªñÑXõÑ^C²aréÇË7¯t�#Æ{ãöŽ·SEÏgâêøºËïh‚T9öÑà_kiÉô ÇúÎÃ8Ð]fµÇŠí”ñäÞTÐŽE¬¬ñ5UÚµ`ÞL”Ñd’ÌçcšN¯’阢Ïn_]¿~E7Î~á÷×[›Ö¼êȼ–ÂGS<sçt6^ñù8ÞøÝxôlxo|pu*«âºÕ!ðZ&~°ñ±%v‰ Â/¾w2›$³ébÜ9¹â_½[žüsò?§hŒendstream
-endobj
-1482 0 obj<</Type/Page/Parent 1367 0 R/Contents 1483 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1483 0 obj<</Filter/FlateDecode/Length 1637      >>stream
-x
�Wkoã6üž_±(p½à(¶“8�òlÓ^M´DE¼H¢Ž¤âS}gIÙQt)Z‡»³e’»;3;K}ݘÐ&´?¥�%åÆ8Óìà0ڥ݃}|žâ¯‘”mœÄÛ‡4Ù§8ÖÙl/: 8%l�)N6gÑaDg7WǗמÞ\Çw7Ÿ#÷ÍÑ=ª*ÕKK×1�éR¨ŠNuåŒ.>Å_6Æ´5#\œnþH÷¢\~º}±G“	‡šN£éx‚E‡ÑxgÊËnµµjQ´tÓ¸T8™Òþ5Jøó¶/v»�8y2‹Æ³=ÞçÊ’¨kY¥ê-…%mÔ“ªD�ƒDãrmpТ¥_u^Ñ/KS[géŒ\.Cfx*JUJ8LUIѤؔKHÎ{‹ƒîD>ÏZ[N˵Q¨hÖåµµ.i?:%]ßÄçt–­ÒߤqqBI?¼…­�柲¶ô§I9|ˤ!|Ö•$[ËDe*¡RbmÊÅp­²r*NéŠCöRv¹p”ˆŠš*•†‘©èþê„ROè}Cò°T¥}¼Ë÷Ò¼ ‰�hBKÇêÂcû"°¸±ƒ ‰.kQ)	~€ìBX`ª+>øu‘üæde‘«åª˜‹ÏÇ× ¼Oˆ1EŒÚh§]D}¥)VXÚ$2„»R‰ÑVgnk�ÎR´ÐCF©åjÑ8U=ùH�Eˆ·ˆ$'8Ɉî¥ìï…	 YQÖJÑÙ l®—�ˆßZP j.ý€�‰‘üåmû
-…Í«ó!›ä²ä˜Ç«ð-£•/¥OÏñ•—$–Mg¡õú¿ò8Ë'gz„£[’Š#� ºà.ÎT!=g ªr¬˜õùæãÍÝo?ßÝ<ÜÒR›gìg¥¡Æ
"aýüW�ÃÅê/Â@Üjå!Hp»\H3¢[£JaÚÕº$ú}Ü‘<7õ÷+çŸ"ßrV”¨j3�ïkº¹ßžÒ£05çGtë,t+\îkô0xüɪRbX,4
-1:;" ÉZ[æ*É}¯õJ}§RQhˆq	ä{êÒk*EÕR-5ÔÇ|ÃØ:¬�
HÖXèz„n¤Bº�\`Ë-•R ƒÑXB™áÉ稷íE&ÛÂÕJð–ÛŽ<°™{.�|âfj{í#Âú1
ASèSî}f} �TÚíèë
2ÊÁâÕ_AMªB»•á37£Ê‚R	Κor5òk)€ñ~¨àûgB–0déEfšÊ#}aà z¯%dõ¢Œ®J$².C@óÝZ?RÂÄ):«î™[¢‘A=›"�Ï0QÓ¶%vðX*´HÅ|ja`�Jœ+p•<˨©uÑ%šQ$nÄ?ýÆØPÚ°d¦]¬cz
-ßJÑR%áÈø¹‚�áô»4ˆ„¢Z�3J)îçÆÞ±g¡1�‚볊{È—"AF’³F½œœÞ%Ôž²ï—5'ŠÔÚ¿uuèùÛéÑ|þxy}Ïç?1⯷„M¸¾¡÷^ÖwZ»óyø²3�ϹmÔSÇÑÊ,¹�ž$ˆÇšç©
-žð�ÎFõ‚ÕŽQÈÎu˜©Lrý&Ówò'êEúùâGZ ¦ëE/úV70‹w 4¨De�\¡`ÞfX¢¼mE»ÿd“‰¦€Ä¹£�nWâÆïÝÉʤYß~zT@«¢»PôQÑz0÷n¾Åpa7Ž·³ÓÈ×CŸsæ÷ÇWƒôX#÷ç§w—ñ]ah\�;wðêxÆ Â*Ë\QŒC÷Ä¡/U.P¼¯†03’�é{r·¤ O$fBó½‹ÊC0ÀF¥NeR´|?Y'Ûóe”ºvÁ²AGöîžÕÒÊâ�·�pMÿ¤õ
Å1¥Âõó:Cwy4_3êî\Mªábß6°oQ| ñÒJõ{ ôÚû
É®'<œi�¯]
Ò×/{/PãyÉ ÷òúyÂOùÚöqèoë2}™âAžkÌz€Lœ6툞ŒÆÕ \*l®jÌk$óìtÍnÃ�
-!Qø.#¿}qÐÙÍd†¦ƒ¼íF{;üÒ
žãj¢¿à|\8’†GÈúâ�ד°ck|ÈëÿÇ+õ^šv÷w£ýÙ
ÞÎpÖÞ˜³;�7~ßø4Z™Ëendstream
-endobj
-1484 0 obj<</Type/Page/Parent 1367 0 R/Contents 1485 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1485 0 obj<</Filter/FlateDecode/Length 918       >>stream
+‘ŽK-¥¾¬á÷mÒE›£I¦!!‰×¹ê%�‘Ù‹RW	Ý,É»2"òŠíÅ¥"�äÑ]<äHHø_´,ûDÜÁTKdÃ4s!Э®k.0oª¦Dæq>^^_ÑBo Õ¡Å»àl6›Äß™õz› E{ˆmó¹ç«E²ƒKŠP•/·õ¢…kV¡Ó¢Ç UVYV¨hxÊÕ–©Eч뫺†Í9]*k
–Ç�Ök©£(
»8¦�óx�š†ˆŒY·0„~¯À�èéDçM¢š˜�´rœíLS¨–‚+v«¿BPn�Ïb}p•^ݼ™¢ø
+ø° z™YúÞË2MêÚU
+5.îüdÍç¼- œd‹A’¹ª÷ßò.+{6äøÿeZßÌ>Äg]™ƒ¦·—ä×:ó¯i)u�ßIe²Úy·„
й«ˆº—׫£ó§¬è¦Ãd2™Ð`ÄcœŒ)h�Ñþ¶Ü'ÉÙýnÂc vü€ÂGÞÐ
+í‹iì�ëŽ=“œÿ[”Ò2Ãã#¼Îu«È6ÕîÉ­Ö\b9=•Ð[�²k±ß“ÞÉÃ,$TÂŒ§½TããôÝñ!³,HÖîEO÷¬6mÖkW?c´ÿ}Nhùw-ŠÁña·}ƒÿÚÀdéÿ"�ñƒ«‘6gïÞ¢œ¹.”ÂêºÁ®˜÷{tÕîÁFð¬Ö"
ø	S>ï{¹³LzÕÂ5!jì²F¨NK%´ªvæH\}mCO”‰Þ£½[°g¥i±(9HëR+�w!ÑñÐW�Éy£Ó<k€åFm=Ü«´¤Ë—úÀ½+4ÚÂ	‹ï!ɬƒÇ
+¤·ä�ƒ‡æQ—Y5ªV|–MGOÊ›Œós�»€ÉÀû,´
+
'mxú>˜
+sØ…Å€‰ÿv.°âΑ¥âë;¬íqN²-0¬àpW®Ö_hmGúƒ¦•žÇºÜaÔöÖ
·J¸É£%——�DŠMk<+f#dŸÃŠ¯¼L½Ò70$Z¼:À©± ¤8vz4ž2g°jQn%ÊU$²¾˜˜p³˜Ú0@*Ýle—2¥�0”œÒÓrëxIø¯U	å¿!œÁ_.ùš„>E>VìËÁ»Á�›çF¦’]úï°Ã@Ü-
+¥KóÞ(ºúçt?Ëpšç<ŸËÝ…+¢„c‡Ne…Îî Ã`>j¾BSœÕÈqD±Rwh³|+hË,Çó/.j£—'˜›ù*°Ä_»s:ËÕÂ\ÛñBé9‚‡·a_ht#ÔF[Th9(ç vžÍétÊ=µðdCÚf.‡ô#xšï�Ì0Éùx×Í\	£Q+.qãFüæXÍ篾B˜c(ùú³g'Œ2dÍ2l©sÓ©xl-\i04ùÜE
ø‡�ré(PÑIÜ3À¾¬8ÁÍ
+k a'ô£¬ß Ë=mj|êùTþÆÔˆ8
^èwþ(ÁdŽ¹++øÆÁi)4$¦6æ~üåÄð`;©ÿLmAš&
•I“8ŒI{n
ÒŠdÒ•a'
+Š-Ig…5™*ºU ÃµvÈRàÜK,[�o>«Í‚Ùö=fCìDŽpˆÄl¶•§
Z·U6�Å�ÖЩڦ³A×
Ì"
\ŒKÜûeÐöÐ�û—ñ—%=ô-VÅQ—;ªt#;ø„æZ•xËWO8¤˜Âu}"’~?ž-=ï¼¹ø•Tóá~ä:ÛÍ"ƒ_ÆÎS|ã/düièâöò‚>ÔëÝKn�âÜ`<Iúg)u'ýsÞšL�
Ì–ñ^)s×�Œm2š�ð=o2>‹_§F)‹ù~vôãÑod­õendstream
+endobj
+1475 0 obj<</Type/Page/Parent 1372 0 R/Contents 1476 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<</I14 14 0 R>>>>/Annots 709 0 R>>endobj
+1476 0 obj<</Filter/FlateDecode/Length 2153      >>stream
+x
¥X]oÛÊ}ׯ˜·*…E‹²¬�Û¢…}o’
+¨ßHEZÀ/+r%nLr™Ý¥ýûžÙ]Ê4Q (Š$Ž)rwgÎœsf¨£”¦ø“ÒrF7ʪÑ4™â“Ë�¯ŸG‹i²¢Û9ÿ¬(½½½\•´ÍnæÉ
ÝΖÉwg·‹d¯ø.ö¡ùr•Ìh¾Zâ÷þI‡ÑJ—øÔŸÍ¿¤Øtž®“9‡p½Içô›¦ßG÷»Ñõ§9¥)íâbµ¤]îÛÒ.´9	““r¤kÂ�u›|Ø}M¦4Io°ó.ÿK·T©cáHÕYÙæ’¸þ´ˆûŽ©Æ)Q†�»ãÆTê#T)-�ŒrNÖ$	Êå¾=R)_eIV:rš„¥ªÍ
+þ6Mè©”ÂJÊuýÇ›öb±²ÎÉ’dí à3ö­Ã¥n�ïuT¯Ò?‘éÚÉŸÈìƒü*i­8J듼þ”Å&išLon¨Kùyv;¥÷ùÄ'&³P*Ïã'm­Ú—çç´90rTœ-(ÓUSJ'©–®°ÎˆLÒó˜FW>ÝÈZÕÇ.¶F5ˆY÷â|þÀ§÷«Àûg¢d�?&¿Þ=y€·“,Ëÿ?©ˆ¼+Tý‚ÓŒ<´ey¦½7�™s"í#WQgm…"øòÕ$+¡Ê„~ÕµU¹4 „uü —ÊH[ÔÃR2k,(óÞëüÜá«”ÐË­¨ö‚xÞ°T«ŽÀ
+´¡¢=å¶ÚãHÔ¹‘À_!¸
mÆ™DY¢"2÷jüaÕ�­ö	Èr@,¯21QÊÁ°Ìisþk Â�-*¼±¥Åd6OÖ‹%MnÖP6èò7}BX´¡#(¯�“ï’Š‡tú
é»ýw:0ËG[‹Š!­ô+2ñ„ÿ
¢«ã%5%s�ItŠU€>–ò÷ÌéÉì³Ç·p®ùåúÚCžø2$Ú¯(+UöÂŽ’à‰u°¯0èY_ž
+ØÝ^ÜbÛ6�6ž
oæ4¦ÿ²®/…­gh%0xb8¬ÃpœÐpQšB4Ê‘THãí«‡nßm¨ÑœI4‰N’4öâ	­¡†ÿ«¨±¾·xÆß9HcV¤µØ£P6Š<bŽÐÖ°GÖÁ£3¾8€éX2Z�Â�Ä9I’à=ÃZ&«”Ö³èE3P-¤¾Fg`·ŸÌVIº†‰ƒD+& úN‚®´j–©3ºôŽÿMÕ¹>YZÿ¼~øø¾Ù,™MSlµ†9úVÀz<è²Ô'ÆÂB
+4`§Å¶ÑÄ£ßj£Žª%ýöåánó˜8X1wä)_•n-|%ö“œNÊ�|‘zྷ¬PoƒFCÊÒ"gž;Ïéž•è—�I'Ç1m™ñÒ�¹â˜¯è–Sð§¼Ïz|Å×}¾íÏôUewÊ-~62´È<¨E€ç÷3™�´y9Ý6…�ü)2‡¤/’d—=zÓ‘¦²œ$ú¯¡½AEp3`®à”¬¡_$î¹"`å`¨Qh„b„E‹3Ð3áË“|Ì
«…µ8°nsoäñ•ç
+Ú†¦
+’ˆÌÓÑûl,¡»Òj�OÏ,ºø ‘°•/`ÒÜ­ ˆ£�÷A´VX¾7¿3ÙÖ?ZL/f$pd:ùa!à‰6�Rcõ«4ƒÔŸÇ�»xÇ{ˆFîðô³u ^hòö�
þ •½âÖ™kŒ( O.0‚v�Ÿ©Ö§ç�3^¼
+Ø>ܳ»±�"0°�­ƒR¬�m‘½ü	Ö¹P_7=�'„賉M§[hÝ–à�i†
óBœV,?U£;Cø=¡Ç
…èÐÖ^¥¢TÎ÷¼"ÇtEUð7¬ñ“\¯Àü$n#›u	ÞtÿõË·íæñ3ë:¡�£9
+^k”û*µc²g®vhÁˆÁ¸‚ë	5³XÚP”!Úk[§³úè©,�RNÂÊN3•Î1P²Ð †¬µl¾¡#òhTI,ndWž¹? ”ßÌè6Ž
fF5Ž	0˜Çì×aºå¹ùaK�‘òeW~¾wwýÏh³=|—0Ãpèí0r¹˜²¼30Y/iÄ€;J~ƒØ™m=Z²|;J�”-€ájû¨ŠÈ3f»‘?0ÄÊQ‹®ž™Á|Êà1]ó|:ÊÈÕÄÁ¦$é»Þt^A5xÎT¸…IÐ�…ÂvÍ*@“…£Öʆ�8´t‘W
+a^ÆÔ…™ÇNdS…dîDЮyçášß¼º¬k•c(GÆ™‘8®‡÷­/aßÁZpüÉ
¾;I9äEp0@%2á=0Q²­Ãœ!0¼ÍœßÊ
	"Ë“S>u,©¬,_Ùm|ž©º
] +㮆™çø�<€Áê³äÐ,ýhR}3c?2*Y©q,wÛW�Ó£óG*.´E„Š~qxèÖO9ìæ•xñ3¤‰ögquð=
csPÊ«áPÒ€ÚŸÂÒŽè¦?µÝòû	áÄ„ö‡£ì;A²¢0²Ô%HÌ�áḏE¢>¹´/N£éâ9ðÅð@W‡×ÚÞØwÞiJ
Œ�8žÃïêØë஀½õʵÇK0„ʵ‚x¥Ö<¢}øª\\À�S¦A¦˜GÙ°Á‚€Ø/|ß¼ÍûPSì/¥ò´ãÛ<õÜÍ’qD²í0Å0U
n	÷ý3Š=y⛥�¤¼æ~óeKþm#LpN³¿p›ìß.ÅYš`1à¬Ð`[p„à Pîú!ïÙ—wì4‰#ë*¾¤s|¿±º¡Å߆,nyhÝÞ=ÜßÑ“Ñß¡1L¯á�Ó†ƒŸ¤x”—L–Óõÿ4äΗód¹Xáœ2Ÿófw£ßGÿ‰•¿nendstream
+endobj
+1477 0 obj<</Type/Page/Parent 1372 0 R/Contents 1478 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<</I15 15 0 R>>>>>>endobj
+1478 0 obj<</Filter/FlateDecode/Length 1966      >>stream
+x
�XkoÛÈýî_qᶨØ´$Ëz(
+?·ÖŽ7Vš- /#rhMLrEÿ¾çÞáЭ"ØM�@âã>Ï9÷Ž¾
¨�¿šé|Lq~Ô�ú4š
¢�¦|â_©)=úFƒI4ô�ó‡A4¥óÑ9þÇ[g÷ƒº±ô›¼qMº¯_Í�ÎîF4Ð<eWãé„æ	Á]¿Oó¸g*¸‰µù®Ý	mV&^Ql‹J™ÂQµÒô¨««û�ÏT¨\“MåZf_lAN—ßuI•¥Úi2…ÜJm™«Š\àÏóí§ÿÜ~Š>Ì¿õétpŽðçIo³qftQñ+û+t\ÁŸÅ¼í-Ÿü8‚§E/±Ú‘*èùáÊiçtU¯_|À•ä�	ÝqxÿtýWr+…z.zµ3ÅKc«‚kØ‘OQ¢á0"6�+§Ã1Zr h—çË««ÔgÄü«”¥ÔßjíªPÌRW¥Ñ¨®”g·Š¨ZùwÇIÚ¢°‹K³®Þ…uþó°ök)íóaùô¹`N«2^! ô
+A.lB&%@
_R[ã+_ŠQð¥<TrÒ	Ï…Äü³ú‡ŽëJ'´ÜJ¢¾¿]¦c^Nv®Sb\iZÚ\î¡–;±¾Ë~ôóì�.¤Ã]á†ü¢«û"µUZâñ¥[x
n!	ñß4de�t)WÓÃ÷¹ãIÏ6¥”B®K›šL»ˆžMk1Xj·¶È!À–f
+K TØ*�ò:^uœæàe>2¸–8¾˜bö{C/GŸŸçHÒ™¤e( É11`~eËm[êö‹·RŸÏ¢ñ!ü·íkr{—@¨ƒµ6ü&dàÃ1쪺„Üغêâlkk�¡[ëؤZ<qÏ¥cÂ/ÆîZU«ˆî€pýCåëLŸˆ !whÖb‘–:Y,¢6Œû”ë}º#R\붰¬Â
ñ–ø»a«9DL'ïê7þyý2à]j'RE´iO"Ѻƒ—ÌÚWÏðë��w÷¿DOõ\ÛÌĆé¸FtÏ’:æŸ42À¬÷Âp Ï “ŸçÙÝŒPÉryA§£‘‡ÌE4�]Û"5/u©*-¿/\UÖ1vÿ`¢nlùJÂ{Ç9¼
+4cȳJæEŽ�ÕHS]j¦×/jÌEO7ק"@?±G³^T¢3­v@¢<dØÆa«ïOÊ9„’̗۵ĊG™–, J"üú¿ngwq3jO'Ñ”‡<â_Ç™'o¹ÉÍv ¾~öpÛr7±â}m1\Å+S@ÊÚU¤â:]¹?äõtˆ†ÌÞrÆ .5¦È¡èYåK_Í�É2R™³ðOL®·÷JÛx¿hr£aŸgæ,šE5¦Biª-å
+ÄÄ̕㉰,Ñ)]vZ.œFý‹YÓwðŒ¹¦(Õô1g¾Éž�«WQ4tÌï •�¸¬É±xü]žIŽ´BKÆK+%z©*l3�‚m˜õƹZV�ÍJã{I†��ö•Õ<@J7e“"ÝXA)ð^•6Ëð&0»W
h[d§ûZƒIëÁ��P6µÞgìNþRXÞz’ö¡l»oµYÛ¤m¨0*A,Í:^&VP¬8ÇDï¸zþ÷å§ÛŽ/i_Û�3äXß{óñáòþ±k‚ÛÝu%a÷A
G0Î
"ÖY~¤ÓwU/Ðl€2)ÃR•µ…$²b4ëÚe\Õlƒ5}OñA`gÀì32ƹë
ª¹×vÏ‹œCÁ2$�ú>{$s.;c£ÁµH…
T¹/¥2a¶ »Ö¬ƒ¼€2­n®#ú²‚3¸r…ˆB»¼1÷Í·÷ §:>ýPc‹ŽÑ½è)Yº�þ‰ç™_xJ|à²qÂ=ˆõå]Å\�­(­q…5zñ!L†V×õ‹µX­8Bg#ú/¶[Ù:KÐÄ\çKf'ïô\8(µÔ±Ô/ð)wpQ°ó—Árï¨ÁX7¢»DÙŽLyÌJÙ6ƒ4ù�SÄ!³1óÛ»D…›¹žh„ÕçýR·jÇ	^áâîúlÆ‹{¸ò;…`Ê*TZ²¥�ñËÞ›<ðkAlLJ3M\톖*máWZ
+–¤…o–Pmä	uDT¸Ì·4ú§ÐäX&|£îܬ,0�’žb½fåc²5è‚"Z«¸ßUf®3o-l„q<â›uÛoü ÝñË4¤”g‹?í±d{aÆÁW¡h¶ƒE�¿¯Ãˆö!ãøZðÀ—åX-±?úX¤x¥ã×÷�³Žh6û[8ÍV&Ç”–ú(B]T rk="îÔn<£eyzuœîi›ßÀŽ[Q8ÆžZâ`Í\
+ƒÃ­7ç¿sæ ~œ‡¨=9®³¿]¼ªŒW·­Œ¼œPi^VÕ¿š@çahñ°‹¹¥ý$«Yƒ1‘Ÿ8ü%:5…ðÐõwܽÂ^§8r…:BâšIí·^ûQÙFmw0*Àh4¢Rµ¢ëCk–“i3QXK§Ó!�ñÛI*ÛÉóåÃÕ%=•ö+�‹ŸQâš÷5RÕÁ¿ÄLÏétÒ—…äO-´£É(šŒ§~]°áÛùÑoGÿÑMÇendstream
+endobj
+1479 0 obj<</Type/Page/Parent 1372 0 R/Contents 1480 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I15 15 0 R/I14 14 0 R>>>>>>endobj
+1480 0 obj<</Filter/FlateDecode/Length 1498      >>stream
+x
¥Wk�Û6ü~¿bà�`ë,ÙçG€~È¥I{@êæá -â  %ÊfO‘Šsÿ¾³¤(ûì4
ÒÈ6ÉÝ��™¥>�Å4À_L“„†cJ˳OO¢ÄËq4¥ñh�øÇË›øŠ~Öôúl
èj0‰†4šNðœà-)ÿêþáU]µûGûýÃáðt?f§?\/Î._Ì(Ñ"Gzã)2ÂòÁ€éÅU4�’ˆžé*Wë¦VéŠn*cë&ågó„ÞJkUµ¦fKo´(ùñ�‘5½ªu®
+i/þFˆ1Å1‡H’(ÄÔO¦Ñh˜ ÖÅü÷Åó~Ѩ]tÑ�´m!Ól·º¶¤e*Ïe-+K¹®éUÍþ$Qeü4_D|R?Dçq³‹k‰Å{MÚÃInôŽ¬¦´-MRÝfböH¹x�‘ySðZ#¥Ûv“ÒB!Wé€úñ
FHUnYržv#
º(…mji\ŠX—ŒÑ~¬ó§µg J4—–QüEÚ›*× Á§Fœ¤ù0,ª?b|ZKw<!Éú‘¡�;:uÍŠèW½“XÜã�ÎA†Hf‹-
UÚÒF|f té°´èº<=˜r%‹¬Gº*î\Nm]"¿�¨eD‹
ÚUJQ¬ö(º¯»Ë;P&˜¥R+3®m%¹Oª:9>SµL­®ï¾å|ÚqåÛ§¿½ÔkP÷Í«g
Ëí6*Ý0
¬PH±Õ�¯Ê õUZ4Ç?Á•ÌÈUÂ-	€“Îó
å�€Ñ1šIV}½�`�š˜E³È+5ŽX™Þ÷dË9_¾;àßÄnÕ…½{üWÊûu¡W¢ø@�è¹DS®"–¾óÌuQ趼à’äÁü_>~âhæ-¦ŸŒ|Æ…ëÈVØ
ýDKü(8rï?2—ºO¼|¹<·\–Ðs»ƒ¿üJyË­Éd.šÂÛ…eJê­ó1<qØó¹?°=¬G•(%HÍ¿Q®„WÛrÉçߺd¸©Ò­›Ÿó£þ¬Òc™!NZCü`µh¬.!ÌTˆ°òÊyÏš1¯ÛÑMNwº!VDã¼
+äDÜ
+èžñeÎÀznùDz1öã5Kq+ÝZ'I2[™*Ð8½=hªm¤XÒÉ*xh2‰¦Þ©ß·iAÉX4ëÙ˜ú´ƒ²_°©jX×Ç9á„⃻¥¢‚ΔSƒAUË)ïlGÙwÈ08å•´;)+¨m
Ézüï/b3…‹®½é¯F_²Ë�Ç1g¢ž5˜NNÝÜHf¡f/+ŒÀ +›‘¶µøf¹4‘•ëÍCߦÁC$VƒcVÖ½uMßöæjGá¹ú‚J�
aéa%�]g^úƒxÏN×·†pÀNEÏ�Ie1
+´îÁ1¶ /òÉ¡mH˜U×w-#™~û¬÷IûêN½|Ûø[`�¸�…¬,L/7;NÌ=ÌÓëÆÒN(û€UÇt@aÄãâÖÑŸ©…s:õœÓ7ìr«÷žÆùÛr©zÛ:éý#
+UyRÝsZ¶"@Vq¦áÎ4±SEAYcn0 ŤPu ƒé7«6`wÐ}Àˆ]EfGêÒ‚1ÛMÃsî–m1JÚ¨,“Õòññ �ã.ÐNv
¾¬�Ó#p�
vìzD.kQ€‰Ì1,‘©À¯œšWÎÜ5M±à[	—@Ó0f÷¥ÛäùQÊ:÷3”¯Bí8=ªŽÍ.IÄåFw/âÛ ÷;¾3âšÊF
¹(ì¼ÕE¡àŒ@ñ(öÞ!Ýlp½u†{(×7ÆðÐùÅá½ô;Mã/Ø>9ä@)—ÁJcTz
u÷ÝŽ$˜%`¼»‰»uÇaÊ-ÿÅQÅ섶W}±Ÿßÿ[ÓÖ[ã1^h¦C¼aÄÑ0ž² p+»~Êï	cà&mø¶ì®­œb?léO¸;„+Î}$àed4E“ño;8s4æPÏg¯Ïþ
•gÑendstream
+endobj
+1481 0 obj<</Type/Page/Parent 1372 0 R/Contents 1482 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I14 14 0 R>>>>>>endobj
+1482 0 obj<</Filter/FlateDecode/Length 1947      >>stream
+x
�XoÛÆüߟb! �H´$K– xHêWÀhó£�Œ¾‡*(NäIº˜¼côÃwöŽ'©tRM`X6ÉÛÝÙÙÙ¡¿œ�i„ÿcšOèòŠòêì�çÙ$þ–?Œ³kºšÍ²)_¼¸OéÖÐÏg£lDWÓYvIÓë9>Oðe%­ÏÞ,Î.~Ñ
-Ö8äê
+ÂÝ£-òóÒlŒ¦Zø-½¢%þ}÷ÓrY[³V¥tøéþÅâ3žŸÒxÌL&Ùd4¦ádžM/'8éüŽ¶âQ’6žò­ÌdA»­ðÔ×ÒSã$]lM%ûTé¡Þ-p]jêÅÈ|±GÊ‘Ãí‘X™G™Å 7mÐaŠzy™]O�Gq>Ë®³I6ÍèW¥³stó?ú³¦�Ò7õ_Ó!ã+ †'åà‚3³´VÖyB"Ž”æ䎧
Èo�P·f·¯œen¥ð²„T^SÒ:ê}ôÂzz+uÓplD_¢[ˆØ»•îÁ›º7 rÜXQ¹	]Pï�ô[cŠ^F‹­V…²2÷Æ*`Å7 e)7ÚKííTYÒJR%í†qVè§Yš\”�¨�HK
`qnF�ùËårñ:í1C¡E%׬œüÒ â´âAéMˆSÀ…ùòÚšŠ¤È·ýß4�à!Q-Ö›@Îò·MiV¢üD¦ö!³^mQ´{r�â_Ñ^:Ém
°üÚňZ¸ÛIí”WxøU'¸6 ÚiÑŽ_	¥=¾¥V^”TJï¹iøU•7À?½'³•¶�úyB"tëH‹@îb mhW˨öW±–Vê\ºŒîÖ´7
úæÐ7CR¯�Í%ØÈäGä“›À94g)Û©�ÏŒ¡#Ä6{ûúx	Ö…๊vVyœŸ#ºãˆ~óC¡ èËa,Þë�õaf€-ß*-´Ás†¾G�Ö”ôAhYÒøîÜG¢:Y‚¸áˆ{$—fAÅ*ÃDòÕN’×@ù-yÄ©€ÀQ1ÝN ÈpçÿþÇ
­%¡ß!7¿3Ôfb榪ô”µreŒ!Zi
+ÇqøÍ¿¯㊒Pý÷¥
+C`,½U¹5ά=µ—ýÁ‘†'€Ž,ˆhPÿ'³á‘CÊÐÄ[Ã4í!ÐPÃ5�ÏJÊ@}°ªvOx� ‰ýcÝ`ϱG£®à¯0óÿä�“ˆáp2£ál‚=u»×<fGÞŽ½¨â¬K#
+ô8(ƳbSÖȳËÚoN*§wX˜·|?¨vdrÚaa" e,n¹Uµ?¨h75Œ¦M'~dY²iì‡Úùýf¦ÔO8„>}5�¤á]P‚†§¡£a§hA+…ý¸a‰‰Œ€àäÕüefâÚ�ŠB#ÜvEª"ur1Иž5öÁ‘fÏ©ÃŒƒ4®ÌSXCAâ~cýÀ4D ÉLÞOÐPç¥(8§Ï�ë|ç±Oàú¾–,¼Üu'ª!ãÝŒGR�Àå9Æ,ˆ3n´éÒÒÓ#Ÿ”óQVRXØ
‚rR#'à€hp¤ö*ç­~‚/ƣ̀ÇåÀ¥.eâë0¦ñþNè–x¡*,׺Æfîñ˃°!b�ƒÓâ}Ñ‚ÚmÚ{t;àÒßÂ)­$ŒŒk‚¶¯›²ÜÓ£(Uí	#š¸xsÐòX¶âµS…Mï/póáX(ëóØm`€VOÂËq¾à–g´\KKͱäð© £ôý§]ÔÇ¢ï³Â“¼ó(³�w¢¦Fþ­ã)¢¥„°Ä›²`c$VðkTùÄ[$æqpO`%òê—מ\-sµV¨´edëPÙ÷‚PwX`[Õš·m+Ô§fïï<á7Œ`2ÑT‡·–³šÏ”ügR•K1
#x½ ëc4M(MxêSôÀf½¦åyÛO9Ý÷P¤¢‹žª°fE14AVÁlhz9\¾f0Òì¨,aBZŠÅj`B‹c`Á[�	^lÈfŒe¼Å3¦ÞiZ¨6˜àP^2k‡NŸŒé�1‡‹‘i¦–{�UÈ5@ûš©N@žxb-w’œêàÑ8rtÉlñº-¼‹*Ö	ÊI]ŸæNpn›y*”í¾‹¦‹p)­50·‡m»»™uàk�³#ê'ÍŸÈ”…7
rUCª0LG ãŽâ»™8VVî²E?£7ÂAG!D‡ýÕub³Œ·ZÉj¶FMûoß%C˜{­žâ‹X-m¥\|«á$ ÿ°ñ[U“U›-’mj3êD>Nz¢Â =p
+éß5	C`ªö5�mj�Í6hË�È…4ìèÓtAÖ#r­jáLi€TÁ[IÙ8™�ð¢{‚Ã4iùtx_
½ß6™Ç !b�Þ-ÅîÞ°žõ Ü!ŸøÊËÖ¯^üpݾe�¯ðgƒëKºšÏ²Éì’½ÝÇ×oß¼f?÷™Íý­É›
+ËRðÛƒ;L�ç#þ«BûVί
+kµil¸‘î`
+l“‡W¾—ürîp5ýÒZý{^ÈÂï%ÁìMçÓl~u�¿VàÌéœCýwqöóÙŸÎë¥Ñendstream
+endobj
+1483 0 obj<</Type/Page/Parent 1372 0 R/Contents 1484 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I14 14 0 R>>>>>>endobj
+1484 0 obj<</Filter/FlateDecode/Length 1975      >>stream
+x
•W]oÛH|÷¯hX¬H´¾,ɾ'oœìgû²í‡(0FäHœˆä(3¤ýû­žR”¼ûp	âØ29Ý]U]Ýóýb@}üÐtH£	ÅùE?êÓh4Â×ñlŠ¯Cü3’Vßi0�†þqþfÍh8æ¯xëêa0¦{M¿_ü2¿¸ú8¦Á€æ+>r2›Ò<!ÛïÓ<¾T…-¥HH¯(Óëµ*Ö¤
+ªŠD*SI_*+M—¶ÂÚ½6I—�U|¥D	¼€ßi-I‹­ŒÞÍ¿]ôG'—ƒˆøgüØŒ�!>2UáN5r-UFò‡Ä
zmDÞ%Q$ÈAo�À-¿Ø§Þp�ù½ßþýá¯�ÿy÷øút÷þ·‡ç‹Å‹*½·‹ÅûÊY”ÿ•Æ*],ŸŒ^©L>*[žsÐíU–Ñ
+ï"á5sèÒJ’"NÉ,ŸD™Fô¬KéÒŽuQâËh•©²´‘Z\fj#³•š–Ò!€ÌëŠãÛÅb_gŠR93äÌ�
+‘ËÅ».Ÿ\P"3¢ð¡­ø.;¦ÂÈï•22qY:¨[}ùðC•5¶¨ÜˆÖækCÊÍЃ9ô¼\}œY8†ú×Ñ„¡~¹ûãùáùW®ã(œKê¡6À$}¢,NéüùÅz 9 Uh‰Ÿk—³¸tÐ
½sÜþ?Ø„ÝðÙ9)&˜¥b'Aê�T¾Õ¦E	ž�6Yd„\´ËE”`7¥ÞXWE�HÍN¶¦¤\UÔfæŸË=-0FHÐRÄ›jËr^N5è]Nê,¬²…”‰Lï<a-nç,5§[W"*W+Í'™ë]ÍG¦c‘A‘-ÝÓD™ª$�¼ì
tä.ôâ�ÐýÝ<УÌY6A§G:ÑœÈ@¢sð?Ç÷�:
ÉN—:…,S­þöˆ^Ç5uçq‹Û´œÁYl£Éé�7†ÑÑ+j™Z)Z’{“#rÇül)úôòظQ/FÓríi­µVÇ�€ŽMãá‚£ƒ×2€µ
\', n®)Îúÿôíë·oÇ©Œ�8ß4H�ìÆž¬”ÔA,H“?é°4c£–P«Xê�³¶Å–;0s§k½VÓ¸_=Ý={8ÚÀuéo$YûISN]üÄWÔ^Sotãmá
ý2³°P™íï:ÃÏVäK
n¹¬Ö<F(“;<é±ÜKpä”0è{›¿âÞãa Pw¼‘p.#âfœÉÑVÐ
/Þ&UîújËuÁó£57¸bî3i/Ù¼ÔZÍ„Bxx³ˆc^0nÌ‚ç9
ÚO;譈Ɩø¨$t°Ñ"g¡þ¬«ÆU�L�
+Þëšs®-zžÄþtRp—q�?øl?aøû-´ÜFÅrÔ�‚7@Š�MÀ—Îڧ™ÿp‰‚M`6¢Jb‡q¯;ûÀ$Ù‰Zöäyø]ÂWoÂX`Ðf~d\G³hAéaèr/ÚlÐé%f.�£>‡>Œà/¦pý0^Öu+pÿ‡5ÚˆÖ¨NȪÃl‰h[„œÎöä‹AìÖª÷d·2V+ËÔèj�:[9é¾­€Ka‡Äp
ûX^†Óh6rëË—lg4è‹j}3ÅHTÀ�„HÊÚ‚]gCQüq�ÑóªZ,R�óè{òecô9ÆWÐnæÒSŠz]»¡ŠX ÆCe�
+à8Ë)˜W²ÿ¼9cL˜La¾¿¸Ø_ÏP²©EªÐ^‰†F^]¾Âä4â`·*˜¤¥ô
Ìpo#Htì œÏ�tvðÛÚzl¾OQ°Êãüøp^‡jnietÞÎœ\®a—yK”€q·W௣)ð“/vð,±Dg±I0Žu+}
+;ÙmmĉQ;Ùauá]›ê*KXBl¨¶“ÞvΪ
®£Qv~;4fó.â¹UÄ|«
+ÏLÓ‹…Üס™¥Î±‚Ú@ê-Uú�µŠhC´^Ý€×f	{Eé% áéè»ϧ2ƒƒbÞ„ºyËa©0ÀKgæY™ŒnfuC‘+@` ߆…a/æíÛ‡a:»0%žÊ�L¸U`UpTç¼{£°ín¥É•å÷Zß׎õU•egáC¾@ÇMNžŠ¬¿P�í4ì:o{våZ'ôW�§Ö3>á,vƒ¨ëE‰[‡Oqm:IªÊEQaNC­+EËýŒxÄoËÈÁ‰1
+*¤­r¨fYyxÎÂ3‹¥ä}šmÑ;=1D5‰‡.”º4¸I'öo8&'® �¥¿¿¹Æ®Â´ñ΀„È�ºàÀôp^”X·Nýg�Ä¿u9B
+¼ùcä0ž
ÇX¬±”�Ú¿jžO?ö­Ý~šÖ´7työø<,å|#	;%CS`I‹è¡lèÜm·™
+Ãà^”Âo¤®W±Â·Ú³š;÷þŽÀëìóq³ýìîO¸„Íîá7Û“i¼­ÌVŒy¸{_߇­YÆí¬¾…Mp¿Ÿ�h2E“É5ßÅ>ß=ýrÇ—§o¼ìßë*�Ïs»r¾½Ax¥7íßðó~LÓ{]¬Ôº2~>à†o*g:ö–>‡Q…�æ�°ÓüÉÎŽ ͽd<GÓÉÌßâÇ3õa~ñûÅ_?<gàendstream
+endobj
+1485 0 obj<</Type/Page/Parent 1372 0 R/Contents 1486 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I14 14 0 R/I15 15 0 R/I14 14 0 R>>>>>>endobj
+1486 0 obj<</Filter/FlateDecode/Length 1861      >>stream
+x
}WÛnÛF}÷WM‹–dÝ Nœ¢jÕ‰UAU+re±¢¸Ìî2²þ¾gfIŠa�$p"‹Ë¹œ9sföëÙ�ø;¤Ùˆ.§ïϾÒp�·üaÍi:à^ÜÇtcèãÙ ÐørÍh<Ÿáó?VÓF\NÆѤûà%׃QtUžÃ/›³õÿ¹¿œF㮓w˳‹ßÆ4Òrƒ¦ó-B°ƒ
-ãWã·iþDª(´²Ž¼¡µ&ç�Õ	¥9ù­¦èþæ�’Ôê_ÏIåxä¥-ŒÓ”:ŠKkuî³#•ù.7‡<z½ü÷l@ý‡´L^}1%Å*§çÙæÃÑy½§÷&÷Ödt¯r�±óØGR”™XeTX³I3M8dð¥Sû5þÕö›¶´z崦Œ~×Y�õa÷±U·—(œ#@•9W…Z³½
mRËi—…D„{qëS«21Ê�±t4åêuDKdR‡ ‘²›Žó=p�I@»UŒÈÕž=/–€ÂF7×KN»úíîzA¾´8¬ê|Š$¿êŠñG®ZÐ�¢Ñ`ˆgÑüRòü;ÛÅ
ª|ºšQŸRÊ�OcF®ègcwÎ+IÑë,s´¯¦žË˜ r™Q‰0¢‰`cÍžáÏÌ�²4ßÕµ­á=l5Jjá&ëØ—*¸Ð±rúœÙé”F[à˜3p›|“>•6Ä”:Wâ´rtÔ¾¦Ò¹„ßEUí´ë¦ôÈ\Þ=†tÙ9G+…à�\øm¯¼ç€…ìV;“}ÓÉ?u^5gœ£Nµá—“ôI;�ðAW˜<ÑyÌyÂו6¦Ì“Ð*
+E`x$U»×øZêQ±Ûu2C—àîB®º°†¿Íþ2Ï´sÔs�—ú#½·=éÍb±ÇÂS¡œ;›8<>j׫šÑt|
+w?,Þúr¿¼ýsùg¿zÍEk;�W¹¨M×íø–Ò"RI4\„‹Ð!v±lÞ±]—@)‰èC*Р!ñ?¤Á¡Wi–¡g™qxÀuF'êB
â˜
à‡ßÉB阻\/8Ã>¨&)úG=¡
+6ÀµNÁ�Ó
a˜Ò‹9)šŽeF:Md÷Âg«¿–�Á„ÖÇnH…¦qAí{ýܪÃ�(6©;vÝQö,bëÌ$µæè€BÍ™7*÷‹£Pkåcà¶{Œäk®l'°Ç}éü#›ÁzKŠŒ=u-ºý¤7•åóúD*äqñÛU5Wú�]ÕZ4‰æÑ(šFô9Í!+Ò«"ÝN{$53b‰.‘å†á2¢?1‰
+V[r…ŽÓÍQ”)?¢x~‹!kü0Kw˜´ˆ›‘àÙ!
+d¸˜î×0S|à$z/v�‰M™%µ§`½
íi0bB|?ŽDáâ
+­þp÷®j³Ì ˆšÄ‹g·¡IÈ•Ea,ÊþEEšNxó`�‡ÁpžEô°U2ÒîÃÐt(°?h�Ó竉ÈBGÿÇÑ TbR±]ÃÑ”çæ½ñÜÂ}ól
Êi^L�M[øܬ¢eßÕv8�“+6v‹ôYŽ›)�_›§í·¹·ê›æqE‰Î4ûI}½ú”ÆÈ+‘ì
+½zÍ!ŸØÖL>”/nT™ñâu€	‚)³ÂŸ_øù+âjOÀ 2˜{h%¸[�tPÙf×éªÇÆDnú¡f«]óŽÔ£tÓæ*Re66Ñ€
?±Ð’wËŽã¿à…î‚‚u9Œ×€d®
÷Kh Çí ŸÕ¾ÈÛϯVU‡÷¡Š-éü
N?É¥1)°@_·(#WCô�»•·D[BÆ1ªtëÁ{`|9T.Åq AXQì�^YOw:/é‚n´Û±N°Œ3Ý¥·_ƥתÇÛÊ?®n“O�¾ß±„Ì[–÷áĪÃZÅ;^A+2AºÉmÑÕ1OCXºrí#ý¬Ï;ÎD¼—€�²‡Û2³Ÿi¿Y­iž{PVgl|
MYê
nó;#mÖßRS:ÙÈO€ëç[ËWÇ=TújÒ79Îo�óÿT«á¤ªŠ4ªøs¼£aŠ±û·`ß@ô¡€…Âb6"ÙtùæК6<œ]¸eHY+&v‚k¢4:Õtµ¨5S€�+ÌÙ1e«�†U/¥½ìbT´¦ë9Œ5®
+BÒD6úö.!<óé^_°$bF¡Ë0[Ò b²ú¡"²r³>Hê(I®ùâR•Ž†´Û{�,˜�ܹø¸¬ jì0˜
Ë:®Jihz>nLmk–'ZT4A$€Û¨·ŠÍ: e:n±­ó,öô˜í°R[•»
¿¨hfê©þõV0¯Êp<ŽæóM§ƒh<œðx¸¾{wM÷ÖüË×­—¼éȸæúÃ)®ÎóKêÏ24Âtãkbë–p›;oËX6Å7ô ½ç­LüdÂÝJäN„_lw<G³é÷_Ä0¾â¯>,Ï>žý¡ï.endstream
+endobj
+1487 0 obj<</Type/Page/Parent 1372 0 R/Contents 1488 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<</I15 15 0 R>>>>>>endobj
+1488 0 obj<</Filter/FlateDecode/Length 1645      >>stream
+x
�WkoÛFüî_±�Æ
dZ[Vü¡€_iÝÆ–cÑ0
+(NäѼ˜ä1wGËì¯ïì‘’iÆE‹"€#ñq»;3;»ú¾3¢!þ�èhL“)EùÎwãæ*3šŽƒ¾¹9:¤sM_wNÃ�ýÏŸð,…	žÎFÆ4†Ã!…Ñîað) óùÕÉåõŸgóëðvþ%pÏŽŽé^±^[ºqP.TAgºpFgÃo;CÚ*Œw¢…ÈW‚¯î>¤ÎOh<ÆÃíMFÁpŒÐñî�¶V­²šæ•‹…“1]á¯QŸ·ÿù }sG�fÁðð¿¦Ê’(KYÄê™ÖÂ’6êA"ÃI¢r©68iUÓo:-èW
+¥)­3‚tB.•Mj¸*rEL8LQVÅx)•F¶¥Œ&ÀÑm¨Ô–ÓruÐT4Ýäµ)i|Ì&þñëyxAÇÍc›ôw)DXœ�Ó»×°eÒ¼óI i+ÉÈÌ£à4)‡o‰4„Ϻ�dK©DE”K<s-\ª,œŠ„Sºè¥íRá(UE,
SÐâê”bOè}Eò°T…Z¯ÃòBš'$1	F´6duæ¡}x¸²½ ‘ÎKQ(	zìJX@ª>ø	u‘|v²°ÈÕr¦âËÉ5(/ÄbŒ£4ÚéHgA7Å
+‹«HƽpW*2ÚêÄímÑY‹rH(V`\­*§Š©²ñ1‚ä'ÐBÊVð^è̹|y™¡�ô¦zÝjˆñ-…
ªäÑx32’¿¼ m_ °©`qþC"d£Tæà˜^X0ZøRºôœ\yIrëM›ÖëÞmÈã,WœœuhŽnI*Ž@‚ÊŒ»8Q™ôœ�ªÂ°bÖ—»÷óÛß¹�ßÝÐZ›G¼ÏJC�½Ôšç—¹z.6xvâNë)A§�°ó•4º1*¦Þ<5…þ÷TD�Uùã“Ë��o9+rÔ
µ™J“:_ì�é^˜Œs‰:‡sº.õ5z<þdU®2Ñ/…�Ðd­­S¥¾×:¥¾Q©È4ĸòu÷é5墨©”êc¾álÖG�$©,t=@7R&Ý.°æ–Š2)ÐÁh,¡LÿäÔ[w"“­áj9xÍmKØL=—F>p3Õ�v	a{™	‚† )ô)÷>³ÞH,m„vôõå`ñê¯FMª3yó™9bTYP*ÂYË]®F~¯à 0Þwlÿ\ÈF‚,½ÈLUxd¡/¼Ð‹Þi	Y<)£‹G5Ù–!2 ùf-€)aàd­Õ÷Ä­ÑÈ žMÈ'Œ½¨q]ˆoðTÊ´ˆÅ
+|fje`�-Jœ+p•<ʨ*uÐ%šQDnÀ·þc¼Ø Ú·aÉL»´±>Œ
è©ù–‹š
+	@Æ�lÿ£ß¥AÄF˜MTëqæÏ�FúR
+»¹±wlÅ™iL£ÆõYÅäs!#ÉsY£^NNïj�Ù÷ó’Eju‰{íÅrãW‡Ž¿�/—÷—××árù3#þ²%ìÂõ
½_xYßjíÞ/—Í—Éx¹ä¶Q-G³äB:’ kž§î)¸šÁ?ZÕ+V;JD!ÿ9×~¦2Jõ«LßÈœ¨'éç‹i
5m/zÑ׺‚YÔX�Рý•@r™‚	x›a‰òkŠØý�!›DT$Ö�;èév#nÜo7$+£j»ýt¨€VE»PtQÐv0wÐl¾Å°06ÇëÙiäK‹¡Ï9óÅÉU/=ÖÈââìîö2ü£-�ëñ`çàÞÏ4†°É2@ãÃ=rèK7¿WB˜	IÈô-¹¿YR O$fBų½�ÊC°��rˬIÑò~²M¶ã)~eꕺuÁ¼BGvvÏjneö„Î[I¸¦¿R{�6Å1¹Âz�y� »<š/µ;Dk¸Ø†
ìk¨¼´bý(�ö¾C²Û	
'FZàk7€tõËÞÔx^2èÝ[žA?Oø*¯múþ¶-£¡/Q<ÈS�Y�‘Ó¦ЃÑX
š¥Â¦ªÄ¼F2�N—ì6ÜàÐ…ï2òûŸg­ÝŒ¦GÁp6¡éá$˜Œfü3B<=Án¢¿!6Ž¨â²Ý¼÷6¯ì
ý�”ÿñŠ:¿šŽ‚£é?ÎûpÈé]„;_wþôœcendstream
+endobj
+1489 0 obj<</Type/Page/Parent 1372 0 R/Contents 1490 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1490 0 obj<</Filter/FlateDecode/Length 917       >>stream
 x
mUÛnÚ@|ç+ÎS›HÅ\B€ô�\*Ej m\U•"UëõÛÚ^wwÊßwÎÚâTIL°÷\fÎœñŸÞˆ†øÑlLS’yo
ir1�¦4™ÏðÿVѺw÷Ÿ&4Q¼FÈt>£8%)–gw/Êîé».R³s´ŒÉí�W9=ŸíŒýí¼ðÚ$íT–ñ§S!Ïç´Ó¸±/Š´wdvêm´óv�æ{
 çÝyü«7¤þè"£þ™ß
 O¥°^K]
@@ -2922,12 +2964,12 @@ O
 oMSCP*¼H„SbýVíÉm0"Fš<G›}<«.x–Z®âNYîRˆHU©p)<­+Àh;?1kN£-ûÀ¸‘ïû‘‡4)•YÝ03⢦ÖxMb¼Uô
lsjGRd™J95=-Àò
íBJå=ˆBl¿¼\	¡•CàÚXB
 þb;ØD…¬}3²ôú)àéÂ+Û§ÒšP¸þ|¦#‘7¤
 W�å–õ -U·º¬…:ƒ,8ýS)h)4_*›kÏ_vÚo11f Ó¸é0Õ�czïÐ�~Ñ™Ú(÷|þ?NŸDžòJäµú ­$2ª¼ÎX9!�Ä Ó*/C©�3ïÀnÈåI)œÛVsá?ZÖÝòæë�Çø~µŒü_ˆôëWç½Àï1ÏiPVÉÀq‡ƒrªãÈÞT–
-­:Ouû¹¶¹�©Ã#óÒÀˆ(Þbîk!kTµ WJ*%…ñ”(RÂél_ë°t^f*gi3R«Ê¬•ÖÕë£Ø–$FÉZßXS•îÃa›¯.±	Ùžƒ[¼Y‰fݹ½î~‹Ôfß]»ï�ó„áñªÔëÏë’¼v¨ÚQê)J”b°VI&¹Öˆ6mõÓÚÎ"Ë
f ‚饵ß}lµ¼£G«s
Glš»i›°ØÕÇÛH’î=¯cªœ¶"ÉšÍPBnáÁÁ8ckhÏ0,Ù(ºòwUþ·Îu¨Ód8µ4€ÁåÞP|:íÚÁ‚VâLÍZè¶Q›NÓ†–Ž,a°èZBÖÚÅà¾% …Sa¹y«[K
#|š7o Ño§ù�/¯ð®‚MB¤×Ðn~ax CV¬Ý°^ÜN¿
èφW|~]Et»zXÜ/Þ¬–ñ×Õç°šOeù½«uÏù&³I4›Îñ&D®Ëߺ‹{_zÿÆ$n£endstream
+­:Ouû¹¶¹�©Ã#óÒÀˆ(Þbîk!kTµ WJ*%…ñ”(RÂél_ë°t^f*gi3R«Ê¬•ÖÕë£Ø–$FÉZßXS•îÃa›¯.±	Ùžƒ[¼Y‰fݹ½î~‹Ôfß]»ï�ó„áñªÔëÏë’¼v¨ÚQê)J”b°VI&¹Öˆ6mõÓÚÎ"Ë
f ‚饵ß}lµ¼£G«s
Glš»i›°ØÕÇÛH’î=¯cªœ¶"ÉšÍPBnáÁÁ8ckhÏ0,Ù(ºòwUþ·Îu¨Ód8µ4€ÁåÞP|:íÚÁ‚VâLÍZè¶Q›NÓ†–Ž,a°èZBÖÚÅà¾% …Sa¹y«[K
#|š7o Ño§ù�/¯ð®‚MB¤×Ðn~ax CV¬Ý°^ÜN¿
èφW|þ2ºŠèvõ°¸_þ¼Y-㯫Ïa5?žÊò54zWëžóMf“h6�ãMȹF|ë.î}éýÅÍn¢endstream
 endobj
-1486 0 obj<</Type/Page/Parent 1367 0 R/Contents 1487 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 665 0 R>>endobj
-1487 0 obj<</Filter/FlateDecode/Length 1504      >>stream
-x
�W]oÚJ}çWŒÔ—T
R©ªòÑÜö¡InAÊ•’<,ö{c{ï:”Ïì®Á8éUUµª÷kfÎœ93¼tÔÇŸ
M†t2¦8ëô£>Vvÿüü«38™F#:�L£>e4�FÓð•ÒŒÏÓéx
i4�àÿCü-%-ÝÆàl�ßÛ˜ðHëÂżs|}FÃ>Í—ði<™Ò<q®`%>º\‹ÂÊ’&}Ó²šÎcKÂ� ?W]éL¨üãüßNŸzÃn]êÜ–:MqOå8yW•2ÝÒLdA»Í¤q•]L¼½“âÂ3“hÑ])KùR)£¬¤ŸR$*_±±ãë
áÆp‚€qãB.5`ØêŠbø òJw‡=±ke(öu©H¥0’2ñ,ÉÀClëî
-|Ä:Ã[V,RIe×üàR­ªöI„p'ÞSÙÝÕ%#“H—j!oRú¸{Øí}»½ŸßFÞýÀn“h9XW¥®òä·aÞ³£E÷˜–_è{ØÊD¼VyˆŠs$ÈŸÈ͉IõJç祒ÆZ–:£�.Ÿ�Vé̵ܸ¼Wy¢7†næÁpD÷k™ËW¼'¨2þY¾Êv¨qü~ÿr8Òý#›ËNð­–IÏ®F€ð?
ÊφÖ
+1491 0 obj<</Type/Page/Parent 1372 0 R/Contents 1492 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 712 0 R>>endobj
+1492 0 obj<</Filter/FlateDecode/Length 1504      >>stream
+x
�W]oÚJ}çWŒÔ—T
R©ªòÑÜö¡InAÊ•’<,ö{c{ï:”Ïì®Á8éUUµª÷kfÎœ93¼tÔÇŸ
M†t2¦8ëô£>Vvÿüü«38™F#:�L£>e4�FÓð•ÒŒÏÓéx
i4�àÿCü-%-ÝÆàl�ßÛ˜ðHëÂżs|}FÃ>Í—ði<™Ò<q®`%>º\‹ÂÊ’Æ}Ó²šÎcKÂ� ?W]éL¨üãüßNŸzÃn]êÜ–:MqOå8yW•2ÝÒLdA»Í¤q•]L¼½“âÂ3ãhÑ])KùR)£¬¤ŸR$*_±±ãë
áÆp‚€qãB.5`ØêŠbø òJw‡=±ke(öu©H¥0’2ñ,ÉÀClëî
+|Ä:Ã[V,RIe×üàR­ªöI„p'ÞSÙÝÕ%#“H—j!oRú¸{Øí}»½ŸßFÞýÀnãh9XW¥®òä·aÞ³£E÷˜–_è{ØÊD¼VyˆŠs$ÈŸÈ͉IõJç祒ÆZ–:£�.Ÿ�Vé̵ܸ¼Wy¢7†næÁpD÷k™ËW¼'¨2þY¾Êv¨qü~ÿr8Òý#›ËNð­–IÏ®F€ð?
ÊφÖ
 ¯%^+Ý“l?™t'
 al$»²Û§„9 Ë#šÃ•×ݱ´FEª¤ñ,Î’^"FÐ#sX
Z]Ù�¥.a‡ä/‘�anµHEŒ�á¨ÿfO
¥^*œP¦³± qâqòG—Uš’‹
–>^Žè«ŽÓMgž ¦²ÅÇ)`3ï6º”¨c*·|vþÔ‹yBU
$8ÎEa7šžAüM�+v˜qõÀ†)ç�}¢s”²ÊD¹}{±ÿãjåñ£Ë£ƒ�fÆe} 8
Jz<ºà>Ÿ\†\ýP%P
 `e°„źز߼Ԉ²|Çä°OkÔ2	½ÈW­™T¤’uÍÁê÷™ŽHi`CÌ4sW뇒„Ó
@@ -2937,476 +2979,407 @@ al$
 Qâ6ÊÂ	=?ý°JõB¤O=eäØC©˜lqï�FgÆHû‰_=¾îÓY݃G^-XÙ¹ôÙûV›ïcø€š„BQ~¦­ÜQäð„ã¢Á+áÄaÇwý~Æ­G¤¤7
ôfC©BCô°FœæÉ÷zÈ¥u>‘Y3ÑDj4”aË@"|k4v×éñ‰Ñ
/qFš Ôu ¡éCàÖM‘f{””L6N¢óÉ„Dn8jÖb
§ëéINtŒüæöÿæ‚®4ý—J¤jÉÝè�Þ_WBå$|ñzgLú
 ¶¾5 ¼æ!iŽkµž•r¥œ°2D7Ò^|¿�‘Ï<3³…–»úa{ˆùÊý÷› /áv°HG©EuA“õʘjô)
 1íÞå¯vÁGË`•+Ì6;Ç\÷N,Þu¿íÎñ¬@¯lhó\ö¥tÎ&5(-{‡¼F‡*&a–d�;
-HÀ4åBJt˜)ò­_Ô‘ÅÌ‚9h¯º¨Å.-€ñCÅ¥6zi[Ö¯¼)ž9˜L~0q“3ünjG(¼à`(耵áñ©æ·?¤‰;;¾žî¸/ÿðçA£[óXò'?	F“Q4Oñ›¢q:d¾Î;wþ™êB‘endstream
-endobj
-1488 0 obj<</Type/Page/Parent 1367 0 R/Contents 1489 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1489 0 obj<</Filter/FlateDecode/Length 1688      >>stream
-x
�WËnÛH¼û+ØCÀ¢õ–œKàGŒø°NÖ"XÀ—9²“3
-gdEûõ[5CÊ4íd‹Àˆ$Îô£ºººùýh }üÈl(£©¤åQ?éËdÞO†2žÏðyˆ¿JË*<ŸN’ñkF“ñËç‹£“«SŒe±‚“é2�ƒ~_éÛY2J‰|²;ɬv¢ä«­œW>·FV¹É$÷ÏJ•I­ñ•-
-]}x·øÃc¢áÞpÃoÏäf!»–	Üòkݸ=ûýü?(/;e`XIaSUÈÖéJ¼•¥µÅãóTy�ÉZ9þ"y2Dï}é
FH^Ÿâ’•­$xIäÚÇœü:w²ÜãKnîáñFûóëÏ·bT©åûVWûp‹Öï+»ÝÄÁÈoƒ”v:î”sÛ`…<´J×bW!ËŸsƒ'¹—{�ô–*}�UeËð˜¾r>eÞ/ °Seð¿Û
�ÂÞ[Óñ\iØpÞ%²°b¬»ÑFœN·Uî÷²¶Ì/­_í:Ð83tºÐ)�½{»ø|ùù}(=â³ËI×Öis÷®ã÷•`[U’ˆ
LT‰œ­<KÉÓf;X΢'–û�“´ÒK­
-‡xX&֤㛑o9,ewïHÚ}ѱ(÷À“
j³©ì£*Újó¿7 y@˜ÈWP�õ É/ÈßhD”ýŒÝ<­‘žŠ„�FDéZ™{-Ì 	õ6ñµæ/x�Y£MU»
-%<оy¡›{½º?ÂÞš®KÂvˆà¿¦¤°=þbª¥r¬Rj7ûÚ5“a
vêÇ6S)h]§p©VnýVÅþYç6ó\ƒGƒ0!O•�nP™z£qS™q"èƒ[U.UP9G¡1/£]üR†’)ëû5G TŽ:6L†Çh—˜‘�¶=jê’„¬n
-J
��3Þ¦d\+œ`íµGàÈjËórSè”ÕY0Ö
/F¼Ðª$§X<Ö
–·&C(TDUm,ÅJ
§Æ9Pݲwj�A…atü�>¹[£™ÉùV²
\@:œFH‰æ5)Tn	¯¨ê¨µ’s°~G°Bðä/MuAá‚âWZ9ÄOûÏ"Ž÷¢zTy¡–y
ý�T®:ÖL‰’á©	¢R¸,°xö{�@´‹C´(9šZñ˜§:
-"
-%PvM3ÂGÇ+;9ðlg~ųI3øNíNÕÁ•×D rë–€¡…™ûš,ˆ³îñ÷sü€>Á¬åêöú²¥Çq
á¨F§Ë€, •�î`ÞyÅ”z¦®ò¢›ø¦Ê16O~?»øt}ó1�¿Ú
-2	²f«2ûÅåðÆ* U’‰ ÜÈÑ@Ø«"‡ªwð½±;•©}‚Vj°ÿ2D0;…jWŠ‰Ï–‰Ü’Nû @M´žwü&((y$‘±Õ¨|‡';»-20Þ P;„}'D?0Ùc
-‚û&ëø±¨k•g:˜iåú#t$ÍÐ3�­/7M¶°à¦Ç€‡t0ÀÖýgñs<
Ù¹óÌœÖXô‡ºº-4Žq#Þw«ýÆ GªMv�<{ÓðˆÜap'Wi½ŸõfÉ| §Ã(wÃéLâ�f�Ï{ƒþ$2|�øÿ4ù�8æ2åÕR9Ì·¸Œ±;÷&]WÖäS}šçyyjæ•
ÁBÐl&ØO´OOÂœÈá{\Å‚Gò7Jý¯¹CÕ½ØqT*'ÕA;âà†Œ¡
J•écR¿éEÒ9ªòVrs}‹3apR’¸ n
y¤ãŽ\ÁQϪYÔµšÂÁr©áž§St›!�ÉÞ(ú¢�ÝÞ¯_²»ã¬>­–ès¦ÒT;.¢A@*9Ô�k<kÄŸ[AÀ·U3�Ÿ3f2L朦?eÌ4[Ò%ÊÇaÚ·ý¢ ?%(—u¹Ÿõëòv’%ã:¢FØÐ6è¼ôa|cûýÃãKÊÉþj74/?Í­iì3³‡|ø°�‹[“*ÿ5lvwh‹•`Qäa'«+á
-eri•oP?:Œ<Í=‘lÛÞ—°ñ}‰Š·óXÄãL'ò®
»ãí©…Ãöó*F
¯`ÔΓÁ©ôŠ\å†
„-6ˆÚF+‹ý‡o`§µÒ†ElgƒSè*#Ã=¹š×
-6˜âEx>ÂlýÎ^ùRÙo¨16ïdXOYnÞì5z³þi³ðÿï7ÝñlœÌ¦s¬©h†Éˆ>.Žþ8úÏæø	endstream
-endobj
-1490 0 obj<</Type/Page/Parent 1367 0 R/Contents 1491 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1491 0 obj<</Filter/FlateDecode/Length 784       >>stream
-x
•TËnÛH¼ë+ÈÁÞ`Å�²,ɇ`aç�ø¯ØÃ"‡ÙÇ&g虡þ}ª‡”Ö–sYâkº«»ª�“ŒRü2ZÎèlAy3I“”Î/2\ç«%®3üSæó4™\­'ï>§tAëP‹
-LšÒ:?ÝY÷°u¶ké=yÕlÔëûIJÓ,MV0<-l£´¡FùÀ6ÆþÞ ¶[k<zöbñîóœ²lˆ9�-
-0¡búw[Û�ªL=çA[C¶Œß}³IrkÊýûÕÇ	­+íü�}´Á7²¦îAy«cF‚hTÃtwùõêòM–ïÓ;ƒºÓ¡Š®ÿ\ßÜ‘g÷Än„²±Ô:»©¹!5Dx�E0QtÃáêúï;dŠ¡RAV&P8h2Ýð!A.hÓScQ#8�¬aðÉ+mXÒ`j•Cú"îÉk­O¨´.FÞX	w@?";j°¡]¥óJ()êŒ~ìø@"¦�ÌG-
-	õ¹uºQ®§�CÁ?Xœ­k¨5”ó‚²ùXγ,ÁcqºLΓ,¡/vG…¥k`¶µÎUªL¨g«¼ß!„®ù¯×M±Œï£ÏËFxæ(2{6^ýÉ®UR*K¹5wFU)‡¾[ÑÊÆøƒdoTÁ‘ƒtõX O°ï©ƒ'@–Ö#€ŒÀc¿¾äAÊÏ28P.öacÛÞwÄÞN›íoÄ¡˜Ž-‰n%÷(Æ>íÙbürèÑ£Œ04
3
-"µŒjàŸá?NüØé'U³	þOÒ�šÎ´}ù k@°É]ßtª¥v;í^i&ͺaxïT/d=ù}VæGÌtél‘n1±cAdxÁo>vA×:`š}oòd¸Q®ÌQ[‹¹÷c?§Œo­Iü¦ƒçº§�QÌ	!Tžsè­l‹·#rt-AQ–‚íê¸}M¤b®}ËG¨ƒ ã4¬Æå–-°„Wg4;�Û2 Ý:{�݆QÊ»+Ys‚8Ý›O—©¬áÿ?Aóå<Y.VXäð>Ÿè§õäÛä^vôÜendstream
-endobj
-1492 0 obj<</Type/Page/Parent 1367 0 R/Contents 1493 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1493 0 obj<</Filter/FlateDecode/Length 1010      >>stream
-x
•U]oÛF|ׯX •�’&©/º@Ë©�¤qê¨)
-(N䑼Š¼cŽ¤]ÿûÎIËr• …-È&÷vggf÷¾LB
-ðÒ*¢Ù’’jø
Í/þ‚æñ
-GøXI™{1‹c?:õ"
-9îÕ‰7›ÉùÛŠÚd(²\Å´I	<I¦W…¨[i)ö铨v‚DC‚.ן(5•Pš*Yí¤=Ûü…4s
-Ã>�1†M:ݪ!ü
-ú|}ÿÝßýöó
å�J%µ†Ù¶JçÔÕÔ’’ÎZ©[ÚN?˜—¸‚p{Fµ•ž(ëBЃ´�2šL6šù
WÈg}ÍGÕ´—¸*wH­[•ˆ–ω¨›€~W:5�
*ôn}åÓjk™vV6Tª¦•)Ì
-|Jµ—åÃN
-¡s<l^v=´–ÊYšºñ‡€héÏ™��J&Èüd:Ò¹w23ÈÌÿïd®ô�úóYD^´òc|ãÔ3Tf#i$Œ©Ã¥,Ö8}@K…Ê
üßAñ—ÛÍ�ž
jż—jg…U@¸�J�Ý™+Q–”YS9�ÄÒPc:Ë� R×€	ªE²¹Üžõ4RU©(¹ï…2‡�
-IµiéÑØýi˜wµÔï×—G6�!º3ìÜpÅ–óÖf‹‘µØ}ºíá³Ç¸s+¿tÊ‚ø
nCàŸÖr§„f¬Ç^ùKæõNÝà�‘N›™²4�\dÌ{ZH´¿·»…ÎcÔs/Àå0Jßê+ú�}ÝËôF´ßê«�5˜ÐJ
-Ý[³)LWÂøB¸BŠ¦=Ý�Í
-Â$nº¶S&t¯´j·g§{	ì/Ž+•FhN<°_wþDüN&‚­Æ³ÂÓ˜˜ªVH�÷Öì
Ù'½p˜ ì)‘¦ÊA„v¬ëTØôÈ]R?(k4;môä8ºL‹•U€œfËû÷9ïÌñ¡†C\‰§~âQ=—.G…–ÑÕ:zådŒËlÞ¯‹ØŸùtå•ý¶ûª˜·×
õãÚ;Œ#eW{ÏpK3,D´£1ýçí¦C‰Ñ™Ê±
-ÉÔÌÜ(ç°e=�eóØ?­oï_óu™ñµÁjÙNC­1W%ö Ÿ³:2•NÊ.•ç}€_pdËšÍá–0Âٟ΀çoºo˜�¤ïR™!”n.?_ÿùîþÍ‚Âiàóe6=ŠpÅE»u°¨ZÜl²Ñß;‘^"OUêG5'*ÈFï/–&í4(SQûôÞ˜=+0ôX,#C=·#Ô�TÓa#OÎ7™úhwć«u¾ôc^zéÿ¹œç«¹¿ZƸáqn±à²×›É¯“™èŽ?endstream
-endobj
-1494 0 obj<</Type/Page/Parent 1367 0 R/Contents 1495 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1495 0 obj<</Filter/FlateDecode/Length 1424      >>stream
-x
�V]o7|÷¯Xè¥v`�>¬¯(P%VÐ µãJ
-Š îÝ‘’gU(úß;KžlGrÚÆàó¹»³3³ûõ¤G]üôhܧ‹eåI7éÒ°?N4˜Œñ{ÿ­¤ûð¢ßëáñ…½~?¾x³<é¼P¯GË{MÆ´Ì	
º]Zf§ËµÔ”™²R…$¡sRÚyQ´e*H8ª]-Š„>›šÊÚy<ãCO…xðkdeŠÂl•^Ñ™Ê+£n!W¦IfôýåÙòRèÒë˜A»?@]Ëü”P’(Jú‘>ü4O>Ìæofó�‹d>›þr͇ºÔîu“IüV䎜´ÒâÀÎÔ6ÙH›Jk\ÿ|tÂɬ¶ÊïðýôjqôZêÌî*O•pnk,®Ç½ÒÅlŸk÷GœÀÂ[•ùbG®’bƒbÏ9	Ê„&SªD,G‹2"¹Óôþ–Dž[é³
¹§šz¯ñ'àš	'÷¹^$ý;´b«ÐQ{ÓÎ¥—YédÒ|ÛEP¹M¹¡WÚøW¤¥ÌIp'B‘9Ý£Ëç$
-¿6õjMÈ{kôžO½£µ°e$Á}¨n-$-9YÝ0"¤‘¦(RÐǺgê¤"Ûðƒ6¶Å#Àh_Ó®ß9Z™JjïP>É?«X@`Z‰Ô º•_keQÆžYÿŸl-ôJ’3FÓ–3ÝJZIO©ô1DænÊqMæ�Ý�œ^®¬`¦ø:ï^S²`}´/vN’ABéë*°�:Òg��M‡�ÔÇ,Czà	ôD¥ÒŠgö«U#…¦?ž'åþEþýøäþØWû(zI0`ï_/|É7mòìÿj†èïãÒbargÝ5eQºmXõ‚Z¸ôi1›ßL¯g?·“Ê r5ì+ð;\±×`@{2Yy™ï“oH�뙿)Ýg«úpõö�ê7—³KbÀ£ð‚;¥’ꪒ–etx€µ!
-g¢�IýMRAʬÜ“�É]Ý,¨0f€XœÌ3	› ò¢).=_°ø
-	Uû5*Ý_Ü\ZŠÊ±LBÞR!€eã5Ò§Ê8
-^‚PÐÝ©’IxZçÃÛ-BièE)”>ˆ-¼ÙZæwgÉ¡EìW�¿´ô�ð³—"FG‡èš&|Ñdà1ób+Ð-C
¤hqÐ_,Z­ÖžûŒ÷ð?à”Äù;ðÐ#€¨˜H߇‡*S8­Ÿ¡‰ž•Ccù?�›up´à^ü¤-L‘Jk�mEßàÄ9!¤úÔ	½X;b±Ññ÷[¡CyûiªW•±ø[�Ñàø¦˜7ÀmTEÎ[ A0çeECtqËáß/0£Ñ¶ð#m¨Xjý�¸yh×wœm˜Ð[Ôå#Ùxú×Ñ(3SkÏH?_ÚXD‚\±:¢Ö!n(—w
ždpì5?ט+a⢦Ɣ…M*¨{Ísa
ÙHèÖ4g¿d8`έà´2æвµQ™¼;KXñ ñqø-BK‚öKå¼}'n2•U\ñÓ¸;
«
@¶ÆxHÄÖº1åa³/�2Ç@Û°ð:Ò˜³#„É�e&NŽ^Á“d˜ôº5È‚Çb`X³WŒ1 Êó¢•
-·¾¤` —¼ˆ•¼„azc^Ô:o}Ûl‡�9DÏO¢òlic‘Ù`ãÑFóÛk†`.óŸÑ ·ËJ‡éÏK^8Õ©�íìùÓI•>Ç}Z
-àG†Â­<QQ…Yq
-bû�Añh¯¸A€nK º+Š»³XȾþöóJZXÏeÃ¥7û(/£
“·Þëðä‚Fã‹ÈÉÅôúÍ”n­ùÂËÕÉê¦àˆíý�ö¸‹ý3?ýï±>’ñh‚]ŸG|ËlyòëÉ?Äû¢Ïendstream
-endobj
-1496 0 obj<</Type/Page/Parent 1367 0 R/Contents 1497 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1497 0 obj<</Filter/FlateDecode/Length 741       >>stream
-x
�TMo›@½ûWÌ­Nþ|Š’8‘zHÚÊ®ªJ‘¬õ2˜
°Kw—¸þ÷�]Lj;9Ô–
³óñæ½™ù=ADß$c˜ÄÀëAFǺNÓ„®cúi„ÜÌ’it0�ÏÃéG“y¦ç·«ÁÕÃF#Xå.mœ&°Ê€RG¬øpÉê
ƒº56HÙ¹’¹Ø¶3xj¬Õ+B÷.äŒø|
LfÞ°nDåÍjV’Q…L«*ÒXº;ËÜ¢[àÅêeDŒ&á˜ÒKÔÔÊ@%6Æ,�e¨é™8À,t~WsèÂL¦T=…HÃ8„î½j5Ô¯”Ë m›Î«/šÒŽ¢’|¾@ø)d¦vÆŽ
^	”¬ÞwN³SC�h¡5Ÿá™>]xºð4þ0„_ªS¨¶Ê‰•Ún‰!a'l
oµºªµÎûˆ
-‰˜	¹« ”jGfÌNé,„/9‘'äLTÆñ(A·òiY	bÁ
-^¢5ï°-Dæ‚-ÕÃV�+/Ë�µkX(4 ΡŒÄ'QQrÕaÜ7*‡Åý2¸»½3¸î2öQeÿJ:…\yž
-So:ÂOQž*äåìÚò *©ãè!^‰SzðzùTÍ{¯Ö¸¼o)}—õZøÆ:á	}diHù–U—°i-˜¹È	A�” +”‡Á¥È¯�	¬u
-‘ÌYœõî	/iOÊâ™XG4¸†ò3É&·$BVI*kf©Ö¾A€Y ©#ñ•ädä§mq×ÏÏ¥ãŠkd=x-¶…=Ó#pyãn¨vã2êù‰êF¬Ï"¬ûZÃu›5žÑu•±&\[Þ¸†'„†sÖVÖÀâiÙMd�lO£‘‹?~2œþGô;UÐ0^šCC¥‡IÅ´Ó	L¢¨Ã¸¼y¼½�oZ½ ·Ô¹¼­‰uϹôAÍÿcQLiÏ&qJ›™Ä,q!îWƒïƒ¿K »Vendstream
-endobj
-1498 0 obj<</Type/Page/Parent 1367 0 R/Contents 1499 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 672 0 R>>endobj
-1499 0 obj<</Filter/FlateDecode/Length 1424      >>stream
-x
•VaoÛ6ýî_qÀ0@
bÅ’Û)º
IÓ)�dk¼}™÷�’hK�$z$Çÿ~ïHɱ•X‘")EòîÝ»wwüwÑ?ÍbO)­£p„/û_ß~D“i8£I4cª(Žâð¢]•ô0ˆgópLÑhN°;>aׯx÷bF4…sìE“ì¹o,±7wyïj18ûrAñˆ+À›Îæ´È*|IƒO¹ØX©é"¤Q%‚„!Aw‹	eªEM•¬©Oß�™hæÍÇ„°È‚‹0
-é«*ê¢^“¨q“®ýÅmaóÖfÆÞÀ„¢¨5ÏÂ)¸4¦©$íTC¹x’pîqÄá3©Ÿ€ÍY(i¯nî¨8¯VäM‚qg2xøüí¯èØMD	-éûÂ6´T”¥ÌŽÍŒh�}h×÷·=s§´Í‹4P&é÷ëOÿ,ápϘÃf·Š‘>6›ŽïTÕV+ÓÆ[oÃæÛà˜Ó§~®®?½IÂq”�?ÙËJ@aë%žB‚HÎMMJgH�UŽB²¹l�žÒªÐÆ’±jC ²M[&d¥jÐâuS»©ª*¬?c@0�­”ýÉïFm:ÇçáìzS%aÌ6£áwpjþÃôÿô·P5^—Y)«…Uúgw

øC�ø†ÞöÞ;’¹…îTò¥óDZð'ö¸R #¶K×2àU—;ªDšµôÛ,‘­.,§©42Šƒ8y¸¼¥LX‘#—'T˜6¾�0îÑÇ?bÀ6ØA©Ö¨aW1ˆ¢‡ £Ç…ÚRÕÔö@äl¢–Œ_èmtñT”r�‰,ë"æàœ7_W!ݬ°ü3�Õ”=ç\ðÛº1’)“h4ð²–ï«d¯ƒ®áȬË
Äà„{ö¥Kñ�¶>\!iRC¢„Ó:S[´»ÖïÞì2˜ƒ|(•6ÀáH©T‘I+ŠÒôk©Á&B”Ï·¿L>ÉRm*	S•9š¸ñ W´‡;™j,w:¾ÚR-Dâèô£ÔU—åj¨G+1‘Т̑V–	p8—ŽÒ\m$‡&èï	èERJ2
-ÆGËRBi”hQ§9Úˆ«€²|¡³êŠ—Ö
-m®U³Î�àv@÷jJ�	üm´²*Uå)Ÿ®}1xQÖrKËÎÁÊò¤ZWE¯ÌúÊ"?ÚÙPÔ¬Eô"ćИGÃó!+´LÑvüÕwm$vŸkw¡çy«š2cÆÐÒ4Ô5¤Zé
-­mGï‹ò¬1ú¬T%gð›ˆ3.d”m¿©Ç›z?àFá³#Ç�q5Z*õh¨,Y…iÝv¥ ê�<gïo/oîèîòöó¯ÞÝ~¶åÐ]>zÎü<½A¯n€÷w1CêýQ¾: ÖW«SÛ"³Æ×O+é×ÉD¾P‚Š³ÃÕ)ŸEµA
-E¢žä)´Ï‰ŸÕïç�{€{
¼v@Û
ù1{�šœr¸['*ÕrSŠÉoß‹ë+HuÁ�­ãú¥G»kœ³¬ÏŒ‘¨ikB›%Ç„oÖ—W.ª×5¼V0lÔ¶†ÝdG<Ý­ñ_œÉ\)cOÔ;R릵€¦k»¦ÿ(wÇyXrgb4ó8¨�K”k‘fg¬¬N�Cƒ>å«ÁvÀ€CÒ÷ð%Èä�ÝÃSÖQÙ�ñNmOÛVô�†v­’ëÔk²{0ð<¨¸ñɬ°¾e÷D�â
ñ:Z-ƒsß5^ê+ðiä1$÷O˜ñQô¯�”u=¹ã¡�/cncËãÁ‘äAí+«»M¿ø�n¨b¼ oõïu©Qþƒa—Ú]ÏWOyç‹“Û
-ü¼öÒ}qÔ÷þæ/'ñ¬q�¶xÒOf“p6�ûwÖùœM~^þü†@Ý„endstream
-endobj
-1500 0 obj<</Type/Page/Parent 1367 0 R/Contents 1501 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 681 0 R>>endobj
-1501 0 obj<</Filter/FlateDecode/Length 1678      >>stream
-x
­W]oÛ6}ϯ¸ËKÝ!Qý)ÛŠ!ëP`I»ÅE0,{ %Úf#‰*IÅñ¿ß¹¤äÈrVìahë”&y?Î=÷ðæÛÉ€úø3 é�F1%ùI?êã›ýÇ¿žLÇÑ�âYõ)§Á¸¿_etwÒ^cw2ŠÆõY¿;FSŠûq4ã»óY4¯W~·µÎi�w1îNâ)üán<�&õÊßm­qw0ÙŸåÝö»Cö,ñ.²£Ñh„ÏñlŠÏ!þI+¿1NlgcØ!ŠÑaLÃÂûzYòÞüpo¿ÄÞt�^î].NÞ}Ó`@‹JϦ´H=ò}Z$½[ùì(Ùˆb-Ém$½]|Åùa}¾G[m×FW%½[�©eª�¤
-í¯u¦—"û›¬LœÒøR#W‘þ.Möþχ1J·H{-ÃtýéæÐxŸöç„…e	9¾Bä’ôÊÿ?Õ¹€ÿ­$
\¿jU¨b±¥Öý?uEye‰ÌjÚˆ§�g),9iºË"1»ÒQ)¬EŒ©=Œ¬‡g¾§=°½�<:ˆÐpVÚÐNW†*+
ÒÐ$*äR8•'ëx\zà‚]ÎóvAŸ¯¯ºÉ|P…Ȳ݉4¥‡ìæ:U«ÝÃ[ÝDš°yBÿsýŽÌs2ÿ¸¼¾Ô?‡‡ðµ
-³ØH*Çù–FåÂìH)-EòÂÕåMtáŒÎ2†îNäKA[•e$œ“9ê¼ø„Hs1þ}„}¢¶-Ç-;R$›šcˆ0ÀÖÖÏ<B9);ڊ‡®S7˜š)®¹p\`[ro�®p¹·ØÀ­“iì‰\ëW è2â"‡áÔ“d^¨•͇eóeZ“
�Âdu(eÒçܺìÚŠvº­ÔÆ€)&o'�ÃpÏöXøÆàVõ€ëKIÿÞÿÇüùñ;T�UtëF§g´Ý(”g]PLŒ´JdÊXn@d£ý‘ezÛð¥ÎD>ƒ$@€ó¶,#¹dáS6ÇWÂu²D¦ZÚˆœRpNRᲡ¥A‰a�á%‹ö»ÿx{G©pb)[S|.ÀJ�Ô¯°ÙéŽÏ²`Åâf]·à{	0Ò:a\P–�|*$hƒ`ào
™b–í¼ü$™‚ÞxíYÊ5‚«,´²	
-¢]åv?„
-Ìi€G‚_‹s¼E^­çÑ°é6~�Œßa¯xàNGþ¸Ñ§QÌŠv#Š•R—™ú+ì#JfäZ˜”£ðq�Bn:ŸÉä°TBbü Õ`¯*ùBÔÇî˜
€ðã‹ê‰%\Ëx#PÎ|‰:Öʯ›u±t)
!Âm®ž5êº�•W6^›Gm
v Fð¥GÑM+àŒ–^J·•2<•‰2I•£vEÞ0óÅ·JᢠSïåÔç4‡�IeÈ!{x2p^y¤�o“êFClÁ^Èn•K6ˆÙž†@ƒ±ˆ.^3~ÄJ^è’BÊ”kÕ Ýá*ú2ϙ»|®oß[ÁpD—¬8+QeMù’ð</hºu¬ì¶*KmŽúQºË�Ÿî<·‹ßnžžØ­–a QÊ¼JvÔ0Þr%Pô†3óçÚaÌj8½ñSF÷)ö"Q×&÷íãÉÓX~RkséB�u²´!ØÔó]ìµjH¾xLÍ›º <Ðì±ôÁé Åüò3!5…�¥dŸpfSP4X>'²ô³JîiÈOï´€¦kiNietÎÓȽkA1pÐÈ2¬ºË]‡ÞÂ&@LY×`tâ4žÖ/]_鼬ðþØSº¹¹Âs££­^9
-fœ*¬Î$†š2« VÔw^•¥QD÷›]˜‘�g:¤S »ƒªÑûºÑòÖL°-‰ºªŒ�g~Aëì/ƒ©µ¸â5(Þ8"¥ó<2(½„a
-�ÚB 2�w–¾êùeÜ`PkN
u óÓO3:jK~V…Ý??²î‹„†¬Cä›Ý1Ã×Ã"LSíÕXpüðb#Mž�¨BÊ!†3Ž|dEð÷¡3¢›'ÃâU§�+¤Í	™”•Ê¤Ý¡'ò:·#=ðº#«r•	T2ŒÃ:ãAº‰ª®++ðq•yBàpÃá­®²Ôó
¿Ç¬7J@gVïüòן�(žú·îîâæò‚>ýüÅëµFéðè‚ï�7Çϧý9¿oÿñmãÜi<ëŠ;“9›úeqòûÉ?.®¨endstream
-endobj
-1502 0 obj<</Type/Page/Parent 1367 0 R/Contents 1503 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 688 0 R>>endobj
-1503 0 obj<</Filter/FlateDecode/Length 1282      >>stream
-x
}VMoã6½ûWÌÑù3þ(ÐC²Þ
šlºñ"=ôBK´Å�DjIÊNúëû†”mEÅ
’P$gÞ¼y3ý1�ð3¦Å„¦sJËÞ(áËù××ß{‹U2¦ùlžÌ¨¤ñd„¿qUÐs¯½Æîl‘\·v§óy2¢éd•Ìqw6™ÂR\ñ]x¡é8Ú�ðŸà­Ö÷¦É¢µ×Z–´'«Ö^k	4ãü^ŒÞnzû>Óf‡ çËm²ëˆ6i_Ô>—Ú«Txe4Yù£–Γ7$èEéÌ=nÈI{�–”&''JIGñNµŽ­®ÉØó¥Õ²¹ôËæ{oDWãi2�çþÑÔE–4'Ì>>R8	ï;8�ovï[ JTø¸ƒi¥ñ»Œ@�U�{w^–
lí
濫(–S{Mßïÿ¢Ze	;{þÇ›œVŒkX@€5bmnXSW.¡M®¥&“„¿â T!¶š2y�…©J0H[+tšKGF3pˆ JÃ{ƒŽÓmí騊‚¶|â 3ÁÊHÂÙŽ3Fw‰ÚÀ¦ÈB{±—|+ ¯
-ÂÓÚ*ÿÎ8}Þ@èd˜QÿìNâIyî n¡¯OŸ(Í…Öð›òM¤q�GÀ tK@!ûp@Ê7¼–RhGÏ¢Ü"ŸAe®ãW›#D`‘\U	y�©ò¶†VA\ЄËUå~Šå,bÇîÿî«D&z75¥@(²,bèønÁj¨+�©m*
-ƒ®rq@&8/K©!BÝYSB­ÝËOëOAººãS¤©©!¨˜&±®
-î`Å;€�|Άw×M•÷/Bø­U„—6Ð'Èž7¬gB–@+*ÖyŽÂFÀ¯RVžd9
ýÁTÒÚEÝŠ^ï·¡la«0øÄ6Y”�¿B8..¤ ³\}LdË߉3®* yP©5Îì|Çù9¹!#©@
CaÔÖˆåfv­Ê½8€—ÿç/f!|j£ý
åæÈà Þ¤%÷�@^Cgsx‹Ä‡&ÁM­Åª<KçrÃz»PÆ­iBM̘©ØÇó%:FW¬c…°æ.ûgIº®ÂnÐ0wJs7…Cäw›ì„æ_ráðÊ»…˜opÁe,òØ\(fNÈ¡·ï#áVVìŸ5Ñn´—žµ$C¯&•ñÛ�FX{J¸:ͣÏ÷ëh¯Pèfס:Ú‡¦±¾Eƒ×{.‡
IŸ&tƒ¾íy"´…n¶Ðª"R„Žæ.ß¼ÔºeÃÝ®öµåÆÌt|—<`8¨f¨ðB;·}•‰ª*¦O�L&„>�ðj@Ú ÎpŽ¾iõÖŒ±Ó”9ë*ȧã9"G÷iå&m|˜�¡�1ÀvàM—ÛŠô5ö9>À*;²BE“¡nKoåYf*Å+ËE|Ì2º;¯Š;ü(ðà�QpMs”ú ¬Ñ<dQÉÂ#Ý\T�žØ�HÏ#ux7??‰®N¯�Ç/›Ï¿ò�v§|`	E±’G>ãÿHfÒ:þ#Jx§,ôTÕ[è*¿äûEnÜ^ü£´¤?”®ß^Œ-²“$ÃP+º ×&Ôx|¼B’!?¡B‡wËöx¾HFË)MWc<÷ð„z¾y¸½¡'k¾£UÓº
#‡tuºpµ­øü*™$
ßÌîé4á%¼ã5$m¶˜%‹ù/GÜ™�ØÔçMïÏÞ¿ù›ˆendstream
-endobj
-1504 0 obj<</Type/Page/Parent 1367 0 R/Contents 1505 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1505 0 obj<</Filter/FlateDecode/Length 116       >>stream
+HÀ4åBJt˜)ò­_Ô‘ÅÌ‚9h¯º¨Å.-€ñCÅ¥6zi[Ö¯¼)ž9˜L~0q“3ünjG(¼à`(耵áñ©æ·?¤‰;;¾žî¸/ÿðçA£[óXò'?	F“Q4Oñ›¢q:d¾Î;wþr­BŒendstream
+endobj
+1493 0 obj<</Type/Page/Parent 1372 0 R/Contents 1494 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1494 0 obj<</Filter/FlateDecode/Length 1666      >>stream
+x
�WËnÛH¼û+ØCÀ¢õ²$çø‘ >¬“…µðeDŽ$ÆäŒÂYÖ~ýVÍ�2MÛ»À"0"i†ý¨®®nþ:Hÿ2Êh"iyÔOúr:ë'CϦø<Ä_¥eÆg§ÉøµƒáÙøåó£“/g2Ë|	'“>dý¾ÌÓ÷“d”ùjw’YíDÉ[Ý;¯|n�,s“IîÎJ•I­ñ•-
+]}ú0ÿ	Ãc¢áÞp
+ÃïÏåf.»–	<å׺1p{þûÅ9~P^vÊÀ°’¦ª�­Ó•x+-j‹ŒÏSåu&kåø{ˆäɽ÷¥7!ax}ŠK–¶’à%‘ksòëÜÉb�/¹YÁã�ö×ßnŨR˯­®öá)Z_Uv»‰ÁÈoƒ”v:î”sÛ`…<´J×b—!ËŸsƒ“ÜËJ#½…JïeYÙ2ÓWÎSæýRQ;Uÿ»Ð(ìÊšŽçJÆó.‘¹c½Ø�6âtº­r¿—µ-`~aý:øk×�Æ™¡Ó…N	ìÝûù·«oCéÏ®.%][§Í݇ŽßW‚mUI"0Q%r¾ô,%KL›í`9‹žXîwNÒJg,µ*âa™X“ŽoF¾
ä°”Ý} h÷EDÇ¢Ü=L¨Í¦²ªHh«ÍÿÞh€æ
eHüa"?@5Öƒ&¿#£Qö»y[? =	9ŒˆÒµ2+-Ì 	õ6ñµæ/x�Y£MU»
+%<оù@7÷6zu¾ÁÞš®Âvˆà¿¦¤°=þbª¥r¬Rj7ûÚ5“a
vêÇ6S)h]§p©VnýVÅþYç6ó^ƒGƒ0!O•�nP™z£qS™q"—èƒ[U.TP¹@¡1¯¢]dˆlÀÍ›y�Å°mÎ×j˜LXú9úUt”¸a2<F'Åd
dïASÂ�?wSP…x
tò6µàéZá[o¯=‚}–[&Ÿ—›B—`³Î‚±®1™¹V%éƺ²D°¼5Bñ`yP'
+nc)6Î
ø–mU[äb(£ãÌÊÝ}Îvh%pÚÃID꣤Xâcp)y¶¦·Í½ZÐo+…6(5û!weѯ*íœÎŽ;1òqg!ˆ±¤†ÞÌÇr�.tÛÍÆVžHéÇMÔ+g­éO–\Si#hÎ%§,©`gÇJä?É_šª	B†IViå�Áyw|~ՃʵÈè*FÀ²zÝ
QÊcmëNCR�-r{ö{�vÈ€C´ 2ˆ
|ÈS…l‹Ò.»Fdà£ã•
+…Ø2»‹Pe{Ù?§Í@8µ;UtßnŒ[j†1fV5Óg­]ö“uf-÷×W-¥#8ŽÃ7@±ÖüŒXd�€Ÿ‚y_ê]a™ÝÄ7Uþ€uàä÷ó˯×7Ÿø«­ð21a`œ„�A™}	ƒârxcÐçÉ© ÜÈÑ``UEŽiÕÁ÷ÆîT¦öQàZ©ÁþËÑ–1(T»Â°O|¶Hä–tÚemÚ·uÞñwØXX@QT1Æ™u‚Š~8ÙÙm‘�ñ…òØ•0°vBô“=¦;¸o2úéµ$‹ÂVy¦ƒ�Vb¡A‚žÐ[�ÈÖQ61· §Çæác„­çŸ%À¹hsç™:­…gq¹ÕåmÁqŒÛØ]|(w;Þw]RmÒ°EåÙ»†Id£;ù’Ö›gošÌr6Œjv7œL%^hVÓpÞôO£øÏ‘ÀŸ&Œ<SP.å0¹ãšÉþÜ›t]Y“ÿMñlV·çª¹Wj¬j€«N#”]àO´OO„R¢Â÷¸e†AùߨëzäzX·c]¤f.•‰Cø q'�’
ýReú˜ìgýji”�ËèÍõ-î„�€ªÄ
ç©_É?ÕqÇ\ÁQï
+Z”¶Øæá1̸çí
gÈh8-ÑÆnWë—ï8«o‡ÀTšbœ„÷’ðÚp("ßPXÌ ÿÌr	
ßVÍ®ñœ2§ÃdÆmàMÊL²@¾D9,2mÄ3HÐAÊE]î'Jý{y;É>	$Të½—Þï��ol@£=¾¤ÜL^m‡†­Üfu¿F³dv6’É$¬Áam”ï•ý	sدR¼Ø`É£eÆÕLðþ9IoÚ?kÖæÿý¾8žŽ“éd†e¸ŸŽèàóüè�£ƒ›¾Ïendstream
+endobj
+1495 0 obj<</Type/Page/Parent 1372 0 R/Contents 1496 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1496 0 obj<</Filter/FlateDecode/Length 1126      >>stream
+x
•V]oã6|÷¯X Éb�¥8¶óp(ò‰hÓ´6PMQPeñN"’Šëûõ7KINâó(‚ Nø±³³3Ã<�bšà+¦yB§3ÊêÑ$šÐYGš.æøœàÛJ*ÂÂé,Ư’ù,Jö.W£·SŠcZ|ûl1§UN¨0™Ð*;¾Ð[ÒÒWfm4¹R L)yC©DͦR™ð2§Âšš|)éáúŠWùãåõUD«R9Ê„æý¹Ñ’j¡[QUÛw«O£	�ãS€ZåÇ›Rjù,-¡”B©ÌªÆ;â‚Y)ôZæ'd,)ÿæ2ÑzS¸u×…-m”/W§�pn“ïUs[�•Öhõ‡�ŽxùÃmÖó0žG‹˜’Y4ed�ÉlN݆�¨q²ˆâsŸ%˜
¶Ü*ÍN†¶_qT˜Vç”ÙûÙùPÒ »œô^éuWnBç<°”L;,|ÁÚš¶¡�äD�Š¡¯I$`¯΃†�¤Íá
až¶Ò½m�‹Í¸'\Ã�ÿZW&Õßc'3¦ŠL10eFÃï/îÅg	…t £1+×* â¿jQKZ^üryñCœ
ðƒûãî~	2,ÑiC�5i%kb
îßEØ"è^úË»_—ÔÑŠùRx^¬¥Ð*Ù+”Ü
„’1„Ú@u8„fƒ`³RiÉ0$5Â>“{ô-×GT›½j^.·k¯nÏAJ›Re%·$¨Õê©•»&| ·2p
ŸÁÜøƒUµ°[ºî~e´·¦ªÀV7ÎsŠ!Þ �Ó¸ÓÎ,:‹âˆ~2‘î^Ü.Ü9…
+UÉ»[½³(8ŽïÿV�ÅÂA¦ÙIí”WÏ ìο²B°ÿÎç�«C”pC #˜½¹=¼Ê†¨`K-(8r˜üllÞÇ÷z}Û	˜ï``½Î¨å¾"†`ƒ�C
Ž)¼Ô\]KŒÜaì!8.:�î!‚i<<ŠF*¶ª—ÿú—žäS«žE%µw'œuuë<dï9=A«‡>¤Îì¶áÌ5—ÌÝFÙo8c±¦§7‚ƒ‘ƒ…/`v=ÂÓßIoîGA|(ÓzU)7szFÝNã=Yóvçz={+´kŒõQø›òNVÅá=&”Y&Oï9-Þ÷7‡£EŸæ¦õ,رÃLXŒÎo¹‡@ìýo7$]ÁäwìÏïB¼{;~¾¾xøž˜Y§ê¦’P—ÛNþy³ŒhɉÌÍÓª\4”™{Û†	p”*�ôèwpq¥>èN‚Z7
+ Dåö5YÀÞ°®• Äb=l¶’/
4Uûª`é„ÇTK™‡r(£jmrUð“Ífòp*^¤ÂÁ­�Ç÷ÆÖg„;ê!­Ð†tB®ç,àe‰š,k-žØâñ]Oü¢QãþOYœÒ4	�}H>d˜ù„G–µ5ÄPñ(ÇÃöñ|‚0?þßÑ5�O£ùl�§§Ï¦|éÍjôÛè+Ô¾òJendstream
+endobj
+1497 0 obj<</Type/Page/Parent 1372 0 R/Contents 1498 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1498 0 obj<</Filter/FlateDecode/Length 1014      >>stream
+x
•U]OãF}ϯ¸R¤fˆ'•ö!�¬Á–mH[­„T�ã±=�=“õ)ÿ¾çŽm4¬Z

+±ïÜ�sÎ=ómàÑ?…>Mf´-c1¦©ï‰
+æ!þ÷ñW*JÜ‹ÀÄìÔ2ÁÛ—›ÁùÇòÇ´IPdÎi
+Œñd;¼Êä¾V%…‚îeI’IZ,ï)¶…Ô†
+UDª<Ûü…4
y^›fäÏ…�DÃM¦+¯¤Ò6iFi£cEµ¥JÕµ6)5û.ñ3t�ÑN•Èhq¦©3ej½•µ¶†dŠzU�ThÛCås�7Ë+ÁÕÇ4òg5¿hµU=Ù†ŒR1E*±@‡¿G*ÕægŽ÷D0ñq&s|âÔsZ`�¼•*UéR��Û›‰ñlÊq•ƒ�»µ%e:ͺ¨WAhœ>_oŽ³ÄêQåv_`ÊuTÊR£Å‡¡ÂÄ€—“yNIiâÃ2²�Š*Û”<
+*5Ò^nw2Ug‚6ˆÊ”.b™ó<®ÉIú±ÀA#©±5l¹ëq:ΕîöÊÜ._èd‹îÄ™ÙQÛdÚÃ
+OÐuÛ>óÉ)Kõ­Ñ%�ïÚ­ÐREZš+%„Z�ë�é"ŽÄA&=0œ6±yn\¤Ï{šIŒ¿+£éuÊ8Nì^ËN±ß›Ëÿ�s­UüIÖß›«�4X„BIÓj³Êl“Ç”I-¡
+%«úô@®if"q«ð0d@wÚèúáìôŒ�õÅq¹6MÝv½îÈG|¤¶’¥ÆË"±4[[ì5¤­4[A¶Iz-Wv ãX»Ás†ŽM,Ëø•º”yÔ¥5¼½&ûÝýÅÖ°‡xà4K=°~Ÿó°Ph'ŽŸ5\Ç…|jWÕSård“„®–þ%c]'A롘ºrƒªÖŒÞ%ó:á:€¾÷¨ãªq§Ú5£çvsÛ¹Æ1XŒÖ.Ù�”ChkM¢Ó§íž‘ëéìvy4bS±>,¯×oñZ$ìÎÌVÙ°Õç*äàsV¦6Û¼‰Õy 2Ò52ª”5ìOköVV
+¾ægY¬N�çÇtÑ»z‡Ø±JJŸ¿¯þ¼Y_NÉëÛ¾@†¯"œ½¸ˆ×w„Û{@Šfb«*ó£cì屎ý¨æòâ…ƒBÞŽ�<–ûãcA·ÖnàÜ™,µ@÷­vÛö˜=9%úotóä
s×n‰NzWz¾›ª‘¹ ¯à¡hpG9·îvÚ±|ô®IÇ3®ECU	nñ]¤	š‘yAèëÝokq³Z_®Öw÷b½ZÜ~ne:qëú"`£ŽÿϽ„�gs\þ87�rÒÕfðëà(�•²endstream
+endobj
+1499 0 obj<</Type/Page/Parent 1372 0 R/Contents 1500 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1500 0 obj<</Filter/FlateDecode/Length 1296      >>stream
+x
…Vmo"7þž_1âK¹SØ°¼ßI•J.œ]óÒÀ©:5ý`v
8ìÚ{¶7Uýï}Æ»B¸–ˆhYÛ3ó<3󌿟ÅÔÆ_LÃu”ägí¨Mý~õ¨7⹃¯•´�n?O,ÄÃîé…Ñ(긜�]|nÓš-à{0ÂCJðÛnÓ,i9™”Vù-ýLã«é»ÙÓY›Zq;a–¥Nì¶ðTç6Ʀû¶Òñ¾‹Ï=ŠãÊn«3àýךá$9‘ÏõOžjY“)=mMiIÀ†“öYZ*�ÒËê­•"ËI‹\žãµ$¿’•�~í£ypðµ÷&™Â+£Iéj
`�¹|%F/ŽN~ܨéiuzÈE~&#ðh-í\Zã¢*úצ@ZEÁ7SRjè½6þ=i)Sï�¿dd(tJ&KÁ@’)©½£�Ê2šK%€k¯áù¤#µ ÆAŠR“¥çìœóTÙ_™r¹"åic˜u„ ô–VÂæÁ�È2³q„¼ÁëgI™IDÆd[Gˆô1ë8É."º&ùW!�—‚ÿ!¸¹yY9ðlå÷RYÄZå F’¬„^¢²²
 ÚHZJ„ÞµH¼B)&ÞØ-\{¹´‚³U¼~ xX—V·ÎÉ0êE4•¾,ª’¹�>¹XÛyÿDf9Ã(Ôä‘çJ«`¹¸ƒ'ZKûó¤Ü«á�P�îÏëûî úv÷õ!ú2y¸œ<ÜM£‡Éø×tÈß'v>ë4áþùA51­¦ÿ©˜xÓd3éêVªàÐ|‹¤q'	j¬�ÔÓ×éäáv|3ù%Ô�¬-Éq3†”rû¾|¤%‘ên|]\0ÏÙÿ]é«Æ—«O!GLñ ê–Û»Ùä#1ÑUç%"D5—E!-Âñ
n‘9Ca§Ô¯‚bÝõkP	ˆÁÕíÕjÖÈ<
+Šƒ¹¾‡¤V:GfQ•ÇEc=;XJŽ€Ô…¤;õÑ\ŽÛ¢ŠFÁ�åðÙ‘–~®æØ¿ƒ'zl*…_+ã|XÝà ©n #ßÂ{‘¬dúøŽPuHƒDÛJ«QŒÏ2Ûžô¸0Ü·h¯:	�ßc6gˆI
+§¸.6Ù2�í@)·;÷�_1hµ\¡ËR�‡j	Äñ;ðèCQp‘0ÊÓÃø2…Ó‡,A9BFÀÑ‘{XÖA…‚âñ"Š¶R"i­±�J/8pPžPÚ! “ØáÒVY:ÀÛé4J½(Œ
®¤–-U
pÜZä¼�8s^ÔG7�~î2aF#=¬åozòÌ¡nØõ¿¬/p¦¡÷¥çJ§éé[?¢O@é«ÒKL^”•\&¦Ôžy=sk…£uƒŽ¤z…±±ÁH—„îË•s<ë¾™†Á\XõÌ^^ø±YºDnÉãQ¤¶Ôµ¾`d9aÎHTã’/­.ßb09‡Q?Š#º7ð;ÏP˜œÕú¾0x̨{ÚlàʱOÏ ÆŒ™b"4^ãÅ…i?î*;•Á©eç›VæSµÔG	wðp
+xcmþ±	9ĦL†6ÌàÏyàç�æeÂþ[¬Éµîó›©9‡Á•âx†¤Öä.Á£kbÚ£.
b\¸Òæt|s9¦{kžx´^™¤ÌÑzañ÷@lo
Û|S�ÿ7ôzÃ^4Œ�lïØÊdvöÛÙ¿î€:sendstream
+endobj
+1501 0 obj<</Type/Page/Parent 1372 0 R/Contents 1502 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1502 0 obj<</Filter/FlateDecode/Length 650       >>stream
+x
}”_oÚ0Åßùçml��¤OU[:ií6‘iš4	™Ä!.ÁÎü§Œo¿ë: ÓˆPÅ÷ÞsÏïÚ¿ÆtEH'˜&(¶ƒ1#‰6Aœ¥ô<¡¿¨º³8¢×|ˆ§W,¾üp›>|¼B”"¯¨H’EÈKP�ñy1LYÂ�ë°×ÞÀ
+ó,ÂÍùömþD¡1"Š¡£	-¦àágŽïR•zg1	‰ŠF
+åà̾š‚†PÂÁ[�wøI¿>=ÝknÄyþ!Ãíakí›+�F¯×¢„TØIWc#ÌJm»7í]ˆ&MÑ”L"MJˆRª5œÆFé	l¹µ;mJ†O\--*.K�BÁxu©tÓHrÁÉb#œ}¥m.ËàÖÔ?¬B¥MHwpís-,䥴š?p¡
+ÝkÜ·ºÂü~1º»½=Ìg¸î+þ5šÆ“:KYÚ
+íuVØíª7ü\å9¡ç‚oWü•è{ÈWò”:†¾uêæu”·¡îKIj¤|aÁ‚€ßôÉJKä=oÞcål+
+Y‘òk´�n�Ô�Œ¢Öšâ^ørVt%NøÄ—ŒáQ;q
ëĆ0P[OT‹š«5A(·ReÃõzp‡FpZ¦UA‹*G;`~G“goH>yUÁ�èĹ®Ý9ÌNA¨›ôÈv“
Jšõ†úb{‘ayì•-}ÙvŽ.›’·léŠ6< 
JQqß8‹ùã¢ß‘|O[£’¿»�qaÀ(©ƒ–{¨ì°£„ΑlŠÉ,cY«ÅÍÃí
¾ý$
+G“[ø-¹ÞyÒŽŽ
£t|Õ�áŠ8�YšdtLPîYRÜ烯ƒ?wyAendstream
+endobj
+1503 0 obj<</Type/Page/Parent 1372 0 R/Contents 1504 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 723 0 R>>endobj
+1504 0 obj<</Filter/FlateDecode/Length 1402      >>stream
+x
­WïoÛ6ýî¿â€a€;$ª%ÿÐiÓÐt«½ò´DÛj%Ñ%©¸þï÷Ž¤lYn·$¡IÞ½»{÷ŽùÔ‹i€¯˜¦	
'”–½A4À'Çï~êÅñ<šÑx8‹FTR<OðÛ¯
+ZôæÓ(¦qœDÞÍ£yXñf{�ÝÉðx–w§£(¡Ñh®Ž+õ´ÆÕñ^ýY·;N¢)O€Œ1ÍàÖ¯Ünk]R2�ïƾ›Lá�AÍ£qX¹»­5îÆããYÞm¯±›8¿Îï¾\öžßÍ)Ðr�¬N¦3Zf.™ø$í¿ÚŠ�•šf-D¹$	zXŽHizŸWÉGÊT)òêÙòCo@×É×û¥,WRóGl;žzÛ×CN¶gQÑÏ*¯òjC¢‚9ºuFhŸÛmp4ŒÞÀˆâ8ê	¸1¦.%TM[ñ$�ȃÃ2R?
°³¤Ò¾¼» Jà¼Z“7	ö8“ýÅëw¿Ççnú@”‘Ð’>œƒ}Xòi},>zJEQȬkþö훎ñ+ÚoótØœÇ_n_}#PXÂáŽ1‡Ôî­Dú±Þ…JPª*«ðhÓ
ë’ÒN‰ùâ—·¯¾˜ïü˜: Âɤ)
+.“	È�RÝåÚØâpåŠUÖÆ’ÌrË+ÝõmÊUìëÇþøñY×î:/$YEV ­£"̘­ª‹Œ*µ§ÚÈ&
F¦µÎí¡‹d®6’û(§È²ÇgmIÉæ6½èb(òJR^‘ÝJúsS¨•(þßR›«ŠÉå‚j¢`°ZŠìGoeÜbqHÍÉQ«‡žß5|ï£ÅÎïöÙ™‹Œ^ WÝöùLîd•qS
O¾v8™b¹i:Vוkº`FßÜæè•>°Ÿ©µ4;멸Èáƒül)õ‰ä<x„ÇäÑ^é�­ÀÆÿ–¾ÍVË0]ô+OÈ*Ën1¾_ÓøüwèÕ=ãÔÞ]’ü
Qq<…Q^^øîNhHKa'bY¥ú°³8`0^VÅHË\ð׎ís�å³pÖà§ã8­†"QCeóTXÙ©v4¥îs—W&tèîy_ª,_@}Ñ
¤	 QÐÿ¹~湊ÌN/$qøÝ”Va—[‰çʹzè¼úà$ð«ò„bŸC3„µ²D��/H‘ZneŸðΰ«B3ÿœ-Ç-;R@ÑÑÿÀ„~�€Áú�G('•â@{Q9P­�9²9„±¹pY`³c%!Uã.jÝb+O¡°'J…¾o¦ÑitqS€Ã•àög^@%šƒåÊÙ0�™l eLú’•�]; 5Ìë֨᛬Á o'€s¸a ®1¸U�®âúJÒ×Õò’??ø–jôòŒ*°ŠnݪÔ/
+µ7�
+
¤üŒú#8ÉðÓ ”¬i¹)ñ‘°ÜM™’&¢%ãó–Hâq‚î\iä;Æv§+º	à¹þþþaA™°b%�‘¦®œ¡uŽÇÅe•BÚ�=Nbƒ7•±ÝêÝ·›ÚÚUˆß).o·5j!÷Ø@©*K<kBvjeL+e¿óùŒÃ¤â9Æ“C¼‚„9/׋¦k¯ó§‡ÍؼÉ@ÐX”ï›j�—èÚÛlkõ¹·Â`Gþ�ƒ±N°*ºâ„ô=ö¹zªBK4 g(jÇO«=Æ?ú$M¥aýd¶y³ñ½`dqóæX(ˆ"RåU‰+1ܾ%Ä~3x
+µAYÜøAæ;šô¸ ðRUCN�CÆXIÆÏ*·Óù@x¼€C¬å!b7NáDtÏ*„(ðmjþº.:Î]ó$雺d/Ø1k½TFþ½ýÍÿ Uš—ÿÿ*M'3O ñŒ1¼^ö~íý
'c²endstream
+endobj
+1505 0 obj<</Type/Page/Parent 1372 0 R/Contents 1506 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 730 0 R>>endobj
+1506 0 obj<</Filter/FlateDecode/Length 1734      >>stream
+x
�WÛn7}÷WLŸìöêjI.P¹¹HQ§®­6-àj—²˜ì’’kEß3Ã]Y^;EÄÐ^È9sæÌáì×£
ñoDó1Mf”WGÃlˆ;û?7¿�¦³lN³ó‹lF�æçû«’nù}šÎÎùïbŽ¿cü÷šÖò`2ŸaQïÁx8ÉÆ4^L³öO‡Ø/]ñ~‡×üô¢÷ôñOçÙä`-.G4ž0³i{Å^ãétž�<}³<\‚ˆ-× d¶˜Ó²†´ÌO~uÆê‚
+W)céÝïWÙ«åg¬˜¶+NÈyJ·ºMº5Ç·ïoþStàE•_ýsóþõoWÇO·ÒÙxÄËâ!v®ñµ¯ŒU%m�-Ü6£[­)n4YïNw¯¨R–ju¾¿r ¾ÐQ™2¾ƒ-—¨ö.×!Ðgdd£ ýƒF ÇWmv[7®‰´QÆÞó³ÀcŠ\©|*(ú&DRyîÉYÙíúÝ[Î	aG\bd²Ò¦7Ê/Ê]…
+ºwšñx×Üod§.L V!l�/(Ç^H™D—»ò”߶´õ&ÊLÍ–îN<vuÕÝ«œïnËôE¦èVU+E--Æ"yEkSjBM˜ù *pl¼Î£ó;¾»Ý˜|C¨C¨V³�½È[×”­°
ÖAIgd�¯TYîèǤƒN7E4ÁJ—«r€¸+5¨½y@%A£$1d±X¥Å�KÅôÐV°Ì‚Ü–¥¼Ú‘w%ÄämñU.Ô
+¹â™²;rHØS22úù-fà‹ÞµziÛá¬Ôºìå„
Š²aŠ˜Ã.D]�JÀ�%:¢HÀ€Qy½n˜\ ÍCÝmå9•¾ˆ.¹;ÊÝ) ‡¨|Lm“jX(]9È\ô¥Sv	N^m#²q(È=JØz+ÿù‰Ù8^ò„³É4µç"£E(¼ù'iÎ@ã!œó�8Dx^•9Œ
qÅÄÖÚÕ 
¦‘ëTÃë{åi7Yävsëä9¬LÉdq�4Mnj~ÐÕKá;šº.LX'°EÔP*̺ÎQ|&ºÒÕ
+un5�¨½=[^\­½Ša+ó
¨Ñ4·�EåŠ}qº¨KÉD×Òq¦u�Ú2é}\N¥4‡ì	îÁå‹”O2ú´Aññg¥#Ü¿¹ñ:­ýÔ&ñówéÛx�Ú³dzåæ¬ZáÀŒìq¤µ‡ÛBºøáªçn(}IZóMZDääu
%"wJ¯#¸�@EŒâ â«©/Ä‚3’~­´gVh·u‘WöAww@X<Mõ¤
ÀfèR7ôòì¡J)§Ú‹™â±Zmw@½<™–‚7?Ìp$8d‹R¸_SÏ·¹銃Ã
'ÏŽ‚©L©º#ˆ\Y ÙUë!¬®çU>…õjÀM/'ƒe·„ýAÒËV5€gÑ?P-Î,¯¿60ÎæQó—]+´Ù¶ü­jm©ÓëÅ9˵hõ
+ª®»ãýºÔ*hD_³‚åèå�Vð´7ÚLLÓXJU
+¬0D1P
ÛDØ§‘Ü2˜{K~üð75•ÇãÑõàtp‘c2ªVº²¤Õ¡­UÎŒ³Y<`˜Çû¼«+Ö÷
+'l¾�ÌœeÃÁÃøÙi/è
+³ÄÖ”%Ÿ~Œ UO"a¿OpÎö‰bQŃ²‘G0•´œœGAˆ'´zfÔâÈ/¬a­QmõÁFxéæú­ŒV—lúÜ“ÍŒ-®“¼ˆ�S8[' ¤É‘‰Oú»“7Ï^ý¦°ræ=ñø¶ƒÓÈåu)šgý–=†€ü0™Lg§bf9ª¢H]ÓË9Ùï*
+ÚcÞIc/«DÎ,Nû€n¥–Lü·TP÷ÓŘ
Eº¶³›ðÚx­¯‚ØpÇ¢å1œòƒËóýèýÌÿÓÝLtBÐ-œ&±žÆžX÷cÞÇ þ¢u�›¹³Ó'…#Ò�í£>0œˆ‰8i[ìU:Üâ=Ym¼RÌkÉä¹…ç	&ò ^Çw�\™Ü»àÖ±|_\éô\Áz¡0ê€F»ñ!¾ïÜÇðé¿ùKUèñwJ·eå€xQ9Ý°ÕÆjI#Tsð…“àû€t-xÆçˆBmXo�”¦O
>QÒ¸š˜1W3a=2³ct
ÆH}8RyPaÍ=>ßK2}
.­‚F3|¸.&4›
ñIŠ!íöõÕ›×tíÝg
N™7ìkÒvý¬[p6^ðûÿs œÎ§Ù|¶Àç%Öœ_ðVï—GýMtöÐendstream
+endobj
+1507 0 obj<</Type/Page/Parent 1372 0 R/Contents 1508 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 735 0 R>>endobj
+1508 0 obj<</Filter/FlateDecode/Length 460       >>stream
+x
]RËnÛ0¼ë+æè1­W)¥7'NŠ�›Ö|¦%Êf ’ŽMÚ¯ï®-B €Ð>fgvÈ· BH_„,F"QÚ !e®ÇïïA"¥!“DÄ°HãDDcÔ`Ãý�1Ÿq&¾Ž
—&!á‘Mj“Ð"�Äí¤6	-¢(rR¼+‚ÅcJi5)—y†¢:	Q”³¥«P§šæï
TÙ·‡qè�²V9§[¨Êa] ÓíŽêp½)Õ	Ñ{(¼¬îaµr¡UÏ�£j{øš§})^ƒóˆM)ªÙïZ}d~fÝ(»Sš½îyšÆ@¼0SÖ'RWûÖ’úï†òÀŒ×ÞÍÓê<¯1køÄO›ì[?'ˆ�n¼ÛSÂß@÷¥`ÄâQ^�›ÇR¤¬}ý³xøv®^|�ᙜWE¯?ƵM‡Ê—ƒ%Ýx'yµiIÍqØ‘ªƒ®.NoõŽŒÞ«Æiü0nøØú¶©.‘‹¦l>[¸ò|W¼ðúi³ …NÎ�²óQv$3æ	òœ•o–ÏwK¼´þU—=V£²“ƒ¼ÏüÒ=ÏÂ[îÏE,ÆQôN¶ÆUþ½CÒ“_y«Œë—f©ÈdN¯‹02äÔCü
+þþ^è“endstream
+endobj
+1509 0 obj<</Type/Page/Parent 1372 0 R/Contents 1510 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1510 0 obj<</Filter/FlateDecode/Length 116       >>stream
 x
+ä2T0BCs#c3…ä\.§.}7K#…�4 Œ™¹…BHŠ‚�ž�
P$YÃÓÓSOÁ¿ $3?/1G!9?/-3½´(Ä×ÉjµP04„hÕ…è%¤ÅÄÜDÏÜÌhWHŠ†™!È×®@.08)¡endstream
 endobj
-1506 0 obj<</Type/Page/Parent 1367 0 R/Contents 1507 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 733 0 R>>endobj
-1507 0 obj<</Filter/FlateDecode/Length 2875      >>stream
-x
�ZKsÛȼëWÌ!ç`šx$�~¬³®²µÊJ§*•DB"b`вþ}º¿
0
Š»ÙÚ*¹Z�ïý˜
´ÿ½ŠÜÿEn»$s›ÃÕ|6ÇoÆ¿þí*Jf+·Xg³¹;¸Œÿx°w·Wn•ÌRá\g³…�ŠÁfë‰ZÅ`×óÙRe\OÍ.VTµŠáôÁ­Sºd€îzÆ2p«Œœ
ra2Éf±�ŠÁ¦K3Š*»X0a�v¹b0�Œ`’ùl-¬b°‹õÄåh¾`¬BÍшPϦ	"�l4GÔCÂÂË­—ÔlHØ(³,2ňÈYŸÆy"i4@Χ±ç¢ÄGR1Œ¦Ù,q‹À
-‹¡�L‡×,A`3ØŒiYÅ`3-¬àƒK¢xjwNœ¢ç,Éq»Y¢Ógö¢°‚és„4
-+^Å1ò)¬·»\Zù"oÇ�ØØeL¯+vWkäYX¯9K}éLjÈ4†ì"¥Ï�õ²‹¹5F³ÕSCÞ«€™
ËU`½l²´¾‰ÐlK—òv¦,›:°ÖriÌqÆäš^”A¸„r�¤bª]1�vEׄŒÍ9¹�UÌò±©„vOYÁ`A¤²‚Ñ�óùÄgÅ`±`W1XÌ5cŒWñÁ~¯vùÜ€Áb¯¨f_‚(²~\.X,�@¤1ZÑèH*µ0XÁ`1(_`#QXbªY1Ø$bùFYÅ`Ó;AXÁ,Á’ÁYÁH#Š©vƒÅa¡)‹©DË�š³«‰W‘ÍH²æL"Ø	ŠHäç+`°	w °‚ÁâÔË”Ì<¯¯È
-fž#øXÅ`1bê•b°¨Xª²‚™IÖ(hîã]qË0^p‰!oÀ`3‹>°‚Á.¹¡EV0¼ÂðÂî(«˜ñ®QaƒÅ)6‘vÁcWdƒÅ
¹
-v#ègäydƒÅ5C½R÷+õªÏ$.
¼ÜD)/9‰!ˤ`°èØ
¬`°ð½XÁˆÈgrdƒ]¦ô9°‚á3.,ÈÆÈÚJIðÓŽÖÈHCæ2[’r�sNð�äö—¼ÀÁ[ôA/E)#5dJ#RTXÁ`—sXÁ̯˜Â
-F0#ªY1Xtî„w(tÔh×g)á	‚`¹”ŒG \µéIÅ`q{TQÅ`W+f8È
-†K¸7Âá‘U£¦vûpT3Ã0[ÂR1jVÌà©ì*‹cgÐÄdøDáôá.±[Ab€œ@$ÑJ7r™DÞa‚ b°p=1Š*ëXÁLqÂÙ¬`°ðI¬`$G³z¥¬]'‚¬O†�«À·ˆ�Ð1=áåጤb¸„¶D~GÖÔÆð‹ãjj=ÕœWHÅP‹wÁ›‘z(ª˜FyïV°ÏÃBY;/ã%e¨9ÆÍ#¯9`°x*QÖËÚ;,XlÛ&“³g²‚awÎ=XŸ
-¤ÝŽ­9…X„•ì�‚âÀÂÉ
ƒMTXÁt™»QXÁp
-ë
-ᎲÞ)Üì˜óßØ�Å#˜fyÂ+¬½à
-+,Þ'àTÐ,˜bV1X8«vƒÅ]	
�šcÜñÆ€Ú�¬Íd§‡Ï�„;°>¼À
-Ã
¬w�õáVðîÈöáö²1^¦ÖH	}¤WŠ./pÂ
-F¸¸t¢OFYûã';‹i4@½1™œûÀ	D¨v
¤b°xcCþGµŠÁ¢ùàn`3S—ƒµ7á «˜¡®'v}eñÞc'ßcÕ>þx—Puäw$ƒõ³4²¦6ÂñcC‹»×½Ld
#ØÇš
-ëE—ý'¾åG(iº<„`Ê$R1X;ƒ…Œ$Í#º4*F¦W¨‰ÿò€keÒxÀ·1TÜ?h\€0‰õ	©˜ñÝ"ˆ*kV0ÜE/
þѬb°1uJ1XÜn�C‹Ídƒ…õÊ;‰©´%�´ †(ê/¾Q2|Îà]Ä#c-‡6Jȇ'2@N ¦†Ó&œy0ï¿UØ� 2d‚$힉áãXäAð·
s5åí߀q
BÎîÜ�³ÃŸ#ì½�›9& kÂ&	\€ÔÉ×ýÀˆœb‘$�.c�9óžü@'ö->þñúá}!84{$\€ô“±¹a³†Ï�ƒN�ô“;(p
‚C£ã‹á ç+Ÿöo<xç<çý!|�ßÐ.@pøDÂï ý´"'N#¾×÷rÁa„ùydà‡ãƒ_).@ìAØS_ü¥=BƒcÕøøFÈøRô[à‡‹<öç( ã³ËÇÀ½»»zó‘ëÔÝ=à¯Ùråî¶öÇüfóêSÕ5õö´éʺúëÝð,&8òϾ†�O¿ºÍ÷¹Ûå­k‹ïE“ïÝC‘w§¦h]·Ë;÷\ŸÜ¡|Üuî)¯:W7=ªêþ7]íNm1sw»Âmvù±+šÖ•¤ËÖó¦sE¾Ù¹M
íôbî^Û‰ÛuU¸öXlʇr3˜�yO—â)c<}—ßïW?¸÷uÕU×ú'±³†˜½èV‡à‹Ç&ïÊêÑ}¹u_Ëj[?µ®*º§ºùÖº§²Û9žjð·”Ñ+HG3÷ö±¨¶ù™Ã â™»Î…ûµhëý‰©e°¹;"eî·ªüñæsY�~8XÙo/¨Æekæ¼çXmæù«7E·y³«Û?	wûË’¨U½ÿ>ÛÔÕƒW|9%¸È]–§å?!�^–®Ú¹Üì.hx}–VØ·Ü™Ã>wè;tÏÖÊ�<¾¬êw!‹Xá¾ã®‹îݧ_n½Þ÷h´‚OK�¡d8Düß¿üüËíÝ­{(÷ƒÓ^Ÿ+B>\ߺÏuýít¼di1s_?Mž8OTü\?¹ûíÈæ|8U6¡­Ë«­Û�ÂDm‹ã¾~vmg=O¿aCrFÑ“)›xê,<‘l¶ÅæԔݳ«�ìÙ‰16NùÈþõËà
CÞÅa_´œä~Žü9«(Ž¡™û­-ÔÔõ�CUsÅ©ÛaNË
¦cÒM¿ÎÒŠ�ð5ÿ6ØÏÝ¡8Ü
gj$
-¨ÙÖ‡¼´½v7ʈ1	éÿ9tVf6{$¹b�§UdÐןþénŠæP¶|Ƚ+;ŸÔaÓÀ×·›
SÈ}ÕÔ{÷¹ì'|b
J˜¹”Å›�•Æ­	ÌÄq4ÁIᯑT7ID™ïëGóR3��ï4´Ów¨·®éƒËy_ïv—7/æ
·×àÆÕOVû®|Ñ÷ø~|þhã¶eSlººyvÁ‹I¦(ÂÿHý!™bÁy‰Ñuž={^ö~½-žmÀÌù?ðhš5ÔžgG“ÛTús‚)Ç,bþšmŸ´Mƒc²p‡¼ýÆSG¾ó•€«ÑŸSgλ®)ïO¦öx„ï/;Yz›±Ý¼ýâ8®[´–Ý:(pÌÎòý3¬òG,Øé0¾(„K~üÙƒÐ{Š?ÄÎÛÉx¿|ýC÷wýÀŽo÷ãY1-÷/Î"–»/妩Ûú¡CÙCpÖ)·ÏmW\×èÊêwNq;">Uõ7 «Ídòøšïºî
-#_㪷ôôMƒíGonOÇcÝt/²fÍ‹n™\³´�¬m'¸ ÃrÿžýD[ÿ:Òê_þÍ'‹’ºPþÛ¢³ç>4%ÖikåÿéRdý@Ù}HYd·�ÙÝçÍcáªÓ°gÍèï"o·[ª¿Æ±¤Ðð÷2·]¤ïæëyÐ2ÆQZË»èn�PKû›�x�³‹�Àþ¤„ëÞyZS¼�,³î¹ ³˜v~º»úûÕÿái
-endstream
-endobj
-1508 0 obj<</Type/Page/Parent 1367 0 R/Contents 1509 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 785 0 R>>endobj
-1509 0 obj<</Filter/FlateDecode/Length 2356      >>stream
-x
…YÙrÛF}×WôÛÌT�`ìËSJ–ÆMYŽ"Ñå¼B D!!
¥øïsÎm}¹ŒR®’||p÷¥ð�ññ'0Yh¢ÔT›ßóñ/ó�‡ÏIîù&ÍSüܘ,ó¢	¬Íã`8sApHj¼1Az±
ü�²YèåЄùŒ¨Xc°QN³ò¬°
-ƒÍ#èP¬Õœ^JÍqì&$²
-ƒÍr<¥X…7&|/S¬Æ`“äPÖÚ�SÄ	Íaà%&d#rlê�°
-ƒ-Fäd­æ(BŽfÍ‚”æ=›%¬—c†Ï~LŸgÖ7DÁ©ØOX"A¢ØšõS[¢”O¥‚›‘Msy…±HX…¡9g£(Va8ù‡²b7Éý)‘l
‹l¸CsšÀ;Å*6c(VazŦV¬Â,>©XëUÊH ±ø‰ ñJa°q�†U¬Â´{Ä*̱%�¬ÆÌUˆ–T¬Â`áÏ�]ësÛú¢²¨‘ ›I‡é3E±
-ƒM²CY…QN¯œfk7ömçX»‚”Ý=kí8VahFÅà³cf�8 ŠµvÃÌödÈfOY»SsÄx«0«�Q³c­æ ¶=çø�Í
-3{Ò±VÖ¦ñMØÏ‚¬WÓ+ZP,w[Œôr@±B“	PRÁ�Á´Dš£De²]ÑÊÐ"H…ÄÊá‚Ì™”X9á
⇚™Ô˜¾²�«0ØÂ?P¬1ò+ßÉj6ád:6�,H’7³„, Ã
-9Ì$„Rë5†»iz Vc°9ÇNÉ*Ìf	éîlVc°XoÚ®ÆURìd[²²¯cìî BÊ(ÀU5¤+pØ–\�#±ZØHÜ0•|!ˆ¡Ù#’3K	ÆщÚS<*¸ÁF1Â"‘U,œO+±DH$�Ëœç¡â’ƒt‰�êH�©–+Ó¥…�¶˜³h‘¸¤0dqu€YyVX…Y8ݱ³pÜyŽ�R!�Í(:XA6ƒ•SJ±
-ƒEÑ-k#Š§«Râ#²H�hV^á†xgVcë3r5³“ÏátU
-yu‰‰f…áUÌ"+Va°¸
-šU˜I=�f…ᶻ¯em¼Át‘BP#A6“Ó®CdmSùÓM)³‚DTaˆÚ9VaºÌ�9Vœ
-±Ôd¼ä2d‘h¶l¶¿*%p9¤Øtº*EÒ
-Vaä#‘ŠU¬\+á†è¹râ4,ЗDTlIh—‹%Y«/”aÇJåýÚr
-N+Õq²R÷rÜ2T´8‹°Ä-ƒõ”Ê	�;oØÚ²)p8&Òè©"¡[v
w^ €Jqšî!€s#R¤ÆL^Fµ³¨Æ`¥xŠU]¥H¼c5‹¥YÉm�Ù#wà¶	è°‚0Šõ¤I�épBµ³¨Æt˜)T¬Âp	9Ôš5f8j%+>ŠÛS½¹�}qXêm!^ñ"¦{æ„C‡B‘6¸°Íõæ-R×;š.9å0Crž
/Qâ8
äàÌ¢ùx×wœ‚̬83jÌÜqy;Q�‘±b5‹¸´¬Æ`eå8Ío°1íjÑé€lñÞ%ç¹ø$€‰Q¸ã\ÀLáUU.wx#ó�I­ƒHz:Tœƒà†’k8†8�X}xÓãß©Ñ!¡çðÖ¾§´
-ù.=‰QÿÁá`-ç òésãÍr
-‚Ã�MéTr‰×Õ½=‘gì ÅIprO°!$¼JÛ%É&m�»ùÌ9.ec:ÎApoŽ³ØtÁ€—"< õq!2í8{ŠØO-Alh+7CÚãÁ6s>aسxÆ�_Y2³XÊgß,ª"ÄÈ3‹—ÚÜn¶}ÓŽƒYtÝz¨Ç-~»€À%2„ˆ}2ðÌ÷—r4Í0?ÿ¼ô�=sÝ×åØ´+sO½uonúæ¿îËê÷rU”;;öe¨{ˆœ{2ž¼n‡±\¯a¨kÍõº©[qüòÈs<}Ó”«¶±{B#°Ûvì»å®¢ªS‹hn訟v«c’\!˜mß=­ëÍ™`$±’¬éÙÁ,;sk^Ê×ú\ÎpÀyæ±%e»­µP•[S¶KŒÍÆY[‰gþ×=á‰vü·i;ÓíÆíNRq˜b¼Ñé'‡±/ÛUýÎã™gÊ7sß
ãcÕ7Ûq
-}y.E¹g®–¯e[ÕK[u¤êÜs”ÖåÚ,÷ùäC—øÒèº

=ÖÕ®oÆf]¿ÖëÓºá||¿jØ�ž¹ëúÚTÝf»®Ç‰‚íÒ=#_'&[ÙúÖ6Ï
úÒ­ºv0OõøV×­ùÞ´Ëîm0_R¡o_o5»�½
æ	$c:è3\"�Ÿ'æ¼²]ªkƒuü~4ØÓôM�âîµADg,á¤ìWõh¾
ö‘ãÈÐoÿíÞöîšï]ÿû9Uøöƒ,6Uß
ÝóˆÂm:$¶Qår{�ù;éI\ÐÏ×rS£ŽýkSá÷[3V/ÇýÀ'Øý“Ub–ÌÕn|A7•ê;Ìäút[P
 ¶^òÿ¹ï04·7æj½î¬è9Kh«‡zØ­G¸]½Líyœ<t«÷
-'ðºkŸ›Õ®§Î$üo›ß˜‘‡ú�]Ó×Dx&i‰lãz�%° ƒùÙÎñ±“èÌ/ͦÅ¡3ª0¸ð¹Z£'í>;Tú¾†å“¹ûñø˳EþÙ{=‹W7Ï|Ü5ëå>Wºgq$ŠÉÌôÀ!�Ê~“¡Ø®KžbÀì[×/Óõ¦n«þÇvÄxíÿù¸j¸ùxæó´Û®½¬ºõnÓše9–æ¹ï6íbF¶E£ÄBš¢üõîÿƘ¿#neŒ
'Ö©zì±Ç±Ãñ¶2�åæ©üÇ 
ùáNz­\UÝ®ÅqÙ>wýÆösÓ¢_Í—›«{I}]AþÇI?té~×o»AÌê¤âºðþ¢À§7øµÛn»ž‰SœÁº?i“‚É}¬^êM)SôPÛ£txi¶fì$µŸ®ù¡*3p¦ùs
-é¸JøðvÐ	6ÿ"œ‰P&æçmÝŠƒÕñ|†,³³ŸÁ9ßÔúáÞtäzÃÛhÎÿƒ’ûÊãÕÝÇ+®©ß�csÓU;ÎÜ<¾—
>ˆóñËÌ/x¿9>þùM4KsüÈ4¢©ÿ,.~¹ø§-2Åendstream
-endobj
-1510 0 obj<</Type/Page/Parent 1367 0 R/Contents 1511 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 818 0 R>>endobj
-1511 0 obj<</Filter/FlateDecode/Length 1381      >>stream
-x
mWÛrÓH|÷Wœ7v"4ºû1„ÀRE*,vÁ³�'Y�my%;À~ývŸ‘5ãKQè´ºÏeΉgFbü1R&’Òlfqã7Ó�ÏïgyÅRT~nÄÄ&2#ZËbb°I¥!`°yqª
ðF“Oqèì–IT!ì¼À_…r
„­ajž1Ø*�Š€u¶ù¿ÜHU1]´LFÈZŠ(ȃ-Í)`-™ÒdbTŠPÍĺ”2†C¥sæ @+õpJi"Ç”F¥)ƒz6ÀL¸ˆò�
0Θ’×˜	'ìÓÄ)­Ò™Bj’¨36)�pð—<gó�à±ùçÎbÔ™Dk™È#džr�<`Wi”•1Ø9'*ÐØ
aèìŽ&æô±ÒœREZ
#Ÿs¾P
'ß
r
¤0�žÔl’�HC¶d?½±‰´=‡?§Å¤Y4‘:lÎeuÏ*`°s39)뜋Ò«sR8YçäÙÿGVžÕòLG"ËU
}ˆ&rF=@˜&\VOêœåY¬G££é€šr—Žœ‰ó	¹:=†-ê<>KVO<OJ=Tcæ$yÒP1ÞI¹g«ƒûQ·"csEžÍ0äz‹"h*)`¤„#7!«“•\QöÁ I©6À`3DÀ¬^†
`vâb°Ó2p1X,*Ò™•¶1Ã
¤»1§¯r•‡,'Ã3žt¬Ò#½L2*ôBt‰t”Ó5nc¦@…\N�0‘O5IôdðfI$S๘÷µN'²Q ¦2ajJ†˜HÍ&�óúÛHÉup€Â2¾H<é„UâëOhDÖï …]'R/å´àû©Vä¨ÐC
-+¤'�ïbNæ<&§€Â²ÆåxÒ	3÷†vøˆ#gR^ éD:aâÞÁ<G䪈Ê#&æŸ&ë¤xãsñ–E>
-4¦‡b-BÒ	c÷ÎrB^8rî&�H&h„¶‡›é…¸û��yÁyÒ	±:;œ@.I%ÑCö•›íI†JpybHõ;‚“Ù[yš½YÎ^¿+ð¼,Ÿø¹VT¥,Wúµ˲ù·UÉmÓt‡í~�z»’÷}wØ
²©·õ³ÝØíþÏå÷Y,7¸=h))#YØæзûß*êÍ·z4¹|ºŠäãÛÛO2ìlÓÖkDÙïûöÛaoyêz	ÕÃ¥|Éý¯z³[[Ø|x'÷[¨Gi}"¾Ôbüä®Û°
-u¾A¦Bð1 =~]>²~;²`2t‡¾±Òt++/m-w_4>SšH> ‘nuhöm·=
ë‘¿,ŽÖûÎeuýó·$‚ߘÅó§ývͶÁsÍ‹+ßâ¾,Xéâw»vûìŠ<7ƒ‘«wg{œŽE·Ãp°jyR®¦‡>î꾺­‹Œ.?Ø=îÖ]óãšZõ�/¶iíÏËDTýѾØušÜœGHc½’WOõ+�‹ö
-ÿà
È�¬ì®·M½·+†8=j|�¢^¤g÷£àZY$Ÿm½’¡ýÏ^¦™GòPÿ’_›ö|%P?¶è#ìÑîK!×åŸû¸ÁLiÜÓʸ ݳ¬Ù�K5æÿk‹Y\·['>ëg\³îë+½5˜†¯XT+#}®ÆÁ©½[µWg§‡æ=ØM×ÿ>ÎÔeš¸‘d±î~Êݺ�Öí´N|»GPmë¦èì
tÑÉeØ^í%^šòð)‡µÛé×ïªñ~3)þPñµÍ/*\U‹Û‡7·ò©ï¾Ûf/o»æÀ› >.ì
¿:)¸)ã9Ÿ?ßh~œ”E…ÿî‚,2}¿œý=û:b*endstream
-endobj
-1512 0 obj<</Type/Page/Parent 1367 0 R/Contents 1513 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1513 0 obj<</Filter/FlateDecode/Length 1287      >>stream
-x
­VÁrÛ6½û+öèÌD”HÑ”ì›ê&ÓÌ4nÚ¨“‹/	‰hH€%@Ûúû¼Hš’Òi;m<™Iàa÷½Ý·øó*¦þbZ%´Ì(¯¯Ñ‚ÒÅm´¦t½Âïÿ[I{ÿ!YÇ—~Ø^ÍßßR² íXÙjMÛ‚€³À›üú¾�“-Å‹ˆ>h'­pJèãgú¢taž-iéžMûÕÒ³rå›íWš%)P®?‹z'ø
Ÿ¯Â	³e%ü�qD›ƒÔE¿(¥8î%«(ãE[Cª�Ú©ý‘\)é«<Ò¾Ó¹SF‹Šj™—B+[[2ûïÅ¡:CR‹]%=@!›Êk@òŽ1BÄ/C\Â’°ÐS¾8È8BsӂΦùÛyÂŒ9Ä£MeÇh`"‹<_$ø©*’/¢VZÞñgh6KúÀ¶¦ê87RQ4Äû]«—ùÏJw/´½ÿ4ÿð	é<©ÖhN‚af`
b�шø�c2ç°H®³²ðZáˆK‘Ø	fr‰ù“y¦]附A�¦*ñ	|’É:O;ÀÖ™U·v`”`Lcyyä$N+ó®UîH¦a¢NÎÍ�Þ«“æQi½¬”u%­£}ù}’azyÜ}�ƒZ‡C��°²m8I]ÌDe´ÄYí“lú"Z®Ó ‹èO¯Fm6'ü?li½ÌStì˜baj
•jYïØ^êÝeЀzU#ê'»�"S�'üp‘¦kMU
Ø“�ó€?[fQgt“À9Pa7áõk?Ï’šÁj†ŽF¹ø’ûío*ŽQLÔüý÷º¾ïôAÏ Ã^AGÊ
(FƒW*Ëdy•DšjþŽèmdÚ^séòyi¬³áм_3[EëžÒÇ$[ùþyEðG½<†oѧˆ#û�HÍÿ�£­…óæå?Æ‚Ã’öðžußÒl‹‚!'lÉ!¯¸_u}N݉^\\F(S¶M4ƒS9UÊz{…WmŠ”YÇ6 ár6"yð�ÄD߆Ÿ† ¨ÿc`
-Eqÿ\™\TL�¿"ÿ+ôÇ̾u:¢Ü"£iö8;uØ™—P…l«ÃÊðžÐ@JØKÓTÃ8Ba”c%ÛBX5ÔÛ_2uM¨SôcÓš'L3ðÄ<LÝ~œcd
ÊZ8viK…!m&,êÝ™!Ç~Nµ2ø�e1°|>vÂp¦Fä_¥CŒ�VAÛðD+ù©Ø”G«ÀÊ0Ìɵ˜�iA·8b˜ª;�%Nú�ž”89—v�ŸE“9Š›B‰�Áåyv”vmòœÝ¸÷ž!ò·«þ¸¹žqÛ8©DÛotu¤eB;…d`
•Ô‡ñÖ1NpTçèŽ
'…
j{A#àÞt-=^§�o0–rUsÚ;ì	=�@Ø°;B¯*<^#ÄF¶Ê�o|
“/-.±(îÅÆ9§òZú²´‡Éë¤Eܧ±â‚1�—+*ÔA9*qw8ø¬$¬œD�ã¢C³áNx·–wq'wËôî&;÷
-á8ŠÏ“²Ý·"—Twè¸R`žð0™ê³±ÖäÊSÄ?�4ùÌE
jq¤:£Ñø±8)�Ú`ÁIéÒÖoB¯<ü‚樼ëÛR5ÀpÏRb¾éÉŽ@ÝôÔ·èߊl—#kÕÁß�zÃ_ŸÜ-ý0û·wÛ×ÛbºJ£U¶Ó=»a2ßm¯~½úeù}endstream
-endobj
-1514 0 obj<</Type/Page/Parent 1367 0 R/Contents 1515 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1515 0 obj<</Filter/FlateDecode/Length 1614      >>stream
-x
�WÛnÛ8}ÏWÚ‡u�X¾Ä°ÝîSÚl�Ûn¶u±/y¡%Êb#‘.IÅñßïR’eÅÅn/h*‘s;gÎŒ~^ÍhŠß3ZÍéfIiu5M¦´˜Í“9-Ö+ü<Ç_+)/æ«E²¼ôb6_¿|ñ~s5ù¸ ÙŒ69œ,×+ÚdÓ)mÒ‘€Ya·Ê{$c)S.µÒ+£ù�Ò¤…¯­LèÖ“/$UÆyÚ
-§R*å“,I”%iéÆ>RjªªÖ*|ß‘�ÒѾ©¤Ú)½{³ùq5¥ñì‰m²ÑçÛ$²ÌJÇ/ú¦4NöžâvU³?I»ÒláêH°ÿ³–×$tF;©¥
O­¬„‚Ë\=ËŒr$"ôqàn/¬Wi]
-‹¼¼´9âºI	°Ó•ÔžLŽ›ôé¾
Œª�„“Ú¡þÖT$ºt+¡ÅN†k{iÝ^¦^=Édàö³A‰}
«F˾å��YtŽ¨a£Ÿ|Bá|SŸ®ŒÁÞªŠÑ9EÉi(7p¬€N·‚§ƒ\p
-ˆk«áó¡Û¯÷x¶/�môóe²`Œþ)¤FʵCp\U87)£ƒÐLt	ó¾@ýLZT.-Rˆ!oRS’ªöe(Y࡬`×0ò*_{ÕÚТ’¯8€W0þ	â®)Ÿ�9Ç
‰	„ ÁD€Ôq:5Ú[S–8¿=r\ƒŠm>ÜOPTËÕ®¶1Äæ¨UJ—Ðañ�Äw'Ѷ¡³FéÓ	’9µÜˆ3ò®N‹pób‰9ÛžLC~’Iç:ítâ,Â
Cà’IиB�³L,qŠŽÀ@:ùʸÂ?àã
ÒU¯òP‰>óZïЄ�DáÚf�Àœóh=tÀ¸�ÍK_…:Dyo#бAáZœn­Y*¢±
-þX%}a£„H}¿»§‡ÑwæÜ�ðbgEE­á‡7Œ5ú‘s¶ZSŒ>ˆÝEÊ¿€oiP›®}�Ü…Þ
ÒÊÍ6f¿¹~-úÒˆ[Ï8‹&ú€ãªBa™‡{ƒ�¤p�ò¹¢]gw
-uÐ� umʺÆзm›çïÎÿD
-†f¥½H�PÔ%Íð\·
-}ÏL†Jó½˜Ð8ÑåK]	(Kôñ©´Cön+;ý_­¤ÈM­³@kàÑ€÷]«çÉŸJ×ÏÔô!Ý’pDbÄñ�ðuUWQËšœis
ØA-øæ9ô–½ž`™A«éP(ÔV�–’5Çb§ô¯<·òÇpqÆ,…,÷A3¹Ò�0ÖÕžXÃäg“À
D�‹ÝÅ#C>«0Ñ€CýÂÌ£F{cK]0±•˜Òœë“P¥Ø–q^M>¾¥ŸW„ñÍ,jÿlš`IxgÍ�¨tQx–ʈþiÅÏyÅ�Òö²,ã,æSª­�
÷Ž�`÷·s‡iN·JhxÀ3W:,Ú
-CK£w�î¦� �WÉš÷*Dò0_®š$Ú(ÃËni�=Œä¹�YðÈqW˜ºÄÔ@_Ö/°H€™Gè�°i

8ðœôöˆE†ƒlæšûg-J•+™
ˆÒͱ@Prp±¦ç¹´kÓ/ÓyY»¾É�W:ÝÅz~a‚}“ö	ûKÌ´Ç�¦{ŒÊ†­L«"/FH«RÞ
-íb§¢ÕÌc½¿Ç…ZÞ�±¼ÎÞÒxÁË-@仹L>®]�zíu#õºYÜ;Ô"æ1ÊÝmQ•DègMT=Æî¢GÁT�ì ]¬OžcÝ“YBŸÂj1s©U�#ƒe‚e ¯Ír»ÃØ¯“›a³°ç°}eÁôã¸gˆå¼­SÞÙ1øC[±2¿mZ{¾ˆ­Mͯè2¬-×[¥;’N“5ƒÐ«êÒ+ÌÔH˶”\ï€ʉUÊÓN-èË©cÚ]3¡ûR
-¬ÑVæ¼”±èგ¶ÇFMlø_^[œÀ7‰ÄØ*]˜<¿ªÅe®hç Ôiq�
-_NRu†‡@y_ˆp\‹ú«`ô€W³¦÷1Ý·?Àâ(@ûU$†ÛnŽ�Ôþ«×‘Œ/Bh–3¼^G Ö�Ζøˆ\ßÐrÕlõßn?¿¿å•*xgÒš7¡0hù渽0^MÁœ¦1	†ÝÀ‡ø]-×Qj—K~ôÇæêï«
%¹@endstream
-endobj
-1516 0 obj<</Type/Page/Parent 1367 0 R/Contents 1517 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1517 0 obj<</Filter/FlateDecode/Length 1606      >>stream
+1511 0 obj<</Type/Page/Parent 1372 0 R/Contents 1512 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 780 0 R>>endobj
+1512 0 obj<</Filter/FlateDecode/Length 2874      >>stream
+x
�ZK�ÛȼϯèCÎÁ²ø%mï:kÀžõîŒãA´Ä1–H…¤<žŸª¯Åî¢f²0P*~ïG7iÿç*qsüIÜ2uYá6‡«ùlŽ_Â_¿ÿíj5KÝb]ÌæîàŠùlq{ws%ðà–ËÙZ8�—¤	ä½
+*[dµŠÁ®Á“|pi25»H©j•ÎVpwµ¢K(é¹b=+ÈÍÉ '&³ùl)¤b°yÊ`‚¨b°‹ù,SV0ØeÆ`¢¬`“.f¹°ŠÁ.²‰Ëë5C]�âbãñdNk�œ/f‰[Š$‚dM“uBµ†"™–Á4Y1C$}
+癤Ð9ŸÂ3—¤&HÅ°™Ï¡~YÁŒ%cú#+˜þæLd³¦0°Š™ÂœYŠ¬àƒËæÅÄ.š~åòõÜ'9˜Ÿ£MéÛÐ?k¬`°«YV0]^¢:‘õf1?,ÝÙŒ!1;²Å’NEV0Íf °^qÁô�Ì8)¹!S,l¾¦Ç�õ¢heŽU’²ÅsC&*,:>Ö‹fKk™žºÜ��¢X(Èb`­Ûò4·,M­
J
+„`²Fåü“¦V0Õr+,öÒ+æèp„"«˜¥c?	+l^LYÁ`—¤DdƒEW«ÏŠÑ©9§+Ê*»æ‚VðÁåiµ«ì"™hö%ÀP±±¶P̲@– £Ñ@*‹v€ÑÈ
+f	,_d#Ø^ªY1Ø´`ù‚¬b°è¥\YÁ`Qz¤1Ê
+F“©]Å`±05"Å`—	Ë4+F’Ólâ•�H¶^!L&²€b�|/G6ãø
++,f=QV0Øu†pEV°OóJX¦yÄ`1Qê•b&r�Έš3‘,Qd}¸+68œB. jÈÂËf#+,öÓDV0Êh6È*f@\+Â
+‹ãk"+lÎÃVdƒÅµC}VŒdÌw”UwõJ1»jê•O$Z�š$Ïé²!K¤`°Ø—0YÁ`W\÷Â
+F@>‘AV1X¬
¸YÁ`qA2kû$[¬ ³s#
™Ë<¯2$“Ë™À¥Ô9�‡å“�¥($b	¤b°ïšÂ
+‹¬ÀÛ(+,öè蟹+‘âhSÍŠ™%·Q³b°¸`ªƒ]d'2‚¯²
ZÈ`m´©ìbM‡#+,úŽ¬`¸„Û"¬b°Ë9›-²‚}8ª™á�˜`©²Š9
¼–FÍŠ9
lŽÈúDáD³ë~B�
0Q«‘D+]à2‰¶é©,EODV0Xxd3ŶÜ"+,¼@#+IÄ�Ŭb°$¤)°>XÙ\¾EÄŽ9s<—N Ã%´)òXS›Â/Ž«©õ ¨9¯&’Š¡ÖiaÓèF…ìó°P탧—”¡æW�è”b°ö”°^¶à´�Í—ÈpjÈdÃ.u&¬OÒn§^æV„•3QÁÞ)(¶gG§F6[PqdÓeîFaÃ)¬+„d½S™¥õë45ä�âïÓ,ovÂ
+‹Ø‘å(+,Î8YÁ¬û8²ŠÁÂYµ«,n((hVŒqÇ%K½òá¢yâéÁû^~®�…;²>¼È
+áFÖ‡;Êúð"+8„Øs¸gÙ4ãG‡è•b†Ë—va#\¼H¡O‚fŒ* þf§c± �X\�˜LÎ}ä"T»„FR1Ø"aþƒZÅ`Ñ|p7²‚™ˆ©KŠÁâ­=d3T¾±EÖWvî?Ià•œ
†*.á΀üR1X?K�5µ|ý¶¡Møzé‘͇`k.¬Å÷ûZÄXøñ¦°VÃ!ñ2¶R1X;s£¨b$iÎ�/²â|
fƒÛ«˜tW 8öºpÂ$Öw"¤b:ÄËEUÖ*,¬`¸‹^ý£KŠÁbÄÔ)Å`q»AÒ,6“vÔ+ï$¦Ò–<š(³•ž'�G€‚ËX×^„¬¬–C%ä‰ÃÃ~OÄÔðWá̃ùùC…Ý	C–|’vÏ„A¼¢$˜=;TpÛ0WíÖmÀ¸!g¯—‘3¹‚ŠGØ€�!@p¸=¯…‹�:¹·£\„È)I9�àð½0‰\b¾àk˜Í	¶1¾Îx_„=4;?%Ž\„ô“o ‘‹ö0kø.7Ê	¤ŸÜA‘‹ G9ïg~~ãÉì�÷3@ø9~¹Á­íc]à"¤ŸŒ!È	‡Fã炳N�à°ø¡aä"‡ãƒŸ
+F.BìAØã7•3çãÃ˦phi¬:_€Œ/G¿E.Bp¸Èc¹Ÿ]>FîÍíÕ«w\§îöÿP,WîvkßÿñËæÅûfèÚíi3Ômó×ÛãYLpâŸ}	)ž~qS¾–nWö®¯¾W]¹wwU9œºªwîÜc{r‡ú~7¸‡²\Û�QÓžZwê«™»ÝUn³+�CÕõ®n ]÷îXvƒ«ÊÍÎmZh§s÷ÒNØn›ÊõÇjSßÕ›ÑìÌ{ºOyEÀÓ·å×}åÚ;÷¶m†ªzÿ$vÖÓ¨w=sˆ½ºïÊ¡nîÝÇ÷¥n¶íCïšjxh»o½{¨‡�³Ø©ÿzœBçÍÜëûªÙ–îâÎ:s×å¡r¿W}»?1¯Œ´tGäË}nê¯>ÔÍ釃�ýö©b\´fÎ{�µf^¿xU
›W»¶ÿÃp°0ŸD™Úý÷Ù¦mî¼Þg³�+Üóâ´ûçÂùóÂMß#‹›Ý3
+^N
+ë–6óÖ§
ý†®ÙZ�§%Báž&›Û7Úu5¼yÿë�WûýUñai-ìæŒMùáã/¿ÞÜÞ¸»zoO½¼xÞM¸àþO×7îCÛ~;Ÿ1³˜¹/ï'\„¿´îk‡d?Þ�›ÉÞ•ÍÖí@a†¶Õqß>º~°.'�_Ø„lú z2¡o'žÂIc_mN]=<ºöÈ>�Øb»Ô÷ìY?ýw˜ê¾ªûªçèž'Ç/�i%qìÌÜç¾RK×·Õ,1§a‡¹¬7;LF_uç‘Ÿfßàiùm´^ºCuøZumh‘ 9„±memkì"h”aÏŸ¹3�©0›=r‹<±À“úáèsŸ¯ßÿÃ}ªºCÝó!÷¦|BǽO_o6L—S×î݇ú<Òjº�¿¿×Õû€EÆÆlî	ÌÄ1˜àxðgdÔMÒP—ûöÞ¼”<@/rÊ&C'}‡zkö˜<¸\žkÝïÊîrX Ž,ŽnqN\ûÐ`�ïjkx­žE?OŸíܶîªÍÐv�NB¸œ_Eüïh fó™`p:bè‚΋g/ËÃÆo·õÝ£
—yÿ]ƒêó¬èJI.0éD_·=§mÓáT¬Ü¡ì¿ñPÃ!Àsîb Àåÿ§Îr\CW=™ÚãÎ?í=dkln÷éõGÇaÝ¢¹¼èÖA�Û`ìptïá`SÞc¯NgñI%ö¡~v!ô^†‚1Kí¼žL÷ÓÇÑAtot×ï¬öþð5œÓÊYËövD—îc½éÚ¾½&F­Unû¡:¸¡«Ð—�wûIDv¶¾o௿ðXm&³Ç'õu;TF¾Ä›§>®îS‡ÝÇ4ßœŽÇ¶žØ°ãÝ2¹UéÚ™3ÉÀ3:ÌÓ·ì'Úúç‘Vÿò¯Ë„RtS
öØO]�eÚ[õþ�²X;Pô™6¤,â9‡�Ñß—Ý}åšÓ¸fÍæÿÄt¿Þn©þ{ÄrBÃßëÒ–‘n¼O_žóã(�å]tŸ�OËú«wxk³«�åìrw™Õ¯Ëb…[-n~EJ;?ß^ývõ_ÿãJendstream
+endobj
+1513 0 obj<</Type/Page/Parent 1372 0 R/Contents 1514 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 832 0 R>>endobj
+1514 0 obj<</Filter/FlateDecode/Length 2407      >>stream
+x
}YÛrÛÈ}×WÌcRaqù”’­ØQ²ºD¢ã¼‚$$aMZ”jÿ>çtƒ˜Iom•ä³gº§ïÓ¤~¿ˆ\ˆÿ"WÄ.ÉÝj{!þÏøãñëE6B—Ïrüܺ¢â
lÜÓ…�[EE�Òb°Y¤–
cª*â`½Q<[6™Q³œÖ`°³:«š³y�Ssš‘ˉ¬Á`‹NÖà­‹£0(k1Ø,›Êê½i?¡9Ž‚Ìå‚Ô#�Áæ	k0ØyD�¼¬jNÄhÔ,Èh>°EÆ|yÖ`ئ´yd5¹1NÅaÆ	Åzm˜kŠržÊy6›'æ,	æN‘°CóŒucXƒaTNeåÞl�di(Rw=†æ<ƒu†5lÁ"0¬Á´ŠEmXƒ™|Ò°jUNO ›0ù™ ±Ê`°ékXƒyïk0SÄ’ô²3V1JÒ°ƒ…=“{Õæ,Õü"³È‘ �¤Ç´™�bXƒÁfÅTÖ`z4£U^³Þ›†Z9z¯ sï�Õ{<k04#c°Ù³3GlPÃê½q¡5³Ø3Az¯ÇÔœÐ_ÏÌ,ÔìYÕ¥Z“é¿3A¢Ù`F£`MzVeÃhhߌõ,H­ò˜VñÃr¶¥/U”
€’nÝŒ¾éArBiœ@©'-›çµÓœ‘5˜aŠa™g-‹Æ¶÷Z%4‘5ì|ÊʤJ>sÆC
�U#T>ú!äII�D	‚†( £Ä6ñ¤ÅŒR†B4¬$5EÛë8HÑxŠ¨8J<†,Dâä¬7)fè`_‚T€˜ä!M¢Ož´˜jù¤VMÂü�'5e¦‚Ä$ƒ!‹G×zÖ`&N’>²3qìv#+÷&sNDh–{ù{Glèk04£P3ÃZ6�‘#«÷¢ åÁE±.$÷«ä]0¬Á`QlÐìeUs>×äf!~'‚D³Á°
+kÏÌ°k¬RÃFª9Óu*Š¹,$‚D³ÁŒ$#jXƒÁbùŠ,k0=bYƒaæ)²àïU«ÒaCö!+H#é1ïõˆ¬4_ÛV$×
+Qƒ!ª)ñ¬Á4™�«šDV�Š†}JÖ�D�aÃa'B:a² ÏÆóa±I
+„Y‘°Ó¡�4¬Á`åqö¬¸ÃN„÷gîQ±’ù°))Ho…{1j‡Õ*-¤`,FŽ5så¤ƒ¢unXƒÁ¢FàÌ(«Á_™RPs0§8eXƒÁʃïYU,#¤*dØ„ûNìYƒ©8D•Ö`°èIø3Ê굈ìð@RoÅ«p€ÄöRÙç2£Ä^EÞÞ‘ÅðNe&äNXƒ¡XÊc*ÃÎa3ˆYÄŠDÖ`ÅÉiXƒ©9�²£g±yGFÖbvô|r¯Å`¡)·²ƒEŒ­ÍªB×Ì�–HŒ=„ÁøÀ“FÒb°(L+j1CÑY/k0CÁÇѳj’üÄë/6ð&
Ü`ÂHZµ¨-¨õ¬Á`±3À`ÏL–Û—e=füùúxV”p¥–:½¼Á78’�{V
>Ȫ�ž5x4Ø°bð Ë�7ÈÝȪÁ‰îPó鎈ÁB-vbx:’ƒEo#ž5˜î°›
k0
æÇ|ÃŒcc¶šÕàˆ‹8JB:V€ì!
––I‹Á♃ZÏ�*ZóÃ$Œ”ÄÈbÔ¢)8lñ!zÐ$¡£jGÒb°H#ºÕ³3ÿ‘•KçºKFx3'€wHGçÈ›çøÁËë_Ž$úoJy$Ëi謪‚:|¨K=%ÙÀ#ì7p
b…,äK0¾EàAá<„J™Î#'*eÅE~¹‰É¿)å„ð]?¨ÁQˆÉŽ]mXÜäã›ÏaÅ’/;>áÈ}Z\üòA�Üâ™_…å³Â-ÖòMXè«¿p–nñZ¹›í[[ïúÎ-šfÓUý_¿]@à'bˆèÉ(pß_ËÞÕÝxþï<xŒ÷¹­Ê¾Þ½¸ê­ZwÝÖïøõP®~”/UG¹c±c[ºª…ȹ“é`õ®ëËÍ5;÷ySW;1üòÈrœ¾®Ë—]ÓÕrï	
Çnv}Û¬÷+ª:½;tTËýË}’XÁ™·¶YnªígðAiÖp¶sëÆݸ×ò½:3´vàžª^B¶ÓVå›+wkN£qö®,pÿj–8±ëÿæv�köýÛ^C1�1L{´ëÛr÷R™óÇÇ‹À=–î¡éú§U[¿õƒïës1šîjý^îVÕZÓŽX�;7‡ÒªÜ¸õ! <t‰ok}¹!ßvõs
M¿6/Í®s˪ÿ¨ª�û^ïÖÍGçî›ow7ÿsûŽY
³Ie“ã ¶¤³«Ó Hjÿ,û>•Ãð­y¯×ZÃG7áÛ”fÙ¾T½ûÖé‘i9J¦ÿÙ|Ìuß›öÇiYòTÝÖ«¶éšçÛ6}Å»Þ}[¹Ï¨|‘›´åP«^î
+%ý^¡
ÚjÕ7í¨²ö½^�v %Q´wå¶:œqOu¿z=Î!O"A´C‰pWûþµW¯´oÑH›ó R–VR÷µmPé7×îj³iTôÜM¨ØǪÛozx¼zJê8¦Ð{c‡
Ûæs³{®_ö­u¦*°*üyߧ
=ÞþûÑÛÂÓî㎭ª“Î]оÎÝÍwTðä×z[÷bÐUh6ؼڠœuM½¤�ÓÍ;šbÙ¢XôõÎuåvYžø'ÞÝc~¾×Õ‡kžG‘ã‹�ŸúºýÛ[Óbƽv(ˆ»(BÎ=×V]³ÙŸ™øÎ=p£Ò’Eܹn¿ÜUÃIdx©`S¬›ªsöôh¶û@Ÿ8��GÒŒ�¥û~s÷4ŒËSg‘sx4þBðþñß_ï¿=œŠ!7?»¾¿½º¹;•Á<üÒ´+¦IräúcÌ¡Wܶìð(žŠ`4Þ–?Œή›m	ó~&‚uÍÝq4”KÌ}Æ«\¯ Þ•ë5tBÓ$âw‹žªßоò@?—ÃL˜ÃÕóÍfŸÿ÷Ë“Ûú枤
Ÿã¦Ý$=¾:îAkpŠ à×(éŸ+Æz¸r¿®ezk€Œ¶?V›Šáüå7[î;øâ%œñOw²À<]Ý~ºâôü
cÐ]7«=ûy
—þÈÀã—E8çÂsü"ð{Ù"ŸáïŠ ó„WýcqñŸ‹ÿ
Évendstream
+endobj
+1515 0 obj<</Type/Page/Parent 1372 0 R/Contents 1516 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 862 0 R>>endobj
+1516 0 obj<</Filter/FlateDecode/Length 1205      >>stream
+x
mW]sÛ6|ׯ¸·¶‚Á/�|tìÚÍL�¤‘&î+EÁ.QTIJvúë»w�èc2“Ìr±‹»=€Tþ�D¤ñ'¢<¦ÄPÝN´Òxrüëëã$Ò±ŠÉFij)JµJ÷hE³IVà±ÉcU€ÌK•ï
s
„0*U�!kØÁù°4Ä-źTYȺ’²R.	ÿ¢$A¢uljðl‚nÈ6á�’=µ$O`.€Òê•…Ì¡™äf"ÎäH†˜·L9ϘËÕªك͹2¯uùÆÜo›qñ‚¸&Gj#áZ%d0@&‘1Ø8=‘†ØU„M½VâÍÊÄ…�ÞJrˆ·åÞÚ,Bj
`°%§°Î•»Á‰“ ÀùÀ:'ÏÎ&ç*<ËCÏðP†žñ®Ø7õ°%œò,àÓ¸@L^ˆLaš¥29:ˆ)¾é숤“ÉÖ2+CÍpÍøFñ-
)È“q.Ù|+2
Ì�‹M±Æ“Î5â­Ðe¦Dè!„„GÒ	5O
+B>c™zè„: E˜ü~Àeây8À²0B9žtÂ<u§škKKu�…|W<é„&ráðXS
"ô�…Ž¥'�0-\81sDè!„‘9!�0ao„#+xáž‹�gAé‘4	F—Ʊ„ƒ«„°0€ØsÔ
)‡.Õ…„“ehÕ
Õäl*¥�i�ÒFR²‡ÃwÖ!V†Ø%`ÖIѺ\Y'Hl”ãô$ž
0×”!’€•—AbJÉ6Š ‡Ä9ÀЦdÀ,<Š�uÎÙþƒ–‰³ q0´%ñijN¹�†/Y"ÈõËŸÊ$Þ—ðžFÍ‚\ÍsÍ	Ϻ q¾‚ 9c™É�ņ(êÈòÇ!Áûg
S×Äaô–^&æ“›ƒSKóþÄ›"§ùR>ïšæõ¯p€“¢µ«±Zýømþ}2Åï€)NYŒ•¼ô·‡µÝr»²U»ªYU‹•%»ìÛ?¶·¬ºEŠîṨû0ãúÌ5V´êj-{¢6¿g®è¶®í0Ьj
ݶ¯-ÕÝÒÒ®©èl‰Ó­èãzìQf=6�؆[âÕ¯Xy°;Ø]uýëE¼~û*ö{¾ÙÅy¼¶Áºz7\6T(zì»í†Új³iÖ¯ôÇççùçs³RíûÝØþ¥ëÛj�¦›aØZ±<i¿EÐM×nª¾ºµ,»Å¥�[Wÿ°#uÎãÊLö«­–44ÿÉO
REOÕ;½·ÍxYi¦èÏî•VvgW—¬Ù÷ÕÛ%‰é>÷Íhé*‹¨f«î�îV�]�WŠæ”x
¶o®5i#b·k„ÍœœiÜJºëm5ò$Ü\¾ôÝKƒÓÍkÃœ±9?7ëe÷6Ð/åûY;à‘ó�ÿ4§ôŠƒ¥YƒÃ»¨zúÔ�nŸi·øÀé©Z/«±ëÒ&¨è|!æÖv;»l¯ì»ŒîÂÓ{Äìgï¯õ‡CѱÖúæï/¼êæ¡Ø¿*¢$RºÀ+?Ð¿f·On	1}·õH÷]½m1Dè.Ú”o±`šë’ןßDþFç¦À5@Ié÷ùä¯Éÿ)Ëÿendstream
+endobj
+1517 0 obj<</Type/Page/Parent 1372 0 R/Contents 1518 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1518 0 obj<</Filter/FlateDecode/Length 1287      >>stream
+x
­VÁŽÛ6½ïWÌÑ
bÙ’µ²½7w› 
šmÚ¸Èe/´D[l$RéÝõßç
)ie;E[´Y°$òqæ½™7üó&¦9þbZ&´È(¯oæÑœÒù:ZQºZâw‚ÿ­¤½ÿ�¬âë?lofï×”Ìi»V¶\Ѷ àÌñ&ŸÜ—¢q²¥uD´“‡V8¥ôñ3}Qº0Ï–´tϦýjéY¹òÍö�›9M“ “Ï¢Þ	~ÃÄËpÀt‘F	]GqD›ƒÔE·&¥8îÖ$Ë(ã5[Cª�Ú©ý‰\)é«<Ñþ¨s§ŒÕ2/…V¶¶dö߉‰#u†¤»Jz€B6•9Õ€äC€9^„°„%
`¡=¦|q�q„.f¦™M%ò
+¶³„ùrˆG›ÊNQODy*¾HÐSU$_D­´¼ãÏPlštßD-�mMuäÜHiDÑ!ÝïZ½Ì~VúøBÛûO³Ÿ�Γj�æ$f
+Ö U1
�üŒÇ!™KX$w´²ðRáˆk‘Øfr�ù“y¦]噄^�¦*ñ	|’É:O;ÀÖ™U¶=À Á�ÆâúÈQœVæÇV¹™†‰:;77z¯LšG¥=ô²RÖ•´ŒvÕkôY†éõq÷JRôuBÂ^ɶá$u1•ÑgµO²
èóh±Jƒ.¢;!¼´Ùœñÿ°¥Eô2KѯCŠ…©Tªe½ëa;©w×ANTèT�¨ŸP슌ðcÀEš®5UÕc�BÎþt‘EYœÑmß@…݆ׯí<Mni
+£éÕâ+î·¿)døEU0O³÷ßkú®Ñ{9ƒ{)7`Z\©,såEmè©Ù{Ø¡w‘qwͤËg¥±Î†CónÍt­:F“léÛçÁäò¾CŸ"Žì?"q4ÿŽ¶¾›—ÿNGÚÃzVQ¼¦é"µŽ6ä�VÜ-š\2w&—Š”M­àTN•²Þ\áT›¢cº±	hxœ�H|1ÏëÞîÓuÿbø?&PwÏ•ÉEÅŒÑð+ò¿B‡pÌìàóP¥ÊeȲÃÙ©ÃμD€*d+@XV†÷„öQ¦X8§†ê–Ü+Ùª¾Üþ’©	¡LÑ�Mkž0ËÀó0öúaŠ‘5¨jáØ£-†´q¯(wgú»)ÕÊà
+–EÏòåÐy“™‘•Q06:]Ãó�ägbSž¬+ý$'×bú5¦Ýâ„E`ª>j,qÒ‡ô¤ÄÙ¹´;úI4š¢¸&”Ø<ž'÷GY`×&ÏÙ‹;çé#K0ê�›ûþW�³ÚAÄ0ýAW'Z$´SHPI}®ÃüF¥qŽîÔpRØÑ ±4büíͱ¥ÇIúøC)W5§}d=£§Hv'èU@…Ç	Bld«LñøÆ×0ùÒâ‹âNœ~˜s*¯¥1qA{˜°NZDÀ]q+®ãhq³¢B”£7‡‹€/JÂÊQÔ9n!:4îƒw+y7wqr·Hïn³‹pß¡Nƒø<'Û}+rIõW
+L%c}6Öš\yŠøÖ’FŸ¹¨ @-N´C§`0?GåQ,8+]ÚúM蕇_Е7}[ªîYJL7=Ú¨Ÿúý[‘=æˆÆZuð÷£ÎïWg7K?Êþå½öõª˜.Óh™­ÂhÏn™ËwÛ›_o¾
#†|Sendstream
+endobj
+1519 0 obj<</Type/Page/Parent 1372 0 R/Contents 1520 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1520 0 obj<</Filter/FlateDecode/Length 1611      >>stream
+x
�WÛnÛ8}ÏWÚ‡u�Z¾Ä°�îSÚl�Ûn¶u±/y¡%Êb#‘.IÅñßïR’eÅÅn/h*‘s;gÎŒ~^ÍhŠß3ZÍézIiu5M¦´˜Í“9-Ö+ü<Ç_+)/æ«E²¼ôb6_¿|ñ~s5ù¸ ÙŒ69œ,×+ÚdÓ)mÒ‘€Ya·Ê{$c)S.µÒ+£ù�Ò¤…¯­LèÖ“/$UÆyÚ
+§R*å“,I”%iéÆ>RjªªÖ*|ß‘�ÒѾ©¤Ú)½{³ùq5¥ñì‰m²ÑçÛ$²ÌJÇ/ú¦4NöžâvU³?I»ÒláêH°ÿ³–oIèŒvRKžZY	—¹z–åHDèãÀÝ^X¯ÒºyyisÄõ6$%ÀNWR{29nÒ§û60ªBNj‡ú[S‘èÒ­„;®í¥u{™zõ$“�ÛÏ%ö¬-û–S<BfÑ9¢†�~ò	ý…óM}º:0{«*Fç%§¡ÜÀ±8ÝZ@ž
+pÁ) ®­†S ̇n¿ÞãÙ¾<¶ÑÏ—É‚1ú§�)×ÁqUáܤŒB{80=Ð%Ìûõ30iQ¹´PH!†l¼IMIªÚ—¡d�#„²‚]ÃÈC¨|íUkC‹J¾â^LÀø_$ˆ»¦|Bä7$&‚C
RÇéÔhoMYâüöÈq
*¶ùp?AQq,W»ÚÆ›K V)]B„Å?ß�|DÛ†ÎM¤O'\HæÔr#vÌÈ»:-ÂÍ‹%ælOx2
ùI&�Wè@´Ó‰³T�K&Aã
+5Î"0±Ä):Oéä+ã
+ÿ€�K4HWe`¼ÊC%úÌk½Cv…k›"sΣõÐiã66/}eêå½�@Ç…k1pºµFd©ˆÆ*øG`•ô…A|Œ"uôýîžFß™sw‹�µ†Þ0ÖèGÎÙJh
L1ú v)Wü¾¥Amºöurz7HS(7Û˜ýæúµHèK#n=ã,šèŽ«
+…eî
BB �ÂAÊçŠftyü�Ý)tÔA7‚Öµ)ëC߶mž¿;ÿ)š•ö"}BQ—4Ã3pÝ(ô=3*Ì÷bBãD—/u% ,ÑǧÒÙ»A¬ìôµBh�"7µÎ­�GÞw­ž'*]?SÓ‡tHÂ9‰Ç?Â×U]E-kr¤Í`µà›çÐwXöz¼‚e­v¤C¡PX=bXJzÔ‹�Ò¿òÜÊÃųd²ÜÍäJ7ÂXW{r`
“_œMVh5.v�ù¬ÂHDõ3�í�-uÁÄVbJs®OB•b[Æy5ùxC3>¯ãëYÔþ›HÒ ;kÞG¡‹º›°RFðOÆxÎÆ蔵—eGÑ0�Rm­€
+¸wl«Ï¸;̪pºBÃó�©ÒAÑRX½kd7môx¼JÖ¼V!’‡ùrÕ$ÑF^v{Hëìaä .ðÈuÌ‚GŽÀ¸ÂÔ%†Ú²öx�=Ä<B†„MHÀ�Ǥ·Gì1d3–ÐÛ?kQª\ÉlÀ“nŒ>€YPƒ“þÇšžçÒnM¿Lçeíú&C^-ætëù…ùõMÚ'¬/1ÓJCšî1
+–­Š`¼˜ ­Hy+´‹�ŠN3�õþ"Rhi7Æî:»¡ñ‚w[€ÆÜ»¾Ì=.]�yíq#óºIÜ;Ô¦1ªÝíP•Däg-P=†î’GÁT�ëà\,OžcÙ“YBŸÂb1r©U�"ƒU‚E ¯Íj›ÃØó®›a¯°ç°{eÁÔã¸gxå¼­SÞØ1öCW±.ß4�=_ÄƦæWt––·[¥;ŽN“5cЫêÒ+LÔÈʶ”\ïʉEºÓÎ,¨Ë©aÚM3¡ûR
+,ÑVæ¼’±äás‚¶ÇMlø_^[œÀ‰ÄÐ*]˜;¿”©Åeªhç Òiq�	]NBu‡@yY(p܉ú{`ƒÔ€÷²¦ó1Ú·?@â¯ôûI$†«nŽuÔþª×‘‹/B³
\¯#NëF	gK|A®¯i¹jVúo·Ÿßßò>¼3iÍkP˜²|sÜ^¯¦ NlEŒ�a/ðÙ>EWËuÔÙå’ý±¹úûê_㈸ endstream
+endobj
+1521 0 obj<</Type/Page/Parent 1372 0 R/Contents 1522 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1522 0 obj<</Filter/FlateDecode/Length 1606      >>stream
 x
�WïS7ýÎ_±ã|(LÁ¿ 6ɤ��4¤Lc ±3ùÂLG¾“m…³tH:Œÿû¾•N¶¹ÆmSûNÚ}ûv÷­ôxУ.~{4ìÓ進åA·Ý¥Ó^·Ý§³ó!>÷ñg%Í.'�«.½¦É;çø�Vw»4É©þyE7b)i,í“Êð¥|¶ Ì虚WVxe4ÍT!ÛG“¯]:�§sÚ÷{íÁîóR8·Êß$7°¸,…ßg„.
 /­†»'IR{«¤£™±Ì›“¨ü/T!	+ßì5öÒwô‚p¤•£"%­”ž*�ï±á"7«ÿˆ~nMUn×¾µÉËÂ8ïv3·V®Ý4¯öÒÃÖHs­t¦¨Bºþ‘›—þ£wxÄ€œi
C*§|ZDZ¡k:-ýÊ؇MPLñÆnQ“‰dÚÍ
 ÞÞ=”Öx“™"mÙøسޖÙÇÿnßÅòOæ_âé\�Q¯Û褪üvv*ëä1I�~13BDNÒRf
tK‡Œ<V
 iÁáù5‰q”V	�þ™*”ç::ï ÔBþ`ÝZ™ùb�<Eƒ£íRcÊ<5dÐ>ã7מÜÂTENSIÚx™GÇ•F�Á	Õy
 ¸¤ó�%‹9 W¨!ìqh¯cš¼»ë\ߥÅØ05ª}UX4àÔ«ÑbËJ×½‰=ÎU°ŸVgª3äJ)”ž“ÑÅšVhg¸É…]7£{a=¯…-è	ÅÂBÔo³º9±œ
-ZG•®žÉUei¬z!Ÿ½Ô¼´›@z莚[rQÞ”žYá¼­2_YÙˆÉñ>d¬ƳB!vEÁ,‰i!Ù´™z¡ônÛ!Âј¾@TÌÊÑ�ô—×·ãÐœ
H½ÈsÔƒ“®MÓð:gk~Á½SéŒûX <Ö4Áj)ó`XÏ��<R³[SÂÎÁ;£­c_Š‡°~‰£ûC5³sõÓ¶ž{ua…¥šÍúß)ÔŸÿ„Hº¶P·Mpxü(gÄR!IXn‘ÄT€¨uÍ\a·C
±Iâ˜y&Ån:d7ñQj°CÊÑ2™70Ƙa©ÁS‹1µ0,T3%´¥Fä9—}L|+J]‹ÉXB54HŸuRÔmn®&V%T>70rS¥=©Í«ÉKÅQçT] %W¯ÐëÝ¢XB+Ìt
?l‹$=çZ=&`ax3òÈ…˜Þª�oÜTŒ‹8Ì!Ž~µPФ©Aç°ìÄ~IVjZ¿	K²ßЊ�«×ÔÖšwz%³ÿ´Ï»ãÆQåêršmÔ™ëwãîZ@ËKŽq¨èãáa»7	“ȼ[™³¼À�˜š*Êièì ¿)6¬œã¡¹>ñ9,ÀÿmVšž„U¦r“ÔûC¦:ÑPò
Õ½?ŠìKjq»U¡Ð�œÖ1µ’3¶Îß·q‡õ£©2�.k2R»…ÍAQ	¶1-–RÄL"[äµÖ>Π|Îdf;D†n­×ÉΰR]ØVûŽã¤¢m½`ò°‹Ü,Y�WìYØ
-
ÙŠëðsÁJt÷š¾ò˜KöÏ>ƒ†Ç¢dW‰@d“Âd<óÈÅKÕdòYð¤»4}\Ž»#iîkoà
Ÿ›Å\>¨Vxv‚)‰ï¡^Á‘ƒÐ@Ò1�¸'1•ŸDQ1ûè:èx¨8—3<>ÉÏq.]ÖãH^Ãõnµ-†0çâB#ÒÍtHT0iôX	ûÌmZçŸ2Òóë2‚l8†
0ž‹ $†¹Žã«·Í!;Á‚™)
-M…ÜÀ+,#èbƒ�q…Í|7n#®x1pá¾sÉ8é×J‘ŽýŸµz¡‰‘˜‹›¾q“H{Fï~»¾ys1zÿ¶Ûý…~—(ý¸¾£pB+­3Î;Ë�+Ê7
Ÿ²áRK«2ÕºÌø0'\Žþþè;¬öÜ�B�ÐŽ¨SÒþ/ê/·Ÿ~ÿðéöóÝÛÞ”1ÿu„ó¬_Z6¤­16�Ùøf;¥ê¼ž½½
îŠç§4žGu_Œ./èΚ¯¿p’…“D(s6~’6œ»|‘<üÎY°£çlîlxÖÎq/…©Á�½Ÿüqð$»�Sendstream
-endobj
-1518 0 obj<</Type/Page/Parent 1367 0 R/Contents 1519 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1519 0 obj<</Filter/FlateDecode/Length 2027      >>stream
-x
•X]sÛº}÷¯Øñ“Ó‰dÉveßÎmgìĹÕÔ_µ”Iò‘�ˆ˜$”¬ß³P’é™´7±e
`wÏž=»ÐÏ£1�ðL—gt>¡¬:
Gtv~‰×‹+~=ïӴ”Îχýç7ó£Ó/#ú�æKœ4¹Â›œpÊhDóì„zÿ¾=>ÿë�çǯO¿�ÎÿA§?t­�ÉèAUvVÆítN‹-©²¤JWí<Ù%ív~˜ÿ8Ñ`<^ÁÔ/,Œ3¶ðÙVÊÔôÉÖÁÙ²äÓNéA‡Ò®lM3íÖxôÿŸ™ó™w6S%Ý+v–nœÝø?u†æ3¦56×:ÄПµ·eçÉé—�# ƒ³	G9
äÛ–@FSm 
-…
-‚¹™>ΨRYajíw8b‰6Žì¦¦øzRžxŒÇ¤v­‡4/Œ'þ©i�p:·gl5cÐ𘂥ù§§Óéú€Ì¨`líiS [„5¹áø`+§û- ©Hå•©‘R§‚u´1Èh®6žj6ÉŽœê��ÖdÙõì§%Ÿf”« Êk˜DØ)ØVÞÛÌ(dcBA üTyî´÷ÃtâÙÌED�0¼l;j¬©S++•3K“IP}œ?Š—|Ó<¦ådïtü Ë×	-M	§jN�&vÜé̺ÜSn9oÔ8»6¹îÊ‹»4rl¶
#´´®Š^I¶ïgôÍÔ9øŸ�®�Y®
k 2rT‚—
›qš€ØÀ̵Éø™êg·R[a“ֹ·t]“~UUÿ±/$bÜ…j`EÒ]#8zçm;³wA!^®»^œ±èØ'í†R/N´Õ9Úa·Ï!»£$á.ÒŸ@m+8Í@™z…u¥µ/mCßOÖF‘êÙï0^8«òÌþþ�°•tÝV,‡ÅKOWM‚|¡Öoô‰!Þ'ê/¿Ck€ ŒCTz6�þÙjÔª»jÖ
©S%C¼ÈéÐBò®@:ßð¤D-±{l´ҷ€ó�ö,§²Ã>§p&9
ÎxLIFŽ#Ú§”yW;ó.æã�u/+gÛæ5KÇ1ÕÇ° ��!P)ˆÇ²õ|4^„�å+@²-("òfUKéñ
-»ìrHUâáa„f­3
-ÂAñ‚ÎX"­>ä&Ô•=e•C
@vèÐót¸ ò®6ØÃÆ™J¹-ò|x~:”Yg늳)~�—BÔFk7vÀQž!¨ŽºÙ·0–í^¨;º)„åj ¯f�Zdz›¤ã]èEcVÜ=sß‚݇ìOi* ƒÚ²Ôvxö£	úÑ@?�QŽzy©¹Q EÌþyý|K÷�Ÿow'~ÿ !T�i¤,´�ü³â¾‰7¡Ó
-¦÷Í55•Ma™Ü�ÛÅ/]ÂèЖl#•"œ©íΊ�O¡6ÖG¨«,ý:»}ÿ{ïñy›�ƒT²Ú·\ƒ?[ã8Šžâ7.–<+”‚>n·+ê ì·š‘<@E¨
¦œ®î²Ôlloœy$WT½”|;]¡õwÒÔ‹
Þ«h‹”¯ÈzÔw°�†ûPô
œˆw3‘`ºO{nÐ9^À�Ùý
1J0ó7&96Åj{–Ò²3öý�¸ôèFyLwÓºi=¶�ÿÌd6`Fuû’`è:S�o1[ìlÝÝ}‚WwvèWÌ�©_º±NïŒX87¢‰PøØ
QPm$[ {,Ø�Û¯Szëõík€Lê¼íW&‚LoK•é~ªô–Õϵè$�dhõpr7í1(ìÆ“Ê^0ûݾf…ªW8eï?*P’µØö?à<Ð
N~ƒHD@Lèí¦A­ÃÃÓŸäfÞ3
&2Jó8ñ[8%¾hîäßU6¢BÝd–õ
-ív˜? KÒF‘ [¶Ò+͘_¡µÍ¤sl°ªõØ”}\ &�ÒiLñË“£`0°¦ÎŽ”È¢,À¹J|?ýò�1"ò%fp>ŽÓ"îçÃq¬¤.èÏ>a8�*x;ª_òˆy�Ôþ.|�¸-zVÍüÄÅÆ¢µ,ÚåÙzŒÊ…Pg2Ê
Wåô©—˜4梉uj¡ÁZ‡I¼S	nøÐKyéô¥Ç�‡ª­¹½vÀI:¥ññÈ?
Æ%Umà!cÚŸá*BФ—˜œyåVc
CǸQ¢g�;´t¶’èxX-Á^ ÉÞ
–ØH-­,`¼X¢ï‡G³BÓÏÅžU7úOyŠì@…z.sÜÑ#yÝbœšg¶Â…¹›EEŠ¯dX¢_‡úùAÒ–e븺‹\—R¨TÀ])v:�ô€=MÒ,·š7Ù“	‰ñíâfàÞ3L¥–=Ö¥Ú"yf¨‡C
-}?âä	$K½C2
Ò±·Y†kÂG–©´kA,>=ã|ɉóîr½Lµt@¸!LVÈ
îâ92¦âP(§2ƒ.úÔAø˜4»/2s8rPi��’§B
mŽ¯I|£1àÒ`ϧVU¢(�úâq½¸à†ãXô3U-ú#�kU2ãÅ?æÏÁþj�;N²r•îŒã	¾N¹:§Éä"~q1»¾¿¹¦'g%‰Ÿm†+H
Óp•!t—#þNåä‹ÑÅåÅðrrÃòÉŸr;?ú÷Ñ
J,ÝWendstream
-endobj
-1520 0 obj<</Type/Page/Parent 1367 0 R/Contents 1521 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1521 0 obj<</Filter/FlateDecode/Length 1698      >>stream
-x
�XkoÛÊýî_1�¿8€­HŽáGpQ@¶åV€­¸oƒ(VäRÚkr—w—´¬þúžÙ%-Ùí&½M;"—ó8sÎÌPŒi„¿cº8¥/ç”U×ÉÁç»+ŸQRàÎù%þ“Óh8�(ÉŽÆ£á—áé�’µ¤û‡¿}[$*T)?%¿ã¹3�Ãs'§xî(Y+çï~·®e¹¥Òd¢‘9)Mú®tn6Žæ	�
Gd,�²/Ü6�·ytó5M¿Ïæó$M¿-’é×Ó4½}šýcú´HÓiró>†#:çK#:#f'3ºJ;jþì‘&yn¥s|Ò_ªD¶VZ’•ä*ÑdkDZe]HúCP]3$TK[[!5Ù\Ͼ-¼Ù5†ã]•¨k¥WAI
ˆ†ÝéÓó!—áhÖP³­UÖÁhž•êY~탺êÁ?ç©ûsH7¦ÞZµZ7”eé'_]]҃ʬq¦hpÛÖ½3”ø’�½=܇üñ:H€ªâŸ 'ªï3årË­vç	åvtSr~¥C&êÁ¼HKÉÍãçÙ#‚v�Èž	˜ö¤¹ºŒ=»böåyG†yG¦Ø+ˆS333UÝ6Ò21\Ôö[>ˆÕŸMA)B²vKnmÚ�Hz–uCFƒw`Y®^Te ”ZF‹à·G•�±ºYP³ºSÄ[¶•Tei6oeˆžÔ±€}ûÉÒ÷üìuÂ':4¢6w
:Yë6ˆ†J)¢�Î\�ÐYò�XOƒÃ
ekÏ`?jœ[I-­×�çÊ”Kméé¢Xx(ÀL„Z®9nÊ×ð+£ã…\JÀ–~Š#Ø»~Ç(‰F-!Œ�jÖ{r»ŸÌéAh±»O‡¯é¬ÖÆ5ñ°˜¶¡Y™¢�6´±Pc®›|m¤vœ˜oÜ÷>J6¸ûáãÓô''n¿=|ý%7ºè_~rt6¿¹ÿõvJ¿pØ,‡Ÿ=p=ýëlþÏÉ}2}šO’ŸE2�ßþ¯gÓtôª5Ú�6ú¤¶J7žæ=Íȵuml“~Še»Nw^`lMèm'sÌ� ľîüé�ÓŽó”(KÊصΆÖ
z£mÔ¼¹;®ðm?©2ô9¤ë-4Pˆ¶lŽýcŠÉbãæ!—�ÉcZ¶
Ç°³Ü¹�ƨdHùnTœ¡Q ¹°~¨ªt^$û uùy}p>ƒÃ}†
ÐV
)áœÉº§E, õf-mFfªP¡öìå~óJÊGk³ù¡å¥Å’,¸–f…ìñéEeÀx)×âÅïaR!§e�æ¾Ã[ƒéQŽ†Í™³ôÂo©æ¡o0$
§cR
\-á×	ÌÐ@”?òœDÔ>3Ž�²?eü4é‘ð#¼Üˆ­ëR¢l0®Vköè©
-¶D탛h÷M›µìßñ’­¿(‰)ô癲ð…Û²¾‡ÿÙO:a!ÀáÜžînÞ–-ãë$.iâ½gÃ|.
ÏÞÀŽ)»®åKîEÁXl<…Eþ@Z¼â–ýÖÇ(ìF– _ç7'KÁ:c¤Ž
7&Žï#Q�3&·(Õ¿ðP7)Âj�PnɼÜâ.ožžÒF1'ì’ˆirÿ}ò6Ó}BÕÖ`#‘°Ñr1¾{û†+®Dƒeq@-h¶üh`^_ÁNy½ñªñѽÏÔ\YhR½ü`š!Å<÷]ˆsèåhu»,U6àÕ�¯Ê×°–úqNÞ€
-7£‘ß�Ѽñ—Š7•‚ó¶,ÐÚÞ‚}9ïÄØI2:YØh»^£‚à�¨X)‹ǻzº6cyp¹í°z–[®V«á/j8M;÷i궮‘Ušf-;ÝðªkMédƒ[]ÛJÓRèJèP©4å­’h÷.M5\»�­G6¾’tH[¹Rá.Þ08Ð�ÞÊÑÕ߃Y$ÁÕ±ñêF3LPÔð&xU¾[°Vo7(	š:«	/ů%=ñ¢v±/.n×\heM[CI�YIŽuHÌw�ÂÜ®>àRV¶y\»!ï	éͲoâÿéˆwJóÒ{Lÿ}•qØ(4' «¥ÌæЫƒjE ¼68Ð…ëÃ�ˆ´ÿâʺù£5@Š7Ìc¾¯!Ûî(þ|wÙ½«�Ï/†£Ë/øö_äG‹ÉÃõ„­ù²¦[“µŒµ7ÄÏ�ôÇO.FxƒÍø%ÃÙÅÙðâü_Mààù??Mþ~ðo�å+endstream
-endobj
-1522 0 obj<</Type/Page/Parent 1367 0 R/Contents 1523 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1523 0 obj<</Filter/FlateDecode/Length 1607      >>stream
-x
•WÛNãH}ç+J𰌉s™FÚ ™ÝH�a‰gG#YZuìéÁîö¸í„üýžjÛ¹	ï2 PÒî®®:uêTùçI‡<üvhØ¥Þ€ÂäÄkyÔïy­.õ¯†øÜÅ_&iáôzÝ·t®û­Áñ‰[ÿ¤ýÙ£kò¸cp…Á¾ç‘žSõsFAà½jMÚä"WFSnȦ2T‹
	ZÊWZ‰¸€&Ãwmôeš)�+ýLáRd"ÌeÖúàÿ8ñè²ãµ®pËÎxÓ:ùK¶Çf͆ä«HÒX’ŠãÂæ™È¥%Çd”/¥•Ø�Kmá�ýÔd²i�:^·õ±ßD×Ct¶TÚÔñÓÙãÓ˜ÎF_>i™¯MöÂѾÐsfŠô7K£»wÇ5lóT¤©‰$‡k§º½hïÙXÄ„Íde¶’Ù{nèöØFjÒ"Ùž¹2†ƒkŠ,”¿`»ã°‰M(b›­öl9|ö¾342’‘#²CJ‡qɦšÖéìvüÇdúÏͽ?~šÞøãæ�“éÝý×шAía¤Å<V!V’¥±¹}ßq—û_8;žŽþßÃÆ«'¨& $æfÅv$¿pK5MN«Qht.”ïËêq£ÕmÙ
zR¹%æ[e¶"Ç)	Ñi
ÖöÞ‰+²ÆlQšÉØä÷™`÷Oh6HÙJ$˜`
Ü PhšK*¬Œ]‡¶Ä¨îŒÎêœ
-
-¥FÉÇñ†À Àd•TZ(–'{á4Ú·›Ë„½+´X	‹y,]�¦&—H“È]®ÖK'JO,¥"C„ë�
-š$A– �R„KŠ�y)Ò‹f'
½H™òY†WɈ@ëÂÚ`”(­’"¡5T‘T’fL¢TfâDè°9,×Lb�ËH;‰h¥,£áô怷ˆŽ€æL(\4ì[cìrâëŒƒ¸ýùš:ý²Ý\ö:ÜÐzø¥?¿Ìü™ÛÉ&ÛŸûÔÁsîK—Ý!oô—•%—;[8>0}s‡5=Ìè›Ò‘Y[šúÔGWD;êr/C
”6ÑG�Íó»OAðm2�úA0û>óǽnŒž&�ŸfA0ö�šï|8g¢×‘öÐ`áζ9A“Gº‰¢LZTâ®–XtœÐÃ�DäᎦBe¶E“ƒb ù¦Ì3wX1qÁ}öèF¥™@ï+¼àÄé½�/(’) gÆ€dK³vý»Ç6|“z¥2£™ƒ\_¨g؈Z ª0)Ñh6G¯EéžüY(tz¶R¶]úªÕkû^éâõá¶ÌÃöVu÷¡l"C¼¨èÐoÑh:£{W%eêÞ¦C(R1W±Ê7‡q18œ„*~+ó"eMõƒª‘o¡(çš…�1äg
и"$ô	É0<�8UÝË„úg!QwìL9ºà<û
É†-\ê€Þz© Ê–i©Æb¥'S™ßN¾ÌŽ.žš!mRØÃT•HVɃt¢p[tC»}¸È£D
-4
ˆ.UfižA¿Cp‰‚sHFF_G�Gwm·\4`mî„»–ZGl'€p�c´Åü‡502“K•ãã,/S 4ªÄÔžð¾£›C¤tpÖ�hw�fN\T:ÁUvÿPjòŠ9S†/Ìg$ÙfÛ¡på:Ÿ†`¾�+X|›—Êà-3¾”;‚jÌhææ1^2sîF°\Å:/EuçéEíæVì+ý€8m1®O)î�oIå^u|l•^ügyÜ”{‚óZ'tÑ€fÊ©)#@x<Zª’±œÄ²Ä÷*<[„Ïë´ñ¯»×ϧ·ÓcvçuRn`B:ÐÊ!–lŽ®S2†“_
-&4
-�†õÓ=BpR3ù¬Ð¬¡S,�¢–÷c¾ÄÊéZ9
TüRXÌRÓ³Zá?ÌÆ’Yo´<HäN¾ôÜr%à¾ÙJ@É\pÖ1ÃÀfBC·{WÙU'ÏÁˆµ<ñHŒÏ¼™càW¯ªÙdÞbU.—k­;wíнÎ콦]vû¥oõÄ�÷#ŒZEšš,§ßé»tƒîNr]8®ƒ¾û¢qS!U£}Uǵãûž^UQux=½êÑ`ð±l™³›‡ÛžӉ‘	îHNz9ðËúÀåÐã7цѠ?ì·†ƒ+¶=>9öOþ:ùÁ5r¯endstream
-endobj
-1524 0 obj<</Type/Page/Parent 1367 0 R/Contents 1525 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1525 0 obj<</Filter/FlateDecode/Length 1779      >>stream
-x
�X]OÛH}çW\õ‰JÁI MèJûKQ‘¶«dÕ^&ö$žbϤ›�¿çÞ;ÆDª´ (Ê|ܯsνÓ_gSšà{J‹KºšSZžM’	ÍgÓdF³ëþ¾ÄO¥i#ù“Áç·«³ñý„>Òjƒ›æ×ø##Ü2™Ð*=§øµ7Ö“ov;WÕô'}uïW?Ï&t1�$×80ا«g]aÛËËKÒûá3ãûM§ÁØÅåœÏîs
Ãâe\<ïã+^='ã©Î5=|'•e•öžÜF>ùñðuI^H¡�4]D{W3äáõ,¡ÏnOëÊí½±[Ú46­�C”Êf”c©v”é]áäkµ.4/ð�ˆúçù¬k›ÉbwQ#×-U¹V¯�æs‹D"¾A.kUëŒÔÚ=ë}YÒc3øB¥JscµGÕ¶Æ×È#5}Õõí÷%YUbññÜ$:ùCBŽ'd…6®"�+¢§Ó«ä’=匘TS}Øi2–ÜNWŠã}|Oβ7¨k³Kè¦ðnDjè '[¿¨´¦R×¹Ëh} }nÒ ìTt8\;0_«'8½+\ÀöL#®QÆ{p%â„çÖÕR/ia´­Ç¡¤”óµÖ–¶æ¿õê=°�1‚Ÿ¯îÿûËçoËÕ’
-çžš»£-—0±fCw@§±Ÿqç]ÑpÆ^�Ðu*0ãâÎ(¬„�*¯Ù4 ÍÑIÜÖõý%Uo3zÚk,á_ÉkpŸã’ÌY͹ÿ÷îû \Pe0Z'´â’øˆuµéÜ®¹š…KU
J¯­®GÔØ‚IÔæç�ê`o
vžv<mÇTkŸ¢÷
`áMÝÀ<	hW¹g“Á)𬇠Mžùy¢.Õ
•æB¤f]ÑûS§L cc<B@„ÅîB*VºZ÷©…H÷®zyI9
ïâ6e­ƒèw´SÐ€>¾–ö‡òè
œªÑiÜÒÞ ’ØÀC–
WˆÓÚ±{oj&‘î#£µÛ²wÉÝ©ôIמRe91•kD@ VuÞøpˆb
‰tì—¼Õ7RiåPéx<¦Ä·[ß5«"û%Ú¢ €)cæu�ä3$:&wä6K+
Ø!ÿ
`%â·Cu„^ŒàÌ10AvU`{6¬®~AúK�²#cýø†VôĤC\
-ˆ=†šDæJÉ{íI`ÉUqg§å¬6ðzŒT 8ŒjA�¼N‘¡ú€ÏäòÔÙºrãñª‡“–6EØ‚£¸@3vù2H-[•øOfòñ|ÀŠ€*ÿÄ{E
-¡[›Ê•-“!ïǶÕÂI¿¤¹²[>Óg
›…Ô‚Ä" {P£�™EÇŠËâ@n]s~ü.w˜s$aQ¢íº[�+TŠ1Ê"ú$&§Ó‹éB‹È_C|Ëu!ÒÔµ‘ØŠú˜ØBØÊ·‡`\Õ
»FˆÝ)*¬+£z?šˆ¬ÍÍ6× t³«M‰NŽüÃÐÀzé°Ãkk°
-Õ.u!NÉ`$ií¡e±j`æï:€Æ“ˆ’÷/i™è"Æ·Ð�uîe¹mY™$l¤•¥sDë†YéeøÁpÓÖG=+S¨µ)ô‚Ѫ‚=!<lÍsÇŠñÜŸØÆÇ®oiÅçƘ³mÂ4�4-kHÅÓ[q¾ÇÈkGZth—7)'€Û(”ýÀ�V<:¤ŠC†S˜_°:ð?WpLß!	�<a;¬¥Ù´ÀžxO‹\i^±ÞHihqvæö·�@2Ü‚bs›ƒ
°iî¬ñÒ:9Ï=‚âìIí†'"Po`×ö¶x_Þko<rq|¹N8Û´1…ŽÜ—,µ�›E=(’ì?¥Fƒ4‚Ó]ÿm›.�Õ¸©Ò¿æK/®uÕ…}ЛMÀ$f]™l!@ÿnóÍ’$d`Ükîà\.LÒæ*‘4$§c»oûX Ø 
a}*LQ´Æü–½é¤ËìÀäɽ�JÄÏ]Á‚¡—àNñ›3ÿ›útS/W—cæè‚Õ>¡3ÚàY:‚phLljv$/‰óQæG2þ¬…
q`V̹îገ" ZˆÖ1+ E™¡P!—'ÀDÈÉø’³ãÎN¶èãδÍê33û(>!ñ–÷åùÃù8‡ôzvÿøð<ÇûY‚Ä9+Ò9¾?ýFü�ô§Ç®å;Hýà¡ØªU+üí1pŸ^ëRFlÈ“ÞIãûëèïtŽ×ùõÍ?Èqyóåö†¾WŽ]ºsiS"�¢ÎE»ýb1á'ûÿÓò+÷w¯ØÙb–,æ×øXZLÙ�O«³ÎþQü‡Âendstream
-endobj
-1526 0 obj<</Type/Page/Parent 1367 0 R/Contents 1527 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 825 0 R>>endobj
-1527 0 obj<</Filter/FlateDecode/Length 1955      >>stream
+ZG•®žÉUei¬z!Ÿ½Ô¼´›@z莚[rQÞ”žYá¼­2_YÙˆÉñ>d¬ƳB!vEÁ,‰i!Ù´™z¡ônÛ!Âј¾@TÌÊÑ�ô—×·ãÐœ
H½ÈsÔƒ“®MÓð:gk~Á½SéŒûX <Ö4Áj)ó`XÏ��<R³[SÂÎÁ;£­c_Š‡°~‰£ûC5³sõÓ¶ž{ua…¥šÍúß)ÔŸÿ„Hº¶P·Mpxü(gÄR!IXn‘ÄT€¨uÍ\a·C
±Iâ˜y&Ån:d7ñQj°CÊÑ2™70Ƙa©ÁS‹1µ0,T3%´¥Fä9—}L|+J]‹ÉXB54HŸuRÔmn®&V%T>70rS¥=©Í«ÉKÅQçT] %W¯ÐëÝ¢XB+Ìt
?l‹$=çZ=&`ax3òÈ…˜Þª�oÜTŒ‹8Ì!Ž~µPФ©Aç°ìÄ~IVjZ¿	K²ßЊ�«×ÔÖšwz%æuû´�»ÓÆQåêj˜mÔ‰ëwãæZ~ÀÊKŠq¦èãÙa»7ésÈ´[™³ºÀ�˜š*ªihì ¾)4¬œã¡¹<ñ9,ÀÿmVšž„U¦rSÔûCf2ÍPê
ѽ?ŠäKjq·U¡Î�›Ö1µ’3¶Îß·q‡õ£©2�.k2R·…ÍAP	¶1,–RÄD"YФµ–>N |ÎdF;4†n­×¹Î°JYë×VúŽã ¢m¹`ð°‹Ü,Y€WlYØ
+ýØŠëðcÁJ4÷š¾òüKöÏ>ƒ„ÇšdW‰@dƒÂd<óÈÅKÑdòYð¤κô|\Ž›iîkoà
Ÿ›Å\>¨VÌwv‚!‰ï¡^Á‘ƒÎ@Ñ1�¸%1”ŸDQ1ûh:Èx¨8—æ2<>ÉÏq,]ÖçâH^Ãõnµ-†0çâB#ÒÍpHT0iôX	ûÌmZÇ2Òóë2‚l8†
œ/žk †¹ŽÓ«·Í;Á‚™)
+I…ÚÀ+,#èbƒ�q…Í|5n#®x/pá¾sÇ8é×B‘NýŸµz¡‰‘˜‹›¾q‘H{Fï~»¾ys1zÿ¶Ûý…~wý¸¾¢pB+­3Ž;Ë�Ê7
Ÿ²áRK«2Õ²Ìø0&\Žþþè;¬öÜ�B�ÐŽ¨SÒþ/ê/·Ÿ~ÿðéöóÝÛÞ”1ÿu„ã¬_Zœ5¤­16OÙøb;¥ê¼½½
®Šç§4žGu_Œ./èΚ¯˜¾p’…ƒD(s6~’6œ»|�<ü¾Q°#çlílxÖÎq+…¥Á�½ŸüqðÞ�endstream
+endobj
+1523 0 obj<</Type/Page/Parent 1372 0 R/Contents 1524 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1524 0 obj<</Filter/FlateDecode/Length 2027      >>stream
+x
•XÛrÛ8}÷WtùÉ™ŠdÉòÊÎÔìTÙ‰3«ZßÆR*û�ˆEÄ$Á dýýžÆE’éªÌLbË*
+@wŸ>}º¡Gcáÿ˜.Îh2¥¬>
Gt6¹Àëù%¿žá×H*ü“Éð¼ÿüzqtúyDhQà¤é%Þä„SF#Zd'Ôû÷õáé¿<=|yüm4ù�þMÈF•Ñ½¨%쬔uÒÈœ–[UEµ¬—ÒXÒív¾[|?Ñ`<^ÂÔO,Œ3¶ðI×B5ôQ7ÎèªâÓNé^ºJ¯tCsiÖxô÷ÏÌùÌ[�‰Šî;K×Foì?:Cò³›éBèOÒê*yrúùœÆãèàlÊQÎÙRw�‘Ôhˆ\)œ	Á\ÏæT‹¬T�´;±D*CzÓP|-	K-<ÆcK½–CZ”Êÿ4´F8	‡ÉðŒ­f“Ó´øøx:{ÄBë�á”n,mJd‹°&Wülýévhjy­¤Ô§
m2šK„�§’M²#§Òe§¥¶Y6=ûqɧû9剥°&v¶…µ:S‚
Ù(W’?Ežií0žx6sÑ��aC­V�cje•0ªP™ª�ó{ï%Ã4i9Ù;>Hù:¡BUpªáôHbÇ�Ì´É-åšóF­Ñk•Ë^ ¼8¥‘c#·m¡B›:xå³}7§¯ªÉÁ7ø¬dÌrÙJX•‘£
+¼tØŒÓü
ˆ
Ì\«ŒŸ‰~vk±õl’2—ù�®’/¢ná?ö¹Hw)ZXñén½ñƒ6‚�Ù» /×]/ÎPtì“4C©„l%Gvû²;Â⹋ôGA[ÇJ
N3PªYa]¥õs×Ò·“µ$zöÆK£Ež�ÙßÞ¶’lºZ‚¥à°·ÆÒ“ªÉ#_Šõ+}bˆ÷‰úå7h
„qˆJϦ‘?:‰B•aWƒ@À: ÕcªÏ/2Òu†<Hò
O*Ôû·ÇFÚ!}-8/
iÏr
 ì3²g¢àŒ%À�dä8¢}z@™7µ³H1o´y^ݵǨY:©>†/•‚x�å£ñâ(Q¾H¶…EDV­_z¼B½@_•8Ãó0@³Î(‡a xNf,’VrêÊž²Ê¡ ;tèy<Ü#ò¦6ØÃÖ¨Z˜-ò|x~<”Y+£›š³éý/=Q[)ÍÀé
ÿEyr„ :êfßÂX¶{¡îè&
+”«…¼ª%j‘é	o¢Ž§Ðß{�Yq÷ô˜ÛH²?•ª�jKSØáÙ÷$èDýF9êå¹áF�1ÿÏÕÓ
Ý=|ºÙ�øí�¡†L#e®KòÏŠû*ÞˆN"Lï›kl*›R37¸¶‹ßw	« C[Ò­¯Ï™FＡÐø¼€ ÔVÛbõK¿Ìož¼ÿ=Œ÷ø¼ÎÆA*Yí;®Á�2EOðJžJ@·Û%û­æ@$PñT�…SNj…»,¥‚
í�3�äzU¯|¾�¬Ñú“4õ¢Cƒ·bÚ"¥ð+°õít¤á>}'âÝÜK0ÝÅ=×èÏàÀüîŠ$‹ù‡“›B5ƒŒ=Ë÷qÙûv‚G\zt-,¦»YÓvŽ:Çæ~6`F¥}Q0d“‰Öv˜-v¶no?«[½‚ô+æV5Ïi¬ƒÓ;ãÎ�×D(|è†(¨®r>[	�=ìÆÍ—½öúæÅA&eÞ‹öÁOo…Èd?QYÍêg:tH2´ú89M{
+»ñ(²gÌ~7/Y)šNÙû�
+ôÉZn{†ïqè'¿B$‚ 
Fôvã –ð°ôÏ
¹^ôLƒ‰ŒÒ"Cü–N_0÷òï*Q¡n2ÍŒz�vÌÐ%ßF‘ ]u¾ÿÖ’1Q¶Fk›ûαÁ>¨bÐcUõq�˜d<JÇ	0Æ�5vv¤ü@ýœ+¼ï§Ÿ?Ð#"_b“q˜?'Ãq(¤ó=Og1ø"x=©_ð„y…”þ.z‰°5ZVÃôĽF£³,»¢Ev|…ƒ“2"áþ“L5࢜=öò§\ô°$¤5Ä“Hp¿‡\ú—$/%(†4Ô]ÃÝ5áæ³éûOüãÑ`ü/ÂLÕ9ž1fýá®"I²ÀàÌ£(w½t˜ù8Æý„<KîPatí£ãYµy�${XBÕ´Òx€ébUzù{«7<Y¨z~þ3òD¨Òä?ã!2!€2zæ!¸Ìq�üÃàã´”<²•Ð-ŒÝ<×è )~a)øF†%ò¥Up¨Ÿ$­¨:[ÂÕ]äþp_I*ápU
+�NF9`O£2ûKÍ«ìù	…±Ýò;FàÞ3êT-š=–•Ø"yj(‡¿"…¶qôŠ%Þ çèÐŽ»,Ã-á=ËTÚu Öžžq¾ã„ñW
+»ŒúTÌ\ˆP?&+ÔWñ�?2¤ÚP
+#2s.ÚÄÁó1Jv_cpä Ò …,t9¾%ñ…Fa~‹s=ŸvXU‘~ @l‹ÇÍÒá~ëŽCÑÏE½ìOL<¬EÅŒ÷þ1ö×ËÜqT•ËxeOñmÊ儦Óóð½ÅüêîúŠ�öIü¤3Ü@˜†«é m\Œø+•“¿Ô¢ó‹óáÅôú…ÕÓK>äfqôçÑÿ
e°Ýendstream
+endobj
+1525 0 obj<</Type/Page/Parent 1372 0 R/Contents 1526 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1526 0 obj<</Filter/FlateDecode/Length 1698      >>stream
+x
�XkoÛÊýî_1�¿8€­HŽáGpQ@¶åV€­¸oƒ(VäRÚkr—w—´¬þúžÙ%-Ùí&½M;"—ó8sÎÌPŒi„¿cº8¥/ç”U×ÉÁç»+ŸQRàÎù%þ“Óh8�(ÉŽ®†_†§CJÖ’îþöm‘,¨P¥ü”üŽÇÎh<��œ^à±£d­œ¿OøݺV”å–J“‰Fæ¤4=,è»Ò¹Ù8š't6‘±tÊ®p3ØDpÞæÑÍ×4ý>›Ï“4]ü¶H¦_NÓôöiö�éÓ"M§ÉÍûŽHèœ/�èdŒ˜9œÌèF(í¨Aø³Gšä¹•ÎñI©ÙZiIZT’#¨D“­i-”u!éAu|tÍ�P-mal…Ôds=û¶ðf?DÔŽCtqT¢®•^
%5 v§Oχ\…£YCͶVY£yvTªgùµêªÿ,œ§îÏ!ݘzkÕjÝPz”¥Ÿh|uuI*³Æ™¢Ám[÷ÎÆ£á%;{{¸ùãu�UÅ?ANT52ÞgÊ
ä–[ìÎÊíè¦äüJ‡LÔƒy‘–’›ÇϳGí‘=0íIsu{2v=ÄìËóŽòŽL±W	¦fffªºm¤eb¸¨í·|«?9$š‚R„dí–ÜÚ´% ‘ô,놌ïÀ²\½¨Ê@)µŒÁ+n�*;cu)² &fu
¦6ˆ·l+
¨ÊÒlÞÊ
<3:¨
b
ûö“
¤ïùÙë„OthDmît²Ö+l
•R D�¹¡³ä±ž‡ÊÖ8žÁ~Ô68·’ZZ¯Ï3”)—Ú4ÒÓ
D±ðP€™µ
+\s2Ü”¯àWFǹ”€-ý-F4°wýŽQ�ZBÕ¬÷äv?™ÓƒÐbvŸ_;†SY­�kâa1mC³2E!mhc¡Æ\7ùÚHí81߸ï}”l4p/öÃǧéONÜ~{øúKn*tÑ¿üäèl~sÿëí”~á°Y?{àzú×ÙüŸ“ûdú4Ÿ$?‹d:¿ý_ϦéèUk´môIm•n<Í{š‘këÚØ&ýË(v�î¼ÀØšÐÛNæ˜Aˆ}ÝùÓ§
æ
(Q–”	°7j�­ôFÛ¨-x)r/v\áÛ~Reè1rH×[h mÙûÇ“ÅÆÍC.;“Ç´l>Žag¹s�Q-
+È�ò-ܨ,8C£@saýP!Téþ¼HöAëòóúà|‡û 1¬RÂ9“)tN;ŠX@ëÍZ *ÚŒÌT¡BìÙËý†g””5ŽÖfóCËK‹%Xp,Í
+ÙãÓ‹Ê€ñR®Å‹ß¤BN/ÊÍ}‡·Ó£
›3gé„ßRÍCß`HNǤ¸Z¯˜) �(~ä9‰¨}fe?~ÊøiÒ#áGx¹[×
+¤DÙ`\­ÖìÑSl‰Ú7Ñî7š6kØ¿ã%[QSèÏ3eá·e}
ÿ³Ÿt"ÂB€)¹=Ýݼ-[Æ×I\ÒÄ{φù\0ž½�Sv]Ë—Ü‹‚±Øx
+Šü�´xÅ-‡{­�QØ�,A¿ÎoN–‚uÆHnLßG¢ gLnQªá¡nR„Õ	 Ü’y¹Å]Þ,<=¥�bNØ%Óäþûä7l¦û„ª­ÁF"a£ßGyåb|÷öW\‰Ëâ€ZÐlùÑÀ¼¾‚�òzãUâ£
zž©¹²Ð¤zùÁ64CŠyî»æÐËÑ<êvYªlÀ«;_•¯a-õ㜼nF#¿£yâ/o*
æmY. 9´½ûrÞ‰±9’dt²°Ñv/¼6F Á;
P±R„�wõtmÆò.àrÛaõ,·\­VÃ_ÔpšvîÓÔm]#«4ÍZ,vºáUךÒÉ·º¶•¦¥Ð•Ð¡RiÊ;Z%Ñî]šj¸v![�l|%é�¶r¤,Â](¼	`p ½•£«¿³0H‚«cãÕ�f˜ ¨‡aMðª<|·`­ÞnP4uV
+^6Š_KzâEíb_\Ü®¹*(ÐÊš¶†’³’ë�&˜ï…¹]}À¥¬ló¸vCÞÒ›eÞÄÿÓï”æ¥÷˜þû*ã°QhN@VK™‡M¡W1Õ6Š@xmp ׇhÿÅ•uóGk€o˜Ç|_C¶ÝQ6üùî²{WŸ_G—_ðå
¾3È�“‡ë	=Zó;dM·&kkoˆŸ;é�Ÿ\Œð›ÿè;†³‹³áÅù%¾˜À¹ó+~|šüýàß„¢äÛendstream
+endobj
+1527 0 obj<</Type/Page/Parent 1372 0 R/Contents 1528 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1528 0 obj<</Filter/FlateDecode/Length 1606      >>stream
+x
•WmOã8þίÁ‡c%H_—ÂJ÷
h÷®t9š½ÕJ‘NnâR/‰��“þý=c'}½cA Ö±Ç3Ï<óÌäçQ‡ÚøíРK½Š³£vЦ~¯t©9Àç.þ
+Is÷ ×ë¾ý sÕ.öOÜ„G­Ïmº¢pŽ;..ñ!!Øo·)ŒO©þ9¡(j¿hMÚ”¢TFSiÈæ2VóW´�/´iL�ïÚèó¼PºTú‰â…(D\Ê"øþ8jÓy§\â–�ñCë.Øbšš’/"ËSI*M+[¢”–Dš’™S¹�VbC)µ…wöÓ!“‡Ö©Óîû
 º¸ ‹…Ò¦‰ŸNGt2ürÿIËreŠgvˆNð…ž
+Så¿YÞ¾Ã8®a›Ç"ϵÈ$9\;ýãõE[NÀ"%l&+‹¥,ÞsC·Ç6r“W©(¶Ìùv¬©ŠXþ‚íŽÃ&5±Hm±Ü²åðÙúÎÐÈD&ŽÈ)§U"ph�NnFŒ'ÿ\ß…£ÇÉu8:¼q<¹½û:
Ñ(j<Œ¢¼š¥*ÆJ¶0¶´ï;îrÿgG“áÿ{xðê1ª	‰™Y2‡ÉÏÜRC“ã:E]
+¥Á{_}"=hu]v€žTi‰ùV›­ÉqLB'tÜ€µ¾…wâŠâ`¶(/djò{æL°ûÇ´¤l-
+L°nP,4Í$UV&]‡¶¤¨î‚Nšœ
+Š¥Fɧé+e€A€É:©4W,N¶Â9hß¾ÚRfì]¥ÅR¨TÌRùëê41¥DšDérµZ8á=±”‹Ö¬w*h²!X‚vJ/(5æ¹ÊÏ;ièYÊœÏ2¼ºÊf@Z7–“ Li•U­ Š¤²¼`å²€gBLJÃbq-$¶
¹’±€´“H–Ê2Nßax‹dh΄AÀEþA‚]Nœa��q·>_Q§ïÛÍy¯Ã�à*èá—þü2
§n#[l}îS�¹-�w¼/\Ô†\êlåèÀì-Ôt?¥oJ'feiRMݨ˭%àm¢�:›§·Ÿ¢èÛx2	£hú}Žî{Ý(>Žÿ=N£h:1ßøpÊ<oí¡¿Â�u1r~Æt�$…´(„]/±æ8�‡™(ãÍ…*l@ã�Z Ù«O37X1iÅmvïF¥ç…@ë«â²â¼é­�Ï(‘9g€c³rÃÛ‡|“z©
+£™‚\Ÿ«'ØHð`U˜”è3¯{¯„wOþ¬=[ñ]—¾jõÒºSºzÙG¸%˸µÝm(q!-<ú

'Sºs5â3÷6b‘‹™JUùºcÃ9¨Ã·²¬rV4Ñ<¨Ûø	?ÕÌEìŒ!=s`Æ•� Ÿ{hH†áùÃiêVº Ó?+‰ªcgüà‚óì3VQ´p™x«…‚
+(ë³&Q�ÅZM&²¼™î]<1	BzÍa3U&Y#w²‰²
èš6ûpQ›2)Ð2 ¹T›¥Y
õŽA%ŠN!}>ìݵÞ}pÑ€´¥“íFh¯�üÁŽÑV³2vÌÀÈDöÇÇY\æ¦BeÔ‰i<á}{7Ç�Gé2à¬Ï!ÐîÍœ8«e‚‹ìîÞKòŠ)SÆÏLg$ÙfýÚ péúž†\¾�+H¼óš—|ð–	ïÅŽ SšºiŒ—ÌŒ{,ױμ¤n<=kÜ\K}-Ц5ÆÍi Å�ñ-¡ÜÇÇÀ;ñŸÕqí÷D§�"Ž5Ø¢�Ì„3ã@t<W*OXΡ/ð­ú.æq§Ýî´ð¯»ÕÌ'7“}rF§MNwn`>:ÌüK¶DËñ„áÜ{¹„B¡Í°zºG(Îi!Ÿ:5TŠåQ4â¾O—T9Uóí§àÂbØ�šžÔÿa6•Lz£åN7âí�ç†sáñÍZ!šÈf‚“Ž
Þ0꠺͋ʦ8yF¬þDÂó0>ófŽ�ß»ênd³YÀšì—©;uÍнËl½£�wûÞ·fÜÆËæ¬*ÏMQÒïô]º)w#¸.×?ß†uá]Ѹ‘�ê¹¾.ãÆñmO/ë¨:x7½ìÑÅÅGß0§×÷7×ôP'CWÜ�œòràçÍ�óA›_Cßžúƒ~0¸¸„¬aÇ ÍGáÑ_Gÿ¹-rendstream
+endobj
+1529 0 obj<</Type/Page/Parent 1372 0 R/Contents 1530 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1530 0 obj<</Filter/FlateDecode/Length 1778      >>stream
+x
�X]OÛH}çW\õ‰JÁI M`¥}€¥¨H[ÚUXõ…—‰=‰§Ø3©Ç&äßï¹wÆŽ1‘*-Š2÷ëœsïô×É”&øžÒâœ.æ”–'“dBóÙ4™Ñìr�¿ÏñSiZËÂ2øüæñd|7¡+z\ã¦ù%þÈ·L&ô˜žRüÚëÉ7Û­«jú“ÜÇÇŸ':›N’KìÓÕ‹®°íõõ5éýð™ñÝŒ¦Ó`ìì|Îgw¹†‡añ<.žöŽño�ž’ñTçšî¿“ʲJ{On-Ÿü¸X’’p芦‹hïb†¼ÀâU2Kè‹ÛѪr;oì†Ö�Mk㤲åXªez[¸=ùZ­
+Í|!‚>Ÿ„k°®m&‹ÝE�\·TåJ½õ™Ï-	ø©¬U­3R+÷¢GôuI?ŒÍà•*Í�ÕEÛ_#�ˆÓTô ë›ûoK²ªÄâÓ©Itò‡DOÈ
+­]EWDO§É9Ì	1©¦z¿Õd,¹­®Çûô‘œeoPÖf›Ðuá݈ÔÐAε~UiM¥®s—ÑjO»Ü¤9<@)Ø©èp¸v`¾VÏpz[(¸€í™F\%¢Œ÷àJÄ	Ï­«%¤^>ÒÂh[�CE)‡g+­-mÌ~+ê•{`3âb?ßÜÿ÷×/ß–�K*œ{n¶ìŽ¶\ÂlĘ5Ý@œÆ~ÆœwEÃ{sBש Œ‹; ¸·Bª¼fÓ@6G'q[×÷—TQ¼Ïèi§±„%¯ÁQ|ŽK2g5çþßÛïƒp
@•Áh�Ð#—ÄÀ_@¬«Mç>pÍÕ,\ª
+0zeu=¢ÆÌ¡678ßxT{€°ó4°ã~h;¦Zû„½ooêFæI¸@Ûʽ˜þ(@H�g=iòÌ—HÛu©ö¨4"5«b?ˆÖØŸ:eã",vR P±ÒÕºO-DºsÕ3ÈHÊiø·)k$@ ­ª€fôéã°´?¤�o@ÇhàT�Žã–v•Ä®²l¸BœÖŽÝ;S3‰t­Ý–½KÎèV¥Ïºö”*ˉ©\#µªóƇã@kH¤c¿ä­¾‘J+‡JÇã1%¾µØ‚ø¶©XÙ/ÑL#0¯$Ÿ© Ñ1¹#·XZiÀù+/¸ª#ôbgŽ�	²«Û³auõ+ª˜Ð7X‚”ˆëÇ7´¢' âR@ì!ÔÐ#2W*HÞ[OK¨Š;;-gµ�—Ðc¤íÀ!`TêäuŠÕ{|&—§ÎÖ•+ÿˆWE8µ<°)ÂÅš±Ë—AjÙªÄ4“O§kVTùgÞ+RÝZW®l™y?´­Nú5Í•Ýð™>kØ,¤$
Ù�€m|?È\(:V,^{r«šó«àw¹-Àœ	‹bm×Ýê\¡úP4 ˆQ�˜Ðg19�žM?Z@þrà[®‘¦®�ÄVÔÇÄÀ.ÂV†¸ÙãªnØ•0AtèNQa]Õ#øÁDdmn6¹¥›mmJträ†ÖK‡^[ƒUШv©+qzpHŽc Ik-‹U#—x×ù4EÔ�¼IËD1¾…n¬s/ÓÈhËÊ$a#­,�#Z5ÌJ/Æ›¶>êE™B­LÁ ŒVD`èáa“hž[VŒ—þÀ6>t�xK+>×vÏX›M¦	¤
hYA*žß‹ð=F^;Ò¢#@»¼I9
ÜF¡ì{´âÑ!U2œÂü‚Õ�ÿ¹‚‹`úI€ä	Û¹`è(ͦÍöÄ{ZäJóˆõNJCû‹£3·¿5’á(›Ûø½Msg�—ÖÉyîg�j7<�z»¶·Å;øò^{ã1�‹ãËUÂÙ¦µ)tä¾d©íÜ,êA‘dÿ15¤œîúoÛty¬ÆM•þÕ0_zq…¨«.ìèƒ^¯f 1«Êd
úw›o–Ì !ã^sçraÂ�6W‰¤!á8Û}Û÷ÀÁi{èSaŠ¢æ·ì]'ÐXf&�î
T2 ~î$½wŠßœùßÔ§›˜z¹¼2Gg¬öÁ��ÐϚЄ›¨@û^:L´#yHü˜�2?’ñ7`-ˆ³â�`Îu'`D
ÕBÌ°ŽY
-Â`È…
+¹<ê&BîHÆ—œ¥wv´Ev¦mV_ Ð˜ÙGñ‰×°</OÇÎÇ9¤×³û‡wç)Þ7È$ÎY‘ÎñÝÑ'⧤?<vßAéïÄV¬ZÝo߇�úü–ðZ—2aC�ôæðFß]Fw§s¼Í//hþIžˆËë¯7×ô½r<çÒ­K›ÙYàhÎÚíg‹	?Øÿ÷‹–߸¿{Ãγd1¿ÄÿÀÐbÊö??žüsòÑc‡Jendstream
+endobj
+1531 0 obj<</Type/Page/Parent 1372 0 R/Contents 1532 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 869 0 R>>endobj
+1532 0 obj<</Filter/FlateDecode/Length 1960      >>stream
 x
�XQsÛ6~ׯØé“2cÑ’,KòÍô!¾Ä×ÎÄIï¬NÚ¿@$d¡&
–-ë~ý}» (…ñM;M$vû}ûí"Žf4Å3ZÍéjIy5šfS¬ô?þó¯Ñl:Ϧt=_eKªh¶Xf7ÝSI£óg¼½Yã«ø-¿…!š/¯eçzÖ?ô¯®ÙFWüÅ\Ò«Å*[Ðb½â=ø¿Ñ´ÝnF—wšÍh³CÔËõŠ6…;¥M>¾ ¯Æîà)/�¶ÁS¥ŽÔzMÚæͱº ZypMáIy<4�ÜŽå{U–Úê'}Ùh_;‹Mª
{X1¹
-ÆYª\¡Ëw›?FSšÌ®²9|�Ç*{ÎTFŸ7Ÿî_f�ïÈ5¤Jgõÿ–—Z5ôk cŸ<í°ìMU—º…¶Ê#²oÝeô36í][´Õ8¿*Íu1ðö*ÐÁ„=!Tz¸¿¥ºqÁå®”…tX2|VÏ^Ü‹FDøØê€<<“Æn,Ku©ðS¢E�}Ê.hÛ².|oÜòóªú._�þ³ÕÁgݶù€"e_‘Ó“ñ>	À+$¢_„mœo¤¶ZvÝàƒíQœâcÄíÏŒq4Guôÿ`· ô$ù}oéþÂ�írŽú×Ï?ÿóˇ�é±ÏVÄ*£ÍÖñçÙºƒe¾ð¦Ï±!Ǻ¼Ë;6NVÙšk‰91_®ˆ½Ÿ¸*/{Òl`¥÷󹳅ɵu�Så`Ä)‹%NW­Š‚±rM:ÆOgd"hߣæxyÏ,³–mY®ãF>øç_?}bö7*Gr�|úº4�ƒ
Y+Éèõ’¶Xúðñ�žõ\Ê:©�§*õdòh->èE•­æ™Ã¾-ª€f0Ç‘K5 Zú¤ì½²ÿ?±	Ä7r;™¯³Ù
M®ç�¤ÿwצºiôŽÉî·_ºÂ§�Q¸¤qnˆ‚�?0Ö?}ùºù< ¹Ô<Wkå@ÌBeJOØÄñku388W—x·œB>S¥›k”§ž€¶/&gäÏ4» ³/@.PÁ#6OWÙ« Ñ-Ð2øÝö+ZUI/–5‹ÃÜóm¨2ïËòäž#Å·C2Ü�
Eìc³Ž rOßåÀƒ¾šz&%É3jøˆ4î80Ô„3§I¹÷êŠF0ïWѸºfî$ݪ@iQÔN#𹈄) ­ŒÛlJ•±-ÓO1Üä8é·ˆ*Z¢BÐU�¶Áuˆãòvƒ²)¨TÛ1ã[e’ètq![â@÷‰öAmK㑼
YØô™µÖóÑІT¾‡·ÜÕÇ¡*¥Ð¯$ô{“7λ]`*Ñ‹”åè̉
pñ]BŠ3Å^Ù?ÒÌq�À� ì§Ò
-4•DX¥xo£Ÿ„èß
z‚.ç$+I‘”3O]'Ù‡è›
£  O@†ë,ö$ñªú#uŒ s

2$6¥Vh‡B&�ÚèÊáÕ·E185—+4¢p º`Ÿ¹¾AöyNJ|–8…®€öÆš Ë£XPôä\A¦ÐŠÄD‘”Ÿpè=ôÎÑé|›ïÓ 3$ÇPÄÊe\{,€TãØ-ÝF&Õ¸6vÄê[Ñ‹4Hݼv.N�‰-r¹Xà;¤5w�„"ü€\¨¢4©LåGÐQ¢"ó¸Ò%W�ŒEp63}‹œñònJ7qü›Ìq¢`‡2ÓQ©_âˆ6¦»<�Ÿ��
îD³Ïm̦±k¤ým§1÷�Û^ÝèAU[ÉíìÚ¹”Gï¦ËMGUN)’R:÷ÜÖý‡i¸{�ˆ\-¥ËÕPîýÑC·Hå9pÄÀE·:WðÄóÍo'¨Xo^xžu³.ôÅâÖÐØ,ìöqöÃ@T3&ååݼ›sÆé®ö™?
=ãï¸Ìwp„,4\c’ö'Ä€J»81ÝVÎOßì®Ôs¯•ye½äìôq¿U†= ,wÉ…�Ä�]õׇë�J'Ó�ê íXû„}3©:þNþªÖ®V¯ec}­Ô«©ÚŠl[m9êÝ©.5¸‹ÖÐaoò}„m™`Ã)p“ˆ‹‰ºcŠªÊèœfnÜeXYÖ1â3¡;ü—¦V\B‰&KfÄ4² <¹w=ŽßI68É1ˆžP)!§Ê;§,¬c%Åé‘k‚ц†ûšõ
M:”žç{îqU�-£�³®kž5˜gS¶üõ„‡` q<ùÇ’æËÃÀ³¤ª1fHr0¼Wm�#Ó5®¥É³›Ðe¬G‹-ÄU‘#þŋΤ€q€²#Û\ì<ë?Ž™µß�y¹«¶Æv¾¸«=¾–Ôxm1…�«ežeø�­ã÷Øvú¦ÂÅñFW¡píâÊmº<`7ÒXÈX�7¨ìaVö�–
ggžÚ&ÞŸkç½Ù\-rʾÒ‚<½áVnp—wëŽÂ³%þ-`}EËëN²Þßß¾§_÷F2úàò¶‚º‰/Žf’6LVStŒb©_d‘¡mƒ#`ÍݵVæüxíÙóœëЬëÒqa—)…ÁÂ
-.OòØo�µ/´`o‹Õ"[-×ñ¸šóÒÇÍèߣÿ
äU°oendstream
-endobj
-1528 0 obj<</Type/Page/Parent 1367 0 R/Contents 1529 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 830 0 R>>endobj
-1529 0 obj<</Filter/FlateDecode/Length 1477      >>stream
-x
ÅWMoÛF½ûW|rƒŠ%YR
-ä`ÇIk ¶ÒJFP €±"—’«ì.%ëß÷ÍîRiŠE“8�ÌÝùxóæÍðûYL}ü�i2 á˜’ò¬õitu�h4�àó?ZRÆpôðߟ¿ž�†1ŽÅƒ1Ž”4š¢qøVÐÜŠãA4ågC>è¾õ‡ì©íãfqvùù=Å#Zdk<ŇÔ9íÓ"¹ˆûÑUGôh$ÝÏék^¥jgèaAÂ�¨HÔv-+›'Âæª"#õVêŸÏ0Êî½ÑÞ`£‹un¨”v­RÊ«­*¶Ò®“HÓœ¯R™ûE¦ŠBíòjE¡®HmpÅ=3å2JT•Q–òïªOïO#¤
_þÈ*Ñû�…cvJ§†>Ð_Òðµ>õ�Ýôô´‘I­s»Ç¡c&oœk¬…S8~þ íÍÝlþT!Ü'•=}¹ýxþ‡±ÇA¢¼?v§h'ö.ï<e³=g½[%©Iiª”%A5ÂaË€<=䂹Æ}C[Qäi8Ѭ’|ÁaÛ$:ŒìZËM±’™Ò¥¯ØF«-\§\O€m›t
-[JcÄÊUD«_~vÅP.Lçì¹6ˆáI­w¢Rï «+ʵ}ªž�Gïˆ�“ü…‹š¯jíã¦F&‹ÂBÜ¡>Z
-Ã|™‹r)h—žÁ7®t2î–JÐR­jÓF´ùåá0ç‘{.jY*+›Jg"/™Bƒ>KšÃÚ§ãùu©:ÿ
-ºBž[yÈ>”¿i$àáŠz§}+@29Br°7!wœ*ùFªFE2øÂ�Dj+ÐBU].™Yè¤Âuow°°V–Ëè£Y-M]Xî?xÔĦaÙt«û‰pý{RÓŽñT�•Z~¯s&¿ËP.]Fx	�Òc•¿�HUW¾èLvÌŒƒéð¨“oXagÉÁ!)XÝh¹EG!Ü3e¹'OV�©:•²¤ÈqÌgsª„='µè'�ƒˆîÅ7' c
ŒmkÆISUqôߊ¡BȨƒäoËàÿ ‚ÇÞPAèé·•Võ†õÏ©âþ’S¿7n5„m:ê½{
Q£“\ø�ówçÍU]rUQàóŽ¥sÏÖDðã„
§@�^aù¸Xg¬² 2(
õû™D%˜5P	à›8âÉþ¥
-òºËÁÅ�Ý~¸Cu
-/¬\ŽºaöÁ(Cç,{
óÆ*)1 ðøYÁ8;n�ܳ"ZpCä‡iDÞE9÷ô1nFbÓè52<{ËökpjÃrÏQÌÝTGTb…|ÀRÀVŠ uÛ­Ú�ò4?Ðåç$ì½I4�)Aÿ=O¨M÷üõƒ|±?šƒ#ú=¯ê2{±"ù‚±`›]à*˜¿ l
-Ž")õ4a?=\ߢÞ3ÝÎî¯ïÜWﱟôâ�xzƒi¿?âø_ÓÓ3Ȫ¬Øfò“·æ¹_%žàM)Ö(þRò¬9j;DÈØ…�Ö¬r·�šÛ^J;\X½[PÉ�©“5ïFZËÜ‚tbt»‹YKÌpÏz_¬ÈÍúØpäRÚäÒ—ÔŸiVÌ‚&è}·¯Û£�åqcß�w·®ÕxÂ`cL=gƒÂ‡ÖDŸa `Ç°24'®.±w�ša
ÞærGÉZlxöºÓ¸ÿÛìëbõ�ò$¼í†v8îÞí‰3Œèc؈cçWî°`�°�wõT–¹<è±]�ɘ ¡Áx
-_¶ºl‰ñ	pÜx6v_;_thǵD�Qßcº
--ô�y'ƒAßÉm
-ºMƒáΚ�Ám©ªÂ
-‹x;¸‡MçsÁm/È	µM�çùý
ùyÚÇZLçâ1ÞæC¼
9-˜_ßß\Ó­ÜÊw«7ƒÜjÆAôšã½Iï!acø‘—¦ÑdMÆS¼‡ÁÊdÈÆ?-Îþ8û¤:ƒùendstream
-endobj
-1530 0 obj<</Type/Page/Parent 1367 0 R/Contents 1531 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1531 0 obj<</Filter/FlateDecode/Length 1199      >>stream
-x
�V[SÛF~çWœ�>ЙH²%Ç—´é	$}6-Êd:¡ÓYKk¤DÚu´+ÿû~{‘±
î%0€iÏí»œývÒ§¾û4Š)RVŸôÂ
&I8¦Áx„Ï1~Nû Œž'ƒ0~îÄhòôÀ›ô$z7 ~ŸÒ’Ç#JsBâ^�Òì<-JE5×…Ì©+Y­¸"–ç¥.¥ ¹ ] YUr]Š{Z²†ámÞ(ÒÒ>Sõ<̤XТ¬ø«Ó/H×£‰Ëăp€|çgg´¬8Sí-xÓ¾eõœÑÍå[úuö)�QV°%‚SÅÌïR�‰×£ ßCc.Œ6g(ˆg¶Ä…l¨–ZÎ5++upâó}%ç¬úóàß俸ȚÍR£/¥Ö²É½¦?øa�îmų¶)õ/µŠ7Gbæ²f(½’÷Rüs¼Ÿˆ	šÝRÅW¼2ÃNêÚA—
Ïd]s‘óüH*©üÙ×8ê߉ûáÐÌêóô*ý0{?›ë}Ét�N"%k¾.XãRDÅHm”æõ‘œ
g9IQ™)lܨv	Ä6;€qDƒ�ÅÌ“´Á ¿£�¢| —ŠX–ÉVhœ¼3ç”!“æ¹�ÀYVØ™¿ ¦hÍ«Êü5±Í“®Ò²@ç×·ô©¹\+š¦Ql˜^ã­Rð�Ò=:+Ý´™nÁ;îomÙð<4á¢w“­f‚xìX¾“°ÒGÀoYrк{ï–ºmJL£‚
-¹*sŽÞÌœrdË´l6¤
-ÙVùNÓ‡…~(E»–aù–¥¾m Hz³,3f¹d„‹„ÏMfTv FÅ`�¸ïõ©`;ÊŸÙV`(Šæ`Èœ©‚‚œ"ÓCtj„Pæ§ÔÔ}îàð¢}eU–ÿÛ{DWÂÈÿÆkòý¼\ÿâƒvì~
-òqöý¡ð64òhÇ!튮—èÂqö8
À5ž�¥áŽZN7ë‚rÖÚa€¹!3#opS݃kBúý‰[pËÀ¹%0íFí)°k„ß
í‚U(Ø`›óU$Z¨ìÔ+ç/
ß?½»û¡ËxÜàÿœÙÃÎ0h/›IeqÁÊ2»+Hì.
.Ã�ÞJ‘U­Â–z€‘³@7c¯:3áEÅÊyűñ¼>#—¼�Ë€0´Ãb†…u:¾ÕZÀ*)8�è+Ð2 ©$µäY	�1·„£q.)!;cx�¢;ÛsÒNPÓb`œÐåP MgéÖ0×Ö4íN±…”W/lFÐÞa¬Ç¡-ã7 •ó]_¶‹Ø¡çÓ¡y�¨~äžK0o5–/vœ¾f_¹
f-ß_váN¬‹�1TÒØZÇ’í2Í(ÍÌ�\}ž­™7ÝWŸ>%‡ã]<Ù«À£ÛÚçÁËØÝ.Ä�F“ð!à2µÝØ^[5¯çЕcÖ~2\‡òó£™:€�‰Up'�âW˜°4fºÓÙ4¥.÷¥»€¨�œÿKÚ±Ÿ@?‡ãIBþ_>·×o.覑_°4èRf-®n†&nÐâ9N(õpûÚÚ—Ê¢¼7;ÀÉÁX
šh
�ÐXöå@0q£A8Ž!7Ä
Ì¿®Ò“ßNþ›�%8endstream
-endobj
-1532 0 obj<</Type/Page/Parent 1367 0 R/Contents 1533 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 833 0 R>>endobj
-1533 0 obj<</Filter/FlateDecode/Length 1701      >>stream
-x
•WMoÛ8½çWrr
ǵ×N÷–I7@‘v·ÝC.´DGÜR¤JRñúßïR’e%)°(Ø5Ÿï½þ:™Ñÿf´šÓù’²òd:™â—îÏ×�'óåjòžïg“%•4¿XMVÍ7M÷'ýï%�Ï“Yïiÿ;ž.—�%~nh±¼€Ý¬NiŽÿNÒ6>8ŸÎøññƒë“·7ïi>¥õq/W´Îc¸ø%]¢
-ÒÑl6¡ow·ÓéJå½²†>¨àI˜œ~(“Û�§»õ›õ?'S:›/`dt™eÒ{º²&8«é“òÁó
ö7[%gç‹ÉœÃ
\|Wr§Ìc´šÂ<ò—è·êüzª=ÿ
-Ùó8�DŸ^fµSaO¹Ú>6þˆ¿ñ7_¡8ðw'w¤L4r/Ê�àRÁ„“Z
-/IùøHl”fk[ëzYR¦•4H>XÄ"ù¤rdDPO’º¼
qÆP“ÙyJ4Fû/¿þ„„c¶¥ÍÕv�Ö&—Nï_J}Òx™Ò½³�Ý‹€?¹
3áä¶Öd,žYÊlY9‹ÎÅhAÚmtK\X(\m‡`Í8èƒÒºqßæb7r¯ZG#[¥%úZr�h슼T8p" ¢™0ˆ$“º5ÍéÔF˜ØX”–;žË­¨u '¡kIMø•p¢”ŒÓ„¯yÓïøÎ4ùºª¬éi‹†ÂÓFJCk2§-j”�Â-dÚl·B{94�Ú¿0
-®ž“·T
-£ªZ%à?TÊG¸ÕÎ <Û½)ËX™!]"ÎA—ù„þ´»D±úø`¦­¹/…ã°™¢
n�1ú&Ñê���xÑz-Ïð5ûI;ŠX|§‹@¥eÐoê882 ÷-Í•“z»grµàdÎ1ô‰à˜.,Aßðê·»+ªD(&ô£@K¸Ù¥45U¶ògu5æØâQÊgÙõù‹³¨gPrÀø�¨ˆ&2A[]¶°aó-øÚ&¯™GÇÄ¥ºŠQëJ¡SŠ Qã§Q&ò˜‹‘ªÔ×’HÉXœ!SA\bÂؤ_ƒŠ[
%îg*ÕÛ›Cz÷�¬·q4¡«CMw4ºìm�pàØKf�ÃßÔ.?~V¸ƒ®Œ?;zYçŠmxŽåahöóÎHçU
?/÷³V¾â¦\Ì+A	\;@¯t*1nÄ£¤KÈø¯Zz`Ž* Øį¨‹a!uÎc|%´ƒBeš¢ª¤p¤’8Â>§·ù-P岯ccF¯hñ°+TVðqÌCÉsf($TE G/Æ'ù�¢)sLtJÓ¨	‚ƒ¨0å“n@Ì^
-oBÓÍ܉y˜³mm2"1”ôÈõ–¸Q:wð^P¥Ä,H^¬Ñ{~<c¶Æì=µû]ÇËË”ÞÛ›ƒè6ÂûÈ
ÁÀvHæš*‘Æ„GMá6À·…b3®ÍoÅñü°K$iz�=!ŒLJï¥DN;DŸ Ýó â�—Z³ÙÈÉÂ’Ý™TÁGÈŸ‰-åA=9ÄAÎc-1I7ûHIšóhV‚Óûë¯ß¯¿><DØ>Œ>±Ö°�‡7ƒÈ{/Aq±&&›ÝðL††Ù2˜2|¸ý|-·‘%ñC›ž¤­q8¯ØŠ‘ÆTûëHüuW¹ÙÕ�ûšV“AÜG9¿â2—>sªJ[`¹'•…ØÁø3gØÔ/©?йÅË›�‘­öôâãõJ±U,-ý*áýκœr
iÆ^ùðæH²ŸÑåJÛç+FC b�ö 4!ñ¹ÕÓ¶û·I²^]ˆ~¿Á,ö1æX*[»�^^}Ú1}`X‡U_ O­V@0Ýoµ¡W¾Ókfo�t4Ì4I�µFF´?%}~™Ý£–š�Ö$…a*"Ç´ôÅ^Gîñ¸JíCbN8„³ÎK½¥‡QÜ?…Pq—ìå]äÊWZ@ÈÚaÀÀ«·X{#®šE$‚‹ãÀnÖSÀNÌá9²lÝÎ(ìÊ,–›X€žßˆJ†j|�ýˆo+qùˆ\…Çî*Å6�rmg
-¶ø舱ä¤Ek_â2Ðs+ž„ÒbÃK‚nêÍakqÖ>[¹9ñ	]â‚›KSÍló8Úù.ÉF–òJ7¾¦;Àq.¶�ãT›Ñ’¨ÜÔcyXÛâÆ%a›•7éYìW㯙9‡ËÁ9_¶qŸ¼úezír¼X-&«å®â0ºzÇÉ]¯Oþ:ùü
-£endstream
-endobj
-1534 0 obj<</Type/Page/Parent 1367 0 R/Contents 1535 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1535 0 obj<</Filter/FlateDecode/Length 1810      >>stream
-x
�XßSÛ8~ç¯ØÉéL	¤	½— pÃMK¹’kï�Å–‰Šmù$™�ûëï[Évl‡þ˜¶Œ]É«Ýo¿ývÅ¿SšàÏ”'t:§(;˜Œ'4?��ç4;[àùÿŒ¤Ä/Ì&§x}eaúöÝø¬¿p±<8¾žÑtJˇÌÏ´Œ	L&´Œ†Ëµ„aeIät»¤h­79E:ËD“[G•¦´Ñæ	OnM÷"[	ìŽI¤©Þ� ÒJÖÎãLåÊ:#œ6Tõ¬Rù(ß,¿Lèhz:>ÁÙÃH繌œ„}�σAD8ž,=Ø°d´v¼­Eþ(á‰$x&�]«‚tB	,[Ò9­4œ”êH¤ˆàú>,m­“iÓ;ÛÈL;I™.svÀÁ‡Ë1-×€ƒy*«T²?…0ŽÏ…#lòøz^A:¤{¥jþ·zÈ`Z•F¹-aÙ³¥
Þœ„ÏÛž["	Ù–ÎÓTYÄΩ¼ZJ‘�ZÎ$Fg�L¨¼Ú“¸‚¬rr¼xGSd™Ó}t:¬}:ÏÆôEÉ�Ê=D‡be�	
×
-i2e­Ò¹íF'6À¬LL«Ò9ø	�<Þ6xîv¶]cÃêË1]¦*zbW`6-­Þ,•’+‘êG¤ök  +±ƒ3]�×¢SËsOKì ¿ooþ	|©±d¾t"æ<Wœâ8be‹TlÁ	€Ê&m2ú-¸_ÇÆXÌžƒû«Ï_®>?<xö??hÄ’‹L>¼éÅÜúè«/¶`ó¤Æ+êã ¥[é.n>Ý{Ëu(�¬¡TFÔ³Æî|Ç–÷”]¬
y”Bõ®5ÔBÅæ“ë©ú¡Þ{'ubþΑ±´‘Q…C]d�ó­b™;•lù™q®ðË
7eÜKœ’Ðóé�«K@‘(™Æ�
-a-*¦X8±9ð…ÐBþÆW.W1âw�˜^0¹#¥dË¢Ðƽ�•^ŽÂ
-´ÚËé0©­ô`Wùˆª¢�ç«VÑ@ðú
-=áÐ!»tµ8Våà
-b¸Õ¹ì1jØð¼Í}¯Óí#`~p]B¼/uîŒN}P–ð¡m! Û)†X%	´)w>3&h«?¾–%투¦›Cœò
'8¼�@6‚Ö½Œ
-ôž]å%ÊX·“0èV�0HW#aÓ1]³Í»�Æt³ÅIççÕÊ:W€
Õ��.‹cÐ$#–wßê$Úž1Ò:�™œ#E<Ñ€U[òƒ|� ãñ
‹è,E
=Ym+‘V¹ïwnm¤$™Ê°2Î/?„öÉ šÃnðƒ½:|9¤•r¶¶åM`[Æ®ã0ÙB<èœ�?ÝZk»Y›¦ÇT¯|+%U@÷vÖäìÂ?¡‚y0‘sHèi¾uv®¶@eCn¼o-_}³÷4^´Ô©cªÃ!”–Ÿdºn[…¶+T…IÄñêa¢hNß
QCò2UÐ<!m¾6^�¹—§ŽÛ-¥†¡» ûõzÎ<È·aëÎæ0$Öù¡cž@;yn‡èÀV|e‹0&U½½Îæ°"y?…}ða
-Û“¡0^_·ì%œ^Ô@ÙËOïÖˆy)½ì3»�l#˜…‘‰zÙ‘‰u~?Š{d3�G‘´vÏϪ¥ŒJl<'ûð^”vyÜXsá¢ý©Ð4¼†­A¬\w\ôó/<c? ª¨LEEhß×<{x쥇¤@]Pö=„~§}&F£`‰`fР{Ú€WXÝ%@ciÈ4´Yáxc˜	4úEªE\·—½<.ÅS_;>ÕSõj¬KÂAÑ0íIznÖ
-ª€È¤È};Ï=Þx§Œäö‰dþ…Pƒ´uƒé…h×â¹n—{nÚó
¢È´¯†õ
,àæb

FçH—Æ¢iTÃî6—ý„”ãEÐÒèÕîó[Ï›ÇôQ³ºH‡›€¿m0Mcp�e¤c­|ë@ˬ»ï#ô€W�Ÿt²“1½oÆﻟ¶³z/ú-ÏÌáºÖÜwȆpDä
¢W�;¨`éĵD¾Ýò2ƒÖZÅ8܃„£f6ø½a¶©ÛÿøZ™&#ð0ào]Ñ»¾^OÔÜÞ›óÐ!sص§Z#à^ò?íe¿ÕPÑÖmÓúÒöƒˆ(B;ç+_«“|O6ŸåÁ˜G_è<ŒþÂð2j&\‡W(¿Ð¶;#T]m¿¯:œ	\1tÔÐì m'¥ª;D‘6ì­LûÖÑÞÔ†U‰>¤_IéÒ*Çý³NÜ|Øa‡¿‘qòºXÃÊ¿ðîøØë[åF—³*»U=œUÃótŽßlœ�Ò|á/—÷ç/ÎéÎèohªô^G%ÏG¡ÐØÑ£zûÑbò®™ýB;[ÌÆ‹ù®Ä
s6yµ<øëàUendstream
-endobj
-1536 0 obj<</Type/Page/Parent 1367 0 R/Contents 1537 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1537 0 obj<</Filter/FlateDecode/Length 1510      >>stream
-x
�WÁrÛ6½û+vt’glY’eÉéÍ©ëi&�ÝÖê´_ “�¦õ÷yB
Ú—NÆFvßî¾}»úq2£)þÍh5§Ë%%åÉt2¥åòŸ‹ë>çø³’2ÿb~9›,âŸ×'wšÍh�ÁÖòzEë”`g:¥u2~åF�Ûé:—N9éˆ$)�K«j™R%m©œSF;ÊŒ¥û5mvpZ7V+½%áHhþöæ×?ø2ýsÿå¿Þ-*M*O×ßO¦t>»œÌá~\ç¢&AZ¶”©BRb¥`_0Ü
2¦”#—„ך¦Há2‘êENØÖÅÝ'š!éür�°au6›\Mè›IU¶cdÞ4§
-Wkcw=T®³rLÌù|5Y²•è¾Ðéûð»Se…ð”äBoÙ/'!U®*Ä.ÊŸâ°ø¥(Ì–6æõ,J{K
-•<;Ê«P¾1=|}‹{L›¦®�žÐ秊/Òž±¤ŒÓV¨RÕ¢ö•oœ´H»LQgCœkù¤ÉÎPÄ”DáL„HéZZ‘tVZUç>W㸰i(ב#T
-÷ÌŒHñTU†Éèöá‘D][´žb(?£`ìH"·µx–,äIb]ûº£ÚóeWí/™GR	+J	ŒÔef¾Ï•Ã’‚\SUÆÖqÚ˜[²fÿÝt™ï�q<̱kÆìH#¦!ËÊßãëN&
ºä
±¨UEA™PE’OžÐ�¿cIG7I"�£[©•LG1ÐïĶc}/ú5h”)ë%÷\1¤M�¾åFv�xè(šïèÓa†�Ð×èÍBÁ6JÇŒq(D¨4髺»³EG"3Q¨ÒZô]€+(ßÊ’WÖ$2mÀÂD„Ä�L T¥ÉW¤¹–qjžN'´f‘(¥€6ù°w¦�MF»S)´ªš:ÃÉ!ÎJp„ã»ØZÓT­±�™#—�OÀÚ68F[4À¼ƒ@Y�þGÁ¤Vqå!p	Uå^cçï�#ÞçÁf.Ü;”½k„†bíyKô%:€c9#Ì¡> §S&'û¡dÖ”¾¾ýpCœÐòN¡¢²^ñ]M-àiPׇ¯q•‚@1†Ê‚ËœÎÀ–Ÿª*Àz–Ï‘6½ØÜIò@}VœJå„Ðò(p„ÊzQ%xê[ ±!¢�mTãÀw* Ha
ß¿_c„”bÁt”J—@Ôda${O’¢0­cà^íÒ·ÛˆäÙÿδ2:‘þ^.Ðdû
-eÙ•QD^SVF#˜>7®›ÍA]GCŽzdGg4jG¾íF¯#Ú¨¯3ü¿7Ù¡Çœ÷KÀAûzÂîš$G^"\£[Y@¡YÈA8A8|•ðȇ9_çP
pBmµ±xãI¶'H CXW¤Å¨‹Ãû—-A•kÖÃ>­qW€Ñû%€x…a
G”ýÃ�¶ŽwÑ€ö;’t]Cmb}Ie&šC'PÚ�6ì7Lc™F°�æOh¿æ 9XèZ~ÍDi”‰Ê*Üè$—L“wîo‰5#‰§g? D/_!æœf@goͽ׹Cÿc,cãƒV†�d؃v�‹Òµ,âwXL 1f~ñ&é^•ÄP‹Tîhâ3"vä.WÛ¼ÀßaÚõ6ÌãMž$>€òǺ8HI7½ˆú5
”9ZD^À}[z6U2ÁJ7HÏKLÔ­Æ<ÍU5py¬ý¸>vÝtq×[wAÉC2dêkðц¼ëŽ+�'&'†¢�®ÛÈý6"˜óàÇ~|X¸>^¡ïy®{®û�§kZÞ®ØÅ
-�™†WÑ–Ž™!èËښѽå“Õt?Bé2½_õzkÑA”x
Ý#¨==ž8þ,Ù¯”‡Îì�úÈÎ{gƒÅ‹»ë°MΖø‘v}IË«Åäš“÷xóíó
ýiÍw¨Ýš¤)!+~Gg´çûç«é§ÿõ“f±ZLVËkü,‚·ÕŠ�þ¶>ùëä'GCˆÒendstream
-endobj
-1538 0 obj<</Type/Page/Parent 1367 0 R/Contents 1539 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 846 0 R>>endobj
-1539 0 obj<</Filter/FlateDecode/Length 1445      >>stream
-x
µXÛnÛF}÷Wòb°iQR)ÐMŠ HÓ6zÌËŠ\Y›�\†»²­~}Ïìò¦µ#%

-6–{›93ç̬¿^Ä4ÅOLéŒæ	eåÅ4šâKÿëŸß/³8šR’΢•´HçøëG}äõ”,_E	æfI´h<5[-¢˜–«)¾–4ŸÍ£´ñìxŒÙer<»œEsZÎRwð|µìGnïh“ÞëÖòìx̧G³ÞªÅbå­ŠSØèGîäÑV%sÜ;š�1û*9še(â4Žfðh%í€�}½¾¸y» 8¦õx'«”Ö¹ƒyJëlò¡Ê$	ÚÙPV¨ì‹y¹þŒËvÇ„^|øã…ÿÖ�2!«IÔuq »“T˦TÆ(]ú(Ê� RÔÆMÝ©{Y-Pïu÷ÝÜ5z_ß<è¦Èù‚)]Çs¸°Î'ÍÍÃÍ#ÙFÕ…$#í‰*ç+zPEAÙNf_Ü
ÙNTw2?ºc«\±UØ+ŒuK7Ê>ŒTåÆÞ©Y稑پQö˜R
-ó%t¿�(¥•MD·Õ�ÜÁv',=ÈFÂ8o’û"ð¡ÒÖÝÏ/ãK½2ÔŸB¼¨�[K¢Ð•ììccFPGí”Ë|@öÆYY%ŠâpEÿÊF{³NûŠH=õŽ¿a~I„@
-x…
¢Œ�ÞvîJŸ4ªMäœK±	»«ôŽ±:pÈcåÃË®;(»Ó†÷·›îŒá�wÛiùX#—•uz5ìBÁg„‘îE±G¦øŒõ–÷I‘9ÿŸ…i«}¯ò0\™.kaÕFÈ+d®Ýµ™E¬L;N»c{µÎÑVdí6XÖ4:ßg2�h
þ0kŸ`Zê\m¼¨ÇoLµÑ]†tÕ2åÊÃâlé²›Qš¦± Õþ”�¶uÄÑ#×¥ýàŠ¡Ÿc"vA”:>üqÀŽe¬WŠ>
-穘馑¦Ö¬$-;ÚTø6+�)~½¢Š#Ö�˜³nMF’pžªˆªFùè«ênpäžP;ftñ =ÀöK]]†þ¬òHtÜzÞ1O²»e}'·ÆåéG© ‹¤ù)jyâWš�}(i™u•Ò¥ÞSºM§aÖЩ@•j<#ß\)ƒõ?’yHˆWwåÛiˆç6øº‡¾@	§ò£¢­›±­+Ko]-ÎU#3«›C+®ˆC(`X9±ÆÈ%÷ÈÎ\š¬Q.>}/ÇZ"3Y[ÔNs¤t¨^Bh°ã$„Ü2H‘s±�<µÍW±`ƒ‡¾¿7°t8î$	¾mÏwD6ŒÈ3ùÔ›7hÆs�Á€ëæ€ðlž@.ôÂÚr¶ öWHœ¾¯íþÂhàŽ¬?	çIë»N5áõOÕ±’u]ÂwkW`ËPYÏ)Y»±#á;nx(È}K@Y9ã}å�{$Q¾�E‡�—ªRÐ.

-S&*�N�[ßï›4ƒ«‘*L¨
-ÆrÃî:f+?4pk/¥œ4£û]	åFÉõ­è¨G…‰ŒÊtÐ{8U¹~ŽmÚ×ܦ²5p»Ýµ¦½t»ç—ƒæVª`	*åsFÀ=|V�{G@�ªð�Òe²’n–r-MuiY§øI…w
øbU¶/DÓöÌè:\á
-íŸï¡äû·š›:†¨§÷}¼ˆ£yó/¼ö
×7?¦ÜDphûi²üôÒ¯ÞhîýÓÁè11µÌÔVeLÖYúÅoêÚ]ˆy—2ƒ2ñkàW×Yå‚s¼0XÕÁt±óÌ‘Ïm~ÔvöÞŽ
-Æãæ3Ó7ÚŒïÕÖëUhœ¤Ñt5§$YáÿxJ}¼}ÿú–þjôgÀD¿él_âiå*;wÝm¸N§¯x}Gˈ޻¶›è�S?†w¯¥EŠ$+<DZ;]ñ¡oÖ_üâàIendstream
-endobj
-1540 0 obj<</Type/Page/Parent 1367 0 R/Contents 1541 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1541 0 obj<</Filter/FlateDecode/Length 827       >>stream
-x
�•O�Ú0Åï|ŠÑžXi		PÂû©ªÚmµTía/Æ1w›ÚÎ"¾}Ÿí$
i{h…�¶gÞüæ�óc’QŠOFù‚–kâõ$MRz‘§ÉšV›¿øA‡°°\Ü&›ñ«Ýd¾]P–Ñî€XëMN»‚'MiǧÜæÕÌ>]ï¾ORš-ÖÉ
-[¦m¸ n]b´^H#¸Óæü÷Ã-íùùvÕKé3�Jh¬(H*ë+HÈ•‚ŽÌ°Z8a,ÒòÆú=%v'^Ë|{KªñeÍ–«¨:Ë’<¡w
-‡wR+:IW†hÖ1U0SÐ=«÷Œ²Äœ3r߸¾¸4†©Ùñ(ÕcL3”œ=àÄØeÉêZt‚ßÜÝÿ
-I{é,=LmÃKb–®€¥©ê|õp�R�²¾||÷�ŽÂÔÒZèµ>VT—Ю”¶Åž-“…Ï\†= fœ)Ú£âZ*ÉžÜIéõ1£+=KYÞéÎàÊ*ýH ó§3£Ü>Âþ6^Òƒ¯Ð—�‡î” ó'¤
jm©OÔ	�²+“JÀQšˆÀˆq.¬%80äÒ'%I‡VVu!.‰‚çH¬7PßòK¹àÇö{x)VŸÐ…\®Q…ªUÛ‚�Ð>Dë˜ó¸ƒWãR‹r”^"$D�¬öÍòÇt¾úX=ßXÏ%dŸ6VÎK¦EÌ64
-Ī
-@±µ¶¢zÆž!¿ÆÂÂ~q$Í^6ÿ†8¼óŒ6ß¾hçsJWwï¯üÉ_3;%¤|ô&`üÉÿö{Æý,A)Û·lo:k©È‚©õF²cGn|REw­ Æ«
Âé$z 3?t˜DX&ÒµtŠì7&ÙÁ¯èÛïØbþ‡ë8–Ô
"zȸnÓá<ð¡
-?W�n™ü3ß
ÖÖ“gÝŒÐ`&šª€0l–JÐ]ôò5S\T¿õÓ0Ô駌…ñ¹8òçöe\=�#„êÜÉð/¼NúY#‹B¨à÷ùvÓ:*[ã�µYâM¶‰—ìý˯^Ò'£¿ãEBo4oj�Áò·¶¯oÖ˜åé­¿úþ÷nïn't•¯’|½Á+
ó[ÿ×ÛÝäóä'ú.S¿endstream
-endobj
-1542 0 obj<</Type/Page/Parent 1367 0 R/Contents 1543 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1543 0 obj<</Filter/FlateDecode/Length 1451      >>stream
-x
•W]oÛ6}ϯ¸@6ÌZù#i’ØCÛµO+Ð!Þ[€Œ–h›«Dºüˆãþú�KŠ–¬¨[¦ICñ~œÃs量�Íi†sº^ÐÅ•ÍÙûåÙôÓZÌh¹Æ›«ëZV4+f3¬”“[±óÒÒ|QУ×j¬Òúòî3­�¥J9oÕ*xY~¾Xþ}6£W‹K8™”R{+êú@�Ðbƒ"ø-U)¼2š7sìùuŠýêâ²X°!‚ͺÍJ�ÐK{/i>o÷.®‹+ÞûŽthVÈЬéO­Éœ—�£»‰Ü¼¥Û éÖÔÂ*w÷â%	G{Y×ü™Ð#ž÷·¿ÑZ4
-ir¬ß•�/I›=¯jõ]òÎ×ü"%ø¥›�XÕ’Þ� ¢Ï¦
-µäàÈùî—ðáä
í¬yP•$02 yÁ�±ê{ä%æa¥3Á–ÃÈ¥
§¦&'íƒ*¥+è‹U8øg@ŠßV¡dz™d
çTÉR9^¶à�‚F8V�x˜Œs´Îí�­˜+áÅJÀøn’2Š‡1™J_N£U´™~ÊÇ4
{ꊬü”�T&b6H°—†‹‚bvÀÔÆ
-œ¡ß
-äÍÉÚó‡A^·¡Ül¹5`¦
™ĩ
1’?àƒ
-÷6
|�
Rm6ª•ëÛËá¦QžìBvûQW(›,/ðY´(WE¬%®·V@Yn…V®I¡
-!-Ku�CÊdu°ÖÖðnIAWÒÖTñ€ÉÓꜞjR鵨uh+X	Ù!!åacO@qKïPâÖš°Ù’Ñ’Ö
-%’xª¥)Ø4½Ëœö(¸›ôªú^HVÊsëQºR(¤ êè¿U‰€ºjƒÆ‚L”þaСB‡</AÐÚÔµÙÇPàZ“|Íî_€TÓ1}©I5ÍT´Ü‚³ìo+Ð!w³ãru´’2*£GCÐ¥i´LFåø0Wh;´'�BŽ­Lyr^”_7Úfª’K4éØr (MíC�]ªm%°L"&ŽÈ}tŽ;wlçœt/H	ŽV’G
'„9À)Ĭ™CøjÈØ¥Üù(ÁpnæT=Ü;ÑÜïöÕªpíž,‘I<°é§½Éƒà2UÈùÏ�ä«y1ËXf�²É9H—Q®Y«Ý�ÄŽÃ`ÿŠhÉmuèbð7Wõž¶»Uy‰³�(½?´\›Ñs̵‰=5>�³"G¢ÜYObW8¦°ûoÛ$<ÔQûpÞ�PõSËç¤Üž9èÓ³©^hCêei‚öm¸H›S^öÂ{ÕÈ‘ð'vã {réqí ^|ù;ªqËsˆ¡o;FV�ŽˆszšðùqŠ¦ÀcaK‹’­k§èíá׋
ay?#ù
ëÝ‹xQâ†�²3{¯˜½VîjQÆ&Ò¤{7(Ã÷ƒ¨ ¾u‚\êíý@鲕l‡äÓBü‰¦+¥§(ð)ÐMó$z‚­¹‡¸·?ßÚ³j3Ü´V«Fù¼)öõÞñ²‘.w÷¬Ïhɼ;]ÃäêB�yéŸFÌeƒ1Öφ=׸íÆF“AÔ•m‹ÈãÍ×{ñÜD�K#^*©»÷l¡œ\™^kµ]ñ²“̵VlÑoIlsIõöc/Ç^’-:Í'£˜Ë×­i0ŸmŒ6–Kêå�…Ûâ~<Õ”KÀõ½9âEê‡î=Ç­+Ñ?¢ˆ¨1¾êv�x±¢R!‡Ž¼4+®´£¯q.¬ÏÄ߈—ýVJn”Rg‘uØ!ºO÷Blñ‚˸�S.³»Vg¯y-æÒ6£ÖÍH}ó”ën.ùŽÁßh<àŽÓœ/Ömåã;…_ñ
º
ÿ—3äÙÚ^ìV¯9vA'”í·
-Wgxˆ®’ùM÷‘vq•>ÒþçW$=çËñòú²¸¾ºÁ7+†üMœú—gœý5õ“Vendstream
-endobj
-1544 0 obj<</Type/Page/Parent 1367 0 R/Contents 1545 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 849 0 R>>endobj
-1545 0 obj<</Filter/FlateDecode/Length 1633      >>stream
+ÆYª\¡Ëw›?FSšÌ®²9|�Ç*{ÎTFŸ7Ÿî_f�ïÈ5¤Jgõÿ–—Z5ôk cŸ<í°ìMU—º…¶Ê#²oÝeô36í][´Õ8¿*Íu1ðö*ÐÁ„=!Tz¸¿¥ºqÁå®”…tX2|VÏ^Ü‹FDøØê€<<“Æn,Ku©ðS¢E�}Ê.hÛ².|oÜòóªú._�þ³ÕÁgݶù€"e_‘Ó“ñ>	À+$¢_„mœo¤¶ZvÝàƒíQœâcÄíÏŒq4Guôÿ`· ô$ù}oéþÂ�írŽú×Ï?ÿóˇ�é±ÏVÄ*£ÍÖñçÙºƒe¾ð¦Ï±!Ǻ¼Ë;6NVÙšk‰91_®ˆ½Ÿ¸*/{Òl`¥÷󹳅ɵu�Så`Ä)‹%NW­Š‚±rM:ÆOgd"hߣæxyÏ,³–mY®ãF>øç_?}bö7*Gr�|úº4�ƒ
Y+Éèõ’¶Xúðñ�žõ\Ê:)ö49«‰*õdòh-NèE•­æ™Ä¾-Ê€f°Ç¡K9 \ú¤ì½²ÿ?³	Å7’;™¯³Ù
M®çÐäÿwצÂiôŽÙî¸_ºÊ§�Q¸¦qp¨‚°?0Ø?}ùºù@ ¹=—kåÀÌBeJOØÄñku3È1—×x·œB>“¥›kÔ§ž€·/&gäÏ4» ³/À.pÁ#6OWÙ«ÀÑ-Ð:øÝö+ ZeI$/Ö5«ãÜn(3ïËòäž#Õ·C2Ü�
Iìc³Ž rOßåÀƒ¿¢z¦%É3Šøˆ4î80…3§Iº÷ê’F0ñWѸºfî$áªÀi‘ÔN$𹨄) ­ŒÛlJ•±-ÓO1Üä8	¸¨*b¢BÐU�¾Á…ˆãòvƒº)(UÛ1ã[i’ètq![â@÷‰öAmK㑼
YØô™µÖóÑЇT¾‡·ÜÕÇ¡,¥Ð¯$ô{“7λ]`*Œ”åè̉
pñ]BŠ3Å^Ù?ÒÌq�À� ì§Ò
+4•DX¦xo£Ÿ”èß
š‚$.ç$+I‘”3Om'Ù‡ê»
£  O@†ë,6%ñªú#uŒ s

246¥Vh‡B&�ÚèÊáÕ·E185—+4¢p Ú`Ÿ¹¾CöyNR|–8…®€öÆš Ë£XPôä\A¦ÐŠÄD‘”Ÿpè=ôÎÑê|›ïÓ¤3$ÇPÄÊe\{,€TóØ-íFFÕ¸6¶Äê[Ñ‹4Iݼv.N�‰-r¹Xà;¤5·�„"ü€\¨¢4©LåGÐR¢"ó¼Ò%W�ŒEp64}‹œñònJ7qþ›Ìq¤`‡2ÔQ©_âŒ6¦»<�Ÿ��
˜îD³Ïm̦±k¤ým§9#÷�Û^ÝèAU[Éíìú¹”Gï¦ËMGUN)’R:÷ÜÖý‡iº{ψ\-¥ËÕPîýÑC·Hå9pÄÄE·:WðÄÎo'¨Xo^x uÃ.ôÅâÖÐØ,ìöqöÓ@T3&ååݼtÆé®ö™?M=ãï¸xp„,4\c’ö'Ä€J»81ÝVÎOßì®Ôs¯•ye½äìôq¿U†= ,w2²œM,|$n쪿?œXT:™f€TmÇÚ¿ ì›ùKÕñwòWµ>pµz-ãëk¥^MÕVdÛjËQïNu©Á]4°†{“ï#lËN�«D\LÔSTUFç4tã2ÒȲ>ˆŸqÝá¿<0µâJ¼0‘X2$¦‘áÉÅëqüøN²ÁIŽAô„J	9UÞ9…`a+)N�\Œö04\جGhÒÉ \ñ<_v�«zlíÄž�p_ó¬Á<›²õ8(à¯'<�ãÑ?–4ßž… U�1C’ƒé½jƒÜ™®q-MžÝˆ.s=Z¤h!îŠ<ñ_(^t&Œ”Ùæbçaÿq̬ýnÌË]µ5¶óÅ]íñÝ°¤6Àk‹)„\-ó,s¸Àïl¿Ç¶Ó7.Ž7º…{WnÓå
»‘ÆBÆz¼Ae³²o´8;óÔ6ñ];ïÍÖàna�Sö•fäé
·r…»¼[wž-ñ�
ë+Z^w’ýðþþö=ýÒ¸?0’Ñ—·ÔM|q4“´a²š¢cã›l‘4†¶
þ�€%w×ZóãµgÏc®C¯®KwÄ…]†Æ
++¸<Éc¿5–¾°‚�-V‹lµ\ÇàjÎK7£�þéB°tendstream
+endobj
+1533 0 obj<</Type/Page/Parent 1372 0 R/Contents 1534 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 874 0 R>>endobj
+1534 0 obj<</Filter/FlateDecode/Length 1476      >>stream
+x
ÅWÛnÛF}÷Wüä­›%¹@|IZ±•V2‚Œ¹”h“\ew)Yß3»KI¤ýP(šÄ�dîÎåÌ™3Ã'=êâo�Æ}Œ(.NºQ—†Ñ�†“1>÷ñ£%¥üG÷ÿýùÛÉpÐñ^„#
Çýh¾å4s†z½~4ág>è¾ìuì©éãz~rþå’zCš§k4Á‡Ä9íÒ<>»Œ.¢^D�FÒýŒ¾ge¢¶†æ$‰’DeW²´Y,l¦J2Ro¤þeþ›ìÝÛìôÇ°y6_e†
+iW*¡¬Ü¨|#
á:‰$Éøº!•º_¤*ÏÕ6+—´ZàŠÔWÜ3S,¢X•)¥Y.õ®ºtY{"kø¢ðG–±Þ­-ì³U:1ô‰þ’†¯u©Ó몣ÓFÆ•Î쇙¼s®¶Náø郴×wÓÙS‰pŸTúôíöæô-#�ƒDu~ìVÑVì\ÞYÂ8¦;Îz»JR“ÒT*K‚*„Ö
y²Ï2�û†6"Ï’p:¢i)ù‚öNtõÙµ–ë|$S¥_±µV¸N¸žÛÖ%h¶�ƈ¥«ˆV1¾|tÅP.Lçì¹2ˆáI­w¬ï`«+ʵ}ÊŽ�Gïˆ�“ü…‹š-+íã¦F*b‹ÂBÜ¡>Z
+Ã|™‰b!h›å9žÁ7®´2n—JÐB-+ÓD´þåþ0ç‘y.jY(+ëJ§"Ë™B>KšÃÚ§åùm©:ÿrºDž¹Ï>”¿n$àኺ'}+@2Br°×!·œç*~!U¡")|áF,µh¡²*Ì,ôRáº7;XX+‹µeôQ‡¬–¦Ê-÷<jbÓ°lÚÕ}„D¸þ=ªiËx¢ÀJ-T“ßå(.#¼„Nè±Ì^IıªJ_t¦
;fÆÁtxÔÊ7¬°³àà�¬®µÜ £î’™²Ø‘'+ÈTKYœg8æ³9ÂŽSZô+`?¢{ñ"ßT¬F±iº¸çh¢
+Îqþ[-t:u(‚ûMüDð�Â;"9}YjU­Yþœ8!nà/9ñ{çVÍ׺¡>ч·Õ2Éu¯Ñ8ýp
+Í\Võ=mY:õd�ß1Np
+|hæ��‹eÆj &ƒÑ±kqI”‚I‘€
¾‰#ž{ _¢ ®ÛTl°èaÞn‡;ÔQ'ðÂÂå˜FŒ2tβ×/?k¨”ó	�ŸŒ³ãæÄm1+¢9÷C¶fAã]„PsOãF$öŒN­ÂÓ÷l¿§2¬öÅÌ
u4@)–È,l…ˆ

:·Ù©-(�ós�‰ÃZÐG“õBÐ÷GcjÁ=ßGý _íGBspD_³²z%³3Ð*’¯˜
+¶^.‚ù3¢à(’PGÆñÓÃÕýgê<ÓíôþêîÁ}õ›!aíIÎÞ‰§ÓŸD½ËŽÿµÞ1==ƒ¬jÁŠe&[2y+ûeì	^—b…â/$�šƒ´C¡€Œ]˜gõ&w{xTßöJÚrøóºêÝ‚J†L¯xÍ0ÒZæ¤k []ÌJb„{Öûš`A®·Çš#çÒÆ群þL½až4AïÚxÕœ´h,�û~¼»u­VÃÀkcê9>´&úó+†�¡9qu�u¸…Ôûï&“[ŠWbÍ£×�ÆýߧßçS¨”'æe7´ÃaónœAD7aÚO�Ÿ\¸ÃzuDÞÔY`àò˜Çn^` c~†þâ|Þh²†'°qÃÙØ]~h|ÑÖŸ-—eFy-è
+¤Ð�s¦�}#7èöF;­7·£ª,âmÁö|œß�·» '”6qžg÷×ä§ýqgJ1	”ë�ð6àUÈIÁìêþúŠ¾iå¾[»ä3¢SxñûÂϼ1
ÇÃh<šàFƶýy~òÇÉ?›>ƒYendstream
+endobj
+1535 0 obj<</Type/Page/Parent 1372 0 R/Contents 1536 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1536 0 obj<</Filter/FlateDecode/Length 1199      >>stream
+x
�VÛnÛF|÷WØ}H��”HE—´)àÄNûKnÌ (â¢X‘+“	¹«p—’õ÷�½P–d+icö`rÏeÎÌœýzÒ§¾û4Š)RVŸôÂ
&I8¦Áx„Ï1~Nû Œž~'ƒ0~êÄhòøÀëô$z; ~ŸÒ’Ç#JsBâ^�ÒìYZ”Šj®™S)V²ZqE,ÏK]JArAº@=²ªäºw´d
ÃÛ¼Q¤¥}¦êy˜I± EYñ—?§Ÿ‘®G—-ˆáùž��ѲâLq´·àMwø†ÕsF×oè�ÙÇtFYÁ–N3¿KA&^�‚~�¹0Úœ¡ žÙ²¡Z´œkVVêàħ»JÎYõ÷Á¿Éq‘5›¥F_J­e“+zEñà ÝÛŠgmSê
^joŽÄÌeÍPz%ï¤øv¼_ˆ	šÝPÅW¼2`'	uí Ë†g²®¹Èy~$•Tþì+õïÄýph°ú4½LßÍ~ŸM�õ¾dº@'‘’5_¬áQ)"3ÅHm”æõ‘œ
g9IQ6ª]‚±Í'†hæcgæIÚè/Äèƒ(ïÉ¥"–e²šç˜
Þ™sÊ�IóÜFà,+,æω)Zóª2Mló¤«4�,ÐùÕ
},E.׊¦i¦×x«<¤t�ÎJ7m¦[°ÇÂýµ-ž‡&\ôv²ÕL�‹'á‹0	û!}Àô-I:w¯�ÛJ·=é‚i°¡e#WeÎÑz
È)G²LËfCª�m•ïô|Xç»R´[¬)˜È·$õ]c€¤7Ë2c–JF·H˜ñÜ´g�²xƒtoßêc½vŒ?³­À(PÍA�9S9E¦‡èÔè ÌO)¨©ûÜMÃkö!”Yþ½÷ˆ.…Qÿµ—äKúu¹þÍíÈýþããìÇCŒÛ°È
;i�Ntå˜D玱ÇY¦ÁîÌTîˆåT³.¸ g| ðË
•yÛ€—êÆØ[ÒûG^À+ç•i‡´gÀ®
þÀd¬BÁf´9_E¢…ÆN½nþpýÓÛÛŸºŒÇfüŸ3{£3ÚËfRÙ±`a™Í$v“LÂaHo¤ÈªVaE=�ÿÈùŸƒØkμ¨ø}9¯8Öƒ1Ãdä’7°à†0leøW§â
™¬’‚h¾)šJRKž•PsS4¶…9JˆÎ¸†èοö¼@…´´Ó�Ï¥P MgéÖ-×Ö0í>±u”WÏmFÍÞ^¬¿¡+c6 •ó\_µ‹hÒf™ú|hª¨ç2Ì[�Í‹›¯Ùn£Y¿÷·�=¸뢄;†JóAëÀá ¹�C¦¥™ÙÞ‘+Г5óŽàÞÓ§“6:¼�‡#{xðZû<x»KÁ¹8�hÞGܤ¶ëÚK«æõ²rÄÚO†»Ð72uˆ!«àMů±4VºÓÙ4¥.÷…»€¨�šÿKÚ±G ŸŒÃñ$¡aßož›ó«×çtÝÈÏXt!³÷‡¡kˆëã8¡`ÔÃÕ«3/£“Eyg€Sƒ1ôÐb>BcSØ”›�	3
ÂÑp±!Äh`þu™žüyò/b¥$˜endstream
+endobj
+1537 0 obj<</Type/Page/Parent 1372 0 R/Contents 1538 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1538 0 obj<</Filter/FlateDecode/Length 1699      >>stream
+x
•WMoÛ8½çWrr
ǵ7Îî-
’ÝEÚmÜv¹Ðq+‘*)Çë¿o†”-ËN�E�À±¨ù|óæñçÙ„Æø™Ð|J—W”UgãјÞ�¯GSš]ÏñyŠ_¯i%.gãÑUÿÁûÅÙÛûßh:¦Å
+¶®æ×´È	vÆø&ܪn´§ÉxD_>üMŸµ¯LÆYzoš@ÊæôÝØÜm=,Þ,þ9ÓÅt#ƒ›,Ó!Э³�w%}4¡	|€ýMæÑßÅåÁâ0LFôÍè�±Ïb5+”}æÄo½óhøë¦Ð�ã‘ø:[{Ól)7ªtÏÉߌ&“äo:G
àïAoÈX1ò¨ª¥âRÁ„×¥VA“	òH-MÉÖVÎw²¤¬4Ú"ùÆ!Í'�'«ó¢iAÐMƒ8%Ôdr��ÑÒý˯¿ aɶr¹YmÅéÚæÚ—ÛS©�Ú_Åt\ÃîUƒ?¹
3åõj]’uxæ(sUí:'Ñîƒt+q)%.\h(üÚZÁÙ¡S–É}›‹[ê-¼–¥Y™RÓ¾O°Pj.#¢SÉ®Ê+c�¯T4S‘4’TÒM€b:¢?ÝfW*ñ±+1@ØZŽè:Ñí{äŽ,€ša$bÿ†Ä8*õþÍ~ÐÆ4…äáÍsÑP帵ËuÓÀ;²€
gˆÀsãu†¶¡6¼`�÷J”{E	,`Šðêׇ[ªUSŒè{¡#þ*m×T»:\¬ë!dž`ਊù\%ôè³w¨oct×�àA;]Qê-›oqÓ6nÁhYz†'­kÉÚ:_©2¦¨$?iŽ®C.F¬Rwbx`ƒ
+…LY ºQKÀÂÅ)íU¤q5UÊÿˆ¥z{¿Oï1
ïa#ºÝ×q‹qÐÎÖ­ͨöøÛ†G…Û³GÏøÑÑ›unxnûçxúf?m¬ö¡0uïðq¹�ZùŠ›p’W¦‚¸v€^í=T�TÕ³¦�ÕϵÀÕ@°‰oQùB—9-#ŸD´c„8Ê©ºÖÊ“‰WøߎÔJ7Ýi2zU‹‡Ma²‚�`|•ó„‚0ªôàEy’÷çB¥2K' 4ªŠìE.†žÃÈ̘ä/#L'v•<ìÅjm³«Jõ‰Kf½\¡Ž8;x¯1•ãE/Ζ[¦xfÒˆ­á~.ßíæò&¦÷ö¾¥žÁA¹!XK)Â\ª•àAÌh¯)Üøv´äU¢í/Éñr¿1#5�Æ#oä´öd’"­ŸJä|‡èó¤Û„ö¤±Ã‚¬2]–lVf²pä66Vðôg¥¥Ü!°'‡ØËÙªJÇIFÒ‰µ°q+ú=ÑšóH‹ïüñîË·»/OOÛ§ÁGæ¶óô¦yç%0.ÄP´9m›
õ³e °¾ÐÍûŸÅrY$?´éEûa߇óŠ-‰TRí.]ùvSôgsW?îk\À½¸r~Åe®CæMuIÃtO&
+¡4ø3g˜êÙè\a‹åI±Õ_üqw‹R¬SK7…Z…°q>§\�š¡žžÞPv⾶‹йéË£�
òA›DKœç–OÛU+�ŽóbíÕÆBqdØëºv¾9Q¨ž±ø
+ZÔá`¥Êã¸P¤¸¦÷¶Ãj(Ч–+ÀHûî·ÉvÊw~Àl�Õ=€úÙaLb`­‘
-ÔMŸNO÷1×D†áQDŽ"££ê“ÙãuÛŒKN8„³>èrEOщ!ŒÔ®“ƒ¬¥Ü„ºT ²v0
°À,Ä�à*	
Ç
mÖaÀ™Ã³LÙ")2V„L–K)@ǯ ’a…Ú*`°&ŒÈ¬ÂãîÂÀ6rmw
+´ê~UÄ9í°ÇXÄ@Ç­zQ¦TK}¼b¸±7{Õâ�;‚'>¢ÈpV.©šl”²ÚùÆÄFÄaUG�ΗžÝRìµYÛ8N5­–8Ê©¶XËýÚŠ{i —›$oä3éXZ'‰þáaTЙ 
¯øò'ú^Ì™ÄÓvÙ	dëlí}7zùeÎZHì¤+Òí!^Ñ"óòÔqåq.R`ÍA\ õ¥Ë p÷Ìbx´…v‚Lî¯#æ\«’ž�ç�µX'ÑóIlpEvA<à#ÞèŒé>H mK³Œßî9íßÝeðØ+hø
®¯�Toñôub'4ú.Þúþ祜^»ˆÏæ³Ñüê×~\ˆçïØßÝâ쯳ÿ(ë!Ýendstream
+endobj
+1539 0 obj<</Type/Page/Parent 1372 0 R/Contents 1540 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1540 0 obj<</Filter/FlateDecode/Length 1687      >>stream
+x
•XMsÛ6½ûWìè"eFV,Y•ì^:¶cwÜɇ«I¾@$d¢&	M«¿¾o
R")'i'ãŒd€ûñöíÛ¥ÿ>šÒ	þMi9£ÓEÙÑÉä„ËÅdFó³%>Ïðc$müÁ|>›,^;˜žŸOæýƒËÕÑÛ›9M§´ÚÀÉâlI«˜ààä„VÑè7id¶¥‹4UVç¤7äI÷"[ZI‘�I<•Šu
+÷Fgþ8*¯ïl\AV99y³úŽÎi
+ûìèøtŽ`Vñhz2™Oè‹’•Êi£`HŠ•‘‘ÓfK…4™²VéÜû`�gKd
++ÄäebZ—Î!Ne9�pÿ§:¹
îö¶]c£úÉ	]¥*zâP`6-­
¾Y*K¤ú‘Öúg‘Mt…Ú%�?d6=EaU+ryÌ7è��·’®ri,2ž§îÀ}¬l‘Š­Œ	 ²‰�6ýÜÍ
^g‹€çàþúó—ëÏ¥…“‡Ñ{�\r‘ɇ7½œ[}MPg
+6g
^ÁP§-}”îòöÓ½·Ü¤h
·ÏÒŒûÖ8œoØò‘rˆ�!�’ÿm•h~¨…*€ñÅõT
ýl/îNÎßpKU8õ,É:®0©XæNm¶ü™q®ñË
·HÓ-p/á+¡Ó¯×W€b£dwR(„µ•-cáÄZXÔÀ7BùÛÐQ…0Èß¡b½drG"JÉ–E¡�{%+9]?•ð�<ÚˆÔÖüoúeÄYÕò]æYX©4¥5@“s
Ú�+Ÿ}ðÖôO«ƒkTx«sÙcÔhÇó6÷\Àü঄ß+�;£ÓAn€¶…€l§bµÙ€³¹ó•1ž
Ö»o¤CI;&«évO¡ÞÈ“+[	T“!hùèUT ö�·Qƺ½„A·‚„M[6�Ð
Û¼ÛkL·Z\tW¯VÖ�¸ÌØQýí£Ñeñt
‰ÀȶՈ´1Ò:�™œ#E<Ó 2PVþ _dTâãw
+�ËDQ@OÖÛZ¤U	@c¤$™Ê°Štqõž*´�†f8¦a…ÿ8ªáË�ÖÊÙÆ–7
l{0v‡ÉâAç|þ!éÖY;ÌÆ4=¦z-RÌCõMv6äìÂ?£ƒÓTW!sæ
fšã~í8®¯@eCm|l­Xƒ03»(Z�Ñ1ÕáZKä¾ö¨ÕhûFU†»xõ‰TG€aç}?¾Gädª`xBÚ|o¼šs¯N�°[0J;†úˆ¼Û~¿^0òm¸º·EÐ&0�óÚ	žE:Ë�ªÈŠo¡lQÝéÃHÞ/áÁ­(ùã¡ézÔ4Ú…Ù¿�àô²Ê^~z^‚N–¶ô²ÏìS²hˆ ˜…‘õ²'ëüa÷¨vºˆ"ií�\Ö#`Ôbã9Ù‡÷²tTñº‘pãbü©04¼†% V®;!"nOsæ° Œ§¢25¡ý\óeäE+´ŠuAÛ÷ú…n±ô™s‰%‚íÒ ëmÀ'<@$†s6ÓÐf`€\³jÌ‹T‹¸/u\‰§¾v|âùdU Æº$
۞ĊS%
+ª�ȤÈý8Ï=Þø Œäñ‰dþ…Tƒ´u“é¥hñÜ,‡½;øtD‘iÏ‚�yUÁB”h  3‘.�ÅÒè†'I¸™jý„’ã‹ ¤ÑcjÂço½hZ,œÐÍê"–oVUþ)^”QŽD¡~}møú=à”ð“l6¡w»õûî‡ã¬¹‹yË�xÉB{ßðB„f·ÖÉŒqDæ•ÑëÁÔ¡+¿Agý¸åã¾8+ß`-¹åæd6ø»a·iÆÿøZ™nÆ
£éèý\o6jï;˜�9ìZ¤SŸ‡ð€³Ÿ¿öªß
+mÝ6•5¾“Eç®;ŽI¾ˆˆ7ÎÏòbÌ+‹ot^FÿÃò2Þm<"k´_Û�ªÎ®±ßW�û–Ðȸ�fm‹ŠMß!‹tÇÞÚ´í»AmX%Ð�˜S@ú•’ ­r¼Ÿ`׉{€�:²çßÈxyÞ5°òãÃñ¹7o••.±fÕvû™×ï1[OÅDð|h®£VíœXeQnlSFºÒxñA©B09¹ˆ=$X$ûz§\VÝvkšËw´Mx‰ ‰Æ®;ú¬^ÿ§üUàì”ÿFÀçýŇ˺3ú/¬ôNG%oxÂA*êãæúñòäœïÿÏWòùr>Y.ÎðR�g—6y½:úýè_ó?úendstream
+endobj
+1541 0 obj<</Type/Page/Parent 1372 0 R/Contents 1542 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 879 0 R>>endobj
+1542 0 obj<</Filter/FlateDecode/Length 1628      >>stream
+x
•WÁrÛ6½û+vt‰2cÓ’,KNoNÝ´™4v«Ó|�HPBL@šÖß÷-Šé:idX¼Ý}ûvñãlN3üÍi½ «ÅùÙ,šÑêæC´¤åÍ¿øI©{±¸^G7o¼€�h¾¾ýz¶\̱kɦrZ®¯xÿ“Ñ£7³Â“œ+œ‚¯÷âãæìòÓš¯i“Òju�›ÄYžÑ&žÎgÑuD_u¢Òƒ*v”ªL’6”(#ãJ›•ÒäÊZ¥û~óæ–4Ÿ{s‹u´‚¹é`¿(’·
�²$,Y•—8¿â½(v|nµ—ØbËLdÒ?“T^ŠLïh«_ÏÆŒ.æWÑ‚çÓâLÅÏÁŽGyPNéáË)î)mëªÒED¿éF¾HsÎ ŸLåª{‹§¢"Aµ•†
+)<Ѵź†Wêôœøh‘Y=@¤ŠJ{+�ªöÎ[a¹0	=Š|+z>R.ì3c¹(KvC§t÷ðH¢ªŒZÀ0
+ÁgÉàØJ<Ëñâq¬ë¢ŠÂ
+G
+„êsê�”ˆ\#ùÈ,ÚXð7ÎÈÖe©Må_¶éžrò¬¬ø|ÿwD˜¦ÀãÀtä˜òA|:°2/Ý>Þne\U�‹•e”
+•Àmn]ðDáÏëR:¹�ci-ÝÉBÉd2šã�ØÉ¡÷p,UÆÊÞqES¡+É~¹Tñø dlÞÓÇc†
TrUø
+òÀ6RÇŒ±L\ŸiT;jòiª*¿g§^@"çT�ÆÒÔ]€+#(ßÈœ—FÇ2©ÁÂX„À�L D%ìÉW„¹’ÃÐ<½�h³‡Ã¹-ú†™‚t‘øЦ\ª¬3�#BâŒGØ¿Ë�ÑuyÙh“�Ö+
`FeFYÔÀ| ìéÔ
+Æ™
3qÀ‘ÖW%ÎðzErö×ýçÀÙ`s/ì0é üI­¡ X{ž¦u‰
+`_ÎÉ9sÎÂçzzϤà`¿À•ÔèÜùßæ·'‰­Ÿ÷„žjAÖ+Þ[PÃ_ø5Êë×a–‚@1†Ò€ËÎÀ–Ÿ²ÌÀz–ÏI¡û!™ H¨‹ŠU‰Œþ#ÁTЋ’�[ÝwGìDÈÜÈ62�và*¤0Œ–è~3öiäRš‰ÓR"mQ“É“Ø"Ø-I²L7–�;µKN¶ñ³{þF·ÒE,ݾ½@‘µÊܧQN
tˆu^êéskÉÓK¢õ4d¯'frN“fâÊnò:¡­ªðt+ºýùwô8%�†µ¯'춎÷ˆË×äNfPhr‡ Ö-Å\[Î.¾B6À	µ+´ÁG²– �^„@s´º¡{3B¨rÅzØç
öŠ^Ça^CaXÃáe1¤Íón° ì´Òú‚Úõ%‘©¨34�@i×ÚÐ0„X0�e΢ÇGh<‡¼Z't
¿f¢4ÊÄ?ò*\ñ^2MÞ(¸ocF<ìž}‡à½|…ŽqT˜��u÷¨þÑ–S¤â8‘ŒKcTîäø’…ÿƒƒ$FÏÏN‚îTÉO''Z|¤²§‰‹ˆ8P�»½Úí3|¸#ÐíäNâFªvÕå§^óýætqß�ˆº1
”é,Â'à®,›JC0GáÙ`ˆÔÂCS ŸîU9:²Ë½}5�`~í%�Á�‰ËAT¾¸Z¢icf„¼뺑ΓCƒ‰.6’;%OsÁƒ7~Ø8\ÿ=Bßs_w\w3O79\óQ +@ªkEê2CP—•Ñr]tHYMÛú“�t;ê¡É·CáQ”úÀù
à 2ô´[¡“69íîceöVõpbç­µÁb79ö�=°˜‡
ÜÑ1„¯ÇÅ7š'‹ôäàRÔ1Ći#¶o[<†'%åGçÑx3 £¹l._)40Ý_�$ôxc�Âão7På>D.¹k–ëµn•¾ypÙ%=ÍÖ´ÍÀJ›±.zÓŽÝbúv]ÉóŠYä.\®…ðÝxXtåªéÝü�?žçŽã�e2Åê²ÅÇxŒ7á0_áf{s…{îÜßËo¿~¼¥?ŒþŽ®Ew:®s´w·â�톋õìC(´ÿw]®—Ñzuƒ{-˜º^³Ñ_6gžýߧà²endstream
+endobj
+1543 0 obj<</Type/Page/Parent 1372 0 R/Contents 1544 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 888 0 R>>endobj
+1544 0 obj<</Filter/FlateDecode/Length 1304      >>stream
+x
µWKoÛ8¾ûWÌ-.�*²lKî{H±Í¢‡.v7>öBSTÌVU’Šãýõ;CêA+^')°0`€"9�of¾þ˜- Æß²–)ðjG1~þþþ}–lVÑÒ?BËdeݪ„ûY¸ÆÝuzº»N¢%¬Ó,Jèîf=¬ÜÝ`]ÁjµÂ»þ,í†kÜͲ“]oÕj³ñV-2´Ñ¯œä`�zÓ%ê
vƒ5î~HOvÉÏdG´8K¢´[�Ø�ÛÙÍÝ
+Ø[ºÉ`›;´bØòy#t%�‘ª6Ñ»í·Yï“4Zá™ù'cDm%+Ëã5ü#´‚�´d
v/€ßÜ%�๼ÕÒ¡bæ»ßë•ÎÝ7ü;ÂN€Õ‚Y‘3ÀÀªðrIhk„iüý´—
µ²S‘h•: «h­^,1^h5ß³úA\«sPµð²™FÅ{eèУð·¦|.Hµ³R<5¥äÒ–G!
4L³JXg®;`•“mð+<²²äá ¸óÿ,L£LÖhõ(s1õNU
³r'KÂú íîYµc�D1Fí°ÎS2plçŒw×Ð2Y[­ò–‹<‚­òP`@\žaZ©\G:4àwó UÛÜ”.ó@—AÌQL!K
Ew:gX�[}ªý!žlçßþÝ#çƒr*¾Pº“ì�ÉÚ�Š.ʤï|vâ-.О>G•6,Œ!�†(Dp[cÊRÎÛ=³p l{›Ü®´¦Q˜jè˜;é|Vpµ¸ò¦œ¤
+¥¡3ÅŸ'‹ìŠ“ªDþ¤[ó O_®?f¯)ƒêIÎùèËúa0òPP{ªèòÀŽÆ
p¥ê«©‡ÿGUù÷µõ,¼!ϲ»«4௫-¤û[Kk‚,&ÍO•–/üZ
fŸÕ’[¢o�ú)7Q¹Åñ4Û7Ò7Q)YÐý‹ Ži�yÏ$PGØ®`}¡?ZôÁ×
+s,p¹Ò¹ÐSëïäRn•>v´q�HNÈyhXå8"Vøé’ÐÁìÌ…áZî¨ùìÔ£+ÅžKÄ�Eú£4Ç”žjà„)0Ú1²Ë™HD%v¤b*áÒ5ßÅÎB?è�X:Š»XÿmÏ+";�È™|Ì9ãÜ`0âº;bx
+Ö–˜�·¼ØPU$.룜&ñ—Á
¬¿çEë'v]<øƒGÄ.ÇFÔõœ·r×Ä–×	Ýža¦!…tß ¨�ñ¾srO(ÊuM†B^ÉZ"w1,aàø…ú¦ë*~œ1{äêF²4SV0–jÝ
oT­4² Ö�J)ª�~×BiPr-Ûx`Ð4‘±3U‹NÕ8U(gSÛ E8kÐa¼íÔšNiÑ¢!\Ñ(U…��òœè~–ÚMGHHu>‰Fw)Ü.äJ˜úÊú‘
Ï©›[ÉÛ’én.qM–°£F{Mò=”¤¿P4#DC™õÓ;)¾¹ÃGT÷*†Sí"t¨ø:_}çO�c<Mu=Sw˜˜FpYHN…B<¿øKý» xNŒÌ„ü¿º9° Ïª3ÜC'§z˜ŽAu¾ òÜ,­^øX^�½·Aø&·ÃAÛÅ·˜^÷#I×ùÞÙ~(ôM”>@ãÍlîYsûåã-ü©Õ7~S¼­ðqæzÁó¾?þ>‹?Ð3ƒë¾¸Á�RÀÅkmDb¬÷ÞZeø”M7øDÄÛÙ†„~ÚÎþšý®Äêendstream
+endobj
+1545 0 obj<</Type/Page/Parent 1372 0 R/Contents 1546 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1546 0 obj<</Filter/FlateDecode/Length 816       >>stream
+x
�•AoÛ8…ïþƒœ V$Ûµœc»ÝÅb›UÑr¡):b#‘^’Šáß7¤äÚN/]
lk8óæ›7Ô“‚rüTÎi±"ÙMò,§Õ|‘-i¹.ñyŽ§h,Öóluùà]5¹½ŸSQPµE®Õº¤ª&äÉsªä´ÖNÉ`Ý�:៯«“œfó
+Tõtk�TtbkÅ!·÷ËcÂcð^AHïUMÚø DMvK¡Q´Nt*(ç‘ÊËÞsLƒè,庣šXÜl±L…‹<+3ú`pHÈ ­¡½MÌæƒ0µp5}ÝFÐV·ŠDNoúűþ<¥éÄn§ÍÓkÉ%8¡¿”Qž¼íÔ(øý×_)i£ƒ§Ç©ïeCÂÓ•‹­™öpõx�Vƒ�²¾~üð�vÊuÚ{èõœ+©Ë¨j´È‹lΕ;%:`&…¡
š iͶÕ2à[Ø+e½cΤī@/Z$JöN‡¸ŠÖ>ÈüîÌEmΰ9ÄÀsz°@äçrbƒ£h/ø„öQ­oìžúá«Û¤pŒ¥"2R*ï	&ŠµìÞ(G:`”mKcŠs¢ày!–
tù¹\ð›
¼”ºÏè«A­ÐT;¨À@hL’E7¡�q
¯¦GÊ‹ò)!
+d-‹+^ÒùƹŽhx°Ì%V.›:—�0O*U;5
+$Ú@ÚyÕ¾ æ”_ïaa~x!ÍŸÿ†$¼ó�v{ÿfØÏ)]=üsÅ'íì”Pò‰M ä3f�GÆÇ]‚R±ØÞŒÖ2P[Ë.d§‰ÜpQC«Á
PÃ*â€OáŒÈÌbé°‰°L¢ëiŸØŸÜØäý¿bn¯±¥ú�×i-i\DÌPlqݶ#0ðS¼W‘îñ2ùc¾'XOl�;Ñ·5Ü€eóÔèˆîl–	#UûjžN OÞ2×çìÈïǯŒïqõDŽâht§À¯ð:Ù圮ke¢ßoï׃£ŠÞ;ë-Š7Ã%úößwo铳?ð"¡÷Vö�Âbñ­ÍýÍƳ2¿ã«ïÿÞíãíÄI—å2+Wk¼2�°¼ãŸþ®&Ÿ'?
¼‰B™endstream
+endobj
+1547 0 obj<</Type/Page/Parent 1372 0 R/Contents 1548 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1548 0 obj<</Filter/FlateDecode/Length 1450      >>stream
+x
•WÛnÜ6}÷Wà݉öbÇvô!I“§Háí›
—+qwÙP䆯7_ß3¤´ÒÊJë*€Sœ™3‡gf¨ogsšáßœ®tqEe}ö~y6ýô†3Z®ñæêú†–ÍŠÙ+åäÃVì‚t4ŸôÁšµÚD§Ì†¾¼ûLkë¨R>8µŠAV„Ÿ/–ŸÍèÕâN&¥4Á	­T#6Ø!bØbQ•"(kx3Çž_çد..‹"ÂÝŠz%H˜Šƒå½—ÀÑì]\W¼÷™X¯€Ð®éO£É|�µ§»‰Ü¼¥ÛhèÖjᔿ{ñ’„§½Ôš	=âyû­E­“cý®L||IÆî)¥ÕwÉ;›¼æà7±Ò’Þ�dDŸmµäàÀ|÷ŽKø
+–vÎ>¨J
\pc�úžxI8œô6ºr¹´àÔjòÒ=¨Rú‚¾8…s€NHñÛ*–L/3pN•,•ç%l‹PàX
â= Álœ™£�ð~o]5ȹA¬Œï&ù0 £t“©å4Y%›é§ö˜&``o£®ÈÉoQ¹Deæ!¡
ÀŸÅ쀩�8ðáÈ›—%´\·±Ü"ÙrkÁLX™«‘b"4(’÷lx*üÛœàë6AÒv£¹s{9Ü4ÊÀ“]@·u…²iå>‹&ËÅU‘j‰ë­�GŽµ,·Â(_gŠP…†‘eHºÆ!µdui­�åÝ’¢©¤ÓTñ€ÉÓꜞjR™µ¨uh+:	Ù
�ò„°©' ¸¥‚w(qëlÜlÉIk…É<
ÕRlšßµœö(¸›ôªú^HV*pëQ¦R(¤(tòߨD@]Ú¢±‰2?:Tè�ç%Z[­í>…׆䣨wÿ’H5ÓÇ‘š\ÓLEAË-8kým:"änw\®žVR&eôhˆ¦´u�–ÉYy>ÌÚÎ
í) �SB+S�|åWÏ�öÀ�™ªìM:µœœ”Ž¦á×Qc'Õ4Š�X&)'ŽÈ}ôž;wjçº¤G+É£€
a0„„š9„¯šlH»”»�$XÂÎÍžJ£—÷NÔ÷»}µ*|³§•È$Øôӌ޴ƒà2WÈùÏ�ä«y1ks™<Ê&ç ]&¹¶Zí$uNö¯”í/m[ºüÍ•A½§énU»ÄèS
ÊM
+œ\ƒè9æÆ&DO�ÏÓ¬h#QÛYObW8¦¸ûoÛ,<ÔQó0îZ(ýÔò9�›ó"]czÖÕë
m€^–6šÐ„K´yd/|Pµ	b7žtO.=®=Ä˃¯}ÆŽjÜòbèÛŽ‘¥ÑqNO
Ÿ§h<¶t(Y­Xã8Åà¿^k'ñ3ÀXïf0¸X¤‹7l”�ÝûtÀìur§E™šH�ï-Ü ,ß ‚ôÔ	ò¹ÿ5÷eJ+Ùɧ…øMWÊLQàSd7m'Ñ“Üê{È�{òÇÃâ[Vm›n^ÓªV¡Ý”úzïxÙÈ”»{Ög²ä‡‚?]ÃäêB�yéŸF²Áë£aÏ·ÝÔÈÈ‘Œº²m2rÖûµKŠ½n¢Ç¥/•4Ý{¶PÞG.‹–^k
+µYñ²“Ì5VlÑoIl–°äzû±—c/i-:Íg£„åëÖÖ˜Ï.EÃ’{ygá·¸†O5c‰¸¾wIŽx‘æ¡{Ïqu%úG”2ªm¨º]#^œ¨TlC'^êWÚш×ë3ó7âe¿•’eJ©³huØetŸï…Ø:â—q—¦\Ëî^8Ózm×–¦5nFꛧ\wsiïü�Æî8ÍùbÝT>¾Sø ð!ÏÖæbÏiõšctB¹aÐ~«pu†‡ä*›ßtiWù#í~EÒs¾/¯/‹ë«|³bÈߤ©ÿqyöÇÙ?­“Sendstream
+endobj
+1549 0 obj<</Type/Page/Parent 1372 0 R/Contents 1550 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 891 0 R>>endobj
+1550 0 obj<</Filter/FlateDecode/Length 1634      >>stream
 x
ÕXÛnÛF}×WPQ‹ºX¾$@¸)ÔAZ»o
Ú¹7!¹ÌîR²úõ=³KŠejŠm‚¶¸œ�Ë™9gôe4§þÎéjAç—£Y„_篢%-¯¯ðóÿŒ¤”àèþ¿_-/£9],q  ùÅ,:¿ät?zó0š¾]Â=¤°y}E‰{FñØUÂÚ­6	%‰•°’>Ž_>|«ì¿:žJOý¹$<i�ŽÏè©£6‰Þžttmt]
N~|I[å2r™¤B'u./™Ñd~-̸Åï¶X±o‘Õ;´ÍTœQm¥õ¶îE±]˜ái¬K'TNÜ©Øh«SGw·K’elv•“É>G|AïöLØLÚˆ2e;»øÙ:mðš*I"iŽ²T[3Íu,ò©e§¦•Qáä´‰e{”çg3àkŒ<û2iþÚUõoFÉóS"+Y&ª\“.»42¡Š*—…D*�±îtmè·R=NVeýH
nœ,9ôäëU ¤µ2z£$vµ£PÌ�4¼YD4|È‘SÑ;G±(i%)ÖE¥ò`ÁV2VéŽ#C�Br.ZÈÓdÂœô\'öÐ']q¬(“%™º,Ù’wë…
gÛêApKÕº6Í}�5U¹ˆÞÂíèAÁ�Å"ä³Éü¡Õ>ø‡¾…œ�‘•Ò×,ÑqÝ•XØGü„�•‹%~ß[Có‰22Æw¤Ó^¤DYgÔªæôD­Ï¯Âš,–˜jèÜï¾ÿps7™G3>À	šE×þs<C­BªH¡lWðœþÈõZ•/žÙ¨Øç²ob`RÔ&½?F~©@Ò~ÔC„J�È\ì†FâX×¥kßÁ8þ#˜D×fd?°3§{ÒgƒÉâ’ÓÍݘê<×[F/zŒÓû•ìÌBãT\çÂÐqc'2uŽvÓ~ðôm1Ð2ÑÁø®¶ÉêxvÿK¸ñãîps�ãi®VS+ãÚ(·ómÒÄ@e�L~nD�IÔÈÅóp:Ѷ·ÒšXëáêDkOƒ¼­í4!ÉE(r;ÐÐŽ
`ïit“�‚É"Œ%L`ß`RŒgÌÑB$x¤™´ý‰=§uü*78Ç±¢bò%móÑÈîx�‘Šýìˆè¾†õ·×¡•ó„DŽn)ø;Ù c?Ȧšµ‰2¡­?í²Úât
 Ÿ\ع٦�ä�Ç™(ט5µmˆfpÃÿèMœ'�ÉôßÂõq€„�˜Š~è”VÐKúêßk'_û9êÊPÄŸ
 ÌCtR!#ÊP’P*˜Á˜•W¬¸Q´‡Ì¡ X±h•^&öÔK�».Ão”“Ë ²×ÐÓÚ#¼”�®ÑÕ¬
 Û�ï=ŒèC.y02…lmÞ8Tè”
ú½ÔëñB³Y<!
 	¿sóka¼¨äëƒC/Ç¢+•ƒ9 Ù‘)&"ï¢òÒ‹T–etÉší­Ù�ß¹:m&ƒlô‘†zµ¢'H(.Í1µ)r™p¡ï}ûBÔ²éùVäù@·>
 ÃY#rJ!ež×ÁÏy#]¦âAi9\(ßÚ@¢ ÌZ(ãV±ó dfG j<”Z¡Ì")ç¼d£ˆZ ‰£m�b 
-¹Jy&3”ÎCØßæ÷ )…øÌ+—Á,Ÿè4µÐ¡š÷
LÚmT“ð»ßÂ(­
 a(“y•Öð£“ÃÍÈ|Es,´¼ÙNÎQ9gåO·­þÄؽ9`‚Pý>G]E{$¬«�ì'Ú*äÀH‘«?!”Œ.àr›K†.Š•*•žþ­Åæ,xÓ­�`°•í~LB‡g{�`쮌ãcƒgáŸ9W½žNý‰ÈÓd¤Ízê×kDµç2’èýU®lÆ�ã'T‹Õ|‡š•vÖÉú#À�¬Mø~àà{8^¼Z¢Å9¿»1®¸µ?Žåúuh\8%¶kOC¼è50¯¨ª¼!ñfÍæH{Ñc˜^½ß|S&6Lá­B…ûA‰dÜ!ëw@Ü^gŒsYl`ÚtÛÿMìݶkNÈïu³Î/ñ�Ìõ9¾P™…]æþæîÍ
}0ú¶"ºíïZüæ¤}ar5ÔŒO�éòj]]^ÝxázÎv~|ý2ú¬¶«endstream
+¹Jy&3”ÎCØßæ÷ )…øÌ+—Á,Ÿè4µÐ¡š÷
LÚmT“ð»ßÂ(­
 a(“y•Öð£“ÃÍÈ|Es,´¼ÙNÎQ9ŸCùÓm«?1vo˜ T¿ÏQWÑ^	ëj'ûÉ@†¶
+90RäêO%£¸Üæ’¡‹…b¥ÊF¥§k±9Þt+$l%G»“ÐáÙ^#»+ãøÆØàYøgÎU¯§S"ò4i³žúõQí¹Œ$z•+›qçø	Õb5ß¡f¥��u²þp k¾8øÁŽ¯–hqÎïnŒ+ní�c¹~N‰­ÀÚÓ/z
Ì+ª*oH¼Y³9Ò^ô¦Wï7ß”‰
Sx«Pá~…AP"ÙwÄú7�×ã\D˜6Ýö;C·íšò{Ý,‡óK|'s}Ž/Tfa—¹¿¹{sCŒþ„­ˆnû»¿9i_˜\Í°%ãS`º¼ZFW—×@7^¸ž³�F¿Œþ¨ã¶©endstream
 endobj
-1546 0 obj<</Type/Page/Parent 1367 0 R/Contents 1547 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 854 0 R>>endobj
-1547 0 obj<</Filter/FlateDecode/Length 742       >>stream
+1551 0 obj<</Type/Page/Parent 1372 0 R/Contents 1552 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 896 0 R>>endobj
+1552 0 obj<</Filter/FlateDecode/Length 742       >>stream
 x
•TMs›0¼ûW¼[�™š&@ÚéÁiÚžÒIkfrÉEa”
 É•D\ÿû®'Øé¥ã±Çâ}ì¾}+~Ï"
-ñ‰(‹i™RÙΠ¤4Kƒ˜’<Ãÿ_éö
¤¾üüü6‹Òe�P'Hi)Bz:ž$­gÓsKqx,'ÑéÑ4®§Ñ4
2ºJ’ Gçeg8ùÎÓ3¢Wð'ÑÉQt>‰NΈfÙIgŸ›äñÛáoŠÙåׄ¢ˆŠz¥yFEÕ«RQÎ×Ü<‹’Óã|u»~¼ ¡Èjª™!f¡^Õ•NhEº¦½¨81Ã)îöÚü"Ö¹†+'JÖç8ÃêZ”ÁEñÈkŠ€ä!ËT‹jÅÁ2 ûÕ}ÖªÛÎ…³Ý%µ¯t±_
j‹†c—™]�7)£’IÉ+Ò~ kÁÜ:#zî6 S­¥Ô{¡¶¾ImtK OZ-¤Pœ.wH1x(¬'
ÚÑjúný°*>ŽÑ8†z€´fí†Áp±oîçðÃqrš¸bÉû¡m·Ûiã µx@èpp¿™ùb±®Y€ü©óÇ‹÷=+ÌeXË7X…”Æ-ÏÈa¥ÝHÌ6º“£:�ÿT,KÝ)5+²ÜZ¿ã–)¶å-6J•0â=óQ¼Š×¬“Ž6¼aÏB›3P�Q;;Ìée,%‡…ÿˆS—h%=,*ÄViÈÄžŒ„Pû–O@ßµƒœ
sgȃðLîÙÁŽíl/¶'q†¿ø•—<ág®JsØ9Èj-ì\YúD‡ãÀ°¹…$~°· ÞÁ­®:ɱl¦¼ÎÇÝö�7£ÚòK¸p§àΘ´¼l˜¶ÅUâ|;RÛ¡´<½ó9ïn^ˆ™cgý]ƒU�f¼öôÁW_~½:zëß÷ó*=dæcf”âÅ™/)ŽúK·^ÝݬèÞè'¸�nuÙywô—Ö×-Žé‹,¼þ�ždI�¥9^
¸]yì[})f?f
Pœ¹ýendstream
+ñ‰(‹i™RÙΠ¤4Kƒ˜’<Ãÿ_éö
¤¾üüü6‹Òe�P'Hi)Bz:ž$­gÓsKqx,'ÑéÑ4®§Ñ4
2ºJ’ Gçeg8ùÎÓ3¢Wð'ÑÉQt>‰NΈfÙIgŸ›äñÛáoŠÙåׄ¢ˆŠz¥yFEÕ«RQÎ×Ü<‹’Óã|u»~¼ ¡Èjª™!f¡^Õ•NhEº¦½¨81Ã)îöÚü"Ö¹†+'JÖç8ÃêZ”ÁEñÈkŠ€ä!ËT‹jEÁ2 ûÕ}ÖªÛÎ…³Ý%µ¯t±_
j‹†c—™]�7)£’IÉ+Ò~ kÁÜ:#zî6 S­¥Ô{¡¶¾ImtK OZ-¤Pœ.wH1x(¬'
ÚÑjúný°*>ŽÑ8†z€´fí†Áp±oîçðÃqrš¸bÉû¡m·Ûiã µx@èpp¿™ùb±®Y€ü©óÇ‹÷=+ÌeXË7X…”Æ-ÏÈa¥ÝHÌ6º“£:�ÿT,KÝ)5+²ÜZ¿ã–)¶å-6J•0â=óQ¼Š×¬“Ž6¼aÏB›3P�Q;;Ìée,%‡…ÿˆS—h%=,*ÄViÈÄžŒ„Pû–O@ßµƒœ
sgȃðLîÙÁŽíl/¶'q†¿ø•—<ág®JsØ9Èj-ì\YúD‡ãÀ°¹…$~°· ÞÁ­®:ɱl¦¼ÎÇÝö�7£ÚòK¸p§àΘ´¼l˜¶ÅUâ|;RÛ¡´<½ó9ïn^ˆ™cgý]ƒU�f¼öôÁW_~½:zëß÷ó*=dæcf”âÅ™/)ŽúK·^ÝݬèÞè'¸�nuÙywô—Ö×-Žé‹,¼þ�ždI�¥9^
¸]yì[})f?f
L?¹ûendstream
 endobj
-1548 0 obj<</Type/Page/Parent 1367 0 R/Contents 1549 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 861 0 R>>endobj
-1549 0 obj<</Filter/FlateDecode/Length 1403      >>stream
-x
­V]oÛ6}÷¯¸@æ¶bù;: içµE±ÅC1Ì{ $Úf+‘žHÙõ¿ß¹¤$;j‚!À 
ÅËû}νÿôbá7¦Å˜&sJ‹Þ(áKûç÷_ùÍfq4§‚¦“hZrzè]Šã8š]]Ž“(¦ébŒ'MFóöÄO¯Ï¸�΢E-n—Ñ’¦³ÛhÌo§Kè'{uÆí2~t{¿îݬni<¢õ±ÍKZg>$|IûïöâàdIñ$¢Æ:¥w$è“JKcÍÖÑ{e]©’ÊÉŒV*—¯×_{#Ž§ÐÒ8['r¥”d4=ˆ",ÀãE08œLá5„a!Žè£†¾*uÊhD§HU-:^ ­]ï冩6¶é›’Þoíæ5JsT™´p¸�B[2[²ò JáÃpÐ’›�JENG%O|½E�×eª”©3¥’ÞĽ£n/UV–Ú$mKƒ¡K¤®‚ªÃþl½Îܤ0„8X1¬¤RZS•)L üFKw2å7ÄíHä¹9YÚÂÿ½ÚíeYç²±+ŽBå"Q¹rç
ÙÂh(ÉÂI±“$¿#ì
•È(¹Ð)×Kº4¢Ô¦”¤4,Þ3‰©PíÀµ-”9Ó1z©tfÒª�Úù—Q-6ž£™|E”¥F‚]É…Bà{s‚Jü³�í´½ è­¾S!Ò½Ò’6}Cqp2ÍLAÜPR"+å¬,‚é¸ç[êgI-’\Òçûa",zóýêÁgÖ?PjôVí*N‡£“r{_
V~³×
×ùfXØlÛéÅ>™—6¢Ï:•”T*wDØvøU» QŽÈl*4%
g蟊ú"9£�\Û‘»Ü r”“£g©ãRHå“q_’±ªBo…§ +Ÿ¾-’ˆÃŸ¯PÕô÷~DšŠ€µÓ±§vÏõ"®_‰®•ð·¹<Êç]öÞú‡�M÷©u9¢»V;]¥¯Áá¹eŸëås¥¿Ù&^nkñs‘˜\¥n=\FiÇÝTcÆ×ÄTÈï¢8äõ똶׊êJ´éüZiÏRß}|ojÆ›�ÏIÜ�µ.JHØ%(�R‹FgJC~µMO7Åù²—š:ø{𑉼5J|¬ûL\ÅRÃÀRÁ&òh¸
+1553 0 obj<</Type/Page/Parent 1372 0 R/Contents 1554 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 903 0 R>>endobj
+1554 0 obj<</Filter/FlateDecode/Length 1403      >>stream
+x
­V]oÛ6}÷¯¸@æ¶bù;: içµE±ÅC1Ì{ $Úf+‘žHÙõ¿ß¹¤$;j‚!À 
ÅËû}νÿôbá7¦Å˜&sJ‹Þ(áKûç÷_ùÍfq4§‚¦“hZrzè]Šã8š]]Ž“(¦ébŒ'MFóöÄO¯Ï¸�΢E-n—Ñ’¦³ÛhÌo§Kè'{uÆí2~t{¿îݬni<¢õ±ÍKZg>$|IûïöâàdIñ8¢Æ:¥w$è“JKcÍÖÑ{e]©’ÊÉŒV*—¯×_{#Ž§ÐÒ8['r¥”d4=ˆ",ÀãE08œLá5„a!Žè£†¾*uÊhD§HU-:^ ­]ï冩6¶é›’Þoíæ5JsT™´p¸�B[2[²ò JáÃpÐ’›�JENG%O|½E�×eª”©3¥’ÞÄO‚£n/UV–Ú$mKƒ¡K¤®‚ªÃþl½Îܤ0„8X1¬¤RZS•)L üFKw2å7ÄíHä¹9YÚÂÿ½ÚíeYç²±+ŽBå"Q¹rç
ÙÂh(ÉÂI±“$¿#ì
•È(¹Ð)×Kº4¢Ô¦”¤4,Þ3‰©PíÀµ-”9Ó1z©tfÒª�Úù—Q-6ž£™|E”¥F‚]É…Bà{s‚Jü³�í´½ è­¾S!Ò½Ò’6}Cqp2ÍLAÜPR"+å¬,‚é¸ç[êgI-’\Òçûa",zóýêÁgÖ?PjôVí*N‡£“r{_
V~³×
×ùfXØlÛéÅ>™—6¢Ï:•”T*wDØvøU» QŽÈl*4%
g蟊ú"9£�\Û‘»Ü r”“£g©ãRHå“q_’±ªBo…§ +Ÿ¾-’ˆÃŸ¯PÕô÷~DšŠ€µÓ±§vÏõ"®_‰®•ð·¹<Êç]öÞú‡�M÷©u9¢»V;]¥¯Áá¹eŸëås¥¿Ù&^nkñs‘˜\¥n=\FiÇÝTcÆ×ÄTÈï¢8äõ똶׊êJ´éüZiÏRß}|ojÆ›�ÏIÜ�µ.JHØ%(�R‹FgJC~µMO7Åù²—š:ø{𑉼5J|¬ûL\ÅRÃÀRÁ&òh¸
 @ôŽª.é¥@Ñ€6øéºyÝøÚ�
ÇÁœïYÎC‚˜äÎÀrOÄQ
 ½cªòdúE錙ðvÆnŽG£Q×ÂYÊŸ˜§A5¾x�ÚŠªCÝ«ÍÜ©q	˜1½®›Õˆn›©2
öŠÖœ‘&~¼i:b„ù
-šû+ óïÎgªÀæ‰2–4€HoéáîÓýÝ3¢ž2¢çvÊŒyu`SÙÖ>gç @Xoé<kJwI†å3–.ð»Ø¹Y]á2Á}´ÑÑÚÂ3��	ôCŒ`µAXVÝáÆŽqÂ/s¼žìõ«p×·l63ì!È@š=áEÑ0È›¶ûm˜E:ÐW'ÂÇî½Tka2ZÌfÿ§«¹¦¡¥G´rç‘ÇT|ç“^¯QMN_æô#ý÷­úAÉ»öƒ7—„5MÓ5Ç3ÃîM•gMƒ0·dY(ËIب�ìL{…öñûÐUg�ýbyáA?gl•ò`ƺet~f®C3¤²zã	›–ck€	–c’ßy2µ={²HðS
'·†´��7®ç]ìu!ÌkÐUÇ.–4Y2Fàl=¹*TXŠ@F؆6qÄöÁû.‰£QàÛòì#ûqnø=–�"Q³>Cx´¸+ß·¾Ôlµ¼€g2ap¼t/oÖã†ÛMeº˜F‹ù2@n9á`Y÷~ëý�fô3endstream
-endobj
-1550 0 obj<</Type/Page/Parent 1367 0 R/Contents 1551 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1551 0 obj<</Filter/FlateDecode/Length 684       >>stream
-x
u”AsÚ0…ïüŠ½•ÌÄ6;Ǥ)·vÚ	™^¸i‰•`É•d<þ÷}²MÚÒ†�¥Ý}ûí[~Î2Zà›Q‘ÓrM²ž-Ò­óeº¢UYà9ÇÏ1†ƒ�Yžæ—÷ÛÙÍfEYFÛr­Ë‚¶Š�g± ­œo´ÇcOžµ
…ŠÉ÷õÞµ¤£6¯ž‚¥ÆjâC<6:ë^ÉW±§Þ¶Ô	®IE>èQÔ{‘^m_fJò5ÔnÕüɳód
=|":“<j6Á“†Œíhïlçy¨‚KsˆU‡”PéNìHÚáãc™ÝN|JwR²÷Ú<�ª§ÚÙ@P;v"ȺápO»yWiY‘hHçIiÇ2X§ÑÑÔç(nwEA¼âm;Èï�×t	œmœ
ÜF £à
´�ÉÍæ–2 ‰ãH–ÙHJ3|é«
ìcðï¡aòI§6ÿ¡�¡7n†YE%{†	ö¡Šô�5ŽOÚ¶BkÛšøÞX“€Ô¨’´§Z(ÆÕøÎ!4Ò9iÉÂ�ÛàE�€¾}FQXÂYÕʘÄp7%Ž&¨
Œ4ƒ¹�ÓO�ËɈI‘–�dzË×ýÝôpþæ�O­spJä^±ã5a¾à´zKÔ~误ã´ÉˆSó•m�Š`ñéh;vRx~W
öAÍÿ+å¬uNžeëtè©i]c=ûë±×ÉD=	È‚a¬È`Ä{žξž”Uâ�w˜+Ýĺ@îÖp¶5èKêã¢[k@C±×ÏæS“?ã&ÕVéÃ@êr•õ¸Kg³÷ïb87ú‰ršZ¶,ÓòvIY‘§e¤õx÷åþŽ¾9û‚í¡+Ûcq&±�$[ãOª\RR,nãý\¾*Vi±.±	8-W1èóvö}öy?Šñendstream
-endobj
-1552 0 obj<</Type/Page/Parent 1367 0 R/Contents 1553 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 868 0 R>>endobj
-1553 0 obj<</Filter/FlateDecode/Length 1648      >>stream
-x
•WÛrÚH}÷Wôƒ«W™
a›KÞ'Þõ®í8�T–<Ò`&‘4D#Á:_¿§çBd‚÷RI¨ ÍôåôéÓÍ·£„úø“Ðh@gCJ‹£¾èãÉîãïG£DŒè¢?C*hЋ³ð-§éQr>Äóóñ™ðÛáD$á¿…LÆâœßáÌ$|Û½�ÝíŸÃ¿JÑÒ]Júgèً׳£Þ5Lôi¶DÐÃјf™‹OÒÎÕJ®kUQr.è¡Òe­ËGš6뵩ê“Ùw7ù»Ý³s<Ë:8œº)ëÊdMZkSú£ç”$áè`„qôµzÔeÉF·º^Q½RˆÙG�+iÕ)Me±�d½KëN”²ÖEŸt™™­¥û­ch…JW²Ô¶°¤‹u®
-UÖ*c÷}ê&(œn´¤»i÷ÃÃÍ;Z(á¬NÞ½»�N©”…Êh­×j~ÂI«�6�¥�ª,2±d–!&SæO10ܸ•å�,w¡ìùLež[†¨™!]™eš!’9-›Ò¡%s]?Á�Ùè†O>kµ¥c€ƒt™æM¦ì+6®u£åP"ZšŠR™™1Ê(Ô3«€`EK�+`jvXN.z“qï~ÖôAÙ4×ÀÏR³6%eª�eæRè]§¡”Ý‘3Ý‘Ì|0ÇÑ»Ž…v/w°\Ç(áó@/jÂÕoõ2Ë<çè'ý]VÊuùði~BÈŠßÎg`r²ÊQ²Uèy§RKÜF‚«º^¿êõ@
-¦ŠÖ4UªÏ£¥ªQjúóÄ"c^ÌíÞY h`™óÉð;€3銤¥i-«ú�I8$U�ÒÛ²)~7;ïÌONIÕ©9O•âtybLwÓ7÷¨mÚ0ÇÑ(‘¬cž…ÍJQè´2Ö,k‘š¢ç¸PÈ�.‘wá¯àV€ýlðw/næ'‡à‰Ù¿Ï¸Ñ¦#Úõ2M•µteX"rºÕ$Cm¯n¹¶¡‡P7³ø¢ÒÚrýß(Ç1ôPlîW
XÿÖ¨FH­×MîѨW•i½5Vq¯£¥]u¸A3YËTÉ:,í¬ûI\¾˜EàC±Ç
-€­;‹dBÝÜl¥P°ȲPª$k
-.Ѥ¦\6¬I$¦©i»Bý!3(¨¶T(	±BÇâ¹B‰�fE¥©Iã/^`.|ktå’ÓÙcWÉ…Óˆ»¶5<Pötpe,L–°Ÿù^‹`ïh¿¬L±ëì *‚.9
-‰Ûs� wºŸ€ÍQs5�>cDð(Ë'ÚJÈ£AQ�ãT(ŠW6AÀï‰$ lj�ëïÍ‚¬¡Ü^V÷|ÇàÂãHp˜
Fyn¶ÜÅwSúã5¬Ö:Íi�€
¸âʳRùšô’žLã<g
-z\”·¶¼:ñî]ƒ¤vè7³EJ{‘µÔÐúayoè£â´ª’nrpÚ.ØÆ9†2Æ„‚†Jí)ExÚûºè…$mï}2žô’^ÿB\N¼Ù	µ'¿h˜üÁ}½Ô�MåzÊŸ½É
0Ýû	☈>Òð§cÉñgÚXAþ‹ªŽ??�¼Ë¢>ýá_ù‡™\)H‘ç&z°ƒb+&€ë?07ÐüÁåW4˜c*xÆî[ƒ$tÃ1fLµÑ©¢´R‹“(â=ùk7/Ñqܱ‡Ø¼"íÓñ5ÛÄr±çRæ`¶EëcÓÙ™úÀv¥1DÂŽ`ÑÌ2뺅DzmåyZ¢-¤µ[4æ¡þd‡Ø°ÅxÂn׆Ÿ¶ÐS!àS78¢í¶­0‰¸W€ë-¢—`æ=ÒWÁw	¿ç87i‹9q—hUíŽ~ƒ"Zð/2Ä5Å{»V©^úÅ)ÚãEiŸï>ÀǤÚÕ2l Ñ�[	Ú]B‰XIÿW>>Ù˜F'Ö,.^£V¦–låøöàpýI€…”q®|ÇëVØaИèÆ%º,tÛÙ@Œ}·¹År~Åüe‡±ýžGÉJ�­>ëÜ�uö×¼¼Ëyé=uúW4
K]ᓧ‹³™×ÎmyüÙ%Ъô®\þ®t(­/3þƒžÎ`“ûšç~$ü‚�Ÿ¥“=.î2Žƒ¯Oü‹?[$P›wÈÇ<	9�ÐÖBË»cX«Ãã
wæo錽FÚí˜ã@|Fy,úèû¡u>:£áدÚãŽôíìèýÑß™	‰ºendstream
-endobj
-1554 0 obj<</Type/Page/Parent 1367 0 R/Contents 1555 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 879 0 R>>endobj
-1555 0 obj<</Filter/FlateDecode/Length 1851      >>stream
-x
�WoÛ6ý?Ÿâ6ˆÔŠ,Û²½`ÀÒ4ݬ™{؆eh‰±ÔJ¢JJu
ìÃïIÙjês‹ØuÇûñîÝñýÙˆBüÑ,¢qLIy!žþÜÿt6ZšŒã`B%M£Ã¢ ÕYoYÒ|úÉÞhAd�ƒ‚£xÄ~Å’ý5va0îïöÖ%E£q0ïíÎYÕxã!DGS|»•UÜ[cw£þnoÍ»×“í­±;�ç°æI´€‘Ñ<†›%Màûܯìno�ÝxÌz»Q„ƒ¢ÙyzÝÂJ—ð”å싼×[–4›! Ç½ÞƆ=n¾XŸ]¼š :´~D†ãùŒÖ©MlHëdð§jÉdª-R*Uš?î©É$©?H}nÈ”› QÕ#=æ…¤F‘HSûƶPQP-´(e#µ!QaGQ¢¥hð*´<ª¢P»¼ÚZégë·g!
‘ÂL&´¤‡�z¤DµÚÈçdT)	k–=(¦¢h¥Án›d$�×¢ÉΉ¥…Þä�zo÷nl$iY"‘)íò&{r®¨k­j�³‘N5ìÔ´‡
dòF><ûž%.^…´p!F„&ÿåœþ»Ó"ïxLø\R)Ë
‡ÁÛ_5"-óŠ¶Zµua˜&6…<)ïc›ê‘wÑ4²!XZ!¼øVµÔM.ÍIi­TC¹¡¼¬‹<É›!A¤¼°5åü„à'/Ðô£7Û¿�€Ovܾ÷Ý)Ç9¼h�¾(T"Š#Ê�¸ðšOY»E:Rï ¶?éÎF«�‘©/¾�¥¤*¸ù%%—Èf•06ü`,çÛV€ÒAËsÆ\E;I•”é‰@]r8wø "7Íy@t�Éä�Ã9׆ٛF–„$•¹1¹ªWC)Þ�N·�
Î6‘ÿUC‰¨`^½·Åb…m%r™à´[.‹üT8/9ï€
-`Æ¢JUC¯Øû–7
-EaÉ�pã´£ßÿ€Î1HA‡›ç|0kíSÎ0² Z£ªÝVäÙhpÔñ©Ì€]j
’Ä1‰€wPM0Y‹B…ü ~E“wÓF,ØsZñXDEJ§x
šÚ:EÕwN{bbCÕV6“'
­¤#°ŽýÓ‡gÈeZÚ2¯i�%ò—WøYÂ"ˆã®ŽñìLàOŒ¸s¢š8Z¾os-K‰ÄC‡sÚÅ…>/‘c@”ÊZV)"TãÐÁ9�Ç­³B¦
£†cd@„EA Ÿm¡ØÐ>‰„
|ìéc²âzÆ1¦ñH²…ƒÔöVZ/^up“G4ŒfÁ|lÙþªm2Å
åN¹ýáža<íböZÙ›& ¶GF�só÷¼JAt·ö®q#øÄ-öSà<Ä6O�ð”6®«YOØéa¿ÙV‡FÔõA©*pãÝ÷B×Þ�9.eàQ0ƒìq ÈÍ$g|Ž{iÕ<	òµª�¾Dö¡Y¨-‡[Yö\D2�*Д|ì0:l{Êb¤£ôë¡™>9g	Ú)ýÎõ#Y}ȵª,üv™D
!zÛ‚—w€â{ÿ´\n{©jñ‚ÒzÏ^ kÿä´CIòL`dÒ‚8÷Þƒ<�gªïY@KΑqt½
úÀþ`Æ>ëµ
Ê’‰�ŸöÓêÔý@/Ð'~C	8©nÁ¸‚ïZ:[iËYÝÉ¢è5˜3‡M[�CLÃþ쑶Ž3JªŽ�ÌóÊF¢®%0Ê¡ùÿí6h8|+@kïçurÛÑsŒ \Ü`ÆI1m]+Íz%»«
-%R>
-ó‡›!|
ö˶hò=*)rÝ+¡“}-ià+Æ,˜Z2ügÚM
-¢J¥1{Xt¡óC�-��v—å˜ÐÀC0“%o)ðÈ�DOŽõö£\œUæzv€ƒ-í¸’i\€
¤ßeÈëëXõN~<mcâ­FékÐùFrá�n˜ñC
ÚZÙ?ß–Ã.7Y/ÒžãNŒ…>Cþt^öfCžÿþ>Žþ˜ÇüÛ.éÛ^z?Îão¿,{{7	;9þîÉ.¦‹ùWDÇÑÕ/ËŸ¯Ò=QPÙUQg⟫?–_Õðúv¹:(è
÷“0¿*½\^…ŸH/ÕNê嵕?u¯.&¾¬×7wëÛ_ﾡû›7¿ÝÞß¼¤åÍýëÛÕ
-W¹cG±<ph)‡’BÑ€‰4*€§cÜcÐÀ䮫ì2ö»�ªÜudAà9g‚
-¹:2…S£[i/¸1cÈ9v÷®ƒv#¤AÒ–V�Ç3¼2žZµ9FZ¾£=ò3Ÿ þ÷ðÌ9™ø!aˆÞÊ—vQ<ó£ÕÜïŽÐRãEDñf¹ùkuõúÅ-µz˦¼TIËôo‡ÖŒ&<Âù˜†³Ÿtp�‰šo£I)ÜB˜]VŽuX`2ÃÍ6ž;æ1?ºYŸ½9ûå€Ú·endstream
-endobj
-1556 0 obj<</Type/Page/Parent 1367 0 R/Contents 1557 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 884 0 R>>endobj
-1557 0 obj<</Filter/FlateDecode/Length 1935      >>stream
-x
¥XÛnÛF}÷W„Q‹–(Y’ûR8·"@츱‚¢hú°"WÒÖ$—á’VÔ¯ï™Ù¥L1iÑ¢0,›ÜåÎíÌ™C}>›Ð?ZÄ4�S’Ÿ�£1î?>üt6]\ESš/gÑœršÅ—Ñe¸Êèþ¬{�Õùe4é¬â º¼œá‰Ùr�ÿcüVš6l†&Ó«hÑ_˜Ì'°3Ÿa%§x2�bÁ¶:—X»\²)Þ(kO—9MÇv¹]{±:»x3£É„V¾xÌ>"Žù’V©D;¦U2\í4©$±MQSãtJµ¥Ä…Njþ·Æò½Ê׊vÖÕ”7øXã	Êu¾ÖÙ�ly¾úæâ`nXV¦¨±ªÒÜ~­ueH™quäo&á�Ñ"ZrUVéðS<_Ðé#£Q_Ñ(žG3Þò~›Êés±¼…ëm⥫M–Qi�ÓÎñÿAD*Mic2-žkÖ©©¯­î®u¡U½cÆ4’bÀæoÒw¿GôA‡Ðë�ªIÁŸFn§*<�rZR÷¬Ò*%[d‡g´>Pª7ªÉ|ä£8–‚Œb>�%¨"Ñt°
íÔ£¦ÏÖ\øWéÏ
üK©õ
ªGƒíª@ÌÎÙÄÈæÓ@ÎÉ™¼Ì”Ù-¼èÖ²‡b5Î[T¶²¶¦OC[…2ü«ª~z~Ìþ¦²9ŽùÅ©Ý;º]Ñ,_Ä”dFuDïK]ÐàV×{[=ô|¹Õf»[£º;kÓ
Á‰ÁÍ�Â^ºËÊ8�À×NG[aË)Haà$—™MŽ¹ô¡ž÷ŒêÑl±§üàÎã×EQ4€…,ÕUD¿¢8ng›,E
8ùd
-S•	¢9wh†€|€‹Ñ‘«:Ù1ÒPƶ'<Pz¦@‰mÁ¨:-:åŠ&Àþ=2šN|LfPѽ®k¶þª2(£“Œ¼þ‚&ã›m$lï‰pJ¼`Ô­àØ?EaŠ^rŸ¹ã‘!1´ç>Ô`E>ÚPSñˆ!j¶]m{a#/yD«�qm{ø¥Û�ïÞ‘«Q†­ôl–Ù½xŠj9‡ëšÑ5Ú9	Èý©*Iâíê"ƒÔ=äœ$±ÓÍ×u­óR„¾x4ÚÞú]V¶ÔUÍlÀðRÇ€ö;“ì+WôÉgêÇ)
 Ý‘]ö»·®*œ›ƒ‘ÔVÿàk3\ȵ	D÷JK›ƒOØUG‰*
-ô&ø75®ÌÔA§œ=\úD·½àJ�˜�AÆÛˆà,?i
-Wƒ±tz.¼D®´6ÓUÏ»NøÉ©½WVhj¯00�¼p¤'¸QØý�>¦–ô;1½ÌLò€î·ƒ�òÉHÑH *¦4fÁÖp‰4‚4ÊÞÔ;±ÒÆtâ&s�ÏÅ^¾š‡ *\ä9ÐM®5Î÷©€(8–à#ð†ûLWûÐaB
-릮Ѭ�(*°¥uÎÛAš%¹oþݤ“1xœ9÷:ã)|tZˆ•�)mÙ”Â:ÜÇ¢†à\Do=1�ü§<q�eàþ×ü}»	%r(ÈNC÷­ãû�¸�”´›;8´ž#ËɆw`ÑAgR|YÎçO(´N{à„Aæ©É=f.c@µZ·¬ÐzÑA‡‡VË
ms];×@�lÅšº^ö´X“0ˆŠŽW*sVDÐs?·©ÙB<ß0¯%@×/ßA+ëi¯Åýöìâ;bm¿|å:mµ$³2±›çhŸpyÒ
6ÆçdÐòN4�a_
Ø“¹,àZXOâ!'øB.¼€ë�'§þ.ÈãbdñÃ4##Ôä…cjÁ£|;W\8&N™NâdD/DÉbŸùxMm+¹€xOÃþtœ¦öl˜kˆT–E‰‰9
-
„ìÉ	b\ÄñÐåë"rsÊYﲎ´"mµ¯Î¤2¦hù0‡áC©•ð[ØÞß¼hcó>�Ø„Ð |:8¾°¯’—¨ÜÑ ®â˜©ip¬cZĺÇÒÍýèÃÝË0e‘</�y(7@Ht
-,Ë(wGè`?ó«f­*qàÂw‹3˜QµJç"Jl‹DåáÍtåÁF•—ÁFÈ
„�-ú>ʈæNHw{m!uØw³@qÐ=�S$K¯¡‡¶ÐÚë,=`0´­lSJm/Þü�ªš»MYÚŠÙ7SÕ�7íûNGÜþ†¤z_0\ÃhDj9q`)1J¯gà5Ú^g¶ä¾¥[DÔx@CÓy0q²ÑÆ_Âð¨+2«Ò~âxüOÆcH´Ž�裰'¤“Íë»_ØŠ³¹ÞË{Ìþ
]ä­ñÅnyO#�}n¥µ@ÕÈå·pØr·µÜ…7 •·¢DÚwÖeÛpT•‰Ç|…º	q1‘�ýæV:¹#˜mÑ>Þ=~»âÅexÿéy&z
�öÇ£‡!D=$%YÐ_Þ”¤;Ñ™¸‡6�ÐçW]¼cÕ¸�NƒTÓUÐâñÌkñï„S†Ç¸À¹[K£�ò2õ=ø¸‚×£„8òž»�t²2™ãË‚%é0Ž–óKVç÷×7/®ÁµöÖ
¯l‚Ž-jR+1j-Æp(þç7‚Ù_à
yó^.ء׫³ŸÏþ­û~¥endstream
-endobj
-1558 0 obj<</Type/Page/Parent 1367 0 R/Contents 1559 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 895 0 R>>endobj
-1559 0 obj<</Filter/FlateDecode/Length 1645      >>stream
-x
µWaoÚHýž_1—öT*�Á†‰”“¨’´œR’´=	úac/Á­½ËÙ&�ûõ÷f×KI¤êîJ`™Ý�7ofÞ®ÿ:ð©…?Ÿz
µ»¦-¯E�ŽÏïýÞüg’ælÀÔíÛÍûƒv¶vÐõ:”R7À‡$4>¨Sê÷½~ÅV¦äÃW·b¬Ža†êÒê8¥ Å8�VÇ°½Hí¾ïS»Å¦ÔÁÚ^9bÀÕ1¬Gï¨bå5A¿,°u½ ðBßïymõñ+uáÄŽŒµ2fÀÇpúh­ŽaiG«ôA�(ìÖïôŽ™�+cKEP±2n+ö@–ÍN¼öÝä yÑ¢cšÌ‘ýn_"“ÛMÂÚ™NE¬N§£ÁÍh8øJWãÓé'o¾ÒXf÷2;�ŽEz+P(Ž†H–Ñþúvòí E�€³9‰jÓ/±Šô:§Ñ„6ý®3û-Äóu«Bft–ÅØ�†j®É?)÷p“ˆ_匑Hå	M?\Ó¥Èeö»,�A$Å2§ë±óàüÿg{èŒã&þ?þùL¯‰ù¨eË0Lb©
-Zê;M�O”i]üšË0	��¥Z¥KKh~¸ÇáÉåN扸ËO¦­M´·ZŽî�9Š“4�áu}õþj6[,׳“#™‡Y¼,b­N¦vþþºúèŠÎn†ŸÏohðy0¼¼»<§‹«š|Žéúf8šœßÔŸÝ=Ôi
-ÎN¦Îêêâ‡X�ÍöhüÍæÂÐ�Ë"²eëâ£ÙìðåÊ„ñgde¼
-C™çóU’<0ÑM¡©ø2(�l^@ª:VmŸÓï ©;
¢(Vw4’k*;)§ûXP±�TiíÁõ»”	ëYMA�7z÷@‘œ‹URÔÉÊ…žÏe–“H*«•ò…Èн˜+Q¬Í,Mv·ZžÞz¡Vó]'5žÉH6Ïói®“HfÀžäšä&Î!V.—m("�‹8/ç¾íGE.bú·È<šÀÂ¥uŒn%°ë5iòcÇgÃœ…pÁs±HÉ°@X+{·‰$$'¯fNnd¸*$	EWK©Ê€Î7³÷VBgoáµX�ˆÒX!¬L�M«
¾ý2.�z'ò„Îj±'=#¤³’T&E5ǾÙn�ÙÙÛ²2Ârv°OÎÇ,èöö¶3ömä†
�“µåð”d¾ç0™ü²L^ðŒ)ªUܺBkàpô�)*DŠô3ÁÈŽãÜ›sæö©g˜bVQVªe½nZÌ[î*¡±¥B?+ŽPÑ~Œé*GkŠ{@ÚÖù½HVHWÉ2Ów™Hi¡õw2swªƒÝ1GŽM€äaþ�2-Ól=º–© jÊ"lš•¡XîãBYˆ%¼Ã.P~sTNŽ:C?܃sB�C‚Dö`Š†{Ÿ/ƒHØ—…T¨{î?ÆËìÏ3�‚{–ÕÑ4ÆÂGÆc±= H£„•.l×-r\Œlõ4á	˦)]+±G»¨š6þ¥BŽcô…´1™\ŠŒëÇ’n·t<¿(M\G²³,xa¢C¦—!)h©ójõhhI°aǦ?*¡_�&¢È:«„Ì2äNÏép`:“*–Ñ!+n«Œ•´„lÉöh¤

HÏrãp=áȧ
Ü5Ä7GfŒjAÛ”é9ì
-½+ä¦`dìdWþê&W.1DSXua¨WªØ¯ŸÉB⡃5¥ËDòaŽ:ÛÏk$‰Ð­/$sÂ2™ê{®Gld®Œ¦鳇HÉ„«gàá##Ñks¤±ŒlRE!ûsš`/>H
I�ìTmF±Ð»5W©��Þö¸Ê’ý4ÍjáB¨;.>N¼¦5>è*QFe¯ÛŠažÁœ¼7gZÉ7˜‡ÎOFE�Ã’w0wë…�Ö
ãCgßËdû|Ñ:V^ýÒ¼�U3_8vˇ…W46WAÞ VP_ð²Ó.LÎY»I5ôì1ff¥|¬xå º1½öëÛê`­©óiÙ·¤oï �g¶>]Ôí%Řw»¢ã…L]ÆjµyºE4BzÞA§î.kÎÞ¼è—ZçwñÞoS·wlŸªÆƒ�︞èo¸YЙW¦/øÍ~nA£×âGºy›ëô:^¯ÛÇ][ôû¼óùäà�ƒe¯¬nendstream
-endobj
-1560 0 obj<</Type/Page/Parent 1367 0 R/Contents 1561 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 900 0 R>>endobj
-1561 0 obj<</Filter/FlateDecode/Length 1184      >>stream
-x
­VëOãFÿž¿bœŠªÁ¯„<�‚î ‡
-4KÕIýpï†ìÝ>|Þ5
©|g×q@æzУ�<lÏüæ7¯�ùÚI Æ¿Æ)F�ËNÆ�Ž&a
-ÃÉØýÆwÉ`å èîãú×Î`<
‡�$C‘0LÂÉöJÀ�Jâïá³âÕÍ£i‚Z-'Y':‹a
-Ù
-I�&øƒz“1dùþ‡}:'–kÕ‡Ê0
-+]‚]3 ìŽçH“zåo%W–•?gŸ;1$ŽIFʨ®¦÷;¬­Hš„#/òLå’|a`*ŒÃ†9»¿a‚ÄÂ5£ðOÊ=°å€ôV¦…º¸>¿ÊÞͳˆÙ<ò‚9)B¯×}?ÏNgŸ(±~é}ìÉ=è}è]ön>µ/3Q´î]ŸÞdóëlÖ5¬ô1ÅŒKJÛÝÊî<‡ß+€@®‹‡N^@Ðp~üŽ\Ktæ”>Í
Xý¨ÒfùZC·ÿõu|üd�þ$Gáëõà/‚:‹îH™Bka4£ ý®™×€ÊûY|$~˜õwÁš0½T³¨2eäk*2D.‰gî‹-
-âTG�ÁùdSVWùº/¢u
A"+‹º 	¥a@züSÒÊ:&}£ ¸Xü 
Kù…òž%ç™i©)Œñ4{Y²!ù’䞯â qî¿"J-F[íôMÚƒ7iߤ}ø&íÑ�iÛ“íÇ´÷àJÛúLçn^pø¯£Œ¶ÒSÿ³Ú|¹s­V-�½ö5|Ô•w'aÉlU*<eX–•…s TÃhã&
-· Q&lƒµ®ëô½V¬9ΛYÇî#vâÑÙ’a=W‰›r8¶Óð0„w,QõÀ„….­ŸVÑ™ï[­tì´þäŠê��«,Jcl!”€-¬4@ŒÑ9wsŠ@�(8gíÁ³Ã²2„lÍp€*]J"ÄX7ZÝÇI.Ýè¾XdÉQ¿ñq€‹š}÷û%Þ„³ó‹SüÂ�†
sYD�É,¼Q‡†IÉYa »÷„­I!ÁÚÝNÜ|&•°}ÐJìßÖ6¶‘õX}PDâêÑ­#÷4j]ävÏ
šÓ.¿æÁX&¢TãjàR\2ïù6D\�.)Ã5F·œöûPt¨tå€JPûkÅK&™òÞ5	ÉÇ;»bIG¸šaà°È]x±œj¶;ÿ¬î£;ZpuÛ¿D)Ϙa6ëÖݲY3ç¦Ð·—�o±w¼}ìù­Â�añK3/pKkÒ‚Mê…&–D•£i¬ ±¶š&hü:_Á¶Ô6µ‡-è¥Û
-WÜÙu[¢Ñ’¹Ð·;Ö=�‹¯¯îý§müXôûÈÑà>çV:²UÁ5¶Vaª’Þ…–Û¹–›©6дÏ>lÖ› '
-�–ß\15=ì=¬ÜT1ÈXhú¶Ä£À§ì–)†Ù÷æ–•JSÐO+¬¶æ¶o׬É÷ÉFñ¸îž›ùåÉÛ[f¹…÷:¯\õø5Úi4
-ãحܯ9†ãa8MpMGùÉÔÁœf�?:ÿ‡±‹gendstream
-endobj
-1562 0 obj<</Type/Page/Parent 1367 0 R/Contents 1563 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 903 0 R>>endobj
-1563 0 obj<</Filter/FlateDecode/Length 1518      >>stream
-x
¥WÛrÓH}ÏWô£S‹ßâ/[ÜR»@D±yKc{@šºÄköç÷ô\YqŠª
-S¶f¦{Î9}ºõýlL#üÓbBÓ9%ùÙ(á—öããõÙdr-i>]Eʱê2šùo}âõ4Mñ9[.ð9Á¿RÒÆ>˜-–ÑüÔƒéjŠ3O올8XïÁËøìâjEãÅd;_Ž)Nm’#Š“ÁxM#Šw’nò¢Tº®(6&«d}ÅÎ�±�w'䧃£Å5VSQš{•ÊŠ}~ó7Éï�º™Ô5™
ÕðEéÔì+zÓ‹4¥[Ž&KüüC”iDW¦¤ÄäE&kɱq<lˆ¨ôÆ”¹¨•ÑÏD%�Ó›kc�nsßË5Uª–$jÚÕuñüâBù{E•iÊD⤭Œ´¬/HT´—YÆÿ#¿^ÌÔ$MŽìmTR:ÉšT¦´WõΆÇ’;–RUÕ¥Z7œ$ª*À’ð7ìA£³C	­K%7½�À£4iã6ù›m¤¨›°ÄpËÈQRgžšéºP–ÍqD_v¸?2;~w;ŽÈäõá9¯@?Ë|ÊLË€UMQ˜²Vzko¾5ŒÍºNæ.ø­U¯ÂQ@®X*ø0å
¶$âç-8ç¥Q�ÒêòbµLNi©îAr!’ob++w‰Ä+r¸ˆ eˆ8ÜMæ:¾¢}Ø
-è!5¢»™–‰¬*�ÌøŽI	 Ã
[XžHÄðk™
HªZd™“X’).–ýN%;/™u-”&Æůì!4°Ì
ÿIäkÁk‡Nítž¹íÐe	X«“·%×�4èl8YFã
g3çVl“ˆ^èBE¿v´ÝÑöH{l#0
&�ÅÝðæ,ѵ<€ÁV‰)¤s<ÅJwƒÖ‰QýOMP¬é
󸤄ÝB¶ÒÈ
<¹£Þ»óˆn4U;ÔÄ3 ÞVëÕÕö‡*
-Ùg¥åÌ£äà0Jáù6*“Õ30iÀsnÞ_‘ÿ‰µÀ…ÊN‘ÙIKÉÆ´>8[z,©ŸØEßþ�:Ž«Éº?W“€õ:âkB
ìMP*j±f{v§ %Q. Ž¾7¦—Ò½Ýë@oãø–r™ì„VU^EôF$»SAì)ì#ö¢m¤ì$ˆª2‰²x}þø§%Žu"’º�¡ñèÌk9ìm¬='O1|ëEfi©­â"= ¯lµOÿZ7·×¾TÇíš
-Ï`Ú¨,µa.pq¢�Ž8Ñ¥„9£û�Ç
-¸ä¥î¢-ÜáÆP›»chîÝp@ÚôZö´ ¡¢‰±>lBµoKM©ê%;™|ãÜ!y±Îdú¥Ìü Ð•Ø+ëZO¨å]¯r�Pð}¾{{³S>È@Ý•qb
-W˜H‚Y…ƒ†.›áÛ_âQá!
-Î3põò¸îU˜||+Êðbý-þYÊ�šiÛ äÌGt{$”�Y‰íÄp1gJKº•%†¨¤TEýMNÐuüÇoÄå—Ò¶:	¤o[éF$Ü÷¬äŽBÿ3th]pNÑx‡á�ÖC“äîœ=?Š¹Úš?[Ã!˜``ó‘™pŸž”@=¦ÂdÇ;3Ì_ì7�RoûdnR™‘LLgÜ°
D‚3µYV§óâN‹íEnnw†±VuÔ`Ù:ý€Ä;*
'�Æš ¬6˜Ra�²`WKÉò“àì{�Š^B¢4�kôW—­
TùÚÍœèÃä>àsÜOkË"9¹Ö;ÀˆVa蟹áØK83¬Ÿm€¾ÆĈ
Õ® -6í¡»;ˆ�ðZ‚æñoï;ñL«Ôfóœ®QŒ>.Z 	C§¦`ë†KÁÏì(yê>ÓïõÑC#ãqÈçÀËðžEÔ¢õœ>»óHwÝÖa¶ôøŽçxC[Nñ5w·ùôâÝËx‹1_‘½î¾.ðÎaØ0\Œ¦ŸÍŸ|Óš-fÑb¾tóìjÄ'¼‰Ïþ:û/d†’endstream
-endobj
-1564 0 obj<</Type/Page/Parent 1367 0 R/Contents 1565 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1565 0 obj<</Filter/FlateDecode/Length 1473      >>stream
-x
…WÛnã6}÷Wò”bù¯í,PÙl‚
ºé¦�‹-°î-Ñ6JTHÊŽúï=CJŽ­MÛ\lK"gÎœ93?wÔÇï€&C:SšwúIŸFƒ
¿N'xâßJZv>Î:½›>]Ðl‰ã)>d„Õý>ÍÒSâŸó„È–iª•,üºu®’ŽDA—YvoUá¥ýdÕFÚùéüÝ=t¿¿z7{ìô©;è'S<ý»¾’1_�Þ0ylñúåÀyC"õ•ÐzײÌS+…—äגʈ‡õnF4ĸºÃàök!É,ë…f¡eîH©©8™Ñv-Ry‰U«°ô6VPMNzÚ
-\À[!rI®©$YYH¿•²h@ž'Cw#¬2•#W•¥±ž"™$lºV^"4+]B7Æ’|àŒ¾©"3[G¿ÎH©®2&�²ÀtðœÑÉe‰¥-g_„“ö›…YK··Øþ'mÞ’é	ÎöV/ÞS
-:)ï¹sÊ‘å'Ñ<ýhð¤v9'#Žo˜„‚Z›-gì©Àûv-|mÄŽçb#i
š¨*µøX"rÑd/¡K„ê|…¤"µÙ*­[qZ$)_à™gœŽÆj]Ò½5¥´^�»L	mVd
-½{%4&�½h£VO?§XZ~Ÿ+•>‘6æ	fÚ~G¨+·s^æ@¾RÎÛ	ϸÊä‰ûüË—»ùü!l˜Ï¯*k¡»+Sxkôƒô¸?Ïç! ùüºØ(k
-–g4z¤ñh”¹‚÷�:rsÀ‹Ð[±sT9”A\ŠJh¶Fþð‡à ñ7Z‰ð¡Õ`¸E² %ÒÖæäH]?�g%" „>›-`Û3zùZ7pT¸-‡5&©€Þnª9E±S´ª�©8è7b&µšE¸ìJhVÜ.ÊSÎäÌ~®=
-DrÁ8…Âô²,c»@8ZåÊÏ…+B�3pšö¥%8t’'±BÐuÁÓÂø5cn~‹`õQvPÙï{Ó–„¹MgÑïk¦
j-•u>aû½›Lê~y>ŠZà=¡OJ¬
-ã”Û¯CÙóyÑ=ïdžÖ
2k²*åèãâC�Â:7À½Ì­Ñ	ô¥V•�/ðY7�L.ªUŒ†‰-mÝ®·
-ŒyÔb�Û ípg‹°ãí�u¶º´&Ž‡»�M‹âƒ¦VºhÐ"«‚K©àF„¬‹#‹íšŸp­YˆËÉ °–ﺡ»ÞÞm†
-J½±»À;Xldõõ錜	bÝ
-ˆhÂ&þp+B‡ª-Ý_ÅÇL)Ær/$ú*6*ÐyËͲ°UlÍA‹òƒzv¯9ÀI!õò'=V(s,ä6
d¹Ê2œ™¨³úücŒ¬¡•�ó­–ç?
-õòjßU‹Ø:“:`Ib®ˆ�j©4æNSÓx+¨®ieaA J¾Ä^@'�½–ÓÔä@š�$ô�ŽHp}3Ç}LU%³Ôí,Íà»6€ÈbNcŸF«@›á˜ h®4rù"ÁóeLSn@�•Zn8ÃͲùév­Òuð�²¨tN˜t@ª�œÆ&1é%z&/aåÞp0Ïu‡uó˜Dô}¥ÍB迳õtR‹
-¾Û…¦‘:
qq¸¬BWb
-’ûL¶Lèò™.£Ù.­01…]ô\É
-e‚æX…Vr0!6tióc]°•L‚ÍâMèßC¡ò�L küD=b½¥§Ë¬çø”‰Œv©0*r’—Fk³ål‚Z*Æ<PƱ0•ÿ¶)Æ[
-Ô+)àÔ›ÑÔ 	ÃGa çÍkS8'+Lœ{[lJ …þ—­7Æàë8bÖð§õX2ã‹ÁôœÆ“qÚ.ï>^òõˆnEŸL
-ßE<Ød·ÙÐ�ôù[ÃégÅh2J&ã)N
-<¿ð¶ëYç·Î?¯O
-Mendstream
-endobj
-1566 0 obj<</Type/Page/Parent 1367 0 R/Contents 1567 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1567 0 obj<</Filter/FlateDecode/Length 1542      >>stream
-x
¥WmOãFþί˜rGïNº8/„hAâtwêUªŽ–TU|XÛ›xÁöšÝ5¹¨êï3»¶	>hO*!Šï¼?óÌängL#¼Æ4ŸÐþŒ’bg�hz0Šf4=œãz‚·‘´Üy·Ø~Ñ-–�˜â"%œ�h‘¼¦æ¯2ªt”è¢eJ'4¬­ƪæ•¡
þÏ÷*Ú³o7;#ŒGÑ!ÔtÒyu×ÉÒcé;6ð_Ò¦xl»è¤ož±}WËZV¢¶²ÓѨ°Áÿ$˜·NWÿ[…0Žu?Ni<LfœŠQÄ‚l¦ë<%+’/¬.EœKJåRÔ¹³´Ô†\&áj*+Y¦ª\‘.i£kCvc�,Èm*ù–âڑ¿-_¡*¹Pæ^oDé"úÄßR©½\ŠýhÂöë’‹e.Ž5R&î%9Mn-Åmc–Èu"rä
-æ�Ò¥�h‘u¹³m"_‹�
J–užoÚÜ5öl%µT2¥J¸¬…´oIX¶C¶Hc*ĆÝlÜðŒ‘‰£ó³ÅOt/òZÚ¨Q:™ESâ�Lúl �@¡ s!·¸ˆ%y Êô-§g­òvn%Ž"w•6ÂlYµ!½ôùãt ÙŠ
k<{ðZ•½€øàeÐnì5<H8;q?ÀVSYö@¥S…$æ0–KQ"	ºFm8�M¿èŠ¥
ÀÓ¢ò¾*l¢ó³gÞ{
íFú
-ÅÒI¢J~ OËBå>Ó!Y…ZeŽ–
-Žæré np—KKŠã\º D>œžño	.
m–úœn·<*“J¸[¨
"È].\Y±4»…U+ΑÓ=³÷�yX Þxa[i�KÓÇ'wï4—†~$
nÛ-Db´Ý… ¿BÏ¥±©Œ‘U.˜]+—‘¨*£aJ8Ù`�Ö6x»ñÊ80_Áž�{–5[Ôe[ɘgœñµ÷Ù'=8’•€ÊÀ9çS Ð×Õ³Í2
"¸önžSð(ãëL%³!l/�©@(­T63üxDc4…Áþ8ôßxM£IDïe\¯VÌN�y|j0YáÀcö›sã~FáÁܬ)Ë>`µdÖÂSë@¡\é�O6
綸ÛWËf�m£ª¶wÐÁÚø4ö’$̪.d‰smšAmÎÑ' Œ;"¢3²ª¨ÀÉò‹ðŸþ|»åö	7åÊRè©X‡\uós0AŠ8âfn†@·'�+ª¡õ«ÛSs2ÆtnD_|ç§kw°
jk°¾ µìfk Ýƒß0ò¹žÆw=`kž�íÆ·JiPÑé�½Â;ò^=!à�™:ðe»pBÙCoOƒá
HY±’O-/ÚñÇ[¾žì¯D¶»�GÑÖà{§.ˆny9¦—šœž~ÿu@�Qé½hÇI¨…
êa‚Yà™–
¨@Ýb`òÄò,Ú‘u�ó•R¦ iÞ%*Pø Ý2²¥lchF$Gd�zW€~÷)ç=¯lzLM'ÓÉ$Ó”©¦ˆ™j­4P	'÷ù¤-â$W€>
‡~ÊgÚºa¾žöDDšzçÁ¤KP$©ê¿¦'ºövrp@e!ìí	®¢ö=ê©;cê=x¯¡Ê“˳‹ÅÙo‹kú|qrù{©¾\Ó…4˜R'—�'±«Fóëž0‚9¦««Ó¦Ã|Á¿
-l渄ÜÜÔá-$Sƒñü`JW¯y1¾�‡öê
nføòþÛ|ùœU_¸ÞÃñhzäû~¿í~þlmõwþ'¢LdN,Ü;òÁ·Txžs<½‘c0J
-7{ß óçVE£V¦Ïéx*Â΀ü¢žÛtÑUô*¸÷
-À›¹®i8ˆ5jÐl2ë%³�ñRA½‚b,X…²Ø¥Ú•˜×–vhW\îQDE:é5¬ÔÒL˜lí(ýE®õ-a3à>|ÌͤöM‹= 9c¤õ[:¶‘‡Í–?žá'Õá>ÍæMk_œýòîŒÎ�¾á�ö½Nü¼óqº­À`>âß[¯¿m°NçÓh>;ÄD†ÈÑ„5}Xìüºó©UÁendstream
-endobj
-1568 0 obj<</Type/Page/Parent 1367 0 R/Contents 1569 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1569 0 obj<</Filter/FlateDecode/Length 1323      >>stream
-x
�VmoÛ6þž_qß”±üZÛ	P)¶¬
V4[<´LÛL$R%©$úã÷)ɲ“¬�Û’Å{yî¹çîëÉ�x
i6¢ñ”²âd�h:ã}2Ÿá}„+i~˜ÌGéèµÞOÓéñý�‹“þÕ„†CZ¬ác:ŸÑbE°?Ð";ýÛT”	M_+•=ä;Z+½"SyRkò[I¥5Ë\¤=)¿¥�©,n*í•Þ�Û9/‹”¾¬½ÔTJSæ’¶â±=WŸ‚%eß-îOÔŽübuÚ—>ëK™(á'
LK[(ç”ÑŽŒ¦Ga•©\ôˆ e%]ʆúWç4œÄœzãaŠ¯«Óá$�¤ã”þÚ
-�Hëheè:õS<¸£7b0Z*'CΉ—ΗV»„ÓßXQ�7”meöÀ_œ”{t„´¤E!(Råfef6Zý+W´ÜÑ­(–"ÄÞ
á
-)ËgQ·³`€k�8.b¨:¯S!5Ž•ðׄפHP¾LrʃûPê�Du}�)c¯ôÚØBx€Nkk
-m9ꈔºx»P­Mž›'η•æ:)FÛd"Ÿä³·"ó€¤ãõDz퉷†¿Ñä?F¨s&ùÖ_*ÝÏj ó$buÀ$6x4IéVú@󪌞,�þ¬ì#øõï–T…Ø‘–È5€ã	vœ
SÖ;8±¥byb?ñãà@J×(”#ç­Ñô&ó©(¤^±E¦8wvCáµÈT®¼’\fó¨ø8;œ%W“ƒ¹ûÈbsíó;bFÃÜÑ41l%„Ë„8À\]">ËͼÌÐjSï–?¥Åy6¨tBß:Žú(ÍÈ©ÿ¡
7ä7‘+á†ñc”¦é…)™ãE^ÉÜxYºÀ +„.òÂ8��<ƵW;w¶‡	%ì*¡¢ÂÓKI¨PiÐ6éE^n…®
-iUƘT(Ÿu™�P$ÿvz%ÛŠÐÖ�|Ì”H+Îp0扶»r+¡Žw§I/¹{GèIæyJ—O cæTDäP&�®†}b®µ�öŒK}„k8Æ&‚Ö°Dd;
½`«`׊ý	J"}BbÉÓ¢c—«¹§83ÒBzd°c+lâ?òÏfÀoÆ-W��žP¾Õz`návQå^ñ¸	³ó“¾,Æ¡ßj…ÅDYïYÆÇ
-aäöZ—–î¹”�Œ(/#ÇAö0@10¡
)ñ5.ÛIVÚȱƒC¡‘B=Ž�^=þyG7<S›©£D¡ 
î5è1î^Æsá¶À=
-¸³øFV|£ƒ©.ð�\X„ð½jñ{æ^³õ>Úê�Þï!n”C¬Bkï+Ò™ôŽc
-Y”Âya10 ‡ë0"ñ€>CSm@pó€¡O5§Òé0Ò¡W±ðÁv€½`Bpã*p(hm륕Nn³'æXmXê büvóG»!Eγ‰$/3¹•bõ¢ù!î<]@›3¯Ù™:äkûJ˜AÛëe錰f¥xV,g0Ö3„‰ªïW®7"?Â0äÖ!äÒ[',zß‹¼Ãû&rÞ%4ÍmM•¯0Nœ Ûë_?ýyCNm´ÈöæŠ%?Àó–o… IÇ7	D¡mܺQúWózN°UÏÇ4�Ô›Ãíåç�—hDsÏ°ül2¨¶öa/Š
2Å*Ž½ÙkÙ�­›“Ù$�MçQ;ÎÇlç—ÅÉï'ÿ
ëÄÊlendstream
-endobj
-1570 0 obj<</Type/Page/Parent 1367 0 R/Contents 1571 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1571 0 obj<</Filter/FlateDecode/Length 1591      >>stream
-x
…WkOÛJýί© RbHÃã-EêUK¹@Õ[	]ic¯ñÛkvפ‘øñ÷̬M\«ííCrœÝyœ9sfò¸3§þÎé耗”V;³d†§7É‚ÇGx>À§)ßy{»³qBóÝ渲<ÆCF8>›Ñmº7_$‹äMBÙy]‡	Õ–lš6¼¾ýŽ«šÏãÕéÁ®îÝÆþ…BSe} Üµ>8L}O�r�lN�35¿Hè›m©R*Ô“rñ»]MèI;“�á�
-ýkZ+O¹ukå2�M8ˆMç‡É
;÷:PÛ�¢µSM£)gÛš-hJmU)~¶ì'¾ËM©'´jÅ<ð`ã/	"r[ÉU	W»¤óv°Žðvaœ"i¡Ó6[©äÐÂÎO_¿?ûøñcr¯ƒÀ€³‘3÷EˆXÐc«[�Їœ6@DÁFë1EooÎɺQ¢¯®N†‘|cm©ÝDn¦ª¦ «Æ:åL¹!l³Í�-~À륦žø¼¦,iű¯*pí1ÙÐß�œ×6ðéˆJ–ЯOùÈþÅŒNz2€8ŒQÙ¤4½ê ”xâÙ!s–|ôÒ®»�uL
�’Ô¬Ð5Ñ´[6�[k»±˜šL.9òqf ¼ÑÄXøK~x`”›çëµÀÉÙGn¢f¹
m@~ZÚZ[i)TšêÐ19£kæwg½gÌ¥þ
Âp…™ók…êÁî�¼{²ÃNÞ£\œ§æ´*QR�4¡¯&ò…òÞø êT÷Gýƃ
£¼TV™шˆ�#àÊ?½+/•n ÓRÃIßœB
<=wcDÏqT…éÚáÊá�\³³µmËŒô�F§1edÒWY­J(‘d]rd\lÎûËå‡h—ãÙ¥60uÃd:h‡Œx
¡‘ãA•†V€3þ4%J3ÚRn_úi¿l²ýž´D¯b—Qf2°nó¢bXïx–GÒƒöž~ûçU¤×T�þÅu~OY~6›Í«M
å3?Ë­4
—È‚îH~{GDè oHB`YFtÀ|¾ÆGPLNFÖÐÏ<) ‡¦½Ê•W}œ�ÚîÆC¨(z‘mI䶆xGÍ–DP1Õ{…0;‹›*HÕ£÷ié—á<šΣŽÈ Zs¹¾ëÿ4�>s_0
e¾ô�$ÞОÉä†Gžzm�ÛHG¯¸×�*@»Çlk“êr3nì[PU¦O[㬫+´¼ƒž©{í™41ÜSZ©ºFaâ{TbUªú¡ûØ�;L©±ŸÁ|è‡ÉÐP?ŒX3GtàÜ%ƒT5d›`e¯Tˆ£{ƒxQ¼ÜÜcŠe£rƒ5<£?¨C‹ Û	6lO"Å`ˆ=žú‚îö˜}N{O…V;sÃôï^wÞc÷G6�|¿”/·ei×RQèŠwÔùÕŠykwJI’pH¿é¥aBÒ'(Œ&K\œ“¿ÆÉâ²V8æ,“"ÊÛë8ŽC£äî5˜$˜©d‚0gU,F€IY½†àŒkÛS Ûª8ŒÌxÖÕ8Ž^j¿Ýaú�IÖµÖG�tú±…Àùn÷\ÃÊ°Xy›l^h:Æݦ:O¼¨KÉ›Ú
-âÜóuƾÕæ,¿n븅Ø@~Ð$Û阔Š¸ae-F‚í[ËCj0E»DHe€L82³]¢¶ÐŽ0¿‚¤Þ¤Î4A|™KÑø<ž�ªlih±Þ×-sªFxÍ9~2©³7ÀƒR¤^‡„.àZÿPUÃ;%¶Nœýjê“7#ϸÜ3%òëCéŠ+ª�îèRUúùnïZ6Çw¥Iî^_AN¡¶Fã²ò’ÕóYöÄüËžCvá%ˆe×^Ȧ…µ»€OÑ»àÊ鹋4’‘Á�óWBýš¯xMß �y¡æ¶äál'„Á!z(ÃïG ÄiÃ5ä=`ÈsL tý{ΖhÞÕK¢‹«¯)/\pµ­&G)nË`P6ƒMkä<U¼]€up…�ÂÖªáÝR¯“ãîÇÍ|‰ßLLJ´<ZÆ
söéí
øïL˜s›¶(€Vµ5ûšö¦G3,ÄÙÿýŒZ-’£å1~áìÉ‚M¼¿Ýù{ç?�È‚Kendstream
-endobj
-1572 0 obj<</Type/Page/Parent 1367 0 R/Contents 1573 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1573 0 obj<</Filter/FlateDecode/Length 671       >>stream
-x
…TÑn›@|÷W¬*UI¥˜‚M0~t”FêC«´¡}<`m“Àå–¤ôë;wà¸r“V¶%ÃÞÍÌÎìÝ�YD!>­´L¨hfaR’®ƒ˜ât…ÿü:¦íXã y©p&/âå%N ®²Ùû›5E1e[°'I¤”•î0¤¬8�â V
}UOtk¬Ü]Õ
-µ]¥…ËwÙ=öÇEãþùb…ÝçÙ¾²„¯Â:“×Ü�앸7½íU]T¨ÞrIù@\Éž;,à”lkL]éÙÁ
-¶¶½ˆ{¬ôÖt�’Êh˜Û`EuBfëd„4�–ÁÂѱîM>R7ê�í‘ÄVúÁ¿q‹¼XáŸBÛªæ2
¦ï¦>;²UÓBvi€¢��íÛÖtrB|4( ï¦§F
¤}Š!Ö
-NÐÙ¦ãº(èÆ·C×,\¸®Î�ýÉŒöã™/#L:ô©¤
mÊG¥ܺ<àÒ+�|6£À‡ù��5�óœE(ÝA‘ì
a]*½u–{1•«éÑ÷'„å={ã€
-Ó4J—oÈ´®ƒ;PIìžëš¬еqà#‚*
-Ó{é.Vvpô­²^€Kòí·	ݹè&
-�ˆÉ#ŸÐŽ<c¯KâGÖhñÁyp³I:•Þ~_�¡eL™^0tääWb‘ý/ö–ý¯ã¯^[Œ:´)í%r÷ŸøÖ8T¬jÈû~-»�[/Nåæ‘ÇÅ$Uk‘ >‚³í…[àrv™=Ï\¯ÜÁñ`¡]¯íÅá`I§
-Ôºc>±0›J‚á·#›²ê0§¦¦¾ÒéÔG	.§tI‹d:~w›OWL¤¹Çz„]ô
kñähæ‡
óU¸~æ^1ñ
-wP’â‚Âì¯/ʇlöeö?õžµendstream
-endobj
-1574 0 obj<</Type/Page/Parent 1367 0 R/Contents 1575 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 910 0 R>>endobj
-1575 0 obj<</Filter/FlateDecode/Length 1794      >>stream
-x
…W]oÛ6}ϯ¸ðK QbÇIÜ
}h—v+†4[c õ0Ðe«‘D•¤êè�ß¹—”¬(†¢A‘÷ãðœs©¯GSºÀ¿)ÝÌèòšÒêè"¹À_úã¿ÐÕ‚V4¿Lfñ¡¤‡£Ë«¿¼š‡—‹Y2�Oüvz5å·³›ä[gó«dŸø-œ_.ðn¾¸Áï3ü·šò£7Ë£ów/ivA˵]ß,h™IIøKzüëV5^[š^%ô ÓÖ~O¥þ¦Kw²ü"[§7aëÙåå.³c¬�&ô¾öÖdmêS‡¥sšNãR©KTµVäÚ¦1Ö;ò[”dÊÒìŠzC¦á½ø«‘›Ò¬UI®Z'©©sj”U•Fq!ú½ì‚Ï“9×ñ9ìø;¼Ÿõ燎ï]ìçÉþczEŸÝVYý£uÚ®Ž3�«¶ô«“xü¦í�ÌTª¨¨ÌÅÈþ®9ðŸ¥VNßÈÅêû²+U£ô
7j©uü[Qã÷Jq·¤ê¬Û’™´­tíéöþîõûÿܽ½{óöc²õUÉ%_ÐÙ”	‚„*o-à³´VéãÆšq2íUQ:BØP4U&ÓÔõ�Ðx*êÌì*þ¡íZ[ãºõÝRÙ8κêf€cuBvj—Úb­3´%çöúöáì÷ûOË{©<‰¥Ï®Ã!Ýç²H­Í7}J“>á+”ÉpO¨ÒŠI°Už]¬Žl1”–ŠoÏùm[×ÌdŸð	JéZ·~šJ}«Êr�ÓpN¥<'<“j�cí‹4ˆÕ_[í8‡ÁáÁx8”ÉXrr,.,‚á�U–|¤jŒ[O\špê�±Yl–^MB£�)¤­À|«ÁûQY‡´Àå¿PªD}²¬ußG”ŸMà¿îIña+;•S*{A
``{,oÔºÔ@Žt�Ú=œ"4¹¥ÚQãrül8C×µÂ5f	ݸRjª¦„²#—Ä8IOŽ¡

ÕÇÞ9¼¦‡»7¤^—�Ž-’…€—óÊú¶¡“êÀ9	;¡'<‘ &ù�éMi"¬p2ê•5("&ôi[¤[n
uÀ8Р"«S
DÁš<×iôÁ�Ú×`9äd¬b"8ªGÉït™Ã=DŒÕ ,eàdêqb!
­Ž…Ì{Ú€9žôwÂC¾\S—÷	7$R?bÓcmvXÊ2ürÞªz1CrŒeŽŠX�»Âo�“jkT@ÇƃCŽ3Æî‘�¥Ìû¡%°/ƒ„ÿc¸”%×ûQÿ\Oe-?ÇTLoSæÄ ”ÀdQßà—Bi>ÂÝVc³-ËãBàf§³±�½�ˆ�õÁÖ±MÎþÀÙ¼°Î£$ô<\Á·ÒíÏVºní4
-RÌUçxL8
þŽyÝ`ºÀ÷ÇÍzåXÀ؛ԔTë�a$$zƒ‰�†Ö¤îCU€ë¼I0€p„·Æ±2HiªÏ&bõ�
YÁ,n�žwÁXÛë‚„ó0¹,ÄZa”‰�ÈÇ3Û°ÚP‘i%Ç4ÊT8FÜ©£¹{‹ãÆ 0u-U™SrçÙë^xLK–#ÒMBç¡ú	ÏLUGþÓG�õ/œW·³n|ñÖgMò¢3ÜupƒÂm(!~Æc?®ySÊuì~P?(ˆ˜õ¹5Õ“H°Gyž]ò¿ã3‚zn÷¬*n3Lä05!û&¸�Óg'R®ž{§€íê¸u\ŽâÜ™O¼ÕlÕ‚+Nsÿ`‰¨Þ!p‘ïe[?Ä’úœÌ™¶à�Ãà,6[ÈB¸ÎHze|ÞQÈSî#}<S©ÜT	4Bâ–ùـþEin|:œx¾
°¥G4#ö˜ú�©3–7mÄÍ�÷¨ƒ<tÜF½aîp³|]8X::�Ò~.£ ÉŽm�¯¤¬bê*eEgÍÃõÅ—Ewìú«cÜooÅåj°C±EñÐâꚦìnDR’LÞº:‰©:IÜ?žB±;©~0$
lø|ÏûÙÑaÑ

Ì°0Ó�¯N0ï½×<5$PwÎÝ}³oèš½ù¨Ò€É2ˆdó3ƒP™¨`u"œíÇ(È
-¤Á�G w
WÓhTͶ¿‚@äAO„ò;“†aw(UÊ:%ÄÕ]7˜p»x¹3ŠÆ>¸8;ùÎb/E
-ÜΉe*ן¾è�	aZ¬1÷¸„kè(/ö2è£æ9ÍÝ�a/?Ø">
F
-'mÑ>GûÛa‹CD]¸iör\Š£´Ý9â#£›p�`#\‡÷tò†‹H@@• ºc�¢IÖÅ÷±ò\ºÕ•(÷üÝâðÉz‰o×ìÿ¾‡ç7óäæzœÿå5×ÿvyô×Ñ¿˜NM¸endstream
-endobj
-1576 0 obj<</Type/Page/Parent 1367 0 R/Contents 1577 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1577 0 obj<</Filter/FlateDecode/Length 1049      >>stream
-x
…VMoã8½çW>Í­›¤Ý$=ìa:³æP`
°X`.Š-ÇšÚ’W’›ñ¿ßGú#�[`Q¤H,Š�||$ýïbEKü­h»¦Û
eõb™.éöþÿïv[ü_ãã5‹‡ýâæñŽV+Ú¸²ÙmiŸÌ—KÚgŸN¥†™‰d)jƒöVÕú¦Q!œœÏ)–ª?kc©m4™Š:¿"ë"Ì“P*6NÒÏûŸ‹%]¯7éP>=)ÛQV\´ÍåŽÁ8‹ß±mÒ¯Ú’)¤ñÈ¿jÏ¡œ³oªp^á k½‰]JûRw@÷µªªnôùª*“Ø«ÛtÍØc*th#.ИQJϪ>(�“!¿\ÀMÆÀUT™É”4¡*=�‡$¥¿ÁƒDÛ'6ƒe–(wšÙL¢×š2g­Î"RN˜gUG*gd׃§ÏÌ3®P!Ùã[GÑããF?üõgW´ÎÏðK¹AvÑy£Ã�Ϥ˜w‚“’œÎ™`†Iø!ýžP¨)"-pnµÐ<1Æõ€­¥¬ÔÙËp·õv†¬ŽÊXÓÇr÷½-µŠYÉN×"4qͱô|Šߊ�ÃC…ê\a�ÆŠ’A:"d3éå;MTu©$†¥ Jνnœ‡N¥,S4½þ¥@‡0KûÒmÏÜ�‰d6j!\ÊIå:dÞ@¨VMâûËAEõ)ÁÑ•ù QßÐÈírícÔuÓgV¹#Wž•Ç5»¼§ ¡CßRÆIÿRYD‹½ÇF€çŽ˜OŠHGŒ†Â»Z z&RBá…É�ë¾ÃE{—üõ
g™–xߥ=Œ¨PX)Ÿ:[O³æÜsÌ)Ð w"/‹&P<zz~zä2ã[4ø
cs=þãZ.×V �~uŸ9Ìœc¾�㨼L„…§&\Q?‡Ùb (êªêÔtâ…=ÌE™Û³P�½šæÌ;'´¸ڦ׺¶™ïžMR"‰\…ÝÁ¼ÃÄMì¡,WÏ ñö¢;ŒÉ=R#7’&WLv~�…”I?D�FÀ<«SbKõ
-âxêÕ�Áîk}øóœi«0¬1Qܘ¡�K…V±õúJÄÕ½q^cbE|�OÐ�òØm<%8øŒÈ²˜¡†Øáðø”x”a!L¸£WM‰�É»ÊÔÓHäþ�¡b@é•Öš_�ŧ¼"a÷?аBZU„äŽ%+“×fà5P(ãyIÁÖʪ£®±‹)`’×(+Úý„ðä"ųÍÊ=hzAÎRM¡³™(þæq7¼Q¬6xÛØÝÒï²wŸ¿<=|¡?½û‰Dß\Ö2¤b�±ÃëñÂõvyÏ{úk©šˆÖ[ý†Í<Œí^Ý�íï¶wév³Ã›lï·üè�ýâ¯Å
-Cendstream
-endobj
-1578 0 obj<</Type/Page/Parent 1367 0 R/Contents 1579 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1579 0 obj<</Filter/FlateDecode/Length 1618      >>stream
+šû+ óïÎgªÀæ‰2–4€HoéáîÓýÝ3¢ž2¢çvÊŒyu`SÙÖ>gç @Xoé<kJwI†å3–.ð»Ø¹Y]á2Á}´ÑÑÚÂ3��	ôCŒ`µAXVÝáÆŽqÂ/s¼žìõ«p×·l63ì!È@š=áEÑ0È›¶ûm˜E:ÐW'ÂÇî½Tka2ZÌfÿ§«¹¦¡¥G´rç‘ÇT|ç“^¯QMN_æô#ý÷­úAÉ»öƒ7—„5MÓ5Ç3ÃîM•gMƒ0·dY(ËIب�ìL{…öñûÐUg�ýbyáA?gl•ò`ƺet~f®C3¤²zã	›–ck€	–c’ßy2µ={²HðS
'·†´��7®ç]ìu!ÌkÐUÇ.–4Y2Fàl=¹*TXŠ@F؆6qÄöÁû.‰£QàÛòì#ûqnø=–�"Q³>Cx´¸+ß·¾Ôlµ¼€g2ap¼t/oÖã†ÛMeº˜F‹ù2@n9á`Y÷~ëýw�ô0endstream
+endobj
+1555 0 obj<</Type/Page/Parent 1372 0 R/Contents 1556 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1556 0 obj<</Filter/FlateDecode/Length 687       >>stream
+x
u”AsÚ0…ïüŠ½•ÌÄ6;Ǥ)·vÚ	™^¸i‰•`É•d<þ÷}²MÚÒ†�¥Ý}ûí[~Î2Zà›Q‘ÓrM²ž-Ò­óeº¢UYà9ÇÏ1†ƒ�Yžæ—÷ÛÙÍfEYFÛr­Ë‚¶Š�g± ­œo´ÇcOžµ
…ŠÉ÷õÞµ¤£6¯ž‚¥ÆjâC<6:ë^ÉW±§Þ¶Ô	®IE>èQÔ{‘^m_fJò5ÔnÕüɳód
=|":“<j6Á“†Œíhïlçy¨‚KsˆU‡”PéNìHÚáãc™ÝN|JwR²÷Ú<�ª§ÚÙ@P;v"ȺápO»yWiY‘hHçIiÇ2X§ÑÑÔç(nwEA¼âm;Èï�×t	œmœ
ÜF £à
´�ÉÍæ–2 ‰ãH–ÙH£Ëð¥¯6°�Á¿‡†É'yœÚü‡6
+„Þ¸f•ì&Ø[„*ÒÔ8>iÛz­mkâ{cMR£JÒžj¡Wã;‡ÐHç¤%ÇÚ	„�Ñ�·à‹"!€}'ú�ªð„³ª•1‹ánÊ]Pƒi8ƒ;çŸZ—““"-3:Ùåë‚þîz83ϧÖ9X%‚¯Øñ�šp_pZ=‡'j?4Ø×qÜdD�±ùʶGEðx¤t´;)<¿«¡æÿ•rÖº
(ϲu:ôÔ´®±žýõØë䢞dÁ‹pVd0ò=ÏgcOÊ*q‚É;Ì•nâ]X§aWkXÛtƒ-õq
Ñ­5 ¡Øëg÷©É q•j«ôa u¹Ëz\¦³Ûûw1œýƒD9M-[–iy»¤¬ÈÓ2Òz¼ûrGßœ}ÁúЃ•m�1‰8“ÁHÙÿRå’’bqïÿcóU±J‹u‰UÀi¹ŠAŸ·³ï³_®‹endstream
+endobj
+1557 0 obj<</Type/Page/Parent 1372 0 R/Contents 1558 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<</I15 15 0 R>>>>/Annots 910 0 R>>endobj
+1558 0 obj<</Filter/FlateDecode/Length 1648      >>stream
+x
•WÛRÛH}÷WôUkª°l°å¼vÙBb§ò°ÎÃXáI$�ÑHö’¯ßÓs1Æ1{)À…¥Q_NŸ>ÝzìÄ4ÀOLã!�Ž(-;ƒh€+Û�O¿vÆq4¦óÁ$QIÃA�úoM;ñÙ×Ï’ÓhÈwG“(ößø.ìÐp’Dg|g&þÛö^’اÇ|µ¤¼óHñÖl\üO%4Nð‰ðú×ñ9½ÓôÑÚ†iv÷âñ·³Nÿ
+Ž4Ëad4Nh–ÙŒp%í^.Ū‘5ŧÝתjTõ@ÓvµÒus<ûfŸ�ÇîÙÞéüϲ.Ç]WM­³6m”®ÜÑ3Šct8F&8úV>¨ªb£Õ,©YJdær+¤0ò„¦¢\2Î¥±'*Ѩµ¤/ªÊôÆÐÝŒV!´R¦KQ)SRåª�¥¬™±û
õ—�o­ÝN{Ÿî/iÞU‘Œ¬Õéý‡7Ó)U¢”­ÔJÎ�9i¹Vº5´–µA&†tîcÒUñÃ7¢ºÕ6”=Ÿ©(
+ù‹ÃjŒìgHWd™bˆDAy[Y´D¡š'Òk•ÁðâÉe-7bôp�ªÒ¢Í¤yÆÁÈ^°ìKD¹®	 U…£l�B=³Ö”«BS½ÅrrÞŸ$ý»Y8±ÓB
?CíJW”ÉRT™M¡•úRöÆQÂM�dæÃј8ŽþU(´½¹…ýó*D
_xQ®þNQ/²Ìq�~Q?D�¡\÷_æÇ„¬øðuiÍpº #-%w
+=ïÖ2ÇÓHpÙ4«7ý>HÁT1‘Ñm�JÀó £J6(µýeb�1¯ævoŽÌSÔ³Ìúdø-À™tIÂдuóN§÷’¬Oè}Õ–¿ë…™wçÇ'$›4Š"ä<•’Óõä	1ÝNßÝ¡¶iËGG D¢	y–&«¢R¥µ6:o¢T—}Ë…RC4T…¼K÷žò°Ÿ_ãîÅýõüø<!ûWá9e7véˆv½HSi]j–ˆ‚n”
ÉPÛË®­ï!ÔM/¾É´1‡\ÿ7Ê1Aô=†ûÁVÖ[ÙJ©Õª-ͲÖíƒÓ¡ÖHîu´´­7h&±€*‹¥Y�u?‰Ë7½ØøPì¡‚`ë
¡ÑêàfK‰‚-A–…”]rù ˆ&ÕUÞ²&‘X趡Íõ‡Ì  ÊP)Ä
+‹ë%š5Uº!…_ÜÀôxlUm’ÓÙcWÉ	…Õˆ»6
<Pöêup©
LV°Ÿ¹^`oiŸ×ºÜv¶•ˆ.8
+‰Ûs� ·ºŸi€ÍQs5�>CDð(ª'ÚÈ£FQµå”/ŠS¶ˆ€ß	@Ø6ªP?8šYC¹�¬îùÁùË�à0ŒŠBo¸‹o§ôÇ[XmTZ ÒpÅ–g)‹©œžtk=gz\�·]yµâÝ¿yIíÒozƒ”ö"ÛQCã†å�¦ÏˆcÐÊZØÉÁeØuÁ6žåÊòrè+µ§þjÿû¢ï“4ý�q2éÇýÁyt1½wf'Ø<ž'¿hÌìˆû:Wmm{Ê�=÷É
1Ý1øGƒ¡•†?-KŽ¾ÒÚDä¾ÈúèëËÈ{,êI48Ÿ°šüÃL®%¤‚Ès½
ØA±%À�õgÌ
ô
_‡@pñ
f™
+ž±û�Aâ»á3¦^«TRZK�Å‚Iðžüµ�—è8n�ÐClÞ‘E»§Ãm¶‰åbÏ¥(ÀlƒÖǦ³5õÀf©0DüŽ`ÐÌ"ëÙ…D8måyZ¡-„14æ¡þd‡X¿…xünÖ†Ÿ¶ÐS"à;8‚m·-?‰¸W€ë-¢5`æ=ÒUÁ»ª]»{Ž�î0'ì;Õ@»£ß ^†V0ìŠqFMq߬dªr·8{Ü¡(íËÝøèTÙZú
"ê
+ëZÐëéÿJÇå²è†’e€ÅI4¢ÊdAVo
KПÔù(§ÊÏ8Ùò+ú͘£ÙC³
£Ó�cû»ù%Ó—†î{%Z;ë^Puö×¾¾Ê9å=±òW¶˜¹ªñÉÊ5�ÉÌ[ç�®<úºø®lþ¶r¨¬«2þAKg°Émɳï¿`åg%Ä ÆA‡‹}ÇA×'~!À[‹jsG¹#„œŽïjBâi	NñB•Xàþí=èl|�G‰Û„“s¶ô~ÖùØùò£o endstream
+endobj
+1559 0 obj<</Type/Page/Parent 1372 0 R/Contents 1560 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R>>/XObject<</I14 14 0 R/I15 15 0 R>>>>/Annots 921 0 R>>endobj
+1560 0 obj<</Filter/FlateDecode/Length 1816      >>stream
+x
�WkoÛÆý®_1-
+Ø
"ŠÔ“ºF�:ŽÓhÅRÑuQ¬ÈµÈ„ä2»¤
ýñ÷Ì.I1ºJp• árwfgÎœyðÓ  ZŒi2§(øž�7Ý??‚¥·¤i€w”ÓlÜ-2ZzËœÂÙ{A0ö¦4Yν‚Á<ôæÍŠ%ûkì.}oÒßí­sèpšX6´ª>ÔC4˜ñ¦]YŽ5v'¾ôw{kÞ]zpü(Û[cw6g“»ÝO,pÜÆ
ß;žâ	¸�î‚)½Vô~0/áËÂ3˜7Da³bóúkìΧޢ·;CÛx:�ÞÄõna%�KÄaÆrö ïõ–9-æ¸×[Â'<Ž›g}
+a¹siæ\zµŒÞL
5mžàÿ<\Ð&¶,ñi]ÖFÆ´=Ðïi«½¡û
•:-*2R?Km¨Rx¡žÓX’©ËR銞”v‡¤¦X§8F�-2%âÇދ͇�OÃñžlâË?UM&QuS®âôé@UUVû…!“o½HOô”f’/qlOì2µ•B‹\Vl‰(°£(ÒRT8
+-O*ËÔ>-vVº¹„óÅ&ZÒã¥z¢HÕÚÈ—dT.	k–íÓ³Èji°[G		C¥¨’bi¡·i¥…>ØË7¶’´,3
¹}Z%'÷Šx
C6Ò©¶€`™´’�/þã7>-]L† ¢Åê/çôß­Fôƒ'„ßå2ß2�ýE%â<-h§U]¶Ã4±ÍäYù[0‡¦‘UH6Zê*•æ¬´Vª¢ÔPš—Y¥UH€Sá·¦\œüâýH?5f7GÇ
ÒþeÏýpÎqGµÑ£LE"‘oŨÑ|ÎÚÂY‘ú±ÃYw¶T—ŒÔW�€d1©n~MÉ¢YDLDÀâȆærº«5¸
*uZ^2ç
+ÚK*¤ŒÏuÅpî5øAYjª�è&‘ÑGÇsÎ
s0•Ì	AÊScRUØÜÌÅÇóá6°ÁÙ&"ð‰æ•›,VØf"§	n»ã´HÏÁyÅqU@3æªZ:4ŠßRÔ—ç"3Šäg¸qÞQ�ïÿ Î„ åÍK¾˜µökj
“hƒ¬v[¨ï¶Ü]u|)sÉ.ÙÒÇqq†ÉZT¨h”Ég™ñ�ÛágKöœV¼–	Q�Ò1ŽAS]ÆÈúÖé¦qaCÖ6’–'­¥+`mõ{¼œ=¾ 
*ÅŽëšF±DüÒ�9,‚8þ¶äj+ž£�9-¹„–ŸêTË\"ðÐáÜŸµ¸Ðÿ¦ÈÐKŠe)‹•¸4
8]ñbÜZ+dì1k#ƒB˜e„ò³«Q°QÀÿJ� aÁƒ�-!L֜ϸÆT
“lFá"G5�½–ÖÅÑ›Ö
îµ~€&³ôBüëºJ”FC¹W.G†èFAèù3”[Çf°UËîT‰@e{b8?{­ÐùÆ�à¿ØQ�
n!ⶃr2YWN¼v­�¨í/Ý2à�«èM/tí
:Ð�-íÔ‘q9à>4“”ùÕÝöÚª9¹îF•F_#ûÔÌÔŽáV–…=L£24¥{GŒ–ÛÉ^¡d1ÓÑ=z×5Ó“kq— ½Ò]?’ÅsªUaé·O$…èC�º¼=Ø�¦Wñ£­å¶—ª”Ö¦¸ØòÒ€Y¾ÍƱIª.'y(02ªQ9�?�g3ªïšG˜K.q´½-Á¡3ó_väÚ%ò’+߉ÃNÛ�ô
+}â7ÄØ	µƒ
+ŒKø¶¥³‘6�Õ½Ì2�Þ¢rcæh ©ÔS±;{&¤Í�㌫c#k ØJäµW*_ð¿Þ%
‡$´ˆuy²ð‰�ŠîÚrÅ5F|mìã ´Óóºïø*ÌÍÐç*†Ç¼Îª´D�Š²9q‚”ÐQ‚¾UðcLÍ™ÍgêmŒBUJcö°$h¡k†› ):í>I1¡E ‡4¨Lv”¯ÜHtrmc?ÒÅY…a®gj°-;n„ä*€R€
E¿�P£¯dïåçÎh‹Ic5Z�r¾•ÜEx£fš¡€�¶Vöï·é°OMÒCº©qgƈ!ÿZ/{³!χÿŸŒÿçüÜü®èû^¢çß]öî~ê·rüOv9-ÃoˆNÆ׿®~¹î¤{¢(e×Y™ˆ®ÿX}SÃÛ»ÕºSп¦¾ïSzµº9
+ŸH¯Ô^êÕ�•?æt—KoÚô�Íæö~s÷îþ;z¸}ÿÛÝÃíkZÝ>¼½[¯ñrÍÈ�Þ„Mÿ¦S/Ç4ŸÏ½ÉÔŽîëë·¯®i¥ÕP_^Q͵Ïvn–ó…ç‡.|Û†nQò䌯HaŠæÔZ»,˜.ðu9ñņžÎùÕífð~ð_ ~ºGendstream
+endobj
+1561 0 obj<</Type/Page/Parent 1372 0 R/Contents 1562 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 926 0 R>>endobj
+1562 0 obj<</Filter/FlateDecode/Length 1719      >>stream
+x
�WïoâFýÎ_1B•Ž“‚„é—*¹\ª“.¹ôàTUM?{�½Ø»Ôk‡£}ßÌ®Cr•zŠH‚מoÞ¼ÿÝÒ?CšŽèlBIÞD\i~}þµs6½ˆÎh2>�”Óxt�‡oÍ;ç³hD“³a4ÃáÅ°ùÂg0Cçƒa4¥ñlŠÿGøŠVr0›DÇׯ�Ó›1
‡´XÑh�CšÌàp2£E*a
h‘ô>²Eª
+*-%UQ(Sf{ŠÓ”b2jGi¡ŸüéÞV4�óeLëʲF‘]Q¹ÃƒÖ¤ºÔÖ8Ê+Wâ†,¥²¨ÔÏo_;@£?šDcøí-6Šâ$±•)©r
+wÉÓF%%ÿ[âøÙG0?áªtÊîôÐÓ‘Šp¥°¶¬�=¼eO§7Iȸ?�f\¸|M¦äOk<ä°?<Ä?Ó’#ÊU¾4Œ
ÂöFÁo[hSª‚¯¨q§¹6‡±ô(Ó®ŒüÅÃðë_É ?šEÃêŸ]DÎáÓ
+E¨
+§N$„!¾5ØRWê,£­uN9ÇGü°s¹W:Sò…“qÕ2Õ,ØB+w”ÄR—úSrü鯈>«€E¹‰Qø`kä6q
›øENI}ß*FM¶CË=¥jW™O¾/$�*¨Î™æ“I1í6L�ÏrF_¡þ®_ÚÄÅ“Æí±AÎÎÙDË͇‰œ�ÓùüÎìQ´	w”#›Cm+§Íº¦ÚCÏß)3|Y؇·
ú«Âæ0ó»6©Ý9º[Ð8œŽ)É4:.¢O[e¨{§ÐMÅãQ,wJ¯7KTwcmÚE»R÷vOá^ºÏb”±+‰/X‡*à–ÃN‚ƒ,3›4XúTOŽœšøI¯qOÝ•Ý{OhEQ2hFD 8nc+´»S>i!ˆ3!5c‡î­r1;ò¸L6Ì4”1œ¢Erhƒ[Ã(Zºšå‚†Ð–„>DSä…;?4WeÉÞ¯E½œ òþúŒ/Ö™°¿g�„•Ñ´–ƒÿÊB›#p߸Æd†vÜgÂZcAVàQ§ôÕkή´Gi—<¢ÅF»º=|‹ÒÝ—�É•(ÃZz6ËìN"�ŽÖ"ÄuÍèí’åþ‰
ñnq:`"yÊ9
±%M—e©ò­„¾xÒÐþv‰¶…ݪ¢„˜q“Ðn£“
råŠ>Ç\Ï�&OAj€vGØôQÞª(@ÛŠ¯ýÜ8½™5åÚ„
r­¤Í¡'ª£$6c‚œj·Íâ½J=|õƒ«î·U‰^i ^WÁò“Ú¸Š¥Ržh�·µ6{!Ü­ô%“C×Vdjcª
¼`Rða»ûå%ßBNï2�<¢ûm7@CŒ�¡bIc¬o
#D©ì4dø;UÚ‰Öx,vñþ%Ñ|i J!Džmpð]Á¾‡¢=ÿ€oìrµ&¢°¬ÊÍÚÀ¯5àÞ`–©øc³z®2^š EX
»­¶¢:ÜMQCr.¢^˜Paá)ÝQ&þþÕü½
¢ž¿5-?¬B‰
+òÌ€ÃÔ}ëøþ#n§XÚÍíZÏ‘e°T´Ûšßf“îÉ3
ŒRéQëÀ!k€ÔdŽ™‹ÆèR/kU¨£h‘ØS«Ö€:‹Kç*̱µxóC·Y$„k‡KW+ª8s–›0^bîç6Õ«}Èçç®J6G)@>.ß}Ä®®§G-WßKûíEè´“ÌÊÄNlž£E<àò¤m° ž�FË;Ù�4Ç
+ÂÌe	W¶	¿õ
+
+!'üBßù®%žý}�Íaäå‡eFv!H“ßnSåËyüÈ…cá”é$AFt%»‘L!Ž™Í‹8Õ�¡Æ{öÖa-Þ±cþ”ØÖU8–M¬B`64²'¼¿ÈCÏåËKäÊ_®÷æÞÔ‘“Vv]åÇ«Ó©¤¬gù-2‡áC©•ôkÚÎo¯鑘NjBh¶�?JØWɯ¨ÜÑ�.³o,pMC`-×üÖºÛyÿóý»0e
ž_�yo¬0€|ÐðüšSîŽÐÁ~æ!WÅ{t\HOX|×°ÁBˆª*·X¢Ä·¬¨<¼q=2Œ*¿!×Xðu亣Xš[)qÞµ)ZãE�c‡0»m{‘½ÇZ»Ç«[—v*Ëú�L†Ö…­¶RÛÓ›Y Àp‚÷ÌÞV‡x�œóf4¿¼½ºÏíWÖàk›-SBĬԧ_?ÒŸ.øþÿ½��§ãhŠTQÝÙ”Ax¿èüÖùâáñ%endstream
+endobj
+1563 0 obj<</Type/Page/Parent 1372 0 R/Contents 1564 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 939 0 R>>endobj
+1564 0 obj<</Filter/FlateDecode/Length 1804      >>stream
+x
µXïOÛHýÎ_1Bwj*%ÆNBb�8)ôšS8’–“’~Xì
qk{}^‡Àýõ÷f×›˜t=©¥‚²Ù3óæí›Yþ>ÈÇ¿€†]ê
(Ê|ÏÇ'Û׿ƒÀР{‚Ÿuƒž×­G)Mšċ^ÐœmŒ3êùC¯×˜…êõú8¯ñ{ߥ¤åAoÀ£ÀZt½~=`ƒ�aFaè…�¹Æ0£ Ï~ÛSxcsŒYXlnmŽ‡l=0Q6ƘퟸÔï„‚F&£>ÖëïmŽ1{Ü÷Ž³ŒAòOÌ
p€‡†k؇-ø{<€
30s»!{{‹Û¹ÆsÀëx7tC€Ò�½ÿ÷íÀœ¹Z8/XÈsH=ÄbðwsofGoŸfK�iâ—ØpȧYÔbÂx=�¦ë¢PeE‚RQÞIÊ×Ù­,I-©(“¼’¥~=û‚“úö¤Nwˆ“Z—¹¤D뵤j%*Z	M¢L´Ì)^cç>–Ë{™ª"“yE–H>x*²[
Zu±ß¬Ê¥Œ©R¤k_â2¹‡±Ú䩱ñÀ§Žá8,/UI�ï¿ÒM/=ú¨�Õ›$Ç^M“�®nØŠV™Ü°›bóu#JkM<ëi¢+�ÆKÊhŽ`rR¹ä¨6k0¢¤õÖ�b4Þ¶ù,ˆd jQYDQš xøªeUÇ©,yü×E0|˧×`ÈʸWoZ«(•4ûžm’jEØšäºiŠÍv‡G3$`©ÒTm  DV¤&+µÁéø,Rë4f»"‚_ÀXÉøÔúæÓ‰K9ÓÐÿB<ÓÚÆE…ºSÔùH¥RÕ¯ZF%¼îDt(Á#ë‡>ä-ì°�«�3ÎU&’ül>]OÆ£Ït9=›Ì“‡Ï4•%ò~6ßÄó;"ozŸë3º,8cÞHñC8pÓÎÄ•¥.�["�ó¥¢ÀÕðƒø«^1A"OiþîŠÞƒ¤åˆ¢ïCráQ"5]M�çÀ�°Ð‰®…þ49Â÷‡¿ž‰à¥ÒiÁ�Ì¥K–ÉÃ2wútî?„€Ý÷ÜOÖ䜤ù_W—¿_.«¢cüzvq,uT&E•¨ütn×ïïkO.éüzüéâšFŸFã÷£7ï/èíå5ÍÞ�§tu=žÌ.®ÛÏžÎW×útîf/¾ÕÅbïJüf¯•¹9;�pñÑbqø231ù3²2]G‘Ôz¹NÓGÖ.Úz¡¶7›^vÊã›å§Óƒ$ƶêô=Å1kÒDn¨¾Išîa¯qµ¡Þö oªÏ›GÔ–¥X§U»®'j¹D±"H «\¤W�kÍ“º˜ä棷¨íV uvëE*_>5Òâ•\½�ožç²”Ʋ„ï©V�RT
#«¹Ë%÷Ѩª]ëê[3¢8vÓMò—¢X±æbµIäX³B«à'Æ=ô��îÀª0;6å2B9à‚Q²%qi7U´‘9ù £uuÏé²�yÐÅâÅ÷;!¸‹×°ÊE$Î’a•¢Býå°:�:ƒ«vŸ¤ò€.Z‰'=£ù„ZlÑC�dAÅBîìq{È.^×̈êÕô{
¹Ê¾è†{Ç™ùmä
�‘�ÅðŒå^£Ò‚›œÄš&/XF/·fÑ:èÈ‚“äc4%ÒÏs±¬±ö†)œ¹}èÙM±u³¢fªEÝ4{Á¶¡íÑê…¦![kî½îáÒ–ç÷"]#=Ì’¢Tw¥Èh¥ÔW2kuó^³9ÆÈ¡	'y¨u%³:Í6ƒîÊ4q$«èÈìŒD±—g¦…(`óèYh	æhðmÏwßÁ%�à� Q>ÒÀ´»7+´™»6ŒÑ_–*¶ÝjãÒ˜H¸dìÈbôm%(œ«ÊÞá¶õ|׳A¾iÍÌ¥tW‰²›¶”ŽüI‡èicJYˆ’ùcA·G:œ[/Ió¨Bv
+t‡ŠR1¼ìR-uVM ¦§5éd„Bì¹ý‚Ô0µ@¶Y%dY"wèÒGFFè\扌YaÐÜ­KVÒÚe¶Ge|@{ý<6ί=jrÚÀÝŃør£jTÚ–›;‡ð w•|¨Ø36òTþÚ&G—¢)¬:qS»Î«}þÌVÒ Â„á¦Wr1ÏöóËT"4ëÉä÷H)3uÏõ™–Ñð‘=}¶ˆÔH8>ߧ�:'¢nÖ-<Mªý—?¶ñAúñ܉cûÄj^Fçb¥ìÙŽs
ú>¹Û³,ÝOӢᩄ£yþ�æ}õ¨Ö`¢Œë»nƒÚD)J0'ïÕ9W¯°8‰Vœj^F
Ck ¬C0ÀßBü]bX×ÕéèÛj§ú‚²Gç*Z›¤qƒÇ;;nCgèãÕR·ßýÀíã�>„x(ckò‰³ƒ?þ–º Yendstream
+endobj
+1565 0 obj<</Type/Page/Parent 1372 0 R/Contents 1566 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1566 0 obj<</Filter/FlateDecode/Length 1148      >>stream
+x
­VkOã8ýÞ_q·¤#VÛ&Mú©He
Z`»i5Ò~7v©g;c;¤ýñ{í$¥Ãc‡-�6ö½Çç>ê{¾·BèãO“cH²VßÇÇÑÈÂp:ÁÏþ)«ÖqÜ
+Ά†¯Ðe<�@L
Íû}ˆ“}³f°YË”A®d´#a#Õ7ÿ×ø+zöá tìEC�éþÞ/Á’‹@¯­AzQè�Ý:Ü$ŠçÆp¡™2@@°
sa˜&ŒzÀ-ÜwK	ÉýT&$­€Â¾?u@ÍgðÂîE�Œu¡ÐŒA²HŸ2íæwìî®{Ô½&˜Ž]çšœÝ�•TpÁEq¿1@Cúñ
Ã.P…ç«göG]°‘.EÅÝU’¿ã	žÌ±rå–*J»Æ]Øpqp¿ÅªL¶Øq¹$ßè#ß0›3‡_3ÁbàšÑOø†›ÚÅï*²Í6e+Ý@]\Ÿ_Åç‹YÀL¼XÉ“y|:ûB‰að[çs'ëÐ^çSç²só¥�y±˜¥ycíúô&ž_dz6¶’ËQšSlimˆ2íÊv9üÎXŽý–Èü¡�“äàÕœ?ùž%×0݃9¥Ok`{yëÜ0fÉZB»
ÿõutô
+¤ýã…‡ãëíூj:îˆ
+t.e`6/zñ˜·€f÷³þa–â?½~¬NÓ[@Ó|Z®M²%qÌ]³ÞÈÏ•8|LÎ ëÆ0²HÖÐ~­
˜,/šPê{DGÂFÕ±è
ÞÅâÿ­Yfß(W°Sœ�£3Ia‚÷öë–5É×,÷\{¡
ÿ
Yj0ª¼£wyÞå=|—÷è]ÞãŸóöª›íç¼÷àJšòNçv^p
ø+£Œ6ÊS6ÿNï§|èlé'R¬{Ígø,noBÅL¡Þ²w$-p/ç@25£��(Ü@ƈÐNA @xn®—艬¾ÎkKv�}Ë%8;€e‡•.½
jºüÈùpc¯ ‚¢ÐnZ=<½È
+žý¿¸ r£á*"+}ÜUv´0¥QIh™p;§H9æ7ܬ�¼;œ!S>Äk†TH•‘4}cG«�à8É3;º/qxØ­ˆ$í±ÿ¸ÄE8;¿8Å7˜¾_3Ï
+�
+)Õ‹™;maÑ°(	C…€ví	5ŠÃI!Á2\ŽPû¬H‘š.H‘n_u6&¶¶uX]'N(´ËÌ=ÍZ¹Ýs�ÇI[_ý 
Ëj¢T¢4°%VÌE^¥ˆ�Š¢ä1²´#ØE0 eÛ
” ÷÷‚+–¡´ÑÕIRŽ+Ûf‰Æ¥ÊÄ&·éÅv*ÙnI<“¬öc82åâ¶m…&SÂ1f˜¸²„å·e³f6ÌTÞò'ò³J[•^GZk~+Pibóg˜fž[�\•
êÒ§’PX’”ˆ�Æ´ÀŠð$öV%£§•Ç(Χ”áý2Λùåñ;X~e‰�™6AN)Ú¬öj‡Þ¤�BüMÝ?œýÉxŠß´ŸX˜Ó¸õgë_ín†Qendstream
+endobj
+1567 0 obj<</Type/Page/Parent 1372 0 R/Contents 1568 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 946 0 R>>endobj
+1568 0 obj<</Filter/FlateDecode/Length 1591      >>stream
+x
¥WÛrÛ6}÷Wì£<�hÝ/}éä^O›ÄM˜Iü‘�„„´¢|}Ïâ"Ó´=ži&M:"
ì✳g—ßÏÆ4Ÿ1-'4]PVž�’žœþùøölº\'3Z¬ɈJšMWÉ*ü*诧År‚gx·H&áÇéÕbŠ³ÕÿNð·–´=›LæX?_/“vMsœïÅmóÅÏzÛ8ÔlÊ'=ðb:Ÿ ø/&óÙý/Ò³‹73�)Ýâþ‹Õ’ÒÜ]{Di6¸ÜÒÑ´Hö{«�±ÝKe[XU’*SÛ†6’r¹UZæ´555¦”X/£ŸÑyúÇVwü )7IfôÖ?ŽQ8¨i$ÿG"l™Ä-R·¥‹Ã{F4Oq‡4d¦,…Îû'ö*ÛS&4§Õ6ÈÉš�á¡üae­EAUmvµ(ý…vRËZX¾P�UzGf®g4’jŽ�•e⣭i�­átr�
²š&”î%]–U­4`I�)iï&ˆ-æ[î,¶XLXÍyݨÜeòùýå¿Ä¸ßˆBjËYø¢tn
½OéyžÓG“5ÿužÐPl@�•=È”?¥°Š™ÁÑ0Q[lF|ô)÷ƒÜP£¬$°½·¶úýâB…{%�iëLâ¤�L´´$:È¢àÿã�^ÌÜdm‰ì]TR:+Ú¤”Ý»�ñXȆ�¥ð×jÓr’¨jKÆ¿°AŒ.Ž$𲩕tjê(xÔ&oý¦p³­¶­
+@Œ·¼ez6¹Ô"›ã„¾°Ú‘AÜñÇdòúøž×
+ _!e¦Œe࣭XÈ,.{g^—=g8YøàWN
¼
+G
¹j­%*DYS
á‰D<Þ�s^ÚŠ‚Öó‹õ
+0yi䵺
ɕȾ‰�lü%²P`Ãe²bëÃ5®'‹e(¿Xšîå©ænSãø›i™¡r2C^”¡ðO7<ÁòH"�€_ËE­tcEQx‰e…âbñ>à%³±B¡ˆ�KXÙC,h`Yþ“(7‚×ötÜ
xæ·C—5`m¼Et©¤p
§³ád•Œ×4œÍ¼8ë˜$ô2B+ú•§íêm‘g$ÑF`L‹ûDÀ#˜³D7òhsØd¦’ÞYð"+]N¾ILìKP¬é
s¿¤=„ÝBvÒ(
úGG½×ç	]jjö¨‰gìÍ1ÝÕ«/ªÝOUU²ÏŠõÌ£äà0JÇÒ
+lU!›g`Ò€ç\¾Cák�•�¢pIKÉÆ´9z[º/©'ì¢oÿ^�FÚ5[¿’¯	°7A¹°bÃöÞù¶+ŽÜÔ¾·¦—Ó�B[²¸	,€þLÓ+*e¶Z5e“Ðk‘í{LEE°§°�¸‹ž"íaß A4�É”ÃëóÇ¿q¬‘Ù>„Æ£#œå°·áMp1þêEfi©�â"=¢¯ìxTàôßêöêm(Õ^ËFe©-s
!Nѱ'ú”p gat¿ñ8
×¼Ô_ôV]
[¨�ÍÝ3´ˆãiÓkÙÐÂÆԬ—�
m©­•=R¶—Ù77©Fl
+™?¡”Yº{é\ëµ¼ëUŠ¾Ïw?Ýì!d n„*8±…�g²NãŒ
}6Ã??|I?$U€(:ÏÀ×ËýºWqò	­<*#ˆ!ö·ô©”
65Óv0,@È™�èöH(³Û�Ÿ©ÀøIW²Æ•Õª²¿Ðä Ëô¯ßˆË/'̈&JHßµÒ­ÀˆFŠ;¡«ÿ:6ƒ.8Ñx=ƒ¡É
r}g 8J)´3¶†c4ÁÈæ=3á>-)±Oa*Ìö¼“Ç_ö›F©ŸúdirY�LLgÜ‹¡yÄÎp§Í²:½wZl/ò©ávggUw,÷»0 ±€ÀŽÊÀI§ñÇ&Å«-ÆIØ£¬�0ÌÞñ“áì�Š^B¢6mü‚˜Ÿß(~†àDo?�|Žt»¶®²×Ñ:L–“ð�ì%œ
¶ñÓ KÐ[LŒP�á
+Úa`Ó
ºësu2/ðÝ·šâKmî¿„>=÷â9¾ÌWœA¯º7ïÆ
Ãåé<õ­2[Î’åbå'ÂõˆOx�žýsö9¼Úendstream
+endobj
+1569 0 obj<</Type/Page/Parent 1372 0 R/Contents 1570 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1570 0 obj<</Filter/FlateDecode/Length 1506      >>stream
+x
…W]oÛ6}÷¯¸ÈS
+Äògc§À0¤i³kÖlqÑ
õh‰¶™P¢BRvŒaÿ}ç’Rb«–¦ˆmñ~�{îáõSg@}üÐdH£sJóN?éãÕ$™Òx:Áë!þ[IËÎûY§wݧš-aq>Å‹Œpºß§Yzú÷›ÙC§OÝA–³ì”øg�Ù2Mµ’…G¿HO~-I”¥5¥UÂKªJmDF™²2õÆîè˜öeŠ`ken`æ¤ÝH{ìì1]¾hb~�þ9lflh©´tÇ,G‡ÙÞ8WIG¢ Ë,»³ªðÒ~.æ§ó7t{ßýãîªåçŸúýp�œ3
+ã#.=~|ÞóFÞ�H}%´Þµ<3©•×ô8>Ô»Ó`»Ò†°_
+IfY4-sG²HMÅ62£íZ¤òÐU¬ÂÑ›<xuÈÂh ìi+ðÑ
+‘òR¤’TDe!ýVÊ¢Ir”¹Ü�°ÊTŽ\U–ÆzDŠm aÓµòèpe¥KèÚX’Ï‚8£oªÈÌÖÑo3REª«ŒAošÅ‘3:¹,q´ì³	¾Y¸µtsó?ióv�LOpöâõâ-¥€Ó‘òŽÐ~§@¤€�rM�èž~txR‡ž'c®o�€Z›-wì±ÀßíZø¦ÚH4<IÀT³•,Q¹hº—Ð%Ju¾BSÑÚ…l•Ö­:Áx™/ðÌsnÇb5/é%­WÀ.SB›æEï^
�ÍãèܨÙÓÔÏ #—VܧJ¥�¤�y„›vÜ1TÁ휗92_)ç1¹Â³Öˆ=:Fà>ýúùv>¿óùUe-xwe
+o�¾—Å×óy(h>ÿXl”5Ó3:=àxtÊX!úF
+±ÙÃEè­Ø9ªaÈ@®züc±³5ú‡_Žÿhh%ÊWƒã0è‚–h[“vý2‚•pˆ‚úd¶H۞ѽÈàºA ÂøH¤Û
+X'Ã` à{Á‘èh%zŠ!b*¦�ª�©¸è#5“Z΢\%43né©
+çáRf?ב÷	 y`œÂ`zY–Q.PŽV¹òÂó@á¡Î3`†š^¥E8(É£X¡èzàiaüšsn~ƒbõAw0Ùo{Ó…Y¦³÷µÓHê¥0¨¾u>aÿ½ëLj½�#—£ZýA‰Uaœ
+×C8‡±çÛ®;êGAçp­!3k²*åê£Ó}‚Â;‹'ÀZæÖC|©UeÀxÖâ‘ÉEµŠÕ0°¸£\o	ôà>ÃM4_´}Ë`‡æ
uöº´&G÷·ï‰â‹¦f_¼JÏ+xTÐ
+"t]XÜY”k~³fA.'ÁZ±kAw½—°/—zÀ(6´úòxFβnH�l‚¿8L+¦V[º»
+Œ��D¯¹0¦{!¡«0DªÈÎ3‹e+ÁÖ°5-ÆìÙ½ö7…ÔË3ÜôPaÌq�e™å*ËpgbÎêû�àÌX98ÔŠüµPϯþ]µˆÒ™ÔÀê#±šD¥âõ$VÍ�Ã5þT
+×HY8€’ÏQè$ ×
+šš™f'	}ã‹#\€c�RUÉè!ëv—fˆ¿]¤ÀdN£NC* 3Ü
Í“Æ[W‚çËئÜ:+µÜp‡›cóÓíZ¥ëcQé,Ü0­Ô‘R}å4>‰A/¡ؼ„•ïØ`oíë9æ5‰èûJ›…Ð5n÷wR<>„‚
ºà4Z'ÂrYèJlAÇWLèò‰,Ù
»Xac
+VôTÉ
+cq¬Žnš8®K›zè­Ü`cô`GSÿ2Ëÿ³2
Õø‰zXÄz!•ž.³žã[&"¶¯RaUä&/�ÖfËÝ´T(¬y`DXkÄÂTþЦXo)˜P¯ SoJTS'MX>"ò
ž˜Ï´ÞøÆÑŸŽðµ¢^%ï/oß_òZó€­‘>˜´âë/Ü6lÙmº“>9="àãÉ8™œO!ßx~1`³�³Îï�
‘!åendstream
+endobj
+1571 0 obj<</Type/Page/Parent 1372 0 R/Contents 1572 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1572 0 obj<</Filter/FlateDecode/Length 1472      >>stream
+x
¥WmOÜFþί˜’Ð)ç{
´ %QS©
+-WUðam¯Ï¶×쮹œªþ÷>³k‡mÔr/Ø·;óÌË33ë»�1�ðÓ|BÓJÊ�Q4¢ÙhMhv8Çõ#)Ûy»Ø~Ñ-2Hâ"%ì�h‘ìSûw×ÈFi›RR¢ËRT)Ñ€¬Æ‘ Ú¨ÊICÚ„Kòû_-n {FãqP>˜@ùþûÏ¢¬y–7ЃÉ,šñz‡é•nÐNhØX3ŒU5,jC¼Ï÷jÚ³¬fDƒñ(:Ü–.ê»�,Ñ#é;Fø7iS>ˆ?’ÆB'}ó¶÷¾�}V«Âû“o�®ÿ·
+d Dò‹@_ˆ2dsÝ)Yé�pau%âBR*3ÑÎR†œ¹\ÂÔTÖ²JUµ$]ÑZ7†ìÚ:Y’[×ò5Å�#…·­¾s”B™{½•‹è#ÿJ•övp*¦ ÙTL(s¹p¬‘rq/Éir+)n[X6 Ð‰(oÀ;¥+Ñ"ßÄÎv.ˆb%Ö6(Éš¢Xw±kñl-•)™R-\^‰RÚ×$,ã�-Ó˜J±f3[3<‚12qt~¶ø‘îEÑHµJ'��¿çÒG
çÝè˜=±ÅE,[ö§¯9<+UÀ¹•ØŠØÕÚ³†gõštæãÇá@°k¬=X­ªžC¼ñ²­-{
ŽND\}Àj3ËH£tªÄ`…‚ ä†ãØÖ‹®Y$=-2ï³Â;{ðÞjh7²Ô÷P(2®qoXò=}Ì67”	UøH‡`•j™;Ê-dæ npWHKŠý]6
@Š¼;=ð¯q.$
e–ú˜n—<2“J˜[ª
+ÂÉ]N\Õ”±4» …UKŽ‘Ó=XÏûÐyX ^{a[k]HÓçwï´�@?�@?Ý-Eb´Ý…(¿DÍ¥k±ÍŒ‘u!À®”ËIԵрN¶Ü£“
Ö®½2vÌg°gãžeÍyÙVÇN2ç™g|ímöAÆ„`%è
ià˜ó.´ÐÖÕÃf™–‘�\{7Ï)xñU®’œ;*°3£ÑT ˆ–Ö *Ã?Ñ#€Ñ`:õ‡f2‹&½“q³\rwjáñ_£“•~<3sî>Ÿ�xô.Ö”e¸Ú	r×ÂjbÈtˆ'CÀ¸­Þí³es‰Ê¶‰QuW;¨`m|{Af‰AYa_f´6çh“ÆÑYÅ‘dŒ!�°í–ËÇÀ&K¡¦âÿ08]Y-Zo@Ýžš“qäg2OÄßøéºÙØ9µ5X_ÐJ†îf°Ý“¿0ó9ŸÆW=hkž�ÝŒo•Ò ¦Ó![…Oä­zBÀƒ™&ôËîÐÁ
e=ž4Ô²b)Ÿ:¼èjÄoïtø|²½Ù®BE[ƒï	›6NlÎ /ÇôrB“ÓÓo¿tè1+} Ý8	¹¡@=M0|§e*´î?00ybù.ºiÖAΟ0¨’2õF“æ³D�Ö‚þ
+R¢Ý2³¥ì|hG${dÁzׂ†þîC„ž÷ì¹,ŸÓŸ³É_´G2É5åªMb®:”–*aç”wÚ2N
+êÓpè§|®­«YOD¤©7�4C‹$UŸàDǯʼn°®»�¼yCU)ìí	®¢î3ê©;G‡_!ÇÔ[x§K¡ª“˳‹ÅÙ¯‹kútqrù[¥>_Ó…4˜R'—¡Oâ|ͯ{Âp昮®NC+!Ÿð/œG7sœB.înŸBr5ÏßLgtµÏ‡ñÛxh¯^ád6 /Ÿ¹ÛŸCõ‰ë-ŽG³#.^šúïö«ÃêmÞØŸˆ*‘±poË{_Ra½`7x
+z�ctïfö¾BçO�ŠV­LŸÓñ”‡ùYµ'ÝÃö‘b|€G™Ã)žZÚG‡‹³ŸßžÑ¹Ñ7|ª{§߆Ÿ{rÐ	æ#~ÎÙÿºá2›Ï¢ùÁ!¦DŽ&¬éýbç—�¿
Nj#3endstream
+endobj
+1573 0 obj<</Type/Page/Parent 1372 0 R/Contents 1574 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1574 0 obj<</Filter/FlateDecode/Length 1428      >>stream
+x
�WkoÛFüî_±ßèõ´äŠ­›
ê6*ŠŠy”Î&yÌiYE~|g÷Hêa»MÛ$ÅÛÛ�›™]}=ÓÿÇ´˜ÐtNIq6ŠG4ŸÎã9Í®¸žàÇiÊäƒÙåe|õÒÓQ<9}þay6¼™ÑxLË{̯´L	ñG#Z&çË�¦(±©¦QD¦LM¢jí©Þ¨¿4ÝÛm•Çæ…}ÔiL¼ ±E¡ËšV;yÇ«$7üÀxR´25ÆçZ¥¦\“-ñ’ññ›åýÙˆã)r\¦çÙ†U’]yíµ⸪LÉ6uÕÔÄ—È¡”‹ÜÚj“ÖEÅ?qåvÍLŽõ–¼Ö´íwÚ7y�|œ~më¯�IòÖ‡=Éd’Fåì*×W³5õ†v¶q$[q=~çk]ÄôkV#µJÛ
+»oJh×µ«�¹q'Eu�%R¢ª�·Eh퀗7¶ôŒÖ£rÆ6>ìH_Ýè€Þðæ-�gáÓqŒËôxÎâiLráZ;O©¥O’ÔœÁ!
&@ãôN½®\é#.cíTÁˆ&�<tÐöèsí¨T…fhaj<CÀœNìº4ÿè”ÙñE+u
+ÿ
JÖOªn€i€<®Cª#zÛ–8™…	ÿºôºéÊçEιHÙ^X¶Ö 'ØÐcoÊ̺BÕ�2gðVh„ÜÚÛ†˜:¦Ö.Ð=³yn·\oË9œôÉ9‡ØdŸôSíTR’ƒ]¿¯Ú�z½`ˆi2†C Ð#„ÖD߆+S¡é¾ò(`uĤžG³˜¾èºæÚšª_"úä 1hÕùçx÷¤*ÔŽJ�Zœšãx¦tÈ{8ARáx‚žøup ¦Oâ"¾v¶\C›Ì'6›”#2ÅÁ¸°;
+g*1¹©
ìg÷hxIëPmò•µ9˜»Ï,ˆk_«òàŒ:æNæ�ˆ!a§a°Ò0„k�ˆ×²˜÷êIun€V_úQh)äÒ¡røtËü2§þƒ6,Èo*7Ê�ßIÇ׶bŽ¿{Ty£¯ñàùÑ	ƒX”*/¬‡íæyÈkïvþ¢5Æ ýˆ·Š¨hðöJÚAe=ж%N¤WyµQeShgƤÁñ9ŸXEô·ð $%êpäc¦BÀ¹so9»¥Í®Bðtw
¢»7€¶:Ïcz�æÀKçák8S	UÃ�ÅŸ˜k€2Ô£Ýõ	}`>!„x½"_©Dã<àìJy?ÅmRÚ^Dj…u7´Åþ0;ùô¨`ÇQ8ÄÝZØÉþœø͸å¦äÞka�è-ÒüöÁãÍp»‘OÙùQ_6cÑ[ë°è(Ù>[œ
+aÌt´®ÝóQJþ­³s’
Ðcbâ{Üöí»r�cG‹DHæÑòÉ‹Ë?ïè–Ûw'�vc‘h‡{úQ@´»çù\ûÍ5ð…F�+‹$Å;iLe¹ÁÜJpÆ÷bÄÿ÷R¬Ëk0¹ÜCÜ9‡JEÚû9pÌ.(2ãp¾V
v˜I‹,ÔtQ­Ap³çô‰c‰NK.å@aܤE«˜
+xaßÀž1A¶ñ
8Ô€B
+ˆ"X'¡¶Ì±ÐÚ0<´Iürû;€n]8ÏûEy•ÀÈÂgâo'>�[’kçDf^7(�¯#ìiJ‚í°tA³bü~2lg’Œgœ
+<Tß�\¯d~‚¡Ô!ãjd‘ÌÀ2 ¾žù
ï»Ìy–(ah~c›<E;ErŠ¾|úùã·äͺT9ëŸwÃTÍ/p¿åGR,)àø*
Äzá¶BÞ\µ_Æ3|“¸šÒ|~%ÒûÏÞC†öžAùÑ&ðì²–©(ÈcŽ/x}°a(û¾as¶˜Å„çx;å8?-Ï~;ûó²endstream
+endobj
+1575 0 obj<</Type/Page/Parent 1372 0 R/Contents 1576 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1576 0 obj<</Filter/FlateDecode/Length 1591      >>stream
+x
…W]OÛJ}çWŒÔ¨L!|¼ÑR¤^µ”T½•Ð•6öo±½fwM‰ÏÌÚĵh/Ð*qvçãÌ™3“Ç­Mñ;££}:XPZmM“)^&sšáõ>þ9MùÖ»Û­½‹šÍé6Ç•Å1^d„ãÓ)ݦ;³ƒdž&ô—]’×u˜Pmɶ¡iÃÛÛ¸:§Ù,^ÝÝ?ÂÕ�ÛÂxÂ_(4UÖÊ]ëƒSÁÔ÷Ô(ÈæÔ8S󃄾ۖ*µ¦B=iñ Øå„ž´3¹Ñž¨Ð?¦•ò”[·R.ÓÙ„ƒ˜Ò.ÂÜgç^jR´rªi´#ål[³M©­*ů-û‰ÏrSê	-[1<ØøK‚ˆÜVrUÂÕ.é¼í/€#¼]ç�HZèô�ÍVê
9´°óKÄ×Î>}úΘÜë 0à,GäÌ}"ôØêV'ô1§5Q°ÑzFLÑ»›s²n”觫k†“a$ßX[j7‘›©ª)誱N9S®ÉÛlr`‹€ðz©©'>ïƒ)KZrìËÊ„\{LÖ´Âg#çµ
|:¢’%ôÕëS>²w1¥“žóˆQÙ¤´{ÕA(ñijCæ,ÎK»ê"@Ö15JR³B×DÓvÙ<n¬mÇbj2¹äÈÇ™}€ðF`Mà9øá�Qnrœ¯×'g¹‰šå´
ùiU¬icm©¥Piª@Ç䌮™ß�õž1—ú'Ãfίª»/òìÉ;x�rq2œšÓªDIAÒ„¾™PÈÊ{リSÝõkŒòRYejD#">Ž€+ÿdôJ¬¼T^¸�LK
'}s
+5ðôÜ�=ÇQ¦k‡+‡?rÍÎV¶-3Ò?�Æ”‘I_eµ,¡D’mtÉ‘q±9ﯗÿ¡mŽg›Ú`ÀÔ5G�é 2à„FŽ;UZ
Îø?Д(ÍhïI¹=駽²ÉözÒ½‰]F™qÈÀºõ‹Š	`½ãirÌL&ü”žÿýçM¤×T�~å:?§,?›NgÕº€Žò™_åVš†KäAw$?€½#"tз
$!°,£:`¾\ã-(&'#kèWžÐCSƒ^e‰Ê«>ÎNm·c‡!T½È¶¤aR[C¼£fK"¨˜ê½B˜�ÅM¤êÑ{‡´ôËpíÌ¢ŽÈ Zs¹¾ëÿ4�¾p_0
e¾ô�$ÞОÉä†Gžze�[KG/¹×�*¿A»Çlk“êr=nì[PU¦O[㬫+´¼ƒž©{í™41ÜSZªºFaâsTbYªú¡{Û�;L©±ŸÁ|è‡ÉÐP?ŒX3GtàÜ%ƒT5d›`e¯Tˆ£{‚xQ¼ÜÜcŠe£rƒ5<£?¨C‹ Û	6lO"Å`ˆ=žú‚îv˜}N{O…V;sÃôïÞvÞc÷G6�|¿”/·eiWRQèŠwÔymżµ;¥$I8¤ßôÒ0!é“F“%.ÎÉ×qG²8�¬Ž9Ƥ…ˆò¦Ã:ŽãÐ(¹{
&Ä	f*™ ÌYÕ‹`RV¯!8ãÚöè¶*#3žu5Ž£—Úov˜~c’u­õQ �~l!p¾Û=×°2,VÞæ
›šŽq·©ÎÀ/êRò¦¶„8÷<C�±oµ9˯Û8îGa6ÐÄ„4ɦG:&¥"nAY‹‘`ûÖò�Œ@Ñ.R ŽÌl–¨
´#̯ ©7©3M
Ÿ@æR4>�'¤*[D¬÷uËœ�ªsŽŸMêì
ð ©×!¡¸Ö?UÕðN‰­g¿™úäpä—{¦D~ýa(]qEµóÏݺT•~¾Û¹–Íñ}iÒ‡»·W�S¨­Ñ8†¬¼dõ|–=1ÿ²çß�]x	bÙ•�²ia-Æ.àSô>¸r÷\�EÉÈàÇy�+¡~ÍW¼¦¯ÑμPs[òp¶Âà=”aŠç#â´áò0ä9&º�þ=gK4ïêƒ%ÑÅÕ‹W€”.¸ÚT“#ƒ·e0¨›Á¦5rž*Þ.À:¸ÂFakUŠðn¨×‰Éq÷åf¶Àw¦ãZ-‿9ûüîŒü&̹MÛ
+@«Úš}íöv�¦Xˆ³ÿû5?š'G‹c|ÿÂÙ“9›øp»õ÷Öy!‚Hendstream
+endobj
+1577 0 obj<</Type/Page/Parent 1372 0 R/Contents 1578 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1578 0 obj<</Filter/FlateDecode/Length 670       >>stream
+x
…TÑn›@|÷W¬*UI¥˜‚M0~t”FêC«´¡}<`m“Àå–¤ôë;wà¸r“V¶%ÃÞÍÌÎìÝ�YD!>­´L¨hfaR’®ƒ˜ât…ÿü:¦íXã y©p&/âå%N ®²Ùû›5E1e[°'I¤”•î0¤¬8�–A¬úªžèÖX¹+ºªj»J—ï²{ì�)ŠÆýóÅ
+»Ï³}e	_…u&¯¹!Ù+qozÛ«º¨P½å’ò�¸’=wXÀ#(ÙÖ˜ºÒ;²ƒlm{÷Xé­é%•Ñ0·ÁŠê„ÌÖÉi­Gĺ7ùHݨ¶GOXéÿÆ-òb…
+m«š/Èt4˜¾›úìÈVMÙ¥
Š6B¶o[ÓÉ	ñÑ €¾›ž5�fô)†X+8Ag›^Œë¢ ß]³páº:#tö'k0Ú{Œg¾Œ0
èЧ’´)•.@pëò€K¯òÙ�FæktBÖ4Îs tE²„u©ôÖYîÅT®¦Gߟ–÷ì�*LÓ(]¾!ÓºNì@e$±{®k²~tl@×Æ��ª(L糧XÙÁÑ·Êz
.É·ß&t碛(tz &�|B;òŒ	¼.‰Y£ÅçÁaÌ&éTzû}A†–1MdzÁБ“_‰Eö¿Ø?Xöo¼Ž¿zm1êЦ`´—ÈÝâ[ãP±ª! ïwpøµì>n½8•›G“T­E‚úLζn�kpÈÙeö<s9¼rÇ€…v½¶‡ƒ%�*PèŽùÄÂl*	„ߎlʪÜšn˜úJ§S%¸œÒ%-’éøÝm>]m0‘æëvÑ7¬Å�£™6ÌWáúy˜ÿyÅÄ+ÜAIŠ
+³¿¾t(²Ù—Ùo6Óž±endstream
+endobj
+1579 0 obj<</Type/Page/Parent 1372 0 R/Contents 1580 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1580 0 obj<</Filter/FlateDecode/Length 1618      >>stream
 x
¥WMoÛF½ûWzrP[±dErzK‚0Ð8n­ =ä²"—âÖä.Ã%Ũ¿¾ïí’M-ÚÂ6l“»óñæÍ›Ñ׳¹\ák.ë…\¯$)Ï®fWòjþj¶”åÍ/ðSkÉ‹ÅÕb¶š¾x»9{ùþµ,®d“ÁÖj}#›T`ç
-O’ów¹ª]Ë|5“OÖdF§ò‹Û9ëe«›Nk+Ÿ�M]çånóbóÇÙ•\.–0q®l*Ÿîn—Ö»ã©-òýÍ×Ñßåõr¶àq8˜ÏäÍÖ7µJšxl)óyl±Fè8vk½«Ucœ—EôôÁ$µó.kFáH“×®Ý墤íC/ºäŠÑ#ôy˜T×HJɹ+ã¦ø¡Ïd~ƒ3¸£
ƒÛi«]ëq±¬Ú†yi»7µ³¥¶�—ÌÕ0T8<oL©gòYKUk�—1£UŸÑ¹tc<†DÏ/p�¶�Å&ØäZT¹U“ˆ|kÍ‚ªUé9)ñ®@XH±qáêÓ¼qv[èaEç(�æ­P&SVx·¸�'„»'‰*
+O’ów¹ª]Ë|9“OÖdF§ò‹Û9ëe«›Nk+Ÿ�M]çånóbóÇÙ•\.–0q®l*Ÿîn—Ö»ã©-òýÍ×Ñßåõr¶àq8˜ÏäÍÖ7µJšxl)óyl±Fè8vk½«Ucœ—EôôÁ$µó.kFáH“×®Ý墤íC/ºäŠÑ#ôy˜T×HJɹ+ã¦ø¡Ïd~ƒ3¸£
ƒÛi«]ëq±¬Ú†yi»7µ³¥¶�—ÌÕ0T8<oL©gòYKUk�—1£UŸÑ¹tc<†DÏ/p�¶�Å&ØäZT¹U“ˆ|kÍ‚ªUé9)ñ®@XH±qáêÓ¼qv[èaEç(�æ­P&SVx·¸�'„»'‰*
 !÷E»Û)•7-Bµ�Iâõ.m�,“¸S%2ÑõÞ$øÝ™&É$̸nT³‰ÓÔ•
 à#ÎÚ‡ãU¥0†QWið@3ïžf<ƒÔû|J•äÆ¢›Üx©ŽKª}R›-’fH£€µC­ýÁ7º¼ý­*à›5æᬵ	‘U…ib¿w�bŽð^À§ÌìZð)&Þ¿é\ýèÅ€º5î‡Y$ÃÓ.Mƒ.XÌ$¯�_ð�aw
�<vº(äѺ%ÏUó
‘«½–Ôd(~•.ÕEdm­{ž2_ÂMŒ'ÅØ¡›*¤
–—±Ê¬�L6:É­C›€Ìv8ÒªìÉÐå¡K•jÂÇ°LÒ
ê<qLäØô:T¢éœÄ"S’ÁxÚsõAJe­®Âk)„l|´š}U‚lj¼‚·TN’N&µ¦/7ðö†T�K’¸–Í[[×€Å`G`àsÄÐgA‡p¼x%tµ<ïcÐSK2ƒÆâ�ª‚ª°{NÊK3@cHv`pÀ÷”&ꀖÉjW
 z ÓÄÝuz¯k�ퟦ,
Ý€
:ˆZì·!A¯™mhCGÑ?°¤rLê”äÆ–B�úk•ò�â<ÞÖúkk(¸
;Xír)H”•B+Üdqmå¶æÏȲ^¶žä=ñ<àT’1âìJ!¤CB†ÜÈ~@§SÃvÕü®j†ËÁÏ…2[k-¾Dc£k†Xb€˜É'n›^MRÜmŽ�†©3i-^ù>éÇÅåzvÃY&Y¬Öߢ^õk,ĨëÄ›ÿï†ïû:J’+»#gçÿ±¹¸™Í_Ÿ0ºM5å‘C8ú
@@ -3414,2657 +3387,2685 @@ T5
 Y[àK]n�"²SØY%®3ùh±˜4Üð�b
;•�F;FyÔ·- >Õ2jXé0Z1.H܉ßÑ–rº
 ®sbÄúOL‚‘rÈ•-×%R‰kTœqøßÝ>üȈyrâ�Å]ú½tSl¼«N�dÒÈÛ*g0,óä%G²=�]Ü59ùËX1I@x>�{Š<e&…s�X°‡c†M¢ù£úqÆ^_[�Ißrb€©{N”Û?>‡
 úŽ})Èï±ã ñÃJ¿A"ˆtºV0ÚÙLÞêD!¸#esDV¶¸G?K
-ÈsÑï0´öº�/ç{£Bìwa[ˆa‡e|’0¶.®Æ,+#x'…ÙÖª>|y�ÿ�;†#dXþˆÏœh1ÊG٬ٵ…ŽX_aÂÚ¦ï͛ӧ§å«?Öý»Os�à=i	zߤÌf¹^ÎÖ«›8‘^ßðÑÏ›³_ÏþìÑÍendstream
-endobj
-1580 0 obj<</Type/Page/Parent 1367 0 R/Contents 1581 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1581 0 obj<</Filter/FlateDecode/Length 1670      >>stream
-x
…WÁrÓH½ç+º8…ªÄ±ã8GC–Z	Yb
-¹´¤±4Dš13’µÞ¯ß×3’ì(ÙÚÈšéî×ï½nÿ>™Ñ¿ft}IWJ«“édJ®fø9_^ãç%þ8E›ðÁÕr:¹|ëƒËŇÉü­–Ë×>®O.>Ïi6£õÁËkZg„ÀÓ)­ÓÓï^9OÖP](ú~ÿå'UœÚ(J9<4ÔxE÷kùË›Œrg›-®”'örpO­mÊ,¼ùÎp­wê]¼,¼5y¿þu2¥óÙÒ[g§k9!ק…m
mt‰›¼ÅM\Çë à#•Q²—Ø™­X‡L$YGj§•6dzZÎ�R—,]cFa9¦ôóü‡6™mÉ+ï5*G
|¡O÷r
”cº¨Ü“MvÚ6žp\§¨2 †”q_‚g¤=%J›\pÿ½‰[ÍÏ*ä½±®åyûõnõåþéi8Ø?ÀOh] ~•¢v{©@×Äei[?d`2U+WI3C&NeÚ©4&n‰Gq;�SkjgËÝF�–M�b�&@Ú²«uÚ”ì¾}é¶ÐiAµk¼¼ÙÝ2`áÔF9eR•�q]e™–\�÷þlH{ëìNgB-t¦Ak
BF°AÀ�N»b
-$ ­èúÿP6yÎI©hõâШÆ;›5¶§Ó‡ÕÝÓ{ò{$]	‰º¸ã˜;Í(ü@A¼ÉfO8MÊH¼Œx»-»}ìÎ(hÊ[Nt©ë=X^î^‹€8^‘Ý “Îý�°gËÞ·Öe¦ºU`zÌÑÀQú|ôŽHÅ×½¯zŠ90)máÓi'õWÍ~zúsñù†f ½xÅ9œ)(`¶˜\Mf¨�]®júåH‰Ç¾r~)¾rz$…:¼,øÔ�lΨ.´QªÇ£‚w(Å�ú[ûZÊÆ	‹pz™�cZ¥uƒC§;ªÁ?F·Úƒ‚èbƒôÄÅ೯»€ ¯pN7xÖjÀ$#Ý€Å�rõlK»×�£_Þ꺰‹‚¤$!^U‹_1ÂB3\£Ò4µ�©QÆqU�˜s§¸†Áx]�J2
-Ê”¬pü•,Ê)gŸ˜©D]{À-08¢{\æ+E, {hÞ©Ø––÷B¬ˆ|«Ð¯-,d€å&j0¼`¥)$ëX8êÐùMÌ)Ra�Ø÷¡û™°…O"=z9Êp.³uÈ*´YºÓ©³ÞnêŽ7j‘ÆPh-²
-v€a¤GùŽ`íyÅœ!XŠÊd(Ù‹T‡´#åQ$éA2`”Ì|�Ì|BbÌô’ø!¹Ið‘l&‹~È´ÝéL	
-Ô¹ŒAÆÌ…Õ2¥¥¼‘ÎxŒY]£PÈ„VÐ98€ÉgÀ…êC7ùO�J˜RÙËN)cU¡ÔÔR&$x4ªñA76;Uz›>ÃZ†u#–̧~7 Kè	;r
-­ERÃ'bR¹2J¤fº@xÿø:/õ$)# ›”1‡c^â`ȼèés<£�Ca¬làzž	IDQªÂ±¾~`†î)Ÿ:�àPS’u	c|ú†ÎŬûÜ ìI0‹ú„ÌÞê°ô÷+ä¸TÂÓD¥½bçÏHm€!À~˜ˆÛ£Ñʉì°ûìØ…•ã‘«„i
ŽR¥ªDv6—©Ôfªi"{*Ö¥ÈáÿÉñîñÛça&vÖtàb@Tú]YTЉmÓ©2tØn¥ÕPÐa†AXº¼Ø|·aŠÔҲɄG.bY±á<´ëL:ˆ�ãÅ0BŒ"v¶°µ¶Ä=Ð@)nœ¸ªuÙc >°’²²aŠkð,2(þÁéJ¶ªÛ¸t~ö¡Qhì·‚צ1a§â0áA¨Ð¬3YÉ
-1Ä«í^«2ݘ›a“ÜPè\tUY…{€£	o·µ˜´cª÷~||ßz
-½ÃN
JqÊ4U[?L̨§°DÆâE›„A%䀪ŨZNdÈÉê‹õ¬�½Ç+‘n¼qB_
§{‘Éqaù¡™áEg)‡Üj;
-šlò0^Üaå™ÐÇ=ÅMÝ…'¸½PˆÅiÅЖ`Lrqð�ø�£·¯ílpƒŠ·cÏÞ´>žØý1|
@aÆŽî>|Ϲø¼ì,w¶ÀWºå-fSq€ÇÕÝÇ•¸Å/™Ÿ·6E‹°&ˆJ¤êóþõóëé�¼ÿK×üz>¹^,±žá�›9úÇú䯓
ʸǥendstream
-endobj
-1582 0 obj<</Type/Page/Parent 1367 0 R/Contents 1583 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1583 0 obj<</Filter/FlateDecode/Length 1828      >>stream
-x
•XMoÛF½ûW|r
›–lGvrsœÈÁ®[)hoÅŠ\JŒ—\fwiUýõ}3»”(ÊAPFdjw>ß¼yô÷“)MðoJ·Wt=£¼>™dºš]g7tswËŸñã4•''—ŸßÓô†%®Ìîð¡ ŸLh‘ŸMgÙMv•Ñ“ª5͵{­rü¿©B¾þeñ
Woh:�W/®nqõl±Öo�>'ëèi>?§Ê“¢R«Ð!€°V�Ÿ´N{ÝàcCµj¶ôõéË_d[íT¨šù­ºö}	¤Œ±ÏÞ't1½Î®Øk<€ë¥u5î؆|—¯IyZ[„ïÏaº2¸_)¯DSPçµ;¸,-5*ã­yÕ•ÎÖTTe©¢û´�Ë5‚úŒÔô?ªn�>Gn>À´2¶Ñ1��u/x&AÕjÛ[OI¸° ]…mI¥Qc·eeð�Ö!@äPpcseH¾‘JetO�ì‡Æ
”•ó¨c@IÛ@H9åûFD£”%¾�3¤‹*"‚†rÛøÎÀ,=}™S¡‚Z¢Ì„~WÏ}zšs¢¯èêÛ4ò8èh–¾º&wH›ÏIµ­©òXßÖÙ•SuÍ ©š ]©ØÚTͲâxíoÁkS2LPué'W=¢éǑІ3ŽUcO‚VÆ’àLj²r¶k��?“O|ëQ(@}V,Þ Á‘C»ªjz*6Uùô´èëÖyöþ8ÿãù�œš}­
-$
lI©<·FL7]-se›¾¢ý}{¿®ˆi™jé”ÛFû˜b :WÍÎ
-�°–ljŠy3.U¼_«|�,ÈuMƒhG9ö-ay-�:6RªTXpC­éØ×–‚ë@EÿMkÛ­ÖÒ–6˜Ù4Üš1c°ÇÔ¤7pÕºª–¬mœ�£%0…1_ñ•ËÏ X!¿³KòËÆ{!Æ£PÆ=;ž
™T“!bkõÂd4}ï4Æ2ØQ‰
-‹o�µ/]+µ~ ¾%ü�ñô¿£‘L`”û²YWàIpf¾„j
Ó|ضlxÜ´ª.ÎÅP¢>	î´U¨BqzhC@D\n/)>¥‰‘VY&«®ÍhÁsÂU¬Æx‘�}«sæÇzż[ƒž…
„5e«0·p˜0Óz«2�¨Ù†7�u…vØ*¥cOŽ¥:£VTþCìë»ÁÖKl/ˆ$ܯƒC`_õÜ%”É“³ïæ¦2Œ3¦fcâ¤Ú�áq3qG[{È
—ø
êþâϼ g¿’ÏÐÞ•¸»Ä°ÀY4xhh°DÙ\o25õØ(wç(ìb‹>‚ƒ�ÙÆà5¦ž™^±¢_�*¶>ƳLJ9’�ÿ´†°º&çu‰Wà̸ãz# ¸>¬-N-a2£ß†îþ	OënŸóó]Å�¼slÌ!"x—±+ü6מ1û>
-R…vË&ñ/Ï4vÛ–´ò #ì}Þrý:€å5¦——Aô1Ö:Øà€ƒ¹Ñº`fÅ@ÌÆÈ6Ú.Œ’À‘(ö¸“o1# âcG]\´¬(è4™:�aÇs{@þŒ¡8F)¤â:ºUAƒÙ±­ß˜ÄÀ�V°—-Â(;>�”"�*Û‹ëi”
"i¯3z6Ýj¥–°ûŽÍ‡^C<ÊØɾØÏ®èÛŸ]ÃV7ÞÒKc7¨š§çûǤy“Fe¨¥N
ãXßêÐ;òU‰XWýNÐùº±Æ®À€,/D.;éÙ¢ŠzÚz_qn€†Ðe¹ÝëرËZÃ
 †ÈF®wÒ·—†ƒQˆÃi�»µzåDàÊéÜÖ-*ƒƒ?<ŽŠ#J Uꃞ•øîÈåŽÎ¥6Ô*‡ÆtF9j-d^£ƒ’pÑÀ€,d`Å…†VƆÛB•€Ÿ"»åÉâÕ"j.+(@d.£j§³Eé+T�Õ!\OKT`o8©—ã$E?ÔÄ#ß(Üò0ZÖÂ<Iº�ɦ'Dij¼9©•¬BaØ]˜ƒçÒ‚UÁ5«Q(æ GQÁW/6c!„©’~‰HN{Zêé‡ê4^Øç…O#1Èú»dÃkz­Ç¯)x‘«ð2�î<'Qö)êÀ‡¨Íoð…À-:fy*ËתY	+ ‡…	šÆÒq<a0cÑ‘®@”‘Æk_06@upÒ»Ö�£H%ìwC‚{Ô1xÙ•5·cÏwÒ2®Ft>:³Xll¬0[UgÅ?3¡öm/½"GŒËkùŒ W§¨Û!õ¢•©Þ) #¸¸ƒ.†+'š[|�¦äa„%,y…ˆzUd,—z�?sG¡ñº†‰eI
-i6X÷"‡øDZLJ1B·æ/x¸ç«±rwI¢Mgø{ÇÝ5Ínïø¥q~ÿøñH²ß¸·ŸlŽ—¡$ùÞEüâvòžÏÿä 7³»löî
-9᳓	ÛøuqòûÉÏ'endstream
-endobj
-1584 0 obj<</Type/Page/Parent 1367 0 R/Contents 1585 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 913 0 R>>endobj
-1585 0 obj<</Filter/FlateDecode/Length 1790      >>stream
-x
�WMsÛ6½ûWìÍÎŒE‹’-˧։ëÄmóÑX÷�™DB"`
P²þ}ߤDÓî´£IF�Ý}»oß.ÿ>JiŒOJ—šÎ(«ŽÆɘfÓY2£óù%¾OðÏJZ…çWÉùk¦“4™¿òÆ“qûß×÷Géä"¹¢Éì
-æ+šLçIÚþUÒ}ð�ÎÇ/]¿]�ÝžSšÒb…hgóKZäÁò˜Ù‰±¹´	-
-åHi/íJd’*ñC:y®ôši¹%ÑøBj¯2á•Ñä¤Ý(œ\KJ/•Îi#펤p»SeI¾WeîÈZÊ7‹Ç£1�Òi2A'¹Ñ’à5ƒmâçg·Hhõ¤Õ_Ûh9q&>ìpœPeò¦÷3S+™³‹��³R-Ϝ̫üîlh@ `öúåú#eF{kJZ©°
‰÷Bµ²”¡}‡©AY›:>z\ó"E%¨@÷RîÝå&k*ä2f’3Xû"=ÒUº$Æ}Eéy,àhš‚FÈ_:KÎñ¡o(1š÷Ö45ÝÝÐ5¢‰ezˆ&\ý“Temø&¼¯ÃE”"³2 j4HÁeÍÍÖѧ—Iy.*ÛdP,ÈP‚à%€lP‹œù±R¸úýäëÝÍ÷7‘Wƒd–+ÕºðåŽrµZI‹k\¾oŸîþ¤m¡²‚
-�“z-ɬØÙRÚ–*!õ.æ½u¹Ph×Õ‰JÆëCçºõûË
¿KèÎ3жdÇŽÍ’ã;ÀlO€˜âTù>*vz
§œHˆ³;pÛÚdó°¶RëÆRŠÖÈ�¦ZÀ 2%ƒƒPxq57$û/µ•ëN©~C6�Áy0¬_Q6�Ãìý
-z5�
8Ô×™rƒp™¨ÞJY‡‚©JžF°šði-Ÿ|D0+kª`#”–é!)Ôª¶&“
Õu©böcébüŒGÏŸ]‚·
-ÂS°±‚)f*þ€êÃÞó®Mwïø»�Û½Æ�Ãñ"Mé],êÇŽ‚L"Á!Í9ÕÈ­r¼ÇZMs[v¡b)œ¤B– 
w¢Ï—Ôýü/m#µiÚTäFhQvÝÃ
Á²6ڊ݈ÈEB_(z'²X8¹ý¡ÑÊÆ5BÍB«»ÐU”
ØZji!
-@Qš@á�Ê=³Hs/–ÆühjôØ �yJGrø­±?Ð`Td¿
-a{µëKnuT	¾C¨ä²BÂ
'4'&6{MwòïFjø‰âA®	ÔÊi¹cEËM%^´K;J”¯ÕÕƒ:jпŠŠm¥o¬†;˜ôåæ]èkÄê¸(Jƒé¹U¾À©A8úŠÒq^fG
^fwJC¬yˆDŸ=Šo!?’ûD訋{‰8U=HÌc5Æ$…²p~a0ÔY�åS­PºÓ�á
ŽÈrÂA‹^—sj@„�ßÌTP;œk”€¥„U`P®V
-ûQ„À^9ëPLÒàÊ“!¾@ƒ¡Ûh€:W.Ø�
´ó­Äc	>üºYȸ±÷bÆ…bgg·Ó°¼g�¦Îí˜FÝ
'¤(ò‡=½kÇ@ø%^î–›0¦±ÈAo>r
± éaòüj
-M‹f‘%=beá/?;-j^Ç°Ç!µA¦!§–7ÎׇÏ‹Ï­|
-V"^áBÈÏ´
ÏâÑ\ºÌª%ú¬ÀZƒŒ¬¥ß÷»Âæç8YŒÄ6Z³þáXÛ?P‰(æxÚ[±1ñД-»3�¥ß•nžhižp*˜Cà]'í]Æí(ùú
-�þök6Z»=©†>Rè-ÇWîM),' –¨ž=¯±î�XÓÜ™Çø
-_ÚË#t/»£�©Ä?ùçÅ;éâèÖÜÛ]ÍSc£²~˜Ý$˜Qègck”4lÄ=þÈõÊx‘¤L/�
ªÊu}O S]¯”—ÙFofêé~¹UF¹ªÆEþ
Ëý%^Aâ(¢n³…±K¬êèè-_g¿Xtâm£Sµ› Ö‘>h¬«khª†ŽÉîL~¢ÌŽ­\7¨ú1Xi{ŠI€
‚†ÞÑà5vYH–¯±=bù“¨_ŒÌê.uðäÚ'“¥q)±Ámñš�‘eAÐqÌÑ(cUÙqX
-@<žŸˆ
ë犉ß$ã4¬€nC’pcÙp1OùF%X�±â ã‚h³D°`áZ¤(¾oùýgVØ3ù�Øj}Äó·{˘µï^x›Ý¯<ÅŽ\a¬*wlÍãMñ§È±¬=>ºLæü.Áú>™]¶}4oŸ¦xS�_Mi6›GEŒ©ýbÍ#²A7ý—!¶;JgxwžOit9¾jô½èœÃÁìbIÇ)ûeqôÇÑ?}”endstream
-endobj
-1586 0 obj<</Type/Page/Parent 1367 0 R/Contents 1587 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 916 0 R>>endobj
-1587 0 obj<</Filter/FlateDecode/Length 2000      >>stream
-x
¥XMoÛF½ûWLÑC@¢DI–dôP8iÜ�c7Q‘‹/+r%nMrÕ]Òªþ}ßÌ’4Í|EĶÌý˜yïÍ›¡ÿ¾ˆi†1­ç´XQR\Ì¢]®gÑŠ–›5~žã¿Ó´çXÚ}ùøÛÅú*Ši9[Ds*(Æ÷«æSNŸ.úŸñty­ûO{ŸñtµŠ6ý§½Ïxz5‹½§ábãë—â¨E´>x½½˜Þ,)Ži»ç4W›5mSIfFÛd´ÍŒ'•çöä©Ê4}º¾}}M*-Li|åTeU0äg²¥,Q5–•ITeð«B'™Ââ·>l§ŸM9ÿjû×ÅŒ&1£´MG÷¿¾¡=‡kgØ=¥¶P†O+vÚùˆÚC¨öøL¥¥Ü–í¨Ô:å�2õ¤Éë£B�š¯šôîRIbë²êB
-iá¤'í"^<½Y5 ôv}Î,ùÌÖyJ;�œUjÊâD©MêYÿ6·ˆò�ó`G~åïwŸ·wÄ´7‡¡rÊþì+]¼„9¾ÛÓÙÖ¤ 2SsÍð�!Z`«horI®eÈ‚T™ÒÉøŒ±xí•q H+oòóÃ+2e¥Œé@$Ÿ:@tïlÁ×;bbl‰cÀÌ€³>nã€D—!'†ým3U‘W&Ó;RsõaKxz}‹ë�ÚUcòVr-Ô9!t5¸i§«
-ìb瀟NX‰˜˜I`#‰fÚkª”ô
‡IÃádmbZ­˜†‡ùjM�¥+ë~2ßDñM®Ö�©x]Fóˆ>ê¿kãvÿ’W¦•eÔP$bSH²Ø)Jl¹7‡è²þ™! Z.“Ú90	:jà£h ¸½¾~óžÞméÏû^Þ;j4ñ,™œex€…šðŒî8ìn¥<¢�J©>2“
ó¢ÑTWÉô¨Š(nJ�A‚B?sf"÷߈Jj®ü©‚aHTT¨µL;k+J�ü"žÛë÷o±ß}xKî>®èÕÑ­öÄ]AÜHAsO‰‚_¨GOWP¬”‘ÅîSÂŽq@!ðO¬óB%™)uÐëOžNÙV&ð¤ÊŠwÀTsŒ¤'È¢ªÂY¸Wãã9XÜÇ>E…e@ o§=ÕrqÃz�¸ðL´fèÀ…ëÌÁ”*'_qQãWg:i6Ž’L°‘ƒ®hïjqmøNŸ2?Àè±á`Y“ôóäáUsÕ³�iÊqº¯6éYÜ0æ`
£öWtcÝ#øÜÉv—‡WcÔý	á$y
ïcëªË„+OL¹CÕ§”*]ØR
-¢gi÷9Šžw›Œ¥„ËOz…1ˆ£8k˜
-ÓJInQUhaœcÇ5@‰Ê”¤–@¸ÐMí©Ìmëóè'80ÑP[ªÛ;tàEÜ'é×ЩB_bnÔÎä¦jÝ
-êmBñð�›„3n'�çüýh¹ÒŽDcÅ)ÝÉ$Zœ¨‡ÍÑÙ'“‚ÐÝ9ä0i8“}óúpÁZ+Yãn´„Ò`Y{]Á!p,Œ™//åØ
0]±¼ƒ\ha'n§[FYñ|¾pÑ6Ïà–1«(¦¦„s³sÊ T�êìëw‡nÑ
èƒ3ñÂ�:ý�›ŒôQ�~·Žâqǯ*Í.´*ý°ä`!“Y´^NæsNôy$…kv, „UçR�Ÿ˜!
™Î�û:guªÍŒuò$»T?éܹ}C§É#¤ê¹0ÃU]Ýs²ô[¡„õmׂq¯a-à\“Ë	£—ó]]½Ì†]TÚÖk
íƒêJ9ÞÐ¤Ä¤ï ’3dÀÄXz4HÁî÷,mI%ˆã| ­VV—RÆ
_"URô¾ÙÎQô$‹ÃB\—­å‘/vMßéÜ®iÏkʯ¬áêžÕšÉËÜGœʇ[cãBìϲGKÛdÅCÁȹµ{é#¾f¼w�¯M³”�i™*—Já5l󱕢ÔN™I2òõƒ‹„ÓvãNÃnÜ¡‚>Úvã`\ˆI�êáL–…ÐÖVS…bðHRÌ‚å¦Nlù­³`
-ƒRº·Ô®áK°(>* údíÝ“ï莓ve/¶)ï)”m¯Ìµ!µÏ8áöˆðŠÀ-�vµÉÙ—ÄÕQ4A�èiMn¡dÚºaü¾ò\€:m�º}Ï�9¼%¦ëG|Z†Q
-N&f,ï
-EÐÚÚ3`Š‰ï7ÓÙ‡¤Üa3c*Î
Ï‘43~†øv0ô!–|ø×HÐ Ï«¿gôñþ–-F<¨�`zç�	ƒm`óÂ9âˆÞ4Sk˜OÚœí—üòî{aÚe¥„½aúíŒGÏ(§Ì!«À4Ô—¢ðýÞ8iNsé£ÇuÆÄÀÌ€,aùÞ+Œ£©>êRÞÁê#¬ç”i°(ï¼±«JÜûdlíÙ×DLÌõ'Õ¡0i9¢‘éÍŒ®ø}€3\|F×Cþqx¸˜ãÉŒgtRËÙ·ÜÈÞ‰<ŸÄ3¼¶cÍ÷ö‹§$h‚M14·ÿ‡\;øF	æM
ªKâ?M[5M&<â‹TßÿIíÿìm¥ÎØ4º�ËhµYà�qø“Að‚{gÿÂ
-¯ð.Êã�“x…¿Ó`Ãd=9éè[/vËÕ&Z]έñLf€·Û‹?.þ{{vkendstream
-endobj
-1588 0 obj<</Type/Page/Parent 1367 0 R/Contents 1589 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 933 0 R>>endobj
-1589 0 obj<</Filter/FlateDecode/Length 1493      >>stream
-x
�WmoÛ6þî_q@QÔEcÉ’cÇ)¶
ÙºýÐv[¼OË0Pe±‘DO”âØ�ßs”(ËoëºMLóx÷ÜÛsä_£€¦øÐMH³ÅÅhêMi±˜á÷õò¿Cü¯$¥v#œßžÝ€oÚýúõ§Q8»öfN§Þ’
-
-oïº[åt?
-Ym0k7ƒ`	¡vµßœÞz!N.8ØE¿P·e?÷;‹ô„×8lýÖ|nõá-ÛE¿5›Y}A0ƒ-»è·ÂÐâ¦!Dì‚·¾_�ü·€Ð*EèËZ%Öÿ)­âñ*S†¶*ϯ(ÚQ"SÑäõ©ÒÔ"Çù»÷ßßaE/WŸ �°zÆ~c*?×±È}#ŠH´ÛÎÌØ£{)©Î$‡[-‰Ž›B–µ¨•.I¥´Ó
Ÿ›ÒÞ„€5ÞŠ²¦Z™7º�ÛL"­27Ò£wµEL"7š¢Få‰5µUe¤Ê$!ùYÆM-¢\’(ÊUT‰JIãµ(oû`LÂ%¢»Á›{ÀàѺLÕº�­V8p—ÆlUg^‰CEck†½í ìM¶‚..ð4ä�Ť{`TJ™Hx¡©jJv¦=7wÆ�âäPߘ!³Î*ݬ3r ­BVIŠõFµº¡WU´©ôFV¬hxN%§Å\‘Ñ­—ë
èJëúÙ1´xCž×V�otSÅÒw0|xˆÏvañ�.þêЉ�þwmJSÝ mª†±4FT;v¥�mI¥:Ï5T®ÉìŠHç*F$ËÇ×_;/ib,œ(O¿ö‹ÈïÊ„›ÆÖa,Œ$�Ò=RitŽÒ3ÿ›í1�¡¶ýÎmyÁafÁTwƒÎGÑ�ÍŸ
š8Ù¾/›Ù#8Ìï±ùð:ð–ÓðKæ÷êN*Æ"sjN‘™¿œ¡z{EÂÇ€™§o™ Òƒ6öe÷U<èx×Èc.Hð£ÞRcdeû�Üø�©¦ë½'eÓPZéâ´­ý縫ű7Óö·Gïw_1U°œkýˆö°­¦i
¸ì2ú§¯ÊÛv6L0Š,9Q÷³ ½äµ]±6ž–c&£ç¡ˆºrò&‰Þå/ÚXµrt¢x8®À—Ùójȹò,cÚM­pFT¾ã´`~€TJ$î¿æ	ÓºZÇ?1ˆšÍ”òsí¼é¦U­
-É¥T�ˆL-\<"T84jjæ/<Ø©èaÌ“ˆË.Ñåf¶Žî퉇—Ý8Ä.Ÿ+DÙ0ì>Anz÷ããl'ûóÏw®Ðä‰þ¦u%7ì×
# e~5ÇUvØŽÇÑOBåvÎ"ª®„m3È8Ó†"?’ „!ÿ¿8ƒgÃlŠèL÷
&ƽ|’•Èi#*QHD%ŽÙÝÍÓŽ��[jŒ¹®+�Û¼F2OJW`ìÖ½/Ý
ÀöÄ`Rº‹Œ3y±U&1b"M\©ÈÖ$Ú~S#œnŠ¸p>Œ—(T|\ãòsÊ—lÙþß
-ÃTSèD¥Ý�@•qÞ$ÇcÕqX¾ß×¹ŽDþó¡¯ÊcÚp‚Îà�¾ñ<ï»sÏ –³W#$hXØäNaV-‘QTU�Ñ‹W/®Z{óñýÝ»¯Ü6+oöDÔÍ©Ôöš3¦oéKN†¢–³ž±!jT‚FeŠ¦øá
-ÁcR”EŠ-ÚHu8sPÀúÙ�Õ0±ÇÿÍäú?˜´$yÑ&4|…ÍvVÉp„šï߸ ôðÙ·ý»h’�ÛÌX	öv'íÇÁ(p:­ìÞƒ�ð¹,¬ÕÓþòlC
Ú¨$Ûd|þ0Ö%XܵuÊ�»#4.JW楬IÄ|U|xÉ1¦´¼É¹¸2<"Õ„ÏkhËÚþÆþøÑŸ³\¤}&ØH˜Œ¿ðßâ%hŸCÁ5Þ“ËWüpÃ@l<?WúZ†Þ>|r,ð¨Ä�ÉÍMÔ¿?h%
f«¬\úØØ‘s½Xz‹yw‰
-¦3VñãjôËèµ[°endstream
-endobj
-1590 0 obj<</Type/Page/Parent 1367 0 R/Contents 1591 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1591 0 obj<</Filter/FlateDecode/Length 1089      >>stream
-x
­VÛnã6|ÏWœnâb-Y’/qòRd“l‘»I-}¤$Úf"‰*IÙ5Ð�ï�”rQœ‹qÃÏefÎýuS„¿˜Nš.(¯Ž¢0¢Åò4œÑly‚ï	þ§•;˜Ï’0|J�&ŸO)Ž)]!Öâ$—”„HQDi>Šá<œ†³�~—¢&³átwþåÓ9i®¶\‘‘î·ÛË*dÅDýKz��³Ç�A²@=i1ºª�}
V²,åNÔkÊeU±º°Q*öÀ_‡¿ï“>%ÓnÃÑ•O”t‰F—7_ί¿¾Ì>"¡]ÌšUÜEÄS €räŠö²Uô]Ô…Üé®z²Õ"Ÿ•¨…6Š©$`ýݘ 8I¦‰=Ý[N�[Qò5×äa”ãÁ}x�Úòˆž’ÒüìOç}Ë4iµš”2gåD³*c“LÔ“šRMNºàŽ,rÁ7z§ Ò“”‚žFÉ�(®Yk�â)î¹ÒÙ–eüŒ>XMpЇ[¾�!vYùðƒZžpù¸dyí0{q�,½â:íÎCº3LjW)”œŠ‚
-Æ+Y;Ê
׆„ùÉ#|H½[^›–•å~luC;Q–´cµqÚ•…Xí½žt•‘¶é�MçJ4î	ÖL‡ ªÜC
[Ù©}PÌ M(ÝϜĊ„Õåv#hÓŒ)kméVê�ÔZd¥§Ìv$qtßâ‹e¨K…§”è{%”6!¥Ò×x†Ù=PnÔEÎõ˜€Á›3Í[‘žyÿ“„{PÞdãú¸"VîØ=3Åj)
-Gc),¬�™è.á¤éy@Š;üU[×°Ÿ0üÁyk4ŒÓ?´V¼éñ,Þ¬2Ý å`l0\E›sËLr|ÁxnLb5,ÖWÙ‘ÒOè4Jæô+EÑ™û¼¨âÙ •;´«õ–k'+ò1µ·­aZVbÄCV›v2«‹™õ2H­ö¢†‡ü´bìV’‚ö}Ä:ƒá9œ4cù1ÀdżTõ½³îWµ†ô}ó¿YÕ”|L×®YÛÕãæé@í—Aïu�â=õû0HfÞJ.®n>¾rP»M"·/Gö<kUÁ˲ýìä·ÈøýÞÌÉgéAef}èBª¯íÂâ¿�Ÿ0ÚÍv“m…lµuªk¬",k“UûÞ¤�Qî±üæ£<îÑÞ%4·“uxã<v“óLoÂsV#ƒ“Ö‡¼`º`Ílì®ï4·VÎø\t+%+w	*{“€gû/&ÇÎ4
5xG)F×à®ÛÚ÷ùK�»õ‚¶K÷Úâ÷£>@Rwn
çØQüÎù…¬0ï�µQx5:üИ·m†QÀ*p™&Ÿ—Ý«@¼ÀëÞrŠ—¿8\XHü‚¸Uòžç†.eÞVðn7ä¶Å ¿œD³è_ó(…P-Y°®z­é¦u*œ-–ábžx´ãhfC\¥GýV£!;endstream
-endobj
-1592 0 obj<</Type/Page/Parent 1367 0 R/Contents 1593 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1593 0 obj<</Filter/FlateDecode/Length 1121      >>stream
-x
½VkoÛ6ýî_q‘�‹Å’_qœÅ�çV¬y¬6Ë>Ð"±‘H‡¤âëþûî%¥Äq¬¶ë)RDâ%yî=ç\Ý»Vzø¯{Ž!-Z½¨£ýI4†Ñdÿà¯0k&­ø´û�ÌpÇx‚pÀè^’´strñíUš‰‚Á
/¤²/“÷­tû½h‚�~ýD9aæFZÑó½Ñå.u.Ó%Áœ6p±PÂøãÓôû
Bw0¦““Ñ•*uR+ؾN(·
)S ô¦J+88
¸¥’3‰�¹´Î‚žÁT»r�²˜âpy|DñÆú§c#HÌ\&ꔆр.žé<שn ÕE�»_QÕha4¢P£µû&¬îV«ƒPaά]ð°ø$¹°õW]‚Ít™sŸóÐ
s[ßZ|¾°Ô¥�§×wbáÒxÓé�pFÀ�Řúì€ë‚IU¥¿�XÌYPbA'™Uæ¥ävnüÿ™.piDŠLI
-ÇÅŒ•¹Cà"ÏmTmŒCJĘe¸Íe¾zHÒĵB"‘íPu¨ÔÕ}š¢©�ûTqýYaçþ
--“¤?Žv£a4ŽàT~ lA*é"Ö1ãP‡65rî*åí×ÚïFkûû¼•ªünzÂb%Ñ°òH>êf*_㽜‰u¬„à–Dë‘Ba34a\?ÉÓg§ ×ÃÔ†°pR†7¥RÈŠ]KQÑsôI@>X¹bß1{»CŠó(	d¡¹œ­UŽ,æµi—Ö‰OÏÄÒßGžs(>Ôq€ZÛ&è6craµ®i)¢7+j|'øx
-Ù÷S'±bÊžŸÇb*™Š*ª)Æy­9O�T÷-F•¨éA›�ZæFÏ…YƒcÅ])T*"8[®	)<Z¤3y”ÃwÖc60¸CY¯Ç5Ikftáa‡
�õ.­‰}ŒÑ•S£0CH]ô•b×N_VžÏ—žSØöÄo?vâªDÁA«­ŠêøÐ)«¯Éƒ£ü)×�ë—ðA ‹«T??¾9?~½uuv¸Õ ÒLCWA{ëŠ\L¦M›Ûú½L…}M[+óÅ
-BJäÐÆ{�/.“7çW
׿;I~>xûºý]Ã:ÁkX
-©�ÿï©‘° �÷~Qjƒ�Û/¡ë5Õÿ?¢nÕ~UZ¿A;l‡®¸Ã±¨Ëêƒgo†Õ›ßáÅì3ešA|ϼõnc[N±E’ÊàãG¸¾n�š X¿!ÂWT[ú“žf(t°ž¯8cøaÀFhŒ°s­8	ç…𳔕¿Ø‹ÐkgùLS	TcÉg¼®çÿšÕ�·ºÇô¥~¿•yŽ=<…ºý6ªã«Äñwüüyüñ餚`úcÌ'CœÁÇa¸¾:8;<€K£ßãÇ:-dŠÑDL„wë
ݽMí�jî�DX_´„æ0¥£ðѧÿÝ
ª™B{»ôî$iýÔúÊódZendstream
-endobj
-1594 0 obj<</Type/Page/Parent 1367 0 R/Contents 1595 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1595 0 obj<</Filter/FlateDecode/Length 930       >>stream
-x
•VkoÛ6ýî_qj�SDO;ŠÛ"8
Š­í6Û‡¸Ce‰ŠÙH¢"Rñ‚mÿ}—”äú1u©
?HÞǹ�s©‡ž—ÞÎ}ŒDYϵ]œ�»v€ñäœþûô)’ÞÕ¼çܸx�yBÁ„þÄ i×Å<¢yÝó4-J!Ï–ñÉüKÏ…å¹ö„„72¿^Ï»üÉ¿8ú¡C€E+Ñqôã»Ó‹þï<_ò<îwi}X9Žú³U¥Ïï‹5­µ6$+yÄätéo‚X×~¾Ȩ;�[ÕÁÂb”5+l7üƒ�Q³ó	/_¢Ì`%pÃÒIEtïÈj)Ÿ¤#³å·BîwT2U•
fÏÄ?zíܼnKkù�®–ØgöÈlßÆL¤aÉe-8†çÕMÐH~Ì!k�S<‰
-9c1”@&bž<A­jMj4£9t˜ŠžseÇŽ³eh뢰r×ÁR…¥ª
-Ȩ䅲ñN¡’U˜¦O9}™sK·ÙÈö5pJRŒ0�MbY)È•¨RZ‹u­�¶®„R�ÕÄÀ^…�
xN–Ó”Âàù.ô-?N%Mu´ŽÁ¡–ÜàÔŸð”!2"‘«�¬SÂ2¦Vº3S~ÏHŒË7­§†b–?¶Ç: Á@Ÿli0¨qnemç´÷=b1éó·x
+†�L0ñiÏ"Õ(o)¼ý;0*”9EÕ¬rź¨ÀþäjÏfÂ÷p´´Z'øk×�>3ÉÊÌҮG“r1drq²g·U,x|ñ¹�È)$ñwÈ��ì]É
-XkyÏT�‰¬Kçà•ã7+Øzñ¹Ãé-úG²�è÷aˆmâÔ»{:†„TĶfÌtï;R‰¢Í“4‰*^šD”M¯~eΖzJFÞ½~ÓÀ[Gdž4Çi=h2\Ç\éš�©”çä�8-+Ú#’—-GBÅEŽÅ°ÕJžb-Êû»RTÅ)VBªÿõbFµ	Usaöþjº—ªÜM�BªÉ–Äbq¨óµà4?7%%›(˜4òm²wA|x>}Ééw€¨‡ú�F~Ù³6·¦!Ë„9TÞ­KöÀ*1ÞiGÞaªÞ¾ÝKuˆ(„RÚ2¸ãvßëâ:Ú–Wu97“æîðz*™Œè
¤™Ž³Ë÷W—ø¹_X¤0Q•1²º-5«U°Î]ýÈÒÞk˜3ižæz
-K|¬Ìü;8óé®Ö¢n M\Ï{¿ôþCy‡endstream
-endobj
-1596 0 obj<</Type/Page/Parent 1367 0 R/Contents 1597 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1597 0 obj<</Filter/FlateDecode/Length 1552      >>stream
-x
¥WÛnÛF}÷WÒ°HI¶%9AP$M�H�´QQ0P¬È•´ÉUvI+BÛH$­¦MÇ wçræ̜ᗋ1�ðwL³	]O)+/FɈ¦·3ü¼™óÏ	þI+÷âönœÜœ{q};Næý¯éýˆîh±‚�é¿äû£-²
Él£éÙ¯V¬åsJe�¥ªRu’§V”K‘Xi¥¡?ÉÖÂÔôþ×;úûÙåâóň†ã\.r6ôâEï™´"ãGéý]ô?œLùôxšÜ&×Éÿèé,«jíÏÞÐxìƒ
‡ß®è äï#¨7Ò¼
dËeÞ½<¸êŸ©Îœ!Q…{'[{U-U•÷íQ.d©+K¢¦z£,í´ªê+™Ýè¦Èi)I,Iµ¦LW•ÌpRã°—¡ºN&œ¼Ã•®)×¥P•²\êÏ�­	Ï•Ï{/QyA…ÎDA
®%>µ»Nsâë,¡tµRë7óùpªôñÕû.Lˆj2õwÊñ(©¹$]	ãÓÜVz�t@ÄÈõé¸Úk³E‘õZ"m“P0º•ÃѳÿÁµ3úQÁ¯hp·ªU&j¥+ZiCš­9ÄT&ím¥Ü�"‡·„I;Q2è.çpOÒR%eÎÆ—}Ç¢¨�kN€Ý•ÓÖr—ÐÃà�ÊÛB5p¹[IK‘m›�%íª‚˜ŒZ«
-%ñˆ¢}k®ƒNò„A+Žè{ƤÒ`N®
q œ<\†‡±2¿ƒü{U>ár-uÞxª
ÓS=öªÞ0ã𬋣҆kÎèšér‡ 
-¡­b&­*%Ijuc2™VÖÂG¶ñIÇVP®ø®Í�–`ú¨=Pø(�mÖ²³3Z×ßys§&tˆG_)Ðü#%±ºëºÅà•Ñ%'߯È1úîÍVОCþuqð-¯âbÒ©ñ3½Sži÷ª#ï‘,xjØ~T¦¬•YcT}…±	}À8`&æ?¡Ïì
´,¯<C÷	g²KµL£�odßt!ŒBÿ°¸ï�Ä`xârC¢EzФ�5ßò&T„²U£³ÕÎvÄ5b¹éó¬W{:ãµ­-½18Nè�ªš¯é½‘òõ§7C»“™Z©Œ'aw^t‘sóD]<¥Ó©Á}ÈÝ›�¹æá£ëÖ¢l#ªµÌ1ýˆ/ä*ŽX�‰>&«°Ï#ØA²‡“ŸFÈ,Êò¥A»åü;ÿé`âƒPf[´J™/=‘†l�­3ƒn‹,Ó
¦óÿ7šÞÇqÐA¯;‡@=ðú-Suð#ŠÂ	‹duãùE�µ±êë
ë&T€œ,2‘+mJQÄ´‚ÆÙ |Â`5Úõa-„Á_ºÉm¥µ�˜‡Kt„,*Y£qq

Âb¹ªw?”ÆL‚ÈÊ˼³!ëö
Æ5ÀK)˜jeÈSÀ‰3
-$9Ó]¼ƒ}Uˆ'*".‡È�¶äøó¬�þm,Æàá’w,7Ofɘ1¶=°ŠrOÑ'V<Ód5¶‡«£>fµá¤Î¤RÀ÷&’zˆ{Á1ÒÝlZºN‹A¥ûfˆ’ôïóÐ�ú

-õé^;´/Žûñ±ÙŽw®3ì¾›Z$ÁtÖnâMf'Mqðk“[Q #t*
*¹U«¦ÂÚÓ`‘ˆʬେË6CÍô«&
-Þ€ð¹G²3!%66h±m£K;Š4TeWˆÚíª‚Ö²’¦XË�‚�ûgðZeqÁ8É%2t(6	Œ/UÐ/5ævÀ§ƒ[zr†Ÿ´.ôÞ¹!¾N§Eà('€ø»u8¡qÕô#rñÔkk\Ÿ£ËxÈ!Ìg.£Iqq‘1'1-¸úÛ=öQU**ŸçR9ýêAÅ[BBïO”[
-Œ¯¬Šå¾Q¡õ–
-…E”×Õ ó°tŽ§øHœ_Ótv—¸ï«O¯Þ¿~E�þÌ_!otÖ”€×í$á0^ÎFü=¿Çh�o,®–ÅjméCãÔ›é<™ÞNðùÈGG36ñãââ狵Ÿyeendstream
-endobj
-1598 0 obj<</Type/Page/Parent 1367 0 R/Contents 1599 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1599 0 obj<</Filter/FlateDecode/Length 1193      >>stream
-x
µWÛnã6}÷W6}p€XÇqì
êmÀA·¿Ðes#‘^’ŠWýúÎèfYNêl.	bÄ9×sÎŒ¾÷Bð7„Ë!œ��§½À`ÞF“KüˆF@Üû¼èù×
Laã�ñÿ‰O
,xŸen
å�ß3iDT|ó¹ô­à™‘.÷7,½O¤u±L„g5H'Ò«Ì
-V(+®"¡r ‡W¾pÜ�݆ZÐJse3Î…ˆNßz
ÂÀ›`mÏ6‹cÉ¥P}zÞJµ”*BÇÏ›8¼uŒ?PäÖ£äâÊæsPú¯7ºIbŸ‹s�¹À«3Û™x¿Ì¬°VjEý}£QÿzaX"j0S;k
TIÂZù¨_`
¡ãE~¢WR•�ë›ý0À™‚¥¾fj…ØS‚™$‡Ö,KlYîÁÜ�Ò[H´~°�È�Ï¥ýµvWA{0y£²ŽåIÎåO4qGŒW7ñÅ&2%:‘5÷±4ÖÝo˜µ¯æG ]颉OTj‡ÕWWjgâXÇ^ž•p«
éÙû}?µ¤°eToR”%DÒ'¤�keu¡ÁûdBc%
çªàÒÊŠ3˜‹"dÒ©<Qs
-áoõë˜ìî(ßG
-*a�Y$n¬
úYfX‚~ÆåzŽ£	u¢iÍ”bÀ´ø×v–úQà¤9§!’–%	j€ÑÚ¡ šàtyÄ
DJ¡„ÃF? P´£`Ý”wÙÖ̪b:ÌýyB¶C¤:‹]F×ÝþØ:¸‡Y­„##Ð10¥t.Õ
-"�-“¢[­¢mŒN7ÎVjX[¯t8­G;" Ô¿pì]xçÞ¥7ôàV'ÌH;°Á%Y@År•F8+-ÔŠÜ€ˆ´¼oº€‘¥F줚ª]«6Éq)çˆ
·fÒþÐ)“Š4
7
’ylNŸ¥Æ�#Ñû™#†:­ØâH%d9‘`W=Š$ÖÔyª
Ã…†ú]ºÅCäi)‹„÷�Î
-'<³N§òßò$MŸ"
ZNÈî{•ëÌtÜV¨Lq±g„fÌÓâh Ö¸µ¶;ŸKÁ¦˜…‚¸³®`B¶£OCà’(·Œj¨u\Êt£qc³‹º"®«†6»Z3ÐNê«Õêt"qáÂ]éÓowý“»Ó&I€ÐG¤Ó©Lýp·7óOÝÛÝïð»ÞäF®ÖîúüîÂét<À�éÜf
-n$7ºLÅ¢¦(^Jð¬ã�æý•,Xø*hÇÑÁ¡·_f7‡pl›=¸1ÉŠ™K^ ¯ØJPÓº';ßÁÀ²¢×(
-lfÍ!ù÷‰Û
-èåf~™ßΊ­¹/gòÖl/v¥·™Ž$Kî)#ÉGíw!dª\ÆÀÏUäåfšŠ¤“³»À;­Ú³ø¿­j,>WãŽån	"WÖà�%Ø3ó¡
[¾ªGqSš#ÅF)F=¬x±�?Ë‹=3Z‚˜U«â>÷ýëIµÙ„c|û�œã‹nõ6p;»ù<ƒ/FÜáPâ	F3þõ…Áe@¯ÆýjzÂBXGCg±ÆOe…ÈŒÆo|1Ä7i:Lc.z÷þ7Xêoendstream
-endobj
-1600 0 obj<</Type/Page/Parent 1367 0 R/Contents 1601 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1601 0 obj<</Filter/FlateDecode/Length 1233      >>stream
-x
µWÛnÛ8}÷W�Å"jÙ²ãÛ¾¥í¶	²kïå!@@K´ÄFU’Šë¿ïJr%M²€›‹ˆäÌ™33‡£¯½�†øi6¢ñ”¢¼7†4šÎðy2çÏ~�¤�_˜,‚y÷ù‡Uop6¤­6°4�㟘`e8¤Ut|ônõ¥7¤~8ÄÉU|œéDD$¢HW…#[m6*Rÿú¯AeÍ Së�•Qe”Û
J‘ßlU±VEXýŠ9#¿VÊ*'kkôÔÜ/çËSoÓèLZXBz‹Q#ãÆæKF«B}{Öf—‡ØÕLˆ‡®¹ƒðð¬Ñó ]*
ˆ=]sááY£æሖÒZ¥ÊE!™£#:eÙ-¡–múXëJX»Õ&~;®£XÙí4ùÓ¦|±ÇŸ˜ëúÔܾÇØŽ±kY•K!p�
¦î-¶^I2Y•¥6Ž6ÚÐÒ¬¥Ñ–þ™»BZU$'úú¸*"�s¦Éiª¬Üï¾~÷šÓÈ£×%ÛÚèü·f=©¥É™ÝÍFën8C]O�B{^k¹Õ“FG‚‡¦T~‚å.öæúÚôâ»L·hh«­êCàÚ·ïÿ2FO«kpvBaXÏýєǀs™Õ$âM':g(S…$±q¸Ð1tû×+h–D:2*&½!Qz§Š„b]­3I¥Ñyé,w_Kø8±Ó6 4£ip—z	°N iwº2´ùZЯŒ‹"]2rìÁ¥FWIZïe™µ­ìRáOòæ�J*–Œ9ÒðSïsp¶ pÖ01>©½‡Ó`Ðg•+ç…ÁwäcÎf�gíßz¢TX�VT9¤…)Èîϲ[…è1<#3),àÜIã¯u+)Õ¥dÙÑX€
-I>¸© wXk,Øßø9fDd°ÆÝ¢Q{oÙŽt�q'T&8,�ÌÂgUTß TÒ D0iwÖÉü=ªÀ¥žRLëñ`;‚jwvÀÔç=FÒH'û+5®N¸èþl¥xÔØ[àå÷„¸©÷¨>‚¹µH2Hd˜¨TVÇçKƒšQÚFâùÐ¥{KiîT„¿[åà^1]eU’xNÿ…Ž+Ìž7Mh
­R0ŠŸµD^˜¬\s´¸)pi ó—Ëemÿô‚°#°!¡¿/ÏÿC¶‹X›ºÐgQÓ~ýY0i¼¨«éc¾}ïkͯ÷'£zV_!¸e–BÂc½€ýuþÉgË;S±Ç[h‡í1:7K4F÷4G{d\ #–% ÁŒïŠNè/�sD²MÈ«
-öŠšÅ•hpÄP‚¾+ë¬[)Zïö¢@çìu¶(Vü.Qeþ:5`¥Íiíx{kÒÙ„ÑFKª.‡�B	£y¹ÌêþçÌ(꼾¹ôµ1Ué€8cˆˆÑ;7Ýþ˜ø¶q~H|›™�uó‚:®¯Fþè
-ùÎ}é@ê¤%æÛ‰[î\„ÐÐm/†¶[Hš58¸×™|•wù`å3
-
-§䔕¬ásÍT[(-wñƒäû´<aØ(íƒçMí…ãy0_Œi:šÔj¼<½øpJWF�ºÒ'U<	y¼œ°~È/¡ó1õgC~¥<~V&O¦ó`:áÅ“w|ò÷UïÏÞwÓŠ·endstream
-endobj
-1602 0 obj<</Type/Page/Parent 1367 0 R/Contents 1603 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1603 0 obj<</Filter/FlateDecode/Length 398       >>stream
-x
mQ]o›0}çWœÇVJ(�ÈcÚmÒe+ÓöêÚ7àìÌaû÷»NZMª&„mÁ9>÷WV¢à§DSaUCNY‘¨‹¯ë¶áµâ׎ÙC—Ý}Ú lЙR·%:†:ySÖy“ãÑ9F¯­¹í^¿FÉ°„_VM^3㦳6ÏÚ(ø?>д@œ�ýÀ;!z‚=^Ž{1žÈ�µä}ÖAÆØ÷ây$l#ãMÐRÄΪ8’_@•ÔY³\åUÒ§“³'§E ì´tÖÛcÀ×Ã#¤G�Aœ	|²3)6€`Á„³VObâ[=´	Ô»«ûûwÍwNbg�}÷NUÙIh“96(ðmÿùÇkè©G>Ž
ÚóÏÞ‘üEEyÉÃÔÔ‡P“6Ú‡$Í.¥õ!õã¢1ÚôÌ›ôozø"Ä=°)
-³u?óëDÚ׉”5O·]as­èi»{ØâàìÉ€VƉ»½ÄMÄå~Ù›Téÿæ½®Û¼¾¯xÚ	P‰ø±Ë¾d
È„¼»endstream
-endobj
-1604 0 obj<</Type/Page/Parent 1367 0 R/Contents 1605 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1605 0 obj<</Filter/FlateDecode/Length 1316      >>stream
-x
�WûkãFþ=Å
-v –Iœ”rÉ]¨!
¹ÆG磬Þ[KZÝî*9ÿ÷ýf%Ç�HI8…`!Í|;óÍ7³«ïcáoLg:žR�Œ¼�NO½s:9?Ãýÿ:¢øàj~0¼¹ Éˆæ1\¦gç4	æ#<	úש(m¤i|æѽ0&ôéÏÕÃç[*³*‘Åáü?ç>>«ÝÇ'Þ}Ø�=ºªdÊ"©ÍNh<nÌ&gÞ”ÍæŠ|¶!›F
äéªÁ=mú”‹eD¾,†eèÿ›¯Ì÷Ì3jµO²p0õcdïëUé î‡RG�UzE*&#r_P(�ÕÒ¯¬T…Çö#L¦Þ	zý°G¨rEÛ!�U$Še*ìF+UÑ“(¬G3š*’l¢•çQ"DcE–�’–þõþ¯O7³†™ôIéfÑñqMâ°2šß]|M
-¨Å†lÈžxt­ŠX&•~•ïTš†gÊD°4dTQ¢TH¡
-*i]"G¨‹¥4‚FàáŒLª4Ç«Ë=r>„!	Ç}¬²L=qz 5­YßÔ±¬%äciÐQ¿]Ë¢O�BKágXÒ©©6Ø”2÷½Yîù¹p†7#ºX«ë¤.Úîjô}UˆIjíšo
—Ãuù†Ví(ìR† Dư练SŠ4t¼åˆ‚üÈI„µ^X ™\FG$dƒ'ø…B™¢g!1È#ŒèIÚÔQºA3,U—A8ìK¦~ídV‘óØè•f±[ß”Q ãåUfe	¾7&F2Ö®(Bo—ÁÞ‘s¬Š(rõCæk¹¢ä•‰ÐFqÝÐÊ3{ææk«Ÿ É
#2R%ßj¸JäcÄ�¬+—¾ijN±¬…Á“âk’)_dßÈ ‡×ÝÚ¦€M—njPªŒ¥¶kP¿*DŽÒ„Q,À�a÷XûõšÆ#ŒQÌ„àÌÖ“ÒϼtÙ�%Ý
vWvmÿ檡°Â ~ÿú)´’›¼íÚE;>M»é@@(Vç5 ;ÐÌjæbÖÆèk+dÁ-Âô˜ŽþbG§jöD¯T9”ã?Æ”CZôg½G´\FacAvUÂË¢ˆ'Œ³
-O*`Kmìâ°s�lU:S	Ƽ•ˆ¿^~'Ë
b±‹þÅâ°›Fˆ‘z;Ä{–2XvC¼�•Š
½`"û"”w#pË©(Tq'�w#äbhƒx…¶­„fÂ~h½èONO‡xPò‡“{uW(T9¤ØŽÚŠ{7Çüv>®µy�h#åv*ž�/'
Æã+á·ÄŽ5ÖÝ‘ÇU–u0ÒykræhEïNù˜€3S;)-Ø_˜jöb§RØ´›-B�±ß
-¾�íŠøñùäV;18-úQrI½?.{oµ^A&вt;-¦ÇVûn¯ÔæJØ ­·l8˜š?È$ïnS�žRlVèhœ…¼ëN²ÔÊí`.Ú“£eé{Nui»‘Eàø™àMúš¤¸–®g3jDE¼‡t¯€=m‰sk³M»¡û:mo;¸–àIÑŒN…b)Mw_no)Æ
Îïլ*–…zBÕêóÓu-Äí:tg•W˜[8öJœAöP‘]ðïÝX•|Þk¶˜Yßnf`]c8NfÁ<_Ë>ùàD«ª6œ_ÃvA@Å-Ù·°VËÃìc7õâ]°-´µö©Q‡7ç[߉õIþŸ¡'Ósoz:Á7,~ŽÇá§ùÁçƒÿ
Ûœ„Ÿendstream
-endobj
-1606 0 obj<</Type/Page/Parent 1367 0 R/Contents 1607 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1607 0 obj<</Filter/FlateDecode/Length 896       >>stream
-x
�VÛnÚ@}ç+æÍDÂÆnÉK•¤¥ª”ÞúP	©ÚØkìf½K½kþ¾3‹iŒ¹D*a³»gÎœ93øO/ß
LCˆ&=ßóa]{#ͦxâ§ä�Ú…h6ÆÛá(òfÝ…»Eo8÷á)ƘÌð"
Ä÷}XÄý<áÒäiÎËÁdÁ$¬™Ö+QZ/6¬Œ3V.ûáx¼¼¸ŒËíÚðZGkU&W‹ß=ÜÀG6‹¤CšsøêbŒæh}
}-X.
9äúá�ËÔYÔEšR‰c}\ÀÈËþµ©Vš—�0ÃÎkQÉg©j	Ñ1šÕ¢Øl=�%ÔJIHòÍ©Ò¡®-¬wçQ2U•—o3º€²Ïkü6Ê›yí±°)ŽI~iåÕÂÎG;ûá„<øaƒ>¯˜Û
lU19½2À¥[öo°t,5X6“q�¬à Rà,Κب³ï4Ê$ÐkçéÖînÈÕ‹Î÷G^HÁë%µ+¹\Ù†=	îÁφ	Zý”Êd´ï‰ãW²ÇGŽ.]Kû9ÒRöÛ	Õ¹€‡;ÁŸxC*ñhe8¿†`Úh�p Á`êEüÐö¸'4¨²Õì4 ö­r¨ôÔ³Z�M"Wb‹ŽÔ1šŠ­¸%Š]A¢ž1€LÕ|ÃË×òÐfL¸¸i
-';²ŸR[ÁÚVAäϸuÇÍ'a57à\œr0”¹½çpJ9A1šóåÇæ©sƒn06¹?•2\“‹:p‡¼79ĺí4ºn|DS'Yc–NøC4*„¶…Å�ÛQˆ4y�Ñû²é
�&®�ó!l›äÅd=Xd¹îP̵…OxÊ*a.ÚnäÁGn¥*•t
ím›…Bœv›
Œ·VZçØS¤jÆ6ØÀ
-›ÂBå¯]óÄPªPÁž)ªVØè*®
“ÆéJ9'ë¿°b-ø«3»žJ+!ìÀØÑ·¥µ®ÎÇÍ êÃý×/÷·‹ež—Úü¢íœÁcUÚ›åÕq†�á¿bStCbÝŸ‘±É‘x»XGaÉ©g‘ù®/?o¿?@¢âªÀ1iQ!ÅÌ…ø羪¨ƒ­He›�á†óY“\0Ág”Y£q3Oo?ßÝ·Rýæø§ù¾�K\Üý
wêÓãÈÿÏŸÑdæMÆ!>ØJú‡Eï{ï/ràwendstream
-endobj
-1608 0 obj<</Type/Page/Parent 1367 0 R/Contents 1609 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1609 0 obj<</Filter/FlateDecode/Length 474       >>stream
-x
�SËnÛ0¼û+æ¨1õ°,)>¦hO-Ð*ÚC€‚)‹­^áIþ¾KInl·@A„ �Ý�™]>nbDôÄÈì2Ôý&böù�i‘әЫ%š9�f)K®÷å&üp‡$BÙP­,/P
-P�ˆþÔÁ»–OVjÄÃgnŒ¨ðýÓGL�;ªá¦ü9'Çù’¼Ýù¥3Ü;Õ	5XŠ8^aIÎ2+[eÐ�Âu’X>:¥¥A§ªç¾K`GTj0–w�ÌW‰°M2–ιöõ1‰ê%ÜB»á°´Ú¯­ôü—D¥†pE13^²	¨l+!¨ymGý‚@¶Ît3:]Ëð*m¦ã�;×>#í	ÃWÃ�ò2Ç“ÿ#\ÂyÆæ$äŤ¥µ/0Vsulm3ê'®C9B>O£¶Üò[Ê•I%…R(‹íÜ–šÅ»eˬ¡3:$sCÃûŠŸrhT'Þ_Ñ
ð<µÒoÏ÷½Uë‰ûo󣚜]l$~déÃ�×~9.Õ¿U�Z÷ë
œI.j§µì–¸t<À7/`¥ròãŸrH‚–\¼jhô؃â¼úI(¹¬†uŠ×µNó½ßÌÿ^™4+X¶Oè¶ù«ï<¿÷åæËæ7ˆCÂendstream
-endobj
-1610 0 obj<</Type/Page/Parent 1367 0 R/Contents 1611 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 946 0 R>>endobj
-1611 0 obj<</Filter/FlateDecode/Length 1998      >>stream
-x
�W]sÚF}çWÜñKñ$ÀàÎôÁ�›Ö3IãÆ´é/‹´‚­%­º+™ðï{î®d’vÚN&¤ý¸_çžsõç ¦)þÅ´LhvCi9˜FS¼9ýùøãàv-h‘,¢„JJâYtÛ=ô4ˆ1?ÇI4Åê,^œžxu>�nh¾ZàoI«)nð¼Ö{,)žÁdoq1‹bšÇ·î`|»€þÉÙ\ÆÑ’æÓ›hî<ZD³î‰Wù¢Ùj†µùj‰ß왑”bx³¢Ù,v�Ä«&ü“»´÷Œ06}^í?cu¶z½Ú{ÆêÍîžÏ~¿LÞÞR2¥uŽ\ß,W´Î\Šñ&¾Ù‹º‘†,=5Ú¨jGO¢ÜŠo,ýj¥™¼é^UòzýÇ`JãdŽÓû4ÕmÕ�ªrmJÑ(]á7‰ŠÞÝß=Ò½22Å]G>ÄÆã¥7>žÍ=.€µ8¢ÇÖÔÚº«'oçÇÝ®d‰ø°k½W–2�¶¥„±LÚÔ¨­´´×j4µVžLfÁ$Á#²ý@xŸ!ñ¥Ë]H€”ó©1"SŠ(Š£»BfU³—dËm-¬=d›ábsM¹*dDH€%¼†¶‰Æí5Rdl°àGÚì¡­°*¥¶ÂŠmD•qšu~á�K^ª«TÖ
UYwø Í38‰ˆ^z6T…K‹Bf½Eø¥âúµAyøîs ²
*Õ$•Í…Â)iGTR ÃFæ°„tsr]úÀ¾Xœ´߈Æ'Ü¨Ø‡ZV.Š1훦þv29‘ÆÛ"u¤ÍnÂG&oÓ®Úãe´bÀÙMr³$¿°àÇ¡@걕lN^éɧádLÕnG„]6µŒR]NNYû/–ÇÉ*ŠoÏ�ý¬éKüá›�R1BÛm¡,zcÇ05BªíZ•a»öíÀˆ|:ÚF–t—•ªRPBqh¯Ò}Wdv½’;‰>1é«�	Ø×9IaœmYJ3BSOWîÌ®ëƒ&‘$û^F­nMŠ2{“¥8Rmô‹sr+i/‹:oÆuc¿¤k”ÝÂøñþ͘‹;þéçõ*…ªüö·GzØU"UšÞ趖¢u^ý¿2³ÁŸ×Tª²ÄÌÂmÏ
‘]ÒÃýwï~÷¥€·´CF¸û4ü©ÄNºn÷hÞøÂl[dYpfǽÔú Zï5ß«ÆáÀ;º0W»Ö{ðÕ`B…z°
DÀ3ïxl—€.øò¬M9¦×0çêÊë“ÐÕ’ÕÉFÚ•¬Rs¬rt¤Mfé;:J{ÅqÞö·CW¡A^h„ʱ͙g‡ŽÅF¯Øñ|}
-ñ9´n{%J9¢wï'(SðƒQ¼w´Á<	Ç(Ý‹
-õhTɯ™^ç…Ø�Åà·•Ò%£W&ï3ó~K�ˆ_§ÑG`08¬KŠÄiEö"×ZÀq3w�€ºyÉ`>£ƒjö„3G*„ÙÑ¥®Úrþæ>dM±´:<{ÛìukªÝ\;Ð\6R®@ÿLN-@ÙThýÜÖ–ÊèÄZÖT\iåŸ-tO±Eô£z
‚Ètñ¹>+(°+4}QÀp9.…Ž:Œz‡–ÚuÅl™¢Š%¼€9k¹Û€”
-šàÏõ
sL—0ÆÄ
	KæùÂVfà!áÆ3&ŠÍõî"TÎtK@Ûh«›¦�0òì<@¦eÐúÄ*Š•”§•;ÐÎägO�ý>Õ/`»Q'ÚàK
Íí$ê’ˆf<^ý“ä,Ìjna!%Ó嶅È/Þ%•kžP0†822².Tʤ-ÎÃë8GU,и¥"”�óØËu1¬:…?0”™c´ð�üŒÜbDÁ³.lGmÖ7Â"t<{¬ÒÍ0Þ\û• ¨CîÃËÍÖîÿn+_
-pêr„BŒà—}ÑôWi2ÈR�&ƒ3^ÝC-î�ã\¹á‹�ƒÄ•nÆD³õyÈëŠp¦	¤ñ4Ÿ:†»W‚\€"MFC4tºG2=…Mƒ±²åö@1Kyž·0V“ŸkÕé3Ûˆ–aÕÿ(šà!ã¾ÍÕj¾~|¸ï¨á“ÿ�¨ '
•wÜQ�ô¶h˜‹�,Ìiæ´TAÜð&üÌ2¯”RTŽ¶Â`ìGâsà®m âÈcFL¬b*0·e®¨½Ä±:ß=>tsŒb€;)fǬþf?l»ÞÇVê
-ôäÉ®=`�KlE™mQ^@:`†Í°6òE
b…ûvèÙuTž¥nÐuǹ(8w¼¾8T`6#«‰5ê4¾¿ùí‰#%Ó2t¸Š¨òlÄr<Ò¶u­Mãiñ/ÞÓ­HŸ%pºÊhuÃjºn<fùó¤‹í—�œøW—û›lûåv|dð?èë²Æ‡SÒàd(K@Í'?(ðF剿à˜2T•-Ï¢Èö×Íÿ�»¢m4
¤kÖ‚‘‡ÆfètÜZ�*�SXÎ�öË”±Ž;Ý÷2ôjÒ4Îß‹§	ÝŸM…jŽgõpzŒo(8ðô	…Í9u†ÖX�1´<Ys’ÞZ']}¢ào8D¥ÊÚaã7xu"’+ðÊ͇'ݘŲ�|út®ºêÃ:>œªüÛOjú/ŸÑóܾHü§RÏÙúëÁ/ƒ¿	Uýendstream
-endobj
-1612 0 obj<</Type/Page/Parent 1367 0 R/Contents 1613 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 955 0 R>>endobj
-1613 0 obj<</Filter/FlateDecode/Length 1946      >>stream
-x
•Wßsâ8~Ï_ÑSRdŸŽ
“ÙÜ%Ù\ µwU¼[MlËgÉaøïïkÉÃfçê&‰-©ûë__·þs1 >~4	i8¦(»è}¼9|½~»a0¤›ñ$)£aÜÖO)-x?ÝŒFXM'ø;ħ””\„ã>Ž�nÂ`ÄǦc,ø'>6ê�‚ñau4ÓÖ*�BÞq*tp{MaŸµdN¦îŸ,C'éôԯˋÞýˆZ&°v<�Ð2vFöiubU™Ì­°JçÁÕòûEŸºá¢—qg¹•0Gð‡¹£B«Ü²šŒ-¥1$Öº²´Û
-Kv+‰�÷îÃZY§ÛÝ)»í¦±(ŒÈübƒ¤C±–†rm©(õ‡Še@PG�óÙ™ª(tik4ƒ!ÌšR&²,eÌúUîÚ­2Ô2á(VåQZÅò–‚ðŒšQ&EnH'ˆ•-•üPù†*#KQ¤«ÜBz¢Ë̹„’Rg$rúCå±Þx92‹¬ú�4W¥Œ¬.÷„Ó²tþëÝGµº“`Ê9ì«p<©ÝÓxÀ-vãNP©ˆTOÚ¨Wcvñÿ%ºNƒÁíÑdv¬‘‘ÎcRVfÁž5‚
-s³"Uf§®÷ð
+ux^,`tL/³'Êt\¥Òôøíå‘`¦Aª8ÿ!æFžE)UëRÀ«¦Ñ¢×V¨œ'_fóGZèÄî8­V�­µÅ/½Þn·
-§
õVW
ý¦wª®]˜c	©S	#µ©J =SìÀP!¢w±�v¿–{¶+d"]HŽùIÊÔ^½¥
ª‚Ë£;ùÔÜÀ>
Þyeá¢lXq»¦ºáÕêë¥N`‘ÅkŠt,9SÀId+Éœb–Mì<l¥±øÓûž‘þ^ÈÜiã:÷yå6F©B�ž}𶯔™ôjÍVW)¢Š(¯SÉ%³Óå;qAÒ³´&…¼4­ö¶µ4Ñbþ�cÎôÆ•“‰<}wN…œ;FS"|ÐjâAp4#álSƒ*Ö%"„…uµAb-9�¨†Ì”€Í[Qºs‰úÐCr¦¯+a(ä:çüº¦"•rpØTP¥(cä�¦ÈA¿†›Ö¢[¿ø›{
-t¹qˆ¾Ýþøî§2B†@f&ÜÉW™:Ê0[U°æëý…Ãþ¤†ö}vÚ¨3Ï6¼ôi6-e�<5™
=„æ2ù
-¦¯=a¯ÂÖÓÜAæyÙèqŽý;ò‡@½KÓãüêy»½ˆSg5ª¡a§UçY[xÔ=8·­ø�Ø 
-•($3x$âÝõ�B–Ê5˜´¡uDLY…�ì]ìÀÑ %_%!—>²¡vW£Þ!­ÝEzý¤¥ E’
ˆ8'nTŽé{÷}º­k9¬k¹}bÕ¡
*{Üà3Âg2ß >ñCϳ§¯tÙVvI‹·IJ Åòõínùö:{l°õѵQóÄÿæ_wtéVã¼ülßÓÛb	Ò£JÅô…J|¯®>Ý7û7ñ¾(Ƕ4{á ‘Ç_(·­‡b?
-cÒò6½Ñù¾¦/Ÿ‰t8ÉíJ¿�ÞUô®O�v'ò»­È7�Ax|ªŒ=<£[ØûTlÌOåÇÊ {ퟙˆ¾�ÉÖ¿i÷׿æ%7M¼�JUÀPÔ”šÓ×?ýx,ý1ôœâvýÍøÁ˜ He¨‰o¥®Š‡9^Ä:Cã�‡½�OkìÀ×í* WH‡|öC³óymy¶ýýa
-åF£wÜàÐB9ç},¥à¹!nLª‡4
SE[ÎÜTnDÊD
ÂB;ÈQEµöí˜)�˜äl‰Y¼âË©.;>ˆO	�拆ÏÔšj�)?¤«´E€%<C2 3¬e5Sáß‘„l+ìçï:X•a¸bsw?ïDŽÚn«`8Ïv©dF`•Gø�5påÖ<Õš{üJ33uçÊý5Í™�Ðìð0gž2…CÓ
é Úí}{~ø—ðÙÜÐÌ·‰FˆS˜-~<e‡c¦uNØŠ›•mÆ"ç&¾Xaú­j:tÀâf¬<¶_~_wTÃsL›Æni
Yud°	˜_VWµÃ5¶§¢ð™Â>j7Ÿ|˜å]'e6Fãâ¾Å‰ËñÉ�T›?]r5az>�»-ö3¿‚՜߹ù»B
N¨c\³¯ÙMPyìs
�¼ë,ì®z›±Ì¿2�j0�¬Uîï:ÇIÌ…Ô˜bðí'V‡Éçç™RoÀ'w…%Ü)°RóÜqG~@Û#ê)Ø:<i‹].²UguuMÒPßú`6Wg³¿T�éöäç"ª”¹JL‘W[
fe'ºÉ‘§÷F±Ê�&MA잤ÊquÑ9k‘Æm*²é¾2'"�öèΔ¶«8ïìK\Û´1ªž-}±sÜ=>ôŠ?]¤à~w�™ÏÖŽf~æË
±GÏtþ…ˆç‡ç5�´°6—Ö�µðš#JÌÞ6$®¬9‡À€�²¬"‹É°žé¦5Ýp»ïO‡4×óÂböôëŒ^J̓ÍÛ×KÙmt'}ŒqçÝFãi0¾	ýMp0¸a!_—ÿ¼ø/kå"Õendstream
-endobj
-1614 0 obj<</Type/Page/Parent 1367 0 R/Contents 1615 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 958 0 R>>endobj
-1615 0 obj<</Filter/FlateDecode/Length 1136      >>stream
-x
�V]oÚH}çW\)!R0ˆ�ǤÝT‘vÓnþ!Uc{Óµ=ŽÇ.áß﹞±1Nж%
-²™;÷ãÜs?^>MðçÓbJ³€¢t0ñðêϽ€æËž§ø/$mù¢í××OƒYÀç�7§”næÞÊ>'ô48¾¥¬¼Ùñän=߯È_ÐzÃÁÒ§u\«�Ð:ú+ïÆ£:ÛªçªPÙ3=‰4´WåŽþüxûåjýÝ*˜[£Ù®®c{Ó÷ès.3¤È)¥Ò™½6GdîÚÄõ&•EIK2Užë¢¤­.¨Üá�íÞF‘®²’tø]F%dIdG±*ð«.ddñC×´U…)a9?°6:¡‘?ó¦l¬Öè™h'S
ÉDR©É$"�/Í©·Ôjö¬ãœ’ÆqÆÚ
-­Ë{zãN‡åÖïÆÊX–ÑX‘$ùØš¿Å©|”¯åuƒpjý$‚S-Cê_áø<ÎEï‚Gë3(C¸*3Tî5‰²,TX•Òðýšû�ŠvKS•ëŒ4<.¨ƒ¯±6.+_‘2¸¶U™Œ9¡=#mpâð빌äÇïäõ2V&OÄáQ¤ò¼�wà„!°ç9—…ÑÙ“Ì�îé-7’Ò
-$e“©¸‡L(Áa�ë×óײmÕ�mnÉvqA=*�¤i™ú¶!ÙÍm†œiøèùR¡nb
-œQ%å檉`â-™ÛMMÒñÓ3_Ѹ£Úi踑IÃ×s·–ÛT�LÅ_t÷\¾CU·—¼
½Ê"�¦�«Ü
ò†Imé +Úþ}ǵ;fÉ×ûÓÙd�\=><m®\{@!±ý´¼›“L™•;Ìðða�ãûn®{÷Z+3ÃzÍY+w¢¬ýMÑ	¸�Ñ)3>V‘4„j¯ßmIPªQ•‘Û*IŽ…n®ù¿|©®…­N½ÇHismY¾Š4Oäu�JÒ › ¡‹3”
-Ì6÷vD‰0"›!÷…\£ÂäÀêµ8陫�?F„¡½L’ÍÕùº£1RÖ@Ñ(tìCbº5ÕÎ?îž$Г¯n–ÕΣ¼ä‹êTNÃ�<üö,KDžï3‘n†ïÔ)+D{=Ö)å…4×­Ö¦D¸-8Æåq£6ù¾PñYÅ8ë(nuv<í�;£#¹@û3h­¼?œKǽNFP2…BJeÚ1ܤªèÅ……<ViˆéßÖÑcðVìùçÄ¢¬õym©d‹ÿ8Œ¬Ñzµj7#^­ì^4}g§âXNkÑ®Dhm©P.
-LµŠTñC¨D„X]¸"Ó°ì(оÞЬÎi³�ŒFü눗°èÔà­ˆ�®·¯¸¾Þ ë
-Ý Wè]n¬‹;ê¨Þ8«%c«7rFG;%–Éx¸™7ß—îÔŸ-½åjÆ{§�WO·ÝÝÒ—B×ÞGUÜ7Û�qäX‚—3-&ŠÎÿ[PçÁÒn¦ÖßØÃ?Öƒ¿ÿ
ÎîfÂendstream
-endobj
-1616 0 obj<</Type/Page/Parent 1367 0 R/Contents 1617 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 971 0 R>>endobj
-1617 0 obj<</Filter/FlateDecode/Length 1487      >>stream
-x
¥WßsÚH~ç¯Ð„¹ƒÌ€Á@ÜLèäÒö¦Éå
-oÇ=,ö;±½¾Ýu)ÿýIZ›_C;×i˜ë]IŸ¤OÒòoˇ!¾|˜Ž`@˜·†ÞŸÞ>¿o�oÁŒÞs¸›xóz‘Á²u²Ìa6ñ‚“='7y³ƒ/ŽrõÞìÎApØ;Yæ0Ÿ‘½ÃžÓy7GC
^uÖ{³±7�à°çä&
>läxq”«÷¦sχà°çäÆcØÈñâ(WïMïÈÞaÏ÷9NÀ�÷§>iåIbxa„'F0™Mé;þk	qëݪ5xœ€ïÃ*¦|³)¬"NÇVa7‹D	Fê/Rß®^ñlXŸíO½¥ru×£`
-n·ÑÄ›}Ÿ¼À¬DDyZ@Tü¤SÅqúõ'•ÄifÚ¡Riû#8ú£™çÏ¡?"N`TV‰4¦!’&ÔéFF€²‰“o¼Pñº{·¾…\PŠ-ž-"0
-vi–A¡,l$&±”¢d"µôàƒÚILU‘—™$€C8d¢Q
L¿ÒP!†]jTŸ/¥Z†Vé=„ªÊ"%ZÐ Œóus¢
-êMœí6*£™
-E6@³1ÈÒÍ ±Õ@"3Ñí¿·™ÚˆìŸ‹Ç@F†•Níî	3ŽÀ×’|D¡Þ—bÌNéÈàÙ½dp„ÉÇ:E#|´�v“*…È%žZ-–V¿¿ÿóšaÔô¶Õª*ñÜóâóóÇE}êLa˜ÉZfòRhÔŒDºj½�i�ÓBrBžÁ*ëD°I‹(-¶ôŒÒ}¹«´Fß™ãm@ÂÜæÜÙ$5€ªñ�è`0kŽCMè=€Ï-hH™ª—ÁlC^æ‘‘ø±G„«ƒòßú»º²G.ï]L‘–¶ÜQ|�5ºr…í“C×"Üfèe¢®¡9ë2ž�6LH„û1æˆÜœµŒø"²ê�ä‹°„‰(¶ÒôPÑ𢮉
Ah\)è£w
Ú™-$ÀMXÜ/‰Æð$
-¬;ÝSÕ})–S/
-ï™áôEéíÍuš€)e˜Æ{ö…«Ê%¶c QÆ2!×]䇨2k m­o¿‰Ð©@|"�Qxá:‚‡#÷–ËO J›ªvD>l,Vø5þ]³Ý†u·£â¸ÓC^X¡-ØÌà{GGÜ­ýXß~¼ÉùAþ:è“‚¡æJq¡öT³¥Ž£1äÉÁ*G/ÀÉE¾]ÇïÈd�*n¾ƒ’­ÞÃx6¿ð4­"òE]ì”a‘=-ëk°˜tn˜å~”a[YH-²ÌQ¬Î€kO¶&ê
ê퀺™ÕǺûëº[¥Ñý/¦²«6¯È’0Ã>ë(¿q ÈÐõ-Ó~ð8o<Æ<Ò|¼&yP4<¯ÞSW54ð’rYÔ#³¹(PÏžºž½0ÜôQÌÂ/8� q¢+.'&~mN@ö`¯*0	­\ET~ôD~M
‘½‰A}'áëîhÁ•a•Ê˜J‘™ˆg†„µ8¡++MÓBš1þ$(ãò°y´R�?Óvû•Zp–¾É÷O¦yj±sTå…Xä ~Ô�ßb9‚…#p¸Ä1Þ
-,'-%¨˜…¸˜¨™R„ò·ÓØaÉ]"vº<RÛ+3‘¯Š{!µÀà	êÒN"/‡–ùmóƃ?0Féþ“n+¤:©áy¹d>½,ž˜ š(Ò)k**„^Ó'Ò†*/¾BQ»c=.ÏtïYß^æðc
Knø8Ú%ÕõÈycš(Ò9uÂ_0{ceN…E- ìF¥2é×Ú}ç4îå’nk6¶V�‹·Ë¸V†nu˜²Ã:8ʧ¬öàm¡vƒ�ªÏ«>3†#Þ :ÖFÅݲ(dqåkZ�µŽÄàqVßêýÌÆøû‡ïjËÅÓ»¼hE­TXQs$Ik¿9ÞŸñVuÿoýO‚™Ü�ÜÏߟ’²ßW­¿Zÿ
ûm€endstream
-endobj
-1618 0 obj<</Type/Page/Parent 1367 0 R/Contents 1619 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 974 0 R>>endobj
-1619 0 obj<</Filter/FlateDecode/Length 1734      >>stream
-x
½X]sÛ8|÷¯˜ò¾(W#Z¶$§Ê^gs»UŽ“‹´•\�î
"A			((EÿþzRÌf+[{•$v,Â4fº§þ|‘ÒSš\ÑhLYu1L†4žÞ&×t=�àç+|YI?ÀÒ÷wÿKoFi2¦ŠÆ·É„â‹’f'/+J‡×Éôä!‡
yóNˆŸçÏ_ÝR:¡y
Tãñ
>7ÏCÔ!ͳ^Š(	ÍdV[å÷$tNNTKqŸe¦ÖþÙü#6¸¦4�®&7Ï{óµÄ¾üÎ�ª6Æz¡=mŒÒÞ‘78b%«¥´´[KM¹rYíœÒ+òkI®
hŠ³x$µ·J:Rš×qø!
ÒQrÅAseeæ�Ý'׸Á…<®ÆH0Ö<É­´ç°{À»n
±Ëê­pnglNÆ’ö‡WÂcÕ²ö’¶¢¬
Â`+¤„j-uf÷/sz|yÿðq£Yc0I¦\} X\�'t2<<åaŠ²4;ÒFD^!µ“6är«äî¯aÿ.hm]WÓ$½=æÅu’6m–ÖÂá�P쬔’—_<ÉϵBžP0<m2$j)sÎå%Þh�trÖù,´S~mjO¹´jÛp¡SccÕJiQÒI(‡ºè•Kè
-V�NéÂØJx�ð�äÒU¢h=¾~þ4ïâïƒ0–w¢þòôðîßo翽y¢l-PhËûð¶3VÃà×7ïço¦,AÀ¶ò`f˺yä{¾Ÿ)”uþÈqå\-ûáÉe™‹
9W^’«–Ift
œVT’Cæ²uÙÊùe‰ih¢%_ûøE/2í¦áa¯
BwHN|Ö–º·x†R´2lBµÖó�ÇPR�+€y�“6r=‡²EBïYÔq# |³‘š…Ñ
Æ�.~ OÊ“rá,KPÂ0#BNÚÿg^X?œE‰�bRçà’
�b¡cO M)2ÊŒˆ³„~G<i,C63á�õ½©sÁ!£Wå>t"S[±Š<Ec
ÐðméOSZ_å4Èí„O&Ð^øpBNÍŒ6Öx“™’ó�Ë
Z´‘s§+ÄÄnÇ‹·#:dãëD$ô«Ùq›ëwòÍ|mKA¥ZZa÷ä¼*K¾U9TìêM¨6ô°™b$ðom�ktãЙQ÷ÌTU­@²È–Òï$Jž•Šß	l#0Ãu31&ìiØXÚ¦Î^‡}‘P
ol±í±õ)”�ѱ¹o8*¬©h-À=ຽ‰Ÿw0q2¼MhÎõmzTn4oܲ»€¬ÍŽ_Ý?<r=byaâÁõz®›<h5>8héE»ð¶uÇëhB?ýD±—3ˆ¨ùØÑs}I"Ë`}‚Ó€zO\Ê=C’¥;4¦a0ê^\Ì9bwrwGóê�«=yóâ?K0]ß]fú.t0ºgGé›ún#ͦ”ý<»ƒ�”þhÂÏÆ®.i‡  Ýì\œððt Œ‚ébŠ˜&�5nd¦úðÁMQ=pítªôùÖXq¶’Ìò#:nV‹X7 %Zw…Ø��¥;†;T%–ït88f¯[ɨÓû§×÷OGr¥ãÁr!³
BG0žœNÆaÑ!ËBvànãE‰¶Íв–_ ¼LUð´hdA"Ï_��
íŒs29´Œ“Ck5çe?f±÷"œ¡k|Ôâ»ñÓ	âÎYþø7»üQ8?“�áø¹W`|”+$Ö«Š_4½}Kitýôv2ŒÅÊŠElÓÔûfuÃ|ÒYü­4žøÈ‘R´ãi$dW÷¯~P´UŠUG8~Ì.SÌ=PŒ[¶µÆÙ¡j÷¹æ±Í=û$1+üç¿GrÃþ<¹SÑÆ89‘«³53øwZô¸±.žõéý¢‡Yø“‹æw>,z=¹ÿä—�ŠÌ¹Õ¿\`¶™/žý½l”feôµŽå9¶VØz$B˜Å	÷•Á¿k
äy\~.¡îäÝã|òæˆEñCC~RÙ§2{úa-ôêÇåA_×Îÿà¨kSÉ—¸P|}NÇfTð}2L¼†Jé¹qÃQwk9à‡
-39/øýé
´÷èõÍç‚àÂög7ÏEqËÊO÷­p~¾·hÆV¾°Ð凰ÙpwþÀ~ÆQ@�£ÅÍ"¨„Þ5W¦ûà$,î2h'F¿îöÑÄkï‹Þ
fþ
-Sú3oðâîê%Üú͉!M›‰(M“éíˆÆ7i¼˜Ïî_ÿ|Oo­a³¦—&««ÖòtŒßMLG4˜1*åßó[‡ëñ4ß\ÅëtšNyŸ_æÿºø¾ÛP�endstream
-endobj
-1620 0 obj<</Type/Page/Parent 1367 0 R/Contents 1621 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 977 0 R>>endobj
-1621 0 obj<</Filter/FlateDecode/Length 1645      >>stream
-x
µXmOÛHþί!U—JĵçUâCHBA*G¯¤jO—û°±7‰Áñæ¼vÿþžÙµ“`h÷"{wfö™gžóבG.¾=êúÔêP¸>rwvŸÞó
-z=|®És§[þ•Ð�yæ÷[N€{]¬ðñ“IZ�M�Þ�ðGÓ[îôº4�Œa—¦aC‡Y¼É?Š|õvz‹¥A¹´1 éJÒþ1m2µ‘Yþ@z#ÃxKM9Vl°•ÔÂ\Zf¿hJÔR¥åÖrFWc|N¾NNHeìÅ¥¦×r|ÄÑpΆSZĉt¬»<‹Ó%…"¥¹¤´H{ß8‰5Ž”ˆ<þ&)WÆa*óÒÙJd°ñI.dV=<>Œã¸æx#2±–9VÇ©1¥×s'TébÖhÏÞÒlĪŒÖ
-PÆ).×ð®RÇB–P5»NÏ#¿ðq¢™ßé’]PÁnž7[}§Ã€#øYÈ÷Ð
-lyÎØr+c0¾‰¤�V EÚxBIEBb®URäòÉéógë>ÿ:2®ž��?Æó×�UóöŸA‡]¨µ9̦®ð`g2ÌUöð²òŠv;8ÑÌg†Ú�®v‹l·¥æ傌ی)‰Œh™“H£ƒ
-™‡‰ÌÁµ»|çS¯T‘DLu“öØ<(ÿ€ÿëBçv-h¿UÙÝ.wUý1Ci†/œá›Ìð›Ëb6Û�òYæÔÊG+yô<'øȯçÄO¨ª�ïPÛwz\@œ¡/8¾ÎM5rø�ØâÐ"äÒ.sVJ‘e2Í“*R˜ˆž­bhâJ¸R­,ŽžxeîÄi.—ð›ÉM&5œ™«ì”E¼Ó°8Â
-ÒŒf�O—ãÙÛÒ&‹×"{xŸ©bs9~6º8®B,­Ð’ÍT7MEX‹�%¯VÕ;š~ÏñúÔ¬$‘ÉZܪ,F÷°­Bsã(EEHJ*åÌ /´]É”nÄz.¸¦�In	Wôq<âý(*µÐíY#;|ñ zŒ…&¶4/®¿L¯�’G2q¢á•¸åFÁ’/`=Z?L[7#•æ™JTÔÛç¤a�gjËQ.T
MÍ!ÂsˆîÁÁ4T‰�£Y2S4o†ªHs
 Y±í¡†¬vgªÒf$¢Hr+özÀgDßAûH_–Û�**ïük2ü؆é³û~öOÂØÉèk¢x†gàÕÿ¿CçO&y/Ö›D¢åj] £L‡7ÓÉûkZ�J)H6— óŽfÑžÉÜ)ò•Èí‘ÛÕàUŽO¦=�5óa6{SØeU�5h+4ß:`<¸§`*#ÎumiTNÝŽ�¾¾pÑ	Óý(ÅdÑñ\†wÇ6ÌzvⲕwbHl-ùUàvÜâ¸ë.JŽë
Ëû
@€/ç¶Ua7›ß¡Ášj±}ŸZ’÷±ÆËÙÍP
Œã"ŽN�™Uœn¤â$Eá©©<¾PÙò˜Ï±›¤paú]¨­Dû<±%ÉTU4„U�*Ô,``HkŽ9`ÛqÊ©øÅ0í‘uÏHa™ÉM"BL·V¡¶1ú³QË-£0üí´žm²j�í¦€JpìowÀ£FædLÁ&OC‚Ùz¥A³†t–ŽÉÔÕõÙïe–vm«OÞ-x�i¶;{}§ïÐÄ–}_žÓbÇï<o‰G:hqª+~×NÌSÄ°×XÎñøÑ“;U�Ó0)4&ôªum”Žï+™Uó[L‡a‚B5:ÊïEý2`¿8JÄÄYRç>FäCê 
qz«�Àž
-^׎%)Þ¢´F`Ñ€zÝÞ¸çzAÇíŒÆC¿ßév‡A09z­vë|Ô­mÝl£+w#¾”ò½ ôZ�àɺGM~@žïz5SÉzE»í÷]ßmyg“ñ¤ïÃqë,hµÏÚ^à“Im+¢ø t~#sXvñÝí{~P[dŠ|¯¦[{dñ|Ÿ$–eª
-øÈ\³p‡wj±°æ¿‹‚Ãü<K= ?>¥êëÏš1Žô§¶0Éá°}×íÔvŒ‘H«Œ˜£î‡Læ¦y—{ÊÌÔRÒ¶tæ8øžÎQR¦–5~îߣ¨|
IC‘™·ŠŸ±ôÝy¯i¯ƒÿôZø7€Ï“îÍðêlH3Å•�q'D+§VÆ£Y-ov]TJÔxu=�žÓiûÐÞíõÙêdzôÛÑ߃í!endstream
-endobj
-1622 0 obj<</Type/Page/Parent 1367 0 R/Contents 1623 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 980 0 R>>endobj
-1623 0 obj<</Filter/FlateDecode/Length 635       >>stream
-x
…TÛŽ›@}ÏWøqû2·pÉS	$ÛJÝK7T­ÔöaB:JÓªÿ^“MºM» ÈÇ>ö±=ßFÞ<Ü…´‡€p™ã‚ð=üfø›Þ€Ð?¯‡ëãÄñ@P⨀“ÀñO%¬Ž�8†Ã@ód4Y Ù µëãGvL I¯J�ë:)*5ò*Ù�Œ‘ÀGÌUV´M)·²7^+#Ë"i¬2`YÝ˶Ýk“Í`:e
a„Óù"^‹eÆ|.øt>¥‚ˆÅbàÚ˜¢’æpmt×¼�g@¡ˆ^ïTj£)fÐè¶ø¦©îjû?\+«µ¼Œ“ij—¥Ì1ÚçŸà|}„ëZežËú™šCcÍ›¦vþÃã”mèP`ùyzI ®Èn»j­ÌB†:§õò꼨W[U–3˜¬‹z²–ív@Þ·q³yê#£Â>w…7åÏiп²x,ÒÇ—C4ûì�líJYìÁÛp,<¦W‚^¨t«+Û©Í
‹éÿ'«±*דËÚ!c$ëh+ëüÂŒ¢õ¦kíÙüÏÒkûÜKßócŸPá7ŠC¸ž
-�£Jù”/££j“eÔ{Z™1ý:ÐÀÁÍ€HW•ªmÛ×<Y
- ô„b.1âîK%[•,J�e	éÉ
×:—&+êì¶háÍÝÇ䬆�2æðú8±Ž6¹IoÎtÚ‰`/[Àé·Ð5™´*CŸ³àÜa=¥Q›EŸ
-Výäã1ÂŽŒÇ\œ/tú”®J—ºxÖøøy×WáÍ<„{£û]ƒøÄ-m¡ëÞs|v{¤??.‰!\ßq§ϘÞÎŽC±HFïG¿
à^èendstream
-endobj
-1624 0 obj<</Type/Page/Parent 1367 0 R/Contents 1625 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 987 0 R>>endobj
-1625 0 obj<</Filter/FlateDecode/Length 1464      >>stream
-x
�V]oÛ6}÷¯¸ÈKS –mÙq>ž¶uK[ h·Æm0 /4EY¬%Q#)«þ÷;—”W
°!pl‰äý8çÜ{ùÏdAsü-è:¥åšd5™'s¼9ýûôf’ޤɒ®–7ÉŠ*Z¥7ÉuÿTÒï§+¼[Óêæ¿S|¬¢<,¬Vó$/¬—É--aîæÒÅ;âÓ`n™ÞÂÈÈÜrqiz�ÿÅÇâûm3™ÝßR:§MŽ|Ö×7´ÉBx#/_¢ñÊb=¡·7éW)•sô ª­ gZ+I“©—›o“9MÓÎ_´ ×_ø[_\GëÓå
-αs‹„ÞÕÞš¬•^›:n]ÑbÑo
ñbkt¤eê JÓ¨ŒtM¢&ü¬IÕmM]©Ú'ô{¿Ã:j�âèëåkSËÖZl /Ê:¸ÒõŽŽÎ«êëKò¦|±Œ¡]ÈBɽ®/pV”Îо6:º�¦ª´¿À©Zuç¹'ŽŽÂjÓºà{kE
cŽ$¢Ý*
9ÄtFNEmêc5l‡è…L�· À]Æü}
Dd$'é��Ùþ†×2#[F…ð[Pe2�kv! “ÿl?7m�‘ðTxßÜÍfŽ)NŒÝÅ_3ypIá«2Rõ#«Á1XM“�z/oèd$žz†à
ò¬„,t­žv“mk¼i·¥–å±OoËÈ«U�qÚ{¤ÜØ~d†¬ÎTɉ:ÈŠ6:ðܹ;å^
dY¶C‚}EÖk	‰eôM{¨ÛîB˜¨N��ï†;qtì ;pƲsÊÂ'™ñh7"»0ÎÎBi9.¼érÙ ¢8zûJêÔö¹”þ6mXâ§üùüUJ¹8àK{E���´µ¦C�œ¤,ñÈûÂ3KÒÔ"â,GIè:Ó�µ¢¤¢t\”¬Ø3bÀPA°Y³giÅ-ÍuHpä�±¶°o ›4>°wÊš+T¸}T
Aå9•0Ëdl•ïz„¨��³^û°?u°>TÐgtŽôó§÷t÷s9È�žnuÍqâåð,“(ˆ3&qâ¿h	ÅË!œk™¹T[
u˜"YêÐø‰;}
ÌaÕÊ%©2Ö”dX�¼„V4"23Ôi_<OÞ¹,B_4­§®0¨Â>0o¼2ƒ{¥¶RQ‹oC™€Ö8䧀G®™sœt½
-!Dθ±*WhØUÊ&{ª0ÒyH‚‹Pœæ
ªÞkãé[ë<¤p,ËAâ½Ó�Û
"CC/�È‚»aâÃy†õ+jŒF÷fv°4è÷Ut]—È#ˆ�	Ò™%!~ÜCf£|9»oMÇèìTðùj­÷±i"ÿh"ŒÜwœ#Ú1hãSo>|¦7¾ç‘„Jë§ï×—	}0Ù±²|žïw;+šBKÃ
**�K
­4Ö –Ô§]È^Ù\`º#ZŽÁð¡+°]!0�n�8|�DÆ­.u838Ü�0Ì÷óÜšj(²á×%¸Ûqãí;T¨‡Óädyìs¬¹áŽZºW
v�!Á­˜ÔwQ5pªãdtS’…¹>:
ÒÇÓYšæÈ*(Œï=ƒmEëö\DOÍP�~�W�(V×nÑ«|Här…î¥ɦŸTT‹*ܲpÝœj~‡º7˜ÃA÷C¬@�+œ•UØsÄ­…/<V‡]œÑS#!45a�
õ).b¸
f—EO£óSh_¿¼<»¿:»ºõ¶<Í讉ãðÏ¿œîwÜ>­AÙ¢çëP*³ûáz0å›doå±@]èò±½…�O�p®3ÜBœÝ/ú.a:F5¼<%u•âúÌWЧ¼Ök~ñLV'–qóìþ¦÷0M¯0²ç¸Rãäÿ¿$‡~ˆ²áàVkÜý¯ÒåtÁïþØLþšüáËåæendstream
-endobj
-1626 0 obj<</Type/Page/Parent 1367 0 R/Contents 1627 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1627 0 obj<</Filter/FlateDecode/Length 610       >>stream
-x
�TMOã0¼÷WŒ8•CB’¦iéieÅe«FË	¹ŽÓ%v±�Vüû}vR(e«ªR>žç½™7“·QŒˆ~1f	&x;ŠÂÓ(
3¤ó]'ô×åè&]ýœ"Ž‘—®6›Ï� ú(BÎÇ|oXìŒÐ{¡tÿðvÃB¥·‹+ºÕJYpÿô2%¼tÀ"I¦„8ΫÚàP7
¸Ì
-0µÜ*ýΚF=aIËjYË-l%ÐP±±Ã;£:Í•Ïã:¡¯¹¿[®\kêOÂÄõ³l»%H7ÿF3É«çË~Þi-¤m¨­¢+³S²0°Ê#MH˜BìE£v-Áj!B}ÊåöÏzŠ†Ôp
‰�€Ú¸ù©ùæ�9òè¥IiÆ�þªÕLÔºì™3
HÖÃ%ššPåÐô;S_hŽýKÕ”’žÐÅê“ÍvlKó•þ�_bS[߆«¶¥cZ¼uNrZ˜UgÍznþü°˜„ôÖ¢Ìô{9ª¬º†(”_•(UÓ¨ƒÓÅ5$Ú^àOž¸æÿíh¬—¿n–/ÉKò//žXã©’DÑxWÌmY¡š¤©{ÑjÞf¼brK{óã·éQjÕ’µmÕŸ>S¬—ùÃë‹~íÇÈ�qív…Ë%.xì?²D�\S€ÉÛiˆþå|pSœR çÄSŸ5/µz¥|a¥xç¼Ìl­¤;Ä}¨<˜E×ï¶b;Kz$Qˆû‡§ü
KÎ…1X»¤ã4tûš�ìï`ÒlfÓ„>4'‰{v—�~�þz”_Üendstream
-endobj
-1628 0 obj<</Type/Page/Parent 1367 0 R/Contents 1629 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1629 0 obj<</Filter/FlateDecode/Length 1410      >>stream
-x
•WÛnÛF}÷WLó"�h™¾Æ/EÇmÑÔiA
¿¬È•¸6Éew—–õ÷=³—ˆ"Ü4…aÃ"wvfÎ9sÑßG§´ÀÏ)]åtvIEs´Èðq±Èr:¿¾Âÿ9~�¤õÑ�Ë£“»·”/h¹†ÉåÕ5-KÂñžÓw•èœ4”Ÿfô“Ñ}G�è:Õnèç�Ÿ—�—�0?§ÓÓ`>ϯábYN?9aÛ*WÑ'Ѭ�Á§¨»JP>#A­ÜÒæàÊußNé–”%ñ,T-VµÌhYI*zcd먑®Ò%=Lkõ$ë9Í!,h~z•h7òáoj+6’ì½#ë/öŽÝàmI…¨kY†4.bS²ÍÊÈR¹Ã§Yô—_fçœ(·VÆ:RMƒóÂI+,²@½¸ÿÞ	úýöÝŒãq•pâ8†R7Bá`Ùà¯�f	éuxfü	$�º�?Sö×jÀ®[�+>v€
-Š·Âr¼%ǽQÏ!ðZY‡Gxn,ÕpňŒÚTΧYIe"*ÉÿV›'ë“i3úÅùË­n$0ب‚¬ë×ë�ºUM"ÙŽV½£R•íÄ‘…3IÏÒ६kZkC ­«åYéúÎŽ¹ø Y $_ºš¡«�©‚kŽ…½_ž|Î�q~•ðù!ÿÏZ”’ÄVì2ú\I°EôuÍVl/FIr0=�Ã�A4
��Ñ€Jtà¤%Ÿw@�%¤˜Ñ½vÐ7$ãÉL3°6Âic'᪄σ;r�¼nü]ÁAgÔ³ªå¹6üµb¥jå¸J(Ô…Z²Fùf§€PÅë'„E»ãài-*Œá®5Xë‡ãQ¦o[F'ð•Ñˆ¢RAYã”&^B¡þÙ¬“f
ŒÏ¦îª~œùDµ•4ÊM¾bŒ$ßÅ6yÔrB ¦ô¬$hÎ ªQ¶‡ô|a'ÜZ¡nä‹(\äÒ¢ž(–^�lÇšõrIeAÆéQJ_Œ‚B/˜QÙÝS�>je�Þ›ÛÐ+^QÄy”º�'£,ƒ�g"ñ4(éŒÞû²�¡¶"“¯‡1ò${Hcj&_Sm¹0k½Ùt7*úI�ù/Ý“Àˆã~·Õm	Ñ:î	�{#P!¾.ûN÷†ÀFÃ*õõÜF¹Œ
ÿ³J¸‰å	PC˜;O8†ð<ÔÅõ­z	…ŽjëmïMзØÉÉ]êêÓ銓×ÀÃñŒjÉîxŠq«c�”
ÛÏ10ÀË)æ6ÆÇ/#R”^V®‚ÊÌ~HÛK«é1ÎV’ÓËè-
JçLÊㆾŽ¡Œâš=ê
-M¥f7áäÆøF+ÿùaw@ZµÖO¾£Ý$\Þ¦]ã<Œà�õÍËÍÅ"¿I±Ì8Ž`‘Æcrv•]2,ù–‹E¸æ7Ñ¡²€I¸/AÃ�ö«ÃÙw¨ý4�†«¥&ÉðÆ…#&‘V
,.IÃ�ƒæµ}Có~@ïÞ'•®8IÍóš_äorS”ÁU€�9ó<áÏ€(_!œ/h�r#ˆ¾‹¦Ë?¤¡r;h6Q@3®!¨°û�#¬†ÿs¯r�˜ûe€(#ç­DmCMŽtçö©&ó�g~@ÇF™zyê¦SD–æ¸Aå…bÇNƒ66r™8Ûªv¥Ú’kŒsÛê¾.ã`�ë‘(ü ä¤¨�Æ1†¥2²À÷#w0÷·N�†ý�/¡1NámÐ�Ptµˆ?ÁH9Ä�öJûVu…Þî›»¸þ¦2h2ñÃ[ Ÿ·ÏÂ(ÝGÖ±Nûí�I÷_	°Xˆ¦RZ@T,�ÿTûs(ÔëÁ"YC½ßðõãüò:»¼Èc·ËÏøª÷Ë£?Žþ
¦)[endstream
-endobj
-1630 0 obj<</Type/Page/Parent 1367 0 R/Contents 1631 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1631 0 obj<</Filter/FlateDecode/Length 1531      >>stream
-x
�WÑnÛ6}ÏWÜ—¡)«¶ã&é€=¬ÅRØÒ1�—¼\I”Í…"U’²æ¿ß¹¤Ûê0E×"/Ï=çÜCåûÅ‚æø³ Û%]ßPÕ^Ì‹9­–óâ†Vw·ø¼Ä_¯¨I‹Ûb5}ðq}ñîþ-ç´nPëæöŽÖ5¡ÎßT—Ÿ¶ÜEåi¹,è‘Û’©S¾q¾e[)Ò!ô*¼]ÿ•j,ns�ÙõªX¢Ê%6-
-úäÚŽ½ÎŽ+W´XŒ+—·€Š•ë­Ëåw8¯*ÐúÓ7ŠŽ"›—ô‹*£•�­·} ÝÐÞõÄè0ú½¶Yp5¤ã
i A“V†­ëM-xç4[\g”^±1{ªLì�R¥ónã¹
·
>(
-Ü*y]匀PÔºA1×5xÇÚpiÒ¢¼\Q£ñMôlC£üäô×úÒ¬tÒÄŽ°‡­Ã‰>qPrP5=þñÍ	;ÅXcy=ÁÞ—ÌÃÀ6a�
-�xÃÚâgp­Š[áÆèELk)ÿÔ<mÆjÒ™Mô<my°ŽjR' ‡Ê>& ÎNÐ+�@âŸQ©=‚¤¯òlÐàNTjyŸ…(ø@Œc -x«uf ì+¹ô|újKèAÅRõúù-8™j—EKÞJ€4Bý]OYú¬¬òé8�“­il�5>sw  [Hé
\ˆ&°�çáUF
-�RuA_@qrÕÁnô½×DO˜*᫆ƒÌ$·ôpÿxEl"ön¶øJ‚²{j¥ëZuÊÖ�\Ҍ�6ô¨°ƒ
v–„«�…ljqPÐ7·éÁí0W‚ 9AÛ‡5ú°É*TÁk!¯žt0>œ(r—0ÙiKɦ2'Šçfó…ìT0£,Ô›�²á*ÂèSDÊpvàþÌ5Æ.“Ù°qrú–}=È|Hµ×h=È\ÖB’œ³CÆ8„Bæ*ôkÐTÖìŒûóÉ£f•òs•Ëé�B¢Š:¢Š´™ä¦
~?C’(’ §é—¦é‡ÐüÚW½3�$gg×Ò9#SJ~EC;­iûÝýYDʲ±LÎ:¡Ó”¢CR!‡b �J¡×"–5Xi¼k1dc¢ÂÆ@’£Ž+”H©ä *G¬aˆ‘Ãê	ùˆ2¨'8
í`:]×9{«CÔ•T~Á€B‡,FF$b7yŒ³W”N˜1
-x"¢9¡^,ËU¥€Z"|„6� ²c_Š(ÞxY#¶�½Ô¹ '‘(»*c�ûŽ–²#*I"ŒŽ=Ýì»Ê¸0µÁ)Ak™Ò
-,lÄÊâÇ�Þˆ%B¦Ñ1Û2":¡^…#׌3°(>‹;D#æbÀèz�ÉAc¡Oƒñ)Ñ�*!{oó”HQÕpoâÕ¿0' ‘‹‡åM#S±1jFå~–>.E© b<ˆ�Ëמ×ÏÙœïOîïñʶôݳÉž›x\÷$`²ZÄ[ö‚d1
Ÿ‡@¶uƒd|÷`7˜­¶-{¼
- Np©‹Î¸>Ê÷¬Z±™(3í¿Ã�ý·n9Š_˜®ç?‘nñÝN
¬x6ÜШ9GŠ…(ÉÙ
öVB/®�=›Éy§µ
Kl–Èw¾–Ì‚ð-o¬Ž}­F,4š_(Çyƒ¼sœÖ«Z‹+r|Ö˦wÁ7¯v)þÀAN¸ÑW(ƒÐ@$Ó›†ñ
-0òüdðÇNó“Ð_@Õ$j¨x‘™4Zrõ‚HÆ=•.œ¨KmtÜËÛ�¼ì¥ ×ñMŠéœûƒô‰NÐ3®Î_åæô¸?ûº"šcçÎÔ¨Šck=½ógŒN‚÷5Rùu(/¢÷wxÈ,Ïø‡`Mƒ™ÃËrñ4Y…9äŽÇvfà"z¾”÷<döȺƒ]10ã¨bŸ/O®t¡Z–ÞF®ÜO–fbß$xhË¢rV,b©ÏÉûc­pI™ðüZaàG—Œ¨8ÉÇ‘>Ÿh ýáìÿœð»ã„¯®3©ÿ÷�ÕÍ]qó~‰+·Öb¹’–[_üyñ['Nendstream
-endobj
-1632 0 obj<</Type/Page/Parent 1367 0 R/Contents 1633 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1633 0 obj<</Filter/FlateDecode/Length 1595      >>stream
-x
•WMoÛF½ûWt‰H´¾,+‡ìÄ)‚ÖuZë�Š%¹7"¹ìîÒŠúëûfHÉ­ŠÀˆ@jgÞ¼yófõ÷Å„Æø7¡›)Í””ãhL‹é,šÓ|yƒÏSü9M™¼˜/¯£å¹Óé™w«‹«Ï×4™Ð*C’Åò†V)!ÁxL«ä²Ð/º˜’­›l<ýDÁ5úýê;͇FÓ ¬ÒKŸÛ¦HÉ×Z§”Ø*iœÓU •$Ú{
-–2Sh|Èqe¾W–¶*v´u&]ákCòM’“ò¤êº0‰
-ÆVäµ{1Õš|Ž£žAŒi4™ESNý|itÔ½jã#P¦êâStÿí¾K?z
O&qÖÛ,Ðc–™D·!žßsr�Ea·ž’ ® —Öi•ŽTÎÿQ¢’\#]mP¢Í€B{4…+ŽZÊ>Ð<1Ï£Ù¤¥l:�¦Ñ,¢Gðö.S½çú>HÙ#Juí4HÐé[æ¹]—OªŒòWÀëAòQ˜!Å;Z;U¦NuÑi›ë
-­uxÒÖ†zÑßÌ:²ˆ\åõ£p�èlQ Ÿ�ç(ªG�/ã_ËöxÇé}Éhgt/ÐÉ+ˆi§ý€#Vò
DÐEÑ¥Ù± ¥Úõ2«5tà
ºëÈG,!œR”Tƒ˜®Ú€ø½Vï+Kª>ëLb�qBcE–­ÜÌtŸ—´©ì–¶†3°~cÝ	deΖÌdWD8„EÁ”Zê–^ã4ÅfMµvhC©*ˆÑ”µ³/ºä!ÂàᎫq2þÀ­æZ@7­S
Ï˹9AãAsÙÁÔ8²6È}Å¿o@;¬ÂÏ&îyäø,»5š+”'Ö¹Ftû*yH´•üü yþ	†‚S-\™æSK¹‰,í•àei(ªš2†d1Zþä0@
™àØ€V¨,ÓIö˜NœT´úø•båÑ$6Ä+̦¯i(©àH1€r6q;}�ÇÔ3N=H;brîSÆ&§ª¹ ‰­Á~:zìê²¼àUxØ“Êaº¸ç
N¹ "¾Ñ: £
-ªÕZÃQ|âLÄ9$_æéDrø£\c¦úB
ºB›aÆoÆégT½×Í)"rf�·í)Ù˜Z•§-Âr€È‘Ó䎅×j«j³Äv°°4¹GPªán)F%°Ó}o<fËCàIÎ.ÆÌcAÜl{„¶ïØVQN7Z‚KU:l­Ûœ#û¤2VÒ_¿=~ºÿõöOöJî(�¼¨ó\ÊÆ“šùf{­�Žm“wD»ni}èUÖáÀ˜?ðÜ×[XØjë¸Y¼BÓ”9ïIÆz„l@©mà->YTG#ÑK)Òê9uAK!tHÿ¨Uµ›øåê…•çfðb<Â@ç¯[H®¾|%T²a’<ö)”ÞËëÑQORÓíÇ_Žöåó˜Gôï[oþ‘iù/ßØ[á@Šæo:cèzªf?I�߈åû+q:ßÎh×�“7bºÜOUÚ†m§±lzÅZÊÁÞõ�¹ƒÙ`º=o\¬›Ì§‡»½/xz¾ì.Kp/¼Ãço2–xÎ¥ÄNmqA1ý	-”[ÃΠ6pý¢Š†åÈw*îì.ÖkS¡@8º`ıîX£•2G93£!€TNnsåÕh!lBVâõ*î¸:r2+üÅáÊœöXI²'»ÃÁK˜Q6F³Ú¸þ^bÁÃ
|;°àÛ“›\s©<ÕjæûOK
-ßUåº&`÷Ûén­âé¦4 wȺçH⮫ EË®é�:�Ï$°3îcXS¯­I¨Ô½ÅÏF�)ìꮕ8?YÌ–óÖO@üÀPãB�+¯˜ÿ�°”óîØÝ-‚!iɈ‰åÍ[B�¢’a?óGEBގФø
úZeÉÅåEÁJ¥ ¹…-·Éï|`ÿƒomÕ.¢Û®î-®¯ñ3¡kk*0èûBæä;QتrGz¾Šó%˜J]Zälª
-õ^9Sì„»«ÏËî7Éd�ŸEË-n>´×ˆ§Û‡»[úêìwÞŸlÒ¸âÊGû£›ñ¾vüÿkù|±Œ×SÜíq|2½æ°÷«‹ß/þW,€iendstream
-endobj
-1634 0 obj<</Type/Page/Parent 1367 0 R/Contents 1635 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1635 0 obj<</Filter/FlateDecode/Length 1474      >>stream
-x
uWÑnÛ8|ÏW,ürNQ«¶+Î
}h®-Pàšë!wð-QJTIÊŽûõ7KJ±£¸H$–¸;;;;Ëü¸˜Ñ_3º™ÓUJYu1M¦”.o“kº^Þà÷9~¬¤"<XL—IzîÁÕrzþÁ,�&ós'–¤¸[]¼û|K³Z@•¦‹dI«œ€i:¥U6žÏ“EB_Å=UÊ_®¾ãýkšÍâû“ù
@¬òñOÎëÛ†|))ÓJÖžD�““v'-Õrk¼^’ Q%žTÕV䭨ŽȩŸò-íK••¤>r!L¦Àiaõ�„ÖôðõŽQLi2»B�È�™ªB&—п¦¥LÔÈéÃñ>OãKáéATA{…@GD­Sõ6`d¡PzO#2�W¦&Uºj“d¦.º7((ö¥r„o®þEZ d4ôG+Ãz‰Bd™lü[Ú´žjóö0+sÑå’ô&Rü&Ö£$´:r߃°2“j'ÃÐqc¼é˜Øâ“~†©KS›ÖrqÚ“toÌSÈ=øâ)—…h57ÎPºX@Û›ƒ—ŽÖãNÖ—±TåKcœSÝ•åLÕ+Ç�Ã5ÒÆV´‘ÞCB{åKh®‚(ð°—µµò ¸§;¡Á:+HKÇø!ŽùôzÉɵz”ÐÐf¢u HB§’k€¨r¯*¬©2h`&"rI]Á}×7ÜÞ(™pöt®&Wב'ŒSšÐŸ&{<.åì4ÝžƒGÁæ9YªjŽ[è¼U™'Ct*†ÇJ‘¿Û[]f<.ë±Ð¾4í¶$pž«rF�r§Lë\¢~Á»õeB_
-:`šd-¸?ƒdëq™Ñàó÷t�n´¾dzêpžÛX(Ø@.GtmQ _¢ã{¡k¹¨3I%£¬ wpþLSXïÃ#a¸¹‹@~€vhNX?ˆuÿù
]lk/sÀ‚&bبÉÌ´:ç?Z¦¯Tàš¨qp€¤
2Ýc”ɯZ}“ÐC) ªÊä2°}¶Ý,üF´ö„,ÓÈš5p²ÈО9mö<çøߦðÀ·‘QÁ�9ëräŽ9G”!5¼Næ(Ù›A!E«ÁÑQTAÖ&qŒ€Þ£cGoEÕAÁBð^'gÞC¬£fèÇV¼rQƒ€~!jPÜË#Ó&r,œ�1„¨$†7Èh=Ɖè<ŒQo{I{Sÿæ	¾
±È`Ô9a¾í t�%·ìœ>pÇ9ÃMLÍÌDFe1Û¥ç<âx—ÇlÆ,¡ÏÆ®j¬§¦Ñ*¼4‚×`ÞGUÐÞþŒ†Øð}äùfØ•`§‹rD	±HäÄa	³ýüƒa2{÷2W.�)§RŠ�jý…•ï�
™3c±<0ëÈ øÛÁX-¼ªXуŽšÀ7�±žgEË{>¾×"¨™z4tÐB�	ÚA#ct&w#³�WÖ5rúYr›à‚b¥–h7Z«1�:8®‹k�ßûOÅä#(úÚ½ôw²†9~ûƒÂ/•ˆxc4¬.T^›=àÞ²ëK�ÀºìÏ32ÜUt¸›¼š­¾S÷«!÷­>ýN_bua©ð’†§÷Ì+fG]°4Úï®#�kXW<n9U²2°…�„[P³ó4Çü|àóØ\™‚“Tâ1ì4�ŠÍÛ‚©BÀo-ìKòr–¸>Ê0¬ÊT
E·XÀ¡Â_¹à’ÞJÙIÍR<ë�ݾéonº?˜3ôˆþÔ‘Œr¹i»h¼jئyÿ‡ÕÎX�‹çyÕ C[ìkkš×—¹“õqôÕÞQ¹ôî[èÖ•Ýægt�

ÿµqñÂlýþËQHpmù„
u¸†uD-»ô,Å…yEi—}øðõî}³æ;&“>š¬åeâ2u“þÀäfzË÷®××óëÿ0,æ¸Ìãñlžò±O«‹¿/þjñóendstream
-endobj
-1636 0 obj<</Type/Page/Parent 1367 0 R/Contents 1637 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1637 0 obj<</Filter/FlateDecode/Length 1226      >>stream
-x
½VÁnã6½ç+¾48ªe»vrÈ!A[`Ù¶‰�E�\h‰¶¸¦D…¤¬ª_ß7¤œh•lö°@$ !çÍ›7oøt–Ò?)­ç´XQVžÍ’­ÒU2§ååÿÏñk%í‡åò2Y½õa1Ÿ½ý!�Í^_u»9ûù÷+J×´Ù!ûê2¥MNÈ<›Ñ&;ŸÏ“«„>«\’V•t6_¿¤a1_#Ù&?ß’&mwp2µW¦"å¨2-ÉJlµÌiÛQ.w¢Ñ~JÛÆ“ÚQgÊ•ãï¤<=žïŒ¥­ô^Zr2k¬òÝãò…¬Bl):F�Üéõ ·kv;ª¥ÅáRT™¤w©
-|9£�ªÚÓNi (¥KˆÁcµqŽ‘j霬³‡Uˆ#ªÚKß攉§®G©;é&Sj•§R
ôTcéz¡÷b±L–¼¦³„î¥ÈÉŠö}ZmŤJ+N¼æÒ©=£õ|‘¨ç¥r2Ÿ’6í…^VY*Hõ|>¡�k� í5ŸYaŒ“|me<¹¦®�™hYaZ‰3	’åô Ê­ÀñƒtÏAÜ»É/ƒ)†<€r/^ä0â³G ŽÕµŠt}¬È™R¢	É2­dåå¦úÉS
,�Î +vÔJ­L‘ùFhÝúÈ´ äaïÇ€€Ìã"VÙX]|,qg3S‘<T5âÔ�Q?˜(Xµ/�Y¥Øž±Ò5(ž˜NJèHp=u-+GŒ†¥
-ò3ö�ÐGOe¼Š‹˜B7h5�ptiD£À@d>ž›ÐˆðÒy.:CÁèsãÁÖûjMaEù}¹¶§°Òk¼åÿìWˆßUìˆç;{Ý{ȵ„g°kòŒa
-13“A*ÅtW±mi
-_§ì[ÑRXï'Óù‚‡2ƒP÷ÐR¡‚Œ0zîû}œ÷®S[™«Œ‹ý¦ùÄ
g•ä&jýåË3Œ¤ÙñÐÐÃÝ-f£„÷æ0Ø{6›Ap)�J}ïlp
ÌôˆQù�·‚rágà›µp>Z†4X¸ÁÀ·B³åp\…£CL•°Ve.aa#Ô­(�'jTvÀ4´÷|gÈiåSƒ±éo|5ê4ƒ@¿È†‹.¡¿±á8}t½à‚]o)Ñ	L]¯”±š>^ /€Ä#§á™nàúÌo¹ži˜ì
^‚/áŽo¾uʦÑè�°^e�wR×iæ½à;ÆÉ„±~±ü„£Égü	5U�ý´ÁÒŽ*†z´�_›Ý¨ÙÁ¨„¯Àày"”0†¥Ø"sØI¡Q0vncÔËÉÀI”¦©°¸j™©�âu»Évê_€ìG…MUèVt."
Œ)@kz ­6þâê\X…gDœ›o,÷EBwØ:Ì~]Ãmcô/§XZ¿e#6çØȣ†ýêÖeÉFŽFðJ|ööƒ ³=$�Çz—Øb•c·™Qaƒ¥0eÙÜj¡`¬˜°Ïyñ犟UxAà6f	[œ×>¢CâÛ�¶¼AÄàž˜Ëþ‘˜®ðv½\ÐjÝ?×nînoèOk¾ðŽúÕdM‰�ž5Œòâtàb=»êßJ¯Þ Ë^¿¿ÌñÅc*�¯ùào›³¿ÎþÛ˜Ðendstream
-endobj
-1638 0 obj<</Type/Page/Parent 1367 0 R/Contents 1639 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1639 0 obj<</Filter/FlateDecode/Length 1551      >>stream
-x
…VïoÚHýž¿bÄ—¦Rq0BNêš�
-)$\ Šz—Ói±×Ø�íõí®1Ü_oÖv~Ц§@dÖ»3³oÞ¼™Ž|êáϧ³>
FdG=¯G#¿çõi8>Ãs_-)r/†ãþ;/z¼÷àÄ—ÕÑÉÕ�|ŸVœŒÆg´
-	z=ZÇ+E2ëTÒ^•î‹­$«à/PY‘àÍRdkAUbc²±¤îåýrú÷|>Y�*l¢r‡_\]O¾.)MrI*â•�«ïG=êúÄ»
-�çâIF0è5ëý‘7äõeá1–2™)½§LE’o(10�î©42d'|K…Ìñ[KÁ‹éþ‰<ä½¹²õÖõÞÅÓq[´¨:�À‚¹G«¸4îÚ™ØÃ>ýb’$£H6
6I䄉q¸½x�sŽúy�>øÍUÇÝýäêœ|ä�Òkú}Ïz´LUEi"skøøëäuûgÞˆ»ĸƒ
&±0€¢PÚ¢‘Örœ’B+«•rB/n曆ëû%áî±Ô¼9§ëÉÍ|rÓ§
g]P¨Ed‚ƒÀM!a=É`n+3„F�Ç‘Vù½§ÃÆýS~züx˜Û™§[Ç#M‹‹çã‘Ùù#Zd÷ñ#U(óÄ¡GJ“C=VÔ�"ä=ªLC
-bYyôbY�I²$ú§Q×gÖH…f´ð¼J˜Óq$êdbG»,±ô™ú½á¸ó‰’ÜXÇ´~E¾9D¶½pKòk…‹´›j&ùWv(K6±%‘E±L‹_á´!µ‚Ã÷yàÈ’º=$¾4S†�Tbo(,]!;c*¥v�ƒØ&™ôèÞ1–w€vG-Àò@¤Ô)Ú3©ÜÊô°†ª$M[F C¸±
Re=ú%©Qw·mô…�tî¯.(ÐûÂvZíHjíx£
ïÖÇÈkJƒl™ÃåûY™#žš¸ -.£„,îÈÅ¢·¤ÀÕ+AûÌä
åNdäï
ª *ãHù ôÓF«²ÕÙÜ
ã”sË.J–(¶²F5¢ØV®X¬d"~�À¥t¬›h(TAí0”V$©
Ýs*„FjJýØït:–IÕe¦J�:d
å;=D›`GžW"Œ@f7—·ËÙSGz¬,§_çÓ›•[b�œmdSè
ô.+À	Öß_\`¼†7BnTÆ
-¥?g,R%´õ�>]ÊH”©½¶5Â(5üŸó%Bú…
-&ÂëO{ÉòÛr5�{³›™ë
-ë@ÙÝyôÐJ7kæä:A'y‘.VŽPå,=å�Ú*Þ·%Üö£ùžT•#ÿ¸/t8�T¡õýnøŒ6­«â6Ù¯pªÛfåV¤¨ÉÇc4¹£k¼5D”n‘EýÀ·/ò½«9‚ëúºÌ¹Jaq�¬3Lº‡Åç–qàÅ�¿t�¶dB­
-F^P„äƒÇxô€6ƒ`÷×
Ô€|ìŸ÷ÿÚ+ŒZ£qî)”häa£L/L lÑa-«»:“Ùî7P âw´V»—)¥a»r`ÁVCAž“º×èB±@‚»&H ÉÕBùX²C­h(¡+b^åé£~ׂ©Pó›@åAŠ¦¯ró[ƒjË¡Ú†€Bºjì£ç”…'wáx rÀUUåeI •�jxpÀ„öˆ*°,Ðú°ȳ	¸3*x"ÅŽ¨´IšØDÖw' bÃ÷_Uì…Ê£dS¢k4ÎOY¥f�a“‹9¬i•®Ás5½áw­c(&Lg 	ÒºÁðQLSpl¾º_.¦ÓKA!ª㚊ܠH¹DßX�ó0…ïVè¼¥:³ÏW­ó€%"-%h$¶HžÄœ�Çm³¯}º;ðm×®Õ½Èq=p8ß.‘˜Â»m&çb‡ðé£éÖM´]ÌÒ˜�Ãcß#v‡ŸÏ#î´õg[Q¼õäjÜLâþ3ýx€y¼Ž—“ù—	-´úÎÃÒ¥
-Jž³Ü”Ê'»þÃ=tÏzçìü�qq8{£Ó~`Ìg§«£ß�þ§ñ¥endstream
-endobj
-1640 0 obj<</Type/Page/Parent 1367 0 R/Contents 1641 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1641 0 obj<</Filter/FlateDecode/Length 1505      >>stream
-x
…VÛrÛ6}÷WlŸìL-šÝì7_M£D�ÔI:u ”‘€–Õ¯ïY�r&3M&˜^»çœ=‹¯'…øÑ$¦dLiy!%£Ë`HÃéëÿŒ¤üäfurñ0¤(¢Uαãé„V!>i•žÍW^7Nß)›ê'i±.ä›Õ—“
6!&;KâŸñã J‚˜?aÛM!ÒÝ[]È;édê~ºsøãΕ*%­4½SO’î+¾,ûî¶ÑÿìÐÛ‹%%ñw»Æ?îz7£[‘n%-Õ¿’Âïâ'mü Ñ 75#g”ÌèI׈¢8þ#�“ÃÊÉÒR)+§t… UùÏ™NþH¢Êü]a"h¿Ué–J‘I”©<—FV©$§q
-ç~ƒs/¬ßluº“ŽtÍ—Ø€fŽ\cø:Ý8šÇ­¥s Jç9í•Ûò/Duø…ÿt§¾Ôƒ¥AÖ(�Éåjl-ù4ÔdDe‘Ó9¸—²¢'a”n,N­.G”
-eY_— »Ïñ`<¦8œß�•†•Â—“è’Q×z³¾R]ÖÂ)Pì�ÑEF³»{Êsÿxö»Dik5HÂÇ7
­€ó1/2Â
Dl¤°Ú…rm(
-i-¬\½jfŸç÷þˆ\m#‘º‘W´>¿
ÓE„üÛ¢(¹Õ%¥ÂdW4ŒÃÁpîn.,�Âp0ŠÛõ"âü=¯Â{Õ&—ص†X�ºõÝçá`r„°㊒I8H¦mt’`=òë^3_�×’ÒBà±c‹Ü^S®
-®Ž†Át8ùìü§Žªèø‘ÃZL
FS0—¦:u8?3•U™4ªÚôjb­o
ÍèÑR”kA
-4U…X¤Â¢<åÛ™jÈ;ݪJþD|ÌeSg ±×5‘Ï3¦µÑÍfëä¥ÿR!ón)7 èKÃÕ³ØÀ†§]g5¤Sg_×TÉý‘6¤-h‘$	W[Á¢|k|Äis&œ%à³Ù6럨¯ËÂmqÒÝK­³«^Ãxï²QµoÇŒÆaø«Ïß6Òõ}§õŽñŽ¬ƒup"«�ð¨à”óoàZ+ÄI mŽX458Ê,7ÎŒlSך³åD‘p©}Â?Œ„:ﲞÝÚh§S]À�»Êát¬A¯"oÏŽöù~„q´iJª¥Éu)ØÒö>|-ék›äŠ6¯-_öÅÃ%E˜:9¦É ¶^ÇAžèc+N†õÛ¤Bd<	ÆìÊKæ»–º†‹ìœj¥d[(¨jʵ4–+‚ɽ¸P;FBÙs¨…<"ÀvnÐ3Èöƒö™Ží3«Ãwy�Ö£à?åŸ6”˜}Þï¸;ø§5¹´¾P5ךî¼QoaU³ôÊäx*À4×ì¸F”¯—óÛÞ•÷ÀDcš-¯Á…%ÉdV �uÚêÓOŸ“k|CÎNQKÆóœ{d0‰e.ÐïÓ§OªÊô¾ã»wÝßóåêvñ°LyÚp†ö`1åU)>*'SpPÔ9¾o( –='<Ž½SUóì+Ã
^•Ü»•
„âé¥Ü¶º¿tƒ:ÑÞ ¶|¹�7?
-V>‹2°˜ÓÙF^@õëL 
†®Ô½û2ee£Ä~μÂaÜ;x
€¢2ß”4clŸ-é©®¨¯�F½7Êq(ë
m„—G´î\³­燜›ËXyΡFz+-´kû¬ñHØ–ÂìøE<bèf�åÑp“Ÿn]»:Ú`˜Z:>øF|�½]Pÿr/OÏØ!ô�QÏœ`õ~uî—¹nŽhí‚ò¸¬5Ï¢öýÐJÝÛGÛ=­:s�S­ëQÐMQÐÃ�Ç3â¥||ʵåºûõQMàATš±¡‚…Ek
qÍÅ
ö2;Å
"ãáÈ^wk¾Áy,dâ@AЙδ{ôFc<ˆ§	�ð<öo×åõüæšFñÏÖÎ4ðNÑgŽl7&á%ÐO­j8žãQÜ>�£ø’wÞ¯Nþ8ùÏ•êendstream
-endobj
-1642 0 obj<</Type/Page/Parent 1367 0 R/Contents 1643 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1030 0 R>>endobj
-1643 0 obj<</Filter/FlateDecode/Length 2115      >>stream
-x
}˜[oÛF…ßý+æ­	PÓ¼_žŠÄiZmãÆJ݇¼Ðe³‘H•¤âäß÷ÌÉÊBQ èñdz;—åîRÿ^äã¿€²�¢”Öûßóñ—ùŸ�¿\‘—S%^J{Jc/ÅŽî.’Üó)
C/+|/…c~
ÞòÀK(ÁÌÈ=~âeÊ I‘bhSŒ­b4ÉC„„	cf"˜‰ATh Õ yŽxœUrLÒBrŒeJ<¬‘ÈŸCÕ™‰p‚3ÆvF«Aã¥sT+�p€~Æ™ˆâ9­f+wÄQµÆ‘T=+8"ì4’‡-¼ÈÀÀ—‚Eè=O&(q"J&5Z'EåE“Mü¥×hÐBJè¼Fï)}nÌL­�3NÈQ£AóŒ«è¨Ñ w×P£÷….Î×jÐ$Xx­fZ,òµ4¹ÎsTVƒæþrd£÷£õ¶Vƒ†Ñ\uŽÙjÐtóØß ÅˆsE™þNTûé¨ÑsÕþN^í§£FÏý�éØßÑ;ö×QíïD“Ä+(qÔhŒœÉkë¨Ñ¨³n3µóøfd«AÓ”_1ç5š;òštÔhPd�î;j4z¼bgj5÷7]Œl5÷7^Tcì¯a=q}¦¢´¿NƒbOCFŽ
ª#;j4(¶y¬IG�F‚b1¯Õ ±ì*³×jî ¼Ž
Z„Ë‘�F�#Ù|g¯Õ q°ˆÙjPä‡:¯Ñ ™l¿Ž
š'¼_9j4÷7_ÖYöØ“�]öTUîœiT`dC�æò»`¨ÑÜÁëÊP£¹ƒ	æ7ÔhÔQY¯ÕÜ£9¯Õ¨FÀ§‡£VƒbäÔR£A±‹Ø¨¬æ:gx�ÜÈrÌÅÒ
-$äók¤J
-i4(^¯ÌR£A3¾ÞX/ƒüré1(…¥-rÞ8ç‘5K
Q9j4
-‰R!Ý™Z
EÜ^G�æ&ÈÒ˜©¾ú±lØÏ"*Q³Ñ Ø4•£FƒbÓDöŽ
Š#s1²Ñˆ
-‡Ú;{­Ö˜#ë«ñµ#ã¯(‰ÙhŽJ2rT{6zC¼dˆj¦VcÞ”/ŽŽµ’ã#‡¼ñÇ¢´¿Nƒ¦9wÁQ£AqT##G�ƼaÁý�©.Xì÷|¬(™VìDÑ0c¦b�
-¾jOVUÎ:SÙR5šó	0†¡Fs>|13ÔhЂW¤¡üÚDyŒq+æ«à˜ŒÄ>AÊŽi2ØE¤í
Ÿ‘(6*Ä¿ò9Á7•H3|LÑÈ;ì ±ruå;$!Fþ,QÉƌӘ¡£Pj‹)ªˆqÆIˆÃ86P�Xzr›Âþ�ˆbg`4ÏÉU2Ôh8âøœ×hPÔMqÔhЂ—«£>§¸¸ØÕSŠDHLÜ0>D¹¶)ß+U03RÊg™ï“O¿¢œÑj„“„(ƒ£oV²æ¥×ªxN…¸JɪF?c¼«¬Äp\Ýœ¯¹¡IDvŽÇ¡^t"ª„¢|“FD¸¤–ªWz	ªÏŠ2Þ‰ª×QõâSQÒQ¯(ã�¨zU¯?}\IŒ¢Œw¢êuT¼
>„õâÎ^UÎ;Sñª^ì—®V¼›¦ReÍ_õT+CÕ‹§—™W”™w¢:¯£êŵÚÕ*e¼U¯£ê�¦Xæe¼U¯£òÁÄ—_­¿žªÔë4ò�CÔÁPõâ_­•<+Êx'ªÞ™Êb–ßö”ñOòÿìs
-3Ê–>##Áp/l®8pññ‰÷§®¢íÅÛÕÅÕû‚BŸV[üp“f9­6ò{
þ²~uó—Go‡ªÙÔߪþõê<�a^}ú2äëèjójU>ì*j·tÝ6CÕ㓨Æô¤¬\<‰UN·m7”õ®¾óˆø�èÒàÀ£_o?ýÍäÒ_�У»ëô©©¿1]BŒûî�±-AìÑÇjók9Ðousü±èÊf3\ÞÜÈ$‹ùñô]¹(	OP;<U]ß¼¿£õ®žò:yñþ^®ëfhû§é±ŸNãÃo*}¸éZÆa|2î�H¼}¦uÙÐ
­Ûf[?Ñ£wW!Ý—Ý�‹ÛTë�ÚÎü1¦²§rœ˜¶`¿D°¨‡€ þŠˆ>¿jÚašêóëu*\3~¤Æ½o'óØ‚ó4èÅDÎÕ«PÈïc!ë¾?V==?U�ŽúùïU××móù5Õ=ûjc3:ŸºÄylZTê±èСþhÕ¦«1þþÜìÚrCÏm÷¥n%\©ãØFõ¤ˆú¾nàíåù{x»öx�ÅüâYtëS_Ñ®ª~ ÕõíÕÍ-õC¹þBÛ®ÝÓïõºkûv;¼\
-Øð±X«]5Täžw´­w¨K¹åeß#ì
­ŸÊæ±:çF X
-ãò¸ßÞ;,›f×IóqæÁV"äé!~_§Ù$ÇË“$a˜
-òC‘\ýPä/£IÜ3¡�_zïªîk½®è–J‹QñüÇê€
€Ûòöøø²¸øœð覺vs\X/’Á­Ì£_ª¦êÊÕͶ=
?‘p�Ž�´«¾V;ÍήR|°Ê$U×`ŒªëÚNZ>ƒ`ßhé;´xͺcÓ°8tíºêÏXRloå°~ÒÍrYQ°wuùØ´=ñ½=vÔË^Ó£hUÇY,j•ž«„�×KDˆ·jàB½L3åB¬°@�Žk¢B
-NÈ>ÍNmârVœ #ŒÎ9QZqÆç j*09Q!�é9˜�0;ó¾X¢œJ1ÂâœßÍ:iàŸÅs‘¤J§E®wC½Ûá­ú*«;ÎÂ^v˜«÷¸-È	(6ùYgàËC5Ƈ`š„8€�ƒHùyuñçÅä\‘¨endstream
-endobj
-1644 0 obj<</Type/Page/Parent 1367 0 R/Contents 1645 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1645 0 obj<</Filter/FlateDecode/Length 1452      >>stream
-x
}VïoÛ6ýž¿â€}ˆ8ŠÅv¶O]Ò.ÚÆC,è<´DÙ\$R%©¸þï÷Ž”âDíÚ"€%‘wïÞ½{äד!
ðH³�§”–'ƒd@ÓÑE2§É|†ß#üYIyø0ž]âñFÓI2ê~ø}urþþ’FZåH2�Íi•ð&í]íD奥Ñ8¡¥±^lT¡üáÍê_l›Ðp·��æ½Êzw¢ÜÚûèÈhÂO•I²Bo%™œªBøÜØÒѦöäw’”Fø\¤’DQ„7Ç5•5O¼]9ÒÆcÁ^§ÐÙp¦¦¬„W›B&´ÚaeÚ N�öBi÷œóÌU2U¹J‘“1`#Ü á((LoIèŒjÇ¿—’ÄJ/i8k*O’	W
-F†	Ý,ï¾'c–LyÉÍòÔ‘*«B–`B>�àêª}e´µ¦®°ÌõIÚ>
-ÕgÎ…°­{J»ƒG*š,œÑný†‹•h¹ÀŸß›)!&åª�ˆz.}zßpqá±0[”È™œ;NQR)€ä~qíÈÒu¹‘Ö5lp¯˜5ƈÞu*­|,dÝ[¿a˜b`ú
ì	}4ÎS“Ed%÷e¿3ô¨Í>¬³¦’J4áñ%dé î¤^÷vLUØ—éô©úc´-_(Ç�óu¥2®lkXv†˜A¦²ƒ~¯ DVD
ý�Ê!ä ^®'Ù�p0õ)úÀ‹u-í—*<)–™v4HEö
ºÇ;žD
X‹ë>–©tG¥`ªä¥‘ŸNοI‚N}ùøöáÞÉbhžy^Ö½¶‚KtcŠYPZ[žË›åÙýC30••iQg ÿlä?½¸Oúœ¹“³v54xªÍÆd‡SúB	ó�qMãT,r$ujjžl�´Zö!°G	ý³h™f߶VÀÂÖs.â(‚£Ng@™­1³,Jf®Ð�ˆý<T{åw
æ+:a4f/³èJÝ‚‡rfÒš§ë“�Þ,
_3•Ø‚­Z£“ää³ðGàš'¬Îí³uom5ðZzn™úû‡ÀQYc$PmÓ” Õ&Ç[H¤ñ#œ2çVÊçW‘'ÈB}¡—­Gòî%AÉJh(À¥B³—FÓüú§&7Jèîê–îµúÆ�_»~ctM×Co4™"£'´‡ív×îæu¬\HK0˳(1eÅG®®–ç‹%ôéõñÇ+ùPù®4h:…¦ú­f'gÃöþsª£Scm]yÊ„äq*¹üèpG¿¡g¦?„Ñhˆãþöz<¿ +£5Òs�×VqÉt÷á.¡Jr$ž c
Ý£¦4ÀÏ}•¸Ô$à¿O™bôƆãôÅ™† ýèÞT›™Dò94¯}*¼M>7êâÓûG‡ìëO‹ÿ?œøc0'ÑŽg”-kù6jæçm|j„`qnx¥ÑžVæ­ü®U�XÓœhÓ�ölZ…Ì=�'K…›p]ÁÏ7Vàxä¸bo¬¼;PïÃà€íx26jÙ(“¹¨´Zæ
*‡.Ej
}ºýònqÝNuHçš.‚ÒÑ“]c�á.ÓÑ�˜%ŽÙX‡]*vÜSBÑìùÀ–5CE?ÖÃî¼Å‘çù´Ù›çc˪íÎwË\èáÛ«„H\I;g¿m§	Î#K–CË
_epC ¼ÖAªèZ„®Ibf`a"¥”ÇN�méØpŽYì*Q0fòh/f¦
-cˆºãä{EïÀ-6Ü{�ª’p�;zJï×vÝe{±l®[ÔüK¶Î¢/M„ñ—a\¹Ú×!�Tó¾Ý^š'ù¿LfýlÐÙüb2`Ñp0è‹Ÿ¬Š¡†ýlaÏ_\ˆ§ñø“ôd:O¦#ܺ
|81Þ­Nþ<ù&gÂ8endstream
-endobj
-1646 0 obj<</Type/Page/Parent 1367 0 R/Contents 1647 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1647 0 obj<</Filter/FlateDecode/Length 893       >>stream
-x
ÝVMoÛ8½ûW’\ V$Ù•�=$›k é~ć.P  )*fB‘.IÕë¿�”ä:Nì¹lKÔðÍÇ{3Ò·QF)ŽŒæ9Mâõ(MpyµH
-š-æ8Ïñµ‚ªxc:Mf§ë7«Ñ凔®hU
©Xà¤$ ¤)­ø˜ºOm¾«p:û2vÛ/¯/Xözõ8Ji’¥É;†Þ²m0<¿0Xsî‚AöjÀ౎ąµÆže¯Þž¬¬ðáÊÆËtÀÀzî\~˜Q–µÙNò"ľm<ù�t$5þQ,©µ¶(f´;áE#ËäcÃ9*à$Ÿ¡ÆGI”Y#²¯ÂItýòPZ(¼ø†ôÎgó‹ÁÔzvγ4½`C8@¥å}=Ò/É3«¼°Ä­`^ê‡H5[£¾‘pG{Ó„5MÌ9Q¯¡
\ÕÔ8·jxs¬œ–fæè™4ÐyñìÖÃKÕù
óä6¦Q%m­)Ýv!
ˆÐ´ë½�ÇÄtù3Á×'¶Ï\#×�´¢$oˆ•øÛ‡L¬ÎÇåÍý)©Eß·Ÿ–Ÿ‘0÷Òh2U´ºgõšÑ{¡qúÇ4–~lí?MòÐ;©TئIóDÎÔ½:”|
-©K7ØR-æ»Xð˜Ú¡ô†&J?/JL48D8}�£[+B#ÄÈCfƒÞÎKäƒÌ?ýñõýòv¼²¦ŽP§…iíãCj®šR¸dÓÞ¸¢lÞÍ i70rç„þåïPÄG©›qQ¯-¸õ“åòesyäw³'DÊåûÍÇÛ¨ll¨®ÔÎ3¥ |¢4CB{»d_
-Ï/7Æy,;ªŒRf7ÌCœ·øÉr<apd�Êíšñ': šÕâ,9+MͤŽ/ƒ�¡¯ÂÐå¬qÂQ«"Ä°(‚Ýéð/5:¸b*[aP[áBÚ‰mÔBTL*,⦮-9ó"ø‡ ²NƒÜX
«=í¤ßDþvÆ¢CA$VTÆRÍöÀZ¬~‡ÆK`ÒncZצ.Œ–µEÙ”ì<mŒ*±ÄçCÛlÒöóã·6J	±^dž{K·Bá9n¹kGB&$Pþà¡{’ÅÖñ6¼_-‹nšeh\L©(fí³üþúîæšþ´æE¢[ÛÞ¢tÂÎI¿a2OÃÛÂø(wVà•äMŽ7ØgÓ<à¼_�þýqŸmendstream
-endobj
-1648 0 obj<</Type/Page/Parent 1367 0 R/Contents 1649 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 1041 0 R>>endobj
-1649 0 obj<</Filter/FlateDecode/Length 1656      >>stream
+ÈsÑï0´öº�/ç{£Bìwa[ˆa‡e|’0¶.®Æ,+#x'…ÙÖª>|y�ÿ�;†#dXþˆÏœh1ÊG٬ٵ…ŽX_aÂÚ¦ï͛ӧ§å«?Öý»Os�à=i	zߤÌf¹^ÎÖ«›8‘^¯øèçÍÙ¯g
–ËÍendstream
+endobj
+1581 0 obj<</Type/Page/Parent 1372 0 R/Contents 1582 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1582 0 obj<</Filter/FlateDecode/Length 1670      >>stream
+x
…WÁrÓH½ç+º8…ªÄ±㘣!K-‡„,q
+¹´¤±4Dš13’µÞ¯ß×3’ì(ÙÚÈšéî×ï½nÿ>™Ñ¿ft}IWJ«“édJ®fø9_^ãç%þ8E›ðÁÕr:¹|ëƒËŇÉü­–Ë×>­O.¾Ìi6£õÁËkZg„ÀÓ)­ÓÓG¯œ'k¨.=Þ}ýI§…6ŠR
5^ÑÝZþrÄ&£ÜÙfK†+剽ÜSk›2o¾3\ë�z/oMÞ¯�Lé|v…ôÖÙéZNÈõia[C]â&oq×ñ:øHe”ì%vf+Ö!IÖ‘Ú)C¥Íñ¬–s£Ô%KטQXŽ)ý<ÿ¡Mf[òÊ{�ÊQGèÓ½\å˜.*÷d“�¶�'×)ª¨!eÜ—àiO‰Ò&ÂÿBAoâVó³
+yo¬«FyÞ|»]}½{zöðZ„ßF¥¨€Ý^*Ð5qYÚÖÙ˜LÕÊUÒÌ�‰S™v*�‰[âQÜäÔšÚÙ²D·¤eS£¤	�¶ìj�6%;€oŸÁAº-tZPí/ov·X8µQN™Tec\WY¦%ä½?ÒÞ:»Ó™P�iÐZƒ�lp§Ó®˜	H+ºþß—MžsR*Z½84ªñÖf�°íéô~uûôžüIWB¢.î8æN3
+?Po²ÙN“2/#ÞnË.E»3
+šò–]êz–—;„Æ" ŽWd7Ȥ…³Fÿ#ìÙ²÷­u™°©n˜³„F4p”>½#RñµEo
Æ«žâDLJÛAøtÚIýU³ŸÞ‡þ\|ùH3Ð^¼âÎ0›O®&3ÔÆ.W5=B9RⱯœ_Š¯œI¡/>5$›3ªm”êñ¨àJ1¤þÖ¾–²�qÂ"œžAfã؃ViÝ ÆÐéŽjð�Ä­ö  ºØ =q1øìë. È+Ü�ÓMžµ0ÉH7`q£E=ÛÒîÃuãhÇ—·º.,¢ )IˆWÕâWŒ°Ðר4Mmcj”q\U'æÜ)®a0^W ÒFG†Œ‚r%+\%‹r
+Å™ð'f*Ñ_×pŽè—ùJ‘Æèšw*¶¥å½+"ß*ôk`D¹‰/Xi
+É:Ž:t~sŠÁƒT$ö}è~&¬DDá“H�^Ž2‚Ël²
+m„€C–nuꬷ›ºã��Z¤1Z‹¬‚àEéQ¾#Xû@^qg–¢r
JAö"Õ!íÈByIz�Ø%3$3ŸÐŸ3½$~Hn|$›É¢2m7G:S‚…Âu.c�1saµLi©
ïE¤3cV×è2¡t`òp!†úÐMþS ¦Tö2…SÊXU(µµ”		�j|Ð�ÍN•Þ¦Ï°€–a݈%sÁ©ß
ÈzÂÎ�œBk‘Ôð‰˜T®Œ)„™.Þ=<„ÎÂKG=‰EÊÈÄ&eÌᘗ8˜2/zúÏhàP+[
ø�žgBQ”ªp¬¯˜¡{ʧN'xÔÆ”d]‚ÆŸ‡†¾á�sñÀë¾7(û^ÌÄ¢>#³·:,ýý¹.•ð4Ú¨–öŠ�?#µ
†/øa"n�F+'²Ãî³cVŽ®¦58J•ªÙÙP\¦R›©þ¥ˆìE¨X—"‡ÿ'oLÄÛ‡ï÷Ÿ‡™ØYÓ�‹
QéweQA'¶QL§ÊÐa»•VCA‡`éòbó݆)RKË&¹ˆeņóЮ3é vŽÃ\1ŠØÙÂÖÚ÷@¥¸q^àn0T¨Ôe��úÀZHÊÊ:„)®Á°p È ø{§+ÙªnâÒùy؇F¡±CÜ^›Æ„�ŠÃ„¡B³Îd%+ÄK¬¶{­ÊtcJl†MrC¡sÑUeîMTŽ&¼mÜÖbÒŽ©Þû	ðñ}ë)ô;5(Å)ÓTAlý00£žÂÿ‰mU”@�¨£j9‘!'«/Ö³ö¯DºñÆ	}œîE&Ç…	ä‡f†o�¥r«í(hZ°ÉÃxq‡•gBŸö7YtžàöB!§
C[‚1ÉÅÁCâ7ŒÞ¾¶³Á
*ÞŽ=/xÓúxb÷Çð5e„;ºûð=çâ˲³ÜÙ_é–W´˜MÅ
V·ŸVâ¿d~ÞØ-š *‘ªÏû×ϯ§åýÿXºæ×óÉõb‰õï|¼–£¬Oþ:ù9ǃendstream
+endobj
+1583 0 obj<</Type/Page/Parent 1372 0 R/Contents 1584 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1584 0 obj<</Filter/FlateDecode/Length 1760      >>stream
+x
•XMoÛF½ûWr‰Ø´d+²“›7@ÐÚu+í­X‘Kkã%—Ù]ZU}ßÌ’2E9HŠÀ€MrçãÍ›7³ùz4¥	þMéòœ.æ”WG“lBóÉ<›Óìê¿ŸãÇk*åÅtþ&›�_¼_�}|KÓ-KØš_á—‚`g2¡e~<�e³ì<£[“{\é:�æIÓ�ñ:�Îoi¡ý“Éuøiù¦f4�&S§ç—0u¼0u®Éª¨é|2™žÐBU+EkèA™ZךÔÊX·™:j¯òH×Çšºp›ÀV&ÔS?�‰�^ß)ˆ½Oètz‘�³×[Wè×Ôx]îl8!¯àÆתÅáÝrFÜ ÐEŸÑg1ùëÍõ=©º _´_iä|BŠ
+W!Tªt…GäÛº†÷‘Ç�©Wˆ�r8Ðu[!¤ÜÂ~{ÞµM@v¤ÿAv¹"ï *Mµ%À¡)ž?Rn�®‘¾km
ï°‰CÁ!ŠC¯ÈðÉÀ�ª6_SåPm]–&|¡P\²>BS5VWp
à\�¥º=Sàôb
+šC©ýEFwcWeZ *ùúµ^"£¾>!çén±8!ÃY–ZÅq¢‘Ÿ4^N˜Võ–>ß}ú‹\Ãr‘Ã6D]…Œ>ERÖ‚#äÓ8^:_IN@ºv!ÖUD-Ît*—f︷Òh—àìhYzWQaŸGtcŸ®õà|F‘
+Ê�2SBæʺZ§46Î?â�¶½õ.©=÷â´7ˆÐ•T¢iFnKcñ. ï L2…¬Ë•%y#HetMµŽì�(�À1Ò&r»uù¾ÑØ7ã1p–¨‰jÊ]Z³t÷iA…Šj˜	õ�ØKÏÝÜ-¤óP
þ¨/ÓÈã ¢ÂRô÷ù<qS˜¶X�jkò„/záÁ«ªe`)”'QfG~d¼ã[Ú–©ó‚Ô“QOlúv$´áŒjìIØÊ\ž
Z=ãvIÀÛ€R�ê¢mVß×;ÊŽºULâر¦Düî–=nI
o,b €…N­—ƒZo LRNJå¹kÑb½0õ}?PÌ$‰¿¾HiY³ò
+/öÑÅ`õ¾¼1ÿ$¼Té|¥ò5$þ;ŠÉ*´TêÐD
¬ZöÜØ–»âé[ÈBÑ?G¯ÇµkÖÜ[Ú g;®Jx#tÙcÒã—xÕxSIÖ®ŽÞ¥ÖšBÂX¯ØØÙGÌ]tÇg:ægu"ŒZ¡Lô“ðD`Êt˜[©G#°ék«Ñ–Ñ�-ÞZçÛFzýõ%á‡2Mþo4’	Œr]6kÃCCAÑ…¡˜GiRÜ6jx8pºP5&wn'}Ü«F
…âÕ¾†@ˆ.
ŸºŽ‘R9«¶ÉhÉ}Â(šñ„•�C£1ÛBúþ(Õ”©Ò§À	[°¬G¨jÑÓ
Oçí1UJ	>ÅÞ9tF¥0á]‚úÍ`ÃéÔ(~—D¸Ç$}ݳ` ]"™Ü9ÏÕÜË<ci¶N!NLò¢µÜnÖ"îq‘Á‚3ü€u‹ðgA˜ó¼~£:<+qv•6�dpßРýÙ\o²+ê¡Q®ÎAØÅu„[¬4¼F׳è E�äW¨Š©�6@ïñÇÉÀ7†0Úë
+ŠìhFª7‰‹Ð£ÁØâ·'3ú�WÍÁîÖÝ<çç;ļsl¬!²ð,cWøkЮ‡Z
ó¢	»aÓé/÷ô“F Zˆæ>÷J?`y�îåa�|ŒwLpÐAˆ\k]°²�â¡VcMÇéÈÑ­|‡•„óña@âGOÚc†%+
+zÕ™z•ÂNßý¸bã¥Ð�ëä–7åÆb,¾H0‰�)3D°_[DQvzž$å;+í,£{Û><¨ìºeó±ß!n¥í¾u—ùÞ1Lu‹Eý±v èþú¶Ûy»•i V!òý†—µïyŒPâœ7ÿ¦
'ê|];ë €¼^à~¤ØI¯&íÓ.ù�"—åöy�»¬4€bˆläz·úö«á Rs:ðn­ž8¸Â}ÐU
T&
ø9G”`«àƒš•-ôîÀåNÎj”GaZ«<5k^j£=HpÙ�AY¬�†�Æ®,›·«¡O ‘ÛŒòäåÕ!j† ³j·gw”V_‘zŒÑzZ
�gÃÝö²SœnwîÄ#߀
n¹ôB§[Ý;_uÃf:Çuþê‚æo.Ówq}ûþšî½û‚Ûݸ7ÎîFÇ>Nû§—“·»ËÜ�_äg—³ìr~…ÿÀEðí›üyyôûÑ>Ai÷endstream
+endobj
+1585 0 obj<</Type/Page/Parent 1372 0 R/Contents 1586 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 949 0 R>>endobj
+1586 0 obj<</Filter/FlateDecode/Length 1782      >>stream
+x
�WßS7~ç¯Ø·’™p`ÞJ Ié4	
ÎЇÌtä;ÙÜIŽt‡ñßoW:ûÉ´ÃÄ
Ÿ´?¾ýöÛ½ï{#:ÂψÎÆt<¡²Ù;*Žèôx„Ï“ó3|ŽñÏkšËƒãÓãâüGÆ£I1þÁ/ŽÒÇ—{£ñiqA£É	Œ64>>/F鯚îÄÃÙékÏï¦{‡ïOh4¢éÁNÎÏhZ‰á#š–û÷ÆÎŒ­¨:P»Ô¤:|ÚÖ”ª5ÎR£¬Zèß�±•
+aí|5üþöò#Ûj?W¥¦ÖɯZýfú°wD£c¤7­ØWåÖ�>MÙ�|Б¢¯Ÿnþ¦°	­n
+š.M U×|ðÕ¯Ý÷ØMºØ¨ri,Gx³Üå ]‘Z(c2¡Ð™VÍjM·Þ4ÊoèÚ5xFWζÞÕµö‰:EZ*‹ ‚£r©ìY.µñ[4°­²d—ê‰�!™þŠzÔ¤çs]¶T�ÿê

aýçQ$«ãIqÂ
+Ö0éìÜ,:�œfZy÷d*cü=‡OsS£œŒGgI²±Ã÷`¬�aÿP·åáJ5EuŸô4Ù§¹ó¤
,¹¹Ø@¹žL)Qm–©×ß;ä“1§ {ðÀdߣ¾wE2�ª4'À‡V«ºçœ R•�SW™ÓÚÌ<×­vî1P·JPògŠT´l˜ë¥j©qUÇÀ�T%'œä7à	³¾\êòQ÷|5óŽˆA;ê7¨0¨PI)Y½ÎsO0
+¼}ç=i¤¡UؼeÚ#jµ®$ÌW„®’�W9Æ@ÅÊmkŠrþ³Ž=]îÊ
àû¥[°Hd�ìaÐeçM»yÅn²]y†dc2�¼®õ“‚plÉ£À’nUAijtyÑ“QÔ'@wZZ�˜ö•+;Ö¡¨KLÐÆù¼ßQpeêPĤ –è–½ˆ²4Ðè¤8)NúŠ ¤À¼{n®éšEï%j¸<fÍÜ�|A x_ÈE†Òkɨ³ ÅP³˜›h—å‡,2ð y�.¨‘$ÂT¬¶sƒ«ßö¿Ü\{50¶BmK�Ê@E<K2Ê'â¹^ôêR�}äE Ð·p6c•ªô!âž\n¢¶�v©¨A5:^Ï�s°øÛ^–üCA7ÒÊ©d¿zp3>)³[BJÂd‰ÓTÛ¨Ø)K
+áTPQ-2·Éf¤ëVð)ÀX;
†‡$Qâ€ç
+B¤°âYÄ>ÔëC©rý)cs¿}®¡Æ�c‹Ín³ŸÃÃýËÁÆñy\ý¼™¨Ü1sã!z­iô[f…	™ÓMø´ÕÏm,-’™{׈
)­&’ZAø¡É(:‹'¤‡}
bécüˆ£çÌgðÚ@xd`50ÅLÅßCyÚ[Þ%¸eþõ
QÅîã¶ICkŠ„€GW·!ø°#žXÌK�»ˆ`°Xæ8tS
mÙ„j¨™Â@^꺒ÇÔV3ê¿þIÛh0%SÙaʲïf(ûcΦh­6ÿ!"“‚¾HRt%È‚Á®ZI6.a¹”V�+ñ.±ÐV󆧵
+”[f‘å^äáÖ­ÐcS«Ž×+!G‹ìá‚Q‘ý!Âtµ—Rnu‡2†J
Ъ_Bî ²�‡³…Ÿ(Ø“„Z²f`m«dKÊX”–ìLˆô+7àN-(ÙDÅöºí¼…;øt{}%}�xâW=Uí@‹µi—8•…“9–…lh–Á�á( ùevg,Äš‡Hô9 øËŠæ>Q6êâ6‰Ì©¤Ä<vPcLRè +
ãÛð€¡Îz¬ŸWØ�ª·R¸,�¨²
áζË!ó[ºj‡sýËÉæ“£�À~p6 ˜dÁ=”§\J|².æncBYÖ•	¥Â„h …¼}a×b:gçÒ®‡sÛ�w˜æ®Ã0`ã˜ÆxæY‹1�!}ƒeRùÞ®ÒÞ+ßp¤Y¿¾ü‘kˆ©g±"°?ÜÒÒÔ£YtMØ�ù—_ƒU+^L°Ç
Z‘ÎÝÍxýþù~ú9É7
+�•ˆ_ˆ$äÚ†gñh¥CéÍ}¶tkv¼Ðí¶ÿØ•,Ћ3ñ�µ¬8–ú*ÅOëhzÉÊ‚uã:OÛ=ÓÌ=£ÁÅï;ië2ÎndÉÏÐWhôw—x7åŸdw ÕÐG¤$½øÊ�«•gVºÕË—5¶ùþˆ5-¶_òKº|€Nã×ÌAªhŸe¡Þo¿�£U|ßA,xj<™Ôws£ß‘	fúÙù•%•5gÀ¿D®óô¶3šà…üü˜&ãô6Q¸õî�ßÈ®‡Û%ƒrÐ_88;ºH”ü_›ãÉÙIq69ÇÒ	*^\°­ß¦{íýÀNG³endstream
+endobj
+1587 0 obj<</Type/Page/Parent 1372 0 R/Contents 1588 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 952 0 R>>endobj
+1588 0 obj<</Filter/FlateDecode/Length 2040      >>stream
+x
…XMsÛ6½ûWlOVf$Z¢dIž:N›4�?šª“‹/ 	Š¨I@
H«ú÷}�Å$íd}Àî¾}ûv¡¯3šâߌV1Í—”VÓhJ‹x­i±^á}Œ?+)çXzüïóï«›hFñõ"ZPE³é<ºi?•ôçEÿ3ž.®£Uÿiï3ž.—°Nò{{ŸñôfÍ{OÙÃÙuÅCßo.®>ÞÀmrµ\ãMæ]žÒ&ÍÑu4‹èN×ÖdMZ+£ßmþÆžÍfaÏ$^aÏhS(GŸž¾lž(“.µ*‘ŽêBÒΚTf�ÅÇÆÉŒjC[YÓ^éD錚	¼ØFk¥·d4Uú,³O¢¦ÀrWË*b«SšÌæˆ
Ö¾´»a3;‘”’LΦÞTÆLj4•Îù“E/t­RÁÞSj8–’rc	§dfïè7S	¥Ù=Ë>[Ólì¥ÇÍÀlØßÓóo¿ú.­Ü6¥°—„½o
+FÇäš»q�,5„ðòz7æïö²¦ÿ¼}x{ÜÔ…/AŒs0ìJ¤Ô´·ª®ñš[SáÐË€Ñ$ElV¥—´ƒó;‰½Iø`Håt0
	0±qm€„¥L9ìH†c<�wTâ@…x“œ©Êd*?ø<*�m�çWr_ EX“+¼ Ñ{ìÃþs´7öÕùø®>.[Ò l&]¨_Š¹Â4eFw|Z
ýò-ÇúÀˆ²ä¬±Í£È*¥9*Q#C8ÄÊòÀTâ%ƒüW2-W®[ð¸¹âû
]Š¿s¨–ÊT²J€{ª„CZiC¥Ñ[ ­eà¼GÔÉ�€“’MMzt]M£ë£K'vHÛb—¶ØMVÑzF¨å5å%^®( Õ�ëŸO–K_&…éÀM$P¾8b�6¸ó?X‡ŠæõÒ©­F,\8¡(éw€pw¢œªv¥äó™y!äC€,¥�¾<W€bØ+Wpþ^F¹P9”©òðòŽ”®å–¡#ù2ͧ ÷uáùÇ™C•3—†¶úÀŽ=×ZÍB„öG´ab;¡²1()*B27„§Ï·0�B«}…uÅ’³Ž‰
}‰jµ¼‹cÀ;.øÄ©6>ÐB:T™pÇ9OrÈa/Å�POâu4»¡ÉÍ*È…—é8‚l~m”õ°»@ŠodºM‘g£@�U"Xsµm€.$gÈŽ�å#m¬E&‘/$Q4(罿ýõžî6ô×óOçvG-'N”)™…‡
XP^Çèz9:éĈ‘¾r‹à"'ÇmŒ®d�^íDeáAÇÿÎB�=x±‡çî^y™Ó—Ðèà¤/ƒ`PbLÍ2ùú�?·÷¾?=~ Ç§/àw§pèDÌ×½ªAn§¿ƒ9w24?ñ*	‚ª¥`þ£ŒvswJ³E!ð;æy%ÒBiøz‰ÞRaåî…ö*�ú÷m›}xYTU8výa|<;{Ü
Yÿ±�û³t@T�€c¤ð#À7™èHÒ7€cÕViQ’«¹¨ñÕ
Íà@Û¹xJÈmãeºs„Ï"ߢ¿cÃÖàmD?O^Þµ¦:à7°SâtWÆ1¹¡ÜA^FÝWsÌFè±xâu‘Û,|y7FÝïáNZ6Ð>–®Fû
O»é%£LÈÊè®wãÉs‰¢gÁÍ�a±1‚ñ½L@‚-£0Fs÷Bq�N+¥¥A9Ô­£•²–W
%V¨³6¦±ž–bœÑ¥éd^¢O76E#���Gt EÜH‡ÓóD•ªîÔŠç¨V6à†*	Œ:ÝDƒ×�ÁpR+‰Î‹tÂåv" iHhÒŽáð–€c/²/£]Ùl·ž°Ãþ�9¶Ñ*PèÁN
…À±f6®=Œ«Çb¹	lÒÂJÔÓK;Q‚ñ|¾ÏE×;ƒZÖÄY
³—p©+¬"@Eeˆþ¶Û–>"}P&^ظá‰C¿Ã¨;>æWèT2
½
+WRh׊߱ä`2�V‹Is §y|y3¾kv«)k„=Q¾!ô˜RÈr—7¥oI%�‹ï�<_œ™|“¥ÙqûOÓWPÕqaSgNø¥?r%¬ïºŒÏg½†5‡rÁM.'\¸œŸšú<VQ»x/Á}¤º–7´!qÒ�äpb½*„`òœ©íC	äÂ<èª	;Ý6|É…$¢ûv;{ÑÃ
+‡¿®;É#W%mß9ª]Û,NkôwÖ°˜Ïj©7</Üœ·Æ@<Åß
ža�öm“#æNî}q¸uù½ƒxxu˜ð¡�ÀTgÂf¾ðÚló²–¢Ôö…Â�Æ5;.Þ�®¹0ìÆGTzÝ8Üà“Gª‡oY&·®­¶
+ÛÛKæ¼Ø³äwÊ‚)Lµè"gõ]BÇâ£Ò''g¯0ø†¯O.sÒ­ìùvÅ{*¡‡{P¾ö'X�ø2é/´I£JÖ%¯ê(šÀ@ô´6¶‰/™®®�0(j¯eÖ	u×LP�×P†§~ħ¥ d^ŒýE@¡:Y;
&8qáŒ1�uÈ—;df|ºnHÒÎøþþ	Abɇ_�<úäyõI}~~`‰ñÔBpõqÝ–Ûl‰ŸUÖsü<1�ü½&`úlÍßôÐÀÂUÆϯlxÒm˜¬¦7|úÑï‹å:Z^ÇøåƒM§¼ùÃæâ�‹
Xʉvendstream
+endobj
+1589 0 obj<</Type/Page/Parent 1372 0 R/Contents 1590 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 955 0 R>>endobj
+1590 0 obj<</Filter/FlateDecode/Length 1361      >>stream
+x
�WMs"7½ó+º*‡ÌV™�0†½í&ÙÔ6_æ§Rš
h­‘ˆ¤1KU~|ºõ
ØIÖv’º_·^¿îùkTÀ¸+a¶€ºMó),–«|óå¾/ñÏphýÂít–/Ÿ[X­žýmçÓøòÛ�£r6Ïg0/òtP®
+rB$Ü�Þ¯G“+(
+X·ˆhqW Åuã
La]gÅ<¿Így‘ÃwZµbÓ#*¦¨u·’Ãý»Oïß½YF3ó£™q¹@'ë&[o9îç˜Z
ΆϺ
&@XØîÜ
¬3Ll¶®ÕfÏL“Yi…±ÜÖpŽøÎBÇ ´ƒŠ“û)Œ‹Y^’SÅkn-3høŽ«F¨
ô;ô½ßr·å´ñº‡-{âä÷IèÞÊT½�äc]Å ŠÁmBœÂ*$j\ÎC„Fk÷MX,Ââ¬ÄÌ]“±ÞiŠþììد�‹©Otöoç;öˆé“œ©×Z0]L^³zë5ùƒø
+ ù$]â«MP,¯�ÂçA(똔ÁF¢ZŒ¡\²!‡öBʨèî[ÖKwñ`¢™‚#�>›ôÖL¤®™œXºósY÷H9bDÇ„ŠV]÷W.pX´€\¢sî™B"é÷VwiˆEÄ¥å9|t10iµ'_ã]í…Bæ5
ð/¼î«°Ò¨ê¤¨Ì��§Ê—Ë@ÈX°å°`CHE¬ÏLY»®Þæ'r&C™wCÑF'—çyÁH‡E~Šó†cL¯(˜pî69O†›s{4ŒwX¤Xâºßl!�ôÉ\ER²Á6ÚWï¸!CƒÄÓU’ÔØ°:8A©�w=¨»´zyX0±º75Ÿ$ŒßÿÓ’ãuÑWçA’ò1\i«{¼6á0Š$JŠ'4%¹ÕRj4¹
{è*-E�ùV�o¿¶T0¶Î(¯¿ÎË‘¿S
�çaÍ,’h¼J«%RϾ›¯1Q]�P~Ï-åÅyfÅ-¶µ» ­ÏÞŸO§½Ç¦ð²›‚óû½t_bÓ\NËÿr2wÅ�,™¹FváþåúIïo€Y �òK„7È´ó¤eîê#‹Ÿ$4£ÚBaÕ{è-6G’™
–àPߨõÅÚ{V�µFw×e=¨¿¤]
ÇÉM¨ï>¾bK£†ÔúË{¢Û¢Ò³Ö!\
+ëçÈÊËþñgÇPôš·þY£Ná5–`úØ�Ó~»e�Þ÷¿°Ñç*ìÃ!åÂðÅP”F¢+µÄ~5ÔÜ(…ÔËHöhŽèPÓ°EሂׂýEEáÅ=£¯²	Íú2ÿ~ðnÿâR4qfr¢ãD%ƒB„ãU‡Ãg…ìB
­zGú…	o®xȈ"D»F«oIÙ¢Üûo ´C\¥sS=Á>^ÐÿSâ‰Åþ7I¡Àø	þFVòÝðÖ.’Úßš¨Aúj/Yv^Ž—ÙaOLHßg1«‰Â¾x½Õ*V?¢ð?nÁøãL˜Z'‰ÿyž
{°íªgªoÐ1îù7LÂŽÖqÌ4Rç„ØO£ '+žj„ïÚ-ý½VÇY�Ó­Ž#穳¥ˆ.Â+ƒN™Æéäòâ(MåØbÃmmDå9	�öß8Lgê"ÉùC¶Dz #0Æ
?×Jð’/_ÿ{f	Ã@j:݈6NBÕ²o¤vj«IÃbú~ßH]1ùX^ÓŒY¹ŒóA±Àg¯åƒVø|„¼º�_ŒþŒûáûáÔGPÆéÀønŠÂÓ¤§%XsKª„9ÂW?÷¾Þæ‹e¾¸�¤˜úööÃzôëè%) �endstream
+endobj
+1591 0 obj<</Type/Page/Parent 1372 0 R/Contents 1592 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 970 0 R>>endobj
+1592 0 obj<</Filter/FlateDecode/Length 1289      >>stream
+x
¥V[oÛ6~÷¯8kQ4ElI–/qŠ]�6I‘
mºÅEÖ=Ðm+•D�¤âØ�ßwHÑvܤX0'NDò\¿óþÕéS‚Ÿ>�¤4Ó¼ì$Q‚7Û?¿¿ë¤'QBãÑ(SIýþ$š´«‚nZá`ˆ-%MÆÑ�Æn±“õS¼2·ØÊF§	”Ai:ŒRò«�p/œð–GnµŽ&Nk¿?Àÿ‘[í„Ãïk’òI·b!ë
&05œpL)¾ZÒÂ	§},o¦�ø2¡Sš.�¥ñ™KNBÓùÑËBÍDñç«ém'¡^Ÿƒ™fGÄŸ£(úù!Ás2²ZXI™*E^‘¨2jŒÔ•(%­s»¢—Ç/»Tä_%�_¿?»úpĬ0=Ù™ZçÕ,ÇñV¥Ò¼áˆ~¢c~èíou^=gCÔ䙡…VH|‚YE©{X(œb‹æ1sP9
=wü{&—ÿÁäR«¦~Ô&4<Á¦(
+µ&Y5¥DªsU‘Z ·>[.6—öï›äã®2Î)NëFºÇ½b�nïNÝÞ懪°Ìï¸Ô÷Ü
EAf%‹‚¾©ªØP%e&3ÊdWrC+�SV•´$æsiÌ—W‡%²²¬×J•2Ë·€ˆyÃdeãçñ‹O|p/Ží9ç@ÈttÅ3aVü"¾<Eûs+¸�Röþ0EèÁˆ~UÀ2ü¤›³÷oÎI}'5c‹ß}<Û"Ëk¶šàAʤ�¶¹¨,ïÇæ…âêåÕ’æª,¹= ¥h‡oÔߣ;]Z¯$ÚÚJ[CG¾“î[?¢Ü8�Üz,â„ÀpxÙ¨FÓgô—Z›ÐìÍ�泬̫ÜXÍ7`|ÂsD8˸ƒs
+…4$v§µÎïòB.¥!ŸÆw<WDÞ4ÛÕa/{Z)ûÜKG!dŠ£ãBÍEQ΄+'£Ç¥­wãÊÒûD߉`ÏÄ¥©µª„–¦V¨¤-o¨“Y©¦Èh&_Ó3ÆÀË%k‰î oVäÙ«Ç5:H•×K\Ó6_
·Ï
”·Åí(¢+´¥¦vž¶=™Q&d	Öpà“ÆRnðî‡Òî%æâNV¶
ålºŒ46Zx-*ëp«²|±ñX2åŒ›ƒ53×yívˆÆbØeBÏçÕ�j‘~àÌA˜@¹ï7…kÂL±†Y®m?6Ó¥Yî3ÌkeL>+|É8"Ñmƒ®Pk
+»´cËE®��hª¼¿HÏ¡õíäÑw9¨¨²}¼�wèkŸÂÿß�”G«qõ²$Q¬Å1cÎV*Ï\Ý<
Db0„ƒ¦¯3Äô‹ü릪@=ßOs¶6Ô’þ¡¥–uȧY;:ØÃÌt“mƒæÊš¹äÊÔ(Žwûºí dg½—mQ…’tD¿P’¼v¿÷¼Ø³ýA­hÖÓ­›;�è’ÕÆìa0/Flblr+Ì1œ3??ñÊ$˜÷i™z�•Ö˜4E½æѺºŒµ#ç`Ñ™˜%�41˜^}niû_#ºDÜòo�9)»tå‚娶S§Mj�ë¶àmoƒ=\Z•¼½¸>þ†A‘îpdù¬Ñ{PÝÞYò®Aæxk{ÂÁç@ÓW=³Kw ¾œ´Lßã:;à‚šx—<|ÔêVÎ-�«9îA•uudS½p w’ð•6°!MáÏ]äºZºnœ¡áx�G)nÀ¼5IYÅÅ´ó[ç_‘Eˆáendstream
+endobj
+1593 0 obj<</Type/Page/Parent 1372 0 R/Contents 1594 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1594 0 obj<</Filter/FlateDecode/Length 1198      >>stream
+x
½Vko"7ýί¸JÑÂjÃ¯²ÒªJBØFÝ„t3mU5ý`f<àÍŒMlOXÔýñ½×ž!„@Tµjƒ‚˜±ïóœsí‡ZÚøéÀqzˆóZ;hC¯?ºÐãï.þkií,ª…ã6œ@”¢Å`ˆ?ÀÝí6Dqóübò.2—Òr-¹ýÙpý6ú‚}èt¼E«;@‹ædú(Ta²Õ!\Âœ=r�,ç	ä+HT΄„új“î�÷Ò-½4—BN®¾`šYµ¥	Â@ã]# ³6`È OASÄLb°s#‚QÚ‚Jñ…�3°
+fÜÂL«b
B¦JçÌ
+%!Õ*wF7£ó÷>›uZݾ÷¯•²ßùÅŽïP¯‹+Ø™¤F‡™ŠYbÜ)±€p‰_©‚Öì™Ç–³juÚÁ�,©§#ß“Ó$Ò”UíX§†¿²ü±àƾ²~®òE�нºEZ­²l÷¦sŽÍ¼)¦™0óÝ;nã9Ïì-䂨³ÐÂðý{>:tnT&âœkN€ÉR–w°-B´ÓBÆÊ"Ì¥m8*Hµ„)‡Â ÷Jð)R��X„5D�©²spÐ9:"h¿6îÉQÅéñ£Â¦‡ÊAìRl•B¶Î VyŽd^sgC/ÈsTñœÈˆ©Â‚³L<IžIé‰×f®Š,qìe.ŭYL[Ý|¾ç°R…†Šh>|3ä6wyoz>lÆÔUWiÓ—¿Ø¬Yh�|¹Uy!s3÷=W(´Dh#R‚ûÆ%<eEf
™’ef[ª„˜Ó§×%©aJ”D mßu¨2¨ºû¼º
åo(óEs�/oy²1¦†¾·�~pô‚AcñÕM!…
pöX¦-N	k±ðª
+Ç'Õ`\Ï„µ}'€OB_}¤g(S°`¿ò”_9å¶poBÂxŽ#Irž"­Ë0–¢x*†ã'O&Ÿ¾ð‚dÜ(wlóÁ2œþº�¹ŒdWÀbdô‚„Ž
Åzb”¼·ÌÜã\–”d®‘zmuŽ$æ¸iVÆò½ÏùÊÅ#ÍY$òاŠG”;F<o=!÷¼§8þ%½Aü;e>Ÿyòz¡Óä5O4˜_ú‚Ÿ
+&ƒjª†%IÅ9���
+%F�¨àÁ#µ
­þÜHÇð‡‚˘pµÚ"’4§OäU·÷ì@ð�ªÞÞ·�ZëcÎ<õ{Çéå·l¹jv¥t<Ê�法ÃøÆÓ$.[ä´9ª¨�ëIY^5ÖŠr^îšwoáOJ�ÚZž”Pþýxy=úpp{uv°g�çxêJ¨Ü’Ši>×É/úQÄܼ‡}¦¥øvç$3¨cÜÑä&ºœ\ßî	ÿù"úåôÓ‡ú÷{Ö)½=K¾´ëÿ½4"Ô1îß*­û/jûÕßíöõÿ?‚nS;åëý£²~‡º7‡ÀË`‹U/º/ÞôÊ7À›78gŠxá#sÇûÐS‘4ïàÛ7¸»#Š„ãa9;¼§{x%/Õp{zuv
+7Z}ÁsF*.r¼K¸ë,Y¶*ƒÖq›.ñÍò¤‚/‰¤ˆˆnÄ&…¥íýÁ0uýe¶ÓîÑ»‹¨öSí/ÂDyÂendstream
+endobj
+1595 0 obj<</Type/Page/Parent 1372 0 R/Contents 1596 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1596 0 obj<</Filter/FlateDecode/Length 945       >>stream
+x
½VkoÛ6ýî_qjµ3DO»Ž[À$
Š®í6Û‡¸Ce‰ŠÙȤCRñ‚mÿ}—”å8Nµðq,ò>ν—çP·­!ýF8‰1!]µB?Ä0ŠýÃñ	}�éO1ä­³Y+¸ñ³œ<Fcú’�¬Ã³´�‡ŸŸ/f¿œþ0‰Žf_Z!¼(ôÇdº³PÌ”J [™ýeŸƒË!¢¨ÊãÅ#ë<[2ô´‘ëòR¤†K�e¢‘ •J1½–"ãâLu#¡—¥A&7†\5Sw<ed/2RÞ@£à7Œ6¹~SåÜ•æÅCh“Ú|óþü ¬k}÷öÃù¤=}Ön0`éR£bÛSÂc,B‡©k=w¨Þ Éÿ†ÅZÉzµÈrlÛÝý¾aßbhتðøð‹çðÇ“_À¯\,¸ÈššøŸ
aSåùçAš¹ª=<vKò’z!~²2Ø®|ÂË—P+x9‚»D…Lo].ô½èP4Ö•ÜnjÈ·0ðuMô-
£¡ÿÊø#?ö1•E¢¸¶¹¿BÕ�º28ƽ,!Ë,#W2ã9q“èXy’ì8’÷fÒ€nü,ÐÉj‘ø–¯L=NЇ6‰2å:U|m|¼5(u™Å=¤ ·ï`YÙ�„YÓÉs´·GR½”e‘AÈMå�z®„RRÔÜÁ^&w¤
¸ ÈEAepñú^ž Ôn:IQÕБ<(àØŸó‚‘jY©&¡èÔ°#)"yx^•:vOX;�
+ç^×ínÍãÈwRÊs\á¼2Áħƒˆ4#QkÜþÿŽs¡Îšf)k¢û�›ƒ˜9?ÀQk[¥°�ÓØ=×,‘¬¨íV™Öó>Ó󣃸µãšg“ÏuEÁZðgƒ­óÙÙ^+¶†·A7úFM�(zO¿
ßAoûß>|nHz…v—@¶ñb‚vŽØ®N»zàã®Ab=³¦öìöFª»A·™b·%W„&—j{V˜³çž&šQö¨½=À{[t©RàÞ“¶>9d¸È¸±3¡P”ÝÞ²%­ÉUÍ‘ÄÝÌóþ:1K}Œ�T7×J–ëc,¥6ÏfqºåJµ\ ‹õü 14¹¯ÍJ!ÍäžÆ|þÔçaट;†’“OÌ­}p9ÞÊQ4¢×žñ£z±ÉúÓÓ÷g§øQÉ/,58—i¹¢—W§õójsï$´oDý­PbÆ´»ïg–ÖKGˆáhì�^Å$þÖ4Ú³ÖO­¿
Y‰endstream
+endobj
+1597 0 obj<</Type/Page/Parent 1372 0 R/Contents 1598 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1598 0 obj<</Filter/FlateDecode/Length 1393      >>stream
+x
¥WkoGýî_q•~®Ì.`Œq¢ªŠëZ‰Ô4iMUUBª†Ù
&ÞÝ!3»&¨íï¹3;<ꪪ-cÄÎ}�{î=Ãç³>õðÛ§ë
]ŽHg½¤GÛ+~_ãu€?«hn’á©ýñM2n?¸�œ¥÷=º¡É1Fc¼Éþ{=šÈŽ’KC•°•.ôãûÛ»óɧ³uû=¸šd"JkgÓÜH‘§N3‘Ît™–Å,£îusšN�m`vÂðI°£uݱSWÌiÊyãkÐOFÿ0Á_u‰àÝ	U˜ò8ìÉT×Á(;>þúu+ÚKW™ÕËéùñÑG�ç+k$qáÏ<FÏ=þ¹|}*
Ç‹_œX¨W”ªJ¦ºÔU’…Î$NÙ'eérÜRúÿÍŠþzqœð¶ôØhå„äcéýM$Kwà[Ð&WÉe2Âý¬¼g�%œR¿˜Õ~7§�©AÖ�AµTáàUs°C¡ô>w.Úg"ÈûgH”Ùô~çkν³”y~8UKíhetY]øÌÜÒÔyF3Eb–+ª�u¥’8ipاËü¿LÌ?ÏxjpðH™)„.©PÅPª]Eø\‡º×
+c*ÈOÕ0K"¦;œÆ˜^xn`½Nè;Ð^/jXF~£Túøæý	ŒƒmƒòR<)*D¦H7…Î…
e>–f�r@Ĉñ£PŽ@¨µ±�<ó•Y(”mjœ®Eé±@ö‹Æ…QxÒˆ+jØ–•–¢Ò¦¤¹±dØ›GLKå.èQ©ø 2DKh²T´ƒîknìt®•Jeì|Ö,ò
+¸fØ};]¥V	M;w:kØÖtÆ…xT4ò±^92¾+ÈÉê….EN
QìZÏÚŽŸ ¤“4ÌÚ2’æœÑ·ŒIiÀœÌâ@8ÙÎè`:óÈ¿Æ®Å_ka²:P
˜îú±ÖÕ’‡Ï1c”@ÚÆÌ{]¥)VHªA¡«XÉ^—’$u¦¶R¥¥sˆ!—‡4êP¦-ønì†f`údÐÄ(¶c¶ç;Vg�©¾
+îvCè�±R ù{C”Ä™ÃÐÈ2zš[SpñíŽl³?´ÜK:p(<Ž)vž‹ÚñͤÝàK³Ò�iœÏª'ï–,øÔ²ÿ=P™²NÉÚêjÓ4Æ%ô
k`ƒ�˜½Åœ¹
hY\†®±NT—æz–F?ÏTÇ&Vc~Ø
·ŠNb2¼qy 1"-h‚&þsÜfCE(÷zt²ÛrEÜ#hñ¬Õ{:Qí¾¶´Ö`?¡tYIï­R·w]·RRϵäMx¸/‘óóF�Ói7à!åCˆ™áåcª½Dr)Ê…Ê°ÊÏÕ<®X!/|lVá^E°›ûUw0eñbä;�UŸkŒ[Æïùç„R>bTâÊü&©ËØ;³°¹Œ	)M�íüÿ�îÄò½Ã=ê�×ï˜bèC˜‘ç^X«ï×(
+¬�e[X7¡äe‘‰\[ˆ<–Õh,®„ -äƒO@œÁ¶œv %‚°ø¿¹�r3=ÇD¨¼TfÖµyµŠø¡epf3ˆä@•AæýšmÒqþ¾Á¸6	ð�¥ì	5�2(à“‚ÄY
’œ˜.¾ƒ}ÑÈ';_CdȾä„ó¬�áéVw¦ç|Çòûä:é3Æ®–GQ­)ÆÄÏÖ²Âíáb«�R 7\Ô‰RrÄþ×BÒq+¹Ý
loYDý¤Å¤ÒuÝEKÚö¼ôÃgãF�û#|½_Òèz¾o<¼yû†>Zó‰¯dwFÖÀ÷š-»Ñ {Ýão2ñE\8ù:å,Ž>Ô^­‡£q2ºà‹í]±‹ï'g?�ý
ðY	endstream
+endobj
+1599 0 obj<</Type/Page/Parent 1372 0 R/Contents 1600 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1600 0 obj<</Filter/FlateDecode/Length 1324      >>stream
+x
ÍWMoÛF½ëWâ‹HÔ§e©€€:m
ø`4�u)`ÀX’Kic’«p—QØ_ß7»¤ÄHr\$>TF+Ü�y3ófæñsgDCüŒèzL“EYgi<™SšÎ¯ùoü+$%�÷«ÎàvHZ%¸1›ã�˜pz8¤UÔ•¹SIKÊõåêNNi4òGûãŽvmý`o¢?žÂžìïVÒ¼pùV”Ø-Y|Q‘4d5ítñLÛBoe‘V=ªtI;•¦$R£)—2æCRÙ�,h#¾HRy¬¾¨¸)Ū�‘Õ…‚©¶qˆb�	•S	Æ�ú£I0f„"-¤ˆ+x“Fæ–tîn0Yô¢�È×ÒýïFg0V;¨ÈÊl›
+‹gš­e.‹€Ê¹€íÝsü-ÇL@«
üR$r
+%IaTZ!XU¾vN}ÞPI—ô®É Òyòm:»´Nu¨ü³«æÊ
(üGwþh㙯0‘?²÷:�6lEÄëè>%
+©cðérBìz‡Êå!êãŠ,"TØ \ÈW&r$ŒŒÊT*P'í/²PÔxš±ù€î«µ¦. C”jýL©zær*óKdÍü=mEi7ä?…ü\¢à±û6HU802*e+NÇSªŒuð@L>,¹¬(`nä2–98ìK—=äÍÕ“E±4%r!ã&Ôa0wt<x6e’¨H1)‰N=×i
Œk>&Ö©‰WÀ+¢ghzoi*ƒúþ˸^3º‘ijÎÀŠ"]ºXè‡#;˜x
�̀�
+]�ÏO=3¿ßI©^«Üs°™©Ý³½”K�AØô‡¤�¨º³˜È;bJ›7å´#¸´¶:SÄ7¥ç+<(sõ•Ù‰®yJTaìÓV˜ýüþ°=×®ˆg2uàê+a¾ÜÈ?ÉÌÖtàb½ò<{;£o×C-¤-£zkÑ¢Ønü9…X‡FcEøQx¦
ïx©+lad�îHÄ1kˆ�ôÍwX”nð·êuêëÛj|uÑ‚9$öM(¡;à',­W,/¸ãXk²/ï”ãþk;¡f¹c{¼/ceüŠ-´¶˜&†ðÜ‹ž\ZÖQmn·n!¢mF~�é4ö—²
‘ó@"±Æq†¿Ÿ?Žj
õS¨˜tBPºbëô b¶µ^å5´6NËn�šÝ‹šÑ4¸
+&Áu0èACq(Ó7[),YbA¥Öe!˜gr3‘Q%¯ry–ïe_pJÔéUH·Zöp¶÷
+ˆ)礆˜ÝKYE¿·¤¨“L(¶O¨¡8R¡ž8té+•™eeŠªŒ$Ñ,®87T®Ýâ{ºƒ¼Šeð7”3벨4Vgê’uœÀ�ƒ]èlÙNž²2ƒ1=f3â4%Ü¡4v£Y·:mÌ”�Æ4;†Þëº
TõÒ=•¬ÓÙ	y•�ìñR;ŠTe[�}Ì/ B^×=}·¸h®Ö›àBApA+½ûõ±{ñx¹’hŒ¦<9‹Áp1ÍèáþîÝñíãïô›ÞV…Zo,=v£ÇK-³>~-zôPæt¯¢BûPfJ9 ­ùuA7¨ÚG¶`è#T>Þ(â“C'n?ÜÜŸÒ±möäÆ
–2"W‘c/ëj±–\´ã“ü}p;¯_F3¼Î'4»ž{Ùÿpsÿþ†>ú^ @Ô¨d#û–è7ú×C~CìÖE+i,qµÁoC–Îñt6fWc¼PòÑáŒ�ÿ±êüÕùz’Šþendstream
+endobj
+1601 0 obj<</Type/Page/Parent 1372 0 R/Contents 1602 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1602 0 obj<</Filter/FlateDecode/Length 759       >>stream
+x
µWÛn›@}ç+Fr’sñ»�ŽÚHQÕ6•Qž"YkX̦À’½(õßwNˆã˲ÞÙ³gÏÎÌÎ<Z¸øñ`6‚±af¹¶_'ö&ó>Žð+(ÄÖU`9×8AŒü9>D€Æ®Ax‘ò
Ë
€h• ý£f‚Føîh)œ”­IC-˜Ú:ÉVO,_³<²%¿,†žkÏï˜/7ËE‰¥sö�l”Ø®b&¤ZDJø<tÄHº2;ê‚?h­'*IJE¤Žc2š«SéÓ(".•Ü�Ø»GÕ ¾¥q¹-A¤v|R‚0g%,d‚>ÛÅ‹iŽˆÍUBE�øq/x
sV	°C®ÑQ3’“
ÍÐg�sûÕÄgÛ,Õüh¨àÊíJ¦h	v(¥ìƒ§TŹÍñ™†opl@÷ÎßÂ|ÓÝûÑ¡qû>u8ºKÕ½éÐ8k?:´ázñ‡ƒ =ë0€%•’ñ¼{(Õ´d5ñn:€[¼Ÿ¸ˆºóÔÄÌÍZNmù‰1þ
+®µÑ×pÇÃ1Rµj/‹�.XG"OR
+b.àk*¸„»iYï`†d!Qæ ï/tòÌ$MP´¤�õýå±Eª«¾dσGRÊwøÿëé¡Ú¤½ÒóR¤_ä:ŸT¹ùÜ+W9r›{•®�ºßVºfÛ#VíÕ}ðjÂ÷$°Vemöì\OÀóv½Àpä›ÚýH*9�(ÂÊŸ´æ@Êr
+$VX
aIû`7‚Á²¡
+‹€Ç@òœoY¾�ˆëuJ¡<+”4ÑW>Æ­7$íj`äÛ3ð‹?a"Á Ýr-`I²5AäÈ0ƒ�ç9
•YC%‚ëM²³"E‘ÖÁ¬RÎ5Æ1Ûhs=`“cècc›ËU�ëy¥…çcË4ƒï––‹ŸW¸ü
—‚o<Ô&1”™Â°ÖæÙkº©obOí±

ò6Ì‚%üÖe6ñç¶?aóeLÝ™�øX¬ÿÑ_endstream
+endobj
+1603 0 obj<</Type/Page/Parent 1372 0 R/Contents 1604 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1604 0 obj<</Filter/FlateDecode/Length 986       >>stream
+x
uUKsâF¾ó+ú¸©-87/Ž«\»ˆQ*9ä2Ìbv¥í<`ýïóµ„b¢�2Šyt÷÷Ò÷ÑŒ¦ø›Ñ*§ù’d=šfSZ¬YŽ÷¾çø÷šíÂ|�gËá—bôùéžf+*¸k¹žQ¡÷L§TÈO³E¶ÌèWS›(¢q6üT|Å�Í°�Lò.-Ô§?ŒÝ«è(	²©ÞkOî@ÕÇY2–L$“÷ÚFtVi´¢“ö
—S<ŠHgMG×hŠŽ¤«5<¤˜¼æò(:›cD½Ü~æß
Á$_f‹ënÌ?Õªwroâ$L%öPq5¦³éǘv®û†x~{þ“ЄÇж¤ð¢®Ã˜D�.•Gjœ�-WÍpøS’	Rû(·Ð¸:Èè	-„$/÷ñÈ{ôPxyÌPxý=œæF7ƒé+³÷Âc®C»…/uüOu¾5¤†;n·½
+ºÓþd$>Ï&¢<ϼ­RY20ƒ*	µm4²½8•*zL2*Ž
¯½UŒVíxZW×`bxÝíºû^¨}3ƒ2ÛKúýÀŸ´U·Œw|~’­MVÄy—gk&ø¯|¹¢nC/Æv}²lÕX®Z4
ú	ŒÔ©ÜÍôöü“¶”QmïÖElW—Λx¬1nÅj
0J7h×°@‡è8¯À8¦:
€L–«BÒ)@ÓzKïRU
“ µ¥ý;�;«dôÌUß™se#SŠ8—¬üÕ®GòF]�ÑOK¦ÃÁ@áÒY–“[–,4_w<²3œ÷©‰è}*¢wïZÝ„½÷ÕÿÂ>¿ïb`Óyбb/“ÒÜ×­pH9ˆ‡ñŽâó
+)]Bô¾ ³óßB8-•+|SÑ÷Ü´‘m2¡ Òã‚çž¡p›üŠü––ñ
Poal
¶†’;Þ>nø«f¤¤¾‰E>WXô
:É×Ùìž&‹K(">Wmœ•Uâ„û·`¯Ò“õÚƒÕ¥
7	é k¸-ôÝÛü†Çæ¥ÛvEtY5t\Óx×x#¢¦#½îém»!Ö~@’ŸØ•;·zfXpàd`“ E�`£.9%ÁlöqÍ惪ÊÕ !:#vCsšpævg1ì£Áª×*µ,³Ó¡5ä£4º”. øä“mÕ.¨6?ôpàÖñìh¤€Õ‘Uv!x}ɘÙOÍõœæ³»Nλ‡—/´õî«–‘�L5²°�—çšô&«é=ÇÒÍçåb¹Î–w9ž–¼cºæ“¿£ßFõ#z4endstream
+endobj
+1605 0 obj<</Type/Page/Parent 1372 0 R/Contents 1606 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1606 0 obj<</Filter/FlateDecode/Length 1603      >>stream
+x
�WMSãF½ó+º¸UF؆vo°›­â³)œÊ!¤R#idMVšQf$¼þ÷yÝ#	#ï&)
+0h¦?^¿~ÝúûhAs|-èfI—×”ÕGódNW·×É5~Þàóß^S!ó›ävúà~}tñù=-ç´.`ëúæ–Ö9ÁÎÿÉN?–ªiµ§Å»„êÆ»�SêÝ6»!c)¨:Ugë¿ÄÊâ&Z9¿¼J–°sŠk‹„_´1zK®ïÆ+W´XôW–7ˆWž~¾'«Û­ó_Ù»4¹¤¨ÖY©¬	5¥;Ú–&+)«Œ¶m LYRY¦Ÿ«LhÙU­²ÒX\E˜j°9#‰vNç‹Ëcp癪*äu,‰i1pœÐº4!Ëœm•±áÕd[ª– õZå;jÀ©0•&eó纱-Αə¶Ôž3ßs?F¹5-Â%bå:„ßRî`Àº©dU—ë×@"ˆÄž´”uÚjG*Eˆ*w"kUø’‰ó5œí%MH¸ÔêÅÀB¸Ò°TUÄ5é¡N裳…Ùt^µÆYÆ™ŸŽ”(U TkË…C5NeT¸iÖÁÕšž˜;ìȇüÚ!3æ¹ËºyÑ.¯“+¦ÆýÀ»­AP«Ç51KÈdÌy\ÕIT…w5­t{ÿðø$þ‡/¤òÇÐ!-:›ñ¥	4™–°Lè× 9OE¿=¬ž<*³)�Ž¹ñæ�+ƒ_Àu/\‚yf‚?Ÿí5q<†˜D(Ú
æj×jxß04C9„U)“sôÀXüÙî
²x®ê$„å6aØR=ñÙwY,¸Ý‘c¢¢á8�à'ðJ]X5öû]*„~_&4Ö)tMã<³v_'¾×ôÂë¶Tt í/‚J}ɹzªŠð„áH$©­ÓœÛŽ	¬ªàˆ;Ö;éjpØ5Œ
Á$o®S¨ÓNjػϧA¿þïùôÝóÙóÙ”ˆ‘¸Qt ":"2ôR­‹&Ði˜£ïºFd�*5•iwò\ô“«8`•»š«Y¹
"ž„ˆ̛’‡L/õ¢LÅÝžÐÿôøóÝÃ*i¿µb½v�¨}€	oüKf£ÊúôúK}bR•Ã{ÉŒ´ÂAº¤W3”B�½,Í�¸;'™U‡ðq¹¸�`
‚…5|hA¶†±òyMŒl¿;¤
_XY «h
(A©w÷µB5ó‡;вé+/>¿éoÖýí	-%ݹÎ�¡fo…bŠðŠ»XÀÁ=
+¥ëª\š2è¶WDd�Æ€ßÂ>å“XaÁ³J£2§D_­é“ë�“ñÖqDuÇÓÓ¢	5Æ6•
+Ø9«ÚLÐàÈHðÙU¯7ÊçOeˆÈ¶ÔˆÓ÷ ®Ö³>[n’QrD·pømâ‘K¡_X¤Hýh�"üû+Ä¢ܧÀ“{œçC:vOÌg”v(µT›§¬Õ¼J(/ƒ=4:3…áA¦âPùÀpMçڞфVë»'YM¼eÞœ‹±á˜oˆµâÌ•ô»H£¶/Æ;ËÒ?
åÄ`â¹ãÁœázü�»\bæ(SfttÞŒ¶L5Q¢ŒÒ_+ÇtIòØúdqJr‘ÿˆ²�Ü�à�iI׎6h�a°^Êèçl¬Žs×wv4Ø…NU±ª¢?Ù!ó㑳Çýp8œ
ã\€³~œ€ÃhÿñnOà”ç?tEQ£0ì\1�>Ž™KÜ­²ò`Î
žc[ÇC}áá2
ºÂhB“ŒÉsÅÁRî¥Ð¥Ø•Q#¦î„²%=G!ËšT
€äbý¤³Ú	5�o6¤ðb–#ͬÃyf$Ó²¬=ÜÎøâÄ©þ¦êfFÇýÎ2Ø9Žòú:^±ÆbQT-ˆýh£¸LèK\&÷v*ö{ñù;«ÄCA¼\"YÈ/y¼Y»¥Ò5:îœ
+¦lÆÑ/L)uÕˆ¶^e_a`Wò~�ňƒ*(ÊuÚm&¹WLµ %]
+¬<Tú×Þ†ÑNw<WQ¾~pýÚ>lòþ"Å€à€öØuZÌñ8œtœì5C9mKyùèßeâ Lr·è‹Ï·¯¯Z—óøæóÿ_î®®o“ëwK¼ òKÝü=gþÓúè—£à6Ðåendstream
+endobj
+1607 0 obj<</Type/Page/Parent 1372 0 R/Contents 1608 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1608 0 obj<</Filter/FlateDecode/Length 1738      >>stream
+x
­WÛnÛF}÷WŒU‰eù–—· ~ˆëÚjó" X‘Kic’Ëp—øã{fHÊ7EQÆ
xÙÝ™9sæÌèëAHcüélBǧeã`L'ãipJÓó3ÜOð¿Ô”ȇÉô;®fG§†4KpÖéùÍbÂ9ã1Í¢Á½õšüJy2	O±Õ.ÿÙÓƖϔؒ¶¶b�ÎùŽÜÊViLΛ4¥…&µH±Ý’ß|Œ&§Ëµ.)W>:šãzº}üóö‘Lþnöå`L£ð8˜À‡AbR�©\-±^¬`_ç�*�©û¹1W¤j+†Rã<Ù„ÔZ™TÜp+Uj4V&§Á”­<YxRh[ÀÑÄàÜEi7ÎäKJ°Ñ!ˆHUNœß"zŽ}¥Öu0ËÔ.TJ‡ËJØŠ"[åþ1zŽYÑZ¥&nß·†Ûðu¦³…Ät›»‡ëŸ(²y®#olŽwøÀq8ù\ûOƱ‚žØ
+~U9É@VÁñ°µ/«zØ6¾¶>µ`\¦Îâ<J­`×ÀØh©½gPÆ{äzQƒ\”	Îgo-![[*T‰ä"KŽ$��2|‰
+ÜÆÒ<[Ä=LŽük?	h¶B”¾4Ñ3‡,s8ÄYp…Š4'Åo4Ü`Ôl!`±
~Ü™§ù@/?Ð(žàh絊Ùö(¦ÉüÝ°g^6¿ZásFW‚ëè¾1àº×yrƒØê8ˆÁÉíl))³xHͳN
�EÜe‰TâAˆ…ú({vÁ5GŠÉ÷
€”•ŠcÕ
ÉY¸ŽSñ‹70É4̵ŽuÜOáŒ!Áº©ZR› &“ÂF”™…E«^]hÍÂ�L¹gBuß=Pã
'bSZP`>p…ŽLbt?‹ãW’„CÃešp®Û!—-$ÁówŒÃÑÇ
+¡6,;£ãi]ŽáI0
読A•Ö9rÕN¹z׫X�&gP:ñçÖp©S
¤8;O*[(
+ƒ‹ <›TZ¬T(0«…]ëù»fÁ
+*´`.UE¬¼‰,DFrƒW…-®^öJ]¤&RB?áàüsÁî9NC¬JùE6F‘òš¼®.Xqp×N¨he´�Ù‰V«R®‘‰X»¨4Ðc²Ç¬?\A‰V¾%«‚y›$Ñ Žç\Ì»cÛòŸñ^½ˆPe—Óìúá|hr
´œEŠ4Wm(m% ›kÑ,ò¸#[I_ª$1’ÂMD$Œƒ€ß¬€È(äÚñùîþ	†¸ƒ°Fì½â;þ諸5Ýku÷Û“4÷Mɧ©Ý°¢uW1zÊíܥu‚ñýL”
Æ–·*`ÊN_+]n™t¨©¾—FhÛékHŒ³6jw`ûãæ
â=#nè¦P.<>c�z‡BfA�à3%ÐÁzŽWuM£^û sѳï:QUê¡óèÑÿ2úÖglßåü*m&ÞIüŒHëZÏ´ð5Ó@ËáE³L:'¶æmxj`©ïLPB›6ý–§QÞî~…
,wõ=ìHà"zG�¯.ƒš¥-ùÛ~<,¥˜eÏžq:D£wÚ^ÃØ:4d×áΖ>c–À A'ÃÝýý¬ÏBd­Ö©šÕ®æþnÀèpäÚÏïÒ¬¹
+=2Î+ˆÿë5êSêcÈê�—h¼•J{¨p“5Ë
+åÊcÆ|Àä�¿'¢I¸ƒ£ˆI翺Í6ÕÿPÚB—J6$hpƒ‘VTPÄ|ž„Õ³Û;²m2ÊI“–€±¬n	a§%„
ý
+uãñ“º©ÅŠ%Nü»ó,Z7ˆëNyÝ‚èO'µŒ£c•GzÈ3˜W&B£Rφ™]ó3DÎCÄïxÆ™Õ3rðÉ°G6ñ½pä»Ä|¸Õ
+Ã2…!JÊEä_
+¡y.8Ó�ªžèj^¤jÉý	õs&O«èÿ
+>60DÙøUÏ4KFÝú Ò‡
ÑØŒ*¤¿�Ro@Éã|KÀ²#{ظÆ$d˜ªm _­ÛPËëèC�“1]4‰�4½ž~|Í7Ÿ®êq�tœs6÷ö݇]Ö/pwÕ~Âýus�Û›ÎëÛªïF/íJêÞvï;+èåͳFÿízó¼=w¹_}Ý»{Û«÷ðêýÞÚ7dé›î¼<†ÀäQÚ<~~s5_&øðò8ùœþ7�öúÆŸÞ‹·’c|ÙûÎÕ¼=~}%Ç}<o~=‡§øÉ}~ŒßÐíoËËOW—ÉüÂCÂ��ªã—¨.#;j7ŒÎƨ�xðÃáwzzœžL00óêp̧ÜÎ~?ø�ùÔøendstream
+endobj
+1609 0 obj<</Type/Page/Parent 1372 0 R/Contents 1610 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1610 0 obj<</Filter/FlateDecode/Length 1764      >>stream
+x
}X]OãF}çWÜ7@"Þ8aYZU•X*Ô(°Ú¤ÕÄž�Yë“RõÇ÷Üùpœ!¬‘œÄž¹ŸçÞ{†{9
ñ—Ó§�O¨XíMï÷>\éº_àÅÉ)¾”4̆Ã!ÝDƒw/ò×»ï{/ï¿ï
i�³Sˆ‡ÔÿÜÞþ=<
+Bñá_ö¿lñÓTælômB„ûÔÝÏ°?Îñ¯Ù˜WàÂ,
+ßx¡»ðôœR©ñeïóáàëåìîá�—~¸8¦<÷±ŒNع3]e¬ªI/hL¦�×Òz8È�htDã‡C*t]ËÂÊ’æ¯dךÝZÙð¢[¬ºaÍ€ìRI¥¦Z[zÆмѢ,„±&£;'—òhñ8±ú¥0ô‘V¢XªZÒ5){Œ ñëãîu÷bœ¼ÈhbL»’´Ð
ÛA+½’µÅWaIT•·-QÝ)�dê±mà£Õ4—¤j'ÈH]ëæé>?ÃaÖ`Ôê¹R…²
+&ñ$3ºò>Ð,ÿvÆ~ø@»Ê$Š{ºàÞ¹^	(»B˜dCÓF¯
>”ÌZ+˜_èªV:‹T¬ 
+I3�¿�…[–O‰jeúžB;cƒ ð:E]Æ`‘F›.ðô6D�|„Xƒ…ª¡™´ÓËë;ª/£í2Õl³ðdt’sê'&jƒ;[ɘkÍ`kŸ�HVžF�«+$àÏÇ"
ô\‰BrØ%ÒÀHfØe#ebGÀw‡‘ Ýçn­ ­—À#_¥Éc”ÇËUaòjLƒD)ŒI}|ªõº&d Ò…¨à¿fçY2"û,«Š¶À�«¡Ì›É¥! ¡|µ�ŒØD+̪¹®±�£±KQßO^À
"FZŸïgšÈëQ'4¥9Ú¤ÖWã›bÓ‹`d–¢ac‹ªpðßAà
Jn¼&N22�ÞìãEdtÿ·PB‘:5²�êÅ’Õiæ(—ô$%’èÆÝ”mQ„ŽÃÑŽ�B8;óDôŽ-îaÞíå ú>Qs�Ž¥zD¸¥]è&1Á²´X	8úØïyÑ
+øð^Øc¸�vÕØÕ¡	ú 
+�Ýñf$ÊÙþ0Ñ×`À‘Ûþöœ±a%»�ÖhT)¹
ï‹Ö.u£¬°Èʾ«ÿÐÊC—Q6±'dÐЋ
î]CÈ¡c.Ñ"Ã"FY‘µmïÁ…彑˜(_µHæ&`npDÏ~V�Œ.»l]öíÛrd¹ïP·�¶¬JÌ+ ‘F·M!cÄó0B¯zÃÓ·íX{�ë‹fgíR4è sLsZ/?gB%¡÷ôÀg0r_ÒfÊ“~ÎÁ+bo«WÊÈ"®ø�;Îj­ëÁvf£?Ý\à*Bžžµr#<‚/Œ¼Jë'nMÌDLBLJ_õ¬¤Wx†^u‹ÉÝV%ÅóšØ—’äÕR=.çºYj]’Z¸½¬c#º"Ê@ô[qÌlƒ}Œg�ÁË2{ät0:öƒîÎSŸ
'›úF>Ñ_¨£hPàœž�n¶l[<çɯ'ßlrTdó“çÆÓ,ÿ6u÷3w?w÷ÏAÖ(Ï-ô²F›Íž©nýfYà¯îβ6tc[ʸ·‹IkïbŽ‹� ¸îÎR°Âò
U��xH;Tw‰]Á7sßëŒÄÜe:Bnº:ÇWê¢h4詨_c—
[S(Îôšä?bnù܈™Í€0žð$FS
åtÜÙë!Æ“§1"ÎU?õcC=û¢±Òd^ëbÙèZýƒîõêÑq¬Œ.-7¦¥«°ó­l^C
o‘»‡Îˆz`ty“èe‰ƒ°£…Ø•N‡óiÖ£wôõúöÏ?n¯¿ÜüžO}•y­ˆÈýY

ÕSˆD×6ÝA
3TaG§p‹—nâ�0²OÓl]× €§L®ü,�NFøL¢R­¬*G\ËP¸•ìÌ$â—8ãÁƒÓ
+âod]røE ô“ºÖ-ìrÇ‘gQ<�ZÁ
A_ÎoÐáKùø�…_¸lB/Λ¼{2Í-hžRŸ
’5!9wŽÁ®ÛÕl ªBV¼WìÊN"ç ƒYzWDþ,ày<ž»P&»‰‘‘‹7/ý&‰j7�yÉ•ã·»¢
¦Xʲ­ã”am
€’k$Ž9‹Ú`©mpG—\ô„ÆÉ‚&sÃ^$�hÀ˜(5ê™÷÷ê)=¤¹1S)-~eï?\œ†“s~ò)žŽñ¿w€½›\M'tÓèï€s�c(ø8[ËûqùàÓ�ÿWq�ÌŽ3ÌsÙó­(ôÞq|rš�|ῼ:wæÏ÷{ïý‡šcWendstream
+endobj
+1611 0 obj<</Type/Page/Parent 1372 0 R/Contents 1612 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1612 0 obj<</Filter/FlateDecode/Length 913       >>stream
+x
íWKoÛ0¾çWð˜±ëGêf»åÑž¶bÃìR P¥ÖšH›$'è~ýHÉŽR#ÃÖî2`u™VLò£D}¤¿÷RHð—ÂUy
å®7]ô.nx‹
þQŒQXC'I‹²ÿ¹^In!\S­†Ãf,×8ý^;X|í%¥I<Få~ä® ~¢qž¤ŽŽ÷“¥Ût9Oø<Ò8uãÌ�s7^¡cíTñ¬|›-'wý7w4�-§AœqîÄÆr–ÆÅæqfÁ(©‡'ĉ–½Q7Îl96>Œ¶E‚!ñˆ/]z|h?]^ÿjÀÝæËyxB¨¹ƒš»%Í—ßèÌõžka+`à
ÛÐæÛŠï€iRɈնRZXfÅgØŽ›˜L]ÜŒ M}rE™[ÉEUaà›ÒBmÈüV©!ïAH2+4`Ö”~À»¸¯VJWJ­AI0.!
f°Ò�!¬íçÀðŽš({¼øêJÙjØ®|g´ÞÛÑä�Kv”Ü>:cC‘:´Þ]`˜ðY�Èè‚übĨû½æ²ä 6À÷\Zƒ˜˜U–µækØ f—0Rü¤qsäo«J¶…�?W+wÊtòN w}Ú¬»A_*.AX0�²¬´’â7à
ÀOg³wäc­vW¸ãMQº
ÈÈ=Ç÷iáN³ãÃÒ]„EL‡Àä52C˜Îb˜¸Dq‰W1s
+qí3
+=Ïœò^”,¢Lcä¹ãòI4”*ØoòëÈ]Q6òûñß“Ö1ëF>=õge¢‚–d�‚xäJ6"Ìfgþ;>l‹ÛÙå;�tg©)-LÝÏß°°™Ï[6>ÏçHñ^0µ\!a
›"rB=Bë¡”{eCXÕk™…¼Kð7B¢óÇ¡#ųDMÌîíaQBB¥¦bЀ@^vOÄëŠèoˆxv<ciS³�«sš—ËŠC±ÆPÁôõRŽ¡�
+‘cUä\Ø©±56¬Í±‰
‰5 ¬„D§®ùNí±>QU}ìçÿj³ÁXöv�ŽdïhoN:ÉW6ƾÏi›µ¯l>N)ó¬ü—%é¥}ï+Ï·}û¸éÛÓâ*NÆ9Åeó
4ù0�ÀG­¾òÒÂ\•õé%)Ó£V!ºJèc²Ÿ^Æ£¦ÔÒc±R+ƒ½ oäIcTŒãâ2ÃÏOz;ÍhîzÑûÔû	ù¿ºendstream
+endobj
+1613 0 obj<</Type/Page/Parent 1372 0 R/Contents 1614 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1614 0 obj<</Filter/FlateDecode/Length 1572      >>stream
+x
�W]OãF}ϯ¸âe©„MH€ª‹Ë"ñ°YZ¢VUÕ‡‰=Žg×ö¤3cØô×÷ÜñL⪮*”„Øžûqî=çÞü5šÐº˜ÒÙœ²z4NÇ4;›àýüòïS¼Œ¤bt»�ÞŸÓdBËGæ—´Ì	��Ç´ÌŽŸ¶MVݨ¿…Sº±´’îEʆ\))×µP
ÕÂ:iheô‹Å§hrªt&ªÁ
K/ªª(Ó�SM+ÉiÒYÖšZµî‡å—ј’ÉY:…ÿcW*K¶Ôm•Ã#	‚‘oñ!œ$«\ëÃIñé<=çcI…ÈÝrL¿LHã}J…P•õAºªô‹jÖ]8>„Ù€J¢¡…¨¥%] ÚzÖð¥!)²ÎsÉwÕˆ,“ÖªU%©
2Ú|¥Âˆu-òEøŒ’ÃKæT aÙVÑË¥ª
�“ö¦½‡h´‘j]®tkJ­
¯²Îúä.‚6I‰
ãÊ.�çd½A(À72sü/b·ƒè÷‰ú*1^¾0]£ÑŽ+bd­Ÿ9£kvšoÆ÷Ä=}7
+©›Ì{DÑYëá=ûà~{X<ïY¢•”emª­ï®2îêóÅTîu¸im»èÈ}K­å6é.$Êê
+͇~4ZäzžÒÝ>|~¢ð<Ð2IRZ¢7dQmK4³ªV•0dPyW
+Î|ñ®B”/Ýí²Ú:vçYØéýM@×õžQ2§—L‚É,�¥ô$h¶¦v[=ˆ8€>á“éE:çc;âzõJ g³ËôÁyÕä 7-–°Ë@ïn×ÂÃl¥óž�nß�ÐÀÜ᪷:È>ú@¾žä½0i«[ª[€,òÜ—yÏ[½a”C“­W)Z
¡Pj¾ð­¬>Š]x†÷z4Ðë�u¥W¢²âDæ­Fw’ï°šíÄqG+Èä©Ýl´qôž¶Ò·Ò!¬A’~…vxáD•;d7F>+ÝzNNÒ«%,çˆæÞƒ^båÊe!ÚʳæS#’R<C›-é*ÇS(E´>À¶ó8pÊì´	ô`auPô5bÛõZBZso»Ý¬�€¸¡!..þ
+<?ñm€`-\n©’Üÿ\Y\xÞçCïýŽ‹" üxª*ÒÉ*›úS×p¬š®¤£Cì�ÿñ㣎÷_¥ä†g�d^±Û>K-hºÆ=i�³w„ êȃ'4X²a²hXÎ�ßQ™0­4ëÏçÅG8áVñ¤IéNÓâó2âö’½Dk
a�~4¬”ƒ »â¯á^Ä90²Ó…W¼fúö�ÑH …b†Ü¸vTU™¤wd×h‹å ”\g-OC?¯=’¹Ä,¬ÐÒ�Yî°§/Þp'2Ðzdgä¦R�}Dà'°F�zÔ¶›ãŒÄÀkÄ…Ï@ZBà ½ð½’ß‚¬“lžØÀ!¦tcé“ÊŒ¶ºpp\´èWXˆ9„Ž�Ö·£�Î46�®ˆŸç%–ûèpéLm8�N‚à¡g�‰î)ºÑa«BU´®íê
Exõ¾’ëΥǯg‘bL ž—jo"~Ãx)6Ì2вßN‡3`à.‹[Y@õUË`�ë¥ì™Àüߔ‘-^θŸŽ^ÜK@O²÷ºÇCÞ,š�‰ï%b[ñ¶ÊB­�`§t~°ÈÆî!…NDaê‰h˜(Ø	üv‡qþ
+��í¨(<´°ø
ÒëúŽ.ÒD)7{!R¨ò`òžð@«âèÁ8Ž³íáqç/tËÑ£Qµ€N÷Øt{ëtX]�>`7ºØ|�¬’k¨g›\?ÆŽN®—“냹•^[Ž12øjÆ£"~[,ýà$y³kÁL¿Npázi„{¨½±ð„fvòÙ0Ç÷c<h\Yòª`Éï§÷ÿ:ß»ÐÞÓµßï�Ö>ŸØà›óþÚ$ß<Â5¿N8d,�áî·D?ÙXYøÄšÚóëÛþôþ2¬$“9~Ë]žÑ|~Þí~O7ŸnoEû›þ]_{9â$H.ÆWß·+žÏ/ÓùlŠŸ†¼ZNÎØÌÇåèçÑ?
+¤ïendstream
+endobj
+1615 0 obj<</Type/Page/Parent 1372 0 R/Contents 1616 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1616 0 obj<</Filter/FlateDecode/Length 1416      >>stream
+x
ÍWËnÛFÝë+.¼©ÈŒ$[²\4âæ
£ˆ“Æ²hº‘C‰	9£Ì�Qõ÷=w”ÄH)²jmøÉ™û<çÜË/ƒ1�ð9¦ë	]Î(«£dDÓùe2§«ù5~ŸàËH*·éàÉË+�)-pe6¿¦4'�(ÍÎïu#©Y‰ßJKU©$½~ÿ�Òý›”n_ÐË”J…‡’l½H2­
+*ÊJ’.Ü?D½d¥ù*
‰¬)Õ’„u�>ÜÝ?„'�ÒOƒ]Œ/“	¼Ÿ—�•U‘Ð]A[ÝâLCݬܭ3>ûäå4D|¾)•%Û®×Ú4ô”¶Òú1¥ó3Òë¦ÔŠ„Ê¿cÁGø”~U¢–¿œ²�<©z‘÷"Þ”UE…(+j4ÙF˜&	'&³äŠsJWõøj6šÖÚÚr�2ÙL*aJm©Ð†3uj×”AbÅÙ½±(]B0ƒúÛP.øÑãwz
FÄ… ØÜhó™Ð.QÜ”¥Êá„n¦CòMãzÅÿÞ§T‹l…îsï€NDé†-å²52G[{>×(ã@ì›y®kxô‰X‰ëù¿eÒeϱ‡ÈC!þž_ë½Xׄ'/ohT3¼/.¯|;ÆÓd–Ðîv·¡ÄŒfüæÝï¯Þ½yÿ–Mïóãbr�Ì\?ÑgtæT§NÖ¹+#üà2à²�=ŸCWY¡N¥åH¡$JÎ`óAhðò€kÞ0óÒׂ^Û€ƒ.OüüxŽöíSì~R?îye”`Ö
+zkÊZ˜m´ùðctUI3$Q5+Ý.W.E]眅�:­+±µžÑ¸,íÇG=ÇüÈ£'$Pû’‘âEŽ¼—‡ô8‘Ð(Û€NF×TéLT@®Ë<\´®5 «ËÌñ«\‡ð•øŠ¤#ì‰Á\fåZ8‚Éc-�n×	 ÎéïhDLô€°•;ì‡xzéÆ´$hi¿Ñm•3>„BºšÍ©ó9¤V	Ö‡>´�ž}Žøª‰Ry�ž60ÓóËUXi¥²¡ÜQ†¢ÏúZ|†•¦�¤±�‰]˜}!¼c%ÞŒ¤úZ­j©xÆÈÃ"uîë’Ç•8@9PçEjäNhUm{	â÷äxVkT§+(±ôŠ©�yµ3ìùdRr.Щ1¡–qÜü¹¬ôBT�½‰�µ0-GèÏlu7ê ^q˜qdêí�MOÖÔ°À—¨,’‘…4xÚr™9øcäqS
+ã™ôFí`…øMŽJ6ºW4r»Ã©¢Ø¸@üPUFt$}$�Âljâð~1ÂþƒYOdØUñÈÁP°/hÉ÷c–WHºÂ62›úÆeĵ%l'Y‹®
¢ùíÒ4¤ÒïGF~iK#ûD»—7C¿@ùFƒâÔhæ·“™ˆ:/‚q`��
+æÎfà+V7�ÿƒšEÑå{�guÄJè´h·CP@ó9X®H@hKn™Š›ÇÍ4c1³º!ûЫFªþ&1\‚}F.4榑².prHÀyÙüdÝxµ-tVÐRëœÊ\
+VÑ–M²a7‘4î+®ìW —u¬ÇuÕðƒôçÚ•;ô×é‡k	�Ùèo-�½
8„®pC¶
±Æ˜
àÅCšß+6«Íüv´¹Ý
+ÇZGJŸ.)Î�í÷öŒg>&oM‚u܆Ù¤|—n›¡³¾hœQ&€°þæ·	8”1Ú"†dg”–ß(°-v¯0Qcöcèb„«{˜Tnè‹Ë¦Ö@BŒ'·:ôýÆåyÞ´Æ3¼7Î/i†wJhèó׷ϰêOû`ÖòÇv¤ÝÞz�_\� Ôùù�,ÜW³y2›N°¯óÅñþ"ü1ø�¥É¡endstream
+endobj
+1617 0 obj<</Type/Page/Parent 1372 0 R/Contents 1618 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1618 0 obj<</Filter/FlateDecode/Length 1347      >>stream
+x
½WËRãFÝó7^AÕXã~�ʤÊf ñCÆJ±Y´¤HjG-áñßçÜî–‘…™"›@
¶Õ}Ÿçœ{ùç¤O=|÷i2 á˜Âì¤çõht1ôÎé|:Áë
~
+I±y0NÞ>˜û'Ÿ¯Ï©ß'?†­ñtB~D°Óë‘ž.bÚ©ŠÖâE’ÈiéS&Âu’KR9•kIº
+rYâ¥(ÍÉm¢×T*
+¤yœªP¤¸£KYPP¨­Æ_ÜËÍá&£D‹ •gþÓI�ºý¡7@§+‘‚âBe°ª,ÉIÐQkÁŽ´,K>Á
Å*MÕ–ß©M™¨\Sb#ýë1U�HÿÆé��ŠùB˱Î/TyLq’Jú™Ÿ~¾îÑ…-OwpŽ">r_‘Ê컿P®j{=oÚ<xúÎm
+Ë¢�Ñl*M©|‘)}¡ž
ô‚úè7²;4qöGÞÄ£•«Oµ¡9÷€«ƒ¨}½½™-–öî+ºƒ‰7æà]÷ $¢ˆoÙ¾ ‰/²ÐÜgA÷IÁ&c㫭ƾ¿Y¥K”¤äœ‹ƒû$4‰º\®ï‡õt€ñh¾£HÆ¢JËO‡ïŠ$Å®ö|©ò²²Xœ �(™¤îR­Ž4Ý�jÁ”-\ómø͹'ùŸ¡š¶IšÒR<S·S+äc˜G�€Ik¿•jËÛR–óÅíŠL¨§¶3¿öç¿<œÁU¹¦ûÅr…®Áªˆvéîë¥çÌƙ׈ڒR“‚s“ƒe€m�íˆå^rd�æÁ–!e&¡¸_‡ÝF»Š˜j¬Ñ+I #�|…¢=?Æðö€µ20N8¬÷HÜrý¥é"ñNê: Û�°øýÃ
�Gl°)ÈÝA“‰µºZ=>,iœ<®mõdêÎàÆ	6Ðà›¹àd›µ½î7×½£ö9B�éÐF¸Æ"ÎC_ñÂ<Ñ–›Êâ	c‹,ëe°±IUD8­ÝÇa8eÙÃÒ.?„*PÖvÄZTT9Ø#Æz¦ðI$
êÔ¥ˆ(´´Îk©ï\ß~»\,£Õìf>#ÿ–æWuë\¢þïWt3[ùWß:9H±M¬æ(lÐæ0-/“YÀ̷󅜤¡ú‚á¨iå„‹Å7t…_&=.K+0‘nÅNó@uyóÉ7óÓaÁLÌR<s?г’e¾&W
PR†Á�‰¼Ÿ­-§GÙÙ˜´ï”þ%Gû½0·òåªÕ¨‡JÁ£“ŽÐŸ6xtlZûˆSœ�K¤Íšñº®X·o9èæáýšƬÕõΡ†wxÄŠ²À¾‚	Žz�	uÙµ
+¥ÖT™ù‹®ˆ(Äb
+]a§ÚŸkub#Âg¨¢ÓmôŽòŠñÅðÚ³Óh�ÀÆÞ9Þc!C�BÉ<”ôp$Bc–Z+Le½VUÙÅÎ.H-¿uØÍáë@Viä/Ú±4Ý0²ÊuÅ“‚ÕF̪ðÄÛ€T…ßùŽ‡‘Lµ|‡f[‘—ÎÚƒ}®i‹ño¬Õóºeõ¨CvËsËÃ?`ÉC%Q<[ÃÚw½u.JTЬ&àžGš^a—Úšr™Q–”&fók~ŠéĜڹ©«w˜Ôê.¿‡rSÖŸ2àZ•¶'õOgîAÍ…ëq�Ú=hEHôø>¾ÇjŒ²C“.FŸ(@yyåZú³•G3ó·Ö ‘[�L�„·¢êªÔaøPñL|O²*{å�>¹i5u4î�ñ?ÇtHã±Y}­ÖÞê	ã;PXeËïÞì³[ïNzX¯£Óïªçã©7
°åò­¾‰âÊ?ùãä_´{% endstream
+endobj
+1619 0 obj<</Type/Page/Parent 1372 0 R/Contents 1620 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1620 0 obj<</Filter/FlateDecode/Length 1591      >>stream
+x
�WMoÛF½ûWt©HŒ$˲] m�ÓÂ*Œ¹¬È•´	¹ËrIú÷}3»”IJ.Ú"‰cQÜùzoÞÌþu1£)þÌèfNWKJ‹‹i2¥ÅÝ,YÐâö¿Ïñ¯Ò´	_,“åðùÃêâã§Íf´ÚÀÔòö†VÁÌtJ«ôòqC×Ð^Ùš¼*ÖŠjGW¥š”%�ë´6ÎþúZUuSŽ©Þi|Ò5ÿB£²Ò]U:£BùZW#Úæn­rr¥œ4x·X'©³˜þ°úv1¥Éì*™#ŒËÑAûQBÏâxoò<ß©W¸'Ÿ›í®&•½":µÕä^uEn+*]­mmà'¸¥uåö^WΠ&ÖÕtŒnàxp(¡?¼ÆIã©T•*4¡½©w”ÂÒ˜”'
+%¡Õ{G;çkO_/÷;-
áÇAÜî�Í
+Ý]“«èi5ðŒgR篸¨\B|Ô”»¹øfmQØ5r”
+KgJŒ¤tŒRWÆerÄ`3Bµkcþ<p/aJ¥OAT®Ê�9̯uêÇBëW,‰fçK0@ž¥ÑšAe®P°Ü??Š‘›šPóŠ�Úf`‘ÀÇ”T¹wR„·ü¹“#7VQ«H&KšÌ‚˜Œ¢³±0Ý%ÑýÎå ™]ѯ÷O(ÇÀå‚	!l6-Qª³5b|
8âö–Ù©²
‚t]®j$°>)¤¤tÞ›5‚AjÜ9fÛ€ÐL»�ˆŽVשºÖE‰fìaö~¢mZÇm+®€ôÆTˆ0@0	<5%š
Í	@™g�'t�7Bsöƒ”£oa*Ú!ÚY»¤‘é�®©¡kíB¤‡Ï­âTÀ‚e¡ë™™¥òJ«ìÀaüžwÆͺC™œ]±"TîÕd(ƒjjp¹6)›56S6=ŒÉï\“sšÒB!íÙø�:EvÀß}ütG3ˆ2«óäjúiv�Ü%ôY}7v“b'†»Ò>™ß@þÑŒ«á›¡Ç|él`>u9xÈæÙpˆŠrâ†(š¼6%Xê	½(�)/ò©ãÁ¥Èx˜Ÿ®÷š„Hàú½Ì/ê{Û˜*Eã°R2¢õ�;^¢èÆOÄ£‚Œ¸kgKBÊôF!pnÏNïC„zuk™ßj×FIHŽe'Âùôe%âóÜÎijÜçB*Ú»êû¶rè)Ñ.¦.bñ<PÃÀŸVô³(ã0œ¯âä;­S”Ÿöõ˜3Cˆòsdñ
e­klª!°2±
+•
›
Áow˜¡×`Ž
ƒjS¹â¬Ä�+`
¢Aç¼eüà�•Ä@ãC
uâv°é®rÖ@­»äVã½ÁÂè¡Ê~,="ŽíVCÅz#„ß9O9ÌG´Ã^AUÁÐÍÀL(ì F¡‘õÇ-Èc@ñyõy›I±ÊÝ)“[¼´€Å»ëÔ0ß72bxs¨lû¯—Ʀy“%
ÈÈ°Ï� ™¢6žßQôòøô�sž•Æì
°Oº~xüò<È–™Šv
‡>D«¼I9n£À*2QŽ›ÂwÔIÀày…�Ên}hG‘‹Ù-vÙIÛ~’ã¹#žâ|¬ŠÃPÐÏíêÖ´Øú2Žæα†r�›Wwé &X“Û�8KˆOáÉ1TL~C;U–äˆ`cuÈX8ÛØ&{ŒŒ.³wʈf‰Ó0ð4Õ!å©À‰¤pS��-Þ«H*S<DÁ9¢z’Ü<$7™_cæÜ…±ñ¸#†=kÀ8® ¢BÌ1
©K‰3¨ÿg|yW�:Ñ#,Ü
+¢¹c.cI0,®•Þ²Èñ�C2”ml€p‹C+‚AcâRϵêôÆ8¤wŽƒ�¸ØOµAãH?à.P²·Iç"£²@E|	‘í+Sô}¡e~‡a-¸MØ7ŽE¿LŽ`ñÿ³*TªåÑ0|™–ï
ÑQŽ&gߢu¤Å°éàÇÅê±Vn<ìF¦g$~*Ý#Ñ¢	ZQð:Îo¾“�T9Rýã§Ûx	ž-pi¾½¢åü:ÜBŸï??ÜÓo•û†Û.¦rÚð¨Ärä¬j¶ÄM&7Ó;Þ¯þír¶XÞ&Ëë9ö:>4[²±_V¿_ü

?
endstream
+endobj
+1621 0 obj<</Type/Page/Parent 1372 0 R/Contents 1622 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1622 0 obj<</Filter/FlateDecode/Length 482       >>stream
+x
�RËnÛ0¼û+¾Ä9˜mYrŽ	Ò=¤ha
¹øBI+›±Dª$U5ßeÇ©… ¸;;�ý1‘Hø’ÈXf¨ºI"d2¤ëœ¿|;Bóz°J%ÿ^Ü“›Ï·�9Š†±²µDQƒq’E5“+!�¯6Ti‡€ÒYUWʨºvä=ùëâ™ARHî� óE.2†™}iðbCa´î€�‹¡0M¦(•§úo0lg�u _ªë[‚n ÈÔÚpg²½FØ“‰°uÛ§ð\¹då<·w¶l©óOÚÔvôˆ OLaçìÐ{Ô–‰à‰:?ô½u¬	É•ÿHËÔçYV•íFe*\ÌeoF¯ÍŠÏ�ê­µ‡8p´æ*ðÓÄÑ­³åóe*ÒÈ:z-‡6èWñ&�kTõƒ7ª+O<:Uíµay£{t'°SúTàöê'�Ï:}!ÕÇÇÆq¤±Ós߶ښ™ïJQYÓÄÒøÖ»�÷‘:�
Ñûùv¶âhcJ5¥[ÿfÓúm©dÆë¼^B®òcÄ›»Çû;|sö™ª€[
™ âÜÈt~j˜çÉíÉÜÿZä4[‹lµà5Ž‘È<¢}*&ß'¿
˜ßendstream
+endobj
+1623 0 obj<</Type/Page/Parent 1372 0 R/Contents 1624 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1624 0 obj<</Filter/FlateDecode/Length 1137      >>stream
+x
�V]oÛ6}ϯ¸�)K–ì8n�>t[]äa¶x]‹u(hŠŠÙH¢JRqüïw.I%Š‹!K�D/ïǹçžëïgÍñ]ÐUI‹ÉölžÍiqy™­i¹¾Âs‰«¨Åz•-N~Úžå›×TÎi[Ã×êjMÛŠàgŽ7òüç½è½²T¬2ºñBÞ‰]£èãæ†ZS
�r¯¶ß‚ƒâ*:˜-–Y	ç¸QdtÝyCéµéHtIÓÕúv°‚ßÄËK*Št¹¼ÊV|ùFwR‘íNÐ"›_¤G7ô½±Þ‘›¦òåü£¶~
m4’»9:¯Ú/¯Æ‘xðÓç”#%ä˜|”óä
§0§Y±ˆY)•sä÷Š†N?PÍ]ðˆ—v'�•ª¦(d´ÝkG2¡%ͽ²ŽDÓûž…­¢ƒöû“È2ìÌ`Q=£eU­¬HÉ�ã«ê
ýèPlòš%?å*[2tŸÍ@­8Ò^Ü+ê­A¿Úp�{®�œo_�š{aQO£wVX�Xø—ódó*äÑèî�º£J×!%’þA¡Ç�ç	5ÇШ#ÉÁ¢ߤÄvJuäÑp+t‡f|øíÏ�†‡òú�ëO§µm

È�¡šPð‚¤U±X	9ÝêFX†ŒMM§h§s©�n™C¢óÔ+ZÅôFï`É%å›ËDÇsº¯QÒî›’¡Ø|3!êÈ—'‡½±Ú
…ôFÃ{Š®„äP~ß!™:äôòcŠ¬6ƢâíuÁshyy‚9ΙŸè¨ÂÀF%š¼ÓÝ›XÎœ^�õŒ¡øõ·*íÿ}Î! O:|ü´è½¥wlŽvå•ð}F(oìñ…û\8.‡K/˜>ÁÍøbîM²Ìœyz“jÄ»,‚õ–ŽQªxÔÿ£Ò�5wbþ¬çe�&°yž0'À=F`š­@&<Ñë•ÔµVÕ)�7ƒ…‘¥ÊÈ�Ñ
bÈÓÃëîvÊnªA‰¨`Rt 2^è7f‘CÆ“_Ô=Þ³è|t¥B@Öõ©,y€,—,˲XÃNU6¼f‹yâ`]`¸Ÿ#ѯÎßñÀ�°ÉÓ6˜Gñ5Î"¤”)]©í�q"kÓ`:¹n.!€5¦·ª
+D.²å¢¤Ä5Lg4ãž®²ùê’_c¿t f^i—G’<š<R—Ãu.�ê‘[ÕB¶°€
sÙ§`Æsœkb.÷@0â°z³”ê¢S
 õDÜh>“2Á˜Îg^ˆñÝ(dá¯=ä20MtGl&ŽM’÷ËAãH
ÅQØXÖQ±£0pEÕ¨D“ð“�÷„‹°Kä™ÛQ©òø}oâ†gÓówIjV“Ež¶fúkŠû•5ɪÞ8=êÆ™ðñåqo®?ýú>‚4zœMÏO}Þ)”mU’ï×é�‰ÇuÊ1x\,²b‰ÏÕÿûœ³\­³Õe‰ùÀ�¢XsŽï·g¿Ÿý»é;endstream
+endobj
+1625 0 obj<</Type/Page/Parent 1372 0 R/Contents 1626 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 975 0 R>>endobj
+1626 0 obj<</Filter/FlateDecode/Length 1270      >>stream
+x
­VMoÛ8½ûWzÙ°iKŽ?’›»mŶE·ñ{(PÐe±‘H•¤ì¨‡ýíû†’[×èe� ˆ‹äÌ›÷Þõu”Ð?	­Rš/)«G31£Å<Áçõz…Ï¿NQ®g3qó«…t½É/\̆�ŒÒv¥ó•XPMéz-–÷ŠîGI*Ö”&	¶Ô4Ÿ#Qÿ…×ξÖÀ*VgkŒx�"äàÛÑônIIBÛ5.×+ÚæÏŒ¶ÙÕ¡ðŸ�ʺ¬RŸwÚÜ”óÚÿ|û箇s e’ÌEŠ£Ww¯ÿyûª_>…�œ¯_F¶ÍʧWËG¯¿©§¨³ªÍŸ>àç\»§CiìÿR憒k<*ãK~•,E*æ‚Œ
+2Èêágt3š¤ì�«Í÷
TÛ¼­Ô˜B)uU‘’^Qf'êQû L¦Èäe½“$Mþãd¡+E¾”N›=yå:S^pFγì
mòƒ4Aî•GȺ‘Nå,²!ju¬‡q˧QÊ<e¤b�¿@«åVyó[ 
Hîl‹�’�S�Ø4M¥^ÚvH…u~L_ZèA©Æ“5H¯
ùÎdœa€`j¶\Äð¨U¨¸£Þ‰ÌšâGBô8úSTÍ»K�£G…’*°5&`�$î3ÏQ¬lƒ­
4“UÕõr@9¨å†Jç‹S¥ñ>Þݲx’©+Ée©Ê«c©Ü…�£¦/ài[j!²€îÛ8"DdQ¨e[0
ÜO‰¢þ¥<(Ú)e¨±Ð>§ˆÎmd¾uN™Pu’u:ŸFØ`Mï£M~ÿxOÁ©(“�#Ò“
pPŸúÓ•{Át
3V;–-†¨A7S|`5"⺰Ê�íÑÂ_dçdŸž_zï�%�6Pµ
+ !š†1âÙNW:t³hMäKÆÒtó°„maPè¨ë¦Òà"o#ÒÖ€ƒØ¬GL;½;õ#9ëƹH½D/îÐUw÷�™µcåþþðæ–ÊšÛéôx<ŠÌ{dWY×
+•·ÓþÕµrÓ|Uø©6¹zMÙdœZîEG¯œÎèMä’•×=§±}ØŸg. c©³2Ò³F…Ô¢sóV*D)ó‰5xÄýï;ؤô:œ„x­p
w‰6–úÎÖyª�dLð=·”ìù—.Κ½‚
PÊQvL=ZÈ)×E
Ú
œ9�áyqwiÉÖ£¼OW`a¯
wåpîÞà){ͺ½4ú7ÆÛ÷sO-ètŽ«2à&†Ç­ÆŸm\@sûñ3zvo±ÿOÕ­Ëù�
+™¨ÿÂ�Ѷ^óð”MlX�K€ýp
¼ãC¡×q'誃•i§žÀt8äÚ,´<¤€ø8`ßr§`SU‘E6}?_©–(̇÷mÝ°*ç­qŠu–o§:‹©Ï1`bÌ!ÔáÔ×<EÚ]k.¶AJå;™=ÐñÔFà
Ôjôc~ËvŠƒä=.‡dL�Y©0¼O´ÀJÖˆÇߘJÛ¨¢e-
£Öû2\”Ý8Ü¢é±+Êìm­xñyøÛb<{¤`-ú€$íB+±ÿ»‡ž^/GÉoˆë9-“…X͹cï7o_lè½³_`zi³–ë‰6gD¸^ú“Õì†÷ÿêb¾^â½p‘â•�7$7|ðÕvô×è?!ôJendstream
+endobj
+1627 0 obj<</Type/Page/Parent 1372 0 R/Contents 1628 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 978 0 R>>endobj
+1628 0 obj<</Filter/FlateDecode/Length 401       >>stream
+x
eQÁr›0½óïèÌ�Ë8·dÚô’N[›vzÈE–EQj•„iþ¾+ìv:í Á²zûžÞî�„#§‡cS P}’³œ2^»wI±fb-XŽ\pú^þNØG8ÖÛ’U¨ê
Åm§Ñ&M’=nÁ+4-)ˆš‚ãBœ£Q+.XÉ
+†³Wr¸i^\�ó8-6^}Þ=Ý¡a¼Ë²yž™õ ‡`ÎÆMžY÷-‹…9ÒB�>xÙdºPÂxHŒÎÚ6¥¥ì ôÐÛãt¢ëY‡}ßbîŒê0yí:�/�{<¯H!Lò„ÖØ¿ú ûç´Z†ÉжWaN¢ðÂEÞö3+©ò4vò+ÇÊ÷íE
�$‹ƒ¦t?ù³	Ý¢ê§q´.0üíâšôÿè�¥3Ä‹¥ˆ-´#ÃÃ1úî¥mb?¼b#‡'3|g—F××FsA«Kð¼bõbãþýÃ=>:û¢UÀ«¦^S0vQú» ÝäÛˆÿoˆ•¨™X4ïxZäQïm“|J~
Ú
±iendstream
+endobj
+1629 0 obj<</Type/Page/Parent 1372 0 R/Contents 1630 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 985 0 R>>endobj
+1630 0 obj<</Filter/FlateDecode/Length 1458      >>stream
+x
­V]oÛ6}ϯ¸ÈKS –#ù+ÉÓ¶né
+ÅÖ¸
ô…¦(‹µ$j$eÍÿ~璒㺆
CàÄŠÈûqι^¤t�Ÿ”VÍ–$ë‹ëäÿ9þúøî"»É’-–Y2§šæÙM²ž*zäó´XdÉ’æ7+|Ï𱊊ðb¾œ'Ùù‹å,¹…³,¹�¹,Mq">�æf‹Œœ™›¥·ð‘-Rüæ(–¸ŸøÚOë‹éý-e×´.�ÏruCë<¤�ÿÈ«·¥h½²”®úQJå=Šz#È™ÎJEÒäŠöZÐÛÏ�¯×_ƒ­tmMfœÃ:¿Âå4¡÷�·&ï¤×¦‰G甦ÃÑl…èp4׎rµW•iUNº!Ѿ6¤š½¶¦©Uãúy8auNqôåê­idg-Ðge\éfK�çUýå5yÞ¯i’Îbh—²Tr§›KÜ•3´kL‡Ž.¥©kí/q«Qýi¾I„à•£½°Út.øÞXÑÀ˜#‰h7ŠD@ñ�3§¢1Í¡/vŽCô¥B¦ÎÛà…®bþ¾"2R‘ÆÀãœ[ó»ÜÈŽQ!|T›\š]GÈßÛ/L×ä$<•Þ·wÓ©cZc·ñÛTî]RúºŠTÝB
ϬÇ`5KBêƒ0¼¡£‘xë‚×ȳ²Ô�z>M¶k8ð¶ÛTZV‡
<½©"¯VµÆioì�
+c‡· 3duªD$ê +BØ'<·BîÄV¹7YV]Î�‡`ß�u‡FBb9}ÕZßtÛ„&jQàã{ƒ€!Â^#‰9cÙ9eá“Lƒx´;#»4ÎθÌR Çe6™¥‘½"Šc€p¨¤^m^�ÙþÃtA`1ˆïòçûT&b�?Ú+zzz¢�5=‚ä´X U…G>ÇžX’¦ñgy–„nr½×y'** JÇEÉŠ=!†
›•1;–V<²×\‡×�A>kç¶
Òsó£ÆÇ*=fÍ*Ü.ª€ ò‚*˜e26Ê÷
+=B4‡ÀÙ }Ø?u´>VÐ'tŽôÓǺû¾äVO6ºá‚8òòOL¢ N˜Ä�£1$û*‡pªeæRPcl
ÔaŠd¥Cã$nõ40‡u'K”<¤ÊüYS‘a5ò+´¢3"sC½öåËä�Ê"ôEÓyêKƒ*óVÁ+3¸Sªe+5uøk(Їüð™kæ7Ý B‘3n­*vNµò¥ÉŸ+Œt’à"Çy€ê‡÷ÆxúÚ9�R8–å(ñÁéÈí‘¡¡WFäÁ]…0q�á<Áú
µF£{3;Zõû�*ú¾Oä
DÈéL“?î ³³|9»W¿šžÑÙªàóÔÚìbÓDþÐD…ï9G´cÐÆ·Þ}øDï~{à‘„J&î—×	}0Ù—±²|^îw[+ÚRKÃ
**�K
­´Ö –ÔçSÈ^ÙB`¢#ZŽÁð¡k°]#0�n9|@"ç­.^u¸3:Ü�ï1Ì÷óšz,²oá<¯Kp·åÆ;t¨PÇÉÉòØçXÃ-´t¯ZìC‚[1©¿DÝ©Ž“Ñ9LIäúèH?ŸÎÒ´‡qb†qª”Ѷ"ÏöôÕs3Ô@`äÂêÅêº
z•ï‰\®Ð½ôg²&5¢Vü
+ËådTó{,èÞ`yÜ�±
t¼á¬¬Â™¶^x¬Ž§«çFBhjÂê,bØ÷°ª%ÄNñx\‘>v±�õ˯§÷‹“ÕmXDØò$§»6ŽÃ;<ÿpÜî¸}Zƒ²EÏסT¦÷ãz0Á@S|*ÑÃAº|loaàS+œë�w‡V…§÷éÃLǨFƒWǤ°_óB{…Æ<æµ‹æÿœ•vŸoã`XÇÄf1‚éýÍö$[Ðd1�{ïݳçË›d¹ÈÒ²”ýþ²¾øýâoõù2endstream
+endobj
+1631 0 obj<</Type/Page/Parent 1372 0 R/Contents 1632 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1632 0 obj<</Filter/FlateDecode/Length 593       >>stream
+x
u”Ánâ@†ïy
+«'zHHÊiéR´—•º"Ú½Tª†‰CR%c:3
ñö뙄.´Z!"’xlÿŸó$ó'�y
+“dÄQ³IÂ×ébÎ×”¿¡ó`¼™B’@^ºØl1‡¼Ž�cÈå(¯j§ºi@jA@Qk”–ô¤h,Àˆv'@’²¢VµÚƒ­6vxg¨Ó9¤@xÕF>æÇÓj}Ÿ¿1„É$J¹ðÈŠýžSÊ£��JV/÷ø&d§5*ÛpYâ_æ@ª0`Égš°ž�ØÐ¡å °1r©CÎ�fÑÔåþþ{;$EÄMjp°;Ú¹þ¹øî�¹èpIÆ›t 4
+uÿà‚lB\ºì•`
 DË
+WÐÔL€Ê¡èW¥>Ð\ê—Ôq*R^ÐÝúŸš;8ˆ=÷Wú7=íîÀÔÖ—‘Ô¶|Lã{ç�óÀ,}*Ökóç‡Á¤Ì[cƒÂôs¹P¦®a)¼%QRÓÐÉqqY¶<ÞÌ6W¤Ýø–ƒúˆzÉ÷ß|ßéýrÌ·šÈr5lW?W¯ékÚ›å–ï•5þT¨Š†3upnÊ-jFS÷ÐiÞf²jÏsîXŸóã—î¡ÔÔ²µmÕŸþD¬ÇüáõeßÖ´v‡ÂíKŸoûy³&Qæü7� ¹ˆ%SÞÃÅ’tÞGxð¬é�7Ö$;çfakRîd˜d¼¼| œÇÞÑ•8X&’ÌÙnR¢1°õËx½pÇZ[ß%˜f‹(›¥üßÀí$iêž=åÁ¯à/G×endstream
+endobj
+1633 0 obj<</Type/Page/Parent 1372 0 R/Contents 1634 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1634 0 obj<</Filter/FlateDecode/Length 1413      >>stream
+x
•WÛnÛF}÷WLó"�h‰¾Æ/E›K[4uZDEPÀ/+r%®MrÙÝ¥eý}Ïì%¢7MaØ°È��™sÎ\ô÷É’øYÒuNçWT4'‹‹,§‹›küŸã×HÚœü¸:9{ÿšò­60¹º¾¡UI8¾À“bú¦�“†–7ýdtßQ#ºNµ[úùãçÕÇÓÕÌ/h¹æóü.Våô“Æñ±�r}ÍZÐ9|Šº«å3ÔÊm�®Üômá”nIYOBÕb]ËŒV•¤¢7F¶Žé*]Òý´V�²Þ“Ó‚æËóศD»•÷§xƒP[±•ä`ïY±w\èoK*D]Ë2¤qÓ˜’mÖÞ@–ʧ8Í¢¿ü*»àD9¸�2Ö‘jœNXa‘"èíÀýèðNÐïoßÌ8W	Ç!Žc(u#–
þúhF‘�Þ„'`6ÁŸP@Y¡Ûx ñ3e­ìºõ¸âc'Œ¨ x',Ç[rÜ[õ¯•ux„çÆR­
WŒÈ¨må,qš•T&¢’üï´y´N0™6£_œ¿ÜêFƒ­*Ⱥ~³	©[Õt ’-àhÝ;*UÙNY8“ô$
^ʺ¦�6ÚºZ>“•®ï옋’Bò¹«º
+™*¸æX8лÕÙçü×çW	ŸòñlD)IìÄ>£Ï•„[D_×,à`Åöb”$Ó9ÜDÙ½¨T@NZòyYrAŠÝi}CÂ0žüÀ4k#œ6v¡Jø<¸°#×HÁëÆßtF=©Zná�kÃ_+ÖªVŽ«„B]ø§%k”ov
+h
U¼~T@X´{¾�Ö¢ÂîZ³€µ¾?`ú¶etÿQ�(*”5Niâ%ꯑÍ0iÀøÜqê®êÇ™OT[I£Üä+ÆH"a
ñmPl“-!bJ�ÁZ‚FÀ
á¢e{LÏv­êF>‹ÂE.-ê‰byàÕÈv¬Y/7‘Tdœ4 ôÅ((ô‚•½aÐ=õè£Vé½zzÅ‹"Š8�2B÷ñd”eðñïL$ž%�Ñ;_–
2ÔVdòå0Fžƒd�iLÍäkŠ f­·Û�î†AE?©1ÿ¥{qÜïvº-!@Ç=
ro*Ä×%bßëÞXÈbXB¥¾œÛ(—1àßcV	7±<
jÈ
s`ï	Çž§À‚ú ¸¾UÏ¡ÐQm½í½	ú;9{ŸºúôLºâì¥
p:£Z²;žbÜêX'eÃösŒðrºÌü}øøeDŠÒËÊUPY`ƒÙi{i5=ÆÙZÒqz½GK€Ò¹“ò¸¡¯c(£¸fºB‡DSi„ÙÏF8y„1¾ÑÊÿG~Ø�V­õ£ïh·	—×¼kÌ1óó‹0ƒCÚ·Ï·—‹ü63ã@‚IšÊùuvŸä\.ášßD‡Ò(ᾄ
·Ú¯Ngߢ[Ð4®÷”º$ã7Ž˜EÚ58‹¸I—štTÕöÍû
¿wœTºâ<$5Ï/i~™g¼ÊMQ”
&æÌ…?¦|‰p¾àÒÌ ú.’˜.ÿ�¦ÊÛA·‰
+šqA†-èïüf­0ÍÀøŸ™£òxÆÜ­D!8o%jŠr$>=°O�0™9ó:vÊÔÌS;½Ÿ"²4È
J/T;–ô±‘ËÄÙNµkÕ–\dœÛN÷u'kÜ�Dá'%'E…4Ž1,•‘F¸Ÿ¹ƒÁ¿«p
+4¦Ìx›•ˆy
+oƒv„ª«ElùáfÊ1tPÚ·ª+4ŸpßÜÅý7•É@“‰^ýÀ}Fé>²Ž}Ú¯LºÿN€ÍB¬1–Ò¢biü§ÚŸB¡Þ6YÈêý†ïW7ÙÕeÛ]~ÎW½[�üqòŽL)”endstream
+endobj
+1635 0 obj<</Type/Page/Parent 1372 0 R/Contents 1636 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1636 0 obj<</Filter/FlateDecode/Length 1432      >>stream
+x
�V]oÛ6}ϯ¸ÈS
+¤Ší¸Nú°‡6k‚`kÒ-º
J¢$6é’”=ï×ïÜKÙu”ìAÃÉsÏ9÷\~;šÒ?Sº˜Ñù‚Šîh’Mh>›dš_^àó¿^S%¦‹¼_�]¿¥Ù„–öZ\\Ò²$ì3Á7ÅÉU£VQ{š¾ÍèAu¹¢•ö•ó�²…&B¯Ã«åWÙcz‘öx}>ÏfØ勦]¹n¥¼	ÎoÎi:Þœ]*Þ\6zØ>h¿Æy}Ð�–WŸ(:Šª}”ÿx©h�¶1£eÓ2m]O
+F¿5¶æ·‚®ŠLÜ!
´Ñm+o†ÆõmÉx'ôzzžPz­ÚvK…ÀÄÚÈ»¬¼«½êÅFEFƒš‚ê4?Š®p-ƒÐÔ¹A±*
öPkeZ•·òRZ®¨2ø&zeC¥ýèôýþ\,WRÅa�²'zá WA—ôðñ=Šcv²a�Ù"›3{·‰‡�²‚=j@Rµ2ÿƒëtl˜›Ö<jRt·äí?WŸëa7®Ì
+=žµXG¥	R	È¡¼�ÄÙzm$þÊðÞHºçgîX¥Nm“¹ŸHáhÞJS�»'—¾œ„¾hHºÓ1×½ùò
+œŒµK¢‰·ä�FØ­ZSŽYºÑV{9Žá$+@[&�Ÿ¸;P0¤ô.XØÀ«Í^F
++­ËŒnA±¸jg7úÖ›¢GLåðU¥÷$·twýpJª�X[7øÊ‚²[ê¸êR¯´-9ÑŒn±°ô ±Bµ8Ø­`0®tR|ï8°7ú¦òÀ ݹ5úᔈŒ½[¢+V¡^éíQCãÉ,w“�’±$6å>Ñ´q> 7o)ô`§€ùES×lÈJæ@�,R‚³ÏðgÚc¨R̆…£ÓåË
÷—PzƒÒ÷eÉ$ñ9kdŒC($®BF7xE%Áΰ>�<hVhÑ'P9È$êh"vá2EnÚÀïOÐ…ô0ý¤+‘~3„¦+u$·Šæ?�kã_²}—Ã&®9‡‹Q&LXÀ<5'rÞ mšc+ÕAp‘Êý?"U¸Ûj	2_:8'ÁÌ8ƒŽQ"‡v"€4L†Y
+Y,Íëû¡þS6È|.oèò¬p¶’¬|	ÑñSHÇ8¿`J™&>c¿
Îï¹)T­ÑG¡ðV¥Æ¡uy8ˆ)IŒ²†¶2“žL®
ݧD°1”T-ƒæ9IÞÔM’§S’´pþ>Ù0,q<‚Çïr‚詘½þ¾gGï�y$U©1OJOù–¾öñAÒ"Í¡ÂyÏ^`Y0ˆ—$QR˜p¸îâ¤u²HçÇ>“Ÿ�ôÇÝý�~~÷;·/³Í)#nÄ´å!é�¾¨™íú�#©´‹vÀ£�Ç娲
:ö£²Û]šy½ržÅ‚åUY2ç#ЇȎ©t=&oÂÇù�èÑ‘Ò ÉÏ%‰BŽ4Ò®ZeE|™d*j´^RZ(®õ£)¼®’éxvû‰BTÅ#“ZÎŒE𕸧XÑ»«Ÿþ=<Î3ú•Ëæ/éÛ³ë¸8¥l¡c)šß>‚aÐ
+.h.ÏôG¹¬„³�Ç”ÂÕˆmPàÉÄxj,Õ¹ž½ƒÕ*>›jZÊ®6iÌQ9Ì¥¡3ùÞ2äBÀX/zÕrzá� 8ÝúMÚßs)9Æ-†¾w(¦r½›¢inª¶ï¥A0Ä]®k\€ÐOˆp˜‡åâôð¡ôQƒBÏh¤@ši›ÆñÕ
"&*ï:^5²ÎÀÕA’ÉÈd~pc2òEä)Üd
bGö€ƒ¯W{lŒ(g·qý£ƒ(
{v}ùýýf‘nÑÿ÷²>_\f‹73\÷ù’>›óI–G¿ý
ç0Nendstream
+endobj
+1637 0 obj<</Type/Page/Parent 1372 0 R/Contents 1638 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1638 0 obj<</Filter/FlateDecode/Length 1322      >>stream
+x
µVMoã6½çW|i²°µþ”�C	ÚèvÛÆ@Q J¢,n$R+RqÔ_ß7¤ìudoz(Š$@ ‰3oÞ¼yœ¯W3šâgFë9-bJ««i4¥x6�æ´Ü¬ñÿ�¤Ü¿XÎo£å¥‹Õòò‰Ù&ŽâK'V›óç÷Û«÷–4›Ñ6ªx³¦mF@4�Ò6½ÞÊ’y–M)êZéíMód)‘ÖѾ�š\!ÉÖRfø,§LÙ':#-I"M¥µ$PŽU•*E3¦B<s$í¨TΕ’džËÔÝl¿\Mi2[ ®mvý:>‡7ZðTmZЮ‘ÂÉD@a¥‰úó¤!Æð2™‹¶tô,ÊÖŸŸÅ‹ÍrLI‹g§ ^jÙ¨Jj'œ28¹PÔ˜qÞN:rÁ�´RxÀ•›Ú©J”!ôx€ŸyPŽ
—êI–CEóô8{UòqPáÂW	¨ã¬¶³NVàNw{ÑEt×ÀÝ xµ‚vº6JƒAk/$÷±SÑZ 7-£eiRÐF•¬r¶ZKn�hTÙyîÞ¸¥4Àb˜,–�Å$Ñ'ñB/•òm:ÕÌd¾†®@ö�#ëDãÚÚW™–
+\z9XÙ0j-wÆ)Î/hT‰Uµ¹Fh‹°#(äo9†¬Ú[B-Îú8ü˜»¯¥hÀj ‡O÷ƒzSSU ÜFôJM¡	Ë
Ù‡<>ŒoÁƒ¨Až�oˆZË¢äŒÌJ?ÒÈ·bPz�ÐVI”�Gô«AA}oÑüž¥z@ÆPmyr†(xJj©Í+ØìÌÅQGïÅïB-!JD[ÔÐs¨½A—Õ3Ï Ž åÆ@�‰„¥y<òõÏ©£MÛpqàÛ3¶�î0køÊôM:'-=^ŸpòxJ
ÃQkUðeYS�`ÐEG˜ÉÜ4��û^¹‚ÄšÅ–ì½” kå@DÓy£á¹÷öÄsÂi4ͧËÍédH†çÄJèTRÝ ªìY…š*ƒ¦Â""—t0—¾ë~²ÙŒ~sœVýbvT"]ÉÅ\œ§�¹ŸÛƒ�ËÃ
°)JkèI›½&¸Ô(“IÛG=ÞP¡vð¾R†©} ¦Ó¶°Úó+Þ
~cêsm÷œ�J–jÃo"E\u?ÏyÙÚ¢'‚Ñå
+m9÷I
+±A 磊©æ¹Ldp]	»Õª|“¨8¢?¤È¨ûïò´¢®ÿOlŸ•QgÒª�–™‘ß{¶²2Siö“v¤Ó.`÷AŽçÙsûJAÝ@siaƒ°<±¶­kÓÀì1Å…Ù³Š"ï|aÂ*ñšAϯñ²\D	’XܘŠD²n¥aFÉ0u¯¹âÓãÅýƒÃ]¦3ôæ„% ìh/a¦<ð"u-f·\´ ƒ'" `Ž@æ‡
+Bâcß¾ø‡ñUÁôИ#§g#õ`‚6!YdÆEÉ”:`;b…
k3êï‰û
·h�uêÁFÀ§ùfñûFDð *„â"ÆÐ
ZM ]tPø¥#œ?)6¢Ïš/k5w�%‹˜¶Þë:¢?…Ûà_Õº?|öŸä¢¹ý_õú
+ñ›‚ÐŒÛå;‚}`¯¯`X§‚Ùç
+Z�¤²A‹^v×v-ÿvÓê7ö⣽í•-X@){ã»jç•9oúÅwcïÞ,(^܆UæáîÓýýÖ˜/ØKé'“¶Ç½�ãM&ëé-¯>çÒ2ƶ½šc�â×óûy{õûÕ?ÂÛÂendstream
+endobj
+1639 0 obj<</Type/Page/Parent 1372 0 R/Contents 1640 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1640 0 obj<</Filter/FlateDecode/Length 1475      >>stream
+x
…V]sÚF}÷¯¸ÃKœ™XA€1îLLZfŒM�<ž´éÃ"­`cI«î®ô×÷Ü•äÄÄMÆÒÞ¯sϹwÿ9	©�Ÿ�.4SœŸôƒ>�_Œƒ1�&ø<ÀŸ‘”6/úa0:~ñ!:yÿñ’ŠRøOBŠ‚Ÿ~Ÿ¢ø4¼&
­2]Ó4S²pömô#
+q�-Î%§w…¤R«Ú
+‹°¥6N&ä¶Â‘•Î©bƒ/8d´Ó±ÎÈišÞÝÏ–7+2¯.èæêvqu; �ØI”‘§bŽŒxá0p<[JxW9ÜídŽÔèóijtNaÿé½eçá9úü6h-cÔË9Ù
+Ö±krÛ*KËéûádl÷á˜ÖÂÊäó[ª%Ðö‰SOµ¡\ã{"œhEÊŠu•%oeÐWÏ‚¬ÊU&Ì«Y76k	¤Zžáé‰FÔô+ºG¢H¨—‹=ísåðlÐMzïHÖñA�"®(6ÇÈvwPÝhÒjbXõ¯ìQ®6[G"³š¶2+½Ý·t8ŽÈÀƒË–7ñþŸž+™?C‚ÑËrm9F-–’Jrg<
„µµ6ºØ#ìT.z°]¦`�„iiDŒö‹Œzeg“É�ÌzGØÖ*Ë:B ÜXÐ'Ó. Oºjå‹•…XgÈlì=|œRl¥ë‘.�}Uáß,Ä“LU&ˆJØZe�«
+„äœ^×Gêd�|Þ‚µÈ §|jd­4ÐÄ^j
EȯùÌÜÿä^ä%TE¢kë9ù¨ÍÓÆèªÓÙÝ(Ú‡åU�ìe
1BkÑtÉ‚Å“\qS&ë¹UÉJJ:èÊt$:n&Ò	•Y°½ R´¦Ïß�ü[ìV
+4ÕT9l!CV?ãü˜>nZ€=y¾Q2yœß^ß=®æÎ<çñd5ûm1»�ü#ÉûF7…ÙHn28AèÕ
+¸bZÚqŸy霔fü¼³TW�׋ñt-SQeî>Þ5wTøk±BJC§`"¢Bx¨ééÕ§U4[óÛ91mÞ�²¯}ö1¥7j'™“kµéˆÊ“‹G¢‹7Žž
+LÚz{èÜ5cq ]è?êÅŽ%ÕnKߧÛ>§�t”Wñ¶kö78Q­`ÛA¹4ùù4'££ŠÀ�·Á¥;Tl^ørÄ‹âà5GǦ)×BÁœ‘W"‹
+°Ì°Ù
Ÿ7ÆQ\ˆ»øº@:É$F—Œ¼ ÍGnø<ì-Áj^
~
x¨
ù$¼üÚ9O½Æ@8P"KY$íÔ`zy
lAè³ì�ç&“ÙJÉá¡ø=­õžÏµmØ®=XðÕR…2U<7u	®ÑTÇ[#€/M�@6Du˜|<‘C;
¬J¼ˆù)ï…˜ùÜŒTg€šßĺˆ³Ê‚¤ö—ÕŽCsl
�	É<°‘«2�{ܘ¬¸º®ƒ\ÅF[L�
xa;â
+¬Jl>œòìᬎŸNñŸ3ªœÊ”SòXßõV�ˆí¦þ‘b§ºHÕ¦ÂÖh\žó”š/A†�²Î<oJ¿ßYM/øÝÌ1ˆ©²|q@[7¸;`(f™LŽ8¶ˆVËÙìÚCÐdÕh•Ô‹›
+	]Fà<\áo'Œo©éìs©M
�§Dj¤�Ä’7Œwp¸»
+51}
\íÚ¯º¯ã¸¹oøؾ‘¸à=�æ…Ø#}º—9´ÆîÏpÃ}-9
âïøú|OºÇl}í(¤q|N¯*§¯•�½ˆñ�«xaøªÙ‡$ø]gòZ:¾X½f9úÞ2ÂƧHÓ
wræ—²ïÓs=ç?±9£ßï–+^ä8þÞêözNS�[­pó¡þ‹óÍù÷'íµ6áæ<Òø|L×ÕÕâÃ-�þâ«ÓqÅs·Rí÷íY8ÆugýK߇WïÍ£ñ$ŸÚV
ÆœÄ,:ùãä?[q³&endstream
+endobj
+1641 0 obj<</Type/Page/Parent 1372 0 R/Contents 1642 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
+1642 0 obj<</Filter/FlateDecode/Length 888       >>stream
+x
mUMSÛH½ûWôžBjc1ú°lrƒ[®]¶¼…9ä2–F–@šQfF8üû}=’XÖ‰)(ªi=½÷úuó}“ÀWLë„ÒœŠn!"AYGÊ6küžàÛ*ª7ûÅå}FqLû
+�ä›5íKB»´/.¶äm£Jzi¬dÛ¾~�©È׊¯:G�Ò¾1M�åÒIê2ŒÆsè SÝ5u²T$©lªJY¥EÞåãþi!h§Q
+'éÂÃÎÏÊ“éù%.¢­'?X~�<m‰ûÊ{eA«¢SãkþƒÔ¯¿ñgBMò(cÔ-(*Ö�`^”e5®WŒMVjNŸ𤔦i38 ê«mY.è’tû5Yæ9%âᆜ²/'y&¤°²ï_éﻄ=-L×KßZX{L[ÒööŽJÛ¼(úvñ§‚´–Ç¥âÛLjöðyæEVz˜ÁVIg´d”ÊXŠ¤Sûˆ_}y/èjœæ2ÉFÙŒR5ÇÁ*°·ê3½}vðêŸ?`ö¬@ /0mCç(žÒ/¦£BÚ2`d‰Xf™x¾¹t#ÈJˆå*	…Ÿ@X}pð$½Hü$Ca5Î@n¿fËõ<ˆÉÒQLºËtó$MQX½1yòe’‡,ÓBDLV)C<¦�?xÖ²c”E+LÙ«>”¦Äs‘ÛÆQÁà¡åˆXýÁ¿ÄÀµkJe}œÅL	çªáä	¡GÙ$5í 5zA…³þ�ßÎ	ÂÖu£Õ/2ÍÃúÙ8[Æ8ðLè`Íp¬=šÂF½)ä89ª,&ú4°zÎp,F±ÌÎtj}ˆÖs^¤kÒê4Ï´%íÒ4eµZ>\‰"Ð8œ˜À¦¿õÄÂ×@:á(Ðјòó™_Ù
+±˜ØaP}Øò’r!~
Dí¨ü9Ñ¿Œyf?¥'ç±rLä~¿ƒÁ |úÏ|I‡}­
	lãìÅÐcF¥ã}Ü’úÞp`j&
+Â�	„0M'Ñ…éöÖxS˜÷Ü›
+†
8
à¦c€šã�4õÊV¦“|)O¡ý èû€ëËŠŽÇ�­iõ7Ó%�s\ùMJÉz:|�×7×´³æ	ã¡ÛéDãÍ6/ç–k�ãQ^ÄWÑ&¢G8A_ƳÇmY¾‰òU‚Ü’¬¹v·_ü³øôpðˆendstream
+endobj
+1643 0 obj<</Type/Page/Parent 1372 0 R/Contents 1644 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<</I14 14 0 R>>>>>>endobj
+1644 0 obj<</Filter/FlateDecode/Length 1543      >>stream
+x
¥WÁnÛ8½ç+½8Är$»¶Ó[7I·AÛ$m\‹ÍhŠ¶¸‘DU¤šúï÷
IÅŽŠÅ.ŠÂŠEμ™yófüõ(¥SüKi‘ÑtN²::MNi6�&Kš-xÎð¿U´9úJé"ÉÂq~˜.p&›Ÿ%3¾6¹Jgtaè£7�NÓd:4À–aø‡ï_MÞœQvJ«
ÌÏKZå„Ó§øFŸ¢qªÅû„Î[%œ®·ôGkº†n[³Ñ¥²¿­þñ&ÒE01žÎp•ãNšÐ]çæÑÒèì{89£4�'³E2ç“šŽj¥rr…âgËÞ‡)µÜÑe®�iɲÊõ¯¢{”®Î�ñÀSBWŽ¤¨i�ä¼&S³qFpJãtÞ´z«kQÒ¦+KjZ“wÒEº¶N”%"ÆÕó‹è#„€šùŽ�1¥�´Ê>h7©•y¥ëIcJÄÏÃ=NˆÃŒf@\¡-u–“Ë)x�ç“Oª2ßgyÛŠÊÒFH]j·#�hp¨&‰Ü<ÄÀhôVàô…¶#rb�DÙA†?[å-ÇÒ
Ó*¹´Š
:'œ‹ó‘m”Ô­¬¿^b6€‹œ#gžŒjÂ%úAŽ>ìÁ^ÙUªv‘9=ŽI9™�uÝfr壴žŠÏü³H" zŒ%o.ÏM½ÑÛäöæ}x±wácbª!ÃìhJ!a@×�HkŒ#DÊÏ]_®Þßüqsý7ÙB´
+ÛÐÎtžvà+ê'½×®e*͵Áß¾ÕZ C+¡ëÒŽuY<ŠÎá½ÓÒ]/¸Ì0ëãä¢wMÎEb{¡GZµÕÖµ»c%d¡ëX8ÜЛaéðt÷�á”GþM1läuoý“²O*z¼y¬™¯þÐZÈÎP�„á<ôG±;a‹5)8Ø‘5ðêðgÀÏI Y(°˜ÝêÚ©mË�9Š�£÷‡Ñi‚ak7²{rlZSy{k!ÆPišM¢7e¹�1Å&ôVÕR�p‰ƒk„¦åÐ3¢d>ÊBÔ>Óì’‹Ïá˜^\zÚú´±Ø*¥ïN(e¶WÊëÍžó’ÕKåçzcZ×Õ`B’KÏ
+¥ñžKŠÓõj6ÉÞRoYÄb+ËaùÞ¢ö|EÐ׎eÛé\½bJã^Anê@w�D&´™k
°=![@r{I}ØáuÕt£È
«JyåÜ@¡¨kå›wqjÍЗQLšŒŠ;ÆÜK©×ïûl¾ˆ½ß·¸ÿú.¸ÏÄ*ÔTÔ€b¨Ò�W–>Pì	½vÞm–%Ùiês¿œú‘vE¢:ÐiWÑ‹hâúÍ"Æ]/ž>žyÕ ’ìîIh·<CAÇsûû[´/À]r™Z�B¶½„q6{ûÌUïÒ7Ÿ3}¡ût­XÐQèGþäÃaæ´ì	aø ×½¢Y¯V¹W+>Ï]-¨RÕŠ�ÞŒ{|0G]ÛYÉ
+ÓÒºAϸbO˜Û‹óa!§Ø10Eç‹drûÓb.±Í_ò;÷ôâ�GçÜÔ+3¢uç\¸É›ç4Á“ÿÔlŸ•« zkóý€’Þ|$!ê6"‘ç!œZ=R#\qBjûj8xä«û{§ªæþ~cÌZxVÿ7T!Tt-Gb<„Ç‚DÁ~q"jçÂäÁ`~Ag˜qß¿–“gÞ=Ué€}Ü+€Õo 7ïZñ¤’h€¸(Œd�gÏ[”èa¹6�±3ሙ÷«	gË$=Û+ØHlqBÅšw+(iL‡Ô7Elëèª
©æyŒõz¯ÚØpï —„bÓµqý:ÜË‘Wî~ŵ…éJ¬¢k‡5À㸻ºà†ò]ÇÂzn/(%ÙjÝkýV�áÊÍ�@ôý~ ¨‚Î4b«<Nv7¾/Ü€~ïOÞþEÙú°^(pOW
†	Þ”þ«=Rbmv‡K)Ö[‚2Ø]-¡®0yï²ï$OÌü'û-6bDêÃëSÜOC"þŒZÏ3¾ÜÿN˜Í’tà×~�ÌæËdþ’/A
ÒlÉ´¹\}<ú­šÎendstream
+endobj
+1645 0 obj<</Type/Page/Parent 1372 0 R/Contents 1646 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<</I14 14 0 R/I14 14 0 R/I14 14 0 R>>>>>>endobj
+1646 0 obj<</Filter/FlateDecode/Length 1494      >>stream
+x
¥W]oÚJ}ϯõ…T¤o4IoQC’&îí­d©Zì\l/õ®›òïï™]›¯Þܪ­¢ïîÌœ9gföë‰O]üø4¨7 8?éz]ôzøì�†øð[JšÛçßëÿ׋ÞÅðÇ_Éz�3À½¡7"ÔÅ#�Mü>])zr¼ÎDz¡ï
¾*¸8>ëuxröæ‚pt8‡åÁ	!¨n—Âø4€qüÐT‰0ªÜкTó4“úeø;ûäûng'bçi¸”$fꛤ\š¥J(Í$UZ&dÅ¥/8�D¦•G!–¨â›,
	Z”ªZ7)-°_춲]êø=Ä˵c¤Ó|�m(S12ðç6ü eé]�Cb×q�ý:VëN5ûàWˆ»Zo›Žo=ì¦N�ó
+£ŸžG9"Fˆ¥'¿ËÿAæcðÎÚ“Z§ªjU•±¤l.…>8èðXŠ—¢XHm}×2®ÊÔlHÍ
I¼Tù*ª°Ø—�(à(
ò2ÕÀ;SOî4Ǫ*%*r`mµ±%9SØ9<²ðlßÿ—¾GIC�“«g ù¤*Ë�4‘…IçkËi¶�¹´Xð~üϨg|L‹„=¿
éQ– 
+õ¡¹‡Éw©±~�ÁÀeio/Õ r�#³$Ûâ—sUæ 7
IJ¹Hµ
ï«"�%b®9ön%7¯Žð~ûîúÓç›»ËñÍçéøòíäö:ŠïÞ„Çxš¦q©´š›(ÚùE—U	晿eÉ´ˆ¢{§±X®�o"ù°õbo
ûÑf×PwžÒ,c½éj†oµMX‚oͲ
W3gš„jzZ*zÍÔb
9 tä×€!G‘Å*_W†é�†
+J‚^ø˜†|ûà
Æ­	¶ ùx 
]Æ"^î©n
+<	pFYDm{ð‘i6ô8<¶‰i�#•I3¨Â‹^ҤРU«XÃÍu™rI`"·t�P›¬Œš–(] G‰Ô9ðMd•¬±¬�Ÿäb!ï…YîD€È5´Óëo‹JC“è%õìŸ{>ù¨nz.%,†¼Ò”ølªà>ÄVÂA¹ÅÀ‰F¹M.8‰Àlú¸µþ¤Ê•6ŽÚâ8µŽÑÚr]m«›µ`> ,ñi–ÕtpP’§˃[C�C\w„š7KDƒ!Æm_nK÷CºX"â,�W–0Öšnè²f\‹&@£�e26ÔBÖh©Ô-wêïؼ<°Æ
‚êÌê1ûý“�›û‰sÓÐ஽E§Û€QûUËèåï=gVƒ¼µ.ÕzƒŽú(M‘^ÜË2O�q=zA3õ½}”²KÛ4ZäÌÿ
‚iÝ(µB9~A³˜(e �#eŽr’¢Çqcj£ÔÈÂ
+ÚAk+"ÀµEœ)ã„`�;{ƒƒ£×|ÄäÑ�ñ]G|Z¦±«¡�ȬXQjÑ=¹ŸÏ2iC00u}ˆïÙÉ„•m](¤¥–yžrïƳ³Lì †‡]/^¡~YÑ�ø“^8uî¹=�\]�·QT*eÚ´ZCœÉ+Ê7Íóqzì0°�÷½À¹ö¬4#o48gõ¢Öçbå&©&ôX¬âåê:“Ü	A‰„»¶(6<q4J½Fwæ/þ€�.wïxjA°Úªså@�3´—ã@¡øܪ§#ß­[½º‰u_Î<#Á™5ª¿e[¡PÑZ’_r£Œ<ÿbWm¯”GL–.Ùž¼í,íëYZ&NŠnDbO´Èg¢ƒK¦›:G�‡RÙ3ŒtcÄmx†y”÷#}œKžÊÕÁ”Ï-ìÞ_„¦rýÝ͇v’Bt{ÓŒpGÖäOCìJʵ¦Dê•QÛ‰d×L£5Üuì]Âï÷½Ñ( 
þöVñ8ž¾s}þÂZ¸Rq•c^²Ý̪Ùàê5êQgؽ؎åÏ^[ú ÷àœ/Z ·\ð×áÉû“
™Q0Pendstream
+endobj
+1647 0 obj<</Type/Page/Parent 1372 0 R/Contents 1648 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
+1648 0 obj<</Filter/FlateDecode/Length 1000      >>stream
+x
­VËnë6Ýû+ÞÔ
bFòCvî¦p.‚6½©­¢- 
CÑo$R©¨þûÎÐâ¾EÉ"Éyœ93gþî…àO³Œ#Eï&î]-'†o`:g£ „h>eÓhq
+
‚b1ˆ3e
9X)êJ¹ˆLŠв
gà¥SÓXøó	’�© à»g	Fç»Ã#+«W%$”_†Éƒwë0Çl„‚kÀ—©²ü9—)¼*ŽN·•©K(M®Ä”†…pêUÂ�ª¤p¦Ú1ˆ34ÛžÛ/­ÑQÄ&d´kŠ²v²‚[£7j[WÜ)£“d‘J+ëè´ˢ̹“6IÖ;ëd‘$¿cÌðT™�Êéó�
m\›û­ñü(ÓhYÙL•`6°2]l;°4yŠ§}z3ļ»c\§ ØÌÔyJ XéÛþ½öXôÜiÁaªû+ÚÁ,È‹åÅ3‡Œcˆß1:GñqÍs³­å�ð€/Í%Ô°35U�ü’7rìý¿áê2¬Â6ÃëʲãøÑYÀò>ôò f
+£Æªù(?ì.7‚çÈÌPr‘%Qà'¥%2hï¸áÚƒåª�°u“×Æä¹i¨ÉàWvƒ¯ 5ú/Ú4@u´u…9g�Õ•ç]Š5S½P„?¦"¡A¸8õDj
+Žï’O«¥h›k8cóÂÉtÏódÍ€<¼µŸ¿0±=i¿î=aG‘cë<e
+G14Êe¾ÔoÆ$¸¦ÖÎçØ3¶q:ø¾×¶ýn±Ã^¾@íxåú—Ð_ÕÚsõsæâ])ÑZQˆ3Œt1}ýù#xT¢2Öl<ble!‘18¬A¶·MÇËRòê|ü–8-¼Eš^­da°-ך—C¥±Í	U<8#—;Sc‡;\~òÃñÉ¿3¬væ–43Šò67VþÏ*Üþ
p„ï+µ2Æõ‘ÿ¤7'[ìcD¿ÿ§Äy‹Üü…Æò ˆFʾûôN3ú—û¦}ßÖó‰e?-7ö^pè¯w’süG49)]ð_bõùLUîs“c-s”v¬O'~Ÿ¦%öY,ô­à'“Ѽ{62øEE†DOKÜWH6I†½HHçPs,ŠŽ•JnP²é
+�¶&H+ý-Jð`•$ÃÕ%iß~¹!!%™õJ/ðh+S\£NaÓ©ÖwG~·y¬ä3¶Ô)Ǭž·R†‹®G0	¯Ùd<&aY/o´ä|êáš"j¯^²Èò0Œf,˜�a8®éþ(`#ü¡QœrÚà lw,º>‰æ,šŽpUÅ«á8 o÷qï·Þ¿?ø¢endstream
+endobj
+1649 0 obj<</Type/Page/Parent 1372 0 R/Contents 1650 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1028 0 R>>endobj
+1650 0 obj<</Filter/FlateDecode/Length 2111      >>stream
+x
}˜ÛnÛF†ïýsרižWEâ4­�¶qc¥îEnh‰²ÙH¤JRqòöýg†äe¡(ô÷Ç9/w—ú÷" ÿ”…¥´Þ_øž�¿Ìÿ|üå"ˆ¼œÒ(ñRÚS{á(vtw‘äžOiz1Xá{Á(óì)¼„RÌŒÜSà'^f 8MŠ®a˜Â·ŠÙi’‡H	
cf"˜	§H*4ÐjÐ<G>ÎTjLÒBjŒ%¤vk$êçTõAfF"�`ÁŒDÀ ƒogh5h\ uŽjÎÐϸQÓj6å‰8ª¦q$]Ï
+ÎH[Én/20ð¥afÏAÃ-NDIP£5(:ï(’˜4hâ/m�-¤…ÎÖè=…¡Ïƒ™©Õ qÆ9j4hžq5´àéjôž¢ÐUÀõZ
š[«™‹z­ÍBîóœ•Õ ¹¿ôlôžbŒÞNÁjÐ0š»Î9[
š.sç¤ð8ÏW”™ïDužŽ=Ï×Q�ïd«ótÔèy¾3ç;ÚŽóuTç;Ñ$ñ
+J5ž3ym5}Öí`¦Vƒ"Žo<[
š¦üŠ9[£y‚!¯IG�Eõ˜¾£FcFAÀ+v¦Vó|Ó…g«y¾ñ¢ã|ýë‰çë3¥óu{*rÔhPõì¨Ñ Øæ±&5SŠE\«AcÙUf[«y‚ò.8j4h.=�>G²ùζVƒÆÁ"g«AQ&èl�ÍdûuÔhÐ<áýÊQ£y¾ù²Ï²ÇÆè˜l첧ªrïàL£ž
5š'Èï‚¡FóC¬+C�æ	&ˆo¨Ñè3²²¶VóŒTäl­F7>=µžSK�Å.b³²šûœá=ržå˜‹e(Èç×H•4ÒhP¼^™¥Fƒf|½±¶|ò˥Ǡ4R”ŽÈiØÆ9{vÔhP,då¨Ñh$Z…rgj5hñx5š‡ Kc¦úêDz
#.žEV¢$g£A±i"+G�Ŧ‰ê5Gæ³ÑÈ
+‡Æ;ÛZ­9/<ë«ñµžq
‚­(ÉÙhÎJfä¨ÑðŒ—YÍÔjД/ŽŽ½’ãžCÞøcQ:_§AÓœ§à¨Ñ 8ªQ‘£F#nXð|gªû=߆Ç+JÂê‚�(†fÌTL£‚¯Ú“©*g:SÙR5šë	àÃP£¹¾˜j4hÁ+ÒPI”Çø·bî±
+ÎÉH\à”옃]DÆðy‰bC…øW>'ø¦‰`†ï�I"y‡TCì�Ü]ù‰Dˆ!–¨dÌ˘¡F¡ô!�ªˆ1â$aˆÃ86P
±ôä6…ý
Å–�Ñ“»d¨Ñì8âüœ­Ñ è%†â¨Ñ /WG5)|Nqs±«§‰�œx`|ˆroS¾Wª`f¤´/3LŽ÷ÉN¿¢œ¡ÕH'	ÑG%Þ¬dÍˬUqL…¸JɪÆ<c¼«¬„;înÎ×ÜP„";GˆãP/:UBѾI##\RKÕVf	ªÏŠ2¶U[GÕŸŠRŽÚŠ2¶U[GÕÖŸ>®$GQÆv¢jë¨ØøÖ‹;Ûªr¶3[CÕû¥ë囹tYëW=õÊPµÅ‚ÓËŠÄeâNTã:ª¶¸V»^¢ŒíDÕÖQµ�¦XâŠ2¶U[G僉/¿Ú+~=U©­Ó¨7ÑCÕÿj¯äYQÆv¢j;SYÌòûÞ2þiAþŸíœBDÙÒgd$ÎacÆ›+Ž
\||âý©«h{ñvuqõ¾ Ð§Õ?ܤYN«�ü^ƒ¿¬_Ýüåћáj6õ·ª½úOgˆ«O_†|]m^­Ê‡]Eí–®Ûf¨ša|ݘž”•‹'ÃÀ£Û¶ʇzWßÙ#~'º4üzûéo&—þ‚„Ý] OMý�éF½ûãFÌ– öècµùµè·º9~ƒØ?te³.on$È">Ç(÷%á	j‡§ª£ë›÷w´ÞÕS]'Ï#ßßËuÝmÿ4=öÓi~¸zôá.¤kñÃøÄ
î�(¼}¦uÙÐ
­Ûf[?1£wW!Ý—Ý�›ÛTë�ÚÎü1¦²§rL[0É_2Xô�S@ÿ"¢Ï¯šv˜B}~ý£†Â5ãG
+°QÀè};‰cÎA0‹7Èœ»W¡‘ßÇFÖ}¬zz~ªõúùïU××móù5Õ=ûjc+:_fÊulZtê±èСÿÕ¦«á
nvm¹¡ç¶ûR7�’®ôq£z=™²¾¯Øöòü=l»öx�ÅüâYLëS_Ñ®ª~ ÕõíÕÍ-õC¹þBÛ®ÝÓïõºkûv;È[v;>Vkµ«†Š¼ÃóŽ¶õ�)·\áì{佡õSÙ<V/Wö/�4®�ûí½³�Éf‡ŠÏE×®Kä<=Ä/ìMŠ¼<©SG~(’«Šüe6‰{&ôñSï]Õ}­×Ýr'BÉcṬØ
x.o��/»‹ë‹G7Íе›ãzÀÊxQŒôï—ª©ºrGu³mOÓ’½«Ž�´«¾V;	bg€€Ä¨º.ª®k»3Ï ¶7FúĹ-^³îØ4,]»®ú3&)¶·rX?éf¹l(B¾«ËǦíÙÅ÷öØQ/{M�žU±hU|®¶
+üR‹ñVíܧéļRVXŸBN|K›RpÚ>¶ƒg�2ÂePé®Àèœ%ÊŸƒh©ÀäDó¦ç`6ÂìÌGøb�r)Å‹s–ølÖ �c-JN�tét ¨õn¨w;¼S_e‘`ÃÀQØËsõ—9ÅL~ÁøòL�ñ˜&!Î_`\19‘ŸW^ü+‘(endstream
+endobj
+1651 0 obj<</Type/Page/Parent 1372 0 R/Contents 1652 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1652 0 obj<</Filter/FlateDecode/Length 1452      >>stream
+x
}VaoÛ6ýž_qÀ>ÄÅ–ÛÙ>uI·Xq° óPÐes‘H•¤âúßï)%©ÚµEK"ïÞ½{÷ÈÏ'cáÿ˜æ)Mf”U'£dD³ô"YÐt1ÇïVR>Læ—xü·t6MÒþ‡_×'ç¿]R:¢u�$³ù‚Ö9!Áo²ÁÕ^Ô^ZJÇ	­Œõb«Jå�oÖÿbÛ”Æã¸í,] ô:܉j+è`ì£#£	?U.É
+½“d
+ªKác+GÛÆ“ßKRá‘IeÞ¼¬©­yâíÊ‘6âè8õˆÎÆ“˜03U-¼Ú–2¡õ+³qf´J»çœg®–™*T†œŒ
»áÖ	GAazGBçÔ8þ帔$VzIãy[édšL¹R0NnV÷ß’1Of¼äfuêHUu)+	0!HpMݽ²GÚYÓÔXæ†$í…ê3ç�BØœ6¥ýÑ�#•‰MÎh·yÃÅJ´\àÏL�”“
+UJD=—>;�o¸¸ðXšJä̿Χ¨¨@r¿¼vä
é¦ÚJëZ6¸WÌcDïz	•V>²lÞ0Ì1°ýö„Þç©Í"òŠûrØzÔæÖYSK‡šðø2€ô÷Ro{¦*ìË�túÔý1ÚŽ/”cÈù¦V9W¶3,;CÌ SÙCPP"+¢„~Hr/׋ìA8šæ}àź�–ö‚KžËL;¤"ûÝãO¢¬åõËT¶§J
+°UòÒH�O/çߣ$A§>½ûðïd1´Ï</›Á[Á%º1Ã,�(k¬…
+Ë#ÏåÍêìþ¡˜ÚʬlrЖùÏ..&Ó!gîål\
žj³5ùñ”~‡PÂ|`ÓYœŠeA`ƒ¤ÎLÃ“Í 0‚Ö`@«!ö(¡-SÂŒâÛÎ
+8BxÃz.DEpÔë(³
f–EÉ,ÂzÑ¡Ÿ‡ê ü>ÀüŠN�9È<ºR¿€à!€œ›¬á©Å:Äd 7+À×Ì@-v`«Ñè$9ù,ü\ó„Õ¹C¾L¡­^GÏ-Sÿ8ªŒê ]–´Úæx‰´~ă³FæÂJùü*òyB¨/ô²óHÞÝ£$(Y	
¸LhöÒhx’‚_ÿÐäÒ„î®né^«/øk×o�®ízè�&Sæô„ö°½ÂîºÝ\ Ž•‹#i	fy%&£ªùh
ÂõÕê|¹ƒ>Û£>áx¢`%*ß”MgÐtB¡ÕìäÌbØ>|Nõ"ÆÌXÛÔžráyœJ®xq¸¿¥g¦?„Ñhˆãþöz²¸ +£5Òs�×VqÉt÷Ç]BK”äH<AǺGÿLh€Ÿû:q™IÀÿ�rÅè�
Çé«3
A†Ñ½©192‰äch^÷Tz›|lÕŧ÷÷§IB×–ÿ8ñÇ`N¢Ï('Z6
+òmÕÌÏ»øÔÁâÜðJ£?<­Ì	ZùM« ±¶9ß;0Ц#Ø´JYxO–
+7/ຂŸo­ÀñÈqÄÞZy ~ƒ¶ãÉتe{¤\¢)ÑjY¨º™5ôáöÓ»åu7Õ!�k»JG3Lö­=†»LOw`–8fkmNt¥Ø1pO	E³ç[!lÔ]”ÃX»óGžçÓæ`ž�-«v{ß/sm ‡/_%DâZZØ9ûm7MpY±äZaØèø*ƒ�RE×"tM3y(¥Â8öêDhK/½×á˜Å®
+c&_ìãÕÌÔaQwkœ|¡è¸Å†ã UU®s/ž2ø¹[wÙ],Ûëµÿ’]‰³„èS¡C<ÂeW®îuˆÃ#Õ¾ï¶WæI~ÆÃOÓù0õ6¿Z„X4�†â«b¨ñ0GØ‹WâY¼þà=�-’ÙEŠ[7€�')Çx·>ùóä?èÂ/endstream
+endobj
+1653 0 obj<</Type/Page/Parent 1372 0 R/Contents 1654 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1654 0 obj<</Filter/FlateDecode/Length 893       >>stream
+x
ÝVMoÛ8½ûW’\ V$Y•�=$›k é~ć.P  %*bB‘.IÕë¿�”ä:Nì¹lKÔðÍÇ{3Ò·IB1Ž„)Ís*šIáòjå”-8Oñ5œªpc>�²Óõ›õäòCLW´®€”/qRPâ˜ÖÅ”úO£¿Kš}™Úí—×,y½~œÄ4Kâh‰CgØÖž_�lŠÂzƒäÕˆÁc¨àÆhsb”¼z{²â±ü§�&DXÆ#ÆYçòCFIÒe;Ksû¶uäjaI(ü£XBrêlQÌ`;µÜñV”Ñ	Æ4„sTÀYš¡ÆG‰¤Þ ²¯=ÂItÃòXZ(<ÿ†ôγÅÅhj;çI_°± â‹rŒ¾
é—ä™UŽ*gN¨‡@5Û ¾�pK{Ýú5EÌZÞl 
\5ÔZwjxs¬œŽffé™4ÐiþìÖÃKÕ¹š9²µneI[£Ë¶nû�FD¨»õAÈSbªü™`½ëÛg®‘«OZq^’ÓÄJüÕÜ"ªóqusGR(>´Æí§Õg$\8¡é*XݳfÃèŽ=qß8ý£[C?¶‚ŸG©ï‹��ÒoS$µ~"«ŽÞR<ùÔ…m©ó](xHíPzM3©ž%$ê"œ¡ÀÁ­á¾Bä>³Qoç%òAæŸþøú~u;^ݨÓÂtö‡ñ!T!Û’Û¨în\Q²ègмieýÍËß¡ˆ�Bµÿâ¢Ùpëf«ÕËòÈïfOˆ”µÒ
›�·QÙ_]¡¬cRBù D[h†¸rfïɾ䮸¬µuX¶Ti)õnœ‡0oñ“¤xÂàH<•Û
+žè̃(Öð³è¬Ô
*\¼>„¾öC·`­å–:!�E
L«^‡x¡ÐÁ+ ²5µáÖ§
�ÐFDÅ„Ä‚¦B7M«DÁ÷þ!ˆ¤×`¡��†åžvÂÕ�¿�6è@ßG‰á•6Ô°=y°kØ¡øƒv˜´«uçšÃÔúѲ1(‡’­£ZËK@<q>¶ÍD½á0?~ë¢ëuh¸·tË%žC!àŽ»n¤!dBåú'Yh]oÂÀ;ðÕѱì§Y’ƒÆåœò<ëžå÷×w7×ô§Ñ�(Ýê¢mà-HÇïœ
f‹Ø¿-Lÿ‡r³¯$oR¼aÀ>™Ï=Îûõä¯ÉkIlýendstream
+endobj
+1655 0 obj<</Type/Page/Parent 1372 0 R/Contents 1656 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 1039 0 R>>endobj
+1656 0 obj<</Filter/FlateDecode/Length 1655      >>stream
 x
¥WÛn7}÷Wôb�VÖź䥰]»_)q
 (¸+JbÌ%7K®½ôÛ{†\I¶
-C‚–KrfÎœ93þzÔ¡3üuhØ¥Þ€²üè,9£AoŒïþhˆï.>¥¤¿ÀÖÝׇߎ:ãdLç£A2¢œÎÇI¯~Ð4
×ô#Ω7Ä«øÀ¯ÎGÉ°~ÌiÔÅéý;¶Þïw’
Žups§~Ú]Ùëðþ·žuÏ{8ÐëñU9õ‡Ýä¼~ÚƒsßÅs9;jߌ©{F³ G4›‡±’�\­DáeIÝ~BS‘§‚„™“õ+¬]Mn¦”i%�w§³/¸§O�N¼§Õ%]Üt2[)GY}Kf�Ê`!œj¹Bfj¡2RfaË\xeM¯SgX_Õë'}¾
+C‚–KrfÎœ93þzÔ¡3üuhØ¥Þ€²üè,9£AoŒïþhˆï.>¥¤¿ÀÖÝׇߎ:ãdLç£A2¢œÎÇI¯~Ð4
×ô#Ω7Ä«øÀ¯ÎGÉ°~ÌiÔÅéý;¶Þïw’
Žups§~Ú]Ùëðþ·žuÏ{8ÐëñU9õ‡Ýä¼~ÚƒsßÅs9;jߌ©{F³ G4›‡±’�\­DáeIÝnBS‘§‚„™“õ+¬]Mn¦”i%�w§³/¸§O�N¼§Õ%]Üt2[)GY}Kf�Ê`!œj¹Bfj¡2RfaË\xeM¯SgX_Õë'}¾
 >tº™2ÞºÕÖô/ßÛøKº„f«ªt醌]ÓJ¼HÑñ«àµi*ËD“	­åœ~½øtM-rRòµgÔê¢õÙJnÈKçIyKÃÓ£2s»v4>oî~ßÍF. …°(³y�ÐR¥•ß�r®b¿.<
Eò*—d´.•WfÙ¬­vz¾àÎZ8žà¥@ÔIÎ8~ž‘·q�ªb.¼„	/Bi‘j„‹Z”R<5ÚŠ9žlŒo±YËôÀ®S¸çé„=D’€\\ XÊJ:`é(•Òв”Âë
I³&“óf'Q/Ÿ´Z¶êŽ(“éj.çO§!ɯÀ½Ð ™
H/ØÖâÐêÃ~m£ó*/´ÌAµ@Çþ\Xš	ýLŒ²“ÀGhz†—áõÇ»ÉgÊE¶2ÒŸC¬ä¶�£\–™ÂûºNRQÚy•y@¨5ø³±ƒ]V`[ê¨.sQ%x¹_ŠÑoï\áø¶V~~’˜ÏAkà„«ŠÂ–šóµR%ãoBÆvgcþwð€boà
ðVï$ X1=W	=®ÀªXÕv±€+t;ÝѸö
ydDö,–4ìcàPº
ð
?.`øx`óíáf´x¯Lõ
ÛË	ç«•
-‡`ÝÆy™»§ÓWu¸­ˆ•÷Å»v{½^'à�K�¹¶æËþF®ÿ^+“¬|®ÙÖµ‰H7¡ûi—¢ì6BbX[½³(P›.—ÙïÈ{&MÀ³PË
+‡`ÝÆy™»§ÓWu¸­ˆ•÷Å»v{½^'à�K�¹¶æËþF®ÿ^+“¬|®ÙÖµ‰¤ì~Ú¥(»��ÀVï,ŠÔ&èÍïÈ{&MÀ³PË
 l¹Ÿ¶»ô(Ê‚®¬12óö‹ýPt[,¸1@Œ¢äªÈ$[¼ï"Ê¢¡%ŠP·FÕ
rÏRúâÁ	>¥èH¶bA6Tã’‰Òê0¸¤z‰Ñí´”Õºô¨½†Ó
 Ã
 ¼N±nš�å†kÞ¯X6ØÔDþ‡„þøZé†�³øø_ËêÓÉñäò–¤,�ŸN#ÈYÝZÃdÄ
Á>uCŠo·½#¼lm³=»zhOÀ“ã‰a‰�¨°XÿïZèZq9¹Ÿ’eù�†4/¡A%ÄÊåõÇÉOÚáÆ×ï!š MVH{¨ß…*Ñ6¸l½]JÉXýøEÌ}²TŒ;A]œZA©æy»Èo…FBŽTÔ&ã–puëÈ…©„Nh²ˆTeÁb=ßDáæš^ícÚAöµ€Œ�nõëà6p_ÛÒ
 ·"üM‚@ð»«�©Ô(€Huè�òÀº¾ A6ýÂ%S{Þ˜†bGöUÑÀf�&sÈÎ(c�à¦
Ðëi.]VªtOÄ"ÐôK…¤ÐGHsí‚5ÈÏa s›U»~ƒáÇÈñíÃlš\¾nòð‘=srîÿxõЀÔñþâaÚw[\,˜Ý]Ïï?]ؾ?”ÖÛÌjwÌr�àØOnïÀÝ@'^¸H-_Ue‰e5
 ÖC�Ä™˜ì†ÎóÑÃébïæ<³”dª<•etÝdA’1¡4 âHn£­"{‡9ï˜Õ±¿p§”åÓ	kz�$`‡~Z’¶ÐÐ*É¢ø°ÜÚ"vBd	m‘ 
Fäu§ÅB)�íˆm¸ÃÜEk€‰E“+=}¯œo4Yªã܉›éqr7
=;ÖüVÂ�àò1“„óÆ÷áæ
-#`™+cµ]nösÌV®¸¾é<1äÓgÐS»ŸÁb=­ñð²Kö9…’.v@ÄþCº%iŒ+šËJ�‡s(5ïÅ(W SSm)x’Ó¾íôÁ8ö¥Ÿ™ðù?”Áy7jw§×c_ÏŽþ<ú¦�5endstream
-endobj
-1650 0 obj<</Type/Page/Parent 1367 0 R/Contents 1651 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1050 0 R>>endobj
-1651 0 obj<</Filter/FlateDecode/Length 1607      >>stream
-x
­WQoÛ6~ϯ8äe)àP–ìØI�`HÚdMѸYì5–a %ÚV+‘š(ÅõË~û¾#©ØqQtkZÕÉ»ï¾ûîxùû ¦>~b'4QZôEož÷¿ð%#<KJ†c‘„oM’Ñ©=¯G#1ÞY�û±ˆé¤?Àœ=‹ÅIøÆgÙîðl Nix:ÆçÿjE‹ƒxx
-'ÃøÏ’'c1ߺcƒñ~yŒíÅI_{—³ƒèúŒâ!ÍvtŠ™‹±O³ô(Š?ôά)•šn(5z‘/[€ù8�z�uEz<Ò¦¡7Fk•6�¯z~1I�b 4õ«Ùçƒ>Ç#„4ËŽñ•¦¦©,çòg^Œ®‡ÇÅq2æM¿›Ö9m­¢f…èk¥è6OkcÍ¢¡º•Z.U
~’”Þ¹Ò�³ë°-jSv~à&Mõ:ŠðegG¤¦Œ.[;ÝØÈ[°Lß^LÄÇi	šÂëªqSY›B¬smEû$….¢
-¥ÚuTH]J-VMY°ÿ=¯¥
]¹ÆB)›ÜhÂßmÞÚFI�‘�3·”º@Ýh’¤ÛÆ®TQôHeyã‰ÈE��€÷éê&ÜËÚ˜fÏo–×H‡©7dn�£eŽ�TɺÉö,³Ì­¹VöµOGŸÎºl«âˆöþ$ýs«š¶ê«ê<÷}~÷v¶jÕ¬¿ Xa7ö?í~ʲnïq‚†æ
-„*Ú@%‹¬’Ž¼‹ÂšeFÿÔf9iÑf*£ÉUÒG-guþõÌU*™|Ðöçír¹4mlÏoíAº“é®	ÖmÕ•føî”UµóÈØ$âðMý%ÒYn#XÉLxª·õw<ˆ=×®ð‚.!Pà)5ÒÈ�ѶÊÒz¥´¯³Ç#^D$âz|ÅA ¤Õ’ì€Ò<;ß«¸6É„fÊ›\ÍèÓÍÕÊ÷™ÁÃkÖkæ®ÎQl¾bè^YÓÖ©¢ËÚ¬­ª{¤�¯nÂW†F–%µtˆ•³+½eŽ
-Ï¿ö|ç•lÒJ´þ¨ø,7‘g]ý!sÈš?¾ÎQZ°Ûå}Ï5*GR!pÈãBq=	Å×�„„&ðˆÆ×V|ªÚÌUÚÙHÁuU+Ž5×K*P¥eRµçÛÌ?£6a©Íj¹\"p-kî
J©
-	>§\úÜ(øµCøü�t†¾g#�7´T¨wÎâŠÏÌZFfÄšdÀÜŒ]wð±ßSÈu^Û¦Gi­@X±+ Eþ?îîo&³·÷Ÿþ\éŠ	ö‹ì»3	¶®ˆjÃ
-ÞfÊz�šXæó{Œ1âêâ/Ç«¥²µ
Ù&dØ*t4@B6ŒS°K½V@òºÄÔù2ײxnÎqÏé™/°”ÑAŠ¡Ÿ¨lB—U‰mŽ0´³F•�ª1¸^yú:ƒžÌ:ÚÌžãÚñ’â«�‚»°C_“-çhzá*¡†ˆ�¼¡‘t¦JYÑ9Ë®“íÅw÷\�žßÐݬG‡�«pgpød+•æ‹ÜÞK‹G�„÷ìôˆÝsl¬ïîvÙÆéÞÑ2I|œoÿ€.Ðèv¡n¦(Ð5½s²�¦#}f÷ȹãápçÕ¡8ÌÔSŽza›‡ß Ub)^Ó»;ú Q¡ïQ'èÄôêþýÕL¼\	h;ïݲ’O
-ª+šœû€÷ʪuŽP42&ì-,œ"�.6�l³8ùìD±Õ!3»PÏQíÅ#¨­Â`ФC»íî*Û#Ú�L›õ¹y¹?(Þú‘b§öÉ�j¸ïðU°5Î÷
-W‰|’yáËù£Ÿ=¬‚V÷‹% íñµêLr¯a
ÂŒcŠ{½ÍË
-иåg7¢½Ð»ÖÇ4c-¸�­W9zî®á½È1a±¥œm[&ÆKžv�a²Ám‹»ö!× ”õX»¼¬Ñòݬ²;"ú£y†åC± ß09ð%‚Êž½¹‹nîЕdúÅwóçqõ¥&áÛϸ|˜�~×ÀóœJ¹—÷²]¤ÌªGâ;
�ð›Ãé€Føß
ž^Ü^^àÞ6|óÐ[“¶%æe7‘2:çþÀñ¸�ÑÏøÿÿÏ÷Çý!ÿrt’ 	p†àjvðëÁ¿Ð?
-endstream
-endobj
-1652 0 obj<</Type/Page/Parent 1367 0 R/Contents 1653 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1053 0 R>>endobj
-1653 0 obj<</Filter/FlateDecode/Length 1675      >>stream
-x
�W]OÛH}çW\õ¥¬DòI¨´4	*„lâ6]	i5±ÇÎÛãõŒIòï÷ܱ¨Åj¥UU°=s¿Ï=÷ò÷Y�.ñ¯GW}Œ)HÏ.½K]_áçpÂ?ûø_HŠÜÁp8öúï†“w Ü»¬¬¾œõ EýÉØRJýË
po	­�…þx€³–éÏþY÷vH½ù¼O®È�æKòƒs'IŠ"9’?]vï–d¬ž
íDH‰¶†tDÛ26ÞoþϳKêôÙ¼ž?¨ ÐFG7
‚L¤02$‘‘Ê‚B¦2³"¡2�J²šìNª¢12èw>+Kß3
-õ"ã{’+�mÔQu[Y[î
�%XŽt™…¤³Zcds2ÊJ–ðì¥�c^ ÓÄ@g¯¨›ËBçæhº{•…zoºy¹MTеA®òî>ÚÛAß“é|AÝ”i™†;eBŸg°¦D¶“¸iw°Jj+
¤¼ÐÛD¦ü‚³=ߊÔA†-äÞÉNUR"=›»ÅúqúÕ›Ýß_´LúóûÅÜ÷æ?æ´q—“ñ}_|ö=÷´Y£pÕ£¿º™ÎWõeH­ý›úEdaK/ä›cWÚîí5õPYÆHgЫŠÜzHºG3”öò}R{."+Ê…1{]„ìD»B½ÅZ§ÏX;ßD›˜B�¼”£4Gú©·´WvwR€òßA3êê²¥"¼V:)=žnqÑ%Ä`™3\fê@[} ]½/§­ù’#ÊîT3C�²º‡*&¾ó&.À„¿Ô¡P2°º8Vð\Nq’$då‰À]±Õ¥¥LÛ–eÅ„.†‰¹@
,l4ˆ¥%
Ü“²$’DÃbLG]²kè�:ÄPi’ÜîÀ»ÈÝuöØãC`¬!Ç7¹tÙç†L·h34hH¥©1ª“ð¤þ‚ä‹D÷VZ-¡CÁ…Vp:“m_
‡Œœ)£Õè~pŠŠ3
à‹“ç`ŒŽgåœ@¤X$:æ:þMu©¸„F˜zÕ	ð…	òÇ~¾ƒ?ßµ(’7
-
BJA,(„S4`sË×|XBežééÜýš<ýÆÈ ØÜnhà�HÝ�‘ š20&´!{ÌÛd5ÿ±¼YÌèæÓÓÓÍìán1½ý‚^þ‹¦ø€®Ÿ=nÖ¿œÌ™‘–°¢ÒP‰o(QÂyña‰DڪɃÈD,‹ô
ìò�dV2dt²Y@Šm¡Ú齋˥¨hÀ††T’ ±–­eÓõS¸¶’6p^W®­«:Œê™sNFe¡ì‘~gèÕñ¿ÑÍeÆ(ÁX©ŠÊÙ?yU‰¾N³†a*>wNltñºÌ
¸Œ@YÍÈ�ß[‰œ‚dÕ¤\97Ÿð¥@Ozô�™ådôý1Äz;P�ÙÃp¶;]Æ;ø¾“Á³+”I·AYôt>†T›©°
-ÕY;C�-JЄɯQž³w&—�ŠŽ´çaf,DŽhÏ'#Ò­ Wн¶8²ä)	�²ö½òÚlàèŠô‡'ÒG
6uJ?^�º¯'¿ºÄ{À•7väÎJKÃìÕˆ\�èqþ@ëUßå!Ò
½U³}ˆäƒWuŠ-!Äl†cø²vα[ÉÚ€”°¡™fô/Ý–A‹GÕÈ·%8ù¯§…cE`mG5:ÜŒ ë;�ë[	·ëÖ}µÓ,7c°›)¥‘„Éj<€

ñŠƒjÂvߣ?A½Ud‘,
-|®Aõº)mä¶ZU¸¥Ñ�œT¤²‰MR@'hS¼•p罚ÖNQã@Ä;“ÃRô&ï._XEO[ÚWYd2¡oniùD_W‹ûoËol».Þ÷<âw¼žœYr
nÕá-ï_ÞÂ^ÐZa@6¶ð¼òß“�·åêÕ³ý~·|O¨l®d3¡Ov¿¯f«÷¤G•t§?zMÏMbô�¼
-Àkz,í½ÖÏn:ÞèTáê€Z6DϘ{¼Ÿ×60i5ÓâÉÍ^cu^U+uÙæϨÐ)Ó[Ì)vPÀZsÀå^c)íZ‚?‚[p§qŠgw3à\çÅC
ßhyZ)ìË–!"Ã2çT½
—k~Ò¸^ͤÅâöŒé®âÝV;
£LÐWíúÝÛIMà½1þ–™ð§C¯êùõÍÃçÂúÉm6ÓAéÖ}î¶Úi:W—×¯ÿ±FÇo<ê×ðŒXïÜ?ûãì@¯+Zendstream
-endobj
-1654 0 obj<</Type/Page/Parent 1367 0 R/Contents 1655 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1056 0 R>>endobj
-1655 0 obj<</Filter/FlateDecode/Length 1190      >>stream
-x
�VMSãF½ûWtqYSedYزÙ*/	UÙ…]»*‡8‡±4F³Œf�!¿>o>d@–à²�%u÷ô{¯ßÌ_ƒ	ÅxMhžÐiJY9ˆ£˜ÒÅY4¥ébŽÿ¼kN{{�>¾ý2˜&“(¥Ùt-¨¤é|ŽoÿKÒÚ%JN<ÑKt±Œ¯Îh2§ÍµÓt†¸MîrǴɆÉ4šEô»P¹~4”Ĩ»æõƒÈ8ݲ잒ãÍw¤˜ÒdâSœ$s”ÙäÃMÁ±V†·á¼f’˜Rú‰©ŒzMÑËz›Dt£8é=="+H+ùD¬ª8«PpE­êŽ­Y¹c¶pL'“Ó(±åVÅkj4Ú4x?ªZï…D9\}ÝÂmB™\5†„BÆîn®K&TD›BbÆ´¥�.Xãk’½Ú+\òr‡ZXvSpò	F´k÷KØI^¢a)IŠ{Žžt–µ5‰=‰Æ&Tº‰BÎ$×hæZ‘®sßNhìЋi3 hö­DªŸ5¶:Ð�žt ÛÕåöxôŸ0–-À+Ø÷¼Î¯CR
±L’i«J×
�cÙþ‘Žú!±<ç¹]’ÂO¦°ü{:
N,˜œjÍJ»˜®§ˆ®-zÀÂÃ
õpF rÑW^Œ&=Ä™.+	
-‰í4(°Íï¸k4ص1‡žKÊÓv¸ôW\	žo�{•™Ê)«9k8•­lD…L™®º
ë Q+Ê…¹G¢ÕÍçåõ—ȪÓ9ÑëɈx“EQ´=Ž0GXÐ0å.Ê´Úo‡³J—LQÅ©Ô3ç
•-€KW�ÐPìRmÛµ9!W$þ9ƒ}ò*V³’7ÐÜ#3¶\ɬÀÝI½c²ÉóÓ€ºæ’3ËmU, »
…]ÙWˆì¤½±ÚÐRêGË
-`-TëäàUóÑ/0¦³ÎW¦~6(üýèû³[Zì¬kØÝï¾+«9§1ÿÛ
-w¢Þ	êèf`õœâ4Žß	ÈEͳF×OT†˜ù»1oŒ”5µ7z�sï‹?ÎÂ’ÎxA	3PˆU�SÉ®uXwÒ°~—ÜÓúyx‚ž�9ìI4O�šÉjQ¡«�ˆ(r#ÝA†4•q¯ï]­¯W#øîÒñ>i¯[³Å<97ÆX•�V°	Üt…×ËÏËíÖY:rôÊ¢U)þAˆwÓ\ì÷Øx€í¡Y˜‰õrq§¼=ù™ô	#ú•cG²óò4NGÁ*rç
-G½²Ø³/ïÀ&ÛI«n$µQã«·lÔß}vÐÃXsöžf8€³ô¬¨Ök*­Œ³µPêņøµåõÓ:p¹z¦²©™2Øþ0ÞÁ™3vpæ�#l8Ø3X-/ëk l’á‰:öy¡2ÙBC¯!p2õ“ü’:ºÂ†F—ÐP­¥{|•¾8U„�ñËÍæ}ôû³u®Á¼Ûâܦúâ˜ÙáØbí(L3øÔ­Ýò�wòàRî¸`eåö~wr0ŽÖñÕ",`’âøµ8¥)ÎGnÆœ$é¶Öß1õˆÌpP€ú­ÛvOº€“yÿÊÿß1jš.¢t–à†ˆÉij3}Ú¾þRO†endstream
-endobj
-1656 0 obj<</Type/Page/Parent 1367 0 R/Contents 1657 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1065 0 R>>endobj
-1657 0 obj<</Filter/FlateDecode/Length 1662      >>stream
-x
}WÛŽÛ6}߯(º
6òý²
‚¶iš´@ÚÄ@ /´4²˜¥D•¤Öë¿ïRòz•m�¬­9<sæÌ!ýïÕŒ¦ø7£ÍœkÊë«i6Å“óÇÇWóÅm¶¥õl•Í©¦Å|�-ú;CŸ®VËlIëé<›âål»–¡ñN^no³-§Ëôòv‹™éN^bZÜ.u¹ÝàZB8¦òj6[È+DYJÌÕÓÒÝ0m¾’£iowW“÷·4ŸÒ®DNëÍ–vELOòë_+Õv4_eô‘[ë‚nô¶;ø—»¯qæl“f¾Z¨]q�¡³Œþh‚³E—m›4tI³Y?t¾ÉÖ2tW1q­´!UŽ½§Ò:Úw¤$k¥{ÔÞ0Vž=iO^Õ{õsü̬;d‚èÉeÚJ�§€)½C¡¯lg
-:X
-6…z8¯�+s´Ÿ…Ò-ì_qy
-êŽ)xÐ5>,QU©
sÏÈ�éd;òݾÖ�ÔEFýb¼½¡6ó̤K JyÊ+Õ¸@ˆpdŽ´] ò¿!=2Õê„‘i’E0=R'Oj$¥íkR�¼¸Àœ=Ÿ—.*¬¯»¼’oÉ!W�|;Ϧ”l+6-§ò;>6ê}’’HmPÏ&àO9!ù‚¸Uáàl×’-©e:èXYº·¦kCpÈFãxoÈßic<©¦ .Ánðý#‚ÈYßCûÊQ-œ'%ím„р܅'d0Z¹µÞë½
¸ÆÙa
s­¢©”~¥`�9JKÃ#…b?Héb�È:¤ß³±-»Ñ’¥ÓdN/.J$†Ì19ÆHƇq…ÞYj,tä}'5”YýÊÈDM…Guä2·u›µÎ›[ã3_ï©á£ïéŽÌF¦D!FÇù¢Ž`y;j[´sŸiç[Î#·!Ê‚°š³–ÂGŒ1¿=* ¤)õ¡sJ<à<)&@çâ-҄ ÔÌŽHBIYRÜ
rl
¼BÍþ¾\� KB>_^Òj
-?¶2Ô²ó‰ísÂ}ûDkt�bŽ¹ÿŒ�¡±=Œ–Þ·d¬½C<ÛªH¹(±	OYU.¯ Naké'#÷Ü@	AÄ—çp<èòŠ}4J=¥}ä=µêÛCŽUíëÉäì{éj1‹‹_zqô,xñ<£Ü°S†tSF~'ïŸñâ·É·’gE—¿ô-4£åÅ	úºF«ö�̉Ø9ëГ
--:ù8:DCLn÷÷ÚBå5R–lF¹ÆÚ6&öS¼ÃR?¢kíÁPÄÄ`µP®˜�ëÀûÐ*WKYäú)D1dÙRrëP#˜à	Öô0®ñïÒ÷X/¬àK}]­�õÚÿD;1xü¿gw"]Ëo:µoÝä¦+…s!zÇ™
4Y¨ÆG¯
5â徃H�ˆjÐK°Li‰8�T.š9JïRØ�8,¬ð’¤D¹•‰f¤ƒ’�Fÿ¼$¯°ëv$
¿«£EFïX0±¸~ûFG @âÊHÙÓTsJCZØ]b6IÙ{†ß
-d°•Ê#M!.ŠŽÍhëØoŽËÎË8D€³Â†£®ÐåBÛˆYúQyâhÑxÐåq³ŒÕƒ#”�‘t­¸ mð2CÄ<¥zývL‹(ºÙ”p~8bÚ3Ksiñ u¥ÄÆOýž’Äâ¶U0¶KsÊÄBNâXÈÕ¦}¨ÐþŽ|«òoöí�ØfªoñX™-À&ïWýyëú"›7éÕP¶ës·¦ç8ÓÆ#Ú56�LÚn4<£Ï—vXêäÚ‰P©ÏHJÓ”g˜ž
iɯšÕ6²kÃ(ñ-ò¼cn}#êG”äŒ!øŒ�8”O\Xùõýv8\ÊÙçµ3zC³édŠ£vÿ2×ÞФónb,Î~½�½Çý!û¡MÚúæ¤õŸºl<ïŠ`)ǦŠä’Ši@ßÿ,˜sàžª4籈Ǹ¾èß¾›’>hNÐ/®‡DúpïÑH´ÇFEBrlÇp¸F䦕m¼9Ñ°>l´®Q¦t2<Âÿn¢»Â�jœà¬gd÷�êR{Œ@%¡¼â´q»UÆØcZù
Ç*œakÑE
-]–0-ÜzÎ;§€ž|à[.Ú.z³"¹8ã ¹„tûøƒd±IšùþÏ�åz›­WsüL‚‚f‹�„ùmwõ÷ÕUÝåendstream
-endobj
-1658 0 obj<</Type/Page/Parent 1367 0 R/Contents 1659 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1659 0 obj<</Filter/FlateDecode/Length 1668      >>stream
-x
•WMo7½ûWLu©IJ¾,;zpP0Ф©£àw—»bÄ%U’kYÿ¾ofw-wmŠ @Â%93oÞ›Gýs2£)þÌèrN‹åõÉt2¥‹«Å䊖W—ø÷ƒ¦R>̳Éò­³ùÇ·O,ß8ði}r~»¤ÙŒÖ%‚¯®.i]O§´ÎǵÊ7ÆéÉéúÇÉ”Îæ+„\ãõF/�ß"_9:Žu6ɽ+ÛåþÆ1i—¡]¼è÷’õYý¨-ý:Üo"ŃóîPû&ÒÞ¤
%D{óšBgMõÎ=i£mT¤LkGMÔGÞ:pH3[Læ\Ì£ÑxÉ—ôMÕ™"å°™OW
ð¤AA¥”©|»W¡ˆ”ûz§’ÉŒ5éÀG{¨4VÇ!bבËø8<*Ûhθ<hÅù|@¬EJ¹)Š¦r¦4¹rÉú�œt
-²ˆ*^2ÔHÙ»>¹�[TVû˜^ìö;do”°µ:�ó‰œFˆ«Sâ;7¦Úè€Ê”£Å„¾h�‡BŠh0Âr¦) Æç©
öýEÈt6ý€S‰ì‚Þ©ÐA®èï›ûïdU¨4=zÛÔšáf
-*)©åüö#ÍÀ\¦ðÙbÙ’t~1YNèÎ%œ²¤Cð!þ—nLéËÉŠYpWJ¡•F’4ºû²¾¹ÿrý;ÝÜßÿq?¢ZǨB‚D—>“Iø¨À!\ËŸ
-H¡ôÆé§�Î
-áF);(~¿
S(4Î
Kdš¸Ý»à3•1Š@¹ªÁ{i•ª±|+`´Ò«\&&v¶ñcÎ	¶9<ŒJûq7êC„ï;@!¡¡
i€îbÒ5E_&^z8íÎõªD,Å‹\¡eð8QgrŒ†0ô¹
-tSå¢g€CÆuõ þ|Ρ+ò@“c$ûíó§çà½6�í5sBë�(¤ôòF
-�ó�õ^6–Ñò1W¿Çÿ�?çf¥NÚYVÖ "g›½F?ºv3²à¤©—N�Éwh2n|c¹/ÑwÕÐÆï)y>|ÑäÐÀ1ð2%í|ŒiLè«ä@µÚò.”Áj÷N8Ðb£‹·¢²$%di@
-aŸÂTb`Z©ÝjV¨
„æBØÅ&+ L@AIœÚqaAk‘ÂVë�°}€O”Éúk']Û	Šìù6ágׂ何Ñùº@ôÜ,›Ç[áƒ_8äùmo/œ§*²–n\P»«÷š»TQpË�Að»`TB×UÚ ;ßžf	Vh_É“ªÃQ×�b;
-ï~f�\xJc>hTdO#&Ÿvlد˜t)›S…éÈåñTPsÜ‘@<â\*°™…ž0 …©2ÚÚ𑞪>Ï›€fò8rÂ
-oz²Ö�Ó�0]A[Ç"P̉Q×<f¬rUã
ñã²&âû¨'Gð
¦½¦÷ó¢‡18m»Õ«oMPë¯iIN¡çø.‘ÃA˜¹éáT&c´ö>l	¹�~R9Þë„@ÀL^ CïnÖû­°!I"�ô�‚ä¾€oQ9òo	È-gœŽI˜
-�œé°æ‘Ó6ú8]é쯂tä=Ÿº˜Ðu	À�Š+U½+0rLñ×Lïlë/võÔ8P€D�‘Ü8ó¤#·Ä�õ!™¼�y¶ßx‚ºDָ扶0Fm#@Æl–b~5õá�s¸0“Š[~N
K„óWhUc
-lº¸Aá‘‚ä‡S¹È¡Ï¡Mi3Á:Óaìs£]³•àÁ`pøÎ$Ñ;p 0Æmô<¾Þý6êÈÁ÷²§céÙ« ·ÔÄV¿¢ÎQ.jÄó<Ç«‹UÚ¥‘+3Ë		@V\Ö¬
¸rïQý�9ä*Áëx×ÑÈÑ2+¤kyŒø¬ó¶ßo?jVð¾M¿ÏŠ5âdºå#GÅ(!f1ŒÎê":^š§Ÿú¹5Àë3“Ãt6ÉPµyõsyß(K:kÚå~�yÞã¥Ùiê�÷67_ŽÇfÇΊّ>�Dao02ß�–/á&ô™ÍÂã
-­‹°©!9Uá‘$Ài­<øµßÍ6¾éŨˆxÛÁ¬¹ÿ¤�˜dç
Šê~.Hã�cëÍç·WÝ�›Ù
-¿Ô®´ºXáW–ß®?º¦¯Áÿ€åÒo>Ƕ{Ôqô³þÀÙåô#ï÷Ùº\]MVs<q±k¶¸âÓ7ë“?Oþ§“�	endstream
-endobj
-1660 0 obj<</Type/Page/Parent 1367 0 R/Contents 1661 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1661 0 obj<</Filter/FlateDecode/Length 1323      >>stream
+#`™+cµ]nösÌV®¸¾é<1äÓgÐS»ŸÁb=­ñð²Kö9…’.v@ÄþCº%iŒ+šËJ½Ï©ÕHå
+tjbê¢M€ "OBrÚ7£ý€>Ǿô3>ÿ‡28ïFíîôúÌãëÙÑŸGÿY¡,endstream
+endobj
+1657 0 obj<</Type/Page/Parent 1372 0 R/Contents 1658 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1048 0 R>>endobj
+1658 0 obj<</Filter/FlateDecode/Length 1606      >>stream
+x
­WßoÛ6~÷_qÈËRÀ¡,ùG’Á�´Éš¢I³Øk0,Ã@K´­V"5QŠë—ýíûŽ¤bÇEÑ=¬iU[$ï¾ûî»ãåï^LüÄtœÐpBiÙˆ
Þ<?îá74I&x–”ŒŽE¾4í%“1y^M&âxg5Ä"¦ñ`ˆ=8{‹qøÆgÙîèt(NhtrŒÏ	þÕŠ½xt'£xŒgIÃñ±†oݱáñ)~yŒíÅI_{³^tuJñˆf;9Á‡ÌÅ8 Yzˆ#üCïÌšR©éšR£ù²˜�Ó(¡YW4¤ÇCmzc´Vióøªïc‘ô)BS¿š}î
è(ž ¤Yv˜ˆ¯´05Me9—?óbt5¢8ö(Ž’cÞô»i�ÓÖ*jVˆ¾VŠnò´6Ö,úp~K7RË¥ªÁO’Ò›"Wºqv¶EmÊÎï|Á䢩^Gž¢ììˆÔ”ÑEk§y6‚é›ó[ñqšD‚¦ðºjÜÁTÖ¦ë\[Ñ>I¡‹èŸB©vR—R‹USìÏki@W®±PÊ&7šðwFƒ·¶‘EARgäãÌ-¥.Aך$鶱+U}RYÞx"òBÑã#à}º¼‡	÷²6¦Ùó›å5Òaê
™…Ûãh™c#U²nr‡…=Ë,sëE®•}íÓ1 Ó.#Áª8¤½?Éà̪¦­„úª:ÏŸß½�„­Z5ë/VØ�ýO»Ÿ²¬ÛûBࡹ¡Š6PIÇ"«¤#ï¼°¦O™Ñ?5�YÎAZ´™Êèö2 –³:‚zæ*•L>èûóv¹Üš�6¶ç·vˆƒŽ ÝÛé®	ÖmÕ•føî”UµóÈØ$âðMý%ÒYn#XÉLxª·õw4Œ=×®ð†‚Î!Pà)5ÒÈ�ѶÊÒz¥´¯³ÇC^D$âz|ÅA ¤Õ’ì€Ò<;ß«¸6É„fÊ»½œÑ§ëË”ï3ƒW¬=ÖÌ]�£Ø|Åн²¦­SEµY[UôI_Ý„¯�,Kjé*g+V<zËžìùÎ+Ù¤+”<hýQñYn"κúCæ�5|�£´`·ËûžkTŽ¤B6à4�Ç…âzŠ¯!		9Là�¯­:6ø,Tµ™ª´}²-�‚ëªVk®—T< JË2¤jÏ·™FmÂ0R›Õr¹Dà.ZÖÜ”R|N¹ô¹Qðk‡,ðùéŒ|ÏF¯i©Pïœ-ÄŸ™µ.ŒÌˆ5É€¹»îàb¿§�«¼¶MŸÒZ�6°bW@ŠüÜÝ_ßÎÞÞúp¥+&Ø/²#ìÎ$ظ"ª
+,xp˜)ëu.èÖÀ2ŸßcŒ—ç9^-•­mÈ6!ÃV¡£
²aœ‚]êµ*�×Ý ¦Î—¹–ÅsÃpŽûNÏ|�¥ŒRýDe{:¸¬Jls„¡�5ªìT�YÀõÊëÐ×ôí¬£}Áì9®?!)N±(¸;ô5ÙrŽö¡®jˆÉëIgª”�1¼è*Ù^œqwÏéù
ÝÍzxй
+w‡O¶Ri¾È}á½´xØIxÏNŸØ=ÇÆúîn—mœîm-“ÄÇùöè�nêfaŠ]#Ü;ãm4™è3»GÎ;¯ÄA¦žrÔÛ<ø­KñšÞÝщ
+}�z 3LÓËû÷—3ñr% í¼wcÈJ>)¨®hrîÞ;d(«
+Ô9BÑȘ°o´°pŠ4ºØ²ýÍâä³ÅV‡ÌìN@}Gµ�l ¶
+s€A“E춻«l�hW2mZÔçæåþ üyëGŠ�Ú'wªá¾ÃWÁÖ8ß+\%òIæ…/ç�~ö°
+ZÝ/–€´Ïת3ɽ†3Ž)îõ6/+@ã–Ÿe܈öBïZÓŒeP´à6¶^åè¹»†÷"Ç„Å–^p¶m™/yÚ=†É·-îÚ‡\ƒRÖcí:ð²FËw³Êîˆ|4`Œæ–Å‚~ÃäÀ—*{öæ.º¾CW’éßÍŸÇÕ—š„o?ãòaú]Ïs*å^FÜËv‘2«iˆï$P<Áo'Cšàxz~sqŽ{ÛðÍCoMÚ–˜—ÝDÊè0œûGÇŒ~.ÀÿgøÇx¾?î�ø—£q‚$ÀQ<3€ËYï×Þ¿‘Wÿendstream
+endobj
+1659 0 obj<</Type/Page/Parent 1372 0 R/Contents 1660 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1051 0 R>>endobj
+1660 0 obj<</Filter/FlateDecode/Length 1676      >>stream
+x
�W]OÛH}çW\õ¥¬DòA•ö
’P¡BÈ&.éJH«‰=v¦Ø¯gL’¿çŽí@-V+­ª‚í™û}î¹—¿OztŽ=ºìÓ`DAzrî�ÓÅÕ%~Çü³�ÿ…¤È‡#¯ÿÑÁ`8þðʽóúÇòëIò—Ô�¼!¥Ô?ï{Wõ[B+g¡?à¬eúÆ?éÞ©×#?‚·£ñ%ù¡Ó|N~pêo%IQ$ò'‹îÝ‚ŒÁ‹¡­)ÑÖ�ŽhSÆÆûÍÿyrN�>›÷ÃÓÚèÈâ¦A�‰F†$2RYPÈTfV$Tæq!BIV“ÝJU4FýÎ�²ô´ŸRX¨WY�Ø“DXil£Ž¨ÛÈÚro€,Ár¤Ë,$�Õ#›“QV’°„g/mó�ž!†:CxEÝ\:7ÓÝ©,Ô;ÓÍËM¢‚®
r•wwÑÎúžÜKçê¦LË4Ü)óú<»‡5• ²­ÄM»…õPš Piø#å…Þ$2åœíøV¤ö2ôh.wNÖpª’éYßÍW�“oÞôþþ¬eÒŸÝÏg¾7û1;£µ»4�Îèi~ã{îi½BáªGy=™-ëË�Zù×õ‹È–^È7Ç®´ÝÛ+ꡲŒ‘ΠW¹ß÷�t�¦(/2ì廤ö\DV”cvº)ØŠ,v…z�µNŸ±vºŽÖ1…y(GiôSoh§ìö¨å¿ƒfÔÕeKEx­tRz8Þâ¢KˆÁ2g¸ÌÔž6zOºz_LZ1ò%#"F”ݪ,f†euUL|ç]\€	©
B¡*d`uq¨à¹˜à$IÈÊ�»b£KK™¶-ËŠ3]s†&
+XØh„KK¸'eÏH$‰†Å˜ºd×Ð;uˆ Ò$¹Ý�w‘»êì3°Ç
†ÀXC*ïré²Ï
™nÐfhÐ�JScT'áQýÉW‰î­´Z>B‡
+‚­àt&Û¾<9S.F«ÑýàgÀG+ÎÁÏÊ9�H±HtÌuü<šè,Rq	�0õ¦àä�ýü¾kQ$n„”‚XP¦hÀ(æ–¯ù°„ʼÐó©û5~þ�)�A±¾]ÓÀ‘º#-@
4e`LhC<ö�·Éjöcq=ŸÒõ—ççëéÃÝ|rû½üMð
]?}\¯~9™1
"-aE¥
 
ÞPþª„óâÓ1ˆ´U“‘‰XŸèØå=ȬdÈ"è&d²
+ €ÛB'´Õ;—K!PÑ€

©$*@b-[‹¦ë'"pm%m༮\[Wu¸¨gÎ)”…²ú�¡WTÇÿF7C”£c¥**gÿèU%ú6͆©øÜ9±ÖÅK\è27àj0~e5#7~o$r
+j�U“råÜ|—=éÑwf–£Ñ�Çëí@fÃÙnuoáûV/®P&Ý`eÑóé0¤2ØL…U¨¨ÎÚjlQ‚&L~�ò”½3¹Tt 0c!pD{>‘n¸‚îµÅ�%�I€,�°è•·fGW¤?<’>j°®Súùê¢ûùjü«K¼\z#G4Ì^�ÈÕ=Îhµì»<Dº¡·jv¢‘|ðªN±%„˜Íp_VÎy v#Y�64ÓŒþ…Û2hþèÏ ™à¶#ÿõ´pì#¢¬í¨Fg�›ÑTc}+p}#ávݺovšå¦bv3e 4’0Y�0 !^qPMøÏî{ô'¨·Š,’E�Ï5¨Þ6¥µÜT«
+·4ú‘“ŠT6Ñ¡I
+èmŠW¡î¼7ÓšÃ)j¨€xgrXŠÞåÝå«èqKû&‹L&ôÝ--_èÛr~ÿ}1åm‚mwÀeXÃÓžGüŽ×£3®Á­Ú¡ÅÝüëGBØÚBKÈÆž—þGràñ¶\½z6¢Ow‹��ʶàR6úh÷i9]~$}QIwúoé¹NŒ>ã‘W
øaE�¥½×úÅM'Ã�*\Pˆès�÷³Ú&í¾fZ<¹Ùk¬Î«j¥Ž Ûü:ez‹9Å
+Xkö Ü`,¥]KðGpî4Nñìn¼€ë¼x(à-�A«"…}Ù2DdX未wàrÍ/‚@׫™´XÜ^0ÝU¼Ýèb«a”éúª]¿{;®	¼7Âß2ã
þtèU=¿º~¸¹&Ì¡ŸÜfS”nÝçn`«�F sy~Åðúkäp4öFýžƒë�ù'œüm	+Yendstream
+endobj
+1661 0 obj<</Type/Page/Parent 1372 0 R/Contents 1662 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1054 0 R>>endobj
+1662 0 obj<</Filter/FlateDecode/Length 1190      >>stream
+x
�VMSãF½ûWtqYSedYزÙ*/	UÙ…]»*‡8‡±4F³Œf�!¿>o>d@–à²�%u÷ô{¯ßÌ_ƒ	ÅxMhžÐiJY9ˆ£˜ÒÅY4¥ébŽÿ¼kN{{�>¾ý2˜&“(¥Ùt-¨¤é|ŽoÿKÒÚ%JN<ÑKt±Œ¯Îh2§ÍµÓt†¸MîrǴɆIÍ"ú]¨\?JbÔ]óúAdœnYvOÉñæ;RLi2ñ)N’9Êlòá¦àX+ÃÛð^3IL)ýÄTÆ
=Š¦èe½M"ºQœôž‘¤•|"VUœÕ(¸¢ÖuGŒÖ¬Ü1[8¦“Éi”Ør«â55š
+m<ŠU­÷B¢®¾ná6¡L
+®CB!cw7×%*¢M!1cÚÒF¬ñ5É^í.y¹C-,»)8ù#Úµ�û�%ì$/Ñ°”$Å=GO:ËښĞDc*ÝD!g’‚k4s­H×¹o'4vèÅ´4ûV"ÕÏÛhHOº
�
Ðíêr{<úOËàì�{^g�×!©†X&É´U¥ë†Î±lÿHGý�XžóÜ.Éa�'SXþ=�…'LNµf¥]L×SD×=`áኊ�z8#P¹èŽ+/Æ“âL—•…ÄvØæwÜ5ìÚ˜CÏ%
+åi;\ú‹+®ϷǽÊLå”Õœ5œÊV6¢B¦LWÝ€u�¨åÂÜ#ÑêæóòúKdՇ霌èõ…dD¼É¢(ÚG˜#,h˜reZí·ÃÙ¥K¦¨bw€S×Tj€™ó†	‰ÊÀ¥«Fh(v)�¶íÚœ�+ÿœÁ>y«YÉhî‘[®dV`Œî¤Þ1Ùƒäùi@]sə嶪–	�݀®ì+DvÒÞXmh)õ£e
0‚ªurðªùèÓYç+S?þþôýÙ--vÖ5ìîw߃՜Әÿm…;Qïut3°zNqÇïä¢æY£ë'*CÌüݘ7FÊšÚ½@„¹÷ÅçaIg¼ „(ĪƩd×:¬;iX¿Kîiý<<AÏN�ö$š'HÍdµ¨ÐUHĹ‘î 	
CšÊ�¸W€÷®†Ö׫ü?wi‹xŸ´×­Ùbžœc¬JH+ØnºÂëåç‹åvë,9zeѪÿ Ä»i.ö{l<ÀöÐ,ÌÄz¹¸SÞžüLú„ýʱ#Ùyy
§£`¹s…£^YlƒÙ—÷`†í¤U7’Ú¨ñÕ[6êï>;èa¬‚9{O3ÀÙzÖTë5•VÆÙZ(õbCüÚòúi¸\=SÙÔLlïàÌ;8sÈ�6†	ì,�–—¿õ56ÉðDû¼P™l¡¡×8™úI~É]aC£Kh¨ÖÒ�=¾J_œ*ÂÎøåfó‰>úýÙŠ:×`ÞmqnS}qL€¿ìpl±v¦|êÖnùÎ;yp)w\°ƒ²r{¿;9Gëøj0IqüZœÒç#7cN’t[ëï˜zDf8(@ýÖŠm»']ÀÉ<†åÿï5MQ:KpCÄätn3}Ú¾þ>׃endstream
+endobj
+1663 0 obj<</Type/Page/Parent 1372 0 R/Contents 1664 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1063 0 R>>endobj
+1664 0 obj<</Filter/FlateDecode/Length 1663      >>stream
+x
}W]�Û6|÷¯X(z
.ò·Ï h›¦Iô¡M
òBK+‹9JTIê|þ÷�%%ŸO¹ÉÙú —³³³CúßÉœfø7§›-7”דY6ÓóÇÇ“Åò6ÛÒf¾ÎTÓr±É–ý�¡O“õ*[Ñf¶Èfx9ßndh¼“—ÛÛlM«Ù*½¼Ýbfº“—X„–·+D]mop-!S9™Ï—ò
+QVs}ƒién˜¶XˈѴ·»Éôý--f´+‘ÓæfK»"¦‚'ùÕ¯•j;Z,3úÈ­uA7zÛüËÝ×8s~“f¾Z
+¨]q…¡óŒþh‚³E—m›4tEóy?tq“mdè®bâZiCª({O¥u´ïHIÖJ÷>¨½a<2¬<{Òž¼ª÷êçø™YwÈÑ“9Ê´•:O3z†"B_ÙÎt°l
+õ*p^5:Wæ"h?¥[	Ø¿âòÔSð k|X,¢
+<ªRæž‘ÓÉvä»}­©‹Œ2úÅx{Mm
+æ™I—„A•ò”Wª9p�áÈi»@=äMzdªÕ	#Ó$)Š`z¤NžÔHJ5Úפy+p�9{>/\TX	^wy%ß’C®ùvžM)ÙVlZ
+Nåw|l†U3ú$%‘Ú žMÀŸ$rBò 6p1ªÂÁÙ®%[RËtб²toM׆à��Æ'ð^“¿ÓÆxRMA\‚Ýà3úG‘³¾‡ö•£Z8OJÚÛ.£
¹OÈ`´rk½×{p�?²Ã6æZ)DS)ýJ*Às”–†G
+Å~�ÒÅ:3�uH/
+¾gc[v£%K§1Èœ^\”H2™crŒ�Œã
+½³ÔXèÈûNj(³ú•‘‰$š
+�êÈenë6k�
6·Æg¾ÞSÃGßÓ™�L‰BŒŽóDÁòvÔ¶hç>ÓηœGnC”a!4g-…�c~{T@
HSêCç”xÀy  6RL€ÎÅ[¤	…A©™
�„’²¤¸äØx…š+ü}¹A–„|¾¼¤õ~le¨eç	Ûç„ûö‰Ö2èÅsÿ= Cc{-½oÉX{‡x¶;T‘rQbž²ª\^A�þÂÖÒO
+Fî¹�‚ˆ/ÏáxÐ!äûh”zJûÈ{jÕ
¶‡«Ú×ÓéÙ÷ÒÕ4b¿ôâèYðâEF¸a§馌üNß?ãÅo“o%ÏŠ.é[hFË‹ôu�Ví!™±sÖ¡'ÿZtòptˆ†˜<Üîïµ…Êk¤,ÙŒr�µ	lLì§x‡¥~D;ÖÚ:‚¡ˆ‰Áj¡\1×�7ö¡U®–²ÈõSˆbȲ¥äÖ¡F0Á¬éa\ãߥï±^
+XÁ—úºZëµÿ‰vbðøÏîDº–ÝI5ßtjß&ºÉMW0
+çBôŽ3h²P%Œ�^-jÄË}‘ Õ —`™Òq?¨\4s”Þ¤°-qXXá%I‰r#*ÍH%�þyH^a×íH~WG8¼cÁlÄâúíÿ�‰+#eOSÍ)iaw‰Ù$eï~+�ÁV*�4…¸(:4£­c¿9.;/ã
Î
+ŽºB—m#déG剣EãA—ÇÍ2VŽPvFÒA´â‚´ÁËTó”êõÛ1-£èæ3ÂùáˆiÏ,=D̥ŃÖi”?õ{J
+|sˆÛVÁØ.Í5(9‰c!W›ö¡Bû;ò­Ê¿Ù·wb›©¾Åcad¶›¾_÷ç­«‹lÞ¤WCÙ®ÎÝšžãL�hWØ42i»ÑðŒ>_Úa©“k'B¥> )ALS\œaz¤%¿vhVÛÈ®
£Ä·ÈóŽ¹Eô�¨Q’{0†ã2BâPR<qaå×ôÛáp)gkœ×Îè
Íg�ŽÚýËx\{CÓλ©±8ûõvjô÷‡ì‡z4ihëÿ™3�ÖO|ê²ñ¼+‚¥›*’K*¦
}Oü³`Î�{ªÒœÇ"ãNø¢ûBlJú Q8-@¿¸éÀ½;D#Ñ{	ɱÃá‘›V¶ñæDÃú°ÑºF™ÒÉðÿ»Žî
+wªq‚K°ž‘Ý7ªKí1•T„òŠÓÆíVc�i1 ä«p„­E)tY´pë9ïœzò�kl¹h»xüéÍŠ8ä⌃æÒíã’åMÒÌ÷î¬6Ûl³^àg4_n%Ìo»Éß“ÿeÜendstream
+endobj
+1665 0 obj<</Type/Page/Parent 1372 0 R/Contents 1666 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1666 0 obj<</Filter/FlateDecode/Length 1668      >>stream
+x
•WMo7½ûWLu©IJ¾,ÛzpP0Ф©£àw—»b´Kª$ײþ}ßw-wmŠ @Â%93oÞ›Gýs2£)þÌèbN‹åÍÉt2¥óËÅä’–—ø÷½¦R>̳Éò­³ùÕÛ'–oø´>9»]ÒlFëÁW—´.�§SZçãFåcõäÃúÇÉ”Nç+„\ãõF/�Ý"_9:M6É�-Ór㘴�þ�Ïû½T»Šjý¨kúu¸ß
+ëì¡qm ½‰Šˆöæ5…ÎÚê�{âFEÚ¨@™Ö–Ú 2–\]hÏ!QÌl1™s1�Úãl WÒ7ÕdŠ”Åf>ilÀ£•ÎS¦òí^ù"Pîš�Š&3µ‰>Ú@¥©u"v¸Œÿ�ãª[ÍY›{­8ÿƒk
H]#¥Üù‚SYSš\ÙXú�œtY	D/‹¤ìlŸ\�À-*k\ˆ/v»�ö²7HØFȺHV#ÄÕ1ò�Sm´GeÊÒbB_´òÈC!E4a9Ó=Pãs‘Ôûþ"d:›~Ä©Èv^ï”ï Wô÷Íýwª•¯4=ººm4ÃÍ*TTRËÙíÍÀ\¦ðéb™H:_L–º³Q{«jÒÞ;þK7¦ôÅdÅ,¸+¥ÐJ#IÝ}Yßܹþ�nîïÿ¸Q£CPˆ
+¡^¢KŸÉD|T`�.ñ§R(½µúi§óˆB¸Qª¿ß€)ä[k�%2�Üî�w™ÊE \5ུ�JÕÖ|+`¬¥W¹öLLìLñcÎ	¦Æ­¥}ƒ¸õˆ!Â÷ _€Ð€ÔCw!ꆂ+#/=|èÎõªD,Å‹\¡¥w8Ñd²Œ†0ô¹
+tSå¢k€CÆuõ þ|ΡŒZä�&‡8HöÛçOÏÀ{mÓ5sBë�(¤tòF
+�ó�õ^¶5£!äc®n�ÿ!έ–:iW³²!¸º-Ðkô£k7#N:{éô˜|‡&ÃƵ5÷%¸®Ú¸=EÇg¼+Ú8þH¦¤�Á �	}•¨Q[Þ…2XíÎ
+6ºx+*KRB–¤ö)L%ö¦•Úí F`…@hþ „Qh³ÂÊè”Ä©ö´)lµÞ	Ûø™‘¬¿4éR$(²çÛ„Ÿ]¢sµŒÎ×�ªè ãf1Ø<Þ
+'üÂ!Ïn{Ãxá<U‘%ºqAiWï5/v©¢à–ïvÞ¨ˆ®«¸Av.�f	Vh_É“ªÃQ7�b…³?³‰@.¼	¥1Ÿ4*²§“OÛ
6ìWL:†”Í©Âtäòx
*h8îH q.ØÌB��ÂTm©|¤§ªËóÖ£™<΄œƒ°Â›ž¬
ä4$LWÐÖ²”sBÐ
�™ZÙªåцx–ñY
+ð}ԓûÓ^ÓûyÑÃœ6‘ÝêÕŒ¯MæPë¯I�$§�À9~„Käpfn|ø �1Z{ç·„\H?©œ
ïuB `&¯
�¡w·Ú¹­°!J�t­‚䮀oQ9òOä–3NGˆ$aL…VÎtXóÈI�>‡AW:ûKB�Ž¼çS纎 
¸Sq¥ªwf@Ž)þšé�mýÅ®[Š�à0’[kžtà–X°ÞG“·0Ïô�'¨�TÛ>Ñƨë�1„¥˜_m³Cøã
.ÌĨ–ŸSÃáüZÕš
Ó@7(R��üðAD.rèßshS@ÚL°Îtû\Æh×l%x0¾3ÉAô(Œq=φ¯w¿�:rð½ìéXzö*È-¶!éWÔ9ÊE�x¾‚çxu±J»4r`a9!
HÀJÁe­6Wî=ª¿3‡\Exï:9ZVé�1Ÿužúýö£fÏàÛôû¬X#N¦ñ ëQ>rTŒbÃè¬. ã¥yú©Ÿ{A¼¾139Lg“UÊ«ŸËcøFYÒi›–ûA<æy�—f§©wÞÛÜ|9Ú;+fGüHù½ÁÈ|7Z¾„›Ðg6O[ŒË'aSCrªÂ#	H€Ó0Zyðk¿›m|Ó‹Qð¶ƒYsÿk�b’Ipœ7(ªû¹ �CŽÉ›Ïn/»7³~©].hu¾Â¯0<,¿]þtM_½û
Ë¥ß\Žl÷¨ãè§ý�Ó‹éï÷Ùº\]NVçs<q±k¶¸âÓ7ë“?Oþ„Å�endstream
+endobj
+1667 0 obj<</Type/Page/Parent 1372 0 R/Contents 1668 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1668 0 obj<</Filter/FlateDecode/Length 1324      >>stream
 x
•VÛnÜ6}÷Wö¥.�h¯õ
ÈÃÚ^'Ø»®%7
Š>p%Êb-‰
-Iy³ß3¤”:ªûPlq8—3gÎðëÑ”&ø™ÒéŒæ'”VG“hB‹óóèŒg§ø{†_#)÷ÓÓI4{ë`~�¿_&Gã›sšM(ÉãäôŒ’Œà‚/éñU!'
ÍN"ºVâ©ÖVÕOtЭ!+ª� +Í‹4?'y?ÓÓàçý|�’짭kgtÖ¦Né:˜.h:íLg§H¦I¡,媔”êÚ	U[T*ëHçä¤u–ãR*jj¤Éµ©Èiz¥Ê„“!§øUNëH”VãrY†ËûB8r…„ßgY8—	½ŸÎC²©h­ôÑ`ѽ+eEHJå¤åBÁ‹¨¤ëÞ
-æÖÉÆ"–·i„µFeÉQpòÆß5»€/v+vå�öÚ<ËA
-¹ªeÔ}v檶…nËŒ2MËÛ[_�÷üŽTíÿÓ&C›`µ¯#ú,©/n”̤T™·%¢¦…ÖœV�Ê€L	äL—¤®ÿÑŠFìT©œBahµÊÙiV
-SªÞÃ0o@Â
³²Î^AÖñ¦šL%n0£J’¿àðÀ_G+ÓÒÖ?9Ô™÷æ«5Ú¡ËRï¹>ðf€"cÃH§2k1~ŸJ@‘¯ïйÖ4FY¸À™éàvƒæFf¾Ž×¤ö
Acf-­m«†)íÃ�oÞàôºö\`ƒR�� J[…СY‚^“°—%Ž/×ãÕÃo«€ û«þdyu»^mÚiWÊGs˜]OF·
%«8ùø°}¼¶'	$ï0BÝVUªÈ‚Snë¡AÓ‘}Š.×Î]¬=¥ýŒ½®ç¹Ö{_p-*?)h¯xA{A|À^€�L �º­væ=ÇÑ^an‚#ßÕÞÔv5ʹªEô¥‘eÿ±»ÈCN»á„IÅ-¬ñÿiêc_°ãñÍ„Î{IZ„Éûþì£N ·˜F¨SU
ú€~V�6¼lYZ6Â0ÃËðÈHÁC�‰ü@ù�‚$~ZÅ+ßÁ˜–qüx·"P!^o74�x	lèv™€ÛJ>­(^Þ].)~\'«ˆâ-쯶wwËÍuÜ'ÐI]üiûyC×ëkÚlZý¾ŽZohµ|«ú(ý­^‰îK) 	�¦Î
�Ÿõ…‘•Æ€7•´V<�4<nF¦R½H/Ž¬›?˜ààaökrà‚ß%¬’;‰
RnëzVgÀŒ�wŠ˜+ƒYO™>÷Dë{òÔ3Òê²õYÂiª
2r¸o¥£¶‰H>]Ð�I aƒbŽ¥KÇÞË‹giØO�V.ÜG	+°+�e�…PËo�¶áÄ,±� ÚAaÄRä%ízw»”DšE?†Ã*šÐ€Wå2ô(Ç
¯p…‘TÑó<d�rÚécG–,tòÓ°Ö¦îv¬ž{ô˜7G,ˢŀ‚Ð#–±F`ýö~Gï¿”r§¼¼¿Û@Bù©ñ~>	{äšó#�­hÌ~�Rž:)Wš)î ÆıÆ*-ð©{
ô9ùZß‘iÃEZ^!o$ßïîž�`ê?Ï[î/¶x j'ZüRÉÕSk„瘼¦\àðõíä«ötßߨ5ÖQ©Slc^­^IX�Â#éØÓп·~„瘶æMûÖš1û+ÇþÖ¸T»póìŸw×â<ˆÜÿyã-Nð†üe†ö¡'Óù9;]%G¿ý
ú)VÜendstream
-endobj
-1662 0 obj<</Type/Page/Parent 1367 0 R/Contents 1663 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1663 0 obj<</Filter/FlateDecode/Length 1622      >>stream
-x
½W[OÛH~çWùeA"!	4ÐJ}JWH,Ë–h¥J¼Œí1™bϤ36‰ÿý~çŒ
‰a·o[{nç»�ÉϽ)Mð5¥ÓÏ)«ö&ã	}˜Lñóäì?gøöšŠ½‹ÅÞÑ×�4=¡E�)ó3ü’†O&´Èögóññx6¦…5Í?0ú„¦Ó8z4;Åèýo�¥z©)sU¥lNÉÊØGº¸þýþêÛßWß*¼«dÄÝ%½8¿¼¹¾º]l½n¬ÙPê6cº.¨u
åÎþVÓ£®yç	�¦8ï¨èY•&G	aålм¸åž—wG×w\Q¯J4�¬«q6ïuV—-jU–:w‹¢F.zÿÖÕ¼�ªeëµ)K²ZçT;Â_“¢$w�V¨fU'´66wkr±x”†�Ppõõ»zP	V©têQSP-•,ÀåC®±yBÎS0•)•ßªëËíýkQq¤ëìˆg*LÙ×9Àéµê ëf\kdåB0)&u'ªJê©—®©‰wÒ¶öFciìÄÔퟵò²Òàí!¥zM*„¦ÒYƒÝ—ê™E!À¿YÑëJ
@,ê
-Þ‚I„ȹs³Ä(¯UÔëe+Se—@L™’+2¢O%þ–±-Œ×k°ýݘ¾CW;äz]ª
ap|ß”@•`ÍD–×Î?AµÁQðègƒ#ã÷CZi¿T«@iKØÎA�¤²LGõ«®ŒÐ¤Ë=ìc�cޘϛCùšž�ôͪX«¼bå=zU�xô¶oGÇÓ(b1ìqgØã8ì׆
Ui¥ÑͶq;m¿ú’ÁPI™³+¡åÒ@»`P=ƒ	Åš
-KØnXNª²§!³;žÐÞCj½32gk¨ƒAõAŒl”•Ó
-Š°	Þˆç–[·$‚Ó�±Huâ`+†‘§ä0ú/P®m+ÞKb¶4Ð|HP ˆÕ.ÀiŒ³‡ìQyòÈ
-`¦a]ñûXÓåRgOƒ½×]¾xz3³	R$»`¥|•ˆÛj]­œWÞ <XÆÁQʶý™EjƒP�ì?ظ+çNŒ}SáÛí�“ f‹ôdÕ{]`)À¿›½BS•æ}RTª•HKuïÅ—P	`2ì«Á9
w�Èï¬sSs"3ˆ1õzŠËöýõx¦\
91°¥ŒI‰+ðöC¡vÁq£îu,ׇ“¥Æ…Qy‡†ÀƵXÿæú~quË]¤£ƒùo©ä?…ŸdDVÒD"�ñy¬1{;àù9BµçCªF!è%�ؽ#ŽßꀈSÍBkl�ˆ·y	ÕË^­äÅJ©Îx–`[õ¢é›¼ø:U•®aé’à_œ¡úþ5ظPè¼²G©+é7R
Œ^¼�.Û¬8N`´|Lçepab6¶žáPGÌ<ì÷f|8�6ZdƆ$H‚,>Ø=8‹EÄ`>Ã]®A Wdµ“¾·F„pƒæ¾ø¤5‚�Ñ)BœÒAB|Š@zƒ¼�Ù|ûPd›*�M.v°ØS×K“-¥Jb§Dn9Tr� FâÂ]] ÒqÖŠ¯
-L
äìŠA�(Œ�(W"&¸�p¤:#¶XÀÔ·¦»ˆe×í?ñzG_'ô±¿Þ�ĦBÝ¿xÝà ¤Ït~sÓï?Ÿñjw˜dÆm6›ñÖ÷QÛþË´×
œj*'
-@æ}¦ï±™ìÞ;ç¼ßuìÉ*E*"mb¢+›it´b�þP©×\àÀ©9€¢e
Èe@5µ«Ð×3»¥Ú+Jv3Ú?`íOÜ]?KçVÜÑHåjÅàÿqh:Ãå_S°…[£ð ý�}ŚϖÊâæ™b¢Ù8ÿîr¼Èñö•@°üâèöÏÂKGÉ{d$h¾�ßqcƒÀ•¢ßµ	K†ªŸ�Ó·ê®ê
ˆ Ù”¦n%1:¿½\C¤}t—ïîÓqF ÜfJ-²‡Û�+iMxÄ�ã@~ÞølHÝkr†12äwþO’¿¬8ׅɘYÛ�Ô�÷Htü(ö­Å)œ(Y=²0ôµàœ}8�49úzÖ}̚Ρ©³cšŸ~Œ~îÏÿ¸8§;ï~ ®è‹Ëp
Gô1ñ¨Ÿ0:�ÀÈù;ŸáNægãù‡>ïáõôdÂÓ®{íýw]¢Îendstream
-endobj
-1664 0 obj<</Type/Page/Parent 1367 0 R/Contents 1665 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1665 0 obj<</Filter/FlateDecode/Length 1406      >>stream
+Iy³ß3¤”:ªûPlq8—3gÎðëÑ”&ø™ÒéŒæ'”VG“hB‹óóèŒg§ø{†_#)÷ÓÓI4{ë`~�¿_&Gã›sšM(ÉãäôŒ’Œà‚/éñU!'
Í]+ñTk«ê':èÖ�ÕN�•æEšŸ“¿¼Ÿéiðó~¾@IvŒ‹ÓˆÖµ3:kS§tL4�v¦³S¤Ó¤P–rUJJu턪-	*•u¤srÒ:Ëq)55ÒäÚTä4½ˆReÂÉ�Sü*'„u$J«q¹,Ãå}!¹BÂï³,œË„ÞOç!ÙT´Vúh°hŒÞ•²"$¥rRŽr¡àEÔÒuosëdcËÛ4ÂZ	£²ä(8
yãïš]À»»ò@{mž�å …\Õ2ê¾ÍN¢óUÛB·eF™¦åí­¯À{~Gªöÿi“¡M°Ú×}–Tˆ7JfR*ŒÌÛQÓBkN«@e@¦r¦KR×ÿ„áHE#vªTN¡0´Zåì´+…)Uïa˜7 á†YYg¯ ëxS
M¦7˜Q%É_pxà¯#€•ii럜j‹Ì{ó…ÕíÐe©÷\x3@‘±a¤S™µ˜¿O% È×wè\k£,\àÌt	p»As#3_ÇkRû†€Ô³ˆ–Ö¶UÔöáÇ7opz]{.0�A©@†À¥­BèÐ,A¯ÉØËÇ—ë�ñêá·Õƒ@ÐýU²¼º]¯6	í´+å£9Ì®'£Û†’Uœ||Ø>ÞÛ“’w¡n«*U
+d
Á)·õРéÈ>E—kg‡.ÖžÒ~Æ^×ó\ë½/¸•Ÿ´W¼ ½ >`/ÀF&�GÝV»óžc‚h¯07Á‘ïjoj»šeŽ\ÕŒ"úÒ‰‚È2†ÿØ]ä!§Ý�p¤âÖøÿ4õ±/ØñøfBç½$-Âäý�öQ'�[L#Ô©ª}@?«Fa^¶,
-á
+˜�áexd¤à¡ÀD~ ƒ|ƒ@A?­â•ï`LË8~¼[¨¯·šG¼¶t»LÀŽí
%ŸV/ï.—?®“UDñöWÛ»»åæ:îè¤.þ´ý¼¡ëõ5m¶	­~_Ç	­7´Z>€U}”þV¯D÷¥�„FSçÈÏúÂÈJcÀ›JZ+ž@7#S©^¤GÖÍLp
+ð0ûŽ59pÁïVÉ�D‹)·u=«3`ÆÎ;EÌ•Á¬§…LŸ¿{¢õ=yêiuÙú,á4Õ9Ü·ÒQÛD$Ÿ.èN€$�‚°A1ÇÒ¥cïåų4ì§F+Ø‚ƲÎB¨å7HÛpb–ØGí Œ0b)ò’v½‰»]J"M�¢ÃaMhÀ«rz”ã€W¸ÂHªèy²G9m‰ô1�£K:ù�iXkSw;VÏ=zÌ›£–eÑb@AèËX#°~{¿#Ž÷_J9‡S^Þßm ¡üÔx?Ÿ„½5�ó#�­hÌ~�Rž:)Wš)î ÆıÆ*-ð©{
ô9ùZß‘iÃEZ^!o$ßïîž�`ê?Ï[î/¶x j'ZüRÉÕSk„瘼¦\àðõíä«ötßߨ5ÖQ©Slc^­^IX�Â#éØÓп·~„瘶æMûÖš1û+ÇþÖ¸T»póìŸw×â<ˆÜÿyã-Nð†üe†ö¡'ÓÅ„�®’£_�þ»ØVÈendstream
+endobj
+1669 0 obj<</Type/Page/Parent 1372 0 R/Contents 1670 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1670 0 obj<</Filter/FlateDecode/Length 1623      >>stream
+x
½W[OÛH~çWùeA"&	h¥>¥+$–eK´R%^Æö˜L±gÒ›Äÿ~¿sƆ`ØíÛAÁžÛùngòsgFS|ÍèdN‡Ç”×;ÓtJ¦3ü<:=ÁÏ9¾½¦rç|±sðõ#ÍŽhQbÊñ)~)çSZä»ó£ô0�§´Ð¡¡ùÞâFÑlGOæ'½û­µÔ,5å®®•-(Yû@çW¿ß]~ûûò[B¥wµŒ¸½ —
g×W—7‹­×­5ÊÜ&¥«’:×Ráìo
=è†wžÒd†ÃðŽŠžTe
+”VÎÍ‹[žáiqq{puKÁ•ÍZ¡DȺgó^çMÕ‘±¡QU¥‹´_t~œrÑ»7®á…T#[¯MU‘Õº Æfø†%…´B5«&¡µ±…[“‹Å£4ô€‚«¯Ý׃J°J­CPš‚ê¨dé.²t­-rž‚©M¥üV]_nî^ŠÂˆÝä<3Piª¡ÎN/UÝ´+àÚ0 +‚É0©?qPu¦PO³tmC¼“¶�7Kc'¦6hÿ¤½�—Wo÷)ÃÐ+R!´µîÉí¾TO,
+
þÍŠ^×
+bQWòL"DÆÈ�
˜%Fy­ ^/;
˜jó°bÊT\‘½x(ñ7x°Œmi¼^ƒígèRú]½"×ëJmø£ãû¶€¨k&²¼vþbhŽ‚G?[¿ïÓJû¥ZÊ:ÂvÚx •ç`:ª_õe„6³Xî~\ÛòÆ|þ0ÚÊ×ôd” oVåZ5+ïÁ«:½ßãÑÛ¾�΢ˆÅ°‡½aã°_6ÔY¤•&×ÛÆíµýâK/@%UÁ®„–+í‚Aõ&k*,a»q9™ÊÇ̾ò„öRœ‘;Û@¢¨bd£œ«‚VPX€MðF<Ï°dغ#œ†ŒEª ¨ß[1\ˆ<%ûÑ�
+m;ñ^³¥…æC‚A¨–p
N)ÎVî³GåÉ+€™†uÅ[ìcY ¥‹¥ÎG{¯û|ñôff¤HvÁJù:·5º^9¯¼Ay°Œƒ£”í†3‹ÔF%  Ù´q_Î�û¦Â7¶{EN‚š-Ò“Uïu‰¥ÿëìšê¬’¢V�DZ¦/>‡ús“a_�Î	¸›B@~‡`]˜†™AŒ©7P\uﯯÀ3
+ȉ�-åLJ\�·µŽýu/c¹>œ,3.LB@È;46®Åú×Ww‹Ëîè =�ÌÓD%ÿ)ü$ #"°’&iŒ¯È[`�ÙÛÏϪR5
+A/	”ÀžèqüVAœiZkKD¼-*¨^ö2h%ÏVÊt®À³»ØjÍÐäÅЩªu£H—ÿâ5ô¯ÑÆ¥Bç•=*]K¿‘j`ôÆà…tÙvÅq£)�UÁõ„‰ÙØz†C1s¿;˜ñ~OÚTè�’ 	²øh÷dä,ƒùw¹
€^‘7NúÞÂ
šûâ£ÖvF§ru\p*	ñ)é
pLðBfóíC‘më,6¹ØÁbO]/M¾”*‰�¹åP)4‚‰_ë‘Ž³Ö|U`
+ gWŽ
+D1`D¹
+1Á
„#Õá±Å¦¡5
ØE,ûnÿ‰×;ø:¥�Ãõî(6êÿÅë%}¦³ëëaÿizʨ×Ã$›0n³Ù¤[ß]÷/Ó2\pz¨©Thœ(™÷™¾ÇfòúÞyÌû]Åž¬2¤â>Ò&&º²¹F'@+Öèµ*pÍœš#H!ZÖ€\TÛ¸}=DZ;j¼²¡b7£ýÖáÄýõ³rnÅ�T¡VPþ/‡�fs\®ñ5[¸5
+ÒßÙW¬ù|©,n~‘)&š�óá.Ç‹o_	Ë/Žnþ\ ¼äp”¼GF‚æÛû÷06\)ú]›°d¨†éÑ8C«î«�’MešN£÷Ûó5DÚGùî¯Q0gÂÍ€`¦Ô"{¸
¹ª•Ö„Gü8äç­ÏÇÔ½$gH‘!7¸ó’øeÅ….MŽÀÌ»¾x¤n¼G¢ãG±o-þKáDÁÈè‘¥Ù ¯çìýž¤ÉÁ×ÓþcÖìš:=¤ã“�ñÃÏÝÙçgtëÝÄ}q9.àˆ>†€!ž&'S¹xç3ÜÑñizüaŽÏ{x=;šñ´ËÅÎ_;ÿF½¢Éendstream
+endobj
+1671 0 obj<</Type/Page/Parent 1372 0 R/Contents 1672 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1672 0 obj<</Filter/FlateDecode/Length 1407      >>stream
 x
…V]OãF}çWÜò[“/ô-°l…Ôݦ`Uª„„Æö8™eìIgƤüûž;3	Y/»hµû~œ{ι÷߃
ñoDçcšÌ¨l†Ù�Î.ÏñszÁ?Çøo%Õá‹ét–�ßúb2eo}1;˦ýϯòƒÓOS�(¯‘|vqNyEH<R^Ï[ãWÒRišÆ´TŠÎI25áCüâ7†¤µÆ:RŽVâYµKr¦‘~Å¿	m¥¨^ÈvmË#ÀÚXO£Éå	¹®\‘pt/šB|È¿i0š £¼:~8Vò7rMQqÜíëµ5
©Vújùá»—P«'IÕRy¡�-„_mŒ}r]¯dùD/¦³1BVš¶¦ZiÙK]ÈÚbo_¸boÈy�’C-¨VP%$�8!å�FKâÙ(ÔCÚxÆ¥¶�óVxeÚ_Räñ¨£©y[Ñ‹ô$¤kãœ*´L "-ÕBéÙ(¿¹ÏiÂíoV²e¼�X�æ©î	A*:åækDU
-‡¸Ue¥s½~œô� rÄUmi¬•¥Ïh¡¥ÀË€‹_	R >†½´µ(%Ý.h#ßÕ.Ùëg÷±ªÏ¨êg©SâPxHæÎ8p+Ô¤_ÈÈ*qKŦµYfmS„QeœàôÓ%�(³u0El�ñ$›f”K1��½’z0fRßu1$s™ñ;D\mÌS·¦Á]Ýþ~s÷÷Í=>ÞÏ?_Í3úÇtäV¦Ó-�=�
ˆ$¨yNL©^ß±3'í3„Sˆò)Ô�j·L¸
¯QeÚ£²%T¨¾ÀP-¨§µ¬~Ä^Ã@LÆ Öª<a^lGÚ«-²w_UŒ„VÎË Q¾«Ö[™ž÷+ÿ³e¢¬­
y!Hs
R®™Õ©š5¾‘­:À€EhT@œá©µ°!a°Æt;�ÝÖ½ªa'Áa£L[ü3‚»x	í™VøMr¥Uk†t†À½†!¾UË•§½¼Ü5}5–wv–vö†Åˆ»vâSgÉ\�yʯ|›_ÿq{ó%§£_�¾�–,ã
ö-®Ý>½ópŸP
)­0Øcí7¬þ„õâ3ã�ìÖC{§Ç@¤ølpAY…O8ÕvÇ9Z2íBà�5í²OT·m¶22¤†Qý,éY	úøåžCµÄ«…c~+°½N’%ˆÂàU©¿3®Y×ì{€ß2„ŸŒ«¢ñO•3A½ro ÇÁ渑µ•ÏÊtøƒ�ªèàÚ¯CÄŒ‡ØótÈ‘_«d-:�¶þÛ›Xò£ŒæÔvM
Û�3}‘¾PÆ�æ× º2Îï䶵ùäl˜ÆÚ´®Ð^·\Å¥±K†~=ïj­{i‘„«‹¯;	‰F5#,Vf€=EsÁÞc³“’™CVã”Wh Ò¿�´8BANRƒ�&–²¿Õ‚b�„Á
-[{ƒtÁ5¶Œ[r
-AN5JËЄï·cAOÁ‘“V£v¢à=À5ïLøبø¢ó¦�%–èª\‰V¹^Ç��<Xá2ˆ8ÍDþ·–„‚€·º8ÜmewHfÍ7ï͇J¼mÐ̶ÃÔ^ØkµäËÚµ{;y¥TØÌ Ÿo€^„ÂÙ8ÓjuÙF’­š§% È6±QZS+y©c±$}cÙ¦êñ!î“@¢w�ŒJ~�xÇVöë�rd‰…xU‰8ð}Eqmâlì�S»
-vë�µ‰“ð¥£éáøNÖPêN÷_,}rzøŠ:ýt‘ì4Ã1¡ÙdŒëçH82haÍWdôÑ”ÝneòLÛçÃK~þûg:»ÈfgcBøz4ñk7ùÁ_ÿ:Fïendstream
-endobj
-1666 0 obj<</Type/Page/Parent 1367 0 R/Contents 1667 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1667 0 obj<</Filter/FlateDecode/Length 1717      >>stream
-x
}WïoÛ6ýž¿â `˜Ôvì$Ž[tš®¬mÖd
-ä-Q6‰TIÉŽÿû½;Q¶ì4KÀ±ÈûñîÝ»Ó�“	�âwB—S:›QZžœŽNéì|:šÑùüŸ§øóšò“«»“ñÇW49§»Wfs|ÈÇOOé.Lg£³Ñåˆît¨éòÅÝwœ>§É¤==œ^âôàkc©^iJ]Y*›µ§.â©
…r‘FÛšÆã«ë?n?|ýçÃ×ñݧ›Csƒ}s
…•kŠŒíYZhª¼+«Zg”;OŠ*ÂÆùLÎòýSNÎFS#Þl‚–hº£ärù_¥©kÄNr/Ür	»ÆÖNž7Ö<ÒÂ=ÒÆÔ«]çrr£p…O0ü„”uÎ9ï¬KÜ*“hø7½�¬*õrUmÀj=j›uÁEè¨0V�H/_?â‘ßñxa–Aûµö㺬àò»[ÙÌéÖ@¿V³×vðÙÕú5]×dU.³(˜£PéÔäÛCìTáì²Í›+l=gB*  Eá6áùHQîƒØŽ"ßEúKЩ×õ³
±©–Z€BÚÆÇÅŒu_j
-1&àÛÛ$gWÇÌÙ_å¹EáÝ©ö°ö¼*uj	à¯ó£ MMAm%Æ®Ua2²ºÿˆQHØ_K}®€A˜	j�0² 	úÁ{�ÖÅ–‚®›
-Tã4<7Ä(u6Egh2©(·ó·PÙŽì=?…yа—*T"0�~ôø°3ˆ¬ÔZ•¹�Aú ÓàP<áïÎ:…m¨uyÿ‚MM™É(ð±2àBMU9_K"ßßqÜÃ~ç•éú!„¡ëÆɈø¾é‡æ)iqd&…~ln–�WÒÀÍ؈šøÀmÈP6˜î�uöwy**Í#9Uhü]ÓC‡„3'¤­ÏÛ¶Lv§
-½ÖEÒµ%8¡he–«X—Ε¶®Y®HwauÏÎö‘uV
-Rñ["
-(Æš37v9ŽèýJ§\u‘™Jù²s"¹Ÿï=tN9÷.¡].Ú¦~ÛêK¿�^«ºÄÛOW¸%‡Äî^Ž:8¼h§ûÒI¢X|Æe ¶4š‘eé”7ŠY`«ã�ûA�OÜ¥UsÔìÒuŠ!³­¢líï¬tQÑÛhñMk±µ
s’¿êQÑØPû&e:…ƒ�¢EßTÁÝ# ×«¨
ª”¹€1‘{­Ñ
á
b¨ÐÍHqc¹b‘“´á~çäë'¡öb@žG�J§÷çìðlÒö¼Øy°óÃk0ÙØ/­Èܼ¿¢r‘öÂ.È­�ÞÐ=~vÃöÐl´S�3î	GO$$šcÜ
-ÑøŠ’ÌaFÈNØF/Ç�Á�٠̥](ÐY�õ˜–T­•)„P#Åâá�nÖOô�±e;ðÝWZ‘ÓeÊЬP1S¬§V½E„qza­L'xrEÓI
-K1k¶±KàÌY¡f/›&4-3XW3Zlò¯YîÈBßpՑØòÐÅv�ÀF�]à9Ym÷Œv.—Óq”‹8�˜®œƒhí/C…Ÿzn1;5ᄱŠ`²9Ö\щžàv:Ñí!×7„�@ÈiG‹nIPÌk’È
-„œÙ¡ÊÖ
-ÃI«±©â‹5¼y/õÛùÿ‰F·>1WžÖfmýþù–>ð†}@j
í;?ȸ§½ýŒòC<åÊ…ìæ‘öLøQfT/�?_
@Ǥ?¬[RöFvà}	Eäy]Uàv'¤»åQÛ
Õ#^ð
-WæáŸ0Å»§Z€|ØP,”Û×&mÐ/©Tè¦ë¬$š´y‚nÓÍž½zÝô�¡Æš3Kî_D×ÝðzW÷’Í]Ãt—mI´2W)/MPM‘A¶Ãm:Jµ¼þÑ PIŽç:�ŠÞ²*’¬xEq”¶ª±‡Tðáºû)ÜHìJ[¦äfeÒ•¨p\á¯ð’ÿ¿‘i¥JW²ICvÇXyä$%Ò­ðúê%R%6oû�·cš1Ð�‡·Ýˆ±pt3õ„-i×lƒ¦‚�`b£…"1ÚصYs¾”bÉaI‚šn±°*tìn‚qÕ£•£Q‡qŠs»¡—¤ØU1Ûíà1/L+_�-ßX+ØãÆƃ¹Ø×^âå
-”c�dAÁX(j¿�̾ÇçñÅo2ËæüŒf—s^ánß}ºzG7Þ}/èw—6%îöd,^ž¾’•ïÉ›çùl>š]L£Ú�OÙ݇»“¿Nþð¾3endstream
-endobj
-1668 0 obj<</Type/Page/Parent 1367 0 R/Contents 1669 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1070 0 R>>endobj
-1669 0 obj<</Filter/FlateDecode/Length 1576      >>stream
+‡¸Ue¥s½~œô� rÄUmi¬•¥Ïh¡¥ÀË€‹_	R >†½´µ(%Ý.h#ßÕ.Ùëg÷±ªÏ¨êg©SâPxHæÎ8p+Ô¤_ÈÈ*qKŦµYfmS„QeœàôÓ%�(³u0ElÇÓl’M3Ê%€˜ÆÇ^I=3©�ﺒ¹Ìø"®6æ©[ÓàŠ®n¿¿¹ûûæŽï矯æ��‡ýc:r+Ó銖ÀžÇDÔ<'¦T¯ïØ™“öÂ)DùêFµ[&܆ר2íQÙ*	Tß
`¨ÔÓZV?b¯Ša &cPkUž0/¶#íÕÙ»¯*FB+çe�(ßUë­LÏû•ÿÙ‚2Ñ
+ÖÖ€¼¤‹¹)×ÌêTÍßÈÖ`À"4* ÎðÔZX
��°
Xcº‰F€Œnë^Õ°“à0áQ¦-~�Á]¼„öL+ü&¹Òª5C
+:Cà^ÃߪåÊÓ^^îš��¾Ë;;K;û
ÃbÄ];ñ©³d®Ç<åW¾Í¯ÿ¸½ù’ÓѯGßGK–ñû×nŸ��^Œy¸O¨€”V˜
ì±öVÂzq�™ñ@v롽Óc R|6¸ ¬Â'œj	»ã-™ö
!ðÆšvÙ'
ªÛ6[RèŒ~–ô¬}ürÏ¡ZâÕÂ1¿Ø^'ÉDaðª‡Ôß×,�kö=ÀoÂOÆUÑø§ƒÊ™ ^
‹
¹·?ÐŽcˆ`sÜÈÚÊge:üÁFUtpíׇ!bÆCìy:äȯU²�Æ[ÿíM,ùQFsj»¦€íÀ™¾H_(ãNóë]çwrÛÚ|r6LcmZWh¯[®âR†Xƒ%C¿žwµÖ½´HÂÕÅ×�„D£š+3À�ž¢¹`ï±ÙII‡Ì!
«qÊ+4PéßNZ¡ '©ÁFKÙßjA±NÂ`…Ž­½Aºà[Æ-9… §¥…åhÂ÷Û± §àÈI«Q;Qðà��‰w&|lT
|ÑyÓÀKtU®D«\¯cÈ@¬pDœf"ÿ[KBAÀ[];$³æˆ÷f‚C%Þ6h
fÛaj/ì…µZòe
íÚ=��¼R*lfƒÏ‹7À/Bálœiµ�ºl#ÉVÍÓ‰d›Ø(­©•¼Ô±X’¾±lSõø÷I Ñ»@F%¿N¼c+Œ	ûõF9²ÄB
¼ªD
ø¾¢¸6q6öΩ]»õÎÚÄIøÒÑôp|'k¨u§ûŒ/–>9ƒ?=|E�~ºHö?šá‚¿˜Ðl2ÆuŽs$´°æ+2úhÊn·2y¦ƒíƒóá%?ÿý�3�]d³³1!|=šŽùµ›ü௃ÿ
Žïendstream
+endobj
+1673 0 obj<</Type/Page/Parent 1372 0 R/Contents 1674 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
+1674 0 obj<</Filter/FlateDecode/Length 1711      >>stream
+x
}WmoÛ6þž_q0Ìj;~‰ã]�¦k‡k›5Ù†ùBK”ÍF"UR²ã¿çHJ–�f	8y/Ï=÷ÜéÇÙ„Îñ;¡Ë)Í”–gç£sšÍ§£Í——ø<ÅŸ•”Ÿ]Ý��?¾¢Éœîr\Y,ñ!#??§»t0��f£ËÝIWÓå‹»ï8=§É$œN/qzðµÑTo$¥¦,…Ω‹xj@®\¥…’º¦ñøêú�Û_ÿùðu|÷éæØÜ`DßLCncš"c{šV’*kʪ–åÆ’ J8·36ógùþ9
'³Ñ”È7'}4íQ2¹ÿ_¤©iÄNr/Ìz
»J×Æ?o´z¤•y¤�ª7#ºÎýÉ�À>ÁðÚ 8{â¼µîã™O€†ÓÛø@‹R¾!SÕʬàQê¬
.BG…ÒrDrýúYOüŽÇ+µvÒn¥×e—ßÍFgFýZ-F\ÛÁgSË×t]“rTçÔª`†\%S•ï�±…Ñë�7WØZ΄„CAŠÂìÜó‘¢ÜG±�DÞEú‹“©•õ³
Ñ©ôµ…¤=Ž�‹ë¾–(bLÀ··I$NWÇÌè_ýs�›á°´¼*¥sb
à¯ó“ UMNì%JoE¡2Ò²ÿˆQHØ_ >W@!Ì5HY�ý`­LëbONÖMªq–b”��¢³i¬(×ù[‰¬#{ÏO¡$쥕pLc?z|ØaD6b+
‹ÈÌÎAÃ8º SgP<ÏßÎ:¹½«eyÿ‚VMM™Ê(ð±RàBvMU[ûD¾%¾;
	ùø¦BÚfœŒˆOá›~d–’#É%p£sµn¬ðm
Ø”Ž ñe¶ÊÓƒ±Ö~—¦ R=¢�S�¾ïz2ä)ÃHp>RÐ<teÒ�*äVIÛ• „ �ZoNÒ“Ú4ë
ùÃmXm³Cdm
<+
¥ø-ñýìAŒ%gjt9ŽèýF¦\t¯,¬1•°eëÄç>?xh�rîmB].R§vä¥_G+EôðöÓnùC¢»—£ÌG/‚ÃáôâP:ß‚(–�q™ˆ]‰fdY@Zá�ZæØêøãadÊ7iÕœôú€d�bÆ쫨Z‡;YTô6Z|,¶š6`JòW½ ´«m“2�ÜÑ<‘^ÞDÁÍãA¯7QDéǦDn¥D¸h¡@3#Å�æŠENÒŽÛ�“¯Ÿ„Ú‹
yžê½?f‡³Ic?_—q¾.�¯Ád˜¯_‚Æܼ÷~½ÈEDÂ…\P'Ú*¹£{üt³öØlœ³;UP3î	C$$šcÚz.¢ï%™Áˆð8a½w
+3fw„0—v%@g
ÖcXP±ªðô€YÏ>Ht˜W?‘?Æ–íÀw_h½šæ(S†f…ˆ©f-ñöŒÓ+…hýp‚'S4­¤°³d+½Îœ¥òÔìeÓ¸&0ƒe5£Õ
 oðšÕŽ4ô
W
LY Yk
+¬*Ïh¨jX3ÂX„3.§c4(q>
1ÝÑ:\†?Ñó\=bt0jÂq5bõ‚Éæ:�ì	n«ír}CøTP€œ:Z´kH‚bºX“Äo@È™Šl+0{Á�´«*N±XÛ÷¾~�ÿŸhtÐ(ð‰¹ò´6[%è÷Ï·Œð‘7¬¾vоó£Œ{ÚÛÏø(?TÀRQnŒ«ÁnžhÏ„eöHõâ
+	ùó
tLú³:�²7±¯K("�몰:!Ý=OÚv¦žð‚7˜¸1ÿ„)^=Å
+䢡ܶViƒxI¥x@75Øf}¢IÈü0»vöÔë~à o5¶t˜YKwÿ"ºn‡×»Â™—Ìh_–¼Væ"å�	ªée�íp[�Ž¾ZVþh¨OŽç:�ŠÞ®V"’,¼¢8I[ÔXC*ø0í}Œn$våÛOÉÝF¥¯Âqƒ7¼Áûüÿ�L+Eºñ‹ô74`«qŒÕ‰G�œO	€´¼|„zy©ò6oû�‡1ÍÈG†Ã7,ÄX8Ú™ú?–„-[¡© $˜„Xh¡HŒ6VE©¶œoå‘ØArX’ ¦{ì«ÛM0®z´r’ êP#N/ÁÜnè%_¬ª�aûxÌ䫵e­=ö¸±³`.öµ—x÷�åØ"YPðŠÚîc³ïñÇe|ï›,𞹜ÑârÉ+Üí»OWïèÆšïàýnÒ¦ÄÝžŒÅãÃËóW~å{òâ9_,G‹‹iØ'ó»ûpwö×Ù¦-¾
endstream
+endobj
+1675 0 obj<</Type/Page/Parent 1372 0 R/Contents 1676 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 1068 0 R>>endobj
+1676 0 obj<</Filter/FlateDecode/Length 1576      >>stream
 x
�WÛnÛF}÷WLõˆiQ’%9€Ñ:�møÁ®k3
ŠºVäRbBî²\ÒŠþ¾gf©í^D¡HîÜΙ3£¿ŽBàoHÓ!�&Gƒ`@“é$Òx6Åõÿ*M©<ÏNƒÙkFãÙë'†á ˜¼r^ƒAûñp}t6Äñp|ŠÏ‚Âé^ü·œ�ÂIˆ ‡RÐp2	¦í7~ú!::¹SR”"•ÉlJQ"ÖÅý¥uµTžÛ¥YŽLlEkÛTç™65=õqÃ5s£ëw¤ë8xzû6ú
-›gÁÛ<…
.“þpŒ‚³€"íj:ó¯í\Ùuÿ¡1T/5Ŷ(”Iü[§m€}‚jœ¦ïïé	>Ü\?^>üvùðôÝÞšìô»mÈ-m“'4×TV¶(k�HŠJåÜÊV	»3œTû*[Ðq8B9ÐõÚx8®2×lÅ5q¬�K›<_÷¨À¥Zè€nR2¶Þ­èþgr6­W
-DÈe&¶U¥ã:_ãÚÕ(.ŒÙªãVŠìŠy[“œ¨Pß4ÜÞ¼Õ”HPêŠF)
"œÌ”gF³[ÚZãHÚ ‚Ö-°Œnê7–œ¥Ò:—Í
y½T’9]=³YeÞÔ„Ê}#Ûà‚’ŠŒ*ð¶e¿ùII•ÞG‘{
-S\ÇÅa4`½è¤­ÁC‚¦ž˜=§OÀøîâö²ÇÖùìuQþ	£q�YC6Ý¥¶Bâšz»­7¶ÄñuÜI\iM’™ÅÆú–̉z]êDPåoi†êJiöUÅ¥Y8É´Pk°Pr€w€ª,ñJÇ­-9𗵧"[,A7®?Ë–b¶‚uÛvÖ€=N›Ä‘6qµZo ’Ã]ªgÉøäj×Aíû[ú;:ïDg,ßØÉBŸÉãoAHD)ú.uÞØMe(«i®bð½lQ´ï’ê?‹dΫB884ˆ>ü²PÌsk¿5%ßRtù]?üò©« *“cûxÃDá-HÄåfZ/*C\sfO
-�GUÌÕ¦¸ÐŸÁ	»rèsÐr+D:Ж©{¸¹'�¼‚\0qùN¡\�ö™W°‚ÿ!±¿ÿ6²´IëÄr[ž×O�·Ý�>c™¥
-6V@H�m¦©¥eÛþÄ]ôË×ú<×ÜŽ…ßÛ¬Ö¤*3ÒY·4®Îò\ìƒ})§³‘
CŒµ"I²eß¾u˜¦¨(œïD* Û}•{•Êe¥S
-•)±‡S[ÐsZkwȧ>óQÑN	PÚV
-©/5FB…,WuSþmÃ
mÃC7[Ú^aäøÁ‰a†ñ€² ŽˆÁƒ-ð{YÂ`”]�­*.³¥=™g	Næ6Vy‡4[¾øÍG­‘‰A®Ôq–fЪ½‚?½=à,äG‰ú[JlÃW�ž¶¥aj¯g:~}:"A~tn"uKÌŒHÖ¦v®fæYåY²•£
QìèU?”‘|̓‹ç"[wÜV�1Ì+tã]$Þ=™A‘Æñƒ]Ñ·Ý+à¾0LŠ®ŒBzK5Ïò¬óÑç ÊÅÊÞq�ëg�ó4j*~·°	¯
ŒŽˆ~ëå¸ZÚf_�·§Î[IaÛûÒ{q÷ÑßÚ)øFçÛ/ô»¤/wÑ—[cBµ3`³k‰žo6*.}‡%eÔ_VÃÑÅUtù ûj‚‚2wš²´UWxG|ÍÀS_ú•‘`6róN	âù±2bä5ôx4Þ®Œã€E\ ‚#Ôtt?VJZË26¶ˆ[
-¨ŸðÄ~¢WN´]2�ò–fh´Ê©�Æá9“¥^›Û-}Îý“¦YœáUߥ­}ŽcO|Äv$à°/Ñf¬(ÜØ?Ég`«ò`­x‡*,ˆ­æ|éM3ß–,½ˆ¥™»¸Êxðuû7·KÍ-
-3œ¿7µÒs4×ökZÖuùþäd…¿jج€¼}ìk¶ß&K°åGQ©#†ð@à7‡¬á?|f#š†ÃÇ‹Ût_Ù¯¼~´qSà—ƒâ
ˆOoOg¯ÿLOfÁätbÝp<âc—ÑѯG�;endstream
-endobj
-1670 0 obj<</Count 36/First 1671 0 R/Last 1920 0 R>>endobj
-1671 0 obj<</Parent 1670 0 R/Title(Table of Contents)/Dest[1370 0 R/XYZ 0 756 0]/Next 1672 0 R>>endobj
-1672 0 obj<</Parent 1670 0 R/Count -1/First 1673 0 R/Last 1673 0 R/Title(SAMBA Project Documentation)/Dest[1384 0 R/XYZ 0 786 0]/Prev 1671 0 R/Next 1674 0 R>>endobj
-1673 0 obj<</Parent 1672 0 R/Title(SAMBA Team)/Dest[1384 0 R/XYZ 0 762 0]>>endobj
-1674 0 obj<</Parent 1670 0 R/Title(Abstract)/Dest[1386 0 R/XYZ 0 786 0]/Prev 1672 0 R/Next 1675 0 R>>endobj
-1675 0 obj<</Parent 1670 0 R/Title(I. General installation)/Dest[1394 0 R/XYZ 0 786 0]/Prev 1674 0 R/Next 1676 0 R>>endobj
-1676 0 obj<</Parent 1670 0 R/Title(Introduction)/Dest[1396 0 R/XYZ 0 786 0]/Prev 1675 0 R/Next 1677 0 R>>endobj
-1677 0 obj<</Parent 1670 0 R/Count -10/First 1678 0 R/Last 1689 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[1400 0 R/XYZ 0 786 0]/Prev 1676 0 R/Next 1696 0 R>>endobj
-1678 0 obj<</Parent 1677 0 R/Title(1.1. Read the man pages)/Dest[1400 0 R/XYZ 0 762 0]/Next 1679 0 R>>endobj
-1679 0 obj<</Parent 1677 0 R/Title(1.2. Building the Binaries)/Dest[1400 0 R/XYZ 0 621 0]/Prev 1678 0 R/Next 1680 0 R>>endobj
-1680 0 obj<</Parent 1677 0 R/Title(1.3. The all important step)/Dest[1400 0 R/XYZ 0 216 0]/Prev 1679 0 R/Next 1681 0 R>>endobj
-1681 0 obj<</Parent 1677 0 R/Title(1.4. Create the smb configuration file.)/Dest[1402 0 R/XYZ 0 786 0]/Prev 1680 0 R/Next 1682 0 R>>endobj
-1682 0 obj<</Parent 1677 0 R/Title(1.5. Test your config file with testparm)/Dest[1402 0 R/XYZ 0 437 0]/Prev 1681 0 R/Next 1683 0 R>>endobj
-1683 0 obj<</Parent 1677 0 R/Count -2/First 1684 0 R/Last 1685 0 R/Title(1.6. Starting the smbd and nmbd)/Dest[1402 0 R/XYZ 0 309 0]/Prev 1682 0 R/Next 1686 0 R>>endobj
-1684 0 obj<</Parent 1683 0 R/Title(1.6.1. Starting from inetd.conf)/Dest[1404 0 R/XYZ 0 786 0]/Next 1685 0 R>>endobj
-1685 0 obj<</Parent 1683 0 R/Title(1.6.2. Alternative: starting it as a daemon)/Dest[1404 0 R/XYZ 0 299 0]/Prev 1684 0 R>>endobj
-1686 0 obj<</Parent 1677 0 R/Title(1.7. Try listing the shares available on your server)/Dest[1406 0 R/XYZ 0 718 0]/Prev 1683 0 R/Next 1687 0 R>>endobj
-1687 0 obj<</Parent 1677 0 R/Title(1.8. Try connecting with the unix client)/Dest[1406 0 R/XYZ 0 551 0]/Prev 1686 0 R/Next 1688 0 R>>endobj
-1688 0 obj<</Parent 1677 0 R/Title(1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client)/Dest[1406 0 R/XYZ 0 383 0]/Prev 1687 0 R/Next 1689 0 R>>endobj
-1689 0 obj<</Parent 1677 0 R/Count -6/First 1690 0 R/Last 1695 0 R/Title(1.10. What If Things Don't Work?)/Dest[1408 0 R/XYZ 0 786 0]/Prev 1688 0 R>>endobj
-1690 0 obj<</Parent 1689 0 R/Title(1.10.1. Diagnosing Problems)/Dest[1408 0 R/XYZ 0 605 0]/Next 1691 0 R>>endobj
-1691 0 obj<</Parent 1689 0 R/Title(1.10.2. Scope IDs)/Dest[1408 0 R/XYZ 0 547 0]/Prev 1690 0 R/Next 1692 0 R>>endobj
-1692 0 obj<</Parent 1689 0 R/Title(1.10.3. Choosing the Protocol Level)/Dest[1408 0 R/XYZ 0 462 0]/Prev 1691 0 R/Next 1693 0 R>>endobj
-1693 0 obj<</Parent 1689 0 R/Title(1.10.4. Printing from UNIX to a Client PC)/Dest[1410 0 R/XYZ 0 786 0]/Prev 1692 0 R/Next 1694 0 R>>endobj
-1694 0 obj<</Parent 1689 0 R/Title(1.10.5. Locking)/Dest[1410 0 R/XYZ 0 635 0]/Prev 1693 0 R/Next 1695 0 R>>endobj
-1695 0 obj<</Parent 1689 0 R/Title(1.10.6. Mapping Usernames)/Dest[1410 0 R/XYZ 0 181 0]/Prev 1694 0 R>>endobj
-1696 0 obj<</Parent 1670 0 R/Count -11/First 1697 0 R/Last 1708 0 R/Title(Chapter 2. Improved browsing in samba)/Dest[1414 0 R/XYZ 0 786 0]/Prev 1677 0 R/Next 1709 0 R>>endobj
-1697 0 obj<</Parent 1696 0 R/Title(2.1. Overview of browsing)/Dest[1414 0 R/XYZ 0 762 0]/Next 1698 0 R>>endobj
-1698 0 obj<</Parent 1696 0 R/Title(2.2. Browsing support in samba)/Dest[1414 0 R/XYZ 0 568 0]/Prev 1697 0 R/Next 1699 0 R>>endobj
-1699 0 obj<</Parent 1696 0 R/Title(2.3. Problem resolution)/Dest[1414 0 R/XYZ 0 189 0]/Prev 1698 0 R/Next 1700 0 R>>endobj
-1700 0 obj<</Parent 1696 0 R/Count -1/First 1701 0 R/Last 1701 0 R/Title(2.4. Browsing across subnets)/Dest[1416 0 R/XYZ 0 586 0]/Prev 1699 0 R/Next 1702 0 R>>endobj
-1701 0 obj<</Parent 1700 0 R/Title(2.4.1. How does cross subnet browsing work ?)/Dest[1416 0 R/XYZ 0 326 0]>>endobj
-1702 0 obj<</Parent 1696 0 R/Title(2.5. Setting up a WINS server)/Dest[1422 0 R/XYZ 0 613 0]/Prev 1700 0 R/Next 1703 0 R>>endobj
-1703 0 obj<</Parent 1696 0 R/Title(2.6. Setting up Browsing in a WORKGROUP)/Dest[1424 0 R/XYZ 0 665 0]/Prev 1702 0 R/Next 1704 0 R>>endobj
-1704 0 obj<</Parent 1696 0 R/Title(2.7. Setting up Browsing in a DOMAIN)/Dest[1426 0 R/XYZ 0 675 0]/Prev 1703 0 R/Next 1705 0 R>>endobj
-1705 0 obj<</Parent 1696 0 R/Title(2.8. Forcing samba to be the master)/Dest[1426 0 R/XYZ 0 319 0]/Prev 1704 0 R/Next 1706 0 R>>endobj
-1706 0 obj<</Parent 1696 0 R/Title(2.9. Making samba the domain master)/Dest[1428 0 R/XYZ 0 573 0]/Prev 1705 0 R/Next 1707 0 R>>endobj
-1707 0 obj<</Parent 1696 0 R/Title(2.10. Note about broadcast addresses)/Dest[1430 0 R/XYZ 0 786 0]/Prev 1706 0 R/Next 1708 0 R>>endobj
-1708 0 obj<</Parent 1696 0 R/Title(2.11. Multiple interfaces)/Dest[1430 0 R/XYZ 0 698 0]/Prev 1707 0 R>>endobj
-1709 0 obj<</Parent 1670 0 R/Count -1/First 1710 0 R/Last 1710 0 R/Title(Chapter 3. Oplocks)/Dest[1432 0 R/XYZ 0 786 0]/Prev 1696 0 R/Next 1711 0 R>>endobj
-1710 0 obj<</Parent 1709 0 R/Title(3.1. What are oplocks?)/Dest[1432 0 R/XYZ 0 762 0]>>endobj
-1711 0 obj<</Parent 1670 0 R/Count -6/First 1712 0 R/Last 1717 0 R/Title(Chapter 4. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide)/Dest[1434 0 R/XYZ 0 786 0]/Prev 1709 0 R/Next 1718 0 R>>endobj
-1712 0 obj<</Parent 1711 0 R/Title(4.1. Discussion)/Dest[1434 0 R/XYZ 0 657 0]/Next 1713 0 R>>endobj
-1713 0 obj<</Parent 1711 0 R/Title(4.2. Use of the "Remote Announce" parameter)/Dest[1434 0 R/XYZ 0 212 0]/Prev 1712 0 R/Next 1714 0 R>>endobj
-1714 0 obj<</Parent 1711 0 R/Title(4.3. Use of the "Remote Browse Sync" parameter)/Dest[1436 0 R/XYZ 0 536 0]/Prev 1713 0 R/Next 1715 0 R>>endobj
-1715 0 obj<</Parent 1711 0 R/Title(4.4. Use of WINS)/Dest[1436 0 R/XYZ 0 357 0]/Prev 1714 0 R/Next 1716 0 R>>endobj
-1716 0 obj<</Parent 1711 0 R/Title(4.5. Do NOT use more than one \(1\) protocol on MS Windows machines)/Dest[1438 0 R/XYZ 0 520 0]/Prev 1715 0 R/Next 1717 0 R>>endobj
-1717 0 obj<</Parent 1711 0 R/Title(4.6. Name Resolution Order)/Dest[1438 0 R/XYZ 0 240 0]/Prev 1716 0 R>>endobj
-1718 0 obj<</Parent 1670 0 R/Count -3/First 1719 0 R/Last 1723 0 R/Title(Chapter 5. LanMan and NT Password Encryption in Samba)/Dest[1442 0 R/XYZ 0 786 0]/Prev 1711 0 R/Next 1724 0 R>>endobj
-1719 0 obj<</Parent 1718 0 R/Title(5.1. Introduction)/Dest[1442 0 R/XYZ 0 738 0]/Next 1720 0 R>>endobj
-1720 0 obj<</Parent 1718 0 R/Count -2/First 1721 0 R/Last 1722 0 R/Title(5.2. Important Notes About Security)/Dest[1442 0 R/XYZ 0 584 0]/Prev 1719 0 R/Next 1723 0 R>>endobj
-1721 0 obj<</Parent 1720 0 R/Title(5.2.1. Advantages of SMB Encryption)/Dest[1444 0 R/XYZ 0 786 0]/Next 1722 0 R>>endobj
-1722 0 obj<</Parent 1720 0 R/Title(5.2.2. Advantages of non-encrypted passwords)/Dest[1444 0 R/XYZ 0 662 0]/Prev 1721 0 R>>endobj
-1723 0 obj<</Parent 1718 0 R/Title(5.3. The smbpasswd Command)/Dest[1444 0 R/XYZ 0 564 0]/Prev 1720 0 R>>endobj
-1724 0 obj<</Parent 1670 0 R/Title(II. Type of installation)/Dest[1448 0 R/XYZ 0 786 0]/Prev 1718 0 R/Next 1725 0 R>>endobj
-1725 0 obj<</Parent 1670 0 R/Title(Introduction)/Dest[1450 0 R/XYZ 0 786 0]/Prev 1724 0 R/Next 1726 0 R>>endobj
-1726 0 obj<</Parent 1670 0 R/Count -9/First 1727 0 R/Last 1740 0 R/Title(Chapter 6. How to Configure Samba as a NT4 Primary Domain Controller)/Dest[1452 0 R/XYZ 0 786 0]/Prev 1725 0 R/Next 1741 0 R>>endobj
-1727 0 obj<</Parent 1726 0 R/Title(6.1. Prerequisite Reading)/Dest[1452 0 R/XYZ 0 738 0]/Next 1728 0 R>>endobj
-1728 0 obj<</Parent 1726 0 R/Title(6.2. Background)/Dest[1452 0 R/XYZ 0 637 0]/Prev 1727 0 R/Next 1729 0 R>>endobj
-1729 0 obj<</Parent 1726 0 R/Title(6.3. Configuring the Samba Domain Controller)/Dest[1454 0 R/XYZ 0 771 0]/Prev 1728 0 R/Next 1730 0 R>>endobj
-1730 0 obj<</Parent 1726 0 R/Count -3/First 1731 0 R/Last 1733 0 R/Title(6.4. Creating Machine Trust Accounts and Joining Clients to the Domain)/Dest[1456 0 R/XYZ 0 665 0]/Prev 1729 0 R/Next 1734 0 R>>endobj
-1731 0 obj<</Parent 1730 0 R/Title(6.4.1. Manual Creation of Machine Trust Accounts)/Dest[1456 0 R/XYZ 0 279 0]/Next 1732 0 R>>endobj
-1732 0 obj<</Parent 1730 0 R/Title(6.4.2. "On-the-Fly" Creation of Machine Trust Accounts)/Dest[1458 0 R/XYZ 0 372 0]/Prev 1731 0 R/Next 1733 0 R>>endobj
-1733 0 obj<</Parent 1730 0 R/Title(6.4.3. Joining the Client to the Domain)/Dest[1460 0 R/XYZ 0 786 0]/Prev 1732 0 R>>endobj
-1734 0 obj<</Parent 1726 0 R/Title(6.5. Common Problems and Errors)/Dest[1460 0 R/XYZ 0 437 0]/Prev 1730 0 R/Next 1735 0 R>>endobj
-1735 0 obj<</Parent 1726 0 R/Title(6.6. System Policies and Profiles)/Dest[1462 0 R/XYZ 0 182 0]/Prev 1734 0 R/Next 1736 0 R>>endobj
-1736 0 obj<</Parent 1726 0 R/Title(6.7. What other help can I get?)/Dest[1464 0 R/XYZ 0 177 0]/Prev 1735 0 R/Next 1737 0 R>>endobj
-1737 0 obj<</Parent 1726 0 R/Count -2/First 1738 0 R/Last 1739 0 R/Title(6.8. Domain Control for Windows 9x/ME)/Dest[1470 0 R/XYZ 0 560 0]/Prev 1736 0 R/Next 1740 0 R>>endobj
-1738 0 obj<</Parent 1737 0 R/Title(6.8.1. Configuration Instructions: Network Logons)/Dest[1472 0 R/XYZ 0 573 0]/Next 1739 0 R>>endobj
-1739 0 obj<</Parent 1737 0 R/Title(6.8.2. Configuration Instructions: Setting up Roaming User Profiles)/Dest[1474 0 R/XYZ 0 786 0]/Prev 1738 0 R>>endobj
-1740 0 obj<</Parent 1726 0 R/Title(6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[1482 0 R/XYZ 0 771 0]/Prev 1737 0 R>>endobj
-1741 0 obj<</Parent 1670 0 R/Count -5/First 1742 0 R/Last 1748 0 R/Title(Chapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain)/Dest[1486 0 R/XYZ 0 786 0]/Prev 1726 0 R/Next 1750 0 R>>endobj
-1742 0 obj<</Parent 1741 0 R/Title(7.1. Prerequisite Reading)/Dest[1486 0 R/XYZ 0 738 0]/Next 1743 0 R>>endobj
-1743 0 obj<</Parent 1741 0 R/Title(7.2. Background)/Dest[1486 0 R/XYZ 0 650 0]/Prev 1742 0 R/Next 1744 0 R>>endobj
-1744 0 obj<</Parent 1741 0 R/Count -2/First 1745 0 R/Last 1746 0 R/Title(7.3. What qualifies a Domain Controller on the network?)/Dest[1486 0 R/XYZ 0 278 0]/Prev 1743 0 R/Next 1747 0 R>>endobj
-1745 0 obj<</Parent 1744 0 R/Title(7.3.1. How does a Workstation find its domain controller?)/Dest[1488 0 R/XYZ 0 786 0]/Next 1746 0 R>>endobj
-1746 0 obj<</Parent 1744 0 R/Title(7.3.2. When is the PDC needed?)/Dest[1488 0 R/XYZ 0 662 0]/Prev 1745 0 R>>endobj
-1747 0 obj<</Parent 1741 0 R/Title(7.4. Can Samba be a Backup Domain Controller?)/Dest[1488 0 R/XYZ 0 577 0]/Prev 1744 0 R/Next 1748 0 R>>endobj
-1748 0 obj<</Parent 1741 0 R/Count -1/First 1749 0 R/Last 1749 0 R/Title(7.5. How do I set up a Samba BDC?)/Dest[1488 0 R/XYZ 0 436 0]/Prev 1747 0 R>>endobj
-1749 0 obj<</Parent 1748 0 R/Title(7.5.1. How do I replicate the smbpasswd file?)/Dest[1490 0 R/XYZ 0 673 0]>>endobj
-1750 0 obj<</Parent 1670 0 R/Count -8/First 1751 0 R/Last 1759 0 R/Title(Chapter 8. Samba as a ADS domain member)/Dest[1492 0 R/XYZ 0 786 0]/Prev 1741 0 R/Next 1760 0 R>>endobj
-1751 0 obj<</Parent 1750 0 R/Title(8.1. Installing the required packages for Debian)/Dest[1492 0 R/XYZ 0 577 0]/Next 1752 0 R>>endobj
-1752 0 obj<</Parent 1750 0 R/Title(8.2. Installing the required packages for RedHat)/Dest[1492 0 R/XYZ 0 470 0]/Prev 1751 0 R/Next 1753 0 R>>endobj
-1753 0 obj<</Parent 1750 0 R/Title(8.3. Compile Samba)/Dest[1492 0 R/XYZ 0 294 0]/Prev 1752 0 R/Next 1754 0 R>>endobj
-1754 0 obj<</Parent 1750 0 R/Title(8.4. Setup your /etc/krb5.conf)/Dest[1494 0 R/XYZ 0 609 0]/Prev 1753 0 R/Next 1755 0 R>>endobj
-1755 0 obj<</Parent 1750 0 R/Count -1/First 1756 0 R/Last 1756 0 R/Title(8.5. Create the computer account)/Dest[1494 0 R/XYZ 0 293 0]/Prev 1754 0 R/Next 1757 0 R>>endobj
-1756 0 obj<</Parent 1755 0 R/Title(8.5.1. Possible errors)/Dest[1494 0 R/XYZ 0 204 0]>>endobj
-1757 0 obj<</Parent 1750 0 R/Title(8.6. Test your server setup)/Dest[1496 0 R/XYZ 0 745 0]/Prev 1755 0 R/Next 1758 0 R>>endobj
-1758 0 obj<</Parent 1750 0 R/Title(8.7. Testing with smbclient)/Dest[1496 0 R/XYZ 0 656 0]/Prev 1757 0 R/Next 1759 0 R>>endobj
-1759 0 obj<</Parent 1750 0 R/Title(8.8. Notes)/Dest[1496 0 R/XYZ 0 581 0]/Prev 1758 0 R>>endobj
-1760 0 obj<</Parent 1670 0 R/Count -3/First 1761 0 R/Last 1763 0 R/Title(Chapter 9. Samba as a NT4 domain member)/Dest[1498 0 R/XYZ 0 786 0]/Prev 1750 0 R/Next 1764 0 R>>endobj
-1761 0 obj<</Parent 1760 0 R/Title(9.1. Joining an NT Domain with Samba 2.2)/Dest[1498 0 R/XYZ 0 762 0]/Next 1762 0 R>>endobj
-1762 0 obj<</Parent 1760 0 R/Title(9.2. Samba and Windows 2000 Domains)/Dest[1500 0 R/XYZ 0 415 0]/Prev 1761 0 R/Next 1763 0 R>>endobj
-1763 0 obj<</Parent 1760 0 R/Title(9.3. Why is this better than security = server?)/Dest[1500 0 R/XYZ 0 207 0]/Prev 1762 0 R>>endobj
-1764 0 obj<</Parent 1670 0 R/Title(III. Optional configuration)/Dest[1504 0 R/XYZ 0 786 0]/Prev 1760 0 R/Next 1765 0 R>>endobj
-1765 0 obj<</Parent 1670 0 R/Title(Introduction)/Dest[1506 0 R/XYZ 0 786 0]/Prev 1764 0 R/Next 1766 0 R>>endobj
-1766 0 obj<</Parent 1670 0 R/Count -6/First 1767 0 R/Last 1784 0 R/Title(Chapter 10. Integrating MS Windows networks with Samba)/Dest[1512 0 R/XYZ 0 786 0]/Prev 1765 0 R/Next 1785 0 R>>endobj
-1767 0 obj<</Parent 1766 0 R/Title(10.1. Agenda)/Dest[1512 0 R/XYZ 0 738 0]/Next 1768 0 R>>endobj
-1768 0 obj<</Parent 1766 0 R/Count -4/First 1769 0 R/Last 1772 0 R/Title(10.2. Name Resolution in a pure Unix/Linux world)/Dest[1512 0 R/XYZ 0 491 0]/Prev 1767 0 R/Next 1773 0 R>>endobj
-1769 0 obj<</Parent 1768 0 R/Title(10.2.1. /etc/hosts)/Dest[1512 0 R/XYZ 0 363 0]/Next 1770 0 R>>endobj
-1770 0 obj<</Parent 1768 0 R/Title(10.2.2. /etc/resolv.conf)/Dest[1514 0 R/XYZ 0 494 0]/Prev 1769 0 R/Next 1771 0 R>>endobj
-1771 0 obj<</Parent 1768 0 R/Title(10.2.3. /etc/host.conf)/Dest[1514 0 R/XYZ 0 356 0]/Prev 1770 0 R/Next 1772 0 R>>endobj
-1772 0 obj<</Parent 1768 0 R/Title(10.2.4. /etc/nsswitch.conf)/Dest[1514 0 R/XYZ 0 210 0]/Prev 1771 0 R>>endobj
-1773 0 obj<</Parent 1766 0 R/Count -5/First 1774 0 R/Last 1778 0 R/Title(10.3. Name resolution as used within MS Windows networking)/Dest[1516 0 R/XYZ 0 392 0]/Prev 1768 0 R/Next 1779 0 R>>endobj
-1774 0 obj<</Parent 1773 0 R/Title(10.3.1. The NetBIOS Name Cache)/Dest[1518 0 R/XYZ 0 319 0]/Next 1775 0 R>>endobj
-1775 0 obj<</Parent 1773 0 R/Title(10.3.2. The LMHOSTS file)/Dest[1520 0 R/XYZ 0 786 0]/Prev 1774 0 R/Next 1776 0 R>>endobj
-1776 0 obj<</Parent 1773 0 R/Title(10.3.3. HOSTS file)/Dest[1522 0 R/XYZ 0 512 0]/Prev 1775 0 R/Next 1777 0 R>>endobj
-1777 0 obj<</Parent 1773 0 R/Title(10.3.4. DNS Lookup)/Dest[1522 0 R/XYZ 0 414 0]/Prev 1776 0 R/Next 1778 0 R>>endobj
-1778 0 obj<</Parent 1773 0 R/Title(10.3.5. WINS Lookup)/Dest[1522 0 R/XYZ 0 276 0]/Prev 1777 0 R>>endobj
-1779 0 obj<</Parent 1766 0 R/Title(10.4. How browsing functions and how to deploy stable and dependable browsing using Samba)/Dest[1524 0 R/XYZ 0 723 0]/Prev 1773 0 R/Next 1780 0 R>>endobj
-1780 0 obj<</Parent 1766 0 R/Count -3/First 1781 0 R/Last 1783 0 R/Title(10.5. MS Windows security options and how to configure Samba for seemless integration)/Dest[1524 0 R/XYZ 0 179 0]/Prev 1779 0 R/Next 1784 0 R>>endobj
-1781 0 obj<</Parent 1780 0 R/Title(10.5.1. Use MS Windows NT as an authentication server)/Dest[1528 0 R/XYZ 0 786 0]/Next 1782 0 R>>endobj
-1782 0 obj<</Parent 1780 0 R/Title(10.5.2. Make Samba a member of an MS Windows NT security domain)/Dest[1528 0 R/XYZ 0 537 0]/Prev 1781 0 R/Next 1783 0 R>>endobj
-1783 0 obj<</Parent 1780 0 R/Title(10.5.3. Configure Samba as an authentication server)/Dest[1528 0 R/XYZ 0 185 0]/Prev 1782 0 R>>endobj
-1784 0 obj<</Parent 1766 0 R/Title(10.6. Conclusions)/Dest[1530 0 R/XYZ 0 316 0]/Prev 1780 0 R>>endobj
-1785 0 obj<</Parent 1670 0 R/Count -7/First 1786 0 R/Last 1794 0 R/Title(Chapter 11. UNIX Permission Bits and Windows NT Access Control Lists)/Dest[1532 0 R/XYZ 0 786 0]/Prev 1766 0 R/Next 1795 0 R>>endobj
-1786 0 obj<</Parent 1785 0 R/Title(11.1. Viewing and changing UNIX permissions using the NT security dialogs)/Dest[1532 0 R/XYZ 0 738 0]/Next 1787 0 R>>endobj
-1787 0 obj<</Parent 1785 0 R/Title(11.2. How to view file security on a Samba share)/Dest[1532 0 R/XYZ 0 550 0]/Prev 1786 0 R/Next 1788 0 R>>endobj
-1788 0 obj<</Parent 1785 0 R/Title(11.3. Viewing file ownership)/Dest[1532 0 R/XYZ 0 383 0]/Prev 1787 0 R/Next 1789 0 R>>endobj
-1789 0 obj<</Parent 1785 0 R/Count -2/First 1790 0 R/Last 1791 0 R/Title(11.4. Viewing file or directory permissions)/Dest[1534 0 R/XYZ 0 718 0]/Prev 1788 0 R/Next 1792 0 R>>endobj
-1790 0 obj<</Parent 1789 0 R/Title(11.4.1. File Permissions)/Dest[1534 0 R/XYZ 0 485 0]/Next 1791 0 R>>endobj
-1791 0 obj<</Parent 1789 0 R/Title(11.4.2. Directory Permissions)/Dest[1534 0 R/XYZ 0 241 0]/Prev 1790 0 R>>endobj
-1792 0 obj<</Parent 1785 0 R/Title(11.5. Modifying file or directory permissions)/Dest[1536 0 R/XYZ 0 745 0]/Prev 1789 0 R/Next 1793 0 R>>endobj
-1793 0 obj<</Parent 1785 0 R/Title(11.6. Interaction with the standard Samba create mask parameters)/Dest[1536 0 R/XYZ 0 313 0]/Prev 1792 0 R/Next 1794 0 R>>endobj
-1794 0 obj<</Parent 1785 0 R/Title(11.7. Interaction with the standard Samba file attribute mapping)/Dest[1540 0 R/XYZ 0 652 0]/Prev 1793 0 R>>endobj
-1795 0 obj<</Parent 1670 0 R/Count -3/First 1796 0 R/Last 1798 0 R/Title(Chapter 12. Configuring PAM for distributed but centrally managed authentication)/Dest[1542 0 R/XYZ 0 786 0]/Prev 1785 0 R/Next 1799 0 R>>endobj
-1796 0 obj<</Parent 1795 0 R/Title(12.1. Samba and PAM)/Dest[1542 0 R/XYZ 0 738 0]/Next 1797 0 R>>endobj
-1797 0 obj<</Parent 1795 0 R/Title(12.2. Distributed Authentication)/Dest[1544 0 R/XYZ 0 201 0]/Prev 1796 0 R/Next 1798 0 R>>endobj
-1798 0 obj<</Parent 1795 0 R/Title(12.3. PAM Configuration in smb.conf)/Dest[1546 0 R/XYZ 0 758 0]/Prev 1797 0 R>>endobj
-1799 0 obj<</Parent 1670 0 R/Count -1/First 1800 0 R/Last 1800 0 R/Title(Chapter 13. Hosting a Microsoft Distributed File System tree on Samba)/Dest[1548 0 R/XYZ 0 786 0]/Prev 1795 0 R/Next 1802 0 R>>endobj
-1800 0 obj<</Parent 1799 0 R/Count -1/First 1801 0 R/Last 1801 0 R/Title(13.1. Instructions)/Dest[1548 0 R/XYZ 0 738 0]>>endobj
-1801 0 obj<</Parent 1800 0 R/Title(13.1.1. Notes)/Dest[1550 0 R/XYZ 0 705 0]>>endobj
-1802 0 obj<</Parent 1670 0 R/Count -4/First 1803 0 R/Last 1815 0 R/Title(Chapter 14. Printing Support)/Dest[1552 0 R/XYZ 0 786 0]/Prev 1799 0 R/Next 1825 0 R>>endobj
-1803 0 obj<</Parent 1802 0 R/Title(14.1. Introduction)/Dest[1552 0 R/XYZ 0 762 0]/Next 1804 0 R>>endobj
-1804 0 obj<</Parent 1802 0 R/Count -5/First 1805 0 R/Last 1809 0 R/Title(14.2. Configuration)/Dest[1552 0 R/XYZ 0 370 0]/Prev 1803 0 R/Next 1810 0 R>>endobj
-1805 0 obj<</Parent 1804 0 R/Title(14.2.1. Creating [print$])/Dest[1552 0 R/XYZ 0 184 0]/Next 1806 0 R>>endobj
-1806 0 obj<</Parent 1804 0 R/Title(14.2.2. Setting Drivers for Existing Printers)/Dest[1556 0 R/XYZ 0 636 0]/Prev 1805 0 R/Next 1807 0 R>>endobj
-1807 0 obj<</Parent 1804 0 R/Title(14.2.3. Support a large number of printers)/Dest[1556 0 R/XYZ 0 221 0]/Prev 1806 0 R/Next 1808 0 R>>endobj
-1808 0 obj<</Parent 1804 0 R/Title(14.2.4. Adding New Printers via the Windows NT APW)/Dest[1558 0 R/XYZ 0 523 0]/Prev 1807 0 R/Next 1809 0 R>>endobj
-1809 0 obj<</Parent 1804 0 R/Title(14.2.5. Samba and Printer Ports)/Dest[1560 0 R/XYZ 0 350 0]/Prev 1808 0 R>>endobj
-1810 0 obj<</Parent 1802 0 R/Count -4/First 1811 0 R/Last 1814 0 R/Title(14.3. The Imprints Toolset)/Dest[1562 0 R/XYZ 0 786 0]/Prev 1804 0 R/Next 1815 0 R>>endobj
-1811 0 obj<</Parent 1810 0 R/Title(14.3.1. What is Imprints?)/Dest[1562 0 R/XYZ 0 685 0]/Next 1812 0 R>>endobj
-1812 0 obj<</Parent 1810 0 R/Title(14.3.2. Creating Printer Driver Packages)/Dest[1562 0 R/XYZ 0 560 0]/Prev 1811 0 R/Next 1813 0 R>>endobj
-1813 0 obj<</Parent 1810 0 R/Title(14.3.3. The Imprints server)/Dest[1562 0 R/XYZ 0 475 0]/Prev 1812 0 R/Next 1814 0 R>>endobj
-1814 0 obj<</Parent 1810 0 R/Title(14.3.4. The Installation Client)/Dest[1562 0 R/XYZ 0 377 0]/Prev 1813 0 R>>endobj
-1815 0 obj<</Parent 1802 0 R/Count -9/First 1816 0 R/Last 1824 0 R/Title(14.4. Diagnosis)/Dest[1564 0 R/XYZ 0 493 0]/Prev 1810 0 R>>endobj
-1816 0 obj<</Parent 1815 0 R/Title(14.4.1. Introduction)/Dest[1564 0 R/XYZ 0 472 0]/Next 1817 0 R>>endobj
-1817 0 obj<</Parent 1815 0 R/Title(14.4.2. Debugging printer problems)/Dest[1566 0 R/XYZ 0 532 0]/Prev 1816 0 R/Next 1818 0 R>>endobj
-1818 0 obj<</Parent 1815 0 R/Title(14.4.3. What printers do I have?)/Dest[1568 0 R/XYZ 0 745 0]/Prev 1817 0 R/Next 1819 0 R>>endobj
-1819 0 obj<</Parent 1815 0 R/Title(14.4.4. Setting up printcap and print servers)/Dest[1568 0 R/XYZ 0 564 0]/Prev 1818 0 R/Next 1820 0 R>>endobj
-1820 0 obj<</Parent 1815 0 R/Title(14.4.5. Job sent, no output)/Dest[1570 0 R/XYZ 0 786 0]/Prev 1819 0 R/Next 1821 0 R>>endobj
-1821 0 obj<</Parent 1815 0 R/Title(14.4.6. Job sent, strange output)/Dest[1570 0 R/XYZ 0 447 0]/Prev 1820 0 R/Next 1822 0 R>>endobj
-1822 0 obj<</Parent 1815 0 R/Title(14.4.7. Raw PostScript printed)/Dest[1572 0 R/XYZ 0 771 0]/Prev 1821 0 R/Next 1823 0 R>>endobj
-1823 0 obj<</Parent 1815 0 R/Title(14.4.8. Advanced Printing)/Dest[1572 0 R/XYZ 0 686 0]/Prev 1822 0 R/Next 1824 0 R>>endobj
-1824 0 obj<</Parent 1815 0 R/Title(14.4.9. Real debugging)/Dest[1572 0 R/XYZ 0 588 0]/Prev 1823 0 R>>endobj
-1825 0 obj<</Parent 1670 0 R/Count -2/First 1826 0 R/Last 1827 0 R/Title(Chapter 15. Security levels)/Dest[1574 0 R/XYZ 0 786 0]/Prev 1802 0 R/Next 1828 0 R>>endobj
-1826 0 obj<</Parent 1825 0 R/Title(15.1. Introduction)/Dest[1574 0 R/XYZ 0 762 0]/Next 1827 0 R>>endobj
-1827 0 obj<</Parent 1825 0 R/Title(15.2. More complete description of security levels)/Dest[1574 0 R/XYZ 0 520 0]/Prev 1826 0 R>>endobj
-1828 0 obj<</Parent 1670 0 R/Count -7/First 1829 0 R/Last 1844 0 R/Title(Chapter 16. Unified Logons between Windows NT and UNIX using Winbind)/Dest[1578 0 R/XYZ 0 786 0]/Prev 1825 0 R/Next 1845 0 R>>endobj
-1829 0 obj<</Parent 1828 0 R/Title(16.1. Abstract)/Dest[1578 0 R/XYZ 0 738 0]/Next 1830 0 R>>endobj
-1830 0 obj<</Parent 1828 0 R/Title(16.2. Introduction)/Dest[1578 0 R/XYZ 0 597 0]/Prev 1829 0 R/Next 1831 0 R>>endobj
-1831 0 obj<</Parent 1828 0 R/Count -1/First 1832 0 R/Last 1832 0 R/Title(16.3. What Winbind Provides)/Dest[1578 0 R/XYZ 0 284 0]/Prev 1830 0 R/Next 1833 0 R>>endobj
-1832 0 obj<</Parent 1831 0 R/Title(16.3.1. Target Uses)/Dest[1580 0 R/XYZ 0 613 0]>>endobj
-1833 0 obj<</Parent 1828 0 R/Count -5/First 1834 0 R/Last 1838 0 R/Title(16.4. How Winbind Works)/Dest[1580 0 R/XYZ 0 462 0]/Prev 1831 0 R/Next 1839 0 R>>endobj
-1834 0 obj<</Parent 1833 0 R/Title(16.4.1. Microsoft Remote Procedure Calls)/Dest[1580 0 R/XYZ 0 347 0]/Next 1835 0 R>>endobj
-1835 0 obj<</Parent 1833 0 R/Title(16.4.2. Name Service Switch)/Dest[1582 0 R/XYZ 0 786 0]/Prev 1834 0 R/Next 1836 0 R>>endobj
-1836 0 obj<</Parent 1833 0 R/Title(16.4.3. Pluggable Authentication Modules)/Dest[1582 0 R/XYZ 0 345 0]/Prev 1835 0 R/Next 1837 0 R>>endobj
-1837 0 obj<</Parent 1833 0 R/Title(16.4.4. User and Group ID Allocation)/Dest[1584 0 R/XYZ 0 718 0]/Prev 1836 0 R/Next 1838 0 R>>endobj
-1838 0 obj<</Parent 1833 0 R/Title(16.4.5. Result Caching)/Dest[1584 0 R/XYZ 0 541 0]/Prev 1837 0 R>>endobj
-1839 0 obj<</Parent 1828 0 R/Count -3/First 1840 0 R/Last 1842 0 R/Title(16.5. Installation and Configuration)/Dest[1584 0 R/XYZ 0 403 0]/Prev 1833 0 R/Next 1843 0 R>>endobj
-1840 0 obj<</Parent 1839 0 R/Title(16.5.1. Introduction)/Dest[1584 0 R/XYZ 0 262 0]/Next 1841 0 R>>endobj
-1841 0 obj<</Parent 1839 0 R/Title(16.5.2. Requirements)/Dest[1586 0 R/XYZ 0 652 0]/Prev 1840 0 R/Next 1842 0 R>>endobj
-1842 0 obj<</Parent 1839 0 R/Title(16.5.3. Testing Things Out)/Dest[1586 0 R/XYZ 0 383 0]/Prev 1841 0 R>>endobj
-1843 0 obj<</Parent 1828 0 R/Title(16.6. Limitations)/Dest[1600 0 R/XYZ 0 349 0]/Prev 1839 0 R/Next 1844 0 R>>endobj
-1844 0 obj<</Parent 1828 0 R/Title(16.7. Conclusion)/Dest[1602 0 R/XYZ 0 786 0]/Prev 1843 0 R>>endobj
-1845 0 obj<</Parent 1670 0 R/Count -4/First 1846 0 R/Last 1849 0 R/Title(Chapter 17. Passdb MySQL plugin)/Dest[1604 0 R/XYZ 0 786 0]/Prev 1828 0 R/Next 1850 0 R>>endobj
-1846 0 obj<</Parent 1845 0 R/Title(17.1. Building)/Dest[1604 0 R/XYZ 0 762 0]/Next 1847 0 R>>endobj
-1847 0 obj<</Parent 1845 0 R/Title(17.2. Configuring)/Dest[1604 0 R/XYZ 0 647 0]/Prev 1846 0 R/Next 1848 0 R>>endobj
-1848 0 obj<</Parent 1845 0 R/Title(17.3. Using plaintext passwords or encrypted password)/Dest[1606 0 R/XYZ 0 621 0]/Prev 1847 0 R/Next 1849 0 R>>endobj
-1849 0 obj<</Parent 1845 0 R/Title(17.4. Getting non-column data from the table)/Dest[1606 0 R/XYZ 0 467 0]/Prev 1848 0 R>>endobj
-1850 0 obj<</Parent 1670 0 R/Count -2/First 1851 0 R/Last 1852 0 R/Title(Chapter 18. Passdb XML plugin)/Dest[1608 0 R/XYZ 0 786 0]/Prev 1845 0 R/Next 1853 0 R>>endobj
-1851 0 obj<</Parent 1850 0 R/Title(18.1. Building)/Dest[1608 0 R/XYZ 0 762 0]/Next 1852 0 R>>endobj
-1852 0 obj<</Parent 1850 0 R/Title(18.2. Usage)/Dest[1608 0 R/XYZ 0 661 0]/Prev 1851 0 R>>endobj
-1853 0 obj<</Parent 1670 0 R/Count -10/First 1854 0 R/Last 1865 0 R/Title(Chapter 19. Storing Samba's User/Machine Account information in an LDAP Directory)/Dest[1610 0 R/XYZ 0 786 0]/Prev 1850 0 R/Next 1866 0 R>>endobj
-1854 0 obj<</Parent 1853 0 R/Title(19.1. Purpose)/Dest[1610 0 R/XYZ 0 738 0]/Next 1855 0 R>>endobj
-1855 0 obj<</Parent 1853 0 R/Title(19.2. Introduction)/Dest[1610 0 R/XYZ 0 465 0]/Prev 1854 0 R/Next 1856 0 R>>endobj
-1856 0 obj<</Parent 1853 0 R/Title(19.3. Supported LDAP Servers)/Dest[1612 0 R/XYZ 0 626 0]/Prev 1855 0 R/Next 1857 0 R>>endobj
-1857 0 obj<</Parent 1853 0 R/Title(19.4. Schema and Relationship to the RFC 2307 posixAccount)/Dest[1612 0 R/XYZ 0 524 0]/Prev 1856 0 R/Next 1858 0 R>>endobj
-1858 0 obj<</Parent 1853 0 R/Count -2/First 1859 0 R/Last 1860 0 R/Title(19.5. Configuring Samba with LDAP)/Dest[1614 0 R/XYZ 0 786 0]/Prev 1857 0 R/Next 1861 0 R>>endobj
-1859 0 obj<</Parent 1858 0 R/Title(19.5.1. OpenLDAP configuration)/Dest[1614 0 R/XYZ 0 766 0]/Next 1860 0 R>>endobj
-1860 0 obj<</Parent 1858 0 R/Title(19.5.2. Configuring Samba)/Dest[1614 0 R/XYZ 0 196 0]/Prev 1859 0 R>>endobj
-1861 0 obj<</Parent 1853 0 R/Title(19.6. Accounts and Groups management)/Dest[1616 0 R/XYZ 0 296 0]/Prev 1858 0 R/Next 1862 0 R>>endobj
-1862 0 obj<</Parent 1853 0 R/Title(19.7. Security and sambaAccount)/Dest[1618 0 R/XYZ 0 771 0]/Prev 1861 0 R/Next 1863 0 R>>endobj
-1863 0 obj<</Parent 1853 0 R/Title(19.8. LDAP specials attributes for sambaAccounts)/Dest[1618 0 R/XYZ 0 389 0]/Prev 1862 0 R/Next 1864 0 R>>endobj
-1864 0 obj<</Parent 1853 0 R/Title(19.9. Example LDIF Entries for a sambaAccount)/Dest[1620 0 R/XYZ 0 375 0]/Prev 1863 0 R/Next 1865 0 R>>endobj
-1865 0 obj<</Parent 1853 0 R/Title(19.10. Comments)/Dest[1622 0 R/XYZ 0 544 0]/Prev 1864 0 R>>endobj
-1866 0 obj<</Parent 1670 0 R/Count -2/First 1867 0 R/Last 1868 0 R/Title(Chapter 20. HOWTO Access Samba source code via CVS)/Dest[1624 0 R/XYZ 0 786 0]/Prev 1853 0 R/Next 1871 0 R>>endobj
-1867 0 obj<</Parent 1866 0 R/Title(20.1. Introduction)/Dest[1624 0 R/XYZ 0 738 0]/Next 1868 0 R>>endobj
-1868 0 obj<</Parent 1866 0 R/Count -2/First 1869 0 R/Last 1870 0 R/Title(20.2. CVS Access to samba.org)/Dest[1624 0 R/XYZ 0 610 0]/Prev 1867 0 R>>endobj
-1869 0 obj<</Parent 1868 0 R/Title(20.2.1. Access via CVSweb)/Dest[1624 0 R/XYZ 0 522 0]/Next 1870 0 R>>endobj
-1870 0 obj<</Parent 1868 0 R/Title(20.2.2. Access via cvs)/Dest[1624 0 R/XYZ 0 411 0]/Prev 1869 0 R>>endobj
-1871 0 obj<</Parent 1670 0 R/Title(Chapter 21. Group mapping HOWTO)/Dest[1628 0 R/XYZ 0 786 0]/Prev 1866 0 R/Next 1872 0 R>>endobj
-1872 0 obj<</Parent 1670 0 R/Count -17/First 1873 0 R/Last 1892 0 R/Title(Chapter 22. Samba performance issues)/Dest[1630 0 R/XYZ 0 786 0]/Prev 1871 0 R/Next 1893 0 R>>endobj
-1873 0 obj<</Parent 1872 0 R/Title(22.1. Comparisons)/Dest[1630 0 R/XYZ 0 762 0]/Next 1874 0 R>>endobj
-1874 0 obj<</Parent 1872 0 R/Count -3/First 1875 0 R/Last 1877 0 R/Title(22.2. Oplocks)/Dest[1630 0 R/XYZ 0 502 0]/Prev 1873 0 R/Next 1878 0 R>>endobj
-1875 0 obj<</Parent 1874 0 R/Title(22.2.1. Overview)/Dest[1630 0 R/XYZ 0 482 0]/Next 1876 0 R>>endobj
-1876 0 obj<</Parent 1874 0 R/Title(22.2.2. Level2 Oplocks)/Dest[1630 0 R/XYZ 0 199 0]/Prev 1875 0 R/Next 1877 0 R>>endobj
-1877 0 obj<</Parent 1874 0 R/Title(22.2.3. Old 'fake oplocks' option - deprecated)/Dest[1632 0 R/XYZ 0 705 0]/Prev 1876 0 R>>endobj
-1878 0 obj<</Parent 1872 0 R/Title(22.3. Socket options)/Dest[1632 0 R/XYZ 0 567 0]/Prev 1874 0 R/Next 1879 0 R>>endobj
-1879 0 obj<</Parent 1872 0 R/Title(22.4. Read size)/Dest[1632 0 R/XYZ 0 307 0]/Prev 1878 0 R/Next 1880 0 R>>endobj
-1880 0 obj<</Parent 1872 0 R/Title(22.5. Max xmit)/Dest[1634 0 R/XYZ 0 771 0]/Prev 1879 0 R/Next 1881 0 R>>endobj
-1881 0 obj<</Parent 1872 0 R/Title(22.6. Locking)/Dest[1634 0 R/XYZ 0 590 0]/Prev 1880 0 R/Next 1882 0 R>>endobj
-1882 0 obj<</Parent 1872 0 R/Title(22.7. Share modes)/Dest[1634 0 R/XYZ 0 462 0]/Prev 1881 0 R/Next 1883 0 R>>endobj
-1883 0 obj<</Parent 1872 0 R/Title(22.8. Log level)/Dest[1634 0 R/XYZ 0 242 0]/Prev 1882 0 R/Next 1884 0 R>>endobj
-1884 0 obj<</Parent 1872 0 R/Title(22.9. Wide lines)/Dest[1636 0 R/XYZ 0 786 0]/Prev 1883 0 R/Next 1885 0 R>>endobj
-1885 0 obj<</Parent 1872 0 R/Title(22.10. Read raw)/Dest[1636 0 R/XYZ 0 698 0]/Prev 1884 0 R/Next 1886 0 R>>endobj
-1886 0 obj<</Parent 1872 0 R/Title(22.11. Write raw)/Dest[1636 0 R/XYZ 0 530 0]/Prev 1885 0 R/Next 1887 0 R>>endobj
-1887 0 obj<</Parent 1872 0 R/Title(22.12. Read prediction)/Dest[1636 0 R/XYZ 0 402 0]/Prev 1886 0 R/Next 1888 0 R>>endobj
-1888 0 obj<</Parent 1872 0 R/Title(22.13. Memory mapping)/Dest[1636 0 R/XYZ 0 182 0]/Prev 1887 0 R/Next 1889 0 R>>endobj
-1889 0 obj<</Parent 1872 0 R/Title(22.14. Slow Clients)/Dest[1638 0 R/XYZ 0 692 0]/Prev 1888 0 R/Next 1890 0 R>>endobj
-1890 0 obj<</Parent 1872 0 R/Title(22.15. Slow Logins)/Dest[1638 0 R/XYZ 0 564 0]/Prev 1889 0 R/Next 1891 0 R>>endobj
-1891 0 obj<</Parent 1872 0 R/Title(22.16. Client tuning)/Dest[1638 0 R/XYZ 0 489 0]/Prev 1890 0 R/Next 1892 0 R>>endobj
-1892 0 obj<</Parent 1872 0 R/Title(22.17. My Results)/Dest[1640 0 R/XYZ 0 441 0]/Prev 1891 0 R>>endobj
-1893 0 obj<</Parent 1670 0 R/Title(IV. Appendixes)/Dest[1642 0 R/XYZ 0 786 0]/Prev 1872 0 R/Next 1894 0 R>>endobj
-1894 0 obj<</Parent 1670 0 R/Count -4/First 1895 0 R/Last 1898 0 R/Title(Chapter 23. Portability)/Dest[1644 0 R/XYZ 0 786 0]/Prev 1893 0 R/Next 1899 0 R>>endobj
-1895 0 obj<</Parent 1894 0 R/Title(23.1. HPUX)/Dest[1644 0 R/XYZ 0 707 0]/Next 1896 0 R>>endobj
-1896 0 obj<</Parent 1894 0 R/Title(23.2. SCO Unix)/Dest[1644 0 R/XYZ 0 461 0]/Prev 1895 0 R/Next 1897 0 R>>endobj
-1897 0 obj<</Parent 1894 0 R/Title(23.3. DNIX)/Dest[1644 0 R/XYZ 0 346 0]/Prev 1896 0 R/Next 1898 0 R>>endobj
-1898 0 obj<</Parent 1894 0 R/Title(23.4. RedHat Linux Rembrandt-II)/Dest[1646 0 R/XYZ 0 280 0]/Prev 1897 0 R>>endobj
-1899 0 obj<</Parent 1670 0 R/Count -5/First 1900 0 R/Last 1912 0 R/Title(Chapter 24. Samba and other CIFS clients)/Dest[1648 0 R/XYZ 0 786 0]/Prev 1894 0 R/Next 1913 0 R>>endobj
-1900 0 obj<</Parent 1899 0 R/Title(24.1. Macintosh clients?)/Dest[1648 0 R/XYZ 0 721 0]/Next 1901 0 R>>endobj
-1901 0 obj<</Parent 1899 0 R/Count -4/First 1902 0 R/Last 1905 0 R/Title(24.2. OS2 Client)/Dest[1648 0 R/XYZ 0 513 0]/Prev 1900 0 R/Next 1906 0 R>>endobj
-1902 0 obj<</Parent 1901 0 R/Title(24.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?)/Dest[1648 0 R/XYZ 0 493 0]/Next 1903 0 R>>endobj
-1903 0 obj<</Parent 1901 0 R/Title(24.2.2. How can I configure OS/2 Warp 3 \(not Connect\), OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[1650 0 R/XYZ 0 786 0]/Prev 1902 0 R/Next 1904 0 R>>endobj
-1904 0 obj<</Parent 1901 0 R/Title(24.2.3. Are there any other issues when OS/2 \(any version\) is used as a client?)/Dest[1650 0 R/XYZ 0 575 0]/Prev 1903 0 R/Next 1905 0 R>>endobj
-1905 0 obj<</Parent 1901 0 R/Title(24.2.4. How do I get printer driver download working for OS/2 clients?)/Dest[1650 0 R/XYZ 0 461 0]/Prev 1904 0 R>>endobj
-1906 0 obj<</Parent 1899 0 R/Count -4/First 1907 0 R/Last 1910 0 R/Title(24.3. Windows for Workgroups)/Dest[1650 0 R/XYZ 0 204 0]/Prev 1901 0 R/Next 1911 0 R>>endobj
-1907 0 obj<</Parent 1906 0 R/Title(24.3.1. Use latest TCP/IP stack from Microsoft)/Dest[1650 0 R/XYZ 0 184 0]/Next 1908 0 R>>endobj
-1908 0 obj<</Parent 1906 0 R/Title(24.3.2. Delete .pwl files after password change)/Dest[1652 0 R/XYZ 0 679 0]/Prev 1907 0 R/Next 1909 0 R>>endobj
-1909 0 obj<</Parent 1906 0 R/Title(24.3.3. Configure WfW password handling)/Dest[1652 0 R/XYZ 0 528 0]/Prev 1908 0 R/Next 1910 0 R>>endobj
-1910 0 obj<</Parent 1906 0 R/Title(24.3.4. Case handling of passwords)/Dest[1652 0 R/XYZ 0 430 0]/Prev 1909 0 R>>endobj
-1911 0 obj<</Parent 1899 0 R/Title(24.4. Windows '95/'98)/Dest[1652 0 R/XYZ 0 345 0]/Prev 1906 0 R/Next 1912 0 R>>endobj
-1912 0 obj<</Parent 1899 0 R/Title(24.5. Windows 2000 Service Pack 2)/Dest[1654 0 R/XYZ 0 771 0]/Prev 1911 0 R>>endobj
-1913 0 obj<</Parent 1670 0 R/Count -6/First 1914 0 R/Last 1919 0 R/Title(Chapter 25. Reporting Bugs)/Dest[1656 0 R/XYZ 0 786 0]/Prev 1899 0 R/Next 1920 0 R>>endobj
-1914 0 obj<</Parent 1913 0 R/Title(25.1. Introduction)/Dest[1656 0 R/XYZ 0 762 0]/Next 1915 0 R>>endobj
-1915 0 obj<</Parent 1913 0 R/Title(25.2. General info)/Dest[1656 0 R/XYZ 0 476 0]/Prev 1914 0 R/Next 1916 0 R>>endobj
-1916 0 obj<</Parent 1913 0 R/Title(25.3. Debug levels)/Dest[1656 0 R/XYZ 0 335 0]/Prev 1915 0 R/Next 1917 0 R>>endobj
-1917 0 obj<</Parent 1913 0 R/Title(25.4. Internal errors)/Dest[1658 0 R/XYZ 0 665 0]/Prev 1916 0 R/Next 1918 0 R>>endobj
-1918 0 obj<</Parent 1913 0 R/Title(25.5. Attaching to a running process)/Dest[1658 0 R/XYZ 0 313 0]/Prev 1917 0 R/Next 1919 0 R>>endobj
-1919 0 obj<</Parent 1913 0 R/Title(25.6. Patches)/Dest[1658 0 R/XYZ 0 211 0]/Prev 1918 0 R>>endobj
-1920 0 obj<</Parent 1670 0 R/Count -4/First 1921 0 R/Last 1935 0 R/Title(Chapter 26. Diagnosing your samba server)/Dest[1660 0 R/XYZ 0 786 0]/Prev 1913 0 R>>endobj
-1921 0 obj<</Parent 1920 0 R/Title(26.1. Introduction)/Dest[1660 0 R/XYZ 0 762 0]/Next 1922 0 R>>endobj
-1922 0 obj<</Parent 1920 0 R/Title(26.2. Assumptions)/Dest[1660 0 R/XYZ 0 581 0]/Prev 1921 0 R/Next 1923 0 R>>endobj
-1923 0 obj<</Parent 1920 0 R/Count -11/First 1924 0 R/Last 1934 0 R/Title(26.3. Tests)/Dest[1660 0 R/XYZ 0 252 0]/Prev 1922 0 R/Next 1935 0 R>>endobj
-1924 0 obj<</Parent 1923 0 R/Title(26.3.1. Test 1)/Dest[1660 0 R/XYZ 0 231 0]/Next 1925 0 R>>endobj
-1925 0 obj<</Parent 1923 0 R/Title(26.3.2. Test 2)/Dest[1662 0 R/XYZ 0 786 0]/Prev 1924 0 R/Next 1926 0 R>>endobj
-1926 0 obj<</Parent 1923 0 R/Title(26.3.3. Test 3)/Dest[1662 0 R/XYZ 0 583 0]/Prev 1925 0 R/Next 1927 0 R>>endobj
-1927 0 obj<</Parent 1923 0 R/Title(26.3.4. Test 4)/Dest[1664 0 R/XYZ 0 679 0]/Prev 1926 0 R/Next 1928 0 R>>endobj
-1928 0 obj<</Parent 1923 0 R/Title(26.3.5. Test 5)/Dest[1664 0 R/XYZ 0 528 0]/Prev 1927 0 R/Next 1929 0 R>>endobj
-1929 0 obj<</Parent 1923 0 R/Title(26.3.6. Test 6)/Dest[1664 0 R/XYZ 0 403 0]/Prev 1928 0 R/Next 1930 0 R>>endobj
-1930 0 obj<</Parent 1923 0 R/Title(26.3.7. Test 7)/Dest[1666 0 R/XYZ 0 786 0]/Prev 1929 0 R/Next 1931 0 R>>endobj
-1931 0 obj<</Parent 1923 0 R/Title(26.3.8. Test 8)/Dest[1666 0 R/XYZ 0 424 0]/Prev 1930 0 R/Next 1932 0 R>>endobj
-1932 0 obj<</Parent 1923 0 R/Title(26.3.9. Test 9)/Dest[1668 0 R/XYZ 0 758 0]/Prev 1931 0 R/Next 1933 0 R>>endobj
-1933 0 obj<</Parent 1923 0 R/Title(26.3.10. Test 10)/Dest[1668 0 R/XYZ 0 567 0]/Prev 1932 0 R/Next 1934 0 R>>endobj
-1934 0 obj<</Parent 1923 0 R/Title(26.3.11. Test 11)/Dest[1668 0 R/XYZ 0 430 0]/Prev 1933 0 R>>endobj
-1935 0 obj<</Parent 1920 0 R/Title(26.4. Still having troubles?)/Dest[1668 0 R/XYZ 0 292 0]/Prev 1923 0 R>>endobj
-1936 0 obj<</Type/Catalog/Pages 1367 0 R/PageLayout/SinglePage/Outlines 1670 0 R/OpenAction[1384 0 R/XYZ null null 0]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>8<</S/D/St 1/P()>>9<</S/D/St 2/P()>>13<</S/D/St 6/P()>>14<</S/D/St 7/P()>>16<</S/D/St 9/P()>>23<</S/D/St 16/P()>>32<</S/D/St 25/P()>>33<</S/D/St 26/P()>>37<</S/D/St 30/P()>>40<</S/D/St 33/P()>>41<</S/D/St 34/P()>>42<</S/D/St 35/P()>>59<</S/D/St 52/P()>>62<</S/D/St 55/P()>>65<</S/D/St 58/P()>>68<</S/D/St 61/P()>>69<</S/D/St 62/P()>>72<</S/D/St 65/P()>>82<</S/D/St 75/P()>>87<</S/D/St 80/P()>>90<</S/D/St 83/P()>>92<</S/D/St 85/P()>>103<</S/D/St 96/P()>>105<</S/D/St 98/P()>>118<</S/D/St 111/P()>>120<</S/D/St 113/P()>>121<</S/D/St 114/P()>>128<</S/D/St 121/P()>>130<</S/D/St 123/P()>>131<</S/D/St 124/P()>>137<</S/D/St 130/P()>>138<</S/D/St 131/P()>>140<</S/D/St 133/P()>>144<</S/D/St 137/P()>>146<</S/D/St 139/P()>>]>>>>endobj
+›gÁÛ<…
.“þpŒ‚³€"íj:ó¯í\Ùuÿ¡1T/5Ŷ(”Iü[§m€}‚jœ¦ïïé	>Ü\?^>üvùðôÝÞšìô»mÈ-m“'4×TV¶(k�HŠJåÜÊV	»3œTû*[Ðq8B9ÐõÚx8®2×lÅ5q¬�K›<_÷¨À¥Zè€nR2¶Þ­èþgr6­W
+DÈe&¶U¥ã:_ãÚÕ(.ŒÙªãVŠìŠy[“œ¨Pß4ÜÞ¼Õ”HPêŠF)
"œÌ”gF³[ÚZãHÚ ‚Öípâ1º©ß8Xr–Jë\6äõRI:ätõÌf•yS*÷�lƒ~H*2ªÀÛ–ýä'%Ux[Eî)Lq
‡Ñ€õ¢“¶J	šzböœ>
㻋ÛË[ç³ÔEù'ŒÆuf
Ùt—Ú
+‰kêíN´ÞØÇ×q'Up¥5Ifë[b0'êu©A•¿¥ª+Y¤ÙwT—fá$ÓB­ÁN@É
nÜ
ª²Ä+·¶äÀ_ÖžŠl±ݸþ ,[ŠØ.ÖmÛYö8mGÚÄÕZh½‰"Jw©ž%ã“«]µïoéïè¼�±|c'}&�¿!¥èo¸Ôy`7•¡¬¦¹ŠÁô²EѾKªÿ,
+�9¯
+áàÐ úðÿÉB1Ï­ýÖ”t|KÑåctýð˧®€ªLŽíã
…· —›i½¨,qÍ9˜=)U1W›^àB'ìÊ¡Ï@Ë­é@{XB¤ìáæž@ò
+rÁÄå;…r5Úg^Á
+þ‡Ävü
+üÛÈ^Ð&¬Ëm	{^?uÞvúŒe
+\p”*h8ØüY
!¶™¦––mûwÑ/_èó\sG8~o³Z“Z¨ÌH/dÝÒ¸:Ës±ö¥œÎF612Ôjˆ$É–}øÖaš¢¢p¾©€n÷UîU*—•N5´T¦ÄNmAÏi­Ý!ŸúÌGmD;%@eh[)¤¾Ô²\ÕMù_´
7´
Ýli{…‘ã'†ÆÊ‚:"¶ÀïeUƒQºÏ®vtAB´ª¸8Ì–ödž
$H8™ÛXåÒlùâg4µF&¹RÇYšA«ö
+þôö€³�%êo)±
_AzÚ–†©½žéøõéˆùѹ‰Ô-1w00 Y›Ú¹š™g•gÉVŽzD±S WýPNDòý5.žˆlÝq[5Æ0¯Ð�w‘x÷dEÇvEßv¯0€ûÂ0)º2
+é-Õ<˳ÌGŸƒ(+{Çu®ŸuÎÓ¨©øÝÂ&¼0Z8"ú­3”àji›}5Þž:o%…mïKïÅÝGk§à�oO¼ÐïV�¾ÜE_nUŒ	Õ΀ͮ%z.¼Ù¨¸Pô–”APY
GWÑåƒì?¨	
+ÊÜiÊÒV]-àñ5O}éWF‚ÙÈýÍ;%ˆç3Äʈ�×ÐãÑx»2Žzq�JŽPgÐÑýxX)i9,ËØØ"n18( v|Âû‰^9ÑvÉ@Ê[š¡Ñ*§^?„çL–zmn·ô9÷Ošfq†W}—¶ö9Ž=ñoØ‘x€Ãn¼D›±¢pcÿ$Ÿ�­0ȃ´âª° ¶šó¥7Í|[²ô"–fîâ*ãuÀ×íßÜ.5·(ÌpþÞÔJÏÑ\دiY×åû““mþªM`³^ðö±¯Ù~›Ll,
À–E¥JŒxþÁ�ß²„üð™�h2z/n?\Ð}e¿òRøÑÆM�_Š7 >y¼9p<œ½þ3a<™“Ó!ˆ
tÃñ˜�]FG¿ý
ßä:ýendstream
+endobj
+1677 0 obj<</Count 34/First 1678 0 R/Last 1932 0 R>>endobj
+1678 0 obj<</Parent 1677 0 R/Title(Table of Contents)/Dest[1375 0 R/XYZ 0 756 0]/Next 1679 0 R>>endobj
+1679 0 obj<</Parent 1677 0 R/Count -1/First 1680 0 R/Last 1680 0 R/Title(SAMBA Project Documentation)/Dest[1389 0 R/XYZ 0 786 0]/Prev 1678 0 R/Next 1681 0 R>>endobj
+1680 0 obj<</Parent 1679 0 R/Title(SAMBA Team)/Dest[1389 0 R/XYZ 0 762 0]>>endobj
+1681 0 obj<</Parent 1677 0 R/Title(Abstract)/Dest[1391 0 R/XYZ 0 786 0]/Prev 1679 0 R/Next 1682 0 R>>endobj
+1682 0 obj<</Parent 1677 0 R/Title(I. General installation)/Dest[1399 0 R/XYZ 0 786 0]/Prev 1681 0 R/Next 1683 0 R>>endobj
+1683 0 obj<</Parent 1677 0 R/Title(Introduction)/Dest[1401 0 R/XYZ 0 786 0]/Prev 1682 0 R/Next 1684 0 R>>endobj
+1684 0 obj<</Parent 1677 0 R/Count -10/First 1685 0 R/Last 1696 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[1405 0 R/XYZ 0 786 0]/Prev 1683 0 R/Next 1703 0 R>>endobj
+1685 0 obj<</Parent 1684 0 R/Title(1.1. Read the man pages)/Dest[1405 0 R/XYZ 0 762 0]/Next 1686 0 R>>endobj
+1686 0 obj<</Parent 1684 0 R/Title(1.2. Building the Binaries)/Dest[1405 0 R/XYZ 0 621 0]/Prev 1685 0 R/Next 1687 0 R>>endobj
+1687 0 obj<</Parent 1684 0 R/Title(1.3. The all important step)/Dest[1405 0 R/XYZ 0 216 0]/Prev 1686 0 R/Next 1688 0 R>>endobj
+1688 0 obj<</Parent 1684 0 R/Title(1.4. Create the smb configuration file.)/Dest[1407 0 R/XYZ 0 786 0]/Prev 1687 0 R/Next 1689 0 R>>endobj
+1689 0 obj<</Parent 1684 0 R/Title(1.5. Test your config file with testparm)/Dest[1407 0 R/XYZ 0 437 0]/Prev 1688 0 R/Next 1690 0 R>>endobj
+1690 0 obj<</Parent 1684 0 R/Count -2/First 1691 0 R/Last 1692 0 R/Title(1.6. Starting the smbd and nmbd)/Dest[1407 0 R/XYZ 0 309 0]/Prev 1689 0 R/Next 1693 0 R>>endobj
+1691 0 obj<</Parent 1690 0 R/Title(1.6.1. Starting from inetd.conf)/Dest[1409 0 R/XYZ 0 786 0]/Next 1692 0 R>>endobj
+1692 0 obj<</Parent 1690 0 R/Title(1.6.2. Alternative: starting it as a daemon)/Dest[1409 0 R/XYZ 0 299 0]/Prev 1691 0 R>>endobj
+1693 0 obj<</Parent 1684 0 R/Title(1.7. Try listing the shares available on your server)/Dest[1411 0 R/XYZ 0 718 0]/Prev 1690 0 R/Next 1694 0 R>>endobj
+1694 0 obj<</Parent 1684 0 R/Title(1.8. Try connecting with the unix client)/Dest[1411 0 R/XYZ 0 551 0]/Prev 1693 0 R/Next 1695 0 R>>endobj
+1695 0 obj<</Parent 1684 0 R/Title(1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client)/Dest[1411 0 R/XYZ 0 383 0]/Prev 1694 0 R/Next 1696 0 R>>endobj
+1696 0 obj<</Parent 1684 0 R/Count -6/First 1697 0 R/Last 1702 0 R/Title(1.10. What If Things Don't Work?)/Dest[1413 0 R/XYZ 0 786 0]/Prev 1695 0 R>>endobj
+1697 0 obj<</Parent 1696 0 R/Title(1.10.1. Diagnosing Problems)/Dest[1413 0 R/XYZ 0 605 0]/Next 1698 0 R>>endobj
+1698 0 obj<</Parent 1696 0 R/Title(1.10.2. Scope IDs)/Dest[1413 0 R/XYZ 0 547 0]/Prev 1697 0 R/Next 1699 0 R>>endobj
+1699 0 obj<</Parent 1696 0 R/Title(1.10.3. Choosing the Protocol Level)/Dest[1413 0 R/XYZ 0 462 0]/Prev 1698 0 R/Next 1700 0 R>>endobj
+1700 0 obj<</Parent 1696 0 R/Title(1.10.4. Printing from UNIX to a Client PC)/Dest[1415 0 R/XYZ 0 786 0]/Prev 1699 0 R/Next 1701 0 R>>endobj
+1701 0 obj<</Parent 1696 0 R/Title(1.10.5. Locking)/Dest[1415 0 R/XYZ 0 635 0]/Prev 1700 0 R/Next 1702 0 R>>endobj
+1702 0 obj<</Parent 1696 0 R/Title(1.10.6. Mapping Usernames)/Dest[1415 0 R/XYZ 0 181 0]/Prev 1701 0 R>>endobj
+1703 0 obj<</Parent 1677 0 R/Count -6/First 1704 0 R/Last 1709 0 R/Title(Chapter 2. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide)/Dest[1419 0 R/XYZ 0 786 0]/Prev 1684 0 R/Next 1710 0 R>>endobj
+1704 0 obj<</Parent 1703 0 R/Title(2.1. Discussion)/Dest[1419 0 R/XYZ 0 657 0]/Next 1705 0 R>>endobj
+1705 0 obj<</Parent 1703 0 R/Title(2.2. Use of the "Remote Announce" parameter)/Dest[1419 0 R/XYZ 0 212 0]/Prev 1704 0 R/Next 1706 0 R>>endobj
+1706 0 obj<</Parent 1703 0 R/Title(2.3. Use of the "Remote Browse Sync" parameter)/Dest[1421 0 R/XYZ 0 562 0]/Prev 1705 0 R/Next 1707 0 R>>endobj
+1707 0 obj<</Parent 1703 0 R/Title(2.4. Use of WINS)/Dest[1421 0 R/XYZ 0 384 0]/Prev 1706 0 R/Next 1708 0 R>>endobj
+1708 0 obj<</Parent 1703 0 R/Title(2.5. Do NOT use more than one \(1\) protocol on MS Windows machines)/Dest[1423 0 R/XYZ 0 547 0]/Prev 1707 0 R/Next 1709 0 R>>endobj
+1709 0 obj<</Parent 1703 0 R/Title(2.6. Name Resolution Order)/Dest[1423 0 R/XYZ 0 266 0]/Prev 1708 0 R>>endobj
+1710 0 obj<</Parent 1677 0 R/Count -8/First 1711 0 R/Last 1734 0 R/Title(Chapter 3. User information database)/Dest[1427 0 R/XYZ 0 786 0]/Prev 1703 0 R/Next 1737 0 R>>endobj
+1711 0 obj<</Parent 1710 0 R/Title(3.1. Introduction)/Dest[1427 0 R/XYZ 0 762 0]/Next 1712 0 R>>endobj
+1712 0 obj<</Parent 1710 0 R/Count -2/First 1713 0 R/Last 1714 0 R/Title(3.2. Important Notes About Security)/Dest[1427 0 R/XYZ 0 502 0]/Prev 1711 0 R/Next 1715 0 R>>endobj
+1713 0 obj<</Parent 1712 0 R/Title(3.2.1. Advantages of SMB Encryption)/Dest[1429 0 R/XYZ 0 729 0]/Next 1714 0 R>>endobj
+1714 0 obj<</Parent 1712 0 R/Title(3.2.2. Advantages of non-encrypted passwords)/Dest[1429 0 R/XYZ 0 612 0]/Prev 1713 0 R>>endobj
+1715 0 obj<</Parent 1710 0 R/Title(3.3. The smbpasswd Command)/Dest[1429 0 R/XYZ 0 505 0]/Prev 1712 0 R/Next 1716 0 R>>endobj
+1716 0 obj<</Parent 1710 0 R/Title(3.4. Plain text)/Dest[1431 0 R/XYZ 0 692 0]/Prev 1715 0 R/Next 1717 0 R>>endobj
+1717 0 obj<</Parent 1710 0 R/Title(3.5. TDB)/Dest[1431 0 R/XYZ 0 603 0]/Prev 1716 0 R/Next 1718 0 R>>endobj
+1718 0 obj<</Parent 1710 0 R/Count -9/First 1719 0 R/Last 1727 0 R/Title(3.6. LDAP)/Dest[1431 0 R/XYZ 0 528 0]/Prev 1717 0 R/Next 1728 0 R>>endobj
+1719 0 obj<</Parent 1718 0 R/Title(3.6.1. Introduction)/Dest[1431 0 R/XYZ 0 508 0]/Next 1720 0 R>>endobj
+1720 0 obj<</Parent 1718 0 R/Title(3.6.2. Introduction)/Dest[1431 0 R/XYZ 0 238 0]/Prev 1719 0 R/Next 1721 0 R>>endobj
+1721 0 obj<</Parent 1718 0 R/Title(3.6.3. Supported LDAP Servers)/Dest[1433 0 R/XYZ 0 401 0]/Prev 1720 0 R/Next 1722 0 R>>endobj
+1722 0 obj<</Parent 1718 0 R/Title(3.6.4. Schema and Relationship to the RFC 2307 posixAccount)/Dest[1433 0 R/XYZ 0 303 0]/Prev 1721 0 R/Next 1723 0 R>>endobj
+1723 0 obj<</Parent 1718 0 R/Title(3.6.5. Configuring Samba with LDAP)/Dest[1435 0 R/XYZ 0 599 0]/Prev 1722 0 R/Next 1724 0 R>>endobj
+1724 0 obj<</Parent 1718 0 R/Title(3.6.6. Accounts and Groups management)/Dest[1439 0 R/XYZ 0 786 0]/Prev 1723 0 R/Next 1725 0 R>>endobj
+1725 0 obj<</Parent 1718 0 R/Title(3.6.7. Security and sambaAccount)/Dest[1439 0 R/XYZ 0 596 0]/Prev 1724 0 R/Next 1726 0 R>>endobj
+1726 0 obj<</Parent 1718 0 R/Title(3.6.8. LDAP specials attributes for sambaAccounts)/Dest[1439 0 R/XYZ 0 217 0]/Prev 1725 0 R/Next 1727 0 R>>endobj
+1727 0 obj<</Parent 1718 0 R/Title(3.6.9. Example LDIF Entries for a sambaAccount)/Dest[1441 0 R/XYZ 0 203 0]/Prev 1726 0 R>>endobj
+1728 0 obj<</Parent 1710 0 R/Count -5/First 1729 0 R/Last 1733 0 R/Title(3.7. MySQL)/Dest[1443 0 R/XYZ 0 375 0]/Prev 1718 0 R/Next 1734 0 R>>endobj
+1729 0 obj<</Parent 1728 0 R/Title(3.7.1. Building)/Dest[1443 0 R/XYZ 0 355 0]/Next 1730 0 R>>endobj
+1730 0 obj<</Parent 1728 0 R/Title(3.7.2. Creating the database)/Dest[1443 0 R/XYZ 0 244 0]/Prev 1729 0 R/Next 1731 0 R>>endobj
+1731 0 obj<</Parent 1728 0 R/Title(3.7.3. Configuring)/Dest[1445 0 R/XYZ 0 786 0]/Prev 1730 0 R/Next 1732 0 R>>endobj
+1732 0 obj<</Parent 1728 0 R/Title(3.7.4. Using plaintext passwords or encrypted password)/Dest[1447 0 R/XYZ 0 731 0]/Prev 1731 0 R/Next 1733 0 R>>endobj
+1733 0 obj<</Parent 1728 0 R/Title(3.7.5. Getting non-column data from the table)/Dest[1447 0 R/XYZ 0 581 0]/Prev 1732 0 R>>endobj
+1734 0 obj<</Parent 1710 0 R/Count -2/First 1735 0 R/Last 1736 0 R/Title(3.8. Passdb XML plugin)/Dest[1447 0 R/XYZ 0 443 0]/Prev 1728 0 R>>endobj
+1735 0 obj<</Parent 1734 0 R/Title(3.8.1. Building)/Dest[1447 0 R/XYZ 0 423 0]/Next 1736 0 R>>endobj
+1736 0 obj<</Parent 1734 0 R/Title(3.8.2. Usage)/Dest[1447 0 R/XYZ 0 325 0]/Prev 1735 0 R>>endobj
+1737 0 obj<</Parent 1677 0 R/Title(II. Type of installation)/Dest[1449 0 R/XYZ 0 786 0]/Prev 1710 0 R/Next 1738 0 R>>endobj
+1738 0 obj<</Parent 1677 0 R/Title(Introduction)/Dest[1451 0 R/XYZ 0 786 0]/Prev 1737 0 R/Next 1739 0 R>>endobj
+1739 0 obj<</Parent 1677 0 R/Title(Chapter 4. User and Share security level \(for servers not in a domain\))/Dest[1453 0 R/XYZ 0 786 0]/Prev 1738 0 R/Next 1740 0 R>>endobj
+1740 0 obj<</Parent 1677 0 R/Count -9/First 1741 0 R/Last 1754 0 R/Title(Chapter 5. Samba as a NT4 or Win2k Primary Domain Controller)/Dest[1457 0 R/XYZ 0 786 0]/Prev 1739 0 R/Next 1755 0 R>>endobj
+1741 0 obj<</Parent 1740 0 R/Title(5.1. Prerequisite Reading)/Dest[1457 0 R/XYZ 0 738 0]/Next 1742 0 R>>endobj
+1742 0 obj<</Parent 1740 0 R/Title(5.2. Background)/Dest[1457 0 R/XYZ 0 637 0]/Prev 1741 0 R/Next 1743 0 R>>endobj
+1743 0 obj<</Parent 1740 0 R/Title(5.3. Configuring the Samba Domain Controller)/Dest[1459 0 R/XYZ 0 771 0]/Prev 1742 0 R/Next 1744 0 R>>endobj
+1744 0 obj<</Parent 1740 0 R/Count -3/First 1745 0 R/Last 1747 0 R/Title(5.4. Creating Machine Trust Accounts and Joining Clients to the Domain)/Dest[1461 0 R/XYZ 0 665 0]/Prev 1743 0 R/Next 1748 0 R>>endobj
+1745 0 obj<</Parent 1744 0 R/Title(5.4.1. Manual Creation of Machine Trust Accounts)/Dest[1461 0 R/XYZ 0 279 0]/Next 1746 0 R>>endobj
+1746 0 obj<</Parent 1744 0 R/Title(5.4.2. "On-the-Fly" Creation of Machine Trust Accounts)/Dest[1463 0 R/XYZ 0 368 0]/Prev 1745 0 R/Next 1747 0 R>>endobj
+1747 0 obj<</Parent 1744 0 R/Title(5.4.3. Joining the Client to the Domain)/Dest[1465 0 R/XYZ 0 786 0]/Prev 1746 0 R>>endobj
+1748 0 obj<</Parent 1740 0 R/Title(5.5. Common Problems and Errors)/Dest[1465 0 R/XYZ 0 437 0]/Prev 1744 0 R/Next 1749 0 R>>endobj
+1749 0 obj<</Parent 1740 0 R/Title(5.6. System Policies and Profiles)/Dest[1467 0 R/XYZ 0 182 0]/Prev 1748 0 R/Next 1750 0 R>>endobj
+1750 0 obj<</Parent 1740 0 R/Title(5.7. What other help can I get?)/Dest[1469 0 R/XYZ 0 177 0]/Prev 1749 0 R/Next 1751 0 R>>endobj
+1751 0 obj<</Parent 1740 0 R/Count -2/First 1752 0 R/Last 1753 0 R/Title(5.8. Domain Control for Windows 9x/ME)/Dest[1475 0 R/XYZ 0 560 0]/Prev 1750 0 R/Next 1754 0 R>>endobj
+1752 0 obj<</Parent 1751 0 R/Title(5.8.1. Configuration Instructions: Network Logons)/Dest[1477 0 R/XYZ 0 573 0]/Next 1753 0 R>>endobj
+1753 0 obj<</Parent 1751 0 R/Title(5.8.2. Configuration Instructions: Setting up Roaming User Profiles)/Dest[1479 0 R/XYZ 0 786 0]/Prev 1752 0 R>>endobj
+1754 0 obj<</Parent 1740 0 R/Title(5.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[1487 0 R/XYZ 0 786 0]/Prev 1751 0 R>>endobj
+1755 0 obj<</Parent 1677 0 R/Count -5/First 1756 0 R/Last 1762 0 R/Title(Chapter 6. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain)/Dest[1491 0 R/XYZ 0 786 0]/Prev 1740 0 R/Next 1765 0 R>>endobj
+1756 0 obj<</Parent 1755 0 R/Title(6.1. Prerequisite Reading)/Dest[1491 0 R/XYZ 0 738 0]/Next 1757 0 R>>endobj
+1757 0 obj<</Parent 1755 0 R/Title(6.2. Background)/Dest[1491 0 R/XYZ 0 650 0]/Prev 1756 0 R/Next 1758 0 R>>endobj
+1758 0 obj<</Parent 1755 0 R/Count -2/First 1759 0 R/Last 1760 0 R/Title(6.3. What qualifies a Domain Controller on the network?)/Dest[1491 0 R/XYZ 0 278 0]/Prev 1757 0 R/Next 1761 0 R>>endobj
+1759 0 obj<</Parent 1758 0 R/Title(6.3.1. How does a Workstation find its domain controller?)/Dest[1493 0 R/XYZ 0 786 0]/Next 1760 0 R>>endobj
+1760 0 obj<</Parent 1758 0 R/Title(6.3.2. When is the PDC needed?)/Dest[1493 0 R/XYZ 0 662 0]/Prev 1759 0 R>>endobj
+1761 0 obj<</Parent 1755 0 R/Title(6.4. Can Samba be a Backup Domain Controller to an NT PDC?)/Dest[1493 0 R/XYZ 0 577 0]/Prev 1758 0 R/Next 1762 0 R>>endobj
+1762 0 obj<</Parent 1755 0 R/Count -2/First 1763 0 R/Last 1764 0 R/Title(6.5. How do I set up a Samba BDC?)/Dest[1493 0 R/XYZ 0 376 0]/Prev 1761 0 R>>endobj
+1763 0 obj<</Parent 1762 0 R/Title(6.5.1. How do I replicate the smbpasswd file?)/Dest[1495 0 R/XYZ 0 593 0]/Next 1764 0 R>>endobj
+1764 0 obj<</Parent 1762 0 R/Title(6.5.2. Can I do this all with LDAP?)/Dest[1495 0 R/XYZ 0 443 0]/Prev 1763 0 R>>endobj
+1765 0 obj<</Parent 1677 0 R/Count -8/First 1766 0 R/Last 1774 0 R/Title(Chapter 7. Samba as a ADS domain member)/Dest[1497 0 R/XYZ 0 786 0]/Prev 1755 0 R/Next 1775 0 R>>endobj
+1766 0 obj<</Parent 1765 0 R/Title(7.1. Installing the required packages for Debian)/Dest[1497 0 R/XYZ 0 604 0]/Next 1767 0 R>>endobj
+1767 0 obj<</Parent 1765 0 R/Title(7.2. Installing the required packages for RedHat)/Dest[1497 0 R/XYZ 0 496 0]/Prev 1766 0 R/Next 1768 0 R>>endobj
+1768 0 obj<</Parent 1765 0 R/Title(7.3. Compile Samba)/Dest[1497 0 R/XYZ 0 320 0]/Prev 1767 0 R/Next 1769 0 R>>endobj
+1769 0 obj<</Parent 1765 0 R/Title(7.4. Setup your /etc/krb5.conf)/Dest[1499 0 R/XYZ 0 633 0]/Prev 1768 0 R/Next 1770 0 R>>endobj
+1770 0 obj<</Parent 1765 0 R/Count -1/First 1771 0 R/Last 1771 0 R/Title(7.5. Create the computer account)/Dest[1499 0 R/XYZ 0 317 0]/Prev 1769 0 R/Next 1772 0 R>>endobj
+1771 0 obj<</Parent 1770 0 R/Title(7.5.1. Possible errors)/Dest[1499 0 R/XYZ 0 255 0]>>endobj
+1772 0 obj<</Parent 1765 0 R/Title(7.6. Test your server setup)/Dest[1501 0 R/XYZ 0 786 0]/Prev 1770 0 R/Next 1773 0 R>>endobj
+1773 0 obj<</Parent 1765 0 R/Title(7.7. Testing with smbclient)/Dest[1501 0 R/XYZ 0 698 0]/Prev 1772 0 R/Next 1774 0 R>>endobj
+1774 0 obj<</Parent 1765 0 R/Title(7.8. Notes)/Dest[1501 0 R/XYZ 0 623 0]/Prev 1773 0 R>>endobj
+1775 0 obj<</Parent 1677 0 R/Count -3/First 1776 0 R/Last 1778 0 R/Title(Chapter 8. Samba as a NT4 or Win2k domain member)/Dest[1503 0 R/XYZ 0 786 0]/Prev 1765 0 R/Next 1779 0 R>>endobj
+1776 0 obj<</Parent 1775 0 R/Title(8.1. Joining an NT Domain with Samba 3.0)/Dest[1503 0 R/XYZ 0 738 0]/Next 1777 0 R>>endobj
+1777 0 obj<</Parent 1775 0 R/Title(8.2. Samba and Windows 2000 Domains)/Dest[1505 0 R/XYZ 0 547 0]/Prev 1776 0 R/Next 1778 0 R>>endobj
+1778 0 obj<</Parent 1775 0 R/Title(8.3. Why is this better than security = server?)/Dest[1505 0 R/XYZ 0 458 0]/Prev 1777 0 R>>endobj
+1779 0 obj<</Parent 1677 0 R/Title(III. Optional configuration)/Dest[1509 0 R/XYZ 0 786 0]/Prev 1775 0 R/Next 1780 0 R>>endobj
+1780 0 obj<</Parent 1677 0 R/Title(Introduction)/Dest[1511 0 R/XYZ 0 786 0]/Prev 1779 0 R/Next 1781 0 R>>endobj
+1781 0 obj<</Parent 1677 0 R/Count -6/First 1782 0 R/Last 1799 0 R/Title(Chapter 9. Integrating MS Windows networks with Samba)/Dest[1517 0 R/XYZ 0 786 0]/Prev 1780 0 R/Next 1800 0 R>>endobj
+1782 0 obj<</Parent 1781 0 R/Title(9.1. Agenda)/Dest[1517 0 R/XYZ 0 738 0]/Next 1783 0 R>>endobj
+1783 0 obj<</Parent 1781 0 R/Count -4/First 1784 0 R/Last 1787 0 R/Title(9.2. Name Resolution in a pure Unix/Linux world)/Dest[1517 0 R/XYZ 0 491 0]/Prev 1782 0 R/Next 1788 0 R>>endobj
+1784 0 obj<</Parent 1783 0 R/Title(9.2.1. /etc/hosts)/Dest[1517 0 R/XYZ 0 363 0]/Next 1785 0 R>>endobj
+1785 0 obj<</Parent 1783 0 R/Title(9.2.2. /etc/resolv.conf)/Dest[1519 0 R/XYZ 0 494 0]/Prev 1784 0 R/Next 1786 0 R>>endobj
+1786 0 obj<</Parent 1783 0 R/Title(9.2.3. /etc/host.conf)/Dest[1519 0 R/XYZ 0 356 0]/Prev 1785 0 R/Next 1787 0 R>>endobj
+1787 0 obj<</Parent 1783 0 R/Title(9.2.4. /etc/nsswitch.conf)/Dest[1519 0 R/XYZ 0 210 0]/Prev 1786 0 R>>endobj
+1788 0 obj<</Parent 1781 0 R/Count -5/First 1789 0 R/Last 1793 0 R/Title(9.3. Name resolution as used within MS Windows networking)/Dest[1521 0 R/XYZ 0 392 0]/Prev 1783 0 R/Next 1794 0 R>>endobj
+1789 0 obj<</Parent 1788 0 R/Title(9.3.1. The NetBIOS Name Cache)/Dest[1523 0 R/XYZ 0 319 0]/Next 1790 0 R>>endobj
+1790 0 obj<</Parent 1788 0 R/Title(9.3.2. The LMHOSTS file)/Dest[1525 0 R/XYZ 0 786 0]/Prev 1789 0 R/Next 1791 0 R>>endobj
+1791 0 obj<</Parent 1788 0 R/Title(9.3.3. HOSTS file)/Dest[1527 0 R/XYZ 0 512 0]/Prev 1790 0 R/Next 1792 0 R>>endobj
+1792 0 obj<</Parent 1788 0 R/Title(9.3.4. DNS Lookup)/Dest[1527 0 R/XYZ 0 414 0]/Prev 1791 0 R/Next 1793 0 R>>endobj
+1793 0 obj<</Parent 1788 0 R/Title(9.3.5. WINS Lookup)/Dest[1527 0 R/XYZ 0 276 0]/Prev 1792 0 R>>endobj
+1794 0 obj<</Parent 1781 0 R/Title(9.4. How browsing functions and how to deploy stable and dependable browsing using Samba)/Dest[1529 0 R/XYZ 0 723 0]/Prev 1788 0 R/Next 1795 0 R>>endobj
+1795 0 obj<</Parent 1781 0 R/Count -3/First 1796 0 R/Last 1798 0 R/Title(9.5. MS Windows security options and how to configure Samba for seemless integration)/Dest[1529 0 R/XYZ 0 179 0]/Prev 1794 0 R/Next 1799 0 R>>endobj
+1796 0 obj<</Parent 1795 0 R/Title(9.5.1. Use MS Windows NT as an authentication server)/Dest[1533 0 R/XYZ 0 786 0]/Next 1797 0 R>>endobj
+1797 0 obj<</Parent 1795 0 R/Title(9.5.2. Make Samba a member of an MS Windows NT security domain)/Dest[1533 0 R/XYZ 0 537 0]/Prev 1796 0 R/Next 1798 0 R>>endobj
+1798 0 obj<</Parent 1795 0 R/Title(9.5.3. Configure Samba as an authentication server)/Dest[1533 0 R/XYZ 0 185 0]/Prev 1797 0 R>>endobj
+1799 0 obj<</Parent 1781 0 R/Title(9.6. Conclusions)/Dest[1535 0 R/XYZ 0 316 0]/Prev 1795 0 R>>endobj
+1800 0 obj<</Parent 1677 0 R/Count -7/First 1801 0 R/Last 1809 0 R/Title(Chapter 10. UNIX Permission Bits and Windows NT Access Control Lists)/Dest[1537 0 R/XYZ 0 786 0]/Prev 1781 0 R/Next 1810 0 R>>endobj
+1801 0 obj<</Parent 1800 0 R/Title(10.1. Viewing and changing UNIX permissions using the NT security dialogs)/Dest[1537 0 R/XYZ 0 738 0]/Next 1802 0 R>>endobj
+1802 0 obj<</Parent 1800 0 R/Title(10.2. How to view file security on a Samba share)/Dest[1537 0 R/XYZ 0 590 0]/Prev 1801 0 R/Next 1803 0 R>>endobj
+1803 0 obj<</Parent 1800 0 R/Title(10.3. Viewing file ownership)/Dest[1537 0 R/XYZ 0 422 0]/Prev 1802 0 R/Next 1804 0 R>>endobj
+1804 0 obj<</Parent 1800 0 R/Count -2/First 1805 0 R/Last 1806 0 R/Title(10.4. Viewing file or directory permissions)/Dest[1539 0 R/XYZ 0 758 0]/Prev 1803 0 R/Next 1807 0 R>>endobj
+1805 0 obj<</Parent 1804 0 R/Title(10.4.1. File Permissions)/Dest[1539 0 R/XYZ 0 524 0]/Next 1806 0 R>>endobj
+1806 0 obj<</Parent 1804 0 R/Title(10.4.2. Directory Permissions)/Dest[1539 0 R/XYZ 0 281 0]/Prev 1805 0 R>>endobj
+1807 0 obj<</Parent 1800 0 R/Title(10.5. Modifying file or directory permissions)/Dest[1541 0 R/XYZ 0 771 0]/Prev 1804 0 R/Next 1808 0 R>>endobj
+1808 0 obj<</Parent 1800 0 R/Title(10.6. Interaction with the standard Samba create mask parameters)/Dest[1541 0 R/XYZ 0 339 0]/Prev 1807 0 R/Next 1809 0 R>>endobj
+1809 0 obj<</Parent 1800 0 R/Title(10.7. Interaction with the standard Samba file attribute mapping)/Dest[1545 0 R/XYZ 0 705 0]/Prev 1808 0 R>>endobj
+1810 0 obj<</Parent 1677 0 R/Count -3/First 1811 0 R/Last 1813 0 R/Title(Chapter 11. Configuring PAM for distributed but centrally managed authentication)/Dest[1547 0 R/XYZ 0 786 0]/Prev 1800 0 R/Next 1814 0 R>>endobj
+1811 0 obj<</Parent 1810 0 R/Title(11.1. Samba and PAM)/Dest[1547 0 R/XYZ 0 738 0]/Next 1812 0 R>>endobj
+1812 0 obj<</Parent 1810 0 R/Title(11.2. Distributed Authentication)/Dest[1549 0 R/XYZ 0 201 0]/Prev 1811 0 R/Next 1813 0 R>>endobj
+1813 0 obj<</Parent 1810 0 R/Title(11.3. PAM Configuration in smb.conf)/Dest[1551 0 R/XYZ 0 758 0]/Prev 1812 0 R>>endobj
+1814 0 obj<</Parent 1677 0 R/Count -1/First 1815 0 R/Last 1815 0 R/Title(Chapter 12. Hosting a Microsoft Distributed File System tree on Samba)/Dest[1553 0 R/XYZ 0 786 0]/Prev 1810 0 R/Next 1817 0 R>>endobj
+1815 0 obj<</Parent 1814 0 R/Count -1/First 1816 0 R/Last 1816 0 R/Title(12.1. Instructions)/Dest[1553 0 R/XYZ 0 738 0]>>endobj
+1816 0 obj<</Parent 1815 0 R/Title(12.1.1. Notes)/Dest[1555 0 R/XYZ 0 705 0]>>endobj
+1817 0 obj<</Parent 1677 0 R/Count -4/First 1818 0 R/Last 1830 0 R/Title(Chapter 13. Printing Support)/Dest[1557 0 R/XYZ 0 786 0]/Prev 1814 0 R/Next 1840 0 R>>endobj
+1818 0 obj<</Parent 1817 0 R/Title(13.1. Introduction)/Dest[1557 0 R/XYZ 0 762 0]/Next 1819 0 R>>endobj
+1819 0 obj<</Parent 1817 0 R/Count -5/First 1820 0 R/Last 1824 0 R/Title(13.2. Configuration)/Dest[1557 0 R/XYZ 0 370 0]/Prev 1818 0 R/Next 1825 0 R>>endobj
+1820 0 obj<</Parent 1819 0 R/Title(13.2.1. Creating [print$])/Dest[1557 0 R/XYZ 0 180 0]/Next 1821 0 R>>endobj
+1821 0 obj<</Parent 1819 0 R/Title(13.2.2. Setting Drivers for Existing Printers)/Dest[1561 0 R/XYZ 0 583 0]/Prev 1820 0 R/Next 1822 0 R>>endobj
+1822 0 obj<</Parent 1819 0 R/Title(13.2.3. Support a large number of printers)/Dest[1563 0 R/XYZ 0 786 0]/Prev 1821 0 R/Next 1823 0 R>>endobj
+1823 0 obj<</Parent 1819 0 R/Title(13.2.4. Adding New Printers via the Windows NT APW)/Dest[1563 0 R/XYZ 0 416 0]/Prev 1822 0 R/Next 1824 0 R>>endobj
+1824 0 obj<</Parent 1819 0 R/Title(13.2.5. Samba and Printer Ports)/Dest[1565 0 R/XYZ 0 237 0]/Prev 1823 0 R>>endobj
+1825 0 obj<</Parent 1817 0 R/Count -4/First 1826 0 R/Last 1829 0 R/Title(13.3. The Imprints Toolset)/Dest[1567 0 R/XYZ 0 745 0]/Prev 1819 0 R/Next 1830 0 R>>endobj
+1826 0 obj<</Parent 1825 0 R/Title(13.3.1. What is Imprints?)/Dest[1567 0 R/XYZ 0 643 0]/Next 1827 0 R>>endobj
+1827 0 obj<</Parent 1825 0 R/Title(13.3.2. Creating Printer Driver Packages)/Dest[1567 0 R/XYZ 0 519 0]/Prev 1826 0 R/Next 1828 0 R>>endobj
+1828 0 obj<</Parent 1825 0 R/Title(13.3.3. The Imprints server)/Dest[1567 0 R/XYZ 0 434 0]/Prev 1827 0 R/Next 1829 0 R>>endobj
+1829 0 obj<</Parent 1825 0 R/Title(13.3.4. The Installation Client)/Dest[1567 0 R/XYZ 0 336 0]/Prev 1828 0 R>>endobj
+1830 0 obj<</Parent 1817 0 R/Count -9/First 1831 0 R/Last 1839 0 R/Title(13.4. Diagnosis)/Dest[1569 0 R/XYZ 0 449 0]/Prev 1825 0 R>>endobj
+1831 0 obj<</Parent 1830 0 R/Title(13.4.1. Introduction)/Dest[1569 0 R/XYZ 0 429 0]/Next 1832 0 R>>endobj
+1832 0 obj<</Parent 1830 0 R/Title(13.4.2. Debugging printer problems)/Dest[1571 0 R/XYZ 0 482 0]/Prev 1831 0 R/Next 1833 0 R>>endobj
+1833 0 obj<</Parent 1830 0 R/Title(13.4.3. What printers do I have?)/Dest[1573 0 R/XYZ 0 718 0]/Prev 1832 0 R/Next 1834 0 R>>endobj
+1834 0 obj<</Parent 1830 0 R/Title(13.4.4. Setting up printcap and print servers)/Dest[1573 0 R/XYZ 0 537 0]/Prev 1833 0 R/Next 1835 0 R>>endobj
+1835 0 obj<</Parent 1830 0 R/Title(13.4.5. Job sent, no output)/Dest[1575 0 R/XYZ 0 786 0]/Prev 1834 0 R/Next 1836 0 R>>endobj
+1836 0 obj<</Parent 1830 0 R/Title(13.4.6. Job sent, strange output)/Dest[1575 0 R/XYZ 0 447 0]/Prev 1835 0 R/Next 1837 0 R>>endobj
+1837 0 obj<</Parent 1830 0 R/Title(13.4.7. Raw PostScript printed)/Dest[1577 0 R/XYZ 0 771 0]/Prev 1836 0 R/Next 1838 0 R>>endobj
+1838 0 obj<</Parent 1830 0 R/Title(13.4.8. Advanced Printing)/Dest[1577 0 R/XYZ 0 686 0]/Prev 1837 0 R/Next 1839 0 R>>endobj
+1839 0 obj<</Parent 1830 0 R/Title(13.4.9. Real debugging)/Dest[1577 0 R/XYZ 0 588 0]/Prev 1838 0 R>>endobj
+1840 0 obj<</Parent 1677 0 R/Count -7/First 1841 0 R/Last 1857 0 R/Title(Chapter 14. Unified Logons between Windows NT and UNIX using Winbind)/Dest[1579 0 R/XYZ 0 786 0]/Prev 1817 0 R/Next 1858 0 R>>endobj
+1841 0 obj<</Parent 1840 0 R/Title(14.1. Abstract)/Dest[1579 0 R/XYZ 0 738 0]/Next 1842 0 R>>endobj
+1842 0 obj<</Parent 1840 0 R/Title(14.2. Introduction)/Dest[1579 0 R/XYZ 0 597 0]/Prev 1841 0 R/Next 1843 0 R>>endobj
+1843 0 obj<</Parent 1840 0 R/Count -1/First 1844 0 R/Last 1844 0 R/Title(14.3. What Winbind Provides)/Dest[1579 0 R/XYZ 0 284 0]/Prev 1842 0 R/Next 1845 0 R>>endobj
+1844 0 obj<</Parent 1843 0 R/Title(14.3.1. Target Uses)/Dest[1581 0 R/XYZ 0 613 0]>>endobj
+1845 0 obj<</Parent 1840 0 R/Count -6/First 1846 0 R/Last 1851 0 R/Title(14.4. How Winbind Works)/Dest[1581 0 R/XYZ 0 462 0]/Prev 1843 0 R/Next 1852 0 R>>endobj
+1846 0 obj<</Parent 1845 0 R/Title(14.4.1. Microsoft Remote Procedure Calls)/Dest[1581 0 R/XYZ 0 347 0]/Next 1847 0 R>>endobj
+1847 0 obj<</Parent 1845 0 R/Title(14.4.2. Microsoft Active Directory Services)/Dest[1583 0 R/XYZ 0 786 0]/Prev 1846 0 R/Next 1848 0 R>>endobj
+1848 0 obj<</Parent 1845 0 R/Title(14.4.3. Name Service Switch)/Dest[1583 0 R/XYZ 0 688 0]/Prev 1847 0 R/Next 1849 0 R>>endobj
+1849 0 obj<</Parent 1845 0 R/Title(14.4.4. Pluggable Authentication Modules)/Dest[1583 0 R/XYZ 0 247 0]/Prev 1848 0 R/Next 1850 0 R>>endobj
+1850 0 obj<</Parent 1845 0 R/Title(14.4.5. User and Group ID Allocation)/Dest[1585 0 R/XYZ 0 613 0]/Prev 1849 0 R/Next 1851 0 R>>endobj
+1851 0 obj<</Parent 1845 0 R/Title(14.4.6. Result Caching)/Dest[1585 0 R/XYZ 0 435 0]/Prev 1850 0 R>>endobj
+1852 0 obj<</Parent 1840 0 R/Count -3/First 1853 0 R/Last 1855 0 R/Title(14.5. Installation and Configuration)/Dest[1585 0 R/XYZ 0 298 0]/Prev 1845 0 R/Next 1856 0 R>>endobj
+1853 0 obj<</Parent 1852 0 R/Title(14.5.1. Introduction)/Dest[1587 0 R/XYZ 0 786 0]/Next 1854 0 R>>endobj
+1854 0 obj<</Parent 1852 0 R/Title(14.5.2. Requirements)/Dest[1587 0 R/XYZ 0 503 0]/Prev 1853 0 R/Next 1855 0 R>>endobj
+1855 0 obj<</Parent 1852 0 R/Title(14.5.3. Testing Things Out)/Dest[1587 0 R/XYZ 0 234 0]/Prev 1854 0 R>>endobj
+1856 0 obj<</Parent 1840 0 R/Title(14.6. Limitations)/Dest[1603 0 R/XYZ 0 786 0]/Prev 1852 0 R/Next 1857 0 R>>endobj
+1857 0 obj<</Parent 1840 0 R/Title(14.7. Conclusion)/Dest[1603 0 R/XYZ 0 566 0]/Prev 1856 0 R>>endobj
+1858 0 obj<</Parent 1677 0 R/Count -11/First 1859 0 R/Last 1870 0 R/Title(Chapter 15. Improved browsing in samba)/Dest[1605 0 R/XYZ 0 786 0]/Prev 1840 0 R/Next 1871 0 R>>endobj
+1859 0 obj<</Parent 1858 0 R/Title(15.1. Overview of browsing)/Dest[1605 0 R/XYZ 0 762 0]/Next 1860 0 R>>endobj
+1860 0 obj<</Parent 1858 0 R/Title(15.2. Browsing support in samba)/Dest[1605 0 R/XYZ 0 568 0]/Prev 1859 0 R/Next 1861 0 R>>endobj
+1861 0 obj<</Parent 1858 0 R/Title(15.3. Problem resolution)/Dest[1605 0 R/XYZ 0 189 0]/Prev 1860 0 R/Next 1862 0 R>>endobj
+1862 0 obj<</Parent 1858 0 R/Count -1/First 1863 0 R/Last 1863 0 R/Title(15.4. Browsing across subnets)/Dest[1607 0 R/XYZ 0 586 0]/Prev 1861 0 R/Next 1864 0 R>>endobj
+1863 0 obj<</Parent 1862 0 R/Title(15.4.1. How does cross subnet browsing work ?)/Dest[1607 0 R/XYZ 0 326 0]>>endobj
+1864 0 obj<</Parent 1858 0 R/Title(15.5. Setting up a WINS server)/Dest[1613 0 R/XYZ 0 613 0]/Prev 1862 0 R/Next 1865 0 R>>endobj
+1865 0 obj<</Parent 1858 0 R/Title(15.6. Setting up Browsing in a WORKGROUP)/Dest[1615 0 R/XYZ 0 665 0]/Prev 1864 0 R/Next 1866 0 R>>endobj
+1866 0 obj<</Parent 1858 0 R/Title(15.7. Setting up Browsing in a DOMAIN)/Dest[1617 0 R/XYZ 0 675 0]/Prev 1865 0 R/Next 1867 0 R>>endobj
+1867 0 obj<</Parent 1858 0 R/Title(15.8. Forcing samba to be the master)/Dest[1617 0 R/XYZ 0 319 0]/Prev 1866 0 R/Next 1868 0 R>>endobj
+1868 0 obj<</Parent 1858 0 R/Title(15.9. Making samba the domain master)/Dest[1619 0 R/XYZ 0 573 0]/Prev 1867 0 R/Next 1869 0 R>>endobj
+1869 0 obj<</Parent 1858 0 R/Title(15.10. Note about broadcast addresses)/Dest[1621 0 R/XYZ 0 786 0]/Prev 1868 0 R/Next 1870 0 R>>endobj
+1870 0 obj<</Parent 1858 0 R/Title(15.11. Multiple interfaces)/Dest[1621 0 R/XYZ 0 698 0]/Prev 1869 0 R>>endobj
+1871 0 obj<</Parent 1677 0 R/Count -3/First 1872 0 R/Last 1877 0 R/Title(Chapter 16. Stackable VFS modules)/Dest[1623 0 R/XYZ 0 786 0]/Prev 1858 0 R/Next 1880 0 R>>endobj
+1872 0 obj<</Parent 1871 0 R/Title(16.1. Introduction and configuration)/Dest[1623 0 R/XYZ 0 762 0]/Next 1873 0 R>>endobj
+1873 0 obj<</Parent 1871 0 R/Count -3/First 1874 0 R/Last 1876 0 R/Title(16.2. Included modules)/Dest[1623 0 R/XYZ 0 437 0]/Prev 1872 0 R/Next 1877 0 R>>endobj
+1874 0 obj<</Parent 1873 0 R/Title(16.2.1. audit)/Dest[1623 0 R/XYZ 0 417 0]/Next 1875 0 R>>endobj
+1875 0 obj<</Parent 1873 0 R/Title(16.2.2. recycle)/Dest[1623 0 R/XYZ 0 268 0]/Prev 1874 0 R/Next 1876 0 R>>endobj
+1876 0 obj<</Parent 1873 0 R/Title(16.2.3. netatalk)/Dest[1625 0 R/XYZ 0 613 0]/Prev 1875 0 R>>endobj
+1877 0 obj<</Parent 1871 0 R/Count -2/First 1878 0 R/Last 1879 0 R/Title(16.3. VFS modules available elsewhere)/Dest[1625 0 R/XYZ 0 483 0]/Prev 1873 0 R>>endobj
+1878 0 obj<</Parent 1877 0 R/Title(16.3.1. DatabaseFS)/Dest[1625 0 R/XYZ 0 368 0]/Next 1879 0 R>>endobj
+1879 0 obj<</Parent 1877 0 R/Title(16.3.2. vscan)/Dest[1627 0 R/XYZ 0 786 0]/Prev 1878 0 R>>endobj
+1880 0 obj<</Parent 1677 0 R/Count -2/First 1881 0 R/Last 1882 0 R/Title(Chapter 17. Access Samba source code via CVS)/Dest[1629 0 R/XYZ 0 786 0]/Prev 1871 0 R/Next 1885 0 R>>endobj
+1881 0 obj<</Parent 1880 0 R/Title(17.1. Introduction)/Dest[1629 0 R/XYZ 0 762 0]/Next 1882 0 R>>endobj
+1882 0 obj<</Parent 1880 0 R/Count -2/First 1883 0 R/Last 1884 0 R/Title(17.2. CVS Access to samba.org)/Dest[1629 0 R/XYZ 0 634 0]/Prev 1881 0 R>>endobj
+1883 0 obj<</Parent 1882 0 R/Title(17.2.1. Access via CVSweb)/Dest[1629 0 R/XYZ 0 546 0]/Next 1884 0 R>>endobj
+1884 0 obj<</Parent 1882 0 R/Title(17.2.2. Access via cvs)/Dest[1629 0 R/XYZ 0 435 0]/Prev 1883 0 R>>endobj
+1885 0 obj<</Parent 1677 0 R/Title(Chapter 18. Group mapping HOWTO)/Dest[1633 0 R/XYZ 0 786 0]/Prev 1880 0 R/Next 1886 0 R>>endobj
+1886 0 obj<</Parent 1677 0 R/Count -10/First 1887 0 R/Last 1896 0 R/Title(Chapter 19. Samba performance issues)/Dest[1635 0 R/XYZ 0 786 0]/Prev 1885 0 R/Next 1897 0 R>>endobj
+1887 0 obj<</Parent 1886 0 R/Title(19.1. Comparisons)/Dest[1635 0 R/XYZ 0 762 0]/Next 1888 0 R>>endobj
+1888 0 obj<</Parent 1886 0 R/Title(19.2. Socket options)/Dest[1635 0 R/XYZ 0 502 0]/Prev 1887 0 R/Next 1889 0 R>>endobj
+1889 0 obj<</Parent 1886 0 R/Title(19.3. Read size)/Dest[1635 0 R/XYZ 0 242 0]/Prev 1888 0 R/Next 1890 0 R>>endobj
+1890 0 obj<</Parent 1886 0 R/Title(19.4. Max xmit)/Dest[1637 0 R/XYZ 0 692 0]/Prev 1889 0 R/Next 1891 0 R>>endobj
+1891 0 obj<</Parent 1886 0 R/Title(19.5. Log level)/Dest[1637 0 R/XYZ 0 511 0]/Prev 1890 0 R/Next 1892 0 R>>endobj
+1892 0 obj<</Parent 1886 0 R/Title(19.6. Read raw)/Dest[1637 0 R/XYZ 0 436 0]/Prev 1891 0 R/Next 1893 0 R>>endobj
+1893 0 obj<</Parent 1886 0 R/Title(19.7. Write raw)/Dest[1637 0 R/XYZ 0 268 0]/Prev 1892 0 R/Next 1894 0 R>>endobj
+1894 0 obj<</Parent 1886 0 R/Title(19.8. Slow Clients)/Dest[1639 0 R/XYZ 0 786 0]/Prev 1893 0 R/Next 1895 0 R>>endobj
+1895 0 obj<</Parent 1886 0 R/Title(19.9. Slow Logins)/Dest[1639 0 R/XYZ 0 658 0]/Prev 1894 0 R/Next 1896 0 R>>endobj
+1896 0 obj<</Parent 1886 0 R/Title(19.10. Client tuning)/Dest[1639 0 R/XYZ 0 583 0]/Prev 1895 0 R>>endobj
+1897 0 obj<</Parent 1677 0 R/Count -3/First 1898 0 R/Last 1904 0 R/Title(Chapter 20. Creating Group Profiles)/Dest[1643 0 R/XYZ 0 786 0]/Prev 1886 0 R/Next 1905 0 R>>endobj
+1898 0 obj<</Parent 1897 0 R/Title(20.1. Windows '9x)/Dest[1643 0 R/XYZ 0 762 0]/Next 1899 0 R>>endobj
+1899 0 obj<</Parent 1897 0 R/Count -4/First 1900 0 R/Last 1903 0 R/Title(20.2. Windows NT 4)/Dest[1643 0 R/XYZ 0 515 0]/Prev 1898 0 R/Next 1904 0 R>>endobj
+1900 0 obj<</Parent 1899 0 R/Title(20.2.1. Side bar Notes)/Dest[1643 0 R/XYZ 0 213 0]/Next 1901 0 R>>endobj
+1901 0 obj<</Parent 1899 0 R/Title(20.2.2. Mandatory profiles)/Dest[1645 0 R/XYZ 0 786 0]/Prev 1900 0 R/Next 1902 0 R>>endobj
+1902 0 obj<</Parent 1899 0 R/Title(20.2.3. moveuser.exe)/Dest[1645 0 R/XYZ 0 715 0]/Prev 1901 0 R/Next 1903 0 R>>endobj
+1903 0 obj<</Parent 1899 0 R/Title(20.2.4. Get SID)/Dest[1645 0 R/XYZ 0 643 0]/Prev 1902 0 R>>endobj
+1904 0 obj<</Parent 1897 0 R/Title(20.3. Windows 2000/XP)/Dest[1645 0 R/XYZ 0 479 0]/Prev 1899 0 R>>endobj
+1905 0 obj<</Parent 1677 0 R/Title(IV. Appendixes)/Dest[1649 0 R/XYZ 0 786 0]/Prev 1897 0 R/Next 1906 0 R>>endobj
+1906 0 obj<</Parent 1677 0 R/Count -4/First 1907 0 R/Last 1910 0 R/Title(Chapter 21. Portability)/Dest[1651 0 R/XYZ 0 786 0]/Prev 1905 0 R/Next 1911 0 R>>endobj
+1907 0 obj<</Parent 1906 0 R/Title(21.1. HPUX)/Dest[1651 0 R/XYZ 0 707 0]/Next 1908 0 R>>endobj
+1908 0 obj<</Parent 1906 0 R/Title(21.2. SCO Unix)/Dest[1651 0 R/XYZ 0 461 0]/Prev 1907 0 R/Next 1909 0 R>>endobj
+1909 0 obj<</Parent 1906 0 R/Title(21.3. DNIX)/Dest[1651 0 R/XYZ 0 346 0]/Prev 1908 0 R/Next 1910 0 R>>endobj
+1910 0 obj<</Parent 1906 0 R/Title(21.4. RedHat Linux Rembrandt-II)/Dest[1653 0 R/XYZ 0 280 0]/Prev 1909 0 R>>endobj
+1911 0 obj<</Parent 1677 0 R/Count -5/First 1912 0 R/Last 1924 0 R/Title(Chapter 22. Samba and other CIFS clients)/Dest[1655 0 R/XYZ 0 786 0]/Prev 1906 0 R/Next 1925 0 R>>endobj
+1912 0 obj<</Parent 1911 0 R/Title(22.1. Macintosh clients?)/Dest[1655 0 R/XYZ 0 721 0]/Next 1913 0 R>>endobj
+1913 0 obj<</Parent 1911 0 R/Count -4/First 1914 0 R/Last 1917 0 R/Title(22.2. OS2 Client)/Dest[1655 0 R/XYZ 0 513 0]/Prev 1912 0 R/Next 1918 0 R>>endobj
+1914 0 obj<</Parent 1913 0 R/Title(22.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?)/Dest[1655 0 R/XYZ 0 493 0]/Next 1915 0 R>>endobj
+1915 0 obj<</Parent 1913 0 R/Title(22.2.2. How can I configure OS/2 Warp 3 \(not Connect\), OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[1657 0 R/XYZ 0 786 0]/Prev 1914 0 R/Next 1916 0 R>>endobj
+1916 0 obj<</Parent 1913 0 R/Title(22.2.3. Are there any other issues when OS/2 \(any version\) is used as a client?)/Dest[1657 0 R/XYZ 0 575 0]/Prev 1915 0 R/Next 1917 0 R>>endobj
+1917 0 obj<</Parent 1913 0 R/Title(22.2.4. How do I get printer driver download working for OS/2 clients?)/Dest[1657 0 R/XYZ 0 461 0]/Prev 1916 0 R>>endobj
+1918 0 obj<</Parent 1911 0 R/Count -4/First 1919 0 R/Last 1922 0 R/Title(22.3. Windows for Workgroups)/Dest[1657 0 R/XYZ 0 204 0]/Prev 1913 0 R/Next 1923 0 R>>endobj
+1919 0 obj<</Parent 1918 0 R/Title(22.3.1. Use latest TCP/IP stack from Microsoft)/Dest[1657 0 R/XYZ 0 184 0]/Next 1920 0 R>>endobj
+1920 0 obj<</Parent 1918 0 R/Title(22.3.2. Delete .pwl files after password change)/Dest[1659 0 R/XYZ 0 679 0]/Prev 1919 0 R/Next 1921 0 R>>endobj
+1921 0 obj<</Parent 1918 0 R/Title(22.3.3. Configure WfW password handling)/Dest[1659 0 R/XYZ 0 528 0]/Prev 1920 0 R/Next 1922 0 R>>endobj
+1922 0 obj<</Parent 1918 0 R/Title(22.3.4. Case handling of passwords)/Dest[1659 0 R/XYZ 0 430 0]/Prev 1921 0 R>>endobj
+1923 0 obj<</Parent 1911 0 R/Title(22.4. Windows '95/'98)/Dest[1659 0 R/XYZ 0 345 0]/Prev 1918 0 R/Next 1924 0 R>>endobj
+1924 0 obj<</Parent 1911 0 R/Title(22.5. Windows 2000 Service Pack 2)/Dest[1661 0 R/XYZ 0 771 0]/Prev 1923 0 R>>endobj
+1925 0 obj<</Parent 1677 0 R/Count -6/First 1926 0 R/Last 1931 0 R/Title(Chapter 23. Reporting Bugs)/Dest[1663 0 R/XYZ 0 786 0]/Prev 1911 0 R/Next 1932 0 R>>endobj
+1926 0 obj<</Parent 1925 0 R/Title(23.1. Introduction)/Dest[1663 0 R/XYZ 0 762 0]/Next 1927 0 R>>endobj
+1927 0 obj<</Parent 1925 0 R/Title(23.2. General info)/Dest[1663 0 R/XYZ 0 476 0]/Prev 1926 0 R/Next 1928 0 R>>endobj
+1928 0 obj<</Parent 1925 0 R/Title(23.3. Debug levels)/Dest[1663 0 R/XYZ 0 335 0]/Prev 1927 0 R/Next 1929 0 R>>endobj
+1929 0 obj<</Parent 1925 0 R/Title(23.4. Internal errors)/Dest[1665 0 R/XYZ 0 665 0]/Prev 1928 0 R/Next 1930 0 R>>endobj
+1930 0 obj<</Parent 1925 0 R/Title(23.5. Attaching to a running process)/Dest[1665 0 R/XYZ 0 313 0]/Prev 1929 0 R/Next 1931 0 R>>endobj
+1931 0 obj<</Parent 1925 0 R/Title(23.6. Patches)/Dest[1665 0 R/XYZ 0 211 0]/Prev 1930 0 R>>endobj
+1932 0 obj<</Parent 1677 0 R/Count -4/First 1933 0 R/Last 1947 0 R/Title(Chapter 24. Diagnosing your samba server)/Dest[1667 0 R/XYZ 0 786 0]/Prev 1925 0 R>>endobj
+1933 0 obj<</Parent 1932 0 R/Title(24.1. Introduction)/Dest[1667 0 R/XYZ 0 762 0]/Next 1934 0 R>>endobj
+1934 0 obj<</Parent 1932 0 R/Title(24.2. Assumptions)/Dest[1667 0 R/XYZ 0 581 0]/Prev 1933 0 R/Next 1935 0 R>>endobj
+1935 0 obj<</Parent 1932 0 R/Count -11/First 1936 0 R/Last 1946 0 R/Title(24.3. Tests)/Dest[1667 0 R/XYZ 0 252 0]/Prev 1934 0 R/Next 1947 0 R>>endobj
+1936 0 obj<</Parent 1935 0 R/Title(24.3.1. Test 1)/Dest[1667 0 R/XYZ 0 231 0]/Next 1937 0 R>>endobj
+1937 0 obj<</Parent 1935 0 R/Title(24.3.2. Test 2)/Dest[1669 0 R/XYZ 0 786 0]/Prev 1936 0 R/Next 1938 0 R>>endobj
+1938 0 obj<</Parent 1935 0 R/Title(24.3.3. Test 3)/Dest[1669 0 R/XYZ 0 583 0]/Prev 1937 0 R/Next 1939 0 R>>endobj
+1939 0 obj<</Parent 1935 0 R/Title(24.3.4. Test 4)/Dest[1671 0 R/XYZ 0 679 0]/Prev 1938 0 R/Next 1940 0 R>>endobj
+1940 0 obj<</Parent 1935 0 R/Title(24.3.5. Test 5)/Dest[1671 0 R/XYZ 0 528 0]/Prev 1939 0 R/Next 1941 0 R>>endobj
+1941 0 obj<</Parent 1935 0 R/Title(24.3.6. Test 6)/Dest[1671 0 R/XYZ 0 403 0]/Prev 1940 0 R/Next 1942 0 R>>endobj
+1942 0 obj<</Parent 1935 0 R/Title(24.3.7. Test 7)/Dest[1673 0 R/XYZ 0 786 0]/Prev 1941 0 R/Next 1943 0 R>>endobj
+1943 0 obj<</Parent 1935 0 R/Title(24.3.8. Test 8)/Dest[1673 0 R/XYZ 0 424 0]/Prev 1942 0 R/Next 1944 0 R>>endobj
+1944 0 obj<</Parent 1935 0 R/Title(24.3.9. Test 9)/Dest[1675 0 R/XYZ 0 758 0]/Prev 1943 0 R/Next 1945 0 R>>endobj
+1945 0 obj<</Parent 1935 0 R/Title(24.3.10. Test 10)/Dest[1675 0 R/XYZ 0 567 0]/Prev 1944 0 R/Next 1946 0 R>>endobj
+1946 0 obj<</Parent 1935 0 R/Title(24.3.11. Test 11)/Dest[1675 0 R/XYZ 0 430 0]/Prev 1945 0 R>>endobj
+1947 0 obj<</Parent 1932 0 R/Title(24.4. Still having troubles?)/Dest[1675 0 R/XYZ 0 292 0]/Prev 1935 0 R>>endobj
+1948 0 obj<</Type/Catalog/Pages 1372 0 R/PageLayout/SinglePage/Outlines 1677 0 R/OpenAction[1389 0 R/XYZ null null 0]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>8<</S/D/St 1/P()>>9<</S/D/St 2/P()>>13<</S/D/St 6/P()>>14<</S/D/St 7/P()>>16<</S/D/St 9/P()>>23<</S/D/St 16/P()>>27<</S/D/St 20/P()>>38<</S/D/St 31/P()>>39<</S/D/St 32/P()>>40<</S/D/St 33/P()>>42<</S/D/St 35/P()>>59<</S/D/St 52/P()>>62<</S/D/St 55/P()>>65<</S/D/St 58/P()>>68<</S/D/St 61/P()>>69<</S/D/St 62/P()>>72<</S/D/St 65/P()>>82<</S/D/St 75/P()>>87<</S/D/St 80/P()>>90<</S/D/St 83/P()>>92<</S/D/St 85/P()>>103<</S/D/St 96/P()>>116<</S/D/St 109/P()>>125<</S/D/St 118/P()>>128<</S/D/St 121/P()>>130<</S/D/St 123/P()>>131<</S/D/St 124/P()>>135<</S/D/St 128/P()>>138<</S/D/St 131/P()>>139<</S/D/St 132/P()>>141<</S/D/St 134/P()>>145<</S/D/St 138/P()>>147<</S/D/St 140/P()>>]>>>>endobj
 xref
-0 1937 
+0 1949 
 0000000000 65535 f 
 0000000015 00000 n 
-0000000248 00000 n 
-0000001814 00000 n 
-0000001888 00000 n 
-0000001967 00000 n 
-0000002049 00000 n 
-0000002135 00000 n 
-0000002213 00000 n 
-0000002290 00000 n 
-0000002369 00000 n 
-0000002453 00000 n 
-0000002530 00000 n 
-0000002612 00000 n 
-0000002671 00000 n 
-0000002773 00000 n 
-0000002876 00000 n 
-0000002978 00000 n 
-0000003080 00000 n 
-0000003182 00000 n 
-0000003284 00000 n 
-0000003387 00000 n 
-0000003490 00000 n 
-0000003593 00000 n 
-0000003696 00000 n 
-0000003799 00000 n 
-0000003902 00000 n 
-0000004005 00000 n 
-0000004108 00000 n 
-0000004211 00000 n 
-0000004314 00000 n 
-0000004417 00000 n 
-0000004520 00000 n 
-0000004623 00000 n 
-0000004726 00000 n 
-0000004829 00000 n 
-0000004932 00000 n 
-0000005035 00000 n 
-0000005138 00000 n 
-0000005240 00000 n 
-0000005343 00000 n 
-0000005446 00000 n 
-0000005549 00000 n 
-0000005652 00000 n 
-0000005755 00000 n 
-0000005858 00000 n 
-0000005961 00000 n 
-0000006064 00000 n 
-0000006167 00000 n 
-0000006270 00000 n 
-0000006373 00000 n 
-0000006476 00000 n 
-0000006578 00000 n 
-0000006681 00000 n 
-0000006970 00000 n 
-0000007072 00000 n 
-0000007175 00000 n 
-0000007278 00000 n 
-0000007381 00000 n 
-0000007484 00000 n 
-0000007587 00000 n 
-0000007690 00000 n 
-0000007792 00000 n 
-0000007895 00000 n 
-0000007998 00000 n 
-0000008101 00000 n 
-0000008204 00000 n 
-0000008307 00000 n 
-0000008409 00000 n 
-0000008511 00000 n 
-0000008613 00000 n 
-0000008716 00000 n 
-0000008819 00000 n 
-0000008922 00000 n 
-0000009025 00000 n 
-0000009128 00000 n 
-0000009231 00000 n 
-0000009334 00000 n 
-0000009437 00000 n 
-0000009540 00000 n 
-0000009643 00000 n 
-0000009746 00000 n 
-0000009849 00000 n 
-0000009952 00000 n 
-0000010055 00000 n 
-0000010157 00000 n 
-0000010260 00000 n 
-0000010363 00000 n 
-0000010466 00000 n 
-0000010569 00000 n 
-0000010672 00000 n 
-0000010775 00000 n 
-0000010878 00000 n 
-0000010981 00000 n 
-0000011082 00000 n 
-0000011183 00000 n 
-0000011284 00000 n 
-0000011594 00000 n 
-0000011696 00000 n 
-0000011799 00000 n 
-0000011902 00000 n 
-0000012006 00000 n 
-0000012110 00000 n 
-0000012214 00000 n 
-0000012318 00000 n 
-0000012422 00000 n 
-0000012525 00000 n 
-0000012629 00000 n 
-0000012733 00000 n 
-0000012837 00000 n 
-0000012940 00000 n 
-0000013043 00000 n 
-0000013146 00000 n 
-0000013250 00000 n 
-0000013354 00000 n 
-0000013458 00000 n 
-0000013562 00000 n 
-0000013666 00000 n 
-0000013770 00000 n 
-0000013874 00000 n 
-0000013978 00000 n 
-0000014082 00000 n 
-0000014186 00000 n 
-0000014290 00000 n 
-0000014394 00000 n 
-0000014498 00000 n 
-0000014602 00000 n 
-0000014706 00000 n 
-0000014810 00000 n 
-0000014914 00000 n 
-0000015018 00000 n 
-0000015121 00000 n 
-0000015225 00000 n 
-0000015329 00000 n 
-0000015433 00000 n 
-0000015537 00000 n 
-0000015641 00000 n 
-0000015745 00000 n 
-0000015848 00000 n 
-0000015950 00000 n 
-0000016052 00000 n 
-0000016410 00000 n 
-0000016513 00000 n 
-0000016617 00000 n 
-0000016721 00000 n 
-0000016825 00000 n 
-0000016928 00000 n 
-0000017032 00000 n 
-0000017136 00000 n 
-0000017239 00000 n 
-0000017343 00000 n 
-0000017447 00000 n 
-0000017551 00000 n 
-0000017655 00000 n 
-0000017759 00000 n 
-0000017863 00000 n 
-0000017967 00000 n 
-0000018071 00000 n 
-0000018175 00000 n 
-0000018279 00000 n 
-0000018383 00000 n 
-0000018487 00000 n 
-0000018591 00000 n 
-0000018695 00000 n 
-0000018799 00000 n 
-0000018903 00000 n 
-0000019007 00000 n 
-0000019111 00000 n 
-0000019215 00000 n 
-0000019319 00000 n 
-0000019423 00000 n 
-0000019527 00000 n 
-0000019630 00000 n 
-0000019734 00000 n 
-0000019838 00000 n 
-0000019941 00000 n 
-0000020045 00000 n 
-0000020149 00000 n 
-0000020253 00000 n 
-0000020357 00000 n 
-0000020461 00000 n 
-0000020565 00000 n 
-0000020669 00000 n 
-0000020772 00000 n 
-0000020874 00000 n 
-0000020976 00000 n 
-0000021345 00000 n 
-0000021448 00000 n 
-0000021552 00000 n 
-0000021656 00000 n 
-0000021760 00000 n 
-0000021864 00000 n 
-0000021968 00000 n 
-0000022072 00000 n 
-0000022175 00000 n 
-0000022279 00000 n 
-0000022383 00000 n 
-0000022487 00000 n 
-0000022591 00000 n 
-0000022694 00000 n 
-0000022798 00000 n 
-0000022902 00000 n 
-0000023005 00000 n 
-0000023109 00000 n 
-0000023213 00000 n 
-0000023317 00000 n 
-0000023421 00000 n 
-0000023525 00000 n 
-0000023629 00000 n 
-0000023733 00000 n 
-0000023837 00000 n 
-0000023941 00000 n 
-0000024045 00000 n 
-0000024149 00000 n 
-0000024253 00000 n 
-0000024356 00000 n 
-0000024460 00000 n 
-0000024564 00000 n 
-0000024668 00000 n 
-0000024772 00000 n 
-0000024875 00000 n 
-0000024978 00000 n 
-0000025082 00000 n 
-0000025186 00000 n 
-0000025290 00000 n 
-0000025394 00000 n 
-0000025497 00000 n 
-0000025599 00000 n 
-0000025701 00000 n 
-0000026054 00000 n 
-0000026157 00000 n 
-0000026261 00000 n 
-0000026365 00000 n 
-0000026469 00000 n 
-0000026573 00000 n 
-0000026677 00000 n 
-0000026781 00000 n 
-0000026885 00000 n 
-0000026989 00000 n 
-0000027093 00000 n 
-0000027197 00000 n 
-0000027301 00000 n 
-0000027405 00000 n 
-0000027509 00000 n 
-0000027612 00000 n 
-0000027715 00000 n 
-0000027819 00000 n 
-0000027923 00000 n 
-0000028027 00000 n 
-0000028131 00000 n 
-0000028234 00000 n 
-0000028338 00000 n 
-0000028442 00000 n 
-0000028546 00000 n 
-0000028650 00000 n 
-0000028754 00000 n 
-0000028858 00000 n 
-0000028962 00000 n 
-0000029066 00000 n 
-0000029170 00000 n 
-0000029274 00000 n 
-0000029378 00000 n 
-0000029482 00000 n 
-0000029586 00000 n 
-0000029689 00000 n 
-0000029793 00000 n 
-0000029897 00000 n 
-0000030001 00000 n 
-0000030105 00000 n 
-0000030209 00000 n 
-0000030313 00000 n 
-0000030658 00000 n 
-0000030761 00000 n 
-0000030865 00000 n 
-0000030969 00000 n 
-0000031073 00000 n 
-0000031177 00000 n 
-0000031281 00000 n 
-0000031385 00000 n 
-0000031489 00000 n 
-0000031593 00000 n 
-0000031697 00000 n 
-0000031801 00000 n 
-0000031905 00000 n 
-0000032009 00000 n 
-0000032113 00000 n 
-0000032217 00000 n 
-0000032321 00000 n 
-0000032466 00000 n 
-0000032519 00000 n 
-0000032606 00000 n 
-0000032660 00000 n 
-0000032746 00000 n 
-0000032813 00000 n 
-0000032899 00000 n 
-0000033002 00000 n 
-0000033106 00000 n 
-0000033210 00000 n 
-0000033314 00000 n 
-0000033418 00000 n 
-0000033522 00000 n 
-0000033626 00000 n 
-0000033730 00000 n 
-0000033834 00000 n 
-0000033938 00000 n 
-0000034042 00000 n 
-0000034146 00000 n 
-0000034250 00000 n 
-0000034354 00000 n 
-0000034458 00000 n 
-0000034562 00000 n 
-0000034666 00000 n 
-0000034770 00000 n 
-0000034874 00000 n 
-0000034978 00000 n 
-0000035082 00000 n 
-0000035186 00000 n 
-0000035290 00000 n 
-0000035394 00000 n 
-0000035498 00000 n 
-0000035602 00000 n 
-0000035706 00000 n 
-0000035810 00000 n 
-0000035914 00000 n 
-0000036018 00000 n 
-0000036122 00000 n 
-0000036225 00000 n 
-0000036327 00000 n 
-0000036429 00000 n 
-0000036742 00000 n 
-0000036846 00000 n 
-0000036950 00000 n 
-0000037054 00000 n 
-0000037157 00000 n 
-0000037261 00000 n 
-0000037365 00000 n 
-0000037469 00000 n 
-0000037573 00000 n 
-0000037677 00000 n 
-0000037781 00000 n 
-0000037885 00000 n 
-0000037989 00000 n 
-0000038093 00000 n 
-0000038197 00000 n 
-0000038301 00000 n 
-0000038405 00000 n 
-0000038509 00000 n 
-0000038613 00000 n 
-0000038717 00000 n 
-0000038821 00000 n 
-0000038925 00000 n 
-0000039029 00000 n 
-0000039133 00000 n 
-0000039237 00000 n 
-0000039341 00000 n 
-0000039445 00000 n 
-0000039549 00000 n 
-0000039653 00000 n 
-0000039757 00000 n 
-0000039861 00000 n 
-0000039965 00000 n 
-0000040069 00000 n 
-0000040173 00000 n 
-0000040276 00000 n 
-0000040380 00000 n 
-0000040484 00000 n 
-0000040588 00000 n 
-0000040692 00000 n 
-0000040796 00000 n 
-0000040900 00000 n 
-0000041004 00000 n 
-0000041108 00000 n 
-0000041212 00000 n 
-0000041316 00000 n 
-0000041420 00000 n 
-0000041524 00000 n 
-0000041628 00000 n 
-0000041732 00000 n 
-0000041835 00000 n 
-0000041937 00000 n 
-0000042039 00000 n 
-0000042464 00000 n 
-0000042568 00000 n 
-0000042672 00000 n 
-0000042776 00000 n 
-0000042880 00000 n 
-0000042984 00000 n 
-0000043088 00000 n 
-0000043192 00000 n 
-0000043296 00000 n 
-0000043400 00000 n 
-0000043504 00000 n 
-0000043608 00000 n 
-0000043712 00000 n 
-0000043816 00000 n 
-0000043920 00000 n 
-0000044024 00000 n 
-0000044128 00000 n 
-0000044232 00000 n 
-0000044336 00000 n 
-0000044440 00000 n 
-0000044544 00000 n 
-0000044648 00000 n 
-0000044752 00000 n 
-0000044856 00000 n 
-0000044960 00000 n 
-0000045064 00000 n 
-0000045168 00000 n 
-0000045272 00000 n 
-0000045376 00000 n 
-0000045480 00000 n 
-0000045584 00000 n 
-0000045688 00000 n 
-0000045792 00000 n 
-0000045896 00000 n 
-0000046000 00000 n 
-0000046104 00000 n 
-0000046208 00000 n 
-0000046312 00000 n 
-0000046416 00000 n 
-0000046520 00000 n 
-0000046624 00000 n 
-0000046728 00000 n 
-0000046832 00000 n 
-0000046936 00000 n 
-0000047040 00000 n 
-0000047144 00000 n 
-0000047248 00000 n 
-0000047352 00000 n 
-0000047456 00000 n 
-0000047559 00000 n 
-0000047661 00000 n 
-0000047763 00000 n 
-0000048188 00000 n 
-0000048292 00000 n 
-0000048396 00000 n 
-0000048500 00000 n 
-0000048604 00000 n 
-0000048708 00000 n 
-0000048812 00000 n 
-0000048916 00000 n 
-0000049020 00000 n 
-0000049124 00000 n 
-0000049228 00000 n 
-0000049332 00000 n 
-0000049435 00000 n 
-0000049539 00000 n 
-0000049643 00000 n 
-0000049747 00000 n 
-0000049851 00000 n 
-0000049955 00000 n 
-0000050059 00000 n 
-0000050163 00000 n 
-0000050267 00000 n 
-0000050371 00000 n 
-0000050475 00000 n 
-0000050579 00000 n 
-0000050683 00000 n 
-0000050787 00000 n 
-0000050891 00000 n 
-0000050995 00000 n 
-0000051099 00000 n 
-0000051203 00000 n 
-0000051307 00000 n 
-0000051411 00000 n 
-0000051515 00000 n 
-0000051619 00000 n 
-0000051723 00000 n 
-0000051827 00000 n 
-0000052124 00000 n 
-0000052227 00000 n 
-0000052331 00000 n 
-0000052435 00000 n 
-0000052539 00000 n 
-0000052643 00000 n 
-0000052747 00000 n 
-0000052851 00000 n 
-0000052955 00000 n 
-0000053059 00000 n 
-0000053163 00000 n 
-0000053267 00000 n 
-0000053371 00000 n 
-0000053475 00000 n 
-0000053579 00000 n 
-0000053683 00000 n 
-0000053787 00000 n 
-0000053891 00000 n 
-0000053995 00000 n 
-0000054099 00000 n 
-0000054202 00000 n 
-0000054306 00000 n 
-0000054410 00000 n 
-0000054514 00000 n 
-0000054618 00000 n 
-0000054722 00000 n 
-0000054826 00000 n 
-0000054930 00000 n 
-0000055034 00000 n 
-0000055138 00000 n 
-0000055242 00000 n 
-0000055346 00000 n 
-0000055450 00000 n 
-0000055553 00000 n 
-0000055657 00000 n 
-0000055760 00000 n 
-0000055864 00000 n 
-0000055968 00000 n 
-0000056072 00000 n 
-0000056176 00000 n 
-0000056280 00000 n 
-0000056384 00000 n 
-0000056486 00000 n 
-0000056588 00000 n 
-0000056690 00000 n 
-0000057059 00000 n 
-0000057163 00000 n 
-0000057267 00000 n 
-0000057371 00000 n 
-0000057412 00000 n 
+0000000249 00000 n 
+0000001815 00000 n 
+0000001889 00000 n 
+0000001968 00000 n 
+0000002050 00000 n 
+0000002136 00000 n 
+0000002214 00000 n 
+0000002291 00000 n 
+0000002370 00000 n 
+0000002454 00000 n 
+0000002531 00000 n 
+0000002613 00000 n 
+0000002672 00000 n 
+0000003099 00000 n 
+0000003837 00000 n 
+0000003939 00000 n 
+0000004042 00000 n 
+0000004144 00000 n 
+0000004246 00000 n 
+0000004348 00000 n 
+0000004450 00000 n 
+0000004553 00000 n 
+0000004656 00000 n 
+0000004759 00000 n 
+0000004862 00000 n 
+0000004965 00000 n 
+0000005068 00000 n 
+0000005171 00000 n 
+0000005274 00000 n 
+0000005377 00000 n 
+0000005480 00000 n 
+0000005583 00000 n 
+0000005686 00000 n 
+0000005789 00000 n 
+0000005892 00000 n 
+0000005995 00000 n 
+0000006098 00000 n 
+0000006201 00000 n 
+0000006304 00000 n 
+0000006406 00000 n 
+0000006509 00000 n 
+0000006612 00000 n 
+0000006715 00000 n 
+0000006818 00000 n 
+0000006921 00000 n 
+0000007024 00000 n 
+0000007126 00000 n 
+0000007229 00000 n 
+0000007332 00000 n 
+0000007435 00000 n 
+0000007538 00000 n 
+0000007641 00000 n 
+0000007744 00000 n 
+0000007847 00000 n 
+0000007949 00000 n 
+0000008050 00000 n 
+0000008151 00000 n 
+0000008461 00000 n 
+0000008563 00000 n 
+0000008666 00000 n 
+0000008769 00000 n 
+0000008872 00000 n 
+0000008975 00000 n 
+0000009078 00000 n 
+0000009181 00000 n 
+0000009284 00000 n 
+0000009387 00000 n 
+0000009490 00000 n 
+0000009593 00000 n 
+0000009696 00000 n 
+0000009799 00000 n 
+0000009902 00000 n 
+0000010005 00000 n 
+0000010108 00000 n 
+0000010211 00000 n 
+0000010313 00000 n 
+0000010415 00000 n 
+0000010517 00000 n 
+0000010619 00000 n 
+0000010722 00000 n 
+0000010825 00000 n 
+0000010928 00000 n 
+0000011031 00000 n 
+0000011134 00000 n 
+0000011237 00000 n 
+0000011340 00000 n 
+0000011443 00000 n 
+0000011546 00000 n 
+0000011649 00000 n 
+0000011752 00000 n 
+0000011855 00000 n 
+0000011958 00000 n 
+0000012061 00000 n 
+0000012163 00000 n 
+0000012266 00000 n 
+0000012369 00000 n 
+0000012472 00000 n 
+0000012575 00000 n 
+0000012677 00000 n 
+0000012779 00000 n 
+0000012881 00000 n 
+0000013201 00000 n 
+0000013304 00000 n 
+0000013408 00000 n 
+0000013512 00000 n 
+0000013615 00000 n 
+0000013719 00000 n 
+0000013823 00000 n 
+0000013927 00000 n 
+0000014031 00000 n 
+0000014135 00000 n 
+0000014239 00000 n 
+0000014343 00000 n 
+0000014447 00000 n 
+0000014551 00000 n 
+0000014654 00000 n 
+0000014758 00000 n 
+0000014862 00000 n 
+0000014966 00000 n 
+0000015069 00000 n 
+0000015172 00000 n 
+0000015275 00000 n 
+0000015379 00000 n 
+0000015483 00000 n 
+0000015587 00000 n 
+0000015691 00000 n 
+0000015795 00000 n 
+0000015899 00000 n 
+0000016003 00000 n 
+0000016107 00000 n 
+0000016211 00000 n 
+0000016315 00000 n 
+0000016419 00000 n 
+0000016523 00000 n 
+0000016627 00000 n 
+0000016731 00000 n 
+0000016835 00000 n 
+0000016939 00000 n 
+0000017043 00000 n 
+0000017147 00000 n 
+0000017250 00000 n 
+0000017353 00000 n 
+0000017455 00000 n 
+0000017557 00000 n 
+0000017910 00000 n 
+0000018013 00000 n 
+0000018117 00000 n 
+0000018221 00000 n 
+0000018325 00000 n 
+0000018429 00000 n 
+0000018533 00000 n 
+0000018637 00000 n 
+0000018740 00000 n 
+0000018844 00000 n 
+0000018948 00000 n 
+0000019052 00000 n 
+0000019155 00000 n 
+0000019259 00000 n 
+0000019363 00000 n 
+0000019466 00000 n 
+0000019570 00000 n 
+0000019674 00000 n 
+0000019778 00000 n 
+0000019882 00000 n 
+0000019986 00000 n 
+0000020090 00000 n 
+0000020194 00000 n 
+0000020298 00000 n 
+0000020402 00000 n 
+0000020506 00000 n 
+0000020610 00000 n 
+0000020714 00000 n 
+0000020818 00000 n 
+0000020922 00000 n 
+0000021026 00000 n 
+0000021130 00000 n 
+0000021234 00000 n 
+0000021338 00000 n 
+0000021442 00000 n 
+0000021546 00000 n 
+0000021650 00000 n 
+0000021754 00000 n 
+0000021857 00000 n 
+0000021961 00000 n 
+0000022065 00000 n 
+0000022169 00000 n 
+0000022272 00000 n 
+0000022374 00000 n 
+0000022476 00000 n 
+0000022845 00000 n 
+0000022948 00000 n 
+0000023052 00000 n 
+0000023156 00000 n 
+0000023260 00000 n 
+0000023364 00000 n 
+0000023468 00000 n 
+0000023572 00000 n 
+0000023676 00000 n 
+0000023780 00000 n 
+0000023884 00000 n 
+0000023988 00000 n 
+0000024092 00000 n 
+0000024195 00000 n 
+0000024299 00000 n 
+0000024403 00000 n 
+0000024507 00000 n 
+0000024611 00000 n 
+0000024715 00000 n 
+0000024819 00000 n 
+0000024923 00000 n 
+0000025027 00000 n 
+0000025131 00000 n 
+0000025235 00000 n 
+0000025339 00000 n 
+0000025443 00000 n 
+0000025546 00000 n 
+0000025650 00000 n 
+0000025754 00000 n 
+0000025858 00000 n 
+0000025962 00000 n 
+0000026066 00000 n 
+0000026170 00000 n 
+0000026274 00000 n 
+0000026378 00000 n 
+0000026481 00000 n 
+0000026585 00000 n 
+0000026689 00000 n 
+0000026793 00000 n 
+0000026897 00000 n 
+0000027000 00000 n 
+0000027102 00000 n 
+0000027204 00000 n 
+0000027306 00000 n 
+0000027667 00000 n 
+0000027770 00000 n 
+0000027874 00000 n 
+0000027978 00000 n 
+0000028082 00000 n 
+0000028186 00000 n 
+0000028290 00000 n 
+0000028394 00000 n 
+0000028498 00000 n 
+0000028602 00000 n 
+0000028705 00000 n 
+0000028809 00000 n 
+0000028913 00000 n 
+0000029017 00000 n 
+0000029121 00000 n 
+0000029225 00000 n 
+0000029329 00000 n 
+0000029433 00000 n 
+0000029536 00000 n 
+0000029639 00000 n 
+0000029743 00000 n 
+0000029847 00000 n 
+0000029951 00000 n 
+0000030055 00000 n 
+0000030158 00000 n 
+0000030262 00000 n 
+0000030366 00000 n 
+0000030470 00000 n 
+0000030574 00000 n 
+0000030678 00000 n 
+0000030782 00000 n 
+0000030886 00000 n 
+0000030990 00000 n 
+0000031094 00000 n 
+0000031198 00000 n 
+0000031302 00000 n 
+0000031406 00000 n 
+0000031510 00000 n 
+0000031613 00000 n 
+0000031717 00000 n 
+0000031821 00000 n 
+0000031924 00000 n 
+0000032026 00000 n 
+0000032128 00000 n 
+0000032489 00000 n 
+0000032592 00000 n 
+0000032696 00000 n 
+0000032799 00000 n 
+0000032903 00000 n 
+0000033007 00000 n 
+0000033111 00000 n 
+0000033215 00000 n 
+0000033319 00000 n 
+0000033423 00000 n 
+0000033527 00000 n 
+0000033631 00000 n 
+0000033735 00000 n 
+0000033839 00000 n 
+0000033943 00000 n 
+0000034047 00000 n 
+0000034151 00000 n 
+0000034255 00000 n 
+0000034359 00000 n 
+0000034520 00000 n 
+0000034573 00000 n 
+0000034660 00000 n 
+0000034714 00000 n 
+0000034800 00000 n 
+0000034855 00000 n 
+0000034942 00000 n 
+0000035009 00000 n 
+0000035095 00000 n 
+0000035198 00000 n 
+0000035302 00000 n 
+0000035406 00000 n 
+0000035510 00000 n 
+0000035614 00000 n 
+0000035718 00000 n 
+0000035822 00000 n 
+0000035926 00000 n 
+0000036030 00000 n 
+0000036134 00000 n 
+0000036238 00000 n 
+0000036342 00000 n 
+0000036446 00000 n 
+0000036550 00000 n 
+0000036654 00000 n 
+0000036758 00000 n 
+0000036862 00000 n 
+0000036966 00000 n 
+0000037070 00000 n 
+0000037174 00000 n 
+0000037278 00000 n 
+0000037382 00000 n 
+0000037486 00000 n 
+0000037590 00000 n 
+0000037694 00000 n 
+0000037798 00000 n 
+0000037902 00000 n 
+0000038006 00000 n 
+0000038109 00000 n 
+0000038213 00000 n 
+0000038317 00000 n 
+0000038420 00000 n 
+0000038522 00000 n 
+0000038624 00000 n 
+0000038945 00000 n 
+0000039049 00000 n 
+0000039153 00000 n 
+0000039257 00000 n 
+0000039361 00000 n 
+0000039465 00000 n 
+0000039569 00000 n 
+0000039673 00000 n 
+0000039777 00000 n 
+0000039881 00000 n 
+0000039985 00000 n 
+0000040089 00000 n 
+0000040193 00000 n 
+0000040297 00000 n 
+0000040401 00000 n 
+0000040505 00000 n 
+0000040609 00000 n 
+0000040713 00000 n 
+0000040817 00000 n 
+0000040921 00000 n 
+0000041025 00000 n 
+0000041129 00000 n 
+0000041233 00000 n 
+0000041337 00000 n 
+0000041441 00000 n 
+0000041545 00000 n 
+0000041648 00000 n 
+0000041752 00000 n 
+0000041856 00000 n 
+0000041960 00000 n 
+0000042064 00000 n 
+0000042168 00000 n 
+0000042272 00000 n 
+0000042376 00000 n 
+0000042480 00000 n 
+0000042584 00000 n 
+0000042688 00000 n 
+0000042792 00000 n 
+0000042896 00000 n 
+0000043000 00000 n 
+0000043104 00000 n 
+0000043208 00000 n 
+0000043312 00000 n 
+0000043416 00000 n 
+0000043520 00000 n 
+0000043624 00000 n 
+0000043728 00000 n 
+0000043832 00000 n 
+0000043936 00000 n 
+0000044039 00000 n 
+0000044141 00000 n 
+0000044243 00000 n 
+0000044668 00000 n 
+0000044772 00000 n 
+0000044876 00000 n 
+0000044980 00000 n 
+0000045084 00000 n 
+0000045188 00000 n 
+0000045292 00000 n 
+0000045396 00000 n 
+0000045500 00000 n 
+0000045604 00000 n 
+0000045708 00000 n 
+0000045812 00000 n 
+0000045916 00000 n 
+0000046020 00000 n 
+0000046124 00000 n 
+0000046228 00000 n 
+0000046332 00000 n 
+0000046436 00000 n 
+0000046540 00000 n 
+0000046644 00000 n 
+0000046748 00000 n 
+0000046852 00000 n 
+0000046956 00000 n 
+0000047060 00000 n 
+0000047164 00000 n 
+0000047268 00000 n 
+0000047372 00000 n 
+0000047476 00000 n 
+0000047580 00000 n 
+0000047684 00000 n 
+0000047788 00000 n 
+0000047892 00000 n 
+0000047996 00000 n 
+0000048100 00000 n 
+0000048204 00000 n 
+0000048308 00000 n 
+0000048412 00000 n 
+0000048516 00000 n 
+0000048620 00000 n 
+0000048724 00000 n 
+0000048828 00000 n 
+0000048932 00000 n 
+0000049036 00000 n 
+0000049140 00000 n 
+0000049244 00000 n 
+0000049348 00000 n 
+0000049451 00000 n 
+0000049555 00000 n 
+0000049659 00000 n 
+0000049762 00000 n 
+0000049864 00000 n 
+0000049966 00000 n 
+0000050391 00000 n 
+0000050495 00000 n 
+0000050599 00000 n 
+0000050703 00000 n 
+0000050807 00000 n 
+0000050911 00000 n 
+0000051015 00000 n 
+0000051119 00000 n 
+0000051223 00000 n 
+0000051327 00000 n 
+0000051431 00000 n 
+0000051535 00000 n 
+0000051639 00000 n 
+0000051743 00000 n 
+0000051847 00000 n 
+0000051951 00000 n 
+0000052055 00000 n 
+0000052159 00000 n 
+0000052263 00000 n 
+0000052424 00000 n 
+0000052527 00000 n 
+0000052631 00000 n 
+0000052735 00000 n 
+0000052839 00000 n 
+0000052943 00000 n 
+0000053047 00000 n 
+0000053151 00000 n 
+0000053255 00000 n 
+0000053359 00000 n 
+0000053463 00000 n 
+0000053567 00000 n 
+0000053671 00000 n 
+0000053775 00000 n 
+0000053879 00000 n 
+0000053983 00000 n 
+0000054087 00000 n 
+0000054191 00000 n 
+0000054295 00000 n 
+0000054399 00000 n 
+0000054502 00000 n 
+0000054606 00000 n 
+0000054710 00000 n 
+0000054814 00000 n 
+0000054918 00000 n 
+0000055022 00000 n 
+0000055126 00000 n 
+0000055229 00000 n 
+0000055333 00000 n 
+0000055437 00000 n 
+0000055541 00000 n 
+0000055645 00000 n 
+0000055749 00000 n 
+0000055853 00000 n 
+0000055957 00000 n 
+0000056061 00000 n 
+0000056165 00000 n 
+0000056269 00000 n 
+0000056373 00000 n 
+0000056477 00000 n 
+0000056581 00000 n 
+0000056685 00000 n 
+0000056788 00000 n 
+0000056890 00000 n 
+0000056992 00000 n 
+0000057361 00000 n 
 0000057465 00000 n 
-0000057552 00000 n 
-0000057577 00000 n 
-0000057624 00000 n 
-0000057711 00000 n 
-0000057736 00000 n 
-0000057839 00000 n 
-0000057943 00000 n 
-0000058047 00000 n 
-0000058151 00000 n 
-0000058255 00000 n 
-0000058359 00000 n 
-0000058463 00000 n 
-0000058567 00000 n 
-0000058671 00000 n 
-0000058775 00000 n 
-0000058879 00000 n 
-0000058983 00000 n 
-0000059087 00000 n 
-0000059191 00000 n 
-0000059295 00000 n 
-0000059398 00000 n 
-0000059502 00000 n 
-0000059606 00000 n 
-0000059710 00000 n 
-0000059814 00000 n 
-0000059918 00000 n 
-0000060022 00000 n 
-0000060126 00000 n 
-0000060230 00000 n 
-0000060333 00000 n 
-0000060437 00000 n 
+0000057569 00000 n 
+0000057673 00000 n 
+0000057777 00000 n 
+0000057881 00000 n 
+0000057985 00000 n 
+0000058089 00000 n 
+0000058193 00000 n 
+0000058297 00000 n 
+0000058386 00000 n 
+0000058439 00000 n 
+0000058526 00000 n 
+0000058551 00000 n 
+0000058598 00000 n 
+0000058685 00000 n 
+0000058710 00000 n 
+0000058766 00000 n 
+0000058853 00000 n 
+0000058922 00000 n 
+0000059009 00000 n 
+0000059060 00000 n 
+0000059147 00000 n 
+0000059232 00000 n 
+0000059319 00000 n 
+0000059375 00000 n 
+0000059462 00000 n 
+0000059512 00000 n 
+0000059599 00000 n 
+0000059664 00000 n 
+0000059716 00000 n 
+0000059803 00000 n 
+0000059859 00000 n 
+0000059946 00000 n 
+0000059994 00000 n 
+0000060081 00000 n 
+0000060122 00000 n 
+0000060170 00000 n 
+0000060257 00000 n 
+0000060282 00000 n 
+0000060323 00000 n 
+0000060410 00000 n 
+0000060454 00000 n 
 0000060541 00000 n 
-0000060645 00000 n 
-0000060749 00000 n 
-0000060853 00000 n 
-0000060957 00000 n 
-0000061061 00000 n 
-0000061165 00000 n 
-0000061269 00000 n 
-0000061372 00000 n 
-0000061476 00000 n 
-0000061580 00000 n 
-0000061684 00000 n 
-0000062005 00000 n 
-0000062053 00000 n 
-0000062140 00000 n 
-0000062188 00000 n 
-0000062275 00000 n 
-0000062325 00000 n 
-0000062412 00000 n 
-0000062460 00000 n 
-0000062547 00000 n 
-0000062596 00000 n 
-0000062644 00000 n 
-0000062731 00000 n 
-0000062779 00000 n 
-0000062864 00000 n 
-0000062909 00000 n 
-0000062995 00000 n 
-0000063038 00000 n 
-0000063124 00000 n 
-0000063165 00000 n 
-0000063251 00000 n 
-0000063300 00000 n 
-0000063386 00000 n 
-0000063432 00000 n 
-0000063518 00000 n 
-0000063563 00000 n 
-0000063649 00000 n 
-0000063701 00000 n 
-0000063787 00000 n 
-0000063837 00000 n 
-0000063923 00000 n 
-0000063969 00000 n 
-0000064055 00000 n 
-0000064098 00000 n 
-0000064184 00000 n 
-0000064228 00000 n 
-0000064314 00000 n 
-0000064357 00000 n 
-0000064443 00000 n 
-0000064488 00000 n 
-0000064574 00000 n 
-0000064612 00000 n 
-0000064698 00000 n 
-0000064740 00000 n 
-0000064826 00000 n 
-0000064869 00000 n 
-0000064955 00000 n 
-0000064993 00000 n 
-0000065079 00000 n 
-0000065121 00000 n 
-0000065207 00000 n 
-0000065251 00000 n 
-0000065337 00000 n 
-0000065384 00000 n 
-0000065470 00000 n 
-0000065518 00000 n 
-0000065603 00000 n 
-0000065804 00000 n 
-0000065854 00000 n 
-0000065941 00000 n 
-0000065991 00000 n 
-0000066077 00000 n 
-0000066110 00000 n 
-0000066159 00000 n 
-0000066245 00000 n 
-0000066292 00000 n 
-0000066379 00000 n 
-0000066412 00000 n 
-0000066527 00000 n 
-0000066614 00000 n 
-0000066696 00000 n 
-0000066783 00000 n 
-0000066868 00000 n 
-0000066955 00000 n 
-0000066996 00000 n 
-0000067051 00000 n 
-0000067138 00000 n 
-0000067194 00000 n 
-0000067281 00000 n 
-0000067314 00000 n 
-0000067362 00000 n 
-0000067449 00000 n 
-0000067523 00000 n 
-0000067610 00000 n 
-0000067678 00000 n 
-0000067765 00000 n 
-0000067819 00000 n 
-0000067906 00000 n 
-0000067974 00000 n 
-0000068061 00000 n 
-0000068135 00000 n 
-0000068222 00000 n 
-0000068270 00000 n 
-0000068357 00000 n 
-0000068414 00000 n 
-0000068501 00000 n 
-0000068582 00000 n 
-0000068637 00000 n 
-0000068724 00000 n 
-0000068805 00000 n 
-0000068892 00000 n 
-0000068925 00000 n 
-0000068978 00000 n 
-0000069065 00000 n 
-0000069090 00000 n 
-0000069139 00000 n 
-0000069226 00000 n 
-0000069274 00000 n 
-0000069361 00000 n 
-0000069403 00000 n 
-0000069489 00000 n 
-0000069530 00000 n 
-0000069573 00000 n 
-0000069660 00000 n 
-0000069710 00000 n 
-0000069797 00000 n 
-0000069845 00000 n 
-0000069932 00000 n 
-0000069986 00000 n 
-0000070071 00000 n 
-0000070120 00000 n 
-0000070165 00000 n 
-0000070252 00000 n 
-0000070309 00000 n 
-0000070396 00000 n 
-0000070492 00000 n 
-0000070578 00000 n 
-0000070619 00000 n 
-0000070722 00000 n 
-0000070826 00000 n 
-0000070930 00000 n 
-0000071034 00000 n 
-0000071138 00000 n 
-0000071242 00000 n 
-0000071346 00000 n 
-0000071450 00000 n 
-0000071554 00000 n 
-0000071658 00000 n 
-0000071762 00000 n 
-0000071866 00000 n 
-0000071970 00000 n 
-0000072074 00000 n 
-0000072178 00000 n 
-0000072282 00000 n 
-0000072386 00000 n 
-0000072490 00000 n 
-0000072594 00000 n 
-0000072697 00000 n 
-0000072801 00000 n 
-0000072905 00000 n 
-0000073009 00000 n 
-0000073113 00000 n 
-0000073217 00000 n 
-0000073321 00000 n 
-0000073425 00000 n 
-0000073529 00000 n 
-0000073633 00000 n 
-0000073736 00000 n 
-0000073840 00000 n 
-0000073944 00000 n 
-0000074048 00000 n 
-0000074151 00000 n 
-0000074255 00000 n 
-0000074359 00000 n 
-0000074462 00000 n 
-0000074566 00000 n 
-0000074670 00000 n 
-0000074774 00000 n 
-0000074878 00000 n 
-0000074981 00000 n 
-0000075083 00000 n 
-0000075185 00000 n 
-0000075554 00000 n 
-0000075658 00000 n 
-0000075762 00000 n 
-0000075866 00000 n 
-0000075970 00000 n 
-0000076074 00000 n 
-0000076178 00000 n 
-0000076282 00000 n 
-0000076386 00000 n 
-0000076490 00000 n 
-0000076594 00000 n 
-0000076698 00000 n 
-0000076802 00000 n 
-0000076906 00000 n 
-0000077010 00000 n 
-0000077114 00000 n 
-0000077217 00000 n 
-0000077321 00000 n 
-0000077425 00000 n 
-0000077528 00000 n 
-0000077632 00000 n 
-0000077736 00000 n 
-0000077840 00000 n 
-0000077944 00000 n 
-0000078048 00000 n 
-0000078152 00000 n 
-0000078256 00000 n 
-0000078360 00000 n 
-0000078464 00000 n 
-0000078568 00000 n 
-0000078672 00000 n 
-0000078776 00000 n 
-0000078880 00000 n 
-0000078984 00000 n 
-0000079088 00000 n 
-0000079192 00000 n 
-0000079295 00000 n 
-0000079399 00000 n 
-0000079503 00000 n 
-0000079607 00000 n 
-0000079711 00000 n 
-0000079814 00000 n 
-0000079918 00000 n 
-0000080022 00000 n 
-0000080125 00000 n 
-0000080229 00000 n 
-0000080333 00000 n 
-0000080437 00000 n 
-0000080541 00000 n 
-0000080644 00000 n 
-0000080746 00000 n 
-0000080848 00000 n 
-0000081273 00000 n 
-0000081377 00000 n 
-0000081481 00000 n 
-0000081585 00000 n 
-0000081689 00000 n 
-0000081793 00000 n 
-0000081896 00000 n 
-0000082000 00000 n 
-0000082104 00000 n 
-0000082208 00000 n 
-0000082312 00000 n 
-0000082415 00000 n 
-0000082518 00000 n 
-0000082622 00000 n 
-0000082726 00000 n 
-0000082830 00000 n 
-0000082934 00000 n 
-0000083038 00000 n 
-0000083142 00000 n 
-0000083246 00000 n 
-0000083350 00000 n 
-0000083454 00000 n 
-0000083558 00000 n 
-0000083662 00000 n 
-0000083766 00000 n 
-0000083870 00000 n 
-0000083974 00000 n 
-0000084078 00000 n 
-0000084182 00000 n 
-0000084286 00000 n 
-0000084390 00000 n 
-0000084494 00000 n 
-0000084598 00000 n 
-0000084871 00000 n 
-0000084919 00000 n 
-0000085006 00000 n 
-0000085053 00000 n 
-0000085139 00000 n 
-0000085186 00000 n 
-0000085272 00000 n 
-0000085313 00000 n 
-0000085358 00000 n 
-0000085445 00000 n 
-0000085490 00000 n 
-0000085576 00000 n 
-0000085609 00000 n 
-0000085655 00000 n 
-0000085742 00000 n 
-0000085767 00000 n 
-0000085813 00000 n 
-0000085900 00000 n 
-0000085946 00000 n 
-0000086031 00000 n 
-0000086075 00000 n 
-0000086162 00000 n 
-0000086213 00000 n 
-0000086300 00000 n 
-0000086349 00000 n 
-0000086436 00000 n 
-0000086484 00000 n 
-0000086570 00000 n 
-0000086635 00000 n 
-0000086690 00000 n 
-0000086776 00000 n 
-0000086801 00000 n 
-0000086854 00000 n 
-0000086941 00000 n 
-0000086991 00000 n 
-0000087078 00000 n 
-0000087111 00000 n 
-0000087230 00000 n 
-0000087316 00000 n 
-0000087359 00000 n 
-0000087446 00000 n 
-0000087489 00000 n 
-0000087576 00000 n 
-0000087617 00000 n 
-0000087680 00000 n 
-0000087767 00000 n 
-0000087825 00000 n 
-0000087912 00000 n 
-0000088006 00000 n 
-0000088092 00000 n 
-0000088133 00000 n 
-0000088176 00000 n 
+0000060586 00000 n 
+0000060673 00000 n 
+0000060717 00000 n 
+0000060804 00000 n 
+0000060848 00000 n 
+0000060935 00000 n 
+0000060977 00000 n 
+0000061064 00000 n 
+0000061112 00000 n 
+0000061199 00000 n 
+0000061272 00000 n 
+0000061320 00000 n 
+0000061406 00000 n 
+0000061431 00000 n 
+0000061484 00000 n 
+0000061570 00000 n 
+0000061595 00000 n 
+0000061698 00000 n 
+0000061801 00000 n 
+0000061905 00000 n 
+0000062009 00000 n 
+0000062113 00000 n 
+0000062217 00000 n 
+0000062321 00000 n 
+0000062425 00000 n 
+0000062529 00000 n 
+0000062633 00000 n 
+0000062737 00000 n 
+0000062841 00000 n 
+0000062945 00000 n 
+0000063049 00000 n 
+0000063153 00000 n 
+0000063257 00000 n 
+0000063360 00000 n 
+0000063464 00000 n 
+0000063568 00000 n 
+0000063672 00000 n 
+0000063776 00000 n 
+0000063880 00000 n 
+0000063984 00000 n 
+0000064088 00000 n 
+0000064192 00000 n 
+0000064296 00000 n 
+0000064399 00000 n 
+0000064503 00000 n 
+0000064607 00000 n 
+0000064711 00000 n 
+0000064815 00000 n 
+0000064919 00000 n 
+0000065023 00000 n 
+0000065127 00000 n 
+0000065231 00000 n 
+0000065335 00000 n 
+0000065438 00000 n 
+0000065542 00000 n 
+0000065646 00000 n 
+0000065750 00000 n 
+0000066087 00000 n 
+0000066135 00000 n 
+0000066222 00000 n 
+0000066270 00000 n 
+0000066357 00000 n 
+0000066407 00000 n 
+0000066494 00000 n 
+0000066542 00000 n 
+0000066629 00000 n 
+0000066678 00000 n 
+0000066726 00000 n 
+0000066813 00000 n 
+0000066861 00000 n 
+0000066946 00000 n 
+0000066991 00000 n 
+0000067077 00000 n 
+0000067120 00000 n 
+0000067206 00000 n 
+0000067247 00000 n 
+0000067333 00000 n 
+0000067382 00000 n 
+0000067468 00000 n 
+0000067514 00000 n 
+0000067600 00000 n 
+0000067645 00000 n 
+0000067731 00000 n 
+0000067783 00000 n 
+0000067869 00000 n 
+0000067919 00000 n 
+0000068005 00000 n 
+0000068051 00000 n 
+0000068137 00000 n 
+0000068180 00000 n 
+0000068266 00000 n 
+0000068310 00000 n 
+0000068396 00000 n 
+0000068439 00000 n 
+0000068525 00000 n 
+0000068570 00000 n 
+0000068656 00000 n 
+0000068694 00000 n 
+0000068780 00000 n 
+0000068822 00000 n 
+0000068908 00000 n 
+0000068951 00000 n 
+0000069037 00000 n 
+0000069075 00000 n 
+0000069161 00000 n 
+0000069203 00000 n 
+0000069289 00000 n 
+0000069333 00000 n 
+0000069419 00000 n 
+0000069466 00000 n 
+0000069552 00000 n 
+0000069600 00000 n 
+0000069685 00000 n 
+0000069886 00000 n 
+0000069936 00000 n 
+0000070023 00000 n 
+0000070073 00000 n 
+0000070159 00000 n 
+0000070192 00000 n 
+0000070241 00000 n 
+0000070327 00000 n 
+0000070374 00000 n 
+0000070461 00000 n 
+0000070494 00000 n 
+0000070609 00000 n 
+0000070696 00000 n 
+0000070778 00000 n 
+0000070865 00000 n 
+0000070950 00000 n 
+0000071037 00000 n 
+0000071078 00000 n 
+0000071133 00000 n 
+0000071220 00000 n 
+0000071276 00000 n 
+0000071363 00000 n 
+0000071396 00000 n 
+0000071444 00000 n 
+0000071531 00000 n 
+0000071605 00000 n 
+0000071692 00000 n 
+0000071760 00000 n 
+0000071847 00000 n 
+0000071901 00000 n 
+0000071988 00000 n 
+0000072056 00000 n 
+0000072143 00000 n 
+0000072217 00000 n 
+0000072304 00000 n 
+0000072352 00000 n 
+0000072439 00000 n 
+0000072496 00000 n 
+0000072583 00000 n 
+0000072664 00000 n 
+0000072719 00000 n 
+0000072806 00000 n 
+0000072887 00000 n 
+0000072974 00000 n 
+0000073007 00000 n 
+0000073060 00000 n 
+0000073147 00000 n 
+0000073172 00000 n 
+0000073220 00000 n 
+0000073307 00000 n 
+0000073349 00000 n 
+0000073436 00000 n 
+0000073479 00000 n 
+0000073566 00000 n 
+0000073616 00000 n 
+0000073703 00000 n 
+0000073751 00000 n 
+0000073838 00000 n 
+0000073895 00000 n 
+0000073938 00000 n 
+0000074025 00000 n 
+0000074079 00000 n 
+0000074166 00000 n 
+0000074211 00000 n 
+0000074298 00000 n 
+0000074339 00000 n 
+0000074396 00000 n 
+0000074483 00000 n 
+0000074579 00000 n 
+0000074665 00000 n 
+0000074698 00000 n 
+0000074801 00000 n 
+0000074905 00000 n 
+0000075009 00000 n 
+0000075113 00000 n 
+0000075217 00000 n 
+0000075321 00000 n 
+0000075425 00000 n 
+0000075529 00000 n 
+0000075633 00000 n 
+0000075737 00000 n 
+0000075841 00000 n 
+0000075945 00000 n 
+0000076049 00000 n 
+0000076153 00000 n 
+0000076257 00000 n 
+0000076361 00000 n 
+0000076465 00000 n 
+0000076569 00000 n 
+0000076673 00000 n 
+0000076776 00000 n 
+0000076880 00000 n 
+0000076984 00000 n 
+0000077088 00000 n 
+0000077192 00000 n 
+0000077296 00000 n 
+0000077400 00000 n 
+0000077504 00000 n 
+0000077608 00000 n 
+0000077712 00000 n 
+0000077815 00000 n 
+0000077919 00000 n 
+0000078023 00000 n 
+0000078127 00000 n 
+0000078230 00000 n 
+0000078334 00000 n 
+0000078438 00000 n 
+0000078541 00000 n 
+0000078645 00000 n 
+0000078749 00000 n 
+0000078853 00000 n 
+0000078957 00000 n 
+0000079060 00000 n 
+0000079162 00000 n 
+0000079264 00000 n 
+0000079633 00000 n 
+0000079737 00000 n 
+0000079841 00000 n 
+0000079945 00000 n 
+0000080049 00000 n 
+0000080153 00000 n 
+0000080257 00000 n 
+0000080361 00000 n 
+0000080465 00000 n 
+0000080569 00000 n 
+0000080673 00000 n 
+0000080777 00000 n 
+0000080881 00000 n 
+0000080985 00000 n 
+0000081089 00000 n 
+0000081193 00000 n 
+0000081296 00000 n 
+0000081400 00000 n 
+0000081504 00000 n 
+0000081608 00000 n 
+0000081712 00000 n 
+0000081816 00000 n 
+0000081920 00000 n 
+0000082024 00000 n 
+0000082128 00000 n 
+0000082232 00000 n 
+0000082336 00000 n 
+0000082440 00000 n 
+0000082544 00000 n 
+0000082648 00000 n 
+0000082752 00000 n 
+0000082856 00000 n 
+0000082960 00000 n 
+0000083064 00000 n 
+0000083167 00000 n 
+0000083271 00000 n 
+0000083375 00000 n 
+0000083479 00000 n 
+0000083583 00000 n 
+0000083687 00000 n 
+0000083791 00000 n 
+0000083895 00000 n 
+0000083999 00000 n 
+0000084103 00000 n 
+0000084207 00000 n 
+0000084311 00000 n 
+0000084415 00000 n 
+0000084518 00000 n 
+0000084622 00000 n 
+0000084725 00000 n 
+0000084827 00000 n 
+0000084929 00000 n 
+0000085354 00000 n 
+0000085458 00000 n 
+0000085562 00000 n 
+0000085666 00000 n 
+0000085770 00000 n 
+0000085873 00000 n 
+0000085977 00000 n 
+0000086081 00000 n 
+0000086185 00000 n 
+0000086289 00000 n 
+0000086392 00000 n 
+0000086495 00000 n 
+0000086599 00000 n 
+0000086703 00000 n 
+0000086807 00000 n 
+0000086911 00000 n 
+0000087015 00000 n 
+0000087119 00000 n 
+0000087223 00000 n 
+0000087327 00000 n 
+0000087431 00000 n 
+0000087535 00000 n 
+0000087638 00000 n 
+0000087742 00000 n 
+0000087846 00000 n 
+0000087950 00000 n 
+0000088054 00000 n 
+0000088158 00000 n 
 0000088262 00000 n 
-0000088310 00000 n 
-0000088397 00000 n 
-0000088438 00000 n 
-0000088525 00000 n 
-0000088569 00000 n 
-0000088656 00000 n 
-0000088700 00000 n 
-0000088786 00000 n 
-0000088843 00000 n 
-0000088889 00000 n 
-0000088976 00000 n 
-0000089025 00000 n 
-0000089111 00000 n 
-0000089144 00000 n 
-0000089198 00000 n 
-0000089285 00000 n 
-0000089336 00000 n 
-0000089423 00000 n 
-0000089474 00000 n 
-0000089560 00000 n 
-0000089614 00000 n 
-0000089701 00000 n 
-0000089751 00000 n 
-0000089838 00000 n 
-0000089895 00000 n 
-0000089945 00000 n 
-0000090032 00000 n 
-0000090082 00000 n 
-0000090168 00000 n 
-0000090201 00000 n 
-0000090265 00000 n 
-0000090352 00000 n 
-0000090377 00000 n 
-0000090419 00000 n 
-0000090505 00000 n 
-0000090556 00000 n 
-0000090643 00000 n 
-0000090690 00000 n 
-0000090777 00000 n 
-0000090818 00000 n 
-0000090880 00000 n 
-0000090967 00000 n 
-0000090992 00000 n 
-0000091041 00000 n 
-0000091128 00000 n 
-0000091153 00000 n 
-0000091201 00000 n 
-0000091288 00000 n 
-0000091338 00000 n 
+0000088366 00000 n 
+0000088615 00000 n 
+0000088663 00000 n 
+0000088750 00000 n 
+0000088797 00000 n 
+0000088883 00000 n 
+0000088930 00000 n 
+0000089016 00000 n 
+0000089057 00000 n 
+0000089102 00000 n 
+0000089189 00000 n 
+0000089234 00000 n 
+0000089320 00000 n 
+0000089353 00000 n 
+0000089399 00000 n 
+0000089484 00000 n 
+0000089530 00000 n 
+0000089613 00000 n 
+0000089646 00000 n 
+0000089690 00000 n 
+0000089777 00000 n 
+0000089828 00000 n 
+0000089915 00000 n 
+0000089964 00000 n 
+0000090051 00000 n 
+0000090099 00000 n 
+0000090185 00000 n 
+0000090234 00000 n 
+0000090289 00000 n 
+0000090375 00000 n 
+0000090400 00000 n 
+0000090453 00000 n 
+0000090540 00000 n 
+0000090590 00000 n 
+0000090677 00000 n 
+0000090710 00000 n 
+0000090829 00000 n 
+0000090915 00000 n 
+0000090958 00000 n 
+0000091045 00000 n 
+0000091088 00000 n 
+0000091175 00000 n 
+0000091216 00000 n 
+0000091279 00000 n 
+0000091366 00000 n 
 0000091424 00000 n 
-0000091468 00000 n 
-0000091554 00000 n 
-0000091598 00000 n 
-0000091684 00000 n 
-0000091734 00000 n 
-0000091820 00000 n 
-0000091870 00000 n 
-0000091955 00000 n 
-0000092004 00000 n 
-0000092088 00000 n 
-0000092135 00000 n 
-0000092219 00000 n 
-0000092300 00000 n 
-0000092356 00000 n 
-0000092443 00000 n 
-0000092512 00000 n 
-0000092599 00000 n 
-0000092650 00000 n 
-0000092737 00000 n 
-0000092824 00000 n 
-0000092911 00000 n 
-0000092967 00000 n 
-0000093054 00000 n 
-0000093104 00000 n 
-0000093191 00000 n 
-0000093256 00000 n 
-0000093308 00000 n 
-0000093395 00000 n 
-0000093451 00000 n 
-0000093538 00000 n 
-0000093586 00000 n 
-0000093673 00000 n 
-0000093721 00000 n 
-0000093808 00000 n 
-0000093857 00000 n 
-0000093898 00000 n 
-0000093983 00000 n 
-0000094008 00000 n 
-0000094052 00000 n 
-0000094139 00000 n 
-0000094184 00000 n 
-0000094271 00000 n 
-0000094315 00000 n 
-0000094402 00000 n 
-0000094446 00000 n 
-0000094533 00000 n 
-0000094575 00000 n 
-0000094662 00000 n 
-0000094710 00000 n 
-0000094797 00000 n 
-0000094862 00000 n 
-0000094910 00000 n 
-0000094996 00000 n 
-0000095021 00000 n 
-0000095074 00000 n 
-0000095160 00000 n 
-0000095185 00000 n 
-0000095239 00000 n 
-0000095326 00000 n 
-0000095351 00000 n 
-0000095414 00000 n 
-0000095501 00000 n 
-0000095564 00000 n 
-0000095651 00000 n 
-0000095705 00000 n 
-0000095792 00000 n 
-0000095833 00000 n 
-0000095936 00000 n 
-0000096040 00000 n 
-0000096144 00000 n 
-0000096248 00000 n 
-0000096352 00000 n 
-0000096455 00000 n 
-0000096559 00000 n 
-0000096663 00000 n 
-0000096767 00000 n 
-0000096871 00000 n 
-0000096975 00000 n 
-0000097079 00000 n 
-0000097184 00000 n 
-0000097289 00000 n 
-0000097394 00000 n 
-0000097499 00000 n 
-0000097604 00000 n 
-0000097709 00000 n 
-0000097814 00000 n 
-0000097918 00000 n 
-0000098023 00000 n 
-0000098128 00000 n 
-0000098233 00000 n 
-0000098338 00000 n 
-0000098443 00000 n 
-0000098548 00000 n 
-0000098652 00000 n 
-0000098757 00000 n 
-0000098862 00000 n 
-0000098967 00000 n 
-0000099072 00000 n 
-0000099177 00000 n 
-0000099282 00000 n 
-0000099387 00000 n 
-0000099492 00000 n 
-0000099597 00000 n 
-0000099702 00000 n 
-0000099807 00000 n 
-0000099912 00000 n 
-0000100017 00000 n 
-0000100122 00000 n 
-0000100227 00000 n 
-0000100611 00000 n 
-0000100667 00000 n 
-0000100755 00000 n 
-0000100824 00000 n 
-0000100912 00000 n 
-0000100988 00000 n 
-0000101077 00000 n 
-0000101148 00000 n 
-0000101236 00000 n 
-0000101316 00000 n 
-0000101405 00000 n 
-0000101468 00000 n 
-0000101551 00000 n 
-0000101639 00000 n 
-0000101715 00000 n 
-0000101804 00000 n 
-0000101878 00000 n 
-0000101967 00000 n 
-0000102046 00000 n 
-0000102135 00000 n 
-0000102189 00000 n 
-0000102238 00000 n 
-0000102327 00000 n 
-0000102354 00000 n 
-0000102403 00000 n 
-0000102492 00000 n 
-0000102519 00000 n 
-0000102568 00000 n 
-0000102657 00000 n 
-0000102722 00000 n 
-0000102811 00000 n 
-0000102867 00000 n 
-0000102956 00000 n 
-0000103004 00000 n 
-0000103093 00000 n 
-0000103147 00000 n 
-0000103202 00000 n 
-0000103291 00000 n 
-0000103346 00000 n 
-0000103435 00000 n 
-0000103471 00000 n 
-0000103507 00000 n 
-0000103543 00000 n 
-0000108581 00000 n 
-0000108626 00000 n 
-0000108671 00000 n 
-0000108716 00000 n 
-0000108761 00000 n 
-0000108806 00000 n 
-0000108851 00000 n 
-0000108896 00000 n 
-0000108941 00000 n 
-0000108986 00000 n 
-0000109031 00000 n 
-0000109076 00000 n 
-0000109121 00000 n 
-0000109166 00000 n 
-0000109211 00000 n 
-0000109256 00000 n 
-0000109301 00000 n 
-0000109346 00000 n 
-0000109391 00000 n 
-0000109436 00000 n 
-0000109481 00000 n 
-0000109526 00000 n 
-0000109571 00000 n 
-0000109616 00000 n 
-0000109661 00000 n 
-0000109706 00000 n 
-0000109751 00000 n 
-0000109796 00000 n 
-0000109841 00000 n 
-0000109886 00000 n 
-0000109931 00000 n 
-0000109976 00000 n 
-0000110021 00000 n 
-0000110066 00000 n 
-0000110111 00000 n 
-0000110156 00000 n 
-0000110201 00000 n 
-0000110246 00000 n 
-0000110291 00000 n 
-0000110336 00000 n 
-0000110381 00000 n 
-0000110426 00000 n 
-0000110471 00000 n 
-0000110516 00000 n 
-0000110561 00000 n 
-0000110606 00000 n 
-0000110651 00000 n 
-0000110696 00000 n 
-0000110741 00000 n 
-0000110786 00000 n 
-0000110831 00000 n 
-0000110876 00000 n 
-0000110921 00000 n 
-0000110966 00000 n 
-0000111011 00000 n 
-0000111056 00000 n 
-0000111101 00000 n 
-0000111146 00000 n 
-0000111191 00000 n 
-0000111236 00000 n 
-0000111281 00000 n 
-0000111326 00000 n 
-0000111371 00000 n 
-0000111416 00000 n 
-0000111461 00000 n 
-0000111506 00000 n 
-0000111551 00000 n 
-0000111596 00000 n 
-0000111641 00000 n 
-0000111686 00000 n 
-0000111731 00000 n 
-0000111776 00000 n 
-0000111821 00000 n 
-0000111866 00000 n 
-0000111911 00000 n 
-0000111956 00000 n 
-0000112001 00000 n 
-0000112046 00000 n 
-0000112091 00000 n 
-0000112136 00000 n 
-0000112181 00000 n 
-0000112226 00000 n 
-0000112271 00000 n 
-0000112316 00000 n 
-0000112361 00000 n 
-0000112406 00000 n 
-0000112451 00000 n 
-0000112496 00000 n 
-0000112541 00000 n 
-0000112586 00000 n 
-0000112631 00000 n 
-0000112676 00000 n 
-0000112721 00000 n 
-0000112766 00000 n 
-0000112811 00000 n 
-0000112856 00000 n 
-0000112901 00000 n 
-0000112946 00000 n 
-0000112991 00000 n 
-0000113036 00000 n 
-0000113081 00000 n 
-0000113126 00000 n 
-0000113171 00000 n 
-0000113216 00000 n 
-0000113261 00000 n 
-0000113306 00000 n 
-0000113351 00000 n 
-0000113396 00000 n 
-0000113441 00000 n 
-0000113486 00000 n 
-0000113531 00000 n 
-0000113576 00000 n 
-0000113621 00000 n 
-0000113666 00000 n 
-0000113711 00000 n 
-0000113756 00000 n 
-0000113801 00000 n 
-0000113846 00000 n 
-0000113891 00000 n 
-0000113936 00000 n 
-0000113981 00000 n 
-0000114026 00000 n 
-0000114071 00000 n 
-0000114116 00000 n 
-0000114161 00000 n 
-0000114206 00000 n 
-0000114251 00000 n 
-0000114296 00000 n 
-0000114341 00000 n 
-0000114386 00000 n 
-0000114431 00000 n 
-0000114476 00000 n 
-0000114521 00000 n 
-0000114566 00000 n 
-0000114611 00000 n 
-0000114656 00000 n 
-0000114701 00000 n 
-0000114746 00000 n 
-0000114791 00000 n 
-0000114836 00000 n 
-0000114881 00000 n 
-0000114926 00000 n 
-0000114971 00000 n 
-0000115016 00000 n 
-0000115061 00000 n 
-0000115106 00000 n 
-0000115151 00000 n 
-0000115196 00000 n 
-0000115241 00000 n 
-0000115286 00000 n 
-0000115331 00000 n 
-0000115376 00000 n 
-0000115421 00000 n 
-0000115466 00000 n 
-0000115511 00000 n 
-0000115556 00000 n 
-0000115601 00000 n 
-0000115646 00000 n 
-0000115691 00000 n 
-0000115736 00000 n 
-0000115781 00000 n 
-0000115826 00000 n 
-0000115871 00000 n 
-0000115916 00000 n 
-0000115961 00000 n 
-0000116006 00000 n 
-0000116051 00000 n 
-0000116096 00000 n 
-0000116141 00000 n 
-0000116186 00000 n 
-0000116231 00000 n 
-0000116276 00000 n 
-0000116321 00000 n 
-0000116366 00000 n 
-0000116411 00000 n 
-0000116456 00000 n 
-0000116501 00000 n 
-0000116546 00000 n 
-0000116591 00000 n 
-0000116636 00000 n 
-0000116681 00000 n 
-0000116726 00000 n 
-0000116771 00000 n 
-0000116816 00000 n 
-0000116861 00000 n 
-0000116906 00000 n 
-0000116951 00000 n 
-0000116996 00000 n 
-0000117041 00000 n 
-0000117086 00000 n 
-0000117131 00000 n 
-0000117176 00000 n 
-0000117221 00000 n 
-0000117266 00000 n 
-0000117311 00000 n 
-0000117356 00000 n 
-0000117401 00000 n 
-0000117446 00000 n 
-0000117491 00000 n 
-0000117536 00000 n 
-0000117581 00000 n 
-0000117626 00000 n 
-0000117671 00000 n 
-0000117716 00000 n 
-0000117761 00000 n 
-0000117806 00000 n 
-0000117851 00000 n 
-0000117896 00000 n 
-0000117941 00000 n 
-0000117986 00000 n 
-0000118031 00000 n 
-0000118076 00000 n 
-0000118121 00000 n 
-0000118166 00000 n 
-0000118211 00000 n 
-0000118256 00000 n 
-0000118301 00000 n 
-0000118346 00000 n 
-0000118391 00000 n 
-0000118436 00000 n 
-0000118481 00000 n 
-0000118526 00000 n 
-0000118571 00000 n 
-0000118616 00000 n 
-0000118661 00000 n 
-0000118706 00000 n 
-0000118751 00000 n 
-0000118796 00000 n 
-0000118841 00000 n 
-0000118886 00000 n 
-0000118931 00000 n 
-0000118976 00000 n 
-0000119021 00000 n 
-0000119066 00000 n 
-0000119111 00000 n 
-0000119156 00000 n 
-0000119201 00000 n 
-0000119246 00000 n 
-0000119291 00000 n 
-0000119336 00000 n 
-0000119381 00000 n 
-0000119426 00000 n 
-0000119471 00000 n 
-0000119516 00000 n 
-0000119561 00000 n 
-0000119606 00000 n 
-0000119651 00000 n 
-0000119696 00000 n 
-0000119741 00000 n 
-0000119786 00000 n 
-0000119831 00000 n 
-0000119876 00000 n 
-0000119921 00000 n 
-0000119966 00000 n 
-0000120011 00000 n 
-0000120056 00000 n 
-0000120101 00000 n 
-0000120146 00000 n 
-0000120191 00000 n 
-0000120236 00000 n 
-0000120281 00000 n 
-0000120326 00000 n 
-0000120371 00000 n 
-0000120416 00000 n 
-0000120461 00000 n 
-0000120506 00000 n 
-0000120551 00000 n 
-0000120596 00000 n 
-0000120641 00000 n 
-0000120686 00000 n 
-0000120731 00000 n 
-0000120776 00000 n 
-0000120821 00000 n 
-0000120866 00000 n 
-0000120911 00000 n 
-0000120956 00000 n 
-0000121001 00000 n 
-0000121046 00000 n 
-0000121091 00000 n 
-0000121136 00000 n 
-0000121181 00000 n 
-0000121226 00000 n 
-0000121271 00000 n 
-0000121316 00000 n 
-0000121361 00000 n 
-0000121406 00000 n 
-0000121451 00000 n 
-0000121496 00000 n 
-0000121541 00000 n 
-0000121586 00000 n 
-0000121631 00000 n 
-0000121676 00000 n 
-0000121721 00000 n 
-0000121766 00000 n 
-0000123174 00000 n 
-0000123335 00000 n 
-0000123504 00000 n 
-0000123697 00000 n 
-0000127450 00000 n 
-0000127643 00000 n 
-0000132340 00000 n 
-0000132534 00000 n 
-0000136913 00000 n 
-0000137107 00000 n 
-0000140959 00000 n 
-0000141153 00000 n 
-0000144725 00000 n 
-0000144919 00000 n 
-0000148558 00000 n 
-0000148752 00000 n 
-0000149730 00000 n 
-0000149891 00000 n 
-0000150125 00000 n 
-0000150329 00000 n 
-0000153103 00000 n 
-0000153278 00000 n 
-0000156898 00000 n 
-0000157073 00000 n 
-0000159486 00000 n 
-0000159661 00000 n 
-0000161080 00000 n 
-0000161241 00000 n 
-0000161429 00000 n 
-0000161633 00000 n 
-0000164580 00000 n 
-0000164755 00000 n 
-0000165173 00000 n 
-0000165385 00000 n 
-0000166546 00000 n 
-0000166734 00000 n 
-0000168196 00000 n 
-0000168393 00000 n 
-0000169763 00000 n 
-0000169978 00000 n 
-0000171214 00000 n 
-0000171408 00000 n 
-0000172987 00000 n 
-0000173157 00000 n 
-0000174973 00000 n 
-0000175124 00000 n 
-0000175365 00000 n 
-0000175535 00000 n 
-0000177210 00000 n 
-0000177389 00000 n 
-0000179202 00000 n 
-0000179371 00000 n 
-0000181209 00000 n 
-0000181378 00000 n 
-0000182365 00000 n 
-0000182544 00000 n 
-0000184190 00000 n 
-0000184378 00000 n 
-0000185867 00000 n 
-0000186055 00000 n 
-0000187476 00000 n 
-0000187646 00000 n 
-0000189312 00000 n 
-0000189482 00000 n 
-0000190038 00000 n 
-0000190208 00000 n 
-0000191940 00000 n 
-0000192119 00000 n 
-0000193825 00000 n 
-0000194013 00000 n 
-0000195668 00000 n 
-0000195856 00000 n 
-0000197573 00000 n 
-0000197742 00000 n 
-0000198490 00000 n 
-0000198697 00000 n 
-0000200340 00000 n 
-0000200547 00000 n 
-0000202154 00000 n 
-0000202323 00000 n 
-0000202655 00000 n 
-0000202816 00000 n 
-0000203006 00000 n 
-0000203210 00000 n 
-0000206041 00000 n 
-0000206254 00000 n 
-0000208022 00000 n 
-0000208235 00000 n 
-0000209737 00000 n 
-0000209959 00000 n 
-0000211786 00000 n 
-0000212007 00000 n 
-0000213663 00000 n 
-0000213870 00000 n 
-0000215562 00000 n 
-0000215778 00000 n 
-0000217711 00000 n 
-0000217933 00000 n 
-0000219945 00000 n 
-0000220157 00000 n 
-0000222240 00000 n 
-0000222443 00000 n 
-0000224709 00000 n 
-0000224931 00000 n 
-0000227140 00000 n 
-0000227338 00000 n 
-0000229347 00000 n 
-0000229535 00000 n 
-0000231059 00000 n 
-0000231238 00000 n 
-0000233230 00000 n 
-0000233418 00000 n 
-0000235438 00000 n 
-0000235626 00000 n 
-0000237518 00000 n 
-0000237715 00000 n 
-0000239427 00000 n 
-0000239587 00000 n 
-0000240580 00000 n 
-0000240774 00000 n 
-0000242353 00000 n 
-0000242533 00000 n 
-0000244296 00000 n 
-0000244475 00000 n 
-0000245334 00000 n 
-0000245513 00000 n 
-0000246598 00000 n 
-0000246795 00000 n 
-0000248294 00000 n 
-0000248473 00000 n 
-0000249289 00000 n 
-0000249519 00000 n 
-0000251018 00000 n 
-0000251230 00000 n 
-0000252983 00000 n 
-0000253176 00000 n 
-0000254533 00000 n 
-0000254694 00000 n 
-0000254885 00000 n 
-0000255098 00000 n 
-0000258048 00000 n 
-0000258223 00000 n 
-0000260654 00000 n 
-0000260829 00000 n 
-0000262285 00000 n 
-0000262483 00000 n 
-0000263845 00000 n 
-0000264043 00000 n 
-0000265732 00000 n 
-0000265920 00000 n 
-0000267601 00000 n 
-0000267780 00000 n 
-0000269882 00000 n 
-0000270061 00000 n 
-0000271834 00000 n 
-0000272013 00000 n 
-0000273695 00000 n 
-0000273883 00000 n 
-0000275737 00000 n 
-0000275949 00000 n 
-0000277979 00000 n 
-0000278192 00000 n 
-0000279744 00000 n 
-0000279933 00000 n 
-0000281207 00000 n 
-0000281428 00000 n 
-0000283204 00000 n 
-0000283410 00000 n 
-0000285295 00000 n 
-0000285492 00000 n 
-0000287077 00000 n 
-0000287288 00000 n 
-0000288808 00000 n 
-0000288996 00000 n 
-0000289898 00000 n 
-0000290086 00000 n 
-0000291612 00000 n 
-0000291815 00000 n 
-0000293523 00000 n 
-0000293726 00000 n 
-0000294543 00000 n 
-0000294755 00000 n 
-0000296233 00000 n 
-0000296413 00000 n 
-0000297172 00000 n 
-0000297403 00000 n 
-0000299126 00000 n 
-0000299338 00000 n 
-0000301264 00000 n 
-0000301495 00000 n 
-0000303505 00000 n 
-0000303727 00000 n 
-0000305447 00000 n 
-0000305650 00000 n 
-0000306909 00000 n 
-0000307131 00000 n 
-0000308724 00000 n 
-0000308903 00000 n 
-0000310451 00000 n 
-0000310630 00000 n 
-0000312247 00000 n 
-0000312426 00000 n 
-0000313824 00000 n 
-0000314003 00000 n 
-0000315669 00000 n 
-0000315839 00000 n 
-0000316585 00000 n 
-0000316788 00000 n 
-0000318657 00000 n 
-0000318817 00000 n 
-0000319941 00000 n 
-0000320130 00000 n 
-0000321823 00000 n 
-0000322002 00000 n 
-0000323747 00000 n 
-0000323935 00000 n 
-0000325838 00000 n 
-0000326051 00000 n 
-0000327916 00000 n 
-0000328156 00000 n 
-0000330231 00000 n 
-0000330443 00000 n 
-0000332011 00000 n 
-0000332217 00000 n 
-0000333381 00000 n 
-0000333569 00000 n 
-0000334765 00000 n 
-0000334944 00000 n 
-0000335949 00000 n 
-0000336137 00000 n 
-0000337764 00000 n 
-0000337952 00000 n 
-0000339220 00000 n 
-0000339409 00000 n 
-0000340717 00000 n 
-0000340887 00000 n 
-0000341360 00000 n 
-0000341548 00000 n 
-0000342939 00000 n 
-0000343127 00000 n 
-0000344098 00000 n 
-0000344286 00000 n 
-0000344835 00000 n 
-0000345057 00000 n 
-0000347130 00000 n 
-0000347343 00000 n 
-0000349364 00000 n 
-0000349586 00000 n 
-0000350797 00000 n 
-0000351010 00000 n 
-0000352572 00000 n 
-0000352794 00000 n 
-0000354603 00000 n 
-0000354825 00000 n 
-0000356545 00000 n 
-0000356739 00000 n 
-0000357449 00000 n 
-0000357652 00000 n 
-0000359191 00000 n 
-0000359369 00000 n 
-0000360054 00000 n 
-0000360242 00000 n 
-0000361727 00000 n 
-0000361906 00000 n 
-0000363512 00000 n 
-0000363691 00000 n 
-0000365361 00000 n 
-0000365531 00000 n 
-0000367080 00000 n 
-0000367250 00000 n 
-0000368551 00000 n 
-0000368721 00000 n 
-0000370347 00000 n 
-0000370517 00000 n 
-0000372097 00000 n 
-0000372293 00000 n 
-0000374483 00000 n 
-0000374662 00000 n 
-0000376189 00000 n 
-0000376377 00000 n 
-0000377345 00000 n 
-0000377541 00000 n 
-0000379272 00000 n 
-0000379485 00000 n 
-0000381167 00000 n 
-0000381362 00000 n 
-0000383112 00000 n 
-0000383325 00000 n 
-0000384590 00000 n 
-0000384794 00000 n 
-0000386531 00000 n 
-0000386719 00000 n 
-0000388462 00000 n 
-0000388641 00000 n 
-0000390039 00000 n 
-0000390218 00000 n 
-0000391915 00000 n 
-0000392094 00000 n 
-0000393575 00000 n 
-0000393754 00000 n 
-0000395546 00000 n 
-0000395750 00000 n 
-0000397401 00000 n 
-0000397460 00000 n 
-0000397563 00000 n 
-0000397728 00000 n 
-0000397810 00000 n 
-0000397918 00000 n 
-0000398041 00000 n 
-0000398153 00000 n 
-0000398332 00000 n 
-0000398441 00000 n 
-0000398567 00000 n 
-0000398694 00000 n 
-0000398833 00000 n 
-0000398973 00000 n 
-0000399142 00000 n 
-0000399259 00000 n 
-0000399388 00000 n 
-0000399540 00000 n 
-0000399680 00000 n 
-0000399858 00000 n 
-0000400014 00000 n 
-0000400127 00000 n 
-0000400244 00000 n 
-0000400379 00000 n 
-0000400520 00000 n 
-0000400635 00000 n 
-0000400746 00000 n 
-0000400922 00000 n 
-0000401033 00000 n 
-0000401163 00000 n 
-0000401286 00000 n 
-0000401452 00000 n 
-0000401568 00000 n 
-0000401697 00000 n 
-0000401836 00000 n 
-0000401972 00000 n 
-0000402107 00000 n 
-0000402242 00000 n 
-0000402378 00000 n 
-0000402489 00000 n 
-0000402645 00000 n 
-0000402739 00000 n 
-0000402948 00000 n 
-0000403049 00000 n 
-0000403192 00000 n 
-0000403338 00000 n 
-0000403454 00000 n 
-0000403621 00000 n 
-0000403733 00000 n 
-0000403924 00000 n 
-0000404027 00000 n 
-0000404200 00000 n 
-0000404321 00000 n 
-0000404451 00000 n 
-0000404563 00000 n 
-0000404687 00000 n 
-0000404799 00000 n 
-0000405005 00000 n 
-0000405116 00000 n 
-0000405231 00000 n 
-0000405375 00000 n 
-0000405583 00000 n 
-0000405717 00000 n 
-0000405871 00000 n 
-0000405996 00000 n 
-0000406127 00000 n 
-0000406260 00000 n 
-0000406391 00000 n 
-0000406566 00000 n 
-0000406701 00000 n 
-0000406854 00000 n 
-0000406999 00000 n 
-0000407224 00000 n 
-0000407335 00000 n 
-0000407450 00000 n 
+0000091511 00000 n 
+0000091605 00000 n 
+0000091691 00000 n 
+0000091732 00000 n 
+0000091775 00000 n 
+0000091861 00000 n 
+0000091909 00000 n 
+0000091996 00000 n 
+0000092037 00000 n 
+0000092124 00000 n 
+0000092168 00000 n 
+0000092255 00000 n 
+0000092299 00000 n 
+0000092385 00000 n 
+0000092442 00000 n 
+0000092488 00000 n 
+0000092575 00000 n 
+0000092621 00000 n 
+0000092708 00000 n 
+0000092741 00000 n 
+0000092790 00000 n 
+0000092877 00000 n 
+0000092931 00000 n 
+0000093018 00000 n 
+0000093069 00000 n 
+0000093156 00000 n 
+0000093207 00000 n 
+0000093293 00000 n 
+0000093347 00000 n 
+0000093434 00000 n 
+0000093484 00000 n 
+0000093569 00000 n 
+0000093634 00000 n 
+0000093684 00000 n 
+0000093771 00000 n 
+0000093821 00000 n 
+0000093907 00000 n 
+0000093971 00000 n 
+0000094058 00000 n 
+0000094099 00000 n 
+0000094161 00000 n 
+0000094248 00000 n 
+0000094273 00000 n 
+0000094322 00000 n 
+0000094409 00000 n 
+0000094434 00000 n 
+0000094482 00000 n 
+0000094567 00000 n 
+0000094592 00000 n 
+0000094642 00000 n 
+0000094728 00000 n 
+0000094772 00000 n 
+0000094858 00000 n 
+0000094902 00000 n 
+0000094988 00000 n 
+0000095038 00000 n 
+0000095124 00000 n 
+0000095174 00000 n 
+0000095260 00000 n 
+0000095309 00000 n 
+0000095395 00000 n 
+0000095442 00000 n 
+0000095528 00000 n 
+0000095601 00000 n 
+0000095690 00000 n 
+0000095776 00000 n 
+0000095839 00000 n 
+0000095925 00000 n 
+0000095958 00000 n 
+0000096019 00000 n 
+0000096105 00000 n 
+0000096130 00000 n 
+0000096193 00000 n 
+0000096280 00000 n 
+0000096343 00000 n 
+0000096430 00000 n 
+0000096484 00000 n 
+0000096571 00000 n 
+0000096612 00000 n 
+0000096715 00000 n 
+0000096819 00000 n 
+0000096923 00000 n 
+0000097027 00000 n 
+0000097131 00000 n 
+0000097234 00000 n 
+0000097338 00000 n 
+0000097442 00000 n 
+0000097546 00000 n 
+0000097650 00000 n 
+0000097754 00000 n 
+0000097858 00000 n 
+0000097962 00000 n 
+0000098066 00000 n 
+0000098171 00000 n 
+0000098276 00000 n 
+0000098381 00000 n 
+0000098486 00000 n 
+0000098591 00000 n 
+0000098695 00000 n 
+0000098800 00000 n 
+0000098905 00000 n 
+0000099010 00000 n 
+0000099115 00000 n 
+0000099220 00000 n 
+0000099325 00000 n 
+0000099429 00000 n 
+0000099534 00000 n 
+0000099639 00000 n 
+0000099744 00000 n 
+0000099849 00000 n 
+0000099954 00000 n 
+0000100059 00000 n 
+0000100164 00000 n 
+0000100269 00000 n 
+0000100374 00000 n 
+0000100479 00000 n 
+0000100584 00000 n 
+0000100689 00000 n 
+0000100794 00000 n 
+0000100899 00000 n 
+0000101004 00000 n 
+0000101386 00000 n 
+0000101442 00000 n 
+0000101530 00000 n 
+0000101599 00000 n 
+0000101687 00000 n 
+0000101763 00000 n 
+0000101852 00000 n 
+0000101923 00000 n 
+0000102011 00000 n 
+0000102091 00000 n 
+0000102180 00000 n 
+0000102243 00000 n 
+0000102326 00000 n 
+0000102414 00000 n 
+0000102490 00000 n 
+0000102579 00000 n 
+0000102653 00000 n 
+0000102742 00000 n 
+0000102821 00000 n 
+0000102910 00000 n 
+0000102964 00000 n 
+0000103013 00000 n 
+0000103102 00000 n 
+0000103129 00000 n 
+0000103178 00000 n 
+0000103267 00000 n 
+0000103294 00000 n 
+0000103343 00000 n 
+0000103432 00000 n 
+0000103497 00000 n 
+0000103586 00000 n 
+0000103642 00000 n 
+0000103731 00000 n 
+0000103779 00000 n 
+0000103868 00000 n 
+0000103922 00000 n 
+0000103977 00000 n 
+0000104066 00000 n 
+0000104121 00000 n 
+0000104210 00000 n 
+0000104246 00000 n 
+0000104282 00000 n 
+0000104318 00000 n 
+0000109465 00000 n 
+0000109510 00000 n 
+0000109555 00000 n 
+0000109600 00000 n 
+0000109645 00000 n 
+0000109690 00000 n 
+0000109735 00000 n 
+0000109780 00000 n 
+0000109825 00000 n 
+0000109870 00000 n 
+0000109915 00000 n 
+0000109960 00000 n 
+0000110005 00000 n 
+0000110050 00000 n 
+0000110095 00000 n 
+0000110140 00000 n 
+0000110185 00000 n 
+0000110230 00000 n 
+0000110275 00000 n 
+0000110320 00000 n 
+0000110365 00000 n 
+0000110410 00000 n 
+0000110455 00000 n 
+0000110500 00000 n 
+0000110545 00000 n 
+0000110590 00000 n 
+0000110635 00000 n 
+0000110680 00000 n 
+0000110725 00000 n 
+0000110770 00000 n 
+0000110815 00000 n 
+0000110860 00000 n 
+0000110905 00000 n 
+0000110950 00000 n 
+0000110995 00000 n 
+0000111040 00000 n 
+0000111085 00000 n 
+0000111130 00000 n 
+0000111175 00000 n 
+0000111220 00000 n 
+0000111265 00000 n 
+0000111310 00000 n 
+0000111355 00000 n 
+0000111400 00000 n 
+0000111445 00000 n 
+0000111490 00000 n 
+0000111535 00000 n 
+0000111580 00000 n 
+0000111625 00000 n 
+0000111670 00000 n 
+0000111715 00000 n 
+0000111760 00000 n 
+0000111805 00000 n 
+0000111850 00000 n 
+0000111895 00000 n 
+0000111940 00000 n 
+0000111985 00000 n 
+0000112030 00000 n 
+0000112075 00000 n 
+0000112120 00000 n 
+0000112165 00000 n 
+0000112210 00000 n 
+0000112255 00000 n 
+0000112300 00000 n 
+0000112345 00000 n 
+0000112390 00000 n 
+0000112435 00000 n 
+0000112480 00000 n 
+0000112525 00000 n 
+0000112570 00000 n 
+0000112615 00000 n 
+0000112660 00000 n 
+0000112705 00000 n 
+0000112750 00000 n 
+0000112795 00000 n 
+0000112840 00000 n 
+0000112885 00000 n 
+0000112930 00000 n 
+0000112975 00000 n 
+0000113020 00000 n 
+0000113065 00000 n 
+0000113110 00000 n 
+0000113155 00000 n 
+0000113200 00000 n 
+0000113245 00000 n 
+0000113290 00000 n 
+0000113335 00000 n 
+0000113380 00000 n 
+0000113425 00000 n 
+0000113470 00000 n 
+0000113515 00000 n 
+0000113560 00000 n 
+0000113605 00000 n 
+0000113650 00000 n 
+0000113695 00000 n 
+0000113740 00000 n 
+0000113785 00000 n 
+0000113830 00000 n 
+0000113875 00000 n 
+0000113920 00000 n 
+0000113965 00000 n 
+0000114010 00000 n 
+0000114055 00000 n 
+0000114100 00000 n 
+0000114145 00000 n 
+0000114190 00000 n 
+0000114235 00000 n 
+0000114280 00000 n 
+0000114325 00000 n 
+0000114370 00000 n 
+0000114415 00000 n 
+0000114460 00000 n 
+0000114505 00000 n 
+0000114550 00000 n 
+0000114595 00000 n 
+0000114640 00000 n 
+0000114685 00000 n 
+0000114730 00000 n 
+0000114775 00000 n 
+0000114820 00000 n 
+0000114865 00000 n 
+0000114910 00000 n 
+0000114955 00000 n 
+0000115000 00000 n 
+0000115045 00000 n 
+0000115090 00000 n 
+0000115135 00000 n 
+0000115180 00000 n 
+0000115225 00000 n 
+0000115270 00000 n 
+0000115315 00000 n 
+0000115360 00000 n 
+0000115405 00000 n 
+0000115450 00000 n 
+0000115495 00000 n 
+0000115540 00000 n 
+0000115585 00000 n 
+0000115630 00000 n 
+0000115675 00000 n 
+0000115720 00000 n 
+0000115765 00000 n 
+0000115810 00000 n 
+0000115855 00000 n 
+0000115900 00000 n 
+0000115945 00000 n 
+0000115990 00000 n 
+0000116035 00000 n 
+0000116080 00000 n 
+0000116125 00000 n 
+0000116170 00000 n 
+0000116215 00000 n 
+0000116260 00000 n 
+0000116305 00000 n 
+0000116350 00000 n 
+0000116395 00000 n 
+0000116440 00000 n 
+0000116485 00000 n 
+0000116530 00000 n 
+0000116575 00000 n 
+0000116620 00000 n 
+0000116665 00000 n 
+0000116710 00000 n 
+0000116755 00000 n 
+0000116800 00000 n 
+0000116845 00000 n 
+0000116890 00000 n 
+0000116935 00000 n 
+0000116980 00000 n 
+0000117025 00000 n 
+0000117070 00000 n 
+0000117115 00000 n 
+0000117160 00000 n 
+0000117205 00000 n 
+0000117250 00000 n 
+0000117295 00000 n 
+0000117340 00000 n 
+0000117385 00000 n 
+0000117430 00000 n 
+0000117475 00000 n 
+0000117520 00000 n 
+0000117565 00000 n 
+0000117610 00000 n 
+0000117655 00000 n 
+0000117700 00000 n 
+0000117745 00000 n 
+0000117790 00000 n 
+0000117835 00000 n 
+0000117880 00000 n 
+0000117925 00000 n 
+0000117970 00000 n 
+0000118015 00000 n 
+0000118060 00000 n 
+0000118105 00000 n 
+0000118150 00000 n 
+0000118195 00000 n 
+0000118240 00000 n 
+0000118285 00000 n 
+0000118330 00000 n 
+0000118375 00000 n 
+0000118420 00000 n 
+0000118465 00000 n 
+0000118510 00000 n 
+0000118555 00000 n 
+0000118600 00000 n 
+0000118645 00000 n 
+0000118690 00000 n 
+0000118735 00000 n 
+0000118780 00000 n 
+0000118825 00000 n 
+0000118870 00000 n 
+0000118915 00000 n 
+0000118960 00000 n 
+0000119005 00000 n 
+0000119050 00000 n 
+0000119095 00000 n 
+0000119140 00000 n 
+0000119185 00000 n 
+0000119230 00000 n 
+0000119275 00000 n 
+0000119320 00000 n 
+0000119365 00000 n 
+0000119410 00000 n 
+0000119455 00000 n 
+0000119500 00000 n 
+0000119545 00000 n 
+0000119590 00000 n 
+0000119635 00000 n 
+0000119680 00000 n 
+0000119725 00000 n 
+0000119770 00000 n 
+0000119815 00000 n 
+0000119860 00000 n 
+0000119905 00000 n 
+0000119950 00000 n 
+0000119995 00000 n 
+0000120040 00000 n 
+0000120085 00000 n 
+0000120130 00000 n 
+0000120175 00000 n 
+0000120220 00000 n 
+0000120265 00000 n 
+0000120310 00000 n 
+0000120355 00000 n 
+0000120400 00000 n 
+0000120445 00000 n 
+0000120490 00000 n 
+0000120535 00000 n 
+0000120580 00000 n 
+0000120625 00000 n 
+0000120670 00000 n 
+0000120715 00000 n 
+0000120760 00000 n 
+0000120805 00000 n 
+0000120850 00000 n 
+0000120895 00000 n 
+0000120940 00000 n 
+0000120985 00000 n 
+0000121030 00000 n 
+0000121075 00000 n 
+0000121120 00000 n 
+0000121165 00000 n 
+0000121210 00000 n 
+0000121255 00000 n 
+0000121300 00000 n 
+0000121345 00000 n 
+0000121390 00000 n 
+0000121435 00000 n 
+0000121480 00000 n 
+0000121525 00000 n 
+0000121570 00000 n 
+0000121615 00000 n 
+0000121660 00000 n 
+0000121705 00000 n 
+0000121750 00000 n 
+0000121795 00000 n 
+0000121840 00000 n 
+0000121885 00000 n 
+0000121930 00000 n 
+0000121975 00000 n 
+0000122020 00000 n 
+0000122065 00000 n 
+0000122110 00000 n 
+0000122155 00000 n 
+0000122200 00000 n 
+0000122245 00000 n 
+0000122290 00000 n 
+0000122335 00000 n 
+0000122380 00000 n 
+0000122425 00000 n 
+0000122470 00000 n 
+0000122515 00000 n 
+0000122560 00000 n 
+0000122605 00000 n 
+0000122650 00000 n 
+0000122695 00000 n 
+0000122740 00000 n 
+0000122785 00000 n 
+0000122830 00000 n 
+0000122875 00000 n 
+0000122920 00000 n 
+0000122965 00000 n 
+0000124382 00000 n 
+0000124543 00000 n 
+0000124712 00000 n 
+0000124905 00000 n 
+0000128845 00000 n 
+0000129039 00000 n 
+0000133591 00000 n 
+0000133785 00000 n 
+0000138337 00000 n 
+0000138531 00000 n 
+0000142593 00000 n 
+0000142787 00000 n 
+0000146401 00000 n 
+0000146595 00000 n 
+0000150431 00000 n 
+0000150625 00000 n 
+0000151714 00000 n 
+0000151875 00000 n 
+0000152109 00000 n 
+0000152313 00000 n 
+0000155026 00000 n 
+0000155201 00000 n 
+0000158846 00000 n 
+0000159021 00000 n 
+0000161306 00000 n 
+0000161481 00000 n 
+0000162406 00000 n 
+0000162567 00000 n 
+0000162755 00000 n 
+0000162959 00000 n 
+0000165774 00000 n 
+0000165949 00000 n 
+0000166560 00000 n 
+0000166772 00000 n 
+0000167933 00000 n 
+0000168121 00000 n 
+0000169583 00000 n 
+0000169780 00000 n 
+0000171150 00000 n 
+0000171365 00000 n 
+0000172601 00000 n 
+0000172795 00000 n 
+0000174374 00000 n 
+0000174544 00000 n 
+0000176360 00000 n 
+0000176511 00000 n 
+0000176752 00000 n 
+0000176931 00000 n 
+0000178637 00000 n 
+0000178825 00000 n 
+0000180580 00000 n 
+0000180768 00000 n 
+0000182419 00000 n 
+0000182588 00000 n 
+0000183308 00000 n 
+0000183537 00000 n 
+0000185315 00000 n 
+0000185521 00000 n 
+0000187106 00000 n 
+0000187319 00000 n 
+0000189112 00000 n 
+0000189334 00000 n 
+0000191497 00000 n 
+0000191700 00000 n 
+0000193251 00000 n 
+0000193464 00000 n 
+0000194891 00000 n 
+0000195113 00000 n 
+0000196884 00000 n 
+0000197106 00000 n 
+0000198986 00000 n 
+0000199192 00000 n 
+0000200390 00000 n 
+0000200610 00000 n 
+0000202128 00000 n 
+0000202316 00000 n 
+0000203434 00000 n 
+0000203595 00000 n 
+0000203785 00000 n 
+0000203989 00000 n 
+0000207035 00000 n 
+0000207205 00000 n 
+0000209164 00000 n 
+0000209324 00000 n 
+0000210004 00000 n 
+0000210249 00000 n 
+0000212043 00000 n 
+0000212256 00000 n 
+0000213758 00000 n 
+0000213980 00000 n 
+0000215808 00000 n 
+0000216061 00000 n 
+0000217745 00000 n 
+0000217952 00000 n 
+0000219645 00000 n 
+0000219861 00000 n 
+0000221794 00000 n 
+0000222016 00000 n 
+0000224029 00000 n 
+0000224241 00000 n 
+0000226327 00000 n 
+0000226530 00000 n 
+0000228794 00000 n 
+0000229048 00000 n 
+0000231276 00000 n 
+0000231506 00000 n 
+0000233547 00000 n 
+0000233778 00000 n 
+0000235351 00000 n 
+0000235562 00000 n 
+0000237584 00000 n 
+0000237804 00000 n 
+0000239854 00000 n 
+0000240096 00000 n 
+0000242032 00000 n 
+0000242261 00000 n 
+0000243981 00000 n 
+0000244141 00000 n 
+0000245133 00000 n 
+0000245327 00000 n 
+0000246906 00000 n 
+0000247086 00000 n 
+0000248827 00000 n 
+0000249016 00000 n 
+0000250217 00000 n 
+0000250396 00000 n 
+0000251485 00000 n 
+0000251682 00000 n 
+0000253053 00000 n 
+0000253232 00000 n 
+0000253957 00000 n 
+0000254187 00000 n 
+0000255664 00000 n 
+0000255867 00000 n 
+0000257676 00000 n 
+0000257860 00000 n 
+0000258395 00000 n 
+0000258556 00000 n 
+0000258747 00000 n 
+0000258960 00000 n 
+0000261909 00000 n 
+0000262084 00000 n 
+0000264566 00000 n 
+0000264741 00000 n 
+0000266021 00000 n 
+0000266219 00000 n 
+0000267581 00000 n 
+0000267779 00000 n 
+0000269465 00000 n 
+0000269653 00000 n 
+0000271334 00000 n 
+0000271513 00000 n 
+0000273615 00000 n 
+0000273794 00000 n 
+0000275567 00000 n 
+0000275746 00000 n 
+0000277427 00000 n 
+0000277615 00000 n 
+0000279468 00000 n 
+0000279680 00000 n 
+0000281715 00000 n 
+0000281928 00000 n 
+0000283479 00000 n 
+0000283668 00000 n 
+0000284942 00000 n 
+0000285148 00000 n 
+0000286922 00000 n 
+0000287119 00000 n 
+0000288881 00000 n 
+0000289093 00000 n 
+0000290796 00000 n 
+0000290998 00000 n 
+0000292377 00000 n 
+0000292565 00000 n 
+0000293456 00000 n 
+0000293644 00000 n 
+0000295169 00000 n 
+0000295372 00000 n 
+0000297081 00000 n 
+0000297284 00000 n 
+0000298101 00000 n 
+0000298313 00000 n 
+0000299791 00000 n 
+0000299971 00000 n 
+0000300733 00000 n 
+0000300996 00000 n 
+0000302719 00000 n 
+0000302964 00000 n 
+0000304855 00000 n 
+0000305077 00000 n 
+0000306871 00000 n 
+0000307093 00000 n 
+0000308972 00000 n 
+0000309151 00000 n 
+0000310374 00000 n 
+0000310605 00000 n 
+0000312271 00000 n 
+0000312450 00000 n 
+0000314031 00000 n 
+0000314210 00000 n 
+0000315757 00000 n 
+0000315936 00000 n 
+0000317439 00000 n 
+0000317618 00000 n 
+0000319284 00000 n 
+0000319454 00000 n 
+0000320199 00000 n 
+0000320388 00000 n 
+0000322081 00000 n 
+0000322260 00000 n 
+0000324005 00000 n 
+0000324193 00000 n 
+0000326028 00000 n 
+0000326222 00000 n 
+0000328079 00000 n 
+0000328310 00000 n 
+0000330425 00000 n 
+0000330637 00000 n 
+0000332073 00000 n 
+0000332285 00000 n 
+0000333649 00000 n 
+0000333855 00000 n 
+0000335128 00000 n 
+0000335307 00000 n 
+0000336327 00000 n 
+0000336515 00000 n 
+0000337983 00000 n 
+0000338171 00000 n 
+0000339570 00000 n 
+0000339739 00000 n 
+0000340573 00000 n 
+0000340753 00000 n 
+0000341814 00000 n 
+0000341984 00000 n 
+0000343662 00000 n 
+0000343841 00000 n 
+0000345654 00000 n 
+0000345823 00000 n 
+0000347662 00000 n 
+0000347831 00000 n 
+0000348819 00000 n 
+0000348998 00000 n 
+0000350645 00000 n 
+0000350833 00000 n 
+0000352324 00000 n 
+0000352512 00000 n 
+0000353934 00000 n 
+0000354104 00000 n 
+0000355770 00000 n 
+0000355940 00000 n 
+0000356497 00000 n 
+0000356694 00000 n 
+0000357906 00000 n 
+0000358109 00000 n 
+0000359454 00000 n 
+0000359639 00000 n 
+0000360115 00000 n 
+0000360318 00000 n 
+0000361851 00000 n 
+0000362029 00000 n 
+0000362697 00000 n 
+0000362885 00000 n 
+0000364373 00000 n 
+0000364543 00000 n 
+0000366050 00000 n 
+0000366220 00000 n 
+0000367617 00000 n 
+0000367787 00000 n 
+0000369337 00000 n 
+0000369506 00000 n 
+0000370469 00000 n 
+0000370690 00000 n 
+0000372308 00000 n 
+0000372551 00000 n 
+0000374120 00000 n 
+0000374290 00000 n 
+0000375365 00000 n 
+0000375561 00000 n 
+0000377747 00000 n 
+0000377926 00000 n 
+0000379453 00000 n 
+0000379641 00000 n 
+0000380609 00000 n 
+0000380805 00000 n 
+0000382535 00000 n 
+0000382748 00000 n 
+0000384429 00000 n 
+0000384624 00000 n 
+0000386375 00000 n 
+0000386588 00000 n 
+0000387853 00000 n 
+0000388057 00000 n 
+0000389795 00000 n 
+0000389983 00000 n 
+0000391726 00000 n 
+0000391905 00000 n 
+0000393304 00000 n 
+0000393483 00000 n 
+0000395181 00000 n 
+0000395360 00000 n 
+0000396842 00000 n 
+0000397021 00000 n 
+0000398807 00000 n 
+0000399011 00000 n 
+0000400662 00000 n 
+0000400721 00000 n 
+0000400824 00000 n 
+0000400989 00000 n 
+0000401071 00000 n 
+0000401179 00000 n 
+0000401302 00000 n 
+0000401414 00000 n 
+0000401593 00000 n 
+0000401702 00000 n 
+0000401828 00000 n 
+0000401955 00000 n 
+0000402094 00000 n 
+0000402234 00000 n 
+0000402403 00000 n 
+0000402520 00000 n 
+0000402649 00000 n 
+0000402801 00000 n 
+0000402941 00000 n 
+0000403119 00000 n 
+0000403275 00000 n 
+0000403388 00000 n 
+0000403505 00000 n 
+0000403640 00000 n 
+0000403781 00000 n 
+0000403896 00000 n 
+0000404007 00000 n 
+0000404216 00000 n 
+0000404317 00000 n 
+0000404460 00000 n 
+0000404606 00000 n 
+0000404722 00000 n 
+0000404889 00000 n 
+0000405001 00000 n 
+0000405175 00000 n 
+0000405278 00000 n 
+0000405451 00000 n 
+0000405572 00000 n 
+0000405702 00000 n 
+0000405828 00000 n 
+0000405943 00000 n 
+0000406051 00000 n 
+0000406198 00000 n 
+0000406303 00000 n 
+0000406422 00000 n 
+0000406551 00000 n 
+0000406710 00000 n 
+0000406844 00000 n 
+0000406981 00000 n 
+0000407113 00000 n 
+0000407262 00000 n 
+0000407394 00000 n 
+0000407542 00000 n 
 0000407643 00000 n 
-0000407786 00000 n 
-0000407902 00000 n 
-0000408047 00000 n 
-0000408204 00000 n 
-0000408321 00000 n 
-0000408498 00000 n 
-0000408632 00000 n 
-0000408780 00000 n 
-0000408898 00000 n 
-0000409028 00000 n 
-0000409198 00000 n 
-0000409292 00000 n 
-0000409419 00000 n 
-0000409546 00000 n 
-0000409642 00000 n 
-0000409819 00000 n 
-0000409945 00000 n 
-0000410080 00000 n 
-0000410213 00000 n 
-0000410340 00000 n 
-0000410452 00000 n 
-0000410644 00000 n 
-0000410742 00000 n 
-0000410928 00000 n 
-0000411032 00000 n 
-0000411156 00000 n 
-0000411278 00000 n 
-0000411390 00000 n 
-0000411586 00000 n 
-0000411702 00000 n 
-0000411826 00000 n 
-0000411944 00000 n 
-0000412062 00000 n 
-0000412167 00000 n 
-0000412356 00000 n 
-0000412579 00000 n 
-0000412718 00000 n 
-0000412881 00000 n 
-0000413018 00000 n 
-0000413121 00000 n 
-0000413327 00000 n 
-0000413486 00000 n 
-0000413634 00000 n 
-0000413762 00000 n 
-0000413943 00000 n 
-0000414053 00000 n 
-0000414168 00000 n 
-0000414313 00000 n 
-0000414477 00000 n 
-0000414627 00000 n 
-0000414845 00000 n 
-0000414950 00000 n 
-0000415082 00000 n 
-0000415203 00000 n 
-0000415410 00000 n 
-0000415538 00000 n 
-0000415623 00000 n 
-0000415789 00000 n 
-0000415893 00000 n 
-0000416050 00000 n 
-0000416161 00000 n 
-0000416306 00000 n 
-0000416448 00000 n 
-0000416598 00000 n 
-0000416715 00000 n 
-0000416879 00000 n 
-0000416990 00000 n 
-0000417130 00000 n 
-0000417257 00000 n 
-0000417374 00000 n 
-0000417513 00000 n 
-0000417619 00000 n 
-0000417753 00000 n 
-0000417885 00000 n 
-0000418030 00000 n 
-0000418157 00000 n 
-0000418289 00000 n 
-0000418419 00000 n 
-0000418544 00000 n 
-0000418652 00000 n 
-0000418817 00000 n 
-0000418921 00000 n 
-0000419057 00000 n 
-0000419263 00000 n 
-0000419363 00000 n 
-0000419481 00000 n 
-0000419646 00000 n 
-0000419737 00000 n 
-0000419898 00000 n 
-0000420024 00000 n 
+0000407771 00000 n 
+0000407889 00000 n 
+0000408043 00000 n 
+0000408174 00000 n 
+0000408320 00000 n 
+0000408421 00000 n 
+0000408519 00000 n 
+0000408643 00000 n 
+0000408755 00000 n 
+0000408927 00000 n 
+0000409125 00000 n 
+0000409236 00000 n 
+0000409351 00000 n 
+0000409495 00000 n 
+0000409703 00000 n 
+0000409837 00000 n 
+0000409991 00000 n 
+0000410116 00000 n 
+0000410247 00000 n 
+0000410380 00000 n 
+0000410511 00000 n 
+0000410686 00000 n 
+0000410821 00000 n 
+0000410974 00000 n 
+0000411119 00000 n 
+0000411344 00000 n 
+0000411455 00000 n 
+0000411570 00000 n 
+0000411763 00000 n 
+0000411906 00000 n 
+0000412022 00000 n 
+0000412180 00000 n 
+0000412337 00000 n 
+0000412468 00000 n 
+0000412589 00000 n 
+0000412766 00000 n 
+0000412900 00000 n 
+0000413048 00000 n 
+0000413166 00000 n 
+0000413296 00000 n 
+0000413466 00000 n 
+0000413560 00000 n 
+0000413687 00000 n 
+0000413814 00000 n 
+0000413910 00000 n 
+0000414096 00000 n 
+0000414222 00000 n 
+0000414357 00000 n 
+0000414490 00000 n 
+0000414617 00000 n 
+0000414729 00000 n 
+0000414920 00000 n 
+0000415017 00000 n 
+0000415202 00000 n 
+0000415305 00000 n 
+0000415428 00000 n 
+0000415549 00000 n 
+0000415660 00000 n 
+0000415855 00000 n 
+0000415970 00000 n 
+0000416093 00000 n 
+0000416210 00000 n 
+0000416327 00000 n 
+0000416431 00000 n 
+0000416619 00000 n 
+0000416841 00000 n 
+0000416979 00000 n 
+0000417141 00000 n 
+0000417277 00000 n 
+0000417379 00000 n 
+0000417585 00000 n 
+0000417744 00000 n 
+0000417892 00000 n 
+0000418020 00000 n 
+0000418201 00000 n 
+0000418311 00000 n 
+0000418426 00000 n 
+0000418571 00000 n 
+0000418735 00000 n 
+0000418885 00000 n 
+0000419103 00000 n 
+0000419208 00000 n 
+0000419340 00000 n 
+0000419461 00000 n 
+0000419668 00000 n 
+0000419796 00000 n 
+0000419881 00000 n 
+0000420047 00000 n 
 0000420151 00000 n 
-0000420291 00000 n 
-0000420427 00000 n 
-0000420535 00000 n 
-0000420709 00000 n 
-0000420815 00000 n 
-0000420935 00000 n 
-0000421047 00000 n 
-0000421164 00000 n 
-0000421266 00000 n 
-0000421435 00000 n 
-0000421535 00000 n 
-0000421652 00000 n 
-0000421805 00000 n 
-0000421935 00000 n 
-0000422102 00000 n 
-0000422202 00000 n 
-0000422299 00000 n 
-0000422519 00000 n 
-0000422618 00000 n 
-0000422736 00000 n 
-0000422864 00000 n 
-0000423022 00000 n 
-0000423193 00000 n 
-0000423309 00000 n 
-0000423420 00000 n 
-0000423556 00000 n 
-0000423687 00000 n 
-0000423835 00000 n 
-0000423980 00000 n 
-0000424081 00000 n 
-0000424269 00000 n 
-0000424373 00000 n 
-0000424526 00000 n 
-0000424637 00000 n 
-0000424745 00000 n 
-0000424876 00000 n 
-0000425051 00000 n 
-0000425154 00000 n 
-0000425305 00000 n 
-0000425407 00000 n 
-0000425529 00000 n 
-0000425661 00000 n 
-0000425781 00000 n 
-0000425896 00000 n 
-0000426010 00000 n 
-0000426123 00000 n 
-0000426240 00000 n 
-0000426355 00000 n 
-0000426471 00000 n 
-0000426586 00000 n 
-0000426702 00000 n 
-0000426824 00000 n 
-0000426945 00000 n 
-0000427064 00000 n 
-0000427182 00000 n 
-0000427302 00000 n 
-0000427405 00000 n 
-0000427519 00000 n 
-0000427680 00000 n 
-0000427776 00000 n 
-0000427890 00000 n 
-0000428000 00000 n 
-0000428117 00000 n 
-0000428295 00000 n 
-0000428405 00000 n 
-0000428559 00000 n 
-0000428728 00000 n 
-0000428916 00000 n 
-0000429097 00000 n 
-0000429253 00000 n 
-0000429419 00000 n 
-0000429551 00000 n 
-0000429698 00000 n 
-0000429837 00000 n 
-0000429957 00000 n 
-0000430078 00000 n 
-0000430197 00000 n 
-0000430361 00000 n 
-0000430465 00000 n 
-0000430583 00000 n 
-0000430701 00000 n 
-0000430822 00000 n 
-0000430958 00000 n 
-0000431057 00000 n 
-0000431221 00000 n 
-0000431325 00000 n 
-0000431442 00000 n 
-0000431592 00000 n 
-0000431692 00000 n 
-0000431806 00000 n 
-0000431920 00000 n 
-0000432034 00000 n 
-0000432148 00000 n 
-0000432262 00000 n 
-0000432376 00000 n 
-0000432490 00000 n 
-0000432604 00000 n 
-0000432720 00000 n 
-0000432822 00000 n 
-0000432936 00000 n 
+0000420308 00000 n 
+0000420419 00000 n 
+0000420564 00000 n 
+0000420706 00000 n 
+0000420856 00000 n 
+0000420973 00000 n 
+0000421137 00000 n 
+0000421248 00000 n 
+0000421388 00000 n 
+0000421515 00000 n 
+0000421632 00000 n 
+0000421771 00000 n 
+0000421877 00000 n 
+0000422011 00000 n 
+0000422143 00000 n 
+0000422288 00000 n 
+0000422415 00000 n 
+0000422547 00000 n 
+0000422677 00000 n 
+0000422802 00000 n 
+0000422910 00000 n 
+0000423116 00000 n 
+0000423216 00000 n 
+0000423334 00000 n 
+0000423499 00000 n 
+0000423590 00000 n 
+0000423751 00000 n 
+0000423877 00000 n 
+0000424020 00000 n 
+0000424147 00000 n 
+0000424287 00000 n 
+0000424423 00000 n 
+0000424531 00000 n 
+0000424705 00000 n 
+0000424811 00000 n 
+0000424931 00000 n 
+0000425043 00000 n 
+0000425160 00000 n 
+0000425262 00000 n 
+0000425439 00000 n 
+0000425551 00000 n 
+0000425682 00000 n 
+0000425806 00000 n 
+0000425973 00000 n 
+0000426090 00000 n 
+0000426220 00000 n 
+0000426360 00000 n 
+0000426497 00000 n 
+0000426633 00000 n 
+0000426769 00000 n 
+0000426906 00000 n 
+0000427018 00000 n 
+0000427189 00000 n 
+0000427311 00000 n 
+0000427471 00000 n 
+0000427570 00000 n 
+0000427685 00000 n 
+0000427787 00000 n 
+0000427948 00000 n 
+0000428052 00000 n 
+0000428151 00000 n 
+0000428333 00000 n 
+0000428437 00000 n 
+0000428590 00000 n 
+0000428701 00000 n 
+0000428809 00000 n 
+0000428940 00000 n 
+0000429115 00000 n 
+0000429218 00000 n 
+0000429338 00000 n 
+0000429453 00000 n 
+0000429567 00000 n 
+0000429682 00000 n 
+0000429796 00000 n 
+0000429911 00000 n 
+0000430029 00000 n 
+0000430146 00000 n 
+0000430252 00000 n 
+0000430425 00000 n 
+0000430528 00000 n 
+0000430684 00000 n 
+0000430792 00000 n 
+0000430918 00000 n 
+0000431038 00000 n 
+0000431139 00000 n 
+0000431246 00000 n 
+0000431360 00000 n 
+0000431521 00000 n 
+0000431617 00000 n 
+0000431731 00000 n 
+0000431841 00000 n 
+0000431958 00000 n 
+0000432136 00000 n 
+0000432246 00000 n 
+0000432400 00000 n 
+0000432569 00000 n 
+0000432757 00000 n 
+0000432938 00000 n 
+0000433094 00000 n 
+0000433260 00000 n 
+0000433392 00000 n 
+0000433539 00000 n 
+0000433678 00000 n 
+0000433798 00000 n 
+0000433919 00000 n 
+0000434038 00000 n 
+0000434202 00000 n 
+0000434306 00000 n 
+0000434424 00000 n 
+0000434542 00000 n 
+0000434663 00000 n 
+0000434799 00000 n 
+0000434898 00000 n 
+0000435062 00000 n 
+0000435166 00000 n 
+0000435283 00000 n 
+0000435433 00000 n 
+0000435533 00000 n 
+0000435647 00000 n 
+0000435761 00000 n 
+0000435875 00000 n 
+0000435989 00000 n 
+0000436103 00000 n 
+0000436217 00000 n 
+0000436331 00000 n 
+0000436445 00000 n 
+0000436561 00000 n 
+0000436663 00000 n 
+0000436777 00000 n 
 trailer
-<</Size 1937/Root 1936 0 R/Info 1 0 R/ID[<d4635e29b9310f2537aa795b8caa009c><d4635e29b9310f2537aa795b8caa009c>]>>
+<</Size 1949/Root 1948 0 R/Info 1 0 R/ID[<116c97ced400123fda9c473dd7e06727><116c97ced400123fda9c473dd7e06727>]>>
 startxref
-433845
+437645
 %%EOF
diff --git a/docs/announce b/docs/announce
index f5716556ba..7310bdd737 100644
--- a/docs/announce
+++ b/docs/announce
@@ -1,3 +1,6 @@
+This document is out of date
+
+
 		Announcing Samba version 2.2
 		============================
 
diff --git a/docs/faq/samba-faq.html b/docs/faq/samba-faq.html
index f6a9d83128..50037e1e1e 100644
--- a/docs/faq/samba-faq.html
+++ b/docs/faq/samba-faq.html
@@ -5,10 +5,10 @@
 >Samba FAQ</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="NEXT"
 TITLE="General Information"
-HREF="general.html"></HEAD
+HREF="faq-general.html"></HEAD
 ><BODY
 CLASS="BOOK"
 BGCOLOR="#FFFFFF"
@@ -63,233 +63,238 @@ CLASS="TOC"
 ></DT
 ><DT
 >1. <A
-HREF="general.html"
+HREF="faq-general.html"
 >General Information</A
 ></DT
 ><DD
 ><DL
 ><DT
 >1.1. <A
-HREF="general.html#AEN12"
+HREF="faq-general.html#AEN12"
 >Where can I get it?</A
 ></DT
 ><DT
 >1.2. <A
-HREF="general.html#AEN16"
+HREF="faq-general.html#AEN16"
 >What do the version numbers mean?</A
 ></DT
 ><DT
 >1.3. <A
-HREF="general.html#AEN28"
+HREF="faq-general.html#AEN28"
 >What platforms are supported?</A
 ></DT
 ><DT
 >1.4. <A
-HREF="general.html#AEN71"
+HREF="faq-general.html#AEN71"
 >How do I subscribe to the Samba Mailing Lists?</A
 ></DT
 ><DT
 >1.5. <A
-HREF="general.html#AEN75"
+HREF="faq-general.html#AEN75"
 >Pizza supply details</A
 ></DT
 ></DL
 ></DD
 ><DT
 >2. <A
-HREF="install.html"
+HREF="faq-install.html"
 >Compiling and installing Samba on a Unix host</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.1. <A
-HREF="install.html#AEN84"
+HREF="faq-install.html#AEN84"
 >I can't see the Samba server in any browse lists!</A
 ></DT
 ><DT
 >2.2. <A
-HREF="install.html#AEN89"
->Some files that I KNOW are on the server doesn't show up when I view the files from my client!</A
+HREF="faq-install.html#AEN89"
+>Some files that I KNOW are on the server don't show up when I view the files from my client!</A
 ></DT
 ><DT
 >2.3. <A
-HREF="install.html#AEN92"
+HREF="faq-install.html#AEN92"
 >Some files on the server show up with really wierd filenames when I view the files from my client!</A
 ></DT
 ><DT
 >2.4. <A
-HREF="install.html#AEN96"
+HREF="faq-install.html#AEN96"
 >My client reports "cannot locate specified computer" or similar</A
 ></DT
 ><DT
 >2.5. <A
-HREF="install.html#AEN103"
+HREF="faq-install.html#AEN103"
 >My client reports "cannot locate specified share name" or similar</A
 ></DT
 ><DT
 >2.6. <A
-HREF="install.html#AEN112"
+HREF="faq-install.html#AEN112"
 >Printing doesn't work</A
 ></DT
 ><DT
 >2.7. <A
-HREF="install.html#AEN120"
+HREF="faq-install.html#AEN120"
 >My client reports "This server is not configured to list shared resources"</A
 ></DT
 ><DT
 >2.8. <A
-HREF="install.html#AEN124"
+HREF="faq-install.html#AEN124"
 >Log message "you appear to have a trapdoor uid system"</A
 ></DT
 ><DT
 >2.9. <A
-HREF="install.html#AEN132"
+HREF="faq-install.html#AEN132"
 >Why are my file's timestamps off by an hour, or by a few hours?</A
 ></DT
 ><DT
 >2.10. <A
-HREF="install.html#AEN155"
+HREF="faq-install.html#AEN155"
 >How do I set the printer driver name correctly?</A
 ></DT
 ></DL
 ></DD
 ><DT
 >3. <A
-HREF="config.html"
+HREF="faq-config.html"
 >Configuration problems</A
 ></DT
 ><DD
 ><DL
 ><DT
 >3.1. <A
-HREF="config.html#AEN170"
+HREF="faq-config.html#AEN169"
 >I have set 'force user' and samba still makes 'root' the owner of all the files I touch!</A
 ></DT
 ></DL
 ></DD
 ><DT
 >4. <A
-HREF="clientapp.html"
+HREF="faq-clientapp.html"
 >Specific client application problems</A
 ></DT
 ><DD
 ><DL
 ><DT
 >4.1. <A
-HREF="clientapp.html#AEN175"
->MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A
+HREF="faq-clientapp.html#AEN174"
+>MS Office Setup reports "Cannot change properties of '\\MSOFFICE\\SETUP.INI'"</A
 ></DT
 ><DT
 >4.2. <A
-HREF="clientapp.html#AEN180"
+HREF="faq-clientapp.html#AEN179"
 >How to use a Samba share as an administrative share for MS Office, etc.</A
 ></DT
 ><DT
 >4.3. <A
-HREF="clientapp.html#AEN195"
+HREF="faq-clientapp.html#AEN194"
 >Microsoft Access database opening errors</A
 ></DT
 ></DL
 ></DD
 ><DT
 >5. <A
-HREF="errors.html"
+HREF="faq-errors.html"
 >Common errors</A
 ></DT
 ><DD
 ><DL
 ><DT
 >5.1. <A
-HREF="errors.html#AEN206"
+HREF="faq-errors.html#AEN205"
 >Not listening for calling name</A
 ></DT
 ><DT
 >5.2. <A
-HREF="errors.html#AEN213"
+HREF="faq-errors.html#AEN212"
 >System Error 1240</A
 ></DT
 ><DT
 >5.3. <A
-HREF="errors.html#AEN220"
+HREF="faq-errors.html#AEN219"
 >smbclient ignores -N !</A
 ></DT
 ><DT
 >5.4. <A
-HREF="errors.html#AEN229"
+HREF="faq-errors.html#AEN228"
 >The data on the CD-Drive I've shared seems to be corrupted!</A
 ></DT
 ><DT
 >5.5. <A
-HREF="errors.html#AEN233"
+HREF="faq-errors.html#AEN232"
 >Why can users access home directories of other users?</A
 ></DT
 ><DT
 >5.6. <A
-HREF="errors.html#AEN246"
+HREF="faq-errors.html#AEN245"
 >Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</A
 ></DT
+><DT
+>5.7. <A
+HREF="faq-errors.html#AEN248"
+>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</A
+></DT
 ></DL
 ></DD
 ><DT
 >6. <A
-HREF="features.html"
+HREF="faq-features.html"
 >Features</A
 ></DT
 ><DD
 ><DL
 ><DT
 >6.1. <A
-HREF="features.html#AEN251"
+HREF="faq-features.html#AEN253"
 >How can I prevent my samba server from being used to distribute the Nimda worm?</A
 ></DT
 ><DT
 >6.2. <A
-HREF="features.html#AEN265"
+HREF="faq-features.html#AEN267"
 >How can I use samba as a fax server?</A
 ></DT
 ><DD
 ><DL
 ><DT
 >6.2.1. <A
-HREF="features.html#AEN276"
+HREF="faq-features.html#AEN278"
 >Tools for printing faxes</A
 ></DT
 ><DT
 >6.2.2. <A
-HREF="features.html#AEN286"
+HREF="faq-features.html#AEN287"
 >Making the fax-server</A
 ></DT
 ><DT
 >6.2.3. <A
-HREF="features.html#AEN302"
+HREF="faq-features.html#AEN303"
 >Installing the client drivers</A
 ></DT
 ><DT
 >6.2.4. <A
-HREF="features.html#AEN316"
+HREF="faq-features.html#AEN317"
 >Example smb.conf</A
 ></DT
 ></DL
 ></DD
 ><DT
 >6.3. <A
-HREF="features.html#AEN320"
+HREF="faq-features.html#AEN321"
 >Samba doesn't work well together with DHCP!</A
 ></DT
 ><DT
 >6.4. <A
-HREF="features.html#AEN333"
+HREF="faq-features.html#AEN334"
 >How can I assign NetBIOS names to clients with DHCP?</A
 ></DT
 ><DT
 >6.5. <A
-HREF="features.html#AEN340"
+HREF="faq-features.html#AEN341"
 >How do I convert between unix and dos text formats?</A
 ></DT
 ><DT
 >6.6. <A
-HREF="features.html#AEN345"
+HREF="faq-features.html#AEN346"
 >Does samba have wins replication support?</A
 ></DT
 ></DL
@@ -323,7 +328,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="general.html"
+HREF="faq-general.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
diff --git a/docs/htmldocs/Samba-Developers-Guide.html b/docs/htmldocs/Samba-Developers-Guide.html
index b90d99bf66..5d9702e49e 100644
--- a/docs/htmldocs/Samba-Developers-Guide.html
+++ b/docs/htmldocs/Samba-Developers-Guide.html
@@ -5,7 +5,7 @@
 >SAMBA Developers Guide</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="BOOK"
 BGCOLOR="#FFFFFF"
@@ -687,7 +687,7 @@ HREF="#AEN2925"
 ><DT
 >10.4. <A
 HREF="#AEN2959"
->ChangeID &#38; Client Caching of Printer Information</A
+>ChangeID and Client Caching of Printer Information</A
 ></DT
 ><DT
 >10.5. <A
@@ -810,7 +810,26 @@ HREF="#AEN3162"
 ><A
 NAME="SMBPASSWDFILEFORMAT"
 ></A
->The smbpasswd file</A
+>&#62;The smbpasswd file</A
+></DT
+></DL
+></DD
+><DT
+>14. <A
+HREF="#RPC-PLUGIN"
+>RPC Pluggable Modules</A
+></DT
+><DD
+><DL
+><DT
+>14.1. <A
+HREF="#AEN3225"
+>About</A
+></DT
+><DT
+>14.2. <A
+HREF="#AEN3228"
+>General Overview</A
 ></DT
 ></DL
 ></DD
@@ -915,7 +934,7 @@ NAME="AEN39"
 of, a 'NetBIOS Name Service'.  NT/AS offers 'Windows Internet Name Service'
 which is fully rfc1001/2 compliant, but has had to take specific action
 with certain NetBIOS names in order to make it useful.  (for example, it
-deals with the registration of &#60;1c&#62; &#60;1d&#62; &#60;1e&#62; names all in different ways.
+deals with the registration of &lt;1c&gt; &lt;1d&gt; &lt;1e&gt; names all in different ways.
 I recommend the reading of the Microsoft WINS Server Help files for full
 details).</P
 ><P
@@ -2533,7 +2552,7 @@ NAME="AEN540"
 ><P
 >This is a short document that describes some of the issues that
 confront a SMB implementation on unix, and how Samba copes with
-them. They may help people who are looking at unix&#60;-&#62;PC
+them. They may help people who are looking at unix&lt;-&gt;PC
 interoperability.</P
 ><P
 >It was written to help out a person who was writing a paper on unix to
@@ -2881,14 +2900,14 @@ example, if I'm using a csh style shell:</P
 ><P
 ><B
 CLASS="COMMAND"
->strace -f -p 3872 &#62;&#38; strace.out</B
+>strace -f -p 3872 &gt;&amp; strace.out</B
 ></P
 ><P
 >or with a sh style shell:</P
 ><P
 ><B
 CLASS="COMMAND"
->strace -f -p 3872 &#62; strace.out 2&#62;&#38;1</B
+>strace -f -p 3872 &#62; strace.out 2&gt;&amp;1</B
 ></P
 ><P
 >Note the "-f" option. This is only available on some systems, and
@@ -6985,7 +7004,7 @@ CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note:	mailslots will contain a response mailslot, to which the response
-	should be sent.  the target NetBIOS name is REQUEST_NAME&#60;20&#62;, where
+	should be sent.  the target NetBIOS name is REQUEST_NAME&lt;20&gt;, where
 	REQUEST_NAME is the name of the machine that sent the request.</I
 ></SPAN
 ></P
@@ -7650,18 +7669,18 @@ NAME="AEN2699"
 ></A
 >9.7.2. Protocol</H3
 ><P
->C-&#62;S ReqChal,Cc S-&#62;C Cs</P
+>C-&gt;S ReqChal,Cc S-&gt;C Cs</P
 ><P
->C &#38; S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs)))</P
+>C &amp; S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs)))</P
 ><P
 >C: Rc = Cred(Ks,Cc) C-&#62;S Authenticate,Rc S: Rs = Cred(Ks,Cs),
-assert(Rc == Cred(Ks,Cc)) S-&#62;C Rs C: assert(Rs == Cred(Ks,Cs))</P
+assert(Rc == Cred(Ks,Cc)) S-&gt;C Rs C: assert(Rs == Cred(Ks,Cs))</P
 ><P
 >On joining the domain the client will optionally attempt to change its
 password and the domain controller may refuse to update it depending
 on registry settings. This will also occur weekly afterwards.</P
 ><P
->C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&#62;S ServerPasswordSet,Rc',Tc,
+>C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&gt;S ServerPasswordSet,Rc',Tc,
 arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
 assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1)
 S-&#62;C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'</P
@@ -7669,7 +7688,7 @@ S-&#62;C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'</P
 >User: U with password P wishes to login to the domain (incidental data
 such as workstation and domain omitted)</P
 ><P
->C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&#62;S NetLogonSamLogon,Rc',Tc,U,
+>C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&gt;S NetLogonSamLogon,Rc',Tc,U,
 arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S:
 assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S:
 Ts = Time()</P
@@ -8355,7 +8374,7 @@ CLASS="SECT1"
 ><A
 NAME="AEN2959"
 ></A
->10.4. ChangeID &#38; Client Caching of Printer Information</H2
+>10.4. ChangeID and Client Caching of Printer Information</H2
 ><P
 >[To be filled in later]</P
 ></DIV
@@ -8676,8 +8695,7 @@ accessed.</P
 >For example, when you call </P
 ><PRE
 CLASS="PROGRAMLISTING"
->&#60;
-NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const
+>NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const
 NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain,
 const char *name, SAM_ACCOUNT_HANDLE **account)</PRE
 ><P
@@ -9102,7 +9120,7 @@ NAME="AEN3162"
 >13.3. <A
 NAME="SMBPASSWDFILEFORMAT"
 ></A
->The smbpasswd file</H2
+>&#62;The smbpasswd file</H2
 ><P
 >In order for Samba to participate in the above protocol 
 	it must be able to look up the 16 byte hashed values given a user name.
@@ -9131,7 +9149,7 @@ CLASS="FILENAME"
 CLASS="FILENAME"
 >/etc/passwd
 	</TT
-> file use the following command :</P
+> file use the following command:</P
 ><P
 ><TT
 CLASS="PROMPT"
@@ -9302,6 +9320,97 @@ CLASS="FILENAME"
 > file.</P
 ></DIV
 ></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="RPC-PLUGIN"
+></A
+>Chapter 14. RPC Pluggable Modules</H1
+><DIV
+CLASS="SECT1"
+><H2
+CLASS="SECT1"
+><A
+NAME="AEN3225"
+></A
+>14.1. About</H2
+><P
+>This document describes how to make use the new RPC Pluggable Modules features
+of Samba 3.0.  This architecture was added to increase the maintainability of
+Samba allowing RPC Pipes to be worked on separately from the main CVS branch.
+The RPM architecture will also allow third-party vendors to add functionality
+to Samba through plug-ins.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN3228"
+></A
+>14.2. General Overview</H2
+><P
+>When an RPC call is sent to smbd, smbd tries to load a shared library by the
+name <TT
+CLASS="FILENAME"
+>librpc_&lt;pipename&gt;.so</TT
+> to handle the call if
+it doesn't know how to handle the call internally.  For instance, LSA calls
+are handled by <TT
+CLASS="FILENAME"
+>librpc_lsass.so</TT
+>..
+These shared libraries should be located in the <TT
+CLASS="FILENAME"
+>&lt;sambaroot&gt;/lib/rpc</TT
+>.  smbd then attempts to call the rpc_pipe_init function within
+the shared library.</P
+><P
+>In the rpc_pipe_init function, the library should call 
+rpc_pipe_register_commands().  This function takes the following arguments:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>int rpc_pipe_register_commands(const char *clnt, const char *srv,
+                               const struct api_struct *cmds, int size);</PRE
+></P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>clnt</DT
+><DD
+><P
+>the Client name of the named pipe</P
+></DD
+><DT
+>srv</DT
+><DD
+><P
+>the Server name of the named pipe</P
+></DD
+><DT
+>cmds</DT
+><DD
+><P
+>a list of api_structs that map RPC ordinal numbers to function calls</P
+></DD
+><DT
+>size</DT
+><DD
+><P
+>the number of api_structs contained in cmds</P
+></DD
+></DL
+></DIV
+><P
+>See rpc_server/srv_reg.c and rpc_server/srv_reg_nt.c for a small example of
+how to use this library.</P
+></DIV
+></DIV
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html
index 2bb324d9f3..d758fbbe11 100644
--- a/docs/htmldocs/Samba-HOWTO-Collection.html
+++ b/docs/htmldocs/Samba-HOWTO-Collection.html
@@ -5,7 +5,7 @@
 >SAMBA Project Documentation</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="BOOK"
 BGCOLOR="#FFFFFF"
@@ -45,7 +45,7 @@ CLASS="emphasis"
 CLASS="EMPHASIS"
 >Last Update</I
 ></SPAN
-> : Thu Aug 15 12:48:45 CDT 2002</P
+> : Wed Jan 15</P
 ><P
 >This book is a collection of HOWTOs added to Samba documentation over the years.
 I try to ensure that all are current, but sometimes the is a larger job
@@ -59,6 +59,11 @@ on the "Documentation" page.  Please send updates to <A
 HREF="mailto:jerry@samba.org"
 TARGET="_top"
 >jerry@samba.org</A
+> or 
+<A
+HREF="mailto:jelmer@samba.org"
+TARGET="_top"
+>jelmer@samba.org</A
 >.</P
 ><P
 >This documentation is distributed under the GNU General Public License (GPL) 
@@ -79,7 +84,7 @@ CLASS="TOC"
 ></DT
 ><DT
 >I. <A
-HREF="#AEN18"
+HREF="#INTRODUCTION"
 >General installation</A
 ></DT
 ><DD
@@ -93,27 +98,27 @@ HREF="#INSTALL"
 ><DL
 ><DT
 >1.1. <A
-HREF="#AEN25"
+HREF="#AEN26"
 >Read the man pages</A
 ></DT
 ><DT
 >1.2. <A
-HREF="#AEN35"
+HREF="#AEN36"
 >Building the Binaries</A
 ></DT
 ><DT
 >1.3. <A
-HREF="#AEN63"
+HREF="#AEN64"
 >The all important step</A
 ></DT
 ><DT
 >1.4. <A
-HREF="#AEN67"
+HREF="#AEN68"
 >Create the smb configuration file.</A
 ></DT
 ><DT
 >1.5. <A
-HREF="#AEN81"
+HREF="#AEN82"
 >Test your config file with 
 	<B
 CLASS="COMMAND"
@@ -122,171 +127,118 @@ CLASS="COMMAND"
 ></DT
 ><DT
 >1.6. <A
-HREF="#AEN89"
+HREF="#AEN90"
 >Starting the smbd and nmbd</A
 ></DT
 ><DT
 >1.7. <A
-HREF="#AEN144"
+HREF="#AEN145"
 >Try listing the shares available on your 
 	server</A
 ></DT
 ><DT
 >1.8. <A
-HREF="#AEN153"
+HREF="#AEN154"
 >Try connecting with the unix client</A
 ></DT
 ><DT
 >1.9. <A
-HREF="#AEN169"
+HREF="#AEN170"
 >Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</A
 ></DT
 ><DT
 >1.10. <A
-HREF="#AEN183"
+HREF="#AEN184"
 >What If Things Don't Work?</A
 ></DT
 ></DL
 ></DD
 ><DT
 >2. <A
-HREF="#IMPROVED-BROWSING"
->Improved browsing in samba</A
+HREF="#BROWSING-QUICK"
+>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.1. <A
-HREF="#AEN228"
->Overview of browsing</A
+HREF="#AEN230"
+>Discussion</A
 ></DT
 ><DT
 >2.2. <A
-HREF="#AEN232"
->Browsing support in samba</A
+HREF="#AEN238"
+>Use of the "Remote Announce" parameter</A
 ></DT
 ><DT
 >2.3. <A
-HREF="#AEN241"
->Problem resolution</A
+HREF="#AEN252"
+>Use of the "Remote Browse Sync" parameter</A
 ></DT
 ><DT
 >2.4. <A
-HREF="#AEN248"
->Browsing across subnets</A
+HREF="#AEN257"
+>Use of WINS</A
 ></DT
 ><DT
 >2.5. <A
-HREF="#AEN288"
->Setting up a WINS server</A
+HREF="#AEN268"
+>Do NOT use more than one (1) protocol on MS Windows machines</A
 ></DT
 ><DT
 >2.6. <A
-HREF="#AEN307"
->Setting up Browsing in a WORKGROUP</A
-></DT
-><DT
->2.7. <A
-HREF="#AEN325"
->Setting up Browsing in a DOMAIN</A
-></DT
-><DT
->2.8. <A
-HREF="#AEN335"
->Forcing samba to be the master</A
-></DT
-><DT
->2.9. <A
-HREF="#AEN344"
->Making samba the domain master</A
-></DT
-><DT
->2.10. <A
-HREF="#AEN362"
->Note about broadcast addresses</A
-></DT
-><DT
->2.11. <A
-HREF="#AEN365"
->Multiple interfaces</A
+HREF="#AEN274"
+>Name Resolution Order</A
 ></DT
 ></DL
 ></DD
 ><DT
 >3. <A
-HREF="#OPLOCKS"
->Oplocks</A
+HREF="#PASSDB"
+>User information database</A
 ></DT
 ><DD
 ><DL
 ><DT
 >3.1. <A
-HREF="#AEN377"
->What are oplocks?</A
-></DT
-></DL
-></DD
-><DT
->4. <A
-HREF="#BROWSING-QUICK"
->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
-></DT
-><DD
-><DL
-><DT
->4.1. <A
-HREF="#AEN392"
->Discussion</A
-></DT
-><DT
->4.2. <A
-HREF="#AEN400"
->Use of the "Remote Announce" parameter</A
-></DT
-><DT
->4.3. <A
-HREF="#AEN414"
->Use of the "Remote Browse Sync" parameter</A
+HREF="#AEN324"
+>Introduction</A
 ></DT
 ><DT
->4.4. <A
-HREF="#AEN419"
->Use of WINS</A
+>3.2. <A
+HREF="#AEN331"
+>Important Notes About Security</A
 ></DT
 ><DT
->4.5. <A
-HREF="#AEN430"
->Do NOT use more than one (1) protocol on MS Windows machines</A
+>3.3. <A
+HREF="#AEN357"
+>The smbpasswd Command</A
 ></DT
 ><DT
->4.6. <A
-HREF="#AEN436"
->Name Resolution Order</A
+>3.4. <A
+HREF="#AEN388"
+>Plain text</A
 ></DT
-></DL
-></DD
 ><DT
->5. <A
-HREF="#PWENCRYPT"
->LanMan and NT Password Encryption in Samba</A
+>3.5. <A
+HREF="#AEN393"
+>TDB</A
 ></DT
-><DD
-><DL
 ><DT
->5.1. <A
-HREF="#AEN472"
->Introduction</A
+>3.6. <A
+HREF="#AEN396"
+>LDAP</A
 ></DT
 ><DT
->5.2. <A
-HREF="#AEN477"
->Important Notes About Security</A
+>3.7. <A
+HREF="#AEN614"
+>MySQL</A
 ></DT
 ><DT
->5.3. <A
-HREF="#AEN512"
->The smbpasswd Command</A
+>3.8. <A
+HREF="#AEN662"
+>Passdb XML plugin</A
 ></DT
 ></DL
 ></DD
@@ -294,169 +246,174 @@ HREF="#AEN512"
 ></DD
 ><DT
 >II. <A
-HREF="#AEN544"
+HREF="#TYPE"
 >Type of installation</A
 ></DT
 ><DD
 ><DL
 ><DT
->6. <A
+>4. <A
+HREF="#SECURITYLEVELS"
+>User and Share security level (for servers not in a domain)</A
+></DT
+><DT
+>5. <A
 HREF="#SAMBA-PDC"
->How to Configure Samba as a NT4 Primary Domain Controller</A
+>Samba as a NT4 or Win2k Primary Domain Controller</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.1. <A
-HREF="#AEN566"
+>5.1. <A
+HREF="#AEN722"
 >Prerequisite Reading</A
 ></DT
 ><DT
->6.2. <A
-HREF="#AEN572"
+>5.2. <A
+HREF="#AEN728"
 >Background</A
 ></DT
 ><DT
->6.3. <A
-HREF="#AEN611"
+>5.3. <A
+HREF="#AEN767"
 >Configuring the Samba Domain Controller</A
 ></DT
 ><DT
->6.4. <A
-HREF="#AEN654"
+>5.4. <A
+HREF="#AEN810"
 >Creating Machine Trust Accounts and Joining Clients to the
 Domain</A
 ></DT
 ><DT
->6.5. <A
-HREF="#AEN738"
+>5.5. <A
+HREF="#AEN894"
 >Common Problems and Errors</A
 ></DT
 ><DT
->6.6. <A
-HREF="#AEN786"
+>5.6. <A
+HREF="#AEN942"
 >System Policies and Profiles</A
 ></DT
 ><DT
->6.7. <A
-HREF="#AEN830"
+>5.7. <A
+HREF="#AEN986"
 >What other help can I get?</A
 ></DT
 ><DT
->6.8. <A
-HREF="#AEN944"
+>5.8. <A
+HREF="#AEN1100"
 >Domain Control for Windows 9x/ME</A
 ></DT
 ><DT
->6.9. <A
-HREF="#AEN1082"
->DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+>5.9. <A
+HREF="#AEN1238"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &amp; Samba</A
 ></DT
 ></DL
 ></DD
 ><DT
->7. <A
+>6. <A
 HREF="#SAMBA-BDC"
 >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.1. <A
-HREF="#AEN1118"
+>6.1. <A
+HREF="#AEN1274"
 >Prerequisite Reading</A
 ></DT
 ><DT
->7.2. <A
-HREF="#AEN1122"
+>6.2. <A
+HREF="#AEN1278"
 >Background</A
 ></DT
 ><DT
->7.3. <A
-HREF="#AEN1130"
+>6.3. <A
+HREF="#AEN1286"
 >What qualifies a Domain Controller on the network?</A
 ></DT
 ><DT
->7.4. <A
-HREF="#AEN1139"
->Can Samba be a Backup Domain Controller?</A
+>6.4. <A
+HREF="#AEN1295"
+>Can Samba be a Backup Domain Controller to an NT PDC?</A
 ></DT
 ><DT
->7.5. <A
-HREF="#AEN1143"
+>6.5. <A
+HREF="#AEN1300"
 >How do I set up a Samba BDC?</A
 ></DT
 ></DL
 ></DD
 ><DT
->8. <A
+>7. <A
 HREF="#ADS"
 >Samba as a ADS domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->8.1. <A
-HREF="#AEN1178"
+>7.1. <A
+HREF="#AEN1339"
 >Installing the required packages for Debian</A
 ></DT
 ><DT
->8.2. <A
-HREF="#AEN1184"
+>7.2. <A
+HREF="#AEN1346"
 >Installing the required packages for RedHat</A
 ></DT
 ><DT
->8.3. <A
-HREF="#AEN1193"
+>7.3. <A
+HREF="#AEN1356"
 >Compile Samba</A
 ></DT
 ><DT
->8.4. <A
-HREF="#AEN1205"
+>7.4. <A
+HREF="#AEN1371"
 >Setup your /etc/krb5.conf</A
 ></DT
 ><DT
->8.5. <A
-HREF="#AEN1215"
+>7.5. <A
+HREF="#AEN1381"
 >Create the computer account</A
 ></DT
 ><DT
->8.6. <A
-HREF="#AEN1231"
+>7.6. <A
+HREF="#AEN1393"
 >Test your server setup</A
 ></DT
 ><DT
->8.7. <A
-HREF="#AEN1236"
+>7.7. <A
+HREF="#AEN1398"
 >Testing with smbclient</A
 ></DT
 ><DT
->8.8. <A
-HREF="#AEN1239"
+>7.8. <A
+HREF="#AEN1401"
 >Notes</A
 ></DT
 ></DL
 ></DD
 ><DT
->9. <A
+>8. <A
 HREF="#DOMAIN-SECURITY"
->Samba as a NT4 domain member</A
+>Samba as a NT4 or Win2k domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->9.1. <A
-HREF="#AEN1261"
->Joining an NT Domain with Samba 2.2</A
+>8.1. <A
+HREF="#AEN1423"
+>Joining an NT Domain with Samba 3.0</A
 ></DT
 ><DT
->9.2. <A
-HREF="#AEN1325"
+>8.2. <A
+HREF="#AEN1478"
 >Samba and Windows 2000 Domains</A
 ></DT
 ><DT
->9.3. <A
-HREF="#AEN1330"
+>8.3. <A
+HREF="#AEN1481"
 >Why is this better than security = server?</A
 ></DT
 ></DL
@@ -465,101 +422,101 @@ HREF="#AEN1330"
 ></DD
 ><DT
 >III. <A
-HREF="#AEN1346"
+HREF="#OPTIONAL"
 >Optional configuration</A
 ></DT
 ><DD
 ><DL
 ><DT
->10. <A
+>9. <A
 HREF="#INTEGRATE-MS-NETWORKS"
 >Integrating MS Windows networks with Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.1. <A
-HREF="#AEN1362"
+>9.1. <A
+HREF="#AEN1513"
 >Agenda</A
 ></DT
 ><DT
->10.2. <A
-HREF="#AEN1384"
+>9.2. <A
+HREF="#AEN1535"
 >Name Resolution in a pure Unix/Linux world</A
 ></DT
 ><DT
->10.3. <A
-HREF="#AEN1447"
+>9.3. <A
+HREF="#AEN1598"
 >Name resolution as used within MS Windows networking</A
 ></DT
 ><DT
->10.4. <A
-HREF="#AEN1492"
+>9.4. <A
+HREF="#AEN1643"
 >How browsing functions and how to deploy stable and 
 dependable browsing using Samba</A
 ></DT
 ><DT
->10.5. <A
-HREF="#AEN1502"
+>9.5. <A
+HREF="#AEN1653"
 >MS Windows security options and how to configure 
 Samba for seemless integration</A
 ></DT
 ><DT
->10.6. <A
-HREF="#AEN1572"
+>9.6. <A
+HREF="#AEN1723"
 >Conclusions</A
 ></DT
 ></DL
 ></DD
 ><DT
->11. <A
+>10. <A
 HREF="#UNIX-PERMISSIONS"
 >UNIX Permission Bits and Windows NT Access Control Lists</A
 ></DT
 ><DD
 ><DL
 ><DT
->11.1. <A
-HREF="#AEN1593"
+>10.1. <A
+HREF="#AEN1744"
 >Viewing and changing UNIX permissions using the NT 
 	security dialogs</A
 ></DT
 ><DT
->11.2. <A
-HREF="#AEN1602"
+>10.2. <A
+HREF="#AEN1748"
 >How to view file security on a Samba share</A
 ></DT
 ><DT
->11.3. <A
-HREF="#AEN1613"
+>10.3. <A
+HREF="#AEN1759"
 >Viewing file ownership</A
 ></DT
 ><DT
->11.4. <A
-HREF="#AEN1633"
+>10.4. <A
+HREF="#AEN1779"
 >Viewing file or directory permissions</A
 ></DT
 ><DT
->11.5. <A
-HREF="#AEN1669"
+>10.5. <A
+HREF="#AEN1815"
 >Modifying file or directory permissions</A
 ></DT
 ><DT
->11.6. <A
-HREF="#AEN1691"
+>10.6. <A
+HREF="#AEN1837"
 >Interaction with the standard Samba create mask 
 	parameters</A
 ></DT
 ><DT
->11.7. <A
-HREF="#AEN1755"
+>10.7. <A
+HREF="#AEN1901"
 >Interaction with the standard Samba file attribute 
 	mapping</A
 ></DT
 ></DL
 ></DD
 ><DT
->12. <A
+>11. <A
 HREF="#PAM"
 >Configuring PAM for distributed but centrally 
 managed authentication</A
@@ -567,350 +524,301 @@ managed authentication</A
 ><DD
 ><DL
 ><DT
->12.1. <A
-HREF="#AEN1776"
+>11.1. <A
+HREF="#AEN1922"
 >Samba and PAM</A
 ></DT
 ><DT
->12.2. <A
-HREF="#AEN1820"
+>11.2. <A
+HREF="#AEN1966"
 >Distributed Authentication</A
 ></DT
 ><DT
->12.3. <A
-HREF="#AEN1827"
+>11.3. <A
+HREF="#AEN1973"
 >PAM Configuration in smb.conf</A
 ></DT
 ></DL
 ></DD
 ><DT
->13. <A
+>12. <A
 HREF="#MSDFS"
 >Hosting a Microsoft Distributed File System tree on Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->13.1. <A
-HREF="#AEN1847"
+>12.1. <A
+HREF="#AEN1993"
 >Instructions</A
 ></DT
 ></DL
 ></DD
 ><DT
->14. <A
+>13. <A
 HREF="#PRINTING"
 >Printing Support</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.1. <A
-HREF="#AEN1908"
+>13.1. <A
+HREF="#AEN2054"
 >Introduction</A
 ></DT
 ><DT
->14.2. <A
-HREF="#AEN1930"
+>13.2. <A
+HREF="#AEN2076"
 >Configuration</A
 ></DT
 ><DT
->14.3. <A
-HREF="#AEN2038"
+>13.3. <A
+HREF="#AEN2184"
 >The Imprints Toolset</A
 ></DT
 ><DT
->14.4. <A
-HREF="#AEN2081"
+>13.4. <A
+HREF="#AEN2227"
 >Diagnosis</A
 ></DT
 ></DL
 ></DD
 ><DT
->15. <A
-HREF="#SECURITYLEVELS"
->Security levels</A
-></DT
-><DD
-><DL
-><DT
->15.1. <A
-HREF="#AEN2186"
->Introduction</A
-></DT
-><DT
->15.2. <A
-HREF="#AEN2197"
->More complete description of security levels</A
-></DT
-></DL
-></DD
-><DT
->16. <A
+>14. <A
 HREF="#WINBIND"
 >Unified Logons between Windows NT and UNIX using Winbind</A
 ></DT
 ><DD
 ><DL
 ><DT
->16.1. <A
-HREF="#AEN2249"
+>14.1. <A
+HREF="#AEN2360"
 >Abstract</A
 ></DT
 ><DT
->16.2. <A
-HREF="#AEN2253"
+>14.2. <A
+HREF="#AEN2364"
 >Introduction</A
 ></DT
 ><DT
->16.3. <A
-HREF="#AEN2266"
+>14.3. <A
+HREF="#AEN2377"
 >What Winbind Provides</A
 ></DT
 ><DT
->16.4. <A
-HREF="#AEN2277"
+>14.4. <A
+HREF="#AEN2388"
 >How Winbind Works</A
 ></DT
 ><DT
->16.5. <A
-HREF="#AEN2317"
+>14.5. <A
+HREF="#AEN2431"
 >Installation and Configuration</A
 ></DT
 ><DT
->16.6. <A
-HREF="#AEN2566"
+>14.6. <A
+HREF="#AEN2680"
 >Limitations</A
 ></DT
 ><DT
->16.7. <A
-HREF="#AEN2576"
+>14.7. <A
+HREF="#AEN2690"
 >Conclusion</A
 ></DT
 ></DL
 ></DD
 ><DT
->17. <A
-HREF="#PDB-MYSQL"
->Passdb MySQL plugin</A
+>15. <A
+HREF="#IMPROVED-BROWSING"
+>Improved browsing in samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->17.1. <A
-HREF="#AEN2590"
->Building</A
-></DT
-><DT
->17.2. <A
-HREF="#AEN2596"
->Configuring</A
-></DT
-><DT
->17.3. <A
-HREF="#AEN2611"
->Using plaintext passwords or encrypted password</A
-></DT
-><DT
->17.4. <A
-HREF="#AEN2616"
->Getting non-column data from the table</A
+>15.1. <A
+HREF="#AEN2700"
+>Overview of browsing</A
 ></DT
-></DL
-></DD
 ><DT
->18. <A
-HREF="#PDB-XML"
->Passdb XML plugin</A
+>15.2. <A
+HREF="#AEN2704"
+>Browsing support in samba</A
 ></DT
-><DD
-><DL
 ><DT
->18.1. <A
-HREF="#AEN2635"
->Building</A
+>15.3. <A
+HREF="#AEN2713"
+>Problem resolution</A
 ></DT
 ><DT
->18.2. <A
-HREF="#AEN2641"
->Usage</A
+>15.4. <A
+HREF="#AEN2720"
+>Browsing across subnets</A
 ></DT
-></DL
-></DD
 ><DT
->19. <A
-HREF="#SAMBA-LDAP-HOWTO"
->Storing Samba's User/Machine Account information in an LDAP Directory</A
+>15.5. <A
+HREF="#AEN2760"
+>Setting up a WINS server</A
 ></DT
-><DD
-><DL
 ><DT
->19.1. <A
-HREF="#AEN2664"
->Purpose</A
+>15.6. <A
+HREF="#AEN2779"
+>Setting up Browsing in a WORKGROUP</A
 ></DT
 ><DT
->19.2. <A
-HREF="#AEN2684"
->Introduction</A
+>15.7. <A
+HREF="#AEN2797"
+>Setting up Browsing in a DOMAIN</A
 ></DT
 ><DT
->19.3. <A
-HREF="#AEN2713"
->Supported LDAP Servers</A
+>15.8. <A
+HREF="#AEN2807"
+>Forcing samba to be the master</A
 ></DT
 ><DT
->19.4. <A
-HREF="#AEN2718"
->Schema and Relationship to the RFC 2307 posixAccount</A
+>15.9. <A
+HREF="#AEN2816"
+>Making samba the domain master</A
 ></DT
 ><DT
->19.5. <A
-HREF="#AEN2730"
->Configuring Samba with LDAP</A
+>15.10. <A
+HREF="#AEN2834"
+>Note about broadcast addresses</A
 ></DT
 ><DT
->19.6. <A
-HREF="#AEN2777"
->Accounts and Groups management</A
+>15.11. <A
+HREF="#AEN2837"
+>Multiple interfaces</A
 ></DT
+></DL
+></DD
 ><DT
->19.7. <A
-HREF="#AEN2782"
->Security and sambaAccount</A
+>16. <A
+HREF="#VFS"
+>Stackable VFS modules</A
 ></DT
+><DD
+><DL
 ><DT
->19.8. <A
-HREF="#AEN2802"
->LDAP specials attributes for sambaAccounts</A
+>16.1. <A
+HREF="#AEN2855"
+>Introduction and configuration</A
 ></DT
 ><DT
->19.9. <A
-HREF="#AEN2872"
->Example LDIF Entries for a sambaAccount</A
+>16.2. <A
+HREF="#AEN2864"
+>Included modules</A
 ></DT
 ><DT
->19.10. <A
-HREF="#AEN2880"
->Comments</A
+>16.3. <A
+HREF="#AEN2918"
+>VFS modules available elsewhere</A
 ></DT
 ></DL
 ></DD
 ><DT
->20. <A
+>17. <A
 HREF="#CVS-ACCESS"
->HOWTO Access Samba source code via CVS</A
+>Access Samba source code via CVS</A
 ></DT
 ><DD
 ><DL
 ><DT
->20.1. <A
-HREF="#AEN2891"
+>17.1. <A
+HREF="#AEN2942"
 >Introduction</A
 ></DT
 ><DT
->20.2. <A
-HREF="#AEN2896"
+>17.2. <A
+HREF="#AEN2947"
 >CVS Access to samba.org</A
 ></DT
 ></DL
 ></DD
 ><DT
->21. <A
+>18. <A
 HREF="#GROUPMAPPING"
 >Group mapping HOWTO</A
 ></DT
 ><DT
->22. <A
+>19. <A
 HREF="#SPEED"
 >Samba performance issues</A
 ></DT
 ><DD
 ><DL
 ><DT
->22.1. <A
-HREF="#AEN2982"
+>19.1. <A
+HREF="#AEN3033"
 >Comparisons</A
 ></DT
 ><DT
->22.2. <A
-HREF="#AEN2988"
->Oplocks</A
-></DT
-><DT
->22.3. <A
-HREF="#AEN3008"
+>19.2. <A
+HREF="#AEN3039"
 >Socket options</A
 ></DT
 ><DT
->22.4. <A
-HREF="#AEN3015"
+>19.3. <A
+HREF="#AEN3046"
 >Read size</A
 ></DT
 ><DT
->22.5. <A
-HREF="#AEN3020"
+>19.4. <A
+HREF="#AEN3051"
 >Max xmit</A
 ></DT
 ><DT
->22.6. <A
-HREF="#AEN3025"
->Locking</A
-></DT
-><DT
->22.7. <A
-HREF="#AEN3029"
->Share modes</A
-></DT
-><DT
->22.8. <A
-HREF="#AEN3034"
+>19.5. <A
+HREF="#AEN3056"
 >Log level</A
 ></DT
 ><DT
->22.9. <A
-HREF="#AEN3037"
->Wide lines</A
-></DT
-><DT
->22.10. <A
-HREF="#AEN3040"
+>19.6. <A
+HREF="#AEN3059"
 >Read raw</A
 ></DT
 ><DT
->22.11. <A
-HREF="#AEN3045"
+>19.7. <A
+HREF="#AEN3064"
 >Write raw</A
 ></DT
 ><DT
->22.12. <A
-HREF="#AEN3049"
->Read prediction</A
+>19.8. <A
+HREF="#AEN3068"
+>Slow Clients</A
 ></DT
 ><DT
->22.13. <A
-HREF="#AEN3056"
->Memory mapping</A
+>19.9. <A
+HREF="#AEN3072"
+>Slow Logins</A
 ></DT
 ><DT
->22.14. <A
-HREF="#AEN3061"
->Slow Clients</A
+>19.10. <A
+HREF="#AEN3075"
+>Client tuning</A
 ></DT
+></DL
+></DD
 ><DT
->22.15. <A
-HREF="#AEN3065"
->Slow Logins</A
+>20. <A
+HREF="#GROUPPROFILES"
+>Creating Group Profiles</A
 ></DT
+><DD
+><DL
 ><DT
->22.16. <A
-HREF="#AEN3068"
->Client tuning</A
+>20.1. <A
+HREF="#AEN3123"
+>Windows '9x</A
+></DT
+><DT
+>20.2. <A
+HREF="#AEN3132"
+>Windows NT 4</A
 ></DT
 ><DT
->22.17. <A
-HREF="#AEN3100"
->My Results</A
+>20.3. <A
+HREF="#AEN3170"
+>Windows 2000/XP</A
 ></DT
 ></DL
 ></DD
@@ -918,138 +826,138 @@ HREF="#AEN3100"
 ></DD
 ><DT
 >IV. <A
-HREF="#AEN3106"
+HREF="#APPENDIXES"
 >Appendixes</A
 ></DT
 ><DD
 ><DL
 ><DT
->23. <A
+>21. <A
 HREF="#PORTABILITY"
 >Portability</A
 ></DT
 ><DD
 ><DL
 ><DT
->23.1. <A
-HREF="#AEN3115"
+>21.1. <A
+HREF="#AEN3251"
 >HPUX</A
 ></DT
 ><DT
->23.2. <A
-HREF="#AEN3121"
+>21.2. <A
+HREF="#AEN3257"
 >SCO Unix</A
 ></DT
 ><DT
->23.3. <A
-HREF="#AEN3125"
+>21.3. <A
+HREF="#AEN3261"
 >DNIX</A
 ></DT
 ><DT
->23.4. <A
-HREF="#AEN3154"
+>21.4. <A
+HREF="#AEN3290"
 >RedHat Linux Rembrandt-II</A
 ></DT
 ></DL
 ></DD
 ><DT
->24. <A
+>22. <A
 HREF="#OTHER-CLIENTS"
 >Samba and other CIFS clients</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.1. <A
-HREF="#AEN3175"
+>22.1. <A
+HREF="#AEN3311"
 >Macintosh clients?</A
 ></DT
 ><DT
->24.2. <A
-HREF="#AEN3184"
+>22.2. <A
+HREF="#AEN3320"
 >OS2 Client</A
 ></DT
 ><DT
->24.3. <A
-HREF="#AEN3224"
+>22.3. <A
+HREF="#AEN3360"
 >Windows for Workgroups</A
 ></DT
 ><DT
->24.4. <A
-HREF="#AEN3245"
+>22.4. <A
+HREF="#AEN3381"
 >Windows '95/'98</A
 ></DT
 ><DT
->24.5. <A
-HREF="#AEN3261"
+>22.5. <A
+HREF="#AEN3397"
 >Windows 2000 Service Pack 2</A
 ></DT
 ></DL
 ></DD
 ><DT
->25. <A
+>23. <A
 HREF="#BUGREPORT"
 >Reporting Bugs</A
 ></DT
 ><DD
 ><DL
 ><DT
->25.1. <A
-HREF="#AEN3285"
+>23.1. <A
+HREF="#AEN3421"
 >Introduction</A
 ></DT
 ><DT
->25.2. <A
-HREF="#AEN3295"
+>23.2. <A
+HREF="#AEN3431"
 >General info</A
 ></DT
 ><DT
->25.3. <A
-HREF="#AEN3301"
+>23.3. <A
+HREF="#AEN3437"
 >Debug levels</A
 ></DT
 ><DT
->25.4. <A
-HREF="#AEN3318"
+>23.4. <A
+HREF="#AEN3454"
 >Internal errors</A
 ></DT
 ><DT
->25.5. <A
-HREF="#AEN3328"
+>23.5. <A
+HREF="#AEN3464"
 >Attaching to a running process</A
 ></DT
 ><DT
->25.6. <A
-HREF="#AEN3331"
+>23.6. <A
+HREF="#AEN3467"
 >Patches</A
 ></DT
 ></DL
 ></DD
 ><DT
->26. <A
+>24. <A
 HREF="#DIAGNOSIS"
 >Diagnosing your samba server</A
 ></DT
 ><DD
 ><DL
 ><DT
->26.1. <A
-HREF="#AEN3354"
+>24.1. <A
+HREF="#AEN3490"
 >Introduction</A
 ></DT
 ><DT
->26.2. <A
-HREF="#AEN3359"
+>24.2. <A
+HREF="#AEN3495"
 >Assumptions</A
 ></DT
 ><DT
->26.3. <A
-HREF="#AEN3369"
+>24.3. <A
+HREF="#AEN3505"
 >Tests</A
 ></DT
 ><DT
->26.4. <A
-HREF="#AEN3479"
+>24.4. <A
+HREF="#AEN3615"
 >Still having troubles?</A
 ></DT
 ></DL
@@ -1061,7 +969,7 @@ HREF="#AEN3479"
 ><DIV
 CLASS="PART"
 ><A
-NAME="AEN18"
+NAME="INTRODUCTION"
 ></A
 ><DIV
 CLASS="TITLEPAGE"
@@ -1071,7 +979,7 @@ CLASS="TITLE"
 ><DIV
 CLASS="PARTINTRO"
 ><A
-NAME="AEN20"
+NAME="AEN21"
 ></A
 ><H1
 >Introduction</H1
@@ -1096,27 +1004,27 @@ HREF="#INSTALL"
 ><DL
 ><DT
 >1.1. <A
-HREF="#AEN25"
+HREF="#AEN26"
 >Read the man pages</A
 ></DT
 ><DT
 >1.2. <A
-HREF="#AEN35"
+HREF="#AEN36"
 >Building the Binaries</A
 ></DT
 ><DT
 >1.3. <A
-HREF="#AEN63"
+HREF="#AEN64"
 >The all important step</A
 ></DT
 ><DT
 >1.4. <A
-HREF="#AEN67"
+HREF="#AEN68"
 >Create the smb configuration file.</A
 ></DT
 ><DT
 >1.5. <A
-HREF="#AEN81"
+HREF="#AEN82"
 >Test your config file with 
 	<B
 CLASS="COMMAND"
@@ -1125,75 +1033,75 @@ CLASS="COMMAND"
 ></DT
 ><DT
 >1.6. <A
-HREF="#AEN89"
+HREF="#AEN90"
 >Starting the smbd and nmbd</A
 ></DT
 ><DD
 ><DL
 ><DT
 >1.6.1. <A
-HREF="#AEN99"
+HREF="#AEN100"
 >Starting from inetd.conf</A
 ></DT
 ><DT
 >1.6.2. <A
-HREF="#AEN128"
+HREF="#AEN129"
 >Alternative: starting it as a daemon</A
 ></DT
 ></DL
 ></DD
 ><DT
 >1.7. <A
-HREF="#AEN144"
+HREF="#AEN145"
 >Try listing the shares available on your 
 	server</A
 ></DT
 ><DT
 >1.8. <A
-HREF="#AEN153"
+HREF="#AEN154"
 >Try connecting with the unix client</A
 ></DT
 ><DT
 >1.9. <A
-HREF="#AEN169"
+HREF="#AEN170"
 >Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</A
 ></DT
 ><DT
 >1.10. <A
-HREF="#AEN183"
+HREF="#AEN184"
 >What If Things Don't Work?</A
 ></DT
 ><DD
 ><DL
 ><DT
 >1.10.1. <A
-HREF="#AEN188"
+HREF="#AEN189"
 >Diagnosing Problems</A
 ></DT
 ><DT
 >1.10.2. <A
-HREF="#AEN192"
+HREF="#AEN193"
 >Scope IDs</A
 ></DT
 ><DT
 >1.10.3. <A
-HREF="#AEN195"
+HREF="#AEN196"
 >Choosing the Protocol Level</A
 ></DT
 ><DT
 >1.10.4. <A
-HREF="#AEN204"
+HREF="#AEN205"
 >Printing from UNIX to a Client PC</A
 ></DT
 ><DT
 >1.10.5. <A
-HREF="#AEN209"
+HREF="#AEN210"
 >Locking</A
 ></DT
 ><DT
 >1.10.6. <A
-HREF="#AEN218"
+HREF="#AEN219"
 >Mapping Usernames</A
 ></DT
 ></DL
@@ -1202,169 +1110,199 @@ HREF="#AEN218"
 ></DD
 ><DT
 >2. <A
-HREF="#IMPROVED-BROWSING"
->Improved browsing in samba</A
+HREF="#BROWSING-QUICK"
+>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.1. <A
-HREF="#AEN228"
->Overview of browsing</A
+HREF="#AEN230"
+>Discussion</A
 ></DT
 ><DT
 >2.2. <A
-HREF="#AEN232"
->Browsing support in samba</A
+HREF="#AEN238"
+>Use of the "Remote Announce" parameter</A
 ></DT
 ><DT
 >2.3. <A
-HREF="#AEN241"
->Problem resolution</A
+HREF="#AEN252"
+>Use of the "Remote Browse Sync" parameter</A
 ></DT
 ><DT
 >2.4. <A
-HREF="#AEN248"
->Browsing across subnets</A
-></DT
-><DD
-><DL
-><DT
->2.4.1. <A
-HREF="#AEN253"
->How does cross subnet browsing work ?</A
+HREF="#AEN257"
+>Use of WINS</A
 ></DT
-></DL
-></DD
 ><DT
 >2.5. <A
-HREF="#AEN288"
->Setting up a WINS server</A
+HREF="#AEN268"
+>Do NOT use more than one (1) protocol on MS Windows machines</A
 ></DT
 ><DT
 >2.6. <A
-HREF="#AEN307"
->Setting up Browsing in a WORKGROUP</A
+HREF="#AEN274"
+>Name Resolution Order</A
 ></DT
+></DL
+></DD
 ><DT
->2.7. <A
-HREF="#AEN325"
->Setting up Browsing in a DOMAIN</A
+>3. <A
+HREF="#PASSDB"
+>User information database</A
 ></DT
+><DD
+><DL
 ><DT
->2.8. <A
-HREF="#AEN335"
->Forcing samba to be the master</A
+>3.1. <A
+HREF="#AEN324"
+>Introduction</A
 ></DT
 ><DT
->2.9. <A
-HREF="#AEN344"
->Making samba the domain master</A
+>3.2. <A
+HREF="#AEN331"
+>Important Notes About Security</A
 ></DT
+><DD
+><DL
 ><DT
->2.10. <A
-HREF="#AEN362"
->Note about broadcast addresses</A
+>3.2.1. <A
+HREF="#AEN346"
+>Advantages of SMB Encryption</A
 ></DT
 ><DT
->2.11. <A
-HREF="#AEN365"
->Multiple interfaces</A
+>3.2.2. <A
+HREF="#AEN351"
+>Advantages of non-encrypted passwords</A
 ></DT
 ></DL
 ></DD
 ><DT
->3. <A
-HREF="#OPLOCKS"
->Oplocks</A
+>3.3. <A
+HREF="#AEN357"
+>The smbpasswd Command</A
 ></DT
-><DD
-><DL
 ><DT
->3.1. <A
-HREF="#AEN377"
->What are oplocks?</A
+>3.4. <A
+HREF="#AEN388"
+>Plain text</A
 ></DT
-></DL
-></DD
 ><DT
->4. <A
-HREF="#BROWSING-QUICK"
->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
+>3.5. <A
+HREF="#AEN393"
+>TDB</A
+></DT
+><DT
+>3.6. <A
+HREF="#AEN396"
+>LDAP</A
 ></DT
 ><DD
 ><DL
 ><DT
->4.1. <A
-HREF="#AEN392"
->Discussion</A
+>3.6.1. <A
+HREF="#AEN398"
+>Introduction</A
 ></DT
 ><DT
->4.2. <A
-HREF="#AEN400"
->Use of the "Remote Announce" parameter</A
+>3.6.2. <A
+HREF="#AEN418"
+>Introduction</A
 ></DT
 ><DT
->4.3. <A
-HREF="#AEN414"
->Use of the "Remote Browse Sync" parameter</A
+>3.6.3. <A
+HREF="#AEN447"
+>Supported LDAP Servers</A
 ></DT
 ><DT
->4.4. <A
-HREF="#AEN419"
->Use of WINS</A
+>3.6.4. <A
+HREF="#AEN452"
+>Schema and Relationship to the RFC 2307 posixAccount</A
 ></DT
 ><DT
->4.5. <A
-HREF="#AEN430"
->Do NOT use more than one (1) protocol on MS Windows machines</A
+>3.6.5. <A
+HREF="#AEN464"
+>Configuring Samba with LDAP</A
 ></DT
 ><DT
->4.6. <A
-HREF="#AEN436"
->Name Resolution Order</A
+>3.6.6. <A
+HREF="#AEN511"
+>Accounts and Groups management</A
+></DT
+><DT
+>3.6.7. <A
+HREF="#AEN516"
+>Security and sambaAccount</A
+></DT
+><DT
+>3.6.8. <A
+HREF="#AEN536"
+>LDAP specials attributes for sambaAccounts</A
+></DT
+><DT
+>3.6.9. <A
+HREF="#AEN606"
+>Example LDIF Entries for a sambaAccount</A
 ></DT
 ></DL
 ></DD
 ><DT
->5. <A
-HREF="#PWENCRYPT"
->LanMan and NT Password Encryption in Samba</A
+>3.7. <A
+HREF="#AEN614"
+>MySQL</A
 ></DT
 ><DD
 ><DL
 ><DT
->5.1. <A
-HREF="#AEN472"
->Introduction</A
+>3.7.1. <A
+HREF="#AEN616"
+>Building</A
 ></DT
 ><DT
->5.2. <A
-HREF="#AEN477"
->Important Notes About Security</A
+>3.7.2. <A
+HREF="#AEN622"
+>Creating the database</A
 ></DT
-><DD
-><DL
 ><DT
->5.2.1. <A
-HREF="#AEN496"
->Advantages of SMB Encryption</A
+>3.7.3. <A
+HREF="#AEN632"
+>Configuring</A
 ></DT
 ><DT
->5.2.2. <A
-HREF="#AEN503"
->Advantages of non-encrypted passwords</A
+>3.7.4. <A
+HREF="#AEN649"
+>Using plaintext passwords or encrypted password</A
+></DT
+><DT
+>3.7.5. <A
+HREF="#AEN654"
+>Getting non-column data from the table</A
 ></DT
 ></DL
 ></DD
 ><DT
->5.3. <A
-HREF="#AEN512"
->The smbpasswd Command</A
+>3.8. <A
+HREF="#AEN662"
+>Passdb XML plugin</A
+></DT
+><DD
+><DL
+><DT
+>3.8.1. <A
+HREF="#AEN664"
+>Building</A
+></DT
+><DT
+>3.8.2. <A
+HREF="#AEN670"
+>Usage</A
 ></DT
 ></DL
 ></DD
 ></DL
+></DD
+></DL
 ></DIV
 ></DIV
 ><DIV
@@ -1379,7 +1317,7 @@ CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN25"
+NAME="AEN26"
 ></A
 >1.1. Read the man pages</H2
 ><P
@@ -1421,7 +1359,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN35"
+NAME="AEN36"
 ></A
 >1.2. Building the Binaries</H2
 ><P
@@ -1520,7 +1458,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN63"
+NAME="AEN64"
 ></A
 >1.3. The all important step</H2
 ><P
@@ -1537,7 +1475,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN67"
+NAME="AEN68"
 ></A
 >1.4. Create the smb configuration file.</H2
 ><P
@@ -1593,7 +1531,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN81"
+NAME="AEN82"
 ></A
 >1.5. Test your config file with 
 	<B
@@ -1623,7 +1561,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN89"
+NAME="AEN90"
 ></A
 >1.6. Starting the smbd and nmbd</H2
 ><P
@@ -1663,7 +1601,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN99"
+NAME="AEN100"
 ></A
 >1.6.1. Starting from inetd.conf</H3
 ><P
@@ -1767,7 +1705,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN128"
+NAME="AEN129"
 ></A
 >1.6.2. Alternative: starting it as a daemon</H3
 ><P
@@ -1824,7 +1762,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN144"
+NAME="AEN145"
 ></A
 >1.7. Try listing the shares available on your 
 	server</H2
@@ -1865,7 +1803,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN153"
+NAME="AEN154"
 ></A
 >1.8. Try connecting with the unix client</H2
 ><P
@@ -1928,7 +1866,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN169"
+NAME="AEN170"
 ></A
 >1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</H2
@@ -1977,7 +1915,7 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN183"
+NAME="AEN184"
 ></A
 >1.10. What If Things Don't Work?</H2
 ><P
@@ -2000,7 +1938,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN188"
+NAME="AEN189"
 ></A
 >1.10.1. Diagnosing Problems</H3
 ><P
@@ -2017,7 +1955,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN192"
+NAME="AEN193"
 ></A
 >1.10.2. Scope IDs</H3
 ><P
@@ -2033,7 +1971,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN195"
+NAME="AEN196"
 ></A
 >1.10.3. Choosing the Protocol Level</H3
 ><P
@@ -2074,7 +2012,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN204"
+NAME="AEN205"
 ></A
 >1.10.4. Printing from UNIX to a Client PC</H3
 ><P
@@ -2095,7 +2033,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN209"
+NAME="AEN210"
 ></A
 >1.10.5. Locking</H3
 ><P
@@ -2155,7 +2093,7 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN218"
+NAME="AEN219"
 ></A
 >1.10.6. Mapping Usernames</H3
 ><P
@@ -2169,1170 +2107,1660 @@ NAME="AEN218"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="IMPROVED-BROWSING"
+NAME="BROWSING-QUICK"
 ></A
->Chapter 2. Improved browsing in samba</H1
+>Chapter 2. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</H1
+><P
+>This document should be read in conjunction with Browsing and may
+be taken as the fast track guide to implementing browsing across subnets
+and / or across workgroups (or domains). WINS is the best tool for resolution
+of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling
+except by way of name to address mapping.</P
 ><DIV
 CLASS="SECT1"
-><H2
+><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN228"
+NAME="AEN230"
 ></A
->2.1. Overview of browsing</H2
+>2.1. Discussion</H2
 ><P
->SMB networking provides a mechanism by which clients can access a list
-of machines in a network, a so-called "browse list".  This list
-contains machines that are ready to offer file and/or print services
-to other machines within the network. Thus it does not include
-machines which aren't currently able to do server tasks.  The browse
-list is heavily used by all SMB clients.  Configuration of SMB
-browsing has been problematic for some Samba users, hence this
-document.</P
+>Firstly, all MS Windows networking is based on SMB (Server Message
+Block) based messaging. SMB messaging is implemented using NetBIOS. Samba
+implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can
+do likewise. NetBIOS based networking uses broadcast messaging to affect
+browse list management. When running NetBIOS over TCP/IP this uses UDP
+based messaging. UDP messages can be broadcast or unicast.</P
 ><P
->Browsing will NOT work if name resolution from NetBIOS names to IP
-addresses does not function correctly. Use of a WINS server is highly
-recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
-WINS allows remote segment clients to obtain NetBIOS name_type information
-that can NOT be provided by any other means of name resolution.</P
+>Normally, only unicast UDP messaging can be forwarded by routers. The
+"remote announce" parameter to smb.conf helps to project browse announcements
+to remote network segments via unicast UDP. Similarly, the "remote browse sync"
+parameter of smb.conf implements browse list collation using unicast UDP.</P
+><P
+>Secondly, in those networks where Samba is the only SMB server technology
+wherever possible nmbd should be configured on one (1) machine as the WINS
+server. This makes it easy to manage the browsing environment. If each network
+segment is configured with it's own Samba WINS server, then the only way to
+get cross segment browsing to work is by using the "remote announce" and
+the "remote browse sync" parameters to your smb.conf file.</P
+><P
+>If only one WINS server is used then the use of the "remote announce" and the
+"remote browse sync" parameters should NOT be necessary.</P
+><P
+>Samba WINS does not support MS-WINS replication. This means that when setting up
+Samba as a WINS server there must only be one nmbd configured as a WINS server
+on the network. Some sites have used multiple Samba WINS servers for redundancy
+(one server per subnet) and then used "remote browse sync" and "remote announce"
+to affect browse list collation across all segments. Note that this means
+clients will only resolve local names, and must be configured to use DNS to
+resolve names on other subnets in order to resolve the IP addresses of the
+servers they can see on other subnets. This setup is not recommended, but is
+mentioned as a practical consideration (ie: an 'if all else fails' scenario).</P
+><P
+>Lastly, take note that browse lists are a collection of unreliable broadcast
+messages that are repeated at intervals of not more than 15 minutes. This means
+that it will take time to establish a browse list and it can take up to 45
+minutes to stabilise, particularly across network segments.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN232"
+NAME="AEN238"
 ></A
->2.2. Browsing support in samba</H2
-><P
->Samba now fully supports browsing.  The browsing is supported by nmbd
-and is also controlled by options in the smb.conf file (see smb.conf(5)).</P
-><P
->Samba can act as a local browse master for a workgroup and the ability
-for samba to support domain logons and scripts is now available.  See
-DOMAIN.txt for more information on domain logons.</P
-><P
->Samba can also act as a domain master browser for a workgroup.  This
-means that it will collate lists from local browse masters into a
-wide area network server list.  In order for browse clients to
-resolve the names they may find in this list, it is recommended that
-both samba and your clients use a WINS server.</P
-><P
->Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain: on each wide area
-network, you must only ever have one domain master browser per workgroup,
-regardless of whether it is NT, Samba or any other type of domain master
-that is providing this service.</P
+>2.2. Use of the "Remote Announce" parameter</H2
 ><P
->[Note that nmbd can be configured as a WINS server, but it is not
-necessary to specifically use samba as your WINS server.  NTAS can
-be configured as your WINS server.  In a mixed NT server and
-samba environment on a Wide Area Network, it is recommended that
-you use the NT server's WINS server capabilities.  In a samba-only
-environment, it is recommended that you use one and only one nmbd
-as your WINS server].</P
+>The "remote announce" parameter of smb.conf can be used to forcibly ensure
+that all the NetBIOS names on a network get announced to a remote network.
+The syntax of the "remote announce" parameter is:
+<PRE
+CLASS="PROGRAMLISTING"
+>	remote announce = a.b.c.d [e.f.g.h] ...</PRE
+>
+_or_
+<PRE
+CLASS="PROGRAMLISTING"
+>	remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...</PRE
+>
+
+where:
+<P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>a.b.c.d and e.f.g.h</DT
+><DD
 ><P
->To get browsing to work you need to run nmbd as usual, but will need
-to use the "workgroup" option in smb.conf to control what workgroup
-Samba becomes a part of.</P
+>is either the LMB (Local Master Browser) IP address
+or the broadcst address of the remote network.
+ie: the LMB is at 192.168.1.10, or the address
+could be given as 192.168.1.255 where the netmask
+is assumed to be 24 bits (255.255.255.0).
+When the remote announcement is made to the broadcast
+address of the remote network every host will receive
+our announcements. This is noisy and therefore
+undesirable but may be necessary if we do NOT know
+the IP address of the remote LMB.</P
+></DD
+><DT
+>WORKGROUP</DT
+><DD
 ><P
->Samba also has a useful option for a Samba server to offer itself for
-browsing on another subnet.  It is recommended that this option is only
-used for 'unusual' purposes: announcements over the internet, for
-example.  See "remote announce" in the smb.conf man page.  </P
+>is optional and can be either our own workgroup
+or that of the remote network. If you use the
+workgroup name of the remote network then our
+NetBIOS machine names will end up looking like
+they belong to that workgroup, this may cause
+name resolution problems and should be avoided.</P
+></DD
+></DL
+></DIV
+></P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN241"
+NAME="AEN252"
 ></A
->2.3. Problem resolution</H2
+>2.3. Use of the "Remote Browse Sync" parameter</H2
 ><P
->If something doesn't work then hopefully the log.nmb file will help
-you track down the problem.  Try a debug level of 2 or 3 for finding
-problems. Also note that the current browse list usually gets stored
-in text form in a file called browse.dat.</P
+>The "remote browse sync" parameter of smb.conf is used to announce to
+another LMB that it must synchronise it's NetBIOS name list with our
+Samba LMB. It works ONLY if the Samba server that has this option is
+simultaneously the LMB on it's network segment.</P
 ><P
->Note that if it doesn't work for you, then you should still be able to
-type the server name as \\SERVER in filemanager then hit enter and
-filemanager should display the list of available shares.</P
+>The syntax of the "remote browse  sync" parameter is:
+
+<PRE
+CLASS="PROGRAMLISTING"
+>remote browse sync = a.b.c.d</PRE
+>
+
+where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN257"
+></A
+>2.4. Use of WINS</H2
 ><P
->Some people find browsing fails because they don't have the global
-"guest account" set to a valid account.  Remember that the IPC$
-connection that lists the shares is done as guest, and thus you must
-have a valid guest account.</P
+>Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly
+recommended. Every NetBIOS machine registers it's name together with a
+name_type value for each of of several types of service it has available.
+eg: It registers it's name directly as a unique (the type 0x03) name.
+It also registers it's name if it is running the lanmanager compatible
+server service (used to make shares and printers available to other users)
+by registering the server (the type 0x20) name.</P
 ><P
->Also, a lot of people are getting bitten by the problem of too many
-parameters on the command line of nmbd in inetd.conf.  This trick is to
-not use spaces between the option and the parameter (eg: -d2 instead
-of -d 2), and to not use the -B and -N options.  New versions of nmbd
-are now far more likely to correctly find your broadcast and network
-address, so in most cases these aren't needed.</P
+>All NetBIOS names are up to 15 characters in length. The name_type variable
+is added to the end of the name - thus creating a 16 character name. Any
+name that is shorter than 15 characters is padded with spaces to the 15th
+character. ie: All NetBIOS names are 16 characters long (including the
+name_type information).</P
 ><P
->The other big problem people have is that their broadcast address,
-netmask or IP address is wrong (specified with the "interfaces" option
-in smb.conf)</P
+>WINS can store these 16 character names as they get registered. A client
+that wants to log onto the network can ask the WINS server for a list
+of all names that have registered the NetLogon service name_type. This saves
+broadcast traffic and greatly expedites logon processing. Since broadcast
+name resolution can not be used across network segments this type of
+information can only be provided via WINS _or_ via statically configured
+"lmhosts" files that must reside on all clients in the absence of WINS.</P
+><P
+>WINS also serves the purpose of forcing browse list synchronisation by all
+LMB's. LMB's must synchronise their browse list with the DMB (domain master
+browser) and WINS helps the LMB to identify it's DMB. By definition this
+will work only within a single workgroup. Note that the domain master browser
+has NOTHING to do with what is referred to as an MS Windows NT Domain. The
+later is a reference to a security environment while the DMB refers to the
+master controller for browse list information only.</P
+><P
+>Use of WINS will work correctly only if EVERY client TCP/IP protocol stack
+has been configured to use the WINS server/s. Any client that has not been
+configured to use the WINS server will continue to use only broadcast based
+name registration so that WINS may NEVER get to know about it. In any case,
+machines that have not registered with a WINS server will fail name to address
+lookup attempts by other clients and will therefore cause workstation access
+errors.</P
+><P
+>To configure Samba as a WINS server just add "wins support = yes" to the
+smb.conf file [globals] section.</P
+><P
+>To configure Samba to register with a WINS server just add
+"wins server = a.b.c.d" to your smb.conf file [globals] section.</P
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>DO NOT EVER</I
+></SPAN
+> use both "wins support = yes" together with "wins server = a.b.c.d"
+particularly not using it's own IP address.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN248"
+NAME="AEN268"
 ></A
->2.4. Browsing across subnets</H2
+>2.5. Do NOT use more than one (1) protocol on MS Windows machines</H2
 ><P
->With the release of Samba 1.9.17(alpha1 and above) Samba has been
-updated to enable it to support the replication of browse lists
-across subnet boundaries.  New code and options have been added to
-achieve this.  This section describes how to set this feature up
-in different settings.</P
+>A very common cause of browsing problems results from installing more than
+one protocol on an MS Windows machine.</P
 ><P
->To see browse lists that span TCP/IP subnets (ie.  networks separated
-by routers that don't pass broadcast traffic) you must set up at least
-one WINS server.  The WINS server acts as a DNS for NetBIOS names, allowing
-NetBIOS name to IP address translation to be done by doing a direct
-query of the WINS server.  This is done via a directed UDP packet on
-port 137 to the WINS server machine.  The reason for a WINS server is
-that by default, all NetBIOS name to IP address translation is done
-by broadcasts from the querying machine.  This means that machines
-on one subnet will not be able to resolve the names of machines on
-another subnet without using a WINS server.</P
+>Every NetBIOS machine take part in a process of electing the LMB (and DMB)
+every 15 minutes. A set of election criteria is used to determine the order
+of precidence for winning this election process. A machine running Samba or
+Windows NT will be biased so that the most suitable machine will predictably
+win and thus retain it's role.</P
 ><P
->Remember, for browsing across subnets to work correctly, all machines,
-be they Windows 95, Windows NT, or Samba servers must have the IP address
-of a WINS server given to them by a DHCP server, or by manual configuration 
-(for Win95 and WinNT, this is in the TCP/IP Properties, under Network 
-settings) for Samba this is in the smb.conf file.</P
+>The election process is "fought out" so to speak over every NetBIOS network
+interface. In the case of a Windows 9x machine that has both TCP/IP and IPX
+installed and has NetBIOS enabled over both protocols the election will be
+decided over both protocols. As often happens, if the Windows 9x machine is
+the only one with both protocols then the LMB may be won on the NetBIOS
+interface over the IPX protocol. Samba will then lose the LMB role as Windows
+9x will insist it knows who the LMB is. Samba will then cease to function
+as an LMB and thus browse list operation on all TCP/IP only machines will
+fail.</P
+><P
+>The safest rule of all to follow it this - USE ONLY ONE PROTOCOL!</P
+></DIV
 ><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
 ><A
-NAME="AEN253"
+NAME="AEN274"
 ></A
->2.4.1. How does cross subnet browsing work ?</H3
-><P
->Cross subnet browsing is a complicated dance, containing multiple
-moving parts.  It has taken Microsoft several years to get the code
-that achieves this correct, and Samba lags behind in some areas.
-However, with the 1.9.17 release, Samba is capable of cross subnet
-browsing when configured correctly.</P
+>2.6. Name Resolution Order</H2
 ><P
->Consider a network set up as follows :</P
+>Resolution of NetBIOS names to IP addresses can take place using a number
+of methods. The only ones that can provide NetBIOS name_type information
+are:</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->                                   (DMB)
-             N1_A      N1_B        N1_C       N1_D        N1_E
-              |          |           |          |           |
-          -------------------------------------------------------
-            |          subnet 1                       |
-          +---+                                      +---+
-          |R1 | Router 1                  Router 2   |R2 |
-          +---+                                      +---+
-            |                                          |
-            |  subnet 2              subnet 3          |
-  --------------------------       ------------------------------------
-  |     |     |      |               |        |         |           |
- N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
-                    (WINS)</PRE
 ></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>WINS: the best tool!</TD
+></TR
+><TR
+><TD
+>LMHOSTS: is static and hard to maintain.</TD
+></TR
+><TR
+><TD
+>Broadcast: uses UDP and can not resolve names across remote segments.</TD
+></TR
+></TBODY
+></TABLE
 ><P
->Consisting of 3 subnets (1, 2, 3) connected by two routers
-(R1, R2) - these do not pass broadcasts.  Subnet 1 has 5 machines
-on it, subnet 2 has 4 machines, subnet 3 has 4 machines.  Assume
-for the moment that all these machines are configured to be in the
-same workgroup (for simplicities sake).  Machine N1_C on subnet 1
-is configured as Domain Master Browser (ie.  it will collate the
-browse lists for the workgroup).  Machine N2_D is configured as
-WINS server and all the other machines are configured to register
-their NetBIOS names with it.</P
+></P
 ><P
->As all these machines are booted up, elections for master browsers
-will take place on each of the three subnets.  Assume that machine
-N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
-subnet 3 - these machines are known as local master browsers for
-their particular subnet.  N1_C has an advantage in winning as the
-local master browser on subnet 1 as it is set up as Domain Master
-Browser.</P
+>Alternative means of name resolution includes:</P
 ><P
->On each of the three networks, machines that are configured to 
-offer sharing services will broadcast that they are offering
-these services.  The local master browser on each subnet will
-receive these broadcasts and keep a record of the fact that
-the machine is offering a service.  This list of records is
-the basis of the browse list.  For this case, assume that
-all the machines are configured to offer services so all machines
-will be on the browse list.</P
-><P
->For each network, the local master browser on that network is
-considered 'authoritative' for all the names it receives via
-local broadcast.  This is because a machine seen by the local
-master browser via a local broadcast must be on the same 
-network as the local master browser and thus is a 'trusted'
-and 'verifiable' resource.  Machines on other networks that
-the local master browsers learn about when collating their
-browse lists have not been directly seen - these records are
-called 'non-authoritative'.</P
-><P
->At this point the browse lists look as follows (these are 
-the machines you would see in your network neighborhood if
-you looked in it on a particular network right now).</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D</PRE
 ></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>/etc/hosts: is static, hard to maintain, and lacks name_type info</TD
+></TR
+><TR
+><TD
+>DNS: is a good choice but lacks essential name_type info.</TD
+></TR
+></TBODY
+></TABLE
 ><P
->Note that at this point all the subnets are separate, no
-machine is seen across any of the subnets.</P
-><P
->Now examine subnet 2.  As soon as N2_B has become the local
-master browser it looks for a Domain master browser to synchronize
-its browse list with.  It does this by querying the WINS server
-(N2_D) for the IP address associated with the NetBIOS name 
-WORKGROUP&gt;1B&lt;.  This name was registerd by the Domain master
-browser (N1_C) with the WINS server as soon as it was booted.</P
-><P
->Once N2_B knows the address of the Domain master browser it
-tells it that is the local master browser for subnet 2 by
-sending a MasterAnnouncement packet as a UDP port 138 packet.
-It then synchronizes with it by doing a NetServerEnum2 call.  This
-tells the Domain Master Browser to send it all the server
-names it knows about.  Once the domain master browser receives
-the MasterAnnouncement packet it schedules a synchronization
-request to the sender of that packet.  After both synchronizations
-are done the browse lists look like :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-
-Servers with a (*) after them are non-authoritative names.</PRE
 ></P
 ><P
->At this point users looking in their network neighborhood on
-subnets 1 or 2 will see all the servers on both, users on
-subnet 3 will still only see the servers on their own subnet.</P
-><P
->The same sequence of events that occured for N2_B now occurs
-for the local master browser on subnet 3 (N3_D).  When it
-synchronizes browse lists with the domain master browser (N1_A)
-it gets both the server entries on subnet 1, and those on
-subnet 2.  After N3_D has synchronized with N1_C and vica-versa
-the browse lists look like.</P
-><P
-><PRE
+>Many sites want to restrict DNS lookups and want to avoid broadcast name
+resolution traffic. The "name resolve order" parameter is of great help here.
+The syntax of the "name resolve order" parameter is:
+<PRE
 CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Servers with a (*) after them are non-authoritative names.</PRE
-></P
-><P
->At this point users looking in their network neighborhood on
-subnets 1 or 3 will see all the servers on all sunbets, users on
-subnet 2 will still only see the servers on subnets 1 and 2, but not 3.</P
-><P
->Finally, the local master browser for subnet 2 (N2_B) will sync again
-with the domain master browser (N1_C) and will recieve the missing
-server entries.  Finally - and as a steady state (if no machines
-are removed or shut off) the browse lists will look like :</P
-><P
-><PRE
+>name resolve order = wins lmhosts bcast host</PRE
+>
+_or_
+<PRE
 CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-	
-Servers with a (*) after them are non-authoritative names.</PRE
-></P
-><P
->Synchronizations between the domain master browser and local
-master browsers will continue to occur, but this should be a
-steady state situation.</P
-><P
->If either router R1 or R2 fails the following will occur:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
+>name resolve order = wins lmhosts  	(eliminates bcast and host)</PRE
+>
+The default is:
+<PRE
+CLASS="PROGRAMLISTING"
+>name  resolve order = host lmhost wins bcast</PRE
+>.
+where "host" refers the the native methods used by the Unix system
+to implement the gethostbyname() function call. This is normally
+controlled by <TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+>, <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+>.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="PASSDB"
+></A
+>Chapter 3. User information database</H1
+><DIV
+CLASS="SECT1"
+><H2
+CLASS="SECT1"
+><A
+NAME="AEN324"
+></A
+>3.1. Introduction</H2
 ><P
->	Names of computers on each side of the inaccessible network fragments
-	will be maintained for as long as 36 minutes, in the network neighbourhood
-	lists.
+>Old windows clients send plain text passwords over the wire. 
+	Samba can check these passwords by crypting them and comparing them 
+	to the hash stored in the unix user database.
 	</P
-></LI
-><LI
 ><P
->	Attempts to connect to these inaccessible computers will fail, but the
-	names will not be removed from the network neighbourhood lists.
+>	Newer windows clients send encrypted passwords (so-called 
+	Lanman and NT hashes) over 
+	the wire, instead of plain text passwords. The newest clients 
+	will only send encrypted passwords and refuse to send plain text 
+	passwords, unless their registry is tweaked.
 	</P
-></LI
-><LI
 ><P
->	If one of the fragments is cut off from the WINS server, it will only
-	be able to access servers on its local subnet, by using subnet-isolated
-	broadcast NetBIOS name resolution.  The effects are similar to that of
-	losing access to a DNS server.
+>These passwords can't be converted to unix style encrypted 
+	passwords. Because of that you can't use the standard unix 
+	user database, and you have to store the Lanman and NT hashes 
+	somewhere else. </P
+><P
+>Next to a differently encrypted passwords, 
+	windows also stores certain data for each user 
+	that is not stored in a unix user database, e.g. 
+	workstations the user may logon from, the location where his/her 
+	profile is stored, etc.
+	Samba retrieves and stores this information using a "passdb backend".
+	Commonly
+	available backends are LDAP, plain text file, MySQL and nisplus.
+	For more information, see the documentation about the 
+	<B
+CLASS="COMMAND"
+>passdb backend = </B
+> parameter.
 	</P
-></LI
-></OL
-></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN288"
+NAME="AEN331"
 ></A
->2.5. Setting up a WINS server</H2
-><P
->Either a Samba machine or a Windows NT Server machine may be set up
-as a WINS server.  To set a Samba machine to be a WINS server you must
-add the following option to the smb.conf file on the selected machine :
-in the [globals] section add the line </P
+>3.2. Important Notes About Security</H2
 ><P
-><B
-CLASS="COMMAND"
->		wins support = yes</B
-></P
+>The unix and SMB password encryption techniques seem similar 
+	on the surface. This similarity is, however, only skin deep. The unix 
+	scheme typically sends clear text passwords over the network when 
+	logging in. This is bad. The SMB encryption scheme never sends the 
+	cleartext password over the network but it does store the 16 byte 
+	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
+	values are a "password equivalent". You cannot derive the user's 
+	password from them, but they could potentially be used in a modified 
+	client to gain access to a server. This would require considerable 
+	technical knowledge on behalf of the attacker but is perfectly possible. 
+	You should thus treat the data stored in whatever 
+	passdb backend you use (smbpasswd file, ldap, mysql) as though it contained the 
+	cleartext passwords of all your users. Its contents must be kept 
+	secret, and the file should be protected accordingly.</P
 ><P
->Versions of Samba previous to 1.9.17 had this parameter default to
-yes.  If you have any older versions of Samba on your network it is
-strongly suggested you upgrade to 1.9.17 or above, or at the very
-least set the parameter to 'no' on all these machines.</P
+>Ideally we would like a password scheme which neither requires 
+	plain text passwords on the net or on disk. Unfortunately this 
+	is not available as Samba is stuck with being compatible with 
+	other SMB systems (WinNT, WfWg, Win95 etc). </P
+><DIV
+CLASS="WARNING"
 ><P
->Machines with "<B
-CLASS="COMMAND"
->wins support = yes</B
->" will keep a list of 
-all NetBIOS names registered with them, acting as a DNS for NetBIOS names.</P
+></P
+><TABLE
+CLASS="WARNING"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
 ><P
->You should set up only ONE wins server.  Do NOT set the
-"<B
-CLASS="COMMAND"
->wins support = yes</B
->" option on more than one Samba 
-server.</P
-><P
->To set up a Windows NT Server as a WINS server you need to set up
-the WINS service - see your NT documentation for details.  Note that
-Windows NT WINS Servers can replicate to each other, allowing more
-than one to be set up in a complex subnet environment.  As Microsoft
-refuse to document these replication protocols Samba cannot currently
-participate in these replications.  It is possible in the future that
-a Samba-&#62;Samba WINS replication protocol may be defined, in which
-case more than one Samba machine could be set up as a WINS server
-but currently only one Samba server should have the "wins support = yes"
-parameter set.</P
+>Note that Windows NT 4.0 Service pack 3 changed the 
+		default for permissible authentication so that plaintext 
+		passwords are <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>never</I
+></SPAN
+> sent over the wire. 
+		The solution to this is either to switch to encrypted passwords 
+		with Samba or edit the Windows NT registry to re-enable plaintext 
+		passwords. See the document WinNT.txt for details on how to do 
+		this.</P
 ><P
->After the WINS server has been configured you must ensure that all
-machines participating on the network are configured with the address
-of this WINS server.  If your WINS server is a Samba machine, fill in
-the Samba machine IP address in the "Primary WINS Server" field of
-the "Control Panel-&#62;Network-&#62;Protocols-&#62;TCP-&#62;WINS Server" dialogs
-in Windows 95 or Windows NT.  To tell a Samba server the IP address
-of the WINS server add the following line to the [global] section of
-all smb.conf files :</P
+>Other Microsoft operating systems which also exhibit 
+		this behavior includes</P
 ><P
-><B
-CLASS="COMMAND"
->wins server = &gt;name or IP address&lt;</B
 ></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>MS DOS Network client 3.0 with 
+			the basic network redirector installed</TD
+></TR
+><TR
+><TD
+>Windows 95 with the network redirector 
+			update installed</TD
+></TR
+><TR
+><TD
+>Windows 98 [se]</TD
+></TR
+><TR
+><TD
+>Windows 2000</TD
+></TR
+></TBODY
+></TABLE
 ><P
->where &gt;name or IP address&lt; is either the DNS name of the WINS server
-machine or its IP address.</P
-><P
->Note that this line MUST NOT BE SET in the smb.conf file of the Samba
-server acting as the WINS server itself.  If you set both the
-"<B
-CLASS="COMMAND"
->wins support = yes</B
->" option and the 
-"<B
-CLASS="COMMAND"
->wins server = &gt;name&lt;</B
->" option then
-nmbd will fail to start.</P
+></P
 ><P
->There are two possible scenarios for setting up cross subnet browsing.
-The first details setting up cross subnet browsing on a network containing
-Windows 95, Samba and Windows NT machines that are not configured as
-part of a Windows NT Domain.  The second details setting up cross subnet
-browsing on networks that contain NT Domains.</P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Note :</I
+></SPAN
+>All current release of 
+		Microsoft SMB/CIFS clients support authentication via the
+		SMB Challenge/Response mechanism described here.  Enabling
+		clear text authentication does not disable the ability
+		of the client to participate in encrypted authentication.</P
+></TD
+></TR
+></TABLE
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN307"
+NAME="AEN346"
 ></A
->2.6. Setting up Browsing in a WORKGROUP</H2
-><P
->To set up cross subnet browsing on a network containing machines
-in up to be in a WORKGROUP, not an NT Domain you need to set up one
-Samba server to be the Domain Master Browser (note that this is *NOT*
-the same as a Primary Domain Controller, although in an NT Domain the
-same machine plays both roles).  The role of a Domain master browser is
-to collate the browse lists from local master browsers on all the
-subnets that have a machine participating in the workgroup.  Without
-one machine configured as a domain master browser each subnet would
-be an isolated workgroup, unable to see any machines on any other
-subnet.  It is the presense of a domain master browser that makes
-cross subnet browsing possible for a workgroup.</P
-><P
->In an WORKGROUP environment the domain master browser must be a
-Samba server, and there must only be one domain master browser per
-workgroup name.  To set up a Samba server as a domain master browser,
-set the following option in the [global] section of the smb.conf file :</P
-><P
-><B
-CLASS="COMMAND"
->domain master = yes</B
-></P
-><P
->The domain master browser should also preferrably be the local master
-browser for its own subnet.  In order to achieve this set the following
-options in the [global] section of the smb.conf file :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = yes
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
-></P
-><P
->The domain master browser may be the same machine as the WINS
-server, if you require.</P
-><P
->Next, you should ensure that each of the subnets contains a
-machine that can act as a local master browser for the
-workgroup.  Any NT machine should be able to do this, as will
-Windows 95 machines (although these tend to get rebooted more
-often, so it's not such a good idea to use these).  To make a 
-Samba server a local master browser set the following
-options in the [global] section of the smb.conf file :</P
+>3.2.1. Advantages of SMB Encryption</H3
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
 ></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>plain text passwords are not passed across 
+			the network. Someone using a network sniffer cannot just 
+			record passwords going to the SMB server.</TD
+></TR
+><TR
+><TD
+>WinNT doesn't like talking to a server 
+			that isn't using SMB encrypted passwords. It will refuse 
+			to browse the server if the server is also in user level 
+			security mode. It will insist on prompting the user for the 
+			password on each connection, which is very annoying. The
+			only things you can do to stop this is to use SMB encryption.
+			</TD
+></TR
+></TBODY
+></TABLE
 ><P
->Do not do this for more than one Samba server on each subnet,
-or they will war with each other over which is to be the local
-master browser.</P
-><P
->The "local master" parameter allows Samba to act as a local master
-browser.  The "preferred master" causes nmbd to force a browser
-election on startup and the "os level" parameter sets Samba high
-enough so that it should win any browser elections.</P
-><P
->If you have an NT machine on the subnet that you wish to
-be the local master browser then you can disable Samba from
-becoming a local master browser by setting the following
-options in the [global] section of the smb.conf file :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = no
-        preferred master = no
-        os level = 0</PRE
 ></P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN325"
+NAME="AEN351"
 ></A
->2.7. Setting up Browsing in a DOMAIN</H2
-><P
->If you are adding Samba servers to a Windows NT Domain then
-you must not set up a Samba server as a domain master browser.
-By default, a Windows NT Primary Domain Controller for a Domain
-name is also the Domain master browser for that name, and many
-things will break if a Samba server registers the Domain master
-browser NetBIOS name (DOMAIN&gt;1B&lt;) with WINS instead of the PDC.</P
-><P
->For subnets other than the one containing the Windows NT PDC
-you may set up Samba servers as local master browsers as
-described.  To make a Samba server a local master browser set 
-the following options in the [global] section of the smb.conf 
-file :</P
+>3.2.2. Advantages of non-encrypted passwords</H3
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
 ></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>plain text passwords are not kept 
+			on disk. </TD
+></TR
+><TR
+><TD
+>uses same password file as other unix 
+			services such as login and ftp</TD
+></TR
+><TR
+><TD
+>you are probably already using other 
+			services (such as telnet and ftp) which send plain text 
+			passwords over the net, so sending them for SMB isn't 
+			such a big deal.</TD
+></TR
+></TBODY
+></TABLE
 ><P
->If you wish to have a Samba server fight the election with machines
-on the same subnet you may set the "os level" parameter to lower
-levels.  By doing this you can tune the order of machines that
-will become local master browsers if they are running.  For
-more details on this see the section "FORCING SAMBA TO BE THE MASTER"
-below.</P
-><P
->If you have Windows NT machines that are members of the domain
-on all subnets, and you are sure they will always be running then
-you can disable Samba from taking part in browser elections and
-ever becoming a local master browser by setting following options 
-in the [global] section of the smb.conf file :</P
-><P
-><B
-CLASS="COMMAND"
->        domain master = no
-        local master = no
-        preferred master = no
-        os level = 0</B
 ></P
 ></DIV
+></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN335"
+NAME="AEN357"
 ></A
->2.8. Forcing samba to be the master</H2
+>3.3. The smbpasswd Command</H2
 ><P
->Who becomes the "master browser" is determined by an election process
-using broadcasts.  Each election packet contains a number of parameters
-which determine what precedence (bias) a host should have in the
-election.  By default Samba uses a very low precedence and thus loses
-elections to just about anyone else.</P
-><P
->If you want Samba to win elections then just set the "os level" global
-option in smb.conf to a higher number.  It defaults to 0.  Using 34
-would make it win all elections over every other system (except other
-samba systems!)</P
-><P
->A "os level" of 2 would make it beat WfWg and Win95, but not NTAS.  A
-NTAS domain controller uses level 32.</P
-><P
->The maximum os level is 255</P
-><P
->If you want samba to force an election on startup, then set the
-"preferred master" global option in smb.conf to "yes".  Samba will
-then have a slight advantage over other potential master browsers
-that are not preferred master browsers.  Use this parameter with
-care, as if you have two hosts (whether they are windows 95 or NT or
-samba) on the same local subnet both set with "preferred master" to
-"yes", then periodically and continually they will force an election
-in order to become the local master browser.</P
-><P
->If you want samba to be a "domain master browser", then it is
-recommended that you also set "preferred master" to "yes", because
-samba will not become a domain master browser for the whole of your
-LAN or WAN if it is not also a local master browser on its own
-broadcast isolated subnet.</P
-><P
->It is possible to configure two samba servers to attempt to become
-the domain master browser for a domain.  The first server that comes
-up will be the domain master browser.  All other samba servers will
-attempt to become the domain master browser every 5 minutes.  They
-will find that another samba server is already the domain master
-browser and will fail.  This provides automatic redundancy, should
-the current domain master browser fail.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN344"
-></A
->2.9. Making samba the domain master</H2
+>The smbpasswd utility is a utility similar to the 
+	<B
+CLASS="COMMAND"
+>passwd</B
+> or <B
+CLASS="COMMAND"
+>yppasswd</B
+> programs.
+	It maintains the two 32 byte password fields 
+	in the passdb backend. </P
 ><P
->The domain master is responsible for collating the browse lists of
-multiple subnets so that browsing can occur between subnets.  You can
-make samba act as the domain master by setting "domain master = yes"
-in smb.conf.  By default it will not be a domain master.</P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> works in a client-server mode 
+	where it contacts the local smbd to change the user's password on its 
+	behalf. This has enormous benefits - as follows.</P
 ><P
->Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain.</P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> has the capability 
+	to change passwords on Windows NT servers (this only works when 
+	the request is sent to the NT Primary Domain Controller if you 
+	are changing an NT Domain user's password).</P
 ><P
->When samba is the domain master and the master browser it will listen
-for master announcements (made roughly every twelve minutes) from local
-master browsers on other subnets and then contact them to synchronise
-browse lists.</P
+>To run smbpasswd as a normal user just type :</P
 ><P
->If you want samba to be the domain master then I suggest you also set
-the "os level" high enough to make sure it wins elections, and set
-"preferred master" to "yes", to get samba to force an election on
-startup.</P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbpasswd</B
+></TT
+></P
 ><P
->Note that all your servers (including samba) and clients should be
-using a WINS server to resolve NetBIOS names.  If your clients are only
-using broadcasting to resolve NetBIOS names, then two things will occur:</P
+><TT
+CLASS="PROMPT"
+>Old SMB password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;type old value here - 
+	or hit return if there was no old password&gt;</B
+></TT
+></P
 ><P
+><TT
+CLASS="PROMPT"
+>New SMB Password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;type new value&gt;
+	</B
+></TT
 ></P
-><OL
-TYPE="1"
-><LI
 ><P
->	your local master browsers will be unable to find a domain master
-	browser, as it will only be looking on the local subnet.
-	</P
-></LI
-><LI
+><TT
+CLASS="PROMPT"
+>Repeat New SMB Password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;re-type new value
+	</B
+></TT
+></P
 ><P
->	if a client happens to get hold of a domain-wide browse list, and
-	a user attempts to access a host in that list, it will be unable to
-	resolve the NetBIOS name of that host.
-	</P
-></LI
-></OL
+>If the old value does not match the current value stored for 
+	that user, or the two new values do not match each other, then the 
+	password will not be changed.</P
 ><P
->If, however, both samba and your clients are using a WINS server, then:</P
+>If invoked by an ordinary user it will only allow the user 
+	to change his or her own Samba password.</P
 ><P
-></P
-><OL
-TYPE="1"
-><LI
+>If run by the root user smbpasswd may take an optional 
+	argument, specifying the user name whose SMB password you wish to 
+	change.  Note that when run as root smbpasswd does not prompt for 
+	or check the old password value, thus allowing root to set passwords 
+	for users who have forgotten their passwords.</P
 ><P
->	your local master browsers will contact the WINS server and, as long as
-	samba has registered that it is a domain master browser with the WINS
-	server, your local master browser will receive samba's ip address
-	as its domain master browser.
-	</P
-></LI
-><LI
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> is designed to work in the same way 
+	and be familiar to UNIX users who use the <B
+CLASS="COMMAND"
+>passwd</B
+> or 
+	<B
+CLASS="COMMAND"
+>yppasswd</B
+> commands.</P
 ><P
->	when a client receives a domain-wide browse list, and a user attempts
-	to access a host in that list, it will contact the WINS server to
-	resolve the NetBIOS name of that host.  as long as that host has
-	registered its NetBIOS name with the same WINS server, the user will
-	be able to see that host.  
-	</P
-></LI
-></OL
+>For more details on using <B
+CLASS="COMMAND"
+>smbpasswd</B
+> refer 
+	to the man page which will always be the definitive reference.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN362"
+NAME="AEN388"
 ></A
->2.10. Note about broadcast addresses</H2
+>3.4. Plain text</H2
 ><P
->If your network uses a "0" based broadcast address (for example if it
-ends in a 0) then you will strike problems.  Windows for Workgroups
-does not seem to support a 0's broadcast and you will probably find
-that browsing and name lookups won't work.</P
+>Older versions of samba retrieved user information from the unix user database 
+and eventually some other fields from the file <TT
+CLASS="FILENAME"
+>/etc/samba/smbpasswd</TT
+>
+or <TT
+CLASS="FILENAME"
+>/etc/smbpasswd</TT
+>. When password encryption is disabled, no 
+data is stored at all.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN365"
+NAME="AEN393"
 ></A
->2.11. Multiple interfaces</H2
+>3.5. TDB</H2
 ><P
->Samba now supports machines with multiple network interfaces.  If you
-have multiple interfaces then you will need to use the "interfaces"
-option in smb.conf to configure them.  See smb.conf(5) for details.</P
+>Samba can also store the user data in a "TDB" (Trivial Database). Using this backend 
+doesn't require any additional configuration. This backend is recommended for new installations who 
+don't require LDAP.</P
 ></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="OPLOCKS"
-></A
->Chapter 3. Oplocks</H1
 ><DIV
 CLASS="SECT1"
-><H2
+><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN377"
-></A
->3.1. What are oplocks?</H2
-><P
->When a client opens a file it can request an "oplock" or file
-lease. This is (to simplify a bit) a guarentee that no one else
-has the file open simultaneously. It allows the client to not
-send any updates on the file to the server, thus reducing a
-network file access to local access (once the file is in
-client cache). An "oplock break" is when the server sends
-a request to the client to flush all its changes back to
-the server, so the file is in a consistent state for other
-opens to succeed. If a client fails to respond to this
-asynchronous request then the file can be corrupted. Hence
-the "turn off oplocks" answer if people are having multi-user
-file access problems.</P
-><P
->Unless the kernel is "oplock aware" (SGI IRIX and Linux are
-the only two UNIXes that are at the moment) then if a local
-UNIX process accesses the file simultaneously then Samba
-has no way of telling this is occuring, so the guarentee
-to the client is broken. This can corrupt the file. Short
-answer - it you have UNIX clients accessing the same file
-as smbd locally or via NFS and you're not running Linux or
-IRIX then turn off oplocks for that file or share.</P
-><P
->"Share modes". These are modes of opening a file, that
-guarentee an invarient - such as DENY_WRITE - which means
-that if any other opens are requested with write access after
-this current open has succeeded then they should be denied
-with a "sharing violation" error message. Samba handles these
-internally inside smbd. UNIX clients accessing the same file
-ignore these invarients. Just proving that if you need simultaneous
-file access from a Windows and UNIX client you *must* have an
-application that is written to lock records correctly on both
-sides. Few applications are written like this, and even fewer
-are cross platform (UNIX and Windows) so in practice this isn't
-much of a problem.</P
-><P
->"Locking". This really means "byte range locking" - such as
-lock 10 bytes at file offset 24 for write access. This is the
-area in which well written UNIX and Windows apps will cooperate.
-Windows locks (at least from NT or above) are 64-bit unsigned
-offsets. UNIX locks are either 31 bit or 63 bit and are signed
-(the top bit is used for the sign). Samba handles these by
-first ensuring that all the Windows locks don't conflict (ie.
-if other Windows clients have competing locks then just reject
-immediately) - this allows us to support 64-bit Windows locks
-on 32-bit filesystems. Secondly any locks that are valid are
-then mapped onto UNIX fcntl byte range locks. These are the
-locks that will be seen by UNIX processes. If there is a conflict
-here the lock is rejected.</P
-><P
->Note that if a client has an oplock then it "knows" that no
-other client can have the file open so usually doesn't bother
-to send to lock request to the server - this means once again
-if you need to share files between UNIX and Windows processes
-either use IRIX or Linux, or turn off oplocks for these
-files/shares.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="BROWSING-QUICK"
+NAME="AEN396"
 ></A
->Chapter 4. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</H1
-><P
->This document should be read in conjunction with Browsing and may
-be taken as the fast track guide to implementing browsing across subnets
-and / or across workgroups (or domains). WINS is the best tool for resolution
-of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling
-except by way of name to address mapping.</P
+>3.6. LDAP</H2
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
 ><A
-NAME="AEN392"
+NAME="AEN398"
 ></A
->4.1. Discussion</H2
+>3.6.1. Introduction</H3
 ><P
->Firstly, all MS Windows networking is based on SMB (Server Message
-Block) based messaging. SMB messaging is implemented using NetBIOS. Samba
-implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can
-do likewise. NetBIOS based networking uses broadcast messaging to affect
-browse list management. When running NetBIOS over TCP/IP this uses UDP
-based messaging. UDP messages can be broadcast or unicast.</P
+>This document describes how to use an LDAP directory for storing Samba user
+account information traditionally stored in the smbpasswd(5) file.  It is
+assumed that the reader already has a basic understanding of LDAP concepts
+and has a working directory server already installed.  For more information
+on LDAP architectures and Directories, please refer to the following sites.</P
 ><P
->Normally, only unicast UDP messaging can be forwarded by routers. The
-"remote announce" parameter to smb.conf helps to project browse announcements
-to remote network segments via unicast UDP. Similarly, the "remote browse sync"
-parameter of smb.conf implements browse list collation using unicast UDP.</P
+></P
+><UL
+><LI
 ><P
->Secondly, in those networks where Samba is the only SMB server technology
-wherever possible nmbd should be configured on one (1) machine as the WINS
-server. This makes it easy to manage the browsing environment. If each network
-segment is configured with it's own Samba WINS server, then the only way to
-get cross segment browsing to work is by using the "remote announce" and
-the "remote browse sync" parameters to your smb.conf file.</P
+>OpenLDAP - <A
+HREF="http://www.openldap.org/"
+TARGET="_top"
+>http://www.openldap.org/</A
+></P
+></LI
+><LI
 ><P
->If only one WINS server is used then the use of the "remote announce" and the
-"remote browse sync" parameters should NOT be necessary.</P
+>iPlanet Directory Server - <A
+HREF="http://iplanet.netscape.com/directory"
+TARGET="_top"
+>http://iplanet.netscape.com/directory</A
+></P
+></LI
+></UL
 ><P
->Samba WINS does not support MS-WINS replication. This means that when setting up
-Samba as a WINS server there must only be one nmbd configured as a WINS server
-on the network. Some sites have used multiple Samba WINS servers for redundancy
-(one server per subnet) and then used "remote browse sync" and "remote announce"
-to affect browse list collation across all segments. Note that this means
-clients will only resolve local names, and must be configured to use DNS to
-resolve names on other subnets in order to resolve the IP addresses of the
-servers they can see on other subnets. This setup is not recommended, but is
-mentioned as a practical consideration (ie: an 'if all else fails' scenario).</P
+>Note that <A
+HREF="http://www.ora.com/"
+TARGET="_top"
+>O'Reilly Publishing</A
+> is working on
+a guide to LDAP for System Administrators which has a planned release date of
+early summer, 2002.</P
 ><P
->Lastly, take note that browse lists are a collection of unreliable broadcast
-messages that are repeated at intervals of not more than 15 minutes. This means
-that it will take time to establish a browse list and it can take up to 45
-minutes to stabilise, particularly across network segments.</P
+>Two additional Samba resources which may prove to be helpful are</P
+><P
+></P
+><UL
+><LI
+><P
+>The <A
+HREF="http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html"
+TARGET="_top"
+>Samba-PDC-LDAP-HOWTO</A
+>
+	maintained by Ignacio Coupeau.</P
+></LI
+><LI
+><P
+>The NT migration scripts from <A
+HREF="http://samba.idealx.org/"
+TARGET="_top"
+>IDEALX</A
+> that are
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
+	</P
+></LI
+></UL
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN400"
+NAME="AEN418"
 ></A
->4.2. Use of the "Remote Announce" parameter</H2
+>3.6.2. Introduction</H3
 ><P
->The "remote announce" parameter of smb.conf can be used to forcibly ensure
-that all the NetBIOS names on a network get announced to a remote network.
-The syntax of the "remote announce" parameter is:
-<PRE
-CLASS="PROGRAMLISTING"
->	remote announce = a.b.c.d [e.f.g.h] ...</PRE
+>Traditionally, when configuring <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>"encrypt
+passwords = yes"</A
+> in Samba's <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file, user account
+information such as username, LM/NT password hashes, password change times, and account
+flags have been stored in the <TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+> file.  There are several
+disadvantages to this approach for sites with very large numbers of users (counted
+in the thousands).</P
+><P
+></P
+><UL
+><LI
+><P
+>The first is that all lookups must be performed sequentially.  Given that
+there are approximately two lookups per domain logon (one for a normal
+session connection such as when mapping a network drive or printer), this
+is a performance bottleneck for lareg sites.  What is needed is an indexed approach
+such as is used in databases.</P
+></LI
+><LI
+><P
+>The second problem is that administrators who desired to replicate a
+smbpasswd file to more than one Samba server were left to use external
+tools such as <B
+CLASS="COMMAND"
+>rsync(1)</B
+> and <B
+CLASS="COMMAND"
+>ssh(1)</B
 >
-_or_
-<PRE
-CLASS="PROGRAMLISTING"
->	remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...</PRE
+and wrote custom, in-house scripts.</P
+></LI
+><LI
+><P
+>And finally, the amount of information which is stored in an
+smbpasswd entry leaves no room for additional attributes such as
+a home directory, password expiration time, or even a Relative
+Identified (RID).</P
+></LI
+></UL
+><P
+>As a result of these defeciencies, a more robust means of storing user attributes
+used by smbd was developed.  The API which defines access to user accounts
+is commonly referred to as the samdb interface (previously this was called the passdb
+API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
+for a samdb backend (e.g. <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> or
+<TT
+CLASS="PARAMETER"
+><I
+>--with-tdbsam</I
+></TT
+>) requires compile time support.</P
+><P
+>When compiling Samba to include the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> autoconf
+option, smbd (and associated tools) will store and lookup user accounts in
+an LDAP directory.  In reality, this is very easy to understand.  If you are
+comfortable with using an smbpasswd file, simply replace "smbpasswd" with
+"LDAP directory" in all the documentation.</P
+><P
+>There are a few points to stress about what the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
 >
-
-where:
-<P
+does not provide.  The LDAP support referred to in the this documentation does not
+include:</P
+><P
 ></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->a.b.c.d and e.f.g.h</DT
-><DD
+><UL
+><LI
 ><P
->is either the LMB (Local Master Browser) IP address
-or the broadcst address of the remote network.
-ie: the LMB is at 192.168.1.10, or the address
-could be given as 192.168.1.255 where the netmask
-is assumed to be 24 bits (255.255.255.0).
-When the remote announcement is made to the broadcast
-address of the remote network every host will receive
-our announcements. This is noisy and therefore
-undesirable but may be necessary if we do NOT know
-the IP address of the remote LMB.</P
-></DD
-><DT
->WORKGROUP</DT
-><DD
+>A means of retrieving user account information from
+	an Windows 2000 Active Directory server.</P
+></LI
+><LI
 ><P
->is optional and can be either our own workgroup
-or that of the remote network. If you use the
-workgroup name of the remote network then our
-NetBIOS machine names will end up looking like
-they belong to that workgroup, this may cause
-name resolution problems and should be avoided.</P
-></DD
-></DL
-></DIV
->&#13;</P
+>A means of replacing /etc/passwd.</P
+></LI
+></UL
+><P
+>The second item can be accomplished by using LDAP NSS and PAM modules.  LGPL
+versions of these libraries can be obtained from PADL Software
+(<A
+HREF="http://www.padl.com/"
+TARGET="_top"
+>http://www.padl.com/</A
+>).  However,
+the details of configuring these packages are beyond the scope of this document.</P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN414"
+NAME="AEN447"
 ></A
->4.3. Use of the "Remote Browse Sync" parameter</H2
-><P
->The "remote browse sync" parameter of smb.conf is used to announce to
-another LMB that it must synchronise it's NetBIOS name list with our
-Samba LMB. It works ONLY if the Samba server that has this option is
-simultaneously the LMB on it's network segment.</P
+>3.6.3. Supported LDAP Servers</H3
 ><P
->The syntax of the "remote browse  sync" parameter is:
-<PRE
-CLASS="PROGRAMLISTING"
->	remote browse sync = a.b.c.d</PRE
->
-
-where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment.</P
+>The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
+2.0 server and client libraries.  The same code should be able to work with
+Netscape's Directory Server and client SDK. However, due to lack of testing
+so far, there are bound to be compile errors and bugs.  These should not be
+hard to fix. If you are so inclined, please be sure to forward all patches to
+<A
+HREF="samba-patches@samba.org"
+TARGET="_top"
+>samba-patches@samba.org</A
+> and
+<A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.</P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN419"
+NAME="AEN452"
 ></A
->4.4. Use of WINS</H2
+>3.6.4. Schema and Relationship to the RFC 2307 posixAccount</H3
 ><P
->Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly
-recommended. Every NetBIOS machine registers it's name together with a
-name_type value for each of of several types of service it has available.
-eg: It registers it's name directly as a unique (the type 0x03) name.
-It also registers it's name if it is running the lanmanager compatible
-server service (used to make shares and printers available to other users)
-by registering the server (the type 0x20) name.</P
+>Samba 3.0 includes the necessary schema file for OpenLDAP 2.0 in
+<TT
+CLASS="FILENAME"
+>examples/LDAP/samba.schema</TT
+>.  The sambaAccount objectclass is given here:</P
 ><P
->All NetBIOS names are up to 15 characters in length. The name_type variable
-is added to the end of the name - thus creating a 16 character name. Any
-name that is shorter than 15 characters is padded with spaces to the 15th
-character. ie: All NetBIOS names are 16 characters long (including the
-name_type information).</P
+><PRE
+CLASS="PROGRAMLISTING"
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))</PRE
+></P
 ><P
->WINS can store these 16 character names as they get registered. A client
-that wants to log onto the network can ask the WINS server for a list
-of all names that have registered the NetLogon service name_type. This saves
-broadcast traffic and greatly expedites logon processing. Since broadcast
-name resolution can not be used across network segments this type of
-information can only be provided via WINS _or_ via statically configured
-"lmhosts" files that must reside on all clients in the absence of WINS.</P
-><P
->WINS also serves the purpose of forcing browse list synchronisation by all
-LMB's. LMB's must synchronise their browse list with the DMB (domain master
-browser) and WINS helps the LMB to identify it's DMB. By definition this
-will work only within a single workgroup. Note that the domain master browser
-has NOTHING to do with what is referred to as an MS Windows NT Domain. The
-later is a reference to a security environment while the DMB refers to the
-master controller for browse list information only.</P
-><P
->Use of WINS will work correctly only if EVERY client TCP/IP protocol stack
-has been configured to use the WINS server/s. Any client that has not been
-configured to use the WINS server will continue to use only broadcast based
-name registration so that WINS may NEVER get to know about it. In any case,
-machines that have not registered with a WINS server will fail name to address
-lookup attempts by other clients and will therefore cause workstation access
-errors.</P
-><P
->To configure Samba as a WINS server just add "wins support = yes" to the
-smb.conf file [globals] section.</P
+>The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
+owned by the Samba Team and as such is legal to be openly published.
+If you translate the schema to be used with Netscape DS, please
+submit the modified schema file as a patch to <A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+></P
 ><P
->To configure Samba to register with a WINS server just add
-"wins server = a.b.c.d" to your smb.conf file [globals] section.</P
+>Just as the smbpasswd file is mean to store information which supplements a
+user's <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry, so is the sambaAccount object
+meant to supplement the UNIX user account information.  A sambaAccount is a
+<TT
+CLASS="CONSTANT"
+>STRUCTURAL</TT
+> objectclass so it can be stored individually
+in the directory.  However, there are several fields (e.g. uid) which overlap
+with the posixAccount objectclass outlined in RFC2307.  This is by design.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->DO NOT EVER</I
-></SPAN
-> use both "wins support = yes" together with "wins server = a.b.c.d"
-particularly not using it's own IP address.</P
+>In order to store all user account information (UNIX and Samba) in the directory,
+it is necessary to use the sambaAccount and posixAccount objectclasses in
+combination.  However, smbd will still obtain the user's UNIX account
+information via the standard C library calls (e.g. getpwnam(), et. al.).
+This means that the Samba server must also have the LDAP NSS library installed
+and functioning correctly.  This division of information makes it possible to
+store all Samba account information in LDAP, but still maintain UNIX account
+information in NIS while the network is transitioning to a full LDAP infrastructure.</P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN464"
+></A
+>3.6.5. Configuring Samba with LDAP</H3
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
 ><A
-NAME="AEN430"
+NAME="AEN466"
 ></A
->4.5. Do NOT use more than one (1) protocol on MS Windows machines</H2
+>3.6.5.1. OpenLDAP configuration</H4
 ><P
->A very common cause of browsing problems results from installing more than
-one protocol on an MS Windows machine.</P
+>To include support for the sambaAccount object in an OpenLDAP directory
+server, first copy the samba.schema file to slapd's configuration directory.</P
 ><P
->Every NetBIOS machine take part in a process of electing the LMB (and DMB)
-every 15 minutes. A set of election criteria is used to determine the order
-of precidence for winning this election process. A machine running Samba or
-Windows NT will be biased so that the most suitable machine will predictably
-win and thus retain it's role.</P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>cp samba.schema /etc/openldap/schema/</B
+></P
 ><P
->The election process is "fought out" so to speak over every NetBIOS network
-interface. In the case of a Windows 9x machine that has both TCP/IP and IPX
-installed and has NetBIOS enabled over both protocols the election will be
-decided over both protocols. As often happens, if the Windows 9x machine is
-the only one with both protocols then the LMB may be won on the NetBIOS
-interface over the IPX protocol. Samba will then lose the LMB role as Windows
-9x will insist it knows who the LMB is. Samba will then cease to function
-as an LMB and thus browse list operation on all TCP/IP only machines will
-fail.</P
+>Next, include the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>.
+The sambaAccount object contains two attributes which depend upon other schema
+files.  The 'uid' attribute is defined in <TT
+CLASS="FILENAME"
+>cosine.schema</TT
+> and
+the 'displayName' attribute is defined in the <TT
+CLASS="FILENAME"
+>inetorgperson.schema</TT
+>
+file.  Both of these must be included before the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file.</P
 ><P
->The safest rule of all to follow it this - USE ONLY ONE PROTOCOL!</P
+><PRE
+CLASS="PROGRAMLISTING"
+>## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....</PRE
+></P
+><P
+>It is recommended that you maintain some indices on some of the most usefull attributes,
+like in the following example, to speed up searches made on sambaAccount objectclasses
+(and possibly posixAccount and posixGroup as well).</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+># Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsambapwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq</PRE
+></P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT3"
+><HR><H4
+CLASS="SECT3"
 ><A
-NAME="AEN436"
+NAME="AEN483"
 ></A
->4.6. Name Resolution Order</H2
+>3.6.5.2. Configuring Samba</H4
+><P
+>The following parameters are available in smb.conf only with <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+was included with compiling Samba.</P
 ><P
->Resolution of NetBIOS names to IP addresses can take place using a number
-of methods. The only ones that can provide NetBIOS name_type information
-are:
-<P
 ></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->WINS: the best tool!</TD
-></TR
-><TR
-><TD
->LMHOSTS: is static and hard to maintain.</TD
-></TR
-><TR
-><TD
->Broadcast: uses UDP and can not resolve names across remote segments.</TD
-></TR
-></TBODY
-></TABLE
+><UL
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSSL"
+TARGET="_top"
+>ldap ssl</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSERVER"
+TARGET="_top"
+>ldap server</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPADMINDN"
+TARGET="_top"
+>ldap admin dn</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSUFFIX"
+TARGET="_top"
+>ldap suffix</A
+></P
+></LI
+><LI
 ><P
+><A
+HREF="smb.conf.5.html#LDAPFILTER"
+TARGET="_top"
+>ldap filter</A
 ></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPPORT"
+TARGET="_top"
+>ldap port</A
 ></P
+></LI
+></UL
+><P
+>These are described in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+> man
+page and so will not be repeated here.  However, a sample smb.conf file for
+use with an LDAP directory could appear as</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w <TT
+CLASS="REPLACEABLE"
+><I
+>secretpw</I
+></TT
+>' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"</PRE
+></P
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN511"
+></A
+>3.6.6. Accounts and Groups management</H3
+><P
+>As users accounts are managed thru the sambaAccount objectclass, you should
+modify you existing administration tools to deal with sambaAccount attributes.</P
+><P
+>Machines accounts are managed with the sambaAccount objectclass, just
+like users accounts. However, it's up to you to stored thoses accounts
+in a different tree of you LDAP namespace: you should use
+"ou=Groups,dc=plainjoe,dc=org" to store groups and
+"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
+NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
+file).</P
+><P
+>In Samba release 3.0, the group management system is based on posix
+groups. This means that Samba make usage of the posixGroup objectclass.
+For now, there is no NT-like group system management (global and local
+groups).</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN516"
+></A
+>3.6.7. Security and sambaAccount</H3
+><P
+>There are two important points to remember when discussing the security
+of sambaAccount entries in the directory.</P
+><P
+></P
+><UL
+><LI
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Never</I
+></SPAN
+> retrieve the lmPassword or
+	ntPassword attribute values over an unencrypted LDAP session.</P
+></LI
+><LI
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Never</I
+></SPAN
+> allow non-admin users to
+	view the lmPassword or ntPassword attribute values.</P
+></LI
+></UL
+><P
+>These password hashes are clear text equivalents and can be used to impersonate
+the user without deriving the original clear text strings.  For more information
+on the details of LM/NT password hashes, refer to the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>ENCRYPTION chapter</A
+> of the Samba-HOWTO-Collection.</P
+><P
+>To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
+to require an encrypted session (<B
+CLASS="COMMAND"
+>ldap ssl = on</B
+>) using
+the default port of 636
+when contacting the directory server.  When using an OpenLDAP 2.0 server, it
+is possible to use the use the StartTLS LDAP extended  operation in the place of
+LDAPS.  In either case, you are strongly discouraged to disable this security
+(<B
+CLASS="COMMAND"
+>ldap ssl = off</B
+>).</P
+><P
+>Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
+extended operation.  However, the OpenLDAP library still provides support for
+the older method of securing communication between clients and servers.</P
+><P
+>The second security precaution is to prevent non-administrative users from
+harvesting password hashes from the directory.  This can be done using the
+following ACL in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN536"
+></A
+>3.6.8. LDAP specials attributes for sambaAccounts</H3
+><P
+>The sambaAccount objectclass is composed of the following attributes:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmPassword</TT
+>: the LANMAN password 16-byte hash stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ntPassword</TT
+>: the NT password hash 16-byte stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdLastSet</TT
+>: The integer time in seconds since 1970 when the
+	<TT
+CLASS="CONSTANT"
+>lmPassword</TT
+> and <TT
+CLASS="CONSTANT"
+>ntPassword</TT
+> attributes were last set.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>acctFlags</TT
+>: string of 11 characters surrounded by square brackets []
+	representing account flags such as U (user), W(workstation), X(no password expiration), and
+	D(disabled).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logonTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>kickoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdCanChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdMustChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>homeDrive</TT
+>: specifies the drive letter to which to map the
+	UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
+	where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>scriptPath</TT
+>: The scriptPath property specifies the path of
+	the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
+	is relative to the netlogon share.  Refer to the "logon script" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>profilePath</TT
+>: specifies a path to the user's profile.
+	This value can be a null string, a local absolute path, or a UNC path.  Refer to the
+	"logon path" parameter in the smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>smbHome</TT
+>: The homeDirectory property specifies the path of
+	the home directory for the user. The string can be null. If homeDrive is set and specifies
+	a drive letter, homeDirectory should be a UNC path. The path must be a network
+	UNC path of the form \\server\share\directory. This value can be a null string.
+	Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>userWorkstation</TT
+>: character string value currently unused.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>rid</TT
+>: the integer representation of the user's relative identifier
+	(RID).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>primaryGroupID</TT
+>: the relative identifier (RID) of the primary group
+	of the user.</P
+></LI
+></UL
+><P
+>The majority of these parameters are only used when Samba is acting as a PDC of
+a domain (refer to the <A
+HREF="Samba-PDC-HOWTO.html"
+TARGET="_top"
+>Samba-PDC-HOWTO</A
+> for details on
+how to configure Samba as a Primary Domain Controller). The following four attributes
+are only stored with the sambaAccount entry if the values are non-default values:</P
+><P
+></P
+><UL
+><LI
+><P
+>smbHome</P
+></LI
+><LI
+><P
+>scriptPath</P
+></LI
+><LI
+><P
+>logonPath</P
+></LI
+><LI
+><P
+>homeDrive</P
+></LI
+></UL
+><P
+>These attributes are only stored with the sambaAccount entry if
+the values are non-default values.  For example, assume TASHTEGO has now been
+configured as a PDC and that <B
+CLASS="COMMAND"
+>logon home = \\%L\%u</B
+> was defined in
+its <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. When a user named "becky" logons to the domain,
+the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> string is expanded to \\TASHTEGO\becky.
+If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
+this value is used.  However, if this attribute does not exist, then the value
+of the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> parameter is used in its place.  Samba
+will only write the attribute value to the directory entry is the value is
+something other than the default (e.g. \\MOBY\becky).</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN606"
+></A
+>3.6.9. Example LDIF Entries for a sambaAccount</H3
+><P
+>The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
 ><P
->Alternative means of name resolution includes:
-<P
+><PRE
+CLASS="PROGRAMLISTING"
+>dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0</PRE
 ></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->/etc/hosts: is static, hard to maintain, and lacks name_type info</TD
-></TR
-><TR
-><TD
->DNS: is a good choice but lacks essential name_type info.</TD
-></TR
-></TBODY
-></TABLE
 ><P
-></P
-></P
+>The following is an LDIF entry for using both the sambaAccount and
+posixAccount objectclasses:</P
 ><P
->Many sites want to restrict DNS lookups and want to avoid broadcast name
-resolution traffic. The "name resolve order" parameter is of great help here.
-The syntax of the "name resolve order" parameter is:
-<PRE
-CLASS="PROGRAMLISTING"
->	name resolve order = wins lmhosts bcast host</PRE
->
-_or_
-<PRE
-CLASS="PROGRAMLISTING"
->	name resolve order = wins lmhosts  	(eliminates bcast and host)</PRE
->
-The default is:
-<PRE
+><PRE
 CLASS="PROGRAMLISTING"
->	name  resolve order = host lmhost wins bcast</PRE
->.
-where "host" refers the the native methods used by the Unix system
-to implement the gethostbyname() function call. This is normally
-controlled by <TT
-CLASS="FILENAME"
->/etc/host.conf</TT
->, <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
-> and <TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.</P
+>dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
+></P
 ></DIV
 ></DIV
 ><DIV
-CLASS="CHAPTER"
-><HR><H1
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
 ><A
-NAME="PWENCRYPT"
+NAME="AEN614"
 ></A
->Chapter 5. LanMan and NT Password Encryption in Samba</H1
+>3.7. MySQL</H2
 ><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
 ><A
-NAME="AEN472"
+NAME="AEN616"
 ></A
->5.1. Introduction</H2
+>3.7.1. Building</H3
 ><P
->Newer windows clients send encrypted passwords over 
-	the wire, instead of plain text passwords. The newest clients 
-	will only send encrypted passwords and refuse to send plain text 
-	passwords, unless their registry is tweaked.</P
+>To build the plugin, run <B
+CLASS="COMMAND"
+>make bin/pdb_mysql.so</B
+>
+in the <TT
+CLASS="FILENAME"
+>source/</TT
+> directory of samba distribution. </P
 ><P
->These passwords can't be converted to unix style encrypted 
-	passwords. Because of that you can't use the standard unix 
-	user database, and you have to store the Lanman and NT hashes 
-	somewhere else. For more information, see the documentation 
-	about the <B
+>Next, copy pdb_mysql.so to any location you want. I 
+strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN622"
+></A
+>3.7.2. Creating the database</H3
+><P
+>You either can set up your own table and specify the field names to pdb_mysql (see below
+for the column names) or use the default table. The file <TT
+CLASS="FILENAME"
+>examples/pdb/mysql/mysql.dump</TT
+> 
+contains the correct queries to create the required tables. Use the command :
+
+<B
 CLASS="COMMAND"
->passdb backend = </B
-> parameter.
-	</P
+>mysql -u<TT
+CLASS="REPLACEABLE"
+><I
+>username</I
+></TT
+> -h<TT
+CLASS="REPLACEABLE"
+><I
+>hostname</I
+></TT
+> -p<TT
+CLASS="REPLACEABLE"
+><I
+>password</I
+></TT
+> <TT
+CLASS="REPLACEABLE"
+><I
+>databasename</I
+></TT
+> &#60; <TT
+CLASS="FILENAME"
+>/path/to/samba/examples/pdb/mysql/mysql.dump</TT
+></B
+>&#13;</P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN477"
+NAME="AEN632"
 ></A
->5.2. Important Notes About Security</H2
+>3.7.3. Configuring</H3
 ><P
->The unix and SMB password encryption techniques seem similar 
-	on the surface. This similarity is, however, only skin deep. The unix 
-	scheme typically sends clear text passwords over the network when 
-	logging in. This is bad. The SMB encryption scheme never sends the 
-	cleartext password over the network but it does store the 16 byte 
-	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
-	values are a "password equivalent". You cannot derive the user's 
-	password from them, but they could potentially be used in a modified 
-	client to gain access to a server. This would require considerable 
-	technical knowledge on behalf of the attacker but is perfectly possible. 
-	You should thus treat the smbpasswd file as though it contained the 
-	cleartext passwords of all your users. Its contents must be kept 
-	secret, and the file should be protected accordingly.</P
+>This plugin lacks some good documentation, but here is some short info:</P
 ><P
->Ideally we would like a password scheme which neither requires 
-	plain text passwords on the net or on disk. Unfortunately this 
-	is not available as Samba is stuck with being compatible with 
-	other SMB systems (WinNT, WfWg, Win95 etc). </P
+>Add a the following to the <B
+CLASS="COMMAND"
+>passdb backend</B
+> variable in your <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>:
+<PRE
+CLASS="PROGRAMLISTING"
+>passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE
+></P
+><P
+>The identifier can be any string you like, as long as it doesn't collide with 
+the identifiers of other plugins or other instances of pdb_mysql. If you 
+specify multiple pdb_mysql.so entries in 'passdb backend', you also need to 
+use different identifiers!</P
+><P
+>Additional options can be given thru the smb.conf file in the [global] section.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>identifier:mysql host                     - host name, defaults to 'localhost'
+identifier:mysql password
+identifier:mysql user                     - defaults to 'samba'
+identifier:mysql database                 - defaults to 'samba'
+identifier:mysql port                     - defaults to 3306
+identifier:table                          - Name of the table containing users</PRE
+></P
 ><DIV
 CLASS="WARNING"
 ><P
@@ -3347,125 +3775,103 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TD
 ALIGN="LEFT"
 VALIGN="TOP"
 ><P
->Note that Windows NT 4.0 Service pack 3 changed the 
-		default for permissible authentication so that plaintext 
-		passwords are <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->never</I
-></SPAN
-> sent over the wire. 
-		The solution to this is either to switch to encrypted passwords 
-		with Samba or edit the Windows NT registry to re-enable plaintext 
-		passwords. See the document WinNT.txt for details on how to do 
-		this.</P
-><P
->Other Microsoft operating systems which also exhibit 
-		this behavior includes</P
-><P
-></P
-><UL
-><LI
-><P
->MS DOS Network client 3.0 with 
-			the basic network redirector installed</P
-></LI
-><LI
-><P
->Windows 95 with the network redirector 
-			update installed</P
-></LI
-><LI
+>Since the password for the mysql user is stored in the 
+smb.conf file, you should make the the smb.conf file 
+readable only to the user that runs samba. This is considered a security 
+bug and will be fixed soon.</P
+></TD
+></TR
+></TABLE
+></DIV
 ><P
->Windows 98 [se]</P
-></LI
-><LI
+>Names of the columns in this table(I've added column types those columns should have first):</P
 ><P
->Windows 2000</P
-></LI
-></UL
+><PRE
+CLASS="PROGRAMLISTING"
+>identifier:logon time column             - int(9)
+identifier:logoff time column            - int(9)
+identifier:kickoff time column           - int(9)
+identifier:pass last set time column     - int(9)
+identifier:pass can change time column   - int(9)
+identifier:pass must change time column  - int(9)
+identifier:username column               - varchar(255) - unix username
+identifier:domain column                 - varchar(255) - NT domain user is part of
+identifier:nt username column            - varchar(255) - NT username
+identifier:fullname column            - varchar(255) - Full name of user
+identifier:home dir column               - varchar(255) - Unix homedir path
+identifier:dir drive column              - varchar(2) - Directory drive path (eg: 'H:')
+identifier:logon script column           - varchar(255) - Batch file to run on client side when logging on
+identifier:profile path column           - varchar(255) - Path of profile
+identifier:acct desc column              - varchar(255) - Some ASCII NT user data
+identifier:workstations column           - varchar(255) - Workstations user can logon to (or NULL for all)
+identifier:unknown string column         - varchar(255) - unknown string
+identifier:munged dial column            - varchar(255) - ?
+identifier:uid column                    - int(9) - Unix user ID (uid)
+identifier:gid column                    - int(9) - Unix user group (gid)
+identifier:user sid column               - varchar(255) - NT user SID
+identifier:group sid column              - varchar(255) - NT group ID
+identifier:lanman pass column            - varchar(255) - encrypted lanman password
+identifier:nt pass column                - varchar(255) - encrypted nt passwd
+identifier:plain pass column             - varchar(255) - plaintext password
+identifier:acct control column           - int(9) - nt user data
+identifier:unknown 3 column              - int(9) - unknown
+identifier:logon divs column             - int(9) - ?
+identifier:hours len column              - int(9) - ?
+identifier:unknown 5 column              - int(9) - unknown
+identifier:unknown 6 column              - int(9) - unknown</PRE
+></P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note :</I
-></SPAN
->All current release of 
-		Microsoft SMB/CIFS clients support authentication via the
-		SMB Challenge/Response mechanism described here.  Enabling
-		clear text authentication does not disable the ability
-		of the client to participate in encrypted authentication.</P
-></TD
-></TR
-></TABLE
+>Eventually, you can put a colon (:) after the name of each column, which 
+should specify the column to update when updating the table. You can also
+specify nothing behind the colon - then the data from the field will not be 
+updated. </P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN496"
+NAME="AEN649"
 ></A
->5.2.1. Advantages of SMB Encryption</H3
+>3.7.4. Using plaintext passwords or encrypted password</H3
 ><P
-></P
-><UL
-><LI
+>I strongly discourage the use of plaintext passwords, however, you can use them:</P
 ><P
->plain text passwords are not passed across 
-			the network. Someone using a network sniffer cannot just 
-			record passwords going to the SMB server.</P
-></LI
-><LI
+>If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. </P
 ><P
->WinNT doesn't like talking to a server 
-			that isn't using SMB encrypted passwords. It will refuse 
-			to browse the server if the server is also in user level 
-			security mode. It will insist on prompting the user for the 
-			password on each connection, which is very annoying. The
-			only things you can do to stop this is to use SMB encryption.
-			</P
-></LI
-></UL
+>If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN503"
+NAME="AEN654"
 ></A
->5.2.2. Advantages of non-encrypted passwords</H3
+>3.7.5. Getting non-column data from the table</H3
 ><P
-></P
-><UL
-><LI
+>It is possible to have not all data in the database and making some 'constant'.</P
 ><P
->plain text passwords are not kept 
-			on disk. </P
-></LI
-><LI
+>For example, you can set 'identifier:fullname column' to : 
+<B
+CLASS="COMMAND"
+>CONCAT(First_name,' ',Sur_name)</B
+></P
 ><P
->uses same password file as other unix 
-			services such as login and ftp</P
-></LI
-><LI
+>Or, set 'identifier:workstations column' to :
+<B
+CLASS="COMMAND"
+>NULL</B
+></P
 ><P
->you are probably already using other 
-			services (such as telnet and ftp) which send plain text 
-			passwords over the net, so sending them for SMB isn't 
-			such a big deal.</P
-></LI
-></UL
+>See the MySQL documentation for more language constructs.</P
 ></DIV
 ></DIV
 ><DIV
@@ -3473,123 +3879,62 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN512"
+NAME="AEN662"
 ></A
->5.3. The smbpasswd Command</H2
-><P
->The smbpasswd command maintains the two 32 byte password fields 
-	in the smbpasswd file. If you wish to make it similar to the unix 
-	<B
-CLASS="COMMAND"
->passwd</B
-> or <B
-CLASS="COMMAND"
->yppasswd</B
-> programs, 
-	install it in <TT
-CLASS="FILENAME"
->/usr/local/samba/bin/</TT
-> (or your 
-	main Samba binary directory).</P
+>3.8. Passdb XML plugin</H2
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="AEN664"
+></A
+>3.8.1. Building</H3
 ><P
-><B
-CLASS="COMMAND"
->smbpasswd</B
-> now works in a client-server mode 
-	where it contacts the local smbd to change the user's password on its 
-	behalf. This has enormous benefits - as follows.</P
+>This module requires libxml2 to be installed.</P
 ><P
-><B
+>To build pdb_xml, run: <B
 CLASS="COMMAND"
->smbpasswd</B
-> now has the capability 
-	to change passwords on Windows NT servers (this only works when 
-	the request is sent to the NT Primary Domain Controller if you 
-	are changing an NT Domain user's password).</P
-><P
->To run smbpasswd as a normal user just type :</P
-><P
-><TT
-CLASS="PROMPT"
->$ </TT
-><TT
-CLASS="USERINPUT"
-><B
->smbpasswd</B
-></TT
-></P
-><P
-><TT
-CLASS="PROMPT"
->Old SMB password: </TT
-><TT
-CLASS="USERINPUT"
-><B
->&lt;type old value here - 
-	or hit return if there was no old password&gt;</B
-></TT
-></P
-><P
-><TT
-CLASS="PROMPT"
->New SMB Password: </TT
-><TT
-CLASS="USERINPUT"
-><B
->&lt;type new value&gt;
-	</B
-></TT
-></P
-><P
-><TT
-CLASS="PROMPT"
->Repeat New SMB Password: </TT
-><TT
-CLASS="USERINPUT"
-><B
->&lt;re-type new value
-	</B
-></TT
-></P
-><P
->If the old value does not match the current value stored for 
-	that user, or the two new values do not match each other, then the 
-	password will not be changed.</P
-><P
->If invoked by an ordinary user it will only allow the user 
-	to change his or her own Samba password.</P
-><P
->If run by the root user smbpasswd may take an optional 
-	argument, specifying the user name whose SMB password you wish to 
-	change.  Note that when run as root smbpasswd does not prompt for 
-	or check the old password value, thus allowing root to set passwords 
-	for users who have forgotten their passwords.</P
+>make bin/pdb_xml.so</B
+> in 
+the directory <TT
+CLASS="FILENAME"
+>source/</TT
+>. </P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN670"
+></A
+>3.8.2. Usage</H3
 ><P
-><B
-CLASS="COMMAND"
->smbpasswd</B
-> is designed to work in the same way 
-	and be familiar to UNIX users who use the <B
-CLASS="COMMAND"
->passwd</B
-> or 
-	<B
+>The usage of pdb_xml is pretty straightforward. To export data, use:
+
+<B
 CLASS="COMMAND"
->yppasswd</B
-> commands.</P
+>pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B
+>
+
+(where filename is the name of the file to put the data in)</P
 ><P
->For more details on using <B
+>To import data, use:
+<B
 CLASS="COMMAND"
->smbpasswd</B
-> refer 
-	to the man page which will always be the definitive reference.</P
+>pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B
+>
+
+Where filename is the name to read the data from and current-pdb to put it in.</P
+></DIV
 ></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="PART"
 ><A
-NAME="AEN544"
+NAME="TYPE"
 ></A
 ><DIV
 CLASS="TITLEPAGE"
@@ -3599,14 +3944,13 @@ CLASS="TITLE"
 ><DIV
 CLASS="PARTINTRO"
 ><A
-NAME="AEN546"
+NAME="AEN678"
 ></A
 ><H1
 >Introduction</H1
 ><P
->This part contains information on using samba in a (NT 4 or ADS) domain. 
-If you wish to run samba as a domain member or DC, read the appropriate chapter in 
-this part.</P
+>Samba can operate in various SMB networks. This part contains information on configuring samba 
+for various environments.</P
 ></DIV
 ><DIV
 CLASS="TOC"
@@ -3616,228 +3960,238 @@ CLASS="TOC"
 >Table of Contents</B
 ></DT
 ><DT
->6. <A
+>4. <A
+HREF="#SECURITYLEVELS"
+>User and Share security level (for servers not in a domain)</A
+></DT
+><DT
+>5. <A
 HREF="#SAMBA-PDC"
->How to Configure Samba as a NT4 Primary Domain Controller</A
+>Samba as a NT4 or Win2k Primary Domain Controller</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.1. <A
-HREF="#AEN566"
+>5.1. <A
+HREF="#AEN722"
 >Prerequisite Reading</A
 ></DT
 ><DT
->6.2. <A
-HREF="#AEN572"
+>5.2. <A
+HREF="#AEN728"
 >Background</A
 ></DT
 ><DT
->6.3. <A
-HREF="#AEN611"
+>5.3. <A
+HREF="#AEN767"
 >Configuring the Samba Domain Controller</A
 ></DT
 ><DT
->6.4. <A
-HREF="#AEN654"
+>5.4. <A
+HREF="#AEN810"
 >Creating Machine Trust Accounts and Joining Clients to the
 Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.4.1. <A
-HREF="#AEN673"
+>5.4.1. <A
+HREF="#AEN829"
 >Manual Creation of Machine Trust Accounts</A
 ></DT
 ><DT
->6.4.2. <A
-HREF="#AEN714"
+>5.4.2. <A
+HREF="#AEN870"
 >"On-the-Fly" Creation of Machine Trust Accounts</A
 ></DT
 ><DT
->6.4.3. <A
-HREF="#AEN723"
+>5.4.3. <A
+HREF="#AEN879"
 >Joining the Client to the Domain</A
 ></DT
 ></DL
 ></DD
 ><DT
->6.5. <A
-HREF="#AEN738"
+>5.5. <A
+HREF="#AEN894"
 >Common Problems and Errors</A
 ></DT
 ><DT
->6.6. <A
-HREF="#AEN786"
+>5.6. <A
+HREF="#AEN942"
 >System Policies and Profiles</A
 ></DT
 ><DT
->6.7. <A
-HREF="#AEN830"
+>5.7. <A
+HREF="#AEN986"
 >What other help can I get?</A
 ></DT
 ><DT
->6.8. <A
-HREF="#AEN944"
+>5.8. <A
+HREF="#AEN1100"
 >Domain Control for Windows 9x/ME</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.8.1. <A
-HREF="#AEN970"
+>5.8.1. <A
+HREF="#AEN1126"
 >Configuration Instructions:	Network Logons</A
 ></DT
 ><DT
->6.8.2. <A
-HREF="#AEN989"
+>5.8.2. <A
+HREF="#AEN1145"
 >Configuration Instructions:	Setting up Roaming User Profiles</A
 ></DT
 ></DL
 ></DD
 ><DT
->6.9. <A
-HREF="#AEN1082"
->DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+>5.9. <A
+HREF="#AEN1238"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &amp; Samba</A
 ></DT
 ></DL
 ></DD
 ><DT
->7. <A
+>6. <A
 HREF="#SAMBA-BDC"
 >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.1. <A
-HREF="#AEN1118"
+>6.1. <A
+HREF="#AEN1274"
 >Prerequisite Reading</A
 ></DT
 ><DT
->7.2. <A
-HREF="#AEN1122"
+>6.2. <A
+HREF="#AEN1278"
 >Background</A
 ></DT
 ><DT
->7.3. <A
-HREF="#AEN1130"
+>6.3. <A
+HREF="#AEN1286"
 >What qualifies a Domain Controller on the network?</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.3.1. <A
-HREF="#AEN1133"
+>6.3.1. <A
+HREF="#AEN1289"
 >How does a Workstation find its domain controller?</A
 ></DT
 ><DT
->7.3.2. <A
-HREF="#AEN1136"
+>6.3.2. <A
+HREF="#AEN1292"
 >When is the PDC needed?</A
 ></DT
 ></DL
 ></DD
 ><DT
->7.4. <A
-HREF="#AEN1139"
->Can Samba be a Backup Domain Controller?</A
+>6.4. <A
+HREF="#AEN1295"
+>Can Samba be a Backup Domain Controller to an NT PDC?</A
 ></DT
 ><DT
->7.5. <A
-HREF="#AEN1143"
+>6.5. <A
+HREF="#AEN1300"
 >How do I set up a Samba BDC?</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.5.1. <A
-HREF="#AEN1160"
+>6.5.1. <A
+HREF="#AEN1317"
 >How do I replicate the smbpasswd file?</A
 ></DT
+><DT
+>6.5.2. <A
+HREF="#AEN1321"
+>Can I do this all with LDAP?</A
+></DT
 ></DL
 ></DD
 ></DL
 ></DD
 ><DT
->8. <A
+>7. <A
 HREF="#ADS"
 >Samba as a ADS domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->8.1. <A
-HREF="#AEN1178"
+>7.1. <A
+HREF="#AEN1339"
 >Installing the required packages for Debian</A
 ></DT
 ><DT
->8.2. <A
-HREF="#AEN1184"
+>7.2. <A
+HREF="#AEN1346"
 >Installing the required packages for RedHat</A
 ></DT
 ><DT
->8.3. <A
-HREF="#AEN1193"
+>7.3. <A
+HREF="#AEN1356"
 >Compile Samba</A
 ></DT
 ><DT
->8.4. <A
-HREF="#AEN1205"
+>7.4. <A
+HREF="#AEN1371"
 >Setup your /etc/krb5.conf</A
 ></DT
 ><DT
->8.5. <A
-HREF="#AEN1215"
+>7.5. <A
+HREF="#AEN1381"
 >Create the computer account</A
 ></DT
 ><DD
 ><DL
 ><DT
->8.5.1. <A
-HREF="#AEN1219"
+>7.5.1. <A
+HREF="#AEN1385"
 >Possible errors</A
 ></DT
 ></DL
 ></DD
 ><DT
->8.6. <A
-HREF="#AEN1231"
+>7.6. <A
+HREF="#AEN1393"
 >Test your server setup</A
 ></DT
 ><DT
->8.7. <A
-HREF="#AEN1236"
+>7.7. <A
+HREF="#AEN1398"
 >Testing with smbclient</A
 ></DT
 ><DT
->8.8. <A
-HREF="#AEN1239"
+>7.8. <A
+HREF="#AEN1401"
 >Notes</A
 ></DT
 ></DL
 ></DD
 ><DT
->9. <A
+>8. <A
 HREF="#DOMAIN-SECURITY"
->Samba as a NT4 domain member</A
+>Samba as a NT4 or Win2k domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->9.1. <A
-HREF="#AEN1261"
->Joining an NT Domain with Samba 2.2</A
+>8.1. <A
+HREF="#AEN1423"
+>Joining an NT Domain with Samba 3.0</A
 ></DT
 ><DT
->9.2. <A
-HREF="#AEN1325"
+>8.2. <A
+HREF="#AEN1478"
 >Samba and Windows 2000 Domains</A
 ></DT
 ><DT
->9.3. <A
-HREF="#AEN1330"
+>8.3. <A
+HREF="#AEN1481"
 >Why is this better than security = server?</A
 ></DT
 ></DL
@@ -3849,17 +4203,117 @@ HREF="#AEN1330"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
+NAME="SECURITYLEVELS"
+></A
+>Chapter 4. User and Share security level (for servers not in a domain)</H1
+><P
+>A SMB server tells the client at startup what "security level" it is
+running. There are two options "share level" and "user level". Which
+of these two the client receives affects the way the client then tries
+to authenticate itself. It does not directly affect (to any great
+extent) the way the Samba server does security. I know this is
+strange, but it fits in with the client/server approach of SMB. In SMB
+everything is initiated and controlled by the client, and the server
+can only tell the client what is available and whether an action is
+allowed. </P
+><P
+>I'll describe user level security first, as its simpler. In user level
+security the client will send a "session setup" command directly after
+the protocol negotiation. This contains a username and password. The
+server can either accept or reject that username/password
+combination. Note that at this stage the server has no idea what
+share the client will eventually try to connect to, so it can't base
+the "accept/reject" on anything other than:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>the username/password</P
+></LI
+><LI
+><P
+>the machine that the client is coming from</P
+></LI
+></OL
+><P
+>If the server accepts the username/password then the client expects to
+be able to mount any share (using a "tree connection") without
+specifying a password. It expects that all access rights will be as
+the username/password specified in the "session setup". </P
+><P
+>It is also possible for a client to send multiple "session setup"
+requests. When the server responds it gives the client a "uid" to use
+as an authentication tag for that username/password. The client can
+maintain multiple authentication contexts in this way (WinDD is an
+example of an application that does this)</P
+><P
+>Ok, now for share level security. In share level security the client
+authenticates itself separately for each share. It will send a
+password along with each "tree connection" (share mount). It does not
+explicitly send a username with this operation. The client is
+expecting a password to be associated with each share, independent of
+the user. This means that samba has to work out what username the
+client probably wants to use. It is never explicitly sent the
+username. Some commercial SMB servers such as NT actually associate
+passwords directly with shares in share level security, but samba
+always uses the unix authentication scheme where it is a
+username/password that is authenticated, not a "share/password".</P
+><P
+>Many clients send a "session setup" even if the server is in share
+level security. They normally send a valid username but no
+password. Samba records this username in a list of "possible
+usernames". When the client then does a "tree connection" it also adds
+to this list the name of the share they try to connect to (useful for
+home directories) and any users listed in the "user =" smb.conf
+line. The password is then checked in turn against these "possible
+usernames". If a match is found then the client is authenticated as
+that user.</P
+><P
+>Finally "server level" security. In server level security the samba
+server reports to the client that it is in user level security. The
+client then does a "session setup" as described earlier. The samba
+server takes the username/password that the client sends and attempts
+to login to the "password server" by sending exactly the same
+username/password that it got from the client. If that server is in
+user level security and accepts the password then samba accepts the
+clients connection. This allows the samba server to use another SMB
+server as the "password server". </P
+><P
+>You should also note that at the very start of all this, where the
+server tells the client what security level it is in, it also tells
+the client if it supports encryption. If it does then it supplies the
+client with a random "cryptkey". The client will then send all
+passwords in encrypted form. You have to compile samba with encryption
+enabled to support this feature, and you have to maintain a separate
+smbpasswd file with SMB style encrypted passwords. It is
+cryptographically impossible to translate from unix style encryption
+to SMB style encryption, although there are some fairly simple management
+schemes by which the two could be kept in sync.</P
+><P
+>"security = server" means that Samba reports to clients that
+it is running in "user mode" but actually passes off all authentication
+requests to another "user mode" server. This requires an additional
+parameter "password server =" that points to the real authentication server.
+That real authentication server can be another Samba server or can be a
+Windows NT server, the later natively capable of encrypted password support.</P
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
 NAME="SAMBA-PDC"
 ></A
->Chapter 6. How to Configure Samba as a NT4 Primary Domain Controller</H1
+>Chapter 5. Samba as a NT4 or Win2k Primary Domain Controller</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN566"
+NAME="AEN722"
 ></A
->6.1. Prerequisite Reading</H2
+>5.1. Prerequisite Reading</H2
 ><P
 >Before you continue reading in this chapter, please make sure 
 that you are comfortable with configuring basic files services
@@ -3885,9 +4339,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN572"
+NAME="AEN728"
 ></A
->6.2. Background</H2
+>5.2. Background</H2
 ><DIV
 CLASS="NOTE"
 ><P
@@ -3902,7 +4356,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -4037,9 +4491,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN611"
+NAME="AEN767"
 ></A
->6.3. Configuring the Samba Domain Controller</H2
+>5.3. Configuring the Samba Domain Controller</H2
 ><P
 >The first step in creating a working Samba PDC is to 
 understand the parameters necessary in smb.conf.  I will not
@@ -4249,9 +4703,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN654"
+NAME="AEN810"
 ></A
->6.4. Creating Machine Trust Accounts and Joining Clients to the
+>5.4. Creating Machine Trust Accounts and Joining Clients to the
 Domain</H2
 ><P
 >A machine trust account is a Samba account that is used to
@@ -4323,9 +4777,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN673"
+NAME="AEN829"
 ></A
->6.4.1. Manual Creation of Machine Trust Accounts</H3
+>5.4.1. Manual Creation of Machine Trust Accounts</H3
 ><P
 >The first step in manually creating a machine trust account is to
 manually create the corresponding Unix account in
@@ -4477,7 +4931,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -4513,9 +4967,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN714"
+NAME="AEN870"
 ></A
->6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</H3
+>5.4.2. "On-the-Fly" Creation of Machine Trust Accounts</H3
 ><P
 >The second (and recommended) way of creating machine trust accounts is
 simply to allow the Samba server to create them as needed when the client
@@ -4541,7 +4995,7 @@ be created manually.</P
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
-   # &#60;...remainder of parameters...&#62;
+   # &lt;...remainder of parameters...&gt;
    add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE
 ></P
 ></DIV
@@ -4550,9 +5004,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN723"
+NAME="AEN879"
 ></A
->6.4.3. Joining the Client to the Domain</H3
+>5.4.3. Joining the Client to the Domain</H3
 ><P
 >The procedure for joining a client to the domain varies with the
 version of Windows.</P
@@ -4618,9 +5072,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN738"
+NAME="AEN894"
 ></A
->6.5. Common Problems and Errors</H2
+>5.5. Common Problems and Errors</H2
 ><P
 ></P
 ><P
@@ -4828,9 +5282,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN786"
+NAME="AEN942"
 ></A
->6.6. System Policies and Profiles</H2
+>5.6. System Policies and Profiles</H2
 ><P
 >Much of the information necessary to implement System Policies and
 Roving User Profiles in a Samba domain is the same as that for 
@@ -5005,9 +5459,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN830"
+NAME="AEN986"
 ></A
->6.7. What other help can I get?</H2
+>5.7. What other help can I get?</H2
 ><P
 >There are many sources of information available in the form 
 of mailing lists, RFC's and documentation.  The docs that come 
@@ -5425,9 +5879,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN944"
+NAME="AEN1100"
 ></A
->6.8. Domain Control for Windows 9x/ME</H2
+>5.8. Domain Control for Windows 9x/ME</H2
 ><DIV
 CLASS="NOTE"
 ><P
@@ -5442,7 +5896,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -5504,7 +5958,7 @@ TYPE="1"
 ><LI
 ><P
 >	The client broadcasts (to the IP broadcast address of the subnet it is in)
-	a NetLogon request. This is sent to the NetBIOS name DOMAIN&#60;1c&#62; at the
+	a NetLogon request. This is sent to the NetBIOS name DOMAIN&lt;1c&gt; at the
 	NetBIOS layer.  The client chooses the first response it receives, which
 	contains the NetBIOS name of the logon server to use in the format of 
 	\\SERVER.
@@ -5559,9 +6013,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN970"
+NAME="AEN1126"
 ></A
->6.8.1. Configuration Instructions:	Network Logons</H3
+>5.8.1. Configuration Instructions:	Network Logons</H3
 ><P
 >The main difference between a PDC and a Windows 9x logon 
 server configuration is that</P
@@ -5594,7 +6048,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -5665,9 +6119,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN989"
+NAME="AEN1145"
 ></A
->6.8.2. Configuration Instructions:	Setting up Roaming User Profiles</H3
+>5.8.2. Configuration Instructions:	Setting up Roaming User Profiles</H3
 ><DIV
 CLASS="WARNING"
 ><P
@@ -5682,7 +6136,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TD
@@ -5718,9 +6172,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN997"
+NAME="AEN1153"
 ></A
->6.8.2.1. Windows NT Configuration</H4
+>5.8.2.1. Windows NT Configuration</H4
 ><P
 >To support WinNT clients, in the [global] section of smb.conf set the
 following (for example):</P
@@ -5749,7 +6203,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -5769,9 +6223,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1005"
+NAME="AEN1161"
 ></A
->6.8.2.2. Windows 9X Configuration</H4
+>5.8.2.2. Windows 9X Configuration</H4
 ><P
 >To support Win9X clients, you must use the "logon home" parameter. Samba has
 now been fixed so that "net use/home" now works as well, and it, too, relies
@@ -5800,9 +6254,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1013"
+NAME="AEN1169"
 ></A
->6.8.2.3. Win9X and WinNT Configuration</H4
+>5.8.2.3. Win9X and WinNT Configuration</H4
 ><P
 >You can support profiles for both Win9X and WinNT clients by setting both the
 "logon home" and "logon path" parameters. For example:</P
@@ -5826,7 +6280,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -5845,9 +6299,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1020"
+NAME="AEN1176"
 ></A
->6.8.2.4. Windows 9X Profile Setup</H4
+>5.8.2.4. Windows 9X Profile Setup</H4
 ><P
 >When a user first logs in on Windows 9X, the file user.DAT is created,
 as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
@@ -6005,9 +6459,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1056"
+NAME="AEN1212"
 ></A
->6.8.2.5. Windows NT Workstation 4.0</H4
+>5.8.2.5. Windows NT Workstation 4.0</H4
 ><P
 >When a user first logs in to a Windows NT Workstation, the profile
 NTuser.DAT is created.  The profile location can be now specified
@@ -6026,7 +6480,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -6084,7 +6538,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -6119,9 +6573,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1069"
+NAME="AEN1225"
 ></A
->6.8.2.6. Windows NT Server</H4
+>5.8.2.6. Windows NT Server</H4
 ><P
 >There is nothing to stop you specifying any path that you like for the
 location of users' profiles.  Therefore, you could specify that the
@@ -6133,9 +6587,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1072"
+NAME="AEN1228"
 ></A
->6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</H4
+>5.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</H4
 ><DIV
 CLASS="WARNING"
 ><P
@@ -6150,7 +6604,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -6202,7 +6656,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -6226,9 +6680,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1082"
+NAME="AEN1238"
 ></A
->6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</H2
+>5.9. DOMAIN_CONTROL.txt : Windows NT Domain Control &amp; Samba</H2
 ><DIV
 CLASS="WARNING"
 ><P
@@ -6243,7 +6697,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -6365,15 +6819,15 @@ CLASS="CHAPTER"
 ><A
 NAME="SAMBA-BDC"
 ></A
->Chapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
+>Chapter 6. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1118"
+NAME="AEN1274"
 ></A
->7.1. Prerequisite Reading</H2
+>6.1. Prerequisite Reading</H2
 ><P
 >Before you continue reading in this chapter, please make sure
 that you are comfortable with configuring a Samba PDC
@@ -6388,9 +6842,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1122"
+NAME="AEN1278"
 ></A
->7.2. Background</H2
+>6.2. Background</H2
 ><P
 >What is a Domain Controller? It is a machine that is able to answer
 logon requests from workstations in a Windows NT Domain. Whenever a
@@ -6433,9 +6887,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1130"
+NAME="AEN1286"
 ></A
->7.3. What qualifies a Domain Controller on the network?</H2
+>6.3. What qualifies a Domain Controller on the network?</H2
 ><P
 >Every machine that is a Domain Controller for the domain SAMBA has to
 register the NetBIOS group name SAMBA#1c with the WINS server and/or
@@ -6450,9 +6904,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1133"
+NAME="AEN1289"
 ></A
->7.3.1. How does a Workstation find its domain controller?</H3
+>6.3.1. How does a Workstation find its domain controller?</H3
 ><P
 >A NT workstation in the domain SAMBA that wants a local user to be
 authenticated has to find the domain controller for SAMBA. It does
@@ -6469,9 +6923,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1136"
+NAME="AEN1292"
 ></A
->7.3.2. When is the PDC needed?</H3
+>6.3.2. When is the PDC needed?</H3
 ><P
 >Whenever a user wants to change his password, this has to be done on
 the PDC. To find the PDC, the workstation does a NetBIOS name query
@@ -6485,15 +6939,19 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1139"
+NAME="AEN1295"
 ></A
->7.4. Can Samba be a Backup Domain Controller?</H2
+>6.4. Can Samba be a Backup Domain Controller to an NT PDC?</H2
 ><P
 >With version 2.2, no. The native NT SAM replication protocols have
 not yet been fully implemented. The Samba Team is working on
 understanding and implementing the protocols, but this work has not
 been finished for version 2.2.</P
 ><P
+>With version 3.0, the work on both the replication protocols and a
+suitable storage mechanism has progressed, and some form of NT4 BDC
+support is expected soon.</P
+><P
 >Can I get the benefits of a BDC with Samba?  Yes. The main reason for
 implementing a BDC is availability. If the PDC is a Samba machine,
 a second Samba machine can be set up to
@@ -6504,9 +6962,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1143"
+NAME="AEN1300"
 ></A
->7.5. How do I set up a Samba BDC?</H2
+>6.5. How do I set up a Samba BDC?</H2
 ><P
 >Several things have to be done:</P
 ><P
@@ -6571,9 +7029,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1160"
+NAME="AEN1317"
 ></A
->7.5.1. How do I replicate the smbpasswd file?</H3
+>6.5.1. How do I replicate the smbpasswd file?</H3
 ><P
 >Replication of the smbpasswd file is sensitive. It has to be done
 whenever changes to the SAM are made. Every user's password change is
@@ -6587,6 +7045,21 @@ rsync. rsync can use ssh as a transport. ssh itself can be set up to
 accept *only* rsync transfer without requiring the user to type a
 password.</P
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN1321"
+></A
+>6.5.2. Can I do this all with LDAP?</H3
+><P
+>The simple answer is YES.  Samba's pdb_ldap code supports
+binding to a replica LDAP server, and will also follow referrals and
+rebind to the master if it ever needs to make a modification to the
+database.  (Normally BDCs are read only, so this will not occur
+often).</P
+></DIV
 ></DIV
 ></DIV
 ><DIV
@@ -6595,15 +7068,14 @@ CLASS="CHAPTER"
 ><A
 NAME="ADS"
 ></A
->Chapter 8. Samba as a ADS domain member</H1
+>Chapter 7. Samba as a ADS domain member</H1
+><P
+>This is a rough guide to setting up Samba 3.0 with kerberos authentication against a
+Windows2000 KDC. </P
+><P
+>Pieces you need before you begin:</P
 ><P
->This is a VERY ROUGH guide to setting up the current (November 2001)
-pre-alpha version of Samba 3.0 with kerberos authentication against a
-Windows2000 KDC. The procedures listed here are likely to change as
-the code develops.</P
 ><P
->Pieces you need before you begin:
-<P
 ></P
 ><TABLE
 BORDER="0"
@@ -6634,12 +7106,13 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1178"
+NAME="AEN1339"
 ></A
->8.1. Installing the required packages for Debian</H2
+>7.1. Installing the required packages for Debian</H2
+><P
+>On Debian you need to install the following packages:</P
+><P
 ><P
->On Debian you need to install the following packages:
-<P
 ></P
 ><TABLE
 BORDER="0"
@@ -6663,12 +7136,13 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1184"
+NAME="AEN1346"
 ></A
->8.2. Installing the required packages for RedHat</H2
+>7.2. Installing the required packages for RedHat</H2
+><P
+>On RedHat this means you should have at least: </P
+><P
 ><P
->On RedHat this means you should have at least: 
-<P
 ></P
 ><TABLE
 BORDER="0"
@@ -6701,14 +7175,15 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1193"
+NAME="AEN1356"
 ></A
->8.3. Compile Samba</H2
+>7.3. Compile Samba</H2
 ><P
 >If your kerberos libraries are in a non-standard location then
   remember to add the configure option --with-krb5=DIR.</P
 ><P
->After you run configure make sure that include/config.h contains 
+>After you run configure make sure that include/config.h it
+  generates contains 
   lines like this:</P
 ><P
 ><PRE
@@ -6727,17 +7202,27 @@ CLASS="PROGRAMLISTING"
 ><PRE
 CLASS="PROGRAMLISTING"
 >  realm = YOUR.KERBEROS.REALM
-  ads server = your.kerberos.server
   security = ADS
   encrypt passwords = yes</PRE
 ></P
 ><P
->Strictly speaking, you can omit the realm name and you can use an IP
-  address for the ads server. In that case Samba will auto-detect these.</P
+>In case samba can't figure out your ads server using your realm name, use the 
+<B
+CLASS="COMMAND"
+>ads server</B
+> option in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>:
+<PRE
+CLASS="PROGRAMLISTING"
+>  ads server = your.kerberos.server</PRE
+></P
 ><P
->You do *not* need a smbpasswd file, although it won't do any harm
-  and if you have one then Samba will be able to fall back to normal
-  password security for older clients. I expect that the above
+>You do *not* need a smbpasswd file, and older clients will
+  be authenticated as if "security = domain", although it won't do any harm
+  and allows you to have local users not in the domain.
+  I expect that the above
   required options will change soon when we get better active
   directory integration.</P
 ></DIV
@@ -6746,15 +7231,15 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1205"
+NAME="AEN1371"
 ></A
->8.4. Setup your /etc/krb5.conf</H2
+>7.4. Setup your /etc/krb5.conf</H2
 ><P
 >The minimal configuration for krb5.conf is:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->	[realms]
+>[realms]
     YOUR.KERBEROS.REALM = {
 	kdc = your.kerberos.server
     }</PRE
@@ -6778,20 +7263,18 @@ to join the realm.</P
 ><P
 >If all you want is kerberos support in smbclient then you can skip
 straight to step 5 now. Step 3 is only needed if you want kerberos
-support in smbd.</P
+support for smbd and winbindd.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1215"
+NAME="AEN1381"
 ></A
->8.5. Create the computer account</H2
+>7.5. Create the computer account</H2
 ><P
->Do a "kinit" as a user that has authority to change arbitrary
-passwords on the KDC ("Administrator" is a good choice). Then as a
-user that has write permission on the Samba private directory
+>As a user that has write permission on the Samba private directory
 (usually root) run:
 <B
 CLASS="COMMAND"
@@ -6802,9 +7285,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1219"
+NAME="AEN1385"
 ></A
->8.5.1. Possible errors</H3
+>7.5.1. Possible errors</H3
 ><P
 ><P
 ></P
@@ -6812,12 +7295,6 @@ NAME="AEN1219"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->"bash: kinit: command not found"</DT
-><DD
-><P
->kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</P
-></DD
-><DT
 >"ADS support not compiled in"</DT
 ><DD
 ><P
@@ -6833,9 +7310,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1231"
+NAME="AEN1393"
 ></A
->8.6. Test your server setup</H2
+>7.6. Test your server setup</H2
 ><P
 >On a Windows 2000 client try <B
 CLASS="COMMAND"
@@ -6853,9 +7330,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1236"
+NAME="AEN1398"
 ></A
->8.7. Testing with smbclient</H2
+>7.7. Testing with smbclient</H2
 ><P
 >On your Samba server try to login to a Win2000 server or your Samba
 server using smbclient and kerberos. Use smbclient as usual, but
@@ -6866,9 +7343,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1239"
+NAME="AEN1401"
 ></A
->8.8. Notes</H2
+>7.8. Notes</H2
 ><P
 >You must change administrator password at least once after DC install,
  to create the right encoding types</P
@@ -6883,21 +7360,21 @@ CLASS="CHAPTER"
 ><A
 NAME="DOMAIN-SECURITY"
 ></A
->Chapter 9. Samba as a NT4 domain member</H1
+>Chapter 8. Samba as a NT4 or Win2k domain member</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1261"
+NAME="AEN1423"
 ></A
->9.1. Joining an NT Domain with Samba 2.2</H2
+>8.1. Joining an NT Domain with Samba 3.0</H2
 ><P
->Assume you have a Samba 2.x server with a NetBIOS name of 
+>Assume you have a Samba 3.0 server with a NetBIOS name of 
 	<TT
 CLASS="CONSTANT"
 >SERV1</TT
-> and are joining an NT domain called
+> and are joining an or Win2k NT domain called
 	<TT
 CLASS="CONSTANT"
 >DOM</TT
@@ -6915,107 +7392,7 @@ CLASS="CONSTANT"
 	</TT
 >.</P
 ><P
->In order to join the domain, first stop all Samba daemons 
-	and run the command:</P
-><P
-><TT
-CLASS="PROMPT"
->root# </TT
-><TT
-CLASS="USERINPUT"
-><B
->smbpasswd -j DOM -r DOMPDC
-	-U<TT
-CLASS="REPLACEABLE"
-><I
->Administrator%password</I
-></TT
-></B
-></TT
-></P
-><P
->as we are joining the domain DOM and the PDC for that domain 
-	(the only machine that has write access to the domain SAM database) 
-	is DOMPDC. The <TT
-CLASS="REPLACEABLE"
-><I
->Administrator%password</I
-></TT
-> is 
-	the login name and password for an account which has the necessary 
-	privilege to add machines to the domain.  If this is successful 
-	you will see the message:</P
-><P
-><TT
-CLASS="COMPUTEROUTPUT"
->smbpasswd: Joined domain DOM.</TT
->
-	</P
-><P
->in your terminal window. See the <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
->	smbpasswd(8)</A
-> man page for more details.</P
-><P
->There is existing development code to join a domain
-	without having to create the machine trust account on the PDC
-	beforehand.  This code will hopefully be available soon
-	in release branches as well.</P
-><P
->This command goes through the machine account password 
-	change protocol, then writes the new (random) machine account 
-	password for this Samba server into a file in the same directory 
-	in which an smbpasswd file would be stored - normally :</P
-><P
-><TT
-CLASS="FILENAME"
->/usr/local/samba/private</TT
-></P
-><P
->In Samba 2.0.x, the filename looks like this:</P
-><P
-><TT
-CLASS="FILENAME"
-><TT
-CLASS="REPLACEABLE"
-><I
->&lt;NT DOMAIN NAME&gt;</I
-></TT
->.<TT
-CLASS="REPLACEABLE"
-><I
->&lt;Samba 
-	Server Name&gt;</I
-></TT
->.mac</TT
-></P
-><P
->The <TT
-CLASS="FILENAME"
->.mac</TT
-> suffix stands for machine account 
-	password file. So in our example above, the file would be called:</P
-><P
-><TT
-CLASS="FILENAME"
->DOM.SERV1.mac</TT
-></P
-><P
->In Samba 2.2, this file has been replaced with a TDB 
-	(Trivial Database) file named <TT
-CLASS="FILENAME"
->secrets.tdb</TT
->.
-	</P
-><P
->This file is created and owned by root and is not 
-	readable by any other user. It is the key to the domain-level 
-	security for your system, and should be treated as carefully 
-	as a shadow password file.</P
-><P
->Now, before restarting the Samba daemons you must 
-	edit your <A
+>Firstly, you must edit your <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
@@ -7040,7 +7417,12 @@ CLASS="PARAMETER"
 ><B
 CLASS="COMMAND"
 >security = domain</B
-></P
+> or
+	<B
+CLASS="COMMAND"
+>security = ads</B
+> depending on if the PDC is
+	NT4 or running Active Directory respectivly.</P
 ><P
 >Next change the <A
 HREF="smb.conf.5.html#WORKGROUP"
@@ -7087,30 +7469,96 @@ CLASS="PARAMETER"
 > line in the [global]
 	section to read: </P
 ><P
-><B
-CLASS="COMMAND"
->password server = DOMPDC DOMBDC1 DOMBDC2</B
-></P
+><B
+CLASS="COMMAND"
+>password server = DOMPDC DOMBDC1 DOMBDC2</B
+></P
+><P
+>These are the primary and backup domain controllers Samba 
+	will attempt to contact in order to authenticate users. Samba will 
+	try to contact each of these servers in order, so you may want to 
+	rearrange this list in order to spread out the authentication load 
+	among domain controllers.</P
+><P
+>Alternatively, if you want smbd to automatically determine 
+	the list of Domain controllers to use for authentication, you may 
+	set this line to be :</P
+><P
+><B
+CLASS="COMMAND"
+>password server = *</B
+></P
+><P
+>This method, allows Samba to use exactly the same
+        mechanism that NT does. This 
+	method either broadcasts or uses a WINS database in order to
+	find domain controllers to authenticate against.</P
+><P
+>In order to actually join the domain, you must run this
+        command:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>net join -S DOMPDC
+	-U<TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+></B
+></TT
+></P
+><P
+>as we are joining the domain DOM and the PDC for that domain 
+	(the only machine that has write access to the domain SAM database) 
+	is DOMPDC. The <TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+> is 
+	the login name and password for an account which has the necessary 
+	privilege to add machines to the domain.  If this is successful 
+	you will see the message:</P
+><P
+><TT
+CLASS="COMPUTEROUTPUT"
+>Joined domain DOM.</TT
+>
+	or <TT
+CLASS="COMPUTEROUTPUT"
+>Joined 'SERV1' to realm 'MYREALM'</TT
+>
+	</P
+><P
+>in your terminal window. See the <A
+HREF="net.8.html"
+TARGET="_top"
+>	net(8)</A
+> man page for more details.</P
 ><P
->These are the primary and backup domain controllers Samba 
-	will attempt to contact in order to authenticate users. Samba will 
-	try to contact each of these servers in order, so you may want to 
-	rearrange this list in order to spread out the authentication load 
-	among domain controllers.</P
+>This process joins the server to thedomain
+	without having to create the machine trust account on the PDC
+	beforehand.</P
 ><P
->Alternatively, if you want smbd to automatically determine 
-	the list of Domain controllers to use for authentication, you may 
-	set this line to be :</P
+>This command goes through the machine account password 
+	change protocol, then writes the new (random) machine account 
+	password for this Samba server into a file in the same directory 
+	in which an smbpasswd file would be stored - normally :</P
 ><P
-><B
-CLASS="COMMAND"
->password server = *</B
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/private/secrets.tdb</TT
 ></P
 ><P
->This method, which was introduced in Samba 2.0.6, 
-	allows Samba to use exactly the same mechanism that NT does. This 
-	method either broadcasts or uses a WINS database in order to
-	find domain controllers to authenticate against.</P
+>This file is created and owned by root and is not 
+	readable by any other user. It is the key to the domain-level 
+	security for your system, and should be treated as carefully 
+	as a shadow password file.</P
 ><P
 >Finally, restart your Samba daemons and get ready for 
 	clients to begin using domain security!</P
@@ -7120,34 +7568,23 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1325"
+NAME="AEN1478"
 ></A
->9.2. Samba and Windows 2000 Domains</H2
+>8.2. Samba and Windows 2000 Domains</H2
 ><P
 >Many people have asked regarding the state of Samba's ability to participate in
 a Windows 2000 Domain.  Samba 3.0 is able to act as a member server of a Windows
-2000 domain operating in mixed or native mode.</P
-><P
->There is much confusion between the circumstances that require a "mixed" mode
-Win2k DC and a when this host can be switched to "native" mode.  A "mixed" mode
-Win2k domain controller is only needed if Windows NT BDCs must exist in the same
-domain.  By default, a Win2k DC in "native" mode will still support
-NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and 
-NT 4.0.  Samba has the same requirements as a Windows NT 4.0 member server.</P
-><P
->The steps for adding a Samba 2.2 host to a Win2k domain are the same as those
-for adding a Samba server to a Windows NT 4.0 domain. The only exception is that 
-the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and 
-Computers" MMC (Microsoft Management Console) plugin.</P
+2000 domain operating in mixed or native mode.  The steps above apply
+to both NT4 and Windows 2000.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1330"
+NAME="AEN1481"
 ></A
->9.3. Why is this better than security = server?</H2
+>8.3. Why is this better than security = server?</H2
 ><P
 >Currently, domain security in Samba doesn't free you from 
 	having to create local Unix users to represent the users attaching 
@@ -7203,13 +7640,7 @@ CLASS="COMMAND"
 >And finally, acting in the same manner as an NT server 
 	authenticating to a PDC means that as part of the authentication 
 	reply, the Samba server gets the user identification information such 
-	as the user SID, the list of NT groups the user belongs to, etc. All 
-	this information will allow Samba to be extended in the future into 
-	a mode the developers currently call appliance mode. In this mode, 
-	no local Unix users will be necessary, and Samba will generate Unix 
-	uids and gids from the information passed back from the PDC when a 
-	user is authenticated, making a Samba server truly plug and play 
-	in an NT domain environment. Watch for this code soon.</P
+	as the user SID, the list of NT groups the user belongs to, etc. </P
 ><P
 ><SPAN
 CLASS="emphasis"
@@ -7235,7 +7666,7 @@ TARGET="_top"
 ><DIV
 CLASS="PART"
 ><A
-NAME="AEN1346"
+NAME="OPTIONAL"
 ></A
 ><DIV
 CLASS="TITLEPAGE"
@@ -7245,7 +7676,7 @@ CLASS="TITLE"
 ><DIV
 CLASS="PARTINTRO"
 ><A
-NAME="AEN1348"
+NAME="AEN1499"
 ></A
 ><H1
 >Introduction</H1
@@ -7261,51 +7692,51 @@ CLASS="TOC"
 >Table of Contents</B
 ></DT
 ><DT
->10. <A
+>9. <A
 HREF="#INTEGRATE-MS-NETWORKS"
 >Integrating MS Windows networks with Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.1. <A
-HREF="#AEN1362"
+>9.1. <A
+HREF="#AEN1513"
 >Agenda</A
 ></DT
 ><DT
->10.2. <A
-HREF="#AEN1384"
+>9.2. <A
+HREF="#AEN1535"
 >Name Resolution in a pure Unix/Linux world</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.2.1. <A
-HREF="#AEN1400"
+>9.2.1. <A
+HREF="#AEN1551"
 ><TT
 CLASS="FILENAME"
 >/etc/hosts</TT
 ></A
 ></DT
 ><DT
->10.2.2. <A
-HREF="#AEN1416"
+>9.2.2. <A
+HREF="#AEN1567"
 ><TT
 CLASS="FILENAME"
 >/etc/resolv.conf</TT
 ></A
 ></DT
 ><DT
->10.2.3. <A
-HREF="#AEN1427"
+>9.2.3. <A
+HREF="#AEN1578"
 ><TT
 CLASS="FILENAME"
 >/etc/host.conf</TT
 ></A
 ></DT
 ><DT
->10.2.4. <A
-HREF="#AEN1435"
+>9.2.4. <A
+HREF="#AEN1586"
 ><TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
@@ -7314,140 +7745,140 @@ CLASS="FILENAME"
 ></DL
 ></DD
 ><DT
->10.3. <A
-HREF="#AEN1447"
+>9.3. <A
+HREF="#AEN1598"
 >Name resolution as used within MS Windows networking</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.3.1. <A
-HREF="#AEN1459"
+>9.3.1. <A
+HREF="#AEN1610"
 >The NetBIOS Name Cache</A
 ></DT
 ><DT
->10.3.2. <A
-HREF="#AEN1464"
+>9.3.2. <A
+HREF="#AEN1615"
 >The LMHOSTS file</A
 ></DT
 ><DT
->10.3.3. <A
-HREF="#AEN1472"
+>9.3.3. <A
+HREF="#AEN1623"
 >HOSTS file</A
 ></DT
 ><DT
->10.3.4. <A
-HREF="#AEN1477"
+>9.3.4. <A
+HREF="#AEN1628"
 >DNS Lookup</A
 ></DT
 ><DT
->10.3.5. <A
-HREF="#AEN1480"
+>9.3.5. <A
+HREF="#AEN1631"
 >WINS Lookup</A
 ></DT
 ></DL
 ></DD
 ><DT
->10.4. <A
-HREF="#AEN1492"
+>9.4. <A
+HREF="#AEN1643"
 >How browsing functions and how to deploy stable and 
 dependable browsing using Samba</A
 ></DT
 ><DT
->10.5. <A
-HREF="#AEN1502"
+>9.5. <A
+HREF="#AEN1653"
 >MS Windows security options and how to configure 
 Samba for seemless integration</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.5.1. <A
-HREF="#AEN1530"
+>9.5.1. <A
+HREF="#AEN1681"
 >Use MS Windows NT as an authentication server</A
 ></DT
 ><DT
->10.5.2. <A
-HREF="#AEN1538"
+>9.5.2. <A
+HREF="#AEN1689"
 >Make Samba a member of an MS Windows NT security domain</A
 ></DT
 ><DT
->10.5.3. <A
-HREF="#AEN1555"
+>9.5.3. <A
+HREF="#AEN1706"
 >Configure Samba as an authentication server</A
 ></DT
 ></DL
 ></DD
 ><DT
->10.6. <A
-HREF="#AEN1572"
+>9.6. <A
+HREF="#AEN1723"
 >Conclusions</A
 ></DT
 ></DL
 ></DD
 ><DT
->11. <A
+>10. <A
 HREF="#UNIX-PERMISSIONS"
 >UNIX Permission Bits and Windows NT Access Control Lists</A
 ></DT
 ><DD
 ><DL
 ><DT
->11.1. <A
-HREF="#AEN1593"
+>10.1. <A
+HREF="#AEN1744"
 >Viewing and changing UNIX permissions using the NT 
 	security dialogs</A
 ></DT
 ><DT
->11.2. <A
-HREF="#AEN1602"
+>10.2. <A
+HREF="#AEN1748"
 >How to view file security on a Samba share</A
 ></DT
 ><DT
->11.3. <A
-HREF="#AEN1613"
+>10.3. <A
+HREF="#AEN1759"
 >Viewing file ownership</A
 ></DT
 ><DT
->11.4. <A
-HREF="#AEN1633"
+>10.4. <A
+HREF="#AEN1779"
 >Viewing file or directory permissions</A
 ></DT
 ><DD
 ><DL
 ><DT
->11.4.1. <A
-HREF="#AEN1648"
+>10.4.1. <A
+HREF="#AEN1794"
 >File Permissions</A
 ></DT
 ><DT
->11.4.2. <A
-HREF="#AEN1662"
+>10.4.2. <A
+HREF="#AEN1808"
 >Directory Permissions</A
 ></DT
 ></DL
 ></DD
 ><DT
->11.5. <A
-HREF="#AEN1669"
+>10.5. <A
+HREF="#AEN1815"
 >Modifying file or directory permissions</A
 ></DT
 ><DT
->11.6. <A
-HREF="#AEN1691"
+>10.6. <A
+HREF="#AEN1837"
 >Interaction with the standard Samba create mask 
 	parameters</A
 ></DT
 ><DT
->11.7. <A
-HREF="#AEN1755"
+>10.7. <A
+HREF="#AEN1901"
 >Interaction with the standard Samba file attribute 
 	mapping</A
 ></DT
 ></DL
 ></DD
 ><DT
->12. <A
+>11. <A
 HREF="#PAM"
 >Configuring PAM for distributed but centrally 
 managed authentication</A
@@ -7455,39 +7886,39 @@ managed authentication</A
 ><DD
 ><DL
 ><DT
->12.1. <A
-HREF="#AEN1776"
+>11.1. <A
+HREF="#AEN1922"
 >Samba and PAM</A
 ></DT
 ><DT
->12.2. <A
-HREF="#AEN1820"
+>11.2. <A
+HREF="#AEN1966"
 >Distributed Authentication</A
 ></DT
 ><DT
->12.3. <A
-HREF="#AEN1827"
+>11.3. <A
+HREF="#AEN1973"
 >PAM Configuration in smb.conf</A
 ></DT
 ></DL
 ></DD
 ><DT
->13. <A
+>12. <A
 HREF="#MSDFS"
 >Hosting a Microsoft Distributed File System tree on Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->13.1. <A
-HREF="#AEN1847"
+>12.1. <A
+HREF="#AEN1993"
 >Instructions</A
 ></DT
 ><DD
 ><DL
 ><DT
->13.1.1. <A
-HREF="#AEN1882"
+>12.1.1. <A
+HREF="#AEN2028"
 >Notes</A
 ></DT
 ></DL
@@ -7495,130 +7926,130 @@ HREF="#AEN1882"
 ></DL
 ></DD
 ><DT
->14. <A
+>13. <A
 HREF="#PRINTING"
 >Printing Support</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.1. <A
-HREF="#AEN1908"
+>13.1. <A
+HREF="#AEN2054"
 >Introduction</A
 ></DT
 ><DT
->14.2. <A
-HREF="#AEN1930"
+>13.2. <A
+HREF="#AEN2076"
 >Configuration</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.2.1. <A
-HREF="#AEN1938"
+>13.2.1. <A
+HREF="#AEN2084"
 >Creating [print$]</A
 ></DT
 ><DT
->14.2.2. <A
-HREF="#AEN1973"
+>13.2.2. <A
+HREF="#AEN2119"
 >Setting Drivers for Existing Printers</A
 ></DT
 ><DT
->14.2.3. <A
-HREF="#AEN1989"
+>13.2.3. <A
+HREF="#AEN2135"
 >Support a large number of printers</A
 ></DT
 ><DT
->14.2.4. <A
-HREF="#AEN2000"
+>13.2.4. <A
+HREF="#AEN2146"
 >Adding New Printers via the Windows NT APW</A
 ></DT
 ><DT
->14.2.5. <A
-HREF="#AEN2030"
+>13.2.5. <A
+HREF="#AEN2176"
 >Samba and Printer Ports</A
 ></DT
 ></DL
 ></DD
 ><DT
->14.3. <A
-HREF="#AEN2038"
+>13.3. <A
+HREF="#AEN2184"
 >The Imprints Toolset</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.3.1. <A
-HREF="#AEN2042"
+>13.3.1. <A
+HREF="#AEN2188"
 >What is Imprints?</A
 ></DT
 ><DT
->14.3.2. <A
-HREF="#AEN2052"
+>13.3.2. <A
+HREF="#AEN2198"
 >Creating Printer Driver Packages</A
 ></DT
 ><DT
->14.3.3. <A
-HREF="#AEN2055"
+>13.3.3. <A
+HREF="#AEN2201"
 >The Imprints server</A
 ></DT
 ><DT
->14.3.4. <A
-HREF="#AEN2059"
+>13.3.4. <A
+HREF="#AEN2205"
 >The Installation Client</A
 ></DT
 ></DL
 ></DD
 ><DT
->14.4. <A
-HREF="#AEN2081"
+>13.4. <A
+HREF="#AEN2227"
 >Diagnosis</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.4.1. <A
-HREF="#AEN2083"
+>13.4.1. <A
+HREF="#AEN2229"
 >Introduction</A
 ></DT
 ><DT
->14.4.2. <A
-HREF="#AEN2099"
+>13.4.2. <A
+HREF="#AEN2245"
 >Debugging printer problems</A
 ></DT
 ><DT
->14.4.3. <A
-HREF="#AEN2108"
+>13.4.3. <A
+HREF="#AEN2254"
 >What printers do I have?</A
 ></DT
 ><DT
->14.4.4. <A
-HREF="#AEN2116"
+>13.4.4. <A
+HREF="#AEN2262"
 >Setting up printcap and print servers</A
 ></DT
 ><DT
->14.4.5. <A
-HREF="#AEN2144"
+>13.4.5. <A
+HREF="#AEN2290"
 >Job sent, no output</A
 ></DT
 ><DT
->14.4.6. <A
-HREF="#AEN2155"
+>13.4.6. <A
+HREF="#AEN2301"
 >Job sent, strange output</A
 ></DT
 ><DT
->14.4.7. <A
-HREF="#AEN2167"
+>13.4.7. <A
+HREF="#AEN2313"
 >Raw PostScript printed</A
 ></DT
 ><DT
->14.4.8. <A
-HREF="#AEN2170"
+>13.4.8. <A
+HREF="#AEN2316"
 >Advanced Printing</A
 ></DT
 ><DT
->14.4.9. <A
-HREF="#AEN2173"
+>13.4.9. <A
+HREF="#AEN2319"
 >Real debugging</A
 ></DT
 ></DL
@@ -7626,273 +8057,268 @@ HREF="#AEN2173"
 ></DL
 ></DD
 ><DT
->15. <A
-HREF="#SECURITYLEVELS"
->Security levels</A
-></DT
-><DD
-><DL
-><DT
->15.1. <A
-HREF="#AEN2186"
->Introduction</A
-></DT
-><DT
->15.2. <A
-HREF="#AEN2197"
->More complete description of security levels</A
-></DT
-></DL
-></DD
-><DT
->16. <A
+>14. <A
 HREF="#WINBIND"
 >Unified Logons between Windows NT and UNIX using Winbind</A
 ></DT
 ><DD
 ><DL
 ><DT
->16.1. <A
-HREF="#AEN2249"
+>14.1. <A
+HREF="#AEN2360"
 >Abstract</A
 ></DT
 ><DT
->16.2. <A
-HREF="#AEN2253"
+>14.2. <A
+HREF="#AEN2364"
 >Introduction</A
 ></DT
 ><DT
->16.3. <A
-HREF="#AEN2266"
+>14.3. <A
+HREF="#AEN2377"
 >What Winbind Provides</A
 ></DT
 ><DD
 ><DL
 ><DT
->16.3.1. <A
-HREF="#AEN2273"
+>14.3.1. <A
+HREF="#AEN2384"
 >Target Uses</A
 ></DT
 ></DL
 ></DD
 ><DT
->16.4. <A
-HREF="#AEN2277"
+>14.4. <A
+HREF="#AEN2388"
 >How Winbind Works</A
 ></DT
 ><DD
 ><DL
 ><DT
->16.4.1. <A
-HREF="#AEN2282"
+>14.4.1. <A
+HREF="#AEN2393"
 >Microsoft Remote Procedure Calls</A
 ></DT
 ><DT
->16.4.2. <A
-HREF="#AEN2286"
+>14.4.2. <A
+HREF="#AEN2397"
+>Microsoft Active Directory Services</A
+></DT
+><DT
+>14.4.3. <A
+HREF="#AEN2400"
 >Name Service Switch</A
 ></DT
 ><DT
->16.4.3. <A
-HREF="#AEN2302"
+>14.4.4. <A
+HREF="#AEN2416"
 >Pluggable Authentication Modules</A
 ></DT
 ><DT
->16.4.4. <A
-HREF="#AEN2310"
+>14.4.5. <A
+HREF="#AEN2424"
 >User and Group ID Allocation</A
 ></DT
 ><DT
->16.4.5. <A
-HREF="#AEN2314"
+>14.4.6. <A
+HREF="#AEN2428"
 >Result Caching</A
 ></DT
 ></DL
 ></DD
 ><DT
->16.5. <A
-HREF="#AEN2317"
+>14.5. <A
+HREF="#AEN2431"
 >Installation and Configuration</A
 ></DT
 ><DD
 ><DL
 ><DT
->16.5.1. <A
-HREF="#AEN2324"
+>14.5.1. <A
+HREF="#AEN2438"
 >Introduction</A
 ></DT
 ><DT
->16.5.2. <A
-HREF="#AEN2337"
+>14.5.2. <A
+HREF="#AEN2451"
 >Requirements</A
 ></DT
 ><DT
->16.5.3. <A
-HREF="#AEN2351"
+>14.5.3. <A
+HREF="#AEN2465"
 >Testing Things Out</A
 ></DT
 ></DL
 ></DD
 ><DT
->16.6. <A
-HREF="#AEN2566"
+>14.6. <A
+HREF="#AEN2680"
 >Limitations</A
 ></DT
 ><DT
->16.7. <A
-HREF="#AEN2576"
+>14.7. <A
+HREF="#AEN2690"
 >Conclusion</A
 ></DT
 ></DL
 ></DD
 ><DT
->17. <A
-HREF="#PDB-MYSQL"
->Passdb MySQL plugin</A
+>15. <A
+HREF="#IMPROVED-BROWSING"
+>Improved browsing in samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->17.1. <A
-HREF="#AEN2590"
->Building</A
-></DT
-><DT
->17.2. <A
-HREF="#AEN2596"
->Configuring</A
+>15.1. <A
+HREF="#AEN2700"
+>Overview of browsing</A
 ></DT
 ><DT
->17.3. <A
-HREF="#AEN2611"
->Using plaintext passwords or encrypted password</A
+>15.2. <A
+HREF="#AEN2704"
+>Browsing support in samba</A
 ></DT
 ><DT
->17.4. <A
-HREF="#AEN2616"
->Getting non-column data from the table</A
+>15.3. <A
+HREF="#AEN2713"
+>Problem resolution</A
 ></DT
-></DL
-></DD
 ><DT
->18. <A
-HREF="#PDB-XML"
->Passdb XML plugin</A
+>15.4. <A
+HREF="#AEN2720"
+>Browsing across subnets</A
 ></DT
 ><DD
 ><DL
 ><DT
->18.1. <A
-HREF="#AEN2635"
->Building</A
-></DT
-><DT
->18.2. <A
-HREF="#AEN2641"
->Usage</A
+>15.4.1. <A
+HREF="#AEN2725"
+>How does cross subnet browsing work ?</A
 ></DT
 ></DL
 ></DD
 ><DT
->19. <A
-HREF="#SAMBA-LDAP-HOWTO"
->Storing Samba's User/Machine Account information in an LDAP Directory</A
+>15.5. <A
+HREF="#AEN2760"
+>Setting up a WINS server</A
 ></DT
-><DD
-><DL
 ><DT
->19.1. <A
-HREF="#AEN2664"
->Purpose</A
+>15.6. <A
+HREF="#AEN2779"
+>Setting up Browsing in a WORKGROUP</A
 ></DT
 ><DT
->19.2. <A
-HREF="#AEN2684"
->Introduction</A
+>15.7. <A
+HREF="#AEN2797"
+>Setting up Browsing in a DOMAIN</A
 ></DT
 ><DT
->19.3. <A
-HREF="#AEN2713"
->Supported LDAP Servers</A
+>15.8. <A
+HREF="#AEN2807"
+>Forcing samba to be the master</A
 ></DT
 ><DT
->19.4. <A
-HREF="#AEN2718"
->Schema and Relationship to the RFC 2307 posixAccount</A
+>15.9. <A
+HREF="#AEN2816"
+>Making samba the domain master</A
 ></DT
 ><DT
->19.5. <A
-HREF="#AEN2730"
->Configuring Samba with LDAP</A
+>15.10. <A
+HREF="#AEN2834"
+>Note about broadcast addresses</A
+></DT
+><DT
+>15.11. <A
+HREF="#AEN2837"
+>Multiple interfaces</A
+></DT
+></DL
+></DD
+><DT
+>16. <A
+HREF="#VFS"
+>Stackable VFS modules</A
 ></DT
 ><DD
 ><DL
 ><DT
->19.5.1. <A
-HREF="#AEN2732"
->OpenLDAP configuration</A
+>16.1. <A
+HREF="#AEN2855"
+>Introduction and configuration</A
 ></DT
 ><DT
->19.5.2. <A
-HREF="#AEN2749"
->Configuring Samba</A
+>16.2. <A
+HREF="#AEN2864"
+>Included modules</A
 ></DT
-></DL
-></DD
+><DD
+><DL
 ><DT
->19.6. <A
-HREF="#AEN2777"
->Accounts and Groups management</A
+>16.2.1. <A
+HREF="#AEN2866"
+>audit</A
 ></DT
 ><DT
->19.7. <A
-HREF="#AEN2782"
->Security and sambaAccount</A
+>16.2.2. <A
+HREF="#AEN2874"
+>recycle</A
 ></DT
 ><DT
->19.8. <A
-HREF="#AEN2802"
->LDAP specials attributes for sambaAccounts</A
+>16.2.3. <A
+HREF="#AEN2911"
+>netatalk</A
 ></DT
+></DL
+></DD
 ><DT
->19.9. <A
-HREF="#AEN2872"
->Example LDIF Entries for a sambaAccount</A
+>16.3. <A
+HREF="#AEN2918"
+>VFS modules available elsewhere</A
 ></DT
+><DD
+><DL
 ><DT
->19.10. <A
-HREF="#AEN2880"
->Comments</A
+>16.3.1. <A
+HREF="#AEN2922"
+>DatabaseFS</A
 ></DT
+><DT
+>16.3.2. <A
+HREF="#AEN2930"
+>vscan</A
+></DT
+></DL
+></DD
 ></DL
 ></DD
 ><DT
->20. <A
+>17. <A
 HREF="#CVS-ACCESS"
->HOWTO Access Samba source code via CVS</A
+>Access Samba source code via CVS</A
 ></DT
 ><DD
 ><DL
 ><DT
->20.1. <A
-HREF="#AEN2891"
+>17.1. <A
+HREF="#AEN2942"
 >Introduction</A
 ></DT
 ><DT
->20.2. <A
-HREF="#AEN2896"
+>17.2. <A
+HREF="#AEN2947"
 >CVS Access to samba.org</A
 ></DT
 ><DD
 ><DL
 ><DT
->20.2.1. <A
-HREF="#AEN2899"
+>17.2.1. <A
+HREF="#AEN2950"
 >Access via CVSweb</A
 ></DT
 ><DT
->20.2.2. <A
-HREF="#AEN2904"
+>17.2.2. <A
+HREF="#AEN2955"
 >Access via cvs</A
 ></DT
 ></DL
@@ -7900,120 +8326,114 @@ HREF="#AEN2904"
 ></DL
 ></DD
 ><DT
->21. <A
+>18. <A
 HREF="#GROUPMAPPING"
 >Group mapping HOWTO</A
 ></DT
 ><DT
->22. <A
+>19. <A
 HREF="#SPEED"
 >Samba performance issues</A
 ></DT
 ><DD
 ><DL
 ><DT
->22.1. <A
-HREF="#AEN2982"
+>19.1. <A
+HREF="#AEN3033"
 >Comparisons</A
 ></DT
 ><DT
->22.2. <A
-HREF="#AEN2988"
->Oplocks</A
-></DT
-><DD
-><DL
-><DT
->22.2.1. <A
-HREF="#AEN2990"
->Overview</A
-></DT
-><DT
->22.2.2. <A
-HREF="#AEN2998"
->Level2 Oplocks</A
+>19.2. <A
+HREF="#AEN3039"
+>Socket options</A
 ></DT
 ><DT
->22.2.3. <A
-HREF="#AEN3004"
->Old 'fake oplocks' option - deprecated</A
+>19.3. <A
+HREF="#AEN3046"
+>Read size</A
 ></DT
-></DL
-></DD
 ><DT
->22.3. <A
-HREF="#AEN3008"
->Socket options</A
+>19.4. <A
+HREF="#AEN3051"
+>Max xmit</A
 ></DT
 ><DT
->22.4. <A
-HREF="#AEN3015"
->Read size</A
+>19.5. <A
+HREF="#AEN3056"
+>Log level</A
 ></DT
 ><DT
->22.5. <A
-HREF="#AEN3020"
->Max xmit</A
+>19.6. <A
+HREF="#AEN3059"
+>Read raw</A
 ></DT
 ><DT
->22.6. <A
-HREF="#AEN3025"
->Locking</A
+>19.7. <A
+HREF="#AEN3064"
+>Write raw</A
 ></DT
 ><DT
->22.7. <A
-HREF="#AEN3029"
->Share modes</A
+>19.8. <A
+HREF="#AEN3068"
+>Slow Clients</A
 ></DT
 ><DT
->22.8. <A
-HREF="#AEN3034"
->Log level</A
+>19.9. <A
+HREF="#AEN3072"
+>Slow Logins</A
 ></DT
 ><DT
->22.9. <A
-HREF="#AEN3037"
->Wide lines</A
+>19.10. <A
+HREF="#AEN3075"
+>Client tuning</A
 ></DT
+></DL
+></DD
 ><DT
->22.10. <A
-HREF="#AEN3040"
->Read raw</A
+>20. <A
+HREF="#GROUPPROFILES"
+>Creating Group Profiles</A
 ></DT
+><DD
+><DL
 ><DT
->22.11. <A
-HREF="#AEN3045"
->Write raw</A
+>20.1. <A
+HREF="#AEN3123"
+>Windows '9x</A
 ></DT
 ><DT
->22.12. <A
-HREF="#AEN3049"
->Read prediction</A
+>20.2. <A
+HREF="#AEN3132"
+>Windows NT 4</A
 ></DT
+><DD
+><DL
 ><DT
->22.13. <A
-HREF="#AEN3056"
->Memory mapping</A
+>20.2.1. <A
+HREF="#AEN3155"
+>Side bar Notes</A
 ></DT
 ><DT
->22.14. <A
-HREF="#AEN3061"
->Slow Clients</A
+>20.2.2. <A
+HREF="#AEN3159"
+>Mandatory profiles</A
 ></DT
 ><DT
->22.15. <A
-HREF="#AEN3065"
->Slow Logins</A
+>20.2.3. <A
+HREF="#AEN3162"
+>moveuser.exe</A
 ></DT
 ><DT
->22.16. <A
-HREF="#AEN3068"
->Client tuning</A
+>20.2.4. <A
+HREF="#AEN3165"
+>Get SID</A
 ></DT
+></DL
+></DD
 ><DT
->22.17. <A
-HREF="#AEN3100"
->My Results</A
+>20.3. <A
+HREF="#AEN3170"
+>Windows 2000/XP</A
 ></DT
 ></DL
 ></DD
@@ -8026,15 +8446,15 @@ CLASS="CHAPTER"
 ><A
 NAME="INTEGRATE-MS-NETWORKS"
 ></A
->Chapter 10. Integrating MS Windows networks with Samba</H1
+>Chapter 9. Integrating MS Windows networks with Samba</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1362"
+NAME="AEN1513"
 ></A
->10.1. Agenda</H2
+>9.1. Agenda</H2
 ><P
 >To identify the key functional mechanisms of MS Windows networking 
 to enable the deployment of Samba as a means of extending and/or 
@@ -8099,9 +8519,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1384"
+NAME="AEN1535"
 ></A
->10.2. Name Resolution in a pure Unix/Linux world</H2
+>9.2. Name Resolution in a pure Unix/Linux world</H2
 ><P
 >The key configuration files covered in this section are:</P
 ><P
@@ -8141,9 +8561,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1400"
+NAME="AEN1551"
 ></A
->10.2.1. <TT
+>9.2.1. <TT
 CLASS="FILENAME"
 >/etc/hosts</TT
 ></H3
@@ -8222,9 +8642,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1416"
+NAME="AEN1567"
 ></A
->10.2.2. <TT
+>9.2.2. <TT
 CLASS="FILENAME"
 >/etc/resolv.conf</TT
 ></H3
@@ -8260,9 +8680,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1427"
+NAME="AEN1578"
 ></A
->10.2.3. <TT
+>9.2.3. <TT
 CLASS="FILENAME"
 >/etc/host.conf</TT
 ></H3
@@ -8289,9 +8709,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1435"
+NAME="AEN1586"
 ></A
->10.2.4. <TT
+>9.2.4. <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
 ></H3
@@ -8358,9 +8778,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1447"
+NAME="AEN1598"
 ></A
->10.3. Name resolution as used within MS Windows networking</H2
+>9.3. Name resolution as used within MS Windows networking</H2
 ><P
 >MS Windows networking is predicated about the name each machine 
 is given. This name is known variously (and inconsistently) as 
@@ -8380,16 +8800,16 @@ the client/server.</P
 ><PRE
 CLASS="PROGRAMLISTING"
 >	Unique NetBIOS Names:
-		MACHINENAME&#60;00&#62;	= Server Service is running on MACHINENAME
-		MACHINENAME&#60;03&#62; = Generic Machine Name (NetBIOS name)
-		MACHINENAME&#60;20&#62; = LanMan Server service is running on MACHINENAME
-		WORKGROUP&#60;1b&#62; = Domain Master Browser
+		MACHINENAME&lt;00&gt;	= Server Service is running on MACHINENAME
+		MACHINENAME&lt;03&gt; = Generic Machine Name (NetBIOS name)
+		MACHINENAME&lt;20&gt; = LanMan Server service is running on MACHINENAME
+		WORKGROUP&lt;1b&gt; = Domain Master Browser
 
 	Group Names:
-		WORKGROUP&#60;03&#62; = Generic Name registered by all members of WORKGROUP
-		WORKGROUP&#60;1c&#62; = Domain Controllers / Netlogon Servers
-		WORKGROUP&#60;1d&#62; = Local Master Browsers
-		WORKGROUP&#60;1e&#62; = Internet Name Resolvers</PRE
+		WORKGROUP&lt;03&gt; = Generic Name registered by all members of WORKGROUP
+		WORKGROUP&lt;1c&gt; = Domain Controllers / Netlogon Servers
+		WORKGROUP&lt;1d&gt; = Local Master Browsers
+		WORKGROUP&lt;1e&gt; = Internet Name Resolvers</PRE
 ></P
 ><P
 >It should be noted that all NetBIOS machines register their own 
@@ -8408,7 +8828,7 @@ be needed. An example of this is what happens when an MS Windows client
 wants to locate a domain logon server. It find this service and the IP 
 address of a server that provides it by performing a lookup (via a 
 NetBIOS broadcast) for enumeration of all machines that have 
-registered the name type *&#60;1c&#62;. A logon request is then sent to each 
+registered the name type *&lt;1c&gt;. A logon request is then sent to each 
 IP address that is returned in the enumerated list of IP addresses. Which 
 ever machine first replies then ends up providing the logon services.</P
 ><P
@@ -8443,9 +8863,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1459"
+NAME="AEN1610"
 ></A
->10.3.1. The NetBIOS Name Cache</H3
+>9.3.1. The NetBIOS Name Cache</H3
 ><P
 >All MS Windows machines employ an in memory buffer in which is 
 stored the NetBIOS names and IP addresses for all external 
@@ -8470,9 +8890,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1464"
+NAME="AEN1615"
 ></A
->10.3.2. The LMHOSTS file</H3
+>9.3.2. The LMHOSTS file</H3
 ><P
 >This file is usually located in MS Windows NT 4.0 or 
 2000 in <TT
@@ -8573,9 +8993,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1472"
+NAME="AEN1623"
 ></A
->10.3.3. HOSTS file</H3
+>9.3.3. HOSTS file</H3
 ><P
 >This file is usually located in MS Windows NT 4.0 or 2000 in 
 <TT
@@ -8595,9 +9015,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1477"
+NAME="AEN1628"
 ></A
->10.3.4. DNS Lookup</H3
+>9.3.4. DNS Lookup</H3
 ><P
 >This capability is configured in the TCP/IP setup area in the network 
 configuration facility. If enabled an elaborate name resolution sequence 
@@ -8615,9 +9035,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1480"
+NAME="AEN1631"
 ></A
->10.3.5. WINS Lookup</H3
+>9.3.5. WINS Lookup</H3
 ><P
 >A WINS (Windows Internet Name Server) service is the equivaent of the 
 rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores 
@@ -8658,9 +9078,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1492"
+NAME="AEN1643"
 ></A
->10.4. How browsing functions and how to deploy stable and 
+>9.4. How browsing functions and how to deploy stable and 
 dependable browsing using Samba</H2
 ><P
 >As stated above, MS Windows machines register their NetBIOS names 
@@ -8725,9 +9145,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1502"
+NAME="AEN1653"
 ></A
->10.5. MS Windows security options and how to configure 
+>9.5. MS Windows security options and how to configure 
 Samba for seemless integration</H2
 ><P
 >MS Windows clients may use encrypted passwords as part of a 
@@ -8862,9 +9282,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1530"
+NAME="AEN1681"
 ></A
->10.5.1. Use MS Windows NT as an authentication server</H3
+>9.5.1. Use MS Windows NT as an authentication server</H3
 ><P
 >This method involves the additions of the following parameters 
 in the smb.conf file:</P
@@ -8898,9 +9318,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1538"
+NAME="AEN1689"
 ></A
->10.5.2. Make Samba a member of an MS Windows NT security domain</H3
+>9.5.2. Make Samba a member of an MS Windows NT security domain</H3
 ><P
 >This method involves additon of the following paramters in the smb.conf file:</P
 ><P
@@ -8961,9 +9381,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1555"
+NAME="AEN1706"
 ></A
->10.5.3. Configure Samba as an authentication server</H3
+>9.5.3. Configure Samba as an authentication server</H3
 ><P
 >This mode of authentication demands that there be on the 
 Unix/Linux system both a Unix style account as well as an 
@@ -8998,9 +9418,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1562"
+NAME="AEN1713"
 ></A
->10.5.3.1. Users</H4
+>9.5.3.1. Users</H4
 ><P
 >A user account that may provide a home directory should be 
 created. The following Linux system commands are typical of 
@@ -9021,9 +9441,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN1567"
+NAME="AEN1718"
 ></A
->10.5.3.2. MS Windows NT Machine Accounts</H4
+>9.5.3.2. MS Windows NT Machine Accounts</H4
 ><P
 >These are required only when Samba is used as a domain 
 controller.  Refer to the Samba-PDC-HOWTO for more details.</P
@@ -9042,9 +9462,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1572"
+NAME="AEN1723"
 ></A
->10.6. Conclusions</H2
+>9.6. Conclusions</H2
 ><P
 >Samba provides a flexible means to operate as...</P
 ><P
@@ -9080,15 +9500,15 @@ CLASS="CHAPTER"
 ><A
 NAME="UNIX-PERMISSIONS"
 ></A
->Chapter 11. UNIX Permission Bits and Windows NT Access Control Lists</H1
+>Chapter 10. UNIX Permission Bits and Windows NT Access Control Lists</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1593"
+NAME="AEN1744"
 ></A
->11.1. Viewing and changing UNIX permissions using the NT 
+>10.1. Viewing and changing UNIX permissions using the NT 
 	security dialogs</H2
 ><P
 >New in the Samba 2.0.4 release is the ability for Windows 
@@ -9099,35 +9519,15 @@ NAME="AEN1593"
 	the security of the UNIX host Samba is running on, and 
 	still obeys all the file permission rules that a Samba 
 	administrator can set.</P
-><P
->In Samba 2.0.4 and above the default value of the 
-	parameter <A
-HREF="smb.conf.5.html#NTACLSUPPORT"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->	nt acl support</I
-></TT
-></A
-> has been changed from 
-	<TT
-CLASS="CONSTANT"
->false</TT
-> to <TT
-CLASS="CONSTANT"
->true</TT
->, so 
- 	manipulation of permissions is turned on by default.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1602"
+NAME="AEN1748"
 ></A
->11.2. How to view file security on a Samba share</H2
+>10.2. How to view file security on a Samba share</H2
 ><P
 >From an NT 4.0 client, single-click with the right 
 	mouse button on any file or directory in a Samba mounted 
@@ -9195,9 +9595,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1613"
+NAME="AEN1759"
 ></A
->11.3. Viewing file ownership</H2
+>10.3. Viewing file ownership</H2
 ><P
 >Clicking on the <B
 CLASS="COMMAND"
@@ -9289,9 +9689,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1633"
+NAME="AEN1779"
 ></A
->11.4. Viewing file or directory permissions</H2
+>10.4. Viewing file or directory permissions</H2
 ><P
 >The third button is the <B
 CLASS="COMMAND"
@@ -9351,9 +9751,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1648"
+NAME="AEN1794"
 ></A
->11.4.1. File Permissions</H3
+>10.4.1. File Permissions</H3
 ><P
 >The standard UNIX user/group/world triple and 
 		the corresponding "read", "write", "execute" permissions 
@@ -9413,9 +9813,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1662"
+NAME="AEN1808"
 ></A
->11.4.2. Directory Permissions</H3
+>10.4.2. Directory Permissions</H3
 ><P
 >Directories on an NT NTFS file system have two 
 		different sets of permissions. The first set of permissions 
@@ -9445,9 +9845,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1669"
+NAME="AEN1815"
 ></A
->11.5. Modifying file or directory permissions</H2
+>10.5. Modifying file or directory permissions</H2
 ><P
 >Modifying file and directory permissions is as simple 
 	as changing the displayed permissions in the dialog box, and 
@@ -9543,9 +9943,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1691"
+NAME="AEN1837"
 ></A
->11.6. Interaction with the standard Samba create mask 
+>10.6. Interaction with the standard Samba create mask 
 	parameters</H2
 ><P
 >Note that with Samba 2.0.5 there are four new parameters 
@@ -9820,9 +10220,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1755"
+NAME="AEN1901"
 ></A
->11.7. Interaction with the standard Samba file attribute 
+>10.7. Interaction with the standard Samba file attribute 
 	mapping</H2
 ><P
 >Samba maps some of the DOS attribute bits (such as "read 
@@ -9869,16 +10269,16 @@ CLASS="CHAPTER"
 ><A
 NAME="PAM"
 ></A
->Chapter 12. Configuring PAM for distributed but centrally 
+>Chapter 11. Configuring PAM for distributed but centrally 
 managed authentication</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1776"
+NAME="AEN1922"
 ></A
->12.1. Samba and PAM</H2
+>11.1. Samba and PAM</H2
 ><P
 >A number of Unix systems (eg: Sun Solaris), as well as the 
 xxxxBSD family and Linux, now utilize the Pluggable Authentication 
@@ -10090,9 +10490,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1820"
+NAME="AEN1966"
 ></A
->12.2. Distributed Authentication</H2
+>11.2. Distributed Authentication</H2
 ><P
 >The astute administrator will realize from this that the 
 combination of <TT
@@ -10123,9 +10523,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1827"
+NAME="AEN1973"
 ></A
->12.3. PAM Configuration in smb.conf</H2
+>11.3. PAM Configuration in smb.conf</H2
 ><P
 >There is an option in smb.conf called <A
 HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
@@ -10165,15 +10565,15 @@ CLASS="CHAPTER"
 ><A
 NAME="MSDFS"
 ></A
->Chapter 13. Hosting a Microsoft Distributed File System tree on Samba</H1
+>Chapter 12. Hosting a Microsoft Distributed File System tree on Samba</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1847"
+NAME="AEN1993"
 ></A
->13.1. Instructions</H2
+>12.1. Instructions</H2
 ><P
 >The Distributed File System (or Dfs) provides a means of 
 	separating the logical view of files and directories that users 
@@ -10319,9 +10719,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1882"
+NAME="AEN2028"
 ></A
->13.1.1. Notes</H3
+>12.1.1. Notes</H3
 ><P
 ></P
 ><UL
@@ -10354,15 +10754,15 @@ CLASS="CHAPTER"
 ><A
 NAME="PRINTING"
 ></A
->Chapter 14. Printing Support</H1
+>Chapter 13. Printing Support</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1908"
+NAME="AEN2054"
 ></A
->14.1. Introduction</H2
+>13.1. Introduction</H2
 ><P
 >Beginning with the 2.2.0 release, Samba supports 
 the native Windows NT printing mechanisms implemented via 
@@ -10443,9 +10843,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN1930"
+NAME="AEN2076"
 ></A
->14.2. Configuration</H2
+>13.2. Configuration</H2
 ><DIV
 CLASS="WARNING"
 ><P
@@ -10460,7 +10860,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -10509,9 +10909,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1938"
+NAME="AEN2084"
 ></A
->14.2.1. Creating [print$]</H3
+>13.2.1. Creating [print$]</H3
 ><P
 >In order to support the uploading of printer driver 
 files, you must first configure a file share named [print$].  
@@ -10590,7 +10990,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TH
@@ -10661,7 +11061,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="/docbook-dsssl/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -10732,9 +11132,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1973"
+NAME="AEN2119"
 ></A
->14.2.2. Setting Drivers for Existing Printers</H3
+>13.2.2. Setting Drivers for Existing Printers</H3
 ><P
 >The initial listing of printers in the Samba host's 
 Printers folder will have no real printer driver assigned 
@@ -10804,9 +11204,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN1989"
+NAME="AEN2135"
 ></A
->14.2.3. Support a large number of printers</H3
+>13.2.3. Support a large number of printers</H3
 ><P
 >One issue that has arisen during the development
 phase of Samba 2.2 is the need to support driver downloads for
@@ -10870,9 +11270,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2000"
+NAME="AEN2146"
 ></A
->14.2.4. Adding New Printers via the Windows NT APW</H3
+>13.2.4. Adding New Printers via the Windows NT APW</H3
 ><P
 >By default, Samba offers all printer shares defined in <TT
 CLASS="FILENAME"
@@ -11013,8 +11413,8 @@ echo "  :sd=/var/spool/lpd/$2:\\" 			&#62;&#62; $PRINTCAP
 echo "  :mx=0:ml=0:sh:\\" 				&#62;&#62; $PRINTCAP
 echo "  :lp=/usr/local/samba/var/print/$5.prn:" 	&#62;&#62; $PRINTCAP
 
-touch "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&#38;1
-chown $LP "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&#38;1
+touch "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&amp;1
+chown $LP "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&amp;1
 
 mkdir /var/spool/lpd/$2
 chmod 700 /var/spool/lpd/$2
@@ -11039,9 +11439,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2030"
+NAME="AEN2176"
 ></A
->14.2.5. Samba and Printer Ports</H3
+>13.2.5. Samba and Printer Ports</H3
 ><P
 >Windows NT/2000 print servers associate a port with each printer.  These normally
 take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
@@ -11076,9 +11476,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2038"
+NAME="AEN2184"
 ></A
->14.3. The Imprints Toolset</H2
+>13.3. The Imprints Toolset</H2
 ><P
 >The Imprints tool set provides a UNIX equivalent of the 
 	Windows NT Add Printer Wizard.  For complete information, please 
@@ -11094,9 +11494,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2042"
+NAME="AEN2188"
 ></A
->14.3.1. What is Imprints?</H3
+>13.3.1. What is Imprints?</H3
 ><P
 >Imprints is a collection of tools for supporting the goals 
 		of</P
@@ -11126,9 +11526,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2052"
+NAME="AEN2198"
 ></A
->14.3.2. Creating Printer Driver Packages</H3
+>13.3.2. Creating Printer Driver Packages</H3
 ><P
 >The process of creating printer driver packages is beyond
 		the scope of this document (refer to Imprints.txt also included
@@ -11142,9 +11542,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2055"
+NAME="AEN2201"
 ></A
->14.3.3. The Imprints server</H3
+>13.3.3. The Imprints server</H3
 ><P
 >The Imprints server is really a database server that 
 		may be queried via standard HTTP mechanisms.  Each printer 
@@ -11166,9 +11566,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2059"
+NAME="AEN2205"
 ></A
->14.3.4. The Installation Client</H3
+>13.3.4. The Installation Client</H3
 ><P
 >More information regarding the Imprints installation client 
 		is available in the <TT
@@ -11260,17 +11660,17 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2081"
+NAME="AEN2227"
 ></A
->14.4. Diagnosis</H2
+>13.4. Diagnosis</H2
 ><DIV
 CLASS="SECT2"
 ><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2083"
+NAME="AEN2229"
 ></A
->14.4.1. Introduction</H3
+>13.4.1. Introduction</H3
 ><P
 >This is a short description of how to debug printing problems with
 Samba. This describes how to debug problems with printing from a SMB
@@ -11343,9 +11743,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2099"
+NAME="AEN2245"
 ></A
->14.4.2. Debugging printer problems</H3
+>13.4.2. Debugging printer problems</H3
 ><P
 >One way to debug printing problems is to start by replacing these
 command with shell scripts that record the arguments and the contents
@@ -11361,7 +11761,7 @@ CLASS="PROGRAMLISTING"
     /usr/bin/id -p &#62;/tmp/tmp.print
     # we run the command and save the error messages
     # replace the command with the one appropriate for your system
-    /usr/bin/lpr -r -P$1 $2 2&#62;&#62;&#38;/tmp/tmp.print</PRE
+    /usr/bin/lpr -r -P$1 $2 2&#62;&#62;&amp;/tmp/tmp.print</PRE
 ></P
 ><P
 >Then you print a file and try removing it.  You may find that the
@@ -11400,9 +11800,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2108"
+NAME="AEN2254"
 ></A
->14.4.3. What printers do I have?</H3
+>13.4.3. What printers do I have?</H3
 ><P
 >You can use the 'testprns' program to check to see if the printer
 name you are using is recognized by Samba.  For example,  you can
@@ -11429,9 +11829,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2116"
+NAME="AEN2262"
 ></A
->14.4.4. Setting up printcap and print servers</H3
+>13.4.4. Setting up printcap and print servers</H3
 ><P
 >You may need to set up some printcaps for your Samba system to use.
 It is strongly recommended that you use the facilities provided by
@@ -11513,9 +11913,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2144"
+NAME="AEN2290"
 ></A
->14.4.5. Job sent, no output</H3
+>13.4.5. Job sent, no output</H3
 ><P
 >This is the most frustrating part of printing.  You may have sent the
 job,  verified that the job was forwarded,  set up a wrapper around
@@ -11558,9 +11958,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2155"
+NAME="AEN2301"
 ></A
->14.4.6. Job sent, strange output</H3
+>13.4.6. Job sent, strange output</H3
 ><P
 >Once you have the job printing, you can then start worrying about
 making it print nicely.</P
@@ -11604,9 +12004,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2167"
+NAME="AEN2313"
 ></A
->14.4.7. Raw PostScript printed</H3
+>13.4.7. Raw PostScript printed</H3
 ><P
 >This is a problem that is usually caused by either the print spooling
 system putting information at the start of the print job that makes
@@ -11619,9 +12019,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2170"
+NAME="AEN2316"
 ></A
->14.4.8. Advanced Printing</H3
+>13.4.8. Advanced Printing</H3
 ><P
 >Note that you can do some pretty magic things by using your
 imagination with the "print command" option and some shell scripts.
@@ -11635,9 +12035,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2173"
+NAME="AEN2319"
 ></A
->14.4.9. Real debugging</H3
+>13.4.9. Real debugging</H3
 ><P
 >If the above debug tips don't help, then maybe you need to bring in
 the bug guns, system tracing. See Tracing.txt in this directory.</P
@@ -11648,165 +12048,17 @@ the bug guns, system tracing. See Tracing.txt in this directory.</P
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="SECURITYLEVELS"
-></A
->Chapter 15. Security levels</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN2186"
-></A
->15.1. Introduction</H2
-><P
->Samba supports the following options to the global smb.conf parameter</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->[global]
-<A
-HREF="smb.conf.5.html#SECURITY"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->security</I
-></TT
-></A
-> = [share|user(default)|server|domain|ads]</PRE
-></P
-><P
->Please refer to the smb.conf man page for usage information and to the document
-<A
-HREF="DOMAIN_MEMBER.html"
-TARGET="_top"
->DOMAIN_MEMBER.html</A
-> for further background details
-on domain mode security.  The Windows 2000 Kerberos domain security model
-(security = ads) is described in the <A
-HREF="ADS-HOWTO.html"
-TARGET="_top"
->ADS-HOWTO.html</A
->.</P
-><P
->Of the above, "security = server" means that Samba reports to clients that
-it is running in "user mode" but actually passes off all authentication
-requests to another "user mode" server. This requires an additional
-parameter "password server =" that points to the real authentication server.
-That real authentication server can be another Samba server or can be a
-Windows NT server, the later natively capable of encrypted password support.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2197"
-></A
->15.2. More complete description of security levels</H2
-><P
->A SMB server tells the client at startup what "security level" it is
-running. There are two options "share level" and "user level". Which
-of these two the client receives affects the way the client then tries
-to authenticate itself. It does not directly affect (to any great
-extent) the way the Samba server does security. I know this is
-strange, but it fits in with the client/server approach of SMB. In SMB
-everything is initiated and controlled by the client, and the server
-can only tell the client what is available and whether an action is
-allowed. </P
-><P
->I'll describe user level security first, as its simpler. In user level
-security the client will send a "session setup" command directly after
-the protocol negotiation. This contains a username and password. The
-server can either accept or reject that username/password
-combination. Note that at this stage the server has no idea what
-share the client will eventually try to connect to, so it can't base
-the "accept/reject" on anything other than:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->the username/password</P
-></LI
-><LI
-><P
->the machine that the client is coming from</P
-></LI
-></OL
-><P
->If the server accepts the username/password then the client expects to
-be able to mount any share (using a "tree connection") without
-specifying a password. It expects that all access rights will be as
-the username/password specified in the "session setup". </P
-><P
->It is also possible for a client to send multiple "session setup"
-requests. When the server responds it gives the client a "uid" to use
-as an authentication tag for that username/password. The client can
-maintain multiple authentication contexts in this way (WinDD is an
-example of an application that does this)</P
-><P
->Ok, now for share level security. In share level security the client
-authenticates itself separately for each share. It will send a
-password along with each "tree connection" (share mount). It does not
-explicitly send a username with this operation. The client is
-expecting a password to be associated with each share, independent of
-the user. This means that samba has to work out what username the
-client probably wants to use. It is never explicitly sent the
-username. Some commercial SMB servers such as NT actually associate
-passwords directly with shares in share level security, but samba
-always uses the unix authentication scheme where it is a
-username/password that is authenticated, not a "share/password".</P
-><P
->Many clients send a "session setup" even if the server is in share
-level security. They normally send a valid username but no
-password. Samba records this username in a list of "possible
-usernames". When the client then does a "tree connection" it also adds
-to this list the name of the share they try to connect to (useful for
-home directories) and any users listed in the "user =" smb.conf
-line. The password is then checked in turn against these "possible
-usernames". If a match is found then the client is authenticated as
-that user.</P
-><P
->Finally "server level" security. In server level security the samba
-server reports to the client that it is in user level security. The
-client then does a "session setup" as described earlier. The samba
-server takes the username/password that the client sends and attempts
-to login to the "password server" by sending exactly the same
-username/password that it got from the client. If that server is in
-user level security and accepts the password then samba accepts the
-clients connection. This allows the samba server to use another SMB
-server as the "password server". </P
-><P
->You should also note that at the very start of all this, where the
-server tells the client what security level it is in, it also tells
-the client if it supports encryption. If it does then it supplies the
-client with a random "cryptkey". The client will then send all
-passwords in encrypted form. You have to compile samba with encryption
-enabled to support this feature, and you have to maintain a separate
-smbpasswd file with SMB style encrypted passwords. It is
-cryptographically impossible to translate from unix style encryption
-to SMB style encryption, although there are some fairly simple management
-schemes by which the two could be kept in sync.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
 NAME="WINBIND"
 ></A
->Chapter 16. Unified Logons between Windows NT and UNIX using Winbind</H1
+>Chapter 14. Unified Logons between Windows NT and UNIX using Winbind</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2249"
+NAME="AEN2360"
 ></A
->16.1. Abstract</H2
+>14.1. Abstract</H2
 ><P
 >Integration of UNIX and Microsoft Windows NT through 
 	a unified logon has been considered a "holy grail" in heterogeneous 
@@ -11831,9 +12083,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2253"
+NAME="AEN2364"
 ></A
->16.2. Introduction</H2
+>14.2. Introduction</H2
 ><P
 >It is well known that UNIX and Microsoft Windows NT have 
 	different models for representing user and group information and 
@@ -11885,9 +12137,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2266"
+NAME="AEN2377"
 ></A
->16.3. What Winbind Provides</H2
+>14.3. What Winbind Provides</H2
 ><P
 >Winbind unifies UNIX and Windows NT account management by 
 	allowing a UNIX box to become a full member of a NT domain. Once 
@@ -11927,9 +12179,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2273"
+NAME="AEN2384"
 ></A
->16.3.1. Target Uses</H3
+>14.3.1. Target Uses</H3
 ><P
 >Winbind is targeted at organizations that have an 
 		existing NT based domain infrastructure into which they wish 
@@ -11951,9 +12203,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2277"
+NAME="AEN2388"
 ></A
->16.4. How Winbind Works</H2
+>14.4. How Winbind Works</H2
 ><P
 >The winbind system is designed around a client/server 
 	architecture. A long running <B
@@ -11971,11 +12223,11 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2282"
+NAME="AEN2393"
 ></A
->16.4.1. Microsoft Remote Procedure Calls</H3
+>14.4.1. Microsoft Remote Procedure Calls</H3
 ><P
->Over the last two years, efforts have been underway 
+>Over the last few years, efforts have been underway 
 		by various Samba Team members to decode various aspects of 
 		the Microsoft Remote Procedure Call (MSRPC) system. This 
 		system is used for most network related operations between 
@@ -11997,9 +12249,28 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2286"
+NAME="AEN2397"
+></A
+>14.4.2. Microsoft Active Directory Services</H3
+><P
+>                Since late 2001, Samba has gained the ability to
+                interact with Microsoft Windows 2000 using its 'Native
+                Mode' protocols, rather than the NT4 RPC services.
+                Using LDAP and Kerberos, a domain member running
+                winbind can enumerate users and groups in exactly the
+                same way as a Win2k client would, and in so doing
+                provide a much more efficient and
+                effective winbind implementation.  
+                </P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2400"
 ></A
->16.4.2. Name Service Switch</H3
+>14.4.3. Name Service Switch</H3
 ><P
 >The Name Service Switch, or NSS, is a feature that is 
 		present in many UNIX operating systems. It allows system 
@@ -12077,9 +12348,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2302"
+NAME="AEN2416"
 ></A
->16.4.3. Pluggable Authentication Modules</H3
+>14.4.4. Pluggable Authentication Modules</H3
 ><P
 >Pluggable Authentication Modules, also known as PAM, 
 		is a system for abstracting authentication and authorization 
@@ -12126,9 +12397,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2310"
+NAME="AEN2424"
 ></A
->16.4.4. User and Group ID Allocation</H3
+>14.4.5. User and Group ID Allocation</H3
 ><P
 >When a user or group is created under Windows NT 
 		is it allocated a numerical relative identifier (RID). This is 
@@ -12152,9 +12423,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2314"
+NAME="AEN2428"
 ></A
->16.4.5. Result Caching</H3
+>14.4.6. Result Caching</H3
 ><P
 >An active system can generate a lot of user and group 
 		name lookups. To reduce the network cost of these lookups winbind 
@@ -12175,9 +12446,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2317"
+NAME="AEN2431"
 ></A
->16.5. Installation and Configuration</H2
+>14.5. Installation and Configuration</H2
 ><P
 >Many thanks to John Trostel <A
 HREF="mailto:jtrostel@snapserver.com"
@@ -12202,9 +12473,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2324"
+NAME="AEN2438"
 ></A
->16.5.1. Introduction</H3
+>14.5.1. Introduction</H3
 ><P
 >This HOWTO describes the procedures used to get winbind up and 
 running on my RedHat 7.1 system.  Winbind is capable of providing access 
@@ -12261,9 +12532,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2337"
+NAME="AEN2451"
 ></A
->16.5.2. Requirements</H3
+>14.5.2. Requirements</H3
 ><P
 >If you have a samba configuration file that you are currently 
 using... <SPAN
@@ -12331,9 +12602,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2351"
+NAME="AEN2465"
 ></A
->16.5.3. Testing Things Out</H3
+>14.5.3. Testing Things Out</H3
 ><P
 >Before starting, it is probably best to kill off all the SAMBA 
 related daemons running on your server.  Kill off all <B
@@ -12376,9 +12647,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN2362"
+NAME="AEN2476"
 ></A
->16.5.3.1. Configure and compile SAMBA</H4
+>14.5.3.1. Configure and compile SAMBA</H4
 ><P
 >The configuration and compilation of SAMBA is pretty straightforward.
 The first three steps may not be necessary depending upon
@@ -12412,7 +12683,7 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->./configure --with-winbind</B
+>./configure</B
 >
 <TT
 CLASS="PROMPT"
@@ -12442,9 +12713,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN2381"
+NAME="AEN2495"
 ></A
->16.5.3.2. Configure <TT
+>14.5.3.2. Configure <TT
 CLASS="FILENAME"
 >nsswitch.conf</TT
 > and the 
@@ -12547,9 +12818,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN2414"
+NAME="AEN2528"
 ></A
->16.5.3.3. Configure smb.conf</H4
+>14.5.3.3. Configure smb.conf</H4
 ><P
 >Several parameters are needed in the smb.conf file to control 
 the behavior of <B
@@ -12574,7 +12845,7 @@ include the following entries in the [global] section:</P
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
-     &#60;...&#62;
+     &lt;...&gt;
      # separate domain and username with '+', like DOMAIN+username
      <A
 HREF="winbindd.8.html#WINBINDSEPARATOR"
@@ -12622,9 +12893,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN2430"
+NAME="AEN2544"
 ></A
->16.5.3.4. Join the SAMBA server to the PDC domain</H4
+>14.5.3.4. Join the SAMBA server to the PDC domain</H4
 ><P
 >Enter the following command to make the SAMBA server join the 
 PDC domain, where <TT
@@ -12646,7 +12917,7 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->/usr/local/samba/bin/net rpc join -S PDC -U Administrator</B
+>/usr/local/samba/bin/net join -S PDC -U Administrator</B
 ></P
 ><P
 >The proper response to the command should be: "Joined the domain 
@@ -12668,9 +12939,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN2441"
+NAME="AEN2555"
 ></A
->16.5.3.5. Start up the winbindd daemon and test it!</H4
+>14.5.3.5. Start up the winbindd daemon and test it!</H4
 ><P
 >Eventually, you will want to modify your smb startup script to 
 automatically invoke the winbindd daemon when the other parts of 
@@ -12791,17 +13062,17 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN2477"
+NAME="AEN2591"
 ></A
->16.5.3.6. Fix the init.d startup scripts</H4
+>14.5.3.6. Fix the init.d startup scripts</H4
 ><DIV
 CLASS="SECT4"
 ><H5
 CLASS="SECT4"
 ><A
-NAME="AEN2479"
+NAME="AEN2593"
 ></A
->16.5.3.6.1. Linux</H5
+>14.5.3.6.1. Linux</H5
 ><P
 >The <B
 CLASS="COMMAND"
@@ -12858,7 +13129,7 @@ CLASS="PROGRAMLISTING"
         daemon /usr/local/samba/bin/winbindd
         RETVAL3=$?
         echo
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; touch /var/lock/subsys/smb || \
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &amp;&amp; touch /var/lock/subsys/smb || \
            RETVAL=1
         return $RETVAL
 }</PRE
@@ -12884,7 +13155,7 @@ CLASS="PROGRAMLISTING"
         echo -n $"Shutting down $KIND services: "
         killproc winbindd
         RETVAL3=$?
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; rm -f /var/lock/subsys/smb
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &amp;&amp; rm -f /var/lock/subsys/smb
         echo ""
         return $RETVAL
 }</PRE
@@ -12895,9 +13166,9 @@ CLASS="SECT4"
 ><HR><H5
 CLASS="SECT4"
 ><A
-NAME="AEN2496"
+NAME="AEN2610"
 ></A
->16.5.3.6.2. Solaris</H5
+>14.5.3.6.2. Solaris</H5
 ><P
 >On solaris, you need to modify the 
 <TT
@@ -12926,7 +13197,7 @@ killproc() {            # kill the named process(es)
         pid=`/usr/bin/ps -e |
              /usr/bin/grep -w $1 |
              /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
-        [ "$pid" != "" ] &#38;&#38; kill $pid
+        [ "$pid" != "" ] &amp;&amp; kill $pid
 }
  
 # Start/stop processes required for samba server
@@ -12966,9 +13237,9 @@ CLASS="SECT4"
 ><HR><H5
 CLASS="SECT4"
 ><A
-NAME="AEN2503"
+NAME="AEN2617"
 ></A
->16.5.3.6.3. Restarting</H5
+>14.5.3.6.3. Restarting</H5
 ><P
 >If you restart the <B
 CLASS="COMMAND"
@@ -12990,9 +13261,9 @@ CLASS="SECT3"
 ><HR><H4
 CLASS="SECT3"
 ><A
-NAME="AEN2509"
+NAME="AEN2623"
 ></A
->16.5.3.7. Configure Winbind and PAM</H4
+>14.5.3.7. Configure Winbind and PAM</H4
 ><P
 >If you have made it this far, you know that winbindd and samba are working
 together.  If you want to use winbind to provide authentication for other 
@@ -13048,9 +13319,9 @@ CLASS="SECT4"
 ><HR><H5
 CLASS="SECT4"
 ><A
-NAME="AEN2526"
+NAME="AEN2640"
 ></A
->16.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H5
+>14.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H5
 ><P
 >The <TT
 CLASS="FILENAME"
@@ -13177,9 +13448,9 @@ CLASS="SECT4"
 ><HR><H5
 CLASS="SECT4"
 ><A
-NAME="AEN2559"
+NAME="AEN2673"
 ></A
->16.5.3.7.2. Solaris-specific configuration</H5
+>14.5.3.7.2. Solaris-specific configuration</H5
 ><P
 >The /etc/pam.conf needs to be changed. I changed this file so that my Domain
 users can logon both locally as well as telnet.The following are the changes
@@ -13253,7 +13524,7 @@ dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
 >I also added a try_first_pass line after the winbind.so line to get rid of
 annoying double prompts for passwords.</P
 ><P
->Now restart your Samba &#38; try connecting through your application that you
+>Now restart your Samba and try connecting through your application that you
 configured in the pam.conf.</P
 ></DIV
 ></DIV
@@ -13264,9 +13535,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2566"
+NAME="AEN2680"
 ></A
->16.6. Limitations</H2
+>14.6. Limitations</H2
 ><P
 >Winbind has a number of limitations in its current 
 	released version that we hope to overcome in future 
@@ -13277,7 +13548,7 @@ NAME="AEN2566"
 ><LI
 ><P
 >Winbind is currently only available for 
-		the Linux operating system, although ports to other operating 
+		the Linux, Solaris and IRIX operating systems, although ports to other operating 
 		systems are certainly possible. For such ports to be feasible, 
 		we require the C library of the target operating system to 
 		support the Name Service Switch and Pluggable Authentication
@@ -13286,1116 +13557,1027 @@ NAME="AEN2566"
 ></LI
 ><LI
 ><P
->The mappings of Windows NT RIDs to UNIX ids 
-		is not made algorithmically and depends on the order in which 
-		unmapped users or groups are seen by winbind. It may be difficult 
-		to recover the mappings of rid to UNIX id mapping if the file 
-		containing this information is corrupted or destroyed.</P
-></LI
-><LI
+>The mappings of Windows NT RIDs to UNIX ids 
+		is not made algorithmically and depends on the order in which 
+		unmapped users or groups are seen by winbind. It may be difficult 
+		to recover the mappings of rid to UNIX id mapping if the file 
+		containing this information is corrupted or destroyed.</P
+></LI
+><LI
+><P
+>Currently the winbind PAM module does not take 
+		into account possible workstation and logon time restrictions 
+		that may be been set for Windows NT users, this is
+		instead up to the PDC to enforce.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN2690"
+></A
+>14.7. Conclusion</H2
+><P
+>The winbind system, through the use of the Name Service 
+	Switch, Pluggable Authentication Modules, and appropriate 
+	Microsoft RPC calls have allowed us to provide seamless 
+	integration of Microsoft Windows NT domain users on a
+	UNIX system. The result is a great reduction in the administrative 
+	cost of running a mixed UNIX and NT network.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="IMPROVED-BROWSING"
+></A
+>Chapter 15. Improved browsing in samba</H1
+><DIV
+CLASS="SECT1"
+><H2
+CLASS="SECT1"
+><A
+NAME="AEN2700"
+></A
+>15.1. Overview of browsing</H2
+><P
+>SMB networking provides a mechanism by which clients can access a list
+of machines in a network, a so-called "browse list".  This list
+contains machines that are ready to offer file and/or print services
+to other machines within the network. Thus it does not include
+machines which aren't currently able to do server tasks.  The browse
+list is heavily used by all SMB clients.  Configuration of SMB
+browsing has been problematic for some Samba users, hence this
+document.</P
+><P
+>Browsing will NOT work if name resolution from NetBIOS names to IP
+addresses does not function correctly. Use of a WINS server is highly
+recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
+WINS allows remote segment clients to obtain NetBIOS name_type information
+that can NOT be provided by any other means of name resolution.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
+><A
+NAME="AEN2704"
+></A
+>15.2. Browsing support in samba</H2
+><P
+>Samba now fully supports browsing.  The browsing is supported by nmbd
+and is also controlled by options in the smb.conf file (see smb.conf(5)).</P
+><P
+>Samba can act as a local browse master for a workgroup and the ability
+for samba to support domain logons and scripts is now available.  See
+DOMAIN.txt for more information on domain logons.</P
+><P
+>Samba can also act as a domain master browser for a workgroup.  This
+means that it will collate lists from local browse masters into a
+wide area network server list.  In order for browse clients to
+resolve the names they may find in this list, it is recommended that
+both samba and your clients use a WINS server.</P
+><P
+>Note that you should NOT set Samba to be the domain master for a
+workgroup that has the same name as an NT Domain: on each wide area
+network, you must only ever have one domain master browser per workgroup,
+regardless of whether it is NT, Samba or any other type of domain master
+that is providing this service.</P
+><P
+>[Note that nmbd can be configured as a WINS server, but it is not
+necessary to specifically use samba as your WINS server.  NTAS can
+be configured as your WINS server.  In a mixed NT server and
+samba environment on a Wide Area Network, it is recommended that
+you use the NT server's WINS server capabilities.  In a samba-only
+environment, it is recommended that you use one and only one nmbd
+as your WINS server].</P
+><P
+>To get browsing to work you need to run nmbd as usual, but will need
+to use the "workgroup" option in smb.conf to control what workgroup
+Samba becomes a part of.</P
 ><P
->Currently the winbind PAM module does not take 
-		into account possible workstation and logon time restrictions 
-		that may be been set for Windows NT users.</P
-></LI
-></UL
+>Samba also has a useful option for a Samba server to offer itself for
+browsing on another subnet.  It is recommended that this option is only
+used for 'unusual' purposes: announcements over the internet, for
+example.  See "remote announce" in the smb.conf man page.  </P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2576"
+NAME="AEN2713"
 ></A
->16.7. Conclusion</H2
+>15.3. Problem resolution</H2
 ><P
->The winbind system, through the use of the Name Service 
-	Switch, Pluggable Authentication Modules, and appropriate 
-	Microsoft RPC calls have allowed us to provide seamless 
-	integration of Microsoft Windows NT domain users on a
-	UNIX system. The result is a great reduction in the administrative 
-	cost of running a mixed UNIX and NT network.</P
-></DIV
+>If something doesn't work then hopefully the log.nmb file will help
+you track down the problem.  Try a debug level of 2 or 3 for finding
+problems. Also note that the current browse list usually gets stored
+in text form in a file called browse.dat.</P
+><P
+>Note that if it doesn't work for you, then you should still be able to
+type the server name as \\SERVER in filemanager then hit enter and
+filemanager should display the list of available shares.</P
+><P
+>Some people find browsing fails because they don't have the global
+"guest account" set to a valid account.  Remember that the IPC$
+connection that lists the shares is done as guest, and thus you must
+have a valid guest account.</P
+><P
+>Also, a lot of people are getting bitten by the problem of too many
+parameters on the command line of nmbd in inetd.conf.  This trick is to
+not use spaces between the option and the parameter (eg: -d2 instead
+of -d 2), and to not use the -B and -N options.  New versions of nmbd
+are now far more likely to correctly find your broadcast and network
+address, so in most cases these aren't needed.</P
+><P
+>The other big problem people have is that their broadcast address,
+netmask or IP address is wrong (specified with the "interfaces" option
+in smb.conf)</P
 ></DIV
 ><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="PDB-MYSQL"
-></A
->Chapter 17. Passdb MySQL plugin</H1
-><DIV
 CLASS="SECT1"
-><H2
+><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2590"
+NAME="AEN2720"
 ></A
->17.1. Building</H2
+>15.4. Browsing across subnets</H2
 ><P
->To build the plugin, run <B
-CLASS="COMMAND"
->make bin/pdb_mysql.so</B
->
-in the <TT
-CLASS="FILENAME"
->source/</TT
-> directory of samba distribution. </P
+>With the release of Samba 1.9.17(alpha1 and above) Samba has been
+updated to enable it to support the replication of browse lists
+across subnet boundaries.  New code and options have been added to
+achieve this.  This section describes how to set this feature up
+in different settings.</P
 ><P
->Next, copy pdb_mysql.so to any location you want. I 
-strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P
-></DIV
+>To see browse lists that span TCP/IP subnets (ie.  networks separated
+by routers that don't pass broadcast traffic) you must set up at least
+one WINS server.  The WINS server acts as a DNS for NetBIOS names, allowing
+NetBIOS name to IP address translation to be done by doing a direct
+query of the WINS server.  This is done via a directed UDP packet on
+port 137 to the WINS server machine.  The reason for a WINS server is
+that by default, all NetBIOS name to IP address translation is done
+by broadcasts from the querying machine.  This means that machines
+on one subnet will not be able to resolve the names of machines on
+another subnet without using a WINS server.</P
+><P
+>Remember, for browsing across subnets to work correctly, all machines,
+be they Windows 95, Windows NT, or Samba servers must have the IP address
+of a WINS server given to them by a DHCP server, or by manual configuration 
+(for Win95 and WinNT, this is in the TCP/IP Properties, under Network 
+settings) for Samba this is in the smb.conf file.</P
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN2596"
+NAME="AEN2725"
 ></A
->17.2. Configuring</H2
+>15.4.1. How does cross subnet browsing work ?</H3
 ><P
->This plugin lacks some good documentation, but here is some short info:</P
+>Cross subnet browsing is a complicated dance, containing multiple
+moving parts.  It has taken Microsoft several years to get the code
+that achieves this correct, and Samba lags behind in some areas.
+However, with the 1.9.17 release, Samba is capable of cross subnet
+browsing when configured correctly.</P
 ><P
->Add a the following to the <B
-CLASS="COMMAND"
->passdb backend</B
-> variable in your <TT
-CLASS="FILENAME"
->smb.conf</TT
->:
-<PRE
+>Consider a network set up as follows :</P
+><P
+><PRE
 CLASS="PROGRAMLISTING"
->passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE
+>                                   (DMB)
+             N1_A      N1_B        N1_C       N1_D        N1_E
+              |          |           |          |           |
+          -------------------------------------------------------
+            |          subnet 1                       |
+          +---+                                      +---+
+          |R1 | Router 1                  Router 2   |R2 |
+          +---+                                      +---+
+            |                                          |
+            |  subnet 2              subnet 3          |
+  --------------------------       ------------------------------------
+  |     |     |      |               |        |         |           |
+ N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
+                    (WINS)</PRE
 ></P
 ><P
->The identifier can be any string you like, as long as it doesn't collide with 
-the identifiers of other plugins or other instances of pdb_mysql. If you 
-specify multiple pdb_mysql.so entries in 'passdb backend', you also need to 
-use different identifiers!</P
+>Consisting of 3 subnets (1, 2, 3) connected by two routers
+(R1, R2) - these do not pass broadcasts.  Subnet 1 has 5 machines
+on it, subnet 2 has 4 machines, subnet 3 has 4 machines.  Assume
+for the moment that all these machines are configured to be in the
+same workgroup (for simplicities sake).  Machine N1_C on subnet 1
+is configured as Domain Master Browser (ie.  it will collate the
+browse lists for the workgroup).  Machine N2_D is configured as
+WINS server and all the other machines are configured to register
+their NetBIOS names with it.</P
+><P
+>As all these machines are booted up, elections for master browsers
+will take place on each of the three subnets.  Assume that machine
+N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
+subnet 3 - these machines are known as local master browsers for
+their particular subnet.  N1_C has an advantage in winning as the
+local master browser on subnet 1 as it is set up as Domain Master
+Browser.</P
+><P
+>On each of the three networks, machines that are configured to 
+offer sharing services will broadcast that they are offering
+these services.  The local master browser on each subnet will
+receive these broadcasts and keep a record of the fact that
+the machine is offering a service.  This list of records is
+the basis of the browse list.  For this case, assume that
+all the machines are configured to offer services so all machines
+will be on the browse list.</P
+><P
+>For each network, the local master browser on that network is
+considered 'authoritative' for all the names it receives via
+local broadcast.  This is because a machine seen by the local
+master browser via a local broadcast must be on the same 
+network as the local master browser and thus is a 'trusted'
+and 'verifiable' resource.  Machines on other networks that
+the local master browsers learn about when collating their
+browse lists have not been directly seen - these records are
+called 'non-authoritative'.</P
+><P
+>At this point the browse lists look as follows (these are 
+the machines you would see in your network neighborhood if
+you looked in it on a particular network right now).</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D</PRE
+></P
+><P
+>Note that at this point all the subnets are separate, no
+machine is seen across any of the subnets.</P
+><P
+>Now examine subnet 2.  As soon as N2_B has become the local
+master browser it looks for a Domain master browser to synchronize
+its browse list with.  It does this by querying the WINS server
+(N2_D) for the IP address associated with the NetBIOS name 
+WORKGROUP&gt;1B&lt;.  This name was registerd by the Domain master
+browser (N1_C) with the WINS server as soon as it was booted.</P
+><P
+>Once N2_B knows the address of the Domain master browser it
+tells it that is the local master browser for subnet 2 by
+sending a MasterAnnouncement packet as a UDP port 138 packet.
+It then synchronizes with it by doing a NetServerEnum2 call.  This
+tells the Domain Master Browser to send it all the server
+names it knows about.  Once the domain master browser receives
+the MasterAnnouncement packet it schedules a synchronization
+request to the sender of that packet.  After both synchronizations
+are done the browse lists look like :</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+
+Servers with a (*) after them are non-authoritative names.</PRE
+></P
+><P
+>At this point users looking in their network neighborhood on
+subnets 1 or 2 will see all the servers on both, users on
+subnet 3 will still only see the servers on their own subnet.</P
+><P
+>The same sequence of events that occured for N2_B now occurs
+for the local master browser on subnet 3 (N3_D).  When it
+synchronizes browse lists with the domain master browser (N1_A)
+it gets both the server entries on subnet 1, and those on
+subnet 2.  After N3_D has synchronized with N1_C and vica-versa
+the browse lists look like.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+
+Servers with a (*) after them are non-authoritative names.</PRE
+></P
+><P
+>At this point users looking in their network neighborhood on
+subnets 1 or 3 will see all the servers on all sunbets, users on
+subnet 2 will still only see the servers on subnets 1 and 2, but not 3.</P
 ><P
->Additional options can be given thru the smb.conf file in the [global] section.</P
+>Finally, the local master browser for subnet 2 (N2_B) will sync again
+with the domain master browser (N1_C) and will recieve the missing
+server entries.  Finally - and as a steady state (if no machines
+are removed or shut off) the browse lists will look like :</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->identifier:mysql host                     - host name, defaults to 'localhost'
-identifier:mysql password
-identifier:mysql user                     - defaults to 'samba'
-identifier:mysql database                 - defaults to 'samba'
-identifier:mysql port                     - defaults to 3306
-identifier:table                          - Name of the table containing users</PRE
+>Subnet           Browse Master   List
+------           -------------   ----
+Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
+                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
+
+Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
+                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
+                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
+	
+Servers with a (*) after them are non-authoritative names.</PRE
 ></P
 ><P
->Names of the columns in this table(I've added column types those columns should have first):</P
+>Synchronizations between the domain master browser and local
+master browsers will continue to occur, but this should be a
+steady state situation.</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->identifier:logon time column             - int(9)
-identifier:logoff time column            - int(9)
-identifier:kickoff time column           - int(9)
-identifier:pass last set time column     - int(9)
-identifier:pass can change time column   - int(9)
-identifier:pass must change time column  - int(9)
-identifier:username column               - varchar(255) - unix username
-identifier:domain column                 - varchar(255) - NT domain user is part of
-identifier:nt username column            - varchar(255) - NT username
-identifier:fullname column            - varchar(255) - Full name of user
-identifier:home dir column               - varchar(255) - Unix homedir path
-identifier:dir drive column              - varchar(2) - Directory drive path (eg: 'H:')
-identifier:logon script column           - varchar(255) - Batch file to run on client side when logging on
-identifier:profile path column           - varchar(255) - Path of profile
-identifier:acct desc column              - varchar(255) - Some ASCII NT user data
-identifier:workstations column           - varchar(255) - Workstations user can logon to (or NULL for all)
-identifier:unknown string column         - varchar(255) - unknown string
-identifier:munged dial column            - varchar(255) - ?
-identifier:uid column                    - int(9) - Unix user ID (uid)
-identifier:gid column                    - int(9) - Unix user group (gid)
-identifier:user sid column               - varchar(255) - NT user SID
-identifier:group sid column              - varchar(255) - NT group ID
-identifier:lanman pass column            - varchar(255) - encrypted lanman password
-identifier:nt pass column                - varchar(255) - encrypted nt passwd
-identifier:plaintext pass column         - varchar(255) - plaintext password
-identifier:acct control column           - int(9) - nt user data
-identifier:unknown 3 column              - int(9) - unknown
-identifier:logon divs column             - int(9) - ?
-identifier:hours len column              - int(9) - ?
-identifier:unknown 5 column              - int(9) - unknown
-identifier:unknown 6 column              - int(9) - unknown</PRE
-></P
+>If either router R1 or R2 fails the following will occur:</P
 ><P
->Eventually, you can put a colon (:) after the name of each column, which 
-should specify the column to update when updating the table. You can also
-specify nothing behind the colon - then the data from the field will not be 
-updated. </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2611"
-></A
->17.3. Using plaintext passwords or encrypted password</H2
+></P
+><OL
+TYPE="1"
+><LI
 ><P
->I strongly discourage the use of plaintext passwords, however, you can use them:</P
+>	Names of computers on each side of the inaccessible network fragments
+	will be maintained for as long as 36 minutes, in the network neighbourhood
+	lists.
+	</P
+></LI
+><LI
 ><P
->If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plaintext pass column' to the name of the column containing the plaintext passwords. </P
+>	Attempts to connect to these inaccessible computers will fail, but the
+	names will not be removed from the network neighbourhood lists.
+	</P
+></LI
+><LI
 ><P
->If you use encrypted passwords, set the 'identifier:plaintext pass column' to 'NULL' (without the quotes). This is the default.</P
+>	If one of the fragments is cut off from the WINS server, it will only
+	be able to access servers on its local subnet, by using subnet-isolated
+	broadcast NetBIOS name resolution.  The effects are similar to that of
+	losing access to a DNS server.
+	</P
+></LI
+></OL
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2616"
+NAME="AEN2760"
 ></A
->17.4. Getting non-column data from the table</H2
-><P
->It is possible to have not all data in the database and making some 'constant'.</P
+>15.5. Setting up a WINS server</H2
 ><P
->For example, you can set 'identifier:fullname column' to : 
-<B
-CLASS="COMMAND"
->CONCAT(First_name,' ',Sur_name)</B
-></P
+>Either a Samba machine or a Windows NT Server machine may be set up
+as a WINS server.  To set a Samba machine to be a WINS server you must
+add the following option to the smb.conf file on the selected machine :
+in the [globals] section add the line </P
 ><P
->Or, set 'identifier:workstations column' to :
-<B
+><B
 CLASS="COMMAND"
->NULL</B
+>		wins support = yes</B
 ></P
 ><P
->See the MySQL documentation for more language constructs.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="PDB-XML"
-></A
->Chapter 18. Passdb XML plugin</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN2635"
-></A
->18.1. Building</H2
-><P
->This module requires libxml2 to be installed.</P
-><P
->To build pdb_xml, run: <B
-CLASS="COMMAND"
->make bin/pdb_xml.so</B
-> in 
-the directory <TT
-CLASS="FILENAME"
->source/</TT
->. </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2641"
-></A
->18.2. Usage</H2
+>Versions of Samba previous to 1.9.17 had this parameter default to
+yes.  If you have any older versions of Samba on your network it is
+strongly suggested you upgrade to 1.9.17 or above, or at the very
+least set the parameter to 'no' on all these machines.</P
 ><P
->The usage of pdb_xml is pretty straightforward. To export data, use:
-
-<B
+>Machines with "<B
 CLASS="COMMAND"
->pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B
->
-
-(where filename is the name of the file to put the data in)</P
+>wins support = yes</B
+>" will keep a list of 
+all NetBIOS names registered with them, acting as a DNS for NetBIOS names.</P
 ><P
->To import data, use:
-<B
+>You should set up only ONE wins server.  Do NOT set the
+"<B
 CLASS="COMMAND"
->pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B
->
-
-Where filename is the name to read the data from and current-pdb to put it in.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="SAMBA-LDAP-HOWTO"
-></A
->Chapter 19. Storing Samba's User/Machine Account information in an LDAP Directory</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN2664"
-></A
->19.1. Purpose</H2
-><P
->This document describes how to use an LDAP directory for storing Samba user
-account information traditionally stored in the smbpasswd(5) file.  It is
-assumed that the reader already has a basic understanding of LDAP concepts
-and has a working directory server already installed.  For more information
-on LDAP architectures and Directories, please refer to the following sites.</P
+>wins support = yes</B
+>" option on more than one Samba 
+server.</P
 ><P
-></P
-><UL
-><LI
+>To set up a Windows NT Server as a WINS server you need to set up
+the WINS service - see your NT documentation for details.  Note that
+Windows NT WINS Servers can replicate to each other, allowing more
+than one to be set up in a complex subnet environment.  As Microsoft
+refuse to document these replication protocols Samba cannot currently
+participate in these replications.  It is possible in the future that
+a Samba-&#62;Samba WINS replication protocol may be defined, in which
+case more than one Samba machine could be set up as a WINS server
+but currently only one Samba server should have the "wins support = yes"
+parameter set.</P
 ><P
->OpenLDAP - <A
-HREF="http://www.openldap.org/"
-TARGET="_top"
->http://www.openldap.org/</A
-></P
-></LI
-><LI
+>After the WINS server has been configured you must ensure that all
+machines participating on the network are configured with the address
+of this WINS server.  If your WINS server is a Samba machine, fill in
+the Samba machine IP address in the "Primary WINS Server" field of
+the "Control Panel-&#62;Network-&#62;Protocols-&#62;TCP-&#62;WINS Server" dialogs
+in Windows 95 or Windows NT.  To tell a Samba server the IP address
+of the WINS server add the following line to the [global] section of
+all smb.conf files :</P
 ><P
->iPlanet Directory Server - <A
-HREF="http://iplanet.netscape.com/directory"
-TARGET="_top"
->http://iplanet.netscape.com/directory</A
+><B
+CLASS="COMMAND"
+>wins server = &gt;name or IP address&lt;</B
 ></P
-></LI
-></UL
-><P
->Note that <A
-HREF="http://www.ora.com/"
-TARGET="_top"
->O'Reilly Publishing</A
-> is working on
-a guide to LDAP for System Administrators which has a planned release date of
-early summer, 2002.</P
-><P
->Two additional Samba resources which may prove to be helpful are</P
 ><P
-></P
-><UL
-><LI
+>where &gt;name or IP address&lt; is either the DNS name of the WINS server
+machine or its IP address.</P
 ><P
->The <A
-HREF="http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html"
-TARGET="_top"
->Samba-PDC-LDAP-HOWTO</A
->
-	maintained by Ignacio Coupeau.</P
-></LI
-><LI
+>Note that this line MUST NOT BE SET in the smb.conf file of the Samba
+server acting as the WINS server itself.  If you set both the
+"<B
+CLASS="COMMAND"
+>wins support = yes</B
+>" option and the 
+"<B
+CLASS="COMMAND"
+>wins server = &gt;name&lt;</B
+>" option then
+nmbd will fail to start.</P
 ><P
->The NT migration scripts from <A
-HREF="http://samba.idealx.org/"
-TARGET="_top"
->IDEALX</A
-> that are
-	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
-	</P
-></LI
-></UL
+>There are two possible scenarios for setting up cross subnet browsing.
+The first details setting up cross subnet browsing on a network containing
+Windows 95, Samba and Windows NT machines that are not configured as
+part of a Windows NT Domain.  The second details setting up cross subnet
+browsing on networks that contain NT Domains.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2684"
+NAME="AEN2779"
 ></A
->19.2. Introduction</H2
-><P
->Traditionally, when configuring <A
-HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
-TARGET="_top"
->"encrypt
-passwords = yes"</A
-> in Samba's <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file, user account
-information such as username, LM/NT password hashes, password change times, and account
-flags have been stored in the <TT
-CLASS="FILENAME"
->smbpasswd(5)</TT
-> file.  There are several
-disadvantages to this approach for sites with very large numbers of users (counted
-in the thousands).</P
+>15.6. Setting up Browsing in a WORKGROUP</H2
 ><P
-></P
-><UL
-><LI
+>To set up cross subnet browsing on a network containing machines
+in up to be in a WORKGROUP, not an NT Domain you need to set up one
+Samba server to be the Domain Master Browser (note that this is *NOT*
+the same as a Primary Domain Controller, although in an NT Domain the
+same machine plays both roles).  The role of a Domain master browser is
+to collate the browse lists from local master browsers on all the
+subnets that have a machine participating in the workgroup.  Without
+one machine configured as a domain master browser each subnet would
+be an isolated workgroup, unable to see any machines on any other
+subnet.  It is the presense of a domain master browser that makes
+cross subnet browsing possible for a workgroup.</P
 ><P
->The first is that all lookups must be performed sequentially.  Given that
-there are approximately two lookups per domain logon (one for a normal
-session connection such as when mapping a network drive or printer), this
-is a performance bottleneck for lareg sites.  What is needed is an indexed approach
-such as is used in databases.</P
-></LI
-><LI
+>In an WORKGROUP environment the domain master browser must be a
+Samba server, and there must only be one domain master browser per
+workgroup name.  To set up a Samba server as a domain master browser,
+set the following option in the [global] section of the smb.conf file :</P
 ><P
->The second problem is that administrators who desired to replicate a
-smbpasswd file to more than one Samba server were left to use external
-tools such as <B
-CLASS="COMMAND"
->rsync(1)</B
-> and <B
+><B
 CLASS="COMMAND"
->ssh(1)</B
->
-and wrote custom, in-house scripts.</P
-></LI
-><LI
+>domain master = yes</B
+></P
 ><P
->And finally, the amount of information which is stored in an
-smbpasswd entry leaves no room for additional attributes such as
-a home directory, password expiration time, or even a Relative
-Identified (RID).</P
-></LI
-></UL
+>The domain master browser should also preferrably be the local master
+browser for its own subnet.  In order to achieve this set the following
+options in the [global] section of the smb.conf file :</P
 ><P
->As a result of these defeciencies, a more robust means of storing user attributes
-used by smbd was developed.  The API which defines access to user accounts
-is commonly referred to as the samdb interface (previously this was called the passdb
-API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
-for a samdb backend (e.g. <TT
-CLASS="PARAMETER"
-><I
->--with-ldapsam</I
-></TT
-> or
-<TT
-CLASS="PARAMETER"
-><I
->--with-tdbsam</I
-></TT
->) requires compile time support.</P
+><PRE
+CLASS="PROGRAMLISTING"
+>        domain master = yes
+        local master = yes
+        preferred master = yes
+        os level = 65</PRE
+></P
 ><P
->When compiling Samba to include the <TT
-CLASS="PARAMETER"
-><I
->--with-ldapsam</I
-></TT
-> autoconf
-option, smbd (and associated tools) will store and lookup user accounts in
-an LDAP directory.  In reality, this is very easy to understand.  If you are
-comfortable with using an smbpasswd file, simply replace "smbpasswd" with
-"LDAP directory" in all the documentation.</P
+>The domain master browser may be the same machine as the WINS
+server, if you require.</P
 ><P
->There are a few points to stress about what the <TT
-CLASS="PARAMETER"
-><I
->--with-ldapsam</I
-></TT
->
-does not provide.  The LDAP support referred to in the this documentation does not
-include:</P
+>Next, you should ensure that each of the subnets contains a
+machine that can act as a local master browser for the
+workgroup.  Any NT machine should be able to do this, as will
+Windows 95 machines (although these tend to get rebooted more
+often, so it's not such a good idea to use these).  To make a 
+Samba server a local master browser set the following
+options in the [global] section of the smb.conf file :</P
 ><P
+><PRE
+CLASS="PROGRAMLISTING"
+>        domain master = no
+        local master = yes
+        preferred master = yes
+        os level = 65</PRE
 ></P
-><UL
-><LI
 ><P
->A means of retrieving user account information from
-	an Windows 2000 Active Directory server.</P
-></LI
-><LI
+>Do not do this for more than one Samba server on each subnet,
+or they will war with each other over which is to be the local
+master browser.</P
 ><P
->A means of replacing /etc/passwd.</P
-></LI
-></UL
+>The "local master" parameter allows Samba to act as a local master
+browser.  The "preferred master" causes nmbd to force a browser
+election on startup and the "os level" parameter sets Samba high
+enough so that it should win any browser elections.</P
 ><P
->The second item can be accomplished by using LDAP NSS and PAM modules.  LGPL
-versions of these libraries can be obtained from PADL Software
-(<A
-HREF="http://www.padl.com/"
-TARGET="_top"
->http://www.padl.com/</A
->).  However,
-the details of configuring these packages are beyond the scope of this document.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2713"
-></A
->19.3. Supported LDAP Servers</H2
+>If you have an NT machine on the subnet that you wish to
+be the local master browser then you can disable Samba from
+becoming a local master browser by setting the following
+options in the [global] section of the smb.conf file :</P
 ><P
->The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
-2.0 server and client libraries.  The same code should be able to work with
-Netscape's Directory Server and client SDK. However, due to lack of testing
-so far, there are bound to be compile errors and bugs.  These should not be
-hard to fix. If you are so inclined, please be sure to forward all patches to
-<A
-HREF="samba-patches@samba.org"
-TARGET="_top"
->samba-patches@samba.org</A
-> and
-<A
-HREF="jerry@samba.org"
-TARGET="_top"
->jerry@samba.org</A
->.</P
+><PRE
+CLASS="PROGRAMLISTING"
+>        domain master = no
+        local master = no
+        preferred master = no
+        os level = 0</PRE
+></P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2718"
+NAME="AEN2797"
 ></A
->19.4. Schema and Relationship to the RFC 2307 posixAccount</H2
+>15.7. Setting up Browsing in a DOMAIN</H2
 ><P
->Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
-<TT
-CLASS="FILENAME"
->examples/LDAP/samba.schema</TT
->.  (Note that this schema
-file has been modified since the experimental support initially included
-in 2.2.2).  The sambaAccount objectclass is given here:</P
+>If you are adding Samba servers to a Windows NT Domain then
+you must not set up a Samba server as a domain master browser.
+By default, a Windows NT Primary Domain Controller for a Domain
+name is also the Domain master browser for that name, and many
+things will break if a Samba server registers the Domain master
+browser NetBIOS name (DOMAIN&gt;1B&lt;) with WINS instead of the PDC.</P
+><P
+>For subnets other than the one containing the Windows NT PDC
+you may set up Samba servers as local master browsers as
+described.  To make a Samba server a local master browser set 
+the following options in the [global] section of the smb.conf 
+file :</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-     DESC 'Samba Account'
-     MUST ( uid $ rid )
-     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-            description $ userWorkstations $ primaryGroupID $ domain ))</PRE
+>        domain master = no
+        local master = yes
+        preferred master = yes
+        os level = 65</PRE
 ></P
 ><P
->The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
-owned by the Samba Team and as such is legal to be openly published.
-If you translate the schema to be used with Netscape DS, please
-submit the modified schema file as a patch to <A
-HREF="jerry@samba.org"
-TARGET="_top"
->jerry@samba.org</A
-></P
+>If you wish to have a Samba server fight the election with machines
+on the same subnet you may set the "os level" parameter to lower
+levels.  By doing this you can tune the order of machines that
+will become local master browsers if they are running.  For
+more details on this see the section "FORCING SAMBA TO BE THE MASTER"
+below.</P
 ><P
->Just as the smbpasswd file is mean to store information which supplements a
-user's <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> entry, so is the sambaAccount object
-meant to supplement the UNIX user account information.  A sambaAccount is a
-<TT
-CLASS="CONSTANT"
->STRUCTURAL</TT
-> objectclass so it can be stored individually
-in the directory.  However, there are several fields (e.g. uid) which overlap
-with the posixAccount objectclass outlined in RFC2307.  This is by design.</P
+>If you have Windows NT machines that are members of the domain
+on all subnets, and you are sure they will always be running then
+you can disable Samba from taking part in browser elections and
+ever becoming a local master browser by setting following options 
+in the [global] section of the smb.conf file :</P
 ><P
->In order to store all user account information (UNIX and Samba) in the directory,
-it is necessary to use the sambaAccount and posixAccount objectclasses in
-combination.  However, smbd will still obtain the user's UNIX account
-information via the standard C library calls (e.g. getpwnam(), et. al.).
-This means that the Samba server must also have the LDAP NSS library installed
-and functioning correctly.  This division of information makes it possible to
-store all Samba account information in LDAP, but still maintain UNIX account
-information in NIS while the network is transitioning to a full LDAP infrastructure.</P
+><B
+CLASS="COMMAND"
+>        domain master = no
+        local master = no
+        preferred master = no
+        os level = 0</B
+></P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2730"
-></A
->19.5. Configuring Samba with LDAP</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN2732"
+NAME="AEN2807"
 ></A
->19.5.1. OpenLDAP configuration</H3
+>15.8. Forcing samba to be the master</H2
 ><P
->To include support for the sambaAccount object in an OpenLDAP directory
-server, first copy the samba.schema file to slapd's configuration directory.</P
+>Who becomes the "master browser" is determined by an election process
+using broadcasts.  Each election packet contains a number of parameters
+which determine what precedence (bias) a host should have in the
+election.  By default Samba uses a very low precedence and thus loses
+elections to just about anyone else.</P
 ><P
-><TT
-CLASS="PROMPT"
->root# </TT
-><B
-CLASS="COMMAND"
->cp samba.schema /etc/openldap/schema/</B
-></P
+>If you want Samba to win elections then just set the "os level" global
+option in smb.conf to a higher number.  It defaults to 0.  Using 34
+would make it win all elections over every other system (except other
+samba systems!)</P
 ><P
->Next, include the <TT
-CLASS="FILENAME"
->samba.schema</TT
-> file in <TT
-CLASS="FILENAME"
->slapd.conf</TT
->.
-The sambaAccount object contains two attributes which depend upon other schema
-files.  The 'uid' attribute is defined in <TT
-CLASS="FILENAME"
->cosine.schema</TT
-> and
-the 'displayName' attribute is defined in the <TT
-CLASS="FILENAME"
->inetorgperson.schema</TT
->
-file.  Both of these must be included before the <TT
-CLASS="FILENAME"
->samba.schema</TT
-> file.</P
+>A "os level" of 2 would make it beat WfWg and Win95, but not NTAS.  A
+NTAS domain controller uses level 32.</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->## /etc/openldap/slapd.conf
-
-## schema files (core.schema is required by default)
-include	           /etc/openldap/schema/core.schema
-
-## needed for sambaAccount
-include            /etc/openldap/schema/cosine.schema
-include            /etc/openldap/schema/inetorgperson.schema
-include            /etc/openldap/schema/samba.schema
-
-## uncomment this line if you want to support the RFC2307 (NIS) schema
-## include         /etc/openldap/schema/nis.schema
-
-....</PRE
-></P
+>The maximum os level is 255</P
 ><P
->It is recommended that you maintain some indices on some of the most usefull attributes,
-like in the following example, to speed up searches made on sambaAccount objectclasses
-(and possibly posixAccount and posixGroup as well).</P
+>If you want samba to force an election on startup, then set the
+"preferred master" global option in smb.conf to "yes".  Samba will
+then have a slight advantage over other potential master browsers
+that are not preferred master browsers.  Use this parameter with
+care, as if you have two hosts (whether they are windows 95 or NT or
+samba) on the same local subnet both set with "preferred master" to
+"yes", then periodically and continually they will force an election
+in order to become the local master browser.</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
-># Indices to maintain
-## required by OpenLDAP 2.0
-index objectclass   eq
-
-## support pb_getsampwnam()
-index uid           pres,eq
-## support pdb_getsambapwrid()
-index rid           eq
-
-## uncomment these if you are storing posixAccount and
-## posixGroup entries in the directory as well
-##index uidNumber     eq
-##index gidNumber     eq
-##index cn            eq
-##index memberUid     eq</PRE
-></P
+>If you want samba to be a "domain master browser", then it is
+recommended that you also set "preferred master" to "yes", because
+samba will not become a domain master browser for the whole of your
+LAN or WAN if it is not also a local master browser on its own
+broadcast isolated subnet.</P
+><P
+>It is possible to configure two samba servers to attempt to become
+the domain master browser for a domain.  The first server that comes
+up will be the domain master browser.  All other samba servers will
+attempt to become the domain master browser every 5 minutes.  They
+will find that another samba server is already the domain master
+browser and will fail.  This provides automatic redundancy, should
+the current domain master browser fail.</P
 ></DIV
 ><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
+CLASS="SECT1"
+><HR><H2
+CLASS="SECT1"
 ><A
-NAME="AEN2749"
+NAME="AEN2816"
 ></A
->19.5.2. Configuring Samba</H3
+>15.9. Making samba the domain master</H2
 ><P
->The following parameters are available in smb.conf only with <TT
-CLASS="PARAMETER"
-><I
->--with-ldapsam</I
-></TT
->
-was included with compiling Samba.</P
+>The domain master is responsible for collating the browse lists of
+multiple subnets so that browsing can occur between subnets.  You can
+make samba act as the domain master by setting "domain master = yes"
+in smb.conf.  By default it will not be a domain master.</P
 ><P
-></P
-><UL
-><LI
+>Note that you should NOT set Samba to be the domain master for a
+workgroup that has the same name as an NT Domain.</P
 ><P
-><A
-HREF="smb.conf.5.html#LDAPSSL"
-TARGET="_top"
->ldap ssl</A
-></P
-></LI
-><LI
+>When samba is the domain master and the master browser it will listen
+for master announcements (made roughly every twelve minutes) from local
+master browsers on other subnets and then contact them to synchronise
+browse lists.</P
 ><P
-><A
-HREF="smb.conf.5.html#LDAPSERVER"
-TARGET="_top"
->ldap server</A
-></P
-></LI
-><LI
+>If you want samba to be the domain master then I suggest you also set
+the "os level" high enough to make sure it wins elections, and set
+"preferred master" to "yes", to get samba to force an election on
+startup.</P
 ><P
-><A
-HREF="smb.conf.5.html#LDAPADMINDN"
-TARGET="_top"
->ldap admin dn</A
-></P
-></LI
-><LI
+>Note that all your servers (including samba) and clients should be
+using a WINS server to resolve NetBIOS names.  If your clients are only
+using broadcasting to resolve NetBIOS names, then two things will occur:</P
 ><P
-><A
-HREF="smb.conf.5.html#LDAPSUFFIX"
-TARGET="_top"
->ldap suffix</A
 ></P
-></LI
+><OL
+TYPE="1"
 ><LI
 ><P
-><A
-HREF="smb.conf.5.html#LDAPFILTER"
-TARGET="_top"
->ldap filter</A
-></P
+>	your local master browsers will be unable to find a domain master
+	browser, as it will only be looking on the local subnet.
+	</P
 ></LI
 ><LI
 ><P
-><A
-HREF="smb.conf.5.html#LDAPPORT"
-TARGET="_top"
->ldap port</A
-></P
+>	if a client happens to get hold of a domain-wide browse list, and
+	a user attempts to access a host in that list, it will be unable to
+	resolve the NetBIOS name of that host.
+	</P
 ></LI
-></UL
+></OL
 ><P
->These are described in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
-> man
-page and so will not be repeated here.  However, a sample smb.conf file for
-use with an LDAP directory could appear as</P
+>If, however, both samba and your clients are using a WINS server, then:</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->## /usr/local/samba/lib/smb.conf
-[global]
-     security = user
-     encrypt passwords = yes
-
-     netbios name = TASHTEGO
-     workgroup = NARNIA
-
-     # ldap related parameters
-
-     # define the DN to use when binding to the directory servers
-     # The password for this DN is not stored in smb.conf.  Rather it
-     # must be set by using 'smbpasswd -w <TT
-CLASS="REPLACEABLE"
-><I
->secretpw</I
-></TT
->' to store the
-     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
-     # changes, this password will need to be reset.
-     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
-
-     #  specify the LDAP server's hostname (defaults to locahost)
-     ldap server = ahab.samba.org
-
-     # Define the SSL option when connecting to the directory
-     # ('off', 'start tls', or 'on' (default))
-     ldap ssl = start tls
-
-     # define the port to use in the LDAP session (defaults to 636 when
-     # "ldap ssl = on")
-     ldap port = 389
-
-     # specify the base DN to use when searching the directory
-     ldap suffix = "ou=people,dc=samba,dc=org"
-
-     # generally the default ldap search filter is ok
-     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"</PRE
 ></P
-></DIV
+><OL
+TYPE="1"
+><LI
+><P
+>	your local master browsers will contact the WINS server and, as long as
+	samba has registered that it is a domain master browser with the WINS
+	server, your local master browser will receive samba's ip address
+	as its domain master browser.
+	</P
+></LI
+><LI
+><P
+>	when a client receives a domain-wide browse list, and a user attempts
+	to access a host in that list, it will contact the WINS server to
+	resolve the NetBIOS name of that host.  as long as that host has
+	registered its NetBIOS name with the same WINS server, the user will
+	be able to see that host.  
+	</P
+></LI
+></OL
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2777"
+NAME="AEN2834"
 ></A
->19.6. Accounts and Groups management</H2
-><P
->As users accounts are managed thru the sambaAccount objectclass, you should
-modify you existing administration tools to deal with sambaAccount attributes.</P
-><P
->Machines accounts are managed with the sambaAccount objectclass, just
-like users accounts. However, it's up to you to stored thoses accounts
-in a different tree of you LDAP namespace: you should use
-"ou=Groups,dc=plainjoe,dc=org" to store groups and
-"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
-NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
-file).</P
+>15.10. Note about broadcast addresses</H2
 ><P
->In Samba release 2.2.3, the group management system is based on posix
-groups. This meand that Samba make usage of the posixGroup objectclass.
-For now, there is no NT-like group system management (global and local
-groups).</P
+>If your network uses a "0" based broadcast address (for example if it
+ends in a 0) then you will strike problems.  Windows for Workgroups
+does not seem to support a 0's broadcast and you will probably find
+that browsing and name lookups won't work.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2782"
+NAME="AEN2837"
 ></A
->19.7. Security and sambaAccount</H2
-><P
->There are two important points to remember when discussing the security
-of sambaAccount entries in the directory.</P
-><P
-></P
-><UL
-><LI
+>15.11. Multiple interfaces</H2
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Never</I
-></SPAN
-> retrieve the lmPassword or
-	ntPassword attribute values over an unencrypted LDAP session.</P
-></LI
-><LI
+>Samba now supports machines with multiple network interfaces.  If you
+have multiple interfaces then you will need to use the "interfaces"
+option in smb.conf to configure them.  See smb.conf(5) for details.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="VFS"
+></A
+>Chapter 16. Stackable VFS modules</H1
+><DIV
+CLASS="SECT1"
+><H2
+CLASS="SECT1"
+><A
+NAME="AEN2855"
+></A
+>16.1. Introduction and configuration</H2
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Never</I
-></SPAN
-> allow non-admin users to
-	view the lmPassword or ntPassword attribute values.</P
-></LI
-></UL
+>Since samba 3.0, samba supports stackable VFS(Virtual File System) modules.  
+Samba passes each request to access the unix file system thru the loaded VFS modules. 
+This chapter covers all the modules that come with the samba source and references to 
+some external modules.</P
 ><P
->These password hashes are clear text equivalents and can be used to impersonate
-the user without deriving the original clear text strings.  For more information
-on the details of LM/NT password hashes, refer to the <A
-HREF="ENCRYPTION.html"
-TARGET="_top"
->ENCRYPTION chapter</A
-> of the Samba-HOWTO-Collection.</P
+>You may have problems to compile these modules, as shared libraries are
+compiled and linked in different ways on different systems.
+They currently have been tested against GNU/linux and IRIX.</P
 ><P
->To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
-to require an encrypted session (<B
-CLASS="COMMAND"
->ldap ssl = on</B
->) using
-the default port of 636
-when contacting the directory server.  When using an OpenLDAP 2.0 server, it
-is possible to use the use the StartTLS LDAP extended  operation in the place of
-LDAPS.  In either case, you are strongly discouraged to disable this security
-(<B
+>To use the VFS modules, create a share similar to the one below.  The
+important parameter is the <B
 CLASS="COMMAND"
->ldap ssl = off</B
->).</P
-><P
->Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
-extended operation.  However, the OpenLDAP library still provides support for
-the older method of securing communication between clients and servers.</P
-><P
->The second security precaution is to prevent non-administrative users from
-harvesting password hashes from the directory.  This can be done using the
-following ACL in <TT
-CLASS="FILENAME"
->slapd.conf</TT
->:</P
-><P
-><PRE
+>vfs object</B
+> parameter which must point to
+the exact pathname of the shared library objects. For example, to log all access 
+to files and use a recycle bin:
+
+<PRE
 CLASS="PROGRAMLISTING"
->## allow the "ldap admin dn" access, but deny everyone else
-access to attrs=lmPassword,ntPassword
-     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
-     by * none</PRE
+>       [audit]
+                comment = Audited /data directory
+                path = /data
+                vfs object = /path/to/audit.so /path/to/recycle.so
+                writeable = yes
+                browseable = yes</PRE
 ></P
+><P
+>The modules are used in the order they are specified.</P
+><P
+>Further documentation on writing VFS modules for Samba can be found in
+the Samba Developers Guide.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2802"
+NAME="AEN2864"
 ></A
->19.8. LDAP specials attributes for sambaAccounts</H2
-><P
->The sambaAccount objectclass is composed of the following attributes:</P
+>16.2. Included modules</H2
+><DIV
+CLASS="SECT2"
+><H3
+CLASS="SECT2"
+><A
+NAME="AEN2866"
+></A
+>16.2.1. audit</H3
 ><P
+>A simple module to audit file access to the syslog
+facility.  The following operations are logged:
+<P
 ></P
-><UL
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->lmPassword</TT
->: the LANMAN password 16-byte hash stored as a character
-	representation of a hexidecimal string.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->ntPassword</TT
->: the NT password hash 16-byte stored as a character
-	representation of a hexidecimal string.</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->pwdLastSet</TT
->: The integer time in seconds since 1970 when the
-	<TT
-CLASS="CONSTANT"
->lmPassword</TT
-> and <TT
-CLASS="CONSTANT"
->ntPassword</TT
-> attributes were last set.
-	</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->acctFlags</TT
->: string of 11 characters surrounded by square brackets []
-	representing account flags such as U (user), W(workstation), X(no password expiration), and
-	D(disabled).</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->logonTime</TT
->: Integer value currently unused</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->logoffTime</TT
->: Integer value currently unused</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->kickoffTime</TT
->: Integer value currently unused</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->pwdCanChange</TT
->: Integer value currently unused</P
-></LI
-><LI
-><P
-><TT
-CLASS="CONSTANT"
->pwdMustChange</TT
->: Integer value currently unused</P
-></LI
-><LI
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>share</TD
+></TR
+><TR
+><TD
+>connect/disconnect</TD
+></TR
+><TR
+><TD
+>directory opens/create/remove</TD
+></TR
+><TR
+><TD
+>file open/close/rename/unlink/chmod</TD
+></TR
+></TBODY
+></TABLE
 ><P
-><TT
-CLASS="CONSTANT"
->homeDrive</TT
->: specifies the drive letter to which to map the
-	UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
-	where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
-	smb.conf(5) man page for more information.</P
-></LI
-><LI
+></P
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2874"
+></A
+>16.2.2. recycle</H3
 ><P
-><TT
-CLASS="CONSTANT"
->scriptPath</TT
->: The scriptPath property specifies the path of
-	the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
-	is relative to the netlogon share.  Refer to the "logon script" parameter in the
-	smb.conf(5) man page for more information.</P
-></LI
-><LI
+>A recycle-bin like modules. When used any unlink call
+will be intercepted and files moved to the recycle
+directory instead of beeing deleted.</P
 ><P
-><TT
-CLASS="CONSTANT"
->profilePath</TT
->: specifies a path to the user's profile.
-	This value can be a null string, a local absolute path, or a UNC path.  Refer to the
-	"logon path" parameter in the smb.conf(5) man page for more information.</P
-></LI
-><LI
+>Supported options:
+<P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>vfs_recycle_bin:repository</DT
+><DD
 ><P
-><TT
-CLASS="CONSTANT"
->smbHome</TT
->: The homeDirectory property specifies the path of
-	the home directory for the user. The string can be null. If homeDrive is set and specifies
-	a drive letter, homeDirectory should be a UNC path. The path must be a network
-	UNC path of the form \\server\share\directory. This value can be a null string.
-	Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
-	</P
-></LI
-><LI
+>FIXME</P
+></DD
+><DT
+>vfs_recycle_bin:keeptree</DT
+><DD
 ><P
-><TT
-CLASS="CONSTANT"
->userWorkstation</TT
->: character string value currently unused.
-	</P
-></LI
-><LI
+>FIXME</P
+></DD
+><DT
+>vfs_recycle_bin:versions</DT
+><DD
 ><P
-><TT
-CLASS="CONSTANT"
->rid</TT
->: the integer representation of the user's relative identifier
-	(RID).</P
-></LI
-><LI
+>FIXME</P
+></DD
+><DT
+>vfs_recycle_bin:touch</DT
+><DD
 ><P
-><TT
-CLASS="CONSTANT"
->primaryGroupID</TT
->: the relative identifier (RID) of the primary group
-	of the user.</P
-></LI
-></UL
+>FIXME</P
+></DD
+><DT
+>vfs_recycle_bin:maxsize</DT
+><DD
 ><P
->The majority of these parameters are only used when Samba is acting as a PDC of
-a domain (refer to the <A
-HREF="Samba-PDC-HOWTO.html"
-TARGET="_top"
->Samba-PDC-HOWTO</A
-> for details on
-how to configure Samba as a Primary Domain Controller). The following four attributes
-are only stored with the sambaAccount entry if the values are non-default values:</P
+>FIXME</P
+></DD
+><DT
+>vfs_recycle_bin:exclude</DT
+><DD
 ><P
-></P
-><UL
-><LI
+>FIXME</P
+></DD
+><DT
+>vfs_recycle_bin:exclude_dir</DT
+><DD
 ><P
->smbHome</P
-></LI
-><LI
+>FIXME</P
+></DD
+><DT
+>vfs_recycle_bin:noversions</DT
+><DD
 ><P
->scriptPath</P
-></LI
-><LI
+>FIXME</P
+></DD
+></DL
+></DIV
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2911"
+></A
+>16.2.3. netatalk</H3
 ><P
->logonPath</P
-></LI
-><LI
+>A netatalk module, that will ease co-existence of samba and
+netatalk file sharing services.</P
 ><P
->homeDrive</P
-></LI
-></UL
+>Advantages compared to the old netatalk module:
+<P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>it doesn't care about creating of .AppleDouble forks, just keeps ones in sync</TD
+></TR
+><TR
+><TD
+>if share in smb.conf doesn't contain .AppleDouble item in hide or veto list, it will be added automatically</TD
+></TR
+></TBODY
+></TABLE
 ><P
->These attributes are only stored with the sambaAccount entry if
-the values are non-default values.  For example, assume TASHTEGO has now been
-configured as a PDC and that <B
-CLASS="COMMAND"
->logon home = \\%L\%u</B
-> was defined in
-its <TT
-CLASS="FILENAME"
->smb.conf</TT
-> file. When a user named "becky" logons to the domain,
-the <TT
-CLASS="PARAMETER"
-><I
->logon home</I
-></TT
-> string is expanded to \\TASHTEGO\becky.
-If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
-this value is used.  However, if this attribute does not exist, then the value
-of the <TT
-CLASS="PARAMETER"
-><I
->logon home</I
-></TT
-> parameter is used in its place.  Samba
-will only write the attribute value to the directory entry is the value is
-something other than the default (e.g. \\MOBY\becky).</P
+></P
+></P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2872"
+NAME="AEN2918"
 ></A
->19.9. Example LDIF Entries for a sambaAccount</H2
+>16.3. VFS modules available elsewhere</H2
 ><P
->The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
+>This section contains a listing of various other VFS modules that 
+have been posted but don't currently reside in the Samba CVS 
+tree for one reason ot another (e.g. it is easy for the maintainer 
+to have his or her own CVS tree).</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->dn: uid=guest2, ou=people,dc=plainjoe,dc=org
-ntPassword: 878D8014606CDA29677A44EFA1353FC7
-pwdMustChange: 2147483647
-primaryGroupID: 1201
-lmPassword: 552902031BEDE9EFAAD3B435B51404EE
-pwdLastSet: 1010179124
-logonTime: 0
-objectClass: sambaAccount
-uid: guest2
-kickoffTime: 2147483647
-acctFlags: [UX         ]
-logoffTime: 2147483647
-rid: 19006
-pwdCanChange: 0</PRE
+>No statemets about the stability or functionality any module
+should be implied due to its presence here.</P
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN2922"
+></A
+>16.3.1. DatabaseFS</H3
+><P
+>URL: <A
+HREF="http://www.css.tayloru.edu/~elorimer/databasefs/index.php"
+TARGET="_top"
+>http://www.css.tayloru.edu/~elorimer/databasefs/index.php</A
 ></P
 ><P
->The following is an LDIF entry for using both the sambaAccount and
-posixAccount objectclasses:</P
+>By <A
+HREF="mailto:elorimer@css.tayloru.edu"
+TARGET="_top"
+>Eric Lorimer</A
+>.</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
-logonTime: 0
-displayName: Gerald Carter
-lmPassword: 552902031BEDE9EFAAD3B435B51404EE
-primaryGroupID: 1201
-objectClass: posixAccount
-objectClass: sambaAccount
-acctFlags: [UX         ]
-userPassword: {crypt}BpM2ej8Rkzogo
-uid: gcarter
-uidNumber: 9000
-cn: Gerald Carter
-loginShell: /bin/bash
-logoffTime: 2147483647
-gidNumber: 100
-kickoffTime: 2147483647
-pwdLastSet: 1010179230
-rid: 19000
-homeDirectory: /home/tashtego/gcarter
-pwdCanChange: 0
-pwdMustChange: 2147483647
-ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
-></P
+>I have created a VFS module which implements a fairly complete read-only
+filesystem.  It presents information from a database as a filesystem in
+a modular and generic way to allow different databases to be used
+(originally designed for organizing MP3s under directories such as
+"Artists," "Song Keywords," etc... I have since applied it to a student
+roster database very easily).  The directory structure is stored in the
+database itself and the module makes no assumptions about the database
+structure beyond the table it requires to run.</P
+><P
+>Any feedback would be appreciated: comments, suggestions, patches,
+etc...  If nothing else, hopefully it might prove useful for someone
+else who wishes to create a virtual filesystem.</P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN2880"
+NAME="AEN2930"
 ></A
->19.10. Comments</H2
+>16.3.2. vscan</H3
 ><P
->Please mail all comments regarding this HOWTO to <A
-HREF="mailto:jerry@samba.org"
+>URL: <A
+HREF="http://www.openantivirus.org/"
 TARGET="_top"
->jerry@samba.org</A
->.  This documents was
-last updated to reflect the Samba 2.2.3 release.&#13;</P
+>http://www.openantivirus.org/</A
+></P
+><P
+>samba-vscan is a proof-of-concept module for Samba, which
+uses the VFS (virtual file system) features of Samba 2.2.x/3.0
+alphaX. Of couse, Samba has to be compiled with VFS support. 
+samba-vscan supports various virus scanners and is maintained 
+by Rainer Link.</P
+></DIV
 ></DIV
 ></DIV
 ><DIV
@@ -14404,15 +14586,15 @@ CLASS="CHAPTER"
 ><A
 NAME="CVS-ACCESS"
 ></A
->Chapter 20. HOWTO Access Samba source code via CVS</H1
+>Chapter 17. Access Samba source code via CVS</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2891"
+NAME="AEN2942"
 ></A
->20.1. Introduction</H2
+>17.1. Introduction</H2
 ><P
 >Samba is developed in an open environment.  Developers use CVS
 (Concurrent Versioning System) to "checkin" (also known as 
@@ -14432,9 +14614,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2896"
+NAME="AEN2947"
 ></A
->20.2. CVS Access to samba.org</H2
+>17.2. CVS Access to samba.org</H2
 ><P
 >The machine samba.org runs a publicly accessible CVS 
 repository for access to the source code of several packages, 
@@ -14445,9 +14627,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2899"
+NAME="AEN2950"
 ></A
->20.2.1. Access via CVSweb</H3
+>17.2.1. Access via CVSweb</H3
 ><P
 >You can access the source code via your 
 favourite WWW browser. This allows you to access the contents of 
@@ -14466,9 +14648,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN2904"
+NAME="AEN2955"
 ></A
->20.2.2. Access via cvs</H3
+>17.2.2. Access via cvs</H3
 ><P
 >You can also access the source code via a 
 normal cvs client.  This gives you much more control over you can 
@@ -14576,7 +14758,7 @@ CLASS="CHAPTER"
 ><A
 NAME="GROUPMAPPING"
 ></A
->Chapter 21. Group mapping HOWTO</H1
+>Chapter 18. Group mapping HOWTO</H1
 ><P
 > 
 Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
@@ -14677,135 +14859,46 @@ CLASS="CHAPTER"
 ><A
 NAME="SPEED"
 ></A
->Chapter 22. Samba performance issues</H1
+>Chapter 19. Samba performance issues</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN2982"
+NAME="AEN3033"
 ></A
->22.1. Comparisons</H2
+>19.1. Comparisons</H2
 ><P
 >The Samba server uses TCP to talk to the client. Thus if you are
 trying to see if it performs well you should really compare it to
 programs that use the same protocol. The most readily available
 programs for file transfer that use TCP are ftp or another TCP based
-SMB server.</P
-><P
->If you want to test against something like a NT or WfWg server then
-you will have to disable all but TCP on either the client or
-server. Otherwise you may well be using a totally different protocol
-(such as Netbeui) and comparisons may not be valid.</P
-><P
->Generally you should find that Samba performs similarly to ftp at raw
-transfer speed. It should perform quite a bit faster than NFS,
-although this very much depends on your system.</P
-><P
->Several people have done comparisons between Samba and Novell, NFS or
-WinNT. In some cases Samba performed the best, in others the worst. I
-suspect the biggest factor is not Samba vs some other system but the
-hardware and drivers used on the various systems. Given similar
-hardware Samba should certainly be competitive in speed with other
-systems.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2988"
-></A
->22.2. Oplocks</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN2990"
-></A
->22.2.1. Overview</H3
-><P
->Oplocks are the way that SMB clients get permission from a server to
-locally cache file operations. If a server grants an oplock
-(opportunistic lock) then the client is free to assume that it is the
-only one accessing the file and it will agressively cache file
-data. With some oplock types the client may even cache file open/close
-operations. This can give enormous performance benefits.</P
-><P
->With the release of Samba 1.9.18 we now correctly support opportunistic 
-locks. This is turned on by default, and can be turned off on a share-
-by-share basis by setting the parameter :</P
-><P
-><B
-CLASS="COMMAND"
->oplocks = False</B
-></P
-><P
->We recommend that you leave oplocks on however, as current benchmark
-tests with NetBench seem to give approximately a 30% improvement in
-speed with them on. This is on average however, and the actual 
-improvement seen can be orders of magnitude greater, depending on
-what the client redirector is doing.</P
-><P
->Previous to Samba 1.9.18 there was a 'fake oplocks' option. This
-option has been left in the code for backwards compatibility reasons
-but it's use is now deprecated. A short summary of what the old
-code did follows.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2998"
-></A
->22.2.2. Level2 Oplocks</H3
-><P
->With Samba 2.0.5 a new capability - level2 (read only) oplocks is
-supported (although the option is off by default - see the smb.conf
-man page for details). Turning on level2 oplocks (on a share-by-share basis)
-by setting the parameter :</P
-><P
-><B
-CLASS="COMMAND"
->level2 oplocks = true</B
-></P
-><P
->should speed concurrent access to files that are not commonly written
-to, such as application serving shares (ie. shares that contain common
-.EXE files - such as a Microsoft Office share) as it allows clients to
-read-ahread cache copies of these files.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN3004"
-></A
->22.2.3. Old 'fake oplocks' option - deprecated</H3
+SMB server.</P
 ><P
->Samba can also fake oplocks, by granting a oplock whenever a client 
-asks for one. This is controlled using the smb.conf option "fake 
-oplocks". If you set "fake oplocks = yes" then you are telling the 
-client that it may agressively cache the file data for all opens.</P
+>If you want to test against something like a NT or WfWg server then
+you will have to disable all but TCP on either the client or
+server. Otherwise you may well be using a totally different protocol
+(such as Netbeui) and comparisons may not be valid.</P
 ><P
->Enabling 'fake oplocks' on all read-only shares or shares that you know
-will only be accessed from one client at a time you will see a big
-performance improvement on many operations. If you enable this option
-on shares where multiple clients may be accessing the files read-write
-at the same time you can get data corruption.</P
-></DIV
+>Generally you should find that Samba performs similarly to ftp at raw
+transfer speed. It should perform quite a bit faster than NFS,
+although this very much depends on your system.</P
+><P
+>Several people have done comparisons between Samba and Novell, NFS or
+WinNT. In some cases Samba performed the best, in others the worst. I
+suspect the biggest factor is not Samba vs some other system but the
+hardware and drivers used on the various systems. Given similar
+hardware Samba should certainly be competitive in speed with other
+systems.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3008"
+NAME="AEN3039"
 ></A
->22.3. Socket options</H2
+>19.2. Socket options</H2
 ><P
 >There are a number of socket options that can greatly affect the
 performance of a TCP based server like Samba.</P
@@ -14831,9 +14924,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3015"
+NAME="AEN3046"
 ></A
->22.4. Read size</H2
+>19.3. Read size</H2
 ><P
 >The option "read size" affects the overlap of disk reads/writes with
 network reads/writes. If the amount of data being transferred in
@@ -14857,9 +14950,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3020"
+NAME="AEN3051"
 ></A
->22.5. Max xmit</H2
+>19.4. Max xmit</H2
 ><P
 >At startup the client and server negotiate a "maximum transmit" size,
 which limits the size of nearly all SMB commands. You can set the
@@ -14880,331 +14973,626 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3025"
+NAME="AEN3056"
 ></A
->22.6. Locking</H2
-><P
->By default Samba does not implement strict locking on each read/write
-call (although it did in previous versions). If you enable strict
-locking (using "strict locking = yes") then you may find that you
-suffer a severe performance hit on some systems.</P
+>19.5. Log level</H2
 ><P
->The performance hit will probably be greater on NFS mounted
-filesystems, but could be quite high even on local disks.</P
+>If you set the log level (also known as "debug level") higher than 2
+then you may suffer a large drop in performance. This is because the
+server flushes the log file after each operation, which can be very
+expensive. </P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3029"
+NAME="AEN3059"
 ></A
->22.7. Share modes</H2
+>19.6. Read raw</H2
 ><P
->Some people find that opening files is very slow. This is often
-because of the "share modes" code needed to fully implement the dos
-share modes stuff. You can disable this code using "share modes =
-no". This will gain you a lot in opening and closing files but will
-mean that (in some cases) the system won't force a second user of a
-file to open the file read-only if the first has it open
-read-write. For many applications that do their own locking this
-doesn't matter, but for some it may. Most Windows applications
-depend heavily on "share modes" working correctly and it is
-recommended that the Samba share mode support be left at the
-default of "on".</P
+>The "read raw" operation is designed to be an optimised, low-latency
+file read operation. A server may choose to not support it,
+however. and Samba makes support for "read raw" optional, with it
+being enabled by default.</P
 ><P
->The share mode code in Samba has been re-written in the 1.9.17
-release following tests with the Ziff-Davis NetBench PC Benchmarking
-tool. It is now believed that Samba 1.9.17 implements share modes
-similarly to Windows NT.</P
+>In some cases clients don't handle "read raw" very well and actually
+get lower performance using it than they get using the conventional
+read operations. </P
 ><P
->NOTE: In the most recent versions of Samba there is an option to use
-shared memory via mmap() to implement the share modes. This makes
-things much faster. See the Makefile for how to enable this.</P
+>So you might like to try "read raw = no" and see what happens on your
+network. It might lower, raise or not affect your performance. Only
+testing can really tell.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3034"
+NAME="AEN3064"
 ></A
->22.8. Log level</H2
+>19.7. Write raw</H2
 ><P
->If you set the log level (also known as "debug level") higher than 2
-then you may suffer a large drop in performance. This is because the
-server flushes the log file after each operation, which can be very
-expensive. </P
+>The "write raw" operation is designed to be an optimised, low-latency
+file write operation. A server may choose to not support it,
+however. and Samba makes support for "write raw" optional, with it
+being enabled by default.</P
+><P
+>Some machines may find "write raw" slower than normal write, in which
+case you may wish to change this option.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3037"
+NAME="AEN3068"
 ></A
->22.9. Wide lines</H2
+>19.8. Slow Clients</H2
 ><P
->The "wide links" option is now enabled by default, but if you disable
-it (for better security) then you may suffer a performance hit in
-resolving filenames. The performance loss is lessened if you have
-"getwd cache = yes", which is now the default.</P
+>One person has reported that setting the protocol to COREPLUS rather
+than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
+><P
+>I suspect that his PC's (386sx16 based) were asking for more data than
+they could chew. I suspect a similar speed could be had by setting
+"read raw = no" and "max xmit = 2048", instead of changing the
+protocol. Lowering the "read size" might also help.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3040"
+NAME="AEN3072"
 ></A
->22.10. Read raw</H2
-><P
->The "read raw" operation is designed to be an optimised, low-latency
-file read operation. A server may choose to not support it,
-however. and Samba makes support for "read raw" optional, with it
-being enabled by default.</P
+>19.9. Slow Logins</H2
 ><P
->In some cases clients don't handle "read raw" very well and actually
-get lower performance using it than they get using the conventional
-read operations. </P
-><P
->So you might like to try "read raw = no" and see what happens on your
-network. It might lower, raise or not affect your performance. Only
-testing can really tell.</P
+>Slow logins are almost always due to the password checking time. Using
+the lowest practical "password level" will improve things a lot. You
+could also enable the "UFC crypt" option in the Makefile.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3045"
+NAME="AEN3075"
 ></A
->22.11. Write raw</H2
+>19.10. Client tuning</H2
 ><P
->The "write raw" operation is designed to be an optimised, low-latency
-file write operation. A server may choose to not support it,
-however. and Samba makes support for "write raw" optional, with it
-being enabled by default.</P
+>Often a speed problem can be traced to the client. The client (for
+example Windows for Workgroups) can often be tuned for better TCP
+performance.</P
 ><P
->Some machines may find "write raw" slower than normal write, in which
-case you may wish to change this option.</P
+>See your client docs for details. In particular, I have heard rumours
+that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
+large impact on performance.</P
+><P
+>Also note that some people have found that setting DefaultRcvWindow in
+the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
+big improvement. I don't know why.</P
+><P
+>My own experience wth DefaultRcvWindow is that I get much better
+performance with a large value (16384 or larger). Other people have
+reported that anything over 3072 slows things down enourmously. One
+person even reported a speed drop of a factor of 30 when he went from
+3072 to 8192. I don't know why.</P
+><P
+>It probably depends a lot on your hardware, and the type of unix box
+you have at the other end of the link.</P
+><P
+>Paul Cochrane has done some testing on client side tuning and come 
+to the following conclusions:</P
+><P
+>Install the W2setup.exe file from www.microsoft.com. This is an 
+update for the winsock stack and utilities which improve performance.</P
+><P
+>Configure the win95 TCPIP registry settings to give better 
+perfomance. I use a program called MTUSPEED.exe which I got off the 
+net. There are various other utilities of this type freely available. 
+The setting which give the best performance for me are:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>MaxMTU                  Remove</P
+></LI
+><LI
+><P
+>RWIN                    Remove</P
+></LI
+><LI
+><P
+>MTUAutoDiscover         Disable</P
+></LI
+><LI
+><P
+>MTUBlackHoleDetect      Disable</P
+></LI
+><LI
+><P
+>Time To Live            Enabled</P
+></LI
+><LI
+><P
+>Time To Live - HOPS     32</P
+></LI
+><LI
+><P
+>NDI Cache Size          0</P
+></LI
+></OL
+><P
+>I tried virtually all of the items mentioned in the document and 
+the only one which made a difference to me was the socket options. It 
+turned out I was better off without any!!!!!</P
+><P
+>In terms of overall speed of transfer, between various win95 clients 
+and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
+drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>The figures are:          Put              Get 
+P166 client 3Com card:    420-440kB/s      500-520kB/s
+P100 client 3Com card:    390-410kB/s      490-510kB/s
+DX4-75 client NE2000:     370-380kB/s      330-350kB/s</PRE
+></P
+><P
+>I based these test on transfer two files a 4.5MB text file and a 15MB 
+textfile. The results arn't bad considering the hardware Samba is 
+running on. It's a crap machine!!!!</P
+><P
+>The updates mentioned in 1 and 2 brought up the transfer rates from 
+just over 100kB/s in some clients.</P
+><P
+>A new client is a P333 connected via a 100MB/s card and hub. The 
+transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
+on get.</P
+><P
+>Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
+upwards). I suppose there is more going on in the samba protocol, but 
+if it could get up to the rate of FTP the perfomance would be quite 
+staggering.</P
+></DIV
 ></DIV
 ><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="GROUPPROFILES"
+></A
+>Chapter 20. Creating Group Profiles</H1
+><DIV
 CLASS="SECT1"
-><HR><H2
+><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3049"
+NAME="AEN3123"
 ></A
->22.12. Read prediction</H2
-><P
->Samba can do read prediction on some of the SMB commands. Read
-prediction means that Samba reads some extra data on the last file it
-read while waiting for the next SMB command to arrive. It can then
-respond more quickly when the next read request arrives.</P
+>20.1. Windows '9x</H2
 ><P
->This is disabled by default. You can enable it by using "read
-prediction = yes".</P
+>You need the Win98 Group Policy Editor to
+set Group Profiles up under Windows '9x. It can be found on the Original
+full product Win98 installation CD under 
+<TT
+CLASS="FILENAME"
+>tools/reskit/netadmin/poledit</TT
+>.  You install this
+using the Add/Remove Programs facility and then click on the 'Have Disk'
+tab.</P
 ><P
->Note that read prediction is only used on files that were opened read
-only.</P
+>Use the Group Policy Editor to create a policy file that specifies the
+location of user profiles and/or the <TT
+CLASS="FILENAME"
+>My Documents</TT
+> etc.
+stuff. You then save these settings in a file called
+<TT
+CLASS="FILENAME"
+>Config.POL</TT
+> that needs to be placed in
+the root of the [NETLOGON] share. If your Win98 is configured to log onto
+the Samba Domain, it will automatically read this file and update the
+Win98 registry of the machine that is logging on.</P
 ><P
->Read prediction should particularly help for those silly clients (such
-as "Write" under NT) which do lots of very small reads on a file.</P
+>All of this is covered in the Win98 Resource Kit documentation.</P
 ><P
->Samba will not read ahead more data than the amount specified in the
-"read size" option. It always reads ahead on 1k block boundaries.</P
+>If you do not do it this way, then every so often Win98 will check the
+integrity of the registry and will restore it's settings from the back-up
+copy of the registry it stores on each Win98 machine. Hence, you will notice
+things changing back to the original settings.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3056"
+NAME="AEN3132"
+></A
+>20.2. Windows NT 4</H2
+><P
+>Unfortunately, the Resource Kit info is Win NT4/2K version specific.</P
+><P
+>Here is a quick guide:</P
+><P
+></P
+><UL
+><LI
+><P
+>On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.</P
+></LI
+><LI
+><P
+>Select a user profile you want to migrate and click on it.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>I am using the term &quot;migrate&quot; lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>Click the 'Copy To' button.</P
+></LI
+><LI
+><P
+>In the box labelled 'Copy Profile to' add your new path, eg:
+<TT
+CLASS="FILENAME"
+>c:\temp\foobar</TT
+></P
+></LI
+><LI
+><P
+>Click on the button labelled 'Change' in the "Permitted to use" box.</P
+></LI
+><LI
+><P
+>Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.</P
+></LI
+><LI
+><P
+>Now click OK.</P
+></LI
+></UL
+><P
+>Follow the above for every profile you need to migrate.</P
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN3155"
+></A
+>20.2.1. Side bar Notes</H3
+><P
+>You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.</P
+><P
+>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN3159"
+></A
+>20.2.2. Mandatory profiles</H3
+><P
+>The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
+><A
+NAME="AEN3162"
 ></A
->22.13. Memory mapping</H2
-><P
->Samba supports reading files via memory mapping them. One some
-machines this can give a large boost to performance, on others it
-makes not difference at all, and on some it may reduce performance.</P
+>20.2.3. moveuser.exe</H3
 ><P
->To enable you you have to recompile Samba with the -DUSE_MMAP option
-on the FLAGS line of the Makefile.</P
-><P
->Note that memory mapping is only used on files opened read only, and
-is not used by the "read raw" operation. Thus you may find memory
-mapping is more effective if you disable "read raw" using "read raw =
-no".</P
+>The W2K professional resource kit has moveuser.exe. moveuser.exe changes
+the security of a profile from one user to another.  This allows the account 
+domain to change, and/or the user name to change.</P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H3
+CLASS="SECT2"
 ><A
-NAME="AEN3061"
+NAME="AEN3165"
 ></A
->22.14. Slow Clients</H2
+>20.2.4. Get SID</H3
 ><P
->One person has reported that setting the protocol to COREPLUS rather
-than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
+>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.</P
 ><P
->I suspect that his PC's (386sx16 based) were asking for more data than
-they could chew. I suspect a similar speed could be had by setting
-"read raw = no" and "max xmit = 2048", instead of changing the
-protocol. Lowering the "read size" might also help.</P
+>Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P
+><P
+>Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.</P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3065"
+NAME="AEN3170"
 ></A
->22.15. Slow Logins</H2
+>20.3. Windows 2000/XP</H2
 ><P
->Slow logins are almost always due to the password checking time. Using
-the lowest practical "password level" will improve things a lot. You
-could also enable the "UFC crypt" option in the Makefile.</P
-></DIV
+>You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>Log on as the LOCAL workstation administrator.</P
+></LI
+><LI
+><P
+>Right click on the 'My Computer' Icon, select 'Properties'</P
+></LI
+><LI
+><P
+>Click on the 'User Profiles' tab</P
+></LI
+><LI
+><P
+>Select the profile you wish to convert (click on it once)</P
+></LI
+><LI
+><P
+>Click on the button 'Copy To'</P
+></LI
+><LI
+><P
+>In the "Permitted to use" box, click on the 'Change' button.</P
+></LI
+><LI
+><P
+>Click on the 'Look in" area that lists the machine name, when you click
+here it will open up a selection box. Click on the domain to which the
+profile must be accessible.</P
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3068"
-></A
->22.16. Client tuning</H2
+CLASS="NOTE"
 ><P
->Often a speed problem can be traced to the client. The client (for
-example Windows for Workgroups) can often be tuned for better TCP
-performance.</P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
 ><P
->See your client docs for details. In particular, I have heard rumours
-that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
-large impact on performance.</P
+>You will need to log on if a logon box opens up. Eg: In the connect
+as: MIDEARTH\root, password: mypassword.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
 ><P
->Also note that some people have found that setting DefaultRcvWindow in
-the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
-big improvement. I don't know why.</P
+>To make the profile capable of being used by anyone select 'Everyone'</P
+></LI
+><LI
 ><P
->My own experience wth DefaultRcvWindow is that I get much better
-performance with a large value (16384 or larger). Other people have
-reported that anything over 3072 slows things down enourmously. One
-person even reported a speed drop of a factor of 30 when he went from
-3072 to 8192. I don't know why.</P
+>Click OK. The Selection box will close.</P
+></LI
+><LI
 ><P
->It probably depends a lot on your hardware, and the type of unix box
-you have at the other end of the link.</P
+>Now click on the 'Ok' button to create the profile in the path you
+nominated.</P
+></LI
+></UL
 ><P
->Paul Cochrane has done some testing on client side tuning and come 
-to the following conclusions:</P
+>Done. You now have a profile that can be editted using the samba-3.0.0
+profiles tool.</P
+><DIV
+CLASS="NOTE"
 ><P
->Install the W2setup.exe file from www.microsoft.com. This is an 
-update for the winsock stack and utilities which improve performance.</P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
 ><P
->Configure the win95 TCPIP registry settings to give better 
-perfomance. I use a program called MTUSPEED.exe which I got off the 
-net. There are various other utilities of this type freely available. 
-The setting which give the best performance for me are:</P
+>Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="NOTE"
 ><P
 ></P
-><OL
-TYPE="1"
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+></P
+><UL
 ><LI
 ><P
->MaxMTU                  Remove</P
+>This is a security check new to Windows XP (or maybe only
+Windows XP service pack 1).  It can be disabled via a group policy in
+Active Directory.  The policy is:</P
+><P
+>"Computer Configuration\Administrative Templates\System\User
+Profiles\Do not check for user ownership of Roaming Profile Folders"</P
+><P
+>...and it should be set to "Enabled".
+Does the new version of samba have an Active Directory analogue?  If so,
+then you may be able to set the policy through this.</P
+><P
+>If you cannot set group policies in samba, then you may be able to set
+the policy locally on each machine.  If you want to try this, then do
+the following (N.B. I don't know for sure that this will work in the
+same way as a domain group policy):</P
 ></LI
 ><LI
 ><P
->RWIN                    Remove</P
+>On the XP workstation log in with an Administrator account.</P
 ></LI
 ><LI
 ><P
->MTUAutoDiscover         Disable</P
+>Click: "Start", "Run"</P
 ></LI
 ><LI
 ><P
->MTUBlackHoleDetect      Disable</P
+>Type: "mmc"</P
 ></LI
 ><LI
 ><P
->Time To Live            Enabled</P
+>Click: "OK"</P
 ></LI
 ><LI
 ><P
->Time To Live - HOPS     32</P
+>A Microsoft Management Console should appear.</P
 ></LI
 ><LI
 ><P
->NDI Cache Size          0</P
+>Click: File, "Add/Remove Snap-in...", "Add"</P
 ></LI
-></OL
+><LI
 ><P
->I tried virtually all of the items mentioned in the document and 
-the only one which made a difference to me was the socket options. It 
-turned out I was better off without any!!!!!</P
+>Double-Click: "Group Policy"</P
+></LI
+><LI
 ><P
->In terms of overall speed of transfer, between various win95 clients 
-and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
-drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.</P
+>Click: "Finish", "Close"</P
+></LI
+><LI
 ><P
->FIXME
-The figures are:          Put              Get 
-P166 client 3Com card:    420-440kB/s      500-520kB/s
-P100 client 3Com card:    390-410kB/s      490-510kB/s
-DX4-75 client NE2000:     370-380kB/s      330-350kB/s</P
+>Click: "OK"</P
+></LI
+><LI
 ><P
->I based these test on transfer two files a 4.5MB text file and a 15MB 
-textfile. The results arn't bad considering the hardware Samba is 
-running on. It's a crap machine!!!!</P
+>In the "Console Root" window:</P
+></LI
+><LI
 ><P
->The updates mentioned in 1 and 2 brought up the transfer rates from 
-just over 100kB/s in some clients.</P
+>Expand: "Local Computer Policy", "Computer Configuration",</P
+></LI
+><LI
 ><P
->A new client is a P333 connected via a 100MB/s card and hub. The 
-transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
-on get.</P
+>"Administrative Templates", "System", "User Profiles"</P
+></LI
+><LI
 ><P
->Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
-upwards). I suppose there is more going on in the samba protocol, but 
-if it could get up to the rate of FTP the perfomance would be quite 
-staggering.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3100"
-></A
->22.17. My Results</H2
+>Double-Click: "Do not check for user ownership of Roaming Profile</P
+></LI
+><LI
+><P
+>Folders"</P
+></LI
+><LI
 ><P
->Some people want to see real numbers in a document like this, so here
-they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
-tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC
-Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to
-set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My
-server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC
-Elite-16 card. You can see my server config in the examples/tridge/
-subdirectory of the distribution.</P
+>Select: "Enabled"</P
+></LI
+><LI
 ><P
->I get 490k/s on reading a 8Mb file with copy.
-I get 441k/s writing the same file to the samba server.</P
+>Click: OK"</P
+></LI
+><LI
 ><P
->Of course, there's a lot more to benchmarks than 2 raw throughput
-figures, but it gives you a ballpark figure.</P
+>Close the whole console.  You do not need to save the settings (this
+refers to the console settings rather than the policies you have
+changed).</P
+></LI
+><LI
 ><P
->I've also tested Win95 and WinNT, and found WinNT gave me the best
-speed as a samba client. The fastest client of all (for me) is
-smbclient running on another linux box. Maybe I'll add those results
-here someday ...</P
+>Reboot</P
+></LI
+></UL
+></TD
+></TR
+></TABLE
+></DIV
 ></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="PART"
 ><A
-NAME="AEN3106"
+NAME="APPENDIXES"
 ></A
 ><DIV
 CLASS="TITLEPAGE"
@@ -15219,243 +15607,243 @@ CLASS="TOC"
 >Table of Contents</B
 ></DT
 ><DT
->23. <A
+>21. <A
 HREF="#PORTABILITY"
 >Portability</A
 ></DT
 ><DD
 ><DL
 ><DT
->23.1. <A
-HREF="#AEN3115"
+>21.1. <A
+HREF="#AEN3251"
 >HPUX</A
 ></DT
 ><DT
->23.2. <A
-HREF="#AEN3121"
+>21.2. <A
+HREF="#AEN3257"
 >SCO Unix</A
 ></DT
 ><DT
->23.3. <A
-HREF="#AEN3125"
+>21.3. <A
+HREF="#AEN3261"
 >DNIX</A
 ></DT
 ><DT
->23.4. <A
-HREF="#AEN3154"
+>21.4. <A
+HREF="#AEN3290"
 >RedHat Linux Rembrandt-II</A
 ></DT
 ></DL
 ></DD
 ><DT
->24. <A
+>22. <A
 HREF="#OTHER-CLIENTS"
 >Samba and other CIFS clients</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.1. <A
-HREF="#AEN3175"
+>22.1. <A
+HREF="#AEN3311"
 >Macintosh clients?</A
 ></DT
 ><DT
->24.2. <A
-HREF="#AEN3184"
+>22.2. <A
+HREF="#AEN3320"
 >OS2 Client</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.2.1. <A
-HREF="#AEN3186"
+>22.2.1. <A
+HREF="#AEN3322"
 >How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?</A
 ></DT
 ><DT
->24.2.2. <A
-HREF="#AEN3201"
+>22.2.2. <A
+HREF="#AEN3337"
 >How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?</A
 ></DT
 ><DT
->24.2.3. <A
-HREF="#AEN3210"
+>22.2.3. <A
+HREF="#AEN3346"
 >Are there any other issues when OS/2 (any version) 
 		is used as a client?</A
 ></DT
 ><DT
->24.2.4. <A
-HREF="#AEN3214"
+>22.2.4. <A
+HREF="#AEN3350"
 >How do I get printer driver download working 
 		for OS/2 clients?</A
 ></DT
 ></DL
 ></DD
 ><DT
->24.3. <A
-HREF="#AEN3224"
+>22.3. <A
+HREF="#AEN3360"
 >Windows for Workgroups</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.3.1. <A
-HREF="#AEN3226"
+>22.3.1. <A
+HREF="#AEN3362"
 >Use latest TCP/IP stack from Microsoft</A
 ></DT
 ><DT
->24.3.2. <A
-HREF="#AEN3231"
+>22.3.2. <A
+HREF="#AEN3367"
 >Delete .pwl files after password change</A
 ></DT
 ><DT
->24.3.3. <A
-HREF="#AEN3236"
+>22.3.3. <A
+HREF="#AEN3372"
 >Configure WfW password handling</A
 ></DT
 ><DT
->24.3.4. <A
-HREF="#AEN3240"
+>22.3.4. <A
+HREF="#AEN3376"
 >Case handling of passwords</A
 ></DT
 ></DL
 ></DD
 ><DT
->24.4. <A
-HREF="#AEN3245"
+>22.4. <A
+HREF="#AEN3381"
 >Windows '95/'98</A
 ></DT
 ><DT
->24.5. <A
-HREF="#AEN3261"
+>22.5. <A
+HREF="#AEN3397"
 >Windows 2000 Service Pack 2</A
 ></DT
 ></DL
 ></DD
 ><DT
->25. <A
+>23. <A
 HREF="#BUGREPORT"
 >Reporting Bugs</A
 ></DT
 ><DD
 ><DL
 ><DT
->25.1. <A
-HREF="#AEN3285"
+>23.1. <A
+HREF="#AEN3421"
 >Introduction</A
 ></DT
 ><DT
->25.2. <A
-HREF="#AEN3295"
+>23.2. <A
+HREF="#AEN3431"
 >General info</A
 ></DT
 ><DT
->25.3. <A
-HREF="#AEN3301"
+>23.3. <A
+HREF="#AEN3437"
 >Debug levels</A
 ></DT
 ><DT
->25.4. <A
-HREF="#AEN3318"
+>23.4. <A
+HREF="#AEN3454"
 >Internal errors</A
 ></DT
 ><DT
->25.5. <A
-HREF="#AEN3328"
+>23.5. <A
+HREF="#AEN3464"
 >Attaching to a running process</A
 ></DT
 ><DT
->25.6. <A
-HREF="#AEN3331"
+>23.6. <A
+HREF="#AEN3467"
 >Patches</A
 ></DT
 ></DL
 ></DD
 ><DT
->26. <A
+>24. <A
 HREF="#DIAGNOSIS"
 >Diagnosing your samba server</A
 ></DT
 ><DD
 ><DL
 ><DT
->26.1. <A
-HREF="#AEN3354"
+>24.1. <A
+HREF="#AEN3490"
 >Introduction</A
 ></DT
 ><DT
->26.2. <A
-HREF="#AEN3359"
+>24.2. <A
+HREF="#AEN3495"
 >Assumptions</A
 ></DT
 ><DT
->26.3. <A
-HREF="#AEN3369"
+>24.3. <A
+HREF="#AEN3505"
 >Tests</A
 ></DT
 ><DD
 ><DL
 ><DT
->26.3.1. <A
-HREF="#AEN3371"
+>24.3.1. <A
+HREF="#AEN3507"
 >Test 1</A
 ></DT
 ><DT
->26.3.2. <A
-HREF="#AEN3377"
+>24.3.2. <A
+HREF="#AEN3513"
 >Test 2</A
 ></DT
 ><DT
->26.3.3. <A
-HREF="#AEN3383"
+>24.3.3. <A
+HREF="#AEN3519"
 >Test 3</A
 ></DT
 ><DT
->26.3.4. <A
-HREF="#AEN3398"
+>24.3.4. <A
+HREF="#AEN3534"
 >Test 4</A
 ></DT
 ><DT
->26.3.5. <A
-HREF="#AEN3403"
+>24.3.5. <A
+HREF="#AEN3539"
 >Test 5</A
 ></DT
 ><DT
->26.3.6. <A
-HREF="#AEN3409"
+>24.3.6. <A
+HREF="#AEN3545"
 >Test 6</A
 ></DT
 ><DT
->26.3.7. <A
-HREF="#AEN3417"
+>24.3.7. <A
+HREF="#AEN3553"
 >Test 7</A
 ></DT
 ><DT
->26.3.8. <A
-HREF="#AEN3443"
+>24.3.8. <A
+HREF="#AEN3579"
 >Test 8</A
 ></DT
 ><DT
->26.3.9. <A
-HREF="#AEN3460"
+>24.3.9. <A
+HREF="#AEN3596"
 >Test 9</A
 ></DT
 ><DT
->26.3.10. <A
-HREF="#AEN3468"
+>24.3.10. <A
+HREF="#AEN3604"
 >Test 10</A
 ></DT
 ><DT
->26.3.11. <A
-HREF="#AEN3474"
+>24.3.11. <A
+HREF="#AEN3610"
 >Test 11</A
 ></DT
 ></DL
 ></DD
 ><DT
->26.4. <A
-HREF="#AEN3479"
+>24.4. <A
+HREF="#AEN3615"
 >Still having troubles?</A
 ></DT
 ></DL
@@ -15469,7 +15857,7 @@ CLASS="CHAPTER"
 ><A
 NAME="PORTABILITY"
 ></A
->Chapter 23. Portability</H1
+>Chapter 21. Portability</H1
 ><P
 >Samba works on a wide range of platforms but the interface all the 
 platforms provide is not always compatible. This chapter contains 
@@ -15479,9 +15867,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3115"
+NAME="AEN3251"
 ></A
->23.1. HPUX</H2
+>21.1. HPUX</H2
 ><P
 >HP's implementation of supplementary groups is, er, non-standard (for
 hysterical reasons).  There are two group files, /etc/group and
@@ -15509,9 +15897,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3121"
+NAME="AEN3257"
 ></A
->23.2. SCO Unix</H2
+>21.2. SCO Unix</H2
 ><P
 > 
 If you run an old version of  SCO Unix then you may need to get important 
@@ -15526,9 +15914,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3125"
+NAME="AEN3261"
 ></A
->23.3. DNIX</H2
+>21.3. DNIX</H2
 ><P
 >DNIX has a problem with seteuid() and setegid(). These routines are
 needed for Samba to work correctly, but they were left out of the DNIX
@@ -15633,9 +16021,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3154"
+NAME="AEN3290"
 ></A
->23.4. RedHat Linux Rembrandt-II</H2
+>21.4. RedHat Linux Rembrandt-II</H2
 ><P
 >By default RedHat Rembrandt-II during installation adds an
 entry to /etc/hosts as follows:
@@ -15659,7 +16047,7 @@ CLASS="CHAPTER"
 ><A
 NAME="OTHER-CLIENTS"
 ></A
->Chapter 24. Samba and other CIFS clients</H1
+>Chapter 22. Samba and other CIFS clients</H1
 ><P
 >This chapter contains client-specific information.</P
 ><DIV
@@ -15667,9 +16055,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3175"
+NAME="AEN3311"
 ></A
->24.1. Macintosh clients?</H2
+>22.1. Macintosh clients?</H2
 ><P
 >Yes. <A
 HREF="http://www.thursby.com/"
@@ -15713,17 +16101,17 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3184"
+NAME="AEN3320"
 ></A
->24.2. OS2 Client</H2
+>22.2. OS2 Client</H2
 ><DIV
 CLASS="SECT2"
 ><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3186"
+NAME="AEN3322"
 ></A
->24.2.1. How can I configure OS/2 Warp Connect or 
+>22.2.1. How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?</H3
 ><P
 >A more complete answer to this question can be 
@@ -15780,9 +16168,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3201"
+NAME="AEN3337"
 ></A
->24.2.2. How can I configure OS/2 Warp 3 (not Connect), 
+>22.2.2. How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?</H3
 ><P
 >You can use the free Microsoft LAN Manager 2.2c Client 
@@ -15824,9 +16212,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3210"
+NAME="AEN3346"
 ></A
->24.2.3. Are there any other issues when OS/2 (any version) 
+>22.2.3. Are there any other issues when OS/2 (any version) 
 		is used as a client?</H3
 ><P
 >When you do a NET VIEW or use the "File and Print 
@@ -15846,9 +16234,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3214"
+NAME="AEN3350"
 ></A
->24.2.4. How do I get printer driver download working 
+>22.2.4. How do I get printer driver download working 
 		for OS/2 clients?</H3
 ><P
 >First, create a share called [PRINTDRV] that is 
@@ -15897,17 +16285,17 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3224"
+NAME="AEN3360"
 ></A
->24.3. Windows for Workgroups</H2
+>22.3. Windows for Workgroups</H2
 ><DIV
 CLASS="SECT2"
 ><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3226"
+NAME="AEN3362"
 ></A
->24.3.1. Use latest TCP/IP stack from Microsoft</H3
+>22.3.1. Use latest TCP/IP stack from Microsoft</H3
 ><P
 >Use the latest TCP/IP stack from microsoft if you use Windows
 for workgroups.</P
@@ -15927,9 +16315,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3231"
+NAME="AEN3367"
 ></A
->24.3.2. Delete .pwl files after password change</H3
+>22.3.2. Delete .pwl files after password change</H3
 ><P
 >WfWg does a lousy job with passwords. I find that if I change my
 password on either the unix box or the PC the safest thing to do is to
@@ -15947,9 +16335,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3236"
+NAME="AEN3372"
 ></A
->24.3.3. Configure WfW password handling</H3
+>22.3.3. Configure WfW password handling</H3
 ><P
 >There is a program call admincfg.exe
 on the last disk (disk 8) of the WFW 3.11 disk set.  To install it
@@ -15966,9 +16354,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3240"
+NAME="AEN3376"
 ></A
->24.3.4. Case handling of passwords</H3
+>22.3.4. Case handling of passwords</H3
 ><P
 >Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A
 HREF="smb.conf.5.html"
@@ -15985,9 +16373,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3245"
+NAME="AEN3381"
 ></A
->24.4. Windows '95/'98</H2
+>22.4. Windows '95/'98</H2
 ><P
 >When using Windows 95 OEM SR2 the following updates are recommended where Samba
 is being used. Please NOTE that the above change will affect you once these
@@ -16033,9 +16421,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3261"
+NAME="AEN3397"
 ></A
->24.5. Windows 2000 Service Pack 2</H2
+>22.5. Windows 2000 Service Pack 2</H2
 ><P
 > 
 There are several annoyances with Windows 2000 SP2. One of which
@@ -16117,15 +16505,15 @@ CLASS="CHAPTER"
 ><A
 NAME="BUGREPORT"
 ></A
->Chapter 25. Reporting Bugs</H1
+>Chapter 23. Reporting Bugs</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3285"
+NAME="AEN3421"
 ></A
->25.1. Introduction</H2
+>23.1. Introduction</H2
 ><P
 >The email address for bug reports for stable releases is <A
 HREF="samba@samba.org"
@@ -16168,9 +16556,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3295"
+NAME="AEN3431"
 ></A
->25.2. General info</H2
+>23.2. General info</H2
 ><P
 >Before submitting a bug report check your config for silly
 errors. Look in your log files for obvious messages that tell you that
@@ -16193,9 +16581,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3301"
+NAME="AEN3437"
 ></A
->25.3. Debug levels</H2
+>23.3. Debug levels</H2
 ><P
 >If the bug has anything to do with Samba behaving incorrectly as a
 server (like refusing to open a file) then the log files will probably
@@ -16263,9 +16651,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3318"
+NAME="AEN3454"
 ></A
->25.4. Internal errors</H2
+>23.4. Internal errors</H2
 ><P
 >If you get a "INTERNAL ERROR" message in your log files it means that
 Samba got an unexpected signal while running. It is probably a
@@ -16307,9 +16695,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3328"
+NAME="AEN3464"
 ></A
->25.5. Attaching to a running process</H2
+>23.5. Attaching to a running process</H2
 ><P
 >Unfortunately some unixes (in particular some recent linux kernels)
 refuse to dump a core file if the task has changed uid (which smbd
@@ -16324,9 +16712,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3331"
+NAME="AEN3467"
 ></A
->25.6. Patches</H2
+>23.6. Patches</H2
 ><P
 >The best sort of bug report is one that includes a fix! If you send us
 patches please use <B
@@ -16347,15 +16735,15 @@ CLASS="CHAPTER"
 ><A
 NAME="DIAGNOSIS"
 ></A
->Chapter 26. Diagnosing your samba server</H1
+>Chapter 24. Diagnosing your samba server</H1
 ><DIV
 CLASS="SECT1"
 ><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3354"
+NAME="AEN3490"
 ></A
->26.1. Introduction</H2
+>24.1. Introduction</H2
 ><P
 >This file contains a list of tests you can perform to validate your
 Samba server. It also tells you what the likely cause of the problem
@@ -16375,9 +16763,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3359"
+NAME="AEN3495"
 ></A
->26.2. Assumptions</H2
+>24.2. Assumptions</H2
 ><P
 >In all of the tests it is assumed you have a Samba server called 
 BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.</P
@@ -16413,17 +16801,17 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3369"
+NAME="AEN3505"
 ></A
->26.3. Tests</H2
+>24.3. Tests</H2
 ><DIV
 CLASS="SECT2"
 ><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3371"
+NAME="AEN3507"
 ></A
->26.3.1. Test 1</H3
+>24.3.1. Test 1</H3
 ><P
 >In the directory in which you store your smb.conf file, run the command
 "testparm smb.conf". If it reports any errors then your smb.conf
@@ -16443,9 +16831,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3377"
+NAME="AEN3513"
 ></A
->26.3.2. Test 2</H3
+>24.3.2. Test 2</H3
 ><P
 >Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
 the unix box. If you don't get a valid response then your TCP/IP
@@ -16469,9 +16857,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3383"
+NAME="AEN3519"
 ></A
->26.3.3. Test 3</H3
+>24.3.3. Test 3</H3
 ><P
 >Run the command "smbclient -L BIGSERVER" on the unix box. You
 should get a list of available shares back. </P
@@ -16540,9 +16928,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3398"
+NAME="AEN3534"
 ></A
->26.3.4. Test 4</H3
+>24.3.4. Test 4</H3
 ><P
 >Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
 IP address of your Samba server back.</P
@@ -16561,9 +16949,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3403"
+NAME="AEN3539"
 ></A
->26.3.5. Test 5</H3
+>24.3.5. Test 5</H3
 ><P
 >run the command <B
 CLASS="COMMAND"
@@ -16582,9 +16970,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3409"
+NAME="AEN3545"
 ></A
->26.3.6. Test 6</H3
+>24.3.6. Test 6</H3
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -16616,9 +17004,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3417"
+NAME="AEN3553"
 ></A
->26.3.7. Test 7</H3
+>24.3.7. Test 7</H3
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -16705,9 +17093,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3443"
+NAME="AEN3579"
 ></A
->26.3.8. Test 8</H3
+>24.3.8. Test 8</H3
 ><P
 >On the PC type the command <B
 CLASS="COMMAND"
@@ -16765,9 +17153,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3460"
+NAME="AEN3596"
 ></A
->26.3.9. Test 9</H3
+>24.3.9. Test 9</H3
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -16799,9 +17187,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3468"
+NAME="AEN3604"
 ></A
->26.3.10. Test 10</H3
+>24.3.10. Test 10</H3
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -16825,9 +17213,9 @@ CLASS="SECT2"
 ><HR><H3
 CLASS="SECT2"
 ><A
-NAME="AEN3474"
+NAME="AEN3610"
 ></A
->26.3.11. Test 11</H3
+>24.3.11. Test 11</H3
 ><P
 >From file manager try to browse the server. Your samba server should
 appear in the browse list of your local workgroup (or the one you
@@ -16853,9 +17241,9 @@ CLASS="SECT1"
 ><HR><H2
 CLASS="SECT1"
 ><A
-NAME="AEN3479"
+NAME="AEN3615"
 ></A
->26.4. Still having troubles?</H2
+>24.4. Still having troubles?</H2
 ><P
 >Try the mailing list or newsgroup, or use the ethereal utility to
 sniff the problem. The official samba mailing list can be reached at
diff --git a/docs/htmldocs/ads.html b/docs/htmldocs/ads.html
index 26ec1d04a7..2c556b61f3 100644
--- a/docs/htmldocs/ads.html
+++ b/docs/htmldocs/ads.html
@@ -5,8 +5,7 @@
 >Samba as a ADS domain member</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -17,7 +16,7 @@ REL="PREVIOUS"
 TITLE="How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain"
 HREF="samba-bdc.html"><LINK
 REL="NEXT"
-TITLE="Samba as a NT4 domain member"
+TITLE="Samba as a NT4 or Win2k domain member"
 HREF="domain-security.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
@@ -73,13 +72,16 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="ADS">Chapter 8. Samba as a ADS domain member</H1
+NAME="ADS"
+></A
+>Chapter 7. Samba as a ADS domain member</H1
 ><P
 >This is a rough guide to setting up Samba 3.0 with kerberos authentication against a
 Windows2000 KDC. </P
 ><P
->Pieces you need before you begin:
-<P
+>Pieces you need before you begin:</P
+><P
+><P
 ></P
 ><TABLE
 BORDER="0"
@@ -110,10 +112,13 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1187">8.1. Installing the required packages for Debian</H1
+NAME="AEN1339"
+></A
+>7.1. Installing the required packages for Debian</H1
+><P
+>On Debian you need to install the following packages:</P
+><P
 ><P
->On Debian you need to install the following packages:
-<P
 ></P
 ><TABLE
 BORDER="0"
@@ -137,10 +142,13 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1193">8.2. Installing the required packages for RedHat</H1
+NAME="AEN1346"
+></A
+>7.2. Installing the required packages for RedHat</H1
+><P
+>On RedHat this means you should have at least: </P
+><P
 ><P
->On RedHat this means you should have at least: 
-<P
 ></P
 ><TABLE
 BORDER="0"
@@ -173,12 +181,15 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1202">8.3. Compile Samba</H1
+NAME="AEN1356"
+></A
+>7.3. Compile Samba</H1
 ><P
 >If your kerberos libraries are in a non-standard location then
   remember to add the configure option --with-krb5=DIR.</P
 ><P
->After you run configure make sure that include/config.h contains 
+>After you run configure make sure that include/config.h it
+  generates contains 
   lines like this:</P
 ><P
 ><PRE
@@ -214,9 +225,10 @@ CLASS="PROGRAMLISTING"
 >  ads server = your.kerberos.server</PRE
 ></P
 ><P
->You do *not* need a smbpasswd file, although it won't do any harm
-  and if you have one then Samba will be able to fall back to normal
-  password security for older clients. I expect that the above
+>You do *not* need a smbpasswd file, and older clients will
+  be authenticated as if "security = domain", although it won't do any harm
+  and allows you to have local users not in the domain.
+  I expect that the above
   required options will change soon when we get better active
   directory integration.</P
 ></DIV
@@ -225,13 +237,15 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1217">8.4. Setup your /etc/krb5.conf</H1
+NAME="AEN1371"
+></A
+>7.4. Setup your /etc/krb5.conf</H1
 ><P
 >The minimal configuration for krb5.conf is:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->	[realms]
+>[realms]
     YOUR.KERBEROS.REALM = {
 	kdc = your.kerberos.server
     }</PRE
@@ -255,18 +269,18 @@ to join the realm.</P
 ><P
 >If all you want is kerberos support in smbclient then you can skip
 straight to step 5 now. Step 3 is only needed if you want kerberos
-support in smbd.</P
+support for smbd and winbindd.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1227">8.5. Create the computer account</H1
+NAME="AEN1381"
+></A
+>7.5. Create the computer account</H1
 ><P
->Do a "kinit" as a user that has authority to change arbitrary
-passwords on the KDC ("Administrator" is a good choice). Then as a
-user that has write permission on the Samba private directory
+>As a user that has write permission on the Samba private directory
 (usually root) run:
 <B
 CLASS="COMMAND"
@@ -277,7 +291,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1231">8.5.1. Possible errors</H2
+NAME="AEN1385"
+></A
+>7.5.1. Possible errors</H2
 ><P
 ><P
 ></P
@@ -285,12 +301,6 @@ NAME="AEN1231">8.5.1. Possible errors</H2
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->"bash: kinit: command not found"</DT
-><DD
-><P
->kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</P
-></DD
-><DT
 >"ADS support not compiled in"</DT
 ><DD
 ><P
@@ -306,7 +316,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1243">8.6. Test your server setup</H1
+NAME="AEN1393"
+></A
+>7.6. Test your server setup</H1
 ><P
 >On a Windows 2000 client try <B
 CLASS="COMMAND"
@@ -324,7 +336,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1248">8.7. Testing with smbclient</H1
+NAME="AEN1398"
+></A
+>7.7. Testing with smbclient</H1
 ><P
 >On your Samba server try to login to a Win2000 server or your Samba
 server using smbclient and kerberos. Use smbclient as usual, but
@@ -335,7 +349,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1251">8.8. Notes</H1
+NAME="AEN1401"
+></A
+>7.8. Notes</H1
 ><P
 >You must change administrator password at least once after DC install,
  to create the right encoding types</P
@@ -402,7 +418,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Samba as a NT4 domain member</TD
+>Samba as a NT4 or Win2k domain member</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/appendixes.html b/docs/htmldocs/appendixes.html
index e7eefcb441..469ef170cd 100644
--- a/docs/htmldocs/appendixes.html
+++ b/docs/htmldocs/appendixes.html
@@ -5,14 +5,13 @@
 >Appendixes</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="PREVIOUS"
-TITLE="Samba performance issues"
-HREF="speed.html"><LINK
+TITLE="Creating Group Profiles"
+HREF="groupprofiles.html"><LINK
 REL="NEXT"
 TITLE="Portability"
 HREF="portability.html"></HEAD
@@ -43,7 +42,7 @@ WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
-HREF="speed.html"
+HREF="groupprofiles.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -69,7 +68,9 @@ WIDTH="100%"></DIV
 ><DIV
 CLASS="PART"
 ><A
-NAME="APPENDIXES"><DIV
+NAME="APPENDIXES"
+></A
+><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
@@ -82,243 +83,243 @@ CLASS="TOC"
 >Table of Contents</B
 ></DT
 ><DT
->23. <A
+>21. <A
 HREF="portability.html"
 >Portability</A
 ></DT
 ><DD
 ><DL
 ><DT
->23.1. <A
-HREF="portability.html#AEN3139"
+>21.1. <A
+HREF="portability.html#AEN3251"
 >HPUX</A
 ></DT
 ><DT
->23.2. <A
-HREF="portability.html#AEN3145"
+>21.2. <A
+HREF="portability.html#AEN3257"
 >SCO Unix</A
 ></DT
 ><DT
->23.3. <A
-HREF="portability.html#AEN3149"
+>21.3. <A
+HREF="portability.html#AEN3261"
 >DNIX</A
 ></DT
 ><DT
->23.4. <A
-HREF="portability.html#AEN3178"
+>21.4. <A
+HREF="portability.html#AEN3290"
 >RedHat Linux Rembrandt-II</A
 ></DT
 ></DL
 ></DD
 ><DT
->24. <A
+>22. <A
 HREF="other-clients.html"
 >Samba and other CIFS clients</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.1. <A
-HREF="other-clients.html#AEN3199"
+>22.1. <A
+HREF="other-clients.html#AEN3311"
 >Macintosh clients?</A
 ></DT
 ><DT
->24.2. <A
-HREF="other-clients.html#AEN3208"
+>22.2. <A
+HREF="other-clients.html#AEN3320"
 >OS2 Client</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.2.1. <A
-HREF="other-clients.html#AEN3210"
+>22.2.1. <A
+HREF="other-clients.html#AEN3322"
 >How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?</A
 ></DT
 ><DT
->24.2.2. <A
-HREF="other-clients.html#AEN3225"
+>22.2.2. <A
+HREF="other-clients.html#AEN3337"
 >How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?</A
 ></DT
 ><DT
->24.2.3. <A
-HREF="other-clients.html#AEN3234"
+>22.2.3. <A
+HREF="other-clients.html#AEN3346"
 >Are there any other issues when OS/2 (any version) 
 		is used as a client?</A
 ></DT
 ><DT
->24.2.4. <A
-HREF="other-clients.html#AEN3238"
+>22.2.4. <A
+HREF="other-clients.html#AEN3350"
 >How do I get printer driver download working 
 		for OS/2 clients?</A
 ></DT
 ></DL
 ></DD
 ><DT
->24.3. <A
-HREF="other-clients.html#AEN3248"
+>22.3. <A
+HREF="other-clients.html#AEN3360"
 >Windows for Workgroups</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.3.1. <A
-HREF="other-clients.html#AEN3250"
+>22.3.1. <A
+HREF="other-clients.html#AEN3362"
 >Use latest TCP/IP stack from Microsoft</A
 ></DT
 ><DT
->24.3.2. <A
-HREF="other-clients.html#AEN3255"
+>22.3.2. <A
+HREF="other-clients.html#AEN3367"
 >Delete .pwl files after password change</A
 ></DT
 ><DT
->24.3.3. <A
-HREF="other-clients.html#AEN3260"
+>22.3.3. <A
+HREF="other-clients.html#AEN3372"
 >Configure WfW password handling</A
 ></DT
 ><DT
->24.3.4. <A
-HREF="other-clients.html#AEN3264"
+>22.3.4. <A
+HREF="other-clients.html#AEN3376"
 >Case handling of passwords</A
 ></DT
 ></DL
 ></DD
 ><DT
->24.4. <A
-HREF="other-clients.html#AEN3269"
+>22.4. <A
+HREF="other-clients.html#AEN3381"
 >Windows '95/'98</A
 ></DT
 ><DT
->24.5. <A
-HREF="other-clients.html#AEN3285"
+>22.5. <A
+HREF="other-clients.html#AEN3397"
 >Windows 2000 Service Pack 2</A
 ></DT
 ></DL
 ></DD
 ><DT
->25. <A
+>23. <A
 HREF="bugreport.html"
 >Reporting Bugs</A
 ></DT
 ><DD
 ><DL
 ><DT
->25.1. <A
-HREF="bugreport.html#AEN3309"
+>23.1. <A
+HREF="bugreport.html#AEN3421"
 >Introduction</A
 ></DT
 ><DT
->25.2. <A
-HREF="bugreport.html#AEN3319"
+>23.2. <A
+HREF="bugreport.html#AEN3431"
 >General info</A
 ></DT
 ><DT
->25.3. <A
-HREF="bugreport.html#AEN3325"
+>23.3. <A
+HREF="bugreport.html#AEN3437"
 >Debug levels</A
 ></DT
 ><DT
->25.4. <A
-HREF="bugreport.html#AEN3342"
+>23.4. <A
+HREF="bugreport.html#AEN3454"
 >Internal errors</A
 ></DT
 ><DT
->25.5. <A
-HREF="bugreport.html#AEN3352"
+>23.5. <A
+HREF="bugreport.html#AEN3464"
 >Attaching to a running process</A
 ></DT
 ><DT
->25.6. <A
-HREF="bugreport.html#AEN3355"
+>23.6. <A
+HREF="bugreport.html#AEN3467"
 >Patches</A
 ></DT
 ></DL
 ></DD
 ><DT
->26. <A
+>24. <A
 HREF="diagnosis.html"
 >Diagnosing your samba server</A
 ></DT
 ><DD
 ><DL
 ><DT
->26.1. <A
-HREF="diagnosis.html#AEN3378"
+>24.1. <A
+HREF="diagnosis.html#AEN3490"
 >Introduction</A
 ></DT
 ><DT
->26.2. <A
-HREF="diagnosis.html#AEN3383"
+>24.2. <A
+HREF="diagnosis.html#AEN3495"
 >Assumptions</A
 ></DT
 ><DT
->26.3. <A
-HREF="diagnosis.html#AEN3393"
+>24.3. <A
+HREF="diagnosis.html#AEN3505"
 >Tests</A
 ></DT
 ><DD
 ><DL
 ><DT
->26.3.1. <A
-HREF="diagnosis.html#AEN3395"
+>24.3.1. <A
+HREF="diagnosis.html#AEN3507"
 >Test 1</A
 ></DT
 ><DT
->26.3.2. <A
-HREF="diagnosis.html#AEN3401"
+>24.3.2. <A
+HREF="diagnosis.html#AEN3513"
 >Test 2</A
 ></DT
 ><DT
->26.3.3. <A
-HREF="diagnosis.html#AEN3407"
+>24.3.3. <A
+HREF="diagnosis.html#AEN3519"
 >Test 3</A
 ></DT
 ><DT
->26.3.4. <A
-HREF="diagnosis.html#AEN3422"
+>24.3.4. <A
+HREF="diagnosis.html#AEN3534"
 >Test 4</A
 ></DT
 ><DT
->26.3.5. <A
-HREF="diagnosis.html#AEN3427"
+>24.3.5. <A
+HREF="diagnosis.html#AEN3539"
 >Test 5</A
 ></DT
 ><DT
->26.3.6. <A
-HREF="diagnosis.html#AEN3433"
+>24.3.6. <A
+HREF="diagnosis.html#AEN3545"
 >Test 6</A
 ></DT
 ><DT
->26.3.7. <A
-HREF="diagnosis.html#AEN3441"
+>24.3.7. <A
+HREF="diagnosis.html#AEN3553"
 >Test 7</A
 ></DT
 ><DT
->26.3.8. <A
-HREF="diagnosis.html#AEN3467"
+>24.3.8. <A
+HREF="diagnosis.html#AEN3579"
 >Test 8</A
 ></DT
 ><DT
->26.3.9. <A
-HREF="diagnosis.html#AEN3484"
+>24.3.9. <A
+HREF="diagnosis.html#AEN3596"
 >Test 9</A
 ></DT
 ><DT
->26.3.10. <A
-HREF="diagnosis.html#AEN3492"
+>24.3.10. <A
+HREF="diagnosis.html#AEN3604"
 >Test 10</A
 ></DT
 ><DT
->26.3.11. <A
-HREF="diagnosis.html#AEN3498"
+>24.3.11. <A
+HREF="diagnosis.html#AEN3610"
 >Test 11</A
 ></DT
 ></DL
 ></DD
 ><DT
->26.4. <A
-HREF="diagnosis.html#AEN3503"
+>24.4. <A
+HREF="diagnosis.html#AEN3615"
 >Still having troubles?</A
 ></DT
 ></DL
@@ -343,7 +344,7 @@ WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
-HREF="speed.html"
+HREF="groupprofiles.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -371,7 +372,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->Samba performance issues</TD
+>Creating Group Profiles</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
diff --git a/docs/htmldocs/browsing-quick.html b/docs/htmldocs/browsing-quick.html
index 8c597e001f..680bdfc1de 100644
--- a/docs/htmldocs/browsing-quick.html
+++ b/docs/htmldocs/browsing-quick.html
@@ -5,8 +5,7 @@
 >Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -14,11 +13,11 @@ REL="UP"
 TITLE="General installation"
 HREF="introduction.html"><LINK
 REL="PREVIOUS"
-TITLE="Improved browsing in samba"
-HREF="improved-browsing.html"><LINK
+TITLE="How to Install and Test SAMBA"
+HREF="install.html"><LINK
 REL="NEXT"
-TITLE="LanMan and NT Password Encryption in Samba"
-HREF="pwencrypt.html"></HEAD
+TITLE="User information database"
+HREF="passdb.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
@@ -46,7 +45,7 @@ WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
-HREF="improved-browsing.html"
+HREF="install.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -60,7 +59,7 @@ WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
-HREF="pwencrypt.html"
+HREF="passdb.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -73,7 +72,9 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="BROWSING-QUICK">Chapter 3. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</H1
+NAME="BROWSING-QUICK"
+></A
+>Chapter 2. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</H1
 ><P
 >This document should be read in conjunction with Browsing and may
 be taken as the fast track guide to implementing browsing across subnets
@@ -85,7 +86,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN377">3.1. Discussion</H1
+NAME="AEN230"
+></A
+>2.1. Discussion</H1
 ><P
 >Firstly, all MS Windows networking is based on SMB (Server Message
 Block) based messaging. SMB messaging is implemented using NetBIOS. Samba
@@ -129,7 +132,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN385">3.2. Use of the "Remote Announce" parameter</H1
+NAME="AEN238"
+></A
+>2.2. Use of the "Remote Announce" parameter</H1
 ><P
 >The "remote announce" parameter of smb.conf can be used to forcibly ensure
 that all the NetBIOS names on a network get announced to a remote network.
@@ -185,7 +190,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN399">3.3. Use of the "Remote Browse Sync" parameter</H1
+NAME="AEN252"
+></A
+>2.3. Use of the "Remote Browse Sync" parameter</H1
 ><P
 >The "remote browse sync" parameter of smb.conf is used to announce to
 another LMB that it must synchronise it's NetBIOS name list with our
@@ -193,9 +200,10 @@ Samba LMB. It works ONLY if the Samba server that has this option is
 simultaneously the LMB on it's network segment.</P
 ><P
 >The syntax of the "remote browse  sync" parameter is:
+
 <PRE
 CLASS="PROGRAMLISTING"
->	remote browse sync = a.b.c.d</PRE
+>remote browse sync = a.b.c.d</PRE
 >
 
 where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment.</P
@@ -205,7 +213,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN404">3.4. Use of WINS</H1
+NAME="AEN257"
+></A
+>2.4. Use of WINS</H1
 ><P
 >Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly
 recommended. Every NetBIOS machine registers it's name together with a
@@ -265,7 +275,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN415">3.5. Do NOT use more than one (1) protocol on MS Windows machines</H1
+NAME="AEN268"
+></A
+>2.5. Do NOT use more than one (1) protocol on MS Windows machines</H1
 ><P
 >A very common cause of browsing problems results from installing more than
 one protocol on an MS Windows machine.</P
@@ -293,12 +305,14 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN421">3.6. Name Resolution Order</H1
+NAME="AEN274"
+></A
+>2.6. Name Resolution Order</H1
 ><P
 >Resolution of NetBIOS names to IP addresses can take place using a number
 of methods. The only ones that can provide NetBIOS name_type information
-are:
-<P
+are:</P
+><P
 ></P
 ><TABLE
 BORDER="0"
@@ -319,10 +333,9 @@ BORDER="0"
 ></TABLE
 ><P
 ></P
-></P
 ><P
->Alternative means of name resolution includes:
-<P
+>Alternative means of name resolution includes:</P
+><P
 ></P
 ><TABLE
 BORDER="0"
@@ -339,24 +352,23 @@ BORDER="0"
 ></TABLE
 ><P
 ></P
-></P
 ><P
 >Many sites want to restrict DNS lookups and want to avoid broadcast name
 resolution traffic. The "name resolve order" parameter is of great help here.
 The syntax of the "name resolve order" parameter is:
 <PRE
 CLASS="PROGRAMLISTING"
->	name resolve order = wins lmhosts bcast host</PRE
+>name resolve order = wins lmhosts bcast host</PRE
 >
 _or_
 <PRE
 CLASS="PROGRAMLISTING"
->	name resolve order = wins lmhosts  	(eliminates bcast and host)</PRE
+>name resolve order = wins lmhosts  	(eliminates bcast and host)</PRE
 >
 The default is:
 <PRE
 CLASS="PROGRAMLISTING"
->	name  resolve order = host lmhost wins bcast</PRE
+>name  resolve order = host lmhost wins bcast</PRE
 >.
 where "host" refers the the native methods used by the Unix system
 to implement the gethostbyname() function call. This is normally
@@ -388,7 +400,7 @@ WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
-HREF="improved-browsing.html"
+HREF="install.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -406,7 +418,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="pwencrypt.html"
+HREF="passdb.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -416,7 +428,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->Improved browsing in samba</TD
+>How to Install and Test SAMBA</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
@@ -430,7 +442,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->LanMan and NT Password Encryption in Samba</TD
+>User information database</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/bugreport.html b/docs/htmldocs/bugreport.html
index fcc4b7e91a..813d0055cc 100644
--- a/docs/htmldocs/bugreport.html
+++ b/docs/htmldocs/bugreport.html
@@ -5,8 +5,7 @@
 >Reporting Bugs</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="BUGREPORT">Chapter 25. Reporting Bugs</H1
+NAME="BUGREPORT"
+></A
+>Chapter 23. Reporting Bugs</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3309">25.1. Introduction</H1
+NAME="AEN3421"
+></A
+>23.1. Introduction</H1
 ><P
 >The email address for bug reports for stable releases is <A
 HREF="samba@samba.org"
@@ -122,7 +125,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3319">25.2. General info</H1
+NAME="AEN3431"
+></A
+>23.2. General info</H1
 ><P
 >Before submitting a bug report check your config for silly
 errors. Look in your log files for obvious messages that tell you that
@@ -145,7 +150,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3325">25.3. Debug levels</H1
+NAME="AEN3437"
+></A
+>23.3. Debug levels</H1
 ><P
 >If the bug has anything to do with Samba behaving incorrectly as a
 server (like refusing to open a file) then the log files will probably
@@ -213,7 +220,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3342">25.4. Internal errors</H1
+NAME="AEN3454"
+></A
+>23.4. Internal errors</H1
 ><P
 >If you get a "INTERNAL ERROR" message in your log files it means that
 Samba got an unexpected signal while running. It is probably a
@@ -255,7 +264,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3352">25.5. Attaching to a running process</H1
+NAME="AEN3464"
+></A
+>23.5. Attaching to a running process</H1
 ><P
 >Unfortunately some unixes (in particular some recent linux kernels)
 refuse to dump a core file if the task has changed uid (which smbd
@@ -270,7 +281,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3355">25.6. Patches</H1
+NAME="AEN3467"
+></A
+>23.6. Patches</H1
 ><P
 >The best sort of bug report is one that includes a fix! If you send us
 patches please use <B
diff --git a/docs/htmldocs/cvs-access.html b/docs/htmldocs/cvs-access.html
index 73cd333805..4e088faf70 100644
--- a/docs/htmldocs/cvs-access.html
+++ b/docs/htmldocs/cvs-access.html
@@ -2,11 +2,10 @@
 <HTML
 ><HEAD
 ><TITLE
->HOWTO Access Samba source code via CVS</TITLE
+>Access Samba source code via CVS</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -14,8 +13,8 @@ REL="UP"
 TITLE="Optional configuration"
 HREF="optional.html"><LINK
 REL="PREVIOUS"
-TITLE="Storing Samba's User/Machine Account information in an LDAP Directory"
-HREF="samba-ldap-howto.html"><LINK
+TITLE="Stackable VFS modules"
+HREF="vfs.html"><LINK
 REL="NEXT"
 TITLE="Group mapping HOWTO"
 HREF="groupmapping.html"></HEAD
@@ -46,7 +45,7 @@ WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
-HREF="samba-ldap-howto.html"
+HREF="vfs.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="CVS-ACCESS">Chapter 20. HOWTO Access Samba source code via CVS</H1
+NAME="CVS-ACCESS"
+></A
+>Chapter 17. Access Samba source code via CVS</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2964">20.1. Introduction</H1
+NAME="AEN2942"
+></A
+>17.1. Introduction</H1
 ><P
 >Samba is developed in an open environment.  Developers use CVS
 (Concurrent Versioning System) to "checkin" (also known as 
@@ -99,7 +102,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2969">20.2. CVS Access to samba.org</H1
+NAME="AEN2947"
+></A
+>17.2. CVS Access to samba.org</H1
 ><P
 >The machine samba.org runs a publicly accessible CVS 
 repository for access to the source code of several packages, 
@@ -110,7 +115,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2972">20.2.1. Access via CVSweb</H2
+NAME="AEN2950"
+></A
+>17.2.1. Access via CVSweb</H2
 ><P
 >You can access the source code via your 
 favourite WWW browser. This allows you to access the contents of 
@@ -129,7 +136,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2977">20.2.2. Access via cvs</H2
+NAME="AEN2955"
+></A
+>17.2.2. Access via cvs</H2
 ><P
 >You can also access the source code via a 
 normal cvs client.  This gives you much more control over you can 
@@ -247,7 +256,7 @@ WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
-HREF="samba-ldap-howto.html"
+HREF="vfs.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -275,7 +284,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->Storing Samba's User/Machine Account information in an LDAP Directory</TD
+>Stackable VFS modules</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
diff --git a/docs/htmldocs/diagnosis.html b/docs/htmldocs/diagnosis.html
index a7b2e59436..0c71043074 100644
--- a/docs/htmldocs/diagnosis.html
+++ b/docs/htmldocs/diagnosis.html
@@ -5,8 +5,7 @@
 >Diagnosing your samba server</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -66,13 +65,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="DIAGNOSIS">Chapter 26. Diagnosing your samba server</H1
+NAME="DIAGNOSIS"
+></A
+>Chapter 24. Diagnosing your samba server</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3378">26.1. Introduction</H1
+NAME="AEN3490"
+></A
+>24.1. Introduction</H1
 ><P
 >This file contains a list of tests you can perform to validate your
 Samba server. It also tells you what the likely cause of the problem
@@ -92,7 +95,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3383">26.2. Assumptions</H1
+NAME="AEN3495"
+></A
+>24.2. Assumptions</H1
 ><P
 >In all of the tests it is assumed you have a Samba server called 
 BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.</P
@@ -128,13 +133,17 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3393">26.3. Tests</H1
+NAME="AEN3505"
+></A
+>24.3. Tests</H1
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3395">26.3.1. Test 1</H2
+NAME="AEN3507"
+></A
+>24.3.1. Test 1</H2
 ><P
 >In the directory in which you store your smb.conf file, run the command
 "testparm smb.conf". If it reports any errors then your smb.conf
@@ -154,7 +163,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3401">26.3.2. Test 2</H2
+NAME="AEN3513"
+></A
+>24.3.2. Test 2</H2
 ><P
 >Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
 the unix box. If you don't get a valid response then your TCP/IP
@@ -178,7 +189,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3407">26.3.3. Test 3</H2
+NAME="AEN3519"
+></A
+>24.3.3. Test 3</H2
 ><P
 >Run the command "smbclient -L BIGSERVER" on the unix box. You
 should get a list of available shares back. </P
@@ -247,7 +260,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3422">26.3.4. Test 4</H2
+NAME="AEN3534"
+></A
+>24.3.4. Test 4</H2
 ><P
 >Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
 IP address of your Samba server back.</P
@@ -266,7 +281,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3427">26.3.5. Test 5</H2
+NAME="AEN3539"
+></A
+>24.3.5. Test 5</H2
 ><P
 >run the command <B
 CLASS="COMMAND"
@@ -285,7 +302,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3433">26.3.6. Test 6</H2
+NAME="AEN3545"
+></A
+>24.3.6. Test 6</H2
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -317,7 +336,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3441">26.3.7. Test 7</H2
+NAME="AEN3553"
+></A
+>24.3.7. Test 7</H2
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -404,7 +425,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3467">26.3.8. Test 8</H2
+NAME="AEN3579"
+></A
+>24.3.8. Test 8</H2
 ><P
 >On the PC type the command <B
 CLASS="COMMAND"
@@ -462,7 +485,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3484">26.3.9. Test 9</H2
+NAME="AEN3596"
+></A
+>24.3.9. Test 9</H2
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -494,7 +519,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3492">26.3.10. Test 10</H2
+NAME="AEN3604"
+></A
+>24.3.10. Test 10</H2
 ><P
 >Run the command <B
 CLASS="COMMAND"
@@ -518,7 +545,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3498">26.3.11. Test 11</H2
+NAME="AEN3610"
+></A
+>24.3.11. Test 11</H2
 ><P
 >From file manager try to browse the server. Your samba server should
 appear in the browse list of your local workgroup (or the one you
@@ -544,7 +573,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3503">26.4. Still having troubles?</H1
+NAME="AEN3615"
+></A
+>24.4. Still having troubles?</H1
 ><P
 >Try the mailing list or newsgroup, or use the ethereal utility to
 sniff the problem. The official samba mailing list can be reached at
diff --git a/docs/htmldocs/domain-security.html b/docs/htmldocs/domain-security.html
index 670d96ba5f..fcb40641e4 100644
--- a/docs/htmldocs/domain-security.html
+++ b/docs/htmldocs/domain-security.html
@@ -2,11 +2,10 @@
 <HTML
 ><HEAD
 ><TITLE
->Samba as a NT4 domain member</TITLE
+>Samba as a NT4 or Win2k domain member</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,19 +72,23 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="DOMAIN-SECURITY">Chapter 9. Samba as a NT4 domain member</H1
+NAME="DOMAIN-SECURITY"
+></A
+>Chapter 8. Samba as a NT4 or Win2k domain member</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1273">9.1. Joining an NT Domain with Samba 2.2</H1
+NAME="AEN1423"
+></A
+>8.1. Joining an NT Domain with Samba 3.0</H1
 ><P
->Assume you have a Samba 2.x server with a NetBIOS name of 
+>Assume you have a Samba 3.0 server with a NetBIOS name of 
 	<TT
 CLASS="CONSTANT"
 >SERV1</TT
-> and are joining an NT domain called
+> and are joining an or Win2k NT domain called
 	<TT
 CLASS="CONSTANT"
 >DOM</TT
@@ -103,107 +106,7 @@ CLASS="CONSTANT"
 	</TT
 >.</P
 ><P
->In order to join the domain, first stop all Samba daemons 
-	and run the command:</P
-><P
-><TT
-CLASS="PROMPT"
->root# </TT
-><TT
-CLASS="USERINPUT"
-><B
->smbpasswd -j DOM -r DOMPDC
-	-U<TT
-CLASS="REPLACEABLE"
-><I
->Administrator%password</I
-></TT
-></B
-></TT
-></P
-><P
->as we are joining the domain DOM and the PDC for that domain 
-	(the only machine that has write access to the domain SAM database) 
-	is DOMPDC. The <TT
-CLASS="REPLACEABLE"
-><I
->Administrator%password</I
-></TT
-> is 
-	the login name and password for an account which has the necessary 
-	privilege to add machines to the domain.  If this is successful 
-	you will see the message:</P
-><P
-><TT
-CLASS="COMPUTEROUTPUT"
->smbpasswd: Joined domain DOM.</TT
->
-	</P
-><P
->in your terminal window. See the <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
->	smbpasswd(8)</A
-> man page for more details.</P
-><P
->There is existing development code to join a domain
-	without having to create the machine trust account on the PDC
-	beforehand.  This code will hopefully be available soon
-	in release branches as well.</P
-><P
->This command goes through the machine account password 
-	change protocol, then writes the new (random) machine account 
-	password for this Samba server into a file in the same directory 
-	in which an smbpasswd file would be stored - normally :</P
-><P
-><TT
-CLASS="FILENAME"
->/usr/local/samba/private</TT
-></P
-><P
->In Samba 2.0.x, the filename looks like this:</P
-><P
-><TT
-CLASS="FILENAME"
-><TT
-CLASS="REPLACEABLE"
-><I
->&lt;NT DOMAIN NAME&gt;</I
-></TT
->.<TT
-CLASS="REPLACEABLE"
-><I
->&lt;Samba 
-	Server Name&gt;</I
-></TT
->.mac</TT
-></P
-><P
->The <TT
-CLASS="FILENAME"
->.mac</TT
-> suffix stands for machine account 
-	password file. So in our example above, the file would be called:</P
-><P
-><TT
-CLASS="FILENAME"
->DOM.SERV1.mac</TT
-></P
-><P
->In Samba 2.2, this file has been replaced with a TDB 
-	(Trivial Database) file named <TT
-CLASS="FILENAME"
->secrets.tdb</TT
->.
-	</P
-><P
->This file is created and owned by root and is not 
-	readable by any other user. It is the key to the domain-level 
-	security for your system, and should be treated as carefully 
-	as a shadow password file.</P
-><P
->Now, before restarting the Samba daemons you must 
-	edit your <A
+>Firstly, you must edit your <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
@@ -228,7 +131,12 @@ CLASS="PARAMETER"
 ><B
 CLASS="COMMAND"
 >security = domain</B
-></P
+> or
+	<B
+CLASS="COMMAND"
+>security = ads</B
+> depending on if the PDC is
+	NT4 or running Active Directory respectivly.</P
 ><P
 >Next change the <A
 HREF="smb.conf.5.html#WORKGROUP"
@@ -295,11 +203,77 @@ CLASS="COMMAND"
 >password server = *</B
 ></P
 ><P
->This method, which was introduced in Samba 2.0.6, 
-	allows Samba to use exactly the same mechanism that NT does. This 
+>This method, allows Samba to use exactly the same
+        mechanism that NT does. This 
 	method either broadcasts or uses a WINS database in order to
 	find domain controllers to authenticate against.</P
 ><P
+>In order to actually join the domain, you must run this
+        command:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><TT
+CLASS="USERINPUT"
+><B
+>net join -S DOMPDC
+	-U<TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+></B
+></TT
+></P
+><P
+>as we are joining the domain DOM and the PDC for that domain 
+	(the only machine that has write access to the domain SAM database) 
+	is DOMPDC. The <TT
+CLASS="REPLACEABLE"
+><I
+>Administrator%password</I
+></TT
+> is 
+	the login name and password for an account which has the necessary 
+	privilege to add machines to the domain.  If this is successful 
+	you will see the message:</P
+><P
+><TT
+CLASS="COMPUTEROUTPUT"
+>Joined domain DOM.</TT
+>
+	or <TT
+CLASS="COMPUTEROUTPUT"
+>Joined 'SERV1' to realm 'MYREALM'</TT
+>
+	</P
+><P
+>in your terminal window. See the <A
+HREF="net.8.html"
+TARGET="_top"
+>	net(8)</A
+> man page for more details.</P
+><P
+>This process joins the server to thedomain
+	without having to create the machine trust account on the PDC
+	beforehand.</P
+><P
+>This command goes through the machine account password 
+	change protocol, then writes the new (random) machine account 
+	password for this Samba server into a file in the same directory 
+	in which an smbpasswd file would be stored - normally :</P
+><P
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/private/secrets.tdb</TT
+></P
+><P
+>This file is created and owned by root and is not 
+	readable by any other user. It is the key to the domain-level 
+	security for your system, and should be treated as carefully 
+	as a shadow password file.</P
+><P
 >Finally, restart your Samba daemons and get ready for 
 	clients to begin using domain security!</P
 ></DIV
@@ -308,30 +282,23 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1337">9.2. Samba and Windows 2000 Domains</H1
+NAME="AEN1478"
+></A
+>8.2. Samba and Windows 2000 Domains</H1
 ><P
 >Many people have asked regarding the state of Samba's ability to participate in
 a Windows 2000 Domain.  Samba 3.0 is able to act as a member server of a Windows
-2000 domain operating in mixed or native mode.</P
-><P
->There is much confusion between the circumstances that require a "mixed" mode
-Win2k DC and a when this host can be switched to "native" mode.  A "mixed" mode
-Win2k domain controller is only needed if Windows NT BDCs must exist in the same
-domain.  By default, a Win2k DC in "native" mode will still support
-NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and 
-NT 4.0.  Samba has the same requirements as a Windows NT 4.0 member server.</P
-><P
->The steps for adding a Samba 2.2 host to a Win2k domain are the same as those
-for adding a Samba server to a Windows NT 4.0 domain. The only exception is that 
-the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and 
-Computers" MMC (Microsoft Management Console) plugin.</P
+2000 domain operating in mixed or native mode.  The steps above apply
+to both NT4 and Windows 2000.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1342">9.3. Why is this better than security = server?</H1
+NAME="AEN1481"
+></A
+>8.3. Why is this better than security = server?</H1
 ><P
 >Currently, domain security in Samba doesn't free you from 
 	having to create local Unix users to represent the users attaching 
@@ -387,13 +354,7 @@ CLASS="COMMAND"
 >And finally, acting in the same manner as an NT server 
 	authenticating to a PDC means that as part of the authentication 
 	reply, the Samba server gets the user identification information such 
-	as the user SID, the list of NT groups the user belongs to, etc. All 
-	this information will allow Samba to be extended in the future into 
-	a mode the developers currently call appliance mode. In this mode, 
-	no local Unix users will be necessary, and Samba will generate Unix 
-	uids and gids from the information passed back from the PDC when a 
-	user is authenticated, making a Samba server truly plug and play 
-	in an NT domain environment. Watch for this code soon.</P
+	as the user SID, the list of NT groups the user belongs to, etc. </P
 ><P
 ><SPAN
 CLASS="emphasis"
diff --git a/docs/htmldocs/findsmb.1.html b/docs/htmldocs/findsmb.1.html
index af7100ed6f..bf63db867c 100644
--- a/docs/htmldocs/findsmb.1.html
+++ b/docs/htmldocs/findsmb.1.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >findsmb</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="FINDSMB">findsmb</H1
+NAME="FINDSMB.1"
+></A
+>findsmb</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -29,13 +30,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >findsmb</B
-> [subnet broadcast address]</P
+>  [subnet broadcast address]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -45,11 +48,14 @@ NAME="AEN12"
 ><H2
 >DESCRIPTION</H2
 ><P
->This perl script is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
-> suite.</P
+>This perl script is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
+>
+	suite.</P
 ><P
 ><B
 CLASS="COMMAND"
@@ -57,27 +63,27 @@ CLASS="COMMAND"
 > is a perl script that
 	prints out several pieces of information about machines 
 	on a subnet that respond to SMB  name query requests.
-	It uses <A
-HREF="nmblookup.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->	nmblookup(1)</B
-></A
-> and <A
-HREF="smbclient.1.html"
-TARGET="_top"
->	<B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
-> to obtain this information.
+	It uses <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmblookup</SPAN
+>(1)</SPAN
+>
+	and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>
+	to obtain this information.
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN22"
+NAME="AEN26"
 ></A
 ><H2
 >OPTIONS</H2
@@ -97,13 +103,12 @@ CLASS="COMMAND"
 		bugs in Windows95 into account when trying to find a Netbios name
 		registered of the remote machine. This option is disabled by default
 		because it is specific to Windows 95 and Windows 95 machines only. 
-		If set, <A
-HREF="nmblookup.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmblookup</B
-></A
+		If set, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmblookup</SPAN
+>(1)</SPAN
 >
 		will be called with <TT
 CLASS="CONSTANT"
@@ -119,15 +124,22 @@ CLASS="COMMAND"
 >findsmb
 		</B
 > will probe the subnet of the machine where 
-		<B
-CLASS="COMMAND"
->findsmb</B
-> is run. This value is passed 
-		to <B
-CLASS="COMMAND"
->nmblookup</B
-> as part of the 
-		<TT
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>findsmb</SPAN
+>(1)</SPAN
+>
+		is run. This value is passed to 
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmblookup</SPAN
+>(1)</SPAN
+>
+		as part of the <TT
 CLASS="CONSTANT"
 >-B</TT
 > option.</P
@@ -138,7 +150,7 @@ CLASS="CONSTANT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN41"
+NAME="AEN50"
 ></A
 ><H2
 >EXAMPLES</H2
@@ -166,14 +178,14 @@ CLASS="COMMAND"
 CLASS="CONSTANT"
 >-r</TT
 > option
-	must be run on a system without <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd</B
-></A
-> running. 
+	must be run on a system without <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+>	running. 
+
 	If <B
 CLASS="COMMAND"
 >nmbd</B
@@ -192,22 +204,14 @@ CLASS="COMMAND"
 >For example, running <B
 CLASS="COMMAND"
 >findsmb</B
-> without 
-	<TT
+> 
+	without <TT
 CLASS="CONSTANT"
 >-r</TT
 > option set would yield output similar
 	to the following</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
 ><PRE
 CLASS="SCREEN"
-><TT
-CLASS="COMPUTEROUTPUT"
 >IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
 --------------------------------------------------------------------- 
 192.168.35.10   MINESET-TEST1  [DMVENGR]
@@ -219,17 +223,12 @@ CLASS="COMPUTEROUTPUT"
 192.168.35.78   HERBDHCP1     +[HERB]
 192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
 192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
-192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
-	</TT
-></PRE
-></TD
-></TR
-></TABLE
+192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]</PRE
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN59"
+NAME="AEN68"
 ></A
 ><H2
 >VERSION</H2
@@ -240,41 +239,37 @@ NAME="AEN59"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN62"
+NAME="AEN71"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
->, 
-	<A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)
-	</B
-></A
->, and	<A
-HREF="nmblookup.1.html"
-TARGET="_top"
->	<B
-CLASS="COMMAND"
->nmblookup(1)</B
-></A
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+>,
+	<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>, and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmblookup</SPAN
+>(1)</SPAN
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN71"
+NAME="AEN83"
 ></A
 ><H2
 >AUTHOR</H2
@@ -286,14 +281,14 @@ NAME="AEN71"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
->	ftp://ftp.icce.rug.nl/pub/unix/</A
->) and updated for the Samba 2.0 
-	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+>ftp://ftp.icce.rug.nl/pub/unix/</A
+>) 
+	and updated for the Samba 2.0 release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+	XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/groupmapping.html b/docs/htmldocs/groupmapping.html
index 84cf521fc9..d7eafcb58f 100644
--- a/docs/htmldocs/groupmapping.html
+++ b/docs/htmldocs/groupmapping.html
@@ -5,8 +5,7 @@
 >Group mapping HOWTO</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -14,7 +13,7 @@ REL="UP"
 TITLE="Optional configuration"
 HREF="optional.html"><LINK
 REL="PREVIOUS"
-TITLE="HOWTO Access Samba source code via CVS"
+TITLE="Access Samba source code via CVS"
 HREF="cvs-access.html"><LINK
 REL="NEXT"
 TITLE="Samba performance issues"
@@ -73,7 +72,9 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="GROUPMAPPING">Chapter 21. Group mapping HOWTO</H1
+NAME="GROUPMAPPING"
+></A
+>Chapter 18. Group mapping HOWTO</H1
 ><P
 > 
 Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
@@ -212,7 +213,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->HOWTO Access Samba source code via CVS</TD
+>Access Samba source code via CVS</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
diff --git a/docs/htmldocs/groupprofiles.html b/docs/htmldocs/groupprofiles.html
new file mode 100644
index 0000000000..c9184032aa
--- /dev/null
+++ b/docs/htmldocs/groupprofiles.html
@@ -0,0 +1,565 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Creating Group Profiles</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="UP"
+TITLE="Optional configuration"
+HREF="optional.html"><LINK
+REL="PREVIOUS"
+TITLE="Samba performance issues"
+HREF="speed.html"><LINK
+REL="NEXT"
+TITLE="Appendixes"
+HREF="appendixes.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="speed.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="appendixes.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="GROUPPROFILES"
+></A
+>Chapter 20. Creating Group Profiles</H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3123"
+></A
+>20.1. Windows '9x</H1
+><P
+>You need the Win98 Group Policy Editor to
+set Group Profiles up under Windows '9x. It can be found on the Original
+full product Win98 installation CD under 
+<TT
+CLASS="FILENAME"
+>tools/reskit/netadmin/poledit</TT
+>.  You install this
+using the Add/Remove Programs facility and then click on the 'Have Disk'
+tab.</P
+><P
+>Use the Group Policy Editor to create a policy file that specifies the
+location of user profiles and/or the <TT
+CLASS="FILENAME"
+>My Documents</TT
+> etc.
+stuff. You then save these settings in a file called
+<TT
+CLASS="FILENAME"
+>Config.POL</TT
+> that needs to be placed in
+the root of the [NETLOGON] share. If your Win98 is configured to log onto
+the Samba Domain, it will automatically read this file and update the
+Win98 registry of the machine that is logging on.</P
+><P
+>All of this is covered in the Win98 Resource Kit documentation.</P
+><P
+>If you do not do it this way, then every so often Win98 will check the
+integrity of the registry and will restore it's settings from the back-up
+copy of the registry it stores on each Win98 machine. Hence, you will notice
+things changing back to the original settings.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3132"
+></A
+>20.2. Windows NT 4</H1
+><P
+>Unfortunately, the Resource Kit info is Win NT4/2K version specific.</P
+><P
+>Here is a quick guide:</P
+><P
+></P
+><UL
+><LI
+><P
+>On your NT4 Domain Controller, right click on 'My Computer', then
+select the tab labelled 'User Profiles'.</P
+></LI
+><LI
+><P
+>Select a user profile you want to migrate and click on it.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>I am using the term &quot;migrate&quot; lossely. You can copy a profile to
+create a group profile. You can give the user 'Everyone' rights to the
+profile you copy this to. That is what you need to do, since your samba
+domain is not a member of a trust relationship with your NT4 PDC.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>Click the 'Copy To' button.</P
+></LI
+><LI
+><P
+>In the box labelled 'Copy Profile to' add your new path, eg:
+<TT
+CLASS="FILENAME"
+>c:\temp\foobar</TT
+></P
+></LI
+><LI
+><P
+>Click on the button labelled 'Change' in the "Permitted to use" box.</P
+></LI
+><LI
+><P
+>Click on the group 'Everyone' and then click OK. This closes the
+'chose user' box.</P
+></LI
+><LI
+><P
+>Now click OK.</P
+></LI
+></UL
+><P
+>Follow the above for every profile you need to migrate.</P
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3155"
+></A
+>20.2.1. Side bar Notes</H2
+><P
+>You should obtain the SID of your NT4 domain. You can use smbpasswd to do
+this. Read the man page.</P
+><P
+>With Samba-3.0.0 alpha code you can import all you NT4 domain accounts
+using the net samsync method. This way you can retain your profile
+settings as well as all your users.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3159"
+></A
+>20.2.2. Mandatory profiles</H2
+><P
+>The above method can be used to create mandatory profiles also. To convert
+a group profile into a mandatory profile simply locate the NTUser.DAT file
+in the copied profile and rename it to NTUser.MAN.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3162"
+></A
+>20.2.3. moveuser.exe</H2
+><P
+>The W2K professional resource kit has moveuser.exe. moveuser.exe changes
+the security of a profile from one user to another.  This allows the account 
+domain to change, and/or the user name to change.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN3165"
+></A
+>20.2.4. Get SID</H2
+><P
+>You can identify the SID by using GetSID.exe from the Windows NT Server 4.0
+Resource Kit.</P
+><P
+>Windows NT 4.0 stores the local profile information in the registry under
+the following key:
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</P
+><P
+>Under the ProfileList key, there will be subkeys named with the SIDs of the
+users who have logged on to this computer. (To find the profile information
+for the user whose locally cached profile you want to move, find the SID for
+the user with the GetSID.exe utility.) Inside of the appropriate user's
+subkey, you will see a string value named ProfileImagePath.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3170"
+></A
+>20.3. Windows 2000/XP</H1
+><P
+>You must first convert the profile from a local profile to a domain
+profile on the MS Windows workstation as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>Log on as the LOCAL workstation administrator.</P
+></LI
+><LI
+><P
+>Right click on the 'My Computer' Icon, select 'Properties'</P
+></LI
+><LI
+><P
+>Click on the 'User Profiles' tab</P
+></LI
+><LI
+><P
+>Select the profile you wish to convert (click on it once)</P
+></LI
+><LI
+><P
+>Click on the button 'Copy To'</P
+></LI
+><LI
+><P
+>In the "Permitted to use" box, click on the 'Change' button.</P
+></LI
+><LI
+><P
+>Click on the 'Look in" area that lists the machine name, when you click
+here it will open up a selection box. Click on the domain to which the
+profile must be accessible.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="90%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>You will need to log on if a logon box opens up. Eg: In the connect
+as: MIDEARTH\root, password: mypassword.</P
+></TD
+></TR
+></TABLE
+></DIV
+></LI
+><LI
+><P
+>To make the profile capable of being used by anyone select 'Everyone'</P
+></LI
+><LI
+><P
+>Click OK. The Selection box will close.</P
+></LI
+><LI
+><P
+>Now click on the 'Ok' button to create the profile in the path you
+nominated.</P
+></LI
+></UL
+><P
+>Done. You now have a profile that can be editted using the samba-3.0.0
+profiles tool.</P
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Under NT/2K the use of mandotory profiles forces the use of MS Exchange
+storage of mail data. That keeps desktop profiles usable.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="NOTE"
+><P
+></P
+><TABLE
+CLASS="NOTE"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
+HSPACE="5"
+ALT="Note"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+></P
+><UL
+><LI
+><P
+>This is a security check new to Windows XP (or maybe only
+Windows XP service pack 1).  It can be disabled via a group policy in
+Active Directory.  The policy is:</P
+><P
+>"Computer Configuration\Administrative Templates\System\User
+Profiles\Do not check for user ownership of Roaming Profile Folders"</P
+><P
+>...and it should be set to "Enabled".
+Does the new version of samba have an Active Directory analogue?  If so,
+then you may be able to set the policy through this.</P
+><P
+>If you cannot set group policies in samba, then you may be able to set
+the policy locally on each machine.  If you want to try this, then do
+the following (N.B. I don't know for sure that this will work in the
+same way as a domain group policy):</P
+></LI
+><LI
+><P
+>On the XP workstation log in with an Administrator account.</P
+></LI
+><LI
+><P
+>Click: "Start", "Run"</P
+></LI
+><LI
+><P
+>Type: "mmc"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>A Microsoft Management Console should appear.</P
+></LI
+><LI
+><P
+>Click: File, "Add/Remove Snap-in...", "Add"</P
+></LI
+><LI
+><P
+>Double-Click: "Group Policy"</P
+></LI
+><LI
+><P
+>Click: "Finish", "Close"</P
+></LI
+><LI
+><P
+>Click: "OK"</P
+></LI
+><LI
+><P
+>In the "Console Root" window:</P
+></LI
+><LI
+><P
+>Expand: "Local Computer Policy", "Computer Configuration",</P
+></LI
+><LI
+><P
+>"Administrative Templates", "System", "User Profiles"</P
+></LI
+><LI
+><P
+>Double-Click: "Do not check for user ownership of Roaming Profile</P
+></LI
+><LI
+><P
+>Folders"</P
+></LI
+><LI
+><P
+>Select: "Enabled"</P
+></LI
+><LI
+><P
+>Click: OK"</P
+></LI
+><LI
+><P
+>Close the whole console.  You do not need to save the settings (this
+refers to the console settings rather than the policies you have
+changed).</P
+></LI
+><LI
+><P
+>Reboot</P
+></LI
+></UL
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="speed.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="appendixes.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Samba performance issues</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="optional.html"
+ACCESSKEY="U"
+>Up</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Appendixes</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file
diff --git a/docs/htmldocs/improved-browsing.html b/docs/htmldocs/improved-browsing.html
index 4e9d7f639e..b912cb57e5 100644
--- a/docs/htmldocs/improved-browsing.html
+++ b/docs/htmldocs/improved-browsing.html
@@ -5,20 +5,19 @@
 >Improved browsing in samba</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="UP"
-TITLE="General installation"
-HREF="introduction.html"><LINK
+TITLE="Optional configuration"
+HREF="optional.html"><LINK
 REL="PREVIOUS"
-TITLE="How to Install and Test SAMBA"
-HREF="install.html"><LINK
+TITLE="Unified Logons between Windows NT and UNIX using Winbind"
+HREF="winbind.html"><LINK
 REL="NEXT"
-TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide"
-HREF="browsing-quick.html"></HEAD
+TITLE="Stackable VFS modules"
+HREF="vfs.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
@@ -46,7 +45,7 @@ WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
-HREF="install.html"
+HREF="winbind.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -60,7 +59,7 @@ WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
-HREF="browsing-quick.html"
+HREF="vfs.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="IMPROVED-BROWSING">Chapter 2. Improved browsing in samba</H1
+NAME="IMPROVED-BROWSING"
+></A
+>Chapter 15. Improved browsing in samba</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN229">2.1. Overview of browsing</H1
+NAME="AEN2700"
+></A
+>15.1. Overview of browsing</H1
 ><P
 >SMB networking provides a mechanism by which clients can access a list
 of machines in a network, a so-called "browse list".  This list
@@ -101,7 +104,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN233">2.2. Browsing support in samba</H1
+NAME="AEN2704"
+></A
+>15.2. Browsing support in samba</H1
 ><P
 >Samba now fully supports browsing.  The browsing is supported by nmbd
 and is also controlled by options in the smb.conf file (see smb.conf(5)).</P
@@ -144,7 +149,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN242">2.3. Problem resolution</H1
+NAME="AEN2713"
+></A
+>15.3. Problem resolution</H1
 ><P
 >If something doesn't work then hopefully the log.nmb file will help
 you track down the problem.  Try a debug level of 2 or 3 for finding
@@ -176,7 +183,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN249">2.4. Browsing across subnets</H1
+NAME="AEN2720"
+></A
+>15.4. Browsing across subnets</H1
 ><P
 >With the release of Samba 1.9.17(alpha1 and above) Samba has been
 updated to enable it to support the replication of browse lists
@@ -205,7 +214,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN254">2.4.1. How does cross subnet browsing work ?</H2
+NAME="AEN2725"
+></A
+>15.4.1. How does cross subnet browsing work ?</H2
 ><P
 >Cross subnet browsing is a complicated dance, containing multiple
 moving parts.  It has taken Microsoft several years to get the code
@@ -415,7 +426,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN289">2.5. Setting up a WINS server</H1
+NAME="AEN2760"
+></A
+>15.5. Setting up a WINS server</H1
 ><P
 >Either a Samba machine or a Windows NT Server machine may be set up
 as a WINS server.  To set a Samba machine to be a WINS server you must
@@ -496,7 +509,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN308">2.6. Setting up Browsing in a WORKGROUP</H1
+NAME="AEN2779"
+></A
+>15.6. Setting up Browsing in a WORKGROUP</H1
 ><P
 >To set up cross subnet browsing on a network containing machines
 in up to be in a WORKGROUP, not an NT Domain you need to set up one
@@ -578,7 +593,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN326">2.7. Setting up Browsing in a DOMAIN</H1
+NAME="AEN2797"
+></A
+>15.7. Setting up Browsing in a DOMAIN</H1
 ><P
 >If you are adding Samba servers to a Windows NT Domain then
 you must not set up a Samba server as a domain master browser.
@@ -627,7 +644,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN336">2.8. Forcing samba to be the master</H1
+NAME="AEN2807"
+></A
+>15.8. Forcing samba to be the master</H1
 ><P
 >Who becomes the "master browser" is determined by an election process
 using broadcasts.  Each election packet contains a number of parameters
@@ -673,7 +692,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN345">2.9. Making samba the domain master</H1
+NAME="AEN2816"
+></A
+>15.9. Making samba the domain master</H1
 ><P
 >The domain master is responsible for collating the browse lists of
 multiple subnets so that browsing can occur between subnets.  You can
@@ -744,7 +765,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN363">2.10. Note about broadcast addresses</H1
+NAME="AEN2834"
+></A
+>15.10. Note about broadcast addresses</H1
 ><P
 >If your network uses a "0" based broadcast address (for example if it
 ends in a 0) then you will strike problems.  Windows for Workgroups
@@ -756,7 +779,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN366">2.11. Multiple interfaces</H1
+NAME="AEN2837"
+></A
+>15.11. Multiple interfaces</H1
 ><P
 >Samba now supports machines with multiple network interfaces.  If you
 have multiple interfaces then you will need to use the "interfaces"
@@ -779,7 +804,7 @@ WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
-HREF="install.html"
+HREF="winbind.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -797,7 +822,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="browsing-quick.html"
+HREF="vfs.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -807,13 +832,13 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->How to Install and Test SAMBA</TD
+>Unified Logons between Windows NT and UNIX using Winbind</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
-HREF="introduction.html"
+HREF="optional.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
@@ -821,7 +846,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD
+>Stackable VFS modules</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/install.html b/docs/htmldocs/install.html
index 0ba79dbe26..e518e270bf 100644
--- a/docs/htmldocs/install.html
+++ b/docs/htmldocs/install.html
@@ -5,8 +5,7 @@
 >How to Install and Test SAMBA</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -17,8 +16,8 @@ REL="PREVIOUS"
 TITLE="General installation"
 HREF="introduction.html"><LINK
 REL="NEXT"
-TITLE="Improved browsing in samba"
-HREF="improved-browsing.html"></HEAD
+TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide"
+HREF="browsing-quick.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
@@ -60,7 +59,7 @@ WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
-HREF="improved-browsing.html"
+HREF="browsing-quick.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="INSTALL">Chapter 1. How to Install and Test SAMBA</H1
+NAME="INSTALL"
+></A
+>Chapter 1. How to Install and Test SAMBA</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN26">1.1. Read the man pages</H1
+NAME="AEN26"
+></A
+>1.1. Read the man pages</H1
 ><P
 >The man pages distributed with SAMBA contain 
 	lots of useful info that will help to get you started. 
@@ -119,7 +122,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN36">1.2. Building the Binaries</H1
+NAME="AEN36"
+></A
+>1.2. Building the Binaries</H1
 ><P
 >To do this, first run the program <B
 CLASS="COMMAND"
@@ -216,7 +221,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN64">1.3. The all important step</H1
+NAME="AEN64"
+></A
+>1.3. The all important step</H1
 ><P
 >At this stage you must fetch yourself a 
 	coffee or other drink you find stimulating. Getting the rest 
@@ -231,7 +238,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN68">1.4. Create the smb configuration file.</H1
+NAME="AEN68"
+></A
+>1.4. Create the smb configuration file.</H1
 ><P
 >There are sample configuration files in the examples 
 	subdirectory in the distribution. I suggest you read them 
@@ -285,7 +294,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN82">1.5. Test your config file with 
+NAME="AEN82"
+></A
+>1.5. Test your config file with 
 	<B
 CLASS="COMMAND"
 >testparm</B
@@ -313,7 +324,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN90">1.6. Starting the smbd and nmbd</H1
+NAME="AEN90"
+></A
+>1.6. Starting the smbd and nmbd</H1
 ><P
 >You must choose to start smbd and nmbd either
 	as daemons or from <B
@@ -351,7 +364,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN100">1.6.1. Starting from inetd.conf</H2
+NAME="AEN100"
+></A
+>1.6.1. Starting from inetd.conf</H2
 ><P
 >NOTE; The following will be different if 
 		you use NIS or NIS+ to distributed services maps.</P
@@ -453,7 +468,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN129">1.6.2. Alternative: starting it as a daemon</H2
+NAME="AEN129"
+></A
+>1.6.2. Alternative: starting it as a daemon</H2
 ><P
 >To start the server as a daemon you should create 
 		a script something like this one, perhaps calling 
@@ -508,7 +525,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN145">1.7. Try listing the shares available on your 
+NAME="AEN145"
+></A
+>1.7. Try listing the shares available on your 
 	server</H1
 ><P
 ><TT
@@ -547,7 +566,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN154">1.8. Try connecting with the unix client</H1
+NAME="AEN154"
+></A
+>1.8. Try connecting with the unix client</H1
 ><P
 ><TT
 CLASS="PROMPT"
@@ -608,7 +629,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN170">1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, 
+NAME="AEN170"
+></A
+>1.9. Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</H1
 ><P
 >Try mounting disks. eg:</P
@@ -655,7 +678,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN184">1.10. What If Things Don't Work?</H1
+NAME="AEN184"
+></A
+>1.10. What If Things Don't Work?</H1
 ><P
 >If nothing works and you start to think "who wrote 
 	this pile of trash" then I suggest you do step 2 again (and 
@@ -676,7 +701,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN189">1.10.1. Diagnosing Problems</H2
+NAME="AEN189"
+></A
+>1.10.1. Diagnosing Problems</H2
 ><P
 >If you have installation problems then go to the
 		<A
@@ -691,7 +718,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN193">1.10.2. Scope IDs</H2
+NAME="AEN193"
+></A
+>1.10.2. Scope IDs</H2
 ><P
 >By default Samba uses a blank scope ID. This means 
 		all your windows boxes must also have a blank scope ID. 
@@ -705,7 +734,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN196">1.10.3. Choosing the Protocol Level</H2
+NAME="AEN196"
+></A
+>1.10.3. Choosing the Protocol Level</H2
 ><P
 >The SMB protocol has many dialects. Currently 
 		Samba supports 5, called CORE, COREPLUS, LANMAN1, 
@@ -744,7 +775,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN205">1.10.4. Printing from UNIX to a Client PC</H2
+NAME="AEN205"
+></A
+>1.10.4. Printing from UNIX to a Client PC</H2
 ><P
 >To use a printer that is available via a smb-based 
 		server from a unix host with LPR you will need to compile the 
@@ -763,7 +796,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN210">1.10.5. Locking</H2
+NAME="AEN210"
+></A
+>1.10.5. Locking</H2
 ><P
 >One area which sometimes causes trouble is locking.</P
 ><P
@@ -821,7 +856,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN219">1.10.6. Mapping Usernames</H2
+NAME="AEN219"
+></A
+>1.10.6. Mapping Usernames</H2
 ><P
 >If you have different usernames on the PCs and 
 		the unix server then take a look at the "username map" option. 
@@ -863,7 +900,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="improved-browsing.html"
+HREF="browsing-quick.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -887,7 +924,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Improved browsing in samba</TD
+>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/integrate-ms-networks.html b/docs/htmldocs/integrate-ms-networks.html
index ad6aa9e225..8299a456bb 100644
--- a/docs/htmldocs/integrate-ms-networks.html
+++ b/docs/htmldocs/integrate-ms-networks.html
@@ -5,8 +5,7 @@
 >Integrating MS Windows networks with Samba</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="INTEGRATE-MS-NETWORKS">Chapter 10. Integrating MS Windows networks with Samba</H1
+NAME="INTEGRATE-MS-NETWORKS"
+></A
+>Chapter 9. Integrating MS Windows networks with Samba</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1374">10.1. Agenda</H1
+NAME="AEN1513"
+></A
+>9.1. Agenda</H1
 ><P
 >To identify the key functional mechanisms of MS Windows networking 
 to enable the deployment of Samba as a means of extending and/or 
@@ -144,7 +147,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1396">10.2. Name Resolution in a pure Unix/Linux world</H1
+NAME="AEN1535"
+></A
+>9.2. Name Resolution in a pure Unix/Linux world</H1
 ><P
 >The key configuration files covered in this section are:</P
 ><P
@@ -184,7 +189,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1412">10.2.1. <TT
+NAME="AEN1551"
+></A
+>9.2.1. <TT
 CLASS="FILENAME"
 >/etc/hosts</TT
 ></H2
@@ -263,7 +270,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1428">10.2.2. <TT
+NAME="AEN1567"
+></A
+>9.2.2. <TT
 CLASS="FILENAME"
 >/etc/resolv.conf</TT
 ></H2
@@ -299,7 +308,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1439">10.2.3. <TT
+NAME="AEN1578"
+></A
+>9.2.3. <TT
 CLASS="FILENAME"
 >/etc/host.conf</TT
 ></H2
@@ -326,7 +337,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1447">10.2.4. <TT
+NAME="AEN1586"
+></A
+>9.2.4. <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
 ></H2
@@ -393,7 +406,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1459">10.3. Name resolution as used within MS Windows networking</H1
+NAME="AEN1598"
+></A
+>9.3. Name resolution as used within MS Windows networking</H1
 ><P
 >MS Windows networking is predicated about the name each machine 
 is given. This name is known variously (and inconsistently) as 
@@ -413,16 +428,16 @@ the client/server.</P
 ><PRE
 CLASS="PROGRAMLISTING"
 >	Unique NetBIOS Names:
-		MACHINENAME&#60;00&#62;	= Server Service is running on MACHINENAME
-		MACHINENAME&#60;03&#62; = Generic Machine Name (NetBIOS name)
-		MACHINENAME&#60;20&#62; = LanMan Server service is running on MACHINENAME
-		WORKGROUP&#60;1b&#62; = Domain Master Browser
+		MACHINENAME&lt;00&gt;	= Server Service is running on MACHINENAME
+		MACHINENAME&lt;03&gt; = Generic Machine Name (NetBIOS name)
+		MACHINENAME&lt;20&gt; = LanMan Server service is running on MACHINENAME
+		WORKGROUP&lt;1b&gt; = Domain Master Browser
 
 	Group Names:
-		WORKGROUP&#60;03&#62; = Generic Name registered by all members of WORKGROUP
-		WORKGROUP&#60;1c&#62; = Domain Controllers / Netlogon Servers
-		WORKGROUP&#60;1d&#62; = Local Master Browsers
-		WORKGROUP&#60;1e&#62; = Internet Name Resolvers</PRE
+		WORKGROUP&lt;03&gt; = Generic Name registered by all members of WORKGROUP
+		WORKGROUP&lt;1c&gt; = Domain Controllers / Netlogon Servers
+		WORKGROUP&lt;1d&gt; = Local Master Browsers
+		WORKGROUP&lt;1e&gt; = Internet Name Resolvers</PRE
 ></P
 ><P
 >It should be noted that all NetBIOS machines register their own 
@@ -441,7 +456,7 @@ be needed. An example of this is what happens when an MS Windows client
 wants to locate a domain logon server. It find this service and the IP 
 address of a server that provides it by performing a lookup (via a 
 NetBIOS broadcast) for enumeration of all machines that have 
-registered the name type *&#60;1c&#62;. A logon request is then sent to each 
+registered the name type *&lt;1c&gt;. A logon request is then sent to each 
 IP address that is returned in the enumerated list of IP addresses. Which 
 ever machine first replies then ends up providing the logon services.</P
 ><P
@@ -476,7 +491,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1471">10.3.1. The NetBIOS Name Cache</H2
+NAME="AEN1610"
+></A
+>9.3.1. The NetBIOS Name Cache</H2
 ><P
 >All MS Windows machines employ an in memory buffer in which is 
 stored the NetBIOS names and IP addresses for all external 
@@ -501,7 +518,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1476">10.3.2. The LMHOSTS file</H2
+NAME="AEN1615"
+></A
+>9.3.2. The LMHOSTS file</H2
 ><P
 >This file is usually located in MS Windows NT 4.0 or 
 2000 in <TT
@@ -602,7 +621,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1484">10.3.3. HOSTS file</H2
+NAME="AEN1623"
+></A
+>9.3.3. HOSTS file</H2
 ><P
 >This file is usually located in MS Windows NT 4.0 or 2000 in 
 <TT
@@ -622,7 +643,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1489">10.3.4. DNS Lookup</H2
+NAME="AEN1628"
+></A
+>9.3.4. DNS Lookup</H2
 ><P
 >This capability is configured in the TCP/IP setup area in the network 
 configuration facility. If enabled an elaborate name resolution sequence 
@@ -640,7 +663,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1492">10.3.5. WINS Lookup</H2
+NAME="AEN1631"
+></A
+>9.3.5. WINS Lookup</H2
 ><P
 >A WINS (Windows Internet Name Server) service is the equivaent of the 
 rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores 
@@ -681,7 +706,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1504">10.4. How browsing functions and how to deploy stable and 
+NAME="AEN1643"
+></A
+>9.4. How browsing functions and how to deploy stable and 
 dependable browsing using Samba</H1
 ><P
 >As stated above, MS Windows machines register their NetBIOS names 
@@ -746,7 +773,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1514">10.5. MS Windows security options and how to configure 
+NAME="AEN1653"
+></A
+>9.5. MS Windows security options and how to configure 
 Samba for seemless integration</H1
 ><P
 >MS Windows clients may use encrypted passwords as part of a 
@@ -881,7 +910,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1542">10.5.1. Use MS Windows NT as an authentication server</H2
+NAME="AEN1681"
+></A
+>9.5.1. Use MS Windows NT as an authentication server</H2
 ><P
 >This method involves the additions of the following parameters 
 in the smb.conf file:</P
@@ -915,7 +946,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1550">10.5.2. Make Samba a member of an MS Windows NT security domain</H2
+NAME="AEN1689"
+></A
+>9.5.2. Make Samba a member of an MS Windows NT security domain</H2
 ><P
 >This method involves additon of the following paramters in the smb.conf file:</P
 ><P
@@ -976,7 +1009,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1567">10.5.3. Configure Samba as an authentication server</H2
+NAME="AEN1706"
+></A
+>9.5.3. Configure Samba as an authentication server</H2
 ><P
 >This mode of authentication demands that there be on the 
 Unix/Linux system both a Unix style account as well as an 
@@ -1011,7 +1046,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1574">10.5.3.1. Users</H3
+NAME="AEN1713"
+></A
+>9.5.3.1. Users</H3
 ><P
 >A user account that may provide a home directory should be 
 created. The following Linux system commands are typical of 
@@ -1032,7 +1069,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1579">10.5.3.2. MS Windows NT Machine Accounts</H3
+NAME="AEN1718"
+></A
+>9.5.3.2. MS Windows NT Machine Accounts</H3
 ><P
 >These are required only when Samba is used as a domain 
 controller.  Refer to the Samba-PDC-HOWTO for more details.</P
@@ -1051,7 +1090,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1584">10.6. Conclusions</H1
+NAME="AEN1723"
+></A
+>9.6. Conclusions</H1
 ><P
 >Samba provides a flexible means to operate as...</P
 ><P
diff --git a/docs/htmldocs/introduction.html b/docs/htmldocs/introduction.html
index 762d56ba6a..a68950fede 100644
--- a/docs/htmldocs/introduction.html
+++ b/docs/htmldocs/introduction.html
@@ -5,8 +5,7 @@
 >General installation</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -69,7 +68,9 @@ WIDTH="100%"></DIV
 ><DIV
 CLASS="PART"
 ><A
-NAME="INTRODUCTION"><DIV
+NAME="INTRODUCTION"
+></A
+><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
@@ -77,7 +78,9 @@ CLASS="TITLE"
 ><DIV
 CLASS="PARTINTRO"
 ><A
-NAME="AEN21"><H1
+NAME="AEN21"
+></A
+><H1
 >Introduction</H1
 ><P
 >This part contains general info on how to install samba 
@@ -206,155 +209,199 @@ HREF="install.html#AEN219"
 ></DD
 ><DT
 >2. <A
-HREF="improved-browsing.html"
->Improved browsing in samba</A
+HREF="browsing-quick.html"
+>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.1. <A
-HREF="improved-browsing.html#AEN229"
->Overview of browsing</A
+HREF="browsing-quick.html#AEN230"
+>Discussion</A
 ></DT
 ><DT
 >2.2. <A
-HREF="improved-browsing.html#AEN233"
->Browsing support in samba</A
+HREF="browsing-quick.html#AEN238"
+>Use of the "Remote Announce" parameter</A
 ></DT
 ><DT
 >2.3. <A
-HREF="improved-browsing.html#AEN242"
->Problem resolution</A
+HREF="browsing-quick.html#AEN252"
+>Use of the "Remote Browse Sync" parameter</A
 ></DT
 ><DT
 >2.4. <A
-HREF="improved-browsing.html#AEN249"
->Browsing across subnets</A
-></DT
-><DD
-><DL
-><DT
->2.4.1. <A
-HREF="improved-browsing.html#AEN254"
->How does cross subnet browsing work ?</A
+HREF="browsing-quick.html#AEN257"
+>Use of WINS</A
 ></DT
-></DL
-></DD
 ><DT
 >2.5. <A
-HREF="improved-browsing.html#AEN289"
->Setting up a WINS server</A
+HREF="browsing-quick.html#AEN268"
+>Do NOT use more than one (1) protocol on MS Windows machines</A
 ></DT
 ><DT
 >2.6. <A
-HREF="improved-browsing.html#AEN308"
->Setting up Browsing in a WORKGROUP</A
+HREF="browsing-quick.html#AEN274"
+>Name Resolution Order</A
 ></DT
+></DL
+></DD
 ><DT
->2.7. <A
-HREF="improved-browsing.html#AEN326"
->Setting up Browsing in a DOMAIN</A
+>3. <A
+HREF="passdb.html"
+>User information database</A
 ></DT
+><DD
+><DL
 ><DT
->2.8. <A
-HREF="improved-browsing.html#AEN336"
->Forcing samba to be the master</A
+>3.1. <A
+HREF="passdb.html#AEN324"
+>Introduction</A
 ></DT
 ><DT
->2.9. <A
-HREF="improved-browsing.html#AEN345"
->Making samba the domain master</A
+>3.2. <A
+HREF="passdb.html#AEN331"
+>Important Notes About Security</A
 ></DT
+><DD
+><DL
 ><DT
->2.10. <A
-HREF="improved-browsing.html#AEN363"
->Note about broadcast addresses</A
+>3.2.1. <A
+HREF="passdb.html#AEN346"
+>Advantages of SMB Encryption</A
 ></DT
 ><DT
->2.11. <A
-HREF="improved-browsing.html#AEN366"
->Multiple interfaces</A
+>3.2.2. <A
+HREF="passdb.html#AEN351"
+>Advantages of non-encrypted passwords</A
 ></DT
 ></DL
 ></DD
 ><DT
->3. <A
-HREF="browsing-quick.html"
->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
+>3.3. <A
+HREF="passdb.html#AEN357"
+>The smbpasswd Command</A
+></DT
+><DT
+>3.4. <A
+HREF="passdb.html#AEN388"
+>Plain text</A
+></DT
+><DT
+>3.5. <A
+HREF="passdb.html#AEN393"
+>TDB</A
+></DT
+><DT
+>3.6. <A
+HREF="passdb.html#AEN396"
+>LDAP</A
 ></DT
 ><DD
 ><DL
 ><DT
->3.1. <A
-HREF="browsing-quick.html#AEN377"
->Discussion</A
+>3.6.1. <A
+HREF="passdb.html#AEN398"
+>Introduction</A
 ></DT
 ><DT
->3.2. <A
-HREF="browsing-quick.html#AEN385"
->Use of the "Remote Announce" parameter</A
+>3.6.2. <A
+HREF="passdb.html#AEN418"
+>Introduction</A
 ></DT
 ><DT
->3.3. <A
-HREF="browsing-quick.html#AEN399"
->Use of the "Remote Browse Sync" parameter</A
+>3.6.3. <A
+HREF="passdb.html#AEN447"
+>Supported LDAP Servers</A
 ></DT
 ><DT
->3.4. <A
-HREF="browsing-quick.html#AEN404"
->Use of WINS</A
+>3.6.4. <A
+HREF="passdb.html#AEN452"
+>Schema and Relationship to the RFC 2307 posixAccount</A
 ></DT
 ><DT
->3.5. <A
-HREF="browsing-quick.html#AEN415"
->Do NOT use more than one (1) protocol on MS Windows machines</A
+>3.6.5. <A
+HREF="passdb.html#AEN464"
+>Configuring Samba with LDAP</A
 ></DT
 ><DT
->3.6. <A
-HREF="browsing-quick.html#AEN421"
->Name Resolution Order</A
+>3.6.6. <A
+HREF="passdb.html#AEN511"
+>Accounts and Groups management</A
+></DT
+><DT
+>3.6.7. <A
+HREF="passdb.html#AEN516"
+>Security and sambaAccount</A
+></DT
+><DT
+>3.6.8. <A
+HREF="passdb.html#AEN536"
+>LDAP specials attributes for sambaAccounts</A
+></DT
+><DT
+>3.6.9. <A
+HREF="passdb.html#AEN606"
+>Example LDIF Entries for a sambaAccount</A
 ></DT
 ></DL
 ></DD
 ><DT
->4. <A
-HREF="pwencrypt.html"
->LanMan and NT Password Encryption in Samba</A
+>3.7. <A
+HREF="passdb.html#AEN614"
+>MySQL</A
 ></DT
 ><DD
 ><DL
 ><DT
->4.1. <A
-HREF="pwencrypt.html#AEN457"
->Introduction</A
+>3.7.1. <A
+HREF="passdb.html#AEN616"
+>Building</A
 ></DT
 ><DT
->4.2. <A
-HREF="pwencrypt.html#AEN462"
->Important Notes About Security</A
+>3.7.2. <A
+HREF="passdb.html#AEN622"
+>Creating the database</A
 ></DT
-><DD
-><DL
 ><DT
->4.2.1. <A
-HREF="pwencrypt.html#AEN481"
->Advantages of SMB Encryption</A
+>3.7.3. <A
+HREF="passdb.html#AEN632"
+>Configuring</A
 ></DT
 ><DT
->4.2.2. <A
-HREF="pwencrypt.html#AEN488"
->Advantages of non-encrypted passwords</A
+>3.7.4. <A
+HREF="passdb.html#AEN649"
+>Using plaintext passwords or encrypted password</A
+></DT
+><DT
+>3.7.5. <A
+HREF="passdb.html#AEN654"
+>Getting non-column data from the table</A
 ></DT
 ></DL
 ></DD
 ><DT
->4.3. <A
-HREF="pwencrypt.html#AEN497"
->The smbpasswd Command</A
+>3.8. <A
+HREF="passdb.html#AEN662"
+>Passdb XML plugin</A
+></DT
+><DD
+><DL
+><DT
+>3.8.1. <A
+HREF="passdb.html#AEN664"
+>Building</A
+></DT
+><DT
+>3.8.2. <A
+HREF="passdb.html#AEN670"
+>Usage</A
 ></DT
 ></DL
 ></DD
 ></DL
+></DD
+></DL
 ></DIV
 ></DIV
 ></DIV
diff --git a/docs/htmldocs/lmhosts.5.html b/docs/htmldocs/lmhosts.5.html
index 4d7f11e64b..2977cb1227 100644
--- a/docs/htmldocs/lmhosts.5.html
+++ b/docs/htmldocs/lmhosts.5.html
@@ -5,7 +5,7 @@
 >lmhosts</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="LMHOSTS"
+NAME="LMHOSTS.5"
 ></A
 >lmhosts</H1
 ><DIV
@@ -37,24 +37,28 @@ NAME="AEN8"
 ><TT
 CLASS="FILENAME"
 >lmhosts</TT
-> is the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+> is the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > NetBIOS name to IP address mapping file.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN12"
+NAME="AEN14"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
->This file is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This file is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><TT
@@ -78,7 +82,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN20"
+NAME="AEN24"
 ></A
 ><H2
 >FILE FORMAT</H2
@@ -86,7 +90,7 @@ NAME="AEN20"
 >It is an ASCII file containing one line for NetBIOS name. 
 	The two fields on each line are separated from each other by 
 	white space. Any entry beginning with '#' is ignored. Each line 
-	in the lmhosts file contains the following information :</P
+	in the lmhosts file contains the following information:</P
 ><P
 ></P
 ><UL
@@ -107,8 +111,7 @@ NAME="AEN20"
 ></LI
 ></UL
 ><P
->An example follows :</P
-><P
+>An example follows:</P
 ><PRE
 CLASS="PROGRAMLISTING"
 >#
@@ -118,7 +121,6 @@ CLASS="PROGRAMLISTING"
 192.9.200.20	NTSERVER#20
 192.9.200.21	SAMBASERVER
 	</PRE
-></P
 ><P
 >Contains three IP to NetBIOS name mappings. The first 
 	and third will be returned for any queries for the names "TESTPC" 
@@ -133,58 +135,57 @@ CLASS="PROGRAMLISTING"
 CLASS="FILENAME"
 >lmhosts</TT
 > file 
-	is in the same directory as the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-> 		
-	smb.conf(5)&#62;</A
+	is in the same directory as the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN37"
+NAME="AEN42"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 2.2 of 
-	the Samba suite.</P
+>This man page is correct for version 3.0 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN40"
+NAME="AEN45"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)
-	</B
-></A
->, <A
-HREF="smb.conf.5.html#NAMERESOLVEORDER"
-TARGET="_top"
->	smb.conf(5)</A
->, and <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->	smbpasswd(8)</B
-></A
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>, and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN48"
+NAME="AEN57"
 ></A
 ><H2
 >AUTHOR</H2
@@ -203,7 +204,8 @@ TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+	XML 4.2 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/msdfs.html b/docs/htmldocs/msdfs.html
index f6fe1c7e1d..f10e0995d5 100644
--- a/docs/htmldocs/msdfs.html
+++ b/docs/htmldocs/msdfs.html
@@ -5,8 +5,7 @@
 >Hosting a Microsoft Distributed File System tree on Samba</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -74,13 +73,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="MSDFS">Chapter 13. Hosting a Microsoft Distributed File System tree on Samba</H1
+NAME="MSDFS"
+></A
+>Chapter 12. Hosting a Microsoft Distributed File System tree on Samba</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1859">13.1. Instructions</H1
+NAME="AEN1993"
+></A
+>12.1. Instructions</H1
 ><P
 >The Distributed File System (or Dfs) provides a means of 
 	separating the logical view of files and directories that users 
@@ -226,7 +229,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1894">13.1.1. Notes</H2
+NAME="AEN2028"
+></A
+>12.1.1. Notes</H2
 ><P
 ></P
 ><UL
diff --git a/docs/htmldocs/net.8.html b/docs/htmldocs/net.8.html
index b7ed1357c3..1652fb4141 100644
--- a/docs/htmldocs/net.8.html
+++ b/docs/htmldocs/net.8.html
@@ -5,7 +5,7 @@
 >net</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="NET"
+NAME="NET.8"
 ></A
 >net</H1
 ><DIV
@@ -48,10 +48,12 @@ NAME="AEN31"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 >The samba net utility is meant to work just like the net utility 
@@ -60,7 +62,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN36"
+NAME="AEN38"
 ></A
 ><H2
 >OPTIONS</H2
@@ -81,7 +83,8 @@ CLASS="VARIABLELIST"
 >-w target-workgroup</DT
 ><DD
 ><P
->		Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
+>		Sets target workgroup or domain. You have to specify 
+		either this option or the IP address or the name of a server.
 		</P
 ></DD
 ><DT
@@ -102,7 +105,8 @@ CLASS="VARIABLELIST"
 >-I ip-address</DT
 ><DD
 ><P
->		IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
+>		IP address of target server to use. You have to
+		specify either this option or a target workgroup or a target server.
 		</P
 ></DD
 ><DT
@@ -130,7 +134,8 @@ CLASS="VARIABLELIST"
 >-S server</DT
 ><DD
 ><P
->		Name of target server. You should specify either this option or a target workgroup or a target IP address.
+>		Name of target server. You should specify either 
+		this option or a target workgroup or a target IP address.
 		</P
 ></DD
 ><DT
@@ -215,7 +220,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN116"
+NAME="AEN118"
 ></A
 ><H2
 >TIME</H2
@@ -245,7 +250,10 @@ CLASS="COMMAND"
 >SYSTEM</DT
 ><DD
 ><P
->		Displays the time on the remote server in a format ready for /bin/date
+>		Displays the time on the remote server in a format ready for <B
+CLASS="COMMAND"
+>/bin/date</B
+>
 		</P
 ></DD
 ><DT
@@ -253,7 +261,10 @@ CLASS="COMMAND"
 ><DD
 ><P
 >		Tries to set the date and time of the local server to that on 
-		the remote server using /bin/date.
+		the remote server using <B
+CLASS="COMMAND"
+>/bin/date</B
+>.
 		</P
 ></DD
 ><DT
@@ -269,7 +280,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN138"
+NAME="AEN142"
 ></A
 ><H2
 >RPC</H2
@@ -320,7 +331,7 @@ CLASS="VARIABLELIST"
 		</P
 ></DD
 ><DT
->USER ADD &lt;name&gt; [password] [-F user flags] [misc. options</DT
+>USER ADD &lt;name&gt; [password] [-F user flags] [misc. options]</DT
 ><DD
 ><P
 >		Add specified user
@@ -373,7 +384,7 @@ CLASS="VARIABLELIST"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN191"
+NAME="AEN195"
 ></A
 ><H2
 >VERSION</H2
@@ -384,7 +395,7 @@ NAME="AEN191"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN194"
+NAME="AEN198"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html
index 1183a14522..87a042a912 100644
--- a/docs/htmldocs/nmbd.8.html
+++ b/docs/htmldocs/nmbd.8.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >nmbd</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="NMBD">nmbd</H1
+NAME="NMBD.8"
+></A
+>nmbd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -29,13 +30,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >nmbd</B
-> [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d &#60;debug level&#62;] [-H &#60;lmhosts file&#62;] [-l &#60;log directory&#62;] [-n &#60;primary netbios name&#62;] [-p &#60;port number&#62;] [-s &#60;configuration file&#62;]</P
+>  [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d &lt;debug level&gt;] [-H &lt;lmhosts file&gt;] [-l &lt;log directory&gt;] [-n &lt;primary netbios name&gt;] [-p &lt;port number&gt;] [-s &lt;configuration file&gt;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -45,7 +48,13 @@ NAME="AEN25"
 ><H2
 >DESCRIPTION</H2
 ><P
->This program is part of the Samba suite.</P
+>This program is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
+> suite.</P
 ><P
 ><B
 CLASS="COMMAND"
@@ -69,9 +78,12 @@ CLASS="COMMAND"
 	specified it will respond with the IP number of the host it 
 	is running on.  Its "own NetBIOS name" is by
 	default the primary DNS name of the host it is running on, 
-	but this can be overridden with the <I
+	but this can be overridden with the <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >-n</I
+></SPAN
 > 
 	option (see OPTIONS below). Thus <B
 CLASS="COMMAND"
@@ -82,13 +94,12 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > to respond on can be set 
-	via parameters in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->	smb.conf(5)</TT
-></A
+	via parameters in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > configuration file.</P
 ><P
 ><B
@@ -111,7 +122,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN42"
+NAME="AEN46"
 ></A
 ><H2
 >OPTIONS</H2
@@ -204,9 +215,9 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > also logs to standard
-		output, as if the <B
-CLASS="COMMAND"
->-S</B
+		output, as if the <TT
+CLASS="CONSTANT"
+>-S</TT
 > parameter had been
 		given. </P
 ></DD
@@ -233,7 +244,7 @@ CLASS="COMMAND"
 >.</P
 ></DD
 ><DT
->-H &#60;filename&#62;</DT
+>-H &lt;filename&gt;</DT
 ><DD
 ><P
 >NetBIOS lmhosts file.  The lmhosts 
@@ -242,28 +253,39 @@ CLASS="COMMAND"
 		resolution mechanism <A
 HREF="smb.conf.5.html#nameresolveorder"
 TARGET="_top"
->		name resolve order</A
-> described in <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-> <TT
-CLASS="FILENAME"
->smb.conf(5)</TT
+><TT
+CLASS="PARAMETER"
+><I
+>name resolve
+		order</I
+></TT
 ></A
->
-		to resolve any NetBIOS name queries needed by the server. Note 
-		that the contents of this file are <I
+> described in <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> to resolve any 
+		NetBIOS name queries needed by the server. Note 
+		that the contents of this file are <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > 
 		used by <B
 CLASS="COMMAND"
 >nmbd</B
 > to answer any name queries. 
 		Adding a line to this file affects name NetBIOS resolution 
-		from this host <I
+		from this host <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >ONLY</I
+></SPAN
 >.</P
 ><P
 >The default path to this file is compiled into 
@@ -278,17 +300,14 @@ CLASS="FILENAME"
 > or
 		<TT
 CLASS="FILENAME"
->/etc/lmhosts</TT
->. See the
-		<A
-HREF="lmhosts.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->lmhosts(5)</TT
-></A
->
-		man page for details on the contents of this file.</P
+>/etc/samba/lmhosts</TT
+>. See the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>lmhosts</SPAN
+>(5)</SPAN
+> man page for details on the contents of this file.</P
 ></DD
 ><DT
 >-V</DT
@@ -301,7 +320,7 @@ CLASS="COMMAND"
 >.</P
 ></DD
 ><DT
->-d &#60;debug level&#62;</DT
+>-d &lt;debug level&gt;</DT
 ><DD
 ><P
 >debuglevel is an integer 
@@ -325,19 +344,23 @@ CLASS="COMMAND"
 		the <A
 HREF="smb.conf.5.html#loglevel"
 TARGET="_top"
->log level</A
-> 
-		parameter in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
 ><TT
-CLASS="FILENAME"
->		smb.conf(5)</TT
+CLASS="PARAMETER"
+><I
+>log level</I
+></TT
 ></A
+> 
+		parameter in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file.</P
 ></DD
 ><DT
->-l &#60;log directory&#62;</DT
+>-l &lt;log directory&gt;</DT
 ><DD
 ><P
 >The -l parameter specifies a directory 
@@ -357,9 +380,12 @@ CLASS="FILENAME"
 		<TT
 CLASS="FILENAME"
 >/var/log/log.nmb</TT
->.  <I
+>.  <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >Beware:</I
+></SPAN
 >
                 If the directory specified does not exist, <B
 CLASS="COMMAND"
@@ -369,7 +395,7 @@ CLASS="COMMAND"
 		</P
 ></DD
 ><DT
->-n &#60;primary NetBIOS name&#62;</DT
+>-n &lt;primary NetBIOS name&gt;</DT
 ><DD
 ><P
 >This option allows you to override
@@ -377,24 +403,31 @@ CLASS="COMMAND"
 		to setting the <A
 HREF="smb.conf.5.html#netbiosname"
 TARGET="_top"
->		NetBIOS name</A
-> parameter in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->	
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
+><TT
+CLASS="PARAMETER"
+><I
+>NetBIOS
+		name</I
+></TT
 ></A
+> parameter in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file.  However, a command
 		line setting will take precedence over settings in 
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 >.</P
 ></DD
 ><DT
->-p &#60;UDP port number&#62;</DT
+>-p &lt;UDP port number&gt;</DT
 ><DD
 ><P
 >UDP port number is a positive integer value.
@@ -407,7 +440,7 @@ CLASS="COMMAND"
 		won't need help!</P
 ></DD
 ><DT
->-s &#60;configuration file&#62;</DT
+>-s &lt;configuration file&gt;</DT
 ><DD
 ><P
 >The default configuration file name
@@ -418,13 +451,12 @@ CLASS="FILENAME"
 		this may be changed when Samba is autoconfigured.</P
 ><P
 >The file specified contains the configuration details
-		required by the server. See <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->		<TT
-CLASS="FILENAME"
->smb.conf(5)</TT
-></A
+		required by the server. See <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > for more information.
 		</P
 ></DD
@@ -434,7 +466,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN148"
+NAME="AEN162"
 ></A
 ><H2
 >FILES</H2
@@ -457,9 +489,9 @@ CLASS="COMMAND"
 > meta-daemon, this file
 		must contain suitable startup information for the
 		meta-daemon. See the <A
-HREF="UNIX_INSTALL.html"
+HREF="install.html"
 TARGET="_top"
->UNIX_INSTALL.html</A
+>install</A
 > document
 		for details.
 		</P
@@ -477,9 +509,9 @@ CLASS="FILENAME"
 >If running the server as a daemon at startup,
 		this file will need to contain an appropriate startup
 		sequence for the server. See the <A
-HREF="UNIX_INSTALL.html"
+HREF="install.html"
 TARGET="_top"
->UNIX_INSTALL.html</A
+>"How to Install and Test SAMBA"</A
 > document
 		for details.</P
 ></DD
@@ -498,9 +530,9 @@ CLASS="COMMAND"
 		must contain a mapping of service name (e.g., netbios-ssn)
 		to service port (e.g., 139) and protocol type (e.g., tcp).
 		See the <A
-HREF="UNIX_INSTALL.html"
+HREF="install.html"
 TARGET="_top"
->UNIX_INSTALL.html</A
+>"How to Install and Test SAMBA"</A
 >
 		document for details.</P
 ></DD
@@ -511,34 +543,39 @@ CLASS="FILENAME"
 ></DT
 ><DD
 ><P
->This is the default location of the
-		<A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf</TT
-></A
->
-		server configuration file. Other common places that systems
+>This is the default location of 
+		the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> server
+		configuration file. Other common places that systems
 		install this file are <TT
 CLASS="FILENAME"
 >/usr/samba/lib/smb.conf</TT
 >
 		and <TT
 CLASS="FILENAME"
->/etc/smb.conf</TT
+>/etc/samba/smb.conf</TT
 >.</P
 ><P
 >When run as a WINS server (see the
 		<A
 HREF="smb.conf.5.html#WINSSUPPORT"
 TARGET="_top"
->wins support</A
+><TT
+CLASS="CONSTANT"
+>wins support</TT
+></A
 >
-		parameter in the <TT
-CLASS="FILENAME"
->smb.conf(5)</TT
+		parameter in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > man page),
 		<B
 CLASS="COMMAND"
@@ -557,19 +594,27 @@ CLASS="FILENAME"
 >If <B
 CLASS="COMMAND"
 >nmbd</B
-> is acting as a <I
+> is acting as a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >		browse master</I
+></SPAN
 > (see the <A
 HREF="smb.conf.5.html#LOCALMASTER"
 TARGET="_top"
->local master</A
+><TT
+CLASS="CONSTANT"
+>local master</TT
+></A
 >
-		parameter in the <TT
-CLASS="FILENAME"
->smb.conf(5)</TT
-> man page,
-		<B
+		parameter in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> man page, <B
 CLASS="COMMAND"
 >nmbd</B
 >
@@ -590,7 +635,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN195"
+NAME="AEN216"
 ></A
 ><H2
 >SIGNALS</H2
@@ -599,9 +644,12 @@ NAME="AEN195"
 CLASS="COMMAND"
 >nmbd</B
 > process it is recommended
-	that SIGKILL (-9) <I
+	that SIGKILL (-9) <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > be used, except as a last
 	resort, as this may leave the name database in an inconsistent state.
 	The correct way to terminate <B
@@ -636,23 +684,22 @@ CLASS="FILENAME"
 >log.nmb</TT
 > file.</P
 ><P
->The debug log level of nmbd may be raised or lowered using
-	<A
-HREF="smbcontrol.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbcontrol(1)</B
->
-	</A
-> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
-	to allow transient problems to be diagnosed, whilst still running
+>The debug log level of nmbd may be raised or lowered
+	using <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbcontrol</SPAN
+>(1)</SPAN
+> (SIGUSR[1|2] signals
+	are no longer used since Samba 2.2). This is to allow
+	transient problems to be diagnosed, whilst still running 
 	at a normally low log level.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN211"
+NAME="AEN233"
 ></A
 ><H2
 >VERSION</H2
@@ -663,54 +710,49 @@ NAME="AEN211"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN214"
+NAME="AEN236"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><B
-CLASS="COMMAND"
->inetd(8)</B
->, <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->, 
-	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)</TT
->
-	</A
->, <A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)
-	</B
-></A
->, <A
-HREF="testparm.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->	testparm(1)</B
-></A
->, <A
-HREF="testprns.1.html"
-TARGET="_top"
->	<B
-CLASS="COMMAND"
->testprns(1)</B
-></A
->, and the Internet RFC's
-	<TT
+>	<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>inetd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testparm</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testprns</SPAN
+>(1)</SPAN
+>, and the Internet 
+	RFC's <TT
 CLASS="FILENAME"
 >rfc1001.txt</TT
 >, <TT
@@ -728,7 +770,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN231"
+NAME="AEN260"
 ></A
 ><H2
 >AUTHOR</H2
@@ -740,14 +782,14 @@ NAME="AEN231"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+	XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/nmblookup.1.html b/docs/htmldocs/nmblookup.1.html
index 2ce322990f..9e6da1c7b2 100644
--- a/docs/htmldocs/nmblookup.1.html
+++ b/docs/htmldocs/nmblookup.1.html
@@ -5,7 +5,7 @@
 >nmblookup</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -48,10 +48,12 @@ NAME="AEN25"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -66,7 +68,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN31"
+NAME="AEN33"
 ></A
 ><H2
 >OPTIONS</H2
@@ -109,7 +111,7 @@ CLASS="CONSTANT"
 		query to a machine running a WINS server and the user wishes 
 		to query the names in the WINS server.  If this bit is unset 
 		the normal (broadcast responding) NetBIOS processing code 
-		on a machine is used instead. See rfc1001, rfc1002 for details.
+		on a machine is used instead. See RFC1001, RFC1002 for details.
 		</P
 ></DD
 ><DT
@@ -130,12 +132,13 @@ CLASS="CONSTANT"
 		where it ignores the source port of the requesting packet 
 	 	and only replies to UDP port 137. Unfortunately, on most UNIX 
 		systems root privilege is needed to bind to this port, and 
-		in addition, if the <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> 
-		daemon is running on this machine it also binds to this port.
+		in addition, if the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+> daemon is running on this machine it also binds to this port.
 		</P
 ></DD
 ><DT
@@ -173,9 +176,12 @@ CLASS="PARAMETER"
 ></TT
 >
 		</A
-> parameter of the  <TT
-CLASS="FILENAME"
->smb.conf (5)</TT
+> parameter of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file.
 		</P
 ></DD
@@ -311,7 +317,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN115"
+NAME="AEN121"
 ></A
 ><H2
 >EXAMPLES</H2
@@ -324,11 +330,11 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nslookup</B
 > is 
-		used to query DNS servers). To query a WINS server, 
-		<B
+		used to query DNS servers). To query a WINS server, <B
 CLASS="COMMAND"
 >nmblookup</B
-> must be called like this:</P
+> 
+		must be called like this:</P
 ><P
 ><B
 CLASS="COMMAND"
@@ -348,7 +354,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN127"
+NAME="AEN133"
 ></A
 ><H2
 >VERSION</H2
@@ -359,34 +365,35 @@ NAME="AEN127"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN130"
+NAME="AEN136"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
->, 
-	<A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
->, and	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
->
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>samba</SPAN
+>(7)</SPAN
+>, and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN137"
+NAME="AEN148"
 ></A
 ><H2
 >AUTHOR</H2
@@ -398,14 +405,14 @@ NAME="AEN137"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+	XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/optional.html b/docs/htmldocs/optional.html
index b15515ddab..b5564b9f26 100644
--- a/docs/htmldocs/optional.html
+++ b/docs/htmldocs/optional.html
@@ -5,13 +5,12 @@
 >Optional configuration</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="PREVIOUS"
-TITLE="Samba as a NT4 domain member"
+TITLE="Samba as a NT4 or Win2k domain member"
 HREF="domain-security.html"><LINK
 REL="NEXT"
 TITLE="Integrating MS Windows networks with Samba"
@@ -69,7 +68,9 @@ WIDTH="100%"></DIV
 ><DIV
 CLASS="PART"
 ><A
-NAME="OPTIONAL"><DIV
+NAME="OPTIONAL"
+></A
+><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
@@ -77,7 +78,9 @@ CLASS="TITLE"
 ><DIV
 CLASS="PARTINTRO"
 ><A
-NAME="AEN1360"><H1
+NAME="AEN1499"
+></A
+><H1
 >Introduction</H1
 ><P
 >Samba has several features that you might want or might not want to use. The chapters in this 
@@ -91,51 +94,51 @@ CLASS="TOC"
 >Table of Contents</B
 ></DT
 ><DT
->10. <A
+>9. <A
 HREF="integrate-ms-networks.html"
 >Integrating MS Windows networks with Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.1. <A
-HREF="integrate-ms-networks.html#AEN1374"
+>9.1. <A
+HREF="integrate-ms-networks.html#AEN1513"
 >Agenda</A
 ></DT
 ><DT
->10.2. <A
-HREF="integrate-ms-networks.html#AEN1396"
+>9.2. <A
+HREF="integrate-ms-networks.html#AEN1535"
 >Name Resolution in a pure Unix/Linux world</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.2.1. <A
-HREF="integrate-ms-networks.html#AEN1412"
+>9.2.1. <A
+HREF="integrate-ms-networks.html#AEN1551"
 ><TT
 CLASS="FILENAME"
 >/etc/hosts</TT
 ></A
 ></DT
 ><DT
->10.2.2. <A
-HREF="integrate-ms-networks.html#AEN1428"
+>9.2.2. <A
+HREF="integrate-ms-networks.html#AEN1567"
 ><TT
 CLASS="FILENAME"
 >/etc/resolv.conf</TT
 ></A
 ></DT
 ><DT
->10.2.3. <A
-HREF="integrate-ms-networks.html#AEN1439"
+>9.2.3. <A
+HREF="integrate-ms-networks.html#AEN1578"
 ><TT
 CLASS="FILENAME"
 >/etc/host.conf</TT
 ></A
 ></DT
 ><DT
->10.2.4. <A
-HREF="integrate-ms-networks.html#AEN1447"
+>9.2.4. <A
+HREF="integrate-ms-networks.html#AEN1586"
 ><TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
@@ -144,140 +147,140 @@ CLASS="FILENAME"
 ></DL
 ></DD
 ><DT
->10.3. <A
-HREF="integrate-ms-networks.html#AEN1459"
+>9.3. <A
+HREF="integrate-ms-networks.html#AEN1598"
 >Name resolution as used within MS Windows networking</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.3.1. <A
-HREF="integrate-ms-networks.html#AEN1471"
+>9.3.1. <A
+HREF="integrate-ms-networks.html#AEN1610"
 >The NetBIOS Name Cache</A
 ></DT
 ><DT
->10.3.2. <A
-HREF="integrate-ms-networks.html#AEN1476"
+>9.3.2. <A
+HREF="integrate-ms-networks.html#AEN1615"
 >The LMHOSTS file</A
 ></DT
 ><DT
->10.3.3. <A
-HREF="integrate-ms-networks.html#AEN1484"
+>9.3.3. <A
+HREF="integrate-ms-networks.html#AEN1623"
 >HOSTS file</A
 ></DT
 ><DT
->10.3.4. <A
-HREF="integrate-ms-networks.html#AEN1489"
+>9.3.4. <A
+HREF="integrate-ms-networks.html#AEN1628"
 >DNS Lookup</A
 ></DT
 ><DT
->10.3.5. <A
-HREF="integrate-ms-networks.html#AEN1492"
+>9.3.5. <A
+HREF="integrate-ms-networks.html#AEN1631"
 >WINS Lookup</A
 ></DT
 ></DL
 ></DD
 ><DT
->10.4. <A
-HREF="integrate-ms-networks.html#AEN1504"
+>9.4. <A
+HREF="integrate-ms-networks.html#AEN1643"
 >How browsing functions and how to deploy stable and 
 dependable browsing using Samba</A
 ></DT
 ><DT
->10.5. <A
-HREF="integrate-ms-networks.html#AEN1514"
+>9.5. <A
+HREF="integrate-ms-networks.html#AEN1653"
 >MS Windows security options and how to configure 
 Samba for seemless integration</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.5.1. <A
-HREF="integrate-ms-networks.html#AEN1542"
+>9.5.1. <A
+HREF="integrate-ms-networks.html#AEN1681"
 >Use MS Windows NT as an authentication server</A
 ></DT
 ><DT
->10.5.2. <A
-HREF="integrate-ms-networks.html#AEN1550"
+>9.5.2. <A
+HREF="integrate-ms-networks.html#AEN1689"
 >Make Samba a member of an MS Windows NT security domain</A
 ></DT
 ><DT
->10.5.3. <A
-HREF="integrate-ms-networks.html#AEN1567"
+>9.5.3. <A
+HREF="integrate-ms-networks.html#AEN1706"
 >Configure Samba as an authentication server</A
 ></DT
 ></DL
 ></DD
 ><DT
->10.6. <A
-HREF="integrate-ms-networks.html#AEN1584"
+>9.6. <A
+HREF="integrate-ms-networks.html#AEN1723"
 >Conclusions</A
 ></DT
 ></DL
 ></DD
 ><DT
->11. <A
+>10. <A
 HREF="unix-permissions.html"
 >UNIX Permission Bits and Windows NT Access Control Lists</A
 ></DT
 ><DD
 ><DL
 ><DT
->11.1. <A
-HREF="unix-permissions.html#AEN1605"
+>10.1. <A
+HREF="unix-permissions.html#AEN1744"
 >Viewing and changing UNIX permissions using the NT 
 	security dialogs</A
 ></DT
 ><DT
->11.2. <A
-HREF="unix-permissions.html#AEN1614"
+>10.2. <A
+HREF="unix-permissions.html#AEN1748"
 >How to view file security on a Samba share</A
 ></DT
 ><DT
->11.3. <A
-HREF="unix-permissions.html#AEN1625"
+>10.3. <A
+HREF="unix-permissions.html#AEN1759"
 >Viewing file ownership</A
 ></DT
 ><DT
->11.4. <A
-HREF="unix-permissions.html#AEN1645"
+>10.4. <A
+HREF="unix-permissions.html#AEN1779"
 >Viewing file or directory permissions</A
 ></DT
 ><DD
 ><DL
 ><DT
->11.4.1. <A
-HREF="unix-permissions.html#AEN1660"
+>10.4.1. <A
+HREF="unix-permissions.html#AEN1794"
 >File Permissions</A
 ></DT
 ><DT
->11.4.2. <A
-HREF="unix-permissions.html#AEN1674"
+>10.4.2. <A
+HREF="unix-permissions.html#AEN1808"
 >Directory Permissions</A
 ></DT
 ></DL
 ></DD
 ><DT
->11.5. <A
-HREF="unix-permissions.html#AEN1681"
+>10.5. <A
+HREF="unix-permissions.html#AEN1815"
 >Modifying file or directory permissions</A
 ></DT
 ><DT
->11.6. <A
-HREF="unix-permissions.html#AEN1703"
+>10.6. <A
+HREF="unix-permissions.html#AEN1837"
 >Interaction with the standard Samba create mask 
 	parameters</A
 ></DT
 ><DT
->11.7. <A
-HREF="unix-permissions.html#AEN1767"
+>10.7. <A
+HREF="unix-permissions.html#AEN1901"
 >Interaction with the standard Samba file attribute 
 	mapping</A
 ></DT
 ></DL
 ></DD
 ><DT
->12. <A
+>11. <A
 HREF="pam.html"
 >Configuring PAM for distributed but centrally 
 managed authentication</A
@@ -285,39 +288,39 @@ managed authentication</A
 ><DD
 ><DL
 ><DT
->12.1. <A
-HREF="pam.html#AEN1788"
+>11.1. <A
+HREF="pam.html#AEN1922"
 >Samba and PAM</A
 ></DT
 ><DT
->12.2. <A
-HREF="pam.html#AEN1832"
+>11.2. <A
+HREF="pam.html#AEN1966"
 >Distributed Authentication</A
 ></DT
 ><DT
->12.3. <A
-HREF="pam.html#AEN1839"
+>11.3. <A
+HREF="pam.html#AEN1973"
 >PAM Configuration in smb.conf</A
 ></DT
 ></DL
 ></DD
 ><DT
->13. <A
+>12. <A
 HREF="msdfs.html"
 >Hosting a Microsoft Distributed File System tree on Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->13.1. <A
-HREF="msdfs.html#AEN1859"
+>12.1. <A
+HREF="msdfs.html#AEN1993"
 >Instructions</A
 ></DT
 ><DD
 ><DL
 ><DT
->13.1.1. <A
-HREF="msdfs.html#AEN1894"
+>12.1.1. <A
+HREF="msdfs.html#AEN2028"
 >Notes</A
 ></DT
 ></DL
@@ -325,130 +328,130 @@ HREF="msdfs.html#AEN1894"
 ></DL
 ></DD
 ><DT
->14. <A
+>13. <A
 HREF="printing.html"
 >Printing Support</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.1. <A
-HREF="printing.html#AEN1920"
+>13.1. <A
+HREF="printing.html#AEN2054"
 >Introduction</A
 ></DT
 ><DT
->14.2. <A
-HREF="printing.html#AEN1942"
+>13.2. <A
+HREF="printing.html#AEN2076"
 >Configuration</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.2.1. <A
-HREF="printing.html#AEN1950"
+>13.2.1. <A
+HREF="printing.html#AEN2084"
 >Creating [print$]</A
 ></DT
 ><DT
->14.2.2. <A
-HREF="printing.html#AEN1985"
+>13.2.2. <A
+HREF="printing.html#AEN2119"
 >Setting Drivers for Existing Printers</A
 ></DT
 ><DT
->14.2.3. <A
-HREF="printing.html#AEN2001"
+>13.2.3. <A
+HREF="printing.html#AEN2135"
 >Support a large number of printers</A
 ></DT
 ><DT
->14.2.4. <A
-HREF="printing.html#AEN2012"
+>13.2.4. <A
+HREF="printing.html#AEN2146"
 >Adding New Printers via the Windows NT APW</A
 ></DT
 ><DT
->14.2.5. <A
-HREF="printing.html#AEN2042"
+>13.2.5. <A
+HREF="printing.html#AEN2176"
 >Samba and Printer Ports</A
 ></DT
 ></DL
 ></DD
 ><DT
->14.3. <A
-HREF="printing.html#AEN2050"
+>13.3. <A
+HREF="printing.html#AEN2184"
 >The Imprints Toolset</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.3.1. <A
-HREF="printing.html#AEN2054"
+>13.3.1. <A
+HREF="printing.html#AEN2188"
 >What is Imprints?</A
 ></DT
 ><DT
->14.3.2. <A
-HREF="printing.html#AEN2064"
+>13.3.2. <A
+HREF="printing.html#AEN2198"
 >Creating Printer Driver Packages</A
 ></DT
 ><DT
->14.3.3. <A
-HREF="printing.html#AEN2067"
+>13.3.3. <A
+HREF="printing.html#AEN2201"
 >The Imprints server</A
 ></DT
 ><DT
->14.3.4. <A
-HREF="printing.html#AEN2071"
+>13.3.4. <A
+HREF="printing.html#AEN2205"
 >The Installation Client</A
 ></DT
 ></DL
 ></DD
 ><DT
->14.4. <A
-HREF="printing.html#AEN2093"
+>13.4. <A
+HREF="printing.html#AEN2227"
 >Diagnosis</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.4.1. <A
-HREF="printing.html#AEN2095"
+>13.4.1. <A
+HREF="printing.html#AEN2229"
 >Introduction</A
 ></DT
 ><DT
->14.4.2. <A
-HREF="printing.html#AEN2111"
+>13.4.2. <A
+HREF="printing.html#AEN2245"
 >Debugging printer problems</A
 ></DT
 ><DT
->14.4.3. <A
-HREF="printing.html#AEN2120"
+>13.4.3. <A
+HREF="printing.html#AEN2254"
 >What printers do I have?</A
 ></DT
 ><DT
->14.4.4. <A
-HREF="printing.html#AEN2128"
+>13.4.4. <A
+HREF="printing.html#AEN2262"
 >Setting up printcap and print servers</A
 ></DT
 ><DT
->14.4.5. <A
-HREF="printing.html#AEN2156"
+>13.4.5. <A
+HREF="printing.html#AEN2290"
 >Job sent, no output</A
 ></DT
 ><DT
->14.4.6. <A
-HREF="printing.html#AEN2167"
+>13.4.6. <A
+HREF="printing.html#AEN2301"
 >Job sent, strange output</A
 ></DT
 ><DT
->14.4.7. <A
-HREF="printing.html#AEN2179"
+>13.4.7. <A
+HREF="printing.html#AEN2313"
 >Raw PostScript printed</A
 ></DT
 ><DT
->14.4.8. <A
-HREF="printing.html#AEN2182"
+>13.4.8. <A
+HREF="printing.html#AEN2316"
 >Advanced Printing</A
 ></DT
 ><DT
->14.4.9. <A
-HREF="printing.html#AEN2185"
+>13.4.9. <A
+HREF="printing.html#AEN2319"
 >Real debugging</A
 ></DT
 ></DL
@@ -456,205 +459,235 @@ HREF="printing.html#AEN2185"
 ></DL
 ></DD
 ><DT
->15. <A
+>14. <A
 HREF="winbind.html"
 >Unified Logons between Windows NT and UNIX using Winbind</A
 ></DT
 ><DD
 ><DL
 ><DT
->15.1. <A
-HREF="winbind.html#AEN2225"
+>14.1. <A
+HREF="winbind.html#AEN2360"
 >Abstract</A
 ></DT
 ><DT
->15.2. <A
-HREF="winbind.html#AEN2229"
+>14.2. <A
+HREF="winbind.html#AEN2364"
 >Introduction</A
 ></DT
 ><DT
->15.3. <A
-HREF="winbind.html#AEN2242"
+>14.3. <A
+HREF="winbind.html#AEN2377"
 >What Winbind Provides</A
 ></DT
 ><DD
 ><DL
 ><DT
->15.3.1. <A
-HREF="winbind.html#AEN2249"
+>14.3.1. <A
+HREF="winbind.html#AEN2384"
 >Target Uses</A
 ></DT
 ></DL
 ></DD
 ><DT
->15.4. <A
-HREF="winbind.html#AEN2253"
+>14.4. <A
+HREF="winbind.html#AEN2388"
 >How Winbind Works</A
 ></DT
 ><DD
 ><DL
 ><DT
->15.4.1. <A
-HREF="winbind.html#AEN2258"
+>14.4.1. <A
+HREF="winbind.html#AEN2393"
 >Microsoft Remote Procedure Calls</A
 ></DT
 ><DT
->15.4.2. <A
-HREF="winbind.html#AEN2262"
+>14.4.2. <A
+HREF="winbind.html#AEN2397"
+>Microsoft Active Directory Services</A
+></DT
+><DT
+>14.4.3. <A
+HREF="winbind.html#AEN2400"
 >Name Service Switch</A
 ></DT
 ><DT
->15.4.3. <A
-HREF="winbind.html#AEN2278"
+>14.4.4. <A
+HREF="winbind.html#AEN2416"
 >Pluggable Authentication Modules</A
 ></DT
 ><DT
->15.4.4. <A
-HREF="winbind.html#AEN2286"
+>14.4.5. <A
+HREF="winbind.html#AEN2424"
 >User and Group ID Allocation</A
 ></DT
 ><DT
->15.4.5. <A
-HREF="winbind.html#AEN2290"
+>14.4.6. <A
+HREF="winbind.html#AEN2428"
 >Result Caching</A
 ></DT
 ></DL
 ></DD
 ><DT
->15.5. <A
-HREF="winbind.html#AEN2293"
+>14.5. <A
+HREF="winbind.html#AEN2431"
 >Installation and Configuration</A
 ></DT
 ><DD
 ><DL
 ><DT
->15.5.1. <A
-HREF="winbind.html#AEN2300"
+>14.5.1. <A
+HREF="winbind.html#AEN2438"
 >Introduction</A
 ></DT
 ><DT
->15.5.2. <A
-HREF="winbind.html#AEN2313"
+>14.5.2. <A
+HREF="winbind.html#AEN2451"
 >Requirements</A
 ></DT
 ><DT
->15.5.3. <A
-HREF="winbind.html#AEN2327"
+>14.5.3. <A
+HREF="winbind.html#AEN2465"
 >Testing Things Out</A
 ></DT
 ></DL
 ></DD
 ><DT
->15.6. <A
-HREF="winbind.html#AEN2542"
+>14.6. <A
+HREF="winbind.html#AEN2680"
 >Limitations</A
 ></DT
 ><DT
->15.7. <A
-HREF="winbind.html#AEN2552"
+>14.7. <A
+HREF="winbind.html#AEN2690"
 >Conclusion</A
 ></DT
 ></DL
 ></DD
 ><DT
->16. <A
-HREF="pdb-mysql.html"
->Passdb MySQL plugin</A
+>15. <A
+HREF="improved-browsing.html"
+>Improved browsing in samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->16.1. <A
-HREF="pdb-mysql.html#AEN2566"
->Building</A
+>15.1. <A
+HREF="improved-browsing.html#AEN2700"
+>Overview of browsing</A
 ></DT
 ><DT
->16.2. <A
-HREF="pdb-mysql.html#AEN2572"
->Configuring</A
+>15.2. <A
+HREF="improved-browsing.html#AEN2704"
+>Browsing support in samba</A
 ></DT
 ><DT
->16.3. <A
-HREF="pdb-mysql.html#AEN2589"
->Using plaintext passwords or encrypted password</A
+>15.3. <A
+HREF="improved-browsing.html#AEN2713"
+>Problem resolution</A
 ></DT
 ><DT
->16.4. <A
-HREF="pdb-mysql.html#AEN2594"
->Getting non-column data from the table</A
+>15.4. <A
+HREF="improved-browsing.html#AEN2720"
+>Browsing across subnets</A
+></DT
+><DD
+><DL
+><DT
+>15.4.1. <A
+HREF="improved-browsing.html#AEN2725"
+>How does cross subnet browsing work ?</A
 ></DT
 ></DL
 ></DD
 ><DT
->17. <A
-HREF="pdb-xml.html"
->Passdb XML plugin</A
+>15.5. <A
+HREF="improved-browsing.html#AEN2760"
+>Setting up a WINS server</A
 ></DT
-><DD
-><DL
 ><DT
->17.1. <A
-HREF="pdb-xml.html#AEN2613"
->Building</A
+>15.6. <A
+HREF="improved-browsing.html#AEN2779"
+>Setting up Browsing in a WORKGROUP</A
 ></DT
 ><DT
->17.2. <A
-HREF="pdb-xml.html#AEN2619"
->Usage</A
+>15.7. <A
+HREF="improved-browsing.html#AEN2797"
+>Setting up Browsing in a DOMAIN</A
+></DT
+><DT
+>15.8. <A
+HREF="improved-browsing.html#AEN2807"
+>Forcing samba to be the master</A
+></DT
+><DT
+>15.9. <A
+HREF="improved-browsing.html#AEN2816"
+>Making samba the domain master</A
+></DT
+><DT
+>15.10. <A
+HREF="improved-browsing.html#AEN2834"
+>Note about broadcast addresses</A
+></DT
+><DT
+>15.11. <A
+HREF="improved-browsing.html#AEN2837"
+>Multiple interfaces</A
 ></DT
 ></DL
 ></DD
 ><DT
->18. <A
+>16. <A
 HREF="vfs.html"
 >Stackable VFS modules</A
 ></DT
 ><DD
 ><DL
 ><DT
->18.1. <A
-HREF="vfs.html#AEN2640"
+>16.1. <A
+HREF="vfs.html#AEN2855"
 >Introduction and configuration</A
 ></DT
 ><DT
->18.2. <A
-HREF="vfs.html#AEN2649"
+>16.2. <A
+HREF="vfs.html#AEN2864"
 >Included modules</A
 ></DT
 ><DD
 ><DL
 ><DT
->18.2.1. <A
-HREF="vfs.html#AEN2651"
+>16.2.1. <A
+HREF="vfs.html#AEN2866"
 >audit</A
 ></DT
 ><DT
->18.2.2. <A
-HREF="vfs.html#AEN2659"
+>16.2.2. <A
+HREF="vfs.html#AEN2874"
 >recycle</A
 ></DT
 ><DT
->18.2.3. <A
-HREF="vfs.html#AEN2696"
+>16.2.3. <A
+HREF="vfs.html#AEN2911"
 >netatalk</A
 ></DT
 ></DL
 ></DD
 ><DT
->18.3. <A
-HREF="vfs.html#AEN2703"
+>16.3. <A
+HREF="vfs.html#AEN2918"
 >VFS modules available elsewhere</A
 ></DT
 ><DD
 ><DL
 ><DT
->18.3.1. <A
-HREF="vfs.html#AEN2707"
+>16.3.1. <A
+HREF="vfs.html#AEN2922"
 >DatabaseFS</A
 ></DT
 ><DT
->18.3.2. <A
-HREF="vfs.html#AEN2715"
+>16.3.2. <A
+HREF="vfs.html#AEN2930"
 >vscan</A
 ></DT
 ></DL
@@ -662,105 +695,32 @@ HREF="vfs.html#AEN2715"
 ></DL
 ></DD
 ><DT
->19. <A
-HREF="samba-ldap-howto.html"
->Storing Samba's User/Machine Account information in an LDAP Directory</A
-></DT
-><DD
-><DL
-><DT
->19.1. <A
-HREF="samba-ldap-howto.html#AEN2737"
->Purpose</A
-></DT
-><DT
->19.2. <A
-HREF="samba-ldap-howto.html#AEN2757"
->Introduction</A
-></DT
-><DT
->19.3. <A
-HREF="samba-ldap-howto.html#AEN2786"
->Supported LDAP Servers</A
-></DT
-><DT
->19.4. <A
-HREF="samba-ldap-howto.html#AEN2791"
->Schema and Relationship to the RFC 2307 posixAccount</A
-></DT
-><DT
->19.5. <A
-HREF="samba-ldap-howto.html#AEN2803"
->Configuring Samba with LDAP</A
-></DT
-><DD
-><DL
-><DT
->19.5.1. <A
-HREF="samba-ldap-howto.html#AEN2805"
->OpenLDAP configuration</A
-></DT
-><DT
->19.5.2. <A
-HREF="samba-ldap-howto.html#AEN2822"
->Configuring Samba</A
-></DT
-></DL
-></DD
-><DT
->19.6. <A
-HREF="samba-ldap-howto.html#AEN2850"
->Accounts and Groups management</A
-></DT
-><DT
->19.7. <A
-HREF="samba-ldap-howto.html#AEN2855"
->Security and sambaAccount</A
-></DT
-><DT
->19.8. <A
-HREF="samba-ldap-howto.html#AEN2875"
->LDAP specials attributes for sambaAccounts</A
-></DT
-><DT
->19.9. <A
-HREF="samba-ldap-howto.html#AEN2945"
->Example LDIF Entries for a sambaAccount</A
-></DT
-><DT
->19.10. <A
-HREF="samba-ldap-howto.html#AEN2953"
->Comments</A
-></DT
-></DL
-></DD
-><DT
->20. <A
+>17. <A
 HREF="cvs-access.html"
->HOWTO Access Samba source code via CVS</A
+>Access Samba source code via CVS</A
 ></DT
 ><DD
 ><DL
 ><DT
->20.1. <A
-HREF="cvs-access.html#AEN2964"
+>17.1. <A
+HREF="cvs-access.html#AEN2942"
 >Introduction</A
 ></DT
 ><DT
->20.2. <A
-HREF="cvs-access.html#AEN2969"
+>17.2. <A
+HREF="cvs-access.html#AEN2947"
 >CVS Access to samba.org</A
 ></DT
 ><DD
 ><DL
 ><DT
->20.2.1. <A
-HREF="cvs-access.html#AEN2972"
+>17.2.1. <A
+HREF="cvs-access.html#AEN2950"
 >Access via CVSweb</A
 ></DT
 ><DT
->20.2.2. <A
-HREF="cvs-access.html#AEN2977"
+>17.2.2. <A
+HREF="cvs-access.html#AEN2955"
 >Access via cvs</A
 ></DT
 ></DL
@@ -768,69 +728,117 @@ HREF="cvs-access.html#AEN2977"
 ></DL
 ></DD
 ><DT
->21. <A
+>18. <A
 HREF="groupmapping.html"
 >Group mapping HOWTO</A
 ></DT
 ><DT
->22. <A
+>19. <A
 HREF="speed.html"
 >Samba performance issues</A
 ></DT
 ><DD
 ><DL
 ><DT
->22.1. <A
-HREF="speed.html#AEN3055"
+>19.1. <A
+HREF="speed.html#AEN3033"
 >Comparisons</A
 ></DT
 ><DT
->22.2. <A
-HREF="speed.html#AEN3061"
+>19.2. <A
+HREF="speed.html#AEN3039"
 >Socket options</A
 ></DT
 ><DT
->22.3. <A
-HREF="speed.html#AEN3068"
+>19.3. <A
+HREF="speed.html#AEN3046"
 >Read size</A
 ></DT
 ><DT
->22.4. <A
-HREF="speed.html#AEN3073"
+>19.4. <A
+HREF="speed.html#AEN3051"
 >Max xmit</A
 ></DT
 ><DT
->22.5. <A
-HREF="speed.html#AEN3078"
+>19.5. <A
+HREF="speed.html#AEN3056"
 >Log level</A
 ></DT
 ><DT
->22.6. <A
-HREF="speed.html#AEN3081"
+>19.6. <A
+HREF="speed.html#AEN3059"
 >Read raw</A
 ></DT
 ><DT
->22.7. <A
-HREF="speed.html#AEN3086"
+>19.7. <A
+HREF="speed.html#AEN3064"
 >Write raw</A
 ></DT
 ><DT
->22.8. <A
-HREF="speed.html#AEN3090"
+>19.8. <A
+HREF="speed.html#AEN3068"
 >Slow Clients</A
 ></DT
 ><DT
->22.9. <A
-HREF="speed.html#AEN3094"
+>19.9. <A
+HREF="speed.html#AEN3072"
 >Slow Logins</A
 ></DT
 ><DT
->22.10. <A
-HREF="speed.html#AEN3097"
+>19.10. <A
+HREF="speed.html#AEN3075"
 >Client tuning</A
 ></DT
 ></DL
 ></DD
+><DT
+>20. <A
+HREF="groupprofiles.html"
+>Creating Group Profiles</A
+></DT
+><DD
+><DL
+><DT
+>20.1. <A
+HREF="groupprofiles.html#AEN3123"
+>Windows '9x</A
+></DT
+><DT
+>20.2. <A
+HREF="groupprofiles.html#AEN3132"
+>Windows NT 4</A
+></DT
+><DD
+><DL
+><DT
+>20.2.1. <A
+HREF="groupprofiles.html#AEN3155"
+>Side bar Notes</A
+></DT
+><DT
+>20.2.2. <A
+HREF="groupprofiles.html#AEN3159"
+>Mandatory profiles</A
+></DT
+><DT
+>20.2.3. <A
+HREF="groupprofiles.html#AEN3162"
+>moveuser.exe</A
+></DT
+><DT
+>20.2.4. <A
+HREF="groupprofiles.html#AEN3165"
+>Get SID</A
+></DT
+></DL
+></DD
+><DT
+>20.3. <A
+HREF="groupprofiles.html#AEN3170"
+>Windows 2000/XP</A
+></DT
+></DL
+></DD
 ></DL
 ></DIV
 ></DIV
@@ -879,7 +887,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->Samba as a NT4 domain member</TD
+>Samba as a NT4 or Win2k domain member</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
diff --git a/docs/htmldocs/other-clients.html b/docs/htmldocs/other-clients.html
index 130c9691e7..7f0f99319e 100644
--- a/docs/htmldocs/other-clients.html
+++ b/docs/htmldocs/other-clients.html
@@ -5,8 +5,7 @@
 >Samba and other CIFS clients</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,7 +72,9 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="OTHER-CLIENTS">Chapter 24. Samba and other CIFS clients</H1
+NAME="OTHER-CLIENTS"
+></A
+>Chapter 22. Samba and other CIFS clients</H1
 ><P
 >This chapter contains client-specific information.</P
 ><DIV
@@ -81,7 +82,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3199">24.1. Macintosh clients?</H1
+NAME="AEN3311"
+></A
+>22.1. Macintosh clients?</H1
 ><P
 >Yes. <A
 HREF="http://www.thursby.com/"
@@ -125,13 +128,17 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3208">24.2. OS2 Client</H1
+NAME="AEN3320"
+></A
+>22.2. OS2 Client</H1
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3210">24.2.1. How can I configure OS/2 Warp Connect or 
+NAME="AEN3322"
+></A
+>22.2.1. How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?</H2
 ><P
 >A more complete answer to this question can be 
@@ -188,7 +195,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3225">24.2.2. How can I configure OS/2 Warp 3 (not Connect), 
+NAME="AEN3337"
+></A
+>22.2.2. How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?</H2
 ><P
 >You can use the free Microsoft LAN Manager 2.2c Client 
@@ -230,7 +239,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3234">24.2.3. Are there any other issues when OS/2 (any version) 
+NAME="AEN3346"
+></A
+>22.2.3. Are there any other issues when OS/2 (any version) 
 		is used as a client?</H2
 ><P
 >When you do a NET VIEW or use the "File and Print 
@@ -250,7 +261,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3238">24.2.4. How do I get printer driver download working 
+NAME="AEN3350"
+></A
+>22.2.4. How do I get printer driver download working 
 		for OS/2 clients?</H2
 ><P
 >First, create a share called [PRINTDRV] that is 
@@ -299,13 +312,17 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3248">24.3. Windows for Workgroups</H1
+NAME="AEN3360"
+></A
+>22.3. Windows for Workgroups</H1
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3250">24.3.1. Use latest TCP/IP stack from Microsoft</H2
+NAME="AEN3362"
+></A
+>22.3.1. Use latest TCP/IP stack from Microsoft</H2
 ><P
 >Use the latest TCP/IP stack from microsoft if you use Windows
 for workgroups.</P
@@ -325,7 +342,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3255">24.3.2. Delete .pwl files after password change</H2
+NAME="AEN3367"
+></A
+>22.3.2. Delete .pwl files after password change</H2
 ><P
 >WfWg does a lousy job with passwords. I find that if I change my
 password on either the unix box or the PC the safest thing to do is to
@@ -343,7 +362,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3260">24.3.3. Configure WfW password handling</H2
+NAME="AEN3372"
+></A
+>22.3.3. Configure WfW password handling</H2
 ><P
 >There is a program call admincfg.exe
 on the last disk (disk 8) of the WFW 3.11 disk set.  To install it
@@ -360,7 +381,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN3264">24.3.4. Case handling of passwords</H2
+NAME="AEN3376"
+></A
+>22.3.4. Case handling of passwords</H2
 ><P
 >Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A
 HREF="smb.conf.5.html"
@@ -377,7 +400,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3269">24.4. Windows '95/'98</H1
+NAME="AEN3381"
+></A
+>22.4. Windows '95/'98</H1
 ><P
 >When using Windows 95 OEM SR2 the following updates are recommended where Samba
 is being used. Please NOTE that the above change will affect you once these
@@ -423,7 +448,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3285">24.5. Windows 2000 Service Pack 2</H1
+NAME="AEN3397"
+></A
+>22.5. Windows 2000 Service Pack 2</H1
 ><P
 > 
 There are several annoyances with Windows 2000 SP2. One of which
diff --git a/docs/htmldocs/pam.html b/docs/htmldocs/pam.html
index ba2bf6c922..a64de2a1b4 100644
--- a/docs/htmldocs/pam.html
+++ b/docs/htmldocs/pam.html
@@ -6,8 +6,7 @@
 managed authentication</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -74,14 +73,18 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="PAM">Chapter 12. Configuring PAM for distributed but centrally 
+NAME="PAM"
+></A
+>Chapter 11. Configuring PAM for distributed but centrally 
 managed authentication</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1788">12.1. Samba and PAM</H1
+NAME="AEN1922"
+></A
+>11.1. Samba and PAM</H1
 ><P
 >A number of Unix systems (eg: Sun Solaris), as well as the 
 xxxxBSD family and Linux, now utilize the Pluggable Authentication 
@@ -293,7 +296,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1832">12.2. Distributed Authentication</H1
+NAME="AEN1966"
+></A
+>11.2. Distributed Authentication</H1
 ><P
 >The astute administrator will realize from this that the 
 combination of <TT
@@ -324,7 +329,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1839">12.3. PAM Configuration in smb.conf</H1
+NAME="AEN1973"
+></A
+>11.3. PAM Configuration in smb.conf</H1
 ><P
 >There is an option in smb.conf called <A
 HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
diff --git a/docs/htmldocs/passdb.html b/docs/htmldocs/passdb.html
new file mode 100644
index 0000000000..f53641624a
--- /dev/null
+++ b/docs/htmldocs/passdb.html
@@ -0,0 +1,1646 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>User information database</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="UP"
+TITLE="General installation"
+HREF="introduction.html"><LINK
+REL="PREVIOUS"
+TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide"
+HREF="browsing-quick.html"><LINK
+REL="NEXT"
+TITLE="Type of installation"
+HREF="type.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="browsing-quick.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="type.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="PASSDB"
+></A
+>Chapter 3. User information database</H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN324"
+></A
+>3.1. Introduction</H1
+><P
+>Old windows clients send plain text passwords over the wire. 
+	Samba can check these passwords by crypting them and comparing them 
+	to the hash stored in the unix user database.
+	</P
+><P
+>	Newer windows clients send encrypted passwords (so-called 
+	Lanman and NT hashes) over 
+	the wire, instead of plain text passwords. The newest clients 
+	will only send encrypted passwords and refuse to send plain text 
+	passwords, unless their registry is tweaked.
+	</P
+><P
+>These passwords can't be converted to unix style encrypted 
+	passwords. Because of that you can't use the standard unix 
+	user database, and you have to store the Lanman and NT hashes 
+	somewhere else. </P
+><P
+>Next to a differently encrypted passwords, 
+	windows also stores certain data for each user 
+	that is not stored in a unix user database, e.g. 
+	workstations the user may logon from, the location where his/her 
+	profile is stored, etc.
+	Samba retrieves and stores this information using a "passdb backend".
+	Commonly
+	available backends are LDAP, plain text file, MySQL and nisplus.
+	For more information, see the documentation about the 
+	<B
+CLASS="COMMAND"
+>passdb backend = </B
+> parameter.
+	</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN331"
+></A
+>3.2. Important Notes About Security</H1
+><P
+>The unix and SMB password encryption techniques seem similar 
+	on the surface. This similarity is, however, only skin deep. The unix 
+	scheme typically sends clear text passwords over the network when 
+	logging in. This is bad. The SMB encryption scheme never sends the 
+	cleartext password over the network but it does store the 16 byte 
+	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
+	values are a "password equivalent". You cannot derive the user's 
+	password from them, but they could potentially be used in a modified 
+	client to gain access to a server. This would require considerable 
+	technical knowledge on behalf of the attacker but is perfectly possible. 
+	You should thus treat the data stored in whatever 
+	passdb backend you use (smbpasswd file, ldap, mysql) as though it contained the 
+	cleartext passwords of all your users. Its contents must be kept 
+	secret, and the file should be protected accordingly.</P
+><P
+>Ideally we would like a password scheme which neither requires 
+	plain text passwords on the net or on disk. Unfortunately this 
+	is not available as Samba is stuck with being compatible with 
+	other SMB systems (WinNT, WfWg, Win95 etc). </P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Note that Windows NT 4.0 Service pack 3 changed the 
+		default for permissible authentication so that plaintext 
+		passwords are <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>never</I
+></SPAN
+> sent over the wire. 
+		The solution to this is either to switch to encrypted passwords 
+		with Samba or edit the Windows NT registry to re-enable plaintext 
+		passwords. See the document WinNT.txt for details on how to do 
+		this.</P
+><P
+>Other Microsoft operating systems which also exhibit 
+		this behavior includes</P
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>MS DOS Network client 3.0 with 
+			the basic network redirector installed</TD
+></TR
+><TR
+><TD
+>Windows 95 with the network redirector 
+			update installed</TD
+></TR
+><TR
+><TD
+>Windows 98 [se]</TD
+></TR
+><TR
+><TD
+>Windows 2000</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Note :</I
+></SPAN
+>All current release of 
+		Microsoft SMB/CIFS clients support authentication via the
+		SMB Challenge/Response mechanism described here.  Enabling
+		clear text authentication does not disable the ability
+		of the client to participate in encrypted authentication.</P
+></TD
+></TR
+></TABLE
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN346"
+></A
+>3.2.1. Advantages of SMB Encryption</H2
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>plain text passwords are not passed across 
+			the network. Someone using a network sniffer cannot just 
+			record passwords going to the SMB server.</TD
+></TR
+><TR
+><TD
+>WinNT doesn't like talking to a server 
+			that isn't using SMB encrypted passwords. It will refuse 
+			to browse the server if the server is also in user level 
+			security mode. It will insist on prompting the user for the 
+			password on each connection, which is very annoying. The
+			only things you can do to stop this is to use SMB encryption.
+			</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN351"
+></A
+>3.2.2. Advantages of non-encrypted passwords</H2
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>plain text passwords are not kept 
+			on disk. </TD
+></TR
+><TR
+><TD
+>uses same password file as other unix 
+			services such as login and ftp</TD
+></TR
+><TR
+><TD
+>you are probably already using other 
+			services (such as telnet and ftp) which send plain text 
+			passwords over the net, so sending them for SMB isn't 
+			such a big deal.</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN357"
+></A
+>3.3. The smbpasswd Command</H1
+><P
+>The smbpasswd utility is a utility similar to the 
+	<B
+CLASS="COMMAND"
+>passwd</B
+> or <B
+CLASS="COMMAND"
+>yppasswd</B
+> programs.
+	It maintains the two 32 byte password fields 
+	in the passdb backend. </P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> works in a client-server mode 
+	where it contacts the local smbd to change the user's password on its 
+	behalf. This has enormous benefits - as follows.</P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> has the capability 
+	to change passwords on Windows NT servers (this only works when 
+	the request is sent to the NT Primary Domain Controller if you 
+	are changing an NT Domain user's password).</P
+><P
+>To run smbpasswd as a normal user just type :</P
+><P
+><TT
+CLASS="PROMPT"
+>$ </TT
+><TT
+CLASS="USERINPUT"
+><B
+>smbpasswd</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>Old SMB password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;type old value here - 
+	or hit return if there was no old password&gt;</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>New SMB Password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;type new value&gt;
+	</B
+></TT
+></P
+><P
+><TT
+CLASS="PROMPT"
+>Repeat New SMB Password: </TT
+><TT
+CLASS="USERINPUT"
+><B
+>&lt;re-type new value
+	</B
+></TT
+></P
+><P
+>If the old value does not match the current value stored for 
+	that user, or the two new values do not match each other, then the 
+	password will not be changed.</P
+><P
+>If invoked by an ordinary user it will only allow the user 
+	to change his or her own Samba password.</P
+><P
+>If run by the root user smbpasswd may take an optional 
+	argument, specifying the user name whose SMB password you wish to 
+	change.  Note that when run as root smbpasswd does not prompt for 
+	or check the old password value, thus allowing root to set passwords 
+	for users who have forgotten their passwords.</P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+> is designed to work in the same way 
+	and be familiar to UNIX users who use the <B
+CLASS="COMMAND"
+>passwd</B
+> or 
+	<B
+CLASS="COMMAND"
+>yppasswd</B
+> commands.</P
+><P
+>For more details on using <B
+CLASS="COMMAND"
+>smbpasswd</B
+> refer 
+	to the man page which will always be the definitive reference.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN388"
+></A
+>3.4. Plain text</H1
+><P
+>Older versions of samba retrieved user information from the unix user database 
+and eventually some other fields from the file <TT
+CLASS="FILENAME"
+>/etc/samba/smbpasswd</TT
+>
+or <TT
+CLASS="FILENAME"
+>/etc/smbpasswd</TT
+>. When password encryption is disabled, no 
+data is stored at all.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN393"
+></A
+>3.5. TDB</H1
+><P
+>Samba can also store the user data in a "TDB" (Trivial Database). Using this backend 
+doesn't require any additional configuration. This backend is recommended for new installations who 
+don't require LDAP.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN396"
+></A
+>3.6. LDAP</H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN398"
+></A
+>3.6.1. Introduction</H2
+><P
+>This document describes how to use an LDAP directory for storing Samba user
+account information traditionally stored in the smbpasswd(5) file.  It is
+assumed that the reader already has a basic understanding of LDAP concepts
+and has a working directory server already installed.  For more information
+on LDAP architectures and Directories, please refer to the following sites.</P
+><P
+></P
+><UL
+><LI
+><P
+>OpenLDAP - <A
+HREF="http://www.openldap.org/"
+TARGET="_top"
+>http://www.openldap.org/</A
+></P
+></LI
+><LI
+><P
+>iPlanet Directory Server - <A
+HREF="http://iplanet.netscape.com/directory"
+TARGET="_top"
+>http://iplanet.netscape.com/directory</A
+></P
+></LI
+></UL
+><P
+>Note that <A
+HREF="http://www.ora.com/"
+TARGET="_top"
+>O'Reilly Publishing</A
+> is working on
+a guide to LDAP for System Administrators which has a planned release date of
+early summer, 2002.</P
+><P
+>Two additional Samba resources which may prove to be helpful are</P
+><P
+></P
+><UL
+><LI
+><P
+>The <A
+HREF="http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html"
+TARGET="_top"
+>Samba-PDC-LDAP-HOWTO</A
+>
+	maintained by Ignacio Coupeau.</P
+></LI
+><LI
+><P
+>The NT migration scripts from <A
+HREF="http://samba.idealx.org/"
+TARGET="_top"
+>IDEALX</A
+> that are
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN418"
+></A
+>3.6.2. Introduction</H2
+><P
+>Traditionally, when configuring <A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>"encrypt
+passwords = yes"</A
+> in Samba's <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file, user account
+information such as username, LM/NT password hashes, password change times, and account
+flags have been stored in the <TT
+CLASS="FILENAME"
+>smbpasswd(5)</TT
+> file.  There are several
+disadvantages to this approach for sites with very large numbers of users (counted
+in the thousands).</P
+><P
+></P
+><UL
+><LI
+><P
+>The first is that all lookups must be performed sequentially.  Given that
+there are approximately two lookups per domain logon (one for a normal
+session connection such as when mapping a network drive or printer), this
+is a performance bottleneck for lareg sites.  What is needed is an indexed approach
+such as is used in databases.</P
+></LI
+><LI
+><P
+>The second problem is that administrators who desired to replicate a
+smbpasswd file to more than one Samba server were left to use external
+tools such as <B
+CLASS="COMMAND"
+>rsync(1)</B
+> and <B
+CLASS="COMMAND"
+>ssh(1)</B
+>
+and wrote custom, in-house scripts.</P
+></LI
+><LI
+><P
+>And finally, the amount of information which is stored in an
+smbpasswd entry leaves no room for additional attributes such as
+a home directory, password expiration time, or even a Relative
+Identified (RID).</P
+></LI
+></UL
+><P
+>As a result of these defeciencies, a more robust means of storing user attributes
+used by smbd was developed.  The API which defines access to user accounts
+is commonly referred to as the samdb interface (previously this was called the passdb
+API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
+for a samdb backend (e.g. <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> or
+<TT
+CLASS="PARAMETER"
+><I
+>--with-tdbsam</I
+></TT
+>) requires compile time support.</P
+><P
+>When compiling Samba to include the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+> autoconf
+option, smbd (and associated tools) will store and lookup user accounts in
+an LDAP directory.  In reality, this is very easy to understand.  If you are
+comfortable with using an smbpasswd file, simply replace "smbpasswd" with
+"LDAP directory" in all the documentation.</P
+><P
+>There are a few points to stress about what the <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+does not provide.  The LDAP support referred to in the this documentation does not
+include:</P
+><P
+></P
+><UL
+><LI
+><P
+>A means of retrieving user account information from
+	an Windows 2000 Active Directory server.</P
+></LI
+><LI
+><P
+>A means of replacing /etc/passwd.</P
+></LI
+></UL
+><P
+>The second item can be accomplished by using LDAP NSS and PAM modules.  LGPL
+versions of these libraries can be obtained from PADL Software
+(<A
+HREF="http://www.padl.com/"
+TARGET="_top"
+>http://www.padl.com/</A
+>).  However,
+the details of configuring these packages are beyond the scope of this document.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN447"
+></A
+>3.6.3. Supported LDAP Servers</H2
+><P
+>The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
+2.0 server and client libraries.  The same code should be able to work with
+Netscape's Directory Server and client SDK. However, due to lack of testing
+so far, there are bound to be compile errors and bugs.  These should not be
+hard to fix. If you are so inclined, please be sure to forward all patches to
+<A
+HREF="samba-patches@samba.org"
+TARGET="_top"
+>samba-patches@samba.org</A
+> and
+<A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN452"
+></A
+>3.6.4. Schema and Relationship to the RFC 2307 posixAccount</H2
+><P
+>Samba 3.0 includes the necessary schema file for OpenLDAP 2.0 in
+<TT
+CLASS="FILENAME"
+>examples/LDAP/samba.schema</TT
+>.  The sambaAccount objectclass is given here:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))</PRE
+></P
+><P
+>The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
+owned by the Samba Team and as such is legal to be openly published.
+If you translate the schema to be used with Netscape DS, please
+submit the modified schema file as a patch to <A
+HREF="jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+></P
+><P
+>Just as the smbpasswd file is mean to store information which supplements a
+user's <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entry, so is the sambaAccount object
+meant to supplement the UNIX user account information.  A sambaAccount is a
+<TT
+CLASS="CONSTANT"
+>STRUCTURAL</TT
+> objectclass so it can be stored individually
+in the directory.  However, there are several fields (e.g. uid) which overlap
+with the posixAccount objectclass outlined in RFC2307.  This is by design.</P
+><P
+>In order to store all user account information (UNIX and Samba) in the directory,
+it is necessary to use the sambaAccount and posixAccount objectclasses in
+combination.  However, smbd will still obtain the user's UNIX account
+information via the standard C library calls (e.g. getpwnam(), et. al.).
+This means that the Samba server must also have the LDAP NSS library installed
+and functioning correctly.  This division of information makes it possible to
+store all Samba account information in LDAP, but still maintain UNIX account
+information in NIS while the network is transitioning to a full LDAP infrastructure.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN464"
+></A
+>3.6.5. Configuring Samba with LDAP</H2
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN466"
+></A
+>3.6.5.1. OpenLDAP configuration</H3
+><P
+>To include support for the sambaAccount object in an OpenLDAP directory
+server, first copy the samba.schema file to slapd's configuration directory.</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+><B
+CLASS="COMMAND"
+>cp samba.schema /etc/openldap/schema/</B
+></P
+><P
+>Next, include the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>.
+The sambaAccount object contains two attributes which depend upon other schema
+files.  The 'uid' attribute is defined in <TT
+CLASS="FILENAME"
+>cosine.schema</TT
+> and
+the 'displayName' attribute is defined in the <TT
+CLASS="FILENAME"
+>inetorgperson.schema</TT
+>
+file.  Both of these must be included before the <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....</PRE
+></P
+><P
+>It is recommended that you maintain some indices on some of the most usefull attributes,
+like in the following example, to speed up searches made on sambaAccount objectclasses
+(and possibly posixAccount and posixGroup as well).</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+># Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsambapwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><H3
+CLASS="SECT3"
+><A
+NAME="AEN483"
+></A
+>3.6.5.2. Configuring Samba</H3
+><P
+>The following parameters are available in smb.conf only with <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+was included with compiling Samba.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSSL"
+TARGET="_top"
+>ldap ssl</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSERVER"
+TARGET="_top"
+>ldap server</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPADMINDN"
+TARGET="_top"
+>ldap admin dn</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPSUFFIX"
+TARGET="_top"
+>ldap suffix</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPFILTER"
+TARGET="_top"
+>ldap filter</A
+></P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#LDAPPORT"
+TARGET="_top"
+>ldap port</A
+></P
+></LI
+></UL
+><P
+>These are described in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+> man
+page and so will not be repeated here.  However, a sample smb.conf file for
+use with an LDAP directory could appear as</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w <TT
+CLASS="REPLACEABLE"
+><I
+>secretpw</I
+></TT
+>' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"</PRE
+></P
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN511"
+></A
+>3.6.6. Accounts and Groups management</H2
+><P
+>As users accounts are managed thru the sambaAccount objectclass, you should
+modify you existing administration tools to deal with sambaAccount attributes.</P
+><P
+>Machines accounts are managed with the sambaAccount objectclass, just
+like users accounts. However, it's up to you to stored thoses accounts
+in a different tree of you LDAP namespace: you should use
+"ou=Groups,dc=plainjoe,dc=org" to store groups and
+"ou=People,dc=plainjoe,dc=org" to store users. Just configure your
+NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration
+file).</P
+><P
+>In Samba release 3.0, the group management system is based on posix
+groups. This means that Samba make usage of the posixGroup objectclass.
+For now, there is no NT-like group system management (global and local
+groups).</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN516"
+></A
+>3.6.7. Security and sambaAccount</H2
+><P
+>There are two important points to remember when discussing the security
+of sambaAccount entries in the directory.</P
+><P
+></P
+><UL
+><LI
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Never</I
+></SPAN
+> retrieve the lmPassword or
+	ntPassword attribute values over an unencrypted LDAP session.</P
+></LI
+><LI
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Never</I
+></SPAN
+> allow non-admin users to
+	view the lmPassword or ntPassword attribute values.</P
+></LI
+></UL
+><P
+>These password hashes are clear text equivalents and can be used to impersonate
+the user without deriving the original clear text strings.  For more information
+on the details of LM/NT password hashes, refer to the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>ENCRYPTION chapter</A
+> of the Samba-HOWTO-Collection.</P
+><P
+>To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults
+to require an encrypted session (<B
+CLASS="COMMAND"
+>ldap ssl = on</B
+>) using
+the default port of 636
+when contacting the directory server.  When using an OpenLDAP 2.0 server, it
+is possible to use the use the StartTLS LDAP extended  operation in the place of
+LDAPS.  In either case, you are strongly discouraged to disable this security
+(<B
+CLASS="COMMAND"
+>ldap ssl = off</B
+>).</P
+><P
+>Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS
+extended operation.  However, the OpenLDAP library still provides support for
+the older method of securing communication between clients and servers.</P
+><P
+>The second security precaution is to prevent non-administrative users from
+harvesting password hashes from the directory.  This can be done using the
+following ACL in <TT
+CLASS="FILENAME"
+>slapd.conf</TT
+>:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN536"
+></A
+>3.6.8. LDAP specials attributes for sambaAccounts</H2
+><P
+>The sambaAccount objectclass is composed of the following attributes:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>lmPassword</TT
+>: the LANMAN password 16-byte hash stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ntPassword</TT
+>: the NT password hash 16-byte stored as a character
+	representation of a hexidecimal string.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdLastSet</TT
+>: The integer time in seconds since 1970 when the
+	<TT
+CLASS="CONSTANT"
+>lmPassword</TT
+> and <TT
+CLASS="CONSTANT"
+>ntPassword</TT
+> attributes were last set.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>acctFlags</TT
+>: string of 11 characters surrounded by square brackets []
+	representing account flags such as U (user), W(workstation), X(no password expiration), and
+	D(disabled).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logonTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>logoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>kickoffTime</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdCanChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>pwdMustChange</TT
+>: Integer value currently unused</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>homeDrive</TT
+>: specifies the drive letter to which to map the
+	UNC path specified by homeDirectory. The drive letter must be specified in the form "X:"
+	where X is the letter of the drive to map. Refer to the "logon drive" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>scriptPath</TT
+>: The scriptPath property specifies the path of
+	the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
+	is relative to the netlogon share.  Refer to the "logon script" parameter in the
+	smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>profilePath</TT
+>: specifies a path to the user's profile.
+	This value can be a null string, a local absolute path, or a UNC path.  Refer to the
+	"logon path" parameter in the smb.conf(5) man page for more information.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>smbHome</TT
+>: The homeDirectory property specifies the path of
+	the home directory for the user. The string can be null. If homeDrive is set and specifies
+	a drive letter, homeDirectory should be a UNC path. The path must be a network
+	UNC path of the form \\server\share\directory. This value can be a null string.
+	Refer to the "logon home" parameter in the smb.conf(5) man page for more information.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>userWorkstation</TT
+>: character string value currently unused.
+	</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>rid</TT
+>: the integer representation of the user's relative identifier
+	(RID).</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>primaryGroupID</TT
+>: the relative identifier (RID) of the primary group
+	of the user.</P
+></LI
+></UL
+><P
+>The majority of these parameters are only used when Samba is acting as a PDC of
+a domain (refer to the <A
+HREF="Samba-PDC-HOWTO.html"
+TARGET="_top"
+>Samba-PDC-HOWTO</A
+> for details on
+how to configure Samba as a Primary Domain Controller). The following four attributes
+are only stored with the sambaAccount entry if the values are non-default values:</P
+><P
+></P
+><UL
+><LI
+><P
+>smbHome</P
+></LI
+><LI
+><P
+>scriptPath</P
+></LI
+><LI
+><P
+>logonPath</P
+></LI
+><LI
+><P
+>homeDrive</P
+></LI
+></UL
+><P
+>These attributes are only stored with the sambaAccount entry if
+the values are non-default values.  For example, assume TASHTEGO has now been
+configured as a PDC and that <B
+CLASS="COMMAND"
+>logon home = \\%L\%u</B
+> was defined in
+its <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. When a user named "becky" logons to the domain,
+the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> string is expanded to \\TASHTEGO\becky.
+If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org",
+this value is used.  However, if this attribute does not exist, then the value
+of the <TT
+CLASS="PARAMETER"
+><I
+>logon home</I
+></TT
+> parameter is used in its place.  Samba
+will only write the attribute value to the directory entry is the value is
+something other than the default (e.g. \\MOBY\becky).</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN606"
+></A
+>3.6.9. Example LDIF Entries for a sambaAccount</H2
+><P
+>The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0</PRE
+></P
+><P
+>The following is an LDIF entry for using both the sambaAccount and
+posixAccount objectclasses:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
+></P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN614"
+></A
+>3.7. MySQL</H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN616"
+></A
+>3.7.1. Building</H2
+><P
+>To build the plugin, run <B
+CLASS="COMMAND"
+>make bin/pdb_mysql.so</B
+>
+in the <TT
+CLASS="FILENAME"
+>source/</TT
+> directory of samba distribution. </P
+><P
+>Next, copy pdb_mysql.so to any location you want. I 
+strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN622"
+></A
+>3.7.2. Creating the database</H2
+><P
+>You either can set up your own table and specify the field names to pdb_mysql (see below
+for the column names) or use the default table. The file <TT
+CLASS="FILENAME"
+>examples/pdb/mysql/mysql.dump</TT
+> 
+contains the correct queries to create the required tables. Use the command :
+
+<B
+CLASS="COMMAND"
+>mysql -u<TT
+CLASS="REPLACEABLE"
+><I
+>username</I
+></TT
+> -h<TT
+CLASS="REPLACEABLE"
+><I
+>hostname</I
+></TT
+> -p<TT
+CLASS="REPLACEABLE"
+><I
+>password</I
+></TT
+> <TT
+CLASS="REPLACEABLE"
+><I
+>databasename</I
+></TT
+> &#60; <TT
+CLASS="FILENAME"
+>/path/to/samba/examples/pdb/mysql/mysql.dump</TT
+></B
+>&#13;</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN632"
+></A
+>3.7.3. Configuring</H2
+><P
+>This plugin lacks some good documentation, but here is some short info:</P
+><P
+>Add a the following to the <B
+CLASS="COMMAND"
+>passdb backend</B
+> variable in your <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>:
+<PRE
+CLASS="PROGRAMLISTING"
+>passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE
+></P
+><P
+>The identifier can be any string you like, as long as it doesn't collide with 
+the identifiers of other plugins or other instances of pdb_mysql. If you 
+specify multiple pdb_mysql.so entries in 'passdb backend', you also need to 
+use different identifiers!</P
+><P
+>Additional options can be given thru the smb.conf file in the [global] section.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>identifier:mysql host                     - host name, defaults to 'localhost'
+identifier:mysql password
+identifier:mysql user                     - defaults to 'samba'
+identifier:mysql database                 - defaults to 'samba'
+identifier:mysql port                     - defaults to 3306
+identifier:table                          - Name of the table containing users</PRE
+></P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+WIDTH="100%"
+BORDER="0"
+><TR
+><TD
+WIDTH="25"
+ALIGN="CENTER"
+VALIGN="TOP"
+><IMG
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
+HSPACE="5"
+ALT="Warning"></TD
+><TD
+ALIGN="LEFT"
+VALIGN="TOP"
+><P
+>Since the password for the mysql user is stored in the 
+smb.conf file, you should make the the smb.conf file 
+readable only to the user that runs samba. This is considered a security 
+bug and will be fixed soon.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Names of the columns in this table(I've added column types those columns should have first):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>identifier:logon time column             - int(9)
+identifier:logoff time column            - int(9)
+identifier:kickoff time column           - int(9)
+identifier:pass last set time column     - int(9)
+identifier:pass can change time column   - int(9)
+identifier:pass must change time column  - int(9)
+identifier:username column               - varchar(255) - unix username
+identifier:domain column                 - varchar(255) - NT domain user is part of
+identifier:nt username column            - varchar(255) - NT username
+identifier:fullname column            - varchar(255) - Full name of user
+identifier:home dir column               - varchar(255) - Unix homedir path
+identifier:dir drive column              - varchar(2) - Directory drive path (eg: 'H:')
+identifier:logon script column           - varchar(255) - Batch file to run on client side when logging on
+identifier:profile path column           - varchar(255) - Path of profile
+identifier:acct desc column              - varchar(255) - Some ASCII NT user data
+identifier:workstations column           - varchar(255) - Workstations user can logon to (or NULL for all)
+identifier:unknown string column         - varchar(255) - unknown string
+identifier:munged dial column            - varchar(255) - ?
+identifier:uid column                    - int(9) - Unix user ID (uid)
+identifier:gid column                    - int(9) - Unix user group (gid)
+identifier:user sid column               - varchar(255) - NT user SID
+identifier:group sid column              - varchar(255) - NT group ID
+identifier:lanman pass column            - varchar(255) - encrypted lanman password
+identifier:nt pass column                - varchar(255) - encrypted nt passwd
+identifier:plain pass column             - varchar(255) - plaintext password
+identifier:acct control column           - int(9) - nt user data
+identifier:unknown 3 column              - int(9) - unknown
+identifier:logon divs column             - int(9) - ?
+identifier:hours len column              - int(9) - ?
+identifier:unknown 5 column              - int(9) - unknown
+identifier:unknown 6 column              - int(9) - unknown</PRE
+></P
+><P
+>Eventually, you can put a colon (:) after the name of each column, which 
+should specify the column to update when updating the table. You can also
+specify nothing behind the colon - then the data from the field will not be 
+updated. </P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN649"
+></A
+>3.7.4. Using plaintext passwords or encrypted password</H2
+><P
+>I strongly discourage the use of plaintext passwords, however, you can use them:</P
+><P
+>If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. </P
+><P
+>If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN654"
+></A
+>3.7.5. Getting non-column data from the table</H2
+><P
+>It is possible to have not all data in the database and making some 'constant'.</P
+><P
+>For example, you can set 'identifier:fullname column' to : 
+<B
+CLASS="COMMAND"
+>CONCAT(First_name,' ',Sur_name)</B
+></P
+><P
+>Or, set 'identifier:workstations column' to :
+<B
+CLASS="COMMAND"
+>NULL</B
+></P
+><P
+>See the MySQL documentation for more language constructs.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN662"
+></A
+>3.8. Passdb XML plugin</H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN664"
+></A
+>3.8.1. Building</H2
+><P
+>This module requires libxml2 to be installed.</P
+><P
+>To build pdb_xml, run: <B
+CLASS="COMMAND"
+>make bin/pdb_xml.so</B
+> in 
+the directory <TT
+CLASS="FILENAME"
+>source/</TT
+>. </P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN670"
+></A
+>3.8.2. Usage</H2
+><P
+>The usage of pdb_xml is pretty straightforward. To export data, use:
+
+<B
+CLASS="COMMAND"
+>pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B
+>
+
+(where filename is the name of the file to put the data in)</P
+><P
+>To import data, use:
+<B
+CLASS="COMMAND"
+>pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B
+>
+
+Where filename is the name to read the data from and current-pdb to put it in.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="browsing-quick.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="type.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="introduction.html"
+ACCESSKEY="U"
+>Up</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Type of installation</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file
diff --git a/docs/htmldocs/pdb-mysql.html b/docs/htmldocs/pdb-mysql.html
index abca946f6f..e98d0c30d0 100644
--- a/docs/htmldocs/pdb-mysql.html
+++ b/docs/htmldocs/pdb-mysql.html
@@ -5,8 +5,7 @@
 >Passdb MySQL plugin</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="PDB-MYSQL">Chapter 16. Passdb MySQL plugin</H1
+NAME="PDB-MYSQL"
+></A
+>Chapter 16. Passdb MySQL plugin</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2566">16.1. Building</H1
+NAME="AEN2562"
+></A
+>16.1. Building</H1
 ><P
 >To build the plugin, run <B
 CLASS="COMMAND"
@@ -98,7 +101,53 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2572">16.2. Configuring</H1
+NAME="AEN2568"
+></A
+>16.2. Creating the database</H1
+><P
+>You either can set up your own table and specify the field names to pdb_mysql (see below
+for the column names) or use the default table. The file <TT
+CLASS="FILENAME"
+>examples/pdb/mysql/mysql.dump</TT
+> 
+contains the correct queries to create the required tables. Use the command :
+
+<B
+CLASS="COMMAND"
+>mysql -u<TT
+CLASS="REPLACEABLE"
+><I
+>username</I
+></TT
+> -h<TT
+CLASS="REPLACEABLE"
+><I
+>hostname</I
+></TT
+> -p<TT
+CLASS="REPLACEABLE"
+><I
+>password</I
+></TT
+> <TT
+CLASS="REPLACEABLE"
+><I
+>databasename</I
+></TT
+> &#60; <TT
+CLASS="FILENAME"
+>/path/to/samba/examples/pdb/mysql/mysql.dump</TT
+></B
+>&#13;</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN2578"
+></A
+>16.3. Configuring</H1
 ><P
 >This plugin lacks some good documentation, but here is some short info:</P
 ><P
@@ -189,7 +238,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2589">16.3. Using plaintext passwords or encrypted password</H1
+NAME="AEN2595"
+></A
+>16.4. Using plaintext passwords or encrypted password</H1
 ><P
 >I strongly discourage the use of plaintext passwords, however, you can use them:</P
 ><P
@@ -202,7 +253,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2594">16.4. Getting non-column data from the table</H1
+NAME="AEN2600"
+></A
+>16.5. Getting non-column data from the table</H1
 ><P
 >It is possible to have not all data in the database and making some 'constant'.</P
 ><P
diff --git a/docs/htmldocs/pdb-xml.html b/docs/htmldocs/pdb-xml.html
index 4d300d7be0..1b419dcc74 100644
--- a/docs/htmldocs/pdb-xml.html
+++ b/docs/htmldocs/pdb-xml.html
@@ -5,8 +5,7 @@
 >Passdb XML plugin</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="PDB-XML">Chapter 17. Passdb XML plugin</H1
+NAME="PDB-XML"
+></A
+>Chapter 17. Passdb XML plugin</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2613">17.1. Building</H1
+NAME="AEN2619"
+></A
+>17.1. Building</H1
 ><P
 >This module requires libxml2 to be installed.</P
 ><P
@@ -97,7 +100,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2619">17.2. Usage</H1
+NAME="AEN2625"
+></A
+>17.2. Usage</H1
 ><P
 >The usage of pdb_xml is pretty straightforward. To export data, use:
 
diff --git a/docs/htmldocs/pdbedit.8.html b/docs/htmldocs/pdbedit.8.html
index e3cf1e4fba..14497f522c 100644
--- a/docs/htmldocs/pdbedit.8.html
+++ b/docs/htmldocs/pdbedit.8.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >pdbedit</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="PDBEDIT">pdbedit</H1
+NAME="PDBEDIT.8"
+></A
+>pdbedit</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -28,13 +29,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >pdbedit</B
-> [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-d debuglevel] [-s configfile] [-P account-policy] [-V value]</P
+>  [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-d debuglevel] [-s configfile] [-P account-policy] [-V value]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -44,10 +47,12 @@ NAME="AEN30"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 >The pdbedit program is used to manage the users accounts
@@ -65,7 +70,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN37"
+NAME="AEN39"
 ></A
 ><H2
 >OPTIONS</H2
@@ -88,20 +93,10 @@ CLASS="COMMAND"
 >pdbedit -l</B
 ></P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
-CLASS="PROGRAMLISTING"
->		sorce:500:Simo Sorce
-		samba:45:Test User
-		</PRE
-></TD
-></TR
-></TABLE
+CLASS="SCREEN"
+>sorce:500:Simo Sorce
+samba:45:Test User</PRE
 ></P
 ></DD
 ><DT
@@ -117,36 +112,26 @@ CLASS="COMMAND"
 >pdbedit -l -v</B
 ></P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
-CLASS="PROGRAMLISTING"
->		---------------
-		username:       sorce
-		user ID/Group:  500/500
-		user RID/GRID:  2000/2001
-		Full Name:      Simo Sorce
-		Home Directory: \\BERSERKER\sorce
-		HomeDir Drive:  H:
-		Logon Script:   \\BERSERKER\netlogon\sorce.bat
-		Profile Path:   \\BERSERKER\profile
-		---------------
-		username:       samba
-		user ID/Group:  45/45
-		user RID/GRID:  1090/1091
-		Full Name:      Test User
-		Home Directory: \\BERSERKER\samba
-		HomeDir Drive:  
-		Logon Script:   
-		Profile Path:   \\BERSERKER\profile
-		</PRE
-></TD
-></TR
-></TABLE
+CLASS="SCREEN"
+>---------------
+username:       sorce
+user ID/Group:  500/500
+user RID/GRID:  2000/2001
+Full Name:      Simo Sorce
+Home Directory: \\BERSERKER\sorce
+HomeDir Drive:  H:
+Logon Script:   \\BERSERKER\netlogon\sorce.bat
+Profile Path:   \\BERSERKER\profile
+---------------
+username:       samba
+user ID/Group:  45/45
+user RID/GRID:  1090/1091
+Full Name:      Test User
+Home Directory: \\BERSERKER\samba
+HomeDir Drive:  
+Logon Script:   
+Profile Path:   \\BERSERKER\profile</PRE
 ></P
 ></DD
 ><DT
@@ -159,35 +144,23 @@ CLASS="PROGRAMLISTING"
 		<TT
 CLASS="FILENAME"
 >smbpasswd</TT
-> file format. (see the <A
-HREF="smbpasswd.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smbpasswd(5)</TT
-></A
+> file format. (see the
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
 > for details)</P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >pdbedit -l -w</B
 ></P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
-CLASS="PROGRAMLISTING"
->		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
-		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
-		</PRE
-></TD
-></TR
-></TABLE
-></P
+CLASS="SCREEN"
+>sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
+samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:</PRE
 ></DD
 ><DT
 >-u username</DT
@@ -195,13 +168,19 @@ CLASS="PROGRAMLISTING"
 ><P
 >This option specifies the username to be
 		used for the operation requested (listing, adding, removing).
-		It is <I
+		It is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >required</I
+></SPAN
 > in add, remove and modify
-		operations and <I
+		operations and <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >optional</I
+></SPAN
 > in list
 		operations.</P
 ></DD
@@ -287,21 +266,11 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >pdbedit -a -u sorce</B
 >
-		<TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
+<PRE
 CLASS="PROGRAMLISTING"
 >new password:
-		retype new password</PRE
-></TD
-></TR
-></TABLE
->
-                </P
+retype new password</PRE
+></P
 ></DD
 ><DT
 >-m</DT
@@ -394,19 +363,9 @@ CLASS="COMMAND"
 >pdbedit -P "bad lockout attempt"</B
 ></P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->		account policy value for bad lockout attempt is 0
-		</PRE
-></TD
-></TR
-></TABLE
+>account policy value for bad lockout attempt is 0</PRE
 ></P
 ></DD
 ><DT
@@ -428,20 +387,10 @@ CLASS="COMMAND"
 >pdbedit -P "bad lockout attempt" -V 3</B
 ></P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->		account policy value for bad lockout attempt was 0
-		account policy value for bad lockout attempt is now 3
-		</PRE
-></TD
-></TR
-></TABLE
+>account policy value for bad lockout attempt was 0
+account policy value for bad lockout attempt is now 3</PRE
 ></P
 ></DD
 ><DT
@@ -492,7 +441,7 @@ CLASS="FILENAME"
 >Print a summary of command line options.</P
 ></DD
 ><DT
->-s &#60;configuration file&#62;</DT
+>-s &lt;configuration file&gt;</DT
 ><DD
 ><P
 >The file specified contains the 
@@ -517,7 +466,7 @@ compile time.</P
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN182"
+NAME="AEN184"
 ></A
 ><H2
 >NOTES</H2
@@ -527,7 +476,7 @@ NAME="AEN182"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN185"
+NAME="AEN187"
 ></A
 ><H2
 >VERSION</H2
@@ -538,27 +487,29 @@ NAME="AEN185"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN188"
+NAME="AEN190"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbpasswd.8.html"
-TARGET="_top"
->smbpasswd(8)</A
->, 
-	<A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
->
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>samba</SPAN
+>(7)</SPAN
+></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN193"
+NAME="AEN199"
 ></A
 ><H2
 >AUTHOR</H2
@@ -570,14 +521,14 @@ NAME="AEN193"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+	XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/portability.html b/docs/htmldocs/portability.html
index 424fbe5c6c..4942cdb1bb 100644
--- a/docs/htmldocs/portability.html
+++ b/docs/htmldocs/portability.html
@@ -5,8 +5,7 @@
 >Portability</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,7 +72,9 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="PORTABILITY">Chapter 23. Portability</H1
+NAME="PORTABILITY"
+></A
+>Chapter 21. Portability</H1
 ><P
 >Samba works on a wide range of platforms but the interface all the 
 platforms provide is not always compatible. This chapter contains 
@@ -83,7 +84,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3139">23.1. HPUX</H1
+NAME="AEN3251"
+></A
+>21.1. HPUX</H1
 ><P
 >HP's implementation of supplementary groups is, er, non-standard (for
 hysterical reasons).  There are two group files, /etc/group and
@@ -111,7 +114,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3145">23.2. SCO Unix</H1
+NAME="AEN3257"
+></A
+>21.2. SCO Unix</H1
 ><P
 > 
 If you run an old version of  SCO Unix then you may need to get important 
@@ -126,7 +131,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3149">23.3. DNIX</H1
+NAME="AEN3261"
+></A
+>21.3. DNIX</H1
 ><P
 >DNIX has a problem with seteuid() and setegid(). These routines are
 needed for Samba to work correctly, but they were left out of the DNIX
@@ -231,7 +238,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3178">23.4. RedHat Linux Rembrandt-II</H1
+NAME="AEN3290"
+></A
+>21.4. RedHat Linux Rembrandt-II</H1
 ><P
 >By default RedHat Rembrandt-II during installation adds an
 entry to /etc/hosts as follows:
diff --git a/docs/htmldocs/printing.html b/docs/htmldocs/printing.html
index 46ebbcdf84..92eb52c7cc 100644
--- a/docs/htmldocs/printing.html
+++ b/docs/htmldocs/printing.html
@@ -5,8 +5,7 @@
 >Printing Support</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="PRINTING">Chapter 14. Printing Support</H1
+NAME="PRINTING"
+></A
+>Chapter 13. Printing Support</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1920">14.1. Introduction</H1
+NAME="AEN2054"
+></A
+>13.1. Introduction</H1
 ><P
 >Beginning with the 2.2.0 release, Samba supports 
 the native Windows NT printing mechanisms implemented via 
@@ -160,7 +163,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1942">14.2. Configuration</H1
+NAME="AEN2076"
+></A
+>13.2. Configuration</H1
 ><DIV
 CLASS="WARNING"
 ><P
@@ -175,7 +180,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -224,7 +229,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1950">14.2.1. Creating [print$]</H2
+NAME="AEN2084"
+></A
+>13.2.1. Creating [print$]</H2
 ><P
 >In order to support the uploading of printer driver 
 files, you must first configure a file share named [print$].  
@@ -303,7 +310,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TH
@@ -374,7 +381,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -445,7 +452,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1985">14.2.2. Setting Drivers for Existing Printers</H2
+NAME="AEN2119"
+></A
+>13.2.2. Setting Drivers for Existing Printers</H2
 ><P
 >The initial listing of printers in the Samba host's 
 Printers folder will have no real printer driver assigned 
@@ -515,7 +524,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2001">14.2.3. Support a large number of printers</H2
+NAME="AEN2135"
+></A
+>13.2.3. Support a large number of printers</H2
 ><P
 >One issue that has arisen during the development
 phase of Samba 2.2 is the need to support driver downloads for
@@ -579,7 +590,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2012">14.2.4. Adding New Printers via the Windows NT APW</H2
+NAME="AEN2146"
+></A
+>13.2.4. Adding New Printers via the Windows NT APW</H2
 ><P
 >By default, Samba offers all printer shares defined in <TT
 CLASS="FILENAME"
@@ -720,8 +733,8 @@ echo "  :sd=/var/spool/lpd/$2:\\" 			&#62;&#62; $PRINTCAP
 echo "  :mx=0:ml=0:sh:\\" 				&#62;&#62; $PRINTCAP
 echo "  :lp=/usr/local/samba/var/print/$5.prn:" 	&#62;&#62; $PRINTCAP
 
-touch "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&#38;1
-chown $LP "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&#38;1
+touch "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&amp;1
+chown $LP "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&amp;1
 
 mkdir /var/spool/lpd/$2
 chmod 700 /var/spool/lpd/$2
@@ -746,7 +759,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2042">14.2.5. Samba and Printer Ports</H2
+NAME="AEN2176"
+></A
+>13.2.5. Samba and Printer Ports</H2
 ><P
 >Windows NT/2000 print servers associate a port with each printer.  These normally
 take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
@@ -781,7 +796,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2050">14.3. The Imprints Toolset</H1
+NAME="AEN2184"
+></A
+>13.3. The Imprints Toolset</H1
 ><P
 >The Imprints tool set provides a UNIX equivalent of the 
 	Windows NT Add Printer Wizard.  For complete information, please 
@@ -797,7 +814,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2054">14.3.1. What is Imprints?</H2
+NAME="AEN2188"
+></A
+>13.3.1. What is Imprints?</H2
 ><P
 >Imprints is a collection of tools for supporting the goals 
 		of</P
@@ -827,7 +846,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2064">14.3.2. Creating Printer Driver Packages</H2
+NAME="AEN2198"
+></A
+>13.3.2. Creating Printer Driver Packages</H2
 ><P
 >The process of creating printer driver packages is beyond
 		the scope of this document (refer to Imprints.txt also included
@@ -841,7 +862,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2067">14.3.3. The Imprints server</H2
+NAME="AEN2201"
+></A
+>13.3.3. The Imprints server</H2
 ><P
 >The Imprints server is really a database server that 
 		may be queried via standard HTTP mechanisms.  Each printer 
@@ -863,7 +886,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2071">14.3.4. The Installation Client</H2
+NAME="AEN2205"
+></A
+>13.3.4. The Installation Client</H2
 ><P
 >More information regarding the Imprints installation client 
 		is available in the <TT
@@ -955,13 +980,17 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2093">14.4. Diagnosis</H1
+NAME="AEN2227"
+></A
+>13.4. Diagnosis</H1
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2095">14.4.1. Introduction</H2
+NAME="AEN2229"
+></A
+>13.4.1. Introduction</H2
 ><P
 >This is a short description of how to debug printing problems with
 Samba. This describes how to debug problems with printing from a SMB
@@ -1034,7 +1063,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2111">14.4.2. Debugging printer problems</H2
+NAME="AEN2245"
+></A
+>13.4.2. Debugging printer problems</H2
 ><P
 >One way to debug printing problems is to start by replacing these
 command with shell scripts that record the arguments and the contents
@@ -1050,7 +1081,7 @@ CLASS="PROGRAMLISTING"
     /usr/bin/id -p &#62;/tmp/tmp.print
     # we run the command and save the error messages
     # replace the command with the one appropriate for your system
-    /usr/bin/lpr -r -P$1 $2 2&#62;&#62;&#38;/tmp/tmp.print</PRE
+    /usr/bin/lpr -r -P$1 $2 2&#62;&#62;&amp;/tmp/tmp.print</PRE
 ></P
 ><P
 >Then you print a file and try removing it.  You may find that the
@@ -1089,7 +1120,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2120">14.4.3. What printers do I have?</H2
+NAME="AEN2254"
+></A
+>13.4.3. What printers do I have?</H2
 ><P
 >You can use the 'testprns' program to check to see if the printer
 name you are using is recognized by Samba.  For example,  you can
@@ -1116,7 +1149,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2128">14.4.4. Setting up printcap and print servers</H2
+NAME="AEN2262"
+></A
+>13.4.4. Setting up printcap and print servers</H2
 ><P
 >You may need to set up some printcaps for your Samba system to use.
 It is strongly recommended that you use the facilities provided by
@@ -1198,7 +1233,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2156">14.4.5. Job sent, no output</H2
+NAME="AEN2290"
+></A
+>13.4.5. Job sent, no output</H2
 ><P
 >This is the most frustrating part of printing.  You may have sent the
 job,  verified that the job was forwarded,  set up a wrapper around
@@ -1241,7 +1278,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2167">14.4.6. Job sent, strange output</H2
+NAME="AEN2301"
+></A
+>13.4.6. Job sent, strange output</H2
 ><P
 >Once you have the job printing, you can then start worrying about
 making it print nicely.</P
@@ -1285,7 +1324,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2179">14.4.7. Raw PostScript printed</H2
+NAME="AEN2313"
+></A
+>13.4.7. Raw PostScript printed</H2
 ><P
 >This is a problem that is usually caused by either the print spooling
 system putting information at the start of the print job that makes
@@ -1298,7 +1339,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2182">14.4.8. Advanced Printing</H2
+NAME="AEN2316"
+></A
+>13.4.8. Advanced Printing</H2
 ><P
 >Note that you can do some pretty magic things by using your
 imagination with the "print command" option and some shell scripts.
@@ -1312,7 +1355,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2185">14.4.9. Real debugging</H2
+NAME="AEN2319"
+></A
+>13.4.9. Real debugging</H2
 ><P
 >If the above debug tips don't help, then maybe you need to bring in
 the bug guns, system tracing. See Tracing.txt in this directory.</P
diff --git a/docs/htmldocs/pwencrypt.html b/docs/htmldocs/pwencrypt.html
index 9414399bf4..b15d74c5d0 100644
--- a/docs/htmldocs/pwencrypt.html
+++ b/docs/htmldocs/pwencrypt.html
@@ -5,8 +5,7 @@
 >LanMan and NT Password Encryption in Samba</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -17,8 +16,8 @@ REL="PREVIOUS"
 TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide"
 HREF="browsing-quick.html"><LINK
 REL="NEXT"
-TITLE="Type of installation"
-HREF="type.html"></HEAD
+TITLE="User information database"
+HREF="passdb.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
@@ -60,7 +59,7 @@ WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
-HREF="type.html"
+HREF="passdb.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="PWENCRYPT">Chapter 4. LanMan and NT Password Encryption in Samba</H1
+NAME="PWENCRYPT"
+></A
+>Chapter 4. LanMan and NT Password Encryption in Samba</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN457">4.1. Introduction</H1
+NAME="AEN457"
+></A
+>4.1. Introduction</H1
 ><P
 >Newer windows clients send encrypted passwords over 
 	the wire, instead of plain text passwords. The newest clients 
@@ -101,7 +104,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN462">4.2. Important Notes About Security</H1
+NAME="AEN462"
+></A
+>4.2. Important Notes About Security</H1
 ><P
 >The unix and SMB password encryption techniques seem similar 
 	on the surface. This similarity is, however, only skin deep. The unix 
@@ -135,7 +140,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TD
@@ -201,7 +206,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN481">4.2.1. Advantages of SMB Encryption</H2
+NAME="AEN481"
+></A
+>4.2.1. Advantages of SMB Encryption</H2
 ><P
 ></P
 ><UL
@@ -228,7 +235,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN488">4.2.2. Advantages of non-encrypted passwords</H2
+NAME="AEN488"
+></A
+>4.2.2. Advantages of non-encrypted passwords</H2
 ><P
 ></P
 ><UL
@@ -257,7 +266,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN497">4.3. The smbpasswd Command</H1
+NAME="AEN497"
+></A
+>4.3. The smbpasswd Command</H1
 ><P
 >The smbpasswd command maintains the two 32 byte password fields 
 	in the smbpasswd file. If you wish to make it similar to the unix 
@@ -401,7 +412,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="type.html"
+HREF="passdb.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -425,7 +436,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Type of installation</TD
+>User information database</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html
index e695663c8a..611512a53b 100644
--- a/docs/htmldocs/rpcclient.1.html
+++ b/docs/htmldocs/rpcclient.1.html
@@ -5,7 +5,7 @@
 >rpcclient</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="RPCCLIENT"
+NAME="RPCCLIENT.1"
 ></A
 >rpcclient</H1
 ><DIV
@@ -48,10 +48,12 @@ NAME="AEN23"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -66,7 +68,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN29"
+NAME="AEN31"
 ></A
 ><H2
 >OPTIONS</H2
@@ -90,10 +92,12 @@ CLASS="PARAMETER"
 >name resolve order</I
 ></TT
 ></A
-> line from 
-		<TT
-CLASS="FILENAME"
->smb.conf(5)</TT
+> line from <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 >.</P
 ></DD
 ><DT
@@ -107,10 +111,9 @@ CLASS="FILENAME"
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->		username = &lt;value&gt; 
-		password = &lt;value&gt;
-		domain   = &lt;value&gt;
-		</PRE
+>username = &lt;value&gt; 
+password = &lt;value&gt;
+domain   = &lt;value&gt;</PRE
 ></P
 ><P
 >Make certain that the permissions on the file restrict 
@@ -124,6 +127,12 @@ CLASS="PROGRAMLISTING"
 		below)) </P
 ></DD
 ><DT
+>-h|--help</DT
+><DD
+><P
+>Print a summary of command line options.</P
+></DD
+><DT
 >-d|--debug=debuglevel</DT
 ><DD
 ><P
@@ -165,12 +174,6 @@ CLASS="FILENAME"
 > file.</P
 ></DD
 ><DT
->-h|--help</DT
-><DD
-><P
->Print a summary of command line options.</P
-></DD
-><DT
 >-I IP-address</DT
 ><DD
 ><P
@@ -303,7 +306,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN107"
+NAME="AEN111"
 ></A
 ><H2
 >COMMANDS</H2
@@ -467,15 +470,14 @@ CLASS="PARAMETER"
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->		Long Printer Name:\
-		Driver File Name:\
-		Data File Name:\
-		Config File Name:\
-		Help File Name:\
-		Language Monitor Name:\
-		Default Data Type:\
-		Comma Separated list of Files
-		</PRE
+>Long Printer Name:\
+Driver File Name:\
+Data File Name:\
+Config File Name:\
+Help File Name:\
+Language Monitor Name:\
+Default Data Type:\
+Comma Separated list of Files</PRE
 ></P
 ><P
 >Any empty fields should be enter as the string "NULL". </P
@@ -705,7 +707,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN227"
+NAME="AEN231"
 ></A
 ><H2
 >BUGS</H2
@@ -724,7 +726,7 @@ CLASS="COMMAND"
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
->"WARNING!</I
+>WARNING!</I
 ></SPAN
 > The MSRPC over SMB code has 
 	been developed from examining  Network traces. No documentation is 
@@ -734,23 +736,28 @@ CLASS="EMPHASIS"
 	to be... a bit flaky in places. </P
 ><P
 >The development of Samba's implementation is also a bit rough, 
-	and as more  of the services are understood, it can even result in 
-	versions of  <B
-CLASS="COMMAND"
->smbd(8)</B
-> and <B
-CLASS="COMMAND"
->rpcclient(1)</B
-> 
-	that are incompatible for some commands or  services. Additionally, 
+	and as more of the services are understood, it can even result in 
+	versions of <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>rpcclient</SPAN
+>(1)</SPAN
+> that are incompatible for some commands or  services. Additionally, 
 	the developers are sending reports to Microsoft,  and problems found 
 	or reported to Microsoft are fixed in Service Packs,  which may 
-	result in incompatibilities." </P
+	result in incompatibilities.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN237"
+NAME="AEN245"
 ></A
 ><H2
 >VERSION</H2
@@ -761,7 +768,7 @@ NAME="AEN237"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN240"
+NAME="AEN248"
 ></A
 ><H2
 >AUTHOR</H2
@@ -774,7 +781,8 @@ NAME="AEN240"
 >The original rpcclient man page was written by Matthew 
 	Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
 	The conversion to DocBook for Samba 2.2 was done by Gerald 
-	Carter.</P
+	Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was
+	done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/samba-bdc.html b/docs/htmldocs/samba-bdc.html
index ef06a89416..42f653fb7d 100644
--- a/docs/htmldocs/samba-bdc.html
+++ b/docs/htmldocs/samba-bdc.html
@@ -5,8 +5,7 @@
 >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -14,7 +13,7 @@ REL="UP"
 TITLE="Type of installation"
 HREF="type.html"><LINK
 REL="PREVIOUS"
-TITLE="How to Configure Samba as a NT4 Primary Domain Controller"
+TITLE="Samba as a NT4 or Win2k Primary Domain Controller"
 HREF="samba-pdc.html"><LINK
 REL="NEXT"
 TITLE="Samba as a ADS domain member"
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="SAMBA-BDC">Chapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
+NAME="SAMBA-BDC"
+></A
+>Chapter 6. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1127">7.1. Prerequisite Reading</H1
+NAME="AEN1274"
+></A
+>6.1. Prerequisite Reading</H1
 ><P
 >Before you continue reading in this chapter, please make sure
 that you are comfortable with configuring a Samba PDC
@@ -94,7 +97,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1131">7.2. Background</H1
+NAME="AEN1278"
+></A
+>6.2. Background</H1
 ><P
 >What is a Domain Controller? It is a machine that is able to answer
 logon requests from workstations in a Windows NT Domain. Whenever a
@@ -137,7 +142,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1139">7.3. What qualifies a Domain Controller on the network?</H1
+NAME="AEN1286"
+></A
+>6.3. What qualifies a Domain Controller on the network?</H1
 ><P
 >Every machine that is a Domain Controller for the domain SAMBA has to
 register the NetBIOS group name SAMBA#1c with the WINS server and/or
@@ -152,7 +159,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1142">7.3.1. How does a Workstation find its domain controller?</H2
+NAME="AEN1289"
+></A
+>6.3.1. How does a Workstation find its domain controller?</H2
 ><P
 >A NT workstation in the domain SAMBA that wants a local user to be
 authenticated has to find the domain controller for SAMBA. It does
@@ -169,7 +178,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1145">7.3.2. When is the PDC needed?</H2
+NAME="AEN1292"
+></A
+>6.3.2. When is the PDC needed?</H2
 ><P
 >Whenever a user wants to change his password, this has to be done on
 the PDC. To find the PDC, the workstation does a NetBIOS name query
@@ -183,13 +194,19 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1148">7.4. Can Samba be a Backup Domain Controller?</H1
+NAME="AEN1295"
+></A
+>6.4. Can Samba be a Backup Domain Controller to an NT PDC?</H1
 ><P
 >With version 2.2, no. The native NT SAM replication protocols have
 not yet been fully implemented. The Samba Team is working on
 understanding and implementing the protocols, but this work has not
 been finished for version 2.2.</P
 ><P
+>With version 3.0, the work on both the replication protocols and a
+suitable storage mechanism has progressed, and some form of NT4 BDC
+support is expected soon.</P
+><P
 >Can I get the benefits of a BDC with Samba?  Yes. The main reason for
 implementing a BDC is availability. If the PDC is a Samba machine,
 a second Samba machine can be set up to
@@ -200,7 +217,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1152">7.5. How do I set up a Samba BDC?</H1
+NAME="AEN1300"
+></A
+>6.5. How do I set up a Samba BDC?</H1
 ><P
 >Several things have to be done:</P
 ><P
@@ -265,7 +284,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1169">7.5.1. How do I replicate the smbpasswd file?</H2
+NAME="AEN1317"
+></A
+>6.5.1. How do I replicate the smbpasswd file?</H2
 ><P
 >Replication of the smbpasswd file is sensitive. It has to be done
 whenever changes to the SAM are made. Every user's password change is
@@ -279,6 +300,21 @@ rsync. rsync can use ssh as a transport. ssh itself can be set up to
 accept *only* rsync transfer without requiring the user to type a
 password.</P
 ></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN1321"
+></A
+>6.5.2. Can I do this all with LDAP?</H2
+><P
+>The simple answer is YES.  Samba's pdb_ldap code supports
+binding to a replica LDAP server, and will also follow referrals and
+rebind to the master if it ever needs to make a modification to the
+database.  (Normally BDCs are read only, so this will not occur
+often).</P
+></DIV
 ></DIV
 ></DIV
 ><DIV
@@ -325,7 +361,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->How to Configure Samba as a NT4 Primary Domain Controller</TD
+>Samba as a NT4 or Win2k Primary Domain Controller</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
diff --git a/docs/htmldocs/samba-howto-collection.html b/docs/htmldocs/samba-howto-collection.html
index 0062e257dc..82e29206ac 100644
--- a/docs/htmldocs/samba-howto-collection.html
+++ b/docs/htmldocs/samba-howto-collection.html
@@ -5,8 +5,7 @@
 >SAMBA Project Documentation</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="NEXT"
 TITLE="General installation"
 HREF="introduction.html"></HEAD
@@ -20,20 +19,28 @@ ALINK="#0000FF"
 ><DIV
 CLASS="BOOK"
 ><A
-NAME="SAMBA-HOWTO-COLLECTION"><DIV
+NAME="SAMBA-HOWTO-COLLECTION"
+></A
+><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
 ><A
-NAME="SAMBA-HOWTO-COLLECTION">SAMBA Project Documentation</H1
+NAME="SAMBA-HOWTO-COLLECTION"
+></A
+>SAMBA Project Documentation</H1
 ><H3
 CLASS="AUTHOR"
 ><A
-NAME="AEN4">SAMBA Team</H3
+NAME="AEN4"
+></A
+>SAMBA Team</H3
 ><HR></DIV
 ><H1
 ><A
-NAME="AEN8">Abstract</H1
+NAME="AEN8"
+></A
+>Abstract</H1
 ><P
 ><SPAN
 CLASS="emphasis"
@@ -152,128 +159,89 @@ HREF="install.html#AEN184"
 ></DD
 ><DT
 >2. <A
-HREF="improved-browsing.html"
->Improved browsing in samba</A
+HREF="browsing-quick.html"
+>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.1. <A
-HREF="improved-browsing.html#AEN229"
->Overview of browsing</A
+HREF="browsing-quick.html#AEN230"
+>Discussion</A
 ></DT
 ><DT
 >2.2. <A
-HREF="improved-browsing.html#AEN233"
->Browsing support in samba</A
+HREF="browsing-quick.html#AEN238"
+>Use of the "Remote Announce" parameter</A
 ></DT
 ><DT
 >2.3. <A
-HREF="improved-browsing.html#AEN242"
->Problem resolution</A
+HREF="browsing-quick.html#AEN252"
+>Use of the "Remote Browse Sync" parameter</A
 ></DT
 ><DT
 >2.4. <A
-HREF="improved-browsing.html#AEN249"
->Browsing across subnets</A
+HREF="browsing-quick.html#AEN257"
+>Use of WINS</A
 ></DT
 ><DT
 >2.5. <A
-HREF="improved-browsing.html#AEN289"
->Setting up a WINS server</A
+HREF="browsing-quick.html#AEN268"
+>Do NOT use more than one (1) protocol on MS Windows machines</A
 ></DT
 ><DT
 >2.6. <A
-HREF="improved-browsing.html#AEN308"
->Setting up Browsing in a WORKGROUP</A
-></DT
-><DT
->2.7. <A
-HREF="improved-browsing.html#AEN326"
->Setting up Browsing in a DOMAIN</A
-></DT
-><DT
->2.8. <A
-HREF="improved-browsing.html#AEN336"
->Forcing samba to be the master</A
-></DT
-><DT
->2.9. <A
-HREF="improved-browsing.html#AEN345"
->Making samba the domain master</A
-></DT
-><DT
->2.10. <A
-HREF="improved-browsing.html#AEN363"
->Note about broadcast addresses</A
-></DT
-><DT
->2.11. <A
-HREF="improved-browsing.html#AEN366"
->Multiple interfaces</A
+HREF="browsing-quick.html#AEN274"
+>Name Resolution Order</A
 ></DT
 ></DL
 ></DD
 ><DT
 >3. <A
-HREF="browsing-quick.html"
->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
+HREF="passdb.html"
+>User information database</A
 ></DT
 ><DD
 ><DL
 ><DT
 >3.1. <A
-HREF="browsing-quick.html#AEN377"
->Discussion</A
+HREF="passdb.html#AEN324"
+>Introduction</A
 ></DT
 ><DT
 >3.2. <A
-HREF="browsing-quick.html#AEN385"
->Use of the "Remote Announce" parameter</A
+HREF="passdb.html#AEN331"
+>Important Notes About Security</A
 ></DT
 ><DT
 >3.3. <A
-HREF="browsing-quick.html#AEN399"
->Use of the "Remote Browse Sync" parameter</A
+HREF="passdb.html#AEN357"
+>The smbpasswd Command</A
 ></DT
 ><DT
 >3.4. <A
-HREF="browsing-quick.html#AEN404"
->Use of WINS</A
+HREF="passdb.html#AEN388"
+>Plain text</A
 ></DT
 ><DT
 >3.5. <A
-HREF="browsing-quick.html#AEN415"
->Do NOT use more than one (1) protocol on MS Windows machines</A
+HREF="passdb.html#AEN393"
+>TDB</A
 ></DT
 ><DT
 >3.6. <A
-HREF="browsing-quick.html#AEN421"
->Name Resolution Order</A
+HREF="passdb.html#AEN396"
+>LDAP</A
 ></DT
-></DL
-></DD
 ><DT
->4. <A
-HREF="pwencrypt.html"
->LanMan and NT Password Encryption in Samba</A
+>3.7. <A
+HREF="passdb.html#AEN614"
+>MySQL</A
 ></DT
-><DD
-><DL
 ><DT
->4.1. <A
-HREF="pwencrypt.html#AEN457"
->Introduction</A
-></DT
-><DT
->4.2. <A
-HREF="pwencrypt.html#AEN462"
->Important Notes About Security</A
-></DT
-><DT
->4.3. <A
-HREF="pwencrypt.html#AEN497"
->The smbpasswd Command</A
+>3.8. <A
+HREF="passdb.html#AEN662"
+>Passdb XML plugin</A
 ></DT
 ></DL
 ></DD
@@ -287,168 +255,168 @@ HREF="type.html"
 ><DD
 ><DL
 ><DT
->5. <A
+>4. <A
 HREF="securitylevels.html"
 >User and Share security level (for servers not in a domain)</A
 ></DT
 ><DT
->6. <A
+>5. <A
 HREF="samba-pdc.html"
->How to Configure Samba as a NT4 Primary Domain Controller</A
+>Samba as a NT4 or Win2k Primary Domain Controller</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.1. <A
-HREF="samba-pdc.html#AEN575"
+>5.1. <A
+HREF="samba-pdc.html#AEN722"
 >Prerequisite Reading</A
 ></DT
 ><DT
->6.2. <A
-HREF="samba-pdc.html#AEN581"
+>5.2. <A
+HREF="samba-pdc.html#AEN728"
 >Background</A
 ></DT
 ><DT
->6.3. <A
-HREF="samba-pdc.html#AEN620"
+>5.3. <A
+HREF="samba-pdc.html#AEN767"
 >Configuring the Samba Domain Controller</A
 ></DT
 ><DT
->6.4. <A
-HREF="samba-pdc.html#AEN663"
+>5.4. <A
+HREF="samba-pdc.html#AEN810"
 >Creating Machine Trust Accounts and Joining Clients to the
 Domain</A
 ></DT
 ><DT
->6.5. <A
-HREF="samba-pdc.html#AEN747"
+>5.5. <A
+HREF="samba-pdc.html#AEN894"
 >Common Problems and Errors</A
 ></DT
 ><DT
->6.6. <A
-HREF="samba-pdc.html#AEN795"
+>5.6. <A
+HREF="samba-pdc.html#AEN942"
 >System Policies and Profiles</A
 ></DT
 ><DT
->6.7. <A
-HREF="samba-pdc.html#AEN839"
+>5.7. <A
+HREF="samba-pdc.html#AEN986"
 >What other help can I get?</A
 ></DT
 ><DT
->6.8. <A
-HREF="samba-pdc.html#AEN953"
+>5.8. <A
+HREF="samba-pdc.html#AEN1100"
 >Domain Control for Windows 9x/ME</A
 ></DT
 ><DT
->6.9. <A
-HREF="samba-pdc.html#AEN1091"
->DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+>5.9. <A
+HREF="samba-pdc.html#AEN1238"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &amp; Samba</A
 ></DT
 ></DL
 ></DD
 ><DT
->7. <A
+>6. <A
 HREF="samba-bdc.html"
 >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.1. <A
-HREF="samba-bdc.html#AEN1127"
+>6.1. <A
+HREF="samba-bdc.html#AEN1274"
 >Prerequisite Reading</A
 ></DT
 ><DT
->7.2. <A
-HREF="samba-bdc.html#AEN1131"
+>6.2. <A
+HREF="samba-bdc.html#AEN1278"
 >Background</A
 ></DT
 ><DT
->7.3. <A
-HREF="samba-bdc.html#AEN1139"
+>6.3. <A
+HREF="samba-bdc.html#AEN1286"
 >What qualifies a Domain Controller on the network?</A
 ></DT
 ><DT
->7.4. <A
-HREF="samba-bdc.html#AEN1148"
->Can Samba be a Backup Domain Controller?</A
+>6.4. <A
+HREF="samba-bdc.html#AEN1295"
+>Can Samba be a Backup Domain Controller to an NT PDC?</A
 ></DT
 ><DT
->7.5. <A
-HREF="samba-bdc.html#AEN1152"
+>6.5. <A
+HREF="samba-bdc.html#AEN1300"
 >How do I set up a Samba BDC?</A
 ></DT
 ></DL
 ></DD
 ><DT
->8. <A
+>7. <A
 HREF="ads.html"
 >Samba as a ADS domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->8.1. <A
-HREF="ads.html#AEN1187"
+>7.1. <A
+HREF="ads.html#AEN1339"
 >Installing the required packages for Debian</A
 ></DT
 ><DT
->8.2. <A
-HREF="ads.html#AEN1193"
+>7.2. <A
+HREF="ads.html#AEN1346"
 >Installing the required packages for RedHat</A
 ></DT
 ><DT
->8.3. <A
-HREF="ads.html#AEN1202"
+>7.3. <A
+HREF="ads.html#AEN1356"
 >Compile Samba</A
 ></DT
 ><DT
->8.4. <A
-HREF="ads.html#AEN1217"
+>7.4. <A
+HREF="ads.html#AEN1371"
 >Setup your /etc/krb5.conf</A
 ></DT
 ><DT
->8.5. <A
-HREF="ads.html#AEN1227"
+>7.5. <A
+HREF="ads.html#AEN1381"
 >Create the computer account</A
 ></DT
 ><DT
->8.6. <A
-HREF="ads.html#AEN1243"
+>7.6. <A
+HREF="ads.html#AEN1393"
 >Test your server setup</A
 ></DT
 ><DT
->8.7. <A
-HREF="ads.html#AEN1248"
+>7.7. <A
+HREF="ads.html#AEN1398"
 >Testing with smbclient</A
 ></DT
 ><DT
->8.8. <A
-HREF="ads.html#AEN1251"
+>7.8. <A
+HREF="ads.html#AEN1401"
 >Notes</A
 ></DT
 ></DL
 ></DD
 ><DT
->9. <A
+>8. <A
 HREF="domain-security.html"
->Samba as a NT4 domain member</A
+>Samba as a NT4 or Win2k domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->9.1. <A
-HREF="domain-security.html#AEN1273"
->Joining an NT Domain with Samba 2.2</A
+>8.1. <A
+HREF="domain-security.html#AEN1423"
+>Joining an NT Domain with Samba 3.0</A
 ></DT
 ><DT
->9.2. <A
-HREF="domain-security.html#AEN1337"
+>8.2. <A
+HREF="domain-security.html#AEN1478"
 >Samba and Windows 2000 Domains</A
 ></DT
 ><DT
->9.3. <A
-HREF="domain-security.html#AEN1342"
+>8.3. <A
+HREF="domain-security.html#AEN1481"
 >Why is this better than security = server?</A
 ></DT
 ></DL
@@ -463,95 +431,95 @@ HREF="optional.html"
 ><DD
 ><DL
 ><DT
->10. <A
+>9. <A
 HREF="integrate-ms-networks.html"
 >Integrating MS Windows networks with Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->10.1. <A
-HREF="integrate-ms-networks.html#AEN1374"
+>9.1. <A
+HREF="integrate-ms-networks.html#AEN1513"
 >Agenda</A
 ></DT
 ><DT
->10.2. <A
-HREF="integrate-ms-networks.html#AEN1396"
+>9.2. <A
+HREF="integrate-ms-networks.html#AEN1535"
 >Name Resolution in a pure Unix/Linux world</A
 ></DT
 ><DT
->10.3. <A
-HREF="integrate-ms-networks.html#AEN1459"
+>9.3. <A
+HREF="integrate-ms-networks.html#AEN1598"
 >Name resolution as used within MS Windows networking</A
 ></DT
 ><DT
->10.4. <A
-HREF="integrate-ms-networks.html#AEN1504"
+>9.4. <A
+HREF="integrate-ms-networks.html#AEN1643"
 >How browsing functions and how to deploy stable and 
 dependable browsing using Samba</A
 ></DT
 ><DT
->10.5. <A
-HREF="integrate-ms-networks.html#AEN1514"
+>9.5. <A
+HREF="integrate-ms-networks.html#AEN1653"
 >MS Windows security options and how to configure 
 Samba for seemless integration</A
 ></DT
 ><DT
->10.6. <A
-HREF="integrate-ms-networks.html#AEN1584"
+>9.6. <A
+HREF="integrate-ms-networks.html#AEN1723"
 >Conclusions</A
 ></DT
 ></DL
 ></DD
 ><DT
->11. <A
+>10. <A
 HREF="unix-permissions.html"
 >UNIX Permission Bits and Windows NT Access Control Lists</A
 ></DT
 ><DD
 ><DL
 ><DT
->11.1. <A
-HREF="unix-permissions.html#AEN1605"
+>10.1. <A
+HREF="unix-permissions.html#AEN1744"
 >Viewing and changing UNIX permissions using the NT 
 	security dialogs</A
 ></DT
 ><DT
->11.2. <A
-HREF="unix-permissions.html#AEN1614"
+>10.2. <A
+HREF="unix-permissions.html#AEN1748"
 >How to view file security on a Samba share</A
 ></DT
 ><DT
->11.3. <A
-HREF="unix-permissions.html#AEN1625"
+>10.3. <A
+HREF="unix-permissions.html#AEN1759"
 >Viewing file ownership</A
 ></DT
 ><DT
->11.4. <A
-HREF="unix-permissions.html#AEN1645"
+>10.4. <A
+HREF="unix-permissions.html#AEN1779"
 >Viewing file or directory permissions</A
 ></DT
 ><DT
->11.5. <A
-HREF="unix-permissions.html#AEN1681"
+>10.5. <A
+HREF="unix-permissions.html#AEN1815"
 >Modifying file or directory permissions</A
 ></DT
 ><DT
->11.6. <A
-HREF="unix-permissions.html#AEN1703"
+>10.6. <A
+HREF="unix-permissions.html#AEN1837"
 >Interaction with the standard Samba create mask 
 	parameters</A
 ></DT
 ><DT
->11.7. <A
-HREF="unix-permissions.html#AEN1767"
+>10.7. <A
+HREF="unix-permissions.html#AEN1901"
 >Interaction with the standard Samba file attribute 
 	mapping</A
 ></DT
 ></DL
 ></DD
 ><DT
->12. <A
+>11. <A
 HREF="pam.html"
 >Configuring PAM for distributed but centrally 
 managed authentication</A
@@ -559,323 +527,304 @@ managed authentication</A
 ><DD
 ><DL
 ><DT
->12.1. <A
-HREF="pam.html#AEN1788"
+>11.1. <A
+HREF="pam.html#AEN1922"
 >Samba and PAM</A
 ></DT
 ><DT
->12.2. <A
-HREF="pam.html#AEN1832"
+>11.2. <A
+HREF="pam.html#AEN1966"
 >Distributed Authentication</A
 ></DT
 ><DT
->12.3. <A
-HREF="pam.html#AEN1839"
+>11.3. <A
+HREF="pam.html#AEN1973"
 >PAM Configuration in smb.conf</A
 ></DT
 ></DL
 ></DD
 ><DT
->13. <A
+>12. <A
 HREF="msdfs.html"
 >Hosting a Microsoft Distributed File System tree on Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->13.1. <A
-HREF="msdfs.html#AEN1859"
+>12.1. <A
+HREF="msdfs.html#AEN1993"
 >Instructions</A
 ></DT
 ></DL
 ></DD
 ><DT
->14. <A
+>13. <A
 HREF="printing.html"
 >Printing Support</A
 ></DT
 ><DD
 ><DL
 ><DT
->14.1. <A
-HREF="printing.html#AEN1920"
+>13.1. <A
+HREF="printing.html#AEN2054"
 >Introduction</A
 ></DT
 ><DT
->14.2. <A
-HREF="printing.html#AEN1942"
+>13.2. <A
+HREF="printing.html#AEN2076"
 >Configuration</A
 ></DT
 ><DT
->14.3. <A
-HREF="printing.html#AEN2050"
+>13.3. <A
+HREF="printing.html#AEN2184"
 >The Imprints Toolset</A
 ></DT
 ><DT
->14.4. <A
-HREF="printing.html#AEN2093"
+>13.4. <A
+HREF="printing.html#AEN2227"
 >Diagnosis</A
 ></DT
 ></DL
 ></DD
 ><DT
->15. <A
+>14. <A
 HREF="winbind.html"
 >Unified Logons between Windows NT and UNIX using Winbind</A
 ></DT
 ><DD
 ><DL
 ><DT
->15.1. <A
-HREF="winbind.html#AEN2225"
+>14.1. <A
+HREF="winbind.html#AEN2360"
 >Abstract</A
 ></DT
 ><DT
->15.2. <A
-HREF="winbind.html#AEN2229"
+>14.2. <A
+HREF="winbind.html#AEN2364"
 >Introduction</A
 ></DT
 ><DT
->15.3. <A
-HREF="winbind.html#AEN2242"
+>14.3. <A
+HREF="winbind.html#AEN2377"
 >What Winbind Provides</A
 ></DT
 ><DT
->15.4. <A
-HREF="winbind.html#AEN2253"
+>14.4. <A
+HREF="winbind.html#AEN2388"
 >How Winbind Works</A
 ></DT
 ><DT
->15.5. <A
-HREF="winbind.html#AEN2293"
+>14.5. <A
+HREF="winbind.html#AEN2431"
 >Installation and Configuration</A
 ></DT
 ><DT
->15.6. <A
-HREF="winbind.html#AEN2542"
+>14.6. <A
+HREF="winbind.html#AEN2680"
 >Limitations</A
 ></DT
 ><DT
->15.7. <A
-HREF="winbind.html#AEN2552"
+>14.7. <A
+HREF="winbind.html#AEN2690"
 >Conclusion</A
 ></DT
 ></DL
 ></DD
 ><DT
->16. <A
-HREF="pdb-mysql.html"
->Passdb MySQL plugin</A
+>15. <A
+HREF="improved-browsing.html"
+>Improved browsing in samba</A
 ></DT
 ><DD
 ><DL
 ><DT
->16.1. <A
-HREF="pdb-mysql.html#AEN2566"
->Building</A
+>15.1. <A
+HREF="improved-browsing.html#AEN2700"
+>Overview of browsing</A
 ></DT
 ><DT
->16.2. <A
-HREF="pdb-mysql.html#AEN2572"
->Configuring</A
+>15.2. <A
+HREF="improved-browsing.html#AEN2704"
+>Browsing support in samba</A
 ></DT
 ><DT
->16.3. <A
-HREF="pdb-mysql.html#AEN2589"
->Using plaintext passwords or encrypted password</A
+>15.3. <A
+HREF="improved-browsing.html#AEN2713"
+>Problem resolution</A
 ></DT
 ><DT
->16.4. <A
-HREF="pdb-mysql.html#AEN2594"
->Getting non-column data from the table</A
+>15.4. <A
+HREF="improved-browsing.html#AEN2720"
+>Browsing across subnets</A
 ></DT
-></DL
-></DD
 ><DT
->17. <A
-HREF="pdb-xml.html"
->Passdb XML plugin</A
+>15.5. <A
+HREF="improved-browsing.html#AEN2760"
+>Setting up a WINS server</A
 ></DT
-><DD
-><DL
 ><DT
->17.1. <A
-HREF="pdb-xml.html#AEN2613"
->Building</A
+>15.6. <A
+HREF="improved-browsing.html#AEN2779"
+>Setting up Browsing in a WORKGROUP</A
 ></DT
 ><DT
->17.2. <A
-HREF="pdb-xml.html#AEN2619"
->Usage</A
+>15.7. <A
+HREF="improved-browsing.html#AEN2797"
+>Setting up Browsing in a DOMAIN</A
 ></DT
-></DL
-></DD
 ><DT
->18. <A
-HREF="vfs.html"
->Stackable VFS modules</A
+>15.8. <A
+HREF="improved-browsing.html#AEN2807"
+>Forcing samba to be the master</A
 ></DT
-><DD
-><DL
 ><DT
->18.1. <A
-HREF="vfs.html#AEN2640"
->Introduction and configuration</A
+>15.9. <A
+HREF="improved-browsing.html#AEN2816"
+>Making samba the domain master</A
 ></DT
 ><DT
->18.2. <A
-HREF="vfs.html#AEN2649"
->Included modules</A
+>15.10. <A
+HREF="improved-browsing.html#AEN2834"
+>Note about broadcast addresses</A
 ></DT
 ><DT
->18.3. <A
-HREF="vfs.html#AEN2703"
->VFS modules available elsewhere</A
+>15.11. <A
+HREF="improved-browsing.html#AEN2837"
+>Multiple interfaces</A
 ></DT
 ></DL
 ></DD
 ><DT
->19. <A
-HREF="samba-ldap-howto.html"
->Storing Samba's User/Machine Account information in an LDAP Directory</A
+>16. <A
+HREF="vfs.html"
+>Stackable VFS modules</A
 ></DT
 ><DD
 ><DL
 ><DT
->19.1. <A
-HREF="samba-ldap-howto.html#AEN2737"
->Purpose</A
-></DT
-><DT
->19.2. <A
-HREF="samba-ldap-howto.html#AEN2757"
->Introduction</A
-></DT
-><DT
->19.3. <A
-HREF="samba-ldap-howto.html#AEN2786"
->Supported LDAP Servers</A
-></DT
-><DT
->19.4. <A
-HREF="samba-ldap-howto.html#AEN2791"
->Schema and Relationship to the RFC 2307 posixAccount</A
-></DT
-><DT
->19.5. <A
-HREF="samba-ldap-howto.html#AEN2803"
->Configuring Samba with LDAP</A
-></DT
-><DT
->19.6. <A
-HREF="samba-ldap-howto.html#AEN2850"
->Accounts and Groups management</A
-></DT
-><DT
->19.7. <A
-HREF="samba-ldap-howto.html#AEN2855"
->Security and sambaAccount</A
-></DT
-><DT
->19.8. <A
-HREF="samba-ldap-howto.html#AEN2875"
->LDAP specials attributes for sambaAccounts</A
+>16.1. <A
+HREF="vfs.html#AEN2855"
+>Introduction and configuration</A
 ></DT
 ><DT
->19.9. <A
-HREF="samba-ldap-howto.html#AEN2945"
->Example LDIF Entries for a sambaAccount</A
+>16.2. <A
+HREF="vfs.html#AEN2864"
+>Included modules</A
 ></DT
 ><DT
->19.10. <A
-HREF="samba-ldap-howto.html#AEN2953"
->Comments</A
+>16.3. <A
+HREF="vfs.html#AEN2918"
+>VFS modules available elsewhere</A
 ></DT
 ></DL
 ></DD
 ><DT
->20. <A
+>17. <A
 HREF="cvs-access.html"
->HOWTO Access Samba source code via CVS</A
+>Access Samba source code via CVS</A
 ></DT
 ><DD
 ><DL
 ><DT
->20.1. <A
-HREF="cvs-access.html#AEN2964"
+>17.1. <A
+HREF="cvs-access.html#AEN2942"
 >Introduction</A
 ></DT
 ><DT
->20.2. <A
-HREF="cvs-access.html#AEN2969"
+>17.2. <A
+HREF="cvs-access.html#AEN2947"
 >CVS Access to samba.org</A
 ></DT
 ></DL
 ></DD
 ><DT
->21. <A
+>18. <A
 HREF="groupmapping.html"
 >Group mapping HOWTO</A
 ></DT
 ><DT
->22. <A
+>19. <A
 HREF="speed.html"
 >Samba performance issues</A
 ></DT
 ><DD
 ><DL
 ><DT
->22.1. <A
-HREF="speed.html#AEN3055"
+>19.1. <A
+HREF="speed.html#AEN3033"
 >Comparisons</A
 ></DT
 ><DT
->22.2. <A
-HREF="speed.html#AEN3061"
+>19.2. <A
+HREF="speed.html#AEN3039"
 >Socket options</A
 ></DT
 ><DT
->22.3. <A
-HREF="speed.html#AEN3068"
+>19.3. <A
+HREF="speed.html#AEN3046"
 >Read size</A
 ></DT
 ><DT
->22.4. <A
-HREF="speed.html#AEN3073"
+>19.4. <A
+HREF="speed.html#AEN3051"
 >Max xmit</A
 ></DT
 ><DT
->22.5. <A
-HREF="speed.html#AEN3078"
+>19.5. <A
+HREF="speed.html#AEN3056"
 >Log level</A
 ></DT
 ><DT
->22.6. <A
-HREF="speed.html#AEN3081"
+>19.6. <A
+HREF="speed.html#AEN3059"
 >Read raw</A
 ></DT
 ><DT
->22.7. <A
-HREF="speed.html#AEN3086"
+>19.7. <A
+HREF="speed.html#AEN3064"
 >Write raw</A
 ></DT
 ><DT
->22.8. <A
-HREF="speed.html#AEN3090"
+>19.8. <A
+HREF="speed.html#AEN3068"
 >Slow Clients</A
 ></DT
 ><DT
->22.9. <A
-HREF="speed.html#AEN3094"
+>19.9. <A
+HREF="speed.html#AEN3072"
 >Slow Logins</A
 ></DT
 ><DT
->22.10. <A
-HREF="speed.html#AEN3097"
+>19.10. <A
+HREF="speed.html#AEN3075"
 >Client tuning</A
 ></DT
 ></DL
 ></DD
+><DT
+>20. <A
+HREF="groupprofiles.html"
+>Creating Group Profiles</A
+></DT
+><DD
+><DL
+><DT
+>20.1. <A
+HREF="groupprofiles.html#AEN3123"
+>Windows '9x</A
+></DT
+><DT
+>20.2. <A
+HREF="groupprofiles.html#AEN3132"
+>Windows NT 4</A
+></DT
+><DT
+>20.3. <A
+HREF="groupprofiles.html#AEN3170"
+>Windows 2000/XP</A
+></DT
+></DL
+></DD
 ></DL
 ></DD
 ><DT
@@ -886,132 +835,132 @@ HREF="appendixes.html"
 ><DD
 ><DL
 ><DT
->23. <A
+>21. <A
 HREF="portability.html"
 >Portability</A
 ></DT
 ><DD
 ><DL
 ><DT
->23.1. <A
-HREF="portability.html#AEN3139"
+>21.1. <A
+HREF="portability.html#AEN3251"
 >HPUX</A
 ></DT
 ><DT
->23.2. <A
-HREF="portability.html#AEN3145"
+>21.2. <A
+HREF="portability.html#AEN3257"
 >SCO Unix</A
 ></DT
 ><DT
->23.3. <A
-HREF="portability.html#AEN3149"
+>21.3. <A
+HREF="portability.html#AEN3261"
 >DNIX</A
 ></DT
 ><DT
->23.4. <A
-HREF="portability.html#AEN3178"
+>21.4. <A
+HREF="portability.html#AEN3290"
 >RedHat Linux Rembrandt-II</A
 ></DT
 ></DL
 ></DD
 ><DT
->24. <A
+>22. <A
 HREF="other-clients.html"
 >Samba and other CIFS clients</A
 ></DT
 ><DD
 ><DL
 ><DT
->24.1. <A
-HREF="other-clients.html#AEN3199"
+>22.1. <A
+HREF="other-clients.html#AEN3311"
 >Macintosh clients?</A
 ></DT
 ><DT
->24.2. <A
-HREF="other-clients.html#AEN3208"
+>22.2. <A
+HREF="other-clients.html#AEN3320"
 >OS2 Client</A
 ></DT
 ><DT
->24.3. <A
-HREF="other-clients.html#AEN3248"
+>22.3. <A
+HREF="other-clients.html#AEN3360"
 >Windows for Workgroups</A
 ></DT
 ><DT
->24.4. <A
-HREF="other-clients.html#AEN3269"
+>22.4. <A
+HREF="other-clients.html#AEN3381"
 >Windows '95/'98</A
 ></DT
 ><DT
->24.5. <A
-HREF="other-clients.html#AEN3285"
+>22.5. <A
+HREF="other-clients.html#AEN3397"
 >Windows 2000 Service Pack 2</A
 ></DT
 ></DL
 ></DD
 ><DT
->25. <A
+>23. <A
 HREF="bugreport.html"
 >Reporting Bugs</A
 ></DT
 ><DD
 ><DL
 ><DT
->25.1. <A
-HREF="bugreport.html#AEN3309"
+>23.1. <A
+HREF="bugreport.html#AEN3421"
 >Introduction</A
 ></DT
 ><DT
->25.2. <A
-HREF="bugreport.html#AEN3319"
+>23.2. <A
+HREF="bugreport.html#AEN3431"
 >General info</A
 ></DT
 ><DT
->25.3. <A
-HREF="bugreport.html#AEN3325"
+>23.3. <A
+HREF="bugreport.html#AEN3437"
 >Debug levels</A
 ></DT
 ><DT
->25.4. <A
-HREF="bugreport.html#AEN3342"
+>23.4. <A
+HREF="bugreport.html#AEN3454"
 >Internal errors</A
 ></DT
 ><DT
->25.5. <A
-HREF="bugreport.html#AEN3352"
+>23.5. <A
+HREF="bugreport.html#AEN3464"
 >Attaching to a running process</A
 ></DT
 ><DT
->25.6. <A
-HREF="bugreport.html#AEN3355"
+>23.6. <A
+HREF="bugreport.html#AEN3467"
 >Patches</A
 ></DT
 ></DL
 ></DD
 ><DT
->26. <A
+>24. <A
 HREF="diagnosis.html"
 >Diagnosing your samba server</A
 ></DT
 ><DD
 ><DL
 ><DT
->26.1. <A
-HREF="diagnosis.html#AEN3378"
+>24.1. <A
+HREF="diagnosis.html#AEN3490"
 >Introduction</A
 ></DT
 ><DT
->26.2. <A
-HREF="diagnosis.html#AEN3383"
+>24.2. <A
+HREF="diagnosis.html#AEN3495"
 >Assumptions</A
 ></DT
 ><DT
->26.3. <A
-HREF="diagnosis.html#AEN3393"
+>24.3. <A
+HREF="diagnosis.html#AEN3505"
 >Tests</A
 ></DT
 ><DT
->26.4. <A
-HREF="diagnosis.html#AEN3503"
+>24.4. <A
+HREF="diagnosis.html#AEN3615"
 >Still having troubles?</A
 ></DT
 ></DL
diff --git a/docs/htmldocs/samba-ldap-howto.html b/docs/htmldocs/samba-ldap-howto.html
index 884bb756c1..fa966d8eb1 100644
--- a/docs/htmldocs/samba-ldap-howto.html
+++ b/docs/htmldocs/samba-ldap-howto.html
@@ -5,8 +5,7 @@
 >Storing Samba's User/Machine Account information in an LDAP Directory</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="SAMBA-LDAP-HOWTO">Chapter 19. Storing Samba's User/Machine Account information in an LDAP Directory</H1
+NAME="SAMBA-LDAP-HOWTO"
+></A
+>Chapter 17. Storing Samba's User/Machine Account information in an LDAP Directory</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2737">19.1. Purpose</H1
+NAME="AEN2957"
+></A
+>17.1. Purpose</H1
 ><P
 >This document describes how to use an LDAP directory for storing Samba user
 account information traditionally stored in the smbpasswd(5) file.  It is
@@ -145,7 +148,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2757">19.2. Introduction</H1
+NAME="AEN2977"
+></A
+>17.2. Introduction</H1
 ><P
 >Traditionally, when configuring <A
 HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
@@ -260,7 +265,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2786">19.3. Supported LDAP Servers</H1
+NAME="AEN3006"
+></A
+>17.3. Supported LDAP Servers</H1
 ><P
 >The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
 2.0 server and client libraries.  The same code should be able to work with
@@ -283,7 +290,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2791">19.4. Schema and Relationship to the RFC 2307 posixAccount</H1
+NAME="AEN3011"
+></A
+>17.4. Schema and Relationship to the RFC 2307 posixAccount</H1
 ><P
 >Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
 <TT
@@ -340,13 +349,17 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2803">19.5. Configuring Samba with LDAP</H1
+NAME="AEN3023"
+></A
+>17.5. Configuring Samba with LDAP</H1
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2805">19.5.1. OpenLDAP configuration</H2
+NAME="AEN3025"
+></A
+>17.5.1. OpenLDAP configuration</H2
 ><P
 >To include support for the sambaAccount object in an OpenLDAP directory
 server, first copy the samba.schema file to slapd's configuration directory.</P
@@ -426,7 +439,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2822">19.5.2. Configuring Samba</H2
+NAME="AEN3042"
+></A
+>17.5.2. Configuring Samba</H2
 ><P
 >The following parameters are available in smb.conf only with <TT
 CLASS="PARAMETER"
@@ -544,7 +559,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2850">19.6. Accounts and Groups management</H1
+NAME="AEN3070"
+></A
+>17.6. Accounts and Groups management</H1
 ><P
 >As users accounts are managed thru the sambaAccount objectclass, you should
 modify you existing administration tools to deal with sambaAccount attributes.</P
@@ -567,7 +584,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2855">19.7. Security and sambaAccount</H1
+NAME="AEN3075"
+></A
+>17.7. Security and sambaAccount</H1
 ><P
 >There are two important points to remember when discussing the security
 of sambaAccount entries in the directory.</P
@@ -644,7 +663,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2875">19.8. LDAP specials attributes for sambaAccounts</H1
+NAME="AEN3095"
+></A
+>17.8. LDAP specials attributes for sambaAccounts</H1
 ><P
 >The sambaAccount objectclass is composed of the following attributes:</P
 ><P
@@ -853,7 +874,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2945">19.9. Example LDIF Entries for a sambaAccount</H1
+NAME="AEN3165"
+></A
+>17.9. Example LDIF Entries for a sambaAccount</H1
 ><P
 >The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
 ><P
@@ -909,7 +932,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2953">19.10. Comments</H1
+NAME="AEN3173"
+></A
+>17.10. Comments</H1
 ><P
 >Please mail all comments regarding this HOWTO to <A
 HREF="mailto:jerry@samba.org"
diff --git a/docs/htmldocs/samba-pdc.html b/docs/htmldocs/samba-pdc.html
index 93bbc727d4..63a52129d0 100644
--- a/docs/htmldocs/samba-pdc.html
+++ b/docs/htmldocs/samba-pdc.html
@@ -2,11 +2,10 @@
 <HTML
 ><HEAD
 ><TITLE
->How to Configure Samba as a NT4 Primary Domain Controller</TITLE
+>Samba as a NT4 or Win2k Primary Domain Controller</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="SAMBA-PDC">Chapter 6. How to Configure Samba as a NT4 Primary Domain Controller</H1
+NAME="SAMBA-PDC"
+></A
+>Chapter 5. Samba as a NT4 or Win2k Primary Domain Controller</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN575">6.1. Prerequisite Reading</H1
+NAME="AEN722"
+></A
+>5.1. Prerequisite Reading</H1
 ><P
 >Before you continue reading in this chapter, please make sure 
 that you are comfortable with configuring basic files services
@@ -105,7 +108,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN581">6.2. Background</H1
+NAME="AEN728"
+></A
+>5.2. Background</H1
 ><DIV
 CLASS="NOTE"
 ><P
@@ -120,7 +125,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -255,7 +260,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN620">6.3. Configuring the Samba Domain Controller</H1
+NAME="AEN767"
+></A
+>5.3. Configuring the Samba Domain Controller</H1
 ><P
 >The first step in creating a working Samba PDC is to 
 understand the parameters necessary in smb.conf.  I will not
@@ -465,7 +472,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN663">6.4. Creating Machine Trust Accounts and Joining Clients to the
+NAME="AEN810"
+></A
+>5.4. Creating Machine Trust Accounts and Joining Clients to the
 Domain</H1
 ><P
 >A machine trust account is a Samba account that is used to
@@ -537,7 +546,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN682">6.4.1. Manual Creation of Machine Trust Accounts</H2
+NAME="AEN829"
+></A
+>5.4.1. Manual Creation of Machine Trust Accounts</H2
 ><P
 >The first step in manually creating a machine trust account is to
 manually create the corresponding Unix account in
@@ -689,7 +700,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -725,7 +736,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN723">6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</H2
+NAME="AEN870"
+></A
+>5.4.2. "On-the-Fly" Creation of Machine Trust Accounts</H2
 ><P
 >The second (and recommended) way of creating machine trust accounts is
 simply to allow the Samba server to create them as needed when the client
@@ -751,7 +764,7 @@ be created manually.</P
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
-   # &#60;...remainder of parameters...&#62;
+   # &lt;...remainder of parameters...&gt;
    add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE
 ></P
 ></DIV
@@ -760,7 +773,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN732">6.4.3. Joining the Client to the Domain</H2
+NAME="AEN879"
+></A
+>5.4.3. Joining the Client to the Domain</H2
 ><P
 >The procedure for joining a client to the domain varies with the
 version of Windows.</P
@@ -826,7 +841,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN747">6.5. Common Problems and Errors</H1
+NAME="AEN894"
+></A
+>5.5. Common Problems and Errors</H1
 ><P
 ></P
 ><P
@@ -1034,7 +1051,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN795">6.6. System Policies and Profiles</H1
+NAME="AEN942"
+></A
+>5.6. System Policies and Profiles</H1
 ><P
 >Much of the information necessary to implement System Policies and
 Roving User Profiles in a Samba domain is the same as that for 
@@ -1209,7 +1228,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN839">6.7. What other help can I get?</H1
+NAME="AEN986"
+></A
+>5.7. What other help can I get?</H1
 ><P
 >There are many sources of information available in the form 
 of mailing lists, RFC's and documentation.  The docs that come 
@@ -1627,7 +1648,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN953">6.8. Domain Control for Windows 9x/ME</H1
+NAME="AEN1100"
+></A
+>5.8. Domain Control for Windows 9x/ME</H1
 ><DIV
 CLASS="NOTE"
 ><P
@@ -1642,7 +1665,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -1704,7 +1727,7 @@ TYPE="1"
 ><LI
 ><P
 >	The client broadcasts (to the IP broadcast address of the subnet it is in)
-	a NetLogon request. This is sent to the NetBIOS name DOMAIN&#60;1c&#62; at the
+	a NetLogon request. This is sent to the NetBIOS name DOMAIN&lt;1c&gt; at the
 	NetBIOS layer.  The client chooses the first response it receives, which
 	contains the NetBIOS name of the logon server to use in the format of 
 	\\SERVER.
@@ -1759,7 +1782,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN979">6.8.1. Configuration Instructions:	Network Logons</H2
+NAME="AEN1126"
+></A
+>5.8.1. Configuration Instructions:	Network Logons</H2
 ><P
 >The main difference between a PDC and a Windows 9x logon 
 server configuration is that</P
@@ -1792,7 +1817,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -1863,7 +1888,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN998">6.8.2. Configuration Instructions:	Setting up Roaming User Profiles</H2
+NAME="AEN1145"
+></A
+>5.8.2. Configuration Instructions:	Setting up Roaming User Profiles</H2
 ><DIV
 CLASS="WARNING"
 ><P
@@ -1878,7 +1905,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TD
@@ -1914,7 +1941,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1006">6.8.2.1. Windows NT Configuration</H3
+NAME="AEN1153"
+></A
+>5.8.2.1. Windows NT Configuration</H3
 ><P
 >To support WinNT clients, in the [global] section of smb.conf set the
 following (for example):</P
@@ -1943,7 +1972,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -1963,7 +1992,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1014">6.8.2.2. Windows 9X Configuration</H3
+NAME="AEN1161"
+></A
+>5.8.2.2. Windows 9X Configuration</H3
 ><P
 >To support Win9X clients, you must use the "logon home" parameter. Samba has
 now been fixed so that "net use/home" now works as well, and it, too, relies
@@ -1992,7 +2023,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1022">6.8.2.3. Win9X and WinNT Configuration</H3
+NAME="AEN1169"
+></A
+>5.8.2.3. Win9X and WinNT Configuration</H3
 ><P
 >You can support profiles for both Win9X and WinNT clients by setting both the
 "logon home" and "logon path" parameters. For example:</P
@@ -2016,7 +2049,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -2035,7 +2068,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1029">6.8.2.4. Windows 9X Profile Setup</H3
+NAME="AEN1176"
+></A
+>5.8.2.4. Windows 9X Profile Setup</H3
 ><P
 >When a user first logs in on Windows 9X, the file user.DAT is created,
 as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
@@ -2193,7 +2228,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1065">6.8.2.5. Windows NT Workstation 4.0</H3
+NAME="AEN1212"
+></A
+>5.8.2.5. Windows NT Workstation 4.0</H3
 ><P
 >When a user first logs in to a Windows NT Workstation, the profile
 NTuser.DAT is created.  The profile location can be now specified
@@ -2212,7 +2249,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -2270,7 +2307,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -2305,7 +2342,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1078">6.8.2.6. Windows NT Server</H3
+NAME="AEN1225"
+></A
+>5.8.2.6. Windows NT Server</H3
 ><P
 >There is nothing to stop you specifying any path that you like for the
 location of users' profiles.  Therefore, you could specify that the
@@ -2317,7 +2356,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN1081">6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</H3
+NAME="AEN1228"
+></A
+>5.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</H3
 ><DIV
 CLASS="WARNING"
 ><P
@@ -2332,7 +2373,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
@@ -2384,7 +2425,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/note.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif"
 HSPACE="5"
 ALT="Note"></TD
 ><TD
@@ -2408,7 +2449,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1091">6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</H1
+NAME="AEN1238"
+></A
+>5.9. DOMAIN_CONTROL.txt : Windows NT Domain Control &amp; Samba</H1
 ><DIV
 CLASS="WARNING"
 ><P
@@ -2423,7 +2466,7 @@ WIDTH="25"
 ALIGN="CENTER"
 VALIGN="TOP"
 ><IMG
-SRC="../images/warning.gif"
+SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif"
 HSPACE="5"
 ALT="Warning"></TD
 ><TH
diff --git a/docs/htmldocs/samba.7.html b/docs/htmldocs/samba.7.html
index 0851e99bd5..796bce7d20 100644
--- a/docs/htmldocs/samba.7.html
+++ b/docs/htmldocs/samba.7.html
@@ -5,7 +5,7 @@
 >samba</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SAMBA"
+NAME="SAMBA.7"
 ></A
 >samba</H1
 ><DIV
@@ -25,7 +25,7 @@ NAME="AEN5"
 ></A
 ><H2
 >Name</H2
->SAMBA&nbsp;--&nbsp;A Windows SMB/CIFS fileserver for UNIX</DIV
+>Samba&nbsp;--&nbsp;A Windows SMB/CIFS fileserver for UNIX</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
@@ -63,29 +63,37 @@ TARGET="_top"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
-><B
-CLASS="COMMAND"
->smbd</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
->smbd </B
->
-		daemon provides the file and print services to 
+>smbd</B
+> daemon provides the file and print services to 
 		SMB clients, such as Windows 95/98, Windows NT, Windows 
 		for Workgroups or LanManager. The configuration file 
-		for this daemon is described in <TT
-CLASS="FILENAME"
->smb.conf</TT
+		for this daemon is described in <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 >
 		</P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->nmbd</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 ></DT
 ><DD
 ><P
@@ -95,15 +103,21 @@ CLASS="COMMAND"
 >
 		daemon provides NetBIOS nameservice and browsing
 		support. The configuration file for this daemon 
-		is described in <TT
-CLASS="FILENAME"
->smb.conf</TT
+		is described in <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 ></P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->smbclient</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
 ></DT
 ><DD
 ><P
@@ -118,9 +132,12 @@ CLASS="COMMAND"
 		any SMB server (such as a PC running Windows NT).</P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->testparm</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testparm</SPAN
+>(1)</SPAN
 ></DT
 ><DD
 ><P
@@ -128,16 +145,21 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >testparm</B
 >
-		utility is a simple syntax checker for Samba's
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
->configuration file.</P
+		utility is a simple syntax checker for Samba's <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> configuration file.</P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->testprns</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testprns</SPAN
+>(1)</SPAN
 ></DT
 ><DD
 ><P
@@ -153,9 +175,12 @@ CLASS="FILENAME"
 		by Samba.</P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->smbstatus</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbstatus</SPAN
+>(1)</SPAN
 ></DT
 ><DD
 ><P
@@ -170,9 +195,12 @@ CLASS="COMMAND"
 >.</P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->nmblookup</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmblookup</SPAN
+>(1)</SPAN
 ></DT
 ><DD
 ><P
@@ -184,26 +212,30 @@ CLASS="COMMAND"
 		from a UNIX host.</P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->make_smbcodepage</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbgroupedit</SPAN
+>(8)</SPAN
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
->make_smbcodepage</B
+>smbgroupedit</B
 >
-		utility provides a means of creating SMB code page 
-		definition files for your <B
-CLASS="COMMAND"
->smbd</B
-> server.</P
+		tool allows for mapping unix groups to NT Builtin,
+		Domain, or Local groups. Also it allows setting
+		priviledges for that group, such as saAddUser, etc.</P
 ></DD
 ><DT
-><B
-CLASS="COMMAND"
->smbpasswd</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
 ></DT
 ><DD
 ><P
@@ -220,7 +252,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN76"
+NAME="AEN99"
 ></A
 ><H2
 >COMPONENTS</H2
@@ -249,7 +281,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN82"
+NAME="AEN105"
 ></A
 ><H2
 >AVAILABILITY</H2
@@ -274,8 +306,8 @@ TARGET="_top"
 	list. Details on how to join the mailing list are given in 
 	the README file that comes with Samba.</P
 ><P
->If you have access to a WWW viewer (such as Netscape 
-	or Mosaic) then you will also find lots of useful information, 
+>If you have access to a WWW viewer (such as Mozilla
+	or Konqueror) then you will also find lots of useful information, 
 	including back issues of the Samba mailing list, at
 	<A
 HREF="http://lists.samba.org/"
@@ -286,18 +318,18 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN90"
+NAME="AEN113"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 2.2 of the 
+>This man page is correct for version 3.0 of the 
 	Samba suite. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN93"
+NAME="AEN116"
 ></A
 ><H2
 >CONTRIBUTIONS</H2
@@ -317,8 +349,8 @@ HREF="http://devel.samba.org/"
 TARGET="_top"
 >http://devel.samba.org/</A
 >
-	for information on how to do it properly. We prefer patches in
-	<B
+	for information on how to do it properly. We prefer patches 
+	in <B
 CLASS="COMMAND"
 >diff -u</B
 > format.</P
@@ -326,7 +358,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN100"
+NAME="AEN123"
 ></A
 ><H2
 >CONTRIBUTORS</H2
@@ -358,7 +390,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN107"
+NAME="AEN130"
 ></A
 ><H2
 >AUTHOR</H2
@@ -370,14 +402,14 @@ NAME="AEN107"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML
+	4.2 for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/securitylevels.html b/docs/htmldocs/securitylevels.html
index f1b9967540..9501fa5c6a 100644
--- a/docs/htmldocs/securitylevels.html
+++ b/docs/htmldocs/securitylevels.html
@@ -5,8 +5,7 @@
 >User and Share security level (for servers not in a domain)</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -17,7 +16,7 @@ REL="PREVIOUS"
 TITLE="Type of installation"
 HREF="type.html"><LINK
 REL="NEXT"
-TITLE="How to Configure Samba as a NT4 Primary Domain Controller"
+TITLE="Samba as a NT4 or Win2k Primary Domain Controller"
 HREF="samba-pdc.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
@@ -73,7 +72,9 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="SECURITYLEVELS">Chapter 5. User and Share security level (for servers not in a domain)</H1
+NAME="SECURITYLEVELS"
+></A
+>Chapter 4. User and Share security level (for servers not in a domain)</H1
 ><P
 >A SMB server tells the client at startup what "security level" it is
 running. There are two options "share level" and "user level". Which
@@ -225,7 +226,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->How to Configure Samba as a NT4 Primary Domain Controller</TD
+>Samba as a NT4 or Win2k Primary Domain Controller</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html
index 9c1ee7a67b..5a8bfe7d67 100644
--- a/docs/htmldocs/smb.conf.5.html
+++ b/docs/htmldocs/smb.conf.5.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >smb.conf</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMB.CONF">smb.conf</H1
+NAME="SMB.CONF.5"
+></A
+>smb.conf</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -36,31 +37,29 @@ NAME="AEN8"
 >The <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> file is a configuration 
+> file is a configuration  
 	file for the Samba suite. <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> contains 
-	runtime configuration information for the Samba programs. The
-	<TT
+> contains  
+	runtime configuration information for the Samba programs. The <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> file is designed to be configured and 
-	administered by the <A
-HREF="swat.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->swat(8)</B
->
-	</A
-> program. The complete description of the file format and 
-	possible parameters held within are here for reference purposes.</P
+> file 
+	is designed to be configured and  administered by the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>swat</SPAN
+>(8)</SPAN
+> program. The complete
+	description of the file format and possible parameters held within
+	are here for reference purposes.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN16"
+NAME="AEN17"
 ></A
 ><H2
 >FILE FORMAT</H2
@@ -110,7 +109,7 @@ CLASS="REPLACEABLE"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN28"
+NAME="AEN29"
 ></A
 ><H2
 >SECTION DESCRIPTIONS</H2
@@ -123,9 +122,12 @@ NAME="AEN28"
 ><P
 >There are three special sections, [global],
 	[homes] and [printers], which are
-	described under <I
+	described under <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >special sections</I
+></SPAN
 >. The
 	following notes apply to ordinary section descriptions.</P
 ><P
@@ -139,14 +141,20 @@ CLASS="EMPHASIS"
 	printable services (used by the client to access print services 
 	on the host running the server).</P
 ><P
->Sections may be designated <I
+>Sections may be designated <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >guest</I
+></SPAN
 > services,
 	in which case no password is required to access them. A specified 
-	UNIX <I
+	UNIX <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >guest account</I
+></SPAN
 > is used to define access
 	privileges in this case.</P
 ><P
@@ -168,68 +176,49 @@ CLASS="FILENAME"
 >/home/bar</TT
 >. 
 	The share is accessed via the share name "foo":</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
 ><PRE
 CLASS="SCREEN"
->	<TT
+><TT
 CLASS="COMPUTEROUTPUT"
-> 	[foo]
- 		path = /home/bar
- 		read only = no
-	</TT
->
-	</PRE
-></TD
-></TR
-></TABLE
+>[foo]
+	path = /home/bar
+	read only = no</TT
+></PRE
 ><P
 >The following sample section defines a printable share. 
 	The share is readonly, but printable. That is, the only write 
 	access permitted is via calls to open, write to and close a 
-	spool file. The <I
+	spool file. The <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >guest ok</I
+></SPAN
 > parameter means 
 	access will be permitted as the default guest user (specified 
 	elsewhere):</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
 ><PRE
 CLASS="SCREEN"
->	<TT
+><TT
 CLASS="COMPUTEROUTPUT"
-> 	[aprinter]
- 		path = /usr/spool/public
- 		read only = yes
- 		printable = yes
- 		guest ok = yes
-	</TT
->
-	</PRE
-></TD
-></TR
-></TABLE
+>[aprinter]
+	path = /usr/spool/public
+	read only = yes
+	printable = yes
+	guest ok = yes</TT
+></PRE
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN48"
+NAME="AEN49"
 ></A
 ><H2
 >SPECIAL SECTIONS</H2
 ><DIV
 CLASS="REFSECT2"
 ><A
-NAME="AEN50"
+NAME="AEN51"
 ></A
 ><H3
 >The [global] section</H3
@@ -242,7 +231,7 @@ NAME="AEN50"
 ><DIV
 CLASS="REFSECT2"
 ><A
-NAME="AEN53"
+NAME="AEN54"
 ></A
 ><H3
 >The [homes] section</H3
@@ -275,9 +264,12 @@ NAME="AEN53"
 ></LI
 ></UL
 ><P
->If you decide to use a <I
+>If you decide to use a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >path =</I
+></SPAN
 > line 
 		in your [homes] section then you may find it useful 
 		to use the %S macro. For example :</P
@@ -306,47 +298,48 @@ CLASS="USERINPUT"
 		a normal service section can specify, though some make more sense 
 		than others. The following is a typical and suitable [homes]
 		section:</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
 ><PRE
 CLASS="SCREEN"
->		<TT
+><TT
 CLASS="COMPUTEROUTPUT"
->	 	[homes]
- 			read only = no
-		</TT
->
-		</PRE
-></TD
-></TR
-></TABLE
+>[homes]
+	read only = no</TT
+></PRE
 ><P
 >An important point is that if guest access is specified 
 		in the [homes] section, all home directories will be 
-		visible to all clients <I
+		visible to all clients <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >without a password</I
+></SPAN
 >. 
 		In the very unlikely event that this is actually desirable, it 
-		would be wise to also specify <I
+		would be wise to also specify <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >read only
 		access</I
+></SPAN
 >.</P
 ><P
->Note that the <I
+>Note that the <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >browseable</I
+></SPAN
 > flag for 
 		auto home directories will be inherited from the global browseable 
 		flag, not the [homes] browseable flag. This is useful as 
-		it means setting <I
+		it means setting <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >browseable = no</I
+></SPAN
 > in
 		the [homes] section will hide the [homes] share but make
 		any auto home directories visible.</P
@@ -354,7 +347,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT2"
 ><A
-NAME="AEN79"
+NAME="AEN80"
 ></A
 ><H3
 >The [printers] section</H3
@@ -406,48 +399,27 @@ NAME="AEN79"
 		world-writeable spool directory with the sticky bit set on 
 		it. A typical [printers] entry would look like 
 		this:</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
 ><PRE
 CLASS="SCREEN"
 ><TT
 CLASS="COMPUTEROUTPUT"
->	 	[printers]
- 			path = /usr/spool/public
- 			guest ok = yes
- 			printable = yes 
-		</TT
+>[printers]
+	path = /usr/spool/public
+	guest ok = yes
+	printable = yes </TT
 ></PRE
-></TD
-></TR
-></TABLE
 ><P
 >All aliases given for a printer in the printcap file 
 		are legitimate printer names as far as the server is concerned. 
 		If your printing subsystem doesn't work like that, you will have 
 		to set up a pseudo-printcap. This is a file consisting of one or 
 		more lines like this:</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
 ><PRE
 CLASS="SCREEN"
->		<TT
+><TT
 CLASS="COMPUTEROUTPUT"
->	        alias|alias|alias|alias...    
-		</TT
->
-		</PRE
-></TD
-></TR
-></TABLE
+>alias|alias|alias|alias...    </TT
+></PRE
 ><P
 >Each alias should be an acceptable printer name for 
 		your printing subsystem. In the [global] section, specify 
@@ -471,7 +443,7 @@ CLASS="COMPUTEROUTPUT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN102"
+NAME="AEN103"
 ></A
 ><H2
 >PARAMETERS</H2
@@ -479,29 +451,44 @@ NAME="AEN102"
 >parameters define the specific attributes of sections.</P
 ><P
 >Some parameters are specific to the [global] section
-	(e.g., <I
+	(e.g., <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >security</I
+></SPAN
 >).  Some parameters are usable 
-	in all sections (e.g., <I
+	in all sections (e.g., <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >create mode</I
+></SPAN
 >). All others 
 	are permissible only in normal sections. For the purposes of the 
 	following descriptions the [homes] and [printers]
-	sections will be considered normal.  The letter <I
+	sections will be considered normal.  The letter <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >G</I
+></SPAN
 > 
 	in parentheses indicates that a parameter is specific to the
-	[global] section. The letter <I
+	[global] section. The letter <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >S</I
+></SPAN
 >
 	indicates that a parameter can be specified in a service specific
-	section. Note that all <I
+	section. Note that all <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >S</I
+></SPAN
 > parameters can also be specified in 
 	the [global] section - in which case they will define
 	the default behavior for all services.</P
@@ -514,7 +501,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN112"
+NAME="AEN113"
 ></A
 ><H2
 >VARIABLE SUBSTITUTIONS</H2
@@ -691,9 +678,12 @@ CLASS="VARIABLELIST"
 ><P
 >the name of your NIS home directory server.  
 		This is obtained from your NIS auto.map entry.  If you have 
-		not compiled Samba with the <I
+		not compiled Samba with the <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >--with-automount</I
+></SPAN
 > 
 		option then this value will be the same as %L.</P
 ></DD
@@ -714,7 +704,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN205"
+NAME="AEN206"
 ></A
 ><H2
 >NAME MANGLING</H2
@@ -743,9 +733,12 @@ CLASS="VARIABLELIST"
 > controls if names that have characters that 
 		aren't of the "default" case are mangled. For example, 
 		if this is yes then a name like "Mail" would be mangled. 
-		Default <I
+		Default <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no</I
+></SPAN
 >.</P
 ></DD
 ><DT
@@ -754,9 +747,12 @@ CLASS="EMPHASIS"
 ><P
 >controls whether filenames are case sensitive. If 
 		they aren't then Samba must do a filename search and match on passed 
-		names. Default <I
+		names. Default <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no</I
+></SPAN
 >.</P
 ></DD
 ><DT
@@ -764,9 +760,12 @@ CLASS="EMPHASIS"
 ><DD
 ><P
 >controls what the default case is for new 
-		filenames. Default <I
+		filenames. Default <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >lower</I
+></SPAN
 >.</P
 ></DD
 ><DT
@@ -775,9 +774,12 @@ CLASS="EMPHASIS"
 ><P
 >controls if new files are created with the 
 		case that the client passes, or if they are forced to be the 
-		"default" case. Default <I
+		"default" case. Default <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >yes</I
+></SPAN
 >.
 		</P
 ></DD
@@ -790,9 +792,12 @@ CLASS="EMPHASIS"
 		upper case, or if they are forced to be the "default" 
 		case. This option can be use with "preserve case = yes" 
 		to permit long filenames to retain their case, while short names 
-		are lowercased. Default <I
+		are lowercased. Default <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >yes</I
+></SPAN
 >.</P
 ></DD
 ></DL
@@ -804,7 +809,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN238"
+NAME="AEN239"
 ></A
 ><H2
 >NOTE ABOUT USERNAME/PASSWORD VALIDATION</H2
@@ -882,7 +887,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN257"
+NAME="AEN258"
 ></A
 ><H2
 >COMPLETE LIST OF GLOBAL PARAMETERS</H2
@@ -3177,7 +3182,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN1021"
+NAME="AEN1022"
 ></A
 ><H2
 >COMPLETE LIST OF SERVICE PARAMETERS</H2
@@ -4692,7 +4697,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN1525"
+NAME="AEN1526"
 ></A
 ><H2
 >EXPLANATION OF EACH PARAMETER</H2
@@ -4705,22 +4710,23 @@ CLASS="VARIABLELIST"
 ><A
 NAME="ABORTSHUTDOWNSCRIPT"
 ></A
->abort shutdown script (G)</DT
+>&#62;abort shutdown script (G)</DT
 ><DD
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >This parameter only exists in the HEAD cvs branch</I
+></SPAN
 >
-		This a full path name to a script called by
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->  that
+		This a full path name to a script called by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> that
 		should stop a shutdown procedure issued by the <A
 HREF="#SHUTDOWNSCRIPT"
 ><TT
@@ -4733,9 +4739,12 @@ CLASS="PARAMETER"
 ><P
 >This command will be run as user.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >None</I
+></SPAN
 >.</P
 ><P
 >Example: <B
@@ -4747,7 +4756,7 @@ CLASS="COMMAND"
 ><A
 NAME="ADDPRINTERCOMMAND"
 ></A
->addprinter command (G)</DT
+>&#62;addprinter command (G)</DT
 ><DD
 ><P
 >With the introduction of MS-RPC based printing
@@ -4771,14 +4780,12 @@ CLASS="PARAMETER"
 CLASS="FILENAME"
 >smb.conf</TT
 > file in order that it can be 
-		shared by <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
->
-		</A
+		shared by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 >.</P
 ><P
 >The <TT
@@ -4788,7 +4795,7 @@ CLASS="PARAMETER"
 ></TT
 > is
 		automatically invoked with the following parameter (in 
-		order:</P
+		order):</P
 ><P
 ></P
 ><UL
@@ -4902,9 +4909,12 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -4917,7 +4927,7 @@ CLASS="COMMAND"
 ><A
 NAME="ADDSHARECOMMAND"
 ></A
->add share command (G)</DT
+>&#62;add share command (G)</DT
 ><DD
 ><P
 >Samba 2.2.0 introduced the ability to dynamically 
@@ -5043,9 +5053,12 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -5057,15 +5070,17 @@ CLASS="COMMAND"
 ><A
 NAME="ADDMACHINESCRIPT"
 ></A
->add machine script (G)</DT
+>&#62;add machine script (G)</DT
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
->  when a machine is added
+		be run by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> when a machine is added
                 to it's domain using the administrator username and password method. </P
 ><P
 >This option is only required when using sam back-ends tied to the
@@ -5074,7 +5089,7 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->add machine script = &#60;empty string&#62;
+>add machine script = &lt;empty string&gt;
 		</B
 ></P
 ><P
@@ -5088,7 +5103,7 @@ CLASS="COMMAND"
 ><A
 NAME="ADSSERVER"
 ></A
->ads server (G)</DT
+>&#62;ads server (G)</DT
 ><DD
 ><P
 >If this option is specified, samba does 
@@ -5110,18 +5125,22 @@ CLASS="COMMAND"
 ><A
 NAME="ADDUSERSCRIPT"
 ></A
->add user script (G)</DT
+>&#62;add user script (G)</DT
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run <I
+		be run <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)
-		</A
+></SPAN
+> by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > under special circumstances described below.</P
 ><P
 >Normally, a Samba server requires that UNIX users are 
@@ -5133,19 +5152,26 @@ HREF="smbd.8.html"
 TARGET="_top"
 >smbd</A
 > to create the required UNIX users 
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >ON DEMAND</I
+></SPAN
 > when a user accesses the Samba server.</P
 ><P
->In order to use this option, <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> 
-		must <I
+>In order to use this option, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> must <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > be set to <TT
 CLASS="PARAMETER"
 ><I
@@ -5168,10 +5194,12 @@ CLASS="PARAMETER"
 		the UNIX user name to create.</P
 ><P
 >When the Windows user attempts to access the Samba server, 
-		at login (session setup in the SMB protocol) time, <A
-HREF="smbd.8.html"
-TARGET="_top"
->		smbd</A
+		at login (session setup in the SMB protocol) time, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > contacts the <TT
 CLASS="PARAMETER"
 ><I
@@ -5194,9 +5222,12 @@ CLASS="PARAMETER"
 CLASS="COMMAND"
 >smbd</B
 > will
-		call the specified script <I
+		call the specified script <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
+></SPAN
 >, expanding 
 		any <TT
 CLASS="PARAMETER"
@@ -5243,7 +5274,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->add user script = &#60;empty string&#62;
+>add user script = &lt;empty string&gt;
 		</B
 ></P
 ><P
@@ -5257,17 +5288,22 @@ CLASS="COMMAND"
 ><A
 NAME="ADDGROUPSCRIPT"
 ></A
->add group script (G)</DT
+>&#62;add group script (G)</DT
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run <I
+		be run <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+></SPAN
+> by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > when a new group is
                 requested. It will expand any
                 <TT
@@ -5288,7 +5324,7 @@ CLASS="PARAMETER"
 ><A
 NAME="ADMINUSERS"
 ></A
->admin users (S)</DT
+>&#62;admin users (S)</DT
 ><DD
 ><P
 >This is a list of users who will be granted 
@@ -5299,9 +5335,12 @@ NAME="ADMINUSERS"
 		this list will be able to do anything they like on the share, 
 		irrespective of file permissions.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no admin users</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -5313,32 +5352,36 @@ CLASS="COMMAND"
 ><A
 NAME="ADDUSERTOGROUPSCRIPT"
 ></A
->add user to group script (G)</DT
+>&#62;add user to group script (G)</DT
 ><DD
 ><P
 >Full path to the script that will be called when 
 		a user is added to a group using the Windows NT domain administration 
-		tools. It will be run by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> 
-		<I
+		tools. It will be run by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>	<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
->. Any <TT
+></SPAN
+>. 
+		Any <TT
 CLASS="PARAMETER"
 ><I
 >%g</I
 ></TT
-> will be 
-		replaced with the group name and any <TT
+> will be replaced with the group name and 
+		any <TT
 CLASS="PARAMETER"
 ><I
 >%u</I
 ></TT
-> will 
-		be replaced with the user name.
+> will be replaced with the user name.
 		</P
 ><P
 >Default: <B
@@ -5355,7 +5398,7 @@ CLASS="COMMAND"
 ><A
 NAME="ALLOWHOSTS"
 ></A
->allow hosts (S)</DT
+>&#62;allow hosts (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -5372,7 +5415,7 @@ CLASS="PARAMETER"
 ><A
 NAME="ALGORITHMICRIDBASE"
 ></A
->algorithmic rid base (G)</DT
+>&#62;algorithmic rid base (G)</DT
 ><DD
 ><P
 >This determines how Samba will use its
@@ -5404,7 +5447,7 @@ CLASS="COMMAND"
 ><A
 NAME="ALLOWTRUSTEDDOMAINS"
 ></A
->allow trusted domains (G)</DT
+>&#62;allow trusted domains (G)</DT
 ><DD
 ><P
 >This option only takes effect when the <A
@@ -5450,19 +5493,16 @@ CLASS="COMMAND"
 ><A
 NAME="ANNOUNCEAS"
 ></A
->announce as (G)</DT
+>&#62;announce as (G)</DT
 ><DD
 ><P
->This specifies what type of server 
-		<A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd</B
-></A
-> 
-		will announce itself as, to a network neighborhood browse 
+>This specifies what type of server <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+> will announce itself as, to a network neighborhood browse 
 		list. By default this is set to Windows NT. The valid options 
 		are : "NT Server" (which can also be written as "NT"), 
 		"NT Workstation", "Win95" or "WfW" meaning Windows NT Server, 
@@ -5486,7 +5526,7 @@ CLASS="COMMAND"
 ><A
 NAME="ANNOUNCEVERSION"
 ></A
->announce version (G)</DT
+>&#62;announce version (G)</DT
 ><DD
 ><P
 >This specifies the major and minor version numbers 
@@ -5508,7 +5548,7 @@ CLASS="COMMAND"
 ><A
 NAME="AUTOSERVICES"
 ></A
->auto services (G)</DT
+>&#62;auto services (G)</DT
 ><DD
 ><P
 >This is a synonym for the <A
@@ -5525,7 +5565,7 @@ CLASS="PARAMETER"
 ><A
 NAME="AUTHMETHODS"
 ></A
->auth methods (G)</DT
+>&#62;auth methods (G)</DT
 ><DD
 ><P
 >This option allows the administrator to chose what
@@ -5550,7 +5590,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->auth methods = &#60;empty string&#62;</B
+>auth methods = &lt;empty string&gt;</B
 ></P
 ><P
 >Example: <B
@@ -5562,7 +5602,7 @@ CLASS="COMMAND"
 ><A
 NAME="AVAILABLE"
 ></A
->available (S)</DT
+>&#62;available (S)</DT
 ><DD
 ><P
 >This parameter lets you "turn off" a service. If 
@@ -5571,9 +5611,12 @@ CLASS="PARAMETER"
 ><I
 >available = no</I
 ></TT
->, then <I
+>, then <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >ALL</I
+></SPAN
 > 
 		attempts to connect to the service will fail. Such failures are 
 		logged.</P
@@ -5587,22 +5630,24 @@ CLASS="COMMAND"
 ><A
 NAME="BINDINTERFACESONLY"
 ></A
->bind interfaces only (G)</DT
+>&#62;bind interfaces only (G)</DT
 ><DD
 ><P
 >This global parameter allows the Samba admin 
 		to limit what interfaces on a machine will serve SMB requests. It 
-		affects file service <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> and 
-		name service <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> in slightly 
-		different ways.</P
+		affects file service <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> and name service <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+> in a slightly different ways.</P
 ><P
 >For name service it causes <B
 CLASS="COMMAND"
@@ -5657,12 +5702,14 @@ CLASS="COMMAND"
 >nmbd</B
 >.</P
 ><P
->For file service it causes <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
->
-		to bind only to the interface list given in the <A
+>For file service it causes <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> to bind only to the interface list 
+		given in the <A
 HREF="#INTERFACES"
 >		interfaces</A
 > parameter. This restricts the networks that 
@@ -5680,40 +5727,42 @@ CLASS="PARAMETER"
 >bind interfaces only</I
 ></TT
 > is set then 
-		unless the network address <I
+		unless the network address <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >127.0.0.1</I
+></SPAN
 > is added 
 		to the <TT
 CLASS="PARAMETER"
 ><I
 >interfaces</I
 ></TT
-> parameter list <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)</B
-></A
-> 
-		and <A
-HREF="swat.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->swat(8)</B
-></A
-> may 
-		not work as expected due to the reasons covered below.</P
+> parameter list <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
+> and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>swat</SPAN
+>(8)</SPAN
+> may not work as expected due to the reasons covered below.</P
 ><P
 >To change a users SMB password, the <B
 CLASS="COMMAND"
 >smbpasswd</B
 >
-		by default connects to the <I
+		by default connects to the <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >localhost - 127.0.0.1</I
+></SPAN
 > 
 		address as an SMB client to issue the password change request. If 
 		<TT
@@ -5722,9 +5771,12 @@ CLASS="PARAMETER"
 >bind interfaces only</I
 ></TT
 > is set then unless the 
-		network address <I
+		network address <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >127.0.0.1</I
+></SPAN
 > is added to the
 		<TT
 CLASS="PARAMETER"
@@ -5739,10 +5791,13 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >smbpasswd</B
 > can be forced to use the primary IP interface 
-		of the local host by using its <A
-HREF="smbpasswd.8.html#minusr"
-TARGET="_top"
->		<TT
+		of the local host by using its <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
+>	<TT
 CLASS="PARAMETER"
 ><I
 >-r <TT
@@ -5753,8 +5808,7 @@ CLASS="REPLACEABLE"
 ></I
 ></TT
 >
-		</A
-> parameter, with <TT
+		parameter, with <TT
 CLASS="REPLACEABLE"
 ><I
 >remote machine</I
@@ -5773,13 +5827,19 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > at the address 
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >127.0.0.1</I
+></SPAN
 > to determine if they are running.  
-		Not adding <I
+		Not adding <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >127.0.0.1</I
+></SPAN
 >  will cause <B
 CLASS="COMMAND"
 >		smbd</B
@@ -5808,13 +5868,16 @@ CLASS="COMMAND"
 ><A
 NAME="BLOCKINGLOCKS"
 ></A
->blocking locks (S)</DT
+>&#62;blocking locks (S)</DT
 ><DD
 ><P
->This parameter controls the behavior of <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+>This parameter controls the behavior 
+		of <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > when given a request by a client 
 		to obtain a byte range lock on a region of an open file, and the 
 		request has a time limit associated with it.</P
@@ -5841,14 +5904,15 @@ CLASS="COMMAND"
 ><A
 NAME="BLOCKSIZE"
 ></A
->block size (S)</DT
+>&#62;block size (S)</DT
 ><DD
 ><P
->This parameter controls the behavior of 
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+>This parameter controls the behavior of <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > when reporting disk free 
 		sizes. By default, this reports a disk block size of 1024 bytes.
 		</P
@@ -5863,22 +5927,12 @@ TARGET="_top"
 ><P
 >Changing this option does not change the disk free reporting
 		size, just the block size unit reported to the client.</P
-><P
->Default: <B
-CLASS="COMMAND"
->block size = 1024</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->block size = 65536</B
-></P
 ></DD
 ><DT
 ><A
 NAME="BROWSABLE"
 ></A
->browsable (S)</DT
+>&#62;browsable (S)</DT
 ><DD
 ><P
 >See the <A
@@ -5895,16 +5949,15 @@ CLASS="PARAMETER"
 ><A
 NAME="BROWSELIST"
 ></A
->browse list (G)</DT
+>&#62;browse list (G)</DT
 ><DD
 ><P
->This controls whether <A
-HREF="smbd.8.html"
-TARGET="_top"
->		<B
-CLASS="COMMAND"
->smbd(8)</B
-></A
+>This controls whether <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > will serve a browse list to 
 		a client doing a <B
 CLASS="COMMAND"
@@ -5925,7 +5978,7 @@ CLASS="COMMAND"
 ><A
 NAME="BROWSEABLE"
 ></A
->browseable (S)</DT
+>&#62;browseable (S)</DT
 ><DD
 ><P
 >This controls whether this share is seen in 
@@ -5940,11 +5993,11 @@ CLASS="COMMAND"
 ><A
 NAME="CASESENSITIVE"
 ></A
->case sensitive (S)</DT
+>&#62;case sensitive (S)</DT
 ><DD
 ><P
 >See the discussion in the section <A
-HREF="#AEN205"
+HREF="#AEN206"
 >NAME MANGLING</A
 >.</P
 ><P
@@ -5957,7 +6010,7 @@ CLASS="COMMAND"
 ><A
 NAME="CASESIGNAMES"
 ></A
->casesignames (S)</DT
+>&#62;casesignames (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -5970,19 +6023,18 @@ HREF="#CASESENSITIVE"
 ><A
 NAME="CHANGENOTIFYTIMEOUT"
 ></A
->change notify timeout (G)</DT
+>&#62;change notify timeout (G)</DT
 ><DD
 ><P
 >This SMB allows a client to tell a server to 
 		"watch" a particular directory for any changes and only reply to
 		the SMB request when a change has occurred. Such constant scanning of
-		a directory is expensive under UNIX, hence an <A
-HREF="smbd.8.html"
-TARGET="_top"
->		<B
-CLASS="COMMAND"
->smbd(8)</B
-></A
+		a directory is expensive under UNIX, hence an <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > daemon only performs such a scan 
 		on each requested directory once every <TT
 CLASS="PARAMETER"
@@ -6008,7 +6060,7 @@ CLASS="COMMAND"
 ><A
 NAME="CHANGESHARECOMMAND"
 ></A
->change share command (G)</DT
+>&#62;change share command (G)</DT
 ><DD
 ><P
 >Samba 2.2.0 introduced the ability to dynamically 
@@ -6125,9 +6177,12 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -6139,7 +6194,7 @@ CLASS="COMMAND"
 ><A
 NAME="COMMENT"
 ></A
->comment (S)</DT
+>&#62;comment (S)</DT
 ><DD
 ><P
 >This is a text field that is seen next to a share 
@@ -6161,9 +6216,12 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >No comment string</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -6175,7 +6233,7 @@ CLASS="COMMAND"
 ><A
 NAME="CONFIGFILE"
 ></A
->config file (G)</DT
+>&#62;config file (G)</DT
 ><DD
 ><P
 >This allows you to override the config file 
@@ -6207,7 +6265,7 @@ CLASS="COMMAND"
 ><A
 NAME="COPY"
 ></A
->copy (S)</DT
+>&#62;copy (S)</DT
 ><DD
 ><P
 >This parameter allows you to "clone" service 
@@ -6220,9 +6278,12 @@ NAME="COPY"
 		copied must occur earlier in the configuration file than the 
 		service doing the copying.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no value</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -6234,7 +6295,7 @@ CLASS="COMMAND"
 ><A
 NAME="CREATEMASK"
 ></A
->create mask (S)</DT
+>&#62;create mask (S)</DT
 ><DD
 ><P
 >A synonym for this parameter is 
@@ -6253,9 +6314,12 @@ CLASS="PARAMETER"
 		calculated according to the mapping from DOS modes to UNIX 
 		permissions, and the resulting UNIX mode is then bit-wise 'AND'ed 
 		with this parameter. This parameter may be thought of as a bit-wise 
-		MASK for the UNIX modes of a file. Any bit <I
+		MASK for the UNIX modes of a file. Any bit <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > 
 		set here will be removed from the modes set on a file when it is 
 		created.</P
@@ -6342,7 +6406,7 @@ CLASS="COMMAND"
 ><A
 NAME="CREATEMODE"
 ></A
->create mode (S)</DT
+>&#62;create mode (S)</DT
 ><DD
 ><P
 >This is a synonym for <A
@@ -6359,13 +6423,16 @@ CLASS="PARAMETER"
 ><A
 NAME="CSCPOLICY"
 ></A
->csc policy (S)</DT
+>&#62;csc policy (S)</DT
 ><DD
 ><P
->This stands for <I
+>This stands for <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >client-side caching 
 		policy</I
+></SPAN
 >, and specifies how clients capable of offline
 		caching will cache the files in the share. The valid values
 		are: manual, documents, programs, disable.</P
@@ -6394,7 +6461,7 @@ CLASS="COMMAND"
 ><A
 NAME="DEADTIME"
 ></A
->deadtime (G)</DT
+>&#62;deadtime (G)</DT
 ><DD
 ><P
 >The value of the parameter (a decimal integer) 
@@ -6429,7 +6496,7 @@ CLASS="COMMAND"
 ><A
 NAME="DEBUGHIRESTIMESTAMP"
 ></A
->debug hires timestamp (G)</DT
+>&#62;debug hires timestamp (G)</DT
 ><DD
 ><P
 >Sometimes the timestamps in the log messages 
@@ -6457,7 +6524,7 @@ CLASS="COMMAND"
 ><A
 NAME="DEBUGPID"
 ></A
->debug pid (G)</DT
+>&#62;debug pid (G)</DT
 ><DD
 ><P
 >When using only one log file for more then one 
@@ -6489,7 +6556,7 @@ CLASS="COMMAND"
 ><A
 NAME="DEBUGTIMESTAMP"
 ></A
->debug timestamp (G)</DT
+>&#62;debug timestamp (G)</DT
 ><DD
 ><P
 >Samba debug log messages are timestamped 
@@ -6514,7 +6581,7 @@ CLASS="COMMAND"
 ><A
 NAME="DEBUGUID"
 ></A
->debug uid (G)</DT
+>&#62;debug uid (G)</DT
 ><DD
 ><P
 >Samba is sometimes run as root and sometime 
@@ -6542,7 +6609,7 @@ CLASS="COMMAND"
 ><A
 NAME="DEBUGLEVEL"
 ></A
->debuglevel (G)</DT
+>&#62;debuglevel (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -6559,7 +6626,7 @@ CLASS="PARAMETER"
 ><A
 NAME="DEFAULT"
 ></A
->default (G)</DT
+>&#62;default (G)</DT
 ><DD
 ><P
 >A synonym for <A
@@ -6576,11 +6643,11 @@ CLASS="PARAMETER"
 ><A
 NAME="DEFAULTCASE"
 ></A
->default case (S)</DT
+>&#62;default case (S)</DT
 ><DD
 ><P
 >See the section on <A
-HREF="#AEN205"
+HREF="#AEN206"
 >		NAME MANGLING</A
 >. Also note the <A
 HREF="#SHORTPRESERVECASE"
@@ -6601,7 +6668,7 @@ CLASS="COMMAND"
 ><A
 NAME="DEFAULTDEVMODE"
 ></A
->default devmode (S)</DT
+>&#62;default devmode (S)</DT
 ><DD
 ><P
 >This parameter is only applicable to <A
@@ -6652,14 +6719,17 @@ CLASS="COMMAND"
 ><A
 NAME="DEFAULTSERVICE"
 ></A
->default service (G)</DT
+>&#62;default service (G)</DT
 ><DD
 ><P
 >This parameter specifies the name of a service
 		which will be connected to if the service actually requested cannot
-		be found. Note that the square brackets are <I
+		be found. Note that the square brackets are <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 >
 		given in the parameter value (see example below).</P
 ><P
@@ -6701,53 +6771,50 @@ CLASS="PARAMETER"
 ><P
 >Example:</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
 	default service = pub
         
 [pub]
-	path = /%S
-		</PRE
-></TD
-></TR
-></TABLE
+	path = /%S</PRE
 ></P
 ></DD
 ><DT
 ><A
 NAME="DELETEGROUPSCRIPT"
 ></A
->delete group script (G)</DT
+>&#62;delete group script (G)</DT
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run <I
+		be run <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> when a group is requested to be deleted. It will expand any <TT
+></SPAN
+> <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> when a group is requested to be deleted. 
+		It will expand any <TT
 CLASS="PARAMETER"
 ><I
 >%g</I
 ></TT
-> to the group name passed.  This script is only useful for installations using the Windows NT domain administration tools.
+> to the group name passed.  
+		This script is only useful for installations using the Windows NT domain administration tools.
 		</P
 ></DD
 ><DT
 ><A
 NAME="DELETEPRINTERCOMMAND"
 ></A
->deleteprinter command (G)</DT
+>&#62;deleteprinter command (G)</DT
 ><DD
 ><P
 >With the introduction of MS-RPC based printer
@@ -6829,9 +6896,12 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -6844,7 +6914,7 @@ CLASS="COMMAND"
 ><A
 NAME="DELETEREADONLY"
 ></A
->delete readonly (S)</DT
+>&#62;delete readonly (S)</DT
 ><DD
 ><P
 >This parameter allows readonly files to be deleted.  
@@ -6863,7 +6933,7 @@ CLASS="COMMAND"
 ><A
 NAME="DELETESHARECOMMAND"
 ></A
->delete share command (G)</DT
+>&#62;delete share command (G)</DT
 ><DD
 ><P
 >Samba 2.2.0 introduced the ability to dynamically 
@@ -6967,9 +7037,12 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -6981,19 +7054,18 @@ CLASS="COMMAND"
 ><A
 NAME="DELETEUSERSCRIPT"
 ></A
->delete user script (G)</DT
+>&#62;delete user script (G)</DT
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run by <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->
-                when managing user's with remote RPC (NT) tools.
+		be run by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> when managing users 
+		with remote RPC (NT) tools.
 		</P
 ><P
 >This script is called when a remote client removes a user
@@ -7009,7 +7081,7 @@ CLASS="COMMAND"
 ><P
 >Default: <B
 CLASS="COMMAND"
->delete user script = &#60;empty string&#62;
+>delete user script = &lt;empty string&gt;
 		</B
 ></P
 ><P
@@ -7023,32 +7095,36 @@ CLASS="COMMAND"
 ><A
 NAME="DELETEUSERFROMGROUPSCRIPT"
 ></A
->delete user from group script (G)</DT
+>&#62;delete user from group script (G)</DT
 ><DD
 ><P
 >Full path to the script that will be called when 
 		a user is removed from a group using the Windows NT domain administration 
-		tools. It will be run by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> 
-		<I
+		tools. It will be run by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
->. Any <TT
+></SPAN
+>. 
+		Any <TT
 CLASS="PARAMETER"
 ><I
 >%g</I
 ></TT
-> will be 
-		replaced with the group name and any <TT
+> will be replaced with the group name and 
+		any <TT
 CLASS="PARAMETER"
 ><I
 >%u</I
 ></TT
-> will 
-		be replaced with the user name.
+> will be replaced with the user name.
 		</P
 ><P
 >Default: <B
@@ -7065,7 +7141,7 @@ CLASS="COMMAND"
 ><A
 NAME="DELETEVETOFILES"
 ></A
->delete veto files (S)</DT
+>&#62;delete veto files (S)</DT
 ><DD
 ><P
 >This option is used when Samba is attempting to 
@@ -7126,7 +7202,7 @@ CLASS="COMMAND"
 ><A
 NAME="DENYHOSTS"
 ></A
->deny hosts (S)</DT
+>&#62;deny hosts (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -7144,7 +7220,7 @@ CLASS="PARAMETER"
 ><A
 NAME="DFREECOMMAND"
 ></A
->dfree command (G)</DT
+>&#62;dfree command (G)</DT
 ><DD
 ><P
 >The <TT
@@ -7175,17 +7251,23 @@ CLASS="FILENAME"
 		third return value can give the block size in bytes. The default 
 		blocksize is 1024 bytes.</P
 ><P
->Note: Your script should <I
+>Note: Your script should <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > be setuid or 
 		setgid and should be owned by (and writeable only by) root!</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >By default internal routines for 
 		determining the disk capacity and remaining space will be used.
 		</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -7196,40 +7278,20 @@ CLASS="COMMAND"
 ><P
 >Where the script dfree (which must be made executable) could be:</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
-		#!/bin/sh
-		df $1 | tail -1 | awk '{print $2" "$4}'
-		</PRE
-></TD
-></TR
-></TABLE
+#!/bin/sh
+df $1 | tail -1 | awk '{print $2" "$4}'</PRE
 ></P
 ><P
 >or perhaps (on Sys V based systems):</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
-		#!/bin/sh
-		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
-		</PRE
-></TD
-></TR
-></TABLE
+#!/bin/sh
+/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'</PRE
 ></P
 ><P
 >Note that you may have to replace the command names 
@@ -7239,7 +7301,7 @@ CLASS="PROGRAMLISTING"
 ><A
 NAME="DIRECTORY"
 ></A
->directory (S)</DT
+>&#62;directory (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -7257,7 +7319,7 @@ CLASS="PARAMETER"
 ><A
 NAME="DIRECTORYMASK"
 ></A
->directory mask (S)</DT
+>&#62;directory mask (S)</DT
 ><DD
 ><P
 >This parameter is the octal modes which are 
@@ -7268,9 +7330,12 @@ NAME="DIRECTORYMASK"
 		calculated according to the mapping from DOS modes to UNIX permissions, 
 		and the resulting UNIX mode is then bit-wise 'AND'ed with this 
 		parameter. This parameter may be thought of as a bit-wise MASK for 
-		the UNIX modes of a directory. Any bit <I
+		the UNIX modes of a directory. Any bit <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > set 
 		here will be removed from the modes set on a directory when it is 
 		created.</P
@@ -7361,7 +7426,7 @@ CLASS="COMMAND"
 ><A
 NAME="DIRECTORYMODE"
 ></A
->directory mode (S)</DT
+>&#62;directory mode (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -7378,7 +7443,7 @@ CLASS="PARAMETER"
 ><A
 NAME="DIRECTORYSECURITYMASK"
 ></A
->directory security mask (S)</DT
+>&#62;directory security mask (S)</DT
 ><DD
 ><P
 >This parameter controls what UNIX permission bits 
@@ -7396,9 +7461,12 @@ NAME="DIRECTORYSECURITYMASK"
 		meaning a user is allowed to modify all the user/group/world
 		permissions on a directory.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
@@ -7450,7 +7518,7 @@ CLASS="COMMAND"
 ><A
 NAME="DISABLENETBIOS"
 ></A
->disable netbios (G)</DT
+>&#62;disable netbios (G)</DT
 ><DD
 ><P
 >Enabling this parameter will disable netbios support
@@ -7475,7 +7543,7 @@ CLASS="COMMAND"
 ><A
 NAME="DISABLESPOOLSS"
 ></A
->disable spoolss (G)</DT
+>&#62;disable spoolss (G)</DT
 ><DD
 ><P
 >Enabling this parameter will disable Samba's support
@@ -7487,9 +7555,12 @@ NAME="DISABLESPOOLSS"
 		Wizard or by using the NT printer properties dialog window.  It will
 		also disable the capability of Windows NT/2000 clients to download
 		print drivers from the Samba host upon demand.
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >Be very careful about enabling this parameter.</I
+></SPAN
 >
 		</P
 ><P
@@ -7508,7 +7579,7 @@ CLASS="COMMAND"
 ><A
 NAME="DISPLAYCHARSET"
 ></A
->display charset (G)</DT
+>&#62;display charset (G)</DT
 ><DD
 ><P
 >Specifies the charset that samba will use 
@@ -7533,18 +7604,19 @@ CLASS="COMMAND"
 ><A
 NAME="DNSPROXY"
 ></A
->dns proxy (G)</DT
+>&#62;dns proxy (G)</DT
 ><DD
 ><P
->Specifies that <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> 
-		when acting as a WINS server and finding that a NetBIOS name has not 
-		been registered, should treat the NetBIOS name word-for-word as a DNS 
-		name and do a lookup with the DNS server for that name on behalf of 
-		the name-querying client.</P
+>Specifies that <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+> when acting as a WINS server and 
+		finding that a NetBIOS name has not been registered, should treat the 
+		NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server 
+		for that name on behalf of the name-querying client.</P
 ><P
 >Note that the maximum length for a NetBIOS name is 15 
 		characters, so the DNS name (or DNS alias) can likewise only be 
@@ -7576,7 +7648,7 @@ CLASS="COMMAND"
 ><A
 NAME="DOMAINLOGONS"
 ></A
->domain logons (G)</DT
+>&#62;domain logons (G)</DT
 ><DD
 ><P
 >If set to <TT
@@ -7609,16 +7681,15 @@ CLASS="COMMAND"
 ><A
 NAME="DOMAINMASTER"
 ></A
->domain master (G)</DT
+>&#62;domain master (G)</DT
 ><DD
 ><P
->Tell <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->		nmbd(8)</B
-></A
+>Tell <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > to enable WAN-wide browse list
 		collation. Setting this option causes <B
 CLASS="COMMAND"
@@ -7644,18 +7715,16 @@ CLASS="PARAMETER"
 CLASS="COMMAND"
 >nmbd</B
 > their local browse lists, 
-		and then ask <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> 
-		for a complete copy of the browse list for the whole wide area 
-		network.  Browser clients will then contact their local master browser, 
-		and will receive the domain-wide browse list, instead of just the list 
-		for their broadcast-isolated subnet.</P
+		and then ask <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> for a complete copy of the browse 
+		list for the whole wide area network.  Browser clients will then contact 
+		their local master browser, and will receive the domain-wide browse list, 
+		instead of just the list for their broadcast-isolated subnet.</P
 ><P
 >Note that Windows NT Primary Domain Controllers expect to be 
 		able to claim this <TT
@@ -7721,7 +7790,7 @@ CLASS="COMMAND"
 ><A
 NAME="DONTDESCEND"
 ></A
->dont descend (S)</DT
+>&#62;dont descend (S)</DT
 ><DD
 ><P
 >There are certain directories on some systems 
@@ -7743,10 +7812,13 @@ CLASS="FILENAME"
 >. 
 		Experimentation is the best policy :-)  </P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none (i.e., all directories are OK 
 		to descend)</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -7758,7 +7830,7 @@ CLASS="COMMAND"
 ><A
 NAME="DOSCHARSET"
 ></A
->dos charset (G)</DT
+>&#62;dos charset (G)</DT
 ><DD
 ><P
 >DOS SMB clients assume the server has 
@@ -7768,11 +7840,12 @@ NAME="DOSCHARSET"
 ><P
 >The default depends on which charsets you have instaled. 
 		Samba tries to use charset 850 but falls back to ASCII in 
-		case it is not available. Run <A
-HREF="testparm.1.html"
-TARGET="_top"
->testparm(1)
-		</A
+		case it is not available. Run <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testparm</SPAN
+>(1)</SPAN
 > to check the default on your system.
 		</P
 ></DD
@@ -7780,7 +7853,7 @@ TARGET="_top"
 ><A
 NAME="DOSFILEMODE"
 ></A
->dos filemode (S)</DT
+>&#62;dos filemode (S)</DT
 ><DD
 ><P
 > The default behavior in Samba is to provide 
@@ -7803,21 +7876,19 @@ CLASS="COMMAND"
 ><A
 NAME="DOSFILETIMERESOLUTION"
 ></A
->dos filetime resolution (S)</DT
+>&#62;dos filetime resolution (S)</DT
 ><DD
 ><P
 >Under the DOS and Windows FAT filesystem, the finest 
 		granularity on time resolution is two seconds. Setting this parameter 
 		for a share causes Samba to round the reported time down to the 
 		nearest two second boundary when a query call that requires one second 
-		resolution is made to <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
->
-		</A
+		resolution is made to <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 >.</P
 ><P
 >This option is mainly used as a compatibility option for Visual 
@@ -7840,7 +7911,7 @@ CLASS="COMMAND"
 ><A
 NAME="DOSFILETIMES"
 ></A
->dos filetimes (S)</DT
+>&#62;dos filetimes (S)</DT
 ><DD
 ><P
 >Under DOS and Windows, if a user can write to a 
@@ -7854,10 +7925,12 @@ CLASS="COMMAND"
 		on behalf of is not the file owner. Setting this option to <TT
 CLASS="CONSTANT"
 >		yes</TT
-> allows DOS semantics and <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
+> allows DOS semantics and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > will change the file 
 		timestamp as DOS requires.</P
 ><P
@@ -7870,7 +7943,7 @@ CLASS="COMMAND"
 ><A
 NAME="ENCRYPTPASSWORDS"
 ></A
->encrypt passwords (G)</DT
+>&#62;encrypt passwords (G)</DT
 ><DD
 ><P
 >This boolean controls whether encrypted passwords 
@@ -7884,29 +7957,25 @@ CLASS="FILENAME"
 > shipped with the source code.</P
 ><P
 >In order for encrypted passwords to work correctly
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > must either 
-		have access to a local <A
-HREF="smbpasswd.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smbpasswd(5)
-		</TT
-></A
-> file (see the <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->		smbpasswd(8)</B
-></A
+		have access to a local <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
+> file (see the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
 > program for information on how to set up 
  		and maintain this file), or set the <A
 HREF="#SECURITY"
@@ -7927,7 +7996,7 @@ CLASS="COMMAND"
 ><A
 NAME="ENHANCEDBROWSING"
 ></A
->enhanced browsing (G)</DT
+>&#62;enhanced browsing (G)</DT
 ><DD
 ><P
 >This option enables a couple of enhancements to 
@@ -7958,7 +8027,7 @@ CLASS="COMMAND"
 ><A
 NAME="ENUMPORTSCOMMAND"
 ></A
->enumports command (G)</DT
+>&#62;enumports command (G)</DT
 ><DD
 ><P
 >The concept of a "port" is fairly foreign
@@ -7990,9 +8059,12 @@ CLASS="PARAMETER"
 		to standard output.  This listing will then be used in response
 		to the level 1 and 2 EnumPorts() RPC.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no enumports command</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -8005,7 +8077,7 @@ CLASS="COMMAND"
 ><A
 NAME="EXEC"
 ></A
->exec (S)</DT
+>&#62;exec (S)</DT
 ><DD
 ><P
 >This is a synonym for <A
@@ -8022,7 +8094,7 @@ CLASS="PARAMETER"
 ><A
 NAME="FAKEDIRECTORYCREATETIMES"
 ></A
->fake directory create times (S)</DT
+>&#62;fake directory create times (S)</DT
 ><DD
 ><P
 >NTFS and Windows VFAT file systems keep a create 
@@ -8060,7 +8132,7 @@ CLASS="COMMAND"
 ><A
 NAME="FAKEOPLOCKS"
 ></A
->fake oplocks (S)</DT
+>&#62;fake oplocks (S)</DT
 ><DD
 ><P
 >Oplocks are the way that SMB clients get permission 
@@ -8113,19 +8185,18 @@ CLASS="COMMAND"
 ><A
 NAME="FOLLOWSYMLINKS"
 ></A
->follow symlinks (S)</DT
+>&#62;follow symlinks (S)</DT
 ><DD
 ><P
 >This parameter allows the Samba administrator 
-		to stop <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> 
-		from following symbolic links in a particular share. Setting this 
+		to stop <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>	from following symbolic 
+		links in a particular share. Setting this 
 		parameter to <TT
 CLASS="CONSTANT"
 >no</TT
@@ -8154,13 +8225,16 @@ CLASS="COMMAND"
 ><A
 NAME="FORCECREATEMODE"
 ></A
->force create mode (S)</DT
+>&#62;force create mode (S)</DT
 ><DD
 ><P
 >This parameter specifies a set of UNIX mode bit 
-		permissions that will <I
+		permissions that will <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >always</I
+></SPAN
 > be set on a 
 		file created by Samba. This is done by bitwise 'OR'ing these bits onto 
 		the mode bits of a file that is being created or having its 
@@ -8214,13 +8288,16 @@ CLASS="COMMAND"
 ><A
 NAME="FORCEDIRECTORYMODE"
 ></A
->force directory mode (S)</DT
+>&#62;force directory mode (S)</DT
 ><DD
 ><P
 >This parameter specifies a set of UNIX mode bit 
-		permissions that will <I
+		permissions that will <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >always</I
+></SPAN
 > be set on a directory 
 		created by Samba. This is done by bitwise 'OR'ing these bits onto the 
 		mode bits of a directory that is being created. The default for this 
@@ -8273,7 +8350,7 @@ CLASS="COMMAND"
 ><A
 NAME="FORCEDIRECTORYSECURITYMODE"
 ></A
->force directory security mode (S)</DT
+>&#62;force directory security mode (S)</DT
 ><DD
 ><P
 >This parameter controls what UNIX permission bits 
@@ -8290,9 +8367,12 @@ NAME="FORCEDIRECTORYSECURITYMODE"
 		allows a user to modify all the user/group/world permissions on a 
 		directory without restrictions.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
@@ -8341,7 +8421,7 @@ CLASS="COMMAND"
 ><A
 NAME="FORCEGROUP"
 ></A
->force group (S)</DT
+>&#62;force group (S)</DT
 ><DD
 ><P
 >This specifies a UNIX group name that will be 
@@ -8402,9 +8482,12 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no forced group</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -8416,7 +8499,7 @@ CLASS="COMMAND"
 ><A
 NAME="FORCESECURITYMODE"
 ></A
->force security mode (S)</DT
+>&#62;force security mode (S)</DT
 ><DD
 ><P
 >This parameter controls what UNIX permission 
@@ -8434,9 +8517,12 @@ NAME="FORCESECURITYMODE"
 		and allows a user to modify all the user/group/world permissions on a file,
 		with no restrictions.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that users who can access 
 		the Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
@@ -8485,7 +8571,7 @@ CLASS="COMMAND"
 ><A
 NAME="FORCEUSER"
 ></A
->force user (S)</DT
+>&#62;force user (S)</DT
 ><DD
 ><P
 >This specifies a UNIX user name that will be 
@@ -8515,9 +8601,12 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no forced user</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -8529,19 +8618,17 @@ CLASS="COMMAND"
 ><A
 NAME="FSTYPE"
 ></A
->fstype (S)</DT
+>&#62;fstype (S)</DT
 ><DD
 ><P
 >This parameter allows the administrator to 
 		configure the string that specifies the type of filesystem a share 
-		is using that is reported by <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)
-		</B
-></A
+		is using that is reported by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > when a client queries the filesystem type
 		for a share. The default type is <TT
 CLASS="CONSTANT"
@@ -8571,7 +8658,7 @@ CLASS="COMMAND"
 ><A
 NAME="GETWDCACHE"
 ></A
->getwd cache (G)</DT
+>&#62;getwd cache (G)</DT
 ><DD
 ><P
 >This is a tuning option. When this is enabled a 
@@ -8600,7 +8687,7 @@ CLASS="COMMAND"
 ><A
 NAME="GROUP"
 ></A
->group (S)</DT
+>&#62;group (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -8618,7 +8705,7 @@ CLASS="PARAMETER"
 ><A
 NAME="GUESTACCOUNT"
 ></A
->guest account (S)</DT
+>&#62;guest account (S)</DT
 ><DD
 ><P
 >This is a username which will be used for access 
@@ -8656,10 +8743,13 @@ CLASS="COMMAND"
 	        many parts of the system require this value to be
 	        constant for correct operation.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >specified at compile time, usually 
 		"nobody"</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -8671,7 +8761,7 @@ CLASS="COMMAND"
 ><A
 NAME="GUESTOK"
 ></A
->guest ok (S)</DT
+>&#62;guest ok (S)</DT
 ><DD
 ><P
 >If this parameter is <TT
@@ -8689,8 +8779,20 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->See the section below on <A
-HREF="#SECURITY"
+>This paramater nullifies the benifits of setting
+	        <A
+HREF="#RESTRICTANONYMOUS"
+><TT
+CLASS="PARAMETER"
+><I
+>restrict
+	        anonymous</I
+></TT
+></A
+> = 2</P
+><P
+>See the section below on <A
+HREF="#SECURITY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8709,7 +8811,7 @@ CLASS="COMMAND"
 ><A
 NAME="GUESTONLY"
 ></A
->guest only (S)</DT
+>&#62;guest only (S)</DT
 ><DD
 ><P
 >If this parameter is <TT
@@ -8747,7 +8849,7 @@ CLASS="COMMAND"
 ><A
 NAME="HIDEDOTFILES"
 ></A
->hide dot files (S)</DT
+>&#62;hide dot files (S)</DT
 ><DD
 ><P
 >This is a boolean parameter that controls whether 
@@ -8762,7 +8864,7 @@ CLASS="COMMAND"
 ><A
 NAME="HIDEFILES"
 ></A
->hide files(S)</DT
+>&#62;hide files(S)</DT
 ><DD
 ><P
 >This is a list of files or directories that are not 
@@ -8811,9 +8913,12 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no file are hidden</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -8835,7 +8940,7 @@ TARGET="_top"
 ><A
 NAME="HIDELOCALUSERS"
 ></A
->hide local users(G)</DT
+>&#62;hide local users(G)</DT
 ><DD
 ><P
 >This parameter toggles the hiding of local UNIX 
@@ -8850,7 +8955,7 @@ CLASS="COMMAND"
 ><A
 NAME="HIDEUNREADABLE"
 ></A
->hide unreadable (G)</DT
+>&#62;hide unreadable (G)</DT
 ><DD
 ><P
 >This parameter prevents clients from seeing the
@@ -8865,7 +8970,7 @@ CLASS="COMMAND"
 ><A
 NAME="HIDEUNWRITEABLEFILES"
 ></A
->hide unwriteable files (G)</DT
+>&#62;hide unwriteable files (G)</DT
 ><DD
 ><P
 >This parameter prevents clients from seeing
@@ -8882,7 +8987,7 @@ CLASS="COMMAND"
 ><A
 NAME="HIDESPECIALFILES"
 ></A
->hide special files (G)</DT
+>&#62;hide special files (G)</DT
 ><DD
 ><P
 >This parameter prevents clients from seeing
@@ -8899,7 +9004,7 @@ CLASS="COMMAND"
 ><A
 NAME="HOMEDIRMAP"
 ></A
->homedir map (G)</DT
+>&#62;homedir map (G)</DT
 ><DD
 ><P
 >If<A
@@ -8914,13 +9019,12 @@ CLASS="PARAMETER"
 > is <TT
 CLASS="CONSTANT"
 >yes</TT
->, and <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
+>, and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > is also acting 
 		as a Win95/98 <TT
 CLASS="PARAMETER"
@@ -8942,9 +9046,12 @@ CLASS="COMMAND"
 		that copes with different map formats and also Amd (another 
 		automounter) maps.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOTE :</I
+></SPAN
 >A working NIS client is required on 
 		the system for this option to work.</P
 ><P
@@ -8970,7 +9077,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->homedir map = &#60;empty string&#62;</B
+>homedir map = &lt;empty string&gt;</B
 ></P
 ><P
 >Example: <B
@@ -8982,7 +9089,7 @@ CLASS="COMMAND"
 ><A
 NAME="HOSTMSDFS"
 ></A
->host msdfs (G)</DT
+>&#62;host msdfs (G)</DT
 ><DD
 ><P
 >This boolean parameter is only available 
@@ -9022,7 +9129,7 @@ CLASS="COMMAND"
 ><A
 NAME="HOSTNAMELOOKUPS"
 ></A
->hostname lookups (G)</DT
+>&#62;hostname lookups (G)</DT
 ><DD
 ><P
 >Specifies whether samba should use (expensive)
@@ -9051,7 +9158,7 @@ CLASS="COMMAND"
 ><A
 NAME="HOSTSALLOW"
 ></A
->hosts allow (S)</DT
+>&#62;hosts allow (S)</DT
 ><DD
 ><P
 >A synonym for this parameter is <TT
@@ -9096,9 +9203,12 @@ CLASS="PARAMETER"
 ><P
 >You can also specify hosts by network/netmask pairs and 
 		by netgroup names if your system supports netgroups. The 
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >EXCEPT</I
+></SPAN
 > keyword can also be used to limit a 
 		wildcard list. The following examples may provide some help:</P
 ><P
@@ -9138,21 +9248,22 @@ CLASS="COMMAND"
 ><P
 >Note that access still requires suitable user-level passwords.</P
 ><P
->See <A
-HREF="testparm.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->testparm(1)</B
->
-		</A
-> for a way of testing your host access to see if it does 
-		what you expect.</P
+>See <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testparm</SPAN
+>(1)</SPAN
+> for a way of testing your host access 
+		to see if it does what you expect.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none (i.e., all hosts permitted access)
 		</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -9165,7 +9276,7 @@ CLASS="COMMAND"
 ><A
 NAME="HOSTSDENY"
 ></A
->hosts deny (S)</DT
+>&#62;hosts deny (S)</DT
 ><DD
 ><P
 >The opposite of <TT
@@ -9174,9 +9285,12 @@ CLASS="PARAMETER"
 >hosts allow</I
 ></TT
 > 
-		- hosts listed here are <I
+		- hosts listed here are <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > permitted access to 
 		services unless the specific services have their own lists to override 
 		this one. Where the lists conflict, the <TT
@@ -9187,10 +9301,13 @@ CLASS="PARAMETER"
 > 
 		list takes precedence.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none (i.e., no hosts specifically excluded)
 		</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -9203,7 +9320,7 @@ CLASS="COMMAND"
 ><A
 NAME="HOSTSEQUIV"
 ></A
->hosts equiv (G)</DT
+>&#62;hosts equiv (G)</DT
 ><DD
 ><P
 >If this global parameter is a non-null string, 
@@ -9228,9 +9345,12 @@ CLASS="PARAMETER"
 > may be useful for NT clients which will 
 		not supply passwords to Samba.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOTE :</I
+></SPAN
 > The use of <TT
 CLASS="PARAMETER"
 ><I
@@ -9247,15 +9367,21 @@ CLASS="PARAMETER"
 ></TT
 > option be only used if you really 
 		know what you are doing, or perhaps on a home network where you trust 
-		your spouse and kids. And only if you <I
+		your spouse and kids. And only if you <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >really</I
+></SPAN
 > trust 
 		them :-).</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no host equivalences</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -9267,7 +9393,7 @@ CLASS="COMMAND"
 ><A
 NAME="INCLUDE"
 ></A
->include (G)</DT
+>&#62;include (G)</DT
 ><DD
 ><P
 >This allows you to include one config file 
@@ -9293,9 +9419,12 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no file included</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -9308,7 +9437,7 @@ CLASS="COMMAND"
 ><A
 NAME="INHERITACLS"
 ></A
->inherit acls (S)</DT
+>&#62;inherit acls (S)</DT
 ><DD
 ><P
 >This parameter can be used to ensure
@@ -9330,7 +9459,7 @@ CLASS="COMMAND"
 ><A
 NAME="INHERITPERMISSIONS"
 ></A
->inherit permissions (S)</DT
+>&#62;inherit permissions (S)</DT
 ><DD
 ><P
 >The permissions on new files and directories 
@@ -9405,9 +9534,12 @@ CLASS="PARAMETER"
 		</A
 > as usual.</P
 ><P
->Note that the setuid bit is <I
+>Note that the setuid bit is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >never</I
+></SPAN
 > set via 
 		inheritance (the code explicitly prohibits this).</P
 ><P
@@ -9460,7 +9592,7 @@ CLASS="COMMAND"
 ><A
 NAME="INTERFACES"
 ></A
->interfaces (G)</DT
+>&#62;interfaces (G)</DT
 ><DD
 ><P
 >This option allows you to override the default 
@@ -9527,23 +9659,29 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >all active interfaces except 127.0.0.1 
 		that are broadcast capable</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="INVALIDUSERS"
 ></A
->invalid users (S)</DT
+>&#62;invalid users (S)</DT
 ><DD
 ><P
 >This is a list of users that should not be allowed 
-		to login to this service. This is really a <I
+		to login to this service. This is really a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >paranoid</I
+></SPAN
 > 
 		check to absolutely ensure an improper setting does not breach 
 		your security.</P
@@ -9554,20 +9692,20 @@ CLASS="EMPHASIS"
 ><P
 >A name starting with '+' is interpreted only 
 		by looking in the UNIX group database. A name starting with 
-		'&#38;' is interpreted only by looking in the NIS netgroup database 
+		'&amp;' is interpreted only by looking in the NIS netgroup database 
 		(this requires NIS to be working on your system). The characters 
-		'+' and '&#38;' may be used at the start of the name in either order 
+		'+' and '&amp;' may be used at the start of the name in either order 
 		so the value <TT
 CLASS="PARAMETER"
 ><I
->+&#38;group</I
+>+&amp;group</I
 ></TT
 > means check the 
 		UNIX group database, followed by the NIS netgroup database, and 
 		the value <TT
 CLASS="PARAMETER"
 ><I
->&#38;+group</I
+>&amp;+group</I
 ></TT
 > means check the NIS
 		netgroup database, followed by the UNIX group database (the 
@@ -9592,9 +9730,12 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no invalid users</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -9607,7 +9748,7 @@ CLASS="COMMAND"
 ><A
 NAME="KEEPALIVE"
 ></A
->keepalive (G)</DT
+>&#62;keepalive (G)</DT
 ><DD
 ><P
 >The value of the parameter (an integer) represents 
@@ -9647,7 +9788,7 @@ CLASS="COMMAND"
 ><A
 NAME="KERNELOPLOCKS"
 ></A
->kernel oplocks (G)</DT
+>&#62;kernel oplocks (G)</DT
 ><DD
 ><P
 >For UNIXes that support kernel based <A
@@ -9669,20 +9810,21 @@ CLASS="PARAMETER"
 		</I
 ></TT
 > to be broken whenever a local UNIX process or NFS operation 
-		accesses a file that <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
->
-		</A
-> has oplocked. This allows complete data consistency between 
-		SMB/CIFS, NFS and local file access (and is a <I
+		accesses a file that <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> has oplocked. This allows complete 
+		data consistency between SMB/CIFS, NFS and local file access (and is 
+		a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >very</I
-> 
-		cool feature :-).</P
+></SPAN
+> cool feature :-).</P
 ><P
 >This parameter defaults to <TT
 CLASS="CONSTANT"
@@ -9720,18 +9862,19 @@ CLASS="COMMAND"
 ><A
 NAME="LANMANAUTH"
 ></A
->lanman auth (G)</DT
+>&#62;lanman auth (G)</DT
 ><DD
 ><P
->This parameter determines whether or not <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> will
-		attempt to authenticate users using the LANMAN password hash.
-		If disabled, only clients which support NT password hashes (e.g. Windows 
-		NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
-		network client) will be able to connect to the Samba host.</P
+>This parameter determines whether or not <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> will attempt to authenticate users 
+		using the LANMAN password hash.	If disabled, only clients which support NT 
+		password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not 
+		Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</P
 ><P
 >Default : <B
 CLASS="COMMAND"
@@ -9742,15 +9885,17 @@ CLASS="COMMAND"
 ><A
 NAME="LARGEREADWRITE"
 ></A
->large readwrite (G)</DT
+>&#62;large readwrite (G)</DT
 ><DD
 ><P
->This parameter determines whether or not <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
->
-		supports the new 64k streaming read and write varient SMB requests introduced
+>This parameter determines whether or not <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>	supports the new 64k streaming 
+		read and write varient SMB requests introduced
 		with Windows 2000. Note that due to Windows 2000 client redirector bugs
 		this requires Samba to be running on a 64-bit capable operating system such
 		as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
@@ -9767,7 +9912,7 @@ CLASS="COMMAND"
 ><A
 NAME="LDAPADMINDN"
 ></A
->ldap admin dn (G)</DT
+>&#62;ldap admin dn (G)</DT
 ><DD
 ><P
 > The <TT
@@ -9788,27 +9933,29 @@ CLASS="PARAMETER"
 CLASS="FILENAME"
 >private/secrets.tdb</TT
 > file.  See the
-		<A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)</B
-></A
-> man
-		page for more information on how to accmplish this.
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
+> man page for more information on how 
+		to accmplish this.
 		</P
 ><P
->Default : <I
+>Default : <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="LDAPFILTER"
 ></A
->ldap filter (G)</DT
+>&#62;ldap filter (G)</DT
 ><DD
 ><P
 >This parameter specifies the RFC 2254 compliant LDAP search filter.
@@ -9825,14 +9972,14 @@ CLASS="CONSTANT"
 ><P
 >Default : <B
 CLASS="COMMAND"
->ldap filter = (&#38;(uid=%u)(objectclass=sambaAccount))</B
+>ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</B
 ></P
 ></DD
 ><DT
 ><A
 NAME="LDAPPORT"
 ></A
->ldap port (G)</DT
+>&#62;ldap port (G)</DT
 ><DD
 ><P
 >This parameter is only available if Samba has been
@@ -9876,7 +10023,7 @@ CLASS="COMMAND"
 ><A
 NAME="LDAPSERVER"
 ></A
->ldap server (G)</DT
+>&#62;ldap server (G)</DT
 ><DD
 ><P
 >This parameter is only available if Samba has been
@@ -9900,14 +10047,17 @@ CLASS="COMMAND"
 ><A
 NAME="LDAPSSL"
 ></A
->ldap ssl (G)</DT
+>&#62;ldap ssl (G)</DT
 ><DD
 ><P
 >This option is used to define whether or not Samba should
 		use SSL when connecting to the ldap server
-		This is <I
+		This is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > related to
 		Samba's previous SSL support which was enabled by specifying the 
 		<B
@@ -9989,7 +10139,7 @@ CLASS="COMMAND"
 ><A
 NAME="LDAPSUFFIX"
 ></A
->ldap suffix (G)</DT
+>&#62;ldap suffix (G)</DT
 ><DD
 ><P
 >Specifies where user and machine accounts are added to the tree. Can be overriden by <B
@@ -10000,47 +10150,56 @@ CLASS="COMMAND"
 >ldap machine suffix</B
 >. It also used as the base dn for all ldap searches. </P
 ><P
->Default : <I
+>Default : <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="LDAPUSERSUFFIX"
 ></A
->ldap user suffix (G)</DT
+>&#62;ldap user suffix (G)</DT
 ><DD
 ><P
 >It specifies where users are added to the tree.
 		</P
 ><P
->Default : <I
+>Default : <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="LDAPMACHINESUFFIX"
 ></A
->ldap machine suffix (G)</DT
+>&#62;ldap machine suffix (G)</DT
 ><DD
 ><P
 >It specifies where machines should be 
                 added to the ldap tree.
 		</P
 ><P
->Default : <I
+>Default : <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="LDAPPASSWDSYNC"
 ></A
->ldap passwd sync (G)</DT
+>&#62;ldap passwd sync (G)</DT
 ><DD
 ><P
 >This option is used to define whether
@@ -10098,7 +10257,7 @@ CLASS="COMMAND"
 ><A
 NAME="LDAPTRUSTIDS"
 ></A
->ldap trust ids (G)</DT
+>&#62;ldap trust ids (G)</DT
 ><DD
 ><P
 >Normally, Samba validates each entry
@@ -10127,7 +10286,7 @@ CLASS="COMMAND"
 ><A
 NAME="LEVEL2OPLOCKS"
 ></A
->level2 oplocks (S)</DT
+>&#62;level2 oplocks (S)</DT
 ><DD
 ><P
 >This parameter controls whether Samba supports
@@ -10211,16 +10370,15 @@ CLASS="COMMAND"
 ><A
 NAME="LMANNOUNCE"
 ></A
->lm announce (G)</DT
+>&#62;lm announce (G)</DT
 ><DD
 ><P
->This parameter determines if <A
-HREF="nmbd.8.html"
-TARGET="_top"
->		<B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
+>This parameter determines if <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 > will produce Lanman announce 
 		broadcasts that are needed by OS/2 clients in order for them to see 
 		the Samba server in their browse list. This parameter can have three 
@@ -10291,7 +10449,7 @@ CLASS="COMMAND"
 ><A
 NAME="LMINTERVAL"
 ></A
->lm interval (G)</DT
+>&#62;lm interval (G)</DT
 ><DD
 ><P
 >If Samba is set to produce Lanman announce 
@@ -10339,13 +10497,13 @@ CLASS="COMMAND"
 ><A
 NAME="LOADPRINTERS"
 ></A
->load printers (G)</DT
+>&#62;load printers (G)</DT
 ><DD
 ><P
 >A boolean variable that controls whether all 
 		printers in the printcap will be loaded for browsing by default. 
 		See the <A
-HREF="#AEN79"
+HREF="#AEN80"
 >printers</A
 > section for 
 		more details.</P
@@ -10359,16 +10517,15 @@ CLASS="COMMAND"
 ><A
 NAME="LOCALMASTER"
 ></A
->local master (G)</DT
+>&#62;local master (G)</DT
 ><DD
 ><P
->This option allows <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->		nmbd(8)</B
-></A
+>This option allows <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 > to try and become a local master browser 
 		on a subnet. If set to <TT
 CLASS="CONSTANT"
@@ -10385,16 +10542,22 @@ CLASS="CONSTANT"
 CLASS="CONSTANT"
 >yes</TT
 > doesn't
-		mean that Samba will <I
+		mean that Samba will <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >become</I
+></SPAN
 > the local master 
 		browser on a subnet, just that <B
 CLASS="COMMAND"
 >nmbd</B
-> will <I
+> will <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >		participate</I
+></SPAN
 > in elections for local master browser.</P
 ><P
 >Setting this value to <TT
@@ -10404,9 +10567,12 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >nmbd</B
 >
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >never</I
+></SPAN
 > to become a local master browser.</P
 ><P
 >Default: <B
@@ -10418,7 +10584,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOCKDIR"
 ></A
->lock dir (G)</DT
+>&#62;lock dir (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -10435,7 +10601,7 @@ CLASS="PARAMETER"
 ><A
 NAME="LOCKDIRECTORY"
 ></A
->lock directory (G)</DT
+>&#62;lock directory (G)</DT
 ><DD
 ><P
 >This option specifies the directory where lock 
@@ -10466,7 +10632,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOCKSPINCOUNT"
 ></A
->lock spin count (G)</DT
+>&#62;lock spin count (G)</DT
 ><DD
 ><P
 >This parameter controls the number of times
@@ -10489,7 +10655,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOCKSPINTIME"
 ></A
->lock spin time (G)</DT
+>&#62;lock spin time (G)</DT
 ><DD
 ><P
 >The time in microseconds that smbd should 
@@ -10516,7 +10682,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOCKING"
 ></A
->locking (S)</DT
+>&#62;locking (S)</DT
 ><DD
 ><P
 >This controls whether or not locking will be 
@@ -10536,13 +10702,19 @@ CLASS="COMMAND"
 >, real locking will be performed 
 		by the server.</P
 ><P
->This option <I
+>This option <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >may</I
+></SPAN
 > be useful for read-only 
-		filesystems which <I
+		filesystems which <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >may</I
+></SPAN
 > not need locking (such as 
 		CDROM drives), although setting this parameter of <TT
 CLASS="CONSTANT"
@@ -10563,7 +10735,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOGFILE"
 ></A
->log file (G)</DT
+>&#62;log file (G)</DT
 ><DD
 ><P
 >This option allows you to override the name 
@@ -10582,7 +10754,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOGLEVEL"
 ></A
->log level (G)</DT
+>&#62;log level (G)</DT
 ><DD
 ><P
 >The value of the parameter (a astring) allows 
@@ -10608,7 +10780,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOGONDRIVE"
 ></A
->logon drive (G)</DT
+>&#62;logon drive (G)</DT
 ><DD
 ><P
 >This parameter specifies the local path to 
@@ -10640,7 +10812,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOGONHOME"
 ></A
->logon home (G)</DT
+>&#62;logon home (G)</DT
 ><DD
 ><P
 >This parameter specifies the home directory 
@@ -10721,7 +10893,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOGONPATH"
 ></A
->logon path (G)</DT
+>&#62;logon path (G)</DT
 ><DD
 ><P
 >This parameter specifies the home directory 
@@ -10767,9 +10939,12 @@ CLASS="FILENAME"
 >Thereafter, the directories and any of the contents can, 
 		if required, be made read-only.  It is not advisable that the 
 		NTuser.dat file be made read-only - rename it to NTuser.man to 
-		achieve the desired effect (a <I
+		achieve the desired effect (a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >MAN</I
+></SPAN
 >datory 
 		profile). </P
 ><P
@@ -10799,7 +10974,7 @@ CLASS="COMMAND"
 ><A
 NAME="LOGONSCRIPT"
 ></A
->logon script (G)</DT
+>&#62;logon script (G)</DT
 ><DD
 ><P
 >This parameter specifies the batch file (.bat) or 
@@ -10859,9 +11034,12 @@ CLASS="COMMAND"
 >This option is only useful if Samba is set up as a logon 
 		server.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no logon script defined</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -10873,7 +11051,7 @@ CLASS="COMMAND"
 ><A
 NAME="LPPAUSECOMMAND"
 ></A
->lppause command (S)</DT
+>&#62;lppause command (S)</DT
 ><DD
 ><P
 >This parameter specifies the command to be 
@@ -10971,7 +11149,7 @@ CLASS="COMMAND"
 ><A
 NAME="LPQCACHETIME"
 ></A
->lpq cache time (G)</DT
+>&#62;lpq cache time (G)</DT
 ><DD
 ><P
 >This controls how long lpq info will be cached 
@@ -11036,7 +11214,7 @@ CLASS="COMMAND"
 ><A
 NAME="LPQCOMMAND"
 ></A
->lpq command (S)</DT
+>&#62;lpq command (S)</DT
 ><DD
 ><P
 >This parameter specifies the command to be 
@@ -11106,7 +11284,9 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >depends on the setting of <TT
 CLASS="PARAMETER"
@@ -11114,6 +11294,7 @@ CLASS="PARAMETER"
 >		printing</I
 ></TT
 ></I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -11125,7 +11306,7 @@ CLASS="COMMAND"
 ><A
 NAME="LPRESUMECOMMAND"
 ></A
->lpresume command (S)</DT
+>&#62;lpresume command (S)</DT
 ><DD
 ><P
 >This parameter specifies the command to be 
@@ -11222,7 +11403,7 @@ CLASS="COMMAND"
 ><A
 NAME="LPRMCOMMAND"
 ></A
->lprm command (S)</DT
+>&#62;lprm command (S)</DT
 ><DD
 ><P
 >This parameter specifies the command to be 
@@ -11265,7 +11446,9 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >depends on the setting of <TT
 CLASS="PARAMETER"
@@ -11274,6 +11457,7 @@ CLASS="PARAMETER"
 		</I
 ></TT
 ></I
+></SPAN
 ></P
 ><P
 >Example 1: <B
@@ -11292,7 +11476,7 @@ CLASS="COMMAND"
 ><A
 NAME="MACHINEPASSWORDTIMEOUT"
 ></A
->machine password timeout (G)</DT
+>&#62;machine password timeout (G)</DT
 ><DD
 ><P
 >If a Samba server is a member of a Windows 
@@ -11313,14 +11497,12 @@ CLASS="FILENAME"
 		will be changed, in seconds. The default is one week (expressed in 
 		seconds), the same as a Windows NT Domain member server.</P
 ><P
->See also <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)
-		</B
-></A
+>See also <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
 >, and the <A
 HREF="#SECURITYEQUALSDOMAIN"
 >		security = domain</A
@@ -11335,7 +11517,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAGICOUTPUT"
 ></A
->magic output (S)</DT
+>&#62;magic output (S)</DT
 ><DD
 ><P
 >This parameter specifies the name of a file 
@@ -11362,7 +11544,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->magic output = &#60;magic script name&#62;.out
+>magic output = &lt;magic script name&gt;.out
 		</B
 ></P
 ><P
@@ -11375,7 +11557,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAGICSCRIPT"
 ></A
->magic script (S)</DT
+>&#62;magic script (S)</DT
 ><DD
 ><P
 >This parameter specifies the name of a file which, 
@@ -11401,24 +11583,36 @@ CLASS="PARAMETER"
 >Note that some shells are unable to interpret scripts 
 		containing CR/LF instead of CR as 
 		the end-of-line marker. Magic scripts must be executable 
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >as is</I
+></SPAN
 > on the host, which for some hosts and 
 		some shells will require filtering at the DOS end.</P
 ><P
->Magic scripts are <I
+>Magic scripts are <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >EXPERIMENTAL</I
+></SPAN
 > and 
-		should <I
+		should <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > be relied upon.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >None. Magic scripts disabled.</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -11430,11 +11624,11 @@ CLASS="COMMAND"
 ><A
 NAME="MANGLECASE"
 ></A
->mangle case (S)</DT
+>&#62;mangle case (S)</DT
 ><DD
 ><P
 >See the section on <A
-HREF="#AEN205"
+HREF="#AEN206"
 >		NAME MANGLING</A
 ></P
 ><P
@@ -11447,7 +11641,7 @@ CLASS="COMMAND"
 ><A
 NAME="MANGLEDMAP"
 ></A
->mangled map (S)</DT
+>&#62;mangled map (S)</DT
 ><DD
 ><P
 >This is for those who want to directly map UNIX 
@@ -11485,9 +11679,12 @@ CLASS="FILENAME"
 > off the ends of filenames on some CDROMs (only visible 
 		under some UNIXes). To do this use a map of (*;1 *;).</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no mangled map</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -11499,7 +11696,7 @@ CLASS="COMMAND"
 ><A
 NAME="MANGLEDNAMES"
 ></A
->mangled names (S)</DT
+>&#62;mangled names (S)</DT
 ><DD
 ><P
 >This controls whether non-DOS names under UNIX 
@@ -11507,7 +11704,7 @@ NAME="MANGLEDNAMES"
 		or whether non-DOS names should simply be ignored.</P
 ><P
 >See the section on <A
-HREF="#AEN205"
+HREF="#AEN206"
 >		NAME MANGLING</A
 > for details on how to control the mangling process.</P
 ><P
@@ -11584,7 +11781,7 @@ CLASS="COMMAND"
 ><A
 NAME="MANGLINGMETHOD"
 ></A
->mangling method (G)</DT
+>&#62;mangling method (G)</DT
 ><DD
 ><P
 > controls the algorithm used for the generating
@@ -11610,7 +11807,7 @@ CLASS="COMMAND"
 ><A
 NAME="MANGLEPREFIX"
 ></A
->mangle prefix (G)</DT
+>&#62;mangle prefix (G)</DT
 ><DD
 ><P
 > controls the number of prefix
@@ -11633,14 +11830,16 @@ CLASS="COMMAND"
 ><A
 NAME="MANGLEDSTACK"
 ></A
->mangled stack (G)</DT
+>&#62;mangled stack (G)</DT
 ><DD
 ><P
 >This parameter controls the number of mangled names 
-		that should be cached in the Samba server <A
-HREF="smbd.8.html"
-TARGET="_top"
->		smbd(8)</A
+		that should be cached in the Samba server <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 >.</P
 ><P
 >This stack is a list of recently mangled base names 
@@ -11670,15 +11869,18 @@ CLASS="COMMAND"
 ><A
 NAME="MANGLINGCHAR"
 ></A
->mangling char (S)</DT
+>&#62;mangling char (S)</DT
 ><DD
 ><P
 >This controls what character is used as 
-		the <I
+		the <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >magic</I
+></SPAN
 > character in <A
-HREF="#AEN205"
+HREF="#AEN206"
 >name mangling</A
 >. The default is a '~'
 		but this may interfere with some software. Use this option to set 
@@ -11698,7 +11900,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAPARCHIVE"
 ></A
->map archive (S)</DT
+>&#62;map archive (S)</DT
 ><DD
 ><P
 >This controls whether the DOS archive attribute 
@@ -11734,7 +11936,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAPHIDDEN"
 ></A
->map hidden (S)</DT
+>&#62;map hidden (S)</DT
 ><DD
 ><P
 >This controls whether DOS style hidden files 
@@ -11766,7 +11968,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAPSYSTEM"
 ></A
->map system (S)</DT
+>&#62;map system (S)</DT
 ><DD
 ><P
 >This controls whether DOS style system files 
@@ -11798,7 +12000,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAPTOGUEST"
 ></A
->map to guest (G)</DT
+>&#62;map to guest (G)</DT
 ><DD
 ><P
 >This parameter is only useful in <A
@@ -11823,10 +12025,12 @@ CLASS="CONSTANT"
 >.</P
 ><P
 >This parameter can take three different values, which tell
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > what to do with user 
 		login requests that don't match a valid UNIX user in some way.</P
 ><P
@@ -11877,9 +12081,12 @@ HREF="#GUESTACCOUNT"
 			will not know the reason they cannot access files they think
 			they should - there will have been no message given to them
 			that they got their password wrong. Helpdesk services will
-			<I
+			<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >hate</I
+></SPAN
 > you if you set the <TT
 CLASS="PARAMETER"
 ><I
@@ -11898,9 +12105,12 @@ CLASS="PARAMETER"
 ></TT
 > modes other than 
 		share. This is because in these modes the name of the resource being
-		requested is <I
+		requested is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > sent to the server until after 
 		the server has successfully authenticated the client so the server 
 		cannot make authentication decisions at the correct time (connection 
@@ -11926,7 +12136,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAXCONNECTIONS"
 ></A
->max connections (S)</DT
+>&#62;max connections (S)</DT
 ><DD
 ><P
 >This option allows the number of simultaneous 
@@ -11966,7 +12176,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAXDISKSIZE"
 ></A
->max disk size (G)</DT
+>&#62;max disk size (G)</DT
 ><DD
 ><P
 >This option allows you to put an upper limit 
@@ -12011,7 +12221,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAXLOGSIZE"
 ></A
->max log size (G)</DT
+>&#62;max log size (G)</DT
 ><DD
 ><P
 >This option (an integer in kilobytes) specifies 
@@ -12038,7 +12248,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAXMUX"
 ></A
->max mux (G)</DT
+>&#62;max mux (G)</DT
 ><DD
 ><P
 >This option controls the maximum number of 
@@ -12054,14 +12264,16 @@ CLASS="COMMAND"
 ><A
 NAME="MAXOPENFILES"
 ></A
->max open files (G)</DT
+>&#62;max open files (G)</DT
 ><DD
 ><P
 >This parameter limits the maximum number of 
-		open files that one <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+		open files that one <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > file 
 		serving process may have open for a client at any one time. The 
 		default for this parameter is set very high (10,000) as Samba uses 
@@ -12080,18 +12292,17 @@ CLASS="COMMAND"
 ><A
 NAME="MAXPRINTJOBS"
 ></A
->max print jobs (S)</DT
+>&#62;max print jobs (S)</DT
 ><DD
 ><P
 >This parameter limits the maximum number of 
 		jobs allowable in a Samba printer queue at any given moment.
-		If this number is exceeded, <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->		smbd(8)</B
-></A
+		If this number is exceeded, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > will remote "Out of Space" to the client.
 		See all <A
 HREF="#TOTALPRINTJOBS"
@@ -12119,7 +12330,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAXPROTOCOL"
 ></A
->max protocol (G)</DT
+>&#62;max protocol (G)</DT
 ><DD
 ><P
 >The value of the parameter (a string) is the highest 
@@ -12150,9 +12361,12 @@ CLASS="CONSTANT"
 ><TT
 CLASS="CONSTANT"
 >LANMAN1</TT
->: First <I
+>: First <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >			modern</I
+></SPAN
 > version of the protocol. Long filename
 			support.</P
 ></LI
@@ -12203,7 +12417,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAXSMBDPROCESSES"
 ></A
->max smbd processes (G)</DT
+>&#62;max smbd processes (G)</DT
 ><DD
 ><P
 >This parameter limits the maximum number of 
@@ -12219,10 +12433,12 @@ CLASS="COMMAND"
 		as a stopgap to prevent degrading service to clients in the event
 		that the server has insufficient resources to handle more than this
 		number of connections.  Remember that under normal operating
-		conditions, each user will have an <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
+		conditions, each user will have an <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > associated with him or her
 		to handle connections to all shares from a given host.
 		</P
@@ -12241,13 +12457,15 @@ CLASS="COMMAND"
 ><A
 NAME="MAXTTL"
 ></A
->max ttl (G)</DT
+>&#62;max ttl (G)</DT
 ><DD
 ><P
->This option tells <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
+>This option tells <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 >
 		what the default 'time to live' of NetBIOS names should be (in seconds) 
 		when <B
@@ -12266,14 +12484,15 @@ CLASS="COMMAND"
 ><A
 NAME="MAXWINSTTL"
 ></A
->max wins ttl (G)</DT
+>&#62;max wins ttl (G)</DT
 ><DD
 ><P
->This option tells <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)
-		</A
+>This option tells <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > when acting as a WINS server (<A
 HREF="#WINSSUPPORT"
 >		<TT
@@ -12310,7 +12529,7 @@ CLASS="COMMAND"
 ><A
 NAME="MAXXMIT"
 ></A
->max xmit (G)</DT
+>&#62;max xmit (G)</DT
 ><DD
 ><P
 >This option controls the maximum packet size 
@@ -12333,7 +12552,7 @@ CLASS="COMMAND"
 ><A
 NAME="MESSAGECOMMAND"
 ></A
->message command (G)</DT
+>&#62;message command (G)</DT
 ><DD
 ><P
 >This specifies what command to run when the 
@@ -12347,7 +12566,7 @@ NAME="MESSAGECOMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->message command = csh -c 'xedit %s;rm %s' &#38;</B
+>message command = csh -c 'xedit %s;rm %s' &amp;</B
 >
 		</P
 ><P
@@ -12355,12 +12574,15 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >xedit</B
 >, then 
-		removes it afterwards. <I
+		removes it afterwards. <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOTE THAT IT IS VERY IMPORTANT 
 		THAT THIS COMMAND RETURN IMMEDIATELY</I
+></SPAN
 >. That's why I 
-		have the '&#38;' on the end. If it doesn't return immediately then 
+		have the '&amp;' on the end. If it doesn't return immediately then 
 		your PCs may freeze when sending messages (they should recover 
 		after 30 seconds, hopefully).</P
 ><P
@@ -12424,7 +12646,7 @@ CLASS="PARAMETER"
 ><B
 CLASS="COMMAND"
 >message command = /bin/mail -s 'message from %f on 
-		%m' root &#60; %s; rm %s</B
+		%m' root &lt; %s; rm %s</B
 ></P
 ><P
 >If you don't have a message command then the message 
@@ -12440,22 +12662,25 @@ CLASS="COMMAND"
 >message command = rm %s</B
 ></P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no message command</I
+></SPAN
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >message command = csh -c 'xedit %s;
-		rm %s' &#38;</B
+		rm %s' &amp;</B
 ></P
 ></DD
 ><DT
 ><A
 NAME="MINPASSWDLENGTH"
 ></A
->min passwd length (G)</DT
+>&#62;min passwd length (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -12472,7 +12697,7 @@ CLASS="PARAMETER"
 ><A
 NAME="MINPASSWORDLENGTH"
 ></A
->min password length (G)</DT
+>&#62;min password length (G)</DT
 ><DD
 ><P
 >This option sets the minimum length in characters 
@@ -12519,7 +12744,7 @@ CLASS="COMMAND"
 ><A
 NAME="MINPRINTSPACE"
 ></A
->min print space (S)</DT
+>&#62;min print space (S)</DT
 ><DD
 ><P
 >This sets the minimum amount of free disk 
@@ -12552,7 +12777,7 @@ CLASS="COMMAND"
 ><A
 NAME="MINPROTOCOL"
 ></A
->min protocol (G)</DT
+>&#62;min protocol (G)</DT
 ><DD
 ><P
 >The value of the parameter (a string) is the 
@@ -12602,13 +12827,15 @@ CLASS="COMMAND"
 ><A
 NAME="MINWINSTTL"
 ></A
->min wins ttl (G)</DT
+>&#62;min wins ttl (G)</DT
 ><DD
 ><P
->This option tells <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
+>This option tells <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 >
 		when acting as a WINS server (<A
 HREF="#WINSSUPPORT"
@@ -12635,7 +12862,7 @@ CLASS="COMMAND"
 ><A
 NAME="MSDFSPROXY"
 ></A
->msdfs proxy (S)</DT
+>&#62;msdfs proxy (S)</DT
 ><DD
 ><P
 >This parameter indicates that the share is a
@@ -12668,14 +12895,14 @@ CLASS="PARAMETER"
 ><P
 >Example: <B
 CLASS="COMMAND"
->msdfs proxy = \otherserver\someshare</B
+>msdfs proxy = \\\\otherserver\\someshare</B
 ></P
 ></DD
 ><DT
 ><A
 NAME="MSDFSROOT"
 ></A
->msdfs root (S)</DT
+>&#62;msdfs root (S)</DT
 ><DD
 ><P
 >This boolean parameter is only available if 
@@ -12691,15 +12918,15 @@ CLASS="CONSTANT"
 		Dfs links are specified  in  the share directory by symbolic 
 		links of the form <TT
 CLASS="FILENAME"
->msdfs:serverA\shareA,serverB\shareB</TT
+>msdfs:serverA\\shareA,serverB\\shareB</TT
 >
 		and so on.  For more information on setting up a Dfs tree 
 		on Samba,  refer to <A
-HREF="msdfs_setup.html"
+HREF="msdfs.html"
 TARGET="_top"
->msdfs_setup.html
-		</A
->.</P
+>"Hosting a Microsoft 
+		Distributed File System tree on Samba"</A
+> document.</P
 ><P
 >See also <A
 HREF="#HOSTMSDFS"
@@ -12721,7 +12948,7 @@ CLASS="COMMAND"
 ><A
 NAME="NAMECACHETIMEOUT"
 ></A
->name cache timeout (G)</DT
+>&#62;name cache timeout (G)</DT
 ><DD
 ><P
 >Specifies the number of seconds it takes before 
@@ -12743,7 +12970,7 @@ CLASS="COMMAND"
 ><A
 NAME="NAMERESOLVEORDER"
 ></A
->name resolve order (G)</DT
+>&#62;name resolve order (G)</DT
 ><DD
 ><P
 >This option is used by the programs in the Samba 
@@ -12848,7 +13075,7 @@ CLASS="COMMAND"
 ><A
 NAME="NETBIOSALIASES"
 ></A
->netbios aliases (G)</DT
+>&#62;netbios aliases (G)</DT
 ><DD
 ><P
 >This is a list of NetBIOS names that <A
@@ -12874,9 +13101,12 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >empty string (no additional names)</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -12888,7 +13118,7 @@ CLASS="COMMAND"
 ><A
 NAME="NETBIOSNAME"
 ></A
->netbios name (G)</DT
+>&#62;netbios name (G)</DT
 ><DD
 ><P
 >This sets the NetBIOS name by which a Samba 
@@ -12909,9 +13139,12 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >machine DNS name</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -12923,7 +13156,7 @@ CLASS="COMMAND"
 ><A
 NAME="NETBIOSSCOPE"
 ></A
->netbios scope (G)</DT
+>&#62;netbios scope (G)</DT
 ><DD
 ><P
 >This sets the NetBIOS scope that Samba will 
@@ -12934,7 +13167,7 @@ NAME="NETBIOSSCOPE"
 ><A
 NAME="NISHOMEDIR"
 ></A
->nis homedir (G)</DT
+>&#62;nis homedir (G)</DT
 ><DD
 ><P
 >Get the home share server from a NIS map. For 
@@ -12978,7 +13211,7 @@ CLASS="COMMAND"
 ><A
 NAME="NONUNIXACCOUNTRANGE"
 ></A
->non unix account range (G)</DT
+>&#62;non unix account range (G)</DT
 ><DD
 ><P
 >The non unix account range parameter specifies 
@@ -12996,7 +13229,7 @@ NAME="NONUNIXACCOUNTRANGE"
 ><P
 >Default: <B
 CLASS="COMMAND"
->non unix account range = &#60;empty string&#62;
+>non unix account range = &lt;empty string&gt;
 		</B
 ></P
 ><P
@@ -13009,7 +13242,7 @@ CLASS="COMMAND"
 ><A
 NAME="NTACLSUPPORT"
 ></A
->nt acl support (S)</DT
+>&#62;nt acl support (S)</DT
 ><DD
 ><P
 >This boolean parameter controls whether 
@@ -13031,14 +13264,16 @@ CLASS="COMMAND"
 ><A
 NAME="NTPIPESUPPORT"
 ></A
->nt pipe support (G)</DT
+>&#62;nt pipe support (G)</DT
 ><DD
 ><P
 >This boolean parameter controls whether 
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > will allow Windows NT 
 		clients to connect to the NT SMB specific <TT
 CLASS="CONSTANT"
@@ -13056,7 +13291,7 @@ CLASS="COMMAND"
 ><A
 NAME="NTSTATUSSUPPORT"
 ></A
->nt status support (G)</DT
+>&#62;nt status support (G)</DT
 ><DD
 ><P
 >This boolean parameter controls whether <A
@@ -13084,16 +13319,18 @@ CLASS="COMMAND"
 ><A
 NAME="NULLPASSWORDS"
 ></A
->null passwords (G)</DT
+>&#62;null passwords (G)</DT
 ><DD
 ><P
 >Allow or disallow client access to accounts 
 		that have null passwords. </P
 ><P
->See also <A
-HREF="smbpasswd.5.html"
-TARGET="_top"
->smbpasswd (5)</A
+>See also <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
 >.</P
 ><P
 >Default: <B
@@ -13105,7 +13342,7 @@ CLASS="COMMAND"
 ><A
 NAME="OBEYPAMRESTRICTIONS"
 ></A
->obey pam restrictions (G)</DT
+>&#62;obey pam restrictions (G)</DT
 ><DD
 ><P
 >When Samba 2.2 is configured to enable PAM support
@@ -13135,7 +13372,7 @@ CLASS="COMMAND"
 ><A
 NAME="ONLYUSER"
 ></A
->only user (S)</DT
+>&#62;only user (S)</DT
 ><DD
 ><P
 >This is a boolean option that controls whether 
@@ -13195,7 +13432,7 @@ CLASS="COMMAND"
 ><A
 NAME="ONLYGUEST"
 ></A
->only guest (S)</DT
+>&#62;only guest (S)</DT
 ><DD
 ><P
 >A synonym for <A
@@ -13212,7 +13449,7 @@ CLASS="PARAMETER"
 ><A
 NAME="OPLOCKBREAKWAITTIME"
 ></A
->oplock break wait time (G)</DT
+>&#62;oplock break wait time (G)</DT
 ><DD
 ><P
 >This is a tuning parameter added due to bugs in 
@@ -13223,10 +13460,13 @@ NAME="OPLOCKBREAKWAITTIME"
 		is the amount of time Samba will wait before sending an oplock break 
 		request to such (broken) clients.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
 		AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
+></SPAN
 >.</P
 ><P
 >Default: <B
@@ -13238,12 +13478,15 @@ CLASS="COMMAND"
 ><A
 NAME="OPLOCKCONTENTIONLIMIT"
 ></A
->oplock contention limit (S)</DT
+>&#62;oplock contention limit (S)</DT
 ><DD
 ><P
->This is a <I
+>This is a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >very</I
+></SPAN
 > advanced 
 		<A
 HREF="smbd.8.html"
@@ -13253,23 +13496,27 @@ TARGET="_top"
 		improve the efficiency of the granting of oplocks under multiple 
 		client contention for the same file.</P
 ><P
->In brief it specifies a number, which causes <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> not to 
-		grant an oplock even when requested if the approximate number of 
-		clients contending for an oplock on the same file goes over this 
+>In brief it specifies a number, which causes <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>not to grant an oplock even when requested 
+		if the approximate number of clients contending for an oplock on the same file goes over this 
 		limit. This causes <B
 CLASS="COMMAND"
 >smbd</B
 > to behave in a similar 
 		way to Windows NT.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
 		AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
+></SPAN
 >.</P
 ><P
 >Default: <B
@@ -13281,7 +13528,7 @@ CLASS="COMMAND"
 ><A
 NAME="OPLOCKS"
 ></A
->oplocks (S)</DT
+>&#62;oplocks (S)</DT
 ><DD
 ><P
 >This boolean option tells <B
@@ -13351,13 +13598,16 @@ CLASS="COMMAND"
 ><A
 NAME="NTLMAUTH"
 ></A
->ntlm auth (G)</DT
+>&#62;ntlm auth (G)</DT
 ><DD
 ><P
->This parameter determines whether or not <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
+>This parameter determines 
+		whether or not <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > will
 		attempt to authenticate users using the NTLM password hash.
 		If disabled, only the lanman password hashes will be used. 
@@ -13366,7 +13616,8 @@ TARGET="_top"
 >Please note that at least this option or <B
 CLASS="COMMAND"
 >lanman auth</B
-> should be enabled in order to be able to log in.
+> should 
+		be enabled in order to be able to log in.
 		</P
 ><P
 >Default : <B
@@ -13378,15 +13629,17 @@ CLASS="COMMAND"
 ><A
 NAME="OSLEVEL"
 ></A
->os level (G)</DT
+>&#62;os level (G)</DT
 ><DD
 ><P
 >This integer value controls what level Samba 
 		advertises itself as for browse elections. The value of this 
-		parameter determines whether <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
+		parameter determines whether <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 > 
 		has a chance of becoming a local master browser for the <TT
 CLASS="PARAMETER"
@@ -13395,9 +13648,12 @@ CLASS="PARAMETER"
 ></TT
 > in the local broadcast area.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note :</I
+></SPAN
 >By default, Samba will win 
 		a local master browsing election over all Microsoft operating 
 		systems except a Windows NT 4.0/2000 Domain Controller.  This 
@@ -13426,15 +13682,15 @@ CLASS="COMMAND"
 ><A
 NAME="OS2DRIVERMAP"
 ></A
->os2 driver map (G)</DT
+>&#62;os2 driver map (G)</DT
 ><DD
 ><P
 >The parameter is used to define the absolute
 		path to a file containing a mapping of Windows NT printer driver
 		names to OS/2 printer driver names.  The format is:</P
 ><P
->&#60;nt driver name&#62; = &#60;os2 driver 
-		name&#62;.&#60;device name&#62;</P
+>&lt;nt driver name&gt; = &lt;os2 driver 
+		name&gt;.&lt;device name&gt;</P
 ><P
 >For example, a valid entry using the HP LaserJet 5
 		printer driver would appear as <B
@@ -13445,21 +13701,16 @@ CLASS="COMMAND"
 ><P
 >The need for the file is due to the printer driver namespace 
 		problem described in the <A
-HREF="printer_driver2.html"
+HREF="printing.html"
 TARGET="_top"
 >Samba 
 		Printing HOWTO</A
 >.  For more details on OS/2 clients, please 
-		refer to the <A
-HREF="OS2-Client-HOWTO.html"
-TARGET="_top"
->OS2-Client-HOWTO
-		</A
-> containing in the Samba documentation.</P
+		refer to the OS2-Client-HOWTO containing in the Samba documentation.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->os2 driver map = &#60;empty string&#62;
+>os2 driver map = &lt;empty string&gt;
 		</B
 ></P
 ></DD
@@ -13467,7 +13718,7 @@ CLASS="COMMAND"
 ><A
 NAME="PAMPASSWORDCHANGE"
 ></A
->pam password change (G)</DT
+>&#62;pam password change (G)</DT
 ><DD
 ><P
 >With the addition of better PAM support in Samba 2.2, 
@@ -13505,25 +13756,28 @@ CLASS="COMMAND"
 ><A
 NAME="PANICACTION"
 ></A
->panic action (G)</DT
+>&#62;panic action (G)</DT
 ><DD
 ><P
 >This is a Samba developer option that allows a 
-		system command to be called when either <A
-HREF="smbd.8.html"
-TARGET="_top"
->		smbd(8)</A
-> or <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
-> 
-		crashes. This is usually used to draw attention to the fact that 
-		a problem occurred.</P
+		system command to be called when either <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> or <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>	crashes. This is usually used to 
+		draw attention to the fact that a problem occurred.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->panic action = &#60;empty string&#62;</B
+>panic action = &lt;empty string&gt;</B
 ></P
 ><P
 >Example: <B
@@ -13535,15 +13789,19 @@ CLASS="COMMAND"
 ><A
 NAME="PARANOIDSERVERSECURITY"
 ></A
->paranoid server security (G)</DT
+>&#62;paranoid server security (G)</DT
 ><DD
 ><P
 >Some version of NT 4.x allow non-guest 
 		users with a bad passowrd. When this option is enabled, samba will not 
 		use a broken NT 4.x server as password server, but instead complain
-		to the logs and exit.
+		to the logs and exit.  
 		</P
 ><P
+>Disabling this option prevents Samba from making
+	        this check, which involves deliberatly attempting a
+	        bad logon to the remote server.</P
+><P
 >Default: <B
 CLASS="COMMAND"
 >paranoid server security = yes</B
@@ -13553,7 +13811,7 @@ CLASS="COMMAND"
 ><A
 NAME="PASSDBBACKEND"
 ></A
->passdb backend (G)</DT
+>&#62;passdb backend (G)</DT
 ><DD
 ><P
 >This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both 
@@ -13765,23 +14023,30 @@ CLASS="COMMAND"
 ><A
 NAME="PASSWDCHAT"
 ></A
->passwd chat (G)</DT
+>&#62;passwd chat (G)</DT
 ><DD
 ><P
->This string controls the <I
+>This string controls the <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >"chat"</I
+></SPAN
 > 
-		conversation that takes places between <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
+		conversation that takes places between <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > and the local password changing
 		program to change the user's password. The string describes a 
-		sequence of response-receive pairs that <A
-HREF="smbd.8.html"
-TARGET="_top"
->		smbd(8)</A
+		sequence of response-receive pairs that <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > uses to determine what to send to the 
 		<A
 HREF="#PASSWDPROGRAM"
@@ -13812,9 +14077,12 @@ CLASS="PARAMETER"
 CLASS="CONSTANT"
 >yes</TT
 >. This 
-		sequence is then called <I
+		sequence is then called <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
+></SPAN
 > when the SMB password 
 		in the smbpasswd file is being changed, without access to the old 
 		password cleartext. This means that root must be able to reset the user's password
@@ -13835,16 +14103,16 @@ CLASS="PARAMETER"
 		for the new password.  The chat sequence can also contain the standard 
 		macros <TT
 CLASS="CONSTANT"
->\n</TT
+>\\n</TT
 >, <TT
 CLASS="CONSTANT"
->\r</TT
+>\\r</TT
 >, <TT
 CLASS="CONSTANT"
->		\t</TT
+>		\\t</TT
 > and <TT
 CLASS="CONSTANT"
->\s</TT
+>\\s</TT
 > to give line-feed, 
 		carriage-return, tab and space.  The chat sequence string can also contain 
 		a '*' which matches any sequence of characters.
@@ -13909,14 +14177,14 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->passwd chat = *new*password* %n\n 
-		*new*password* %n\n *changed*</B
+>passwd chat = *new*password* %n\\n 
+		*new*password* %n\\n *changed*</B
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->passwd chat = "*Enter OLD password*" %o\n 
-		"*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password 
+>passwd chat = "*Enter OLD password*" %o\\n 
+		"*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password 
 		changed*"</B
 ></P
 ></DD
@@ -13924,19 +14192,24 @@ CLASS="COMMAND"
 ><A
 NAME="PASSWDCHATDEBUG"
 ></A
->passwd chat debug (G)</DT
+>&#62;passwd chat debug (G)</DT
 ><DD
 ><P
 >This boolean specifies if the passwd chat script 
-		parameter is run in <I
+		parameter is run in <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >debug</I
+></SPAN
 > mode. In this mode the 
 		strings passed to and received from the passwd chat are printed 
-		in the <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+		in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > log with a 
 		<A
 HREF="#DEBUGLEVEL"
@@ -14014,7 +14287,7 @@ CLASS="COMMAND"
 ><A
 NAME="PASSWDPROGRAM"
 ></A
->passwd program (G)</DT
+>&#62;passwd program (G)</DT
 ><DD
 ><P
 >The name of a program that can be used to set 
@@ -14027,18 +14300,24 @@ CLASS="PARAMETER"
 		will be replaced with the user name. The user name is checked for 
 		existence before calling the password changing program.</P
 ><P
->Also note that many passwd programs insist in <I
+>Also note that many passwd programs insist in <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >reasonable
 		</I
+></SPAN
 > passwords, such as a minimum length, or the inclusion 
 		of mixed case chars and digits. This can pose a problem as some clients 
 		(such as Windows for Workgroups) uppercase the password before sending 
 		it.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that if the <TT
 CLASS="PARAMETER"
 ><I
@@ -14049,9 +14328,12 @@ CLASS="PARAMETER"
 CLASS="CONSTANT"
 >yes
 		</TT
-> then this program is called <I
+> then this program is called <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
+></SPAN
 > 
 		before the SMB password in the <A
 HREF="smbpasswd.5.html"
@@ -14071,13 +14353,19 @@ CLASS="PARAMETER"
 >unix password sync</I
 ></TT
 > parameter 
-		is set this parameter <I
+		is set this parameter <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >MUST USE ABSOLUTE PATHS</I
+></SPAN
 > 
-		for <I
+		for <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >ALL</I
+></SPAN
 > programs called, and must be examined 
 		for security implications. Note that by default <TT
 CLASS="PARAMETER"
@@ -14116,7 +14404,7 @@ CLASS="COMMAND"
 ><A
 NAME="PASSWORDLEVEL"
 ></A
->password level (G)</DT
+>&#62;password level (G)</DT
 ><DD
 ><P
 >Some client/server combinations have difficulty 
@@ -14176,7 +14464,7 @@ CLASS="COMMAND"
 ><A
 NAME="PASSWORDSERVER"
 ></A
->password server (G)</DT
+>&#62;password server (G)</DT
 ><DD
 ><P
 >By specifying the name of another SMB server (such 
@@ -14216,15 +14504,21 @@ CLASS="PARAMETER"
 		the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
 		user level security mode.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOTE:</I
+></SPAN
 > Using a password server 
 		means your UNIX box (running Samba) is only as secure as your 
-		password server. <I
+		password server. <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >DO NOT CHOOSE A PASSWORD SERVER THAT 
 		YOU DON'T COMPLETELY TRUST</I
+></SPAN
 >.</P
 ><P
 >Never point a Samba server at itself for password 
@@ -14281,7 +14575,7 @@ CLASS="PARAMETER"
 		Primary or Backup Domain controllers to authenticate against by 
 		doing a query for the name <TT
 CLASS="CONSTANT"
->WORKGROUP&#60;1C&#62;</TT
+>WORKGROUP&lt;1C&gt;</TT
 > 
 		and then contacting each server returned in the list of IP 
 		addresses from the name resolution source. </P
@@ -14359,7 +14653,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->password server = &#60;empty string&#62;</B
+>password server = &lt;empty string&gt;</B
 >
 		</P
 ><P
@@ -14378,7 +14672,7 @@ CLASS="COMMAND"
 ><A
 NAME="PATH"
 ></A
->path (S)</DT
+>&#62;path (S)</DT
 ><DD
 ><P
 >This parameter specifies a directory to which 
@@ -14419,9 +14713,12 @@ CLASS="PARAMETER"
 ></A
 > if one was specified.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -14433,7 +14730,7 @@ CLASS="COMMAND"
 ><A
 NAME="PIDDIRECTORY"
 ></A
->pid directory (G)</DT
+>&#62;pid directory (G)</DT
 ><DD
 ><P
 >This option specifies the directory where pid 
@@ -14454,16 +14751,15 @@ CLASS="COMMAND"
 ><A
 NAME="POSIXLOCKING"
 ></A
->posix locking (S)</DT
+>&#62;posix locking (S)</DT
 ><DD
 ><P
->The <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
+>The <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 >
 		daemon maintains an database of file locks obtained by SMB clients.
 		The default behavior is to map this internal database to POSIX
@@ -14481,7 +14777,7 @@ CLASS="COMMAND"
 ><A
 NAME="POSTEXEC"
 ></A
->postexec (S)</DT
+>&#62;postexec (S)</DT
 ><DD
 ><P
 >This option specifies a command to be run 
@@ -14508,23 +14804,26 @@ CLASS="PARAMETER"
 		</A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none (no command executed)</I
+></SPAN
 >
 		</P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >postexec = echo \"%u disconnected from %S 
-		from %m (%I)\" &#62;&#62; /tmp/log</B
+		from %m (%I)\" &gt;&gt; /tmp/log</B
 ></P
 ></DD
 ><DT
 ><A
 NAME="POSTSCRIPT"
 ></A
->postscript (S)</DT
+>&#62;postscript (S)</DT
 ><DD
 ><P
 >This parameter forces a printer to interpret 
@@ -14547,7 +14846,7 @@ CLASS="COMMAND"
 ><A
 NAME="PREEXEC"
 ></A
->preexec (S)</DT
+>&#62;preexec (S)</DT
 ><DD
 ><P
 >This option specifies a command to be run whenever 
@@ -14560,7 +14859,7 @@ NAME="PREEXEC"
 ><B
 CLASS="COMMAND"
 >preexec = csh -c 'echo \"Welcome to %S!\" |
-		 /usr/local/samba/bin/smbclient -M %m -I %I' &#38; </B
+		 /usr/local/samba/bin/smbclient -M %m -I %I' &amp; </B
 ></P
 ><P
 >Of course, this could get annoying after a while :-)</P
@@ -14585,22 +14884,25 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none (no command executed)</I
+></SPAN
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >preexec = echo \"%u connected to %S from %m
-		(%I)\" &#62;&#62; /tmp/log</B
+		(%I)\" &gt;&gt; /tmp/log</B
 ></P
 ></DD
 ><DT
 ><A
 NAME="PREEXECCLOSE"
 ></A
->preexec close (S)</DT
+>&#62;preexec close (S)</DT
 ><DD
 ><P
 >This boolean option controls whether a non-zero 
@@ -14624,7 +14926,7 @@ CLASS="COMMAND"
 ><A
 NAME="PREFERREDMASTER"
 ></A
->preferred master (G)</DT
+>&#62;preferred master (G)</DT
 ><DD
 ><P
 >This boolean parameter controls if <A
@@ -14686,7 +14988,7 @@ CLASS="COMMAND"
 ><A
 NAME="PREFEREDMASTER"
 ></A
->prefered master (G)</DT
+>&#62;prefered master (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -14703,7 +15005,7 @@ CLASS="PARAMETER"
 ><A
 NAME="PRELOAD"
 ></A
->preload (G)</DT
+>&#62;preload (G)</DT
 ><DD
 ><P
 >This is a list of services that you want to be 
@@ -14722,9 +15024,12 @@ CLASS="PARAMETER"
 ></A
 > option is easier.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no preloaded services</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -14736,7 +15041,7 @@ CLASS="COMMAND"
 ><A
 NAME="PRESERVECASE"
 ></A
->preserve case (S)</DT
+>&#62;preserve case (S)</DT
 ><DD
 ><P
 > This controls if new filenames are created
@@ -14758,7 +15063,7 @@ CLASS="COMMAND"
 ></P
 ><P
 >See the section on <A
-HREF="#AEN205"
+HREF="#AEN206"
 >NAME 
 		MANGLING</A
 > for a fuller discussion.</P
@@ -14767,7 +15072,7 @@ HREF="#AEN205"
 ><A
 NAME="PRINTCOMMAND"
 ></A
->print command (S)</DT
+>&#62;print command (S)</DT
 ><DD
 ><P
 >After a print job has finished spooling to 
@@ -14800,9 +15105,12 @@ CLASS="COMMAND"
 >%z - the size of the spooled
 		print job (in bytes)</P
 ><P
->The print command <I
+>The print command <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >MUST</I
+></SPAN
 > contain at least 
 		one occurrence of <TT
 CLASS="PARAMETER"
@@ -14860,7 +15168,7 @@ CLASS="PARAMETER"
 ><P
 ><B
 CLASS="COMMAND"
->print command = echo Printing %s &#62;&#62; 
+>print command = echo Printing %s &gt;&gt; 
 		/tmp/print.log; lpr -P %p %s; rm %s</B
 ></P
 ><P
@@ -14936,7 +15244,7 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTOK"
 ></A
->print ok (S)</DT
+>&#62;print ok (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -14953,7 +15261,7 @@ CLASS="PARAMETER"
 ><A
 NAME="PRINTABLE"
 ></A
->printable (S)</DT
+>&#62;printable (S)</DT
 ><DD
 ><P
 >If this parameter is <TT
@@ -14986,7 +15294,7 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTCAP"
 ></A
->printcap (G)</DT
+>&#62;printcap (G)</DT
 ><DD
 ><P
 >Synonym for 	<A
@@ -15003,7 +15311,7 @@ CLASS="PARAMETER"
 ><A
 NAME="PRINTCAPNAME"
 ></A
->printcap name (G)</DT
+>&#62;printcap name (G)</DT
 ><DD
 ><P
 >This parameter may be used to override the 
@@ -15011,7 +15319,7 @@ NAME="PRINTCAPNAME"
 CLASS="FILENAME"
 >		/etc/printcap</TT
 >). See the discussion of the <A
-HREF="#AEN79"
+HREF="#AEN80"
 >[printers]</A
 > section above for reasons 
 		why you might want to do this.</P
@@ -15060,32 +15368,25 @@ CLASS="COMMAND"
 ><P
 >A minimal printcap file would look something like this:</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->		print1|My Printer 1
-		print2|My Printer 2
-		print3|My Printer 3
-		print4|My Printer 4
-		print5|My Printer 5
-		</PRE
-></TD
-></TR
-></TABLE
+>print1|My Printer 1
+print2|My Printer 2
+print3|My Printer 3
+print4|My Printer 4
+print5|My Printer 5</PRE
 ></P
 ><P
 >where the '|' separates aliases of a printer. The fact 
 		that the second alias has a space in it gives a hint to Samba 
 		that it's a comment.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOTE</I
+></SPAN
 >: Under AIX the default printcap 
 		name is <TT
 CLASS="FILENAME"
@@ -15114,7 +15415,7 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTERADMIN"
 ></A
->printer admin (S)</DT
+>&#62;printer admin (S)</DT
 ><DD
 ><P
 >This is a list of users that can do anything to 
@@ -15124,7 +15425,7 @@ NAME="PRINTERADMIN"
 ><P
 >Default: <B
 CLASS="COMMAND"
->printer admin = &#60;empty string&#62;</B
+>printer admin = &lt;empty string&gt;</B
 >
 		</P
 ><P
@@ -15137,17 +15438,20 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTERDRIVER"
 ></A
->printer driver (S)</DT
+>&#62;printer driver (S)</DT
 ><DD
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note :</I
+></SPAN
 >This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
 		the <A
-HREF="printer_driver2.html"
+HREF="printing.html"
 TARGET="_top"
 >Samba 2.2. Printing
 		HOWTO</A
@@ -15196,17 +15500,20 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTERDRIVERFILE"
 ></A
->printer driver file (G)</DT
+>&#62;printer driver file (G)</DT
 ><DD
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note :</I
+></SPAN
 >This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
 		the <A
-HREF="printer_driver2.html"
+HREF="printing.html"
 TARGET="_top"
 >Samba 2.2. Printing
 		HOWTO</A
@@ -15254,9 +15561,12 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >None (set in compile).</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -15269,17 +15579,20 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTERDRIVERLOCATION"
 ></A
->printer driver location (S)</DT
+>&#62;printer driver location (S)</DT
 ><DD
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note :</I
+></SPAN
 >This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
 		the <A
-HREF="printer_driver2.html"
+HREF="printing.html"
 TARGET="_top"
 >Samba 2.2. Printing
 		HOWTO</A
@@ -15333,7 +15646,7 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTERNAME"
 ></A
->printer name (S)</DT
+>&#62;printer name (S)</DT
 ><DD
 ><P
 >This parameter specifies the name of the printer 
@@ -15343,13 +15656,16 @@ NAME="PRINTERNAME"
 		name given will be used for any printable service that does 
 		not have its own printer name specified.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >none (but may be <TT
 CLASS="CONSTANT"
 >lp</TT
 > 
 		on many systems)</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -15361,7 +15677,7 @@ CLASS="COMMAND"
 ><A
 NAME="PRINTER"
 ></A
->printer (S)</DT
+>&#62;printer (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -15378,7 +15694,7 @@ CLASS="PARAMETER"
 ><A
 NAME="PRINTING"
 ></A
->printing (S)</DT
+>&#62;printing (S)</DT
 ><DD
 ><P
 >This parameters controls how printer status 
@@ -15458,7 +15774,7 @@ TARGET="_top"
 >This option can be set on a per printer basis</P
 ><P
 >See also the discussion in the <A
-HREF="#AEN79"
+HREF="#AEN80"
 >		[printers]</A
 > section.</P
 ></DD
@@ -15466,7 +15782,7 @@ HREF="#AEN79"
 ><A
 NAME="PRIVATEDIR"
 ></A
->private dir (G)</DT
+>&#62;private dir (G)</DT
 ><DD
 ><P
 >This parameters defines the directory
@@ -15489,7 +15805,7 @@ CLASS="COMMAND"
 ><A
 NAME="PROTOCOL"
 ></A
->protocol (G)</DT
+>&#62;protocol (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -15506,7 +15822,7 @@ CLASS="PARAMETER"
 ><A
 NAME="PUBLIC"
 ></A
->public (S)</DT
+>&#62;public (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -15524,7 +15840,7 @@ CLASS="PARAMETER"
 ><A
 NAME="QUEUEPAUSECOMMAND"
 ></A
->queuepause command (S)</DT
+>&#62;queuepause command (S)</DT
 ><DD
 ><P
 >This parameter specifies the command to be 
@@ -15551,7 +15867,9 @@ CLASS="PARAMETER"
 		path in the command as the PATH may not be available to the 
 		server.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >depends on the setting of <TT
 CLASS="PARAMETER"
@@ -15560,6 +15878,7 @@ CLASS="PARAMETER"
 		</I
 ></TT
 ></I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -15571,7 +15890,7 @@ CLASS="COMMAND"
 ><A
 NAME="QUEUERESUMECOMMAND"
 ></A
->queueresume command (S)</DT
+>&#62;queueresume command (S)</DT
 ><DD
 ><P
 >This parameter specifies the command to be 
@@ -15608,7 +15927,9 @@ CLASS="PARAMETER"
 		path in the command as the PATH may not be available to the 
 		server.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >depends on the setting of <A
 HREF="#PRINTING"
@@ -15619,6 +15940,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 ></I
+></SPAN
 >
 		</P
 ><P
@@ -15632,7 +15954,7 @@ CLASS="COMMAND"
 ><A
 NAME="READBMPX"
 ></A
->read bmpx (G)</DT
+>&#62;read bmpx (G)</DT
 ><DD
 ><P
 >This boolean parameter controls whether <A
@@ -15656,7 +15978,7 @@ CLASS="COMMAND"
 ><A
 NAME="READLIST"
 ></A
->read list (S)</DT
+>&#62;read list (S)</DT
 ><DD
 ><P
 >This is a list of users that are given read-only 
@@ -15702,7 +16024,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->read list = &#60;empty string&#62;</B
+>read list = &lt;empty string&gt;</B
 ></P
 ><P
 >Example: <B
@@ -15714,7 +16036,7 @@ CLASS="COMMAND"
 ><A
 NAME="READONLY"
 ></A
->read only (S)</DT
+>&#62;read only (S)</DT
 ><DD
 ><P
 >An inverted synonym is <A
@@ -15738,9 +16060,12 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >printable = yes</B
 >)
-		will <I
+		will <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >ALWAYS</I
+></SPAN
 > allow writing to the directory 
 		(user privileges permitting), but only via spooling operations.</P
 ><P
@@ -15753,7 +16078,7 @@ CLASS="COMMAND"
 ><A
 NAME="READRAW"
 ></A
->read raw (G)</DT
+>&#62;read raw (G)</DT
 ><DD
 ><P
 >This parameter controls whether or not the server 
@@ -15788,7 +16113,7 @@ CLASS="COMMAND"
 ><A
 NAME="READSIZE"
 ></A
->read size (G)</DT
+>&#62;read size (G)</DT
 ><DD
 ><P
 >The option <TT
@@ -15829,7 +16154,7 @@ CLASS="COMMAND"
 ><A
 NAME="REALM"
 ></A
->realm (G)</DT
+>&#62;realm (G)</DT
 ><DD
 ><P
 >		This option specifies the kerberos realm to use. The realm is 
@@ -15854,7 +16179,7 @@ CLASS="COMMAND"
 ><A
 NAME="REMOTEANNOUNCE"
 ></A
->remote announce (G)</DT
+>&#62;remote announce (G)</DT
 ><DD
 ><P
 >This option allows you to setup <A
@@ -15898,9 +16223,10 @@ CLASS="PARAMETER"
 		addresses of the remote networks, but can also be the IP addresses 
 		of known browse masters if your network config is that stable.</P
 ><P
->See the documentation file <TT
-CLASS="FILENAME"
->BROWSING.txt</TT
+>See the documentation file <A
+HREF="improved-browsing.html"
+TARGET="_top"
+>BROWSING</A
 > 
 		in the <TT
 CLASS="FILENAME"
@@ -15909,7 +16235,7 @@ CLASS="FILENAME"
 ><P
 >Default: <B
 CLASS="COMMAND"
->remote announce = &#60;empty string&#62;
+>remote announce = &lt;empty string&gt;
 		</B
 ></P
 ></DD
@@ -15917,7 +16243,7 @@ CLASS="COMMAND"
 ><A
 NAME="REMOTEBROWSESYNC"
 ></A
->remote browse sync (G)</DT
+>&#62;remote browse sync (G)</DT
 ><DD
 ><P
 >This option allows you to setup <A
@@ -15959,7 +16285,7 @@ CLASS="COMMAND"
 ><P
 >Default: <B
 CLASS="COMMAND"
->remote browse sync = &#60;empty string&#62;
+>remote browse sync = &lt;empty string&gt;
 		</B
 ></P
 ></DD
@@ -15967,7 +16293,7 @@ CLASS="COMMAND"
 ><A
 NAME="RESTRICTANONYMOUS"
 ></A
->restrict anonymous (G)</DT
+>&#62;restrict anonymous (G)</DT
 ><DD
 ><P
 >This is a integer parameter, and
@@ -15987,7 +16313,7 @@ CLASS="COMMAND"
 ><A
 NAME="ROOT"
 ></A
->root (G)</DT
+>&#62;root (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -16004,7 +16330,7 @@ CLASS="PARAMETER"
 ><A
 NAME="ROOTDIR"
 ></A
->root dir (G)</DT
+>&#62;root dir (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -16021,7 +16347,7 @@ CLASS="PARAMETER"
 ><A
 NAME="ROOTDIRECTORY"
 ></A
->root directory (G)</DT
+>&#62;root directory (G)</DT
 ><DD
 ><P
 >The server will <B
@@ -16058,9 +16384,12 @@ CLASS="PARAMETER"
 >root directory</I
 ></TT
 > 
-		option, <I
+		option, <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >including</I
+></SPAN
 > some files needed for 
 		complete operation of the server. To maintain full operability 
 		of the server you will need to mirror some system files 
@@ -16092,7 +16421,7 @@ CLASS="COMMAND"
 ><A
 NAME="ROOTPOSTEXEC"
 ></A
->root postexec (S)</DT
+>&#62;root postexec (S)</DT
 ><DD
 ><P
 >This is the same as the <TT
@@ -16117,7 +16446,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->root postexec = &#60;empty string&#62;
+>root postexec = &lt;empty string&gt;
 		</B
 ></P
 ></DD
@@ -16125,7 +16454,7 @@ CLASS="COMMAND"
 ><A
 NAME="ROOTPREEXEC"
 ></A
->root preexec (S)</DT
+>&#62;root preexec (S)</DT
 ><DD
 ><P
 >This is the same as the <TT
@@ -16158,7 +16487,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->root preexec = &#60;empty string&#62;
+>root preexec = &lt;empty string&gt;
 		</B
 ></P
 ></DD
@@ -16166,7 +16495,7 @@ CLASS="COMMAND"
 ><A
 NAME="ROOTPREEXECCLOSE"
 ></A
->root preexec close (S)</DT
+>&#62;root preexec close (S)</DT
 ><DD
 ><P
 >This is the same as the <TT
@@ -16204,7 +16533,7 @@ CLASS="COMMAND"
 ><A
 NAME="SECURITY"
 ></A
->security (G)</DT
+>&#62;security (G)</DT
 ><DD
 ><P
 >This option affects how clients respond to 
@@ -16214,11 +16543,12 @@ CLASS="FILENAME"
 > file.</P
 ><P
 >The option sets the "security mode bit" in replies to 
-		protocol negotiations with <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)
-		</A
+		protocol negotiations with <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > to turn share level security on or off. Clients decide 
 		based on this bit whether (and how) to transfer user and password 
 		information to the server.</P
@@ -16293,9 +16623,12 @@ CLASS="PARAMETER"
 >It is possible to use <B
 CLASS="COMMAND"
 >smbd</B
-> in a <I
+> in a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >		hybrid mode</I
+></SPAN
 > where it is offers both user and share 
 		level security under different <A
 HREF="#NETBIOSALIASES"
@@ -16312,10 +16645,13 @@ CLASS="PARAMETER"
 ><A
 NAME="SECURITYEQUALSSHARE"
 ></A
+>&#62;<SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >SECURITY = SHARE
 		</I
+></SPAN
 ></P
 ><P
 >When clients connect to a share level security server they 
@@ -16333,9 +16669,12 @@ CLASS="COMMAND"
 >Note that <B
 CLASS="COMMAND"
 >smbd</B
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >ALWAYS</I
+></SPAN
 > 
 		uses a valid UNIX user to act on behalf of the client, even in
 		<B
@@ -16395,10 +16734,13 @@ CLASS="PARAMETER"
 ></LI
 ><LI
 ><P
->If the client did a previous <I
+>If the client did a previous <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >logon
 			</I
+></SPAN
 > request (the SessionSetup SMB call) then the 
 			username sent in this SMB will be added as a potential username.
 			</P
@@ -16453,28 +16795,34 @@ CLASS="PARAMETER"
 >, then this 
 		guest user will be used, otherwise access is denied.</P
 ><P
->Note that it can be <I
+>Note that it can be <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >very</I
+></SPAN
 > confusing 
 		in share-level security as to which UNIX username will eventually
 		be used in granting access.</P
 ><P
 >See also the section <A
-HREF="#AEN238"
+HREF="#AEN239"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
 ><A
 NAME="SECURITYEQUALSUSER"
 ></A
+>&#62;<SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >SECURITY = USER
 		</I
+></SPAN
 ></P
 ><P
->This is the default security setting in Samba 2.2. 
+>This is the default security setting in Samba 3.0. 
 		With user-level security a client must first "log-on" with a 
 		valid username and password (which can be mapped using the <A
 HREF="#USERNAMEMAP"
@@ -16514,13 +16862,19 @@ CLASS="PARAMETER"
 		may change the UNIX user to use on this connection, but only after 
 		the user has been successfully authenticated.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that the name of the resource being 
-		requested is <I
+		requested is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
@@ -16545,62 +16899,87 @@ CLASS="PARAMETER"
 > parameter for details on doing this.</P
 ><P
 >See also the section <A
-HREF="#AEN238"
+HREF="#AEN239"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
 ><A
-NAME="SECURITYEQUALSSERVER"
+NAME="SECURITYEQUALSDOMAIN"
 ></A
+>&#62;<SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
->SECURITY = SERVER
+>SECURITY = DOMAIN
+
 		</I
+></SPAN
 ></P
 ><P
->In this mode Samba will try to validate the username/password 
-		by passing it to another SMB server, such as an NT box. If this 
-		fails it will revert to <B
-CLASS="COMMAND"
->security = user</B
->, but note 
-		that if encrypted passwords have been negotiated then Samba cannot 
-		revert back to checking the UNIX password file, it must have a valid 
-		<TT
-CLASS="FILENAME"
->smbpasswd</TT
-> file to check users against. See the 
-		documentation file in the <TT
-CLASS="FILENAME"
->docs/</TT
-> directory 
-		<TT
-CLASS="FILENAME"
->ENCRYPTION.txt</TT
-> for details on how to set this 
-		up.</P
+>This mode will only work correctly if <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>net</SPAN
+>(8)</SPAN
+> has been used to add this
+		machine into a Windows NT Domain. It expects the <A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypted passwords</I
+></TT
+>
+		</A
+> parameter to be set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>. In this 
+		mode Samba will try to validate the username/password by passing
+		it to a Windows NT Primary or Backup Domain Controller, in exactly 
+		the same way that a Windows NT Server would do.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
-> that from the client's point of 
-		view <B
+></SPAN
+> that a valid UNIX user must still 
+		exist as well as the account on the Domain Controller to allow 
+		Samba to have a valid UNIX account to map file access to.</P
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Note</I
+></SPAN
+> that from the client's point 
+		of view <B
 CLASS="COMMAND"
->security = server</B
+>security = domain</B
 > is the same as <B
 CLASS="COMMAND"
->		security = user</B
->.  It only affects how the server deals 
-		with the authentication, it does not in any way affect what the 
-		client sees.</P
+>security = user
+		</B
+>. It only affects how the server deals with the authentication, 
+		it does not in any way affect what the client sees.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that the name of the resource being 
-		requested is <I
+		requested is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
@@ -16625,7 +17004,7 @@ CLASS="PARAMETER"
 > parameter for details on doing this.</P
 ><P
 >See also the section <A
-HREF="#AEN238"
+HREF="#AEN239"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
@@ -16650,20 +17029,24 @@ CLASS="PARAMETER"
 > parameter.</P
 ><P
 ><A
-NAME="SECURITYEQUALSDOMAIN"
+NAME="SECURITYEQUALSSERVER"
 ></A
+>&#62;<SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
->SECURITY = DOMAIN
+>SECURITY = SERVER
 		</I
+></SPAN
 ></P
 ><P
->This mode will only work correctly if <A
-HREF="smbpasswd.8.html"
-TARGET="_top"
->smbpasswd(8)</A
-> has been used to add this 
-		machine into a Windows NT Domain. It expects the <A
+>In this mode Samba will try to validate the username/password 
+		by passing it to another SMB server, such as an NT box. If this 
+		fails it will revert to <B
+CLASS="COMMAND"
+>security =
+		user</B
+>. It expects the <A
 HREF="#ENCRYPTPASSWORDS"
 ><TT
 CLASS="PARAMETER"
@@ -16672,42 +17055,76 @@ CLASS="PARAMETER"
 ></TT
 >
 		</A
-> parameter to be set to <TT
+> parameter to be set to
+		<TT
 CLASS="CONSTANT"
 >yes</TT
->. In this 
-		mode Samba will try to validate the username/password by passing
-		it to a Windows NT Primary or Backup Domain Controller, in exactly 
-		the same way that a Windows NT Server would do.</P
+>, unless the remote server
+		does not support them.  However note
+		that if encrypted passwords have been negotiated then Samba cannot 
+		revert back to checking the UNIX password file, it must have a valid 
+		<TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file to check users against. See the 
+		documentation file in the <TT
+CLASS="FILENAME"
+>docs/</TT
+> directory 
+		<TT
+CLASS="FILENAME"
+>ENCRYPTION.txt</TT
+> for details on how to set this 
+		up.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
-> that a valid UNIX user must still 
-		exist as well as the account on the Domain Controller to allow 
-		Samba to have a valid UNIX account to map file access to.</P
-><P
+></SPAN
+> this mode of operation
+		has significant pitfalls, due to the fact that is
+		activly initiates a man-in-the-middle attack on the
+		remote SMB server.  In particular, this mode of
+		operation can cause significant resource consuption on
+		the PDC, as it must maintain an active connection for
+		the duration of the user's session.  Furthermore, if
+		this connection is lost, there is no way to
+		reestablish it, and futher authenticaions to the Samba
+		server may fail.  (From a single client, till it
+		disconnects). </P
+><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
-> that from the client's point 
-		of view <B
+></SPAN
+> that from the client's point of 
+		view <B
 CLASS="COMMAND"
->security = domain</B
+>security = server</B
 > is the same as <B
 CLASS="COMMAND"
->security = user
-		</B
->. It only affects how the server deals with the authentication, 
-		it does not in any way affect what the client sees.</P
+>		security = user</B
+>.  It only affects how the server deals 
+		with the authentication, it does not in any way affect what the 
+		client sees.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that the name of the resource being 
-		requested is <I
+		requested is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
@@ -16731,22 +17148,8 @@ CLASS="PARAMETER"
 		</A
 > parameter for details on doing this.</P
 ><P
-><I
-CLASS="EMPHASIS"
->BUG:</I
-> There is currently a bug in the 
-		implementation of <B
-CLASS="COMMAND"
->security = domain</B
-> with respect 
-		to multi-byte character set usernames. The communication with a 
-		Domain Controller must be done in UNICODE and Samba currently 
-		does not widen multi-byte user names to UNICODE correctly, thus 
-		a multi-byte username will not be recognized correctly at the 
-		Domain Controller. This issue will be addressed in a future release.</P
-><P
 >See also the section <A
-HREF="#AEN238"
+HREF="#AEN239"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
@@ -16784,7 +17187,7 @@ CLASS="COMMAND"
 ><A
 NAME="SECURITYMASK"
 ></A
->security mask (S)</DT
+>&#62;security mask (S)</DT
 ><DD
 ><P
 >This parameter controls what UNIX permission 
@@ -16802,9 +17205,12 @@ NAME="SECURITYMASK"
 		a user to modify all the user/group/world permissions on a file.
 		</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that users who can access the 
 		Samba server through other means can easily bypass this 
 		restriction, so it is primarily useful for standalone 
@@ -16856,7 +17262,7 @@ CLASS="COMMAND"
 ><A
 NAME="SERVERSTRING"
 ></A
->server string (G)</DT
+>&#62;server string (G)</DT
 ><DD
 ><P
 >This controls what string will show up in the 
@@ -16901,7 +17307,7 @@ CLASS="COMMAND"
 ><A
 NAME="SETDIRECTORY"
 ></A
->set directory (S)</DT
+>&#62;set directory (S)</DT
 ><DD
 ><P
 >If <B
@@ -16927,7 +17333,7 @@ CLASS="COMMAND"
 ><A
 NAME="SHAREMODES"
 ></A
->share modes (S)</DT
+>&#62;share modes (S)</DT
 ><DD
 ><P
 >This enables or disables the honoring of 
@@ -16971,9 +17377,12 @@ CLASS="CONSTANT"
 >This option gives full share compatibility and enabled 
 		by default.</P
 ><P
->You should <I
+>You should <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NEVER</I
+></SPAN
 > turn this parameter 
 		off as many Windows applications will break if you do so.</P
 ><P
@@ -16986,7 +17395,7 @@ CLASS="COMMAND"
 ><A
 NAME="SHORTPRESERVECASE"
 ></A
->short preserve case (S)</DT
+>&#62;short preserve case (S)</DT
 ><DD
 ><P
 >This boolean parameter controls if new files 
@@ -17012,7 +17421,7 @@ CLASS="COMMAND"
 		names are lowered. </P
 ><P
 >See the section on <A
-HREF="#AEN205"
+HREF="#AEN206"
 >		NAME MANGLING</A
 >.</P
 ><P
@@ -17025,7 +17434,7 @@ CLASS="COMMAND"
 ><A
 NAME="SHOWADDPRINTERWIZARD"
 ></A
->show add printer wizard (G)</DT
+>&#62;show add printer wizard (G)</DT
 ><DD
 ><P
 >With the introduction of MS-RPC based printing support
@@ -17056,9 +17465,12 @@ CLASS="PARAMETER"
 ></TT
 >
 		parameter will always cause the OpenPrinterEx() on the server
-		to fail.  Thus the APW icon will never be displayed. <I
+		to fail.  Thus the APW icon will never be displayed. <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >		Note :</I
+></SPAN
 >This does not prevent the same user from having 
 		administrative privilege on an individual printer.</P
 ><P
@@ -17098,12 +17510,15 @@ CLASS="COMMAND"
 ><A
 NAME="SHUTDOWNSCRIPT"
 ></A
->shutdown script (G)</DT
+>&#62;shutdown script (G)</DT
 ><DD
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >This parameter only exists in the HEAD cvs branch</I
+></SPAN
 >
 		This a full path name to a script called by
 		<A
@@ -17144,9 +17559,12 @@ CLASS="PARAMETER"
 >%r</I
 ></TT
 > will be substituted with the
-		switch <I
+		switch <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >-r</I
+></SPAN
 >. It means reboot after shutdown
 		for NT.
 		</P
@@ -17157,15 +17575,21 @@ CLASS="PARAMETER"
 >%f</I
 ></TT
 > will be substituted with the
-		switch <I
+		switch <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >-f</I
+></SPAN
 >. It means force the shutdown
 		even if applications do not respond for NT.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >None</I
+></SPAN
 >.</P
 ><P
 >Example: <B
@@ -17174,25 +17598,15 @@ CLASS="COMMAND"
 ></P
 ><P
 >Shutdown script example:
-		<TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
+<PRE
 CLASS="PROGRAMLISTING"
->		#!/bin/bash
+>#!/bin/bash
 		
-		$time=0
-		let "time/60"
-		let "time++"
+$time=0
+let "time/60"
+let "time++"
 
-		/sbin/shutdown $3 $4 +$time $1 &#38;
-		</PRE
-></TD
-></TR
-></TABLE
+/sbin/shutdown $3 $4 +$time $1 &amp;</PRE
 >
 		Shutdown does not return so we need to launch it in background.
 		</P
@@ -17211,7 +17625,7 @@ CLASS="PARAMETER"
 ><A
 NAME="SMBPASSWDFILE"
 ></A
->smb passwd file (G)</DT
+>&#62;smb passwd file (G)</DT
 ><DD
 ><P
 >This option sets the path to the encrypted 
@@ -17234,7 +17648,7 @@ CLASS="COMMAND"
 ><A
 NAME="SMBPORTS"
 ></A
->smb ports (G)</DT
+>&#62;smb ports (G)</DT
 ><DD
 ><P
 >Specifies which ports the server should listen on
@@ -17250,7 +17664,7 @@ CLASS="COMMAND"
 ><A
 NAME="SOCKETADDRESS"
 ></A
->socket address (G)</DT
+>&#62;socket address (G)</DT
 ><DD
 ><P
 >This option allows you to control what 
@@ -17271,7 +17685,7 @@ CLASS="COMMAND"
 ><A
 NAME="SOCKETOPTIONS"
 ></A
->socket options (G)</DT
+>&#62;socket options (G)</DT
 ><DD
 ><P
 >This option allows you to set socket options 
@@ -17352,9 +17766,12 @@ TARGET="_top"
 ></LI
 ></UL
 ><P
->Those marked with a <I
+>Those marked with a <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >'*'</I
+></SPAN
 > take an integer 
 		argument. The others can optionally take a 1 or 0 argument to enable 
 		or disable the option, by default they will be enabled if you 
@@ -17402,7 +17819,7 @@ CLASS="COMMAND"
 ><A
 NAME="SOURCEENVIRONMENT"
 ></A
->source environment (G)</DT
+>&#62;source environment (G)</DT
 ><DD
 ><P
 >This parameter causes Samba to set environment 
@@ -17426,9 +17843,12 @@ CLASS="COMMAND"
 >SAMBA_NETBIOS_NAME = myhostname</B
 ></P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >No default value</I
+></SPAN
 ></P
 ><P
 >Examples: <B
@@ -17447,27 +17867,37 @@ CLASS="COMMAND"
 ><A
 NAME="SPNEGO"
 ></A
->use spnego (G)</DT
+>&#62;use spnego (G)</DT
 ><DD
 ><P
-> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism.  As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller.  It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</P
+> This variable controls controls whether samba will try 
+		to use Simple and Protected NEGOciation (as specified by rfc2478) with 
+		WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. 
+		Unless further issues are discovered with our SPNEGO
+		implementation, there is no reason this should ever be
+		disabled.</P
 ><P
->Default:  <I
+>Default:  <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >use spnego = yes</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="STATCACHE"
 ></A
->stat cache (G)</DT
+>&#62;stat cache (G)</DT
 ><DD
 ><P
->This parameter determines if <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
+>This parameter determines if <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > will use a cache in order to 
 		speed up case insensitive name mappings. You should never need 
 		to change this parameter.</P
@@ -17481,7 +17911,7 @@ CLASS="COMMAND"
 ><A
 NAME="STATCACHESIZE"
 ></A
->stat cache size (G)</DT
+>&#62;stat cache size (G)</DT
 ><DD
 ><P
 >This parameter determines the number of 
@@ -17502,7 +17932,7 @@ CLASS="COMMAND"
 ><A
 NAME="STRICTALLOCATE"
 ></A
->strict allocate (S)</DT
+>&#62;strict allocate (S)</DT
 ><DD
 ><P
 >This is a boolean that controls the handling of 
@@ -17539,7 +17969,7 @@ CLASS="COMMAND"
 ><A
 NAME="STRICTLOCKING"
 ></A
->strict locking (S)</DT
+>&#62;strict locking (S)</DT
 ><DD
 ><P
 >This is a boolean that controls the handling of 
@@ -17572,7 +18002,7 @@ CLASS="COMMAND"
 ><A
 NAME="STRICTSYNC"
 ></A
->strict sync (S)</DT
+>&#62;strict sync (S)</DT
 ><DD
 ><P
 >Many Windows applications (including the Windows 
@@ -17585,10 +18015,12 @@ NAME="STRICTSYNC"
 CLASS="CONSTANT"
 >no</TT
 > (the 
-		default) means that <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
+		default) means that <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > ignores the Windows applications requests for
 		a sync call. There is only a possibility of losing data if the
 		operating system itself that Samba is running on crashes, so there is
@@ -17616,7 +18048,7 @@ CLASS="COMMAND"
 ><A
 NAME="STRIPDOT"
 ></A
->strip dot (G)</DT
+>&#62;strip dot (G)</DT
 ><DD
 ><P
 >This is a boolean that controls whether to 
@@ -17632,7 +18064,7 @@ CLASS="COMMAND"
 ><A
 NAME="SYNCALWAYS"
 ></A
->sync always (S)</DT
+>&#62;sync always (S)</DT
 ><DD
 ><P
 >This is a boolean parameter that controls 
@@ -17683,7 +18115,7 @@ CLASS="COMMAND"
 ><A
 NAME="SYSLOG"
 ></A
->syslog (G)</DT
+>&#62;syslog (G)</DT
 ><DD
 ><P
 >This parameter maps how Samba debug messages 
@@ -17718,7 +18150,7 @@ CLASS="COMMAND"
 ><A
 NAME="SYSLOGONLY"
 ></A
->syslog only (G)</DT
+>&#62;syslog only (G)</DT
 ><DD
 ><P
 >If this parameter is set then Samba debug 
@@ -17734,7 +18166,7 @@ CLASS="COMMAND"
 ><A
 NAME="TEMPLATEHOMEDIR"
 ></A
->template homedir (G)</DT
+>&#62;template homedir (G)</DT
 ><DD
 ><P
 >When filling out the user information for a Windows NT 
@@ -17768,14 +18200,16 @@ CLASS="COMMAND"
 ><A
 NAME="TEMPLATESHELL"
 ></A
->template shell (G)</DT
+>&#62;template shell (G)</DT
 ><DD
 ><P
 >When filling out the user information for a Windows NT 
-		user, the <A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
+		user, the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon 
 		uses this parameter to fill in the login shell for that user.</P
 ><P
@@ -17788,7 +18222,7 @@ CLASS="COMMAND"
 ><A
 NAME="TIMEOFFSET"
 ></A
->time offset (G)</DT
+>&#62;time offset (G)</DT
 ><DD
 ><P
 >This parameter is a setting in minutes to add 
@@ -17810,14 +18244,15 @@ CLASS="COMMAND"
 ><A
 NAME="TIMESERVER"
 ></A
->time server (G)</DT
+>&#62;time server (G)</DT
 ><DD
 ><P
->This parameter determines if <A
-HREF="nmbd.8.html"
-TARGET="_top"
-> 			
-		nmbd(8)</A
+>This parameter determines if <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 > advertises itself as a time server to Windows 
 		clients.</P
 ><P
@@ -17830,7 +18265,7 @@ CLASS="COMMAND"
 ><A
 NAME="TIMESTAMPLOGS"
 ></A
->timestamp logs (G)</DT
+>&#62;timestamp logs (G)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -17847,16 +18282,18 @@ CLASS="PARAMETER"
 ><A
 NAME="TOTALPRINTJOBS"
 ></A
->total print jobs (G)</DT
+>&#62;total print jobs (G)</DT
 ><DD
 ><P
 >This parameter accepts an integer value which defines
 		a limit on the maximum number of print jobs that will be accepted 
 		system wide at any given time.  If a print job is submitted
-		by a client which will exceed this number, then <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
+		by a client which will exceed this number, then <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > will return an 
 		error indicating that no space is available on the server.  The 
 		default value of 0 means that no such limit exists.  This parameter
@@ -17887,7 +18324,7 @@ CLASS="COMMAND"
 ><A
 NAME="UNICODE"
 ></A
->unicode (G)</DT
+>&#62;unicode (G)</DT
 ><DD
 ><P
 >Specifies whether Samba should try 
@@ -17904,7 +18341,7 @@ CLASS="COMMAND"
 ><A
 NAME="UNIXCHARSET"
 ></A
->unix charset (G)</DT
+>&#62;unix charset (G)</DT
 ><DD
 ><P
 >Specifies the charset the unix machine 
@@ -17914,19 +18351,19 @@ NAME="UNIXCHARSET"
 ><P
 >Default: <B
 CLASS="COMMAND"
->unix charset = ASCII</B
+>unix charset = UTF8</B
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->unix charset = UTF8</B
+>unix charset = ASCII</B
 ></P
 ></DD
 ><DT
 ><A
 NAME="UNIXEXTENSIONS"
 ></A
->unix extensions(G)</DT
+>&#62;unix extensions(G)</DT
 ><DD
 ><P
 >This boolean parameter controls whether Samba 
@@ -17945,7 +18382,7 @@ CLASS="COMMAND"
 ><A
 NAME="UNIXPASSWORDSYNC"
 ></A
->unix password sync (G)</DT
+>&#62;unix password sync (G)</DT
 ><DD
 ><P
 >This boolean parameter controls whether Samba 
@@ -17960,9 +18397,12 @@ CLASS="PARAMETER"
 >passwd
 		program</I
 ></TT
->parameter is called <I
+>parameter is called <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >AS ROOT</I
+></SPAN
 > - 
 		to allow the new UNIX password to be set without access to the 
 		old UNIX password (as the SMB password change code has no 
@@ -17996,7 +18436,7 @@ CLASS="COMMAND"
 ><A
 NAME="UPDATEENCRYPTED"
 ></A
->update encrypted (G)</DT
+>&#62;update encrypted (G)</DT
 ><DD
 ><P
 >This boolean parameter allows a user logging 
@@ -18051,7 +18491,7 @@ CLASS="COMMAND"
 ><A
 NAME="USECLIENTDRIVER"
 ></A
->use client driver (S)</DT
+>&#62;use client driver (S)</DT
 ><DD
 ><P
 >This parameter applies only to Windows NT/2000
@@ -18080,11 +18520,14 @@ CLASS="COMMAND"
 >If this parameter is enabled for a printer, then any attempt
 		to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
 		to PRINTER_ACCESS_USE instead.  Thus allowing the OpenPrinterEx()
-		call to succeed.  <I
+		call to succeed.  <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >This parameter MUST not be able enabled
 		on a print share which has valid print driver installed on the Samba 
 		server.</I
+></SPAN
 ></P
 ><P
 >See also <A
@@ -18102,7 +18545,7 @@ CLASS="COMMAND"
 ><A
 NAME="USEMMAP"
 ></A
->use mmap (G)</DT
+>&#62;use mmap (G)</DT
 ><DD
 ><P
 >This global parameter determines if the tdb internals of Samba can
@@ -18126,7 +18569,7 @@ CLASS="COMMAND"
 ><A
 NAME="USERHOSTS"
 ></A
->use rhosts (G)</DT
+>&#62;use rhosts (G)</DT
 ><DD
 ><P
 >If this global parameter is <TT
@@ -18140,9 +18583,12 @@ CLASS="FILENAME"
 		will be read to find the names of hosts and users who will be allowed 
 		access without specifying a password.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOTE:</I
+></SPAN
 > The use of <TT
 CLASS="PARAMETER"
 ><I
@@ -18168,7 +18614,7 @@ CLASS="COMMAND"
 ><A
 NAME="USER"
 ></A
->user (S)</DT
+>&#62;user (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -18185,7 +18631,7 @@ CLASS="PARAMETER"
 ><A
 NAME="USERS"
 ></A
->users (S)</DT
+>&#62;users (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -18202,7 +18648,7 @@ CLASS="PARAMETER"
 ><A
 NAME="USERNAME"
 ></A
->username (S)</DT
+>&#62;username (S)</DT
 ><DD
 ><P
 >Multiple users may be specified in a comma-delimited 
@@ -18268,7 +18714,7 @@ CLASS="PARAMETER"
 		will be looked up only in the UNIX groups database and will 
 		expand to a list of all users in the group of that name.</P
 ><P
->If any of the usernames begin with a '&#38;'then the name 
+>If any of the usernames begin with a '&amp;' then the name 
 		will be looked up only in the NIS netgroups database (if Samba 
 		is compiled with netgroup support) and will expand to a list 
 		of all users in the netgroup group of that name.</P
@@ -18278,7 +18724,7 @@ CLASS="PARAMETER"
 		search.</P
 ><P
 >See the section <A
-HREF="#AEN238"
+HREF="#AEN239"
 >NOTE ABOUT 
 		USERNAME/PASSWORD VALIDATION</A
 > for more information on how 
@@ -18287,7 +18733,7 @@ HREF="#AEN238"
 >Default: <B
 CLASS="COMMAND"
 >The guest account if a guest service, 
-		else &#60;empty string&#62;.</B
+		else &lt;empty string&gt;.</B
 ></P
 ><P
 >Examples:<B
@@ -18300,7 +18746,7 @@ CLASS="COMMAND"
 ><A
 NAME="USERNAMELEVEL"
 ></A
->username level (G)</DT
+>&#62;username level (G)</DT
 ><DD
 ><P
 >This option helps Samba to try and 'guess' at 
@@ -18334,7 +18780,7 @@ CLASS="COMMAND"
 ><A
 NAME="USERNAMEMAP"
 ></A
->username map (G)</DT
+>&#62;username map (G)</DT
 ><DD
 ><P
 >This option allows you to specify a file containing 
@@ -18424,20 +18870,10 @@ CLASS="COMMAND"
 		'!' to tell Samba to stop processing if it gets a match on
 		that line.</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->		!sys = mary fred
-		guest = *
-		</PRE
-></TD
-></TR
-></TABLE
+>!sys = mary fred
+guest = *</PRE
 ></P
 ><P
 >Note that the remapping is applied to all occurrences
@@ -18474,9 +18910,12 @@ CLASS="PARAMETER"
 		trouble deleting print jobs as PrintManager under WfWg will think
 		they don't own the print job.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no username map</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -18489,7 +18928,7 @@ CLASS="COMMAND"
 ><A
 NAME="USESENDFILE"
 ></A
->use sendfile (S)</DT
+>&#62;use sendfile (S)</DT
 ><DD
 ><P
 >If this parameter is <TT
@@ -18513,7 +18952,7 @@ CLASS="COMMAND"
 ><A
 NAME="UTMP"
 ></A
->utmp (G)</DT
+>&#62;utmp (G)</DT
 ><DD
 ><P
 >This boolean parameter is only available if
@@ -18553,7 +18992,7 @@ CLASS="COMMAND"
 ><A
 NAME="UTMPDIRECTORY"
 ></A
->utmp directory(G)</DT
+>&#62;utmp directory(G)</DT
 ><DD
 ><P
 >This parameter is only available if Samba has 
@@ -18578,9 +19017,12 @@ CLASS="FILENAME"
 >/var/run/utmp</TT
 > on Linux).</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no utmp directory</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -18592,7 +19034,7 @@ CLASS="COMMAND"
 ><A
 NAME="WTMPDIRECTORY"
 ></A
->wtmp directory(G)</DT
+>&#62;wtmp directory(G)</DT
 ><DD
 ><P
 >This parameter is only available if Samba has 
@@ -18621,9 +19063,12 @@ CLASS="FILENAME"
 >/var/run/wtmp</TT
 > on Linux).</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no wtmp directory</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -18635,11 +19080,11 @@ CLASS="COMMAND"
 ><A
 NAME="VALIDUSERS"
 ></A
->valid users (S)</DT
+>&#62;valid users (S)</DT
 ><DD
 ><P
 >This is a list of users that should be allowed 
-		to login to this service. Names starting with '@', '+' and  '&#38;'
+		to login to this service. Names starting with '@', '+' and  '&amp;'
 		are interpreted using the same rules as described in the 
 		<TT
 CLASS="PARAMETER"
@@ -18676,10 +19121,13 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >No valid users list (anyone can login)
 		</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -18691,7 +19139,7 @@ CLASS="COMMAND"
 ><A
 NAME="VETOFILES"
 ></A
->veto files(S)</DT
+>&#62;veto files(S)</DT
 ><DD
 ><P
 >This is a list of files and directories that 
@@ -18701,9 +19149,12 @@ NAME="VETOFILES"
 		or directories as in DOS wildcards.</P
 ><P
 >Each entry must be a unix path, not a DOS path and 
-		must <I
+		must <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > include the  unix directory 
 		separator '/'.</P
 ><P
@@ -18719,9 +19170,12 @@ CLASS="PARAMETER"
 		is important to be aware of is Samba's behaviour when
 		trying to delete a directory. If a directory that is
 		to be deleted contains nothing but veto files this
-		deletion will <I
+		deletion will <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >fail</I
+></SPAN
 > unless you also set
 		the <TT
 CLASS="PARAMETER"
@@ -18759,19 +19213,16 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >No files or directories are vetoed.
 		</I
+></SPAN
 ></P
 ><P
->Examples:<TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
+>Examples:<PRE
 CLASS="PROGRAMLISTING"
 >; Veto any files containing the word Security, 
 ; any ending in .tmp, and any directory containing the
@@ -18781,16 +19232,13 @@ veto files = /*Security*/*.tmp/*root*/
 ; Veto the Apple specific files that a NetAtalk server
 ; creates.
 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/</PRE
-></TD
-></TR
-></TABLE
 ></P
 ></DD
 ><DT
 ><A
 NAME="VETOOPLOCKFILES"
 ></A
->veto oplock files (S)</DT
+>&#62;veto oplock files (S)</DT
 ><DD
 ><P
 >This parameter is only valid when the <A
@@ -18816,10 +19264,13 @@ CLASS="PARAMETER"
 > 
 		parameter.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >No files are vetoed for oplock 
 		grants</I
+></SPAN
 ></P
 ><P
 >You might want to do this on files that you know will 
@@ -18843,7 +19294,7 @@ CLASS="COMMAND"
 ><A
 NAME="VFSPATH"
 ></A
->vfs path (S)</DT
+>&#62;vfs path (S)</DT
 ><DD
 ><P
 >This parameter specifies the directory
@@ -18868,7 +19319,7 @@ CLASS="COMMAND"
 ><A
 NAME="VFSOBJECT"
 ></A
->vfs object (S)</DT
+>&#62;vfs object (S)</DT
 ><DD
 ><P
 >This parameter specifies a shared object files that 
@@ -18876,16 +19327,19 @@ NAME="VFSOBJECT"
 		disk I/O operations are used but these can be overloaded 
 		with one or more VFS objects. </P
 ><P
->Default : <I
+>Default : <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no value</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="VFSOPTIONS"
 ></A
->vfs options (S)</DT
+>&#62;vfs options (S)</DT
 ><DD
 ><P
 >This parameter allows parameters to be passed 
@@ -18900,32 +19354,38 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default : <I
+>Default : <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >no value</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="VOLUME"
 ></A
->volume (S)</DT
+>&#62;volume (S)</DT
 ><DD
 ><P
 > This allows you to override the volume label 
 		returned for a share. Useful for CDROMs with installation programs 
 		that insist on a particular volume label.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >the name of the share</I
+></SPAN
 ></P
 ></DD
 ><DT
 ><A
 NAME="WIDELINKS"
 ></A
->wide links (S)</DT
+>&#62;wide links (S)</DT
 ><DD
 ><P
 >This parameter controls whether or not links 
@@ -18947,14 +19407,16 @@ CLASS="COMMAND"
 ><A
 NAME="WINBINDCACHETIME"
 ></A
->winbind cache time (G)</DT
+>&#62;winbind cache time (G)</DT
 ><DD
 ><P
->This parameter specifies the number of seconds the
-		<A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
+>This parameter specifies the number of 
+		seconds the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon will cache 
 		user and group information before querying a Windows NT server 
 		again.</P
@@ -18968,19 +19430,19 @@ CLASS="COMMAND"
 ><A
 NAME="WINBINDENUMUSERS"
 ></A
->winbind enum users (G)</DT
+>&#62;winbind enum users (G)</DT
 ><DD
 ><P
->On large installations using
-		<A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
+>On large installations using <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > it may be
-		necessary to suppress the enumeration of users through the
-		<B
+		necessary to suppress the enumeration of users through the <B
 CLASS="COMMAND"
-> setpwent()</B
+>setpwent()</B
 >,
 		<B
 CLASS="COMMAND"
@@ -19005,9 +19467,12 @@ CLASS="COMMAND"
 > system call
 		will not return any data. </P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Warning:</I
+></SPAN
 > Turning off user
 		enumeration may cause some programs to behave oddly.  For
 		example, the finger program relies on having access to the
@@ -19023,19 +19488,19 @@ CLASS="COMMAND"
 ><A
 NAME="WINBINDENUMGROUPS"
 ></A
->winbind enum groups (G)</DT
+>&#62;winbind enum groups (G)</DT
 ><DD
 ><P
->On large installations using
-		<A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
-> it may be
-		necessary to suppress the enumeration of groups through the
-		<B
+>On large installations using <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
+> it may be necessary to suppress 
+		the enumeration of groups through the <B
 CLASS="COMMAND"
-> setgrent()</B
+>setgrent()</B
 >,
 		<B
 CLASS="COMMAND"
@@ -19060,9 +19525,12 @@ CLASS="COMMAND"
 > system
 		call will not return any data. </P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Warning:</I
+></SPAN
 > Turning off group
 		enumeration may cause some programs to behave oddly.
 		</P
@@ -19077,21 +19545,23 @@ CLASS="COMMAND"
 ><A
 NAME="WINBINDGID"
 ></A
->winbind gid (G)</DT
+>&#62;winbind gid (G)</DT
 ><DD
 ><P
 >The winbind gid parameter specifies the range of group 
-		ids that are allocated by the <A
-HREF="winbindd.8.html"
-TARGET="_top"
->		winbindd(8)</A
+		ids that are allocated by the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon.  This range of group ids should have no 
 		existing local or NIS groups within it as strange conflicts can 
 		occur otherwise.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind gid = &#60;empty string&#62;
+>winbind gid = &lt;empty string&gt;
 		</B
 ></P
 ><P
@@ -19104,7 +19574,7 @@ CLASS="COMMAND"
 ><A
 NAME="WINBINDSEPARATOR"
 ></A
->winbind separator (G)</DT
+>&#62;winbind separator (G)</DT
 ><DD
 ><P
 >This parameter allows an admin to define the character 
@@ -19148,21 +19618,23 @@ CLASS="COMMAND"
 ><A
 NAME="WINBINDUID"
 ></A
->winbind uid (G)</DT
+>&#62;winbind uid (G)</DT
 ><DD
 ><P
 >The winbind gid parameter specifies the range of group 
-		ids that are allocated by the <A
-HREF="winbindd.8.html"
-TARGET="_top"
->		winbindd(8)</A
+		ids that are allocated by the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon.  This range of ids should have no 
 		existing local or NIS users within it as strange conflicts can 
 		occur otherwise.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind uid = &#60;empty string&#62;
+>winbind uid = &lt;empty string&gt;
 		</B
 ></P
 ><P
@@ -19172,25 +19644,27 @@ CLASS="COMMAND"
 ></P
 ></DD
 ><DT
->winbind use default domain, <A
+><A
 NAME="WINBINDUSEDEFAULTDOMAIN"
 ></A
->winbind use default domain (G)</DT
+>&#62;winbind use default domain (G)</DT
 ><DD
 ><P
->This parameter specifies whether the <A
-HREF="winbindd.8.html"
-TARGET="_top"
->		winbindd(8)</A
->
-		daemon should operate on users without domain component in their username.  
+>This parameter specifies whether the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
+> daemon should operate on users 
+		without domain component in their username.  
                 Users without a domain component are treated as is part of the winbindd server's 
                 own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
                 function in a way much closer to the way they would in a native unix system.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind use default domain = &#60;no&#62; 
+>winbind use default domain = &lt;no&gt; 
 		</B
 ></P
 ><P
@@ -19203,7 +19677,7 @@ CLASS="COMMAND"
 ><A
 NAME="WINSHOOK"
 ></A
->wins hook (G)</DT
+>&#62;wins hook (G)</DT
 ><DD
 ><P
 >When Samba is running as a WINS server this 
@@ -19268,7 +19742,7 @@ CLASS="COMMAND"
 ><A
 NAME="WINSPROXY"
 ></A
->wins proxy (G)</DT
+>&#62;wins proxy (G)</DT
 ><DD
 ><P
 >This is a boolean that controls if <A
@@ -19291,36 +19765,45 @@ CLASS="COMMAND"
 ><A
 NAME="WINSSERVER"
 ></A
->wins server (G)</DT
+>&#62;wins server (G)</DT
 ><DD
 ><P
 >This specifies the IP address (or DNS name: IP 
-		address for preference) of the WINS server that <A
-HREF="nmbd.8.html"
-TARGET="_top"
->		nmbd(8)</A
+		address for preference) of the WINS server that <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 > should register with. If you have a WINS server on 
 		your network then you should set this to the WINS server's IP.</P
 ><P
 >You should point this at your WINS server if you have a
 		multi-subnetted network.</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOTE</I
+></SPAN
 >. You need to set up Samba to point 
 		to a WINS server if you have multiple subnets and wish cross-subnet 
 		browsing to work correctly.</P
 ><P
->See the documentation file <TT
-CLASS="FILENAME"
->BROWSING.txt</TT
+>See the documentation file <A
+HREF="improved-browsing.html"
+TARGET="_top"
+>BROWSING</A
 > 
 		in the docs/ directory of your Samba source distribution.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not enabled</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -19332,14 +19815,15 @@ CLASS="COMMAND"
 ><A
 NAME="WINSSUPPORT"
 ></A
->wins support (G)</DT
+>&#62;wins support (G)</DT
 ><DD
 ><P
->This boolean controls if the <A
-HREF="nmbd.8.html"
-TARGET="_top"
-> 		
-		nmbd(8)</A
+>This boolean controls if the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 > process in Samba will act as a WINS server. You should 
 		not set this to <TT
 CLASS="CONSTANT"
@@ -19349,9 +19833,12 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >nmbd</B
 > to be your WINS server. 
-		Note that you should <I
+		Note that you should <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NEVER</I
+></SPAN
 > set this to <TT
 CLASS="CONSTANT"
 >yes</TT
@@ -19367,7 +19854,7 @@ CLASS="COMMAND"
 ><A
 NAME="WORKGROUP"
 ></A
->workgroup (G)</DT
+>&#62;workgroup (G)</DT
 ><DD
 ><P
 >This controls what workgroup your server will 
@@ -19381,9 +19868,12 @@ CLASS="COMMAND"
 >
 		setting.</P
 ><P
->Default: <I
+>Default: <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >set at compile time to WORKGROUP</I
+></SPAN
 ></P
 ><P
 >Example: <B
@@ -19395,7 +19885,7 @@ CLASS="COMMAND"
 ><A
 NAME="WRITABLE"
 ></A
->writable (S)</DT
+>&#62;writable (S)</DT
 ><DD
 ><P
 >Synonym for <A
@@ -19412,14 +19902,17 @@ CLASS="PARAMETER"
 ><A
 NAME="WRITECACHESIZE"
 ></A
->write cache size (S)</DT
+>&#62;write cache size (S)</DT
 ><DD
 ><P
 >If this integer parameter is set to non-zero value,
 		Samba will create an in-memory cache for each oplocked file 
-		(it does <I
+		(it does <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >not</I
+></SPAN
 > do this for 
 		non-oplocked files). All writes that the client does not request 
 		to be flushed directly to disk will be stored in this cache if possible. 
@@ -19453,7 +19946,7 @@ CLASS="COMMAND"
 ><A
 NAME="WRITELIST"
 ></A
->write list (S)</DT
+>&#62;write list (S)</DT
 ><DD
 ><P
 >This is a list of users that are given read-write 
@@ -19486,7 +19979,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->write list = &#60;empty string&#62;
+>write list = &lt;empty string&gt;
 		</B
 ></P
 ><P
@@ -19500,7 +19993,7 @@ CLASS="COMMAND"
 ><A
 NAME="WINSPARTNERS"
 ></A
->wins partners (G)</DT
+>&#62;wins partners (G)</DT
 ><DD
 ><P
 >A space separated list of partners' IP addresses for 
@@ -19524,7 +20017,7 @@ CLASS="COMMAND"
 ><A
 NAME="WRITEOK"
 ></A
->write ok (S)</DT
+>&#62;write ok (S)</DT
 ><DD
 ><P
 >Inverted synonym for <A
@@ -19541,7 +20034,7 @@ CLASS="PARAMETER"
 ><A
 NAME="WRITERAW"
 ></A
->write raw (G)</DT
+>&#62;write raw (G)</DT
 ><DD
 ><P
 >This parameter controls whether or not the server 
@@ -19557,7 +20050,7 @@ CLASS="COMMAND"
 ><A
 NAME="WRITEABLE"
 ></A
->writeable (S)</DT
+>&#62;writeable (S)</DT
 ><DD
 ><P
 >Inverted synonym for <A
@@ -19576,7 +20069,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6195"
+NAME="AEN6323"
 ></A
 ><H2
 >WARNINGS</H2
@@ -19587,11 +20080,12 @@ NAME="AEN6195"
 	problem - but be aware of the possibility.</P
 ><P
 >On a similar note, many clients - especially DOS clients - 
-	limit service names to eight characters. <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)
-	</A
+	limit service names to eight characters. <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > has no such limitation, but attempts to connect from such 
 	clients will fail if they truncate the service names.  For this reason 
 	you should probably keep your service names down to eight characters 
@@ -19606,97 +20100,81 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6201"
+NAME="AEN6331"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 3.0 of 
-	the Samba suite.</P
+>This man page is correct for version 3.0 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6204"
+NAME="AEN6334"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
->,
-	<A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)</B
-></A
->,
-	<A
-HREF="swat.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->swat(8)</B
-></A
->,
-	<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->, 
-	<A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
->, 
-	<A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
->, 
-	<A
-HREF="nmblookup.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmblookup(1)</B
-></A
->,
-	<A
-HREF="testparm.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->testparm(1)</B
-></A
->, 
-	<A
-HREF="testprns.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->testprns(1)</B
-></A
->
-	</P
+>	<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>samba</SPAN
+>(7)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>swat</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmblookup</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testparm</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testprns</SPAN
+>(1)</SPAN
+>.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6224"
+NAME="AEN6364"
 ></A
 ><H2
 >AUTHOR</H2
@@ -19708,14 +20186,14 @@ NAME="AEN6224"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html
index e0425d481d..66dbf8d2f9 100644
--- a/docs/htmldocs/smbcacls.1.html
+++ b/docs/htmldocs/smbcacls.1.html
@@ -5,7 +5,7 @@
 >smbcacls</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBCACLS"
+NAME="SMBCACLS.1"
 ></A
 >smbcacls</H1
 ><DIV
@@ -47,10 +47,12 @@ NAME="AEN22"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 >The <B
@@ -62,7 +64,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN28"
+NAME="AEN30"
 ></A
 ><H2
 >OPTIONS</H2
@@ -117,9 +119,12 @@ CLASS="VARIABLELIST"
 >Specifies a username used to connect to the 
 		specified service.  The username may be of the form "username" in 
 		which case the user is prompted to enter in a password and the 
-		workgroup specified in the <TT
-CLASS="FILENAME"
->smb.conf</TT
+		workgroup specified in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file is 
 		used, or "username%password"  or "DOMAIN\username%password" and the 
 		password and workgroup names are used as provided. </P
@@ -182,7 +187,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN75"
+NAME="AEN79"
 ></A
 ><H2
 >ACL FORMAT</H2
@@ -196,8 +201,7 @@ CLASS="PROGRAMLISTING"
 REVISION:&lt;revision number&gt;
 OWNER:&lt;sid or name&gt;
 GROUP:&lt;sid or name&gt;
-ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
-	</PRE
+ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;</PRE
 ></P
 ><P
 >The revision of the ACL specifies the internal Windows 
@@ -211,34 +215,45 @@ ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
 	the file or directory resides. </P
 ><P
 >ACLs specify permissions granted to the SID.  This SID again 
-		can be specified in CWS-1-x-y-z format or as a name in which case 
-		it is resolved against the server on which the file or directory 
-		resides.  The type, flags and mask values determine the type of 
-		access granted to the SID. </P
+	can be specified in CWS-1-x-y-z format or as a name in which case 
+	it is resolved against the server on which the file or directory 
+	resides.  The type, flags and mask values determine the type of 
+	access granted to the SID. </P
 ><P
 >The type can be either 0 or 1 corresponding to ALLOWED or 
-		DENIED access to the SID.  The flags values are generally
-		zero for file ACLs and either 9 or 2 for directory ACLs.  Some 
-		common flags are: </P
+	DENIED access to the SID.  The flags values are generally
+	zero for file ACLs and either 9 or 2 for directory ACLs.  Some 
+	common flags are: </P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1</P
+><TT
+CLASS="CONSTANT"
+>#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1</TT
+></P
 ></LI
 ><LI
 ><P
->#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2</P
+><TT
+CLASS="CONSTANT"
+>#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2</TT
+></P
 ></LI
 ><LI
 ><P
->#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
-			</P
+><TT
+CLASS="CONSTANT"
+>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT     0x4</TT
+></P
 ></LI
 ><LI
 ><P
->#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8</P
+><TT
+CLASS="CONSTANT"
+>#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8</TT
+></P
 ></LI
 ></UL
 ><P
@@ -356,7 +371,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN125"
+NAME="AEN133"
 ></A
 ><H2
 >EXIT STATUS</H2
@@ -380,18 +395,17 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN131"
+NAME="AEN139"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 2.2 of 
-	the Samba suite.</P
+>This man page is correct for version 2.2 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN134"
+NAME="AEN142"
 ></A
 ><H2
 >AUTHOR</H2
@@ -408,7 +422,8 @@ CLASS="COMMAND"
 	and Tim Potter.</P
 ><P
 >The conversion to DocBook for Samba 2.2 was done 
-	by Gerald Carter</P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done
+	by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbclient.1.html b/docs/htmldocs/smbclient.1.html
index ca8cafd312..8ae4f84fe3 100644
--- a/docs/htmldocs/smbclient.1.html
+++ b/docs/htmldocs/smbclient.1.html
@@ -5,7 +5,7 @@
 >smbclient</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBCLIENT"
+NAME="SMBCLIENT.1"
 ></A
 >smbclient</H1
 ><DIV
@@ -38,20 +38,22 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbclient</B
->  {servicename} [password] [-b &lt;buffer size&gt;] [-d debuglevel] [-D Directory] [-U username] [-W workgroup] [-M &lt;netbios name&gt;] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L &lt;netbios name&gt;] [-I destinationIP] [-E] [-c &lt;command string&gt;] [-i scope] [-O &lt;socket options&gt;] [-p port] [-R &lt;name resolve order&gt;] [-s &lt;smb config file&gt;] [-T&lt;c|x&gt;IXFqgbNan]</P
+>  {servicename} [password] [-b &lt;buffer size&gt;] [-d debuglevel] [-D Directory] [-U username] [-W workgroup] [-M &lt;netbios name&gt;] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L &lt;netbios name&gt;] [-I destinationIP] [-E] [-c &lt;command string&gt;] [-i scope] [-O &lt;socket options&gt;] [-p port] [-R &lt;name resolve order&gt;] [-s &lt;smb config file&gt;] [-T&lt;c|x&gt;IXFqgbNan] [-k]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN33"
+NAME="AEN34"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -59,9 +61,12 @@ CLASS="COMMAND"
 >smbclient</B
 > is a client that can 
 	'talk' to an SMB/CIFS server. It offers an interface
-	similar to that of the ftp program (see <B
-CLASS="COMMAND"
->ftp(1)</B
+	similar to that of the ftp program (see <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>ftp</SPAN
+>(1)</SPAN
 >).  
 	Operations include things like getting files from the server 
 	to the local machine, putting files from the local machine to 
@@ -71,7 +76,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN40"
+NAME="AEN45"
 ></A
 ><H2
 >OPTIONS</H2
@@ -126,9 +131,13 @@ CLASS="PARAMETER"
 CLASS="COMMAND"
 >smbclient</B
 > or 
-		using the name resolve order parameter in the <TT
-CLASS="FILENAME"
->smb.conf</TT
+		using the name resolve order parameter in 
+		the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file, 
 		allowing an administrator to change the order and methods 
 		by which server names are looked up. </P
@@ -178,10 +187,13 @@ CLASS="PARAMETER"
 >-s smb.conf</DT
 ><DD
 ><P
->Specifies the location of the all important 
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
+>Specifies the location of the all 
+		important <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file. </P
 ></DD
 ><DT
@@ -189,10 +201,14 @@ CLASS="FILENAME"
 ><DD
 ><P
 >TCP socket options to set on the client 
-		socket. See the socket options parameter in the <TT
-CLASS="FILENAME"
->		smb.conf (5)</TT
-> manpage for the list of valid 
+		socket. See the socket options parameter in 
+		the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> manual page for the list of valid 
 		options. </P
 ></DD
 ><DT
@@ -205,7 +221,7 @@ CLASS="FILENAME"
 		string of different name resolution options.</P
 ><P
 >The options are :"lmhosts", "host", "wins" and "bcast". They 
-		cause names to be resolved as follows :</P
+		cause names to be resolved as follows:</P
 ><P
 ></P
 ><UL
@@ -214,12 +230,15 @@ CLASS="FILENAME"
 ><TT
 CLASS="CONSTANT"
 >lmhosts</TT
-> : Lookup an IP 
+>: Lookup an IP 
 			address in the Samba lmhosts file. If the line in lmhosts has 
-			no name type attached to the NetBIOS name (see the <A
-HREF="lmhosts.5.html"
-TARGET="_top"
->lmhosts(5)</A
+			no name type attached to the NetBIOS name (see 
+			the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>lmhosts</SPAN
+>(5)</SPAN
 > for details) then
 			any name type matches for lookup.</P
 ></LI
@@ -228,7 +247,7 @@ TARGET="_top"
 ><TT
 CLASS="CONSTANT"
 >host</TT
-> : Do a standard host 
+>: Do a standard host 
 			name to IP address resolution, using the system <TT
 CLASS="FILENAME"
 >/etc/hosts
@@ -248,7 +267,7 @@ CLASS="FILENAME"
 ><TT
 CLASS="CONSTANT"
 >wins</TT
-> : Query a name with 
+>: Query a name with 
 			the IP address listed in the <TT
 CLASS="PARAMETER"
 ><I
@@ -263,7 +282,7 @@ CLASS="PARAMETER"
 ><TT
 CLASS="CONSTANT"
 >bcast</TT
-> : Do a broadcast on 
+>: Do a broadcast on 
 			each of the known local interfaces listed in the 
 			<TT
 CLASS="PARAMETER"
@@ -278,9 +297,12 @@ CLASS="PARAMETER"
 ></UL
 ><P
 >If this parameter is not set then the name resolve order 
-		defined in the <TT
-CLASS="FILENAME"
->smb.conf</TT
+		defined in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file parameter  
 		(name resolve order) will be used. </P
 ><P
@@ -291,9 +313,12 @@ CLASS="PARAMETER"
 >name resolve order
 		</I
 ></TT
-> parameter of the <TT
-CLASS="FILENAME"
->smb.conf</TT
+> parameter of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file the name resolution
 		methods will be attempted in this order. </P
 ></DD
@@ -343,9 +368,17 @@ CLASS="PARAMETER"
 > options useful, as they allow you to 
 		control the FROM and TO parts of the message. </P
 ><P
->See the message command parameter in the <TT
-CLASS="FILENAME"
->		smb.conf(5)</TT
+>See the <TT
+CLASS="PARAMETER"
+><I
+>message command</I
+></TT
+> parameter in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > for a description of how to handle incoming 
 		WinPopup messages in Samba. </P
 ><P
@@ -614,8 +647,7 @@ CLASS="COMMAND"
 CLASS="PROGRAMLISTING"
 >username = &lt;value&gt; 
 password = &lt;value&gt;
-domain = &lt;value&gt;
-		</PRE
+domain = &lt;value&gt;</PRE
 ></P
 ><P
 >If the domain parameter is missing the current workgroup name
@@ -690,12 +722,14 @@ CLASS="COMMAND"
 ><DD
 ><P
 >Override the default workgroup (domain) specified
-		in the workgroup parameter of the <TT
-CLASS="FILENAME"
->smb.conf</TT
->
-		file for this connection. This may be needed to connect to some
-		servers. </P
+		in the workgroup parameter of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>	file for this connection. This may be 
+		needed to connect to some servers. </P
 ></DD
 ><DT
 >-T tar options</DT
@@ -905,7 +939,7 @@ CLASS="EMPHASIS"
 ></SPAN
 ></P
 ><P
->All file names can be given as DOS path names (with '\' 
+>All file names can be given as DOS path names (with '\\' 
 		as the component separator) or as UNIX path names (with '/' as 
 		the component separator). </P
 ><P
@@ -1000,13 +1034,21 @@ CLASS="COMMAND"
 >-c 'print -'</B
 >. </P
 ></DD
+><DT
+>-k</DT
+><DD
+><P
+>		Try to authenticate with kerberos. Only useful in 
+		an Active Directory environment.
+		</P
+></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN310"
+NAME="AEN336"
 ></A
 ><H2
 >OPERATIONS</H2
@@ -1019,7 +1061,7 @@ CLASS="PROMPT"
 >smb:\&gt; </TT
 ></P
 ><P
->The backslash ("\") indicates the current working directory 
+>The backslash ("\\") indicates the current working directory 
 	on the server, and will change if the current working directory 
 	is changed. </P
 ><P
@@ -1496,7 +1538,7 @@ CLASS="REPLACEABLE"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN501"
+NAME="AEN527"
 ></A
 ><H2
 >NOTES</H2
@@ -1517,7 +1559,7 @@ NAME="AEN501"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN506"
+NAME="AEN532"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
@@ -1550,7 +1592,7 @@ CLASS="ENVAR"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN514"
+NAME="AEN540"
 ></A
 ><H2
 >INSTALLATION</H2
@@ -1581,10 +1623,12 @@ CLASS="EMPHASIS"
 	and writeable only by the user. </P
 ><P
 >To test the client, you will need to know the name of a 
-	running SMB/CIFS server. It is possible to run <B
-CLASS="COMMAND"
->smbd(8)
-	</B
+	running SMB/CIFS server. It is possible to run <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > as an ordinary user - running that server as a daemon 
 	on a user-accessible port (typically any port number over 1024)
 	would provide a suitable test server. </P
@@ -1592,7 +1636,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN524"
+NAME="AEN552"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -1608,18 +1652,17 @@ NAME="AEN524"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN528"
+NAME="AEN556"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 2.2 of 
-	the Samba suite.</P
+>This man page is correct for version 2.2 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN531"
+NAME="AEN559"
 ></A
 ><H2
 >AUTHOR</H2
@@ -1631,14 +1674,14 @@ NAME="AEN531"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+	was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html
index 12662dcc04..25c8e33e08 100644
--- a/docs/htmldocs/smbcontrol.1.html
+++ b/docs/htmldocs/smbcontrol.1.html
@@ -5,7 +5,7 @@
 >smbcontrol</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBCONTROL"
+NAME="SMBCONTROL.1"
 ></A
 >smbcontrol</H1
 ><DIV
@@ -52,37 +52,42 @@ NAME="AEN17"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbcontrol</B
 > is a very small program, which 
-	sends messages to an <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
->, 
-	an <A
-HREF="nmbd.8.html"
-TARGET="_top"
->nmbd(8)</A
->
-	or a <A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
-> 
-	daemon running on the system.</P
+	sends messages to a <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>, a <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+>, or a <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
+> daemon running on the system.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN26"
+NAME="AEN34"
 ></A
 ><H2
 >OPTIONS</H2
@@ -109,8 +114,7 @@ CLASS="PARAMETER"
 ><I
 >nmbd</I
 ></TT
->
-		<TT
+>, <TT
 CLASS="PARAMETER"
 ><I
 >smbd</I
@@ -322,7 +326,7 @@ CLASS="CONSTANT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN102"
+NAME="AEN110"
 ></A
 ><H2
 >VERSION</H2
@@ -333,33 +337,29 @@ NAME="AEN102"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN105"
+NAME="AEN113"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
->, 
-	and <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->.
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+> and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN112"
+NAME="AEN122"
 ></A
 ><H2
 >AUTHOR</H2
@@ -371,14 +371,14 @@ NAME="AEN112"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+	Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html
index 65f5f95b8d..47788cdb36 100644
--- a/docs/htmldocs/smbd.8.html
+++ b/docs/htmldocs/smbd.8.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >smbd</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBD">smbd</H1
+NAME="SMBD.8"
+></A
+>smbd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -28,13 +29,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbd</B
-> [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d &#60;debug level&#62;] [-l &#60;log directory&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
+>  [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d &lt;debug level&gt;] [-l &lt;log directory&gt;] [-p &lt;port number&gt;] [-O &lt;socket option&gt;] [-s &lt;configuration file&gt;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -44,7 +47,13 @@ NAME="AEN23"
 ><H2
 >DESCRIPTION</H2
 ><P
->This program is part of the Samba suite.</P
+>This program is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
+> suite.</P
 ><P
 ><B
 CLASS="COMMAND"
@@ -61,28 +70,24 @@ CLASS="COMMAND"
 >An extensive description of the services that the 
 	server can provide is given in the man page for the 
 	configuration file controlling the attributes of those 
-	services (see <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)
-	</TT
-></A
+	services (see <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 >.  This man page will not describe the 
 	services, but will concentrate on the administrative aspects 
 	of running the server.</P
 ><P
 >Please note that there are significant security 
-	implications to running this server, and the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)</TT
-></A
-> 
-	manpage should be regarded as mandatory reading before 
+	implications to running this server, and the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> manual page should be regarded as mandatory reading before 
 	proceeding with installation.</P
 ><P
 >A session is created whenever a client requests one. 
@@ -104,7 +109,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN37"
+NAME="AEN42"
 ></A
 ><H2
 >OPTIONS</H2
@@ -222,7 +227,7 @@ CLASS="COMMAND"
 		Samba was built.</P
 ></DD
 ><DT
->-d &#60;debug level&#62;</DT
+>-d &lt;debug level&gt;</DT
 ><DD
 ><P
 ><TT
@@ -251,19 +256,23 @@ CLASS="REPLACEABLE"
 		override the <A
 HREF="smb.conf.5.html#loglevel"
 TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
 >log
-		level</A
-> parameter in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->		<TT
-CLASS="FILENAME"
->smb.conf(5)</TT
+		level</I
+></TT
 ></A
+> parameter in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file.</P
 ></DD
 ><DT
->-l &#60;log directory&#62;</DT
+>-l &lt;log directory&gt;</DT
 ><DD
 ><P
 >If specified,
@@ -280,18 +289,25 @@ CLASS="REPLACEABLE"
 		its size may be controlled by the <A
 HREF="smb.conf.5.html#maxlogsize"
 TARGET="_top"
->max log size</A
->
-		option in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
 ><TT
-CLASS="FILENAME"
->		smb.conf(5)</TT
+CLASS="PARAMETER"
+><I
+>max log size</I
+></TT
 ></A
-> file. <I
+>
+		option in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> file. <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >Beware:</I
+></SPAN
 >
 		If the directory specified does not exist, <B
 CLASS="COMMAND"
@@ -304,26 +320,29 @@ CLASS="COMMAND"
 		compile time.</P
 ></DD
 ><DT
->-O &#60;socket options&#62;</DT
+>-O &lt;socket options&gt;</DT
 ><DD
 ><P
 >See the <A
 HREF="smb.conf.5.html#socketoptions"
 TARGET="_top"
->socket options</A
-> 
-		parameter in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
 ><TT
-CLASS="FILENAME"
->smb.conf(5)
-		</TT
+CLASS="PARAMETER"
+><I
+>socket options</I
+></TT
 ></A
+> 
+		parameter in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file for details.</P
 ></DD
 ><DT
->-p &#60;port number&#62;</DT
+>-p &lt;port number&gt;</DT
 ><DD
 ><P
 ><TT
@@ -354,7 +373,7 @@ CLASS="REPLACEABLE"
 		in the above situation.</P
 ></DD
 ><DT
->-s &#60;configuration file&#62;</DT
+>-s &lt;configuration file&gt;</DT
 ><DD
 ><P
 >The file specified contains the 
@@ -362,13 +381,12 @@ CLASS="REPLACEABLE"
 		information in this file includes server-specific
 		information such as what printcap file to use, as well 
 		as descriptions of all the services that the server is 
-		to provide. See <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->		smb.conf(5)</TT
-></A
+		to provide. See <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > for more information.
 		The default configuration file name is determined at 
 		compile time.</P
@@ -379,7 +397,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN123"
+NAME="AEN135"
 ></A
 ><H2
 >FILES</H2
@@ -402,9 +420,9 @@ CLASS="COMMAND"
 > meta-daemon, this file 
 		must contain suitable startup information for the 
 		meta-daemon. See the <A
-HREF="UNIX_INSTALL.html"
+HREF="install.html"
 TARGET="_top"
->UNIX_INSTALL.html</A
+>"How to Install and Test SAMBA"</A
 >
 		document for details.
 		</P
@@ -422,9 +440,9 @@ CLASS="FILENAME"
 >If running the server as a daemon at startup, 
 		this file will need to contain an appropriate startup 
 		sequence for the server. See the <A
-HREF="UNIX_INSTALL.html"
+HREF="install.html"
 TARGET="_top"
->UNIX_INSTALL.html</A
+>"How to Install and Test SAMBA"</A
 >
 		document for details.</P
 ></DD
@@ -443,9 +461,9 @@ CLASS="COMMAND"
 		must contain a mapping of service name (e.g., netbios-ssn) 
 		to service port (e.g., 139) and protocol type (e.g., tcp). 
 		See the <A
-HREF="UNIX_INSTALL.html"
+HREF="install.html"
 TARGET="_top"
->UNIX_INSTALL.html</A
+>"How to Install and Test SAMBA"</A
 >
 		document for details.</P
 ></DD
@@ -456,34 +474,30 @@ CLASS="FILENAME"
 ></DT
 ><DD
 ><P
->This is the default location of the 
-		<A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf</TT
-></A
->
-		server configuration file. Other common places that systems 
+>This is the default location of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> server configuration file. Other common places that systems 
 		install this file are <TT
 CLASS="FILENAME"
 >/usr/samba/lib/smb.conf</TT
 > 
 		and <TT
 CLASS="FILENAME"
->/etc/smb.conf</TT
+>/etc/samba/smb.conf</TT
 >.</P
 ><P
 >This file describes all the services the server 
-		is to make available to clients. See <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->		<TT
-CLASS="FILENAME"
->smb.conf(5)</TT
-></A
->  for more information.</P
+		is to make available to clients. See <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> for more information.</P
 ></DD
 ></DL
 ></DIV
@@ -491,7 +505,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN159"
+NAME="AEN173"
 ></A
 ><H2
 >LIMITATIONS</H2
@@ -510,7 +524,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN163"
+NAME="AEN177"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
@@ -541,7 +555,7 @@ CLASS="CONSTANT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN172"
+NAME="AEN186"
 ></A
 ><H2
 >PAM INTERACTION</H2
@@ -549,22 +563,35 @@ NAME="AEN172"
 >Samba uses PAM for authentication (when presented with a plaintext 
 	password), for account checking (is this account disabled?) and for
 	session management.  The degree too which samba supports PAM is restricted
-	by the limitations of the SMB protocol and the 
-	<A
+	by the limitations of the SMB protocol and the <A
 HREF="smb.conf.5.html#OBEYPAMRESRICTIONS"
 TARGET="_top"
->obey pam restricions</A
->
-	smb.conf paramater.  When this is set, the following restrictions apply:
+><TT
+CLASS="PARAMETER"
+><I
+>obey 
+	pam restricions</I
+></TT
+></A
+> <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> paramater.  When this is set, the following restrictions apply:
 	</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Account Validation</I
+></SPAN
 >:  All accesses to a 
 	samba server are checked 
 	against PAM to see if the account is vaild, not disabled and is permitted to 
@@ -573,9 +600,12 @@ CLASS="EMPHASIS"
 ></LI
 ><LI
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Session Management</I
+></SPAN
 >:  When not using share 
 	level secuirty, users must pass PAM's session checks before access 
 	is granted.  Note however, that this is bypassed in share level secuirty.  
@@ -588,7 +618,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN183"
+NAME="AEN201"
 ></A
 ><H2
 >VERSION</H2
@@ -599,7 +629,7 @@ NAME="AEN183"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN186"
+NAME="AEN204"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -622,7 +652,7 @@ NAME="AEN186"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN191"
+NAME="AEN209"
 ></A
 ><H2
 >SIGNALS</H2
@@ -644,9 +674,12 @@ CLASS="COMMAND"
 	that <B
 CLASS="COMMAND"
 >SIGKILL (-9)</B
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > 
 	be used, except as a last resort, as this may leave the shared
 	memory area in an inconsistent state. The safe way to terminate 
@@ -660,16 +693,14 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >smbd</B
 > may be raised
-	or lowered using <A
-HREF="smbcontrol.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbcontrol(1)
-	</B
-></A
-> program (SIGUSR[1|2] signals are no longer used in
-	Samba 2.2). This is to allow transient problems to be diagnosed, 
+	or lowered using <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbcontrol</SPAN
+>(1)</SPAN
+> program (SIGUSR[1|2] signals are no longer 
+	used since Samba 2.2). This is to allow transient problems to be diagnosed, 
 	whilst still running at a normally low log level.</P
 ><P
 >Note that as the signal handlers send a debug write, 
@@ -688,55 +719,55 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN208"
+NAME="AEN227"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
->hosts_access(5), <B
-CLASS="COMMAND"
->inetd(8)</B
->, 
-	<A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd(8)</B
-></A
->, 
-	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)</TT
->
-	</A
->, <A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)
-	</B
-></A
->, <A
-HREF="testparm.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->	testparm(1)</B
-></A
->, <A
-HREF="testprns.1.html"
-TARGET="_top"
->	<B
-CLASS="COMMAND"
->testprns(1)</B
-></A
->, and the Internet RFC's
-	<TT
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>hosts_access</SPAN
+>(5)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>inetd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testparm</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>testprns</SPAN
+>(1)</SPAN
+>, and the 
+	Internet RFC's	<TT
 CLASS="FILENAME"
 >rfc1001.txt</TT
 >, <TT
@@ -754,7 +785,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN225"
+NAME="AEN254"
 ></A
 ><H2
 >AUTHOR</H2
@@ -766,14 +797,14 @@ NAME="AEN225"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+	Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbgroupedit.8.html b/docs/htmldocs/smbgroupedit.8.html
index e20b34883c..856c778cb4 100644
--- a/docs/htmldocs/smbgroupedit.8.html
+++ b/docs/htmldocs/smbgroupedit.8.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >smbgroupedit</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBGROUPEDIT">smbgroupedit</H1
+NAME="SMBGROUPEDIT.8"
+></A
+>smbgroupedit</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -28,13 +29,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbroupedit</B
-> [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p privilege|]]</P
+>  [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p privilege|]]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -44,12 +47,13 @@ NAME="AEN13"
 ><H2
 >DESCRIPTION</H2
 ><P
->This program is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->Samba</A
->
-suite.</P
+>This program is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
+> suite.</P
 ><P
 >The  smbgroupedit  command  allows for mapping unix groups
 to NT Builtin, Domain, or Local groups.  Also
@@ -59,7 +63,7 @@ etc.</P
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN18"
+NAME="AEN20"
 ></A
 ><H2
 >OPTIONS</H2
@@ -86,12 +90,6 @@ CLASS="VARIABLELIST"
 ><P
 >give a long listing, of the format:</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >"NT Group Name"
@@ -100,20 +98,10 @@ CLASS="PROGRAMLISTING"
     Group type     :
     Comment        :
     Privilege      :</PRE
-></TD
-></TR
-></TABLE
 ></P
 ><P
->For examples,</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
+>For example:
+<PRE
 CLASS="PROGRAMLISTING"
 >Users
     SID       : S-1-5-32-545
@@ -121,9 +109,6 @@ CLASS="PROGRAMLISTING"
     Group type: Local group
     Comment   :
     Privilege : No privilege</PRE
-></TD
-></TR
-></TABLE
 ></P
 ></DD
 ><DT
@@ -132,34 +117,15 @@ CLASS="PROGRAMLISTING"
 ><P
 >display a short listing of the format:</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >NTGroupName(SID) -&#62; UnixGroupName</PRE
-></TD
-></TR
-></TABLE
 ></P
 ><P
->For example,</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
+>For example:
+<PRE
 CLASS="PROGRAMLISTING"
 >Users (S-1-5-32-545) -&#62; -1</PRE
-></TD
-></TR
-></TABLE
 ></P
 ></DD
 ></DL
@@ -233,23 +199,15 @@ CLASS="FILENAME"
 ></LI
 ><LI
 ><P
->map this domadm group to the 'domain admins' group:
-	</P
+>map this domadm group to the 'domain admins' group:</P
 ><P
 ></P
 ><OL
 TYPE="a"
 ><LI
 ><P
->Get the SID for the Windows NT "Domain Admins"
-		group:</P
+>Get the SID for the Windows NT "Domain Admins" group:</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 ><TT
@@ -260,24 +218,13 @@ CLASS="COMMAND"
 >smbgroupedit -vs | grep "Domain Admins"</B
 >
 Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; -1</PRE
-></TD
-></TR
-></TABLE
 ></P
 ></LI
 ><LI
 ><P
 >map the unix domadm group to the Windows NT
 		"Domain Admins" group, by running the command:
-		</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
+<PRE
 CLASS="PROGRAMLISTING"
 ><TT
 CLASS="PROMPT"
@@ -288,14 +235,14 @@ CLASS="COMMAND"
 -c S-1-5-21-1108995562-3116817432-1375597819-512 \
 -u domadm -td</B
 ></PRE
-></TD
-></TR
-></TABLE
 ></P
 ><P
->		<I
+><SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >warning:</I
+></SPAN
 > don't copy and paste this sample, the
 		Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
 		</P
@@ -304,15 +251,8 @@ CLASS="EMPHASIS"
 ></LI
 ></OL
 ><P
->To verify that your mapping has taken effect:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
+>To verify that your mapping has taken effect:
+<PRE
 CLASS="PROGRAMLISTING"
 ><TT
 CLASS="PROMPT"
@@ -322,22 +262,12 @@ CLASS="COMMAND"
 >smbgroupedit -vs|grep "Domain Admins"</B
 >
 Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; domadm</PRE
-></TD
-></TR
-></TABLE
 ></P
 ><P
 >To give access to a certain directory on a domain member machine (an
 NT/W2K or a samba server running winbind) to some users who are member
-of a group on your samba PDC, flag that group as a domain group:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
+of a group on your samba PDC, flag that group as a domain group:
+<PRE
 CLASS="PROGRAMLISTING"
 ><TT
 CLASS="PROMPT"
@@ -346,15 +276,12 @@ CLASS="PROMPT"
 CLASS="COMMAND"
 >smbgroupedit -a unixgroup -td</B
 ></PRE
-></TD
-></TR
-></TABLE
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN90"
+NAME="AEN87"
 ></A
 ><H2
 >VERSION</H2
@@ -365,21 +292,23 @@ the Samba suite.</P
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN93"
+NAME="AEN90"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN97"
+NAME="AEN96"
 ></A
 ><H2
 >AUTHOR</H2
@@ -394,7 +323,8 @@ CLASS="COMMAND"
 >smbgroupedit</B
 > was written by Jean Francois Micouleau.
 The current set of manpages and documentation is maintained
-by the Samba Team in the same fashion as the Samba source code.</P
+by the Samba Team in the same fashion as the Samba source code. The conversion
+to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbmnt.8.html b/docs/htmldocs/smbmnt.8.html
index 06b9fb1fd3..de3af0b0a4 100644
--- a/docs/htmldocs/smbmnt.8.html
+++ b/docs/htmldocs/smbmnt.8.html
@@ -5,7 +5,7 @@
 >smbmnt</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBMNT"
+NAME="SMBMNT.8"
 ></A
 >smbmnt</H1
 ><DIV
@@ -65,14 +65,12 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >smbmnt</B
 > program is normally invoked 
-	by <A
-HREF="smbmount.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbmount(8)</B
->
-	</A
+	by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbmount</SPAN
+>(8)</SPAN
 >. It should not be invoked directly by users. </P
 ><P
 >smbmount searches the normal PATH for smbmnt. You must ensure
@@ -81,7 +79,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN30"
+NAME="AEN31"
 ></A
 ><H2
 >OPTIONS</H2
@@ -139,7 +137,7 @@ CLASS="VARIABLELIST"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN57"
+NAME="AEN58"
 ></A
 ><H2
 >AUTHOR</H2
@@ -172,7 +170,8 @@ TARGET="_top"
 	</P
 ><P
 >The conversion of this manpage for Samba 2.2 was performed 
-	by Gerald Carter</P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+	was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbmount.8.html b/docs/htmldocs/smbmount.8.html
index 81a3ac04b2..bc9fcf72e2 100644
--- a/docs/htmldocs/smbmount.8.html
+++ b/docs/htmldocs/smbmount.8.html
@@ -5,7 +5,7 @@
 >smbmount</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBMOUNT"
+NAME="SMBMOUNT.8"
 ></A
 >smbmount</H1
 ><DIV
@@ -55,9 +55,12 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >mount.smbfs</B
 > by
-	the <B
-CLASS="COMMAND"
->mount(8)</B
+	the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>mount</SPAN
+>(8)</SPAN
 > command when using the 
 	"-t smbfs" option. This command only works in Linux, and the kernel must
 	support the smbfs filesystem. </P
@@ -80,10 +83,9 @@ CLASS="COMMAND"
 	typically this output will end up in <TT
 CLASS="FILENAME"
 >log.smbmount</TT
->. The
-	<B
+>. The <B
 CLASS="COMMAND"
->smbmount</B
+>	smbmount</B
 > process may also be called mount.smbfs.</P
 ><P
 ><SPAN
@@ -96,9 +98,12 @@ CLASS="EMPHASIS"
 CLASS="COMMAND"
 >smbmount</B
 > 
-	calls <B
-CLASS="COMMAND"
->smbmnt(8)</B
+	calls <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbmnt</SPAN
+>(8)</SPAN
 > to do the actual mount. You 
 	must make sure that <B
 CLASS="COMMAND"
@@ -109,7 +114,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN31"
+NAME="AEN35"
 ></A
 ><H2
 >OPTIONS</H2
@@ -159,16 +164,13 @@ CLASS="COMMAND"
 >credentials=&lt;filename&gt;</DT
 ><DD
 ><P
->specifies a file that contains a username
-		and/or password. The format of the file is:</P
-><P
->		<PRE
+>specifies a file that contains a username and/or password. 
+The format of the file is:
+<PRE
 CLASS="PROGRAMLISTING"
->		username = &lt;value&gt;
-		password = &lt;value&gt;
-		</PRE
->
-		</P
+>username = &lt;value&gt;
+password = &lt;value&gt;</PRE
+></P
 ><P
 >This is preferred over having passwords in plaintext in a
 		shared file, such as <TT
@@ -255,10 +257,12 @@ CLASS="FILENAME"
 >sets the TCP socket options. See the <A
 HREF="smb.conf.5.html#SOCKETOPTIONS"
 TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf
-		</TT
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 ></A
 > <TT
 CLASS="PARAMETER"
@@ -332,7 +336,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN125"
+NAME="AEN130"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
@@ -364,7 +368,7 @@ CLASS="ENVAR"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN133"
+NAME="AEN138"
 ></A
 ><H2
 >BUGS</H2
@@ -399,7 +403,7 @@ NAME="AEN133"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN142"
+NAME="AEN147"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -409,22 +413,19 @@ NAME="AEN142"
 ><P
 >FreeBSD also has a smbfs, but it is not related to smbmount</P
 ><P
->For Solaris, HP-UX and others you may want to look at
-	<A
-HREF="smbsh.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbsh(1)</B
-></A
-> or at other
-	solutions, such as sharity or perhaps replacing the SMB server with
-	a NFS server.</P
+>For Solaris, HP-UX and others you may want to look at <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbsh</SPAN
+>(1)</SPAN
+> or at other solutions, such as 
+	Sharity or perhaps replacing the SMB server with a NFS server.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN149"
+NAME="AEN155"
 ></A
 ><H2
 >AUTHOR</H2
@@ -457,7 +458,8 @@ TARGET="_top"
 	</P
 ><P
 >The conversion of this manpage for Samba 2.2 was performed 
-	by Gerald Carter</P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+	was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html
index ac3ab94691..a07be03b41 100644
--- a/docs/htmldocs/smbpasswd.5.html
+++ b/docs/htmldocs/smbpasswd.5.html
@@ -5,7 +5,7 @@
 >smbpasswd</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBPASSWD"
+NAME="SMBPASSWD.5"
 ></A
 >smbpasswd</H1
 ><DIV
@@ -47,10 +47,12 @@ NAME="AEN11"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 >smbpasswd is the Samba encrypted password file. It contains 
@@ -62,7 +64,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN16"
+NAME="AEN18"
 ></A
 ><H2
 >FILE FORMAT</H2
@@ -204,7 +206,7 @@ CLASS="EMPHASIS"
 		the attributes of the users account. In the Samba 2.2 release 
 		this field is bracketed by '[' and ']' characters and is always 
 		13 characters in length (including the '[' and ']' characters).
-		The contents of this field may be any of the characters.
+		The contents of this field may be any of the following characters:
 		</P
 ><P
 ></P
@@ -241,10 +243,12 @@ CLASS="PARAMETER"
 > parameter is set in the <A
 HREF="smb.conf.5.html#NULLPASSWORDS"
 TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)
-			</TT
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 ></A
 > config file. </P
 ></LI
@@ -257,8 +261,7 @@ CLASS="EMPHASIS"
 >D</I
 ></SPAN
 > - This means the account 
-			is disabled and no SMB/CIFS logins  will be	allowed for 
-			this user. </P
+			is disabled and no SMB/CIFS logins  will be allowed for this user. </P
 ></LI
 ><LI
 ><P
@@ -296,7 +299,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN73"
+NAME="AEN77"
 ></A
 ><H2
 >VERSION</H2
@@ -307,23 +310,23 @@ NAME="AEN73"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN76"
+NAME="AEN80"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbpasswd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbpasswd(8)</B
-></A
->, 
-	<A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 >, and
 	the Internet RFC1321 for details on the MD4 algorithm.
 	</P
@@ -331,7 +334,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN82"
+NAME="AEN89"
 ></A
 ><H2
 >AUTHOR</H2
@@ -343,14 +346,14 @@ NAME="AEN82"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html
index da3cb9f601..223cd02521 100644
--- a/docs/htmldocs/smbpasswd.8.html
+++ b/docs/htmldocs/smbpasswd.8.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >smbpasswd</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBPASSWD">smbpasswd</H1
+NAME="SMBPASSWD.8"
+></A
+>smbpasswd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -28,13 +29,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbpasswd</B
-> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &#60;remote machine&#62;] [-R &#60;name resolve order&#62;] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</P
+>  [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &lt;remote machine&gt;] [-R &lt;name resolve order&gt;] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -44,18 +47,23 @@ NAME="AEN27"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 >The smbpasswd program has several different 
-	functions, depending on whether it is run by the <I
+	functions, depending on whether it is run by the <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >root</I
-> 
-	user or not. When run as a normal user it allows the user to change 
+></SPAN
+> user 
+	or not. When run as a normal user it allows the user to change 
 	the password used for their SMB sessions on any machines that store 
 	SMB passwords. </P
 ><P
@@ -64,25 +72,33 @@ CLASS="EMPHASIS"
 	similar to the way the <B
 CLASS="COMMAND"
 >passwd(1)</B
-> program works. 
-	<B
+> program works. <B
 CLASS="COMMAND"
->smbpasswd</B
+>	smbpasswd</B
 > differs from how the passwd program works 
-	however in that it is not <I
+	however in that it is not <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >setuid root</I
+></SPAN
 > but works in 
-	a client-server mode and communicates with a locally running
-	<B
-CLASS="COMMAND"
->smbd(8)</B
+	a client-server mode and communicates with a 
+	locally running <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 >. As a consequence in order for this to 
 	succeed the smbd daemon must be running on the local machine. On a 
 	UNIX machine the encrypted SMB passwords are usually stored in 
-	the <TT
-CLASS="FILENAME"
->smbpasswd(5)</TT
+	the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
 > file. </P
 ><P
 >When run by an ordinary user with no options, smbpasswd 
@@ -91,18 +107,28 @@ CLASS="FILENAME"
 	was typed correctly. No passwords will be echoed on the screen 
 	whilst being typed. If you have a blank SMB password (specified by 
 	the string "NO PASSWORD" in the smbpasswd file) then just press 
-	the &#60;Enter&#62; key when asked for your old password. </P
+	the &lt;Enter&gt; key when asked for your old password. </P
 ><P
 >smbpasswd can also be used by a normal user to change their
 	SMB password on remote machines, such as Windows NT Primary Domain 
-	Controllers.   See the (-r) and -U options below. </P
+	Controllers.   See the (<TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+>) and <TT
+CLASS="PARAMETER"
+><I
+>-U</I
+></TT
+> options 
+	below. </P
 ><P
 >When run by root, smbpasswd allows new users to be added 
 	and deleted in the smbpasswd file, as well as allows changes to 
-	the attributes of the user in this file to be made. When run by root, 
-	<B
+	the attributes of the user in this file to be made. When run by root, <B
 CLASS="COMMAND"
->smbpasswd</B
+>	smbpasswd</B
 > accesses the local smbpasswd file 
 	directly, thus enabling changes to be made even if smbd is not 
 	running. </P
@@ -110,7 +136,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN43"
+NAME="AEN51"
 ></A
 ><H2
 >OPTIONS</H2
@@ -125,7 +151,7 @@ CLASS="VARIABLELIST"
 ><P
 >This option specifies that the username 
 		following should be added to the local smbpasswd file, with the 
-		new password typed (type &#60;Enter&#62; for the old password). This 
+		new password typed (type &lt;Enter&gt; for the old password). This 
 		option is ignored if the username following already exists in 
 		the smbpasswd file and it is treated like a regular change 
 		password command.  Note that the default passdb backends require 
@@ -169,10 +195,12 @@ CLASS="CONSTANT"
 ><P
 >If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
 		format) there is no space in the user's password entry to write
-		this information and the command will FAIL. See <B
-CLASS="COMMAND"
->smbpasswd(5)
-		</B
+		this information and the command will FAIL. See <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
 > for details on the 'old' and new password file formats.
 		</P
 ><P
@@ -196,9 +224,12 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >		smbpasswd</B
 > will FAIL to enable the account.  
-                See <B
-CLASS="COMMAND"
->smbpasswd (5)</B
+                See <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
 > for 
 		details on the 'old' and new password file formats. </P
 ><P
@@ -294,9 +325,12 @@ CLASS="PARAMETER"
 		copy of the user account database and will not allow the password 
 		change).</P
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Note</I
+></SPAN
 > that Windows 95/98 do not have 
 		a real password database so it is not possible to change passwords 
 		specifying a Win95/98  machine as remote machine target. </P
@@ -310,7 +344,7 @@ CLASS="EMPHASIS"
 		name of the host being connected to. </P
 ><P
 >The options are :"lmhosts", "host", "wins" and "bcast". They
-		 cause names to be resolved as follows : </P
+		 cause names to be resolved as follows: </P
 ><P
 ></P
 ><UL
@@ -319,12 +353,14 @@ CLASS="EMPHASIS"
 ><TT
 CLASS="CONSTANT"
 >lmhosts</TT
-> : Lookup an IP 
+>: Lookup an IP 
             address in the Samba lmhosts file. If the line in lmhosts has 
-            no name type attached to the NetBIOS name (see the <A
-HREF="lmhosts.5.html"
-TARGET="_top"
->lmhosts(5)</A
+            no name type attached to the NetBIOS name (see the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>lmhosts</SPAN
+>(5)</SPAN
 > for details) then
             any name type matches for lookup.</P
 ></LI
@@ -333,7 +369,7 @@ TARGET="_top"
 ><TT
 CLASS="CONSTANT"
 >host</TT
-> : Do a standard host 
+>: Do a standard host 
             name to IP address resolution, using the system <TT
 CLASS="FILENAME"
 >/etc/hosts
@@ -353,7 +389,7 @@ CLASS="FILENAME"
 ><TT
 CLASS="CONSTANT"
 >wins</TT
-> : Query a name with 
+>: Query a name with 
             the IP address listed in the <TT
 CLASS="PARAMETER"
 ><I
@@ -368,7 +404,7 @@ CLASS="PARAMETER"
 ><TT
 CLASS="CONSTANT"
 >bcast</TT
-> : Do a broadcast on 
+>: Do a broadcast on 
             each of the known local interfaces listed in the
             <TT
 CLASS="PARAMETER"
@@ -385,10 +421,12 @@ CLASS="PARAMETER"
 CLASS="COMMAND"
 >lmhosts, host, wins, bcast</B
 > 
-		and without this parameter or any entry in the 
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
+		and without this parameter or any entry in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file the name resolution methods will 
 		be attempted in this order. </P
 ></DD
@@ -474,7 +512,7 @@ CLASS="PARAMETER"
 >.  Note that the password is stored in
 		the <TT
 CLASS="FILENAME"
->private/secrets.tdb</TT
+>secrets.tdb</TT
 > and is keyed off 
 		of the admin's DN.  This means that if the value of <TT
 CLASS="PARAMETER"
@@ -509,9 +547,12 @@ CLASS="PARAMETER"
 ><DD
 ><P
 >This specifies the username for all of the 
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >root only</I
+></SPAN
 > options to operate on. Only root 
 		can specify this parameter as only root has the permission needed 
 		to modify attributes directly in the local smbpasswd file. 
@@ -523,7 +564,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN173"
+NAME="AEN189"
 ></A
 ><H2
 >NOTES</H2
@@ -537,70 +578,71 @@ CLASS="COMMAND"
 	is to add a restriction to the hosts that may access the <B
 CLASS="COMMAND"
 >	smbd</B
-> running on the local machine by specifying a 
-	<TT
+> running on the local machine by specifying either <TT
 CLASS="PARAMETER"
 ><I
->allow hosts</I
+>allow
+	hosts</I
 ></TT
 > or <TT
 CLASS="PARAMETER"
 ><I
 >deny hosts</I
 ></TT
-> 
-	entry in the <TT
-CLASS="FILENAME"
->smb.conf</TT
+> entry in 
+	the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file and neglecting to 
 	allow "localhost" access to the smbd. </P
 ><P
 >In addition, the smbpasswd command is only useful if Samba
-	has been set up to use encrypted passwords. See the file 
-	<TT
-CLASS="FILENAME"
->ENCRYPTION.txt</TT
+	has been set up to use encrypted passwords. See the document <A
+HREF="pwencrypt.html"
+TARGET="_top"
+>	"LanMan and NT Password Encryption in Samba"</A
 > in the docs directory for details 
 	on how to do this. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN183"
+NAME="AEN201"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 3.0 of 
-	the Samba suite.</P
+>This man page is correct for version 3.0 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN186"
+NAME="AEN204"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbpasswd.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smbpasswd(5)</TT
-></A
->, 
-	<A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
->
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbpasswd</SPAN
+>(5)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
+>.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN192"
+NAME="AEN213"
 ></A
 ><H2
 >AUTHOR</H2
@@ -612,14 +654,14 @@ NAME="AEN192"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbsh.1.html b/docs/htmldocs/smbsh.1.html
index bab2b45cdd..c8c61fb6fe 100644
--- a/docs/htmldocs/smbsh.1.html
+++ b/docs/htmldocs/smbsh.1.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >smbsh</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBSH">smbsh</H1
+NAME="SMBSH.1"
+></A
+>smbsh</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -29,13 +30,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbsh</B
-> [-W workgroup] [-U username] [-P prefix] [-R &#60;name resolve order&#62;] [-d &#60;debug level&#62;] [-l logfile] [-L libdir]</P
+>  [-W workgroup] [-U username] [-P prefix] [-R &lt;name resolve order&gt;] [-d &lt;debug level&gt;] [-l logfile] [-L libdir]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -45,10 +48,12 @@ NAME="AEN18"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -74,7 +79,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN28"
+NAME="AEN30"
 ></A
 ><H2
 >OPTIONS</H2
@@ -88,9 +93,12 @@ CLASS="VARIABLELIST"
 ><DD
 ><P
 >Override the default workgroup specified in the 
-		workgroup parameter of the <TT
-CLASS="FILENAME"
->smb.conf</TT
+		workgroup parameter of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file 
 		for this session. This may be needed to connect to some 
 		servers. </P
@@ -112,14 +120,17 @@ CLASS="FILENAME"
 >This option allows
 		the user to set the directory prefix for SMB access. The 
 		default value if this option is not specified is 
-		<I
+		<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >smb</I
+></SPAN
 >.
 		</P
 ></DD
 ><DT
->-R &#60;name resolve order&#62;</DT
+>-R &lt;name resolve order&gt;</DT
 ><DD
 ><P
 >This option is used to determine what naming 
@@ -127,7 +138,7 @@ CLASS="EMPHASIS"
 		host names to IP addresses. The option takes a space-separated 
 		string of different name resolution options.</P
 ><P
->The options are :"lmhosts", "host", "wins" and "bcast". 
+>The options are: "lmhosts", "host", "wins" and "bcast". 
 		They cause names to be resolved as follows :</P
 ><P
 ></P
@@ -137,16 +148,18 @@ CLASS="EMPHASIS"
 ><TT
 CLASS="CONSTANT"
 >lmhosts</TT
-> : 
+>: 
 			Lookup an IP address in the Samba lmhosts file. If the 
 			line in lmhosts has no name type attached to the 
 			NetBIOS name 
-			(see the <A
-HREF="lmhosts.5.html"
-TARGET="_top"
->lmhosts(5)</A
->
-			for details) then any name type matches for lookup.
+			(see the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>lmhosts</SPAN
+>(5)</SPAN
+>	for details) 
+			then any name type matches for lookup.
 			</P
 ></LI
 ><LI
@@ -154,7 +167,7 @@ TARGET="_top"
 ><TT
 CLASS="CONSTANT"
 >host</TT
-> : 
+>: 
 			Do a standard host name to IP address resolution, using
 			the system <TT
 CLASS="FILENAME"
@@ -176,7 +189,7 @@ CLASS="FILENAME"
 ><TT
 CLASS="CONSTANT"
 >wins</TT
-> : 
+>: 
 			Query a name with the IP address listed in the 
 			<TT
 CLASS="PARAMETER"
@@ -193,7 +206,7 @@ CLASS="PARAMETER"
 ><TT
 CLASS="CONSTANT"
 >bcast</TT
-> : 
+>: 
 			Do a broadcast on each of the known local interfaces 
 			listed in the <TT
 CLASS="PARAMETER"
@@ -209,11 +222,19 @@ CLASS="PARAMETER"
 ></UL
 ><P
 >If this parameter is not set then the name resolve order 
-		defined in the <TT
-CLASS="FILENAME"
->smb.conf</TT
+		defined in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file parameter  
-		(name resolve order) will be used. </P
+		(<TT
+CLASS="PARAMETER"
+><I
+>name resolve order</I
+></TT
+>) will be used. </P
 ><P
 >The default order is lmhosts, host, wins, bcast. Without 
 		this parameter or any entry in the <TT
@@ -222,15 +243,17 @@ CLASS="PARAMETER"
 >name resolve order
 		</I
 ></TT
-> parameter of the <TT
-CLASS="FILENAME"
->smb.conf</TT
-> 
-		file, the name resolution methods will be attempted in this 
-		order. </P
+> parameter of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> file, the name resolution methods 
+		will be attempted in this order. </P
 ></DD
 ><DT
->-d &#60;debug level&#62;</DT
+>-d &lt;debug level&gt;</DT
 ><DD
 ><P
 >debug level is an integer from 0 to 10.</P
@@ -239,9 +262,12 @@ CLASS="FILENAME"
 		is zero.</P
 ><P
 >The higher this value, the more detail will be logged
-		about the activities of <B
-CLASS="COMMAND"
->nmblookup</B
+		about the activities of <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmblookup</SPAN
+>(1)</SPAN
 >. At level
 		0, only critical errors and serious warnings will be logged.
 		</P
@@ -284,7 +310,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN91"
+NAME="AEN104"
 ></A
 ><H2
 >EXAMPLES</H2
@@ -297,17 +323,10 @@ CLASS="COMMAND"
 >	smbsh</B
 > from the prompt and enter the username and password 
 	that authenticates you to the machine running the Windows NT 
-	operating system.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
+	operating system.
+<PRE
 CLASS="PROGRAMLISTING"
->	<TT
+><TT
 CLASS="PROMPT"
 >system% </TT
 ><TT
@@ -316,7 +335,7 @@ CLASS="USERINPUT"
 >smbsh</B
 ></TT
 >
-	<TT
+<TT
 CLASS="PROMPT"
 >Username: </TT
 ><TT
@@ -325,7 +344,7 @@ CLASS="USERINPUT"
 >user</B
 ></TT
 >
-	<TT
+<TT
 CLASS="PROMPT"
 >Password: </TT
 ><TT
@@ -333,11 +352,7 @@ CLASS="USERINPUT"
 ><B
 >XXXXXXX</B
 ></TT
->
-	</PRE
-></TD
-></TR
-></TABLE
+></PRE
 ></P
 ><P
 >Any dynamically linked command you execute from 
@@ -357,7 +372,7 @@ CLASS="COMMAND"
 	the  workgroup MYGROUP. The command 
 	<B
 CLASS="COMMAND"
->ls /smb/MYGROUP/&#60;machine-name&#62;</B
+>ls /smb/MYGROUP/&lt;machine-name&gt;</B
 > will show the share 
 	names for that machine. You could then, for example, use the <B
 CLASS="COMMAND"
@@ -374,18 +389,17 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN112"
+NAME="AEN124"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 3.0 of 
-	the Samba suite.</P
+>This man page is correct for version 3.0 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN115"
+NAME="AEN127"
 ></A
 ><H2
 >BUGS</H2
@@ -418,30 +432,29 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN124"
+NAME="AEN136"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->, 
-	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
->
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN130"
+NAME="AEN145"
 ></A
 ><H2
 >AUTHOR</H2
@@ -453,14 +466,14 @@ NAME="AEN130"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbspool.8.html b/docs/htmldocs/smbspool.8.html
index 8dc2fbbd63..b66d08381d 100644
--- a/docs/htmldocs/smbspool.8.html
+++ b/docs/htmldocs/smbspool.8.html
@@ -5,7 +5,7 @@
 >smbspool</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBSPOOL"
+NAME="SMBSPOOL.8"
 ></A
 >smbspool</H1
 ><DIV
@@ -47,10 +47,12 @@ NAME="AEN17"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 >smbspool is a very small print spooling program that 
@@ -87,8 +89,7 @@ CLASS="EMPHASIS"
 ></LI
 ><LI
 ><P
->smb://username:password@workgroup/server/printer
-		</P
+>smb://username:password@workgroup/server/printer</P
 ></LI
 ></UL
 ><P
@@ -112,7 +113,7 @@ CLASS="ENVAR"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN39"
+NAME="AEN41"
 ></A
 ><H2
 >OPTIONS</H2
@@ -161,41 +162,39 @@ NAME="AEN39"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN54"
+NAME="AEN56"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 2.2 of 
-	the Samba suite.</P
+>This man page is correct for version 2.2 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN57"
+NAME="AEN59"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->, 
-	and <A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
->.
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
+>.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN63"
+NAME="AEN68"
 ></A
 ><H2
 >AUTHOR</H2
@@ -213,14 +212,14 @@ CLASS="COMMAND"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbstatus.1.html b/docs/htmldocs/smbstatus.1.html
index fb7e14fadd..47b7ef112f 100644
--- a/docs/htmldocs/smbstatus.1.html
+++ b/docs/htmldocs/smbstatus.1.html
@@ -5,7 +5,7 @@
 >smbstatus</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBSTATUS"
+NAME="SMBSTATUS.1"
 ></A
 >smbstatus</H1
 ><DIV
@@ -47,10 +47,12 @@ NAME="AEN21"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -62,7 +64,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN27"
+NAME="AEN29"
 ></A
 ><H2
 >OPTIONS</H2
@@ -114,13 +116,12 @@ CLASS="VARIABLELIST"
 >-p|--processes</DT
 ><DD
 ><P
->print a list of <A
-HREF="smbd.8.html"
-TARGET="_top"
->		<B
-CLASS="COMMAND"
->smbd(8)</B
-></A
+>print a list of <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > processes and exit. 
 		Useful for scripting.</P
 ></DD
@@ -136,14 +137,12 @@ CLASS="COMMAND"
 ><P
 >The default configuration file name is
 		determined at compile time. The file specified contains the
-		configuration details required by the server. See <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)</TT
->
-		</A
+		configuration details required by the server. See <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > for more information.</P
 ></DD
 ><DT
@@ -164,7 +163,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN75"
+NAME="AEN79"
 ></A
 ><H2
 >VERSION</H2
@@ -175,29 +174,29 @@ NAME="AEN75"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN78"
+NAME="AEN82"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> and
-	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> and <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 >.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN84"
+NAME="AEN91"
 ></A
 ><H2
 >AUTHOR</H2
@@ -209,14 +208,14 @@ NAME="AEN84"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html
index d3215c6901..1eb0017417 100644
--- a/docs/htmldocs/smbtar.1.html
+++ b/docs/htmldocs/smbtar.1.html
@@ -5,7 +5,7 @@
 >smbtar</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBTAR"
+NAME="SMBTAR.1"
 ></A
 >smbtar</H1
 ><DIV
@@ -48,30 +48,30 @@ NAME="AEN26"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbtar</B
 > is a very small shell script on top 
-	of <A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
-> 
-	which dumps SMB shares directly to tape. </P
+	of <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+> which dumps SMB shares directly to tape.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN34"
+NAME="AEN37"
 ></A
 ><H2
 >OPTIONS</H2
@@ -193,11 +193,13 @@ CLASS="PARAMETER"
 ><I
 >-d</I
 ></TT
-> flag of <B
-CLASS="COMMAND"
->smbclient(1)
-		</B
->. </P
+> flag of <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>.</P
 ></DD
 ></DL
 ></DIV
@@ -205,7 +207,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN95"
+NAME="AEN100"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
@@ -222,7 +224,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN99"
+NAME="AEN104"
 ></A
 ><H2
 >BUGS</H2
@@ -236,7 +238,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN103"
+NAME="AEN108"
 ></A
 ><H2
 >CAVEATS</H2
@@ -249,7 +251,7 @@ NAME="AEN103"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN106"
+NAME="AEN111"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -260,21 +262,18 @@ CLASS="emphasis"
 CLASS="EMPHASIS"
 >DIAGNOSTICS</I
 ></SPAN
-> section for the 
-	<A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
-> 
-	</A
+> section for the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
 > command.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN112"
+NAME="AEN118"
 ></A
 ><H2
 >VERSION</H2
@@ -285,38 +284,35 @@ NAME="AEN112"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN115"
+NAME="AEN121"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->, 
-	<A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
->, 
-	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
->,
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN123"
+NAME="AEN133"
 ></A
 ><H2
 >AUTHOR</H2
@@ -342,14 +338,14 @@ TARGET="_top"
 >. Many 
 	thanks to everyone who suggested extensions, improvements, bug 
 	fixes, etc. The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter.</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+	Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/smbumount.8.html b/docs/htmldocs/smbumount.8.html
index 993436f0c6..83041b796c 100644
--- a/docs/htmldocs/smbumount.8.html
+++ b/docs/htmldocs/smbumount.8.html
@@ -5,7 +5,7 @@
 >smbumount</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMBUMOUNT"
+NAME="SMBUMOUNT.8"
 ></A
 >smbumount</H1
 ><DIV
@@ -88,20 +88,18 @@ NAME="AEN23"
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smbmount.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbmount(8)</B
->
-	</A
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbmount</SPAN
+>(8)</SPAN
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN28"
+NAME="AEN29"
 ></A
 ><H2
 >AUTHOR</H2
@@ -134,7 +132,8 @@ TARGET="_top"
 	</P
 ><P
 >The conversion of this manpage for Samba 2.2 was performed 
-	by Gerald Carter</P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+	was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/speed.html b/docs/htmldocs/speed.html
index 1a05706f92..c99a49142c 100644
--- a/docs/htmldocs/speed.html
+++ b/docs/htmldocs/speed.html
@@ -5,8 +5,7 @@
 >Samba performance issues</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -17,8 +16,8 @@ REL="PREVIOUS"
 TITLE="Group mapping HOWTO"
 HREF="groupmapping.html"><LINK
 REL="NEXT"
-TITLE="Appendixes"
-HREF="appendixes.html"></HEAD
+TITLE="Creating Group Profiles"
+HREF="groupprofiles.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
@@ -60,7 +59,7 @@ WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
-HREF="appendixes.html"
+HREF="groupprofiles.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="SPEED">Chapter 22. Samba performance issues</H1
+NAME="SPEED"
+></A
+>Chapter 19. Samba performance issues</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3055">22.1. Comparisons</H1
+NAME="AEN3033"
+></A
+>19.1. Comparisons</H1
 ><P
 >The Samba server uses TCP to talk to the client. Thus if you are
 trying to see if it performs well you should really compare it to
@@ -108,7 +111,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3061">22.2. Socket options</H1
+NAME="AEN3039"
+></A
+>19.2. Socket options</H1
 ><P
 >There are a number of socket options that can greatly affect the
 performance of a TCP based server like Samba.</P
@@ -134,7 +139,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3068">22.3. Read size</H1
+NAME="AEN3046"
+></A
+>19.3. Read size</H1
 ><P
 >The option "read size" affects the overlap of disk reads/writes with
 network reads/writes. If the amount of data being transferred in
@@ -158,7 +165,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3073">22.4. Max xmit</H1
+NAME="AEN3051"
+></A
+>19.4. Max xmit</H1
 ><P
 >At startup the client and server negotiate a "maximum transmit" size,
 which limits the size of nearly all SMB commands. You can set the
@@ -179,7 +188,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3078">22.5. Log level</H1
+NAME="AEN3056"
+></A
+>19.5. Log level</H1
 ><P
 >If you set the log level (also known as "debug level") higher than 2
 then you may suffer a large drop in performance. This is because the
@@ -191,7 +202,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3081">22.6. Read raw</H1
+NAME="AEN3059"
+></A
+>19.6. Read raw</H1
 ><P
 >The "read raw" operation is designed to be an optimised, low-latency
 file read operation. A server may choose to not support it,
@@ -211,7 +224,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3086">22.7. Write raw</H1
+NAME="AEN3064"
+></A
+>19.7. Write raw</H1
 ><P
 >The "write raw" operation is designed to be an optimised, low-latency
 file write operation. A server may choose to not support it,
@@ -226,7 +241,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3090">22.8. Slow Clients</H1
+NAME="AEN3068"
+></A
+>19.8. Slow Clients</H1
 ><P
 >One person has reported that setting the protocol to COREPLUS rather
 than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
@@ -241,7 +258,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3094">22.9. Slow Logins</H1
+NAME="AEN3072"
+></A
+>19.9. Slow Logins</H1
 ><P
 >Slow logins are almost always due to the password checking time. Using
 the lowest practical "password level" will improve things a lot. You
@@ -252,7 +271,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3097">22.10. Client tuning</H1
+NAME="AEN3075"
+></A
+>19.10. Client tuning</H1
 ><P
 >Often a speed problem can be traced to the client. The client (for
 example Windows for Workgroups) can often be tuned for better TCP
@@ -386,7 +407,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="appendixes.html"
+HREF="groupprofiles.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -410,7 +431,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Appendixes</TD
+>Creating Group Profiles</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html
index f101a7bc26..0c65e7b1d6 100644
--- a/docs/htmldocs/swat.8.html
+++ b/docs/htmldocs/swat.8.html
@@ -5,7 +5,7 @@
 >swat</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SWAT"
+NAME="SWAT.8"
 ></A
 >swat</H1
 ><DIV
@@ -47,23 +47,24 @@ NAME="AEN13"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >swat</B
 > allows a Samba administrator to 
-	configure the complex <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->	smb.conf(5)</TT
-></A
+	configure the complex <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file via a Web browser. In addition, 
 	a <B
 CLASS="COMMAND"
@@ -86,7 +87,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN26"
+NAME="AEN29"
 ></A
 ><H2
 >OPTIONS</H2
@@ -101,11 +102,14 @@ CLASS="VARIABLELIST"
 ><P
 >The default configuration file path is 
 		determined at compile time.  The file specified contains 
-		the configuration details required by the <B
-CLASS="COMMAND"
->smbd
-		</B
-> server. This is the file that <B
+		the configuration details required by the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+> server. This is the file 
+		that <B
 CLASS="COMMAND"
 >swat</B
 > will modify. 
@@ -147,7 +151,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN44"
+NAME="AEN49"
 ></A
 ><H2
 >INSTALLATION</H2
@@ -181,7 +185,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT2"
 ><A
-NAME="AEN56"
+NAME="AEN61"
 ></A
 ><H3
 >Inetd Installation</H3
@@ -254,7 +258,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT2"
 ><A
-NAME="AEN78"
+NAME="AEN83"
 ></A
 ><H3
 >Launching</H3
@@ -271,7 +275,7 @@ NAME="AEN78"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN82"
+NAME="AEN87"
 ></A
 ><H2
 >FILES</H2
@@ -308,10 +312,12 @@ CLASS="FILENAME"
 ></DT
 ><DD
 ><P
->This is the default location of the <TT
-CLASS="FILENAME"
->smb.conf(5)
-		</TT
+>This is the default location of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > server configuration file that swat edits. Other 
 		common places that systems install this file are <TT
 CLASS="FILENAME"
@@ -329,7 +335,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN103"
+NAME="AEN110"
 ></A
 ><H2
 >WARNINGS</H2
@@ -337,10 +343,12 @@ NAME="AEN103"
 ><B
 CLASS="COMMAND"
 >swat</B
-> will rewrite your <TT
-CLASS="FILENAME"
->smb.conf
-	</TT
+> will rewrite your <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file. It will rearrange the entries and delete all 
 	comments, <TT
 CLASS="PARAMETER"
@@ -361,18 +369,17 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN111"
+NAME="AEN120"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 2.2 of 
-	the Samba suite.</P
+>This man page is correct for version 2.2 of the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN114"
+NAME="AEN123"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -380,26 +387,24 @@ NAME="AEN114"
 ><B
 CLASS="COMMAND"
 >inetd(5)</B
->,
-	<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->, 
-	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
->
-	</P
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN121"
+NAME="AEN133"
 ></A
 ><H2
 >AUTHOR</H2
@@ -411,14 +416,14 @@ NAME="AEN121"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+	Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html
index baf11bacac..52413a1c27 100644
--- a/docs/htmldocs/testparm.1.html
+++ b/docs/htmldocs/testparm.1.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >testparm</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="TESTPARM">testparm</H1
+NAME="TESTPARM.1"
+></A
+>testparm</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -29,13 +30,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >testparm</B
-> [-s] [-h] [-v] [-L &#60;servername&#62;] [-t &#60;encoding&#62;] {config filename} [hostname hostIP]</P
+>  [-s] [-h] [-v] [-L &lt;servername&gt;] [-t &lt;encoding&gt;] {config filename} [hostname hostIP]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -45,19 +48,24 @@ NAME="AEN18"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >testparm</B
 > is a very simple test program 
-	to check an <B
-CLASS="COMMAND"
->smbd</B
+	to check an <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > configuration file for 
 	internal correctness. If this program reports no problems, you 
 	can use the configuration file with confidence that <B
@@ -66,9 +74,12 @@ CLASS="COMMAND"
 	</B
 > will successfully load the configuration file.</P
 ><P
->Note that this is <I
+>Note that this is <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >NOT</I
+></SPAN
 > a guarantee that 
 	the services specified in the configuration file will be 
 	available or will operate as expected. </P
@@ -94,7 +105,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN33"
+NAME="AEN37"
 ></A
 ><H2
 >OPTIONS</H2
@@ -138,12 +149,13 @@ CLASS="REPLACEABLE"
 ><DD
 ><P
 >If this option is specified, testparm 
-		will also output all options that were not used in 
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
-> and are thus set to
-		their defaults.</P
+		will also output all options that were not used in <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> and are thus set to their defaults.</P
 ></DD
 ><DT
 >-t encoding</DT
@@ -158,9 +170,12 @@ CLASS="FILENAME"
 ><P
 >This is the name of the configuration file 
 		to check. If this parameter is not present then the 
-		default <TT
-CLASS="FILENAME"
->smb.conf</TT
+		default <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file will be checked. 	
 		</P
 ></DD
@@ -184,9 +199,12 @@ CLASS="PARAMETER"
 >hosts deny</I
 ></TT
 > 
-		parameters in the <TT
-CLASS="FILENAME"
->smb.conf</TT
+		parameters in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file to 
 		determine if the hostname with this IP address would be
 		allowed access to the <B
@@ -210,7 +228,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN77"
+NAME="AEN87"
 ></A
 ><H2
 >FILES</H2
@@ -220,16 +238,22 @@ NAME="AEN77"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
-><TT
-CLASS="FILENAME"
->smb.conf</TT
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 ></DT
 ><DD
 ><P
 >This is usually the name of the configuration 
-		file used by <B
-CLASS="COMMAND"
->smbd</B
+		file used by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 >. 
 		</P
 ></DD
@@ -239,7 +263,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN86"
+NAME="AEN100"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -253,7 +277,7 @@ NAME="AEN86"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN89"
+NAME="AEN103"
 ></A
 ><H2
 >VERSION</H2
@@ -264,33 +288,29 @@ NAME="AEN89"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN92"
+NAME="AEN106"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)</TT
-></A
->, 
-	<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->
-	</P
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN99"
+NAME="AEN115"
 ></A
 ><H2
 >AUTHOR</H2
@@ -302,14 +322,14 @@ NAME="AEN99"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/testprns.1.html b/docs/htmldocs/testprns.1.html
index 0225aad9d5..07513566af 100644
--- a/docs/htmldocs/testprns.1.html
+++ b/docs/htmldocs/testprns.1.html
@@ -5,7 +5,7 @@
 >testprns</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="TESTPRNS"
+NAME="TESTPRNS.1"
 ></A
 >testprns</H1
 ><DIV
@@ -47,10 +47,12 @@ NAME="AEN13"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -58,14 +60,13 @@ CLASS="COMMAND"
 >testprns</B
 > is a very simple test program 
 	to determine whether a given printer name is valid for use in 
-	a service to be provided by <A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->	smbd(8)</B
-></A
->. </P
+	a service to be provided by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>.</P
 ><P
 >"Valid" in this context means "can be found in the 
 	printcap specified". This program is very stupid - so stupid in 
@@ -75,7 +76,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN22"
+NAME="AEN25"
 ></A
 ><H2
 >OPTIONS</H2
@@ -103,10 +104,12 @@ CLASS="COMMAND"
 		<B
 CLASS="COMMAND"
 >testprns</B
-> finds the printer then 
-		<B
-CLASS="COMMAND"
->smbd</B
+> finds the printer then <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
 > should do so as well. </P
 ></DD
 ><DT
@@ -129,7 +132,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN39"
+NAME="AEN44"
 ></A
 ><H2
 >FILES</H2
@@ -158,7 +161,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN48"
+NAME="AEN53"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -186,7 +189,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN55"
+NAME="AEN60"
 ></A
 ><H2
 >VERSION</H2
@@ -197,7 +200,7 @@ NAME="AEN55"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN58"
+NAME="AEN63"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -206,28 +209,24 @@ NAME="AEN58"
 CLASS="FILENAME"
 >printcap(5)</TT
 >, 
-	<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->, 
-	<A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
->
-	</P
+	<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbd</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smbclient</SPAN
+>(1)</SPAN
+></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN66"
+NAME="AEN73"
 ></A
 ><H2
 >AUTHOR</H2
@@ -239,14 +238,14 @@ NAME="AEN66"
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
-	<A
+	excellent piece of Open Source software, available at <A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/type.html b/docs/htmldocs/type.html
index e3f09acc18..be7e722b2e 100644
--- a/docs/htmldocs/type.html
+++ b/docs/htmldocs/type.html
@@ -5,14 +5,13 @@
 >Type of installation</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="PREVIOUS"
-TITLE="LanMan and NT Password Encryption in Samba"
-HREF="pwencrypt.html"><LINK
+TITLE="User information database"
+HREF="passdb.html"><LINK
 REL="NEXT"
 TITLE="User and Share security level (for servers not in a domain)"
 HREF="securitylevels.html"></HEAD
@@ -43,7 +42,7 @@ WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
-HREF="pwencrypt.html"
+HREF="passdb.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -69,7 +68,9 @@ WIDTH="100%"></DIV
 ><DIV
 CLASS="PART"
 ><A
-NAME="TYPE"><DIV
+NAME="TYPE"
+></A
+><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
@@ -77,7 +78,9 @@ CLASS="TITLE"
 ><DIV
 CLASS="PARTINTRO"
 ><A
-NAME="AEN531"><H1
+NAME="AEN678"
+></A
+><H1
 >Introduction</H1
 ><P
 >Samba can operate in various SMB networks. This part contains information on configuring samba 
@@ -91,233 +94,238 @@ CLASS="TOC"
 >Table of Contents</B
 ></DT
 ><DT
->5. <A
+>4. <A
 HREF="securitylevels.html"
 >User and Share security level (for servers not in a domain)</A
 ></DT
 ><DT
->6. <A
+>5. <A
 HREF="samba-pdc.html"
->How to Configure Samba as a NT4 Primary Domain Controller</A
+>Samba as a NT4 or Win2k Primary Domain Controller</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.1. <A
-HREF="samba-pdc.html#AEN575"
+>5.1. <A
+HREF="samba-pdc.html#AEN722"
 >Prerequisite Reading</A
 ></DT
 ><DT
->6.2. <A
-HREF="samba-pdc.html#AEN581"
+>5.2. <A
+HREF="samba-pdc.html#AEN728"
 >Background</A
 ></DT
 ><DT
->6.3. <A
-HREF="samba-pdc.html#AEN620"
+>5.3. <A
+HREF="samba-pdc.html#AEN767"
 >Configuring the Samba Domain Controller</A
 ></DT
 ><DT
->6.4. <A
-HREF="samba-pdc.html#AEN663"
+>5.4. <A
+HREF="samba-pdc.html#AEN810"
 >Creating Machine Trust Accounts and Joining Clients to the
 Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.4.1. <A
-HREF="samba-pdc.html#AEN682"
+>5.4.1. <A
+HREF="samba-pdc.html#AEN829"
 >Manual Creation of Machine Trust Accounts</A
 ></DT
 ><DT
->6.4.2. <A
-HREF="samba-pdc.html#AEN723"
+>5.4.2. <A
+HREF="samba-pdc.html#AEN870"
 >"On-the-Fly" Creation of Machine Trust Accounts</A
 ></DT
 ><DT
->6.4.3. <A
-HREF="samba-pdc.html#AEN732"
+>5.4.3. <A
+HREF="samba-pdc.html#AEN879"
 >Joining the Client to the Domain</A
 ></DT
 ></DL
 ></DD
 ><DT
->6.5. <A
-HREF="samba-pdc.html#AEN747"
+>5.5. <A
+HREF="samba-pdc.html#AEN894"
 >Common Problems and Errors</A
 ></DT
 ><DT
->6.6. <A
-HREF="samba-pdc.html#AEN795"
+>5.6. <A
+HREF="samba-pdc.html#AEN942"
 >System Policies and Profiles</A
 ></DT
 ><DT
->6.7. <A
-HREF="samba-pdc.html#AEN839"
+>5.7. <A
+HREF="samba-pdc.html#AEN986"
 >What other help can I get?</A
 ></DT
 ><DT
->6.8. <A
-HREF="samba-pdc.html#AEN953"
+>5.8. <A
+HREF="samba-pdc.html#AEN1100"
 >Domain Control for Windows 9x/ME</A
 ></DT
 ><DD
 ><DL
 ><DT
->6.8.1. <A
-HREF="samba-pdc.html#AEN979"
+>5.8.1. <A
+HREF="samba-pdc.html#AEN1126"
 >Configuration Instructions:	Network Logons</A
 ></DT
 ><DT
->6.8.2. <A
-HREF="samba-pdc.html#AEN998"
+>5.8.2. <A
+HREF="samba-pdc.html#AEN1145"
 >Configuration Instructions:	Setting up Roaming User Profiles</A
 ></DT
 ></DL
 ></DD
 ><DT
->6.9. <A
-HREF="samba-pdc.html#AEN1091"
->DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+>5.9. <A
+HREF="samba-pdc.html#AEN1238"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &amp; Samba</A
 ></DT
 ></DL
 ></DD
 ><DT
->7. <A
+>6. <A
 HREF="samba-bdc.html"
 >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.1. <A
-HREF="samba-bdc.html#AEN1127"
+>6.1. <A
+HREF="samba-bdc.html#AEN1274"
 >Prerequisite Reading</A
 ></DT
 ><DT
->7.2. <A
-HREF="samba-bdc.html#AEN1131"
+>6.2. <A
+HREF="samba-bdc.html#AEN1278"
 >Background</A
 ></DT
 ><DT
->7.3. <A
-HREF="samba-bdc.html#AEN1139"
+>6.3. <A
+HREF="samba-bdc.html#AEN1286"
 >What qualifies a Domain Controller on the network?</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.3.1. <A
-HREF="samba-bdc.html#AEN1142"
+>6.3.1. <A
+HREF="samba-bdc.html#AEN1289"
 >How does a Workstation find its domain controller?</A
 ></DT
 ><DT
->7.3.2. <A
-HREF="samba-bdc.html#AEN1145"
+>6.3.2. <A
+HREF="samba-bdc.html#AEN1292"
 >When is the PDC needed?</A
 ></DT
 ></DL
 ></DD
 ><DT
->7.4. <A
-HREF="samba-bdc.html#AEN1148"
->Can Samba be a Backup Domain Controller?</A
+>6.4. <A
+HREF="samba-bdc.html#AEN1295"
+>Can Samba be a Backup Domain Controller to an NT PDC?</A
 ></DT
 ><DT
->7.5. <A
-HREF="samba-bdc.html#AEN1152"
+>6.5. <A
+HREF="samba-bdc.html#AEN1300"
 >How do I set up a Samba BDC?</A
 ></DT
 ><DD
 ><DL
 ><DT
->7.5.1. <A
-HREF="samba-bdc.html#AEN1169"
+>6.5.1. <A
+HREF="samba-bdc.html#AEN1317"
 >How do I replicate the smbpasswd file?</A
 ></DT
+><DT
+>6.5.2. <A
+HREF="samba-bdc.html#AEN1321"
+>Can I do this all with LDAP?</A
+></DT
 ></DL
 ></DD
 ></DL
 ></DD
 ><DT
->8. <A
+>7. <A
 HREF="ads.html"
 >Samba as a ADS domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->8.1. <A
-HREF="ads.html#AEN1187"
+>7.1. <A
+HREF="ads.html#AEN1339"
 >Installing the required packages for Debian</A
 ></DT
 ><DT
->8.2. <A
-HREF="ads.html#AEN1193"
+>7.2. <A
+HREF="ads.html#AEN1346"
 >Installing the required packages for RedHat</A
 ></DT
 ><DT
->8.3. <A
-HREF="ads.html#AEN1202"
+>7.3. <A
+HREF="ads.html#AEN1356"
 >Compile Samba</A
 ></DT
 ><DT
->8.4. <A
-HREF="ads.html#AEN1217"
+>7.4. <A
+HREF="ads.html#AEN1371"
 >Setup your /etc/krb5.conf</A
 ></DT
 ><DT
->8.5. <A
-HREF="ads.html#AEN1227"
+>7.5. <A
+HREF="ads.html#AEN1381"
 >Create the computer account</A
 ></DT
 ><DD
 ><DL
 ><DT
->8.5.1. <A
-HREF="ads.html#AEN1231"
+>7.5.1. <A
+HREF="ads.html#AEN1385"
 >Possible errors</A
 ></DT
 ></DL
 ></DD
 ><DT
->8.6. <A
-HREF="ads.html#AEN1243"
+>7.6. <A
+HREF="ads.html#AEN1393"
 >Test your server setup</A
 ></DT
 ><DT
->8.7. <A
-HREF="ads.html#AEN1248"
+>7.7. <A
+HREF="ads.html#AEN1398"
 >Testing with smbclient</A
 ></DT
 ><DT
->8.8. <A
-HREF="ads.html#AEN1251"
+>7.8. <A
+HREF="ads.html#AEN1401"
 >Notes</A
 ></DT
 ></DL
 ></DD
 ><DT
->9. <A
+>8. <A
 HREF="domain-security.html"
->Samba as a NT4 domain member</A
+>Samba as a NT4 or Win2k domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
->9.1. <A
-HREF="domain-security.html#AEN1273"
->Joining an NT Domain with Samba 2.2</A
+>8.1. <A
+HREF="domain-security.html#AEN1423"
+>Joining an NT Domain with Samba 3.0</A
 ></DT
 ><DT
->9.2. <A
-HREF="domain-security.html#AEN1337"
+>8.2. <A
+HREF="domain-security.html#AEN1478"
 >Samba and Windows 2000 Domains</A
 ></DT
 ><DT
->9.3. <A
-HREF="domain-security.html#AEN1342"
+>8.3. <A
+HREF="domain-security.html#AEN1481"
 >Why is this better than security = server?</A
 ></DT
 ></DL
@@ -342,7 +350,7 @@ WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
-HREF="pwencrypt.html"
+HREF="passdb.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -370,7 +378,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->LanMan and NT Password Encryption in Samba</TD
+>User information database</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
diff --git a/docs/htmldocs/unix-permissions.html b/docs/htmldocs/unix-permissions.html
index f29d450e6d..71198ecaa6 100644
--- a/docs/htmldocs/unix-permissions.html
+++ b/docs/htmldocs/unix-permissions.html
@@ -5,8 +5,7 @@
 >UNIX Permission Bits and Windows NT Access Control Lists</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -74,13 +73,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="UNIX-PERMISSIONS">Chapter 11. UNIX Permission Bits and Windows NT Access Control Lists</H1
+NAME="UNIX-PERMISSIONS"
+></A
+>Chapter 10. UNIX Permission Bits and Windows NT Access Control Lists</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1605">11.1. Viewing and changing UNIX permissions using the NT 
+NAME="AEN1744"
+></A
+>10.1. Viewing and changing UNIX permissions using the NT 
 	security dialogs</H1
 ><P
 >New in the Samba 2.0.4 release is the ability for Windows 
@@ -91,33 +94,15 @@ NAME="AEN1605">11.1. Viewing and changing UNIX permissions using the NT
 	the security of the UNIX host Samba is running on, and 
 	still obeys all the file permission rules that a Samba 
 	administrator can set.</P
-><P
->In Samba 2.0.4 and above the default value of the 
-	parameter <A
-HREF="smb.conf.5.html#NTACLSUPPORT"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->	nt acl support</I
-></TT
-></A
-> has been changed from 
-	<TT
-CLASS="CONSTANT"
->false</TT
-> to <TT
-CLASS="CONSTANT"
->true</TT
->, so 
- 	manipulation of permissions is turned on by default.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1614">11.2. How to view file security on a Samba share</H1
+NAME="AEN1748"
+></A
+>10.2. How to view file security on a Samba share</H1
 ><P
 >From an NT 4.0 client, single-click with the right 
 	mouse button on any file or directory in a Samba mounted 
@@ -185,7 +170,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1625">11.3. Viewing file ownership</H1
+NAME="AEN1759"
+></A
+>10.3. Viewing file ownership</H1
 ><P
 >Clicking on the <B
 CLASS="COMMAND"
@@ -277,7 +264,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1645">11.4. Viewing file or directory permissions</H1
+NAME="AEN1779"
+></A
+>10.4. Viewing file or directory permissions</H1
 ><P
 >The third button is the <B
 CLASS="COMMAND"
@@ -337,7 +326,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1660">11.4.1. File Permissions</H2
+NAME="AEN1794"
+></A
+>10.4.1. File Permissions</H2
 ><P
 >The standard UNIX user/group/world triple and 
 		the corresponding "read", "write", "execute" permissions 
@@ -397,7 +388,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1674">11.4.2. Directory Permissions</H2
+NAME="AEN1808"
+></A
+>10.4.2. Directory Permissions</H2
 ><P
 >Directories on an NT NTFS file system have two 
 		different sets of permissions. The first set of permissions 
@@ -427,7 +420,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1681">11.5. Modifying file or directory permissions</H1
+NAME="AEN1815"
+></A
+>10.5. Modifying file or directory permissions</H1
 ><P
 >Modifying file and directory permissions is as simple 
 	as changing the displayed permissions in the dialog box, and 
@@ -523,7 +518,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1703">11.6. Interaction with the standard Samba create mask 
+NAME="AEN1837"
+></A
+>10.6. Interaction with the standard Samba create mask 
 	parameters</H1
 ><P
 >Note that with Samba 2.0.5 there are four new parameters 
@@ -798,7 +795,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1767">11.7. Interaction with the standard Samba file attribute 
+NAME="AEN1901"
+></A
+>10.7. Interaction with the standard Samba file attribute 
 	mapping</H1
 ><P
 >Samba maps some of the DOS attribute bits (such as "read 
diff --git a/docs/htmldocs/vfs.html b/docs/htmldocs/vfs.html
index 11934ae47c..0e39297ebb 100644
--- a/docs/htmldocs/vfs.html
+++ b/docs/htmldocs/vfs.html
@@ -5,8 +5,7 @@
 >Stackable VFS modules</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -14,11 +13,11 @@ REL="UP"
 TITLE="Optional configuration"
 HREF="optional.html"><LINK
 REL="PREVIOUS"
-TITLE="Passdb XML plugin"
-HREF="pdb-xml.html"><LINK
+TITLE="Improved browsing in samba"
+HREF="improved-browsing.html"><LINK
 REL="NEXT"
-TITLE="Storing Samba's User/Machine Account information in an LDAP Directory"
-HREF="samba-ldap-howto.html"></HEAD
+TITLE="Access Samba source code via CVS"
+HREF="cvs-access.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
@@ -46,7 +45,7 @@ WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
-HREF="pdb-xml.html"
+HREF="improved-browsing.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -60,7 +59,7 @@ WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
-HREF="samba-ldap-howto.html"
+HREF="cvs-access.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="VFS">Chapter 18. Stackable VFS modules</H1
+NAME="VFS"
+></A
+>Chapter 16. Stackable VFS modules</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2640">18.1. Introduction and configuration</H1
+NAME="AEN2855"
+></A
+>16.1. Introduction and configuration</H1
 ><P
 >Since samba 3.0, samba supports stackable VFS(Virtual File System) modules.  
 Samba passes each request to access the unix file system thru the loaded VFS modules. 
@@ -118,13 +121,17 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2649">18.2. Included modules</H1
+NAME="AEN2864"
+></A
+>16.2. Included modules</H1
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2651">18.2.1. audit</H2
+NAME="AEN2866"
+></A
+>16.2.1. audit</H2
 ><P
 >A simple module to audit file access to the syslog
 facility.  The following operations are logged:
@@ -160,7 +167,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2659">18.2.2. recycle</H2
+NAME="AEN2874"
+></A
+>16.2.2. recycle</H2
 ><P
 >A recycle-bin like modules. When used any unlink call
 will be intercepted and files moved to the recycle
@@ -229,7 +238,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2696">18.2.3. netatalk</H2
+NAME="AEN2911"
+></A
+>16.2.3. netatalk</H2
 ><P
 >A netatalk module, that will ease co-existence of samba and
 netatalk file sharing services.</P
@@ -260,7 +271,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2703">18.3. VFS modules available elsewhere</H1
+NAME="AEN2918"
+></A
+>16.3. VFS modules available elsewhere</H1
 ><P
 >This section contains a listing of various other VFS modules that 
 have been posted but don't currently reside in the Samba CVS 
@@ -274,7 +287,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2707">18.3.1. DatabaseFS</H2
+NAME="AEN2922"
+></A
+>16.3.1. DatabaseFS</H2
 ><P
 >URL: <A
 HREF="http://www.css.tayloru.edu/~elorimer/databasefs/index.php"
@@ -306,7 +321,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2715">18.3.2. vscan</H2
+NAME="AEN2930"
+></A
+>16.3.2. vscan</H2
 ><P
 >URL: <A
 HREF="http://www.openantivirus.org/"
@@ -338,7 +355,7 @@ WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
-HREF="pdb-xml.html"
+HREF="improved-browsing.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
@@ -356,7 +373,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="samba-ldap-howto.html"
+HREF="cvs-access.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -366,7 +383,7 @@ ACCESSKEY="N"
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
->Passdb XML plugin</TD
+>Improved browsing in samba</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
@@ -380,7 +397,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Storing Samba's User/Machine Account information in an LDAP Directory</TD
+>Access Samba source code via CVS</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/vfstest.1.html b/docs/htmldocs/vfstest.1.html
index 1fd7880805..56c409288a 100644
--- a/docs/htmldocs/vfstest.1.html
+++ b/docs/htmldocs/vfstest.1.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >vfstest</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="VFSTEST">vfstest</H1
+NAME="VFSTEST.1"
+></A
+>vfstest</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -28,13 +29,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >vfstest</B
-> [-d debuglevel] [-c command] [-l logfile] [-h]</P
+>  [-d debuglevel] [-c command] [-l logfile] [-h]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -44,10 +47,12 @@ NAME="AEN15"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -62,7 +67,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN21"
+NAME="AEN23"
 ></A
 ><H2
 >OPTIONS</H2
@@ -144,14 +149,17 @@ CLASS="CONSTANT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN48"
+NAME="AEN50"
 ></A
 ><H2
 >COMMANDS</H2
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >VFS COMMANDS</I
+></SPAN
 ></P
 ><P
 ></P
@@ -160,14 +168,14 @@ CLASS="EMPHASIS"
 ><P
 ><B
 CLASS="COMMAND"
->load &#60;module.so&#62;</B
+>load &lt;module.so&gt;</B
 > - Load specified VFS module </P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
->populate &#60;char&#62; &#60;size&#62;</B
+>populate &lt;char&gt; &lt;size&gt;</B
 > - Populate a data buffer with the specified data
 		</P
 ></LI
@@ -175,7 +183,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->showdata [&#60;offset&#62; &#60;len&#62;]</B
+>showdata [&lt;offset&gt; &lt;len&gt;]</B
 > - Show data currently in data buffer
 		</P
 ></LI
@@ -412,9 +420,12 @@ CLASS="COMMAND"
 ></LI
 ></UL
 ><P
+><SPAN
+CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >GENERAL COMMANDS</I
+></SPAN
 ></P
 ><P
 ></P
@@ -423,21 +434,21 @@ CLASS="EMPHASIS"
 ><P
 ><B
 CLASS="COMMAND"
->conf &#60;smb.conf&#62;</B
+>conf &lt;smb.conf&gt;</B
 > - Load a different configuration file</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
->help [&#60;command&#62;]</B
+>help [&lt;command&gt;]</B
 > - Get list of commands or info about specified command</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
->debuglevel &#60;level&#62;</B
+>debuglevel &lt;level&gt;</B
 > - Set debug level</P
 ></LI
 ><LI
@@ -459,7 +470,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN179"
+NAME="AEN181"
 ></A
 ><H2
 >VERSION</H2
@@ -470,7 +481,7 @@ NAME="AEN179"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN182"
+NAME="AEN184"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html
index a8aa065eed..cf46eca0ef 100644
--- a/docs/htmldocs/wbinfo.1.html
+++ b/docs/htmldocs/wbinfo.1.html
@@ -5,7 +5,7 @@
 >wbinfo</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -15,7 +15,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="WBINFO"
+NAME="WBINFO.1"
 ></A
 >wbinfo</H1
 ><DIV
@@ -47,28 +47,32 @@ NAME="AEN27"
 ><H2
 >DESCRIPTION</H2
 ><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This tool is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 >The <B
 CLASS="COMMAND"
 >wbinfo</B
 > program queries and returns information 
-	created and used by the <A
-HREF="winbindd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->	winbindd(8)</B
-></A
+	created and used by the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon. </P
 ><P
->The <B
-CLASS="COMMAND"
->winbindd(8)</B
+>The <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon must be configured 
 	and running for the <B
 CLASS="COMMAND"
@@ -79,7 +83,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN38"
+NAME="AEN43"
 ></A
 ><H2
 >OPTIONS</H2
@@ -93,33 +97,43 @@ CLASS="VARIABLELIST"
 ><DD
 ><P
 >This option will list all users available 
-		in the Windows NT domain for which the <B
-CLASS="COMMAND"
->winbindd(8)
-		</B
+		in the Windows NT domain for which the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon is operating in. Users in all trusted domains 
 		will also be listed.  Note that this operation does not assign 
-		user ids to any users that have not already been seen by 
-		<B
-CLASS="COMMAND"
->winbindd(8)</B
->.</P
+		user ids to any users that have not already been seen by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
+>
+		.</P
 ></DD
 ><DT
 >-g</DT
 ><DD
 ><P
 >This option will list all groups available 
-		in the Windows NT domain for which the <B
-CLASS="COMMAND"
->winbindd(8)
-		</B
+		in the Windows NT domain for which the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > daemon is operating in. Groups in all trusted domains
 		will also be listed.  Note that this operation does not assign 
-		group ids to any groups that have not already been seen by
-		<B
-CLASS="COMMAND"
->winbindd(8)</B
+		group ids to any groups that have not already been 
+		seen by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 >. </P
 ></DD
 ><DT
@@ -132,9 +146,12 @@ CLASS="PARAMETER"
 >-N</I
 ></TT
 > option 
-		queries <B
-CLASS="COMMAND"
->winbindd(8)</B
+		queries <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > to query the WINS
 		server for the IP address associated with the NetBIOS name
 		specified by the <TT
@@ -155,9 +172,12 @@ CLASS="PARAMETER"
 >-I</I
 ></TT
 > option 
-		queries <B
-CLASS="COMMAND"
->winbindd(8)</B
+		queries <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > to send a node status
 		request to get the NetBIOS name associated with the IP address
 		specified by the <TT
@@ -178,22 +198,28 @@ CLASS="PARAMETER"
 >-n</I
 ></TT
 > option 
-		queries <B
-CLASS="COMMAND"
->winbindd(8)</B
+		queries <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > for the SID 		
 		associated with the name specified. Domain names can be specified 
 		before the user name by using the winbind separator character.  
 		For example CWDOM1/Administrator refers to the Administrator
 		user in the domain CWDOM1.  If no domain is specified then the 
-		domain used is the one specified in the <TT
-CLASS="FILENAME"
->smb.conf</TT
->
-		<TT
+		domain used is the one specified in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+>	<TT
 CLASS="PARAMETER"
 ><I
->workgroup</I
+>workgroup
+		</I
 ></TT
 > parameter. </P
 ></DD
@@ -238,9 +264,12 @@ CLASS="PARAMETER"
 ><DD
 ><P
 >Convert a SID to a UNIX user id.  If the SID 
-		does not correspond to a UNIX user mapped by <B
-CLASS="COMMAND"
->		winbindd(8)</B
+		does not correspond to a UNIX user mapped by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > then the operation will fail. </P
 ></DD
 ><DT
@@ -248,10 +277,14 @@ CLASS="COMMAND"
 ><DD
 ><P
 >Convert a SID to a UNIX group id.  If the SID 
-		does not correspond to a UNIX group mapped by <B
-CLASS="COMMAND"
->		winbindd(8)</B
-> then the operation will fail. </P
+		does not correspond to a UNIX group mapped by <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
+> then 
+		the operation will fail. </P
 ></DD
 ><DT
 >-t</DT
@@ -266,9 +299,12 @@ CLASS="COMMAND"
 ><DD
 ><P
 >Produce a list of domains trusted by the 
-		Windows NT server <B
-CLASS="COMMAND"
->winbindd(8)</B
+		Windows NT server <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > contacts 
 		when resolving names.  This list does not include the Windows 
 		NT domain the server is a Primary Domain Controller for.
@@ -308,16 +344,18 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN120"
+NAME="AEN147"
 ></A
 ><H2
 >EXIT STATUS</H2
 ><P
 >The wbinfo program returns 0 if the operation 
-	succeeded, or 1 if the operation failed.  If the <B
-CLASS="COMMAND"
->winbindd(8)
-	</B
+	succeeded, or 1 if the operation failed.  If the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 > daemon is not working <B
 CLASS="COMMAND"
 >wbinfo</B
@@ -327,7 +365,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN125"
+NAME="AEN154"
 ></A
 ><H2
 >VERSION</H2
@@ -338,25 +376,23 @@ NAME="AEN125"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN128"
+NAME="AEN157"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
-><A
-HREF="winbindd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->winbindd(8)</B
->
-	</A
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>winbindd</SPAN
+>(8)</SPAN
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN133"
+NAME="AEN163"
 ></A
 ><H2
 >AUTHOR</H2
@@ -376,7 +412,8 @@ CLASS="COMMAND"
 	were written by Tim Potter.</P
 ><P
 >The conversion to DocBook for Samba 2.2 was done 
-	by Gerald Carter</P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
+	3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 1558512a61..d587696817 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -5,8 +5,7 @@
 >Unified Logons between Windows NT and UNIX using Winbind</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -17,8 +16,8 @@ REL="PREVIOUS"
 TITLE="Printing Support"
 HREF="printing.html"><LINK
 REL="NEXT"
-TITLE="Passdb MySQL plugin"
-HREF="pdb-mysql.html"></HEAD
+TITLE="Improved browsing in samba"
+HREF="improved-browsing.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
@@ -60,7 +59,7 @@ WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
-HREF="pdb-mysql.html"
+HREF="improved-browsing.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -73,13 +72,17 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="WINBIND">Chapter 15. Unified Logons between Windows NT and UNIX using Winbind</H1
+NAME="WINBIND"
+></A
+>Chapter 14. Unified Logons between Windows NT and UNIX using Winbind</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2225">15.1. Abstract</H1
+NAME="AEN2360"
+></A
+>14.1. Abstract</H1
 ><P
 >Integration of UNIX and Microsoft Windows NT through 
 	a unified logon has been considered a "holy grail" in heterogeneous 
@@ -104,7 +107,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2229">15.2. Introduction</H1
+NAME="AEN2364"
+></A
+>14.2. Introduction</H1
 ><P
 >It is well known that UNIX and Microsoft Windows NT have 
 	different models for representing user and group information and 
@@ -156,7 +161,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2242">15.3. What Winbind Provides</H1
+NAME="AEN2377"
+></A
+>14.3. What Winbind Provides</H1
 ><P
 >Winbind unifies UNIX and Windows NT account management by 
 	allowing a UNIX box to become a full member of a NT domain. Once 
@@ -196,7 +203,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2249">15.3.1. Target Uses</H2
+NAME="AEN2384"
+></A
+>14.3.1. Target Uses</H2
 ><P
 >Winbind is targeted at organizations that have an 
 		existing NT based domain infrastructure into which they wish 
@@ -218,7 +227,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2253">15.4. How Winbind Works</H1
+NAME="AEN2388"
+></A
+>14.4. How Winbind Works</H1
 ><P
 >The winbind system is designed around a client/server 
 	architecture. A long running <B
@@ -236,9 +247,11 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2258">15.4.1. Microsoft Remote Procedure Calls</H2
+NAME="AEN2393"
+></A
+>14.4.1. Microsoft Remote Procedure Calls</H2
 ><P
->Over the last two years, efforts have been underway 
+>Over the last few years, efforts have been underway 
 		by various Samba Team members to decode various aspects of 
 		the Microsoft Remote Procedure Call (MSRPC) system. This 
 		system is used for most network related operations between 
@@ -260,7 +273,28 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2262">15.4.2. Name Service Switch</H2
+NAME="AEN2397"
+></A
+>14.4.2. Microsoft Active Directory Services</H2
+><P
+>                Since late 2001, Samba has gained the ability to
+                interact with Microsoft Windows 2000 using its 'Native
+                Mode' protocols, rather than the NT4 RPC services.
+                Using LDAP and Kerberos, a domain member running
+                winbind can enumerate users and groups in exactly the
+                same way as a Win2k client would, and in so doing
+                provide a much more efficient and
+                effective winbind implementation.  
+                </P
+></DIV
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN2400"
+></A
+>14.4.3. Name Service Switch</H2
 ><P
 >The Name Service Switch, or NSS, is a feature that is 
 		present in many UNIX operating systems. It allows system 
@@ -338,7 +372,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2278">15.4.3. Pluggable Authentication Modules</H2
+NAME="AEN2416"
+></A
+>14.4.4. Pluggable Authentication Modules</H2
 ><P
 >Pluggable Authentication Modules, also known as PAM, 
 		is a system for abstracting authentication and authorization 
@@ -385,7 +421,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2286">15.4.4. User and Group ID Allocation</H2
+NAME="AEN2424"
+></A
+>14.4.5. User and Group ID Allocation</H2
 ><P
 >When a user or group is created under Windows NT 
 		is it allocated a numerical relative identifier (RID). This is 
@@ -409,7 +447,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2290">15.4.5. Result Caching</H2
+NAME="AEN2428"
+></A
+>14.4.6. Result Caching</H2
 ><P
 >An active system can generate a lot of user and group 
 		name lookups. To reduce the network cost of these lookups winbind 
@@ -430,7 +470,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2293">15.5. Installation and Configuration</H1
+NAME="AEN2431"
+></A
+>14.5. Installation and Configuration</H1
 ><P
 >Many thanks to John Trostel <A
 HREF="mailto:jtrostel@snapserver.com"
@@ -455,7 +497,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2300">15.5.1. Introduction</H2
+NAME="AEN2438"
+></A
+>14.5.1. Introduction</H2
 ><P
 >This HOWTO describes the procedures used to get winbind up and 
 running on my RedHat 7.1 system.  Winbind is capable of providing access 
@@ -512,7 +556,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2313">15.5.2. Requirements</H2
+NAME="AEN2451"
+></A
+>14.5.2. Requirements</H2
 ><P
 >If you have a samba configuration file that you are currently 
 using... <SPAN
@@ -580,7 +626,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2327">15.5.3. Testing Things Out</H2
+NAME="AEN2465"
+></A
+>14.5.3. Testing Things Out</H2
 ><P
 >Before starting, it is probably best to kill off all the SAMBA 
 related daemons running on your server.  Kill off all <B
@@ -623,7 +671,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2338">15.5.3.1. Configure and compile SAMBA</H3
+NAME="AEN2476"
+></A
+>14.5.3.1. Configure and compile SAMBA</H3
 ><P
 >The configuration and compilation of SAMBA is pretty straightforward.
 The first three steps may not be necessary depending upon
@@ -657,7 +707,7 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->./configure --with-winbind</B
+>./configure</B
 >
 <TT
 CLASS="PROMPT"
@@ -687,7 +737,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2357">15.5.3.2. Configure <TT
+NAME="AEN2495"
+></A
+>14.5.3.2. Configure <TT
 CLASS="FILENAME"
 >nsswitch.conf</TT
 > and the 
@@ -790,7 +842,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2390">15.5.3.3. Configure smb.conf</H3
+NAME="AEN2528"
+></A
+>14.5.3.3. Configure smb.conf</H3
 ><P
 >Several parameters are needed in the smb.conf file to control 
 the behavior of <B
@@ -815,7 +869,7 @@ include the following entries in the [global] section:</P
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
-     &#60;...&#62;
+     &lt;...&gt;
      # separate domain and username with '+', like DOMAIN+username
      <A
 HREF="winbindd.8.html#WINBINDSEPARATOR"
@@ -863,7 +917,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2406">15.5.3.4. Join the SAMBA server to the PDC domain</H3
+NAME="AEN2544"
+></A
+>14.5.3.4. Join the SAMBA server to the PDC domain</H3
 ><P
 >Enter the following command to make the SAMBA server join the 
 PDC domain, where <TT
@@ -885,7 +941,7 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->/usr/local/samba/bin/net rpc join -S PDC -U Administrator</B
+>/usr/local/samba/bin/net join -S PDC -U Administrator</B
 ></P
 ><P
 >The proper response to the command should be: "Joined the domain 
@@ -907,7 +963,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2417">15.5.3.5. Start up the winbindd daemon and test it!</H3
+NAME="AEN2555"
+></A
+>14.5.3.5. Start up the winbindd daemon and test it!</H3
 ><P
 >Eventually, you will want to modify your smb startup script to 
 automatically invoke the winbindd daemon when the other parts of 
@@ -1028,13 +1086,17 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2453">15.5.3.6. Fix the init.d startup scripts</H3
+NAME="AEN2591"
+></A
+>14.5.3.6. Fix the init.d startup scripts</H3
 ><DIV
 CLASS="SECT4"
 ><H4
 CLASS="SECT4"
 ><A
-NAME="AEN2455">15.5.3.6.1. Linux</H4
+NAME="AEN2593"
+></A
+>14.5.3.6.1. Linux</H4
 ><P
 >The <B
 CLASS="COMMAND"
@@ -1091,7 +1153,7 @@ CLASS="PROGRAMLISTING"
         daemon /usr/local/samba/bin/winbindd
         RETVAL3=$?
         echo
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; touch /var/lock/subsys/smb || \
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &amp;&amp; touch /var/lock/subsys/smb || \
            RETVAL=1
         return $RETVAL
 }</PRE
@@ -1117,7 +1179,7 @@ CLASS="PROGRAMLISTING"
         echo -n $"Shutting down $KIND services: "
         killproc winbindd
         RETVAL3=$?
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; rm -f /var/lock/subsys/smb
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &amp;&amp; rm -f /var/lock/subsys/smb
         echo ""
         return $RETVAL
 }</PRE
@@ -1128,7 +1190,9 @@ CLASS="SECT4"
 ><H4
 CLASS="SECT4"
 ><A
-NAME="AEN2472">15.5.3.6.2. Solaris</H4
+NAME="AEN2610"
+></A
+>14.5.3.6.2. Solaris</H4
 ><P
 >On solaris, you need to modify the 
 <TT
@@ -1157,7 +1221,7 @@ killproc() {            # kill the named process(es)
         pid=`/usr/bin/ps -e |
              /usr/bin/grep -w $1 |
              /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
-        [ "$pid" != "" ] &#38;&#38; kill $pid
+        [ "$pid" != "" ] &amp;&amp; kill $pid
 }
  
 # Start/stop processes required for samba server
@@ -1197,7 +1261,9 @@ CLASS="SECT4"
 ><H4
 CLASS="SECT4"
 ><A
-NAME="AEN2479">15.5.3.6.3. Restarting</H4
+NAME="AEN2617"
+></A
+>14.5.3.6.3. Restarting</H4
 ><P
 >If you restart the <B
 CLASS="COMMAND"
@@ -1219,7 +1285,9 @@ CLASS="SECT3"
 ><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2485">15.5.3.7. Configure Winbind and PAM</H3
+NAME="AEN2623"
+></A
+>14.5.3.7. Configure Winbind and PAM</H3
 ><P
 >If you have made it this far, you know that winbindd and samba are working
 together.  If you want to use winbind to provide authentication for other 
@@ -1275,7 +1343,9 @@ CLASS="SECT4"
 ><H4
 CLASS="SECT4"
 ><A
-NAME="AEN2502">15.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
+NAME="AEN2640"
+></A
+>14.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
 ><P
 >The <TT
 CLASS="FILENAME"
@@ -1402,7 +1472,9 @@ CLASS="SECT4"
 ><H4
 CLASS="SECT4"
 ><A
-NAME="AEN2535">15.5.3.7.2. Solaris-specific configuration</H4
+NAME="AEN2673"
+></A
+>14.5.3.7.2. Solaris-specific configuration</H4
 ><P
 >The /etc/pam.conf needs to be changed. I changed this file so that my Domain
 users can logon both locally as well as telnet.The following are the changes
@@ -1476,7 +1548,7 @@ dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
 >I also added a try_first_pass line after the winbind.so line to get rid of
 annoying double prompts for passwords.</P
 ><P
->Now restart your Samba &#38; try connecting through your application that you
+>Now restart your Samba and try connecting through your application that you
 configured in the pam.conf.</P
 ></DIV
 ></DIV
@@ -1487,7 +1559,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2542">15.6. Limitations</H1
+NAME="AEN2680"
+></A
+>14.6. Limitations</H1
 ><P
 >Winbind has a number of limitations in its current 
 	released version that we hope to overcome in future 
@@ -1498,7 +1572,7 @@ NAME="AEN2542">15.6. Limitations</H1
 ><LI
 ><P
 >Winbind is currently only available for 
-		the Linux operating system, although ports to other operating 
+		the Linux, Solaris and IRIX operating systems, although ports to other operating 
 		systems are certainly possible. For such ports to be feasible, 
 		we require the C library of the target operating system to 
 		support the Name Service Switch and Pluggable Authentication
@@ -1517,7 +1591,8 @@ NAME="AEN2542">15.6. Limitations</H1
 ><P
 >Currently the winbind PAM module does not take 
 		into account possible workstation and logon time restrictions 
-		that may be been set for Windows NT users.</P
+		that may be been set for Windows NT users, this is
+		instead up to the PDC to enforce.</P
 ></LI
 ></UL
 ></DIV
@@ -1526,7 +1601,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2552">15.7. Conclusion</H1
+NAME="AEN2690"
+></A
+>14.7. Conclusion</H1
 ><P
 >The winbind system, through the use of the Name Service 
 	Switch, Pluggable Authentication Modules, and appropriate 
@@ -1570,7 +1647,7 @@ WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
-HREF="pdb-mysql.html"
+HREF="improved-browsing.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
@@ -1594,7 +1671,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Passdb MySQL plugin</TD
+>Improved browsing in samba</TD
 ></TR
 ></TABLE
 ></DIV
diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html
index fb8c9c0458..dba9988e30 100644
--- a/docs/htmldocs/winbindd.8.html
+++ b/docs/htmldocs/winbindd.8.html
@@ -1,12 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >winbindd</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +15,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="WINBINDD">winbindd</H1
+NAME="WINBINDD.8"
+></A
+>winbindd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -29,13 +30,15 @@ NAME="AEN5"
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
-NAME="AEN8"><H2
+NAME="AEN8"
+></A
+><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >winbindd</B
-> [-F] [-S] [-i] [-B] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] [-n]</P
+>  [-F] [-S] [-i] [-B] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-n]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -45,10 +48,12 @@ NAME="AEN18"
 ><H2
 >DESCRIPTION</H2
 ><P
->This program is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
+>This program is part of the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
 > suite.</P
 ><P
 ><B
@@ -166,22 +171,11 @@ CLASS="FILENAME"
 CLASS="FILENAME"
 >/etc/group</TT
 > and then from the 
-	Windows NT server. </P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
+	Windows NT server.
+<PRE
 CLASS="PROGRAMLISTING"
 >passwd:         files winbind
-group:          files winbind
-	</PRE
-></TD
-></TR
-></TABLE
+group:          files winbind</PRE
 ></P
 ><P
 >The following simple configuration in the
@@ -198,7 +192,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN61"
+NAME="AEN62"
 ></A
 ><H2
 >OPTIONS</H2
@@ -310,9 +304,12 @@ CLASS="COMMAND"
 ><DD
 ><P
 >Specifies the location of the all-important
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
+		<SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file. </P
 ></DD
 ></DL
@@ -321,7 +318,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN103"
+NAME="AEN106"
 ></A
 ><H2
 >NAME AND ID RESOLUTION</H2
@@ -352,7 +349,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN109"
+NAME="AEN112"
 ></A
 ><H2
 >CONFIGURATION</H2
@@ -361,10 +358,12 @@ NAME="AEN109"
 CLASS="COMMAND"
 >winbindd</B
 > daemon 
-	is done through configuration parameters in the <TT
-CLASS="FILENAME"
->smb.conf(5)
-	</TT
+	is done through configuration parameters in the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > file.  All parameters should be specified in the 
 	[global] section of smb.conf. </P
 ><P
@@ -492,7 +491,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN151"
+NAME="AEN156"
 ></A
 ><H2
 >EXAMPLE SETUP</H2
@@ -505,60 +504,37 @@ NAME="AEN151"
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
 > put the 
-	following:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
+	following:
+<PRE
 CLASS="PROGRAMLISTING"
 >passwd:     files winbind
-group:      files winbind
-	</PRE
-></TD
-></TR
-></TABLE
+group:      files winbind</PRE
 ></P
 ><P
 >In <TT
 CLASS="FILENAME"
 >/etc/pam.d/*</TT
-> replace the 
-	<TT
+> replace the <TT
 CLASS="PARAMETER"
 ><I
->auth</I
+>	auth</I
 ></TT
-> lines with something like this: </P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
+> lines with something like this:
+<PRE
 CLASS="PROGRAMLISTING"
 >auth       required	/lib/security/pam_securetty.so
 auth       required	/lib/security/pam_nologin.so
 auth       sufficient	/lib/security/pam_winbind.so
-auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
-	</PRE
-></TD
-></TR
-></TABLE
+auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok</PRE
 ></P
 ><P
 >Note in particular the use of the <TT
 CLASS="PARAMETER"
 ><I
->sufficient</I
+>sufficient
+	</I
 ></TT
-> 
-	keyword and the <TT
+> keyword and the <TT
 CLASS="PARAMETER"
 ><I
 >use_first_pass</I
@@ -581,8 +557,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->smbpasswd -j DOMAIN -r PDC -U
-	Administrator</B
+>net join -S PDC -U Administrator</B
 ></P
 ><P
 >The username after the <TT
@@ -592,8 +567,7 @@ CLASS="PARAMETER"
 ></TT
 > can be any
 	Domain user that has administrator privileges on the machine.
-	Substitute your domain name for "DOMAIN" and the name of your PDC
-	for "PDC".</P
+	Substitute the name or IP of your PDC for "PDC".</P
 ><P
 >Next copy <TT
 CLASS="FILENAME"
@@ -604,9 +578,9 @@ CLASS="FILENAME"
 >/lib</TT
 > and <TT
 CLASS="FILENAME"
->pam_winbind.so</TT
->
-	to <TT
+>pam_winbind.so
+	</TT
+> to <TT
 CLASS="FILENAME"
 >/lib/security</TT
 >.  A symbolic link needs to be
@@ -624,19 +598,15 @@ CLASS="FILENAME"
 >/lib/libnss_winbind.so.1</TT
 >.</P
 ><P
->Finally, setup a <TT
-CLASS="FILENAME"
->smb.conf</TT
+>Finally, setup a <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 > containing directives like the 
-	following:  </P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
+	following:
+<PRE
 CLASS="PROGRAMLISTING"
 >[global]
 	winbind separator = +
@@ -647,11 +617,7 @@ CLASS="PROGRAMLISTING"
         winbind gid = 10000-20000
         workgroup = DOMAIN
         security = domain
-        password server = *
-	</PRE
-></TD
-></TR
-></TABLE
+        password server = *</PRE
 ></P
 ><P
 >Now start winbindd and you should find that your user and 
@@ -670,7 +636,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN190"
+NAME="AEN194"
 ></A
 ><H2
 >NOTES</H2
@@ -681,9 +647,12 @@ CLASS="COMMAND"
 >winbindd</B
 >: </P
 ><P
-><B
-CLASS="COMMAND"
->nmbd</B
+><SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>nmbd</SPAN
+>(8)</SPAN
 > must be running on the local machine 
 	for <B
 CLASS="COMMAND"
@@ -691,8 +660,8 @@ CLASS="COMMAND"
 > to work. <B
 CLASS="COMMAND"
 >winbindd</B
->
-	queries the list of trusted domains for the Windows NT server
+> queries
+	the list of trusted domains for the Windows NT server
 	on startup and when a SIGHUP is received.  Thus, for a running <B
 CLASS="COMMAND"
 >	winbindd</B
@@ -728,7 +697,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN206"
+NAME="AEN212"
 ></A
 ><H2
 >SIGNALS</H2
@@ -747,11 +716,14 @@ CLASS="VARIABLELIST"
 >SIGHUP</DT
 ><DD
 ><P
->Reload the <TT
-CLASS="FILENAME"
->smb.conf(5)</TT
->
-		file and apply any parameter changes to the running 
+>Reload the <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
+> file and 
+		apply any parameter changes to the running 
 		version of winbindd.  This signal also clears any cached 
 		user and group information.  The list of other domains trusted 
 		by winbindd is also reloaded.  </P
@@ -779,7 +751,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN223"
+NAME="AEN231"
 ></A
 ><H2
 >FILES</H2
@@ -855,7 +827,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN252"
+NAME="AEN260"
 ></A
 ><H2
 >VERSION</H2
@@ -866,7 +838,7 @@ NAME="AEN252"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN255"
+NAME="AEN263"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -874,27 +846,30 @@ NAME="AEN255"
 ><TT
 CLASS="FILENAME"
 >nsswitch.conf(5)</TT
->,
-	<A
-HREF="samba.7.html"
-TARGET="_top"
->samba(7)</A
->,
-	<A
-HREF="wbinfo.1.html"
-TARGET="_top"
->wbinfo(1)</A
->,
-	<A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>Samba</SPAN
+>(7)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>wbinfo</SPAN
+>(8)</SPAN
+>, <SPAN
+CLASS="CITEREFENTRY"
+><SPAN
+CLASS="REFENTRYTITLE"
+>smb.conf</SPAN
+>(5)</SPAN
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN262"
+NAME="AEN276"
 ></A
 ><H2
 >AUTHOR</H2
@@ -910,11 +885,12 @@ CLASS="COMMAND"
 > and <B
 CLASS="COMMAND"
 >winbindd</B
->
-	were written by Tim Potter.</P
+> were 
+	written by Tim Potter.</P
 ><P
 >The conversion to DocBook for Samba 2.2 was done 
-	by Gerald Carter</P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for
+	Samba 3.0 was done by Alexander Bokovoy.</P
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1
index bb07292623..8a079b2ee4 100644
--- a/docs/manpages/findsmb.1
+++ b/docs/manpages/findsmb.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "FINDSMB" "1" "15 January 2003" "" ""
+.TH "FINDSMB" "1" "28 January 2003" "" ""
+
 .SH NAME
 findsmb \- list info about machines that respond to SMB  name queries on a subnet
 .SH SYNOPSIS
@@ -12,12 +13,15 @@ findsmb \- list info about machines that respond to SMB  name queries on a subne
 
 .SH "DESCRIPTION"
 .PP
-This perl script is part of the  Samba suite.
+This perl script is part of the \fBSamba\fR(7)
+suite.
 .PP
 \fBfindsmb\fR is a perl script that
 prints out several pieces of information about machines 
 on a subnet that respond to SMB  name query requests.
-It uses \fB nmblookup(1)\fR to obtain this information.
+It uses \fBnmblookup\fR(1)
+and \fBsmbclient\fR(1)
+to obtain this information.
 .SH "OPTIONS"
 .TP
 \fB-r\fR
@@ -25,15 +29,16 @@ Controls whether \fBfindsmb\fR takes
 bugs in Windows95 into account when trying to find a Netbios name
 registered of the remote machine. This option is disabled by default
 because it is specific to Windows 95 and Windows 95 machines only. 
-If set, \fBnmblookup\fR
+If set, \fBnmblookup\fR(1)
 will be called with -B option.
 .TP
 \fBsubnet broadcast address\fR
 Without this option, \fBfindsmb
 \fR will probe the subnet of the machine where 
-\fBfindsmb\fR is run. This value is passed 
-to \fBnmblookup\fR as part of the 
--B option.
+\fBfindsmb\fR(1)
+is run. This value is passed to 
+\fBnmblookup\fR(1)
+as part of the -B option.
 .SH "EXAMPLES"
 .PP
 The output of \fBfindsmb\fR lists the following 
@@ -50,15 +55,15 @@ not show any information about the operating system or server
 version.
 .PP
 The command with -r option
-must be run on a system without \fBnmbd\fR running. 
+must be run on a system without \fBnmbd\fR(8) running. 
 If \fBnmbd\fR is running on the system, you will 
 only  get the IP address and the DNS name of the machine. To 
 get proper responses  from Windows 95 and Windows 98 machines, 
 the command must be run as root and with -r
 option on a machine without \fBnmbd\fR running.
 .PP
-For example, running \fBfindsmb\fR without 
--r option set would yield output similar
+For example, running \fBfindsmb\fR 
+without -r option set would yield output similar
 to the following
 
 .nf
@@ -74,7 +79,6 @@ IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION
 192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
 192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
 192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
-	
 .fi
 .SH "VERSION"
 .PP
@@ -82,9 +86,8 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR 
-\fBsmbclient(1)
-\fR and  \fBnmblookup(1)\fR
+\fBnmbd\fR(8),
+\fBsmbclient\fR(1), and \fBnmblookup\fR(1)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -94,7 +97,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) 
+and updated for the Samba 2.0 release by Jeremy Allison.  The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5
index e5443f61e8..72509fa78c 100644
--- a/docs/manpages/lmhosts.5
+++ b/docs/manpages/lmhosts.5
@@ -3,15 +3,16 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "LMHOSTS" "5" "05 November 2002" "" ""
+.TH "LMHOSTS" "5" "28 January 2003" "" ""
+
 .SH NAME
 lmhosts \- The Samba NetBIOS hosts file
 .SH SYNOPSIS
 .PP
-\fIlmhosts\fR is the  Samba NetBIOS name to IP address mapping file.
+\fIlmhosts\fR is the \fBSamba\fR(7) NetBIOS name to IP address mapping file.
 .SH "DESCRIPTION"
 .PP
-This file is part of the  Samba suite.
+This file is part of the \fBSamba\fR(7) suite.
 .PP
 \fIlmhosts\fR is the \fBSamba
 \fR NetBIOS name to IP address mapping file.  It 
@@ -23,7 +24,7 @@ to the NetBIOS naming format.
 It is an ASCII file containing one line for NetBIOS name. 
 The two fields on each line are separated from each other by 
 white space. Any entry beginning with '#' is ignored. Each line 
-in the lmhosts file contains the following information :
+in the lmhosts file contains the following information:
 .TP 0.2i
 \(bu
 IP Address - in dotted decimal format.
@@ -38,8 +39,7 @@ If the trailing '#' is omitted then the given IP
 address will be returned for all names that match the given 
 name, whatever the NetBIOS name type in the lookup.
 .PP
-An example follows :
-.PP
+An example follows:
 
 .nf
 #
@@ -61,16 +61,13 @@ type for a name "NTSERVER" is queried. Any other name type will not
 be resolved.
 .PP
 The default location of the \fIlmhosts\fR file 
-is in the same directory as the    
-smb.conf(5)> file.
+is in the same directory as the \fBsmb.conf\fR(5) file.
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
-the Samba suite.
+This man page is correct for version 3.0 of the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbclient(1)
-\fR and \fB smbpasswd(8)\fR
+\fBsmbclient\fR(1), \fBsmb.conf\fR(5), and \fBsmbpasswd\fR(8)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -83,4 +80,5 @@ The man page sources were converted to YODL format (another
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+XML 4.2 was done by Alexander Bokovoy.
diff --git a/docs/manpages/net.8 b/docs/manpages/net.8
index bf2b13997c..d65a9663f1 100644
--- a/docs/manpages/net.8
+++ b/docs/manpages/net.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "NET" "8" "05 November 2002" "" ""
+.TH "NET" "8" "28 January 2003" "" ""
+
 .SH NAME
 net \- Tool for administration of Samba and remote CIFS servers.
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ net \- Tool for administration of Samba and remote CIFS servers.
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 The samba net utility is meant to work just like the net utility 
 available for windows and DOS.
@@ -22,7 +23,8 @@ available for windows and DOS.
 Display summary of all available options.
 .TP
 \fB-w target-workgroup\fR
-Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
+Sets target workgroup or domain. You have to specify 
+either this option or the IP address or the name of a server.
 .TP
 \fB-W workgroup\fR
 Sets client workgroup or domain
@@ -31,7 +33,8 @@ Sets client workgroup or domain
 User name to use
 .TP
 \fB-I ip-address\fR
-IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
+IP address of target server to use. You have to
+specify either this option or a target workgroup or a target server.
 .TP
 \fB-p port\fR
 Port on the target server to connect to.
@@ -43,7 +46,8 @@ Sets name of the client.
 Specify alternative configuration file that should be loaded.
 .TP
 \fB-S server\fR
-Name of target server. You should specify either this option or a target workgroup or a target IP address.
+Name of target server. You should specify either 
+this option or a target workgroup or a target IP address.
 .TP
 \fB-C comment\fR
 FIXME
@@ -87,11 +91,11 @@ Without any options, the \fBNET TIME\fR command
 displays the time on the remote server.
 .TP
 \fBSYSTEM\fR
-Displays the time on the remote server in a format ready for /bin/date
+Displays the time on the remote server in a format ready for \fB/bin/date\fR
 .TP
 \fBSET\fR
 Tries to set the date and time of the local server to that on 
-the remote server using /bin/date.
+the remote server using \fB/bin/date\fR.
 .TP
 \fBZONE\fR
 Displays the timezone in hours from GMT on the remote computer.
@@ -116,7 +120,7 @@ delete specified user
 \fBUSER INFO <name> [misc options]\fR
 list the domain groups of the specified user
 .TP
-\fBUSER ADD <name> [password] [-F user flags] [misc. options\fR
+\fBUSER ADD <name> [password] [-F user flags] [misc. options]\fR
 Add specified user
 .TP
 \fBGROUP [misc options] [targets]\fR
diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8
index ff98f0ce44..d8bff8bd46 100644
--- a/docs/manpages/nmbd.8
+++ b/docs/manpages/nmbd.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "NMBD" "8" "03 January 2003" "" ""
+.TH "NMBD" "8" "28 January 2003" "" ""
+
 .SH NAME
 nmbd \- NetBIOS name server to provide NetBIOS  over IP naming services to clients
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ nmbd \- NetBIOS name server to provide NetBIOS  over IP naming services to clien
 
 .SH "DESCRIPTION"
 .PP
-This program is part of the Samba suite.
+This program is part of the \fBSamba\fR(7) suite.
 .PP
 \fBnmbd\fR is a server that understands 
 and can reply to NetBIOS over IP name service requests, like 
@@ -34,7 +35,7 @@ but this can be overridden with the \fB-n\fR
 option (see OPTIONS below). Thus \fBnmbd\fR will 
 reply to broadcast queries for its own name(s). Additional
 names for \fBnmbd\fR to respond on can be set 
-via parameters in the \fI smb.conf(5)\fR configuration file.
+via parameters in the \fBsmb.conf\fR(5) configuration file.
 .PP
 \fBnmbd\fR can also be used as a WINS 
 (Windows Internet Name Server) server. What this basically means 
@@ -85,7 +86,7 @@ server to run "interactively", not as a daemon, even if the
 server is executed on the command line of a shell. Setting this
 parameter negates the implicit daemon mode when run from the
 command line. \fBnmbd\fR also logs to standard
-output, as if the \fB-S\fR parameter had been
+output, as if the -S parameter had been
 given. 
 .TP
 \fB-o\fR
@@ -102,8 +103,9 @@ for \fBnmbd\fR.
 NetBIOS lmhosts file.  The lmhosts 
 file is a list of NetBIOS names to IP addresses that 
 is loaded by the nmbd server and used via the name 
-resolution mechanism   name resolve order described in  \fIsmb.conf(5)\fR
-to resolve any NetBIOS name queries needed by the server. Note 
+resolution mechanism \fIname resolve
+order\fR described in \fBsmb.conf\fR(5) to resolve any 
+NetBIOS name queries needed by the server. Note 
 that the contents of this file are \fBNOT\fR 
 used by \fBnmbd\fR to answer any name queries. 
 Adding a line to this file affects name NetBIOS resolution 
@@ -113,9 +115,7 @@ The default path to this file is compiled into
 Samba as part of the build process. Common defaults 
 are \fI/usr/local/samba/lib/lmhosts\fR,
 \fI/usr/samba/lib/lmhosts\fR or
-\fI/etc/lmhosts\fR. See the
-\fIlmhosts(5)\fR
-man page for details on the contents of this file.
+\fI/etc/samba/lmhosts\fR. See the \fBlmhosts\fR(5) man page for details on the contents of this file.
 .TP
 \fB-V\fR
 Prints the version number for 
@@ -140,8 +140,8 @@ and generate HUGE amounts of log data, most of which is extremely
 cryptic.
 
 Note that specifying this parameter here will override 
-the log level 
-parameter in the \fI  smb.conf(5)\fR file.
+the \fIlog level\fR 
+parameter in the \fBsmb.conf\fR(5) file.
 .TP
 \fB-l <log directory>\fR
 The -l parameter specifies a directory 
@@ -156,10 +156,10 @@ will log to the default debug log location defined at compile time.
 \fB-n <primary NetBIOS name>\fR
 This option allows you to override
 the NetBIOS name that Samba uses for itself. This is identical 
-to setting the   NetBIOS name parameter in the  
-\fIsmb.conf\fR file.  However, a command
+to setting the \fINetBIOS
+name\fR parameter in the \fBsmb.conf\fR(5) file.  However, a command
 line setting will take precedence over settings in 
-\fIsmb.conf\fR.
+\fBsmb.conf\fR(5).
 .TP
 \fB-p <UDP port number>\fR
 UDP port number is a positive integer value.
@@ -174,14 +174,14 @@ is set at build time, typically as \fI  /usr/local/samba/lib/smb.conf\fR, but
 this may be changed when Samba is autoconfigured.
 
 The file specified contains the configuration details
-required by the server. See   \fIsmb.conf(5)\fR for more information.
+required by the server. See \fBsmb.conf\fR(5) for more information.
 .SH "FILES"
 .TP
 \fB\fI/etc/inetd.conf\fB\fR
 If the server is to be run by the
 \fBinetd\fR meta-daemon, this file
 must contain suitable startup information for the
-meta-daemon. See the UNIX_INSTALL.html document
+meta-daemon. See the install document
 for details.
 .TP
 \fB\fI/etc/rc\fB\fR
@@ -190,7 +190,7 @@ system uses).
 
 If running the server as a daemon at startup,
 this file will need to contain an appropriate startup
-sequence for the server. See the UNIX_INSTALL.html document
+sequence for the server. See the "How to Install and Test SAMBA" document
 for details.
 .TP
 \fB\fI/etc/services\fB\fR
@@ -198,27 +198,26 @@ If running the server via the
 meta-daemon \fBinetd\fR, this file
 must contain a mapping of service name (e.g., netbios-ssn)
 to service port (e.g., 139) and protocol type (e.g., tcp).
-See the UNIX_INSTALL.html
+See the "How to Install and Test SAMBA"
 document for details.
 .TP
 \fB\fI/usr/local/samba/lib/smb.conf\fB\fR
-This is the default location of the
-\fIsmb.conf\fR
-server configuration file. Other common places that systems
+This is the default location of 
+the \fBsmb.conf\fR(5) server
+configuration file. Other common places that systems
 install this file are \fI/usr/samba/lib/smb.conf\fR
-and \fI/etc/smb.conf\fR.
+and \fI/etc/samba/smb.conf\fR.
 
 When run as a WINS server (see the
 wins support
-parameter in the \fIsmb.conf(5)\fR man page),
+parameter in the \fBsmb.conf\fR(5) man page),
 \fBnmbd\fR
 will store the WINS database in the file \fIwins.dat\fR
 in the \fIvar/locks\fR directory configured under
 wherever Samba was configured to install itself.
 
 If \fBnmbd\fR is acting as a \fB  browse master\fR (see the local master
-parameter in the \fIsmb.conf(5)\fR man page,
-\fBnmbd\fR
+parameter in the \fBsmb.conf\fR(5) man page, \fBnmbd\fR
 will store the browsing database in the file \fIbrowse.dat
 \fR in the \fIvar/locks\fR directory
 configured under wherever Samba was configured to install itself.
@@ -238,10 +237,10 @@ under wherever Samba was configured to install itself). This will also
 cause \fBnmbd\fR to dump out its server database in
 the \fIlog.nmb\fR file.
 .PP
-The debug log level of nmbd may be raised or lowered using
-\fBsmbcontrol(1)\fR
- (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
-to allow transient problems to be diagnosed, whilst still running
+The debug log level of nmbd may be raised or lowered
+using \fBsmbcontrol\fR(1) (SIGUSR[1|2] signals
+are no longer used since Samba 2.2). This is to allow
+transient problems to be diagnosed, whilst still running 
 at a normally low log level.
 .SH "VERSION"
 .PP
@@ -249,11 +248,8 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBinetd(8)\fR, \fBsmbd(8)\fR 
-\fIsmb.conf(5)\fR
- \fBsmbclient(1)
-\fR and the Internet RFC's
-\fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
+\fBinetd\fR(8), \fBsmbd\fR(8), \fBsmb.conf\fR(5), \fBsmbclient\fR(1), \fBtestparm\fR(1), \fBtestprns\fR(1), and the Internet 
+RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
 In addition the CIFS (formerly SMB) specification is available 
 as a link from the Web page  
 http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
@@ -266,7 +262,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1
index ecf10dfc1f..7abd080bf8 100644
--- a/docs/manpages/nmblookup.1
+++ b/docs/manpages/nmblookup.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "NMBLOOKUP" "1" "05 November 2002" "" ""
+.TH "NMBLOOKUP" "1" "28 January 2003" "" ""
+
 .SH NAME
 nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS  names
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS  names
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBnmblookup\fR is used to query NetBIOS names 
 and map them to IP addresses in a network using NetBIOS over TCP/IP 
@@ -33,7 +34,7 @@ to do a recursive lookup. This is used when sending a name
 query to a machine running a WINS server and the user wishes 
 to query the names in the WINS server.  If this bit is unset 
 the normal (broadcast responding) NetBIOS processing code 
-on a machine is used instead. See rfc1001, rfc1002 for details.
+on a machine is used instead. See RFC1001, RFC1002 for details.
 .TP
 \fB-S\fR
 Once the name query has returned an IP 
@@ -46,8 +47,7 @@ datagrams. The reason for this option is a bug in Windows 95
 where it ignores the source port of the requesting packet 
 and only replies to UDP port 137. Unfortunately, on most UNIX 
 systems root privilege is needed to bind to this port, and 
-in addition, if the nmbd(8) 
-daemon is running on this machine it also binds to this port.
+in addition, if the \fBnmbd\fR(8) daemon is running on this machine it also binds to this port.
 .TP
 \fB-A\fR
 Interpret \fIname\fR as 
@@ -61,7 +61,7 @@ Send the query to the given broadcast address. Without
 this option the default behavior of nmblookup is to send the 
 query to the broadcast address of the network interfaces as 
 either auto-detected or defined in the \fIinterfaces\fR
- parameter of the  \fIsmb.conf (5)\fR file.
+ parameter of the \fBsmb.conf\fR(5) file.
 .TP
 \fB-U <unicast address>\fR
 Do a unicast query to the specified address or 
@@ -126,8 +126,8 @@ area.
 .PP
 \fBnmblookup\fR can be used to query 
 a WINS server (in the same way \fBnslookup\fR is 
-used to query DNS servers). To query a WINS server, 
-\fBnmblookup\fR must be called like this:
+used to query DNS servers). To query a WINS server, \fBnmblookup\fR 
+must be called like this:
 .PP
 \fBnmblookup -U server -R 'name'\fR
 .PP
@@ -143,8 +143,7 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR 
-samba(7) and smb.conf(5)
+\fBnmbd\fR(8), \fBsamba\fR(7), and \fBsmb.conf\fR(5).
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -154,7 +153,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8
index 278bc2727a..bd225a1805 100644
--- a/docs/manpages/pdbedit.8
+++ b/docs/manpages/pdbedit.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "PDBEDIT" "8" "26 November 2002" "" ""
+.TH "PDBEDIT" "8" "28 January 2003" "" ""
+
 .SH NAME
 pdbedit \- manage the SAM database
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ pdbedit \- manage the SAM database
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 The pdbedit program is used to manage the users accounts
 stored in the sam database and can only be run by root.
@@ -37,9 +38,8 @@ Example: \fBpdbedit -l\fR
 
 
 .nf
-		sorce:500:Simo Sorce
-		samba:45:Test User
-		
+sorce:500:Simo Sorce
+samba:45:Test User
 .fi
 .TP
 \fB-v\fR
@@ -51,40 +51,38 @@ Example: \fBpdbedit -l -v\fR
 
 
 .nf
-		---------------
-		username:       sorce
-		user ID/Group:  500/500
-		user RID/GRID:  2000/2001
-		Full Name:      Simo Sorce
-		Home Directory: \\\\BERSERKER\\sorce
-		HomeDir Drive:  H:
-		Logon Script:   \\\\BERSERKER\\netlogon\\sorce.bat
-		Profile Path:   \\\\BERSERKER\\profile
-		---------------
-		username:       samba
-		user ID/Group:  45/45
-		user RID/GRID:  1090/1091
-		Full Name:      Test User
-		Home Directory: \\\\BERSERKER\\samba
-		HomeDir Drive:  
-		Logon Script:   
-		Profile Path:   \\\\BERSERKER\\profile
-		
+---------------
+username:       sorce
+user ID/Group:  500/500
+user RID/GRID:  2000/2001
+Full Name:      Simo Sorce
+Home Directory: \\\\BERSERKER\\sorce
+HomeDir Drive:  H:
+Logon Script:   \\\\BERSERKER\\netlogon\\sorce.bat
+Profile Path:   \\\\BERSERKER\\profile
+---------------
+username:       samba
+user ID/Group:  45/45
+user RID/GRID:  1090/1091
+Full Name:      Test User
+Home Directory: \\\\BERSERKER\\samba
+HomeDir Drive:  
+Logon Script:   
+Profile Path:   \\\\BERSERKER\\profile
 .fi
 .TP
 \fB-w\fR
 This option sets the "smbpasswd" listing format.
 It will make pdbedit list the users in the database, printing
 out the account fields in a format compatible with the
-\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details)
+\fIsmbpasswd\fR file format. (see the
+\fBsmbpasswd\fR(5) for details)
 
 Example: \fBpdbedit -l -w\fR
 
-
 .nf
-		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
-		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
-		
+sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
+samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
 .fi
 .TP
 \fB-u username\fR
@@ -139,7 +137,7 @@ Example: \fBpdbedit -a -u sorce\fR
 
 .nf
 new password:
-		retype new password
+retype new password
 .fi
 .TP
 \fB-m\fR
@@ -193,8 +191,7 @@ Example: \fBpdbedit -P "bad lockout attempt"\fR
 
 
 .nf
-		account policy value for bad lockout attempt is 0
-		
+account policy value for bad lockout attempt is 0
 .fi
 .TP
 \fB-V account-policy-value\fR
@@ -206,9 +203,8 @@ Example: \fBpdbedit -P "bad lockout attempt" -V 3\fR
 
 
 .nf
-		account policy value for bad lockout attempt was 0
-		account policy value for bad lockout attempt is now 3
-		
+account policy value for bad lockout attempt was 0
+account policy value for bad lockout attempt is now 3
 .fi
 .TP
 \fB-d|--debug=debuglevel\fR
@@ -254,8 +250,7 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-smbpasswd(8) 
-samba(7)
+\fBsmbpasswd\fR(5), \fBsamba\fR(7)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -265,7 +260,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook
+XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1
index e09892b5b9..d62080f596 100644
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "RPCCLIENT" "1" "05 November 2002" "" ""
+.TH "RPCCLIENT" "1" "28 January 2003" "" ""
+
 .SH NAME
 rpcclient \- tool for executing client side  MS-RPC functions
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ rpcclient \- tool for executing client side  MS-RPC functions
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBrpcclient\fR is a utility initially developed
 to test MS-RPC functionality in Samba itself.  It has undergone 
@@ -24,8 +25,7 @@ their UNIX workstation.
 \fBserver\fR
 NetBIOS name of Server to which to connect. 
 The server can be  any SMB/CIFS server.  The name is 
-resolved using the   \fIname resolve order\fR line from 
-\fIsmb.conf(5)\fR.
+resolved using the   \fIname resolve order\fR line from \fBsmb.conf\fR(5).
 .TP
 \fB-A|--authfile=filename\fR
 This option allows 
@@ -34,10 +34,9 @@ password used in the connection.  The format of the file is
 
 
 .nf
-		username = <value> 
-		password = <value>
-		domain   = <value>
-		
+username = <value> 
+password = <value>
+domain   = <value>
 .fi
 
 Make certain that the permissions on the file restrict 
@@ -47,6 +46,9 @@ access from unwanted users.
 execute semicolon separated commands (listed 
 below)) 
 .TP
+\fB-h|--help\fR
+Print a summary of command line options.
+.TP
 \fB-d|--debug=debuglevel\fR
 \fIdebuglevel\fR is an integer 
 from 0 to 10.  The default value if this parameter is 
@@ -69,9 +71,6 @@ Note that specifying this parameter here will
 override the log
 level file.
 .TP
-\fB-h|--help\fR
-Print a summary of command line options.
-.TP
 \fB-I IP-address\fR
 \fIIP address\fR is the address of the server to connect to. 
 It should be specified in standard "a.b.c.d" notation. 
@@ -193,15 +192,14 @@ follows:
 
 
 .nf
-		Long Printer Name:\\
-		Driver File Name:\\
-		Data File Name:\\
-		Config File Name:\\
-		Help File Name:\\
-		Language Monitor Name:\\
-		Default Data Type:\\
-		Comma Separated list of Files
-		
+Long Printer Name:\\
+Driver File Name:\\
+Data File Name:\\
+Config File Name:\\
+Help File Name:\\
+Language Monitor Name:\\
+Default Data Type:\\
+Comma Separated list of Files
 .fi
 
 Any empty fields should be enter as the string "NULL". 
@@ -327,7 +325,7 @@ parameters where passed to the interpreter.
 .PP
 From Luke Leighton's original rpcclient man page:
 .PP
-\fB"WARNING!\fR The MSRPC over SMB code has 
+\fBWARNING!\fR The MSRPC over SMB code has 
 been developed from examining  Network traces. No documentation is 
 available from the original creators  (Microsoft) on how MSRPC over 
 SMB works, or how the individual MSRPC services  work. Microsoft's 
@@ -335,12 +333,11 @@ implementation of these services has been demonstrated  (and reported)
 to be... a bit flaky in places. 
 .PP
 The development of Samba's implementation is also a bit rough, 
-and as more  of the services are understood, it can even result in 
-versions of  \fBsmbd(8)\fR and \fBrpcclient(1)\fR 
-that are incompatible for some commands or  services. Additionally, 
+and as more of the services are understood, it can even result in 
+versions of \fBsmbd\fR(8) and \fBrpcclient\fR(1) that are incompatible for some commands or  services. Additionally, 
 the developers are sending reports to Microsoft,  and problems found 
 or reported to Microsoft are fixed in Service Packs,  which may 
-result in incompatibilities." 
+result in incompatibilities.
 .SH "VERSION"
 .PP
 This man page is correct for version 3.0 of the Samba 
@@ -355,4 +352,5 @@ to the way the Linux kernel is developed.
 The original rpcclient man page was written by Matthew 
 Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
 The conversion to DocBook for Samba 2.2 was done by Gerald 
-Carter.
+Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was
+done by Alexander Bokovoy.
diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7
index 0635cc7884..0a25cbfe88 100644
--- a/docs/manpages/samba.7
+++ b/docs/manpages/samba.7
@@ -3,9 +3,10 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SAMBA" "7" "05 November 2002" "" ""
+.TH "SAMBA" "7" "28 January 2003" "" ""
+
 .SH NAME
-SAMBA \- A Windows SMB/CIFS fileserver for UNIX
+Samba \- A Windows SMB/CIFS fileserver for UNIX
 .SH SYNOPSIS
 
 \fBSamba\fR
@@ -19,20 +20,19 @@ also referred to as the Common Internet File System (CIFS). For a
 more thorough description, see  http://www.ubiqx.org/cifs/ <URL:http://www.ubiqx.org/cifs/>. Samba also implements the NetBIOS
 protocol in nmbd.
 .TP
-\fBsmbd\fR
-The \fBsmbd \fR
-daemon provides the file and print services to 
+\fBsmbd(8)\fR
+The \fBsmbd\fR daemon provides the file and print services to 
 SMB clients, such as Windows 95/98, Windows NT, Windows 
 for Workgroups or LanManager. The configuration file 
-for this daemon is described in \fIsmb.conf\fR
+for this daemon is described in \fBsmb.conf\fR(5)
 .TP
-\fBnmbd\fR
+\fBnmbd(8)\fR
 The \fBnmbd\fR
 daemon provides NetBIOS nameservice and browsing
 support. The configuration file for this daemon 
-is described in \fIsmb.conf\fR
+is described in \fBsmb.conf\fR(5)
 .TP
-\fBsmbclient\fR
+\fBsmbclient(1)\fR
 The \fBsmbclient\fR
 program implements a simple ftp-like client. This 
 is useful for accessing SMB shares on other compatible
@@ -40,33 +40,33 @@ servers (such as Windows NT), and can also be used
 to allow a UNIX box to print to a printer attached to 
 any SMB server (such as a PC running Windows NT).
 .TP
-\fBtestparm\fR
+\fBtestparm(1)\fR
 The \fBtestparm\fR
-utility is a simple syntax checker for Samba's
-\fIsmb.conf\fRconfiguration file.
+utility is a simple syntax checker for Samba's \fBsmb.conf\fR(5) configuration file.
 .TP
-\fBtestprns\fR
+\fBtestprns(1)\fR
 The \fBtestprns\fR
 utility supports testing printer names defined 
 in your \fIprintcap\fR file used 
 by Samba.
 .TP
-\fBsmbstatus\fR
+\fBsmbstatus(1)\fR
 The \fBsmbstatus\fR
 tool provides access to information about the 
 current connections to \fBsmbd\fR.
 .TP
-\fBnmblookup\fR
+\fBnmblookup(1)\fR
 The \fBnmblookup\fR
 tools allows NetBIOS name queries to be made 
 from a UNIX host.
 .TP
-\fBmake_smbcodepage\fR
-The \fBmake_smbcodepage\fR
-utility provides a means of creating SMB code page 
-definition files for your \fBsmbd\fR server.
+\fBsmbgroupedit(8)\fR
+The \fBsmbgroupedit\fR
+tool allows for mapping unix groups to NT Builtin,
+Domain, or Local groups. Also it allows setting
+priviledges for that group, such as saAddUser, etc.
 .TP
-\fBsmbpasswd\fR
+\fBsmbpasswd(8)\fR
 The \fBsmbpasswd\fR
 command is a tool for changing LanMan and Windows NT 
 password hashes on Samba and Windows NT servers.
@@ -101,13 +101,13 @@ on the newsgroup  comp.protocol.smb <URL:news:comp.protocols.smb> and the Samba
 list. Details on how to join the mailing list are given in 
 the README file that comes with Samba.
 .PP
-If you have access to a WWW viewer (such as Netscape 
-or Mosaic) then you will also find lots of useful information, 
+If you have access to a WWW viewer (such as Mozilla
+or Konqueror) then you will also find lots of useful information, 
 including back issues of the Samba mailing list, at
 http://lists.samba.org <URL:http://lists.samba.org/>.
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of the 
+This man page is correct for version 3.0 of the 
 Samba suite. 
 .SH "CONTRIBUTIONS"
 .PP
@@ -117,8 +117,8 @@ http://lists.samba.org <URL:http://lists.samba.org/>.
 .PP
 If you have patches to submit, visit
 http://devel.samba.org/ <URL:http://devel.samba.org/>
-for information on how to do it properly. We prefer patches in
-\fBdiff -u\fR format.
+for information on how to do it properly. We prefer patches 
+in \fBdiff -u\fR format.
 .SH "CONTRIBUTORS"
 .PP
 Contributors to the project are now too numerous 
@@ -141,7 +141,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML
+4.2 for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index 8010871d66..fee4cf8989 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -3,18 +3,18 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMB.CONF" "5" "15 January 2003" "" ""
+.TH "SMB.CONF" "5" "18 February 2003" "" ""
+
 .SH NAME
 smb.conf \- The configuration file for the Samba suite
 .SH "SYNOPSIS"
 .PP
-The \fIsmb.conf\fR file is a configuration 
-file for the Samba suite. \fIsmb.conf\fR contains 
-runtime configuration information for the Samba programs. The
-\fIsmb.conf\fR file is designed to be configured and 
-administered by the \fBswat(8)\fR
- program. The complete description of the file format and 
-possible parameters held within are here for reference purposes.
+The \fIsmb.conf\fR file is a configuration  
+file for the Samba suite. \fIsmb.conf\fR contains  
+runtime configuration information for the Samba programs. The \fIsmb.conf\fR file 
+is designed to be configured and  administered by the \fBswat\fR(8) program. The complete
+description of the file format and possible parameters held within
+are here for reference purposes.
 .SH "FILE FORMAT"
 .PP
 The file consists of sections and parameters. A section 
@@ -93,11 +93,9 @@ The user has write access to the path \fI/home/bar\fR.
 The share is accessed via the share name "foo":
 
 .nf
-	 	[foo]
- 		path = /home/bar
- 		read only = no
-	
-	
+[foo]
+	path = /home/bar
+	read only = no
 .fi
 .PP
 The following sample section defines a printable share. 
@@ -108,13 +106,11 @@ access will be permitted as the default guest user (specified
 elsewhere):
 
 .nf
-	 	[aprinter]
- 		path = /usr/spool/public
- 		read only = yes
- 		printable = yes
- 		guest ok = yes
-	
-	
+[aprinter]
+	path = /usr/spool/public
+	read only = yes
+	printable = yes
+	guest ok = yes
 .fi
 .SH "SPECIAL SECTIONS"
 .SS "THE [GLOBAL] SECTION"
@@ -172,10 +168,8 @@ than others. The following is a typical and suitable [homes]
 section:
 
 .nf
-			 	[homes]
- 			read only = no
-		
-		
+[homes]
+	read only = no
 .fi
 .PP
 An important point is that if guest access is specified 
@@ -235,11 +229,10 @@ it. A typical [printers] entry would look like
 this:
 
 .nf
-	 	[printers]
- 			path = /usr/spool/public
- 			guest ok = yes
- 			printable = yes 
-		
+[printers]
+	path = /usr/spool/public
+	guest ok = yes
+	printable = yes 
 .fi
 .PP
 All aliases given for a printer in the printcap file 
@@ -249,9 +242,7 @@ to set up a pseudo-printcap. This is a file consisting of one or
 more lines like this:
 
 .nf
-			        alias|alias|alias|alias...    
-		
-		
+alias|alias|alias|alias...    
 .fi
 .PP
 Each alias should be an acceptable printer name for 
@@ -1445,10 +1436,9 @@ each parameter for details. Note that some are synonyms.
 \fIwriteable\fR
 .SH "EXPLANATION OF EACH PARAMETER"
 .TP
-\fBabort shutdown script (G)\fR
+\fB>abort shutdown script (G)\fR
 \fBThis parameter only exists in the HEAD cvs branch\fR
-This a full path name to a script called by
-\fBsmbd(8)\fR that
+This a full path name to a script called by \fBsmbd\fR(8) that
 should stop a shutdown procedure issued by the \fIshutdown script\fR.
 
 This command will be run as user.
@@ -1457,7 +1447,7 @@ Default: \fBNone\fR.
 
 Example: \fBabort shutdown script = /sbin/shutdown -c\fR
 .TP
-\fBaddprinter command (G)\fR
+\fB>addprinter command (G)\fR
 With the introduction of MS-RPC based printing
 support for Windows NT/2000 clients in Samba 2.2, The MS Add
 Printer Wizard (APW) icon is now also available in the 
@@ -1471,12 +1461,11 @@ printer command\fR defines a script to be run which
 will perform the necessary operations for adding the printer
 to the print system and to add the appropriate service definition 
 to the  \fIsmb.conf\fR file in order that it can be 
-shared by \fBsmbd(8)\fR
-
+shared by \fBsmbd\fR(8).
 
 The \fIaddprinter command\fR is
 automatically invoked with the following parameter (in 
-order:
+order):
 .RS
 .TP 0.2i
 \(bu
@@ -1518,7 +1507,7 @@ Default: \fBnone\fR
 Example: \fBaddprinter command = /usr/bin/addprinter
 \fR
 .TP
-\fBadd share command (G)\fR
+\fB>add share command (G)\fR
 Samba 2.2.0 introduced the ability to dynamically 
 add and delete shares via the Windows NT 4.0 Server Manager.  The 
 \fIadd share command\fR is used to define an 
@@ -1561,9 +1550,9 @@ Default: \fBnone\fR
 
 Example: \fBadd share command = /usr/local/bin/addshare\fR
 .TP
-\fBadd machine script (G)\fR
+\fB>add machine script (G)\fR
 This is the full pathname to a script that will 
-be run by smbd(8) when a machine is added
+be run by \fBsmbd\fR(8) when a machine is added
 to it's domain using the administrator username and password method. 
 
 This option is only required when using sam back-ends tied to the
@@ -1576,7 +1565,7 @@ Default: \fBadd machine script = <empty string>
 Example: \fBadd machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
 \fR
 .TP
-\fBads server (G)\fR
+\fB>ads server (G)\fR
 If this option is specified, samba does 
 not try to figure out what ads server to use itself, but 
 uses the specified ads server. Either one DNS name or IP 
@@ -1586,10 +1575,9 @@ Default: \fBads server = \fR
 
 Example: \fBads server = 192.168.1.2\fR
 .TP
-\fBadd user script (G)\fR
+\fB>add user script (G)\fR
 This is the full pathname to a script that will 
-be run \fBAS ROOT\fR by smbd(8)
- under special circumstances described below.
+be run \fBAS ROOT\fR by \fBsmbd\fR(8) under special circumstances described below.
 
 Normally, a Samba server requires that UNIX users are 
 created for all users accessing files on this server. For sites 
@@ -1598,15 +1586,14 @@ creating these users and keeping the user list in sync with the
 Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users 
 \fBON DEMAND\fR when a user accesses the Samba server.
 
-In order to use this option, smbd 
-must \fBNOT\fR be set to \fIsecurity = share\fR
+In order to use this option, \fBsmbd\fR(8) must \fBNOT\fR be set to \fIsecurity = share\fR
 and \fIadd user script\fR
 must be set to a full pathname for a script that will create a UNIX 
 user given one argument of \fI%u\fR, which expands into 
 the UNIX user name to create.
 
 When the Windows user attempts to access the Samba server, 
-at login (session setup in the SMB protocol) time,   smbd contacts the \fIpassword server\fR and 
+at login (session setup in the SMB protocol) time, \fBsmbd\fR(8) contacts the \fIpassword server\fR and 
 attempts to authenticate the given user with the given password. If the 
 authentication succeeds then \fBsmbd\fR 
 attempts to find a UNIX user in the UNIX password database to map the 
@@ -1630,9 +1617,9 @@ Default: \fBadd user script = <empty string>
 Example: \fBadd user script = /usr/local/samba/bin/add_user 
 %u\fR
 .TP
-\fBadd group script (G)\fR
+\fB>add group script (G)\fR
 This is the full pathname to a script that will 
-be run \fBAS ROOT\fR by smbd(8) when a new group is
+be run \fBAS ROOT\fR by \fBsmbd\fR(8) when a new group is
 requested. It will expand any
 \fI%g\fR to the group name passed.
 This script is only useful for installations using the
@@ -1642,7 +1629,7 @@ circumvent unix group name restrictions. In that case
 the script must print the numeric gid of the created
 group on stdout.
 .TP
-\fBadmin users (S)\fR
+\fB>admin users (S)\fR
 This is a list of users who will be granted 
 administrative privileges on the share. This means that they 
 will do all file operations as the super-user (root).
@@ -1655,22 +1642,21 @@ Default: \fBno admin users\fR
 
 Example: \fBadmin users = jason\fR
 .TP
-\fBadd user to group script (G)\fR
+\fB>add user to group script (G)\fR
 Full path to the script that will be called when 
 a user is added to a group using the Windows NT domain administration 
-tools. It will be run by smbd(8) 
-\fBAS ROOT\fR. Any \fI%g\fR will be 
-replaced with the group name and any \fI%u\fR will 
-be replaced with the user name.
+tools. It will be run by \fBsmbd\fR(8) \fBAS ROOT\fR. 
+Any \fI%g\fR will be replaced with the group name and 
+any \fI%u\fR will be replaced with the user name.
 
 Default: \fBadd user to group script = \fR
 
 Example: \fBadd user to group script = /usr/sbin/adduser %u %g\fR
 .TP
-\fBallow hosts (S)\fR
+\fB>allow hosts (S)\fR
 Synonym for   \fIhosts allow\fR.
 .TP
-\fBalgorithmic rid base (G)\fR
+\fB>algorithmic rid base (G)\fR
 This determines how Samba will use its
 algorithmic mapping from uids/gid to the RIDs needed to construct
 NT Security Identifiers.
@@ -1689,7 +1675,7 @@ Default: \fBalgorithmic rid base = 1000\fR
 
 Example: \fBalgorithmic rid base = 100000\fR
 .TP
-\fBallow trusted domains (G)\fR
+\fB>allow trusted domains (G)\fR
 This option only takes effect when the \fIsecurity\fR option is set to 
 server or domain.  
 If it is set to no, then attempts to connect to a resource from 
@@ -1708,10 +1694,8 @@ can make implementing a security boundary difficult.
 
 Default: \fBallow trusted domains = yes\fR
 .TP
-\fBannounce as (G)\fR
-This specifies what type of server 
-\fBnmbd\fR 
-will announce itself as, to a network neighborhood browse 
+\fB>announce as (G)\fR
+This specifies what type of server \fBnmbd\fR(8) will announce itself as, to a network neighborhood browse 
 list. By default this is set to Windows NT. The valid options 
 are : "NT Server" (which can also be written as "NT"), 
 "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, 
@@ -1725,7 +1709,7 @@ Default: \fBannounce as = NT Server\fR
 
 Example: \fBannounce as = Win95\fR
 .TP
-\fBannounce version (G)\fR
+\fB>announce version (G)\fR
 This specifies the major and minor version numbers 
 that nmbd will use when announcing itself as a server. The default 
 is 4.9.  Do not change this parameter unless you have a specific 
@@ -1735,10 +1719,10 @@ Default: \fBannounce version = 4.9\fR
 
 Example: \fBannounce version = 2.0\fR
 .TP
-\fBauto services (G)\fR
+\fB>auto services (G)\fR
 This is a synonym for the   \fIpreload\fR.
 .TP
-\fBauth methods (G)\fR
+\fB>auth methods (G)\fR
 This option allows the administrator to chose what
 authentication methods \fBsmbd\fR will use when authenticating
 a user.  This option defaults to sensible values based on \fI  security\fR.
@@ -1750,7 +1734,7 @@ Default: \fBauth methods = <empty string>\fR
 
 Example: \fBauth methods = guest sam ntdomain\fR
 .TP
-\fBavailable (S)\fR
+\fB>available (S)\fR
 This parameter lets you "turn off" a service. If 
 \fIavailable = no\fR, then \fBALL\fR 
 attempts to connect to the service will fail. Such failures are 
@@ -1758,12 +1742,10 @@ logged.
 
 Default: \fBavailable = yes\fR
 .TP
-\fBbind interfaces only (G)\fR
+\fB>bind interfaces only (G)\fR
 This global parameter allows the Samba admin 
 to limit what interfaces on a machine will serve SMB requests. It 
-affects file service smbd(8) and 
-name service nmbd(8) in slightly 
-different ways.
+affects file service \fBsmbd\fR(8) and name service \fBnmbd\fR(8) in a slightly different ways.
 
 For name service it causes \fBnmbd\fR to bind 
 to ports 137 and 138 on the interfaces listed in the interfaces parameter. \fBnmbd
@@ -1782,8 +1764,8 @@ send packets that arrive through any interfaces not listed in the
 does defeat this simple check, however, so it must not be used
 seriously as a security feature for \fBnmbd\fR.
 
-For file service it causes smbd(8)
-to bind only to the interface list given in the   interfaces parameter. This restricts the networks that 
+For file service it causes \fBsmbd\fR(8) to bind only to the interface list 
+given in the   interfaces parameter. This restricts the networks that 
 \fBsmbd\fR will serve to packets coming in those 
 interfaces.  Note that you should not use this parameter for machines 
 that are serving PPP or other intermittent or non-broadcast network 
@@ -1791,9 +1773,7 @@ interfaces as it will not cope with non-permanent interfaces.
 
 If \fIbind interfaces only\fR is set then 
 unless the network address \fB127.0.0.1\fR is added 
-to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR 
-and \fBswat(8)\fR may 
-not work as expected due to the reasons covered below.
+to the \fIinterfaces\fR parameter list \fBsmbpasswd\fR(8) and \fBswat\fR(8) may not work as expected due to the reasons covered below.
 
 To change a users SMB password, the \fBsmbpasswd\fR
 by default connects to the \fBlocalhost - 127.0.0.1\fR 
@@ -1802,8 +1782,8 @@ address as an SMB client to issue the password change request. If
 network address \fB127.0.0.1\fR is added to the
 \fIinterfaces\fR parameter list then \fB  smbpasswd\fR will fail to connect in it's default mode. 
 \fBsmbpasswd\fR can be forced to use the primary IP interface 
-of the local host by using its   \fI-r remote machine\fR
- parameter, with \fIremote machine\fR set 
+of the local host by using its \fBsmbpasswd\fR(8) \fI-r remote machine\fR
+parameter, with \fIremote machine\fR set 
 to the IP name of the primary interface of the local host.
 
 The \fBswat\fR status page tries to connect with
@@ -1815,8 +1795,9 @@ and \fBnmbd\fR.
 
 Default: \fBbind interfaces only = no\fR
 .TP
-\fBblocking locks (S)\fR
-This parameter controls the behavior of smbd(8) when given a request by a client 
+\fB>blocking locks (S)\fR
+This parameter controls the behavior 
+of \fBsmbd\fR(8) when given a request by a client 
 to obtain a byte range lock on a region of an open file, and the 
 request has a time limit associated with it.
 
@@ -1832,9 +1813,8 @@ cannot be obtained.
 
 Default: \fBblocking locks = yes\fR
 .TP
-\fBblock size (S)\fR
-This parameter controls the behavior of 
-smbd(8) when reporting disk free 
+\fB>block size (S)\fR
+This parameter controls the behavior of \fBsmbd\fR(8) when reporting disk free 
 sizes. By default, this reports a disk block size of 1024 bytes.
 
 Changing this parameter may have some effect on the
@@ -1846,42 +1826,38 @@ is an experimental option it may be removed in a future release.
 
 Changing this option does not change the disk free reporting
 size, just the block size unit reported to the client.
-
-Default: \fBblock size = 1024\fR
-
-Example: \fBblock size = 65536\fR
 .TP
-\fBbrowsable (S)\fR
+\fB>browsable (S)\fR
 See the \fI  browseable\fR.
 .TP
-\fBbrowse list (G)\fR
-This controls whether   \fBsmbd(8)\fR will serve a browse list to 
+\fB>browse list (G)\fR
+This controls whether \fBsmbd\fR(8) will serve a browse list to 
 a client doing a \fBNetServerEnum\fR call. Normally 
 set to yes. You should never need to change 
 this.
 
 Default: \fBbrowse list = yes\fR
 .TP
-\fBbrowseable (S)\fR
+\fB>browseable (S)\fR
 This controls whether this share is seen in 
 the list of available shares in a net view and in the browse list.
 
 Default: \fBbrowseable = yes\fR
 .TP
-\fBcase sensitive (S)\fR
+\fB>case sensitive (S)\fR
 See the discussion in the section NAME MANGLING.
 
 Default: \fBcase sensitive = no\fR
 .TP
-\fBcasesignames (S)\fR
+\fB>casesignames (S)\fR
 Synonym for case 
 sensitive.
 .TP
-\fBchange notify timeout (G)\fR
+\fB>change notify timeout (G)\fR
 This SMB allows a client to tell a server to 
 "watch" a particular directory for any changes and only reply to
 the SMB request when a change has occurred. Such constant scanning of
-a directory is expensive under UNIX, hence an   \fBsmbd(8)\fR daemon only performs such a scan 
+a directory is expensive under UNIX, hence an \fBsmbd\fR(8) daemon only performs such a scan 
 on each requested directory once every \fIchange notify 
 timeout\fR seconds.
 
@@ -1891,7 +1867,7 @@ Example: \fBchange notify timeout = 300\fR
 
 Would change the scan time to every 5 minutes.
 .TP
-\fBchange share command (G)\fR
+\fB>change share command (G)\fR
 Samba 2.2.0 introduced the ability to dynamically 
 add and delete shares via the Windows NT 4.0 Server Manager.  The 
 \fIchange share command\fR is used to define an 
@@ -1933,7 +1909,7 @@ Default: \fBnone\fR
 
 Example: \fBchange share command = /usr/local/bin/addshare\fR
 .TP
-\fBcomment (S)\fR
+\fB>comment (S)\fR
 This is a text field that is seen next to a share 
 when a client does a queries the server, either via the network 
 neighborhood or via \fBnet view\fR to list what shares 
@@ -1946,7 +1922,7 @@ Default: \fBNo comment string\fR
 
 Example: \fBcomment = Fred's Files\fR
 .TP
-\fBconfig file (G)\fR
+\fB>config file (G)\fR
 This allows you to override the config file 
 to use, instead of the default (usually \fIsmb.conf\fR). 
 There is a chicken and egg problem here as this option is set 
@@ -1966,7 +1942,7 @@ clients).
 Example: \fBconfig file = /usr/local/samba/lib/smb.conf.%m
 \fR
 .TP
-\fBcopy (S)\fR
+\fB>copy (S)\fR
 This parameter allows you to "clone" service 
 entries. The specified service is simply duplicated under the 
 current service's name. Any parameters specified in the current 
@@ -1981,7 +1957,7 @@ Default: \fBno value\fR
 
 Example: \fBcopy = otherservice\fR
 .TP
-\fBcreate mask (S)\fR
+\fB>create mask (S)\fR
 A synonym for this parameter is 
 \fIcreate mode\fR
 \&.
@@ -2018,10 +1994,10 @@ Default: \fBcreate mask = 0744\fR
 
 Example: \fBcreate mask = 0775\fR
 .TP
-\fBcreate mode (S)\fR
+\fB>create mode (S)\fR
 This is a synonym for \fI  create mask\fR.
 .TP
-\fBcsc policy (S)\fR
+\fB>csc policy (S)\fR
 This stands for \fBclient-side caching 
 policy\fR, and specifies how clients capable of offline
 caching will cache the files in the share. The valid values
@@ -2038,7 +2014,7 @@ Default: \fBcsc policy = manual\fR
 
 Example: \fBcsc policy = programs\fR
 .TP
-\fBdeadtime (G)\fR
+\fB>deadtime (G)\fR
 The value of the parameter (a decimal integer) 
 represents the number of minutes of inactivity before a connection 
 is considered dead, and it is disconnected. The deadtime only takes 
@@ -2061,7 +2037,7 @@ Default: \fBdeadtime = 0\fR
 
 Example: \fBdeadtime = 15\fR
 .TP
-\fBdebug hires timestamp (G)\fR
+\fB>debug hires timestamp (G)\fR
 Sometimes the timestamps in the log messages 
 are needed with a resolution of higher that seconds, this 
 boolean parameter adds microsecond resolution to the timestamp 
@@ -2072,7 +2048,7 @@ effect.
 
 Default: \fBdebug hires timestamp = no\fR
 .TP
-\fBdebug pid (G)\fR
+\fB>debug pid (G)\fR
 When using only one log file for more then one 
 forked smbdprocess there may be hard to follow which process 
 outputs which message. This boolean parameter is adds the process-id 
@@ -2083,7 +2059,7 @@ effect.
 
 Default: \fBdebug pid = no\fR
 .TP
-\fBdebug timestamp (G)\fR
+\fB>debug timestamp (G)\fR
 Samba debug log messages are timestamped 
 by default. If you are running at a high   \fIdebug level\fR these timestamps
 can be distracting. This boolean parameter allows timestamping 
@@ -2091,7 +2067,7 @@ to be turned off.
 
 Default: \fBdebug timestamp = yes\fR
 .TP
-\fBdebug uid (G)\fR
+\fB>debug uid (G)\fR
 Samba is sometimes run as root and sometime 
 run as the connected user, this boolean parameter inserts the 
 current euid, egid, uid and gid to the timestamp message headers 
@@ -2102,18 +2078,18 @@ effect.
 
 Default: \fBdebug uid = no\fR
 .TP
-\fBdebuglevel (G)\fR
+\fB>debuglevel (G)\fR
 Synonym for \fI  log level\fR.
 .TP
-\fBdefault (G)\fR
+\fB>default (G)\fR
 A synonym for \fI  default service\fR.
 .TP
-\fBdefault case (S)\fR
+\fB>default case (S)\fR
 See the section on   NAME MANGLING. Also note the   \fIshort preserve case\fR parameter.
 
 Default: \fBdefault case = lower\fR
 .TP
-\fBdefault devmode (S)\fR
+\fB>default devmode (S)\fR
 This parameter is only applicable to printable services.  When smbd is serving
 Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
 server has a Device Mode which defines things such as paper size and
@@ -2141,7 +2117,7 @@ see the MSDN documentation <URL:http://msdn.microsoft.com/>.
 
 Default: \fBdefault devmode = no\fR
 .TP
-\fBdefault service (G)\fR
+\fB>default service (G)\fR
 This parameter specifies the name of a service
 which will be connected to if the service actually requested cannot
 be found. Note that the square brackets are \fBNOT\fR
@@ -2171,14 +2147,15 @@ Example:
         
 [pub]
 	path = /%S
-		
 .fi
 .TP
-\fBdelete group script (G)\fR
+\fB>delete group script (G)\fR
 This is the full pathname to a script that will 
-be run \fBAS ROOT\fR by smbd(8) when a group is requested to be deleted. It will expand any \fI%g\fR to the group name passed.  This script is only useful for installations using the Windows NT domain administration tools.
+be run \fBAS ROOT\fR \fBsmbd\fR(8) when a group is requested to be deleted. 
+It will expand any \fI%g\fR to the group name passed.  
+This script is only useful for installations using the Windows NT domain administration tools.
 .TP
-\fBdeleteprinter command (G)\fR
+\fB>deleteprinter command (G)\fR
 With the introduction of MS-RPC based printer
 support for Windows NT/2000 clients in Samba 2.2, it is now 
 possible to delete printer at run time by issuing the 
@@ -2206,7 +2183,7 @@ Default: \fBnone\fR
 Example: \fBdeleteprinter command = /usr/bin/removeprinter
 \fR
 .TP
-\fBdelete readonly (S)\fR
+\fB>delete readonly (S)\fR
 This parameter allows readonly files to be deleted.  
 This is not normal DOS semantics, but is allowed by UNIX.
 
@@ -2216,7 +2193,7 @@ permissions, and DOS semantics prevent deletion of a read only file.
 
 Default: \fBdelete readonly = no\fR
 .TP
-\fBdelete share command (G)\fR
+\fB>delete share command (G)\fR
 Samba 2.2.0 introduced the ability to dynamically 
 add and delete shares via the Windows NT 4.0 Server Manager.  The 
 \fIdelete share command\fR is used to define an 
@@ -2251,10 +2228,10 @@ Default: \fBnone\fR
 
 Example: \fBdelete share command = /usr/local/bin/delshare\fR
 .TP
-\fBdelete user script (G)\fR
+\fB>delete user script (G)\fR
 This is the full pathname to a script that will 
-be run by \fBsmbd(8)\fR
-when managing user's with remote RPC (NT) tools.
+be run by \fBsmbd\fR(8) when managing users 
+with remote RPC (NT) tools.
 
 This script is called when a remote client removes a user
 from the server, normally using 'User Manager for Domains' or
@@ -2268,19 +2245,18 @@ Default: \fBdelete user script = <empty string>
 Example: \fBdelete user script = /usr/local/samba/bin/del_user 
 %u\fR
 .TP
-\fBdelete user from group script (G)\fR
+\fB>delete user from group script (G)\fR
 Full path to the script that will be called when 
 a user is removed from a group using the Windows NT domain administration 
-tools. It will be run by smbd(8) 
-\fBAS ROOT\fR. Any \fI%g\fR will be 
-replaced with the group name and any \fI%u\fR will 
-be replaced with the user name.
+tools. It will be run by \fBsmbd\fR(8) \fBAS ROOT\fR. 
+Any \fI%g\fR will be replaced with the group name and 
+any \fI%u\fR will be replaced with the user name.
 
 Default: \fBdelete user from group script = \fR
 
 Example: \fBdelete user from group script = /usr/sbin/deluser %u %g\fR
 .TP
-\fBdelete veto files (S)\fR
+\fB>delete veto files (S)\fR
 This option is used when Samba is attempting to 
 delete a directory that contains one or more vetoed directories 
 (see the \fIveto files\fR
@@ -2304,11 +2280,11 @@ files\fR parameter.
 
 Default: \fBdelete veto files = no\fR
 .TP
-\fBdeny hosts (S)\fR
+\fB>deny hosts (S)\fR
 Synonym for \fIhosts 
 deny\fR.
 .TP
-\fBdfree command (G)\fR
+\fB>dfree command (G)\fR
 The \fIdfree command\fR setting should 
 only be used on systems where a problem occurs with the internal 
 disk space calculations. This has been known to happen with Ultrix, 
@@ -2344,9 +2320,8 @@ Where the script dfree (which must be made executable) could be:
 
 .nf
  
-		#!/bin/sh
-		df $1 | tail -1 | awk '{print $2" "$4}'
-		
+#!/bin/sh
+df $1 | tail -1 | awk '{print $2" "$4}'
 .fi
 
 or perhaps (on Sys V based systems):
@@ -2354,19 +2329,18 @@ or perhaps (on Sys V based systems):
 
 .nf
  
-		#!/bin/sh
-		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
-		
+#!/bin/sh
+/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
 .fi
 
 Note that you may have to replace the command names 
 with full path names on some systems.
 .TP
-\fBdirectory (S)\fR
+\fB>directory (S)\fR
 Synonym for \fIpath
 \fR.
 .TP
-\fBdirectory mask (S)\fR
+\fB>directory mask (S)\fR
 This parameter is the octal modes which are 
 used when converting DOS modes to UNIX modes when creating UNIX 
 directories.
@@ -2407,10 +2381,10 @@ Default: \fBdirectory mask = 0755\fR
 
 Example: \fBdirectory mask = 0775\fR
 .TP
-\fBdirectory mode (S)\fR
+\fB>directory mode (S)\fR
 Synonym for \fI  directory mask\fR
 .TP
-\fBdirectory security mask (S)\fR
+\fB>directory security mask (S)\fR
 This parameter controls what UNIX permission bits 
 can be modified when a Windows NT client is manipulating the UNIX 
 permission on a directory using the native NT security dialog 
@@ -2440,7 +2414,7 @@ Default: \fBdirectory security mask = 0777\fR
 
 Example: \fBdirectory security mask = 0700\fR
 .TP
-\fBdisable netbios (G)\fR
+\fB>disable netbios (G)\fR
 Enabling this parameter will disable netbios support
 in Samba. Netbios is the only available form of browsing in 
 all windows versions except for 2000 and XP. 
@@ -2452,7 +2426,7 @@ Default: \fBdisable netbios = no\fR
 
 Example: \fBdisable netbios = yes\fR
 .TP
-\fBdisable spoolss (G)\fR
+\fB>disable spoolss (G)\fR
 Enabling this parameter will disable Samba's support
 for the SPOOLSS set of MS-RPC's and will yield identical behavior
 as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
@@ -2468,7 +2442,7 @@ See also use client driver
 
 Default : \fBdisable spoolss = no\fR
 .TP
-\fBdisplay charset (G)\fR
+\fB>display charset (G)\fR
 Specifies the charset that samba will use 
 to print messages to stdout and stderr and SWAT will use. 
 Should generally be the same as the \fBunix charset\fR.
@@ -2477,12 +2451,11 @@ Default: \fBdisplay charset = ASCII\fR
 
 Example: \fBdisplay charset = UTF8\fR
 .TP
-\fBdns proxy (G)\fR
-Specifies that nmbd(8) 
-when acting as a WINS server and finding that a NetBIOS name has not 
-been registered, should treat the NetBIOS name word-for-word as a DNS 
-name and do a lookup with the DNS server for that name on behalf of 
-the name-querying client.
+\fB>dns proxy (G)\fR
+Specifies that \fBnmbd\fR(8) when acting as a WINS server and 
+finding that a NetBIOS name has not been registered, should treat the 
+NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server 
+for that name on behalf of the name-querying client.
 
 Note that the maximum length for a NetBIOS name is 15 
 characters, so the DNS name (or DNS alias) can likewise only be 
@@ -2496,7 +2469,7 @@ See also the parameter \fI  wins support\fR.
 
 Default: \fBdns proxy = yes\fR
 .TP
-\fBdomain logons (G)\fR
+\fB>domain logons (G)\fR
 If set to yes, the Samba server will serve 
 Windows 95/98 Domain logons for the   \fIworkgroup\fR it is in. Samba 2.2
 has limited capability to act as a domain controller for Windows 
@@ -2506,18 +2479,17 @@ directory shipped with the source code.
 
 Default: \fBdomain logons = no\fR
 .TP
-\fBdomain master (G)\fR
-Tell \fB  nmbd(8)\fR to enable WAN-wide browse list
+\fB>domain master (G)\fR
+Tell \fBsmbd\fR(8) to enable WAN-wide browse list
 collation. Setting this option causes \fBnmbd\fR to
 claim a special domain specific NetBIOS name that identifies 
 it as a domain master browser for its given   \fIworkgroup\fR. Local master browsers 
 in the same \fIworkgroup\fR on broadcast-isolated 
 subnets will give this \fBnmbd\fR their local browse lists, 
-and then ask \fBsmbd(8)\fR 
-for a complete copy of the browse list for the whole wide area 
-network.  Browser clients will then contact their local master browser, 
-and will receive the domain-wide browse list, instead of just the list 
-for their broadcast-isolated subnet.
+and then ask \fBsmbd\fR(8) for a complete copy of the browse 
+list for the whole wide area network.  Browser clients will then contact 
+their local master browser, and will receive the domain-wide browse list, 
+instead of just the list for their broadcast-isolated subnet.
 
 Note that Windows NT Primary Domain Controllers expect to be 
 able to claim this \fIworkgroup\fR specific special 
@@ -2537,7 +2509,7 @@ master\fR be enabled by default.
 
 Default: \fBdomain master = auto\fR
 .TP
-\fBdont descend (S)\fR
+\fB>dont descend (S)\fR
 There are certain directories on some systems 
 (e.g., the \fI/proc\fR tree under Linux) that are either not 
 of interest to clients or are infinitely deep (recursive). This 
@@ -2553,17 +2525,16 @@ to descend)\fR
 
 Example: \fBdont descend = /proc,/dev\fR
 .TP
-\fBdos charset (G)\fR
+\fB>dos charset (G)\fR
 DOS SMB clients assume the server has 
 the same charset as they do. This option specifies which 
 charset Samba should talk to DOS clients.
 
 The default depends on which charsets you have instaled. 
 Samba tries to use charset 850 but falls back to ASCII in 
-case it is not available. Run testparm(1)
- to check the default on your system.
+case it is not available. Run \fBtestparm\fR(1) to check the default on your system.
 .TP
-\fBdos filemode (S)\fR
+\fB>dos filemode (S)\fR
 The default behavior in Samba is to provide 
 UNIX-like behavior where only the owner of a file/directory is 
 able to change the permissions on it.  However, this behavior
@@ -2577,13 +2548,12 @@ are modified.
 
 Default: \fBdos filemode = no\fR
 .TP
-\fBdos filetime resolution (S)\fR
+\fB>dos filetime resolution (S)\fR
 Under the DOS and Windows FAT filesystem, the finest 
 granularity on time resolution is two seconds. Setting this parameter 
 for a share causes Samba to round the reported time down to the 
 nearest two second boundary when a query call that requires one second 
-resolution is made to \fBsmbd(8)\fR
-
+resolution is made to \fBsmbd\fR(8).
 
 This option is mainly used as a compatibility option for Visual 
 C++ when used against Samba shares. If oplocks are enabled on a 
@@ -2598,18 +2568,18 @@ happy.
 
 Default: \fBdos filetime resolution = no\fR
 .TP
-\fBdos filetimes (S)\fR
+\fB>dos filetimes (S)\fR
 Under DOS and Windows, if a user can write to a 
 file they can change the timestamp on it. Under POSIX semantics, 
 only the owner of the file or root may change the timestamp. By 
 default, Samba runs with POSIX semantics and refuses to change the 
 timestamp on a file if the user \fBsmbd\fR is acting 
-on behalf of is not the file owner. Setting this option to   yes allows DOS semantics and smbd will change the file 
+on behalf of is not the file owner. Setting this option to   yes allows DOS semantics and \fBsmbd\fR(8) will change the file 
 timestamp as DOS requires.
 
 Default: \fBdos filetimes = no\fR
 .TP
-\fBencrypt passwords (G)\fR
+\fB>encrypt passwords (G)\fR
 This boolean controls whether encrypted passwords 
 will be negotiated with the client. Note that Windows NT 4.0 SP3 and 
 above and also Windows 98 will by default expect encrypted passwords 
@@ -2618,16 +2588,15 @@ Samba see the file ENCRYPTION.txt in the Samba documentation
 directory \fIdocs/\fR shipped with the source code.
 
 In order for encrypted passwords to work correctly
-\fBsmbd(8)\fR must either 
-have access to a local \fIsmbpasswd(5)
-\fR program for information on how to set up 
+\fBsmbd\fR(8) must either 
+have access to a local \fBsmbpasswd\fR(5) file (see the \fBsmbpasswd\fR(8) program for information on how to set up 
 and maintain this file), or set the security = [server|domain|ads] parameter which 
 causes \fBsmbd\fR to authenticate against another 
 server.
 
 Default: \fBencrypt passwords = yes\fR
 .TP
-\fBenhanced browsing (G)\fR
+\fB>enhanced browsing (G)\fR
 This option enables a couple of enhancements to 
 cross-subnet browse propagation that have been added in Samba 
 but which are not standard in Microsoft implementations.  
@@ -2648,7 +2617,7 @@ cross-subnet browse propagation much more reliable.
 
 Default: \fBenhanced browsing = yes\fR
 .TP
-\fBenumports command (G)\fR
+\fB>enumports command (G)\fR
 The concept of a "port" is fairly foreign
 to UNIX hosts.  Under Windows NT/2000 print servers, a port
 is associated with a port monitor and generally takes the form of
@@ -2669,10 +2638,10 @@ Default: \fBno enumports command\fR
 Example: \fBenumports command = /usr/bin/listports
 \fR
 .TP
-\fBexec (S)\fR
+\fB>exec (S)\fR
 This is a synonym for   \fIpreexec\fR.
 .TP
-\fBfake directory create times (S)\fR
+\fB>fake directory create times (S)\fR
 NTFS and Windows VFAT file systems keep a create 
 time for all files and directories. This is not the same as the 
 ctime - status change time - that Unix keeps, so Samba by default 
@@ -2701,7 +2670,7 @@ will proceed as expected.
 
 Default: \fBfake directory create times = no\fR
 .TP
-\fBfake oplocks (S)\fR
+\fB>fake oplocks (S)\fR
 Oplocks are the way that SMB clients get permission 
 from a server to locally cache file operations. If a server grants 
 an oplock (opportunistic lock) then the client is free to assume 
@@ -2726,10 +2695,10 @@ this option carefully!
 
 Default: \fBfake oplocks = no\fR
 .TP
-\fBfollow symlinks (S)\fR
+\fB>follow symlinks (S)\fR
 This parameter allows the Samba administrator 
-to stop \fBsmbd(8)\fR 
-from following symbolic links in a particular share. Setting this 
+to stop \fBsmbd\fR(8) from following symbolic 
+links in a particular share. Setting this 
 parameter to no prevents any file or directory 
 that is a symbolic link from being followed (the user will get an 
 error).  This option is very useful to stop users from adding a 
@@ -2742,7 +2711,7 @@ follow symbolic links) by default.
 
 Default: \fBfollow symlinks = yes\fR
 .TP
-\fBforce create mode (S)\fR
+\fB>force create mode (S)\fR
 This parameter specifies a set of UNIX mode bit 
 permissions that will \fBalways\fR be set on a 
 file created by Samba. This is done by bitwise 'OR'ing these bits onto 
@@ -2766,7 +2735,7 @@ would force all created files to have read and execute
 permissions set for 'group' and 'other' as well as the 
 read/write/execute bits set for the 'user'.
 .TP
-\fBforce directory mode (S)\fR
+\fB>force directory mode (S)\fR
 This parameter specifies a set of UNIX mode bit 
 permissions that will \fBalways\fR be set on a directory 
 created by Samba. This is done by bitwise 'OR'ing these bits onto the 
@@ -2789,7 +2758,7 @@ would force all created directories to have read and execute
 permissions set for 'group' and 'other' as well as the
 read/write/execute bits set for the 'user'.
 .TP
-\fBforce directory security mode (S)\fR
+\fB>force directory security mode (S)\fR
 This parameter controls what UNIX permission bits 
 can be modified when a Windows NT client is manipulating the UNIX 
 permission on a directory using the native NT security dialog box.
@@ -2818,7 +2787,7 @@ Default: \fBforce directory security mode = 0\fR
 
 Example: \fBforce directory security mode = 700\fR
 .TP
-\fBforce group (S)\fR
+\fB>force group (S)\fR
 This specifies a UNIX group name that will be 
 assigned as the default primary group for all users connecting 
 to this service. This is useful for sharing files by ensuring 
@@ -2852,7 +2821,7 @@ Default: \fBno forced group\fR
 
 Example: \fBforce group = agroup\fR
 .TP
-\fBforce security mode (S)\fR
+\fB>force security mode (S)\fR
 This parameter controls what UNIX permission 
 bits can be modified when a Windows NT client is manipulating 
 the UNIX permission on a file using the native NT security dialog 
@@ -2882,7 +2851,7 @@ Default: \fBforce security mode = 0\fR
 
 Example: \fBforce security mode = 700\fR
 .TP
-\fBforce user (S)\fR
+\fB>force user (S)\fR
 This specifies a UNIX user name that will be 
 assigned as the default user for all users connecting to this service. 
 This is useful for sharing files. You should also use it carefully 
@@ -2906,11 +2875,10 @@ Default: \fBno forced user\fR
 
 Example: \fBforce user = auser\fR
 .TP
-\fBfstype (S)\fR
+\fB>fstype (S)\fR
 This parameter allows the administrator to 
 configure the string that specifies the type of filesystem a share 
-is using that is reported by \fBsmbd(8)
-\fR when a client queries the filesystem type
+is using that is reported by \fBsmbd\fR(8) when a client queries the filesystem type
 for a share. The default type is NTFS for 
 compatibility with Windows NT but this can be changed to other 
 strings such as Samba or FAT
@@ -2920,7 +2888,7 @@ Default: \fBfstype = NTFS\fR
 
 Example: \fBfstype = Samba\fR
 .TP
-\fBgetwd cache (G)\fR
+\fB>getwd cache (G)\fR
 This is a tuning option. When this is enabled a 
 caching algorithm will be used to reduce the time taken for getwd() 
 calls. This can have a significant impact on performance, especially 
@@ -2929,11 +2897,11 @@ parameter is set to no.
 
 Default: \fBgetwd cache = yes\fR
 .TP
-\fBgroup (S)\fR
+\fB>group (S)\fR
 Synonym for \fIforce 
 group\fR.
 .TP
-\fBguest account (S)\fR
+\fB>guest account (S)\fR
 This is a username which will be used for access 
 to services which are specified as \fI  guest ok\fR (see below). Whatever privileges this 
 user has will be available to any client connecting to the guest service. 
@@ -2957,16 +2925,20 @@ Default: \fBspecified at compile time, usually
 
 Example: \fBguest account = ftp\fR
 .TP
-\fBguest ok (S)\fR
+\fB>guest ok (S)\fR
 If this parameter is yes for 
 a service, then no password is required to connect to the service. 
 Privileges will be those of the \fI  guest account\fR.
 
+This paramater nullifies the benifits of setting
+\fIrestrict
+anonymous\fR = 2
+
 See the section below on \fI  security\fR for more information about this option.
 
 Default: \fBguest ok = no\fR
 .TP
-\fBguest only (S)\fR
+\fB>guest only (S)\fR
 If this parameter is yes for 
 a service, then only guest connections to the service are permitted. 
 This parameter will have no effect if   \fIguest ok\fR is not set for the service.
@@ -2975,13 +2947,13 @@ See the section below on \fI  security\fR for more information about this option
 
 Default: \fBguest only = no\fR
 .TP
-\fBhide dot files (S)\fR
+\fB>hide dot files (S)\fR
 This is a boolean parameter that controls whether 
 files starting with a dot appear as hidden files.
 
 Default: \fBhide dot files = yes\fR
 .TP
-\fBhide files(S)\fR
+\fB>hide files(S)\fR
 This is a list of files or directories that are not 
 visible but are accessible.  The DOS 'hidden' attribute is applied 
 to any files or directories that match.
@@ -3014,35 +2986,35 @@ SMB client (DAVE) available from
 Thursby <URL:http://www.thursby.com> creates for internal use, and also still hides 
 all files beginning with a dot.
 .TP
-\fBhide local users(G)\fR
+\fB>hide local users(G)\fR
 This parameter toggles the hiding of local UNIX 
 users (root, wheel, floppy, etc) from remote clients.
 
 Default: \fBhide local users = no\fR
 .TP
-\fBhide unreadable (G)\fR
+\fB>hide unreadable (G)\fR
 This parameter prevents clients from seeing the
 existance of files that cannot be read. Defaults to off.
 
 Default: \fBhide unreadable = no\fR
 .TP
-\fBhide unwriteable files (G)\fR
+\fB>hide unwriteable files (G)\fR
 This parameter prevents clients from seeing
 the existance of files that cannot be written to. Defaults to off.
 Note that unwriteable directories are shown as usual.
 
 Default: \fBhide unwriteable = no\fR
 .TP
-\fBhide special files (G)\fR
+\fB>hide special files (G)\fR
 This parameter prevents clients from seeing
 special files such as sockets, devices and fifo's in directory 
 listings.
 
 Default: \fBhide special files = no\fR
 .TP
-\fBhomedir map (G)\fR
+\fB>homedir map (G)\fR
 If\fInis homedir
-\fR is yes, and \fBsmbd(8)\fR is also acting 
+\fR is yes, and \fBsmbd\fR(8) is also acting 
 as a Win95/98 \fIlogon server\fR then this parameter 
 specifies the NIS (or YP) map from which the server for the user's 
 home directory should be extracted.  At present, only the Sun 
@@ -3066,7 +3038,7 @@ Default: \fBhomedir map = <empty string>\fR
 
 Example: \fBhomedir map = amd.homedir\fR
 .TP
-\fBhost msdfs (G)\fR
+\fB>host msdfs (G)\fR
 This boolean parameter is only available 
 if Samba has been configured and compiled with the \fB  --with-msdfs\fR option. If set to yes, 
 Samba will act as a Dfs server, and  allow Dfs-aware clients 
@@ -3078,7 +3050,7 @@ refer to msdfs_setup.html
 
 Default: \fBhost msdfs = no\fR
 .TP
-\fBhostname lookups (G)\fR
+\fB>hostname lookups (G)\fR
 Specifies whether samba should use (expensive)
 hostname lookups or use the ip addresses instead. An example place
 where hostname lookups are currently used is when checking 
@@ -3088,7 +3060,7 @@ Default: \fBhostname lookups = yes\fR
 
 Example: \fBhostname lookups = no\fR
 .TP
-\fBhosts allow (S)\fR
+\fB>hosts allow (S)\fR
 A synonym for this parameter is \fIallow 
 hosts\fR.
 
@@ -3136,9 +3108,8 @@ deny access from one particular host
 
 Note that access still requires suitable user-level passwords.
 
-See \fBtestparm(1)\fR
- for a way of testing your host access to see if it does 
-what you expect.
+See \fBtestparm\fR(1) for a way of testing your host access 
+to see if it does what you expect.
 
 Default: \fBnone (i.e., all hosts permitted access)
 \fR
@@ -3146,7 +3117,7 @@ Default: \fBnone (i.e., all hosts permitted access)
 Example: \fBallow hosts = 150.203.5. myhost.mynet.edu.au
 \fR
 .TP
-\fBhosts deny (S)\fR
+\fB>hosts deny (S)\fR
 The opposite of \fIhosts allow\fR 
 - hosts listed here are \fBNOT\fR permitted access to 
 services unless the specific services have their own lists to override 
@@ -3159,7 +3130,7 @@ Default: \fBnone (i.e., no hosts specifically excluded)
 Example: \fBhosts deny = 150.203.4. badhost.mynet.edu.au
 \fR
 .TP
-\fBhosts equiv (G)\fR
+\fB>hosts equiv (G)\fR
 If this global parameter is a non-null string, 
 it specifies the name of a file to read for the names of hosts 
 and users who will be allowed access without specifying a password.
@@ -3181,7 +3152,7 @@ Default: \fBno host equivalences\fR
 
 Example: \fBhosts equiv = /etc/hosts.equiv\fR
 .TP
-\fBinclude (G)\fR
+\fB>include (G)\fR
 This allows you to include one config file 
 inside another.  The file is included literally, as though typed 
 in place.
@@ -3194,7 +3165,7 @@ Default: \fBno file included\fR
 Example: \fBinclude = /usr/local/samba/lib/admin_smb.conf
 \fR
 .TP
-\fBinherit acls (S)\fR
+\fB>inherit acls (S)\fR
 This parameter can be used to ensure
 that if default acls exist on parent directories,
 they are always honored when creating a subdirectory.
@@ -3205,7 +3176,7 @@ default directory acls are propagated.
 
 Default: \fBinherit acls = no\fR
 .TP
-\fBinherit permissions (S)\fR
+\fB>inherit permissions (S)\fR
 The permissions on new files and directories 
 are normally governed by \fI  create mask\fR,   \fIdirectory mask\fR, \fIforce create mode\fR
 and \fIforce 
@@ -3235,7 +3206,7 @@ See also \fIcreate mask
 
 Default: \fBinherit permissions = no\fR
 .TP
-\fBinterfaces (G)\fR
+\fB>interfaces (G)\fR
 This option allows you to override the default 
 network interfaces list that Samba will use for browsing, name 
 registration and other NBT traffic. By default Samba will query 
@@ -3286,7 +3257,7 @@ interfaces only\fR.
 Default: \fBall active interfaces except 127.0.0.1 
 that are broadcast capable\fR
 .TP
-\fBinvalid users (S)\fR
+\fB>invalid users (S)\fR
 This is a list of users that should not be allowed 
 to login to this service. This is really a \fBparanoid\fR 
 check to absolutely ensure an improper setting does not breach 
@@ -3318,7 +3289,7 @@ Default: \fBno invalid users\fR
 Example: \fBinvalid users = root fred admin @wheel
 \fR
 .TP
-\fBkeepalive (G)\fR
+\fB>keepalive (G)\fR
 The value of the parameter (an integer) represents 
 the number of seconds between \fIkeepalive\fR 
 packets. If this parameter is zero, no keepalive packets will be 
@@ -3333,17 +3304,16 @@ Default: \fBkeepalive = 300\fR
 
 Example: \fBkeepalive = 600\fR
 .TP
-\fBkernel oplocks (G)\fR
+\fB>kernel oplocks (G)\fR
 For UNIXes that support kernel based \fIoplocks\fR
 (currently only IRIX and the Linux 2.4 kernel), this parameter 
 allows the use of them to be turned on or off.
 
 Kernel oplocks support allows Samba \fIoplocks
 \fR to be broken whenever a local UNIX process or NFS operation 
-accesses a file that \fBsmbd(8)\fR
- has oplocked. This allows complete data consistency between 
-SMB/CIFS, NFS and local file access (and is a \fBvery\fR 
-cool feature :-).
+accesses a file that \fBsmbd\fR(8) has oplocked. This allows complete 
+data consistency between SMB/CIFS, NFS and local file access (and is 
+a \fBvery\fR cool feature :-).
 
 This parameter defaults to on, but is translated
 to a no-op on systems that no not have the necessary kernel support.
@@ -3355,18 +3325,17 @@ and \fIlevel2 oplocks
 
 Default: \fBkernel oplocks = yes\fR
 .TP
-\fBlanman auth (G)\fR
-This parameter determines whether or not smbd will
-attempt to authenticate users using the LANMAN password hash.
-If disabled, only clients which support NT password hashes (e.g. Windows 
-NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
-network client) will be able to connect to the Samba host.
+\fB>lanman auth (G)\fR
+This parameter determines whether or not \fBsmbd\fR(8) will attempt to authenticate users 
+using the LANMAN password hash. If disabled, only clients which support NT 
+password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not 
+Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.
 
 Default : \fBlanman auth = yes\fR
 .TP
-\fBlarge readwrite (G)\fR
-This parameter determines whether or not smbd
-supports the new 64k streaming read and write varient SMB requests introduced
+\fB>large readwrite (G)\fR
+This parameter determines whether or not \fBsmbd\fR(8) supports the new 64k streaming 
+read and write varient SMB requests introduced
 with Windows 2000. Note that due to Windows 2000 client redirector bugs
 this requires Samba to be running on a 64-bit capable operating system such
 as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
@@ -3375,18 +3344,18 @@ code paths.
 
 Default : \fBlarge readwrite = yes\fR
 .TP
-\fBldap admin dn (G)\fR
+\fB>ldap admin dn (G)\fR
 The \fIldap admin dn\fR defines the Distinguished 
 Name (DN) name used by Samba to contact the ldap server when retreiving 
 user account information. The \fIldap
 admin dn\fR is used in conjunction with the admin dn password
 stored in the \fIprivate/secrets.tdb\fR file.  See the
-\fBsmbpasswd(8)\fR man
-page for more information on how to accmplish this.
+\fBsmbpasswd\fR(8) man page for more information on how 
+to accmplish this.
 
 Default : \fBnone\fR
 .TP
-\fBldap filter (G)\fR
+\fB>ldap filter (G)\fR
 This parameter specifies the RFC 2254 compliant LDAP search filter.
 The default is to match the login name with the uid 
 attribute for all entries matching the sambaAccount  
@@ -3394,7 +3363,7 @@ objectclass.  Note that this filter should only return one entry.
 
 Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR
 .TP
-\fBldap port (G)\fR
+\fB>ldap port (G)\fR
 This parameter is only available if Samba has been
 configure to include the \fB--with-ldapsam\fR option
 at compile time.
@@ -3409,7 +3378,7 @@ Default : \fBldap port = 636 ; if ldap ssl = on\fR
 
 Default : \fBldap port = 389 ; if ldap ssl = off\fR
 .TP
-\fBldap server (G)\fR
+\fB>ldap server (G)\fR
 This parameter is only available if Samba has been
 configure to include the \fB--with-ldapsam\fR option
 at compile time.
@@ -3419,7 +3388,7 @@ server which should be queried to locate user account information.
 
 Default : \fBldap server = localhost\fR
 .TP
-\fBldap ssl (G)\fR
+\fB>ldap ssl (G)\fR
 This option is used to define whether or not Samba should
 use SSL when connecting to the ldap server
 This is \fBNOT\fR related to
@@ -3447,23 +3416,23 @@ to configure.  See \fIpassdb backend\fR
 
 Default : \fBldap ssl = start_tls\fR
 .TP
-\fBldap suffix (G)\fR
+\fB>ldap suffix (G)\fR
 Specifies where user and machine accounts are added to the tree. Can be overriden by \fBldap user suffix\fR and \fBldap machine suffix\fR. It also used as the base dn for all ldap searches. 
 
 Default : \fBnone\fR
 .TP
-\fBldap user suffix (G)\fR
+\fB>ldap user suffix (G)\fR
 It specifies where users are added to the tree.
 
 Default : \fBnone\fR
 .TP
-\fBldap machine suffix (G)\fR
+\fB>ldap machine suffix (G)\fR
 It specifies where machines should be 
 added to the ldap tree.
 
 Default : \fBnone\fR
 .TP
-\fBldap passwd sync (G)\fR
+\fB>ldap passwd sync (G)\fR
 This option is used to define whether
 or not Samba should sync the LDAP password with the NT
 and LM hashes for normal accounts (NOT for
@@ -3485,7 +3454,7 @@ The \fIldap passwd sync\fR can be set to one of three values:
 
 Default : \fBldap passwd sync = no\fR
 .TP
-\fBldap trust ids (G)\fR
+\fB>ldap trust ids (G)\fR
 Normally, Samba validates each entry
 in the LDAP server against getpwnam().  This allows
 LDAP to be used for Samba with the unix system using
@@ -3502,7 +3471,7 @@ same LDAP server.
 
 Default: \fBldap trust ids = No\fR
 .TP
-\fBlevel2 oplocks (S)\fR
+\fB>level2 oplocks (S)\fR
 This parameter controls whether Samba supports
 level2 (read-only) oplocks on a share.
 
@@ -3539,8 +3508,8 @@ parameters.
 
 Default: \fBlevel2 oplocks = yes\fR
 .TP
-\fBlm announce (G)\fR
-This parameter determines if   \fBnmbd(8)\fR will produce Lanman announce 
+\fB>lm announce (G)\fR
+This parameter determines if \fBnmbd\fR(8) will produce Lanman announce 
 broadcasts that are needed by OS/2 clients in order for them to see 
 the Samba server in their browse list. This parameter can have three 
 values, yes, no, or
@@ -3561,7 +3530,7 @@ Default: \fBlm announce = auto\fR
 
 Example: \fBlm announce = yes\fR
 .TP
-\fBlm interval (G)\fR
+\fB>lm interval (G)\fR
 If Samba is set to produce Lanman announce 
 broadcasts needed by OS/2 clients (see the   \fIlm announce\fR parameter) then this 
 parameter defines the frequency in seconds with which they will be 
@@ -3576,7 +3545,7 @@ Default: \fBlm interval = 60\fR
 
 Example: \fBlm interval = 120\fR
 .TP
-\fBload printers (G)\fR
+\fB>load printers (G)\fR
 A boolean variable that controls whether all 
 printers in the printcap will be loaded for browsing by default. 
 See the printers section for 
@@ -3584,8 +3553,8 @@ more details.
 
 Default: \fBload printers = yes\fR
 .TP
-\fBlocal master (G)\fR
-This option allows \fB  nmbd(8)\fR to try and become a local master browser 
+\fB>local master (G)\fR
+This option allows \fBnmbd\fR(8) to try and become a local master browser 
 on a subnet. If set to no then \fB  nmbd\fR will not attempt to become a local master browser 
 on a subnet and will also lose in all browsing elections. By
 default this value is set to yes. Setting this value to yes doesn't
@@ -3597,10 +3566,10 @@ Setting this value to no will cause \fBnmbd\fR
 
 Default: \fBlocal master = yes\fR
 .TP
-\fBlock dir (G)\fR
+\fB>lock dir (G)\fR
 Synonym for \fI  lock directory\fR.
 .TP
-\fBlock directory (G)\fR
+\fB>lock directory (G)\fR
 This option specifies the directory where lock 
 files will be placed.  The lock files are used to implement the 
 \fImax connections\fR
@@ -3610,7 +3579,7 @@ Default: \fBlock directory = ${prefix}/var/locks\fR
 
 Example: \fBlock directory = /var/run/samba/locks\fR
 .TP
-\fBlock spin count (G)\fR
+\fB>lock spin count (G)\fR
 This parameter controls the number of times
 that smbd should attempt to gain a byte range lock on the 
 behalf of a client request.  Experiments have shown that
@@ -3622,7 +3591,7 @@ and FoxPro.
 
 Default: \fBlock spin count = 2\fR
 .TP
-\fBlock spin time (G)\fR
+\fB>lock spin time (G)\fR
 The time in microseconds that smbd should 
 pause before attempting to gain a failed lock.  See
 \fIlock spin 
@@ -3630,7 +3599,7 @@ count\fR for more details.
 
 Default: \fBlock spin time = 10\fR
 .TP
-\fBlocking (S)\fR
+\fB>locking (S)\fR
 This controls whether or not locking will be 
 performed by the server in response to lock requests from the 
 client.
@@ -3653,7 +3622,7 @@ You should never need to set this parameter.
 
 Default: \fBlocking = yes\fR
 .TP
-\fBlog file (G)\fR
+\fB>log file (G)\fR
 This option allows you to override the name 
 of the Samba log file (also known as the debug file).
 
@@ -3663,7 +3632,7 @@ you to have separate log files for each user or machine.
 Example: \fBlog file = /usr/local/samba/var/log.%m
 \fR
 .TP
-\fBlog level (G)\fR
+\fB>log level (G)\fR
 The value of the parameter (a astring) allows 
 the debug level (logging level) to be specified in the 
 \fIsmb.conf\fR file. This parameter has been
@@ -3677,7 +3646,7 @@ the command line or level zero if none was specified.
 Example: \fBlog level = 3 passdb:5 auth:10 winbind:2
 \fR
 .TP
-\fBlogon drive (G)\fR
+\fB>logon drive (G)\fR
 This parameter specifies the local path to 
 which the home directory will be connected (see \fIlogon home\fR) 
 and is only used by NT Workstations. 
@@ -3689,7 +3658,7 @@ Default: \fBlogon drive = z:\fR
 
 Example: \fBlogon drive = h:\fR
 .TP
-\fBlogon home (G)\fR
+\fB>logon home (G)\fR
 This parameter specifies the home directory 
 location when a Win95/98 or NT Workstation logs into a Samba PDC.  
 It allows you to do 
@@ -3726,7 +3695,7 @@ Default: \fBlogon home = "\\\\%N\\%U"\fR
 
 Example: \fBlogon home = "\\\\remote_smb_server\\%U"\fR
 .TP
-\fBlogon path (G)\fR
+\fB>logon path (G)\fR
 This parameter specifies the home directory 
 where roaming profiles (NTuser.dat etc files for Windows NT) are 
 stored.  Contrary to previous versions of these manual pages, it has 
@@ -3769,7 +3738,7 @@ Default: \fBlogon path = \\\\%N\\%U\\profile\fR
 
 Example: \fBlogon path = \\\\PROFILESERVER\\PROFILE\\%U\fR
 .TP
-\fBlogon script (G)\fR
+\fB>logon script (G)\fR
 This parameter specifies the batch file (.bat) or 
 NT command file (.cmd) to be downloaded and run on a machine when 
 a user successfully logs in.  The file must contain the DOS 
@@ -3805,7 +3774,7 @@ Default: \fBno logon script defined\fR
 
 Example: \fBlogon script = scripts\\%U.bat\fR
 .TP
-\fBlppause command (S)\fR
+\fB>lppause command (S)\fR
 This parameter specifies the command to be 
 executed on the server host in order to stop printing or spooling 
 a specific print job.
@@ -3844,7 +3813,7 @@ is SOFTQ, then the default is:
 Example for HPUX: \fBlppause command = /usr/bin/lpalt  
 %p-%j -p0\fR
 .TP
-\fBlpq cache time (G)\fR
+\fB>lpq cache time (G)\fR
 This controls how long lpq info will be cached 
 for to prevent the \fBlpq\fR command being called too 
 often. A separate cache is kept for each variation of the \fB  lpq\fR command used by the system, so if you use different 
@@ -3868,7 +3837,7 @@ Default: \fBlpq cache time = 10\fR
 
 Example: \fBlpq cache time = 30\fR
 .TP
-\fBlpq command (S)\fR
+\fB>lpq command (S)\fR
 This parameter specifies the command to be 
 executed on the server host in order to obtain \fBlpq
 \fR-style printer status information.
@@ -3906,7 +3875,7 @@ Default: \fBdepends on the setting of \fI  printing\fB\fR
 
 Example: \fBlpq command = /usr/bin/lpq -P%p\fR
 .TP
-\fBlpresume command (S)\fR
+\fB>lpresume command (S)\fR
 This parameter specifies the command to be 
 executed on the server host in order to restart or continue 
 printing or spooling a specific print job.
@@ -3941,7 +3910,7 @@ is SOFTQ, then the default is:
 Example for HPUX: \fBlpresume command = /usr/bin/lpalt 
 %p-%j -p2\fR
 .TP
-\fBlprm command (S)\fR
+\fB>lprm command (S)\fR
 This parameter specifies the command to be 
 executed on the server host in order to delete a print job.
 
@@ -3968,7 +3937,7 @@ Example 1: \fBlprm command = /usr/bin/lprm -P%p %j
 Example 2: \fBlprm command = /usr/bin/cancel %p-%j
 \fR
 .TP
-\fBmachine password timeout (G)\fR
+\fB>machine password timeout (G)\fR
 If a Samba server is a member of a Windows 
 NT Domain (see the security = domain) 
 parameter) then periodically a running   smbd(8) process will try and change the MACHINE ACCOUNT 
@@ -3977,12 +3946,11 @@ PASSWORD stored in the TDB called \fIprivate/secrets.tdb
 will be changed, in seconds. The default is one week (expressed in 
 seconds), the same as a Windows NT Domain member server.
 
-See also \fBsmbpasswd(8)
-\fR and the   security = domain) parameter.
+See also \fBsmbpasswd\fR(8), and the   security = domain) parameter.
 
 Default: \fBmachine password timeout = 604800\fR
 .TP
-\fBmagic output (S)\fR
+\fB>magic output (S)\fR
 This parameter specifies the name of a file 
 which will contain output created by a magic script (see the 
 \fImagic script\fR
@@ -3997,7 +3965,7 @@ Default: \fBmagic output = <magic script name>.out
 
 Example: \fBmagic output = myfile.txt\fR
 .TP
-\fBmagic script (S)\fR
+\fB>magic script (S)\fR
 This parameter specifies the name of a file which, 
 if opened, will be executed by the server when the file is closed. 
 This allows a UNIX script to be sent to the Samba host and 
@@ -4023,12 +3991,12 @@ Default: \fBNone. Magic scripts disabled.\fR
 
 Example: \fBmagic script = user.csh\fR
 .TP
-\fBmangle case (S)\fR
+\fB>mangle case (S)\fR
 See the section on   NAME MANGLING
 
 Default: \fBmangle case = no\fR
 .TP
-\fBmangled map (S)\fR
+\fB>mangled map (S)\fR
 This is for those who want to directly map UNIX 
 file names which cannot be represented on Windows/DOS.  The mangling 
 of names is not always what is needed.  In particular you may have 
@@ -4050,7 +4018,7 @@ Default: \fBno mangled map\fR
 
 Example: \fBmangled map = (*;1 *;)\fR
 .TP
-\fBmangled names (S)\fR
+\fB>mangled names (S)\fR
 This controls whether non-DOS names under UNIX 
 should be mapped to DOS-compatible names ("mangled") and made visible, 
 or whether non-DOS names should simply be ignored.
@@ -4109,7 +4077,7 @@ do not change between sessions.
 
 Default: \fBmangled names = yes\fR
 .TP
-\fBmangling method (G)\fR
+\fB>mangling method (G)\fR
 controls the algorithm used for the generating
 the mangled names. Can take two different values, "hash" and
 "hash2". "hash" is  the default and is the algorithm that has been
@@ -4123,7 +4091,7 @@ Default: \fBmangling method = hash2\fR
 
 Example: \fBmangling method = hash\fR
 .TP
-\fBmangle prefix (G)\fR
+\fB>mangle prefix (G)\fR
 controls the number of prefix
 characters from the original name used when generating
 the mangled names. A larger value will give a weaker
@@ -4134,9 +4102,9 @@ Default: \fBmangle prefix = 1\fR
 
 Example: \fBmangle prefix = 4\fR
 .TP
-\fBmangled stack (G)\fR
+\fB>mangled stack (G)\fR
 This parameter controls the number of mangled names 
-that should be cached in the Samba server   smbd(8)
+that should be cached in the Samba server \fBsmbd\fR(8).
 
 This stack is a list of recently mangled base names 
 (extensions are only maintained if they are longer than 3 characters 
@@ -4154,7 +4122,7 @@ Default: \fBmangled stack = 50\fR
 
 Example: \fBmangled stack = 100\fR
 .TP
-\fBmangling char (S)\fR
+\fB>mangling char (S)\fR
 This controls what character is used as 
 the \fBmagic\fR character in name mangling. The default is a '~'
 but this may interfere with some software. Use this option to set 
@@ -4164,7 +4132,7 @@ Default: \fBmangling char = ~\fR
 
 Example: \fBmangling char = ^\fR
 .TP
-\fBmap archive (S)\fR
+\fB>map archive (S)\fR
 This controls whether the DOS archive attribute 
 should be mapped to the UNIX owner execute bit.  The DOS archive bit 
 is set when a file has been modified since its last backup.  One 
@@ -4178,7 +4146,7 @@ parameter to be set such that owner execute bit is not masked out
 
 Default: \fBmap archive = yes\fR
 .TP
-\fBmap hidden (S)\fR
+\fB>map hidden (S)\fR
 This controls whether DOS style hidden files 
 should be mapped to the UNIX world execute bit.
 
@@ -4188,7 +4156,7 @@ it must include 001). See the parameter   \fIcreate mask\fR for details.
 
 Default: \fBmap hidden = no\fR
 .TP
-\fBmap system (S)\fR
+\fB>map system (S)\fR
 This controls whether DOS style system files 
 should be mapped to the UNIX group execute bit.
 
@@ -4198,13 +4166,13 @@ it must include 010). See the parameter   \fIcreate mask\fR for details.
 
 Default: \fBmap system = no\fR
 .TP
-\fBmap to guest (G)\fR
+\fB>map to guest (G)\fR
 This parameter is only useful in   security modes other than \fIsecurity = share\fR 
 - i.e. user, server, 
 and domain.
 
 This parameter can take three different values, which tell
-smbd(8) what to do with user 
+\fBsmbd\fR(8) what to do with user 
 login requests that don't match a valid UNIX user in some way.
 
 The three settings are :
@@ -4249,7 +4217,7 @@ Default: \fBmap to guest = Never\fR
 
 Example: \fBmap to guest = Bad User\fR
 .TP
-\fBmax connections (S)\fR
+\fB>max connections (S)\fR
 This option allows the number of simultaneous 
 connections to a service to be limited. If \fImax connections
 \fR is greater than 0 then connections will be refused if 
@@ -4264,7 +4232,7 @@ Default: \fBmax connections = 0\fR
 
 Example: \fBmax connections = 10\fR
 .TP
-\fBmax disk size (G)\fR
+\fB>max disk size (G)\fR
 This option allows you to put an upper limit 
 on the apparent size of disks. If you set this option to 100 
 then all shares will appear to be not larger than 100 MB in 
@@ -4287,7 +4255,7 @@ Default: \fBmax disk size = 0\fR
 
 Example: \fBmax disk size = 1000\fR
 .TP
-\fBmax log size (G)\fR
+\fB>max log size (G)\fR
 This option (an integer in kilobytes) specifies 
 the max size the log file should grow to. Samba periodically checks 
 the size and if it is exceeded it will rename the file, adding 
@@ -4299,16 +4267,16 @@ Default: \fBmax log size = 5000\fR
 
 Example: \fBmax log size = 1000\fR
 .TP
-\fBmax mux (G)\fR
+\fB>max mux (G)\fR
 This option controls the maximum number of 
 outstanding simultaneous SMB operations that Samba tells the client 
 it will allow. You should never need to set this parameter.
 
 Default: \fBmax mux = 50\fR
 .TP
-\fBmax open files (G)\fR
+\fB>max open files (G)\fR
 This parameter limits the maximum number of 
-open files that one smbd(8) file 
+open files that one \fBsmbd\fR(8) file 
 serving process may have open for a client at any one time. The 
 default for this parameter is set very high (10,000) as Samba uses 
 only one bit per unopened file.
@@ -4319,10 +4287,10 @@ this parameter so you should never need to touch this parameter.
 
 Default: \fBmax open files = 10000\fR
 .TP
-\fBmax print jobs (S)\fR
+\fB>max print jobs (S)\fR
 This parameter limits the maximum number of 
 jobs allowable in a Samba printer queue at any given moment.
-If this number is exceeded, \fB  smbd(8)\fR will remote "Out of Space" to the client.
+If this number is exceeded, \fBsmbd\fR(8) will remote "Out of Space" to the client.
 See all \fItotal
 print jobs\fR.
 
@@ -4330,7 +4298,7 @@ Default: \fBmax print jobs = 1000\fR
 
 Example: \fBmax print jobs = 5000\fR
 .TP
-\fBmax protocol (G)\fR
+\fB>max protocol (G)\fR
 The value of the parameter (a string) is the highest 
 protocol level that will be supported by the server.
 
@@ -4368,22 +4336,22 @@ Default: \fBmax protocol = NT1\fR
 
 Example: \fBmax protocol = LANMAN1\fR
 .TP
-\fBmax smbd processes (G)\fR
+\fB>max smbd processes (G)\fR
 This parameter limits the maximum number of 
 \fBsmbd(8)\fR
 processes concurrently running on a system and is intended
 as a stopgap to prevent degrading service to clients in the event
 that the server has insufficient resources to handle more than this
 number of connections.  Remember that under normal operating
-conditions, each user will have an smbd associated with him or her
+conditions, each user will have an \fBsmbd\fR(8) associated with him or her
 to handle connections to all shares from a given host.
 
 Default: \fBmax smbd processes = 0\fR   ## no limit
 
 Example: \fBmax smbd processes = 1000\fR
 .TP
-\fBmax ttl (G)\fR
-This option tells nmbd(8)
+\fB>max ttl (G)\fR
+This option tells \fBnmbd\fR(8)
 what the default 'time to live' of NetBIOS names should be (in seconds) 
 when \fBnmbd\fR is requesting a name using either a
 broadcast packet or from a WINS server. You should never need to
@@ -4391,9 +4359,8 @@ change this parameter. The default is 3 days.
 
 Default: \fBmax ttl = 259200\fR
 .TP
-\fBmax wins ttl (G)\fR
-This option tells nmbd(8)
- when acting as a WINS server (  \fIwins support = yes\fR) what the maximum
+\fB>max wins ttl (G)\fR
+This option tells \fBsmbd\fR(8) when acting as a WINS server (  \fIwins support = yes\fR) what the maximum
 \&'time to live' of NetBIOS names that \fBnmbd\fR 
 will grant will be (in seconds). You should never need to change this
 parameter.  The default is 6 days (518400 seconds).
@@ -4403,7 +4370,7 @@ wins ttl\fR parameter.
 
 Default: \fBmax wins ttl = 518400\fR
 .TP
-\fBmax xmit (G)\fR
+\fB>max xmit (G)\fR
 This option controls the maximum packet size 
 that will be negotiated by Samba. The default is 65535, which 
 is the maximum. In some cases you may find you get better performance 
@@ -4413,7 +4380,7 @@ Default: \fBmax xmit = 65535\fR
 
 Example: \fBmax xmit = 8192\fR
 .TP
-\fBmessage command (G)\fR
+\fB>message command (G)\fR
 This specifies what command to run when the 
 server receives a WinPopup style message.
 
@@ -4476,10 +4443,10 @@ Default: \fBno message command\fR
 Example: \fBmessage command = csh -c 'xedit %s;
 rm %s' &\fR
 .TP
-\fBmin passwd length (G)\fR
+\fB>min passwd length (G)\fR
 Synonym for   \fImin password length\fR.
 .TP
-\fBmin password length (G)\fR
+\fB>min password length (G)\fR
 This option sets the minimum length in characters 
 of a plaintext password that \fBsmbd\fR will accept when performing 
 UNIX password changing.
@@ -4490,7 +4457,7 @@ password sync\fR,   \fIpasswd program\fR and \fIpasswd chat debug\fR
 
 Default: \fBmin password length = 5\fR
 .TP
-\fBmin print space (S)\fR
+\fB>min print space (S)\fR
 This sets the minimum amount of free disk 
 space that must be available before a user will be able to spool 
 a print job. It is specified in kilobytes. The default is 0, which 
@@ -4503,7 +4470,7 @@ Default: \fBmin print space = 0\fR
 
 Example: \fBmin print space = 2000\fR
 .TP
-\fBmin protocol (G)\fR
+\fB>min protocol (G)\fR
 The value of the parameter (a string) is the 
 lowest SMB protocol dialect than Samba will support.  Please refer
 to the \fImax protocol\fR
@@ -4522,8 +4489,8 @@ Default : \fBmin protocol = CORE\fR
 Example : \fBmin protocol = NT1\fR  # disable DOS 
 clients
 .TP
-\fBmin wins ttl (G)\fR
-This option tells nmbd(8)
+\fB>min wins ttl (G)\fR
+This option tells \fBnmbd\fR(8)
 when acting as a WINS server (\fI  wins support = yes\fR) what the minimum 'time to live' 
 of NetBIOS names that \fBnmbd\fR will grant will be (in 
 seconds). You should never need to change this parameter.  The default 
@@ -4531,7 +4498,7 @@ is 6 hours (21600 seconds).
 
 Default: \fBmin wins ttl = 21600\fR
 .TP
-\fBmsdfs proxy (S)\fR
+\fB>msdfs proxy (S)\fR
 This parameter indicates that the share is a
 stand-in for another CIFS share whose location is specified by
 the value of the parameter. When clients attempt to connect to
@@ -4544,25 +4511,25 @@ and
 \fIhost msdfs\fR
 options to find out how to set up a Dfs root share.
 
-Example: \fBmsdfs proxy = \\otherserver\\someshare\fR
+Example: \fBmsdfs proxy = \\\\\\\\otherserver\\\\someshare\fR
 .TP
-\fBmsdfs root (S)\fR
+\fB>msdfs root (S)\fR
 This boolean parameter is only available if 
 Samba is configured  and  compiled with the \fB  --with-msdfs\fR option.  If set to yes, 
 Samba treats the share as a Dfs root and  allows clients to browse 
 the distributed file system tree rooted at the share directory. 
 Dfs links are specified  in  the share directory by symbolic 
-links of the form \fImsdfs:serverA\\shareA,serverB\\shareB\fR
+links of the form \fImsdfs:serverA\\\\shareA,serverB\\\\shareB\fR
 and so on.  For more information on setting up a Dfs tree 
-on Samba,  refer to msdfs_setup.html
-
+on Samba,  refer to "Hosting a Microsoft 
+Distributed File System tree on Samba" document.
 
 See also \fIhost msdfs
 \fR
 
 Default: \fBmsdfs root = no\fR
 .TP
-\fBname cache timeout (G)\fR
+\fB>name cache timeout (G)\fR
 Specifies the number of seconds it takes before 
 entries in samba's hostname resolve cache time out. If 
 the timeout is set to 0. the caching is disabled.
@@ -4571,7 +4538,7 @@ Default: \fBname cache timeout = 660\fR
 
 Example: \fBname cache timeout = 0\fR
 .TP
-\fBname resolve order (G)\fR
+\fB>name resolve order (G)\fR
 This option is used by the programs in the Samba 
 suite to determine what naming services to use and in what order 
 to resolve host names to IP addresses. The option takes a space 
@@ -4620,7 +4587,7 @@ This will cause the local lmhosts file to be examined
 first, followed by a broadcast attempt, followed by a normal 
 system hostname lookup.
 .TP
-\fBnetbios aliases (G)\fR
+\fB>netbios aliases (G)\fR
 This is a list of NetBIOS names that nmbd(8) will advertise as additional 
 names by which the Samba server is known. This allows one machine 
 to appear in browse lists under multiple names. If a machine is 
@@ -4636,7 +4603,7 @@ Default: \fBempty string (no additional names)\fR
 
 Example: \fBnetbios aliases = TEST TEST1 TEST2\fR
 .TP
-\fBnetbios name (G)\fR
+\fB>netbios name (G)\fR
 This sets the NetBIOS name by which a Samba 
 server is known. By default it is the same as the first component 
 of the host's DNS name. If a machine is a browse server or
@@ -4651,12 +4618,12 @@ Default: \fBmachine DNS name\fR
 
 Example: \fBnetbios name = MYNAME\fR
 .TP
-\fBnetbios scope (G)\fR
+\fB>netbios scope (G)\fR
 This sets the NetBIOS scope that Samba will 
 operate under. This should not be set unless every machine 
 on your LAN also sets this value.
 .TP
-\fBnis homedir (G)\fR
+\fB>nis homedir (G)\fR
 Get the home share server from a NIS map. For 
 UNIX systems that use an automounter, the user's home directory 
 will often be mounted on a workstation on demand from a remote 
@@ -4683,7 +4650,7 @@ be a logon server.
 
 Default: \fBnis homedir = no\fR
 .TP
-\fBnon unix account range (G)\fR
+\fB>non unix account range (G)\fR
 The non unix account range parameter specifies 
 the range of 'user ids' that are allocated by the various 'non unix 
 account' passdb backends.  These backends allow
@@ -4701,7 +4668,7 @@ Default: \fBnon unix account range = <empty string>
 
 Example: \fBnon unix account range = 10000-20000\fR
 .TP
-\fBnt acl support (S)\fR
+\fB>nt acl support (S)\fR
 This boolean parameter controls whether 
 smbd(8) will attempt to map 
 UNIX permissions into Windows NT access control lists.
@@ -4710,16 +4677,16 @@ prior to 2.2.2.
 
 Default: \fBnt acl support = yes\fR
 .TP
-\fBnt pipe support (G)\fR
+\fB>nt pipe support (G)\fR
 This boolean parameter controls whether 
-smbd(8) will allow Windows NT 
+\fBsmbd\fR(8) will allow Windows NT 
 clients to connect to the NT SMB specific IPC$ 
 pipes. This is a developer debugging option and can be left
 alone.
 
 Default: \fBnt pipe support = yes\fR
 .TP
-\fBnt status support (G)\fR
+\fB>nt status support (G)\fR
 This boolean parameter controls whether smbd(8) will negotiate NT specific status
 support with Windows NT/2k/XP clients. This is a developer
 debugging option and should be left alone.
@@ -4731,15 +4698,15 @@ You should not need to ever disable this parameter.
 
 Default: \fBnt status support = yes\fR
 .TP
-\fBnull passwords (G)\fR
+\fB>null passwords (G)\fR
 Allow or disallow client access to accounts 
 that have null passwords. 
 
-See also smbpasswd (5)
+See also \fBsmbpasswd\fR(5).
 
 Default: \fBnull passwords = no\fR
 .TP
-\fBobey pam restrictions (G)\fR
+\fB>obey pam restrictions (G)\fR
 When Samba 2.2 is configured to enable PAM support
 (i.e. --with-pam), this parameter will control whether or not Samba
 should obey PAM's account and session management directives.  The 
@@ -4751,7 +4718,7 @@ authentication mechanism needed in the presence of SMB password encryption.
 
 Default: \fBobey pam restrictions = no\fR
 .TP
-\fBonly user (S)\fR
+\fB>only user (S)\fR
 This is a boolean option that controls whether 
 connections with usernames not in the \fIuser\fR 
 list will be allowed. By default this option is disabled so that a 
@@ -4773,10 +4740,10 @@ parameter.
 
 Default: \fBonly user = no\fR
 .TP
-\fBonly guest (S)\fR
+\fB>only guest (S)\fR
 A synonym for \fI  guest only\fR.
 .TP
-\fBoplock break wait time (G)\fR
+\fB>oplock break wait time (G)\fR
 This is a tuning parameter added due to bugs in 
 both Windows 9x and WinNT. If Samba responds to a client too 
 quickly when that client issues an SMB that can cause an oplock 
@@ -4790,15 +4757,14 @@ AND UNDERSTOOD THE SAMBA OPLOCK CODE\fR.
 
 Default: \fBoplock break wait time = 0\fR
 .TP
-\fBoplock contention limit (S)\fR
+\fB>oplock contention limit (S)\fR
 This is a \fBvery\fR advanced 
 smbd(8) tuning option to 
 improve the efficiency of the granting of oplocks under multiple 
 client contention for the same file.
 
-In brief it specifies a number, which causes smbd not to 
-grant an oplock even when requested if the approximate number of 
-clients contending for an oplock on the same file goes over this 
+In brief it specifies a number, which causes \fBsmbd\fR(8)not to grant an oplock even when requested 
+if the approximate number of clients contending for an oplock on the same file goes over this 
 limit. This causes \fBsmbd\fR to behave in a similar 
 way to Windows NT.
 
@@ -4807,7 +4773,7 @@ AND UNDERSTOOD THE SAMBA OPLOCK CODE\fR.
 
 Default: \fBoplock contention limit = 2\fR
 .TP
-\fBoplocks (S)\fR
+\fB>oplocks (S)\fR
 This boolean option tells \fBsmbd\fR whether to 
 issue oplocks (opportunistic locks) to file open requests on this 
 share. The oplock code can dramatically (approx. 30% or more) improve 
@@ -4830,19 +4796,21 @@ oplocks\fR and \fI  level2 oplocks\fR parameters.
 
 Default: \fBoplocks = yes\fR
 .TP
-\fBntlm auth (G)\fR
-This parameter determines whether or not smbd will
+\fB>ntlm auth (G)\fR
+This parameter determines 
+whether or not \fBsmbd\fR(8) will
 attempt to authenticate users using the NTLM password hash.
 If disabled, only the lanman password hashes will be used. 
 
-Please note that at least this option or \fBlanman auth\fR should be enabled in order to be able to log in.
+Please note that at least this option or \fBlanman auth\fR should 
+be enabled in order to be able to log in.
 
 Default : \fBntlm auth = yes\fR
 .TP
-\fBos level (G)\fR
+\fB>os level (G)\fR
 This integer value controls what level Samba 
 advertises itself as for browse elections. The value of this 
-parameter determines whether nmbd(8) 
+parameter determines whether \fBnmbd\fR(8) 
 has a chance of becoming a local master browser for the \fI  WORKGROUP\fR in the local broadcast area.
 
 \fBNote :\fRBy default, Samba will win 
@@ -4857,7 +4825,7 @@ Default: \fBos level = 20\fR
 
 Example: \fBos level = 65 \fR
 .TP
-\fBos2 driver map (G)\fR
+\fB>os2 driver map (G)\fR
 The parameter is used to define the absolute
 path to a file containing a mapping of Windows NT printer driver
 names to OS/2 printer driver names.  The format is:
@@ -4872,13 +4840,12 @@ LaserJet 5L\fR.
 The need for the file is due to the printer driver namespace 
 problem described in the Samba 
 Printing HOWTO  For more details on OS/2 clients, please 
-refer to the OS2-Client-HOWTO
- containing in the Samba documentation.
+refer to the OS2-Client-HOWTO containing in the Samba documentation.
 
 Default: \fBos2 driver map = <empty string>
 \fR
 .TP
-\fBpam password change (G)\fR
+\fB>pam password change (G)\fR
 With the addition of better PAM support in Samba 2.2, 
 this parameter, it is possible to use PAM's password change control 
 flag for Samba.  If enabled, then PAM will be used for password
@@ -4890,25 +4857,28 @@ parameter for most setups.
 
 Default: \fBpam password change = no\fR
 .TP
-\fBpanic action (G)\fR
+\fB>panic action (G)\fR
 This is a Samba developer option that allows a 
-system command to be called when either   smbd(8) 
-crashes. This is usually used to draw attention to the fact that 
-a problem occurred.
+system command to be called when either \fBsmbd\fR(8) or \fBsmbd\fR(8) crashes. This is usually used to 
+draw attention to the fact that a problem occurred.
 
 Default: \fBpanic action = <empty string>\fR
 
 Example: \fBpanic action = "/bin/sleep 90000"\fR
 .TP
-\fBparanoid server security (G)\fR
+\fB>paranoid server security (G)\fR
 Some version of NT 4.x allow non-guest 
 users with a bad passowrd. When this option is enabled, samba will not 
 use a broken NT 4.x server as password server, but instead complain
-to the logs and exit.
+to the logs and exit.  
+
+Disabling this option prevents Samba from making
+this check, which involves deliberatly attempting a
+bad logon to the remote server.
 
 Default: \fBparanoid server security = yes\fR
 .TP
-\fBpassdb backend (G)\fR
+\fB>passdb backend (G)\fR
 This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both 
 smbpasswd and tdbsam to be used without a recompile. 
 Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified.
@@ -4999,11 +4969,11 @@ Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam\fR
 
 Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR
 .TP
-\fBpasswd chat (G)\fR
+\fB>passwd chat (G)\fR
 This string controls the \fB"chat"\fR 
-conversation that takes places between smbd and the local password changing
+conversation that takes places between \fBsmbd\fR(8) and the local password changing
 program to change the user's password. The string describes a 
-sequence of response-receive pairs that   smbd(8) uses to determine what to send to the 
+sequence of response-receive pairs that \fBsmbd\fR(8) uses to determine what to send to the 
 \fIpasswd program\fR
 and what to expect back. If the expected output is not 
 received then the password is not changed.
@@ -5023,7 +4993,7 @@ executed on the NIS master.
 
 The string can contain the macro \fI%n\fR which is substituted 
 for the new password.  The chat sequence can also contain the standard 
-macros \\n, \\r,   \\t and \\s to give line-feed, 
+macros \\\\n, \\\\r,   \\\\t and \\\\s to give line-feed, 
 carriage-return, tab and space.  The chat sequence string can also contain 
 a '*' which matches any sequence of characters.
 Double quotes can be used to collect strings with spaces 
@@ -5041,18 +5011,18 @@ not any particular output. The \\n macro is ignored for PAM conversions.
 See also \fIunix password 
 sync\fR, \fI  passwd program\fR ,  \fIpasswd chat debug\fR and   \fIpam password change\fR.
 
-Default: \fBpasswd chat = *new*password* %n\\n 
-*new*password* %n\\n *changed*\fR
+Default: \fBpasswd chat = *new*password* %n\\\\n 
+*new*password* %n\\\\n *changed*\fR
 
-Example: \fBpasswd chat = "*Enter OLD password*" %o\\n 
-"*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password 
+Example: \fBpasswd chat = "*Enter OLD password*" %o\\\\n 
+"*Enter NEW password*" %n\\\\n "*Reenter NEW password*" %n\\\\n "*Password 
 changed*"\fR
 .TP
-\fBpasswd chat debug (G)\fR
+\fB>passwd chat debug (G)\fR
 This boolean specifies if the passwd chat script 
 parameter is run in \fBdebug\fR mode. In this mode the 
 strings passed to and received from the passwd chat are printed 
-in the smbd(8) log with a 
+in the \fBsmbd\fR(8) log with a 
 \fIdebug level\fR 
 of 100. This is a dangerous option as it will allow plaintext passwords 
 to be seen in the \fBsmbd\fR log. It is available to help 
@@ -5069,7 +5039,7 @@ See also \fIpasswd chat\fR
 
 Default: \fBpasswd chat debug = no\fR
 .TP
-\fBpasswd program (G)\fR
+\fB>passwd program (G)\fR
 The name of a program that can be used to set 
 UNIX user passwords.  Any occurrences of \fI%u\fR 
 will be replaced with the user name. The user name is checked for 
@@ -5102,7 +5072,7 @@ Default: \fBpasswd program = /bin/passwd\fR
 
 Example: \fBpasswd program = /sbin/npasswd %u\fR
 .TP
-\fBpassword level (G)\fR
+\fB>password level (G)\fR
 Some client/server combinations have difficulty 
 with mixed-case passwords.  One offending client is Windows for 
 Workgroups, which for some reason forces passwords to upper 
@@ -5140,7 +5110,7 @@ Default: \fBpassword level = 0\fR
 
 Example: \fBpassword level = 4\fR
 .TP
-\fBpassword server (G)\fR
+\fB>password server (G)\fR
 By specifying the name of another SMB server (such 
 as a WinNT box) with this option, and using \fBsecurity = domain
 \fR or \fBsecurity = server\fR you can get Samba 
@@ -5231,7 +5201,7 @@ Example: \fBpassword server = NT-PDC, NT-BDC1, NT-BDC2, *
 
 Example: \fBpassword server = *\fR
 .TP
-\fBpath (S)\fR
+\fB>path (S)\fR
 This parameter specifies a directory to which 
 the user of the service is to be given access. In the case of 
 printable services, this is where print data will spool prior to 
@@ -5256,7 +5226,7 @@ Default: \fBnone\fR
 
 Example: \fBpath = /home/fred\fR
 .TP
-\fBpid directory (G)\fR
+\fB>pid directory (G)\fR
 This option specifies the directory where pid 
 files will be placed.  
 
@@ -5264,8 +5234,8 @@ Default: \fBpid directory = ${prefix}/var/locks\fR
 
 Example: \fBpid directory = /var/run/\fR
 .TP
-\fBposix locking (S)\fR
-The \fBsmbd(8)\fR
+\fB>posix locking (S)\fR
+The \fBsmbd\fR(8)
 daemon maintains an database of file locks obtained by SMB clients.
 The default behavior is to map this internal database to POSIX
 locks.  This means that file locks obtained by SMB clients are 
@@ -5275,7 +5245,7 @@ You should never need to disable this parameter.
 
 Default: \fBposix locking = yes\fR
 .TP
-\fBpostexec (S)\fR
+\fB>postexec (S)\fR
 This option specifies a command to be run 
 whenever the service is disconnected. It takes the usual 
 substitutions. The command may be run as the root on some 
@@ -5294,7 +5264,7 @@ Default: \fBnone (no command executed)\fR
 Example: \fBpostexec = echo \\"%u disconnected from %S 
 from %m (%I)\\" >> /tmp/log\fR
 .TP
-\fBpostscript (S)\fR
+\fB>postscript (S)\fR
 This parameter forces a printer to interpret 
 the print files as PostScript. This is done by adding a %!
 to the start of print output.
@@ -5305,7 +5275,7 @@ confuses your printer.
 
 Default: \fBpostscript = no\fR
 .TP
-\fBpreexec (S)\fR
+\fB>preexec (S)\fR
 This option specifies a command to be run whenever 
 the service is connected to. It takes the usual substitutions.
 
@@ -5327,14 +5297,14 @@ Default: \fBnone (no command executed)\fR
 Example: \fBpreexec = echo \\"%u connected to %S from %m
 (%I)\\" >> /tmp/log\fR
 .TP
-\fBpreexec close (S)\fR
+\fB>preexec close (S)\fR
 This boolean option controls whether a non-zero 
 return code from \fIpreexec
 \fR should close the service being connected to.
 
 Default: \fBpreexec close = no\fR
 .TP
-\fBpreferred master (G)\fR
+\fB>preferred master (G)\fR
 This boolean parameter controls if nmbd(8) is a preferred master browser 
 for its workgroup.
 
@@ -5355,10 +5325,10 @@ See also \fIos level\fR
 
 Default: \fBpreferred master = auto\fR
 .TP
-\fBprefered master (G)\fR
+\fB>prefered master (G)\fR
 Synonym for \fI  preferred master\fR for people who cannot spell :-).
 .TP
-\fBpreload (G)\fR
+\fB>preload (G)\fR
 This is a list of services that you want to be 
 automatically added to the browse lists. This is most useful 
 for homes and printers services that would otherwise not be 
@@ -5371,7 +5341,7 @@ Default: \fBno preloaded services\fR
 
 Example: \fBpreload = fred lp colorlp\fR
 .TP
-\fBpreserve case (S)\fR
+\fB>preserve case (S)\fR
 This controls if new filenames are created
 with the case that the client passes, or if they are forced to 
 be the \fIdefault case
@@ -5382,7 +5352,7 @@ Default: \fBpreserve case = yes\fR
 See the section on NAME 
 MANGLING for a fuller discussion.
 .TP
-\fBprint command (S)\fR
+\fB>print command (S)\fR
 After a print job has finished spooling to 
 a service, this command will be used via a \fBsystem()\fR 
 call to process the spool file. Typically the command specified will 
@@ -5467,10 +5437,10 @@ set print command will be ignored.
 Example: \fBprint command = /usr/local/samba/bin/myprintscript
 %p %s\fR
 .TP
-\fBprint ok (S)\fR
+\fB>print ok (S)\fR
 Synonym for   \fIprintable\fR.
 .TP
-\fBprintable (S)\fR
+\fB>printable (S)\fR
 If this parameter is yes, then 
 clients may open, write to and submit spool files on the directory 
 specified for the service. 
@@ -5483,10 +5453,10 @@ the resource.
 
 Default: \fBprintable = no\fR
 .TP
-\fBprintcap (G)\fR
+\fB>printcap (G)\fR
 Synonym for  \fI  printcap name\fR.
 .TP
-\fBprintcap name (G)\fR
+\fB>printcap name (G)\fR
 This parameter may be used to override the 
 compiled-in default printcap name used by the server (usually \fI  /etc/printcap\fR). See the discussion of the [printers] section above for reasons 
 why you might want to do this.
@@ -5510,12 +5480,11 @@ A minimal printcap file would look something like this:
 
 
 .nf
-		print1|My Printer 1
-		print2|My Printer 2
-		print3|My Printer 3
-		print4|My Printer 4
-		print5|My Printer 5
-		
+print1|My Printer 1
+print2|My Printer 2
+print3|My Printer 3
+print4|My Printer 4
+print5|My Printer 5
 .fi
 
 where the '|' separates aliases of a printer. The fact 
@@ -5531,7 +5500,7 @@ Default: \fBprintcap name = /etc/printcap\fR
 
 Example: \fBprintcap name = /etc/myprintcap\fR
 .TP
-\fBprinter admin (S)\fR
+\fB>printer admin (S)\fR
 This is a list of users that can do anything to 
 printers via the remote administration interfaces offered by MS-RPC 
 (usually using a NT workstation). Note that the root user always 
@@ -5541,7 +5510,7 @@ Default: \fBprinter admin = <empty string>\fR
 
 Example: \fBprinter admin = admin, @staff\fR
 .TP
-\fBprinter driver (S)\fR
+\fB>printer driver (S)\fR
 \fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
 following version 2.2.  Please see the instructions in
@@ -5567,7 +5536,7 @@ driver file\fR.
 
 Example: \fBprinter driver = HP LaserJet 4L\fR
 .TP
-\fBprinter driver file (G)\fR
+\fB>printer driver file (G)\fR
 \fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
 following version 2.2.  Please see the instructions in
@@ -5595,7 +5564,7 @@ Default: \fBNone (set in compile).\fR
 Example: \fBprinter driver file = 
 /usr/local/samba/printers/drivers.def\fR
 .TP
-\fBprinter driver location (S)\fR
+\fB>printer driver location (S)\fR
 \fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
 following version 2.2.  Please see the instructions in
@@ -5622,7 +5591,7 @@ Default: \fBnone\fR
 Example: \fBprinter driver location = \\\\MACHINE\\PRINTER$
 \fR
 .TP
-\fBprinter name (S)\fR
+\fB>printer name (S)\fR
 This parameter specifies the name of the printer 
 to which print jobs spooled through a printable service will be sent.
 
@@ -5635,10 +5604,10 @@ on many systems)\fR
 
 Example: \fBprinter name = laserwriter\fR
 .TP
-\fBprinter (S)\fR
+\fB>printer (S)\fR
 Synonym for \fI  printer name\fR.
 .TP
-\fBprinting (S)\fR
+\fB>printing (S)\fR
 This parameters controls how printer status 
 information is interpreted on your system. It also affects the 
 default values for the \fIprint command\fR, 
@@ -5661,21 +5630,21 @@ This option can be set on a per printer basis
 
 See also the discussion in the   [printers] section.
 .TP
-\fBprivate dir (G)\fR
+\fB>private dir (G)\fR
 This parameters defines the directory
 smbd will use for storing such files as \fIsmbpasswd\fR
 and \fIsecrets.tdb\fR.
 
 Default :\fBprivate dir = ${prefix}/private\fR
 .TP
-\fBprotocol (G)\fR
+\fB>protocol (G)\fR
 Synonym for   \fImax protocol\fR.
 .TP
-\fBpublic (S)\fR
+\fB>public (S)\fR
 Synonym for \fIguest 
 ok\fR.
 .TP
-\fBqueuepause command (S)\fR
+\fB>queuepause command (S)\fR
 This parameter specifies the command to be 
 executed on the server host in order to pause the printer queue.
 
@@ -5699,7 +5668,7 @@ Default: \fBdepends on the setting of \fIprinting
 
 Example: \fBqueuepause command = disable %p\fR
 .TP
-\fBqueueresume command (S)\fR
+\fB>queueresume command (S)\fR
 This parameter specifies the command to be 
 executed on the server host in order to resume the printer queue. It 
 is the command to undo the behavior that is caused by the 
@@ -5726,7 +5695,7 @@ Default: \fBdepends on the setting of \fIprinting\fB\fR
 Example: \fBqueuepause command = enable %p
 \fR
 .TP
-\fBread bmpx (G)\fR
+\fB>read bmpx (G)\fR
 This boolean parameter controls whether smbd(8) will support the "Read 
 Block Multiplex" SMB. This is now rarely used and defaults to 
 no. You should never need to set this 
@@ -5734,7 +5703,7 @@ parameter.
 
 Default: \fBread bmpx = no\fR
 .TP
-\fBread list (S)\fR
+\fB>read list (S)\fR
 This is a list of users that are given read-only 
 access to a service. If the connecting user is in this list then 
 they will not be given write access, no matter what the \fIread only\fR
@@ -5748,7 +5717,7 @@ Default: \fBread list = <empty string>\fR
 
 Example: \fBread list = mary, @students\fR
 .TP
-\fBread only (S)\fR
+\fB>read only (S)\fR
 An inverted synonym is   \fIwriteable\fR.
 
 If this parameter is yes, then users 
@@ -5761,7 +5730,7 @@ will \fBALWAYS\fR allow writing to the directory
 
 Default: \fBread only = yes\fR
 .TP
-\fBread raw (G)\fR
+\fB>read raw (G)\fR
 This parameter controls whether or not the server 
 will support the raw read SMB requests when transferring data 
 to clients.
@@ -5778,7 +5747,7 @@ tool and left severely alone. See also   \fIwrite raw\fR.
 
 Default: \fBread raw = yes\fR
 .TP
-\fBread size (G)\fR
+\fB>read size (G)\fR
 The option \fIread size\fR 
 affects the overlap of disk reads/writes with network reads/writes. 
 If the amount of data being transferred in several of the SMB 
@@ -5802,7 +5771,7 @@ Default: \fBread size = 16384\fR
 
 Example: \fBread size = 8192\fR
 .TP
-\fBrealm (G)\fR
+\fB>realm (G)\fR
 This option specifies the kerberos realm to use. The realm is 
 used as the ADS equivalent of the NT4\fBdomain\fR. It
 is usually set to the DNS name of the kerberos server.
@@ -5811,7 +5780,7 @@ Default: \fBrealm = \fR
 
 Example: \fBrealm = mysambabox.mycompany.com\fR
 .TP
-\fBremote announce (G)\fR
+\fB>remote announce (G)\fR
 This option allows you to setup nmbd(8) to periodically announce itself 
 to arbitrary IP addresses with an arbitrary workgroup name.
 
@@ -5835,13 +5804,13 @@ The IP addresses you choose would normally be the broadcast
 addresses of the remote networks, but can also be the IP addresses 
 of known browse masters if your network config is that stable.
 
-See the documentation file \fIBROWSING.txt\fR 
+See the documentation file BROWSING 
 in the \fIdocs/\fR directory.
 
 Default: \fBremote announce = <empty string>
 \fR
 .TP
-\fBremote browse sync (G)\fR
+\fB>remote browse sync (G)\fR
 This option allows you to setup nmbd(8) to periodically request 
 synchronization of browse lists with the master browser of a Samba 
 server that is on a remote segment. This option will allow you to 
@@ -5872,7 +5841,7 @@ is in fact the browse master on its segment.
 Default: \fBremote browse sync = <empty string>
 \fR
 .TP
-\fBrestrict anonymous (G)\fR
+\fB>restrict anonymous (G)\fR
 This is a integer parameter, and
 mirrors as much as possible the functinality the
 RestrictAnonymous
@@ -5880,13 +5849,13 @@ registry key does on NT/Win2k.
 
 Default: \fBrestrict anonymous = 0\fR
 .TP
-\fBroot (G)\fR
+\fB>root (G)\fR
 Synonym for   \fIroot directory"\fR.
 .TP
-\fBroot dir (G)\fR
+\fB>root dir (G)\fR
 Synonym for   \fIroot directory"\fR.
 .TP
-\fBroot directory (G)\fR
+\fB>root directory (G)\fR
 The server will \fBchroot()\fR (i.e. 
 Change its root directory) to this directory on startup. This is 
 not strictly necessary for secure operation. Even without it the 
@@ -5913,7 +5882,7 @@ Default: \fBroot directory = /\fR
 
 Example: \fBroot directory = /homes/smb\fR
 .TP
-\fBroot postexec (S)\fR
+\fB>root postexec (S)\fR
 This is the same as the \fIpostexec\fR
 parameter except that the command is run as root. This 
 is useful for unmounting filesystems 
@@ -5924,7 +5893,7 @@ See also \fI  postexec\fR.
 Default: \fBroot postexec = <empty string>
 \fR
 .TP
-\fBroot preexec (S)\fR
+\fB>root preexec (S)\fR
 This is the same as the \fIpreexec\fR
 parameter except that the command is run as root. This 
 is useful for mounting filesystems (such as CDROMs) when a 
@@ -5935,7 +5904,7 @@ See also \fI  preexec\fR and   \fIpreexec close\fR.
 Default: \fBroot preexec = <empty string>
 \fR
 .TP
-\fBroot preexec close (S)\fR
+\fB>root preexec close (S)\fR
 This is the same as the \fIpreexec close
 \fR parameter except that the command is run as root.
 
@@ -5943,13 +5912,12 @@ See also \fI  preexec\fR and   \fIpreexec close\fR.
 
 Default: \fBroot preexec close = no\fR
 .TP
-\fBsecurity (G)\fR
+\fB>security (G)\fR
 This option affects how clients respond to 
 Samba and is one of the most important settings in the \fI  smb.conf\fR file.
 
 The option sets the "security mode bit" in replies to 
-protocol negotiations with smbd(8)
- to turn share level security on or off. Clients decide 
+protocol negotiations with \fBsmbd\fR(8) to turn share level security on or off. Clients decide 
 based on this bit whether (and how) to transfer user and password 
 information to the server.
 
@@ -5990,7 +5958,7 @@ level security under different   \fINetBIOS aliases\fR.
 
 The different settings will now be explained.
 
-\fBSECURITY = SHARE
+>\fBSECURITY = SHARE
 \fR
 
 When clients connect to a share level security server they 
@@ -6058,10 +6026,10 @@ be used in granting access.
 
 See also the section   NOTE ABOUT USERNAME/PASSWORD VALIDATION.
 
-\fBSECURITY = USER
+>\fBSECURITY = USER
 \fR
 
-This is the default security setting in Samba 2.2. 
+This is the default security setting in Samba 3.0. 
 With user-level security a client must first "log-on" with a 
 valid username and password (which can be mapped using the \fIusername map\fR 
 parameter). Encrypted passwords (see the   \fIencrypted passwords\fR parameter) can also
@@ -6079,23 +6047,24 @@ parameter for details on doing this.
 
 See also the section   NOTE ABOUT USERNAME/PASSWORD VALIDATION.
 
-\fBSECURITY = SERVER
+>\fBSECURITY = DOMAIN
 \fR
 
-In this mode Samba will try to validate the username/password 
-by passing it to another SMB server, such as an NT box. If this 
-fails it will revert to \fBsecurity = user\fR, but note 
-that if encrypted passwords have been negotiated then Samba cannot 
-revert back to checking the UNIX password file, it must have a valid 
-\fIsmbpasswd\fR file to check users against. See the 
-documentation file in the \fIdocs/\fR directory 
-\fIENCRYPTION.txt\fR for details on how to set this 
-up.
+This mode will only work correctly if \fBnet\fR(8) has been used to add this
+machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR
+parameter to be set to yes. In this 
+mode Samba will try to validate the username/password by passing
+it to a Windows NT Primary or Backup Domain Controller, in exactly 
+the same way that a Windows NT Server would do.
 
-\fBNote\fR that from the client's point of 
-view \fBsecurity = server\fR is the same as \fB  security = user\fR.  It only affects how the server deals 
-with the authentication, it does not in any way affect what the 
-client sees.
+\fBNote\fR that a valid UNIX user must still 
+exist as well as the account on the Domain Controller to allow 
+Samba to have a valid UNIX account to map file access to.
+
+\fBNote\fR that from the client's point 
+of view \fBsecurity = domain\fR is the same as \fBsecurity = user
+\fR. It only affects how the server deals with the authentication, 
+it does not in any way affect what the client sees.
 
 \fBNote\fR that the name of the resource being 
 requested is \fBnot\fR sent to the server until after 
@@ -6111,24 +6080,39 @@ See also the \fIpassword
 server\fR parameter and the \fIencrypted passwords\fR
 parameter.
 
-\fBSECURITY = DOMAIN
+>\fBSECURITY = SERVER
 \fR
 
-This mode will only work correctly if smbpasswd(8) has been used to add this 
-machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR
-parameter to be set to yes. In this 
-mode Samba will try to validate the username/password by passing
-it to a Windows NT Primary or Backup Domain Controller, in exactly 
-the same way that a Windows NT Server would do.
+In this mode Samba will try to validate the username/password 
+by passing it to another SMB server, such as an NT box. If this 
+fails it will revert to \fBsecurity =
+user\fR. It expects the \fIencrypted passwords\fR
+parameter to be set to
+yes, unless the remote server
+does not support them.  However note
+that if encrypted passwords have been negotiated then Samba cannot 
+revert back to checking the UNIX password file, it must have a valid 
+\fIsmbpasswd\fR file to check users against. See the 
+documentation file in the \fIdocs/\fR directory 
+\fIENCRYPTION.txt\fR for details on how to set this 
+up.
 
-\fBNote\fR that a valid UNIX user must still 
-exist as well as the account on the Domain Controller to allow 
-Samba to have a valid UNIX account to map file access to.
+\fBNote\fR this mode of operation
+has significant pitfalls, due to the fact that is
+activly initiates a man-in-the-middle attack on the
+remote SMB server.  In particular, this mode of
+operation can cause significant resource consuption on
+the PDC, as it must maintain an active connection for
+the duration of the user's session.  Furthermore, if
+this connection is lost, there is no way to
+reestablish it, and futher authenticaions to the Samba
+server may fail.  (From a single client, till it
+disconnects). 
 
-\fBNote\fR that from the client's point 
-of view \fBsecurity = domain\fR is the same as \fBsecurity = user
-\fR. It only affects how the server deals with the authentication, 
-it does not in any way affect what the client sees.
+\fBNote\fR that from the client's point of 
+view \fBsecurity = server\fR is the same as \fB  security = user\fR.  It only affects how the server deals 
+with the authentication, it does not in any way affect what the 
+client sees.
 
 \fBNote\fR that the name of the resource being 
 requested is \fBnot\fR sent to the server until after 
@@ -6138,14 +6122,6 @@ the server to automatically map unknown users into the \fIguest account\fR.
 See the \fImap to guest\fR
 parameter for details on doing this.
 
-\fBBUG:\fR There is currently a bug in the 
-implementation of \fBsecurity = domain\fR with respect 
-to multi-byte character set usernames. The communication with a 
-Domain Controller must be done in UNICODE and Samba currently 
-does not widen multi-byte user names to UNICODE correctly, thus 
-a multi-byte username will not be recognized correctly at the 
-Domain Controller. This issue will be addressed in a future release.
-
 See also the section   NOTE ABOUT USERNAME/PASSWORD VALIDATION.
 
 See also the \fIpassword 
@@ -6156,7 +6132,7 @@ Default: \fBsecurity = USER\fR
 
 Example: \fBsecurity = DOMAIN\fR
 .TP
-\fBsecurity mask (S)\fR
+\fB>security mask (S)\fR
 This parameter controls what UNIX permission 
 bits can be modified when a Windows NT client is manipulating 
 the UNIX permission on a file using the native NT security 
@@ -6185,7 +6161,7 @@ Default: \fBsecurity mask = 0777\fR
 
 Example: \fBsecurity mask = 0770\fR
 .TP
-\fBserver string (G)\fR
+\fB>server string (G)\fR
 This controls what string will show up in the 
 printer comment box in print manager and next to the IPC connection 
 in \fBnet view\fR. It can be any string that you wish 
@@ -6205,7 +6181,7 @@ Default: \fBserver string = Samba %v\fR
 Example: \fBserver string = University of GNUs Samba 
 Server\fR
 .TP
-\fBset directory (S)\fR
+\fB>set directory (S)\fR
 If \fBset directory = no\fR, then 
 users of the service may not use the setdir command to change 
 directory.
@@ -6216,7 +6192,7 @@ for details.
 
 Default: \fBset directory = no\fR
 .TP
-\fBshare modes (S)\fR
+\fB>share modes (S)\fR
 This enables or disables the honoring of 
 the \fIshare modes\fR during a file open. These 
 modes are used by clients to gain exclusive read or write access 
@@ -6239,7 +6215,7 @@ off as many Windows applications will break if you do so.
 
 Default: \fBshare modes = yes\fR
 .TP
-\fBshort preserve case (S)\fR
+\fB>short preserve case (S)\fR
 This boolean parameter controls if new files 
 which conform to 8.3 syntax, that is all in upper case and of 
 suitable length, are created upper case, or if they are forced 
@@ -6252,7 +6228,7 @@ See the section on   NAME MANGLING.
 
 Default: \fBshort preserve case = yes\fR
 .TP
-\fBshow add printer wizard (G)\fR
+\fB>show add printer wizard (G)\fR
 With the introduction of MS-RPC based printing support
 for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
 appear on Samba hosts in the share listing.  Normally this folder will 
@@ -6279,7 +6255,7 @@ command\fR,   \fIdeleteprinter command\fR, \fIprinter admin\fR
 
 Default :\fBshow add printer wizard = yes\fR
 .TP
-\fBshutdown script (G)\fR
+\fB>shutdown script (G)\fR
 \fBThis parameter only exists in the HEAD cvs branch\fR
 This a full path name to a script called by
 \fBsmbd(8)\fR that
@@ -6312,20 +6288,19 @@ Example: \fBabort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f\f
 Shutdown script example:
 
 .nf
-		#!/bin/bash
+#!/bin/bash
 		
-		$time=0
-		let "time/60"
-		let "time++"
+$time=0
+let "time/60"
+let "time++"
 
-		/sbin/shutdown $3 $4 +$time $1 &
-		
+/sbin/shutdown $3 $4 +$time $1 &
 .fi
 Shutdown does not return so we need to launch it in background.
 
 See also \fIabort shutdown script\fR.
 .TP
-\fBsmb passwd file (G)\fR
+\fB>smb passwd file (G)\fR
 This option sets the path to the encrypted 
 smbpasswd file.  By default the path to the smbpasswd file 
 is compiled into Samba.
@@ -6336,13 +6311,13 @@ Default: \fBsmb passwd file = ${prefix}/private/smbpasswd
 Example: \fBsmb passwd file = /etc/samba/smbpasswd
 \fR
 .TP
-\fBsmb ports (G)\fR
+\fB>smb ports (G)\fR
 Specifies which ports the server should listen on
 for SMB traffic.
 
 Default: \fBsmb ports = 445 139\fR
 .TP
-\fBsocket address (G)\fR
+\fB>socket address (G)\fR
 This option allows you to control what 
 address Samba will listen for connections on. This is used to 
 support multiple virtual interfaces on the one server, each 
@@ -6353,7 +6328,7 @@ address.
 
 Example: \fBsocket address = 192.168.2.20\fR
 .TP
-\fBsocket options (G)\fR
+\fB>socket options (G)\fR
 This option allows you to set socket options 
 to be used when talking with the client.
 
@@ -6441,7 +6416,7 @@ Default: \fBsocket options = TCP_NODELAY\fR
 
 Example: \fBsocket options = IPTOS_LOWDELAY\fR
 .TP
-\fBsource environment (G)\fR
+\fB>source environment (G)\fR
 This parameter causes Samba to set environment 
 variables as per the content of the file named.
 
@@ -6465,26 +6440,31 @@ Examples: \fBsource environment = |/etc/smb.conf.sh
 Example: \fBsource environment = 
 /usr/local/smb_env_vars\fR
 .TP
-\fBuse spnego (G)\fR
-This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism.  As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller.  It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.
+\fB>use spnego (G)\fR
+This variable controls controls whether samba will try 
+to use Simple and Protected NEGOciation (as specified by rfc2478) with 
+WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. 
+Unless further issues are discovered with our SPNEGO
+implementation, there is no reason this should ever be
+disabled.
 
 Default:  \fBuse spnego = yes\fR
 .TP
-\fBstat cache (G)\fR
-This parameter determines if smbd(8) will use a cache in order to 
+\fB>stat cache (G)\fR
+This parameter determines if \fBsmbd\fR(8) will use a cache in order to 
 speed up case insensitive name mappings. You should never need 
 to change this parameter.
 
 Default: \fBstat cache = yes\fR
 .TP
-\fBstat cache size (G)\fR
+\fB>stat cache size (G)\fR
 This parameter determines the number of 
 entries in the \fIstat cache\fR.  You should 
 never need to change this parameter.
 
 Default: \fBstat cache size = 50\fR
 .TP
-\fBstrict allocate (S)\fR
+\fB>strict allocate (S)\fR
 This is a boolean that controls the handling of 
 disk space allocation in the server. When this is set to yes 
 the server will change from UNIX behaviour of not committing real
@@ -6503,7 +6483,7 @@ of users.
 
 Default: \fBstrict allocate = no\fR
 .TP
-\fBstrict locking (S)\fR
+\fB>strict locking (S)\fR
 This is a boolean that controls the handling of 
 file locking in the server. When this is set to yes 
 the server will check every read and write access for file locks, and 
@@ -6518,7 +6498,7 @@ locking = no\fR is preferable.
 
 Default: \fBstrict locking = no\fR
 .TP
-\fBstrict sync (S)\fR
+\fB>strict sync (S)\fR
 Many Windows applications (including the Windows 
 98 explorer shell) seem to confuse flushing buffer contents to 
 disk with doing a sync to disk. Under UNIX, a sync call forces 
@@ -6526,7 +6506,7 @@ the process to be suspended until the kernel has ensured that
 all outstanding data in kernel disk buffers has been safely stored 
 onto stable storage. This is very slow and should only be done 
 rarely. Setting this parameter to no (the 
-default) means that smbd ignores the Windows applications requests for
+default) means that \fBsmbd\fR(8) ignores the Windows applications requests for
 a sync call. There is only a possibility of losing data if the
 operating system itself that Samba is running on crashes, so there is
 little danger in this default setting. In addition, this fixes many
@@ -6538,14 +6518,14 @@ always>\fR parameter.
 
 Default: \fBstrict sync = no\fR
 .TP
-\fBstrip dot (G)\fR
+\fB>strip dot (G)\fR
 This is a boolean that controls whether to 
 strip trailing dots off UNIX filenames. This helps with some 
 CDROMs that have filenames ending in a single dot.
 
 Default: \fBstrip dot = no\fR
 .TP
-\fBsync always (S)\fR
+\fB>sync always (S)\fR
 This is a boolean parameter that controls 
 whether writes will always be written to stable storage before 
 the write call returns. If this is no then the server will be 
@@ -6562,7 +6542,7 @@ sync\fR parameter.
 
 Default: \fBsync always = no\fR
 .TP
-\fBsyslog (G)\fR
+\fB>syslog (G)\fR
 This parameter maps how Samba debug messages 
 are logged onto the system syslog logging levels. Samba debug 
 level zero maps onto syslog LOG_ERR, debug 
@@ -6576,14 +6556,14 @@ will be sent to syslog.
 
 Default: \fBsyslog = 1\fR
 .TP
-\fBsyslog only (G)\fR
+\fB>syslog only (G)\fR
 If this parameter is set then Samba debug 
 messages are logged into the system syslog only, and not to 
 the debug log files.
 
 Default: \fBsyslog only = no\fR
 .TP
-\fBtemplate homedir (G)\fR
+\fB>template homedir (G)\fR
 When filling out the user information for a Windows NT 
 user, the winbindd(8) daemon 
 uses this parameter to fill in the home directory for that user.  
@@ -6594,14 +6574,14 @@ NT user name.
 
 Default: \fBtemplate homedir = /home/%D/%U\fR
 .TP
-\fBtemplate shell (G)\fR
+\fB>template shell (G)\fR
 When filling out the user information for a Windows NT 
-user, the winbindd(8) daemon 
+user, the \fBwinbindd\fR(8) daemon 
 uses this parameter to fill in the login shell for that user.
 
 Default: \fBtemplate shell = /bin/false\fR
 .TP
-\fBtime offset (G)\fR
+\fB>time offset (G)\fR
 This parameter is a setting in minutes to add 
 to the normal GMT to local time conversion. This is useful if 
 you are serving a lot of PCs that have incorrect daylight 
@@ -6611,21 +6591,20 @@ Default: \fBtime offset = 0\fR
 
 Example: \fBtime offset = 60\fR
 .TP
-\fBtime server (G)\fR
-This parameter determines if     
-nmbd(8) advertises itself as a time server to Windows 
+\fB>time server (G)\fR
+This parameter determines if \fBnmbd\fR(8) advertises itself as a time server to Windows 
 clients.
 
 Default: \fBtime server = no\fR
 .TP
-\fBtimestamp logs (G)\fR
+\fB>timestamp logs (G)\fR
 Synonym for \fI  debug timestamp\fR.
 .TP
-\fBtotal print jobs (G)\fR
+\fB>total print jobs (G)\fR
 This parameter accepts an integer value which defines
 a limit on the maximum number of print jobs that will be accepted 
 system wide at any given time.  If a print job is submitted
-by a client which will exceed this number, then smbd will return an 
+by a client which will exceed this number, then \fBsmbd\fR(8) will return an 
 error indicating that no space is available on the server.  The 
 default value of 0 means that no such limit exists.  This parameter
 can be used to prevent a server from exceeding its capacity and is
@@ -6636,23 +6615,23 @@ Default: \fBtotal print jobs = 0\fR
 
 Example: \fBtotal print jobs = 5000\fR
 .TP
-\fBunicode (G)\fR
+\fB>unicode (G)\fR
 Specifies whether Samba should try 
 to use unicode on the wire by default. Note: This does NOT
 mean that samba will assume that the unix machine uses unicode!
 
 Default: \fBunicode = yes\fR
 .TP
-\fBunix charset (G)\fR
+\fB>unix charset (G)\fR
 Specifies the charset the unix machine 
 Samba runs on uses. Samba needs to know this in order to be able to 
 convert text to the charsets other SMB clients use.
 
-Default: \fBunix charset = ASCII\fR
+Default: \fBunix charset = UTF8\fR
 
-Example: \fBunix charset = UTF8\fR
+Example: \fBunix charset = ASCII\fR
 .TP
-\fBunix extensions(G)\fR
+\fB>unix extensions(G)\fR
 This boolean parameter controls whether Samba 
 implments the CIFS UNIX extensions, as defined by HP. 
 These extensions enable Samba to better serve UNIX CIFS clients
@@ -6662,7 +6641,7 @@ no current use to Windows clients.
 
 Default: \fBunix extensions = no\fR
 .TP
-\fBunix password sync (G)\fR
+\fB>unix password sync (G)\fR
 This boolean parameter controls whether Samba 
 attempts to synchronize the UNIX password with the SMB password 
 when the encrypted SMB password in the smbpasswd file is changed. 
@@ -6677,7 +6656,7 @@ program\fR, \fI  passwd chat\fR.
 
 Default: \fBunix password sync = no\fR
 .TP
-\fBupdate encrypted (G)\fR
+\fB>update encrypted (G)\fR
 This boolean parameter allows a user logging 
 on with a plaintext password to have their encrypted (hashed) 
 password in the smbpasswd file to be updated automatically as 
@@ -6703,7 +6682,7 @@ password in order to connect correctly, and to update their hashed
 
 Default: \fBupdate encrypted = no\fR
 .TP
-\fBuse client driver (S)\fR
+\fB>use client driver (S)\fR
 This parameter applies only to Windows NT/2000
 clients.  It has no affect on Windows 95/98/ME clients.  When 
 serving a printer to Windows NT/2000 clients without first installing
@@ -6735,7 +6714,7 @@ See also disable spoolss
 
 Default: \fBuse client driver = no\fR
 .TP
-\fBuse mmap (G)\fR
+\fB>use mmap (G)\fR
 This global parameter determines if the tdb internals of Samba can
 depend on mmap working correctly on the running system. Samba requires a coherent
 mmap/read-write system memory cache. Currently only HPUX does not have such a
@@ -6746,7 +6725,7 @@ the tdb internal code.
 
 Default: \fBuse mmap = yes\fR
 .TP
-\fBuse rhosts (G)\fR
+\fB>use rhosts (G)\fR
 If this global parameter is yes, it specifies 
 that the UNIX user's \fI.rhosts\fR file in their home directory 
 will be read to find the names of hosts and users who will be allowed 
@@ -6760,13 +6739,13 @@ you are doing.
 
 Default: \fBuse rhosts = no\fR
 .TP
-\fBuser (S)\fR
+\fB>user (S)\fR
 Synonym for \fI  username\fR.
 .TP
-\fBusers (S)\fR
+\fB>users (S)\fR
 Synonym for \fI  username\fR.
 .TP
-\fBusername (S)\fR
+\fB>username (S)\fR
 Multiple users may be specified in a comma-delimited 
 list, in which case the supplied password will be tested against 
 each username in turn (left to right).
@@ -6807,7 +6786,7 @@ If any of the usernames begin with a '+' then the name
 will be looked up only in the UNIX groups database and will 
 expand to a list of all users in the group of that name.
 
-If any of the usernames begin with a '&'then the name 
+If any of the usernames begin with a '&' then the name 
 will be looked up only in the NIS netgroups database (if Samba 
 is compiled with netgroup support) and will expand to a list 
 of all users in the netgroup group of that name.
@@ -6826,7 +6805,7 @@ else <empty string>.\fR
 Examples:\fBusername = fred, mary, jack, jane, 
 @users, @pcgroup\fR
 .TP
-\fBusername level (G)\fR
+\fB>username level (G)\fR
 This option helps Samba to try and 'guess' at 
 the real UNIX username, as many DOS clients send an all-uppercase 
 username. By default Samba tries all lowercase, followed by the 
@@ -6845,7 +6824,7 @@ Default: \fBusername level = 0\fR
 
 Example: \fBusername level = 5\fR
 .TP
-\fBusername map (G)\fR
+\fB>username map (G)\fR
 This option allows you to specify a file containing 
 a mapping of usernames from the clients to the server. This can be 
 used for several purposes. The most common is to map usernames 
@@ -6908,9 +6887,8 @@ that line.
 
 
 .nf
-		!sys = mary fred
-		guest = *
-		
+!sys = mary fred
+guest = *
 .fi
 
 Note that the remapping is applied to all occurrences
@@ -6932,7 +6910,7 @@ Default: \fBno username map\fR
 Example: \fBusername map = /usr/local/samba/lib/users.map
 \fR
 .TP
-\fBuse sendfile (S)\fR
+\fB>use sendfile (S)\fR
 If this parameter is yes, and Samba
 was built with the --with-sendfile-support option, and the underlying operating
 system supports sendfile system call, then some SMB read calls (mainly ReadAndX
@@ -6943,7 +6921,7 @@ as yet.
 
 Default: \fBuse sendfile = no\fR
 .TP
-\fButmp (G)\fR
+\fB>utmp (G)\fR
 This boolean parameter is only available if
 Samba has been configured and compiled  with the option \fB  --with-utmp\fR. If set to yes then Samba will attempt
 to add utmp or utmpx records (depending on the UNIX system) whenever a
@@ -6960,7 +6938,7 @@ See also the \fI  utmp directory\fR parameter.
 
 Default: \fButmp = no\fR
 .TP
-\fButmp directory(G)\fR
+\fB>utmp directory(G)\fR
 This parameter is only available if Samba has 
 been configured and compiled with the option \fB  --with-utmp\fR. It specifies a directory pathname that is
 used to store the utmp or utmpx files (depending on the UNIX system) that
@@ -6973,7 +6951,7 @@ Default: \fBno utmp directory\fR
 
 Example: \fButmp directory = /var/run/utmp\fR
 .TP
-\fBwtmp directory(G)\fR
+\fB>wtmp directory(G)\fR
 This parameter is only available if Samba has 
 been configured and compiled with the option \fB  --with-utmp\fR. It specifies a directory pathname that is
 used to store the wtmp or wtmpx files (depending on the UNIX system) that
@@ -6989,7 +6967,7 @@ Default: \fBno wtmp directory\fR
 
 Example: \fBwtmp directory = /var/log/wtmp\fR
 .TP
-\fBvalid users (S)\fR
+\fB>valid users (S)\fR
 This is a list of users that should be allowed 
 to login to this service. Names starting with '@', '+' and  '&'
 are interpreted using the same rules as described in the 
@@ -7010,7 +6988,7 @@ Default: \fBNo valid users list (anyone can login)
 
 Example: \fBvalid users = greg, @pcusers\fR
 .TP
-\fBveto files(S)\fR
+\fB>veto files(S)\fR
 This is a list of files and directories that 
 are neither visible nor accessible.  Each entry in the list must 
 be separated by a '/', which allows spaces to be included 
@@ -7055,7 +7033,7 @@ veto files = /*Security*/*.tmp/*root*/
 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 .fi
 .TP
-\fBveto oplock files (S)\fR
+\fB>veto oplock files (S)\fR
 This parameter is only valid when the \fIoplocks\fR
 parameter is turned on for a share. It allows the Samba administrator
 to selectively turn off the granting of oplocks on selected files that
@@ -7077,7 +7055,7 @@ the particular NetBench share :
 Example: \fBveto oplock files = /*.SEM/
 \fR
 .TP
-\fBvfs path (S)\fR
+\fB>vfs path (S)\fR
 This parameter specifies the directory
 to look in for vfs modules. The name of every \fBvfs object
 \fR will be prepended by this directory
@@ -7086,7 +7064,7 @@ Default: \fBvfs path = \fR
 
 Example: \fBvfs path = /usr/lib/samba/vfs\fR
 .TP
-\fBvfs object (S)\fR
+\fB>vfs object (S)\fR
 This parameter specifies a shared object files that 
 are used for Samba VFS I/O operations.  By default, normal 
 disk I/O operations are used but these can be overloaded 
@@ -7094,21 +7072,21 @@ with one or more VFS objects.
 
 Default : \fBno value\fR
 .TP
-\fBvfs options (S)\fR
+\fB>vfs options (S)\fR
 This parameter allows parameters to be passed 
 to the vfs layer at initialization time. 
 See also \fI  vfs object\fR.
 
 Default : \fBno value\fR
 .TP
-\fBvolume (S)\fR
+\fB>volume (S)\fR
 This allows you to override the volume label 
 returned for a share. Useful for CDROMs with installation programs 
 that insist on a particular volume label.
 
 Default: \fBthe name of the share\fR
 .TP
-\fBwide links (S)\fR
+\fB>wide links (S)\fR
 This parameter controls whether or not links 
 in the UNIX file system may be followed by the server. Links 
 that point to areas within the directory tree exported by the 
@@ -7121,19 +7099,17 @@ that Samba has to  do in order to perform the link checks.
 
 Default: \fBwide links = yes\fR
 .TP
-\fBwinbind cache time (G)\fR
-This parameter specifies the number of seconds the
-winbindd(8) daemon will cache 
+\fB>winbind cache time (G)\fR
+This parameter specifies the number of 
+seconds the \fBwinbindd\fR(8) daemon will cache 
 user and group information before querying a Windows NT server 
 again.
 
 Default: \fBwinbind cache type = 15\fR
 .TP
-\fBwinbind enum users (G)\fR
-On large installations using
-winbindd(8) it may be
-necessary to suppress the enumeration of users through the
-\fB setpwent()\fR,
+\fB>winbind enum users (G)\fR
+On large installations using \fBwinbindd\fR(8) it may be
+necessary to suppress the enumeration of users through the \fBsetpwent()\fR,
 \fBgetpwent()\fR and
 \fBendpwent()\fR group of system calls.  If
 the \fIwinbind enum users\fR parameter is
@@ -7148,11 +7124,9 @@ usernames.
 
 Default: \fBwinbind enum users = yes \fR
 .TP
-\fBwinbind enum groups (G)\fR
-On large installations using
-winbindd(8) it may be
-necessary to suppress the enumeration of groups through the
-\fB setgrent()\fR,
+\fB>winbind enum groups (G)\fR
+On large installations using \fBwinbindd\fR(8) it may be necessary to suppress 
+the enumeration of groups through the \fBsetgrent()\fR,
 \fBgetgrent()\fR and
 \fBendgrent()\fR group of system calls.  If
 the \fIwinbind enum groups\fR parameter is
@@ -7164,9 +7138,9 @@ enumeration may cause some programs to behave oddly.
 
 Default: \fBwinbind enum groups = yes \fR
 .TP
-\fBwinbind gid (G)\fR
+\fB>winbind gid (G)\fR
 The winbind gid parameter specifies the range of group 
-ids that are allocated by the   winbindd(8) daemon.  This range of group ids should have no 
+ids that are allocated by the \fBwinbindd\fR(8) daemon.  This range of group ids should have no 
 existing local or NIS groups within it as strange conflicts can 
 occur otherwise.
 
@@ -7175,7 +7149,7 @@ Default: \fBwinbind gid = <empty string>
 
 Example: \fBwinbind gid = 10000-20000\fR
 .TP
-\fBwinbind separator (G)\fR
+\fB>winbind separator (G)\fR
 This parameter allows an admin to define the character 
 used when listing a username of the form of \fIDOMAIN
 \fR\\\fIuser\fR.  This parameter 
@@ -7190,9 +7164,9 @@ Default: \fBwinbind separator = '\\'\fR
 
 Example: \fBwinbind separator = +\fR
 .TP
-\fBwinbind uid (G)\fR
+\fB>winbind uid (G)\fR
 The winbind gid parameter specifies the range of group 
-ids that are allocated by the   winbindd(8) daemon.  This range of ids should have no 
+ids that are allocated by the \fBwinbindd\fR(8) daemon.  This range of ids should have no 
 existing local or NIS users within it as strange conflicts can 
 occur otherwise.
 
@@ -7201,11 +7175,9 @@ Default: \fBwinbind uid = <empty string>
 
 Example: \fBwinbind uid = 10000-20000\fR
 .TP
-\fBwinbind use default domain\fR
-.TP
-\fBwinbind use default domain (G)\fR
-This parameter specifies whether the   winbindd(8)
-daemon should operate on users without domain component in their username.  
+\fB>winbind use default domain (G)\fR
+This parameter specifies whether the \fBwinbindd\fR(8) daemon should operate on users 
+without domain component in their username.  
 Users without a domain component are treated as is part of the winbindd server's 
 own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
 function in a way much closer to the way they would in a native unix system.
@@ -7215,7 +7187,7 @@ Default: \fBwinbind use default domain = <no>
 
 Example: \fBwinbind use default domain = yes\fR
 .TP
-\fBwins hook (G)\fR
+\fB>wins hook (G)\fR
 When Samba is running as a WINS server this 
 allows you to call an external program for all changes to the 
 WINS database. The primary use for this option is to allow the 
@@ -7261,16 +7233,16 @@ An example script that calls the BIND dynamic DNS update
 program \fBnsupdate\fR is provided in the examples 
 directory of the Samba source code. 
 .TP
-\fBwins proxy (G)\fR
+\fB>wins proxy (G)\fR
 This is a boolean that controls if nmbd(8) will respond to broadcast name 
 queries on behalf of  other hosts. You may need to set this 
 to yes for some older clients.
 
 Default: \fBwins proxy = no\fR
 .TP
-\fBwins server (G)\fR
+\fB>wins server (G)\fR
 This specifies the IP address (or DNS name: IP 
-address for preference) of the WINS server that   nmbd(8) should register with. If you have a WINS server on 
+address for preference) of the WINS server that \fBnmbd\fR(8) should register with. If you have a WINS server on 
 your network then you should set this to the WINS server's IP.
 
 You should point this at your WINS server if you have a
@@ -7280,16 +7252,15 @@ multi-subnetted network.
 to a WINS server if you have multiple subnets and wish cross-subnet 
 browsing to work correctly.
 
-See the documentation file \fIBROWSING.txt\fR 
+See the documentation file BROWSING 
 in the docs/ directory of your Samba source distribution.
 
 Default: \fBnot enabled\fR
 
 Example: \fBwins server = 192.9.200.1\fR
 .TP
-\fBwins support (G)\fR
-This boolean controls if the    
-nmbd(8) process in Samba will act as a WINS server. You should 
+\fB>wins support (G)\fR
+This boolean controls if the \fBnmbd\fR(8) process in Samba will act as a WINS server. You should 
 not set this to yes unless you have a multi-subnetted network and 
 you wish a particular \fBnmbd\fR to be your WINS server. 
 Note that you should \fBNEVER\fR set this to yes
@@ -7297,7 +7268,7 @@ on more than one machine in your network.
 
 Default: \fBwins support = no\fR
 .TP
-\fBworkgroup (G)\fR
+\fB>workgroup (G)\fR
 This controls what workgroup your server will 
 appear to be in when queried by clients. Note that this parameter 
 also controls the Domain name used with the \fBsecurity = domain\fR
@@ -7307,10 +7278,10 @@ Default: \fBset at compile time to WORKGROUP\fR
 
 Example: \fBworkgroup = MYGROUP\fR
 .TP
-\fBwritable (S)\fR
+\fB>writable (S)\fR
 Synonym for \fI  writeable\fR for people who can't spell :-).
 .TP
-\fBwrite cache size (S)\fR
+\fB>write cache size (S)\fR
 If this integer parameter is set to non-zero value,
 Samba will create an in-memory cache for each oplocked file 
 (it does \fBnot\fR do this for 
@@ -7336,7 +7307,7 @@ Example: \fBwrite cache size = 262144\fR
 
 for a 256k cache size per file.
 .TP
-\fBwrite list (S)\fR
+\fB>write list (S)\fR
 This is a list of users that are given read-write 
 access to a service. If the connecting user is in this list then 
 they will be given write access, no matter what the \fIread only\fR
@@ -7355,7 +7326,7 @@ Default: \fBwrite list = <empty string>
 Example: \fBwrite list = admin, root, @staff
 \fR
 .TP
-\fBwins partners (G)\fR
+\fB>wins partners (G)\fR
 A space separated list of partners' IP addresses for 
 WINS replication. WINS partners are always defined as push/pull 
 partners as defining only one way WINS replication is unreliable. 
@@ -7366,17 +7337,17 @@ Default: \fBwins partners = \fR
 
 Example: \fBwins partners = 192.168.0.1 172.16.1.2\fR
 .TP
-\fBwrite ok (S)\fR
+\fB>write ok (S)\fR
 Inverted synonym for \fI  read only\fR.
 .TP
-\fBwrite raw (G)\fR
+\fB>write raw (G)\fR
 This parameter controls whether or not the server 
 will support raw write SMB's when transferring data from clients. 
 You should never need to change this parameter.
 
 Default: \fBwrite raw = yes\fR
 .TP
-\fBwriteable (S)\fR
+\fB>writeable (S)\fR
 Inverted synonym for \fI  read only\fR.
 .SH "WARNINGS"
 .PP
@@ -7386,8 +7357,7 @@ be ignored in comparisons anyway, so it shouldn't be a
 problem - but be aware of the possibility.
 .PP
 On a similar note, many clients - especially DOS clients - 
-limit service names to eight characters. smbd(8)
- has no such limitation, but attempts to connect from such 
+limit service names to eight characters. \fBsmbd\fR(8) has no such limitation, but attempts to connect from such 
 clients will fail if they truncate the service names.  For this reason 
 you should probably keep your service names down to eight characters 
 in length.
@@ -7399,19 +7369,10 @@ sections. In particular, ensure that the permissions on spool
 directories are correct.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
-the Samba suite.
+This man page is correct for version 3.0 of the Samba suite.
 .SH "SEE ALSO"
 .PP
-samba(7)
-\fBsmbpasswd(8)\fR
-\fBswat(8)\fR
-\fBsmbd(8)\fR 
-\fBnmbd(8)\fR 
-\fBsmbclient(1)\fR 
-\fBnmblookup(1)\fR
-\fBtestparm(1)\fR 
-\fBtestprns(1)\fR
+\fBsamba\fR(7), \fBsmbpasswd\fR(8), \fBswat\fR(8), \fBsmbd\fR(8), \fBnmbd\fR(8), \fBsmbclient\fR(1), \fBnmblookup\fR(1), \fBtestparm\fR(1), \fBtestprns\fR(1).
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -7421,7 +7382,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1
index 47be19d3d9..9840dab50b 100644
--- a/docs/manpages/smbcacls.1
+++ b/docs/manpages/smbcacls.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCACLS" "1" "05 November 2002" "" ""
+.TH "SMBCACLS" "1" "28 January 2003" "" ""
+
 .SH NAME
 smbcacls \- Set or get ACLs on an NT file or directory names
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ smbcacls \- Set or get ACLs on an NT file or directory names
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 The \fBsmbcacls\fR program manipulates NT Access Control
 Lists (ACLs) on SMB file shares. 
@@ -45,7 +46,7 @@ type, owner and group for the call to succeed.
 Specifies a username used to connect to the 
 specified service.  The username may be of the form "username" in 
 which case the user is prompted to enter in a password and the 
-workgroup specified in the \fIsmb.conf\fR file is 
+workgroup specified in the \fBsmb.conf\fR(5) file is 
 used, or "username%password"  or "DOMAIN\\username%password" and the 
 password and workgroup names are used as provided. 
 .TP
@@ -85,7 +86,6 @@ REVISION:<revision number>
 OWNER:<sid or name>
 GROUP:<sid or name>
 ACL:<sid or name>:<type>/<flags>/<mask>
-	
 .fi
 .PP
 The revision of the ACL specifies the internal Windows 
@@ -116,7 +116,7 @@ common flags are:
 #define SEC_ACE_FLAG_CONTAINER_INHERIT   0x2
 .TP 0.2i
 \(bu
-#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
+#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT     0x4
 .TP 0.2i
 \(bu
 #define SEC_ACE_FLAG_INHERIT_ONLY        0x8
@@ -172,8 +172,7 @@ of 1 is returned.  If there was an error parsing any command line
 arguments, an exit status of 2 is returned. 
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
-the Samba suite.
+This man page is correct for version 2.2 of the Samba suite.
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -185,4 +184,5 @@ to the way the Linux kernel is developed.
 and Tim Potter.
 .PP
 The conversion to DocBook for Samba 2.2 was done 
-by Gerald Carter
+by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done
+by Alexander Bokovoy.
diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1
index 0c33475048..6299ff9362 100644
--- a/docs/manpages/smbclient.1
+++ b/docs/manpages/smbclient.1
@@ -3,20 +3,21 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCLIENT" "1" "05 November 2002" "" ""
+.TH "SMBCLIENT" "1" "18 February 2003" "" ""
+
 .SH NAME
 smbclient \- ftp-like client to access SMB/CIFS resources  on servers
 .SH SYNOPSIS
 
-\fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ] [ \fB-b <buffer size>\fR ] [ \fB-d debuglevel\fR ] [ \fB-D Directory\fR ] [ \fB-U username\fR ] [ \fB-W workgroup\fR ] [ \fB-M <netbios name>\fR ] [ \fB-m maxprotocol\fR ] [ \fB-A authfile\fR ] [ \fB-N\fR ] [ \fB-l logfile\fR ] [ \fB-L <netbios name>\fR ] [ \fB-I destinationIP\fR ] [ \fB-E\fR ] [ \fB-c <command string>\fR ] [ \fB-i scope\fR ] [ \fB-O <socket options>\fR ] [ \fB-p port\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-T<c|x>IXFqgbNan\fR ]
+\fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ] [ \fB-b <buffer size>\fR ] [ \fB-d debuglevel\fR ] [ \fB-D Directory\fR ] [ \fB-U username\fR ] [ \fB-W workgroup\fR ] [ \fB-M <netbios name>\fR ] [ \fB-m maxprotocol\fR ] [ \fB-A authfile\fR ] [ \fB-N\fR ] [ \fB-l logfile\fR ] [ \fB-L <netbios name>\fR ] [ \fB-I destinationIP\fR ] [ \fB-E\fR ] [ \fB-c <command string>\fR ] [ \fB-i scope\fR ] [ \fB-O <socket options>\fR ] [ \fB-p port\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-T<c|x>IXFqgbNan\fR ] [ \fB-k\fR ]
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBsmbclient\fR is a client that can 
 \&'talk' to an SMB/CIFS server. It offers an interface
-similar to that of the ftp program (see \fBftp(1)\fR).  
+similar to that of the ftp program (see \fBftp\fR(1)).  
 Operations include things like getting files from the server 
 to the local machine, putting files from the local machine to 
 the server, retrieving directory information from the server 
@@ -41,7 +42,8 @@ same as the IP hostname of the machine running the server.
 
 The server name is looked up according to either 
 the \fI-R\fR parameter to \fBsmbclient\fR or 
-using the name resolve order parameter in the \fIsmb.conf\fR file, 
+using the name resolve order parameter in 
+the \fBsmb.conf\fR(5) file, 
 allowing an administrator to change the order and methods 
 by which server names are looked up. 
 .TP
@@ -66,12 +68,13 @@ or mixed case passwords may be rejected by these servers.
 Be cautious about including passwords in scripts.
 .TP
 \fB-s smb.conf\fR
-Specifies the location of the all important 
-\fIsmb.conf\fR file. 
+Specifies the location of the all 
+important \fBsmb.conf\fR(5) file. 
 .TP
 \fB-O socket options\fR
 TCP socket options to set on the client 
-socket. See the socket options parameter in the \fI  smb.conf (5)\fR manpage for the list of valid 
+socket. See the socket options parameter in 
+the \fBsmb.conf\fR(5) manual page for the list of valid 
 options. 
 .TP
 \fB-R <name resolve order>\fR
@@ -81,17 +84,18 @@ host names to IP addresses. The option takes a space-separated
 string of different name resolution options.
 
 The options are :"lmhosts", "host", "wins" and "bcast". They 
-cause names to be resolved as follows :
+cause names to be resolved as follows:
 .RS
 .TP 0.2i
 \(bu
-lmhosts : Lookup an IP 
+lmhosts: Lookup an IP 
 address in the Samba lmhosts file. If the line in lmhosts has 
-no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
+no name type attached to the NetBIOS name (see 
+the \fBlmhosts\fR(5) for details) then
 any name type matches for lookup.
 .TP 0.2i
 \(bu
-host : Do a standard host 
+host: Do a standard host 
 name to IP address resolution, using the system \fI/etc/hosts
 \fR, NIS, or DNS lookups. This method of name resolution 
 is operating system dependent, for instance on IRIX or Solaris this 
@@ -101,13 +105,13 @@ type being queried is the 0x20 (server) name type, otherwise
 it is ignored.
 .TP 0.2i
 \(bu
-wins : Query a name with 
+wins: Query a name with 
 the IP address listed in the \fIwins server\fR
 parameter.  If no WINS server has
 been specified this method will be ignored.
 .TP 0.2i
 \(bu
-bcast : Do a broadcast on 
+bcast: Do a broadcast on 
 each of the known local interfaces listed in the 
 \fIinterfaces\fR
 parameter. This is the least reliable of the name resolution 
@@ -116,12 +120,12 @@ connected subnet.
 .RE
 
 If this parameter is not set then the name resolve order 
-defined in the \fIsmb.conf\fR file parameter  
+defined in the \fBsmb.conf\fR(5) file parameter  
 (name resolve order) will be used. 
 
 The default order is lmhosts, host, wins, bcast and without 
 this parameter or any entry in the \fIname resolve order
-\fR parameter of the \fIsmb.conf\fR file the name resolution
+\fR parameter of the \fBsmb.conf\fR(5) file the name resolution
 methods will be attempted in this order. 
 .TP
 \fB-M NetBIOS name\fR
@@ -147,7 +151,7 @@ You may also find the \fI-U\fR and
 \fI-I\fR options useful, as they allow you to 
 control the FROM and TO parts of the message. 
 
-See the message command parameter in the \fI  smb.conf(5)\fR for a description of how to handle incoming 
+See the \fImessage command\fR parameter in the \fBsmb.conf\fR(5) for a description of how to handle incoming 
 WinPopup messages in Samba. 
 
 \fBNote\fR: Copy WinPopup into the startup group 
@@ -291,7 +295,6 @@ password used in the connection.  The format of the file is
 username = <value> 
 password = <value>
 domain = <value>
-		
 .fi
 
 If the domain parameter is missing the current workgroup name
@@ -327,9 +330,8 @@ observed to speed up file transfers to and from a Win9x server.
 .TP
 \fB-W WORKGROUP\fR
 Override the default workgroup (domain) specified
-in the workgroup parameter of the \fIsmb.conf\fR
-file for this connection. This may be needed to connect to some
-servers. 
+in the workgroup parameter of the \fBsmb.conf\fR(5) file for this connection. This may be 
+needed to connect to some servers. 
 .TP
 \fB-T tar options\fR
 smbclient may be used to create \fBtar(1)
@@ -413,7 +415,7 @@ files in the archive with relative names, not absolute names.
 
 \fBTar Filenames\fR
 
-All file names can be given as DOS path names (with '\\' 
+All file names can be given as DOS path names (with '\\\\' 
 as the component separator) or as UNIX path names (with '/' as 
 the component separator). 
 
@@ -457,6 +459,10 @@ commands to be executed instead of prompting from stdin. \fI  -N\fR is implied b
 
 This is particularly useful in scripts and for printing stdin 
 to the server, e.g. \fB-c 'print -'\fR. 
+.TP
+\fB-k\fR
+Try to authenticate with kerberos. Only useful in 
+an Active Directory environment.
 .SH "OPERATIONS"
 .PP
 Once the client is running, the user is presented with 
@@ -464,7 +470,7 @@ a prompt :
 .PP
 smb:\\> 
 .PP
-The backslash ("\\") indicates the current working directory 
+The backslash ("\\\\") indicates the current working directory 
 on the server, and will change if the current working directory 
 is changed. 
 .PP
@@ -766,8 +772,7 @@ The client log files should be put in a directory readable
 and writeable only by the user. 
 .PP
 To test the client, you will need to know the name of a 
-running SMB/CIFS server. It is possible to run \fBsmbd(8)
-\fR as an ordinary user - running that server as a daemon 
+running SMB/CIFS server. It is possible to run \fBsmbd\fR(8) as an ordinary user - running that server as a daemon 
 on a user-accessible port (typically any port number over 1024)
 would provide a suitable test server. 
 .SH "DIAGNOSTICS"
@@ -781,8 +786,7 @@ on the debug level used by the client. If you have problems,
 set the debug level to 3 and peruse the log files. 
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
-the Samba suite.
+This man page is correct for version 2.2 of the Samba suite.
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -792,7 +796,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1
index f78c4b96d4..80fee0a838 100644
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCONTROL" "1" "05 November 2002" "" ""
+.TH "SMBCONTROL" "1" "28 January 2003" "" ""
+
 .SH NAME
 smbcontrol \- send messages to smbd, nmbd or winbindd processes
 .SH SYNOPSIS
@@ -15,13 +16,10 @@ smbcontrol \- send messages to smbd, nmbd or winbindd processes
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBsmbcontrol\fR is a very small program, which 
-sends messages to an smbd(8) 
-an nmbd(8)
-or a winbindd(8) 
-daemon running on the system.
+sends messages to a \fBsmbd\fR(8), a \fBnmbd\fR(8), or a \fBwinbindd\fR(8) daemon running on the system.
 .SH "OPTIONS"
 .TP
 \fB-i\fR
@@ -31,8 +29,7 @@ on STDIN. An empty command line or a "q" will quit the
 program.
 .TP
 \fBdestination\fR
-One of \fInmbd\fR
-\fIsmbd\fR or a process ID.
+One of \fInmbd\fR, \fIsmbd\fR or a process ID.
 
 The \fIsmbd\fR destination causes the 
 message to "broadcast" to all smbd daemons.
@@ -134,8 +131,7 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR 
-and \fBsmbd(8)\fR
+\fBnmbd\fR(8) and \fBsmbd\fR(8).
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -145,7 +141,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
index 3e0f1d83cc..47bc476aac 100644
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBD" "8" "15 January 2003" "" ""
+.TH "SMBD" "8" "28 January 2003" "" ""
+
 .SH NAME
 smbd \- server to provide SMB/CIFS services to clients
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ smbd \- server to provide SMB/CIFS services to clients
 
 .SH "DESCRIPTION"
 .PP
-This program is part of the Samba suite.
+This program is part of the \fBSamba\fR(7) suite.
 .PP
 \fBsmbd\fR is the server daemon that 
 provides filesharing and printing services to Windows clients. 
@@ -26,14 +27,12 @@ OS/2, DAVE for Macintosh, and smbfs for Linux.
 An extensive description of the services that the 
 server can provide is given in the man page for the 
 configuration file controlling the attributes of those 
-services (see \fIsmb.conf(5)
-\fR  This man page will not describe the 
+services (see \fBsmb.conf\fR(5).  This man page will not describe the 
 services, but will concentrate on the administrative aspects 
 of running the server.
 .PP
 Please note that there are significant security 
-implications to running this server, and the \fIsmb.conf(5)\fR 
-manpage should be regarded as mandatory reading before 
+implications to running this server, and the \fBsmb.conf\fR(5) manual page should be regarded as mandatory reading before 
 proceeding with installation.
 .PP
 A session is created whenever a client requests one. 
@@ -117,8 +116,8 @@ use only by developers and generate HUGE amounts of log
 data, most of which is extremely cryptic.
 
 Note that specifying this parameter here will 
-override the log
-level file.
+override the \fIlog
+level\fR parameter in the \fBsmb.conf\fR(5) file.
 .TP
 \fB-l <log directory>\fR
 If specified,
@@ -127,8 +126,8 @@ specifies a log directory into which the "log.smbd" log
 file will be created for informational and debug 
 messages from the running server. The log 
 file generated is never removed by the server although 
-its size may be controlled by the max log size
-option in the \fI  smb.conf(5)\fR file. \fBBeware:\fR
+its size may be controlled by the \fImax log size\fR
+option in the \fBsmb.conf\fR(5) file. \fBBeware:\fR
 If the directory specified does not exist, \fBsmbd\fR
 will log to the default debug log location defined at compile time.
 
@@ -136,9 +135,8 @@ The default log directory is specified at
 compile time.
 .TP
 \fB-O <socket options>\fR
-See the socket options 
-parameter in the \fIsmb.conf(5)
-\fR file for details.
+See the \fIsocket options\fR 
+parameter in the \fBsmb.conf\fR(5) file for details.
 .TP
 \fB-p <port number>\fR
 \fIport number\fR is a positive integer 
@@ -169,7 +167,7 @@ configuration details required by the server.  The
 information in this file includes server-specific
 information such as what printcap file to use, as well 
 as descriptions of all the services that the server is 
-to provide. See \fI  smb.conf(5)\fR for more information.
+to provide. See \fBsmb.conf\fR(5) for more information.
 The default configuration file name is determined at 
 compile time.
 .SH "FILES"
@@ -178,7 +176,7 @@ compile time.
 If the server is to be run by the 
 \fBinetd\fR meta-daemon, this file 
 must contain suitable startup information for the 
-meta-daemon. See the UNIX_INSTALL.html
+meta-daemon. See the "How to Install and Test SAMBA"
 document for details.
 .TP
 \fB\fI/etc/rc\fB\fR
@@ -187,7 +185,7 @@ system uses).
 
 If running the server as a daemon at startup, 
 this file will need to contain an appropriate startup 
-sequence for the server. See the UNIX_INSTALL.html
+sequence for the server. See the "How to Install and Test SAMBA"
 document for details.
 .TP
 \fB\fI/etc/services\fB\fR
@@ -195,18 +193,16 @@ If running the server via the
 meta-daemon \fBinetd\fR, this file 
 must contain a mapping of service name (e.g., netbios-ssn) 
 to service port (e.g., 139) and protocol type (e.g., tcp). 
-See the UNIX_INSTALL.html
+See the "How to Install and Test SAMBA"
 document for details.
 .TP
 \fB\fI/usr/local/samba/lib/smb.conf\fB\fR
-This is the default location of the 
-\fIsmb.conf\fR
-server configuration file. Other common places that systems 
+This is the default location of the \fBsmb.conf\fR(5) server configuration file. Other common places that systems 
 install this file are \fI/usr/samba/lib/smb.conf\fR 
-and \fI/etc/smb.conf\fR.
+and \fI/etc/samba/smb.conf\fR.
 
 This file describes all the services the server 
-is to make available to clients. See   \fIsmb.conf(5)\fR for more information.
+is to make available to clients. See \fBsmb.conf\fR(5) for more information.
 .SH "LIMITATIONS"
 .PP
 On some systems \fBsmbd\fR cannot change uid back 
@@ -229,9 +225,8 @@ is not specific to the server, however.
 Samba uses PAM for authentication (when presented with a plaintext 
 password), for account checking (is this account disabled?) and for
 session management.  The degree too which samba supports PAM is restricted
-by the limitations of the SMB protocol and the 
-obey pam restricions
-smb.conf paramater.  When this is set, the following restrictions apply:
+by the limitations of the SMB protocol and the \fIobey 
+pam restricions\fR \fBsmb.conf\fR(5) paramater.  When this is set, the following restrictions apply:
 .TP 0.2i
 \(bu
 \fBAccount Validation\fR:  All accesses to a 
@@ -279,9 +274,8 @@ an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for
 it to die on its own.
 .PP
 The debug log level of \fBsmbd\fR may be raised
-or lowered using \fBsmbcontrol(1)
-\fR program (SIGUSR[1|2] signals are no longer used in
-Samba 2.2). This is to allow transient problems to be diagnosed, 
+or lowered using \fBsmbcontrol\fR(1) program (SIGUSR[1|2] signals are no longer 
+used since Samba 2.2). This is to allow transient problems to be diagnosed, 
 whilst still running at a normally low log level.
 .PP
 Note that as the signal handlers send a debug write, 
@@ -292,12 +286,8 @@ by un-blocking the signals before the select call and re-blocking
 them after, however this would affect performance.
 .SH "SEE ALSO"
 .PP
-hosts_access(5), \fBinetd(8)\fR, 
-\fBnmbd(8)\fR 
-\fIsmb.conf(5)\fR
- \fBsmbclient(1)
-\fR and the Internet RFC's
-\fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
+\fBhosts_access\fR(5), \fBinetd\fR(8), \fBnmbd\fR(8), \fBsmb.conf\fR(5), \fBsmbclient\fR(1), \fBtestparm\fR(1), \fBtestprns\fR(1), and the 
+Internet RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
 In addition the CIFS (formerly SMB) specification is available 
 as a link from the Web page  
 http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
@@ -310,7 +300,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbgroupedit.8 b/docs/manpages/smbgroupedit.8
index b514b99793..f016044634 100644
--- a/docs/manpages/smbgroupedit.8
+++ b/docs/manpages/smbgroupedit.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBGROUPEDIT" "8" "03 January 2003" "" ""
+.TH "SMBGROUPEDIT" "8" "28 January 2003" "" ""
+
 .SH NAME
 smbgroupedit \- Query/set/change UNIX - Windows NT group mapping
 .SH SYNOPSIS
@@ -12,8 +13,7 @@ smbgroupedit \- Query/set/change UNIX - Windows NT group mapping
 
 .SH "DESCRIPTION"
 .PP
-This program is part of the Samba
-suite.
+This program is part of the \fBSamba\fR(7) suite.
 .PP
 The  smbgroupedit  command  allows for mapping unix groups
 to NT Builtin, Domain, or Local groups.  Also
@@ -39,8 +39,7 @@ give a long listing, of the format:
     Privilege      :
 .fi
 
-For examples,
-
+For example:
 
 .nf
 Users
@@ -59,8 +58,7 @@ display a short listing of the format:
 NTGroupName(SID) -> UnixGroupName
 .fi
 
-For example,
-
+For example:
 
 .nf
 Users (S-1-5-32-545) -> -1
@@ -94,8 +92,7 @@ map this domadm group to the 'domain admins' group:
 .RS
 .TP 3
 1. 
-Get the SID for the Windows NT "Domain Admins"
-group:
+Get the SID for the Windows NT "Domain Admins" group:
 
 
 .nf
@@ -107,7 +104,6 @@ Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1
 map the unix domadm group to the Windows NT
 "Domain Admins" group, by running the command:
 
-
 .nf
 root# \fBsmbgroupedit \\
 -c S-1-5-21-1108995562-3116817432-1375597819-512 \\
@@ -119,7 +115,6 @@ Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
 .RE
 .PP
 To verify that your mapping has taken effect:
-.PP
 
 .nf
 root# \fBsmbgroupedit -vs|grep "Domain Admins"\fR
@@ -129,7 +124,6 @@ Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm
 To give access to a certain directory on a domain member machine (an
 NT/W2K or a samba server running winbind) to some users who are member
 of a group on your samba PDC, flag that group as a domain group:
-.PP
 
 .nf
 root# \fBsmbgroupedit -a unixgroup -td\fR
@@ -140,7 +134,7 @@ This man page is correct for the 3.0alpha releases of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-smb.conf(5)
+\fBsmb.conf\fR(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities
@@ -150,4 +144,5 @@ to the way the Linux kernel is developed.
 .PP
 \fBsmbgroupedit\fR was written by Jean Francois Micouleau.
 The current set of manpages and documentation is maintained
-by the Samba Team in the same fashion as the Samba source code.
+by the Samba Team in the same fashion as the Samba source code. The conversion
+to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8
index 6f7d79ea5d..63425850c9 100644
--- a/docs/manpages/smbmnt.8
+++ b/docs/manpages/smbmnt.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBMNT" "8" "05 November 2002" "" ""
+.TH "SMBMNT" "8" "28 January 2003" "" ""
+
 .SH NAME
 smbmnt \- helper utility for mounting SMB filesystems
 .SH SYNOPSIS
@@ -21,8 +22,7 @@ A setuid smbmnt will only allow mounts on directories owned
 by the user, and that the user has write permission on.
 .PP
 The \fBsmbmnt\fR program is normally invoked 
-by \fBsmbmount(8)\fR
- It should not be invoked directly by users. 
+by \fBsmbmount\fR(8). It should not be invoked directly by users. 
 .PP
 smbmount searches the normal PATH for smbmnt. You must ensure
 that the smbmnt version in your path matches the smbmount used.
@@ -61,4 +61,5 @@ The SAMBA Mailing list <URL:mailto:samba@samba.org>
 is the preferred place to ask questions regarding these programs.
 .PP
 The conversion of this manpage for Samba 2.2 was performed 
-by Gerald Carter
+by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8
index 525a10be7f..1b504e08b9 100644
--- a/docs/manpages/smbmount.8
+++ b/docs/manpages/smbmount.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBMOUNT" "8" "05 November 2002" "" ""
+.TH "SMBMOUNT" "8" "28 January 2003" "" ""
+
 .SH NAME
 smbmount \- mount an smbfs filesystem
 .SH SYNOPSIS
@@ -14,7 +15,7 @@ smbmount \- mount an smbfs filesystem
 .PP
 \fBsmbmount\fR mounts a Linux SMB filesystem. It 
 is usually invoked as \fBmount.smbfs\fR by
-the \fBmount(8)\fR command when using the 
+the \fBmount\fR(8) command when using the 
 "-t smbfs" option. This command only works in Linux, and the kernel must
 support the smbfs filesystem. 
 .PP
@@ -27,11 +28,10 @@ unknown options.
 \fBsmbmount\fR is a daemon. After mounting it keeps running until
 the mounted smbfs is umounted. It will log things that happen
 when in daemon mode using the "machine name" smbmount, so
-typically this output will end up in \fIlog.smbmount\fR. The
-\fBsmbmount\fR process may also be called mount.smbfs.
+typically this output will end up in \fIlog.smbmount\fR. The \fB smbmount\fR process may also be called mount.smbfs.
 .PP
 \fBNOTE:\fR \fBsmbmount\fR 
-calls \fBsmbmnt(8)\fR to do the actual mount. You 
+calls \fBsmbmnt\fR(8) to do the actual mount. You 
 must make sure that \fBsmbmnt\fR is in the path so 
 that it can be found. 
 .SH "OPTIONS"
@@ -58,14 +58,12 @@ in the PASSWD environment variable or a credentials file (see
 below) will be read correctly.
 .TP
 \fBcredentials=<filename>\fR
-specifies a file that contains a username
-and/or password. The format of the file is:
-
+specifies a file that contains a username and/or password. 
+The format of the file is:
 
 .nf
-		username = <value>
-		password = <value>
-		
+username = <value>
+password = <value>
 .fi
 
 This is preferred over having passwords in plaintext in a
@@ -114,8 +112,7 @@ sets the destination host or IP address.
 sets the workgroup on the destination 
 .TP
 \fBsockopt=<arg>\fR
-sets the TCP socket options. See the \fIsmb.conf
-\fR \fIsocket options\fR option.
+sets the TCP socket options. See the \fBsmb.conf\fR(5) \fIsocket options\fR option.
 .TP
 \fBscope=<arg>\fR
 sets the NetBIOS scope 
@@ -196,10 +193,8 @@ source tree may contain additional options and information.
 .PP
 FreeBSD also has a smbfs, but it is not related to smbmount
 .PP
-For Solaris, HP-UX and others you may want to look at
-\fBsmbsh(1)\fR or at other
-solutions, such as sharity or perhaps replacing the SMB server with
-a NFS server.
+For Solaris, HP-UX and others you may want to look at \fBsmbsh\fR(1) or at other solutions, such as 
+Sharity or perhaps replacing the SMB server with a NFS server.
 .SH "AUTHOR"
 .PP
 Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
@@ -212,4 +207,5 @@ The SAMBA Mailing list <URL:mailto:samba@samba.org>
 is the preferred place to ask questions regarding these programs.
 .PP
 The conversion of this manpage for Samba 2.2 was performed 
-by Gerald Carter
+by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
index 907e388bee..46527236d9 100644
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBPASSWD" "5" "05 November 2002" "" ""
+.TH "SMBPASSWD" "5" "28 January 2003" "" ""
+
 .SH NAME
 smbpasswd \- The Samba encrypted password file
 .SH SYNOPSIS
@@ -11,7 +12,7 @@ smbpasswd \- The Samba encrypted password file
 \fIsmbpasswd\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 smbpasswd is the Samba encrypted password file. It contains 
 the username, Unix user id and the SMB hashed passwords of the 
@@ -95,7 +96,7 @@ This section contains flags that describe
 the attributes of the users account. In the Samba 2.2 release 
 this field is bracketed by '[' and ']' characters and is always 
 13 characters in length (including the '[' and ']' characters).
-The contents of this field may be any of the characters.
+The contents of this field may be any of the following characters:
 .RS
 .TP 0.2i
 \(bu
@@ -108,13 +109,11 @@ in the smbpasswd file.
 \fBN\fR - This means the
 account has no password (the passwords in the fields LANMAN 
 Password Hash and NT Password Hash are ignored). Note that this 
-will only allow users to log on with no password if the \fI   null passwords\fR parameter is set in the \fIsmb.conf(5)
-\fR config file. 
+will only allow users to log on with no password if the \fI   null passwords\fR parameter is set in the \fBsmb.conf\fR(5) config file. 
 .TP 0.2i
 \(bu
 \fBD\fR - This means the account 
-is disabled and no SMB/CIFS logins  will be allowed for 
-this user. 
+is disabled and no SMB/CIFS logins  will be allowed for this user. 
 .TP 0.2i
 \(bu
 \fBW\fR - This means this account 
@@ -139,8 +138,7 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbpasswd(8)\fR 
-samba(7) and
+\fBsmbpasswd\fR(8), \fBSamba\fR(7), and
 the Internet RFC1321 for details on the MD4 algorithm.
 .SH "AUTHOR"
 .PP
@@ -151,7 +149,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
index ad933517be..b2821a8e01 100644
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBPASSWD" "8" "26 November 2002" "" ""
+.TH "SMBPASSWD" "8" "28 January 2003" "" ""
+
 .SH NAME
 smbpasswd \- change a user's SMB password
 .SH SYNOPSIS
@@ -12,24 +13,23 @@ smbpasswd \- change a user's SMB password
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 The smbpasswd program has several different 
-functions, depending on whether it is run by the \fBroot\fR 
-user or not. When run as a normal user it allows the user to change 
+functions, depending on whether it is run by the \fBroot\fR user 
+or not. When run as a normal user it allows the user to change 
 the password used for their SMB sessions on any machines that store 
 SMB passwords. 
 .PP
 By default (when run with no arguments) it will attempt to 
 change the current user's SMB password on the local machine. This is 
-similar to the way the \fBpasswd(1)\fR program works. 
-\fBsmbpasswd\fR differs from how the passwd program works 
+similar to the way the \fBpasswd(1)\fR program works. \fB smbpasswd\fR differs from how the passwd program works 
 however in that it is not \fBsetuid root\fR but works in 
-a client-server mode and communicates with a locally running
-\fBsmbd(8)\fR. As a consequence in order for this to 
+a client-server mode and communicates with a 
+locally running \fBsmbd\fR(8). As a consequence in order for this to 
 succeed the smbd daemon must be running on the local machine. On a 
 UNIX machine the encrypted SMB passwords are usually stored in 
-the \fIsmbpasswd(5)\fR file. 
+the \fBsmbpasswd\fR(5) file. 
 .PP
 When run by an ordinary user with no options, smbpasswd 
 will prompt them for their old SMB password and then ask them 
@@ -41,12 +41,12 @@ the <Enter> key when asked for your old password.
 .PP
 smbpasswd can also be used by a normal user to change their
 SMB password on remote machines, such as Windows NT Primary Domain 
-Controllers.   See the (-r) and -U options below. 
+Controllers.   See the (\fI-r\fR) and \fI-U\fR options 
+below. 
 .PP
 When run by root, smbpasswd allows new users to be added 
 and deleted in the smbpasswd file, as well as allows changes to 
-the attributes of the user in this file to be made. When run by root, 
-\fBsmbpasswd\fR accesses the local smbpasswd file 
+the attributes of the user in this file to be made. When run by root, \fB smbpasswd\fR accesses the local smbpasswd file 
 directly, thus enabling changes to be made even if smbd is not 
 running. 
 .SH "OPTIONS"
@@ -82,8 +82,7 @@ will fail.
 
 If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
 format) there is no space in the user's password entry to write
-this information and the command will FAIL. See \fBsmbpasswd(5)
-\fR for details on the 'old' and new password file formats.
+this information and the command will FAIL. See \fBsmbpasswd\fR(5) for details on the 'old' and new password file formats.
 
 This option is only available when running smbpasswd as 
 root.
@@ -96,7 +95,7 @@ disabled this option has no effect. Once the account is enabled then
 the user will be able to authenticate via SMB once again. 
 
 If the smbpasswd file is in the 'old' format, then \fB  smbpasswd\fR will FAIL to enable the account.  
-See \fBsmbpasswd (5)\fR for 
+See \fBsmbpasswd\fR(5) for 
 details on the 'old' and new password file formats. 
 
 This option is only available when running smbpasswd as root. 
@@ -164,17 +163,17 @@ what name resolution services to use when looking up the NetBIOS
 name of the host being connected to. 
 
 The options are :"lmhosts", "host", "wins" and "bcast". They
-cause names to be resolved as follows : 
+cause names to be resolved as follows: 
 .RS
 .TP 0.2i
 \(bu
-lmhosts : Lookup an IP 
+lmhosts: Lookup an IP 
 address in the Samba lmhosts file. If the line in lmhosts has 
-no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
+no name type attached to the NetBIOS name (see the \fBlmhosts\fR(5) for details) then
 any name type matches for lookup.
 .TP 0.2i
 \(bu
-host : Do a standard host 
+host: Do a standard host 
 name to IP address resolution, using the system \fI/etc/hosts
 \fR, NIS, or DNS lookups. This method of name resolution 
 is operating system depended for instance on IRIX or Solaris this 
@@ -184,13 +183,13 @@ type being queried is the 0x20 (server) name type, otherwise
 it is ignored.
 .TP 0.2i
 \(bu
-wins : Query a name with 
+wins: Query a name with 
 the IP address listed in the \fIwins server\fR 
 parameter.  If no WINS server has been specified this method 
 will be ignored.
 .TP 0.2i
 \(bu
-bcast : Do a broadcast on 
+bcast: Do a broadcast on 
 each of the known local interfaces listed in the
 \fIinterfaces\fR parameter. This is the least 
 reliable of the name resolution methods as it depends on the 
@@ -198,8 +197,7 @@ target host being on a locally connected subnet.
 .RE
 
 The default order is \fBlmhosts, host, wins, bcast\fR 
-and without this parameter or any entry in the 
-\fIsmb.conf\fR file the name resolution methods will 
+and without this parameter or any entry in the \fBsmb.conf\fR(5) file the name resolution methods will 
 be attempted in this order. 
 .TP
 \fB-m\fR
@@ -235,7 +233,7 @@ has been configured to use the experimental
 switch is used to specify the password to be used with the 
 \fIldap admin 
 dn\fR  Note that the password is stored in
-the \fIprivate/secrets.tdb\fR and is keyed off 
+the \fIsecrets.tdb\fR and is keyed off 
 of the admin's DN.  This means that if the value of \fIldap
 admin dn\fR ever changes, the password will need to be 
 manually updated as well.
@@ -261,23 +259,20 @@ to modify attributes directly in the local smbpasswd file.
 Since \fBsmbpasswd\fR works in client-server 
 mode communicating  with a local smbd for a non-root user then 
 the smbd daemon must be running for this to work. A common problem 
-is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying a 
-\fIallow hosts\fR or \fIdeny hosts\fR 
-entry in the \fIsmb.conf\fR file and neglecting to 
+is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying either \fIallow
+hosts\fR or \fIdeny hosts\fR entry in 
+the \fBsmb.conf\fR(5) file and neglecting to 
 allow "localhost" access to the smbd. 
 .PP
 In addition, the smbpasswd command is only useful if Samba
-has been set up to use encrypted passwords. See the file 
-\fIENCRYPTION.txt\fR in the docs directory for details 
+has been set up to use encrypted passwords. See the document  "LanMan and NT Password Encryption in Samba" in the docs directory for details 
 on how to do this. 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
-the Samba suite.
+This man page is correct for version 3.0 of the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fIsmbpasswd(5)\fR 
-samba(7)
+\fBsmbpasswd\fR(5), \fBSamba\fR(7).
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -287,7 +282,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1
index e9c1add9e9..463a456616 100644
--- a/docs/manpages/smbsh.1
+++ b/docs/manpages/smbsh.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSH" "1" "26 November 2002" "" ""
+.TH "SMBSH" "1" "28 January 2003" "" ""
+
 .SH NAME
 smbsh \- Allows access to Windows NT filesystem  using UNIX commands
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ smbsh \- Allows access to Windows NT filesystem  using UNIX commands
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBsmbsh\fR allows you to access an NT filesystem 
 using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a 
@@ -22,7 +23,7 @@ to work correctly.
 .TP
 \fB-W WORKGROUP\fR
 Override the default workgroup specified in the 
-workgroup parameter of the \fIsmb.conf\fR file 
+workgroup parameter of the \fBsmb.conf\fR(5) file 
 for this session. This may be needed to connect to some 
 servers. 
 .TP
@@ -44,20 +45,20 @@ services and in what order to resolve
 host names to IP addresses. The option takes a space-separated 
 string of different name resolution options.
 
-The options are :"lmhosts", "host", "wins" and "bcast". 
+The options are: "lmhosts", "host", "wins" and "bcast". 
 They cause names to be resolved as follows :
 .RS
 .TP 0.2i
 \(bu
-lmhosts : 
+lmhosts: 
 Lookup an IP address in the Samba lmhosts file. If the 
 line in lmhosts has no name type attached to the 
 NetBIOS name 
-(see the lmhosts(5)
-for details) then any name type matches for lookup.
+(see the \fBlmhosts\fR(5) for details) 
+then any name type matches for lookup.
 .TP 0.2i
 \(bu
-host : 
+host: 
 Do a standard host name to IP address resolution, using
 the system \fI/etc/hosts\fR, NIS, or DNS
 lookups. This method of name resolution is operating 
@@ -68,14 +69,14 @@ if the NetBIOS name type being queried is the 0x20
 (server) name type, otherwise it is ignored.
 .TP 0.2i
 \(bu
-wins : 
+wins: 
 Query a name with the IP address listed in the 
 \fIwins server\fR parameter.  If no 
 WINS server has been specified this method will be 
 ignored.
 .TP 0.2i
 \(bu
-bcast : 
+bcast: 
 Do a broadcast on each of the known local interfaces 
 listed in the \fIinterfaces\fR
 parameter. This is the least reliable of the name 
@@ -84,14 +85,13 @@ being on a locally connected subnet.
 .RE
 
 If this parameter is not set then the name resolve order 
-defined in the \fIsmb.conf\fR file parameter  
-(name resolve order) will be used. 
+defined in the \fBsmb.conf\fR(5) file parameter  
+(\fIname resolve order\fR) will be used. 
 
 The default order is lmhosts, host, wins, bcast. Without 
 this parameter or any entry in the \fIname resolve order
-\fR parameter of the \fIsmb.conf\fR 
-file, the name resolution methods will be attempted in this 
-order. 
+\fR parameter of the \fBsmb.conf\fR(5) file, the name resolution methods 
+will be attempted in this order. 
 .TP
 \fB-d <debug level>\fR
 debug level is an integer from 0 to 10.
@@ -100,7 +100,7 @@ The default value if this parameter is not specified
 is zero.
 
 The higher this value, the more detail will be logged
-about the activities of \fBnmblookup\fR. At level
+about the activities of \fBnmblookup\fR(1). At level
 0, only critical errors and serious warnings will be logged.
 .TP
 \fB-l logfilename\fR
@@ -118,13 +118,11 @@ value is specified at compile time.
 To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password 
 that authenticates you to the machine running the Windows NT 
 operating system.
-.PP
 
 .nf
-	system% \fBsmbsh\fR
-	Username: \fBuser\fR
-	Password: \fBXXXXXXX\fR
-	
+system% \fBsmbsh\fR
+Username: \fBuser\fR
+Password: \fBXXXXXXX\fR
 .fi
 .PP
 Any dynamically linked command you execute from 
@@ -138,8 +136,7 @@ names for that machine. You could then, for example, use the \fB cd\fR command t
 edit files, and \fBrcp\fR  to copy files.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
-the Samba suite.
+This man page is correct for version 3.0 of the Samba suite.
 .SH "BUGS"
 .PP
 \fBsmbsh\fR works by intercepting the standard 
@@ -153,8 +150,7 @@ of UNIX have a \fBfile\fR command that will
 describe how a program was linked.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR 
-smb.conf(5)
+\fBsmbd\fR(8), \fBsmb.conf\fR(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -164,7 +160,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8
index 708b68b4d4..e532b8301f 100644
--- a/docs/manpages/smbspool.8
+++ b/docs/manpages/smbspool.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSPOOL" "8" "05 November 2002" "" ""
+.TH "SMBSPOOL" "8" "28 January 2003" "" ""
+
 .SH NAME
 smbspool \- send a print file to an SMB printer
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ smbspool \- send a print file to an SMB printer
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 smbspool is a very small print spooling program that 
 sends a print file to an SMB printer. The command-line arguments 
@@ -77,12 +78,10 @@ name of the file to print. If this argument is not specified
 then the print file is read from the standard input.
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
-the Samba suite.
+This man page is correct for version 2.2 of the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR 
-and samba(7)
+\fBsmbd\fR(8) and \fBSamba\fR(7).
 .SH "AUTHOR"
 .PP
 \fBsmbspool\fR was written by Michael Sweet 
@@ -95,7 +94,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1
index 0d2833025f..0b5a973f60 100644
--- a/docs/manpages/smbstatus.1
+++ b/docs/manpages/smbstatus.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSTATUS" "1" "05 November 2002" "" ""
+.TH "SMBSTATUS" "1" "28 January 2003" "" ""
+
 .SH NAME
 smbstatus \- report on current Samba connections
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ smbstatus \- report on current Samba connections
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBsmbstatus\fR is a very simple program to 
 list the current Samba connections.
@@ -39,7 +40,7 @@ causes smbstatus to only list locks.
 causes smbstatus to include byte range locks.
 .TP
 \fB-p|--processes\fR
-print a list of   \fBsmbd(8)\fR processes and exit. 
+print a list of \fBsmbd\fR(8) processes and exit. 
 Useful for scripting.
 .TP
 \fB-S|--shares\fR
@@ -48,8 +49,7 @@ causes smbstatus to only list shares.
 \fB-s|--conf=<configuration file>\fR
 The default configuration file name is
 determined at compile time. The file specified contains the
-configuration details required by the server. See \fIsmb.conf(5)\fR
- for more information.
+configuration details required by the server. See \fBsmb.conf\fR(5) for more information.
 .TP
 \fB-u|--user=<username>\fR
 selects information relevant to 
@@ -60,8 +60,7 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR and
-smb.conf(5)
+\fBsmbd\fR(8) and \fBsmb.conf\fR(5).
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -71,7 +70,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1
index 93077fc16d..54de9fcc80 100644
--- a/docs/manpages/smbtar.1
+++ b/docs/manpages/smbtar.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBTAR" "1" "05 November 2002" "" ""
+.TH "SMBTAR" "1" "28 January 2003" "" ""
+
 .SH NAME
 smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape drives
 .SH SYNOPSIS
@@ -12,11 +13,10 @@ smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape dri
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBsmbtar\fR is a very small shell script on top 
-of \fBsmbclient(1)\fR 
-which dumps SMB shares directly to tape. 
+of \fBsmbclient\fR(1) which dumps SMB shares directly to tape.
 .SH "OPTIONS"
 .TP
 \fB-s server\fR
@@ -72,8 +72,7 @@ from the tar file.
 .TP
 \fB-l log level\fR
 Log (debug) level. Corresponds to the 
-\fI-d\fR flag of \fBsmbclient(1)
-\fR. 
+\fI-d\fR flag of \fBsmbclient\fR(1).
 .SH "ENVIRONMENT VARIABLES"
 .PP
 The \fI$TAPE\fR variable specifies the 
@@ -91,18 +90,14 @@ on entire shares; should work on file lists. smbtar works best
 with GNU tar and may not work well with other versions. 
 .SH "DIAGNOSTICS"
 .PP
-See the \fBDIAGNOSTICS\fR section for the 
-\fBsmbclient(1)\fR 
- command.
+See the \fBDIAGNOSTICS\fR section for the \fBsmbclient\fR(1) command.
 .SH "VERSION"
 .PP
 This man page is correct for version 3.0 of 
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR 
-\fBsmbclient(1)\fR 
-smb.conf(5)
+\fBsmbd\fR(8), \fBsmbclient\fR(1), \fBsmb.conf\fR(5).
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -115,7 +110,7 @@ wrote the tar extension and this man page. The \fBsmbtar\fR
 script was heavily rewritten and improved by Martin Kraemer <URL:mailto:Martin.Kraemer@mch.sni.de>. Many 
 thanks to everyone who suggested extensions, improvements, bug 
 fixes, etc. The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter.
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8
index 013e5dd79e..c8eb19831e 100644
--- a/docs/manpages/smbumount.8
+++ b/docs/manpages/smbumount.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBUMOUNT" "8" "05 November 2002" "" ""
+.TH "SMBUMOUNT" "8" "28 January 2003" "" ""
+
 .SH NAME
 smbumount \- smbfs umount for normal users
 .SH SYNOPSIS
@@ -26,8 +27,7 @@ to make umount setuid root.
 The directory to unmount.
 .SH "SEE ALSO"
 .PP
-\fBsmbmount(8)\fR
-
+\fBsmbmount\fR(8)
 .SH "AUTHOR"
 .PP
 Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
@@ -40,4 +40,5 @@ The SAMBA Mailing list <URL:mailto:samba@samba.org>
 is the preferred place to ask questions regarding these programs.
 .PP
 The conversion of this manpage for Samba 2.2 was performed 
-by Gerald Carter
+by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
+was done by Alexander Bokovoy.
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
index 7ec1892131..8893484c2e 100644
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SWAT" "8" "05 November 2002" "" ""
+.TH "SWAT" "8" "28 January 2003" "" ""
+
 .SH NAME
 swat \- Samba Web Administration Tool
 .SH SYNOPSIS
@@ -12,10 +13,10 @@ swat \- Samba Web Administration Tool
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBswat\fR allows a Samba administrator to 
-configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition, 
+configure the complex \fBsmb.conf\fR(5) file via a Web browser. In addition, 
 a \fBswat\fR configuration page has help links 
 to all the configurable options in the \fIsmb.conf\fR file allowing an 
 administrator to easily look up the effects of any change. 
@@ -26,8 +27,8 @@ administrator to easily look up the effects of any change.
 \fB-s smb configuration file\fR
 The default configuration file path is 
 determined at compile time.  The file specified contains 
-the configuration details required by the \fBsmbd
-\fR server. This is the file that \fBswat\fR will modify. 
+the configuration details required by the \fBsmbd\fR(8) server. This is the file 
+that \fBswat\fR will modify. 
 The information in this file includes server-specific 
 information such as what printcap file to use, as well as 
 descriptions of all the services that the server is to provide.
@@ -106,26 +107,21 @@ This file must contain a mapping of service name
 (e.g., tcp).  
 .TP
 \fB\fI/usr/local/samba/lib/smb.conf\fB\fR
-This is the default location of the \fIsmb.conf(5)
-\fR server configuration file that swat edits. Other 
+This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits. Other 
 common places that systems install this file are \fI  /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf
 \fR.  This file describes all the services the server 
 is to make available to clients. 
 .SH "WARNINGS"
 .PP
-\fBswat\fR will rewrite your \fIsmb.conf
-\fR file. It will rearrange the entries and delete all 
+\fBswat\fR will rewrite your \fBsmb.conf\fR(5) file. It will rearrange the entries and delete all 
 comments, \fIinclude=\fR and \fIcopy=
 \fR options. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat! 
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
-the Samba suite.
+This man page is correct for version 2.2 of the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBinetd(5)\fR,
-\fBsmbd(8)\fR 
-smb.conf(5)
+\fBinetd(5)\fR, \fBsmbd\fR(8), \fBsmb.conf\fR(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -135,7 +131,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
+Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1
index 555c28c46c..fec26e18ae 100644
--- a/docs/manpages/testparm.1
+++ b/docs/manpages/testparm.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "TESTPARM" "1" "26 November 2002" "" ""
+.TH "TESTPARM" "1" "28 January 2003" "" ""
+
 .SH NAME
 testparm \- check an smb.conf configuration file for  internal correctness
 .SH SYNOPSIS
@@ -12,10 +13,10 @@ testparm \- check an smb.conf configuration file for  internal correctness
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBtestparm\fR is a very simple test program 
-to check an \fBsmbd\fR configuration file for 
+to check an \fBsmbd\fR(8) configuration file for 
 internal correctness. If this program reports no problems, you 
 can use the configuration file with confidence that \fBsmbd
 \fR will successfully load the configuration file.
@@ -49,9 +50,7 @@ This is useful for testing include files specified with the
 .TP
 \fB-v\fR
 If this option is specified, testparm 
-will also output all options that were not used in 
-\fIsmb.conf\fR and are thus set to
-their defaults.
+will also output all options that were not used in \fBsmb.conf\fR(5) and are thus set to their defaults.
 .TP
 \fB-t encoding\fR
 Output data in specified encoding.
@@ -59,13 +58,13 @@ Output data in specified encoding.
 \fBconfigfilename\fR
 This is the name of the configuration file 
 to check. If this parameter is not present then the 
-default \fIsmb.conf\fR file will be checked.  
+default \fBsmb.conf\fR(5) file will be checked.  
 .TP
 \fBhostname\fR
 If this parameter and the following are 
 specified, then \fBtestparm\fR will examine the \fIhosts
 allow\fR and \fIhosts deny\fR 
-parameters in the \fIsmb.conf\fR file to 
+parameters in the \fBsmb.conf\fR(5) file to 
 determine if the hostname with this IP address would be
 allowed access to the \fBsmbd\fR server.  If 
 this parameter is supplied, the hostIP parameter must also
@@ -77,9 +76,9 @@ in the previous parameter.  This address must be supplied
 if the hostname parameter is supplied. 
 .SH "FILES"
 .TP
-\fB\fIsmb.conf\fB\fR
+\fBsmb.conf(5)\fR
 This is usually the name of the configuration 
-file used by \fBsmbd\fR. 
+file used by \fBsmbd\fR(8). 
 .SH "DIAGNOSTICS"
 .PP
 The program will issue a message saying whether the 
@@ -93,8 +92,7 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fIsmb.conf(5)\fR 
-\fBsmbd(8)\fR
+\fBsmb.conf\fR(5), \fBsmbd\fR(8)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -104,7 +102,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1
index dc44a7d1bf..bb567b2a96 100644
--- a/docs/manpages/testprns.1
+++ b/docs/manpages/testprns.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "TESTPRNS" "1" "05 November 2002" "" ""
+.TH "TESTPRNS" "1" "28 January 2003" "" ""
+
 .SH NAME
 testprns \- check printer name for validity with smbd
 .SH SYNOPSIS
@@ -12,11 +13,11 @@ testprns \- check printer name for validity with smbd
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBtestprns\fR is a very simple test program 
 to determine whether a given printer name is valid for use in 
-a service to be provided by \fB smbd(8)\fR 
+a service to be provided by \fBsmbd\fR(8).
 .PP
 "Valid" in this context means "can be found in the 
 printcap specified". This program is very stupid - so stupid in 
@@ -34,8 +35,7 @@ Note that no validation or checking of the printcap syntax is
 done beyond that required to extract the printer name. It may
 be that the print spooling system is more forgiving or less 
 forgiving than \fBtestprns\fR. However, if 
-\fBtestprns\fR finds the printer then 
-\fBsmbd\fR should do so as well. 
+\fBtestprns\fR finds the printer then \fBsmbd\fR(8) should do so as well. 
 .TP
 \fBprintcapname\fR
 This is the name of the printcap file within
@@ -74,8 +74,7 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fIprintcap(5)\fR, 
-\fBsmbd(8)\fR 
-\fBsmbclient(1)\fR
+\fBsmbd\fR(8), \fBsmbclient\fR(1)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -85,7 +84,7 @@ to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+excellent piece of Open Source software, available at  ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
-Samba 2.2 was done by Gerald Carter
+Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+for Samba 3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1
index ced1038112..134ee79c47 100644
--- a/docs/manpages/vfstest.1
+++ b/docs/manpages/vfstest.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "VFSTEST" "1" "26 November 2002" "" ""
+.TH "VFSTEST" "1" "28 January 2003" "" ""
+
 .SH NAME
 vfstest \- tool for testing samba VFS modules
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ vfstest \- tool for testing samba VFS modules
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 \fBvfstest\fR is a small command line
 utility that has the ability to test dso samba VFS modules. It gives the
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index 312ef3acb2..b8ce01f1c1 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WBINFO" "1" "05 November 2002" "" ""
+.TH "WBINFO" "1" "28 January 2003" "" ""
+
 .SH NAME
 wbinfo \- Query information from winbind daemon
 .SH SYNOPSIS
@@ -12,53 +13,51 @@ wbinfo \- Query information from winbind daemon
 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite.
 .PP
 The \fBwbinfo\fR program queries and returns information 
-created and used by the \fB winbindd(8)\fR daemon. 
+created and used by the \fBwinbindd\fR(8) daemon. 
 .PP
-The \fBwinbindd(8)\fR daemon must be configured 
+The \fBwinbindd\fR(8) daemon must be configured 
 and running for the \fBwbinfo\fR program to be able 
 to return information.
 .SH "OPTIONS"
 .TP
 \fB-u\fR
 This option will list all users available 
-in the Windows NT domain for which the \fBwinbindd(8)
-\fR daemon is operating in. Users in all trusted domains 
+in the Windows NT domain for which the \fBwinbindd\fR(8) daemon is operating in. Users in all trusted domains 
 will also be listed.  Note that this operation does not assign 
-user ids to any users that have not already been seen by 
-\fBwinbindd(8)\fR.
+user ids to any users that have not already been seen by \fBwinbindd\fR(8)
+\&.
 .TP
 \fB-g\fR
 This option will list all groups available 
-in the Windows NT domain for which the \fBwinbindd(8)
-\fR daemon is operating in. Groups in all trusted domains
+in the Windows NT domain for which the \fBSamba\fR(7) daemon is operating in. Groups in all trusted domains
 will also be listed.  Note that this operation does not assign 
-group ids to any groups that have not already been seen by
-\fBwinbindd(8)\fR. 
+group ids to any groups that have not already been 
+seen by \fBwinbindd\fR(8). 
 .TP
 \fB-N name\fR
 The \fI-N\fR option 
-queries \fBwinbindd(8)\fR to query the WINS
+queries \fBwinbindd\fR(8) to query the WINS
 server for the IP address associated with the NetBIOS name
 specified by the \fIname\fR parameter.
 .TP
 \fB-I ip\fR
 The \fI-I\fR option 
-queries \fBwinbindd(8)\fR to send a node status
+queries \fBwinbindd\fR(8) to send a node status
 request to get the NetBIOS name associated with the IP address
 specified by the \fIip\fR parameter.
 .TP
 \fB-n name\fR
 The \fI-n\fR option 
-queries \fBwinbindd(8)\fR for the SID   
+queries \fBwinbindd\fR(8) for the SID   
 associated with the name specified. Domain names can be specified 
 before the user name by using the winbind separator character.  
 For example CWDOM1/Administrator refers to the Administrator
 user in the domain CWDOM1.  If no domain is specified then the 
-domain used is the one specified in the \fIsmb.conf\fR
-\fIworkgroup\fR parameter. 
+domain used is the one specified in the \fBsmb.conf\fR(5) \fIworkgroup
+\fR parameter. 
 .TP
 \fB-s sid\fR
 Use \fI-s\fR to resolve
@@ -79,11 +78,12 @@ the winbind gid range then the operation will fail.
 .TP
 \fB-S sid\fR
 Convert a SID to a UNIX user id.  If the SID 
-does not correspond to a UNIX user mapped by \fB  winbindd(8)\fR then the operation will fail. 
+does not correspond to a UNIX user mapped by \fBwinbindd\fR(8) then the operation will fail. 
 .TP
 \fB-Y sid\fR
 Convert a SID to a UNIX group id.  If the SID 
-does not correspond to a UNIX group mapped by \fB  winbindd(8)\fR then the operation will fail. 
+does not correspond to a UNIX group mapped by \fBwinbindd\fR(8) then 
+the operation will fail. 
 .TP
 \fB-t\fR
 Verify that the workstation trust account 
@@ -92,7 +92,7 @@ domain is working.
 .TP
 \fB-m\fR
 Produce a list of domains trusted by the 
-Windows NT server \fBwinbindd(8)\fR contacts 
+Windows NT server \fBwinbindd\fR(8) contacts 
 when resolving names.  This list does not include the Windows 
 NT domain the server is a Primary Domain Controller for.
 .TP
@@ -114,8 +114,7 @@ Windows 2000 servers only).
 .SH "EXIT STATUS"
 .PP
 The wbinfo program returns 0 if the operation 
-succeeded, or 1 if the operation failed.  If the \fBwinbindd(8)
-\fR daemon is not working \fBwbinfo\fR will always return 
+succeeded, or 1 if the operation failed.  If the \fBwinbindd\fR(8) daemon is not working \fBwbinfo\fR will always return 
 failure. 
 .SH "VERSION"
 .PP
@@ -123,8 +122,7 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBwinbindd(8)\fR
-
+\fBwinbindd\fR(8)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -136,4 +134,5 @@ to the way the Linux kernel is developed.
 were written by Tim Potter.
 .PP
 The conversion to DocBook for Samba 2.2 was done 
-by Gerald Carter
+by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
+3.0 was done by Alexander Bokovoy.
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index 8cfb403723..a46c0769b5 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -3,7 +3,8 @@
 .\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WINBINDD" "8" "03 January 2003" "" ""
+.TH "WINBINDD" "8" "18 February 2003" "" ""
+
 .SH NAME
 winbindd \- Name Service Switch daemon for resolving names  from NT servers
 .SH SYNOPSIS
@@ -12,7 +13,7 @@ winbindd \- Name Service Switch daemon for resolving names  from NT servers
 
 .SH "DESCRIPTION"
 .PP
-This program is part of the  Samba suite.
+This program is part of the \fBSamba\fR(7) suite.
 .PP
 \fBwinbindd\fR is a daemon that provides 
 a service for the Name Service Switch capability that is present 
@@ -59,13 +60,11 @@ For example, the following simple configuration in the
 \fI/etc/nsswitch.conf\fR file can be used to initially 
 resolve user and group information from \fI/etc/passwd
 \fR and \fI/etc/group\fR and then from the 
-Windows NT server. 
-.PP
+Windows NT server.
 
 .nf
 passwd:         files winbind
 group:          files winbind
-	
 .fi
 .PP
 The following simple configuration in the
@@ -122,7 +121,7 @@ Advantage of this is that responses are accurate and fast.
 .TP
 \fB-s|--conf=smb.conf\fR
 Specifies the location of the all-important
-\fIsmb.conf\fR file. 
+\fBsmb.conf\fR(5) file. 
 .SH "NAME AND ID RESOLUTION"
 .PP
 Users and groups on a Windows NT server are assigned 
@@ -147,8 +146,7 @@ and group rids.
 .SH "CONFIGURATION"
 .PP
 Configuration of the \fBwinbindd\fR daemon 
-is done through configuration parameters in the \fIsmb.conf(5)
-\fR file.  All parameters should be specified in the 
+is done through configuration parameters in the \fBsmb.conf\fR(5) file.  All parameters should be specified in the 
 [global] section of smb.conf. 
 .TP 0.2i
 \(bu
@@ -185,28 +183,23 @@ following setup. This was tested on a RedHat 6.2 Linux box.
 .PP
 In \fI/etc/nsswitch.conf\fR put the 
 following:
-.PP
 
 .nf
 passwd:     files winbind
 group:      files winbind
-	
 .fi
 .PP
-In \fI/etc/pam.d/*\fR replace the 
-\fIauth\fR lines with something like this: 
-.PP
+In \fI/etc/pam.d/*\fR replace the \fI auth\fR lines with something like this:
 
 .nf
 auth       required	/lib/security/pam_securetty.so
 auth       required	/lib/security/pam_nologin.so
 auth       sufficient	/lib/security/pam_winbind.so
 auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
-	
 .fi
 .PP
-Note in particular the use of the \fIsufficient\fR 
-keyword and the \fIuse_first_pass\fR keyword. 
+Note in particular the use of the \fIsufficient
+\fR keyword and the \fIuse_first_pass\fR keyword. 
 .PP
 Now replace the account lines with this: 
 .PP
@@ -216,25 +209,22 @@ Now replace the account lines with this:
 The next step is to join the domain. To do that use the 
 \fBsmbpasswd\fR program like this:  
 .PP
-\fBsmbpasswd -j DOMAIN -r PDC -U
-Administrator\fR
+\fBnet join -S PDC -U Administrator\fR
 .PP
 The username after the \fI-U\fR can be any
 Domain user that has administrator privileges on the machine.
-Substitute your domain name for "DOMAIN" and the name of your PDC
-for "PDC".
+Substitute the name or IP of your PDC for "PDC".
 .PP
 Next copy \fIlibnss_winbind.so\fR to 
-\fI/lib\fR and \fIpam_winbind.so\fR
-to \fI/lib/security\fR.  A symbolic link needs to be
+\fI/lib\fR and \fIpam_winbind.so
+\fR to \fI/lib/security\fR.  A symbolic link needs to be
 made from \fI/lib/libnss_winbind.so\fR to
 \fI/lib/libnss_winbind.so.2\fR.  If you are using an
 older version of glibc then the target of the link should be
 \fI/lib/libnss_winbind.so.1\fR.
 .PP
-Finally, setup a \fIsmb.conf\fR containing directives like the 
-following:  
-.PP
+Finally, setup a \fBsmb.conf\fR(5) containing directives like the 
+following:
 
 .nf
 [global]
@@ -247,7 +237,6 @@ following:
         workgroup = DOMAIN
         security = domain
         password server = *
-	
 .fi
 .PP
 Now start winbindd and you should find that your user and 
@@ -261,9 +250,9 @@ commands \fBgetent passwd\fR and \fBgetent group
 The following notes are useful when configuring and 
 running \fBwinbindd\fR: 
 .PP
-\fBnmbd\fR must be running on the local machine 
-for \fBwinbindd\fR to work. \fBwinbindd\fR
-queries the list of trusted domains for the Windows NT server
+\fBnmbd\fR(8) must be running on the local machine 
+for \fBwinbindd\fR to work. \fBwinbindd\fR queries
+the list of trusted domains for the Windows NT server
 on startup and when a SIGHUP is received.  Thus, for a running \fB winbindd\fR to become aware of new trust relationships between 
 servers, it must be sent a SIGHUP signal. 
 .PP
@@ -289,8 +278,8 @@ The following signals can be used to manipulate the
 \fBwinbindd\fR daemon. 
 .TP
 \fBSIGHUP\fR
-Reload the \fIsmb.conf(5)\fR
-file and apply any parameter changes to the running 
+Reload the \fBsmb.conf\fR(5) file and 
+apply any parameter changes to the running 
 version of winbindd.  This signal also clears any cached 
 user and group information.  The list of other domains trusted 
 by winbindd is also reloaded.  
@@ -333,10 +322,7 @@ This man page is correct for version 3.0 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fInsswitch.conf(5)\fR,
-samba(7)
-wbinfo(1)
-smb.conf(5)
+\fInsswitch.conf(5)\fR, \fBSamba\fR(7), \fBwbinfo\fR(8), \fBsmb.conf\fR(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -344,8 +330,9 @@ were created by Andrew Tridgell. Samba is now developed
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-\fBwbinfo\fR and \fBwinbindd\fR
-were written by Tim Potter.
+\fBwbinfo\fR and \fBwinbindd\fR were 
+written by Tim Potter.
 .PP
 The conversion to DocBook for Samba 2.2 was done 
-by Gerald Carter
+by Gerald Carter. The conversion to DocBook XML 4.2 for
+Samba 3.0 was done by Alexander Bokovoy.
-- 
cgit 


From 1d278baf06a0560b1e069a945b6db4af1c4f6f5e Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 19 Feb 2003 00:13:23 +0000
Subject: Remove reference to obsolete samba-bugs address. (This used to be
 commit 8e5f2ac3ca0b4cfb910f38532efb63526f28b579)

---
 source3/change-log | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/change-log b/source3/change-log
index 1f7798b541..71f5012484 100644
--- a/source3/change-log
+++ b/source3/change-log
@@ -2,7 +2,7 @@ SUPERCEDED Change Log for Samba
 ^^^^^^^^^^
 
 Unless otherwise attributed, all changes were made by 
-Andrew.Tridgell@anu.edu.au. All bugs to samba-bugs@samba.org.
+Andrew.Tridgell@anu.edu.au.
 
 NOTE: THIS LOG IS IN CHRONOLOGICAL ORDER
 
-- 
cgit 


From 46ae03ee59cf6783a10774a91d9d263fee4dc85a Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 19 Feb 2003 00:14:29 +0000
Subject: Remove reference to obsolete samba-bugs address.  Suggest people
 report trouble in the first instance to samba@lists. (This used to be commit
 f2a4c51983636b90b8e2942cca765740592e08f7)

---
 README | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README b/README
index 93c8cb133e..15363ce6ab 100644
--- a/README
+++ b/README
@@ -92,9 +92,9 @@ If you want to contribute to the development of the software then
 please join the mailing list. The Samba team accepts patches
 (preferably in "diff -u" format, see docs/BUGS.txt for more details)
 and are always glad to receive feedback or suggestions to the address
-samba-bugs@samba.org. We have recently put a new bug tracking
-system into place which should help the throughput quite a lot. You
-can also get the Samba sourcecode straight from the CVS tree - see
+samba@lists.samba.org.
+
+You can also get the Samba sourcecode straight from the CVS tree - see
 http://samba.org/cvs.html.
 
 You could also send hardware/software/money/jewelry or pizza
-- 
cgit 


From 11d873bebf9df83219019ea03d42f695ca5387a9 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 19 Feb 2003 00:16:25 +0000
Subject: Remove tridge's old home address, and old samba-bugs adddress.  He
 can add the new one if he wants.

(I wonder if the new owners of that house wonder why pizza keeps
turning up? :-)
(This used to be commit 92ab401656ac96a255ba2ef4121823d9cd57ccf8)
---
 README | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/README b/README
index 15363ce6ab..b4bd9a0f57 100644
--- a/README
+++ b/README
@@ -97,7 +97,7 @@ samba@lists.samba.org.
 You can also get the Samba sourcecode straight from the CVS tree - see
 http://samba.org/cvs.html.
 
-You could also send hardware/software/money/jewelry or pizza
+You could also send hardware/software/money/jewelry or pre-paid pizza
 vouchers directly to Andrew. The pizza vouchers would be especially
 welcome, in fact there is a special field in the survey for people who
 have paid up their pizza :-)
@@ -111,16 +111,6 @@ we get. If noone tells us they like it then we'll probably move onto
 something else. However, as you can see from the user survey quite a lot of 
 people do seem to like it at the moment :-)
 
-Andrew Tridgell
-Email: samba-bugs@samba.org
-
-3 Ballow Crescent
-Macgregor, A.C.T.
-2615 Australia
-
-Samba Team
-Email: samba-bugs@samba.org
-
 
 MORE INFO
 =========
-- 
cgit 


From 0ff05c7f66a6321bac3bb699e30a7c49ddbefdfd Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 19 Feb 2003 00:25:47 +0000
Subject: Remove old listproc address and webmaster mailing address.

(Is this file actually still used?  Perhaps it would be better to
include something from the web site instead.  I'm not going to merge
this across because I think it's dead.)
(This used to be commit 7096d5feb2e8be204881bdcb76ad08cc5aa4a79a)
---
 packaging/SGI/relnotes.html | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/packaging/SGI/relnotes.html b/packaging/SGI/relnotes.html
index afcf579677..d055be6c1a 100644
--- a/packaging/SGI/relnotes.html
+++ b/packaging/SGI/relnotes.html
@@ -205,17 +205,8 @@ printer name to describe its location.</DD>
 of the <B>docs</B> directory from the Samba distribution; consult <I>samba</I>(7)
 for an introduction. </P>
 
-<P>There is a mailing list for discussion of Samba. To subscribe send mail
-to <A HREF="mailto:listproc@samba.org">listproc@samba.org</A>
-with a body of &quot;subscribe samba Your Name&quot; </P>
-
-<P>To send mail to everyone on the list mail to <A HREF="mailto:samba@samba.org">samba@samba.org</A>.
-</P>
-
-<P>There is also an announcement mailing list where new versions are announced.
-To subscribe send mail to <A HREF="mailto:listproc@samba.org">listproc@samba.org</A>
-with a body of &quot;subscribe samba-announce Your Name&quot;. All announcements
-also go to the samba list. </P>
+<P>There is a mailing list for discussion of Samba.  To subscribe and
+      for more information go to <a href="http://lists.samba.org/">lists.samba.org</a>.
 
 <P>You might also like to look at the Usenet news group <A HREF="news:comp.protocols.smb">comp.protocols.smb</A>
 as it often contains lots of useful info and is frequented by lots of Samba
@@ -223,10 +214,10 @@ users. The newsgroup was initially setup by people on the Samba mailing
 list. It is not, however, exclusive to Samba, it is a forum for discussing
 the SMB protocol (which Samba implements). </P>
 
-<P>A Samba WWW site has been setup with lots of useful info. Connect to:
-<A HREF="http://samba.org/pub/samba/">http://samba.org/pub/samba/</A>.
-It is maintained by Paul Blackman (thanks Paul!). You can contact him at
-<A HREF="mailto:ictinus@lake.canberra.edu.au">ictinus@lake.canberra.edu.au</A>.
+<P>
+      A Samba WWW site has been setup with lots of useful info. Connect to:
+      <A HREF="http://samba.org/">http://samba.org/</A>.  You can
+      contact the webmaster at "webmaster at samba dot org".
 </P>
 
 </BODY>
-- 
cgit 


From a0913929ef6f1e34ff2654e8773c8bf45c6230af Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 00:27:38 +0000
Subject: base64_decode() with heimdal libs, so I've renamed it
 base64_decode_inplace(). (This used to be commit
 8c69212eeb4a0ec144b960d76319fd4940b8c239)

---
 source3/lib/util_str.c | 2 +-
 source3/web/cgi.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 8fe04f0f58..cc4b6fe5c5 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1585,7 +1585,7 @@ DATA_BLOB base64_decode_data_blob(const char *s)
 /**
  * Decode a base64 string in-place - wrapper for the above
  **/
-void base64_decode(char *s)
+void base64_decode_inplace(char *s)
 {
 	DATA_BLOB decoded = base64_decode_data_blob(s);
 	memcpy(s, decoded.data, decoded.length);
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 46f33789bf..8abc2f0bd5 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -306,7 +306,7 @@ static BOOL cgi_handle_authorization(char *line)
 	}
 	line += 6;
 	while (line[0] == ' ') line++;
-	base64_decode(line);
+	base64_decode_inplace(line);
 	if (!(p=strchr_m(line,':'))) {
 		/*
 		 * Always give the same error so a cracker
-- 
cgit 


From f5cc7f35e9b8feed0f274affc46fcc65f2e77466 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 19 Feb 2003 00:47:41 +0000
Subject: Remove old listproc address; update instructions for subscribing to
 the mailing list. (This used to be commit
 cab94c8a315ba7ad68e71c62c0d5fa3ab9a90661)

---
 README | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 52 insertions(+), 8 deletions(-)

diff --git a/README b/README
index b4bd9a0f57..cdc7e9e2a9 100644
--- a/README
+++ b/README
@@ -135,19 +135,63 @@ http://lists.samba.org/
 MAILING LIST
 ------------
 
-There is a mailing list for discussion of Samba. To subscribe send
-mail to listproc@samba.org with a body of "subscribe samba Your Name"
-Please do NOT send this request to the list alias instead.
+Please do NOT send subscription/unsubscription requests to the lists!
 
-To send mail to everyone on the list mail to samba@listproc.anu.edu.au
+There is a mailing list for discussion of Samba.  For details go to
+<http://lists.samba.org/> or send mail to <samba-subscribe@lists.samba.org>
 
 There is also an announcement mailing list where new versions are
-announced.  To subscribe send mail to listproc@samba.org with a
-body of "subscribe samba-announce Your Name". All announcements also
-go to the samba list.
+announced.  To subscribe go to <http://lists.samba.org/> or send mail
+to <samba-announce-subscribe@lists.samba.org>.  All announcements also
+go to the samba list, so you only need to be on one.
 
 For details of other Samba mailing lists and for access to archives, see
-http://lists.samba.org/
+<http://lists.samba.org/>
+
+
+MAILING LIST ETIQUETTE
+----------------------
+
+A few tips when submitting to this or any mailing list.
+
+1. Make your subject short and descriptive. Avoid the words "help" or
+   "Samba" in the subject. The readers of this list already know that
+   a) you need help, and b) you are writing about samba (of course,
+   you may need to distinguish between Samba PDC and other file
+   sharing software). Avoid phrases such as "what is" and "how do
+   i". Some good subject lines might look like "Slow response with
+   Excel files" or "Migrating from Samba PDC to NT PDC".
+
+2. If you include the original message in your reply, trim it so that
+   only the relevant lines, enough to establish context, are
+   included. Chances are (since this is a mailing list) we've already
+   read the original message.
+
+3. Trim irrelevant headers from the original message in your
+   reply. All we need to see is a) From, b) Date, and c) Subject. We
+   don't even really need the Subject, if you haven't changed
+   it. Better yet is to just preface the original message with "On
+   [date] [someone] wrote:".
+
+4. Please don't reply to or argue about spam, spam filters or viruses
+   on any Samba lists. We do have a spam filtering system that is
+   working quite well thank you very much but occasionally unwanted
+   messages slip through. Deal with it.
+
+5. Never say "Me too." It doesn't help anyone solve the
+   problem. Instead, if you ARE having the same problem, give more
+   information. Have you seen something that the other writer hasn't
+   mentioned, which may be helpful?
+
+6. If you ask about a problem, then come up with the solution on your
+   own or through another source, by all means post it. Someone else
+   may have the same problem and is waiting for an answer, but never
+   hears of it.
+
+7. Give as much *relevant* information as possible such as Samba
+   release number, OS, kernel version, etc...
+
+8. RTFM. Google. groups.google.com.
 
 
 NEWS GROUP
-- 
cgit 


From e354fd27cb05f9d6259ca480831e325d17cfefea Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 00:50:38 +0000
Subject: Add support for detecting method of listing encryption types (MIT v
 Heimdal) (This used to be commit 48dcf5b97f2d53617c41237e09369ec678ab65e9)

---
 source3/configure.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/configure.in b/source3/configure.in
index 77553cf5b7..b90d99bf3d 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2194,6 +2194,9 @@ fi
   AC_CHECK_LIB(krb5, krb5_auth_con_setkey, [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETKEY,1,[Whether krb5_auth_con_setkey is available])])
   AC_CHECK_LIB(krb5, krb5_auth_con_setuseruserkey, [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY,1,[Whether krb5_auth_con_setuseruserkey is available])])
   AC_CHECK_LIB(krb5, krb5_locate_kdc, [AC_DEFINE(HAVE_KRB5_LOCATE_KDC,1,[Whether krb5_locate_kdc is available])])
+  AC_CHECK_LIB(krb5, krb5_get_permitted_enctypes, [AC_DEFINE(HAVE_KRB5_GET_PERMITTED_ENCTYPES,1,[Whether krb5_get_permitted_enctypes is available])])
+  AC_CHECK_LIB(krb5, krb5_get_default_in_tkt_etypes, [AC_DEFINE(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES,1,[Whether krb5_get_default_in_tkt_etypes is available])])
+  AC_CHECK_LIB(krb5, krb5_free_ktypes, [AC_DEFINE(HAVE_KRB5_FREE_KTYPES,1,[Whether krb5_free_ktypes is available])])
 
 AC_CACHE_CHECK([for addrtype in krb5_address],samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
 AC_TRY_COMPILE([#include <krb5.h>],
-- 
cgit 


From adfefcdcb6e9d8ea0458a11b6f684a5cf231c3ba Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 01:16:40 +0000
Subject: Try to get heimdal working with HEAD. - Provide generic functions for
   - get valid encryption types   - free encryption types - Add encryption
 type parm to generic function create_kerberos_key_from_string() - Try to
 merge the two versions (between HEAD and SAMBA_3_0) of kerberos_verify.c

I think this should work for both MIT and heimdal, in HEAD.  If all goes smooth,
I'll move it over to 3.0 soon...
(This used to be commit 45e409fc8da9f26cf888e13d004392660d7c55d4)
---
 source3/include/includes.h       |  5 +++--
 source3/libads/kerberos_verify.c | 27 +++++++--------------------
 source3/libsmb/clikrb5.c         | 38 ++++++++++++++++++++++++++++++++++----
 3 files changed, 44 insertions(+), 26 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 988913d16c..c5738f0a61 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1224,11 +1224,12 @@ krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_con
 
 /* Samba wrapper function for krb5 functionality. */
 void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr);
-int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key);
+int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype);
 void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt);
 krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
 krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-
+krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
+void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
 #endif /* HAVE_KRB5 */
 
 #endif /* _INCLUDES_H */
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index c1402b1370..17fecf60c8 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -36,8 +36,6 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 	krb5_keytab keytab = NULL;
 	krb5_data packet;
 	krb5_ticket *tkt = NULL;
-	krb5_data salt;
-	krb5_encrypt_block eblock;
 	int ret, i;
 	krb5_keyblock * key;
 	krb5_principal host_princ;
@@ -92,17 +90,11 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
-	ret = krb5_principal2salt(context, host_princ, &salt);
-	if (ret) {
-		DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
-		return NT_STATUS_LOGON_FAILURE;
-	}
-    
 	if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
 		return NT_STATUS_NO_MEMORY;
 	}
 	
-	if ((ret = krb5_get_permitted_enctypes(context, &enctypes))) {
+	if ((ret = get_kerberos_allowed_etypes(context, &enctypes))) {
 		DEBUG(1,("krb5_get_permitted_enctypes failed (%s)\n", 
 			 error_message(ret)));
 		return NT_STATUS_LOGON_FAILURE;
@@ -110,10 +102,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 
 	/* we need to setup a auth context with each possible encoding type in turn */
 	for (i=0;enctypes[i];i++) {
-		krb5_use_enctype(context, &eblock, enctypes[i]);
-
-		ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
-		if (ret) {
+		if (create_kerberos_key_from_string(context, host_princ, &password, key, enctypes[i])) {
 			continue;
 		}
 
@@ -124,7 +113,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 
 		if (!(ret = krb5_rd_req(context, &auth_context, &packet, 
 				       NULL, keytab, NULL, &tkt))) {
-			krb5_free_ktypes(context, enctypes);
+			free_kerberos_etypes(context, enctypes);
 			auth_ok = True;
 			break;
 		}
@@ -133,6 +122,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 	if (!auth_ok) {
 		DEBUG(3,("krb5_rd_req with auth failed (%s)\n", 
 			 error_message(ret)));
+		SAFE_FREE(key);
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
@@ -140,11 +130,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 	file_save("/tmp/ticket.dat", ticket->data, ticket->length);
 #endif
 
-
-	if (tkt->enc_part2) {
-		*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
-				       tkt->enc_part2->authorization_data[0]->length);
-	}
+	get_auth_data_from_tkt(auth_data, tkt);
 
 #if 0
 	if (tkt->enc_part2) {
@@ -154,7 +140,8 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 	}
 #endif
 
-	if ((ret = krb5_unparse_name(context, tkt->enc_part2->client, principal))) {
+	if ((ret = krb5_unparse_name(context, get_principal_from_tkt(tkt),
+				     principal))) {
 		DEBUG(3,("krb5_unparse_name failed (%s)\n", 
 			 error_message(ret)));
 		return NT_STATUS_LOGON_FAILURE;
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index e380d80bcc..c13f663381 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -74,7 +74,8 @@
  int create_kerberos_key_from_string(krb5_context context,
 					krb5_principal host_princ,
 					krb5_data *password,
-					krb5_keyblock *key)
+					krb5_keyblock *key,
+					krb5_enctype enctype)
 {
 	int ret;
 	krb5_data salt;
@@ -85,14 +86,15 @@
 		DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
 		return ret;
 	}
-	krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
+	krb5_use_enctype(context, &eblock, enctype);
 	return krb5_string_to_key(context, &eblock, key, password, &salt);
 }
 #elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
  int create_kerberos_key_from_string(krb5_context context,
 					krb5_principal host_princ,
 					krb5_data *password,
-					krb5_keyblock *key)
+					krb5_keyblock *key,
+					krb5_enctype enctype)
 {
 	int ret;
 	krb5_salt salt;
@@ -102,13 +104,41 @@
 		DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
 		return ret;
 	}
-	return krb5_string_to_key_salt(context, ENCTYPE_DES_CBC_MD5, password->data,
+	return krb5_string_to_key_salt(context, enctype, password->data,
 		salt, key);
 }
 #else
  __ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS
 #endif
 
+#if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES)
+krb5_error_code get_kerberos_allowed_etypes(krb5_context context, 
+					    krb5_enctype **enctypes)
+{
+	return krb5_get_permitted_enctypes(context, enctypes);
+}
+#elif defined(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES)
+krb5_error_code get_kerberos_allowed_etypes(krb5_context context, 
+					    krb5_enctype **enctypes)
+{
+	return krb5_get_default_in_tkt_etypes(context, enctypes);
+}
+#else
+ __ERROR_XX_UNKNOWN_GET_ENCTYPES_FUNCTIONS
+#endif
+
+#if defined(HAVE_KRB5_FREE_KTYPES)
+void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes)
+{
+	return krb5_free_ktypes(context, enctypes);
+}
+#else
+void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes)
+{
+	return free(enctypes);
+}
+#endif
+
 #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
  krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
 					krb5_auth_context auth_context,
-- 
cgit 


From e7b5d059c2af0ffb71e3d6b12a35a1dcd3295942 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 19 Feb 2003 01:38:12 +0000
Subject: Bit of a hack job to prevent smbprn.XXX jobs appearing in the queue
 if the jobid is below the UNIX_JOB_START number. Jeremy. (This used to be
 commit e8a9bf67cbe5b3e33f99e6793fe4ec445d6e8819)

---
 source3/printing/printing.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 3bf992ad69..c9612ab3a9 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -579,11 +579,13 @@ static uint32 print_parse_jobid(char *fname)
  List a unix job in the print database.
 ****************************************************************************/
 
-static void print_unix_job(int snum, print_queue_struct *q)
+static void print_unix_job(int snum, print_queue_struct *q, uint32 jobid)
 {
-	uint32 jobid = q->job + UNIX_JOB_START;
 	struct printjob pj, *old_pj;
 
+	if (jobid == (uint32)-1)
+		jobid = q->job + UNIX_JOB_START;
+
 	/* Preserve the timestamp on an existing unix print job */
 
 	old_pj = print_job_find(snum, jobid);
@@ -597,11 +599,14 @@ static void print_unix_job(int snum, print_queue_struct *q)
 	pj.status = q->status;
 	pj.size = q->size;
 	pj.spooled = True;
-	pj.smbjob = False;
-	fstrcpy(pj.filename, "");
-	fstrcpy(pj.jobname, q->fs_file);
-	fstrcpy(pj.user, q->fs_user);
-	fstrcpy(pj.queuename, lp_const_servicename(snum));
+	pj.smbjob = (old_pj != NULL ? True : False);
+	fstrcpy(pj.filename, old_pj ? old_pj->filename : "");
+	if (jobid < UNIX_JOB_START)
+		fstrcpy(pj.jobname, old_pj ? old_pj->jobname : "Remote Downlevel Document");
+	else
+		fstrcpy(pj.jobname, old_pj ? old_pj->jobname : q->fs_file);
+	fstrcpy(pj.user, old_pj ? old_pj->user : q->fs_user);
+	fstrcpy(pj.queuename, old_pj ? old_pj->queuename : lp_const_servicename(snum));
 
 	pjob_store(snum, jobid, &pj);
 }
@@ -879,7 +884,7 @@ static void print_queue_update(int snum)
 
 		if (jobid == (uint32)-1) {
 			/* assume its a unix print job */
-			print_unix_job(snum, &queue[i]);
+			print_unix_job(snum, &queue[i], jobid);
 			continue;
 		}
 
@@ -889,7 +894,7 @@ static void print_queue_update(int snum)
 			/* err, somethings wrong. Probably smbd was restarted
 			   with jobs in the queue. All we can do is treat them
 			   like unix jobs. Pity. */
-			print_unix_job(snum, &queue[i]);
+			print_unix_job(snum, &queue[i], jobid);
 			continue;
 		}
 
-- 
cgit 


From b63edf9a28cf81536d45fbbe8021683262ff07a2 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 19 Feb 2003 02:34:33 +0000
Subject: Fix from Corny.Bondad@hp.com for missing if (setting_acls) on default
 perms. Jeremy. (This used to be commit
 ac96fa173cc3bd1c3226634154d6f99e4034179f)

---
 source3/smbd/posix_acls.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 2739f73b0a..a40fb4042f 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -699,11 +699,11 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 		pace->unix_ug.world = -1;
 		pace->trustee = global_sid_World;
 		pace->attr = ALLOW_ACE;
-		if (setting_acl)
+		if (setting_acl) {
 			pace->perms = 0;
-		else
+			apply_default_perms(fsp, pace, S_IROTH);
+		} else
 			pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
-		apply_default_perms(fsp, pace, S_IROTH);
 
 		DLIST_ADD(*pp_ace, pace);
 	}
-- 
cgit 


From 3b541bdcfe14d30d961a5de20d382af179c381ee Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 03:19:30 +0000
Subject: Get non-krb systems to compile.  How the heck do I keep something
 from being sucked into proto.h? (This used to be commit
 7e84497882df5bf933ab7ae7fe9af3728393202c)

---
 source3/include/includes.h |  2 +-
 source3/libsmb/clikrb5.c   | 17 +++++++++--------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index c5738f0a61..bb78ae0780 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1229,7 +1229,7 @@ void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt);
 krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
 krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
 krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
-void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
+krb5_error_code free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
 #endif /* HAVE_KRB5 */
 
 #endif /* _INCLUDES_H */
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index c13f663381..2e07dfdb66 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -127,17 +127,18 @@ krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
  __ERROR_XX_UNKNOWN_GET_ENCTYPES_FUNCTIONS
 #endif
 
-#if defined(HAVE_KRB5_FREE_KTYPES)
-void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes)
+ /* the following is defined as krb5_error_code to keep it from
+    being sucked into proto.h */
+krb5_error_code free_kerberos_etypes(krb5_context context, 
+				     krb5_enctype *enctypes)
 {
-	return krb5_free_ktypes(context, enctypes);
-}
+#if defined(HAVE_KRB5_FREE_KTYPES)
+	krb5_free_ktypes(context, enctypes);
 #else
-void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes)
-{
-	return free(enctypes);
-}
+	SAFE_FREE(enctypes);
 #endif
+	return 0;
+}
 
 #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
  krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
-- 
cgit 


From f145c2e350db43e401cd477eff89fdef136e7f6c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Feb 2003 10:12:14 +0000
Subject: Only do a kinit if we got told to use kerberos.

Andrew Bartlett
(This used to be commit 6af9ec50e010d171cf5287f40ec774e79e4a93fe)
---
 source3/libsmb/cliconnect.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 487b184dd6..c57f92eea9 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -630,19 +630,19 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, const char *user,
 	/* If password is set we reauthenticate to kerberos server
 	 * and do not store results */
 
-	if (*pass) {
-		int ret;
-
-		use_in_memory_ccache();
-		ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */);
-
-		if (ret){
-	  		DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
-			return False;
-		}
-	}
-
 	if (got_kerberos_mechanism && cli->use_kerberos) {
+		if (*pass) {
+			int ret;
+			
+			use_in_memory_ccache();
+			ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */);
+			
+			if (ret){
+				DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
+				return False;
+			}
+		}
+		
 		return cli_session_setup_kerberos(cli, principal, workgroup);
 	}
 #endif
-- 
cgit 


From 9e3198cca7068c5125542d661013c7ea48fb7106 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Feb 2003 11:30:09 +0000
Subject: Fix logfile formatting, we were missing a "\n" (This used to be
 commit 53b8f8a44141a9f6d36ed1b237ff65c67119edd0)

---
 source3/smbd/service.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index f9d84872d7..1c7e4017b0 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -364,14 +364,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 	} else if (vuser) {
 		if (vuser->guest) {
 			if (!lp_guest_ok(snum)) {
-				DEBUG(2, ("guest user (from session setup) not permitted to access this share (%s)", lp_servicename(snum)));
+				DEBUG(2, ("guest user (from session setup) not permitted to access this share (%s)\n", lp_servicename(snum)));
 				      conn_free(conn);
 				      *status = NT_STATUS_ACCESS_DENIED;
 				      return NULL;
 			}
 		} else {
 			if (!user_ok(vuser->user.unix_name, snum, vuser->groups, vuser->n_groups)) {
-				DEBUG(2, ("user '%s' (from session setup) not permitted to access this share (%s)", vuser->user.unix_name, lp_servicename(snum)));
+				DEBUG(2, ("user '%s' (from session setup) not permitted to access this share (%s)\n", vuser->user.unix_name, lp_servicename(snum)));
 				conn_free(conn);
 				*status = NT_STATUS_ACCESS_DENIED;
 				return NULL;
-- 
cgit 


From 231f7375590110046ed67b7b337ac2e12d257736 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Feb 2003 11:30:52 +0000
Subject: After a talloc_zero(), we don't need to ZERO_STRUCTP too.. (This used
 to be commit 4fe8066394143c64c79c052c00f0d747e872103a)

---
 source3/libsmb/ntlmssp.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index e4398dad17..e1509f6b63 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -307,8 +307,6 @@ NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ZERO_STRUCTP(*ntlmssp_state);
-
 	(*ntlmssp_state)->mem_ctx = mem_ctx;
 	(*ntlmssp_state)->get_challenge = get_challenge;
 
@@ -552,8 +550,6 @@ NTSTATUS ntlmssp_client_start(NTLMSSP_CLIENT_STATE **ntlmssp_state)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ZERO_STRUCTP(*ntlmssp_state);
-
 	(*ntlmssp_state)->mem_ctx = mem_ctx;
 
 	(*ntlmssp_state)->get_global_myname = global_myname;
-- 
cgit 


From 1f1125577c000ab72754af00cd83c57fadcc85f1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Feb 2003 11:33:35 +0000
Subject: Move to a in-memory ccache for winbind, and replace setenv()
 properly. (According to the manpages, you cannot put a stack variable into
 putenv()).

Yes, this leaks memory.

Andrew Bartlett
(This used to be commit 50bced1e26434ecc7474964062746e2831e5f433)
---
 source3/include/includes.h      |  4 ++++
 source3/lib/replace.c           | 18 ++++++++++++++++++
 source3/nsswitch/winbindd.h     | 14 --------------
 source3/nsswitch/winbindd_ads.c |  4 +---
 4 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index bb78ae0780..731d94996c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -966,6 +966,10 @@ size_t strnlen(const char *s, size_t n);
 unsigned long strtoul(const char *nptr, char **endptr, int base);
 #endif
 
+#ifndef HAVE_SETENV
+int setenv(const char *name, const char *value, int overwrite); 
+#endif
+
 #if (defined(USE_SETRESUID) && !defined(HAVE_SETRESUID_DECL))
 /* stupid glibc */
 int setresuid(uid_t ruid, uid_t euid, uid_t suid);
diff --git a/source3/lib/replace.c b/source3/lib/replace.c
index cd48b8d160..0c62ec9bfa 100644
--- a/source3/lib/replace.c
+++ b/source3/lib/replace.c
@@ -447,3 +447,21 @@ char *rep_inet_ntoa(struct in_addr ip)
 	return t;
 }
 #endif
+
+#ifndef HAVE_SETENV
+ int setenv(const char *name, const char *value, int overwrite) 
+{
+	char *p = NULL;
+	int ret = -1;
+
+	asprintf(&p, "%s=%s", name, value);
+
+	if (overwrite || getenv(name)) {
+		if (p) ret = putenv(p);
+	} else {
+		ret = 0;
+	}
+
+	return ret;	
+}
+#endif
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
index e8bcf76bd3..164b7ffda7 100644
--- a/source3/nsswitch/winbindd.h
+++ b/source3/nsswitch/winbindd.h
@@ -205,18 +205,4 @@ typedef struct {
 
 #define DOM_SEQUENCE_NONE ((uint32)-1)
 
-/* SETENV */
-#if HAVE_SETENV
-#define SETENV(name, value, overwrite) setenv(name,value,overwrite)
-#elif HAVE_PUTENV
-#define SETENV(name, value, overwrite)					 \
-{									 \
-	fstring envvar;							 \
-	slprintf(envvar, sizeof(fstring), "%s=%s", name, value);	 \
-	putenv(envvar);							 \
-}
-#else
-#define SETENV(name, value, overwrite) ;
-#endif
-
 #endif /* _WINBINDD_H */
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 7cea4aa716..be4ed1c667 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -46,9 +46,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 	}
 
 	/* we don't want this to affect the users ccache */
-	ccache = lock_path("winbindd_ccache");
-	SETENV("KRB5CCNAME", ccache, 1);
-	unlink(ccache);
+	setenv("KRB5CCNAME", "MEMORY:winbind_ccache", 1);
 
 	ads = ads_init(domain->alt_name, domain->name, NULL);
 	if (!ads) {
-- 
cgit 


From 39daab943dbf2f24d3d74fba5a8d76ef58b7dabf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Feb 2003 11:35:02 +0000
Subject: Check return values of various join-related functions, and ensure we
 always compare push_* returns with (size_t)-1, not < 0.

Andrew Bartlett
(This used to be commit 63f5e92536c6bcac54b796d6e91b755e7d328f66)
---
 source3/libads/ldap.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index c92e481078..b7cfc8d84c 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -426,10 +426,10 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path,
 		return ADS_ERROR(LDAP_NO_MEMORY);
 
 	/* 0 means the conversion worked but the result was empty 
-	   so we only fail if it's negative.  In any case, it always 
+	   so we only fail if it's -1.  In any case, it always 
 	   at least nulls out the dest */
-	if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) ||
-	    (push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) {
+	if ((push_utf8_talloc(ctx, &utf8_exp, exp) == (size_t)-1) ||
+	    (push_utf8_talloc(ctx, &utf8_path, bind_path) == (size_t)-1)) {
 		rc = LDAP_NO_MEMORY;
 		goto done;
 	}
@@ -652,8 +652,8 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
 	/* 0 means the conversion worked but the result was empty 
 	   so we only fail if it's negative.  In any case, it always 
 	   at least nulls out the dest */
-	if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) ||
-	    (push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) {
+	if ((push_utf8_talloc(ctx, &utf8_exp, exp) == (size_t)-1) ||
+	    (push_utf8_talloc(ctx, &utf8_path, bind_path) == (size_t)-1)) {
 		DEBUG(1,("ads_do_search: push_utf8_talloc() failed!"));
 		rc = LDAP_NO_MEMORY;
 		goto done;
@@ -1432,8 +1432,8 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
 	NTSTATUS    status;
 	ADS_STATUS  ret;
 	DOM_SID     sid;
-	SEC_DESC   *psd = 0;
-	TALLOC_CTX *ctx = 0;	
+	SEC_DESC   *psd = NULL;
+	TALLOC_CTX *ctx = NULL;	
 
 	/* Avoid segmentation fault in prs_mem_free if
 	 * we have to bail out before prs_init */
@@ -1464,7 +1464,11 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
 		goto ads_set_sd_error;
 	}
 
-	ads_pull_sid(ads, msg, attrs[1], &sid);	
+	if (!ads_pull_sid(ads, msg, attrs[1], &sid)) {
+		ret = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+		goto ads_set_sd_error;
+	}
+
 	if (!(ctx = talloc_init("sec_io_desc"))) {
 		ret =  ADS_ERROR(LDAP_NO_MEMORY);
 		goto ads_set_sd_error;
@@ -1482,7 +1486,10 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
 		goto ads_set_sd_error;
 	}
 
-	prs_init(&ps_wire, sd_size, ctx, MARSHALL);
+	if (!prs_init(&ps_wire, sd_size, ctx, MARSHALL)) {
+		ret = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+	}
+
 	if (!sec_io_desc("sd_wire", &psd, &ps_wire, 1)) {
 		ret = ADS_ERROR(LDAP_NO_MEMORY);
 		goto ads_set_sd_error;
-- 
cgit 


From 51521fab16c9982200c3c5cd829629a541eb6e29 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Feb 2003 12:05:21 +0000
Subject: Now we have setenv() in replace.c, we don't need a seperate copy
 here.

Andrew Bartlett
(This used to be commit c4834c46902380455d2ea1dd62661224e8d4eb11)
---
 source3/smbwrapper/smbsh.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/source3/smbwrapper/smbsh.c b/source3/smbwrapper/smbsh.c
index f9697223c4..d853aa1afc 100644
--- a/source3/smbwrapper/smbsh.c
+++ b/source3/smbwrapper/smbsh.c
@@ -92,7 +92,7 @@ int main(int argc, char *argv[])
 		smbw_setshared("PASSWORD", p);
 	}
 
-	smbw_setenv("PS1", "smbsh$ ");
+	setenv("PS1", "smbsh$ ");
 
 	sys_getwd(wd);
 
@@ -101,18 +101,18 @@ int main(int argc, char *argv[])
 	smbw_setshared(line, wd);
 
 	slprintf(line,sizeof(line)-1,"%s/smbwrapper.so", libd);
-	smbw_setenv("LD_PRELOAD", line);
+	etenv("LD_PRELOAD", line);
 
 	slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so", libd);
 
 	if (file_exist(line, NULL)) {
 		slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so:DEFAULT", libd);
-		smbw_setenv("_RLD_LIST", line);
+		setenv("_RLD_LIST", line);
 		slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd);
-		smbw_setenv("_RLDN32_LIST", line);
+		setenv("_RLDN32_LIST", line);
 	} else {
 		slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd);
-		smbw_setenv("_RLD_LIST", line);
+		setenv("_RLD_LIST", line);
 	}
 
 	{
-- 
cgit 


From 6540693fea3a61795801cfccd988b5552b8b307f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Feb 2003 12:19:52 +0000
Subject: Missed one use of SETENV.  (Compat macro no longer needed, as we have
 a replace.c function). (This used to be commit
 adad4c66fcfe756277de8c325ac9f8010f9d6f9c)

---
 source3/nsswitch/winbindd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index ddda2d5f8b..09b89462ec 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -790,7 +790,7 @@ static void usage(void)
 	/* Set environment variable so we don't recursively call ourselves.
 	   This may also be useful interactively. */
 
-	SETENV(WINBINDD_DONT_ENV, "1", 1);
+	setenv(WINBINDD_DONT_ENV, "1", 1);
 
 	/* Initialise samba/rpc client stuff */
 
-- 
cgit 


From 02cb49bffae34d0f373f5d400077a7a8b7e809b2 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Wed, 19 Feb 2003 13:24:06 +0000
Subject: Improve detection of iconv(3) for various platforms. M4 code is
 similar to what I use in Midgard for past few years, modified for Samba
 needs. (This used to be commit 747d2d70a9eb4d9222d7b63e5fcec269eda76672)

---
 source3/aclocal.m4         | 92 ++++++++++++++++++++++++++++++++++++++++++++++
 source3/configure.in       | 60 +++++++++++++++++++++---------
 source3/include/includes.h |  5 +++
 3 files changed, 140 insertions(+), 17 deletions(-)

diff --git a/source3/aclocal.m4 b/source3/aclocal.m4
index 5b1500106c..345be73aed 100644
--- a/source3/aclocal.m4
+++ b/source3/aclocal.m4
@@ -485,3 +485,95 @@ AC_DEFUN(LIB_REMOVE_USR_LIB,[
   done
   $1=[$]ac_new_flags
 ])
+
+dnl From Bruno Haible.
+
+AC_DEFUN(jm_ICONV,
+[
+  dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and
+  dnl those with the standalone portable libiconv installed).
+  AC_MSG_CHECKING(for iconv in $1)
+    jm_cv_func_iconv="no"
+    jm_cv_lib_iconv=no
+    jm_cv_giconv=no
+    AC_TRY_LINK([#include <stdlib.h>
+#include <giconv.h>],
+      [iconv_t cd = iconv_open("","");
+       iconv(cd,NULL,NULL,NULL,NULL);
+       iconv_close(cd);],
+      jm_cv_func_iconv=yes
+      jm_cv_giconv=yes)
+
+    if test "$jm_cv_func_iconv" != yes; then
+      AC_TRY_LINK([#include <stdlib.h>
+#include <iconv.h>],
+        [iconv_t cd = iconv_open("","");
+         iconv(cd,NULL,NULL,NULL,NULL);
+         iconv_close(cd);],
+        jm_cv_func_iconv=yes)
+
+        if test "$jm_cv_lib_iconv" != yes; then
+          jm_save_LIBS="$LIBS"
+          LIBS="$LIBS -lgiconv"
+          AC_TRY_LINK([#include <stdlib.h>
+#include <giconv.h>],
+            [iconv_t cd = iconv_open("","");
+             iconv(cd,NULL,NULL,NULL,NULL);
+             iconv_close(cd);],
+            jm_cv_lib_iconv=yes
+            jm_cv_func_iconv=yes
+            jm_cv_giconv=yes)
+          LIBS="$jm_save_LIBS"
+
+      if test "$jm_cv_func_iconv" != yes; then
+        jm_save_LIBS="$LIBS"
+        LIBS="$LIBS -liconv"
+        AC_TRY_LINK([#include <stdlib.h>
+#include <iconv.h>],
+          [iconv_t cd = iconv_open("","");
+           iconv(cd,NULL,NULL,NULL,NULL);
+           iconv_close(cd);],
+          jm_cv_lib_iconv=yes
+          jm_cv_func_iconv=yes)
+        LIBS="$jm_save_LIBS"
+        fi
+      fi
+    fi
+
+  if test "$jm_cv_func_iconv" = yes; then
+    if test "$jm_cv_giconv" = yes; then
+      AC_DEFINE(HAVE_GICONV, 1, [What header to include for iconv() function: giconv.h])
+      AC_MSG_RESULT(yes)
+      ICONV_FOUND=yes
+    else
+      AC_DEFINE(HAVE_ICONV, 1, [What header to include for iconv() function: iconv.h])
+      AC_MSG_RESULT(yes)
+      ICONV_FOUND=yes
+    fi
+  else
+    AC_MSG_RESULT(no)
+  fi
+  if test "$jm_cv_lib_iconv" = yes; then
+    if test "$jm_cv_giconv" = yes; then
+      LIBS="$LIBS -lgiconv"
+    else
+      LIBS="$LIBS -liconv"
+    fi
+  fi
+])
+
+dnl CFLAGS_ADD_DIR(CFLAGS, $INCDIR)
+dnl This function doesn't add -I/usr/include into CFLAGS
+AC_DEFUN(CFLAGS_ADD_DIR,[
+if test "$2" != "/usr/include" ; then
+    $1="$$1 -I$2"
+fi
+])
+
+dnl LIB_ADD_DIR(LDFLAGS, $LIBDIR)
+dnl This function doesn't add -L/usr/lib into LDFLAGS
+AC_DEFUN(LIB_ADD_DIR,[
+if test "$2" != "/usr/lib" ; then
+    $1="$$1 -L$2"
+fi
+])
diff --git a/source3/configure.in b/source3/configure.in
index b90d99bf3d..dfd97bc42f 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -1482,26 +1482,47 @@ if test x"$samba_cv_HAVE_UX_UT_SYSLEN" = x"yes"; then
 fi 
 
 
-#################################################
-# check for libiconv support
-AC_MSG_CHECKING(whether to use libiconv)
+ICONV_LOCATION=standard
+LOOK_DIRS="/usr /usr/local /sw"
 AC_ARG_WITH(libiconv,
 [  --with-libiconv=BASEDIR Use libiconv in BASEDIR/lib and BASEDIR/include (default=auto) ],
-[ case "$withval" in
-  no)
-    AC_MSG_RESULT(no)
-    ;;
-  *)
-    AC_MSG_RESULT(yes)
-    CFLAGS="$CFLAGS -I$withval/include"
-    LDFLAGS="$LDFLAGS -L$withval/lib"
-    AC_CHECK_LIB(iconv, iconv_open)
-    AC_DEFINE_UNQUOTED(WITH_LIBICONV, "${withval}",[Path to iconv])
-    ;;
-  esac ],
-  AC_MSG_RESULT(no)
-)
+[
+  if test "$withval" = "no" ; then
+    AC_MSG_ERROR(I won't take no for an answer)
+  else
+     if test "$withval" != "yes" ; then
+        LOOK_DIRS="$withval $LOOK_DIRS"
+     fi
+  fi
+])
 
+ICONV_FOUND="no"
+for i in $LOOK_DIRS ; do
+    save_LIBS=$LIBS
+    save_LDFLAGS=$LDFLAGS
+    save_CPPFLAGS=$CPPFLAGS
+    CPPFLAGS="-I$i/include"
+    LDFLAGS="-L$i/lib"
+    LIBS=
+    export LDFLAGS LIBS CPPFLAGS
+dnl Try to find iconv(3)
+    jm_ICONV($i)
+
+    CPPFLAGS=$save_CPPFLAGS
+    if test -n "$ICONV_FOUND" ; then
+        LDFLAGS=$save_LDFLAGS
+        LIB_ADD_DIR(LDFLAGS, "$i/lib")
+        CFLAGS_ADD_DIR(CPPFLAGS, "$i/include")
+        LIBS="$save_LIBS $LIBS"
+        ICONV_LOCATION=$i
+        export LDFLAGS LIBS CPPFLAGS
+        break
+    else
+	LDFLAGS=$save_LDFLAGS
+        LIBS=$save_LIBS
+        export LDFLAGS LIBS CPPFLAGS
+    fi
+done
 
 ############
 # check for iconv in libc
@@ -1519,6 +1540,11 @@ if test x"$samba_cv_HAVE_NATIVE_ICONV" = x"yes"; then
     AC_DEFINE(HAVE_NATIVE_ICONV,1,[Whether to use native iconv])
 fi
 
+if test x"$ICONV_FOUND" = x"no" -o x"$samba_cv_HAVE_NATIVE_ICONV" != x"yes" ; then
+    AC_MSG_WARN([Sufficient support for iconv function was not found. 
+    Install libiconv from http://freshmeat.net/projects/libiconv/ for better charset compatibility!])
+fi
+
 
 AC_CACHE_CHECK([for Linux kernel oplocks],samba_cv_HAVE_KERNEL_OPLOCKS_LINUX,[
 AC_TRY_RUN([
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 731d94996c..0d1c72cf1c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -393,8 +393,13 @@
 #endif /* HAVE_SYS_SHM_H */
 
 #ifdef HAVE_NATIVE_ICONV
+#ifdef HAVE_ICONV
 #include <iconv.h>
 #endif
+#ifdef HAVE_GICONV
+#include <giconv.h>
+#endif
+#endif
 
 #if HAVE_KRB5_H
 #include <krb5.h>
-- 
cgit 


From ad03d0a4f885a87b5dbe7c88e507b302cf06ece2 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 15:03:04 +0000
Subject: Fix segv in net ads join...an extra & was the culprit (This used to
 be commit 9874b233d55a0b1aea7eb033848f4b63a531833b)

---
 source3/libads/ldap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index b7cfc8d84c..67669fc078 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1506,7 +1506,7 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
 		ret = ADS_ERROR(LDAP_NO_MEMORY);
 		goto ads_set_sd_error;
 	}
-	prs_copy_all_data_out((char *)&bval.bv_val, &ps_wire);
+	prs_copy_all_data_out(bval.bv_val, &ps_wire);
 
 	ads_mod_ber(ctx, &mods, attrs[0], &bval);
 	ret = ads_gen_mod(ads, dn, mods);
-- 
cgit 


From ffcee0c95e05f652f4eebf9b9d46bd51d059891b Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 15:22:46 +0000
Subject: Correct way to keep fucntion from proto.h (This used to be commit
 762b072efb0d6801775a874494cb19ea3d61fa97)

---
 source3/include/includes.h |  2 +-
 source3/libsmb/clikrb5.c   | 11 ++++-------
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 0d1c72cf1c..5b4c5a695f 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1238,7 +1238,7 @@ void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt);
 krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
 krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
 krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
-krb5_error_code free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
+void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
 #endif /* HAVE_KRB5 */
 
 #endif /* _INCLUDES_H */
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 2e07dfdb66..da120622ea 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -127,17 +127,14 @@ krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
  __ERROR_XX_UNKNOWN_GET_ENCTYPES_FUNCTIONS
 #endif
 
- /* the following is defined as krb5_error_code to keep it from
-    being sucked into proto.h */
-krb5_error_code free_kerberos_etypes(krb5_context context, 
-				     krb5_enctype *enctypes)
+ void free_kerberos_etypes(krb5_context context, 
+			   krb5_enctype *enctypes)
 {
 #if defined(HAVE_KRB5_FREE_KTYPES)
-	krb5_free_ktypes(context, enctypes);
+	return krb5_free_ktypes(context, enctypes);
 #else
-	SAFE_FREE(enctypes);
+	return SAFE_FREE(enctypes);
 #endif
-	return 0;
 }
 
 #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
-- 
cgit 


From f15ed71fbba9d3762f4e8a1382b65d6291a2a065 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 15:46:15 +0000
Subject: Can't return SAFE_FREE...put on its own line. (This used to be commit
 9f1a4809b503f050189d5f87a294b7d8675b1e95)

---
 source3/libsmb/clikrb5.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index da120622ea..96e737166c 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -133,7 +133,8 @@ krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
 #if defined(HAVE_KRB5_FREE_KTYPES)
 	return krb5_free_ktypes(context, enctypes);
 #else
-	return SAFE_FREE(enctypes);
+	SAFE_FREE(enctypes);
+	return;
 #endif
 }
 
-- 
cgit 


From de88e704ceb74e4811f14845556d65449f9d592b Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 19 Feb 2003 20:37:34 +0000
Subject: libads/krb5_setpw.c (This used to be commit
 4c52d7bd933f61bdba3d4159a204fe16db3d4f0f)

---
 source3/libads/krb5_setpw.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index c3ec754e39..9d8fb8d24c 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -327,7 +327,8 @@ static krb5_error_code parse_setpw_reply(krb5_context context,
 				return KRB5KDC_ERR_BADOPTION;
 				break;
 			case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
-				return KV5M_ALT_METHOD;
+				return KRB5KDC_ERR_BADOPTION;
+				/* return KV5M_ALT_METHOD; MIT-only define */
 				break;
 			case KRB5_KPASSWD_ETYPE_NOSUPP:
 				return KRB5KDC_ERR_ETYPE_NOSUPP;
-- 
cgit 


From 29b94266df3df046bc545a466a9b505edd8b7ca8 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 19 Feb 2003 22:26:19 +0000
Subject: correct init for vfs.conn, thanks Stefan (This used to be commit
 162683d2b5c15016fe1423876589573b48b9f5a6)

---
 source3/torture/vfstest.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/torture/vfstest.c b/source3/torture/vfstest.c
index fef189844b..fd1f83109e 100644
--- a/source3/torture/vfstest.c
+++ b/source3/torture/vfstest.c
@@ -546,7 +546,8 @@ int main(int argc, char *argv[])
 	}
 
 	/* some basic initialization stuff */
-	vfs.conn = (struct connection_struct *)malloc(sizeof(struct connection_struct));
+	conn_init();
+	vfs.conn = conn_new();
 	vfs.conn->user = "vfstest";
 	for (i=0; i < 1024; i++)
 		vfs.files[i] = NULL;
-- 
cgit 


From 673cdea310f8447b138cd0c30b5c2313f5c9afe9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 19 Feb 2003 22:30:57 +0000
Subject: Fix inspired by Stefan (metze) Metzmacher - cache the sidtype also.
 Jeremy. (This used to be commit 634f20dff63d255c317f9dcc9f4caf4e8e79123c)

---
 source3/smbd/uid.c | 46 +++++++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 4ebee75a15..6ac3528b1a 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -551,19 +551,21 @@ static struct uid_sid_cache {
 	struct uid_sid_cache *next, *prev;
 	uid_t uid;
 	DOM_SID sid;
+	enum SID_NAME_USE sidtype;
 } *uid_sid_cache_head;
 
 static struct gid_sid_cache {
 	struct gid_sid_cache *next, *prev;
 	gid_t gid;
 	DOM_SID sid;
+	enum SID_NAME_USE sidtype;
 } *gid_sid_cache_head;
 
 /*****************************************************************
   Find a SID given a uid.
 *****************************************************************/  
 
-static BOOL fetch_sid_from_uid_cache(DOM_SID *psid, uid_t uid)
+static BOOL fetch_sid_from_uid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, uid_t uid)
 {
 	struct uid_sid_cache *pc;
 
@@ -571,6 +573,7 @@ static BOOL fetch_sid_from_uid_cache(DOM_SID *psid, uid_t uid)
 		if (pc->uid == uid) {
 			fstring sid;
 			*psid = pc->sid;
+			*psidtype = pc->sidtype;
 			DEBUG(3,("fetch sid from uid cache %u -> %s\n",
 				(unsigned int)uid, sid_to_string(sid, psid)));
 			DLIST_PROMOTE(uid_sid_cache_head, pc);
@@ -584,7 +587,7 @@ static BOOL fetch_sid_from_uid_cache(DOM_SID *psid, uid_t uid)
   Find a uid given a SID.
 *****************************************************************/  
 
-static BOOL fetch_uid_from_cache(uid_t *puid, const DOM_SID *psid)
+static BOOL fetch_uid_from_cache(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE sidtype)
 {
 	struct uid_sid_cache *pc;
 
@@ -605,7 +608,7 @@ static BOOL fetch_uid_from_cache(uid_t *puid, const DOM_SID *psid)
  Store uid to SID mapping in cache.
 *****************************************************************/  
 
-static void store_uid_sid_cache(const DOM_SID *psid, uid_t uid)
+static void store_uid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, uid_t uid)
 {
 	struct uid_sid_cache *pc;
 
@@ -629,6 +632,7 @@ static void store_uid_sid_cache(const DOM_SID *psid, uid_t uid)
 		return;
 	pc->uid = uid;
 	sid_copy(&pc->sid, psid);
+	pc->sidtype = sidtype;
 	DLIST_ADD(uid_sid_cache_head, pc);
 	n_uid_sid_cache++;
 }
@@ -637,7 +641,7 @@ static void store_uid_sid_cache(const DOM_SID *psid, uid_t uid)
   Find a SID given a gid.
 *****************************************************************/  
 
-static BOOL fetch_sid_from_gid_cache(DOM_SID *psid, gid_t gid)
+static BOOL fetch_sid_from_gid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, gid_t gid)
 {
 	struct gid_sid_cache *pc;
 
@@ -645,6 +649,7 @@ static BOOL fetch_sid_from_gid_cache(DOM_SID *psid, gid_t gid)
 		if (pc->gid == gid) {
 			fstring sid;
 			*psid = pc->sid;
+			*psidtype = pc->sidtype;
 			DEBUG(3,("fetch sid from gid cache %u -> %s\n",
 				(unsigned int)gid, sid_to_string(sid, psid)));
 			DLIST_PROMOTE(gid_sid_cache_head, pc);
@@ -658,7 +663,7 @@ static BOOL fetch_sid_from_gid_cache(DOM_SID *psid, gid_t gid)
   Find a gid given a SID.
 *****************************************************************/  
 
-static BOOL fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid)
+static BOOL fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE sidtype)
 {
 	struct gid_sid_cache *pc;
 
@@ -679,7 +684,7 @@ static BOOL fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid)
  Store gid to SID mapping in cache.
 *****************************************************************/  
 
-static void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
+static void store_gid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, gid_t gid)
 {
 	struct gid_sid_cache *pc;
 
@@ -703,6 +708,7 @@ static void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
 		return;
 	pc->gid = gid;
 	sid_copy(&pc->sid, psid);
+	pc->sidtype = sidtype;
 	DLIST_ADD(gid_sid_cache_head, pc);
 	n_gid_sid_cache++;
 }
@@ -717,9 +723,10 @@ static void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 {
 	uid_t low, high;
+	enum SID_NAME_USE sidtype;
 	fstring sid;
 
-	if (fetch_sid_from_uid_cache(psid, uid))
+	if (fetch_sid_from_uid_cache(psid, &sidtype, uid))
 		return psid;
 
 	if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
@@ -729,7 +736,7 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 				(unsigned int)uid, sid_to_string(sid, psid)));
 
 			if (psid)
-				store_uid_sid_cache(psid, uid);
+				store_uid_sid_cache(psid, SID_NAME_USER, uid);
 			return psid;
 		}
 	}
@@ -741,7 +748,7 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 
 	DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
 	if (psid)
-		store_uid_sid_cache(psid, uid);
+		store_uid_sid_cache(psid, SID_NAME_USER, uid);
 
 	return psid;
 }
@@ -755,9 +762,10 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 {
 	gid_t low, high;
+	enum SID_NAME_USE sidtype;
 	fstring sid;
 
-	if (fetch_sid_from_gid_cache(psid, gid))
+	if (fetch_sid_from_gid_cache(psid, &sidtype, gid))
 		return psid;
 
 	if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
@@ -767,7 +775,7 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 				(unsigned int)gid, sid_to_string(sid, psid)));
                         
 			if (psid)
-				store_gid_sid_cache(psid, gid);
+				store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
 			return psid;
 		}
 	}
@@ -776,7 +784,7 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 	psid = local_gid_to_sid(psid, gid);
 	DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
 	if (psid)
-		store_gid_sid_cache(psid, gid);
+		store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
 
 	return psid;
 }
@@ -792,7 +800,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 {
 	fstring sid_str;
 
-	if (fetch_uid_from_cache(puid, psid))
+	if (fetch_uid_from_cache(puid, psid, *sidtype))
 		return True;
 
 	/* if we know its local then don't try winbindd */
@@ -802,7 +810,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 		result = local_sid_to_uid(puid, psid, sidtype);
 		unbecome_root();
 		if (result)
-			store_uid_sid_cache(psid, *puid);
+			store_uid_sid_cache(psid, *sidtype, *puid);
 		return result;
 	}
 
@@ -853,7 +861,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 		result = local_sid_to_uid(puid, psid, sidtype);
 		unbecome_root();
 		if (result)
-			store_uid_sid_cache(psid, *puid);
+			store_uid_sid_cache(psid, *sidtype, *puid);
 		return result;
 	}
 
@@ -861,7 +869,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 		sid_to_string(sid_str, psid),
 		(unsigned int)*puid ));
 
-	store_uid_sid_cache(psid, *puid);
+	store_uid_sid_cache(psid, *sidtype, *puid);
 	return True;
 }
 
@@ -879,7 +887,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
 
 	*sidtype = SID_NAME_UNKNOWN;
 
-	if (fetch_gid_from_cache(pgid, psid))
+	if (fetch_gid_from_cache(pgid, psid, *sidtype))
 		return True;
 
 	/*
@@ -893,7 +901,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
 		result = local_sid_to_gid(pgid, psid, sidtype);
 		unbecome_root();
 		if (result)
-			store_gid_sid_cache(psid, *pgid);
+			store_gid_sid_cache(psid, *sidtype, *pgid);
 		return result;
 	}
 
@@ -932,7 +940,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
 		sid_to_string(sid_str, psid),
 		(unsigned int)*pgid ));
 
-	store_gid_sid_cache(psid, *pgid);
+	store_gid_sid_cache(psid, *sidtype, *pgid);
 	return True;
 }
 
-- 
cgit 


From 9061aae9b4bfed051b4c08b971561297710ef369 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Thu, 20 Feb 2003 03:33:20 +0000
Subject: (Merge from APPLIANCE_HEAD)

CR1829: Fix memory leak when unpacking 'B' buffers in Python.

(PyList_Append creates a new reference to the added object, and so we
have to release the existing one.)
(This used to be commit 55e114f596e0edfdf176cabdbcfe7f01fae6f8aa)
---
 source3/python/py_tdbpack.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/python/py_tdbpack.c b/source3/python/py_tdbpack.c
index 6181a4918e..8aa4ee316a 100644
--- a/source3/python/py_tdbpack.c
+++ b/source3/python/py_tdbpack.c
@@ -638,6 +638,9 @@ pytdbunpack_buffer(char **pbuf, int *plen, PyObject *val_list)
 	if (PyList_Append(val_list, str_obj) == -1)
 		goto failed;
 	
+	Py_DECREF(len_obj);
+	Py_DECREF(str_obj);
+	
 	return val_list;
 
   failed:
-- 
cgit 


From f8d9cf27266d9ce563011e44281483a4dfd0708f Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Thu, 20 Feb 2003 04:01:25 +0000
Subject: Doc (This used to be commit 5d7d400d6c49b195a1174ef40c7bf95065427fbd)

---
 source3/python/py_tdbpack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/python/py_tdbpack.c b/source3/python/py_tdbpack.c
index 8aa4ee316a..243cb44683 100644
--- a/source3/python/py_tdbpack.c
+++ b/source3/python/py_tdbpack.c
@@ -1,7 +1,7 @@
 /* -*- c-file-style: "python"; indent-tabs-mode: nil; -*-
 	 
    Python wrapper for Samba tdb pack/unpack functions
-   Copyright (C) Martin Pool 2002
+   Copyright (C) Martin Pool 2002, 2003
 
 
    NOTE PYTHON STYLE GUIDE
-- 
cgit 


From 215ff67a039d3dea516d70d538083db8833f7b7e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Feb 2003 10:43:21 +0000
Subject: for some (very weird) reason, the domain I was testing aginst would
 not return a DN for the user.  Make sure we don't segfault.

Andrew Bartlett
(This used to be commit 9fdedeff6a3a9f8e8d048e6afd7001ad676c4e91)
---
 source3/nsswitch/winbindd_ads.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index be4ed1c667..9560a53fa0 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -490,6 +490,10 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	}
 
 	user_dn = ads_pull_string(ads, mem_ctx, msg, "distinguishedName");
+	if (!user_dn) {
+		DEBUG(1,("lookup_usergroups(rid=%d) ads_search did not return a a distinguishedName!\n", user_rid));
+		goto done;
+	}
 
 	if (msg) ads_msgfree(ads, msg);
 
-- 
cgit 


From 512405321ac60ae8b1d6dd80139ff9a50add8714 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Feb 2003 10:50:09 +0000
Subject: Like for NTLM logins, lookup the 'winbind' user first, then the
 'local' user.

This needs to change, to be a SID->UID lookup from the PAC.

Andrew Bartlett
(This used to be commit 4071ed06a051f87f27e10510427a69fcdf45ddac)
---
 source3/smbd/sesssetup.c | 32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index e408cc88e9..3a3209f172 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -148,6 +148,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	DATA_BLOB auth_data;
 	auth_serversupplied_info *server_info = NULL;
 	ADS_STRUCT *ads;
+	BOOL foreign = False;
 
 	if (!spnego_parse_krb5_wrap(*secblob, &ticket)) {
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
@@ -185,12 +186,20 @@ static int reply_spnego_kerberos(connection_struct *conn,
 		if (!lp_allow_trusted_domains()) {
 			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 		}
-		/* this gives a fully qualified user name (ie. with full realm).
-		   that leads to very long usernames, but what else can we do? */
-		asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client);
-	} else {
-		user = strdup(client);
+		foreign = True;
+	}
+
+	/* this gives a fully qualified user name (ie. with full realm).
+	   that leads to very long usernames, but what else can we do? */
+	asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client);
+	
+	pw = Get_Pwnam(user);
+	if (!pw && !foreign) {
+		pw = Get_Pwnam(client);
+		SAFE_FREE(user);
+		user = smb_xstrdup(client);
 	}
+
 	ads_destroy(&ads);
 
 	/* setup the string used by %U */
@@ -198,19 +207,6 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
 	reload_services(True);
 
-	/* the password is good - let them in */
-	pw = Get_Pwnam(user);
-	if (!pw && !strstr(user, lp_winbind_separator())) {
-		char *user2;
-		/* try it with a winbind domain prefix */
-		asprintf(&user2, "%s%s%s", lp_workgroup(), lp_winbind_separator(), user);
-		pw = Get_Pwnam(user2);
-		if (pw) {
-			free(user);
-			user = user2;
-		}
-	}
-
 	if (!pw) {
 		DEBUG(1,("Username %s is invalid on this system\n",user));
 		return ERROR_NT(NT_STATUS_NO_SUCH_USER);
-- 
cgit 


From d7b4f389e98e6b9cf32965e4ff41d39aa0d2cd4b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Feb 2003 12:01:39 +0000
Subject: For a number of months now, support for being a domain member without
 also running winbind has been broken.  This fixes that, by removing
 assumptions about being able to call sid_to_uid() at will.  This whole area
 needs revising when we get groups into the PDB.

Andrew Bartlett
(This used to be commit 980eda74b7df347c38b567ce976197826963324a)
---
 source3/auth/auth_util.c | 39 ++++++++++++++-------------------------
 1 file changed, 14 insertions(+), 25 deletions(-)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5218467dab..352d058f20 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -641,34 +641,25 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
  * of groups.
  ******************************************************************************/
 
-static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid, 
+static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
 					       int *n_groups, DOM_SID **groups,	gid_t **unix_groups)
 {
 	uid_t             uid;
-	enum SID_NAME_USE snu;
-	fstring           str;
+	gid_t             gid;
 	int               n_unix_groups;
 	int               i;
 	struct passwd    *usr;	
-	
+
 	*n_groups = 0;
 	*groups   = NULL;
-	
-	if (!sid_to_uid(user_sid,  &uid, &snu)) {
-		DEBUG(2, ("get_user_groups_from_local_sam: Failed to convert user SID %s to a uid!\n", 
-			  sid_to_string(str, user_sid)));
-		/* This might be a non-unix account */
-		return NT_STATUS_OK;
-	}
 
-	/*
-	 * This is _essential_ to prevent occasional segfaults when
-	 * winbind can't find uid -> username mapping
-	 */
-	if (!(usr = getpwuid_alloc(uid))) {
-		DEBUG(0, ("Couldn't find passdb structure for UID = %d ! Aborting.\n", uid));
+	if (!IS_SAM_UNIX_USER(sampass)) {
+		DEBUG(1, ("user %s does not have a unix identity!\n", pdb_get_username(sampass)));
 		return NT_STATUS_NO_SUCH_USER;
-	};
+	}
+
+	uid = pdb_get_uid(sampass);
+	gid = pdb_get_gid(sampass);
 	
 	n_unix_groups = groups_max();
 	if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) {
@@ -677,7 +668,7 @@ static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid,
 		return NT_STATUS_NO_MEMORY;
 	}
 	
-	if (sys_getgrouplist(usr->pw_name, usr->pw_gid, *unix_groups, &n_unix_groups) == -1) {
+	if (sys_getgrouplist(pdb_get_username(sampass), gid, *unix_groups, &n_unix_groups) == -1) {
 		gid_t *groups_tmp;
 		groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups);
 		if (!groups_tmp) {
@@ -687,7 +678,7 @@ static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid,
 		}
 		*unix_groups = groups_tmp;
 
-		if (sys_getgrouplist(usr->pw_name, usr->pw_gid, *unix_groups, &n_unix_groups) == -1) {
+		if (sys_getgrouplist(pdb_get_username(sampass), gid, *unix_groups, &n_unix_groups) == -1) {
 			DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n"));
 			SAFE_FREE(*unix_groups);
 			passwd_free(&usr);
@@ -695,9 +686,7 @@ static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid,
 		}
 	}
 
-	debug_unix_user_token(DBGC_CLASS, 5, usr->pw_uid, usr->pw_gid, n_unix_groups, *unix_groups);
-
-	passwd_free(&usr);
+	debug_unix_user_token(DBGC_CLASS, 5, uid, gid, n_unix_groups, *unix_groups);
 	
 	if (n_unix_groups > 0) {
 		*groups   = malloc(sizeof(DOM_SID) * n_unix_groups);
@@ -763,7 +752,7 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 	}
 	
 	if (!NT_STATUS_IS_OK(nt_status 
-			     = get_user_groups_from_local_sam(pdb_get_user_sid(sampass), 
+			     = get_user_groups_from_local_sam(sampass, 
 		&n_groupSIDs, &groupSIDs, &unix_groups)))
 	{
 		DEBUG(4,("get_user_groups_from_local_sam failed\n"));
@@ -998,7 +987,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 	   returned to the caller. */
 	
 	if (!NT_STATUS_IS_OK(nt_status 
-			     = get_user_groups_from_local_sam(&user_sid, 
+			     = get_user_groups_from_local_sam(sam_account, 
 							      &n_lgroupSIDs, 
 							      &lgroupSIDs, 
 							      &unix_groups)))
-- 
cgit 


From 14401bb368464295936bd18fb011d551a36576ce Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 20 Feb 2003 18:54:12 +0000
Subject: Ensure tdb error code is set for corrupt and i/o errors before
 calling the log function. This allows the log function to take action.
 Jeremy. (This used to be commit 0fa310cbc3f7ced0b15be0ffaeb70dc82e1d5d12)

---
 source3/tdb/tdb.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/source3/tdb/tdb.c b/source3/tdb/tdb.c
index 8410538f01..097209ff7a 100644
--- a/source3/tdb/tdb.c
+++ b/source3/tdb/tdb.c
@@ -205,6 +205,11 @@ static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset,
 
 	if (ret == -1) {
 		if (!probe && lck_type != F_SETLK) {
+			/* Ensure error code is set for log fun to examine. */
+			if (errno == EINTR && palarm_fired && *palarm_fired)
+				tdb->ecode = TDB_ERR_LOCK_TIMEOUT;
+			else
+				tdb->ecode = TDB_ERR_LOCK;
 			TDB_LOG((tdb, 5,"tdb_brlock failed (fd=%d) at offset %d rw_type=%d lck_type=%d\n", 
 				 tdb->fd, offset, rw_type, lck_type));
 		}
@@ -312,6 +317,8 @@ static int tdb_oob(TDB_CONTEXT *tdb, tdb_off len, int probe)
 		return 0;
 	if (tdb->flags & TDB_INTERNAL) {
 		if (!probe) {
+			/* Ensure ecode is set for log fn. */
+			tdb->ecode = TDB_ERR_IO;
 			TDB_LOG((tdb, 0,"tdb_oob len %d beyond internal malloc size %d\n",
 				 (int)len, (int)tdb->map_size));
 		}
@@ -323,6 +330,8 @@ static int tdb_oob(TDB_CONTEXT *tdb, tdb_off len, int probe)
 
 	if (st.st_size < (size_t)len) {
 		if (!probe) {
+			/* Ensure ecode is set for log fn. */
+			tdb->ecode = TDB_ERR_IO;
 			TDB_LOG((tdb, 0,"tdb_oob len %d beyond eof at %d\n",
 				 (int)len, (int)st.st_size));
 		}
@@ -351,6 +360,8 @@ static int tdb_write(TDB_CONTEXT *tdb, tdb_off off, void *buf, tdb_len len)
 	else if (lseek(tdb->fd, off, SEEK_SET) != off
 		 || write(tdb->fd, buf, len) != (ssize_t)len) {
 #endif
+		/* Ensure ecode is set for log fn. */
+		tdb->ecode = TDB_ERR_IO;
 		TDB_LOG((tdb, 0,"tdb_write failed at %d len=%d (%s)\n",
 			   off, len, strerror(errno)));
 		return TDB_ERRCODE(TDB_ERR_IO, -1);
@@ -372,6 +383,8 @@ static int tdb_read(TDB_CONTEXT *tdb,tdb_off off,void *buf,tdb_len len,int cv)
 	else if (lseek(tdb->fd, off, SEEK_SET) != off
 		 || read(tdb->fd, buf, len) != (ssize_t)len) {
 #endif
+		/* Ensure ecode is set for log fn. */
+		tdb->ecode = TDB_ERR_IO;
 		TDB_LOG((tdb, 0,"tdb_read failed at %d len=%d (%s)\n",
 			   off, len, strerror(errno)));
 		return TDB_ERRCODE(TDB_ERR_IO, -1);
@@ -387,6 +400,8 @@ static char *tdb_alloc_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_len len)
 	char *buf;
 
 	if (!(buf = malloc(len))) {
+		/* Ensure ecode is set for log fn. */
+		tdb->ecode = TDB_ERR_OOM;
 		TDB_LOG((tdb, 0,"tdb_alloc_read malloc failed len=%d (%s)\n",
 			   len, strerror(errno)));
 		return TDB_ERRCODE(TDB_ERR_OOM, buf);
@@ -415,6 +430,8 @@ static int rec_read(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
 	if (tdb_read(tdb, offset, rec, sizeof(*rec),DOCONV()) == -1)
 		return -1;
 	if (TDB_BAD_MAGIC(rec)) {
+		/* Ensure ecode is set for log fn. */
+		tdb->ecode = TDB_ERR_CORRUPT;
 		TDB_LOG((tdb, 0,"rec_read bad magic 0x%x at offset=%d\n", rec->magic, offset));
 		return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
 	}
@@ -443,6 +460,8 @@ static int rec_free_read(TDB_CONTEXT *tdb, tdb_off off, struct list_struct *rec)
 	}
 
 	if (rec->magic != TDB_FREE_MAGIC) {
+		/* Ensure ecode is set for log fn. */
+		tdb->ecode = TDB_ERR_CORRUPT;
 		TDB_LOG((tdb, 0,"rec_free_read bad magic 0x%x at offset=%d\n", 
 			   rec->magic, off));
 		return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
-- 
cgit 


From 9d913a62ad8f4bac575a53c362d9d10fd6175c8c Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 20 Feb 2003 19:10:19 +0000
Subject: Remove obsolete files (This used to be commit
 f035cba2cf5764722318e9cd10dbe7bef56d0732)

---
 source3/rpcclient/display.c       | 1338 -------------------------------------
 source3/rpcclient/display_spool.c |  927 -------------------------
 source3/rpcclient/samsync.c       |  773 ---------------------
 3 files changed, 3038 deletions(-)
 delete mode 100644 source3/rpcclient/display.c
 delete mode 100644 source3/rpcclient/display_spool.c
 delete mode 100644 source3/rpcclient/samsync.c

diff --git a/source3/rpcclient/display.c b/source3/rpcclient/display.c
deleted file mode 100644
index d03465206e..0000000000
--- a/source3/rpcclient/display.c
+++ /dev/null
@@ -1,1338 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   Samba utility functions
-   Copyright (C) Andrew Tridgell 1992-1998
-   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1998
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-/****************************************************************************
-convert a share mode to a string
-****************************************************************************/
-char *get_file_mode_str(uint32 share_mode)
-{
-	static fstring mode;
-
-	switch (GET_DENY_MODE(share_mode))
-	{
-		case DENY_NONE : fstrcpy(mode, "DENY_NONE  "); break;
-		case DENY_ALL  : fstrcpy(mode, "DENY_ALL   "); break;
-		case DENY_DOS  : fstrcpy(mode, "DENY_DOS   "); break;
-		case DENY_READ : fstrcpy(mode, "DENY_READ  "); break;
-		case DENY_WRITE: fstrcpy(mode, "DENY_WRITE "); break;
-		case DENY_FCB:   fstrcpy(mode, "DENY_FCB "); break;
-		default        : fstrcpy(mode, "DENY_????  "); break;
-	}
-
-	switch (share_mode & 0xF)
-	{
-		case 0 : fstrcat(mode, "RDONLY"); break;
-		case 1 : fstrcat(mode, "WRONLY"); break;
-		case 2 : fstrcat(mode, "RDWR  "); break;
-		default: fstrcat(mode, "R??W??"); break;
-	}
-
-	return mode;
-}
-
-/****************************************************************************
-convert an oplock mode to a string
-****************************************************************************/
-char *get_file_oplock_str(uint32 op_type)
-{
-	static fstring oplock;
-	BOOL excl  = ((op_type & EXCLUSIVE_OPLOCK) != 0);
-	BOOL batch = ((op_type & BATCH_OPLOCK    ) != 0);
-
-	oplock[0] = 0;
-
-	if (excl           ) fstrcat(oplock, "EXCLUSIVE");
-	if (excl  &&  batch) fstrcat(oplock, "+");
-	if (          batch) fstrcat(oplock, "BATCH");
-	if (!excl && !batch) fstrcat(oplock, "NONE");
-
-	return oplock;
-}
-
-/****************************************************************************
-convert a share type enum to a string
-****************************************************************************/
-char *get_share_type_str(uint32 type)
-{
-	static fstring typestr;
-
-	switch (type)
-	{
-		case STYPE_DISKTREE: fstrcpy(typestr, "Disk"   ); break;
-		case STYPE_PRINTQ  : fstrcpy(typestr, "Printer"); break;	      
-		case STYPE_DEVICE  : fstrcpy(typestr, "Device" ); break;
-		case STYPE_IPC     : fstrcpy(typestr, "IPC"    ); break;      
-		default            : fstrcpy(typestr, "????"   ); break;      
-	}
-	return typestr;
-}
-
-/****************************************************************************
-convert a server type enum to a string
-****************************************************************************/
-char *get_server_type_str(uint32 type)
-{
-	static fstring typestr;
-
-	if (type == SV_TYPE_ALL)
-	{
-		fstrcpy(typestr, "All");
-	}
-	else
-	{
-		int i;
-		typestr[0] = 0;
-		for (i = 0; i < 32; i++)
-		{
-			if (type & (1 << i))
-			{
-				switch (((unsigned)1) << i)
-				{
-					case SV_TYPE_WORKSTATION      : fstrcat(typestr, "Wk " ); break;
-					case SV_TYPE_SERVER           : fstrcat(typestr, "Sv " ); break;
-					case SV_TYPE_SQLSERVER        : fstrcat(typestr, "Sql "); break;
-					case SV_TYPE_DOMAIN_CTRL      : fstrcat(typestr, "PDC "); break;
-					case SV_TYPE_DOMAIN_BAKCTRL   : fstrcat(typestr, "BDC "); break;
-					case SV_TYPE_TIME_SOURCE      : fstrcat(typestr, "Tim "); break;
-					case SV_TYPE_AFP              : fstrcat(typestr, "AFP "); break;
-					case SV_TYPE_NOVELL           : fstrcat(typestr, "Nov "); break;
-					case SV_TYPE_DOMAIN_MEMBER    : fstrcat(typestr, "Dom "); break;
-					case SV_TYPE_PRINTQ_SERVER    : fstrcat(typestr, "PrQ "); break;
-					case SV_TYPE_DIALIN_SERVER    : fstrcat(typestr, "Din "); break;
-					case SV_TYPE_SERVER_UNIX      : fstrcat(typestr, "Unx "); break;
-					case SV_TYPE_NT               : fstrcat(typestr, "NT " ); break;
-					case SV_TYPE_WFW              : fstrcat(typestr, "Wfw "); break;
-					case SV_TYPE_SERVER_MFPN      : fstrcat(typestr, "Mfp "); break;
-					case SV_TYPE_SERVER_NT        : fstrcat(typestr, "SNT "); break;
-					case SV_TYPE_POTENTIAL_BROWSER: fstrcat(typestr, "PtB "); break;
-					case SV_TYPE_BACKUP_BROWSER   : fstrcat(typestr, "BMB "); break;
-					case SV_TYPE_MASTER_BROWSER   : fstrcat(typestr, "LMB "); break;
-					case SV_TYPE_DOMAIN_MASTER    : fstrcat(typestr, "DMB "); break;
-					case SV_TYPE_SERVER_OSF       : fstrcat(typestr, "OSF "); break;
-					case SV_TYPE_SERVER_VMS       : fstrcat(typestr, "VMS "); break;
-					case SV_TYPE_WIN95_PLUS       : fstrcat(typestr, "W95 "); break;
-					case SV_TYPE_ALTERNATE_XPORT  : fstrcat(typestr, "Xpt "); break;
-					case SV_TYPE_LOCAL_LIST_ONLY  : fstrcat(typestr, "Dom "); break;
-					case SV_TYPE_DOMAIN_ENUM      : fstrcat(typestr, "Loc "); break;
-				}
-			}
-		}
-		i = strlen(typestr)-1;
-		if (typestr[i] == ' ') typestr[i] = 0;
-
-	}
-	return typestr;
-}
-
-/****************************************************************************
-server info level 101 display function
-****************************************************************************/
-void display_srv_info_101(FILE *out_hnd, enum action_type action,
-		SRV_INFO_101 *sv101)
-{
-	if (sv101 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "Server Info Level 101:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring name;
-			fstring comment;
-
-			rpcstr_pull(name, sv101->uni_name.buffer,  sizeof(name), sv101->uni_name.uni_str_len*2, 0);
-			rpcstr_pull(comment, sv101->uni_comment.buffer,  sizeof(comment), sv101->uni_comment.uni_str_len*2, 0);
-
-			display_server(out_hnd, action, name, sv101->srv_type, comment);
-
-			fprintf(out_hnd, "\tplatform_id     : %d\n"    , sv101->platform_id);
-			fprintf(out_hnd, "\tos version      : %d.%d\n" , sv101->ver_major, sv101->ver_minor);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-server info level 102 display function
-****************************************************************************/
-void display_srv_info_102(FILE *out_hnd, enum action_type action,SRV_INFO_102 *sv102)
-{
-	if (sv102 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "Server Info Level 102:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring name;
-			fstring comment;
-			fstring usr_path;
-
-			rpcstr_pull(name, sv102->uni_name.buffer,  sizeof(name), sv102->uni_name.uni_str_len*2, 0);
-			rpcstr_pull(comment, sv102->uni_comment.buffer,  sizeof(comment), sv102->uni_comment.uni_str_len*2, 0);
-			rpcstr_pull(usr_path, sv102->uni_usr_path.buffer,  sizeof(usr_path), sv102->uni_usr_path.uni_str_len*2, 0);
-
-			display_server(out_hnd, action, name, sv102->srv_type, comment);
-
-			fprintf(out_hnd, "\tplatform_id     : %d\n"    , sv102->platform_id);
-			fprintf(out_hnd, "\tos version      : %d.%d\n" , sv102->ver_major, sv102->ver_minor);
-
-			fprintf(out_hnd, "\tusers           : %x\n"    , sv102->users      );
-			fprintf(out_hnd, "\tdisc, hidden    : %x,%x\n" , sv102->disc     , sv102->hidden   );
-			fprintf(out_hnd, "\tannounce, delta : %d, %d\n", sv102->announce , sv102->ann_delta);
-			fprintf(out_hnd, "\tlicenses        : %d\n"    , sv102->licenses   );
-			fprintf(out_hnd, "\tuser path       : %s\n"    , usr_path);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-server info container display function
-****************************************************************************/
-void display_srv_info_ctr(FILE *out_hnd, enum action_type action,SRV_INFO_CTR *ctr)
-{
-	if (ctr == NULL || ctr->ptr_srv_ctr == 0)
-	{
-		fprintf(out_hnd, "Server Information: unavailable due to an error\n");
-		return;
-	}
-
-	switch (ctr->switch_value)
-	{
-		case 101:
-		{
-			display_srv_info_101(out_hnd, action, &(ctr->srv.sv101));
-			break;
-		}
-		case 102:
-		{
-			display_srv_info_102(out_hnd, action, &(ctr->srv.sv102));
-			break;
-		}
-		default:
-		{
-			fprintf(out_hnd, "Server Information: Unknown Info Level\n");
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-connection info level 0 display function
-****************************************************************************/
-void display_conn_info_0(FILE *out_hnd, enum action_type action,
-		CONN_INFO_0 *info0)
-{
-	if (info0 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "Connection Info Level 0:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fprintf(out_hnd, "\tid: %d\n", info0->id);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-connection info level 1 display function
-****************************************************************************/
-void display_conn_info_1(FILE *out_hnd, enum action_type action,
-		CONN_INFO_1 *info1, CONN_INFO_1_STR *str1)
-{
-	if (info1 == NULL || str1 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "Connection Info Level 1:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring usr_name;
-			fstring net_name;
-
-			rpcstr_pull(usr_name, str1->uni_usr_name.buffer, sizeof(usr_name), str1->uni_usr_name.uni_str_len*2,0);
-			rpcstr_pull(net_name, str1->uni_net_name.buffer, sizeof(net_name), str1->uni_net_name.uni_str_len*2,0);
-
-			fprintf(out_hnd, "\tid       : %d\n", info1->id);
-			fprintf(out_hnd, "\ttype     : %s\n", get_share_type_str(info1->type));
-			fprintf(out_hnd, "\tnum_opens: %d\n", info1->num_opens);
-			fprintf(out_hnd, "\tnum_users: %d\n", info1->num_users);
-			fprintf(out_hnd, "\topen_time: %d\n", info1->open_time);
-
-			fprintf(out_hnd, "\tuser name: %s\n", usr_name);
-			fprintf(out_hnd, "\tnet  name: %s\n", net_name);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-connection info level 0 container display function
-****************************************************************************/
-void display_srv_conn_info_0_ctr(FILE *out_hnd, enum action_type action,
-				SRV_CONN_INFO_0 *ctr)
-{
-	if (ctr == NULL)
-	{
-		fprintf(out_hnd, "display_srv_conn_info_0_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < ctr->num_entries_read; i++)
-			{
-				display_conn_info_0(out_hnd, ACTION_HEADER   , &(ctr->info_0[i]));
-				display_conn_info_0(out_hnd, ACTION_ENUMERATE, &(ctr->info_0[i]));
-				display_conn_info_0(out_hnd, ACTION_FOOTER   , &(ctr->info_0[i]));
-			}
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-connection info level 1 container display function
-****************************************************************************/
-void display_srv_conn_info_1_ctr(FILE *out_hnd, enum action_type action,
-				SRV_CONN_INFO_1 *ctr)
-{
-	if (ctr == NULL)
-	{
-		fprintf(out_hnd, "display_srv_conn_info_1_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < ctr->num_entries_read; i++)
-			{
-				display_conn_info_1(out_hnd, ACTION_HEADER   , &(ctr->info_1[i]), &(ctr->info_1_str[i]));
-				display_conn_info_1(out_hnd, ACTION_ENUMERATE, &(ctr->info_1[i]), &(ctr->info_1_str[i]));
-				display_conn_info_1(out_hnd, ACTION_FOOTER   , &(ctr->info_1[i]), &(ctr->info_1_str[i]));
-			}
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_srv_conn_info_ctr(FILE *out_hnd, enum action_type action,
-				SRV_CONN_INFO_CTR *ctr)
-{
-	if (ctr == NULL || ctr->ptr_conn_ctr == 0)
-	{
-		fprintf(out_hnd, "display_srv_conn_info_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (ctr->switch_value)
-	{
-		case 0:
-		{
-			display_srv_conn_info_0_ctr(out_hnd, action,
-			                   &(ctr->conn.info0));
-			break;
-		}
-		case 1:
-		{
-			display_srv_conn_info_1_ctr(out_hnd, action,
-			                   &(ctr->conn.info1));
-			break;
-		}
-		default:
-		{
-			fprintf(out_hnd, "display_srv_conn_info_ctr: Unknown Info Level\n");
-			break;
-		}
-	}
-}
-
-
-/****************************************************************************
-share info level 1 display function
-****************************************************************************/
-void display_share_info_1(FILE *out_hnd, enum action_type action,
-			  SRV_SHARE_INFO_1 *info1)
-{
-	if (info1 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "Share Info Level 1:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring remark  ;
-			fstring net_name;
-
-			rpcstr_pull(net_name, info1->info_1_str.uni_netname.buffer, sizeof(net_name), info1->info_1_str.uni_netname.uni_str_len*2, 0);
-			rpcstr_pull(remark, info1->info_1_str.uni_remark.buffer, sizeof(remark), info1->info_1_str.uni_remark.uni_str_len*2, 0);
-
-			display_share(out_hnd, action, net_name, info1->info_1.type, remark);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-share info level 2 display function
-****************************************************************************/
-void display_share_info_2(FILE *out_hnd, enum action_type action,
-			  SRV_SHARE_INFO_2 *info2)
-{
-	if (info2 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "Share Info Level 2:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring remark  ;
-			fstring net_name;
-			fstring path    ;
-			fstring passwd  ;
-
-			rpcstr_pull(net_name, info2->info_2_str.uni_netname.buffer, sizeof(net_name), info2->info_2_str.uni_netname.uni_str_len*2, 0);
-			rpcstr_pull(remark, info2->info_2_str.uni_remark.buffer, sizeof(remark), info2->info_2_str.uni_remark.uni_str_len*2, 0);
-			rpcstr_pull(path, info2->info_2_str.uni_path.buffer, sizeof(path), info2->info_2_str.uni_path.uni_str_len*2, 0);
-			rpcstr_pull(passwd, info2->info_2_str.uni_passwd.buffer, sizeof(passwd), info2->info_2_str.uni_passwd.uni_str_len*2, 0);
-
-			display_share2(out_hnd, action, net_name,
-			      info2->info_2.type, remark, info2->info_2.perms,
-			      info2->info_2.max_uses, info2->info_2.num_uses,
-			      path, passwd);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-share info container display function
-****************************************************************************/
-void display_srv_share_info_ctr(FILE *out_hnd, enum action_type action,
-				SRV_SHARE_INFO_CTR *ctr)
-{
-	if (ctr == NULL)
-	{
-		fprintf(out_hnd, "display_srv_share_info_ctr: unavailable due to an internal error\n");
-	return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < ctr->num_entries; i++)
-			{
-				switch (ctr->info_level) {
-				case 1:
-					display_share_info_1(out_hnd, ACTION_HEADER   , &(ctr->share.info1[i]));
-					display_share_info_1(out_hnd, ACTION_ENUMERATE, &(ctr->share.info1[i]));
-					display_share_info_1(out_hnd, ACTION_FOOTER   , &(ctr->share.info1[i]));
-					break;
-				case 2:
-					display_share_info_2(out_hnd, ACTION_HEADER   , &(ctr->share.info2[i]));
-					display_share_info_2(out_hnd, ACTION_ENUMERATE, &(ctr->share.info2[i]));
-					display_share_info_2(out_hnd, ACTION_FOOTER   , &(ctr->share.info2[i]));
-					break;
-				default:
-					fprintf(out_hnd, "display_srv_share_info_ctr: Unknown Info Level\n");
-					break;
-				}
-			}
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-file info level 3 display function
-****************************************************************************/
-void display_file_info_3(FILE *out_hnd, enum action_type action,
-		FILE_INFO_3 *info3, FILE_INFO_3_STR *str3)
-{
-	if (info3 == NULL || str3 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "File Info Level 3:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring path_name;
-			fstring user_name;
-
-			rpcstr_pull(path_name, str3->uni_path_name.buffer, sizeof(path_name), str3->uni_path_name.uni_str_len*2, 0);
-			rpcstr_pull(user_name, str3->uni_user_name.buffer, sizeof(user_name), str3->uni_user_name.uni_str_len*2, 0);
-
-			fprintf(out_hnd, "\tid       : %d\n", info3->id);
-			fprintf(out_hnd, "\tperms    : %s\n", get_file_mode_str(info3->perms));
-			fprintf(out_hnd, "\tnum_locks: %d\n", info3->num_locks);
-
-			fprintf(out_hnd, "\tpath name: %s\n", path_name);
-			fprintf(out_hnd, "\tuser name: %s\n", user_name);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-file info level 3 container display function
-****************************************************************************/
-void display_srv_file_info_3_ctr(FILE *out_hnd, enum action_type action,
-				SRV_FILE_INFO_3 *ctr)
-{
-	if (ctr == NULL)
-	{
-		fprintf(out_hnd, "display_srv_file_info_3_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < ctr->num_entries_read; i++)
-			{
-				display_file_info_3(out_hnd, ACTION_HEADER   , &(ctr->info_3[i]), &(ctr->info_3_str[i]));
-				display_file_info_3(out_hnd, ACTION_ENUMERATE, &(ctr->info_3[i]), &(ctr->info_3_str[i]));
-				display_file_info_3(out_hnd, ACTION_FOOTER   , &(ctr->info_3[i]), &(ctr->info_3_str[i]));
-			}
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-file info container display function
-****************************************************************************/
-void display_srv_file_info_ctr(FILE *out_hnd, enum action_type action,
-				SRV_FILE_INFO_CTR *ctr)
-{
-	if (ctr == NULL || ctr->ptr_file_ctr == 0)
-	{
-		fprintf(out_hnd, "display_srv_file_info_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (ctr->switch_value)
-	{
-		case 3:
-		{
-			display_srv_file_info_3_ctr(out_hnd, action,
-			                   &(ctr->file.info3));
-			break;
-		}
-		default:
-		{
-			fprintf(out_hnd, "display_srv_file_info_ctr: Unknown Info Level\n");
-			break;
-		}
-	}
-}
-
-/****************************************************************************
- print browse connection on a host
- ****************************************************************************/
-void display_server(FILE *out_hnd, enum action_type action,
-				char *sname, uint32 type, char *comment)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fprintf(out_hnd, "\t%-15.15s%-20s %s\n",
-			                 sname, get_server_type_str(type), comment);
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-print shares on a host
-****************************************************************************/
-void display_share(FILE *out_hnd, enum action_type action,
-				char *sname, uint32 type, char *comment)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fprintf(out_hnd, "\t%-15.15s%-10.10s%s\n",
-			                 sname, get_share_type_str(type), comment);
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-
-/****************************************************************************
-print shares on a host, level 2
-****************************************************************************/
-void display_share2(FILE *out_hnd, enum action_type action,
-				char *sname, uint32 type, char *comment,
-				uint32 perms, uint32 max_uses, uint32 num_uses,
-				char *path, char *passwd)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fprintf(out_hnd, "\t%-15.15s%-10.10s%s %x %x %x %s %s\n",
-			                 sname, get_share_type_str(type), comment,
-			                 perms, max_uses, num_uses, path, passwd);
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-
-/****************************************************************************
-print name info
-****************************************************************************/
-void display_name(FILE *out_hnd, enum action_type action,
-				char *sname)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fprintf(out_hnd, "\t%-21.21s\n", sname);
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-
-/****************************************************************************
- display group rid info
- ****************************************************************************/
-void display_group_rid_info(FILE *out_hnd, enum action_type action,
-				uint32 num_gids, DOM_GID *gid)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			if (num_gids == 0)
-			{
-				fprintf(out_hnd, "\tNo Groups\n");
-			}
-			else
-			{
-				fprintf(out_hnd, "\tGroup Info\n");
-				fprintf(out_hnd, "\t----------\n");
-			}
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < num_gids; i++)
-			{
-				fprintf(out_hnd, "\tGroup RID: %8x attr: %x\n",
-								  gid[i].g_rid, gid[i].attr);
-			}
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-}
-
-
-/****************************************************************************
- display alias name info
- ****************************************************************************/
-void display_alias_name_info(FILE *out_hnd, enum action_type action,
-				uint32 num_aliases, fstring *alias_name, uint32 *num_als_usrs)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			if (num_aliases == 0)
-			{
-				fprintf(out_hnd, "\tNo Aliases\n");
-			}
-			else
-			{
-				fprintf(out_hnd, "\tAlias Names\n");
-				fprintf(out_hnd, "\t----------- \n");
-			}
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < num_aliases; i++)
-			{
-				fprintf(out_hnd, "\tAlias Name: %s Attributes: %3d\n",
-								  alias_name[i], num_als_usrs[i]);
-			}
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-}
-
-
-/****************************************************************************
- display sam_user_info_21 structure
- ****************************************************************************/
-void display_sam_user_info_21(FILE *out_hnd, enum action_type action, SAM_USER_INFO_21 *usr)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "\tUser Info, Level 0x15\n");
-			fprintf(out_hnd, "\t---------------------\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			pstring tmp;
-			rpcstr_pull(tmp, usr->uni_user_name.buffer, sizeof(tmp),usr->uni_user_name.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tUser Name   : %s\n", tmp); /* username unicode string */
-			rpcstr_pull(tmp, usr->uni_full_name.buffer, sizeof(tmp),usr->uni_full_name.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tFull Name   : %s\n", tmp); /* user's full name unicode string */
-			rpcstr_pull(tmp, usr->uni_home_dir.buffer, sizeof(tmp),usr->uni_home_dir.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tHome Drive  : %s\n", tmp); /* home directory unicode string */
-			rpcstr_pull(tmp, usr->uni_dir_drive.buffer, sizeof(tmp),usr->uni_dir_drive.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tDir Drive   : %s\n", tmp); /* home directory drive unicode string */
-			rpcstr_pull(tmp, usr->uni_profile_path.buffer, sizeof(tmp),usr->uni_profile_path.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tProfile Path: %s\n", tmp); /* profile path unicode string */
-			rpcstr_pull(tmp, usr->uni_logon_script.buffer, sizeof(tmp),usr->uni_logon_script.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tLogon Script: %s\n", tmp); /* logon script unicode string */
-			rpcstr_pull(tmp, usr->uni_acct_desc.buffer, sizeof(tmp),usr->uni_acct_desc.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tDescription : %s\n", tmp); /* user description unicode string */
-			rpcstr_pull(tmp, usr->uni_workstations.buffer, sizeof(tmp),usr->uni_workstations.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tWorkstations: %s\n", tmp); /* workstaions unicode string */
-			rpcstr_pull(tmp, usr->uni_unknows_str.buffer, sizeof(tmp),usr->uni_unknown_str.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tUnknown Str : %s\n", tmp); /* unknown string unicode string */
-			rpcstr_pull(tmp, usr->uni_munged_dial.buffer, sizeof(tmp),usr->uni_munged_dial.uni_str_len*2, 0);
-			fprintf(out_hnd, "\t\tRemote Dial : %s\n", tmp); /* munged remote access unicode string */
-
-			fprintf(out_hnd, "\t\tLogon Time               : %s\n", http_timestring(nt_time_to_unix(&(usr->logon_time           ))));
-			fprintf(out_hnd, "\t\tLogoff Time              : %s\n", http_timestring(nt_time_to_unix(&(usr->logoff_time          ))));
-			fprintf(out_hnd, "\t\tKickoff Time             : %s\n", http_timestring(nt_time_to_unix(&(usr->kickoff_time         ))));
-			fprintf(out_hnd, "\t\tPassword last set Time   : %s\n", http_timestring(nt_time_to_unix(&(usr->pass_last_set_time   ))));
-			fprintf(out_hnd, "\t\tPassword can change Time : %s\n", http_timestring(nt_time_to_unix(&(usr->pass_can_change_time ))));
-			fprintf(out_hnd, "\t\tPassword must change Time: %s\n", http_timestring(nt_time_to_unix(&(usr->pass_must_change_time))));
-			
-			fprintf(out_hnd, "\t\tunknown_2[0..31]...\n"); /* user passwords? */
-
-			fprintf(out_hnd, "\t\tuser_rid : %x\n"  , usr->user_rid ); /* User ID */
-			fprintf(out_hnd, "\t\tgroup_rid: %x\n"  , usr->group_rid); /* Group ID */
-			fprintf(out_hnd, "\t\tacb_info : %04x\n", usr->acb_info ); /* Account Control Info */
-
-			fprintf(out_hnd, "\t\tunknown_3: %08x\n", usr->unknown_3); /* 0x00ff ffff */
-			fprintf(out_hnd, "\t\tlogon_divs: %d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
-			fprintf(out_hnd, "\t\tunknown_5: %08x\n", usr->unknown_5); /* 0x0002 0000 */
-
-			fprintf(out_hnd, "\t\tpadding1[0..7]...\n");
-
-			if (usr->ptr_logon_hrs)
-			{
-				fprintf(out_hnd, "\t\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
-			}
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-}
-
-
-/****************************************************************************
-convert a security permissions into a string
-****************************************************************************/
-char *get_sec_mask_str(uint32 type)
-{
-	static fstring typestr;
-	int i;
-
-	switch (type)
-	{
-		case SEC_RIGHTS_FULL_CONTROL:
-		{
-			fstrcpy(typestr, "Full Control");
-			return typestr;
-		}
-
-		case SEC_RIGHTS_READ:
-		{
-			fstrcpy(typestr, "Read");
-			return typestr;
-		}
-		default:
-		{
-			break;
-		}
-	}
-
-	typestr[0] = 0;
-	for (i = 0; i < 32; i++)
-	{
-		if (type & (1 << i))
-		{
-			switch (((unsigned)1) << i)
-			{
-				case SEC_RIGHTS_QUERY_VALUE    : fstrcat(typestr, "Query " ); break;
-				case SEC_RIGHTS_SET_VALUE      : fstrcat(typestr, "Set " ); break;
-				case SEC_RIGHTS_CREATE_SUBKEY  : fstrcat(typestr, "Create "); break;
-				case SEC_RIGHTS_ENUM_SUBKEYS   : fstrcat(typestr, "Enum "); break;
-				case SEC_RIGHTS_NOTIFY         : fstrcat(typestr, "Notify "); break;
-				case SEC_RIGHTS_CREATE_LINK    : fstrcat(typestr, "CreateLink "); break;
-				case SEC_RIGHTS_DELETE         : fstrcat(typestr, "Delete "); break;
-				case SEC_RIGHTS_READ_CONTROL   : fstrcat(typestr, "ReadControl "); break;
-				case SEC_RIGHTS_WRITE_DAC      : fstrcat(typestr, "WriteDAC "); break;
-				case SEC_RIGHTS_WRITE_OWNER    : fstrcat(typestr, "WriteOwner "); break;
-			}
-			type &= ~(1 << i);
-		}
-	}
-
-	/* remaining bits get added on as-is */
-	if (type != 0)
-	{
-		fstring tmp;
-		slprintf(tmp, sizeof(tmp)-1, "[%08x]", type);
-		fstrcat(typestr, tmp);
-	}
-
-	/* remove last space */
-	i = strlen(typestr)-1;
-	if (typestr[i] == ' ') typestr[i] = 0;
-
-	return typestr;
-}
-
-/****************************************************************************
- display sec_access structure
- ****************************************************************************/
-void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *info)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fprintf(out_hnd, "\t\tPermissions: %s\n",
-			        get_sec_mask_str(info->mask));
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
- display sec_ace structure
- ****************************************************************************/
-void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *ace)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "\tACE\n");
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring sid_str;
-
-			display_sec_access(out_hnd, ACTION_HEADER   , &ace->info);
-			display_sec_access(out_hnd, ACTION_ENUMERATE, &ace->info);
-			display_sec_access(out_hnd, ACTION_FOOTER   , &ace->info);
-
-			sid_to_string(sid_str, &ace->sid);
-			fprintf(out_hnd, "\t\tSID: %s\n", sid_str);
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
- display sec_acl structure
- ****************************************************************************/
-void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *sec_acl)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
-			                 sec_acl->num_aces, sec_acl->revision); 
-			fprintf(out_hnd, "\t---\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			if (sec_acl->size != 0 && sec_acl->num_aces != 0)
-			{
-				int i;
-				for (i = 0; i < sec_acl->num_aces; i++)
-				{
-					display_sec_ace(out_hnd, ACTION_HEADER   , &sec_acl->ace[i]);
-					display_sec_ace(out_hnd, ACTION_ENUMERATE, &sec_acl->ace[i]);
-					display_sec_ace(out_hnd, ACTION_FOOTER   , &sec_acl->ace[i]);
-				}
-			}
-				
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-}
-
-/****************************************************************************
- display sec_desc structure
- ****************************************************************************/
-void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *sec)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "\tSecurity Descriptor\trevision:\t%x\ttype:\t%x\n",
-			                 sec->revision, sec->type); 
-			fprintf(out_hnd, "\t-------------------\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring sid_str;
-
-			if (sec->off_sacl != 0)
-			{
-				display_sec_acl(out_hnd, ACTION_HEADER   , sec->sacl);
-				display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->sacl);
-				display_sec_acl(out_hnd, ACTION_FOOTER   , sec->sacl);
-			}
-			if (sec->off_dacl != 0)
-			{
-				display_sec_acl(out_hnd, ACTION_HEADER   , sec->dacl);
-				display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->dacl);
-				display_sec_acl(out_hnd, ACTION_FOOTER   , sec->dacl);
-			}
-			if (sec->off_owner_sid != 0)
-			{
-				sid_to_string(sid_str, sec->owner_sid);
-				fprintf(out_hnd, "\tOwner SID:\t%s\n", sid_str);
-			}
-			if (sec->off_grp_sid != 0)
-			{
-				sid_to_string(sid_str, sec->grp_sid);
-				fprintf(out_hnd, "\tParent SID:\t%s\n", sid_str);
-			}
-				
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-convert a security permissions into a string
-****************************************************************************/
-char *get_reg_val_type_str(uint32 type)
-{
-	static fstring typestr;
-
-	switch (type)
-	{
-		case 0x01:
-		{
-			fstrcpy(typestr, "string");
-			return typestr;
-		}
-
-		case 0x03:
-		{
-			fstrcpy(typestr, "bytes");
-			return typestr;
-		}
-
-		case 0x04:
-		{
-			fstrcpy(typestr, "uint32");
-			return typestr;
-		}
-
-		case 0x07:
-		{
-			fstrcpy(typestr, "multi");
-			return typestr;
-		}
-		default:
-		{
-			break;
-		}
-	}
-	slprintf(typestr, sizeof(typestr)-1, "[%d]", type);
-	return typestr;
-}
-
-
-static void print_reg_value(FILE *out_hnd, char *val_name, uint32 val_type, BUFFER2 *value)
-{
-	fstring type;
-	pstring	intvalue;
-	fstrcpy(type, get_reg_val_type_str(val_type));
-
-	switch (val_type)
-	{
-		case 0x01: /* unistr */
-		{
-			rpcstr_pull(intvalue, value->buffer, sizeof(intvalue), value->buf_len, 0);	
-			/*fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, dos_buffer2_to_str(value));*/
-			fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, value);
-			break;
-		}
-
-		default: /* unknown */
-		case 0x03: /* bytes */
-		{
-			if (value->buf_len <= 8)
-			{
-				fprintf(out_hnd,"\t%s:\t%s:\t", val_name, type);
-				out_data(out_hnd, (char*)value->buffer, value->buf_len, 8);
-			}
-			else
-			{
-				fprintf(out_hnd,"\t%s:\t%s:\n", val_name, type);
-				out_data(out_hnd, (char*)value->buffer, value->buf_len, 16);
-			}
-			break;
-		}
-
-		case 0x04: /* uint32 */
-		{
-			fprintf(out_hnd,"\t%s:\t%s: 0x%08x\n", val_name, type, buffer2_to_uint32(value));
-			break;
-		}
-
-		case 0x07: /* multiunistr */
-		{
-			fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, dos_buffer2_to_multistr(value));
-			break;
-		}
-	}
-}
-
-/****************************************************************************
- display structure
- ****************************************************************************/
-void display_reg_value_info(FILE *out_hnd, enum action_type action,
-				char *val_name, uint32 val_type, BUFFER2 *value)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			print_reg_value(out_hnd, val_name, val_type, value);
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
- display structure
- ****************************************************************************/
-void display_reg_key_info(FILE *out_hnd, enum action_type action,
-				char *key_name, time_t key_mod_time)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fprintf(out_hnd, "\t%s\t(%s)\n",
-			        key_name, http_timestring(key_mod_time));
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-#if COPY_THIS_TEMPLATE
-/****************************************************************************
- display structure
- ****************************************************************************/
- void display_(FILE *out_hnd, enum action_type action, *)
-{
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			fprintf(out_hnd, "\t\n"); 
-			fprintf(out_hnd, "\t-------------------\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			fprintf(out_hnd, "\n");
-			break;
-		}
-	}
-}
-
-#endif
diff --git a/source3/rpcclient/display_spool.c b/source3/rpcclient/display_spool.c
deleted file mode 100644
index b4baf570f1..0000000000
--- a/source3/rpcclient/display_spool.c
+++ /dev/null
@@ -1,927 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   Samba utility functions
-   Copyright (C) Andrew Tridgell 1992-1999
-   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful, 
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/****************************************************************************
-printer info level 0 display function
-****************************************************************************/
-static void display_print_info_0(FILE *out_hnd, PRINTER_INFO_0 *i1)
-{
-	fstring name;
-	fstring server;
-	if (i1 == NULL)
-		return;
-
-	rpcstr_pull(name, i1->printername.buffer, sizeof(name), 0, STR_TERMINATE);
-	rpcstr_pull(server, i1->servername.buffer, sizeof(server), 0, STR_TERMINATE);
-
-	report(out_hnd, "\tprintername:[%s]\n", name);
-	report(out_hnd, "\tservername:[%s]\n", server);
-	report(out_hnd, "\tcjobs:[%x]\n", i1->cjobs);
-	report(out_hnd, "\ttotal_jobs:[%x]\n", i1->total_jobs);
-	
-	report(out_hnd, "\t:date: [%d]-[%d]-[%d] (%d)\n", i1->year, i1->month, i1->day, i1->dayofweek);
-	report(out_hnd, "\t:time: [%d]-[%d]-[%d]-[%d]\n", i1->hour, i1->minute, i1->second, i1->milliseconds);
-	
-	report(out_hnd, "\tglobal_counter:[%x]\n", i1->global_counter);
-	report(out_hnd, "\ttotal_pages:[%x]\n", i1->total_pages);
-	
-	report(out_hnd, "\tmajorversion:[%x]\n", i1->major_version);
-	report(out_hnd, "\tbuildversion:[%x]\n", i1->build_version);
-	
-	report(out_hnd, "\tunknown7:[%x]\n", i1->unknown7);
-	report(out_hnd, "\tunknown8:[%x]\n", i1->unknown8);
-	report(out_hnd, "\tunknown9:[%x]\n", i1->unknown9);
-	report(out_hnd, "\tsession_counter:[%x]\n", i1->session_counter);
-	report(out_hnd, "\tunknown11:[%x]\n", i1->unknown11);
-	report(out_hnd, "\tprinter_errors:[%x]\n", i1->printer_errors);
-	report(out_hnd, "\tunknown13:[%x]\n", i1->unknown13);
-	report(out_hnd, "\tunknown14:[%x]\n", i1->unknown14);
-	report(out_hnd, "\tunknown15:[%x]\n", i1->unknown15);
-	report(out_hnd, "\tunknown16:[%x]\n", i1->unknown16);
-	report(out_hnd, "\tchange_id:[%x]\n", i1->change_id);
-	report(out_hnd, "\tunknown18:[%x]\n", i1->unknown18);
-	report(out_hnd, "\tstatus:[%x]\n", i1->status);
-	report(out_hnd, "\tunknown20:[%x]\n", i1->unknown20);
-	report(out_hnd, "\tc_setprinter:[%x]\n", i1->c_setprinter);
-	report(out_hnd, "\tunknown22:[%x]\n", i1->unknown22);
-	report(out_hnd, "\tunknown23:[%x]\n", i1->unknown23);
-	report(out_hnd, "\tunknown24:[%x]\n", i1->unknown24);
-	report(out_hnd, "\tunknown25:[%x]\n", i1->unknown25);
-	report(out_hnd, "\tunknown26:[%x]\n", i1->unknown26);
-	report(out_hnd, "\tunknown27:[%x]\n", i1->unknown27);
-	report(out_hnd, "\tunknown28:[%x]\n", i1->unknown28);
-	report(out_hnd, "\tunknown29:[%x]\n", i1->unknown29);
-}
-
-/****************************************************************************
-printer info level 1 display function
-****************************************************************************/
-static void display_print_info_1(FILE *out_hnd, PRINTER_INFO_1 *i1)
-{
-	fstring desc;
-	fstring name;
-	fstring comm;
-	if (i1 == NULL)
-		return;
-
-	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
-	rpcstr_pull(desc, i1->description.buffer, sizeof(desc), 0, STR_TERMINATE);
-	rpcstr_pull(comm, i1->comment.buffer, sizeof(comm), 0, STR_TERMINATE);
-
-	report(out_hnd, "\tflags:[%x]\n", i1->flags);
-	report(out_hnd, "\tname:[%s]\n", name);
-	report(out_hnd, "\tdescription:[%s]\n", desc);
-	report(out_hnd, "\tcomment:[%s]\n\n", comm);
-}
-
-/****************************************************************************
-printer info level 2 display function
-****************************************************************************/
-static void display_print_info_2(FILE *out_hnd, PRINTER_INFO_2 *i2)
-{
-	fstring servername;
-	fstring printername;
-	fstring sharename;
-	fstring portname;
-	fstring drivername;
-	fstring comment;
-	fstring location;
-	fstring sepfile;
-	fstring printprocessor;
-	fstring datatype;
-	fstring parameters;
-	
-	if (i2 == NULL)
-		return;
-
-	rpcstr_pull(servername, i2->servername.buffer,sizeof(servername), 0, STR_TERMINATE);
-	rpcstr_pull(printername, i2->printername.buffer,sizeof(printername), 0, STR_TERMINATE);
-	rpcstr_pull(sharename, i2->sharename.buffer,sizeof(sharename), 0, STR_TERMINATE);
-	rpcstr_pull(portname, i2->portname.buffer,sizeof(portname), 0, STR_TERMINATE);
-	rpcstr_pull(drivername, i2->drivername.buffer,sizeof(drivername), 0, STR_TERMINATE);
-	rpcstr_pull(comment, i2->comment.buffer,sizeof(comment), 0, STR_TERMINATE);
-	rpcstr_pull(location, i2->location.buffer,sizeof(location), 0, STR_TERMINATE);
-	rpcstr_pull(sepfile, i2->sepfile.buffer,sizeof(sepfile), 0, STR_TERMINATE);
-	rpcstr_pull(printprocessor, i2->printprocessor.buffer,sizeof(printprocessor), 0, STR_TERMINATE);
-	rpcstr_pull(datatype, i2->datatype.buffer,sizeof(datatype), 0, STR_TERMINATE);
-	rpcstr_pull(parameters, i2->parameters.buffer,sizeof(parameters), 0, STR_TERMINATE);
-	
-	report(out_hnd, "\tservername:[%s]\n", servername);
-	report(out_hnd, "\tprintername:[%s]\n", printername);
-	report(out_hnd, "\tsharename:[%s]\n", sharename);
-	report(out_hnd, "\tportname:[%s]\n", portname);
-	report(out_hnd, "\tdrivername:[%s]\n", drivername);
-	report(out_hnd, "\tcomment:[%s]\n", comment);
-	report(out_hnd, "\tlocation:[%s]\n", location);
-	report(out_hnd, "\tsepfile:[%s]\n", sepfile);
-	report(out_hnd, "\tprintprocessor:[%s]\n", printprocessor);
-	report(out_hnd, "\tdatatype:[%s]\n", datatype);
-	report(out_hnd, "\tparameters:[%s]\n", parameters);
-	report(out_hnd, "\tattributes:[%x]\n", i2->attributes);
-	report(out_hnd, "\tpriority:[%x]\n", i2->priority);
-	report(out_hnd, "\tdefaultpriority:[%x]\n", i2->defaultpriority);
-	report(out_hnd, "\tstarttime:[%x]\n", i2->starttime);
-	report(out_hnd, "\tuntiltime:[%x]\n", i2->untiltime);
-	report(out_hnd, "\tstatus:[%x]\n", i2->status);
-	report(out_hnd, "\tcjobs:[%x]\n", i2->cjobs);
-	report(out_hnd, "\taverageppm:[%x]\n\n", i2->averageppm);
-
-	if (i2->secdesc != NULL)
-	{
-		display_sec_desc(out_hnd, ACTION_HEADER   , i2->secdesc);
-		display_sec_desc(out_hnd, ACTION_ENUMERATE, i2->secdesc);
-		display_sec_desc(out_hnd, ACTION_FOOTER   , i2->secdesc);
-	}
-}
-
-/****************************************************************************
-printer info level 3 display function
-****************************************************************************/
-static void display_print_info_3(FILE *out_hnd, PRINTER_INFO_3 *i3)
-{
-	if (i3 == NULL)
-		return;
-
-	report(out_hnd, "\tflags:[%x]\n", i3->flags);
-
-	display_sec_desc(out_hnd, ACTION_HEADER   , i3->secdesc);
-	display_sec_desc(out_hnd, ACTION_ENUMERATE, i3->secdesc);
-	display_sec_desc(out_hnd, ACTION_FOOTER   , i3->secdesc);
-}
-
-/****************************************************************************
-connection info level 0 container display function
-****************************************************************************/
-static void display_printer_info_0_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
-{
-	int i;
-	PRINTER_INFO_0 *in;
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer Info Level 0:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i = 0; i < count; i++) {
-				in=ctr.printers_0;
-				display_print_info_0(out_hnd, &(in[i]) );
-			}
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info level 1 container display function
-****************************************************************************/
-static void display_printer_info_1_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
-{
-	int i;
-	PRINTER_INFO_1 *in;
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer Info Level 1:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i = 0; i < count; i++) {
-				in=ctr.printers_1;
-				display_print_info_1(out_hnd, &(in[i]) );
-			}
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info level 2 container display function
-****************************************************************************/
-static void display_printer_info_2_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
-{
-	int i;
-	PRINTER_INFO_2 *in;
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer Info Level 2:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i = 0; i < count; i++) {
-				in=ctr.printers_2;
-				display_print_info_2(out_hnd, &(in[i]) );
-			}
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info level 3 container display function
-****************************************************************************/
-static void display_printer_info_3_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
-{
-	int i;
-	PRINTER_INFO_3 *in;
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer Info Level 3:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i = 0; i < count; i++) {
-				in=ctr.printers_3;
-				display_print_info_3(out_hnd, &(in[i]) );
-			}
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_printer_info_ctr(FILE *out_hnd, enum action_type action, uint32 level,
-				uint32 count, PRINTER_INFO_CTR ctr)
-{
-	switch (level) {
-		case 0:
-			display_printer_info_0_ctr(out_hnd, action, count, ctr);
-			break;
-		case 1:
-			display_printer_info_1_ctr(out_hnd, action, count, ctr);
-			break;
-		case 2:
-			display_printer_info_2_ctr(out_hnd, action, count, ctr);
-			break;
-		case 3:
-			display_printer_info_3_ctr(out_hnd, action, count, ctr);
-			break;
-		default:
-			report(out_hnd, "display_printer_info_ctr: Unknown Info Level\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info level 3 container display function
-****************************************************************************/
-static void display_port_info_1_ctr(FILE *out_hnd, enum action_type action, 
-				    uint32 count,  PORT_INFO_CTR *ctr)
-{
-	uint32	i = 0;
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Port Info Level 1:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i=0; i<count; i++)
-				display_port_info_1(out_hnd, action, &ctr->port.info_1[i]);
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info level 3 container display function
-****************************************************************************/
-static void display_port_info_2_ctr(FILE *out_hnd, enum action_type action, 
-				    uint32 count,  PORT_INFO_CTR *ctr)
-{
-	uint32	i = 0;
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Port Info Level 2:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i=0; i<count; i++)
-				display_port_info_2(out_hnd, action, &ctr->port.info_2[i]);
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_port_info_ctr(FILE *out_hnd, enum action_type action, uint32 level,
-				uint32 count, PORT_INFO_CTR *ctr)
-{
-	switch (level) {
-		case 1:
-			display_port_info_1_ctr(out_hnd, action, count, ctr);
-			break;
-		case 2:
-			display_port_info_2_ctr(out_hnd, action, count, ctr);
-			break;
-		default:
-			report(out_hnd, "display_port_info_ctr: Unknown Info Level\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_port_info_1(FILE *out_hnd, enum action_type action, PORT_INFO_1 *i1)
-{
-	fstring buffer;
-	
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Port:\n");
-			break;
-		case ACTION_ENUMERATE:
-			rpcstr_pull(buffer, i1->port_name.buffer, sizeof(bufferi), 0, STR_TERMINATE);
-			fprintf (out_hnd, "\tPort Name:\t[%s]\n\n", buffer);
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_port_info_2(FILE *out_hnd, enum action_type action, PORT_INFO_2 *i2)
-{
-	fstring buffer;
-	
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Port:\n");
-			break;
-		case ACTION_ENUMERATE:
-			rpcstr_pull(buffer, i2->port_name.buffer, sizeof(buffer), 0, STR_TERMINATE);
-			fprintf (out_hnd, "\tPort Name:\t[%s]\n", buffer);
-			rpcstr_pull(buffer, i2->monitor_name.buffer, sizeof(buffer), 0, STR_TERMINATE);
-
-			fprintf (out_hnd, "\tMonitor Name:\t[%s]\n", buffer);
-			rpcstr_pull(buffer, i2->description.buffer, sizeof(buffer), 0, STR_TERMINATE);
-			fprintf (out_hnd, "\tDescription:\t[%s]\n", buffer);
-			fprintf (out_hnd, "\tPort Type:\t[%d]\n", i2->port_type);
-			fprintf (out_hnd, "\tReserved:\t[%d]\n", i2->reserved);
-			fprintf (out_hnd, "\n");
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_printer_enumdata(FILE *out_hnd, enum action_type action, uint32 idx, 
-				uint32 valuelen, uint16 *value, uint32 rvaluelen,
-				uint32 type, 
-				uint32 datalen, uint8 *data, uint32 rdatalen)
-{
-	fstring buffer;
-	
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer enum data:\n");
-			report(out_hnd, "index\tvaluelen\tvalue\t\trvaluelen");
-			report(out_hnd, "\ttype\tdatalen\tdata\trdatalen\n");
-			break;
-		case ACTION_ENUMERATE:
-			report(out_hnd, "[%d]", idx);
-			report(out_hnd, "\t[%d]", valuelen);
-			rpcstr_pull(buffer, value, sizeof(buffer), 0, STR_TERMINATE);
-			report(out_hnd, "\t[%s]", buffer);
-			report(out_hnd, "\t[%d]", rvaluelen);
-			report(out_hnd, "\t\t[%d]", type);
-			report(out_hnd, "\t[%d]", datalen);
-/*			report(out_hnd, "\t[%s]", data);*/
-			report(out_hnd, "\t[%d]\n", rdatalen);
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-job info level 2 display function
-****************************************************************************/
-void display_job_info_2(FILE *out_hnd, enum action_type action, 
-		JOB_INFO_2 *const i2)
-{
-	if (i2 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			report(out_hnd, "Job Info Level 2:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring tmp;
-
-			report(out_hnd, "\tjob id:\t%d\n", i2->jobid);
-			rpcstr_pull(tmp, i2->printername.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tprinter name:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->machinename.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tmachine name:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->username.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tusername:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->document.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tdocument:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->notifyname.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tnotify name:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->datatype.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tdata type:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->printprocessor.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tprint processor:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->parameters.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tparameters:\t%s\n", tmp);
-			rpcstr_pull(tmp, i2->drivername.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tdriver name:\t%s\n", tmp);
-			report(out_hnd, "\tDevice Mode:\tNOT DISPLAYED YET\n");
-
-			rpcstr_pull(tmp, i2->text_status.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\ttext status:\t%s\n", tmp);
-		/*	SEC_DESC sec_desc;*/
-			report(out_hnd, "\tstatus:\t%d\n", i2->status);
-			report(out_hnd, "\tpriority:\t%d\n", i2->priority);
-			report(out_hnd, "\tposition:\t%d\n", i2->position);
-			report(out_hnd, "\tstarttime:\t%d\n", i2->starttime);
-			report(out_hnd, "\tuntiltime:\t%d\n", i2->untiltime);
-			report(out_hnd, "\ttotalpages:\t%d\n", i2->totalpages);
-			report(out_hnd, "\tsize:\t%d\n", i2->size);
-/*
-			SYSTEMTIME submitted;
-*/
-			report(out_hnd, "\tsubmitted:\tNOT DISPLAYED YET\n");
-			report(out_hnd, "\ttimeelapsed:\t%d\n", i2->timeelapsed);
-			report(out_hnd, "\tpagesprinted:\t%d\n", i2->pagesprinted);
-		}
-		case ACTION_FOOTER:
-		{
-			report(out_hnd, "\n");
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-job info level 1 display function
-****************************************************************************/
-void display_job_info_1(FILE *out_hnd, enum action_type action, 
-		JOB_INFO_1 *const i1)
-{
-	if (i1 == NULL)
-	{
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			report(out_hnd, "Job Info Level 1:\n");
-
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			fstring tmp;
-
-			report(out_hnd, "\tjob id:\t%d\n", i1->jobid);
-			rpcstr_pull(tmp, i1->printername.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tprinter name:\t%s\n", tmp);
-			rpcstr_pull(tmp, i1->machinename.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tmachine name:\t%s\n", tmp);
-			rpcstr_pull(tmp, i1->username.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tusername:\t%s\n", tmp);
-			rpcstr_pull(tmp, i1->document.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tdocument:\t%s\n", tmp);
-			rpcstr_pull(tmp, i1->datatype.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\tdata type:\t%s\n", tmp);
-			rpcstr_pull(tmp, i1->text_status.buffer, sizeof(tmp), 0, STR_TERMINATE);
-			report(out_hnd, "\ttext status:\t%s\n", tmp);
-			report(out_hnd, "\tstatus:\t%d\n", i1->status);
-			report(out_hnd, "\tpriority:\t%d\n", i1->priority);
-			report(out_hnd, "\tposition:\t%d\n", i1->position);
-			report(out_hnd, "\ttotalpages:\t%d\n", i1->totalpages);
-/*
-			SYSTEMTIME submitted;
-*/
-			report(out_hnd, "\tsubmitted:\tNOT DISPLAYED YET\n");
-			report(out_hnd, "\tpagesprinted:\t%d\n", i1->pagesprinted);
-
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			report(out_hnd, "\n");
-			break;
-		}
-	}
-
-}
-
-/****************************************************************************
-connection info level 2 container display function
-****************************************************************************/
-void display_job_info_2_ctr(FILE *out_hnd, enum action_type action, 
-				uint32 count, JOB_INFO_2 *const *const ctr)
-{
-	if (ctr == NULL)
-	{
-		report(out_hnd, "display_job_info_2_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < count; i++)
-			{
-				display_job_info_2(out_hnd, ACTION_HEADER   , ctr[i]);
-				display_job_info_2(out_hnd, ACTION_ENUMERATE, ctr[i]);
-				display_job_info_2(out_hnd, ACTION_FOOTER   , ctr[i]);
-			}
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-connection info level 1 container display function
-****************************************************************************/
-void display_job_info_1_ctr(FILE *out_hnd, enum action_type action, 
-				uint32 count, JOB_INFO_1 *const *const ctr)
-{
-	if (ctr == NULL)
-	{
-		report(out_hnd, "display_job_info_1_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-		{
-			break;
-		}
-		case ACTION_ENUMERATE:
-		{
-			int i;
-
-			for (i = 0; i < count; i++)
-			{
-				display_job_info_1(out_hnd, ACTION_HEADER   , ctr[i]);
-				display_job_info_1(out_hnd, ACTION_ENUMERATE, ctr[i]);
-				display_job_info_1(out_hnd, ACTION_FOOTER   , ctr[i]);
-			}
-			break;
-		}
-		case ACTION_FOOTER:
-		{
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_job_info_ctr(FILE *out_hnd, enum action_type action, 
-				uint32 level, uint32 count,
-				void *const *const ctr)
-{
-	if (ctr == NULL)
-	{
-		report(out_hnd, "display_job_info_ctr: unavailable due to an internal error\n");
-		return;
-	}
-
-	switch (level)
-	{
-		case 1:
-		{
-			display_job_info_1_ctr(out_hnd, action, 
-			                   count, (JOB_INFO_1*const*const)ctr);
-			break;
-		}
-		case 2:
-		{
-			display_job_info_2_ctr(out_hnd, action, 
-			                   count, (JOB_INFO_2*const*const)ctr);
-			break;
-		}
-		default:
-		{
-			report(out_hnd, "display_job_info_ctr: Unknown Info Level\n");
-			break;
-		}
-	}
-}
-
-/****************************************************************************
-printer info level 0 display function
-****************************************************************************/
-static void display_print_driver_1(FILE *out_hnd, DRIVER_INFO_1 *i1)
-{
-	fstring name;
-	if (i1 == NULL)
-		return;
-
-	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
-
-	report(out_hnd, "\tname:[%s]\n", name);
-}
-
-/****************************************************************************
-printer info level 1 display function
-****************************************************************************/
-static void display_print_driver_2(FILE *out_hnd, DRIVER_INFO_2 *i1)
-{
-	fstring name;
-	fstring architecture;
-	fstring driverpath;
-	fstring datafile;
-	fstring configfile;
-	if (i1 == NULL)
-		return;
-
-	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
-	rpcstr_pull(architecture, i1->architecture.buffer, sizeof(architecture), 0, STR_TERMINATE);
-	rpcstr_pull(driverpath, i1->driverpath.buffer, sizeof(driverpath), 0, STR_TERMINATE);
-	rpcstr_pull(datafile, i1->datafile.buffer, sizeof(datafile), 0, STR_TERMINATE);
-	rpcstr_pull(configfile, i1->conigfile.buffer, sizeof(configfile), 0, STR_TERMINATE);
-
-	report(out_hnd, "\tversion:[%x]\n", i1->version);
-	report(out_hnd, "\tname:[%s]\n", name);
-	report(out_hnd, "\tarchitecture:[%s]\n", architecture);
-	report(out_hnd, "\tdriverpath:[%s]\n", driverpath);
-	report(out_hnd, "\tdatafile:[%s]\n", datafile);
-	report(out_hnd, "\tconfigfile:[%s]\n", configfile);
-}
-
-/****************************************************************************
-printer info level 2 display function
-****************************************************************************/
-static void display_print_driver_3(FILE *out_hnd, DRIVER_INFO_3 *i1)
-{
-	fstring name;
-	fstring architecture;
-	fstring driverpath;
-	fstring datafile;
-	fstring configfile;
-	fstring helpfile;
-	fstring dependentfiles;
-	fstring monitorname;
-	fstring defaultdatatype;
-	
-	int length=0;
-	BOOL valid = True;
-	
-	if (i1 == NULL)
-		return;
-
-	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
-	rpcstr_pull(architecture, i1->architecture.buffer, sizeof(architecture), 0, STR_TERMINATE);
-	rpcstr_pull(driverpath, i1->driverpath.buffer, sizeof(driverpath), 0, STR_TERMINATE);
-	rpcstr_pull(datafile, i1->datafile.buffer, sizeof(datafile), 0, STR_TERMINATE);
-	rpcstr_pull(configfile, i1->configfile.buffer, sizeof(configfile), 0, STR_TERMINATE);
-	rpcstr_pull(helpfile, i1->helpfile.buffer, sizeof(helpfile), 0, STR_TERMINATE);
-	rpcstr_pull(monitorname, i1->monitorname.buffer, sizeof(monitorname), 0, STR_TERMINATE);
-	rpcstr_pull(defaultdatatype, i1->defaultdatatype.buffer, sizeof(defaultdatatype), 0, STR_TERMINATE);
-
-	report(out_hnd, "\tversion:[%x]\n", i1->version);
-	report(out_hnd, "\tname:[%s]\n",name);
-	report(out_hnd, "\tarchitecture:[%s]\n", architecture);
-	report(out_hnd, "\tdriverpath:[%s]\n", driverpath);
-	report(out_hnd, "\tdatafile:[%s]\n", datafile);
-	report(out_hnd, "\tconfigfile:[%s]\n", configfile);
-	report(out_hnd, "\thelpfile:[%s]\n\n", helpfile);
-
-	while (valid)
-	{
-		rpcstr_pull(dependentfiles, i1->dependentfiles+length, sizeof(dependentfiles), 0, STR_TERMINATE);
-		length+=strlen(dependentfiles)+1;
-		
-		if (strlen(dependentfiles) > 0)
-		{
-			report(out_hnd, "\tdependentfiles:[%s]\n", dependentfiles);
-		}
-		else
-		{
-			valid = False;
-		}
-	}
-	
-	report(out_hnd, "\n\tmonitorname:[%s]\n", monitorname);
-	report(out_hnd, "\tdefaultdatatype:[%s]\n", defaultdatatype);
-	
-}
-
-/****************************************************************************
-connection info level 1 container display function
-****************************************************************************/
-static void display_printer_driver_1_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_DRIVER_CTR ctr)
-{
-	int i;
-	DRIVER_INFO_1 *in;
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer driver Level 1:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i = 0; i < count; i++) {
-				in=ctr.info1;
-				display_print_driver_1(out_hnd, &(in[i]) );
-			}
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info level 2 container display function
-****************************************************************************/
-static void display_printer_driver_2_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_DRIVER_CTR ctr)
-{
-	int i;
-	DRIVER_INFO_2 *in;
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer driver Level 2:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i = 0; i < count; i++) {
-				in=ctr.info2;
-				display_print_driver_2(out_hnd, &(in[i]) );
-			}
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info level 3 container display function
-****************************************************************************/
-static void display_printer_driver_3_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_DRIVER_CTR ctr)
-{
-	int i;
-	DRIVER_INFO_3 *in;
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer driver Level 3:\n");
-			break;
-		case ACTION_ENUMERATE:
-			for (i = 0; i < count; i++) {
-				in=ctr.info3;
-				display_print_driver_3(out_hnd, &(in[i]) );
-			}
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_printer_driver_ctr(FILE *out_hnd, enum action_type action, uint32 level,
-				uint32 count, PRINTER_DRIVER_CTR ctr)
-{
-	switch (level) {
-		case 1:
-			display_printer_driver_1_ctr(out_hnd, action, count, ctr);
-			break;
-		case 2:
-			display_printer_driver_2_ctr(out_hnd, action, count, ctr);
-			break;
-		case 3:
-			display_printer_driver_3_ctr(out_hnd, action, count, ctr);
-			break;
-		default:
-			report(out_hnd, "display_printer_driver_ctr: Unknown Info Level\n");
-			break;
-	}
-}
-
-
-/****************************************************************************
-printer info level 1 display function
-****************************************************************************/
-static void display_printdriverdir_info_1(FILE *out_hnd, DRIVER_DIRECTORY_1 *i1)
-{
-	fstring name;
-	if (i1 == NULL)
-		return;
-
-	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
-
-	report(out_hnd, "\tname:[%s]\n", name);
-}
-
-/****************************************************************************
-connection info level 1 container display function
-****************************************************************************/
-static void display_printerdriverdir_info_1_ctr(FILE *out_hnd, enum action_type action, DRIVER_DIRECTORY_CTR ctr)
-{
-
-	switch (action)
-	{
-		case ACTION_HEADER:
-			report(out_hnd, "Printer driver dir Info Level 1:\n");
-			break;
-		case ACTION_ENUMERATE:
-				display_printdriverdir_info_1(out_hnd, &(ctr.driver.info_1) );
-			break;
-		case ACTION_FOOTER:
-			report(out_hnd, "\n");
-			break;
-	}
-}
-
-/****************************************************************************
-connection info container display function
-****************************************************************************/
-void display_printerdriverdir_info_ctr(FILE *out_hnd, enum action_type action, uint32 level,
-				DRIVER_DIRECTORY_CTR ctr)
-{
-	switch (level) {
-		case 1:
-			display_printerdriverdir_info_1_ctr(out_hnd, action, ctr);
-			break;
-		default:
-			report(out_hnd, "display_printerdriverdir_info_ctr: Unknown Info Level\n");
-			break;
-	}
-}
diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c
deleted file mode 100644
index a4061d2a87..0000000000
--- a/source3/rpcclient/samsync.c
+++ /dev/null
@@ -1,773 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   SAM synchronisation and replication
-
-   Copyright (C) Tim Potter 2001,2002
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-DOM_SID domain_sid;
-
-static void decode_domain_info(SAM_DOMAIN_INFO *a)
-{
-	fstring temp;
-	printf("Domain Information\n");
-	printf("------------------\n");
-
-	unistr2_to_ascii(temp, &a->uni_dom_name, sizeof(temp)-1);
-	printf("\tDomain              :%s\n", temp);
-	printf("\tMin password len    :%d\n", a->min_pwd_len);
-	printf("\tpassword history len:%d\n", a->pwd_history_len);
-	printf("\tcreation time       :%s\n", http_timestring(nt_time_to_unix(&a->creation_time)));
-}
-
-static void decode_sam_group_info(SAM_GROUP_INFO *a)
-{
-	fstring temp;
-	printf("\nDomain Group Information\n");
-	printf("------------------------\n");
-
-	unistr2_to_ascii(temp, &a->uni_grp_name, sizeof(temp)-1);
-	printf("\tGroup name          :%s\n", temp);
-	unistr2_to_ascii(temp, &a->uni_grp_desc, sizeof(temp)-1);
-	printf("\tGroup description   :%s\n", temp);
-	printf("\trid                 :%d\n", a->gid.g_rid);
-	printf("\tattribute           :%d\n", a->gid.attr);
-}
-
-static void decode_sam_account_info(SAM_ACCOUNT_INFO *a)
-{
-	fstring temp;
-	printf("\nUser Information\n");
-	printf("----------------\n");
-
-	unistr2_to_ascii(temp, &a->uni_acct_name, sizeof(temp)-1);
-	printf("\tUser name          :%s\n", temp);
-	printf("\tuser's rid         :%d\n", a->user_rid);
-	printf("\tuser's primary gid :%d\n", a->group_rid);
-	unistr2_to_ascii(temp, &a->uni_full_name, sizeof(temp)-1);
-	printf("\tfull name          :%s\n", temp);
-	unistr2_to_ascii(temp, &a->uni_home_dir, sizeof(temp)-1);
-	printf("\thome directory     :%s\n", temp);
-	unistr2_to_ascii(temp, &a->uni_dir_drive, sizeof(temp)-1);
-	printf("\tdrive              :%s\n", temp);
-	unistr2_to_ascii(temp, &a->uni_logon_script, sizeof(temp)-1);
-	printf("\tlogon script       :%s\n", temp);
-	unistr2_to_ascii(temp, &a->uni_acct_desc, sizeof(temp)-1);
-	printf("\tdescription        :%s\n", temp);
-	unistr2_to_ascii(temp, &a->uni_workstations, sizeof(temp)-1);
-	printf("\tworkstations       :%s\n", temp);
-}
-
-static void decode_sam_grp_mem_info(SAM_GROUP_MEM_INFO *a)
-{
-	int i;
-	printf("\nGroup members information\n");
-	printf("-------------------------\n");
-	printf("\tnum members        :%d\n", a->num_members);
-
-	for (i=0; i<a->num_members; i++) {
-		printf("\trid, attr:%d, %d\n", a->rids[i], a->attribs[i]);
-	}
-}
-
-static void decode_sam_alias_info(SAM_ALIAS_INFO *a)
-{
-	fstring temp;
-	printf("\nAlias Information\n");
-	printf("-----------------\n");
-
-	unistr2_to_ascii(temp, &a->uni_als_name, sizeof(temp)-1);
-	printf("\tname               :%s\n", temp);
-	unistr2_to_ascii(temp, &a->uni_als_desc, sizeof(temp)-1);
-	printf("\tdescription        :%s\n", temp);
-	printf("\trid                :%d\n", a->als_rid);
-}
-
-static void decode_sam_als_mem_info(SAM_ALIAS_MEM_INFO *a)
-{
-	int i;
-	fstring temp;
-	printf("\nAlias members Information\n");
-	printf("-------------------------\n");
-	printf("\tnum members        :%d\n", a->num_members);
-	printf("\tnum sids           :%d\n", a->num_sids);
-	for (i=0; i<a->num_sids; i++) {
-		printf("\tsid                :%s\n", sid_to_string(temp, &a->sids[i].sid));
-	}
-
-
-}
-
-static void decode_sam_dom_info(SAM_DELTA_DOM *a)
-{
-	fstring temp;
-	printf("\nDomain information\n");
-	printf("------------------\n");
-
-	unistr2_to_ascii(temp, &a->domain_name, sizeof(temp)-1);
-	printf("\tdomain name        :%s\n", temp);
-	printf("\tsid                :%s\n", sid_to_string(temp, &a->domain_sid.sid));
-}
-
-static void decode_sam_unk0e_info(SAM_DELTA_UNK0E *a)
-{
-	fstring temp;
-	printf("\nTrust information\n");
-	printf("-----------------\n");
-
-	unistr2_to_ascii(temp, &a->domain, sizeof(temp)-1);
-	printf("\tdomain name        :%s\n", temp);
-	printf("\tsid                :%s\n", sid_to_string(temp, &a->sid.sid));
-	display_sec_desc(a->sec_desc);
-}
-
-static void decode_sam_privs_info(SAM_DELTA_PRIVS *a)
-{
-	int i;
-	fstring temp;
-	printf("\nSID and privileges information\n");
-	printf("------------------------------\n");
-	printf("\tsid                :%s\n", sid_to_string(temp, &a->sid.sid));
-	display_sec_desc(a->sec_desc);
-	printf("\tprivileges count   :%d\n", a->privlist_count);
-	for (i=0; i<a->privlist_count; i++) {
-		unistr2_to_ascii(temp, &a->uni_privslist[i], sizeof(temp)-1);
-		printf("\tprivilege name     :%s\n", temp);
-		printf("\tattribute          :%d\n", a->attributes[i]);
-	}
-}
-
-static void decode_sam_unk12_info(SAM_DELTA_UNK12 *a)
-{
-	fstring temp;
-	printf("\nTrusted information\n");
-	printf("-------------------\n");
-
-	unistr2_to_ascii(temp, &a->secret, sizeof(temp)-1);
-	printf("\tsecret name        :%s\n", temp);
-	display_sec_desc(a->sec_desc);
-	
-	printf("\ttime 1             :%s\n", http_timestring(nt_time_to_unix(&a->time1)));
-	printf("\ttime 2             :%s\n", http_timestring(nt_time_to_unix(&a->time2)));
-
-	display_sec_desc(a->sec_desc2);
-}
-
-static void decode_sam_stamp(SAM_DELTA_STAMP *a)
-{
-	printf("\nStamp information\n");
-	printf("-----------------\n");
-	printf("\tsequence number    :%d\n", a->seqnum);
-}
-
-static void decode_sam_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas)
-{
-	int i;
-        for (i = 0; i < num_deltas; i++) {
-		switch (hdr_deltas[i].type) {
-			case SAM_DELTA_DOMAIN_INFO: {
-                		SAM_DOMAIN_INFO *a;
-				a = &deltas[i].domain_info;
-				decode_domain_info(a);
-				break;
-			}
-			case SAM_DELTA_GROUP_INFO:  {
-                		SAM_GROUP_INFO *a;
-				a = &deltas[i].group_info;
-				decode_sam_group_info(a);
-				break;
-			}
-			case SAM_DELTA_ACCOUNT_INFO: {
-                		SAM_ACCOUNT_INFO *a;
-				a = &deltas[i].account_info;
-				decode_sam_account_info(a);
-				break;
-			}
-			case SAM_DELTA_GROUP_MEM: {
-                		SAM_GROUP_MEM_INFO *a;
-				a = &deltas[i].grp_mem_info;
-				decode_sam_grp_mem_info(a);
-				break;
-			}
-			case SAM_DELTA_ALIAS_INFO: {
-                		SAM_ALIAS_INFO *a;
-				a = &deltas[i].alias_info;
-				decode_sam_alias_info(a);
-				break;
-			}
-			case SAM_DELTA_ALIAS_MEM: {
-                		SAM_ALIAS_MEM_INFO *a;
-				a = &deltas[i].als_mem_info;
-				decode_sam_als_mem_info(a);
-				break;
-			}
-			case SAM_DELTA_POLICY_INFO: {
-                		SAM_DELTA_POLICY *a;
-				a = &deltas[i].dom_info;
-				decode_sam_dom_info(a);
-				break;
-			}
-			case SAM_DELTA_UNK0E_INFO: {
-                		SAM_DELTA_UNK0E *a;
-				a = &deltas[i].unk0e_info;
-				decode_sam_unk0e_info(a);
-				break;
-			}
-			case SAM_DELTA_PRIVS_INFO: {
-                		SAM_DELTA_PRIVS *a;
-				a = &deltas[i].privs_info;
-				decode_sam_privs_info(a);
-				break;
-			}
-			case SAM_DELTA_UNK12_INFO: {
-                		SAM_DELTA_UNK12 *a;
-				a = &deltas[i].unk12_info;
-				decode_sam_unk12_info(a);
-				break;
-			}
-			case SAM_DELTA_SAM_STAMP: {
-                		SAM_DELTA_STAMP *a;
-				a = &deltas[i].stamp;
-				decode_sam_stamp(a);
-				break;
-			}
-			default:
-				DEBUG(0,("unknown delta type: %d\n", hdr_deltas[i].type));
-				break;	
-		}
-	}
-}
-
-/* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */
-
-static void sam_account_from_delta(SAM_ACCOUNT *account,
-				   SAM_ACCOUNT_INFO *delta)
-{
-	DOM_SID sid;
-	fstring s;
-
-	/* Username, fullname, home dir, dir drive, logon script, acct
-	   desc, workstations, profile. */
-
-	unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1);
-	pdb_set_nt_username(account, s);
-
-	/* Unix username is the same - for sainity */
-	pdb_set_username(account, s);
-
-	unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1);
-	pdb_set_fullname(account, s);
-
-	unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1);
-	pdb_set_homedir(account, s, True);
-
-	unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1);
-	pdb_set_dir_drive(account, s, True);
-
-	unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1);
-	pdb_set_logon_script(account, s, True);
-
-	unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1);
-	pdb_set_acct_desc(account, s);
-
-	unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1);
-	pdb_set_workstations(account, s);
-
-	unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1);
-	pdb_set_profile_path(account, s, True);
-
-	/* User and group sid */
-
-	sid_copy(&sid, &domain_sid);
-	sid_append_rid(&sid, delta->user_rid);
-	pdb_set_user_sid(account, &sid);
-
-	sid_copy(&sid, &domain_sid);
-	sid_append_rid(&sid, delta->group_rid);
-	pdb_set_group_sid(account, &sid);
-
-	/* Logon and password information */
-
-	pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True);
-	pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), 
-			    True);
-
-	pdb_set_logon_divs(account, delta->logon_divs);
-
-	/* TODO: logon hours */
-	/* TODO: bad password count */
-	/* TODO: logon count */
-
-	pdb_set_pass_last_set_time(
-		account, nt_time_to_unix(&delta->pwd_last_set_time));
-
-	/* TODO: account expiry time */
-
-	pdb_set_acct_ctrl(account, delta->acb_info);
-}
-
-static void apply_account_info(SAM_ACCOUNT_INFO *sam_acct_delta)
-{
-	SAM_ACCOUNT *sam_acct;
-	BOOL result;
-
-	if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) {
-		return;
-	}
-
-	sam_account_from_delta(sam_acct, sam_acct_delta);
-	result = pdb_add_sam_account(sam_acct);
-}
-
-/* Apply an array of deltas to the SAM database */
-
-static void apply_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas,
-			 SAM_DELTA_CTR *deltas)
-{
-	uint32 i;
-
-	for (i = 0; i < num_deltas; i++) {
-		switch(hdr_deltas[i].type) {
-		case SAM_DELTA_ACCOUNT_INFO:
-			apply_account_info(&deltas[i].account_info);
-			break;
-		}
-	}
-}
-
-/* Synchronise sam database */
-
-static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
-                         BOOL do_smbpasswd_output, BOOL verbose)
-{
-        TALLOC_CTX *mem_ctx;
-        SAM_DELTA_HDR *hdr_deltas_0, *hdr_deltas_2;
-        SAM_DELTA_CTR *deltas_0, *deltas_2;
-        uint32 num_deltas_0, num_deltas_2;
-        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	struct pdb_context *in;
-	uint32 neg_flags = 0x000001ff;
-
-	DOM_CRED ret_creds;
-
-        /* Initialise */
-
-	if (!NT_STATUS_IS_OK(make_pdb_context_list(&in, lp_passdb_backend()))){
-		DEBUG(0, ("Can't initialize passdb backend.\n"));
-		      return result;
-	}
-
-	if (!(mem_ctx = talloc_init("sam_sync"))) {
-		DEBUG(0,("talloc_init failed\n"));
-		return result;
-	}
-
-	if (!cli_nt_session_open (cli, PI_NETLOGON)) {
-		DEBUG(0, ("Could not initialize netlogon pipe!\n"));
-		goto done;
-	}
-
-        /* Request a challenge */
-
-        if (!NT_STATUS_IS_OK(cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_passwd, &neg_flags, 2))) {
-                DEBUG(0, ("Error initialising session creds\n"));
-                goto done;
-        }
-
-	/* on first call the returnAuthenticator is empty */
-	memset(&ret_creds, 0, sizeof(ret_creds));
-
-        /* Do sam synchronisation on the SAM database*/
-
-	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, 0,
-				       &num_deltas_0, &hdr_deltas_0, 
-				       &deltas_0);
-        
-        if (!NT_STATUS_IS_OK(result))
-		goto done;
-
-	
-        /* Update sam */
-
-	apply_deltas(num_deltas_0, hdr_deltas_0, deltas_0);
-
-
-	/* 
-	 * we can't yet do several sam_sync in a raw, it's a credential problem 
-	 * we must chain the credentials
-	 */
-
-#if 1
-        /* Do sam synchronisation on the LSA database */
-
-	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, 0, &num_deltas_2, &hdr_deltas_2, &deltas_2);
-        
-        if (!NT_STATUS_IS_OK(result))
-		goto done;
-
-	/* verbose mode */
-	if (verbose)
-		decode_sam_deltas(num_deltas_2, hdr_deltas_2, deltas_2);
-#endif
-
-        /* Produce smbpasswd output - good for migrating from NT! */
-
-        if (do_smbpasswd_output) {
-                int i;
-
-                for (i = 0; i < num_deltas_0; i++) {
-                        SAM_ACCOUNT_INFO *a;
-                        fstring acct_name, hex_nt_passwd, hex_lm_passwd;
-                        uchar lm_passwd[16], nt_passwd[16];
-
-                        /* Skip non-user accounts */
-
-                        if (hdr_deltas_0[i].type != SAM_DELTA_ACCOUNT_INFO)
-                                continue;
-
-                        a = &deltas_0[i].account_info;
-
-                        unistr2_to_ascii(acct_name, &a->uni_acct_name,
-                                         sizeof(acct_name) - 1);
-
-                        /* Decode hashes from password hash */
-
-                        sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, 
-                                     lm_passwd, 0);
-                        sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, 
-                                     nt_passwd, 0);
-
-                        /* Encode as strings */
-
-                        smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd,
-                                            a->acb_info);
-                        smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd,
-                                            a->acb_info);
-
-                        /* Display user info */
-
-                        printf("%s:%d:%s:%s:%s:LCT-0\n", acct_name,
-                               a->user_rid, hex_lm_passwd, hex_nt_passwd,
-                               smbpasswd_encode_acb_info(a->acb_info));
-                }
-                               
-                goto done;
-        }
-
- done:
-	cli_nt_session_close(cli);
-	talloc_destroy(mem_ctx);
-        
-        return result;
-}
-
-/* Replicate sam deltas */
-
-static NTSTATUS sam_repl(struct cli_state *cli, unsigned char trust_passwde[16],
-                         uint32 low_serial)
-{
-        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-        return result;
-}
-
-/* Connect to primary domain controller */
-
-static struct cli_state *init_connection(struct cli_state **cli,
-                                         char *username, char *domain,
-                                         char *password)
-{
-        extern pstring global_myname;
-        struct in_addr pdc_ip;
-        fstring dest_host;
-
-	/* Initialise myname */
-
-	if (!global_myname[0]) {
-		char *p;
-
-		fstrcpy(global_myname, myhostname());
-		p = strchr(global_myname, '.');
-		if (p)
-			*p = 0;
-	}
-
-        /* Look up name of PDC controller */
-
-        if (!get_pdc_ip(lp_workgroup(), &pdc_ip)) {
-                DEBUG(0, ("Cannot find domain controller for domain %s\n",
-                          lp_workgroup()));
-                return NULL;
-        }
-
-        if (!lookup_dc_name(global_myname, lp_workgroup(), pdc_ip, 
-			    dest_host)) {
-                DEBUG(0, ("Could not lookup up PDC name for domain %s\n",
-                          lp_workgroup()));
-                return NULL;
-        }
-
-	if (NT_STATUS_IS_OK(cli_full_connection(cli, global_myname, dest_host,
-						pdc_ip, 0,
-						"IPC$", "IPC",  
-						username, domain,
-						password, 0))) {
-		return *cli;
-	}
-
-	return NULL;
-}
-
-/* Main function */
-
-static fstring popt_username, popt_domain, popt_password;
-static BOOL popt_got_pass;
-
-static void user_callback(poptContext con, 
-			  enum poptCallbackReason reason,
-			  const struct poptOption *opt,
-			  const char *arg, const void *data)
-{
-	const char *p, *ch;
-
-	if (!arg)
-		return;
-
-	switch(opt->val) {
-
-		/* Check for [DOMAIN\\]username[%password]*/
-
-	case 'U':
-
-		p = arg;
-
-		if ((ch = strchr(p, '\\'))) {
-			fstrcpy(popt_domain, p); 
-			popt_domain[ch - p] = 0;
-		}
-
-		fstrcpy(popt_username, p);
-
-		if ((ch = strchr(p, '%'))) {
-			popt_username[ch - p] = 0;
-			fstrcpy(popt_password, ch + 1);
-			popt_got_pass = True;
-		}
-
-		break;
-		
-	case 'W':
-		fstrcpy(popt_domain, arg);
-		break;
-	}
-}
-
-/* Return domain, username and password passed in from cmd line */
-
-void popt_common_get_auth_info(char **domain, char **username, char **password,
-			       BOOL *got_pass)
-{
-	*domain = popt_domain;
-	*username = popt_username;
-	*password = popt_password;
-	*got_pass = popt_got_pass;
-}
-
-struct poptOption popt_common_auth_info[] = {
-	{ NULL, 0, POPT_ARG_CALLBACK, user_callback },
-	{ "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set username",
-	  "[DOMAIN\\]username[%password]" },
-	{ "domain", 'W', POPT_ARG_STRING, NULL, 'W', "Set domain name", 
-	  "DOMAIN"},
-	{ 0 }
-};
-
-static BOOL popt_interactive;
-
-BOOL popt_common_is_interactive(void)
-{
-	return popt_interactive;
-}
-
-struct poptOption popt_common_interactive[] = {
-	{ "interactive", 'i', POPT_ARG_NONE, &popt_interactive, 'i',
-	  "Log to stdout" },
-	{ 0 }
-};
-
- int main(int argc, char **argv)
-{
-        BOOL do_sam_sync = False, do_sam_repl = False;
-        struct cli_state *cli;
-        NTSTATUS result;
-        pstring logfile;
-        BOOL do_smbpasswd_output = False;
-        BOOL verbose = True, got_pass = False;
-        uint32 serial = 0;
-        unsigned char trust_passwd[16];
-        char *username, *domain, *password;
-	poptContext pc;
-	char c;
-
-	struct poptOption popt_samsync_opts[] = {
-		{ "synchronise", 'S', POPT_ARG_NONE, &do_sam_sync, 'S', 
-		  "Perform full SAM synchronisation" },
-		{ "replicate", 'R', POPT_ARG_NONE, &do_sam_repl, 'R',
-		  "Replicate SAM changes" },
-		{ "serial", 0, POPT_ARG_INT, &serial, 0, "SAM serial number" },
-		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
-		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
-		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_auth_info },
-		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_interactive },
-		POPT_AUTOHELP
-		{ 0 }
-	};
-
-	/* Read command line options */
-
-	pc = poptGetContext("samsync", argc, (const char **)argv,
-			    popt_samsync_opts, 0);
-
-	if (argc == 1) {
-		poptPrintUsage(pc, stdout, 0);
-		return 1;
-	}
-
-	while ((c = poptGetNextOpt(pc)) != -1) {
-
-		/* Argument processing error */
-
-		if (c < -1) {
-			fprintf(stderr, "samsync: %s: %s\n",
-				poptBadOption(pc, POPT_BADOPTION_NOALIAS),
-				poptStrerror(c));
-			return 1;
-		}
-
-		/* Handle arguments */
-
-		switch (c) {
-		case 'h':
-			poptPrintHelp(pc, stdout, 0);
-			return 1;
-		case 'u':
-			poptPrintUsage(pc, stdout, 0);
-			return 1;
-		}
-	}
-
-	/* Bail out if any extra args were passed */
-
-	if (poptPeekArg(pc)) {
-		fprintf(stderr, "samsync: invalid argument %s\n",
-			poptPeekArg(pc));
-		poptPrintUsage(pc, stdout, 0);
-		return 1;
-	}
-
-	poptFreeContext(pc);
-
-	/* Setup logging */
-
-	dbf = x_stdout;
-
-	if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
-		d_fprintf(stderr, "samsync: error opening config file %s. "
-			  "Error was %s\n", dyn_CONFIGFILE, strerror(errno));
-		return 1;
-	}
-
-	slprintf(logfile, sizeof(logfile) - 1, "%s/log.%s", dyn_LOGFILEBASE, 
-                 "samsync");
-
-	lp_set_logfile(logfile);
-
-        setup_logging("samsync", popt_common_is_interactive());
-
-        if (!popt_common_is_interactive())
-                reopen_logs();
-
-	load_interfaces();
-
-        /* Check arguments make sense */
-
-        if (do_sam_sync && do_sam_repl) {
-                DEBUG(0, ("cannot specify both -S and -R\n"));
-                return 1;
-
-        }
-
-        if (!do_sam_sync && !do_sam_repl) {
-                DEBUG(0, ("samsync: you must either --synchronise or "
-			  "--replicate the SAM database\n"));
-                return 1;
-        }
-
-        if (do_sam_repl && serial == 0) {
-                DEBUG(0, ("samsync: must specify serial number\n"));
-                return 1;
-        }
-
-	if (do_sam_sync && serial != 0) {
-		DEBUG(0, ("samsync: you can't specify a serial number when "
-			  "synchonising the SAM database\n"));
-		return 1;
-	}
-
-        /* BDC operations require the machine account password */
-
-        if (!secrets_init()) {
-                DEBUG(0, ("samsync: unable to initialise secrets database\n"));
-                return 1;
-        }
-
-	if (!secrets_fetch_trust_account_password(lp_workgroup(), 
-                                                  trust_passwd, NULL)) {
-		DEBUG(0, ("samsync: could not fetch trust account password\n"));
-		return 1;
-	}        
-
-	/* I wish the domain sid wasn't stored in secrets.tdb */
-
-	if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
-		DEBUG(0, ("samsync: could not retrieve domain sid\n"));
-		return 1;
-	}
-
-        /* Perform sync or replication */
-
-	popt_common_get_auth_info(&domain, &username, &password, &got_pass);
-
-        if (!init_connection(&cli, username, domain, password))
-                return 1;
-
-        if (do_sam_sync)
-                result = sam_sync(cli, trust_passwd, do_smbpasswd_output, 
-				  verbose);
-
-        if (do_sam_repl)
-                result = sam_repl(cli, trust_passwd, serial);
-
-        if (!NT_STATUS_IS_OK(result)) {
-                DEBUG(0, ("%s\n", nt_errstr(result)));
-                return 1;
-        }
-
-	return 0;
-}
-- 
cgit 


From 1009ef3e37c82682e9c2c4c63bc7407420f20af8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 20 Feb 2003 22:09:57 +0000
Subject: Added Volkers "print server role" patch. Jeremy. (This used to be
 commit e81d72ac221023ded9e0932be7dd303ad5280665)

---
 source3/utils/testparm.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 36b2bdfc6d..0fafd1b83d 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -283,6 +283,28 @@ int main(int argc, const char *argv[])
 		}
 	}
 
+
+	if (!silent_mode) {
+		printf("Server role: ");
+		switch(lp_server_role()) {
+			case ROLE_STANDALONE:
+				printf("ROLE_STANDALONE\n");
+				break;
+			case ROLE_DOMAIN_MEMBER:
+				printf("ROLE_DOMAIN_MEMBER\n");
+				break;
+			case ROLE_DOMAIN_BDC:
+				printf("ROLE_DOMAIN_BDC\n");
+				break;
+			case ROLE_DOMAIN_PDC:
+				printf("ROLE_DOMAIN_PDC\n");
+				break;
+			default:
+				printf("Unknown -- internal error?\n");
+				break;
+		}
+	}
+
 	if (!cname) {
 		if (!silent_mode) {
 			printf("Press enter to see a dump of your service definitions\n");
-- 
cgit 


From 8d8a8c9633ea04d269d70b1fa8f4393cc73f7bbd Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 20 Feb 2003 22:26:28 +0000
Subject: Make init_module() and thus smb_load_module() return an int.
 modules/developer.c: init_module() should return an int (This used to be
 commit 7f59703550378ff2333e3c851bf1a77037510abd)

---
 source3/include/smb.h         |  2 +-
 source3/lib/module.c          | 18 +++++++++---------
 source3/modules/developer.c   |  2 +-
 source3/rpc_server/srv_pipe.c |  8 ++++----
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index f96a19954a..71051e341e 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1721,6 +1721,6 @@ extern struct poptOption popt_common_netbios_name[];
 extern struct poptOption popt_common_log_base[];
 
 /* Module support */
-typedef NTSTATUS (init_module_function) (void);
+typedef int (init_module_function) (void);
 
 #endif /* _SMB_H */
diff --git a/source3/lib/module.c b/source3/lib/module.c
index 6febe8a9f1..dd94f79950 100644
--- a/source3/lib/module.c
+++ b/source3/lib/module.c
@@ -22,11 +22,11 @@
 #include "includes.h"
 
 #ifdef HAVE_DLOPEN
-NTSTATUS smb_load_module(const char *module_name)
+int smb_load_module(const char *module_name)
 {
 	void *handle;
 	init_module_function *init;
-	NTSTATUS nt_status;
+	int status;
 	const char *error;
 
 	/* Always try to use LAZY symbol resolving; if the plugin has 
@@ -37,7 +37,7 @@ NTSTATUS smb_load_module(const char *module_name)
 
 	if(!handle) {
 		DEBUG(0, ("Error loading module '%s': %s\n", module_name, sys_dlerror()));
-		return NT_STATUS_UNSUCCESSFUL;
+		return False;
 	}
 
 	init = sys_dlsym(handle, "init_module");
@@ -47,14 +47,14 @@ NTSTATUS smb_load_module(const char *module_name)
 	error = sys_dlerror();
 	if (error) {
 		DEBUG(0, ("Error trying to resolve symbol 'init_module' in %s: %s\n", module_name, error));
-		return NT_STATUS_UNSUCCESSFUL;
+		return False;
 	}
 
-	nt_status = init();
+	status = init();
 
 	DEBUG(2, ("Module '%s' loaded\n", module_name));
 
-	return nt_status;
+	return status;
 }
 
 /* Load all modules in list and return number of 
@@ -65,7 +65,7 @@ int smb_load_modules(const char **modules)
 	int success = 0;
 
 	for(i = 0; modules[i]; i++){
-		if(NT_STATUS_IS_OK(smb_load_module(modules[i]))) {
+		if(smb_load_module(modules[i])) {
 			success++;
 		}
 	}
@@ -77,10 +77,10 @@ int smb_load_modules(const char **modules)
 
 #else /* HAVE_DLOPEN */
 
-NTSTATUS smb_load_module(const char *module_name)
+int smb_load_module(const char *module_name)
 {
 	DEBUG(0,("This samba executable has not been build with plugin support"));
-	return NT_STATUS_NOT_SUPPORTED;
+	return False;
 }
 
 int smb_load_modules(const char **modules)
diff --git a/source3/modules/developer.c b/source3/modules/developer.c
index c12bbc562a..a697abcd22 100644
--- a/source3/modules/developer.c
+++ b/source3/modules/developer.c
@@ -128,5 +128,5 @@ struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push};
 int init_module(void)
 {
 	smb_register_charset(&weird_functions);
-	return 0;
+	return 1;
 }
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 0b8b7b229a..f6deac68f8 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -794,10 +794,10 @@ int rpc_pipe_register_commands(const char *clnt, const char *srv, const struct a
 /*******************************************************************
  Register commands to an RPC pipe
 *******************************************************************/
-NTSTATUS rpc_load_module(const char *module)
+int rpc_load_module(const char *module)
 {
         pstring full_path;
-		NTSTATUS status;
+		int status;
         
         pstrcpy(full_path, lib_path("rpc"));
         pstrcat(full_path, "/librpc_");
@@ -805,7 +805,7 @@ NTSTATUS rpc_load_module(const char *module)
         pstrcat(full_path, ".");
         pstrcat(full_path, shlib_ext());
 		
-		if (!NT_STATUS_IS_OK(status = smb_load_module(full_path)))  {
+		if (!(status = smb_load_module(full_path)))  {
                 DEBUG(0, ("Could not load requested pipe %s as %s\n", 
                     module, full_path));
         }
@@ -858,7 +858,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
                        }
                 }
 
-                if (!api_fd_commands[i].name && !NT_STATUS_IS_OK(rpc_load_module(p->name))) {
+                if (!api_fd_commands[i].name && !rpc_load_module(p->name)) {
                        DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
                                 p->name ));
                        if(!setup_bind_nak(p))
-- 
cgit 


From 5bec7f5fcac1a3e5a48b04f140b96f03b88f0965 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Thu, 20 Feb 2003 22:46:37 +0000
Subject: From aliguori@us.ibm.com: This patch adds the architecture for an
 IDMAP backend system including a new smb.conf parameter "winbind backend". 
 Right now, the only valid value is "tdb" but I'm currently working on an LDAP
 backend. (This used to be commit 35e4448dcb2deb0d5d34d9e974a49f2fb31f1356)

---
 source3/Makefile.in                   |   1 +
 source3/nsswitch/winbindd.h           |  25 ++
 source3/nsswitch/winbindd_idmap.c     | 625 ++++++++++------------------------
 source3/nsswitch/winbindd_idmap_tdb.c | 519 ++++++++++++++++++++++++++++
 source3/param/loadparm.c              |   6 +
 5 files changed, 738 insertions(+), 438 deletions(-)
 create mode 100644 source3/nsswitch/winbindd_idmap_tdb.c

diff --git a/source3/Makefile.in b/source3/Makefile.in
index e04550cf21..efc3b935b4 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -579,6 +579,7 @@ WINBINDD_OBJ1 = \
 		nsswitch/winbindd_user.o  \
 		nsswitch/winbindd_group.o \
 		nsswitch/winbindd_idmap.o \
+		nsswitch/winbindd_idmap_tdb.o \
 		nsswitch/winbindd_util.o  \
 		nsswitch/winbindd_cache.o \
 		nsswitch/winbindd_pam.o   \
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
index 164b7ffda7..a498b76626 100644
--- a/source3/nsswitch/winbindd.h
+++ b/source3/nsswitch/winbindd.h
@@ -4,6 +4,7 @@
    Winbind daemon for ntdom nss module
 
    Copyright (C) Tim Potter 2000
+   Copyright (C) Anthony Liguori 2003
    
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Library General Public
@@ -195,6 +196,30 @@ typedef struct {
 	POLICY_HND pol;
 } CLI_POLICY_HND;
 
+/* Filled out by IDMAP backends */
+struct idmap_methods {
+  /* Called when backend is first loaded */
+  BOOL (*init)(void);
+
+  BOOL (*get_sid_from_uid)(uid_t uid, DOM_SID *sid);
+  BOOL (*get_sid_from_gid)(gid_t gid, DOM_SID *sid);
+
+  BOOL (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid);
+  BOOL (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid);
+
+  BOOL (*get_rid_from_uid)(uid_t uid, uint32 *user_rid, 
+                           struct winbindd_domain **domain);
+  BOOL (*get_rid_from_gid)(gid_t gid, uint32 *group_rid,
+                           struct winbindd_domain **domain);
+  BOOL (*get_uid_from_rid)(const char *dom_name, uint32 rid, uid_t *uid);
+  BOOL (*get_gid_from_rid)(const char *dom_name, uint32 rid, gid_t *gid);
+
+  /* Called when backend is unloaded */
+  BOOL (*close)(void);
+  /* Called to dump backend status */
+  void (*status)(void);
+};
+
 #include "winbindd_proto.h"
 
 #include "rpc_parse.h"
diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c
index 6d184fec5f..d9448ef859 100644
--- a/source3/nsswitch/winbindd_idmap.c
+++ b/source3/nsswitch/winbindd_idmap.c
@@ -1,20 +1,19 @@
 /* 
    Unix SMB/CIFS implementation.
-
-   Winbind daemon - user related function
-
+   Winbind ID Mapping
    Copyright (C) Tim Potter 2000
-   
+   Copyright (C) Anthony Liguori <aliguor@us.ibm.com>	2003
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
@@ -22,508 +21,258 @@
 
 #include "winbindd.h"
 
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_WINBIND
-
-/* High water mark keys */
-
-#define HWM_GROUP  "GROUP HWM"
-#define HWM_USER   "USER HWM"
-
-/* idmap version determines auto-conversion */
-#define IDMAP_VERSION 2
-
-/* Globals */
-
-static TDB_CONTEXT *idmap_tdb;
-
-/* Allocate either a user or group id from the pool */
-
-static BOOL allocate_id(uid_t *id, BOOL isgroup)
+static struct {
+  const char *name;
+  /* Function to create a member of the idmap_methods list */
+  BOOL (*reg_meth)(struct idmap_methods **methods);
+  struct idmap_methods *methods;
+} builtin_idmap_functions[] = {
+  { "tdb", winbind_idmap_reg_tdb, NULL },
+  /*  { "ldap", winbind_idmap_reg_ldap, NULL },*/
+  { NULL, NULL, NULL }
+};
+
+/* singleton pattern: uberlazy evaluation */
+static struct idmap_methods *impl;
+
+static struct idmap_methods *get_impl(const char *name)
 {
-    int hwm;
-
-    /* Get current high water mark */
-
-    if ((hwm = tdb_fetch_int32(idmap_tdb, 
-                             isgroup ? HWM_GROUP : HWM_USER)) == -1) {
-        return False;
-    }
-
-    /* Return next available uid in list */
+  int i = 0;
+  struct idmap_methods *ret = NULL;
 
-    if ((isgroup && (hwm > server_state.gid_high)) ||
-        (!isgroup && (hwm > server_state.uid_high))) {
-        DEBUG(0, ("winbind %sid range full!\n", isgroup ? "g" : "u"));
-        return False;
-    }
+  while (builtin_idmap_functions[i].name && 
+         strcmp(builtin_idmap_functions[i].name, name)) {
+    i++;
+  }
 
-    if (id) {
-        *id = hwm;
+  if (builtin_idmap_functions[i].name) {
+    if (!builtin_idmap_functions[i].methods) {
+      builtin_idmap_functions[i].reg_meth(&builtin_idmap_functions[i].methods);
     }
 
-    hwm++;
+    ret = builtin_idmap_functions[i].methods;
+  }
 
-    /* Store new high water mark */
-
-    tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm);
-
-    return True;
+  return ret;
 }
 
-/* Get an id from a rid */
-static BOOL get_id_from_sid(DOM_SID *sid, uid_t *id, BOOL isgroup)
+/* Initialize backend */
+BOOL winbindd_idmap_init(void)
 {
-    TDB_DATA data, key;
-    fstring keystr;
-    BOOL result = False;
-
-    /* Check if sid is present in database */
-    sid_to_string(keystr, sid);
-    
-    key.dptr = keystr;
-    key.dsize = strlen(keystr) + 1;
-
-    data = tdb_fetch(idmap_tdb, key);
+  BOOL ret = False;
 
-    if (data.dptr) {
-        fstring scanstr;
-        int the_id;
+  DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n", 
+            lp_winbind_backend()));
 
-        /* Parse and return existing uid */
-        fstrcpy(scanstr, isgroup ? "GID" : "UID");
-        fstrcat(scanstr, " %d");
-
-        if (sscanf(data.dptr, scanstr, &the_id) == 1) {
-            /* Store uid */
-            if (id) {
-		    *id = the_id;
-            }
-
-            result = True;
-        }
-
-        SAFE_FREE(data.dptr);
-    } else {
-
-        /* Allocate a new id for this sid */
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+    if (!impl) {
+      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+                lp_winbind_backend()));
+    }
+  }
 
-        if (id && allocate_id(id, isgroup)) {
-            fstring keystr2;
+  if (impl) {
+    ret = impl->init();
+  }
 
-            /* Store new id */
-            
-            slprintf(keystr2, sizeof(keystr2), "%s %d", isgroup ? "GID" : "UID", *id);
+  DEBUG(3, ("winbind_idmap_init: returning %s\n", ret ? "true" : "false"));
 
-            data.dptr = keystr2;
-            data.dsize = strlen(keystr2) + 1;
+  return ret;
+}
 
-            tdb_store(idmap_tdb, key, data, TDB_REPLACE);
-            tdb_store(idmap_tdb, data, key, TDB_REPLACE);
+/* Get UID from SID */
+BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid)
+{
+  BOOL ret = False;
 
-            result = True;
-        }
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+    if (!impl) {
+      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+                lp_winbind_backend()));
     }
+  }
 
-    return result;
-}
+  if (impl) {
+    ret = impl->get_uid_from_sid(sid, uid);
+  }
 
-/* Get a uid from a user sid */
-BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid)
-{
-    return get_id_from_sid(sid, uid, False);
+  return ret;
 }
 
-/* Get a gid from a group sid */
+/* Get GID from SID */
 BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid)
 {
-    return get_id_from_sid(sid, gid, True);
-}
-
-/* Get a uid from a user rid */
-BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid)
-{
-	struct winbindd_domain *domain;
-	DOM_SID sid;
+  BOOL ret = False;
 
-	if (!(domain = find_domain_from_name(dom_name))) {
-		return False;
-	}
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+    if (!impl) {
+      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+                lp_winbind_backend()));
+    }
+  }
 
-	sid_copy(&sid, &domain->sid);
-	sid_append_rid(&sid, rid);
+  if (impl) {
+    ret = impl->get_gid_from_sid(sid, gid);
+  }
 
-	return get_id_from_sid(&sid, uid, False);
+  return ret;
 }
 
-/* Get a gid from a group rid */
-BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid)
+/* Get UID from RID */
+BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, 
+                                     uid_t *uid)
 {
-	struct winbindd_domain *domain;
-	DOM_SID sid;
+  BOOL ret = False;
 
-	if (!(domain = find_domain_from_name(dom_name))) {
-		return False;
-	}
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+    if (!impl) {
+      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+                lp_winbind_backend()));
+    }
+  }
 
-	sid_copy(&sid, &domain->sid);
-	sid_append_rid(&sid, rid);
+  if (impl) {
+    ret = impl->get_uid_from_rid(dom_name, rid, uid);
+  }
 
-	return get_id_from_sid(&sid, gid, True);
+  return ret;
 }
 
-
-BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup)
+/* Get GID From RID */
+BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, 
+                                     gid_t *gid)
 {
-    TDB_DATA key, data;
-    fstring keystr;
-    BOOL result = False;
-
-    slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", id);
-
-    key.dptr = keystr;
-    key.dsize = strlen(keystr) + 1;
+  BOOL ret = False;
 
-    data = tdb_fetch(idmap_tdb, key);
-
-    if (data.dptr) {
-	    result = string_to_sid(sid, data.dptr);
-	    SAFE_FREE(data.dptr);
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+    if (!impl) {
+      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+                lp_winbind_backend()));
     }
+  }
+
+  if (impl) {
+    ret = impl->get_gid_from_rid(dom_name, rid, gid);
+  }
 
-    return result;
+  return ret;
 }
 
-/* Get a sid from a uid */
+/* Get SID from UID */
 BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid)
 {
-	return get_sid_from_id((int)uid, sid, False);
-}
+  BOOL ret = False;
 
-/* Get a sid from a gid */
-BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid)
-{
-	return get_sid_from_id((int)gid, sid, True);
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+    if (!impl) {
+      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+                lp_winbind_backend()));
+    }
+  }
+
+  if (impl) {
+    ret = impl->get_sid_from_uid(uid, sid);
+  }
+
+  return ret;
 }
 
-/* Get a user rid from a uid */
-BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid,
-                                     struct winbindd_domain **domain)
+/* Get SID from GID */
+BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid)
 {
-	DOM_SID sid;
+  BOOL ret = False;
 
-	if (!get_sid_from_id((int)uid, &sid, False)) {
-		return False;
-	}
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+  }
 
-	*domain = find_domain_from_sid(&sid);
-	if (! *domain) return False;
+  if (impl) {
+    ret = impl->get_sid_from_gid(gid, sid);
+  } else {
+    DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+              lp_winbind_backend()));
+  }
 
-	sid_split_rid(&sid, user_rid);
-
-	return True;
+  return ret;
 }
 
-/* Get a group rid from a gid */
-
-BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, 
+/* Get RID From UID */
+BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid,
                                      struct winbindd_domain **domain)
 {
-	DOM_SID sid;
-
-	if (!get_sid_from_id((int)gid, &sid, True)) {
-		return False;
-	}
+  BOOL ret = False;
 
-	*domain = find_domain_from_sid(&sid);
-	if (! *domain) return False;
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+  }
 
-	sid_split_rid(&sid, group_rid);
+  if (impl) {
+    ret = impl->get_rid_from_uid(uid, user_rid, domain);
+  } else {
+    DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+              lp_winbind_backend()));
+  }
 
-	return True;
+  return ret;
 }
 
-/* convert one record to the new format */
-static int convert_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA data, void *ignored)
+/* Get RID from GID */
+BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, 
+                                     struct winbindd_domain **domain)
 {
-	struct winbindd_domain *domain;
-	char *p;
-	DOM_SID sid;
-	uint32 rid;
-	fstring keystr;
-	fstring dom_name;
-	TDB_DATA key2;
-
-	p = strchr(key.dptr, '/');
-	if (!p)
-		return 0;
-
-	*p = 0;
-	fstrcpy(dom_name, key.dptr);
-	*p++ = '/';
-
-	domain = find_domain_from_name(dom_name);
-	if (!domain) {
-		/* We must delete the old record. */
-		DEBUG(0,("winbindd: convert_fn : Unable to find domain %s\n", dom_name ));
-		DEBUG(0,("winbindd: convert_fn : deleting record %s\n", key.dptr ));
-		tdb_delete(idmap_tdb, key);
-		return 0;
-	}
-
-	rid = atoi(p);
-
-	sid_copy(&sid, &domain->sid);
-	sid_append_rid(&sid, rid);
-
-	sid_to_string(keystr, &sid);
-	key2.dptr = keystr;
-	key2.dsize = strlen(keystr) + 1;
-
-	if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) {
-		/* not good! */
-		DEBUG(0,("winbindd: convert_fn : Unable to update record %s\n", key2.dptr ));
-		DEBUG(0,("winbindd: convert_fn : conversion failed - idmap corrupt ?\n"));
-		return -1;
-	}
-
-	if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) {
-		/* not good! */
-		DEBUG(0,("winbindd: convert_fn : Unable to update record %s\n", data.dptr ));
-		DEBUG(0,("winbindd: convert_fn : conversion failed - idmap corrupt ?\n"));
-		return -1;
-	}
-
-	tdb_delete(idmap_tdb, key);
-
-	return 0;
-}
+  BOOL ret = False;
 
-#if 0
-/*****************************************************************************
- Make a backup copy of the old idmap just to be safe.... JRA.
-*****************************************************************************/
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+  }
 
-static BOOL backup_old_idmap(const char *idmap_name)
-{
-	pstring new_name;
-	int outfd = -1;
-	SMB_OFF_T size;
-	struct stat st;
-
-	pstrcpy(new_name, idmap_name);
-	pstrcat(new_name, ".bak");
-
-	DEBUG(10,("backup_old_idmap: backing up %s to %s before upgrade.\n",
-			idmap_name, new_name ));
-
-	if (tdb_lockall(idmap_tdb) == -1) {
-		DEBUG(10,("backup_old_idmap: failed to lock %s. Error %s\n",
-			idmap_name, tdb_errorstr(idmap_tdb) ));
-		return False;
-	}
-	if ((outfd = open(new_name, O_CREAT|O_EXCL|O_RDWR, 0600)) == -1) {
-		DEBUG(10,("backup_old_idmap: failed to open %s. Error %s\n",
-			new_name, strerror(errno) ));
-		goto fail;
-	}
-
-	if (fstat(idmap_tdb->fd, &st) == -1) {
-		DEBUG(10,("backup_old_idmap: failed to fstat %s. Error %s\n",
-			idmap_name, strerror(errno) ));
-		goto fail;
-	}
-
-	size = (SMB_OFF_T)st.st_size;
-
-	if (transfer_file(idmap_tdb->fd, outfd, size) != size ) {
-		DEBUG(10,("backup_old_idmap: failed to copy %s. Error %s\n",
-			idmap_name, strerror(errno) ));
-		goto fail;
-	}
-
-	if (close(outfd) == -1) {
-		DEBUG(10,("backup_old_idmap: failed to close %s. Error %s\n",
-			idmap_name, strerror(errno) ));
-		outfd = -1;
-		goto fail;
-	}
-	tdb_unlockall(idmap_tdb);
-	return True;
-
-fail:
-
-	if (outfd != -1)
-		close(outfd);
-	tdb_unlockall(idmap_tdb);
-	return False;
-}
-#endif
-
-/*****************************************************************************
- Convert the idmap database from an older version.
-*****************************************************************************/
+  if (impl) {
+    ret = impl->get_rid_from_gid(gid, group_rid, domain);
+  } else {
+    DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+              lp_winbind_backend()));
+  }
 
-static BOOL idmap_convert(const char *idmap_name)
-{
-	int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
-	BOOL bigendianheader = (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False;
-
-	if (vers == IDMAP_VERSION)
-		return True;
-
-#if 0
-	/* Make a backup copy before doing anything else.... */
-	if (!backup_old_idmap(idmap_name))
-		return False;
-#endif
-
-	if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) {
-		/* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
-		/*
-		 * high and low records were created on a
-		 * big endian machine and will need byte-reversing.
-		 */
-
-		int32 wm;
-
-		wm = tdb_fetch_int32(idmap_tdb, HWM_USER);
-
-		if (wm != -1) {
-			wm = IREV(wm);
-		}  else
-			wm = server_state.uid_low;
-
-		if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) {
-			DEBUG(0, ("idmap_convert: Unable to byteswap user hwm in idmap database\n"));
-			return False;
-		}
-
-		wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP);
-		if (wm != -1) {
-			wm = IREV(wm);
-		} else
-			wm = server_state.gid_low;
-
-		if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) {
-			DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n"));
-			return False;
-		}
-	}
-
-	/* the old format stored as DOMAIN/rid - now we store the SID direct */
-	tdb_traverse(idmap_tdb, convert_fn, NULL);
-
-	if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) {
-		DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*****************************************************************************
- Initialise idmap database. 
-*****************************************************************************/
-
-BOOL winbindd_idmap_init(void)
-{
-	/* Open tdb cache */
-
-	if (!(idmap_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0,
-				TDB_DEFAULT, O_RDWR | O_CREAT, 0600))) {
-		DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n"));
-		return False;
-	}
-
-	/* possibly convert from an earlier version */
-	if (!idmap_convert(lock_path("winbindd_idmap.tdb"))) {
-		DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n"));
-		return False;
-	}
-
-	/* Create high water marks for group and user id */
-
-	if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
-		if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) {
-			DEBUG(0, ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n"));
-			return False;
-		}
-	}
-
-	if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
-		if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) {
-			DEBUG(0, ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n"));
-			return False;
-		}
-	}
-
-	return True;   
+  return ret;
 }
 
+/* Close backend */
 BOOL winbindd_idmap_close(void)
 {
-	if (idmap_tdb)
-		return (tdb_close(idmap_tdb) == 0);
-	return True;
-}
+  BOOL ret = False;
 
-/* Dump status information to log file.  Display different stuff based on
-   the debug level:
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+  }
 
-   Debug Level        Information Displayed
-   =================================================================
-   0                  Percentage of [ug]id range allocated
-   0                  High water marks (next allocated ids)
-*/
+  if (impl) {
+    ret = impl->close();
+  } else {
+    DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+              lp_winbind_backend()));
+  }
 
-#define DUMP_INFO 0
+  return ret;
+}
 
+/* Dump backend status */
 void winbindd_idmap_status(void)
 {
-	int user_hwm, group_hwm;
-
-	DEBUG(0, ("winbindd idmap status:\n"));
-
-	/* Get current high water marks */
-
-	if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
-		DEBUG(DUMP_INFO, ("\tCould not get userid high water mark!\n"));
-	}
-
-	if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
-		DEBUG(DUMP_INFO, ("\tCould not get groupid high water mark!\n"));
-	}
-
-	/* Display next ids to allocate */
-
-	if (user_hwm != -1) {
-		DEBUG(DUMP_INFO, ("\tNext userid to allocate is %d\n", user_hwm));
-	}
-
-	if (group_hwm != -1) {
-		DEBUG(DUMP_INFO, ("\tNext groupid to allocate is %d\n", group_hwm));
-	}
-
-	/* Display percentage of id range already allocated. */
-
-	if (user_hwm != -1) {
-		int num_users = user_hwm - server_state.uid_low;
-		int total_users = server_state.uid_high - server_state.uid_low;
-
-		DEBUG(DUMP_INFO, ("\tUser id range is %d%% full (%d of %d)\n", 
-				num_users * 100 / total_users, num_users,
-				total_users));
-	}
-
-	if (group_hwm != -1) {
-		int num_groups = group_hwm - server_state.gid_low;
-		int total_groups = server_state.gid_high - server_state.gid_low;
-
-		DEBUG(DUMP_INFO, ("\tGroup id range is %d%% full (%d of %d)\n",
-				num_groups * 100 / total_groups, num_groups,
-				total_groups));
-	}
-
-	/* Display complete mapping of users and groups to rids */
+  if (!impl) {
+    impl = get_impl(lp_winbind_backend());
+  }
+
+  if (impl) {
+    impl->status();
+  } else {
+    DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+              lp_winbind_backend()));
+  }
 }
+
diff --git a/source3/nsswitch/winbindd_idmap_tdb.c b/source3/nsswitch/winbindd_idmap_tdb.c
new file mode 100644
index 0000000000..f27c3c1b5f
--- /dev/null
+++ b/source3/nsswitch/winbindd_idmap_tdb.c
@@ -0,0 +1,519 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon - user related function
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Anthony Liguori 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_WINBIND
+
+/* High water mark keys */
+#define HWM_GROUP  "GROUP HWM"
+#define HWM_USER   "USER HWM"
+
+/* idmap version determines auto-conversion */
+#define IDMAP_VERSION 2
+
+/* Globals */
+static TDB_CONTEXT *idmap_tdb;
+
+/* convert one record to the new format */
+static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data,
+			  void *ignored)
+{
+	struct winbindd_domain *domain;
+	char *p;
+	DOM_SID sid;
+	uint32 rid;
+	fstring keystr;
+	fstring dom_name;
+	TDB_DATA key2;
+
+	p = strchr(key.dptr, '/');
+	if (!p)
+		return 0;
+
+	*p = 0;
+	fstrcpy(dom_name, key.dptr);
+	*p++ = '/';
+
+	domain = find_domain_from_name(dom_name);
+	if (!domain) {
+		/* We must delete the old record. */
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : Unable to find domain %s\n",
+		       dom_name));
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : deleting record %s\n",
+		       key.dptr));
+		tdb_delete(idmap_tdb, key);
+		return 0;
+	}
+
+	rid = atoi(p);
+
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+
+	sid_to_string(keystr, &sid);
+	key2.dptr = keystr;
+	key2.dsize = strlen(keystr) + 1;
+
+	if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) {
+		/* not good! */
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : Unable to update record %s\n",
+		       key2.dptr));
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
+		return -1;
+	}
+
+	if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) {
+		/* not good! */
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : Unable to update record %s\n",
+		       data.dptr));
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
+		return -1;
+	}
+
+	tdb_delete(idmap_tdb, key);
+
+	return 0;
+}
+
+/*****************************************************************************
+ Convert the idmap database from an older version.
+*****************************************************************************/
+static BOOL tdb_idmap_convert(const char *idmap_name)
+{
+	int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
+	BOOL bigendianheader =
+	    (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False;
+
+	if (vers == IDMAP_VERSION)
+		return True;
+
+	if (((vers == -1) && bigendianheader)
+	    || (IREV(vers) == IDMAP_VERSION)) {
+		/* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
+		/*
+		 * high and low records were created on a
+		 * big endian machine and will need byte-reversing.
+		 */
+
+		int32 wm;
+
+		wm = tdb_fetch_int32(idmap_tdb, HWM_USER);
+
+		if (wm != -1) {
+			wm = IREV(wm);
+		} else
+			wm = server_state.uid_low;
+
+		if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) {
+			DEBUG(0,
+			      ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n"));
+			return False;
+		}
+
+		wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP);
+		if (wm != -1) {
+			wm = IREV(wm);
+		} else
+			wm = server_state.gid_low;
+
+		if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) {
+			DEBUG(0,
+			      ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+			return False;
+		}
+	}
+
+	/* the old format stored as DOMAIN/rid - now we store the SID direct */
+	tdb_traverse(idmap_tdb, tdb_convert_fn, NULL);
+
+	if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) ==
+	    -1) {
+		DEBUG(0,
+		      ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/* Allocate either a user or group id from the pool */
+static BOOL tdb_allocate_id(uid_t * id, BOOL isgroup)
+{
+	int hwm;
+
+	/* Get current high water mark */
+	if ((hwm = tdb_fetch_int32(idmap_tdb,
+				   isgroup ? HWM_GROUP : HWM_USER)) ==
+	    -1) {
+		return False;
+	}
+
+	/* Return next available uid in list */
+	if ((isgroup && (hwm > server_state.gid_high)) ||
+	    (!isgroup && (hwm > server_state.uid_high))) {
+		DEBUG(0,
+		      ("winbind %sid range full!\n", isgroup ? "g" : "u"));
+		return False;
+	}
+
+	if (id) {
+		*id = hwm;
+	}
+
+	hwm++;
+
+	/* Store new high water mark */
+	tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm);
+
+	return True;
+}
+
+/* Get a sid from an id */
+static BOOL tdb_get_sid_from_id(int id, DOM_SID * sid, BOOL isgroup)
+{
+	TDB_DATA key, data;
+	fstring keystr;
+	BOOL result = False;
+
+	slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID",
+		 id);
+
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
+	data = tdb_fetch(idmap_tdb, key);
+
+	if (data.dptr) {
+		result = string_to_sid(sid, data.dptr);
+		SAFE_FREE(data.dptr);
+	}
+
+	return result;
+}
+
+/* Get an id from a sid */
+static BOOL tdb_get_id_from_sid(DOM_SID * sid, uid_t * id, BOOL isgroup)
+{
+	TDB_DATA data, key;
+	fstring keystr;
+	BOOL result = False;
+
+	/* Check if sid is present in database */
+	sid_to_string(keystr, sid);
+
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
+	data = tdb_fetch(idmap_tdb, key);
+
+	if (data.dptr) {
+		fstring scanstr;
+		int the_id;
+
+		/* Parse and return existing uid */
+		fstrcpy(scanstr, isgroup ? "GID" : "UID");
+		fstrcat(scanstr, " %d");
+
+		if (sscanf(data.dptr, scanstr, &the_id) == 1) {
+			/* Store uid */
+			if (id) {
+				*id = the_id;
+			}
+
+			result = True;
+		}
+
+		SAFE_FREE(data.dptr);
+	} else {
+
+		/* Allocate a new id for this sid */
+		if (id && tdb_allocate_id(id, isgroup)) {
+			fstring keystr2;
+
+			/* Store new id */
+			slprintf(keystr2, sizeof(keystr2), "%s %d",
+				 isgroup ? "GID" : "UID", *id);
+
+			data.dptr = keystr2;
+			data.dsize = strlen(keystr2) + 1;
+
+			tdb_store(idmap_tdb, key, data, TDB_REPLACE);
+			tdb_store(idmap_tdb, data, key, TDB_REPLACE);
+
+			result = True;
+		}
+	}
+
+	return result;
+}
+
+/*****************************************************************************
+ Initialise idmap database. 
+*****************************************************************************/
+static BOOL tdb_idmap_init(void)
+{
+	/* Open tdb cache */
+	if (!(idmap_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0,
+				       TDB_DEFAULT, O_RDWR | O_CREAT,
+				       0600))) {
+		DEBUG(0,
+		      ("winbindd_idmap_init: Unable to open idmap database\n"));
+		return False;
+	}
+
+	/* possibly convert from an earlier version */
+	if (!tdb_idmap_convert(lock_path("winbindd_idmap.tdb"))) {
+		DEBUG(0,
+		      ("winbindd_idmap_init: Unable to open idmap database\n"));
+		return False;
+	}
+
+	/* Create high water marks for group and user id */
+	if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
+		if (tdb_store_int32
+		    (idmap_tdb, HWM_USER, server_state.uid_low) == -1) {
+			DEBUG(0,
+			      ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n"));
+			return False;
+		}
+	}
+
+	if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
+		if (tdb_store_int32
+		    (idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) {
+			DEBUG(0,
+			      ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n"));
+			return False;
+		}
+	}
+
+	return True;
+}
+
+/* Get a sid from a uid */
+static BOOL tdb_get_sid_from_uid(uid_t uid, DOM_SID * sid)
+{
+	return tdb_get_sid_from_id((int) uid, sid, False);
+}
+
+/* Get a sid from a gid */
+static BOOL tdb_get_sid_from_gid(gid_t gid, DOM_SID * sid)
+{
+	return tdb_get_sid_from_id((int) gid, sid, True);
+}
+
+/* Get a uid from a sid */
+static BOOL tdb_get_uid_from_sid(DOM_SID * sid, uid_t * uid)
+{
+	return tdb_get_id_from_sid(sid, uid, False);
+}
+
+/* Get a gid from a group sid */
+static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid)
+{
+	return tdb_get_id_from_sid(sid, gid, True);
+}
+
+/* Get a uid from a user rid */
+static BOOL tdb_get_uid_from_rid(const char *dom_name, uint32 rid,
+				 uid_t * uid)
+{
+	struct winbindd_domain *domain;
+	DOM_SID sid;
+
+	if (!(domain = find_domain_from_name(dom_name))) {
+		return False;
+	}
+
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+
+	return tdb_get_id_from_sid(&sid, uid, False);
+}
+
+/* Get a gid from a group rid */
+static BOOL tdb_get_gid_from_rid(const char *dom_name, uint32 rid,
+				 gid_t * gid)
+{
+	struct winbindd_domain *domain;
+	DOM_SID sid;
+
+	if (!(domain = find_domain_from_name(dom_name))) {
+		return False;
+	}
+
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+
+	return tdb_get_id_from_sid(&sid, gid, True);
+}
+
+/* Get a user rid from a uid */
+static BOOL tdb_get_rid_from_uid(uid_t uid, uint32 * user_rid,
+				 struct winbindd_domain **domain)
+{
+	DOM_SID sid;
+
+	if (!tdb_get_sid_from_id((int) uid, &sid, False)) {
+		return False;
+	}
+
+	*domain = find_domain_from_sid(&sid);
+	if (!*domain)
+		return False;
+
+	sid_split_rid(&sid, user_rid);
+
+	return True;
+}
+
+/* Get a group rid from a gid */
+static BOOL tdb_get_rid_from_gid(gid_t gid, uint32 * group_rid,
+				 struct winbindd_domain **domain)
+{
+	DOM_SID sid;
+
+	if (!tdb_get_sid_from_id((int) gid, &sid, True)) {
+		return False;
+	}
+
+	*domain = find_domain_from_sid(&sid);
+	if (!*domain)
+		return False;
+
+	sid_split_rid(&sid, group_rid);
+
+	return True;
+}
+
+/* Close the tdb */
+static BOOL tdb_idmap_close(void)
+{
+	if (idmap_tdb)
+		return (tdb_close(idmap_tdb) == 0);
+	return True;
+}
+
+
+/* Dump status information to log file.  Display different stuff based on
+   the debug level:
+
+   Debug Level        Information Displayed
+   =================================================================
+   0                  Percentage of [ug]id range allocated
+   0                  High water marks (next allocated ids)
+*/
+
+#define DUMP_INFO 0
+
+static void tdb_idmap_status(void)
+{
+	int user_hwm, group_hwm;
+
+	DEBUG(0, ("winbindd idmap status:\n"));
+
+	/* Get current high water marks */
+
+	if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tCould not get userid high water mark!\n"));
+	}
+
+	if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tCould not get groupid high water mark!\n"));
+	}
+
+	/* Display next ids to allocate */
+
+	if (user_hwm != -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tNext userid to allocate is %d\n", user_hwm));
+	}
+
+	if (group_hwm != -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tNext groupid to allocate is %d\n", group_hwm));
+	}
+
+	/* Display percentage of id range already allocated. */
+
+	if (user_hwm != -1) {
+		int num_users = user_hwm - server_state.uid_low;
+		int total_users =
+		    server_state.uid_high - server_state.uid_low;
+
+		DEBUG(DUMP_INFO,
+		      ("\tUser id range is %d%% full (%d of %d)\n",
+		       num_users * 100 / total_users, num_users,
+		       total_users));
+	}
+
+	if (group_hwm != -1) {
+		int num_groups = group_hwm - server_state.gid_low;
+		int total_groups =
+		    server_state.gid_high - server_state.gid_low;
+
+		DEBUG(DUMP_INFO,
+		      ("\tGroup id range is %d%% full (%d of %d)\n",
+		       num_groups * 100 / total_groups, num_groups,
+		       total_groups));
+	}
+
+	/* Display complete mapping of users and groups to rids */
+}
+
+struct idmap_methods tdb_idmap_methods = {
+	tdb_idmap_init,
+
+	tdb_get_sid_from_uid,
+	tdb_get_sid_from_gid,
+
+	tdb_get_uid_from_sid,
+	tdb_get_gid_from_sid,
+
+	tdb_get_rid_from_uid,
+	tdb_get_rid_from_gid,
+
+	tdb_get_uid_from_rid,
+	tdb_get_gid_from_rid,
+
+	tdb_idmap_close,
+
+	tdb_idmap_status
+};
+
+BOOL winbind_idmap_reg_tdb(struct idmap_methods **meth)
+{
+	*meth = &tdb_idmap_methods;
+
+	return True;
+}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 398ae88b97..01b6980c8f 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -8,6 +8,7 @@
    Copyright (C) Simo Sorce 2001
    Copyright (C) Alexander Bokovoy 2002
    Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Anthony Liguori 2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -171,6 +172,7 @@ typedef struct
 	BOOL bWinbindEnumUsers;
 	BOOL bWinbindEnumGroups;
 	BOOL bWinbindUseDefaultDomain;
+	char *szWinbindBackend;
 	char *szAddShareCommand;
 	char *szChangeShareCommand;
 	char *szDeleteShareCommand;
@@ -1118,6 +1120,7 @@ static struct parm_struct parm_table[] = {
 	{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"winbind backend", P_STRING, P_GLOBAL, &Globals.szWinbindBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 
 	{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
 };
@@ -1458,6 +1461,8 @@ static void init_globals(void)
 	Globals.bWinbindEnumGroups = True;
 	Globals.bWinbindUseDefaultDomain = False;
 
+	string_set(&Globals.szWinbindBackend, "tdb");
+
 	Globals.name_cache_timeout = 660; /* In seconds */
 
 	Globals.bUseSpnego = True;
@@ -1630,6 +1635,7 @@ FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat)
 FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
 FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
 FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
+FN_GLOBAL_STRING(lp_winbind_backend, &Globals.szWinbindBackend)
 
 #ifdef WITH_LDAP_SAMCONFIG
 FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
-- 
cgit 


From 1fc2976e14f8b79c85514d7947744bc495513670 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 21 Feb 2003 03:05:55 +0000
Subject: Doxygen janitor (This used to be commit
 367997562998adb3f80602596c770d9ac319065b)

---
 source3/lib/util_unistr.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
index 5c9b4c783b..522ab7eb40 100644
--- a/source3/lib/util_unistr.c
+++ b/source3/lib/util_unistr.c
@@ -95,9 +95,14 @@ static int check_dos_char(smb_ucs2_t c)
 	return (c == c2);
 }
 
-/*******************************************************************
-load the valid character map table
-********************************************************************/
+/**
+ * Load the valid character map table from <tt>valid.dat</tt> or
+ * create from the configured codepage.
+ *
+ * This function is called whenever the configuration is reloaded.
+ * However, the valid character table is not changed if it's loaded
+ * from a file, because we can't unmap files.
+ **/
 void init_valid_table(void)
 {
 	static int initialised;
@@ -114,6 +119,7 @@ void init_valid_table(void)
 		return;
 	}
 
+	/* Otherwise, using a dynamically loaded one. */
 	if (valid_table) free(valid_table);
 
 	DEBUG(2,("creating default valid table\n"));
@@ -128,6 +134,7 @@ void init_valid_table(void)
 }
 
 
+
 /*******************************************************************
  Write a string in (little-endian) unicode format. src is in
  the current DOS codepage. len is the length in bytes of the
-- 
cgit 


From 4834c61ebcc16397b496a8b37d5078021041b1c1 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 04:25:04 +0000
Subject: Fix for only specifying one command with -c (This used to be commit
 7418351427071edccb2e825ddbbf31fce8ef381e)

---
 source3/rpcclient/rpcclient.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 37ce597d4e..7a9c464cf6 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -170,7 +170,10 @@ static char* next_command (char** cmdstr)
 	if (p)
 		*p = '\0';
 	pstrcpy(command, *cmdstr);
-	*cmdstr = p + 1;
+	if (p)
+		*cmdstr = p + 1;
+	else
+		*cmdstr = NULL;
 	
 	return command;
 }
-- 
cgit 


From ae8d3538c762af4d2b5672cc3c9dd11f1c2db59b Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 04:26:58 +0000
Subject: Exit path cleanup for cli_samr_enum_dom_users() (This used to be
 commit 0bc1dfc68b0d411801a4209c9681c735cd7a73cc)

---
 source3/rpc_client/cli_samr.c | 52 +++++++++++++++----------------------------
 1 file changed, 18 insertions(+), 34 deletions(-)

diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index f0035ca22e..08c68b7632 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -561,8 +561,8 @@ NTSTATUS cli_samr_enum_dom_users(struct cli_state *cli, TALLOC_CTX *mem_ctx,
                                  uint32 size, char ***dom_users, uint32 **rids,
                                  uint32 *num_dom_users)
 {
-	prs_struct qdata;
-	prs_struct rdata;
+	prs_struct qbuf;
+	prs_struct rbuf;
 	SAMR_Q_ENUM_DOM_USERS q;
 	SAMR_R_ENUM_DOM_USERS r;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -571,40 +571,24 @@ NTSTATUS cli_samr_enum_dom_users(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 	
-	if (cli == NULL || pol == NULL)
-		return result;
-	
-	/* initialise parse structures */
-	prs_init(&qdata, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
-	prs_init(&rdata, 0, mem_ctx, UNMARSHALL);
-	
-	DEBUG(4, ("SAMR Enum Domain Users. start_idx: %d, acb: %d, size: %d\n",
-			*start_idx, acb_mask, size));
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 	
-	/* fill query structure with parameters */
+	/* Fill query structure with parameters */
+
 	init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, 0, size);
 	
-	/* prepare query stream */
-	if (!samr_io_q_enum_dom_users("", &q, &qdata, 0)) {
-		prs_mem_free(&qdata);
-		prs_mem_free(&rdata);
-		return result;
-	}
-	
-	/* send rpc call over the pipe */
-	if (!rpc_api_pipe_req(cli, SAMR_ENUM_DOM_USERS, &qdata, &rdata)) {
-		prs_mem_free(&qdata);
-		prs_mem_free(&rdata);
-		return result;
+	if (!samr_io_q_enum_dom_users("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_USERS, &qbuf, &rbuf)) {
+		goto done;
 	}
-		
+
 	/* unpack received stream */
-	if(!samr_io_r_enum_dom_users("", &r, &rdata, 0)) {
-		prs_mem_free(&qdata);
-		prs_mem_free(&rdata);
-		result = r.status;
-		return result;
-	}
+
+	if(!samr_io_r_enum_dom_users("", &r, &rbuf, 0))
+		goto done;
 	
 	/* return the data obtained in response */
 	if (!NT_STATUS_IS_OK(r.status) &&
@@ -641,13 +625,13 @@ NTSTATUS cli_samr_enum_dom_users(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 		}
 	}
 	
-	prs_mem_free(&qdata);
-	prs_mem_free(&rdata);
+done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
 	
 	return result;
 };
 
-
 /* Enumerate domain groups */
 
 NTSTATUS cli_samr_enum_dom_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
-- 
cgit 


From 696895d5b1c7749e7efa512330a970bbda74edab Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 04:28:32 +0000
Subject: Added enumdomusers command. (This used to be commit
 30353da3e94f732e9f1b258e62da906f628e09d0)

---
 source3/rpcclient/cmd_samr.c | 75 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 9e8d105c46..85aface7be 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -626,6 +626,80 @@ static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
 	return result;
 }
 
+/* Enumerate domain users */
+
+static NTSTATUS cmd_samr_enum_dom_users(struct cli_state *cli, 
+					TALLOC_CTX *mem_ctx,
+					int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 start_idx, size, num_dom_users, i;
+	char **dom_users;
+	uint32 *dom_rids;
+	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+	uint16 acb_mask = ACB_NORMAL;
+	BOOL got_connect_pol = False, got_domain_pol = False;
+
+	if ((argc < 1) || (argc > 2)) {
+		printf("Usage: %s [access_mask]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+	
+	if (argc > 1)
+		sscanf(argv[1], "%x", &access_mask);
+
+	/* Get sam policy handle */
+
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				   &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_connect_pol = True;
+
+	/* Get domain policy handle */
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      access_mask,
+				      &domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_domain_pol = True;
+
+	/* Enumerate domain users */
+
+	start_idx = 0;
+	size = 0xffff;
+
+	do {
+		result = cli_samr_enum_dom_users(
+			cli, mem_ctx, &domain_pol, &start_idx, acb_mask,
+			size, &dom_users, &dom_rids, &num_dom_users);
+
+		if (NT_STATUS_IS_OK(result) ||
+		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
+
+			for (i = 0; i < num_dom_users; i++)
+				printf("group:[%s] rid:[0x%x]\n", 
+				       dom_users[i], dom_rids[i]);
+		}
+
+	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
+
+ done:
+	if (got_domain_pol)
+		cli_samr_close(cli, mem_ctx, &domain_pol);
+
+	if (got_connect_pol)
+		cli_samr_close(cli, mem_ctx, &connect_pol);
+
+	return result;
+}
+
 /* Enumerate domain groups */
 
 static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli, 
@@ -1428,6 +1502,7 @@ struct cmd_set samr_commands[] = {
 	{ "queryaliasmem", 	cmd_samr_query_aliasmem, 	PI_SAMR,	"Query alias membership",  "" },
 	{ "querydispinfo", 	cmd_samr_query_dispinfo, 	PI_SAMR,	"Query display info",      "" },
 	{ "querydominfo", 	cmd_samr_query_dominfo, 	PI_SAMR,	"Query domain info",       "" },
+	{ "enumdomusers",      cmd_samr_enum_dom_users,       PI_SAMR,	"Enumerate domain users", "" },
 	{ "enumdomgroups",      cmd_samr_enum_dom_groups,       PI_SAMR,	"Enumerate domain groups", "" },
 	{ "enumalsgroups",      cmd_samr_enum_als_groups,       PI_SAMR,	"Enumerate alias groups",  "" },
 
-- 
cgit 


From 9383d61f6c61ba8600ec73d22bd6f048c55a5261 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 04:47:24 +0000
Subject: Fixed compiler warning. (This used to be commit
 b3f9cf8c1c293e905a536dfa5bb6a827627b7024)

---
 source3/rpc_server/srv_lsa_nt.c | 2 +-
 source3/smbd/sesssetup.c        | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index b230381d62..1b42c5f141 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1280,7 +1280,7 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
 
 	r_u->status = privilege_enum_account_rights(&q_u->sid.sid, &num_rights, &rights);
 
-	init_r_enum_acct_rights(r_u, num_rights, rights);
+	init_r_enum_acct_rights(r_u, num_rights, (const char **)rights);
 
 	for (i=0;i<num_rights;i++) {
 		free(rights[i]);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 3a3209f172..eafe805aba 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -463,7 +463,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 	extern BOOL global_encrypted_passwords_negotiated;
 	extern BOOL global_spnego_negotiated;
 	extern int Protocol;
-	extern userdom_struct current_user_info;
 	extern int max_send;
 
 	auth_usersupplied_info *user_info = NULL;
-- 
cgit 


From 38cb0a122f00a7a979b7c1c2642c8d647ae58a9b Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 04:53:39 +0000
Subject: Fixed another compiler warning. (This used to be commit
 d15b7425d408f17505c4f3a91ec68bcfc4472c16)

---
 source3/utils/net_ads.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index d508320423..75bb29f213 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -110,7 +110,7 @@ static int net_ads_info(int argc, const char **argv)
 	return 0;
 }
 
-static void use_in_memory_ccache() {
+static void use_in_memory_ccache(void) {
 	/* Use in-memory credentials cache so we do not interfere with
 	 * existing credentials */
 	setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1);
-- 
cgit 


From 7eff9dd5eff7656aa4b41ac0c413c28776b81b9e Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 05:06:49 +0000
Subject: Fix another compiler warning. (This used to be commit
 1ea27d7987d2c0f67977371a99efec3ded13c872)

---
 source3/nsswitch/winbindd_ads.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 9560a53fa0..9fd391870b 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -39,7 +39,6 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 {
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
-	char *ccache;
 
 	if (domain->private) {
 		return (ADS_STRUCT *)domain->private;
-- 
cgit 


From e1c987abf2c716e26d2484a89e23507d1d2a9c5e Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 05:07:51 +0000
Subject: Doesn't anyone run ./configure.developer anymore? (This used to be
 commit 09be123c6c1b67621eaf6c8ffb3016eccd375e5b)

---
 source3/libsmb/cliconnect.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index c57f92eea9..901daf4b09 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -453,7 +453,7 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
 /****************************************************************************
  Use in-memory credentials cache
 ****************************************************************************/
-static void use_in_memory_ccache() {
+static void use_in_memory_ccache(void) {
 	setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
 }
 
-- 
cgit 


From 6a46281dbb9c1f1f3278f199e812ba71bd0b45b8 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 21 Feb 2003 05:51:10 +0000
Subject: Ignore errors on python_clean target. (This used to be commit
 3805a9c5d5e98e089e1cd9e794f7204fc354a311)

---
 source3/Makefile.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index efc3b935b4..cbd8418a48 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1085,7 +1085,7 @@ python_install: $(PYTHON_OBJS)
 		$(PYTHON) python/setup.py install
 
 python_clean:
-	@if test -n "$(PYTHON)"; then $(PYTHON) python/setup.py clean; fi
+	@-if test -n "$(PYTHON)"; then $(PYTHON) python/setup.py clean; fi
 
 # revert to the previously installed version
 revert:
-- 
cgit 


From 2935d153763ca3f40de974418c479c4ef6cd4ec0 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 21 Feb 2003 06:25:39 +0000
Subject: Added comments to make it clearer when we're assigning a pointer that
 it must not be freed afterwards. Jeremy. (This used to be commit
 80bad908c0235a57446c70b9632d3415c9d2fcf5)

---
 source3/smbd/posix_acls.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index a40fb4042f..93a57925f1 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1000,8 +1000,16 @@ Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
 						return False;
 					}
 
+					/*
+					 * We must not free current_ace here as its
+					 * pointer is now owned by the dir_ace list.
+					 */
 					current_ace = dup_ace;
 				} else {
+					/*
+					 * We must not free current_ace here as its
+					 * pointer is now owned by the dir_ace list.
+					 */
 					current_ace = NULL;
 				}
 			}
@@ -1036,6 +1044,10 @@ Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
 				print_canon_ace( current_ace, 0);
 			}
 			all_aces_are_inherit_only = False;
+			/*
+			 * We must not free current_ace here as its
+			 * pointer is now owned by the file_ace list.
+			 */
 			current_ace = NULL;
 		}
 
-- 
cgit 


From db721d24c5ed337e2fd69860d0a4011a6c1f3e2d Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Fri, 21 Feb 2003 13:25:10 +0000
Subject: rename 'winbind backend' to 'idmap backend'.  Put paramter in
 security section...does this make sense? (This used to be commit
 822083f73e8ba4e096c53ff0f7578f47bc21b7b5)

---
 source3/nsswitch/winbindd_idmap.c | 46 +++++++++++++++++++--------------------
 source3/param/loadparm.c          |  8 +++----
 2 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c
index d9448ef859..0a17fcd87f 100644
--- a/source3/nsswitch/winbindd_idmap.c
+++ b/source3/nsswitch/winbindd_idmap.c
@@ -62,13 +62,13 @@ BOOL winbindd_idmap_init(void)
   BOOL ret = False;
 
   DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n", 
-            lp_winbind_backend()));
+            lp_idmap_backend()));
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
     if (!impl) {
       DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_winbind_backend()));
+                lp_idmap_backend()));
     }
   }
 
@@ -87,10 +87,10 @@ BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid)
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
     if (!impl) {
       DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_winbind_backend()));
+                lp_idmap_backend()));
     }
   }
 
@@ -107,10 +107,10 @@ BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid)
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
     if (!impl) {
       DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_winbind_backend()));
+                lp_idmap_backend()));
     }
   }
 
@@ -128,10 +128,10 @@ BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid,
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
     if (!impl) {
       DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_winbind_backend()));
+                lp_idmap_backend()));
     }
   }
 
@@ -149,10 +149,10 @@ BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid,
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
     if (!impl) {
       DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_winbind_backend()));
+                lp_idmap_backend()));
     }
   }
 
@@ -169,10 +169,10 @@ BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid)
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
     if (!impl) {
       DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_winbind_backend()));
+                lp_idmap_backend()));
     }
   }
 
@@ -189,14 +189,14 @@ BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid)
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
   }
 
   if (impl) {
     ret = impl->get_sid_from_gid(gid, sid);
   } else {
     DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-              lp_winbind_backend()));
+              lp_idmap_backend()));
   }
 
   return ret;
@@ -209,14 +209,14 @@ BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid,
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
   }
 
   if (impl) {
     ret = impl->get_rid_from_uid(uid, user_rid, domain);
   } else {
     DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-              lp_winbind_backend()));
+              lp_idmap_backend()));
   }
 
   return ret;
@@ -229,14 +229,14 @@ BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid,
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
   }
 
   if (impl) {
     ret = impl->get_rid_from_gid(gid, group_rid, domain);
   } else {
     DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-              lp_winbind_backend()));
+              lp_idmap_backend()));
   }
 
   return ret;
@@ -248,14 +248,14 @@ BOOL winbindd_idmap_close(void)
   BOOL ret = False;
 
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
   }
 
   if (impl) {
     ret = impl->close();
   } else {
     DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-              lp_winbind_backend()));
+              lp_idmap_backend()));
   }
 
   return ret;
@@ -265,14 +265,14 @@ BOOL winbindd_idmap_close(void)
 void winbindd_idmap_status(void)
 {
   if (!impl) {
-    impl = get_impl(lp_winbind_backend());
+    impl = get_impl(lp_idmap_backend());
   }
 
   if (impl) {
     impl->status();
   } else {
     DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-              lp_winbind_backend()));
+              lp_idmap_backend()));
   }
 }
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 01b6980c8f..7aaae439b1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -172,7 +172,7 @@ typedef struct
 	BOOL bWinbindEnumUsers;
 	BOOL bWinbindEnumGroups;
 	BOOL bWinbindUseDefaultDomain;
-	char *szWinbindBackend;
+	char *szIDMapBackend;
 	char *szAddShareCommand;
 	char *szChangeShareCommand;
 	char *szDeleteShareCommand;
@@ -749,6 +749,7 @@ static struct parm_struct parm_table[] = {
 	{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"idmap backend", P_STRING, P_GLOBAL, &Globals.szIDMapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -1120,7 +1121,6 @@ static struct parm_struct parm_table[] = {
 	{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
-	{"winbind backend", P_STRING, P_GLOBAL, &Globals.szWinbindBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 
 	{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
 };
@@ -1461,7 +1461,7 @@ static void init_globals(void)
 	Globals.bWinbindEnumGroups = True;
 	Globals.bWinbindUseDefaultDomain = False;
 
-	string_set(&Globals.szWinbindBackend, "tdb");
+	string_set(&Globals.szIDMapBackend, "tdb");
 
 	Globals.name_cache_timeout = 660; /* In seconds */
 
@@ -1635,7 +1635,7 @@ FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat)
 FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
 FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
 FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
-FN_GLOBAL_STRING(lp_winbind_backend, &Globals.szWinbindBackend)
+FN_GLOBAL_STRING(lp_idmap_backend, &Globals.szIDMapBackend)
 
 #ifdef WITH_LDAP_SAMCONFIG
 FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
-- 
cgit 


From 23553b48e6bd21481ca32c4b3ee54fc1aded4174 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Fri, 21 Feb 2003 14:35:02 +0000
Subject: Fix IRIX build...void fn can't return another void fn (This used to
 be commit df3c7c9cbb275e9c35356b4f1cab1a741de6f500)

---
 source3/libsmb/clikrb5.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 96e737166c..bef6998a49 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -131,7 +131,8 @@ krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
 			   krb5_enctype *enctypes)
 {
 #if defined(HAVE_KRB5_FREE_KTYPES)
-	return krb5_free_ktypes(context, enctypes);
+	krb5_free_ktypes(context, enctypes);
+	return;
 #else
 	SAFE_FREE(enctypes);
 	return;
-- 
cgit 


From 193f9200aa4ea692e9126f3df68a5cb83e3a4056 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 21 Feb 2003 16:15:30 +0000
Subject: patch from Hal Roberts check for a valid [f]chmod_acl function
 pointer before calling it.  Fixes seg fault in audit VFS module (This used to
 be commit 5e115d43812021f9a16111fc7c05d750026cca1e)

---
 source3/modules/vfs_audit.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c
index 92b78c1c32..1944c98e53 100644
--- a/source3/modules/vfs_audit.c
+++ b/source3/modules/vfs_audit.c
@@ -233,7 +233,12 @@ static int audit_chmod(struct connection_struct *conn, const char *path, mode_t
 
 static int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode)
 {
-	int result = default_vfs_ops.chmod_acl(conn, path, mode);
+	int result;
+
+	if ( !default_vfs_ops.chmod_acl )
+		return 0;
+
+	result = default_vfs_ops.chmod_acl(conn, path, mode);
 
 	syslog(SYSLOG_PRIORITY, "chmod_acl %s mode 0x%x %s%s\n",
 	       path, mode,
@@ -257,7 +262,12 @@ static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode)
 
 static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode)
 {
-	int result = default_vfs_ops.fchmod_acl(fsp, fd, mode);
+	int result;
+
+	if ( !default_vfs_ops.fchmod_acl )
+		return 0;
+
+	result = default_vfs_ops.fchmod_acl(fsp, fd, mode);
 
 	syslog(SYSLOG_PRIORITY, "fchmod_acl %s mode 0x%x %s%s\n",
 	       fsp->fsp_name, mode,
-- 
cgit 


From ab985b983f45a284b2ee9fdd08801989574edf4b Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 21 Feb 2003 17:08:43 +0000
Subject: couple of merges from APP_HEAD   * performance optimization in
 enumprinterdataex() when keyname is empty   * fix a few typos in comments   *
 reload services after addprinter_command()

dump registry data in ascii when the key is REG_SZ or REG_MULTI_SZ
(This used to be commit fde6ef7cc62c58d512dc8053b214f0a3c59a78ab)
---
 source3/rpc_parse/parse_spoolss.c   |  2 +-
 source3/rpc_server/srv_spoolss_nt.c | 27 ++++++++++++++++++++++++---
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index cb3b2efd9d..fb2aaf71ec 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1372,7 +1372,7 @@ BOOL spoolss_io_r_getprinterdata(const char *desc, SPOOL_R_GETPRINTERDATA *r_u,
 			return False;
 	}
 
-	if (!prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size))
+	if (!prs_uint8s( r_u->type&(REG_SZ|REG_MULTI_SZ), "data", ps, depth, r_u->data, r_u->size ))
 		return False;
 		
 	if (!prs_align(ps))
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index d94bebf4c1..4c87d0f73d 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -615,7 +615,7 @@ static BOOL is_monitoring_event(Printer_entry *p, uint16 notify_type,
 
 	/* 
 	 * Flags should always be zero when the change notify
-	 * is registered by the cliebnt's spooler.  A user Win32 app
+	 * is registered by the client's spooler.  A user Win32 app
 	 * might use the flags though instead of the NOTIFY_OPTION_INFO 
 	 * --jerry
 	 */
@@ -5936,6 +5936,13 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 			result = WERR_ACCESS_DENIED;
 			goto done;
 		}
+
+		/* 
+		 * make sure we actually reload the services after 
+		 * this as smb.conf could have a new section in it 
+		 * .... shouldn't .... but could
+		 */
+		reload_services(False);	
 	}
 	
 	/*
@@ -8871,11 +8878,24 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_
 	DEBUG(4,("_spoolss_enumprinterdataex\n"));
 
 	if (!Printer) {
-		DEBUG(2,("_spoolss_enumprinterdata: Invalid handle (%s:%u:%u1<).\n", OUR_HANDLE(handle)));
+		DEBUG(2,("_spoolss_enumprinterdataex: Invalid handle (%s:%u:%u1<).\n", OUR_HANDLE(handle)));
 		return WERR_BADFID;
 	}
 
-	/* first get the printer off of disk */
+	/* 
+	 * first check for a keyname of NULL or "".  Win2k seems to send 
+	 * this a lot and we should send back WERR_INVALID_PARAM
+	 * no need to spend time looking up the printer in this case.
+	 * --jerry
+	 */
+	 
+	unistr2_to_dos(key, &q_u->key, sizeof(key) - 1);
+	if ( !strlen(key) ) {
+		result = WERR_INVALID_PARAM;
+		goto done;
+	}
+
+	/* get the printer off of disk */
 	
 	if (!get_printer_snum(p,handle, &snum))
 		return WERR_BADFID;
@@ -8971,6 +8991,7 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_
 	
 		
 done:	
+	if ( printer )
 	free_a_printer(&printer, 2);
 
 	return result;
-- 
cgit 


From 3d730f89cf3c30d8b17f0d35d2cdf28db53296e2 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 21 Feb 2003 20:00:46 +0000
Subject: i patched the wrong branch! s/unistr2_to_dos/unistr2_to_ascii/ (This
 used to be commit 513fb2ddd85a74de7684a6cb09d57011af69161f)

---
 source3/rpc_server/srv_spoolss_nt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 4c87d0f73d..93566c2bb7 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -8889,7 +8889,7 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_
 	 * --jerry
 	 */
 	 
-	unistr2_to_dos(key, &q_u->key, sizeof(key) - 1);
+	unistr2_to_ascii(key, &q_u->key, sizeof(key) - 1);
 	if ( !strlen(key) ) {
 		result = WERR_INVALID_PARAM;
 		goto done;
-- 
cgit 


From 301ebd6324138b9628638c0020597227d0cbf959 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 00:54:08 +0000
Subject: Fix a DEBUG() formatting, add some more debug to our SID pulling code
 and inline the call to prs_copy_all_data_out() so that we can know we are not
 overrunning our buffer.

Also check more return values.

Andrew Bartlett
(This used to be commit e3b73d5d658584428c81c9ef3ccf024687a56e2f)
---
 source3/libads/ldap.c             | 51 +++++++++++++++++++++++++--------------
 source3/nsswitch/winbindd_group.c |  2 +-
 2 files changed, 34 insertions(+), 19 deletions(-)

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 67669fc078..bc90e90ea0 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -816,18 +816,18 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 {
 	int curmod;
 	LDAPMod **modlist = (LDAPMod **) *mods;
-	void **values;
+	struct berval **ber_values;
+	char **char_values;
 
 	if (!invals) {
-		values = NULL;
 		mod_op = LDAP_MOD_DELETE;
 	} else {
 		if (mod_op & LDAP_MOD_BVALUES)
-			values = (void **) ads_dup_values(ctx, 
-					   (const struct berval **)invals);
+			ber_values = ads_dup_values(ctx, 
+						(const struct berval **)invals);
 		else
-			values = (void **) ads_push_strvals(ctx, 
-						   (const char **) invals);
+			char_values = ads_push_strvals(ctx, 
+						  (const char **) invals);
 	}
 
 	/* find the first empty slot */
@@ -846,10 +846,14 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 	if (!(modlist[curmod] = talloc_zero(ctx, sizeof(LDAPMod))))
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	modlist[curmod]->mod_type = talloc_strdup(ctx, name);
-	if (mod_op & LDAP_MOD_BVALUES)
-		modlist[curmod]->mod_bvalues = (struct berval **) values;
-	else
-		modlist[curmod]->mod_values = (char **) values;
+	if (mod_op & LDAP_MOD_BVALUES) {
+		modlist[curmod]->mod_bvalues = ber_values;
+	} else if (mod_op & LDAP_MOD_DELETE) {
+		modlist[curmod]->mod_values = NULL;
+	} else {
+		modlist[curmod]->mod_values = char_values;
+	}
+
 	modlist[curmod]->mod_op = mod_op;
 	return ADS_ERROR(LDAP_SUCCESS);
 }
@@ -1500,16 +1504,24 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
 #endif
 	if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY);
 
-	bval.bv_len = sd_size;
-	bval.bv_val = talloc(ctx, sd_size);
+	bval.bv_len = prs_offset(&ps_wire);
+	bval.bv_val = talloc(ctx, bval.bv_len);
 	if (!bval.bv_val) {
 		ret = ADS_ERROR(LDAP_NO_MEMORY);
 		goto ads_set_sd_error;
 	}
-	prs_copy_all_data_out(bval.bv_val, &ps_wire);
 
-	ads_mod_ber(ctx, &mods, attrs[0], &bval);
-	ret = ads_gen_mod(ads, dn, mods);
+	prs_set_offset(&ps_wire, 0);
+
+	if (!prs_copy_data_out(bval.bv_val, &ps_wire, bval.bv_len)) {
+		ret = ADS_ERROR(LDAP_NO_MEMORY);
+		goto ads_set_sd_error;		
+	}
+
+	ret = ads_mod_ber(ctx, &mods, attrs[0], &bval);
+	if (ADS_ERR_OK(ret)) {
+		ret = ads_gen_mod(ads, dn, mods);
+	}
 
 ads_set_sd_error:
 	ads_msgfree(ads, res);
@@ -1554,7 +1566,7 @@ char *ads_pull_string(ADS_STRUCT *ads,
 	char **values;
 	char *ret = NULL;
 	char *ux_string;
-	int rc;
+	size_t rc;
 
 	values = ldap_get_values(ads->ld, msg, field);
 	if (!values)
@@ -1563,7 +1575,7 @@ char *ads_pull_string(ADS_STRUCT *ads,
 	if (values[0]) {
 		rc = pull_utf8_talloc(mem_ctx, &ux_string, 
 				      values[0]);
-		if (rc != -1)
+		if (rc != (size_t)-1)
 			ret = ux_string;
 		
 	}
@@ -1725,8 +1737,11 @@ int ads_pull_sids(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
 	count = 0;
 	for (i=0; values[i]; i++) {
 		ret = sid_parse(values[i]->bv_val, values[i]->bv_len, &(*sids)[count]);
-		if (ret)
+		if (ret) {
+			fstring sid;
+			DEBUG(10, ("pulling SID: %s\n", sid_to_string(sid, &(*sids)[count])));
 			count++;
+		}
 	}
 	
 	ldap_value_free_len(values);
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 6b2f05f436..94a826fbbc 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -434,7 +434,7 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
 	status = domain->methods->enum_dom_groups(domain, mem_ctx, &num_entries, &sam_grp_entries);
 	
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s", nt_errstr(status)));
+		DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s\n", nt_errstr(status)));
 		result = False;
 		goto done;
 	}
-- 
cgit 


From ca2e9955764fa0bec3ace1fc049f13bb8e2961ac Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 22 Feb 2003 01:08:19 +0000
Subject: New locktest7 code based on patch from "Srikanta Shivanna"
 <sshivanna@pillardata.com> Jeremy. (This used to be commit
 caf298c3808cbdd683e884b32b7a0538505a3066)

---
 source3/torture/torture.c | 134 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 134 insertions(+)

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 97e864de96..fe53baae7e 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -1569,6 +1569,139 @@ static BOOL run_locktest6(int dummy)
 	return True;
 }
 
+static BOOL run_locktest7(int dummy)
+{
+	static struct cli_state cli1;
+	const char *fname = "\\lockt7.lck";
+	int fnum1;
+	char buf[200];
+	BOOL correct = False;
+
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+
+	cli_sockopt(&cli1, sockops);
+
+	printf("starting locktest7\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+
+	memset(buf, 0, sizeof(buf));
+
+	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+		printf("Failed to create file\n");
+		goto fail;
+	}
+
+	cli_setpid(&cli1, 1);
+
+	if (!cli_lock(&cli1, fnum1, 130, 4, 0, READ_LOCK)) {
+		printf("Unable to apply read lock on range 130:4, error was %s\n", cli_errstr(&cli1));
+		goto fail;
+	} else {
+		printf("pid1 successfully locked range 130:4 for READ\n");
+	}
+
+	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
+		goto fail;
+	} else {
+		printf("pid1 successfully read the range 130:4\n");
+	}
+
+	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
+		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
+			goto fail;
+		}
+	} else {
+		printf("pid1 successfully wrote to the range 130:4 (should be denied)\n");
+		goto fail;
+	}
+
+	cli_setpid(&cli1, 2);
+
+	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
+	} else {
+		printf("pid2 successfully read the range 130:4\n");
+	}
+
+	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
+		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
+			goto fail;
+		}
+	} else {
+		printf("pid2 successfully wrote to the range 130:4 (should be denied)\n");
+		goto fail;
+	}
+
+	cli_setpid(&cli1, 1);
+	cli_unlock(&cli1, fnum1, 130, 4);
+
+	if (!cli_lock(&cli1, fnum1, 130, 4, 0, WRITE_LOCK)) {
+		printf("Unable to apply write lock on range 130:4, error was %s\n", cli_errstr(&cli1));
+		goto fail;
+	} else {
+		printf("pid1 successfully locked range 130:4 for WRITE\n");
+	}
+
+	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
+		goto fail;
+	} else {
+		printf("pid1 successfully read the range 130:4\n");
+	}
+
+	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
+		goto fail;
+	} else {
+		printf("pid1 successfully wrote to the range 130:4\n");
+	}
+
+	cli_setpid(&cli1, 2);
+
+	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
+		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
+			goto fail;
+		}
+	} else {
+		printf("pid2 successfully read the range 130:4 (should be denied)\n");
+		goto fail;
+	}
+
+	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
+		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
+			goto fail;
+		}
+	} else {
+		printf("pid2 successfully wrote to the range 130:4 (should be denied)\n");
+		goto fail;
+	}
+
+	cli_unlock(&cli1, fnum1, 130, 0);
+	correct = True;
+
+fail:
+	cli_close(&cli1, fnum1);
+	cli_unlink(&cli1, fname);
+	torture_close_connection(&cli1);
+
+	printf("finished locktest7\n");
+	return correct;
+}
+
 /*
 test whether fnums and tids open on one VC are available on another (a major
 security hole)
@@ -3956,6 +4089,7 @@ static struct {
 	{"LOCK4",  run_locktest4,  0},
 	{"LOCK5",  run_locktest5,  0},
 	{"LOCK6",  run_locktest6,  0},
+	{"LOCK7",  run_locktest7,  0},
 	{"UNLINK", run_unlinktest, 0},
 	{"BROWSE", run_browsetest, 0},
 	{"ATTR",   run_attrtest,   0},
-- 
cgit 


From 4fdb86eb3b9b7eb01a90e3f3a846fb9f223d7208 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 22 Feb 2003 01:09:42 +0000
Subject: When checking is_locked() new WRITE locks conflict with existing READ
 locks even if the context is the same. See LOCKTEST7 in smbtorture. Jeremy.
 (This used to be commit b362cc241b829f585a96b5d285ed12db50b21e2e)

---
 source3/locking/brlock.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 8c22f7d7ab..9902c7bbd7 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -151,9 +151,16 @@ static BOOL brl_conflict_other(struct lock_struct *lck1, struct lock_struct *lck
 	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) 
 		return False;
 
-	if (brl_same_context(&lck1->context, &lck2->context) &&
-				lck1->fnum == lck2->fnum)
-		return False;
+	/*
+	 * Incoming WRITE locks conflict with existing READ locks even
+	 * if the context is the same. JRA. See LOCKTEST7 in smbtorture.
+	 */
+
+	if (!(lck2->lock_type == WRITE_LOCK && lck1->lock_type == READ_LOCK)) {
+		if (brl_same_context(&lck1->context, &lck2->context) &&
+					lck1->fnum == lck2->fnum)
+			return False;
+	}
 
 	if (lck1->start >= (lck2->start + lck2->size) ||
 	    lck2->start >= (lck1->start + lck1->size)) return False;
-- 
cgit 


From ab43a25b2893506d5de305626dfbbf98966f1f78 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 11:34:04 +0000
Subject: First check if the user is in the passdb, then check Get_Pwnam().

We check passdb becouse the user might have things like a logon script set,
but we have to check the passdb becouse the user might not be in smbpasswd at
all.

This is in preperation for the removal of unixsam as an assuption.

Andrew Bartlett
(This used to be commit 61e3e2695860c58f9b0e8d1856972318666682c8)
---
 source3/auth/auth_rhosts.c | 62 +++++++++++++++++++++++-----------------------
 source3/auth/auth_util.c   | 30 ++++++++++++++++++++++
 2 files changed, 61 insertions(+), 31 deletions(-)

diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
index 4ed0e6bbc4..d8e1b01942 100644
--- a/source3/auth/auth_rhosts.c
+++ b/source3/auth/auth_rhosts.c
@@ -129,23 +129,19 @@ static BOOL check_user_equiv(const char *user, const char *remote, const char *e
   return False;
 }
 
-
 /****************************************************************************
 check for a possible hosts equiv or rhosts entry for the user
 ****************************************************************************/
 
-static BOOL check_hosts_equiv(struct passwd *pass)
+static BOOL check_hosts_equiv(SAM_ACCOUNT *account)
 {
   char *fname = NULL;
 
-  if (!pass) 
-    return(False);
-
   fname = lp_hosts_equiv();
 
   /* note: don't allow hosts.equiv on root */
-  if (fname && *fname && (pass->pw_uid != 0)) {
-	  if (check_user_equiv(pass->pw_name,client_name(),fname))
+  if (IS_SAM_UNIX_USER(account) && fname && *fname && (pdb_get_uid(account) != 0)) {
+	  if (check_user_equiv(pdb_get_username(account),client_name(),fname))
 		  return(True);
   }
   
@@ -164,15 +160,15 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex
 					  auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
-	struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
-	
-	if (pass) {
-		if (check_hosts_equiv(pass)) {
-			nt_status = NT_STATUS_OK;
-			make_server_info_pw(server_info, pass);
-		}
-	} else {
-		nt_status = NT_STATUS_NO_SUCH_USER;
+	SAM_ACCOUNT *account = NULL;
+	if (!NT_STATUS_IS_OK(nt_status = 
+			     auth_get_sam_account(user_info->internal_username.str, 
+						  &account))) {
+		return nt_status;
+	}
+
+	if (check_hosts_equiv(account)) {
+		nt_status = make_server_info_sam(server_info, account);
 	}
 
 	return nt_status;
@@ -186,6 +182,7 @@ NTSTATUS auth_init_hostsequiv(struct auth_context *auth_context, const char* par
 	}
 
 	(*auth_method)->auth = check_hostsequiv_security;
+	(*auth_method)->name = "hostsequiv";
 	return NT_STATUS_OK;
 }
 
@@ -201,24 +198,26 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
 				      auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
-	struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
-	pstring rhostsfile;
+	SAM_ACCOUNT *account = NULL;
 	
-	if (pass) {
-		char *home = pass->pw_dir;
-		if (home) {
-			slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
-			become_root();
-			if (check_user_equiv(pass->pw_name,client_name(),rhostsfile)) {
-				nt_status = NT_STATUS_OK;
-				make_server_info_pw(server_info, pass);
-			}
-			unbecome_root();
-		} 
-	} else {
-		nt_status = NT_STATUS_NO_SUCH_USER;
+	if (!NT_STATUS_IS_OK(nt_status = 
+			     auth_get_sam_account(user_info->internal_username.str, 
+						  &account))) {
+		return nt_status;
 	}
 
+	pstring rhostsfile;
+	
+	char *home = pdb_get_unix_homedir(account);
+	if (home) {
+		slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
+		become_root();
+		if (check_user_equiv(pdb_get_username(account),client_name(),rhostsfile)) {
+			nt_status = make_server_info_sam(server_info, account);
+		}
+		unbecome_root();
+	} 
+
 	return nt_status;
 }
 
@@ -230,5 +229,6 @@ NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param,
 	}
 
 	(*auth_method)->auth = check_rhosts_security;
+	(*auth_method)->name = "rhosts";
 	return NT_STATUS_OK;
 }
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 352d058f20..7d85153bd0 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -77,6 +77,36 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli
 	}
 }
 
+/****************************************************************************
+ Create a SAM_ACCOUNT - either by looking in the pdb, or by faking it up from
+ unix info.
+****************************************************************************/
+
+NTSTATUS auth_get_sam_account(const char *user, SAM_ACCOUNT **account) 
+{
+	BOOL pdb_ret;
+	NTSTATUS nt_status;
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(account))) {
+		return nt_status;
+	}
+	
+	become_root();
+	pdb_ret = pdb_getsampwnam(*account, user);
+	unbecome_root();
+
+	if (!pdb_ret) {
+		
+		struct passwd *pass = Get_Pwnam(user);
+		if (!pass) 
+			return NT_STATUS_NO_SUCH_USER;
+
+		if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*account, pass))) {
+			return nt_status;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
 /****************************************************************************
  Create an auth_usersupplied_data structure
 ****************************************************************************/
-- 
cgit 


From 3e19eda335057ec47483c8567395b43d316485db Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 12:01:05 +0000
Subject: Remove 'unixsam' from the default passdb backends.

The intention is to remove the muliple passdb backends, but we need the
'guest' account to always be there.  If the admin adds the guest account to
(say) LDAP, there will only be one backend required for operation.

This helps remove some nasty behaviours with adding accounts to the system
for both the RPC 'create user' and the SAMSYNC code.  Users 'added' with
an 'add user/machine' script won't magicly appear, and machine accounts
'pre-added' to unix, but not the smbpasswd file will not cause mayhem.

This commit also implements somthing tridge discussed with me, the concept
of 'default' passdb operation pointers - so that each backend does not
need it's own stub funcitons wrapping the default tdb privilages/group
mapping code.

This also removes an implicit 'sid->name' and 'name->sid' mapping from our
own local SID space, to winbind usernames.  When adding mapping for NIS/LDAP
non-sam users in future, we need to be careful.

Andrew Bartlett
(This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
---
 source3/Makefile.in            |   5 +-
 source3/groupdb/mapping.c      |  55 ++++++++++++++++++
 source3/param/loadparm.c       |   4 +-
 source3/passdb/passdb.c        |   6 +-
 source3/passdb/pdb_guest.c     | 123 +++++++++++++++++++++++++++++++++++++++++
 source3/passdb/pdb_interface.c |  63 +++++++++++++++++++++
 source3/passdb/pdb_ldap.c      |  59 --------------------
 source3/passdb/pdb_smbpasswd.c |  85 +++++-----------------------
 source3/passdb/pdb_tdb.c       |  59 --------------------
 source3/passdb/pdb_unix.c      |  88 -----------------------------
 10 files changed, 264 insertions(+), 283 deletions(-)
 create mode 100644 source3/passdb/pdb_guest.c

diff --git a/source3/Makefile.in b/source3/Makefile.in
index cbd8418a48..7de4b0ae8f 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -286,8 +286,9 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
 PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
 		passdb/machine_sid.o passdb/pdb_smbpasswd.o \
 		passdb/pdb_tdb.o passdb/pdb_ldap.o \
-		passdb/pdb_unix.o passdb/util_sam_sid.o \
-		passdb/pdb_compat.o passdb/pdb_nisplus.o passdb/privileges.o
+		passdb/pdb_unix.o passdb/pdb_guest.o passdb/util_sam_sid.o \
+		passdb/pdb_compat.o passdb/pdb_nisplus.o \
+		passdb/privileges.o 
 
 XML_OBJ = modules/xml.o
 MYSQL_OBJ = modules/mysql.o
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 272783608c..02fc23418f 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -841,6 +841,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
 	}
 
 	*num_entries=entries;
+
 	return True;
 }
 
@@ -1276,3 +1277,57 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user)
 	DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
 	return ret;
 }
+
+
+NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+				 DOM_SID sid, BOOL with_priv)
+{
+	return get_group_map_from_sid(sid, map, with_priv) ?
+		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+				 gid_t gid, BOOL with_priv)
+{
+	return get_group_map_from_gid(gid, map, with_priv) ?
+		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+				 char *name, BOOL with_priv)
+{
+	return get_group_map_from_ntname(name, map, with_priv) ?
+		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
+						GROUP_MAP *map)
+{
+	return add_mapping_entry(map, TDB_INSERT) ?
+		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
+						   GROUP_MAP *map)
+{
+	return add_mapping_entry(map, TDB_REPLACE) ?
+		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
+						   DOM_SID sid)
+{
+	return group_map_remove(sid) ?
+		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
+					   enum SID_NAME_USE sid_name_use,
+					   GROUP_MAP **rmap, int *num_entries,
+					   BOOL unix_only, BOOL with_priv)
+{
+	return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
+				  with_priv) ?
+		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 7aaae439b1..b57b169adc 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1408,9 +1408,9 @@ static void init_globals(void)
 #ifdef WITH_LDAP_SAMCONFIG
 	string_set(&Globals.szLdapServer, "localhost");
 	Globals.ldap_port = 636;
-	Globals.szPassdbBackend = str_list_make("ldapsam unixsam", NULL);
+	Globals.szPassdbBackend = str_list_make("ldapsam guest", NULL);
 #else
-	Globals.szPassdbBackend = str_list_make("smbpasswd unixsam", NULL);
+	Globals.szPassdbBackend = str_list_make("smbpasswd guest", NULL);
 #endif /* WITH_LDAP_SAMCONFIG */
 
 	string_set(&Globals.szLdapSuffix, "");
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 71a880d295..eff1ef4bcc 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -283,7 +283,7 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
 
 	if (!pwd) {
 		new_sam_acct = NULL;
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) {
@@ -661,7 +661,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
 	pdb_free_sam(&sam_account);
 		
 	if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) {
-		if (map.gid!=-1) {
+		if (map.gid!=(gid_t)-1) {
 			DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
 		} else {
 			DEBUG(5,("local_lookup_sid: mapped group %s to no unix gid.  Returning name.\n", map.nt_name));
@@ -950,7 +950,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
 	if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
 		
 		/* the SID is in the mapping table but not mapped */
-		if (map.gid==-1)
+		if (map.gid==(gid_t)-1)
 			return False;
 
 		*pgid = map.gid;
diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c
new file mode 100644
index 0000000000..3f0f06d18d
--- /dev/null
+++ b/source3/passdb/pdb_guest.c
@@ -0,0 +1,123 @@
+/*
+ * 'Guest' password backend for samba
+ * Copyright (C) Jelmer Vernooij 2002
+ * Copyright (C) Andrew Bartlett 2003
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/******************************************************************
+  Lookup a name in the SAM database
+ ******************************************************************/
+
+static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
+{
+	NTSTATUS nt_status;
+	struct passwd *pass;
+	const char *guest_account = lp_guestaccount();
+	if (!(guest_account && *guest_account)) {
+		DEBUG(1, ("NULL guest account!?!?\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!methods) {
+		DEBUG(0,("invalid methods\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	if (!sname) {
+		DEBUG(0,("invalid name specified"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!strequal(guest_account, sname)) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+		
+	pass = getpwnam_alloc(guest_account);
+
+	nt_status = pdb_fill_sam_pw(user, pass);
+
+	passwd_free(&pass);
+	return nt_status;
+}
+
+
+/***************************************************************************
+  Search by rid
+ **************************************************************************/
+
+static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods, 
+				 SAM_ACCOUNT *user, uint32 rid)
+{
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+	struct passwd *pass = NULL;
+	const char *guest_account = lp_guestaccount();
+	if (!(guest_account && *guest_account)) {
+		DEBUG(1, ("NULL guest account!?!?\n"));
+		return nt_status;
+	}
+
+	if (!methods) {
+		DEBUG(0,("invalid methods\n"));
+		return nt_status;
+	}
+	
+	if (rid == DOMAIN_USER_RID_GUEST) {
+		pass = getpwnam_alloc(guest_account);
+		if (!pass) {
+			DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
+			return NT_STATUS_NO_SUCH_USER;
+		}
+	} else {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	nt_status = pdb_fill_sam_pw(user, pass);
+	passwd_free(&pass);
+
+	return nt_status;
+}
+
+static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
+{
+	uint32 rid;
+	if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
+		return NT_STATUS_NO_SUCH_USER;
+	return guestsam_getsampwrid(my_methods, user, rid);
+}
+
+NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	NTSTATUS nt_status;
+	
+	if (!pdb_context) {
+		DEBUG(0, ("invalid pdb_context specified\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
+		return nt_status;
+	}
+	
+	(*pdb_method)->name = "guestsam";
+	
+	(*pdb_method)->getsampwnam = guestsam_getsampwnam;
+	(*pdb_method)->getsampwsid = guestsam_getsampwsid;
+	
+	/* There's not very much to initialise here */
+	return NT_STATUS_OK;
+}
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 778cb9425c..d465439dda 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -37,6 +37,7 @@ static const struct {
 	{ "ldapsam", pdb_init_ldapsam },
 	{ "ldapsam_nua", pdb_init_ldapsam_nua },
 	{ "unixsam", pdb_init_unixsam },
+	{ "guest", pdb_init_guestsam },
 	{ "nisplussam", pdb_init_nisplussam },
 	{ NULL, NULL}
 };
@@ -763,6 +764,51 @@ BOOL initialize_password_db(BOOL reload)
 }
 
 
+/***************************************************************************
+  Default implementations of some functions.
+ ****************************************************************************/
+
+static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
+{
+	return NT_STATUS_NO_SUCH_USER;
+}
+
+static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
+{
+	return NT_STATUS_NO_SUCH_USER;
+}
+
+static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
+{
+	DEBUG(0,("this backend (%s) should not be listed as the first passdb backend! You can't add users to it.\n", methods->name));
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS pdb_default_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static void pdb_default_endsampwent(struct pdb_methods *methods)
+{
+	return; /* NT_STATUS_NOT_IMPLEMENTED; */
+}
+
 NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) 
 {
 	*methods = talloc(mem_ctx, sizeof(struct pdb_methods));
@@ -773,5 +819,22 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
 
 	ZERO_STRUCTP(*methods);
 
+	(*methods)->setsampwent = pdb_default_setsampwent;
+	(*methods)->endsampwent = pdb_default_endsampwent;
+	(*methods)->getsampwent = pdb_default_getsampwent;
+	(*methods)->getsampwnam = pdb_default_getsampwnam;
+	(*methods)->getsampwsid = pdb_default_getsampwsid;
+	(*methods)->add_sam_account = pdb_default_add_sam_account;
+	(*methods)->update_sam_account = pdb_default_update_sam_account;
+	(*methods)->delete_sam_account = pdb_default_delete_sam_account;
+
+	(*methods)->getgrsid = pdb_default_getgrsid;
+	(*methods)->getgrgid = pdb_default_getgrgid;
+	(*methods)->getgrnam = pdb_default_getgrnam;
+	(*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
+	(*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
+	(*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
+	(*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
+
 	return NT_STATUS_OK;
 }
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e058d2d108..548d7bc60d 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1965,58 +1965,6 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
-				 DOM_SID sid, BOOL with_priv)
-{
-	return get_group_map_from_sid(sid, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS ldapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
-				 gid_t gid, BOOL with_priv)
-{
-	return get_group_map_from_gid(gid, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
-				 char *name, BOOL with_priv)
-{
-	return get_group_map_from_ntname(name, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
-						GROUP_MAP *map)
-{
-	return add_mapping_entry(map, TDB_INSERT) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods,
-						   GROUP_MAP *map)
-{
-	return add_mapping_entry(map, TDB_REPLACE) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
-						   DOM_SID sid)
-{
-	return group_map_remove(sid) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
-					   enum SID_NAME_USE sid_name_use,
-					   GROUP_MAP **rmap, int *num_entries,
-					   BOOL unix_only, BOOL with_priv)
-{
-	return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
-				  with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
 static void free_private_data(void **vp) 
 {
 	struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
@@ -2056,13 +2004,6 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
 	(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
 	(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
 	(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
-	(*pdb_method)->getgrsid = ldapsam_getgrsid;
-	(*pdb_method)->getgrgid = ldapsam_getgrgid;
-	(*pdb_method)->getgrnam = ldapsam_getgrnam;
-	(*pdb_method)->add_group_mapping_entry = ldapsam_add_group_mapping_entry;
-	(*pdb_method)->update_group_mapping_entry = ldapsam_update_group_mapping_entry;
-	(*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry;
-	(*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping;
 
 	/* TODO: Setup private data and free */
 
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 5fd6a828bf..b5a2bbbfe7 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1222,7 +1222,6 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
 			return False;
 		}
 	} else {
-		
 		if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile))) {
 			return False;
 		}
@@ -1380,14 +1379,19 @@ static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid)
+static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const DOM_SID *sid)
 {
 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
 	struct smb_passwd *smb_pw;
 	void *fp = NULL;
+	fstring sid_str;
+	uint32 rid;
+	
+	DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n", sid_to_string(sid_str, sid)));
 
-	DEBUG(10, ("smbpasswd_getsampwrid: search by rid: %d\n", rid));
+	if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
+		return NT_STATUS_UNSUCCESSFUL;
 
 	/* More special case 'guest account' hacks... */
 	if (rid == DOMAIN_USER_RID_GUEST) {
@@ -1431,18 +1435,18 @@ static NTSTATUS smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUN
 	if (!build_sam_account (smbpasswd_state, sam_acct, smb_pw))
 		return nt_status;
 
+	/* build_sam_account might change the SID on us, if the name was for the guest account */
+	if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
+		fstring sid_string1, sid_string2;
+		DEBUG(1, ("looking for user with sid %s instead returned %s for account %s!?!\n",
+			  sid_to_string(sid_string1, sid), sid_to_string(sid_string2, pdb_get_user_sid(sam_acct)), pdb_get_username(sam_acct)));
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
 	/* success */
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
-{
-	uint32 rid;
-	if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
-		return NT_STATUS_UNSUCCESSFUL;
-	return smbpasswd_getsampwrid(my_methods, user, rid);
-}
-
 static NTSTATUS smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
 {
 	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
@@ -1493,58 +1497,6 @@ static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SA
 	return NT_STATUS_UNSUCCESSFUL;
 }
 
-static NTSTATUS smbpasswd_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
-				 DOM_SID sid, BOOL with_priv)
-{
-	return get_group_map_from_sid(sid, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS smbpasswd_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
-				 gid_t gid, BOOL with_priv)
-{
-	return get_group_map_from_gid(gid, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS smbpasswd_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
-				 char *name, BOOL with_priv)
-{
-	return get_group_map_from_ntname(name, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS smbpasswd_add_group_mapping_entry(struct pdb_methods *methods,
-						GROUP_MAP *map)
-{
-	return add_mapping_entry(map, TDB_INSERT) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS smbpasswd_update_group_mapping_entry(struct pdb_methods *methods,
-						   GROUP_MAP *map)
-{
-	return add_mapping_entry(map, TDB_REPLACE) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS smbpasswd_delete_group_mapping_entry(struct pdb_methods *methods,
-						   DOM_SID sid)
-{
-	return group_map_remove(sid) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS smbpasswd_enum_group_mapping(struct pdb_methods *methods,
-					   enum SID_NAME_USE sid_name_use,
-					   GROUP_MAP **rmap, int *num_entries,
-					   BOOL unix_only, BOOL with_priv)
-{
-	return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
-				  with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
 static void free_private_data(void **vp) 
 {
 	struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
@@ -1575,13 +1527,6 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
 	(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
 	(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
 	(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
-	(*pdb_method)->getgrsid = smbpasswd_getgrsid;
-	(*pdb_method)->getgrgid = smbpasswd_getgrgid;
-	(*pdb_method)->getgrnam = smbpasswd_getgrnam;
-	(*pdb_method)->add_group_mapping_entry = smbpasswd_add_group_mapping_entry;
-	(*pdb_method)->update_group_mapping_entry = smbpasswd_update_group_mapping_entry;
-	(*pdb_method)->delete_group_mapping_entry = smbpasswd_delete_group_mapping_entry;
-	(*pdb_method)->enum_group_mapping = smbpasswd_enum_group_mapping;
 
 	/* Setup private data and free function */
 
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index a1f786c8cd..c48c9567b1 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -896,58 +896,6 @@ static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, SAM_ACCO
 		return NT_STATUS_UNSUCCESSFUL;
 }
 
-static NTSTATUS tdbsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
-				DOM_SID sid, BOOL with_priv)
-{
-	return get_group_map_from_sid(sid, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
-				gid_t gid, BOOL with_priv)
-{
-	return get_group_map_from_gid(gid, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
-				char *name, BOOL with_priv)
-{
-	return get_group_map_from_ntname(name, map, with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_add_group_mapping_entry(struct pdb_methods *methods,
-					       GROUP_MAP *map)
-{
-	return add_mapping_entry(map, TDB_INSERT) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_update_group_mapping_entry(struct pdb_methods *methods,
-						  GROUP_MAP *map)
-{
-	return add_mapping_entry(map, TDB_REPLACE) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_delete_group_mapping_entry(struct pdb_methods *methods,
-						  DOM_SID sid)
-{
-	return group_map_remove(sid) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_enum_group_mapping(struct pdb_methods *methods,
-					  enum SID_NAME_USE sid_name_use,
-					  GROUP_MAP **rmap, int *num_entries,
-					  BOOL unix_only, BOOL with_priv)
-{
-	return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
-				  with_priv) ?
-		NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
 static void free_private_data(void **vp) 
 {
 	struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
@@ -985,13 +933,6 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
 	(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
 	(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
 	(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
-	(*pdb_method)->getgrsid = tdbsam_getgrsid;
-	(*pdb_method)->getgrgid = tdbsam_getgrgid;
-	(*pdb_method)->getgrnam = tdbsam_getgrnam;
-	(*pdb_method)->add_group_mapping_entry = tdbsam_add_group_mapping_entry;
-	(*pdb_method)->update_group_mapping_entry = tdbsam_update_group_mapping_entry;
-	(*pdb_method)->delete_group_mapping_entry = tdbsam_delete_group_mapping_entry;
-	(*pdb_method)->enum_group_mapping = tdbsam_enum_group_mapping;
 
 	tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
 
diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c
index 8acc29b7a4..07acd08a4e 100644
--- a/source3/passdb/pdb_unix.c
+++ b/source3/passdb/pdb_unix.c
@@ -88,16 +88,6 @@ static NTSTATUS unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
 	return unixsam_getsampwrid(my_methods, user, rid);
 }
 
-/***************************************************************************
-  Adds an existing SAM_ACCOUNT
- ****************************************************************************/
-
-static NTSTATUS unixsam_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
-{
-	DEBUG(0,("pdb_unix should not be listed as the first passdb backend! You can't add users to it.\n"));
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 /***************************************************************************
   Updates a SAM_ACCOUNT
 
@@ -113,70 +103,6 @@ static NTSTATUS unixsam_update_sam_account (struct pdb_methods *methods, SAM_ACC
 	return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
 }
 
-static NTSTATUS unixsam_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *pwd)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_setsampwent(struct pdb_methods *methods, BOOL update)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *user)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static void unixsam_endsampwent(struct pdb_methods *methods)
-{
-	return; /* NT_STATUS_NOT_IMPLEMENTED; */
-}
-
-static NTSTATUS unixsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
-				 DOM_SID sid, BOOL with_priv)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
-				 gid_t gid, BOOL with_priv)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
-				 char *name, BOOL with_priv)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_add_group_mapping_entry(struct pdb_methods *methods,
-						GROUP_MAP *map)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_update_group_mapping_entry(struct pdb_methods *methods,
-						   GROUP_MAP *map)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_delete_group_mapping_entry(struct pdb_methods *methods,
-						   DOM_SID sid)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_enum_group_mapping(struct pdb_methods *methods,
-					   enum SID_NAME_USE sid_name_use,
-					   GROUP_MAP **rmap, int *num_entries,
-					   BOOL unix_only, BOOL with_priv)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
 {
 	NTSTATUS nt_status;
@@ -191,22 +117,8 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
 	}
 	
 	(*pdb_method)->name = "unixsam";
-	
-	(*pdb_method)->setsampwent = unixsam_setsampwent;
-	(*pdb_method)->endsampwent = unixsam_endsampwent;
-	(*pdb_method)->getsampwent = unixsam_getsampwent;
 	(*pdb_method)->getsampwnam = unixsam_getsampwnam;
 	(*pdb_method)->getsampwsid = unixsam_getsampwsid;
-	(*pdb_method)->add_sam_account = unixsam_add_sam_account;
-	(*pdb_method)->update_sam_account = unixsam_update_sam_account;
-	(*pdb_method)->delete_sam_account = unixsam_delete_sam_account;
-	(*pdb_method)->getgrsid = unixsam_getgrsid;
-	(*pdb_method)->getgrgid = unixsam_getgrgid;
-	(*pdb_method)->getgrnam = unixsam_getgrnam;
-	(*pdb_method)->add_group_mapping_entry = unixsam_add_group_mapping_entry;
-	(*pdb_method)->update_group_mapping_entry = unixsam_update_group_mapping_entry;
-	(*pdb_method)->delete_group_mapping_entry = unixsam_delete_group_mapping_entry;
-	(*pdb_method)->enum_group_mapping = unixsam_enum_group_mapping;
 	
 	/* There's not very much to initialise here */
 	return NT_STATUS_OK;
-- 
cgit 


From e22a1915fee466c2266361a7b956d1225ad86f56 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 12:14:08 +0000
Subject: With assuptions about unixsam gone, we can forget about looking up
 the user a second time now.

Andrew Bartlett
(This used to be commit a1e27a02f52315df0dd05ab8a94ae5a2bf398655)
---
 source3/utils/net_rpc_samsync.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index ac3b78fc7a..7d5c8681ad 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -317,10 +317,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 				 "gave %d\n", add_script, add_ret));
 		}
 
-		if (!pdb_getsampwnam(sam_account, account)) {
-			try_add = True;
-			/* still not there, hope the backend likes NUAs */
-		}
+		try_add = True;
 	}
 
 	sam_account_from_delta(sam_account, delta);
-- 
cgit 


From ae2f064dc65762e32db10de1362e2cef782eb304 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 12:16:17 +0000
Subject: Add static (This used to be commit
 d0365f20c242bcfc4f5d8286c6c5654e310a9d45)

---
 source3/torture/masktest.c |  2 +-
 source3/utils/profiles.c   | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c
index df0a047aff..7d751fb789 100644
--- a/source3/torture/masktest.c
+++ b/source3/torture/masktest.c
@@ -254,7 +254,7 @@ struct cli_state *connect_one(char *share)
 static char *resultp;
 static file_info *f_info;
 
-void listfn(file_info *f, const char *s, void *state)
+static void listfn(file_info *f, const char *s, void *state)
 {
 	if (strcmp(f->name,".") == 0) {
 		resultp[0] = '+';
diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c
index 2ed102b677..b4087cf6cf 100644
--- a/source3/utils/profiles.c
+++ b/source3/utils/profiles.c
@@ -398,7 +398,7 @@ DOM_SID old_sid, new_sid;
 int change = 0, new = 0;
 
 /* Compare two SIDs for equality */
-int my_sid_equal(DOM_SID *s1, DOM_SID *s2)
+static int my_sid_equal(DOM_SID *s1, DOM_SID *s2)
 {
   int sa1, sa2;
 
@@ -417,7 +417,7 @@ int my_sid_equal(DOM_SID *s1, DOM_SID *s2)
  * Quick and dirty to read a SID in S-1-5-21-x-y-z-rid format and 
  * construct a DOM_SID
  */
-int get_sid(DOM_SID *sid, char *sid_str)
+static int get_sid(DOM_SID *sid, char *sid_str)
 {
   int i = 0, auth;
   char *lstr; 
@@ -460,7 +460,7 @@ int get_sid(DOM_SID *sid, char *sid_str)
  * This routine does not need to deal with endianism as 
  * long as the incoming SIDs are both in the same (LE) format.
  */
-void change_sid(DOM_SID *s1, DOM_SID *s2)
+static void change_sid(DOM_SID *s1, DOM_SID *s2)
 {
   int i;
   
@@ -469,7 +469,7 @@ void change_sid(DOM_SID *s1, DOM_SID *s2)
   }
 }
 
-void print_sid(DOM_SID *sid)
+static void print_sid(DOM_SID *sid)
 {
   int i, comps = sid->num_auths;
   fprintf(stdout, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]);
@@ -482,7 +482,7 @@ void print_sid(DOM_SID *sid)
   fprintf(stdout, "\n");
 }
 
-void process_sid(DOM_SID *sid, DOM_SID *o_sid, DOM_SID *n_sid) 
+static void process_sid(DOM_SID *sid, DOM_SID *o_sid, DOM_SID *n_sid) 
 {
   int i;
   if (my_sid_equal(sid, o_sid)) {
@@ -496,7 +496,7 @@ void process_sid(DOM_SID *sid, DOM_SID *o_sid, DOM_SID *n_sid)
 
 }
 
-void process_acl(ACL *acl, const char *prefix)
+static void process_acl(ACL *acl, const char *prefix)
 {
   int ace_cnt, i;
   ACE *ace;
@@ -514,7 +514,7 @@ void process_acl(ACL *acl, const char *prefix)
   }
 } 
 
-void usage(void)
+static void usage(void)
 {
   fprintf(stderr, "usage: profiles [-c <OLD-SID> -n <NEW-SID>] <profilefile>\n");
   fprintf(stderr, "Version: %s\n", VERSION);
-- 
cgit 


From db94beaa41d6c2c82ee9351a171f2a73a9e358da Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 12:17:02 +0000
Subject: Fix comment - the other bits of code don't call this any more. (This
 used to be commit 523d1429b1072c999d376d2b4e13a1c08349990a)

---
 source3/passdb/passdb.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index eff1ef4bcc..5e6466ff0a 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -992,10 +992,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
 /*************************************************************
  Change a password entry in the local smbpasswd file.
 
- FIXME!!  The function needs to be abstracted into the
- passdb interface or something.  It is currently being called
- by _api_samr_create_user() in rpc_server/srv_samr.c,
- in SWAT and by smbpasswd/pdbedit.
+It is currently being called by SWAT and by smbpasswd.
  
  --jerry
  *************************************************************/
-- 
cgit 


From 0dde23a7b24edf1cbf4d7d7e5afea485e37498e5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 12:19:18 +0000
Subject: Fixes from Paul Green and vorlon@debian.org for building shared
 libraries (make it possible to build both shared and static) and -lcrypt
 handling. (This used to be commit 30510f50077fd157664c127ac0182ce26843d43f)

---
 source3/aclocal.m4   | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
 source3/configure.in | 67 +++++++++++++++++++++++++++-------------------------
 2 files changed, 99 insertions(+), 32 deletions(-)

diff --git a/source3/aclocal.m4 b/source3/aclocal.m4
index 345be73aed..7bec88dd87 100644
--- a/source3/aclocal.m4
+++ b/source3/aclocal.m4
@@ -577,3 +577,67 @@ if test "$2" != "/usr/lib" ; then
     $1="$$1 -L$2"
 fi
 ])
+
+dnl AC_ENABLE_SHARED - implement the --enable-shared flag
+dnl Usage: AC_ENABLE_SHARED[(DEFAULT)]
+dnl   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+dnl   `yes'.
+AC_DEFUN([AC_ENABLE_SHARED],
+[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(shared,
+changequote(<<, >>)dnl
+<<  --enable-shared[=PKGS]    build shared libraries [default=>>AC_ENABLE_SHARED_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case $enableval in
+yes) enable_shared=yes ;;
+no) enable_shared=no ;;
+*)
+  enable_shared=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_shared=yes
+    fi
+
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_shared=AC_ENABLE_SHARED_DEFAULT)dnl
+])
+
+dnl AC_ENABLE_STATIC - implement the --enable-static flag
+dnl Usage: AC_ENABLE_STATIC[(DEFAULT)]
+dnl   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+dnl   `yes'.
+AC_DEFUN([AC_ENABLE_STATIC],
+[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(static,
+changequote(<<, >>)dnl
+<<  --enable-static[=PKGS]    build static libraries [default=>>AC_ENABLE_STATIC_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case $enableval in
+yes) enable_static=yes ;;
+no) enable_static=no ;;
+*)
+  enable_static=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_static=yes
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_static=AC_ENABLE_STATIC_DEFAULT)dnl
+])
+
+dnl AC_DISABLE_STATIC - set the default static flag to --disable-static
+AC_DEFUN([AC_DISABLE_STATIC],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_STATIC(no)])
diff --git a/source3/configure.in b/source3/configure.in
index dfd97bc42f..66bdf5edf1 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -6,6 +6,9 @@ AC_PREREQ(2.53)
 AC_INIT(include/includes.h)
 AC_CONFIG_HEADER(include/config.h)
 
+AC_DISABLE_STATIC
+AC_ENABLE_SHARED
+
 #################################################
 # Directory handling stuff to support both the
 # legacy SAMBA directories and FHS compliant
@@ -726,11 +729,6 @@ fi
 
 AC_FUNC_MEMCMP
 
-###############################################
-# test for where we get crypt() from
-AC_SEARCH_LIBS(crypt, [crypt], [AUTHLIBS="$AUTHLIBS -lcrypt";
-	AC_DEFINE(HAVE_CRYPT,1,[Whether the system has the crypt() function])])
-
 ###############################################
 # Readline included by default unless explicitly asked not to
 test "${with_readline+set}" != "set" && with_readline=yes
@@ -952,9 +950,8 @@ AC_LIBTESTFUNC(sec, bigcrypt)
 AC_LIBTESTFUNC(security, getprpwnam)
 AC_LIBTESTFUNC(sec, getprpwnam)
 
-# this bit needs to be modified for each OS that is suported by
-# smbwrapper. You need to specify how to created a shared library and
-# how to compile C code to produce PIC object files
+# Assume non-shared by default and override below
+BLDSHARED="false"
 
 # these are the defaults, good for lots of systems
 HOST_OS="$host_os"
@@ -965,12 +962,16 @@ PICFLAG=""
 PICSUFFIX="po"
 POBAD_CC="#"
 SHLIBEXT="so"
-# Assume non-shared by default and override below
-BLDSHARED="false"
-AC_MSG_CHECKING([ability to build shared libraries])
 
-# and these are for particular systems
-case "$host_os" in
+if test "$enable_shared" = "yes"; then
+  # this bit needs to be modified for each OS that is suported by
+  # smbwrapper. You need to specify how to created a shared library and
+  # how to compile C code to produce PIC object files
+
+  AC_MSG_CHECKING([ability to build shared libraries])
+
+  # and these are for particular systems
+  case "$host_os" in
 		*linux*)   AC_DEFINE(LINUX,1,[Whether the host os is linux])
 			BLDSHARED="true"
 			LDSHFLAGS="-shared" 
@@ -1114,13 +1115,14 @@ case "$host_os" in
 		*)
 			AC_DEFINE(STAT_ST_BLOCKSIZE,512)
 			;;
-esac
-AC_SUBST(DYNEXP)
-AC_MSG_RESULT($BLDSHARED)
-AC_MSG_CHECKING([linker flags for shared libraries])
-AC_MSG_RESULT([$LDSHFLAGS])
-AC_MSG_CHECKING([compiler flags for position-independent code])
-AC_MSG_RESULT([$PICFLAGS])
+  esac
+  AC_SUBST(DYNEXP)
+  AC_MSG_RESULT($BLDSHARED)
+  AC_MSG_CHECKING([linker flags for shared libraries])
+  AC_MSG_RESULT([$LDSHFLAGS])
+  AC_MSG_CHECKING([compiler flags for position-independent code])
+  AC_MSG_RESULT([$PICFLAGS])
+fi
 
 #######################################################
 # test whether building a shared library actually works
@@ -2408,15 +2410,10 @@ AC_ARG_WITH(pam_smbpass,
 
 
 ###############################################
-# test for where we get crypt() from, but only
-# if not using PAM
-if test x"$with_pam_for_crypt" = x"no"; then
-AC_CHECK_FUNCS(crypt)
-if test x"$ac_cv_func_crypt" = x"no"; then
-    AC_CHECK_LIB(crypt, crypt, [AUTHLIBS="$AUTHLIBS -lcrypt";
-	AC_DEFINE(HAVE_CRYPT,1,[Whether crypt() is available])])
-fi
-fi
+# test for where we get crypt() from
+AC_SEARCH_LIBS(crypt, [crypt],
+  [test "$ac_cv_search_crypt" = "none required" || AUTHLIBS="-lcrypt $AUTHLIBS"
+  AC_DEFINE(HAVE_CRYPT,1,[Whether the system has the crypt() function])])
 
 ##
 ## moved after the check for -lcrypt in order to
@@ -2673,9 +2670,12 @@ AC_ARG_WITH(libsmbclient,
         LIBSMBCLIENT=libsmbclient
         AC_MSG_RESULT(yes)
      else
+	enable_static=yes
+        AC_MSG_RESULT(no shared library support -- will supply static library)
+     fi
+     if test $enable_static = yes; then
         INSTALLCLIENTCMD_A="\$(INSTALLCMD)"
         LIBSMBCLIENT=libsmbclient
-        AC_MSG_RESULT(no shared library support -- will supply static library)
      fi
      ;;
   esac ],
@@ -2686,10 +2686,13 @@ AC_ARG_WITH(libsmbclient,
      LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT
      LIBSMBCLIENT=libsmbclient
      AC_MSG_RESULT(yes)
-  else
+   else
+     enable_static=yes
+     AC_MSG_RESULT(no shared library support -- will supply static library)
+   fi
+   if test $enable_static = yes; then
      INSTALLCLIENTCMD_A="\$(INSTALLCMD)"
      LIBSMBCLIENT=libsmbclient
-     AC_MSG_RESULT(no shared library support -- will supply static library)
   fi]
 )
 
-- 
cgit 


From 7e110f782a55d4dca1fb3fedd95bf059c9ec0638 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 12:22:06 +0000
Subject: More signed/unsigned fixes (yes, I run with funny compiler options)
 and make x_fwrite() match fwrite() in returning a size_t.

Andrew Bartlett
(This used to be commit 2943c695787b742e9a96b2eefe2d75f681bacf7c)
---
 source3/include/hash.h      |  4 ++--
 source3/lib/hash.c          | 10 +++++-----
 source3/lib/pidfile.c       |  2 +-
 source3/lib/time.c          |  2 +-
 source3/lib/util_file.c     |  2 +-
 source3/lib/util_seaccess.c |  2 +-
 source3/lib/xfile.c         |  7 ++++---
 source3/smbd/dosmode.c      |  2 +-
 source3/smbd/mangle_hash2.c |  8 ++++----
 9 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/source3/include/hash.h b/source3/include/hash.h
index c327c971ab..40cc8b7cab 100644
--- a/source3/include/hash.h
+++ b/source3/include/hash.h
@@ -66,8 +66,8 @@ typedef struct hash_element {
 typedef struct hash_table {
         ubi_dlList      *buckets;
         ubi_dlList      lru_chain;     
-        int     num_elements;	
-        int     size;
+        unsigned     num_elements;	
+        unsigned     size;
         compare_function        comp_func; 
 } hash_table;
 
diff --git a/source3/lib/hash.c b/source3/lib/hash.c
index 6b7a8476b1..95af485707 100644
--- a/source3/lib/hash.c
+++ b/source3/lib/hash.c
@@ -28,7 +28,7 @@
 #include "includes.h"
 
 static BOOL enlarge_hash_table(hash_table *table);
-static int primes[] = 
+static unsigned primes[] = 
         {17, 37, 67, 131, 257, 521, 1031, 2053, 4099, 8209, 16411};
 
 /****************************************************************************
@@ -47,9 +47,9 @@ static int primes[] =
  ****************************************************************************
  */
 
-BOOL hash_table_init(hash_table *table, int num_buckets, compare_function compare_func)
+BOOL hash_table_init(hash_table *table, unsigned num_buckets, compare_function compare_func)
 {
-	int 	i;
+	unsigned 	i;
 	ubi_dlList 	*bucket;
 
 	table->num_elements = 0;
@@ -118,7 +118,7 @@ static hash_element *hash_chain_find(hash_table *table, ubi_dlList *hash_chain,
 {
 	hash_element *hash_elem;
 	ubi_dlNodePtr lru_item;
-	int	i = 0;
+	unsigned int	i = 0;
 
 	for (hash_elem = (hash_element *)(ubi_dlFirst(hash_chain)); i < hash_chain->count; 
 		i++, hash_elem = (hash_element *)(ubi_dlNext(hash_elem))) {
@@ -299,7 +299,7 @@ static BOOL enlarge_hash_table(hash_table *table)
 
 void hash_clear(hash_table *table)
 {
-	int i;
+	unsigned int i;
 	ubi_dlList	*bucket = table->buckets;
 	hash_element    *hash_elem;
 	for (i = 0; i < table->size; bucket++, i++) {
diff --git a/source3/lib/pidfile.c b/source3/lib/pidfile.c
index 16a12656b3..1a462bf128 100644
--- a/source3/lib/pidfile.c
+++ b/source3/lib/pidfile.c
@@ -100,7 +100,7 @@ void pidfile_create(const char *name)
 
 	memset(buf, 0, sizeof(buf));
 	slprintf(buf, sizeof(buf) - 1, "%u\n", (unsigned int) sys_getpid());
-	if (write(fd, buf, strlen(buf)) != strlen(buf)) {
+	if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) {
 		DEBUG(0,("ERROR: can't write to file %s: %s\n", 
 			 pidFile, strerror(errno)));
 		exit(1);
diff --git a/source3/lib/time.c b/source3/lib/time.c
index ea5c6837bf..f76a1bdc0d 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -479,7 +479,7 @@ check if it's a null mtime
 ****************************************************************************/
 BOOL null_mtime(time_t mtime)
 {
-  if (mtime == 0 || mtime == 0xFFFFFFFF || mtime == (time_t)-1)
+  if (mtime == 0 || mtime == (time_t)0xFFFFFFFF || mtime == (time_t)-1)
     return(True);
   return(False);
 }
diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c
index 4babab8931..02acbd4d7e 100644
--- a/source3/lib/util_file.c
+++ b/source3/lib/util_file.c
@@ -593,7 +593,7 @@ BOOL file_save(const char *fname, void *packet, size_t length)
 	if (fd == -1) {
 		return False;
 	}
-	if (write(fd, packet, length) != length) {
+	if (write(fd, packet, length) != (size_t)length) {
 		return False;
 	}
 	close(fd);
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 21d7fe8599..eba8cab7fb 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -343,7 +343,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 	SEC_DESC *sd;
 	SEC_ACL *new_dacl, *the_acl;
 	SEC_ACE *new_ace_list = NULL;
-	int new_ace_list_ndx = 0, i;
+	unsigned int new_ace_list_ndx = 0, i;
 	size_t size;
 
 	/* Currently we only process the dacl when creating the child.  The
diff --git a/source3/lib/xfile.c b/source3/lib/xfile.c
index 57f3e27638..1534dd855e 100644
--- a/source3/lib/xfile.c
+++ b/source3/lib/xfile.c
@@ -140,9 +140,10 @@ int x_fclose(XFILE *f)
 }
 
 /* simulate fwrite() */
-int x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f)
+size_t x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f)
 {
-	int ret, total=0;
+	ssize_t ret;
+	size_t total=0;
 
 	/* we might be writing unbuffered */
 	if (f->buftype == X_IONBF || 
@@ -154,7 +155,7 @@ int x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f)
 
 
 	while (total < size*nmemb) {
-		int n = f->bufsize - f->bufused;
+		size_t n = f->bufsize - f->bufused;
 		n = MIN(n, (size*nmemb)-total);
 
 		if (n == 0) {
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 77d8c9cc92..6c21dc04d0 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -181,7 +181,7 @@ uint32 dos_mode(connection_struct *conn,char *path,SMB_STRUCT_STAT *sbuf)
 /*******************************************************************
 chmod a file - but preserve some bits
 ********************************************************************/
-int file_chmod(connection_struct *conn,char *fname,int dosmode,SMB_STRUCT_STAT *st)
+int file_chmod(connection_struct *conn,char *fname, uint32 dosmode,SMB_STRUCT_STAT *st)
 {
 	SMB_STRUCT_STAT st1;
 	int mask=0;
diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c
index bbc9020eab..eda509214d 100644
--- a/source3/smbd/mangle_hash2.c
+++ b/source3/smbd/mangle_hash2.c
@@ -203,7 +203,7 @@ static const char *cache_lookup(u32 hash)
  */
 static BOOL is_mangled_component(const char *name)
 {
-	int len, i;
+	unsigned int len, i;
 
 	M_DEBUG(10,("is_mangled_component %s ?\n", name));
 
@@ -368,7 +368,7 @@ static void mangle_reset(void)
 static BOOL check_cache(char *name)
 {
 	u32 hash, multiplier;
-	int i;
+	unsigned int i;
 	const char *prefix;
 	char extension[4];
 
@@ -489,8 +489,8 @@ static void name_map(char *name, BOOL need83, BOOL cache83)
 	char *dot_p;
 	char lead_chars[7];
 	char extension[4];
-	int extension_length, i;
-	int prefix_len;
+	unsigned int extension_length, i;
+	unsigned int prefix_len;
 	u32 hash, v;
 	char new_name[13];
 
-- 
cgit 


From fa26737f40607baa084f2fcc481894473add69d4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 20:01:00 +0000
Subject: See if I can make this look slightly like C.  It compiled locally,
 honest...

Andrew Bartlett
(This used to be commit cfc4cc776899da92a5c9a17f0ea36c7cb65d7a80)
---
 source3/auth/auth_rhosts.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
index d8e1b01942..8915acaecd 100644
--- a/source3/auth/auth_rhosts.c
+++ b/source3/auth/auth_rhosts.c
@@ -199,6 +199,8 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
 {
 	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
 	SAM_ACCOUNT *account = NULL;
+	pstring rhostsfile;
+	const char *home;
 	
 	if (!NT_STATUS_IS_OK(nt_status = 
 			     auth_get_sam_account(user_info->internal_username.str, 
@@ -206,9 +208,8 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
 		return nt_status;
 	}
 
-	pstring rhostsfile;
-	
-	char *home = pdb_get_unix_homedir(account);
+	home = pdb_get_unix_homedir(account);
+
 	if (home) {
 		slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
 		become_root();
-- 
cgit 


From 1d1ad2db2e1f78ed16bd7c62b4d062aa128bb27d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 22 Feb 2003 20:11:29 +0000
Subject: Make sure we set the error code to indicate failure...

Andrew Bartlett
(This used to be commit 5a472e2a3cffe175ac4341e19c153a931505a2e8)
---
 source3/auth/auth_rhosts.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
index 8915acaecd..5451f7d930 100644
--- a/source3/auth/auth_rhosts.c
+++ b/source3/auth/auth_rhosts.c
@@ -169,6 +169,9 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex
 
 	if (check_hosts_equiv(account)) {
 		nt_status = make_server_info_sam(server_info, account);
+	} else {
+		pdb_free_sam(&account);
+		nt_status = NT_STATUS_LOGON_FAILURE;
 	}
 
 	return nt_status;
@@ -215,10 +218,16 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
 		become_root();
 		if (check_user_equiv(pdb_get_username(account),client_name(),rhostsfile)) {
 			nt_status = make_server_info_sam(server_info, account);
+		} else {
+			pdb_free_sam(&account);
+			nt_status = NT_STATUS_LOGON_FAILURE;
 		}
 		unbecome_root();
-	} 
-
+	} else {
+		pdb_free_sam(&account);
+		nt_status = NT_STATUS_LOGON_FAILURE;
+	}
+	
 	return nt_status;
 }
 
-- 
cgit 


From bfc5f0ba8e7fed1f95f83cb1ee43631e307927fb Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sun, 23 Feb 2003 17:40:43 +0000
Subject: move genparser to use talloc contexts instead of [m|c|re]alloc() and
 free()s (This used to be commit 70fce680c01fa1baa65fb3cbc83dfaf822fdadd7)

---
 source3/lib/genparser.c       | 233 ++++++++++++++++++++++--------------------
 source3/lib/genparser_samba.c |  82 +++++++--------
 2 files changed, 163 insertions(+), 152 deletions(-)

diff --git a/source3/lib/genparser.c b/source3/lib/genparser.c
index 9fa9dbd33b..233050b432 100644
--- a/source3/lib/genparser.c
+++ b/source3/lib/genparser.c
@@ -34,12 +34,12 @@ static int all_zero(const char *ptr, unsigned size)
 }
 
 /* encode a buffer of bytes into a escaped string */
-static char *encode_bytes(const char *ptr, unsigned len)
+static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len)
 {
 	const char *hexdig = "0123456789abcdef";
 	char *ret, *p;
 	unsigned i;
-	ret = malloc(len*3 + 1); /* worst case size */
+	ret = talloc(mem_ctx, len*3 + 1); /* worst case size */
 	if (!ret) return NULL;
 	for (p=ret,i=0;i<len;i++) {
 		if (isalnum(ptr[i]) || isspace(ptr[i]) ||
@@ -61,11 +61,16 @@ static char *encode_bytes(const char *ptr, unsigned len)
 }
 
 /* decode an escaped string from encode_bytes() into a buffer */
-static char *decode_bytes(const char *s, unsigned *len) 
+static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len) 
 {
 	char *ret, *p;
 	unsigned i;
-	ret = calloc(1, strlen(s)+1); /* worst case length */
+	int slen = strlen(s) + 1;
+
+	ret = talloc(mem_ctx, slen); /* worst case length */
+	if (!ret)
+		return NULL;
+	memset(ret, 0, slen);
 
 	if (*s == '{') s++;
 
@@ -75,7 +80,6 @@ static char *decode_bytes(const char *s, unsigned *len)
 		} else if (s[i] == '\\') {
 			unsigned v;
 			if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) {
-				free(ret);
 				return NULL;
 			}
 			*(unsigned char *)p = v;
@@ -96,11 +100,11 @@ static char *decode_bytes(const char *s, unsigned *len)
    parse_string */
 
 /* allocate more space if needed */
-static int addgen_alloc(struct parse_string *p, int n)
+static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n)
 {
 	if (p->length + n <= p->allocated) return 0;
 	p->allocated = p->length + n + 200;
-	p->s = realloc(p->s, p->allocated);
+	p->s = talloc_realloc(mem_ctx, p->s, p->allocated);
 	if (!p->s) {
 		errno = ENOMEM;
 		return -1;
@@ -109,9 +113,9 @@ static int addgen_alloc(struct parse_string *p, int n)
 }
 
 /* add a character to the buffer */
-static int addchar(struct parse_string *p, char c)
+static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c)
 {
-	if (addgen_alloc(p, 2) != 0) {
+	if (addgen_alloc(mem_ctx, p, 2) != 0) {
 		return -1;
 	}
 	p->s[p->length++] = c;
@@ -120,10 +124,10 @@ static int addchar(struct parse_string *p, char c)
 }
 
 /* add a string to the buffer */
-int addstr(struct parse_string *p, const char *s)
+int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s)
 {
 	int len = strlen(s);
-	if (addgen_alloc(p, len+1) != 0) {
+	if (addgen_alloc(mem_ctx, p, len+1) != 0) {
 		return -1;
 	}
 	memcpy(p->s + p->length, s, len+1);
@@ -132,10 +136,10 @@ int addstr(struct parse_string *p, const char *s)
 }
 
 /* add a string to the buffer with a tab prefix */
-static int addtabbed(struct parse_string *p, const char *s, unsigned indent)
+static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent)
 {
 	int len = strlen(s);
-	if (addgen_alloc(p, indent+len+1) != 0) {
+	if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) {
 		return -1;
 	}
 	while (indent--) {
@@ -147,7 +151,7 @@ static int addtabbed(struct parse_string *p, const char *s, unsigned indent)
 }
 
 /* note! this can only be used for results up to 60 chars wide! */
-int addshort(struct parse_string *p, const char *fmt, ...)
+int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
 {
 	char buf[60];
 	int n;
@@ -155,7 +159,7 @@ int addshort(struct parse_string *p, const char *fmt, ...)
 	va_start(ap, fmt);
 	n = vsnprintf(buf, sizeof(buf), fmt, ap);
 	va_end(ap);
-	if (addgen_alloc(p, n + 1) != 0) {
+	if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
 		return -1;
 	}
 	if (n != 0) {
@@ -170,7 +174,7 @@ int addshort(struct parse_string *p, const char *fmt, ...)
    this is here to make it easier for people to write dump functions 
    for their own types
  */
-int gen_addgen(struct parse_string *p, const char *fmt, ...)
+int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
 {
 	char *buf = NULL;
 	int n;
@@ -178,7 +182,7 @@ int gen_addgen(struct parse_string *p, const char *fmt, ...)
 	va_start(ap, fmt);
 	n = vasprintf(&buf, fmt, ap);
 	va_end(ap);
-	if (addgen_alloc(p, n + 1) != 0) {
+	if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
 		if (buf) free(buf);
 		return -1;
 	}
@@ -192,7 +196,8 @@ int gen_addgen(struct parse_string *p, const char *fmt, ...)
 }
 
 /* dump a enumerated type */
-int gen_dump_enum(const struct enum_struct *einfo,
+int gen_dump_enum(TALLOC_CTX *mem_ctx,
+		  const struct enum_struct *einfo,
 		  struct parse_string *p, 
 		  const char *ptr,
 		  unsigned indent)
@@ -201,36 +206,37 @@ int gen_dump_enum(const struct enum_struct *einfo,
 	int i;
 	for (i=0;einfo[i].name;i++) {
 		if (v == einfo[i].value) {
-			addstr(p, einfo[i].name);
+			addstr(mem_ctx, p, einfo[i].name);
 			return 0;
 		}
 	}
 	/* hmm, maybe we should just fail? */
-	return gen_dump_unsigned(p, ptr, indent);
+	return gen_dump_unsigned(mem_ctx, p, ptr, indent);
 }
 
 /* dump a single non-array element, hanlding struct and enum */
-static int gen_dump_one(struct parse_string *p, 
-			 const struct parse_struct *pinfo,
-			 const char *ptr,
-			 unsigned indent)
+static int gen_dump_one(TALLOC_CTX *mem_ctx,
+			struct parse_string *p, 
+			const struct parse_struct *pinfo,
+			const char *ptr,
+			unsigned indent)
 {
 	if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) {
-		char *s = encode_bytes(ptr, strlen(ptr));
-		if (addchar(p,'{') ||
-		    addstr(p, s) ||
-		    addstr(p, "}")) {
-			free(s);
+		char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
+		if (addchar(mem_ctx, p,'{') ||
+		    addstr(mem_ctx, p, s) ||
+		    addstr(mem_ctx, p, "}")) {
 			return -1;
 		}
 		return 0;
 	}
 
-	return pinfo->dump_fn(p, ptr, indent);
+	return pinfo->dump_fn(mem_ctx, p, ptr, indent);
 }
 
 /* handle dumping of an array of arbitrary type */
-static int gen_dump_array(struct parse_string *p,
+static int gen_dump_array(TALLOC_CTX *mem_ctx,
+			  struct parse_string *p,
 			  const struct parse_struct *pinfo, 
 			  const char *ptr,
 			  int array_len,
@@ -242,13 +248,12 @@ static int gen_dump_array(struct parse_string *p,
 	if (array_len != 0 && 
 	    pinfo->ptr_count == 0 &&
 	    pinfo->dump_fn == gen_dump_char) {
-		char *s = encode_bytes(ptr, array_len);
+		char *s = encode_bytes(mem_ctx, ptr, array_len);
 		if (!s) return -1;
-		if (addtabbed(p, pinfo->name, indent) ||
-		    addstr(p, " = {") ||
-		    addstr(p, s) ||
-		    addstr(p, "}\n")) {
-			free(s);
+		if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
+		    addstr(mem_ctx, p, " = {") ||
+		    addstr(mem_ctx, p, s) ||
+		    addstr(mem_ctx, p, "}\n")) {
 			return -1;
 		}
 		free(s);
@@ -272,23 +277,23 @@ static int gen_dump_array(struct parse_string *p,
 			continue;
 		}
 		if (count == 0) {
-			if (addtabbed(p, pinfo->name, indent) ||
-			    addshort(p, " = %u:", i)) {
+			if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
+			    addshort(mem_ctx, p, " = %u:", i)) {
 				return -1;
 			}
 		} else {
-			if (addshort(p, ", %u:", i) != 0) {
+			if (addshort(mem_ctx, p, ", %u:", i) != 0) {
 				return -1;
 			}
 		}
-		if (gen_dump_one(p, pinfo, p2, indent) != 0) {
+		if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) {
 			return -1;
 		}
 		ptr += size;
 		count++;
 	}
 	if (count) {
-		return addstr(p, "\n");
+		return addstr(mem_ctx, p, "\n");
 	}
 	return 0;
 }
@@ -325,36 +330,35 @@ static int find_var(const struct parse_struct *pinfo,
 }
 
 
-int gen_dump_struct(const struct parse_struct *pinfo,
+int gen_dump_struct(TALLOC_CTX *mem_ctx,
+		    const struct parse_struct *pinfo,
 		    struct parse_string *p, 
 		    const char *ptr, 
 		    unsigned indent)
 {
-	char *s = gen_dump(pinfo, ptr, indent+1);
+	char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1);
 	if (!s) return -1;
-	if (addstr(p, "{\n") || 
-	    addstr(p,s) || 
-	    addtabbed(p,"}", indent)) {
-		free(s);
+	if (addstr(mem_ctx, p, "{\n") || 
+	    addstr(mem_ctx, p, s) || 
+	    addtabbed(mem_ctx, p, "}", indent)) {
 		return -1;
 	}
-	free(s);
 	return 0;
 }
 
-static int gen_dump_string(struct parse_string *p,
+static int gen_dump_string(TALLOC_CTX *mem_ctx,
+			   struct parse_string *p,
 			   const struct parse_struct *pinfo, 
 			   const char *data, 
 			   unsigned indent)
 {
 	const char *ptr = *(char **)data;
-	char *s = encode_bytes(ptr, strlen(ptr));
-	if (addtabbed(p, pinfo->name, indent) ||
-	    addstr(p, " = ") ||
-	    addchar(p,'{') ||
-	    addstr(p, s) ||
-	    addstr(p, "}\n")) {
-		free(s);
+	char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
+	if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
+	    addstr(mem_ctx, p, " = ") ||
+	    addchar(mem_ctx, p, '{') ||
+	    addstr(mem_ctx, p, s) ||
+	    addstr(mem_ctx, p, "}\n")) {
 		return -1;
 	}
 	return 0;
@@ -370,7 +374,7 @@ static int len_nullterm(const char *ptr, int size, int array_len)
 	if (size == 1) {
 		len = strnlen(ptr, array_len);
 	} else {
-		for (len=0;len<array_len;len++) {
+		for (len=0; len < array_len; len++) {
 			if (all_zero(ptr+len*size, size)) break;
 		}
 	}
@@ -383,7 +387,8 @@ static int len_nullterm(const char *ptr, int size, int array_len)
 
 /* the generic dump routine. Scans the parse information for this structure
    and processes it recursively */
-char *gen_dump(const struct parse_struct *pinfo, 
+char *gen_dump(TALLOC_CTX *mem_ctx,
+	       const struct parse_struct *pinfo, 
 	       const char *data, 
 	       unsigned indent)
 {
@@ -394,7 +399,7 @@ char *gen_dump(const struct parse_struct *pinfo,
 	p.allocated = 0;
 	p.s = NULL;
 
-	if (addstr(&p, "") != 0) {
+	if (addstr(mem_ctx, &p, "") != 0) {
 		return NULL;
 	}
 	
@@ -412,7 +417,7 @@ char *gen_dump(const struct parse_struct *pinfo,
 			if (pinfo[i].flags & FLAG_NULLTERM) {
 				len = len_nullterm(ptr, size, len);
 			}
-			if (gen_dump_array(&p, &pinfo[i], ptr, 
+			if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr, 
 					   len, indent)) {
 				goto failed;
 			}
@@ -433,7 +438,8 @@ char *gen_dump(const struct parse_struct *pinfo,
 				}
 				p2.ptr_count--;
 				p2.dynamic_len = NULL;
-				if (gen_dump_array(&p, &p2, *(char **)ptr, 
+				if (gen_dump_array(mem_ctx, &p, &p2,
+						   *(char **)ptr, 
 						   len, indent) != 0) {
 					goto failed;
 				}
@@ -447,7 +453,7 @@ char *gen_dump(const struct parse_struct *pinfo,
 		/* assume char* is a null terminated string */
 		if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 &&
 		    pinfo[i].dump_fn == gen_dump_char) {
-			if (gen_dump_string(&p, &pinfo[i], ptr, indent) != 0) {
+			if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) {
 				goto failed;
 			}
 			continue;
@@ -458,17 +464,16 @@ char *gen_dump(const struct parse_struct *pinfo,
 			ptr = *(const char **)ptr;
 		}
 
-		if (addtabbed(&p, pinfo[i].name, indent) ||
-		    addstr(&p, " = ") ||
-		    gen_dump_one(&p, &pinfo[i], ptr, indent) ||
-		    addstr(&p, "\n")) {
+		if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) ||
+		    addstr(mem_ctx, &p, " = ") ||
+		    gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) ||
+		    addstr(mem_ctx, &p, "\n")) {
 			goto failed;
 		}
 	}
 	return p.s;
 
 failed:
-	free(p.s);
 	return NULL;
 }
 
@@ -495,7 +500,8 @@ static char *match_braces(char *s, char c)
 }
 
 /* parse routine for enumerated types */
-int gen_parse_enum(const struct enum_struct *einfo, 
+int gen_parse_enum(TALLOC_CTX *mem_ctx,
+		   const struct enum_struct *einfo, 
 		   char *ptr, 
 		   const char *str)
 {
@@ -524,37 +530,41 @@ int gen_parse_enum(const struct enum_struct *einfo,
 
 
 /* parse all base types */
-static int gen_parse_base(const struct parse_struct *pinfo, 
+static int gen_parse_base(TALLOC_CTX *mem_ctx,
+			  const struct parse_struct *pinfo, 
 			  char *ptr, 
 			  const char *str)
 {
 	if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) {
 		unsigned len;
-		char *s = decode_bytes(str, &len);
+		char *s = decode_bytes(mem_ctx, str, &len);
 		if (!s) return -1;
 		*(char **)ptr = s;
 		return 0;
 	}
 
 	if (pinfo->ptr_count) {
+		unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size;
 		struct parse_struct p2 = *pinfo;
-		*(void **)ptr = calloc(1, pinfo->ptr_count>1?sizeof(void *):pinfo->size);
+		*(void **)ptr = talloc(mem_ctx, size);
 		if (! *(void **)ptr) {
 			return -1;
 		}
+		memset(*(void **)ptr, 0, size);
 		ptr = *(char **)ptr;
 		p2.ptr_count--;
-		return gen_parse_base(&p2, ptr, str);
+		return gen_parse_base(mem_ctx, &p2, ptr, str);
 	}
 
-	return pinfo->parse_fn(ptr, str);
+	return pinfo->parse_fn(mem_ctx, ptr, str);
 }
 
 /* parse a generic array */
-static int gen_parse_array(const struct parse_struct *pinfo, 
-			    char *ptr, 
-			    const char *str,
-			    int array_len)
+static int gen_parse_array(TALLOC_CTX *mem_ctx,
+			   const struct parse_struct *pinfo, 
+			   char *ptr, 
+			   const char *str,
+			   int array_len)
 {
 	char *p, *p2;
 	unsigned size = pinfo->size;
@@ -564,11 +574,10 @@ static int gen_parse_array(const struct parse_struct *pinfo,
 	    pinfo->ptr_count == 0 &&
 	    pinfo->dump_fn == gen_dump_char) {
 		unsigned len = 0;
-		char *s = decode_bytes(str, &len);
-		if (!s) return -1;
+		char *s = decode_bytes(mem_ctx, str, &len);
+		if (!s || (len > array_len)) return -1;
 		memset(ptr, 0, array_len);
 		memcpy(ptr, s, len);
-		free(s);
 		return 0;
 	}
 
@@ -593,7 +602,7 @@ static int gen_parse_array(const struct parse_struct *pinfo,
 			p[strlen(p)-1] = 0;
 		}
 
-		if (gen_parse_base(pinfo, ptr + idx*size, p) != 0) {
+		if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) {
 			return -1;
 		}
 
@@ -605,7 +614,8 @@ static int gen_parse_array(const struct parse_struct *pinfo,
 }
 
 /* parse one element, hanlding dynamic and static arrays */
-static int gen_parse_one(const struct parse_struct *pinfo, 
+static int gen_parse_one(TALLOC_CTX *mem_ctx,
+			 const struct parse_struct *pinfo, 
 			 const char *name, 
 			 char *data, 
 			 const char *str)
@@ -621,7 +631,8 @@ static int gen_parse_one(const struct parse_struct *pinfo,
 	}
 
 	if (pinfo[i].array_len) {
-		return gen_parse_array(&pinfo[i], data+pinfo[i].offset, 
+		return gen_parse_array(mem_ctx, &pinfo[i],
+				       data+pinfo[i].offset, 
 				       str, pinfo[i].array_len);
 	}
 
@@ -632,33 +643,33 @@ static int gen_parse_one(const struct parse_struct *pinfo,
 			return -1;
 		}
 		if (len > 0) {
-			unsigned size;
 			struct parse_struct p2 = pinfo[i];
 			char *ptr;
-			size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size;
-			ptr = calloc(len, size);
+			unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size;
+			ptr = talloc(mem_ctx, len*size);
 			if (!ptr) {
 				errno = ENOMEM;
 				return -1;
 			}
+			memset(ptr, 0, len*size);
 			*((char **)(data + pinfo[i].offset)) = ptr;
 			p2.ptr_count--;
 			p2.dynamic_len = NULL;
-			return gen_parse_array(&p2, ptr, str, len);
+			return gen_parse_array(mem_ctx, &p2, ptr, str, len);
 		}
 		return 0;
 	}
 
-	return gen_parse_base(&pinfo[i], data + pinfo[i].offset, str);
+	return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str);
 }
 
-int gen_parse_struct(const struct parse_struct *pinfo, char *ptr, const char *str)
+int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str)
 {
-	return gen_parse(pinfo, ptr, str);
+	return gen_parse(mem_ctx, pinfo, ptr, str);
 }
 
 /* the main parse routine */
-int gen_parse(const struct parse_struct *pinfo, char *data, const char *s)
+int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s)
 {
 	char *str, *s0;
 	
@@ -694,7 +705,7 @@ int gen_parse(const struct parse_struct *pinfo, char *data, const char *s)
 
 		*str++ = 0;
 		
-		if (gen_parse_one(pinfo, name, data, value) != 0) {
+		if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) {
 			free(s0);
 			return -1;
 		}
@@ -708,68 +719,68 @@ int gen_parse(const struct parse_struct *pinfo, char *data, const char *s)
 
 /* for convenience supply some standard dumpers and parsers here */
 
-int gen_parse_char(char *ptr, const char *str)
+int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(unsigned char *)ptr = atoi(str);
 	return 0;
 }
 
-int gen_parse_int(char *ptr, const char *str)
+int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(int *)ptr = atoi(str);
 	return 0;
 }
 
-int gen_parse_unsigned(char *ptr, const char *str)
+int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(unsigned *)ptr = strtoul(str, NULL, 10);
 	return 0;
 }
 
-int gen_parse_time_t(char *ptr, const char *str)
+int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(time_t *)ptr = strtoul(str, NULL, 10);
 	return 0;
 }
 
-int gen_parse_double(char *ptr, const char *str)
+int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(double *)ptr = atof(str);
 	return 0;
 }
 
-int gen_parse_float(char *ptr, const char *str)
+int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(float *)ptr = atof(str);
 	return 0;
 }
 
-int gen_dump_char(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%u", *(unsigned char *)(ptr));
+	return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr));
 }
 
-int gen_dump_int(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%d", *(int *)(ptr));
+	return addshort(mem_ctx, p, "%d", *(int *)(ptr));
 }
 
-int gen_dump_unsigned(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%u", *(unsigned *)(ptr));
+	return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr));
 }
 
-int gen_dump_time_t(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%u", *(time_t *)(ptr));
+	return addshort(mem_ctx, p, "%u", *(time_t *)(ptr));
 }
 
-int gen_dump_double(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%lg", *(double *)(ptr));
+	return addshort(mem_ctx, p, "%lg", *(double *)(ptr));
 }
 
-int gen_dump_float(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%g", *(float *)(ptr));
+	return addshort(mem_ctx, p, "%g", *(float *)(ptr));
 }
diff --git a/source3/lib/genparser_samba.c b/source3/lib/genparser_samba.c
index 6c700d1094..bece587747 100644
--- a/source3/lib/genparser_samba.c
+++ b/source3/lib/genparser_samba.c
@@ -22,25 +22,25 @@
 
 /* PARSE functions */
 
-int gen_parse_uint8(char *ptr, const char *str)
+int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(uint8 *)ptr = atoi(str);
 	return 0;
 }
 
-int gen_parse_uint16(char *ptr, const char *str)
+int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(uint16 *)ptr = atoi(str);
 	return 0;
 }
 
-int gen_parse_uint32(char *ptr, const char *str)
+int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	*(uint32 *)ptr = strtoul(str, NULL, 10);
 	return 0;
 }
 
-int gen_parse_NTTIME(char *ptr, const char *str)
+int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) {
 		errno = EINVAL;
@@ -49,19 +49,19 @@ int gen_parse_NTTIME(char *ptr, const char *str)
 	return 0;
 }
 
-int gen_parse_DOM_SID(char *ptr, const char *str)
+int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	if(!string_to_sid((DOM_SID *)ptr, str)) return -1;
 	return 0;
 }
 
-int gen_parse_SEC_ACCESS(char *ptr, const char *str)
+int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10);
 	return 0;
 }
 
-int gen_parse_GUID(char *ptr, const char *str)
+int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	int info[GUID_SIZE];
 	int i;
@@ -89,27 +89,27 @@ int gen_parse_GUID(char *ptr, const char *str)
 	return 0;
 }
 
-int gen_parse_SEC_ACE(char *ptr, const char *str)
+int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
-	return gen_parse_struct(pinfo_security_ace_info, ptr, str);
+	return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str);
 }
 
-int gen_parse_SEC_ACL(char *ptr, const char *str)
+int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
-	return gen_parse_struct(pinfo_security_acl_info, ptr, str);
+	return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str);
 }
 
-int gen_parse_SEC_DESC(char *ptr, const char *str)
+int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
-	return gen_parse_struct(pinfo_security_descriptor_info, ptr, str);
+	return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str);
 }
 
-int gen_parse_LUID_ATTR(char *ptr, const char *str)
+int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
-	return gen_parse_struct(pinfo_luid_attr_info, ptr, str);
+	return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str);
 }
 
-int gen_parse_LUID(char *ptr, const char *str)
+int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
 {
 	if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) {
 		errno = EINVAL;
@@ -122,79 +122,79 @@ int gen_parse_LUID(char *ptr, const char *str)
 
 /* DUMP functions */
 
-int gen_dump_uint8(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%u", *(uint8 *)(ptr));
+	return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr));
 }
 
-int gen_dump_uint16(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%u", *(uint16 *)(ptr));
+	return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr));
 }
 
-int gen_dump_uint32(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%u", *(uint32 *)(ptr));
+	return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr));
 }
 
-int gen_dump_NTTIME(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
 	uint32 low, high;
 
 	high = ((NTTIME *)(ptr))->high;
 	low = ((NTTIME *)(ptr))->low;
-	return addshort(p, "%u,%u", high, low);
+	return addshort(mem_ctx, p, "%u,%u", high, low);
 }
 
-int gen_dump_DOM_SID(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
 	fstring sidstr;
 
 	sid_to_string(sidstr, (DOM_SID *)ptr);
-	return addstr(p, sidstr);
+	return addstr(mem_ctx, p, sidstr);
 }
 
-int gen_dump_SEC_ACCESS(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return addshort(p, "%u", ((SEC_ACCESS *)ptr)->mask);
+	return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask);
 }
 
-int gen_dump_GUID(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
 	int i, r;
 
 	for (i = 0; i < (GUID_SIZE - 1); i++) {
-		if (!(r = addshort(p, "%d,", ((GUID *)ptr)->info[i]))) return r;
+		if (!(r = addshort(mem_ctx, p, "%d,", ((GUID *)ptr)->info[i]))) return r;
 	}
-	return addshort(p, "%d", ((GUID *)ptr)->info[i]);
+	return addshort(mem_ctx, p, "%d", ((GUID *)ptr)->info[i]);
 }
 
-int gen_dump_SEC_ACE(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return gen_dump_struct(pinfo_security_ace_info, p, ptr, indent);
+	return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent);
 }
 
-int gen_dump_SEC_ACL(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return gen_dump_struct(pinfo_security_acl_info, p, ptr, indent);
+	return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent);
 }
 
-int gen_dump_SEC_DESC(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return gen_dump_struct(pinfo_security_descriptor_info, p, ptr, indent);
+	return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent);
 }
 
-int gen_dump_LUID_ATTR(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
-	return gen_dump_struct(pinfo_luid_attr_info, p, ptr, indent);
+	return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent);
 }
 
-int gen_dump_LUID(struct parse_string *p, const char *ptr, unsigned indent)
+int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
 {
 	uint32 low, high;
 
 	high = ((LUID *)(ptr))->high;
 	low = ((LUID *)(ptr))->low;
-	return addshort(p, "%u,%u", high, low);
+	return addshort(mem_ctx, p, "%u,%u", high, low);
 }
 
-- 
cgit 


From bd0bbde1bba4ad4e6e95f269912943d9d583dce4 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sun, 23 Feb 2003 18:08:07 +0000
Subject: forgot the altered include file (This used to be commit
 f3be08472b8b34d8921ff23c52dd2ba030c96f25)

---
 source3/include/genparser.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source3/include/genparser.h b/source3/include/genparser.h
index 002d79f8f9..f28cd78249 100644
--- a/source3/include/genparser.h
+++ b/source3/include/genparser.h
@@ -46,8 +46,8 @@ struct parse_string {
 	char *s;
 };
 
-typedef int (*gen_dump_fn)(struct parse_string *, const char *ptr, unsigned indent);
-typedef int (*gen_parse_fn)(char *ptr, const char *str);
+typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent);
+typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str);
 
 /* genstruct.pl generates arrays of these */
 struct parse_struct {
@@ -63,8 +63,8 @@ struct parse_struct {
 };
 
 #define DUMP_PARSE_DECL(type) \
-  int gen_dump_ ## type(struct parse_string *, const char *, unsigned); \
-  int gen_parse_ ## type(char *, const char *);
+  int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \
+  int gen_parse_ ## type(TALLOC_CTX *, char *, const char *);
 
 DUMP_PARSE_DECL(char)
 DUMP_PARSE_DECL(int)
-- 
cgit 


From e68684aa65b579081163c175d681b7867a0828bf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 01:13:31 +0000
Subject: Fix 2 off-by-one bugs in the use of malloc()ed strings and
 safe_strcpy().

safe_strcpy() isn't particularly safe (this has been noted before) as it does
not take the size of the buffer, but instead the size of the buffer *minus 1*

The locking.c fix was causing segfaults on machines running with
--enable-developer, and was tracked down thanks to the fact that vance's build
farm machine runs with such an option, and smbtorture's DIR1 test hits this
bug very well.

(The --enable-developer code writes to the last byte of the string, to check
for incorrect use of safe_strcpy()).

Andrew Bartlett
(This used to be commit e908fd164d1b11b6f76a6fdffb22e139813cb3c0)
---
 source3/lib/hash.c        | 6 ++++--
 source3/locking/locking.c | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/source3/lib/hash.c b/source3/lib/hash.c
index 95af485707..c7b1493b4c 100644
--- a/source3/lib/hash.c
+++ b/source3/lib/hash.c
@@ -171,6 +171,7 @@ hash_element *hash_insert(hash_table *table, char *value, char *key)
 	hash_element	*hash_elem;
 	ubi_dlNodePtr lru_item;
 	ubi_dlList *bucket; 
+	size_t string_length;
 
 	/* 
 	 * If the hash table size has not reached the MAX_HASH_TABLE_SIZE,
@@ -204,12 +205,13 @@ hash_element *hash_insert(hash_table *table, char *value, char *key)
 	 * string.
 	 */
 
-	if(!(hash_elem = (hash_element *) malloc(sizeof(hash_element) + strlen(key)))) {
+	string_length = strlen(key);
+	if(!(hash_elem = (hash_element *) malloc(sizeof(hash_element) + string_length))) {
 		DEBUG(0,("hash_insert: malloc fail !\n"));
 		return (hash_element *)NULL;
 	}
 
-	safe_strcpy((char *) hash_elem->key, key, strlen(key)+1);
+	safe_strcpy((char *) hash_elem->key, key, string_length);
 
 	hash_elem->value = (char *)value;
 	hash_elem->bucket = bucket;
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index d4794560f6..fdfd4d661c 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -630,7 +630,7 @@ BOOL set_share_mode(files_struct *fsp, uint16 port, uint16 op_type)
 			fsp->fsp_name ));
 
 		offset = sizeof(*data) + sizeof(share_mode_entry);
-		safe_strcpy(p + offset, fname, size - offset);
+		safe_strcpy(p + offset, fname, size - offset - 1);
 		fill_share_mode(p + sizeof(*data), fsp, port, op_type);
 		dbuf.dptr = p;
 		dbuf.dsize = size;
-- 
cgit 


From ded88da1ea1fdcd6da017de2e1378578971f7645 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 02:11:32 +0000
Subject: Add const (This used to be commit
 ffaa608be01d72075942ca3aff2325c6364e0556)

---
 source3/lib/util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source3/lib/util.c b/source3/lib/util.c
index 13f5b17781..3958600cbd 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -309,9 +309,9 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, const gid_t *groups)
  Like atoi but gets the value up to the separator character.
 ****************************************************************************/
 
-static char *Atoic(char *p, int *n, char *c)
+static const char *Atoic(const char *p, int *n, const char *c)
 {
-	if (!isdigit((int)*p)) {
+	if (!isdigit((const int)*p)) {
 		DEBUG(5, ("Atoic: malformed number\n"));
 		return NULL;
 	}
@@ -333,7 +333,7 @@ static char *Atoic(char *p, int *n, char *c)
  Reads a list of numbers.
  *************************************************************************/
 
-char *get_numlist(char *p, uint32 **num, int *count)
+const char *get_numlist(const char *p, uint32 **num, int *count)
 {
 	int val;
 
@@ -2400,7 +2400,7 @@ static BOOL unix_do_match(char *regexp, char *str)
  Simple case insensitive interface to a UNIX wildcard matcher.
 *******************************************************************/
 
-BOOL unix_wild_match(char *pattern, char *string)
+BOOL unix_wild_match(const char *pattern, const char *string)
 {
 	pstring p2, s2;
 	char *p;
-- 
cgit 


From e25aa22a8ff46b3c29fc373a585d8a5e5cc37296 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 24 Feb 2003 02:12:39 +0000
Subject: Merge:

> Exit path cleanup for cli_samr_enum_dom_users()
(This used to be commit 655c1e03519d4fa174a85534c165bdd1ce163ae8)
---
 source3/rpc_client/cli_samr.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 08c68b7632..c451ee2e42 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -590,16 +590,14 @@ NTSTATUS cli_samr_enum_dom_users(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	if(!samr_io_r_enum_dom_users("", &r, &rbuf, 0))
 		goto done;
 	
-	/* return the data obtained in response */
-	if (!NT_STATUS_IS_OK(r.status) &&
-		(NT_STATUS_EQUAL(r.status, STATUS_MORE_ENTRIES) ||
-		NT_STATUS_EQUAL(r.status, NT_STATUS_NO_MORE_ENTRIES))) {
-		return r.status;
-	}
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result) &&
+	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
+		goto done;
 	
 	*start_idx = r.next_idx;
 	*num_dom_users = r.num_entries2;
-	result = r.status;
 
 	if (r.num_entries2) {
 		/* allocate memory needed to return received data */	
-- 
cgit 


From 12f2ebf7f006369477824d9b4b917847d63a68af Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 03:45:02 +0000
Subject: Always initialise (This used to be commit
 ff2b5b2f85f2d9dade67077cea1b68719cf65352)

---
 source3/libads/ldap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index bc90e90ea0..29f44672f4 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -816,8 +816,8 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 {
 	int curmod;
 	LDAPMod **modlist = (LDAPMod **) *mods;
-	struct berval **ber_values;
-	char **char_values;
+	struct berval **ber_values = NULL;
+	char **char_values = NULL;
 
 	if (!invals) {
 		mod_op = LDAP_MOD_DELETE;
-- 
cgit 


From 5b5453e6c799cbf3fa7638950825e3b1c276cdc2 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Mon, 24 Feb 2003 04:42:24 +0000
Subject: Merge documentation from 3_0. (This used to be commit
 5002555a9719987ccdc887ffff64ea8d02c9881d)

---
 source3/lib/charcnv.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index bffa2a378c..a8df003f8b 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -22,17 +22,24 @@
 */
 #include "includes.h"
 
-static pstring cvtbuf;
-
-static smb_iconv_t conv_handles[NUM_CHARSETS][NUM_CHARSETS];
-
 /**
  * @file
  *
- * Character set conversion routines.
+ * @brief Character-set conversion routines built on our iconv.
+ * 
+ * @note Samba's internal character set (at least in the 3.0 series)
+ * is always the same as the one for the Unix filesystem.  It is
+ * <b>not</b> necessarily UTF-8 and may be different on machines that
+ * need i18n filenames to be compatible with Unix software.  It does
+ * have to be a superset of ASCII.  All multibyte sequences must start
+ * with a byte with the high bit set.
  *
  * @sa lib/iconv.c
- **/
+ */
+
+static pstring cvtbuf;
+
+static smb_iconv_t conv_handles[NUM_CHARSETS][NUM_CHARSETS];
 
 
 /**
-- 
cgit 


From 6fa6b607c9f97dca9850e2d5c5dc175497fbebd8 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 24 Feb 2003 04:59:15 +0000
Subject: Quieten compiler warning. (This used to be commit
 eb5d1a72dc9dc35997d39f8778ee98163b8cce32)

---
 source3/python/py_tdbpack.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source3/python/py_tdbpack.c b/source3/python/py_tdbpack.c
index 243cb44683..f0718b717e 100644
--- a/source3/python/py_tdbpack.c
+++ b/source3/python/py_tdbpack.c
@@ -25,6 +25,13 @@
 
 #include "Python.h"
 
+/* This symbol is used in both config.h and Python.h which causes an
+   annoying compiler warning. */
+
+#ifdef HAVE_FSTAT
+#undef HAVE_FSTAT
+#endif
+
 /* This module is supposed to be standalone, however for portability
    it would be good to use the FUNCTION_MACRO preprocessor define. */
 
-- 
cgit 


From 2295c0cf296090ed48d7e9bf47c4358de30eaec0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 09:10:41 +0000
Subject: Fix off-by-one bugs, and move to strdup() rather than
 malloc()/strcpy().

Andrew Bartlett
(This used to be commit aa486355e282b891b299d63cc07431f32213b1b8)
---
 source3/modules/vfs_recycle.c | 25 +++++++++----------------
 1 file changed, 9 insertions(+), 16 deletions(-)

diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index dcd83b7acd..a99a593caf 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -472,25 +472,21 @@ static void recycle_touch(connection_struct *conn, const char *fname)
 /**
  * Check if file should be recycled
  **/
-static int recycle_unlink(connection_struct *conn, const char *inname)
+static int recycle_unlink(connection_struct *conn, const char *file_name)
 {
 	recycle_bin_private_data *recdata;
 	recycle_bin_connections *recconn;
 	recycle_bin_struct *recbin;
-	char *file_name = NULL;
 	char *path_name = NULL;
        	char *temp_name = NULL;
 	char *final_name = NULL;
-	char *base;
+	const char *base;
 	int i;
 /*	SMB_BIG_UINT dfree, dsize, bsize;	*/
 	SMB_OFF_T file_size; /* space_avail;	*/
 	BOOL exist;
 	int rc = -1;
 
-	file_name = strdup(inname);
-	ALLOC_CHECK(file_name, done);
-
 	recbin = NULL;
 	if (recycle_bin_private_handle) {
 		recdata = (recycle_bin_private_data *)(recycle_bin_private_handle->data);
@@ -560,14 +556,13 @@ static int recycle_unlink(connection_struct *conn, const char *inname)
 	path_name = (char *)malloc(PATH_MAX);
 	ALLOC_CHECK(path_name, done);
 	*path_name = '\0';
-	safe_strcpy(path_name, file_name, PATH_MAX);
+	safe_strcpy(path_name, file_name, PATH_MAX - 1);
 	base = strrchr(path_name, '/');
 	if (base == NULL) {
 		base = file_name;
-		safe_strcpy(path_name, "/", PATH_MAX);
+		safe_strcpy(path_name, "/", PATH_MAX - 1);
 	}
 	else {
-		*base = '\0';
 		base++;
 	}
 
@@ -591,14 +586,13 @@ static int recycle_unlink(connection_struct *conn, const char *inname)
 		goto done;
 	}
 
-	temp_name = (char *)malloc(PATH_MAX);
+	temp_name = (char *)strdup(recbin->repository);
 	ALLOC_CHECK(temp_name, done);
-	safe_strcpy(temp_name, recbin->repository, PATH_MAX);
 
 	/* see if we need to recreate the original directory structure in the recycle bin */
 	if (recbin->keep_dir_tree == True) {
-		safe_strcat(temp_name, "/", PATH_MAX);
-		safe_strcat(temp_name, path_name, PATH_MAX);
+		safe_strcat(temp_name, "/", PATH_MAX - 1);
+		safe_strcat(temp_name, path_name, PATH_MAX - 1);
 	}
 
 	exist = recycle_directory_exist(conn, temp_name);
@@ -613,9 +607,9 @@ static int recycle_unlink(connection_struct *conn, const char *inname)
 		}
 	}
 
-	final_name = (char *)malloc(PATH_MAX);
+	final_name = NULL;
+	asprintf(&final_name, "%s/%s", temp_name, base);
 	ALLOC_CHECK(final_name, done);
-	snprintf(final_name, PATH_MAX, "%s/%s", temp_name, base);
 	DEBUG(10, ("recycle.bin: recycled file name%s\n", temp_name));		/* new filename with path */
 
 	/* check if we should delete file from recycle bin */
@@ -647,7 +641,6 @@ static int recycle_unlink(connection_struct *conn, const char *inname)
 		recycle_touch(conn, final_name);
 
 done:
-	SAFE_FREE(file_name);
 	SAFE_FREE(path_name);
 	SAFE_FREE(temp_name);
 	SAFE_FREE(final_name);
-- 
cgit 


From 9c6d78c54c7f420903767f17659e9ce8d7002dbf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 09:46:01 +0000
Subject: If it's a pstring, use pstrcpy(). (This used to be commit
 34fb5f0b1a6281b3aa7782edb3fcb82cc4ec4877)

---
 source3/msdfs/msdfs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/msdfs/msdfs.c b/source3/msdfs/msdfs.c
index 4df3145009..bf3b3cc213 100644
--- a/source3/msdfs/msdfs.c
+++ b/source3/msdfs/msdfs.c
@@ -266,7 +266,7 @@ static BOOL resolve_dfs_path(char* dfspath, struct dfs_path* dp,
 			if (consumedcntp) {
 				char *q;
 				pstring buf;
-				safe_strcpy(buf, dfspath, sizeof(buf));
+				pstrcpy(buf, dfspath);
 				trim_string(buf, NULL, "\\");
 				q = strrchr(buf, '\\');
 				if (q) 
@@ -633,7 +633,7 @@ int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata)
 	       && pathnamep[1] == '\\')
 		pathnamep++;
 
-	safe_strcpy(buf, pathnamep, sizeof(buf));
+	pstrcpy(buf, pathnamep);
 	if (!get_referred_path(buf, &junction, &consumedcnt,
 			       &self_referral))
 		return -1;
-- 
cgit 


From 2f0c70efb2c4b5b01eb073f5d5217108b4ca438f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 10:35:24 +0000
Subject: setenv takes 3 arguments... (This used to be commit
 6d18f64ef518cbb3d522cf1f92dc5cbc2e2cb642)

---
 source3/smbwrapper/smbsh.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source3/smbwrapper/smbsh.c b/source3/smbwrapper/smbsh.c
index d853aa1afc..845d1d5606 100644
--- a/source3/smbwrapper/smbsh.c
+++ b/source3/smbwrapper/smbsh.c
@@ -92,7 +92,7 @@ int main(int argc, char *argv[])
 		smbw_setshared("PASSWORD", p);
 	}
 
-	setenv("PS1", "smbsh$ ");
+	setenv("PS1", "smbsh$ ", 1);
 
 	sys_getwd(wd);
 
@@ -107,12 +107,12 @@ int main(int argc, char *argv[])
 
 	if (file_exist(line, NULL)) {
 		slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so:DEFAULT", libd);
-		setenv("_RLD_LIST", line);
+		setenv("_RLD_LIST", line, 1);
 		slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd);
-		setenv("_RLDN32_LIST", line);
+		setenv("_RLDN32_LIST", line, 1);
 	} else {
 		slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd);
-		setenv("_RLD_LIST", line);
+		setenv("_RLD_LIST", line, 1);
 	}
 
 	{
-- 
cgit 


From eb64538dba772a9846c05e2712839dbaa12c39a1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 11:09:21 +0000
Subject: Patch from Luke Howard to add mutual kerberos authentication, and SMB
 session keys for kerberos authentication.

Andrew Bartlett
(This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
---
 source3/configure.in             | 16 ++++++++++++
 source3/include/ads.h            |  5 ++++
 source3/include/asn_1.h          |  7 +++++
 source3/libads/kerberos_verify.c | 32 ++++++++++++++++++-----
 source3/libsmb/cliconnect.c      |  2 +-
 source3/libsmb/clikrb5.c         | 56 +++++++++++++++++++++++++++++++++-------
 source3/libsmb/clispnego.c       | 29 +++++++++++----------
 source3/smbd/sesssetup.c         | 52 +++++++++++++++++++++++++++----------
 8 files changed, 157 insertions(+), 42 deletions(-)

diff --git a/source3/configure.in b/source3/configure.in
index 66bdf5edf1..e3b5f2fe15 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2250,6 +2250,22 @@ if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
     AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,[Whether the krb5_ticket struct has a enc_part2 property])
 fi
 
+AC_CACHE_CHECK([for keyvalue in krb5_keyblock],samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[
+AC_TRY_COMPILE([#include <krb5.h>],
+[krb5_keyblock key; key.keyvalue.data = NULL;],
+samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes,samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)])
+if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then
+    AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,[Whether the krb5_keyblock struct has a keyvalue property])
+fi
+
+AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
+AC_TRY_COMPILE([#include <krb5.h>],
+[krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;],
+samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes,samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)])
+if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes"; then
+    AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,[Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
+fi
+
   ########################################################
   # now see if we can find the krb5 libs in standard paths
   # or as specified above
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 304a997b2c..f90983e405 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -208,3 +208,8 @@ typedef void **ADS_MODLIST;
 
 /* Kerberos environment variable names */
 #define KRB5_ENV_CCNAME "KRB5CCNAME"
+
+/* Heimdal uses a slightly different name */
+#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
+#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
+#endif
diff --git a/source3/include/asn_1.h b/source3/include/asn_1.h
index ab7fa5d398..7d4da0db0c 100644
--- a/source3/include/asn_1.h
+++ b/source3/include/asn_1.h
@@ -59,4 +59,11 @@ typedef struct {
 #define SPNEGO_NEG_RESULT_INCOMPLETE 1
 #define SPNEGO_NEG_RESULT_REJECT 2
 
+/* not really ASN.1, but RFC 1964 */
+#define TOK_ID_KRB_AP_REQ	"\x01\x00"
+#define TOK_ID_KRB_AP_REP	"\x02\x00"
+#define TOK_ID_KRB_ERROR	"\x03\x00"
+#define TOK_ID_GSS_GETMIC	"\x01\x01"
+#define TOK_ID_GSS_WRAP		"\x02\x01"
+
 #endif /* _ASN_1_H */
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 17fecf60c8..4d9a1bf765 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -3,7 +3,7 @@
    kerberos utility library
    Copyright (C) Andrew Tridgell 2001
    Copyright (C) Remus Koos 2001
-   
+   Copyright (C) Luke Howard 2003   
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -29,7 +29,9 @@
   authorization_data if available 
 */
 NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, 
-			   char **principal, DATA_BLOB *auth_data)
+			   char **principal, DATA_BLOB *auth_data,
+			   DATA_BLOB *ap_rep,
+			   uint8 session_key[16])
 {
 	krb5_context context;
 	krb5_auth_context auth_context = NULL;
@@ -122,10 +124,24 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 	if (!auth_ok) {
 		DEBUG(3,("krb5_rd_req with auth failed (%s)\n", 
 			 error_message(ret)));
-		SAFE_FREE(key);
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
+	ret = krb5_mk_rep(context, auth_context, &packet);
+	if (ret) {
+		DEBUG(3,("Failed to generate mutual authentication reply (%s)\n",
+			error_message(ret)));
+		krb5_auth_con_free(context, auth_context);
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	*ap_rep = data_blob(packet.data, packet.length);
+	free(packet.data);
+
+	krb5_get_smb_session_key(context, auth_context, session_key);
+	DEBUG(0,("SMB session key (from ticket) follows:\n"));
+	dump_data(0, session_key, 16);
+
 #if 0
 	file_save("/tmp/ticket.dat", ticket->data, ticket->length);
 #endif
@@ -134,20 +150,24 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 
 #if 0
 	if (tkt->enc_part2) {
-		file_save("/tmp/authdata.dat", 
+		file_save("/tmp/authdata.dat",
 			  tkt->enc_part2->authorization_data[0]->contents,
 			  tkt->enc_part2->authorization_data[0]->length);
-	}
 #endif
 
 	if ((ret = krb5_unparse_name(context, get_principal_from_tkt(tkt),
 				     principal))) {
 		DEBUG(3,("krb5_unparse_name failed (%s)\n", 
 			 error_message(ret)));
+		data_blob_free(auth_data);
+		data_blob_free(ap_rep);
+		krb5_auth_con_free(context, auth_context);
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
+	krb5_auth_con_free(context, auth_context);
+
 	return NT_STATUS_OK;
 }
 
-#endif
+#endif /* HAVE_KRB5 */
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 901daf4b09..4962ffa3c9 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2,7 +2,7 @@
    Unix SMB/CIFS implementation.
    client connect/disconnect routines
    Copyright (C) Andrew Tridgell 1994-1998
-   Copyright (C) Andrew Barteltt 2001-2003
+   Copyright (C) Andrew Bartlett 2001-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index bef6998a49..47dec1f171 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -2,7 +2,7 @@
    Unix SMB/CIFS implementation.
    simple kerberos5 routines for active directory
    Copyright (C) Andrew Tridgell 2001
-   Copyright (C) Luke Howard 2002
+   Copyright (C) Luke Howard 2002-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -23,6 +23,16 @@
 
 #ifdef HAVE_KRB5
 
+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
+#define KRB5_KEY_TYPE(k)	((k)->keytype)
+#define KRB5_KEY_LENGTH(k)	((k)->keyvalue.length)
+#define KRB5_KEY_DATA(k)	((k)->keyvalue.data)
+#else
+#define	KRB5_KEY_TYPE(k)	((k)->enctype)
+#define KRB5_KEY_LENGTH(k)	((k)->length)
+#define KRB5_KEY_DATA(k)	((k)->contents)
+#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
+
 #ifndef HAVE_KRB5_SET_REAL_TIME
 /*
  * This function is not in the Heimdal mainline.
@@ -124,7 +134,7 @@ krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
 	return krb5_get_default_in_tkt_etypes(context, enctypes);
 }
 #else
- __ERROR_XX_UNKNOWN_GET_ENCTYPES_FUNCTIONS
+#error UNKNOWN_GET_ENCTYPES_FUNCTIONS
 #endif
 
  void free_kerberos_etypes(krb5_context context, 
@@ -305,12 +315,12 @@ DATA_BLOB krb5_get_ticket(const char *principal, time_t time_offset)
 	DATA_BLOB ret;
 	krb5_enctype enc_types[] = {
 #ifdef ENCTYPE_ARCFOUR_HMAC
-		ENCTYPE_ARCFOUR_HMAC, 
-#endif
-				    ENCTYPE_DES_CBC_MD5, 
-				    ENCTYPE_DES_CBC_CRC, 
-				    ENCTYPE_NULL};
-
+		ENCTYPE_ARCFOUR_HMAC,
+#endif 
+		ENCTYPE_DES_CBC_MD5, 
+		ENCTYPE_DES_CBC_CRC, 
+		ENCTYPE_NULL};
+	
 	retval = krb5_init_context(&context);
 	if (retval) {
 		DEBUG(1,("krb5_init_context failed (%s)\n", 
@@ -355,11 +365,39 @@ failed:
 	return data_blob(NULL, 0);
 }
 
+BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context auth_context, uint8 session_key[16])
+ {
+	krb5_keyblock *skey;
+	BOOL ret = False;
+
+	memset(session_key, 0, 16);
+
+#ifdef ENCTYPE_ARCFOUR_HMAC
+	if (krb5_auth_con_getremotesubkey(context, auth_context, &skey) == 0 && skey != NULL) {
+		if (KRB5_KEY_TYPE(skey) ==
+		    ENCTYPE_ARCFOUR_HMAC
+		    && KRB5_KEY_LENGTH(skey) == 16) {
+			memcpy(session_key, KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
+			ret = True;
+		}
+		krb5_free_keyblock(context, skey);
+	}
+#endif /* ENCTYPE_ARCFOUR_HMAC */
+
+	return ret;
+ }
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
- DATA_BLOB krb5_get_ticket(const char *principal, time_t time_offset)
+DATA_BLOB krb5_get_ticket(const char *principal, time_t time_offset)
  {
 	 DEBUG(0,("NO KERBEROS SUPPORT\n"));
 	 return data_blob(NULL, 0);
  }
+
+BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context ac, uint8 session_key[16])
+ {
+	DEBUG(0,("NO KERBEROS SUPPORT\n"));
+	memset(session_key, 0, 16);
+	return False;
+ }
 #endif
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index e93f1855dd..dfa8f80146 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -3,6 +3,7 @@
    simple kerberos5/SPNEGO routines
    Copyright (C) Andrew Tridgell 2001
    Copyright (C) Jim McDonough   2002
+   Copyright (C) Luke Howard     2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -259,7 +260,7 @@ BOOL parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *se
 /*
   generate a krb5 GSS-API wrapper packet given a ticket
 */
-DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket)
+DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket, uint8 tok_id[2])
 {
 	ASN1_DATA data;
 	DATA_BLOB ret;
@@ -268,7 +269,8 @@ DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket)
 
 	asn1_push_tag(&data, ASN1_APPLICATION(0));
 	asn1_write_OID(&data, OID_KERBEROS5);
-	asn1_write_BOOLEAN(&data, 0);
+
+	asn1_write(&data, tok_id, 2);
 	asn1_write(&data, ticket.data, ticket.length);
 	asn1_pop_tag(&data);
 
@@ -286,7 +288,7 @@ DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket)
 /*
   parse a krb5 GSS-API wrapper packet giving a ticket
 */
-BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
+BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
 {
 	BOOL ret;
 	ASN1_DATA data;
@@ -295,15 +297,15 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
 	asn1_load(&data, blob);
 	asn1_start_tag(&data, ASN1_APPLICATION(0));
 	asn1_check_OID(&data, OID_KERBEROS5);
-	asn1_check_BOOLEAN(&data, 0);
 
 	data_remaining = asn1_tag_remaining(&data);
 
-	if (data_remaining < 1) {
+	if (data_remaining < 3) {
 		data.has_error = True;
 	} else {
-		
-		*ticket = data_blob(data.data, data_remaining);
+		asn1_read(&data, tok_id, 2);
+		data_remaining -= 2;
+		*ticket = data_blob(NULL, data_remaining);
 		asn1_read(&data, ticket->data, ticket->length);
 	}
 
@@ -330,7 +332,7 @@ DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset)
 	tkt = krb5_get_ticket(principal, time_offset);
 
 	/* wrap that up in a nice GSS-API wrapping */
-	tkt_wrapped = spnego_gen_krb5_wrap(tkt);
+	tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
 
 	/* and wrap that in a shiny SPNEGO wrapper */
 	targ = gen_negTokenTarg(krb_mechs, tkt_wrapped);
@@ -438,9 +440,10 @@ BOOL spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
 }
 
 /*
-  generate a minimal SPNEGO NTLMSSP response packet.  Doesn't contain much.
+  generate a minimal SPNEGO response packet.  Doesn't contain much.
 */
-DATA_BLOB spnego_gen_auth_response(DATA_BLOB *ntlmssp_reply, NTSTATUS nt_status)
+DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status,
+				   const char *mechOID)
 {
 	ASN1_DATA data;
 	DATA_BLOB ret;
@@ -462,13 +465,13 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *ntlmssp_reply, NTSTATUS nt_status)
 	asn1_write_enumerated(&data, negResult);
 	asn1_pop_tag(&data);
 
-	if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) {
+	if (reply->data != NULL) {
 		asn1_push_tag(&data,ASN1_CONTEXT(1));
-		asn1_write_OID(&data, OID_NTLMSSP);
+		asn1_write_OID(&data, mechOID);
 		asn1_pop_tag(&data);
 		
 		asn1_push_tag(&data,ASN1_CONTEXT(2));
-		asn1_write_OctetString(&data, ntlmssp_reply->data, ntlmssp_reply->length);
+		asn1_write_OctetString(&data, reply->data, reply->length);
 		asn1_pop_tag(&data);
 	}
 
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index eafe805aba..7e5ec56a27 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -4,6 +4,7 @@
    Copyright (C) Andrew Tridgell 1998-2001
    Copyright (C) Andrew Bartlett      2001
    Copyright (C) Jim McDonough        2002
+   Copyright (C) Luke Howard          2003
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -146,11 +147,14 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	int sess_vuid;
 	NTSTATUS ret;
 	DATA_BLOB auth_data;
+	DATA_BLOB ap_rep, ap_rep_wrapped, response;
 	auth_serversupplied_info *server_info = NULL;
 	ADS_STRUCT *ads;
+	uint8 session_key[16];
+	uint8 tok_id[2];
 	BOOL foreign = False;
 
-	if (!spnego_parse_krb5_wrap(*secblob, &ticket)) {
+	if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
@@ -162,7 +166,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
 	ads->auth.realm = strdup(lp_realm());
 
-	ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
+	ret = ads_verify_ticket(ads, &ticket, &client, &auth_data, &ap_rep, session_key);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(1,("Failed to verify incoming ticket!\n"));	
 		ads_destroy(&ads);
@@ -177,6 +181,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	if (!p) {
 		DEBUG(3,("Doesn't look like a valid principal\n"));
 		ads_destroy(&ads);
+		data_blob_free(&ap_rep);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
@@ -184,6 +189,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	if (strcasecmp(p+1, ads->auth.realm) != 0) {
 		DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
 		if (!lp_allow_trusted_domains()) {
+			data_blob_free(&ap_rep);
 			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 		}
 		foreign = True;
@@ -209,31 +215,51 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
 	if (!pw) {
 		DEBUG(1,("Username %s is invalid on this system\n",user));
+		data_blob_free(&ap_rep);
 		return ERROR_NT(NT_STATUS_NO_SUCH_USER);
 	}
 
 	if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info,pw))) {
 		DEBUG(1,("make_server_info_from_pw failed!\n"));
+		data_blob_free(&ap_rep);
 		return ERROR_NT(ret);
 	}
-	
+
+	/* Copy out the session key from the AP_REQ. */
+	memcpy(server_info->session_key, session_key, sizeof(session_key));
+
 	/* register_vuid keeps the server info */
 	sess_vuid = register_vuid(server_info, user);
 
 	free(user);
 
 	if (sess_vuid == -1) {
-		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+		ret = NT_STATUS_LOGON_FAILURE;
+	} else {
+		set_message(outbuf,4,0,True);
+		SSVAL(outbuf, smb_vwv3, 0);
+			
+		if (server_info->guest) {
+			SSVAL(outbuf,smb_vwv2,1);
+		}
+		
+		SSVAL(outbuf, smb_uid, sess_vuid);
 	}
 
-	set_message(outbuf,4,0,True);
-	SSVAL(outbuf, smb_vwv3, 0);
-	add_signature(outbuf);
- 
-	SSVAL(outbuf,smb_uid,sess_vuid);
-	SSVAL(inbuf,smb_uid,sess_vuid);
-	
-	return chain_reply(inbuf,outbuf,length,bufsize);
+        /* wrap that up in a nice GSS-API wrapping */
+	if (NT_STATUS_IS_OK(ret)) {
+		ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep, TOK_ID_KRB_AP_REP);
+	} else {
+		ap_rep_wrapped = data_blob(NULL, 0);
+	}
+	response = spnego_gen_auth_response(&ap_rep_wrapped, ret, OID_KERBEROS5_OLD);
+	reply_sesssetup_blob(conn, outbuf, response, ret);
+
+	data_blob_free(&ap_rep);
+	data_blob_free(&ap_rep_wrapped);
+	data_blob_free(&response);
+
+	return -1; /* already replied */
 }
 #endif
 
@@ -280,7 +306,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *outbuf,
 		}
 	}
 
-        response = spnego_gen_auth_response(ntlmssp_blob, nt_status);
+        response = spnego_gen_auth_response(ntlmssp_blob, nt_status, OID_NTLMSSP);
 	ret = reply_sesssetup_blob(conn, outbuf, response, nt_status);
 	data_blob_free(&response);
 
-- 
cgit 


From 0e6dbeb2737700ece2a4502a6edf094f4f26894c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 11:16:27 +0000
Subject: typo (This used to be commit
 a47dee787413daaf0b550a47bbd78125490c356e)

---
 source3/smbwrapper/smbsh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbwrapper/smbsh.c b/source3/smbwrapper/smbsh.c
index 845d1d5606..2cbdc76de1 100644
--- a/source3/smbwrapper/smbsh.c
+++ b/source3/smbwrapper/smbsh.c
@@ -101,7 +101,7 @@ int main(int argc, char *argv[])
 	smbw_setshared(line, wd);
 
 	slprintf(line,sizeof(line)-1,"%s/smbwrapper.so", libd);
-	etenv("LD_PRELOAD", line);
+	setenv("LD_PRELOAD", line);
 
 	slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so", libd);
 
-- 
cgit 


From 426cd68f74bb0490df54da500d3d9c1ea475e16f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 11:23:15 +0000
Subject: Move off-by-one buggy malloc()/safe_strcpy() combination to strdup()
 instead.

Andrew Bartlett
(This used to be commit c26881633d8a7f6d9b9ed9c6a97ce2b45bf2b317)
---
 source3/lib/util_getent.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/source3/lib/util_getent.c b/source3/lib/util_getent.c
index 7d45287bba..32641dbf83 100644
--- a/source3/lib/util_getent.c
+++ b/source3/lib/util_getent.c
@@ -224,18 +224,16 @@ static struct sys_userlist *add_members_to_userlist(struct sys_userlist *list_he
 
 	for (i = 0; i < num_users; i++) {
 		struct sys_userlist *entry = (struct sys_userlist *)malloc(sizeof(*entry));
-		size_t len = strlen(grp->gr_mem[i])+1;
 		if (entry == NULL) {
 			free_userlist(list_head);
 			return NULL;
 		}
-		entry->unix_name = (char *)malloc(len);
+		entry->unix_name = (char *)strdup(grp->gr_mem[i]);
 		if (entry->unix_name == NULL) {
 			SAFE_FREE(entry);
 			free_userlist(list_head);
 			return NULL;
 		}
-		safe_strcpy(entry->unix_name, grp->gr_mem[i],len);
 		DLIST_ADD(list_head, entry);
 	}
 	return list_head;
-- 
cgit 


From 05262ea49a3d428e015ef71c975231b108847b72 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 11:24:27 +0000
Subject: Finish removing setenv replacements from smbwrapper. (This used to be
 commit 059ac2d839bf258408490f5ceb786a47cb5acb58)

---
 source3/smbwrapper/shared.c | 20 +-------------------
 source3/smbwrapper/smbsh.c  |  2 +-
 2 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/source3/smbwrapper/shared.c b/source3/smbwrapper/shared.c
index 00dd30b70e..b4cfcf7148 100644
--- a/source3/smbwrapper/shared.c
+++ b/source3/smbwrapper/shared.c
@@ -52,7 +52,7 @@ void smbw_setup_shared(void)
 
 	slprintf(s,sizeof(s)-1,"%d", shared_fd);
 
-	smbw_setenv("SMBW_HANDLE", s);
+	setenv("SMBW_HANDLE", s, 1);
 
 	return;
 
@@ -194,24 +194,6 @@ void smbw_setshared(const char *name, const char *val)
 }
 
 
-/*****************************************************************
-set an env variable - some systems don't have this
-*****************************************************************/  
-int smbw_setenv(const char *name, const char *value)
-{
-	pstring s;
-	char *p;
-	int ret = -1;
-
-	slprintf(s,sizeof(s)-1,"%s=%s", name, value);
-
-	p = strdup(s);
-
-	if (p) ret = putenv(p);
-
-	return ret;
-}
-
 /*****************************************************************
 return true if the passed fd is the SMBW_HANDLE
 *****************************************************************/  
diff --git a/source3/smbwrapper/smbsh.c b/source3/smbwrapper/smbsh.c
index 2cbdc76de1..221c6d87c2 100644
--- a/source3/smbwrapper/smbsh.c
+++ b/source3/smbwrapper/smbsh.c
@@ -101,7 +101,7 @@ int main(int argc, char *argv[])
 	smbw_setshared(line, wd);
 
 	slprintf(line,sizeof(line)-1,"%s/smbwrapper.so", libd);
-	setenv("LD_PRELOAD", line);
+	setenv("LD_PRELOAD", line, 1);
 
 	slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so", libd);
 
-- 
cgit 


From 79aaa35ea5e8c74ff7755ec650aca88cc7e4cf7e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 21:07:03 +0000
Subject: Clean up non-krb5 breakages from my modifications to luke howard's
 patch.

Andrew Bartlett
(This used to be commit 32fd0c49009e38022523cc5c14567dd55de08206)
---
 source3/include/includes.h | 1 +
 source3/libsmb/clikrb5.c   | 8 +-------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 5b4c5a695f..fab02141cb 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1239,6 +1239,7 @@ krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
 krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
 krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
 void free_kerberos_etypes(krb5_context context, krb5_enctype *enctypes);
+BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context auth_context, uint8 session_key[16]);
 #endif /* HAVE_KRB5 */
 
 #endif /* _INCLUDES_H */
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 47dec1f171..6b0c7ddaf2 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -365,7 +365,7 @@ failed:
 	return data_blob(NULL, 0);
 }
 
-BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context auth_context, uint8 session_key[16])
+ BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context auth_context, uint8 session_key[16])
  {
 	krb5_keyblock *skey;
 	BOOL ret = False;
@@ -394,10 +394,4 @@ DATA_BLOB krb5_get_ticket(const char *principal, time_t time_offset)
 	 return data_blob(NULL, 0);
  }
 
-BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context ac, uint8 session_key[16])
- {
-	DEBUG(0,("NO KERBEROS SUPPORT\n"));
-	memset(session_key, 0, 16);
-	return False;
- }
 #endif
-- 
cgit 


From c5871a1893ccaf81116defcdc20d644502e2f98c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Feb 2003 22:25:19 +0000
Subject: Whenever we have a password, use the in-memory ccache.  This fixes a
 bug where we were overwriting the user's ccache with the machine password
 (the -P option).

Andrew Bartlett
(This used to be commit 231d2f84ef36b30be98baf3b56ebf4a5cd8dad11)
---
 source3/utils/net_ads.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 75bb29f213..bb87879044 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -131,7 +131,6 @@ static ADS_STRUCT *ads_startup(void)
 
 	if (opt_user_specified) {
 		need_password = True;
-		use_in_memory_ccache();
 	}
 
 retry:
@@ -142,8 +141,10 @@ retry:
 		free(prompt);
 	}
 
-	if (opt_password)
+	if (opt_password) {
+		use_in_memory_ccache();
 		ads->auth.password = strdup(opt_password);
+	}
 
 	ads->auth.user_name = strdup(opt_user_name);
 
-- 
cgit 


From f803c3237635880694d668d9ce3c29b46c311d43 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Feb 2003 02:20:46 +0000
Subject: Fix a really nasty bug where some users in AD domains (particularly
 child domains) would not have the tokenGroups or memberOf attributes filled
 in.

This would cause a user to have no supplementary group membership.

Detect this by the fact that the primaryGid must be present in the tokenGroups,
and if it isn't (ie, if there is no tokenGroups at all), do a server-side
search on all groups using the 'member' attribute and the user's DN.

Andrew Bartlett
(This used to be commit a074f74e627e1d947a76bcf3a39e3c5df4d4ffe5)
---
 source3/nsswitch/winbindd_ads.c | 104 ++++++++++++++++++++++++++++++++++------
 1 file changed, 90 insertions(+), 14 deletions(-)

diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 9fd391870b..93c9babd5e 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -455,8 +455,10 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	ADS_STRUCT *ads = NULL;
 	const char *attrs[] = {"distinguishedName", NULL};
 	const char *attrs2[] = {"tokenGroups", "primaryGroupID", NULL};
+	const char *group_attrs[] = {"objectSid", "cn", NULL};
 	ADS_STATUS rc;
 	int count;
+	void *res = NULL;
 	void *msg = NULL;
 	char *exp;
 	char *user_dn;
@@ -467,22 +469,30 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	char *sidstr;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 
-	*num_groups = 0;
-
 	DEBUG(3,("ads: lookup_usergroups\n"));
-
-	(*num_groups) = 0;
+	*num_groups = 0;
 
 	sid_from_rid(domain, user_rid, &sid);
 
 	ads = ads_cached_connection(domain);
 	if (!ads) goto done;
 
-	sidstr = sid_binstring(&sid);
-	asprintf(&exp, "(objectSid=%s)", sidstr);
+	if (!(sidstr = sid_binstring(&sid))) {
+		DEBUG(1,("lookup_usergroups(rid=%d) sid_binstring returned NULL\n", user_rid));
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+	if (asprintf(&exp, "(objectSid=%s)", sidstr) == -1) {
+		free(sidstr);
+		DEBUG(1,("lookup_usergroups(rid=%d) asprintf failed!\n", user_rid));
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
 	rc = ads_search_retry(ads, &msg, exp, attrs);
 	free(exp);
 	free(sidstr);
+
 	if (!ADS_ERR_OK(rc)) {
 		DEBUG(1,("lookup_usergroups(rid=%d) ads_search: %s\n", user_rid, ads_errstr(rc)));
 		goto done;
@@ -507,20 +517,86 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 		goto done;
 	}
 
-	count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids) + 1;
-	(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * count);
-	(*user_gids)[(*num_groups)++] = primary_group;
+	count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids);
 
-	for (i=1;i<count;i++) {
-		uint32 rid;
-		if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue;
-		(*user_gids)[*num_groups] = rid;
-		(*num_groups)++;
+	if (msg) ads_msgfree(ads, msg);
+
+	/* there must always be at least one group in the token, 
+	   unless we are talking to a buggy Win2k server */
+	if (count == 0) {
+		/* buggy server, no tokenGroups.  Instead lookup what groups this user
+		   is a member of by DN search on member*/
+		if (asprintf(&exp, "(&(member=%s)(objectClass=group))", user_dn) == -1) {
+			free(sidstr);
+			DEBUG(1,("lookup_usergroups(rid=%d) asprintf failed!\n", user_rid));
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		rc = ads_search_retry(ads, &res, exp, group_attrs);
+		free(exp);
+				
+		if (!ADS_ERR_OK(rc)) {
+			DEBUG(1,("lookup_usergroups(rid=%d) ads_search member=%s: %s\n", user_rid, user_dn, ads_errstr(rc)));
+			goto done;
+		}
+
+		count = ads_count_replies(ads, res);
+		if (count == 0) {
+			DEBUG(5,("lookup_usergroups: No supp groups found\n"));
+			goto done;
+		}
+		
+		(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
+		(*user_gids)[0] = primary_group;
+		
+		*num_groups = 1;
+
+		for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
+			uint32 rid;
+			DOM_SID group_sid;
+			fstring sid_string;
+			const char *cn;
+			
+			cn = ads_pull_string(ads, mem_ctx, msg, "cn");
+			if (!cn) {
+				cn = "<CN NOT AVAILABLE>";
+			}
+
+			if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) {
+				DEBUG(1,("No sid for %s !?\n", cn));
+				continue;
+			}
+			
+			if (!sid_peek_check_rid(&domain->sid, &group_sid, &rid)) {
+				DEBUG(5,("sid for %s is out of domain or invalid\n", sid_to_string(sid_string, &sid)));
+				continue;
+			}
+			if (rid == primary_group) continue;
+
+			(*user_gids)[*num_groups] = rid;
+			(*num_groups)++;
+
+		}
+	} else {
+		(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
+		(*user_gids)[0] = primary_group;
+		
+		*num_groups = 1;
+
+		for (i=0;i<count;i++) {
+			uint32 rid;
+			if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue;
+			if (rid == primary_group) continue;
+			(*user_gids)[*num_groups] = rid;
+			(*num_groups)++;
+		}
 	}
 
 	status = NT_STATUS_OK;
 	DEBUG(3,("ads lookup_usergroups for rid=%d\n", user_rid));
 done:
+	if (res) ads_msgfree(ads, res);
 	if (msg) ads_msgfree(ads, msg);
 
 	return status;
-- 
cgit 


From d116f2c884ce66f69df2973faf34f20a1a7ec988 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Feb 2003 02:23:19 +0000
Subject: tokenGroups are SIDs, so dump them as such. (This used to be commit
 43f07e9de70ad9993265e28a54239caba0121ab6)

---
 source3/libads/ldap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 29f44672f4..67827d27f3 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1215,6 +1215,7 @@ static BOOL ads_dump_field(char *field, void **values, void *data_area)
 		{"nTSecurityDescriptor", False, dump_sd},
 		{"dnsRecord", False, dump_binary},
 		{"objectSid", False, dump_sid},
+		{"tokenGroups", False, dump_sid},
 		{NULL, True, NULL}
 	};
 	int i;
-- 
cgit 


From bf095b837272cf2a17c7ffeb94a96f304922a6bf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Feb 2003 03:30:39 +0000
Subject: For some reason some attributes in ADS do not appear (and are not
 available) in general searches, but only if searching for the DN only.

In my case, it was the tokenGroups attribute that caused me trouble, hence
this patch.

Andrew Bartlett
(This used to be commit 8a0cc4c2beb5d6ad7e44bf47bf0f9ec4a3ffdb96)
---
 source3/utils/net_ads.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index bb87879044..8cd3bac802 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -53,6 +53,8 @@ int net_ads_usage(int argc, const char **argv)
 "\n\t lookup, add, or remove directory entry for a printer\n"\
 "\nnet ads search"\
 "\n\tperform a raw LDAP search and dump the results\n"
+"\nnet ads dn"\
+"\n\tperform a raw LDAP search and dump attributes of a particular DN\n"
 		);
 	return -1;
 }
@@ -1003,7 +1005,7 @@ static int net_ads_search(int argc, const char **argv)
 	exp = argv[0];
 	attrs = (argv + 1);
 
-	rc = ads_do_search_all(ads, ads->config.bind_path, 
+	rc = ads_do_search_all(ads, ads->config.bind_path,
 			       LDAP_SCOPE_SUBTREE,
 			       exp, attrs, &res);
 	if (!ADS_ERR_OK(rc)) {
@@ -1023,6 +1025,65 @@ static int net_ads_search(int argc, const char **argv)
 }
 
 
+/*
+  help for net ads search
+*/
+static int net_ads_dn_usage(int argc, const char **argv)
+{
+	d_printf(
+		"\nnet ads dn <dn> <attributes...>\n"\
+		"\nperform a raw LDAP search on a ADS server and dump the results\n"\
+		"The DN standard LDAP DN, and the attributes are a list of LDAP fields \n"\
+		"to show in the results\n\n"\
+		"Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' sAMAccountName\n\n"
+		);
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+
+/*
+  general ADS search function. Useful in diagnosing problems in ADS
+*/
+static int net_ads_dn(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	const char *dn;
+	const char **attrs;
+	void *res = NULL;
+
+	if (argc < 1) {
+		return net_ads_dn_usage(argc, argv);
+	}
+
+	if (!(ads = ads_startup())) {
+		return -1;
+	}
+
+	dn = argv[0];
+	attrs = (argv + 1);
+
+	rc = ads_do_search_all(ads, dn, 
+			       LDAP_SCOPE_BASE,
+			       "(objectclass=*)", attrs, &res);
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("search failed: %s\n", ads_errstr(rc));
+		return -1;
+	}	
+
+	d_printf("Got %d replies\n\n", ads_count_replies(ads, res));
+
+	/* dump the results */
+	ads_dump(ads, res);
+
+	ads_msgfree(ads, res);
+	ads_destroy(&ads);
+
+	return 0;
+}
+
+
 int net_ads_help(int argc, const char **argv)
 {
 	struct functable func[] = {
@@ -1058,6 +1119,7 @@ int net_ads(int argc, const char **argv)
 		{"CHOSTPASS", net_ads_change_localhost_pass},
 		{"PRINTER", net_ads_printer},
 		{"SEARCH", net_ads_search},
+		{"DN", net_ads_dn},
 		{"WORKGROUP", net_ads_workgroup},
 		{"LOOKUP", net_ads_lookup},
 		{"HELP", net_ads_help},
-- 
cgit 


From 589371e1d5844be9ea0da4c674635ccc42ab9498 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Feb 2003 05:49:24 +0000
Subject: After some comments from tridge, clean the new usergroups code into a
 helper function.

Andrew Bartlett
(This used to be commit 212a52b3d2ca39fcea2990f9293754b08e9b68e4)
---
 source3/nsswitch/winbindd_ads.c | 165 +++++++++++++++++++++++-----------------
 1 file changed, 94 insertions(+), 71 deletions(-)

diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 93c9babd5e..22e4648f15 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -4,6 +4,7 @@
    Winbind ADS backend functions
 
    Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -445,6 +446,84 @@ done:
 	return status;
 }
 
+/* Lookup groups a user is a member of - alternate method, for when
+   tokenGroups are not available. */
+static NTSTATUS lookup_usergroups_alt(struct winbindd_domain *domain,
+				      TALLOC_CTX *mem_ctx,
+				      const char *user_dn, 
+				      uint32 primary_group,
+				      uint32 *num_groups, uint32 **user_gids)
+{
+	ADS_STATUS rc;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	int count;
+	void *res = NULL;
+	void *msg = NULL;
+	char *exp;
+	ADS_STRUCT *ads;
+	const char *group_attrs[] = {"objectSid", NULL};
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	/* buggy server, no tokenGroups.  Instead lookup what groups this user
+	   is a member of by DN search on member*/
+	if (asprintf(&exp, "(&(member=%s)(objectClass=group))", user_dn) == -1) {
+		DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	rc = ads_search_retry(ads, &res, exp, group_attrs);
+	free(exp);
+	
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("lookup_usergroups ads_search member=%s: %s\n", user_dn, ads_errstr(rc)));
+		return ads_ntstatus(rc);
+	}
+	
+	count = ads_count_replies(ads, res);
+	if (count == 0) {
+		DEBUG(5,("lookup_usergroups: No supp groups found\n"));
+		
+		status = ads_ntstatus(rc);
+		goto done;
+	}
+	
+	(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
+	(*user_gids)[0] = primary_group;
+	
+	*num_groups = 1;
+	
+	for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
+		uint32 rid;
+		DOM_SID group_sid;
+		fstring sid_string;
+		
+		if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) {
+			DEBUG(1,("No sid for this group ?!?\n"));
+			continue;
+		}
+		
+		if (!sid_peek_check_rid(&domain->sid, &group_sid, &rid)) {
+			DEBUG(5,("sid for %s is out of domain or invalid\n", sid_to_string(sid_string, &group_sid)));
+			continue;
+		}
+		if (rid == primary_group) continue;
+		
+		(*user_gids)[*num_groups] = rid;
+		(*num_groups)++;
+			
+	}
+
+	if (res) ads_msgfree(ads, res);
+	if (msg) ads_msgfree(ads, msg);
+
+	status = NT_STATUS_OK;
+
+	DEBUG(3,("ads lookup_usergroups (alt) for dn=%s\n", user_dn));
+done:
+	return status;
+}
 
 /* Lookup groups a user is a member of. */
 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
@@ -455,10 +534,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	ADS_STRUCT *ads = NULL;
 	const char *attrs[] = {"distinguishedName", NULL};
 	const char *attrs2[] = {"tokenGroups", "primaryGroupID", NULL};
-	const char *group_attrs[] = {"objectSid", "cn", NULL};
 	ADS_STATUS rc;
 	int count;
-	void *res = NULL;
 	void *msg = NULL;
 	char *exp;
 	char *user_dn;
@@ -524,81 +601,27 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	/* there must always be at least one group in the token, 
 	   unless we are talking to a buggy Win2k server */
 	if (count == 0) {
-		/* buggy server, no tokenGroups.  Instead lookup what groups this user
-		   is a member of by DN search on member*/
-		if (asprintf(&exp, "(&(member=%s)(objectClass=group))", user_dn) == -1) {
-			free(sidstr);
-			DEBUG(1,("lookup_usergroups(rid=%d) asprintf failed!\n", user_rid));
-			status = NT_STATUS_NO_MEMORY;
-			goto done;
-		}
-
-		rc = ads_search_retry(ads, &res, exp, group_attrs);
-		free(exp);
-				
-		if (!ADS_ERR_OK(rc)) {
-			DEBUG(1,("lookup_usergroups(rid=%d) ads_search member=%s: %s\n", user_rid, user_dn, ads_errstr(rc)));
-			goto done;
-		}
-
-		count = ads_count_replies(ads, res);
-		if (count == 0) {
-			DEBUG(5,("lookup_usergroups: No supp groups found\n"));
-			goto done;
-		}
-		
-		(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
-		(*user_gids)[0] = primary_group;
-		
-		*num_groups = 1;
-
-		for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
-			uint32 rid;
-			DOM_SID group_sid;
-			fstring sid_string;
-			const char *cn;
-			
-			cn = ads_pull_string(ads, mem_ctx, msg, "cn");
-			if (!cn) {
-				cn = "<CN NOT AVAILABLE>";
-			}
-
-			if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) {
-				DEBUG(1,("No sid for %s !?\n", cn));
-				continue;
-			}
-			
-			if (!sid_peek_check_rid(&domain->sid, &group_sid, &rid)) {
-				DEBUG(5,("sid for %s is out of domain or invalid\n", sid_to_string(sid_string, &sid)));
-				continue;
-			}
-			if (rid == primary_group) continue;
-
-			(*user_gids)[*num_groups] = rid;
-			(*num_groups)++;
+		return lookup_usergroups_alt(domain, mem_ctx, user_dn, 
+					       primary_group,
+					       num_groups, user_gids);
+	}
 
-		}
-	} else {
-		(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
-		(*user_gids)[0] = primary_group;
-		
-		*num_groups = 1;
-
-		for (i=0;i<count;i++) {
-			uint32 rid;
-			if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue;
-			if (rid == primary_group) continue;
-			(*user_gids)[*num_groups] = rid;
-			(*num_groups)++;
-		}
+	(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
+	(*user_gids)[0] = primary_group;
+	
+	*num_groups = 1;
+	
+	for (i=0;i<count;i++) {
+		uint32 rid;
+		if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue;
+		if (rid == primary_group) continue;
+		(*user_gids)[*num_groups] = rid;
+		(*num_groups)++;
 	}
 
 	status = NT_STATUS_OK;
 	DEBUG(3,("ads lookup_usergroups for rid=%d\n", user_rid));
 done:
-	if (res) ads_msgfree(ads, res);
-	if (msg) ads_msgfree(ads, msg);
-
 	return status;
 }
 
-- 
cgit 


From 3a2f56cb630a7566ef0a70052b3102651bf653cc Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 25 Feb 2003 06:24:13 +0000
Subject: Fixed up some const related compiler warnings. (This used to be
 commit 923425e497112c5d1e2e569da6c13dcd02b6a8af)

---
 source3/client/client.c        |  9 ++++++---
 source3/rpcclient/cmd_lsarpc.c | 24 ++++++++++++------------
 source3/rpcclient/cmd_samr.c   | 38 +++++++++++++++++++-------------------
 source3/rpcclient/rpcclient.c  |  6 +++---
 source3/rpcclient/rpcclient.h  |  4 ++--
 5 files changed, 42 insertions(+), 39 deletions(-)

diff --git a/source3/client/client.c b/source3/client/client.c
index 5da12fd984..b95d4d877c 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -51,7 +51,8 @@ static int max_protocol = PROTOCOL_NT1;
 extern pstring user_socket_options;
 
 static int process_tok(fstring tok);
-static int cmd_help(void);
+static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc,
+			 const char **argv);
 
 /* 30 second timeout on most commands */
 #define CLIENT_TIMEOUT (30*1000)
@@ -979,7 +980,8 @@ static BOOL do_altname(char *name)
 /****************************************************************************
  Exit client.
 ****************************************************************************/
-static int cmd_quit(void)
+static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc,
+			 const char **argv)
 {
 	cli_shutdown(cli);
 	exit(0);
@@ -2149,7 +2151,8 @@ static int process_tok(fstring tok)
 /****************************************************************************
 help
 ****************************************************************************/
-static int cmd_help(void)
+static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc,
+		    const char **argv)
 {
 	int i=0,j;
 	fstring buf;
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 03df170c09..fab6a89ed5 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -64,7 +64,7 @@ done:
 
 static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx, int argc, 
-                                          char **argv) 
+                                          const char **argv) 
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -134,7 +134,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli,
 
 static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli, 
                                      TALLOC_CTX *mem_ctx, int argc, 
-                                     char **argv)
+                                     const char **argv)
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -179,7 +179,7 @@ static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli,
 /* Resolve a list of SIDs to a list of names */
 
 static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                                    int argc, char **argv)
+                                    int argc, const char **argv)
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -246,7 +246,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli, 
                                        TALLOC_CTX *mem_ctx, int argc, 
-                                       char **argv)
+                                       const char **argv)
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -301,7 +301,7 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,
 
 static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
-                                          char **argv) 
+				       const char **argv) 
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -354,7 +354,7 @@ static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
 
 static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli, 
                                      TALLOC_CTX *mem_ctx, int argc, 
-                                     char **argv) 
+                                     const char **argv) 
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -392,7 +392,7 @@ static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,
 
 static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, 
 				  TALLOC_CTX *mem_ctx, int argc, 
-                                     char **argv) 
+				  const char **argv) 
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -445,7 +445,7 @@ static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
 
 static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli, 
                                            TALLOC_CTX *mem_ctx, int argc, 
-                                           char **argv) 
+                                           const char **argv) 
 {
 	POLICY_HND dom_pol;
 	POLICY_HND user_pol;
@@ -500,7 +500,7 @@ static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,
 
 static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli, 
 					 TALLOC_CTX *mem_ctx, int argc, 
-					 char **argv) 
+					 const char **argv) 
 {
 	POLICY_HND dom_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -666,8 +666,8 @@ static NTSTATUS cmd_lsa_remove_acct_rights(struct cli_state *cli,
 /* Get a privilege value given its name */
 
 static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli, 
-                                           TALLOC_CTX *mem_ctx, int argc, 
-                                           char **argv) 
+					TALLOC_CTX *mem_ctx, int argc, 
+					const char **argv) 
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -702,7 +702,7 @@ static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli,
 
 static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli, 
 				     TALLOC_CTX *mem_ctx, int argc, 
-				     char **argv) 
+				     const char **argv) 
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 85aface7be..cec6b1680b 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -264,7 +264,7 @@ static NTSTATUS try_samr_connects(struct cli_state *cli, TALLOC_CTX *mem_ctx,
  */
 static NTSTATUS cmd_samr_query_user(struct cli_state *cli, 
                                     TALLOC_CTX *mem_ctx,
-                                    int argc, char **argv) 
+                                    int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -373,7 +373,7 @@ static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
  */
 static NTSTATUS cmd_samr_query_group(struct cli_state *cli, 
                                      TALLOC_CTX *mem_ctx,
-                                     int argc, char **argv) 
+                                     int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol, group_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -435,7 +435,7 @@ done:
 
 static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, char **argv) 
+                                          int argc, const char **argv) 
 {
 	POLICY_HND 		connect_pol, 
 				domain_pol, 
@@ -499,8 +499,8 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
 /* Query aliases a user is a member of */
 
 static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli, 
-                                          TALLOC_CTX *mem_ctx,
-                                          int argc, char **argv) 
+					   TALLOC_CTX *mem_ctx,
+					   int argc, const char **argv) 
 {
 	POLICY_HND 		connect_pol, domain_pol;
 	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
@@ -568,7 +568,7 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli, 
                                         TALLOC_CTX *mem_ctx,
-                                        int argc, char **argv) 
+                                        int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol, group_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -630,7 +630,7 @@ static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_enum_dom_users(struct cli_state *cli, 
 					TALLOC_CTX *mem_ctx,
-					int argc, char **argv) 
+					int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -704,7 +704,7 @@ static NTSTATUS cmd_samr_enum_dom_users(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv) 
+                                         int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -777,7 +777,7 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv) 
+                                         int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -859,7 +859,7 @@ static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli, 
                                         TALLOC_CTX *mem_ctx,
-                                        int argc, char **argv) 
+                                        int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol, alias_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -933,7 +933,7 @@ static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli, 
                                         TALLOC_CTX *mem_ctx,
-                                        int argc, char **argv) 
+                                        int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -1067,7 +1067,7 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli, 
                                        TALLOC_CTX *mem_ctx,
-                                       int argc, char **argv) 
+                                       int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -1137,11 +1137,11 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv) 
+                                         int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	char *acct_name;
+	const char *acct_name;
 	uint16 acb_info;
 	uint32 unknown, user_rid;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
@@ -1193,7 +1193,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, 
                                       TALLOC_CTX *mem_ctx,
-                                      int argc, char **argv) 
+                                      int argc, const char **argv) 
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol;
@@ -1263,7 +1263,7 @@ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_lookup_rids(struct cli_state *cli, 
                                      TALLOC_CTX *mem_ctx,
-                                     int argc, char **argv) 
+                                     int argc, const char **argv) 
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol;
@@ -1320,7 +1320,7 @@ static NTSTATUS cmd_samr_lookup_rids(struct cli_state *cli,
 
 static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv) 
+                                         int argc, const char **argv) 
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol, user_pol;
@@ -1389,7 +1389,7 @@ static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli,
  */
 static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli, 
                                     TALLOC_CTX *mem_ctx,
-                                    int argc, char **argv) 
+                                    int argc, const char **argv) 
 {
 	POLICY_HND connect_pol, domain_pol, user_pol, *pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -1466,7 +1466,7 @@ done:
 
 static NTSTATUS cmd_samr_get_dom_pwinfo(struct cli_state *cli, 
 					TALLOC_CTX *mem_ctx,
-					int argc, char **argv) 
+					int argc, const char **argv) 
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint16 unk_0, unk_1, unk_2;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 7a9c464cf6..5803055598 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -259,7 +259,7 @@ static void fetch_machine_sid(struct cli_state *cli)
 /* List the available commands on a given pipe */
 
 static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                         int argc, char **argv)
+				 int argc, const char **argv)
 {
 	struct cmd_list *tmp;
         struct cmd_set *tmp_set;
@@ -364,7 +364,7 @@ static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /* Change the debug level */
 
 static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                               int argc, char **argv)
+                               int argc, const char **argv)
 {
 	if (argc > 2) {
 		printf("Usage: %s [debuglevel]\n", argv[0]);
@@ -479,7 +479,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 
 	/* Run command */
 
-	result = cmd_entry->fn(cli, mem_ctx, argc, (char **) argv);
+	result = cmd_entry->fn(cli, mem_ctx, argc, (const char **) argv);
 
 	/* Cleanup */
 
diff --git a/source3/rpcclient/rpcclient.h b/source3/rpcclient/rpcclient.h
index 3276a62437..1bd3c1a641 100644
--- a/source3/rpcclient/rpcclient.h
+++ b/source3/rpcclient/rpcclient.h
@@ -24,8 +24,8 @@
 
 struct cmd_set {
 	const char *name;
-	NTSTATUS (*fn)(struct cli_state*, TALLOC_CTX *mem_ctx, int argc, 
-                       char **argv);
+	NTSTATUS (*fn)(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, 
+                       const char **argv);
         int pipe_idx;
 	const char *description;
 	const char *usage;
-- 
cgit 


From 7c7d796b6d292a7c98b099ad1e1adbc4f2363512 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Tue, 25 Feb 2003 20:51:23 +0000
Subject: Progress on CR 601

cache the printer_info_2 with the open printer handle.
cache is invalidated on a mod_a_printer() call **on that smbd**.

Yes, this means that the window for admins to step on each other
from different clients just got larger, but since handles a generally
short lived this is probably ok.
(This used to be commit 33c7b7522504fb15989f32add8e9a087c8d9d0fa)
---
 source3/include/nt_printing.h       |  45 +++++
 source3/printing/nt_printing.c      | 366 +++++++++++++++++++++---------------
 source3/registry/reg_printing.c     |   7 +-
 source3/rpc_parse/parse_spoolss.c   |   2 +-
 source3/rpc_server/srv_spoolss_nt.c | 277 ++++++++++++---------------
 source3/smbd/lanman.c               |   6 +-
 6 files changed, 388 insertions(+), 315 deletions(-)

diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
index 6d952a89a5..ca65a40d48 100644
--- a/source3/include/nt_printing.h
+++ b/source3/include/nt_printing.h
@@ -434,4 +434,49 @@ typedef struct {
 	SPOOLSS_NOTIFY_MSG_GROUP	*msg_groups;
 } SPOOLSS_NOTIFY_MSG_CTR;
 
+#define PRINTER_HANDLE_IS_PRINTER	0
+#define PRINTER_HANDLE_IS_PRINTSERVER	1
+
+/* structure to store the printer handles */
+/* and a reference to what it's pointing to */
+/* and the notify info asked about */
+/* that's the central struct */
+typedef struct _Printer{
+	struct _Printer *prev, *next;
+	BOOL document_started;
+	BOOL page_started;
+	uint32 jobid; /* jobid in printing backend */
+	BOOL printer_type;
+	TALLOC_CTX *ctx;
+	union {
+	  	fstring handlename;
+		fstring printerservername;
+	} dev;
+	uint32 type;
+	uint32 access_granted;
+	struct {
+		uint32 flags;
+		uint32 options;
+		fstring localmachine;
+		uint32 printerlocal;
+		SPOOL_NOTIFY_OPTION *option;
+		POLICY_HND client_hnd;
+		BOOL client_connected;
+		uint32 change;
+		/* are we in a FindNextPrinterChangeNotify() call? */
+		BOOL fnpcn;
+	} notify;
+	struct {
+		fstring machine;
+		fstring user;
+	} client;
+	
+	/* devmode sent in the OpenPrinter() call */
+	NT_DEVICEMODE	*nt_devmode;
+	
+	/* cache the printer info */
+	NT_PRINTER_INFO_LEVEL *printer_info;
+	
+} Printer_entry;
+
 #endif /* NT_PRINTING_H_ */
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 836324ecc9..0f5067c5a0 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3,7 +3,7 @@
  *  RPC Pipe client / server routines
  *  Copyright (C) Andrew Tridgell              1992-2000,
  *  Copyright (C) Jean François Micouleau      1998-2000.
- *  Copyright (C) Gerald Carter                     2002.
+ *  Copyright (C) Gerald Carter                2002-2003.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -565,8 +565,9 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count)
 }
 
 /****************************************************************************
- delete a named form struct
+ Delete a named form struct.
 ****************************************************************************/
+
 BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, WERROR *ret)
 {
 	pstring key;
@@ -603,8 +604,9 @@ BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, WERROR
 }
 
 /****************************************************************************
-update a form struct
+ Update a form struct.
 ****************************************************************************/
+
 void update_a_form(nt_forms_struct **list, const FORM *form, int count)
 {
 	int n=0;
@@ -612,8 +614,7 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count)
 	unistr2_to_ascii(form_name, &(form->name), sizeof(form_name)-1);
 
 	DEBUG(106, ("[%s]\n", form_name));
-	for (n=0; n<count; n++)
-	{
+	for (n=0; n<count; n++) {
 		DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name));
 		if (!strncmp((*list)[n].name, form_name, strlen(form_name)))
 			break;
@@ -631,9 +632,8 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count)
 }
 
 /****************************************************************************
-get the nt drivers list
-
-traverse the database and look-up the matching names
+ Get the nt drivers list.
+ Traverse the database and look-up the matching names.
 ****************************************************************************/
 int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
 {
@@ -649,7 +649,9 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
 	for (kbuf = tdb_firstkey(tdb_drivers);
 	     kbuf.dptr;
 	     newkey = tdb_nextkey(tdb_drivers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
-		if (strncmp(kbuf.dptr, key, strlen(key)) != 0) continue;
+
+		if (strncmp(kbuf.dptr, key, strlen(key)) != 0)
+			continue;
 		
 		if((fl = Realloc(*list, sizeof(fstring)*(total+1))) == NULL) {
 			DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
@@ -665,8 +667,8 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
 }
 
 /****************************************************************************
-function to do the mapping between the long architecture name and
-the short one.
+ Function to do the mapping between the long architecture name and
+ the short one.
 ****************************************************************************/
 BOOL get_short_archi(char *short_archi, const char *long_archi)
 {
@@ -945,8 +947,8 @@ is no previous version, the new one is newer (obviously). If either file is
 missing the version info structure, compare the creation date (on Unix use
 the modification date). Otherwise chose the numerically larger version number.
 ****************************************************************************/
-static int file_version_is_newer(connection_struct *conn, fstring new_file,
-								fstring old_file)
+
+static int file_version_is_newer(connection_struct *conn, fstring new_file, fstring old_file)
 {
 	BOOL   use_version = True;
 	pstring filepath;
@@ -1866,7 +1868,8 @@ int pack_devicemode(NT_DEVICEMODE *nt_devmode, char *buf, int buflen)
 
 	len += tdb_pack(buf+len, buflen-len, "p", nt_devmode);
 
-	if (!nt_devmode) return len;
+	if (!nt_devmode)
+		return len;
 
 	len += tdb_pack(buf+len, buflen-len, "ffwwwwwwwwwwwwwwwwwwddddddddddddddp",
 			nt_devmode->devicename,
@@ -1937,15 +1940,13 @@ static int pack_values(NT_PRINTER_DATA *data, char *buf, int buflen)
 
 	/* loop over all keys */
 		
-	for ( i=0; i<data->num_keys; i++ )
-	{	
+	for ( i=0; i<data->num_keys; i++ ) {	
 		val_ctr = &data->keys[i].values;
 		num_values = regval_ctr_numvals( val_ctr );
 		
 		/* loop over all values */
 		
-		for ( j=0; j<num_values; j++ )
-		{
+		for ( j=0; j<num_values; j++ ) {
 			/* pathname should be stored as <key>\<value> */
 			
 			val = regval_ctr_specific_value( val_ctr, j );
@@ -1991,7 +1992,7 @@ uint32 del_a_printer(char *sharename)
 }
 
 /* FIXME!!!  Reorder so this forward declaration is not necessary --jerry */
-static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **, fstring);
+static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **, const char* sharename);
 static void free_nt_printer_info_level_2(NT_PRINTER_INFO_LEVEL_2 **);
 /****************************************************************************
 ****************************************************************************/
@@ -2169,6 +2170,9 @@ NT_DEVICEMODE *dup_nt_devicemode(NT_DEVICEMODE *nt_devicemode)
 {
 	NT_DEVICEMODE *new_nt_devicemode = NULL;
 
+	if ( !nt_devicemode )
+		return NULL;
+
 	if ((new_nt_devicemode = (NT_DEVICEMODE *)memdup(nt_devicemode, sizeof(NT_DEVICEMODE))) == NULL) {
 		DEBUG(0,("dup_nt_devicemode: malloc fail.\n"));
 		return NULL;
@@ -2222,8 +2226,7 @@ static void free_nt_printer_info_level_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr)
 	/* clean up all registry keys */
 	
 	data = &info->data;
-	for ( i=0; i<data->num_keys; i++ ) 
-	{
+	for ( i=0; i<data->num_keys; i++ ) {
 		SAFE_FREE( data->keys[i].name );
 		regval_ctr_destroy( &data->keys[i].values );
 	}
@@ -2311,8 +2314,8 @@ int unpack_devicemode(NT_DEVICEMODE **nt_devmode, char *buf, int buflen)
 }
 
 /****************************************************************************
- allocate and initialize a new slot in 
- ***************************************************************************/
+ Allocate and initialize a new slot.
+***************************************************************************/
  
 static int add_new_printer_key( NT_PRINTER_DATA *data, const char *name )
 {
@@ -2360,8 +2363,7 @@ int lookup_printerkey( NT_PRINTER_DATA *data, const char *name )
 
 	/* loop over all existing keys */
 	
-	for ( i=0; i<data->num_keys; i++ ) 
-	{
+	for ( i=0; i<data->num_keys; i++ ) {
 		if ( strequal(data->keys[i].name, name) ) {
 			DEBUG(12,("lookup_printerkey: Found [%s]!\n", name));
 			key_index = i;
@@ -2388,10 +2390,8 @@ uint32 get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **su
 	if ( !data )
 		return 0;
 		
-	for ( i=0; i<data->num_keys; i++ ) 
-	{
-		if ( StrnCaseCmp(data->keys[i].name, key, strlen(key)) == 0 )
-		{
+	for ( i=0; i<data->num_keys; i++ ) {
+		if ( StrnCaseCmp(data->keys[i].name, key, strlen(key)) == 0 ) {
 			/* match sure it is a subkey and not the key itself */
 			
 			key_len = strlen( key );
@@ -2436,7 +2436,7 @@ uint32 get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **su
 	/* tag of the end */
 	
 	if (num_subkeys)
-		fstrcpy( subkeys_ptr[num_subkeys], "" );
+		fstrcpy(subkeys_ptr[num_subkeys], "" );
 	
 	*subkeys = subkeys_ptr;
 
@@ -2692,12 +2692,12 @@ WERROR unpublish_it(NT_PRINTER_INFO_LEVEL *printer)
  * @return WERROR indicating status of publishing
  ***************************************************************************/
 
-WERROR nt_printer_publish(int snum, int action)
+WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action)
 {
 	NT_PRINTER_INFO_LEVEL *printer = NULL;
 	WERROR win_rc;
 
-	win_rc = get_a_printer(&printer, 2, lp_servicename(snum));
+	win_rc = get_a_printer(print_hnd, &printer, 2, lp_servicename(snum));
 	if (!W_ERROR_IS_OK(win_rc))
 		return win_rc;
 
@@ -2718,7 +2718,7 @@ WERROR nt_printer_publish(int snum, int action)
 	return win_rc;
 }
 
-BOOL is_printer_published(int snum, GUID *guid)
+BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid)
 {
 	NT_PRINTER_INFO_LEVEL *printer = NULL;
 	REGVAL_CTR *ctr;
@@ -2727,7 +2727,7 @@ BOOL is_printer_published(int snum, GUID *guid)
 	int i;
 
 
-	win_rc = get_a_printer(&printer, 2, lp_servicename(snum));
+	win_rc = get_a_printer(print_hnd, &printer, 2, lp_servicename(snum));
 	if (!W_ERROR_IS_OK(win_rc))
 		return False;
 
@@ -2753,11 +2753,11 @@ BOOL is_printer_published(int snum, GUID *guid)
 }
 	
 #else
-WERROR nt_printer_publish(int snum, int action)
+WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action)
 {
 	return WERR_OK;
 }
-BOOL is_printer_published(int snum, GUID *guid)
+BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid)
 {
 	return False;
 }
@@ -2780,10 +2780,8 @@ WERROR delete_all_printer_data( NT_PRINTER_INFO_LEVEL_2 *p2, const char *key )
 	
 	/* remove all keys */
 
-	if ( !strlen(key) ) 
-	{
-		for ( i=0; i<data->num_keys; i++ ) 
-		{
+	if ( !strlen(key) ) {
+		for ( i=0; i<data->num_keys; i++ ) {
 			DEBUG(8,("delete_all_printer_data: Removed all Printer Data from key [%s]\n",
 				data->keys[i].name));
 		
@@ -2802,10 +2800,8 @@ WERROR delete_all_printer_data( NT_PRINTER_INFO_LEVEL_2 *p2, const char *key )
 
 	/* remove a specific key (and all subkeys) */
 	
-	for ( i=0; i<data->num_keys; i++ ) 
-	{
-		if ( StrnCaseCmp( data->keys[i].name, key, strlen(key)) == 0 )
-		{
+	for ( i=0; i<data->num_keys; i++ ) {
+		if ( StrnCaseCmp( data->keys[i].name, key, strlen(key)) == 0 ) {
 			DEBUG(8,("delete_all_printer_data: Removed all Printer Data from key [%s]\n",
 				data->keys[i].name));
 		
@@ -2849,8 +2845,7 @@ WERROR delete_all_printer_data( NT_PRINTER_INFO_LEVEL_2 *p2, const char *key )
 
 	/* sanity check to see if anything is left */
 
-	if ( !data->num_keys )
-	{
+	if ( !data->num_keys ) {
 		DEBUG(8,("delete_all_printer_data: No keys left for printer [%s]\n", p2->printername ));
 
 		SAFE_FREE( data->keys );
@@ -2956,8 +2951,7 @@ static int unpack_values(NT_PRINTER_DATA *printer_data, char *buf, int buflen)
 
 	/* loop and unpack the rest of the registry values */
 	
-	while ( True ) 
-	{
+	while ( True ) {
 	
 		/* check to see if there are any more registry values */
 		
@@ -3007,7 +3001,8 @@ static int unpack_values(NT_PRINTER_DATA *printer_data, char *buf, int buflen)
 		
 		regval_ctr_addvalue( &printer_data->keys[key_index].values, valuename, type, data_p, size );
 
-		SAFE_FREE(data_p); /* 'B' option to tdb_unpack does a malloc() */
+		SAFE_FREE(data_p); /* 'B' option to tdbpack does a malloc() */
+
 		DEBUG(8,("specific: [%s:%s], len: %d\n", keyname, valuename, size));
 	}
 
@@ -3099,9 +3094,9 @@ static void map_to_os2_driver(fstring drivername)
 }
 
 /****************************************************************************
-get a default printer info 2 struct
+ Get a default printer info 2 struct.
 ****************************************************************************/
-static WERROR get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharename)
+static WERROR get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, const char *sharename)
 {
 	int snum;
 	NT_PRINTER_INFO_LEVEL_2 info;
@@ -3180,7 +3175,7 @@ static WERROR get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstrin
 
 /****************************************************************************
 ****************************************************************************/
-static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharename)
+static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, const char *sharename)
 {
 	pstring key;
 	NT_PRINTER_INFO_LEVEL_2 info;
@@ -3270,7 +3265,7 @@ static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharen
 }
 
 /****************************************************************************
-debugging function, dump at level 6 the struct in the logs
+ Debugging function, dump at level 6 the struct in the logs.
 ****************************************************************************/
 static uint32 dump_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
 {
@@ -3279,8 +3274,7 @@ static uint32 dump_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
 	
 	DEBUG(106,("Dumping printer at level [%d]\n", level));
 	
-	switch (level)
-	{
+	switch (level) {
 		case 2:
 		{
 			if (printer.info_2 == NULL)
@@ -3325,26 +3319,6 @@ static uint32 dump_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
 	return result;
 }
 
-/****************************************************************************
- Get the parameters we can substitute in an NT print job.
-****************************************************************************/
-
-void get_printer_subst_params(int snum, fstring *printername, fstring *sharename, fstring *portname)
-{
-	NT_PRINTER_INFO_LEVEL *printer = NULL;
-
-	**printername = **sharename = **portname = '\0';
-
-	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
-		return;
-
-	fstrcpy(*printername, printer->info_2->printername);
-	fstrcpy(*sharename, printer->info_2->sharename);
-	fstrcpy(*portname, printer->info_2->portname);
-
-	free_a_printer(&printer, 2);
-}
-
 /****************************************************************************
  Update the changeid time.
  This is SO NASTY as some drivers need this to change, others need it
@@ -3388,8 +3362,15 @@ WERROR mod_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
 	
 	dump_a_printer(printer, level);	
 	
-	switch (level)
-	{
+	/* 
+	 * invalidate cache for all open handles to this printer.
+	 * cache for a given handle will be updated on the next 
+	 * get_a_printer() 
+	 */
+	 
+	invalidate_printer_hnd_cache( printer.info_2->sharename );
+	
+	switch (level) {
 		case 2:
 		{
 			/*
@@ -3424,6 +3405,7 @@ WERROR mod_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
 			 */
 
 			result=update_a_printer_2(printer.info_2);
+			
 			break;
 		}
 		default:
@@ -3528,8 +3510,7 @@ BOOL set_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level)
 {
 	BOOL result = False;
 	
-	switch (level)
-	{
+	switch (level) {
 		case 2:
 			result = set_driver_init_2(printer->info_2);
 			break;
@@ -3600,7 +3581,8 @@ static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info)
 			ret = -1;
 			goto done;
 		}
-		else buf = tb;
+		else
+			buf = tb;
 		buflen = len;
 		goto again;
 	}
@@ -3636,13 +3618,10 @@ uint32 update_driver_init(NT_PRINTER_INFO_LEVEL printer, uint32 level)
 	
 	dump_a_printer(printer, level);	
 	
-	switch (level)
-	{
+	switch (level) {
 		case 2:
-		{
 			result = update_driver_init_2(printer.info_2);
 			break;
-		}
 		default:
 			result = 1;
 			break;
@@ -3711,8 +3690,7 @@ static WERROR save_driver_init_2(NT_PRINTER_INFO_LEVEL *printer, uint8 *data, ui
 	 */
 	DEBUG(8,("save_driver_init_2: Enter...\n"));
 	
-	if ( !printer->info_2->devmode && data_len ) 
-	{
+	if ( !printer->info_2->devmode && data_len ) {
 		/*
 		 * Set devmode on printer info, so entire printer initialization can be
 		 * saved to tdb.
@@ -3781,13 +3759,10 @@ WERROR save_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level, uint8 *dat
 {
 	WERROR status = WERR_OK;
 	
-	switch (level)
-	{
+	switch (level) {
 		case 2:
-		{
 			status = save_driver_init_2( printer, data, data_len );
 			break;
-		}
 		default:
 			status = WERR_UNKNOWN_LEVEL;
 			break;
@@ -3796,11 +3771,80 @@ WERROR save_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level, uint8 *dat
 	return status;
 }
 
+/****************************************************************************
+ Deep copy a NT_PRINTER_DATA
+****************************************************************************/
+
+static NTSTATUS copy_printer_data( NT_PRINTER_DATA *dst, NT_PRINTER_DATA *src )
+{
+	int i, j, num_vals, new_key_index;
+	REGVAL_CTR *src_key, *dst_key;
+	
+	if ( !dst || !src )
+		return NT_STATUS_NO_MEMORY;
+	
+	for ( i=0; i<src->num_keys; i++ ) {
+			   
+		/* create a new instance of the printerkey in the destination 
+		   printer_data object */
+		   
+		new_key_index = add_new_printer_key( dst, src->keys[i].name );
+		dst_key = &dst->keys[new_key_index].values;
+
+		src_key = &src->keys[i].values;
+		num_vals = regval_ctr_numvals( src_key );
+		
+		/* dup the printer entire printer key */
+		
+		for ( j=0; j<num_vals; j++ ) {
+			regval_ctr_copyvalue( dst_key, regval_ctr_specific_value(src_key, j) );
+		}
+	}
+		
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Deep copy a NT_PRINTER_INFO_LEVEL_2 structure using malloc()'d memeory
+ Caller must free.
+****************************************************************************/
+
+static NT_PRINTER_INFO_LEVEL_2* dup_printer_2( TALLOC_CTX *ctx, NT_PRINTER_INFO_LEVEL_2 *printer )
+{
+	NT_PRINTER_INFO_LEVEL_2 *copy;
+	
+	if ( !printer )
+		return NULL;
+	
+	if ( !(copy = (NT_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(NT_PRINTER_INFO_LEVEL_2))) )
+		return NULL;
+		
+	memcpy( copy, printer, sizeof(NT_PRINTER_INFO_LEVEL_2) );
+	
+	/* malloc()'d members copied here */
+	
+	copy->devmode = dup_nt_devicemode( printer->devmode );	
+
+	ZERO_STRUCT( copy->data );
+	copy_printer_data( &copy->data, &printer->data );
+	
+	/* this is talloc()'d; very ugly that we have a structure that 
+	   is half malloc()'d and half talloc()'d but that is the way 
+	   that the PRINTER_INFO stuff is written right now.  --jerry  */
+	   
+	copy->secdesc_buf = dup_sec_desc_buf( ctx, printer->secdesc_buf );
+		
+	return copy;
+}
+
 /****************************************************************************
  Get a NT_PRINTER_INFO_LEVEL struct. It returns malloced memory.
 ****************************************************************************/
 
-WERROR get_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level, fstring sharename)
+#define ENABLE_PRINT_HND_CACHE	1
+
+WERROR get_a_printer( Printer_entry *print_hnd, NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level, 
+			const char *sharename)
 {
 	WERROR result;
 	NT_PRINTER_INFO_LEVEL *printer = NULL;
@@ -3809,24 +3853,70 @@ WERROR get_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level, fstring s
 
 	DEBUG(10,("get_a_printer: [%s] level %u\n", sharename, (unsigned int)level));
 
-	switch (level)
-	{
+	switch (level) {
 		case 2:
-		{
 			if ((printer = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL))) == NULL) {
 				DEBUG(0,("get_a_printer: malloc fail.\n"));
 				return WERR_NOMEM;
 			}
 			ZERO_STRUCTP(printer);
+			
+			/* 
+			 * check for cache first.  A Printer handle cannot changed
+			 * to another printer object so we only check that the printer 
+			 * is actually for a printer and that the printer_info pointer 
+			 * is valid
+			 */
+#ifdef ENABLE_PRINT_HND_CACHE	/* JERRY */
+			if ( print_hnd 
+				&& (print_hnd->printer_type==PRINTER_HANDLE_IS_PRINTER) 
+				&& print_hnd->printer_info )
+			{
+				if ( !(printer->info_2 = dup_printer_2(print_hnd->ctx, print_hnd->printer_info->info_2)) ) {
+					DEBUG(0,("get_a_printer: unable to copy cached printer info!\n"));
+					
+					SAFE_FREE(printer);
+					return WERR_NOMEM;
+				}
+				
+				DEBUG(10,("get_a_printer: using cached copy of printer_info_2\n"));
+				
+				*pp_printer = printer;				
+				result = WERR_OK;
+				
+				break;
+			}
+#endif 
+
+			/* no cache; look it up on disk */
+			
 			result=get_a_printer_2(&printer->info_2, sharename);
 			if (W_ERROR_IS_OK(result)) {
 				dump_a_printer(*printer, level);
+
+#if ENABLE_PRINT_HND_CACHE	/* JERRY */								
+				/* save a copy in cache */
+				if ( print_hnd && (print_hnd->printer_type==PRINTER_HANDLE_IS_PRINTER)) {
+					if ( !print_hnd->printer_info )
+						print_hnd->printer_info = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL));
+					
+					if ( print_hnd->printer_info ) {
+						print_hnd->printer_info->info_2 = dup_printer_2(print_hnd->ctx, printer->info_2);
+						
+						/* don't fail the lookup just because the cache update failed */
+						if ( !print_hnd->printer_info->info_2 )
+							DEBUG(0,("get_a_printer: unable to copy new printer info!\n"));
+					}
+					
+				}
+#endif
 				*pp_printer = printer;
-			} else {
-				SAFE_FREE(printer);
 			}
+			else 
+				SAFE_FREE(printer);
+	
+
 			break;
-		}
 		default:
 			result=WERR_UNKNOWN_LEVEL;
 			break;
@@ -3851,21 +3941,15 @@ uint32 free_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level)
 	if (printer == NULL)
 		return 0;
 	
-	switch (level)
-	{
+	switch (level) {
 		case 2:
-		{
-			if (printer->info_2 != NULL)
-			{
+			if (printer->info_2 != NULL) {
 				free_nt_printer_info_level_2(&printer->info_2);
 				result=0;
-			}
-			else
-			{
+			} else
 				result=4;
-			}
 			break;
-		}
+
 		default:
 			result=1;
 			break;
@@ -3883,19 +3967,15 @@ uint32 add_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
 	DEBUG(104,("adding a printer at level [%d]\n", level));
 	dump_a_printer_driver(driver, level);
 	
-	switch (level)
-	{
+	switch (level) {
 		case 3:
-		{
 			result=add_a_printer_driver_3(driver.info_3);
 			break;
-		}
 
 		case 6:
-		{
 			result=add_a_printer_driver_6(driver.info_6);
 			break;
-		}
+
 		default:
 			result=1;
 			break;
@@ -3905,13 +3985,13 @@ uint32 add_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
 }
 /****************************************************************************
 ****************************************************************************/
+
 WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level,
                             fstring drivername, const char *architecture, uint32 version)
 {
 	WERROR result;
 	
-	switch (level)
-	{
+	switch (level) {
 		case 3:
 			/* Sometime we just want any version of the driver */
 			
@@ -3924,8 +4004,7 @@ WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level,
 					result = get_a_printer_driver_3( &driver->info_3, 
 							drivername, architecture, 2 );
 				}
-			}
-			else {
+			} else {
 				result = get_a_printer_driver_3(&driver->info_3, drivername, 
 					architecture, version);				
 			}
@@ -3948,8 +4027,7 @@ uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
 {
 	uint32 result;
 	
-	switch (level)
-	{
+	switch (level) {
 		case 3:
 		{
 			NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3;
@@ -3960,9 +4038,7 @@ uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
 				ZERO_STRUCTP(info3);
 				SAFE_FREE(info3);
 				result=0;
-			}
-			else
-			{
+			} else {
 				result=4;
 			}
 			break;
@@ -3970,17 +4046,14 @@ uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
 		case 6:
 		{
 			NT_PRINTER_DRIVER_INFO_LEVEL_6 *info6;
-			if (driver.info_6 != NULL)
-			{
+			if (driver.info_6 != NULL) {
 				info6=driver.info_6;
 				SAFE_FREE(info6->dependentfiles);
 				SAFE_FREE(info6->previousnames);
 				ZERO_STRUCTP(info6);
 				SAFE_FREE(info6);
 				result=0;
-			}
-			else
-			{
+			} else {
 				result=4;
 			}
 			break;
@@ -4011,12 +4084,11 @@ BOOL printer_driver_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3 )
 	
 	/* loop through the printers.tdb and check for the drivername */
 	
-	for (snum=0; snum<n_services; snum++) 
-	{
+	for (snum=0; snum<n_services; snum++) {
 		if ( !(lp_snum_ok(snum) && lp_print_ok(snum) ) )
 			continue;
 		
-		if ( !W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))) )
+		if ( !W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_servicename(snum))) )
 			continue;
 		
 		if ( !StrCaseCmp(info_3->name, printer->info_2->drivername) ) {
@@ -4063,11 +4135,9 @@ static BOOL drv_file_in_use( char* file, NT_PRINTER_DRIVER_INFO_LEVEL_3 *info )
 	if ( !info->dependentfiles )
 		return False;
 	
-	while ( *info->dependentfiles[i] ) 
-	{
+	while ( *info->dependentfiles[i] ) {
 		if ( strequal(file, info->dependentfiles[i]) )
 			return True;
-			
 		i++;
 	}
 	
@@ -4085,8 +4155,7 @@ static void trim_dependent_file( fstring files[], int idx )
 	
 	/* bump everything down a slot */
 
-	while( *files[idx+1] ) 
-	{
+	while( *files[idx+1] ) {
 		fstrcpy( files[idx], files[idx+1] );
 		idx++;
 	}
@@ -4140,14 +4209,12 @@ static BOOL trim_overlap_drv_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *src,
 	if ( !src->dependentfiles )
 		return in_use;
 		
-	while ( *src->dependentfiles[i] ) 
-	{
+	while ( *src->dependentfiles[i] ) {
 		if ( drv_file_in_use(src->dependentfiles[i], drv) ) {
 			in_use = True;
 			DEBUG(10,("Removing [%s] from dependent file list\n", src->dependentfiles[i]));
 			trim_dependent_file( src->dependentfiles, i );
-		}
-		else
+		} else
 			i++;
 	} 		
 		
@@ -4192,15 +4259,12 @@ BOOL printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info )
 
 	/* check each driver for overlap in files */
 		
-	for (i=0; i<ndrivers; i++) 
-	{
+	for (i=0; i<ndrivers; i++) {
 		DEBUGADD(5,("\tdriver: [%s]\n", list[i]));
 			
 		ZERO_STRUCT(driver);
 			
-		if ( !W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, list[i], 
-			info->environment, version)) )
-		{
+		if ( !W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, list[i], info->environment, version)) ) {
 			SAFE_FREE(list);
 			return True;
 		}
@@ -4208,8 +4272,7 @@ BOOL printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info )
 		/* check if d2 uses any files from d1 */
 		/* only if this is a different driver than the one being deleted */
 			
-		if ( !strequal(info->name, driver.info_3->name) )
-		{
+		if ( !strequal(info->name, driver.info_3->name) ) {
 			if ( trim_overlap_drv_files(info, driver.info_3) ) {
 				free_a_printer_driver(driver, 3);
 				SAFE_FREE( list );
@@ -4307,15 +4370,13 @@ static BOOL delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct
 	
 	/* check if we are done removing files */
 	
-	if ( info_3->dependentfiles )
-	{
+	if ( info_3->dependentfiles ) {
 		while ( *info_3->dependentfiles[i] ) {
 			char *file;
 
 			/* bypass the "\print$" portion of the path */
 			
-			if ( (file = strchr( info_3->dependentfiles[i]+1, '\\' )) != NULL )
-			{
+			if ( (file = strchr( info_3->dependentfiles[i]+1, '\\' )) != NULL ) {
 				DEBUG(10,("deleting dependent file [%s]\n", file));
 				unlink_internals(conn, 0, file );
 			}
@@ -4560,8 +4621,9 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *printername, SEC_DESC_BUF *
 	fstring key;
 	char *temp;
 
-	if (strlen(printername) > 2 && (temp = strchr(printername + 2, '\\')))
+	if (strlen(printername) > 2 && (temp = strchr(printername + 2, '\\'))) {
 		printername = temp + 1;
+	}
 
 	/* Fetch security descriptor from tdb */
 
@@ -4803,7 +4865,7 @@ BOOL print_time_access_check(int snum)
 	struct tm *t;
 	uint32 mins;
 
-	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_servicename(snum))))
 		return False;
 
 	if (printer->info_2->starttime == 0 && printer->info_2->untiltime == 0)
diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c
index 4b8eaa658e..619ffc7ee7 100644
--- a/source3/registry/reg_printing.c
+++ b/source3/registry/reg_printing.c
@@ -497,7 +497,7 @@ static int print_subpath_printers( char *key, REGSUBKEY_CTR *subkeys )
 	keystr = key2;
 	reg_split_path( keystr, &base, &new_path );
 
-	if ( !W_ERROR_IS_OK( get_a_printer(&printer, 2, base) ) )
+		if ( !W_ERROR_IS_OK( get_a_printer(NULL, &printer, 2, base) ) )
 		goto done;
 
 	num_subkeys = get_printer_subkeys( &printer->info_2->data, new_path?new_path:"", &subkey_names );
@@ -557,7 +557,7 @@ static int print_subpath_values_printers( char *key, REGVAL_CTR *val )
 	{
 		/* we are dealing with the printer itself */
 
-		if ( !W_ERROR_IS_OK( get_a_printer(&printer, 2, printername) ) )
+		if ( !W_ERROR_IS_OK( get_a_printer(NULL, &printer, 2, printername) ) )
 			goto done;
 
 		info2 = printer->info_2;
@@ -628,7 +628,6 @@ static int print_subpath_values_printers( char *key, REGVAL_CTR *val )
 			}
 		}
 
-				
 		prs_mem_free( &prs );
 		
 		num_values = regval_ctr_numvals( val );	
@@ -639,7 +638,7 @@ static int print_subpath_values_printers( char *key, REGVAL_CTR *val )
 		
 	/* now enumerate the key */
 	
-	if ( !W_ERROR_IS_OK( get_a_printer(&printer, 2, printername) ) )
+	if ( !W_ERROR_IS_OK( get_a_printer(NULL, &printer, 2, printername) ) )
 		goto done;
 	
 	/* iterate over all printer data and fill the regval container */
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index fb2aaf71ec..a34740f9ff 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1372,7 +1372,7 @@ BOOL spoolss_io_r_getprinterdata(const char *desc, SPOOL_R_GETPRINTERDATA *r_u,
 			return False;
 	}
 
-	if (!prs_uint8s( r_u->type&(REG_SZ|REG_MULTI_SZ), "data", ps, depth, r_u->data, r_u->size ))
+	if (!prs_uint8s( False, "data", ps, depth, r_u->data, r_u->size ))
 		return False;
 		
 	if (!prs_align(ps))
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 93566c2bb7..fa9b8eaeff 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -5,7 +5,7 @@
  *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
  *  Copyright (C) Jean François Micouleau      1998-2000,
  *  Copyright (C) Jeremy Allison               2001-2002,
- *  Copyright (C) Gerald Carter		       2000-2002,
+ *  Copyright (C) Gerald Carter		       2000-2003,
  *  Copyright (C) Tim Potter                   2001-2002.
  *
  *  This program is free software; you can redistribute it and/or modify
@@ -37,8 +37,7 @@
 
 #define MAGIC_DISPLAY_FREQUENCY 0xfade2bad
 #define PHANTOM_DEVMODE_KEY "_p_f_a_n_t_0_m_"
-#define PRINTER_HANDLE_IS_PRINTER	0
-#define PRINTER_HANDLE_IS_PRINTSERVER	1
+
 
 /* Table to map the driver version */
 /* to OS */
@@ -55,46 +54,6 @@ struct table_node {
 	int     version;
 };
 
-
-/* structure to store the printer handles */
-/* and a reference to what it's pointing to */
-/* and the notify info asked about */
-/* that's the central struct */
-typedef struct _Printer{
-	struct _Printer *prev, *next;
-	BOOL document_started;
-	BOOL page_started;
-	uint32 jobid; /* jobid in printing backend */
-	BOOL printer_type;
-	union {
-	  	fstring handlename;
-		fstring printerservername;
-	} dev;
-	uint32 type;
-	uint32 access_granted;
-	struct {
-		uint32 flags;
-		uint32 options;
-		fstring localmachine;
-		uint32 printerlocal;
-		SPOOL_NOTIFY_OPTION *option;
-		POLICY_HND client_hnd;
-		BOOL client_connected;
-		uint32 change;
-		/* are we in a FindNextPrinterChangeNotify() call? */
-		BOOL fnpcn;
-	} notify;
-	struct {
-		fstring machine;
-		fstring user;
-	} client;
-	
-	/* devmode sent in the OpenPrinter() call */
-	NT_DEVICEMODE	*nt_devmode;
-	
-	
-} Printer_entry;
-
 static Printer_entry *printers_list;
 
 typedef struct _counter_printer_0 {
@@ -251,6 +210,9 @@ static void free_printer_entry(void *ptr)
 	Printer->notify.client_connected=False;
 	
 	free_nt_devicemode( &Printer->nt_devmode );
+	free_a_printer( &Printer->printer_info, 2 );
+	
+	talloc_destroy( Printer->ctx );
 
 	/* Remove from the internal list. */
 	DLIST_REMOVE(printers_list, Printer);
@@ -303,6 +265,29 @@ static Printer_entry *find_printer_index_by_hnd(pipes_struct *p, POLICY_HND *hnd
 	return find_printer;
 }
 
+/****************************************************************************
+  find printer index by handle
+****************************************************************************/
+
+void invalidate_printer_hnd_cache( char *printername )
+{
+	Printer_entry *p;
+	
+	DEBUG(10,("invalidate_printer_hnd_cache: printer [%s]\n", printername));
+
+	for ( p=printers_list; p; p=p->next )
+	{
+		if ( p->printer_type==PRINTER_HANDLE_IS_PRINTER 
+			&& StrCaseCmp(p->dev.handlename, printername)==0)
+		{
+			DEBUG(10,("invalidating printer_info cache for handl:\n"));
+			free_a_printer( &p->printer_info, 2 );
+			p->printer_info = NULL;
+		}
+	}
+
+	return;
+}
 /****************************************************************************
  Close printer index by handle.
 ****************************************************************************/
@@ -534,6 +519,11 @@ static BOOL open_printer_hnd(pipes_struct *p, POLICY_HND *hnd, char *name, uint3
 
 	ZERO_STRUCTP(new_printer);
 	
+	if ( !(new_printer->ctx = talloc_init("Printer Entry [0x%x]", (uint32)hnd)) ) {
+		DEBUG(0,("open_printer_hnd: talloc_init() failed!\n"));
+		return False;
+	}
+	
 	new_printer->notify.option=NULL;
 				
 	/* Add to the internal list. */
@@ -861,8 +851,7 @@ static int notify_msg_ctr_addmsg( SPOOLSS_NOTIFY_MSG_CTR *ctr, SPOOLSS_NOTIFY_MS
 	
 	/* add a new group? */
 	
-	if ( i == ctr->num_groups )
-	{
+	if ( i == ctr->num_groups ) {
 		ctr->num_groups++;
 
 		if ( !(groups = talloc_realloc( ctr->ctx, ctr->msg_groups, sizeof(SPOOLSS_NOTIFY_MSG_GROUP)*ctr->num_groups)) ) {
@@ -929,8 +918,7 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
 	
 	/* loop over all printers */
 	
-	for (p = printers_list; p; p = p->next) 
-	{
+	for (p = printers_list; p; p = p->next) {
 		SPOOL_NOTIFY_INFO_DATA *data;
 		uint32	data_len = 0;
 		uint32 	id;
@@ -961,8 +949,7 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
 		
 		/* build the array of change notifications */
 		
-		for ( i=0; i<msg_group->num_msgs; i++ )
-		{
+		for ( i=0; i<msg_group->num_msgs; i++ ) {
 			SPOOLSS_NOTIFY_MSG	*msg = &messages[i];
 			
 			/* Are we monitoring this event? */
@@ -995,8 +982,7 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
 
 			/* Convert unix jobid to smb jobid */
 
-			if (msg->flags & SPOOLSS_NOTIFY_MSG_UNIX_JOBID) 
-			{
+			if (msg->flags & SPOOLSS_NOTIFY_MSG_UNIX_JOBID) {
 				id = sysjob_to_jobid(msg->id);
 
 				if (id == -1) {
@@ -1204,7 +1190,7 @@ void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len)
 			WERROR result;
 			NT_PRINTER_INFO_LEVEL *printer = NULL;
 			
-			result = get_a_printer(&printer, 2, lp_servicename(snum));
+			result = get_a_printer(NULL, &printer, 2, lp_const_servicename(snum));
 			if (!W_ERROR_IS_OK(result))
 				continue;
 				
@@ -1300,7 +1286,7 @@ void reset_all_printerdata(int msg_type, pid_t src, void *buf, size_t len)
 			WERROR result;
 			NT_PRINTER_INFO_LEVEL *printer = NULL;
 			
-			result = get_a_printer( &printer, 2, lp_servicename(snum) );
+			result = get_a_printer( NULL, &printer, 2, lp_const_servicename(snum) );
 			if ( !W_ERROR_IS_OK(result) )
 				continue;
 				
@@ -2157,9 +2143,7 @@ static WERROR get_printer_dataex( TALLOC_CTX *ctx, NT_PRINTER_INFO_LEVEL *printe
 
 static WERROR delete_printer_dataex( NT_PRINTER_INFO_LEVEL *printer, const char *key, const char *value )
 {
-	delete_printer_data( printer->info_2, key, value );
-	
-	return mod_a_printer(*printer, 2);
+	return delete_printer_data( printer->info_2, key, value );
 }
 
 /****************************************************************************
@@ -2171,9 +2155,7 @@ static WERROR set_printer_dataex( NT_PRINTER_INFO_LEVEL *printer, const char *ke
 {
 	delete_printer_data( printer->info_2, key, value );
 	
-	add_printer_data( printer->info_2, key, value, type, data, real_len );
-	
-	return mod_a_printer(*printer, 2);
+	return add_printer_data( printer->info_2, key, value, type, data, real_len );
 }
 
 /********************************************************************
@@ -2349,7 +2331,7 @@ WERROR _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO
 			goto done;
 		}
 
-		status = get_a_printer(&printer, 2, lp_servicename(snum));
+		status = get_a_printer(Printer, &printer, 2, lp_servicename(snum));
 		if ( !W_ERROR_IS_OK(status) )
 			goto done;
 
@@ -3443,7 +3425,7 @@ void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type, uint16
  *
  ********************************************************************/
 
-static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
+static BOOL construct_notify_printer_info(Printer_entry *print_hnd, SPOOL_NOTIFY_INFO *info, int
 					  snum, SPOOL_NOTIFY_OPTION_TYPE
 					  *option_type, uint32 id,
 					  TALLOC_CTX *mem_ctx) 
@@ -3462,11 +3444,10 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
 		(option_type->type==PRINTER_NOTIFY_TYPE?"PRINTER_NOTIFY_TYPE":"JOB_NOTIFY_TYPE"),
 		option_type->count, lp_servicename(snum)));
 	
-	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &printer, 2, lp_const_servicename(snum))))
 		return False;
 
-	for(field_num=0; field_num<option_type->count; field_num++) 
-	{
+	for(field_num=0; field_num<option_type->count; field_num++) {
 		field = option_type->fields[field_num];
 		
 		DEBUG(4,("construct_notify_printer_info: notify [%d]: type [%x], field [%x]\n", field_num, type, field));
@@ -3474,12 +3455,10 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
 		if (!search_notify(type, field, &j) )
 			continue;
 
-		if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) 
-		{
+		if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
 			DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
 			return False;
-		}
-		else 
+		} else 
 			info->data = tid;
 
 		current_data = &info->data[info->count];
@@ -3611,7 +3590,7 @@ static WERROR printserver_notify_info(pipes_struct *p, POLICY_HND *hnd,
 		for (snum=0; snum<n_services; snum++)
 		{
 			if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) )
-				construct_notify_printer_info ( info, snum, option_type, snum, mem_ctx );
+				construct_notify_printer_info ( Printer, info, snum, option_type, snum, mem_ctx );
 		}
 	}
 			
@@ -3671,7 +3650,7 @@ static WERROR printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY
 		
 		switch ( option_type->type ) {
 		case PRINTER_NOTIFY_TYPE:
-			if(construct_notify_printer_info(info, snum, 
+			if(construct_notify_printer_info(Printer, info, snum, 
 							 option_type, id,
 							 mem_ctx))  
 				id--;
@@ -3682,8 +3661,7 @@ static WERROR printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY
 
 			count = print_queue_status(snum, &queue, &status);
 
-			if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, 
-							 lp_servicename(snum))))
+			if (!W_ERROR_IS_OK(get_a_printer(Printer, &printer, 2, lp_const_servicename(snum))))
 				goto done;
 
 			for (j=0; j<count; j++) {
@@ -3783,7 +3761,7 @@ done:
  * fill a printer_info_0 struct
  ********************************************************************/
 
-static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum)
+static BOOL construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *printer, int snum)
 {
 	pstring chaine;
 	int count;
@@ -3794,7 +3772,7 @@ static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum)
 	time_t setuptime;
 	print_status_struct status;
 	
-	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
 		return False;
 
 	count = print_queue_length(snum, &status);
@@ -3892,13 +3870,13 @@ static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum)
  * construct_printer_info_1
  * fill a printer_info_1 struct
  ********************************************************************/
-static BOOL construct_printer_info_1(uint32 flags, PRINTER_INFO_1 *printer, int snum)
+static BOOL construct_printer_info_1(Printer_entry *print_hnd, uint32 flags, PRINTER_INFO_1 *printer, int snum)
 {
 	pstring chaine;
 	pstring chaine2;
 	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
 
-	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
 		return False;
 
 	printer->flags=flags;
@@ -3997,7 +3975,7 @@ DEVICEMODE *construct_dev_mode(int snum)
 	
 	DEBUGADD(8,("getting printer characteristics\n"));
 
-	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum)))) 
+	if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) 
 		return NULL;
 
 	if ( !printer->info_2->devmode ) {
@@ -4030,14 +4008,14 @@ done:
  * fill a printer_info_2 struct
  ********************************************************************/
 
-static BOOL construct_printer_info_2(PRINTER_INFO_2 *printer, int snum)
+static BOOL construct_printer_info_2(Printer_entry *print_hnd, PRINTER_INFO_2 *printer, int snum)
 {
 	int count;
 	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
 
 	print_status_struct status;
 
-	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
 		return False;
 		
 	count = print_queue_length(snum, &status);
@@ -4093,12 +4071,12 @@ static BOOL construct_printer_info_2(PRINTER_INFO_2 *printer, int snum)
  * fill a printer_info_3 struct
  ********************************************************************/
 
-static BOOL construct_printer_info_3(PRINTER_INFO_3 **pp_printer, int snum)
+static BOOL construct_printer_info_3(Printer_entry *print_hnd, PRINTER_INFO_3 **pp_printer, int snum)
 {
 	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
 	PRINTER_INFO_3 *printer = NULL;
 
-	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
 		return False;
 
 	*pp_printer = NULL;
@@ -4148,11 +4126,11 @@ static BOOL construct_printer_info_3(PRINTER_INFO_3 **pp_printer, int snum)
  * fill a printer_info_4 struct
  ********************************************************************/
 
-static BOOL construct_printer_info_4(PRINTER_INFO_4 *printer, int snum)
+static BOOL construct_printer_info_4(Printer_entry *print_hnd, PRINTER_INFO_4 *printer, int snum)
 {
 	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
 
-	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
 		return False;
 		
 	init_unistr(&printer->printername, ntprinter->info_2->printername);				/* printername*/
@@ -4168,11 +4146,11 @@ static BOOL construct_printer_info_4(PRINTER_INFO_4 *printer, int snum)
  * fill a printer_info_5 struct
  ********************************************************************/
 
-static BOOL construct_printer_info_5(PRINTER_INFO_5 *printer, int snum)
+static BOOL construct_printer_info_5(Printer_entry *print_hnd, PRINTER_INFO_5 *printer, int snum)
 {
 	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
 
-	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
 		return False;
 		
 	init_unistr(&printer->printername, ntprinter->info_2->printername);
@@ -4194,12 +4172,12 @@ static BOOL construct_printer_info_5(PRINTER_INFO_5 *printer, int snum)
  * fill a printer_info_7 struct
  ********************************************************************/
 
-static BOOL construct_printer_info_7(PRINTER_INFO_7 *printer, int snum)
+static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *printer, int snum)
 {
 	char *guid_str = NULL;
 	GUID guid;
 	
-	if (is_printer_published(snum, &guid)) {
+	if (is_printer_published(print_hnd, snum, &guid)) {
 		asprintf(&guid_str, "{%s}", uuid_string_static(guid));
 		strupper(guid_str);
 		init_unistr(&printer->guid, guid_str);
@@ -4230,7 +4208,7 @@ static WERROR enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32
 		if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) {
 			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
 
-			if (construct_printer_info_1(flags, &current_prt, snum)) {
+			if (construct_printer_info_1(NULL, flags, &current_prt, snum)) {
 				if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) {
 					DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
 					SAFE_FREE(printers);
@@ -4399,7 +4377,7 @@ static WERROR enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint3
 		if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) {
 			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
 				
-			if (construct_printer_info_2(&current_prt, snum)) {
+			if (construct_printer_info_2(NULL, &current_prt, snum)) {
 				if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) {
 					DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
 					SAFE_FREE(printers);
@@ -4570,14 +4548,14 @@ WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_
 /****************************************************************************
 ****************************************************************************/
 
-static WERROR getprinter_level_0(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getprinter_level_0(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
 {
 	PRINTER_INFO_0 *printer=NULL;
 
 	if((printer=(PRINTER_INFO_0*)malloc(sizeof(PRINTER_INFO_0))) == NULL)
 		return WERR_NOMEM;
 
-	construct_printer_info_0(printer, snum);
+	construct_printer_info_0(print_hnd, printer, snum);
 	
 	/* check the required size. */	
 	*needed += spoolss_size_printer_info_0(printer);
@@ -4603,14 +4581,14 @@ static WERROR getprinter_level_0(int snum, NEW_BUFFER *buffer, uint32 offered, u
 /****************************************************************************
 ****************************************************************************/
 
-static WERROR getprinter_level_1(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getprinter_level_1(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
 {
 	PRINTER_INFO_1 *printer=NULL;
 
 	if((printer=(PRINTER_INFO_1*)malloc(sizeof(PRINTER_INFO_1))) == NULL)
 		return WERR_NOMEM;
 
-	construct_printer_info_1(PRINTER_ENUM_ICON8, printer, snum);
+	construct_printer_info_1(print_hnd, PRINTER_ENUM_ICON8, printer, snum);
 	
 	/* check the required size. */	
 	*needed += spoolss_size_printer_info_1(printer);
@@ -4636,14 +4614,14 @@ static WERROR getprinter_level_1(int snum, NEW_BUFFER *buffer, uint32 offered, u
 /****************************************************************************
 ****************************************************************************/
 
-static WERROR getprinter_level_2(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getprinter_level_2(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
 {
 	PRINTER_INFO_2 *printer=NULL;
 
 	if((printer=(PRINTER_INFO_2*)malloc(sizeof(PRINTER_INFO_2)))==NULL)
 		return WERR_NOMEM;
 	
-	construct_printer_info_2(printer, snum);
+	construct_printer_info_2(print_hnd, printer, snum);
 	
 	/* check the required size. */	
 	*needed += spoolss_size_printer_info_2(printer);
@@ -4672,11 +4650,11 @@ static WERROR getprinter_level_2(int snum, NEW_BUFFER *buffer, uint32 offered, u
 /****************************************************************************
 ****************************************************************************/
 
-static WERROR getprinter_level_3(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getprinter_level_3(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
 {
 	PRINTER_INFO_3 *printer=NULL;
 
-	if (!construct_printer_info_3(&printer, snum))
+	if (!construct_printer_info_3(print_hnd, &printer, snum))
 		return WERR_NOMEM;
 	
 	/* check the required size. */	
@@ -4703,14 +4681,14 @@ static WERROR getprinter_level_3(int snum, NEW_BUFFER *buffer, uint32 offered, u
 /****************************************************************************
 ****************************************************************************/
 
-static WERROR getprinter_level_4(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getprinter_level_4(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
 {
 	PRINTER_INFO_4 *printer=NULL;
 
 	if((printer=(PRINTER_INFO_4*)malloc(sizeof(PRINTER_INFO_4)))==NULL)
 		return WERR_NOMEM;
 
-	if (!construct_printer_info_4(printer, snum))
+	if (!construct_printer_info_4(print_hnd, printer, snum))
 		return WERR_NOMEM;
 	
 	/* check the required size. */	
@@ -4737,14 +4715,14 @@ static WERROR getprinter_level_4(int snum, NEW_BUFFER *buffer, uint32 offered, u
 /****************************************************************************
 ****************************************************************************/
 
-static WERROR getprinter_level_5(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getprinter_level_5(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
 {
 	PRINTER_INFO_5 *printer=NULL;
 
 	if((printer=(PRINTER_INFO_5*)malloc(sizeof(PRINTER_INFO_5)))==NULL)
 		return WERR_NOMEM;
 
-	if (!construct_printer_info_5(printer, snum))
+	if (!construct_printer_info_5(print_hnd, printer, snum))
 		return WERR_NOMEM;
 	
 	/* check the required size. */	
@@ -4768,14 +4746,14 @@ static WERROR getprinter_level_5(int snum, NEW_BUFFER *buffer, uint32 offered, u
 	return WERR_OK;	
 }
 
-static WERROR getprinter_level_7(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getprinter_level_7(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
 {
 	PRINTER_INFO_7 *printer=NULL;
 
 	if((printer=(PRINTER_INFO_7*)malloc(sizeof(PRINTER_INFO_7)))==NULL)
 		return WERR_NOMEM;
 
-	if (!construct_printer_info_7(printer, snum))
+	if (!construct_printer_info_7(print_hnd, printer, snum))
 		return WERR_NOMEM;
 	
 	/* check the required size. */	
@@ -4809,6 +4787,7 @@ WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GET
 	NEW_BUFFER *buffer = NULL;
 	uint32 offered = q_u->offered;
 	uint32 *needed = &r_u->needed;
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
 
 	int snum;
 
@@ -4823,19 +4802,19 @@ WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GET
 
 	switch (level) {
 	case 0:
-		return getprinter_level_0(snum, buffer, offered, needed);
+		return getprinter_level_0(Printer, snum, buffer, offered, needed);
 	case 1:
-		return getprinter_level_1(snum, buffer, offered, needed);
+		return getprinter_level_1(Printer, snum, buffer, offered, needed);
 	case 2:		
-		return getprinter_level_2(snum, buffer, offered, needed);
+		return getprinter_level_2(Printer, snum, buffer, offered, needed);
 	case 3:		
-		return getprinter_level_3(snum, buffer, offered, needed);
+		return getprinter_level_3(Printer, snum, buffer, offered, needed);
 	case 4:		
-		return getprinter_level_4(snum, buffer, offered, needed);
+		return getprinter_level_4(Printer, snum, buffer, offered, needed);
 	case 5:		
-		return getprinter_level_5(snum, buffer, offered, needed);
+		return getprinter_level_5(Printer, snum, buffer, offered, needed);
 	case 7:
-		return getprinter_level_7(snum, buffer, offered, needed);
+		return getprinter_level_7(Printer, snum, buffer, offered, needed);
 	}
 	return WERR_UNKNOWN_LEVEL;
 }	
@@ -4860,7 +4839,7 @@ static WERROR construct_printer_driver_info_1(DRIVER_INFO_1 *info, int snum, fst
 
 	ZERO_STRUCT(driver);
 
-	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum))))
 		return WERR_INVALID_PRINTER_NAME;
 
 	if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version)))
@@ -4920,7 +4899,7 @@ static WERROR construct_printer_driver_info_2(DRIVER_INFO_2 *info, int snum, fst
 	ZERO_STRUCT(printer);
 	ZERO_STRUCT(driver);
 
-	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+	if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum))))
 		return WERR_INVALID_PRINTER_NAME;
 
 	if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version)))
@@ -5059,7 +5038,7 @@ static WERROR construct_printer_driver_info_3(DRIVER_INFO_3 *info, int snum, fst
 	WERROR status;
 	ZERO_STRUCT(driver);
 
-	status=get_a_printer(&printer, 2, lp_servicename(snum) );
+	status=get_a_printer(NULL, &printer, 2, lp_const_servicename(snum) );
 	DEBUG(8,("construct_printer_driver_info_3: status: %s\n", dos_errstr(status)));
 	if (!W_ERROR_IS_OK(status))
 		return WERR_INVALID_PRINTER_NAME;
@@ -5184,7 +5163,7 @@ static WERROR construct_printer_driver_info_6(DRIVER_INFO_6 *info, int snum,
 	
 	ZERO_STRUCT(driver);
 
-	status=get_a_printer(&printer, 2, lp_servicename(snum) );
+	status=get_a_printer(NULL, &printer, 2, lp_const_servicename(snum) );
 	
 	DEBUG(8,("construct_printer_driver_info_6: status: %s\n", dos_errstr(status)));
 	
@@ -5853,13 +5832,6 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 
 	result = WERR_OK;
 
-	if (level!=2) {
-		DEBUG(0,("update_printer: Send a mail to samba@samba.org\n"));
-		DEBUGADD(0,("with the following message: update_printer: level!=2\n"));
-		result = WERR_UNKNOWN_LEVEL;
-		goto done;
-	}
-
 	if (!Printer) {
 		result = WERR_BADFID;
 		goto done;
@@ -5870,8 +5842,8 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 		goto done;
 	}
 
-	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))) ||
-	    (!W_ERROR_IS_OK(get_a_printer(&old_printer, 2, lp_servicename(snum))))) {
+	if (!W_ERROR_IS_OK(get_a_printer(Printer, &printer, 2, lp_const_servicename(snum))) ||
+	    (!W_ERROR_IS_OK(get_a_printer(Printer, &old_printer, 2, lp_const_servicename(snum))))) {
 		result = WERR_BADFID;
 		goto done;
 	}
@@ -5899,13 +5871,6 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 			result =  WERR_NOMEM;
 			goto done;
 		}
-
-		/* 
-		 * make sure we actually reload the services after 
-		 * this as smb.conf could have a new section in it 
-		 * .... shouldn't .... but could
-		 */
-		reload_services(False);	
 	}
 
 	/* Do sanity check on the requested changes for Samba */
@@ -5964,9 +5929,6 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 		notify_printer_driver(snum, printer->info_2->drivername);
 	}
 
-	/* Update printer info */
-	result = mod_a_printer(*printer, 2);
-
 	/* 
 	 * flag which changes actually occured.  This is a small subset of 
 	 * all the possible changes.  We also have to update things in the 
@@ -6022,6 +5984,9 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 	set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "uNCName",
 		REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
 
+	/* Update printer info */
+	result = mod_a_printer(*printer, 2);
+
 done:
 	free_a_printer(&printer, 2);
 	free_a_printer(&old_printer, 2);
@@ -6051,7 +6016,7 @@ static WERROR publish_or_unpublish_printer(pipes_struct *p, POLICY_HND *handle,
 	if (!get_printer_snum(p, handle, &snum))
 		return WERR_BADFID;
 	
-	nt_printer_publish(snum, info7->action);
+	nt_printer_publish(Printer, snum, info7->action);
 	
 	return WERR_OK;
 #else
@@ -6287,7 +6252,7 @@ static WERROR enumjobs_level2(print_queue_struct *queue, int snum,
 		goto done;
 	}
 
-	result = get_a_printer(&ntprinter, 2, lp_servicename(snum));
+	result = get_a_printer(NULL, &ntprinter, 2, lp_servicename(snum));
 	if (!W_ERROR_IS_OK(result)) {
 		*returned = 0;
 		goto done;
@@ -7591,7 +7556,7 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S
 	if (!get_printer_snum(p,handle, &snum))
 		return WERR_BADFID;
 	
-	result = get_a_printer(&printer, 2, lp_servicename(snum));
+	result = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(result))
 		return result;
 		
@@ -7655,9 +7620,9 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S
 		/* out_value should default to "" or else NT4 has
 		   problems unmarshalling the response */
 
-		*out_max_value_len = (in_value_len/sizeof(uint16));
+		*out_max_value_len=(in_value_len/sizeof(uint16));
 		
-		if ( (*out_value=(uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL ) 
+		if((*out_value=(uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL)
 		{
 			result = WERR_NOMEM;
 			goto done;
@@ -7692,7 +7657,7 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S
 		 */
 	
 		/* name */
-		*out_max_value_len = ( in_value_len / sizeof(uint16) );
+		*out_max_value_len=(in_value_len/sizeof(uint16));
 		if ( (*out_value = (uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL ) 
 		{
 			result = WERR_NOMEM;
@@ -7765,7 +7730,7 @@ WERROR _spoolss_setprinterdata( pipes_struct *p, SPOOL_Q_SETPRINTERDATA *q_u, SP
 		goto done;
 	}
 
-	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(status))
 		return status;
 
@@ -7857,7 +7822,7 @@ WERROR _spoolss_deleteprinterdata(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATA *q_
 		return WERR_ACCESS_DENIED;
 	}
 
-	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(status))
 		return status;
 
@@ -7901,7 +7866,7 @@ WERROR _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM
 		if (!get_printer_snum(p,handle, &snum))
 	                return WERR_BADFID;
 	 
-		status = get_a_printer(&printer, 2, lp_servicename(snum));
+		status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
         	if (!W_ERROR_IS_OK(status))
 			goto done;
 	}
@@ -7972,7 +7937,7 @@ WERROR _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE
 		if (!get_printer_snum(p,handle, &snum))
 	                return WERR_BADFID;
 	 
-		status = get_a_printer(&printer, 2, lp_servicename(snum));
+		status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
         	if (!W_ERROR_IS_OK(status))
 			goto done;
 	}
@@ -8040,7 +8005,7 @@ WERROR _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM *
 		if (!get_printer_snum(p,handle, &snum))
 	                return WERR_BADFID;
 	 
-		status = get_a_printer(&printer, 2, lp_servicename(snum));
+		status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
         	if (!W_ERROR_IS_OK(status))
 			goto done;
 	}
@@ -8390,7 +8355,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin
 		goto done;
 	}
 	
-	ret = get_a_printer(&ntprinter, 2, lp_servicename(snum));
+	ret = get_a_printer(NULL, &ntprinter, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(ret))
 		goto done;
 	
@@ -8543,7 +8508,7 @@ WERROR _spoolss_getprinterdataex(pipes_struct *p, SPOOL_Q_GETPRINTERDATAEX *q_u,
 	if ( !get_printer_snum(p,handle, &snum) )
 		return WERR_BADFID;
 
-	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	status = get_a_printer(Printer, &printer, 2, lp_servicename(snum));
 	if ( !W_ERROR_IS_OK(status) )
 		goto done;
 
@@ -8638,7 +8603,7 @@ WERROR _spoolss_setprinterdataex(pipes_struct *p, SPOOL_Q_SETPRINTERDATAEX *q_u,
 		return WERR_ACCESS_DENIED;
 	}
 
-	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	status = get_a_printer(Printer, &printer, 2, lp_servicename(snum));
 	if (!W_ERROR_IS_OK(status))
 		return status;
 
@@ -8657,11 +8622,10 @@ WERROR _spoolss_setprinterdataex(pipes_struct *p, SPOOL_Q_SETPRINTERDATAEX *q_u,
 	
 	status = set_printer_dataex( printer, keyname, valuename, type, data, real_len ); 
 	
-	/* save the OID if one was specified and the previous set call succeeded */
-	
-	if ( W_ERROR_IS_OK(status) && oid_string )
+	if ( W_ERROR_IS_OK(status) )
 	{
-
+		/* save the OID if one was specified */
+		if ( oid_string ) {
 		fstrcat( keyname, "\\" );
 		fstrcat( keyname, SPOOL_OID_KEY );
 		
@@ -8676,6 +8640,9 @@ WERROR _spoolss_setprinterdataex(pipes_struct *p, SPOOL_Q_SETPRINTERDATAEX *q_u,
 		                    REG_SZ, (void*)oid_string, strlen(oid_string)+1 );		
 	}
 	
+		status = mod_a_printer(*printer, 2);
+	}
+		
 	free_a_printer(&printer, 2);
 
 	return status;
@@ -8713,7 +8680,7 @@ WERROR _spoolss_deleteprinterdataex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATAEX
 		return WERR_ACCESS_DENIED;
 	}
 
-	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(status))
 		return status;
 
@@ -8757,7 +8724,7 @@ WERROR _spoolss_enumprinterkey(pipes_struct *p, SPOOL_Q_ENUMPRINTERKEY *q_u, SPO
 	if ( !get_printer_snum(p,handle, &snum) )
 		return WERR_BADFID;
 
-	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(status))
 		return status;
 		
@@ -8832,7 +8799,7 @@ WERROR _spoolss_deleteprinterkey(pipes_struct *p, SPOOL_Q_DELETEPRINTERKEY *q_u,
 		return WERR_ACCESS_DENIED;
 	}
 
-	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(status))
 		return status;
 	
@@ -8901,7 +8868,7 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_
 		return WERR_BADFID;
 	
 	ZERO_STRUCT(printer);
-	result = get_a_printer(&printer, 2, lp_servicename(snum));
+	result = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
 	if (!W_ERROR_IS_OK(result))
 		return result;
 	
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 25f390be55..98857c6d32 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -500,7 +500,7 @@ static BOOL get_driver_name(int snum, pstring drivername)
 	NT_PRINTER_INFO_LEVEL *info = NULL;
 	BOOL in_tdb = False;
 
-	get_a_printer (&info, 2, lp_servicename(snum));
+	get_a_printer (NULL, &info, 2, lp_servicename(snum));
 	if (info != NULL) {
 		pstrcpy( drivername, info->info_2->drivername);
 		in_tdb = True;
@@ -522,7 +522,7 @@ static void fill_printq_info_52(connection_struct *conn, int snum,
 	NT_PRINTER_DRIVER_INFO_LEVEL 	driver;
 	NT_PRINTER_INFO_LEVEL 		*printer = NULL;
 
-	if ( !W_ERROR_IS_OK(get_a_printer( &printer, 2, lp_servicename(snum))) ) {
+	if ( !W_ERROR_IS_OK(get_a_printer( NULL, &printer, 2, lp_servicename(snum))) ) {
 		DEBUG(3,("fill_printq_info_52: Failed to lookup printer [%s]\n", 
 			lp_servicename(snum)));
 		goto err;
@@ -679,7 +679,7 @@ static int get_printerdrivernumber(int snum)
 	NT_PRINTER_DRIVER_INFO_LEVEL 	driver;
 	NT_PRINTER_INFO_LEVEL 		*printer = NULL;
 
-	if ( !W_ERROR_IS_OK(get_a_printer( &printer, 2, lp_servicename(snum))) ) {
+	if ( !W_ERROR_IS_OK(get_a_printer( NULL, &printer, 2, lp_servicename(snum))) ) {
 		DEBUG(3,("get_printerdrivernumber: Failed to lookup printer [%s]\n", 
 			lp_servicename(snum)));
 		goto done;
-- 
cgit 


From 64e53c9b22f23506acfd2fb4552b7c43129631a6 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 25 Feb 2003 23:28:28 +0000
Subject: Fix breakage done by myself yesterday. (This used to be commit
 f4492de2d668082df6ae06933d12a3cfe120d403)

---
 source3/client/client.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/source3/client/client.c b/source3/client/client.c
index b95d4d877c..5da12fd984 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -51,8 +51,7 @@ static int max_protocol = PROTOCOL_NT1;
 extern pstring user_socket_options;
 
 static int process_tok(fstring tok);
-static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc,
-			 const char **argv);
+static int cmd_help(void);
 
 /* 30 second timeout on most commands */
 #define CLIENT_TIMEOUT (30*1000)
@@ -980,8 +979,7 @@ static BOOL do_altname(char *name)
 /****************************************************************************
  Exit client.
 ****************************************************************************/
-static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc,
-			 const char **argv)
+static int cmd_quit(void)
 {
 	cli_shutdown(cli);
 	exit(0);
@@ -2151,8 +2149,7 @@ static int process_tok(fstring tok)
 /****************************************************************************
 help
 ****************************************************************************/
-static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc,
-		    const char **argv)
+static int cmd_help(void)
 {
 	int i=0,j;
 	fstring buf;
-- 
cgit 


From 7d581bebd437cd66000a1cac4b74b1ec4408f672 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 25 Feb 2003 23:30:46 +0000
Subject: Fix unused variable warning when ENCTYPE_ARCFOUR_HMAC is not defined.
 (This used to be commit 92abafa62894a125c5a09fc92f5056e4d8b51089)

---
 source3/libsmb/clikrb5.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 6b0c7ddaf2..5edc56daa9 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -367,7 +367,9 @@ failed:
 
  BOOL krb5_get_smb_session_key(krb5_context context, krb5_auth_context auth_context, uint8 session_key[16])
  {
+#ifdef ENCTYPE_ARCFOUR_HMAC
 	krb5_keyblock *skey;
+#endif
 	BOOL ret = False;
 
 	memset(session_key, 0, 16);
-- 
cgit 


From 991f6cc3c13cdeb8d7cf0dea25af29bbc7987c64 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 25 Feb 2003 23:34:57 +0000
Subject: More const fixes and flow on fixes from yesterday's const-fest. (This
 used to be commit 018733eedd7897e6811e8461c07e3acf418c0e09)

---
 source3/rpc_client/cli_dfs.c      | 12 ++++---
 source3/rpc_client/cli_lsarpc.c   |  5 +--
 source3/rpc_client/cli_netlogon.c |  2 +-
 source3/rpc_client/cli_spoolss.c  | 17 +++++-----
 source3/rpc_client/cli_srvsvc.c   |  7 +++--
 source3/rpc_parse/parse_dfs.c     | 13 ++++----
 source3/rpc_parse/parse_spoolss.c | 14 +++++----
 source3/rpcclient/cmd_dfs.c       | 16 +++++-----
 source3/rpcclient/cmd_ds.c        |  2 +-
 source3/rpcclient/cmd_netlogon.c  | 12 +++----
 source3/rpcclient/cmd_reg.c       |  4 +--
 source3/rpcclient/cmd_spoolss.c   | 66 +++++++++++++++++++--------------------
 source3/rpcclient/cmd_srvsvc.c    |  8 ++---
 source3/rpcclient/rpcclient.c     |  4 +--
 source3/torture/samtest.c         |  2 +-
 source3/torture/vfstest.c         |  2 +-
 16 files changed, 97 insertions(+), 89 deletions(-)

diff --git a/source3/rpc_client/cli_dfs.c b/source3/rpc_client/cli_dfs.c
index 7fc27b9c3b..2136b69df0 100644
--- a/source3/rpc_client/cli_dfs.c
+++ b/source3/rpc_client/cli_dfs.c
@@ -67,8 +67,8 @@ NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 NTSTATUS cli_dfs_add(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                     char *entrypath, char *servername, char *sharename,
-                     char *comment, uint32 flags)
+                     const char *entrypath, const char *servername, 
+		     const char *sharename, const char *comment, uint32 flags)
 {
 	prs_struct qbuf, rbuf;
 	DFS_Q_DFS_ADD q;
@@ -111,7 +111,8 @@ NTSTATUS cli_dfs_add(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 NTSTATUS cli_dfs_remove(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                        char *entrypath, char *servername, char *sharename)
+                        const char *entrypath, const char *servername, 
+			const char *sharename)
 {
 	prs_struct qbuf, rbuf;
 	DFS_Q_DFS_REMOVE q;
@@ -153,8 +154,9 @@ NTSTATUS cli_dfs_remove(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 NTSTATUS cli_dfs_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                          char *entrypath, char *servername, char *sharename,
-                          uint32 info_level, DFS_INFO_CTR *ctr)
+                          const char *entrypath, const char *servername, 
+			  const char *sharename, uint32 info_level, 
+			  DFS_INFO_CTR *ctr)
 
 {
 	prs_struct qbuf, rbuf;
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index e878d02211..9002ad3d1b 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -805,7 +805,8 @@ NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /** Get privilege name */
 
 NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-			      POLICY_HND *pol, char *name, uint16 lang_id, uint16 lang_id_sys,
+			      POLICY_HND *pol, const char *name, 
+			      uint16 lang_id, uint16 lang_id_sys,
 			      fstring description, uint16 *lang_id_desc)
 {
 	prs_struct qbuf, rbuf;
@@ -1050,7 +1051,7 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /** Get a privilege value given its name */
 
 NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-			      POLICY_HND *pol, char *name, LUID *luid)
+				 POLICY_HND *pol, const char *name, LUID *luid)
 {
 	prs_struct qbuf, rbuf;
 	LSA_Q_LOOKUPPRIVVALUE q;
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index b5ad798755..cbb09803af 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -489,7 +489,7 @@ NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /* Logon domain user */
 
 NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                                char *username, char *password,
+                                const char *username, const char *password,
                                 int logon_type)
 {
 	prs_struct qbuf, rbuf;
diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c
index a1aa6664c1..bb6ce1b998 100644
--- a/source3/rpc_client/cli_spoolss.c
+++ b/source3/rpc_client/cli_spoolss.c
@@ -1243,8 +1243,8 @@ WERROR cli_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
  */
 
 WERROR cli_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-			   POLICY_HND *handle, uint32 level, char *form_name,
-			   FORM *form)
+			   POLICY_HND *handle, uint32 level, 
+			   const char *form_name, FORM *form)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_SETFORM q;
@@ -1305,8 +1305,8 @@ WERROR cli_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 WERROR cli_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 			   uint32 offered, uint32 *needed,
-			   POLICY_HND *handle, char *formname, uint32 level, 
-			   FORM_1 *form)
+			   POLICY_HND *handle, const char *formname, 
+			   uint32 level, FORM_1 *form)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_GETFORM q;
@@ -1377,7 +1377,7 @@ WERROR cli_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
  */
 
 WERROR cli_spoolss_deleteform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-			      POLICY_HND *handle, char *form_name)
+			      POLICY_HND *handle, const char *form_name)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_DELETEFORM q;
@@ -1899,7 +1899,7 @@ WERROR cli_spoolss_enddocprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 WERROR cli_spoolss_getprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 				  uint32 offered, uint32 *needed,
-				  POLICY_HND *hnd, char *valuename, 
+				  POLICY_HND *hnd, const char *valuename, 
 				  REGISTRY_VALUE *value)
 {
 	prs_struct qbuf, rbuf;
@@ -1953,8 +1953,9 @@ WERROR cli_spoolss_getprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 WERROR cli_spoolss_getprinterdataex(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 				    uint32 offered, uint32 *needed,
-				    POLICY_HND *hnd, char *keyname, 
-				    char *valuename, REGISTRY_VALUE *value)
+				    POLICY_HND *hnd, const char *keyname, 
+				    const char *valuename, 
+				    REGISTRY_VALUE *value)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_GETPRINTERDATAEX q;
diff --git a/source3/rpc_client/cli_srvsvc.c b/source3/rpc_client/cli_srvsvc.c
index b6c6b377ff..6cd18f2e43 100644
--- a/source3/rpc_client/cli_srvsvc.c
+++ b/source3/rpc_client/cli_srvsvc.c
@@ -230,9 +230,10 @@ WERROR cli_srvsvc_net_share_del(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 WERROR cli_srvsvc_net_share_add(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-				char *netname, uint32 type, char *remark, 
-				uint32 perms, uint32 max_uses, uint32 num_uses,
-				char *path, char *passwd)
+				const char *netname, uint32 type, 
+				const char *remark, uint32 perms, 
+				uint32 max_uses, uint32 num_uses, 
+				const char *path, const char *passwd)
 {
 	prs_struct qbuf, rbuf;
 	SRV_Q_NET_SHARE_ADD q;
diff --git a/source3/rpc_parse/parse_dfs.c b/source3/rpc_parse/parse_dfs.c
index ccd6d429fa..6f13500359 100644
--- a/source3/rpc_parse/parse_dfs.c
+++ b/source3/rpc_parse/parse_dfs.c
@@ -76,8 +76,8 @@ BOOL dfs_io_r_dfs_exist(const char *desc, DFS_R_DFS_EXIST *q_d, prs_struct *ps,
 Make a DFS_Q_DFS_REMOVE structure
 *******************************************************************/
 
-BOOL init_dfs_q_dfs_remove(DFS_Q_DFS_REMOVE *q_d, char *entrypath, 
-			   char *servername, char *sharename)
+BOOL init_dfs_q_dfs_remove(DFS_Q_DFS_REMOVE *q_d, const char *entrypath, 
+			   const char *servername, const char *sharename)
 {
 	DEBUG(5,("init_dfs_q_dfs_remove\n"));
 	init_unistr2(&q_d->DfsEntryPath, entrypath,  strlen(entrypath)+1);
@@ -149,8 +149,9 @@ BOOL dfs_io_r_dfs_remove(const char *desc, DFS_R_DFS_REMOVE *r_d, prs_struct *ps
 Make a DFS_Q_DFS_ADD structure
 *******************************************************************/
 
-BOOL init_dfs_q_dfs_add(DFS_Q_DFS_ADD *q_d, char *entrypath, char *servername,
-			char *sharename, char *comment, uint32 flags)
+BOOL init_dfs_q_dfs_add(DFS_Q_DFS_ADD *q_d, const char *entrypath, 
+			const char *servername, const char *sharename, 
+			const char *comment, uint32 flags)
 {
 	DEBUG(5,("init_dfs_q_dfs_add\n"));
 	q_d->ptr_DfsEntryPath = q_d->ptr_ServerName = q_d->ptr_ShareName = 1;
@@ -231,8 +232,8 @@ BOOL dfs_io_r_dfs_add(const char *desc, DFS_R_DFS_ADD *r_d, prs_struct *ps, int
 	return True;
 }
 
-BOOL init_dfs_q_dfs_get_info(DFS_Q_DFS_GET_INFO *q_d, char *entrypath,
-			     char *servername, char *sharename, 
+BOOL init_dfs_q_dfs_get_info(DFS_Q_DFS_GET_INFO *q_d, const char *entrypath,
+			     const char *servername, const char *sharename, 
 			     uint32 info_level)
 {
 	DEBUG(5,("init_dfs_q2_get_info\n"));
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index a34740f9ff..47737908f0 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1202,7 +1202,7 @@ BOOL make_spoolss_q_deleteprinterdriver(
 
 BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u,
 				   const POLICY_HND *handle,
-				   char *valuename, uint32 size)
+				   const char *valuename, uint32 size)
 {
         if (q_u == NULL) return False;
 
@@ -1221,7 +1221,8 @@ BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u,
 
 BOOL make_spoolss_q_getprinterdataex(SPOOL_Q_GETPRINTERDATAEX *q_u,
 				     const POLICY_HND *handle,
-				     char *keyname, char *valuename, uint32 size)
+				     const char *keyname, 
+				     const char *valuename, uint32 size)
 {
         if (q_u == NULL) return False;
 
@@ -7503,7 +7504,7 @@ BOOL make_spoolss_q_addform(SPOOL_Q_ADDFORM *q_u, POLICY_HND *handle,
  ********************************************************************/
 
 BOOL make_spoolss_q_setform(SPOOL_Q_SETFORM *q_u, POLICY_HND *handle, 
-			    int level, char *form_name, FORM *form)
+			    int level, const char *form_name, FORM *form)
 {
 	memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
 	q_u->level = level;
@@ -7518,7 +7519,8 @@ BOOL make_spoolss_q_setform(SPOOL_Q_SETFORM *q_u, POLICY_HND *handle,
  * init a structure.
  ********************************************************************/
 
-BOOL make_spoolss_q_deleteform(SPOOL_Q_DELETEFORM *q_u, POLICY_HND *handle, char *form)
+BOOL make_spoolss_q_deleteform(SPOOL_Q_DELETEFORM *q_u, POLICY_HND *handle, 
+			       const char *form)
 {
 	memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
 	init_unistr2(&q_u->name, form, strlen(form) + 1);
@@ -7530,8 +7532,8 @@ BOOL make_spoolss_q_deleteform(SPOOL_Q_DELETEFORM *q_u, POLICY_HND *handle, char
  ********************************************************************/
 
 BOOL make_spoolss_q_getform(SPOOL_Q_GETFORM *q_u, POLICY_HND *handle, 
-                            char *formname, uint32 level, NEW_BUFFER *buffer,
-			    uint32 offered)
+                            const char *formname, uint32 level, 
+			    NEW_BUFFER *buffer, uint32 offered)
 {
         memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
         q_u->level = level;
diff --git a/source3/rpcclient/cmd_dfs.c b/source3/rpcclient/cmd_dfs.c
index e3c4b77645..715174c824 100644
--- a/source3/rpcclient/cmd_dfs.c
+++ b/source3/rpcclient/cmd_dfs.c
@@ -25,7 +25,7 @@
 /* Check DFS is supported by the remote server */
 
 static NTSTATUS cmd_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                              int argc, char **argv)
+                              int argc, const char **argv)
 {
 	BOOL dfs_exists;
 	NTSTATUS result;
@@ -44,10 +44,10 @@ static NTSTATUS cmd_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 static NTSTATUS cmd_dfs_add(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                            int argc, char **argv)
+                            int argc, const char **argv)
 {
 	NTSTATUS result;
-	char *entrypath, *servername, *sharename, *comment;
+	const char *entrypath, *servername, *sharename, *comment;
 	uint32 flags = 0;
 
 	if (argc != 5) {
@@ -68,10 +68,10 @@ static NTSTATUS cmd_dfs_add(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 static NTSTATUS cmd_dfs_remove(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                               int argc, char **argv)
+                               int argc, const char **argv)
 {
 	NTSTATUS result;
-	char *entrypath, *servername, *sharename;
+	const char *entrypath, *servername, *sharename;
 
 	if (argc != 4) {
 		printf("Usage: %s entrypath servername sharename\n", argv[0]);
@@ -169,7 +169,7 @@ static void display_dfs_info_ctr(DFS_INFO_CTR *ctr)
 /* Enumerate dfs shares */
 
 static NTSTATUS cmd_dfs_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                             int argc, char **argv)
+                             int argc, const char **argv)
 {
 	DFS_INFO_CTR ctr;
 	NTSTATUS result;
@@ -192,10 +192,10 @@ static NTSTATUS cmd_dfs_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 static NTSTATUS cmd_dfs_getinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                                int argc, char **argv)
+                                int argc, const char **argv)
 {
 	NTSTATUS result;
-	char *entrypath, *servername, *sharename;
+	const char *entrypath, *servername, *sharename;
 	uint32 info_level = 1;
 	DFS_INFO_CTR ctr;
 
diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c
index 946015c1e3..9de6d6a9ec 100644
--- a/source3/rpcclient/cmd_ds.c
+++ b/source3/rpcclient/cmd_ds.c
@@ -26,7 +26,7 @@
 
 static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct cli_state *cli, 
 				     TALLOC_CTX *mem_ctx, int argc, 
-				     char **argv) 
+				     const char **argv) 
 {
 	NTSTATUS result;
 	DS_DOMINFO_CTR	ctr;
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 53a926d52b..407bff3735 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -24,7 +24,7 @@
 
 static NTSTATUS cmd_netlogon_logon_ctrl2(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx, int argc, 
-                                         char **argv)
+                                         const char **argv)
 {
 	uint32 query_level = 1;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -47,7 +47,7 @@ static NTSTATUS cmd_netlogon_logon_ctrl2(struct cli_state *cli,
 
 static NTSTATUS cmd_netlogon_logon_ctrl(struct cli_state *cli, 
                                         TALLOC_CTX *mem_ctx, int argc, 
-                                        char **argv)
+                                        const char **argv)
 {
 #if 0
 	uint32 query_level = 1;
@@ -143,7 +143,7 @@ static void display_sam_sync(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas,
 
 static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli, 
                                       TALLOC_CTX *mem_ctx, int argc,
-                                      char **argv)
+                                      const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
         unsigned char trust_passwd[16];
@@ -204,7 +204,7 @@ static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli,
 
 static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, 
                                         TALLOC_CTX *mem_ctx, int argc,
-                                        char **argv)
+                                        const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
         unsigned char trust_passwd[16];
@@ -266,12 +266,12 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli,
 
 static NTSTATUS cmd_netlogon_sam_logon(struct cli_state *cli, 
                                        TALLOC_CTX *mem_ctx, int argc,
-                                       char **argv)
+                                       const char **argv)
 {
         unsigned char trust_passwd[16];
         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
         int logon_type = NET_LOGON_TYPE;
-        char *username, *password;
+        const char *username, *password;
 	uint32 neg_flags = 0x000001ff;
 	int auth_level = 2;
 
diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c
index 5d29b4c51a..19c0e7f71f 100644
--- a/source3/rpcclient/cmd_reg.c
+++ b/source3/rpcclient/cmd_reg.c
@@ -895,7 +895,7 @@ static void cmd_reg_get_key_sec(struct client_info *info)
 nt registry shutdown
 ****************************************************************************/
 static NTSTATUS cmd_reg_shutdown(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                                 int argc, char **argv)
+                                 int argc, const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	fstring msg;
@@ -950,7 +950,7 @@ abort a shutdown
 ****************************************************************************/
 static NTSTATUS cmd_reg_abort_shutdown(struct cli_state *cli, 
                                        TALLOC_CTX *mem_ctx, int argc, 
-                                       char **argv)
+                                       const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 66f2e8dc99..9f6f539e19 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -86,7 +86,7 @@ BOOL get_short_archi(char *short_archi, const char *long_archi)
   */
 static NTSTATUS cmd_spoolss_not_implemented(struct cli_state *cli, 
                                             TALLOC_CTX *mem_ctx,
-                                            int argc, char **argv)
+                                            int argc, const char **argv)
 {
 	printf ("(*) This command is not currently implemented.\n");
 	return NT_STATUS_OK;
@@ -98,7 +98,7 @@ static NTSTATUS cmd_spoolss_not_implemented(struct cli_state *cli,
  */
 static NTSTATUS cmd_spoolss_open_printer_ex(struct cli_state *cli, 
                                             TALLOC_CTX *mem_ctx,
-                                            int argc, char **argv)
+                                            int argc, const char **argv)
 {
 	WERROR 	        werror;
 	fstring		printername;
@@ -300,7 +300,7 @@ static void display_print_info_3(PRINTER_INFO_3 *i3)
 
 static NTSTATUS cmd_spoolss_enum_printers(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, char **argv)
+                                          int argc, const char **argv)
 {
 	WERROR                  result;
 	uint32			info_level = 1;
@@ -405,7 +405,7 @@ static void display_port_info_2(PORT_INFO_2 *i2)
 
 static NTSTATUS cmd_spoolss_enum_ports(struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
-				       char **argv)
+				       const char **argv)
 {
 	WERROR         		result;
 	uint32                  needed, info_level = 1;
@@ -457,7 +457,7 @@ static NTSTATUS cmd_spoolss_enum_ports(struct cli_state *cli,
  */
 static NTSTATUS cmd_spoolss_setprinter(struct cli_state *cli,
                                        TALLOC_CTX *mem_ctx,
-                                       int argc, char **argv)
+                                       int argc, const char **argv)
 {
 	POLICY_HND 	pol;
 	WERROR		result;
@@ -527,7 +527,7 @@ static NTSTATUS cmd_spoolss_setprinter(struct cli_state *cli,
  */
 static NTSTATUS cmd_spoolss_getprinter(struct cli_state *cli,
                                        TALLOC_CTX *mem_ctx,
-                                       int argc, char **argv)
+                                       int argc, const char **argv)
 {
 	POLICY_HND 	pol;
 	WERROR          result;
@@ -646,7 +646,7 @@ static void display_reg_value(REGISTRY_VALUE value)
  */
 static NTSTATUS cmd_spoolss_getprinterdata(struct cli_state *cli,
 					   TALLOC_CTX *mem_ctx,
-					   int argc, char **argv)
+					   int argc, const char **argv)
 {
 	POLICY_HND 	pol;
 	WERROR          result;
@@ -655,7 +655,7 @@ static NTSTATUS cmd_spoolss_getprinterdata(struct cli_state *cli,
 			servername,
 			user;
 	uint32 needed;
-	char *valuename;
+	const char *valuename;
 	REGISTRY_VALUE value;
 
 	if (argc != 3) {
@@ -690,7 +690,7 @@ static NTSTATUS cmd_spoolss_getprinterdata(struct cli_state *cli,
 	/* Get printer info */
 
 	result = cli_spoolss_getprinterdata(cli, mem_ctx, 0, &needed,
-					&pol, valuename, &value);
+					    &pol, valuename, &value);
 
 	if (W_ERROR_V(result) == ERRmoredata)
 		result = cli_spoolss_getprinterdata(
@@ -717,7 +717,7 @@ static NTSTATUS cmd_spoolss_getprinterdata(struct cli_state *cli,
  */
 static NTSTATUS cmd_spoolss_getprinterdataex(struct cli_state *cli,
 					     TALLOC_CTX *mem_ctx,
-					     int argc, char **argv)
+					     int argc, const char **argv)
 {
 	POLICY_HND 	pol;
 	WERROR          result;
@@ -726,7 +726,7 @@ static NTSTATUS cmd_spoolss_getprinterdataex(struct cli_state *cli,
 			servername,
 			user;
 	uint32 needed;
-	char *valuename, *keyname;
+	const char *valuename, *keyname;
 	REGISTRY_VALUE value;
 
 	if (argc != 4) {
@@ -902,7 +902,7 @@ static void display_print_driver_3(DRIVER_INFO_3 *i1)
  */
 static NTSTATUS cmd_spoolss_getdriver(struct cli_state *cli, 
                                       TALLOC_CTX *mem_ctx,
-                                      int argc, char **argv)
+                                      int argc, const char **argv)
 {
 	POLICY_HND 	pol;
 	WERROR          werror;
@@ -992,7 +992,7 @@ static NTSTATUS cmd_spoolss_getdriver(struct cli_state *cli,
  */
 static NTSTATUS cmd_spoolss_enum_drivers(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv)
+                                         int argc, const char **argv)
 {
 	WERROR werror;
 	uint32          info_level = 1;
@@ -1080,7 +1080,7 @@ static void display_printdriverdir_1(DRIVER_DIRECTORY_1 *i1)
  */
 static NTSTATUS cmd_spoolss_getdriverdir(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv)
+                                         int argc, const char **argv)
 {
 	WERROR result;
 	fstring			env;
@@ -1145,7 +1145,7 @@ void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch)
  wrapper for strtok to get the next parameter from a delimited list.
  Needed to handle the empty parameter string denoted by "NULL"
  *************************************************************************/
-static char* get_driver_3_param (char* str, const char* delim, UNISTR* dest)
+static char* get_driver_3_param (const char* str, const char* delim, UNISTR* dest)
 {
 	char	*ptr;
 
@@ -1175,7 +1175,7 @@ static char* get_driver_3_param (char* str, const char* delim, UNISTR* dest)
 static BOOL init_drv_info_3_members (
 	TALLOC_CTX *mem_ctx, 
 	DRIVER_INFO_3 *info, 
-	char *args
+	const char *args
 )
 {
 	char	*str, *str2;
@@ -1224,7 +1224,7 @@ static BOOL init_drv_info_3_members (
 
 static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli, 
                                              TALLOC_CTX *mem_ctx,
-                                             int argc, char **argv)
+                                             int argc, const char **argv)
 {
 	WERROR result;
 	uint32                  level = 3;
@@ -1277,7 +1277,7 @@ static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli,
 
 static NTSTATUS cmd_spoolss_addprinterex(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv)
+                                         int argc, const char **argv)
 {
 	WERROR result;
 	uint32			level = 2;
@@ -1334,7 +1334,7 @@ static NTSTATUS cmd_spoolss_addprinterex(struct cli_state *cli,
 
 static NTSTATUS cmd_spoolss_setdriver(struct cli_state *cli, 
                                       TALLOC_CTX *mem_ctx,
-                                      int argc, char **argv)
+                                      int argc, const char **argv)
 {
 	POLICY_HND		pol;
 	WERROR                  result;
@@ -1412,7 +1412,7 @@ done:
 
 static NTSTATUS cmd_spoolss_deletedriver(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, char **argv)
+                                         int argc, const char **argv)
 {
 	WERROR result;
 	fstring			servername;
@@ -1454,7 +1454,7 @@ static NTSTATUS cmd_spoolss_deletedriver(struct cli_state *cli,
 
 static NTSTATUS cmd_spoolss_getprintprocdir(struct cli_state *cli, 
 					    TALLOC_CTX *mem_ctx,
-					    int argc, char **argv)
+					    int argc, const char **argv)
 {
 	WERROR result;
 	char *servername = NULL, *environment = NULL;
@@ -1497,7 +1497,7 @@ static NTSTATUS cmd_spoolss_getprintprocdir(struct cli_state *cli,
 /* Add a form */
 
 static NTSTATUS cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-				    int argc, char **argv)
+				    int argc, const char **argv)
 {
 	POLICY_HND handle;
 	WERROR werror;
@@ -1556,7 +1556,7 @@ static NTSTATUS cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /* Set a form */
 
 static NTSTATUS cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-				    int argc, char **argv)
+				    int argc, const char **argv)
 {
 	POLICY_HND handle;
 	WERROR werror;
@@ -1614,7 +1614,7 @@ static NTSTATUS cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /* Get a form */
 
 static NTSTATUS cmd_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-				    int argc, char **argv)
+				    int argc, const char **argv)
 {
 	POLICY_HND handle;
 	WERROR werror;
@@ -1678,7 +1678,7 @@ static NTSTATUS cmd_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 static NTSTATUS cmd_spoolss_deleteform(struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
-				       char **argv)
+				       const char **argv)
 {
 	POLICY_HND handle;
 	WERROR werror;
@@ -1725,7 +1725,7 @@ static NTSTATUS cmd_spoolss_deleteform(struct cli_state *cli,
 
 static NTSTATUS cmd_spoolss_enum_forms(struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
-				       char **argv)
+				       const char **argv)
 {
 	POLICY_HND handle;
 	WERROR werror;
@@ -1793,7 +1793,7 @@ static NTSTATUS cmd_spoolss_enum_forms(struct cli_state *cli,
 
 static NTSTATUS cmd_spoolss_setprinterdata(struct cli_state *cli,
 					    TALLOC_CTX *mem_ctx,
-					    int argc, char **argv)
+					    int argc, const char **argv)
 {
 	WERROR result;
 	uint32 needed;
@@ -1912,7 +1912,7 @@ static void display_job_info_2(JOB_INFO_2 *job)
 
 static NTSTATUS cmd_spoolss_enum_jobs(struct cli_state *cli, 
 				      TALLOC_CTX *mem_ctx, int argc, 
-				      char **argv)
+				      const char **argv)
 {
 	WERROR result;
 	uint32 needed, level = 1, num_jobs, i;
@@ -1987,7 +1987,7 @@ done:
 
 static NTSTATUS cmd_spoolss_enum_data( struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
-				       char **argv)
+				       const char **argv)
 {
 	WERROR result;
 	uint32 i=0, val_needed, data_needed;
@@ -2046,14 +2046,14 @@ done:
 
 static NTSTATUS cmd_spoolss_enum_data_ex( struct cli_state *cli, 
 					  TALLOC_CTX *mem_ctx, int argc, 
-					  char **argv)
+					  const char **argv)
 {
 	WERROR result;
 	uint32 needed, i;
 	BOOL got_hnd = False;
 	pstring printername;
 	fstring servername, user;
-	char *keyname = NULL;
+	const char *keyname = NULL;
 	POLICY_HND hnd;
 	REGVAL_CTR ctr;
 
@@ -2111,7 +2111,7 @@ done:
 
 static NTSTATUS cmd_spoolss_enum_printerkey( struct cli_state *cli, 
 					     TALLOC_CTX *mem_ctx, int argc, 
-					     char **argv)
+					     const char **argv)
 {
 	WERROR result;
 	uint32 needed, returned;
@@ -2183,7 +2183,7 @@ done:
 
 static NTSTATUS cmd_spoolss_rffpcnex(struct cli_state *cli, 
 				     TALLOC_CTX *mem_ctx, int argc, 
-				     char **argv)
+				     const char **argv)
 {
 	fstring servername, printername;
 	POLICY_HND hnd;
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
index 10fdfd7437..8597c7bc2e 100644
--- a/source3/rpcclient/cmd_srvsvc.c
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -181,7 +181,7 @@ static void display_srv_info_102(SRV_INFO_102 *sv102)
 /* Server query info */
 static NTSTATUS cmd_srvsvc_srv_query_info(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, char **argv)
+                                          int argc, const char **argv)
 {
 	uint32 info_level = 101;
 	SRV_INFO_CTR ctr;
@@ -248,7 +248,7 @@ static void display_share_info_2(SRV_SHARE_INFO_2 *info2)
 
 static NTSTATUS cmd_srvsvc_net_share_enum(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, char **argv)
+                                          int argc, const char **argv)
 {
 	uint32 info_level = 2;
 	SRV_SHARE_INFO_CTR ctr;
@@ -294,7 +294,7 @@ static NTSTATUS cmd_srvsvc_net_share_enum(struct cli_state *cli,
 
 static NTSTATUS cmd_srvsvc_net_remote_tod(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, char **argv)
+                                          int argc, const char **argv)
 {
 	TIME_OF_DAY_INFO tod;
 	WERROR result;
@@ -316,7 +316,7 @@ static NTSTATUS cmd_srvsvc_net_remote_tod(struct cli_state *cli,
 
 static NTSTATUS cmd_srvsvc_net_file_enum(struct cli_state *cli, 
 					 TALLOC_CTX *mem_ctx,
-					 int argc, char **argv)
+					 int argc, const char **argv)
 {
 	uint32 info_level = 3;
 	SRV_FILE_INFO_CTR ctr;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 5803055598..127506fb39 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -304,7 +304,7 @@ static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 /* Display help on commands */
 
 static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                         int argc, char **argv)
+                         int argc, const char **argv)
 {
 	struct cmd_list *tmp;
         struct cmd_set *tmp_set;
@@ -381,7 +381,7 @@ static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                         int argc, char **argv)
+                         int argc, const char **argv)
 {
 	exit(0);
 	return NT_STATUS_OK; /* NOTREACHED */
diff --git a/source3/torture/samtest.c b/source3/torture/samtest.c
index a1ccec098b..0de2e5d288 100644
--- a/source3/torture/samtest.c
+++ b/source3/torture/samtest.c
@@ -73,7 +73,7 @@ static NTSTATUS cmd_conf(struct samtest_state *sam, TALLOC_CTX *mem_ctx,
 
 /* Display help on commands */
 static NTSTATUS cmd_help(struct samtest_state *st, TALLOC_CTX *mem_ctx,
-			 int argc, char **argv)
+			 int argc, const char **argv)
 {
 	struct cmd_list *tmp;
 	struct cmd_set *tmp_set;
diff --git a/source3/torture/vfstest.c b/source3/torture/vfstest.c
index fd1f83109e..04f31656d3 100644
--- a/source3/torture/vfstest.c
+++ b/source3/torture/vfstest.c
@@ -124,7 +124,7 @@ static NTSTATUS cmd_conf(struct vfs_state *vfs, TALLOC_CTX *mem_ctx,
 	
 /* Display help on commands */
 static NTSTATUS cmd_help(struct vfs_state *vfs, TALLOC_CTX *mem_ctx,
-			 int argc, char **argv)
+			 int argc, const char **argv)
 {
 	struct cmd_list *tmp;
 	struct cmd_set *tmp_set;
-- 
cgit 


From f9d577ac099974f58522c1c5c42e5804a62c8e0b Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 25 Feb 2003 23:35:25 +0000
Subject: Fix compiler warning. (This used to be commit
 0308f24ad209a28799b36d041be2dc2be2b2dac8)

---
 source3/utils/profiles.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c
index b4087cf6cf..4f40b93810 100644
--- a/source3/utils/profiles.c
+++ b/source3/utils/profiles.c
@@ -391,7 +391,7 @@ typedef struct acl_struct {
 
 #define OFF(f) (0x1000 + (f) + 4) 
 
-void print_sid(DOM_SID *sid);
+static void print_sid(DOM_SID *sid);
 
 int verbose = 1;
 DOM_SID old_sid, new_sid;
-- 
cgit 


From b906a9df75b6bdc6fe166e9aa5a8aa398176a518 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Wed, 26 Feb 2003 00:52:41 +0000
Subject: Merge from appliance:

>Another hopeful fix for CR#1168.  Change the RPC used in querying
>domain users from QueryDispInfo to EnumDomainUsers.  Hopefully this
>will fix the random dropouts that keep occuring when listing large
>domains.
>
>My thought is that since QueryDispInfo is only used in the NT user
>manager it may have a bug with large domains.  A more commonly used
>RPC may not have such problems.
(This used to be commit 0501b7d0b12fa8063ffe6a9d4ecc3391d0c2f45d)
---
 source3/nsswitch/winbindd_rpc.c | 57 +++++++++++++++++------------------------
 1 file changed, 23 insertions(+), 34 deletions(-)

diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 48f528f520..90d8e4f616 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -3,7 +3,7 @@
 
    Winbind rpc backend functions
 
-   Copyright (C) Tim Potter 2000-2001
+   Copyright (C) Tim Potter 2000-2001,2003
    Copyright (C) Andrew Tridgell 2001
    
    This program is free software; you can redistribute it and/or modify
@@ -39,18 +39,17 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 	POLICY_HND dom_pol;
 	BOOL got_dom_pol = False;
 	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
-	int i, loop_count = 0;
-	int retry;
+	int i, start_idx, retry;
 
 	DEBUG(3,("rpc: query_user_list\n"));
 
 	*num_entries = 0;
 	*info = NULL;
 
-	/* Get sam handle */
-
 	retry = 0;
 	do {
+		/* Get sam handle */
+
 		if (!(hnd = cm_get_sam_handle(domain->name)))
 			goto done;
 
@@ -66,50 +65,39 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 
 	got_dom_pol = True;
 
-	i = 0;
+	i = start_idx = 0;
 	do {
-		SAM_DISPINFO_CTR ctr;
-		SAM_DISPINFO_1 info1;
-		uint32 count = 0, start=i, max_entries, max_size;
-		int j;
 		TALLOC_CTX *ctx2;
+		char **dom_users;
+		uint32 num_dom_users, *dom_rids, j, size = 0xffff;
+		uint16 acb_mask = ACB_NORMAL;
 
-		ctr.sam.info1 = &info1;
-
-		ctx2 = talloc_init("winbindd dispinfo");
-		if (!ctx2) {
+		if (!(ctx2 = talloc_init("winbindd enum_users"))) {
 			result = NT_STATUS_NO_MEMORY;
 			goto done;
-		}
-		
-		get_query_dispinfo_params(
-			loop_count, &max_entries, &max_size);
-
-		/* Query display info level 1 */
-		result = cli_samr_query_dispinfo(
-			hnd->cli, ctx2, &dom_pol, &start, 1, &count, 
-			max_entries, max_size, &ctr);
+		}		
 
-		loop_count++;
+		result = cli_samr_enum_dom_users(
+			hnd->cli, ctx2, &dom_pol, &start_idx, acb_mask,
+			size, &dom_users, &dom_rids, &num_dom_users);
 
-		if (!NT_STATUS_IS_OK(result) && 
-		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break;
+		*num_entries += num_dom_users;
 
-		(*num_entries) += count;
+		*info = talloc_realloc(
+			mem_ctx, *info, 
+			(*num_entries) * sizeof(WINBIND_USERINFO));
 
-		/* now map the result into the WINBIND_USERINFO structure */
-		(*info) = talloc_realloc(mem_ctx, *info,
-					 (*num_entries)*sizeof(WINBIND_USERINFO));
 		if (!(*info)) {
 			result = NT_STATUS_NO_MEMORY;
 			talloc_destroy(ctx2);
 			goto done;
 		}
 
-		for (j=0;j<count;i++, j++) {
-			(*info)[i].acct_name = unistr2_tdup(mem_ctx, &info1.str[j].uni_acct_name);
-			(*info)[i].full_name = unistr2_tdup(mem_ctx, &info1.str[j].uni_full_name);
-			(*info)[i].user_rid = info1.sam[j].rid_user;
+		for (j = 0; j < num_dom_users; i++, j++) {
+			(*info)[i].acct_name = 
+				talloc_strdup(mem_ctx, dom_users[j]);
+			(*info)[i].full_name = talloc_strdup(mem_ctx, "");
+			(*info)[i].user_rid = dom_rids[j];
 			/* For the moment we set the primary group for
 			   every user to be the Domain Users group.
 			   There are serious problems with determining
@@ -121,6 +109,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 		}
 
 		talloc_destroy(ctx2);
+
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
  done:
-- 
cgit 


From f7bb6982980abf32b98fee8e2624bb5932554dfe Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 26 Feb 2003 06:19:16 +0000
Subject: init_valid_table: Fix a memory leak that would lose the
 dynamically-created valid table every time the configuration was reloaded.
 (This used to be commit e42b237d980461caf2dd2a8f82c17bf674facb7d)

---
 source3/lib/util_unistr.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
index 522ab7eb40..c666155f9f 100644
--- a/source3/lib/util_unistr.c
+++ b/source3/lib/util_unistr.c
@@ -105,27 +105,34 @@ static int check_dos_char(smb_ucs2_t c)
  **/
 void init_valid_table(void)
 {
-	static int initialised;
 	static int mapped_file;
 	int i;
 	const char *allowed = ".!#$%&'()_-@^`~";
+	uint8 *valid_file;
 
-	if (initialised && mapped_file) return;
-	initialised = 1;
+	if (mapped_file) {
+		/* Can't unmap files, so stick with what we have */
+		return;
+	}
 
-	valid_table = map_file(lib_path("valid.dat"), 0x10000);
-	if (valid_table) {
+	valid_file = map_file(lib_path("valid.dat"), 0x10000);
+	if (valid_file) {
+		valid_table = valid_file;
 		mapped_file = 1;
 		return;
 	}
 
-	/* Otherwise, using a dynamically loaded one. */
+	/* Otherwise, we're using a dynamically created valid_table.
+	 * It might need to be regenerated if the code page changed.
+	 * We know that we're not using a mapped file, so we can
+	 * free() the old one. */
 	if (valid_table) free(valid_table);
 
 	DEBUG(2,("creating default valid table\n"));
 	valid_table = malloc(0x10000);
-	for (i=0;i<128;i++) valid_table[i] = isalnum(i) || 
-				    strchr(allowed,i);
+	for (i=0;i<128;i++)
+		valid_table[i] = isalnum(i) || strchr(allowed,i);
+	
 	for (;i<0x10000;i++) {
 		smb_ucs2_t c;
 		SSVAL(&c, 0, i);
-- 
cgit 


From cee64b535355ed14aa8c9a30f51432563391ea34 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 26 Feb 2003 12:21:01 +0000
Subject: Kill RID-only and domain+RID madness from winbind.

Now we deal with SIDs in almost all of winbind (a couple of limited exceptions
remain, but I'm looking into them - they use non-winbind structs ATM).

This has particular benifits in returning out-of-domain SIDs for group
membership (Need to look into this a bit more) as well as general code quality.

This also removes much of the complexity from the idmap interface, which now
only deals with mapping IDs, not with SID->domain translations.

Breifly tested, but needs more.  Fixes some valgrind-found bugs from my
previous commit.

Winbind cache chagned to using SID strings in some places, as I could not
follow exactly how to save and restore multiple packed sids properly.

Andrew Bartlett
(This used to be commit 9247cf08c40f016a924d600ac906cfc6a7016777)
---
 source3/nsswitch/winbindd.h           |  28 +++---
 source3/nsswitch/winbindd_ads.c       | 178 ++++++++++++++++++----------------
 source3/nsswitch/winbindd_cache.c     | 159 +++++++++++++++++-------------
 source3/nsswitch/winbindd_group.c     | 114 +++++++++++-----------
 source3/nsswitch/winbindd_idmap.c     |  82 ----------------
 source3/nsswitch/winbindd_idmap_tdb.c |  78 ---------------
 source3/nsswitch/winbindd_rpc.c       |  93 ++++++++++++------
 source3/nsswitch/winbindd_user.c      |  56 +++++------
 source3/nsswitch/winbindd_util.c      |  29 +++++-
 9 files changed, 377 insertions(+), 440 deletions(-)

diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
index a498b76626..8bd8a83748 100644
--- a/source3/nsswitch/winbindd.h
+++ b/source3/nsswitch/winbindd.h
@@ -63,7 +63,8 @@ struct getent_state {
 struct getpwent_user {
 	fstring name;                        /* Account name */
 	fstring gecos;                       /* User information */
-	uint32 user_rid, group_rid;          /* NT user and group rids */
+	DOM_SID user_sid;                    /* NT user and primary group SIDs */
+	DOM_SID group_sid;
 };
 
 /* Server state structure */
@@ -81,8 +82,8 @@ extern struct winbindd_state server_state;  /* Server information */
 typedef struct {
 	char *acct_name;
 	char *full_name;
-	uint32 user_rid;
-	uint32 group_rid; /* primary group */
+	DOM_SID *user_sid;                    /* NT user and primary group SIDs */
+	DOM_SID *group_sid;
 } WINBIND_USERINFO;
 
 /* Structures to hold per domain information */
@@ -138,6 +139,7 @@ struct winbindd_methods {
 				    
 	/* convert one user or group name to a sid */
 	NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
 				const char *name,
 				DOM_SID *sid,
 				enum SID_NAME_USE *type);
@@ -149,10 +151,10 @@ struct winbindd_methods {
 				char **name,
 				enum SID_NAME_USE *type);
 
-	/* lookup user info for a given rid */
+	/* lookup user info for a given SID */
 	NTSTATUS (*query_user)(struct winbindd_domain *domain, 
 			       TALLOC_CTX *mem_ctx, 
-			       uint32 user_rid, 
+			       DOM_SID *user_sid,
 			       WINBIND_USERINFO *user_info);
 
 	/* lookup all groups that a user is a member of. The backend
@@ -160,14 +162,15 @@ struct winbindd_methods {
 	   function */
 	NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
 				      TALLOC_CTX *mem_ctx,
-				      uint32 user_rid, 
-				      uint32 *num_groups, uint32 **user_gids);
+				      DOM_SID *user_sid,
+				      uint32 *num_groups, DOM_SID ***user_gids);
 
 	/* find all members of the group with the specified group_rid */
 	NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
 				    TALLOC_CTX *mem_ctx,
-				    uint32 group_rid, uint32 *num_names, 
-				    uint32 **rid_mem, char ***names, 
+				    DOM_SID *group_sid,
+				    uint32 *num_names, 
+				    DOM_SID ***sid_mem, char ***names, 
 				    uint32 **name_types);
 
 	/* return the current global sequence number */
@@ -207,13 +210,6 @@ struct idmap_methods {
   BOOL (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid);
   BOOL (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid);
 
-  BOOL (*get_rid_from_uid)(uid_t uid, uint32 *user_rid, 
-                           struct winbindd_domain **domain);
-  BOOL (*get_rid_from_gid)(gid_t gid, uint32 *group_rid,
-                           struct winbindd_domain **domain);
-  BOOL (*get_uid_from_rid)(const char *dom_name, uint32 rid, uid_t *uid);
-  BOOL (*get_gid_from_rid)(const char *dom_name, uint32 rid, gid_t *gid);
-
   /* Called when backend is unloaded */
   BOOL (*close)(void);
   /* Called to dump backend status */
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 22e4648f15..6c79e59bae 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -89,13 +89,6 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 	return ads;
 }
 
-/* useful utility */
-static void sid_from_rid(struct winbindd_domain *domain, uint32 rid, DOM_SID *sid)
-{
-	sid_copy(sid, &domain->sid);
-	sid_append_rid(sid, rid);
-}
-
 
 /* Query display info for a realm. This is the basic user list fn */
 static NTSTATUS query_user_list(struct winbindd_domain *domain,
@@ -144,7 +137,9 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 	for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
 		char *name, *gecos;
 		DOM_SID sid;
-		uint32 rid, group;
+		DOM_SID *sid2;
+		DOM_SID *group_sid;
+		uint32 group;
 		uint32 atype;
 
 		if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype) ||
@@ -164,15 +159,20 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 			continue;
 		}
 
-		if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
-			DEBUG(1,("No rid for %s !?\n", name));
-			continue;
+		sid2 = talloc(mem_ctx, sizeof(*sid2));
+		if (!sid2) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
 		}
 
+		sid_copy(sid2, &sid);
+
+		group_sid = rid_to_talloced_sid(domain, mem_ctx, group);
+
 		(*info)[i].acct_name = name;
 		(*info)[i].full_name = gecos;
-		(*info)[i].user_rid = rid;
-		(*info)[i].group_rid = group;
+		(*info)[i].user_sid = sid2;
+		(*info)[i].group_sid = group_sid;
 		i++;
 	}
 
@@ -297,6 +297,7 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
 
 /* convert a single name to a sid in a domain */
 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
 			    const char *name,
 			    DOM_SID *sid,
 			    enum SID_NAME_USE *type)
@@ -329,13 +330,13 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain,
 }
 
 
-/* convert a DN to a name, rid and name type 
+/* convert a DN to a name, SID and name type 
    this might become a major speed bottleneck if groups have
    lots of users, in which case we could cache the results
 */
 static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
 		      const char *dn,
-		      char **name, uint32 *name_type, uint32 *rid)
+		      char **name, uint32 *name_type, DOM_SID *sid)
 {
 	char *exp;
 	void *res = NULL;
@@ -343,7 +344,6 @@ static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
 			       "objectSid", "sAMAccountType", NULL};
 	ADS_STATUS rc;
 	uint32 atype;
-	DOM_SID sid;
 	char *escaped_dn = escape_ldap_string_alloc(dn);
 
 	if (!escaped_dn) {
@@ -366,8 +366,7 @@ static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
 	}
 	(*name_type) = ads_atype_map(atype);
 
-	if (!ads_pull_sid(ads, res, "objectSid", &sid) || 
-	    !sid_peek_rid(&sid, rid)) {
+	if (!ads_pull_sid(ads, res, "objectSid", sid)) {
 		goto failed;
 	}
 
@@ -382,60 +381,63 @@ failed:
 /* Lookup user information from a rid */
 static NTSTATUS query_user(struct winbindd_domain *domain, 
 			   TALLOC_CTX *mem_ctx, 
-			   uint32 user_rid, 
+			   DOM_SID *sid, 
 			   WINBIND_USERINFO *info)
 {
 	ADS_STRUCT *ads = NULL;
 	const char *attrs[] = {"userPrincipalName", 
 			       "sAMAccountName",
-			       "name", "objectSid", 
+			       "name", 
 			       "primaryGroupID", NULL};
 	ADS_STATUS rc;
 	int count;
 	void *msg = NULL;
 	char *exp;
-	DOM_SID sid;
 	char *sidstr;
+	uint32 group_rid;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	DOM_SID *sid2;
+	fstring sid_string;
 
 	DEBUG(3,("ads: query_user\n"));
 
-	sid_from_rid(domain, user_rid, &sid);
-
 	ads = ads_cached_connection(domain);
 	if (!ads) goto done;
 
-	sidstr = sid_binstring(&sid);
+	sidstr = sid_binstring(sid);
 	asprintf(&exp, "(objectSid=%s)", sidstr);
 	rc = ads_search_retry(ads, &msg, exp, attrs);
 	free(exp);
 	free(sidstr);
 	if (!ADS_ERR_OK(rc)) {
-		DEBUG(1,("query_user(rid=%d) ads_search: %s\n", user_rid, ads_errstr(rc)));
+		DEBUG(1,("query_user(sid=%s) ads_search: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc)));
 		goto done;
 	}
 
 	count = ads_count_replies(ads, msg);
 	if (count != 1) {
-		DEBUG(1,("query_user(rid=%d): Not found\n", user_rid));
+		DEBUG(1,("query_user(sid=%s): Not found\n", sid_to_string(sid_string, sid)));
 		goto done;
 	}
 
 	info->acct_name = ads_pull_username(ads, mem_ctx, msg);
 	info->full_name = ads_pull_string(ads, mem_ctx, msg, "name");
-	if (!ads_pull_sid(ads, msg, "objectSid", &sid)) {
-		DEBUG(1,("No sid for %d !?\n", user_rid));
-		goto done;
-	}
-	if (!ads_pull_uint32(ads, msg, "primaryGroupID", &info->group_rid)) {
-		DEBUG(1,("No primary group for %d !?\n", user_rid));
+
+	if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) {
+		DEBUG(1,("No primary group for %s !?\n", sid_to_string(sid_string, sid)));
 		goto done;
 	}
 	
-	if (!sid_peek_check_rid(&domain->sid,&sid, &info->user_rid)) {
-		DEBUG(1,("No rid for %d !?\n", user_rid));
+	sid2 = talloc(mem_ctx, sizeof(*sid2));
+	if (!sid2) {
+		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
+	sid_copy(sid2, sid);
+	
+	info->user_sid = sid2;
+
+	info->group_sid = rid_to_talloced_sid(domain, mem_ctx, group_rid);
 
 	status = NT_STATUS_OK;
 
@@ -451,8 +453,8 @@ done:
 static NTSTATUS lookup_usergroups_alt(struct winbindd_domain *domain,
 				      TALLOC_CTX *mem_ctx,
 				      const char *user_dn, 
-				      uint32 primary_group,
-				      uint32 *num_groups, uint32 **user_gids)
+				      DOM_SID *primary_group,
+				      uint32 *num_groups, DOM_SID ***user_gids)
 {
 	ADS_STATUS rc;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
@@ -489,47 +491,48 @@ static NTSTATUS lookup_usergroups_alt(struct winbindd_domain *domain,
 		goto done;
 	}
 	
-	(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
+	(*user_gids) = talloc_zero(mem_ctx, sizeof(**user_gids) * (count + 1));
 	(*user_gids)[0] = primary_group;
 	
 	*num_groups = 1;
 	
 	for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
-		uint32 rid;
 		DOM_SID group_sid;
-		fstring sid_string;
 		
 		if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) {
 			DEBUG(1,("No sid for this group ?!?\n"));
 			continue;
 		}
 		
-		if (!sid_peek_check_rid(&domain->sid, &group_sid, &rid)) {
-			DEBUG(5,("sid for %s is out of domain or invalid\n", sid_to_string(sid_string, &group_sid)));
-			continue;
-		}
-		if (rid == primary_group) continue;
+		if (sid_equal(&group_sid, primary_group)) continue;
 		
-		(*user_gids)[*num_groups] = rid;
+		(*user_gids)[*num_groups] = talloc(mem_ctx, sizeof(***user_gids));
+		if (!(*user_gids)[*num_groups]) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		sid_copy((*user_gids)[*num_groups], &group_sid);
+
 		(*num_groups)++;
 			
 	}
 
-	if (res) ads_msgfree(ads, res);
-	if (msg) ads_msgfree(ads, msg);
-
 	status = NT_STATUS_OK;
 
 	DEBUG(3,("ads lookup_usergroups (alt) for dn=%s\n", user_dn));
 done:
+	if (res) ads_msgfree(ads, res);
+	if (msg) ads_msgfree(ads, msg);
+
 	return status;
 }
 
 /* Lookup groups a user is a member of. */
 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 				  TALLOC_CTX *mem_ctx,
-				  uint32 user_rid, 
-				  uint32 *num_groups, uint32 **user_gids)
+				  DOM_SID *sid, 
+				  uint32 *num_groups, DOM_SID ***user_gids)
 {
 	ADS_STRUCT *ads = NULL;
 	const char *attrs[] = {"distinguishedName", NULL};
@@ -541,27 +544,26 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	char *user_dn;
 	DOM_SID *sids;
 	int i;
-	uint32 primary_group;
-	DOM_SID sid;
+	DOM_SID *primary_group;
+	uint32 primary_group_rid;
 	char *sidstr;
+	fstring sid_string;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 
 	DEBUG(3,("ads: lookup_usergroups\n"));
 	*num_groups = 0;
 
-	sid_from_rid(domain, user_rid, &sid);
-
 	ads = ads_cached_connection(domain);
 	if (!ads) goto done;
 
-	if (!(sidstr = sid_binstring(&sid))) {
-		DEBUG(1,("lookup_usergroups(rid=%d) sid_binstring returned NULL\n", user_rid));
+	if (!(sidstr = sid_binstring(sid))) {
+		DEBUG(1,("lookup_usergroups(sid=%s) sid_binstring returned NULL\n", sid_to_string(sid_string, sid)));
 		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
 	if (asprintf(&exp, "(objectSid=%s)", sidstr) == -1) {
 		free(sidstr);
-		DEBUG(1,("lookup_usergroups(rid=%d) asprintf failed!\n", user_rid));
+		DEBUG(1,("lookup_usergroups(sid=%s) asprintf failed!\n", sid_to_string(sid_string, sid)));
 		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
@@ -571,13 +573,13 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	free(sidstr);
 
 	if (!ADS_ERR_OK(rc)) {
-		DEBUG(1,("lookup_usergroups(rid=%d) ads_search: %s\n", user_rid, ads_errstr(rc)));
+		DEBUG(1,("lookup_usergroups(sid=%s) ads_search: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc)));
 		goto done;
 	}
 
 	user_dn = ads_pull_string(ads, mem_ctx, msg, "distinguishedName");
 	if (!user_dn) {
-		DEBUG(1,("lookup_usergroups(rid=%d) ads_search did not return a a distinguishedName!\n", user_rid));
+		DEBUG(1,("lookup_usergroups(sid=%s) ads_search did not return a a distinguishedName!\n", sid_to_string(sid_string, sid)));
 		goto done;
 	}
 
@@ -585,15 +587,17 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 
 	rc = ads_search_retry_dn(ads, &msg, user_dn, attrs2);
 	if (!ADS_ERR_OK(rc)) {
-		DEBUG(1,("lookup_usergroups(rid=%d) ads_search tokenGroups: %s\n", user_rid, ads_errstr(rc)));
+		DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc)));
 		goto done;
 	}
 
-	if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group)) {
-		DEBUG(1,("%s: No primary group for rid=%d !?\n", domain->name, user_rid));
+	if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group_rid)) {
+		DEBUG(1,("%s: No primary group for sid=%s !?\n", domain->name, sid_to_string(sid_string, sid)));
 		goto done;
 	}
 
+	primary_group = rid_to_talloced_sid(domain, mem_ctx, primary_group_rid);
+
 	count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids);
 
 	if (msg) ads_msgfree(ads, msg);
@@ -602,25 +606,30 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	   unless we are talking to a buggy Win2k server */
 	if (count == 0) {
 		return lookup_usergroups_alt(domain, mem_ctx, user_dn, 
-					       primary_group,
-					       num_groups, user_gids);
+					     primary_group,
+					     num_groups, user_gids);
 	}
 
-	(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * (count + 1));
+	(*user_gids) = talloc_zero(mem_ctx, sizeof(**user_gids) * (count + 1));
 	(*user_gids)[0] = primary_group;
 	
 	*num_groups = 1;
 	
 	for (i=0;i<count;i++) {
-		uint32 rid;
-		if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue;
-		if (rid == primary_group) continue;
-		(*user_gids)[*num_groups] = rid;
+		if (sid_equal(&sids[i], primary_group)) continue;
+		
+		(*user_gids)[*num_groups] = talloc(mem_ctx, sizeof(***user_gids));
+		if (!(*user_gids)[*num_groups]) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		sid_copy((*user_gids)[*num_groups], &sids[i]);
 		(*num_groups)++;
 	}
 
 	status = NT_STATUS_OK;
-	DEBUG(3,("ads lookup_usergroups for rid=%d\n", user_rid));
+	DEBUG(3,("ads lookup_usergroups for sid=%s\n", sid_to_string(sid_string, sid)));
 done:
 	return status;
 }
@@ -630,11 +639,10 @@ done:
  */
 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
-				uint32 group_rid, uint32 *num_names, 
-				uint32 **rid_mem, char ***names, 
+				DOM_SID *group_sid, uint32 *num_names, 
+				DOM_SID ***sid_mem, char ***names, 
 				uint32 **name_types)
 {
-	DOM_SID group_sid;
 	ADS_STATUS rc;
 	int count;
 	void *res=NULL;
@@ -645,14 +653,14 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 	const char *attrs[] = {"member", NULL};
 	char **members;
 	int i, num_members;
+	fstring sid_string;
 
 	*num_names = 0;
 
 	ads = ads_cached_connection(domain);
 	if (!ads) goto done;
 
-	sid_from_rid(domain, group_rid, &group_sid);
-	sidstr = sid_binstring(&group_sid);
+	sidstr = sid_binstring(group_sid);
 
 	/* search for all members of the group */
 	asprintf(&exp, "(objectSid=%s)",sidstr);
@@ -684,24 +692,30 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 	for (i=0;members[i];i++) /* noop */ ;
 	num_members = i;
 
-	(*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * num_members);
-	(*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * num_members);
-	(*names) = talloc_zero(mem_ctx, sizeof(char *) * num_members);
+	(*sid_mem) = talloc_zero(mem_ctx, sizeof(**sid_mem) * num_members);
+	(*name_types) = talloc_zero(mem_ctx, sizeof(**name_types) * num_members);
+	(*names) = talloc_zero(mem_ctx, sizeof(**names) * num_members);
 
 	for (i=0;i<num_members;i++) {
-		uint32 name_type, rid;
+		uint32 name_type;
 		char *name;
+		DOM_SID sid;
 
-		if (dn_lookup(ads, mem_ctx, members[i], &name, &name_type, &rid)) {
+		if (dn_lookup(ads, mem_ctx, members[i], &name, &name_type, &sid)) {
 		    (*names)[*num_names] = name;
 		    (*name_types)[*num_names] = name_type;
-		    (*rid_mem)[*num_names] = rid;
+		    (*sid_mem)[*num_names] = talloc(mem_ctx, sizeof(***sid_mem));
+		    if (!(*sid_mem)[*num_names]) {
+			    status = NT_STATUS_NO_MEMORY;
+			    goto done;
+		    }
+		    sid_copy((*sid_mem)[*num_names], &sid);
 		    (*num_names)++;
 		}
 	}	
 
 	status = NT_STATUS_OK;
-	DEBUG(3,("ads lookup_groupmem for rid=%d\n", group_rid));
+	DEBUG(3,("ads lookup_groupmem for sid=%s\n", sid_to_string(sid_string, group_sid)));
 done:
 	if (res) ads_msgfree(ads, res);
 
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 6ba1d48f5a..5fb59e7467 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -192,6 +192,23 @@ static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
 	return ret;
 }
 
+/* pull a string from a cache entry, using the supplied
+   talloc context 
+*/
+static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
+{
+	DOM_SID *sid;
+	char *sid_string;
+	sid = talloc(mem_ctx, sizeof(*sid));
+	if (!sid) return NULL;
+	
+	sid_string = centry_string(centry, mem_ctx);
+	if (!string_to_sid(sid, sid_string)) {
+		return NULL;
+	}
+	return sid;
+}
+
 /* the server is considered down if it can't give us a sequence number */
 static BOOL wcache_server_down(struct winbindd_domain *domain)
 {
@@ -258,6 +275,9 @@ static BOOL centry_expired(struct winbindd_domain *domain, struct cache_entry *c
   fetch an entry from the cache, with a varargs key. auto-fetch the sequence
   number and return status
 */
+static struct cache_entry *wcache_fetch(struct winbind_cache *cache, 
+					struct winbindd_domain *domain,
+					const char *format, ...) PRINTF_ATTRIBUTE(3,4);
 static struct cache_entry *wcache_fetch(struct winbind_cache *cache, 
 					struct winbindd_domain *domain,
 					const char *format, ...)
@@ -370,6 +390,13 @@ static void centry_put_string(struct cache_entry *centry, const char *s)
 	centry->ofs += len;
 }
 
+static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) 
+{
+	int len;
+	fstring sid_string;
+	centry_put_string(centry, sid_to_string(sid_string, sid));
+}
+
 /*
   start a centry for output. When finished, call centry_end()
 */
@@ -393,6 +420,7 @@ struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status
 /*
   finish a centry and write it to the tdb
 */
+static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
 static void centry_end(struct cache_entry *centry, const char *format, ...)
 {
 	va_list ap;
@@ -412,39 +440,30 @@ static void centry_end(struct cache_entry *centry, const char *format, ...)
 	free(kstr);
 }
 
-/* form a sid from the domain plus rid */
-static DOM_SID *form_sid(struct winbindd_domain *domain, uint32 rid)
-{
-	static DOM_SID sid;
-	sid_copy(&sid, &domain->sid);
-	sid_append_rid(&sid, rid);
-	return &sid;
-}
-
-static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS status, 
-				    const char *name, DOM_SID *sid, enum SID_NAME_USE type)
+static void wcache_save_name_to_sid(struct winbindd_domain *domain, 
+				    NTSTATUS status, 
+				    const char *name, DOM_SID *sid, 
+				    enum SID_NAME_USE type)
 {
 	struct cache_entry *centry;
 	uint32 len;
 	fstring uname;
+	fstring sid_string;
 
 	centry = centry_start(domain, status);
 	if (!centry) return;
-	len = sid_size(sid);
-	centry_expand(centry, len);
-	centry_put_uint32(centry, type);
-	sid_linearize(centry->data + centry->ofs, len, sid);
-	centry->ofs += len;
+	centry_put_sid(centry, sid);
 	fstrcpy(uname, name);
 	strupper(uname);
-	centry_end(centry, "NS/%s/%s", domain->name, uname);
+	centry_end(centry, "NS/%s", sid_to_string(sid_string, sid));
 	centry_free(centry);
 }
 
 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status, 
-				    DOM_SID *sid, const char *name, enum SID_NAME_USE type, uint32 rid)
+				    DOM_SID *sid, const char *name, enum SID_NAME_USE type)
 {
 	struct cache_entry *centry;
+	fstring sid_string;
 
 	centry = centry_start(domain, status);
 	if (!centry) return;
@@ -452,7 +471,7 @@ static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS sta
 		centry_put_uint32(centry, type);
 		centry_put_string(centry, name);
 	}
-	centry_end(centry, "SN/%s/%d", domain->name, rid);
+	centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
 	centry_free(centry);
 }
 
@@ -460,14 +479,15 @@ static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS sta
 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
 {
 	struct cache_entry *centry;
+	fstring sid_string;
 
 	centry = centry_start(domain, status);
 	if (!centry) return;
 	centry_put_string(centry, info->acct_name);
 	centry_put_string(centry, info->full_name);
-	centry_put_uint32(centry, info->user_rid);
-	centry_put_uint32(centry, info->group_rid);
-	centry_end(centry, "U/%s/%d", domain->name, info->user_rid);
+	centry_put_sid(centry, info->user_sid);
+	centry_put_sid(centry, info->group_sid);
+	centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
 	centry_free(centry);
 }
 
@@ -481,7 +501,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
-	int i;
+	unsigned int i;
 
 	if (!cache->tdb) goto do_query;
 
@@ -497,8 +517,8 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 	for (i=0; i<(*num_entries); i++) {
 		(*info)[i].acct_name = centry_string(centry, mem_ctx);
 		(*info)[i].full_name = centry_string(centry, mem_ctx);
-		(*info)[i].user_rid = centry_uint32(centry);
-		(*info)[i].group_rid = centry_uint32(centry);
+		(*info)[i].user_sid = centry_sid(centry, mem_ctx);
+		(*info)[i].group_sid = centry_sid(centry, mem_ctx);
 	}
 
 do_cached:	
@@ -524,18 +544,18 @@ do_query:
 	for (i=0; i<(*num_entries); i++) {
 		centry_put_string(centry, (*info)[i].acct_name);
 		centry_put_string(centry, (*info)[i].full_name);
-		centry_put_uint32(centry, (*info)[i].user_rid);
-		centry_put_uint32(centry, (*info)[i].group_rid);
+		centry_put_sid(centry, (*info)[i].user_sid);
+		centry_put_sid(centry, (*info)[i].group_sid);
 		if (cache->backend->consistent) {
 			/* when the backend is consistent we can pre-prime some mappings */
 			wcache_save_name_to_sid(domain, NT_STATUS_OK, 
 						(*info)[i].acct_name, 
-						form_sid(domain, (*info)[i].user_rid),
+						(*info)[i].user_sid,
 						SID_NAME_USER);
 			wcache_save_sid_to_name(domain, NT_STATUS_OK, 
-						form_sid(domain, (*info)[i].user_rid),
+						(*info)[i].user_sid,
 						(*info)[i].acct_name, 
-						SID_NAME_USER, (*info)[i].user_rid);
+						SID_NAME_USER);
 			wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
 		}
 	}	
@@ -555,7 +575,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
-	int i;
+	unsigned int i;
 
 	if (!cache->tdb) goto do_query;
 
@@ -615,7 +635,7 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
-	int i;
+	unsigned int i;
 
 	if (!cache->tdb) goto do_query;
 
@@ -669,7 +689,7 @@ do_query:
 		centry_put_string(centry, (*info)[i].acct_name);
 		centry_put_string(centry, (*info)[i].acct_desc);
 		centry_put_uint32(centry, (*info)[i].rid);
-	}	
+	}
 	centry_end(centry, "GL/%s/local", domain->name);
 	centry_free(centry);
 
@@ -679,6 +699,7 @@ skip_save:
 
 /* convert a single name to a sid in a domain */
 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
 			    const char *name,
 			    DOM_SID *sid,
 			    enum SID_NAME_USE *type)
@@ -687,6 +708,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
 	fstring uname;
+	DOM_SID *sid2;
 
 	if (!cache->tdb) goto do_query;
 
@@ -695,7 +717,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 	centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname);
 	if (!centry) goto do_query;
 	*type = centry_uint32(centry);
-	sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid);
+	sid2 = centry_sid(centry, mem_ctx);
+	if (!sid2) {
+		ZERO_STRUCTP(sid);
+	} else {
+		sid_copy(sid, sid2);
+	}
 
 	status = centry->status;
 	centry_free(centry);
@@ -707,7 +734,7 @@ do_query:
 	if (wcache_server_down(domain)) {
 		return NT_STATUS_SERVER_DISABLED;
 	}
-	status = cache->backend->name_to_sid(domain, name, sid, type);
+	status = cache->backend->name_to_sid(domain, mem_ctx, name, sid, type);
 
 	/* and save it */
 	wcache_save_name_to_sid(domain, status, name, sid, *type);
@@ -729,14 +756,11 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain,
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
-	uint32 rid = 0;
-
-	if (!sid_peek_check_rid(&domain->sid, sid, &rid))
-		return NT_STATUS_INVALID_PARAMETER;
+	fstring sid_string;
 
 	if (!cache->tdb) goto do_query;
 
-	centry = wcache_fetch(cache, domain, "SN/%s/%d", domain->name, rid);
+	centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
 	if (!centry) goto do_query;
 	if (NT_STATUS_IS_OK(centry->status)) {
 		*type = centry_uint32(centry);
@@ -756,7 +780,7 @@ do_query:
 
 	/* and save it */
 	refresh_sequence_number(domain, True);
-	wcache_save_sid_to_name(domain, status, sid, *name, *type, rid);
+	wcache_save_sid_to_name(domain, status, sid, *name, *type);
 	wcache_save_name_to_sid(domain, status, *name, sid, *type);
 
 	return status;
@@ -766,22 +790,23 @@ do_query:
 /* Lookup user information from a rid */
 static NTSTATUS query_user(struct winbindd_domain *domain, 
 			   TALLOC_CTX *mem_ctx, 
-			   uint32 user_rid, 
+			   DOM_SID *user_sid, 
 			   WINBIND_USERINFO *info)
 {
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
+	fstring sid_string;
 
 	if (!cache->tdb) goto do_query;
 
-	centry = wcache_fetch(cache, domain, "U/%s/%d", domain->name, user_rid);
+	centry = wcache_fetch(cache, domain, "U/%s", sid_to_string(sid_string, user_sid));
 	if (!centry) goto do_query;
 
 	info->acct_name = centry_string(centry, mem_ctx);
 	info->full_name = centry_string(centry, mem_ctx);
-	info->user_rid = centry_uint32(centry);
-	info->group_rid = centry_uint32(centry);
+	info->user_sid = centry_sid(centry, mem_ctx);
+	info->group_sid = centry_sid(centry, mem_ctx);
 	status = centry->status;
 	centry_free(centry);
 	return status;
@@ -793,7 +818,7 @@ do_query:
 		return NT_STATUS_SERVER_DISABLED;
 	}
 	
-	status = cache->backend->query_user(domain, mem_ctx, user_rid, info);
+	status = cache->backend->query_user(domain, mem_ctx, user_sid, info);
 
 	/* and save it */
 	refresh_sequence_number(domain, True);
@@ -806,17 +831,18 @@ do_query:
 /* Lookup groups a user is a member of. */
 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 				  TALLOC_CTX *mem_ctx,
-				  uint32 user_rid, 
-				  uint32 *num_groups, uint32 **user_gids)
+				  DOM_SID *user_sid, 
+				  uint32 *num_groups, DOM_SID ***user_gids)
 {
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
-	int i;
+	unsigned int i;
+	fstring sid_string;
 
 	if (!cache->tdb) goto do_query;
 
-	centry = wcache_fetch(cache, domain, "UG/%s/%d", domain->name, user_rid);
+	centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
 	if (!centry) goto do_query;
 
 	*num_groups = centry_uint32(centry);
@@ -826,7 +852,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	(*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
 	if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
 	for (i=0; i<(*num_groups); i++) {
-		(*user_gids)[i] = centry_uint32(centry);
+		(*user_gids)[i] = centry_sid(centry, mem_ctx);
 	}
 
 do_cached:	
@@ -841,7 +867,7 @@ do_query:
 	if (wcache_server_down(domain)) {
 		return NT_STATUS_SERVER_DISABLED;
 	}
-	status = cache->backend->lookup_usergroups(domain, mem_ctx, user_rid, num_groups, user_gids);
+	status = cache->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
 
 	/* and save it */
 	refresh_sequence_number(domain, True);
@@ -849,9 +875,9 @@ do_query:
 	if (!centry) goto skip_save;
 	centry_put_uint32(centry, *num_groups);
 	for (i=0; i<(*num_groups); i++) {
-		centry_put_uint32(centry, (*user_gids)[i]);
+		centry_put_sid(centry, (*user_gids)[i]);
 	}	
-	centry_end(centry, "UG/%s/%d", domain->name, user_rid);
+	centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
 	centry_free(centry);
 
 skip_save:
@@ -861,34 +887,35 @@ skip_save:
 
 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
-				uint32 group_rid, uint32 *num_names, 
-				uint32 **rid_mem, char ***names, 
+				DOM_SID *group_sid, uint32 *num_names, 
+				DOM_SID ***sid_mem, char ***names, 
 				uint32 **name_types)
 {
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
 	NTSTATUS status;
-	int i;
+	unsigned int i;
+	fstring sid_string;
 
 	if (!cache->tdb) goto do_query;
 
-	centry = wcache_fetch(cache, domain, "GM/%s/%d", domain->name, group_rid);
+	centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
 	if (!centry) goto do_query;
 
 	*num_names = centry_uint32(centry);
 	
 	if (*num_names == 0) goto do_cached;
 
-	(*rid_mem) = talloc(mem_ctx, sizeof(**rid_mem) * (*num_names));
+	(*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
 	(*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
 	(*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
 
-	if (! (*rid_mem) || ! (*names) || ! (*name_types)) {
+	if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
 		smb_panic("lookup_groupmem out of memory");
 	}
 
 	for (i=0; i<(*num_names); i++) {
-		(*rid_mem)[i] = centry_uint32(centry);
+		(*sid_mem)[i] = centry_sid(centry, mem_ctx);
 		(*names)[i] = centry_string(centry, mem_ctx);
 		(*name_types)[i] = centry_uint32(centry);
 	}
@@ -900,7 +927,7 @@ do_cached:
 
 do_query:
 	(*num_names) = 0;
-	(*rid_mem) = NULL;
+	(*sid_mem) = NULL;
 	(*names) = NULL;
 	(*name_types) = NULL;
 	
@@ -908,8 +935,8 @@ do_query:
 	if (wcache_server_down(domain)) {
 		return NT_STATUS_SERVER_DISABLED;
 	}
-	status = cache->backend->lookup_groupmem(domain, mem_ctx, group_rid, num_names, 
-						 rid_mem, names, name_types);
+	status = cache->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names, 
+						 sid_mem, names, name_types);
 
 	/* and save it */
 	refresh_sequence_number(domain, True);
@@ -917,11 +944,11 @@ do_query:
 	if (!centry) goto skip_save;
 	centry_put_uint32(centry, *num_names);
 	for (i=0; i<(*num_names); i++) {
-		centry_put_uint32(centry, (*rid_mem)[i]);
+		centry_put_sid(centry, (*sid_mem)[i]);
 		centry_put_string(centry, (*names)[i]);
 		centry_put_uint32(centry, (*name_types)[i]);
 	}	
-	centry_end(centry, "GM/%s/%d", domain->name, group_rid);
+	centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
 	centry_free(centry);
 
 skip_save:
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 94a826fbbc..d06db5943c 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -49,43 +49,44 @@ static BOOL fill_grent(struct winbindd_gr *gr, const char *dom_name,
 	return True;
 }
 
-/* Fill in the group membership field of a NT group given by group_rid */
+/* Fill in the group membership field of a NT group given by group_sid */
 
 static BOOL fill_grent_mem(struct winbindd_domain *domain,
-			   uint32 group_rid, 
+			   DOM_SID *group_sid, 
 			   enum SID_NAME_USE group_name_type, 
 			   int *num_gr_mem, char **gr_mem, int *gr_mem_len)
 {
-	uint32 *rid_mem = NULL, num_names = 0;
+	DOM_SID **sid_mem = NULL;
+	uint32 num_names = 0;
 	uint32 *name_types = NULL;
-	int buf_len, buf_ndx, i;
+	unsigned int buf_len, buf_ndx, i;
 	char **names = NULL, *buf;
 	BOOL result = False;
 	TALLOC_CTX *mem_ctx;
 	NTSTATUS status;
+	fstring sid_string;
 
 	if (!(mem_ctx = talloc_init("fill_grent_mem(%s)", domain->name)))
 		return False;
 
 	/* Initialise group membership information */
 	
-	DEBUG(10, ("group %s rid 0x%x\n", domain ? domain->name : "NULL", 
-		   group_rid));
+	DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid)));
 
 	*num_gr_mem = 0;
 	
 	if (group_name_type != SID_NAME_DOM_GRP) {
-		DEBUG(1, ("rid %d in domain %s isn't a domain group\n", 
-			  group_rid, domain->name));
+		DEBUG(1, ("SID %s in domain %s isn't a domain group\n", 
+			  sid_to_string(sid_string, group_sid), domain->name));
                 goto done;
 	}
 
 	/* Lookup group members */
-	status = domain->methods->lookup_groupmem(domain, mem_ctx, group_rid, &num_names, 
-						  &rid_mem, &names, &name_types);
+	status = domain->methods->lookup_groupmem(domain, mem_ctx, group_sid, &num_names, 
+						  &sid_mem, &names, &name_types);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(1, ("could not lookup membership for group rid %d in domain %s (error: %s)\n", 
-			  group_rid, domain->name, nt_errstr(status)));
+		DEBUG(1, ("could not lookup membership for group rid %s in domain %s (error: %s)\n", 
+			  sid_to_string(sid_string, group_sid), domain->name, nt_errstr(status)));
 
 		goto done;
 	}
@@ -94,7 +95,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain,
 
 	if (DEBUGLEVEL >= 10) {
 		for (i = 0; i < num_names; i++)
-			DEBUG(10, ("\t%20s %x %d\n", names[i], rid_mem[i],
+			DEBUG(10, ("\t%20s %s %d\n", names[i], sid_to_string(sid_string, sid_mem[i]),
 				   name_types[i]));
 	}
 
@@ -190,7 +191,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
 	DOM_SID group_sid;
 	struct winbindd_domain *domain;
 	enum SID_NAME_USE name_type;
-	uint32 group_rid;
 	fstring name_domain, name_group;
 	char *tmp, *gr_mem;
 	gid_t gid;
@@ -233,10 +233,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
-	/* Fill in group structure */
-	if (!sid_peek_check_rid(&domain->sid, &group_sid, &group_rid))
-		return WINBINDD_ERROR;
-
 	if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) {
 		DEBUG(1, ("error converting unix gid to sid\n"));
 		return WINBINDD_ERROR;
@@ -244,7 +240,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
 
 	if (!fill_grent(&state->response.data.gr, name_domain,
 			name_group, gid) ||
-	    !fill_grent_mem(domain, group_rid, name_type,
+	    !fill_grent_mem(domain, &group_sid, name_type,
 			    &state->response.data.gr.num_gr_mem,
 			    &gr_mem, &gr_mem_len)) {
 		return WINBINDD_ERROR;
@@ -269,7 +265,6 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
 	enum SID_NAME_USE name_type;
 	fstring dom_name;
 	fstring group_name;
-	uint32 group_rid;
 	int gr_mem_len;
 	char *gr_mem;
 
@@ -284,17 +279,13 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
 
 	/* Get rid from gid */
 
-	if (!winbindd_idmap_get_rid_from_gid(state->request.data.gid, 
-					     &group_rid, &domain)) {
+	if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) {
 		DEBUG(1, ("could not convert gid %d to rid\n", 
 			  state->request.data.gid));
 		return WINBINDD_ERROR;
 	}
 
-	/* Get sid from gid */
-
-	sid_copy(&group_sid, &domain->sid);
-	sid_append_rid(&group_sid, group_rid);
+	/* Get name from sid */
 
 	if (!winbindd_lookup_name_by_sid(&group_sid, dom_name, group_name, &name_type)) {
 		DEBUG(1, ("could not lookup sid\n"));
@@ -310,9 +301,16 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
 
 	/* Fill in group structure */
 
+	domain = find_domain_from_sid(&group_sid);
+
+	if (!domain) {
+		DEBUG(1,("Can't find domain from sid\n"));
+		return WINBINDD_ERROR;
+	}
+
 	if (!fill_grent(&state->response.data.gr, dom_name, group_name, 
 			state->request.data.gid) ||
-	    !fill_grent_mem(domain, group_rid, name_type,
+	    !fill_grent_mem(domain, &group_sid, name_type,
 			    &state->response.data.gr.num_gr_mem,
 			    &gr_mem, &gr_mem_len))
 		return WINBINDD_ERROR;
@@ -544,7 +542,9 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
 		gid_t group_gid;
 		int gr_mem_len;
 		char *gr_mem, *new_gr_mem_list;
-		
+		DOM_SID group_sid;
+		struct winbindd_domain *domain;
+				
 		/* Do we need to fetch another chunk of groups? */
 
 	tryagain:
@@ -578,16 +578,25 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
 		
 		name_list = ent->sam_entries;
 		
+		if (!(domain = 
+		      find_domain_from_name(ent->domain_name))) {
+			DEBUG(3, ("No such domain %s in winbindd_getgrent\n", ent->domain_name));
+			result = False;
+			goto done;
+		}
+
 		/* Lookup group info */
 		
-		if (!winbindd_idmap_get_gid_from_rid(
-			ent->domain_name,
-			name_list[ent->sam_entry_index].rid,
-			&group_gid)) {
+		sid_copy(&group_sid, &domain->sid);
+		sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
+
+		if (!winbindd_idmap_get_gid_from_sid(
+			    &group_sid,
+			    &group_gid)) {
 			
 			DEBUG(1, ("could not look up gid for group %s\n", 
 				  name_list[ent->sam_entry_index].acct_name));
-
+			
 			ent->sam_entry_index++;
 			goto tryagain;
 		}
@@ -608,15 +617,7 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
 		/* Fill in group membership entry */
 
 		if (result) {
-			struct winbindd_domain *domain;
-
-			if (!(domain = 
-			      find_domain_from_name(ent->domain_name))) {
-				DEBUG(3, ("No such domain %s in winbindd_getgrent\n", ent->domain_name));
-				result = False;
-				goto done;
-			}
-
+			DOM_SID member_sid;
 			group_list[group_list_ndx].num_gr_mem = 0;
 			gr_mem = NULL;
 			gr_mem_len = 0;
@@ -625,9 +626,11 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
 			if (state->request.cmd == WINBINDD_GETGRLST) {
 				result = True;
 			} else {
+				sid_copy(&member_sid, &domain->sid);
+				sid_append_rid(&member_sid, name_list[ent->sam_entry_index].rid);
 				result = fill_grent_mem(
 					domain,
-					name_list[ent->sam_entry_index].rid,
+					&member_sid,
 					SID_NAME_DOM_GRP,
 					&group_list[group_list_ndx].num_gr_mem, 
 					&gr_mem, &gr_mem_len);
@@ -730,7 +733,7 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
 	struct winbindd_domain *domain;
 	char *extra_data = NULL;
 	char *ted = NULL;
-	int extra_data_len = 0, i;
+	unsigned int extra_data_len = 0, i;
 
 	DEBUG(3, ("[%5d]: list groups\n", state->pid));
 
@@ -805,13 +808,13 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
 	fstring name_domain, name_user;
 	DOM_SID user_sid;
 	enum SID_NAME_USE name_type;
-	uint32 user_rid, num_groups, num_gids;
+	uint32 num_groups, num_gids;
 	NTSTATUS status;
-	uint32 *user_gids;
+	DOM_SID **user_gids;
 	struct winbindd_domain *domain;
 	enum winbindd_result result = WINBINDD_ERROR;
 	gid_t *gid_list;
-	int i;
+	unsigned int i;
 	TALLOC_CTX *mem_ctx;
 	
 	/* Ensure null termination */
@@ -852,9 +855,9 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
 		goto done;
 	}
 
-	sid_split_rid(&user_sid, &user_rid);
-
-	status = domain->methods->lookup_usergroups(domain, mem_ctx, user_rid, &num_groups, &user_gids);
+	status = domain->methods->lookup_usergroups(domain, mem_ctx, 
+						    &user_sid, &num_groups, 
+						    &user_gids);
 	if (!NT_STATUS_IS_OK(status)) goto done;
 
 	/* Copy data back to client */
@@ -866,12 +869,13 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
 		goto done;
 
 	for (i = 0; i < num_groups; i++) {
-		if (!winbindd_idmap_get_gid_from_rid(domain->name, 
-						     user_gids[i], 
-						     &gid_list[num_gids])) {
+		if (!winbindd_idmap_get_gid_from_sid(
+			    user_gids[i], 
+			    &gid_list[num_gids])) {
+			fstring sid_string;
 
-			DEBUG(1, ("unable to convert group rid %d to gid\n", 
-				  user_gids[i]));
+			DEBUG(1, ("unable to convert group sid %s to gid\n", 
+				  sid_to_string(sid_string, user_gids[i])));
 			continue;
 		}
 			
diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c
index 0a17fcd87f..de547cde41 100644
--- a/source3/nsswitch/winbindd_idmap.c
+++ b/source3/nsswitch/winbindd_idmap.c
@@ -121,48 +121,6 @@ BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid)
   return ret;
 }
 
-/* Get UID from RID */
-BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, 
-                                     uid_t *uid)
-{
-  BOOL ret = False;
-
-  if (!impl) {
-    impl = get_impl(lp_idmap_backend());
-    if (!impl) {
-      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_idmap_backend()));
-    }
-  }
-
-  if (impl) {
-    ret = impl->get_uid_from_rid(dom_name, rid, uid);
-  }
-
-  return ret;
-}
-
-/* Get GID From RID */
-BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, 
-                                     gid_t *gid)
-{
-  BOOL ret = False;
-
-  if (!impl) {
-    impl = get_impl(lp_idmap_backend());
-    if (!impl) {
-      DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-                lp_idmap_backend()));
-    }
-  }
-
-  if (impl) {
-    ret = impl->get_gid_from_rid(dom_name, rid, gid);
-  }
-
-  return ret;
-}
-
 /* Get SID from UID */
 BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid)
 {
@@ -202,46 +160,6 @@ BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid)
   return ret;
 }
 
-/* Get RID From UID */
-BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid,
-                                     struct winbindd_domain **domain)
-{
-  BOOL ret = False;
-
-  if (!impl) {
-    impl = get_impl(lp_idmap_backend());
-  }
-
-  if (impl) {
-    ret = impl->get_rid_from_uid(uid, user_rid, domain);
-  } else {
-    DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-              lp_idmap_backend()));
-  }
-
-  return ret;
-}
-
-/* Get RID from GID */
-BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, 
-                                     struct winbindd_domain **domain)
-{
-  BOOL ret = False;
-
-  if (!impl) {
-    impl = get_impl(lp_idmap_backend());
-  }
-
-  if (impl) {
-    ret = impl->get_rid_from_gid(gid, group_rid, domain);
-  } else {
-    DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
-              lp_idmap_backend()));
-  }
-
-  return ret;
-}
-
 /* Close backend */
 BOOL winbindd_idmap_close(void)
 {
diff --git a/source3/nsswitch/winbindd_idmap_tdb.c b/source3/nsswitch/winbindd_idmap_tdb.c
index f27c3c1b5f..911b3b41d2 100644
--- a/source3/nsswitch/winbindd_idmap_tdb.c
+++ b/source3/nsswitch/winbindd_idmap_tdb.c
@@ -342,78 +342,6 @@ static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid)
 	return tdb_get_id_from_sid(sid, gid, True);
 }
 
-/* Get a uid from a user rid */
-static BOOL tdb_get_uid_from_rid(const char *dom_name, uint32 rid,
-				 uid_t * uid)
-{
-	struct winbindd_domain *domain;
-	DOM_SID sid;
-
-	if (!(domain = find_domain_from_name(dom_name))) {
-		return False;
-	}
-
-	sid_copy(&sid, &domain->sid);
-	sid_append_rid(&sid, rid);
-
-	return tdb_get_id_from_sid(&sid, uid, False);
-}
-
-/* Get a gid from a group rid */
-static BOOL tdb_get_gid_from_rid(const char *dom_name, uint32 rid,
-				 gid_t * gid)
-{
-	struct winbindd_domain *domain;
-	DOM_SID sid;
-
-	if (!(domain = find_domain_from_name(dom_name))) {
-		return False;
-	}
-
-	sid_copy(&sid, &domain->sid);
-	sid_append_rid(&sid, rid);
-
-	return tdb_get_id_from_sid(&sid, gid, True);
-}
-
-/* Get a user rid from a uid */
-static BOOL tdb_get_rid_from_uid(uid_t uid, uint32 * user_rid,
-				 struct winbindd_domain **domain)
-{
-	DOM_SID sid;
-
-	if (!tdb_get_sid_from_id((int) uid, &sid, False)) {
-		return False;
-	}
-
-	*domain = find_domain_from_sid(&sid);
-	if (!*domain)
-		return False;
-
-	sid_split_rid(&sid, user_rid);
-
-	return True;
-}
-
-/* Get a group rid from a gid */
-static BOOL tdb_get_rid_from_gid(gid_t gid, uint32 * group_rid,
-				 struct winbindd_domain **domain)
-{
-	DOM_SID sid;
-
-	if (!tdb_get_sid_from_id((int) gid, &sid, True)) {
-		return False;
-	}
-
-	*domain = find_domain_from_sid(&sid);
-	if (!*domain)
-		return False;
-
-	sid_split_rid(&sid, group_rid);
-
-	return True;
-}
-
 /* Close the tdb */
 static BOOL tdb_idmap_close(void)
 {
@@ -500,12 +428,6 @@ struct idmap_methods tdb_idmap_methods = {
 	tdb_get_uid_from_sid,
 	tdb_get_gid_from_sid,
 
-	tdb_get_rid_from_uid,
-	tdb_get_rid_from_gid,
-
-	tdb_get_uid_from_rid,
-	tdb_get_gid_from_rid,
-
 	tdb_idmap_close,
 
 	tdb_idmap_status
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 90d8e4f616..03b0a1e706 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -26,6 +26,7 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
+
 /* Query display info for a domain.  This returns enough information plus a
    bit extra to give an overview of domain users for the User Manager
    application. */
@@ -39,7 +40,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 	POLICY_HND dom_pol;
 	BOOL got_dom_pol = False;
 	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
-	int i, start_idx, retry;
+	unsigned int i, start_idx, retry;
 
 	DEBUG(3,("rpc: query_user_list\n"));
 
@@ -97,7 +98,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 			(*info)[i].acct_name = 
 				talloc_strdup(mem_ctx, dom_users[j]);
 			(*info)[i].full_name = talloc_strdup(mem_ctx, "");
-			(*info)[i].user_rid = dom_rids[j];
+			(*info)[i].user_sid = rid_to_talloced_sid(domain, mem_ctx, dom_rids[j]);
 			/* For the moment we set the primary group for
 			   every user to be the Domain Users group.
 			   There are serious problems with determining
@@ -105,7 +106,10 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 			   This should really be made into a 'winbind
 			   force group' smb.conf parameter or
 			   something like that. */
-			(*info)[i].group_rid = DOMAIN_GROUP_RID_USERS;
+			(*info)[i].user_sid 
+				= rid_to_talloced_sid(domain, 
+						      mem_ctx, 
+						      DOMAIN_GROUP_RID_USERS);
 		}
 
 		talloc_destroy(ctx2);
@@ -252,11 +256,11 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
 
 /* convert a single name to a sid in a domain */
 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
 			    const char *name,
 			    DOM_SID *sid,
 			    enum SID_NAME_USE *type)
 {
-	TALLOC_CTX *mem_ctx;
 	CLI_POLICY_HND *hnd;
 	NTSTATUS status;
 	DOM_SID *sids = NULL;
@@ -266,23 +270,16 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 
 	DEBUG(3,("rpc: name_to_sid name=%s\n", name));
 
-	if (!(mem_ctx = talloc_init("name_to_sid[rpc] for [%s]\\[%s]", domain->name, name))) {
-		DEBUG(0, ("talloc_init failed!\n"));
-		return NT_STATUS_NO_MEMORY;
-	}
-        
 	full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain->name, name);
 	
 	if (!full_name) {
 		DEBUG(0, ("talloc_asprintf failed!\n"));
-		talloc_destroy(mem_ctx);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	retry = 0;
 	do {
 		if (!(hnd = cm_get_lsa_handle(domain->name))) {
-			talloc_destroy(mem_ctx);
 			return NT_STATUS_UNSUCCESSFUL;
 		}
         
@@ -297,7 +294,6 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 		*type = types[0];
 	}
 
-	talloc_destroy(mem_ctx);
 	return status;
 }
 
@@ -345,17 +341,22 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain,
 /* Lookup user information from a rid or username. */
 static NTSTATUS query_user(struct winbindd_domain *domain, 
 			   TALLOC_CTX *mem_ctx, 
-			   uint32 user_rid, 
+			   DOM_SID *user_sid, 
 			   WINBIND_USERINFO *user_info)
 {
 	CLI_POLICY_HND *hnd;
-	NTSTATUS result;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND dom_pol, user_pol;
 	BOOL got_dom_pol = False, got_user_pol = False;
 	SAM_USERINFO_CTR *ctr;
 	int retry;
+	fstring sid_string;
+	uint32 user_rid;
 
-	DEBUG(3,("rpc: query_user rid=%u\n", user_rid));
+	DEBUG(3,("rpc: query_user rid=%s\n", sid_to_string(sid_string, user_sid)));
+	if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) {
+		goto done;
+	}
 
 	retry = 0;
 	do {
@@ -394,8 +395,8 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 	cli_samr_close(hnd->cli, mem_ctx, &user_pol);
 	got_user_pol = False;
 
-	user_info->user_rid = user_rid;
-	user_info->group_rid = ctr->info.id21->group_rid;
+	user_info->user_sid = rid_to_talloced_sid(domain, mem_ctx, user_rid);
+	user_info->group_sid = rid_to_talloced_sid(domain, mem_ctx, ctr->info.id21->group_rid);
 	user_info->acct_name = unistr2_tdup(mem_ctx, 
 					    &ctr->info.id21->uni_user_name);
 	user_info->full_name = unistr2_tdup(mem_ctx, 
@@ -415,8 +416,8 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 /* Lookup groups a user is a member of.  I wish Unix had a call like this! */
 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 				  TALLOC_CTX *mem_ctx,
-				  uint32 user_rid, 
-				  uint32 *num_groups, uint32 **user_gids)
+				  DOM_SID *user_sid,
+				  uint32 *num_groups, DOM_SID ***user_gids)
 {
 	CLI_POLICY_HND *hnd;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -424,15 +425,17 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	BOOL got_dom_pol = False, got_user_pol = False;
 	DOM_GID *user_groups;
-	int i;
-	int retry;
+	unsigned int i;
+	unsigned int retry;
+	fstring sid_string;
+	uint32 user_rid;
 
-	DEBUG(3,("rpc: lookup_usergroups rid=%u\n", user_rid));
+	DEBUG(3,("rpc: lookup_usergroups sid=%s\n", sid_to_string(sid_string, user_sid)));
 
 	*num_groups = 0;
 
 	/* First try cached universal groups from logon */
-	*user_gids = uni_group_cache_fetch(&domain->sid, user_rid, mem_ctx, num_groups);
+	*user_gids = uni_group_cache_fetch(&domain->sid, user_sid, mem_ctx, num_groups);
 	if((*num_groups > 0) && *user_gids) {
 		return NT_STATUS_OK;
 	} else {
@@ -448,7 +451,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 
 		/* Get domain handle */
 		result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
-						des_access, &domain->sid, &dom_pol);
+					      des_access, &domain->sid, &dom_pol);
 	} while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -456,6 +459,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 
 	got_dom_pol = True;
 
+
+	if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) {
+		goto done;
+	}
+
 	/* Get user handle */
 	result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol,
 					des_access, user_rid, &user_pol);
@@ -473,8 +481,13 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 		goto done;
 
 	(*user_gids) = talloc(mem_ctx, sizeof(uint32) * (*num_groups));
+	if (!(*user_gids)) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
 	for (i=0;i<(*num_groups);i++) {
-		(*user_gids)[i] = user_groups[i].g_rid;
+		(*user_gids)[i] = rid_to_talloced_sid(domain, mem_ctx, user_groups[i].g_rid);
 	}
 	
  done:
@@ -492,8 +505,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 /* Lookup group membership given a rid.   */
 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
-				uint32 group_rid, uint32 *num_names, 
-				uint32 **rid_mem, char ***names, 
+				DOM_SID *group_sid, uint32 *num_names, 
+				DOM_SID ***sid_mem, char ***names, 
 				uint32 **name_types)
 {
         CLI_POLICY_HND *hnd;
@@ -502,9 +515,17 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
         POLICY_HND dom_pol, group_pol;
         uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
         BOOL got_dom_pol = False, got_group_pol = False;
+	uint32 *rid_mem = NULL;
+	uint32 group_rid;
 	int retry;
+	unsigned int j;
+	fstring sid_string;
+
+	DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name, sid_to_string(sid_string, group_sid)));
 
-	DEBUG(10,("rpc: lookup_groupmem %s rid=%u\n", domain->name, group_rid));
+	if (!sid_peek_check_rid(&domain->sid, group_sid, &group_rid)) {
+		goto done;
+	}
 
 	*num_names = 0;
 
@@ -539,7 +560,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
            group. */
 
         result = cli_samr_query_groupmem(hnd->cli, mem_ctx,
-                                         &group_pol, num_names, rid_mem,
+                                         &group_pol, num_names, &rid_mem,
                                          name_types);
 
         if (!NT_STATUS_IS_OK(result))
@@ -554,6 +575,16 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 
         *names = talloc_zero(mem_ctx, *num_names * sizeof(char *));
         *name_types = talloc_zero(mem_ctx, *num_names * sizeof(uint32));
+        *sid_mem = talloc_zero(mem_ctx, *num_names * sizeof(DOM_SID *));
+
+	for (j=0;j<(*num_names);j++) {
+		(*sid_mem)[j] = rid_to_talloced_sid(domain, mem_ctx, (rid_mem)[j]);
+	}
+	
+	if (!*names || !*name_types) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
 
         for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
                 int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);
@@ -566,7 +597,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
                 result = cli_samr_lookup_rids(hnd->cli, mem_ctx,
                                               &dom_pol, 1000, /* flags */
                                               num_lookup_rids,
-                                              &(*rid_mem)[i],
+                                              &rid_mem[i],
                                               &tmp_num_names,
                                               &tmp_names, &tmp_types);
 
@@ -581,7 +612,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 
                 memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) *
                        tmp_num_names);
-
+		
                 total_names += tmp_num_names;
         }
 
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index 06c95224ab..ee05543d30 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -29,29 +29,30 @@
 /* Fill a pwent structure with information we have obtained */
 
 static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, 
-				uint32 user_rid, uint32 group_rid, 
+				DOM_SID *user_sid, DOM_SID *group_sid,
 				char *full_name, struct winbindd_pw *pw)
 {
 	extern userdom_struct current_user_info;
 	fstring output_username;
 	pstring homedir;
+	fstring sid_string;
 	
 	if (!pw || !dom_name || !user_name)
 		return False;
 	
 	/* Resolve the uid number */
 	
-	if (!winbindd_idmap_get_uid_from_rid(dom_name, user_rid, 
+	if (!winbindd_idmap_get_uid_from_sid(user_sid, 
 					     &pw->pw_uid)) {
-		DEBUG(1, ("error getting user id for rid %d\n", user_rid));
+		DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid)));
 		return False;
 	}
 	
 	/* Resolve the gid number */   
 	
-	if (!winbindd_idmap_get_gid_from_rid(dom_name, group_rid, 
+	if (!winbindd_idmap_get_gid_from_sid(group_sid, 
 					     &pw->pw_gid)) {
-		DEBUG(1, ("error getting group id for rid %d\n", group_rid));
+		DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid)));
 		return False;
 	}
 
@@ -95,7 +96,6 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name,
 
 enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) 
 {
-	uint32 user_rid;
 	WINBIND_USERINFO user_info;
 	DOM_SID user_sid;
 	NTSTATUS status;
@@ -144,9 +144,7 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
-	sid_split_rid(&user_sid, &user_rid);
-
-	status = domain->methods->query_user(domain, mem_ctx, user_rid, 
+	status = domain->methods->query_user(domain, mem_ctx, &user_sid, 
 					     &user_info);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -158,7 +156,7 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
     
 	/* Now take all this information and fill in a passwd structure */	
 	if (!winbindd_fill_pwent(name_domain, name_user, 
-				 user_rid, user_info.group_rid, 
+				 user_info.user_sid, user_info.group_sid, 
 				 user_info.full_name,
 				 &state->response.data.pw)) {
 		talloc_destroy(mem_ctx);
@@ -176,7 +174,6 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 {
 	DOM_SID user_sid;
 	struct winbindd_domain *domain;
-	uint32 user_rid;
 	fstring dom_name;
 	fstring user_name;
 	enum SID_NAME_USE name_type;
@@ -196,18 +193,15 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 	
 	/* Get rid from uid */
 
-	if (!winbindd_idmap_get_rid_from_uid(state->request.data.uid, 
-					     &user_rid, &domain)) {
-		DEBUG(1, ("could not convert uid %d to rid\n", 
+	if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, 
+					     &user_sid)) {
+		DEBUG(1, ("could not convert uid %d to SID\n", 
 			  state->request.data.uid));
 		return WINBINDD_ERROR;
 	}
 	
 	/* Get name and name type from rid */
 
-	sid_copy(&user_sid, &domain->sid);
-	sid_append_rid(&user_sid, user_rid);
-	
 	if (!winbindd_lookup_name_by_sid(&user_sid, dom_name, user_name, &name_type)) {
 		fstring temp;
 		
@@ -216,6 +210,13 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 	
+	domain = find_domain_from_sid(&user_sid);
+
+	if (!domain) {
+		DEBUG(1,("Can't find domain from sid\n"));
+		return WINBINDD_ERROR;
+	}
+
 	/* Get some user info */
 	
 	if (!(mem_ctx = talloc_init("winbind_getpwuid(%d)",
@@ -225,7 +226,7 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
-	status = domain->methods->query_user(domain, mem_ctx, user_rid, 
+	status = domain->methods->query_user(domain, mem_ctx, &user_sid, 
 					     &user_info);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -237,7 +238,7 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 	
 	/* Resolve gid number */
 
-	if (!winbindd_idmap_get_gid_from_rid(domain->name, user_info.group_rid, &gid)) {
+	if (!winbindd_idmap_get_gid_from_sid(user_info.group_sid, &gid)) {
 		DEBUG(1, ("error getting group id for user %s\n", user_name));
 		talloc_destroy(mem_ctx);
 		return WINBINDD_ERROR;
@@ -245,7 +246,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 
 	/* Fill in password structure */
 
-	if (!winbindd_fill_pwent(domain->name, user_name, user_rid, user_info.group_rid,
+	if (!winbindd_fill_pwent(domain->name, user_name, user_info.user_sid, 
+				 user_info.group_sid,
 				 user_info.full_name, &state->response.data.pw)) {
 		talloc_destroy(mem_ctx);
 		return WINBINDD_ERROR;
@@ -332,13 +334,13 @@ static BOOL get_sam_user_entries(struct getent_state *ent)
 	TALLOC_CTX *mem_ctx;
 	struct winbindd_domain *domain;
 	struct winbindd_methods *methods;
-	int i;
+	unsigned int i;
 
 	if (ent->num_sam_entries)
 		return False;
 
 	if (!(mem_ctx = talloc_init("get_sam_user_entries(%s)",
-					  ent->domain_name)))
+				    ent->domain_name)))
 		return False;
 
 	if (!(domain = find_domain_from_name(ent->domain_name))) {
@@ -393,8 +395,8 @@ static BOOL get_sam_user_entries(struct getent_state *ent)
 		}
 		
 		/* User and group ids */
-		name_list[ent->num_sam_entries+i].user_rid = info[i].user_rid;
-		name_list[ent->num_sam_entries+i].group_rid = info[i].group_rid;
+		sid_copy(&name_list[ent->num_sam_entries+i].user_sid, info[i].user_sid);
+		sid_copy(&name_list[ent->num_sam_entries+i].group_sid, info[i].group_sid);
 	}
 		
 	ent->num_sam_entries += num_entries;
@@ -492,8 +494,8 @@ enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
 		result = winbindd_fill_pwent(
 			ent->domain_name, 
 			name_list[ent->sam_entry_index].name,
-			name_list[ent->sam_entry_index].user_rid,
-			name_list[ent->sam_entry_index].group_rid,
+			&name_list[ent->sam_entry_index].user_sid,
+			&name_list[ent->sam_entry_index].group_sid,
 			name_list[ent->sam_entry_index].gecos,
 			&user_list[user_list_ndx]);
 		
@@ -540,7 +542,7 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
 	for (domain = domain_list(); domain; domain = domain->next) {
 		NTSTATUS status;
 		struct winbindd_methods *methods;
-		int i;
+		unsigned int i;
 
 		methods = domain->methods;
 
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 3fa08029b6..fdbfd92b5a 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -271,14 +271,20 @@ BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain,
 				 enum SID_NAME_USE *type)
 {
 	NTSTATUS result;
-        
+        TALLOC_CTX *mem_ctx;
 	/* Don't bother with machine accounts */
-        
+
 	if (name[strlen(name) - 1] == '$')
 		return False;
 
+	mem_ctx = talloc_init("lookup_sid_by_name for %s\n", name);
+	if (!mem_ctx) 
+		return False;
+        
 	/* Lookup name */
-	result = domain->methods->name_to_sid(domain, name, sid, type);
+	result = domain->methods->name_to_sid(domain, mem_ctx, name, sid, type);
+
+	talloc_destroy(mem_ctx);
         
 	/* Return rid and type if lookup successful */
 	if (!NT_STATUS_IS_OK(result)) {
@@ -528,3 +534,20 @@ int winbindd_num_clients(void)
 {
 	return _num_clients;
 }
+
+/* Help with RID -> SID conversion */
+
+DOM_SID *rid_to_talloced_sid(struct winbindd_domain *domain,
+				    TALLOC_CTX *mem_ctx,
+				    uint32 rid) 
+{
+	DOM_SID *sid;
+	sid = talloc(mem_ctx, sizeof(*sid));
+	if (!sid) {
+		smb_panic("rid_to_to_talloced_sid: talloc for DOM_SID failed!\n");
+	}
+	sid_copy(sid, &domain->sid);
+	sid_append_rid(sid, rid);
+	return sid;
+}
+	
-- 
cgit 


From ca80787248bfe7fe8dff12486ba32520f6910341 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 26 Feb 2003 12:23:03 +0000
Subject: Netlogon-unigroup changes needed for the winbind RID-to-SID
 conversion.

This changes the cache format, which will simply invalidate existing entries,
leaving them dead in the cache.

Andrew Bartlett
(This used to be commit 3fc179362ea849db23490b971a9f64f943e7f7f8)
---
 source3/libsmb/netlogon_unigrp.c | 37 +++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/source3/libsmb/netlogon_unigrp.c b/source3/libsmb/netlogon_unigrp.c
index fa2fe32f35..466410d800 100644
--- a/source3/libsmb/netlogon_unigrp.c
+++ b/source3/libsmb/netlogon_unigrp.c
@@ -22,6 +22,7 @@
 */
 
 #include "includes.h"
+#define UNIGROUP_PREFIX "UNIGROUP"
 
 /*
     Handle for netlogon_unigrp.tdb database. It is used internally
@@ -50,17 +51,22 @@ BOOL uni_group_cache_init(void)
 BOOL  uni_group_cache_store_netlogon(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
 {
 	TDB_DATA key,data;
-        fstring keystr;
-        int i;
+        fstring keystr, sid_string;
+	DOM_SID user_sid;
+        unsigned int i;
 
 	if (!uni_group_cache_init()) {
 		DEBUG(0,("uni_group_cache_store_netlogon: cannot open netlogon_unigrp.tdb for write!\n"));
 		return False;
 	}
 
-	/* Prepare key as DOMAIN-SID/USER-RID string */
-	slprintf(keystr, sizeof(keystr), "%s/%d", 
-		 sid_string_static(&user->dom_sid.sid), user->user_rid);
+	sid_copy(&user_sid, &user->dom_sid.sid);
+	sid_append_rid(&user_sid, user->user_rid);
+
+	/* Prepare key as USER-SID string */
+	slprintf(keystr, sizeof(keystr), "%s/%s",
+		 UNIGROUP_PREFIX,
+		 sid_to_string(sid_string, &user_sid));
 	key.dptr = keystr;
 	key.dsize = strlen(keystr) + 1;
 	
@@ -90,14 +96,15 @@ BOOL  uni_group_cache_store_netlogon(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
     and elements are array[0] ... array[num_elements-1]
     
 */
-uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid,
+DOM_SID **uni_group_cache_fetch(DOM_SID *domain, DOM_SID *user_sid,
 			      TALLOC_CTX *mem_ctx, uint32 *num_groups)
 {
 	TDB_DATA key,data;
 	fstring keystr;
-	uint32 *groups;
+	DOM_SID **groups;
 	uint32 i;
 	uint32 group_count;
+	fstring sid_string;
 	
 	if (!domain) {
 		DEBUG(1,("uni_group_cache_fetch: expected non-null domain sid\n"));
@@ -123,8 +130,9 @@ uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid,
 	*num_groups = 0;
 	
 	/* Fetch universal groups */
-	slprintf(keystr, sizeof(keystr), "%s/%d", 
-		 sid_string_static(domain), user_rid);
+	slprintf(keystr, sizeof(keystr), "%s/%s", 
+		 UNIGROUP_PREFIX,
+		 sid_to_string(sid_string, user_sid));
 	key.dptr = keystr;
 	key.dsize = strlen(keystr) + 1;
 	data = tdb_fetch(netlogon_unigrp_tdb, key);
@@ -136,12 +144,17 @@ uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid,
 	
 	/* Transfer data to receiver's memory context */
 	group_count = IVAL(&((uint32*)data.dptr)[0],0);
-	groups = talloc(mem_ctx, (group_count)*sizeof(uint32));
+	groups = talloc(mem_ctx, (group_count)*sizeof(*groups));
 	if (groups) {
 		for(i=0; i<group_count; i++) {
-			groups[i] = IVAL(&((uint32*)data.dptr)[i+1],0);
+			groups[i] = talloc(mem_ctx, sizeof(**groups));
+			if (!groups[i]) {
+				DEBUG(1,("uni_group_cache_fetch: cannot allocate uni groups in receiver's memory context\n"));
+				return NULL;
+			}
+			sid_copy(groups[i], domain);
+			sid_append_rid(groups[i], IVAL(&((uint32*)data.dptr)[i+1],0));
 		}
-		
 	} else {
 		DEBUG(1,("uni_group_cache_fetch: cannot allocate uni groups in receiver's memory context\n"));
 	}
-- 
cgit 


From 20d0bb23103b219d96aa0ae73136521022f48762 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 26 Feb 2003 12:31:17 +0000
Subject: Add -Wwrite-strings to our --enable-developer settings.

We have compiled relitivly 'clean' with this setting since I did a massive
cleanup last month.  This should help us stay that way.

Andrew Bartlett
(This used to be commit 284479bf388f5e39d9be78eeb1ac6cdd001fb8df)
---
 source3/configure.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/configure.in b/source3/configure.in
index e3b5f2fe15..269d70c2fc 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -205,12 +205,12 @@ AC_ARG_ENABLE(debug,
 
 AC_ARG_ENABLE(developer, [  --enable-developer      Turn on developer warnings and debugging (default=no)],
     [if eval "test x$enable_developer = xyes"; then
-	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER"
+	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER"
     fi])
 
 AC_ARG_ENABLE(krb5developer, [  --enable-krb5developer  Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)],
     [if eval "test x$enable_krb5developer = xyes"; then
-	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER"
+	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER"
     fi])
 
 AC_ARG_ENABLE(dmalloc, [  --enable-dmalloc        Enable heap debugging [default=no]])
-- 
cgit 


From f6f76ad5ed7b3eee7cbd3bca6f3ccd1194a0e98a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 27 Feb 2003 00:43:23 +0000
Subject: Fix to allow blocking lock notification to be done rapidly (no wait
 for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb (does not
 interfere with existing locks). Jeremy. (This used to be commit
 22fc0d48ff2052b4274c65f85050c58b235bf4e4)

---
 source3/include/messages.h |  1 +
 source3/include/smb.h      |  2 +-
 source3/locking/brlock.c   | 82 ++++++++++++++++++++++++++++++++++++++++++----
 source3/locking/locking.c  |  4 +--
 source3/smbd/blocking.c    | 78 +++++++++++++++++++++++++++++++++++++++----
 source3/smbd/process.c     |  7 ++++
 source3/smbd/reply.c       |  7 ++--
 7 files changed, 162 insertions(+), 19 deletions(-)

diff --git a/source3/include/messages.h b/source3/include/messages.h
index 2b8ca8bbe9..ce167a772d 100644
--- a/source3/include/messages.h
+++ b/source3/include/messages.h
@@ -62,6 +62,7 @@
 #define MSG_SMB_FORCE_TDIS   3002
 #define MSG_SMB_SAM_SYNC     3003
 #define MSG_SMB_SAM_REPL     3004
+#define MSG_SMB_UNLOCK       3005
 
 /* Flags to classify messages - used in message_send_all() */
 /* Sender will filter by flag. */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 71051e341e..a2b341d0fc 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -772,7 +772,7 @@ typedef enum
 } parm_class;
 
 /* passed to br lock code */
-enum brl_type {READ_LOCK, WRITE_LOCK};
+enum brl_type {READ_LOCK, WRITE_LOCK, PENDING_LOCK};
 
 struct enum_list {
 	int value;
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 9902c7bbd7..4cd885f1a6 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -98,6 +98,9 @@ static BOOL brl_same_context(struct lock_context *ctx1,
 static BOOL brl_conflict(struct lock_struct *lck1, 
 			 struct lock_struct *lck2)
 {
+	if (lck1->lock_type == PENDING_LOCK || lck2->lock_type == PENDING_LOCK )
+		return False;
+
 	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) {
 		return False;
 	}
@@ -119,6 +122,9 @@ static BOOL brl_conflict(struct lock_struct *lck1,
 static BOOL brl_conflict1(struct lock_struct *lck1, 
 			 struct lock_struct *lck2)
 {
+	if (lck1->lock_type == PENDING_LOCK || lck2->lock_type == PENDING_LOCK )
+		return False;
+
 	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) {
 		return False;
 	}
@@ -148,6 +154,9 @@ static BOOL brl_conflict1(struct lock_struct *lck1,
 
 static BOOL brl_conflict_other(struct lock_struct *lck1, struct lock_struct *lck2)
 {
+	if (lck1->lock_type == PENDING_LOCK || lck2->lock_type == PENDING_LOCK )
+		return False;
+
 	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) 
 		return False;
 
@@ -385,16 +394,30 @@ NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 	return status;
 }
 
+/****************************************************************************
+ Check if an unlock overlaps a pending lock.
+****************************************************************************/
+
+static BOOL brl_pending_overlap(struct lock_struct *lock, struct lock_struct *pend_lock)
+{
+	if ((lock->start <= pend_lock->start) && (lock->start + lock->size > pend_lock->start))
+		return True;
+	if ((lock->start >= pend_lock->start) && (lock->start <= pend_lock->start + pend_lock->size))
+		return True;
+	return False;
+}
+
 /****************************************************************************
  Unlock a range of bytes.
 ****************************************************************************/
 
 BOOL brl_unlock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 		uint16 smbpid, pid_t pid, uint16 tid,
-		br_off start, br_off size)
+		br_off start, br_off size,
+		BOOL remove_pending_locks_only)
 {
 	TDB_DATA kbuf, dbuf;
-	int count, i;
+	int count, i, j;
 	struct lock_struct *locks;
 	struct lock_context context;
 
@@ -452,9 +475,34 @@ BOOL brl_unlock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 		struct lock_struct *lock = &locks[i];
 
 		if (brl_same_context(&lock->context, &context) &&
-		    lock->fnum == fnum &&
-		    lock->start == start &&
-		    lock->size == size) {
+				lock->fnum == fnum &&
+				lock->start == start &&
+				lock->size == size) {
+
+			if (remove_pending_locks_only && lock->lock_type != PENDING_LOCK)
+				continue;
+
+			if (lock->lock_type != PENDING_LOCK) {
+				/* Send unlock messages to any pending waiters that overlap. */
+				for (j=0; j<count; j++) {
+					struct lock_struct *pend_lock = &locks[j];
+
+					/* Ignore non-pending locks. */
+					if (pend_lock->lock_type != PENDING_LOCK)
+						continue;
+
+					/* We could send specific lock info here... */
+					if (brl_pending_overlap(lock, pend_lock)) {
+						DEBUG(10,("brl_unlock: sending unlock message to pid %u\n",
+									(unsigned int)pend_lock->context.pid ));
+
+						message_send_pid(pend_lock->context.pid,
+								MSG_SMB_UNLOCK,
+								NULL, 0, True);
+					}
+				}
+			}
+
 			/* found it - delete it */
 			if (count == 1) {
 				tdb_delete(tdb, kbuf);
@@ -546,7 +594,7 @@ BOOL brl_locktest(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 void brl_close(SMB_DEV_T dev, SMB_INO_T ino, pid_t pid, int tid, int fnum)
 {
 	TDB_DATA kbuf, dbuf;
-	int count, i, dcount=0;
+	int count, i, j, dcount=0;
 	struct lock_struct *locks;
 
 	kbuf = locking_key(dev,ino);
@@ -561,12 +609,34 @@ void brl_close(SMB_DEV_T dev, SMB_INO_T ino, pid_t pid, int tid, int fnum)
 	/* there are existing locks - remove any for this fnum */
 	locks = (struct lock_struct *)dbuf.dptr;
 	count = dbuf.dsize / sizeof(*locks);
+
 	for (i=0; i<count; i++) {
 		struct lock_struct *lock = &locks[i];
 
 		if (lock->context.tid == tid &&
 		    lock->context.pid == pid &&
 		    lock->fnum == fnum) {
+
+			/* Send unlock messages to any pending waiters that overlap. */
+			for (j=0; j<count; j++) {
+				struct lock_struct *pend_lock = &locks[j];
+
+				/* Ignore our own or non-pending locks. */
+				if (pend_lock->lock_type != PENDING_LOCK)
+					continue;
+
+				if (pend_lock->context.tid == tid &&
+				    pend_lock->context.pid == pid &&
+				    pend_lock->fnum == fnum)
+					continue;
+
+				/* We could send specific lock info here... */
+				if (brl_pending_overlap(lock, pend_lock))
+					message_send_pid(pend_lock->context.pid,
+							MSG_SMB_UNLOCK,
+							NULL, 0, True);
+			}
+
 			/* found it - delete it */
 			if (count > 1 && i < count-1) {
 				memmove(&locks[i], &locks[i+1], 
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index fdfd4d661c..651f905e15 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -132,7 +132,7 @@ static NTSTATUS do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_p
 				 */
 				(void)brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
 								lock_pid, sys_getpid(), conn->cnum, 
-								offset, count);
+								offset, count, False);
 			}
 		}
 	}
@@ -201,7 +201,7 @@ NTSTATUS do_unlock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
 	 */
 
 	ok = brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
-			lock_pid, sys_getpid(), conn->cnum, offset, count);
+			lock_pid, sys_getpid(), conn->cnum, offset, count, False);
    
 	if (!ok) {
 		DEBUG(10,("do_unlock: returning ERRlock.\n" ));
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 14239272c2..581ce43f91 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -1,7 +1,7 @@
 /* 
    Unix SMB/CIFS implementation.
    Blocking Locking functions
-   Copyright (C) Jeremy Allison 1998
+   Copyright (C) Jeremy Allison 1998-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -33,6 +33,9 @@ typedef struct {
   files_struct *fsp;
   time_t expire_time;
   int lock_num;
+  SMB_BIG_UINT offset;
+  SMB_BIG_UINT count;
+  uint16 lock_pid;
   char *inbuf;
   int length;
 } blocking_lock_record;
@@ -77,13 +80,18 @@ static BOOL in_chained_smb(void)
   return (chain_size != 0);
 }
 
+static void received_unlock_msg(int msg_type, pid_t src, void *buf, size_t len);
+
 /****************************************************************************
  Function to push a blocking lock request onto the lock queue.
 ****************************************************************************/
 
-BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int lock_num)
+BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout,
+		int lock_num, uint16 lock_pid, SMB_BIG_UINT offset, SMB_BIG_UINT count)
 {
+  static BOOL set_lock_msg;
   blocking_lock_record *blr;
+  NTSTATUS status;
 
   if(in_chained_smb() ) {
     DEBUG(0,("push_blocking_lock_request: cannot queue a chained request (currently).\n"));
@@ -110,11 +118,31 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int
   blr->fsp = get_fsp_from_pkt(inbuf);
   blr->expire_time = (lock_timeout == -1) ? (time_t)-1 : time(NULL) + (time_t)lock_timeout;
   blr->lock_num = lock_num;
+  blr->lock_pid = lock_pid;
+  blr->offset = offset;
+  blr->count = count;
   memcpy(blr->inbuf, inbuf, length);
   blr->length = length;
 
+  /* Add a pending lock record for this. */
+  status = brl_lock(blr->fsp->dev, blr->fsp->inode, blr->fsp->fnum,
+		lock_pid, sys_getpid(), blr->fsp->conn->cnum,
+		offset, count,
+		PENDING_LOCK);
+
+  if (!NT_STATUS_IS_OK(status)) {
+	DEBUG(0,("push_blocking_lock_request: failed to add PENDING_LOCK record.\n"));
+	free_blocking_lock_record(blr);
+	return False;
+  }
+
   ubi_slAddTail(&blocking_lock_queue, blr);
 
+  /* Ensure we'll receive messages when this is unlocked. */
+  if (!set_lock_msg) {
+	  message_register(MSG_SMB_UNLOCK, received_unlock_msg);
+	  set_lock_msg = True;
+  }
 
   DEBUG(3,("push_blocking_lock_request: lock request length=%d blocked with expiry time %d (+%d) \
 for fnum = %d, name = %s\n", length, (int)blr->expire_time, lock_timeout,
@@ -493,6 +521,10 @@ void remove_pending_lock_requests_by_fid(files_struct *fsp)
       DEBUG(10,("remove_pending_lock_requests_by_fid - removing request type %d for \
 file %s fnum = %d\n", blr->com_type, fsp->fsp_name, fsp->fnum ));
 
+      brl_unlock(blr->fsp->dev, blr->fsp->inode, blr->fsp->fnum,
+		blr->lock_pid, sys_getpid(), blr->fsp->conn->cnum,
+		blr->offset, blr->count, True);
+
       free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
       blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
       continue;
@@ -520,6 +552,9 @@ void remove_pending_lock_requests_by_mid(int mid)
 file %s fnum = %d\n", blr->com_type, fsp->fsp_name, fsp->fnum ));
 
       blocking_lock_reply_error(blr,NT_STATUS_CANCELLED);
+      brl_unlock(blr->fsp->dev, blr->fsp->inode, blr->fsp->fnum,
+		blr->lock_pid, sys_getpid(), blr->fsp->conn->cnum,
+		blr->offset, blr->count, True);
       free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
       blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
       continue;
@@ -530,9 +565,20 @@ file %s fnum = %d\n", blr->com_type, fsp->fsp_name, fsp->fnum ));
   }
 }
 
+/****************************************************************************
+  Set a flag as an unlock request affects one of our pending locks.
+*****************************************************************************/
+
+static void received_unlock_msg(int msg_type, pid_t src, void *buf, size_t len)
+{
+	DEBUG(10,("received_unlock_msg\n"));
+	process_blocking_lock_queue(time(NULL));
+}
+
 /****************************************************************************
  Return the number of seconds to the next blocking locks timeout, or default_timeout
 *****************************************************************************/
+
 unsigned blocking_locks_timeout(unsigned default_timeout)
 {
 	unsigned timeout = default_timeout;
@@ -540,22 +586,21 @@ unsigned blocking_locks_timeout(unsigned default_timeout)
 	blocking_lock_record *blr = (blocking_lock_record *)ubi_slFirst(&blocking_lock_queue);
 
 	/* note that we avoid the time() syscall if there are no blocking locks */
-	if (!blr) {
+	if (!blr)
 		return timeout;
-	}
 
 	t = time(NULL);
 
 	while (blr) {
-		if (timeout > (blr->expire_time - t)) {
+		if ((blr->expire_time != (time_t)-1) &&
+					(timeout > (blr->expire_time - t))) {
 			timeout = blr->expire_time - t;
 		}
 		blr = (blocking_lock_record *)ubi_slNext(blr);
 	}
 
-	if (timeout < 1) {
+	if (timeout < 1)
 		timeout = 1;
-	}
 
 	return timeout;
 }
@@ -604,6 +649,10 @@ void process_blocking_lock_queue(time_t t)
       DEBUG(5,("process_blocking_lock_queue: pending lock fnum = %d for file %s timed out.\n",
           fsp->fnum, fsp->fsp_name ));
 
+      brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
+		blr->lock_pid, sys_getpid(), conn->cnum,
+		blr->offset, blr->count, True);
+
       blocking_lock_reply_error(blr,NT_STATUS_FILE_LOCK_CONFLICT);
       free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
       blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
@@ -617,6 +666,11 @@ void process_blocking_lock_queue(time_t t)
        * Remove the entry and return an error to the client.
        */
       blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED);
+
+      brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
+		blr->lock_pid, sys_getpid(), conn->cnum,
+		blr->offset, blr->count, True);
+
       free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
       blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
       continue;
@@ -628,6 +682,11 @@ void process_blocking_lock_queue(time_t t)
        * Remove the entry and return an error to the client.
        */
       blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED);
+
+      brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
+		blr->lock_pid, sys_getpid(), conn->cnum,
+		blr->offset, blr->count, True);
+
       free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
       blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
       change_to_root_user();
@@ -641,6 +700,11 @@ void process_blocking_lock_queue(time_t t)
      */
 
     if(blocking_lock_record_process(blr)) {
+
+      brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
+		blr->lock_pid, sys_getpid(), conn->cnum,
+		blr->offset, blr->count, True);
+
       free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
       blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
       change_to_root_user();
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c002abad16..57bc236eef 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1271,6 +1271,13 @@ void smbd_process(void)
 		lp_talloc_free();
 		main_loop_talloc_free();
 
+		/* Did someone ask for immediate checks on things like blocking locks ? */
+		if (select_timeout == 0) {
+			if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
+				return;
+			num_smbs = 0; /* Reset smb counter. */
+		}
+
 		while (!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout)) {
 			if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
 				return;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 580878fe32..71e880476c 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1609,7 +1609,8 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length
 			 * this smb into a queued request and push it
 			 * onto the blocking lock queue.
 			 */
-			if(push_blocking_lock_request(inbuf, length, -1, 0)) {
+			if(push_blocking_lock_request(inbuf, length, -1, 0, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)startpos,
+								(SMB_BIG_UINT)numtoread)) {
 				END_PROFILE(SMBlockread);
 				return -1;
 			}
@@ -2514,7 +2515,7 @@ int reply_lock(connection_struct *conn,
 			 * this smb into a queued request and push it
 			 * onto the blocking lock queue.
 			 */
-			if(push_blocking_lock_request(inbuf, length, -1, 0)) {
+			if(push_blocking_lock_request(inbuf, length, -1, 0, SVAL(inbuf,smb_pid), offset, count)) {
 				END_PROFILE(SMBlock);
 				return -1;
 			}
@@ -3955,7 +3956,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
 				 * this smb into a queued request and push it
 				 * onto the blocking lock queue.
 				 */
-				if(push_blocking_lock_request(inbuf, length, lock_timeout, i)) {
+				if(push_blocking_lock_request(inbuf, length, lock_timeout, i, lock_pid, offset, count)) {
 					END_PROFILE(SMBlockingX);
 					return -1;
 				}
-- 
cgit 


From d62f60f53ac18b3de9c7922105c6796361b91a11 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 27 Feb 2003 01:05:12 +0000
Subject: Fix possible memory leak on failure. (This used to be commit
 052ebc44cde8d31571ed1edb602794349825be11)

---
 source3/nsswitch/winbindd_ads.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 6c79e59bae..de3757aa44 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -580,6 +580,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	user_dn = ads_pull_string(ads, mem_ctx, msg, "distinguishedName");
 	if (!user_dn) {
 		DEBUG(1,("lookup_usergroups(sid=%s) ads_search did not return a a distinguishedName!\n", sid_to_string(sid_string, sid)));
+		if (msg) ads_msgfree(ads, msg);
 		goto done;
 	}
 
-- 
cgit 


From d21b15ff57aa39337e76a06da74a55e48f4b0696 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 27 Feb 2003 01:54:41 +0000
Subject: - Rename 'modules = ' to 'preload modules = ' - Add
 smb_probe_module() - Add init_modules() - Call these functions (This used to
 be commit f8f21653225792c0001d183c6efe8b7d89a0785d)

---
 source3/lib/module.c           | 35 +++++++++++++++++++++++++---
 source3/param/loadparm.c       |  6 ++---
 source3/passdb/pdb_interface.c | 53 +++++++++++++++++++++++++++---------------
 source3/smbd/server.c          |  3 +--
 source3/utils/pdbedit.c        |  3 +--
 source3/utils/testparm.c       |  6 +++++
 6 files changed, 77 insertions(+), 29 deletions(-)

diff --git a/source3/lib/module.c b/source3/lib/module.c
index dd94f79950..4e2fe48af7 100644
--- a/source3/lib/module.c
+++ b/source3/lib/module.c
@@ -75,18 +75,47 @@ int smb_load_modules(const char **modules)
 	return success;
 }
 
+int smb_probe_module(const char *subsystem, const char *module)
+{
+	pstring full_path;
+	
+	/* Check for absolute path */
+	if(module[0] == '/')return smb_load_module(module);
+	
+	pstrcpy(full_path, lib_path(subsystem));
+	pstrcat(full_path, "/");
+	pstrcat(full_path, module);
+	pstrcat(full_path, ".");
+	pstrcat(full_path, shlib_ext());
+	
+	return smb_load_module(full_path);
+}
+
 #else /* HAVE_DLOPEN */
 
 int smb_load_module(const char *module_name)
 {
-	DEBUG(0,("This samba executable has not been build with plugin support"));
+	DEBUG(0,("This samba executable has not been built with plugin support"));
 	return False;
 }
 
 int smb_load_modules(const char **modules)
 {
-	DEBUG(0,("This samba executable has not been build with plugin support"));
-	return -1;
+	DEBUG(0,("This samba executable has not been built with plugin support"));
+	return False;
+}
+
+int smb_probe_module(const char *subsystem, const char *module)
+{
+	DEBUG(0,("This samba executable has not been built with plugin support, not probing")); 
+	return False;
 }
 
 #endif /* HAVE_DLOPEN */
+
+void init_modules(void)
+{
+	if(lp_preload_modules()) 
+		smb_load_modules(lp_preload_modules());
+	/* FIXME: load static modules */
+}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b57b169adc..0eeb9be9de 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -120,7 +120,7 @@ typedef struct
 	char *szPrivateDir;
 	char **szPassdbBackend;
 	char **szSamBackend;
-	char **szModules;
+	char **szPreloadModules;
 	char *szPasswordServer;
 	char *szSocketOptions;
 	char *szRealm;
@@ -823,7 +823,7 @@ static struct parm_struct parm_table[] = {
 	{"allow hosts", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_HIDE},
 	{"hosts deny", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT | FLAG_DEVELOPER},
 	{"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_HIDE},
-	{"modules", P_LIST, P_GLOBAL, &Globals.szModules, NULL, NULL, FLAG_BASIC | FLAG_GLOBAL},
+	{"preload modules", P_LIST, P_GLOBAL, &Globals.szPreloadModules, NULL, NULL, FLAG_BASIC | FLAG_GLOBAL},
 
 	{"Logging Options", P_SEP, P_SEPARATOR},
 
@@ -1609,7 +1609,7 @@ static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion)
 FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases)
 FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend)
 FN_GLOBAL_LIST(lp_sam_backend, &Globals.szSamBackend)
-FN_GLOBAL_LIST(lp_modules, &Globals.szModules)
+FN_GLOBAL_LIST(lp_preload_modules, &Globals.szPreloadModules)
 FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
 FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
 FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index d465439dda..48a039b3de 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -86,6 +86,18 @@ BOOL smb_register_passdb(const char *name, pdb_init_function init, int version)
 	return True;
 }
 
+struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
+{
+	struct pdb_init_function_entry *entry = backends;
+
+	while(entry) {
+		if (strequal(entry->name, name)) return entry;
+		entry = entry->next;
+	}
+
+	return NULL;
+}
+
 static NTSTATUS context_setsampwent(struct pdb_context *context, BOOL update)
 {
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -423,8 +435,6 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c
 
 	lazy_initialize_passdb();
 
-	entry = backends;
-
 	p = strchr(module_name, ':');
 
 	if (p) {
@@ -435,27 +445,32 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c
 
 	trim_string(module_name, " ", " ");
 
+
 	DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", selected, module_name));
-	while(entry) {
-		if (strequal(entry->name, module_name))
-		{
-			DEBUG(5,("Found pdb backend %s\n", module_name));
-			nt_status = entry->init(context, methods, module_location);
-			if (NT_STATUS_IS_OK(nt_status)) {
-				DEBUG(5,("pdb backend %s has a valid init\n", selected));
-			} else {
-				DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
-			}
-			SAFE_FREE(module_name);
-			return nt_status;
-			break; /* unreached */
-		}
-		entry = entry->next;
-	}
 
+	entry = pdb_find_backend_entry(module_name);
+	
+	/* Try to find a module that contains this module */
+	if(!entry) { 
+		smb_probe_module("passdb", module_name);
+		entry = pdb_find_backend_entry(module_name);
+	}
+	
 	/* No such backend found */
+	if(!entry) { 
+		SAFE_FREE(module_name);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	
+	DEBUG(5,("Found pdb backend %s\n", module_name));
+	nt_status = entry->init(context, methods, module_location);
+	if (NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(5,("pdb backend %s has a valid init\n", selected));
+	} else {
+		DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
+	}
 	SAFE_FREE(module_name);
-	return NT_STATUS_INVALID_PARAMETER;
+	return nt_status;
 }
 
 /******************************************************************
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index ba03a9b9de..b7fb3b5701 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -412,8 +412,7 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_
 				}
 
 				/* Load DSO's */
-				if(lp_modules()) 
-					smb_load_modules(lp_modules());
+				init_modules();
 
 				return True; 
 			}
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index ee269114c9..cec3e70687 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -536,8 +536,7 @@ int main (int argc, char **argv)
 		exit(1);
 	}
 
-	if(lp_modules())
-		smb_load_modules(lp_modules());
+	init_modules();
 	
 	if (!init_names())
 		exit(1);
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 0fafd1b83d..b68deaaa5d 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -177,6 +177,12 @@ via the %%o substitution. With encrypted passwords this is not possible.\n", lp_
 		printf("'algorithmic rid base' must be even.\n");
 	}
 
+#ifndef HAVE_DLOPEN
+	if (lp_preload_modules()) {
+		printf("WARNING: 'preload modules = ' set while loading plugins not supported.\n");
+	}
+#endif
+
 	return ret;
 }   
 
-- 
cgit 


From 742dcedfa2d5ae6361e62cb057e87eb54eb46d26 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 27 Feb 2003 02:17:54 +0000
Subject: We now use <anchor/> instead of just <anchor> (strict XML syntax)
 (This used to be commit 7c00fff475e15a9e9d5c3d2c8394a2cdc1b90cac)

---
 source3/script/find_missing_doc.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/script/find_missing_doc.pl b/source3/script/find_missing_doc.pl
index b582446569..b27a405e4d 100755
--- a/source3/script/find_missing_doc.pl
+++ b/source3/script/find_missing_doc.pl
@@ -30,7 +30,7 @@ close(IN);
 open(IN,$topdir.$doc_file) || die("Can't open $topdir$doc_file");
 
 while(<IN>) {
-	if( /<term><anchor id="([^"]*)">([^<]*?)([ ]*)\(.\)([ ]*)<\/term>/g ) {
+	if( /<term><anchor id="([^"]*)"\/>([^<]*?)([ ]*)\(.\)([ ]*)<\/term>/g ) {
 		$key = $1;
 		$value = $2;
 		$doc{$value} = $key;
-- 
cgit 


From 42b4caa63232975e7886fa3ab9ce128afe1c9af2 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 27 Feb 2003 02:28:26 +0000
Subject: Remove documentation for obsolete parameters, but add a note in
 'upgrading-to-3.0' (This used to be commit
 e37b69f33410844b55bcca07e95d0a76aa48a7de)

---
 docs/docbook/manpages/smb.conf.5.sgml      | 147 +----------------------------
 docs/docbook/projdoc/upgrading-to-3.0.sgml |  17 ++++
 2 files changed, 18 insertions(+), 146 deletions(-)

diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index b483a97b31..78c7ecaef1 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -683,6 +683,7 @@ alias|alias|alias|alias...
 		<listitem><para><link linkend="LOGONSCRIPT"><parameter>logon script</parameter></link></para></listitem>
 		<listitem><para><link linkend="LPQCACHETIME"><parameter>lpq cache time</parameter></link></para></listitem>
 		<listitem><para><link linkend="MACHINEPASSWORDTIMEOUT"><parameter>machine password timeout</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLEPREFIX"><parameter>mangle prefix</parameter></link></para></listitem>
 		<listitem><para><link linkend="MANGLEDSTACK"><parameter>mangled stack</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAPTOGUEST"><parameter>map to guest</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAXDISKSIZE"><parameter>max disk size</parameter></link></para></listitem>
@@ -728,7 +729,6 @@ alias|alias|alias|alias...
 		<listitem><para><link linkend="PRELOAD"><parameter>preload</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTCAP"><parameter>printcap</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTCAPNAME"><parameter>printcap name</parameter></link></para></listitem>
-		<listitem><para><link linkend="PRINTERDRIVERFILE"><parameter>printer driver file</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRIVATEDIR"><parameter>private dir</parameter></link></para></listitem>
 		<listitem><para><link linkend="PROTOCOL"><parameter>protocol</parameter></link></para></listitem>
 		<listitem><para><link linkend="READBMPX"><parameter>read bmpx</parameter></link></para></listitem>
@@ -768,7 +768,6 @@ alias|alias|alias|alias...
 		<listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem>
 		<listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem>
 		<listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem>
-		<listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem>
 		<listitem><para><link linkend="USESENDFILE"><parameter>use sendfile</parameter></link></para></listitem>
 		<listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem>
 		<listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem>
@@ -880,7 +879,6 @@ alias|alias|alias|alias...
 		<listitem><para><link linkend="PATH"><parameter>path</parameter></link></para></listitem>
 		<listitem><para><link linkend="POSIXLOCKING"><parameter>posix locking</parameter></link></para></listitem>
 		<listitem><para><link linkend="POSTEXEC"><parameter>postexec</parameter></link></para></listitem>
-		<listitem><para><link linkend="POSTSCRIPT"><parameter>postscript</parameter></link></para></listitem>
 		<listitem><para><link linkend="PREEXEC"><parameter>preexec</parameter></link></para></listitem>
 		<listitem><para><link linkend="PREEXECCLOSE"><parameter>preexec close</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRESERVECASE"><parameter>preserve case</parameter></link></para></listitem>
@@ -889,8 +887,6 @@ alias|alias|alias|alias...
 		<listitem><para><link linkend="PRINTABLE"><parameter>printable</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTER"><parameter>printer</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para></listitem>
-		<listitem><para><link linkend="PRINTERDRIVER"><parameter>printer driver</parameter></link></para></listitem>
-		<listitem><para><link linkend="PRINTERDRIVERLOCATION"><parameter>printer driver location</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTERNAME"><parameter>printer name</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTING"><parameter>printing</parameter></link></para></listitem>
 		<listitem><para><link linkend="PUBLIC"><parameter>public</parameter></link></para></listitem>
@@ -5853,22 +5849,6 @@ df $1 | tail -1 | awk '{print $2" "$4}'
 
 
 
-		<varlistentry>
-		<term><anchor id="POSTSCRIPT"/>postscript (S)</term>
-		<listitem><para>This parameter forces a printer to interpret 
-		the print files as PostScript. This is done by adding a <constant>%!
-		</constant> to the start of print output.</para>
-
-		<para>This is most useful when you have lots of PCs that persist 
-		in putting a control-D at the start of print jobs, which then 
-		confuses your printer.</para>
-
-		<para>Default: <command>postscript = no</command></para>
-		</listitem>
-		</varlistentry>
-	
-	
-	
 		<varlistentry>
 		<term><anchor id="PREEXEC"/>preexec (S)</term>
 		<listitem><para>This option specifies a command to be run whenever 
@@ -6174,111 +6154,6 @@ print5|My Printer 5
 
 
 
-
-		
-		<varlistentry>
-		<term><anchor id="PRINTERDRIVER"/>printer driver (S)</term>
-		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
-		parameter and will be removed in the next major release
-		following version 2.2.  Please see the instructions in
-		the <ulink url="printing.html">Samba 2.2. Printing
-		HOWTO</ulink> for more information
-		on the new method of loading printer drivers onto a Samba server.
-		</para>
-		
-		<para>This option allows you to control the string 
-		that clients receive when they ask the server for the printer driver 
-		associated with a printer. If you are using Windows95 or Windows NT 
-		then you can use this to automate the setup of printers on your 
-		system.</para>
-
-		<para>You need to set this parameter to the exact string (case 
-		sensitive) that describes the appropriate printer driver for your 
-		system. If you don't know the exact string to use then you should 
-		first try with no <link linkend="PRINTERDRIVER"><parameter>
-		printer driver</parameter></link> option set and the client will 
-		give you a list of printer drivers. The appropriate strings are 
-		shown in a scroll box after you have chosen the printer manufacturer.</para>
-
-		<para>See also <link linkend="PRINTERDRIVERFILE"><parameter>printer
-		driver file</parameter></link>.</para>
-
-		<para>Example: <command>printer driver = HP LaserJet 4L</command></para>
-		</listitem>
-		</varlistentry>
-
-
-
-		<varlistentry>
-		<term><anchor id="PRINTERDRIVERFILE"/>printer driver file (G)</term>
-		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
-		parameter and will be removed in the next major release
-		following version 2.2.  Please see the instructions in
-		the <ulink url="printing.html">Samba 2.2. Printing
-		HOWTO</ulink> for more information
-		on the new method of loading printer drivers onto a Samba server.
-		</para>
-
-		<para>This parameter tells Samba where the printer driver 
-		definition file, used when serving drivers to Windows 95 clients, is 
-		to be found. If this is not set, the default is :</para>
-
-		<para><filename><replaceable>SAMBA_INSTALL_DIRECTORY</replaceable>
-		/lib/printers.def</filename></para>
-
-		<para>This file is created from Windows 95 <filename>msprint.inf
-		</filename> files found on the Windows 95 client system. For more 
-		details on setting up serving of printer drivers to Windows 95 
-		clients, see the outdated documentation file in the <filename>docs/</filename> 
-		directory, <filename>PRINTER_DRIVER.txt</filename>.</para>
-
-		<para>See also <link linkend="PRINTERDRIVERLOCATION"><parameter>
-		printer driver location</parameter></link>.</para>
-		
-		<para>Default: <emphasis>None (set in compile).</emphasis></para>
-
-		<para>Example: <command>printer driver file = 
-		/usr/local/samba/printers/drivers.def</command></para>
-		</listitem>
-		</varlistentry>
-
-
-
-
-		<varlistentry>
-		<term><anchor id="PRINTERDRIVERLOCATION"/>printer driver location (S)</term>
-		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
-		parameter and will be removed in the next major release
-		following version 2.2.  Please see the instructions in
-		the <ulink url="printing.html">Samba 2.2. Printing
-		HOWTO</ulink> for more information
-		on the new method of loading printer drivers onto a Samba server.
-		</para>
-
-		<para>This parameter tells clients of a particular printer 
-		share where to find the printer driver files for the automatic 
-		installation of drivers for Windows 95 machines. If Samba is set up 
-		to serve printer drivers to Windows 95 machines, this should be set to</para>
-
-		<para><command>\\MACHINE\PRINTER$</command></para>
-
-		<para>Where MACHINE is the NetBIOS name of your Samba server, 
-		and PRINTER$ is a share you set up for serving printer driver 
-		files. For more details on setting this up see the outdated documentation 
-		file in the <filename>docs/</filename> directory, <filename>
-		PRINTER_DRIVER.txt</filename>.</para>
-
-		<para>See also <link linkend="PRINTERDRIVERFILE"><parameter>
-		printer driver file</parameter></link>.</para>
-
-		<para>Default: <command>none</command></para>
-		<para>Example: <command>printer driver location = \\MACHINE\PRINTER$
-		</command></para>
-		</listitem>
-		</varlistentry>
-
-
-
 		<varlistentry>
 		<term><anchor id="PRINTERNAME"/>printer name (S)</term>
 		<listitem><para>This parameter specifies the name of the printer 
@@ -7729,26 +7604,6 @@ let "time++"
 
 
 
-		<varlistentry>
-		<term><anchor id="USERHOSTS"/>use rhosts (G)</term>
-		<listitem><para>If this global parameter is <constant>yes</constant>, it specifies 
-		that the UNIX user's <filename>.rhosts</filename> file in their home directory 
-		will be read to find the names of hosts and users who will be allowed 
-		access without specifying a password.</para>
-
-		<para><emphasis>NOTE:</emphasis> The use of <parameter>use rhosts
-		</parameter> can be a major security hole. This is because you are 
-		trusting the PC to supply the correct username. It is very easy to 
-		get a PC to supply a false username. I recommend that the <parameter>
-		use rhosts</parameter> option be only used if you really know what 
-		you are doing.</para>
-
-		<para>Default: <command>use rhosts = no</command></para>
-		</listitem>
-		</varlistentry>
-
-
-
 		<varlistentry>
 		<term><anchor id="USER"/>user (S)</term>
 		<listitem><para>Synonym for <link linkend="USERNAME"><parameter>
diff --git a/docs/docbook/projdoc/upgrading-to-3.0.sgml b/docs/docbook/projdoc/upgrading-to-3.0.sgml
index 5b6b8dd635..c90c8922d6 100644
--- a/docs/docbook/projdoc/upgrading-to-3.0.sgml
+++ b/docs/docbook/projdoc/upgrading-to-3.0.sgml
@@ -16,4 +16,21 @@ FIXME
 
 </sect1>
 
+<sect1>
+<title>Obsolete configuration options</title>
+
+<para>
+In 3.0, the following configuration options have been removed.
+</para>
+
+<simplelist>
+<member>printer driver</member>
+<member>printer driver file</member>
+<member>printer driver location</member>
+<member>use rhosts</member>
+<member>postscript</member>
+</simplelist>
+
+</sect1>
+
 </chapter>
-- 
cgit 


From 5c82d3f00a2973b7f0881606d94ed36f0d0aa6be Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Thu, 27 Feb 2003 05:53:25 +0000
Subject: Doxygen janitor (This used to be commit
 67bf36c69d19463c28066b276d74ac4784b26bed)

---
 source3/lib/iconv.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c
index 5292e9cf0a..f622704853 100644
--- a/source3/lib/iconv.c
+++ b/source3/lib/iconv.c
@@ -90,11 +90,12 @@ static size_t sys_iconv(void *cd,
 #endif
 }
 
-/*
-  this is a simple portable iconv() implementaion. It only knows about
-  a very small number of character sets - just enough that Samba works
-  on systems that don't have iconv
- */
+/**
+ * This is a simple portable iconv() implementaion.
+ *
+ * It only knows about a very small number of character sets - just
+ * enough that Samba works on systems that don't have iconv.
+ **/
 size_t smb_iconv(smb_iconv_t cd, 
 		 const char **inbuf, size_t *inbytesleft,
 		 char **outbuf, size_t *outbytesleft)
-- 
cgit 


From 97e7d2ffae74c9c07b38143c8fb028ee91b153bd Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 27 Feb 2003 21:21:02 +0000
Subject: additional fix for CR 601   * distinguish WinXP from Win2k   * add a
 1/3 of a second delay in OpenPrinter     in order to trigger a LAN/WAN
 optimization in     2k clients. (This used to be commit
 96570699d1b715f47c35aa211da6ec18f6fc4109)

---
 source3/include/smb.h               |  2 +-
 source3/lib/util.c                  |  3 +++
 source3/rpc_server/srv_spoolss_nt.c |  6 ++++++
 source3/smbd/sesssetup.c            | 17 ++++++++++++++++-
 4 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index a2b341d0fc..bd4f113039 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1408,7 +1408,7 @@ enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
 enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
 
 /* Remote architectures we know about. */
-enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
+enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_WINXP, RA_SAMBA};
 
 /* case handling */
 enum case_handling {CASE_LOWER,CASE_UPPER};
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 3958600cbd..15b75356a8 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1764,6 +1764,9 @@ void set_remote_arch(enum remote_arch_types type)
 	case RA_WIN2K:
 		fstrcpy(remote_arch, "Win2K");
 		return;
+	case RA_WINXP:
+		fstrcpy(remote_arch, "WinXP");
+		return;
 	case RA_SAMBA:
 		fstrcpy(remote_arch,"Samba");
 		return;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index fa9b8eaeff..4006d0c08e 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1675,6 +1675,12 @@ Can't find printer handle we created for printer %s\n", name ));
 			&Printer->nt_devmode );
 	 }
 
+	/* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN 
+	   optimization in Windows 2000 clients  --jerry */
+
+	if ( RA_WIN2K == get_remote_arch() )
+		usleep( 384000 );
+
 	return WERR_OK;
 }
 
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 7e5ec56a27..dfe246e398 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -557,7 +557,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 				set_remote_arch( RA_WIN95);
 			}
 		}
-		
+
 		if (!doencrypt) {
 			/* both Win95 and WinNT stuff up the password lengths for
 			   non-encrypting systems. Uggh. 
@@ -607,6 +607,21 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 		p += srvstr_pull_buf(inbuf, native_lanman, p, sizeof(native_lanman), STR_TERMINATE);
 		DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s]\n",
 			 domain,native_os,native_lanman));
+
+		/* 
+		 * we distinguish between 2K and XP by the "Native Lan Manager" string
+		 *   WinXP => "Windows 2002 5.1"
+		 *   Win2k => "Windows 2000 5.0"
+		 *   NT4   => "Windows NT 4.0" 
+		 *   Win9x => "Windows 4.0"
+		 */
+		 
+		if ( ra_type == RA_WIN2K ) {
+			if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
+				set_remote_arch( RA_WINXP );
+		}
+		
+
 	}
 	
 	DEBUG(3,("sesssetupX:name=[%s]\\[%s]@[%s]\n", domain, user, get_remote_machine_name()));
-- 
cgit 


From dc1cd583cb4224f0fdb8c4529b59a66eeddba2f9 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 27 Feb 2003 21:37:54 +0000
Subject: don't pass NULL pointers to strcmp() (This used to be commit
 6631984b12a3f74b93f7031c433dd81d6586a5df)

---
 source3/smbd/dir.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index e022d26ea3..2a5f7ffd71 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1063,8 +1063,8 @@ char *DirCacheCheck( const char *path, const char *name, int snum )
 			NULL != entry;
 			entry = (dir_cache_entry *)ubi_dlNext( entry ) ) {
 		if( entry->snum == snum
-				&& 0 == strcmp( name, entry->name )
-				&& 0 == strcmp( path, entry->path ) ) {
+				&& entry->name && 0 == strcmp( name, entry->name )
+				&& entry->path && 0 == strcmp( path, entry->path ) ) {
 			DEBUG(4, ("Got dir cache hit on %s %s -> %s\n",path,name,entry->dname));
 			return( entry->dname );
 		}
-- 
cgit 


From 3a7d807ec9974f0b4d7938a4b734c2c7f350cd08 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 27 Feb 2003 23:24:26 +0000
Subject: and the winner of "i should have just written it in assembly is..."

don't use pstrcpy() when you are not dealing with pstrings.
(This used to be commit 7d547f50f914747291acc71fd3544ad92ce91f0e)
---
 source3/smbd/dir.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 2a5f7ffd71..10241e88d9 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1028,9 +1028,9 @@ void DirCacheAdd( const char *path, char *name, char *dname, int snum )
 		return;             /* so just return as if nothing happened. */
 
 	/* Set pointers correctly and load values. */
-	entry->path  = pstrcpy( (char *)&entry[1], path);
-	entry->name  = pstrcpy( &(entry->path[pathlen]), name);
-	entry->dname = pstrcpy( &(entry->name[namelen]), dname);
+	entry->path  = memcpy( (char *)&entry[1], path, strlen(path) );
+	entry->name  = memcpy( &(entry->path[pathlen]), name, strlen(name) );
+	entry->dname = memcpy( &(entry->name[namelen]), dname, strlen(dname) );
 	entry->snum  = snum;
 
 	/* Add the new entry to the linked list. */
-- 
cgit 


From 17c417e6e66e05d6bcee98cb1c7ebfa7d98a5347 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 27 Feb 2003 23:52:37 +0000
Subject:  don't forget the NULL (This used to be commit
 f80610120483c929afbec83d2b8649cb3e5111b0)

---
 source3/smbd/dir.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 10241e88d9..95acf4a262 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1028,9 +1028,9 @@ void DirCacheAdd( const char *path, char *name, char *dname, int snum )
 		return;             /* so just return as if nothing happened. */
 
 	/* Set pointers correctly and load values. */
-	entry->path  = memcpy( (char *)&entry[1], path, strlen(path) );
-	entry->name  = memcpy( &(entry->path[pathlen]), name, strlen(name) );
-	entry->dname = memcpy( &(entry->name[namelen]), dname, strlen(dname) );
+	entry->path  = memcpy( (char *)&entry[1], path, strlen(path)+1 );
+	entry->name  = memcpy( &(entry->path[pathlen]), name, strlen(name)+1 );
+	entry->dname = memcpy( &(entry->name[namelen]), dname, strlen(dname)+1 );
 	entry->snum  = snum;
 
 	/* Add the new entry to the linked list. */
-- 
cgit 


From 9f0ae6fad2d0099a58fec389ddd430c0448ec02e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 28 Feb 2003 00:26:20 +0000
Subject: *Excellent* patch from Michael Steffens <michael_steffens@hp.com> to
 limit the unix domain sockets used by winbindd (also solves FD_SETSIZE
 problem in winbindd to boot !). Adds a "last_access" field to winbindd
 connections, and will close the oldest idle connection once the number of
 open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in
 local.h as 200 currently). Jeremy. (This used to be commit
 a82caefda49396641e8650db8a7ef51752ba6c41)

---
 source3/include/local.h     |  2 ++
 source3/nsswitch/winbindd.c | 53 ++++++++++++++++++++++++++++++++++++++++-----
 source3/nsswitch/winbindd.h | 21 +++++++++---------
 3 files changed, 61 insertions(+), 15 deletions(-)

diff --git a/source3/include/local.h b/source3/include/local.h
index e16cdbbc5d..29b0641119 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -221,4 +221,6 @@
 /* Number in seconds for winbindd to wait for the mutex. Make this 2 * smbd wait time. */
 #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
 
+/* Max number of simultaneous winbindd socket connections. */
+#define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200
 #endif
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 09b89462ec..ad37768c09 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -339,7 +339,9 @@ static void new_connection(int listen_sock)
 	
 	ZERO_STRUCTP(state);
 	state->sock = sock;
-	
+
+	state->last_access = time(NULL);	
+
 	/* Add to connection list */
 	
 	winbindd_add_client(state);
@@ -375,6 +377,35 @@ static void remove_client(struct winbindd_cli_state *state)
 }
 
 
+/* Shutdown client connection which has been idle for the longest time */
+
+static BOOL remove_idle_client(void)
+{
+	struct winbindd_cli_state *state, *remove_state = NULL;
+	time_t last_access = 0;
+	int nidle = 0;
+
+	for (state = winbindd_client_list(); state; state = state->next) {
+		if (state->read_buf_len == 0 && state->write_buf_len == 0 &&
+				!state->getpwent_state && !state->getgrent_state) {
+			nidle++;
+			if (!last_access || state->last_access < last_access) {
+				last_access = state->last_access;
+				remove_state = state;
+			}
+		}
+	}
+
+	if (remove_state) {
+		DEBUG(5,("Found %d idle client connections, shutting down sock %d, pid %u\n",
+			nidle, remove_state->sock, (unsigned int)remove_state->pid));
+		remove_client(remove_state);
+		return True;
+	}
+
+	return False;
+}
+
 /* Process a complete received packet from a client */
 
 void winbind_process_packet(struct winbindd_cli_state *state)
@@ -427,6 +458,7 @@ void winbind_client_read(struct winbindd_cli_state *state)
 	/* Update client state */
 	
 	state->read_buf_len += n;
+	state->last_access = time(NULL);
 }
 
 /* Write some data to a client connection */
@@ -477,7 +509,8 @@ static void client_write(struct winbindd_cli_state *state)
 	/* Update client state */
 	
 	state->write_buf_len -= num_written;
-	
+	state->last_access = time(NULL);
+
 	/* Have we written all data? */
 	
 	if (state->write_buf_len == 0) {
@@ -508,7 +541,7 @@ static void client_write(struct winbindd_cli_state *state)
 	}
 }
 
-/* Process incoming clients on accept_sock.  We use a tricky non-blocking,
+/* Process incoming clients on listen_sock.  We use a tricky non-blocking,
    non-forking, non-threaded model which allows us to handle many
    simultaneous connections while remaining impervious to many denial of
    service attacks. */
@@ -608,7 +641,7 @@ static void process_loop(void)
 			exit(1);
 		}
 
-		/* Create a new connection if accept_sock readable */
+		/* Create a new connection if listen_sock readable */
 
 		if (selret > 0) {
 
@@ -616,8 +649,18 @@ static void process_loop(void)
 				dual_select(&w_fds);
 			}
 
-			if (FD_ISSET(listen_sock, &r_fds))
+			if (FD_ISSET(listen_sock, &r_fds)) {
+				while (winbindd_num_clients() > WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) {
+					DEBUG(5,("winbindd: Exceeding %d client connections, removing idle connection.\n",
+						WINBINDD_MAX_SIMULTANEOUS_CLIENTS));
+					if (!remove_idle_client()) {
+						DEBUG(0,("winbindd: Exceeding %d client connections, no idle connection found\n",
+							WINBINDD_MAX_SIMULTANEOUS_CLIENTS));
+						break;
+					}
+				}
 				new_connection(listen_sock);
+			}
             
 			/* Process activity on client connections */
             
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
index 8bd8a83748..42ef209faf 100644
--- a/source3/nsswitch/winbindd.h
+++ b/source3/nsswitch/winbindd.h
@@ -36,16 +36,17 @@
 /* Client state structure */
 
 struct winbindd_cli_state {
-    struct winbindd_cli_state *prev, *next;   /* Linked list pointers */
-    int sock;                                 /* Open socket from client */
-    pid_t pid;                                /* pid of client */
-    int read_buf_len, write_buf_len;          /* Indexes in request/response */
-    BOOL finished;                            /* Can delete from list */
-    BOOL write_extra_data;                    /* Write extra_data field */
-    struct winbindd_request request;          /* Request from client */
-    struct winbindd_response response;        /* Respose to client */
-    struct getent_state *getpwent_state;      /* State for getpwent() */
-    struct getent_state *getgrent_state;      /* State for getgrent() */
+	struct winbindd_cli_state *prev, *next;   /* Linked list pointers */
+	int sock;                                 /* Open socket from client */
+	pid_t pid;                                /* pid of client */
+	int read_buf_len, write_buf_len;          /* Indexes in request/response */
+	BOOL finished;                            /* Can delete from list */
+	BOOL write_extra_data;                    /* Write extra_data field */
+	time_t last_access;                       /* Time of last access (read or write) */
+	struct winbindd_request request;          /* Request from client */
+	struct winbindd_response response;        /* Respose to client */
+	struct getent_state *getpwent_state;      /* State for getpwent() */
+	struct getent_state *getgrent_state;      /* State for getgrent() */
 };
 
 /* State between get{pw,gr}ent() calls */
-- 
cgit 


From a001b706bd85f40b2b9096af1ab92b135440f184 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Fri, 28 Feb 2003 03:21:22 +0000
Subject: Improve net ads lookup: - More info is printed - (grand)child domains
 handled properly

Thanks to Anthony Liguori (aliguori@us.ibm.com)
(This used to be commit 3dbcb4d93f7c192eb2ccea5941a3843b5de1190e)
---
 source3/utils/net_ads_cldap.c | 203 +++++++++++++++++++++++++++++-------------
 1 file changed, 142 insertions(+), 61 deletions(-)

diff --git a/source3/utils/net_ads_cldap.c b/source3/utils/net_ads_cldap.c
index f81c763093..d369fbdf50 100644
--- a/source3/utils/net_ads_cldap.c
+++ b/source3/utils/net_ads_cldap.c
@@ -2,6 +2,7 @@
    Samba Unix/Linux SMB client library 
    net ads cldap functions 
    Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+   Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -23,60 +24,69 @@
 
 #ifdef HAVE_ADS
 
+struct netlogon_string {
+	uint32 comp_len;
+	char **component;
+	uint8 extra_flag;
+};
+
 struct cldap_netlogon_reply {
-	uint32 version;
+	uint32 type;
 	uint32 flags;
 	GUID guid;
-	char *domain;
-	char *server_name;
-	char *domain_flatname;
-	char *server_flatname;
-	char *dns_name;
-	uint32 unknown2[2];
-};
 
+	struct netlogon_string forest;
+	struct netlogon_string domain;
+	struct netlogon_string hostname;
 
-/*
-  pull a length prefixed string from a packet
-  return number of bytes consumed
-*/
-static unsigned pull_len_string(char **ret, const char *p)
-{
-	unsigned len = *p;
-	(*ret) = NULL;
-	if (len == 0) return 1;
-	(*ret) = smb_xstrndup(p+1, len);
-	return len+1;
-}
+	struct netlogon_string netbios_domain;
+	struct netlogon_string netbios_hostname;
+
+	struct netlogon_string user_name;
+	struct netlogon_string site_name;
+
+	struct netlogon_string unk0;
+
+	uint32 version;
+	uint16 lmnt_token;
+	uint16 lm20_token;
+};
 
 /*
-  pull a dotted string from a packet
-  return number of bytes consumed
+  These strings are rather interesting... They are composed of a series of
+  length encoded strings, terminated by either 1) a zero length string or 2)
+  a 0xc0 byte with what appears to be a one byte flags immediately following.
 */
-static unsigned pull_dotted_string(char **ret, const char *p)
+static unsigned pull_netlogon_string(struct netlogon_string *ret,const char *d)
 {
-	char *s;
-	unsigned len, total_len=0;
+	char *s, *p = (char *)d;
+
+	ZERO_STRUCTP(ret);
 
-	(*ret) = NULL;
+	do {
+		unsigned len = (unsigned char)*p;
+		p++;
 
-	while ((len = pull_len_string(&s, p)) > 1) {
-		if (total_len) {
-			char *s2;
-			asprintf(&s2, "%s.%s", *ret, s);
-			SAFE_FREE(*ret);
-			(*ret) = s2;
+		if (len > 0 && len != 0xc0) {
+			ret->component = realloc(ret->component,
+						 ++ret->comp_len *
+						 sizeof(char *));
+
+			ret->component[ret->comp_len - 1] = 
+				smb_xstrndup(p, len);
+			p += len;
 		} else {
-			(*ret) = s;
+			if (len == 0xc0) {
+				ret->extra_flag = *p;
+				p++;
+			};
+			break;
 		}
-		total_len += len;
-		p += len;
-	}
+	} while (1);
 
-	return total_len + 1;
+	return (p - d);
 }
 
-
 /*
   do a cldap netlogon query
 */
@@ -190,19 +200,25 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
 
 	p = os3.data;
 
-	reply->version = IVAL(p, 0); p += 4;
+	reply->type = IVAL(p, 0); p += 4;
 	reply->flags = IVAL(p, 0); p += 4;
+
 	memcpy(&reply->guid.info, p, GUID_SIZE);
 	p += GUID_SIZE;
-	p += pull_dotted_string(&reply->domain, p);
-	p += 2; /* 0xc018 - whats this? */
-	p += pull_len_string(&reply->server_name, p);
-	p += 2; /* 0xc018 - whats this? */
-	p += pull_len_string(&reply->domain_flatname, p);
-	p += 1;
-	p += pull_len_string(&reply->server_flatname, p);
-	p += 2;
-	p += pull_len_string(&reply->dns_name, p);
+
+	p += pull_netlogon_string(&reply->forest, p);
+	p += pull_netlogon_string(&reply->domain, p);
+	p += pull_netlogon_string(&reply->hostname, p);
+	p += pull_netlogon_string(&reply->netbios_domain, p);
+	p += pull_netlogon_string(&reply->netbios_hostname, p);
+	p += pull_netlogon_string(&reply->user_name, p);
+	p += pull_netlogon_string(&reply->site_name, p);
+
+	p += pull_netlogon_string(&reply->unk0, p);
+
+	reply->version = IVAL(p, 0);
+	reply->lmnt_token = SVAL(p, 4);
+	reply->lm20_token = SVAL(p, 6);
 
 	data_blob_free(&os1);
 	data_blob_free(&os2);
@@ -212,17 +228,50 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
 	return 0;
 }
 
+/*
+  free a netlogon string
+*/
+static void netlogon_string_free(struct netlogon_string *str)
+{
+	int i;
+
+	for (i = 0; i < str->comp_len; ++i) {
+		SAFE_FREE(str->component[i]);
+	}
+	SAFE_FREE(str->component);
+}
 
 /*
   free a cldap reply packet
 */
 static void cldap_reply_free(struct cldap_netlogon_reply *reply)
 {
-	SAFE_FREE(reply->domain);
-	SAFE_FREE(reply->server_name);
-	SAFE_FREE(reply->domain_flatname);
-	SAFE_FREE(reply->server_flatname);
-	SAFE_FREE(reply->dns_name);
+	netlogon_string_free(&reply->forest);
+	netlogon_string_free(&reply->domain);
+	netlogon_string_free(&reply->hostname);
+	netlogon_string_free(&reply->netbios_domain);
+	netlogon_string_free(&reply->netbios_hostname);
+	netlogon_string_free(&reply->user_name);
+	netlogon_string_free(&reply->site_name);
+	netlogon_string_free(&reply->unk0);
+}
+
+static void d_print_netlogon_string(const char *label, 
+				    struct netlogon_string *str)
+{
+	int i;
+
+	if (str->comp_len) {
+		d_printf("%s", label);
+		if (str->extra_flag) {
+			d_printf("[%d]", str->extra_flag);
+		}
+		d_printf(": ");
+		for (i = 0; i < str->comp_len; ++i) {
+			d_printf("%s%s", (i ? "." : ""), str->component[i]);
+		}
+		d_printf("\n");
+	}
 }
 
 /*
@@ -246,7 +295,6 @@ int ads_cldap_netlogon(ADS_STRUCT *ads)
 	if (ret != 0) {
 		return ret;
 	}
-
 	ret = recv_cldap_netlogon(sock, &reply);
 	close(sock);
 
@@ -254,15 +302,48 @@ int ads_cldap_netlogon(ADS_STRUCT *ads)
 		return -1;
 	}
 
-	d_printf("Version: 0x%x\n", reply.version);
+	d_printf("Information for Domain Controller: %s\n\n", 
+		 ads->config.ldap_server_name);
+
+	d_printf("Response Type: 0x%x\n", reply.type);
 	d_printf("GUID: "); 
 	print_guid(&reply.guid);
-	d_printf("Flags:   0x%x\n", reply.flags);
-	d_printf("Domain: %s\n", reply.domain);
-	d_printf("Server Name: %s\n", reply.server_name);
-	d_printf("Flatname: %s\n", reply.domain_flatname);
-	d_printf("Server Name2: %s\n", reply.server_flatname);
-	d_printf("DNS Name: %s\n", reply.dns_name);
+	d_printf("Flags:\n"
+		 "\tIs a PDC:                                   %s\n"
+		 "\tIs a GC of the forest:                      %s\n"
+		 "\tIs an LDAP server:                          %s\n"
+		 "\tSupports DS:                                %s\n"
+		 "\tIs running a KDC:                           %s\n"
+		 "\tIs running time services:                   %s\n"
+		 "\tIs the closest DC:                          %s\n"
+		 "\tIs writable:                                %s\n"
+		 "\tHas a hardware clock:                       %s\n"
+		 "\tIs a non-domain NC serviced by LDAP server: %s\n",
+		 (reply.flags & ADS_PDC) ? "yes" : "no",
+		 (reply.flags & ADS_GC) ? "yes" : "no",
+		 (reply.flags & ADS_LDAP) ? "yes" : "no",
+		 (reply.flags & ADS_DS) ? "yes" : "no",
+		 (reply.flags & ADS_KDC) ? "yes" : "no",
+		 (reply.flags & ADS_TIMESERV) ? "yes" : "no",
+		 (reply.flags & ADS_CLOSEST) ? "yes" : "no",
+		 (reply.flags & ADS_WRITABLE) ? "yes" : "no",
+		 (reply.flags & ADS_GOOD_TIMESERV) ? "yes" : "no",
+		 (reply.flags & ADS_NDNC) ? "yes" : "no");
+
+	d_print_netlogon_string("Forest", &reply.forest);
+	d_print_netlogon_string("Domain", &reply.domain);
+	d_print_netlogon_string("Hostname", &reply.hostname);
+
+	d_print_netlogon_string("Pre-Win2k Domain", &reply.netbios_domain);
+	d_print_netlogon_string("Pre-Win2k Hostname", &reply.netbios_hostname);
+
+	d_print_netlogon_string("User name", &reply.user_name);
+	d_print_netlogon_string("Site Name", &reply.site_name);
+	d_print_netlogon_string("Unknown Field", &reply.unk0);
+
+	d_printf("NT Version: %d\n", reply.version);
+	d_printf("LMNT Token: %0.2x\n", reply.lmnt_token);
+	d_printf("LM20 Token: %0.2x\n", reply.lm20_token);
 
 	cldap_reply_free(&reply);
 	
-- 
cgit 


From db47e9450aff5ff5b6853f163d4aab117d1c77aa Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Fri, 28 Feb 2003 03:29:03 +0000
Subject: cleanup some compiler warnings (This used to be commit
 87cebe797f06fab4a5d0077fd78b2183ff7333a5)

---
 source3/utils/net_ads_cldap.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/utils/net_ads_cldap.c b/source3/utils/net_ads_cldap.c
index d369fbdf50..ad66af0439 100644
--- a/source3/utils/net_ads_cldap.c
+++ b/source3/utils/net_ads_cldap.c
@@ -59,7 +59,7 @@ struct cldap_netlogon_reply {
 */
 static unsigned pull_netlogon_string(struct netlogon_string *ret,const char *d)
 {
-	char *s, *p = (char *)d;
+	char *p = (char *)d;
 
 	ZERO_STRUCTP(ret);
 
@@ -342,8 +342,8 @@ int ads_cldap_netlogon(ADS_STRUCT *ads)
 	d_print_netlogon_string("Unknown Field", &reply.unk0);
 
 	d_printf("NT Version: %d\n", reply.version);
-	d_printf("LMNT Token: %0.2x\n", reply.lmnt_token);
-	d_printf("LM20 Token: %0.2x\n", reply.lm20_token);
+	d_printf("LMNT Token: %.2x\n", reply.lmnt_token);
+	d_printf("LM20 Token: %.2x\n", reply.lm20_token);
 
 	cldap_reply_free(&reply);
 	
-- 
cgit 


From 37e39f5be4ae0156565b009ae210f2c95e906142 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 03:34:18 +0000
Subject: Add simple test harness that exposes StrCaseCmp for testing. (This
 used to be commit ab77beca041595bc3bd70de3a6e1b49159a4964b)

---
 source3/torture/t_strcmp.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 source3/torture/t_strcmp.c

diff --git a/source3/torture/t_strcmp.c b/source3/torture/t_strcmp.c
new file mode 100644
index 0000000000..622769001b
--- /dev/null
+++ b/source3/torture/t_strcmp.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2003 by Martin Pool
+ *
+ * Test harness for StrCaseCmp
+ */
+
+#include "includes.h"
+
+int main(int argc, char *argv[])
+{
+	if (argc != 3) {
+		fprintf(stderr, "usage: %s STRING1 STRING2\nCompares two strings\n",
+			argv[0]);
+		return 2;
+	}
+	
+	printf("%d\n", StrCaseCmp(argv[1], argv[2]));
+	
+	return 0;
+}
-- 
cgit 


From 921e569ed50408d42ddab5d524cf39a86429d488 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 03:51:25 +0000
Subject: Add a comment about the meaning of samba's internal character set and
 how this interacts with it. (This used to be commit
 eb876ee9cf24eda04e0856899b232d060c669c0c)

---
 source3/lib/iconv.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c
index f622704853..6786003de5 100644
--- a/source3/lib/iconv.c
+++ b/source3/lib/iconv.c
@@ -21,6 +21,30 @@
 
 #include "includes.h"
 
+
+/**
+ * @file
+ *
+ * @brief Samba wrapper/stub for iconv character set conversion.
+ *
+ * iconv is the XPG2 interface for converting between character
+ * encodings.  This file provides a Samba wrapper around it, and also
+ * a simple reimplementation that is used if the system does not
+ * implement iconv.
+ *
+ * Samba only works with encodings that are supersets of ASCII: ascii
+ * characters like whitespace can be tested for directly, multibyte
+ * sequences start with a byte with the high bit set, and strings are
+ * terminated by \0.
+ *
+ * Note that the only function provided by iconv is conversion between
+ * characters.  It doesn't directly support operations like
+ * uppercasing or comparison.  We have to convert to UCS-2 and compare
+ * there.
+ *
+ * @sa Samba Developers Guide
+ **/
+
 static size_t ascii_pull(void *,char **, size_t *, char **, size_t *);
 static size_t ascii_push(void *,char **, size_t *, char **, size_t *);
 static size_t  utf8_pull(void *,char **, size_t *, char **, size_t *);
-- 
cgit 


From 290098e39e04d66897e09c792a85b9a79cd86d49 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 03:59:47 +0000
Subject: Remove reference to "mainpage.dox" and CodingStandards, which have
 been removed.

Put subdirectory names in file list, so we get lib/util_chr.c, not
just util_chr.c.
(This used to be commit aa2efaab1ffc77bec051cd206000951c72adeccc)
---
 source3/Doxyfile     | 7 +++----
 source3/mainpage.dox | 7 -------
 2 files changed, 3 insertions(+), 11 deletions(-)
 delete mode 100644 source3/mainpage.dox

diff --git a/source3/Doxyfile b/source3/Doxyfile
index 914ba25672..c1040781d8 100644
--- a/source3/Doxyfile
+++ b/source3/Doxyfile
@@ -23,8 +23,8 @@ HIDE_UNDOC_CLASSES     = NO
 BRIEF_MEMBER_DESC      = YES
 REPEAT_BRIEF           = YES
 ALWAYS_DETAILED_SEC    = NO
-FULL_PATH_NAMES        = NO
-STRIP_FROM_PATH        = *source
+FULL_PATH_NAMES        = YES
+STRIP_FROM_PATH        = $(PWD)/
 INTERNAL_DOCS          = YES
 CLASS_DIAGRAMS         = YES
 SOURCE_BROWSER         = YES
@@ -61,8 +61,7 @@ WARN_LOGFILE           =
 #---------------------------------------------------------------------------
 # configuration options related to the input files
 #---------------------------------------------------------------------------
-INPUT                  = . \
-                         mainpage.dox
+INPUT                  = . 
 FILE_PATTERNS          = *.c \
                          *.h \
                          *.idl
diff --git a/source3/mainpage.dox b/source3/mainpage.dox
deleted file mode 100644
index 8b72f80462..0000000000
--- a/source3/mainpage.dox
+++ /dev/null
@@ -1,7 +0,0 @@
-/**
-
-@mainpage
-
-@li \ref CodingSuggestions
-
-**/
-- 
cgit 


From 7ca743713b71fe31e3e81f56c91b70206df7a143 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 04:06:56 +0000
Subject: Fix comment typo (This used to be commit
 d2fd52c1b50f2d1abad84668911b04c72fdc4b8d)

---
 source3/web/swat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/web/swat.c b/source3/web/swat.c
index 21ae104cef..4211b2f15a 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -21,7 +21,7 @@
 */
 
 /**
- * @group swat SWAT
+ * @defgroup swat SWAT
  * @{ 
  * @file swat.c
  *
-- 
cgit 


From 22d482dade44b51bc150aa9f34fc89e995ccc934 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 04:09:58 +0000
Subject: Doxygen janitor: check_domain_match parameter is spelled
 "auth_context". (This used to be commit
 571c3ce19344276aac1af56d2f69fcc5523f36eb)

---
 source3/auth/auth.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 2abdec3a39..8b33010e91 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -162,8 +162,8 @@ static BOOL check_domain_match(const char *user, const char *domain)
  * @param user_info Contains the user supplied components, including the passwords.
  *                  Must be created with make_user_info() or one of its wrappers.
  *
- * @param auth_info Supplies the challenges and some other data. 
- *                  Must be created with make_auth_info(), and the challenges should be 
+ * @param auth_context Supplies the challenges and some other data. 
+ *                  Must be created with make_auth_context(), and the challenges should be 
  *                  filled in, either at creation or by calling the challenge geneation 
  *                  function auth_get_challenge().  
  *
-- 
cgit 


From 4125dfca83930b42d28ef08f920e41c6b2f62134 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 04:11:28 +0000
Subject: Doxygen janitor: rpc_resolve_dc parameter is spelled "trust_passwd"
 (This used to be commit 9dbc3dcfe0bccf1f76930ae86970b48ba5ed1e91)

---
 source3/auth/auth_domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index b3f50072bc..0d90a184a4 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -115,7 +115,7 @@ static NTSTATUS rpc_resolve_dc(const char *server,
  * @param cli the cli to return containing the active connection
  * @param server either a machine name or text IP address to
  *               connect to.
- * @param trust_password the trust password to establish the
+ * @param trust_passwd the trust password to establish the
  *                       credentials with.
  *
  **/
-- 
cgit 


From f5f59e866e5b761a6b0c95d29bb2d1ec0136652f Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 04:17:30 +0000
Subject: Doxygen janitor: fix parameter names, grammar, tag names. (This used
 to be commit 42d9ec28cd55dbcfda546c84fb842938aeda544d)

---
 source3/lib/gencache.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index 7260e477b8..5c8ad1339b 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -94,12 +94,12 @@ BOOL gencache_shutdown(void)
  * Set an entry in the cache file. If there's no such
  * one, then add it.
  *
- * @param key string that represents a key of this entry
+ * @param keystr string that represents a key of this entry
  * @param value text representation value being cached
  * @param timeout time when the value is expired
  *
- * @return true when entry is successfuly stored or
- *         false on the attempt's failure
+ * @retval true when entry is successfuly stored
+ * @retval false on failure
  **/
  
 BOOL gencache_set(const char *keystr, const char *value, time_t timeout)
@@ -134,12 +134,12 @@ BOOL gencache_set(const char *keystr, const char *value, time_t timeout)
 /**
  * Set existing entry to the cache file.
  *
- * @param key string that represents a key of this entry
- * @param value text representation value being cached
+ * @param keystr string that represents a key of this entry
+ * @param valstr text representation value being cached
  * @param timeout time when the value is expired
  *
- * @return true when entry is successfuly set or
- *         false on the attempt's failure
+ * @retval true when entry is successfuly set
+ * @retval false on failure
  **/
 
 BOOL gencache_set_only(const char *keystr, const char *valstr, time_t timeout)
@@ -189,10 +189,10 @@ BOOL gencache_set_only(const char *keystr, const char *valstr, time_t timeout)
 /**
  * Delete one entry from the cache file.
  *
- * @param key string that represents a key of this entry
+ * @param keystr string that represents a key of this entry
  *
- * @return true upon successful deletion or
- *         false in case of failure
+ * @retval true upon successful deletion
+ * @retval false in case of failure
  **/
 
 BOOL gencache_del(const char *keystr)
@@ -218,14 +218,14 @@ BOOL gencache_del(const char *keystr)
 /**
  * Get existing entry from the cache file.
  *
- * @param key string that represents a key of this entry
- * @param value buffer that is allocated and filled with the entry value
+ * @param keystr string that represents a key of this entry
+ * @param valstr buffer that is allocated and filled with the entry value
  *        buffer's disposing must be done outside
  * @param timeout pointer to a time_t that is filled with entry's
  *        timeout
  *
- * @return true when entry is successfuly fetched or
- *         false on the failure
+ * @retval true when entry is successfuly fetched
+ * @retval False for failure
  **/
 
 BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout)
-- 
cgit 


From 481b4e6d6ceeab644b5c4d1ee11bc221d8035202 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 04:21:55 +0000
Subject: Doxygen janitor (This used to be commit
 9af07173152c5e861d13b33a8d4aee8167a50b66)

---
 source3/lib/iconv.c    |  2 +-
 source3/lib/messages.c | 14 +++++++-------
 source3/web/swat.c     |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c
index 6786003de5..8b360a14c6 100644
--- a/source3/lib/iconv.c
+++ b/source3/lib/iconv.c
@@ -35,7 +35,7 @@
  * Samba only works with encodings that are supersets of ASCII: ascii
  * characters like whitespace can be tested for directly, multibyte
  * sequences start with a byte with the high bit set, and strings are
- * terminated by \0.
+ * terminated by a nul byte.
  *
  * Note that the only function provided by iconv is conversion between
  * characters.  It doesn't directly support operations like
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 3603758e9f..5ff0e45c61 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -21,11 +21,11 @@
 */
 
 /**
-   @defgroups messages Internal messaging framework
-   @{
-   @file messages.c
-
-   This module is used for internal messaging between Samba daemons. 
+  @defgroup messages Internal messaging framework
+  @{
+  @file messages.c
+  
+  @brief  Module for internal messaging between Samba daemons. 
 
    The idea is that if a part of Samba wants to do communication with
    another Samba process then it will do a message_register() of a
@@ -36,7 +36,7 @@
    use that to reply by message_send_pid().  See ping_message() for a
    simple example.
 
-   *NOTE*: Dispatch functions must be able to cope with incoming
+   @caution Dispatch functions must be able to cope with incoming
    messages on an *odd* byte boundary.
 
    This system doesn't have any inherent size limitations but is not
@@ -524,7 +524,7 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void
  * @param n_sent Set to the number of messages sent.  This should be
  * equal to the number of processes, but be careful for races.
  *
- * @return True for success.
+ * @retval True for success.
  **/
 BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
 		      const void *buf, size_t len,
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 4211b2f15a..d6693b4e75 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -21,7 +21,7 @@
 */
 
 /**
- * @defgroup swat SWAT
+ * @defgroup swat SWAT - Samba Web Administration Tool
  * @{ 
  * @file swat.c
  *
-- 
cgit 


From e7ff3803a385925b52f09526d2bbc8ca479d2ae4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 28 Feb 2003 04:36:08 +0000
Subject: - added help on -P option - added general options to 'net -h' help
 (This used to be commit ee8a7fdab7f5aa6f4a64f2eea90f0d44ae0f388a)

---
 source3/utils/net_help.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 782a530035..4000a248ff 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -47,6 +47,7 @@ int net_common_flags_usage(int argc, const char **argv)
 	d_printf("\t-U or --user=<name>\t\tuser name\n");
 	d_printf("\t-s or --conf=<path>\t\tpathname of smb.conf file\n");
 	d_printf("\t-l or --long\t\t\tDisplay full information\n");
+	d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n");
 	return -1;
 }
 
@@ -160,6 +161,7 @@ static int net_usage(int argc, const char **argv)
 		 "  net rpc <command>\tto run RPC commands\n"\
 		 "\n"\
 		 "Type \"net help <option>\" to get more information on that option\n");
+	net_common_flags_usage(argc, argv);
 	return -1;
 }
 
-- 
cgit 


From e443560789b5fc1d47e4008680e0484e002ad15d Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 28 Feb 2003 05:34:19 +0000
Subject: Doxygen janitor: add note that strequal is in fact case-insensitive.
 (This used to be commit a4b9c5c2576c80a5f60d47d178b9b8c50d348893)

---
 source3/lib/util_str.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index cc4b6fe5c5..070c59c1b2 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -164,9 +164,10 @@ int StrnCaseCmp(const char *s, const char *t, size_t n)
 }
 
 /**
- Compare 2 strings.
-**/
-
+ * Compare 2 strings.
+ *
+ * @note The comparison is case-insensitive.
+ **/
 BOOL strequal(const char *s1, const char *s2)
 {
 	if (s1 == s2)
@@ -178,9 +179,10 @@ BOOL strequal(const char *s1, const char *s2)
 }
 
 /**
- Compare 2 strings up to and including the nth char.
-**/
-
+ * Compare 2 strings up to and including the nth char.
+ *
+ * @note The comparison is case-insensitive.
+ **/
 BOOL strnequal(const char *s1,const char *s2,size_t n)
 {
   if (s1 == s2)
-- 
cgit 


From 7972855b810aabcd4115806652494bb21654323e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 28 Feb 2003 06:03:35 +0000
Subject: fixed a crash bug in the new winbindd 'sids rule!' code (This used to
 be commit 7dfd59963dba921907893b9d1bffe797e9d8b4ad)

---
 source3/nsswitch/winbindd_rpc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 03b0a1e706..9989f27109 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -106,7 +106,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 			   This should really be made into a 'winbind
 			   force group' smb.conf parameter or
 			   something like that. */
-			(*info)[i].user_sid 
+			(*info)[i].group_sid 
 				= rid_to_talloced_sid(domain, 
 						      mem_ctx, 
 						      DOMAIN_GROUP_RID_USERS);
-- 
cgit 


From 3467ed21dd3ec0ae537564eb0219ad86517c5638 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Fri, 28 Feb 2003 08:47:22 +0000
Subject: Fix HTTP error codes (patch by Vance Lankhaar) (This used to be
 commit 3780d127313ad9f4411751d34fd6e1d96b1422cf)

---
 source3/web/cgi.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 8abc2f0bd5..212c2884b6 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -455,11 +455,11 @@ void cgi_setup(const char *rootdir, int auth_required)
 	char *lang;
 
 	if (chdir(rootdir)) {
-		cgi_setup_error("400 Server Error", "",
+		cgi_setup_error("500 Server Error", "",
 				"chdir failed - the server is not configured correctly");
 	}
 
-	/* Handle the possability we might be running as non-root */
+	/* Handle the possibility we might be running as non-root */
 	sec_init();
 
 	if ((lang=getenv("HTTP_ACCEPT_LANGUAGE"))) {
@@ -478,7 +478,7 @@ void cgi_setup(const char *rootdir, int auth_required)
 	inetd_server = True;
 
 	if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
-		cgi_setup_error("400 Server Error", "",
+		cgi_setup_error("403 Forbidden", "",
 				"Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
 	}
 
-- 
cgit 


From 728da472c2c25afcfc0115e5c6bd78cf6df14ee8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 1 Mar 2003 00:48:09 +0000
Subject: Ensure added jobs increment total_jobs. Jeremy. (This used to be
 commit d29c6853dd0c43825b3775020076f34faa5cd329)

---
 source3/printing/printing.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index c9612ab3a9..26ea52e35a 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -916,6 +916,9 @@ static void print_queue_update(int snum)
 
 	SAFE_FREE(tstruct.queue);
 
+	DEBUG(10,("print_queue_update: printer %s INFO/total_jobs = %d\n",
+				printer_name, tstruct.total_jobs ));
+
 	tdb_store_int32(pdb->tdb, "INFO/total_jobs", tstruct.total_jobs);
 
 	get_queue_status(snum, &old_status);
@@ -1733,6 +1736,9 @@ to open spool file %s.\n", pjob.filename));
 
 	pjob_store(snum, jobid, &pjob);
 
+	/* Ensure we keep a rough count of the number of total jobs... */
+	tdb_change_int32_atomic(pdb->tdb, "INFO/total_jobs", &njobs, 1);
+
 	release_print_db(pdb);
 
 	return jobid;
-- 
cgit 


From 4e5439438c452e7153f122de2ca7428e885b4c6a Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 1 Mar 2003 01:07:18 +0000
Subject: the new DEVELOPER checks for string overflows have (as expected)
 broken a lot of stuff. These two macros are meant to make life easier when
 fixing these bugs. I'm guessing we will see more macros like this (eg.
 fstrcpy_base) (This used to be commit
 50389c0cb2504d7941ec691af21d6a20ae5c5de7)

---
 source3/include/safe_string.h | 9 +++++++++
 source3/libsmb/clirap.c       | 6 +++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 26bf6cdd6f..431dc400aa 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -87,4 +87,13 @@ char * __unsafe_string_function_usage_here__(void);
 #define strlower(s) strlower_m(s)
 #define strupper(s) strupper_m(s)
 
+/* the addition of the DEVELOPER checks in safe_strcpy means we must
+ * update a lot of code. To make this a little easier here are some
+ * functions that provide the lengths with less pain */
+#define pstrcpy_base(dest, src, pstring_base) \
+    safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
+
+#define push_pstring_base(dest, src, pstring_base) \
+    push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE)
+
 #endif
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index f8f840abaa..24108d40f3 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -221,10 +221,10 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
 	p = param;
 	SSVAL(p,0,0x68); /* api number */
 	p += 2;
-	pstrcpy(p,"WrLehDz");
+	pstrcpy_base(p,"WrLehDz", param);
 	p = skip_string(p,1);
   
-	pstrcpy(p,"B16BBDz");
+	pstrcpy_base(p,"B16BBDz", param);
 
 	p = skip_string(p,1);
 	SSVAL(p,0,uLevel);
@@ -233,7 +233,7 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
 	SIVAL(p,0,stype);
 	p += 4;
 
-	p += push_pstring(p, workgroup);
+	p += push_pstring_base(p, workgroup, param);
 	
 	if (cli_api(cli, 
                     param, PTR_DIFF(p,param), 8,        /* params, length, max */
-- 
cgit 


From e2366787aea4c1a083eb481dc3e58ec09a33c9e8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 1 Mar 2003 02:39:14 +0000
Subject: Added limit to number of jobs enumerated. Set to 0 (means no limit).
 Yes I will add the docs.... Jeremy. (This used to be commit
 4a739d914bb87a3c8d071dfd0f275a9aab1cf90a)

---
 source3/param/loadparm.c            | 4 ++++
 source3/rpc_server/srv_spoolss_nt.c | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 0eeb9be9de..246023ba47 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -340,6 +340,7 @@ typedef struct
 	char *szMSDfsProxy;
 	int iMinPrintSpace;
 	int iMaxPrintJobs;
+	int iMaxReportedPrintJobs;
 	int iWriteCacheSize;
 	int iCreate_mask;
 	int iCreate_force_mode;
@@ -460,6 +461,7 @@ static service sDefault = {
 	NULL,                   /* szMSDfsProxy */
 	0,			/* iMinPrintSpace */
 	1000,			/* iMaxPrintJobs */
+	0,			/* iMaxReportedPrintJobs */
 	0,			/* iWriteCacheSize */
 	0744,			/* iCreate_mask */
 	0000,			/* iCreate_force_mode */
@@ -907,6 +909,7 @@ static struct parm_struct parm_table[] = {
 	{"Printing Options", P_SEP, P_SEPARATOR},
 	
 	{"total print jobs", P_INTEGER, P_GLOBAL, &Globals.iTotalPrintJobs, NULL, NULL, FLAG_PRINT},
+	{"max reported print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxReportedPrintJobs, NULL, NULL, FLAG_PRINT},
 	{"max print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxPrintJobs, NULL, NULL, FLAG_PRINT},
 	{"load printers", P_BOOL, P_GLOBAL, &Globals.bLoadPrinters, NULL, NULL, FLAG_PRINT},
 	{"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_PRINT | FLAG_DEVELOPER},
@@ -1838,6 +1841,7 @@ FN_LOCAL_INTEGER(lp_max_connections, iMaxConnections)
 FN_LOCAL_INTEGER(lp_defaultcase, iDefaultCase)
 FN_LOCAL_INTEGER(lp_minprintspace, iMinPrintSpace)
 FN_LOCAL_INTEGER(lp_printing, iPrinting)
+FN_LOCAL_INTEGER(lp_max_reported_jobs, iMaxReportedPrintJobs)
 FN_LOCAL_INTEGER(lp_oplock_contention_limit, iOplockContentionLimit)
 FN_LOCAL_INTEGER(lp_csc_policy, iCSCPolicy)
 FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 4006d0c08e..b321832930 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -6323,6 +6323,7 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO
 	int snum;
 	print_status_struct prt_status;
 	print_queue_struct *queue=NULL;
+	int max_rep_jobs;
 
 	/* that's an [in out] buffer */
 	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
@@ -6336,6 +6337,8 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO
 	if (!get_printer_snum(p, handle, &snum))
 		return WERR_BADFID;
 
+	max_rep_jobs = lp_max_reported_jobs(snum);
+
 	*returned = print_queue_status(snum, &queue, &prt_status);
 	DEBUGADD(4,("count:[%d], status:[%d], [%s]\n", *returned, prt_status.status, prt_status.message));
 
@@ -6344,6 +6347,9 @@ WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO
 		return WERR_OK;
 	}
 
+	if (max_rep_jobs && (*returned > max_rep_jobs))
+		*returned = max_rep_jobs;
+
 	switch (level) {
 	case 1:
 		return enumjobs_level1(queue, snum, buffer, offered, needed, returned);
-- 
cgit 


From 9043696121cf05fc64f12507058dd56345809a6f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 1 Mar 2003 10:47:38 +0000
Subject: i forgot to commit the privilege db init call (This used to be commit
 e8ec2b118071ce1d8cbfbcebce3781ac753c5c22)

---
 source3/smbd/server.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index b7fb3b5701..0bcfcb9c78 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -894,6 +894,10 @@ static BOOL init_structs(void )
 	if (!init_change_notify())
 		exit(1);
 
+	/* Setup privileges database */
+	if (!privilege_init())
+		exit(1);
+
 	/* re-initialise the timezone */
 	TimeInit();
 
-- 
cgit 


From aa543f1345a2a10b65d6f3162f7db81b96db3d6a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Mar 2003 08:35:49 +0000
Subject: Add const (This used to be commit
 251b91f46988053eccc53f814a23ed5ca787c852)

---
 source3/libsmb/clispnego.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index dfa8f80146..53f7eb6e7d 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -260,7 +260,7 @@ BOOL parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *se
 /*
   generate a krb5 GSS-API wrapper packet given a ticket
 */
-DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket, uint8 tok_id[2])
+DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket, const uint8 tok_id[2])
 {
 	ASN1_DATA data;
 	DATA_BLOB ret;
-- 
cgit 


From 1cf903851279309b9060357ce73e1ed680757929 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Mar 2003 09:12:40 +0000
Subject: Fixes to the vfs_fake_perms modules - we only need to specify the VFS
 functions that we actually modify.

Also a better implementation of the stat() and fstat() functions.

Andrew Bartlett
(This used to be commit 03e74be11cf76167ed211398016274cbaba5847b)
---
 source3/modules/vfs_fake_perms.c | 240 +++++----------------------------------
 1 file changed, 29 insertions(+), 211 deletions(-)

diff --git a/source3/modules/vfs_fake_perms.c b/source3/modules/vfs_fake_perms.c
index 7fbf27e907..85515df21a 100644
--- a/source3/modules/vfs_fake_perms.c
+++ b/source3/modules/vfs_fake_perms.c
@@ -44,184 +44,41 @@
 static struct vfs_ops default_vfs_ops;   /* For passthrough operation */
 static struct smb_vfs_handle_struct *fake_perms_handle; /* use fake_perms_handle->data for storing per-instance private data */
 
-static int fake_perms_connect(struct connection_struct *conn, const char *service, const char *user)    
-{
-	return default_vfs_ops.connect(conn, service, user);
-}
-
-static void fake_perms_disconnect(struct connection_struct *conn)
-{
-	default_vfs_ops.disconnect(conn);
-}
-
-static SMB_BIG_UINT fake_perms_disk_free(struct connection_struct *conn, const char *path,
-	BOOL small_query, SMB_BIG_UINT *bsize,
-	SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
-{
-	return default_vfs_ops.disk_free(conn, path, small_query, bsize, 
-					 dfree, dsize);
-}
-
-static DIR *fake_perms_opendir(struct connection_struct *conn, const char *fname)
-{
-	return default_vfs_ops.opendir(conn, fname);
-}
-
-static struct dirent *fake_perms_readdir(struct connection_struct *conn, DIR *dirp)
-{
-	return default_vfs_ops.readdir(conn, dirp);
-}
-
-static int fake_perms_mkdir(struct connection_struct *conn, const char *path, mode_t mode)
-{
-	return default_vfs_ops.mkdir(conn, path, mode);
-}
-
-static int fake_perms_rmdir(struct connection_struct *conn, const char *path)
-{
-	return default_vfs_ops.rmdir(conn, path);
-}
-
-static int fake_perms_closedir(struct connection_struct *conn, DIR *dir)
-{
-	return default_vfs_ops.closedir(conn, dir);
-}
-
-static int fake_perms_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode)
-{
-	return default_vfs_ops.open(conn, fname, flags, mode);
-}
-
-static int fake_perms_close(struct files_struct *fsp, int fd)
-{
-	return default_vfs_ops.close(fsp, fd);
-}
-
-static ssize_t fake_perms_read(struct files_struct *fsp, int fd, void *data, size_t n)
-{
-	return default_vfs_ops.read(fsp, fd, data, n);
-}
-
-static ssize_t fake_perms_write(struct files_struct *fsp, int fd, const void *data, size_t n)
-{
-	return default_vfs_ops.write(fsp, fd, data, n);
-}
-
-static SMB_OFF_T fake_perms_lseek(struct files_struct *fsp, int filedes, SMB_OFF_T offset, int whence)
-{
-	return default_vfs_ops.lseek(fsp, filedes, offset, whence);
-}
-
-static int fake_perms_rename(struct connection_struct *conn, const char *old, const char *new)
-{
-	return default_vfs_ops.rename(conn, old, new);
-}
-
-static int fake_perms_fsync(struct files_struct *fsp, int fd)
-{
-	return default_vfs_ops.fsync(fsp, fd);
-}
-
 static int fake_perms_stat(struct connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf)
 {
 	int ret = default_vfs_ops.stat(conn, fname, sbuf);
-	extern struct current_user current_user;
-	
-	if (S_ISDIR(sbuf->st_mode)) {
-		sbuf->st_mode = S_IFDIR | S_IRWXU;
-	} else {
-		sbuf->st_mode = S_IRWXU;
+	if (ret == 0) {
+		extern struct current_user current_user;
+		
+		if (S_ISDIR(sbuf->st_mode)) {
+			sbuf->st_mode = S_IFDIR | S_IRWXU;
+		} else {
+			sbuf->st_mode = S_IRWXU;
+		}
+		sbuf->st_uid = current_user.uid;
+		sbuf->st_gid = current_user.gid;
 	}
-	sbuf->st_uid = current_user.uid;
-	sbuf->st_gid = current_user.gid;
 	return ret;
 }
 
 static int fake_perms_fstat(struct files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf)
 {
-	return default_vfs_ops.fstat(fsp, fd, sbuf);
-}
-
-static int fake_perms_lstat(struct connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf)
-{
-	return default_vfs_ops.lstat(conn, path, sbuf);
-}
-
-static int fake_perms_unlink(struct connection_struct *conn, const char *path)
-{
-	return default_vfs_ops.unlink(conn, path);
-}
-
-static int fake_perms_chmod(struct connection_struct *conn, const char *path, mode_t mode)
-{
-	return default_vfs_ops.chmod(conn, path, mode);
-}
-
-static int fake_perms_fchmod(struct files_struct *fsp, int fd, mode_t mode)
-{
-	return default_vfs_ops.fchmod(fsp, fd, mode);
-}
-
-static int fake_perms_chown(struct connection_struct *conn, const char *path, uid_t uid, gid_t gid)
-{
-	return default_vfs_ops.chown(conn, path, uid, gid);
-}
-
-static int fake_perms_fchown(struct files_struct *fsp, int fd, uid_t uid, gid_t gid)
-{
-	return default_vfs_ops.fchown(fsp, fd, uid, gid);
-}
-
-static int fake_perms_chdir(struct connection_struct *conn, const char *path)
-{
-	return default_vfs_ops.chdir(conn, path);
-}
-
-static char *fake_perms_getwd(struct connection_struct *conn, char *buf)
-{
-	return default_vfs_ops.getwd(conn, buf);
-}
-
-static int fake_perms_utime(struct connection_struct *conn, const char *path, struct utimbuf *times)
-{
-	return default_vfs_ops.utime(conn, path, times);
-}
-
-static int fake_perms_ftruncate(struct files_struct *fsp, int fd, SMB_OFF_T offset)
-{
-	return default_vfs_ops.ftruncate(fsp, fd, offset);
-}
-
-static BOOL fake_perms_lock(struct files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
-{
-	return default_vfs_ops.lock(fsp, fd, op, offset, count, type);
-}
-
-static BOOL fake_perms_symlink(struct connection_struct *conn, const char *oldpath, const char *newpath)
-{
-	return default_vfs_ops.symlink(conn, oldpath, newpath);
-}
-
-static BOOL fake_perms_readlink(struct connection_struct *conn, const char *path, char *buf, size_t bufsiz)
-{
-	return default_vfs_ops.readlink(conn, path, buf, bufsiz);
-}
-
-static int fake_perms_link(struct connection_struct *conn, const char *oldpath, const char *newpath)
-{
-	return default_vfs_ops.link(conn, oldpath, newpath);
-}
-
-static int fake_perms_mknod(struct connection_struct *conn, const char *path, mode_t mode, SMB_DEV_T dev)
-{
-	return default_vfs_ops.mknod(conn, path, mode, dev);
-}
-
-static char *fake_perms_realpath(struct connection_struct *conn, const char *path, char *resolved_path)
-{
-	return default_vfs_ops.realpath(conn, path, resolved_path);
+	int ret = default_vfs_ops.fstat(fsp, fd, sbuf);
+	if (ret == 0) {
+		extern struct current_user current_user;
+		
+		if (S_ISDIR(sbuf->st_mode)) {
+			sbuf->st_mode = S_IFDIR | S_IRWXU;
+		} else {
+			sbuf->st_mode = S_IRWXU;
+		}
+		sbuf->st_uid = current_user.uid;
+		sbuf->st_gid = current_user.gid;
+	}
+	return ret;
 }
 
+#if 0
 static size_t fake_perms_fget_nt_acl(struct files_struct *fsp, int fd, struct security_descriptor_info **ppdesc)
 {
 	return default_vfs_ops.fget_nt_acl(fsp, fd, ppdesc);
@@ -361,56 +218,14 @@ static int fake_perms_sys_acl_free_qualifier(struct connection_struct *conn, voi
 {
 	return default_vfs_ops.sys_acl_free_qualifier(conn, qualifier, tagtype);
 }
-
+#endif
 
 /* VFS operations structure */
 
 static vfs_op_tuple fake_perms_ops[] = {
 
-	/* Disk operations */
-
-	{fake_perms_connect,			SMB_VFS_OP_CONNECT, 		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_disconnect,		SMB_VFS_OP_DISCONNECT,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_disk_free,		SMB_VFS_OP_DISK_FREE,		SMB_VFS_LAYER_TRANSPARENT},
-	
-	/* Directory operations */
-
-	{fake_perms_opendir,			SMB_VFS_OP_OPENDIR,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_readdir,			SMB_VFS_OP_READDIR,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_mkdir,			SMB_VFS_OP_MKDIR,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_rmdir,			SMB_VFS_OP_RMDIR,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_closedir,			SMB_VFS_OP_CLOSEDIR,		SMB_VFS_LAYER_TRANSPARENT},
-
-	/* File operations */
-
-	{fake_perms_open,			SMB_VFS_OP_OPEN,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_close,			SMB_VFS_OP_CLOSE,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_read,			SMB_VFS_OP_READ,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_write,			SMB_VFS_OP_WRITE,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_lseek,			SMB_VFS_OP_LSEEK,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_rename,			SMB_VFS_OP_RENAME,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_fsync,			SMB_VFS_OP_FSYNC,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_stat,			SMB_VFS_OP_STAT,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_fstat,			SMB_VFS_OP_FSTAT,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_lstat,			SMB_VFS_OP_LSTAT,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_unlink,			SMB_VFS_OP_UNLINK,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_chmod,			SMB_VFS_OP_CHMOD,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_fchmod,			SMB_VFS_OP_FCHMOD,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_chown,			SMB_VFS_OP_CHOWN,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_fchown,			SMB_VFS_OP_FCHOWN,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_chdir,			SMB_VFS_OP_CHDIR,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_getwd,			SMB_VFS_OP_GETWD,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_utime,			SMB_VFS_OP_UTIME,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_ftruncate,		SMB_VFS_OP_FTRUNCATE,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_lock,			SMB_VFS_OP_LOCK,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_symlink,			SMB_VFS_OP_SYMLINK,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_readlink,			SMB_VFS_OP_READLINK,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_link,			SMB_VFS_OP_LINK,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_mknod,			SMB_VFS_OP_MKNOD,		SMB_VFS_LAYER_TRANSPARENT},
-	{fake_perms_realpath,			SMB_VFS_OP_REALPATH,		SMB_VFS_LAYER_TRANSPARENT},
-
 	/* NT File ACL operations */
-
+#if 0
 	{fake_perms_fget_nt_acl,		SMB_VFS_OP_FGET_NT_ACL,		SMB_VFS_LAYER_TRANSPARENT},
 	{fake_perms_get_nt_acl,		SMB_VFS_OP_GET_NT_ACL,		SMB_VFS_LAYER_TRANSPARENT},
 	{fake_perms_fset_nt_acl,		SMB_VFS_OP_FSET_NT_ACL,		SMB_VFS_LAYER_TRANSPARENT},
@@ -443,7 +258,10 @@ static vfs_op_tuple fake_perms_ops[] = {
 	{fake_perms_sys_acl_free_text,	SMB_VFS_OP_SYS_ACL_FREE_TEXT,		SMB_VFS_LAYER_TRANSPARENT},
 	{fake_perms_sys_acl_free_acl,		SMB_VFS_OP_SYS_ACL_FREE_ACL,		SMB_VFS_LAYER_TRANSPARENT},
 	{fake_perms_sys_acl_free_qualifier,	SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,	SMB_VFS_LAYER_TRANSPARENT},
+#endif
 	
+	{fake_perms_stat,	SMB_VFS_OP_STAT,	SMB_VFS_LAYER_TRANSPARENT},
+	{fake_perms_fstat,	SMB_VFS_OP_FSTAT,	SMB_VFS_LAYER_TRANSPARENT},
 	{NULL,	SMB_VFS_OP_NOOP,	SMB_VFS_LAYER_NOOP}
 };
 
-- 
cgit 


From 04efc2dcf7cad460edc5646c066afb1300ba962f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Mar 2003 09:16:21 +0000
Subject: Try the PASSWD environment variable if we don't have one from the
 command line. (This used to be commit
 14d7d8b22993ca7f1c273a7baaccb09c8fa04ef9)

---
 source3/utils/net.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/utils/net.c b/source3/utils/net.c
index ada0ed53e1..c1285bc64b 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -636,6 +636,10 @@ static struct functable net_func[] = {
 			exit(1);
 		}
 	}
+
+	if (!opt_password) {
+		opt_password = getenv("PASSWD");
+	}
   	 
 	rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
 	
-- 
cgit 


From 21be9e77761f56abf2b00d4faece2fae2f45e3b6 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 3 Mar 2003 16:34:19 +0000
Subject: * CR1868: only send a change notify message if we have something  
 that changed that the client is monitoring.

* couple of comments abnout how we need to validate driver names
  on SetPrinter() and AddPrinter()

* up the debug level on some overly verbose dev mode parsing messages
(This used to be commit 7377d671e8a95ac2ab0452f564b18b2a098699cb)
---
 source3/rpc_parse/parse_spoolss.c   |  2 +-
 source3/rpc_server/srv_spoolss_nt.c | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 47737908f0..0545f89ff7 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -789,7 +789,7 @@ BOOL spoolss_io_devmode(const char *desc, prs_struct *ps, int depth, DEVICEMODE
 	
 	while ((available_space > 0)  && (i < DM_NUM_OPTIONAL_FIELDS))
 	{
-		DEBUG(10, ("spoolss_io_devmode: [%d] bytes left to parse in devmode\n", available_space));
+		DEBUG(11, ("spoolss_io_devmode: [%d] bytes left to parse in devmode\n", available_space));
 		if (!prs_uint32(opt_fields[i].name, ps, depth, opt_fields[i].field))
 			return False;
 		available_space -= sizeof(uint32);
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index b321832930..4090800fc9 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -900,7 +900,7 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
 	TALLOC_CTX		 *mem_ctx = notify_ctr_getctx( ctr );
 	SPOOLSS_NOTIFY_MSG_GROUP *msg_group = notify_ctr_getgroup( ctr, idx );
 	SPOOLSS_NOTIFY_MSG       *messages;
-	
+	int			 sending_msg_count;
 	
 	if ( !msg_group ) {
 		DEBUG(5,("send_notify2_changes() called with no msg group!\n"));
@@ -949,6 +949,8 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
 		
 		/* build the array of change notifications */
 		
+		sending_msg_count = 0;
+		
 		for ( i=0; i<msg_group->num_msgs; i++ ) {
 			SPOOLSS_NOTIFY_MSG	*msg = &messages[i];
 			
@@ -957,6 +959,8 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
 			if (!is_monitoring_event(p, msg->type, msg->field))
 				continue;
 
+			sending_msg_count++;
+			
 			
 			DEBUG(10,("process_notify2_message: Sending message type [%x] field [%x] for printer [%s]\n",
 				msg->type, msg->field, p->dev.handlename));
@@ -1012,9 +1016,11 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
 			data_len++;
 		}
 
+		if ( sending_msg_count ) {
 		cli_spoolss_rrpcn( &notify_cli, mem_ctx, &p->notify.client_hnd, 
 				data_len, data, p->notify.change, 0 );
 	}
+	}
 	
 done:
 	DEBUG(8,("send_notify2_changes: Exit...\n"));
@@ -5886,6 +5892,9 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 		goto done;
 	}
 
+	/* FIXME!!! If the driver has changed we really should verify that 
+	   it is installed before doing much else   --jerry */
+
 	/* Check calling user has permission to update printer description */
 
 	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
@@ -7177,6 +7186,9 @@ static WERROR spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_
 		free_a_printer(&printer, 2);
 		return WERR_PRINTER_ALREADY_EXISTS;
 	}
+	
+	/* FIXME!!!  smbd should check to see if the driver is installed before
+	   trying to add a printer like this  --jerry */
 
 	if (*lp_addprinter_cmd() ) {
 		if ( !add_printer_hook(printer) ) {
-- 
cgit 


From 03a4c1907f93a2efb985ca69180f800be285926d Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 3 Mar 2003 17:33:57 +0000
Subject: * always report ourselves as a Windows 2000 print server (even  
 without ADS support) * add "MinorVersion" print server data key and comment
 on "OSVersion" (This used to be commit
 342734e3de71c7dc8e3d24fd66dae58cf647a569)

---
 source3/rpc_server/srv_spoolss_nt.c | 37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 4090800fc9..8073e3cf28 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -2220,14 +2220,37 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint
 		*type = 0x4;
 		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
 			return WERR_NOMEM;
-#ifdef HAVE_ADS
 		SIVAL(*data, 0, 3);
-#else
+		*needed = 0x4;
+		return WERR_OK;
+	}
+
+	if (!StrCaseCmp(value, "MinorVersion")) {
+		*type = 0x4;
+		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
+			return WERR_NOMEM;
+		SIVAL(*data, 0, 0);
+		*needed = 0x4;
+		return WERR_OK;
+	}
+
+#if 0	/* JERRY */	
+	/* REG_BINARY
+	 *  uint32 size	 	 = 0x114
+	 *  uint32 major	 = 5
+	 *  uint32 minor	 = [0|1]
+	 *  uint32 build 	 = [2195|2600]
+	 *  extra unicode string = e.g. "Service Pack 3"
+	 */
+	if (!StrCaseCmp(value, "OSVersion")) {
+		*type = 0x4;
+		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
+			return WERR_NOMEM;
 		SIVAL(*data, 0, 2);
-#endif
 		*needed = 0x4;
 		return WERR_OK;
 	}
+#endif
 
    	if (!StrCaseCmp(value, "DefaultSpoolDirectory")) {
 		fstring string;
@@ -3843,13 +3866,11 @@ static BOOL construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *p
 
 	printer->global_counter = global_counter;
 	printer->total_pages = 0;
-#ifdef HAVE_ADS
+	
+	/* in 2.2 we reported ourselves as 0x0004 and 0x0565 */
 	printer->major_version = 0x0005; 	/* NT 5 */
 	printer->build_version = 0x0893; 	/* build 2195 */
-#else
-	printer->major_version = 0x0004; 	/* NT 4 */
-	printer->build_version = 0x0565; 	/* build 1381 */
-#endif
+	
 	printer->unknown7 = 0x1;
 	printer->unknown8 = 0x0;
 	printer->unknown9 = 0x0;
-- 
cgit 


From 3042cfb7fabe25cc06e5cf6c49c2716c1112b6d2 Mon Sep 17 00:00:00 2001
From: Richard Sharpe <sharpe@samba.org>
Date: Mon, 3 Mar 2003 17:43:33 +0000
Subject: Do my janitorial duties to encourage others to do so. Fix lingering
 large offset problems in smbtar etc. (This used to be commit
 c416eec2f2a38eebfcda5868999d474628037f1e)

---
 source3/client/clitar.c  | 13 +++++++------
 source3/libsmb/clifile.c |  2 +-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index e8be5e04e7..74d901a2ca 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -959,9 +959,10 @@ static int skip_file(int skipsize)
 
 static int get_file(file_info2 finfo)
 {
-  int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0;
+  int fnum = -1, pos = 0, dsize = 0, bpos = 0;
+  SMB_BIG_UINT rsize = 0;
 
-  DEBUG(5, ("get_file: file: %s, size %i\n", finfo.name, (int)finfo.size));
+  DEBUG(5, ("get_file: file: %s, size %.0f\n", finfo.name, (double)finfo.size));
 
   if (ensurepath(finfo.name) && 
       (fnum=cli_open(cli, finfo.name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) {
@@ -1052,7 +1053,7 @@ static int get_file(file_info2 finfo)
 
   ntarf++;
 
-  DEBUG(0, ("restore tar file %s of size %d bytes\n", finfo.name, (int)finfo.size));
+  DEBUG(0, ("restore tar file %s of size %.0f bytes\n", finfo.name, (double)finfo.size));
   
   return(True);
 }
@@ -1082,18 +1083,18 @@ static int get_dir(file_info2 finfo)
 */
 static char * get_longfilename(file_info2 finfo)
 {
-  int namesize = finfo.size + strlen(cur_dir) + 2;
+  int namesize = strlen(finfo.name) + strlen(cur_dir) + 2;
   char *longname = malloc(namesize);
   int offset = 0, left = finfo.size;
   BOOL first = True;
 
   DEBUG(5, ("Restoring a long file name: %s\n", finfo.name));
-  DEBUG(5, ("Len = %d\n", (int)finfo.size));
+  DEBUG(5, ("Len = %.0f\n", (double)finfo.size));
 
   if (longname == NULL) {
 
     DEBUG(0, ("could not allocate buffer of size %d for longname\n", 
-	      (int)(finfo.size + strlen(cur_dir) + 2)));
+	      namesize));
     return(NULL);
   }
 
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 07b1ff6b6f..31d7ea5911 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -805,7 +805,7 @@ BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_
 ****************************************************************************/
 
 BOOL cli_getattrE(struct cli_state *cli, int fd, 
-		  uint16 *attr, size_t *size, 
+		  uint16 *attr, SMB_BIG_UINT *size, 
 		  time_t *c_time, time_t *a_time, time_t *m_time)
 {
 	memset(cli->outbuf,'\0',smb_size);
-- 
cgit 


From 56d0621264b3e62d8672dbb1aa4422b7cb5afc59 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 3 Mar 2003 19:36:16 +0000
Subject: Fix "might be used uninitialised" warnings. Jeremy. (This used to be
 commit a670b57c563b220c2ede1dac4ce1e9c71c866498)

---
 source3/nsswitch/winbindd_rpc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 9989f27109..9ec35617f1 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -344,7 +344,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 			   DOM_SID *user_sid, 
 			   WINBIND_USERINFO *user_info)
 {
-	CLI_POLICY_HND *hnd;
+	CLI_POLICY_HND *hnd = NULL;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND dom_pol, user_pol;
 	BOOL got_dom_pol = False, got_user_pol = False;
@@ -509,7 +509,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 				DOM_SID ***sid_mem, char ***names, 
 				uint32 **name_types)
 {
-        CLI_POLICY_HND *hnd;
+        CLI_POLICY_HND *hnd = NULL;
         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
         uint32 i, total_names = 0;
         POLICY_HND dom_pol, group_pol;
-- 
cgit 


From f434f039e606c368eacb995e30c859daa85c64eb Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 3 Mar 2003 19:53:04 +0000
Subject: dlsym takes a const char *. Jeremy. (This used to be commit
 ff3827a62b37342b13fd8b4eafd256d91428c02b)

---
 source3/lib/system.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/lib/system.c b/source3/lib/system.c
index 18cccda935..6ff97b88da 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -1192,7 +1192,7 @@ void *sys_dlopen(const char *name, int flags)
 #endif
 }
 
-void *sys_dlsym(void *handle, char *symbol)
+void *sys_dlsym(void *handle, const char *symbol)
 {
 #if defined(HAVE_DLSYM)
     return dlsym(handle, symbol);
-- 
cgit 


From 6a58faf46225ffd4c977fe82b8b45374f65c1cec Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 3 Mar 2003 20:12:07 +0000
Subject: Const warning fixes. Jeremy. (This used to be commit
 3ad62ebe26d8c6b82f8618eea11d104b3ab0ec18)

---
 source3/smbd/vfs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 6574a34eaa..533c64b229 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -636,7 +636,7 @@ static BOOL handle_vfs_option(char *pszParmValue, char **ptr)
  A wrapper for vfs_chdir().
 ********************************************************************/
 
-int vfs_ChDir(connection_struct *conn, char *path)
+int vfs_ChDir(connection_struct *conn, const char *path)
 {
 	int res;
 	static pstring LastDir="";
@@ -784,7 +784,7 @@ char *vfs_GetWd(connection_struct *conn, char *path)
 /* check if the file 'nmae' is a symlink, in that case check that it point to
    a file that reside under the 'dir' tree */
 
-static BOOL readlink_check(connection_struct *conn, char *dir, char *name)
+static BOOL readlink_check(connection_struct *conn, const char *dir, char *name)
 {
 	BOOL ret = True;
 	pstring flink;
-- 
cgit 


From 7f15d5828f6683f2490ef864a2176919549880d7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 3 Mar 2003 23:53:35 +0000
Subject: Another pstrcpy() into malloc()ed buffer fix.

Andrew Bartlett
(This used to be commit bd0c84d60b703e89081838a7cfa1eb1b4f45ad0a)
---
 source3/smbd/statcache.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index f4b613428a..b6e84ec9a5 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -106,8 +106,8 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
         DEBUG(0,("stat_cache_add: Out of memory !\n"));
         return;
       }
-      pstrcpy(scp->names, orig_name);
-      pstrcpy((scp->names+namelen+1), translated_path);
+      safe_strcpy(scp->names, orig_name, namelen);
+      safe_strcpy((scp->names+namelen+1), translated_path, namelen);
       scp->name_len = namelen;
       hash_insert(&stat_cache, (char *)scp, orig_name);
     }
-- 
cgit 


From c502756113d53c7000c0f83a109ac36cb3a1020b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 4 Mar 2003 09:33:34 +0000
Subject: Fix another 'off by one' bug with safe_strcpy().  It is unclear if
 the intent was to limit the string to 31 or 32 characters (excluding the null
 term), so I've assumed for now that 32 is fine, as this matches current
 behaviour (well, current behaviour would crash, but anyway...)

Jerry:  Can you look at this for me?

Andrew Bartlett
(This used to be commit 6c43327ea2b50820ea4f623c889dc4525d58baa3)
---
 source3/printing/nt_printing.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 0f5067c5a0..4c454ef111 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2106,7 +2106,7 @@ done:
 NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename)
 {
 
-	char adevice[32];
+	char adevice[33];
 	NT_DEVICEMODE *nt_devmode = (NT_DEVICEMODE *)malloc(sizeof(NT_DEVICEMODE));
 
 	if (nt_devmode == NULL) {
@@ -2116,7 +2116,7 @@ NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename)
 
 	ZERO_STRUCTP(nt_devmode);
 
-	safe_strcpy(adevice, default_devicename, sizeof(adevice));
+	safe_strcpy(adevice, default_devicename, sizeof(adevice)-1);
 	fstrcpy(nt_devmode->devicename, adevice);	
 	
 	fstrcpy(nt_devmode->formname, "Letter");
-- 
cgit 


From fe45e6d79a61df5f25e461603ff93c563da186b7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 5 Mar 2003 00:54:07 +0000
Subject: Connectathon fix. W2K -> W2K over port 445 doing a tconX does the
 full \\server\share syntax, not just a "share" tconX syntax. This broke
 interop with a vendor. Jeremy. (This used to be commit
 9d7ea5585c873156ede4b56e43a0d4d75077283a)

---
 source3/libsmb/cliconnect.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 4962ffa3c9..49b0004ac2 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -780,13 +780,8 @@ BOOL cli_send_tconX(struct cli_state *cli,
 		}
 	}
 
-	if (cli->port == 445) {
-		slprintf(fullshare, sizeof(fullshare)-1,
-			 "%s", share);
-	} else {
-		slprintf(fullshare, sizeof(fullshare)-1,
-			 "\\\\%s\\%s", cli->desthost, share);
-	}
+	slprintf(fullshare, sizeof(fullshare)-1,
+		 "\\\\%s\\%s", cli->desthost, share);
 
 	set_message(cli->outbuf,4, 0, True);
 	SCVAL(cli->outbuf,smb_com,SMBtconX);
-- 
cgit 


From 1cdafbf17ebbcb1840cdb1bde3b49600406ed904 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 5 Mar 2003 01:30:26 +0000
Subject: Writable string const fixes. Jeremy. (This used to be commit
 60b0cfc8a5b6275d3460ebc6bf17d0f08e25b67e)

---
 source3/libsmb/namequery.c     |  2 +-
 source3/printing/lpq_parse.c   |  2 +-
 source3/printing/nt_printing.c | 18 ++++++++++++------
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 62b94761ad..18ce5e4bd9 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -1263,7 +1263,7 @@ BOOL get_dc_list(const char *domain, struct in_addr **ip_list, int *count, int *
 	/* If it's our domain then use the 'password server' parameter. */
 
 	if (strequal(domain, lp_workgroup())) {
-		char *p;
+		const char *p;
 		char *pserver = lp_passwordserver(); /* UNIX charset. */
 		fstring name;
 		int num_addresses = 0;
diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c
index 4b91b8ac9a..0b4ce4b4ca 100644
--- a/source3/printing/lpq_parse.c
+++ b/source3/printing/lpq_parse.c
@@ -592,7 +592,7 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
 {
   fstring tok[7];
   int count=0;
-  const char *cline;
+  const char *cline = line;
 
   DEBUG(4,("antes [%s]\n", line));
 
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 4c454ef111..6df2c6b445 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1075,6 +1075,7 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in,
 	NTSTATUS          nt_status;
  	pstring           driverpath;
 	DATA_BLOB         null_pw;
+	fstring           res_type;
 	files_struct      *fsp = NULL;
 	BOOL              bad_path;
 	SMB_STRUCT_STAT   st;
@@ -1098,8 +1099,9 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in,
 
 	/* Null password is ok - we are already an authenticated user... */
 	null_pw = data_blob(NULL, 0);
+	fstrcpy(res_type, "A:");
  	become_root();
-	conn = make_connection_with_chdir("print$", null_pw, "A:", user->vuid, &nt_status);
+	conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status);
 	unbecome_root();
 
 	if (conn == NULL) {
@@ -1389,6 +1391,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
 	NTSTATUS nt_status;
 	pstring inbuf;
 	pstring outbuf;
+	fstring res_type;
 	int ver = 0;
 	int i;
 
@@ -1413,9 +1416,10 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
 	 * Note we must be root to do this.
 	 */
 
-	become_root();
 	null_pw = data_blob(NULL, 0);
-	conn = make_connection_with_chdir("print$", null_pw, "A:", user->vuid, &nt_status);
+	fstrcpy(res_type, "A:");
+	become_root();
+	conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status);
 	unbecome_root();
 
 	if (conn == NULL) {
@@ -4308,7 +4312,8 @@ static BOOL delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct
 	connection_struct *conn;
 	DATA_BLOB null_pw;
 	NTSTATUS nt_status;
-	
+	fstring res_type;
+
 	if ( !info_3 )
 		return False;
 		
@@ -4320,9 +4325,10 @@ static BOOL delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct
 	 * do this.
 	 */
 	 
-	become_root();
 	null_pw = data_blob( NULL, 0 );
-        conn = make_connection_with_chdir( "print$", null_pw, "A:", user->vuid, &nt_status );
+	fstrcpy(res_type, "A:");
+	become_root();
+        conn = make_connection_with_chdir( "print$", null_pw, res_type, user->vuid, &nt_status );
 	unbecome_root();
 	
 	if ( !conn ) {
-- 
cgit 


From 7a9987481e70676918488b05e5dda44754e825e1 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 5 Mar 2003 01:34:37 +0000
Subject: More const fixes. Jeremy. (This used to be commit
 7b945e10a6c636c0b0aabc841803bf44405cb2ae)

---
 source3/libads/krb5_setpw.c     | 4 ++--
 source3/registry/reg_printing.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 9d8fb8d24c..ac7377cd2f 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -180,7 +180,7 @@ static krb5_error_code build_kpasswd_request(uint16 pversion,
 
 static krb5_error_code krb5_setpw_result_code_string(krb5_context context,
 						     int result_code,
-						     char **code_string)
+						     const char **code_string)
 {
    switch (result_code) {
    case KRB5_KPASSWD_MALFORMED:
@@ -318,7 +318,7 @@ static krb5_error_code parse_setpw_reply(krb5_context context,
 	if(res_code == KRB5_KPASSWD_SUCCESS)
 			return 0;
 	else {
-		char *errstr;
+		const char *errstr;
 		krb5_setpw_result_code_string(context, res_code, &errstr);
 		DEBUG(1, ("Error changing password: %s\n", errstr));
 
diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c
index 619ffc7ee7..50ac81dcbb 100644
--- a/source3/registry/reg_printing.c
+++ b/source3/registry/reg_printing.c
@@ -33,7 +33,7 @@
 #define KEY_INDEX_FORMS		1
 #define KEY_INDEX_PRINTER	2
 
-static char *top_level_keys[MAX_TOP_LEVEL_KEYS] = { 
+static const char *top_level_keys[MAX_TOP_LEVEL_KEYS] = { 
 	"Environments", 
 	"Forms",
 	"Printers" 
-- 
cgit 


From 4c8091ef9cfa6b196355b007d6f280c90a15bae7 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Wed, 5 Mar 2003 05:14:19 +0000
Subject: Use PRINTER_ALL_ACCESS instead of MAXIMUM_ALLOWED_ACCESS in
 setprinter command.  From Ronan Waide <waider@waider.ie>. (This used to be
 commit 992b5eb4e05fbf99d91d7235b9a002957533f95b)

---
 source3/rpcclient/cmd_spoolss.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 9f6f539e19..9686fd1e24 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -1362,7 +1362,7 @@ static NTSTATUS cmd_spoolss_setdriver(struct cli_state *cli,
 	/* Get a printer handle */
 
 	result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", 
-					     MAXIMUM_ALLOWED_ACCESS,
+					     PRINTER_ALL_ACCESS,
 					     servername, user, &pol);
 
 	if (!W_ERROR_IS_OK(result))
-- 
cgit 


From f98e4e24b1fd9353c6eb2c28d588e3c2fbc1f00d Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 5 Mar 2003 05:19:35 +0000
Subject: lp_string: Add note about dodgy StrnCpy use. (This used to be commit
 b32ae2d83fd0b4dd2c313cd0727bd276564cec0c)

---
 source3/param/loadparm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 246023ba47..f7f12bbe80 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1516,6 +1516,9 @@ static char *lp_string(const char *s)
 	if (!ret)
 		return NULL;
 
+	/* Note: StrnCpy touches len+1 bytes, but we allocate 100
+	 * extra bytes so we're OK. */
+
 	if (!s)
 		*ret = 0;
 	else
-- 
cgit 


From 7703af373d0b43d6ae2490aec9e7b4ba99ea64ea Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Mar 2003 08:48:08 +0000
Subject: This file has not been maintained for a while - if we really want
 this behaviour we should seperate -g from --enable-developer, and allow
 developers to also select --enable-debug if they want.

Andrew Bartlett
(This used to be commit 96d1449c42597ea22c538a004960b26925c641fc)
---
 source3/configure.nodebug.developer | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100755 source3/configure.nodebug.developer

diff --git a/source3/configure.nodebug.developer b/source3/configure.nodebug.developer
deleted file mode 100755
index 65e21b4bdf..0000000000
--- a/source3/configure.nodebug.developer
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-CFLAGS="-Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD"; export CFLAGS
-./configure $*
-- 
cgit 


From b4e60e5d7b1abcbf519fb2fdf4e6a5b121d32d60 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Mar 2003 08:49:56 +0000
Subject: also ignore the autom4te-2.53.cache (This used to be commit
 243c9c37a53501b96df6286517e03eb09efcc620)

---
 source3/.cvsignore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/.cvsignore b/source3/.cvsignore
index fef2453824..074a88cef2 100644
--- a/source3/.cvsignore
+++ b/source3/.cvsignore
@@ -6,7 +6,7 @@
 .proto.check
 .proto.stamp
 autom4te.cache
-ID
+autom4te-2.53.cache
 ID
 Makefile
 bin
-- 
cgit 


From ce7f54e953a4f6676c3569dc113e76147e19ef45 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Mar 2003 09:33:43 +0000
Subject: Add a test for a useful property of the compiler - we can get
 link-time failures for some compile-time properties this way.

Andrew Bartlett
(This used to be commit ce618624b7df797e228f8ef0f19820b318c62ae9)
---
 source3/configure.in | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/source3/configure.in b/source3/configure.in
index 269d70c2fc..cc38e37f3f 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -652,6 +652,24 @@ if test x"$samba_cv_immediate_structures" = x"yes"; then
    AC_DEFINE(HAVE_IMMEDIATE_STRUCTURES,1,[Whether the compiler supports immediate structures])
 fi
 
+############################################
+# check if the compiler can do immediate structures
+AC_CACHE_CHECK([if the compiler will optimize out function calls],samba_cv_optimize_out_funcation_calls, [
+    AC_TRY_LINK([
+#include <stdio.h>],
+[
+		if (1) {
+		   this_function_does_not_exist();
+		} else {
+		  return 1;
+		}
+
+],
+	samba_cv_optimize_out_funcation_calls=yes,samba_cv_optimize_out_funcation_calls=no)])
+if test x"$samba_cv_optimize_out_funcation_calls" = x"yes"; then
+   AC_DEFINE(HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS,1,[Whether the compiler will optimize out function calls])
+fi
+
 ############################################
 # check for unix domain sockets
 AC_CACHE_CHECK([for unix domain sockets],samba_cv_unixsocket, [
-- 
cgit 


From d5da58df9c75214f2f8166baf0ec99360c69e63f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Mar 2003 09:36:41 +0000
Subject: A couple more fixes for fstrcpy() into a malloced region.  In this
 case it's all perfectly legit - the region is an fstring in length, but might
 not always be, and it is the last peice of code to fail my automated test.

Andrew Bartlett
(This used to be commit 762d61b37d053568b6346e249ba7ef594320153a)
---
 source3/nmbd/nmbd_become_lmb.c | 6 +++---
 source3/nmbd/nmbd_browsesync.c | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/source3/nmbd/nmbd_become_lmb.c b/source3/nmbd/nmbd_become_lmb.c
index bac5589566..829496c195 100644
--- a/source3/nmbd/nmbd_become_lmb.c
+++ b/source3/nmbd/nmbd_become_lmb.c
@@ -207,7 +207,7 @@ static void release_1d_name( struct subnet_record *subrec, char *workgroup_name,
   if((namerec = find_name_on_subnet( subrec, &nmbname, FIND_SELF_NAME))!=NULL)
   {
     struct userdata_struct *userdata;
-    int size = sizeof(struct userdata_struct) + sizeof(BOOL);
+    size_t size = sizeof(struct userdata_struct) + sizeof(BOOL);
 
     if((userdata = (struct userdata_struct *)malloc(size)) == NULL)
     {
@@ -518,7 +518,7 @@ workgroup %s on subnet %s. Couldn't register name %s.\n",
 void become_local_master_browser(struct subnet_record *subrec, struct work_record *work)
 {
   struct userdata_struct *userdata;
-  int size = sizeof(struct userdata_struct) + sizeof(fstring) + 1;
+  size_t size = sizeof(struct userdata_struct) + sizeof(fstring) + 1;
 
   /* Sanity check. */
   if (!lp_local_master())
@@ -563,7 +563,7 @@ in workgroup %s on subnet %s\n",
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  fstrcpy(userdata->data, work->work_group);
+  safe_strcpy(userdata->data, work->work_group, size - sizeof(*userdata) - 1);
 
   /* Register the special browser group name. */
   register_name(subrec, MSBROWSE, 0x01, samba_nb_type|NB_GROUP,
diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c
index f27f42297f..84c6f43f57 100644
--- a/source3/nmbd/nmbd_browsesync.c
+++ b/source3/nmbd/nmbd_browsesync.c
@@ -288,7 +288,7 @@ static void find_domain_master_name_query_success(struct subnet_record *subrec,
   struct work_record *work;
   struct nmb_name nmbname;
   struct userdata_struct *userdata;
-  int size = sizeof(struct userdata_struct) + sizeof(fstring)+1;
+  size_t size = sizeof(struct userdata_struct) + sizeof(fstring)+1;
 
   if( !(work = find_workgroup_on_subnet(subrec, q_name->name)) )
   {
@@ -333,7 +333,7 @@ static void find_domain_master_name_query_success(struct subnet_record *subrec,
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  fstrcpy(userdata->data, work->work_group);
+  safe_strcpy(userdata->data, work->work_group, size - sizeof(*userdata) - 1);
 
   node_status( subrec, &nmbname, answer_ip, 
                domain_master_node_status_success,
-- 
cgit 


From 487a0562859e393e12b91eed17ab893236764763 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 5 Mar 2003 09:40:08 +0000
Subject: Use new configure test to turn on this automated test for correct
 string function usage.

Andrew Bartlett
(This used to be commit cdc6139a9646b267a9921fc11fa532640a2e4c7f)
---
 source3/include/safe_string.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 431dc400aa..6c2bd82bb9 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -50,7 +50,7 @@
 
 char * __unsafe_string_function_usage_here__(void);
 
-#if 0 && defined __GNUC__ && __GNUC__ >= 2 && defined __OPTIMIZE__
+#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
 
 #define pstrcpy(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcpy((d), (s),sizeof(pstring)-1))
 #define pstrcat(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcat((d), (s),sizeof(pstring)-1))
-- 
cgit 


From 48e3bf2e9579abcf8dc07d7a33a1e44b4abc1a12 Mon Sep 17 00:00:00 2001
From: Richard Sharpe <sharpe@samba.org>
Date: Wed, 5 Mar 2003 23:29:36 +0000
Subject: Add code to allow us to specify the port to connect on when
 performing a test ... (This used to be commit
 1128a2fb4c16681e669efe605ff7d7161a2f7acd)

---
 source3/torture/torture.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index fe53baae7e..1744d3109c 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -26,6 +26,7 @@ static fstring host, workgroup, share, password, username, myname;
 static int max_protocol = PROTOCOL_NT1;
 static const char *sockops="TCP_NODELAY";
 static int nprocs=1;
+static int port_to_use=0;
 int torture_numops=100;
 static int procnum; /* records process count number when forking */
 static struct cli_state current_cli;
@@ -104,7 +105,14 @@ static BOOL open_nbt_connection(struct cli_state *c)
 
         zero_ip(&ip);
 
-	if (!cli_initialise(c) || !cli_connect(c, host, &ip)) {
+	if (!cli_initialise(c)) {
+		printf("Failed initialize cli_struct to connect with %s\n", host);
+		return False;
+	}
+
+	c->port = port_to_use;
+
+	if (!cli_connect(c, host, &ip)) {
 		printf("Failed to connect with %s\n", host);
 		return False;
 	}
@@ -4191,6 +4199,7 @@ static void usage(void)
 	printf("\t-L use oplocks\n");
 	printf("\t-c CLIENT.TXT   specify client load file for NBENCH\n");
 	printf("\t-A showall\n");
+	printf("\t-p port\n");
 	printf("\t-s seed\n");
 	printf("\n\n");
 
@@ -4205,10 +4214,6 @@ static void usage(void)
 	exit(1);
 }
 
-
-
-
-
 /****************************************************************************
   main program
 ****************************************************************************/
@@ -4264,8 +4269,11 @@ static void usage(void)
 
 	fstrcpy(workgroup, lp_workgroup());
 
-	while ((opt = getopt(argc, argv, "hW:U:n:N:O:o:m:Ld:Ac:ks:")) != EOF) {
+	while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Ac:ks:")) != EOF) {
 		switch (opt) {
+		case 'p':
+			port_to_use = atoi(optarg);
+			break;
 		case 's':
 			srandom(atoi(optarg));
 			break;
-- 
cgit 


From 6149dfd3e7b9848720d18ad2c095b1f5e58ffd86 Mon Sep 17 00:00:00 2001
From: Richard Sharpe <sharpe@samba.org>
Date: Wed, 5 Mar 2003 23:55:11 +0000
Subject: Add *SMBSERVER fallback code to smbtorture ... (This used to be
 commit 460339db2246b0213252ee34f507eb8e55ecbecb)

---
 source3/torture/torture.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 1744d3109c..2f779b9c89 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -124,9 +124,23 @@ static BOOL open_nbt_connection(struct cli_state *c)
 	if (use_level_II_oplocks) c->use_level_II_oplocks = True;
 
 	if (!cli_session_request(c, &calling, &called)) {
-		printf("%s rejected the session\n",host);
-		cli_shutdown(c);
-		return False;
+		/*
+		 * Well, that failed, try *SMBSERVER ... 
+		 * However, we must reconnect as well ...
+		 */
+		if (!cli_connect(c, host, &ip)) {
+			printf("Failed to connect with %s\n", host);
+			return False;
+		}
+
+		make_nmb_name(&called, "*SMBSERVER", 0x20);
+		if (!cli_session_request(c, &calling, &called)) {
+			printf("%s rejected the session\n",host);
+			printf("We tried with a called name of %s & %s\n",
+				host, "*SMBSERVER");
+			cli_shutdown(c);
+			return False;
+		}
 	}
 
 	return True;
-- 
cgit 


From 7a3cc345e0508848b0e2bd492789973bcf2d5841 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Thu, 6 Mar 2003 07:36:08 +0000
Subject: FIXME about crash on failure case. (This used to be commit
 a387c4209735f8e4c826cad7cb10c5349b2041ec)

---
 source3/torture/torture.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 2f779b9c89..60d7c2ba74 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -2922,12 +2922,15 @@ static BOOL run_deletetest(int dummy)
 	printf("finished delete test\n");
 
   fail:
-	
+	/* FIXME: This will crash if we aborted before cli2 got
+	 * intialized, because these functions don't handle
+	 * uninitialized connections. */
+		
 	cli_close(&cli1, fnum1);
 	cli_close(&cli1, fnum2);
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-	
+
 	if (!torture_close_connection(&cli1)) {
 		correct = False;
 	}
-- 
cgit 


From 192148bab352697e625e78e7f2444e00453f35ff Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 6 Mar 2003 07:55:48 +0000
Subject: More safe_strcpy() off-by-one bug fixes. (mostly moves to
 pstrcpy()/fstrcpy())

Andrew Bartlett
(This used to be commit 42b5514404bc7e33306c11344c6c934a1f83d295)
---
 source3/client/client.c |  6 +++---
 source3/client/clitar.c | 48 ++++++++++++++++++++++++------------------------
 source3/utils/net.c     |  2 +-
 source3/utils/net_rap.c |  4 ++--
 4 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/source3/client/client.c b/source3/client/client.c
index 5da12fd984..065cd2fcc9 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -2346,7 +2346,7 @@ static struct cli_state *do_connect(const char *server, const char *share)
 	char *sharename;
 	
 	/* make a copy so we don't modify the global string 'service' */
-	safe_strcpy(servicename, share, sizeof(servicename)-1);
+	fstrcpy(servicename, share);
 	sharename = servicename;
 	if (*sharename == '\\') {
 		server = sharename+2;
@@ -2621,9 +2621,9 @@ static int do_message_op(void)
 	make_nmb_name(&calling, global_myname(), 0x0);
 	make_nmb_name(&called , desthost, name_type);
 
-	safe_strcpy(server_name, desthost, sizeof(server_name));
+	fstrcpy(server_name, desthost);
 	snprintf(name_type_hex, sizeof(name_type_hex), "#%X", name_type);
-	safe_strcat(server_name, name_type_hex, sizeof(server_name));
+	fstrcat(server_name, name_type_hex);
 
         zero_ip(&ip);
 	if (have_ip) ip = dest_ip;
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index 74d901a2ca..dfda997ca2 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -202,7 +202,7 @@ static void writetarheader(int f, const char *aname, SMB_BIG_UINT size, time_t m
   /* write out a "standard" tar format header */
 
   hb.dbuf.name[NAMSIZ-1]='\0';
-  safe_strcpy(hb.dbuf.mode, amode, strlen(amode));
+  safe_strcpy(hb.dbuf.mode, amode, sizeof(hb.dbuf.mode)-1);
   oct_it((SMB_BIG_UINT)0, 8, hb.dbuf.uid);
   oct_it((SMB_BIG_UINT)0, 8, hb.dbuf.gid);
   oct_it((SMB_BIG_UINT) size, 13, hb.dbuf.size);
@@ -796,11 +796,11 @@ static void do_tar(file_info *finfo)
 
     DEBUG(5, ("Excl: strlen(cur_dir) = %d\n", (int)strlen(cur_dir)));
 
-    safe_strcpy(exclaim, cur_dir, sizeof(pstring));
+    pstrcpy(exclaim, cur_dir);
     *(exclaim+strlen(exclaim)-1)='\0';
 
-    safe_strcat(exclaim, "\\", sizeof(pstring));
-    safe_strcat(exclaim, finfo->name, sizeof(exclaim));
+    pstrcat(exclaim, "\\");
+    pstrcat(exclaim, finfo->name);
 
     DEBUG(5, ("...tar_re_search: %d\n", tar_re_search));
 
@@ -820,12 +820,12 @@ static void do_tar(file_info *finfo)
       pstring saved_curdir;
       pstring mtar_mask;
 
-      safe_strcpy(saved_curdir, cur_dir, sizeof(saved_curdir));
+      pstrcpy(saved_curdir, cur_dir);
 
       DEBUG(5, ("Sizeof(cur_dir)=%d, strlen(cur_dir)=%d, strlen(finfo->name)=%d\nname=%s,cur_dir=%s\n", (int)sizeof(cur_dir), (int)strlen(cur_dir), (int)strlen(finfo->name), finfo->name, cur_dir));
 
-      safe_strcat(cur_dir,finfo->name, sizeof(cur_dir));
-      safe_strcat(cur_dir,"\\", sizeof(cur_dir));
+      pstrcat(cur_dir,finfo->name);
+      pstrcat(cur_dir,"\\");
 
       DEBUG(5, ("Writing a dir, Name = %s\n", cur_dir));
 
@@ -836,16 +836,16 @@ static void do_tar(file_info *finfo)
           DEBUG(0,("                directory %s\n", cur_dir));
       }
       ntarf++;  /* Make sure we have a file on there */
-      safe_strcpy(mtar_mask,cur_dir, sizeof(pstring));
-      safe_strcat(mtar_mask,"*", sizeof(pstring));
+      pstrcpy(mtar_mask,cur_dir);
+      pstrcat(mtar_mask,"*");
       DEBUG(5, ("Doing list with mtar_mask: %s\n", mtar_mask));
       do_list(mtar_mask, attribute, do_tar, False, True);
-      safe_strcpy(cur_dir,saved_curdir, sizeof(pstring));
+      pstrcpy(cur_dir,saved_curdir);
     }
   else
     {
-      safe_strcpy(rname,cur_dir, sizeof(pstring));
-      safe_strcat(rname,finfo->name, sizeof(pstring));
+      pstrcpy(rname,cur_dir);
+      pstrcat(rname,finfo->name);
       do_atar(rname,finfo->name,finfo);
     }
 }
@@ -1362,8 +1362,8 @@ int cmd_setmode(void)
       return 1;
     }
 
-  safe_strcpy(fname, cur_dir, sizeof(pstring));
-  safe_strcat(fname, buf, sizeof(pstring));
+  pstrcpy(fname, cur_dir);
+  pstrcat(fname, buf);
 
   while (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
     q=buf;
@@ -1459,32 +1459,32 @@ int process_tar(void)
 	if (strrchr_m(cliplist[i], '\\')) {
 	  pstring saved_dir;
 	  
-	  safe_strcpy(saved_dir, cur_dir, sizeof(pstring));
+	  pstrcpy(saved_dir, cur_dir);
 	  
 	  if (*cliplist[i]=='\\') {
-	    safe_strcpy(tarmac, cliplist[i], sizeof(pstring));
+	    pstrcpy(tarmac, cliplist[i]);
 	  } else {
-	    safe_strcpy(tarmac, cur_dir, sizeof(pstring));
-	    safe_strcat(tarmac, cliplist[i], sizeof(pstring));
+	    pstrcpy(tarmac, cur_dir);
+	    pstrcat(tarmac, cliplist[i]);
 	  }
-	  safe_strcpy(cur_dir, tarmac, sizeof(pstring));
+	  pstrcpy(cur_dir, tarmac);
 	  *(strrchr_m(cur_dir, '\\')+1)='\0';
 
 	  DEBUG(5, ("process_tar, do_list with tarmac: %s\n", tarmac));
 	  do_list(tarmac,attribute,do_tar, False, True);
-	  safe_strcpy(cur_dir,saved_dir, sizeof(pstring));
+	  pstrcpy(cur_dir,saved_dir);
 	} else {
-	  safe_strcpy(tarmac, cur_dir, sizeof(pstring));
-	  safe_strcat(tarmac, cliplist[i], sizeof(pstring));
+	  pstrcpy(tarmac, cur_dir);
+	  pstrcat(tarmac, cliplist[i]);
 	  DEBUG(5, ("process_tar, do_list with tarmac: %s\n", tarmac));
 	  do_list(tarmac,attribute,do_tar, False, True);
 	}
       }
     } else {
       pstring mask;
-      safe_strcpy(mask,cur_dir, sizeof(pstring));
+      pstrcpy(mask,cur_dir);
       DEBUG(5, ("process_tar, do_list with mask: %s\n", mask));
-      safe_strcat(mask,"\\*", sizeof(pstring));
+      pstrcat(mask,"\\*");
       do_list(mask,attribute,do_tar,False, True);
     }
     
diff --git a/source3/utils/net.c b/source3/utils/net.c
index c1285bc64b..f6b3c5c84c 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -241,7 +241,7 @@ BOOL net_find_dc(struct in_addr *server_ip, fstring server_name, const char *dom
 		if (!lookup_dc_name(global_myname(), domain_name, server_ip, dc_name))
 			return False;
 			
-		safe_strcpy(server_name, dc_name, FSTRING_LEN);
+		fstrcpy(server_name, dc_name);
 		return True;
 	} else
 		return False;
diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c
index 8f3dd53fa6..f52eabf494 100644
--- a/source3/utils/net_rap.c
+++ b/source3/utils/net_rap.c
@@ -638,7 +638,7 @@ static int rap_user_add(int argc, const char **argv)
 	if (!(cli = net_make_ipc_connection(0)))
                 return -1;
 			
-	safe_strcpy(userinfo.user_name, argv[0], sizeof(userinfo.user_name));
+	safe_strcpy(userinfo.user_name, argv[0], sizeof(userinfo.user_name)-1);
 	if (opt_flags == -1) 
                 opt_flags = 0x21; 
 			
@@ -755,7 +755,7 @@ static int rap_group_add(int argc, const char **argv)
                 return -1;
 			
 	/* BB check for length 21 or smaller explicitly ? BB */
-	safe_strcpy(grinfo.group_name, argv[0], sizeof(grinfo.group_name));
+	safe_strcpy(grinfo.group_name, argv[0], sizeof(grinfo.group_name)-1);
 	grinfo.reserved1 = '\0';
 	grinfo.comment = smb_xstrdup(opt_comment);
 	
-- 
cgit 


From 6684c85714f3c30ba7cb56d71c2eddf5090c00af Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 6 Mar 2003 08:24:39 +0000
Subject: more off-by-one safe_strcpy() (This used to be commit
 d8d2d5e75503ae2b6532a25e4c9bbcdf20cc60af)

---
 source3/smbd/negprot.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index c8f023514e..db0694a840 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -167,7 +167,7 @@ static int reply_lanman2(char *inbuf, char *outbuf)
 static int negprot_spnego(char *p)
 {
 	DATA_BLOB blob;
-	uint8 guid[16];
+	uint8 guid[17];
 	const char *OIDs_krb5[] = {OID_KERBEROS5,
 				   OID_KERBEROS5_OLD,
 				   OID_NTLMSSP,
@@ -178,8 +178,8 @@ static int negprot_spnego(char *p)
 
 	global_spnego_negotiated = True;
 
-	memset(guid, 0, 16);
-	safe_strcpy((char *)guid, global_myname(), 16);
+	ZERO_STRUCT(guid);
+	safe_strcpy((char *)guid, global_myname(), sizeof(guid)-1);
 	strlower((char *)guid);
 
 #if 0
-- 
cgit 


From ca0d82b11c0b17e793801ccc5acdc8624c7f3f19 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 6 Mar 2003 10:37:51 +0000
Subject: Make smbtorture use the same cli_full_connection() framework as the
 rest of Samba.  This fixes things like not doing *SMBSERVER etc.

Andrew Bartlett
(This used to be commit 8863ff863c1da42aa6b8718f315c608d9d9067c6)
---
 source3/torture/denytest.c    |   54 +-
 source3/torture/mangle_test.c |   16 +-
 source3/torture/torture.c     | 1599 ++++++++++++++++++++---------------------
 source3/torture/utable.c      |   38 +-
 4 files changed, 842 insertions(+), 865 deletions(-)

diff --git a/source3/torture/denytest.c b/source3/torture/denytest.c
index 017bb1c06d..3a7906fb33 100644
--- a/source3/torture/denytest.c
+++ b/source3/torture/denytest.c
@@ -1408,7 +1408,7 @@ static void progress_bar(unsigned i, unsigned total)
  */
 BOOL torture_denytest1(int dummy)
 {
-	static struct cli_state cli1;
+	struct cli_state *cli1;
 	int fnum1, fnum2;
 	int i;
 	BOOL correct = True;
@@ -1421,10 +1421,10 @@ BOOL torture_denytest1(int dummy)
 	printf("starting denytest1\n");
 
 	for (i=0;i<2;i++) {
-		cli_unlink(&cli1, fnames[i]);
-		fnum1 = cli_open(&cli1, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
-		cli_write(&cli1, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
-		cli_close(&cli1, fnum1);
+		cli_unlink(cli1, fnames[i]);
+		fnum1 = cli_open(cli1, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
+		cli_write(cli1, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
+		cli_close(cli1, fnum1);
 	}
 
 	printf("testing %d entries\n", ARRAY_SIZE(denytable1));
@@ -1435,10 +1435,10 @@ BOOL torture_denytest1(int dummy)
 
 		progress_bar(i, ARRAY_SIZE(denytable1));
 
-		fnum1 = cli_open(&cli1, fname, 
+		fnum1 = cli_open(cli1, fname, 
 				 denytable1[i].mode1,
 				 denytable1[i].deny1);
-		fnum2 = cli_open(&cli1, fname, 
+		fnum2 = cli_open(cli1, fname, 
 				 denytable1[i].mode2,
 				 denytable1[i].deny2);
 
@@ -1449,10 +1449,10 @@ BOOL torture_denytest1(int dummy)
 		} else {
 			char x = 1;
 			res = A_0;
-			if (cli_read(&cli1, fnum2, (void *)&x, 0, 1) == 1) {
+			if (cli_read(cli1, fnum2, (void *)&x, 0, 1) == 1) {
 				res += A_R;
 			}
-			if (cli_write(&cli1, fnum2, 0, (void *)&x, 0, 1) == 1) {
+			if (cli_write(cli1, fnum2, 0, (void *)&x, 0, 1) == 1) {
 				res += A_W;
 			}
 		}
@@ -1472,15 +1472,15 @@ BOOL torture_denytest1(int dummy)
 			       resultstr(denytable1[i].result));
 		}
 
-		cli_close(&cli1, fnum1);
-		cli_close(&cli1, fnum2);
+		cli_close(cli1, fnum1);
+		cli_close(cli1, fnum2);
 	}
 
 	for (i=0;i<2;i++) {
-		cli_unlink(&cli1, fnames[i]);
+		cli_unlink(cli1, fnames[i]);
 	}
 		
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 	
@@ -1494,7 +1494,7 @@ BOOL torture_denytest1(int dummy)
  */
 BOOL torture_denytest2(int dummy)
 {
-	static struct cli_state cli1, cli2;
+	static struct cli_state *cli1, *cli2;
 	int fnum1, fnum2;
 	int i;
 	BOOL correct = True;
@@ -1507,10 +1507,10 @@ BOOL torture_denytest2(int dummy)
 	printf("starting denytest2\n");
 
 	for (i=0;i<2;i++) {
-		cli_unlink(&cli1, fnames[i]);
-		fnum1 = cli_open(&cli1, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
-		cli_write(&cli1, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
-		cli_close(&cli1, fnum1);
+		cli_unlink(cli1, fnames[i]);
+		fnum1 = cli_open(cli1, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
+		cli_write(cli1, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
+		cli_close(cli1, fnum1);
 	}
 
 	for (i=0; i<ARRAY_SIZE(denytable2); i++) {
@@ -1519,10 +1519,10 @@ BOOL torture_denytest2(int dummy)
 
 		progress_bar(i, ARRAY_SIZE(denytable1));
 
-		fnum1 = cli_open(&cli1, fname, 
+		fnum1 = cli_open(cli1, fname, 
 				 denytable2[i].mode1,
 				 denytable2[i].deny1);
-		fnum2 = cli_open(&cli2, fname, 
+		fnum2 = cli_open(cli2, fname, 
 				 denytable2[i].mode2,
 				 denytable2[i].deny2);
 
@@ -1533,10 +1533,10 @@ BOOL torture_denytest2(int dummy)
 		} else {
 			char x = 1;
 			res = A_0;
-			if (cli_read(&cli2, fnum2, (void *)&x, 0, 1) == 1) {
+			if (cli_read(cli2, fnum2, (void *)&x, 0, 1) == 1) {
 				res += A_R;
 			}
-			if (cli_write(&cli2, fnum2, 0, (void *)&x, 0, 1) == 1) {
+			if (cli_write(cli2, fnum2, 0, (void *)&x, 0, 1) == 1) {
 				res += A_W;
 			}
 		}
@@ -1556,18 +1556,18 @@ BOOL torture_denytest2(int dummy)
 			       resultstr(denytable2[i].result));
 		}
 
-		cli_close(&cli1, fnum1);
-		cli_close(&cli2, fnum2);
+		cli_close(cli1, fnum1);
+		cli_close(cli2, fnum2);
 	}
 		
 	for (i=0;i<2;i++) {
-		cli_unlink(&cli1, fnames[i]);
+		cli_unlink(cli1, fnames[i]);
 	}
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
-	if (!torture_close_connection(&cli2)) {
+	if (!torture_close_connection(cli2)) {
 		correct = False;
 	}
 	
diff --git a/source3/torture/mangle_test.c b/source3/torture/mangle_test.c
index 6d127a918e..86030027ba 100644
--- a/source3/torture/mangle_test.c
+++ b/source3/torture/mangle_test.c
@@ -151,7 +151,7 @@ static void gen_name(char *name)
 BOOL torture_mangle(int dummy)
 {
 	extern int torture_numops;
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	int i;
 
 	printf("starting mangle test\n");
@@ -167,10 +167,10 @@ BOOL torture_mangle(int dummy)
 		return False;
 	}
 
-	cli_unlink(&cli, "\\mangle_test\\*");
-	cli_rmdir(&cli, "\\mangle_test");
+	cli_unlink(cli, "\\mangle_test\\*");
+	cli_rmdir(cli, "\\mangle_test");
 
-	if (!cli_mkdir(&cli, "\\mangle_test")) {
+	if (!cli_mkdir(cli, "\\mangle_test")) {
 		printf("ERROR: Failed to make directory\n");
 		return False;
 	}
@@ -180,7 +180,7 @@ BOOL torture_mangle(int dummy)
 
 		gen_name(name);
 
-		if (!test_one(&cli, name)) {
+		if (!test_one(cli, name)) {
 			break;
 		}
 		if (total && total % 100 == 0) {
@@ -189,8 +189,8 @@ BOOL torture_mangle(int dummy)
 		}
 	}
 
-	cli_unlink(&cli, "\\mangle_test\\*");
-	if (!cli_rmdir(&cli, "\\mangle_test")) {
+	cli_unlink(cli, "\\mangle_test\\*");
+	if (!cli_rmdir(cli, "\\mangle_test")) {
 		printf("ERROR: Failed to remove directory\n");
 		return False;
 	}
@@ -198,7 +198,7 @@ BOOL torture_mangle(int dummy)
 	printf("\nTotal collisions %u/%u  - %.2f%%   (%u failures)\n",
 	       collisions, total, (100.0*collisions) / total, failures);
 
-	torture_close_connection(&cli);
+	torture_close_connection(cli);
 
 	printf("mangle test finished\n");
 	return (failures == 0);
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 60d7c2ba74..ca4dbed1d8 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -29,7 +29,7 @@ static int nprocs=1;
 static int port_to_use=0;
 int torture_numops=100;
 static int procnum; /* records process count number when forking */
-static struct cli_state current_cli;
+static struct cli_state *current_cli;
 static fstring randomfname;
 static BOOL use_oplocks;
 static BOOL use_level_II_oplocks;
@@ -146,37 +146,19 @@ static BOOL open_nbt_connection(struct cli_state *c)
 	return True;
 }
 
-BOOL torture_open_connection(struct cli_state *c)
+BOOL torture_open_connection(struct cli_state **c)
 {
-	ZERO_STRUCTP(c);
-
-	if (!open_nbt_connection(c)) {
-		return False;
-	}
-
-	if (!cli_negprot(c)) {
-		printf("%s rejected the negprot (%s)\n",host, cli_errstr(c));
-		cli_shutdown(c);
-		return False;
-	}
-
-	if (!cli_session_setup(c, username, 
-			       password, strlen(password),
-			       password, strlen(password),
-			       workgroup)) {
-		printf("%s rejected the sessionsetup (%s)\n", host, cli_errstr(c));
-		cli_shutdown(c);
-		return False;
-	}
-
-	if (!cli_send_tconX(c, share, "?????",
-			    password, strlen(password)+1)) {
-		printf("%s refused tree connect (%s)\n", host, cli_errstr(c));
-		cli_shutdown(c);
-		return False;
-	}
-
-	return True;
+	BOOL retry;
+	int flags = 0;
+	if (use_kerberos)
+		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+	
+	return (NT_STATUS_IS_OK(
+			cli_full_connection(c, myname,
+					    host, NULL, port_to_use, 
+					    share, "?????", 
+					    username, workgroup, 
+					    password, flags, &retry)));
 }
 
 
@@ -332,16 +314,16 @@ static BOOL rw_torture(struct cli_state *c)
 
 static BOOL run_torture(int dummy)
 {
-	struct cli_state cli;
+	struct cli_state *cli;
         BOOL ret;
 
 	cli = current_cli;
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
-	ret = rw_torture(&cli);
+	ret = rw_torture(cli);
 	
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		ret = False;
 	}
 
@@ -351,7 +333,7 @@ static BOOL run_torture(int dummy)
 static BOOL rw_torture3(struct cli_state *c, char *lockfname)
 {
 	int fnum = -1;
-	int i = 0;
+	unsigned int i = 0;
 	char buf[131072];
 	char buf_rd[131072];
 	unsigned count;
@@ -525,28 +507,28 @@ static BOOL rw_torture2(struct cli_state *c1, struct cli_state *c2)
 
 static BOOL run_readwritetest(int dummy)
 {
-	static struct cli_state cli1, cli2;
+	static struct cli_state *cli1, *cli2;
 	BOOL test1, test2;
 
 	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
 		return False;
 	}
-	cli_sockopt(&cli1, sockops);
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli1, sockops);
+	cli_sockopt(cli2, sockops);
 
 	printf("starting readwritetest\n");
 
-	test1 = rw_torture2(&cli1, &cli2);
+	test1 = rw_torture2(cli1, cli2);
 	printf("Passed readwritetest v1: %s\n", BOOLSTR(test1));
 
-	test2 = rw_torture2(&cli1, &cli1);
+	test2 = rw_torture2(cli1, cli1);
 	printf("Passed readwritetest v2: %s\n", BOOLSTR(test2));
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		test1 = False;
 	}
 
-	if (!torture_close_connection(&cli2)) {
+	if (!torture_close_connection(cli2)) {
 		test2 = False;
 	}
 
@@ -555,7 +537,7 @@ static BOOL run_readwritetest(int dummy)
 
 static BOOL run_readwritemulti(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	BOOL test;
 
 	cli = current_cli;
@@ -574,7 +556,7 @@ static BOOL run_readwritemulti(int dummy)
 
 static BOOL run_readwritelarge(int dummy)
 {
-	static struct cli_state cli1;
+	static struct cli_state *cli1;
 	int fnum1;
 	const char *lockfname = "\\large.dat";
 	size_t fsize;
@@ -584,25 +566,25 @@ static BOOL run_readwritelarge(int dummy)
 	if (!torture_open_connection(&cli1)) {
 		return False;
 	}
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 	memset(buf,'\0',sizeof(buf));
 	
-	cli1.max_xmit = 128*1024;
+	cli1->max_xmit = 128*1024;
 	
 	printf("starting readwritelarge\n");
  
-	cli_unlink(&cli1, lockfname);
+	cli_unlink(cli1, lockfname);
 
-	fnum1 = cli_open(&cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(&cli1));
+		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(cli1));
 		return False;
 	}
    
-	cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf));
+	cli_write(cli1, fnum1, 0, buf, 0, sizeof(buf));
 
-	if (!cli_qfileinfo(&cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
-		printf("qfileinfo failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_qfileinfo(cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
+		printf("qfileinfo failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
@@ -613,28 +595,28 @@ static BOOL run_readwritelarge(int dummy)
 		correct = False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
-	if (!cli_unlink(&cli1, lockfname)) {
-		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_unlink(cli1, lockfname)) {
+		printf("unlink failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
-	fnum1 = cli_open(&cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(&cli1));
+		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(cli1));
 		return False;
 	}
 	
-	cli1.max_xmit = 4*1024;
+	cli1->max_xmit = 4*1024;
 	
-	cli_smbwrite(&cli1, fnum1, buf, 0, sizeof(buf));
+	cli_smbwrite(cli1, fnum1, buf, 0, sizeof(buf));
 	
-	if (!cli_qfileinfo(&cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
-		printf("qfileinfo failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_qfileinfo(cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
+		printf("qfileinfo failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
@@ -647,28 +629,28 @@ static BOOL run_readwritelarge(int dummy)
 
 #if 0
 	/* ToDo - set allocation. JRA */
-	if(!cli_set_allocation_size(&cli1, fnum1, 0)) {
+	if(!cli_set_allocation_size(cli1, fnum1, 0)) {
 		printf("set allocation size to zero failed (%s)\n", cli_errstr(&cli1));
 		return False;
 	}
-	if (!cli_qfileinfo(&cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
-		printf("qfileinfo failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_qfileinfo(cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
+		printf("qfileinfo failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 	if (fsize != 0)
 		printf("readwritelarge test 3 (truncate test) succeeded (size = %x)\n", fsize);
 #endif
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 	
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 	return correct;
-	}
+}
 
 int line_count = 0;
 int nbio_id;
@@ -678,7 +660,7 @@ int nbio_id;
 /* run a test that simulates an approximate netbench client load */
 static BOOL run_netbench(int client)
 {
-	struct cli_state cli;
+	struct cli_state *cli;
 	int i;
 	fstring fname;
 	pstring line;
@@ -691,9 +673,9 @@ static BOOL run_netbench(int client)
 
 	nbio_id = client;
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
-	nb_setup(&cli);
+	nb_setup(cli);
 
 	slprintf(cname,sizeof(fname), "client%d", client);
 
@@ -765,7 +747,7 @@ static BOOL run_netbench(int client)
 
 	nb_cleanup();
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 	
@@ -803,7 +785,7 @@ static BOOL run_nbench(int dummy)
  */
 static BOOL run_locktest1(int dummy)
 {
-	static struct cli_state cli1, cli2;
+	struct cli_state *cli1, *cli2;
 	const char *fname = "\\lockt1.lck";
 	int fnum1, fnum2, fnum3;
 	time_t t1, t2;
@@ -812,40 +794,40 @@ static BOOL run_locktest1(int dummy)
 	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
 		return False;
 	}
-	cli_sockopt(&cli1, sockops);
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli1, sockops);
+	cli_sockopt(cli2, sockops);
 
 	printf("starting locktest1\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
-	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	fnum2 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
 	if (fnum2 == -1) {
-		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open2 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
-	fnum3 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+	fnum3 = cli_open(cli2, fname, O_RDWR, DENY_NONE);
 	if (fnum3 == -1) {
-		printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("open3 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
-		printf("lock1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_lock(cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock1 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
 
-	if (cli_lock(&cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
+	if (cli_lock(cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock2 succeeded! This is a locking bug\n");
 		return False;
 	} else {
-		if (!check_error(__LINE__, &cli2, ERRDOS, ERRlock, 
+		if (!check_error(__LINE__, cli2, ERRDOS, ERRlock, 
 				 NT_STATUS_LOCK_NOT_GRANTED)) return False;
 	}
 
@@ -853,11 +835,11 @@ static BOOL run_locktest1(int dummy)
 	lock_timeout = (1 + (random() % 20));
 	printf("Testing lock timeout with timeout=%u\n", lock_timeout);
 	t1 = time(NULL);
-	if (cli_lock(&cli2, fnum3, 0, 4, lock_timeout * 1000, WRITE_LOCK)) {
+	if (cli_lock(cli2, fnum3, 0, 4, lock_timeout * 1000, WRITE_LOCK)) {
 		printf("lock3 succeeded! This is a locking bug\n");
 		return False;
 	} else {
-		if (!check_error(__LINE__, &cli2, ERRDOS, ERRlock, 
+		if (!check_error(__LINE__, cli2, ERRDOS, ERRlock, 
 				 NT_STATUS_FILE_LOCK_CONFLICT)) return False;
 	}
 	t2 = time(NULL);
@@ -868,40 +850,40 @@ static BOOL run_locktest1(int dummy)
 	printf("server slept for %u seconds for a %u second timeout\n",
 	       (unsigned int)(t2-t1), lock_timeout);
 
-	if (!cli_close(&cli1, fnum2)) {
-		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum2)) {
+		printf("close1 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (cli_lock(&cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
+	if (cli_lock(cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock4 succeeded! This is a locking bug\n");
 		return False;
 	} else {
-		if (!check_error(__LINE__, &cli2, ERRDOS, ERRlock, 
+		if (!check_error(__LINE__, cli2, ERRDOS, ERRlock, 
 				 NT_STATUS_FILE_LOCK_CONFLICT)) return False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_close(&cli2, fnum3)) {
-		printf("close3 failed (%s)\n", cli_errstr(&cli2));
+	if (!cli_close(cli2, fnum3)) {
+		printf("close3 failed (%s)\n", cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_unlink(&cli1, fname)) {
-		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_unlink(cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		return False;
 	}
 
-	if (!torture_close_connection(&cli2)) {
+	if (!torture_close_connection(cli2)) {
 		return False;
 	}
 
@@ -914,7 +896,7 @@ static BOOL run_locktest1(int dummy)
  */
 static BOOL run_tcon_test(int dummy)
 {
-	static struct cli_state cli1;
+	static struct cli_state *cli1;
 	const char *fname = "\\tcontest.tmp";
 	int fnum1;
 	uint16 cnum;
@@ -923,59 +905,59 @@ static BOOL run_tcon_test(int dummy)
 	if (!torture_open_connection(&cli1)) {
 		return False;
 	}
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 
 	printf("starting tcontest\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1)
 	{
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	cnum = cli1.cnum;
+	cnum = cli1->cnum;
 
-	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4)
+	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4)
 	{
-		printf("write failed (%s)", cli_errstr(&cli1));
+		printf("write failed (%s)", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_send_tconX(&cli1, share, "?????",
+	if (!cli_send_tconX(cli1, share, "?????",
 			    password, strlen(password)+1)) {
 		printf("%s refused 2nd tree connect (%s)\n", host,
-		           cli_errstr(&cli1));
-		cli_shutdown(&cli1);
+		           cli_errstr(cli1));
+		cli_shutdown(cli1);
 		return False;
 	}
 
-	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) == 4)
+	if (cli_write(cli1, fnum1, 0, buf, 130, 4) == 4)
 	{
-		printf("write succeeded (%s)", cli_errstr(&cli1));
+		printf("write succeeded (%s)", cli_errstr(cli1));
 		return False;
 	}
 
-	if (cli_close(&cli1, fnum1)) {
-		printf("close2 succeeded (%s)\n", cli_errstr(&cli1));
+	if (cli_close(cli1, fnum1)) {
+		printf("close2 succeeded (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_tdis(&cli1)) {
-		printf("tdis failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_tdis(cli1)) {
+		printf("tdis failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	cli1.cnum = cnum;
+	cli1->cnum = cnum;
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		return False;
 	}
 
@@ -997,7 +979,7 @@ static BOOL run_tcon_test(int dummy)
 */
 static BOOL run_locktest2(int dummy)
 {
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	const char *fname = "\\lockt2.lck";
 	int fnum1, fnum2, fnum3;
 	BOOL correct = True;
@@ -1006,117 +988,117 @@ static BOOL run_locktest2(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
 	printf("starting locktest2\n");
 
-	cli_unlink(&cli, fname);
+	cli_unlink(cli, fname);
 
-	cli_setpid(&cli, 1);
+	cli_setpid(cli, 1);
 
-	fnum1 = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli));
 		return False;
 	}
 
-	fnum2 = cli_open(&cli, fname, O_RDWR, DENY_NONE);
+	fnum2 = cli_open(cli, fname, O_RDWR, DENY_NONE);
 	if (fnum2 == -1) {
-		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli));
+		printf("open2 of %s failed (%s)\n", fname, cli_errstr(cli));
 		return False;
 	}
 
-	cli_setpid(&cli, 2);
+	cli_setpid(cli, 2);
 
-	fnum3 = cli_open(&cli, fname, O_RDWR, DENY_NONE);
+	fnum3 = cli_open(cli, fname, O_RDWR, DENY_NONE);
 	if (fnum3 == -1) {
-		printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli));
+		printf("open3 of %s failed (%s)\n", fname, cli_errstr(cli));
 		return False;
 	}
 
-	cli_setpid(&cli, 1);
+	cli_setpid(cli, 1);
 
-	if (!cli_lock(&cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
-		printf("lock1 failed (%s)\n", cli_errstr(&cli));
+	if (!cli_lock(cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock1 failed (%s)\n", cli_errstr(cli));
 		return False;
 	}
 
-	if (cli_lock(&cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
+	if (cli_lock(cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
 		printf("WRITE lock1 succeeded! This is a locking bug\n");
 		correct = False;
 	} else {
-		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, 
+		if (!check_error(__LINE__, cli, ERRDOS, ERRlock, 
 				 NT_STATUS_LOCK_NOT_GRANTED)) return False;
 	}
 
-	if (cli_lock(&cli, fnum2, 0, 4, 0, WRITE_LOCK)) {
+	if (cli_lock(cli, fnum2, 0, 4, 0, WRITE_LOCK)) {
 		printf("WRITE lock2 succeeded! This is a locking bug\n");
 		correct = False;
 	} else {
-		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, 
+		if (!check_error(__LINE__, cli, ERRDOS, ERRlock, 
 				 NT_STATUS_LOCK_NOT_GRANTED)) return False;
 	}
 
-	if (cli_lock(&cli, fnum2, 0, 4, 0, READ_LOCK)) {
+	if (cli_lock(cli, fnum2, 0, 4, 0, READ_LOCK)) {
 		printf("READ lock2 succeeded! This is a locking bug\n");
 		correct = False;
 	} else {
-		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, 
+		if (!check_error(__LINE__, cli, ERRDOS, ERRlock, 
 				 NT_STATUS_FILE_LOCK_CONFLICT)) return False;
 	}
 
-	if (!cli_lock(&cli, fnum1, 100, 4, 0, WRITE_LOCK)) {
-		printf("lock at 100 failed (%s)\n", cli_errstr(&cli));
+	if (!cli_lock(cli, fnum1, 100, 4, 0, WRITE_LOCK)) {
+		printf("lock at 100 failed (%s)\n", cli_errstr(cli));
 	}
-	cli_setpid(&cli, 2);
-	if (cli_unlock(&cli, fnum1, 100, 4)) {
+	cli_setpid(cli, 2);
+	if (cli_unlock(cli, fnum1, 100, 4)) {
 		printf("unlock at 100 succeeded! This is a locking bug\n");
 		correct = False;
 	}
 
-	if (cli_unlock(&cli, fnum1, 0, 4)) {
+	if (cli_unlock(cli, fnum1, 0, 4)) {
 		printf("unlock1 succeeded! This is a locking bug\n");
 		correct = False;
 	} else {
-		if (!check_error(__LINE__, &cli, 
+		if (!check_error(__LINE__, cli, 
 				 ERRDOS, ERRlock, 
 				 NT_STATUS_RANGE_NOT_LOCKED)) return False;
 	}
 
-	if (cli_unlock(&cli, fnum1, 0, 8)) {
+	if (cli_unlock(cli, fnum1, 0, 8)) {
 		printf("unlock2 succeeded! This is a locking bug\n");
 		correct = False;
 	} else {
-		if (!check_error(__LINE__, &cli, 
+		if (!check_error(__LINE__, cli, 
 				 ERRDOS, ERRlock, 
 				 NT_STATUS_RANGE_NOT_LOCKED)) return False;
 	}
 
-	if (cli_lock(&cli, fnum3, 0, 4, 0, WRITE_LOCK)) {
+	if (cli_lock(cli, fnum3, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock3 succeeded! This is a locking bug\n");
 		correct = False;
 	} else {
-		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, NT_STATUS_LOCK_NOT_GRANTED)) return False;
+		if (!check_error(__LINE__, cli, ERRDOS, ERRlock, NT_STATUS_LOCK_NOT_GRANTED)) return False;
 	}
 
-	cli_setpid(&cli, 1);
+	cli_setpid(cli, 1);
 
-	if (!cli_close(&cli, fnum1)) {
-		printf("close1 failed (%s)\n", cli_errstr(&cli));
+	if (!cli_close(cli, fnum1)) {
+		printf("close1 failed (%s)\n", cli_errstr(cli));
 		return False;
 	}
 
-	if (!cli_close(&cli, fnum2)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli));
+	if (!cli_close(cli, fnum2)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli));
 		return False;
 	}
 
-	if (!cli_close(&cli, fnum3)) {
-		printf("close3 failed (%s)\n", cli_errstr(&cli));
+	if (!cli_close(cli, fnum3)) {
+		printf("close3 failed (%s)\n", cli_errstr(cli));
 		return False;
 	}
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -1133,7 +1115,7 @@ static BOOL run_locktest2(int dummy)
 */
 static BOOL run_locktest3(int dummy)
 {
-	static struct cli_state cli1, cli2;
+	static struct cli_state *cli1, *cli2;
 	const char *fname = "\\lockt3.lck";
 	int fnum1, fnum2, i;
 	uint32 offset;
@@ -1144,37 +1126,37 @@ static BOOL run_locktest3(int dummy)
 	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
 		return False;
 	}
-	cli_sockopt(&cli1, sockops);
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli1, sockops);
+	cli_sockopt(cli2, sockops);
 
 	printf("starting locktest3\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
-	fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+	fnum2 = cli_open(cli2, fname, O_RDWR, DENY_NONE);
 	if (fnum2 == -1) {
-		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("open2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
 	for (offset=i=0;i<torture_numops;i++) {
 		NEXT_OFFSET;
-		if (!cli_lock(&cli1, fnum1, offset-1, 1, 0, WRITE_LOCK)) {
+		if (!cli_lock(cli1, fnum1, offset-1, 1, 0, WRITE_LOCK)) {
 			printf("lock1 %d failed (%s)\n", 
 			       i,
-			       cli_errstr(&cli1));
+			       cli_errstr(cli1));
 			return False;
 		}
 
-		if (!cli_lock(&cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
+		if (!cli_lock(cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
 			printf("lock2 %d failed (%s)\n", 
 			       i,
-			       cli_errstr(&cli1));
+			       cli_errstr(cli1));
 			return False;
 		}
 	}
@@ -1182,22 +1164,22 @@ static BOOL run_locktest3(int dummy)
 	for (offset=i=0;i<torture_numops;i++) {
 		NEXT_OFFSET;
 
-		if (cli_lock(&cli1, fnum1, offset-2, 1, 0, WRITE_LOCK)) {
+		if (cli_lock(cli1, fnum1, offset-2, 1, 0, WRITE_LOCK)) {
 			printf("error: lock1 %d succeeded!\n", i);
 			return False;
 		}
 
-		if (cli_lock(&cli2, fnum2, offset-1, 1, 0, WRITE_LOCK)) {
+		if (cli_lock(cli2, fnum2, offset-1, 1, 0, WRITE_LOCK)) {
 			printf("error: lock2 %d succeeded!\n", i);
 			return False;
 		}
 
-		if (cli_lock(&cli1, fnum1, offset-1, 1, 0, WRITE_LOCK)) {
+		if (cli_lock(cli1, fnum1, offset-1, 1, 0, WRITE_LOCK)) {
 			printf("error: lock3 %d succeeded!\n", i);
 			return False;
 		}
 
-		if (cli_lock(&cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
+		if (cli_lock(cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
 			printf("error: lock4 %d succeeded!\n", i);
 			return False;
 		}
@@ -1206,41 +1188,41 @@ static BOOL run_locktest3(int dummy)
 	for (offset=i=0;i<torture_numops;i++) {
 		NEXT_OFFSET;
 
-		if (!cli_unlock(&cli1, fnum1, offset-1, 1)) {
+		if (!cli_unlock(cli1, fnum1, offset-1, 1)) {
 			printf("unlock1 %d failed (%s)\n", 
 			       i,
-			       cli_errstr(&cli1));
+			       cli_errstr(cli1));
 			return False;
 		}
 
-		if (!cli_unlock(&cli2, fnum2, offset-2, 1)) {
+		if (!cli_unlock(cli2, fnum2, offset-2, 1)) {
 			printf("unlock2 %d failed (%s)\n", 
 			       i,
-			       cli_errstr(&cli1));
+			       cli_errstr(cli1));
 			return False;
 		}
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close1 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_close(&cli2, fnum2)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli2));
+	if (!cli_close(cli2, fnum2)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_unlink(&cli1, fname)) {
-		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_unlink(cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 	
-	if (!torture_close_connection(&cli2)) {
+	if (!torture_close_connection(cli2)) {
 		correct = False;
 	}
 
@@ -1258,7 +1240,7 @@ static BOOL run_locktest3(int dummy)
 */
 static BOOL run_locktest4(int dummy)
 {
-	static struct cli_state cli1, cli2;
+	static struct cli_state *cli1, *cli2;
 	const char *fname = "\\lockt4.lck";
 	int fnum1, fnum2, f;
 	BOOL ret;
@@ -1269,156 +1251,156 @@ static BOOL run_locktest4(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli1, sockops);
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli1, sockops);
+	cli_sockopt(cli2, sockops);
 
 	printf("starting locktest4\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
-	fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum2 = cli_open(cli2, fname, O_RDWR, DENY_NONE);
 
 	memset(buf, 0, sizeof(buf));
 
-	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+	if (cli_write(cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
 		printf("Failed to create file\n");
 		correct = False;
 		goto fail;
 	}
 
-	ret = cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
-	      cli_lock(&cli1, fnum1, 2, 4, 0, WRITE_LOCK);
+	ret = cli_lock(cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
+	      cli_lock(cli1, fnum1, 2, 4, 0, WRITE_LOCK);
 	EXPECTED(ret, False);
 	printf("the same process %s set overlapping write locks\n", ret?"can":"cannot");
 	    
-	ret = cli_lock(&cli1, fnum1, 10, 4, 0, READ_LOCK) &&
-	      cli_lock(&cli1, fnum1, 12, 4, 0, READ_LOCK);
+	ret = cli_lock(cli1, fnum1, 10, 4, 0, READ_LOCK) &&
+	      cli_lock(cli1, fnum1, 12, 4, 0, READ_LOCK);
 	EXPECTED(ret, True);
 	printf("the same process %s set overlapping read locks\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 20, 4, 0, WRITE_LOCK) &&
-	      cli_lock(&cli2, fnum2, 22, 4, 0, WRITE_LOCK);
+	ret = cli_lock(cli1, fnum1, 20, 4, 0, WRITE_LOCK) &&
+	      cli_lock(cli2, fnum2, 22, 4, 0, WRITE_LOCK);
 	EXPECTED(ret, False);
 	printf("a different connection %s set overlapping write locks\n", ret?"can":"cannot");
 	    
-	ret = cli_lock(&cli1, fnum1, 30, 4, 0, READ_LOCK) &&
-	      cli_lock(&cli2, fnum2, 32, 4, 0, READ_LOCK);
+	ret = cli_lock(cli1, fnum1, 30, 4, 0, READ_LOCK) &&
+	      cli_lock(cli2, fnum2, 32, 4, 0, READ_LOCK);
 	EXPECTED(ret, True);
 	printf("a different connection %s set overlapping read locks\n", ret?"can":"cannot");
 	
-	ret = (cli_setpid(&cli1, 1), cli_lock(&cli1, fnum1, 40, 4, 0, WRITE_LOCK)) &&
-	      (cli_setpid(&cli1, 2), cli_lock(&cli1, fnum1, 42, 4, 0, WRITE_LOCK));
+	ret = (cli_setpid(cli1, 1), cli_lock(cli1, fnum1, 40, 4, 0, WRITE_LOCK)) &&
+	      (cli_setpid(cli1, 2), cli_lock(cli1, fnum1, 42, 4, 0, WRITE_LOCK));
 	EXPECTED(ret, False);
 	printf("a different pid %s set overlapping write locks\n", ret?"can":"cannot");
 	    
-	ret = (cli_setpid(&cli1, 1), cli_lock(&cli1, fnum1, 50, 4, 0, READ_LOCK)) &&
-	      (cli_setpid(&cli1, 2), cli_lock(&cli1, fnum1, 52, 4, 0, READ_LOCK));
+	ret = (cli_setpid(cli1, 1), cli_lock(cli1, fnum1, 50, 4, 0, READ_LOCK)) &&
+	      (cli_setpid(cli1, 2), cli_lock(cli1, fnum1, 52, 4, 0, READ_LOCK));
 	EXPECTED(ret, True);
 	printf("a different pid %s set overlapping read locks\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 60, 4, 0, READ_LOCK) &&
-	      cli_lock(&cli1, fnum1, 60, 4, 0, READ_LOCK);
+	ret = cli_lock(cli1, fnum1, 60, 4, 0, READ_LOCK) &&
+	      cli_lock(cli1, fnum1, 60, 4, 0, READ_LOCK);
 	EXPECTED(ret, True);
 	printf("the same process %s set the same read lock twice\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 70, 4, 0, WRITE_LOCK) &&
-	      cli_lock(&cli1, fnum1, 70, 4, 0, WRITE_LOCK);
+	ret = cli_lock(cli1, fnum1, 70, 4, 0, WRITE_LOCK) &&
+	      cli_lock(cli1, fnum1, 70, 4, 0, WRITE_LOCK);
 	EXPECTED(ret, False);
 	printf("the same process %s set the same write lock twice\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 80, 4, 0, READ_LOCK) &&
-	      cli_lock(&cli1, fnum1, 80, 4, 0, WRITE_LOCK);
+	ret = cli_lock(cli1, fnum1, 80, 4, 0, READ_LOCK) &&
+	      cli_lock(cli1, fnum1, 80, 4, 0, WRITE_LOCK);
 	EXPECTED(ret, False);
 	printf("the same process %s overlay a read lock with a write lock\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 90, 4, 0, WRITE_LOCK) &&
-	      cli_lock(&cli1, fnum1, 90, 4, 0, READ_LOCK);
+	ret = cli_lock(cli1, fnum1, 90, 4, 0, WRITE_LOCK) &&
+	      cli_lock(cli1, fnum1, 90, 4, 0, READ_LOCK);
 	EXPECTED(ret, True);
 	printf("the same process %s overlay a write lock with a read lock\n", ret?"can":"cannot");
 
-	ret = (cli_setpid(&cli1, 1), cli_lock(&cli1, fnum1, 100, 4, 0, WRITE_LOCK)) &&
-	      (cli_setpid(&cli1, 2), cli_lock(&cli1, fnum1, 100, 4, 0, READ_LOCK));
+	ret = (cli_setpid(cli1, 1), cli_lock(cli1, fnum1, 100, 4, 0, WRITE_LOCK)) &&
+	      (cli_setpid(cli1, 2), cli_lock(cli1, fnum1, 100, 4, 0, READ_LOCK));
 	EXPECTED(ret, False);
 	printf("a different pid %s overlay a write lock with a read lock\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 110, 4, 0, READ_LOCK) &&
-	      cli_lock(&cli1, fnum1, 112, 4, 0, READ_LOCK) &&
-	      cli_unlock(&cli1, fnum1, 110, 6);
+	ret = cli_lock(cli1, fnum1, 110, 4, 0, READ_LOCK) &&
+	      cli_lock(cli1, fnum1, 112, 4, 0, READ_LOCK) &&
+	      cli_unlock(cli1, fnum1, 110, 6);
 	EXPECTED(ret, False);
 	printf("the same process %s coalesce read locks\n", ret?"can":"cannot");
 
 
-	ret = cli_lock(&cli1, fnum1, 120, 4, 0, WRITE_LOCK) &&
-	      (cli_read(&cli2, fnum2, buf, 120, 4) == 4);
+	ret = cli_lock(cli1, fnum1, 120, 4, 0, WRITE_LOCK) &&
+	      (cli_read(cli2, fnum2, buf, 120, 4) == 4);
 	EXPECTED(ret, False);
 	printf("this server %s strict write locking\n", ret?"doesn't do":"does");
 
-	ret = cli_lock(&cli1, fnum1, 130, 4, 0, READ_LOCK) &&
-	      (cli_write(&cli2, fnum2, 0, buf, 130, 4) == 4);
+	ret = cli_lock(cli1, fnum1, 130, 4, 0, READ_LOCK) &&
+	      (cli_write(cli2, fnum2, 0, buf, 130, 4) == 4);
 	EXPECTED(ret, False);
 	printf("this server %s strict read locking\n", ret?"doesn't do":"does");
 
 
-	ret = cli_lock(&cli1, fnum1, 140, 4, 0, READ_LOCK) &&
-	      cli_lock(&cli1, fnum1, 140, 4, 0, READ_LOCK) &&
-	      cli_unlock(&cli1, fnum1, 140, 4) &&
-	      cli_unlock(&cli1, fnum1, 140, 4);
+	ret = cli_lock(cli1, fnum1, 140, 4, 0, READ_LOCK) &&
+	      cli_lock(cli1, fnum1, 140, 4, 0, READ_LOCK) &&
+	      cli_unlock(cli1, fnum1, 140, 4) &&
+	      cli_unlock(cli1, fnum1, 140, 4);
 	EXPECTED(ret, True);
 	printf("this server %s do recursive read locking\n", ret?"does":"doesn't");
 
 
-	ret = cli_lock(&cli1, fnum1, 150, 4, 0, WRITE_LOCK) &&
-	      cli_lock(&cli1, fnum1, 150, 4, 0, READ_LOCK) &&
-	      cli_unlock(&cli1, fnum1, 150, 4) &&
-	      (cli_read(&cli2, fnum2, buf, 150, 4) == 4) &&
-	      !(cli_write(&cli2, fnum2, 0, buf, 150, 4) == 4) &&
-	      cli_unlock(&cli1, fnum1, 150, 4);
+	ret = cli_lock(cli1, fnum1, 150, 4, 0, WRITE_LOCK) &&
+	      cli_lock(cli1, fnum1, 150, 4, 0, READ_LOCK) &&
+	      cli_unlock(cli1, fnum1, 150, 4) &&
+	      (cli_read(cli2, fnum2, buf, 150, 4) == 4) &&
+	      !(cli_write(cli2, fnum2, 0, buf, 150, 4) == 4) &&
+	      cli_unlock(cli1, fnum1, 150, 4);
 	EXPECTED(ret, True);
 	printf("this server %s do recursive lock overlays\n", ret?"does":"doesn't");
 
-	ret = cli_lock(&cli1, fnum1, 160, 4, 0, READ_LOCK) &&
-	      cli_unlock(&cli1, fnum1, 160, 4) &&
-	      (cli_write(&cli2, fnum2, 0, buf, 160, 4) == 4) &&		
-	      (cli_read(&cli2, fnum2, buf, 160, 4) == 4);		
+	ret = cli_lock(cli1, fnum1, 160, 4, 0, READ_LOCK) &&
+	      cli_unlock(cli1, fnum1, 160, 4) &&
+	      (cli_write(cli2, fnum2, 0, buf, 160, 4) == 4) &&		
+	      (cli_read(cli2, fnum2, buf, 160, 4) == 4);		
 	EXPECTED(ret, True);
 	printf("the same process %s remove a read lock using write locking\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 170, 4, 0, WRITE_LOCK) &&
-	      cli_unlock(&cli1, fnum1, 170, 4) &&
-	      (cli_write(&cli2, fnum2, 0, buf, 170, 4) == 4) &&		
-	      (cli_read(&cli2, fnum2, buf, 170, 4) == 4);		
+	ret = cli_lock(cli1, fnum1, 170, 4, 0, WRITE_LOCK) &&
+	      cli_unlock(cli1, fnum1, 170, 4) &&
+	      (cli_write(cli2, fnum2, 0, buf, 170, 4) == 4) &&		
+	      (cli_read(cli2, fnum2, buf, 170, 4) == 4);		
 	EXPECTED(ret, True);
 	printf("the same process %s remove a write lock using read locking\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli1, fnum1, 190, 4, 0, WRITE_LOCK) &&
-	      cli_lock(&cli1, fnum1, 190, 4, 0, READ_LOCK) &&
-	      cli_unlock(&cli1, fnum1, 190, 4) &&
-	      !(cli_write(&cli2, fnum2, 0, buf, 190, 4) == 4) &&		
-	      (cli_read(&cli2, fnum2, buf, 190, 4) == 4);		
+	ret = cli_lock(cli1, fnum1, 190, 4, 0, WRITE_LOCK) &&
+	      cli_lock(cli1, fnum1, 190, 4, 0, READ_LOCK) &&
+	      cli_unlock(cli1, fnum1, 190, 4) &&
+	      !(cli_write(cli2, fnum2, 0, buf, 190, 4) == 4) &&		
+	      (cli_read(cli2, fnum2, buf, 190, 4) == 4);		
 	EXPECTED(ret, True);
 	printf("the same process %s remove the first lock first\n", ret?"does":"doesn't");
 
-	cli_close(&cli1, fnum1);
-	cli_close(&cli2, fnum2);
-	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
-	f = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
-	ret = cli_lock(&cli1, fnum1, 0, 8, 0, READ_LOCK) &&
-	      cli_lock(&cli1, f, 0, 1, 0, READ_LOCK) &&
-	      cli_close(&cli1, fnum1) &&
-	      ((fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE)) != -1) &&
-	      cli_lock(&cli1, fnum1, 7, 1, 0, WRITE_LOCK);
-        cli_close(&cli1, f);
-	cli_close(&cli1, fnum1);
+	cli_close(cli1, fnum1);
+	cli_close(cli2, fnum2);
+	fnum1 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
+	f = cli_open(cli1, fname, O_RDWR, DENY_NONE);
+	ret = cli_lock(cli1, fnum1, 0, 8, 0, READ_LOCK) &&
+	      cli_lock(cli1, f, 0, 1, 0, READ_LOCK) &&
+	      cli_close(cli1, fnum1) &&
+	      ((fnum1 = cli_open(cli1, fname, O_RDWR, DENY_NONE)) != -1) &&
+	      cli_lock(cli1, fnum1, 7, 1, 0, WRITE_LOCK);
+        cli_close(cli1, f);
+	cli_close(cli1, fnum1);
 	EXPECTED(ret, True);
 	printf("the server %s have the NT byte range lock bug\n", !ret?"does":"doesn't");
 
  fail:
-	cli_close(&cli1, fnum1);
-	cli_close(&cli2, fnum2);
-	cli_unlink(&cli1, fname);
-	torture_close_connection(&cli1);
-	torture_close_connection(&cli2);
+	cli_close(cli1, fnum1);
+	cli_close(cli2, fnum2);
+	cli_unlink(cli1, fname);
+	torture_close_connection(cli1);
+	torture_close_connection(cli2);
 
 	printf("finished locktest4\n");
 	return correct;
@@ -1429,7 +1411,7 @@ static BOOL run_locktest4(int dummy)
 */
 static BOOL run_locktest5(int dummy)
 {
-	static struct cli_state cli1, cli2;
+	static struct cli_state *cli1, *cli2;
 	const char *fname = "\\lockt5.lck";
 	int fnum1, fnum2, fnum3;
 	BOOL ret;
@@ -1440,61 +1422,61 @@ static BOOL run_locktest5(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli1, sockops);
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli1, sockops);
+	cli_sockopt(cli2, sockops);
 
 	printf("starting locktest5\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
-	fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
-	fnum3 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum2 = cli_open(cli2, fname, O_RDWR, DENY_NONE);
+	fnum3 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
 
 	memset(buf, 0, sizeof(buf));
 
-	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+	if (cli_write(cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
 		printf("Failed to create file\n");
 		correct = False;
 		goto fail;
 	}
 
 	/* Check for NT bug... */
-	ret = cli_lock(&cli1, fnum1, 0, 8, 0, READ_LOCK) &&
-		  cli_lock(&cli1, fnum3, 0, 1, 0, READ_LOCK);
-	cli_close(&cli1, fnum1);
-	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
-	ret = cli_lock(&cli1, fnum1, 7, 1, 0, WRITE_LOCK);
+	ret = cli_lock(cli1, fnum1, 0, 8, 0, READ_LOCK) &&
+		  cli_lock(cli1, fnum3, 0, 1, 0, READ_LOCK);
+	cli_close(cli1, fnum1);
+	fnum1 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
+	ret = cli_lock(cli1, fnum1, 7, 1, 0, WRITE_LOCK);
 	EXPECTED(ret, True);
 	printf("this server %s the NT locking bug\n", ret ? "doesn't have" : "has");
-	cli_close(&cli1, fnum1);
-	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
-	cli_unlock(&cli1, fnum3, 0, 1);
+	cli_close(cli1, fnum1);
+	fnum1 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
+	cli_unlock(cli1, fnum3, 0, 1);
 
-	ret = cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
-	      cli_lock(&cli1, fnum1, 1, 1, 0, READ_LOCK);
+	ret = cli_lock(cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
+	      cli_lock(cli1, fnum1, 1, 1, 0, READ_LOCK);
 	EXPECTED(ret, True);
 	printf("the same process %s overlay a write with a read lock\n", ret?"can":"cannot");
 
-	ret = cli_lock(&cli2, fnum2, 0, 4, 0, READ_LOCK);
+	ret = cli_lock(cli2, fnum2, 0, 4, 0, READ_LOCK);
 	EXPECTED(ret, False);
 
 	printf("a different processs %s get a read lock on the first process lock stack\n", ret?"can":"cannot");
 
 	/* Unlock the process 2 lock. */
-	cli_unlock(&cli2, fnum2, 0, 4);
+	cli_unlock(cli2, fnum2, 0, 4);
 
-	ret = cli_lock(&cli1, fnum3, 0, 4, 0, READ_LOCK);
+	ret = cli_lock(cli1, fnum3, 0, 4, 0, READ_LOCK);
 	EXPECTED(ret, False);
 
 	printf("the same processs on a different fnum %s get a read lock\n", ret?"can":"cannot");
 
 	/* Unlock the process 1 fnum3 lock. */
-	cli_unlock(&cli1, fnum3, 0, 4);
+	cli_unlock(cli1, fnum3, 0, 4);
 
 	/* Stack 2 more locks here. */
-	ret = cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK) &&
-		  cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK);
+	ret = cli_lock(cli1, fnum1, 0, 4, 0, READ_LOCK) &&
+		  cli_lock(cli1, fnum1, 0, 4, 0, READ_LOCK);
 
 	EXPECTED(ret, True);
 	printf("the same process %s stack read locks\n", ret?"can":"cannot");
@@ -1502,44 +1484,44 @@ static BOOL run_locktest5(int dummy)
 	/* Unlock the first process lock, then check this was the WRITE lock that was
 		removed. */
 
-	ret = cli_unlock(&cli1, fnum1, 0, 4) &&
-			cli_lock(&cli2, fnum2, 0, 4, 0, READ_LOCK);
+	ret = cli_unlock(cli1, fnum1, 0, 4) &&
+			cli_lock(cli2, fnum2, 0, 4, 0, READ_LOCK);
 
 	EXPECTED(ret, True);
 	printf("the first unlock removes the %s lock\n", ret?"WRITE":"READ");
 
 	/* Unlock the process 2 lock. */
-	cli_unlock(&cli2, fnum2, 0, 4);
+	cli_unlock(cli2, fnum2, 0, 4);
 
 	/* We should have 3 stacked locks here. Ensure we need to do 3 unlocks. */
 
-	ret = cli_unlock(&cli1, fnum1, 1, 1) &&
-		  cli_unlock(&cli1, fnum1, 0, 4) &&
-		  cli_unlock(&cli1, fnum1, 0, 4);
+	ret = cli_unlock(cli1, fnum1, 1, 1) &&
+		  cli_unlock(cli1, fnum1, 0, 4) &&
+		  cli_unlock(cli1, fnum1, 0, 4);
 
 	EXPECTED(ret, True);
 	printf("the same process %s unlock the stack of 4 locks\n", ret?"can":"cannot"); 
 
 	/* Ensure the next unlock fails. */
-	ret = cli_unlock(&cli1, fnum1, 0, 4);
+	ret = cli_unlock(cli1, fnum1, 0, 4);
 	EXPECTED(ret, False);
 	printf("the same process %s count the lock stack\n", !ret?"can":"cannot"); 
 
 	/* Ensure connection 2 can get a write lock. */
-	ret = cli_lock(&cli2, fnum2, 0, 4, 0, WRITE_LOCK);
+	ret = cli_lock(cli2, fnum2, 0, 4, 0, WRITE_LOCK);
 	EXPECTED(ret, True);
 
 	printf("a different processs %s get a write lock on the unlocked stack\n", ret?"can":"cannot");
 
 
  fail:
-	cli_close(&cli1, fnum1);
-	cli_close(&cli2, fnum2);
-	cli_unlink(&cli1, fname);
-	if (!torture_close_connection(&cli1)) {
+	cli_close(cli1, fnum1);
+	cli_close(cli2, fnum2);
+	cli_unlink(cli1, fname);
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
-	if (!torture_close_connection(&cli2)) {
+	if (!torture_close_connection(cli2)) {
 		correct = False;
 	}
 
@@ -1553,7 +1535,7 @@ static BOOL run_locktest5(int dummy)
 */
 static BOOL run_locktest6(int dummy)
 {
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	const char *fname[1] = { "\\lock6.txt" };
 	int i;
 	int fnum;
@@ -1563,29 +1545,29 @@ static BOOL run_locktest6(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
 	printf("starting locktest6\n");
 
 	for (i=0;i<1;i++) {
 		printf("Testing %s\n", fname[i]);
 
-		cli_unlink(&cli, fname[i]);
+		cli_unlink(cli, fname[i]);
 
-		fnum = cli_open(&cli, fname[i], O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
-		status = cli_locktype(&cli, fnum, 0, 8, 0, LOCKING_ANDX_CHANGE_LOCKTYPE);
-		cli_close(&cli, fnum);
+		fnum = cli_open(cli, fname[i], O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+		status = cli_locktype(cli, fnum, 0, 8, 0, LOCKING_ANDX_CHANGE_LOCKTYPE);
+		cli_close(cli, fnum);
 		printf("CHANGE_LOCKTYPE gave %s\n", nt_errstr(status));
 
-		fnum = cli_open(&cli, fname[i], O_RDWR, DENY_NONE);
-		status = cli_locktype(&cli, fnum, 0, 8, 0, LOCKING_ANDX_CANCEL_LOCK);
-		cli_close(&cli, fnum);
+		fnum = cli_open(cli, fname[i], O_RDWR, DENY_NONE);
+		status = cli_locktype(cli, fnum, 0, 8, 0, LOCKING_ANDX_CANCEL_LOCK);
+		cli_close(cli, fnum);
 		printf("CANCEL_LOCK gave %s\n", nt_errstr(status));
 
-		cli_unlink(&cli, fname[i]);
+		cli_unlink(cli, fname[i]);
 	}
 
-	torture_close_connection(&cli);
+	torture_close_connection(cli);
 
 	printf("finished locktest6\n");
 	return True;
@@ -1593,7 +1575,7 @@ static BOOL run_locktest6(int dummy)
 
 static BOOL run_locktest7(int dummy)
 {
-	static struct cli_state cli1;
+	struct cli_state *cli1;
 	const char *fname = "\\lockt7.lck";
 	int fnum1;
 	char buf[200];
@@ -1603,40 +1585,40 @@ static BOOL run_locktest7(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 
 	printf("starting locktest7\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 
 	memset(buf, 0, sizeof(buf));
 
-	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+	if (cli_write(cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
 		printf("Failed to create file\n");
 		goto fail;
 	}
 
-	cli_setpid(&cli1, 1);
+	cli_setpid(cli1, 1);
 
-	if (!cli_lock(&cli1, fnum1, 130, 4, 0, READ_LOCK)) {
-		printf("Unable to apply read lock on range 130:4, error was %s\n", cli_errstr(&cli1));
+	if (!cli_lock(cli1, fnum1, 130, 4, 0, READ_LOCK)) {
+		printf("Unable to apply read lock on range 130:4, error was %s\n", cli_errstr(cli1));
 		goto fail;
 	} else {
 		printf("pid1 successfully locked range 130:4 for READ\n");
 	}
 
-	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
-		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
+	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
 		goto fail;
 	} else {
 		printf("pid1 successfully read the range 130:4\n");
 	}
 
-	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
-		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
-		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
+		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
 			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
 			goto fail;
 		}
@@ -1645,17 +1627,17 @@ static BOOL run_locktest7(int dummy)
 		goto fail;
 	}
 
-	cli_setpid(&cli1, 2);
+	cli_setpid(cli1, 2);
 
-	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
-		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
+	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
 	} else {
 		printf("pid2 successfully read the range 130:4\n");
 	}
 
-	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
-		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
-		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
+		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
 			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
 			goto fail;
 		}
@@ -1664,35 +1646,35 @@ static BOOL run_locktest7(int dummy)
 		goto fail;
 	}
 
-	cli_setpid(&cli1, 1);
-	cli_unlock(&cli1, fnum1, 130, 4);
+	cli_setpid(cli1, 1);
+	cli_unlock(cli1, fnum1, 130, 4);
 
-	if (!cli_lock(&cli1, fnum1, 130, 4, 0, WRITE_LOCK)) {
-		printf("Unable to apply write lock on range 130:4, error was %s\n", cli_errstr(&cli1));
+	if (!cli_lock(cli1, fnum1, 130, 4, 0, WRITE_LOCK)) {
+		printf("Unable to apply write lock on range 130:4, error was %s\n", cli_errstr(cli1));
 		goto fail;
 	} else {
 		printf("pid1 successfully locked range 130:4 for WRITE\n");
 	}
 
-	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
-		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
+	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
 		goto fail;
 	} else {
 		printf("pid1 successfully read the range 130:4\n");
 	}
 
-	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
-		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
+	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
 		goto fail;
 	} else {
 		printf("pid1 successfully wrote to the range 130:4\n");
 	}
 
-	cli_setpid(&cli1, 2);
+	cli_setpid(cli1, 2);
 
-	if (cli_read(&cli1, fnum1, buf, 130, 4) != 4) {
-		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(&cli1));
-		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
+		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
+		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
 			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
 			goto fail;
 		}
@@ -1701,9 +1683,9 @@ static BOOL run_locktest7(int dummy)
 		goto fail;
 	}
 
-	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4) {
-		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(&cli1));
-		if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
+	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
+		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
+		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
 			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
 			goto fail;
 		}
@@ -1712,13 +1694,13 @@ static BOOL run_locktest7(int dummy)
 		goto fail;
 	}
 
-	cli_unlock(&cli1, fnum1, 130, 0);
+	cli_unlock(cli1, fnum1, 130, 0);
 	correct = True;
 
 fail:
-	cli_close(&cli1, fnum1);
-	cli_unlink(&cli1, fname);
-	torture_close_connection(&cli1);
+	cli_close(cli1, fnum1);
+	cli_unlink(cli1, fname);
+	torture_close_connection(cli1);
 
 	printf("finished locktest7\n");
 	return correct;
@@ -1730,7 +1712,7 @@ security hole)
 */
 static BOOL run_fdpasstest(int dummy)
 {
-	static struct cli_state cli1, cli2, cli3;
+	struct cli_state *cli1, *cli2;
 	const char *fname = "\\fdpass.tst";
 	int fnum1;
 	pstring buf;
@@ -1738,40 +1720,39 @@ static BOOL run_fdpasstest(int dummy)
 	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
 		return False;
 	}
-	cli_sockopt(&cli1, sockops);
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli1, sockops);
+	cli_sockopt(cli2, sockops);
 
 	printf("starting fdpasstest\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	if (cli_write(&cli1, fnum1, 0, "hello world\n", 0, 13) != 13) {
-		printf("write failed (%s)\n", cli_errstr(&cli1));
+	if (cli_write(cli1, fnum1, 0, "hello world\n", 0, 13) != 13) {
+		printf("write failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	cli3 = cli2;
-	cli3.vuid = cli1.vuid;
-	cli3.cnum = cli1.cnum;
-	cli3.pid = cli1.pid;
+	cli2->vuid = cli1->vuid;
+	cli2->cnum = cli1->cnum;
+	cli2->pid = cli1->pid;
 
-	if (cli_read(&cli3, fnum1, buf, 0, 13) == 13) {
+	if (cli_read(cli2, fnum1, buf, 0, 13) == 13) {
 		printf("read succeeded! nasty security hole [%s]\n",
 		       buf);
 		return False;
 	}
 
-	cli_close(&cli1, fnum1);
-	cli_unlink(&cli1, fname);
+	cli_close(cli1, fnum1);
+	cli_unlink(cli1, fname);
 
-	torture_close_connection(&cli1);
-	torture_close_connection(&cli2);
+	torture_close_connection(cli1);
+	torture_close_connection(cli2);
 
 	printf("finished fdpasstest\n");
 	return True;
@@ -1785,7 +1766,7 @@ static BOOL run_fdpasstest(int dummy)
 */
 static BOOL run_unlinktest(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	const char *fname = "\\unlink.tst";
 	int fnum;
 	BOOL correct = True;
@@ -1794,32 +1775,32 @@ static BOOL run_unlinktest(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
 	printf("starting unlink test\n");
 
-	cli_unlink(&cli, fname);
+	cli_unlink(cli, fname);
 
-	cli_setpid(&cli, 1);
+	cli_setpid(cli, 1);
 
-	fnum = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum = cli_open(cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli));
 		return False;
 	}
 
-	if (cli_unlink(&cli, fname)) {
+	if (cli_unlink(cli, fname)) {
 		printf("error: server allowed unlink on an open file\n");
 		correct = False;
 	} else {
-		correct = check_error(__LINE__, &cli, ERRDOS, ERRbadshare, 
+		correct = check_error(__LINE__, cli, ERRDOS, ERRbadshare, 
 				      NT_STATUS_SHARING_VIOLATION);
 	}
 
-	cli_close(&cli, fnum);
-	cli_unlink(&cli, fname);
+	cli_close(cli, fnum);
+	cli_unlink(cli, fname);
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -1834,7 +1815,7 @@ test how many open files this server supports on the one socket
 */
 static BOOL run_maxfidtest(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	const char *template = "\\maxfid.%d.%d";
 	fstring fname;
 	int fnums[0x11000], i;
@@ -1848,15 +1829,15 @@ static BOOL run_maxfidtest(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
 	for (i=0; i<0x11000; i++) {
 		slprintf(fname,sizeof(fname)-1,template, i,(int)getpid());
-		if ((fnums[i] = cli_open(&cli, fname, 
+		if ((fnums[i] = cli_open(cli, fname, 
 					O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) ==
 		    -1) {
 			printf("open of %s failed (%s)\n", 
-			       fname, cli_errstr(&cli));
+			       fname, cli_errstr(cli));
 			printf("maximum fnum is %d\n", i);
 			break;
 		}
@@ -1868,10 +1849,10 @@ static BOOL run_maxfidtest(int dummy)
 	printf("cleaning up\n");
 	for (;i>=0;i--) {
 		slprintf(fname,sizeof(fname)-1,template, i,(int)getpid());
-		cli_close(&cli, fnums[i]);
-		if (!cli_unlink(&cli, fname)) {
+		cli_close(cli, fnums[i]);
+		if (!cli_unlink(cli, fname)) {
 			printf("unlink of %s failed (%s)\n", 
-			       fname, cli_errstr(&cli));
+			       fname, cli_errstr(cli));
 			correct = False;
 		}
 		printf("%6d\r", i);
@@ -1879,7 +1860,7 @@ static BOOL run_maxfidtest(int dummy)
 	printf("%6d\n", 0);
 
 	printf("maxfid test finished\n");
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 	return correct;
@@ -1929,7 +1910,7 @@ static BOOL run_randomipc(int dummy)
 	int rdrcnt,rprcnt;
 	pstring param;
 	int api, param_len, i;
-	static struct cli_state cli;
+	struct cli_state *cli;
 	BOOL correct = True;
 	int count = 50000;
 
@@ -1947,7 +1928,7 @@ static BOOL run_randomipc(int dummy)
   
 		SSVAL(param,0,api); 
 
-		cli_api(&cli, 
+		cli_api(cli, 
 			param, param_len, 8,  
 			NULL, 0, BUFFER_SIZE, 
 			&rparam, &rprcnt,     
@@ -1958,7 +1939,7 @@ static BOOL run_randomipc(int dummy)
 	}
 	printf("%d/%d\n", i, count);
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -1983,7 +1964,7 @@ static void browse_callback(const char *sname, uint32 stype,
 */
 static BOOL run_browsetest(int dummy)
 {
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	BOOL correct = True;
 
 	printf("starting browse test\n");
@@ -1993,16 +1974,16 @@ static BOOL run_browsetest(int dummy)
 	}
 
 	printf("domain list:\n");
-	cli_NetServerEnum(&cli, cli.server_domain, 
+	cli_NetServerEnum(cli, cli->server_domain, 
 			  SV_TYPE_DOMAIN_ENUM,
 			  browse_callback, NULL);
 
 	printf("machine list:\n");
-	cli_NetServerEnum(&cli, cli.server_domain, 
+	cli_NetServerEnum(cli, cli->server_domain, 
 			  SV_TYPE_ALL,
 			  browse_callback, NULL);
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -2018,7 +1999,7 @@ static BOOL run_browsetest(int dummy)
 */
 static BOOL run_attrtest(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	int fnum;
 	time_t t, t2;
 	const char *fname = "\\attrib.tst";
@@ -2030,12 +2011,12 @@ static BOOL run_attrtest(int dummy)
 		return False;
 	}
 
-	cli_unlink(&cli, fname);
-	fnum = cli_open(&cli, fname, 
+	cli_unlink(cli, fname);
+	fnum = cli_open(cli, fname, 
 			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
-	cli_close(&cli, fnum);
-	if (!cli_getatr(&cli, fname, NULL, NULL, &t)) {
-		printf("getatr failed (%s)\n", cli_errstr(&cli));
+	cli_close(cli, fnum);
+	if (!cli_getatr(cli, fname, NULL, NULL, &t)) {
+		printf("getatr failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	}
 
@@ -2048,13 +2029,13 @@ static BOOL run_attrtest(int dummy)
 
 	t2 = t-60*60*24; /* 1 day ago */
 
-	if (!cli_setatr(&cli, fname, 0, t2)) {
-		printf("setatr failed (%s)\n", cli_errstr(&cli));
+	if (!cli_setatr(cli, fname, 0, t2)) {
+		printf("setatr failed (%s)\n", cli_errstr(cli));
 		correct = True;
 	}
 
-	if (!cli_getatr(&cli, fname, NULL, NULL, &t)) {
-		printf("getatr failed (%s)\n", cli_errstr(&cli));
+	if (!cli_getatr(cli, fname, NULL, NULL, &t)) {
+		printf("getatr failed (%s)\n", cli_errstr(cli));
 		correct = True;
 	}
 
@@ -2065,9 +2046,9 @@ static BOOL run_attrtest(int dummy)
 		correct = True;
 	}
 
-	cli_unlink(&cli, fname);
+	cli_unlink(cli, fname);
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -2082,7 +2063,7 @@ static BOOL run_attrtest(int dummy)
 */
 static BOOL run_trans2test(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	int fnum;
 	size_t size;
 	time_t c_time, a_time, m_time, w_time, m_time2;
@@ -2098,17 +2079,17 @@ static BOOL run_trans2test(int dummy)
 		return False;
 	}
 
-	cli_unlink(&cli, fname);
-	fnum = cli_open(&cli, fname, 
+	cli_unlink(cli, fname);
+	fnum = cli_open(cli, fname, 
 			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
-	if (!cli_qfileinfo(&cli, fnum, NULL, &size, &c_time, &a_time, &m_time,
+	if (!cli_qfileinfo(cli, fnum, NULL, &size, &c_time, &a_time, &m_time,
 			   NULL, NULL)) {
-		printf("ERROR: qfileinfo failed (%s)\n", cli_errstr(&cli));
+		printf("ERROR: qfileinfo failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	}
 
-	if (!cli_qfilename(&cli, fnum, pname)) {
-		printf("ERROR: qfilename failed (%s)\n", cli_errstr(&cli));
+	if (!cli_qfilename(cli, fnum, pname)) {
+		printf("ERROR: qfilename failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	}
 
@@ -2118,21 +2099,21 @@ static BOOL run_trans2test(int dummy)
 		correct = False;
 	}
 
-	cli_close(&cli, fnum);
+	cli_close(cli, fnum);
 
 	sleep(2);
 
-	cli_unlink(&cli, fname);
-	fnum = cli_open(&cli, fname, 
+	cli_unlink(cli, fname);
+	fnum = cli_open(cli, fname, 
 			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
 	if (fnum == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli));
 		return False;
 	}
-	cli_close(&cli, fnum);
+	cli_close(cli, fnum);
 
-	if (!cli_qpathinfo(&cli, fname, &c_time, &a_time, &m_time, &size, NULL)) {
-		printf("ERROR: qpathinfo failed (%s)\n", cli_errstr(&cli));
+	if (!cli_qpathinfo(cli, fname, &c_time, &a_time, &m_time, &size, NULL)) {
+		printf("ERROR: qpathinfo failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	} else {
 		if (c_time != m_time) {
@@ -2154,13 +2135,13 @@ static BOOL run_trans2test(int dummy)
 	}
 
 
-	cli_unlink(&cli, fname);
-	fnum = cli_open(&cli, fname, 
+	cli_unlink(cli, fname);
+	fnum = cli_open(cli, fname, 
 			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
-	cli_close(&cli, fnum);
-	if (!cli_qpathinfo2(&cli, fname, &c_time, &a_time, &m_time, 
+	cli_close(cli, fnum);
+	if (!cli_qpathinfo2(cli, fname, &c_time, &a_time, &m_time, 
 			    &w_time, &size, NULL, NULL)) {
-		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	} else {
 		if (w_time < 60*60*24*2) {
@@ -2170,29 +2151,29 @@ static BOOL run_trans2test(int dummy)
 		}
 	}
 
-	cli_unlink(&cli, fname);
+	cli_unlink(cli, fname);
 
 
 	/* check if the server updates the directory modification time
            when creating a new file */
-	if (!cli_mkdir(&cli, dname)) {
-		printf("ERROR: mkdir failed (%s)\n", cli_errstr(&cli));
+	if (!cli_mkdir(cli, dname)) {
+		printf("ERROR: mkdir failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	}
 	sleep(3);
-	if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time, 
+	if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time, 
 			    &w_time, &size, NULL, NULL)) {
-		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	}
 
-	fnum = cli_open(&cli, fname2, 
+	fnum = cli_open(cli, fname2, 
 			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
-	cli_write(&cli, fnum,  0, (char *)&fnum, 0, sizeof(fnum));
-	cli_close(&cli, fnum);
-	if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2, 
+	cli_write(cli, fnum,  0, (char *)&fnum, 0, sizeof(fnum));
+	cli_close(cli, fnum);
+	if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time2, 
 			    &w_time, &size, NULL, NULL)) {
-		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	} else {
 		if (m_time2 == m_time) {
@@ -2200,10 +2181,10 @@ static BOOL run_trans2test(int dummy)
 			correct = False;
 		}
 	}
-	cli_unlink(&cli, fname2);
-	cli_rmdir(&cli, dname);
+	cli_unlink(cli, fname2);
+	cli_rmdir(cli, dname);
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -2236,7 +2217,7 @@ static BOOL new_trans(struct cli_state *pcli, int fnum, int level)
 
 static BOOL run_w2ktest(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	int fnum;
 	const char *fname = "\\w2ktest\\w2k.tst";
 	int level;
@@ -2248,16 +2229,16 @@ static BOOL run_w2ktest(int dummy)
 		return False;
 	}
 
-	fnum = cli_open(&cli, fname, 
+	fnum = cli_open(cli, fname, 
 			O_RDWR | O_CREAT , DENY_NONE);
 
 	for (level = 1004; level < 1040; level++) {
-		new_trans(&cli, fnum, level);
+		new_trans(cli, fnum, level);
 	}
 
-	cli_close(&cli, fnum);
+	cli_close(cli, fnum);
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -2272,7 +2253,7 @@ static BOOL run_w2ktest(int dummy)
  */
 static BOOL run_oplock1(int dummy)
 {
-	static struct cli_state cli1;
+	struct cli_state *cli1;
 	const char *fname = "\\lockt1.lck";
 	int fnum1;
 	BOOL correct = True;
@@ -2283,34 +2264,34 @@ static BOOL run_oplock1(int dummy)
 		return False;
 	}
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 
-	cli1.use_oplocks = True;
+	cli1->use_oplocks = True;
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	cli1.use_oplocks = False;
+	cli1->use_oplocks = False;
 
-	cli_unlink(&cli1, fname);
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
+	cli_unlink(cli1, fname);
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_unlink(&cli1, fname)) {
-		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_unlink(cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 
@@ -2321,7 +2302,7 @@ static BOOL run_oplock1(int dummy)
 
 static BOOL run_oplock2(int dummy)
 {
-	static struct cli_state cli1, cli2;
+	struct cli_state *cli1, *cli2;
 	const char *fname = "\\lockt2.lck";
 	int fnum1, fnum2;
 	int saved_use_oplocks = use_oplocks;
@@ -2343,8 +2324,8 @@ static BOOL run_oplock2(int dummy)
 		return False;
 	}
 
-	cli1.use_oplocks = True;
-	cli1.use_level_II_oplocks = True;
+	cli1->use_oplocks = True;
+	cli1->use_level_II_oplocks = True;
 
 	if (!torture_open_connection(&cli2)) {
 		use_level_II_oplocks = False;
@@ -2352,17 +2333,17 @@ static BOOL run_oplock2(int dummy)
 		return False;
 	}
 
-	cli2.use_oplocks = True;
-	cli2.use_level_II_oplocks = True;
+	cli2->use_oplocks = True;
+	cli2->use_level_II_oplocks = True;
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	cli_sockopt(&cli1, sockops);
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli1, sockops);
+	cli_sockopt(cli2, sockops);
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
@@ -2372,17 +2353,17 @@ static BOOL run_oplock2(int dummy)
 
 	if (fork() == 0) {
 		/* Child code */
-		fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+		fnum2 = cli_open(cli2, fname, O_RDWR, DENY_NONE);
 		if (fnum2 == -1) {
-			printf("second open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+			printf("second open of %s failed (%s)\n", fname, cli_errstr(cli1));
 			*shared_correct = False;
 			exit(0);
 		}
 
 		sleep(2);
 
-		if (!cli_close(&cli2, fnum2)) {
-			printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		if (!cli_close(cli2, fnum2)) {
+			printf("close2 failed (%s)\n", cli_errstr(cli1));
 			*shared_correct = False;
 		}
 
@@ -2393,54 +2374,54 @@ static BOOL run_oplock2(int dummy)
 
 	/* Ensure cli1 processes the break. */
 
-	if (cli_read(&cli1, fnum1, buf, 0, 4) != 4) {
-		printf("read on fnum1 failed (%s)\n", cli_errstr(&cli1));
+	if (cli_read(cli1, fnum1, buf, 0, 4) != 4) {
+		printf("read on fnum1 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
 	/* Should now be at level II. */
 	/* Test if sending a write locks causes a break to none. */
 
-	if (!cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK)) {
-		printf("lock failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_lock(cli1, fnum1, 0, 4, 0, READ_LOCK)) {
+		printf("lock failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
-	cli_unlock(&cli1, fnum1, 0, 4);
+	cli_unlock(cli1, fnum1, 0, 4);
 
 	sleep(2);
 
-	if (!cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
-		printf("lock failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_lock(cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
-	cli_unlock(&cli1, fnum1, 0, 4);
+	cli_unlock(cli1, fnum1, 0, 4);
 
 	sleep(2);
 
-	cli_read(&cli1, fnum1, buf, 0, 4);
+	cli_read(cli1, fnum1, buf, 0, 4);
 
 #if 0
-	if (cli_write(&cli1, fnum1, 0, buf, 0, 4) != 4) {
-		printf("write on fnum1 failed (%s)\n", cli_errstr(&cli1));
+	if (cli_write(cli1, fnum1, 0, buf, 0, 4) != 4) {
+		printf("write on fnum1 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 #endif
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close1 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
 	sleep(4);
 
-	if (!cli_unlink(&cli1, fname)) {
-		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_unlink(cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 
@@ -2463,7 +2444,7 @@ static BOOL oplock3_handler(struct cli_state *cli, int fnum, unsigned char level
 
 static BOOL run_oplock3(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	const char *fname = "\\oplockt3.dat";
 	int fnum;
 	char buf[4] = "abcd";
@@ -2485,8 +2466,8 @@ static BOOL run_oplock3(int dummy)
 		} 
 		sleep(2);
 		/* try to trigger a oplock break in parent */
-		fnum = cli_open(&cli, fname, O_RDWR, DENY_NONE);
-		cli_write(&cli, fnum, 0, buf, 0, 4);
+		fnum = cli_open(cli, fname, O_RDWR, DENY_NONE);
+		cli_write(cli, fnum, 0, buf, 0, 4);
 		exit(0);
 	}
 
@@ -2496,13 +2477,13 @@ static BOOL run_oplock3(int dummy)
 	if (!torture_open_connection(&cli)) { 
 		return False;
 	}
-	cli_oplock_handler(&cli, oplock3_handler);
-	fnum = cli_open(&cli, fname, O_RDWR|O_CREAT, DENY_NONE);
-	cli_write(&cli, fnum, 0, buf, 0, 4);
-	cli_close(&cli, fnum);
-	fnum = cli_open(&cli, fname, O_RDWR, DENY_NONE);
-	cli.timeout = 20000;
-	cli_receive_smb(&cli);
+	cli_oplock_handler(cli, oplock3_handler);
+	fnum = cli_open(cli, fname, O_RDWR|O_CREAT, DENY_NONE);
+	cli_write(cli, fnum, 0, buf, 0, 4);
+	cli_close(cli, fnum);
+	fnum = cli_open(cli, fname, O_RDWR, DENY_NONE);
+	cli->timeout = 20000;
+	cli_receive_smb(cli);
 	printf("finished oplock test 3\n");
 
 	return (correct && *shared_correct);
@@ -2517,8 +2498,8 @@ static BOOL run_oplock3(int dummy)
  */
 static BOOL run_deletetest(int dummy)
 {
-	static struct cli_state cli1;
-	static struct cli_state cli2;
+	struct cli_state *cli1;
+	struct cli_state *cli2;
 	const char *fname = "\\delete.file";
 	int fnum1 = -1;
 	int fnum2 = -1;
@@ -2526,37 +2507,34 @@ static BOOL run_deletetest(int dummy)
 	
 	printf("starting delete test\n");
 	
-	ZERO_STRUCT(cli1);
-	ZERO_STRUCT(cli2);
-
 	if (!torture_open_connection(&cli1)) {
 		return False;
 	}
 	
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 
 	/* Test 1 - this should delete the file on close. */
 	
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 	
-	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 
 				   FILE_DELETE_ON_CLOSE);
 	
 	if (fnum1 == -1) {
-		printf("[1] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[1] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[1] close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[1] close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
-	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
 	if (fnum1 != -1) {
 		printf("[1] open of %s succeeded (should fail)\n", fname);
 		correct = False;
@@ -2567,52 +2545,52 @@ static BOOL run_deletetest(int dummy)
 	
 	/* Test 2 - this should delete the file on close. */
 	
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 	
-	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS,
+	fnum1 = cli_nt_create_full(cli1, fname, GENERIC_ALL_ACCESS,
 				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, 
 				   FILE_OVERWRITE_IF, 0);
 	
 	if (fnum1 == -1) {
-		printf("[2] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[2] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-		printf("[2] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_nt_delete_on_close(cli1, fnum1, True)) {
+		printf("[2] setting delete_on_close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[2] close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[2] close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY, DENY_NONE);
 	if (fnum1 != -1) {
 		printf("[2] open of %s succeeded should have been deleted on close !\n", fname);
-		if (!cli_close(&cli1, fnum1)) {
-			printf("[2] close failed (%s)\n", cli_errstr(&cli1));
+		if (!cli_close(cli1, fnum1)) {
+			printf("[2] close failed (%s)\n", cli_errstr(cli1));
 			correct = False;
 			goto fail;
 		}
-		cli_unlink(&cli1, fname);
+		cli_unlink(cli1, fname);
 	} else
 		printf("second delete on close test succeeded.\n");
 	
 	/* Test 3 - ... */
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("[3] open - 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[3] open - 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
@@ -2620,7 +2598,7 @@ static BOOL run_deletetest(int dummy)
 	/* This should fail with a sharing violation - open for delete is only compatible
 	   with SHARE_DELETE. */
 
-	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
 			FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0);
 
 	if (fnum2 != -1) {
@@ -2631,83 +2609,83 @@ static BOOL run_deletetest(int dummy)
 
 	/* This should succeed. */
 
-	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
 			FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
 
 	if (fnum2 == -1) {
-		printf("[3] open  - 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[3] open  - 2 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-		printf("[3] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_nt_delete_on_close(cli1, fnum1, True)) {
+		printf("[3] setting delete_on_close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[3] close 1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[3] close 1 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_close(&cli1, fnum2)) {
-		printf("[3] close 2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum2)) {
+		printf("[3] close 2 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
 	/* This should fail - file should no longer be there. */
 
-	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY, DENY_NONE);
 	if (fnum1 != -1) {
 		printf("[3] open of %s succeeded should have been deleted on close !\n", fname);
-		if (!cli_close(&cli1, fnum1)) {
-			printf("[3] close failed (%s)\n", cli_errstr(&cli1));
+		if (!cli_close(cli1, fnum1)) {
+			printf("[3] close failed (%s)\n", cli_errstr(cli1));
 		}
-		cli_unlink(&cli1, fname);
+		cli_unlink(cli1, fname);
 		correct = False;
 		goto fail;
 	} else
 		printf("third delete on close test succeeded.\n");
 
 	/* Test 4 ... */
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+	fnum1 = cli_nt_create_full(cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
 			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OVERWRITE_IF, 0);
 								
 	if (fnum1 == -1) {
-		printf("[4] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[4] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
 	/* This should succeed. */
-	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS,
+	fnum2 = cli_nt_create_full(cli1, fname, GENERIC_READ_ACCESS,
 			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
 	if (fnum2 == -1) {
-		printf("[4] open  - 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[4] open  - 2 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_close(&cli1, fnum2)) {
-		printf("[4] close - 1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum2)) {
+		printf("[4] close - 1 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-		printf("[4] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_nt_delete_on_close(cli1, fnum1, True)) {
+		printf("[4] setting delete_on_close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
 	/* This should fail - no more opens once delete on close set. */
-	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS,
+	fnum2 = cli_nt_create_full(cli1, fname, GENERIC_READ_ACCESS,
 				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
 	if (fnum2 != -1) {
 		printf("[4] open  - 3 of %s succeeded ! Should have failed.\n", fname );
@@ -2716,33 +2694,33 @@ static BOOL run_deletetest(int dummy)
 	} else
 		printf("fourth delete on close test succeeded.\n");
 	
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[4] close - 2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[4] close - 2 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
 	/* Test 5 ... */
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 	
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
 	/* This should fail - only allowed on NT opens with DELETE access. */
 
-	if (cli_nt_delete_on_close(&cli1, fnum1, True)) {
+	if (cli_nt_delete_on_close(cli1, fnum1, True)) {
 		printf("[5] setting delete_on_close on OpenX file succeeded - should fail !\n");
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[5] close - 2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[5] close - 2 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
@@ -2750,29 +2728,29 @@ static BOOL run_deletetest(int dummy)
 	printf("fifth delete on close test succeeded.\n");
 	
 	/* Test 6 ... */
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 	
-	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA,
+	fnum1 = cli_nt_create_full(cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA,
 				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
 				   FILE_OVERWRITE_IF, 0);
 	
 	if (fnum1 == -1) {
-		printf("[6] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[6] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
 	/* This should fail - only allowed on NT opens with DELETE access. */
 	
-	if (cli_nt_delete_on_close(&cli1, fnum1, True)) {
+	if (cli_nt_delete_on_close(cli1, fnum1, True)) {
 		printf("[6] setting delete_on_close on file with no delete access succeeded - should fail !\n");
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[6] close - 2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[6] close - 2 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
@@ -2780,47 +2758,47 @@ static BOOL run_deletetest(int dummy)
 	printf("sixth delete on close test succeeded.\n");
 	
 	/* Test 7 ... */
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 	
-	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+	fnum1 = cli_nt_create_full(cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
 				   FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, 0);
 								
 	if (fnum1 == -1) {
-		printf("[7] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[7] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
+	if (!cli_nt_delete_on_close(cli1, fnum1, True)) {
 		printf("[7] setting delete_on_close on file failed !\n");
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_nt_delete_on_close(&cli1, fnum1, False)) {
+	if (!cli_nt_delete_on_close(cli1, fnum1, False)) {
 		printf("[7] unsetting delete_on_close on file failed !\n");
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[7] close - 2 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 	
 	/* This next open should succeed - we reset the flag. */
 	
-	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[7] close - 2 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
@@ -2828,8 +2806,8 @@ static BOOL run_deletetest(int dummy)
 	printf("seventh delete on close test succeeded.\n");
 	
 	/* Test 7 ... */
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 	
 	if (!torture_open_connection(&cli2)) {
 		printf("[8] failed to open second connection.\n");
@@ -2837,46 +2815,46 @@ static BOOL run_deletetest(int dummy)
 		goto fail;
 	}
 
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 	
-	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+	fnum1 = cli_nt_create_full(cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
 				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 0);
 	
 	if (fnum1 == -1) {
-		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+	fnum2 = cli_nt_create_full(cli2, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
 				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
 	
 	if (fnum2 == -1) {
-		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
+	if (!cli_nt_delete_on_close(cli1, fnum1, True)) {
 		printf("[8] setting delete_on_close on file failed !\n");
 		correct = False;
 		goto fail;
 	}
 	
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[8] close - 1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[8] close - 1 failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
-	if (!cli_close(&cli2, fnum2)) {
-		printf("[8] close - 2 failed (%s)\n", cli_errstr(&cli2));
+	if (!cli_close(cli2, fnum2)) {
+		printf("[8] close - 2 failed (%s)\n", cli_errstr(cli2));
 		correct = False;
 		goto fail;
 	}
 
 	/* This should fail.. */
-	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY, DENY_NONE);
 	if (fnum1 != -1) {
 		printf("[8] open of %s succeeded should have been deleted on close !\n", fname);
 		goto fail;
@@ -2885,7 +2863,7 @@ static BOOL run_deletetest(int dummy)
 		printf("eighth delete on close test succeeded.\n");
 
 	/* This should fail - we need to set DELETE_ACCESS. */
-	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA,
+	fnum1 = cli_nt_create_full(cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA,
 				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, FILE_OVERWRITE_IF, FILE_DELETE_ON_CLOSE);
 	
 	if (fnum1 != -1) {
@@ -2896,23 +2874,23 @@ static BOOL run_deletetest(int dummy)
 
 	printf("ninth delete on close test succeeded.\n");
 
-	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+	fnum1 = cli_nt_create_full(cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
 				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, FILE_OVERWRITE_IF, FILE_DELETE_ON_CLOSE);
 	if (fnum1 == -1) {
-		printf("[10] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("[10] open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
 	/* This should delete the file. */
-	if (!cli_close(&cli1, fnum1)) {
-		printf("[10] close failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("[10] close failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 		goto fail;
 	}
 
 	/* This should fail.. */
-	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY, DENY_NONE);
 	if (fnum1 != -1) {
 		printf("[10] open of %s succeeded should have been deleted on close !\n", fname);
 		goto fail;
@@ -2926,15 +2904,15 @@ static BOOL run_deletetest(int dummy)
 	 * intialized, because these functions don't handle
 	 * uninitialized connections. */
 		
-	cli_close(&cli1, fnum1);
-	cli_close(&cli1, fnum2);
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_close(cli1, fnum1);
+	cli_close(cli1, fnum2);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
-	if (!torture_close_connection(&cli2)) {
+	if (!torture_close_connection(cli2)) {
 		correct = False;
 	}
 	return correct;
@@ -2946,7 +2924,7 @@ static BOOL run_deletetest(int dummy)
  */
 static BOOL run_properties(int dummy)
 {
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	BOOL correct = True;
 	
 	printf("starting properties test\n");
@@ -2957,11 +2935,11 @@ static BOOL run_properties(int dummy)
 		return False;
 	}
 	
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
-	d_printf("Capabilities 0x%08x\n", cli.capabilities);
+	d_printf("Capabilities 0x%08x\n", cli->capabilities);
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -2994,7 +2972,7 @@ static BOOL run_properties(int dummy)
  */
 static BOOL run_xcopy(int dummy)
 {
-	static struct cli_state cli1;
+	static struct cli_state *cli1;
 	const char *fname = "\\test.txt";
 	BOOL correct = True;
 	int fnum1, fnum2;
@@ -3005,26 +2983,26 @@ static BOOL run_xcopy(int dummy)
 		return False;
 	}
 	
-	fnum1 = cli_nt_create_full(&cli1, fname, 
+	fnum1 = cli_nt_create_full(cli1, fname, 
 				   FIRST_DESIRED_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 
 				   0x4044);
 
 	if (fnum1 == -1) {
-		printf("First open failed - %s\n", cli_errstr(&cli1));
+		printf("First open failed - %s\n", cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli1, fname, 
+	fnum2 = cli_nt_create_full(cli1, fname, 
 				   SECOND_DESIRED_ACCESS, 0,
 				   FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 
 				   0x200000);
 	if (fnum2 == -1) {
-		printf("second open failed - %s\n", cli_errstr(&cli1));
+		printf("second open failed - %s\n", cli_errstr(cli1));
 		return False;
 	}
 	
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 	
@@ -3036,7 +3014,7 @@ static BOOL run_xcopy(int dummy)
  */
 static BOOL run_rename(int dummy)
 {
-	static struct cli_state cli1;
+	static struct cli_state *cli1;
 	const char *fname = "\\test.txt";
 	const char *fname1 = "\\test1.txt";
 	BOOL correct = True;
@@ -3048,31 +3026,31 @@ static BOOL run_rename(int dummy)
 		return False;
 	}
 	
-	cli_unlink(&cli1, fname);
-	cli_unlink(&cli1, fname1);
-	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	cli_unlink(cli1, fname);
+	cli_unlink(cli1, fname1);
+	fnum1 = cli_nt_create_full(cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_READ, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("First open failed - %s\n", cli_errstr(&cli1));
+		printf("First open failed - %s\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_rename(&cli1, fname, fname1)) {
-		printf("First rename failed (this is correct) - %s\n", cli_errstr(&cli1));
+	if (!cli_rename(cli1, fname, fname1)) {
+		printf("First rename failed (this is correct) - %s\n", cli_errstr(cli1));
 	} else {
 		printf("First rename succeeded - this should have failed !\n");
 		correct = False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close - 1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close - 1 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	cli_unlink(&cli1, fname);
-	cli_unlink(&cli1, fname1);
-	fnum1 = cli_nt_create_full(&cli1, fname,GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	cli_unlink(cli1, fname);
+	cli_unlink(cli1, fname1);
+	fnum1 = cli_nt_create_full(cli1, fname,GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
 #if 0
 				   FILE_SHARE_DELETE|FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 #else
@@ -3080,30 +3058,30 @@ static BOOL run_rename(int dummy)
 #endif
 
 	if (fnum1 == -1) {
-		printf("Second open failed - %s\n", cli_errstr(&cli1));
+		printf("Second open failed - %s\n", cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_rename(&cli1, fname, fname1)) {
-		printf("Second rename failed - this should have succeeded - %s\n", cli_errstr(&cli1));
+	if (!cli_rename(cli1, fname, fname1)) {
+		printf("Second rename failed - this should have succeeded - %s\n", cli_errstr(cli1));
 		correct = False;
 	} else {
 		printf("Second rename succeeded\n");
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close - 2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close - 2 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	cli_unlink(&cli1, fname);
-	cli_unlink(&cli1, fname1);
+	cli_unlink(cli1, fname);
+	cli_unlink(cli1, fname1);
 
-	fnum1 = cli_nt_create_full(&cli1, fname,READ_CONTROL_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,READ_CONTROL_ACCESS, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("Third open failed - %s\n", cli_errstr(&cli1));
+		printf("Third open failed - %s\n", cli_errstr(cli1));
 		return False;
 	}
 
@@ -3112,41 +3090,41 @@ static BOOL run_rename(int dummy)
   {
   int fnum2;
 
-	fnum2 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli1, fname,DELETE_ACCESS, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum2 == -1) {
-		printf("Fourth open failed - %s\n", cli_errstr(&cli1));
+		printf("Fourth open failed - %s\n", cli_errstr(cli1));
 		return False;
 	}
-	if (!cli_nt_delete_on_close(&cli1, fnum2, True)) {
+	if (!cli_nt_delete_on_close(cli1, fnum2, True)) {
 		printf("[8] setting delete_on_close on file failed !\n");
 		return False;
 	}
 	
-	if (!cli_close(&cli1, fnum2)) {
-		printf("close - 4 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum2)) {
+		printf("close - 4 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
   }
 #endif
 
-	if (!cli_rename(&cli1, fname, fname1)) {
-		printf("Third rename failed - this should have succeeded - %s\n", cli_errstr(&cli1));
+	if (!cli_rename(cli1, fname, fname1)) {
+		printf("Third rename failed - this should have succeeded - %s\n", cli_errstr(cli1));
 		correct = False;
 	} else {
 		printf("Third rename succeeded\n");
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close - 3 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close - 3 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
-	cli_unlink(&cli1, fname);
-	cli_unlink(&cli1, fname1);
+	cli_unlink(cli1, fname);
+	cli_unlink(cli1, fname1);
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 	
@@ -3155,7 +3133,7 @@ static BOOL run_rename(int dummy)
 
 static BOOL run_pipe_number(int dummy)
 {
-	static struct cli_state cli1;
+	struct cli_state *cli1;
 	const char *pipe_name = "\\SPOOLSS";
 	int fnum;
 	int num_pipes = 0;
@@ -3165,20 +3143,20 @@ static BOOL run_pipe_number(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 	while(1) {
-		fnum = cli_nt_create_full(&cli1, pipe_name,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+		fnum = cli_nt_create_full(cli1, pipe_name,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN_IF, 0);
 
 		if (fnum == -1) {
-			printf("Open of pipe %s failed with error (%s)\n", pipe_name, cli_errstr(&cli1));
+			printf("Open of pipe %s failed with error (%s)\n", pipe_name, cli_errstr(cli1));
 			break;
 		}
 		num_pipes++;
 	}
 
 	printf("pipe_number test - we can open %d %s pipes.\n", num_pipes, pipe_name );
-	torture_close_connection(&cli1);
+	torture_close_connection(cli1);
 	return True;
 }
 
@@ -3187,8 +3165,8 @@ static BOOL run_pipe_number(int dummy)
  */
 static BOOL run_opentest(int dummy)
 {
-	static struct cli_state cli1;
-	static struct cli_state cli2;
+	static struct cli_state *cli1;
+	static struct cli_state *cli2;
 	const char *fname = "\\readonly.file";
 	int fnum1, fnum2;
 	char buf[20];
@@ -3202,77 +3180,77 @@ static BOOL run_opentest(int dummy)
 		return False;
 	}
 	
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 	
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 	
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 	
-	if (!cli_setatr(&cli1, fname, aRONLY, 0)) {
-		printf("cli_setatr failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_setatr(cli1, fname, aRONLY, 0)) {
+		printf("cli_setatr failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 	
-	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY, DENY_WRITE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 	
 	/* This will fail - but the error should be ERRnoaccess, not ERRbadshare. */
-	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
+	fnum2 = cli_open(cli1, fname, O_RDWR, DENY_ALL);
 	
-        if (check_error(__LINE__, &cli1, ERRDOS, ERRnoaccess, 
+        if (check_error(__LINE__, cli1, ERRDOS, ERRnoaccess, 
 			NT_STATUS_ACCESS_DENIED)) {
 		printf("correct error code ERRDOS/ERRnoaccess returned\n");
 	}
 	
 	printf("finished open test 1\n");
 	
-	cli_close(&cli1, fnum1);
+	cli_close(cli1, fnum1);
 	
 	/* Now try not readonly and ensure ERRbadshare is returned. */
 	
-	cli_setatr(&cli1, fname, 0, 0);
+	cli_setatr(cli1, fname, 0, 0);
 	
-	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY, DENY_WRITE);
 	if (fnum1 == -1) {
-		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 	
 	/* This will fail - but the error should be ERRshare. */
-	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
+	fnum2 = cli_open(cli1, fname, O_RDWR, DENY_ALL);
 	
-	if (check_error(__LINE__, &cli1, ERRDOS, ERRbadshare, 
+	if (check_error(__LINE__, cli1, ERRDOS, ERRbadshare, 
 			NT_STATUS_SHARING_VIOLATION)) {
 		printf("correct error code ERRDOS/ERRbadshare returned\n");
 	}
 	
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 	
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 	
 	printf("finished open test 2\n");
 	
 	/* Test truncate open disposition on file opened for read. */
 	
-	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("(3) open (1) of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("(3) open (1) of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 	
@@ -3280,19 +3258,19 @@ static BOOL run_opentest(int dummy)
 	
 	memset(buf, '\0', 20);
 
-	if (cli_write(&cli1, fnum1, 0, buf, 0, 20) != 20) {
-		printf("write failed (%s)\n", cli_errstr(&cli1));
+	if (cli_write(cli1, fnum1, 0, buf, 0, 20) != 20) {
+		printf("write failed (%s)\n", cli_errstr(cli1));
 		correct = False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("(3) close1 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("(3) close1 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 	
 	/* Ensure size == 20. */
-	if (!cli_getatr(&cli1, fname, NULL, &fsize, NULL)) {
-		printf("(3) getatr failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_getatr(cli1, fname, NULL, &fsize, NULL)) {
+		printf("(3) getatr failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 	
@@ -3303,20 +3281,20 @@ static BOOL run_opentest(int dummy)
 
 	/* Now test if we can truncate a file opened for readonly. */
 	
-	fnum1 = cli_open(&cli1, fname, O_RDONLY|O_TRUNC, DENY_NONE);
+	fnum1 = cli_open(cli1, fname, O_RDONLY|O_TRUNC, DENY_NONE);
 	if (fnum1 == -1) {
-		printf("(3) open (2) of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("(3) open (2) of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 	
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
 	/* Ensure size == 0. */
-	if (!cli_getatr(&cli1, fname, NULL, &fsize, NULL)) {
-		printf("(3) getatr failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_getatr(cli1, fname, NULL, &fsize, NULL)) {
+		printf("(3) getatr failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 
@@ -3326,21 +3304,21 @@ static BOOL run_opentest(int dummy)
 	}
 	printf("finished open test 3\n");
 	
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
 
 	printf("testing ctemp\n");
-	fnum1 = cli_ctemp(&cli1, "\\", &tmp_path);
+	fnum1 = cli_ctemp(cli1, "\\", &tmp_path);
 	if (fnum1 == -1) {
-		printf("ctemp failed (%s)\n", cli_errstr(&cli1));
+		printf("ctemp failed (%s)\n", cli_errstr(cli1));
 		return False;
 	}
 	printf("ctemp gave path %s\n", tmp_path);
-	if (!cli_close(&cli1, fnum1)) {
-		printf("close of temp failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("close of temp failed (%s)\n", cli_errstr(cli1));
 	}
-	if (!cli_unlink(&cli1, tmp_path)) {
-		printf("unlink of temp failed (%s)\n", cli_errstr(&cli1));
+	if (!cli_unlink(cli1, tmp_path)) {
+		printf("unlink of temp failed (%s)\n", cli_errstr(cli1));
 	}
 	
 	/* Test the non-io opens... */
@@ -3349,158 +3327,158 @@ static BOOL run_opentest(int dummy)
 		return False;
 	}
 	
-	cli_setatr(&cli2, fname, 0, 0);
-	cli_unlink(&cli2, fname);
+	cli_setatr(cli2, fname, 0, 0);
+	cli_unlink(cli2, fname);
 	
-	cli_sockopt(&cli2, sockops);
+	cli_sockopt(cli2, sockops);
 
 	printf("TEST #1 testing 2 non-io opens (no delete)\n");
 	
-	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("test 1 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("test 1 open 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
 
 	if (fnum2 == -1) {
-		printf("test 1 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("test 1 open 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("test 1 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("test 1 close 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
-	if (!cli_close(&cli2, fnum2)) {
-		printf("test 1 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+	if (!cli_close(cli2, fnum2)) {
+		printf("test 1 close 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
 	printf("non-io open test #1 passed.\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
 	printf("TEST #2 testing 2 non-io opens (first with delete)\n");
 	
-	fnum1 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("test 2 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("test 2 open 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
 
 	if (fnum2 == -1) {
-		printf("test 2 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("test 2 open 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("test 1 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("test 1 close 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
-	if (!cli_close(&cli2, fnum2)) {
-		printf("test 1 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli2, fnum2)) {
+		printf("test 1 close 2 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
 	printf("non-io open test #2 passed.\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
 	printf("TEST #3 testing 2 non-io opens (second with delete)\n");
 	
-	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("test 3 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("test 3 open 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
 
 	if (fnum2 == -1) {
-		printf("test 3 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("test 3 open 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("test 3 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("test 3 close 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
-	if (!cli_close(&cli2, fnum2)) {
-		printf("test 3 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+	if (!cli_close(cli2, fnum2)) {
+		printf("test 3 close 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
 	printf("non-io open test #3 passed.\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
 	printf("TEST #4 testing 2 non-io opens (both with delete)\n");
 	
-	fnum1 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("test 4 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("test 4 open 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
 
 	if (fnum2 != -1) {
-		printf("test 4 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("test 4 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	printf("test 3 open 2 of %s gave %s (correct error should be %s)\n", fname, cli_errstr(&cli2), "sharing violation");
+	printf("test 3 open 2 of %s gave %s (correct error should be %s)\n", fname, cli_errstr(cli2), "sharing violation");
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("test 4 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("test 4 close 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
 	printf("non-io open test #4 passed.\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
 	printf("TEST #5 testing 2 non-io opens (both with delete - both with file share delete)\n");
 	
-	fnum1 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("test 5 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("test 5 open 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_DELETE, FILE_OPEN_IF, 0);
 
 	if (fnum2 == -1) {
-		printf("test 5 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("test 5 open 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("test 5 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("test 5 close 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_close(&cli2, fnum2)) {
-		printf("test 5 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+	if (!cli_close(cli2, fnum2)) {
+		printf("test 5 close 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
@@ -3508,31 +3486,31 @@ static BOOL run_opentest(int dummy)
 
 	printf("TEST #6 testing 1 non-io open, one io open\n");
 	
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("test 6 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("test 6 open 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_READ, FILE_OPEN_IF, 0);
 
 	if (fnum2 == -1) {
-		printf("test 6 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("test 6 open 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("test 6 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("test 6 close 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	if (!cli_close(&cli2, fnum2)) {
-		printf("test 6 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+	if (!cli_close(cli2, fnum2)) {
+		printf("test 6 close 2 of %s failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
@@ -3540,39 +3518,39 @@ static BOOL run_opentest(int dummy)
 
 	printf("TEST #7 testing 1 non-io open, one io open with delete\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+	fnum1 = cli_nt_create_full(cli1, fname,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 	if (fnum1 == -1) {
-		printf("test 7 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		printf("test 7 open 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
-	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+	fnum2 = cli_nt_create_full(cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
 				   FILE_SHARE_READ|FILE_SHARE_DELETE, FILE_OPEN_IF, 0);
 
 	if (fnum2 != -1) {
-		printf("test 7 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, cli_errstr(&cli2));
+		printf("test 7 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, cli_errstr(cli2));
 		return False;
 	}
 
-	printf("test 7 open 2 of %s gave %s (correct error should be %s)\n", fname, cli_errstr(&cli2), "sharing violation");
+	printf("test 7 open 2 of %s gave %s (correct error should be %s)\n", fname, cli_errstr(cli2), "sharing violation");
 
-	if (!cli_close(&cli1, fnum1)) {
-		printf("test 7 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+	if (!cli_close(cli1, fnum1)) {
+		printf("test 7 close 1 of %s failed (%s)\n", fname, cli_errstr(cli1));
 		return False;
 	}
 
 	printf("non-io open test #7 passed.\n");
 
-	cli_unlink(&cli1, fname);
+	cli_unlink(cli1, fname);
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
-	if (!torture_close_connection(&cli2)) {
+	if (!torture_close_connection(cli2)) {
 		correct = False;
 	}
 	
@@ -3600,7 +3578,7 @@ static uint32 open_attrs_table[] = {
 };
 
 struct trunc_open_results {
-	int num;
+	unsigned int num;
 	uint32 init_attr;
 	uint32 trunc_attr;
 	uint32 result_attr;
@@ -3637,12 +3615,12 @@ static struct trunc_open_results attr_results[] = {
 
 static BOOL run_openattrtest(int dummy)
 {
-	static struct cli_state cli1;
+	static struct cli_state *cli1;
 	const char *fname = "\\openattr.file";
 	int fnum1;
 	BOOL correct = True;
 	uint16 attr;
-	int i, j, k, l;
+	unsigned int i, j, k, l;
 
 	printf("starting open attr test\n");
 	
@@ -3650,26 +3628,26 @@ static BOOL run_openattrtest(int dummy)
 		return False;
 	}
 	
-	cli_sockopt(&cli1, sockops);
+	cli_sockopt(cli1, sockops);
 
 	for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32); i++) {
-		cli_setatr(&cli1, fname, 0, 0);
-		cli_unlink(&cli1, fname);
-		fnum1 = cli_nt_create_full(&cli1, fname,FILE_WRITE_DATA, open_attrs_table[i],
+		cli_setatr(cli1, fname, 0, 0);
+		cli_unlink(cli1, fname);
+		fnum1 = cli_nt_create_full(cli1, fname,FILE_WRITE_DATA, open_attrs_table[i],
 				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
 
 		if (fnum1 == -1) {
-			printf("open %d (1) of %s failed (%s)\n", i, fname, cli_errstr(&cli1));
+			printf("open %d (1) of %s failed (%s)\n", i, fname, cli_errstr(cli1));
 			return False;
 		}
 
-		if (!cli_close(&cli1, fnum1)) {
-			printf("close %d (1) of %s failed (%s)\n", i, fname, cli_errstr(&cli1));
+		if (!cli_close(cli1, fnum1)) {
+			printf("close %d (1) of %s failed (%s)\n", i, fname, cli_errstr(cli1));
 			return False;
 		}
 
 		for (j = 0; j < sizeof(open_attrs_table)/sizeof(uint32); j++) {
-			fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_DATA|FILE_WRITE_DATA, open_attrs_table[j],
+			fnum1 = cli_nt_create_full(cli1, fname,FILE_READ_DATA|FILE_WRITE_DATA, open_attrs_table[j],
 					   FILE_SHARE_NONE, FILE_OVERWRITE, 0);
 
 			if (fnum1 == -1) {
@@ -3678,14 +3656,14 @@ static BOOL run_openattrtest(int dummy)
 						printf("[%d] trunc open 0x%x -> 0x%x of %s failed - should have succeeded !(0x%x:%s)\n",
 								k, open_attrs_table[i],
 								open_attrs_table[j],
-								fname, NT_STATUS_V(cli_nt_error(&cli1)), cli_errstr(&cli1));
+								fname, NT_STATUS_V(cli_nt_error(cli1)), cli_errstr(cli1));
 						correct = False;
 					}
 				}
-				if (NT_STATUS_V(cli_nt_error(&cli1)) != NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
+				if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
 					printf("[%d] trunc open 0x%x -> 0x%x failed with wrong error code %s\n",
 							k, open_attrs_table[i], open_attrs_table[j],
-							cli_errstr(&cli1));
+							cli_errstr(cli1));
 					correct = False;
 				}
 #if 0
@@ -3695,13 +3673,13 @@ static BOOL run_openattrtest(int dummy)
 				continue;
 			}
 
-			if (!cli_close(&cli1, fnum1)) {
-				printf("close %d (2) of %s failed (%s)\n", j, fname, cli_errstr(&cli1));
+			if (!cli_close(cli1, fnum1)) {
+				printf("close %d (2) of %s failed (%s)\n", j, fname, cli_errstr(cli1));
 				return False;
 			}
 
-			if (!cli_getatr(&cli1, fname, &attr, NULL, NULL)) {
-				printf("getatr(2) failed (%s)\n", cli_errstr(&cli1));
+			if (!cli_getatr(cli1, fname, &attr, NULL, NULL)) {
+				printf("getatr(2) failed (%s)\n", cli_errstr(cli1));
 				return False;
 			}
 
@@ -3729,12 +3707,12 @@ static BOOL run_openattrtest(int dummy)
 		}
 	}
 
-	cli_setatr(&cli1, fname, 0, 0);
-	cli_unlink(&cli1, fname);
+	cli_setatr(cli1, fname, 0, 0);
+	cli_unlink(cli1, fname);
 
 	printf("open attr test %s.\n", correct ? "passed" : "failed");
 
-	if (!torture_close_connection(&cli1)) {
+	if (!torture_close_connection(cli1)) {
 		correct = False;
 	}
 	return correct;
@@ -3751,7 +3729,7 @@ static void list_fn(file_info *finfo, const char *name, void *state)
 static BOOL run_dirtest(int dummy)
 {
 	int i;
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	int fnum;
 	double t1;
 	BOOL correct = True;
@@ -3762,25 +3740,25 @@ static BOOL run_dirtest(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
 	srandom(0);
 	for (i=0;i<torture_numops;i++) {
 		fstring fname;
 		slprintf(fname, sizeof(fname), "\\%x", (int)random());
-		fnum = cli_open(&cli, fname, O_RDWR|O_CREAT, DENY_NONE);
+		fnum = cli_open(cli, fname, O_RDWR|O_CREAT, DENY_NONE);
 		if (fnum == -1) {
 			fprintf(stderr,"Failed to open %s\n", fname);
 			return False;
 		}
-		cli_close(&cli, fnum);
+		cli_close(cli, fnum);
 	}
 
 	t1 = end_timer();
 
-	printf("Matched %d\n", cli_list(&cli, "a*.*", 0, list_fn, NULL));
-	printf("Matched %d\n", cli_list(&cli, "b*.*", 0, list_fn, NULL));
-	printf("Matched %d\n", cli_list(&cli, "xyzabc", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(cli, "a*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(cli, "b*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(cli, "xyzabc", 0, list_fn, NULL));
 
 	printf("dirtest core %g seconds\n", end_timer() - t1);
 
@@ -3788,10 +3766,10 @@ static BOOL run_dirtest(int dummy)
 	for (i=0;i<torture_numops;i++) {
 		fstring fname;
 		slprintf(fname, sizeof(fname), "\\%x", (int)random());
-		cli_unlink(&cli, fname);
+		cli_unlink(cli, fname);
 	}
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -3821,7 +3799,7 @@ static void del_fn(file_info *finfo, const char *mask, void *state)
 static BOOL run_dirtest1(int dummy)
 {
 	int i;
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	int fnum, num_seen;
 	BOOL correct = True;
 
@@ -3831,36 +3809,36 @@ static BOOL run_dirtest1(int dummy)
 		return False;
 	}
 
-	cli_sockopt(&cli, sockops);
+	cli_sockopt(cli, sockops);
 
-	cli_list(&cli, "\\LISTDIR\\*", 0, del_fn, &cli);
-	cli_list(&cli, "\\LISTDIR\\*", aDIR, del_fn, &cli);
-	cli_rmdir(&cli, "\\LISTDIR");
-	cli_mkdir(&cli, "\\LISTDIR");
+	cli_list(cli, "\\LISTDIR\\*", 0, del_fn, cli);
+	cli_list(cli, "\\LISTDIR\\*", aDIR, del_fn, cli);
+	cli_rmdir(cli, "\\LISTDIR");
+	cli_mkdir(cli, "\\LISTDIR");
 
 	/* Create 1000 files and 1000 directories. */
 	for (i=0;i<1000;i++) {
 		fstring fname;
 		slprintf(fname, sizeof(fname), "\\LISTDIR\\f%d", i);
-		fnum = cli_nt_create_full(&cli, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
+		fnum = cli_nt_create_full(cli, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
 				   FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OVERWRITE_IF, 0);
 		if (fnum == -1) {
 			fprintf(stderr,"Failed to open %s\n", fname);
 			return False;
 		}
-		cli_close(&cli, fnum);
+		cli_close(cli, fnum);
 	}
 	for (i=0;i<1000;i++) {
 		fstring fname;
 		slprintf(fname, sizeof(fname), "\\LISTDIR\\d%d", i);
-		if (!cli_mkdir(&cli, fname)) {
+		if (!cli_mkdir(cli, fname)) {
 			fprintf(stderr,"Failed to open %s\n", fname);
 			return False;
 		}
 	}
 
 	/* Now ensure that doing an old list sees both files and directories. */
-	num_seen = cli_list_old(&cli, "\\LISTDIR\\*", aDIR, list_fn, NULL);
+	num_seen = cli_list_old(cli, "\\LISTDIR\\*", aDIR, list_fn, NULL);
 	printf("num_seen = %d\n", num_seen );
 	/* We should see 100 files + 1000 directories + . and .. */
 	if (num_seen != 2002)
@@ -3869,28 +3847,28 @@ static BOOL run_dirtest1(int dummy)
 	/* Ensure if we have the "must have" bits we only see the
 	 * relevent entries.
 	 */
-	num_seen = cli_list_old(&cli, "\\LISTDIR\\*", (aDIR<<8)|aDIR, list_fn, NULL);
+	num_seen = cli_list_old(cli, "\\LISTDIR\\*", (aDIR<<8)|aDIR, list_fn, NULL);
 	printf("num_seen = %d\n", num_seen );
 	if (num_seen != 1002)
 		correct = False;
 
-	num_seen = cli_list_old(&cli, "\\LISTDIR\\*", (aARCH<<8)|aDIR, list_fn, NULL);
+	num_seen = cli_list_old(cli, "\\LISTDIR\\*", (aARCH<<8)|aDIR, list_fn, NULL);
 	printf("num_seen = %d\n", num_seen );
 	if (num_seen != 1000)
 		correct = False;
 
 	/* Delete everything. */
-	cli_list(&cli, "\\LISTDIR\\*", 0, del_fn, &cli);
-	cli_list(&cli, "\\LISTDIR\\*", aDIR, del_fn, &cli);
-	cli_rmdir(&cli, "\\LISTDIR");
+	cli_list(cli, "\\LISTDIR\\*", 0, del_fn, cli);
+	cli_list(cli, "\\LISTDIR\\*", aDIR, del_fn, cli);
+	cli_rmdir(cli, "\\LISTDIR");
 
 #if 0
-	printf("Matched %d\n", cli_list(&cli, "a*.*", 0, list_fn, NULL));
-	printf("Matched %d\n", cli_list(&cli, "b*.*", 0, list_fn, NULL));
-	printf("Matched %d\n", cli_list(&cli, "xyzabc", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(cli, "a*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(cli, "b*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(cli, "xyzabc", 0, list_fn, NULL));
 #endif
 
-	if (!torture_close_connection(&cli)) {
+	if (!torture_close_connection(cli)) {
 		correct = False;
 	}
 
@@ -4044,7 +4022,6 @@ static double create_procs(BOOL (*fn)(int), BOOL *result)
 			slprintf(myname,sizeof(myname),"CLIENT%d", i);
 
 			while (1) {
-				memset(&current_cli, 0, sizeof(current_cli));
 				if (torture_open_connection(&current_cli)) break;
 				if (tries-- == 0) {
 					printf("pid %d failed to start\n", (int)getpid());
diff --git a/source3/torture/utable.c b/source3/torture/utable.c
index 2b5a912062..d9c1fcbafd 100644
--- a/source3/torture/utable.c
+++ b/source3/torture/utable.c
@@ -24,7 +24,7 @@
 
 BOOL torture_utable(int dummy)
 {
-	static struct cli_state cli;
+	struct cli_state *cli;
 	fstring fname, alt_name;
 	int fnum;
 	smb_ucs2_t c2;
@@ -40,8 +40,8 @@ BOOL torture_utable(int dummy)
 
 	memset(valid, 0, sizeof(valid));
 
-	cli_mkdir(&cli, "\\utable");
-	cli_unlink(&cli, "\\utable\\*");
+	cli_mkdir(cli, "\\utable");
+	cli_unlink(cli, "\\utable\\*");
 
 	for (c=1; c < 0x10000; c++) {
 		char *p;
@@ -55,13 +55,13 @@ BOOL torture_utable(int dummy)
 		p[len] = 0;
 		fstrcat(fname,"_a_long_extension");
 
-		fnum = cli_open(&cli, fname, O_RDWR | O_CREAT | O_TRUNC, 
+		fnum = cli_open(cli, fname, O_RDWR | O_CREAT | O_TRUNC, 
 				DENY_NONE);
 		if (fnum == -1) continue;
 
 		chars_allowed++;
 
-		cli_qpathinfo_alt_name(&cli, fname, alt_name);
+		cli_qpathinfo_alt_name(cli, fname, alt_name);
 
 		if (strncmp(alt_name, "X_A_L", 5) != 0) {
 			alt_allowed++;
@@ -69,8 +69,8 @@ BOOL torture_utable(int dummy)
 			d_printf("fname=[%s] alt_name=[%s]\n", fname, alt_name);
 		}
 
-		cli_close(&cli, fnum);
-		cli_unlink(&cli, fname);
+		cli_close(cli, fnum);
+		cli_unlink(cli, fname);
 
 		if (c % 100 == 0) {
 			printf("%d (%d/%d)\r", c, chars_allowed, alt_allowed);
@@ -78,7 +78,7 @@ BOOL torture_utable(int dummy)
 	}
 	printf("%d (%d/%d)\n", c, chars_allowed, alt_allowed);
 
-	cli_rmdir(&cli, "\\utable");
+	cli_rmdir(cli, "\\utable");
 
 	d_printf("%d chars allowed   %d alt chars allowed\n", chars_allowed, alt_allowed);
 
@@ -115,7 +115,7 @@ static char *form_name(int c)
 
 BOOL torture_casetable(int dummy)
 {
-	static struct cli_state cli;
+	static struct cli_state *cli;
 	char *fname;
 	int fnum;
 	int c, i;
@@ -129,8 +129,8 @@ BOOL torture_casetable(int dummy)
 
 	memset(equiv, 0, sizeof(equiv));
 
-	cli_mkdir(&cli, "\\utable");
-	cli_unlink(&cli, "\\utable\\*");
+	cli_mkdir(cli, "\\utable");
+	cli_unlink(cli, "\\utable\\*");
 
 	for (c=1; c < 0x10000; c++) {
 		size_t size;
@@ -140,7 +140,7 @@ BOOL torture_casetable(int dummy)
 		printf("%04x\n", c);
 
 		fname = form_name(c);
-		fnum = cli_nt_create_full(&cli, fname, 
+		fnum = cli_nt_create_full(cli, fname, 
 					  GENERIC_ALL_ACCESS, 
 					  FILE_ATTRIBUTE_NORMAL,
 					  FILE_SHARE_NONE,
@@ -150,7 +150,7 @@ BOOL torture_casetable(int dummy)
 
 		size = 0;
 
-		if (!cli_qfileinfo(&cli, fnum, NULL, &size, 
+		if (!cli_qfileinfo(cli, fnum, NULL, &size, 
 				   NULL, NULL, NULL, NULL, NULL)) continue;
 
 		if (size > 0) {
@@ -160,11 +160,11 @@ BOOL torture_casetable(int dummy)
 			if (size/sizeof(int) >= MAX_EQUIVALENCE) {
 				printf("too many chars match?? size=%d c=0x%04x\n",
 				       size, c);
-				cli_close(&cli, fnum);
+				cli_close(cli, fnum);
 				return False;
 			}
 
-			cli_read(&cli, fnum, (char *)c2, 0, size);
+			cli_read(cli, fnum, (char *)c2, 0, size);
 			printf("%04x: ", c);
 			equiv[c][0] = c;
 			for (i=0; i<size/sizeof(int); i++) {
@@ -175,12 +175,12 @@ BOOL torture_casetable(int dummy)
 			fflush(stdout);
 		}
 
-		cli_write(&cli, fnum, 0, (char *)&c, size, sizeof(c));
-		cli_close(&cli, fnum);
+		cli_write(cli, fnum, 0, (char *)&c, size, sizeof(c));
+		cli_close(cli, fnum);
 	}
 
-	cli_unlink(&cli, "\\utable\\*");
-	cli_rmdir(&cli, "\\utable");
+	cli_unlink(cli, "\\utable\\*");
+	cli_rmdir(cli, "\\utable");
 
 	return True;
 }
-- 
cgit 


From 26b1ed7cc05e3bfd9f83bdb664cc6ca0a9883c4a Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 6 Mar 2003 16:06:12 +0000
Subject: add #define for the max device name length in a DEVICEMODE (This used
 to be commit 21ec2b6ba3ddba6964f6ddb53f8494e4a8b48a83)

---
 source3/include/nt_printing.h     | 2 ++
 source3/printing/nt_printing.c    | 2 +-
 source3/rpc_parse/parse_spoolss.c | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
index ca65a40d48..762b1c6917 100644
--- a/source3/include/nt_printing.h
+++ b/source3/include/nt_printing.h
@@ -255,6 +255,8 @@ typedef struct {
 	NT_PRINTER_KEY	*keys;
 } NT_PRINTER_DATA;
 
+#define MAXDEVICENAME	32
+
 typedef struct ntdevicemode
 {
 	fstring	devicename;
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 6df2c6b445..a486fb9c00 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2110,7 +2110,7 @@ done:
 NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename)
 {
 
-	char adevice[33];
+	char adevice[MAXDEVICENAME];
 	NT_DEVICEMODE *nt_devmode = (NT_DEVICEMODE *)malloc(sizeof(NT_DEVICEMODE));
 
 	if (nt_devmode == NULL) {
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 0545f89ff7..a5d2087a3a 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -684,7 +684,7 @@ BOOL spoolss_io_devmode(const char *desc, prs_struct *ps, int depth, DEVICEMODE
 			return False;
 	}
 
-	if (!prs_uint16uni(True,"devicename", ps, depth, devmode->devicename.buffer, 32))
+	if (!prs_uint16uni(True,"devicename", ps, depth, devmode->devicename.buffer, MAXDEVICENAME))
 		return False;
 	
 	if (!prs_uint16("specversion",      ps, depth, &devmode->specversion))
-- 
cgit 


From 389a47fb66acbfec490365d18042613a5245d5e0 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 6 Mar 2003 17:05:33 +0000
Subject: Redirect to printer docs for removed options (This used to be commit
 401a522d88abdb6d6f01707f51b658d4e0497d3d)

---
 docs/docbook/projdoc/upgrading-to-3.0.sgml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/docbook/projdoc/upgrading-to-3.0.sgml b/docs/docbook/projdoc/upgrading-to-3.0.sgml
index c90c8922d6..f227556151 100644
--- a/docs/docbook/projdoc/upgrading-to-3.0.sgml
+++ b/docs/docbook/projdoc/upgrading-to-3.0.sgml
@@ -31,6 +31,9 @@ In 3.0, the following configuration options have been removed.
 <member>postscript</member>
 </simplelist>
 
+<para>The first three options have been replaced by new driver procedures. 
+Please read the printing documentation.</para>
+
 </sect1>
 
 </chapter>
-- 
cgit 


From 735bcfacda659cc17ee6508f30f264b37afb4d17 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 6 Mar 2003 17:09:07 +0000
Subject: Add documentation on line returned by 'add printer command' script
 (This used to be commit d41dbe568ec77e4860678e5ee4fe2ab2f2da507b)

---
 docs/docbook/manpages/smb.conf.5.sgml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 78c7ecaef1..fb1e829700 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -983,12 +983,18 @@ alias|alias|alias|alias...
 		driver location" parameter is included for backwards compatibility
 		only.  The remaining fields in the structure are generated from answers
 		to the APW questions.</para>
-		
+
 		<para>Once the <parameter>addprinter command</parameter> has 
 		been executed, <command>smbd</command> will reparse the <filename>
 		smb.conf</filename> to determine if the share defined by the APW
 		exists.  If the sharename is still invalid, then <command>smbd
 		</command> will return an ACCESS_DENIED error to the client.</para>
+
+		<para>
+		The "add printer command" program can output a single line of text,
+		which Samba will set as the port the new printer is connected to. 
+		If this line isn't output, Samba won't reload its printer shares.
+		</para>
 		
 		<para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter>
 		deleteprinter command</parameter></link>, <link 
-- 
cgit 


From 3327f13795c10bac2f2c38b22826a54a40e1a945 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 7 Mar 2003 00:30:29 +0000
Subject: Found at Connectathon, .NET RC1 arranges trans/trans2/nttrans
 parameters differently to W2K, cope with this. Jeremy. (This used to be
 commit 172f415c9eaa4d310a52794e3dc1a6bc92206ce4)

---
 source3/smbd/ipc.c     | 101 +++++++++++++++++++++++++++++++++++-------------
 source3/smbd/nttrans.c | 102 ++++++++++++++++++++++++++++++++++++++-----------
 source3/smbd/trans2.c  |  93 ++++++++++++++++++++++++++++++++++----------
 3 files changed, 227 insertions(+), 69 deletions(-)

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 7fe02dbccf..08337c2901 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -360,52 +360,66 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 	uint16 *setup=NULL;
 	int outsize = 0;
 	uint16 vuid = SVAL(inbuf,smb_uid);
-	int tpscnt = SVAL(inbuf,smb_vwv0);
-	int tdscnt = SVAL(inbuf,smb_vwv1);
-	int mprcnt = SVAL(inbuf,smb_vwv2);
-	int mdrcnt = SVAL(inbuf,smb_vwv3);
-	int msrcnt = CVAL(inbuf,smb_vwv4);
+	unsigned int tpscnt = SVAL(inbuf,smb_vwv0);
+	unsigned int tdscnt = SVAL(inbuf,smb_vwv1);
+	unsigned int mprcnt = SVAL(inbuf,smb_vwv2);
+	unsigned int mdrcnt = SVAL(inbuf,smb_vwv3);
+	unsigned int msrcnt = CVAL(inbuf,smb_vwv4);
 	BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0);
 	BOOL one_way = BITSETW(inbuf+smb_vwv5,1);
-	int pscnt = SVAL(inbuf,smb_vwv9);
-	int psoff = SVAL(inbuf,smb_vwv10);
-	int dscnt = SVAL(inbuf,smb_vwv11);
-	int dsoff = SVAL(inbuf,smb_vwv12);
-	int suwcnt = CVAL(inbuf,smb_vwv13);
+	unsigned int pscnt = SVAL(inbuf,smb_vwv9);
+	unsigned int psoff = SVAL(inbuf,smb_vwv10);
+	unsigned int dscnt = SVAL(inbuf,smb_vwv11);
+	unsigned int dsoff = SVAL(inbuf,smb_vwv12);
+	unsigned int suwcnt = CVAL(inbuf,smb_vwv13);
 	START_PROFILE(SMBtrans);
 
 	memset(name, '\0',sizeof(name));
 	srvstr_pull_buf(inbuf, name, smb_buf(inbuf), sizeof(name), STR_TERMINATE);
 
-	if (dscnt > tdscnt || pscnt > tpscnt) {
-		exit_server("invalid trans parameters");
-	}
+	if (dscnt > tdscnt || pscnt > tpscnt)
+		goto bad_param;
   
 	if (tdscnt)  {
 		if((data = (char *)malloc(tdscnt)) == NULL) {
-			DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
+			DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
 			END_PROFILE(SMBtrans);
 			return(ERROR_DOS(ERRDOS,ERRnomem));
 		} 
+		if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
+			goto bad_param;
+		if (smb_base(inbuf)+dsoff+dscnt > inbuf + size)
+			goto bad_param;
+
 		memcpy(data,smb_base(inbuf)+dsoff,dscnt);
 	}
 
 	if (tpscnt) {
 		if((params = (char *)malloc(tpscnt)) == NULL) {
-			DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
+			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
 			END_PROFILE(SMBtrans);
 			return(ERROR_DOS(ERRDOS,ERRnomem));
 		} 
+		if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
+			 goto bad_param;
+		if (smb_base(inbuf)+psoff+pscnt > inbuf + size)
+			goto bad_param;
+
 		memcpy(params,smb_base(inbuf)+psoff,pscnt);
 	}
 
 	if (suwcnt) {
 		int i;
 		if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
-          DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16))));
-		  END_PROFILE(SMBtrans);
-		  return(ERROR_DOS(ERRDOS,ERRnomem));
-        } 
+			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
+			END_PROFILE(SMBtrans);
+			return(ERROR_DOS(ERRDOS,ERRnomem));
+		} 
+		if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size)
+			goto bad_param;
+		if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD)))
+			goto bad_param;
+
 		for (i=0;i<suwcnt;i++)
 			setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
 	}
@@ -423,7 +437,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 	/* receive the rest of the trans packet */
 	while (pscnt < tpscnt || dscnt < tdscnt) {
 		BOOL ret;
-		int pcnt,poff,dcnt,doff,pdisp,ddisp;
+		unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
       
 		ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
 
@@ -443,8 +457,11 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 
 		show_msg(inbuf);
       
-		tpscnt = SVAL(inbuf,smb_vwv0);
-		tdscnt = SVAL(inbuf,smb_vwv1);
+		/* Revise total_params and total_data in case they have changed downwards */
+		if (SVAL(inbuf,smb_vwv0) < tpscnt)
+			tpscnt = SVAL(inbuf,smb_vwv0);
+		if (SVAL(inbuf,smb_vwv1) < tdscnt)
+			tdscnt = SVAL(inbuf,smb_vwv1);
 
 		pcnt = SVAL(inbuf,smb_vwv2);
 		poff = SVAL(inbuf,smb_vwv3);
@@ -457,14 +474,34 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 		pscnt += pcnt;
 		dscnt += dcnt;
 		
-		if (dscnt > tdscnt || pscnt > tpscnt) {
-			exit_server("invalid trans parameters");
-		}
+		if (dscnt > tdscnt || pscnt > tpscnt)
+			goto bad_param;
 		
-		if (pcnt)
+		if (pcnt) {
+			if (pdisp+pcnt >= tpscnt)
+				goto bad_param;
+			if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
+				 goto bad_param;
+			if (smb_base(inbuf) + poff + pcnt >= inbuf + bufsize)
+				goto bad_param;
+			if (params + pdisp < params)
+				goto bad_param;
+
 			memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
-		if (dcnt)
+		}
+
+		if (dcnt) {
+			if (ddisp+dcnt >= tdscnt)
+				goto bad_param;
+			if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
+				goto bad_param;
+			if (smb_base(inbuf) + doff + dcnt >= inbuf + bufsize)
+				goto bad_param;
+			if (data + ddisp < data)
+				goto bad_param;
+
 			memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);      
+		}
 	}
 	
 	
@@ -517,4 +554,14 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 	
 	END_PROFILE(SMBtrans);
 	return(outsize);
+
+
+  bad_param:
+
+	DEBUG(0,("reply_trans: invalid trans parameters\n"));
+	SAFE_FREE(data);
+	SAFE_FREE(params);
+	SAFE_FREE(setup);
+	END_PROFILE(SMBtrans);
+	return ERROR_DOS(ERRDOS,ERRinvalidparam);
 }
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index bfac4e82e3..375c6c44f6 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1771,8 +1771,7 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
 	if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) {
 		DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
 			CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
-		END_PROFILE(SMBnttrans);
-		return ERROR_DOS(ERRSRV,ERRerror);
+		goto bad_param;
 	}
     
 	/* Allocate the space for the setup, the maximum needed parameters and data */
@@ -1799,21 +1798,38 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
 	num_data_sofar = data_count;
 
 	if (parameter_count > total_parameter_count || data_count > total_data_count)
-		exit_server("reply_nttrans: invalid sizes in packet.");
+		goto bad_param;
 
 	if(setup) {
-		memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
 		DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
+		if ((smb_nt_SetupStart + setup_count < smb_nt_SetupStart) ||
+				(smb_nt_SetupStart + setup_count < setup_count))
+			goto bad_param;
+		if (smb_nt_SetupStart + setup_count > length)
+			goto bad_param;
+
+		memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
 		dump_data(10, setup, setup_count);
 	}
 	if(params) {
-		memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
 		DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
+		if ((parameter_offset + parameter_count < parameter_offset) ||
+				(parameter_offset + parameter_count < parameter_count))
+			goto bad_param;
+		if (smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length)
+			goto bad_param;
+
+		memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
 		dump_data(10, params, parameter_count);
 	}
 	if(data) {
-		memcpy( data, smb_base(inbuf) + data_offset, data_count);
 		DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
+		if ((data_offset + data_count < data_offset) || (data_offset + data_count < data_count))
+			goto bad_param;
+		if (smb_base(inbuf) + data_offset + data_count > inbuf + length)
+			goto bad_param;
+
+		memcpy( data, smb_base(inbuf) + data_offset, data_count);
 		dump_data(10, data, data_count);
 	}
 
@@ -1826,6 +1842,8 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
 
 		while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
 			BOOL ret;
+			uint32 parameter_displacement;
+			uint32 data_displacement;
 
 			ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
 
@@ -1837,25 +1855,57 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
 					DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
 						(smb_read_error == READ_ERROR) ? "error" : "timeout" ));
 				}
-				SAFE_FREE(params);
-				SAFE_FREE(data);
-				SAFE_FREE(setup);
-				END_PROFILE(SMBnttrans);
-				return ERROR_DOS(ERRSRV,ERRerror);
+				goto bad_param;
 			}
       
 			/* Revise total_params and total_data in case they have changed downwards */
-			total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
-			total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
-			num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
-			num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
-			if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
-				exit_server("reply_nttrans2: data overflow in secondary nttrans packet");
-
-			memcpy( &params[ IVAL(inbuf, smb_nts_ParameterDisplacement)], 
-				smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
-			memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
-				smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
+			if (IVAL(inbuf, smb_nts_TotalParameterCount) < total_parameter_count)
+				total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
+			if (IVAL(inbuf, smb_nts_TotalDataCount) < total_data_count)
+				total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
+
+			parameter_count = IVAL(inbuf,smb_nts_ParameterCount);
+			parameter_offset = IVAL(inbuf, smb_nts_ParameterOffset);
+			parameter_displacement = IVAL(inbuf, smb_nts_ParameterDisplacement);
+			num_params_sofar += parameter_count;
+
+			data_count = IVAL(inbuf, smb_nts_DataCount);
+			data_displacement = IVAL(inbuf, smb_nts_DataDisplacement);
+			data_offset = IVAL(inbuf, smb_nts_DataDisplacement);
+			num_data_sofar += data_count;
+
+			if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) {
+				DEBUG(0,("reply_nttrans2: data overflow in secondary nttrans packet"));
+				goto bad_param;
+			}
+
+			if (parameter_count) {
+				if (parameter_displacement + parameter_count >= total_parameter_count)
+					goto bad_param;
+				if ((parameter_displacement + parameter_count < parameter_displacement) ||
+						(parameter_displacement + parameter_count < parameter_count))
+					goto bad_param;
+				if (smb_base(inbuf) + parameter_offset + parameter_count >= inbuf + bufsize)
+					goto bad_param;
+				if (parameter_displacement + params < params)
+					goto bad_param;
+
+				memcpy( &params[parameter_displacement], smb_base(inbuf) + parameter_offset, parameter_count);
+			}
+
+			if (data_count) {
+				if (data_displacement + data_count >= total_data_count)
+					goto bad_param;
+				if ((data_displacement + data_count < data_displacement) ||
+						(data_displacement + data_count < data_count))
+					goto bad_param;
+				if (smb_base(inbuf) + data_offset + data_count >= inbuf + bufsize)
+					goto bad_param;
+				if (data_displacement + data < data)
+					goto bad_param;
+
+				memcpy( &data[data_displacement], smb_base(inbuf)+ data_offset, data_count);
+			}
 		}
 	}
 
@@ -1933,4 +1983,12 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
 	return outsize; /* If a correct response was needed the call_nt_transact_xxxx 
 				calls have already sent it. If outsize != -1 then it is
 				returning an error packet. */
+
+ bad_param:
+
+	SAFE_FREE(params);
+	SAFE_FREE(data);
+	SAFE_FREE(setup);
+	END_PROFILE(SMBnttrans);
+	return ERROR_DOS(ERRDOS,ERRinvalidparam);
 }
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 155c996314..d57a29ff77 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3094,7 +3094,7 @@ int reply_trans2(connection_struct *conn,
 	unsigned int suwcnt = SVAL(inbuf, smb_suwcnt);
 	unsigned int tran_call = SVAL(inbuf, smb_setup0);
 	char *params = NULL, *data = NULL;
-	int num_params, num_params_sofar, num_data, num_data_sofar;
+	unsigned int num_params, num_params_sofar, num_data, num_data_sofar;
 	START_PROFILE(SMBtrans2);
 
 	if(global_oplock_break && (tran_call == TRANSACT2_OPEN)) {
@@ -3133,10 +3133,10 @@ int reply_trans2(connection_struct *conn,
 				(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
 			DEBUG(2,("Got Trans2 DevIOctl jobid\n"));
 		} else {
-			DEBUG(2,("Invalid smb_sucnt in trans2 call(%d)\n",suwcnt));
+			DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",suwcnt));
 			DEBUG(2,("Transaction is %d\n",tran_call));
 			END_PROFILE(SMBtrans2);
-			return ERROR_DOS(ERRSRV,ERRerror);
+			ERROR_DOS(ERRDOS,ERRinvalidparam);
 		}
 	}
     
@@ -3162,10 +3162,22 @@ int reply_trans2(connection_struct *conn,
 	if (num_params > total_params || num_data > total_data)
 		exit_server("invalid params in reply_trans2");
 
-	if(params)
-		memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
-	if(data)
-		memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
+	if(params) {
+		unsigned int psoff = SVAL(inbuf, smb_psoff);
+		if ((psoff + num_params < psoff) || (psoff + num_params < num_params))
+			goto bad_param;
+		if (smb_base(inbuf) + psoff + num_params > inbuf + length)
+			goto bad_param;
+		memcpy( params, smb_base(inbuf) + psoff, num_params);
+	}
+	if(data) {
+		unsigned int dsoff = SVAL(inbuf, smb_dsoff);
+		if ((dsoff + num_data < dsoff) || (dsoff + num_data < num_data))
+			goto bad_param;
+		if (smb_base(inbuf) + dsoff + num_data > inbuf + length)
+			goto bad_param;
+		memcpy( data, smb_base(inbuf) + dsoff, num_data);
+	}
 
 	if(num_data_sofar < total_data || num_params_sofar < total_params)  {
 		/* We need to send an interim response then receive the rest
@@ -3177,6 +3189,10 @@ int reply_trans2(connection_struct *conn,
 		while (num_data_sofar < total_data || 
 		       num_params_sofar < total_params) {
 			BOOL ret;
+			unsigned int param_disp;
+			unsigned int param_off;
+			unsigned int data_disp;
+			unsigned int data_off;
 
 			ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
 			
@@ -3188,25 +3204,55 @@ int reply_trans2(connection_struct *conn,
 				else
 					DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n",
 						 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
-				SAFE_FREE(params);
-				SAFE_FREE(data);
-				END_PROFILE(SMBtrans2);
-				return ERROR_DOS(ERRSRV,ERRerror);
+				goto bad_param;
 			}
       
 			/* Revise total_params and total_data in case
                            they have changed downwards */
-			total_params = SVAL(inbuf, smb_tpscnt);
-			total_data = SVAL(inbuf, smb_tdscnt);
-			num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt));
-			num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt));
+			if (SVAL(inbuf, smb_tpscnt) < total_params)
+				total_params = SVAL(inbuf, smb_tpscnt);
+			if (SVAL(inbuf, smb_tdscnt) < total_data)
+				total_data = SVAL(inbuf, smb_tdscnt);
+
+			num_params = SVAL(inbuf,smb_spscnt);
+			param_off = SVAL(inbuf, smb_spsoff);
+			param_disp = SVAL(inbuf, smb_spsdisp);
+			num_params_sofar += num_params;
+
+			num_data = SVAL(inbuf, smb_sdscnt);
+			data_off = SVAL(inbuf, smb_sdsoff);
+			data_disp = SVAL(inbuf, smb_sdsdisp);
+			num_data_sofar += num_data;
+
 			if (num_params_sofar > total_params || num_data_sofar > total_data)
-				exit_server("data overflow in trans2");
+				goto bad_param;
 			
-			memcpy( &params[ SVAL(inbuf, smb_spsdisp)], 
-				smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params);
-			memcpy( &data[SVAL(inbuf, smb_sdsdisp)],
-				smb_base(inbuf)+ SVAL(inbuf, smb_sdsoff), num_data);
+			if (num_params) {
+				if (param_disp + num_params >= total_params)
+					goto bad_param;
+				if ((param_disp + num_params < param_disp) ||
+						(param_disp + num_params < num_params))
+					goto bad_param;
+				if (smb_base(inbuf) + param_off + num_params >= inbuf + bufsize)
+					goto bad_param;
+				if (params + param_disp < params)
+					goto bad_param;
+
+				memcpy( &params[param_disp], smb_base(inbuf) + param_off, num_params);
+			}
+			if (num_data) {
+				if (data_disp + num_data >= total_data)
+					goto bad_param;
+				if ((data_disp + num_data < data_disp) ||
+						(data_disp + num_data < num_data))
+					goto bad_param;
+				if (smb_base(inbuf) + data_off + num_data >= inbuf + bufsize)
+					goto bad_param;
+				if (data + data_disp < data)
+					goto bad_param;
+
+				memcpy( &data[data_disp], smb_base(inbuf) + data_off, num_data);
+			}
 		}
 	}
 	
@@ -3320,4 +3366,11 @@ int reply_trans2(connection_struct *conn,
 	return outsize; /* If a correct response was needed the
 			   call_trans2xxx calls have already sent
 			   it. If outsize != -1 then it is returning */
+
+  bad_param:
+
+	SAFE_FREE(params);
+	SAFE_FREE(data);
+	END_PROFILE(SMBtrans2);
+	return ERROR_DOS(ERRDOS,ERRinvalidparam);
 }
-- 
cgit 


From cea6fd0b0ae4131e8cb9e541a5c2e91ce226e5cd Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 7 Mar 2003 00:34:43 +0000
Subject: Fix noticed by Corny.Bondad@hp.com. Ensure we free up memory on error
 exit. Jeremy. (This used to be commit
 1cbd53dc3cd2d56f5e62d42fed5d589efcecb8f8)

---
 source3/smbd/ipc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 08337c2901..67c5da01f3 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -397,6 +397,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 	if (tpscnt) {
 		if((params = (char *)malloc(tpscnt)) == NULL) {
 			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
+			SAFE_FREE(data);
 			END_PROFILE(SMBtrans);
 			return(ERROR_DOS(ERRDOS,ERRnomem));
 		} 
@@ -412,6 +413,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 		int i;
 		if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
 			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
+			SAFE_FREE(data);
+			SAFE_FREE(params);
 			END_PROFILE(SMBtrans);
 			return(ERROR_DOS(ERRDOS,ERRnomem));
 		} 
-- 
cgit 


From 80087e6cfed8f6aa55ed396e1690dff2dc32ece7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 7 Mar 2003 09:25:48 +0000
Subject: safe_strcpy() -> fstrcpy() fix, and a cleanup to how rpcclient calls
 the IP address resolving code. (This used to be commit
 1f605fe77c56ee2a7838c9f87eedf4bb91ebf688)

---
 source3/rpcclient/cmd_reg.c   |  2 +-
 source3/rpcclient/rpcclient.c | 11 +++--------
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c
index 19c0e7f71f..8943331dab 100644
--- a/source3/rpcclient/cmd_reg.c
+++ b/source3/rpcclient/cmd_reg.c
@@ -914,7 +914,7 @@ static NTSTATUS cmd_reg_shutdown(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 		switch (opt)
 		{
 			case 'm':
-				safe_strcpy(msg, optarg, sizeof(msg)-1);
+				fstrcpy(msg, optarg);
 				/*fprintf (stderr, "[%s|%s]\n", optarg, msg);*/
 				break;
 
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 127506fb39..c3b2cd4ea1 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -592,6 +592,8 @@ out_free:
 		{ NULL }
 	};
 
+	ZERO_STRUCT(server_ip);
+
 	setlinebuf(stdout);
 
 	/* Parse options */
@@ -674,13 +676,6 @@ out_free:
 	if (!init_names())
 		return 1;
 
-	/* Resolve the IP address */
-
-	if (!opt_ipaddr && !resolve_name(server, &server_ip, 0x20))  {
-		fprintf(stderr, "Unable to resolve %s\n", server);
-		return 1;
-	}
-	
 	/*
 	 * Get password
 	 * from stdin if necessary
@@ -697,7 +692,7 @@ out_free:
 		get_username(username);
 		
 	nt_status = cli_full_connection(&cli, global_myname(), server, 
-					&server_ip, 0,
+					opt_ipaddr ? &server_ip : NULL, 0,
 					"IPC$", "IPC",  
 					username, domain,
 					password, 0, NULL);
-- 
cgit 


From 04858cd7025bb4c3fdb34a2795568a6b52004c3b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 7 Mar 2003 09:29:56 +0000
Subject: Limit the number of SIDs that may be looked up, in line with existing
 code for name->sid. (This used to be commit
 0ebccc0dbeecc10d423529909a2563fbc3bf9857)

---
 source3/rpc_server/srv_lsa_nt.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 1b42c5f141..fb6538db39 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -641,6 +641,11 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_
 	LSA_TRANS_NAME_ENUM *names = NULL;
 	uint32 mapped_count = 0;
 
+	if (num_entries >  MAX_LOOKUP_SIDS) {
+		num_entries = MAX_LOOKUP_SIDS;
+		DEBUG(5,("_lsa_lookup_sids: truncating SID lookup list to %d\n", num_entries));
+	}
+		
 	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
 	names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM));
 
-- 
cgit 


From 8a751c019c21b1925fd352639f8237cf0a6ebac9 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Fri, 7 Mar 2003 18:26:24 +0000
Subject: Some progress towards gums and tdbsam2 genparser works fine, and it
 is a marvelous tool to store objects in tdb :) (This used to be commit
 4c6d461a8572f03cd33cba95500cc837638b732c)

---
 source3/include/gums.h        | 102 ++---
 source3/include/includes.h    |   2 +
 source3/include/tdbsam2.h     |  11 +-
 source3/lib/util_sid.c        |  18 +
 source3/rpc_parse/parse_sec.c |  18 -
 source3/sam/gumm_tdb.c        | 891 ++++++++++++++++++++++++++++++++++++------
 source3/sam/gums.c            |  38 +-
 source3/sam/gums_api.c        | 310 ++++++++++++---
 source3/sam/gums_helper.c     |  47 +--
 source3/script/genstruct.pl   |  15 +-
 10 files changed, 1166 insertions(+), 286 deletions(-)

diff --git a/source3/include/gums.h b/source3/include/gums.h
index ca124d7442..789acc269f 100644
--- a/source3/include/gums.h
+++ b/source3/include/gums.h
@@ -21,8 +21,8 @@
 #ifndef _GUMS_H
 #define _GUMS_H
 
-#define GUMS_VERSION_MAJOR 0
-#define GUMS_VERSION_MINOR 1
+#define GUMS_VERSION_MAJOR	0
+#define GUMS_VERSION_MINOR	1
 #define GUMS_OBJECT_VERSION	1
 
 #define GUMS_OBJ_DOMAIN			1
@@ -74,10 +74,17 @@ typedef struct gums_group
 
 } GUMS_GROUP;
 
+typedef struct gums_domain
+{
+	uint32 next_rid;
+
+} GUMS_DOMAIN;
+
 union gums_obj_p {
-	gums_user *user;
-	gums_group *group;
-}
+	GUMS_USER *user;
+	GUMS_GROUP *group;
+	GUMS_DOMAIN *domain;
+};
 
 typedef struct gums_object
 {
@@ -112,6 +119,7 @@ typedef struct gums_commit_set
 	DOM_SID sid;			/* Object Sid */
 	uint32 count;			/* number of changes */
 	GUMS_DATA_SET **data;
+
 } GUMS_COMMIT_SET;
 
 typedef struct gums_privilege
@@ -145,7 +153,7 @@ typedef struct gums_functions
 	NTSTATUS (*delete_object) (const DOM_SID *sid);
 
 	NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
-	NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name);
+	NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int onj_type);
 	/* This function is used to get the list of all objects changed since b_time, it is
 	   used to support PDC<->BDC synchronization */
 	NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
@@ -159,10 +167,10 @@ typedef struct gums_functions
 	NTSTATUS (*set_object) (const GUMS_OBJECT *object);
 
 	/* set object values function */
-	NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
+	NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET **data_set);
 
 	/* Group related functions */
-	NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
+	NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members);
 	NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
 	NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
 
@@ -177,54 +185,56 @@ typedef struct gums_functions
 	NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
 	NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
 	NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
+
 	/* warning!: set_privilege will overwrite a prior existing privilege if such exist */
 	NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
 
 } GUMS_FUNCTIONS;
 
 /* define value types */
+#define GUMS_SET_PRIMARY_GROUP		0x1
+#define GUMS_SET_SEC_DESC		0x2
 
-#define GUMS_SET_PRIMARY_GROUP		1
-#define GUMS_SET_SEC_DESC		2
+#define GUMS_SET_NAME			0x10
+#define GUMS_SET_DESCRIPTION		0x11
+#define GUMS_SET_FULL_NAME		0x12
 
 /* user specific type values */
-#define GUMS_SET_LOGON_TIME		10  /* keep NTTIME consecutive */
-#define GUMS_SET_LOGOFF_TIME		11 /* too ease checking */
-#define GUMS_SET_KICKOFF_TIME		13
-#define GUMS_SET_PASS_LAST_SET_TIME	14
-#define GUMS_SET_PASS_CAN_CHANGE_TIME	15
-#define GUMS_SET_PASS_MUST_CHANGE_TIME	16 /* NTTIME end */
-
-#define GUMS_SET_NAME			20 /* keep strings consecutive */
-#define GUMS_SET_DESCRIPTION		21 /* too ease checking */
-#define GUMS_SET_FULL_NAME		22
-#define GUMS_SET_HOME_DIRECTORY		23
-#define GUMS_SET_DRIVE			24
-#define GUMS_SET_LOGON_SCRIPT		25
-#define GUMS_SET_PROFILE_PATH		26
-#define GUMS_SET_WORKSTATIONS		27
-#define GUMS_SET_UNKNOWN_STRING		28
-#define GUMS_SET_MUNGED_DIAL		29 /* strings end */
-
-#define GUMS_SET_LM_PASSWORD		40
-#define GUMS_SET_NT_PASSWORD		41
-#define GUMS_SET_PLAINTEXT_PASSWORD	42
-#define GUMS_SET_UNKNOWN_3		43
-#define GUMS_SET_LOGON_DIVS		44
-#define GUMS_SET_HOURS_LEN		45
-#define GUMS_SET_HOURS			46
-#define GUMS_SET_UNKNOWN_5		47
-#define GUMS_SET_UNKNOWN_6		48
-
-#define GUMS_SET_MUST_CHANGE_PASS	50
-#define GUMS_SET_CANNOT_CHANGE_PASS	51
-#define GUMS_SET_PASS_NEVER_EXPIRE	52
-#define GUMS_SET_ACCOUNT_DISABLED	53
-#define GUMS_SET_ACCOUNT_LOCKOUT	54
+#define GUMS_SET_LOGON_TIME		0x20
+#define GUMS_SET_LOGOFF_TIME		0x21
+#define GUMS_SET_KICKOFF_TIME		0x23
+#define GUMS_SET_PASS_LAST_SET_TIME	0x24
+#define GUMS_SET_PASS_CAN_CHANGE_TIME	0x25
+#define GUMS_SET_PASS_MUST_CHANGE_TIME	0x26
+
+
+#define GUMS_SET_HOME_DIRECTORY		0x31
+#define GUMS_SET_DRIVE			0x32
+#define GUMS_SET_LOGON_SCRIPT		0x33
+#define GUMS_SET_PROFILE_PATH		0x34
+#define GUMS_SET_WORKSTATIONS		0x35
+#define GUMS_SET_UNKNOWN_STRING		0x36
+#define GUMS_SET_MUNGED_DIAL		0x37
+
+#define GUMS_SET_LM_PASSWORD		0x40
+#define GUMS_SET_NT_PASSWORD		0x41
+#define GUMS_SET_PLAINTEXT_PASSWORD	0x42
+#define GUMS_SET_UNKNOWN_3		0x43
+#define GUMS_SET_LOGON_DIVS		0x44
+#define GUMS_SET_HOURS_LEN		0x45
+#define GUMS_SET_HOURS			0x46
+#define GUMS_SET_UNKNOWN_5		0x47
+#define GUMS_SET_UNKNOWN_6		0x48
+
+#define GUMS_SET_MUST_CHANGE_PASS	0x50
+#define GUMS_SET_CANNOT_CHANGE_PASS	0x51
+#define GUMS_SET_PASS_NEVER_EXPIRE	0x52
+#define GUMS_SET_ACCOUNT_DISABLED	0x53
+#define GUMS_SET_ACCOUNT_LOCKOUT	0x54
 
 /*group specific type values */
-#define GUMS_ADD_SID_LIST		60
-#define GUMS_DEL_SID_LIST		61
-#define GUMS_SET_SID_LIST		62
+#define GUMS_ADD_SID_LIST		0x60
+#define GUMS_DEL_SID_LIST		0x61
+#define GUMS_SET_SID_LIST		0x62
 
 #endif /* _GUMS_H */
diff --git a/source3/include/includes.h b/source3/include/includes.h
index fab02141cb..b9ba4b84d5 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -775,6 +775,8 @@ extern int errno;
 
 #include "sam.h"
 
+#include "gums.h"
+
 #include "session.h"
 
 #include "asn_1.h"
diff --git a/source3/include/tdbsam2.h b/source3/include/tdbsam2.h
index 0ca9d34618..047b4e7c90 100644
--- a/source3/include/tdbsam2.h
+++ b/source3/include/tdbsam2.h
@@ -18,16 +18,17 @@
  * Mass Ave, Cambridge, MA 02139, USA.
  */
 
-
 /* ALL strings assumes UTF8 as encoding */
 
 GENSTRUCT struct tdbsam2_domain_data {
 	uint32 xcounter;		/* counter to be updated at any change */
 
 	SEC_DESC *sec_desc;		/* Security Descriptor */
-	DOM_SID *user_sid;		/* The User SID */
-	char *name; _NULLTERM		/* NT User Name */
+	DOM_SID *dom_sid;		/* The Domain SID */
+	char *name; _NULLTERM		/* NT Domain Name */
 	char *description; _NULLTERM	/* Descritpion (Gecos) */
+
+	uint32 next_rid;		/* The Next free RID */
 };
 
 GENSTRUCT struct tdbsam2_user_data {
@@ -67,14 +68,14 @@ GENSTRUCT struct tdbsam2_user_data {
 	uint32 unknown_3;		/* 0x00ff ffff */
 	uint32 unknown_5;		/* 0x0002 0000 */
 	uint32 unknown_6;		/* 0x0000 04ec */
-};	
+};
 
 GENSTRUCT struct tdbsam2_group_data {
 	uint32 xcounter;		/* counter to be updated at any change */
 
 	SEC_DESC *sec_desc;		/* Security Descriptor */
 	DOM_SID *group_sid;		/* The Group SID */
-	char *name; _NULLTERM		/* NT User Name */
+	char *name; _NULLTERM		/* NT Group Name */
 	char *description; _NULLTERM	/* Descritpion (Gecos) */
 
 	uint32 count;			/* number of sids */
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 824987f189..81d17ae3f2 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -629,3 +629,21 @@ void print_guid(GUID *guid)
 		d_printf("%02x", guid->info[i]);
 	d_printf("\n");
 }
+
+/*******************************************************************
+ Tallocs a duplicate SID. 
+********************************************************************/ 
+
+DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src)
+{
+  DOM_SID *dst;
+
+  if(!src)
+    return NULL;
+
+  if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) {
+    sid_copy( dst, src);
+  }
+
+  return dst;
+}
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index dbd72e5250..10b0ff86ae 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -569,24 +569,6 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
 	return(return_sdb);
 }
 
-/*******************************************************************
- Tallocs a duplicate SID. 
-********************************************************************/ 
-
-static DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src)
-{
-  DOM_SID *dst;
-
-  if(!src)
-    return NULL;
-
-  if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) {
-    sid_copy( dst, src);
-  }
-
-  return dst;
-}
-
 /*******************************************************************
  Creates a SEC_DESC structure
 ********************************************************************/
diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c
index 52eaab9e17..53ea872a11 100644
--- a/source3/sam/gumm_tdb.c
+++ b/source3/sam/gumm_tdb.c
@@ -23,7 +23,6 @@
  */
 
 #include "includes.h"
-#include "gums.h"
 #include "tdbsam2.h"
 #include "tdbsam2_parse_info.h"
 
@@ -31,15 +30,25 @@ static int tdbgumm_debug_level = DBGC_ALL;
 #undef DBGC_CLASS
 #define DBGC_CLASS tdbgumm_debug_level
 
-#define TDBSAM_VERSION		"20021215"
+#define TDBSAM_VERSION		20021215
 #define TDB_FILE_NAME		"tdbsam2.tdb"
-#define DOMAINPREFIX		"DOMAIN_"
-#define OBJECTPREFIX		"OBJECT_"
+#define NAMEPREFIX		"NAME_"
 #define SIDPREFIX		"SID_"
 #define PRIVILEGEPREFIX		"PRIV_"
 
 #define TDB_FORMAT_STRING	"ddB"
 
+#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", __FUNCTION__)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
+#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", __FUNCTION__)); goto label; } } while(0)
+
+struct tdbsam2_enum_objs {
+	uint32 type;
+	fstring dom_sid;
+	TDB_CONTEXT *db;
+	TDB_DATA key;
+	struct tdbsam2_enum_objs *next;
+};
+
 union tdbsam2_data {
 	struct tdbsam2_domain_data *domain;
 	struct tdbsam2_user_data *user;
@@ -48,86 +57,363 @@ union tdbsam2_data {
 
 struct tdbsam2_object {
 	uint32 type;
+	uint32 version;
 	union tdbsam2_data data;
 };
 
 static TDB_CONTEXT *tdbsam2_db;
 
-#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", __FUNCTION__)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", __FUNCTION__)); goto label; } } while(0)
+struct tdbsam2_enum_objs **teo_handlers;
+
+static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size)
+{
+
+	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+	int iret;
+	char *obj_data;
+	int data_size = 0;
+	int len;
+	
+	len = tdb_unpack (buffer, size, TDB_FORMAT_STRING,
+			  &(object->version),
+			  &(object->type),
+			  &data_size, &obj_data);
+
+	if (len == -1)
+		goto done;
+
+	/* version is checked inside this function so that backward compatibility code can be
+	   called eventually.
+	   this way we can easily handle database format upgrades */
+	if (object->version != TDBSAM_VERSION) {
+		DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n"));
+		goto done;
+	}
+
+	/* be sure the string is terminated before trying to parse it */
+	if (obj_data[data_size - 1] != '\0')
+		obj_data[data_size - 1] = '\0';
+
+	switch (object->type) {
+		case GUMS_OBJ_DOMAIN:
+			object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data));
+			TALLOC_CHECK(object->data.domain, ret, done);
+			memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data));
+
+			iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data);
+			break;
+		case GUMS_OBJ_GROUP:
+		case GUMS_OBJ_ALIAS:
+			object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data));
+			TALLOC_CHECK(object->data.group, ret, done);
+			memset(object->data.group, 0, sizeof(struct tdbsam2_group_data));
+
+			iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data);
+			break;
+		case GUMS_OBJ_NORMAL_USER:
+			object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data));
+			TALLOC_CHECK(object->data.user, ret, done);
+			memset(object->data.user, 0, sizeof(struct tdbsam2_user_data));
 
-static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size) {
+			iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data);
+			break;
+		default:
+			DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n"));
+			goto done;
+	}
+
+	if (iret != 0) {
+		DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n"));
+		DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?"));
+		goto done;
+	}
+
+	ret = NT_STATUS_OK;
+done:
+	SAFE_FREE(obj_data);
+	return ret;
+}
+
+static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object)
+{
+
+	NTSTATUS ret;
+	char *buf1 = NULL;
+	size_t buflen;
+
+	if (!buffer)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	switch (object->type) {
+		case GUMS_OBJ_DOMAIN:
+			buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0);
+			break;
+		case GUMS_OBJ_GROUP:
+		case GUMS_OBJ_ALIAS:
+			buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0);
+			break;
+		case GUMS_OBJ_NORMAL_USER:
+			buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0);
+			break;
+		default:
+			DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n"));
+			return NT_STATUS_UNSUCCESSFUL;	
+	}
+	
+	if (buf1 == NULL) {
+		DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	buflen = tdb_pack(NULL, 0,  TDB_FORMAT_STRING,
+			TDBSAM_VERSION,
+			object->type,
+			strlen(buf1) + 1, buf1);
+
+	*buffer = talloc(mem_ctx, buflen);
+	TALLOC_CHECK(*buffer, ret, done);
+
+	*len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING,
+			TDBSAM_VERSION,
+			object->type,
+			strlen(buf1) + 1, buf1);
+
+	if (*len != buflen) {
+		DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", 
+			  buflen, *len));
+		*buffer = NULL;
+		ret = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	ret = NT_STATUS_OK;
+done:
+	return ret;
+}
+
+static NTSTATUS opentdb(void)
+{
+	if (!tdbsam2_db) {
+		pstring tdbfile;
+		get_private_directory(tdbfile);
+		pstrcat(tdbfile, "/");
+		pstrcat(tdbfile, TDB_FILE_NAME);
+
+		tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
+  		if (!tdbsam2_db)
+		{
+			DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile));
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	}
 
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS tdbsam2_opentdb(void) {
+static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid)
+{
+	NTSTATUS ret;
+	TDB_DATA data, key;
+	fstring keystr;
+
+	if (!obj || !mem_ctx || !sid)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	if (NT_STATUS_IS_ERR(ret = opentdb())) {
+		return ret;
+	}
+
+	slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
+	data = tdb_fetch(tdbsam2_db, key);
+	if (!data.dptr) {
+		DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n"));
+		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
+		DEBUGADD(5, (" Key: %s\n", keystr));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
+		SAFE_FREE(data.dptr);
+		DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	SAFE_FREE(data.dptr);
 
 	return NT_STATUS_OK;
+	
 }
 
-static NTSTATUS tdbsam2_get_object_by_name(struct tdbsam2_object *obj, TALLOC_CTX *mem_ctx, const char* name) {
+static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name)
+{
 
 	NTSTATUS ret;
 	TDB_DATA data, key;
 	fstring keystr;
 	fstring objname;
+	DOM_SID sid;
+	char *obj_sidstr;
+	int obj_version, obj_type, obj_sidstr_len, len;
 
 	if (!obj || !mem_ctx || !name)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	if (tdbsam2_db == NULL) {
-		if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
-			goto done;
-		}
+	if (NT_STATUS_IS_ERR(ret = opentdb())) {
+		return ret;
 	}
 
 	unix_strlower(name, -1, objname, sizeof(objname));
 
-	slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, objname);
+	slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname);
 	key.dptr = keystr;
 	key.dsize = strlen(keystr) + 1;
 
 	data = tdb_fetch(tdbsam2_db, key);
 	if (!data.dptr) {
-		DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n"));
+		DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n"));
 		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
 		DEBUGADD(5, (" Key: %s\n", keystr));
-		ret = NT_STATUS_UNSUCCESSFUL;
-		goto done;
+		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
-		SAFE_FREE(data.dptr);
-		DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n"));
-		ret = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
+	len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
+		&obj_version,
+		&obj_type,
+		&obj_sidstr_len, &obj_sidstr);
+
 	SAFE_FREE(data.dptr);
 
-	ret = NT_STATUS_OK;
+	if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) {
+		DEBUG(5, ("get_object_by_name: Error unpacking database object!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
 
-done:
-	return ret;
+	if (!string_to_sid(&sid, obj_sidstr)) {
+		DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n"));
+		SAFE_FREE(obj_sidstr);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	SAFE_FREE(obj_sidstr);
+	
+	return get_object_by_sid(mem_ctx, obj, &sid);
 }
 
-
-static NTSTATUS tdbsam2_store(struct tdbsam2_object *object) {
+static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj)
+{
 
 	NTSTATUS ret;
+	TDB_DATA data, key, key2;
+	fstring keystr;
+	fstring namestr;
+	int flag, r;
+
+	if (NT_STATUS_IS_ERR(ret = opentdb())) {
+		return ret;
+	}
+
+	if (new_obj) {
+		flag = TDB_INSERT;
+	} else {
+		flag = TDB_MODIFY;
+	}
+
+	ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object);
+	if (NT_STATUS_IS_ERR(ret))
+		return ret;
+
+	switch (object->type) {
+		case GUMS_OBJ_DOMAIN:
+			slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid));
+			slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name);
+			break;
+		case GUMS_OBJ_GROUP:
+		case GUMS_OBJ_ALIAS:
+			slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid));
+			slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name);
+			break;
+		case GUMS_OBJ_NORMAL_USER:
+			slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid));
+			slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name);
+			break;
+		default:
+			return NT_STATUS_UNSUCCESSFUL;	
+	}
+
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
+	if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) {
+		DEBUG(0, ("store_object: Unable to modify SAM!\n"));
+		DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
+		DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
+		if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+
+	key2.dptr = namestr;
+	key2.dsize = strlen(namestr) + 1;
+
+	if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) {
+		DEBUG(0, ("store_object: Unable to modify SAM!\n"));
+		DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
+		DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
+		if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+/* TODO: update the general database counter */
+/* TODO: update this entry counter too */
 
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS tdbsam2_get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID *sid) {
-
+static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid)
+{
 	NTSTATUS ret;
+	struct tdbsam2_object obj;
+	DOM_SID *dom_sid = get_global_sam_sid();
+	uint32 new_rid;
+
+/* TODO: LOCK DOMAIN OBJECT */
+	ret = get_object_by_sid(mem_ctx, &obj, dom_sid);
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(0, ("get_next_sid: unable to get root Domain object!\n"));
+		ret = NT_STATUS_INTERNAL_DB_ERROR;
+		goto error;
+	}
+
+	new_rid = obj.data.domain->next_rid;
+	
+	/* Increment the RID Counter */
+	obj.data.domain->next_rid++;
+	
+	/* Store back Domain object */
+	ret = store_object(mem_ctx, &obj, False);
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(0, ("get_next_sid: unable to update root Domain object!\n"));
+		ret = NT_STATUS_INTERNAL_DB_ERROR;
+		goto error;
+	}
+/* TODO: UNLOCK DOMAIN OBJECT */
+
+	*sid = sid_dup_talloc(mem_ctx, dom_sid);
+	TALLOC_CHECK(*sid, ret, error);
+	
+	if (!sid_append_rid(*sid, new_rid)) {
+		DEBUG(0, ("get_next_sid: unable to build new SID !?!\n"));
+		ret = NT_STATUS_UNSUCCESSFUL;
+		goto error;
+	}
 
 	return NT_STATUS_OK;
-}
 
-static NTSTATUS tdbsam2_user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata, uint32 type) {
+error:
+	return ret;
+}
 
+static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata)
+{
 	NTSTATUS ret;
 
 	if (!object || !userdata) {
@@ -180,12 +466,12 @@ static NTSTATUS tdbsam2_user_data_to_gums_object(GUMS_OBJECT **object, struct td
 	SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error);
 	SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error);
 
-	SET_OR_FAIL(gums_set_user_logon_time(*object, userdata->logon_time), error);
-	SET_OR_FAIL(gums_set_user_logoff_time(*object, userdata->logoff_time), error);
-	SET_OR_FAIL(gums_set_user_kickoff_time(*object, userdata->kickoff_time), error);
-	SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, userdata->pass_last_set_time), error);
-	SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, userdata->pass_can_change_time), error);
-	SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, userdata->pass_must_change_time), error);
+	SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error);
+	SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error);
+	SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error);
+	SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error);
+	SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error);
+	SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error);
 
 	ret = NT_STATUS_OK;
 	return ret;
@@ -196,8 +482,8 @@ error:
 	return ret;
 }
 
-static NTSTATUS tdbsam2_group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata, uint32 type) {
-
+static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata)
+{
 	NTSTATUS ret;
 
 	if (!object || !groupdata) {
@@ -226,11 +512,12 @@ error:
 	return ret;
 }
 
-static NTSTATUS tdbsam2_domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata, uint32 type) {
+static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata)
+{
 
 	NTSTATUS ret;
 
-	if (!object || !domdata) {
+	if (!object || !*object || !domdata) {
 		DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
@@ -253,7 +540,8 @@ error:
 	return ret;
 }
 
-static NTSTATUS tdbsam2_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data) {
+static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data)
+{
 
 	NTSTATUS ret;
 
@@ -271,16 +559,16 @@ static NTSTATUS tdbsam2_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2
 
 	switch (data->type) {
 		case GUMS_OBJ_DOMAIN:
-			ret = tdbsam2_domain_data_to_gums_object(object, data->data.domain, data->type);
+			ret = domain_data_to_gums_object(object, data->data.domain);
 			break;
 
 		case GUMS_OBJ_NORMAL_USER:
-			ret = tdbsam2_user_data_to_gums_object(object, data->data.user, data->type);
+			ret = user_data_to_gums_object(object, data->data.user);
 			break;
 
 		case GUMS_OBJ_GROUP:
 		case GUMS_OBJ_ALIAS:
-			ret = tdbsam2_group_data_to_gums_object(object, data->data.group, data->type);
+			ret = group_data_to_gums_object(object, data->data.group);
 			break;
 
 		default:
@@ -292,83 +580,118 @@ done:
 }
 
 
+/* GUMM object functions */
 
+static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name)
+{
 
+	NTSTATUS ret;
+	struct tdbsam2_object obj;
+	TALLOC_CTX *mem_ctx;
+	fstring domname;
 
-/* GUMM object functions */
+	if (!sid || !name)
+		return NT_STATUS_INVALID_PARAMETER;
 
-static NTSTATUS get_domain_sid(DOM_SID *sid, const char* name) {
+	mem_ctx = talloc_init("tdbsam2_get_domain_sid");
+	if (!mem_ctx) {
+		DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (NT_STATUS_IS_ERR(ret = opentdb())) {
+		goto done;
+	}
+
+	unix_strlower(name, -1, domname, sizeof(domname));
+
+	ret = get_object_by_name(mem_ctx, &obj, domname);
+
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
+		goto done;
+	}
+
+	if (obj.type != GUMS_OBJ_DOMAIN) {
+		DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
+		ret = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	sid_copy(sid, obj.data.domain->dom_sid);
+
+	ret = NT_STATUS_OK;
+
+done:
+	talloc_destroy(mem_ctx);
+	return ret;
+}
+
+static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name)
+{
 
 	NTSTATUS ret;
 	struct tdbsam2_object obj;
 	TALLOC_CTX *mem_ctx;
-	TDB_DATA data, key;
-	fstring keystr;
 	fstring domname;
 
 	if (!sid || !name)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	mem_ctx = talloc_init("get_domain_sid");
+	mem_ctx = talloc_init("tdbsam2_set_domain_sid");
 	if (!mem_ctx) {
 		DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (tdbsam2_db == NULL) {
-		if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
+		if (NT_STATUS_IS_ERR(ret = opentdb())) {
 			goto done;
 		}
 	}
 
 	unix_strlower(name, -1, domname, sizeof(domname));
 
-	slprintf(keystr, sizeof(keystr)-1, "%s%s", DOMAINPREFIX, domname);
-	key.dptr = keystr;
-	key.dsize = strlen(keystr) + 1;
+/* TODO: we need to lock this entry until updated! */
 
-	data = tdb_fetch(tdbsam2_db, key);
-	if (!data.dptr) {
-		DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n"));
-		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
-		DEBUGADD(5, (" Key: %s\n", keystr));
-		ret = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
+	ret = get_object_by_name(mem_ctx, &obj, domname);
 
-	if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
-		SAFE_FREE(data.dptr);
-		DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n"));
-		ret = NT_STATUS_UNSUCCESSFUL;
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
 		goto done;
 	}
-	SAFE_FREE(data.dptr);
 
 	if (obj.type != GUMS_OBJ_DOMAIN) {
-		DEBUG(5, ("get_domain_sid: Requested object is not a domain!\n"));
+		DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	sid_copy(sid, obj.data.domain->dom_sid);
+	sid_copy(obj.data.domain->dom_sid, sid);
 
-	ret = NT_STATUS_OK;
+	ret = store_object(mem_ctx, &obj, False);
 
 done:
+/* TODO: unlock here */
 	if (mem_ctx) talloc_destroy(mem_ctx);
 	return ret;
 }
 
-	NTSTATUS (*set_domain_sid) (const DOM_SID *sid, const char *name);
-
+/* TODO */
 	NTSTATUS (*get_sequence_number) (void);
 
 
-static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int obj_type) {
+extern DOM_SID global_sid_NULL;
+
+static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type)
+{
 
 	NTSTATUS ret;
 	struct tdbsam2_object obj;
 	TALLOC_CTX *mem_ctx;
+	NTTIME zero_time = {0,0};
+	const char *defpw = "NOPASSWORDXXXXXX";
+	uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255};
 
 	if (!sid || !name) {
 		DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
@@ -381,19 +704,51 @@ static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int ob
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	obj.type = obj_type;
+	obj.version = TDBSAM_VERSION;
+
 	switch (obj_type) {
 		case GUMS_OBJ_NORMAL_USER:
 			obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data));
 			TALLOC_CHECK(obj.data.user, ret, done);
 
-			/*obj.data.user->sec_desc*/
-
-			tdbsam2_get_next_sid(mem_ctx, obj.data.user->user_sid);
+			get_next_sid(mem_ctx, &(obj.data.user->user_sid));
 			TALLOC_CHECK(obj.data.user->user_sid, ret, done);
+			sid_copy(sid, obj.data.user->user_sid);
 
 			obj.data.user->name = talloc_strdup(mem_ctx, name);
 			TALLOC_CHECK(obj.data.user, ret, done);
 
+			obj.data.user->xcounter = 1;
+			/*obj.data.user->sec_desc*/
+			obj.data.user->description = "";
+			obj.data.user->group_sid = &global_sid_NULL;
+			obj.data.user->logon_time = &zero_time;
+			obj.data.user->logoff_time = &zero_time;
+			obj.data.user->kickoff_time = &zero_time;
+			obj.data.user->pass_last_set_time = &zero_time;
+			obj.data.user->pass_can_change_time = &zero_time;
+			obj.data.user->pass_must_change_time = &zero_time;
+
+			obj.data.user->full_name = "";		
+			obj.data.user->home_dir = "";		
+			obj.data.user->dir_drive = "";		
+			obj.data.user->logon_script = "";		
+			obj.data.user->profile_path = "";		
+			obj.data.user->workstations = "";		
+			obj.data.user->unknown_str = "";		
+			obj.data.user->munged_dial = "";		
+
+			obj.data.user->lm_pw_ptr = defpw;
+			obj.data.user->nt_pw_ptr = defpw;
+
+			obj.data.user->logon_divs = 168;
+			obj.data.user->hours_len = 21;
+			obj.data.user->hours = &defhours;
+
+			obj.data.user->unknown_3 = 0x00ffffff;
+			obj.data.user->unknown_5 = 0x00020000;
+			obj.data.user->unknown_6 = 0x000004ec;
 			break;
 
 		case GUMS_OBJ_GROUP:
@@ -401,133 +756,373 @@ static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int ob
 			obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data));
 			TALLOC_CHECK(obj.data.group, ret, done);
 
-			/*obj.data.user->sec_desc*/
-
-			tdbsam2_get_next_sid(mem_ctx, obj.data.group->group_sid);
+			get_next_sid(mem_ctx, &(obj.data.group->group_sid));
 			TALLOC_CHECK(obj.data.group->group_sid, ret, done);
+			sid_copy(sid, obj.data.group->group_sid);
 
 			obj.data.group->name = talloc_strdup(mem_ctx, name);
 			TALLOC_CHECK(obj.data.group, ret, done);
 
+			obj.data.group->xcounter = 1;
+			/*obj.data.group->sec_desc*/
+			obj.data.group->description = "";
+
 			break;
 
 		case GUMS_OBJ_DOMAIN:
-			/* TODO: SHOULD WE ALLOW TO CREATE NEW DOMAINS ? */
+
+			/* FIXME: should we check against global_sam_sid to make it impossible
+				  to store more than one domain ? */ 
+
+			obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data));
+			TALLOC_CHECK(obj.data.domain, ret, done);
+
+			obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid());
+			TALLOC_CHECK(obj.data.domain->dom_sid, ret, done);
+			sid_copy(sid, obj.data.domain->dom_sid);
+
+			obj.data.domain->name = talloc_strdup(mem_ctx, name);
+			TALLOC_CHECK(obj.data.domain, ret, done);
+
+			obj.data.domain->xcounter = 1;
+			/*obj.data.domain->sec_desc*/
+			obj.data.domain->next_rid = 0x3e9;
+			obj.data.domain->description = "";
+
+			ret = NT_STATUS_OK;
+			break;	
 
 		default:
 			ret = NT_STATUS_UNSUCCESSFUL;
 			goto done;
 	}
 
-	ret = tdbsam2_store(&obj);
+	ret = store_object(mem_ctx, &obj, True);
 
 done:
 	talloc_destroy(mem_ctx);
 	return ret;
 }
 
-static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) {
-
+static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid)
+{
 	NTSTATUS ret;
 	struct tdbsam2_object obj;
 	TALLOC_CTX *mem_ctx;
 	TDB_DATA data, key;
 	fstring keystr;
-	fstring sidstr;
-	char *obj_name = NULL;
-	int obj_type, obj_version, len;
 
 	if (!sid) {
-		DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
+		DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	mem_ctx = talloc_init("tdbsam2_delete_object");
 	if (!mem_ctx) {
-		DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
+		DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n"));
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (tdbsam2_db == NULL) {
-		if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
+		if (NT_STATUS_IS_ERR(ret = opentdb())) {
 			goto done;
 		}
 	}
 
-	sid_to_string(sidstr, sid);
-
-	slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr);
+	slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
 	key.dptr = keystr;
 	key.dsize = strlen(keystr) + 1;
 
 	data = tdb_fetch(tdbsam2_db, key);
 	if (!data.dptr) {
-		DEBUG(5, ("get_domain_sid: Error fetching database, SID entry not found!\n"));
+		DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n"));
 		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
 		DEBUGADD(5, (" Key: %s\n", keystr));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
-		&obj_version,
-		&obj_type,
-		&obj_name);
+	if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
+		DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
+		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
+		DEBUGADD(5, (" Key: %s\n", keystr));
+		ret = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}	
 
-	if (len == -1) {
+	if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
+		SAFE_FREE(data.dptr);
+		DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n"));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
+	switch (obj.type) {
+		case GUMS_OBJ_DOMAIN:
+			/* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
+			slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name);
+			break;
+		case GUMS_OBJ_GROUP:
+		case GUMS_OBJ_ALIAS:
+			slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name);
+			break;
+		case GUMS_OBJ_NORMAL_USER:
+			slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name);
+			break;
+		default:
+			ret = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+	}
+
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
 	if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
-		DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n"));
+		DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
 		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
 		DEBUGADD(5, (" Key: %s\n", keystr));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
-	}	
+	}
 
-	switch (obj_type) {
-		case GUMS_OBJ_NORMAL_USER:
-		case GUMS_OBJ_GROUP:
-		case GUMS_OBJ_ALIAS:
-			
-			slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, obj_name);
-			key.dptr = keystr;
-			key.dsize = strlen(keystr) + 1;
-
-			if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
-				DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n"));
-				DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
-				DEBUGADD(5, (" Key: %s\n", keystr));
-				ret = NT_STATUS_UNSUCCESSFUL;
-				goto done;
+/* TODO: update the general database counter */
+
+done:
+	SAFE_FREE(data.dptr);
+	talloc_destroy(mem_ctx);
+	return ret;
+}
+
+static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type)
+{
+	NTSTATUS ret;
+	struct tdbsam2_object obj;
+	TALLOC_CTX *mem_ctx;
+
+	if (!object || !sid) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
+	if (!mem_ctx) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = get_object_by_sid(mem_ctx, &obj, sid);
+	if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
+		goto done;
+	}
+
+	ret = data_to_gums_object(object, &obj);
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
+		goto done;
+	}
+	
+done:
+	talloc_destroy(mem_ctx);
+	return ret;
+}
+
+static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type)
+{
+	NTSTATUS ret;
+	struct tdbsam2_object obj;
+	TALLOC_CTX *mem_ctx;
+
+	if (!object || !name) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
+	if (!mem_ctx) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = get_object_by_name(mem_ctx, &obj, name);
+	if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
+		goto done;
+	}
+
+	ret = data_to_gums_object(object, &obj);
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
+		goto done;
+	}
+	
+done:
+	talloc_destroy(mem_ctx);
+	return ret;
+}
+
+	/* This function is used to get the list of all objects changed since base_time, it is
+	   used to support PDC<->BDC synchronization */
+	NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
+
+static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type)
+{
+	struct tdbsam2_enum_objs *teo, *t;
+	pstring tdbfile;
+
+	teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs));
+	if (!teo) {
+		DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	teo->type = obj_type;
+	if (sid) {
+		sid_to_string(teo->dom_sid, sid);
+	}
+
+	get_private_directory(tdbfile);
+	pstrcat(tdbfile, "/");
+	pstrcat(tdbfile, TDB_FILE_NAME);
+
+	teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600);
+  	if (!teo->db)
+	{
+		DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile));
+		SAFE_FREE(teo);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!teo_handlers) {
+		*teo_handlers = teo;
+	} else {
+		t = *teo_handlers;
+		while (t->next) {
+			t = t->next;
+		}
+		t->next = teo;
+	}
+
+	handle = teo;
+
+	teo->key = tdb_firstkey(teo->db);
+
+	return NT_STATUS_OK;	
+}
+
+static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle)
+{
+	NTSTATUS ret;
+	TALLOC_CTX *mem_ctx;
+	TDB_DATA data;
+	struct tdbsam2_enum_objs *teo;
+	struct tdbsam2_object obj;
+	const char *prefix = SIDPREFIX;
+	const int preflen = strlen(prefix);
+
+	if (!object || !handle) {
+		DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	teo = (struct tdbsam2_enum_objs *)handle;
+
+	mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next");
+	if (!mem_ctx) {
+		DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	while ((teo->key.dsize != 0)) {
+		int len, version, type, size;
+		char *ptr;
+
+		if (strncmp(teo->key.dptr, prefix, preflen)) {
+			teo->key = tdb_nextkey(teo->db, teo->key);
+			continue;
+		}
+
+		if (teo->dom_sid) {
+			if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) {
+				teo->key = tdb_nextkey(teo->db, teo->key);
+				continue;
 			}
-			break;
+		}
 
-		case GUMS_OBJ_DOMAIN:
-			/* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
+		data = tdb_fetch(teo->db, teo->key);
+		if (!data.dptr) {
+			DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n"));
+			DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db)));
+			DEBUGADD(5, (" Key: %s\n", teo->key.dptr));
+			ret = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
 
-		default:
+		len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING,
+			  &version,
+			  &type,
+			  &size, &ptr);
+
+		if (len == -1) {
+			DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n"));
 			ret = NT_STATUS_UNSUCCESSFUL;
 			goto done;
+		}
+		SAFE_FREE(ptr);
+
+		if (teo->type && type != teo->type) {
+			SAFE_FREE(data.dptr);
+			data.dsize = 0;
+			teo->key = tdb_nextkey(teo->db, teo->key);
+			continue;
+		}
+		
+		break;
 	}
 
+	if (data.dsize != 0) {
+		if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
+			SAFE_FREE(data.dptr);
+			DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n"));
+			ret = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+		SAFE_FREE(data.dptr);
+	}
+
+	ret = data_to_gums_object(object, &obj);
+
 done:
-	SAFE_FREE(obj_name);
 	talloc_destroy(mem_ctx);
 	return ret;
 }
 
-	NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
-	NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name);
-	/* This function is used to get the list of all objects changed since b_time, it is
-	   used to support PDC<->BDC synchronization */
-	NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
+static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle)
+{
+	struct tdbsam2_enum_objs *teo, *t, *p;
+
+	teo = (struct tdbsam2_enum_objs *)handle;
+
+	if (*teo_handlers == teo) {
+		*teo_handlers = teo->next;
+	} else {
+		t = *teo_handlers;
+		while (t != teo) {
+			p = t;
+			t = t->next;
+			if (t == NULL) {
+				DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n"));
+				return NT_STATUS_UNSUCCESSFUL;
+			}
+		}
+		p = t->next;
+	}
+
+	tdb_close(teo->db);
+	SAFE_FREE(teo);
 
-	NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
-	NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
-	NTSTATUS (*enumerate_objects_stop) (void *handle);
+	return NT_STATUS_OK;
+}
 
 	/* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
 	   Never use this function to update an object in the database, use set_object_values() */
@@ -556,7 +1151,43 @@ done:
 	NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
 
 
-int gumm_init(GUMS_FUNCTIONS **storage) {
+int gumm_init(GUMS_FUNCTIONS **storage)
+{
+	tdbsam2_db = NULL;
+	teo_handlers = 0;
 
 	return 0;
 }
+
+#if 0
+int main(int argc, char *argv[])
+{
+	NTSTATUS ret;
+	DOM_SID dsid;
+
+	if (argc < 2) {
+		printf ("not enough arguments!\n");
+		exit(0);
+	}
+
+	if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+		fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
+		exit(1);
+	}
+
+	ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN);
+	if (NT_STATUS_IS_OK(ret)) {
+		printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid));
+	} else {
+		printf ("_domain_ creation error n. 0x%08x\n", ret.v);
+	}
+	ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER);
+	if (NT_STATUS_IS_OK(ret)) {
+		printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid));
+	} else {
+		printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v);
+	}
+	
+	exit(0);
+}
+#endif
diff --git a/source3/sam/gums.c b/source3/sam/gums.c
index 3a20ef6fc9..a118740637 100644
--- a/source3/sam/gums.c
+++ b/source3/sam/gums.c
@@ -26,10 +26,40 @@
 #define GMV_MAJOR 0
 #define GMV_MINOR 1
 
+#define PRIV_NONE			0
+#define PRIV_CREATE_TOKEN		1
+#define PRIV_ASSIGNPRIMARYTOKEN		2
+#define PRIV_LOCK_MEMORY		3
+#define PRIV_INCREASE_QUOTA		4
+#define PRIV_MACHINE_ACCOUNT		5
+#define PRIV_TCB			6
+#define PRIV_SECURITY			7
+#define PRIV_TAKE_OWNERSHIP		8
+#define PRIV_LOAD_DRIVER		9
+#define PRIV_SYSTEM_PROFILE		10
+#define PRIV_SYSTEMTIME			11
+#define PRIV_PROF_SINGLE_PROCESS	12
+#define PRIV_INC_BASE_PRIORITY		13
+#define PRIV_CREATE_PAGEFILE		14
+#define PRIV_CREATE_PERMANENT		15
+#define PRIV_BACKUP			16
+#define PRIV_RESTORE			17
+#define PRIV_SHUTDOWN			18
+#define PRIV_DEBUG			19
+#define PRIV_AUDIT			20
+#define PRIV_SYSTEM_ENVIRONMENT		21
+#define PRIV_CHANGE_NOTIFY		22
+#define PRIV_REMOTE_SHUTDOWN		23
+#define PRIV_UNDOCK			24
+#define PRIV_SYNC_AGENT			25
+#define PRIV_ENABLE_DELEGATION		26
+#define PRIV_ALL			255
+
+
 GUMS_FUNCTIONS *gums_storage;
 static void *dl_handle;
 
-PRIVS privs[] = {
+static PRIVS gums_privs[] = {
 	{PRIV_NONE,			"no_privs",				"No privilege"}, /* this one MUST be first */
 	{PRIV_CREATE_TOKEN,		"SeCreateToken",			"Create Token"},
 	{PRIV_ASSIGNPRIMARYTOKEN,	"SeAssignPrimaryToken",			"Assign Primary Token"},
@@ -110,19 +140,19 @@ done:
 
 NTSTATUS gums_unload(void)
 {
-	NSTATUS ret;
+	NTSTATUS ret;
 	NTSTATUS (*module_finalize)();
 
 	if (!dl_handle)
 		return NT_STATUS_UNSUCCESSFUL;
 
-	module_close = sys_dlsym(dl_handle, "gumm_finalize");
+	module_finalize = sys_dlsym(dl_handle, "gumm_finalize");
 	if (!module_finalize) {
 		DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	DEBUG(5, ("Finalizing module %s\n", module_name));
+	DEBUG(5, ("Finalizing module"));
 
 	ret = module_finalize();
 	sys_dlclose(dl_handle);
diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c
index 75e32fa861..2e5dcd143a 100644
--- a/source3/sam/gums_api.c
+++ b/source3/sam/gums_api.c
@@ -20,6 +20,182 @@
 
 #include "includes.h"
 
+
+/*******************************************************************
+ Create a SEC_ACL structure.  
+********************************************************************/
+
+static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
+{
+	SEC_ACL *dst;
+	int i;
+
+	if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
+		return NULL;
+
+	dst->revision = revision;
+	dst->num_aces = num_aces;
+	dst->size = SEC_ACL_HEADER_SIZE;
+
+	/* Now we need to return a non-NULL address for the ace list even
+	   if the number of aces required is zero.  This is because there
+	   is a distinct difference between a NULL ace and an ace with zero
+	   entries in it.  This is achieved by checking that num_aces is a
+	   positive number. */
+
+	if ((num_aces) && 
+            ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) 
+             == NULL)) {
+		return NULL;
+	}
+        
+	for (i = 0; i < num_aces; i++) {
+		dst->ace[i] = ace_list[i]; /* Structure copy. */
+		dst->size += ace_list[i].size;
+	}
+
+	return dst;
+}
+
+
+
+/*******************************************************************
+ Duplicate a SEC_ACL structure.  
+********************************************************************/
+
+static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
+{
+	if(src == NULL)
+		return NULL;
+
+	return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
+}
+
+
+
+/*******************************************************************
+ Creates a SEC_DESC structure
+********************************************************************/
+
+static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, 
+			DOM_SID *owner_sid, DOM_SID *grp_sid,
+			SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
+{
+	SEC_DESC *dst;
+	uint32 offset     = 0;
+	uint32 offset_sid = SEC_DESC_HEADER_SIZE;
+	uint32 offset_acl = 0;
+
+	*sd_size = 0;
+
+	if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
+		return NULL;
+
+	dst->revision = revision;
+	dst->type     = SEC_DESC_SELF_RELATIVE;
+
+	if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
+	if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
+
+	dst->off_owner_sid = 0;
+	dst->off_grp_sid   = 0;
+	dst->off_sacl      = 0;
+	dst->off_dacl      = 0;
+
+	if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
+		goto error_exit;
+
+	if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
+		goto error_exit;
+
+	if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
+		goto error_exit;
+
+	if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
+		goto error_exit;
+
+	offset = 0;
+
+	/*
+	 * Work out the linearization sizes.
+	 */
+	if (dst->owner_sid != NULL) {
+
+		if (offset == 0)
+			offset = SEC_DESC_HEADER_SIZE;
+
+		offset += sid_size(dst->owner_sid);
+	}
+
+	if (dst->grp_sid != NULL) {
+
+		if (offset == 0)
+			offset = SEC_DESC_HEADER_SIZE;
+
+		offset += sid_size(dst->grp_sid);
+	}
+
+	if (dst->sacl != NULL) {
+
+		offset_acl = SEC_DESC_HEADER_SIZE;
+
+		dst->off_sacl  = offset_acl;
+		offset_acl    += dst->sacl->size;
+		offset        += dst->sacl->size;
+		offset_sid    += dst->sacl->size;
+	}
+
+	if (dst->dacl != NULL) {
+
+		if (offset_acl == 0)
+			offset_acl = SEC_DESC_HEADER_SIZE;
+
+		dst->off_dacl  = offset_acl;
+		offset_acl    += dst->dacl->size;
+		offset        += dst->dacl->size;
+		offset_sid    += dst->dacl->size;
+	}
+
+	*sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
+
+	if (dst->owner_sid != NULL)
+		dst->off_owner_sid = offset_sid;
+		
+	/* sid_size() returns 0 if the sid is NULL so this is ok */
+		
+	if (dst->grp_sid != NULL)
+		dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
+
+	return dst;
+
+error_exit:
+
+	*sd_size = 0;
+	return NULL;
+}
+
+/*******************************************************************
+ Duplicate a SEC_DESC structure.  
+********************************************************************/
+
+static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
+{
+	size_t dummy;
+
+	if(src == NULL)
+		return NULL;
+
+	return make_sec_desc( ctx, src->revision, 
+				src->owner_sid, src->grp_sid, src->sacl,
+				src->dacl, &dummy);
+}
+
+
+
+
+
+
+
 extern GUMS_FUNCTIONS *gums_storage;
 
 /* Functions to get/set info from a GUMS object */
@@ -37,7 +213,7 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
 {
 	TALLOC_CTX *mem_ctx = talloc_init("gums_create_object");
 	GUMS_OBJECT *go;
-	NT_STATUS ret;
+	NTSTATUS ret;
 	
 	go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT));
 	go->mem_ctx = mem_ctx;
@@ -54,12 +230,12 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
 		case GUMS_OBJ_DOMAIN_TRUST:
 */
 		case GUMS_OBJ_NORMAL_USER:
-			go->data = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
+			go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
 			break;
 
 		case GUMS_OBJ_GROUP:
 		case GUMS_OBJ_ALIAS:
-			go->data = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
+			go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
 			break;
 
 		default:
@@ -68,7 +244,7 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
 			goto error;
 	}
 
-	if (!(go->data)) {
+	if (!(go->data.user)) {
 		ret = NT_STATUS_NO_MEMORY;
 		DEBUG(0, ("gums_create_object: Out of memory!\n"));
 		goto error;
@@ -190,6 +366,30 @@ NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT
 }
 */
 
+NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj)
+{
+	if (!obj)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	if (obj->type != GUMS_OBJ_DOMAIN)
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+	*rid = obj->data.domain->next_rid;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
+{
+	if (!obj)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	if (obj->type != GUMS_OBJ_DOMAIN)
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+	obj->data.domain->next_rid = rid;
+	return NT_STATUS_OK;
+}
+
 NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
 {
 	if (!sid || !obj)
@@ -223,19 +423,19 @@ NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
 	if (obj->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	*nt_pwd = obj->data.user->nt_pw;
+	*nt_pwd = &(obj->data.user->nt_pw);
 	return NT_STATUS_OK;
 }
 
 NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
 {
-	if (!obj || !nt_pwd || nt_pwd != NT_HASH_LEN)
+	if (!obj || nt_pwd.length != NT_HASH_LEN)
 		return NT_STATUS_INVALID_PARAMETER;
 
 	if (obj->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	obj->data.user->nt_pwd = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.lenght);
+	obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
 	return NT_STATUS_OK;
 }
 
@@ -247,19 +447,19 @@ NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
 	if (obj->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	*lm_pwd = obj->data.user->lm_pw;
+	*lm_pwd = &(obj->data.user->lm_pw);
 	return NT_STATUS_OK;
 }
 
 NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
 {
-	if (!obj || !lm_pwd || lm_pwd != LM_HASH_LEN)
+	if (!obj || lm_pwd.length != LM_HASH_LEN)
 		return NT_STATUS_INVALID_PARAMETER;
 
 	if (obj->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	obj->data.user->lm_pwd = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.lenght);
+	obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
 	return NT_STATUS_OK;
 }
 
@@ -591,7 +791,7 @@ NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, cons
 	if (obj->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	*pass_must_change_time = obj->data-user->pass_must_change_time;
+	*pass_must_change_time = obj->data.user->pass_must_change_time;
 	return NT_STATUS_OK;
 }
 
@@ -768,7 +968,7 @@ NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJ
 			return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
 	*count = obj->data.group->count;
-	*members = obj->data.group->members;
+	*members = *(obj->data.group->members);
 	return NT_STATUS_OK;
 }
 
@@ -786,7 +986,7 @@ NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **member
 	obj->data.group->count = count;
 	n = 0;
 	do {
-		obj->data.group->members[n] = dup_sec_desc(obj->mem_ctx, members[n]);
+		obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]);
 		if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY;
 		n++;
 	} while (n < count);
@@ -836,8 +1036,8 @@ NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = GUMS_SET_SEC_DESC;
 	new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
@@ -849,6 +1049,7 @@ NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC
 	return NT_STATUS_OK;
 }
 
+/*
 NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
 {
 	GUMS_DATA_SET *data_set;
@@ -858,7 +1059,7 @@ NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU
 		return NT_STATUS_INVALID_PARAMETER;
 
 	com_set->count = com_set->count + 1;
-	if (com_set->count == 1) { /* first data set */
+	if (com_set->count == 1) {
 		data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
 	} else {
 		data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
@@ -866,8 +1067,8 @@ NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = GUMS_ADD_PRIVILEGE;
 	if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
@@ -887,7 +1088,7 @@ NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU
 		return NT_STATUS_INVALID_PARAMETER;
 
 	com_set->count = com_set->count + 1;
-	if (com_set->count == 1) { /* first data set */
+	if (com_set->count == 1) {
 		data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
 	} else {
 		data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
@@ -895,8 +1096,8 @@ NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = GUMS_DEL_PRIVILEGE;
 	if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
@@ -916,7 +1117,7 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
 		return NT_STATUS_INVALID_PARAMETER;
 
 	com_set->count = com_set->count + 1;
-	if (com_set->count == 1) { /* first data set */
+	if (com_set->count == 1) {
 		data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
 	} else {
 		data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
@@ -924,10 +1125,10 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
-	data_set->type = GUMS_SET_SEC_DESC;
+	data_set->type = GUMS_SET_PRIVILEGE;
 	if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
 		return NT_STATUS_NO_MEMORY;
 
@@ -935,6 +1136,7 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
 
 	return NT_STATUS_OK;
 }
+*/
 
 NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
 {
@@ -953,8 +1155,8 @@ NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = type;
 	new_str = talloc_strdup(mem_ctx, str);
@@ -968,12 +1170,12 @@ NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3
 
 NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
 {
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
 }
 
 NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
 {
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
 }
 
 NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
@@ -981,7 +1183,7 @@ NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, ch
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
 }
 
 NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
@@ -989,7 +1191,7 @@ NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_se
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
 }
 
 NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
@@ -997,7 +1199,7 @@ NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
 }
 
 NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
@@ -1005,7 +1207,7 @@ NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set,
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
 }
 
 NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
@@ -1013,7 +1215,7 @@ NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set,
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
 }
 
 NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
@@ -1021,7 +1223,7 @@ NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set,
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
 }
 
 NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
@@ -1029,7 +1231,7 @@ NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_se
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
 }
 
 NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
@@ -1037,7 +1239,7 @@ NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set,
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
+	return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
 }
 
 NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
@@ -1057,8 +1259,8 @@ NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = type;
 	new_time = talloc(mem_ctx, sizeof(NTTIME));
@@ -1077,7 +1279,7 @@ NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, N
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
+	return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
 }
 
 NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
@@ -1085,7 +1287,7 @@ NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set,
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
+	return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
 }
 
 NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
@@ -1093,7 +1295,7 @@ NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set,
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
+	return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
 }
 
 NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
@@ -1101,7 +1303,7 @@ NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *co
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
+	return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
 }
 
 NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
@@ -1109,7 +1311,7 @@ NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
+	return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
 }
 
 NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
@@ -1117,7 +1319,7 @@ NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET
 	if (com_set->type != GUMS_OBJ_NORMAL_USER)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
+	return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
 }
 
 NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
@@ -1138,8 +1340,8 @@ NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = GUMS_ADD_SID_LIST;
 	new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
@@ -1163,7 +1365,7 @@ NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_se
 	if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_add_sids_to_group(mem_ctx, com_set, sids, count);	
+	return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);	
 }
 
 NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
@@ -1173,7 +1375,7 @@ NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_s
 	if (com_set->type != GUMS_OBJ_ALIAS)
 		return NT_STATUS_INVALID_PARAMETER;
 
-	return gums_add_sids_to_group(mem_ctx, com_set, sids, count);	
+	return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);	
 }
 
 NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
@@ -1196,8 +1398,8 @@ NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_s
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = GUMS_DEL_SID_LIST;
 	new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
@@ -1234,8 +1436,8 @@ NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
 	if (data_set == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	com_set->data = data_set;
-	data_set = &((com_set->data)[com_set->count - 1]);
+	com_set->data[0] = data_set;
+	data_set = ((com_set->data)[com_set->count - 1]);
 	
 	data_set->type = GUMS_SET_SID_LIST;
 	new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
@@ -1255,7 +1457,7 @@ NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
 
 NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
 {
-	return gums_storage->set_object_values(set->sid, set->count, set->data);
+	return gums_storage->set_object_values(&(set->sid), set->count, set->data);
 }
 
 NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c
index 8526a2f1cc..c22e6cf7ff 100644
--- a/source3/sam/gums_helper.c
+++ b/source3/sam/gums_helper.c
@@ -57,13 +57,13 @@ extern DOM_SID global_sid_Builtin_Guests;
    loops with winbind may happen. 
  ****************************************************************************/
 
-/*
+#if 0
 NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
 {
 	NTSTATUS result;
 	gid_t id;
 
-	/* look if mapping exist, do not make idmap alloc an uid if SID is not found * /
+	/* look if mapping exist, do not make idmap alloc an uid if SID is not found */
 	result = idmap_get_gid_from_sid(&id, sid, False);
 	if (NT_STATUS_IS_OK(result)) {
 		*mapped = gid_is_in_winbind_range(id);
@@ -73,7 +73,7 @@ NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
 
 	return result;
 }
-*/
+#endif
 
 /****************************************************************************
  duplicate alloc luid_attr
@@ -96,7 +96,7 @@ NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_l
 /****************************************************************************
  initialise a privilege list
  ****************************************************************************/
-void init_privilege(PRIVILEGE_SET *priv_set)
+void gums_init_privilege(PRIVILEGE_SET *priv_set)
 {
 	priv_set->count=0;
 	priv_set->control=0;
@@ -106,12 +106,12 @@ void init_privilege(PRIVILEGE_SET *priv_set)
 /****************************************************************************
  add a privilege to a privilege array
  ****************************************************************************/
-NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
+NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
 {
 	LUID_ATTR *new_set;
 
 	/* check if the privilege is not already in the list */
-	if (check_priv_in_privilege(priv_set, set))
+	if (gums_check_priv_in_privilege(priv_set, set))
 		return NT_STATUS_UNSUCCESSFUL;
 
 	/* we can allocate memory to add the new privilege */
@@ -135,7 +135,7 @@ NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
 /****************************************************************************
  add all the privileges to a privilege array
  ****************************************************************************/
-NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
+NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
 {
 	NTSTATUS result = NT_STATUS_OK;
 	LUID_ATTR set;
@@ -144,15 +144,15 @@ NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
 	set.luid.high=0;
 	
 	set.luid.low=SE_PRIV_ADD_USERS;
-	result = add_privilege(priv_set, ctx, set);
+	result = gums_add_privilege(priv_set, ctx, set);
 	NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
 	
 	set.luid.low=SE_PRIV_ADD_MACHINES;
-	result = add_privilege(priv_set, ctx, set);
+	result = gums_add_privilege(priv_set, ctx, set);
 	NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
 
 	set.luid.low=SE_PRIV_PRINT_OPERATOR;
-	result = add_privilege(priv_set, ctx, set);
+	result = gums_add_privilege(priv_set, ctx, set);
 	NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
 	
 done:
@@ -162,7 +162,7 @@ done:
 /****************************************************************************
  check if the privilege list is empty
  ****************************************************************************/
-BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
+BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set)
 {
 	return (priv_set->count == 0);
 }
@@ -170,12 +170,12 @@ BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
 /****************************************************************************
  check if the privilege is in the privilege list
  ****************************************************************************/
-BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
+BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
 {
 	int i;
 
 	/* if the list is empty, obviously we can't have it */
-	if (check_empty_privilege(priv_set))
+	if (gums_check_empty_privilege(priv_set))
 		return False;
 
 	for (i=0; i<priv_set->count; i++) {
@@ -193,19 +193,19 @@ BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
 /****************************************************************************
  remove a privilege from a privilege array
  ****************************************************************************/
-NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
+NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
 {
 	LUID_ATTR *new_set;
 	LUID_ATTR *old_set;
 	int i,j;
 
 	/* check if the privilege is in the list */
-	if (!check_priv_in_privilege(priv_set, set))
+	if (!gums_check_priv_in_privilege(priv_set, set))
 		return NT_STATUS_UNSUCCESSFUL;
 
 	/* special case if it's the only privilege in the list */
 	if (priv_set->count==1) {
-		init_privilege(priv_set);	
+		gums_init_privilege(priv_set);	
 		return NT_STATUS_OK;
 	}
 
@@ -252,14 +252,14 @@ NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR se
 /****************************************************************************
  duplicates a privilege array
  ****************************************************************************/
-NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
+NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
 {
 	LUID_ATTR *new_set;
 	LUID_ATTR *old_set;
 	int i;
 
 	*new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
-	init_privilege(*new_priv_set);	
+	gums_init_privilege(*new_priv_set);	
 
 	/* special case if there are no privileges in the list */
 	if (priv_set->count == 0) {
@@ -301,6 +301,8 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILE
 
 #define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
 
+
+#if 0
 NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
 {
 	DOM_SID *world = &global_sid_World;
@@ -378,14 +380,14 @@ NTSTATUS gums_init_builtin_groups(void)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	/* Administrators */
+	/* Administrators * /
 
 	/* alloc group structure */
-	g_obj.data = (void *)talloc(g_obj.mem_ctx, sizeof(GUMS_OBJ_GROUP));
-	ALLOC_CHECK("gums_init_backend", g_obj.data, result, done);
+	g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP));
+	ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done);
 
 	/* make admins sid */
-	g_grp = (GUMS_GROUP *)g_obj.data;
+	g_grp = (GUMS_GROUP *)g_obj.data.group;
 	sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
 
 	/* make security descriptor */
@@ -604,4 +606,5 @@ done:
 	talloc_destroy(g_priv.mem_ctx);
 	return result;
 }
+#endif
 
diff --git a/source3/script/genstruct.pl b/source3/script/genstruct.pl
index 081b81f510..a6abd718c9 100755
--- a/source3/script/genstruct.pl
+++ b/source3/script/genstruct.pl
@@ -131,12 +131,13 @@ sub parse_elements($$)
 		print ", $name";
 	}
 
-	print OFILE "int gen_dump_struct_$name(struct parse_string *, const char *, unsigned);\n";
-	print OFILE "int gen_parse_struct_$name(char *, const char *);\n";
+	print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n";
+	print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n";
 
 	print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n";
 
-	while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?\$(.*)/msi) {
+
+	while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) {
 		my($element) = $1;
 		my($flags) = $2;
 		$elements = $3;
@@ -146,11 +147,11 @@ sub parse_elements($$)
 	print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n";
 
 	print OFILE "
-int gen_dump_struct_$name(struct parse_string *p, const char *ptr, unsigned indent) {
-	return gen_dump_struct(pinfo_$name, p, ptr, indent);
+int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) {
+	return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent);
 }
-int gen_parse_struct_$name(char *ptr, const char *str) {
-	return gen_parse_struct(pinfo_$name, ptr, str);
+int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) {
+	return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str);
 }
 
 ";
-- 
cgit 


From 6a141b7963de61b1223031ea4012605aeca13bc7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 7 Mar 2003 19:37:27 +0000
Subject: Patch from Michael Steffens. In his own words :
 ------------------------------------------------------------------------- I
 think there are basically two problem:

  1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
     and SMB_ACL_OTHER.
     The function ensure_canon_entry_valid() is prepared for that, but tries
     to "guess" values from group or other permissions, respectively, otherwise
     falling back to minimum r-- for the owner. Even if the owner had full
     permissions before setting ACL. This is the problem with W2k clients.

  2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
     This is ok in a take-ownership situation, but must fail if the file is
     to be given away. This is the problem with XP clients, trying to transfer
     ownership of the original file to the temp file.

The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.

I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:

  1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
     as "preserve current value" instead of attempting to build one ourself.
     The original code is still in, but only as fallback in case current values
     can't be retrieved.

  2. Rearrange set_nt_acl() such that chown is only done before setting
     ACLs if there is either no change of owning user, or change of owning
     user is towards the current user. Otherwise chown is done after setting
     ACLs.

It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 8ec20cbae7ca7e685b1a4186d8482c7405915dc3)
---
 source3/smbd/posix_acls.c | 277 +++++++++++++++++++++++++++++++++-------------
 1 file changed, 199 insertions(+), 78 deletions(-)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 93a57925f1..2aea3a2c90 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -559,12 +559,18 @@ static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
 	extern DOM_SID global_sid_World;
 	fstring u_name;
 	fstring g_name;
+	extern struct current_user current_user;
 
 	/* "Everyone" always matches every uid. */
 
 	if (sid_equal(&group_ace->trustee, &global_sid_World))
 		return True;
 
+	/* Assume that the current user is in the current group (force group) */
+
+	if (uid_ace->unix_ug.uid == current_user.uid && group_ace->unix_ug.gid == current_user.gid)
+		return True;
+
 	fstrcpy(u_name, uidtoname(uid_ace->unix_ug.uid));
 	fstrcpy(g_name, gidtoname(group_ace->unix_ug.gid));
 
@@ -600,6 +606,14 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 	BOOL got_other = False;
 	canon_ace *pace_other = NULL;
 	canon_ace *pace_group = NULL;
+	connection_struct *conn = fsp->conn;
+	SMB_ACL_T current_posix_acl = NULL;
+	mode_t current_user_perms = 0;
+	mode_t current_grp_perms = 0;
+	mode_t current_other_perms = 0;
+	BOOL got_current_user = False;
+	BOOL got_current_grp = False;
+	BOOL got_current_other = False;
 
 	for (pace = *pp_ace; pace; pace = pace->next) {
 		if (pace->type == SMB_ACL_USER_OBJ) {
@@ -632,6 +646,62 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 		}
 	}
 
+	/*
+	 * When setting ACLs and missing one out of SMB_ACL_USER_OBJ,
+	 * SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER, try to retrieve current
+	 * values. For user and other a simple vfs_stat would do, but
+	 * we would get mask instead of group. Let's do it via ACL.
+	 */
+
+	if (setting_acl && (!got_user || !got_grp || !got_other)) {
+
+		SMB_ACL_ENTRY_T entry;
+		int entry_id = SMB_ACL_FIRST_ENTRY;
+
+		if(fsp->is_directory || fsp->fd == -1) {
+			current_posix_acl = conn->vfs_ops.sys_acl_get_file(conn, fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
+		} else {
+			current_posix_acl = conn->vfs_ops.sys_acl_get_fd(fsp, fsp->fd);
+		}
+
+		if (current_posix_acl) {
+			while (conn->vfs_ops.sys_acl_get_entry(conn, current_posix_acl, entry_id, &entry) == 1) {
+				SMB_ACL_TAG_T tagtype;
+				SMB_ACL_PERMSET_T permset;
+
+				/* get_next... */
+				if (entry_id == SMB_ACL_FIRST_ENTRY)
+					entry_id = SMB_ACL_NEXT_ENTRY;
+
+				/* Is this a MASK entry ? */
+				if (conn->vfs_ops.sys_acl_get_tag_type(conn, entry, &tagtype) == -1)
+					continue;
+
+				if (conn->vfs_ops.sys_acl_get_permset(conn, entry, &permset) == -1)
+					continue;
+
+				switch(tagtype) {
+					case SMB_ACL_USER_OBJ:
+						current_user_perms = convert_permset_to_mode_t(conn, permset);
+						got_current_user = True;
+						break;
+					case SMB_ACL_GROUP_OBJ:
+						current_grp_perms = convert_permset_to_mode_t(conn, permset);
+						got_current_grp = True;
+						break;
+					case SMB_ACL_OTHER:
+						current_other_perms = convert_permset_to_mode_t(conn, permset);
+						got_current_other = True;
+						break;
+				}
+			}
+			conn->vfs_ops.sys_acl_free_acl(conn, current_posix_acl);
+		} else {
+			DEBUG(10,("ensure_canon_entry_valid: failed to retrieve current ACL of %s\n",
+				fsp->fsp_name));
+		}
+	}
+
 	if (!got_user) {
 		if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
 			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
@@ -646,13 +716,19 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 		pace->attr = ALLOW_ACE;
 
 		if (setting_acl) {
-			/* If we only got an "everyone" perm, just use that. */
-			if (!got_grp && got_other)
-				pace->perms = pace_other->perms;
-			else if (got_grp && uid_entry_in_group(pace, pace_group))
-				pace->perms = pace_group->perms;
-			else
-				pace->perms = 0;
+			if (got_current_user) {
+				pace->perms = current_user_perms;
+			} else {
+				/* If we only got an "everyone" perm, just use that. */
+				if (!got_grp && got_other)
+					pace->perms = pace_other->perms;
+				else if (got_grp && uid_entry_in_group(pace, pace_group))
+					pace->perms = pace_group->perms;
+				else
+					pace->perms = 0;
+
+			}
+
 			apply_default_perms(fsp, pace, S_IRUSR);
 		} else {
 			pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
@@ -674,11 +750,15 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 		pace->trustee = *pfile_grp_sid;
 		pace->attr = ALLOW_ACE;
 		if (setting_acl) {
-			/* If we only got an "everyone" perm, just use that. */
-			if (got_other)
-				pace->perms = pace_other->perms;
-			else
-				pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
+			if (got_current_grp) {
+				pace->perms = current_grp_perms;
+			} else {
+				/* If we only got an "everyone" perm, just use that. */
+				if (got_other)
+					pace->perms = pace_other->perms;
+				else
+					pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
+			}
 			apply_default_perms(fsp, pace, S_IRGRP);
 		} else {
 			pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
@@ -700,7 +780,10 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 		pace->trustee = global_sid_World;
 		pace->attr = ALLOW_ACE;
 		if (setting_acl) {
-			pace->perms = 0;
+			if (got_current_other)
+				pace->perms = current_other_perms;
+			else
+				pace->perms = 0;
 			apply_default_perms(fsp, pace, S_IROTH);
 		} else
 			pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
@@ -1734,6 +1817,11 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
 	BOOL needs_mask = False;
 	mode_t mask_perms = 0;
 
+#if defined(POSIX_ACL_NEEDS_MASK)
+	/* HP-UX always wants to have a mask (called "class" there). */
+	needs_mask = True;
+#endif
+
 	if (the_acl == NULL) {
 
 		if (errno != ENOSYS) {
@@ -1748,6 +1836,13 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
 		return False;
 	}
 
+	if( DEBUGLVL( 10 )) {
+		dbgtext("set_canon_ace_list: setting ACL:\n");
+		for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
+			print_canon_ace( p_ace, i);
+		}
+	}
+
 	for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
 		SMB_ACL_ENTRY_T the_entry;
 		SMB_ACL_PERMSET_T the_permset;
@@ -2460,6 +2555,8 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	mode_t orig_mode = (mode_t)0;
 	uid_t orig_uid;
 	gid_t orig_gid;
+	BOOL need_chown = False;
+	extern struct current_user current_user;
 
 	DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name ));
 
@@ -2496,7 +2593,15 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	 * Do we need to chown ?
 	 */
 
-	if((user != (uid_t)-1 || grp != (uid_t)-1) && (orig_uid != user || orig_gid != grp)) {
+	need_chown = (user != (uid_t)-1 && orig_uid != user || grp != (uid_t)-1 && orig_gid != grp);
+
+	/*
+	 * Chown before setting ACL only if we don't change the user, or
+	 * if we change to the current user, but not if we want to give away
+	 * the file.
+	 */
+
+	if (need_chown && (user == (uid_t)-1 || user == current_user.uid)) {
 
 		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
 				fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
@@ -2533,6 +2638,9 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 		orig_mode = sbuf.st_mode;
 		orig_uid = sbuf.st_uid;
 		orig_gid = sbuf.st_gid;
+
+		/* We did it, don't try again */
+		need_chown = False;
 	}
 
 	create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid);
@@ -2540,97 +2648,110 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid,
 									&file_ace_list, &dir_ace_list, security_info_sent, psd);
 
-	if ((file_ace_list == NULL) && (dir_ace_list == NULL)) {
-		/* W2K traverse DACL set - ignore. */
-		return True;
-    }
-
-	if (!acl_perms) {
-		DEBUG(3,("set_nt_acl: cannot set permissions\n"));
-		free_canon_ace_list(file_ace_list);
-		free_canon_ace_list(dir_ace_list); 
-		return False;
-	}
+	/* Ignore W2K traverse DACL set. */
+	if (file_ace_list || dir_ace_list) {
 
-	/*
-	 * Only change security if we got a DACL.
-	 */
-
-	if((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl != NULL)) {
-
-		BOOL acl_set_support = False;
-		BOOL ret = False;
+		if (!acl_perms) {
+			DEBUG(3,("set_nt_acl: cannot set permissions\n"));
+			free_canon_ace_list(file_ace_list);
+			free_canon_ace_list(dir_ace_list); 
+			return False;
+		}
 
 		/*
-		 * Try using the POSIX ACL set first. Fall back to chmod if
-		 * we have no ACL support on this filesystem.
+		 * Only change security if we got a DACL.
 		 */
 
-		if (acl_perms && file_ace_list) {
-			ret = set_canon_ace_list(fsp, file_ace_list, False, &acl_set_support);
-			if (acl_set_support && ret == False) {
-				DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) ));
-				free_canon_ace_list(file_ace_list);
-				free_canon_ace_list(dir_ace_list); 
-				return False;
-			}
-		}
+		if((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl != NULL)) {
 
-		if (acl_perms && acl_set_support && fsp->is_directory) {
-			if (dir_ace_list) {
-				if (!set_canon_ace_list(fsp, dir_ace_list, True, &acl_set_support)) {
-					DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
-					free_canon_ace_list(file_ace_list);
-					free_canon_ace_list(dir_ace_list); 
-					return False;
-				}
-			} else {
+			BOOL acl_set_support = False;
+			BOOL ret = False;
 
-				/*
-				 * No default ACL - delete one if it exists.
-				 */
+			/*
+			 * Try using the POSIX ACL set first. Fall back to chmod if
+			 * we have no ACL support on this filesystem.
+			 */
 
-				if (conn->vfs_ops.sys_acl_delete_def_file(conn, fsp->fsp_name) == -1) {
-					DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
+			if (acl_perms && file_ace_list) {
+				ret = set_canon_ace_list(fsp, file_ace_list, False, &acl_set_support);
+				if (acl_set_support && ret == False) {
+					DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) ));
 					free_canon_ace_list(file_ace_list);
+					free_canon_ace_list(dir_ace_list); 
 					return False;
 				}
 			}
-		}
 
-		/*
-		 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod.
-		 */
+			if (acl_perms && acl_set_support && fsp->is_directory) {
+				if (dir_ace_list) {
+					if (!set_canon_ace_list(fsp, dir_ace_list, True, &acl_set_support)) {
+						DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
+						free_canon_ace_list(file_ace_list);
+						free_canon_ace_list(dir_ace_list); 
+						return False;
+					}
+				} else {
 
-		if(!acl_set_support && acl_perms) {
-			mode_t posix_perms;
+					/*
+					 * No default ACL - delete one if it exists.
+					 */
 
-			if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) {
-				free_canon_ace_list(file_ace_list);
-				free_canon_ace_list(dir_ace_list);
-				DEBUG(3,("set_nt_acl: failed to convert file acl to posix permissions for file %s.\n",
-					fsp->fsp_name ));
-				return False;
+					if (conn->vfs_ops.sys_acl_delete_def_file(conn, fsp->fsp_name) == -1) {
+						DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
+						free_canon_ace_list(file_ace_list);
+						free_canon_ace_list(dir_ace_list);
+						return False;
+					}
+				}
 			}
 
-			if (orig_mode != posix_perms) {
+			/*
+			 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod.
+			 */
 
-				DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
-					fsp->fsp_name, (unsigned int)posix_perms ));
+			if(!acl_set_support && acl_perms) {
+				mode_t posix_perms;
 
-				if(conn->vfs_ops.chmod(conn,fsp->fsp_name, posix_perms) == -1) {
-					DEBUG(3,("set_nt_acl: chmod %s, 0%o failed. Error = %s.\n",
-							fsp->fsp_name, (unsigned int)posix_perms, strerror(errno) ));
+				if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) {
 					free_canon_ace_list(file_ace_list);
 					free_canon_ace_list(dir_ace_list);
+					DEBUG(3,("set_nt_acl: failed to convert file acl to posix permissions for file %s.\n",
+						fsp->fsp_name ));
 					return False;
 				}
+
+				if (orig_mode != posix_perms) {
+
+					DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
+						fsp->fsp_name, (unsigned int)posix_perms ));
+
+					if(conn->vfs_ops.chmod(conn,fsp->fsp_name, posix_perms) == -1) {
+						DEBUG(3,("set_nt_acl: chmod %s, 0%o failed. Error = %s.\n",
+								fsp->fsp_name, (unsigned int)posix_perms, strerror(errno) ));
+						free_canon_ace_list(file_ace_list);
+						free_canon_ace_list(dir_ace_list);
+						return False;
+					}
+				}
 			}
 		}
+
+		free_canon_ace_list(file_ace_list);
+		free_canon_ace_list(dir_ace_list); 
 	}
 
-	free_canon_ace_list(file_ace_list);
-	free_canon_ace_list(dir_ace_list); 
+	/* Any chown pending? */
+	if (need_chown) {
+
+		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
+			fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
+
+		if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) {
+			DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n",
+				fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
+			return False;
+		}
+	}
 
 	return True;
 }
-- 
cgit 


From 24c95539d593ccb703a4c381060a0bcad5052458 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 7 Mar 2003 19:46:51 +0000
Subject: Missed parentheses around complex logic. Jeremy. (This used to be
 commit e81427c2d69be166afad94bc083e750e8f48fba7)

---
 source3/smbd/posix_acls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 2aea3a2c90..01e3c31ba7 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2593,7 +2593,8 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	 * Do we need to chown ?
 	 */
 
-	need_chown = (user != (uid_t)-1 && orig_uid != user || grp != (uid_t)-1 && orig_gid != grp);
+	if (((user != (uid_t)-1) && (orig_uid != user)) || (( grp != (uid_t)-1) && (orig_gid != grp)))
+		need_chown = True;
 
 	/*
 	 * Chown before setting ACL only if we don't change the user, or
-- 
cgit 


From f944fd6975a598a154a943867c94f3dabc7a1139 Mon Sep 17 00:00:00 2001
From: Steve French <sfrench@samba.org>
Date: Fri, 7 Mar 2003 22:29:14 +0000
Subject: Add early prototype of cifs mount helper for Linux (This used to be
 commit b20bcf8d336b4b2079eb42342a96d1fe714709de)

---
 source3/client/mount.cifs.c | 389 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 389 insertions(+)
 create mode 100755 source3/client/mount.cifs.c

diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c
new file mode 100755
index 0000000000..5b19752f8b
--- /dev/null
+++ b/source3/client/mount.cifs.c
@@ -0,0 +1,389 @@
+#define _GNU_SOURCE
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/utsname.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <getopt.h>
+#include <errno.h>
+#include <netdb.h>
+#include <string.h>
+
+#define MOUNT_CIFS_VERSION "1"
+
+extern char *getusername(void);
+
+char * thisprogram;
+int verboseflag = 0;
+static int got_password = 0;
+static int got_user = 0;
+static char * user_name = NULL;
+char * mountpassword = NULL;
+
+
+void mount_cifs_usage()
+{
+	printf("\nUsage:  %s remotetarget dir\n", thisprogram);
+	printf("\nMount the remotetarget, specified as either a UNC name or ");
+	printf(" CIFS URL, to the local directory, dir.\n");
+
+	return;
+}
+
+/* caller frees username if necessary */
+char * getusername() {
+	char *username = NULL;
+	struct passwd *password = getpwuid(getuid());
+
+	if (password) {
+		username = password->pw_name;
+	}
+	return username;
+}
+
+char * parse_cifs_url(unc_name)
+{
+	printf("\ncifs url %s\n",unc_name);
+}
+
+char * parse_options(char * options)
+{
+	/* BB add missing code BB */
+}
+
+/* Note that caller frees the returned buffer if necessary */
+char * parse_server(char * unc_name)
+{
+	int length = strnlen(unc_name,1024);
+	char * share;
+	char * ipaddress_string = NULL;
+	struct hostent * host_entry;
+	struct in_addr server_ipaddr;
+	int rc,j;
+	char temp[64];
+
+
+	if(length > 1023) {
+		printf("mount error: UNC name too long");
+		return 0;
+	}
+	if (strncasecmp("cifs://",unc_name,7) == 0)
+		return parse_cifs_url(unc_name+7);
+	if (strncasecmp("smb://",unc_name,6) == 0) {
+		return parse_cifs_url(unc_name+6);
+	}
+
+	if(length < 3) {
+		/* BB add code to find DFS root here */
+		printf("\nMounting the DFS root for domain not implemented yet");
+		return 0;
+	} else {
+		/* BB add support for \\\\ not just // */
+		if(strncmp(unc_name,"//",2) && strncmp(unc_name,"\\\\",2)) {
+			printf("mount error: improperly formatted UNC name.");
+			printf(" %s does not begin with \\\\ or //\n",unc_name);
+			return 0;
+		} else {
+			unc_name += 2;
+			if (share = strchr(unc_name, '/')) {
+				*share = 0;  /* temporarily terminate the string */
+				share += 1;
+				host_entry = gethostbyname(unc_name);
+				*(share - 1) = '\\'; /* put the slash back */
+/*				rc = getipnodebyname(unc_name, AF_INET, AT_ADDRCONFIG ,&rc);*/
+				if(host_entry == NULL) {
+					printf("mount error: could not find target server. TCP name %s not found ", unc_name);
+					printf(" rc = %d\n",rc);
+					return 0;
+				}
+				else {
+					printf("Target server %s %x found\n",host_entry->h_name,host_entry->h_addr);	/* BB removeme */
+					/* BB should we pass an alternate version of the share name as Unicode */
+					/* BB what about ipv6? BB */
+					/* BB add retries with alternate servers in list */
+
+					memcpy(&server_ipaddr.s_addr, host_entry->h_addr, 4);
+
+					ipaddress_string = inet_ntoa(server_ipaddr);                                                                                     
+					if(ipaddress_string == NULL) {
+						printf("mount error: could not get valid ip address for target server\n");
+						return 0;
+					}
+					return ipaddress_string; 
+				}
+			} else {
+				/* BB add code to find DFS root (send null path on get DFS Referral to specified server here */
+				printf("Mounting the DFS root for a particular server not implemented yet\n");
+				return 0;
+			}
+		}
+	}
+}
+
+static struct option longopts[] = {
+	{ "all", 0, 0, 'a' },
+	{ "help", 0, 0, 'h' },
+	{ "read-only", 0, 0, 'r' },
+	{ "ro", 0, 0, 'r' },
+	{ "verbose", 0, 0, 'v' },
+	{ "version", 0, 0, 'V' },
+	{ "read-write", 0, 0, 'w' },
+	{ "rw", 0, 0, 'w' },
+	{ "options", 1, 0, 'o' },
+	{ "types", 1, 0, 't' },
+	{ "replace", 0, 0, 129 },
+	{ "after", 0, 0, 130 },
+	{ "before", 0, 0, 131 },
+	{ "over", 0, 0, 132 },
+	{ "move", 0, 0, 133 },
+	{ "rsize",1, 0, 136 },
+	{ "wsize",1, 0, 137 },
+	{ "uid", 1, 0, 138},
+	{ "gid", 1, 0, 139},
+	{ "uuid",1,0,'U' },
+	{ "user",1,0,140},
+	{ "username",1,0,140},
+	{ "dom",1,0,141},
+	{ "domain",1,0,141},
+	{ "password",1,0,142},
+	{ NULL, 0, 0, 0 }
+};
+
+int main(int argc, char ** argv)
+{
+	int c;
+	int flags = MS_MANDLOCK | MS_MGC_VAL;
+	char * orgoptions = NULL;
+	char * options;
+	char * share_name;
+	char * domain_name = NULL;
+	char * ipaddr;
+	char * mount_point;
+	char * uuid = NULL;
+	int rc,i;
+	int rsize = 0;
+	int wsize = 0;
+	int nomtab = 0;
+	int uid = 0;
+	int gid = 0;
+	int optlen = 0;
+	struct stat statbuf;
+	struct utsname sysinfo;
+
+	/* setlocale(LC_ALL, "");
+	bindtextdomain(PACKAGE, LOCALEDIR);
+	textdomain(PACKAGE); */
+
+	if(argc && argv) {
+		thisprogram = argv[0];
+	}
+	if(thisprogram == NULL)
+		thisprogram = "mount.cifs";
+
+	uname(&sysinfo);
+#ifdef _GNU_SOURCE
+	printf(" node: %s machine: %s\n", sysinfo.nodename,sysinfo.machine);
+#endif
+	mount_cifs_usage();
+	share_name = argv[1];
+	mount_point = argv[2];
+	/* add sharename in opts string as unc= parm */
+
+	while ((c = getopt_long (argc, argv, "afFhilL:no:O:rsU:vVwt:",
+			 longopts, NULL)) != -1) {
+		switch (c) {
+/*	case 'a':	       
+		++mount_all;
+		break;
+	case 'f':	       
+		++fake;
+		break;
+	case 'F':
+		++optfork;
+		break; */
+		case 'h':	 /* help */
+			mount_cifs_usage ();
+			break;
+/*	case 'i':
+		external_allowed = 0;
+		break;
+	case 'l':
+		list_with_volumelabel = 1;
+		break;
+	case 'L':
+		volumelabel = optarg;
+		break; */
+	case 'n':
+		++nomtab;
+		break;
+	case 'o':
+		if (orgoptions) {
+			orgoptions = strcat(orgoptions, ",");
+			orgoptions = strcat(orgoptions,optarg);
+		} else
+			orgoptions = strdup(optarg);
+		break;
+
+/*	case 'O':
+		if (test_opts)
+			test_opts = xstrconcat3(test_opts, ",", optarg);
+		else
+			test_opts = xstrdup(optarg);
+		break;*/
+		case 'r':  /* mount readonly */
+			flags |= MS_RDONLY;;
+			break;
+		case 'U':
+			uuid = optarg;
+			break;
+		case 'v':
+			++verboseflag;
+			break;
+/*	case 'V':	   
+		printf ("mount: %s\n", version);
+		exit (0);*/
+		case 'w':
+			flags &= ~MS_RDONLY;;
+			break;
+/*	case 0:
+		break;
+
+	case 128: 
+		mounttype = MS_BIND;
+		break;
+	case 129: 
+		mounttype = MS_REPLACE;
+		break;
+	case 130: 
+		mounttype = MS_AFTER;
+		break;
+	case 131: 
+		mounttype = MS_BEFORE;
+		break;
+	case 132: 
+		mounttype = MS_OVER;
+		break;
+	case 133: 
+		mounttype = MS_MOVE;
+		break;
+	case 135:
+		mounttype = (MS_BIND | MS_REC);
+		break; */
+		case 136:
+			rsize = atoi(optarg) ;
+			break;
+		case 137:
+			wsize = atoi(optarg);
+			break;
+		case 138:
+			uid = atoi(optarg);
+			break;
+		case 139:
+			gid = atoi(optarg);
+			break;
+		case 140:
+			got_user = 1;
+			user_name = optarg;
+			break;
+		case 141:
+			 domain_name = optarg;
+			break;
+		case 142:
+			got_password = 1;
+			 mountpassword = optarg;
+			break;
+		case '?':
+		default:
+			mount_cifs_usage ();
+		}
+	}
+
+	for(i = 0;i < argc;i++)  /* BB remove */
+		printf("\narg %d is %s",i,argv[i]);  /* BB remove */
+	printf("\n");  /* BB removeme */
+
+	/* canonicalize the path in argv[1]? */
+
+	if(stat (mount_point, &statbuf)) {
+		printf("mount error: mount point %s does not exist\n",mount_point);
+		return -1;
+	}
+	if (S_ISDIR(statbuf.st_mode) == 0) {
+		printf("mount error: mount point %s is not a directory\n",mount_point);
+		return -1;
+	}
+
+	if(geteuid()) {
+		printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n"); 
+		return -1;
+	}
+
+	ipaddr = parse_server(share_name);
+/*	if(share_name == NULL)
+		return 1; */
+	parse_options(orgoptions);
+
+	if(got_user == 0)
+		user_name = getusername();
+       
+/*	check username for user%password format */
+
+	if(got_password == 0) {
+		if (getenv("PASSWD")) {
+			mountpassword = malloc(33);
+			if(mountpassword) {
+				strncpy(mountpassword,getenv("PASSWD"),32);
+				got_password = 1;
+			}
+/*		} else if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
+			get_password_file();
+			got_password = 1;*/ /* BB add missing function */
+		} else {
+			mountpassword = getpass("Password: "); /* BB obsolete */
+			got_password = 1;
+		}
+	}
+
+	/* launch daemon (handles dfs name resolution and credential change) */
+	if(orgoptions)
+		optlen = strlen(orgoptions);
+	else
+		optlen = 0;
+	options = malloc(optlen + 25 + strlen(share_name) + strlen(user_name)
+			+ strlen(ipaddr) + 1);
+	strcpy(options,"unc=");
+	strcat(options,share_name);
+	strncat(options,",ip=",4);
+	strcat(options,ipaddr);
+	strncat(options,",user=",6);
+	strcat(options,user_name);
+	strncat(options,",pass=",6);
+	strcat(options,mountpassword);
+	strncat(options,",ver=",5);
+	strcat(options,MOUNT_CIFS_VERSION);
+	if(optlen)
+		strcat(options,orgoptions);
+	printf("\noptions %s \n",options);
+	if(mount(share_name, mount_point, "cifs", flags, options)) {
+	/* remember to kill daemon on error */
+		switch (errno) {
+		case 0:
+			printf(" success\n"); /* BB removeme */
+			return 0;
+		case ENODEV:
+			printf("mount error: cifs filesystem not supported by the system\n");
+			break;
+		default:
+			printf("mount error %d = %s",errno,strerror(errno));
+		}
+		printf("\nRefer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n");
+		return -1;
+	} else
+		printf(" mount succeeded\n"); /* BB removeme */
+}
+
-- 
cgit 


From eed8772da109ecc6e9f35fd27b719795b28a47fb Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 7 Mar 2003 23:34:55 +0000
Subject: Use ERROR_NT, not ERROR_DOS as Andrew Bartlett pointed out. Jeremy.
 (This used to be commit c0930e6d15eb68f06453d9b67142ccd7fb1370a0)

---
 source3/smbd/ipc.c     | 2 +-
 source3/smbd/nttrans.c | 2 +-
 source3/smbd/trans2.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 67c5da01f3..da30ec7440 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -566,5 +566,5 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 	SAFE_FREE(params);
 	SAFE_FREE(setup);
 	END_PROFILE(SMBtrans);
-	return ERROR_DOS(ERRDOS,ERRinvalidparam);
+	return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 }
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 375c6c44f6..e6884cbb1e 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1990,5 +1990,5 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
 	SAFE_FREE(data);
 	SAFE_FREE(setup);
 	END_PROFILE(SMBnttrans);
-	return ERROR_DOS(ERRDOS,ERRinvalidparam);
+	return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 }
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index d57a29ff77..bea09e9e37 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3372,5 +3372,5 @@ int reply_trans2(connection_struct *conn,
 	SAFE_FREE(params);
 	SAFE_FREE(data);
 	END_PROFILE(SMBtrans2);
-	return ERROR_DOS(ERRDOS,ERRinvalidparam);
+	return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 }
-- 
cgit 


From 64e49aa3c5392fd0ba5fc33ea21eff87c548995e Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Fri, 7 Mar 2003 23:47:59 +0000
Subject: initial work for the new idmpa interface (This used to be commit
 8338e74ac4e5f31150c96f459a67e52090dc6013)

---
 source3/include/idmap.h |  49 ++++++++++++++++
 source3/sam/idmap.c     | 145 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 194 insertions(+)
 create mode 100644 source3/include/idmap.h
 create mode 100644 source3/sam/idmap.c

diff --git a/source3/include/idmap.h b/source3/include/idmap.h
new file mode 100644
index 0000000000..0d358d3fbe
--- /dev/null
+++ b/source3/include/idmap.h
@@ -0,0 +1,49 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Idmap headers
+
+   Copyright (C) Anthony Liguori 2003
+   Copyright (C) Simo Sorce 2003
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#define ID_USERID	1
+#define ID_GROUPID	2
+#define ID_OTHER	3
+
+typedef union id_t {
+	uid_t uid;
+	gid_t gid;
+} id_t;
+
+/* Filled out by IDMAP backends */
+struct idmap_methods {
+
+	/* Called when backend is first loaded */
+	NTSTATUS (*init)(void);
+
+	NTSTATUS (*get_sid_from_id)(DOM_SID *sid, id_t id, int id_type);
+	NTSTATUS (*get_id_from_sid)(id_t *id, int *id_type, DOM_SID *sid);
+
+	/* Called when backend is unloaded */
+	NTSTATUS (*close)(void);
+
+	/* Called to dump backend status */
+	void (*status)(void);
+};
+
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c
new file mode 100644
index 0000000000..617cbc9d28
--- /dev/null
+++ b/source3/sam/idmap.c
@@ -0,0 +1,145 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Winbind ID Mapping
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Anthony Liguori <aliguor@us.ibm.com>	2003
+   Copyright (C) Simo Sorce 2003
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "idmap.h"
+
+static struct {
+
+	const char *name;
+	/* Function to create a member of the idmap_methods list */
+	NTSTATUS (*reg_meth)(struct idmap_methods **methods);
+	struct idmap_methods *methods;
+} builtin_idmap_functions[] = {
+	{ "tdb", idmap_reg_tdb, NULL },
+	/* { "ldap", idmap_reg_ldap, NULL },*/
+	{ NULL, NULL, NULL }
+};
+
+/* singleton pattern: uberlazy evaluation */
+static struct idmap_methods *impl;
+
+static struct idmap_methods *get_impl(const char *name)
+{
+	int i = 0;
+	struct idmap_methods *ret = NULL;
+
+	while (builtin_idmap_functions[i].name && strcmp(builtin_idmap_functions[i].name, name)) {
+		i++;
+	}
+
+	if (builtin_idmap_functions[i].name) {
+
+		if (!builtin_idmap_functions[i].methods) {
+			builtin_idmap_functions[i].reg_meth(&builtin_idmap_functions[i].methods);
+		}
+
+		ret = builtin_idmap_functions[i].methods;
+	}
+
+	return ret;
+}
+
+/* Load idmap backend functions */
+BOOL set_impl(void)
+{
+	if (!impl) {
+		DEBUG(3, ("idmap_init: using '%s' as backend\n", lp_idmap_backend()));
+		
+		impl = get_impl(lp_idmap_backend());
+		if (!impl) {
+			DEBUG(0, ("set_impl: could not load backend '%s'\n", lp_idmap_backend()));
+			return False;
+		}
+	}
+	return True;
+}
+
+/* Initialize backend */
+NTSTATUS idmap_init(void)
+{
+	NTSTATUS ret;
+
+	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
+
+	ret = impl->init();
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(3, ("idmap_init: init failed!\n"));
+	}
+
+	return ret;
+}
+
+/* Get ID from SID */
+NTSTATUS idmap_get_id_from_sid(id_t *id, int *id_type, DOM_SID *sid)
+{
+	NTSTATUS ret;
+
+	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
+
+	ret = impl->get_id_from_sid(id, id_type, sid);
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n"));
+	}
+
+	return ret;
+}
+
+/* Get SID from ID */
+NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, id_t id, int id_type)
+{
+	NTSTATUS ret;
+
+	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
+
+	ret = impl->get_sid_from_id(sid, id, id_type);
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(3, ("idmap_get_sid_from_id: error fetching sid!\n"));
+	}
+
+	return ret;
+}
+
+
+/* Close backend */
+NTSTATUS idmap_close(void)
+{
+	NTSTATUS ret;
+
+	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
+
+	ret = impl->close();
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG(3, ("idmap_close: close failed!\n"));
+	}
+
+	return ret;
+}
+
+/* Dump backend status */
+void idmap_status(void)
+{
+	if (!set_impl()) return;
+
+	impl->status();
+}
+
-- 
cgit 


From 4a1d2ddd48c1c06b1874ff473275d22a0038c2c8 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sat, 8 Mar 2003 00:49:18 +0000
Subject: some more code (not tested yet) (This used to be commit
 0d6cec90c13731827abcbc61974efc993e794003)

---
 source3/include/debug.h |   1 +
 source3/include/idmap.h |   1 +
 source3/sam/idmap.c     |   3 +
 source3/sam/idmap_tdb.c | 469 ++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 474 insertions(+)
 create mode 100644 source3/sam/idmap_tdb.c

diff --git a/source3/include/debug.h b/source3/include/debug.h
index d4f45539f4..70f9f7706d 100644
--- a/source3/include/debug.h
+++ b/source3/include/debug.h
@@ -88,6 +88,7 @@ extern int DEBUGLEVEL;
 #define DBGC_AUTH		10
 #define DBGC_WINBIND		11
 #define DBGC_VFS		12
+#define DBGC_IDMAP		13
 
 /* So you can define DBGC_CLASS before including debug.h */
 #ifndef DBGC_CLASS
diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 0d358d3fbe..5a1f4fafc3 100644
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -22,6 +22,7 @@
    Boston, MA  02111-1307, USA.   
 */
 
+#define	ID_EMPTY	0
 #define ID_USERID	1
 #define ID_GROUPID	2
 #define ID_OTHER	3
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c
index 617cbc9d28..96638b4723 100644
--- a/source3/sam/idmap.c
+++ b/source3/sam/idmap.c
@@ -23,6 +23,9 @@
 #include "includes.h"
 #include "idmap.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_IDMAP
+
 static struct {
 
 	const char *name;
diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c
new file mode 100644
index 0000000000..3aaab3ac42
--- /dev/null
+++ b/source3/sam/idmap_tdb.c
@@ -0,0 +1,469 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   idmap TDB backend
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Anthony Liguori 2003
+   Copyright (C) Simo Sorce 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "idmap.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_IDMAP
+
+/* High water mark keys */
+#define HWM_GROUP  "GROUP HWM"
+#define HWM_USER   "USER HWM"
+
+/* idmap version determines auto-conversion */
+#define IDMAP_VERSION 2
+
+/* Globals */
+static TDB_CONTEXT *idmap_tdb;
+
+/* FIXME: let handle conversions when all things work ok.
+	  I think it is better to handle the conversion at
+	  upgrade time and leave the old db intact.
+	  That would also make easier to go back to 2.2 if needed
+	  ---SSS */
+#if 0
+
+/* convert one record to the new format */
+static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data,
+			  void *ignored)
+{
+	struct winbindd_domain *domain;
+	char *p;
+	DOM_SID sid;
+	uint32 rid;
+	fstring keystr;
+	fstring dom_name;
+	TDB_DATA key2;
+
+	p = strchr(key.dptr, '/');
+	if (!p)
+		return 0;
+
+	*p = 0;
+	fstrcpy(dom_name, key.dptr);
+	*p++ = '/';
+
+	domain = find_domain_from_name(dom_name);
+	if (!domain) {
+		/* We must delete the old record. */
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : Unable to find domain %s\n",
+		       dom_name));
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : deleting record %s\n",
+		       key.dptr));
+		tdb_delete(idmap_tdb, key);
+		return 0;
+	}
+
+	rid = atoi(p);
+
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+
+	sid_to_string(keystr, &sid);
+	key2.dptr = keystr;
+	key2.dsize = strlen(keystr) + 1;
+
+	if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) {
+		/* not good! */
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : Unable to update record %s\n",
+		       key2.dptr));
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
+		return -1;
+	}
+
+	if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) {
+		/* not good! */
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : Unable to update record %s\n",
+		       data.dptr));
+		DEBUG(0,
+		      ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
+		return -1;
+	}
+
+	tdb_delete(idmap_tdb, key);
+
+	return 0;
+}
+
+/*****************************************************************************
+ Convert the idmap database from an older version.
+*****************************************************************************/
+static BOOL tdb_idmap_convert(const char *idmap_name)
+{
+	int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
+	BOOL bigendianheader =
+	    (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False;
+
+	if (vers == IDMAP_VERSION)
+		return True;
+
+	if (((vers == -1) && bigendianheader)
+	    || (IREV(vers) == IDMAP_VERSION)) {
+		/* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
+		/*
+		 * high and low records were created on a
+		 * big endian machine and will need byte-reversing.
+		 */
+
+		int32 wm;
+
+		wm = tdb_fetch_int32(idmap_tdb, HWM_USER);
+
+		if (wm != -1) {
+			wm = IREV(wm);
+		} else
+			wm = server_state.uid_low;
+
+		if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) {
+			DEBUG(0,
+			      ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n"));
+			return False;
+		}
+
+		wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP);
+		if (wm != -1) {
+			wm = IREV(wm);
+		} else
+			wm = server_state.gid_low;
+
+		if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) {
+			DEBUG(0,
+			      ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+			return False;
+		}
+	}
+
+	/* the old format stored as DOMAIN/rid - now we store the SID direct */
+	tdb_traverse(idmap_tdb, tdb_convert_fn, NULL);
+
+	if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) ==
+	    -1) {
+		DEBUG(0,
+		      ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+		return False;
+	}
+
+	return True;
+}
+#endif
+
+/* Allocate either a user or group id from the pool */
+static NTSTATUS tdb_allocate_id(id_t *id, int id_type)
+{
+	int hwm;
+
+	if (!id) return NT_STATUS_INVALID_PARAMETER;
+
+	/* Get current high water mark */
+	switch (id_type) {
+		case ID_USERID:
+			if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
+				return NT_STATUS_INTERNAL_DB_ERROR;
+			}
+
+			if (hwm > server_state.uid_high) {
+				DEBUG(0, ("idmap Fatal Error: UID range full!!\n"));
+				return NT_STATUS_UNSUCCESSFUL;
+			}
+
+			*id.uid = hwm++;
+
+			/* Store new high water mark */
+			tdb_store_int32(idmap_tdb, HWM_USER, hwm);
+			break;
+		case ID_GROUPID:
+			if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
+				return NT_STATUS_INTERNAL_DB_ERROR;
+			}
+
+			if (hwm > server_state.gid_high) {
+				DEBUG(0, ("idmap Fatal Error: GID range full!!\n"));
+				return NT_STATUS_UNSUCCESSFUL;
+			}
+
+			*id.gid = hwm++;
+			
+			/* Store new high water mark */
+			tdb_store_int32(idmap_tdb, HWM_GROUP, hwm);
+			break;
+		default:
+			return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Get a sid from an id */
+static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, id_t id, int id_type)
+{
+	TDB_DATA key, data;
+	fstring keystr;
+	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+	if (!sid) return NT_STATUS_INVALID_PARAMETER;
+
+	switch (id_type) {
+		case ID_USERID:
+		slprintf(keystr, sizeof(keystr), "UID %d", id.uid);
+		break;
+		case ID_GROUPID:
+		slprintf(keystr, sizeof(keystr), "GID %d", id.gid);
+		break;
+		default:
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
+	data = tdb_fetch(idmap_tdb, key);
+
+	if (data.dptr) {
+		if (string_to_sid(sid, data.dptr)) {
+			ret = NT_STATUS_OK;
+		}
+		SAFE_FREE(data.dptr);
+	}
+
+	return ret;
+}
+
+/* Get an id from a sid */
+static NTSTATUS tdb_get_id_from_sid(id_t *id, int *id_type, DOM_SID *sid)
+{
+	TDB_DATA data, key;
+	fstring keystr;
+	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+	if (!sid || !id || !id_type) return NT_STATUS_INVALID_PARAMETER;
+
+	/* Check if sid is present in database */
+	sid_to_string(keystr, sid);
+
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
+	data = tdb_fetch(idmap_tdb, key);
+
+	if (data.dptr) {
+		fstring scanstr;
+
+		if (*id_type == ID_EMPTY || *id_type == ID_USERID) {
+			/* Parse and return existing uid */
+			fstrcpy(scanstr, "UID %d");
+
+			if (sscanf(data.dptr, scanstr, *id.uid) == 1) {
+				/* uid ok? */
+				if (*id_type == ID_EMPTY) {
+					*id_type = ID_USERID;
+				}
+				ret = NT_STATUS_OK;
+				goto idok;
+			}
+		}
+
+		if (*id_type == ID_EMPTY || *id_type == ID_GROUPID) {
+			/* Parse and return existing gid */
+			fstrcpy(scanstr, "GID %d");
+
+			if (sscanf(data.dptr, scanstr, *id.gid) == 1) {
+				/* gid ok? */
+				if (*id_type == ID_EMPTY) {
+					*id_type = ID_GROUPID;
+				}
+				ret = NT_STATUS_OK;
+			}
+		}
+idok:
+		SAFE_FREE(data.dptr);
+
+	} else if (*id_type == ID_USERID || *id_type == ID_GROUPID) {
+
+		/* Allocate a new id for this sid */
+		ret = tdb_allocate_id(id, id_type);
+		if (NT_STATUS_IS_OK(ret)) {
+			fstring keystr2;
+
+			/* Store new id */
+			slprintf(keystr2, sizeof(keystr2), "%s %d",
+				 *id_type ? "GID" : "UID", *id);
+
+			data.dptr = keystr2;
+			data.dsize = strlen(keystr2) + 1;
+
+			if (tdb_store(idmap_tdb, key, data, TDB_INSERT) == -1)
+				return NT_STATUS_UNSUCCESSFUL;
+			if (tdb_store(idmap_tdb, data, key, TDB_INSERT) == -1)
+				return NT_STATUS_UNSUCCESSFUL;
+
+			ret = NT_STATUS_OK;
+		}
+	}
+
+	return ret;
+}
+
+/*****************************************************************************
+ Initialise idmap database. 
+*****************************************************************************/
+static NTSTATUS tdb_idmap_init(void)
+{
+	/* Open tdb cache */
+	if (!(idmap_tdb = tdb_open_log(lock_path("idmap.tdb"), 0,
+				       TDB_DEFAULT, O_RDWR | O_CREAT,
+				       0600))) {
+		DEBUG(0, ("idmap_init: Unable to open idmap database\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+#if 0
+	/* possibly convert from an earlier version */
+	if (!tdb_idmap_convert(lock_path("winbind_idmap.tdb"))) {
+		DEBUG(0,
+		      ("idmap_init: Unable to open old idmap database\n"));
+		return False;
+	}
+#endif
+
+	/* Create high water marks for group and user id */
+	if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
+		if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) {
+			DEBUG(0, ("idmap_init: Unable to initialise user hwm in idmap database\n"));
+			return NT_STATUS_INTERNAL_DB_ERROR;
+		}
+	}
+
+	if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
+		if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) {
+			DEBUG(0, ("idmap_init: Unable to initialise group hwm in idmap database\n"));
+			return NT_STATUS_INTERNAL_DB_ERROR;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Close the tdb */
+static NTSTATUS tdb_idmap_close(void)
+{
+	if (idmap_tdb)
+		if (tdb_close(idmap_tdb) == 0)
+			return NT_STATUS_OK;
+		else
+			retrun NT_STATUS_UNSUCCESSFUL;
+	return NT_STATUS_OK;
+}
+
+
+/* Dump status information to log file.  Display different stuff based on
+   the debug level:
+
+   Debug Level        Information Displayed
+   =================================================================
+   0                  Percentage of [ug]id range allocated
+   0                  High water marks (next allocated ids)
+*/
+
+#define DUMP_INFO 0
+
+static void tdb_idmap_status(void)
+{
+	int user_hwm, group_hwm;
+
+	DEBUG(0, ("winbindd idmap status:\n"));
+
+	/* Get current high water marks */
+
+	if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tCould not get userid high water mark!\n"));
+	}
+
+	if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tCould not get groupid high water mark!\n"));
+	}
+
+	/* Display next ids to allocate */
+
+	if (user_hwm != -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tNext userid to allocate is %d\n", user_hwm));
+	}
+
+	if (group_hwm != -1) {
+		DEBUG(DUMP_INFO,
+		      ("\tNext groupid to allocate is %d\n", group_hwm));
+	}
+
+	/* Display percentage of id range already allocated. */
+
+	if (user_hwm != -1) {
+		int num_users = user_hwm - server_state.uid_low;
+		int total_users =
+		    server_state.uid_high - server_state.uid_low;
+
+		DEBUG(DUMP_INFO,
+		      ("\tUser id range is %d%% full (%d of %d)\n",
+		       num_users * 100 / total_users, num_users,
+		       total_users));
+	}
+
+	if (group_hwm != -1) {
+		int num_groups = group_hwm - server_state.gid_low;
+		int total_groups =
+		    server_state.gid_high - server_state.gid_low;
+
+		DEBUG(DUMP_INFO,
+		      ("\tGroup id range is %d%% full (%d of %d)\n",
+		       num_groups * 100 / total_groups, num_groups,
+		       total_groups));
+	}
+
+	/* Display complete mapping of users and groups to rids */
+}
+
+struct idmap_methods tdb_idmap_methods = {
+
+	tdb_idmap_init,
+	tdb_get_sid_from_id,
+	tdb_get_id_from_sid,
+	tdb_idmap_close,
+	tdb_idmap_status
+
+};
+
+NTSTATUS idmap_reg_tdb(struct idmap_methods **meth)
+{
+	*meth = &tdb_idmap_methods;
+
+	return NTSTATUS_OK;
+}
+
-- 
cgit 


From 7b2409214febbf7deaec434df50e7b090905e7f1 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 8 Mar 2003 01:16:30 +0000
Subject: Fix typo in earlier fix, caught by Ranjit @ HP. Jeremy. (This used to
 be commit 13ab94fa73dbaf54da0169bbcf4d027d5c07d207)

---
 source3/smbd/nttrans.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index e6884cbb1e..6d9c649045 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1871,7 +1871,7 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
 
 			data_count = IVAL(inbuf, smb_nts_DataCount);
 			data_displacement = IVAL(inbuf, smb_nts_DataDisplacement);
-			data_offset = IVAL(inbuf, smb_nts_DataDisplacement);
+			data_offset = IVAL(inbuf, smb_nts_DataOffset);
 			num_data_sofar += data_count;
 
 			if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) {
-- 
cgit 


From bbf8961b284a877b5cfa4101e0fd677664a867f1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 8 Mar 2003 05:18:08 +0000
Subject: Make it clear that this is a fstrcpy(). (This used to be commit
 c2a266b7b661d319e13982bfdbc3a86e8502b8a4)

---
 source3/libsmb/clientgen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 9598f4ac96..6ef7a7bd9c 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -200,8 +200,8 @@ void cli_setup_bcc(struct cli_state *cli, void *p)
 void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr)
 {
         /* copy_nt_creds(&cli->usr, usr); */
-	safe_strcpy(cli->domain   , usr->domain   , sizeof(usr->domain   )-1);
-	safe_strcpy(cli->user_name, usr->user_name, sizeof(usr->user_name)-1);
+	fstrcpy(cli->domain   , usr->domain);
+	fstrcpy(cli->user_name, usr->user_name);
 	memcpy(&cli->pwd, &usr->pwd, sizeof(usr->pwd));
         cli->ntlmssp_flags = usr->ntlmssp_flags;
         cli->ntlmssp_cli_flgs = usr != NULL ? usr->ntlmssp_flags : 0;
-- 
cgit 


From 01289b14a7cbe0e1a1e135349037b0e7ba5fe70b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 8 Mar 2003 10:22:50 +0000
Subject: Make sure that the 'remote' machine name can only be set once.  For
 some weird reason, during a Win2003 installation, when you select 'domain
 join' it sends one machine name in the name exchange, and litraly
 'machinename' during the NTLMSSP login.

Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.

(This helps me, by seperating the logs by pid).

Andrew Bartlett
(This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
---
 source3/auth/auth_ntlmssp.c |  2 +-
 source3/client/smbmount.c   |  2 +-
 source3/lib/substitute.c    | 31 +++++++++++++++++++++++++++++--
 source3/nmbd/nmbd.c         |  2 +-
 source3/nsswitch/winbindd.c | 11 ++---------
 source3/smbd/reply.c        |  4 ++--
 source3/smbd/server.c       |  4 ++--
 source3/wrepld/server.c     |  2 +-
 8 files changed, 39 insertions(+), 19 deletions(-)

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index d32d248296..a381219d74 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -50,7 +50,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state)
 	/* the client has given us its machine name (which we otherwise would not get on port 445).
 	   we need to possibly reload smb.conf if smb.conf includes depend on the machine name */
 
-	set_remote_machine_name(auth_ntlmssp_state->ntlmssp_state->workstation);
+	set_remote_machine_name(auth_ntlmssp_state->ntlmssp_state->workstation, True);
 
 	/* setup the string used by %U */
 	/* sub_set_smb_name checks for weird internally */
diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
index e2372d02b4..98302485e4 100644
--- a/source3/client/smbmount.c
+++ b/source3/client/smbmount.c
@@ -398,7 +398,7 @@ static void send_fs_socket(char *the_service, char *mount_point, struct cli_stat
 			}
 
 			/* here we are no longer interactive */
-			set_remote_machine_name("smbmount");	/* sneaky ... */
+			set_remote_machine_name("smbmount", False);	/* sneaky ... */
 			setup_logging("mount.smbfs", False);
 			reopen_logs();
 			DEBUG(0, ("mount.smbfs: entering daemon mode for service %s, pid=%d\n", the_service, sys_getpid()));
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 2d1b2ab1fa..1e3f51e2d8 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -29,9 +29,20 @@ fstring remote_proto="UNKNOWN";
 static fstring remote_machine;
 static fstring smb_user_name;
 
+/** 
+ * Set the 'local' machine name
+ * @param local_name the name we are being called
+ * @param if this is the 'final' name for us, not be be changed again
+ */
 
-void set_local_machine_name(const char* local_name)
+void set_local_machine_name(const char* local_name, BOOL perm)
 {
+	static BOOL already_perm = False;
+	if (already_perm)
+		return;
+
+	already_perm = perm;
+
 	fstring tmp_local_machine;
 
 	fstrcpy(tmp_local_machine,local_name);
@@ -40,8 +51,20 @@ void set_local_machine_name(const char* local_name)
 	alpha_strcpy(local_machine,tmp_local_machine,SAFE_NETBIOS_CHARS,sizeof(local_machine)-1);
 }
 
-void set_remote_machine_name(const char* remote_name)
+/** 
+ * Set the 'remote' machine name
+ * @param remote_name the name our client wants to be called by
+ * @param if this is the 'final' name for them, not be be changed again
+ */
+
+void set_remote_machine_name(const char* remote_name, BOOL perm)
 {
+	static BOOL already_perm = False;
+	if (already_perm)
+		return;
+
+	already_perm = perm;
+
 	fstring tmp_remote_machine;
 
 	fstrcpy(tmp_remote_machine,remote_name);
@@ -57,6 +80,10 @@ const char* get_remote_machine_name(void)
 
 const char* get_local_machine_name(void) 
 {
+	if (!*local_machine) {
+		return global_myname();
+	}
+
 	return local_machine;
 }
 
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 2b7d8033a2..fc08645f1d 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -292,7 +292,7 @@ static BOOL reload_nmbd_services(BOOL test)
 {
 	BOOL ret;
 
-	set_remote_machine_name("nmbd");
+	set_remote_machine_name("nmbd", False);
 
 	if ( lp_loaded() ) {
 		pstring fname;
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index ad37768c09..921f7d2864 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -43,15 +43,9 @@ static BOOL reload_services_file(BOOL test)
 		}
 	}
 
-	snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
-	lp_set_logfile(logfile);
-
 	reopen_logs();
 	ret = lp_load(dyn_CONFIGFILE,False,False,True);
 
-	snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
-	lp_set_logfile(logfile);
-
 	reopen_logs();
 	load_interfaces();
 
@@ -823,13 +817,12 @@ static void usage(void)
 
 	fault_setup((void (*)(void *))fault_quit );
 
-	snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
-	lp_set_logfile(logfile);
-
 	/* Initialise for running in non-root mode */
 
 	sec_init();
 
+	set_remote_machine_name("winbindd", False);
+
 	/* Set environment variable so we don't recursively call ourselves.
 	   This may also be useful interactively. */
 
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 71e880476c..fb730bc625 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -87,8 +87,8 @@ int reply_special(char *inbuf,char *outbuf)
 			name2[15] = 0;
 		}
 
-		set_local_machine_name(name1);
-		set_remote_machine_name(name2);
+		set_local_machine_name(name1, True);
+		set_remote_machine_name(name2, True);
 
 		DEBUG(2,("netbios connect: local=%s remote=%s\n",
 			get_local_machine_name(), get_remote_machine_name() ));
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 0bcfcb9c78..aff402df66 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -398,7 +398,7 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_
 				
 				/* this is needed so that we get decent entries
 				   in smbstatus for port 445 connects */
-				set_remote_machine_name(get_socket_addr(smbd_server_fd()));
+				set_remote_machine_name(get_socket_addr(smbd_server_fd()), False);
 				
 				/* Reset global variables in util.c so
 				   that client substitutions will be
@@ -706,7 +706,7 @@ static BOOL init_structs(void )
 
 	load_case_tables();
 
-	set_remote_machine_name("smbd");
+	set_remote_machine_name("smbd", False);
 
 	if (interactive) {
 		Fork = False;
diff --git a/source3/wrepld/server.c b/source3/wrepld/server.c
index 349f2a21ab..31f260e94c 100644
--- a/source3/wrepld/server.c
+++ b/source3/wrepld/server.c
@@ -619,7 +619,7 @@ static void process(void)
 		lp_set_logfile(logfile);
 	}
 
-	set_remote_machine_name("wrepld");
+	set_remote_machine_name("wrepld", False);
 
 	setup_logging(argv[0],log_stdout);
 
-- 
cgit 


From c08c475cf2b287b57779b4bf515cf351ad1f686d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 8 Mar 2003 10:24:48 +0000
Subject: Testparm needs the extra arg to set_local_machine_name() too. (This
 used to be commit 30ba31e6355b5dfb902e42d2b5edc71630db2923)

---
 source3/utils/testparm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index b68deaaa5d..60243b671b 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -227,7 +227,7 @@ int main(int argc, const char *argv[])
 	caddr = poptGetArg(pc);
 	
 	if (new_local_machine) {
-		set_local_machine_name(new_local_machine);
+		set_local_machine_name(new_local_machine, True);
 	}
 
 	dbf = x_stdout;
-- 
cgit 


From 8742d1ff96919151d9745676a447750c11173a7e Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 8 Mar 2003 15:27:54 +0000
Subject: Add notes on increasing performance on AIX, based on an email from
 William Jojo (This used to be commit
 7dc2b10215c2b015a36e78c3b9b8f13cecfdfeba)

---
 docs/docbook/projdoc/Portability.sgml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/docbook/projdoc/Portability.sgml b/docs/docbook/projdoc/Portability.sgml
index afafacc5e4..dae267e8b5 100644
--- a/docs/docbook/projdoc/Portability.sgml
+++ b/docs/docbook/projdoc/Portability.sgml
@@ -175,4 +175,16 @@ Corrective Action:	Delete the entry after the word loopback
 	in the line starting 127.0.0.1
 </para>
 </sect1>
+
+<sect1>
+<title>AIX</title>
+<sect2>
+<title>Sequential Read Ahead</title>
+<!-- From an email by William Jojo <jojowil@hvcc.edu> -->
+<para>
+Disabling Sequential Read Ahead using "vmtune -r 0" improves 
+samba performance significally.
+</para>
+</sect2>
+</sect1>
 </chapter>
-- 
cgit 


From ad2e7324f0feda2a391a21c06f7515ef2a152b7e Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 8 Mar 2003 17:29:00 +0000
Subject: Add Q&A for people having trouble trying to log in without a proper
 samba user database. (This used to be commit
 957c11e40e0aedc24d2dce2aaae9888673d68e01)

---
 docs/docbook/faq/config.sgml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docs/docbook/faq/config.sgml b/docs/docbook/faq/config.sgml
index a95ac84d2f..db27102cdf 100644
--- a/docs/docbook/faq/config.sgml
+++ b/docs/docbook/faq/config.sgml
@@ -8,4 +8,18 @@ When you have a user in 'admin users', samba will always do file operations for
 this user as 'root', even if 'force user' has been set.
 </para>
 </sect1>
+
+<sect1>
+<title>I have just installed samba and I'm trying to log in from Windows, but samba refuses all logins!</title>
+
+<para>
+Newer windows clients(NT4, 2000, XP) send encrypted passwords. Samba can't compare these 
+passwords to the unix password database, so it needs it's own user database. You can 
+add users to this database using "smbpasswd -a user-name".
+</para>
+
+<para>
+See also the "User database" chapter of the samba HOWTO Collection.
+</para>
+</sect1>
 </chapter>
-- 
cgit 


From bebdbcd248ccb3021d0b94f360fc3cf8ba9e90a6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sat, 8 Mar 2003 17:29:40 +0000
Subject: more on idmap two layers structure with - local tdb cache - remote
 idmap repository

compiles
(This used to be commit 8fb4e210bc7564ed491d121c20d598ba0bfbddff)
---
 source3/include/idmap.h |  24 +++++----
 source3/sam/idmap.c     | 134 ++++++++++++++++++++++++++++++++++++------------
 source3/sam/idmap_tdb.c | 127 ++++++++++++++++++++++++++++++++-------------
 3 files changed, 207 insertions(+), 78 deletions(-)

diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 5a1f4fafc3..fd7646a324 100644
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -22,24 +22,30 @@
    Boston, MA  02111-1307, USA.   
 */
 
-#define	ID_EMPTY	0
-#define ID_USERID	1
-#define ID_GROUPID	2
-#define ID_OTHER	3
+#define ID_EMPTY	0x00
+#define ID_USERID	0x01
+#define ID_GROUPID	0x02
+#define ID_OTHER	0x04
 
-typedef union id_t {
+#define ID_TYPEMASK	0x0f
+
+#define ID_NOMAP	0x10
+#define ID_CACHE	0x20
+
+typedef union unid_t {
 	uid_t uid;
 	gid_t gid;
-} id_t;
+} unid_t;
 
 /* Filled out by IDMAP backends */
 struct idmap_methods {
 
 	/* Called when backend is first loaded */
-	NTSTATUS (*init)(void);
+	NTSTATUS (*init)(const char *init_str);
 
-	NTSTATUS (*get_sid_from_id)(DOM_SID *sid, id_t id, int id_type);
-	NTSTATUS (*get_id_from_sid)(id_t *id, int *id_type, DOM_SID *sid);
+	NTSTATUS (*get_sid_from_id)(DOM_SID *sid, unid_t id, int id_type);
+	NTSTATUS (*get_id_from_sid)(unid_t *id, int *id_type, DOM_SID *sid);
+	NTSTATUS (*set_mapping)(DOM_SID *sid, unid_t id, int id_type);
 
 	/* Called when backend is unloaded */
 	NTSTATUS (*close)(void);
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c
index 96638b4723..b18423a13b 100644
--- a/source3/sam/idmap.c
+++ b/source3/sam/idmap.c
@@ -21,7 +21,6 @@
 */
 
 #include "includes.h"
-#include "idmap.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
@@ -32,48 +31,58 @@ static struct {
 	/* Function to create a member of the idmap_methods list */
 	NTSTATUS (*reg_meth)(struct idmap_methods **methods);
 	struct idmap_methods *methods;
-} builtin_idmap_functions[] = {
+
+} remote_idmap_functions[] = {
+
 	{ "tdb", idmap_reg_tdb, NULL },
 	/* { "ldap", idmap_reg_ldap, NULL },*/
 	{ NULL, NULL, NULL }
+
 };
 
-/* singleton pattern: uberlazy evaluation */
-static struct idmap_methods *impl;
+static struct idmap_methods *local_cache;
+static struct idmap_methods *remote_repo;
 
-static struct idmap_methods *get_impl(const char *name)
+static struct idmap_methods *get_methods(const char *name)
 {
 	int i = 0;
 	struct idmap_methods *ret = NULL;
 
-	while (builtin_idmap_functions[i].name && strcmp(builtin_idmap_functions[i].name, name)) {
+	while (remote_idmap_functions[i].name && strcmp(remote_idmap_functions[i].name, name)) {
 		i++;
 	}
 
-	if (builtin_idmap_functions[i].name) {
+	if (remote_idmap_functions[i].name) {
 
-		if (!builtin_idmap_functions[i].methods) {
-			builtin_idmap_functions[i].reg_meth(&builtin_idmap_functions[i].methods);
+		if (!remote_idmap_functions[i].methods) {
+			remote_idmap_functions[i].reg_meth(&remote_idmap_functions[i].methods);
 		}
 
-		ret = builtin_idmap_functions[i].methods;
+		ret = remote_idmap_functions[i].methods;
 	}
 
 	return ret;
 }
 
 /* Load idmap backend functions */
-BOOL set_impl(void)
+BOOL load_methods(void)
 {
-	if (!impl) {
-		DEBUG(3, ("idmap_init: using '%s' as backend\n", lp_idmap_backend()));
+	if (!local_cache) {
+		idmap_reg_tdb(&local_cache);
+	}
+	
+	if (!remote_repo && lp_idmap_backend()) {
+		DEBUG(3, ("load_methods: using '%s' as remote backend\n", lp_idmap_backend()));
 		
-		impl = get_impl(lp_idmap_backend());
-		if (!impl) {
-			DEBUG(0, ("set_impl: could not load backend '%s'\n", lp_idmap_backend()));
+		remote_repo = get_methods(lp_idmap_backend());
+		if (!remote_repo) {
+			DEBUG(0, ("load_methods: could not load remote backend '%s'\n", lp_idmap_backend()));
 			return False;
 		}
 	}
+
+	idmap_init();
+
 	return True;
 }
 
@@ -82,9 +91,7 @@ NTSTATUS idmap_init(void)
 {
 	NTSTATUS ret;
 
-	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
-
-	ret = impl->init();
+	ret = remote_repo->init("idmap.tdb");
 	if (NT_STATUS_IS_ERR(ret)) {
 		DEBUG(3, ("idmap_init: init failed!\n"));
 	}
@@ -92,47 +99,105 @@ NTSTATUS idmap_init(void)
 	return ret;
 }
 
+static NTSTATUS idmap_set_mapping(DOM_SID *sid, unid_t id, int id_type)
+{
+	NTSTATUS ret;
+
+	if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
+
+	ret = local_cache->set_mapping(sid, id, id_type);
+	if (NT_STATUS_IS_ERR(ret)) {
+		DEBUG (0, ("idmap_set_mapping: Error, unable to modify local cache!\n"));
+		return ret;
+	}
+
+	/* Being able to update the remote cache is seldomly right.
+	   Generally this is a forbidden operation. */
+	if (!(id_type & ID_CACHE) && (remote_repo != NULL)) {
+		remote_repo->set_mapping(sid, id, id_type);
+		if (NT_STATUS_IS_ERR(ret)) {
+			DEBUG (0, ("idmap_set_mapping: Error, unable to modify remote cache!\n"));
+		}
+	}
+
+	return ret;
+}
+
 /* Get ID from SID */
-NTSTATUS idmap_get_id_from_sid(id_t *id, int *id_type, DOM_SID *sid)
+NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid)
 {
 	NTSTATUS ret;
+	int loc_type;
 
-	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
+	if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
 
-	ret = impl->get_id_from_sid(id, id_type, sid);
+	loc_type = *id_type;
+	if (remote_repo) { /* We have a central remote idmap */
+		loc_type |= ID_NOMAP;
+	}
+	ret = local_cache->get_id_from_sid(id, &loc_type, sid);
 	if (NT_STATUS_IS_ERR(ret)) {
-		DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n"));
+		if (remote_repo) {
+			ret = remote_repo->get_id_from_sid(id, id_type, sid);
+			if (NT_STATUS_IS_ERR(ret)) {
+				DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n"));
+			} else {
+				loc_type |= ID_CACHE;
+				idmap_set_mapping(sid, *id, loc_type);
+			}
+		}
+	} else {
+		*id_type = loc_type & ID_TYPEMASK;
 	}
 
 	return ret;
 }
 
 /* Get SID from ID */
-NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, id_t id, int id_type)
+NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
 {
 	NTSTATUS ret;
+	int loc_type;
 
-	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
+	if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
 
-	ret = impl->get_sid_from_id(sid, id, id_type);
+	loc_type = id_type;
+	if (remote_repo) {
+		loc_type = id_type | ID_NOMAP;
+	}
+	ret = local_cache->get_sid_from_id(sid, id, loc_type);
 	if (NT_STATUS_IS_ERR(ret)) {
-		DEBUG(3, ("idmap_get_sid_from_id: error fetching sid!\n"));
+		if (remote_repo) {
+			ret = remote_repo->get_sid_from_id(sid, id, id_type);
+			if (NT_STATUS_IS_ERR(ret)) {
+				DEBUG(3, ("idmap_get_sid_from_id: unable to fetch sid!\n"));
+			} else {
+				loc_type |= ID_CACHE;
+				idmap_set_mapping(sid, id, loc_type);
+			}
+		}
 	}
 
 	return ret;
 }
 
-
 /* Close backend */
 NTSTATUS idmap_close(void)
 {
 	NTSTATUS ret;
 
-	if (!set_impl()) return NT_STATUS_UNSUCCESSFUL;
+	if (!load_methods()) return NT_STATUS_UNSUCCESSFUL;
 
-	ret = impl->close();
+	ret = local_cache->close();
 	if (NT_STATUS_IS_ERR(ret)) {
-		DEBUG(3, ("idmap_close: close failed!\n"));
+		DEBUG(3, ("idmap_close: failed to close local cache!\n"));
+	}
+
+	if (remote_repo) {
+		ret = remote_repo->close();
+		if (NT_STATUS_IS_ERR(ret)) {
+			DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n"));
+		}
 	}
 
 	return ret;
@@ -141,8 +206,9 @@ NTSTATUS idmap_close(void)
 /* Dump backend status */
 void idmap_status(void)
 {
-	if (!set_impl()) return;
-
-	impl->status();
+	if (load_methods()) {
+		local_cache->status();
+		remote_repo->status();
+	}
 }
 
diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c
index 3aaab3ac42..4af46ac8d3 100644
--- a/source3/sam/idmap_tdb.c
+++ b/source3/sam/idmap_tdb.c
@@ -23,7 +23,6 @@
 */
 
 #include "includes.h"
-#include "idmap.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
@@ -38,6 +37,15 @@
 /* Globals */
 static TDB_CONTEXT *idmap_tdb;
 
+struct idmap_state {
+
+	/* User and group id pool */
+
+	uid_t uid_low, uid_high;               /* Range of uids to allocate */
+	gid_t gid_low, gid_high;               /* Range of gids to allocate */
+} idmap_state;
+
+
 /* FIXME: let handle conversions when all things work ok.
 	  I think it is better to handle the conversion at
 	  upgrade time and leave the old db intact.
@@ -175,25 +183,25 @@ static BOOL tdb_idmap_convert(const char *idmap_name)
 #endif
 
 /* Allocate either a user or group id from the pool */
-static NTSTATUS tdb_allocate_id(id_t *id, int id_type)
+static NTSTATUS tdb_allocate_id(unid_t *id, int id_type)
 {
 	int hwm;
 
 	if (!id) return NT_STATUS_INVALID_PARAMETER;
 
 	/* Get current high water mark */
-	switch (id_type) {
+	switch (id_type & ID_TYPEMASK) {
 		case ID_USERID:
 			if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
 				return NT_STATUS_INTERNAL_DB_ERROR;
 			}
 
-			if (hwm > server_state.uid_high) {
+			if (hwm > idmap_state.uid_high) {
 				DEBUG(0, ("idmap Fatal Error: UID range full!!\n"));
 				return NT_STATUS_UNSUCCESSFUL;
 			}
 
-			*id.uid = hwm++;
+			(*id).uid = hwm++;
 
 			/* Store new high water mark */
 			tdb_store_int32(idmap_tdb, HWM_USER, hwm);
@@ -203,12 +211,12 @@ static NTSTATUS tdb_allocate_id(id_t *id, int id_type)
 				return NT_STATUS_INTERNAL_DB_ERROR;
 			}
 
-			if (hwm > server_state.gid_high) {
+			if (hwm > idmap_state.gid_high) {
 				DEBUG(0, ("idmap Fatal Error: GID range full!!\n"));
 				return NT_STATUS_UNSUCCESSFUL;
 			}
 
-			*id.gid = hwm++;
+			(*id).gid = hwm++;
 			
 			/* Store new high water mark */
 			tdb_store_int32(idmap_tdb, HWM_GROUP, hwm);
@@ -221,7 +229,7 @@ static NTSTATUS tdb_allocate_id(id_t *id, int id_type)
 }
 
 /* Get a sid from an id */
-static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, id_t id, int id_type)
+static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
 {
 	TDB_DATA key, data;
 	fstring keystr;
@@ -229,7 +237,7 @@ static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, id_t id, int id_type)
 
 	if (!sid) return NT_STATUS_INVALID_PARAMETER;
 
-	switch (id_type) {
+	switch (id_type & ID_TYPEMASK) {
 		case ID_USERID:
 		slprintf(keystr, sizeof(keystr), "UID %d", id.uid);
 		break;
@@ -256,7 +264,7 @@ static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, id_t id, int id_type)
 }
 
 /* Get an id from a sid */
-static NTSTATUS tdb_get_id_from_sid(id_t *id, int *id_type, DOM_SID *sid)
+static NTSTATUS tdb_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid)
 {
 	TDB_DATA data, key;
 	fstring keystr;
@@ -273,15 +281,16 @@ static NTSTATUS tdb_get_id_from_sid(id_t *id, int *id_type, DOM_SID *sid)
 	data = tdb_fetch(idmap_tdb, key);
 
 	if (data.dptr) {
+		int type = *id_type & ID_TYPEMASK;
 		fstring scanstr;
 
-		if (*id_type == ID_EMPTY || *id_type == ID_USERID) {
+		if (type == ID_EMPTY || type == ID_USERID) {
 			/* Parse and return existing uid */
 			fstrcpy(scanstr, "UID %d");
 
-			if (sscanf(data.dptr, scanstr, *id.uid) == 1) {
+			if (sscanf(data.dptr, scanstr, (*id).uid) == 1) {
 				/* uid ok? */
-				if (*id_type == ID_EMPTY) {
+				if (type == ID_EMPTY) {
 					*id_type = ID_USERID;
 				}
 				ret = NT_STATUS_OK;
@@ -289,13 +298,13 @@ static NTSTATUS tdb_get_id_from_sid(id_t *id, int *id_type, DOM_SID *sid)
 			}
 		}
 
-		if (*id_type == ID_EMPTY || *id_type == ID_GROUPID) {
+		if (type == ID_EMPTY || type == ID_GROUPID) {
 			/* Parse and return existing gid */
 			fstrcpy(scanstr, "GID %d");
 
-			if (sscanf(data.dptr, scanstr, *id.gid) == 1) {
+			if (sscanf(data.dptr, scanstr, (*id).gid) == 1) {
 				/* gid ok? */
-				if (*id_type == ID_EMPTY) {
+				if (type == ID_EMPTY) {
 					*id_type = ID_GROUPID;
 				}
 				ret = NT_STATUS_OK;
@@ -304,24 +313,33 @@ static NTSTATUS tdb_get_id_from_sid(id_t *id, int *id_type, DOM_SID *sid)
 idok:
 		SAFE_FREE(data.dptr);
 
-	} else if (*id_type == ID_USERID || *id_type == ID_GROUPID) {
+	} else if (!(*id_type & ID_NOMAP) &&
+		   (((*id_type & ID_TYPEMASK) == ID_USERID)
+		    || (*id_type & ID_TYPEMASK) == ID_GROUPID)) {
 
 		/* Allocate a new id for this sid */
-		ret = tdb_allocate_id(id, id_type);
+		ret = tdb_allocate_id(id, *id_type);
 		if (NT_STATUS_IS_OK(ret)) {
 			fstring keystr2;
 
 			/* Store new id */
-			slprintf(keystr2, sizeof(keystr2), "%s %d",
-				 *id_type ? "GID" : "UID", *id);
+			if (*id_type & ID_USERID) {
+				slprintf(keystr2, sizeof(keystr2), "UID %d", (*id).uid);
+			} else {
+				slprintf(keystr2, sizeof(keystr2), "GID %d", (*id).gid);
+			}
 
 			data.dptr = keystr2;
 			data.dsize = strlen(keystr2) + 1;
 
-			if (tdb_store(idmap_tdb, key, data, TDB_INSERT) == -1)
+			if (tdb_store(idmap_tdb, key, data, TDB_INSERT) == -1) {
+				/* TODO: print tdb error !! */
 				return NT_STATUS_UNSUCCESSFUL;
-			if (tdb_store(idmap_tdb, data, key, TDB_INSERT) == -1)
+			}
+			if (tdb_store(idmap_tdb, data, key, TDB_INSERT) == -1) {
+				/* TODO: print tdb error !! */
 				return NT_STATUS_UNSUCCESSFUL;
+			}
 
 			ret = NT_STATUS_OK;
 		}
@@ -330,13 +348,49 @@ idok:
 	return ret;
 }
 
+static NTSTATUS tdb_set_mapping(DOM_SID *sid, unid_t id, int id_type)
+{
+	TDB_DATA ksid, kid;
+	fstring ksidstr;
+	fstring kidstr;
+
+	if (!sid) return NT_STATUS_INVALID_PARAMETER;
+
+	sid_to_string(ksidstr, sid);
+
+	ksid.dptr = ksidstr;
+	ksid.dsize = strlen(ksidstr) + 1;
+
+	id_type &= ID_TYPEMASK;
+	if (id_type & ID_USERID) {
+		slprintf(kidstr, sizeof(kidstr), "UID %d", id.uid);
+	} else if (id_type & ID_GROUPID) {
+		slprintf(kidstr, sizeof(kidstr), "GID %d", id.gid);
+	} else {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	kid.dptr = kidstr;
+	kid.dsize = strlen(kidstr) + 1;
+
+	if (tdb_store(idmap_tdb, ksid, kid, TDB_INSERT) == -1) {
+		/* TODO: print tdb error !! */
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	if (tdb_store(idmap_tdb, kid, ksid, TDB_INSERT) == -1) {
+		/* TODO: print tdb error !! */
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	return NT_STATUS_OK;
+}
+
 /*****************************************************************************
  Initialise idmap database. 
 *****************************************************************************/
-static NTSTATUS tdb_idmap_init(void)
+static NTSTATUS tdb_idmap_init(const char *db_name)
 {
 	/* Open tdb cache */
-	if (!(idmap_tdb = tdb_open_log(lock_path("idmap.tdb"), 0,
+	if (!(idmap_tdb = tdb_open_log(lock_path(db_name), 0,
 				       TDB_DEFAULT, O_RDWR | O_CREAT,
 				       0600))) {
 		DEBUG(0, ("idmap_init: Unable to open idmap database\n"));
@@ -354,14 +408,14 @@ static NTSTATUS tdb_idmap_init(void)
 
 	/* Create high water marks for group and user id */
 	if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
-		if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) {
+		if (tdb_store_int32(idmap_tdb, HWM_USER, idmap_state.uid_low) == -1) {
 			DEBUG(0, ("idmap_init: Unable to initialise user hwm in idmap database\n"));
 			return NT_STATUS_INTERNAL_DB_ERROR;
 		}
 	}
 
 	if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
-		if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) {
+		if (tdb_store_int32(idmap_tdb, HWM_GROUP, idmap_state.gid_low) == -1) {
 			DEBUG(0, ("idmap_init: Unable to initialise group hwm in idmap database\n"));
 			return NT_STATUS_INTERNAL_DB_ERROR;
 		}
@@ -373,11 +427,13 @@ static NTSTATUS tdb_idmap_init(void)
 /* Close the tdb */
 static NTSTATUS tdb_idmap_close(void)
 {
-	if (idmap_tdb)
-		if (tdb_close(idmap_tdb) == 0)
+	if (idmap_tdb) {
+		if (tdb_close(idmap_tdb) == 0) {
 			return NT_STATUS_OK;
-		else
-			retrun NT_STATUS_UNSUCCESSFUL;
+		} else {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	}
 	return NT_STATUS_OK;
 }
 
@@ -426,9 +482,9 @@ static void tdb_idmap_status(void)
 	/* Display percentage of id range already allocated. */
 
 	if (user_hwm != -1) {
-		int num_users = user_hwm - server_state.uid_low;
+		int num_users = user_hwm - idmap_state.uid_low;
 		int total_users =
-		    server_state.uid_high - server_state.uid_low;
+		    idmap_state.uid_high - idmap_state.uid_low;
 
 		DEBUG(DUMP_INFO,
 		      ("\tUser id range is %d%% full (%d of %d)\n",
@@ -437,9 +493,9 @@ static void tdb_idmap_status(void)
 	}
 
 	if (group_hwm != -1) {
-		int num_groups = group_hwm - server_state.gid_low;
+		int num_groups = group_hwm - idmap_state.gid_low;
 		int total_groups =
-		    server_state.gid_high - server_state.gid_low;
+		    idmap_state.gid_high - idmap_state.gid_low;
 
 		DEBUG(DUMP_INFO,
 		      ("\tGroup id range is %d%% full (%d of %d)\n",
@@ -455,6 +511,7 @@ struct idmap_methods tdb_idmap_methods = {
 	tdb_idmap_init,
 	tdb_get_sid_from_id,
 	tdb_get_id_from_sid,
+	tdb_set_mapping,
 	tdb_idmap_close,
 	tdb_idmap_status
 
@@ -464,6 +521,6 @@ NTSTATUS idmap_reg_tdb(struct idmap_methods **meth)
 {
 	*meth = &tdb_idmap_methods;
 
-	return NTSTATUS_OK;
+	return NT_STATUS_OK;
 }
 
-- 
cgit 


From 8ccff3e99527b7303e75f860e50d74bb83fdfb15 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 8 Mar 2003 23:39:44 +0000
Subject: This is C, not C++ (This used to be commit
 25d210b90b6c0377046d89a1dce7a32f94fd7859)

---
 source3/lib/substitute.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 1e3f51e2d8..ef68bce985 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -38,13 +38,13 @@ static fstring smb_user_name;
 void set_local_machine_name(const char* local_name, BOOL perm)
 {
 	static BOOL already_perm = False;
+	fstring tmp_local_machine;
+
 	if (already_perm)
 		return;
 
 	already_perm = perm;
 
-	fstring tmp_local_machine;
-
 	fstrcpy(tmp_local_machine,local_name);
 	trim_string(tmp_local_machine," "," ");
 	strlower(tmp_local_machine);
@@ -60,13 +60,13 @@ void set_local_machine_name(const char* local_name, BOOL perm)
 void set_remote_machine_name(const char* remote_name, BOOL perm)
 {
 	static BOOL already_perm = False;
+	fstring tmp_remote_machine;
+
 	if (already_perm)
 		return;
 
 	already_perm = perm;
 
-	fstring tmp_remote_machine;
-
 	fstrcpy(tmp_remote_machine,remote_name);
 	trim_string(tmp_remote_machine," "," ");
 	strlower(tmp_remote_machine);
-- 
cgit 


From 6ed674023620cc77e3276561f913b7a62ed26245 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 9 Mar 2003 01:13:41 +0000
Subject: Don't fault on error returns (ptr == 0) for this LSA query.

(for example, query to non-dc)

Andrew Bartlett
(This used to be commit d1dde5f684652f86e63ac6cfa34ff42a680693de)
---
 source3/rpc_parse/parse_lsa.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 53a0fc958d..2753ae524a 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -2219,18 +2219,21 @@ BOOL lsa_io_r_query_info2(const char *desc, LSA_R_QUERY_INFO2 *r_c,
 
 	if(!prs_uint32("ptr", ps, depth, &r_c->ptr))
 		return False;
-	if(!prs_uint16("info_class", ps, depth, &r_c->info_class))
-		return False;
-	switch(r_c->info_class) {
-	case 0x000c:
-		if (!lsa_io_dns_dom_info("info12", &r_c->info.dns_dom_info,
-					 ps, depth))
+
+	if (r_c->ptr != 0) {
+		if(!prs_uint16("info_class", ps, depth, &r_c->info_class))
 			return False;
+		switch(r_c->info_class) {
+		case 0x000c:
+			if (!lsa_io_dns_dom_info("info12", &r_c->info.dns_dom_info,
+						 ps, depth))
+				return False;
 		break;
-	default:
-		DEBUG(0,("lsa_io_r_query_info2: unknown info class %d\n",
-			 r_c->info_class));
-		return False;
+		default:
+			DEBUG(0,("lsa_io_r_query_info2: unknown info class %d\n",
+				 r_c->info_class));
+			return False;
+		}
 	}
 
 	if(!prs_align(ps))
-- 
cgit 


From 2ed7730f2d498a446dc7281e652d02a9dd2d94cf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 9 Mar 2003 09:23:09 +0000
Subject: Change the way we sign SMB packets, to a function pointer interface.

The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)

Andrew Bartlett
(This used to be commit b9cf95c3dc04a45de71fb16e85c1bfbae50e6d8f)
---
 source3/Makefile.in          |   2 +-
 source3/include/client.h     |  13 +-
 source3/libsmb/cliconnect.c  |  47 +------
 source3/libsmb/clientgen.c   |   8 +-
 source3/libsmb/smb_signing.c | 329 +++++++++++++++++++++++++++++++++++++++++++
 source3/libsmb/smbencrypt.c  | 100 +------------
 6 files changed, 346 insertions(+), 153 deletions(-)
 create mode 100644 source3/libsmb/smb_signing.c

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 7de4b0ae8f..23c88d3ab1 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -201,7 +201,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
 	     libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
 	     libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
 	     libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \
-	     libsmb/clistr.o \
+	     libsmb/clistr.o libsmb/smb_signing.o \
              libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
 	     libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
 	     libsmb/passchange.o libsmb/doserr.o \
diff --git a/source3/include/client.h b/source3/include/client.h
index 73e29a1fff..2e6b9337e4 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -58,14 +58,15 @@ struct print_job_info
 };
 
 typedef struct smb_sign_info {
-	BOOL use_smb_signing;
+	void (*sign_outgoing_message)(struct cli_state *cli);
+	BOOL (*check_incoming_message)(struct cli_state *cli);
+	void (*free_signing_context)(struct cli_state *cli);
+	void *signing_context;
+
 	BOOL negotiated_smb_signing;
-	BOOL temp_smb_signing;
-	size_t mac_key_len;
-	uint8 mac_key[64];
-	uint32 send_seq_num;
-	uint32 reply_seq_num;
 	BOOL allow_smb_signing;
+	BOOL doing_signing;
+	BOOL mandetory_signing;
 } smb_sign_info;
 
 struct cli_state {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 49b0004ac2..589c7b36bb 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -228,39 +228,11 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, const char *user,
 	return True;
 }
 
-static void set_signing_on_cli (struct cli_state *cli, uint8 user_session_key[16], DATA_BLOB response) 
-{
-	uint8 zero_sig[8];
-	ZERO_STRUCT(zero_sig);
-
-	DEBUG(5, ("Server returned security sig:\n"));
-	dump_data(5, &cli->inbuf[smb_ss_field], 8);
-
-	if (cli->sign_info.use_smb_signing) {
-		DEBUG(5, ("smb signing already active on connection\n"));
-	} else if (memcmp(&cli->inbuf[smb_ss_field], zero_sig, 8) != 0) {
-
-		DEBUG(3, ("smb signing enabled!\n"));
-		cli->sign_info.use_smb_signing = True;
-		cli_calculate_mac_key(cli, user_session_key, response);
-	} else {
-		DEBUG(5, ("smb signing NOT enabled!\n"));
-	}
-}
-
 static void set_cli_session_key (struct cli_state *cli, DATA_BLOB session_key) 
 {
 	memcpy(cli->user_session_key, session_key.data, MIN(session_key.length, sizeof(cli->user_session_key)));
 }
 
-
-static void set_temp_signing_on_cli(struct cli_state *cli) 
-{
-	if (cli->sign_info.negotiated_smb_signing)
-		cli->sign_info.temp_smb_signing = True;
-}
-
-
 /****************************************************************************
    do a NT1 NTLM/LM encrypted session setup
    @param cli client state to create do session setup on
@@ -310,8 +282,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
 			session_key = data_blob(NULL, 16);
 			SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
 		}
-
-		set_temp_signing_on_cli(cli);
+		cli_simple_set_signing(cli, session_key.data, nt_response); 
 	} else {
 		/* pre-encrypted password supplied.  Only used for 
 		   security=server, can't do
@@ -374,14 +345,14 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
 	if (session_key.data) {
 		/* Have plaintext orginal */
 		set_cli_session_key(cli, session_key);
-		set_signing_on_cli(cli, session_key.data, nt_response);
 	}
 
+	ret = True;
 end:	
 	data_blob_free(&lm_response);
 	data_blob_free(&nt_response);
 	data_blob_free(&session_key);
-	return True;
+	return ret;
 }
 
 /****************************************************************************
@@ -403,8 +374,6 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
 	set_message(cli->outbuf,12,0,True);
 	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
 
-	set_temp_signing_on_cli(cli);
-
 	cli_setup_packet(cli);
 			
 	SCVAL(cli->outbuf,smb_vwv0,0xFF);
@@ -883,11 +852,6 @@ BOOL cli_negprot(struct cli_state *cli)
 	int numprots;
 	int plength;
 
-	if (cli->sign_info.use_smb_signing) {
-		DEBUG(0, ("Cannot send negprot again, particularly after setting up SMB Signing\n"));
-		return False;
-	}
-
 	if (cli->protocol < PROTOCOL_NT1)
 		cli->use_spnego = False;
 
@@ -1013,11 +977,6 @@ BOOL cli_session_request(struct cli_state *cli,
 	if (cli->port == 445)
 		return True;
 
-	if (cli->sign_info.use_smb_signing) {
-		DEBUG(0, ("Cannot send session resquest again, particularly after setting up SMB Signing\n"));
-		return False;
-	}
-
 	/* send a session request (RFC 1002) */
 	/* setup the packet length
          * Remove four bytes from the length count, since the length
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 6ef7a7bd9c..3cae643c38 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -177,9 +177,6 @@ void cli_setup_packet(struct cli_state *cli)
 			flags2 |= FLAGS2_32_BIT_ERROR_CODES;
 		if (cli->use_spnego)
 			flags2 |= FLAGS2_EXTENDED_SECURITY;
-		if (cli->sign_info.use_smb_signing 
-		    || cli->sign_info.temp_smb_signing)
-			flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
 		SSVAL(cli->outbuf,smb_flg2, flags2);
 	}
 }
@@ -262,6 +259,9 @@ struct cli_state *cli_initialise(struct cli_state *cli)
 	if (getenv("CLI_FORCE_DOSERR"))
 		cli->force_dos_errors = True;
 
+	/* initialise signing */
+	cli_null_set_signing(cli);
+
 	if (lp_client_signing()) 
 		cli->sign_info.allow_smb_signing = True;
                                    
@@ -303,6 +303,7 @@ void cli_close_connection(struct cli_state *cli)
 	SAFE_FREE(cli->outbuf);
 	SAFE_FREE(cli->inbuf);
 
+	cli_free_signing_context(cli);
 	data_blob_free(&cli->secblob);
 
 	if (cli->mem_ctx) {
@@ -314,6 +315,7 @@ void cli_close_connection(struct cli_state *cli)
 		close(cli->fd);
 	cli->fd = -1;
 	cli->smb_rw_error = 0;
+
 }
 
 /****************************************************************************
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
new file mode 100644
index 0000000000..b3a6351893
--- /dev/null
+++ b/source3/libsmb/smb_signing.c
@@ -0,0 +1,329 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB Signing Code
+   Copyright (C) Jeremy Allison 2002.
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+struct smb_basic_signing_context {
+	DATA_BLOB mac_key;
+	uint32 send_seq_num;
+	uint32 reply_seq_num;
+};
+
+/***********************************************************
+ SMB signing - Common code before we set a new signing implementation
+************************************************************/
+
+static BOOL set_smb_signing_common(struct cli_state *cli) 
+{
+	if (cli->sign_info.doing_signing) {
+		return False;
+	}
+	
+	if (cli->sign_info.free_signing_context)
+		cli->sign_info.free_signing_context(cli);
+
+	/* These calls are INCONPATIBLE with SMB signing */
+	cli->readbraw_supported = False;
+	cli->writebraw_supported = False;
+	
+	return True;
+}
+
+/***********************************************************
+ SMB signing - Common code for 'real' implementations
+************************************************************/
+
+static BOOL set_smb_signing_real_common(struct cli_state *cli) 
+{
+	if (cli->sign_info.mandetory_signing) {
+		DEBUG(5, ("Mandetory SMB signing enabled!\n"));
+		cli->sign_info.doing_signing = True;
+	}
+
+	DEBUG(5, ("SMB signing enabled!\n"));
+
+	return True;
+}
+
+static void mark_packet_signed(struct cli_state *cli) 
+{
+	uint16 flags2;
+	flags2 = SVAL(cli->outbuf,smb_flg2);
+	flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
+	SSVAL(cli->outbuf,smb_flg2, flags2);
+}
+
+/***********************************************************
+ SMB signing - Simple implementation - calculate a MAC to send.
+************************************************************/
+
+static void cli_simple_sign_outgoing_message(struct cli_state *cli)
+{
+	unsigned char calc_md5_mac[16];
+	struct MD5Context md5_ctx;
+	struct smb_basic_signing_context *data = cli->sign_info.signing_context;
+
+	/*
+	 * Firstly put the sequence number into the first 4 bytes.
+	 * and zero out the next 4 bytes.
+	 */
+	SIVAL(cli->outbuf, smb_ss_field, 
+	      data->send_seq_num);
+	SIVAL(cli->outbuf, smb_ss_field + 4, 0);
+
+	/* mark the packet as signed - BEFORE we sign it...*/
+	mark_packet_signed(cli);
+
+	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+	MD5Init(&md5_ctx);
+	MD5Update(&md5_ctx, data->mac_key.data, 
+		  data->mac_key.length); 
+	MD5Update(&md5_ctx, cli->outbuf + 4, smb_len(cli->outbuf));
+	MD5Final(calc_md5_mac, &md5_ctx);
+
+	DEBUG(10, ("sent SMB signiture of\n"));
+	dump_data(10, calc_md5_mac, 8);
+
+	memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
+
+/*	cli->outbuf[smb_ss_field+2]=0; 
+	Uncomment this to test if the remote server actually verifies signitures...*/
+	data->send_seq_num++;
+	data->reply_seq_num = data->send_seq_num;
+	data->send_seq_num++;
+}
+
+/***********************************************************
+ SMB signing - Simple implementation - check a MAC sent by server.
+************************************************************/
+
+static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
+{
+	BOOL good;
+	unsigned char calc_md5_mac[16];
+	unsigned char server_sent_mac[8];
+	struct MD5Context md5_ctx;
+	struct smb_basic_signing_context *data = cli->sign_info.signing_context;
+
+	/*
+	 * Firstly put the sequence number into the first 4 bytes.
+	 * and zero out the next 4 bytes.
+	 */
+
+	memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
+
+	DEBUG(10, ("got SMB signiture of\n"));
+	dump_data(10, server_sent_mac, 8);
+
+	SIVAL(cli->inbuf, smb_ss_field, data->reply_seq_num);
+	SIVAL(cli->inbuf, smb_ss_field + 4, 0);
+
+	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+	MD5Init(&md5_ctx);
+	MD5Update(&md5_ctx, data->mac_key.data, 
+		  data->mac_key.length); 
+	MD5Update(&md5_ctx, cli->inbuf + 4, smb_len(cli->inbuf));
+	MD5Final(calc_md5_mac, &md5_ctx);
+
+	good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
+	
+	if (good && !cli->sign_info.doing_signing) {
+		cli->sign_info.doing_signing = True;
+	}
+
+	if (!good) {
+		DEBUG(1, ("SMB signiture check failed!\n"));
+	}
+
+	return good;
+}
+
+/***********************************************************
+ SMB signing - Simple implementation - free signing context
+************************************************************/
+
+static void cli_simple_free_signing_context(struct cli_state *cli)
+{
+	struct smb_basic_signing_context *data = cli->sign_info.signing_context;
+
+	data_blob_free(&data->mac_key);
+	SAFE_FREE(cli->sign_info.signing_context);
+
+	return;
+}
+
+/***********************************************************
+ SMB signing - Simple implementation - setup the MAC key.
+************************************************************/
+
+void cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[16], const DATA_BLOB response)
+{
+	struct smb_basic_signing_context *data;
+
+	if (!set_smb_signing_common(cli)) {
+		return;
+	}
+
+	if (!set_smb_signing_real_common(cli)) {
+		return;
+	}
+
+	data = smb_xmalloc(sizeof(*data));
+	cli->sign_info.signing_context = data;
+	
+	data->mac_key = data_blob(NULL, MIN(response.length + 16, 40));
+
+	memcpy(&data->mac_key.data[0], user_session_key, 16);
+	memcpy(&data->mac_key.data[16],response.data, MIN(response.length, 40 - 16));
+
+	/* Initialise the sequence number */
+	data->send_seq_num = 0;
+
+	cli->sign_info.sign_outgoing_message = cli_simple_sign_outgoing_message;
+	cli->sign_info.check_incoming_message = cli_simple_check_incoming_message;
+	cli->sign_info.free_signing_context = cli_simple_free_signing_context;
+}
+
+/***********************************************************
+ SMB signing - NULL implementation - calculate a MAC to send.
+************************************************************/
+
+static void cli_null_sign_outgoing_message(struct cli_state *cli)
+{
+	static uchar zeros[8];
+	memcpy(&cli->outbuf[smb_ss_field], zeros, sizeof(zeros));
+}
+
+/***********************************************************
+ SMB signing - NULL implementation - check a MAC sent by server.
+************************************************************/
+
+static BOOL cli_null_check_incoming_message(struct cli_state *cli)
+{
+	return True;
+}
+
+/***********************************************************
+ SMB signing - NULL implementation - free signing context
+************************************************************/
+
+static void cli_null_free_signing_context(struct cli_state *cli)
+{
+	return;
+}
+
+/***********************************************************
+ SMB signing - NULL implementation - setup the MAC key.
+************************************************************/
+
+void cli_null_set_signing(struct cli_state *cli)
+{
+	struct smb_basic_sign_data *data;
+
+	if (!set_smb_signing_common(cli)) {
+		return;
+	}
+
+	cli->sign_info.signing_context = NULL;
+	
+	cli->sign_info.sign_outgoing_message = cli_null_sign_outgoing_message;
+	cli->sign_info.check_incoming_message = cli_null_check_incoming_message;
+	cli->sign_info.free_signing_context = cli_null_free_signing_context;
+}
+
+/***********************************************************
+ SMB signing - TEMP implementation - calculate a MAC to send.
+************************************************************/
+
+static void cli_temp_sign_outgoing_message(struct cli_state *cli)
+{
+	memcpy(&cli->outbuf[smb_ss_field], "SignRequest", 8);
+	return;
+}
+
+/***********************************************************
+ SMB signing - TEMP implementation - check a MAC sent by server.
+************************************************************/
+
+static BOOL cli_temp_check_incoming_message(struct cli_state *cli)
+{
+	return True;
+}
+
+/***********************************************************
+ SMB signing - TEMP implementation - free signing context
+************************************************************/
+
+static void cli_temp_free_signing_context(struct cli_state *cli)
+{
+	return;
+}
+
+/***********************************************************
+ SMB signing - NULL implementation - setup the MAC key.
+************************************************************/
+
+void cli_temp_set_signing(struct cli_state *cli)
+{
+	if (!set_smb_signing_common(cli)) {
+		return;
+	}
+
+	cli->sign_info.signing_context = NULL;
+	
+	cli->sign_info.sign_outgoing_message = cli_temp_sign_outgoing_message;
+	cli->sign_info.check_incoming_message = cli_temp_check_incoming_message;
+	cli->sign_info.free_signing_context = cli_temp_free_signing_context;
+}
+
+/**
+ *  Free the singing context
+ */
+ 
+void cli_free_signing_context(struct cli_state *cli) 
+{
+	if (cli->sign_info.free_signing_context) 
+		cli->sign_info.free_signing_context(cli);
+
+	cli_null_set_signing(cli);
+}
+
+void cli_caclulate_sign_mac(struct cli_state *cli)
+{
+	cli->sign_info.sign_outgoing_message(cli);
+}
+
+BOOL cli_check_sign_mac(struct cli_state *cli) 
+{
+	BOOL good;
+	good = cli->sign_info.check_incoming_message(cli);
+	
+	if (!good) {
+		if (cli->sign_info.doing_signing) {
+			return False;
+		} else {
+			cli_free_signing_context(cli);	
+		}
+	}
+
+	return True;
+}
+
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index aa9391325f..28160d9609 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -295,7 +295,7 @@ void SMBsesskeygen_ntv1(const uchar kr[16],
 #endif
 }
 
-DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16],
+static DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16],
 				   DATA_BLOB server_chal, size_t client_chal_length)
 {
 	uchar ntlmv2_response[16];
@@ -416,101 +416,3 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
 	
 	return True;
 }
-
-/***********************************************************
- SMB signing - setup the MAC key.
-************************************************************/
-
-void cli_calculate_mac_key(struct cli_state *cli, const uchar user_session_key[16], const DATA_BLOB response)
-{
-	
-	memcpy(&cli->sign_info.mac_key[0], user_session_key, 16);
-	memcpy(&cli->sign_info.mac_key[16],response.data, MIN(response.length, 40 - 16));
-	cli->sign_info.mac_key_len = MIN(response.length + 16, 40);
-	cli->sign_info.use_smb_signing = True;
-
-	/* These calls are INCONPATIBLE with SMB signing */
-	cli->readbraw_supported = False;
-	cli->writebraw_supported = False;
-
-	/* Reset the sequence number in case we had a previous (aborted) attempt */
-	cli->sign_info.send_seq_num = 2;
-}
-
-/***********************************************************
- SMB signing - calculate a MAC to send.
-************************************************************/
-
-void cli_caclulate_sign_mac(struct cli_state *cli)
-{
-	unsigned char calc_md5_mac[16];
-	struct MD5Context md5_ctx;
-
-	if (cli->sign_info.temp_smb_signing) {
-		memcpy(&cli->outbuf[smb_ss_field], "SignRequest", 8);
-		cli->sign_info.temp_smb_signing = False;
-		return;
-	}
-
-	if (!cli->sign_info.use_smb_signing) {
-		return;
-	}
-
-	/*
-	 * Firstly put the sequence number into the first 4 bytes.
-	 * and zero out the next 4 bytes.
-	 */
-	SIVAL(cli->outbuf, smb_ss_field, cli->sign_info.send_seq_num);
-	SIVAL(cli->outbuf, smb_ss_field + 4, 0);
-
-	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
-	MD5Init(&md5_ctx);
-	MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len);
-	MD5Update(&md5_ctx, cli->outbuf + 4, smb_len(cli->outbuf));
-	MD5Final(calc_md5_mac, &md5_ctx);
-
-	memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
-
-/*	cli->outbuf[smb_ss_field+2]=0; 
-	Uncomment this to test if the remote server actually verifies signitures...*/
-	cli->sign_info.send_seq_num++;
-	cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num;
-	cli->sign_info.send_seq_num++;
-}
-
-/***********************************************************
- SMB signing - check a MAC sent by server.
-************************************************************/
-
-BOOL cli_check_sign_mac(struct cli_state *cli)
-{
-	unsigned char calc_md5_mac[16];
-	unsigned char server_sent_mac[8];
-	struct MD5Context md5_ctx;
-
-	if (cli->sign_info.temp_smb_signing) {
-		return True;
-	}
-
-	if (!cli->sign_info.use_smb_signing) {
-		return True;
-	}
-
-	/*
-	 * Firstly put the sequence number into the first 4 bytes.
-	 * and zero out the next 4 bytes.
-	 */
-
-	memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
-
-	SIVAL(cli->inbuf, smb_ss_field, cli->sign_info.reply_seq_num);
-	SIVAL(cli->inbuf, smb_ss_field + 4, 0);
-
-	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
-	MD5Init(&md5_ctx);
-	MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len);
-	MD5Update(&md5_ctx, cli->inbuf + 4, smb_len(cli->inbuf));
-	MD5Final(calc_md5_mac, &md5_ctx);
-
-	return (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
-}
-- 
cgit 


From 6d6be870e369acc432e2e424a88a72148b7d2a75 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 9 Mar 2003 12:08:36 +0000
Subject: Add some printing question & answers (This used to be commit
 998537ca398100974075d11e28d5199997424f15)

---
 docs/docbook/faq/printing.sgml | 16 ++++++++++++++++
 docs/docbook/faq/sambafaq.sgml |  2 ++
 2 files changed, 18 insertions(+)
 create mode 100644 docs/docbook/faq/printing.sgml

diff --git a/docs/docbook/faq/printing.sgml b/docs/docbook/faq/printing.sgml
new file mode 100644
index 0000000000..cc8d210cf9
--- /dev/null
+++ b/docs/docbook/faq/printing.sgml
@@ -0,0 +1,16 @@
+<chapter id="FAQ-Printing">
+<title>Printing problems</title>
+
+<sect1>
+<title>cupsaddsmb fails!</title>
+<para>
+This can have a few causes:
+
+<simplelist>
+<member>Does the user you are trying to add the printer with have the correct rights? Make sure
+this user is listed in 'printer admin = ' in the section [global]</member>
+</simplelist>
+
+</para>
+</sect1>
+</chapter>
diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml
index e9e5ed7a3c..2cc7d466fd 100644
--- a/docs/docbook/faq/sambafaq.sgml
+++ b/docs/docbook/faq/sambafaq.sgml
@@ -5,6 +5,7 @@
 <!ENTITY clientapp SYSTEM "clientapp.sgml">
 <!ENTITY features SYSTEM "features.sgml">
 <!ENTITY config SYSTEM "config.sgml">
+<!ENTITY printing SYSTEM "printing.sgml">
 ]>
 
 <book id="Samba-FAQ">
@@ -34,4 +35,5 @@ and the old samba text documents which were mostly written by John Terpstra.
 &clientapp;
 &errors;
 &features;
+&printing;
 </book>
-- 
cgit 


From 14cf457c567b16cf4a3725d3a3c7527593a4982a Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 9 Mar 2003 16:39:34 +0000
Subject: Add Ronan Waide's info about the setdriver call. (This used to be
 commit ef6cb3ec1aa943d4e52ea08e7b43a47d781d3273)

---
 docs/docbook/faq/printing.sgml | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/docs/docbook/faq/printing.sgml b/docs/docbook/faq/printing.sgml
index cc8d210cf9..cc01a5d3b0 100644
--- a/docs/docbook/faq/printing.sgml
+++ b/docs/docbook/faq/printing.sgml
@@ -1,16 +1,36 @@
 <chapter id="FAQ-Printing">
+<chapterinfo>
+<author>
+	<firstname>Ronan</firstname><surname>Waide</surname>
+</author>
+</chapterinfo>
+
 <title>Printing problems</title>
 
 <sect1>
-<title>cupsaddsmb fails!</title>
+<title>setdriver or cupsaddsmb failes</title>
 <para>
-This can have a few causes:
+setdriver expects the following setup:
 
 <simplelist>
-<member>Does the user you are trying to add the printer with have the correct rights? Make sure
-this user is listed in 'printer admin = ' in the section [global]</member>
+<member>you are a printer admin, or root. this is the smb.conf printer admin group, not the Printer Operators group in NT. I've not tried the latter, but I don't believe it will work based on the current code.</member>
+<member>printer admins has to be defined in [global]</member>
+<member>upload the driver files to \\server\print$\w32x86 and win40 as appropriate. DON'T put them in the 0 or 2 subdirectories.</member>
+<member>Make sure that the user you're connecting as is able to write to the print$ directories</member>
+<member>Use adddriver (with appropriate parameters) to create the driver. note, this will not just update samba's notion of drivers, it will also move the files from the w32x86 and win40 directories to an appropriate subdirectory (based on driver version, I think, but not important enough for me to find out)</member>
+<member>Use setdriver to associate the driver with a printer</member>
 </simplelist>
 
+<para>
+The setdriver call will fail if the printer doesn't already exist in
+samba's view of the world. Either create the printer in cups and
+restart samba, or create an add printer command (see smb.conf doco)
+and use RPC calls to create a printer. NB the add printer command MUST
+return a single line of text indicating which port the printer was
+added on. If it doesn't, Samba won't reload the printer
+definitions. Although samba doesn't really support the notion of
+ports, suitable add printer command and enumport command settings can
+allow you pretty good remote control of the samba printer setup.
 </para>
 </sect1>
 </chapter>
-- 
cgit 


From 2b6a6df0f65caccb31c78008539d24f8c4a2f72a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 9 Mar 2003 21:09:28 +0000
Subject: Try not to clobber the session request. (This used to be commit
 05cffbee56f0556f550b4d14f3111bd7db972621)

---
 source3/libsmb/smb_signing.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index b3a6351893..581d18fef7 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -208,8 +208,10 @@ void cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[
 
 static void cli_null_sign_outgoing_message(struct cli_state *cli)
 {
-	static uchar zeros[8];
-	memcpy(&cli->outbuf[smb_ss_field], zeros, sizeof(zeros));
+	/* we can't zero out the sig, as we might be trying to send a
+	   session request - which is NBT-level, not SMB level and doesn't
+	   have the feild */
+	return;
 }
 
 /***********************************************************
@@ -295,7 +297,7 @@ void cli_temp_set_signing(struct cli_state *cli)
 }
 
 /**
- *  Free the singing context
+ * Free the singing context
  */
  
 void cli_free_signing_context(struct cli_state *cli) 
@@ -306,11 +308,21 @@ void cli_free_signing_context(struct cli_state *cli)
 	cli_null_set_signing(cli);
 }
 
+/**
+ * Sign a packet with the current mechinism
+ */
+ 
 void cli_caclulate_sign_mac(struct cli_state *cli)
 {
 	cli->sign_info.sign_outgoing_message(cli);
 }
 
+/**
+ * Check a packet with the current mechinism
+ * @return False if we had an established signing connection
+ *         which had a back checksum, True otherwise
+ */
+ 
 BOOL cli_check_sign_mac(struct cli_state *cli) 
 {
 	BOOL good;
-- 
cgit 


From cb1de38cfd09bae002b8adf104d92569a9b695bb Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Mon, 10 Mar 2003 00:37:25 +0000
Subject: Check for valgrind.h (This used to be commit
 0ece70d631bf095bf9c8819180b6c59990159cd0)

---
 source3/configure.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/configure.in b/source3/configure.in
index cc38e37f3f..b2cd15b3b3 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -556,6 +556,7 @@ AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h t
 AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
 AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h dlfcn.h)
 AC_CHECK_HEADERS(sys/syslog.h syslog.h)
+AC_CHECK_HEADERS(valgrind.h)
 
 #
 # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
-- 
cgit 


From becf7a099710ba50f4611d0e16151337236b8a93 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Mon, 10 Mar 2003 00:45:28 +0000
Subject: Include valgrind.h if present on the system. (This used to be commit
 65ba78c6bd4c5ab7ec9bf4d15e4410482e82588d)

---
 source3/include/includes.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index b9ba4b84d5..297f38ae97 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -433,6 +433,11 @@
 #include <com_err.h>
 #endif
 
+#if HAVE_VALGRIND_H
+/* Special macros that are no-ops except when run under Valgrind on x86.  */
+#include <valgrind.h>
+#endif
+
 /* we support ADS if we want it and have krb5 and ldap libs */
 #if defined(WITH_ADS) && defined(HAVE_KRB5) && defined(HAVE_LDAP)
 #define HAVE_ADS
-- 
cgit 


From de6b39d898d5fb3106d7ed80249be7f74f83caf6 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Mon, 10 Mar 2003 01:10:45 +0000
Subject: Clobber strings with 0xf1f1f1f1 before writing to them to check
 buffer lengths are correct.  Attempts to pstrcpy into an fstring or allocated
 string should fail in developer builds.

This builds on abartlet's earlier overflow probe for safe_strcpy, but
by clobbering the whole string with a nonzero value is more likely to
find overflows on the stack.

This is only used in -DDEVELOPER mode.

Reviewed by abartlet, tpot.
(This used to be commit 8d915e266cd8ccc8b27e9c7ea8e9d003d05f8182)
---
 source3/lib/util_str.c | 41 +++++++++++++++++++++++++++++++++--------
 1 file changed, 33 insertions(+), 8 deletions(-)

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 070c59c1b2..924cf9d921 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -430,6 +430,27 @@ BOOL str_is_all(const char *s,char c)
 	return True;
 }
 
+
+/**
+ * In developer builds, clobber a region of memory.
+ *
+ * If we think a string buffer is longer than it really is, this ought
+ * to make the failure obvious, by segfaulting (if in the heap) or by
+ * killing the return address (on the stack), or by trapping under a
+ * memory debugger.
+ *
+ * This is meant to catch possible string overflows, even if the
+ * actual string copied is not big enough to cause an overflow.
+ **/
+void clobber_region(char *dest, size_t len)
+{
+#ifdef DEVELOPER
+	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
+	memset(dest, 0xF1, len);
+#endif
+}
+
+
 /**
  Safe string copy into a known length string. maxlength does not
  include the terminating zero.
@@ -444,13 +465,7 @@ char *safe_strcpy(char *dest,const char *src, size_t maxlength)
 		return NULL;
 	}
 
-#ifdef DEVELOPER
-	/* We intentionally write out at the extremity of the destination
-	 * string.  If the destination is too short (e.g. pstrcpy into mallocd
-	 * or fstring) then this should cause an error under a memory
-	 * checker. */
-	dest[maxlength] = '\0';
-#endif
+	clobber_region(dest, maxlength+1);
 
 	if (!src) {
 		*dest = 0;
@@ -490,6 +505,8 @@ char *safe_strcat(char *dest, const char *src, size_t maxlength)
 	src_len = strlen(src);
 	dest_len = strlen(dest);
 
+	clobber_region(dest + dest_len, maxlength + 1 - dest_len);
+	
 	if (src_len + dest_len > maxlength) {
 		DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
 			 (int)(src_len + dest_len - maxlength), src));
@@ -499,7 +516,7 @@ char *safe_strcat(char *dest, const char *src, size_t maxlength)
 		dest[maxlength] = 0;
 		return NULL;
 	}
-	
+
 	memcpy(&dest[dest_len], src, src_len);
 	dest[dest_len + src_len] = 0;
 	return dest;
@@ -516,6 +533,8 @@ char *alpha_strcpy(char *dest, const char *src, const char *other_safe_chars, si
 {
 	size_t len, i;
 
+	clobber_region(dest, maxlength);
+
 	if (!dest) {
 		DEBUG(0,("ERROR: NULL dest in alpha_strcpy\n"));
 		return NULL;
@@ -554,8 +573,12 @@ char *alpha_strcpy(char *dest, const char *src, const char *other_safe_chars, si
 char *StrnCpy(char *dest,const char *src,size_t n)
 {
 	char *d = dest;
+
+	clobber_region(dest, n+1);
+	
 	if (!dest)
 		return(NULL);
+	
 	if (!src) {
 		*dest = 0;
 		return(dest);
@@ -576,6 +599,8 @@ char *strncpyn(char *dest, const char *src, size_t n, char c)
 	char *p;
 	size_t str_len;
 
+	clobber_region(dest, n+1);
+
 	p = strchr_m(src, c);
 	if (p == NULL) {
 		DEBUG(5, ("strncpyn: separator character (%c) not found\n", c));
-- 
cgit 


From e9a94cd2c9cab4518603620259dae44b40d9049e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 10 Mar 2003 02:14:35 +0000
Subject: Further work on NTLMSSP-based SMB signing.  Current status is that I
 cannnot get Win2k to send a valid signiture in it's session setup reply -
 which it will give to win2k clients.

So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree.  It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).

This includes the mysical 'NTLM2' code - I have no idea if it actually works.

(I couldn't get TNG to use it for its pipes either).

Andrew Bartlett
(This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
---
 source3/include/ntlmssp.h     |  23 +++++
 source3/libsmb/cliconnect.c   |  47 ++++++++--
 source3/libsmb/ntlmssp.c      |  37 +++++---
 source3/libsmb/ntlmssp_sign.c | 208 ++++++++++++++++++++++++++++++++++++++++++
 source3/libsmb/smb_signing.c  | 180 ++++++++++++++++++++++++++++++------
 5 files changed, 447 insertions(+), 48 deletions(-)
 create mode 100644 source3/libsmb/ntlmssp_sign.c

diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 4fa4259a6a..f0278ffece 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -92,6 +92,8 @@ typedef struct ntlmssp_state
 typedef struct ntlmssp_client_state 
 {
 	TALLOC_CTX *mem_ctx;
+	unsigned int ref_count;
+
 	BOOL unicode;
 	BOOL use_ntlmv2;
 	char *user;
@@ -102,9 +104,30 @@ typedef struct ntlmssp_client_state
 	const char *(*get_global_myname)(void);
 	const char *(*get_domain)(void);
 
+	DATA_BLOB chal;
+ 	DATA_BLOB lm_resp;
+	DATA_BLOB nt_resp;
 	DATA_BLOB session_key;
 	
 	uint32 neg_flags;
+	
+	/* SMB Signing */
+	
+	uint32 ntlmssp_seq_num;
+
+	/* ntlmv2 */
+	char cli_sign_const[16];
+	char cli_seal_const[16];
+	char srv_sign_const[16];
+	char srv_seal_const[16];
+
+	unsigned char cli_sign_hash[258];
+	unsigned char cli_seal_hash[258];
+	unsigned char srv_sign_hash[258];
+	unsigned char srv_seal_hash[258];
+
+	/* ntlmv1 */
+	unsigned char ntlmssp_hash[258];
 
 } NTLMSSP_CLIENT_STATE;
 
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 589c7b36bb..36b6f609f5 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -356,15 +356,13 @@ end:
 }
 
 /****************************************************************************
- Send a extended security session setup blob, returning a reply blob.
+ Send a extended security session setup blob
 ****************************************************************************/
 
-static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
+static BOOL cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
 {
 	uint32 capabilities = cli_session_setup_capabilities(cli);
 	char *p;
-	DATA_BLOB blob2 = data_blob(NULL, 0);
-	uint32 len;
 
 	capabilities |= CAP_EXTENDED_SECURITY;
 
@@ -389,7 +387,18 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
 	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
 	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
 	cli_setup_bcc(cli, p);
-	cli_send_smb(cli);
+	return cli_send_smb(cli);
+}
+
+/****************************************************************************
+ Send a extended security session setup blob, returning a reply blob.
+****************************************************************************/
+
+static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
+{
+	DATA_BLOB blob2 = data_blob(NULL, 0);
+	char *p;
+	size_t len;
 
 	if (!cli_receive_smb(cli))
 		return blob2;
@@ -418,6 +427,20 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
 	return blob2;
 }
 
+/****************************************************************************
+ Send a extended security session setup blob, returning a reply blob.
+****************************************************************************/
+
+static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
+{
+	DATA_BLOB blob2 = data_blob(NULL, 0);
+	if (!cli_session_setup_blob_send(cli, blob)) {
+		return blob2;
+	}
+		
+	return cli_session_setup_blob_receive(cli);
+}
+
 #ifdef HAVE_KRB5
 /****************************************************************************
  Use in-memory credentials cache
@@ -471,6 +494,8 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
 	DATA_BLOB blob_in = data_blob(NULL, 0);
 	DATA_BLOB blob_out;
 
+	cli_temp_set_signing(cli);
+
 	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
 		return False;
 	}
@@ -501,8 +526,15 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
 			}
 		
 			/* now send that blob on its way */
-			blob = cli_session_setup_blob(cli, msg1);
+			if (!cli_session_setup_blob_send(cli, msg1)) {
+				return False;
+			}
 			data_blob_free(&msg1);
+			
+			cli_ntlmssp_set_signing(cli, ntlmssp_state);
+			
+			blob = cli_session_setup_blob_receive(cli);
+
 			nt_status = cli_nt_error(cli);
 		}
 		
@@ -539,6 +571,9 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
 		set_cli_session_key(cli, ntlmssp_state->session_key);
 	}
 
+	/* we have a reference conter on ntlmssp_state, if we are signing
+	   then the state will be kept by the signing engine */
+
 	if (!NT_STATUS_IS_OK(ntlmssp_client_end(&ntlmssp_state))) {
 		return False;
 	}
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index e1509f6b63..5722b8efcd 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -81,7 +81,7 @@ static const uint8 *get_challenge(struct ntlmssp_state *ntlmssp_state)
 
 /**
  * Determine correct target name flags for reply, given server role 
- * and negoitated falgs
+ * and negotiated flags
  * 
  * @param ntlmssp_state NTLMSSP State
  * @param neg_flags The flags from the packet
@@ -291,7 +291,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 /**
  * Create an NTLMSSP state machine
  * 
- * @param ntlmssp_state NTLMSSP State, allocated by this funciton
+ * @param ntlmssp_state NTLMSSP State, allocated by this function
  */
 
 NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state)
@@ -322,7 +322,7 @@ NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state)
 /**
  * End an NTLMSSP state machine
  * 
- * @param ntlmssp_state NTLMSSP State, free()ed by this funciton
+ * @param ntlmssp_state NTLMSSP State, free()ed by this function
  */
 
 NTSTATUS ntlmssp_server_end(NTLMSSP_STATE **ntlmssp_state)
@@ -431,7 +431,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
 	DATA_BLOB session_key = data_blob(NULL, 0);
 	uint8 datagram_sess_key[16];
 
-	ZERO_STRUCT(datagram_sess_key);
+	generate_random_buffer(datagram_sess_key, sizeof(datagram_sess_key), False);	
 
 	if (!msrpc_parse(&reply, "CdBd",
 			 "NTLMSSP",
@@ -508,8 +508,6 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
 		session_key = data_blob(NULL, 16);
 		SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
 	}
-	
-	data_blob_free(&challenge_blob);
 
 	/* this generates the actual auth packet */
 	if (!msrpc_gen(next_request, auth_gen_string, 
@@ -520,7 +518,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
 		       ntlmssp_state->domain, 
 		       ntlmssp_state->user, 
 		       ntlmssp_state->get_global_myname(), 
-		       datagram_sess_key, 0,
+		       datagram_sess_key, 16,
 		       ntlmssp_state->neg_flags)) {
 		
 		data_blob_free(&lm_response);
@@ -529,9 +527,14 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	data_blob_free(&lm_response);
-	data_blob_free(&nt_response);
+	data_blob_free(&ntlmssp_state->chal);
+	data_blob_free(&ntlmssp_state->lm_resp);
+	data_blob_free(&ntlmssp_state->nt_resp);
+	data_blob_free(&ntlmssp_state->session_key);
 
+	ntlmssp_state->chal = challenge_blob;
+	ntlmssp_state->lm_resp = lm_response;
+	ntlmssp_state->nt_resp = nt_response;
 	ntlmssp_state->session_key = session_key;
 
 	return NT_STATUS_MORE_PROCESSING_REQUIRED;
@@ -558,10 +561,12 @@ NTSTATUS ntlmssp_client_start(NTLMSSP_CLIENT_STATE **ntlmssp_state)
 	(*ntlmssp_state)->unicode = True;
 
 	(*ntlmssp_state)->neg_flags = 
-	       	NTLMSSP_NEGOTIATE_128 | 
+		NTLMSSP_NEGOTIATE_128 |
 		NTLMSSP_NEGOTIATE_NTLM |
 		NTLMSSP_REQUEST_TARGET;
 
+	(*ntlmssp_state)->ref_count = 1;
+
 	return NT_STATUS_OK;
 }
 
@@ -569,8 +574,16 @@ NTSTATUS ntlmssp_client_end(NTLMSSP_CLIENT_STATE **ntlmssp_state)
 {
 	TALLOC_CTX *mem_ctx = (*ntlmssp_state)->mem_ctx;
 
-	data_blob_free(&(*ntlmssp_state)->session_key);
-	talloc_destroy(mem_ctx);
+	(*ntlmssp_state)->ref_count--;
+
+	if ((*ntlmssp_state)->ref_count == 0) {
+		data_blob_free(&(*ntlmssp_state)->chal);
+		data_blob_free(&(*ntlmssp_state)->lm_resp);
+		data_blob_free(&(*ntlmssp_state)->nt_resp);
+		data_blob_free(&(*ntlmssp_state)->session_key);
+		talloc_destroy(mem_ctx);
+	}
+
 	*ntlmssp_state = NULL;
 	return NT_STATUS_OK;
 }
diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
new file mode 100644
index 0000000000..f51d532319
--- /dev/null
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -0,0 +1,208 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Version 3.0
+ *  NTLMSSP Signing routines
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2001
+ *  Copyright (C) Andrew Bartlett 2003
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software Foundation,
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#include "includes.h"
+
+#define CLI_SIGN "session key to client-to-server signing key magic constant"
+#define CLI_SEAL "session key to client-to-server sealing key magic constant"
+#define SRV_SIGN "session key to server-to-client signing key magic constant"
+#define SRV_SEAL "session key to server-to-client sealing key magic constant"
+
+static void NTLMSSPcalc_ap( unsigned char *hash, unsigned char *data, int len)
+{
+    unsigned char index_i = hash[256];
+    unsigned char index_j = hash[257];
+    int ind;
+
+    for (ind = 0; ind < len; ind++)
+    {
+        unsigned char tc;
+        unsigned char t;
+
+        index_i++;
+        index_j += hash[index_i];
+
+        tc = hash[index_i];
+        hash[index_i] = hash[index_j];
+        hash[index_j] = tc;
+
+        t = hash[index_i] + hash[index_j];
+        data[ind] = data[ind] ^ hash[t];
+    }
+
+    hash[256] = index_i;
+    hash[257] = index_j;
+}
+
+static void calc_hash(unsigned char *hash, const char *k2, int k2l)
+{
+	unsigned char j = 0;
+	int ind;
+
+	for (ind = 0; ind < 256; ind++)
+	{
+		hash[ind] = (unsigned char)ind;
+	}
+
+	for (ind = 0; ind < 256; ind++)
+	{
+		unsigned char tc;
+
+		j += (hash[ind] + k2[ind%k2l]);
+
+		tc = hash[ind];
+		hash[ind] = hash[j];
+		hash[j] = tc;
+	}
+
+	hash[256] = 0;
+	hash[257] = 0;
+}
+
+static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
+			     const char encrypted_response[16], 
+			     const char *constant)
+{
+	struct MD5Context ctx3;
+
+	MD5Init(&ctx3);
+	MD5Update(&ctx3, encrypted_response, 5);
+	MD5Update(&ctx3, constant, strlen(constant));
+	MD5Final(digest, &ctx3);
+
+	calc_hash(hash, digest, 16);
+}
+
+static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state,
+					      const uchar *data, size_t length, 
+					      DATA_BLOB *sig) 
+{
+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		HMACMD5Context ctx;
+		char seq_num[4];
+		uchar digest[16];
+		SIVAL(seq_num, 0, &ntlmssp_state->ntlmssp_seq_num);
+
+		hmac_md5_init_limK_to_64(ntlmssp_state->cli_sign_const, 16, &ctx);
+		hmac_md5_update(seq_num, 4, &ctx);
+		hmac_md5_update(data, length, &ctx);
+		hmac_md5_final(digest, &ctx);
+
+		if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	       
+		NTLMSSPcalc_ap(ntlmssp_state->cli_seal_hash,  sig->data, sig->length);
+	} else {
+		uint32 crc;
+		crc = crc32_calc_buffer(data, length);
+		if (!msrpc_gen(sig, "ddd", 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data, sig->length);
+	}
+	return NT_STATUS_OK;
+}
+
+NTSTATUS ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
+					   const uchar *data, size_t length, 
+					   DATA_BLOB *sig) 
+{
+	ntlmssp_state->ntlmssp_seq_num++;
+	return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, sig);
+}
+
+/**
+ * Check the signature of an incoming packet 
+ * @note caller *must* check that the signature is the size it expects 
+ *
+ */
+
+NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
+					   const uchar *data, size_t length, 
+					   const DATA_BLOB *sig) 
+{
+	DATA_BLOB local_sig;
+	NTSTATUS nt_status;
+
+	if (sig->length < 8) {
+		DEBUG(0, ("NTLMSSP packet check failed due to short signiture (%u bytes)!\n", 
+			  sig->length));
+	}
+
+	nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data, 
+						  length, &local_sig);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
+		return nt_status;
+	}
+	
+	if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) {
+		return NT_STATUS_OK;
+	} else {
+		DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+}
+
+/**
+   Initialise the state for NTLMSSP signing.
+*/
+NTSTATUS ntlmssp_client_sign_init(NTLMSSP_CLIENT_STATE *ntlmssp_state)
+{
+	unsigned char p24[24];
+	unsigned char lm_hash[16];
+
+	if (!ntlmssp_state->lm_resp.data) {
+		/* can't sign or check signitures yet */ 
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+			    
+	E_deshash(ntlmssp_state->password, lm_hash);
+		
+	NTLMSSPOWFencrypt(lm_hash, ntlmssp_state->lm_resp.data, p24);
+	
+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
+	{
+		calc_ntlmv2_hash(ntlmssp_state->cli_sign_hash, ntlmssp_state->cli_sign_const, p24, CLI_SIGN);
+		calc_ntlmv2_hash(ntlmssp_state->cli_seal_hash, ntlmssp_state->cli_seal_const, p24, CLI_SEAL);
+		calc_ntlmv2_hash(ntlmssp_state->srv_sign_hash, ntlmssp_state->srv_sign_const, p24, SRV_SIGN);
+		calc_ntlmv2_hash(ntlmssp_state->srv_seal_hash, ntlmssp_state->srv_seal_const, p24, SRV_SEAL);
+	}
+	else
+	{
+		char k2[8];
+		memcpy(k2, p24, 5);
+		k2[5] = 0xe5;
+		k2[6] = 0x38;
+		k2[7] = 0xb0;
+		
+		calc_hash(ntlmssp_state->ntlmssp_hash, k2, 8);
+	}
+
+	ntlmssp_state->ntlmssp_seq_num = 0;
+
+	ZERO_STRUCT(lm_hash);
+	return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 581d18fef7..40359c5c8c 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -33,6 +33,11 @@ struct smb_basic_signing_context {
 
 static BOOL set_smb_signing_common(struct cli_state *cli) 
 {
+	if (!cli->sign_info.negotiated_smb_signing 
+	    && !cli->sign_info.mandetory_signing) {
+		return False;
+	}
+
 	if (cli->sign_info.doing_signing) {
 		return False;
 	}
@@ -40,7 +45,7 @@ static BOOL set_smb_signing_common(struct cli_state *cli)
 	if (cli->sign_info.free_signing_context)
 		cli->sign_info.free_signing_context(cli);
 
-	/* These calls are INCONPATIBLE with SMB signing */
+	/* These calls are INCOMPATIBLE with SMB signing */
 	cli->readbraw_supported = False;
 	cli->writebraw_supported = False;
 	
@@ -54,7 +59,7 @@ static BOOL set_smb_signing_common(struct cli_state *cli)
 static BOOL set_smb_signing_real_common(struct cli_state *cli) 
 {
 	if (cli->sign_info.mandetory_signing) {
-		DEBUG(5, ("Mandetory SMB signing enabled!\n"));
+		DEBUG(5, ("Mandatory SMB signing enabled!\n"));
 		cli->sign_info.doing_signing = True;
 	}
 
@@ -71,6 +76,28 @@ static void mark_packet_signed(struct cli_state *cli)
 	SSVAL(cli->outbuf,smb_flg2, flags2);
 }
 
+static BOOL signing_good(struct cli_state *cli, BOOL good) 
+{
+	DEBUG(10, ("got SMB signature of\n"));
+	dump_data(10,&cli->outbuf[smb_ss_field] , 8);
+
+	if (good && !cli->sign_info.doing_signing) {
+		cli->sign_info.doing_signing = True;
+	}
+
+	if (!good) {
+		if (cli->sign_info.doing_signing) {
+			DEBUG(1, ("SMB signature check failed!\n"));
+			return False;
+		} else {
+			DEBUG(3, ("Server did not sign reply correctly\n"));
+			cli_free_signing_context(cli);
+			return False;
+		}
+	}
+	return True;
+}	
+
 /***********************************************************
  SMB signing - Simple implementation - calculate a MAC to send.
 ************************************************************/
@@ -99,7 +126,7 @@ static void cli_simple_sign_outgoing_message(struct cli_state *cli)
 	MD5Update(&md5_ctx, cli->outbuf + 4, smb_len(cli->outbuf));
 	MD5Final(calc_md5_mac, &md5_ctx);
 
-	DEBUG(10, ("sent SMB signiture of\n"));
+	DEBUG(10, ("sent SMB signature of\n"));
 	dump_data(10, calc_md5_mac, 8);
 
 	memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
@@ -130,7 +157,7 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
 
 	memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
 
-	DEBUG(10, ("got SMB signiture of\n"));
+	DEBUG(10, ("got SMB signature of\n"));
 	dump_data(10, server_sent_mac, 8);
 
 	SIVAL(cli->inbuf, smb_ss_field, data->reply_seq_num);
@@ -145,15 +172,7 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
 
 	good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
 	
-	if (good && !cli->sign_info.doing_signing) {
-		cli->sign_info.doing_signing = True;
-	}
-
-	if (!good) {
-		DEBUG(1, ("SMB signiture check failed!\n"));
-	}
-
-	return good;
+	return signing_good(cli, good);
 }
 
 /***********************************************************
@@ -174,16 +193,16 @@ static void cli_simple_free_signing_context(struct cli_state *cli)
  SMB signing - Simple implementation - setup the MAC key.
 ************************************************************/
 
-void cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[16], const DATA_BLOB response)
+BOOL cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[16], const DATA_BLOB response)
 {
 	struct smb_basic_signing_context *data;
 
 	if (!set_smb_signing_common(cli)) {
-		return;
+		return False;
 	}
 
 	if (!set_smb_signing_real_common(cli)) {
-		return;
+		return False;
 	}
 
 	data = smb_xmalloc(sizeof(*data));
@@ -194,12 +213,105 @@ void cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[
 	memcpy(&data->mac_key.data[0], user_session_key, 16);
 	memcpy(&data->mac_key.data[16],response.data, MIN(response.length, 40 - 16));
 
-	/* Initialise the sequence number */
+	/* Initialize the sequence number */
 	data->send_seq_num = 0;
 
 	cli->sign_info.sign_outgoing_message = cli_simple_sign_outgoing_message;
 	cli->sign_info.check_incoming_message = cli_simple_check_incoming_message;
 	cli->sign_info.free_signing_context = cli_simple_free_signing_context;
+
+	return True;
+}
+
+/***********************************************************
+ SMB signing - NTLMSSP implementation - calculate a MAC to send.
+************************************************************/
+
+static void cli_ntlmssp_sign_outgoing_message(struct cli_state *cli)
+{
+	NTSTATUS nt_status;
+	DATA_BLOB sig;
+	NTLMSSP_CLIENT_STATE *ntlmssp_state = cli->sign_info.signing_context;
+
+	/* mark the packet as signed - BEFORE we sign it...*/
+	mark_packet_signed(cli);
+	
+	nt_status = ntlmssp_client_sign_packet(ntlmssp_state, cli->outbuf + 4, 
+					       smb_len(cli->outbuf), &sig);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("NTLMSSP signing failed with %s\n", nt_errstr(nt_status)));
+		return;
+	}
+
+	DEBUG(10, ("sent SMB signature of\n"));
+	dump_data(10, sig.data, MIN(sig.length, 8));
+	memcpy(&cli->outbuf[smb_ss_field], sig.data, MIN(sig.length, 8));
+	
+	data_blob_free(&sig);
+}
+
+/***********************************************************
+ SMB signing - NTLMSSP implementation - check a MAC sent by server.
+************************************************************/
+
+static BOOL cli_ntlmssp_check_incoming_message(struct cli_state *cli)
+{
+	BOOL good;
+	NTSTATUS nt_status;
+	DATA_BLOB sig = data_blob(&cli->outbuf[smb_ss_field], 8);
+
+	NTLMSSP_CLIENT_STATE *ntlmssp_state = cli->sign_info.signing_context;
+
+	nt_status = ntlmssp_client_check_packet(ntlmssp_state, cli->outbuf + 4, 
+						smb_len(cli->outbuf), &sig);
+	
+	data_blob_free(&sig);
+	
+	good = NT_STATUS_IS_OK(nt_status);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(5, ("NTLMSSP signing failed with %s\n", nt_errstr(nt_status)));
+	}
+
+	return signing_good(cli, good);
+}
+
+/***********************************************************
+ SMB signing - NTLMSSP implementation - free signing context
+************************************************************/
+
+static void cli_ntlmssp_free_signing_context(struct cli_state *cli)
+{
+	ntlmssp_client_end((NTLMSSP_CLIENT_STATE **)&cli->sign_info.signing_context);
+}
+
+/***********************************************************
+ SMB signing - NTLMSSP implementation - setup the MAC key.
+************************************************************/
+
+BOOL cli_ntlmssp_set_signing(struct cli_state *cli,
+			     NTLMSSP_CLIENT_STATE *ntlmssp_state)
+{
+	if (!set_smb_signing_common(cli)) {
+		return False;
+	}
+
+	if (!NT_STATUS_IS_OK(ntlmssp_client_sign_init(ntlmssp_state))) {
+		return False;
+	}
+
+	if (!set_smb_signing_real_common(cli)) {
+		return False;
+	}
+
+	cli->sign_info.signing_context = ntlmssp_state;
+	ntlmssp_state->ref_count++;
+
+	cli->sign_info.sign_outgoing_message = cli_ntlmssp_sign_outgoing_message;
+	cli->sign_info.check_incoming_message = cli_ntlmssp_check_incoming_message;
+	cli->sign_info.free_signing_context = cli_ntlmssp_free_signing_context;
+
+	return True;
 }
 
 /***********************************************************
@@ -210,7 +322,7 @@ static void cli_null_sign_outgoing_message(struct cli_state *cli)
 {
 	/* we can't zero out the sig, as we might be trying to send a
 	   session request - which is NBT-level, not SMB level and doesn't
-	   have the feild */
+	   have the field */
 	return;
 }
 
@@ -232,23 +344,24 @@ static void cli_null_free_signing_context(struct cli_state *cli)
 	return;
 }
 
-/***********************************************************
+/**
  SMB signing - NULL implementation - setup the MAC key.
-************************************************************/
 
-void cli_null_set_signing(struct cli_state *cli)
+ @note Used as an initialisation only - it will not correctly
+       shut down a real signing mechinism
+*/
+
+BOOL cli_null_set_signing(struct cli_state *cli)
 {
 	struct smb_basic_sign_data *data;
 
-	if (!set_smb_signing_common(cli)) {
-		return;
-	}
-
 	cli->sign_info.signing_context = NULL;
 	
 	cli->sign_info.sign_outgoing_message = cli_null_sign_outgoing_message;
 	cli->sign_info.check_incoming_message = cli_null_check_incoming_message;
 	cli->sign_info.free_signing_context = cli_null_free_signing_context;
+
+	return True;
 }
 
 /***********************************************************
@@ -257,7 +370,12 @@ void cli_null_set_signing(struct cli_state *cli)
 
 static void cli_temp_sign_outgoing_message(struct cli_state *cli)
 {
-	memcpy(&cli->outbuf[smb_ss_field], "SignRequest", 8);
+	/* mark the packet as signed - BEFORE we sign it...*/
+	mark_packet_signed(cli);
+
+	/* I wonder what BSRSPYL stands for - but this is what MS 
+	   actually sends! */
+	memcpy(&cli->outbuf[smb_ss_field], "BSRSPYL ", 8);
 	return;
 }
 
@@ -283,10 +401,10 @@ static void cli_temp_free_signing_context(struct cli_state *cli)
  SMB signing - NULL implementation - setup the MAC key.
 ************************************************************/
 
-void cli_temp_set_signing(struct cli_state *cli)
+BOOL cli_temp_set_signing(struct cli_state *cli)
 {
 	if (!set_smb_signing_common(cli)) {
-		return;
+		return False;
 	}
 
 	cli->sign_info.signing_context = NULL;
@@ -294,6 +412,8 @@ void cli_temp_set_signing(struct cli_state *cli)
 	cli->sign_info.sign_outgoing_message = cli_temp_sign_outgoing_message;
 	cli->sign_info.check_incoming_message = cli_temp_check_incoming_message;
 	cli->sign_info.free_signing_context = cli_temp_free_signing_context;
+
+	return True;
 }
 
 /**
@@ -309,7 +429,7 @@ void cli_free_signing_context(struct cli_state *cli)
 }
 
 /**
- * Sign a packet with the current mechinism
+ * Sign a packet with the current mechanism
  */
  
 void cli_caclulate_sign_mac(struct cli_state *cli)
@@ -318,7 +438,7 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
 }
 
 /**
- * Check a packet with the current mechinism
+ * Check a packet with the current mechanism
  * @return False if we had an established signing connection
  *         which had a back checksum, True otherwise
  */
-- 
cgit 


From 190708832c7aa10b03bab8c48077faca486c539d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 10 Mar 2003 02:48:32 +0000
Subject: Makefile.in for NTLMSSP singing update (This used to be commit
 7717555438e4d74bb63d12abde3573933c15342a)

---
 source3/Makefile.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 23c88d3ab1..3ae939c4f5 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -192,7 +192,7 @@ SECRETS_OBJ = passdb/secrets.o
 LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \
 	     libsmb/namequery.o 
 
-LIBNTLMSSP_OBJ = libsmb/ntlmssp.o libsmb/ntlmssp_parse.o
+LIBNTLMSSP_OBJ = libsmb/ntlmssp.o libsmb/ntlmssp_parse.o libsmb/ntlmssp_sign.o
 
 LIBSAMBA_OBJ = libsmb/nterr.o libsmb/smbdes.o libsmb/smbencrypt.o
 
-- 
cgit 


From 44bd743c286405cad0b10149ff5e116fc21e8322 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 10 Mar 2003 02:49:52 +0000
Subject: added -i option for ignoring dot errors in masktest (This used to be
 commit 0f4d1172a6add3f490fca22a45975d2588485146)

---
 source3/torture/masktest.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c
index 7d751fb789..06dead3f16 100644
--- a/source3/torture/masktest.c
+++ b/source3/torture/masktest.c
@@ -33,6 +33,7 @@ static const char *filechars = "abcdefghijklm.";
 static int verbose;
 static int die_on_error;
 static int NumLoops = 0;
+static int ignore_dot_errors = 0;
 
 /* a test fn for LANMAN mask support */
 int ms_fnmatch_lanman_core(const char *pattern, const char *string)
@@ -324,7 +325,9 @@ static void testpair(struct cli_state *cli, char *mask, char *file)
 
 	res2 = reg_test(cli, mask, long_name, short_name);
 
-	if (showall || strcmp(res1, res2)) {
+	if (showall || 
+	    ((strcmp(res1, res2) && !ignore_dot_errors) ||
+	     (strcmp(res1+2, res2+2) && ignore_dot_errors))) {
 		DEBUG(0,("%s %s %d mask=[%s] file=[%s] rfile=[%s/%s]\n",
 			 res1, res2, count, mask, file, long_name, short_name));
 		if (die_on_error) exit(1);
@@ -409,6 +412,7 @@ static void usage(void)
 	-v                             verbose mode\n\
 	-E                             die on error\n\
         -a                             show all tests\n\
+        -i                             ignore . and .. errors\n\
 \n\
   This program tests wildcard matching between two servers. It generates\n\
   random pairs of filenames/masks and tests that they match in the same\n\
@@ -461,7 +465,7 @@ static void usage(void)
 
 	seed = time(NULL);
 
-	while ((opt = getopt(argc, argv, "n:d:U:s:hm:f:aoW:M:vE")) != EOF) {
+	while ((opt = getopt(argc, argv, "n:d:U:s:hm:f:aoW:M:vEi")) != EOF) {
 		switch (opt) {
 		case 'n':
 			NumLoops = atoi(optarg);
@@ -472,6 +476,9 @@ static void usage(void)
 		case 'E':
 			die_on_error = 1;
 			break;
+		case 'i':
+			ignore_dot_errors = 1;
+			break;
 		case 'v':
 			verbose++;
 			break;
-- 
cgit 


From 8dd9e99f37c984f94e9ebc2005e3806c9bb43767 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 10 Mar 2003 02:51:30 +0000
Subject: fixed use_oplocks and the timeout in smbtorture startup (This used to
 be commit cec1ef09e5009cdac22e6c9ca101a49c5ef36b1a)

---
 source3/torture/torture.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index ca4dbed1d8..090f08c160 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -150,15 +150,25 @@ BOOL torture_open_connection(struct cli_state **c)
 {
 	BOOL retry;
 	int flags = 0;
+	NTSTATUS status;
+
 	if (use_kerberos)
 		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
 	
-	return (NT_STATUS_IS_OK(
-			cli_full_connection(c, myname,
-					    host, NULL, port_to_use, 
-					    share, "?????", 
-					    username, workgroup, 
-					    password, flags, &retry)));
+	status = cli_full_connection(c, myname,
+				     host, NULL, port_to_use, 
+				     share, "?????", 
+				     username, workgroup, 
+				     password, flags, &retry);
+	if (!NT_STATUS_IS_OK(status)) {
+		return False;
+	}
+
+	if (use_oplocks) (*c)->use_oplocks = True;
+	if (use_level_II_oplocks) (*c)->use_level_II_oplocks = True;
+	(*c)->timeout = 120000; /* set a really long timeout (2 minutes) */
+
+	return True;
 }
 
 
-- 
cgit 


From fba0a720353c113e7aedc6fb7e90f0aff938a8fb Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Mon, 10 Mar 2003 03:04:47 +0000
Subject: Use "$@" to preserve shell quoting in case somebody passes an escaped
 string as a configure parameter. (This used to be commit
 3285c80cb0e41d6736b4f74b01a65d55753a7920)

---
 source3/configure.developer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/configure.developer b/source3/configure.developer
index 0409a75061..a7074acfd3 100755
--- a/source3/configure.developer
+++ b/source3/configure.developer
@@ -1,2 +1,2 @@
 #!/bin/sh
-`dirname $0`/configure --enable-developer $*
+`dirname $0`/configure --enable-developer "$@"
-- 
cgit 


From 8cad904f385dfe25e6dffe39a773641d02ed2776 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 10 Mar 2003 12:08:32 +0000
Subject: Don't segfault on make_server_info_guest() failure - instead return
 the error code.

make_server_info_guest() requires an entry in the SAM at the moment, but
this will change before release.

Andrew Bartlett
(This used to be commit 6a956390fa253e87e38b3f1909f13595fbf2767a)
---
 source3/smbd/sesssetup.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index dfe246e398..2661fe3f93 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -39,16 +39,14 @@ static NTSTATUS do_map_to_guest(NTSTATUS status, auth_serversupplied_info **serv
 		    (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
 			DEBUG(3,("No such user %s [%s] - using guest account\n",
 				 user, domain));
-			make_server_info_guest(server_info);
-			status = NT_STATUS_OK;
+			status = make_server_info_guest(server_info);
 		}
 	}
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
 		if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
 			DEBUG(3,("Registered username %s for guest access\n",user));
-			make_server_info_guest(server_info);
-			status = NT_STATUS_OK;
+			status = make_server_info_guest(server_info);
 		}
 	}
 
-- 
cgit 


From 683c17ac0dfce64e7cfcafbc640b18ea4610f021 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 10 Mar 2003 15:05:06 +0000
Subject: check a pointer before dereferencing it; not sure why userdata ==
 NULL though (This used to be commit 6fca29ddcdb111af24ee051b555ab4eec8cadd1d)

---
 source3/nmbd/nmbd_browsesync.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c
index 84c6f43f57..5914ea9637 100644
--- a/source3/nmbd/nmbd_browsesync.c
+++ b/source3/nmbd/nmbd_browsesync.c
@@ -258,7 +258,7 @@ static void domain_master_node_status_fail(struct subnet_record *subrec,
   {
     dbgtext( "domain_master_node_status_fail:\n" );
     dbgtext( "Doing a node status request to the domain master browser\n" );
-    dbgtext( "for workgroup %s ", userdata->data );
+    dbgtext( "for workgroup %s ", userdata ? userdata->data : "NULL" );
     dbgtext( "at IP %s failed.\n", inet_ntoa(rrec->packet->ip) );
     dbgtext( "Cannot sync browser lists.\n" );
   }
-- 
cgit 


From 06c4d9a8ff4373227ba6a418b8af627aaddbc4d0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 10 Mar 2003 16:59:29 +0000
Subject: Some conversion to pstrcpy_base.

Volker
(This used to be commit 329911e43681b724cb0579aad77b4a658759d7ba)
---
 source3/libsmb/clirap.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 24108d40f3..a1845b2e16 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -85,19 +85,19 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation)
 	p = param;
 	SSVAL(p,0,132); /* api number */
 	p += 2;
-	pstrcpy(p,"OOWb54WrLh");
+	pstrcpy_base(p,"OOWb54WrLh",param);
 	p = skip_string(p,1);
-	pstrcpy(p,"WB21BWDWWDDDDDDDzzzD");
+	pstrcpy_base(p,"WB21BWDWWDDDDDDDzzzD",param);
 	p = skip_string(p,1);
 	SSVAL(p,0,1);
 	p += 2;
-	pstrcpy(p,user);
+	pstrcpy_base(p,user,param);
 	strupper(p);
 	p += 21;
 	p++;
 	p += 15;
 	p++; 
-	pstrcpy(p, workstation); 
+	pstrcpy_base(p, workstation, param);
 	strupper(p);
 	p += 16;
 	SSVAL(p, 0, CLI_BUFFER_SIZE);
@@ -145,9 +145,9 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, co
 	p = param;
 	SSVAL(p,0,0); /* api number */
 	p += 2;
-	pstrcpy(p,"WrLeh");
+	pstrcpy_base(p,"WrLeh",param);
 	p = skip_string(p,1);
-	pstrcpy(p,"B13BWz");
+	pstrcpy_base(p,"B13BWz",param);
 	p = skip_string(p,1);
 	SSVAL(p,0,1);
 	/*
-- 
cgit 


From 2e3f9c35d5c16bfe8cf78374f699abe9ed56b4ca Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 11 Mar 2003 00:14:55 +0000
Subject: Patch from Ronan Waide:

> when doing "enumdomusers", rpcclient prints each one preceded by the
> word "group" instead of "user"
(This used to be commit 17567dd1d510d4cf1dffa67be78510ae51571ec6)
---
 source3/rpcclient/cmd_samr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index cec6b1680b..95ea27562e 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -684,7 +684,7 @@ static NTSTATUS cmd_samr_enum_dom_users(struct cli_state *cli,
 		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 
 			for (i = 0; i < num_dom_users; i++)
-				printf("group:[%s] rid:[0x%x]\n", 
+                               printf("user:[%s] rid:[0x%x]\n", 
 				       dom_users[i], dom_rids[i]);
 		}
 
-- 
cgit 


From dcf7cad4bff3797fd2c606f6225a4ed68b0a3c51 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 11 Mar 2003 02:30:17 +0000
Subject: Remove obsolete file. (This used to be commit
 c5c1a7979385778c08d6dd7796cfe8be1815992f)

---
 source3/nsswitch/README | 13 -------------
 1 file changed, 13 deletions(-)
 delete mode 100644 source3/nsswitch/README

diff --git a/source3/nsswitch/README b/source3/nsswitch/README
deleted file mode 100644
index 9f0c581df6..0000000000
--- a/source3/nsswitch/README
+++ /dev/null
@@ -1,13 +0,0 @@
-This extension provides a "wins" module for NSS on glibc2/Linux.  This
-allows you to use a WINS entry in /etc/nsswitch.conf for hostname
-resolution, allowing you to resolve netbios names via start unix
-gethostbyname() calls. The end result is that you can use netbios
-names as host names in unix apps.
-
-1) run configure
-2) run "make nsswitch"
-3) cp nsswitch/libnss_wins.so /lib/libnss_wins.so.2
-4) add a wins entry to the hosts line in /etc/nsswitch.conf
-5) use it
-
-tridge@linuxcare.com
-- 
cgit 


From ee28d38fbc5639140478e51cc33ec0a312d785da Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 11 Mar 2003 04:21:14 +0000
Subject: When opening an existing DB, don't require the hash_size specified to
 the open call to be the same as that of the existing tdb.  The specified
 hash_size is only used if the tdb needs to be (re)created.

With this patch in place, tdbtool can open the printing tdbs, which
are created with a hash_size of 5000.  Before it would fail with EIO.
(This used to be commit e412dd6d7e5a41de94c07c64b186390ccce104cc)
---
 source3/tdb/tdb.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/source3/tdb/tdb.c b/source3/tdb/tdb.c
index 097209ff7a..0ec770ed81 100644
--- a/source3/tdb/tdb.c
+++ b/source3/tdb/tdb.c
@@ -1728,8 +1728,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
 
 	if (read(tdb->fd, &tdb->header, sizeof(tdb->header)) != sizeof(tdb->header)
 	    || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0
-	    || tdb->header.version != TDB_VERSION
-	    || (tdb->header.hash_size != hash_size
+	    || (tdb->header.version != TDB_VERSION
 		&& !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION))))) {
 		/* its not a valid database - possibly initialise it */
 		if (!(open_flags & O_CREAT) || tdb_new_database(tdb, hash_size) == -1) {
-- 
cgit 


From cca61adcd242b96a1cf3c3b6528fd23a4998c2c3 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 11 Mar 2003 05:57:53 +0000
Subject: If using --enable-developer and valgrind.h is present, define
 VALGRIND. (This used to be commit 71c8e90117f00f168416f2f35a1c25755e2d0ed4)

---
 source3/include/includes.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 297f38ae97..7e5ad0e3cd 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -438,6 +438,14 @@
 #include <valgrind.h>
 #endif
 
+/* If we have --enable-developer and the valgrind header is present,
+ * then we're OK to use it.  Set a macro so this logic can be done only
+ * once. */
+#if defined(DEVELOPER) && HAVE_VALGRIND_H
+#define VALGRIND
+#endif
+
+
 /* we support ADS if we want it and have krb5 and ldap libs */
 #if defined(WITH_ADS) && defined(HAVE_KRB5) && defined(HAVE_LDAP)
 #define HAVE_ADS
-- 
cgit 


From c13990277f1ab2e6810ada193caa720f6e71f087 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 11 Mar 2003 06:31:23 +0000
Subject: make sure we have an empty directory when we start the utable test
 (This used to be commit af415842b80f024ca26b4e3bc52fd73fce0a28f3)

---
 source3/torture/utable.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/source3/torture/utable.c b/source3/torture/utable.c
index d9c1fcbafd..d8a1557dbb 100644
--- a/source3/torture/utable.c
+++ b/source3/torture/utable.c
@@ -129,8 +129,12 @@ BOOL torture_casetable(int dummy)
 
 	memset(equiv, 0, sizeof(equiv));
 
-	cli_mkdir(cli, "\\utable");
 	cli_unlink(cli, "\\utable\\*");
+	cli_rmdir(cli, "\\utable");
+	if (!cli_mkdir(cli, "\\utable")) {
+		printf("Failed to create utable directory!\n");
+		return False;
+	}
 
 	for (c=1; c < 0x10000; c++) {
 		size_t size;
-- 
cgit 


From 191b44b91c628d2647a1e1355508c2eafa59535f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 11 Mar 2003 06:53:10 +0000
Subject: fixed the MANGLE smbtorture test with the new paranoid string code
 (This used to be commit 7be44dbe009a8d831c0720a2649fc871b067beef)

---
 source3/torture/mangle_test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/torture/mangle_test.c b/source3/torture/mangle_test.c
index 86030027ba..d1475eb64e 100644
--- a/source3/torture/mangle_test.c
+++ b/source3/torture/mangle_test.c
@@ -135,7 +135,7 @@ static void gen_name(char *name)
 
 	/* and a medium probability of a common lead string */
 	if (random() % 10 == 0) {
-		strncpy(p, "ABCDE", 5);
+		strncpy(p, "ABCDE", 6);
 	}
 
 	/* and a high probability of a good extension length */
-- 
cgit 


From 538c832ba147caa4c5f66439022ecb11ee2e5335 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 11 Mar 2003 06:53:44 +0000
Subject: having sticky create times is not a bug (This used to be commit
 f283f71104319fa9f1e7d22fc91b8d7224ae157a)

---
 source3/torture/torture.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 090f08c160..327212c6be 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -2130,7 +2130,6 @@ static BOOL run_trans2test(int dummy)
 			printf("create time=%s", ctime(&c_time));
 			printf("modify time=%s", ctime(&m_time));
 			printf("This system appears to have sticky create times\n");
-			correct = False;
 		}
 		if (a_time % (60*60) == 0) {
 			printf("access time=%s", ctime(&a_time));
-- 
cgit 


From 6f7ac2dcab02a0babf4c18e6fe1d1697943bddfc Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 11 Mar 2003 07:23:43 +0000
Subject: Note about using Valgrind with tdbs. (This used to be commit
 36c6f67d4af50d8fc4c8bd54486df315861d55c2)

---
 source3/tdb/tdb.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/source3/tdb/tdb.c b/source3/tdb/tdb.c
index 0ec770ed81..ab50f40ef6 100644
--- a/source3/tdb/tdb.c
+++ b/source3/tdb/tdb.c
@@ -20,6 +20,27 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
+
+
+/* NOTE: If you use tdbs under valgrind, and in particular if you run
+ * tdbtorture, you may get spurious "uninitialized value" warnings.  I
+ * think this is because valgrind doesn't understand that the mmap'd
+ * area may be written to by other processes.  Memory can, from the
+ * point of view of the grinded process, spontaneously become
+ * initialized.
+ *
+ * I can think of a few solutions.  [mbp 20030311]
+ *
+ * 1 - Write suppressions for Valgrind so that it doesn't complain
+ * about this.  Probably the most reasonable but people need to
+ * remember to use them.
+ *
+ * 2 - Use IO not mmap when running under valgrind.  Not so nice.
+ *
+ * 3 - Use the special valgrind macros to mark memory as valid at the
+ * right time.  Probably too hard -- the process just doesn't know.
+ */ 
+
 #ifdef STANDALONE
 #if HAVE_CONFIG_H
 #include <config.h>
-- 
cgit 


From 2e01ef5957bcdecb057d94122529b7cbd7f40ec2 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 11 Mar 2003 07:25:48 +0000
Subject: Remove valgrind_strlen function, hopefully no longer needed with
 recent Valgrind relases and clashing with -DVALGRIND. (This used to be commit
 98479f1315cf8968152e1566966ac57e171008c3)

---
 source3/include/includes.h |  4 ----
 source3/lib/util_str.c     |  9 ---------
 source3/tdb/tdbbackup.c    | 10 ----------
 3 files changed, 23 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 7e5ad0e3cd..b6abdd99ce 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1220,10 +1220,6 @@ int smb_xvasprintf(char **ptr, const char *format, va_list ap) PRINTF_ATTRIBUTE(
 time_t timegm(struct tm *tm);
 #endif
 
-#if defined(VALGRIND)
-#define strlen(x) valgrind_strlen(x)
-#endif
-
 /*
  * Veritas File System.  Often in addition to native.
  * Quotas different.
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 924cf9d921..7dd5ee4242 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1667,12 +1667,3 @@ char * base64_encode_data_blob(DATA_BLOB data)
     return result;
 }
 
-#ifdef VALGRIND
-size_t valgrind_strlen(const char *s)
-{
-	size_t count;
-	for(count = 0; *s++; count++)
-		;
-	return count;
-}
-#endif
diff --git a/source3/tdb/tdbbackup.c b/source3/tdb/tdbbackup.c
index 7b344de6c4..36ba7db918 100644
--- a/source3/tdb/tdbbackup.c
+++ b/source3/tdb/tdbbackup.c
@@ -303,13 +303,3 @@ static void usage(void)
 
 	return ret;
 }
-
-#ifdef VALGRIND
-size_t valgrind_strlen(const char *s)
-{
-	size_t count;
-	for(count = 0; *s++; count++)
-		;
-	return count;
-}
-#endif
-- 
cgit 


From d40890e6a05badaac4b41979890a17ef1e69b5f7 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Tue, 11 Mar 2003 09:16:37 +0000
Subject: This is how combination of domain logons and security parameter best
 combine. Comments wellcome.

Simo.
(This used to be commit e1431424e7603d946f63cfe7fe669b0b32ac8095)
---
 source3/param/loadparm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index f7f12bbe80..2a83905a9f 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3804,14 +3804,14 @@ static void set_server_role(void)
 
 	switch (lp_security()) {
 		case SEC_SHARE:
+		case SEC_SERVER:
+		case SEC_ADS:
 			if (lp_domain_logons())
 				DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
 			break;
-		case SEC_SERVER:
 		case SEC_DOMAIN:
-		case SEC_ADS:
 			if (lp_domain_logons()) {
-				server_role = ROLE_DOMAIN_PDC;
+				server_role = ROLE_DOMAIN_BDC;
 				break;
 			}
 			server_role = ROLE_DOMAIN_MEMBER;
-- 
cgit 


From da6266f4f18b3406676372c6632d3b8199aaa420 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 11 Mar 2003 10:06:34 +0000
Subject: After 'consultation' with idra, this is how I think the server roles
 should work...

Andrew Bartlett
(This used to be commit 5c1f1005907bf50b809dfae1f8251c7122103098)
---
 source3/param/loadparm.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 2a83905a9f..5bffa2c862 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3804,18 +3804,23 @@ static void set_server_role(void)
 
 	switch (lp_security()) {
 		case SEC_SHARE:
-		case SEC_SERVER:
-		case SEC_ADS:
 			if (lp_domain_logons())
 				DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
 			break;
-		case SEC_DOMAIN:
+		case SEC_SERVER:
+			if (lp_domain_logons())
+				DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+			break;
+		case SEC_ADS:
 			if (lp_domain_logons()) {
-				server_role = ROLE_DOMAIN_BDC;
+				server_role = ROLE_DOMAIN_PDC;
 				break;
 			}
 			server_role = ROLE_DOMAIN_MEMBER;
 			break;
+		case SEC_DOMAIN:
+			if (lp_domain_logons())
+				DEBUG(0, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
 		case SEC_USER:
 			if (lp_domain_logons()) {
 
-- 
cgit 


From 60a8e3c20c24b6150946d7b6f348e8e5b050ed94 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 11 Mar 2003 10:13:57 +0000
Subject: Some further tought on the server role issue - try not to break it
 compeatly.

Andrew Bartlett
(This used to be commit 4c6a2d8d28d1752d7fee52d253ce2829bd0a0671)
---
 source3/param/loadparm.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 5bffa2c862..7d0208fb85 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3810,6 +3810,12 @@ static void set_server_role(void)
 		case SEC_SERVER:
 			if (lp_domain_logons())
 				DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+			server_role = ROLE_DOMAIN_MEMBER;
+			break;
+		case SEC_DOMAIN:
+			if (lp_domain_logons())
+				DEBUG(0, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
+			server_role = ROLE_DOMAIN_MEMBER;
 			break;
 		case SEC_ADS:
 			if (lp_domain_logons()) {
@@ -3818,9 +3824,6 @@ static void set_server_role(void)
 			}
 			server_role = ROLE_DOMAIN_MEMBER;
 			break;
-		case SEC_DOMAIN:
-			if (lp_domain_logons())
-				DEBUG(0, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
 		case SEC_USER:
 			if (lp_domain_logons()) {
 
-- 
cgit 


From 17030fc403feb3ce5097d088ecf992e8b684d81a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 11 Mar 2003 10:53:46 +0000
Subject: security=domain and domain logons = yes should be a BDC (of sorts).

Matches 2.2

Andrew Bartlett
(This used to be commit f6497fd639c5bb7d61eda0286c4c3c38609933b0)
---
 source3/param/loadparm.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 7d0208fb85..c21b88ff20 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3813,8 +3813,11 @@ static void set_server_role(void)
 			server_role = ROLE_DOMAIN_MEMBER;
 			break;
 		case SEC_DOMAIN:
-			if (lp_domain_logons())
-				DEBUG(0, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
+			if (lp_domain_logons()) {
+				DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
+				server_role = ROLE_DOMAIN_BDC;
+				break;
+			}
 			server_role = ROLE_DOMAIN_MEMBER;
 			break;
 		case SEC_ADS:
-- 
cgit 


From 3b580ff000d9f258c581efded52d5d7c55375173 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 11 Mar 2003 11:28:59 +0000
Subject: This patch attemptes to clean up winbindd's mutex locking.

The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.

This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection.  Tim Potter did
some work on this a little while back, verifying the second case.

The two cases are:
 - between connect() and first session setup
 - during the auth2 phase of the netlogon pipe setup.

I've removed the counter on the lock, as I fail to see what it gains us.

This patch also adds 'anonymous fallback' to our winbindd -> DC connection.

If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.

Both tpot and mbp like the patch.

Andrew Bartlett
(This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
---
 source3/lib/server_mutex.c     |  6 ++--
 source3/nsswitch/winbindd_cm.c | 78 ++++++++++++++++++++----------------------
 source3/passdb/secrets.c       | 30 ++++------------
 3 files changed, 46 insertions(+), 68 deletions(-)

diff --git a/source3/lib/server_mutex.c b/source3/lib/server_mutex.c
index 878e5497d8..3e5512c734 100644
--- a/source3/lib/server_mutex.c
+++ b/source3/lib/server_mutex.c
@@ -30,8 +30,6 @@
    like the single-connection that NT makes. */
 
 static char *mutex_server_name;
-/* FIXME. ref_count should be allocated per name... JRA. */
-size_t ref_count;
 
 BOOL grab_server_mutex(const char *name)
 {
@@ -40,7 +38,7 @@ BOOL grab_server_mutex(const char *name)
 		DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
 		return False;
 	}
-	if (!secrets_named_mutex(mutex_server_name, 10, &ref_count)) {
+	if (!secrets_named_mutex(mutex_server_name, 10)) {
 		DEBUG(10,("grab_server_mutex: failed for %s\n", name));
 		SAFE_FREE(mutex_server_name);
 		return False;
@@ -52,7 +50,7 @@ BOOL grab_server_mutex(const char *name)
 void release_server_mutex(void)
 {
 	if (mutex_server_name) {
-		secrets_named_mutex_release(mutex_server_name, &ref_count);
+		secrets_named_mutex_release(mutex_server_name);
 		SAFE_FREE(mutex_server_name);
 	}
 }
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 54096c0c1d..1b49d8ce01 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -302,7 +302,7 @@ static void add_failed_connection_entry(struct winbindd_cm_conn *new_conn,
 /* Open a connction to the remote server, cache failures for 30 seconds */
 
 static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
-			       struct winbindd_cm_conn *new_conn, BOOL keep_mutex)
+			       struct winbindd_cm_conn *new_conn)
 {
 	struct failed_connection_cache *fcc;
 	NTSTATUS result;
@@ -310,7 +310,6 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
 	struct in_addr dc_ip;
 	int i;
 	BOOL retry = True;
-	BOOL got_mutex = False;
 
 	ZERO_STRUCT(dc_ip);
 
@@ -366,24 +365,21 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
 	      new_conn->controller, global_myname(), ipc_domain, ipc_username));
 
 	for (i = 0; retry && (i < 3); i++) {
-		
-		if (!secrets_named_mutex(new_conn->controller, WINBIND_SERVER_MUTEX_WAIT_TIME, &new_conn->mutex_ref_count)) {
+		BOOL got_mutex;
+		if (!(got_mutex = secrets_named_mutex(new_conn->controller, WINBIND_SERVER_MUTEX_WAIT_TIME))) {
 			DEBUG(0,("cm_open_connection: mutex grab failed for %s\n", new_conn->controller));
 			result = NT_STATUS_POSSIBLE_DEADLOCK;
 			continue;
 		}
-
-		got_mutex = True;
-
+		
 		result = cli_full_connection(&new_conn->cli, global_myname(), new_conn->controller, 
-			&dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, 
-			ipc_password, 0, &retry);
+					     &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, 
+					     ipc_password, CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK, &retry);
+		
+		secrets_named_mutex_release(new_conn->controller);
 
 		if (NT_STATUS_IS_OK(result))
 			break;
-
-		secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count);
-		got_mutex = False;
 	}
 
 	SAFE_FREE(ipc_username);
@@ -391,8 +387,6 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
 	SAFE_FREE(ipc_password);
 
 	if (!NT_STATUS_IS_OK(result)) {
-		if (got_mutex)
-			secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count);
 		add_failed_connection_entry(new_conn, result);
 		return result;
 	}
@@ -407,16 +401,12 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
 		 * if the PDC is an NT4 box.   but since there is only one 2k 
 		 * specific UUID right now, i'm not going to bother.  --jerry
 		 */
-		if (got_mutex)
-			secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count);
 		if ( !is_win2k_pipe(pipe_index) )
 			add_failed_connection_entry(new_conn, result);
 		cli_shutdown(new_conn->cli);
 		return result;
 	}
 
-	if ((got_mutex) && !keep_mutex)
-		secrets_named_mutex_release(new_conn->controller, &new_conn->mutex_ref_count);
 	return NT_STATUS_OK;
 }
 
@@ -455,7 +445,7 @@ static BOOL connection_ok(struct winbindd_cm_conn *conn)
 /* Get a connection to the remote DC and open the pipe.  If there is already a connection, use that */
 
 static NTSTATUS get_connection_from_cache(const char *domain, const char *pipe_name,
-		struct winbindd_cm_conn **conn_out, BOOL keep_mutex) 
+		struct winbindd_cm_conn **conn_out) 
 {
 	struct winbindd_cm_conn *conn, conn_temp;
 	NTSTATUS result;
@@ -472,12 +462,6 @@ static NTSTATUS get_connection_from_cache(const char *domain, const char *pipe_n
 				SAFE_FREE(conn);
 				conn = &conn_temp;  /* Just to keep the loop moving */
 			} else {
-				if (keep_mutex) {
-					if (!secrets_named_mutex(conn->controller,
-							WINBIND_SERVER_MUTEX_WAIT_TIME, &conn->mutex_ref_count))
-						DEBUG(0,("get_connection_from_cache: mutex grab failed for %s\n",
-							conn->controller));
-				}
 				break;
 			}
 		}
@@ -489,7 +473,7 @@ static NTSTATUS get_connection_from_cache(const char *domain, const char *pipe_n
 		
 		ZERO_STRUCTP(conn);
 		
-		if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, get_pipe_index(pipe_name), conn, keep_mutex))) {
+		if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, get_pipe_index(pipe_name), conn))) {
 			DEBUG(3, ("Could not open a connection to %s for %s (%s)\n", 
 				  domain, pipe_name, nt_errstr(result)));
 		        SAFE_FREE(conn);
@@ -517,7 +501,7 @@ BOOL cm_check_for_native_mode_win2k( const char *domain )
 	ZERO_STRUCT( ctr );
 	
 	
-	if ( !NT_STATUS_IS_OK(result = cm_open_connection(domain, PI_LSARPC_DS, &conn, False)) ) {
+	if ( !NT_STATUS_IS_OK(result = cm_open_connection(domain, PI_LSARPC_DS, &conn)) ) {
 		DEBUG(5, ("cm_check_for_native_mode_win2k: Could not open a connection to %s for PIPE_LSARPC (%s)\n", 
 			  domain, nt_errstr(result)));
 		return False;
@@ -555,7 +539,7 @@ CLI_POLICY_HND *cm_get_lsa_handle(const char *domain)
 
 	/* Look for existing connections */
 
-	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn, False)))
+	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn)))
 		return NULL;
 
 	/* This *shitty* code needs scrapping ! JRA */
@@ -571,7 +555,7 @@ CLI_POLICY_HND *cm_get_lsa_handle(const char *domain)
 	if (!NT_STATUS_IS_OK(result)) {
 		/* Hit the cache code again.  This cleans out the old connection and gets a new one */
 		if (conn->cli->fd == -1) { /* Try again, if the remote host disapeared */
-			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn, False)))
+			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn)))
 				return NULL;
 
 			result = cli_lsa_open_policy(conn->cli, conn->cli->mem_ctx, False, 
@@ -603,7 +587,7 @@ CLI_POLICY_HND *cm_get_sam_handle(char *domain)
 
 	/* Look for existing connections */
 
-	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn, False)))
+	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn)))
 		return NULL;
 	
 	/* This *shitty* code needs scrapping ! JRA */
@@ -618,7 +602,7 @@ CLI_POLICY_HND *cm_get_sam_handle(char *domain)
 	if (!NT_STATUS_IS_OK(result)) {
 		/* Hit the cache code again.  This cleans out the old connection and gets a new one */
 		if (conn->cli->fd == -1) { /* Try again, if the remote host disapeared */
-			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn, False)))
+			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn)))
 				return NULL;
 
 			result = cli_samr_connect(conn->cli, conn->cli->mem_ctx,
@@ -875,35 +859,47 @@ NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_pass
 	NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
 	struct winbindd_cm_conn *conn;
 	uint32 neg_flags = 0x000001ff;
+	fstring lock_name;
+	BOOL got_mutex;
 
 	if (!cli)
 		return NT_STATUS_INVALID_PARAMETER;
 
 	/* Open an initial conection - keep the mutex. */
 
-	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn, True)))
+	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn)))
 		return result;
 	
-	result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2);
-
-	if (conn->mutex_ref_count)
-		secrets_named_mutex_release(conn->controller, &conn->mutex_ref_count);
+	snprintf(lock_name, sizeof(lock_name), "NETLOGON\\%s", conn->controller);
 
+	if (!(got_mutex = secrets_named_mutex(lock_name, WINBIND_SERVER_MUTEX_WAIT_TIME))) {
+		DEBUG(0,("cm_get_netlogon_cli: mutex grab failed for %s\n", conn->controller));
+	}
+			
+	result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2);
+	
+	if (got_mutex)
+		secrets_named_mutex_release(lock_name);
+			
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(0, ("error connecting to domain password server: %s\n",
 			  nt_errstr(result)));
 		
 		/* Hit the cache code again.  This cleans out the old connection and gets a new one */
 		if (conn->cli->fd == -1) {
-
-			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn, True)))
+			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn)))
 				return result;
 			
+			snprintf(lock_name, sizeof(lock_name), "NETLOGON\\%s", conn->controller);
+			if (!(got_mutex = secrets_named_mutex(lock_name, WINBIND_SERVER_MUTEX_WAIT_TIME))) {
+				DEBUG(0,("cm_get_netlogon_cli: mutex grab failed for %s\n", conn->controller));
+			}
+			
 			/* Try again */
 			result = cli_nt_setup_creds( conn->cli, get_sec_chan(),trust_passwd, &neg_flags, 2);
-
-			if (conn->mutex_ref_count)
-				secrets_named_mutex_release(conn->controller, &conn->mutex_ref_count);
+			
+			if (got_mutex)
+				secrets_named_mutex_release(lock_name);
 		}
 		
 		if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index a58ea492ea..2b944a9941 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -588,24 +588,17 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned in
  between smbd instances.
 *******************************************************************************/
 
-BOOL secrets_named_mutex(const char *name, unsigned int timeout, size_t *p_ref_count)
+BOOL secrets_named_mutex(const char *name, unsigned int timeout)
 {
-	size_t ref_count = *p_ref_count;
 	int ret = 0;
 
 	if (!message_init())
 		return False;
 
-	if (ref_count == 0) {
-		ret = tdb_lock_bystring(tdb, name, timeout);
-		if (ret == 0)
-			DEBUG(10,("secrets_named_mutex: got mutex for %s\n", name ));
-	}
+	ret = tdb_lock_bystring(tdb, name, timeout);
+	if (ret == 0)
+		DEBUG(10,("secrets_named_mutex: got mutex for %s\n", name ));
 
-	if (ret == 0) {
-		*p_ref_count = ++ref_count;
-		DEBUG(10,("secrets_named_mutex: ref_count for mutex %s = %u\n", name, (unsigned int)ref_count ));
-	}
 	return (ret == 0);
 }
 
@@ -613,19 +606,10 @@ BOOL secrets_named_mutex(const char *name, unsigned int timeout, size_t *p_ref_c
  Unlock a named mutex.
 *******************************************************************************/
 
-void secrets_named_mutex_release(const char *name, size_t *p_ref_count)
+void secrets_named_mutex_release(const char *name)
 {
-	size_t ref_count = *p_ref_count;
-
-	SMB_ASSERT(ref_count != 0);
-
-	if (ref_count == 1) {
-		tdb_unlock_bystring(tdb, name);
-		DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name ));
-	}
-
-	*p_ref_count = --ref_count;
-	DEBUG(10,("secrets_named_mutex_release: ref_count for mutex %s = %u\n", name, (unsigned int)ref_count ));
+	tdb_unlock_bystring(tdb, name);
+	DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name ));
 }
 
 /*********************************************************
-- 
cgit 


From 77916f652fba812287541ab0d6a5ed203852cd3d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 11 Mar 2003 18:10:36 +0000
Subject: Fix up zero termination. Spotted by Sebastian Krahmer
 <krahmer@suse.de>. Jeremy. (This used to be commit
 69becdb563b2620513931811a6695481bebcceed)

---
 source3/smbd/quotas.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
index 9d3bfe2d64..c2f001423e 100644
--- a/source3/smbd/quotas.c
+++ b/source3/smbd/quotas.c
@@ -413,10 +413,11 @@ static BOOL nfs_quotas(char *nfspath, uid_t euser_id, SMB_BIG_UINT *bsize, SMB_B
 
 	len=strcspn(mnttype, ":");
 	pathname=strstr(mnttype, ":");
-	cutstr = (char *) malloc(sizeof(char) * len );
+	cutstr = (char *) malloc(len+1);
 	if (!cutstr)
 		return False;
 
+	memset(cutstr, '\0', len+1);
 	host = strncat(cutstr,mnttype, sizeof(char) * len );
 	DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
 	DEBUG(5,("nfs_quotas: of path \"%s\"\n", mnttype));
-- 
cgit 


From 0a2d131a35e4e73409ebb6c146308cb3f9c17a93 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 11 Mar 2003 20:57:41 +0000
Subject: We use unsigned now, so use %u. Jeremy. (This used to be commit
 01727b0296ee407e49444b9d9c4e7993892cb537)

---
 source3/smbd/ipc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index da30ec7440..c8bb0c2505 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -508,7 +508,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 	}
 	
 	
-	DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",
+	DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n",
 		 name,tdscnt,tpscnt,suwcnt));
 	
 	/*
-- 
cgit 


From a16b155fc92e7802d17d1ed27b8dc832fa7e531f Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 02:57:48 +0000
Subject: Add example of string overflow which is now caught in developer mode.
 (This used to be commit dcf1705782f5d589120624c90b695b81a0332e6b)

---
 source3/torture/t_stringoverflow.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 source3/torture/t_stringoverflow.c

diff --git a/source3/torture/t_stringoverflow.c b/source3/torture/t_stringoverflow.c
new file mode 100644
index 0000000000..b0503adb8f
--- /dev/null
+++ b/source3/torture/t_stringoverflow.c
@@ -0,0 +1,16 @@
+#include "includes.h"
+
+ int main(void)
+{
+	fstring dest;
+
+	printf("running on valgrind? %d\n", RUNNING_ON_VALGRIND);
+
+	/* Try copying a string into an fstring buffer.  The string
+	 * will actually fit, but this is still wrong because you
+	 * can't pstrcpy into an fstring.  This should trap in a
+	 * developer build. */
+	pstrcpy(dest, "hello");
+
+	return 0;
+}
-- 
cgit 


From 9a63d8bc2af36386bd863dcda8d749cc9f29bb47 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 02:58:45 +0000
Subject: Update usage message. (This used to be commit
 17f01f6959fb79ba11a56d6869ec9789e3ee2f74)

---
 source3/torture/t_strcmp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/torture/t_strcmp.c b/source3/torture/t_strcmp.c
index 622769001b..b510d64cf0 100644
--- a/source3/torture/t_strcmp.c
+++ b/source3/torture/t_strcmp.c
@@ -9,7 +9,8 @@
 int main(int argc, char *argv[])
 {
 	if (argc != 3) {
-		fprintf(stderr, "usage: %s STRING1 STRING2\nCompares two strings\n",
+		fprintf(stderr, "usage: %s STRING1 STRING2\n"
+			"Compares two strings, prints the results of StrCaseCmp\n",
 			argv[0]);
 		return 2;
 	}
-- 
cgit 


From ffd5eae60eaae186d93f37537cc3cb4d5d446c83 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 03:04:37 +0000
Subject: Start importing the Python testing framework that Tim and I have been
 working on into the main Samba tree. (This used to be commit
 f3b77aae13df2559a81db6453d04e0fe8004cd52)

---
 source3/stf/README.stf | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 source3/stf/README.stf

diff --git a/source3/stf/README.stf b/source3/stf/README.stf
new file mode 100644
index 0000000000..3fbd33cb6c
--- /dev/null
+++ b/source3/stf/README.stf
@@ -0,0 +1,3 @@
+This directory contains the Samba Testing Framework, a Python-based
+system for exercising Samba in various ways.  It is quite small at the
+moment.
-- 
cgit 


From 57b68013e170e290292cf23bb2259dfb09259d2d Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 03:06:42 +0000
Subject: Import ComfyChair framework from trunk. (This used to be commit
 a7fb1fcc72ffe3cc2aa9c5abfcbd8197e7610167)

---
 source3/stf/comfychair.py | 266 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 266 insertions(+)
 create mode 100644 source3/stf/comfychair.py

diff --git a/source3/stf/comfychair.py b/source3/stf/comfychair.py
new file mode 100644
index 0000000000..00b2262b26
--- /dev/null
+++ b/source3/stf/comfychair.py
@@ -0,0 +1,266 @@
+#! /usr/bin/env python
+
+# Copyright (C) 2002, 2003 by Martin Pool <mbp@samba.org>
+# 
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+
+"""comfychair: a Python-based instrument of software torture.
+
+Copyright (C) 2002, 2003 by Martin Pool <mbp@samba.org>
+
+This is a test framework designed for testing programs written in
+Python, or (through a fork/exec interface) any other language.  It is
+similar in design to the very nice 'svntest' system used by
+Subversion, but has no Subversion-specific features.
+
+It is somewhat similar to PyUnit, except:
+
+ - it allows capture of detailed log messages from a test, to be
+   optionally displayed if the test fails.
+
+ - it allows execution of a specified subset of tests
+
+ - it avoids Java idioms that are not so useful in Python
+
+WRITING TESTS:
+
+  Each test case is a callable object, typically a function.  Its
+  documentation string describes the test, and the first line of the
+  docstring should be a brief name.
+
+  The test should return 0 for pass, or non-zero for failure.
+  Alternatively they may raise an exception.
+
+  Tests may import this "comfychair" module to get some useful
+  utilities, but that is not strictly required.
+  
+"""
+
+# TODO: Put everything into a temporary directory?
+
+# TODO: Have a means for tests to customize the display of their
+# failure messages.  In particular, if a shell command failed, then
+# give its stderr.
+
+import sys, re
+
+class TestCase:
+    """A base class for tests.  This class defines required functions which
+    can optionally be overridden by subclasses.  It also provides some
+    utility functions for"""
+
+    def __init__(self):
+        self.test_log = ""
+        self.background_pids = []
+    
+    def setUp(self):
+        """Set up test fixture."""
+        pass
+
+    def tearDown(self):
+        """Tear down test fixture."""
+        pass
+
+    def runTest(self):
+        """Run the test."""
+        pass
+
+    def fail(self, reason = ""):
+        """Say the test failed."""
+        raise AssertionError(reason)
+
+    def assert_(self, expr, reason = ""):
+        if not expr:
+            raise AssertionError(reason)
+
+    def assert_re_match(self, pattern, s):
+        """Assert that a string matches a particular pattern
+
+        Inputs:
+          pattern      string: regular expression
+          s            string: to be matched
+
+        Raises:
+          AssertionError if not matched
+          """
+        if not re.match(pattern, s):
+            raise AssertionError("string %s does not match regexp %s" % (`s`, `pattern`))
+
+    def assert_regexp(self, pattern, s):
+        """Assert that a string *contains* a particular pattern
+
+        Inputs:
+          pattern      string: regular expression
+          s            string: to be searched
+
+        Raises:
+          AssertionError if not matched
+          """
+        if not re.search(pattern, s):
+            raise AssertionError("string %s does not contain regexp %s" % (`s`, `pattern`))
+
+
+    def assert_no_file(self, filename):
+        import os.path
+        assert not os.path.exists(filename), ("file exists but should not: %s" % filename)
+
+
+    def runCmdNoWait(self, cmd):
+        import os
+        name = cmd[0]
+        self.test_log = self.test_log + "Run in background:\n" + `cmd` + "\n"
+        pid = os.spawnvp(os.P_NOWAIT, name, cmd)
+        self.test_log = self.test_log + "pid: %d\n" % pid
+        return pid
+
+
+    def runCmd(self, cmd, expectedResult = 0):
+        """Run a command, fail if the command returns an unexpected exit
+        code.  Return the output produced."""
+        rc, output = self.runCmdUnchecked(cmd)
+        if rc != expectedResult:
+            raise AssertionError("command returned %d; expected %s: \"%s\"" %
+                                 (rc, expectedResult, cmd))
+
+        return output
+
+    def runCmdUnchecked(self, cmd, skip_on_noexec = 0):
+        """Invoke a command; return (exitcode, stdout)"""
+        import os, popen2
+        pobj = popen2.Popen4(cmd)
+        output = pobj.fromchild.read()
+        waitstatus = pobj.wait()
+        assert not os.WIFSIGNALED(waitstatus), \
+               ("%s terminated with signal %d", cmd, os.WTERMSIG(waitstatus))
+        rc = os.WEXITSTATUS(waitstatus)
+        self.test_log = self.test_log + ("""Run command: %s
+Wait status: %#x
+Output:
+%s""" % (cmd, waitstatus, output))
+        if skip_on_noexec and rc == 127:
+            # Either we could not execute the command or the command
+            # returned exit code 127.  According to system(3) we can't
+            # tell the difference.
+            raise NotRunError, "could not execute %s" % cmd
+        return rc, output
+
+    def explainFailure(self, exc_info = None):
+        import traceback
+        # Move along, nothing to see here
+        if not exc_info and self.test_log == "":
+            return
+        print "-----------------------------------------------------------------"
+        if exc_info:
+            traceback.print_exc(file=sys.stdout)
+        print self.test_log
+        print "-----------------------------------------------------------------"
+
+    def require(self, predicate, message):
+        """Check a predicate for running this test.
+
+If the predicate value is not true, the test is skipped with a message explaining
+why."""
+        if not predicate:
+            raise NotRunError, message
+
+    def require_root(self):
+        """Skip this test unless run by root."""
+        import os
+        self.require(os.getuid() == 0,
+                     "must be root to run this test")
+
+    def log(self, msg):
+        """Log a message to the test log.  This message is displayed if
+        the test fails, or when the runtests function is invoked with
+        the verbose option."""
+        self.test_log = self.test_log + msg + "\n"
+
+class NotRunError(Exception):
+    def __init__(self, value = None):
+        self.value = value
+
+def test_name(test):
+    """Return a human-readable name for a test.
+
+    Inputs:
+      test         some kind of callable test object
+
+    Returns:
+      name         string: a short printable name
+      """
+    try:
+        return test.__name__
+    except:
+        return `test`
+
+def runtests(test_list, verbose = 0):
+    """Run a series of tests.
+
+    Eventually, this routine will also examine sys.argv[] to handle
+    extra options.
+
+    Inputs:
+      test_list    sequence of callable test objects
+
+    Returns:
+      unix return code: 0 for success, 1 for failures, 2 for test failure
+    """
+    import traceback
+    ret = 0
+    for test in test_list:
+        print "%-60s" % test_name(test),
+        # flush now so that long running tests are easier to follow
+        sys.stdout.flush()
+
+        try:
+            try: # run test and show result
+                obj = test()
+                if hasattr(obj, "setUp"):
+                    obj.setUp()
+                obj.runTest()
+                print "OK"
+            except KeyboardInterrupt:
+                print "INTERRUPT"
+                obj.explainFailure(sys.exc_info())
+                ret = 2
+                break
+            except NotRunError, msg:
+                print "NOTRUN, %s" % msg.value
+            except:
+                print "FAIL"
+                obj.explainFailure(sys.exc_info())
+                ret = 1
+        finally:
+            try:
+                if hasattr(obj, "tearDown"):
+                    obj.tearDown()
+            except KeyboardInterrupt:
+                print "interrupted during tearDown"
+                obj.explainFailure(sys.exc_info())
+                ret = 2
+                break
+            except:
+                print "error during tearDown"
+                obj.explainFailure(sys.exc_info())
+                ret = 1
+        # Display log file if we're verbose
+        if ret == 0 and verbose:
+            obj.explainFailure()
+            
+    return ret
+
+if __name__ == '__main__':
+    print __doc__
-- 
cgit 


From 053435a8febdd12b240db752ca83b0833f8c1909 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 03:07:46 +0000
Subject: Import design notes by martin and tpot from ComfyChair and stf
 modules. (This used to be commit f923729ca37c18fd58943015a530607c05e96659)

---
 source3/stf/notes.txt | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 175 insertions(+)
 create mode 100644 source3/stf/notes.txt

diff --git a/source3/stf/notes.txt b/source3/stf/notes.txt
new file mode 100644
index 0000000000..68aca63c23
--- /dev/null
+++ b/source3/stf/notes.txt
@@ -0,0 +1,175 @@
+		-*- indented-text -*-
+
+(set lotus no)
+
+
+
+Notes on using comfychair with Samba (samba testing framework units):
+
+The tests need to rely on some external resources, such as 
+
+If suitable resources are not available, need to skip particular
+tests.  Must include a message indicating what resources would be
+needed to run that test.  (e.g. must be root.)
+
+We want to be able to select and run particular subsets of tests, such
+as "all winbind tests".
+
+We want to keep the number of configurable parameters down as much as
+possible, to make it easy on people running the tests.
+
+Wherever possible, the tests should set up their preconditions, but a
+few basic resources need to be provided by the people running the
+tests.  So for example, rather than asking the user for the name of a
+non-root user, we should give the tests the administrator name and
+password, and it can create a new user to use.
+
+This makes it simpler to get the tests running, and possible also
+makes them more reproducible.
+
+In the future, rather than using NT machines provided by the test
+person, we might have a way to drive VMWare non-persistent sessions,
+to make tests even more tightly controlled.
+
+
+Another design question is how to communicate this information to the
+tests.  If there's a lot of settings, then it might need to be stored
+in a configuration file.  
+
+However, if we succeed in cutting down the number of parameters, then
+it might be straightforward to pass the information on the command
+line or in an environment variable.  
+
+Environment variables are probably better because they can't be seen
+by other users, and they are more easily passed down through an
+invocation of "make check".
+
+
+
+Notes on Samba Testing Framework for Unittests
+----------------------------------------------
+
+This is to be read after reading the notes.txt from comfychair.  I'm
+proposing a slightly more concrete description of what's described
+there.
+
+The model of having tests require named resources looks useful for
+incorporation into a framework that can be run by many people in
+widely different environments.
+
+Some possible environments for running the test framework in are:
+
+    - Casual downloader of Samba compiling from source and just wants
+      to run 'make check'.  May only have one Unix machine and a
+      handful of clients.
+
+    - Samba team member with access to a small number of other
+      machines or VMware sessions.
+
+    - PSA developer who may not have intimate knowledge of Samba
+      internals and is only interested in testing against the PSA.
+
+    - Non-team hacker wanting to run test suite after making small
+      hacks. 
+
+    - Build farm environment (loaner machine with no physical access
+      or root privilege).
+
+    - HP BAT.
+
+Developers in most of these environments are also potential test case
+authors.  It should be easy for people unfamiliar with the framework
+to write new tests and have them work.  We should provide examples and
+the existing tests should well written and understandable.
+
+Different types of tests:
+
+    - Tests that check Samba internals and link against
+      libbigballofmud.so.  For example:
+
+        - Upper/lowercase string functions
+        - user_in_list() for large lists
+
+    - Tests that use the Samba Python extensions.
+
+    - Tests that execute Samba command line programs, for example
+      smbpasswd. 
+
+    - Tests that require other resources on the network such as domain
+      controllers or PSAs.
+
+    - Tests that are performed on the documentation or the source code
+      such as:
+
+        - grep for common spelling mistakes made by abartlet (-:
+        - grep for company copyright (IBM, HP)
+                         
+    - Link to other existing testing frameworks (smbtorture,
+      abartlet's bash based build farm tests)
+
+I propose a TestResourceManager which would be instantiated by a test
+case.  The test case would require("resourcename") as part of its
+constructor and raise a comfychair.NotRun exception if the resource
+was not present.  A TestResource class could be defined which could
+read a configuration file or examine a environment variable and
+register a resource only if some condition was satisfied.
+
+It would be nice to be able to completely separate the PSA testing
+from the test framework.  This would entail being able to define test
+resources dynamically, possibly with a plugin type system.
+
+class TestResourceManager:
+    def __init__(self, name):
+        self.resources = {}
+
+    def register(self, resource):
+        name = resource.name()
+        if self.resources.has_key(name):
+            raise "Test manager already has resource %s" % name
+        self.resources[name] = resource
+
+    def require(self, resource_name):
+        if not self.resources.has_key(resource_name):
+            raise "Test manager does not have resources %s" % resource_name
+
+class TestResource:
+    def __init__(self, name):
+        self.name = name
+
+    def name(self):
+        return self.name
+
+import os
+
+trm = TestResourceManager()
+
+if os.getuid() == 0:
+    trm.register(TestResource("root"))
+
+A config-o-matic Python module can take a list of machines and
+administrator%password entries and classify them by operating system
+version and service pack.  These resources would be registered with
+the TestResourceManager.
+
+Some random thoughts about named resources for network servers:
+
+require("nt4.sp3")
+require("nt4.domaincontroller")
+require("psa")
+
+Some kind of format for location of passwords, libraries:
+
+require("exec(smbpasswd)")
+require("lib(bigballofmud)")
+
+maybe require("exec.smbpasswd") looks nicer...
+
+The require() function could return a dictionary of configuration
+information or some handle to fetch dynamic information on.  We may
+need to create and destroy extra users or print queues.  How to manage
+cleanup of dynamic resources?
+
+Requirements for running stf:
+
+    - Python, obviously
+    - Samba python extensions
-- 
cgit 


From eb4ea93ac3a1bc1bb395ee0d74d72b08b3fe8190 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 03:08:28 +0000
Subject: Import Samba Testing Framework code from private CVS module. (This
 used to be commit 0effe832a48f0c51d50675558cc2744e815d68c7)

---
 source3/stf/osver.py   |  55 ++++++++++
 source3/stf/spoolss.py | 288 +++++++++++++++++++++++++++++++++++++++++++++++++
 source3/stf/stf.py     | 101 +++++++++++++++++
 source3/stf/test.py    |  28 +++++
 4 files changed, 472 insertions(+)
 create mode 100755 source3/stf/osver.py
 create mode 100755 source3/stf/spoolss.py
 create mode 100755 source3/stf/stf.py
 create mode 100755 source3/stf/test.py

diff --git a/source3/stf/osver.py b/source3/stf/osver.py
new file mode 100755
index 0000000000..68601fa7bb
--- /dev/null
+++ b/source3/stf/osver.py
@@ -0,0 +1,55 @@
+#!/usr/bin/python
+#
+# Utilities for determining the Windows operating system version remotely.
+#
+
+from samba import srvsvc
+
+# Constants
+
+PLATFORM_UNKNOWN = 0
+PLATFORM_WIN9X = 1
+PLATFORM_NT4 = 2
+PLATFORM_NT5 = 3                        # Windows 2000
+
+def platform_name(platform_type):
+
+    platform_names = { PLATFORM_UNKNOWN: "Unknown",
+                       PLATFORM_WIN9X: "Windows 9x",
+                       PLATFORM_NT4: "Windows NT",
+                       PLATFORM_NT5: "Windows 2000" }
+
+    if platform_names.has_key(platform_type):
+        return platform_names[platform_type]
+
+    return "Unknown"
+
+def platform_type(info101):
+    """Determine the operating system type from a SRV_INFO_101."""
+
+    if info101['major_version'] == 4 and info101['minor_version'] == 0:
+        return PLATFORM_NT4
+
+    if info101['major_version'] == 5 and info101['minor_version'] == 0:
+        return PLATFORM_NT5
+
+    return PLATFORM_UNKNOWN
+
+def is_domain_controller(info101):
+    """Return true if the server_type field from a  SRV_INFO_101
+    indicates a domain controller."""
+    return info101['server_type'] & srvsvc.SV_TYPE_DOMAIN_CTRL
+
+def os_version(name):
+    info = srvsvc.netservergetinfo("\\\\%s" % name, 101)
+    return platform_type(info)
+
+if __name__ == "__main__":
+    import sys
+    if len(sys.argv) != 2:
+        print "Usage: osver.py server"
+        sys.exit(0)
+    info = srvsvc.netservergetinfo("\\\\%s" % sys.argv[1], 101)
+    print "platform type = %d" % platform_type(info)
+    if is_domain_controller(info):
+        print "%s is a domain controller" % sys.argv[1]
diff --git a/source3/stf/spoolss.py b/source3/stf/spoolss.py
new file mode 100755
index 0000000000..735291508b
--- /dev/null
+++ b/source3/stf/spoolss.py
@@ -0,0 +1,288 @@
+#!/usr/bin/python
+
+import re
+import comfychair, stf
+from samba import spoolss
+
+class PrintServerTest(comfychair.TestCase):
+    """An abstract class requiring a print server."""
+    def setUp(self):
+        # TODO: create a test printer
+        self.server = stf.get_server(platform = "nt")
+        self.require(self.server != None, "print server required")
+        # TODO: remove hardcoded printer name
+        self.printername = "p"
+        self.uncname = "\\\\%s\\%s" % \
+                           (self.server["hostname"], self.printername)
+
+class W2kPrintServerTest(comfychair.TestCase):
+    """An abstract class requiring a print server."""
+    def setUp(self):
+        # TODO: create a test printer
+        self.server = stf.get_server(platform = "nt5")
+        self.require(self.server != None, "print server required")
+        # TODO: remove hardcoded printer name
+        self.printername = "p"
+        self.uncname = "\\\\%s\\%s" % \
+                           (self.server["hostname"], self.printername)
+
+class CredentialTest(PrintServerTest):
+    """An class that calls a function with various sets of credentials."""
+    def runTest(self):
+
+        bad_user_creds = {"username": "spotty",
+                          "domain": "dog",
+                          "password": "bone"}
+                        
+        cases = ((self.server["administrator"], "Admin credentials", 1),
+                 (bad_user_creds,               "Bad credentials",   0))
+
+        # TODO: add unpriv user case
+
+        for creds, testname, result in cases:
+            try:
+                self.runTestArg(creds)
+            except:
+                if result:
+                    import traceback
+                    traceback.print_exc()
+                    self.fail("rpc with creds %s failed when it "
+                              "should have suceeded" % creds)
+                return
+
+            if not result:
+                self.fail("rpc with creds %s suceeded when it should "
+                          "have failed" % creds)
+        
+class ArgTestServer(PrintServerTest):
+    """Test a RPC that takes a UNC print server name."""
+    def runTest(self):
+
+        # List of test cases, %s substituted for server name
+
+        cases = (("",             "No server name",          0),
+                 ("\\\\%s",       "Valid server name",       1),
+                 ("\\%s",         "Invalid unc server name", 0),
+                 ("\\\\%s__",     "Invalid unc server name", 0))
+
+        for unc, testname, result in cases:
+            unc = re.sub("%s", self.server["hostname"], unc)
+            try:
+                self.runTestArg(unc)
+            except:
+                if result:
+                    self.fail("rpc(\"%s\") failed when it should have "
+                              "suceeded" % unc)
+                return
+
+            if not result:
+                # Suceeded when we should have failed
+                self.fail("rpc(\"%s\") suceeded when it should have "
+                          "failed" % unc)
+
+class ArgTestServerAndPrinter(ArgTestServer):
+    """Test a RPC that takes a UNC print server or UNC printer name."""
+    def runTest(self):
+
+        ArgTestServer.runTest(self)
+        
+        # List of test cases, %s substituted for server name, %p substituted
+        # for printer name.
+
+        cases = (("\\\\%s\\%p",   "Valid server and printer name",      1),
+                 ("\\\\%s\\%p__", "Valid server, invalid printer name", 0),
+                 ("\\\\%s__\\%p", "Invalid server, valid printer name", 0))
+
+        for unc, testname, result in cases:
+            unc = re.sub("%s", self.server["hostname"], unc)
+            unc = re.sub("%p", self.printername, unc)
+            try:
+                self.runTestArg(unc)
+            except:
+                if result:
+                    self.fail("openprinter(\"%s\") failed when it should have "
+                              "suceeded" % unc)
+                return
+
+            if not result:
+                # Suceeded when we should have failed
+                self.fail("openprinter(\"%s\") suceeded when it should have "
+                          "failed" % unc)
+
+class OpenPrinterArg(ArgTestServerAndPrinter):
+    """Test the OpenPrinter RPC with combinations of valid and invalid
+    server and printer names."""
+    def runTestArg(self, unc):
+        spoolss.openprinter(unc)
+
+class OpenPrinterCred(CredentialTest):
+    """Test opening printer with good and bad credentials."""
+    def runTestArg(self, creds):
+        spoolss.openprinter(self.uncname, creds = creds)
+
+class ClosePrinter(PrintServerTest):
+    """Test the ClosePrinter RPC on a printer handle."""
+    def runTest(self):
+        hnd = spoolss.openprinter(self.uncname)
+        spoolss.closeprinter(hnd)
+        
+class ClosePrinterServer(PrintServerTest):
+    """Test the ClosePrinter RPC on a print server handle."""
+    def runTest(self):
+        hnd = spoolss.openprinter("\\\\%s" % self.server["hostname"])
+        spoolss.closeprinter(hnd)
+        
+class GetPrinterInfo(PrintServerTest):
+    """Retrieve printer info at various levels."""
+
+    # Sample printer data
+
+    sample_info = {
+        0: {'printer_errors': 0, 'unknown18': 0, 'unknown13': 0, 'unknown26': 0, 'cjobs': 0, 'unknown11': 0, 'server_name': '\\\\win2kdc1', 'total_pages': 0, 'unknown15': 586, 'unknown16': 0, 'month': 2, 'unknown20': 0, 'second': 23, 'unknown22': 983040, 'unknown25': 0, 'total_bytes': 0, 'unknown27': 0, 'year': 2003, 'build_version': 2195, 'unknown28': 0, 'global_counter': 4, 'day': 13, 'minute': 53, 'total_jobs': 0, 'unknown29': 1114112, 'name': '\\\\win2kdc1\\p', 'hour': 2, 'level': 0, 'c_setprinter': 0, 'change_id': 522454169, 'major_version': 5, 'unknown23': 15, 'day_of_week': 4, 'unknown14': 1, 'session_counter': 2, 'status': 1, 'unknown7': 1, 'unknown8': 0, 'unknown9': 0, 'milliseconds': 421, 'unknown24': 0},
+        1: {'comment': "I'm a teapot!", 'level': 1, 'flags': 8388608, 'name': '\\\\win2kdc1\\p', 'description': '\\\\win2kdc1\\p,HP LaserJet 4,Canberra office'},
+        2: {'comment': "I'm a teapot!", 'status': 1, 'print_processor': 'WinPrint', 'until_time': 0, 'share_name': 'p', 'start_time': 0, 'device_mode': {'icm_method': 1, 'bits_per_pel': 0, 'log_pixels': 0, 'orientation': 1, 'panning_width': 0, 'color': 2, 'pels_width': 0, 'print_quality': 600, 'driver_version': 24, 'display_flags': 0, 'y_resolution': 600, 'media_type': 0, 'display_frequency': 0, 'icm_intent': 0, 'pels_height': 0, 'reserved1': 0, 'size': 220, 'scale': 100, 'dither_type': 0, 'panning_height': 0, 'default_source': 7, 'duplex': 1, 'fields': 16131, 'spec_version': 1025, 'copies': 1, 'device_name': '\\\\win2kdc1\\p', 'paper_size': 1, 'paper_length': 0, 'private': 'private', 'collate': 0, 'paper_width': 0, 'form_name': 'Letter', 'reserved2': 0, 'tt_option': 0}, 'port_name': 'LPT1:', 'sepfile': '', 'parameters': '', 'security_descriptor': {'group_sid': 'S-1-5-21-1606980848-1677128483-854245398-513', 'sacl': None, 'dacl': {'ace_list': [{'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-32-544'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-5-32-544'}, {'flags': 0, 'type': 0, 'mask': 131080, 'trustee': 'S-1-5-21-1606980848-1677128483-854245398-1121'}, {'flags': 10, 'type': 0, 'mask': 131072, 'trustee': 'S-1-3-0'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-3-0'}, {'flags': 0, 'type': 0, 'mask': 131080, 'trustee': 'S-1-5-21-1606980848-1677128483-854245398-1124'}, {'flags': 0, 'type': 0, 'mask': 131080, 'trustee': 'S-1-1-0'}, {'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-32-550'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-5-32-550'}, {'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-32-549'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-5-32-549'}, {'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-21-1606980848-1677128483-854245398-1106'}], 'revision': 2}, 'owner_sid': 'S-1-5-32-544', 'revision': 1}, 'name': '\\\\win2kdc1\\p', 'server_name': '\\\\win2kdc1', 'level': 2, 'datatype': 'RAW', 'cjobs': 0, 'average_ppm': 0, 'priority': 1, 'driver_name': 'HP LaserJet 4', 'location': 'Canberra office', 'attributes': 8776, 'default_priority': 0},
+        3: {'flags': 4, 'security_descriptor': {'group_sid': 'S-1-5-21-1606980848-1677128483-854245398-513', 'sacl': None, 'dacl': {'ace_list': [{'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-32-544'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-5-32-544'}, {'flags': 0, 'type': 0, 'mask': 131080, 'trustee': 'S-1-5-21-1606980848-1677128483-854245398-1121'}, {'flags': 10, 'type': 0, 'mask': 131072, 'trustee': 'S-1-3-0'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-3-0'}, {'flags': 0, 'type': 0, 'mask': 131080, 'trustee': 'S-1-5-21-1606980848-1677128483-854245398-1124'}, {'flags': 0, 'type': 0, 'mask': 131080, 'trustee': 'S-1-1-0'}, {'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-32-550'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-5-32-550'}, {'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-32-549'}, {'flags': 9, 'type': 0, 'mask': 983056, 'trustee': 'S-1-5-32-549'}, {'flags': 0, 'type': 0, 'mask': 983052, 'trustee': 'S-1-5-21-1606980848-1677128483-854245398-1106'}], 'revision': 2}, 'owner_sid': 'S-1-5-32-544', 'revision': 1}, 'level': 3}
+        }
+
+    def runTest(self):
+        self.hnd = spoolss.openprinter(self.uncname)
+
+        # Everyone should have getprinter levels 0-3
+
+        for i in (0, 1, 2, 3):
+            info = self.hnd.getprinter(level = i)
+            try:
+                stf.dict_check(self.sample_info[i], info)
+            except ValueError, msg:
+                raise "info%d: %s" % (i, msg)
+
+class EnumPrinters(PrintServerTest):
+    """Enumerate print info at various levels."""
+
+    sample_info = {
+
+        0: {'q': {'printer_errors': 0, 'unknown18': 0, 'unknown13': 0, 'unknown26': 0, 'cjobs': 0, 'unknown11': 0, 'server_name': '', 'total_pages': 0, 'unknown15': 586, 'unknown16': 0, 'month': 2, 'unknown20': 0, 'second': 23, 'unknown22': 983040, 'unknown25': 0, 'total_bytes': 0, 'unknown27': 0, 'year': 2003, 'build_version': 2195, 'unknown28': 0, 'global_counter': 4, 'day': 13, 'minute': 53, 'total_jobs': 0, 'unknown29': -1833435136, 'name': 'q', 'hour': 2, 'level': 0, 'c_setprinter': 0, 'change_id': 522454169, 'major_version': 5, 'unknown23': 15, 'day_of_week': 4, 'unknown14': 1, 'session_counter': 1, 'status': 0, 'unknown7': 1, 'unknown8': 0, 'unknown9': 0, 'milliseconds': 421, 'unknown24': 0}, 'p': {'printer_errors': 0, 'unknown18': 0, 'unknown13': 0, 'unknown26': 0, 'cjobs': 0, 'unknown11': 0, 'server_name': '', 'total_pages': 0, 'unknown15': 586, 'unknown16': 0, 'month': 2, 'unknown20': 0, 'second': 23, 'unknown22': 983040, 'unknown25': 0, 'total_bytes': 0, 'unknown27': 0, 'year': 2003, 'build_version': 2195, 'unknown28': 0, 'global_counter': 4, 'day': 13, 'minute': 53, 'total_jobs': 0, 'unknown29': -1831337984, 'name': 'p', 'hour': 2, 'level': 0, 'c_setprinter': 0, 'change_id': 522454169, 'major_version': 5, 'unknown23': 15, 'day_of_week': 4, 'unknown14': 1, 'session_counter': 1, 'status': 1, 'unknown7': 1, 'unknown8': 0, 'unknown9': 0, 'milliseconds': 421, 'unknown24': 0}, 'magpie': {'printer_errors': 0, 'unknown18': 0, 'unknown13': 0, 'unknown26': 0, 'cjobs': 0, 'unknown11': 0, 'server_name': '', 'total_pages': 0, 'unknown15': 586, 'unknown16': 0, 'month': 2, 'unknown20': 0, 'second': 23, 'unknown22': 983040, 'unknown25': 0, 'total_bytes': 0, 'unknown27': 0, 'year': 2003, 'build_version': 2195, 'unknown28': 0, 'global_counter': 4, 'day': 13, 'minute': 53, 'total_jobs': 0, 'unknown29': 1114112, 'name': 'magpie', 'hour': 2, 'level': 0, 'c_setprinter': 0, 'change_id': 522454169, 'major_version': 5, 'unknown23': 15, 'day_of_week': 4, 'unknown14': 1, 'session_counter': 1, 'status': 0, 'unknown7': 1, 'unknown8': 0, 'unknown9': 0, 'milliseconds': 421, 'unknown24': 0}},
+
+        1: {'q': {'comment': 'cheepy birds', 'level': 1, 'flags': 8388608, 'name': 'q', 'description': 'q,HP LaserJet 4,'}, 'p': {'comment': "I'm a teapot!", 'level': 1, 'flags': 8388608, 'name': 'p', 'description': 'p,HP LaserJet 4,Canberra office'}, 'magpie': {'comment': '', 'level': 1, 'flags': 8388608, 'name': 'magpie', 'description': 'magpie,Generic / Text Only,'}}
+        }
+
+    def runTest(self):
+        for i in (0, 1):
+            info = spoolss.enumprinters(
+                "\\\\%s" % self.server["hostname"], level = i)
+            try:
+                stf.dict_check(self.sample_info[i], info)
+            except ValueError, msg:
+                raise "info%d: %s" % (i, msg)
+
+class EnumPrintersArg(ArgTestServer):
+    def runTestArg(self, unc):
+        spoolss.enumprinters(unc)
+
+class EnumPrintersCred(CredentialTest):
+    """Test opening printer with good and bad credentials."""
+    def runTestArg(self, creds):
+        spoolss.enumprinters(
+            "\\\\%s" % self.server["hostname"], creds = creds)
+
+class EnumPrinterdrivers(PrintServerTest):
+
+    sample_info = {
+        1: {'Okipage 10ex (PCL5E) : STANDARD': {'name': 'Okipage 10ex (PCL5E) : STANDARD', 'level': 1}, 'Generic / Text Only': {'name': 'Generic / Text Only', 'level': 1}, 'Brother HL-1030 series': {'name': 'Brother HL-1030 series', 'level': 1}, 'Brother HL-1240 series': {'name': 'Brother HL-1240 series', 'level': 1}, 'HP DeskJet 1220C Printer': {'name': 'HP DeskJet 1220C Printer', 'level': 1}, 'HP LaserJet 4100 PCL 6': {'name': 'HP LaserJet 4100 PCL 6', 'level': 1}, 'HP LaserJet 4': {'name': 'HP LaserJet 4', 'level': 1}},
+        2: {'Okipage 10ex (PCL5E) : STANDARD': {'version': 2, 'config_file': '\\\\WIN2KDC1\\print$\\W32X86\\2\\RASDDUI.DLL', 'name': 'Okipage 10ex (PCL5E) : STANDARD', 'driver_path': '\\\\WIN2KDC1\\print$\\W32X86\\2\\RASDD.DLL', 'data_file': '\\\\WIN2KDC1\\print$\\W32X86\\2\\OKIPAGE.DLL', 'level': 2, 'architecture': 'Windows NT x86'}, 'Generic / Text Only': {'version': 3, 'config_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\UNIDRVUI.DLL', 'name': 'Generic / Text Only', 'driver_path': '\\\\WIN2KDC1\\print$\\W32X86\\3\\UNIDRV.DLL', 'data_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\TTY.GPD', 'level': 2, 'architecture': 'Windows NT x86'}, 'Brother HL-1030 series': {'version': 3, 'config_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\BRUHL99A.DLL', 'name': 'Brother HL-1030 series', 'driver_path': '\\\\WIN2KDC1\\print$\\W32X86\\3\\BROHL99A.DLL', 'data_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\BROHL103.PPD', 'level': 2, 'architecture': 'Windows NT x86'}, 'Brother HL-1240 series': {'version': 3, 'config_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\BRUHL99A.DLL', 'name': 'Brother HL-1240 series', 'driver_path': '\\\\WIN2KDC1\\print$\\W32X86\\3\\BROHL99A.DLL', 'data_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\BROHL124.PPD', 'level': 2, 'architecture': 'Windows NT x86'}, 'HP DeskJet 1220C Printer': {'version': 3, 'config_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\HPW8KMD.DLL', 'name': 'HP DeskJet 1220C Printer', 'driver_path': '\\\\WIN2KDC1\\print$\\W32X86\\3\\HPW8KMD.DLL', 'data_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\HPW8KMD.DLL', 'level': 2, 'architecture': 'Windows NT x86'}, 'HP LaserJet 4100 PCL 6': {'version': 3, 'config_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\HPBF042E.DLL', 'name': 'HP LaserJet 4100 PCL 6', 'driver_path': '\\\\WIN2KDC1\\print$\\W32X86\\3\\HPBF042G.DLL', 'data_file': '\\\\WIN2KDC1\\print$\\W32X86\\3\\HPBF042I.PMD', 'level': 2, 'architecture': 'Windows NT x86'}, 'HP LaserJet 4': {'version': 2, 'config_file': '\\\\WIN2KDC1\\print$\\W32X86\\2\\hpblff0.dll', 'name': 'HP LaserJet 4', 'driver_path': '\\\\WIN2KDC1\\print$\\W32X86\\2\\hpblff2.dll', 'data_file': '\\\\WIN2KDC1\\print$\\W32X86\\2\\hpblff39.pmd', 'level': 2, 'architecture': 'Windows NT x86'}}
+        }
+
+    def runTest(self):
+        for i in (1, 2):
+            info = spoolss.enumprinterdrivers(
+                "\\\\%s" % self.server["hostname"], level = i)
+            try:
+                if not self.sample_info.has_key(i):
+                    self.log("%s" % info)
+                    self.fail()
+                stf.dict_check(self.sample_info[i], info)
+            except ValueError, msg:
+                raise "info%d: %s" % (i, msg)
+
+class EnumPrinterdriversArg(ArgTestServer):
+    def runTestArg(self, unc):
+        spoolss.enumprinterdrivers(unc)
+
+class EnumPrinterdriversCred(CredentialTest):
+    """Test opening printer with good and bad credentials."""
+    def runTestArg(self, creds):
+        spoolss.enumprinterdrivers(
+            "\\\\%s" % self.server["hostname"], creds = creds)
+
+def usage():
+    print "Usage: spoolss.py [options] [test1[,test2...]]"
+    print "\t -v/--verbose     Display debugging information"
+    print "\t -l/--list-tests  List available tests"
+    print
+    print "A list of comma separated test names or regular expressions"
+    print "can be used to filter the tests performed."
+            
+def test_match(subtest_list, test_name):
+    """Return true if a test matches a comma separated list of regular
+    expression of test names."""
+    # re.match does an implicit ^ at the start of the pattern.
+    # Explicitly anchor to end to avoid matching substrings.
+    for s in string.split(subtest_list, ","):
+        if re.match(s + "$", test_name):
+            return 1
+    return 0
+           
+if __name__ == "__main__":
+    import os, sys, string
+    import getopt
+    
+    try:
+        opts, args = getopt.getopt(sys.argv[1:], "vl", \
+                                   ["verbose", "list-tests"])
+    except getopt.GetoptError:
+        usage()
+        sys.exit(0)
+
+    verbose = 0
+    list_tests = 0
+
+    for opt, arg in opts:
+        if opt in ("-v", "--verbose"):
+            verbose = 1
+        if opt in ("-l", "--list-tests"):
+            list_tests = 1
+
+    if len(args) > 1:
+        usage()
+        sys.exit(0)
+
+    test_list = [
+        OpenPrinterArg,
+        OpenPrinterCred,
+        ClosePrinter,
+        ClosePrinterServer,
+        GetPrinterInfo,
+        EnumPrinters,
+        EnumPrintersCred,
+        EnumPrintersArg,
+        EnumPrinterdrivers,
+        EnumPrinterdriversCred,
+        EnumPrinterdriversArg,
+        ]
+
+    if len(args):
+        t = []
+        for test in test_list:
+            if test_match(args[0], test.__name__):
+                t.append(test)
+        test_list = t
+
+    if os.environ.has_key("SAMBA_DEBUG"):
+        spoolss.setup_logging(interactive = 1)
+        spoolss.set_debuglevel(10)
+
+    if list_tests:
+        for test in test_list:
+            print test.__name__
+    else:
+        comfychair.runtests(test_list, verbose = verbose)
diff --git a/source3/stf/stf.py b/source3/stf/stf.py
new file mode 100755
index 0000000000..ee0ff73561
--- /dev/null
+++ b/source3/stf/stf.py
@@ -0,0 +1,101 @@
+#!/usr/bin/python
+#
+# Samba Testing Framework for Unit-testing
+#
+
+import os, string, re
+import osver
+
+def get_server_list_from_string(s):
+
+    server_list = []
+    
+    # Format is a list of server:domain\username%password separated
+    # by commas.
+
+    for entry in string.split(s, ","):
+
+        # Parse entry 
+
+        m = re.match("(.*):(.*)(\\\\|/)(.*)%(.*)", entry)
+        if not m:
+            raise "badly formed server list entry '%s'" % entry
+
+        server = m.group(1)
+        domain = m.group(2)
+        username = m.group(4)
+        password = m.group(5)
+
+        # Categorise servers
+
+        server_list.append({"platform": osver.os_version(server),
+                            "hostname": server,
+                            "administrator": {"username": username,
+                                              "domain": domain,
+                                              "password" : password}})
+
+    return server_list
+
+def get_server_list():
+    """Iterate through all sources of server info and append them all
+    in one big list."""
+    
+    server_list = []
+
+    # The $STF_SERVERS environment variable
+
+    if os.environ.has_key("STF_SERVERS"):
+        server_list = server_list + \
+                      get_server_list_from_string(os.environ["STF_SERVERS"])
+
+    return server_list
+
+def get_server(platform = None):
+    """Return configuration information for a server.  The platform
+    argument can be a string either 'nt4' or 'nt5' for Windows NT or
+    Windows 2000 servers, or just 'nt' for Windows NT and higher."""
+    
+    server_list = get_server_list()
+
+    for server in server_list:
+        if platform:
+            p = server["platform"]
+            if platform == "nt":
+                if (p == osver.PLATFORM_NT4 or p == osver.PLATFORM_NT5):
+                    return server
+            if platform == "nt4" and p == osver.PLATFORM_NT4:
+                return server
+            if platform == "nt5" and p == osver.PLATFORM_NT5:
+                return server
+        else:
+            # No filter defined, return first in list
+            return server
+        
+    return None
+
+def dict_check(sample_dict, real_dict):
+    """Check that real_dict contains all the keys present in sample_dict
+    and no extras.  Also check that common keys are of them same type."""
+    tmp = real_dict.copy()
+    for key in sample_dict.keys():
+        # Check existing key and type
+        if not real_dict.has_key(key):
+            raise ValueError, "dict does not contain key '%s'" % key
+        if type(sample_dict[key]) != type(real_dict[key]):
+            raise ValueError, "dict has differing types (%s vs %s) for key " \
+                  "'%s'" % (type(sample_dict[key]), type(real_dict[key]), key)
+        # Check dictionaries recursively
+        if type(sample_dict[key]) == dict:
+            dict_check(sample_dict[key], real_dict[key])
+        # Delete visited keys from copy
+        del(tmp[key])
+    # Any keys leftover are present in the real dict but not the sample
+    if len(tmp) == 0:
+        return
+    result = "dict has extra keys: "
+    for key in tmp.keys():
+        result = result + key + " "
+    raise ValueError, result
+
+if __name__ == "__main__":
+    print get_server(platform = "nt")
diff --git a/source3/stf/test.py b/source3/stf/test.py
new file mode 100755
index 0000000000..2e9abd976f
--- /dev/null
+++ b/source3/stf/test.py
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+
+# meta-test-case / example for comfychair.  Should demonstrate
+# different kinds of failure.
+
+import comfychair, stf
+
+class NormalTest(comfychair.TestCase):
+    def runTest(self):
+        pass
+
+class RootTest(comfychair.TestCase):
+    def setUp(self):
+        self.require_root()
+            
+    def runTest(self):
+        pass
+
+class GoodExecTest(comfychair.TestCase):
+    def runTest(self):
+        exit, stdout = self.runCmdUnchecked("ls -l")
+
+class BadExecTest(comfychair.TestCase):
+    def setUp(self):
+        exit, stdout = self.runCmdUnchecked("spottyfoot --slobber",
+                                            skip_on_noexec = 1)
+
+comfychair.runtests([NormalTest, RootTest, GoodExecTest, BadExecTest])
-- 
cgit 


From 62ead1b8bede20e73e18fdca5bcaf0aee9d1f56b Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 07:14:03 +0000
Subject: New import of ComfyChair, many changes (This used to be commit
 e84046e769a518fa1970827f4dcb8284ba9b9952)

---
 source3/stf/comfychair.py | 214 ++++++++++++++++++++++++++++++----------------
 1 file changed, 139 insertions(+), 75 deletions(-)

diff --git a/source3/stf/comfychair.py b/source3/stf/comfychair.py
index 00b2262b26..b552baccd2 100644
--- a/source3/stf/comfychair.py
+++ b/source3/stf/comfychair.py
@@ -22,31 +22,11 @@
 Copyright (C) 2002, 2003 by Martin Pool <mbp@samba.org>
 
 This is a test framework designed for testing programs written in
-Python, or (through a fork/exec interface) any other language.  It is
-similar in design to the very nice 'svntest' system used by
-Subversion, but has no Subversion-specific features.
+Python, or (through a fork/exec interface) any other language.
 
-It is somewhat similar to PyUnit, except:
+For more information, see the file README.comfychair.
 
- - it allows capture of detailed log messages from a test, to be
-   optionally displayed if the test fails.
-
- - it allows execution of a specified subset of tests
-
- - it avoids Java idioms that are not so useful in Python
-
-WRITING TESTS:
-
-  Each test case is a callable object, typically a function.  Its
-  documentation string describes the test, and the first line of the
-  docstring should be a brief name.
-
-  The test should return 0 for pass, or non-zero for failure.
-  Alternatively they may raise an exception.
-
-  Tests may import this "comfychair" module to get some useful
-  utilities, but that is not strictly required.
-  
+To run a test suite based on ComfyChair, just run it as a program.
 """
 
 # TODO: Put everything into a temporary directory?
@@ -66,15 +46,15 @@ class TestCase:
         self.test_log = ""
         self.background_pids = []
     
-    def setUp(self):
+    def setup(self):
         """Set up test fixture."""
         pass
 
-    def tearDown(self):
+    def teardown(self):
         """Tear down test fixture."""
         pass
 
-    def runTest(self):
+    def runtest(self):
         """Run the test."""
         pass
 
@@ -82,10 +62,39 @@ class TestCase:
         """Say the test failed."""
         raise AssertionError(reason)
 
+
+    #############################################################
+    # Requisition methods
+
+    def require(self, predicate, message):
+        """Check a predicate for running this test.
+
+If the predicate value is not true, the test is skipped with a message explaining
+why."""
+        if not predicate:
+            raise NotRunError, message
+
+    def require_root(self):
+        """Skip this test unless run by root."""
+        import os
+        self.require(os.getuid() == 0,
+                     "must be root to run this test")
+
+    #############################################################
+    # Assertion methods
+
     def assert_(self, expr, reason = ""):
         if not expr:
             raise AssertionError(reason)
 
+    def assert_equal(self, a, b):
+        if not a == b:
+            raise AssertionError("assertEquals failed: %s" % `(a, b)`)
+            
+    def assert_notequal(self, a, b):
+        if a == b:
+            raise AssertionError("assertNotEqual failed: %s" % `(a, b)`)
+
     def assert_re_match(self, pattern, s):
         """Assert that a string matches a particular pattern
 
@@ -97,9 +106,11 @@ class TestCase:
           AssertionError if not matched
           """
         if not re.match(pattern, s):
-            raise AssertionError("string %s does not match regexp %s" % (`s`, `pattern`))
+            raise AssertionError("string does not match regexp\n"
+                                 "    string: %s\n"
+                                 "    re: %s" % (`s`, `pattern`))
 
-    def assert_regexp(self, pattern, s):
+    def assert_re_search(self, pattern, s):
         """Assert that a string *contains* a particular pattern
 
         Inputs:
@@ -110,7 +121,9 @@ class TestCase:
           AssertionError if not matched
           """
         if not re.search(pattern, s):
-            raise AssertionError("string %s does not contain regexp %s" % (`s`, `pattern`))
+            raise AssertionError("string does not contain regexp\n"
+                                 "    string: %s\n"
+                                 "    re: %s" % (`s`, `pattern`))
 
 
     def assert_no_file(self, filename):
@@ -118,7 +131,10 @@ class TestCase:
         assert not os.path.exists(filename), ("file exists but should not: %s" % filename)
 
 
-    def runCmdNoWait(self, cmd):
+    #############################################################
+    # Methods for running programs
+
+    def runcmd_background(self, cmd):
         import os
         name = cmd[0]
         self.test_log = self.test_log + "Run in background:\n" + `cmd` + "\n"
@@ -127,17 +143,17 @@ class TestCase:
         return pid
 
 
-    def runCmd(self, cmd, expectedResult = 0):
+    def runcmd(self, cmd, expectedResult = 0):
         """Run a command, fail if the command returns an unexpected exit
         code.  Return the output produced."""
-        rc, output = self.runCmdUnchecked(cmd)
+        rc, output = self.runcmd_unchecked(cmd)
         if rc != expectedResult:
             raise AssertionError("command returned %d; expected %s: \"%s\"" %
                                  (rc, expectedResult, cmd))
 
         return output
 
-    def runCmdUnchecked(self, cmd, skip_on_noexec = 0):
+    def runcmd_unchecked(self, cmd, skip_on_noexec = 0):
         """Invoke a command; return (exitcode, stdout)"""
         import os, popen2
         pobj = popen2.Popen4(cmd)
@@ -157,7 +173,7 @@ Output:
             raise NotRunError, "could not execute %s" % cmd
         return rc, output
 
-    def explainFailure(self, exc_info = None):
+    def explain_failure(self, exc_info = None):
         import traceback
         # Move along, nothing to see here
         if not exc_info and self.test_log == "":
@@ -168,19 +184,6 @@ Output:
         print self.test_log
         print "-----------------------------------------------------------------"
 
-    def require(self, predicate, message):
-        """Check a predicate for running this test.
-
-If the predicate value is not true, the test is skipped with a message explaining
-why."""
-        if not predicate:
-            raise NotRunError, message
-
-    def require_root(self):
-        """Skip this test unless run by root."""
-        import os
-        self.require(os.getuid() == 0,
-                     "must be root to run this test")
 
     def log(self, msg):
         """Log a message to the test log.  This message is displayed if
@@ -188,23 +191,12 @@ why."""
         the verbose option."""
         self.test_log = self.test_log + msg + "\n"
 
+
 class NotRunError(Exception):
+    """Raised if a test must be skipped because of missing resources"""
     def __init__(self, value = None):
         self.value = value
 
-def test_name(test):
-    """Return a human-readable name for a test.
-
-    Inputs:
-      test         some kind of callable test object
-
-    Returns:
-      name         string: a short printable name
-      """
-    try:
-        return test.__name__
-    except:
-        return `test`
 
 def runtests(test_list, verbose = 0):
     """Run a series of tests.
@@ -220,47 +212,119 @@ def runtests(test_list, verbose = 0):
     """
     import traceback
     ret = 0
-    for test in test_list:
-        print "%-60s" % test_name(test),
+    for test_class in test_list:
+        print "%-60s" % _test_name(test_class),
         # flush now so that long running tests are easier to follow
         sys.stdout.flush()
 
         try:
             try: # run test and show result
-                obj = test()
-                if hasattr(obj, "setUp"):
-                    obj.setUp()
-                obj.runTest()
+                obj = test_class()
+                if hasattr(obj, "setup"):
+                    obj.setup()
+                obj.runtest()
                 print "OK"
             except KeyboardInterrupt:
                 print "INTERRUPT"
-                obj.explainFailure(sys.exc_info())
+                obj.explain_failure(sys.exc_info())
                 ret = 2
                 break
             except NotRunError, msg:
                 print "NOTRUN, %s" % msg.value
             except:
                 print "FAIL"
-                obj.explainFailure(sys.exc_info())
+                obj.explain_failure(sys.exc_info())
                 ret = 1
         finally:
             try:
-                if hasattr(obj, "tearDown"):
-                    obj.tearDown()
+                if hasattr(obj, "teardown"):
+                    obj.teardown()
             except KeyboardInterrupt:
-                print "interrupted during tearDown"
-                obj.explainFailure(sys.exc_info())
+                print "interrupted during teardown"
+                obj.explain_failure(sys.exc_info())
                 ret = 2
                 break
             except:
-                print "error during tearDown"
-                obj.explainFailure(sys.exc_info())
+                print "error during teardown"
+                obj.explain_failure(sys.exc_info())
                 ret = 1
         # Display log file if we're verbose
         if ret == 0 and verbose:
-            obj.explainFailure()
+            obj.explain_failure()
             
     return ret
 
+
+def _test_name(test_class):
+    """Return a human-readable name for a test class.
+    """
+    try:
+        return test_class.__name__
+    except:
+        return `test_class`
+
+
+def print_help():
+    """Help for people running tests"""
+    import sys
+    print """%s: software test suite based on ComfyChair
+
+usage:
+    To run all tests, just run this program.  To run particular tests,
+    list them on the command line.
+
+options:
+    --help           show usage message
+    --list           list available tests
+    --verbose        show more information while running tests
+""" % sys.argv[0]
+
+
+def print_list(test_list):
+    """Show list of available tests"""
+    for test_class in test_list:
+        print "    %s" % _test_name(test_class)
+
+
+def main(tests):
+    """Main entry point for test suites based on ComfyChair.
+
+Test suites should contain this boilerplate:
+
+    if __name__ == '__main__':
+        comfychair.main(tests)
+
+This function handles standard options such as --help and --list, and
+by default runs all tests in the suggested order.
+
+Calls sys.exit() on completion.
+"""
+    from sys import argv
+    import getopt, sys
+
+    verbose = 0
+
+    opts, args = getopt.getopt(argv[1:], '', ['help', 'list', 'verbose'])
+    if ('--help', '') in opts:
+        print_help()
+        return
+    elif ('--list', '') in opts:
+        print_list(tests)
+        return 
+
+    if ('--verbose', '') in opts:
+        verbose = 1
+
+    if args:
+        by_name = {}
+        for t in tests:
+            by_name[_test_name(t)] = t
+        which_tests = [by_name[name] for name in args]
+    else:
+        which_tests = tests
+
+    sys.exit(runtests(which_tests, verbose))
+
+
 if __name__ == '__main__':
     print __doc__
-- 
cgit 


From 52fbbf051b926cea44b9458289ea155d36a8bb7c Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Wed, 12 Mar 2003 07:17:39 +0000
Subject: Update for new version of ComfyChair: some methods are renamed to be
 more consistent, and it now looks at command-line arguments to work out what
 to do.

Run this program to get a quick demonstration of what ComfyChair does.
(This used to be commit 9b0c59a10707b2bbe3837d718e5030a6cdf19bfa)
---
 source3/stf/test.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/source3/stf/test.py b/source3/stf/test.py
index 2e9abd976f..fb57926cc3 100755
--- a/source3/stf/test.py
+++ b/source3/stf/test.py
@@ -3,26 +3,31 @@
 # meta-test-case / example for comfychair.  Should demonstrate
 # different kinds of failure.
 
-import comfychair, stf
+import comfychair
 
 class NormalTest(comfychair.TestCase):
-    def runTest(self):
+    def runtest(self):
         pass
 
 class RootTest(comfychair.TestCase):
-    def setUp(self):
+    def setup(self):
         self.require_root()
             
     def runTest(self):
         pass
 
 class GoodExecTest(comfychair.TestCase):
-    def runTest(self):
-        exit, stdout = self.runCmdUnchecked("ls -l")
+    def runtest(self):
+        stdout = self.runcmd("ls -l")
 
 class BadExecTest(comfychair.TestCase):
-    def setUp(self):
-        exit, stdout = self.runCmdUnchecked("spottyfoot --slobber",
-                                            skip_on_noexec = 1)
+    def setup(self):
+        exit, stdout = self.runcmd_unchecked("spottyfoot --slobber",
+                                             skip_on_noexec = 1)
+
+
+tests = [NormalTest, RootTest, GoodExecTest, BadExecTest]
 
-comfychair.runtests([NormalTest, RootTest, GoodExecTest, BadExecTest])
+if __name__ == '__main__':
+    comfychair.main(tests)
+    
-- 
cgit 


From a6c6800746a77fd041151b42c4aad9d170efb931 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 12 Mar 2003 10:36:14 +0000
Subject: Patch from Ken Cross <kcross@nssolutions.com> to take a username in
 the form of user@realm for kerberos logins.

Andrew Bartlett
(This used to be commit ce013dc13e9e77b5cb9b2d5a4b76d54f91614e6c)
---
 source3/utils/net_ads.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8cd3bac802..ea31a92575 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -124,6 +124,7 @@ static ADS_STRUCT *ads_startup(void)
 	ADS_STATUS status;
 	BOOL need_password = False;
 	BOOL second_time = False;
+	char *realm;
 	
 	ads = ads_init(NULL, NULL, opt_host);
 
@@ -150,6 +151,16 @@ retry:
 
 	ads->auth.user_name = strdup(opt_user_name);
 
+	/*
+	 * If the username is of the form "name@realm", 
+	 * extract the realm and convert to upper case.
+	 */
+	if (realm = strchr(ads->auth.user_name, '@')) {
+		*realm++ = '\0';
+		ads->auth.realm = strdup(realm);
+		strupper(ads->auth.realm);
+	}
+
 	status = ads_connect(ads);
 	if (!ADS_ERR_OK(status)) {
 		if (!need_password && !second_time) {
-- 
cgit 


From 02abe94f81136f85dc72b7015213871831ce2e1a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 12 Mar 2003 10:56:55 +0000
Subject:  - Fix a double-free (I can't say I understand the code, but it
 matches the other cases and keeps valgrind quiet).

 - Add static

Andrew Bartlett
(This used to be commit e9da9c500b96a828d744e7a1c64427fc01153310)
---
 source3/libads/krb5_setpw.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index ac7377cd2f..29bf1a427c 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -546,7 +546,6 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
 
 	krb5_free_creds(context, credsp);
 	krb5_free_principal(context, creds.client);
-	krb5_free_principal(context, creds.server);
 	krb5_free_principal(context, principal);
 	krb5_free_context(context);
 
@@ -579,11 +578,11 @@ kerb_prompter(krb5_context ctx, void *data,
 	return 0;
 }
 
-ADS_STATUS krb5_chg_password(const char *kdc_host,
-				const char *principal,
-				const char *oldpw, 
-				const char *newpw, 
-				int time_offset)
+static ADS_STATUS krb5_chg_password(const char *kdc_host,
+				    const char *principal,
+				    const char *oldpw, 
+				    const char *newpw, 
+				    int time_offset)
 {
     ADS_STATUS aret;
     krb5_error_code ret;
-- 
cgit 


From f4a8417d6fa058ec33753a4df1222131a73add3e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 12 Mar 2003 11:00:02 +0000
Subject: Add const (This used to be commit
 147a0c8b13d20e06c557fb817a36fddf9a920d65)

---
 source3/lib/crc32.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/lib/crc32.c b/source3/lib/crc32.c
index bd4f1633e5..da3aeaa901 100644
--- a/source3/lib/crc32.c
+++ b/source3/lib/crc32.c
@@ -8,7 +8,7 @@
 
 #include "includes.h"
 
-static unsigned long CRCTable[256] = 
+static const unsigned long CRCTable[256] = 
 {
         0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,
         0xE963A535,0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,
@@ -55,7 +55,7 @@ static unsigned long CRCTable[256] =
         0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D
 };
 
-uint32 crc32_calc_buffer( char *buffer, uint32 count)
+uint32 crc32_calc_buffer( const char *buffer, uint32 count)
 {
 	uint32 crc=0xffffffff, i;
         for(i=0;i<count;i++)
-- 
cgit 


From c992f66d733d230bc71f61ab4d13c08354ec0685 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 12 Mar 2003 15:40:43 +0000
Subject: adding some initiaial code to sert %a to Win2K3 (using Native LanMan
 string from .NET RC2) (This used to be commit
 4c823e61d14a33344deb887043b60b2e3c83416f)

---
 source3/include/smb.h    | 2 +-
 source3/lib/util.c       | 3 +++
 source3/smbd/sesssetup.c | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index bd4f113039..bf2d5631a7 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1408,7 +1408,7 @@ enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
 enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
 
 /* Remote architectures we know about. */
-enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_WINXP, RA_SAMBA};
+enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_WINXP, RA_WIN2K3, RA_SAMBA};
 
 /* case handling */
 enum case_handling {CASE_LOWER,CASE_UPPER};
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 15b75356a8..8d62db5ebb 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1767,6 +1767,9 @@ void set_remote_arch(enum remote_arch_types type)
 	case RA_WINXP:
 		fstrcpy(remote_arch, "WinXP");
 		return;
+	case RA_WIN2K3:
+		fstrcpy(remote_arch, "Win2K3");
+		return;
 	case RA_SAMBA:
 		fstrcpy(remote_arch,"Samba");
 		return;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 2661fe3f93..70158a9015 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -617,6 +617,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 		if ( ra_type == RA_WIN2K ) {
 			if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
 				set_remote_arch( RA_WINXP );
+			else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
+				set_remote_arch( RA_WIN2K3 );
 		}
 		
 
-- 
cgit 


From 15ae0c4dedbfb279c9ee77cd37e9c4a55b8434e5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 12 Mar 2003 19:08:01 +0000
Subject: Ensure we count the length correctly in mangle_map. Jeremy. (This
 used to be commit 596705198c555568da208f59008ab87c5164bfb4)

---
 source3/smbd/mangle_map.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/source3/smbd/mangle_map.c b/source3/smbd/mangle_map.c
index 553e3d949d..5ae3ebd174 100644
--- a/source3/smbd/mangle_map.c
+++ b/source3/smbd/mangle_map.c
@@ -150,36 +150,45 @@ static void mangled_map(char *s, const char *MangledMap)
 		}
 		DEBUG( 5, ("End of first in pair '%s'\n", end) );
 		if( (match_string = map_filename( s, start, end-start )) ) {
+			int size_left = sizeof(new_string) - 1;
 			DEBUG( 5, ("Found a match\n") );
 			/* Found a match. */
 			start = end + 1; /* Point to start of what it is to become. */
 			DEBUG( 5, ("Start of second in pair '%s'\n", start) );
 			end = start;
 			np = new_string;
-			while( (*end)             /* Not the end of string. */
+			while( (*end && size_left > 0)    /* Not the end of string. */
 			       && (*end != ')')      /* Not the end of the pattern. */
-			       && (*end != '*') )    /* Not a wildcard. */
+			       && (*end != '*') ) {   /* Not a wildcard. */
 				*np++ = *end++;
+				size_left--;
+			}
 
 			if( !*end ) {
 				start = end;
 				continue;               /* Always check for the end. */
 			}
 			if( *end == '*' ) {
-				pstrcpy( np, match_string );
+				if (size_left > 0 )
+					safe_strcpy( np, match_string, size_left );
 				np += strlen( match_string );
+				size_left -= strlen( match_string );
 				end++;                  /* Skip the '*' */
-				while ((*end)           /* Not the end of string. */
+				while ((*end && size_left >  0)   /* Not the end of string. */
 				       && (*end != ')') /* Not the end of the pattern. */
-				       && (*end != '*'))/* Not a wildcard. */
+				       && (*end != '*')) { /* Not a wildcard. */
 					*np++ = *end++;
+					size_left--;
+				}
 			}
 			if (!*end) {
 				start = end;
 				continue;               /* Always check for the end. */
 			}
-			*np++ = '\0';             /* NULL terminate it. */
+			if (size_left > 0)
+				*np++ = '\0';             /* NULL terminate it. */
 			DEBUG(5,("End of second in pair '%s'\n", end));
+			new_string[sizeof(new_string)-1] = '\0';
 			pstrcpy( s, new_string );  /* Substitute with the new name. */
 			DEBUG( 5, ("s is now '%s'\n", s) );
 		}
-- 
cgit 


From 00d89c3f7c647b56381ba333658c0ed8e02dccdc Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 12 Mar 2003 21:01:25 +0000
Subject: fixed a strcat noticed by metze (This used to be commit
 db3ad0dbe0bca729f98ca5d5a698388fe086daf2)

---
 source3/param/loadparm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index c21b88ff20..3878dabb60 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3095,7 +3095,7 @@ BOOL lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue
 			ZERO_STRUCT(vfskey);
 			pstr_sprintf(vfskey, "%s:", pszParmName);
 			slen = strlen(vfskey);
-			safe_strcat(vfskey, sep+1, sizeof(pstring));
+			pstrcat(vfskey, sep+1);
 			trim_string(vfskey+slen, " ", " ");
 			not_added = True;
 			data = (snum < 0) ? Globals.param_opt : 
-- 
cgit 


From ddfed383a0791986c6d08fde67840e99424ebb1a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 12 Mar 2003 22:24:12 +0000
Subject: Change size parameters from signed to unsigned to fix up warnings.
 Jeremy. (This used to be commit 2e9880ef7c259b67eb75edc8098b734c3b7b22c1)

---
 source3/include/client.h  |   2 +-
 source3/libsmb/clifile.c  |  12 +--
 source3/libsmb/clilist.c  |   2 +-
 source3/libsmb/clirap.c   |  38 ++++----
 source3/libsmb/clitrans.c | 233 ++++++++++++++++++++++++++++++++--------------
 5 files changed, 191 insertions(+), 96 deletions(-)

diff --git a/source3/include/client.h b/source3/include/client.h
index 2e6b9337e4..a3efda4918 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -114,7 +114,7 @@ struct cli_state {
 	int max_mux;
 	char *outbuf;
 	char *inbuf;
-	int bufsize;
+	unsigned int bufsize;
 	int initialised;
 	int win95;
 	uint32 capabilities;
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 31d7ea5911..f61787abde 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -29,8 +29,8 @@
 
 static BOOL cli_link_internal(struct cli_state *cli, const char *fname_src, const char *fname_dst, BOOL hard_link)
 {
-	int data_len = 0;
-	int param_len = 0;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
 	uint16 setup = TRANSACT2_SETPATHINFO;
 	char param[sizeof(pstring)+6];
 	pstring data;
@@ -123,8 +123,8 @@ BOOL cli_unix_hardlink(struct cli_state *cli, const char *fname_src, const char
 
 static BOOL cli_unix_chmod_chown_internal(struct cli_state *cli, const char *fname, uint32 mode, uint32 uid, uint32 gid)
 {
-	int data_len = 0;
-	int param_len = 0;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
 	uint16 setup = TRANSACT2_SETPATHINFO;
 	char param[sizeof(pstring)+6];
 	char data[100];
@@ -335,8 +335,8 @@ BOOL cli_rmdir(struct cli_state *cli, const char *dname)
 
 int cli_nt_delete_on_close(struct cli_state *cli, int fnum, BOOL flag)
 {
-	int data_len = 1;
-	int param_len = 6;
+	unsigned int data_len = 1;
+	unsigned int param_len = 6;
 	uint16 setup = TRANSACT2_SETFILEINFO;
 	pstring param;
 	unsigned char data;
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index 89ab5d6414..3884e4da82 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -154,7 +154,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 	int ff_dir_handle=0;
 	int loop_count = 0;
 	char *rparam=NULL, *rdata=NULL;
-	int param_len, data_len;	
+	unsigned int param_len, data_len;	
 	uint16 setup;
 	pstring param;
 
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index a1845b2e16..b38e7d5c23 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -41,8 +41,8 @@ BOOL cli_api_pipe(struct cli_state *cli, const char *pipe_name,
                  data, data_count, max_data_count);
 
   return (cli_receive_trans(cli, SMBtrans, 
-                            rparam, (int *)rparam_count,
-                            rdata, (int *)rdata_count));
+                            rparam, (unsigned int *)rparam_count,
+                            rdata, (unsigned int *)rdata_count));
 }
 
 /****************************************************************************
@@ -51,8 +51,8 @@ call a remote api
 BOOL cli_api(struct cli_state *cli,
 	     char *param, int prcnt, int mprcnt,
 	     char *data, int drcnt, int mdrcnt,
-	     char **rparam, int *rprcnt,
-	     char **rdata, int *rdrcnt)
+	     char **rparam, unsigned int *rprcnt,
+	     char **rdata, unsigned int *rdrcnt)
 {
   cli_send_trans(cli,SMBtrans,
                  PIPE_LANMAN,             /* Name */
@@ -286,8 +286,8 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char
   char *p = param;
   unsigned char old_pw_hash[16];
   unsigned char new_pw_hash[16];
-  int data_len;
-  int param_len = 0;
+  unsigned int data_len;
+  unsigned int param_len = 0;
   char *rparam = NULL;
   char *rdata = NULL;
   int rprcnt, rdrcnt;
@@ -368,9 +368,9 @@ BOOL cli_qpathinfo(struct cli_state *cli, const char *fname,
 		   time_t *c_time, time_t *a_time, time_t *m_time, 
 		   size_t *size, uint16 *mode)
 {
-	int data_len = 0;
-	int param_len = 0;
-	int rparam_len, rdata_len;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
+	unsigned int rparam_len, rdata_len;
 	uint16 setup = TRANSACT2_QPATHINFO;
 	pstring param;
 	char *rparam=NULL, *rdata=NULL;
@@ -449,8 +449,8 @@ BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname,
 		    time_t *w_time, size_t *size, uint16 *mode,
 		    SMB_INO_T *ino)
 {
-	int data_len = 0;
-	int param_len = 0;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
 	uint16 setup = TRANSACT2_QPATHINFO;
 	pstring param;
 	char *rparam=NULL, *rdata=NULL;
@@ -518,8 +518,8 @@ send a qfileinfo QUERY_FILE_NAME_INFO call
 BOOL cli_qfilename(struct cli_state *cli, int fnum, 
 		   pstring name)
 {
-	int data_len = 0;
-	int param_len = 0;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
 	uint16 setup = TRANSACT2_QFILEINFO;
 	pstring param;
 	char *rparam=NULL, *rdata=NULL;
@@ -563,8 +563,8 @@ BOOL cli_qfileinfo(struct cli_state *cli, int fnum,
 		   time_t *c_time, time_t *a_time, time_t *m_time, 
 		   time_t *w_time, SMB_INO_T *ino)
 {
-	int data_len = 0;
-	int param_len = 0;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
 	uint16 setup = TRANSACT2_QFILEINFO;
 	pstring param;
 	char *rparam=NULL, *rdata=NULL;
@@ -631,8 +631,8 @@ send a qfileinfo call
 ****************************************************************************/
 BOOL cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char *outdata)
 {
-	int data_len = 0;
-	int param_len = 0;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
 	uint16 setup = TRANSACT2_QFILEINFO;
 	pstring param;
 	char *rparam=NULL, *rdata=NULL;
@@ -677,8 +677,8 @@ send a qpathinfo SMB_QUERY_FILE_ALT_NAME_INFO call
 ****************************************************************************/
 NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstring alt_name)
 {
-	int data_len = 0;
-	int param_len = 0;
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
 	uint16 setup = TRANSACT2_QPATHINFO;
 	pstring param;
 	char *rparam=NULL, *rdata=NULL;
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 3d862a1796..7e3357a8cc 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -24,18 +24,19 @@
 
 
 /****************************************************************************
-  send a SMB trans or trans2 request
-  ****************************************************************************/
+ Send a SMB trans or trans2 request.
+****************************************************************************/
+
 BOOL cli_send_trans(struct cli_state *cli, int trans, 
 		    const char *pipe_name, 
 		    int fid, int flags,
-		    uint16 *setup, int lsetup, int msetup,
-		    char *param, int lparam, int mparam,
-		    char *data, int ldata, int mdata)
+		    uint16 *setup, unsigned int lsetup, unsigned int msetup,
+		    char *param, unsigned int lparam, unsigned int mparam,
+		    char *data, unsigned int ldata, unsigned int mdata)
 {
 	int i;
-	int this_ldata,this_lparam;
-	int tot_data=0,tot_param=0;
+	unsigned int this_ldata,this_lparam;
+	unsigned int tot_data=0,tot_param=0;
 	char *outdata,*outparam;
 	char *p;
 	int pipe_name_len=0;
@@ -83,14 +84,13 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 	cli_setup_bcc(cli, outdata+this_ldata);
 
 	show_msg(cli->outbuf);
-	cli_send_smb(cli);
+	if (!cli_send_smb(cli))
+		return False;
 
 	if (this_ldata < ldata || this_lparam < lparam) {
 		/* receive interim response */
-		if (!cli_receive_smb(cli) || 
-		    cli_is_error(cli)) {
+		if (!cli_receive_smb(cli) || cli_is_error(cli))
 			return(False);
-		}      
 
 		tot_data = this_ldata;
 		tot_param = this_lparam;
@@ -123,7 +123,8 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 			cli_setup_bcc(cli, outdata+this_ldata);
 			
 			show_msg(cli->outbuf);
-			cli_send_smb(cli);
+			if (!cli_send_smb(cli))
+				return False;
 			
 			tot_data += this_ldata;
 			tot_param += this_lparam;
@@ -133,17 +134,17 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 	return(True);
 }
 
-
 /****************************************************************************
-  receive a SMB trans or trans2 response allocating the necessary memory
-  ****************************************************************************/
+ Receive a SMB trans or trans2 response allocating the necessary memory.
+****************************************************************************/
+
 BOOL cli_receive_trans(struct cli_state *cli,int trans,
-                              char **param, int *param_len,
-                              char **data, int *data_len)
+                              char **param, unsigned int *param_len,
+                              char **data, unsigned int *data_len)
 {
-	int total_data=0;
-	int total_param=0;
-	int this_data,this_param;
+	unsigned int total_data=0;
+	unsigned int total_param=0;
+	unsigned int this_data,this_param;
 	NTSTATUS status;
 	char *tdata;
 	char *tparam;
@@ -170,9 +171,8 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
 	 */
 	status = cli_nt_error(cli);
 	
-	if (NT_STATUS_IS_ERR(status)) {
+	if (NT_STATUS_IS_ERR(status))
 		return False;
-	}
 
 	/* parse out the lengths */
 	total_data = SVAL(cli->inbuf,smb_tdrcnt);
@@ -199,7 +199,7 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
 			*param = tparam;
 	}
 
-	while (1)  {
+	for (;;)  {
 		this_data = SVAL(cli->inbuf,smb_drcnt);
 		this_param = SVAL(cli->inbuf,smb_prcnt);
 
@@ -209,21 +209,59 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
 			return False;
 		}
 
-		if (this_data)
-			memcpy(*data + SVAL(cli->inbuf,smb_drdisp),
-			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_droff),
-			       this_data);
-		if (this_param)
-			memcpy(*param + SVAL(cli->inbuf,smb_prdisp),
-			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_proff),
-			       this_param);
+		if (this_data + *data_len < this_data ||
+				this_data + *data_len < *data_len ||
+				this_param + *param_len < this_param ||
+				this_param + *param_len < *param_len) {
+			DEBUG(1,("Data overflow in cli_receive_trans\n"));
+			return False;
+		}
+
+		if (this_data) {
+			unsigned int data_offset_out = SVAL(cli->inbuf,smb_drdisp);
+			unsigned int data_offset_in = SVAL(cli->inbuf,smb_droff);
+
+			if (data_offset_out > total_data ||
+					data_offset_out + this_data > total_data ||
+					data_offset_out + this_data < data_offset_out ||
+					data_offset_out + this_data < this_data) {
+				DEBUG(1,("Data overflow in cli_receive_trans\n"));
+				return False;
+			}
+			if (data_offset_in > cli->bufsize ||
+					data_offset_in + this_data >  cli->bufsize ||
+					data_offset_in + this_data < data_offset_in ||
+					data_offset_in + this_data < this_data) {
+				DEBUG(1,("Data overflow in cli_receive_trans\n"));
+				return False;
+			}
+
+			memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data);
+		}
+		if (this_param) {
+			unsigned int param_offset_out = SVAL(cli->inbuf,smb_prdisp);
+			unsigned int param_offset_in = SVAL(cli->inbuf,smb_proff);
+
+			if (param_offset_out > total_param ||
+					param_offset_out + this_param > total_param ||
+					param_offset_out + this_param < param_offset_out ||
+					param_offset_out + this_param < this_param) {
+				DEBUG(1,("Param overflow in cli_receive_trans\n"));
+				return False;
+			}
+			if (param_offset_in > cli->bufsize ||
+					param_offset_in + this_param >  cli->bufsize ||
+					param_offset_in + this_param < param_offset_in ||
+					param_offset_in + this_param < this_param) {
+				DEBUG(1,("Param overflow in cli_receive_trans\n"));
+				return False;
+			}
+
+			memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param);
+		}
 		*data_len += this_data;
 		*param_len += this_param;
 
-		/* parse out the total lengths again - they can shrink! */
-		total_data = SVAL(cli->inbuf,smb_tdrcnt);
-		total_param = SVAL(cli->inbuf,smb_tprcnt);
-		
 		if (total_data <= *data_len && total_param <= *param_len)
 			break;
 		
@@ -242,27 +280,35 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
 		if (NT_STATUS_IS_ERR(cli_nt_error(cli))) {
 			return(False);
 		}
+
+		/* parse out the total lengths again - they can shrink! */
+		if (SVAL(cli->inbuf,smb_tdrcnt) < total_data)
+			total_data = SVAL(cli->inbuf,smb_tdrcnt);
+		if (SVAL(cli->inbuf,smb_tprcnt) < total_param)
+			total_param = SVAL(cli->inbuf,smb_tprcnt);
+		
+		if (total_data <= *data_len && total_param <= *param_len)
+			break;
+		
 	}
 	
 	return(True);
 }
 
-
-
-
 /****************************************************************************
-  send a SMB nttrans request
-  ****************************************************************************/
+ Send a SMB nttrans request.
+****************************************************************************/
+
 BOOL cli_send_nt_trans(struct cli_state *cli, 
 		       int function, 
 		       int flags,
-		       uint16 *setup, int lsetup, int msetup,
-		       char *param, int lparam, int mparam,
-		       char *data, int ldata, int mdata)
+		       uint16 *setup, unsigned int lsetup, unsigned int msetup,
+		       char *param, unsigned int lparam, unsigned int mparam,
+		       char *data, unsigned int ldata, unsigned int mdata)
 {
-	int i;
-	int this_ldata,this_lparam;
-	int tot_data=0,tot_param=0;
+	unsigned int i;
+	unsigned int this_ldata,this_lparam;
+	unsigned int tot_data=0,tot_param=0;
 	char *outdata,*outparam;
 
 	this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */
@@ -301,14 +347,13 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
 	cli_setup_bcc(cli, outdata+this_ldata);
 
 	show_msg(cli->outbuf);
-	cli_send_smb(cli);
+	if (!cli_send_smb(cli))
+		return False;
 
 	if (this_ldata < ldata || this_lparam < lparam) {
 		/* receive interim response */
-		if (!cli_receive_smb(cli) || 
-		    cli_is_error(cli)) {
+		if (!cli_receive_smb(cli) || cli_is_error(cli))
 			return(False);
-		}      
 
 		tot_data = this_ldata;
 		tot_param = this_lparam;
@@ -340,7 +385,8 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
 			cli_setup_bcc(cli, outdata+this_ldata);
 			
 			show_msg(cli->outbuf);
-			cli_send_smb(cli);
+			if (!cli_send_smb(cli))
+				return False;
 			
 			tot_data += this_ldata;
 			tot_param += this_lparam;
@@ -355,13 +401,14 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
 /****************************************************************************
   receive a SMB nttrans response allocating the necessary memory
   ****************************************************************************/
+
 BOOL cli_receive_nt_trans(struct cli_state *cli,
-			  char **param, int *param_len,
-			  char **data, int *data_len)
+			  char **param, unsigned int *param_len,
+			  char **data, unsigned int *data_len)
 {
-	int total_data=0;
-	int total_param=0;
-	int this_data,this_param;
+	unsigned int total_data=0;
+	unsigned int total_param=0;
+	unsigned int this_data,this_param;
 	uint8 eclass;
 	uint32 ecode;
 	char *tdata;
@@ -423,25 +470,65 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
 
 		if (this_data + *data_len > total_data ||
 		    this_param + *param_len > total_param) {
-			DEBUG(1,("Data overflow in cli_receive_trans\n"));
+			DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
+			return False;
+		}
+
+		if (this_data + *data_len < this_data ||
+				this_data + *data_len < *data_len ||
+				this_param + *param_len < this_param ||
+				this_param + *param_len < *param_len) {
+			DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
 			return False;
 		}
 
-		if (this_data)
-			memcpy(*data + SVAL(cli->inbuf,smb_ntr_DataDisplacement),
-			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_ntr_DataOffset),
-			       this_data);
-		if (this_param)
-			memcpy(*param + SVAL(cli->inbuf,smb_ntr_ParameterDisplacement),
-			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_ntr_ParameterOffset),
-			       this_param);
+		if (this_data) {
+			unsigned int data_offset_out = SVAL(cli->inbuf,smb_ntr_DataDisplacement);
+			unsigned int data_offset_in = SVAL(cli->inbuf,smb_ntr_DataOffset);
+
+			if (data_offset_out > total_data ||
+					data_offset_out + this_data > total_data ||
+					data_offset_out + this_data < data_offset_out ||
+					data_offset_out + this_data < this_data) {
+				DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
+				return False;
+			}
+			if (data_offset_in > cli->bufsize ||
+					data_offset_in + this_data >  cli->bufsize ||
+					data_offset_in + this_data < data_offset_in ||
+					data_offset_in + this_data < this_data) {
+				DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
+				return False;
+			}
+
+			memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data);
+		}
+
+		if (this_param) {
+			unsigned int param_offset_out = SVAL(cli->inbuf,smb_ntr_ParameterDisplacement);
+			unsigned int param_offset_in = SVAL(cli->inbuf,smb_ntr_ParameterOffset);
+
+			if (param_offset_out > total_param ||
+					param_offset_out + this_param > total_param ||
+					param_offset_out + this_param < param_offset_out ||
+					param_offset_out + this_param < this_param) {
+				DEBUG(1,("Param overflow in cli_receive_nt_trans\n"));
+				return False;
+			}
+			if (param_offset_in > cli->bufsize ||
+					param_offset_in + this_param >  cli->bufsize ||
+					param_offset_in + this_param < param_offset_in ||
+					param_offset_in + this_param < this_param) {
+				DEBUG(1,("Param overflow in cli_receive_nt_trans\n"));
+				return False;
+			}
+
+			memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param);
+		}
+
 		*data_len += this_data;
 		*param_len += this_param;
 
-		/* parse out the total lengths again - they can shrink! */
-		total_data = SVAL(cli->inbuf,smb_ntr_TotalDataCount);
-		total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount);
-		
 		if (total_data <= *data_len && total_param <= *param_len)
 			break;
 		
@@ -462,6 +549,14 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
                            !(eclass == ERRDOS && ecode == ERRmoredata))
 				return(False);
 		}
+		/* parse out the total lengths again - they can shrink! */
+		if (SVAL(cli->inbuf,smb_ntr_TotalDataCount) < total_data)
+			total_data = SVAL(cli->inbuf,smb_ntr_TotalDataCount);
+		if (SVAL(cli->inbuf,smb_ntr_TotalParameterCount) < total_param)
+			total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount);
+		
+		if (total_data <= *data_len && total_param <= *param_len)
+			break;
 	}
 	
 	return(True);
-- 
cgit 


From 3b104f6e2dc56c5edcf0278e7e43d4993e7db368 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 13 Mar 2003 04:34:31 +0000
Subject: win2000 can take much longer than the specified time to respond to a
 lock - so to make the torture tests valid I give it a grace time of 10
 seconds instead of 2 (This used to be commit
 c9c9e9eb26ec3042395637d14a6661d04a629ccc)

---
 source3/libsmb/clifile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index f61787abde..8e84963c09 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -633,7 +633,7 @@ BOOL cli_lock(struct cli_state *cli, int fnum,
 	cli_send_smb(cli);
 
 	if (timeout != 0) {
-		cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 2*1000);
+		cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 10*1000);
 	}
 
 	if (!cli_receive_smb(cli)) {
-- 
cgit 


From 537e4d55651a51227fc7af4de0853165503c7b12 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 13 Mar 2003 04:35:15 +0000
Subject: fixed the unmarshalling of the queryaliasmem SAMR call (This used to
 be commit 80c45434092a881fe2c9ae7f90856deea4722cb0)

---
 source3/rpc_parse/parse_samr.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index d031d13955..222af57e5b 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -4623,13 +4623,17 @@ BOOL samr_io_r_query_aliasmem(const char *desc, SAMR_R_QUERY_ALIASMEM * r_u,
 
 			for (i = 0; i < r_u->num_sids1; i++) {
 				ptr_sid[i] = 1;
-				if(!prs_uint32("", ps, depth, &ptr_sid[i]))
+				if(!prs_uint32("ptr_sid", ps, depth, &ptr_sid[i]))
 				  return False;
 			}
 
+			if (UNMARSHALLING(ps)) {
+				r_u->sid = talloc(ps->mem_ctx, r_u->num_sids1 * sizeof(DOM_SID));
+			}
+
 			for (i = 0; i < r_u->num_sids1; i++) {
 				if (ptr_sid[i] != 0) {
-					if(!smb_io_dom_sid2("", &r_u->sid[i], ps, depth))
+					if(!smb_io_dom_sid2("sid", &r_u->sid[i], ps, depth))
 						return False;
 				}
 			}
-- 
cgit 


From d2a85e518536796c69c689ded50cb6551d460f97 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 13 Mar 2003 04:36:32 +0000
Subject: show which files we fail to create in the casetable test (This used
 to be commit d40e3747cfa2994349aa84568f7b79457341a058)

---
 source3/torture/utable.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source3/torture/utable.c b/source3/torture/utable.c
index d8a1557dbb..74d5f164c0 100644
--- a/source3/torture/utable.c
+++ b/source3/torture/utable.c
@@ -141,7 +141,7 @@ BOOL torture_casetable(int dummy)
 
 		if (c == '.' || c == '\\') continue;
 
-		printf("%04x\n", c);
+		printf("%04x (%c)\n", c, isprint(c)?c:'.');
 
 		fname = form_name(c);
 		fnum = cli_nt_create_full(cli, fname, 
@@ -150,7 +150,10 @@ BOOL torture_casetable(int dummy)
 					  FILE_SHARE_NONE,
 					  FILE_OPEN_IF, 0);
 
-		if (fnum == -1) continue;
+		if (fnum == -1) {
+			printf("Failed to create file with char %04x\n", c);
+			continue;
+		}
 
 		size = 0;
 
-- 
cgit 


From 5e7f809f8f2806f0315f81b109688b3e2ff8b950 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Thu, 13 Mar 2003 05:52:49 +0000
Subject: Fixed crash bug when calling tdb_unlockkeys() with no locked keys.

woot!
(This used to be commit eb432700c0010e536be3a0703f152c533357b851)
---
 source3/tdb/tdb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/tdb/tdb.c b/source3/tdb/tdb.c
index ab50f40ef6..c414ae0d31 100644
--- a/source3/tdb/tdb.c
+++ b/source3/tdb/tdb.c
@@ -1954,6 +1954,8 @@ int tdb_lockkeys(TDB_CONTEXT *tdb, u32 number, TDB_DATA keys[])
 void tdb_unlockkeys(TDB_CONTEXT *tdb)
 {
 	u32 i;
+	if (!tdb->lockedkeys)
+		return;
 	for (i = 0; i < tdb->lockedkeys[0]; i++)
 		tdb_unlock(tdb, tdb->lockedkeys[i+1], F_WRLCK);
 	SAFE_FREE(tdb->lockedkeys);
-- 
cgit 


From 6d0a1eaaaad05b2860561619856698f8d1e193c1 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Thu, 13 Mar 2003 06:09:18 +0000
Subject: Added chainlock, chainunlock, lock_bystring and unlock_bystring
 methods. (This used to be commit cd5c47f47379a8c4021771ec28a9da0085f80d98)

---
 source3/python/py_tdb.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 81 insertions(+), 1 deletion(-)

diff --git a/source3/python/py_tdb.c b/source3/python/py_tdb.c
index 4969c1047e..e525422a30 100644
--- a/source3/python/py_tdb.c
+++ b/source3/python/py_tdb.c
@@ -1,7 +1,7 @@
 /* 
    Python wrappers for TDB module
 
-   Copyright (C) Tim Potter, 2002
+   Copyright (C) Tim Potter, 2002-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -481,6 +481,82 @@ PyObject *py_tdb_hnd_traverse(PyObject *self, PyObject *args, PyObject *kw)
 	return PyInt_FromLong(result);
 }
 
+PyObject *py_tdb_hnd_chainlock(PyObject *self, PyObject *args)
+{
+	tdb_hnd_object *obj = (tdb_hnd_object *)self;
+	TDB_DATA key;
+	int result;
+
+        if (!obj->tdb) {
+		PyErr_SetString(py_tdb_error, "tdb object has been closed"); 
+		return NULL;
+        }	
+
+	if (!PyArg_ParseTuple(args, "s#", &key.dptr, &key.dsize))
+		return NULL;
+
+	result = tdb_chainlock(obj->tdb, key);
+
+	return PyInt_FromLong(result != -1);
+}
+
+PyObject *py_tdb_hnd_chainunlock(PyObject *self, PyObject *args)
+{
+	tdb_hnd_object *obj = (tdb_hnd_object *)self;
+	TDB_DATA key;
+	int result;
+
+        if (!obj->tdb) {
+		PyErr_SetString(py_tdb_error, "tdb object has been closed"); 
+		return NULL;
+        }	
+
+	if (!PyArg_ParseTuple(args, "s#", &key.dptr, &key.dsize))
+		return NULL;
+
+	result = tdb_chainunlock(obj->tdb, key);
+
+	return PyInt_FromLong(result != -1);
+}
+
+PyObject *py_tdb_hnd_lock_bystring(PyObject *self, PyObject *args)
+{
+	tdb_hnd_object *obj = (tdb_hnd_object *)self;
+	int result, timeout = 30;
+	char *s;
+
+        if (!obj->tdb) {
+		PyErr_SetString(py_tdb_error, "tdb object has been closed"); 
+		return NULL;
+        }	
+
+	if (!PyArg_ParseTuple(args, "s|i", &s, &timeout))
+		return NULL;
+
+	result = tdb_lock_bystring(obj->tdb, s, timeout);
+
+	return PyInt_FromLong(result != -1);
+}
+
+PyObject *py_tdb_hnd_unlock_bystring(PyObject *self, PyObject *args)
+{
+	tdb_hnd_object *obj = (tdb_hnd_object *)self;
+	char *s;
+
+        if (!obj->tdb) {
+		PyErr_SetString(py_tdb_error, "tdb object has been closed"); 
+		return NULL;
+        }	
+
+	if (!PyArg_ParseTuple(args, "s", &s))
+		return NULL;
+
+	tdb_unlock_bystring(obj->tdb, s);
+
+	Py_INCREF(Py_None);
+	return Py_None;
+}
+
 /* 
  * Method dispatch table for this module
  */
@@ -505,6 +581,10 @@ static PyMethodDef tdb_hnd_methods[] = {
 	{ "lock", (PyCFunction)py_tdb_hnd_lock, METH_VARARGS },
 	{ "unlock", (PyCFunction)py_tdb_hnd_unlock, METH_VARARGS },
 	{ "traverse", (PyCFunction)py_tdb_hnd_traverse, METH_VARARGS | METH_KEYWORDS },
+	{ "chainlock", (PyCFunction)py_tdb_hnd_chainlock, METH_VARARGS | METH_KEYWORDS },
+	{ "chainunlock", (PyCFunction)py_tdb_hnd_chainunlock, METH_VARARGS | METH_KEYWORDS },
+	{ "lock_bystring", (PyCFunction)py_tdb_hnd_lock_bystring, METH_VARARGS | METH_KEYWORDS },
+	{ "unlock_bystring", (PyCFunction)py_tdb_hnd_unlock_bystring, METH_VARARGS | METH_KEYWORDS },
 	{ NULL }
 };
 
-- 
cgit 


From 9951cca72fcbba4d4f93ac0e30bab2e4f54487f5 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Thu, 13 Mar 2003 06:16:51 +0000
Subject: In Valgrind 1.9.4, the headers have moved to <valgrind/valgrind.h>,
 etc.  So check for that as well as the old names. (This used to be commit
 1ffa4d75b75979b8abb409634212ce43a0826467)

---
 source3/configure.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source3/configure.in b/source3/configure.in
index b2cd15b3b3..aa95cf19fe 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -556,7 +556,10 @@ AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h t
 AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
 AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h dlfcn.h)
 AC_CHECK_HEADERS(sys/syslog.h syslog.h)
-AC_CHECK_HEADERS(valgrind.h)
+
+# In valgrind 1.0.x, it's just valgrind.h.  In 1.9.x+ there's a
+# subdirectory of headers.
+AC_CHECK_HEADERS(valgrind.h valgrind/valgrind.h valgrind/memcheck.h)
 
 #
 # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
-- 
cgit 


From 197f98aededbb456951be2d0d7f8ac587006a60d Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Thu, 13 Mar 2003 06:18:18 +0000
Subject: In Valgrind 1.9.4, the headers have moved to <valgrind/valgrind.h>,
 etc.  So check for that as well as the old names when including macros and
 conditionally defining -DVALGRIND. (This used to be commit
 c9151c7b1113e2f01bd33d4dd301a2e7e2040b35)

---
 source3/include/includes.h | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/source3/include/includes.h b/source3/include/includes.h
index b6abdd99ce..25245e9c0c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -433,15 +433,19 @@
 #include <com_err.h>
 #endif
 
-#if HAVE_VALGRIND_H
-/* Special macros that are no-ops except when run under Valgrind on x86.  */
+/* Special macros that are no-ops except when run under Valgrind on
+ * x86.  They've moved a little bit from valgrind 1.0.4 to 1.9.4 */
+#if HAVE_VALGRIND_MEMCHECK_H
+        /* memcheck.h includes valgrind.h */
+#include <valgrind/memcheck.h>
+#elif HAVE_VALGRIND_H
 #include <valgrind.h>
 #endif
 
 /* If we have --enable-developer and the valgrind header is present,
  * then we're OK to use it.  Set a macro so this logic can be done only
  * once. */
-#if defined(DEVELOPER) && HAVE_VALGRIND_H
+#if defined(DEVELOPER) && (HAVE_VALGRIND_H || HAVE_VALGRIND_VALGRIND_H)
 #define VALGRIND
 #endif
 
-- 
cgit 


From 593ed8d1d995d4b31b8798367f5a4e963ce2e312 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Thu, 13 Mar 2003 07:05:10 +0000
Subject: Add bin/libbigballofmud.a non-shared library.  A bit easier to link
 to for testing than the .so.  (http://www.laputan.org/mud/mud.html) (This
 used to be commit 386087d77f836b8133afc977c9c3e8e7845125dc)

---
 source3/Makefile.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 3ae939c4f5..78cd5746a7 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -893,6 +893,10 @@ bin/libbigballofmud.@SHLIBEXT@: $(LIBBIGBALLOFMUD_PICOBJS)
 	$(SHLD) $(LDSHFLAGS) -o $@ $(LIBBIGBALLOFMUD_PICOBJS) $(LIBS) \
 		@SONAMEFLAG@`basename $@`.$(LIBBIGBALLOFMUD_MAJOR)
 
+bin/libbigballofmud.a: $(LIBBIGBALLOFMUD_OBJS)
+	@echo Linking bigballofmud non-shared library $@
+	-$(AR) -rc $@ $(LIBBIGBALLOFMUD_OBJS)
+
 libsmbclient: bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
 
 bin/librpc_lsarpc.@SHLIBEXT@: $(RPC_LSA_OBJ)
-- 
cgit 


From 285886b3cf0b2e886d59ddafb4b06d6a2fb459ce Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Thu, 13 Mar 2003 14:55:44 +0000
Subject: Merge cifsntdomain.sgml fixes from 3.0 branch (This used to be commit
 fb85311941967fa1080b84103a01d16b4fd33926)

---
 docs/docbook/devdoc/cifsntdomain.sgml | 61 ++++++++++++++++++++---------------
 1 file changed, 35 insertions(+), 26 deletions(-)

diff --git a/docs/docbook/devdoc/cifsntdomain.sgml b/docs/docbook/devdoc/cifsntdomain.sgml
index 0197f4e1be..7c3c22d106 100644
--- a/docs/docbook/devdoc/cifsntdomain.sgml
+++ b/docs/docbook/devdoc/cifsntdomain.sgml
@@ -2662,18 +2662,22 @@ pwdump(machine$) (initially) == md4(lmowf(unicode(machine)))
 <sect2>
 <title>Protocol</title>
 
-<para>
-C-&gt;S ReqChal,Cc S-&gt;C Cs
-</para>
+<programlisting>
+C-&gt;S ReqChal,Cc
+S-&gt;C Cs
+</programlisting>
 
-<para>
+<programlisting>
 C &amp; S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs)))
-</para>
+</programlisting>
 
-<para>
-C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs),
-assert(Rc == Cred(Ks,Cc)) S-&gt;C Rs C: assert(Rs == Cred(Ks,Cs))
-</para>
+<programlisting>
+C: Rc = Cred(Ks,Cc)
+C-&gt;S Authenticate,Rc
+S: Rs = Cred(Ks,Cs), assert(Rc == Cred(Ks,Cc))
+S-&gt;C Rs
+C: assert(Rs == Cred(Ks,Cs))
+</programlisting>
 
 <para>
 On joining the domain the client will optionally attempt to change its
@@ -2681,29 +2685,34 @@ password and the domain controller may refuse to update it depending
 on registry settings. This will also occur weekly afterwards.
 </para>
 
-<para>
-C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&gt;S ServerPasswordSet,Rc',Tc,
-arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
-assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1)
-S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'
-</para>
+<programlisting>
+C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc)
+C-&gt;S ServerPasswordSet,Rc',Tc,arc4(Ks[0..7,16],lmowf(randompassword())
+C: Rc = Cred(Ks,Rc+Tc+1)
+S: assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time()
+S: Rs' = Cred(Ks,Rs+Tc+1)
+S-&gt;C Rs',Ts
+C: assert(Rs' == Cred(Ks,Rs+Tc+1))
+S: Rs = Rs'
+</programlisting>
 
 <para>
 User: U with password P wishes to login to the domain (incidental data
 such as workstation and domain omitted)
 </para>
 
-<para>
-C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&gt;S NetLogonSamLogon,Rc',Tc,U,
-arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S:
-assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S:
-Ts = Time()
-</para>
-
-<para>
-S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C:
-assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1)
-</para>
+<programlisting>
+C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc)
+C-&gt;S NetLogonSamLogon,Rc',Tc,U,arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16)
+S: assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM)
+S: Ts = Time()
+</programlisting>
+
+<programlisting>
+S-&gt;C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc)
+C: assert(Rs == Cred(Ks,Cred(Rc+Tc+1))
+C: Rc = Cred(Ks,Rc+Tc+1)
+</programlisting>
 
 </sect2>
 
-- 
cgit 


From f764518bd100310a35b5d8cd9b747b12ae4a4755 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 14 Mar 2003 04:50:17 +0000
Subject: Merge from Subversion

* Better report formatting
(This used to be commit e7eafa10da828b4dc46a05a99164eb8ac37563df)
---
 source3/stf/comfychair.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/stf/comfychair.py b/source3/stf/comfychair.py
index b552baccd2..d7e23efc10 100644
--- a/source3/stf/comfychair.py
+++ b/source3/stf/comfychair.py
@@ -170,7 +170,7 @@ Output:
             # Either we could not execute the command or the command
             # returned exit code 127.  According to system(3) we can't
             # tell the difference.
-            raise NotRunError, "could not execute %s" % cmd
+            raise NotRunError, "could not execute %s" % `cmd`
         return rc, output
 
     def explain_failure(self, exc_info = None):
@@ -213,7 +213,7 @@ def runtests(test_list, verbose = 0):
     import traceback
     ret = 0
     for test_class in test_list:
-        print "%-60s" % _test_name(test_class),
+        print "%-30s" % _test_name(test_class),
         # flush now so that long running tests are easier to follow
         sys.stdout.flush()
 
-- 
cgit 


From bc7f13cdb36212d0e2f9a8d86be9892a3c9dd373 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Fri, 14 Mar 2003 04:54:10 +0000
Subject: Add examples of ComfyChair (This used to be commit
 dfee0a6ad5d203df04df8a54da87ff5e493a33ca)

---
 source3/stf/example.py | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100755 source3/stf/example.py

diff --git a/source3/stf/example.py b/source3/stf/example.py
new file mode 100755
index 0000000000..1f121fd9af
--- /dev/null
+++ b/source3/stf/example.py
@@ -0,0 +1,33 @@
+#! /usr/bin/env python
+
+# Copyright (C) 2003 by Martin Pool <mbp@samba.org>
+# 
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+
+
+"""example of using ComfyChair"""
+
+import comfychair
+
+class OnePlusOne(comfychair.TestCase):
+    def runtest(self):
+        self.assert_(1 + 1 == 2)
+
+tests = [OnePlusOne]
+
+if __name__ == '__main__':
+    comfychair.main(tests)
+
-- 
cgit 


From e37372f4d6e10204adf272f978524751420e890f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Mar 2003 10:02:12 +0000
Subject: Found by metze with the clobber-region check - if it's a pstring, use
 pstrcpy().

Andrew Bartlett
(This used to be commit f9c3c93f55cac774e576fd5975c0582e0b334d6a)
---
 source3/libsmb/clifile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 8e84963c09..d86f36405d 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -948,7 +948,7 @@ BOOL cli_chkpath(struct cli_state *cli, const char *path)
 	pstring path2;
 	char *p;
 	
-	safe_strcpy(path2,path,sizeof(pstring));
+	pstrcpy(path2,path);
 	trim_string(path2,NULL,"\\");
 	if (!*path2) *path2 = '\\';
 	
-- 
cgit 


From 33c8a6779d490bd1aa722231a59a3b68343dbc17 Mon Sep 17 00:00:00 2001
From: Rafal Szczesniak <mimir@samba.org>
Date: Fri, 14 Mar 2003 17:05:13 +0000
Subject: /tmp/newfun.msg (This used to be commit
 3f4cb7b2c4d9b54b41bcc184ccfd00032e2b021b)

---
 source3/Makefile.in           |   4 +-
 source3/libsmb/trust_passwd.c | 116 ----------------------------
 source3/libsmb/trusts_util.c  | 174 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 176 insertions(+), 118 deletions(-)
 delete mode 100644 source3/libsmb/trust_passwd.c
 create mode 100644 source3/libsmb/trusts_util.c

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 78cd5746a7..e42dd1f395 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -214,8 +214,8 @@ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \
 	       rpc_client/cli_reg.o rpc_client/cli_pipe.o \
 	       rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o  \
 	       rpc_client/cli_ds.o libsmb/namequery_dc.o
-
-LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o
+	       
+LIBMSRPC_SERVER_OBJ = libsmb/trusts_util.o
 
 REGOBJS_OBJ = registry/reg_objects.o
 REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
diff --git a/source3/libsmb/trust_passwd.c b/source3/libsmb/trust_passwd.c
deleted file mode 100644
index cf9fd58b13..0000000000
--- a/source3/libsmb/trust_passwd.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  Routines to change trust account passwords.
- *  Copyright (C) Andrew Bartlett                   2001.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-/*********************************************************
- Change the domain password on the PDC.
-
- Just changes the password betwen the two values specified.
-
- Caller must have the cli connected to the netlogon pipe
- already.
-**********************************************************/
-static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
-					 unsigned char orig_trust_passwd_hash[16],
-					 unsigned char new_trust_passwd_hash[16])
-{
-	NTSTATUS result;
-	uint32 neg_flags = 0x000001ff;
-
-	result = cli_nt_setup_creds(cli, get_sec_chan(), orig_trust_passwd_hash, &neg_flags, 2);
-	
-	if (!NT_STATUS_IS_OK(result)) {
-		DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n",
-			 nt_errstr(result)));
-		return result;
-	}
-
-	result = cli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash);
-
-	if (!NT_STATUS_IS_OK(result)) {
-		DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
-			 nt_errstr(result)));
-	}
-	return result;
-}
-
-/*********************************************************
- Change the domain password on the PDC.
- Store the password ourselves, but use the supplied password
- Caller must have already setup the connection to the NETLOGON pipe
-**********************************************************/
-
-NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
-				      unsigned char orig_trust_passwd_hash[16])
-{
-	unsigned char new_trust_passwd_hash[16];
-	char *new_trust_passwd;
-	char *str;
-	NTSTATUS nt_status;
-		
-	/* Create a random machine account password */
-	str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
-	new_trust_passwd = talloc_strdup(mem_ctx, str);
-	
-	E_md4hash(new_trust_passwd, new_trust_passwd_hash);
-
-	nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash,
-					     new_trust_passwd_hash);
-	
-	if (NT_STATUS_IS_OK(nt_status)) {
-		DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", 
-			 timestring(False)));
-		/*
-		 * Return the result of trying to write the new password
-		 * back into the trust account file.
-		 */
-		if (!secrets_store_machine_password(new_trust_passwd)) {
-			nt_status = NT_STATUS_UNSUCCESSFUL;
-		}
-	}
-
-	return nt_status;
-}
-
-/*********************************************************
- Change the domain password on the PDC.
- Do most of the legwork ourselfs.  Caller must have
- already setup the connection to the NETLOGON pipe
-**********************************************************/
-
-NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
-					   const char *domain) 
-{
-	unsigned char old_trust_passwd_hash[16];
-	char *up_domain;
-	
-	up_domain = talloc_strdup(mem_ctx, domain);
-
-	if (!secrets_fetch_trust_account_password(domain,
-						  old_trust_passwd_hash, 
-						  NULL)) {
-		DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-	
-	return trust_pw_change_and_store_it(cli, mem_ctx, old_trust_passwd_hash);
-	
-}					 
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
new file mode 100644
index 0000000000..055851f6b7
--- /dev/null
+++ b/source3/libsmb/trusts_util.c
@@ -0,0 +1,174 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Routines to operate on various trust relationships
+ *  Copyright (C) Andrew Bartlett                   2001
+ *  Copyright (C) Rafal Szczesniak                  2003
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*********************************************************
+ Change the domain password on the PDC.
+
+ Just changes the password betwen the two values specified.
+
+ Caller must have the cli connected to the netlogon pipe
+ already.
+**********************************************************/
+static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+					 unsigned char orig_trust_passwd_hash[16],
+					 unsigned char new_trust_passwd_hash[16])
+{
+	NTSTATUS result;
+	uint32 neg_flags = 0x000001ff;
+
+	result = cli_nt_setup_creds(cli, get_sec_chan(), orig_trust_passwd_hash, &neg_flags, 2);
+	
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n",
+			 nt_errstr(result)));
+		return result;
+	}
+
+	result = cli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
+			 nt_errstr(result)));
+	}
+	return result;
+}
+
+/*********************************************************
+ Change the domain password on the PDC.
+ Store the password ourselves, but use the supplied password
+ Caller must have already setup the connection to the NETLOGON pipe
+**********************************************************/
+
+NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				      unsigned char orig_trust_passwd_hash[16])
+{
+	unsigned char new_trust_passwd_hash[16];
+	char *new_trust_passwd;
+	char *str;
+	NTSTATUS nt_status;
+		
+	/* Create a random machine account password */
+	str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+	new_trust_passwd = talloc_strdup(mem_ctx, str);
+	
+	E_md4hash(new_trust_passwd, new_trust_passwd_hash);
+
+	nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash,
+					     new_trust_passwd_hash);
+	
+	if (NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", 
+			 timestring(False)));
+		/*
+		 * Return the result of trying to write the new password
+		 * back into the trust account file.
+		 */
+		if (!secrets_store_machine_password(new_trust_passwd)) {
+			nt_status = NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+
+	return nt_status;
+}
+
+/*********************************************************
+ Change the domain password on the PDC.
+ Do most of the legwork ourselfs.  Caller must have
+ already setup the connection to the NETLOGON pipe
+**********************************************************/
+
+NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+					   const char *domain) 
+{
+	unsigned char old_trust_passwd_hash[16];
+	char *up_domain;
+	
+	up_domain = talloc_strdup(mem_ctx, domain);
+
+	if (!secrets_fetch_trust_account_password(domain,
+						  old_trust_passwd_hash, 
+						  NULL)) {
+		DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	return trust_pw_change_and_store_it(cli, mem_ctx, old_trust_passwd_hash);
+	
+}
+
+
+/**
+ * Verify whether or not given domain is trusted.
+ *
+ * @param domain_name name of the domain to be verified
+ * @return true if domain is one of the trusted once or
+ *         false if otherwise
+ **/
+ 
+BOOL is_trusted_domain(const char* dom_name)
+{
+	int enum_ctx = 0;
+	const int trustdom_size = 10;
+	int num_domains, i;
+	TRUSTDOM **domains;
+	NTSTATUS result;
+	fstring trustdom_name;
+	DOM_SID trustdom_sid;
+	TALLOC_CTX *mem_ctx;
+	
+	/*
+	 * Query the secrets db as an ultimate source of information
+	 * about trusted domain names. This is PDC or BDC case.
+	 */
+	mem_ctx = talloc_init("is_trusted_domain");
+	
+	do {
+		result = secrets_get_trusted_domains(mem_ctx, &enum_ctx, trustdom_size,
+		                                     &num_domains, &domains);
+		/* compare each returned entry against incoming connection's domain */
+		for (i = 0; i < num_domains; i++) {
+			pull_ucs2_fstring(trustdom_name, domains[i]->name);
+			if (strequal(trustdom_name, dom_name)) {
+				talloc_destroy(mem_ctx);
+				return True;
+			}
+		}						
+	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+		
+	/*
+	 * Query the trustdom_cache updated periodically. The only
+	 * way for domain member server.
+	 */
+	if (trustdom_cache_enable() &&
+		trustdom_cache_fetch(dom_name, &trustdom_sid)) {
+		trustdom_cache_shutdown();
+		return True;
+	}
+
+	/*
+	 * if nothing's been found, then give up here, although
+	 * the last resort might be to query the PDC.
+	 */
+	return False;
+}
+
-- 
cgit 


From e583dd6278fedf9ad45b551dccf94fbe6c785119 Mon Sep 17 00:00:00 2001
From: Rafal Szczesniak <mimir@samba.org>
Date: Fri, 14 Mar 2003 17:12:40 +0000
Subject: Fresh meat in trusted domains code:  - packing/unpacking utility
 functions for trusted domain    password struct; can be used to prepare
 buffer to store    in secrets.tdb or (soon) passdb backend  - similiar
 functions for DOM_SID  - respectively modified secrets_(fetch|store) routines
  - new auth mapping code utilising introduced is_trusted_domain    function 
 - added tdb (un)packing of single bytes

Rafal
(This used to be commit 5281ee7e84421b9be746aed2f1718ceaf2a2fe3d)
---
 source3/auth/auth_util.c  |  26 ++------
 source3/include/secrets.h |   4 +-
 source3/passdb/secrets.c  |  77 ++++++++++++++---------
 source3/tdb/tdbutil.c     | 153 +++++++++++++++++++++++++++++++++++++++++++---
 4 files changed, 201 insertions(+), 59 deletions(-)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 7d85153bd0..a6ad2b883b 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -227,27 +227,13 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
 
 		domain = client_domain;
 
-		if ((smb_name) && (*smb_name)) { /* Don't do this for guests */
-			char *user = NULL;
-			if (asprintf(&user, "%s%s%s", 
-				 client_domain, lp_winbind_separator(), 
-				 smb_name) < 0) {
-				DEBUG(0, ("make_user_info_map: asprintf() failed!\n"));
-				return NT_STATUS_NO_MEMORY;
-			}
-
-			DEBUG(5, ("make_user_info_map: testing for user %s\n", user));
-			
-			if (Get_Pwnam(user) == NULL) {
-				DEBUG(5, ("make_user_info_map: test for user %s failed\n", user));
-				domain = lp_workgroup();
-				DEBUG(5, ("make_user_info_map: trusted domain %s doesn't appear to exist, using %s\n", 
-					  client_domain, domain));
-			} else {
-				DEBUG(5, ("make_user_info_map: using trusted domain %s\n", domain));
-			}
-			SAFE_FREE(user);
+		if (is_trusted_domain(domain)) {
+			return make_user_info(user_info, smb_name, internal_username,
+			                      client_domain, domain, wksta_name,
+			                      lm_pwd, nt_pwd, plaintext, ntlmssp_flags,
+			                      encrypted);
 		}
+
 	} else {
 		domain = lp_workgroup();
 	}
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 183b29d7a8..07faf28d43 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -57,14 +57,14 @@ struct machine_acct_pass {
 /*
  * storage structure for trusted domain
  */
-struct trusted_dom_pass {
+typedef struct trusted_dom_pass {
 	size_t uni_name_len;
 	smb_ucs2_t uni_name[32]; /* unicode domain name */
 	size_t pass_len;
 	fstring pass;		/* trust relationship's password */
 	time_t mod_time;
 	DOM_SID domain_sid;	/* remote domain's sid */
-};
+} TRUSTED_DOM_PASS;
 
 /*
  * trusted domain entry/entries returned by secrets_get_trusted_domains
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 2b944a9941..4b0913a624 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -265,38 +265,44 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
 ************************************************************************/
 
 BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
-					   DOM_SID *sid, time_t *pass_last_set_time)
+                                           DOM_SID *sid, time_t *pass_last_set_time)
 {
-	struct trusted_dom_pass *pass;
+	struct trusted_dom_pass pass;
 	size_t size;
+	
+	/* unpacking structures */
+	char* pass_buf;
+	int pass_len = 0;
+
+	ZERO_STRUCT(pass);
 
 	/* fetching trusted domain password structure */
-	if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) {
+	if (!(pass_buf = secrets_fetch(trustdom_keystr(domain), &size))) {
 		DEBUG(5, ("secrets_fetch failed!\n"));
 		return False;
 	}
 
-	if (size != sizeof(*pass)) {
-		DEBUG(0, ("secrets were of incorrect size!\n"));
+	/* unpack trusted domain password */
+	pass_len = tdb_trusted_dom_pass_unpack(pass_buf, size, &pass);
+	if (pass_len != size) {
+		DEBUG(5, ("Invalid secrets size. Unpacked data doesn't match trusted_dom_pass structure.\n"));
 		return False;
 	}
-
+			
 	/* the trust's password */	
 	if (pwd) {
-		*pwd = strdup(pass->pass);
+		*pwd = strdup(pass.pass);
 		if (!*pwd) {
 			return False;
 		}
 	}
 
 	/* last change time */
-	if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
+	if (pass_last_set_time) *pass_last_set_time = pass.mod_time;
 
 	/* domain sid */
-	memcpy(&sid, &(pass->domain_sid), sizeof(sid));
-	
-	SAFE_FREE(pass);
-	
+	sid_copy(sid, &pass.domain_sid);
+		
 	return True;
 }
 
@@ -315,7 +321,7 @@ BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
 }
 
 /**
- * Routine to set the password for trusted domain
+ * Routine to store the password for trusted domain
  *
  * @param domain remote domain name
  * @param pwd plain text password of trust relationship
@@ -325,12 +331,17 @@ BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
  **/
 
 BOOL secrets_store_trusted_domain_password(const char* domain, smb_ucs2_t *uni_dom_name,
-					   size_t uni_name_len, const char* pwd,
-					   DOM_SID sid)
-{
+                                           size_t uni_name_len, const char* pwd,
+                                           DOM_SID sid)
+{	
+	/* packing structures */
+	pstring pass_buf;
+	int pass_len = 0;
+	int pass_buf_len = sizeof(pass_buf);
+	
 	struct trusted_dom_pass pass;
 	ZERO_STRUCT(pass);
-
+	
 	/* unicode domain name and its length */
 	if (!uni_dom_name)
 		return False;
@@ -346,9 +357,11 @@ BOOL secrets_store_trusted_domain_password(const char* domain, smb_ucs2_t *uni_d
 	fstrcpy(pass.pass, pwd);
 
 	/* domain sid */
-	memcpy(&(pass.domain_sid), &sid, sizeof(sid));
+	sid_copy(&pass.domain_sid, &sid);
+	
+	pass_len = tdb_trusted_dom_pass_pack(pass_buf, pass_buf_len, &pass);
 
-	return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass));
+	return secrets_store(trustdom_keystr(domain), (void *)&pass_buf, pass_len);
 }
 
 /************************************************************************
@@ -475,9 +488,10 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned in
 	char *pattern;
 	unsigned int start_idx;
 	uint32 idx = 0;
-	size_t size;
+	size_t size, packed_size = 0;
 	fstring dom_name;
-	struct trusted_dom_pass *pass;
+	char *packed_pass;
+	struct trusted_dom_pass *pass = talloc_zero(ctx, sizeof(struct trusted_dom_pass));
 	NTSTATUS status;
 
 	if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
@@ -505,7 +519,7 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned in
 	 */
 	status = NT_STATUS_NO_MORE_ENTRIES;
 
-	/* searching for keys in sectrets db -- way to go ... */
+	/* searching for keys in secrets db -- way to go ... */
 	for (k = keys; k; k = k->next) {
 		char *secrets_key;
 		
@@ -516,14 +530,20 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned in
 			return NT_STATUS_NO_MEMORY;
 		}
 				
-		pass = secrets_fetch(secrets_key, &size);
-		
-		if (size != sizeof(*pass)) {
+		packed_pass = secrets_fetch(secrets_key, &size);
+		packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size, pass);
+
+		if (size != packed_size) {
 			DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key));
 			SAFE_FREE(pass);
-			continue;
+			if (size) SAFE_FREE(packed_pass);
+
+			return NT_STATUS_UNSUCCESSFUL;
 		}
 		
+		/* packed representation isn't needed anymore */
+		SAFE_FREE(packed_pass);
+		
 		pull_ucs2_fstring(dom_name, pass->uni_name);
 		DEBUG(18, ("Fetched secret record num %d.\nDomain name: %s, SID: %s\n",
 			   idx, dom_name, sid_string_static(&pass->domain_sid)));
@@ -569,10 +589,7 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned in
 				   start_idx, max_num_domains));
 		}
 		
-		idx++;
-		
-		/* free returned tdb record */
-		SAFE_FREE(pass);
+		idx++;		
 	}
 	
 	DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n", *num_domains));
diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c
index 0d8f6128cc..b153d442bd 100644
--- a/source3/tdb/tdbutil.c
+++ b/source3/tdb/tdbutil.c
@@ -42,7 +42,7 @@ static void gotalarm_sig(void)
 static TDB_DATA make_tdb_data(const char *dptr, size_t dsize)
 {
 	TDB_DATA ret;
-	ret.dptr = dptr;
+	ret.dptr = smb_xstrdup(dptr);
 	ret.dsize = dsize;
 	return ret;
 }
@@ -387,6 +387,7 @@ BOOL tdb_change_uint32_atomic(TDB_CONTEXT *tdb, const char *keystr, uint32 *oldv
 size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
 {
 	va_list ap;
+	uint8 bt;
 	uint16 w;
 	uint32 d;
 	int i;
@@ -402,40 +403,46 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
 
 	while (*fmt) {
 		switch ((c = *fmt++)) {
-		case 'w':
+		case 'b': /* unsigned 8-bit integer */
+			len = 1;
+			bt = (uint8)va_arg(ap, int);
+			if (bufsize >= len)
+				SSVAL(buf, 0, bt);
+			break;
+		case 'w': /* unsigned 16-bit integer */
 			len = 2;
 			w = (uint16)va_arg(ap, int);
 			if (bufsize >= len)
 				SSVAL(buf, 0, w);
 			break;
-		case 'd':
+		case 'd': /* signed 32-bit integer (standard int in most systems) */
 			len = 4;
 			d = va_arg(ap, uint32);
 			if (bufsize >= len)
 				SIVAL(buf, 0, d);
 			break;
-		case 'p':
+		case 'p': /* pointer */
 			len = 4;
 			p = va_arg(ap, void *);
 			d = p?1:0;
 			if (bufsize >= len)
 				SIVAL(buf, 0, d);
 			break;
-		case 'P':
+		case 'P': /* null-terminated string */
 			s = va_arg(ap,char *);
 			w = strlen(s);
 			len = w + 1;
 			if (bufsize >= len)
 				memcpy(buf, s, len);
 			break;
-		case 'f':
+		case 'f': /* null-terminated string */
 			s = va_arg(ap,char *);
 			w = strlen(s);
 			len = w + 1;
 			if (bufsize >= len)
 				memcpy(buf, s, len);
 			break;
-		case 'B':
+		case 'B': /* fixed-length string */
 			i = va_arg(ap, int);
 			s = va_arg(ap, char *);
 			len = 4+i;
@@ -471,6 +478,7 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
 int tdb_unpack(char *buf, int bufsize, const char *fmt, ...)
 {
 	va_list ap;
+	uint8 *bt;
 	uint16 *w;
 	uint32 *d;
 	int len;
@@ -486,6 +494,13 @@ int tdb_unpack(char *buf, int bufsize, const char *fmt, ...)
 	
 	while (*fmt) {
 		switch ((c=*fmt++)) {
+		case 'b':
+			len = 1;
+			bt = va_arg(ap, uint8 *);
+			if (bufsize < len)
+				goto no_space;
+			*bt = SVAL(buf, 0);
+			break;
 		case 'w':
 			len = 2;
 			w = va_arg(ap, uint16 *);
@@ -563,6 +578,130 @@ int tdb_unpack(char *buf, int bufsize, const char *fmt, ...)
 	return -1;
 }
 
+
+/**
+ * Pack SID passed by pointer
+ *
+ * @param pack_buf pointer to buffer which is to be filled with packed data
+ * @param bufsize size of packing buffer
+ * @param sid pointer to sid to be packed
+ *
+ * @return length of the packed representation of the whole structure
+ **/
+size_t tdb_sid_pack(char* pack_buf, int bufsize, DOM_SID* sid)
+{
+	int idx;
+	size_t len = 0;
+	
+	if (!sid || !pack_buf) return -1;
+	
+	len += tdb_pack(pack_buf + len, bufsize - len, "bb", sid->sid_rev_num,
+	                sid->num_auths);
+	
+	for (idx = 0; idx < 6; idx++) {
+		len += tdb_pack(pack_buf + len, bufsize - len, "b", sid->id_auth[idx]);
+	}
+	
+	for (idx = 0; idx < MAXSUBAUTHS; idx++) {
+		len += tdb_pack(pack_buf + len, bufsize - len, "d", sid->sub_auths[idx]);
+	}
+	
+	return len;
+}
+
+
+/**
+ * Unpack SID into a pointer
+ *
+ * @param pack_buf pointer to buffer with packed representation
+ * @param bufsize size of the buffer
+ * @param sid pointer to sid structure to be filled with unpacked data
+ *
+ * @return size of structure unpacked from buffer
+ **/
+size_t tdb_sid_unpack(char* pack_buf, int bufsize, DOM_SID* sid)
+{
+	int idx, len = 0;
+	
+	if (!sid || !pack_buf) return -1;
+
+	len += tdb_unpack(pack_buf + len, bufsize - len, "bb",
+	                  &sid->sid_rev_num, &sid->num_auths);
+			  
+	for (idx = 0; idx < 6; idx++) {
+		len += tdb_unpack(pack_buf + len, bufsize - len, "b", &sid->id_auth[idx]);
+	}
+	
+	for (idx = 0; idx < MAXSUBAUTHS; idx++) {
+		len += tdb_unpack(pack_buf + len, bufsize - len, "d", &sid->sub_auths[idx]);
+	}
+	
+	return len;
+}
+
+
+/**
+ * Pack TRUSTED_DOM_PASS passed by pointer
+ *
+ * @param pack_buf pointer to buffer which is to be filled with packed data
+ * @param bufsize size of the buffer
+ * @param pass pointer to trusted domain password to be packed
+ *
+ * @return length of the packed representation of the whole structure
+ **/
+size_t tdb_trusted_dom_pass_pack(char* pack_buf, int bufsize, TRUSTED_DOM_PASS* pass)
+{
+	int idx, len = 0;
+	
+	if (!pack_buf || !pass) return -1;
+	
+	/* packing unicode domain name and password */
+	len += tdb_pack(pack_buf + len, bufsize - len, "d", pass->uni_name_len);
+	
+	for (idx = 0; idx < 32; idx++)
+		len +=  tdb_pack(pack_buf + len, bufsize - len, "w", pass->uni_name[idx]);
+	
+	len += tdb_pack(pack_buf + len, bufsize - len, "dPd", pass->pass_len,
+	                     pass->pass, pass->mod_time);
+
+	/* packing SID structure */
+	len += tdb_sid_pack(pack_buf + len, bufsize - len, &pass->domain_sid);
+
+	return len;
+}
+
+
+/**
+ * Unpack TRUSTED_DOM_PASS passed by pointer
+ *
+ * @param pack_buf pointer to buffer with packed representation
+ * @param bufsize size of the buffer
+ * @param pass pointer to trusted domain password to be filled with unpacked data
+ *
+ * @return size of structure unpacked from buffer
+ **/
+size_t tdb_trusted_dom_pass_unpack(char* pack_buf, int bufsize, TRUSTED_DOM_PASS* pass)
+{
+	int idx, len = 0;
+	
+	if (!pack_buf || !pass) return -1;
+
+	/* unpack unicode domain name and plaintext password */
+	len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len);
+	
+	for (idx = 0; idx < 32; idx++)
+		len +=  tdb_unpack(pack_buf + len, bufsize - len, "w", &pass->uni_name[idx]);
+
+	len += tdb_unpack(pack_buf + len, bufsize - len, "dPd", &pass->pass_len, &pass->pass,
+	                  &pass->mod_time);
+	
+	/* unpack domain sid */
+	len += tdb_sid_unpack(pack_buf + len, bufsize - len, &pass->domain_sid);
+	
+	return len;	
+}
+
+
 /****************************************************************************
  Log tdb messages via DEBUG().
 ****************************************************************************/
-- 
cgit 


From 5f86db85dfe26ad235dae8bb479cac8ef9af2d15 Mon Sep 17 00:00:00 2001
From: Rafal Szczesniak <mimir@samba.org>
Date: Fri, 14 Mar 2003 17:16:33 +0000
Subject: Extending code to work both in case of domain membership and domain
 controller respecting interdomain trust relationships. In the latter case we
 need to find DC of remote domain instead of ours. In the former 'domain' is
 our domain name.

Rafal
(This used to be commit 0cd45d5d3b3e3ec5a589c3ee9f0e369901eefe8f)
---
 source3/auth/auth_domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 0d90a184a4..079bb49a21 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -272,7 +272,7 @@ static NTSTATUS find_connect_dc(struct cli_state **cli,
 	struct in_addr dc_ip;
 	fstring srv_name;
 
-	if ( !rpc_find_dc(lp_workgroup(), srv_name, &dc_ip) ) {
+	if (!rpc_find_dc(domain, srv_name, &dc_ip)) {
 		DEBUG(0,("find_connect_dc: Failed to find an DCs for %s\n", lp_workgroup()));
 		return NT_STATUS_NO_LOGON_SERVERS;
 	}
-- 
cgit 


From 9db9982cd34d36d8b23e94a4063761c8b6aa9e17 Mon Sep 17 00:00:00 2001
From: Rafal Szczesniak <mimir@samba.org>
Date: Fri, 14 Mar 2003 17:20:13 +0000
Subject: We haven't implemented The Singing Contexts so far. Who knows what
 .NET server brings, though ...?  ;-)

Rafal
(This used to be commit d81b0d26903004be6a99ac029dd531fd18947268)
---
 source3/libsmb/smb_signing.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 40359c5c8c..c3538ee9fd 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -417,7 +417,7 @@ BOOL cli_temp_set_signing(struct cli_state *cli)
 }
 
 /**
- * Free the singing context
+ * Free the signing context
  */
  
 void cli_free_signing_context(struct cli_state *cli) 
-- 
cgit 


From 7ae555c43c55ab95f75fb4afdd3d2bcb403ad3b3 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 14 Mar 2003 23:11:19 +0000
Subject: fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code
 before dereferencing (This used to be commit
 2487480228b99183cab9e34ab497997e0c144ed6)

---
 source3/Makefile.in      |  5 +++--
 source3/lib/util.c       | 16 ++++++++++++++++
 source3/smbd/sesssetup.c | 35 ++++++++++++++++++-----------------
 3 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index e42dd1f395..2334e278f2 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -85,6 +85,7 @@ PIDDIR = @piddir@
 # man pages language(s)
 man_langs = "@manlangs@"
 
+LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
 LIBSMBCLIENT_MAJOR=0
 LIBSMBCLIENT_MINOR=1
 
@@ -897,7 +898,7 @@ bin/libbigballofmud.a: $(LIBBIGBALLOFMUD_OBJS)
 	@echo Linking bigballofmud non-shared library $@
 	-$(AR) -rc $@ $(LIBBIGBALLOFMUD_OBJS)
 
-libsmbclient: bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
+libsmbclient: $(LIBSMBCLIENT)
 
 bin/librpc_lsarpc.@SHLIBEXT@: $(RPC_LSA_OBJ)
 	@echo "Linking $@"
@@ -1135,7 +1136,7 @@ TOPFILES=dynconfig.o dynconfig.po
 
 clean: delheaders python_clean
 	-rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \
-		$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) .headers.stamp
+		$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) $(LIBSMBCLIENT) .headers.stamp
 
 # Making this target will just make sure that the prototype files
 # exist, not necessarily that they are up to date.  Since they're
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 8d62db5ebb..77ffa70a47 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1740,6 +1740,22 @@ BOOL is_myworkgroup(const char *s)
 	return(ret);
 }
 
+/*******************************************************************
+ we distinguish between 2K and XP by the "Native Lan Manager" string
+   WinXP => "Windows 2002 5.1"
+   Win2k => "Windows 2000 5.0"
+   NT4   => "Windows NT 4.0" 
+   Win9x => "Windows 4.0"
+********************************************************************/
+
+void ra_lanman_string( const char *native_lanman )
+{		 
+	if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
+		set_remote_arch( RA_WINXP );
+	else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
+		set_remote_arch( RA_WIN2K3 );
+}
+
 /*******************************************************************
  Set the horrid remote_arch string based on an enum.
 ********************************************************************/
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 70158a9015..674f6145d3 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -396,8 +396,10 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
+	if ( global_ntlmssp_state ) {
 	nt_status = auth_ntlmssp_update(global_ntlmssp_state, 
 					  auth, &auth_reply);
+	}
 
 	data_blob_free(&auth);
 
@@ -422,6 +424,10 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
 	DATA_BLOB blob1;
 	int ret;
 	size_t bufrem;
+	fstring native_os, native_lanman;
+	char *p2;
+	uint16 data_blob_len = SVAL(inbuf, smb_vwv7);
+	enum remote_arch_types ra_type = get_remote_arch();
 
 	DEBUG(3,("Doing spnego session setup\n"));
 
@@ -431,19 +437,27 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
 		
 	p = (uint8 *)smb_buf(inbuf);
 
-	if (SVAL(inbuf, smb_vwv7) == 0) {
+	if (data_blob_len == 0) {
 		/* an invalid request */
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
 	bufrem = smb_bufrem(inbuf, p);
 	/* pull the spnego blob */
-	blob1 = data_blob(p, MIN(bufrem, SVAL(inbuf, smb_vwv7)));
+	blob1 = data_blob(p, MIN(bufrem, data_blob_len));
 
 #if 0
 	file_save("negotiate.dat", blob1.data, blob1.length);
 #endif
 
+	p2 = inbuf + smb_vwv13 + data_blob_len;
+	p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE);
+	p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE);
+	DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s]\n", native_os, native_lanman));
+
+	if ( ra_type == RA_WIN2K )
+		ra_lanman_string( native_lanman );
+
 	if (blob1.data[0] == ASN1_APPLICATION(0)) {
 		/* its a negTokenTarg packet */
 		ret = reply_spnego_negotiate(conn, inbuf, outbuf, length, bufsize, blob1);
@@ -606,21 +620,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 		DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s]\n",
 			 domain,native_os,native_lanman));
 
-		/* 
-		 * we distinguish between 2K and XP by the "Native Lan Manager" string
-		 *   WinXP => "Windows 2002 5.1"
-		 *   Win2k => "Windows 2000 5.0"
-		 *   NT4   => "Windows NT 4.0" 
-		 *   Win9x => "Windows 4.0"
-		 */
-		 
-		if ( ra_type == RA_WIN2K ) {
-			if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
-				set_remote_arch( RA_WINXP );
-			else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
-				set_remote_arch( RA_WIN2K3 );
-		}
-		
+		if ( ra_type == RA_WIN2K )
+			ra_lanman_string( native_lanman );
 
 	}
 	
-- 
cgit 


From dadae3bdd261e7768162448049952244abd7c8af Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:10:48 +0000
Subject: Now that mimir has done the grunt work, I'll fix up the comment (This
 used to be commit 7154fe10969a34b97ddc8321bfb5271b8e6d4795)

---
 source3/auth/auth_util.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a6ad2b883b..f4c43d2d4b 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -219,10 +219,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
 		   where it doens't supply a domain for logon script
 		   'net use' commands.
 
-		   The way I do it here is by checking if the fully
-		   qualified username exists. This is rather reliant
-		   on winbind, but until we have a better method this
-		   will have to do 
+		   Finally, we do this by looking up a cache of trusted domains!
 		*/
 
 		domain = client_domain;
-- 
cgit 


From ef07127b3014742550b15cb163b595bafeebafb5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:31:23 +0000
Subject: strictly, you can't #if on somthing that may or may not be defined.

Andrew Bartlett
(This used to be commit 49bae0227323e811cb71ada24928d24f7dc56d1f)
---
 source3/tdb/spinlock.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/tdb/spinlock.h b/source3/tdb/spinlock.h
index d6a2ac6eb8..8b0e833ff5 100644
--- a/source3/tdb/spinlock.h
+++ b/source3/tdb/spinlock.h
@@ -1,7 +1,7 @@
 #ifndef __SPINLOCK_H__
 #define __SPINLOCK_H__
 
-#if HAVE_CONFIG_H
+#ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
 
-- 
cgit 


From c3221b8377e267133b7c04d78d98d806c54da599 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:34:32 +0000
Subject: Found by my new checking code (yet to be commited):

Allow a service longer than 4 characters in CORE tcon.

Andrew Bartlett
(This used to be commit b56613c1cc13ebd5c9ba11a35d2f96c4c3eb0628)
---
 source3/smbd/reply.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index fb730bc625..80f648981a 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -161,7 +161,7 @@ int reply_tcon(connection_struct *conn,
 	*service_buf = *password = *dev = 0;
 
 	p = smb_buf(inbuf)+1;
-	p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service), STR_TERMINATE) + 1;
+	p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1;
 	pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1;
 	p += pwlen;
 	p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1;
-- 
cgit 


From 44f9f1042c9c436ccda7fefafd4a68749ffb5fe8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:41:31 +0000
Subject: Clean up the VFS module loading logic by making the parameter an
 P_LIST, rather than a runtime-parsed string.

Andrew Bartlett
(This used to be commit 3465cd6cd92c39c018979b5a82acbddca0927623)
---
 source3/param/loadparm.c | 21 ++------------
 source3/smbd/vfs.c       | 74 ++++++++++++++++++++++--------------------------
 2 files changed, 36 insertions(+), 59 deletions(-)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3878dabb60..d558b09d24 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -548,7 +548,6 @@ static int default_server_announce;
 /* prototypes for the special type handlers */
 static BOOL handle_include(const char *pszParmValue, char **ptr);
 static BOOL handle_copy(const char *pszParmValue, char **ptr);
-static BOOL handle_vfs_object(const char *pszParmValue, char **ptr);
 static BOOL handle_source_env(const char *pszParmValue, char **ptr);
 static BOOL handle_netbios_name(const char *pszParmValue, char **ptr);
 static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr);
@@ -1104,7 +1103,7 @@ static struct parm_struct parm_table[] = {
 
 	{"VFS module options", P_SEP, P_SEPARATOR},
 	
-	{"vfs object", P_STRING, P_LOCAL, &sDefault.szVfsObjectFile, handle_vfs_object, NULL, FLAG_SHARE},
+	{"vfs object", P_LIST, P_LOCAL, &sDefault.szVfsObjectFile, NULL, NULL, FLAG_SHARE},
 	{"vfs options", P_STRING, P_LOCAL, &sDefault.szVfsOptions, NULL, NULL, FLAG_SHARE},
 	{"vfs path", P_STRING, P_LOCAL, &sDefault.szVfsPath, NULL, NULL, FLAG_SHARE},
 
@@ -1774,7 +1773,7 @@ FN_LOCAL_LIST(lp_readlist, readlist)
 FN_LOCAL_LIST(lp_writelist, writelist)
 FN_LOCAL_LIST(lp_printer_admin, printer_admin)
 FN_LOCAL_STRING(lp_fstype, fstype)
-FN_LOCAL_STRING(lp_vfsobj, szVfsObjectFile)
+FN_LOCAL_LIST(lp_vfsobj, szVfsObjectFile)
 FN_LOCAL_STRING(lp_vfs_options, szVfsOptions)
 FN_LOCAL_STRING(lp_vfs_path, szVfsPath)
 FN_LOCAL_STRING(lp_msdfs_proxy, szMSDfsProxy)
@@ -2738,22 +2737,6 @@ static BOOL handle_source_env(const char *pszParmValue, char **ptr)
 	return (result);
 }
 
-/***************************************************************************
- Handle the interpretation of the vfs object parameter.
-*************************************************************************/
-
-static BOOL handle_vfs_object(const char *pszParmValue, char **ptr)
-{
-	/* Set string value */
-
-	string_set(ptr, pszParmValue);
-
-	/* Do any other initialisation required for vfs.  Note that
-	   anything done here may have linking repercussions in nmbd. */
-
-	return True;
-}
-
 /***************************************************************************
  Handle the include operation.
 ***************************************************************************/
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 533c64b229..3bbe8a737a 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -215,54 +215,48 @@ Proceeding in compatibility mode, new operations (since version #%d) will fallba
 
 BOOL smbd_vfs_init(connection_struct *conn)
 {
-	char **vfs_objects, *vfsobj, *vfs_module, *vfs_path;
-	int nobj, i;
+	const char **vfs_objects;
+	char *vfs_module, *vfs_path;
+	unsigned int i;
+	unsigned int j = 0;
 	struct smb_vfs_handle_struct *handle;
 	
 	/* Normal share - initialise with disk access functions */
 	vfs_init_default(conn);
+	vfs_objects = lp_vfsobj(SNUM(conn));
 
 	/* Override VFS functions if 'vfs object' was specified*/
-	if (*lp_vfsobj(SNUM(conn))) {
-		vfsobj = NULL;
-		for(i=0; i<SMB_VFS_OP_LAST; i++) {
-		  vfs_opaque_ops[i].op = ((void**)&default_vfs_ops)[i];
-		  vfs_opaque_ops[i].type = i;
-		  vfs_opaque_ops[i].layer = SMB_VFS_LAYER_OPAQUE;
+	if (!vfs_objects)
+		return True;
+
+	for(i=0; i<SMB_VFS_OP_LAST; i++) {
+		vfs_opaque_ops[i].op = ((void**)&default_vfs_ops)[i];
+		vfs_opaque_ops[i].type = i;
+		vfs_opaque_ops[i].layer = SMB_VFS_LAYER_OPAQUE;
+	}
+
+	vfs_path = lp_vfs_path(SNUM(conn));
+	
+	for (j=0; vfs_objects[j]; j++) {
+		conn->vfs_private = NULL;
+		handle = (struct smb_vfs_handle_struct *) smb_xmalloc(sizeof(smb_vfs_handle_struct));
+		/* Loadable object file */
+		handle->handle = NULL;
+		DLIST_ADD(conn->vfs_private, handle);
+		vfs_module = NULL;
+		if (vfs_path) {
+			asprintf(&vfs_module, "%s/%s", vfs_path, vfs_objects[j]);
+		} else {
+			asprintf(&vfs_module, "%s", vfs_objects[j]);
 		}
-		if (string_set(&vfsobj, lp_vfsobj(SNUM(conn)))) {
-			/* Parse passed modules specification to array of modules */
-			set_first_token(vfsobj);
-			/* We are using default separators: ' \t\r\n' */
-			vfs_objects = toktocliplist(&nobj, NULL);
-			if (vfs_objects) {
-				vfs_path = lp_vfs_path(SNUM(conn));
-				conn->vfs_private = NULL;
-				for(i=nobj-1; i>=0; i--) {
-					handle = (struct smb_vfs_handle_struct *) smb_xmalloc(sizeof(smb_vfs_handle_struct));
-					/* Loadable object file */
-					handle->handle = NULL;
-					DLIST_ADD(conn->vfs_private, handle)
-					vfs_module = NULL;
-					if (vfs_path) {
-						asprintf(&vfs_module, "%s/%s", vfs_path, vfs_objects[i]);
-					} else {
-						asprintf(&vfs_module, "%s", vfs_objects[i]);
-					}
-					if (!vfs_init_custom(conn, vfs_module)) {
-						DEBUG(0, ("smbd_vfs_init: vfs_init_custom failed for %s\n", vfs_module));
-						string_free(&vfsobj);
-						SAFE_FREE(vfs_module);
-						DLIST_REMOVE(conn->vfs_private, handle);
-						SAFE_FREE(handle);
-						return False;
-					}
-					SAFE_FREE(vfs_module);
-				}
-			}
-			string_free(&vfsobj);
-			return True;
+		if (!vfs_init_custom(conn, vfs_module)) {
+			DEBUG(0, ("smbd_vfs_init: vfs_init_custom failed for %s\n", vfs_module));
+			SAFE_FREE(vfs_module);
+			DLIST_REMOVE(conn->vfs_private, handle);
+			SAFE_FREE(handle);
+			return False;
 		}
+		SAFE_FREE(vfs_module);
 	}
 	return True;
 }
-- 
cgit 


From d21f97a25d01d1d576f71cf45f5c2003bcfc8fe8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:42:44 +0000
Subject: If it's an fstring, use fstrcpy().

Andrew Bartlett
(This used to be commit bf5e0698eed72d7fc005be08feb36ef82ada716c)
---
 source3/nsswitch/winbindd_wins.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c
index 8ddd5dc10d..a1d38ed69a 100644
--- a/source3/nsswitch/winbindd_wins.c
+++ b/source3/nsswitch/winbindd_wins.c
@@ -137,8 +137,8 @@ enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state)
 		SAFE_FREE(status);
 		return WINBINDD_ERROR;
 	    }
-	    safe_strcat(response,state->request.data.winsreq,maxlen);
-	    safe_strcat(response,"\t",maxlen);
+	    fstrcat(response,state->request.data.winsreq);
+	    fstrcat(response,"\t");
 	    for (i = 0; i < count; i++) {
 		/* ignore group names */
 		if (status[i].flags & 0x80) continue;
@@ -148,8 +148,8 @@ enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state)
 			    SAFE_FREE(status);
 			    return WINBINDD_ERROR;
 			}
-			safe_strcat(response, status[i].name, maxlen);
-			safe_strcat(response, " ", maxlen);
+			fstrcat(response, status[i].name);
+			fstrcat(response, " ");
 		}
 	    }
 	    /* make last character a newline */
@@ -190,16 +190,16 @@ enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state)
 			/* Clear out the newline character */
 			response[strlen(response)-1] = ' '; 
 		    }
-		    safe_strcat(response,addr,maxlen);
-		    safe_strcat(response,"\t",maxlen);
+		    fstrcat(response,addr);
+		    fstrcat(response,"\t");
 		}
 		size = strlen(state->request.data.winsreq) + strlen(response);
 		if (size > maxlen) {
 		    SAFE_FREE(ip_list);
 		    return WINBINDD_ERROR;
 		}   
-		safe_strcat(response,state->request.data.winsreq,maxlen);
-		safe_strcat(response,"\n",maxlen);
+		fstrcat(response,state->request.data.winsreq);
+		fstrcat(response,"\n");
 		SAFE_FREE(ip_list);
 	} else
 		return WINBINDD_ERROR;
-- 
cgit 


From 6fe590983b5d4dca8cea82eaa8dfb7b3a13bc3d1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:43:37 +0000
Subject: Add const, and a signed/unsigned fix. (This used to be commit
 f07a93eaeba20f5704f43c7f02141adc564db136)

---
 source3/libsmb/clitrans.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 7e3357a8cc..3d3cd427d7 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -31,10 +31,10 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 		    const char *pipe_name, 
 		    int fid, int flags,
 		    uint16 *setup, unsigned int lsetup, unsigned int msetup,
-		    char *param, unsigned int lparam, unsigned int mparam,
-		    char *data, unsigned int ldata, unsigned int mdata)
+		    const char *param, unsigned int lparam, unsigned int mparam,
+		    const char *data, unsigned int ldata, unsigned int mdata)
 {
-	int i;
+	unsigned int i;
 	unsigned int this_ldata,this_lparam;
 	unsigned int tot_data=0,tot_param=0;
 	char *outdata,*outparam;
-- 
cgit 


From 16ec110b0f1fe45b598a04e171397d97c3cb5aef Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:45:19 +0000
Subject: client-side smbpasswd fixes - use pstrcpy_base to avoid
 clobber_region bugs

Andrew Bartlett
(This used to be commit 7ab6559369b4e6ee3c5269d8cff04e5a39f6b493)
---
 source3/libsmb/clirap.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index b38e7d5c23..224c37046c 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -281,7 +281,7 @@ Send a SamOEMChangePassword command
 BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password,
                              const char *old_password)
 {
-  char param[16+sizeof(fstring)];
+  pstring param;
   char data[532];
   char *p = param;
   unsigned char old_pw_hash[16];
@@ -300,11 +300,11 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char
 
   SSVAL(p,0,214); /* SamOEMChangePassword command. */
   p += 2;
-  pstrcpy(p, "zsT");
+  pstrcpy_base(p, "zsT", param);
   p = skip_string(p,1);
-  pstrcpy(p, "B516B16");
+  pstrcpy_base(p, "B516B16", param);
   p = skip_string(p,1);
-  pstrcpy(p,user);
+  pstrcpy_base(p,user, param);
   p = skip_string(p,1);
   SSVAL(p,0,532);
   p += 2;
@@ -317,7 +317,7 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char
    */
   E_deshash(old_password, old_pw_hash);
 
-  clistr_push(cli, dos_new_password, new_password, -1, STR_TERMINATE|STR_ASCII);
+  clistr_push(cli, dos_new_password, new_password, sizeof(dos_new_password), STR_TERMINATE|STR_ASCII);
 
   if (!make_oem_passwd_hash( data, dos_new_password, old_pw_hash, False))
     return False;
@@ -685,7 +685,7 @@ NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstrin
 	int count=8;
 	char *p;
 	BOOL ret;
-	int len;
+	unsigned int len;
 
 	p = param;
 	memset(p, 0, 6);
-- 
cgit 


From dc7c505dec59329c5dde35763febab3547f6d642 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:46:05 +0000
Subject: Be parinoid, malloc an extra SAFETY_MARGIN on the client's inbuf and
 outbuf.

Andrew Bartlett
(This used to be commit 2effcae13f9dfbff40b34d32c7fd82118c3fd096)
---
 source3/libsmb/clientgen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 3cae643c38..d969193089 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -245,8 +245,8 @@ struct cli_state *cli_initialise(struct cli_state *cli)
 	cli->timeout = 20000; /* Timeout is in milliseconds. */
 	cli->bufsize = CLI_BUFFER_SIZE+4;
 	cli->max_xmit = cli->bufsize;
-	cli->outbuf = (char *)malloc(cli->bufsize);
-	cli->inbuf = (char *)malloc(cli->bufsize);
+	cli->outbuf = (char *)malloc(cli->bufsize+SAFETY_MARGIN);
+	cli->inbuf = (char *)malloc(cli->bufsize+SAFETY_MARGIN);
 	cli->oplock_handler = cli_oplock_ack;
 
 	cli->use_spnego = lp_client_use_spnego();
-- 
cgit 


From a4ba0496846924df4688cf3678940ec3b14e6376 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:46:43 +0000
Subject: Specify buffer sizes (This used to be commit
 aa12379b3fd9646199a8ff3f217ec7dfef1942a5)

---
 source3/libsmb/cliconnect.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 36b6f609f5..763878f9b3 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -66,7 +66,7 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, const char *user,
 		memcpy(pword, pass, passlen);
 	} else if (passlen > 0) {
 		/* Plaintext mode needed, assume plaintext supplied. */
-		passlen = clistr_push(cli, pword, pass, -1, STR_TERMINATE);
+		passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
 	}
 
 	/* send a session setup command */
@@ -778,7 +778,7 @@ BOOL cli_send_tconX(struct cli_state *cli,
 			/*
 			 * Non-encrypted passwords - convert to DOS codepage before using.
 			 */
-			passlen = clistr_push(cli, pword, pass, -1, STR_TERMINATE);
+			passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE);
 		} else {
 			memcpy(pword, pass, passlen);
 		}
-- 
cgit 


From 58abc7b5b623e19d81586db4ae834c8e18e83082 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:50:45 +0000
Subject: If the server went away, don't segfault by attempting to FD_SET -1.

Andrew Bartlett
(This used to be commit 4b1337ee94a19e39a2f4012c4dbc32a2e58cacf5)
---
 source3/client/client.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/client/client.c b/source3/client/client.c
index 065cd2fcc9..99fc779a9e 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -2269,6 +2269,9 @@ static void readline_callback(void)
 
 	last_t = t;
 
+	if (cli->fd == -1)
+		return;
+
  again:
 	FD_ZERO(&fds);
 	FD_SET(cli->fd,&fds);
-- 
cgit 


From eca1293fadf8774f016e18ca56ac200546ca70ba Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:51:57 +0000
Subject: specify the size of these buffers (This used to be commit
 f6ea572cd57d4e655d387fe225a5d7122d587a9b)

---
 source3/libsmb/clilist.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index 3884e4da82..5bd1283ab7 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -178,7 +178,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 			SSVAL(param,6,info_level); 
 			SIVAL(param,8,0);
 			p = param+12;
-			p += clistr_push(cli, param+12, mask, -1, 
+			p += clistr_push(cli, param+12, mask, sizeof(param)-12, 
 					 STR_TERMINATE);
 		} else {
 			setup = TRANSACT2_FINDNEXT;
@@ -188,7 +188,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 			SIVAL(param,6,0); /* ff_resume_key */
 			SSVAL(param,10,8+4+2);	/* continue + resume required + close on end */
 			p = param+12;
-			p += clistr_push(cli, param+12, mask, -1, 
+			p += clistr_push(cli, param+12, mask, sizeof(param)-12, 
 					 STR_TERMINATE);
 		}
 
-- 
cgit 


From 32ae87014ce4bc7ddc25f15d44428b8ef2cf5593 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:53:37 +0000
Subject: Truncate the machinename manually, so as not to generate level 0
 debugs for an expected situation.

Andrew Bartlett
(This used to be commit a07fccb7ae169c0b5089e3f7d2c5d6465b2e4686)
---
 source3/utils/pdbedit.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index cec3e70687..affcc75d67 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -363,20 +363,21 @@ static int new_machine (struct pdb_context *in, const char *machine_in)
 {
 	SAM_ACCOUNT *sam_pwent=NULL;
 	fstring machinename;
+	fstring machineaccount;
 	struct passwd  *pwd = NULL;
-	char name[16];
 	
 	fstrcpy(machinename, machine_in); 
+	machinename[15]= '\0';
 
 	if (machinename[strlen (machinename) -1] == '$')
 		machinename[strlen (machinename) -1] = '\0';
 	
 	strlower_m(machinename);
 	
-	safe_strcpy (name, machinename, 16);
-	safe_strcat (name, "$", 16);
+	fstrcpy(machineaccount, machinename);
+	fstrcat(machineaccount, "$");
 
-	if ((pwd = getpwnam_alloc(name))) {
+	if ((pwd = getpwnam_alloc(machineaccount))) {
 		if (!NT_STATUS_IS_OK(pdb_init_sam_pw( &sam_pwent, pwd))) {
 			fprintf(stderr, "Could not init sam from pw\n");
 			passwd_free(&pwd);
@@ -392,14 +393,14 @@ static int new_machine (struct pdb_context *in, const char *machine_in)
 
 	pdb_set_plaintext_passwd (sam_pwent, machinename);
 
-	pdb_set_username (sam_pwent, name, PDB_CHANGED);
+	pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED);
 	
 	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
 	
 	pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS, PDB_CHANGED);
 	
 	if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) {
-		print_user_info (in, name, True, False);
+		print_user_info (in, machineaccount, True, False);
 	} else {
 		fprintf (stderr, "Unable to add machine! (does it already exist?)\n");
 		pdb_free_sam (&sam_pwent);
@@ -435,12 +436,13 @@ static int delete_user_entry (struct pdb_context *in, const char *username)
 
 static int delete_machine_entry (struct pdb_context *in, const char *machinename)
 {
-	char name[16];
+	fstring name;
 	SAM_ACCOUNT *samaccount = NULL;
 	
-	safe_strcpy (name, machinename, 16);
-	if (name[strlen(name)] != '$')
-		safe_strcat (name, "$", 16);
+	fstrcpy(name, machinename);
+	name[15] = '\0';
+	if (name[strlen(name)-1] != '$')
+		fstrcat (name, "$");
 
 	if (!NT_STATUS_IS_OK(pdb_init_sam (&samaccount))) {
 		return -1;
-- 
cgit 


From 9a00acc472b3a9530ca71705faef3166aa9c4d47 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 06:54:09 +0000
Subject: Fix off-by-one bug in safe_strcpy size paramater. (This used to be
 commit 9af30c9aae3623c4db1edca39a91973f0279acb4)

---
 source3/utils/smbcacls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index a5cee0dae1..bce64df960 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -916,7 +916,7 @@ You can string acls together with spaces, commas or newlines\n\
 	if (filename[0] != '\\') {
 		pstring s;
 		s[0] = '\\';
-		safe_strcpy(&s[1], filename, sizeof(pstring)-1);
+		safe_strcpy(&s[1], filename, sizeof(pstring)-2);
 		pstrcpy(filename, s);
 	}
 
-- 
cgit 


From 3b5bc93e9db4df6ded2eef7b32bda74328b04811 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 07:14:55 +0000
Subject: String handling parinoia fixes.

This patch enables the compile-time checking of strings assable by means of
sizeof().  (Original code had the configure check reversed).

This is extended to all safe_strcpy() users, push_string and pull_string,
as well as the cli and srv derivitives.  There is an attempt to cap strings
at the end of the cli buffer, and clobber_region() of the speified length
(when not -1 :-).

Becouse of the way they are declared, the 'overmalloc a string' users of
safe_strcpy() have been changed to use overmalloc_safe_strcpy() (which skips
some of the checks).

This whole ball of mud worked fine, until I pulled out my 'fix' for our
statcache.  When jeremy fixes that, we should be able to get back to testing
this stuff.

This patch also includes a 'marker' of the last caller to clobber_region (ie,
the function that called pstrcpy() that called clobber_region) to assist in
debugging problems that may have smashed the stack.  This is printed at
smb_panic() time.  (Original idea and patch by metze).

It also removes some unsused functions, and #if 0's some others that are
unused but probably should be used in the near future.

For now, this patch gives us some confidence on one class of trivial parsing
error in our code.

Andrew Bartlett
(This used to be commit 31f4827acc2a2f00399a5528fc83a0dae5cebaf4)
---
 source3/Makefile.in            |   2 +-
 source3/configure.in           |   2 +-
 source3/include/includes.h     |   1 +
 source3/include/safe_string.h  | 161 +++++++++++++++++++++++++++++++++++------
 source3/include/srvstr.h       |  36 +++++++++
 source3/lib/charcnv.c          |  83 ++++-----------------
 source3/lib/util.c             |  16 +++-
 source3/lib/util_str.c         |  72 ++++++++----------
 source3/libsmb/clistr.c        |  28 +++++--
 source3/nmbd/nmbd_become_lmb.c |   2 +-
 source3/nmbd/nmbd_browsesync.c |   2 +-
 source3/smbd/srvstr.c          |  41 -----------
 source3/smbd/statcache.c       |  12 +--
 13 files changed, 264 insertions(+), 194 deletions(-)
 create mode 100644 source3/include/srvstr.h
 delete mode 100644 source3/smbd/srvstr.c

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 2334e278f2..1a4d97e083 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -336,7 +336,7 @@ SMBD_OBJ_SRV = smbd/files.o smbd/chgpasswd.o smbd/connection.o \
 	       smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \
                smbd/posix_acls.o lib/sysacls.o lib/server_mutex.o \
 	       smbd/process.o smbd/service.o smbd/error.o \
-	       printing/printfsp.o lib/util_seaccess.o smbd/srvstr.o \
+	       printing/printfsp.o lib/util_seaccess.o \
                smbd/build_options.o \
 	       smbd/change_trust_pw.o \
 	       $(MANGLE_OBJ)
diff --git a/source3/configure.in b/source3/configure.in
index aa95cf19fe..e038654f7e 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -662,7 +662,7 @@ AC_CACHE_CHECK([if the compiler will optimize out function calls],samba_cv_optim
     AC_TRY_LINK([
 #include <stdio.h>],
 [
-		if (1) {
+		if (0) {
 		   this_function_does_not_exist();
 		} else {
 		  return 1;
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 25245e9c0c..2bba9d5084 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -855,6 +855,7 @@ struct printjob;
 
 /* String routines */
 
+#include "srvstr.h"
 #include "safe_string.h"
 
 #ifdef __COMPAR_FN_T
diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 6c2bd82bb9..c7386d3ac4 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -48,29 +48,45 @@
 
 #endif /* !_SPLINT_ */
 
+
 char * __unsafe_string_function_usage_here__(void);
 
-#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
+size_t __unsafe_string_function_usage_here2__(void);
 
-#define pstrcpy(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcpy((d), (s),sizeof(pstring)-1))
-#define pstrcat(d,s) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcat((d), (s),sizeof(pstring)-1))
-#define fstrcpy(d,s) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcpy((d),(s),sizeof(fstring)-1))
-#define fstrcat(d,s) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : safe_strcat((d),(s),sizeof(fstring)-1))
+#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
 
-#define fstrterminate(d) ((sizeof(d) != sizeof(fstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : (((d)[sizeof(fstring)-1]) = '\0'))
-#define pstrterminate(d) ((sizeof(d) != sizeof(pstring) && sizeof(d) != sizeof(char *)) ? __unsafe_string_function_usage_here__() : (((d)[sizeof(pstring)-1]) = '\0'))
+/* if the compiler will optimize out function calls, then use this to tell if we are 
+   have the correct types (this works only where sizeof() returns the size of the buffer, not
+   the size of the pointer). */
+
+#define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *))
+
+#define fstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(fstring)) \
+    ? __unsafe_string_function_usage_here__() \
+    : (((d)[sizeof(fstring)-1]) = '\0'))
+#define pstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(pstring)) \
+    ? __unsafe_string_function_usage_here__() \
+    : (((d)[sizeof(pstring)-1]) = '\0'))
+
+#define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
+    ? __unsafe_string_function_usage_here__() \
+    : safe_strcpy_w((d),(s),sizeof(wpstring)))
+#define wpstrcat(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
+    ? __unsafe_string_function_usage_here__() \
+    : safe_strcat_w((d),(s),sizeof(wpstring)))
+#define wfstrcpy(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
+    ? __unsafe_string_function_usage_here__() \
+    : safe_strcpy_w((d),(s),sizeof(wfstring)))
+#define wfstrcat(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
+    ? __unsafe_string_function_usage_here__() \
+    : safe_strcat_w((d),(s),sizeof(wfstring)))
 
-#define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcpy_w((d),(s),sizeof(wpstring)))
-#define wpstrcat(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcat_w((d),(s),sizeof(wpstring)))
-#define wfstrcpy(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcpy_w((d),(s),sizeof(wfstring)))
-#define wfstrcat(d,s) ((sizeof(d) != sizeof(wfstring) && sizeof(d) != sizeof(smb_ucs2_t *)) ? __unsafe_string_function_usage_here__() : safe_strcat_w((d),(s),sizeof(wfstring)))
+#define push_pstring_base(dest, src, pstring_base) \
+    (CHECK_STRING_SIZE(pstring_base, sizeof(pstring)) \
+    ? __unsafe_string_function_usage_here2__() \
+    : push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE))
 
-#else
-
-#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1)
-#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1)
-#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
-#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
+#else /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */
 
 #define fstrterminate(d) (((d)[sizeof(fstring)-1]) = '\0')
 #define pstrterminate(d) (((d)[sizeof(pstring)-1]) = '\0')
@@ -80,12 +96,10 @@ char * __unsafe_string_function_usage_here__(void);
 #define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring))
 #define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring))
 
-#endif
+#define push_pstring_base(dest, src, pstring_base) \
+    push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE)
 
-/* replace some string functions with multi-byte
-   versions */
-#define strlower(s) strlower_m(s)
-#define strupper(s) strupper_m(s)
+#endif /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */
 
 /* the addition of the DEVELOPER checks in safe_strcpy means we must
  * update a lot of code. To make this a little easier here are some
@@ -93,7 +107,106 @@ char * __unsafe_string_function_usage_here__(void);
 #define pstrcpy_base(dest, src, pstring_base) \
     safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
 
-#define push_pstring_base(dest, src, pstring_base) \
-    push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE)
+
+/* String copy functions - macro hell below adds 'type checking' (limited, but the best we can
+   do in C) and may tag with function name/number to record the last 'clobber region' on
+   that string */
+
+#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1)
+#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1)
+#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
+#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
+
+/* the addition of the DEVELOPER checks in safe_strcpy means we must
+ * update a lot of code. To make this a little easier here are some
+ * functions that provide the lengths with less pain */
+#define pstrcpy_base(dest, src, pstring_base) \
+    safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
+
+
+/* inside the _fn varients of these is a call to 'clobber_region' - which might
+   destory the stack on a buggy function.  Help the debugging process by putting
+   the function and line it was last called from into a static buffer
+
+   But only for developers */
+
+#ifdef DEVELOPER
+#define overmalloc_safe_strcpy(dest,src,maxlength)	safe_strcpy_fn(__FUNCTION__,__LINE__,dest,src,maxlength)
+#define safe_strcpy(dest,src,maxlength)	safe_strcpy_fn2(__FUNCTION__,__LINE__,dest,src,maxlength)
+#define safe_strcat(dest,src,maxlength)	safe_strcat_fn2(__FUNCTION__,__LINE__,dest,src,maxlength)
+#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, flags)
+#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(__FUNCTION__, __LINE__, base_ptr, dest, src, dest_len, src_len, flags)
+#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, flags)
+#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(__FUNCTION__, __LINE__, cli, dest, src, dest_len, src_len, flags)
+
+#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(__FUNCTION__,__LINE__,dest,src,other_safe_chars,maxlength)
+#define StrnCpy(dest,src,n)		StrnCpy_fn(__FUNCTION__,__LINE__,dest,src,n)
+
+#else
+
+#define overmalloc_safe_strcpy(dest,src,maxlength)	safe_strcpy_fn(NULL,0,dest,src,maxlength)
+#define safe_strcpy(dest,src,maxlength)	safe_strcpy_fn2(NULL,0,dest,src,maxlength)
+#define safe_strcat(dest,src,maxlength)	safe_strcat_fn2(NULL,0,dest,src,maxlength)
+#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, flags)
+#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, src_len, flags)
+#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(NULL, 0, cli, dest, src, dest_len, flags)
+#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_push_fn2(NULL, 0, cli, dest, src, dest_len, src_len, flags)
+
+#define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(NULL,0,dest,src,other_safe_chars,maxlength)
+#define StrnCpy(dest,src,n)		StrnCpy_fn(NULL,0,dest,src,n)
+#endif /* DEVELOPER */
+
+
+#ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
+
+/* if the compiler will optimize out function calls, then use this to tell if we are 
+   have the correct types (this works only where sizeof() returns the size of the buffer, not
+   the size of the pointer). */
+
+#define safe_strcpy_fn2(fn_name, fn_line, d, s, max_len) \
+    (CHECK_STRING_SIZE(d, max_len+1) \
+    ? __unsafe_string_function_usage_here__() \
+    : safe_strcpy_fn(fn_name, fn_line, (d), (s), (max_len)))
+
+#define safe_strcat_fn2(fn_name, fn_line, d, s, max_len) \
+    (CHECK_STRING_SIZE(d, max_len+1) \
+    ? __unsafe_string_function_usage_here__() \
+    : safe_strcat_fn(fn_name, fn_line, (d), (s), (max_len)))
+
+#define push_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \
+    (CHECK_STRING_SIZE(dest, dest_len) \
+    ? __unsafe_string_function_usage_here2__() \
+    : push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags))
+
+#define pull_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags) \
+    (CHECK_STRING_SIZE(dest, dest_len) \
+    ? __unsafe_string_function_usage_here2__() \
+    : pull_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags))
+
+#define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \
+    (CHECK_STRING_SIZE(dest, dest_len) \
+    ? __unsafe_string_function_usage_here2__() \
+    : clistr_push_fn(fn_name, fn_line, cli, dest, src, dest_len, flags))
+
+#define clistr_pull_fn2(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags) \
+    (CHECK_STRING_SIZE(dest, dest_len) \
+    ? __unsafe_string_function_usage_here2__() \
+    : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags))
+
+#else
+
+#define safe_strcpy_fn2 safe_strcpy_fn
+#define safe_strcat_fn2 safe_strcat_fn
+#define push_string_fn2 push_string_fn
+#define pull_string_fn2 pull_string_fn
+#define clistr_push_fn2 clistr_push_fn2
+#define clistr_pull_fn2 clistr_pull_fn2
+
+#endif
+
+/* replace some string functions with multi-byte
+   versions */
+#define strlower(s) strlower_m(s)
+#define strupper(s) strupper_m(s)
 
 #endif
diff --git a/source3/include/srvstr.h b/source3/include/srvstr.h
new file mode 100644
index 0000000000..a433e0e3f9
--- /dev/null
+++ b/source3/include/srvstr.h
@@ -0,0 +1,36 @@
+/* 
+   Unix SMB/CIFS implementation.
+   server specific string routines
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#define srvstr_push(base_ptr, dest, src, dest_len, flags) \
+    push_string(base_ptr, dest, src, dest_len, flags)
+
+#define srvstr_pull(base_ptr, dest, src, dest_len, src_len, flags) \
+    pull_string(base_ptr, dest, src, dest_len, src_len, flags)
+
+/* pull a string from the smb_buf part of a packet. In this case the
+   string can either be null terminated or it can be terminated by the
+   end of the smbbuf area 
+*/
+
+#define srvstr_pull_buf(inbuf, dest, src, dest_len, flags) \
+    pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags)
+
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index a8df003f8b..76d77ddd67 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -186,7 +186,7 @@ size_t convert_string(charset_t from, charset_t to,
  * @returns Size in bytes of the converted string; or -1 in case of error.
  **/
 
-size_t convert_string_allocate(charset_t from, charset_t to,
+static size_t convert_string_allocate(charset_t from, charset_t to,
 		      		void const *src, size_t srclen, void **dest)
 {
 	size_t i_len, o_len, destlen;
@@ -265,7 +265,7 @@ convert:
  *
  * @returns Size in bytes of the converted string; or -1 in case of error.
  **/
-size_t convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to,
+static size_t convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to,
 		      		void const *src, size_t srclen, void **dest)
 {
 	void *alloced_string;
@@ -303,7 +303,7 @@ size_t unix_strlower(const char *src, size_t srclen, char *dest, size_t destlen)
 }
 
 
-size_t ucs2_align(const void *base_ptr, const void *p, int flags)
+static size_t ucs2_align(const void *base_ptr, const void *p, int flags)
 {
 	if (flags & (STR_NOALIGN|STR_ASCII))
 		return 0;
@@ -356,11 +356,6 @@ size_t push_ascii_pstring(void *dest, const char *src)
 	return push_ascii(dest, src, sizeof(pstring), STR_TERMINATE);
 }
 
-size_t push_pstring(void *dest, const char *src)
-{
-	return push_ascii(dest, src, sizeof(pstring), STR_TERMINATE);
-}
-
 /**
  * Copy a string from a dos codepage source to a unix char* destination.
  *
@@ -507,7 +502,7 @@ size_t push_ucs2_allocate(smb_ucs2_t **dest, const char *src)
  is -1 then no maxiumum is used.
 **/
 
-size_t push_utf8(void *dest, const char *src, size_t dest_len, int flags)
+static size_t push_utf8(void *dest, const char *src, size_t dest_len, int flags)
 {
 	size_t src_len = strlen(src);
 	pstring tmpbuf;
@@ -533,11 +528,6 @@ size_t push_utf8_fstring(void *dest, const char *src)
 	return push_utf8(dest, src, sizeof(fstring), STR_TERMINATE);
 }
 
-size_t push_utf8_pstring(void *dest, const char *src)
-{
-	return push_utf8(dest, src, sizeof(pstring), STR_TERMINATE);
-}
-
 /**
  * Copy a string from a unix char* src to a UTF-8 destination, allocating a buffer using talloc
  *
@@ -666,7 +656,7 @@ size_t pull_ucs2_allocate(void **dest, const smb_ucs2_t *src)
  The resulting string in "dest" is always null terminated.
 **/
 
-size_t pull_utf8(char *dest, const void *src, size_t dest_len, size_t src_len, int flags)
+static size_t pull_utf8(char *dest, const void *src, size_t dest_len, size_t src_len, int flags)
 {
 	size_t ret;
 
@@ -690,16 +680,7 @@ size_t pull_utf8(char *dest, const void *src, size_t dest_len, size_t src_len, i
 
 	return src_len;
 }
-
-size_t pull_utf8_pstring(char *dest, const void *src)
-{
-	return pull_utf8(dest, src, sizeof(pstring), -1, STR_TERMINATE);
-}
-
-size_t pull_utf8_fstring(char *dest, const void *src)
-{
-	return pull_utf8(dest, src, sizeof(fstring), -1, STR_TERMINATE);
-}
+#endif
 
 /**
  * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer using talloc
@@ -745,8 +726,11 @@ size_t pull_utf8_allocate(void **dest, const char *src)
  is -1 then no maxiumum is used.
 **/
 
-size_t push_string(const void *base_ptr, void *dest, const char *src, size_t dest_len, int flags)
+size_t push_string_fn(const char *function, unsigned int line, const void *base_ptr, void *dest, const char *src, size_t dest_len, int flags)
 {
+	if (dest_len != (size_t)-1)
+		clobber_region(function, line, dest, dest_len);
+
 	if (!(flags & STR_ASCII) && \
 	    ((flags & STR_UNICODE || \
 	      (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) {
@@ -770,8 +754,11 @@ size_t push_string(const void *base_ptr, void *dest, const char *src, size_t des
  The resulting string in "dest" is always null terminated.
 **/
 
-size_t pull_string(const void *base_ptr, char *dest, const void *src, size_t dest_len, size_t src_len, int flags)
+size_t pull_string_fn(const char *function, unsigned int line, const void *base_ptr, char *dest, const void *src, size_t dest_len, size_t src_len, int flags)
 {
+	if (dest_len != (size_t)-1)
+		clobber_region(function, line, dest, dest_len);
+
 	if (!(flags & STR_ASCII) && \
 	    ((flags & STR_UNICODE || \
 	      (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) {
@@ -790,27 +777,6 @@ size_t align_string(const void *base_ptr, const char *p, int flags)
 	return 0;
 }
 
-/**
- Convert from ucs2 to unix charset and return the
- allocated and converted string or NULL if an error occurred.
- You must provide a zero terminated string.
- The returning string will be zero terminated.
-**/
-
-char *acnv_u2ux(const smb_ucs2_t *src)
-{
-	size_t slen;
-	size_t dlen;
-	void *dest;
-	
-	slen = (strlen_w(src) + 1) * sizeof(smb_ucs2_t);
-	dlen = convert_string_allocate(CH_UCS2, CH_UNIX, src, slen, &dest);
-	if (dlen == (size_t)-1)
-		return NULL;
-	else
-		return dest;
-}
-
 /**
  Convert from unix to ucs2 charset and return the
  allocated and converted string or NULL if an error occurred.
@@ -832,27 +798,6 @@ smb_ucs2_t *acnv_uxu2(const char *src)
 		return dest;
 }
 
-/**
- Convert from ucs2 to dos charset and return the
- allocated and converted string or NULL if an error occurred.
- You must provide a zero terminated string.
- The returning string will be zero terminated.
-**/
-
-char *acnv_u2dos(const smb_ucs2_t *src)
-{
-	size_t slen;
-	size_t dlen;
-	void *dest;
-	
-	slen = (strlen_w(src) + 1) * sizeof(smb_ucs2_t);
-	dlen = convert_string_allocate(CH_UCS2, CH_DOS, src, slen, &dest);
-	if (dlen == (size_t)-1)
-		return NULL;
-	else
-		return dest;
-}
-
 /**
  Convert from dos to ucs2 charset and return the
  allocated and converted string or NULL if an error occurred.
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 77ffa70a47..1f300a2815 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1398,9 +1398,23 @@ gid_t nametogid(const char *name)
 
 void smb_panic(const char *why)
 {
-	char *cmd = lp_panic_action();
+	char *cmd;
 	int result;
 
+#ifdef DEVELOPER
+	{
+		extern char *global_clobber_region_function;
+		extern unsigned int global_clobber_region_line;
+		
+		if (global_clobber_region_function) {
+			DEBUG(0,("smb_panic: clobber_region() last called from [%s(%u)]\n",
+				 global_clobber_region_function,
+				 global_clobber_region_line));
+		} 
+	}
+#endif
+	
+	cmd = lp_panic_action();
 	if (cmd && *cmd) {
 		DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmd));
 		result = system(cmd);
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 7dd5ee4242..7643c2807e 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -21,6 +21,11 @@
 
 #include "includes.h"
 
+#ifdef DEVELOPER
+const char *global_clobber_region_function;
+unsigned int global_clobber_region_line;
+#endif
+
 /**
  * Get the next token from a string, return False if none found.
  * Handles double-quotes.
@@ -73,7 +78,7 @@ parameter so you can pass NULL. This is useful for user interface code
 but beware the fact that it is not re-entrant!
 **/
 
-static char *last_ptr=NULL;
+static const char *last_ptr=NULL;
 
 BOOL next_token_nr(const char **ptr,char *buff, const char *sep, size_t bufsize)
 {
@@ -409,28 +414,6 @@ size_t count_chars(const char *s,char c)
 	return(count);
 }
 
-/**
-Return True if a string consists only of one particular character.
-**/
-
-BOOL str_is_all(const char *s,char c)
-{
-	smb_ucs2_t *ptr;
-
-	if(s == NULL)
-		return False;
-	if(!*s)
-		return False;
-  
-	push_ucs2(NULL, tmpbuf,s, sizeof(tmpbuf), STR_TERMINATE);
-	for(ptr=tmpbuf;*ptr;ptr++)
-		if(*ptr!=UCS2_CHAR(c))
-			return False;
-
-	return True;
-}
-
-
 /**
  * In developer builds, clobber a region of memory.
  *
@@ -442,11 +425,13 @@ BOOL str_is_all(const char *s,char c)
  * This is meant to catch possible string overflows, even if the
  * actual string copied is not big enough to cause an overflow.
  **/
-void clobber_region(char *dest, size_t len)
+void clobber_region(const char *fn, unsigned int line, char *dest, size_t len)
 {
 #ifdef DEVELOPER
 	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
 	memset(dest, 0xF1, len);
+	global_clobber_region_function = fn;
+	global_clobber_region_line = line;
 #endif
 }
 
@@ -456,7 +441,7 @@ void clobber_region(char *dest, size_t len)
  include the terminating zero.
 **/
 
-char *safe_strcpy(char *dest,const char *src, size_t maxlength)
+char *safe_strcpy_fn(const char *fn, int line, char *dest,const char *src, size_t maxlength)
 {
 	size_t len;
 
@@ -465,7 +450,7 @@ char *safe_strcpy(char *dest,const char *src, size_t maxlength)
 		return NULL;
 	}
 
-	clobber_region(dest, maxlength+1);
+	clobber_region(fn,line,dest, maxlength+1);
 
 	if (!src) {
 		*dest = 0;
@@ -489,8 +474,7 @@ char *safe_strcpy(char *dest,const char *src, size_t maxlength)
  Safe string cat into a string. maxlength does not
  include the terminating zero.
 **/
-
-char *safe_strcat(char *dest, const char *src, size_t maxlength)
+char *safe_strcat_fn(const char *fn, int line, char *dest, const char *src, size_t maxlength)
 {
 	size_t src_len, dest_len;
 
@@ -505,8 +489,8 @@ char *safe_strcat(char *dest, const char *src, size_t maxlength)
 	src_len = strlen(src);
 	dest_len = strlen(dest);
 
-	clobber_region(dest + dest_len, maxlength + 1 - dest_len);
-	
+	clobber_region(fn, line, dest + dest_len, maxlength + 1 - dest_len);
+
 	if (src_len + dest_len > maxlength) {
 		DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
 			 (int)(src_len + dest_len - maxlength), src));
@@ -528,12 +512,11 @@ char *safe_strcat(char *dest, const char *src, size_t maxlength)
  and replaces with '_'. Deliberately does *NOT* check for multibyte
  characters. Don't change it !
 **/
-
-char *alpha_strcpy(char *dest, const char *src, const char *other_safe_chars, size_t maxlength)
+char *alpha_strcpy_fn(const char *fn, int line, char *dest, const char *src, const char *other_safe_chars, size_t maxlength)
 {
 	size_t len, i;
 
-	clobber_region(dest, maxlength);
+	clobber_region(fn, line, dest, maxlength);
 
 	if (!dest) {
 		DEBUG(0,("ERROR: NULL dest in alpha_strcpy\n"));
@@ -569,13 +552,12 @@ char *alpha_strcpy(char *dest, const char *src, const char *other_safe_chars, si
  Like strncpy but always null terminates. Make sure there is room!
  The variable n should always be one less than the available size.
 **/
-
-char *StrnCpy(char *dest,const char *src,size_t n)
+char *StrnCpy_fn(const char *fn, int line,char *dest,const char *src,size_t n)
 {
 	char *d = dest;
 
-	clobber_region(dest, n+1);
-	
+	clobber_region(fn, line, dest, n+1);
+
 	if (!dest)
 		return(NULL);
 	
@@ -589,12 +571,13 @@ char *StrnCpy(char *dest,const char *src,size_t n)
 	return(dest);
 }
 
+#if 0
 /**
  Like strncpy but copies up to the character marker.  always null terminates.
  returns a pointer to the character marker in the source string (src).
 **/
 
-char *strncpyn(char *dest, const char *src, size_t n, char c)
+static char *strncpyn(char *dest, const char *src, size_t n, char c)
 {
 	char *p;
 	size_t str_len;
@@ -613,6 +596,7 @@ char *strncpyn(char *dest, const char *src, size_t n, char c)
 
 	return p;
 }
+#endif
 
 /**
  Routine to get hex characters and turn them into a 16 byte array.
@@ -923,7 +907,7 @@ void all_string_sub(char *s,const char *pattern,const char *insert, size_t len)
  Use with caution!
 **/
 
-smb_ucs2_t *all_string_sub_w(const smb_ucs2_t *s, const smb_ucs2_t *pattern,
+static smb_ucs2_t *all_string_sub_w(const smb_ucs2_t *s, const smb_ucs2_t *pattern,
 				const smb_ucs2_t *insert)
 {
 	smb_ucs2_t *r, *rp;
@@ -981,11 +965,12 @@ smb_ucs2_t *all_string_sub_wa(smb_ucs2_t *s, const char *pattern,
 	return all_string_sub_w(s, p, i);
 }
 
+#if 0
 /**
  Splits out the front and back at a separator.
 **/
 
-void split_at_last_component(char *path, char *front, char sep, char *back)
+static void split_at_last_component(char *path, char *front, char sep, char *back)
 {
 	char *p = strrchr_m(path, sep);
 
@@ -1004,6 +989,7 @@ void split_at_last_component(char *path, char *front, char sep, char *back)
 			back[0] = 0;
 	}
 }
+#endif
 
 /**
  Write an octal as a string.
@@ -1023,7 +1009,7 @@ const char *octal_string(int i)
  Truncate a string at a specified length.
 **/
 
-char *string_truncate(char *s, int length)
+char *string_truncate(char *s, unsigned int length)
 {
 	if (s && strlen(s) > length)
 		s[length] = 0;
@@ -1182,11 +1168,12 @@ char *binary_string(char *buf, int len)
 	return ret;
 }
 
+#if 0
 /**
  Just a typesafety wrapper for snprintf into a fstring.
 **/
 
- int fstr_sprintf(fstring s, const char *fmt, ...)
+static int fstr_sprintf(fstring s, const char *fmt, ...)
 {
 	va_list ap;
 	int ret;
@@ -1196,6 +1183,7 @@ char *binary_string(char *buf, int len)
 	va_end(ap);
 	return ret;
 }
+#endif
 
 #ifndef HAVE_STRNDUP
 /**
diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c
index 3c9964368e..97a3fa6cc9 100644
--- a/source3/libsmb/clistr.c
+++ b/source3/libsmb/clistr.c
@@ -20,24 +20,38 @@
 
 #include "includes.h"
 
-int clistr_push(struct cli_state *cli, void *dest, const char *src, int dest_len, int flags)
+size_t clistr_push_fn(const char *function, unsigned int line, 
+		   struct cli_state *cli, void *dest, 
+		   const char *src, int dest_len, int flags)
 {
-	return push_string(cli->outbuf, dest, src, dest_len, flags);
+	size_t buf_used = PTR_DIFF(dest, cli->outbuf);
+	if (dest_len == -1) {
+		if (((ptrdiff_t)dest < (ptrdiff_t)cli->outbuf) || (buf_used > cli->bufsize)) {
+			DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n"));
+			return push_string_fn(function, line, cli->outbuf, dest, src, -1, flags);
+		}
+		return push_string_fn(function, line, cli->outbuf, dest, src, cli->bufsize - buf_used, flags);
+	}
+	
+	/* 'normal' push into size-specified buffer */
+	return push_string_fn(function, line, cli->outbuf, dest, src, dest_len, flags);
 }
 
-int clistr_pull(struct cli_state *cli, char *dest, const void *src, int dest_len, int src_len, 
-		int flags)
+size_t clistr_pull_fn(const char *function, unsigned int line, 
+		   struct cli_state *cli, char *dest, const void *src, 
+		   int dest_len, int src_len, 
+		   int flags)
 {
-	return pull_string(cli->inbuf, dest, src, dest_len, src_len, flags);
+	return pull_string_fn(function, line, cli->inbuf, dest, src, dest_len, src_len, flags);
 }
 
 
-int clistr_align_out(struct cli_state *cli, const void *p, int flags)
+size_t clistr_align_out(struct cli_state *cli, const void *p, int flags)
 {
 	return align_string(cli->outbuf, p, flags);
 }
 
-int clistr_align_in(struct cli_state *cli, const void *p, int flags)
+size_t clistr_align_in(struct cli_state *cli, const void *p, int flags)
 {
 	return align_string(cli->inbuf, p, flags);
 }
diff --git a/source3/nmbd/nmbd_become_lmb.c b/source3/nmbd/nmbd_become_lmb.c
index 829496c195..6f8e7efb1a 100644
--- a/source3/nmbd/nmbd_become_lmb.c
+++ b/source3/nmbd/nmbd_become_lmb.c
@@ -563,7 +563,7 @@ in workgroup %s on subnet %s\n",
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  safe_strcpy(userdata->data, work->work_group, size - sizeof(*userdata) - 1);
+  overmalloc_safe_strcpy(userdata->data, work->work_group, size - sizeof(*userdata) - 1);
 
   /* Register the special browser group name. */
   register_name(subrec, MSBROWSE, 0x01, samba_nb_type|NB_GROUP,
diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c
index 5914ea9637..b9082ee1c3 100644
--- a/source3/nmbd/nmbd_browsesync.c
+++ b/source3/nmbd/nmbd_browsesync.c
@@ -333,7 +333,7 @@ static void find_domain_master_name_query_success(struct subnet_record *subrec,
   userdata->copy_fn = NULL;
   userdata->free_fn = NULL;
   userdata->userdata_len = strlen(work->work_group)+1;
-  safe_strcpy(userdata->data, work->work_group, size - sizeof(*userdata) - 1);
+  overmalloc_safe_strcpy(userdata->data, work->work_group, size - sizeof(*userdata) - 1);
 
   node_status( subrec, &nmbname, answer_ip, 
                domain_master_node_status_success,
diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c
deleted file mode 100644
index 36fecf5bd2..0000000000
--- a/source3/smbd/srvstr.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   server specific string routines
-   Copyright (C) Andrew Tridgell 2001
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-int srvstr_push(void *base_ptr, void *dest, const char *src, int dest_len, int flags)
-{
-	return push_string(base_ptr, dest, src, dest_len, flags);
-}
-
-int srvstr_pull(void *base_ptr, char *dest, const void *src, int dest_len, int src_len, 
-		int flags)
-{
-	return pull_string(base_ptr, dest, src, dest_len, src_len, flags);
-}
-
-/* pull a string from the smb_buf part of a packet. In this case the
-   string can either be null terminated or it can be terminated by the
-   end of the smbbuf area 
-*/
-int srvstr_pull_buf(void *inbuf, char *dest, const void *src, int dest_len, int flags)
-{
-	return pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags);
-}
diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index b6e84ec9a5..ac4ffcf575 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -62,7 +62,7 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
     return;
 
   /*
-   * If we are in case insentive mode, we need to
+   * If we are in case insentive mode, we don't need to
    * store names that need no translation - else, it
    * would be a waste.
    */
@@ -106,8 +106,8 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
         DEBUG(0,("stat_cache_add: Out of memory !\n"));
         return;
       }
-      safe_strcpy(scp->names, orig_name, namelen);
-      safe_strcpy((scp->names+namelen+1), translated_path, namelen);
+      overmalloc_safe_strcpy(scp->names, orig_name, namelen);
+      overmalloc_safe_strcpy((scp->names+namelen+1), translated_path, namelen);
       scp->name_len = namelen;
       hash_insert(&stat_cache, (char *)scp, orig_name);
     }
@@ -122,8 +122,8 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
       DEBUG(0,("stat_cache_add: Out of memory !\n"));
       return;
     }
-    safe_strcpy(scp->names, orig_name, namelen);
-    safe_strcpy(scp->names+namelen+1, translated_path, namelen);
+    overmalloc_safe_strcpy(scp->names, orig_name, namelen);
+    overmalloc_safe_strcpy(scp->names+namelen+1, translated_path, namelen);
     scp->name_len = namelen;
     hash_insert(&stat_cache, (char *)scp, orig_name);
   }
@@ -136,7 +136,7 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
  Return True if we translated (and did a scuccessful stat on) the entire name.
 *****************************************************************************/
 
-BOOL stat_cache_lookup(connection_struct *conn, char *name, char *dirpath, 
+BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath, 
 		       char **start, SMB_STRUCT_STAT *pst)
 {
   stat_cache_entry *scp;
-- 
cgit 


From d8549b0360b86f151a8cd221838d005e083bfba8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 07:16:32 +0000
Subject: signed/unsigned fix (This used to be commit
 f6bcfa59447700e0ccfc069d0228019a9bdca9d2)

---
 source3/include/client.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/include/client.h b/source3/include/client.h
index a3efda4918..0ea793de68 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -110,8 +110,8 @@ struct cli_state {
 	int readbraw_supported;
 	int writebraw_supported;
 	int timeout; /* in milliseconds. */
-	int max_xmit;
-	int max_mux;
+	size_t max_xmit;
+	size_t max_mux;
 	char *outbuf;
 	char *inbuf;
 	unsigned int bufsize;
-- 
cgit 


From a27d434c4b4363762e7a0d5eeddd35e2b8dbb374 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 07:45:51 +0000
Subject: Fix signed/unsigned issues - mostly 'i' counters.

Fix an inconpatible poitner type that caused the IA64 not to build

Andrew Bartlett
(This used to be commit 37436b0aae108fceace3049d3868510e1ba592ac)
---
 source3/rpc_parse/parse_lsa.c  | 14 +++++++-------
 source3/rpc_parse/parse_misc.c | 10 +++++-----
 source3/rpc_parse/parse_net.c  | 22 +++++++++++-----------
 source3/rpc_parse/parse_prs.c  |  4 ++--
 source3/rpc_parse/parse_sec.c  | 16 ++++++++--------
 source3/rpc_parse/parse_srv.c  | 20 ++++++++++----------
 source3/utils/net_ads_cldap.c  |  8 ++++----
 7 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 2753ae524a..fc9999dc4d 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -80,7 +80,7 @@ static BOOL lsa_io_trans_name(const char *desc, LSA_TRANS_NAME *trn, prs_struct
 static BOOL lsa_io_dom_r_ref(const char *desc, DOM_R_REF *r_r, prs_struct *ps, 
 			     int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "lsa_io_dom_r_ref");
 	depth++;
@@ -531,7 +531,7 @@ BOOL lsa_io_q_enum_trust_dom(const char *desc, LSA_Q_ENUM_TRUST_DOM *q_e,
 void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *r_e, uint32 enum_context,
 			   uint32 req_num_domains, uint32 num_domains, TRUSTDOM **td)
 {
-	int i;
+	unsigned int i;
 
         DEBUG(5, ("init_r_enum_trust_dom\n"));
 	
@@ -851,7 +851,7 @@ static void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen,
 static BOOL lsa_io_sid_enum(const char *desc, LSA_SID_ENUM *sen, prs_struct *ps, 
 			    int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "lsa_io_sid_enum");
 	depth++;
@@ -967,7 +967,7 @@ BOOL lsa_io_q_lookup_sids(const char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *
 static BOOL lsa_io_trans_names(const char *desc, LSA_TRANS_NAME_ENUM *trn,
                 prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "lsa_io_trans_names");
 	depth++;
@@ -1063,7 +1063,7 @@ makes a structure.
 void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l, 
 			 POLICY_HND *hnd, int num_names, const char **names)
 {
-	int i;
+	unsigned int i;
 
 	DEBUG(5, ("init_q_lookup_names\n"));
 
@@ -1102,7 +1102,7 @@ reads or writes a structure.
 BOOL lsa_io_q_lookup_names(const char *desc, LSA_Q_LOOKUP_NAMES *q_r, 
 			   prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "lsa_io_q_lookup_names");
 	depth++;
@@ -1166,7 +1166,7 @@ reads or writes a structure.
 BOOL lsa_io_r_lookup_names(const char *desc, LSA_R_LOOKUP_NAMES *r_r, 
 			   prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "lsa_io_r_lookup_names");
 	depth++;
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index df80c76ee5..b7b0e9346b 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -697,7 +697,7 @@ BOOL smb_io_buffer5(const char *desc, BUFFER5 *buf5, prs_struct *ps, int depth)
  Inits a BUFFER2 structure.
 ********************************************************************/
 
-void init_buffer2(BUFFER2 *str, const uint8 *buf, int len)
+void init_buffer2(BUFFER2 *str, const uint8 *buf, size_t len)
 {
 	ZERO_STRUCTP(str);
 
@@ -1050,7 +1050,7 @@ BOOL smb_io_unistr2(const char *desc, UNISTR2 *uni2, uint32 buffer, prs_struct *
 BOOL init_unistr2_array(UNISTR2_ARRAY *array, 
 		       uint32 count, const char **strings)
 {
-	int i;
+	unsigned int i;
 
 	array->count = count;
 	array->ref_id = count?1:0;
@@ -1078,7 +1078,7 @@ BOOL init_unistr2_array(UNISTR2_ARRAY *array,
 ********************************************************************/
 BOOL smb_io_unistr2_array(const char *desc, UNISTR2_ARRAY *array, prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "smb_io_unistr2_array");
 	depth++;
@@ -1128,7 +1128,7 @@ BOOL smb_io_unistr2_array(const char *desc, UNISTR2_ARRAY *array, prs_struct *ps
 BOOL init_sid_array(SID_ARRAY *array,
 		    uint32 count, DOM_SID *sids)
 {
-	int i;
+	unsigned int i;
 
 	array->count = count;
 	array->ref_id = count?1:0;
@@ -1155,7 +1155,7 @@ BOOL init_sid_array(SID_ARRAY *array,
 ********************************************************************/
 BOOL smb_io_sid_array(const char *desc, SID_ARRAY *array, prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "smb_io_sid_array");
 	depth++;
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 53f660fcc3..a660084250 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -432,7 +432,7 @@ BOOL net_io_r_logon_ctrl(const char *desc, NET_R_LOGON_CTRL *r_l, prs_struct *ps
 void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
 			uint32 num_doms, const char *dom_name)
 {
-	int i = 0;
+	unsigned int i = 0;
 
 	DEBUG(5,("init_r_trust_dom\n"));
 
@@ -1038,12 +1038,12 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
 		   uint32 log_id_low, uint32 log_id_high,
 		   const char *user_name, const char *wksta_name,
 		   const uchar lm_challenge[8],
-		   const uchar * lm_chal_resp, int lm_chal_resp_len,
-		   const uchar * nt_chal_resp, int nt_chal_resp_len)
+		   const uchar * lm_chal_resp, size_t lm_chal_resp_len,
+		   const uchar * nt_chal_resp, size_t nt_chal_resp_len)
 {
-	int len_domain_name = strlen(domain_name);
-	int len_user_name   = strlen(user_name  );
-	int len_wksta_name  = strlen(wksta_name );
+	size_t len_domain_name = strlen(domain_name);
+	size_t len_user_name   = strlen(user_name  );
+	size_t len_wksta_name  = strlen(wksta_name );
 	unsigned char lm_owf[24];
 	unsigned char nt_owf[128];
 
@@ -1281,7 +1281,7 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
 {
 	/* only cope with one "other" sid, right now. */
 	/* need to count the number of space-delimited sids */
-	int i;
+	unsigned int i;
 	int num_other_sids = 0;
 	
 	NTTIME 		logon_time, logoff_time, kickoff_time,
@@ -1390,7 +1390,7 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
 BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, 
 		       int depth, uint16 validation_level)
 {
-	int i;
+	unsigned int i;
 
 	if (usr == NULL)
 		return False;
@@ -2363,7 +2363,7 @@ reads or writes a structure.
 static BOOL net_io_sam_policy_info(const char *desc, SAM_DELTA_POLICY *info,
 				      prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 	prs_debug(ps, depth, desc, "net_io_sam_policy_info");
 	depth++;
 
@@ -2584,7 +2584,7 @@ reads or writes a structure.
 static BOOL net_io_sam_privs_info(const char *desc, SAM_DELTA_PRIVS *info,
 				      prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 
 	prs_debug(ps, depth, desc, "net_io_sam_privs_info");
 	depth++;
@@ -2895,7 +2895,7 @@ reads or writes a structure.
 BOOL net_io_r_sam_deltas(const char *desc, uint8 sess_key[16],
                          NET_R_SAM_DELTAS *r_s, prs_struct *ps, int depth)
 {
-        int i;
+        unsigned int i;
 
 	prs_debug(ps, depth, desc, "net_io_r_sam_deltas");
 	depth++;
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 702375be35..aeaa42ac92 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -938,7 +938,7 @@ BOOL prs_buffer2(BOOL charmode, const char *name, prs_struct *ps, int depth, BUF
 
 BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STRING2 *str)
 {
-	int i;
+	unsigned int i;
 	char *q = prs_mem_get(ps, str->str_max_len);
 	if (q == NULL)
 		return False;
@@ -1035,7 +1035,7 @@ BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps,
 
 BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
 {
-	int len = 0;
+	unsigned int len = 0;
 	unsigned char *p = (unsigned char *)str->buffer;
 	uint8 *start;
 	char *q;
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index 10b0ff86ae..081173cf8d 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -159,7 +159,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
 
 NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask)
 {
-	int i = 0;
+	unsigned int i = 0;
 	
 	if (!ctx || !new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
 
@@ -185,7 +185,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned
 
 NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
 {
-	int i = 0;
+	unsigned int i = 0;
 
 	if (!ace || !sid)  return NT_STATUS_INVALID_PARAMETER;
 
@@ -202,14 +202,14 @@ NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
  delete SID from ACL
 ********************************************************************/
 
-NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *num, DOM_SID *sid)
+static NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *num, DOM_SID *sid)
 {
-	int i     = 0;
-	int n_del = 0;
+	unsigned int i     = 0;
+	unsigned int n_del = 0;
 
 	if (!ctx || !new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
 
-	if((new[0] = (SEC_ACE *) talloc_zero(ctx, *num * sizeof(SEC_ACE))) == 0)
+	if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0)
 		return NT_STATUS_NO_MEMORY;
 
 	for (i = 0; i < *num; i ++) {
@@ -283,7 +283,7 @@ SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
 
 BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
 {
-	int i;
+	unsigned int i;
 	uint32 old_offset;
 	uint32 offset_acl_size;
 	SEC_ACL *psa;
@@ -407,7 +407,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
 
 BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2)
 {
-	int i, j;
+	unsigned int i, j;
 
 	/* Trivial cases */
 
diff --git a/source3/rpc_parse/parse_srv.c b/source3/rpc_parse/parse_srv.c
index bfa1a13be9..27763aa224 100644
--- a/source3/rpc_parse/parse_srv.c
+++ b/source3/rpc_parse/parse_srv.c
@@ -1665,8 +1665,8 @@ static BOOL srv_io_srv_sess_info_0(const char *desc, SRV_SESS_INFO_0 *ss0, prs_s
 		return False;
 
 	if (ss0->ptr_sess_info != 0) {
-		int i;
-		int num_entries = ss0->num_entries_read;
+		uint32 i;
+		uint32 num_entries = ss0->num_entries_read;
 
 		if (num_entries > MAX_SESS_ENTRIES) {
 			num_entries = MAX_SESS_ENTRIES; /* report this! */
@@ -1802,8 +1802,8 @@ static BOOL srv_io_srv_sess_info_1(const char *desc, SRV_SESS_INFO_1 *ss1, prs_s
 		return False;
 
 	if (ss1->ptr_sess_info != 0) {
-		int i;
-		int num_entries = ss1->num_entries_read;
+		uint32 i;
+		uint32 num_entries = ss1->num_entries_read;
 
 		if (num_entries > MAX_SESS_ENTRIES) {
 			num_entries = MAX_SESS_ENTRIES; /* report this! */
@@ -1944,7 +1944,7 @@ BOOL srv_io_q_net_sess_enum(const char *desc, SRV_Q_NET_SESS_ENUM *q_n, prs_stru
 	if(!prs_uint32("sess_level", ps, depth, &q_n->sess_level))
 		return False;
 	
-	if (q_n->sess_level != -1) {
+	if (q_n->sess_level != (uint32)-1) {
 		if(!srv_io_srv_sess_ctr("sess_ctr", &q_n->ctr, ps, depth))
 			return False;
 	}
@@ -1976,7 +1976,7 @@ BOOL srv_io_r_net_sess_enum(const char *desc, SRV_R_NET_SESS_ENUM *r_n, prs_stru
 	if(!prs_uint32("sess_level", ps, depth, &r_n->sess_level))
 		return False;
 
-	if (r_n->sess_level != -1) {
+	if (r_n->sess_level != (uint32)-1) {
 		if(!srv_io_srv_sess_ctr("sess_ctr", &r_n->ctr, ps, depth))
 			return False;
 	}
@@ -2309,7 +2309,7 @@ BOOL srv_io_q_net_conn_enum(const char *desc, SRV_Q_NET_CONN_ENUM *q_n, prs_stru
 	if(!prs_uint32("conn_level", ps, depth, &q_n->conn_level))
 		return False;
 	
-	if (q_n->conn_level != -1) {
+	if (q_n->conn_level != (uint32)-1) {
 		if(!srv_io_srv_conn_ctr("conn_ctr", &q_n->ctr, ps, depth))
 			return False;
 	}
@@ -2341,7 +2341,7 @@ BOOL srv_io_r_net_conn_enum(const char *desc,  SRV_R_NET_CONN_ENUM *r_n, prs_str
 	if(!prs_uint32("conn_level", ps, depth, &r_n->conn_level))
 		return False;
 
-	if (r_n->conn_level != -1) {
+	if (r_n->conn_level != (uint32)-1) {
 		if(!srv_io_srv_conn_ctr("conn_ctr", &r_n->ctr, ps, depth))
 			return False;
 	}
@@ -2573,7 +2573,7 @@ BOOL srv_io_q_net_file_enum(const char *desc, SRV_Q_NET_FILE_ENUM *q_n, prs_stru
 	if(!prs_uint32("file_level", ps, depth, &q_n->file_level))
 		return False;
 
-	if (q_n->file_level != -1) {
+	if (q_n->file_level != (uint32)-1) {
 		if(!srv_io_srv_file_ctr("file_ctr", &q_n->ctr, ps, depth))
 			return False;
 	}
@@ -3271,7 +3271,7 @@ BOOL srv_io_q_net_disk_enum(const char *desc, SRV_Q_NET_DISK_ENUM *q_n, prs_stru
 BOOL srv_io_r_net_disk_enum(const char *desc, SRV_R_NET_DISK_ENUM *r_n, prs_struct *ps, int depth)
 {
 
-	int i;
+	unsigned int i;
 	uint32 entries_read, entries_read2, entries_read3;
 
 	if (r_n == NULL)
diff --git a/source3/utils/net_ads_cldap.c b/source3/utils/net_ads_cldap.c
index ad66af0439..86d5abea4b 100644
--- a/source3/utils/net_ads_cldap.c
+++ b/source3/utils/net_ads_cldap.c
@@ -59,7 +59,7 @@ struct cldap_netlogon_reply {
 */
 static unsigned pull_netlogon_string(struct netlogon_string *ret,const char *d)
 {
-	char *p = (char *)d;
+	const char *p = (const char *)d;
 
 	ZERO_STRUCTP(ret);
 
@@ -140,7 +140,7 @@ static int send_cldap_netlogon(int sock, const char *domain,
 		return -1;
 	}
 
-	if (write(sock, data.data, data.length) != data.length) {
+	if (write(sock, data.data, data.length) != (ssize_t)data.length) {
 		d_printf("failed to send cldap query (%s)\n", strerror(errno));
 	}
 
@@ -233,7 +233,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
 */
 static void netlogon_string_free(struct netlogon_string *str)
 {
-	int i;
+	unsigned int i;
 
 	for (i = 0; i < str->comp_len; ++i) {
 		SAFE_FREE(str->component[i]);
@@ -259,7 +259,7 @@ static void cldap_reply_free(struct cldap_netlogon_reply *reply)
 static void d_print_netlogon_string(const char *label, 
 				    struct netlogon_string *str)
 {
-	int i;
+	unsigned int i;
 
 	if (str->comp_len) {
 		d_printf("%s", label);
-- 
cgit 


From f1d333ea35a4fed92e2d51aafa4e758f577e5cf1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 08:03:11 +0000
Subject: Remove an unused function and fix the build.

Andrew Bartlett
(This used to be commit 67a0319d268dfc0e2154d3ab0f8bf866e3cbb6db)
---
 source3/lib/charcnv.c | 36 ------------------------------------
 1 file changed, 36 deletions(-)

diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index 76d77ddd67..fa646573d8 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -646,42 +646,6 @@ size_t pull_ucs2_allocate(void **dest, const smb_ucs2_t *src)
 	return convert_string_allocate(CH_UCS2, CH_UNIX, src, src_len, dest);	
 }
 
-/**
- Copy a string from a utf-8 source to a unix char* destination.
- Flags can have:
-  STR_TERMINATE means the string in src is null terminated.
- if STR_TERMINATE is set then src_len is ignored.
- src_len is the length of the source area in bytes
- Return the number of bytes occupied by the string in src.
- The resulting string in "dest" is always null terminated.
-**/
-
-static size_t pull_utf8(char *dest, const void *src, size_t dest_len, size_t src_len, int flags)
-{
-	size_t ret;
-
-	if (dest_len == (size_t)-1)
-		dest_len = sizeof(pstring);
-
-	if (flags & STR_TERMINATE) {
-		if (src_len == (size_t)-1) {
-			src_len = strlen(src) + 1;
-		} else {
-			size_t len = strnlen(src, src_len);
-			if (len < src_len)
-				len++;
-			src_len = len;
-		}
-	}
-
-	ret = convert_string(CH_UTF8, CH_UNIX, src, src_len, dest, dest_len);
-	if (dest_len)
-		dest[MIN(ret, dest_len-1)] = 0;
-
-	return src_len;
-}
-#endif
-
 /**
  * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer using talloc
  *
-- 
cgit 


From 02704f973347f05af5ebcb0d4a494a6102199536 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 08:18:29 +0000
Subject: Minor fixes.  - signed/unsigned  - quieten warning about assignment
 as truth value  - whitespace

Andrew Bartlett
(This used to be commit a13ce0df4b4a776fa635a1fb804dd00d195f58d0)
---
 source3/include/rpc_lsa.h    | 2 +-
 source3/libsmb/trusts_util.c | 4 ++--
 source3/smbd/ipc.c           | 8 ++++----
 source3/utils/net_ads.c      | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index c091e73321..8e1368810f 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -237,7 +237,7 @@ typedef struct r_lsa_query_sec_obj_info
 typedef struct lsa_query_info
 {
 	POLICY_HND pol; /* policy handle */
-    uint16 info_class; /* info class */
+	uint16 info_class; /* info class */
 
 } LSA_Q_QUERY_INFO;
 
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 055851f6b7..f7b2c2e3a6 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -152,9 +152,9 @@ BOOL is_trusted_domain(const char* dom_name)
 				talloc_destroy(mem_ctx);
 				return True;
 			}
-		}						
+		}
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
-		
+
 	/*
 	 * Query the trustdom_cache updated periodically. The only
 	 * way for domain member server.
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index c8bb0c2505..85e28f5d17 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -138,9 +138,9 @@ void send_trans_reply(char *outbuf,
 		set_message(outbuf,10,1+this_ldata+this_lparam+align,False);
 
 		copy_trans_params_and_data(outbuf, align,
-									rparam, tot_param_sent, this_lparam,
-									rdata, tot_data_sent, this_ldata);
-
+					   rparam, tot_param_sent, this_lparam,
+					   rdata, tot_data_sent, this_ldata);
+		
 		SSVAL(outbuf,smb_vwv3,this_lparam);
 		SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
 		SSVAL(outbuf,smb_vwv5,tot_param_sent);
@@ -410,7 +410,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 	}
 
 	if (suwcnt) {
-		int i;
+		unsigned int i;
 		if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
 			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
 			SAFE_FREE(data);
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index ea31a92575..22b9d50ea1 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -155,7 +155,7 @@ retry:
 	 * If the username is of the form "name@realm", 
 	 * extract the realm and convert to upper case.
 	 */
-	if (realm = strchr(ads->auth.user_name, '@')) {
+	if ((realm = strchr(ads->auth.user_name, '@'))) {
 		*realm++ = '\0';
 		ads->auth.realm = strdup(realm);
 		strupper(ads->auth.realm);
-- 
cgit 


From 662b5498183a7ed981bc0fa9d29acb634f326d7c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 10:59:14 +0000
Subject: Fix the non-DEVELOPER case of my macro madness...

Andrew Bartlett
(This used to be commit 618bda3a28f65417e3c31a70229f6da70cf223fc)
---
 source3/include/safe_string.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index c7386d3ac4..8b3665d97b 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -150,7 +150,7 @@ size_t __unsafe_string_function_usage_here2__(void);
 #define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, flags)
 #define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(NULL, 0, base_ptr, dest, src, dest_len, src_len, flags)
 #define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(NULL, 0, cli, dest, src, dest_len, flags)
-#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_push_fn2(NULL, 0, cli, dest, src, dest_len, src_len, flags)
+#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(NULL, 0, cli, dest, src, dest_len, src_len, flags)
 
 #define alpha_strcpy(dest,src,other_safe_chars,maxlength) alpha_strcpy_fn(NULL,0,dest,src,other_safe_chars,maxlength)
 #define StrnCpy(dest,src,n)		StrnCpy_fn(NULL,0,dest,src,n)
-- 
cgit 


From a4261c229571bea5ce3fc00f024133b3b50cd4bf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 11:28:45 +0000
Subject: Fix the 'non-optomizing compiler' case...

Andrew Bartlett
(This used to be commit 94424c5d72246b2e58f3a21aa0de6949d7eb2da1)
---
 source3/include/safe_string.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 8b3665d97b..3e19659961 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -199,8 +199,8 @@ size_t __unsafe_string_function_usage_here2__(void);
 #define safe_strcat_fn2 safe_strcat_fn
 #define push_string_fn2 push_string_fn
 #define pull_string_fn2 pull_string_fn
-#define clistr_push_fn2 clistr_push_fn2
-#define clistr_pull_fn2 clistr_pull_fn2
+#define clistr_push_fn2 clistr_push_fn
+#define clistr_pull_fn2 clistr_pull_fn
 
 #endif
 
-- 
cgit 


From 2055e724ada91865ba00b2d79bc0737504ea761d Mon Sep 17 00:00:00 2001
From: Steve French <sfrench@samba.org>
Date: Sat, 15 Mar 2003 22:35:47 +0000
Subject: Checkin cifs vfs for Linux mount helper (This used to be commit
 a55acfd7a296c5ae9b043dc03393a29d87e43a40)

---
 source3/client/mount.cifs.c | 254 ++++++++++++++++++++++++++++++++++++--------
 1 file changed, 211 insertions(+), 43 deletions(-)

diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c
index 5b19752f8b..7167859d7b 100755
--- a/source3/client/mount.cifs.c
+++ b/source3/client/mount.cifs.c
@@ -13,6 +13,7 @@
 #include <errno.h>
 #include <netdb.h>
 #include <string.h>
+#include <mntent.h>
 
 #define MOUNT_CIFS_VERSION "1"
 
@@ -22,6 +23,11 @@ char * thisprogram;
 int verboseflag = 0;
 static int got_password = 0;
 static int got_user = 0;
+static int got_domain = 0;
+static int got_ip = 0;
+static int got_unc = 0;
+static int got_uid = 0;
+static int got_gid = 0;
 static char * user_name = NULL;
 char * mountpassword = NULL;
 
@@ -32,7 +38,7 @@ void mount_cifs_usage()
 	printf("\nMount the remotetarget, specified as either a UNC name or ");
 	printf(" CIFS URL, to the local directory, dir.\n");
 
-	return;
+	exit(1);
 }
 
 /* caller frees username if necessary */
@@ -51,9 +57,137 @@ char * parse_cifs_url(unc_name)
 	printf("\ncifs url %s\n",unc_name);
 }
 
-char * parse_options(char * options)
+int parse_options(char * options)
 {
-	/* BB add missing code BB */
+	char * data;
+	char * value = 0;
+
+	if (!options)
+		return 1;
+
+	while ((data = strsep(&options, ",")) != NULL) {
+		if (!*data)
+			continue;
+		if ((value = strchr(data, '=')) != NULL) {
+			*value++ = '\0';
+		}
+		if (strncmp(data, "user", 4) == 0) {
+			if (!value || !*value) {
+				printf("invalid or missing username\n");
+				return 1;	/* needs_arg; */
+			}
+			if (strnlen(value, 260) < 260) {
+				got_user=1;
+				/* BB add check for format user%pass */
+				/* if(strchr(username%passw) got_password = 1) */
+			} else {
+				printf("username too long\n");
+				return 1;
+			}
+	} else if (strncmp(data, "pass", 4) == 0) {
+		if (!value || !*value) {
+			if(got_password) {
+				printf("password specified twice, ignoring second\n");
+			} else
+				got_password = 1;
+		} else if (strnlen(value, 17) < 17) {
+			got_password = 1;
+		} else {
+			printf("password too long\n");
+			return 1;
+		}
+	} else if (strncmp(data, "ip", 2) == 0) {
+		if (!value || !*value) {
+			printf("target ip address argument missing");
+		} else if (strnlen(value, 35) < 35) {
+			got_ip = 1;
+		} else {
+			printf("ip address too long\n");
+			return 1;
+		}
+	} else if ((strncmp(data, "unc", 3) == 0)
+		   || (strncmp(data, "target", 6) == 0)
+		   || (strncmp(data, "path", 4) == 0)) {
+		if (!value || !*value) {
+			printf("invalid path to network resource\n");
+			return 1;  /* needs_arg; */
+		} else if(strnlen(value,5) < 5) {
+			printf("UNC name too short");
+		}
+
+		if (strnlen(value, 300) < 300) {
+			got_unc = 1;
+			if (strncmp(value, "//", 2) == 0) {
+				if(got_unc)
+					printf("unc name specified twice, ignoring second\n");
+				else
+					got_unc = 1;
+			} else if (strncmp(value, "\\\\", 2) != 0) {	                   
+				printf("UNC Path does not begin with // or \\\\ \n");
+				return 1;
+			} else {
+				if(got_unc)
+					printf("unc name specified twice, ignoring second\n");
+				else
+					got_unc = 1;
+			}
+		} else {
+			printf("CIFS: UNC name too long\n");
+			return 1;
+		}
+	} else if ((strncmp(data, "domain", 3) == 0)
+		   || (strncmp(data, "workgroup", 5) == 0)) {
+		if (!value || !*value) {
+			printf("CIFS: invalid domain name\n");
+			return 1;	/* needs_arg; */
+		}
+		if (strnlen(value, 65) < 65) {
+			got_domain = 1;
+		} else {
+			printf("domain name too long\n");
+			return 1;
+		}
+	} else if (strncmp(data, "uid", 3) == 0) {
+		if (value && *value) {
+			got_uid = 1;
+		}
+	} else if (strncmp(data, "gid", 3) == 0) {
+		if (value && *value) {
+			got_gid = 1;
+		}
+	} /* else if (strnicmp(data, "file_mode", 4) == 0) {
+		if (value && *value) {
+			vol->file_mode =
+				simple_strtoul(value, &value, 0);
+		}
+	} else if (strnicmp(data, "dir_mode", 3) == 0) {
+		if (value && *value) {
+			vol->dir_mode =
+				simple_strtoul(value, &value, 0);
+		}
+	} else if (strnicmp(data, "port", 4) == 0) {
+		if (value && *value) {
+			vol->port =
+				simple_strtoul(value, &value, 0);
+		}
+	} else if (strnicmp(data, "rsize", 5) == 0) {
+		if (value && *value) {
+			vol->rsize =
+				simple_strtoul(value, &value, 0);
+		}
+	} else if (strnicmp(data, "wsize", 5) == 0) {
+		if (value && *value) {
+			vol->wsize =
+				simple_strtoul(value, &value, 0);
+		}
+	} else if (strnicmp(data, "version", 3) == 0) {
+		
+	} else if (strnicmp(data, "rw", 2) == 0) {
+		
+	} else
+		printf("CIFS: Unknown mount option %s\n",data); */
+	}
+	return 0;
 }
 
 /* Note that caller frees the returned buffer if necessary */
@@ -67,7 +201,6 @@ char * parse_server(char * unc_name)
 	int rc,j;
 	char temp[64];
 
-
 	if(length > 1023) {
 		printf("mount error: UNC name too long");
 		return 0;
@@ -89,8 +222,11 @@ char * parse_server(char * unc_name)
 			printf(" %s does not begin with \\\\ or //\n",unc_name);
 			return 0;
 		} else {
+			unc_name[0] = '\\';
+			unc_name[1] = '\\';
 			unc_name += 2;
-			if (share = strchr(unc_name, '/')) {
+			if ((share = strchr(unc_name, '/')) || 
+				(share = strchr(unc_name,'\\'))) {
 				*share = 0;  /* temporarily terminate the string */
 				share += 1;
 				host_entry = gethostbyname(unc_name);
@@ -102,7 +238,6 @@ char * parse_server(char * unc_name)
 					return 0;
 				}
 				else {
-					printf("Target server %s %x found\n",host_entry->h_name,host_entry->h_addr);	/* BB removeme */
 					/* BB should we pass an alternate version of the share name as Unicode */
 					/* BB what about ipv6? BB */
 					/* BB add retries with alternate servers in list */
@@ -159,12 +294,12 @@ int main(int argc, char ** argv)
 	int c;
 	int flags = MS_MANDLOCK | MS_MGC_VAL;
 	char * orgoptions = NULL;
-	char * options;
-	char * share_name;
+	char * share_name = NULL;
 	char * domain_name = NULL;
-	char * ipaddr;
-	char * mount_point;
+	char * ipaddr = NULL;
 	char * uuid = NULL;
+	char * mountpoint;
+	char * options;
 	int rc,i;
 	int rsize = 0;
 	int wsize = 0;
@@ -174,6 +309,8 @@ int main(int argc, char ** argv)
 	int optlen = 0;
 	struct stat statbuf;
 	struct utsname sysinfo;
+	struct mntent mountent;
+	FILE * pmntfile;
 
 	/* setlocale(LC_ALL, "");
 	bindtextdomain(PACKAGE, LOCALEDIR);
@@ -186,12 +323,14 @@ int main(int argc, char ** argv)
 		thisprogram = "mount.cifs";
 
 	uname(&sysinfo);
-#ifdef _GNU_SOURCE
+	/* BB add workstation name and domain and pass down */
+/*#ifdef _GNU_SOURCE
 	printf(" node: %s machine: %s\n", sysinfo.nodename,sysinfo.machine);
-#endif
-	mount_cifs_usage();
+#endif*/
+	if(argc < 3)
+		mount_cifs_usage();
 	share_name = argv[1];
-	mount_point = argv[2];
+	mountpoint = argv[2];
 	/* add sharename in opts string as unc= parm */
 
 	while ((c = getopt_long (argc, argv, "afFhilL:no:O:rsU:vVwt:",
@@ -291,7 +430,7 @@ int main(int argc, char ** argv)
 			user_name = optarg;
 			break;
 		case 141:
-			 domain_name = optarg;
+			domain_name = optarg;
 			break;
 		case 142:
 			got_password = 1;
@@ -303,18 +442,14 @@ int main(int argc, char ** argv)
 		}
 	}
 
-	for(i = 0;i < argc;i++)  /* BB remove */
-		printf("\narg %d is %s",i,argv[i]);  /* BB remove */
-	printf("\n");  /* BB removeme */
-
 	/* canonicalize the path in argv[1]? */
 
-	if(stat (mount_point, &statbuf)) {
-		printf("mount error: mount point %s does not exist\n",mount_point);
+	if(stat (mountpoint, &statbuf)) {
+		printf("mount error: mount point %s does not exist\n",mountpoint);
 		return -1;
 	}
 	if (S_ISDIR(statbuf.st_mode) == 0) {
-		printf("mount error: mount point %s is not a directory\n",mount_point);
+		printf("mount error: mount point %s is not a directory\n",mountpoint);
 		return -1;
 	}
 
@@ -326,7 +461,8 @@ int main(int argc, char ** argv)
 	ipaddr = parse_server(share_name);
 /*	if(share_name == NULL)
 		return 1; */
-	parse_options(orgoptions);
+	if (parse_options(strdup(orgoptions)))
+		return 1;
 
 	if(got_user == 0)
 		user_name = getusername();
@@ -348,32 +484,50 @@ int main(int argc, char ** argv)
 			got_password = 1;
 		}
 	}
-
-	/* launch daemon (handles dfs name resolution and credential change) */
-	if(orgoptions)
+	/* FIXME launch daemon (handles dfs name resolution and credential change) 
+	   remember to clear parms and overwrite password field before launching */
+	if(orgoptions) {
 		optlen = strlen(orgoptions);
-	else
+	} else
 		optlen = 0;
-	options = malloc(optlen + 25 + strlen(share_name) + strlen(user_name)
-			+ strlen(ipaddr) + 1);
-	strcpy(options,"unc=");
+	if(share_name)
+		optlen += strlen(share_name) + 4;
+	if(user_name)
+		optlen += strlen(user_name) + 6;
+	if(ipaddr)
+		optlen += strlen(ipaddr) + 4;
+	if(mountpassword)
+		optlen += strlen(mountpassword) + 6;
+	options = malloc(optlen + 10);
+
+    options[0] = 0;
+	strncat(options,"unc=",4);
 	strcat(options,share_name);
-	strncat(options,",ip=",4);
-	strcat(options,ipaddr);
-	strncat(options,",user=",6);
-	strcat(options,user_name);
-	strncat(options,",pass=",6);
-	strcat(options,mountpassword);
+	if(ipaddr) {
+		strncat(options,",ip=",4);
+		strcat(options,ipaddr);
+	} 
+	if(user_name) {
+		strncat(options,",user=",6);
+		strcat(options,user_name);
+	} 
+	if(mountpassword) {
+		strncat(options,",pass=",6);
+		strcat(options,mountpassword);
+	}
 	strncat(options,",ver=",5);
 	strcat(options,MOUNT_CIFS_VERSION);
-	if(optlen)
+
+	if(orgoptions) {
+		strcat(options,",");
 		strcat(options,orgoptions);
-	printf("\noptions %s \n",options);
-	if(mount(share_name, mount_point, "cifs", flags, options)) {
+	}
+	/* printf("\noptions %s \n",options);*/
+	if(mount(share_name, mountpoint, "cifs", flags, options)) {
 	/* remember to kill daemon on error */
 		switch (errno) {
 		case 0:
-			printf(" success\n"); /* BB removeme */
+			printf("mount failed but no error number set\n");
 			return 0;
 		case ENODEV:
 			printf("mount error: cifs filesystem not supported by the system\n");
@@ -381,9 +535,23 @@ int main(int argc, char ** argv)
 		default:
 			printf("mount error %d = %s",errno,strerror(errno));
 		}
-		printf("\nRefer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n");
+		printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n");
 		return -1;
-	} else
-		printf(" mount succeeded\n"); /* BB removeme */
+	} else {
+		pmntfile = setmntent(MOUNTED, "a+");
+		if(pmntfile) {
+			mountent.mnt_fsname = share_name;
+			mountent.mnt_dir = mountpoint; 
+			mountent.mnt_type = "cifs"; 
+			mountent.mnt_opts = "";
+			mountent.mnt_freq = 0;
+			mountent.mnt_passno = 0;
+			rc = addmntent(pmntfile,&mountent);
+			endmntent(pmntfile);
+		} else {
+		    printf("could not update mount table\n");
+		}
+	}
+	return 0;
 }
 
-- 
cgit 


From 4b6b03e1838a8cf06c56b6afdaa00402a8a7b83d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 22:57:00 +0000
Subject: Fix non-gmake syntax error. (This used to be commit
 97daece056516e52e56bf5a749676e7c53e087e3)

---
 source3/Makefile.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1a4d97e083..40abe5d71b 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -215,7 +215,7 @@ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \
 	       rpc_client/cli_reg.o rpc_client/cli_pipe.o \
 	       rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o  \
 	       rpc_client/cli_ds.o libsmb/namequery_dc.o
-	       
+
 LIBMSRPC_SERVER_OBJ = libsmb/trusts_util.o
 
 REGOBJS_OBJ = registry/reg_objects.o
-- 
cgit 


From 0dca6fab27039a8874c4b3ab0da5401975344fa9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Mar 2003 23:16:40 +0000
Subject: A hack to get us building on a slightly older heimdal kerberos.  It
 appears that we don't need this flag - heimdal's internal password change
 routines don't set it.

Andrew Bartlett
(This used to be commit 069825bd78f2bf125e8a4e72933da924d393f5a5)
---
 source3/include/ads.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source3/include/ads.h b/source3/include/ads.h
index f90983e405..07bf6e4b3b 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -213,3 +213,10 @@ typedef void **ADS_MODLIST;
 #if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
 #define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
 #endif
+
+/* The older versions of heimdal that don't have this
+   define don't seem to use it anyway.  I'm told they
+   always use a subkey */
+#ifndef AP_OPTS_USE_SUBKEY
+#define AP_OPTS_USE_SUBKEY 0
+#endif
-- 
cgit 


From 3a9bdacca98560706eeb4e625ef1ce7c92d4dfab Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 00:39:40 +0000
Subject: More work on my macro mess - we need function prototypes of different
 types, and we were missing the 'char' type.

Andrew Bartlett
(This used to be commit 193e80fafbda9e3af58fec1e629ec607f29b4099)
---
 source3/include/safe_string.h | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 3e19659961..3bd38ea74e 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -48,10 +48,13 @@
 
 #endif /* !_SPLINT_ */
 
-
+/* We need a number of different prototypes for our 
+   non-existant fuctions */
 char * __unsafe_string_function_usage_here__(void);
 
-size_t __unsafe_string_function_usage_here2__(void);
+size_t __unsafe_string_function_usage_here_size_t__(void);
+
+size_t __unsafe_string_function_usage_here_char__(void);
 
 #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
 
@@ -62,10 +65,10 @@ size_t __unsafe_string_function_usage_here2__(void);
 #define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *))
 
 #define fstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(fstring)) \
-    ? __unsafe_string_function_usage_here__() \
+    ? __unsafe_string_function_usage_here_char__() \
     : (((d)[sizeof(fstring)-1]) = '\0'))
 #define pstrterminate(d) (CHECK_STRING_SIZE(d, sizeof(pstring)) \
-    ? __unsafe_string_function_usage_here__() \
+    ? __unsafe_string_function_usage_here_char__() \
     : (((d)[sizeof(pstring)-1]) = '\0'))
 
 #define wpstrcpy(d,s) ((sizeof(d) != sizeof(wpstring) && sizeof(d) != sizeof(smb_ucs2_t *)) \
@@ -83,7 +86,7 @@ size_t __unsafe_string_function_usage_here2__(void);
 
 #define push_pstring_base(dest, src, pstring_base) \
     (CHECK_STRING_SIZE(pstring_base, sizeof(pstring)) \
-    ? __unsafe_string_function_usage_here2__() \
+    ? __unsafe_string_function_usage_here_size_t__() \
     : push_ascii(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1, STR_TERMINATE))
 
 #else /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */
@@ -175,22 +178,22 @@ size_t __unsafe_string_function_usage_here2__(void);
 
 #define push_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, flags) \
     (CHECK_STRING_SIZE(dest, dest_len) \
-    ? __unsafe_string_function_usage_here2__() \
+    ? __unsafe_string_function_usage_here_size_t__() \
     : push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags))
 
 #define pull_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags) \
     (CHECK_STRING_SIZE(dest, dest_len) \
-    ? __unsafe_string_function_usage_here2__() \
+    ? __unsafe_string_function_usage_here_size_t__() \
     : pull_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags))
 
 #define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \
     (CHECK_STRING_SIZE(dest, dest_len) \
-    ? __unsafe_string_function_usage_here2__() \
+    ? __unsafe_string_function_usage_here_size_t__() \
     : clistr_push_fn(fn_name, fn_line, cli, dest, src, dest_len, flags))
 
 #define clistr_pull_fn2(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags) \
     (CHECK_STRING_SIZE(dest, dest_len) \
-    ? __unsafe_string_function_usage_here2__() \
+    ? __unsafe_string_function_usage_here_size_t__() \
     : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags))
 
 #else
-- 
cgit 


From 2f62a72d9aebf3cfe9aa60a0bdc73f1ae477d5b2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 02:14:05 +0000
Subject: Changes to help the kerberos change password code work on systems
 that have some of the labels 'duplicated' (ie, the defines double-up).

Also, to an ads_connect() to try and find our KDC. (So we don't segfualt
*every* time)

Andrew Bartlett
(This used to be commit 56dce7ddad118051c93c62507234efca3920bc9b)
---
 source3/libads/krb5_setpw.c | 66 ++++++++++++++++++++-------------------------
 source3/utils/net_ads.c     |  9 +++++++
 2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 29bf1a427c..214871b3fb 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -178,47 +178,39 @@ static krb5_error_code build_kpasswd_request(uint16 pversion,
 	return 0;
 }
 
+static const struct kpasswd_errors {
+	int result_code;
+	const char *error_string;
+} kpasswd_errors[] = {
+	{KRB5_KPASSWD_MALFORMED, "Malformed request error"},
+	{KRB5_KPASSWD_HARDERROR, "Server error"},
+	{KRB5_KPASSWD_AUTHERROR, "Authentication error"},
+	{KRB5_KPASSWD_SOFTERROR, "Password change rejected"},
+	{KRB5_KPASSWD_ACCESSDENIED, "Client does not have proper authorization"},
+	{KRB5_KPASSWD_BAD_VERSION, "Protocol version not supported"},
+	{KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "Authorization ticket must have initial flag set"},
+	{KRB5_KPASSWD_POLICY_REJECT, "Password rejected due to policy requirements"},
+	{KRB5_KPASSWD_BAD_PRINCIPAL, "Target principal does not exist"},
+	{KRB5_KPASSWD_ETYPE_NOSUPP, "Unsupported encryption type"},
+	{0, NULL}
+};
+
 static krb5_error_code krb5_setpw_result_code_string(krb5_context context,
 						     int result_code,
 						     const char **code_string)
 {
-   switch (result_code) {
-   case KRB5_KPASSWD_MALFORMED:
-      *code_string = "Malformed request error";
-      break;
-   case KRB5_KPASSWD_HARDERROR:
-      *code_string = "Server error";
-      break;
-   case KRB5_KPASSWD_AUTHERROR:
-      *code_string = "Authentication error";
-      break;
-   case KRB5_KPASSWD_SOFTERROR:
-      *code_string = "Password change rejected";
-      break;
-   case KRB5_KPASSWD_ACCESSDENIED:
-      *code_string = "Client does not have proper authorization";
-      break;
-   case KRB5_KPASSWD_BAD_VERSION:
-      *code_string = "Protocol version not supported";
-      break;
-   case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
-      *code_string = "Authorization ticket must have initial flag set";
-      break;
-   case KRB5_KPASSWD_POLICY_REJECT:
-      *code_string = "Password rejected due to policy requirements";
-      break;
-   case KRB5_KPASSWD_BAD_PRINCIPAL:
-      *code_string = "Target principal does not exist";
-      break;
-   case KRB5_KPASSWD_ETYPE_NOSUPP:
-      *code_string = "Unsupported encryption type";
-      break;
-   default:
-      *code_string = "Password change failed";
-      break;
-   }
-
-   return(0);
+        unsigned int idx = 0;
+
+	while (kpasswd_errors[idx].error_string != NULL) {
+		if (kpasswd_errors[idx].result_code == 
+                    result_code) {
+			*code_string = kpasswd_errors[idx].error_string;
+			return 0;
+		}
+		idx++;
+	}
+	*code_string = "Password change failed";
+        return (0);
 }
 
 static krb5_error_code parse_setpw_reply(krb5_context context, 
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 22b9d50ea1..0f2d673b4b 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -910,6 +910,15 @@ static int net_ads_password(int argc, const char **argv)
     in realms other than default */
     if (!(ads = ads_init(realm, NULL, NULL))) return -1;
 
+    /* we don't actually need a full connect, but it's the easy way to
+       fill in the KDC's addresss */
+    ads_connect(ads);
+    
+    if (!ads || !ads->config.realm) {
+	    d_printf("Didn't find the kerberos server!\n");
+	    return -1;
+    }
+
     asprintf(&prompt, "Enter new password for %s:", argv[0]);
 
     new_password = getpass(prompt);
-- 
cgit 


From 7cf0003dd23114947eec5fb6956f65f85efac7c1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 03:21:58 +0000
Subject: Fix nmbd under -DDEVELOPER (pstrcpy on not-pstring).

Make a new macro to help in this situation, and add memcpy() parinoia

Andrew Bartlett
(This used to be commit 4d00626b6e003952df6715fa80615ec028facdf4)
---
 source3/include/safe_string.h |  2 ++
 source3/nmbd/nmbd_packets.c   | 15 ++++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 3bd38ea74e..65ec05a5c6 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -110,6 +110,8 @@ size_t __unsafe_string_function_usage_here_char__(void);
 #define pstrcpy_base(dest, src, pstring_base) \
     safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
 
+#define safe_strcpy_base(dest, src, base, size) \
+    safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1)
 
 /* String copy functions - macro hell below adds 'type checking' (limited, but the best we can
    do in C) and may tag with function name/number to record the last 'clobber region' on
diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index d83cd10d0c..6c3446d6c8 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -1929,7 +1929,7 @@ BOOL listen_for_packets(BOOL run_election)
 /****************************************************************************
   Construct and send a netbios DGRAM.
 **************************************************************************/
-BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf,int len,
+BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf, size_t len,
                    const char *srcname, int src_type,
                    const char *dstname, int dest_type,
                    struct in_addr dest_ip,struct in_addr src_ip,
@@ -1979,11 +1979,16 @@ BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf,int len,
   SSVAL(ptr,smb_vwv15,1);
   SSVAL(ptr,smb_vwv16,2);
   p2 = smb_buf(ptr);
-  pstrcpy(p2,mailslot);
+  safe_strcpy_base(p2, mailslot, dgram->data, sizeof(dgram->data));
   p2 = skip_string(p2,1);
-
-  memcpy(p2,buf,len);
-  p2 += len;
+  
+  if (((p2+len) > dgram->data+sizeof(dgram->data)) || ((p2+len) < p2)) {
+	  DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
+	  return False;
+  } else {
+	  memcpy(p2,buf,len);
+	  p2 += len;
+  }
 
   dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
 
-- 
cgit 


From 6ba75b540f7c7dab382b4ce223a4aba4c5e4eca0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 13:15:29 +0000
Subject: New statcache internals - this time it's actually possible to follow
 what's going on.

In particular, add doxygen documentation.

Andrew Bartlett
(This used to be commit 7ff77ab46c63eca3b6edf18f39024eadb83a1a90)
---
 source3/smbd/statcache.c | 136 ++++++++++++++++++++++++++++-------------------
 1 file changed, 82 insertions(+), 54 deletions(-)

diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index ac4ffcf575..812e0dde37 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -30,8 +30,10 @@ extern BOOL case_sensitive;
 *****************************************************************************/
 
 typedef struct {
-  int name_len;
-  char names[2]; /* This is extended via malloc... */
+	char *original_path;
+	char *translated_path;
+	size_t translated_path_length;
+	char names[2]; /* This is extended via malloc... */
 } stat_cache_entry;
 
 #define INIT_STAT_CACHE_SIZE 512
@@ -45,15 +47,16 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
 {
   stat_cache_entry *scp;
   stat_cache_entry *found_scp;
-  pstring orig_name;
-  pstring translated_path;
-  int namelen;
+  char *translated_path;
+  size_t translated_path_length;
+
+  char *original_path;
+  size_t original_path_length;
+
   hash_element *hash_elem;
 
   if (!lp_stat_cache()) return;
 
-  namelen = strlen(orig_translated_path);
-
   /*
    * Don't cache trivial valid directory entries.
    */
@@ -75,74 +78,97 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
    * translated path.
    */
 
-  pstrcpy(translated_path, orig_translated_path);
-  if(translated_path[namelen-1] == '/') {
-    translated_path[namelen-1] = '\0';
-    namelen--;
+  translated_path = strdup(orig_translated_path);
+  if (!translated_path)
+	  return;
+
+  translated_path_length = strlen(translated_path);
+
+  if(translated_path[translated_path_length-1] == '/') {
+    translated_path[translated_path_length-1] = '\0';
+    translated_path_length--;
   }
 
+  original_path = strdup(full_orig_name);
+  if (!original_path) 
+	  return;
+
+  original_path_length = strlen(original_path);
+
+  if(!case_sensitive)
+	  strupper(original_path);
+  
+#if 0
   /*
    * We will only replace namelen characters 
    * of full_orig_name.
    * StrnCpy always null terminates.
    */
 
-  StrnCpy(orig_name, full_orig_name, namelen);
+  smbStrnCpy(orig_name, full_orig_name, namelen);
   if(!case_sensitive)
     strupper( orig_name );
+#endif
 
   /*
    * Check this name doesn't exist in the cache before we 
    * add it.
    */
 
-  if ((hash_elem = hash_lookup(&stat_cache, orig_name))) {
-    found_scp = (stat_cache_entry *)(hash_elem->value);
-    if (strcmp((found_scp->names+found_scp->name_len+1), translated_path) == 0) {
-      return;
-    } else {
-      hash_remove(&stat_cache, hash_elem);
-      if((scp = (stat_cache_entry *)malloc(sizeof(stat_cache_entry)+2*namelen)) == NULL) {
-        DEBUG(0,("stat_cache_add: Out of memory !\n"));
-        return;
-      }
-      overmalloc_safe_strcpy(scp->names, orig_name, namelen);
-      overmalloc_safe_strcpy((scp->names+namelen+1), translated_path, namelen);
-      scp->name_len = namelen;
-      hash_insert(&stat_cache, (char *)scp, orig_name);
-    }
-    return;
-  } else {
+  if ((hash_elem = hash_lookup(&stat_cache, original_path))) {
+	  found_scp = (stat_cache_entry *)(hash_elem->value);
+	  if (strcmp((found_scp->translated_path), orig_translated_path) == 0) {
+		  /* already in hash table */
+		  return;
+	  }
+	  /* hash collision - remove before we re-add */
+	  hash_remove(&stat_cache, hash_elem);
+  }  
+  
+  /*
+   * New entry.
+   */
+  
+  if((scp = (stat_cache_entry *)malloc(sizeof(stat_cache_entry)
+				       +original_path_length
+				       +translated_path_length)) == NULL) {
+	  DEBUG(0,("stat_cache_add: Out of memory !\n"));
+	  return;
+  }
 
-    /*
-     * New entry.
-     */
+  scp->original_path = scp->names;
+  scp->translated_path = scp->names + original_path_length + 1;
+  safe_strcpy(scp->original_path, original_path, original_path_length);
+  safe_strcpy(scp->translated_path, translated_path, translated_path_length);
+  scp->translated_path_length = translated_path_length;
 
-    if((scp = (stat_cache_entry *)malloc(sizeof(stat_cache_entry)+2*namelen)) == NULL) {
-      DEBUG(0,("stat_cache_add: Out of memory !\n"));
-      return;
-    }
-    overmalloc_safe_strcpy(scp->names, orig_name, namelen);
-    overmalloc_safe_strcpy(scp->names+namelen+1, translated_path, namelen);
-    scp->name_len = namelen;
-    hash_insert(&stat_cache, (char *)scp, orig_name);
-  }
+  hash_insert(&stat_cache, (char *)scp, original_path);
 
-  DEBUG(5,("stat_cache_add: Added entry %s -> %s\n", scp->names, (scp->names+scp->name_len+1)));
+  DEBUG(5,("stat_cache_add: Added entry %s -> %s\n", scp->original_path, scp->translated_path));
 }
 
-/****************************************************************************
- Look through the stat cache for an entry - promote it to the top if found.
- Return True if we translated (and did a scuccessful stat on) the entire name.
-*****************************************************************************/
+/**
+ * Look through the stat cache for an entry
+ *
+ * The hash-table's internals will promote it to the top if found.
+ *
+ * @param conn    A connection struct to do the stat() with.
+ * @param name    The path we are attempting to cache, modified by this routine
+ *                to be correct as far as the cache can tell us
+ * @param dirpath The path as far as the stat cache told us.
+ * @param start   A pointer into name, for where to 'start' in fixing the rest of the name up.
+ * @param psd     A stat buffer, NOT from the cache, but just a side-effect.
+ *
+ * @return True if we translated (and did a scuccessful stat on) the entire name.
+ *
+ */
 
 BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath, 
 		       char **start, SMB_STRUCT_STAT *pst)
 {
   stat_cache_entry *scp;
-  char *trans_name;
   pstring chk_name;
-  int namelen;
+  size_t namelen;
   hash_element *hash_elem;
   char *sp;
 
@@ -191,18 +217,20 @@ BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath,
     } else {
       scp = (stat_cache_entry *)(hash_elem->value);
       DO_PROFILE_INC(statcache_hits);
-      trans_name = scp->names+scp->name_len+1;
-      if(vfs_stat(conn,trans_name, pst) != 0) {
+      if(vfs_stat(conn,scp->translated_path, pst) != 0) {
         /* Discard this entry - it doesn't exist in the filesystem.  */
         hash_remove(&stat_cache, hash_elem);
         return False;
       }
-      memcpy(name, trans_name, scp->name_len);
-      *start = &name[scp->name_len];
+      memcpy(name, scp->translated_path, MIN(sizeof(pstring)-1, scp->translated_path_length));
+
+      /* set pointer for 'where to start' on fixing the rest of the name */
+      *start = &name[scp->translated_path_length];
       if(**start == '/')
         ++*start;
-      StrnCpy( dirpath, trans_name, name - (*start));
-      return (namelen == scp->name_len);
+
+      pstrcpy(dirpath, scp->translated_path);
+      return (namelen == scp->translated_path_length);
     }
   }
 }
-- 
cgit 


From 644ab8e9b13970f6c6ea7f89760a01484b591172 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 13:16:42 +0000
Subject: Try to avoid dereferencing a null pointer.

Andrew Bartlett
(This used to be commit 4e96585b60512905776c2c6692c76d45241f089d)
---
 source3/smbd/sesssetup.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 674f6145d3..e36760c148 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -273,10 +273,11 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *outbuf,
 {
 	BOOL ret;
 	DATA_BLOB response;
-	struct auth_serversupplied_info *server_info;
-	server_info = (*auth_ntlmssp_state)->server_info;
+	struct auth_serversupplied_info *server_info = NULL;
 
-	if (!NT_STATUS_IS_OK(nt_status)) {
+	if (NT_STATUS_IS_OK(nt_status)) {
+		server_info = (*auth_ntlmssp_state)->server_info;
+	} else {
 		nt_status = do_map_to_guest(nt_status, 
 					    &server_info, 
 					    (*auth_ntlmssp_state)->ntlmssp_state->user, 
@@ -387,19 +388,22 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 			     DATA_BLOB blob1)
 {
 	DATA_BLOB auth, auth_reply;
-	NTSTATUS nt_status;
+	NTSTATUS nt_status = NT_STATUS_INVALID_PARAMETER;
 
 	if (!spnego_parse_auth(blob1, &auth)) {
 #if 0
 		file_save("auth.dat", blob1.data, blob1.length);
 #endif
-		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+		return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
-
-	if ( global_ntlmssp_state ) {
-	nt_status = auth_ntlmssp_update(global_ntlmssp_state, 
-					  auth, &auth_reply);
+	
+	if (!global_ntlmssp_state) {
+		/* auth before negotiatiate? */
+		return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
+	
+	nt_status = auth_ntlmssp_update(global_ntlmssp_state, 
+						auth, &auth_reply);
 
 	data_blob_free(&auth);
 
-- 
cgit 


From 400bb4bfab01a6c262b15658dee5c0d011d0e883 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 13:21:12 +0000
Subject:  - Make ReadDirName return a const char*.

 - Consequential changes from that

 - mark our fstring/pstring assumptions in function prototypes

Andrew Bartlett
(This used to be commit fe2bc64bc439b27387b8f326b0f4f3bfcc3d04a1)
---
 source3/client/client.c     |  2 +-
 source3/lib/util.c          |  2 +-
 source3/smbd/chgpasswd.c    |  2 +-
 source3/smbd/mangle.c       |  2 +-
 source3/smbd/mangle_hash2.c |  2 +-
 source3/smbd/mangle_map.c   |  2 +-
 source3/smbd/trans2.c       | 53 +++++++++++++++++++++++++--------------------
 7 files changed, 36 insertions(+), 29 deletions(-)

diff --git a/source3/client/client.c b/source3/client/client.c
index 99fc779a9e..1248c25659 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1291,7 +1291,7 @@ static int file_find(struct file_list **list, const char *directory,
         int ret;
         char *path;
 	BOOL isdir;
-	char *dname;
+	const char *dname;
 
         dir = opendir(directory);
 	if (!dir) return -1;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 1f300a2815..4216310335 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1435,7 +1435,7 @@ void smb_panic(const char *why)
  A readdir wrapper which just returns the file name.
 ********************************************************************/
 
-char *readdirname(DIR *p)
+const char *readdirname(DIR *p)
 {
 	SMB_STRUCT_DIRENT *ptr;
 	char *dname;
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 401ab131ad..31c4fa7cc9 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -64,7 +64,7 @@ static int findpty(char **slave)
 	int master;
 	static fstring line;
 	DIR *dirp;
-	char *dpname;
+	const char *dpname;
 
 #if defined(HAVE_GRANTPT)
 	/* Try to open /dev/ptmx. If that fails, fall through to old method. */
diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c
index f5c703a5bf..c5d7582c03 100644
--- a/source3/smbd/mangle.c
+++ b/source3/smbd/mangle.c
@@ -107,7 +107,7 @@ BOOL mangle_check_cache(char *s)
    map a long filename to a 8.3 name. 
  */
 
-void mangle_map(char *OutName, BOOL need83, BOOL cache83, int snum)
+void mangle_map(pstring OutName, BOOL need83, BOOL cache83, int snum)
 {
 	/* name mangling can be disabled for speed, in which case
 	   we just truncate the string */
diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c
index eda509214d..cdce28e1bd 100644
--- a/source3/smbd/mangle_hash2.c
+++ b/source3/smbd/mangle_hash2.c
@@ -484,7 +484,7 @@ static BOOL is_legal_name(const char *name)
 
   the name parameter must be able to hold 13 bytes
 */
-static void name_map(char *name, BOOL need83, BOOL cache83)
+static void name_map(fstring name, BOOL need83, BOOL cache83)
 {
 	char *dot_p;
 	char lead_chars[7];
diff --git a/source3/smbd/mangle_map.c b/source3/smbd/mangle_map.c
index 5ae3ebd174..9e798fd41b 100644
--- a/source3/smbd/mangle_map.c
+++ b/source3/smbd/mangle_map.c
@@ -201,7 +201,7 @@ static void mangled_map(char *s, const char *MangledMap)
   front end routine to the mangled map code 
   personally I think that the whole idea of "mangled map" is completely bogus
 */
-void mangle_map_filename(char *fname, int snum)
+void mangle_map_filename(fstring fname, int snum)
 {
 	char *map;
 
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bea09e9e37..4129852f77 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -460,7 +460,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
 				 BOOL *out_of_space, BOOL *got_exact_match,
 				 int *last_name_off)
 {
-	char *dname;
+	const char *dname;
 	BOOL found = False;
 	SMB_STRUCT_STAT sbuf;
 	pstring mask;
@@ -1173,7 +1173,8 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
 		 */
 
 		int current_pos, start_pos;
-		char *dname = NULL;
+		const char *dname = NULL;
+		pstring dname_pstring;
 		void *dirptr = conn->dirptr;
 		start_pos = TellDir(dirptr);
 		for(current_pos = start_pos; current_pos >= 0; current_pos--) {
@@ -1181,21 +1182,24 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
 
 			SeekDir(dirptr, current_pos);
 			dname = ReadDirName(dirptr);
+			if (dname) {
+				/*
+				 * Remember, mangle_map is called by
+				 * get_lanman2_dir_entry(), so the resume name
+				 * could be mangled. Ensure we do the same
+				 * here.
+				 */
+				
+				/* make sure we get a copy that mangle_map can modify */
 
-			/*
-			 * Remember, mangle_map is called by
-			 * get_lanman2_dir_entry(), so the resume name
-			 * could be mangled. Ensure we do the same
-			 * here.
-			 */
-
-			if(dname != NULL)
-				mangle_map( dname, False, True, SNUM(conn));
-
-			if(dname && strcsequal( resume_name, dname)) {
-				SeekDir(dirptr, current_pos+1);
-				DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 ));
-				break;
+				pstrcpy(dname_pstring, dname);
+				mangle_map( dname_pstring, False, True, SNUM(conn));
+				
+				if(strcsequal( resume_name, dname_pstring)) {
+					SeekDir(dirptr, current_pos+1);
+					DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 ));
+					break;
+				}
 			}
 		}
 
@@ -1215,13 +1219,17 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
 				 * here.
 				 */
 
-				if(dname != NULL)
-					mangle_map( dname, False, True, SNUM(conn));
+				if(dname) {
+					/* make sure we get a copy that mangle_map can modify */
+					
+					pstrcpy(dname_pstring, dname);
+					mangle_map(dname_pstring, False, True, SNUM(conn));
 
-				if(dname && strcsequal( resume_name, dname)) {
-					SeekDir(dirptr, current_pos+1);
-					DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 ));
-					break;
+					if(strcsequal( resume_name, dname_pstring)) {
+						SeekDir(dirptr, current_pos+1);
+						DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 ));
+						break;
+					}
 				}
 			} /* end for */
 		} /* end if current_pos */
@@ -1269,7 +1277,6 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
 		dptr_close(&dptr_num); /* This frees up the saved mask */
 	}
 
-
 	/* Set up the return parameter block */
 	SSVAL(params,0,numentries);
 	SSVAL(params,2,finished);
-- 
cgit 


From c6cf08774114a906645a405dea8a7546d614de35 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 13:23:12 +0000
Subject: Add const. (This used to be commit
 5371720971bc60a4cfba0460614306f322aa10b8)

---
 source3/smbd/dir.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 95acf4a262..ec570d3a18 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -578,7 +578,7 @@ BOOL dir_check_ftype(connection_struct *conn,int mode,SMB_STRUCT_STAT *st,int di
 	return True;
 }
 
-static BOOL mangle_mask_match(connection_struct *conn, char *filename, char *mask)
+static BOOL mangle_mask_match(connection_struct *conn, fstring filename, char *mask)
 {
 	mangle_map(filename,True,False,SNUM(conn));
 	return mask_match(filename,mask,False);
@@ -588,10 +588,10 @@ static BOOL mangle_mask_match(connection_struct *conn, char *filename, char *mas
  Get an 8.3 directory entry.
 ****************************************************************************/
 
-BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype,char *fname,
+BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype, pstring fname,
                    SMB_OFF_T *size,int *mode,time_t *date,BOOL check_descend)
 {
-	char *dname;
+	const char *dname;
 	BOOL found = False;
 	SMB_STRUCT_STAT sbuf;
 	pstring path;
@@ -627,8 +627,8 @@ BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype,char *fname,
 			see masktest for a demo
 		*/
 		if ((strcmp(mask,"*.*") == 0) ||
-				mask_match(filename,mask,False) ||
-				mangle_mask_match(conn,filename,mask)) {
+		    mask_match(filename,mask,False) ||
+		    mangle_mask_match(conn,filename,mask)) {
 			if (isrootdir && (strequal(filename,"..") || strequal(filename,".")))
 				continue;
 
@@ -907,7 +907,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto)
 			dirp->current = dirp->data;
 		}
 
-		safe_strcpy(dirp->data+used,n, dirp->mallocsize - used - 1);
+		safe_strcpy_base(dirp->data+used,n, dirp->data, dirp->mallocsize);
 		used += l;
 		dirp->numentries++;
 	}
@@ -933,7 +933,7 @@ void CloseDir(void *p)
  Read from a directory.
 ********************************************************************/
 
-char *ReadDirName(void *p)
+const char *ReadDirName(void *p)
 {
 	char *ret;
 	Dir *dirp = (Dir *)p;
-- 
cgit 


From 7b18c5d1647b44f46cf973701b3bcc9aefb37e7d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 13:24:36 +0000
Subject: Make sure we mark the assumption of a fstring parameter for
 'devicetype' in the function prototype, and change callers to respect this.

Andrew Bartlett
(This used to be commit 9f3d3c380120f16d76d68f346799282d61eec892)
---
 source3/rpc_server/srv_srvsvc_nt.c |  9 +++++++--
 source3/smbd/reply.c               |  4 ++--
 source3/smbd/service.c             | 12 ++++++------
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 6d2320d67d..815dd75d22 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1840,6 +1840,8 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
 	struct current_user user;
 	connection_struct *conn = NULL;
 	BOOL became_user = False; 
+	fstring dev;
+	fstrcpy(dev, "A:");
 
 	ZERO_STRUCT(st);
 
@@ -1853,7 +1855,7 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
 	get_current_user(&user, p);
 
 	become_root();
-	conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
+	conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status);
 	unbecome_root();
 
 	if (conn == NULL) {
@@ -1943,9 +1945,12 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
 	struct current_user user;
 	connection_struct *conn = NULL;
 	BOOL became_user = False;
+	fstring dev;
+	fstrcpy(dev, "A:");
 
 	ZERO_STRUCT(st);
 
+
 	r_u->status = WERR_OK;
 
 	unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname));
@@ -1956,7 +1961,7 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
 	get_current_user(&user, p);
 
 	become_root();
-	conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
+	conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status);
 	unbecome_root();
 
 	if (conn == NULL) {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 80f648981a..5ca0ae52de 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -148,7 +148,7 @@ int reply_tcon(connection_struct *conn,
 	const char *service;
 	pstring service_buf;
 	pstring password;
-	pstring dev;
+	fstring dev;
 	int outsize = 0;
 	uint16 vuid = SVAL(inbuf,smb_uid);
 	int pwlen=0;
@@ -204,7 +204,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 {
 	fstring service;
 	DATA_BLOB password;
-	pstring devicename;
+	fstring devicename;
 	NTSTATUS nt_status;
 	uint16 vuid = SVAL(inbuf,smb_uid);
 	int passlen = SVAL(inbuf,smb_vwv3);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 1c7e4017b0..a47e6c1bbc 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -218,7 +218,7 @@ int find_service(fstring service)
  do some basic sainity checks on the share.  
  This function modifies dev, ecode.
 ****************************************************************************/
-static NTSTATUS share_sanity_checks(int snum, pstring dev) 
+static NTSTATUS share_sanity_checks(int snum, fstring dev) 
 {
 	
 	if (!lp_snum_ok(snum) || 
@@ -233,9 +233,9 @@ static NTSTATUS share_sanity_checks(int snum, pstring dev)
 	
 	if (dev[0] == '?' || !dev[0]) {
 		if (lp_print_ok(snum)) {
-			pstrcpy(dev,"LPT1:");
+			fstrcpy(dev,"LPT1:");
 		} else {
-			pstrcpy(dev,"A:");
+			fstrcpy(dev,"A:");
 		}
 	}
 
@@ -248,7 +248,7 @@ static NTSTATUS share_sanity_checks(int snum, pstring dev)
 
 	/* Behave as a printer if we are supposed to */
 	if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
-		pstrcpy(dev, "LPT1:");
+		fstrcpy(dev, "LPT1:");
 	}
 
 	return NT_STATUS_OK;
@@ -326,7 +326,7 @@ static void set_admin_user(connection_struct *conn, gid_t *groups, size_t n_grou
 
 static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 					       DATA_BLOB password, 
-					       char *dev, NTSTATUS *status)
+					       fstring dev, NTSTATUS *status)
 {
 	struct passwd *pass = NULL;
 	BOOL guest = False;
@@ -747,7 +747,7 @@ connection_struct *make_connection_with_chdir(const char *service_in, DATA_BLOB
 ****************************************************************************/
 
 connection_struct *make_connection(const char *service_in, DATA_BLOB password, 
-				   char *dev, uint16 vuid, NTSTATUS *status)
+				   fstring dev, uint16 vuid, NTSTATUS *status)
 {
 	uid_t euid;
 	user_struct *vuser = NULL;
-- 
cgit 


From 3ecf5d663864cab17288b73426183e1a1499e37c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Mar 2003 22:07:36 +0000
Subject: Missed one when I move 'share_sanity_checks' to use an fstring for
 'dev'.

Andrew Bartlett
(This used to be commit a0208a4f74f9c61eb1e346d9cb62dbe00ef4c24a)
---
 source3/smbd/service.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index a47e6c1bbc..dc471ab87e 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -229,7 +229,7 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev)
 
 	/* you can only connect to the IPC$ service as an ipc device */
 	if (strequal(lp_fstype(snum), "IPC"))
-		pstrcpy(dev,"IPC");
+		fstrcpy(dev,"IPC");
 	
 	if (dev[0] == '?' || !dev[0]) {
 		if (lp_print_ok(snum)) {
-- 
cgit 


From 1171b0c9ac59e7bd667bb82f48cda27c203721d8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 03:47:15 +0000
Subject: Fix memory leaks and add parinoioa code to our stat() cache.

Andrew Bartlett
(This used to be commit 3fd07bd25eefdb2a7a6891fa1169ab2425607249)
---
 source3/smbd/statcache.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index 812e0dde37..57ba6ada81 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -90,14 +90,28 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
   }
 
   original_path = strdup(full_orig_name);
-  if (!original_path) 
+  if (!original_path) {
+	  SAFE_FREE(translated_path);
 	  return;
+  }
 
   original_path_length = strlen(original_path);
 
+  if(original_path[original_path_length-1] == '/') {
+    original_path[original_path_length-1] = '\0';
+    original_path_length--;
+  }
+
   if(!case_sensitive)
 	  strupper(original_path);
-  
+
+  if(!(original_path_length == translated_path_length)) {
+	  DEBUG(0, ("OOPS - tried to store stat cache entry for non-equal length paths [%s] %u and [%s] %u)!\n", original_path, original_path_length, translated_path, translated_path_length));
+	  SAFE_FREE(original_path);
+	  SAFE_FREE(translated_path);
+	  return;
+  }
+
 #if 0
   /*
    * We will only replace namelen characters 
@@ -119,6 +133,8 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
 	  found_scp = (stat_cache_entry *)(hash_elem->value);
 	  if (strcmp((found_scp->translated_path), orig_translated_path) == 0) {
 		  /* already in hash table */
+		  SAFE_FREE(original_path);
+		  SAFE_FREE(translated_path);
 		  return;
 	  }
 	  /* hash collision - remove before we re-add */
@@ -133,6 +149,8 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
 				       +original_path_length
 				       +translated_path_length)) == NULL) {
 	  DEBUG(0,("stat_cache_add: Out of memory !\n"));
+	  SAFE_FREE(original_path);
+	  SAFE_FREE(translated_path);
 	  return;
   }
 
@@ -144,6 +162,9 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
 
   hash_insert(&stat_cache, (char *)scp, original_path);
 
+  SAFE_FREE(original_path);
+  SAFE_FREE(translated_path);
+
   DEBUG(5,("stat_cache_add: Added entry %s -> %s\n", scp->original_path, scp->translated_path));
 }
 
-- 
cgit 


From 077e093d8ae79519baa7edc0c4cbd5b4b853a19a Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 17 Mar 2003 03:56:58 +0000
Subject: Some cosmetic changes to make the popt --usage output look nicer.
 (This used to be commit 39124b9a62e1ba0f8089c36b27d6c79352a27973)

---
 source3/nsswitch/wbinfo.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 68dc178bcd..4f621e7008 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -663,7 +663,7 @@ static BOOL wbinfo_ping(void)
 
 	/* Display response */
 
-        d_printf("'ping' to winbindd %s on fd %d\n", 
+        d_printf("Ping to winbindd %s on fd %d\n", 
                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
 
         return result == NSS_STATUS_SUCCESS;
@@ -695,8 +695,8 @@ int main(int argc, char **argv)
 
 		{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"},
 		{ "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" },
-		{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)", "NETBIOS-NAME" },
-		{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)", "IP" },
+		{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
+		{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
 		{ "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
 		{ "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
 		{ "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
@@ -705,12 +705,12 @@ int main(int argc, char **argv)
 		{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
 		{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
 		{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
-		{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" },
+		{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
 		{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
  		{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
 		{ "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
 		{ "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
-		{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
+		{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
 		{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 		{ 0, 0, 0, 0 }
 	};
-- 
cgit 


From 0ab29d6186135bd66c4154b545ac8323232a6f2e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 04:42:57 +0000
Subject: Fix a memory leak - 'smbcontrol smbd pool-usage' is your freind!

Andrew Bartlett
(This used to be commit a12e8524997e329a4f4cd766d6371e384698795a)
---
 source3/libsmb/trusts_util.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index f7b2c2e3a6..b8f84ba890 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -155,6 +155,8 @@ BOOL is_trusted_domain(const char* dom_name)
 		}
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
+	talloc_destroy(mem_ctx);
+
 	/*
 	 * Query the trustdom_cache updated periodically. The only
 	 * way for domain member server.
-- 
cgit 


From 355bea4b2cd62bdd00bfbb3fba017c62b11ebc95 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 17 Mar 2003 05:46:54 +0000
Subject: Ignore .pyc files. (This used to be commit
 b20a357ac534b513383ad20046a99bb7f39bba25)

---
 source3/stf/.cvsignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 source3/stf/.cvsignore

diff --git a/source3/stf/.cvsignore b/source3/stf/.cvsignore
new file mode 100644
index 0000000000..7e99e367f8
--- /dev/null
+++ b/source3/stf/.cvsignore
@@ -0,0 +1 @@
+*.pyc
\ No newline at end of file
-- 
cgit 


From 1eae003fefaa8e4e9e131c9d5f2a299cec2b5e55 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 17 Mar 2003 05:55:41 +0000
Subject: Applied waider's patch to return DOS error codes for pipes that
 support it. (This used to be commit ac3df9a8051bd105e8e4192d36b3024fdf9f9506)

---
 source3/rpcclient/cmd_dfs.c      |  10 +-
 source3/rpcclient/cmd_ds.c       |   2 +-
 source3/rpcclient/cmd_lsarpc.c   |  28 ++---
 source3/rpcclient/cmd_netlogon.c |  10 +-
 source3/rpcclient/cmd_reg.c      |   4 +-
 source3/rpcclient/cmd_samr.c     |  36 +++---
 source3/rpcclient/cmd_spoolss.c  | 229 +++++++++++++++++++--------------------
 source3/rpcclient/cmd_srvsvc.c   |  32 +++---
 source3/rpcclient/rpcclient.c    |  48 +++++---
 source3/rpcclient/rpcclient.h    |  10 +-
 10 files changed, 217 insertions(+), 192 deletions(-)

diff --git a/source3/rpcclient/cmd_dfs.c b/source3/rpcclient/cmd_dfs.c
index 715174c824..44e97f9881 100644
--- a/source3/rpcclient/cmd_dfs.c
+++ b/source3/rpcclient/cmd_dfs.c
@@ -227,11 +227,11 @@ struct cmd_set dfs_commands[] = {
 
 	{ "DFS" },
 
-	{ "dfsexist",   cmd_dfs_exist,   PI_NETDFS, "Query DFS support",    "" },
-	{ "dfsadd",     cmd_dfs_add,     PI_NETDFS, "Add a DFS share",      "" },
-	{ "dfsremove",  cmd_dfs_remove,  PI_NETDFS, "Remove a DFS share",   "" },
-	{ "dfsgetinfo", cmd_dfs_getinfo, PI_NETDFS, "Query DFS share info", "" },
-	{ "dfsenum",    cmd_dfs_enum,    PI_NETDFS, "Enumerate dfs shares", "" },
+	{ "dfsexist",  RPC_RTYPE_NTSTATUS, cmd_dfs_exist,   NULL, PI_NETDFS, "Query DFS support",    "" },
+	{ "dfsadd",    RPC_RTYPE_NTSTATUS, cmd_dfs_add,     NULL, PI_NETDFS, "Add a DFS share",      "" },
+	{ "dfsremove", RPC_RTYPE_NTSTATUS, cmd_dfs_remove,  NULL, PI_NETDFS, "Remove a DFS share",   "" },
+	{ "dfsgetinfo",RPC_RTYPE_NTSTATUS, cmd_dfs_getinfo, NULL, PI_NETDFS, "Query DFS share info", "" },
+	{ "dfsenum",   RPC_RTYPE_NTSTATUS, cmd_dfs_enum,    NULL, PI_NETDFS, "Enumerate dfs shares", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c
index 9de6d6a9ec..4c2f52e291 100644
--- a/source3/rpcclient/cmd_ds.c
+++ b/source3/rpcclient/cmd_ds.c
@@ -53,7 +53,7 @@ struct cmd_set ds_commands[] = {
 
 	{ "LSARPC-DS" },
 
-	{ "dsroledominfo",	cmd_ds_dsrole_getprimarydominfo,       PI_LSARPC_DS, "Get Primary Domain Information", "" },
+	{ "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, "Get Primary Domain Information", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index fab6a89ed5..808ef50a45 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -741,20 +741,20 @@ struct cmd_set lsarpc_commands[] = {
 
 	{ "LSARPC" },
 
-	{ "lsaquery", 	         cmd_lsa_query_info_policy,  PI_LSARPC, "Query info policy",                    "" },
-	{ "lookupsids",          cmd_lsa_lookup_sids,        PI_LSARPC, "Convert SIDs to names",                "" },
-	{ "lookupnames",         cmd_lsa_lookup_names,       PI_LSARPC, "Convert names to SIDs",                "" },
-	{ "enumtrust", 	         cmd_lsa_enum_trust_dom,     PI_LSARPC, "Enumerate trusted domains",            "Usage: [preferred max number] [enum context (0)]" },
-	{ "enumprivs", 	         cmd_lsa_enum_privilege,     PI_LSARPC, "Enumerate privileges",                 "" },
-	{ "getdispname",         cmd_lsa_get_dispname,       PI_LSARPC, "Get the privilege name",               "" },
-	{ "lsaenumsid",          cmd_lsa_enum_sids,          PI_LSARPC, "Enumerate the LSA SIDS",               "" },
-	{ "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PI_LSARPC, "Enumerate the privileges of an SID",   "" },
-	{ "lsaenumacctrights",   cmd_lsa_enum_acct_rights,   PI_LSARPC, "Enumerate the rights of an SID",   "" },
-	{ "lsaenumacctwithright",cmd_lsa_enum_acct_with_right,PI_LSARPC,"Enumerate accounts with a right",   "" },
-	{ "lsaaddacctrights",    cmd_lsa_add_acct_rights,    PI_LSARPC, "Add rights to an account",   "" },
-	{ "lsaremoveacctrights", cmd_lsa_remove_acct_rights, PI_LSARPC, "Remove rights from an account",   "" },
-	{ "lsalookupprivvalue",  cmd_lsa_lookupprivvalue,    PI_LSARPC, "Get a privilege value given its name", "" },
-	{ "lsaquerysecobj",      cmd_lsa_query_secobj,       PI_LSARPC, "Query LSA security object", "" },
+	{ "lsaquery", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy,  NULL, PI_LSARPC, "Query info policy",                    "" },
+	{ "lookupsids",          RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,        NULL, PI_LSARPC, "Convert SIDs to names",                "" },
+	{ "lookupnames",         RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names,       NULL, PI_LSARPC, "Convert names to SIDs",                "" },
+	{ "enumtrust", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom,     NULL, PI_LSARPC, "Enumerate trusted domains",            "Usage: [preferred max number] [enum context (0)]" },
+	{ "enumprivs", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege,     NULL, PI_LSARPC, "Enumerate privileges",                 "" },
+	{ "getdispname",         RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname,       NULL, PI_LSARPC, "Get the privilege name",               "" },
+	{ "lsaenumsid",          RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids,          NULL, PI_LSARPC, "Enumerate the LSA SIDS",               "" },
+	{ "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID",   "" },
+	{ "lsaenumacctrights",   RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights,   NULL, PI_LSARPC, "Enumerate the rights of an SID",   "" },
+	{ "lsaenumacctwithright",RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_with_right,NULL, PI_LSARPC,"Enumerate accounts with a right",   "" },
+	{ "lsaaddacctrights",    RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights,    NULL, PI_LSARPC, "Add rights to an account",   "" },
+	{ "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account",   "" },
+	{ "lsalookupprivvalue",  RPC_RTYPE_NTSTATUS, cmd_lsa_lookupprivvalue,    NULL, PI_LSARPC, "Get a privilege value given its name", "" },
+	{ "lsaquerysecobj",      RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj,       NULL, PI_LSARPC, "Query LSA security object", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 407bff3735..1421c4da26 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -332,11 +332,11 @@ struct cmd_set netlogon_commands[] = {
 
 	{ "NETLOGON" },
 
-	{ "logonctrl2", cmd_netlogon_logon_ctrl2, PI_NETLOGON, "Logon Control 2",     "" },
-	{ "logonctrl",  cmd_netlogon_logon_ctrl,  PI_NETLOGON, "Logon Control",       "" },
-	{ "samsync",    cmd_netlogon_sam_sync,    PI_NETLOGON, "Sam Synchronisation", "" },
-	{ "samdeltas",  cmd_netlogon_sam_deltas,  PI_NETLOGON, "Query Sam Deltas",    "" },
-        { "samlogon",   cmd_netlogon_sam_logon,   PI_NETLOGON, "Sam Logon",           "" },
+	{ "logonctrl2", RPC_RTYPE_NTSTATUS, cmd_netlogon_logon_ctrl2, NULL, PI_NETLOGON, "Logon Control 2",     "" },
+	{ "logonctrl",  RPC_RTYPE_NTSTATUS, cmd_netlogon_logon_ctrl,  NULL, PI_NETLOGON, "Logon Control",       "" },
+	{ "samsync",    RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync,    NULL, PI_NETLOGON, "Sam Synchronisation", "" },
+	{ "samdeltas",  RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas,  NULL, PI_NETLOGON, "Query Sam Deltas",    "" },
+     { "samlogon",   RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon,   NULL, PI_NETLOGON, "Sam Logon",           "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c
index 8943331dab..bf85d21716 100644
--- a/source3/rpcclient/cmd_reg.c
+++ b/source3/rpcclient/cmd_reg.c
@@ -970,10 +970,10 @@ struct cmd_set reg_commands[] = {
 
 	{ "REG"  },
 
-	{ "shutdown",		cmd_reg_shutdown,		PI_WINREG, "Remote Shutdown",
+	{ "shutdown", RPC_RTYPE_NTSTATUS, cmd_reg_shutdown, NULL, PI_WINREG, "Remote Shutdown",
 				"syntax: shutdown [-m message] [-t timeout] [-r] [-h] [-f] (-r == reboot, -h == halt, -f == force)" },
 				
-	{ "abortshutdown",	cmd_reg_abort_shutdown,		PI_WINREG, "Abort Shutdown",
+	{ "abortshutdown", RPC_RTYPE_NTSTATUS, cmd_reg_abort_shutdown, NULL, PI_WINREG, "Abort Shutdown",
 				"syntax: abortshutdown" },
 /*
 	{ "regenum",		cmd_reg_enum,			"Registry Enumeration",
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 95ea27562e..866381456b 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1494,24 +1494,24 @@ struct cmd_set samr_commands[] = {
 
 	{ "SAMR" },
 
-	{ "queryuser", 		cmd_samr_query_user, 		PI_SAMR,	"Query user info",         "" },
-	{ "querygroup", 	cmd_samr_query_group, 		PI_SAMR,	"Query group info",        "" },
-	{ "queryusergroups", 	cmd_samr_query_usergroups, 	PI_SAMR,	"Query user groups",       "" },
-	{ "queryuseraliases", 	cmd_samr_query_useraliases, 	PI_SAMR,	"Query user aliases",      "" },
-	{ "querygroupmem", 	cmd_samr_query_groupmem, 	PI_SAMR,	"Query group membership",  "" },
-	{ "queryaliasmem", 	cmd_samr_query_aliasmem, 	PI_SAMR,	"Query alias membership",  "" },
-	{ "querydispinfo", 	cmd_samr_query_dispinfo, 	PI_SAMR,	"Query display info",      "" },
-	{ "querydominfo", 	cmd_samr_query_dominfo, 	PI_SAMR,	"Query domain info",       "" },
-	{ "enumdomusers",      cmd_samr_enum_dom_users,       PI_SAMR,	"Enumerate domain users", "" },
-	{ "enumdomgroups",      cmd_samr_enum_dom_groups,       PI_SAMR,	"Enumerate domain groups", "" },
-	{ "enumalsgroups",      cmd_samr_enum_als_groups,       PI_SAMR,	"Enumerate alias groups",  "" },
-
-	{ "createdomuser",      cmd_samr_create_dom_user,       PI_SAMR,	"Create domain user",      "" },
-	{ "samlookupnames",     cmd_samr_lookup_names,          PI_SAMR,	"Look up names",           "" },
-	{ "samlookuprids",      cmd_samr_lookup_rids,           PI_SAMR,	"Look up names",           "" },
-	{ "deletedomuser",      cmd_samr_delete_dom_user,       PI_SAMR,	"Delete domain user",      "" },
-	{ "samquerysecobj",     cmd_samr_query_sec_obj,         PI_SAMR, "Query SAMR security object",   "" },
-	{ "getdompwinfo",       cmd_samr_get_dom_pwinfo,        PI_SAMR, "Retrieve domain password info", "" },
+	{ "queryuser", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_user, 		NULL, PI_SAMR,	"Query user info",         "" },
+	{ "querygroup", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_group, 		NULL, PI_SAMR,	"Query group info",        "" },
+	{ "queryusergroups", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, 	NULL, PI_SAMR,	"Query user groups",       "" },
+	{ "queryuseraliases", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, 	NULL, PI_SAMR,	"Query user aliases",      "" },
+	{ "querygroupmem", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, 	NULL, PI_SAMR,	"Query group membership",  "" },
+	{ "queryaliasmem", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, 	NULL, PI_SAMR,	"Query alias membership",  "" },
+	{ "querydispinfo", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, 	NULL, PI_SAMR,	"Query display info",      "" },
+	{ "querydominfo", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, 	NULL, PI_SAMR,	"Query domain info",       "" },
+	{ "enumdomusers",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users,       NULL, PI_SAMR,	"Enumerate domain users", "" },
+	{ "enumdomgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups,       NULL, PI_SAMR,	"Enumerate domain groups", "" },
+	{ "enumalsgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups,       NULL, PI_SAMR,	"Enumerate alias groups",  "" },
+
+	{ "createdomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user,       NULL, PI_SAMR,	"Create domain user",      "" },
+	{ "samlookupnames",     RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names,          NULL, PI_SAMR,	"Look up names",           "" },
+	{ "samlookuprids",      RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids,           NULL, PI_SAMR,	"Look up names",           "" },
+	{ "deletedomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user,       NULL, PI_SAMR,	"Delete domain user",      "" },
+	{ "samquerysecobj",     RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj,         NULL, PI_SAMR, "Query SAMR security object",   "" },
+	{ "getdompwinfo",       RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo,        NULL, PI_SAMR, "Retrieve domain password info", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 9686fd1e24..3ce7f9e6ac 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -84,19 +84,19 @@ BOOL get_short_archi(char *short_archi, const char *long_archi)
 /**********************************************************************
  * dummy function  -- placeholder
   */
-static NTSTATUS cmd_spoolss_not_implemented(struct cli_state *cli, 
+static WERROR cmd_spoolss_not_implemented(struct cli_state *cli, 
                                             TALLOC_CTX *mem_ctx,
                                             int argc, const char **argv)
 {
 	printf ("(*) This command is not currently implemented.\n");
-	return NT_STATUS_OK;
+	return WERR_OK;
 }
 #endif
 
 /***********************************************************************
  * Get printer information
  */
-static NTSTATUS cmd_spoolss_open_printer_ex(struct cli_state *cli, 
+static WERROR cmd_spoolss_open_printer_ex(struct cli_state *cli, 
                                             TALLOC_CTX *mem_ctx,
                                             int argc, const char **argv)
 {
@@ -107,11 +107,11 @@ static NTSTATUS cmd_spoolss_open_printer_ex(struct cli_state *cli,
 	
 	if (argc != 2) {
 		printf("Usage: %s <printername>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	
 	if (!cli)
-		return NT_STATUS_UNSUCCESSFUL;
+            return WERR_GENERAL_FAILURE;
 
 	slprintf (servername, sizeof(servername)-1, "\\\\%s", cli->desthost);
 	strupper (servername);
@@ -134,7 +134,7 @@ static NTSTATUS cmd_spoolss_open_printer_ex(struct cli_state *cli,
 		}
 	}
 
-	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
 
@@ -298,7 +298,7 @@ static void display_print_info_3(PRINTER_INFO_3 *i3)
 
 /* Enumerate printers */
 
-static NTSTATUS cmd_spoolss_enum_printers(struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_printers(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
                                           int argc, const char **argv)
 {
@@ -311,7 +311,7 @@ static NTSTATUS cmd_spoolss_enum_printers(struct cli_state *cli,
 	if (argc > 3) 
 	{
 		printf("Usage: %s [level] [name]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	if (argc == 2)
@@ -367,7 +367,7 @@ static NTSTATUS cmd_spoolss_enum_printers(struct cli_state *cli,
 	}
 	done:
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /****************************************************************************
@@ -403,7 +403,7 @@ static void display_port_info_2(PORT_INFO_2 *i2)
 
 /* Enumerate ports */
 
-static NTSTATUS cmd_spoolss_enum_ports(struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_ports(struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
 				       const char **argv)
 {
@@ -414,7 +414,7 @@ static NTSTATUS cmd_spoolss_enum_ports(struct cli_state *cli,
 	
 	if (argc > 2) {
 		printf("Usage: %s [level]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	
 	if (argc == 2)
@@ -449,13 +449,13 @@ static NTSTATUS cmd_spoolss_enum_ports(struct cli_state *cli,
 		}
 	}
 	
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /***********************************************************************
  * Set printer comment - use a level2 set.
  */
-static NTSTATUS cmd_spoolss_setprinter(struct cli_state *cli,
+static WERROR cmd_spoolss_setprinter(struct cli_state *cli,
                                        TALLOC_CTX *mem_ctx,
                                        int argc, const char **argv)
 {
@@ -473,7 +473,7 @@ static NTSTATUS cmd_spoolss_setprinter(struct cli_state *cli,
 	if (argc == 1 || argc > 3) {
 		printf("Usage: %s printername comment\n", argv[0]);
 
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	/* Open a printer handle */
@@ -519,13 +519,13 @@ static NTSTATUS cmd_spoolss_setprinter(struct cli_state *cli,
 	if (opened_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /***********************************************************************
  * Get printer information
  */
-static NTSTATUS cmd_spoolss_getprinter(struct cli_state *cli,
+static WERROR cmd_spoolss_getprinter(struct cli_state *cli,
                                        TALLOC_CTX *mem_ctx,
                                        int argc, const char **argv)
 {
@@ -541,7 +541,7 @@ static NTSTATUS cmd_spoolss_getprinter(struct cli_state *cli,
 
 	if (argc == 1 || argc > 3) {
 		printf("Usage: %s <printername> [level]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	/* Open a printer handle */
@@ -601,7 +601,7 @@ static NTSTATUS cmd_spoolss_getprinter(struct cli_state *cli,
 	if (opened_hnd) 
 		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 static void display_reg_value(REGISTRY_VALUE value)
@@ -644,7 +644,7 @@ static void display_reg_value(REGISTRY_VALUE value)
 /***********************************************************************
  * Get printer data
  */
-static NTSTATUS cmd_spoolss_getprinterdata(struct cli_state *cli,
+static WERROR cmd_spoolss_getprinterdata(struct cli_state *cli,
 					   TALLOC_CTX *mem_ctx,
 					   int argc, const char **argv)
 {
@@ -661,7 +661,7 @@ static NTSTATUS cmd_spoolss_getprinterdata(struct cli_state *cli,
 	if (argc != 3) {
 		printf("Usage: %s <printername> <valuename>\n", argv[0]);
 		printf("<printername> of . queries print server\n");
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	valuename = argv[2];
 
@@ -709,13 +709,13 @@ static NTSTATUS cmd_spoolss_getprinterdata(struct cli_state *cli,
 	if (opened_hnd) 
 		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /***********************************************************************
  * Get printer data
  */
-static NTSTATUS cmd_spoolss_getprinterdataex(struct cli_state *cli,
+static WERROR cmd_spoolss_getprinterdataex(struct cli_state *cli,
 					     TALLOC_CTX *mem_ctx,
 					     int argc, const char **argv)
 {
@@ -733,7 +733,7 @@ static NTSTATUS cmd_spoolss_getprinterdataex(struct cli_state *cli,
 		printf("Usage: %s <printername> <keyname> <valuename>\n", 
 		       argv[0]);
 		printf("<printername> of . queries print server\n");
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	valuename = argv[3];
 	keyname = argv[2];
@@ -784,7 +784,7 @@ static NTSTATUS cmd_spoolss_getprinterdataex(struct cli_state *cli,
 	if (opened_hnd) 
 		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /****************************************************************************
@@ -900,13 +900,12 @@ static void display_print_driver_3(DRIVER_INFO_3 *i1)
 /***********************************************************************
  * Get printer information
  */
-static NTSTATUS cmd_spoolss_getdriver(struct cli_state *cli, 
+static WERROR cmd_spoolss_getdriver(struct cli_state *cli, 
                                       TALLOC_CTX *mem_ctx,
                                       int argc, const char **argv)
 {
 	POLICY_HND 	pol;
 	WERROR          werror;
-	NTSTATUS	result;
 	uint32		info_level = 3;
 	BOOL 		opened_hnd = False;
 	PRINTER_DRIVER_CTR 	ctr;
@@ -918,7 +917,7 @@ static NTSTATUS cmd_spoolss_getdriver(struct cli_state *cli,
 	if ((argc == 1) || (argc > 3)) 
 	{
 		printf("Usage: %s <printername> [level]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	/* get the arguments need to open the printer handle */
@@ -935,11 +934,9 @@ static NTSTATUS cmd_spoolss_getdriver(struct cli_state *cli,
 					     PRINTER_ACCESS_USE,
 					     servername, user, &pol);
 
-	result = W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-
-	if (!NT_STATUS_IS_OK(result)) {
+	if (!W_ERROR_IS_OK(werror)) {
 		printf("Error opening printer handle for %s!\n", printername);
-		return result;
+		return werror;
 	}
 
 	opened_hnd = True;
@@ -984,13 +981,13 @@ static NTSTATUS cmd_spoolss_getdriver(struct cli_state *cli,
 	if (opened_hnd)
 		cli_spoolss_close_printer (cli, mem_ctx, &pol);
 	
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
 /***********************************************************************
  * Get printer information
  */
-static NTSTATUS cmd_spoolss_enum_drivers(struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_drivers(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
                                          int argc, const char **argv)
 {
@@ -1003,7 +1000,7 @@ static NTSTATUS cmd_spoolss_enum_drivers(struct cli_state *cli,
 	if (argc > 2) 
 	{
 		printf("Usage: enumdrivers [level]\n");
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	if (argc == 2)
@@ -1058,7 +1055,7 @@ static NTSTATUS cmd_spoolss_enum_drivers(struct cli_state *cli,
 		}
 	}
 	
-	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
 /****************************************************************************
@@ -1078,7 +1075,7 @@ static void display_printdriverdir_1(DRIVER_DIRECTORY_1 *i1)
 /***********************************************************************
  * Get printer driver directory information
  */
-static NTSTATUS cmd_spoolss_getdriverdir(struct cli_state *cli, 
+static WERROR cmd_spoolss_getdriverdir(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
                                          int argc, const char **argv)
 {
@@ -1089,7 +1086,7 @@ static NTSTATUS cmd_spoolss_getdriverdir(struct cli_state *cli,
 
 	if (argc > 2) {
 		printf("Usage: %s [environment]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	/* Get the arguments need to open the printer handle */
@@ -1111,7 +1108,7 @@ static NTSTATUS cmd_spoolss_getdriverdir(struct cli_state *cli,
 	if (W_ERROR_IS_OK(result))
 		display_printdriverdir_1(ctr.info1);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /*******************************************************************************
@@ -1222,7 +1219,7 @@ static BOOL init_drv_info_3_members (
 }
 
 
-static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli, 
+static WERROR cmd_spoolss_addprinterdriver(struct cli_state *cli, 
                                              TALLOC_CTX *mem_ctx,
                                              int argc, const char **argv)
 {
@@ -1241,7 +1238,7 @@ static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli,
     		printf ("\t<Config File Name>:<Help File Name>:<Language Monitor Name>:\\\n");
 	    	printf ("\t<Default Data Type>:<Comma Separated list of Files>\n");
 
-		return NT_STATUS_OK;
+            return WERR_OK;
         }
 		
 	/* Fill in the DRIVER_INFO_3 struct */
@@ -1249,7 +1246,7 @@ static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli,
 	if (!get_short_archi(arch, argv[1]))
 	{
 		printf ("Error Unknown architechture [%s]\n", argv[1]);
-		return NT_STATUS_INVALID_PARAMETER;
+		return WERR_INVALID_PARAM;
 	}
 	else
 		set_drv_info_3_env(&info3, arch);
@@ -1257,7 +1254,7 @@ static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli,
 	if (!init_drv_info_3_members(mem_ctx, &info3, argv[2]))
 	{
 		printf ("Error Invalid parameter list - %s.\n", argv[2]);
-		return NT_STATUS_INVALID_PARAMETER;
+		return WERR_INVALID_PARAM;
 	}
 
 
@@ -1271,11 +1268,11 @@ static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli,
 			driver_name);
 	}
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 
-static NTSTATUS cmd_spoolss_addprinterex(struct cli_state *cli, 
+static WERROR cmd_spoolss_addprinterex(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
                                          int argc, const char **argv)
 {
@@ -1289,7 +1286,7 @@ static NTSTATUS cmd_spoolss_addprinterex(struct cli_state *cli,
 	if (argc != 5)
 	{
 		printf ("Usage: %s <name> <shared name> <driver> <port>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 	
         slprintf (servername, sizeof(servername)-1, "\\\\%s", cli->desthost);
@@ -1329,10 +1326,10 @@ static NTSTATUS cmd_spoolss_addprinterex(struct cli_state *cli,
 	if (W_ERROR_IS_OK(result))
 		printf ("Printer %s successfully installed.\n", argv[1]);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
-static NTSTATUS cmd_spoolss_setdriver(struct cli_state *cli, 
+static WERROR cmd_spoolss_setdriver(struct cli_state *cli, 
                                       TALLOC_CTX *mem_ctx,
                                       int argc, const char **argv)
 {
@@ -1351,7 +1348,7 @@ static NTSTATUS cmd_spoolss_setdriver(struct cli_state *cli,
 	if (argc != 3)
 	{
 		printf ("Usage: %s <printer> <driver>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 
 	slprintf (servername, sizeof(servername)-1, "\\\\%s", cli->desthost);
@@ -1406,11 +1403,11 @@ done:
 	if (opened_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 
-static NTSTATUS cmd_spoolss_deletedriver(struct cli_state *cli, 
+static WERROR cmd_spoolss_deletedriver(struct cli_state *cli, 
                                          TALLOC_CTX *mem_ctx,
                                          int argc, const char **argv)
 {
@@ -1422,7 +1419,7 @@ static NTSTATUS cmd_spoolss_deletedriver(struct cli_state *cli,
 	if (argc != 2)
 	{
 		printf ("Usage: %s <driver>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 
 	slprintf (servername, sizeof(servername)-1, "\\\\%s", cli->desthost);
@@ -1449,10 +1446,10 @@ static NTSTATUS cmd_spoolss_deletedriver(struct cli_state *cli,
 		}
 	}
 		
-	return W_ERROR_IS_OK(result) || W_ERROR_EQUAL(result, WERR_UNKNOWN_PRINTER_DRIVER) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
-static NTSTATUS cmd_spoolss_getprintprocdir(struct cli_state *cli, 
+static WERROR cmd_spoolss_getprintprocdir(struct cli_state *cli, 
 					    TALLOC_CTX *mem_ctx,
 					    int argc, const char **argv)
 {
@@ -1464,17 +1461,17 @@ static NTSTATUS cmd_spoolss_getprintprocdir(struct cli_state *cli,
 	/* parse the command arguements */
 	if (argc > 2) {
 		printf ("Usage: %s [environment]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 
 	if (asprintf(&servername, "\\\\%s", cli->desthost) < 0)
-		return NT_STATUS_NO_MEMORY;
+		return WERR_NOMEM;
 	strupper(servername);
 
 	if (asprintf(&environment, "%s", (argc == 2) ? argv[1] : 
 		     PRINTER_DRIVER_ARCHITECTURE) < 0) {
 		SAFE_FREE(servername);
-		return NT_STATUS_NO_MEMORY;
+		return WERR_NOMEM;
 	}
 
 	result = cli_spoolss_getprintprocessordirectory(
@@ -1491,12 +1488,12 @@ static NTSTATUS cmd_spoolss_getprintprocdir(struct cli_state *cli,
 	SAFE_FREE(servername);
 	SAFE_FREE(environment);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /* Add a form */
 
-static NTSTATUS cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static WERROR cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 				    int argc, const char **argv)
 {
 	POLICY_HND handle;
@@ -1509,7 +1506,7 @@ static NTSTATUS cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 	if (argc != 3) {
 		printf ("Usage: %s <printer> <formname>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 	
 	/* Get a printer handle */
@@ -1550,12 +1547,12 @@ static NTSTATUS cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	SAFE_FREE(servername);
 	SAFE_FREE(printername);
 
-	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
 /* Set a form */
 
-static NTSTATUS cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static WERROR cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 				    int argc, const char **argv)
 {
 	POLICY_HND handle;
@@ -1568,7 +1565,7 @@ static NTSTATUS cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 	if (argc != 3) {
 		printf ("Usage: %s <printer> <formname>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 	
 	/* Get a printer handle */
@@ -1608,12 +1605,12 @@ static NTSTATUS cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	SAFE_FREE(servername);
 	SAFE_FREE(printername);
 
-	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
 /* Get a form */
 
-static NTSTATUS cmd_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static WERROR cmd_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 				    int argc, const char **argv)
 {
 	POLICY_HND handle;
@@ -1627,7 +1624,7 @@ static NTSTATUS cmd_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 
 	if (argc != 3) {
 		printf ("Usage: %s <printer> <formname>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 	
 	/* Get a printer handle */
@@ -1671,12 +1668,12 @@ static NTSTATUS cmd_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	SAFE_FREE(servername);
 	SAFE_FREE(printername);
 
-	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
 /* Delete a form */
 
-static NTSTATUS cmd_spoolss_deleteform(struct cli_state *cli, 
+static WERROR cmd_spoolss_deleteform(struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
 				       const char **argv)
 {
@@ -1689,7 +1686,7 @@ static NTSTATUS cmd_spoolss_deleteform(struct cli_state *cli,
 
 	if (argc != 3) {
 		printf ("Usage: %s <printer> <formname>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 	
 	/* Get a printer handle */
@@ -1718,12 +1715,12 @@ static NTSTATUS cmd_spoolss_deleteform(struct cli_state *cli,
 	SAFE_FREE(servername);
 	SAFE_FREE(printername);
 
-	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
 /* Enumerate forms */
 
-static NTSTATUS cmd_spoolss_enum_forms(struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_forms(struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
 				       const char **argv)
 {
@@ -1738,7 +1735,7 @@ static NTSTATUS cmd_spoolss_enum_forms(struct cli_state *cli,
 
 	if (argc != 2) {
 		printf ("Usage: %s <printer>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 	
 	/* Get a printer handle */
@@ -1788,10 +1785,10 @@ static NTSTATUS cmd_spoolss_enum_forms(struct cli_state *cli,
 	SAFE_FREE(servername);
 	SAFE_FREE(printername);
 
-	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return werror;
 }
 
-static NTSTATUS cmd_spoolss_setprinterdata(struct cli_state *cli,
+static WERROR cmd_spoolss_setprinterdata(struct cli_state *cli,
 					    TALLOC_CTX *mem_ctx,
 					    int argc, const char **argv)
 {
@@ -1807,7 +1804,7 @@ static NTSTATUS cmd_spoolss_setprinterdata(struct cli_state *cli,
 	/* parse the command arguements */
 	if (argc != 4) {
 		printf ("Usage: %s <printer> <value> <data>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
         }
 
 	slprintf (servername, sizeof(servername)-1, "\\\\%s", cli->desthost);
@@ -1869,7 +1866,7 @@ done:
 	if (opened_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 static void display_job_info_1(JOB_INFO_1 *job)
@@ -1910,7 +1907,7 @@ static void display_job_info_2(JOB_INFO_2 *job)
 
 /* Enumerate jobs */
 
-static NTSTATUS cmd_spoolss_enum_jobs(struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_jobs(struct cli_state *cli, 
 				      TALLOC_CTX *mem_ctx, int argc, 
 				      const char **argv)
 {
@@ -1924,7 +1921,7 @@ static NTSTATUS cmd_spoolss_enum_jobs(struct cli_state *cli,
 	
 	if (argc < 2 || argc > 3) {
 		printf("Usage: %s printername [level]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	
 	if (argc == 3)
@@ -1980,12 +1977,12 @@ done:
 	if (got_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &hnd);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /* enumerate data */
 
-static NTSTATUS cmd_spoolss_enum_data( struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_data( struct cli_state *cli, 
 				       TALLOC_CTX *mem_ctx, int argc, 
 				       const char **argv)
 {
@@ -1998,7 +1995,7 @@ static NTSTATUS cmd_spoolss_enum_data( struct cli_state *cli,
 
 	if (argc != 2) {
 		printf("Usage: %s printername\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	
 	/* Open printer handle */
@@ -2039,12 +2036,12 @@ done:
 	if (got_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &hnd);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /* enumerate data for a given key */
 
-static NTSTATUS cmd_spoolss_enum_data_ex( struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_data_ex( struct cli_state *cli, 
 					  TALLOC_CTX *mem_ctx, int argc, 
 					  const char **argv)
 {
@@ -2059,7 +2056,7 @@ static NTSTATUS cmd_spoolss_enum_data_ex( struct cli_state *cli,
 
 	if (argc != 3) {
 		printf("Usage: %s printername <keyname>\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	
 	keyname = argv[2];
@@ -2104,12 +2101,12 @@ done:
 	if (got_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &hnd);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /* enumerate subkeys */
 
-static NTSTATUS cmd_spoolss_enum_printerkey( struct cli_state *cli, 
+static WERROR cmd_spoolss_enum_printerkey( struct cli_state *cli, 
 					     TALLOC_CTX *mem_ctx, int argc, 
 					     const char **argv)
 {
@@ -2124,7 +2121,7 @@ static NTSTATUS cmd_spoolss_enum_printerkey( struct cli_state *cli,
 
 	if (argc < 2 || argc > 3) {
 		printf("Usage: %s printername [keyname]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 	
 	if (argc == 3)
@@ -2178,10 +2175,10 @@ done:
 	if (got_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &hnd);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
-static NTSTATUS cmd_spoolss_rffpcnex(struct cli_state *cli, 
+static WERROR cmd_spoolss_rffpcnex(struct cli_state *cli, 
 				     TALLOC_CTX *mem_ctx, int argc, 
 				     const char **argv)
 {
@@ -2257,7 +2254,7 @@ done:
 	if (got_hnd)
 		cli_spoolss_close_printer(cli, mem_ctx, &hnd);
 
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /* List of commands exported by this module */
@@ -2265,33 +2262,33 @@ struct cmd_set spoolss_commands[] = {
 
 	{ "SPOOLSS"  },
 
-	{ "adddriver",		cmd_spoolss_addprinterdriver,	PI_SPOOLSS, "Add a print driver",                  "" },
-	{ "addprinter",		cmd_spoolss_addprinterex,	PI_SPOOLSS, "Add a printer",                       "" },
-	{ "deldriver",		cmd_spoolss_deletedriver,	PI_SPOOLSS, "Delete a printer driver",             "" },
-	{ "enumdata",		cmd_spoolss_enum_data,		PI_SPOOLSS, "Enumerate printer data",              "" },
-	{ "enumdataex",		cmd_spoolss_enum_data_ex,	PI_SPOOLSS, "Enumerate printer data for a key",    "" },
-	{ "enumkey",		cmd_spoolss_enum_printerkey,	PI_SPOOLSS, "Enumerate printer keys",              "" },
-	{ "enumjobs",		cmd_spoolss_enum_jobs,          PI_SPOOLSS, "Enumerate print jobs",                "" },
-	{ "enumports", 		cmd_spoolss_enum_ports, 	PI_SPOOLSS, "Enumerate printer ports",             "" },
-	{ "enumdrivers", 	cmd_spoolss_enum_drivers, 	PI_SPOOLSS, "Enumerate installed printer drivers", "" },
-	{ "enumprinters", 	cmd_spoolss_enum_printers, 	PI_SPOOLSS, "Enumerate printers",                  "" },
-	{ "getdata",		cmd_spoolss_getprinterdata,	PI_SPOOLSS, "Get print driver data",               "" },
-	{ "getdataex",		cmd_spoolss_getprinterdataex,	PI_SPOOLSS, "Get printer driver data with keyname", ""},
-	{ "getdriver",		cmd_spoolss_getdriver,		PI_SPOOLSS, "Get print driver information",        "" },
-	{ "getdriverdir",	cmd_spoolss_getdriverdir,	PI_SPOOLSS, "Get print driver upload directory",   "" },
-	{ "getprinter", 	cmd_spoolss_getprinter, 	PI_SPOOLSS, "Get printer info",                    "" },
-	{ "getprintprocdir",	cmd_spoolss_getprintprocdir,    PI_SPOOLSS, "Get print processor directory",       "" },
-	{ "openprinter",	cmd_spoolss_open_printer_ex,	PI_SPOOLSS, "Open printer handle",                 "" },
-	{ "setdriver",		cmd_spoolss_setdriver,		PI_SPOOLSS, "Set printer driver",                  "" },
-	{ "getprintprocdir",	cmd_spoolss_getprintprocdir,    PI_SPOOLSS, "Get print processor directory",       "" },
-	{ "addform",            cmd_spoolss_addform,            PI_SPOOLSS, "Add form",                            "" },
-	{ "setform",            cmd_spoolss_setform,            PI_SPOOLSS, "Set form",                            "" },
-	{ "getform",            cmd_spoolss_getform,            PI_SPOOLSS, "Get form",                            "" },
-	{ "deleteform",         cmd_spoolss_deleteform,         PI_SPOOLSS, "Delete form",                         "" },
-	{ "enumforms",          cmd_spoolss_enum_forms,         PI_SPOOLSS, "Enumerate forms",                     "" },
-	{ "setprinter",	        cmd_spoolss_setprinter,         PI_SPOOLSS, "Set printer comment",                 "" },
-	{ "setprinterdata",	cmd_spoolss_setprinterdata,     PI_SPOOLSS, "Set REG_SZ printer data",             "" },
-	{ "rffpcnex",           cmd_spoolss_rffpcnex,           PI_SPOOLSS, "Rffpcnex test", "" },
+	{ "adddriver",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_addprinterdriver,	PI_SPOOLSS, "Add a print driver",                  "" },
+	{ "addprinter",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_addprinterex,	PI_SPOOLSS, "Add a printer",                       "" },
+	{ "deldriver",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_deletedriver,	PI_SPOOLSS, "Delete a printer driver",             "" },
+	{ "enumdata",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_data,		PI_SPOOLSS, "Enumerate printer data",              "" },
+	{ "enumdataex",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_data_ex,	PI_SPOOLSS, "Enumerate printer data for a key",    "" },
+	{ "enumkey",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_printerkey,	PI_SPOOLSS, "Enumerate printer keys",              "" },
+	{ "enumjobs",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_jobs,          PI_SPOOLSS, "Enumerate print jobs",                "" },
+	{ "enumports", 	RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_ports, 	PI_SPOOLSS, "Enumerate printer ports",             "" },
+	{ "enumdrivers", 	RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_drivers, 	PI_SPOOLSS, "Enumerate installed printer drivers", "" },
+	{ "enumprinters", 	RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_printers, 	PI_SPOOLSS, "Enumerate printers",                  "" },
+	{ "getdata",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_getprinterdata,	PI_SPOOLSS, "Get print driver data",               "" },
+	{ "getdataex",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_getprinterdataex,	PI_SPOOLSS, "Get printer driver data with keyname", ""},
+	{ "getdriver",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_getdriver,		PI_SPOOLSS, "Get print driver information",        "" },
+	{ "getdriverdir",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_getdriverdir,	PI_SPOOLSS, "Get print driver upload directory",   "" },
+	{ "getprinter", 	RPC_RTYPE_WERROR, NULL, cmd_spoolss_getprinter, 	PI_SPOOLSS, "Get printer info",                    "" },
+	{ "getprintprocdir",RPC_RTYPE_WERROR, NULL, cmd_spoolss_getprintprocdir,    PI_SPOOLSS, "Get print processor directory",       "" },
+	{ "openprinter",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_open_printer_ex,	PI_SPOOLSS, "Open printer handle",                 "" },
+	{ "setdriver", 	RPC_RTYPE_WERROR, NULL, cmd_spoolss_setdriver,		PI_SPOOLSS, "Set printer driver",                  "" },
+	{ "getprintprocdir",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_getprintprocdir,    PI_SPOOLSS, "Get print processor directory",       "" },
+	{ "addform",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_addform,            PI_SPOOLSS, "Add form",                            "" },
+	{ "setform",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_setform,            PI_SPOOLSS, "Set form",                            "" },
+	{ "getform",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_getform,            PI_SPOOLSS, "Get form",                            "" },
+	{ "deleteform",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_deleteform,         PI_SPOOLSS, "Delete form",                         "" },
+	{ "enumforms",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_enum_forms,         PI_SPOOLSS, "Enumerate forms",                     "" },
+	{ "setprinter",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_setprinter,         PI_SPOOLSS, "Set printer comment",                 "" },
+	{ "setprinterdata",	RPC_RTYPE_WERROR, NULL, cmd_spoolss_setprinterdata,     PI_SPOOLSS, "Set REG_SZ printer data",             "" },
+	{ "rffpcnex",		RPC_RTYPE_WERROR, NULL, cmd_spoolss_rffpcnex,           PI_SPOOLSS, "Rffpcnex test", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
index 8597c7bc2e..3e569f51ce 100644
--- a/source3/rpcclient/cmd_srvsvc.c
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -179,7 +179,7 @@ static void display_srv_info_102(SRV_INFO_102 *sv102)
 }
 
 /* Server query info */
-static NTSTATUS cmd_srvsvc_srv_query_info(struct cli_state *cli, 
+static WERROR cmd_srvsvc_srv_query_info(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
                                           int argc, const char **argv)
 {
@@ -189,7 +189,7 @@ static NTSTATUS cmd_srvsvc_srv_query_info(struct cli_state *cli,
 
 	if (argc > 2) {
 		printf("Usage: %s [infolevel]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	if (argc == 2)
@@ -217,7 +217,7 @@ static NTSTATUS cmd_srvsvc_srv_query_info(struct cli_state *cli,
 	}
 
  done:
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 static void display_share_info_1(SRV_SHARE_INFO_1 *info1)
@@ -246,7 +246,7 @@ static void display_share_info_2(SRV_SHARE_INFO_2 *info2)
 	printf("\tpassword:\t%s\n", passwd);
 }
 
-static NTSTATUS cmd_srvsvc_net_share_enum(struct cli_state *cli, 
+static WERROR cmd_srvsvc_net_share_enum(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
                                           int argc, const char **argv)
 {
@@ -258,7 +258,7 @@ static NTSTATUS cmd_srvsvc_net_share_enum(struct cli_state *cli,
 
 	if (argc > 2) {
 		printf("Usage: %s [infolevel]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	if (argc == 2)
@@ -289,10 +289,10 @@ static NTSTATUS cmd_srvsvc_net_share_enum(struct cli_state *cli,
 	}
 
  done:
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
-static NTSTATUS cmd_srvsvc_net_remote_tod(struct cli_state *cli, 
+static WERROR cmd_srvsvc_net_remote_tod(struct cli_state *cli, 
                                           TALLOC_CTX *mem_ctx,
                                           int argc, const char **argv)
 {
@@ -301,7 +301,7 @@ static NTSTATUS cmd_srvsvc_net_remote_tod(struct cli_state *cli,
 
 	if (argc > 1) {
 		printf("Usage: %s\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	result = cli_srvsvc_net_remote_tod(
@@ -311,10 +311,10 @@ static NTSTATUS cmd_srvsvc_net_remote_tod(struct cli_state *cli,
 		goto done;
 
  done:
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
-static NTSTATUS cmd_srvsvc_net_file_enum(struct cli_state *cli, 
+static WERROR cmd_srvsvc_net_file_enum(struct cli_state *cli, 
 					 TALLOC_CTX *mem_ctx,
 					 int argc, const char **argv)
 {
@@ -326,7 +326,7 @@ static NTSTATUS cmd_srvsvc_net_file_enum(struct cli_state *cli,
 
 	if (argc > 2) {
 		printf("Usage: %s [infolevel]\n", argv[0]);
-		return NT_STATUS_OK;
+		return WERR_OK;
 	}
 
 	if (argc == 2)
@@ -343,7 +343,7 @@ static NTSTATUS cmd_srvsvc_net_file_enum(struct cli_state *cli,
 		goto done;
 
  done:
-	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return result;
 }
 
 /* List of commands exported by this module */
@@ -352,10 +352,10 @@ struct cmd_set srvsvc_commands[] = {
 
 	{ "SRVSVC" },
 
-	{ "srvinfo",    cmd_srvsvc_srv_query_info,  PI_SRVSVC, "Server query info", "" },
-	{ "netshareenum", cmd_srvsvc_net_share_enum, PI_SRVSVC, "Enumerate shares", "" },
-	{ "netfileenum", cmd_srvsvc_net_file_enum, PI_SRVSVC, "Enumerate open files", "" },
-	{ "netremotetod", cmd_srvsvc_net_remote_tod, PI_SRVSVC, "Fetch remote time of day", "" },
+	{ "srvinfo",     RPC_RTYPE_WERROR, NULL, cmd_srvsvc_srv_query_info, PI_SRVSVC, "Server query info", "" },
+	{ "netshareenum",RPC_RTYPE_WERROR, NULL, cmd_srvsvc_net_share_enum, PI_SRVSVC, "Enumerate shares", "" },
+	{ "netfileenum", RPC_RTYPE_WERROR, NULL, cmd_srvsvc_net_file_enum,  PI_SRVSVC, "Enumerate open files", "" },
+	{ "netremotetod",RPC_RTYPE_WERROR, NULL, cmd_srvsvc_net_remote_tod, PI_SRVSVC, "Fetch remote time of day", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index c3b2cd4ea1..2338d72f19 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -73,7 +73,10 @@ static char **completion_fn(char *text, int start, int end)
 		for (i=0; commands->cmd_set[i].name; i++)
 		{
 			if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
-				commands->cmd_set[i].fn) 
+				(( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
+                        commands->cmd_set[i].ntfn ) || 
+                      ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
+                        commands->cmd_set[i].wfn)))
 			{
 				matches[count] = strdup(commands->cmd_set[i].name);
 				if (!matches[count]) 
@@ -393,18 +396,18 @@ static struct cmd_set rpcclient_commands[] = {
 
 	{ "GENERAL OPTIONS" },
 
-	{ "help", 	cmd_help, 	  -1,	"Get help on commands", "[command]" },
-	{ "?", 		cmd_help, 	  -1,	"Get help on commands", "[command]" },
-	{ "debuglevel", cmd_debuglevel,   -1,	"Set debug level", "level" },
-	{ "list",	cmd_listcommands, -1,	"List available commands on <pipe>", "pipe" },
-	{ "exit", 	cmd_quit, 	  -1,	"Exit program", "" },
-	{ "quit", 	cmd_quit, 	  -1,	"Exit program", "" },
+	{ "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, 	  -1,	"Get help on commands", "[command]" },
+	{ "?", 	RPC_RTYPE_NTSTATUS, cmd_help, NULL,	  -1,	"Get help on commands", "[command]" },
+	{ "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL,   -1,	"Set debug level", "level" },
+	{ "list",	RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1,	"List available commands on <pipe>", "pipe" },
+	{ "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL,   -1,	"Exit program", "" },
+	{ "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL,	  -1,	"Exit program", "" },
 
 	{ NULL }
 };
 
 static struct cmd_set separator_command[] = {
-	{ "---------------", NULL,	-1,	"----------------------" },
+	{ "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL,	-1,	"----------------------" },
 	{ NULL }
 };
 
@@ -458,7 +461,8 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 		       struct cmd_set *cmd_entry,
 		       int argc, char **argv)
 {
-	NTSTATUS result;
+     NTSTATUS ntresult;
+     WERROR wresult;
 	
 	TALLOC_CTX *mem_ctx;
 
@@ -477,9 +481,22 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 
-	/* Run command */
-
-	result = cmd_entry->fn(cli, mem_ctx, argc, (const char **) argv);
+     /* Run command */
+
+     if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
+          ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv);
+          if (!NT_STATUS_IS_OK(ntresult)) {
+              printf("result was %s\n", nt_errstr(ntresult));
+          }
+     } else {
+          wresult = cmd_entry->wfn( cli, mem_ctx, argc, (const char **) argv);
+          /* print out the DOS error */
+          if (!W_ERROR_IS_OK(wresult)) {
+                  printf( "result was %s\n", dos_errstr(wresult));
+          }
+          ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
+     }
+            
 
 	/* Cleanup */
 
@@ -488,7 +505,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 
 	talloc_destroy(mem_ctx);
 
-	return result;
+	return ntresult;
 }
 
 
@@ -517,7 +534,8 @@ static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
 
 		while (temp_set->name) {
 			if (strequal(argv[0], temp_set->name)) {
-				if (!temp_set->fn) {
+				if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
+                         !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
 					fprintf (stderr, "Invalid command\n");
 					goto out_free;
 				}
@@ -535,9 +553,11 @@ static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
 	}
 
 out_free:
+/* moved to do_cmd()
 	if (!NT_STATUS_IS_OK(result)) {
 		printf("result was %s\n", nt_errstr(result));
 	}
+*/
 
 	if (argv) {
 		/* NOTE: popt allocates the whole argv, including the
diff --git a/source3/rpcclient/rpcclient.h b/source3/rpcclient/rpcclient.h
index 1bd3c1a641..1db4246d37 100644
--- a/source3/rpcclient/rpcclient.h
+++ b/source3/rpcclient/rpcclient.h
@@ -22,10 +22,18 @@
 #ifndef RPCCLIENT_H
 #define RPCCLIENT_H
 
+typedef enum {
+        RPC_RTYPE_NTSTATUS = 0,
+        RPC_RTYPE_WERROR,
+        MAX_RPC_RETURN_TYPE,
+} RPC_RETURN_TYPE;
+
 struct cmd_set {
 	const char *name;
-	NTSTATUS (*fn)(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, 
+        RPC_RETURN_TYPE returntype;
+	NTSTATUS (*ntfn)(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, 
                        const char **argv);
+        WERROR (*wfn)(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv);
         int pipe_idx;
 	const char *description;
 	const char *usage;
-- 
cgit 


From a564fed756a82d944ebde45da1ce4ea932011f10 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 08:03:08 +0000
Subject: More statcache fixes - and add a bit more doco.

Andrew Bartlett
(This used to be commit 0e8dd52f6973ac5219e2c2dd53824de71f512083)
---
 source3/smbd/statcache.c | 34 +++++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index 57ba6ada81..b1cb0f6e0f 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -39,11 +39,19 @@ typedef struct {
 #define INIT_STAT_CACHE_SIZE 512
 static hash_table stat_cache;
 
-/****************************************************************************
- Add an entry into the stat cache.
-*****************************************************************************/
+/**
+ * Add an entry into the stat cache.
+ *
+ * @param full_orig_name       The original name as specified by the client
+ * @param orig_translated_path The name on our filesystem.
+ * 
+ * @note Only the first strlen(orig_translated_path) characters are stored 
+ *       into the cache.  This means that full_orig_name will be internally
+ *       truncated.
+ *
+ */
 
-void stat_cache_add( char *full_orig_name, char *orig_translated_path)
+void stat_cache_add( const char *full_orig_name, const char *orig_translated_path)
 {
   stat_cache_entry *scp;
   stat_cache_entry *found_scp;
@@ -105,11 +113,19 @@ void stat_cache_add( char *full_orig_name, char *orig_translated_path)
   if(!case_sensitive)
 	  strupper(original_path);
 
-  if(!(original_path_length == translated_path_length)) {
-	  DEBUG(0, ("OOPS - tried to store stat cache entry for non-equal length paths [%s] %u and [%s] %u)!\n", original_path, original_path_length, translated_path, translated_path_length));
-	  SAFE_FREE(original_path);
-	  SAFE_FREE(translated_path);
-	  return;
+  if (original_path_length != translated_path_length) {
+	  if (original_path_length < translated_path_length) {
+		  DEBUG(0, ("OOPS - tried to store stat cache entry for werid length paths [%s] %u and [%s] %u)!\n", original_path, original_path_length, translated_path, translated_path_length));
+		  SAFE_FREE(original_path);
+		  SAFE_FREE(translated_path);
+		  return;
+	  }
+
+	  /* we only want to store the first part of translated_path,
+	     up to the length of original_path */
+
+	  translated_path[original_path_length] = '\0';
+	  translated_path_length = original_path_length;
   }
 
 #if 0
-- 
cgit 


From 1331a361bd6c5cde775da4db8aade78983ca71b1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 09:08:34 +0000
Subject: Add const. (This used to be commit
 02f81719c7c179b61663bdf789c01ab62286fea2)

---
 source3/smbd/dir.c      | 2 +-
 source3/smbd/filename.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index ec570d3a18..6cf56fd373 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1008,7 +1008,7 @@ static ubi_dlNewList( dir_cache );
  Output: None.
 *****************************************************************************/
 
-void DirCacheAdd( const char *path, char *name, char *dname, int snum )
+void DirCacheAdd( const char *path, const char *name, const char *dname, int snum )
 {
 	int pathlen;
 	int namelen;
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 7d3527402e..ad707a2b9d 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -39,7 +39,7 @@ static BOOL scan_directory(const char *path, char *name,size_t maxlength,
  This needs to be careful about whether we are case sensitive.
 ****************************************************************************/
 
-static BOOL fname_equal(char *name1, char *name2)
+static BOOL fname_equal(const char *name1, const char *name2)
 {
 	/* Normal filename handling */
 	if (case_sensitive)
@@ -52,7 +52,7 @@ static BOOL fname_equal(char *name1, char *name2)
  Mangle the 2nd name and check if it is then equal to the first name.
 ****************************************************************************/
 
-static BOOL mangled_equal(char *name1, const char *name2, int snum)
+static BOOL mangled_equal(const char *name1, const char *name2, int snum)
 {
 	pstring tmpname;
 	
@@ -439,7 +439,7 @@ static BOOL scan_directory(const char *path, char *name, size_t maxlength,
 			   connection_struct *conn,BOOL docache)
 {
 	void *cur_dir;
-	char *dname;
+	const char *dname;
 	BOOL mangled;
 
 	mangled = mangle_is_mangled(name);
-- 
cgit 


From 0273df0bf75f135a781ca6b58cc4c7e3247e5aef Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 09:18:06 +0000
Subject: Fix const warnings.

Andrew Bartlett
(This used to be commit fc1408d5d1a8b64dfd20268ab6f4a5f2a007614b)
---
 source3/smbd/reply.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 5ca0ae52de..138870453d 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1305,7 +1305,7 @@ NTSTATUS unlink_internals(connection_struct *conn, int dirtype, char *name)
 		}
 	} else {
 		void *dirptr = NULL;
-		char *dname;
+		const char *dname;
 		
 		if (check_name(directory,conn))
 			dirptr = OpenDir(conn, directory, True);
@@ -2861,7 +2861,7 @@ int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
 
 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
 {
-	char *dname = NULL;
+	const char *dname = NULL;
 	BOOL ret = False;
 	void *dirptr = OpenDir(conn, directory, False);
 
@@ -2926,7 +2926,7 @@ BOOL rmdir_internals(connection_struct *conn, char *directory)
 		 * do a recursive delete) then fail the rmdir.
 		 */
 		BOOL all_veto_files = True;
-		char *dname;
+		const char *dname;
 		void *dirptr = OpenDir(conn, directory, False);
 
 		if(dirptr != NULL) {
@@ -3285,7 +3285,7 @@ directory = %s, newname = %s, newname_last_component = %s, is_8_3 = %d\n",
 		 * Wildcards - process each file that matches.
 		 */
 		void *dirptr = NULL;
-		char *dname;
+		const char *dname;
 		pstring destname;
 		
 		if (check_name(directory,conn))
@@ -3574,7 +3574,7 @@ int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
 		}
 	} else {
 		void *dirptr = NULL;
-		char *dname;
+		const char *dname;
 		pstring destname;
 
 		if (check_name(directory,conn))
-- 
cgit 


From 63c1aa25cfbc96abf67bb4f5c99291d05bffb9bb Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 17 Mar 2003 10:26:44 +0000
Subject: Call AC_MSG_ERROR if jw, perl or htmldoc is not installed rather than
 generate a bodgy Makefile. (This used to be commit
 2842e0925debe8bfabfdf011913cf5e13e824c10)

---
 docs/docbook/configure.in | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in
index 3a9ed51d16..57482d134e 100644
--- a/docs/docbook/configure.in
+++ b/docs/docbook/configure.in
@@ -1,8 +1,18 @@
 AC_INIT(global.ent)
 
+# Jade wrapper
 AC_PATH_PROG(JW, jw)
+if test "x$JW" = x; then
+   AC_MSG_ERROR("jw is required")
+fi
 AC_PATH_PROG(PERL, perl)
+if test "x$PERL" = x; then
+   AC_MSG_ERROR("perl is required")
+fi
 AC_PATH_PROG(HTMLDOC, htmldoc)
+if test "x$HTMLDOC" = x; then
+   AC_MSG_ERROR("htmldoc is required")
+fi
 
 DOC_BUILD_DATE=`date '+%d-%m-%Y'`
 AC_SUBST(DOC_BUILD_DATE)
-- 
cgit 


From 99e5d02f747dcc44800b2e47fa45aa1dff9c5bf7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 10:58:05 +0000
Subject: Brain fart - make sure we truncate the right string...

Andrew Bartlett
(This used to be commit 32eb2cdca62a784d96207507e273bbbf77b0c6c3)
---
 source3/smbd/statcache.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index b1cb0f6e0f..1e06b2b103 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -121,11 +121,11 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat
 		  return;
 	  }
 
-	  /* we only want to store the first part of translated_path,
-	     up to the length of original_path */
+	  /* we only want to store the first part of original_path,
+	     up to the length of translated_path */
 
-	  translated_path[original_path_length] = '\0';
-	  translated_path_length = original_path_length;
+	  original_path[translated_path_length] = '\0';
+	  original_path_length = translated_path_length;
   }
 
 #if 0
-- 
cgit 


From a9034ec179239274bdb0f7dffbe87c11c4a0539d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 10:59:11 +0000
Subject: Fix invalid SAFE_FREE() of talloc()ed memory.

Andrew Bartlett
(This used to be commit 21add5f97d0d112094e34a02e6319991a1d2af4d)
---
 source3/passdb/secrets.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 4b0913a624..4c9802dd29 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -535,7 +535,6 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned in
 
 		if (size != packed_size) {
 			DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key));
-			SAFE_FREE(pass);
 			if (size) SAFE_FREE(packed_pass);
 
 			return NT_STATUS_UNSUCCESSFUL;
@@ -554,8 +553,6 @@ NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned in
 			dom = talloc_zero(ctx, sizeof(*dom));
 			if (!dom) {
 				/* free returned tdb record */
-				SAFE_FREE(pass);
-				
 				return NT_STATUS_NO_MEMORY;
 			}
 			
-- 
cgit 


From 9349b44ea741d32a74ba34f68675bd80b61123a6 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 17 Mar 2003 11:02:54 +0000
Subject: Run autoconf.  Shouldn't we have an autogen.sh here? (This used to be
 commit a43fe8e5f0cc95a8fb89db4ab1ee051b8c9d1bab)

---
 docs/docbook/configure | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/docs/docbook/configure b/docs/docbook/configure
index 609c17ed87..8680e5b5ab 100755
--- a/docs/docbook/configure
+++ b/docs/docbook/configure
@@ -557,10 +557,13 @@ else
   echo "$ac_t""no" 1>&6
 fi
 
+if test "x$JW" = x; then
+   { echo "configure: error: "jw is required"" 1>&2; exit 1; }
+fi
 # Extract the first word of "perl", so it can be a program name with args.
 set dummy perl; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:564: checking for $ac_word" >&5
+echo "configure:567: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -592,10 +595,13 @@ else
   echo "$ac_t""no" 1>&6
 fi
 
+if test "x$PERL" = x; then
+   { echo "configure: error: "perl is required"" 1>&2; exit 1; }
+fi
 # Extract the first word of "htmldoc", so it can be a program name with args.
 set dummy htmldoc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:599: checking for $ac_word" >&5
+echo "configure:605: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -627,6 +633,9 @@ else
   echo "$ac_t""no" 1>&6
 fi
 
+if test "x$HTMLDOC" = x; then
+   { echo "configure: error: "htmldoc is required"" 1>&2; exit 1; }
+fi
 
 DOC_BUILD_DATE=`date '+%d-%m-%Y'`
 
-- 
cgit 


From 4adde4c8505851cba42b3d5315a5206eb7825c90 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Mon, 17 Mar 2003 11:03:29 +0000
Subject: Added a slightly modified version of Tridge's note about securing a
 Samba server. (This used to be commit
 03a227b7ee7ed6927541966ec226344cd8c88aff)

---
 docs/docbook/projdoc/samba-doc.sgml      |   2 +
 docs/docbook/projdoc/securing-samba.sgml | 181 +++++++++++++++++++++++++++++++
 2 files changed, 183 insertions(+)
 create mode 100644 docs/docbook/projdoc/securing-samba.sgml

diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml
index 54650f1ed9..246fba1228 100644
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@@ -23,6 +23,7 @@
 <!ENTITY Passdb SYSTEM "passdb.sgml">
 <!ENTITY VFS SYSTEM "VFS.sgml">
 <!ENTITY GroupProfiles SYSTEM "GroupProfiles.sgml">
+<!ENTITY SecuringSamba SYSTEM "securing-samba.sgml">
 ]>
 
 <book id="Samba-HOWTO-Collection">
@@ -115,6 +116,7 @@ part each cover one specific feature.</para>
 &GROUP-MAPPING-HOWTO;
 &SPEED;
 &GroupProfiles;
+&SecuringSamba;
 </part>
 
 <part id="Appendixes">
diff --git a/docs/docbook/projdoc/securing-samba.sgml b/docs/docbook/projdoc/securing-samba.sgml
new file mode 100644
index 0000000000..bfedc5456f
--- /dev/null
+++ b/docs/docbook/projdoc/securing-samba.sgml
@@ -0,0 +1,181 @@
+<chapter id="securing-samba">
+
+<chapterinfo>
+	<author>
+		<firstname>Andrew</firstname><surname>Tridgell</surname>
+		<affiliation><orgname>Samba Team</orgname></affiliation>
+	</author>
+	<pubdate>17 March 2003</pubdate>
+</chapterinfo>
+
+<title>Securing Samba</title>
+
+<sect1>
+<title>Introduction</title>
+<para>
+This note was attached to the Samba 2.2.8 release notes as it contained an
+important security fix.  The information contained here applies to Samba
+installations in general.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Using host based protection</title>
+
+<para>
+In many installations of Samba the greatest threat comes for outside
+your immediate network. By default Samba will accept connections from
+any host, which means that if you run an insecure version of Samba on
+a host that is directly connected to the Internet you can be
+especially vulnerable.
+</para>
+
+<para>
+One of the simplest fixes in this case is to use the 'hosts allow' and
+'hosts deny' options in the Samba smb.conf configuration file to only
+allow access to your server from a specific range of hosts. An example
+might be:
+</para>
+
+<para><programlisting>
+  hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
+  hosts deny = 0.0.0.0/0
+</programlisting></para>
+
+<para>
+The above will only allow SMB connections from 'localhost' (your own
+computer) and from the two private networks 192.168.2 and
+192.168.3. All other connections will be refused connections as soon
+as the client sends its first packet. The refusal will be marked as a
+'not listening on called name' error.
+</para>
+
+</sect1>
+
+<sect1>
+
+<title>Using interface protection</title>
+
+<para>
+By default Samba will accept connections on any network interface that
+it finds on your system. That means if you have a ISDN line or a PPP
+connection to the Internet then Samba will accept connections on those
+links. This may not be what you want.
+</para>
+
+<para>
+You can change this behaviour using options like the following:
+</para>
+
+<para><programlisting>
+  interfaces = eth* lo
+  bind interfaces only = yes
+</programlisting><para>
+
+<para>
+This tells Samba to only listen for connections on interfaces with a
+name starting with 'eth' such as eth0, eth1, plus on the loopback
+interface called 'lo'. The name you will need to use depends on what
+OS you are using, in the above I used the common name for Ethernet
+adapters on Linux.
+</para>
+
+<para>
+If you use the above and someone tries to make a SMB connection to
+your host over a PPP interface called 'ppp0' then they will get a TCP
+connection refused reply. In that case no Samba code is run at all as
+the operating system has been told not to pass connections from that
+interface to any process.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Using a firewall</title>
+
+<para>
+Many people use a firewall to deny access to services that they don't
+want exposed outside their network. This can be a very good idea,
+although I would recommend using it in conjunction with the above
+methods so that you are protected even if your firewall is not active
+for some reason.
+</para>
+
+<para>
+If you are setting up a firewall then you need to know what TCP and
+UDP ports to allow and block. Samba uses the following:
+</para>
+
+<para><programlisting>
+UDP/137    - used by nmbd
+UDP/138    - used by nmbd
+TCP/139    - used by smbd
+TCP/445    - used by smbd
+</programlisting></para>
+
+<para>
+The last one is important as many older firewall setups may not be
+aware of it, given that this port was only added to the protocol in
+recent years. 
+</para>
+
+</sect1>
+
+<sect1>
+<title>Using a IPC$ share deny</title>
+
+<para>
+If the above methods are not suitable, then you could also place a
+more specific deny on the IPC$ share that is used in the recently
+discovered security hole. This allows you to offer access to other
+shares while denying access to IPC$ from potentially untrustworthy
+hosts.
+</para>
+
+<para>
+To do that you could use:
+</para>
+
+<para><programlisting>
+  [ipc$]
+     hosts allow = 192.168.115.0/24 127.0.0.1
+     hosts deny = 0.0.0.0/0
+</programlisting></para>
+
+<para>
+this would tell Samba that IPC$ connections are not allowed from
+anywhere but the two listed places (localhost and a local
+subnet). Connections to other shares would still be allowed. As the
+IPC$ share is the only share that is always accessible anonymously
+this provides some level of protection against attackers that do not
+know a username/password for your host.
+</para>
+
+<para>
+If you use this method then clients will be given a 'access denied'
+reply when they try to access the IPC$ share. That means that those
+clients will not be able to browse shares, and may also be unable to
+access some other resources. 
+</para>
+
+<para>
+This is not recommended unless you cannot use one of the other
+methods listed above for some reason.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Upgrading Samba</title>
+
+<para>
+Please check regularly on http://www.samba.org/ for updates and
+important announcements.  Occasionally security releases are made and 
+it is highly recommended to upgrade Samba when a security vulnerability
+is discovered.
+</para>
+
+</sect1>
+
+</chapter>
-- 
cgit 


From 0a8e719a4bc6ac88bea6b76e7a7d840bb0fed403 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 17 Mar 2003 22:09:06 +0000
Subject: Fix memory leak.

Volker
(This used to be commit e8975d6e7bdcceb78a83a3446cf1430e1e3f1a72)
---
 source3/passdb/pdb_ldap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 548d7bc60d..46e0994379 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1838,12 +1838,14 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
 	
 	rc = ldapsam_search_one_user_by_name(ldap_state, pdb_get_username(newpwd), &result);
 	if (rc != LDAP_SUCCESS) {
+		ldap_mods_free(mods, 1);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
 	if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
 		DEBUG(0, ("No user to modify!\n"));
 		ldap_msgfree(result);
+		ldap_mods_free(mods, 1);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-- 
cgit 


From e0e31ca14a12635886110cd5ae7100365fd2cc88 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Mar 2003 22:22:46 +0000
Subject: Add copyright. (This used to be commit
 a7f9c3657ff052e382e290059f50f1d9812b8221)

---
 source3/smbd/statcache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index 1e06b2b103..0f42a3a83f 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -3,7 +3,7 @@
    stat cache code
    Copyright (C) Andrew Tridgell 1992-2000
    Copyright (C) Jeremy Allison 1999-2000
-   
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-- 
cgit 


From 2e20359a8add2a5b5880116f5354cfe2cad3cde2 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 18 Mar 2003 01:32:51 +0000
Subject: Start of a unit test for info3 caching.  Much unfrastructure required
 before this can be fully implemented.  )-: (This used to be commit
 a040a8471f884cb295100f841594d86ddf754bb6)

---
 source3/stf/info3cache.py | 54 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100755 source3/stf/info3cache.py

diff --git a/source3/stf/info3cache.py b/source3/stf/info3cache.py
new file mode 100755
index 0000000000..96d5a1d459
--- /dev/null
+++ b/source3/stf/info3cache.py
@@ -0,0 +1,54 @@
+#!/usr/bin/python
+#
+# Upon a winbindd authentication, test that an info3 record is cached in
+# netsamlogon_cache.tdb and cache records are removed from winbindd_cache.tdb
+#
+
+import comfychair, stf
+from samba import tdb, winbind
+
+#
+# We want to implement the following test on a win2k native mode domain.
+#
+# 1. trash netsamlogon_cache.tdb
+# 2. wbinfo -r DOMAIN\Administrator                    [FAIL]
+# 3. wbinfo --auth-crap DOMAIN\Administrator%password  [PASS]
+# 4. wbinfo -r DOMAIN\Administrator                    [PASS]
+#
+# Also for step 3 we want to try 'wbinfo --auth-smbd' and
+# 'wbinfo --auth-plaintext'
+#
+
+#
+# TODO: To implement this test we need to be able to
+#
+#  - pass username%password combination for an invidivual winbindd request
+#    (so we can get the administrator SID so we can clear the info3 cache)
+#
+#  - start/restart winbindd (to trash the winbind cache)
+#
+#  - from samba import dynconfig (to find location of info3 cache)
+#
+#  - be able to modify the winbindd cache (to set/reset individual winbind
+#    cache entries)
+#
+#  - have --auth-crap present in HEAD
+#
+
+class WinbindAuthCrap(comfychair.TestCase):
+    def runtest(self):
+        raise comfychair.NotRunError, "not implemented"
+        
+class WinbindAuthSmbd(comfychair.TestCase):
+    def runtest(self):
+        # Grr - winbindd in HEAD doesn't contain the auth_smbd function
+        raise comfychair.NotRunError, "no auth_smbd in HEAD"
+
+class WinbindAuthPlaintext(comfychair.TestCase):
+    def runtest(self):
+        raise comfychair.NotRunError, "not implemented"
+
+tests = [WinbindAuthCrap, WinbindAuthSmbd, WinbindAuthPlaintext]
+
+if __name__ == "__main__":
+    comfychair.main(tests)
-- 
cgit 


From 47b547c69da1e02fcc218ccb44793e2ef38521b8 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 18 Mar 2003 01:34:09 +0000
Subject: Added #ifdef'ed out implementation of auth_smbd python fn.  Uncomment
 when auth_smbd functionality merged to HEAD. (This used to be commit
 2b6d13672dc1e4a46fc2600e729c22d0ee7e534b)

---
 source3/python/py_winbind.c | 72 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/source3/python/py_winbind.c b/source3/python/py_winbind.c
index e9fc4b7dd8..20bbe9dba4 100644
--- a/source3/python/py_winbind.c
+++ b/source3/python/py_winbind.c
@@ -3,7 +3,7 @@
 
    Python wrapper for winbind client functions.
 
-   Copyright (C) Tim Potter      2002
+   Copyright (C) Tim Potter      2002-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -452,6 +452,65 @@ static PyObject *py_auth_crap(PyObject *self, PyObject *args, PyObject *kw)
 	return PyInt_FromLong(response.data.auth.nt_status);
 }
 
+#if 0				/* Include when auth_smbd merged to HEAD */
+
+/* Challenge/response authentication, with secret */
+
+static PyObject *py_auth_smbd(PyObject *self, PyObject *args, PyObject *kw)
+{
+	static char *kwlist[] = 
+		{"username", "password", "use_lm_hash", "use_nt_hash", NULL };
+	struct winbindd_request request;
+	struct winbindd_response response;
+	char *username, *password;
+	int use_lm_hash = 1, use_nt_hash = 1;
+
+	if (!PyArg_ParseTupleAndKeywords(
+		    args, kw, "ss|ii", kwlist, &username, &password, 
+		    &use_lm_hash, &use_nt_hash))
+		return NULL;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	fstrcpy(request.data.smbd_auth_crap.user, username);
+
+	generate_random_buffer(request.data.smbd_auth_crap.chal, 8, False);
+        
+	if (use_lm_hash) {
+		SMBencrypt((uchar *)password, 
+			   request.data.smbd_auth_crap.chal, 
+			   (uchar *)request.data.smbd_auth_crap.lm_resp);
+		request.data.smbd_auth_crap.lm_resp_len = 24;
+	}
+
+	if (use_nt_hash) {
+		SMBNTencrypt((uchar *)password, 
+			     request.data.smbd_auth_crap.chal,
+			     (uchar *)request.data.smbd_auth_crap.nt_resp);
+		request.data.smbd_auth_crap.nt_resp_len = 24;
+	}
+
+	if (!secrets_fetch_trust_account_password(
+		    lp_workgroup(), request.data.smbd_auth_crap.proof, NULL)) {
+		PyErr_SetString(
+			winbind_error, "unable to fetch domain secret");
+		return NULL;
+	}
+
+
+
+	if (winbindd_request(WINBINDD_SMBD_AUTH_CRAP, &request, &response) 
+	    != NSS_STATUS_SUCCESS) {
+		PyErr_SetString(winbind_error, "lookup failed");
+		return NULL;		
+	}
+	
+	return PyInt_FromLong(response.data.auth.nt_status);
+}
+
+#endif /* 0 */
+
 /* Get user info from name */
 
 static PyObject *py_getpwnam(PyObject *self, PyObject *args)
@@ -648,6 +707,17 @@ Authenticate a username and password using the challenge/response
 protocol.  The NT status code is returned with zero indicating
 success." },
 
+#if 0				/* Include when smbd_auth merged to HEAD */
+
+	{ "auth_smbd", (PyCFunction)py_auth_crap, METH_VARARGS,
+	  "auth_smbd(s, s) -> int
+
+Authenticate a username and password using the challenge/response
+protocol but using the domain secret to prove we are root.  The NT 
+status code is returned with zero indicating success." },
+
+#endif
+
 	{ NULL }
 };
 
-- 
cgit 


From 1b0033dac6e1044ee276d82d5e08bab78c99ef8b Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 03:07:39 +0000
Subject: Decode waitstatus values when a command fails. (This used to be
 commit e1baab1ee04b27447445351d0d88b0c02a5fa85d)

---
 source3/stf/comfychair.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source3/stf/comfychair.py b/source3/stf/comfychair.py
index d7e23efc10..8ff7726955 100644
--- a/source3/stf/comfychair.py
+++ b/source3/stf/comfychair.py
@@ -1,6 +1,7 @@
 #! /usr/bin/env python
 
 # Copyright (C) 2002, 2003 by Martin Pool <mbp@samba.org>
+# Copyright (C) 2003 by Tim Potter <tpot@samba.org>
 # 
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License as
@@ -20,6 +21,7 @@
 """comfychair: a Python-based instrument of software torture.
 
 Copyright (C) 2002, 2003 by Martin Pool <mbp@samba.org>
+Copyright (C) 2003 by Tim Potter <tpot@samba.org>
 
 This is a test framework designed for testing programs written in
 Python, or (through a fork/exec interface) any other language.
@@ -163,9 +165,10 @@ why."""
                ("%s terminated with signal %d", cmd, os.WTERMSIG(waitstatus))
         rc = os.WEXITSTATUS(waitstatus)
         self.test_log = self.test_log + ("""Run command: %s
-Wait status: %#x
+Wait status: %#x (exit code %d, signal %d)
 Output:
-%s""" % (cmd, waitstatus, output))
+%s""" % (cmd, waitstatus, os.WEXITSTATUS(waitstatus), os.WTERMSIG(waitstatus),
+         output))
         if skip_on_noexec and rc == 127:
             # Either we could not execute the command or the command
             # returned exit code 127.  According to system(3) we can't
-- 
cgit 


From eb8374894061e9dc3bc83e397a92248d23b99f22 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:00:02 +0000
Subject: global_globber_region_function/line ought to be recorded before
 clobbering the region, just in case clobbering causes us to crash
 immediately.  (That might happen if we just shot ourselves in the stack and
 strcpy was not inlined.)

Also, in DEVELOPER mode and when Valgrind is available, mark the
clobbered region as uninitialized.  This is an even stronger
protection than clobbering with 0xf1.
(This used to be commit 5653a42ae695f4b8f4c14d3184ca76523d38b51b)
---
 source3/lib/util_str.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 7643c2807e..b734452867 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -424,15 +424,27 @@ size_t count_chars(const char *s,char c)
  *
  * This is meant to catch possible string overflows, even if the
  * actual string copied is not big enough to cause an overflow.
+ *
+ * In addition, under Valgrind the buffer is marked as uninitialized.
  **/
 void clobber_region(const char *fn, unsigned int line, char *dest, size_t len)
 {
 #ifdef DEVELOPER
-	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
-	memset(dest, 0xF1, len);
 	global_clobber_region_function = fn;
 	global_clobber_region_line = line;
-#endif
+
+	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
+	memset(dest, 0xF1, len);
+#ifdef VALGRIND
+	/* Even though we just wrote to this, from the application's
+	 * point of view it is not initialized.
+	 *
+	 * (This is not redundant with the clobbering above.  The
+	 * marking might not actually take effect if we're not running
+	 * under valgrind or not with --client-perms.) */
+	VALGRIND_MAKE_WRITABLE(dest, len);
+#endif /* VALGRIND */
+#endif /* DEVELOPER */
 }
 
 
-- 
cgit 


From b9a8ad5f3bcf8f0d75c39b8f993010f3d1fded7e Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:04:44 +0000
Subject: Speling fixes and a little extra documentation. (This used to be
 commit 8da383bb3e63d25ceb0204c775580f2f1b3336ec)

---
 source3/include/safe_string.h | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index 65ec05a5c6..d01a6c6321 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -129,12 +129,12 @@ size_t __unsafe_string_function_usage_here_char__(void);
     safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
 
 
-/* inside the _fn varients of these is a call to 'clobber_region' - which might
-   destory the stack on a buggy function.  Help the debugging process by putting
-   the function and line it was last called from into a static buffer
-
-   But only for developers */
-
+/* Inside the _fn variants of these is a call to clobber_region(), -
+ * which might destroy the stack on a buggy function.  We help the
+ * debugging process by putting the function and line who last caused
+ * a clobbering into a static buffer.  If the program crashes at
+ * address 0xf1f1f1f1 then this function is probably, but not
+ * necessarily, to blame. */
 #ifdef DEVELOPER
 #define overmalloc_safe_strcpy(dest,src,maxlength)	safe_strcpy_fn(__FUNCTION__,__LINE__,dest,src,maxlength)
 #define safe_strcpy(dest,src,maxlength)	safe_strcpy_fn2(__FUNCTION__,__LINE__,dest,src,maxlength)
-- 
cgit 


From 556fea4e1e68d9d0c711a87905d9be310add7f83 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:30:15 +0000
Subject: Update comment: Valgrind 1.9.4 seems to always respect client
 requests, without needing --client-perms=yes. (This used to be commit
 412a8780c35ee9449c9682e3ef73afb2c4933285)

---
 source3/lib/util_str.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index b734452867..3836d42872 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -441,7 +441,7 @@ void clobber_region(const char *fn, unsigned int line, char *dest, size_t len)
 	 *
 	 * (This is not redundant with the clobbering above.  The
 	 * marking might not actually take effect if we're not running
-	 * under valgrind or not with --client-perms.) */
+	 * under valgrind.) */
 	VALGRIND_MAKE_WRITABLE(dest, len);
 #endif /* VALGRIND */
 #endif /* DEVELOPER */
-- 
cgit 


From 2f07f71d787dc2dfcefac6a1f723c2cde76d4884 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:31:52 +0000
Subject: The new string macros catch a bug at compile that previously only
 trapped at runtime, which is great.  So we have to try a little harder to
 provoke an overflow -- which is still caught nicely in developer mode. (This
 used to be commit cea126f62ad411f5efbebc7c5d39297fd8ef9efb)

---
 source3/torture/t_stringoverflow.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source3/torture/t_stringoverflow.c b/source3/torture/t_stringoverflow.c
index b0503adb8f..ec14d81189 100644
--- a/source3/torture/t_stringoverflow.c
+++ b/source3/torture/t_stringoverflow.c
@@ -3,6 +3,7 @@
  int main(void)
 {
 	fstring dest;
+	char *ptr = dest;
 
 	printf("running on valgrind? %d\n", RUNNING_ON_VALGRIND);
 
@@ -10,7 +11,13 @@
 	 * will actually fit, but this is still wrong because you
 	 * can't pstrcpy into an fstring.  This should trap in a
 	 * developer build. */
+
+#if 0
+	/* As of CVS 20030318, this will be trapped at compile time! */
 	pstrcpy(dest, "hello");
+#endif /* 0 */
+
+	pstrcpy(ptr, "hello!");
 
 	return 0;
 }
-- 
cgit 


From 29fa4c1631d70daf564a52cf23740c6e1b5316f6 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:37:23 +0000
Subject: Remove static libbigballofmud, which just does not seem to link.

Add bin/t_stringoverflow test case.  Not built by default.
(This used to be commit 7741bb8d18e7ba16522c00513174f2909d75535d)
---
 source3/Makefile.in | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 40abe5d71b..a2290e8f57 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -894,9 +894,10 @@ bin/libbigballofmud.@SHLIBEXT@: $(LIBBIGBALLOFMUD_PICOBJS)
 	$(SHLD) $(LDSHFLAGS) -o $@ $(LIBBIGBALLOFMUD_PICOBJS) $(LIBS) \
 		@SONAMEFLAG@`basename $@`.$(LIBBIGBALLOFMUD_MAJOR)
 
-bin/libbigballofmud.a: $(LIBBIGBALLOFMUD_OBJS)
-	@echo Linking bigballofmud non-shared library $@
-	-$(AR) -rc $@ $(LIBBIGBALLOFMUD_OBJS)
+# It would be nice to build a static bigballofmud too, but when I try
+# I get linker errors about dl_open and similar things.  I'm not sure
+# if it can be fixed or if they just can't be called from a static
+# library.
 
 libsmbclient: $(LIBSMBCLIENT)
 
@@ -1027,6 +1028,9 @@ bin/tdbbackup@EXEEXT@: $(TDBBACKUP_OBJ) bin/.dummy
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(TDBBACKUP_OBJ)
 
+bin/t_stringoverflow: bin/libbigballofmud.@SHLIBEXT@ torture/t_stringoverflow.o
+	$(CC) $(FLAGS) -o $@ torture/t_stringoverflow.o -L./bin -lbigballofmud
+
 install: installbin installman installscripts installdat installswat 
 
 # DESTDIR is used here to prevent packagers wasting their time
-- 
cgit 


From c52a31b21a656928caedc48211905b713779801a Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:42:53 +0000
Subject: Comment about deprecated macro overmalloc_safe_strcpy(). (This used
 to be commit 5ac062580690eee9b4bd423dbb82631c0cdb8b30)

---
 source3/include/safe_string.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index d01a6c6321..61ef4bdf96 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -135,6 +135,12 @@ size_t __unsafe_string_function_usage_here_char__(void);
  * a clobbering into a static buffer.  If the program crashes at
  * address 0xf1f1f1f1 then this function is probably, but not
  * necessarily, to blame. */
+
+/* overmalloc_safe_strcpy: DEPRECATED!  Used when you know the
+ * destination buffer is longer than maxlength, but you don't know how
+ * long.  This is not a good situation, because we can't do the normal
+ * sanity checks. Don't use in new code! */
+
 #ifdef DEVELOPER
 #define overmalloc_safe_strcpy(dest,src,maxlength)	safe_strcpy_fn(__FUNCTION__,__LINE__,dest,src,maxlength)
 #define safe_strcpy(dest,src,maxlength)	safe_strcpy_fn2(__FUNCTION__,__LINE__,dest,src,maxlength)
-- 
cgit 


From 8cfec8554e54429654a8fef7335cb857ac481221 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:51:41 +0000
Subject: Ignore .po and .po32 files. (This used to be commit
 8d64419625dda242fdb7a5d956644b052b43a2ea)

---
 source3/rpc_client/.cvsignore | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 source3/rpc_client/.cvsignore

diff --git a/source3/rpc_client/.cvsignore b/source3/rpc_client/.cvsignore
new file mode 100644
index 0000000000..07da2225c7
--- /dev/null
+++ b/source3/rpc_client/.cvsignore
@@ -0,0 +1,3 @@
+*.po
+*.po32
+
-- 
cgit 


From 6cb8656c2601254ebd04a71cc68650edcba53869 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 05:52:05 +0000
Subject: Ignore t_stringoverflow binary. (This used to be commit
 195582c4cb7906ab95e47f5a2aea4ae86a7ab023)

---
 source3/bin/.cvsignore | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/bin/.cvsignore b/source3/bin/.cvsignore
index 5cad4ba406..f03ce48d2c 100644
--- a/source3/bin/.cvsignore
+++ b/source3/bin/.cvsignore
@@ -2,6 +2,7 @@
 .dummy
 .libs
 debug2html
+editreg
 locktest
 locktest2
 make_printerdef
@@ -36,6 +37,7 @@ smbtorture
 smbtree
 smbumount
 swat
+t_stringoverflow
 talloctort
 tdbbackup
 testparm
@@ -44,4 +46,3 @@ vfstest
 wbinfo
 winbindd
 wrepld
-editreg
-- 
cgit 


From a084f06fe33eb9903489763bc34c7092080a0a5e Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 18 Mar 2003 07:09:23 +0000
Subject: Split "clobber" function and variables into its own file before it
 grows too much larger. (This used to be commit
 4bbddbfc6a97ebb11e299aa7bd07ebebeab42c65)

---
 source3/Makefile.in    |  2 +-
 source3/lib/clobber.c  | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++
 source3/lib/util_str.c | 39 --------------------------------
 3 files changed, 61 insertions(+), 40 deletions(-)
 create mode 100644 source3/lib/clobber.c

diff --git a/source3/Makefile.in b/source3/Makefile.in
index a2290e8f57..88e616de47 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -154,7 +154,7 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
 	  lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \
 	  lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \
 	  lib/xfile.o lib/wins_srv.o \
-	  lib/util_str.o lib/util_sid.o lib/util_uuid.o \
+	  lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_uuid.o \
 	  lib/util_unistr.o lib/util_file.o lib/data_blob.o \
 	  lib/util.o lib/util_sock.o lib/util_sec.o \
 	  lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
diff --git a/source3/lib/clobber.c b/source3/lib/clobber.c
new file mode 100644
index 0000000000..fb3a0dc281
--- /dev/null
+++ b/source3/lib/clobber.c
@@ -0,0 +1,60 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Martin Pool     2003
+   Copyright (C) Andrew Bartlett 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef DEVELOPER
+const char *global_clobber_region_function;
+unsigned int global_clobber_region_line;
+#endif
+
+/**
+ * In developer builds, clobber a region of memory.
+ *
+ * If we think a string buffer is longer than it really is, this ought
+ * to make the failure obvious, by segfaulting (if in the heap) or by
+ * killing the return address (on the stack), or by trapping under a
+ * memory debugger.
+ *
+ * This is meant to catch possible string overflows, even if the
+ * actual string copied is not big enough to cause an overflow.
+ *
+ * In addition, under Valgrind the buffer is marked as uninitialized.
+ **/
+void clobber_region(const char *fn, unsigned int line, char *dest, size_t len)
+{
+#ifdef DEVELOPER
+	global_clobber_region_function = fn;
+	global_clobber_region_line = line;
+
+	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
+	memset(dest, 0xF1, len);
+#ifdef VALGRIND
+	/* Even though we just wrote to this, from the application's
+	 * point of view it is not initialized.
+	 *
+	 * (This is not redundant with the clobbering above.  The
+	 * marking might not actually take effect if we're not running
+	 * under valgrind.) */
+	VALGRIND_MAKE_WRITABLE(dest, len);
+#endif /* VALGRIND */
+#endif /* DEVELOPER */
+}
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 3836d42872..8ef4ddade6 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -21,11 +21,6 @@
 
 #include "includes.h"
 
-#ifdef DEVELOPER
-const char *global_clobber_region_function;
-unsigned int global_clobber_region_line;
-#endif
-
 /**
  * Get the next token from a string, return False if none found.
  * Handles double-quotes.
@@ -414,40 +409,6 @@ size_t count_chars(const char *s,char c)
 	return(count);
 }
 
-/**
- * In developer builds, clobber a region of memory.
- *
- * If we think a string buffer is longer than it really is, this ought
- * to make the failure obvious, by segfaulting (if in the heap) or by
- * killing the return address (on the stack), or by trapping under a
- * memory debugger.
- *
- * This is meant to catch possible string overflows, even if the
- * actual string copied is not big enough to cause an overflow.
- *
- * In addition, under Valgrind the buffer is marked as uninitialized.
- **/
-void clobber_region(const char *fn, unsigned int line, char *dest, size_t len)
-{
-#ifdef DEVELOPER
-	global_clobber_region_function = fn;
-	global_clobber_region_line = line;
-
-	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
-	memset(dest, 0xF1, len);
-#ifdef VALGRIND
-	/* Even though we just wrote to this, from the application's
-	 * point of view it is not initialized.
-	 *
-	 * (This is not redundant with the clobbering above.  The
-	 * marking might not actually take effect if we're not running
-	 * under valgrind.) */
-	VALGRIND_MAKE_WRITABLE(dest, len);
-#endif /* VALGRIND */
-#endif /* DEVELOPER */
-}
-
-
 /**
  Safe string copy into a known length string. maxlength does not
  include the terminating zero.
-- 
cgit