Viewing and changing UNIX permissions using the NT security dialogs

šÐoò»a9Ç( ÁqÛiw±ù×¥4Ÿ…JŠë^&Ra¨^¶•C•EyšôuËÍ7T|¾¤ßd¨ÇpV2^Å-Ä÷ž£°Õuëq·î†E1s +A?#kÛ‘²Ö5X;Ñ`‘ÜçëReq1ü6Çì;X`mƒjS¹òb‹ƒV `ÄPù–ñƒaWáDã¢DwŠóv°i^9kÐOÅ³ñ³ÁòžqúÛF;!|úd-å½“4XÁ?HmP&:l„1ì–'‹3ô^}ÞfÒ¥™ìh‹3Aë°\ütŠã}#¯´Ì¶ÍþùÚØ´h²cKàö…‘Ì¶ÊE“5ŠVOóEû:ÇYiÌ$v®ëÇ§¯ŽöãçYûe5˜à£n6¢ÉT6ÿÅÃ—Çú³rßðÁ¥¦ Ë Ã‰o»ã·Óþ=)üßO¹»É,™Œ‡øä—Fñiyõ×Õ×Ê8endstream +endobj +1750 0 obj<>/XObject<<>>>>>>endobj +1751 0 obj<>stream x¥VMoÛ8½ûWri -Xªd9¶Ó[ƒnšîÂrÉ…–(›DjEªjþý¾¡>¢(ÙEa–MræÍ¼7þwS„WLÛ%JËEF´¾ŽÃ5w[<¯ð®%åÝB”ðòë…dµ wó…›ÃâÃ—5Å1r$Ùì¶tÈ ¢ˆé¥¥´!ÝæôdššÒBIí, d3ºx¢Æ*}¢cmD– -ëø‹3ÀbMñCÒt7·ßöä£,É¥&×<`£¥V™4mêïß¨-XmPÔ!»ôÙ -“Š‚JÄ•5çh¬ûSGIÇBrº\éŒe¦JÏö/IXR®ÏÅq´0æ8iDAœ„+ÎiîÌ‹œÕ6G-]È[4gØ‡Ä?á—ªÊ‘»kEUImÔI::›"#Ãë¶ U™ì+¡BYtzƒÊH8'Ë -ÝÅi‘¦Ò¢Ïa)=ƒêÎÂõ†Ú^td €ë™’À`üYûª¸UW\°º¢ ¹7Ü”Û| ü!ë%;“åQxÜ¯$Ñ©AÐýíÝžP’?Ä¬ÿ6¿©ÑN¤Î2‰Æi=£…ÒÀlæŒ§ZžÐPYË¬«}QvÖ¶‡™F ÔÅ½š¤ZvŠKƒ˜j™J‘{ï ²Ê‹e"(‘e ,²íÛúI”?QØÀAËs3j¬ÏËâøSUuê„¨Ü¾Ïÿ#b2å¿W?°5Jƒ2çfÂ7ë…jG~ÐëIœÜOG‹!LÁJxÉ©]î¥þáË5Åp¼ãÑo"$DoÃ8 -éÎ8Žg÷ìpÔ“*=þ©u°×~d:éÀ?ZS?2<&ë"º £°Ðçh—C0z¸ÌMMò§(+Xê•:ƒn˜øèá=«SsØN{ÖÕêQÎÔ]Õ†XÂ®ïaˆpKâ ÷€pªMS±D‡Ñ”%»ŒmªÊÔŽS@ÀX0¥1‡ESŸ:›å–Îòzgfçg/c«÷þÊ [£ßÁzÀËü¹Û’dÝ9=÷šÿÚNùâ5†8°?Nófƒ÷Þ´i‡,:Å‚ò¼TÊ!Ø@ƒwˆÙ7>oxÙéY©Z²½¦”÷ÑÅó¹2•S¸C@™-!^kˆ?Õ©Á…‰eH{èrX¸¼µÌR&P…íÛ´ëïãxƒÛ}—P²ºfí?}½ùD×æ»„9~6iSâ>œ—‘Ã`]ÿ–×›]¸¹ZáË?¹âhÿ,þBå³Ÿendstream -endobj -1763 0 obj<>/XObject<<>>>>>>endobj -1764 0 obj<>stream +Xª>ÛéA·@Mwa¹äBK”ÍF"µ"U5ÿ~ßP’£(ÙEa–MræÍ¼7þwS„WL›„Ò5eÕ" +#Z]ÇáŠVÛ ž¼IE¿¥¼üz!M6áv¾p³_|ø²¢8¦}$ëí†ö9!AÑ>»Ô¢’6¤Û‚žLÛPV*©%lF—OÔZ¥thŒÈ3aqX¬)Hº“îæöÛŽ|”%¹“Ôä:ƒl´Ô©²$“emóñýþûµÉEíóKŸ4™(©B\ÙpŽÎÊf8uÔjq(%§+”ÎIPn*¡ôlÿ’„%å†\GKc€“FÄi˜pNp'^ä¬¶=héBÞ 9ãž8$þ ¿œ¡ª¹ûÆÐIÔµÔ–A¥£“)s2¼Þc:•Ë¡*•u@ç¡·¨Œ„s²ªÑ]œY&-úŒÖ‘Ò3¨î$Ü`¬íEGF¸ž) ÆŸå°¯ŠKúâ‚äŠ‚ô:\sSn‹%0tò‡l–t0îDVTáq¿’D¯A÷·w;BIþ³þÛüfF;‘9OÈ$§õŒ–J³=˜žyDCe#ó¾BôEÙYÛFf8P÷j’jÙ+þ- öbjd&Dî!¼ƒÈj/–‰ Džƒ°È +´oëóLÂ¨ü‰ÂF:ž›³Æ†¼,Ž?UUß©^ˆÊÍáûñü?"&Sþk‘qõ#[géaPæÜLøãf½Pí™ôzF'÷ÓãÑbFS°ÞÀcòBêc—©ørM1¯À8Côë ÑÇ›0ŽBº3Žã™Ö=; ¤Jjìu™^:ðÎ4Éºˆ.è ,ôy¶Ë1=\¦!ùST5, ŽõJC7L|ôðžÕ©9l¯=ëõ(gê®C¬`×÷0D¸%qÐ{@86¦Y€¢ÃhÊŠ]Æ¶umÇ) à ,˜Ò9‡ESŸz›å–Îòzgfçg/c«÷þÊ ;£ßÁzÀËü¹Û’tÕ;=÷šÿÚ–Nùâ5†¸°?NófƒwÞ´éÆ,:Ã‚ò¼Tª1ØH:ï2(³{Þø¼áe§g¥jÉöb˜RÞGÏç.ÈÔNáe¶:„x!þTÇ&T!í Ëqýáò +Ô2K¹tB•vhÓv¸ã5n÷mJé&ê›µûôõæýÝ˜ïæøÙdm…ûXp^FŒ‚Mtý[B^·áú*Á?–šp´¿ö‹ÿBÇ³œendstream +endobj +1752 0 obj<>/XObject<<>>>>>>endobj +1753 0 obj<>stream xV]oÛ6}Ï¯¸)ëÓqÜ}è¶ºÈÃlñºëPÐ³‘D•”âøßï\’JC– ‰"^ÞsÏ=×ßÏrÊðÓUAåŠd{–%•——Éš–ë+<ø±Šj¯WIyzðÓö,Ý¼¦"£m _««5m+‚ŸoäùÏ{ÑÊR¾NèfòNìE77Ôšjl”{µýæäWÁÁ¢\&\œãFžÐu7XÊA›ŽDW‘4]oG+øM¸¼¤<—‹«dÅ—ot'9Ñî•IvÝØ÷ÆŽÜ<•/çµFÑÐF#¹›£TûåÕ”!÷~záœr¤„Ü“ï£r †SÈh‘—!k!¥rŽ†½¢±ÓT³Gç=â¥ýIcD¥ª9 m÷Ú‘ŒhIs¯¬#Ñ4Þ>B…g1€VÑAû“È2ìÌhQ=£eU¬HÉã«êýèPlôšD?Å*Y2tŸÍH8Ò^Ü+êA¿Z{®œšn_š{aQO£wVXXø—ódóÊçÑèîº£J×>¥á$ýƒ8:BÏ#jŽ¡QG’£E!CÛ)ÕÑ€p€[¡;4ãÃo¦4>ø×\:mkhDîÕŒ‚$•Ón„eÈØÔtŠvª1Ÿ -é–9$ºzaE«˜Þè,¹¤tséxN÷5JÚ}SÒ›nfDøòäâ°× V;¢ÞhxÑÕƒjØwF¦ö9=ƒü£«±è°hûF]°‡ÆÜz^ž`Žsæ'úª00„‘G‰&ït÷&”“Ñëi¸–!¾þc¥‡&ŸDô‰‡@ƒ}£·ôŽÍÑ®´ƒ@Ÿj0öøÂ}.—ý¥LŸàæ|1Lê³LœyzkÄ»,ö‚õ–ŽAªxÔÿ£Ò5wbþ¬ç…—&°y?'ÀÝ†gš@&<ý‘ë•ÔµVÕ)7£…‘¥ÊÈ‘ÑõbÈÓÃëîvÎnªA‰ `Rt 2^Œè7f‘C†“_Ô=Þ³è|u¥|@Öõ¹,{y€,,Ë²YÃNU6¼e„Ø›CÇ}îçˆ@ô«ów

{TÿïsÎrµNV—æ7òrÅ9¾ßžý~ö/8ééGendstream +é–9$ºzaE«˜Þè,¹¤tséxN÷5JÚ}SÒ›nfDøòäâ°× V;¢ÞhxÑÕƒjØwF¦ö9=ƒü£«±è°hûF]°‡ÆÜz^ž`Žsæ'úª00„‘G‰&ït÷&”“Ñëi¸–!¾þc¥‡&ŸDô‰‡@ƒ}£·ôŽÍÑ®´ƒ@Ÿj0öøÂ}.—ý¥LŸàæ|1Lê³LœyzkÄ»,ö‚õ–ŽAªxÔÿ£Ò5wbþ¬ç…—&°y?'ÀÝ†gš@&<ý‘ë•ÔµVÕ)7£…‘¥ÊÈ‘ÑõbÈÓÃëîvÎnªA‰ `Rt 2^Œè7f‘C†“_Ô=Þ³è|u¥|@Öõ¹,{y€,,Ë²YÃNU6¼e„Ø›CÇ}îçˆ@ô«ów

{TÿïsÎrµNV—æ7ò²äßoÏ~?û8ËéDendstream endobj -1765 0 obj<>/XObject<<>>>>/Annots 1030 0 R>>endobj -1766 0 obj<>stream +1754 0 obj<>/XObject<<>>>>/Annots 1024 0 R>>endobj +1755 0 obj<>stream xVMoÛ8½ûWzÙ°iKŠ?š›»mÅ6E·ñ{(PÐe±‘H•¤ì¨‡ýíû†–[×èe ˆ‹äÌ›÷Þõu”Ð? -SÊ”7£™˜Ñˆ÷ñö~Å“ÜK]K.KÕ^*å.l5ÅxO›J{‘t7ØŽÀ!"ˆÚC-Ûà~Jõ¯ä^ÑV)C…ömAta#ósÊ„ºÇô¨{Ðù42ÀkzmòûÇ{ NE)˜|‘˜l€ƒŽ©?])±L0cµgÙbˆt3åÀV#"®«Ù!üEvNöéù¥÷ÞYòhÕ¨¢i#žmuCÏ1ËÎD¾d| M?0KØ…Žºik .ŠN1"`-8ˆÁzÄ´ÓÛS?B³nÌD"èzq‹®º¸ÌÜ¨+÷÷‡·7T…ÐÞL§‡ÃAäÞ‹ ûÚºN¨¢›þ«ð¯n”›C¨ÒOµ)Ô£h«v ãÔr/{zítNoG.Yysä4¶ûóÌt¨t^Å‚AšaÖ¨”ÚAtnÞZ…(e1±¸ÿ}›4‚Þ„“¯î¯á.ÑÂr@ÿÒÙ!O5Œ ¾‡á–’Gþ¥‹³f§`”r=S²*tY‚vgdx^Ü^Z²ó(ïÓXØiÃÝGœ»3xÊ^³n'þÆq÷>óÔN‡à¸*Î`bxÜjŒñÙÚ4·?£g÷ûÿTýÁº‚¨ú/më5O‰ÑÄöÕ¹ØWÀ;î0$jÀq=w‚®{X™6pê LC®ËCÇC ¸€[îàlªê2²È¦?ÎWjä 3Àá}×´¬ÊykœbåÛªÞbês˜su8õµO‘v×™K‡ÑE¥RÅVæt8µxµýXÜ°¢ÁÆ y‡Ë!S+C^)ï%°†Š5âñ7¦Ê¶ªìXKÀhô® -e··(AzìŠ2{Û(A|þ¶Ï)X‹c@’½v¡“ØÿÝŠCO¯†—£d7ÄUF‹d.–wìýúîåšÞ;ûv¡W6ï¸žhsF„ëåxb²œ½àý¿º˜¯x/œ§xeã Ù’¾ÞŒþýFRJ'endstream -endobj -1767 0 obj<>/XObject<<>>>>/Annots 1033 0 R>>endobj -1768 0 obj<>stream -xeQÁr›0½óïèÌË8·dÚô’N[›vzÈE–EQj•„iþ¾+ìv:í Á²zûžÞî„#§‡cS P}’³œ2^»wI±fb-XŽ\pú^þNØG8ÖÛ’U¨ê Åm§Ñ&M’=nÁ+4-)ˆš‚ãBœ£Q+^³’g¯äpÓ¼¸çpZl¼ú¼{ºCÂx—eó<3;êAÁœ›<³î[s¤… }*ð²?Èt¡„ñµmJKÙAé1 ·ÇéD×³û¾ÅÜÕaòÚ#t_÷x^‘B˜ä !°õA÷Ï7hµ“# m¯Âœ>/XObject<<>>>>>>endobj -1770 0 obj<>stream -x•WÛnÛF}÷WLó"h‰¾û¥hsi‹¦I‹¨ -øeE®ÄµI.»»´¬¿ï™½Dá¦)¹³3sÎ™‹þ>YÒ?KºÎéüŠŠæd‘áãb‘åtqsÿsüI›“W'gïn)_Ðj“«ëZ•„ã<)¦¯+Ñ9ihy›ÑOF÷5¢ëT»¥Ÿ?~^}<]=Àü‚–Ë`>ÏoàbUN?9aÛ)WÑ'Ñ¬Ã§¨»JP>#AÜÑöèÊMßNé–”%ñ$T-ÖµÌhUI*zcdë¨‘®Ò%ÝOkõ(ë=9Í!,h¾<Ž‹J´[yŠ7µ[IöÞ‘õ{Ç…nð¶¤BÔµ,C—1)Ùfí d©ÜqŠÓ,úË¯²N”ƒÛ(c©¦Áyá$€Y ‚ÞÜïýþæõŒãq•pâ8†R7Bá`Ùà¯f éMxfü $º?Sö×jÀ®[+>vÂ€ -ŠwÂr¼%Ç½UO!ðZY‡Gxn,ÕpÅˆŒÚVÎ§YIe"*ÉÿN›Gë“i3úÅùËn$0Øª‚¬ë7›ºUM"ÙŽÖ½£R•íÄ‘…3IOÒà¥¬kÚhC «å3YéúÎŽ¹x/Y $Ÿ»š¡«©‚kŽ…ý°:ûœÿ:ãü*áóCþ!ž(%‰Øgô¹’`‹èëš¬Ø^Œ’ä`z ‡!‚h ;£·• -èÀIK>ï€ K.H1£ÚAß0Œ'?0ÍÀÚ§„C¨>.ìÈ5RðºñwQOª–[8äÚð×Šµª•ã*¡PþiÉå›Z@¯ížƒ/¤µ¨0†»Ö,`ïOG˜¾mÀTF#ŠJeSšx …úkd³Lš0>wœº«úqæÕVÒ(7ùŠ1’HX@|ÛäAËC˜Òc°– p@8ƒ¨FÙÓó…pk…º‘Ï¢p‘K‹z¢Xx5²kÖËM$•E§ (}1 - -½`FeotO=ú¨•Az¯Þ„^ñ¢ˆ"Î£ŒÐ}<e|ü;‰§AIgôÖ—e€µ™|9Œ‘ç ÙcS3ùš"hÇ…Yëív »aPÑOjÌéžF÷»nKˆÐqO€Ü -ñu‰Ø÷º7Ö0¢–P©/ç6Êeø÷˜UÂM,O€rÀØ{Â1„ç)° >(®oÕs(tT[o{o‚¾ÅNÎÞ¥®>=“®8{iÜŸÎ¨–ìŽ§·:ÖIÙ°ý#¼œ.3>~‘¢ô²rTØ`öCÚ^ZMq¶–tœ^FïÐ tnÁ¤>/XObject<<>>>>>>endobj -1772 0 obj<>stream -xV]oÛ6}Ï¯¸ÈS -¤Ší¸Nö°‡6kŠ`«Ó-ºJ¢$6’è’”]ï×ïÜKÚu”îAÃÉsÏ9÷\~9™Ò?SºšÑå‚Šîd’Mh>›dš__áó¿NS%¦‹ïËÓ«¸ÇËËy6Ã.gX4ÍèÆvkåŒ·}zsNÓizsv¨xsÕè´½×nƒó¯=n>P°Tû(ÿñRÑÝ‡ŒVÍàÉT´³)TÜÎô5¿å5pUdÂ©§n[yÓ7vhKÆ;¡—ÓËˆÒiÕ¶;*&ÖÞeílíTç)4*0|ÐäU§ùQ°…m„¦ÎúŠUi°‡Ú(Óª¼•—âzpE•Á7Á©ÞWÚN?ìÏÅr%UXÖ¨ÞâD'äÊë’Þ¿AqÌN–ö˜-²9³wyØª^° HªV¦Ço;æ¦5š-W¼ýÇêcvãÊz¡gkÀS£6k©4^*9”A€Ø~„^‰?IÞ;¤{~¶5àŽUêÔ. -‘kðÉ€Ž¶à4˜°réÓ™Š†”§¥¹Ì§àd¬]M¼%€4ÂþÕšrÌÒ;Ýk'Ç1œhHÓ—Qã'îöäM)ÀÖ6pj{‘üZë2£;P,®ÚÛ¾&€èS9|U)Ï½É{ZÞ>œ“jÖÖ ¾2ž ìŽ:®ºÔkÝ—ž¬èFwXØzÐX¡Zl×0˜WÚR|ë8°¶úÆòÀ -íýpÎÄ ¦_®PG/V¡^óñíQ©ñáD–;‡ÉÎÉô$6å>Ñ´µÎ£7ïÈ`§€ùES×lÈJæ@,R„³ÏðgÜ#U)fÃÂÑérå–ûƒK(Aéžû²d’øœ 2Æ""W>£wxEEÁNZONšÚô TÎÇ2‰:˜€]¸L‘›¶ðû´^Dá=N?éJ¤ß¡i‹GÈ®ƒùäÚø—ú¡Ëa[œãÅ(&,`ž8oÐ6‰æãXÆJu)R¹ÿG¤ -c[@æ÷ŽÄI03N¯C€Èá€½ “¡DÖÀ†BKóò>ÕÎ†™Ïåõ]ž¶¯$+¿‡èô)¤Sœ_0¥LŸqØçÜªÖè#_8«RcÑº<Ä”ˆ$FYC[™IO¦×€îS"ØÊ;T-ƒæ9IÎÔM”§S’´pþ!Ù0,q<‚Çís‚è¹˜½þ¶gG[gy$U©1OJOùŽ>ñ^Ò"Î¡Â:Ç^`YÐ‹—$Qb˜p¸îã¤µê‘Ö=Ž+|&?;éÏåýOoyý·/³Í)#nÄ´å!i‘¾¨™íû#©´vÀ£Çå¨²„û^õ»}š9½¶ŽÅ‚åUY2ç#ÐÇÈN©´&oÄÇù˜èÑ‘Ò ÑÏ%‘BŽ4Ò_×êE|™d*jì¼¤´0P\ë{S8ëm%Óñâîù ŠG&É·0œ‹èá+qO±¦×7?ÿ{x\fô—áÍ_Ò··ÿpqŠÙB§R4¿}š‚!i´ -—ŠŠgú£\VüÅÖaJájÄ–xò1Kuv`ï`µ -Ï¦š–rÒÕÆ!9*Ó\JÉ÷–”c½`ÔžÓÅùáÓïÒ–øžKÉ1n1ôÍ¸C1•ëýsSµƒx/‚w¹®qB?!Âa–‹@ÐÃ‡ÒG =£‘q¦mËW7Hˆ˜¨œíxÕÈ:‰«£$“‘ÉüáÆdä‹ÈS¸ÉÄžì„ƒ¯WlŒ(g·qý£ƒ( {q{ýíýjoÑÿ÷²>_\g‹W3\÷qyœÎ'|ÒÛÕÉ¯'ßt$endstream -endobj -1773 0 obj<>/XObject<<>>>>>>endobj -1774 0 obj<>stream -xµVMoã6½çW|i²°µ–¿sè!A»ÀÝnÛ( -äBI”ÅDjE*Šûëû†”½ŽìME‘$qæÍ›7óõ*¦)~bZÏh¾¢´ºšFSZÅÓhF‹ÍÿÏð×HÊý‹Åì6Z\z1_..Ÿˆ7«huéÄrsþü~{õþÃ‚â˜¶9P6kÚfDÓ)mÓëm¡,™gÙ”¢®•ÞQgš'K‰´ŽºBjr…$[K™á³œ2eŸHèŒ´tü%‰4•Ö’@9VUªÍ˜ -ñÌ‘tO¥r®”$ó\¦îfûåjJ“xŽº¶ÙõëøÞhIÀSµiA»F -'…”&êcÌV 1¶€—É\´¥£gQ¶þ|¼šocJZ<;ñRËFUR;á”ÑÀÉ…¢ÆŒóî¥#gI+…\¹©ªDBø™åp©žd¹g¨ˆcž¾§S%¾ |•€:Îj÷ÖÉ -Üé}'öÝõp7hµ\B;]¥Á µ’ûØ©h-Ð›–Ñ‹²4)h£JV9[%7H4ªÜ{îÞ¸¥`1Læ‹Àâl-"ú$^è¥R¾M§š™ÌÖÐÈ¾sdh\[û*ÓRK/+FåÎ8Åù*ñ¢ª¶"×mv…ü-Ç•B{K¨ÅY‡s÷µ øA ôðé~Pojª -„ÛˆþB©)4a¹a ûÇ‡ñ-xU"È³ó QkY”|€‘ùBéGùCJÚ*‰R£óˆ~5(¨ï-:‚ß³´@Èê¯-OÎOIí‚"µy{˜•¹8êè] ø]¨%D‰h‹zîµ7è²zæÄq´Üè!0‘°4gX¶þù ua´i.|{†ÃöÑf _™^£ÉÞIK×'œ<Þ„RÃpÔÆZ•À|YÖT$t±'ÌdnšŠÇ‚Ç½S® 1€f1ƒ%{A/%èZ9Ñì½ÑðÜ{{â9á4šfÓÅæt2 $Ãsb%t*©nUö¬BM•ASa‘K:˜Kßu?Ùì -F¿9NËˆ~1;*‘®äb.ÎÓÇÜÏíAÈåáØ¥5ô¤M§ .5ÊdÒöÑF7T¨¼°¯”ajˆé´-¬¶ÁüÁŠw€ß˜ú\Û=çB§’å„Úð›È@WÝÏs^¶¶è‰`t¹BEÎ}’ClÈ{éaªy.\WÂnµ…*ß$jÑRdÔˆî»>/XObject<<>>>>>>endobj +1759 0 obj<>stream +x•WÛnÛF}÷WLó"h‰¶eÇ/E›K[4uZDEPÀ/+r%®MrÙÝ¥eÿ}Ïì%¢7MaØ°È™sÎ\ô÷É’øYÒUNç+*š“E†‹E–ÓÅõþÏñk$mO~\Ÿœ½Mù‚Ö[˜¬®®i]Ž/ð¤˜¾©Dç¤¡åëŒ~2ºï¨]§Úýüñóúãéúæ´\óy~ ërúÉ ãøØ^¹Š>‰f#è>EÝU‚ò jåžvGWnû¶pJ·¤,‰G¡j±©eFëJRÑ#[Gt•.énZ«Y?“ÓÂ‚æËóà¸¨D»“w§xƒP[±“ä`ïY±w\èoK*D]Ë2¤qÓ˜’m6Þ@–Ê§8Í¢¿|•]p¢ÜVëH5 Î'¬°Èôvàþtx'è÷·of«„ãÇ1”º +Ë}4£HHoÃ0›àO( ¬Ðm<ø™²¿VvÝz\ñ±FTP¼–ã-9îz×Ê:<Âsc©Ö€+FdÔ®r–8ÍJ*QIþ÷Ú>/XObject<<>>>>>>endobj +1761 0 obj<>stream +xV]Oã8}çW\ñÄHÚÂöafØ¡ÝÙ¥ÒìJ#œÄI<$qÇvÚéþú=÷Ú-%°B@ÕÄö¹çœ{®¿Li‚Ÿ)]ÌèlNEw0É&t>›ds:¿¼Àç~¦JLç¯¾GqÌN–ö˜Í³sfï6ò°V½`TLÿÞv:4ÌMk5)º[ðöŸ«ÏuÚ+ë…žµOZ¬¥Òx©äP>bûzm$þ$exï’îùÙÚ€;V©S›(D®Á'R8Ú‚·ÒT`ÂîÈ¥/G~(RžîtÈõ`¾¼'cí¢hâ-9¤ö_©Ö”c–nt¯Çp¢ M_FŸ¹Û“7¤t.XØÀ©õNFòKËŒnA±¸jk7ú6˜¢GLåðU¥<÷$ïéîúá˜T°¶nð•ñe7ÔqÕ¥^ê¾ôdE0ºÁÂn\ÐƒÆ +Õâ`»„ÁD¸Òöâ©ãÀFXkèËƒtgWè‡cF N0ýÝuôb*à5ßUNd¹s˜ì˜LObSîMkë>IÔÁìÂeŠÜ´†ßŸ¡õ" +'è~úIW"ýfM[<ê@vÌ ×Æ¿Ô]›Ø +äì/F™0aóÔœÀyƒ¶I4ïÇ2Vª½àH‘Êý?"U¸Ûj2_;8'ÁÌ8½A"‡¶"€4L†Y +Y,ÍÉ}ªÿ˜ 2_Êë»<+l_IV¾†èð9¤Cœ_0¥LŸ±ÛçÜªÖè#_8«RcÑº<Ä”ˆ$FYC[™IÏ¦×€îS"ØÊ ª–Aó’$gê&ÊÓ)IZ8—l–8Áã¶9ÁôXÌ^?íÙÑÚYD#DIUjÌ“RÆS¾¡¯G¼—´ˆs¨°Î±Xôâ%I”&®Û8im†z$ƒuã +_ÈÏNúóîþ§¿¼ûƒÛ—Ùæ”7bÚò´H_ÔÌ¶ýÎTÚF;àQÈãrTYÂŽý¨úÍ6Íœ^ZÇbÁòª,™ó‘èÇ}d‡TÚ“7âã¼OôèHièg‰’H!GéïËVõ">‚L25ö^RZ(®õ£)œõ¶’éxzû‰|PÅ#“ä[ÎŒEôð•¸§XÒ»«Ÿÿ=<Î2úËðæ/éÛÓë¸8Ål¡C)šß>LÁ´‚Z…KEÅ3ýQ.+þtí0¥p5â@K +<{‚¥:;°w°Z…SMK9éjãÆ•i.¥Îä{KÊ±^0jÏé…‚âx÷éwiK|Ï¥ä·úfÜ¡˜ÊõvŠÆ¹©ÚA¼AŠ»\×¸¡Ÿá0ËÅ èáCé£ „žÑH8ÓÖå«$DLTÎv¼jdÄÕ^’ÉÈd~öpc2òEä9ÜdbKvÂÁ×«6F”³Û¸þÑÁ‚‡”†=½¾|ºE¿Ç[ôÿ½¬ŸÏ/³ùÛ®û¸>/XObject<<>>>>>>endobj +1763 0 obj<>stream +xµVMoã6½çW|i²°µþ”C ÚèvÛÆ@Q J¢,n$R+RqÔ_ß7¤ìudoz(Š$@ ‰3oÞ¼yœ¯W3šâgFë9-bJ««i4¥x6æ´Ü¬ñÿ¤Ü¿XÎo£å¥‹Õòò‰Ù&ŽâK'V›óç÷Û«÷–4›Ñ6ªx³¦mF@4Ò6½ÞÊ’y–M)êZéíMód)‘ÖÑ¾š\!ÉÖRfø,§LÙ':#-I"M¥µ$PŽU•*E3¦B‡7ZðTmZÐ®‘ÂÉD@a¥‰úó¤!Æð2™‹¶tô,ÊÖŸŸÅ‹ÍrLI‹g§ ^jÙ¨Jj'œ28¹PÔ˜qÞN:rÁ´RxÀ•›Ú©J”!ôx€ŸyPŽ—êI–CEóô8{UòqPáÂW ¨ã¬¶³NVàNw{ÑEt×ÀÝ xµ‚vº6JƒAk/$÷±SÑZ 7-£eiRÐF•¬r¶ZKnhTÙyîÞ¸¥4Àb˜,–Åù4ZFôI¼ÐK¥|›N53™¯¡+}çÈ:Ñ¸¶öU¦¥—^V6ŒZËqŠóUâEUmE®Ú"ì +ù[Ž!+…ö–P‹³>?æîk)ðƒèáÓý ÞÔT·ý…RShÂrÃ@ö!ã[ð ªDgç¢Ö²(ù#ó…Ò4ò-†”$´U¥FçýjPPß[t¿gi1Ô_[žœ! +ž’ÚEjó +ö0+sqÔÑ»@ñ»PKˆÑ5ôÜjoÐeõÌ3ˆãh¹1ÐC`"aiÏ°lýóAêÂhÓ6\øö‡í£;Ì¾2½F“ÎIK×'œ<Þ„RÃpÔÆZ•À|YÖT$tÑf27MÅcÁã¾W® 1€f1ƒ%{A/%èZ9ÑtÞhxî½=ñœpMóérs:™’á9±:•T7ˆ*{V¡¦Ê ©°ˆÈ%Ì¥ïºŸlv£ß§UD¿˜•HWr1çécîçö äòplŠÒzÒf¯ .5ÊdÒöÑF7T¨¼°¯”ajˆé´-¬¶ÁüÁŠw€ß˜ú\Û=çB§’å„Úð›È@WÝÏs^¶¶è‰`t¹BEÎ}’ClÈ{éaªy.\WÂnµ…*ß$*Žè)2jÄþ»Ãa|U0=4æÈéÙH=˜ MH™qQ2¥ØŽXaÃÚŒú{Dâ~À-Z`z°ði¾Yü¾<¨ +¡¸ˆ1tƒVG—~éçOŠè³æËFÍ]`É¢æÆ7ÅºŽèÏFá6øWµîŸý'¹†(GnÿW½¾Bü¦`4ãvùŽ`Øë+Ö©`ö¹‚G'©lÐ¢—Æ5€]Ë¿Ã´úM½øho{eP +ÁÃÞø®ÀyeÎ›~ñÅØ»7Š·a•y¸ûtG¿5æöRúÉ¤íq/äx“ÃÉzzË«Ïù†´Œ±m¯æX£ðz¶Øð±Ÿ·W¿_ýiqÛžendstream +endobj +1764 0 obj<>/XObject<<>>>>>>endobj +1765 0 obj<>stream x…V]sÚF}÷¯¸ÃKœ™XA€1îLLZfŒM<ž´éÃ"`cI«î®ô×÷Ü•äÄÄMÆÒÞ¯sÏ¹wÿ9 ©Ÿ.4SœŸôƒ>_Œƒ1&ø<ÀŸ‘”6/úa0:~ñ!:yÿñ’ÂŠRøOBŠ‚Ÿ~Ÿ¢øtÐ&2]Ó4S²pömô# q-Î%§w…¤R«Ú ‹°¥6N&ä¶Â‘•Î©bƒ/8d´Ó±ÎÈišÞÝÏ–7+2¯.èæêvqu; ØI”‘§bŽŒxá0p<[JxW9ÜídŽÔèóijtNaÿé½eçá9úü6h-cÔË9Ù @@ -4007,19 +3998,20 @@ L °Ì°ÙŸ7ÆQ\ˆ»øº@:É$F—Œ¼ ÍGnø<ì-Áj^~x¨ù$¼üÚ9O½Æ@8P"KY$íÔ`zylAè³ìç&“ÙJÉá¡ø=õžÏµmØ®=XðÕR…2U<7u ®ÑTÇ[#€/M@6Du˜|<‘C;¬J¼ˆù)ï…˜ùÜŒTg€šßÄºˆ³Ê‚¤ö—ÕŽCsl É<°‘«2{Ü˜¬¸º®ƒ\ÅF[Lxa;â ¬Jl>œòìá¬ŽŸNñŸ3ªœÊ”SòXßõVˆí¦þ‘b§ºHÕ¦ÂÖh\žó”š/A†²Îÿú½y4žãóAÛª‘Ozüqòq„³endstream +51} \íÚ¯º¯ã¸¹oøØ¾‘¸à=æ…Ø#}º—9´ÆîÏpÃ}-9 âïøú|OºÇl}í(¤q|N¯*§¯•½ˆñ«xaøªÙ‡$ø]gòZ:¾X½f9úÞ2ÂÆ§HÓ wræ—²ïÓs=ç?±9£ßï–+^ä8þÞêözNS[pó¡þ‹óÍù÷'íµ6áæ<Òø|L×ÕÕâÃ-þâ«ÓqÅs·Rí÷íY8ÆugýK>ÿú½y4žãóAÛªá%'1‹Nþ8ùq¿³ +endstream endobj -1777 0 obj<>/XObject<<>>>>>>endobj -1778 0 obj<>stream +1766 0 obj<>/XObject<<>>>>>>endobj +1767 0 obj<>stream xmUMSÛH½ûWôžBjc1ú°lrƒ[®]¶¼…9ä2–F–@šQfF8üû}=’XÖ‰)(ªi=½÷úuó}“ÀWLë„ÒœŠn!"AYGÊ6küžàÛ*ª7ûÅå}FqLû ä›5íKB»´/.¶äm£Jzi¬dÛ¾~©È×Š¯:GÒ¾1MåÒIê2ŒÆsè SÝ5u²T$©lªJY¥EÞåãþi!h§Q 'éÂÃÎÏÊ“éù%.¢'?X~”¦Äs‘ÛÆQÁà¡åˆXýÁ¿ÄÀµkJe}œÅL çªáä ¡GÙ$5í 5zA…³þßÎ ÂÖu£Õ/2ÍÃúÙ8[Æ8ðLè`Íp¬=šÂF½)ä89ª,&ú4°zÎp,F±ÌÎtj}ˆÖs^¤kÒê4Ï´%íÒ4eµZ>\‰"Ð8œ˜À¦¿õÄÂ×@:á(ÐÑ˜òó™_Ù ±˜ØaP}Øò’r!~Dí¨ü9Ñ¿Œyf?¥'ç±rLä~¿ƒÁ |úÏ|I‡} lãìÅÐcF¥ã}Ü’úÞp`j& Â „0M'Ñ…éöÖxS˜÷Ü› -† 8à¦cÂ€Âšã4õÊV¦“|)O¡ý èû€ëËŠŽÇiõ7Ó%s\ùMJÉz:|×7×´³æ ã¡ÛéDãÍ6/ç–kãQ^$Øýˆá}Ï·eù&ÊW þQ %ÎR®Ýíÿ,þòïð~endstream +† 8à¦cÂ€Âšã4õÊV¦“|)O¡ý èû€ëËŠŽÇiõ7Ó%s\ùMJÉz:|×7×´³æ ã¡ÛéDãÍ6/ç–kãQ^$Øýˆá}Ï·eù&ÊW þQ %Î×îö‹ÿòÑð{endstream endobj -1779 0 obj<>/XObject<>>>>>endobj -1780 0 obj<>stream +1768 0 obj<>/XObject<>>>>>endobj +1769 0 obj<>stream x¥W]sÛ6|÷¯¸ñ‹”‹)YyKe;ñ$‘„™N§î‚j’PH0²þ}÷Ò’Ùf&mÇc›ÜíÞÞüí,¤¾BšE4ž’ÌÏFÁˆÆ‹IÑd>Ãs„ïRQzöÂ>uËùa<æEüÄ¶ámxIW†>¹a0ëîÿ%>Þ,(Qœâ”élNqB7Â'²¿ÜŠU%Ea@ËR «‹ ½-M½£ûÒdZèFgªzÿéÎ gþœÁ˜s“>6bë¯ºHÌ¾¢ÞâÉ¯œP6+£Y0å•¿™š ¥²[Åó6shkJ²†*eÛW¥I9ýÞ5û€)TÏ³í„ÍÑžÏ¸\HçÖ´…néŠy,¡Ð{þÍ‹ýÍÁÀu.# ˆOKªœç&Îsy=“ \åkÌ-x‹à¼'·[Ö•E·ù™_mõvc·GÁÜ_-»…ãº„»ÀtL<·?,æ÷¶é%Ïâ¥“Cî-Ù”bÓ£ummãÑÃ›—2Áe,éÿðØ–•[ïÛkót"Iw|#BÔG"I<œBíi'ìö‚Ôæuw|Ê×Vå»‡‡Ô˜µpªþoYy¨0Fë1ž¦Ç 43çüBÔÖúù‰ëÅ9N—q×?ÇÉ‹èNªt¢>î¤ÕÞ£îÞó¼•h€æºÓ“[<;Ý¢Dÿ+—•Ù7‰@¬¼Ÿ%tÍƒpqt°7¡bÍ7Dvf?[O;¨mŠ¦›óãÝ;EÁåØò_Üô'Óy0½äÿ: Êpâüý:>ûtöÇã°endstream +ñó±Ì·$ò“ip9{ ©sXFŒoÁýÞ5û€)TÏ³í„ÍÑžÏ¸\HçÖ´…néŠy,¡Ð{þÍ‹ýÍÁÀu.# ˆOKªœç&Îsy=“ \åkÌ-x‹à¼'·[Ö•E·ù™_mõvc·GÁÜ_-»…ãº„»ÀtL<·?,æ÷¶é%Ïâ¥“Cî-Ù”bÓ£ummãÑÃ›—2Áe,éÿðØ–•[ïÛkót"Iw|#BÔG"I<œBíi'ìö‚Ôæuw|Ê×Vå»‡‡Ô˜µpªþoYy¨0Fë1ž¦Ç 43çüBÔÖúù‰ëÅ9N—q×?ÇÉ‹èNªt¢>î¤ÕÞ£îÞó¼•h€æºÓ“[<;Ý¢Dÿ+—•Ù7‰@¬¼Ÿ%tÍƒpqt°7¡bÍ7Dvf?[O;¨mŠ¦›óãÝ;EÁåØò_Üô'Óy0½äÿ: Êp2”ëøìÓÙ_Æäãendstream endobj -1781 0 obj<>/XObject<>>>>>endobj -1782 0 obj<>stream +1770 0 obj<>/XObject<>>>>>endobj +1771 0 obj<>stream x¥W]oÚJ}Ï¯õ…T¤o4IoQB’÷æV²T-f7¶×õ®Kù÷=³kÂmnu[EM¼;gÎ™¾ùÔÅOÃ€zŠ³£®×¥Awà ¨?â9À¿RÒÒ¾8íâÏŸ¼èz^ÿg/‚³³¿øJþÐœg~è ½½ NÞ‘ß§p‰Ãƒ„»] ããÀ÷Ï÷h–,$ÍEI7ÊHý:ü‚[}ò}w«qëø“ªH¯U•.HÍHr2kI³É©%mU…ÛaŸ*Ã+øt,rª´$Í¡õfAFáî%Ú£{)ðLd8Vˆ•ôØq—:ÁùÂáCbÖ4Ù\tzƒ*Òb-(Vþ¬ù$+Tið&µ=E@"ŽU•’|eåÒ™Þæ1eÒ¬Õ¢qé÷€\†ˆŒ6b»³_J›©M¯(Õ2I‘Ž4&5 œ•ðŒÿëJÎ·ÔÖì>ðžïr²ˆME¾F•[ª¾„z€Ä\}L6b›õ\²g\Ja,†ö’V… €åß$ƒD«RUEã‘’å¿»ZÃß`±K§[JUÌŽ¸`7áGdé]ŒC²€ÔTˆU‘ ¨æÌ‚ö¹È$%†+__›Žo~OÏ£3”žü._à##ó\YRëDå"…C &Æ’ásÂìzn–âµÈWRÛ”´Œ«21[æ²Ø¥°,Uv€ŠÊ-ö%'$r8J€Ì´ÔÆY«¹W‹:_m\Yœ(\FìœYxvïKß£¿@aHîHÑAÎ¹I–[ë‡:ßÖ2À}üÍ¨'g<$ù‚#¿ i&KP…úÛ}ƒäUb™<)swƒj¹Æ‘Y’îðKò¥*3aP°Í:+å*Ñ¼¯ò<1KÅÈ±HåöÍÞï¯.?}¾¾=_žŽÏßOn.£hvû.|ßãišÄ¥Òji¢è)‹(:¯J0Ïü )ÂuÝ9å^Ãsm¾Éäã.Š½3G›CC×Þ$8ô¦«9>Õ¶`|ŠÖÄ±LÍœi @@ -4041,70 +4033,76 @@ x r@ê¨/·¼ƒÌb••aúDÇ¡‚’ 6Óèg<À¸sÁÐT-ÒÐe,âõžê¸1nDnÇÜo[Ã®ëÈü¾Ù&§=ŽT&I¡ /zM“\ó”¨sÂ,Ê„[¹¥k„Ú¶uZÔ´Dë9J”ö €o"de ü$Ã¸fý$ŒžZ^×<ÑšBb'ÿÜ±åƒi…É[Ï«¬Ò”øÝtÁ}ˆ„ƒr‡;ª%å6µà"¢4ÓÙÎûF•Ú8j‹ÃÒ:FkËeì»‰vVÌ´%¶fYMÏ-²$gyðh¨qˆë9ÜÁ„çU™EÁ`HÏó¶/;Më¾OVkdœ&ñ£åœµ¦[:¯×¢ Ðhc¥26ÔB ˆDê–³ú;>ÏŸyãAueu‹Œ˜ÿ¾å™s¿p–å‰†ŸÆ[t¼K½_å±Œ^ÿ¾ÓgéÌ+cP·Ö¹*¶˜¨€ÒÄéÕ,³Ä7Ã! W4WßÛ%;·ªEÎýðáY2k¥ÑŽ_‘Àî& -C)HçH™¡$˜q<˜Úh52w»®íˆ×ÊœÁzW`;iÃ>G+îùÈÉ£gÎÝzÈeÛ¬“ØõÐFdV¬hµ˜ž<Ïç©Ûlµ]"Ç{vKã1gCÈ¥–yžðìÆ³óL Ö¿Â£ËÕô/+:?gÒ§Î½°§“‹Ëñ}ø>ŠJ¥L+)VVU.ÞP¶mžkÐÃZŠ5ù´ï.´¥9y£Á©Ý1V®G·I5©Ç¢È—»ë\ò$%<µE¾å£Qê%¦3ðtå¸½âóËj«®•5N1^ýÍçFmx|ûØpØêÕm¬ûr®wƒÝß²-Wèƒ-n??y÷ßýhTwH¿ŒÏz4ö¬gãéÛ1÷¡/\óWöÛµ-ký¾ zÔvÏ¸6/!ê£€ƒSþÆ…c~ÿ”¯_†GŽ~Ž@Üendstream -endobj -1783 0 obj<>/XObject<>>>>>endobj -1784 0 obj<>stream -xV]oÚH}çW\ñ²‰lÀ¾¬È×*jÓ¦jw%^&ö€§±g¨gÊ¿ßsÇ¶BØt…UAì™ûuÎ½çþè„ÔÇOHãˆ1%Eç…ã ªŸò—0˜P<}~yzŽèÒÐ××…ý`ôòX÷Â³Q0 ádŒïþJIËÎù¼sz=¤0¤ùÎâÉ˜æ)áx¿OóäèÒhÐß¦"m6”‰'I‚Ö¥Yª\’Ë„£Dhz$SåœL©²J¯ðF’Åƒè!`¸jnXrÆäÁñü{'Š‚¨R/“AŸGßt*Kúúû••d–TgÊí³‘¥) [pÒºÑÕÏ$z¿8,ðéïªœRá„wÙ§^8@%ákÎ‘?J¹¶”JûèÌúÙzeÅC.ý ÑFÁ0Õ—”%ü -²2©Jå¶”d2y$-7HŒþTˆtcé¯;Z™‘oQ£óíî++Ë'•HZÜÇÝ8.ÈNtMISå#IéI 8]•¦B˜&WÉ–”¦iâà¸T¥L¸>ÍQö½ýÐâ`ÈÑw/L±®J|aôRªR8eôb1M¥•uü?ìÍe±Î…“v±˜m“Åbñ 1Ó] :ƒwÚxŸ;°`Ê½ÌFËÒfjÍ0Ü«Ö]›PÛ.ßé!ï6Ä 6)G63Už2¯¬t\Ûî•fTÒnÚ7ØsÙŸ`Y°Ï·†¢ÿ®Î^|B‹Ü¬*ù;Ýà¦9a2iÚ‚ç@ý²7vìý?×Õe@a•á¸²ž"»ñÃ[|\¾¹ƒ™BÔ@ÍGùfw¹IDþ C)’l/‰÷gãx#´/–C³p€›ÔøVYš<7Æaqô98Ç-Jþ }ÀÍ8Ú -#Á75ß¦Êó¢¶q6¦|ä4š—´A¹÷Dj -;oÇž„§×I3_zhöÂá¨îÂE‰=z¡Ý“ºi_¶õÛ|ö×å†‹]{!9”&¯Jý—X½?Ó]•{ßä˜ÉÒ|Zñ{0 ±b¡o?ù7Ï‹¤fc½BdXô´ÄÈ²É›¢ é4ÇBt¼¨”r Éæ#ü¶1ÁZéOq‚;‹V’«$©n¿Ü°²Ìúe´ÞùR¬Q¯Õ¦U_Žüvó¸—h©×Lì³zÒHYÆA|Ñ¨Ã³ Ëlz{>å%ç;PÃš’T<^½d±å^cóž¨7îŸñù(¢ h¦RI»¯ÁÚÅG‡ñ$ˆG¼üãX8ŒùÙÕ¼óµó4íxgendstream -endobj -1785 0 obj<>/XObject<<>>>>>>endobj -1786 0 obj<>stream -xWMo7½ûWÌMIáÈÚµ"9rHÒ0Ð4)¬ -äBíRZÆ\rKr-ëß÷ÍpW’…Ä-;Ò~pfÞ¼÷fòÏEA3ü´,ézAU{1›Îèõ›rZÒüf‰Ï%~ƒ¦Ü¸^.¦‹Ý(Êb:?¿ñ~uqõé •3Zmd±¼¡UM0Ã•êÅ‡FuI*Ë)ÝéªÆméNµkõrõ]Þ,–ùÍW×sä³ª_àÑbJ·._÷U2ÞåGçTÃ£åâÑUc"9Ÿ4íT$•’ª]Sò”Ã ¶rzƒê¬VQËÃx2’ITy—”qxA92mçCR.Q”4Óž6æqJ«Fsø½*®s~Æm|h'vrD£ ê:ktä¤F2.&e<Œ˜Ž¶Úé ìôGÕÏ‡êÕ_‘qj|L´FÚ5uU>Æ£V¹ýYL¿RaD¶A«¤qhjøÒo‘-Ê!ß§hjM{ß`ÑêÚàIr:í|¸ŸÒû=Õz£z›ÎÐÈuîŒµ¤ªJw«Ë©âèà[ »—R.i×˜ª¡V+Œ$`6‘Bï¤N°×ô CdxÉã³æ¤ N>$RmBÚ=7„ƒIé€2$N…F¯5éØéÊ /{zè-7dmµ´ç—Üúâ4ÇgØ"Èa60x¡‰‰W1¡ð/ºÝã?9á¬À/kýn‚’êñJÝ~B¾cÖ'ŒízŠ´7gÀò%³íC&ÚÆXDðä’–ãî(Ñ¥iQÀ6 NRáÆT”ÛJ!’Ù”Þ9ÒŠë¡ÖlðKÿšÉ8£7£¼æ’¶ åÐ[* ;({ZPó(7Öìª„0‡¯×òu,dÝÈñ†‡ðø¹šå¨§ª4 ý4Í¤:)øîóû±¿‚¢kb}¥,7¡o/ ¿ca¶]Î{)]G¹A 3´d@î1ÍAÖÕã¡˜RÞ<–Fï8žd!Y‚TAoÀ‚úÉ=øLôÌ]¦»¦ -æàÎµ«ÙŽ À±NU÷:‰ñä3•ÍH F«Â=ÛZBøY“vìlFàî:Õê é|xÖf®G›1,‘ªôÿq™£¾ò3ésÙhø+D3Éše1qáx,ÓwJZ.¶ÂœK‚¢Q`†¢Û»ßþ@õ¬Ñ€¯_¿~=~í|÷ßé&°Hó¡÷q4ƒÑóeÐ´ -åt4bÇYr:;LŒñáÑ9þÆuvšªí‰W¬57l®½XûèÖÜgçØxötò50ŒÐ‘NÍ/dýÈâƒØÖ€õˆ6ÇxK{*8ö0mm'Å`3™\2[Ù¡c'‰ìLjÐ&aÖ…Äd”‹d8¡ØÃñAX|™]òßârLy^g{¡+Äzß!€c„‘ÕÐù$‹BB öìNg¯g®u'bB†Ò /wÒ#…É,¨_âØ³à4»Í-›8vÖ©o[œ!x8~ÄE™!ª–mFÒýÝ¸þñ¼õ·yžã ŸÌc bÒz°5…a?h¯è©§1qQYÈ“8rûøÇY“®ëfÎG“ÞgÃØbê)Z}x"Ñ¦‚îìž×,¼À›@^ŽT«X!s‡ðp;‹ë;ÌNéxùBòà,¼…A,¨¨SS§Ü˜çÿÑ¼ØöœJÇ¬?Þ+O·Ãq?šÆ¥Ø2õéq^WŸNgÉ°!~fê´çyÇ]9¾Â™ÉHâµ%ÏQ¡_2$díÝ$‰Ê16;øC}X•pß„Ñß˜šFv²¢ë†â}fO[ï!ÌZ«K +C)HçH™¡$˜q<˜Úh52w»®íˆ×ÊœÁzW`;iÃ>G+îùÈÉ£gÎÝzÈeÛ¬“ØõÐFdV¬hµ˜ž<Ïç©Ûlµ]"Ç{vKã1gCÈ¥–yžðìÆ³óL Ö¿Â£ËÕô/+:?gÒ§Î½°§“‹Ëñ}ø>ŠJ¥L+)VVU.ÞP¶mžkÐÃZŠ5ù´ï.´¥9y£Á©Ý1V®G·I5©Ç¢È—»ë\ò$%<µE¾å£Qê%¦3ðtå¸½âóËj«®•5N1^ýÍçFmx|ûØpØêÕm¬ûr®wƒÝß²-Wèƒ-n??y÷ßýhTwH¿ŒÏz4ö¬gãéÛ1÷¡/\óWöÛµ-ký¾ zÔvÏ¸6/!ê£€ƒSþÆ…c~?àë—áÑ‡£p@Ùendstream +endobj +1772 0 obj<>/XObject<>>>>>endobj +1773 0 obj<>stream +xVÛNãH}ÏW”ò² ;Wæen+4ÃC2Ú])/Ý‰{°»=î6™üýžjÛ"d™"+@ vwÝÎ©:õ£R?!M"Œ)Î;?(œQý”¿„Á”Æ£AÐç—§7áˆ. }}ýXØF/õq/<N'øá¯”´êœ/:§×C +CZ¬àl<Ð"!ï÷i]-úÛT¤Í†Rñ$IPQš•Ê$¹T8Š…¦I2QÎÉ„*«ôo$Y‘?ˆ†«æ†%gL/¾w¢(ˆú!õ¢I0DðyôM'²¤Ï‹Óè£¿_YIfE¹Ð‰q¦Ü>Y™2–°'Í¡Û9]ýŒS¡×ð‹ÃŸþ®Ê(Nx—}ê…T¾ù£”…¥DÚGgŠgë•™ô7€DoÃñ¨¾¤,áW•qU*·¥8•ñ#i¹Abô§B¤KÝÑòÈ”ˆ|‹Âmw_YY>©XR!p3\tã¸ ;Ñ5%M”$¡'%àt]š +ašLÅ[Ršf±S€ãR•2æú´@AÚ÷öCc4CŽ¾{aò¢r(ñ…Ñ+µ®Já”ÑËå,É•VÖñÿ°·y‘ 'ír9ßZ'óåòb¦»t<ï´ð>w`Á ”{)˜–¥MUÁ0ÜëÖ]›PÛ.ßé!ï6Ä 6)G65U–0¯¬t\Ûî•fT’nÚ7ØsÙŸ`Y°Ï·†¢ÿ®Î^|B‹Ì¬+ù;Ýà¦9a2iÚ‚ç@ý²7vìý?×Õ¥@aâ¸²ž"»ñÃ[|\¾¹ƒ™BÔ@ÍGùfw™‰Eþ C)ât/‰÷gãx#´/–C³p€›ÄøVY™,3Æayô98Ç-JŒþ }ÀÍ8Ú +#Á75ß¦Ê²¢¶q6¦|ä4š—´A¹÷Dbr;o—Çž„§×q3_zhöÂá¨îÂe4ž{xž@þ@/MkÒ~©=¡£Ø±už²ä8†r)aúìIˆ86•vœ}ÏiÉÑ¯½6Ãáöøºs'J×=¡î}¥=Wßgn±-$¬åy|€‘6¦/02£[—Æš•£[tÀZæŒÁ<°lošN…åáõ»†D x³$9½—¹Áh™kQô”F›sUñâ€\.M…íµuùÃÇ;?°Úš»æ‰˜r”™±ò°xp7u`„×HÝãºà?ëÍ«-ö6¢_ý,0oÁÍOÂo¬•þ'¸³a%I±z@’êðË )Ë¬_Fë/ÁõZmZÕúåÈo7{ù€–zÍÄ>«§”…á8ŸE4ê‡ÁðlÊÂ2ŸÝžÏxÉùÔ°¦ÄW/Yl¹Ž±yOÔ›ôÏø|Q4W‰¤Ý×`íâ£Ãñ4xùÇ±p8àgW‹Î×Î?4Ïxdendstream +endobj +1774 0 obj<>/XObject<<>>>>>>endobj +1775 0 obj<>stream +xWMo7½ûWÌMIáÈÚ•";rHÒ0Ð4)¬ +äBíRZÆ\rKr-ëß÷ÍpW’…Ä-;Ò~pfÞ¼÷fòÏEA3üt]Ò|IU{1›Îèõ›rZÒâæŸKüM¹1¿^N—?ºQ”Åtq~ãýêâêÓ*g´Ú Èòú†V5!ÀWªÕ%¨,§t§«>·¥;Õ®ÕËÕwy³¸Îo¾š/Ïª~G‹)Ýº|ÝWÉx—]PQ–×È®Éù¤i§"©”TÕèš’§Ôèµ•ÓTgµŠZÆ“‘L¢Ê»¤ŒÃÊ‘i;’r‰¢¤™ö´1SZ5šÃÏèU1Ïù·ñ¡UœØÉ€ªë¬Ñ‘É¸˜”µò0b:Új§ƒ²ÓU¿ªTEÆ©ñ1Ñi×ÔTù<·ŽZåög1ýfH…Ù’Æ¡©áOH¿E¶(‡|Ÿ¢©5í}€E«kƒ'Éé´óá~Jï÷Tëêm:C#×¹3Ö’ª*Ý ¬.§Š£ƒoî^J¹¤]cª†Z0j€ÙpD +½“8Á^Óƒ‘á=$ÏB˜“68ùHµ i÷Ü~$x¤Ê8½Ö¤c§+ƒ¾ìé¡·ÜµÕÒœ_.Arpë‹ÓŸa‹ ‡eØÀà…6&&^Å„Â¿èvOüä„³¿¬õ» JªÇ+µvû ùŽY3œ04¶ë)ÒÞœË—Ì¶™hcÁ“wHZŽ¸£D—¦EÛ€8I…SQPn+…HfSzçH?*®‡Z³mÀ/ýk&ãŒÞŒòZdHÚ6”Co©€î ìiAÌ£XÞ@Z³«Â¾ÎåëXÈºã)áðs5ËQOU=h:ZûhšIuRðÝç÷cE!×ÄúJY.nBß^~ÇÂl»ÿöRº rƒ@ghÉ<€Ücšƒ¬ªÇC1¥¼y,Þq:8$<ÉB²©‚Þ€õ“{ð™è™»LwMÌÁ(jW³A,&€cªîuãÉg*›‘@ŒV…{¶+´„&ð=²&&íØ+ØŒÀÜuªÕÒ!øð¬ÍÌG›1,‘ªôÿq™£¾ò3ésÙhø+D3Éše1qáx,ÓwJZ.¶ÂœK‚¢Q`†¢Û»ßþ@õ¬Ñ€¯_¿~=~í|÷ßé&°Hó¡÷q4ƒÑóeÐ´ +åt4bÇYr:;LŒñáÑ9þÆuvšªí‰W¬57l®½XûèÖÜgçØxötò50ŒÐ‘NÍ/dýÈâƒØÖ€õˆ6ÇxK{*8ö0mm'Å`3™\2[Ù¡c'‰ìLjÐ&aÖ…Äd”‹d8¡ØÃñAX|™]òßârLy^g{¡+Äzß!€c„‘ÕÐù$‹BB öìNg¯g®u'bB†Ò /wÒ#…É,¨_âØ³à4»Í-›8vÖ©o[œ!x8~ÄE™!ª–mFÒýÝ¸þñ¼õ·yžã ŸÌc bÒz°5…a?h¯è©§1qQYÈ“8rûøÇY“®ëfÎG“ÞgÃØbê)Z}x"Ñ¦‚îìž×,¼À›@^ŽT«X!s‡ðp;‹ë;ÌNéxùBòà,¼…A,¨¨SS§Ü˜çÿÑ¼ØöœJÇ¬?Þ+O·Ãq?ZŒÆ¥Ø2õéq^WŸNgÉ°!~fê´çyÇ]9¾Â™ÉHâµ%ÏQ¡_2$díÝ$‰Ê16;øC}X•pß„Ñß˜šFv²¢ë†â}fO[ï!ÌZ«K ¯é· ÝÒÎ÷@ -Û8òö€í[0ûÞ;Ùú²¤r`k%yØgäUWÏV³~Ø‘´~@Sò¶…a@[Ì=RWeª3O‘ŠÞ ·¯>Ý×îùužèÏ/õsì‹×%þ3€á_Ì—Ü›«‹?/þA›endstream +Û8òö€í[0ûÞ;Ùú²¤r`k%yØgäUWÏV³~Ø‘´~@Sò¶…a@[Ì=RWeª3O‘ŠÞ ·¯>Ý×îÅ>/XObject<<>>>>>>endobj -1788 0 obj<>stream +1776 0 obj<>/XObject<<>>>>>>endobj +1777 0 obj<>stream x…VËnÛ8Ýû+î¢@S –-ù™]¤éèb0Ô]MgAS´ÅF"5$ÁßsI¹~¤ÆˆD—÷qÎ¹‡úo”ÓŸœVÍ–$›Ñ4›Òb¹Â÷|Íß~¢]|P,ólþ³ùjöòÄûÍhòqNyN›Š,×+Ú”„Ó)mäÍ§lGÙ½ -A›=u- Úi§zQ×*ebˆQª¤`éÉØžúJÚ<<’0%}ùðHuÁócœÁsþ÷¶¶ò)£Ï¢ÙŠ7›o£)óYV üMç‚+Ld9UßrÄäã”îRŸãbŽ!Šä“|¶"üŒ ç÷@¦Ù–Ç”Ól}Š[ÿ6M#ßÝeœ™ãæóÅÏãÎK®¿Á4µð¬Q¤=é†!&ðÔs [—Ê€Ü]Ë0Ž ´U$z¦ÁîH‡[ÚëgçP!g£¹¬©ÇÙ8EY&nÒÖÙ`¥IhF*tpPÂù,!|G9ÀRÏˆ‹"[dôÅ3ù‚>=>¼"_q+¥2±Ôå¸«,åp9±µÏŠ*[ú¨#žÆw:ˆmn9&éGÚ®.!o©…ÄIj,Ë®URï´ŒÕ0]ÌzÖD„@û«‘£0!·¦¬Tj/Ñ^ÉÎép ÊÖ*£ C¥é£˜!T»Û!¥òQ¸©\ÜCßºNó”«Ò§#±Ë³ Ø Z£Â:\çCÂ*®ïCÂˆË$ê¥Ò¢wËÛ— ÁH¿Ü¢t+_ý{le=«3UöîåwE–/×Yž/²é¤Àæp|ò_Ÿežé›&SŽ¼ä<2uØGƒ‚5ÄÍNSD$¤5FÉ 9 !b>"JØ‚ +Úv¬jE‰jí¢&®Yþz5c-EPüòÚ¾¾Éèá¬&“zAblÕ^y½ØjT™Ñ}òž3A8xhØ*^´a "E/.ŠFCßèÊšCc;Ø´§Î>ëöæmGPÏªæ•æLØØmx „|RŽk‹pUòà=Šf+Ø÷œš´Â{xZÇÒq‘ý¸ÚgòL§ROi;yDC²ÖP*> ’|FÐëAÖÐ‚Våk,U‹‘@WÜ1çð{öä1~W]GÛàmƒ°% ƒˆ¼\T>Zcˆ´[g{„Äóþ6rÍÆÝÔu†Íä¬>ƒ{U;Qï”*ØékL¢€g.Ã°M£»fgj6€¸†ÂðS†M¬±FSÞ£Á jM®Ç$DšÞšÿuØ%¶Ý;Q²Ëþ¸/·lpÖÇé€W¥äzÝwµpàÖX…Ð¾Lú¾Ï<_«™uûIÔB×–"@u|ñž]=¨3RaV˜ý%¥ðXO¶©+ô~ø¥S±zÚàF”,q¤|§Uz_¡‘søÀ]ÇRƒDÅˆ“ÿ>wµQNluÍnüÂÇO–= ·^Ur~ýYÏhQ,Ò;Ãçû?ßßÓ£³ß°GôÁÊŽ§l7<Ëøx`¼šâ¢¼ùí6‡K.nBDçó5gùc3ú{ô¹!ÿendstream -endobj -1789 0 obj<>/XObject<<>>>>/Annots 1036 0 R>>endobj -1790 0 obj<>stream -xVÛnã6}÷Wöe•Â‘ï—mQÙ´Ù¦vÛ‹íƒ_h‰¶ÕH¤V¤¢èÇ÷Iù¢Í¶@$ph’sÎ™33üÜÑ?#ZŒi2§¤è ã!VŽ>¾ëçËxFÓ© ÉlÂ9=ð~œ\ÄKš.ø<Æo%iÛ{»ê îÞÐxH«-BÌKZ¥îf¬$Ñí^”VV4žÄô‡ÊÊÖ*#¹ZýåÎŽþìõdq:ÂæQLŸöÂ’@$ì'¡Rªý%?øÃSÂáñ"žóá[]”5BJtQðva%eŠT]l°Ó½"+Ÿé“É>¬S“å9m$ÙJ(“ãLJV“À-U%M©Uš©åÒâî˜V{É†t=šxÐ…ŠwX†Ý^&ŒÉvêx•¬¬8"¡T–R¥†4ðøëwó@(r¬EÂÚA«uDX_]|¼ÌPmdÓMU8F‰PLÎH©HÐ²b“ƒ,ƒ ‡™î‘|«/zÎî½FB „ #(c'#Š®mäu„ ÈâE&›Ìîé¬ -Àª‹\Ôœ_D)”Ä|ÔQçÙd}ï˜‘œï€P,¦¡ñlþéö|³ÏcNŽñlÕçÉßävp2Q¥!ùŒUÄÒJÒæ`e®Ïã);¹|Dnt¨½¾.K]Y’OPºÐÁ¾-šM { ŽJ²+š,‘ëHW§íë+ÎOQ4#»®®¦‰tJq)¹üE¼AfG#Aú†U¢ïi>›MœZƒ»¶tÎœ¹½\p„ƒŽÌÁ.Èx©ad6Ì)5ÍY¬D×9Hí3õHzë0"c,îÝ¢ÎmÆŠž4[G™ˆ`£›ø,r›6!‹!9%¸G@pI'O78„–!ª4Cm|Ýß·“>ÄÕþ$²Ü×pÓÄ¡ÛÄºÚÅô6ƒkÒ'ßíe´ÎHD_°ä8®Ðº8Ë%\¾#¥ƒ40™,mW½XcpÈ“T¸HVPûØ÷¯+Êd¨ÉTª˜&Ï¤‚y¸u°Æ¬>SÊåõE–ú¤Pß)½æö]‚¼yÂ "K*môÖÆô³n`øªž\ ¬tž …±…Û•Üi› ËòáÄ‘0 I98h“ü)6TVÚêDçl¨e÷â :‹Æ«ì5—”Nlw(±|¨öüÑ!@âiãA£“ ún+Ï:ú{¿êÓø×>ýùÊ”·ãˆ4Ø3àNà&«|ûày>ç\#ÁœÇô Šp³-´¶0ÛÅŒigÛ †Å–›-Lâa?|äæ¾Žx:òÜù4| 0˜~˜)Š›i{üQ±p±ÝWR4á¡´íP9Ï#ó-{WŒ1tG”Ìs«³ßÔÁËã8-W{xÄÕÅ))!ï-<¶’Z‘.eå½bÆÊÂ5LÏ@?Á%—P"ºy¸½¿¿u¶m†VòŽóù%À¸¢9±»>GŽfRæâðÿ(úÔ¹×\bYÌ'c¸®ø-à8›©PÈ0í][ÝIxò#%Ì\ÌŠàÁÁÝi|=#Ñ¿Õè~Ø^Šy®ÆKyô$ÁÏ¸6Å,¼Ã¸ÚÜ¬ýñÃƒs|[Xo`ßŒe'×W‡\hÇ¬O%u^¦—®¸|[µ<Ì©wàå€<•Ž’{suB~¬]Ÿ=×ÓJcKQtýDÓ®’%½JOb½ºT/4L/ÔUÃo-NÜÉ¹/ÅÜ-Ãèö¶›-ýûòö?^ÒS¼ßç³1Þàx¢Œ¦oÅO«Þï½ðOÐendstream -endobj -1791 0 obj<>/XObject<<>>>>/Annots 1084 0 R>>endobj -1792 0 obj<>stream -x}™ËnÛH†÷~ŠÚutñ"JšÍÀñLº Lº=m§3‹lh‰²9‘H5IåòöóS"ëP2Œüþyî—*Ò]ÅnÆ¿Ø-—æn½¿šE3~3þøã—«8–.OçQîö.Ï¢ävîþj¾Œf.O’(ƒ[Í¢ø7[!°wË8š»\pî]<›GCªÒù*G5‚9º=•Î— .a0Np¢§CZ»\âOõ&ó•Æ¸XD+7W jã™jš‹#HÎc1ªHYƒa9žÖà½Kf5¬dvž¥š¡LU z $ë’ ÿ p’„xÂˆ;ñ‚ˆ‚ Å°ÙŠ‚Ö'!¥ø'¾’?E>‹¨ôA`½h,ÁïÝb%)IEí*J yJî,ÕÌÇÉ\2¢Hì’úÀâÄ€aç³©¬Á°+Ma5˜Â$3i‡‘µ6Ó²Ö`ØåB²XƒaWÒS†5xïÒ$D ñZKkYY‹…]Mâµv‘HžG¯,†]Î¦š Þ»ŒÒÛ*X›¤cÖÅg‹aó©Ï¾¾«A‡GëéQ¨ïÈj= kðP_Ãj}GY§a êX_ßAÖ××°Zß‘ÏY†5ÍxfYƒÉ³.¡ k1,vfFÖbØfŽÈ•"_ß€aÙiDXƒa½æÀK-¬ÁT!^MìZ›ÉV v-– -Ê,Ö`ØU2Õl0yNeùY‹a³xb×bXâ›È«y0š †]ÎÙW†5Xê»œæY0©œ.v?ƒŠÌlºÍ5X*¨³Xƒ¥‚‰ôU` – -ÎeRk0yÆ++k±Ô(–ˆFY‹ÉF,GV`-†E3õe-†e‹X¯,–\ª(mÊÉu¥':Wâp,ûBö½'-–`ÕÁ‘õj¹j3JÛ& -$‰¼ÄPÔj–FÒbØT†:ˆZ,Fåh4¬Á°º–« •Pm·L–±GZYƒ‘ÕÓÝ°“C=0 ë5s+ÒVÅ4+RÍ£™Ö`4ónF¼£¬ÅbWnZ†5–‘ ¯AÖ`XVåYý€“p—6×ƒÉñØ@VŒtà|a‘Ö³PªH=9ó(3œá$zñ ¤ -Æ¬7) Ë*¦zT0@”ï0ô‚Â’ym,9¡ý±` ‚j ½ ‘ú1O)J¬HLÆ”aÀbS:ß°‹âTÜ ²Ãòû…e †]Éd½S¼ê0Êæ‹¨OržÄ©¿¯s"§@8õk¾;@²æpg$½AÖ–Ž„VS–šO¼'yï×®¦b™~2g®~\£E¤iõÿ>yòiŒyÚ!d#õ@¹q†µ•N§ˆÝìoC"§ È œÊNåØ?ƒPäNå§r¼ŽùóEì)r§róÓ~ºm¨½D@S8Ä7rï®Þ¾g|gîaËçÕ|±týªÊoÖ¯nÿŒÜõáPÖ›ê{Ù½~ø/OSªØ?ý5 Ï¿z(w¥k¶î¦©û²îOOÒ)Ã“:<Éø»»¦í‹ÇjWõ?D#_sß:ŽÜ¯wÿ#Ì›Ù„I"wó»ûXWß…’iäþñÛŠM þQn~-z÷¯ª>~ìÛ¢Þôono/ÕÌ‰×k9s‹ -óå_GÂ«ŠjŠ»~æ§zÊWéJî‹ýcá0ãšþ¹lÝÍíû{·ÞUCr&ÚU÷‡b]Õ}Ó=ýýÜ;v^ä~¿OÜêúL —d²×|së¢v·nÝÔÛêéØ–H½MÜ§¢=H…êrÝ»¦5¿Ì\Ñ¹âdØmáÔõ`Rq'þ¿‰Ô}~U7ý`êóëŸ½)†ïgÓÑèO¢ïgvlÕÄ½ÆsÉ^I"œYuÝ±ìÜ·ç²öZ?¿òkÙvUS~íªÎ»rc#z9CâØ4dê©ìÝ¡%ÿ”jÓVhã÷ßê]C‘¿5í—ª~Rw5§2zgÀëOUl§ÏBö©mŽˆ‹g©ÖÇ®t»¢/»Þ=ÜÜ½½½s]_¬¿¸mÛìÝ‡jÝ6]³íµÇ¦â°£åË]Ù—.:|Û¹mµ#1ÅVb8]‡ß·~.ê§ò²“X,‘èÔŸ¶Ÿ‚"›¿h”¬Ýø<<$S?XÓ Ï½d$ÆSpôÙ¦ÜÇä»é›u³S3g©ÁÊÆŸVó·?–—! xx†3{Æp¶_«uéî$}É¥ÖÜ×»o˜‹ýd¹ûëï®åÁ‰õ\†èz½.»î4Æ]slQ¼n6¥ûZîæÏû¥»û¶Ù×=Íxî²(¦fHêñ¥“E5Ïö™#<í‘þcüÓÎûÓ©/m÷£^ë¢Ùö Ú —2¿;V»Í á]Umåwùd´9IY[}ÑöÃ£Ýþ‘1b…Õüç…€3]‰ƒ„6lU—ý&’½s<AÂÙÑžuÑ3b“N÷ÖªÞë¦(÷>oo&u!;üÀ±!®½;>]NÙ¸Lþ$>î/‘û¥¬Ë–í]ÕÛæÜCÞ†e OnW~-wÝ¼Q` `çÊ¶mÚž‘¤g„Ÿ5 kµ=Öµ^šêÒ.yWôëçSU&M°ŒÜÃXxYÙUîƒ³Ç^ˆßv'5Ž±<÷éÍ/–ýkH™3Ý\&=éâsïEÍ"é‡njT÷Œ’éK’$TÉì%’L*9òí{.šz›ÐÖÐ¯GÜ'./(w°|žp™æOm"üÏ‡«_ý]Q²–endstream -endobj -1793 0 obj<>/XObject<<>>>>/Annots 1092 0 R>>endobj -1794 0 obj<>stream -xm“]OÂ0†ïû+Î¥^Pú±~ìÊ@ã…‰Jã=Ž¡#cCÆŸïi»±š,Ëš¼<çi{ÚñM80|8RCq Œ2üå:¼=Î ¦À…¤²O5¬Iš‘JNuJ£kµ£Râ4º#®ÊqÆëº!%î@£;Òèfšf£Râ4º#ew«¥Ä®ýºöš¢;f¤™ðý†Ú@£+ðG7¤Äht¯TY”4Óá¨Œ¥ªÞL".Ê¹¿P¦M2R¥þ©~+*78fÖßS ;²td¾Ò8¸¿m ¸m¸{®¸ÁÆ%Õ\yî@ßº=a0ãþTÜ6BÓC3míÌ{˜OAÎzÊÙ$ææÏð»M·•QXwU]Ã×æ§j>¡;µ—º<ßùâùÊö û/•Y œùÃÄŽÖ‹çå^Ní¾,:¸o‹Ë¡lºMWµMX†k<=f†å¾þéÂâx,›mõ[ž}I¦-ÕJàÿ 1WawŽ¼’?z/½Œendstream -endobj -1795 0 obj<>/XObject<<>>>>>>endobj -1796 0 obj<>stream -x}VaoÛ6ýž_qÀ>ÄÅVÛÙ>uI·Xq° óPÐes‘H•¤âúßï)Å©ÚµEK"ïÞ½{÷ÈÏ'cáÿ˜f)]L)«NFÉˆ¦ée2§É|†ß)þ¬¤"|¸˜]áñ;Òé$Iû~]œÿvEéˆV’LgsZå„#¼É×;Q{i)$´4Ö‹*•?¼Yý‹mã¶³tŽÐ«|p/ª ½±OŽŒ&üT¹$+ôV’)¨.…/ŒmO~'Ii„/D&I”exs\S[óÌÛ•#m<ìÅÁqê/bÂÌTµðjSÊ„V;¬ÌZÄ™Ñ^(í^rž¹ZfªPr2ìb„$…é- Sãø—ãR’Xégm¥“dÂ•‚‘qB·Ë‡ÇoÉ˜%S^r»ðbÝGK;Á¥ -OŠe¦ R‘}ƒîñŽgQÖâfˆe*ÛQ%Ø*yi$‡Ç§—óïQ’ SŸÞ¿}ü‡w²Úgž—õ`àÝ˜b–G”5ÖB…åçòvyöðØLmeV69è?Kƒü§——“!gîål\ žj³1ùá”~‡PÂ|`ÓiœŠEA`ƒ¤ÎLÃ“Í 0‚Ö`@«!ö$¡-SÂŒâÛÖ -8BxÃz.DEpÔë(³ f–EÉ,ÂzÑ¡_†j¯ü.ÀüŠNÙË<ºR¿€à!€œ›¬á©Å:Äd ·KÀ×Ì@-¶`«Ñè$9ù"ü\ó„ÕÂ¹}¾L ^GÏSÿð8ªŒê m–´Úæx‰´~Äƒ³BæÂJùò*òyB¨/ô²óHÞÝ£$(Y ¸LhöÒhx’‚_ÿÐäÒ„î¯ïèA«/øk×o®ízè&SæôŒö°½ÂîºÝ\ Ž•‹i fy%&£ªùhÂÕõò|±ƒ>Û¡>áx¢`%*ß”MgÐtB¡ÕìäÌbØ>|Iucf¬mjO¹ð‚µ:Ä#\†qåê^‡8>/XObject<<>>>>>>endobj -1798 0 obj<>stream -xÝV]oÛ6}÷¯¸Húà±"ÙŽìØC²´˜¦[?l@‚¦¨ˆ Eº$UÏÿ~‡”ä:ÎìylKÔå¹çÜ+}e”âÈh1¥YN¼¥ .¯—INóåçS| 2Þ˜Í’ùéúíztù!¥kZ—@Ê—8)(iJk>¦îS›*œÎ¿ŽÝöëÛ–½]?Ršdi²ÄŽƒ¡·lÏ¯6œ»`½0xª#qa±'FÙ›w'++|¸²1Â"0°Þ…;—æ”em¶“ibß6ž|%IK*A-ŠmÇNxÑÈ"9ÁÇpŽ -8™ÎQã£‚$ÊlÙ·á$º~y(-^|GzçóÅÅ`j=;çYš^°¡ Ò‹bˆ¾éÉ3+½°Ä`^êÇH5Û ¾‘pG{Ó„5MÌ9Qo \ÕÔ8·j¸:VNK3sôBh‰iþâÖãkÕùŠyr•iTA[kŠ†G·]H"4íz/ä11]ü›`ƒëÛ®‘kHZQ7Ä -üUÂ!«óquûpOJjÑ·ÆÝ§ÕŸH˜{i4™2Z=°zÃèž=‹Ð8 ýeK?·ö‚Ÿ%ÓÐ;©TØ¦IóLÎÔ½:”|©K7ØR-æ/±à1µCé M”~Y”˜hpˆpúG·V„Fˆ‘‡Ì½È™úýÛûÕÝxiM¡NÓÚÆ‡Ô\5…pIÕÞ¸¦lÑÍ Y70ÂàHè‹(~ƒ">JÝü‹zcÁŸ¬V¯X`È#¿Û=!RÖ(ßo>ÞFEcCu¥vž)åƒ8í ÚÛ} ûRx~Yç±ì¨4J™Ý0qÞâ'›â ƒ#Tn7Œ?ÓYÑ¬gÉYaj&u¼x|}†.gŽZ!–€EÌèN‡x©ÑÁ%ãPÙƒÚ -ÒHl£¢dRaÁ7uÝhÉ™Á?‘uäÆZhXíi'}ùÛ‹}‘XQK5ÛSk±úZ</I»Ê´®L]-‹² (ÙyªŒ*°ÄçCÛlÒöóã×6J ±ÞÄ†{GwBá9n¹kGB&$Püä¡{’ÅÖñ6¼_-Ënše9h\Î(Ïçí³üáæþö†þ°æ E¢;Ã›Þ¢tÂÎI¿a²HÃÛÂø?(wžã•äjŠ7ØgW³€ó~=ú<útïmendstream -endobj -1799 0 obj<>/XObject<<>>>>>>endobj -1800 0 obj<>stream -xm1oƒ0„w~Å)S:àÚŽ1d$J+u¨Ô6º:`RG`‘úïûM§Ê²õ$w÷îšp:¹ÄF£êÎ8´LC9Í’nth’IŸ·9LC]˜„sS¥bCùòù`Î¨0Ýp23õB†ƒ»N.ŒÞ¶øp¶FùEï¢Rä:Û§’rêõÞöØúpú_…i˜ÿV·nœ‚CÁWðÝ%ö77`°ÝÑââbÓÇÎ†Êað§à_Ù¶ýfKdñ)4µ-6(²eÛCùº+ñû³«Fìûjêhi;ú>ÌÂôÎ§9ßþµ»÷Wº`:“Ôƒ:ˆLÍŠ'“¼'?µ·cendstream -endobj -1801 0 obj<>/XObject<<>>>>/Annots 1103 0 R>>endobj -1802 0 obj<>stream +A›=u- Úi§zQ×*ebˆQª¤`éÉØžúJÚ<<’0%}ùðHuÁócœÁsþ÷¶¶ò)£Ï¢ÙŠ7›o£)óYV üMç‚+Ld9UßrÄäã”îRŸãbŽ!Šä“|¶"üŒ ç÷@¦Ù–Ç”Ól}Š[ÿ6M#ßÝeœ™ãæóÅÏãÎK®¿Á4µð¬Q¤=é†!&ðÔs [—Ê€Ü]Ë0Ž ´U$z¦ÁîH‡[ÚëgçP!g£¹¬©ÇÙ8EY&nÒÖÙ`¥IhF*tpPÂù,!|G9ÀRÏˆ‹"[dôÅ3ù‚>=>¼"_q+¥2±Ôå¸«,åp9±µÏŠ*[ú¨#žÆw:ˆmn9&éGÚ®.!o©…ÄIj,Ë®URï´ŒÕ0]ÌzÖD„@û«‘£0!·¦¬Tj/Ñ^ÉÎép ÊÖ*£ C¥é£˜!T»Û!¥òQ¸©\ÜCßºNó”«Ò§#±Ë³ Ø Z£Â:\çCÂ*®ïCÂˆË$ê¥Ò¢wËÛ— ÁH¿Ü¢t+_ý{le=«3UöîåwE–/×Yž/²é¤Àæp|ò_Ÿežé›&SŽ¼ä<2uØGƒ‚5ÄÍNSD$¤5FÉ 9 !b>"JØ‚ +Úv¬jE‰jí¢&®Yþz5c-EPüòÚ¾¾Éèá¬&“zAblÕ^y½ØjT™Ñ}òž3A8xhØ*^´a "E/.ŠFCßèÊšCc;Ø´§Î>ëöæmGPÏªæ•æLØØmx „|RŽk‹pUòà=Šf+Ø÷œš´Â{xZÇÒq‘ý¸ÚgòL§ROi;yDC²ÖP*> ’|FÐëAÖÐ‚Våk,U‹‘@WÜ1çð{öä1~W]GÛàmƒ°% ƒˆ¼\T>Zcˆ´[g{„Äóþ6rÍÆÝÔu†Íä¬>ƒ{U;Qï”*ØékL¢€g.Ã°M£»fgj6€¸†ÂðS†M¬±FSÞ£Á jM®Ç$DšÞšÿuØ%¶Ý;Q²Ëþ¸/·lpÖÇé€W¥äzÝwµpàÖX…Ð¾Lú¾Ï<_«™uûIÔB×–"@u|ñž]=¨3RaV˜ý%¥ðXO¶©+ô~ø¥S±zÚàF”,q¤|§Uz_¡‘søÀ]ÇRƒDÅˆ“ÿ>wµQNluÍnüÂÇO–= ·^Ur~ýYÏhQ,Ò;Ãçû?ßßÓ£³ß°GôÁÊŽ§l7<Ëøx`¼šâ¢¼ùí6‡K.nBDçógùc3ú{ô¹ÿendstream +endobj +1778 0 obj<>/XObject<<>>>>/Annots 1030 0 R>>endobj +1779 0 obj<>stream +xV[oÛ6~÷¯8èK•Á‘ï—n†4[ºl@»5º¿Ðmk‘HU¤¢ØßwHÊ5Ý€!HàÐ$Ïù.ç~îhˆŸ-Æ4™SRô†ñ+Ç?ßõÆóe<£é‹TÐd6ŒGá¿œx?N.â%M—|ã·’´í½]õwoh<¤Õ!æ‹%Rw3V’èv/J++ObúCe‰Nåk•‘Ö\þrgGöz2Ç8aó(¦O{aI Hö“P)Õþ’üá)FáðxÏùð.Ê! %º(x»°’2Eª.6XŽé^‘•ÏÖôIŠdÖ©Éòœ6’l%”Éq&%«Ià–ª’¦Ô*ÍÔŽriqwL«½ä†t=šø¤)ï°œv{™0&Û©ãU²²â˜ ¥²”*5¤‘¿np7€"‡Z$Ì¸ZG„õÕ%ðÈÇËÕF¦1Ýt² +Ç(ŠÁ) XVlr€ådÃa†{ß²Å‹3ˆ{¯!X±båÜÉˆ¢ËGyaT¼P²ÉìžÞÉª@Zu‘‹šÕøE”BIÜÈGt–È&ë+xÇÔˆ|`=¼„b2 gó@·ç›}YãÑ«+ÖÉßävéd¤ö=¤×%åj2•ê¦É3©`nÌ1³Ïry}¡RŸê;¥×Ü¾K€7¯QTdI¥ÞÚ˜~Ö _õ“k€•î¤gBaláv%wÚfÂ2}8qD…Ð¤\:h“ü)6TVÚêDçl¨e÷â <“Æ«ì5'J'¶» Ž˜>T{þè2€ðŠ4ˆñ„ ÑÉ}·¥g} +„½_õiükŸþü eÊÇÛqDè9áNà&«|ûày>ç\#ÁœÇô Šp³-´¶0ÛÅŒigÛ †Å–›-Lâa?|äæ¾Žx:òÜùZjøÉ`úa¦(n¦íñGÅfÀÅv_IIà„‡Ò¶åXh<Ì·üíi\qŽ¡;¢dž[žý¦^Çi¹ÚÃ#®.N¢ÝÛôØbµ"]ÊÊ{ÅŒ•…k,˜ž[~‚K.S‰èæáöþþ2ttÖÙ¶Z\È;Îç·6–|ãŠæ„îú>/XObject<<>>>>/Annots 1078 0 R>>endobj +1781 0 obj<>stream +x}™ÛrÛF†ïõs»*‚‰Aro¶de¨j½ÑFr¼¾HPÂš´ì·ß¯{LƒTm¥Šå_ÿôaú4ƒÉ_±›ñ_ì‰Ks·Þ_Ì¢þøõ"N£¥ËÓy”»½Ë³(9‚»»˜/£™Ë“$ÊàV³(>‚ÀÍVìÝ2Žæ.W œ{ÏæÑÂªt¾ÊQ`ŽnF¥óe‚KÌ„S œ(Å©ÄÃ.—øD½É|¥{\,¢•›+µñL5ÍÅ$ç±U¤¬Á°‹ÏkðÞ%³5¬Dvž¥¡L7ª@ôHÔ%@~¡p„xÂˆ;ñ‚A‹a³ ¬BJòeŸøJüù(,¢Rõ¢±l~ï+ñHH(jWQjÈcpg©F>NæEjÔ`o”Ð';ŸMe †]iƒ¬Á$&™I9Œ¬Å°™¦-°Ã.ÅÀ»’š2¬Á{—&a²_‹a)-+k±°«É~-†]$çÑ+‹a—³©fƒ÷.#õ6Ã&éuñÙbØ|ê³ÏoÆhÐæÑ|zò;²šOÃ<ä×°šßQVóiXƒ‡üÖçwõù5¬æwdçsÆa F3 žYÖ`â¬C(ÈZ‹™‘µ6Ïi1#k°d0¡Ék0,»O-k09Šc*6ÈZ,ùÍ'š-–üf“hóËÈ”)ÓGÄJ‘ÏoÀ°Ì4vXƒa½æÀK-¬Ád!^MìZ›ÉT v-–J/Ö`ØU2Õl0qNeøY‹a³xb×bXö7‘5Vã`4»œ3¯k°äw9³`’9ì¾™Øt%šk°dP{!°K©«À,œK§Ö`âŒWVÖbÉQ,;e-&±YµÍäw”µ–)b½²Xâ¼>eõ˜Ëtð°¡™¶‘" ¤Á°œ¤7°Ã.äè7¬OQ*Ç5,cƒ`(ò) +6[ŠæÀK)Ld &„ŠíŽ²Ã¦©{` –$hiŒì±õõÃ.kñJ‘úl0,C¯k0,C“ôÖ`XŽÌ‰fƒñŠC‚ôŽ²{Ÿ'š}œ€:®¸!«H}6X¼ÒÖ`4Ódx5²Ãær¡¬Uº’ë2šüùü›/É‚a †å¨æ®®šTÖ`ì&+òkXÝoºÌ¨6±+uä‘·0,Õ=·¬Á°´ >«&•5»³ŒF ¬Å°äÈ²ÚF) +´ØµmdIŸ¤Õâ1”PhfGÒbØTQµX%Ç¹a –PhƒfFî[Ú™ ‰" £ÁÈêÄ° +=ä ë5s¯÷Òš‰"Ÿ €ÑÌ#Ê„5X$ã#ÈZ,våvhXƒaicâ:Úµ–ñKÉ¬>:%üJêaêxl cSÆPà|bgÇ7@©"T2f²³¾$ „#ë$ +zY¤äü—Ô0`c½øÉ@”·#¹9˜ã*Æa‰¼–G‹ ™ô\¬;¤·È¢ÞSûœ{Ÿ ‘Œ ›RH†5–‰»AÖ`XÌ/,k0ìJî%AÖ;EÛé±#Ó:V >É(SRbË¡œáÔDö2rTî1ÈhÆ‘ôyŽÐ–ÐlÊ»”‰¾ù!HÂ2ÿ(UŽ7F ÞRJVÿíC'yœ +þ–rV+PŽÐ!´¹á´‡˜|z~éBAnàT.p*Ç‡ ?ÙÄ€‚ 7p*8ß³Ç{ŽÚK9…ƒŸ#÷þþâÝšpæî·<ìæ‹¥»ßè{.Y¿¹ù3rWÏÏe½©¾—ÝÛûÿ²š€Ç~õ%jÖ¿¹/v¥k¶îº©û²î+É÷°R;“•4µ»mÚ¾x¨vUÿC4òŽ|iè8r¿Ý~ú0—³ “Dîîúw÷©®¾;%ÓÈýò¯›ü£ÜüVôîŸU}øØ?´E½é/onÎÕÌÙ¯×râG#æË¿l¯*v¨)6îê‰_õ”÷ð° ”Üû‡ÂaÆ5ýSÙºë›wn½«†àL´«îÅºªû¦{–ýýÔ;&Wä~¿KÜµêúD ×s¢×¼¸uQ»·nêmõxhK¤Þ%îsÑ>K†êrÝ»¦5Ì\Ñ¹âhØmáÔõ`’q'þ¿‰Ô}yS7ý`êËÛŸ½)úëgSÑèO¢ï'vlÖÄ ½Âs‰^I YuÝ¡ìÜËSY{_Þùl»ª©¿¼uUç]¹±;z}†ìcÓ©Ç²wÏ-ñ'U›¶B©w I~iÚ¯Uý¨îjiôZO2€×Ÿ«ÙN×Fö±mÏÚgkÉÖ§®t»¢/»ÞÝ_ß¾»¹u]_¬¿ºmÛìÝÇjÝ6]³íµÆ¦â¨£äË]Ù—.z~Ù¹mµ#0ÅVöð\t~oÜú©¨ËóJb°D’ c}|Þ~2ˆlvìøU£DíºÀça‘tý`M7yê%Í {q„ÕÞ©?:Á¯vÞŸN}i»õZÍ¶ÖMÛä’æ÷‡j·4¼¯ê¢ü,?±ÆÁ/5!±‘Õê™{©ú'œèé ÷KÕ2:šö‡ëÏÏLqµw¢…ÔÝõEÛ»ýÍÈ ¬ùÇ+aËÄê(¡e_Õe¿‰dz‡K!AÙQäu!NýMúÅ[«zßô›¢Üûè_NÆòBNq[\{x<ïIþÏÌy +'+Uä~-ë²å¨êmsê!_óÒ–‡G·+¿•»³žXDDˆ2‘ ì\Ù¶MûÊ9‡zÁ“†±a8·‡º@ÛHižÛ¥¾o‹~ýäs{9IË2r÷cù°dýuWuš¾“e¯ìßÖç=Ž1‚÷ÏRág^,e÷÷3eNtk} éâSïEÍJjëNê´R2}M’€*™ ùî÷J½vhöõ‹‹ÇùM&ã"—Ïn=Ð\ZEø÷ÿ¾øC¤Úpendstream +endobj +1782 0 obj<>/XObject<<>>>>/Annots 1087 0 R>>endobj +1783 0 obj<>stream +xm“ËNÂ@†÷óg©†¹t.]ˆb\˜¨4î±-)¡ß3—¶cÒH¾óÍôœÌ|?Œ©¡<Fþ3ü¼=Î ¦À…¤2¦Ö$ÍH%§:¥Á5‚ÚÑõ)q{Ü‘Wå¸â°¯O‰ÛÓàŽ4¸™¦Ùèú”¸= îHƒ+%v=ìëSâö4¸#e;Õè];¤àŽWÎ„›•¯õ4¸LÇYùZŸ·§Á¨²¸¡Ê¥•±TÅàÌ$â¦œc[¡Ò/›d¤JýS]ÊJ|¡Ì|ø=W°#Ë‚ÌWWƒbçÎŽ¶Š?7ŠòFX*©¢PT—Ôm±'fÜM´Ø¨#ÔSÐDh¦ ÐNÁ<Â| +r)g“˜÷˜;<Ã‘¾sFaÝÕM_›Ÿºý„î|¼~4ÕåÎÏW6NÃ]f%¦¶»^î«²ƒûcy=Tm·éêcë·áG‹ÂÌ°ÜÕ?½SXœNU»«‹+É´¥Z ¼¨ˆyæ(È+ù}çÐendstream +endobj +1784 0 obj<>/XObject<<>>>>>>endobj +1785 0 obj<>stream +x}VïoÛ6ýž¿â€}ˆ8ŠÅv¶O]Ò.ÚÆC,è<´DÙ\$R%©¸þï÷Ž”âDíÚ"€%‘wïÞ½{ä×“! ðH³§”–'ƒd@ÓÑE2§É|†ß#üYIyø0ž]âñFÓI2ê~ø}urþþ’FZåH2Íi•ð&í]íDå¥¥Ñ$¡¥±^lT¡üáÍê_l›Ðp·æ½Êzw¢ÜÚûèÈhÂO•I²Bo%™œªBøÜØÒÑ¦öäw’”Fø\¤’DQ„7Ç5•5O¼]9ÒÆcÁ^§ÐÙp¦¦¬„W›B&´ÚaeÚ NöBi÷œóÌU2U¹J‘“1`#Ü á((LoIèŒjÇ¿—’ÄJ/i8k*O’ W +F† Ý,ï¾'c–LyÉÍòÔ‘*«B–`B>àêª}e´µ¦®°ÌõIÚ> +ÕgÎ…°{J»ƒG*š,œÑný†‹•h¹ÀŸß›)!&åªˆz.}zßpqá±0[”È™œ;NQR)€ä~qíÈÒu¹‘Ö5lp¯˜5ÆˆÞu*|,dÝ[¿a˜b`ú ì }4ÎS“Ed%÷e¿3ô¨Í>¬³¦’J4áñ%dé î¤^÷vLUØ—éô©úc´-_(Çóu¥2®lkXv†˜A¦²ƒ~¯ DVDýÊ!ä ^®'Ùp0õ)úÀ‹u-í—*<)–™v4HEö ºÇ;žDX‹ë>–©tG¥`ªä¥‘ŸNÎ¿I‚N}ùøöáÞÉbhžy^Ö½¶‚KtcŠYPZ[žË›åÙýC30••iQg ÿlä?½¸Oúœ¹“³v54xªÍÆd‡SúB óqMãT,r$ujjžl´Zö!°G ý³h™fß¶VÀÂÖs.â(‚£Ng@™1³,Jf®Ðˆý7êâÓûG‡Ó8¡ëO‹ÿ?œøc0'ÑŽg”-kù6jæçm|j„`qnx¥ÑžVæü®UXÓœhÓölZ…Ì='K…›p]ÁÏ7Vàxä¸bo¬¼;PïÃà€íx26jÙ(“¹¨´Zæ*‡.Ej }ºýònqÝNuHçš.‚ÒÑ“]cá.ÓÑ˜%ŽÙX‡]*vÜSBÑìùÀ–5CE?ÖÃî¼Å‘çù´Ù›çcËªíÎwË\èáÛ«„H\I;g¿m§ Î#K–CË _epC ¼ÖAªèZ„®Ibf`a"¥”ÇNméØpŽYì*Q0fòh/f¦ +cˆºãä{EïÀ-6Ü{ª’p;zJï×vÝe{±l®[ÔüK¶Î¢/M„ñ—a\¹Ú×!Tó¾Ý^š'ù¿LfýlÐÙüb2`Ñp0è‹Ÿ¬Š¡†ýlaÏ_\ˆ§ñø“ôd:O¦#Üº|8¹äïV'žüEåÂFendstream +endobj +1786 0 obj<>/XObject<<>>>>>>endobj +1787 0 obj<>stream +xÝV]oÛ6}÷¯¸Húà±"ÙŽìØC²´˜¦[?l@‚¦¨ˆ Eº$UÏÿ~‡”ä:Îìy6KÔå¹çÜK}e”â›ÑbJ³œx=JÜ^/“œæË®§ø³‚Êø`6Kæ§ë·ëÑå‡”®i])_â¢ ¤)ù˜ºOm~¨p9ÿ:vÛ¯o/Xövý4Ji’¥É;†Þ²m0<¿0Øpî‚AöfÀà©ŽÄ…µÆžeoÞ¬¬ðáÊÆ‹tÀÀzž\~˜S–µÙN¦yˆ}Ûxò•t$5~Q,©µ¶(f´;áE#‹äcÃ9*àd:G +’<*³Adß:„“èúå¡´PxñéÏƒ©õìœgizÁ† +p€J/Š!úz¤ÿ%Ï¬ôÂ·‚y©#ÕlƒúFÂíMÖ41çD½pWSã`ÜªáêX9-ÍÌÑi %¦ù‹G¯Usdä+æÉU¦Qm)Ýv! ˆÐ´ë½ÇÄtño‚ ®Ol_¸F®!i-DAÞ+ðS ‡L¬ÎÇÕíÃ=)©EßwŸV"aî¥ÑdÊhõÀê £{ö,Bã$ô—i,ýÜÚ~–LC_ì¤Ra›&eÌ39SôèPò9¤.Ý`Kµ˜¿Ä‚ÇÔ¥74QúeQb¢Á!ÂéÝZ!F2ôv^ dþé÷oïWwà¥5u„:-LkRsÕÂ%Uûàš²E7ƒfÝÀƒ#¡/¢ø Šø(uó7nê·~²Z½`!ün÷„HY£|¿ùx Õ•Úy¦”â@´ƒfHho÷ìKáùeeœÇ²£Ò(evÃ<Äy‹Ù'¾Y r»aü™Îˆfµ8KÎ +S3©ãÍëàcèë0t9kœpÔª±,Š`Fw:<ÀK.‡ÊÖÔV¸6@bµ%“ +†¸©ëFKÎ¼þ!ˆ¬Ó 7ÖBÃjO;é«ÈßÎXt`è#ˆÄŠÒXªÙžX‹ÕïÐâÑx LÚU¦u-`êÂhÙX”M@ÉÎSeT% ž8Úf“Î°Ÿ¿¶QJˆõ&6Ü;º +çP¸å®i™@ñ“‡î$‹âmx¾Z:–Ý4ËrÐ¸œQžÏÛ³üáæþö†þ°æ E¢;Ã›Þ¢tÂÎI¿a²HÃÛÂø?(wžã•äjŠ7ØgWñˆz¿}ýtÑmendstream +endobj +1788 0 obj<>/XObject<<>>>>>>endobj +1789 0 obj<>stream +xm?OÃ0ÄwŠS§2ÄØiâ¸cª‚Ä€Ô«ë8ÅUœ´ùS‰oÏ‹B™eëIþÝÝ»+“t$Š™àJ¦\!ÓÍ)ÝÞ£f;ÃŸ·LM¥%LÂ…€që4ã9Gùòù`Î˜-`²dfª…|;ÛàÃÛ +å½‹*ƒ$×Ù>I)§ZïÃ`MhOÿ«0 óßêÇ©õHzˆB¼ôÝÍl>/XObject<<>>>>/Annots 1098 0 R>>endobj +1791 0 obj<>stream x¥WÛn7}÷WôbVÖ]ÊKa»v+4¾4R.Ü%1æ’›%×Š^úí=C®$[ …!AË%93gÎœ=éÐ9þ:4êRoHY~ržœÓ°7Áw<ÂwŸRÒ’_`ëþëýo'I2¡Áx˜Œ)§Á$éÕšfášþpŒÃ9õFxøÕ`œŒêÇœÆ]œ>¼cëý~'âX7wê§ý•½ïíYwÐÃ^¯Ê©?ê&ƒúiwÎ}Ïåü¤}3¡î9Í—€`8Ó|ÄJvvµ…—%u ÍDž fAÖ¯±v5½™Q¦•4Þ½™Á=}êtâ=î8éâ¦³ùZ9Êê[2k¼PáTË2SK•‘2K[æÂ+k’xÕ„:£úª^?éóUð¡“ÐÈ”ñÖw¦ùÞö@àÀ_Ò%4_W¥K·dì†ÖâY’ˆŽ_¨M3Y>#šLh-ôëÅÇkj‘“’¯=§VwÏ×rK^:OÊ“Xqž>)³°G“Asÿûn0r-„E™Í„–*ü–”sûuá (’W¹$»¤M©¼2«fmµÓ‹ðw6Â‘ð/¢NrÎ@À¡ðóœ¼kTá%LxJ‹T#\<Ð²”’à©ÑV,ðdó`|‡ÍF¦GvÂ=gì!’\àâÁ2P¶PÒKG©”†V¥^oIšµ0™\4Cø8‰zø¤ÕªµTßpD™LW¹x|’üÜ ’€ôŒm->ì76:¯òBËT$qìÏE¥¹ÐOÄ(; |„¦'x^¸›~¦\dk#]ðé8Äú@na9Êe™)\`±? ë$¥]T™„Zƒ?[[1Øee°u ŽÊà2EQ‚—‡¥ pñöÈðÁ.€oå×à'‰Å$°N¸ª(lé¡9_+U2þ&dl6æ(ö @@ -4115,74 +4113,78 @@ x ·"üM‚@ð»#«™Ô(€HuèòÀº¾ A6ýÂ%S{Þ˜…bGöUÑÀf&sÌÎ(cà¦ Ðëi!]VªôOÄ"ÐôK…¤ÐGHsí‚5ÈÏq ›Uû~ƒáÇÈñíÃ|–\¾nòð‘=qrîÿxñÐ€ÔñîâaÖ÷[\,G˜Ý]Ïï?^¿ß¾>”ÖÛÌjwÊràØOnïÀÝ@'ž¹H-^Ue‰e5 ÖCÄ™˜ì†ÎóÑãéâàæ<³’dª<•etÝdA’1ï„‰¡4 âHn£"{Ç9ï˜Õ±¿p§”åãkz$`‡~Z’¶ÐÐ*É¢ø°ÜÚ"vBd m‘ Fäu§ÅB)íˆm¸ãÜEk€‰E“+=}§œo4YªãÜ‰›éÓônzv¬ù$„ÁåS& ç%îýÍFÀ2WÆj»Úæ˜\q?|ÕxbÈ¦Ï §ö0ƒ!ÄzZãáå –ìs %]1ì€ˆý‡tKÒW47–”zŸSª‘0ÊèÔÄÔE›AD -ž„ä´oÆ‡}8‰}ég&|þe8èFíîÌãëùÉŸ'ÿÍ >endstream +ž„ä´oÆ‡}8‰}ég&|þe8èFíî¯ç'žüÍ;endstream endobj -1803 0 obj<>/XObject<<>>>>/Annots 1112 0 R>>endobj -1804 0 obj<>stream +1792 0 obj<>/XObject<<>>>>/Annots 1107 0 R>>endobj +1793 0 obj<>stream xWßoÛ6~÷_qÈËRÀ¡,ùG’Á´Éš¢I³Øk0,Ã@K´V"5QŠë—ýíûŽ¤bÇEÑ=¬iU[$ï¾ûî»ãåï^LüÄtœÐpBiÙˆÞÅ@hêW³Ï½Å„4Ëñ•¦¦©,çòg^Œ®FÇÅQrÌ›~7sÚZEÍ Ñ×JÑMžÖÆšECÎoéFj¹T5øIRzSäJ7Î®Ã¶¨MÙù‚/˜\4Õë(ÂS”‘š2ºhítc#oÁF0}s~+>N“HÐ^W;˜ÊÚbk+Ú')týS(Õ®£BêRj±jÊ‚ýïy- èÊ5JÙäFþ®ÀhcðÖ6²(HêŒ|œ¹¥Ô"èZ“$Ý6v¥Š¢O*ËOD^(z|¼O—÷0á^ÖÆ4{~³¼F:L½!³p{-sl¤JÖMî°°g™en½Èµ²¯}:tÚec$X‡´÷'œYÕ´•P_Uçyàó»·“°U«fýÁ »±ÿi÷S–u{_ˆc44W TÑ*éXd•täÖô)3ú§&0Ë9H‹6SÝ^&ÔrVçOPÏ\¥’É½`Þ.—A3ÐÆöüÖqÐ¤{;Ý5ÁZ£ºÒß²ªv›D¾©¿D:Ëmä+™ Oõ¶þŽ†±çÚÞPÐ9" <¥Fù#0ÚVYZ¯”öuöxÈ‹ˆÄB\¯8„ƒ´Z’ð@šgç{÷À&™ÐÌ@y·—3út}ù€ò}fðàŠµÇš¹«s›¯ºWÖ´uªè¢6k«êƒ>iã«›ð•¡‘eÉC-¢@ålÅŠGo™£Âó¯€=ßÀy%›t…’?*>ËM$ÂYWÈ²æ¯s”ìvyßsÊ‘TÈœò¸P\OBñ5$!!‡ <¢ñµBÇŸ…ª6óB•¶O¶Rp]ÕŠcÍõ’ ƒÇTiY†Tíù6óÏ¨MFj³Z.—ÜEËš{€RªB‚Ï)—>7 -~í> ‘ïÙÈã5-ê³…8ƒâ3³Ö…‘±&07c×¼@ì÷r•×¶éSZ+ÐVìŠHÑÂ€ÿ»ûëÛÙÛûO®tÅûEv„Ý™[WDµa…o3e½ÎÝXæó{Œ1âòü/Ç«¥²µ Ù&dØ*t4@B6ŒS°K½V@òºÄÔù2×²xnÎqßé™/°”ÑAŠ¡Ÿ¨lB—U‰mŽ0´³F•ª1¸^yú:ƒ¾u´/˜=Çµã'$Å)Vwa‡¾&[ÎÑ>ôÂUB !y}B#éL•²¢3†]ÉíÅw÷\žßÐÝ¬‡«pgpød+•æ‹ÜÞKƒ‡ÏÞ³Ó'vÏ±±¾»Ûe§{DëHòÄ±H·u³0E®îñ6šŽLô™À¼;ræx8Øyu 2õ”£^xÃÁ7h•XŠ×ôîŽ>HTè{ÔÃøa‚˜^Þ¿¿œ‰—+fç½CVòIAuE“sðÞ!CYU ÎŠFÆŒ~£……S¤ÑÅ&ío–fî™Ù€úŽj/Ù@mæƒ&ŠØmwWÙÃ®dÚ´¨ÏÍËýAùóÖ;µOîTÃ}‡¯‚q¾W¸Jä“Ì_Îýìa´º_,iŸ¯Ug’{ fSÜëm^V€Æ-?Ë¸í…Þµ>¦Ë hÁml½ÊÑsw ïEŽ ‹-½àlÛ21^ò´{4“ n[Üµ¹¥¬ÇÚuàe–ïf•Ýùh8ÀÍ3,Šý†É/TöìÍ]t}‡®$Ó/¾›?«/5 ß~ÆåÃô»žçTÊ½Œ¸—í"eV=ÒßI( x‚ßN†4Áÿðôüæâ÷¶á›‡Þš´-1/»‰”Ña8÷ŽŽý\€ÿÏðñ|Üñ/GãI€£x>/XObject<<>>>>/Annots 1115 0 R>>endobj -1806 0 obj<>stream -xWÛnÛ8}ÏWòR/È÷K -ìCb;EÐÄñÆjÝ,(‰²ÙH¢+Rqü÷{†’œDÈ¢À¢¨#Šä\Ïœý:éRÿº4îQDazÒñ:4¼ãw0áßþç’b·1Œ¼ÞGýÁäÃ ÷:ÕÏÃ—“.î©7yJ©×éyÕ*¡•ÓÐõ±÷êîxâšWþIûz@Ý.ù1ÜMÆäGNe‡ü°åo%I‘'ò§ËöÍ’Œá“¡ˆ(ÑÖŽ)(6ÆûÃÿyÒ¡óÛåG;æÚèØâ¤÷‰FF$2RY˜ËTfV$Tì6¹ˆ$YMv+U^+é÷Î¯”¥ï/3Šrõ,sã[’+ÅQq¬4wû4ÇºÈ"ÒY%1¶;2ÊJ–ðì¥µa^¨Ó3øBf«¨½“¹Þ™ƒiïUé½iïŠ QaÛ†;µkïã½í÷<ù"-H¨2 Õ0§ØEçÙhS <ÛJœ´[h¤ sHÃ/i—ë ‘)/°·çS±z‘‘G¹ww ‡*)žõÍbu?ýêÍnoÏ*ýùíbî{óó3Z»CýÉèŒ¾/®|Ï=WH\ùè?\NçÕaÜZù—ÕBdQC.î×Û.µíëê"³Œ‘ó~·Lroè!èÍ^DØÛí“Êr[™ÓN³×yDáVd—¨·X;ï1ÖZëx½¡H#.é(Ì~ê€öÊnþHF^]´TŒe)“ÒÃñ']â4s„‹L½P _H—ëå´á#2"fDÙÊ6ÃH#î¡ô‰Ï¼ñ0á7@(R¹Î%<—Sì$ Y»Dà¬ta)Ó¶¡™]q -!‹abÎPD@_6nl¤% Ü“²g$’DCã†º`ÓP;•‹ R¹Y7±;éì°ÇÇXB*obé¢Ï™(3hD…©0ª“è(þŒä³Dõ–R-o¡BÁ„†s:“M[î‡Œœ*ç£Õ¨~pŠÚdÀG-ÎÀ *ž…sb‘è çñ78ì{4ÕY¬6$BÕ«L€/J?¶óüù®D˜‘kR -bA"D”¢ã —|Å' €%Ræ‰[îÏäñ¦@ÅúzM}Dê6Œ´Ð”1! þØÃ®IVóËËÅŒ.??>^ÎînÓë/¨åhŠ¨úÙýzõngÎ4ˆ°D%•†€JxCø³ÎŠÓ%|i#'w"™ŸÒ)Øå”îdV0dátí²Y @‚m®Úê½óË…¨¨Á†‚T’ ±†®e]õSº²’6tVW®¬Ë<«žÓ"#Ã"Wö@2ôòrû¿èf€4£• ”Iåè*¯¾v³šaJ>wF¬uþ´Éu±3àj0~a#×v15È²H9s®?áMŽšôè3ËQéÇmˆåžCzÃÙnu±ÙÂöŸ\¢L eñck©:Sa2ª³f„j]” “÷^¶Ø:³“¡Š´çffÌEŽhö'#Ò@)¨^›øæ1¸d…ljå7Å6D„j&@‡d,ŠÄ2œ¬uÃF×û0uÎ'UféW!‰†Î¯jŠ{OPLY[Á!„±ïtrÑ5õ‚õ£BÐYL<]£PŒNY›0sEe˜L |!m EpåXäž p¥ÌÚÇVCKæÄ¼Q‹QÂ¢Ã£wË¸Ò¤)RÌLã¸ƒÓkœŸ²¹ŽÍX_WÐýt1lº˜¼O½+F:n¢œ¼Âpë+CºŸßÑê¡ç\ŠuÝFÊ|£éÓX„À›• ì $KCÈ#gäÇ–nš£Å½?‡h ŽC†^‡8V]Ù±¼ˆctGGé:¹$òWkw9 $Ì®(òUO=DúÎ 63å‚¬oBeÙ†Ñiñ(‰ªý|Ú£¿—Ò³Xæ9^7lßëDº–A92u‚÷iåÉiz*a†{UÙàÈÕ› -‰gSW³ñ›¸»xá[à8 •y&úæ†ÃÏôõaqûm9ã©uŸ£g`ØŽZ]xåºKÎÁµzùLË›Å—.aþ*Q1©µ;ÀÇ¤O£±›ÄW—wW—„®ð““1Óaá†oŽY©|„o?w.Øˆÿ1Ô Fø°ö*'†c–;÷Oþ:ùö+$endstream -endobj -1807 0 obj<>/XObject<<>>>>/Annots 1118 0 R>>endobj -1808 0 obj<>stream -xVÛrÛ6}×Wìä¥òŒEI´nÉLËn=“ÄŠ¥´©ú‘ ‰šX‚Œ£~}Ï l+qSËºÄîb÷œ=‹¿{cá5¦yLg3JÊÞ(ÑôõŸ“Æx×’2~€¥‡ÛŸ{“xÍh2£ •4™Ï£E¸*hí'£(>vônÓ^Mh<¦MÆAg‹9mRçzD›¤»º ÏU*ù†ðûvóyµŒ.¿<ÙüÕÀ -‹ÒþYD|ËÁø1pks±^¯¦¿^¯¾g8ùÖðV¦ª–IcêGãÛåí÷¬§ÞzOiÏ7âžÖœ’Ê¨µJßÑ‡5Ý´Í{cîI5¤,¥ÒªZì -I!¥m#Š‚š\ÒÍûËƒ2õ5¢MŽÕøE¥Ø“mLE{ÓÖ¸Jr¥%§;zÌ6«MI¹Ðw3ÃÖ…&ùµ‘:•)U²V&¥‡\òMÕðšnSB§ì×Ø:iÓ¨D’ «î´ÊT"tC¶’2m«£ Î¡Hi]ªZ6¦¾'-Õ]¾3unÔÊúüÙˆm‡W¯ix3 68›ø‚ÅÓuüMéÔ¥ç7âS’MEÑö$BAeP [î¢ÄèlÛŸ~º„RTâå„j”ÅLe#TÈ\”ËT2`,+§Ë>AW8öð¼„à1x•¨E)pîA¸Ò‡þ£»ÂìDqT’ÇÕ(u-)Û -JæZÐ5(Æ¿‚eGí sÃ…y`T¸Ÿ\PˆÖÑÁ³æßàˆ^EŠƒ"Qøû#À÷g·µFt§{Þ}WRó–†ò+w¬~`ÔÁ-€ê[ÍF£tSiö6óÚ¼ÐR<8^È$L½.~ÛN>‚ðaÁfcÉ®uµî¨ÁzßÓú±yŸ%äI5{†I*žµÞ‘<@äZº+I˜éà0¨©}‹{xíúÉÒúzy -ýO]Cr¯“|ŸÅýäÔmU‚ZA&ðÐ^Ÿxw¾Ý:I‡£°HµPÿÀ$Lp•e<¨í!Yˆ AË11½<ùžô#úEb"q¿Z=4ag¯i·AZ(•À~me´ug•Š¹àøÔÊz¿X.¡lj¡-ÆŸl¼2'â ÌÁ74ÜJ>( H_¼?æ@’aÅQux½ÒIÑ‚CÏKðdÊ=Å^]a Ñ8T›Â{x5Óç‰ÍÇ›Í%½ñÇ/&uj€¼qn¨>9&@_v8¶ð< -Ý1';è–æ#¨WÚÿ_‡¨ÉlÍ¦±?2§öt¹é}êýRÓ¢ôendstream -endobj -1809 0 obj<>/XObject<<>>>>/Annots 1127 0 R>>endobj -1810 0 obj<>stream -xW]oÛ6}÷¯¸èKS V,Ûqì<-íÖn@WlÛb@_h‰²XK¢FRÖüïw.)ÙŠÒbCá$2u¿Î9÷^öïIL3ü‹énN‹%ådÍðÍùÇÇw“x½Šf´Z®£5•4WÑ¦{*èq2|Æéí"ZNáˆVó[X.×wø{Ž‘”Mæw1^\nfÞé2¾‹îº'vÊfËuì>1ãƒÅfÍÇþVd5ß¬£¥Ï1Æá©w7_¯£ÕØjoðeÜg1gÇá‰Í^o'7oáuFÛ îÖ´M=6ø&¹z“‹ÚIC°¢_uKNS¢ËZ’~ýðjû öKŠã`?¯á~›^ý¥JDEzç„ªÈå’¬(w‚¬nLtŒ.ß¶rg•“muo"(•GYèº”•££4VéêšNÁ1žÑ4^„p©n«B‹´â½¿ùüHÚPcUµ'cOU…t7ßué.–é¢¾8¢‡$‘ÖÒã0ÑD§’ŽJÜÍaÃhM3@Û›ÃÁo•3:m‡TŸCƒ éUp®l_L ø0Rµ¬HVGetÅ%Gôs¨•£É Ð×«7ºJc“Ï.ïñd,¿¾A#d^$¹Lªz[QXM‡ -X‘°ôL–Ê½€U%Ûž®7 -¼´tFéÆúØ;#*8³ž×$áÑBþ@gTTº:•½a`€% *ëL€‡€4ŠP¿ËHÄæY¸àÄs³œ^TêTeŠ#Hg^KOÜgº©RŽrçêû›/¿H›}øë&9Ú(weñœÔx ‰yäkï”ùŸÝü€ß-Ê,E’«ªS<‡$ÓTœxÝì -•§;µC1FÖú×æD$åfó}:Æ…Z¨ÂŸö j‘Ä^Úk`œMÊ¢ð©^éCa)}SÍ¼köè³\bF |\«‘04ØŠ“e$CtvÀÑ9=+ b’æ>VvÄu®»4Ö`\k>h®®•ÐðÏìïgGÏŽìSÀP&Žø…±A_¾|¡Ñ-åÒX$EG?-ãÀS¢+‡æáJG…¨*UG•6¢ º´Ü—ŒÀ€Ñ7|ZX^á•£âñDíYäC{á½½‡uì¾—y?ÂÎUs“ -{J (=£n™tÄ˜ÕÉóÖéþÇ©öÞû&ú„Â™~úøžîŸ·D²WÓª¸)ÎÌ`Lþ€M4ÅC•Ìlþ›J_T°á4Æ| -ª´)<œQR(?ÿ<‘{u<õË&ÉÑú,shtAšUÉGØ4#2SMrù÷ JÃGÝ8jsnìsF"*³x²f/%5ø)Ð—}Ixšy‡¥í”1rÅµ‘™ÄÜN©”.×é¥ÓHe¾nÆóÒCa½ÒŽ¾5Öá –¥ÙË¼Úó»EfýäpÒ„Ã9Àúšj°9|ûtžz ?QFÛ¶QrI„rn"Ÿ? µQ½îew9ØKó%[ÂèDýÐD™k¹FŒeTÇVï>|¢w¼çÍ„nëï×W}ÐÙå¡»|¾?÷öFÔ¹Jª .´R~fP/o¡zi2¸ä¬ªÛ%˜ÚÞÑ™Ã÷(d<ò‚©…MÐsç5~ÄN<×ý¤Û=Oá÷&¸Ûóî¦‹ë²@™AÞþœk¦yªùÑîd ½Å²à‘LòQÖªœßÖ6%”æäþhH/éD×§~súU1TJï[’Fd3<ºDº¥@Öß@‚Xm³Ã¼r'‘ÛºOÜH6ÝÆ¢J”’p5?¯üßpOÀs0ä«NŸ+ÐÀìÁ We$Þ9áòÂw^¯ý[ŒÕe›0'ú# Ûô -—5ŠÇóòc†h×¿||óöv0»õÄž§)Ý×a-Þãù§óàžG¨Ñh[Ì}å[år?æè}Ãb††ë.Ât~KÓÛ þ¯€ôþÏ½{¹ÂmÿvÞÕs»aw¿l'NþH3ãendstream -endobj -1811 0 obj<>/XObject<<>>>>/Annots 1132 0 R>>endobj -1812 0 obj<>stream -xVMÛ6½ï¯¤‡:@%[–-{÷ÔÝ&is(šf´DÙL$R!)oüïû†”¯“ôAŒ¥HÎÇ›÷føá*£þe´šS^PÙ^ÍÒ-Š%ÿ®Wøã¿•TóŽž~^ÿŽæ××iA-eE‘®)®º¿Ê×3|Ï×EºÀn~vÃ*ìž[ZÌsœŠgy÷|ÝUöh—Ìqc}àÝæjúbAYF›š“)Ö+ÚT!ämÊÉß{©Iyî½££é©6–uÂ¹c+òÇNÒÓÍ;XÉ+“òàâ—Ñî$åõŒ’,Oç0?yÝkò{I¥i[¡«xz9ÜÇ¹9#€s°DIE7“ö í Ö?;ÑnEjìîfŠ¥5ÆÃ…¯½&g†6{åèA5 •V -/‘B¥¬,½±G*EÓÈ*š€-í…ÒJïB„ ;?ì9ÓÛ’£®$½™¨T¦áÌoÏoŸ]$èÅn“ÿÖ -]îßjj ØÔ Þ¸Ç -bi‘ðÀÀóÍtú™i×o§'Ó,•à”£Úèckz7Æi2¤õE£pv2:Mé%ˆÌ””0…±"hÜ£æ„+)Ý#r®zÜÞ›Va¡3_dÓ!¥kÃr§ÇF<6Ø ÌTÊ‰êÊ©ó”+Ãä‚÷œÜË#$EM×õCN¢÷¦^•®¬+ Ü4UiÚ¨÷ò"4.Ae¤KGØ9ØQ(ºðAjÅ=0Ì ¼‚M¥G¿D;’ ÉQIH »ëUSMüNiaÁ†¯’jc8+ˆÅýDµ²à‹&TgÍÎŠ6Þ2¡tŠkµëmHìÓŒrfÅIcCcrûÐ™N !žg¶Ê8&ïyÔ0y-™N‚œ”;:/[P¦ýb/Ìï]€´”Ë—’d/›&ñìipGáÒ«L×É’ëg:¯ŒŽo žXR‹mƒþ&bñQ–=gøa¶"íS=.;#ÚÔHéÑ®üÌd¬ûX›¶Sü<`09`ôÜïˆnäo4qj¤ð¸çAèc¡9âÁÄefÉC=ÿQ9ôC‚M_»9ÅË —ãÍØaþ‡DÛçrzßÒežÈëœŠb†÷(È&'½²ædôÌ”=?~ÀtL'ã…d5»æóß8NÅ:-–óHè¬˜qØÏ7W^ýP ”endstream -endobj -1813 0 obj<>/XObject<<>>>>>>endobj -1814 0 obj<>stream -x•WïOÛHýÎ_1å>\ª#vœ@zŸ¨Z¤J=Ê‘N•*6öšl±wÝÝ5!ÿý½Ùµ ¸r ¢ïÎ7oÞL~d4ÁoF‹)Íæ”×“dB'ËY²¤ãåï§ø³’Êðàxzš¼_¤ç°‘Ñª„ùrA«‚`g2¡U>²Æø_Þ®¾ãPÖš$‹]£ZÜHRÚyQUµÐñÜqwnŽ§sxÅáã%ùð¤JÚ™–"k›k+ -¥¯©4–5VÞ*Ó:º•Ö)£É”t%êµ7ju½ñT)xõ†n´ÙFƒ~#ÉTEÉáÇ2¡q6K¦ìœO¬•VIG[UU´–@F‹Zøì7ð}˜ÀÆ!É;/5ûNè+¢Ì…¦kCk‘ß°S6ô$H6“ß#yŸ÷+ DÒÒúÿ†¯Tº@j B9á¼´o¢…SÊPD®æxv±ç$tå…õŒ5'áêuAÆ4Þé(1Y¤x%ôÁè_=y»c„€müæ }ŒFA¶ò ˜\’¦Å…¬a‘¢“úQð‘äF¤ç=!G!Ý¸eâfHåË - ú´Þ½&Þ#NŽ ÌqD4‚½}öƒx;t}nêà®B¤lëi -©ôyjó¤2¹¨bL÷Y Ž2d@0B¸£¹y -é…ª€¼~âdi<èíZqÿ6LŠ¼„EBhI”ÀJÁ$ã–ñ$ÖXo¹q[‡"sæZ7D!xcü#¡_ú¤9À€è£Ú9ÄË6¸!1Ia¯+ø®L‹âVhY‚yð7²'Sy—zxì)ÑGÈ¨ï+¹,RÈ,’˜jé7¦ ôZ-²ÚÑÛk‹•®1`«XžªÕ0þhU~ƒ€eRZy%*+µÌ~€ü£•.¦žž£i¡’±i³M›=hÛ@ —Øš6èì—ÕÇß‰,MU™-'Ø+^¡ÊRBöî5¥‹OWGüòsñó‡³KŽšâZ·ÐlýVå¨Z-7¬ÔgcnÔ@Eí°‹ûÛƒ%ôwP Mè0Ò(K6;M}Þ€@%iÇôÇP¦Îc x -Âòø.úë‡£ÓÍ!(ÐZ7vN÷¾Çöà¬SµBc ŒÜaÙl‘¶EØë6¦ÅÄ j‚úR¨ÇòsÇPÇÎÒ‹~/0„Hè¾q}‰Qå ¿5"GÎ0•È8;÷øLè´cÝ´4øy(!4,oP™@xÜ¼”¶Î¦AªRÇ³:Å¤MÃ| /}u&XK0Rö¡%±€¥À2PCüãÜÊapu”ëÅ¥›Í£ny'rŒªäŽ$â}?(?_Æñ6nké·œkµº“Ížñ "žP>.>ïÐ«½µ¸Ðô¹wkÈu« -9l¡4ì;ºB:$*Và]dWo=”®ë€õm„îˆƒ …jY—Cv¾½å(žËóÅ>üúd¾eî†V áÿ°ÇòÜñ=0ñi_±‹MØ#eÍúè <Èùy”¾Ä¡‚šâPÝ ±»H¬g\˜C¥±•²uHqÞ10àcXÂ°jd®J4ŽºdI;Ž,êµ=,HÒ×ÂÝ0B7îM'ôW«c>ûi¤J^=T7¥öyb=ÝÒ-rEØyÂf+‡±¶F9v97Ô"YÄ%@¨=ñG·¶Ø T-ÂNe¿.°<ÜÓ»_.\7¦0©=æ«;;|–ØÝ¨D¼ ÉŽK~¿)`«cYîYva6Ç·”åŒæó®A®ÎþxF—Ö|‡{ì…y‹‘ìLÆyÜ_/&®bôšÅöx¾Læ'Óø•%›glèãêàÏƒ–ü.endstream -endobj -1815 0 obj<>/XObject<<>>>>>>endobj -1816 0 obj<>stream -x•UMO1½çWê¡©Jö3,ˆ~ ¶ztœ kðÚ[ÛäßwloÄZ©$Š´‰=3ï½y3ù=É!£w‡”ðv’%Ty–0_ÒsAƒ°eU&óÝƒÓz’~œCžC½¦\ÕâêPž,ƒšO÷öö~ž\]|¹øDOpÎÔz%Ñ‚VrŒsì0£{µ‚è˜a-:4þ\ƒÀuÛ2:“B!ïê[*H CÁ)ýêV ×j¶H¦ Ô°þÇfyIŒêÕ´E¦,lt¶Ñ½\©·z‹`;Æ ÒÝb¬«;'4]öµ™¹é[TÎîƒ6£ðËÀr#:·®ZÇŒóÀw*Ç;°6º@¶ˆQØE?„)NÀ¯0$þŸÐ}èÐ4¬³pÛ[‰€ ‰áó÷Ë¾¬þ†Ý{5)©”H 3R {Òžˆƒ}Â©Úå.LOT…„-Û€BF‚; wBJð±À,< ”Idq9Qóž™•ydéÙ&E'’ ˜÷x¸P7õV[žFI -o¼ic@ðŽECt|ÝmÔ¸yÜ sHGCo¬&ç5¾’wH „7!>éÉI¬$ßšpÄ7€µíò9ºé@9ƒ£q1Œaçõf/] -•ÚÆ'ðy³dáií\ƒ´·&•š¥–µK£¼È³³0"¯ bÇó<+«ˆ tºe$™ ‘÷Ž-%ÂƒplúñÉ)¼iõ -Þ?ÆV¼Ã7kðõ/ENîÙM?tõ)Ó?ô„å?™4ŽK€å§kwA¤èxjxÄzÞ–²Mð)qÃâW+n“@.&€ÐM[ÂbØ*c¾›B«È¼ `ŒŽ‹¯õ‡ãíúÍäë^ÿ¸š“”R[(pc¶Q3¿ËüìEËjZßhW |dm'Ñ¦öÞÌgAÙ¾{¡ÈvUCAÔCÓ¯½Ë`MÕ… -rPˆcðöbØgyEÿ‹Êrs}r~z—Fß"wp¦yX¥4Üq†gÛ€ÙaFÓ±š¾v Ì«ER´G(8¯ -ÏèC=ù6ùü;ûÂendstream -endobj -1817 0 obj<>/XObject<<>>>>/Annots 1141 0 R>>endobj -1818 0 obj<>stream +~í> ‘ïÙÈã5-ê³…8ƒâ3³Ö…‘±&07c×¼@ì÷r•×¶éSZ+ÐVìŠHÑÂ€ÿ»ûëÛÙÛûO®tÅûEv„Ý™[WDµa…o3e½ÎÝXæó{Œ1âòü/Ç«¥²µ Ù&dØ*t4@B6ŒS°K½V@òºÄÔù2×²xnÎqßé™/°”ÑAŠ¡Ÿ¨lB—U‰mŽ0´³F•ª1¸^yú:ƒ¾u´/˜=Çµã'$Å)Vwa‡¾&[ÎÑ>ôÂUB !y}B#éL•²¢3†]ÉíÅw÷\žßÐÝ¬‡«pgpød+•æ‹ÜÞKƒ‡ÏÞ³Ó'vÏ±±¾»Ûe§{DëHòÄ±H·u³0E®îñ6šŽLô™À¼;ræx8Øyu 2õ”£^xÃÁ7h•XŠ×ôîŽ>HTè{ÔÃøa‚˜^Þ¿¿œ‰—+fç½CVòIAuE“sðÞ!CYU ÎŠFÆŒ~£……S¤ÑÅ&ío–fî™Ù€úŽj/Ù@mæƒ&ŠØmwWÙÃ®dÚ´¨ÏÍËýAùóÖ;µOîTÃ}‡¯‚q¾W¸Jä“Ì_Îýìa´º_,iŸ¯Ug’{ fSÜëm^V€Æ-?Ë¸í…Þµ>¦Ë hÁml½ÊÑsw ïEŽ ‹-½àlÛ21^ò´{4“ n[Üµ¹¥¬ÇÚuàe–ïf•Ýùh8ÀÍ3,Šý†É/TöìÍ]t}‡®$Ó/¾›?«/5 ß~ÆåÃô»žçTÊ½Œ¸—í"eV=ÒßI( x‚ßN†4Áÿðôüæâ÷¶á›‡Þš´-1/»‰”Ña8÷ŽŽý\€ÿÏðñ|Üñ/GãI€£x>/XObject<<>>>>/Annots 1110 0 R>>endobj +1795 0 obj<>stream +xW]OÛH}çW\ñÒ¬Dœï*í$¡B…%nÓ•Vc{œL±=©gLÈ¿ßsÇv‹U¥UÕàñÌÜÏsÏ½þuÒ£.þõè¼Oƒ1…éI×ëÒèâ¿Ã ÿöñ?—»ápìõ?Ú'n@¸×~¾œôpÿœú“±7¤”úÝ¾wQZ9 ýñ{¨îO¼qsãÊ?é\©×#?†ãÉ9ù‘SÙ%?lù[IRäÉüé²s³$cEødh+"J´5¤c +Šñþðžt©Ýg»ü¨u§Â\[œ4ð>‘ÂÈˆDF*s™ÊÌŠ„ŠÝ&‘$«Én¥Êk%ƒ~ûJYúþ2£(WÏ27±%‰°ÒØZ…ÈJso€ðAs¬‹,"Uc»#£¬$a Ï^Zæ…:=ƒ!dF°Š:;™ë9˜Î^e‘Þ›Î®vl¸S»Î>ÞÛAß“/ÒÙ‚„*ÓP sŠ]yž}6•À³ÄI»…öHš0W4ü’v¹™ò{{>«y´{w×p¨’áYß,V÷Ó¯Þìöö¬¡ÒŸß.æ¾7ÿ1?£µ;4˜ŒÏèûâÊ÷ÜÓz…Ä•þÃåtþPÆ•Y-D5äâ~½íRÛ¹¾ 2Ëize’û#A÷h†ô"ÂÞnŸT–‹ØÊœvÂ˜½Î# +·"Û¸D½ÅZ»ÏXkãõ†"¸¤£0ú©Ú+»= +@úo yuÑR1–¥LJÇSœt‰kÐÌ.2õB~!]®—Ó†|Èˆ˜e·*Û0#´º‡Ò'>óÆ/À„ßT¡Hå2´:?”ð\N±“$dí³"Ð…¥LÛ†fvÅ)„,†‰9C|Ùh¸±‘–4pOÊž‘H :è‚MCíT.f€JäfÞÄî|¤³OÀc ©8¼‰¥‹>d ÌP ¦Â¨N¢£ø3’ÏÕ[Jµ¼… +ÎéL6m¹2rªœV£úÁ)j“i_µ87¨xÎDˆE¢7œÇßàpàÑTg±ÚU¯2¾(AüØÎðç»Ep`F®AH)ˆ‰QŠŒ7\òŸ€€–H™'zl¹?“Ç?˜ëë5 <©Û0Ò@SÆ„4øc»&YÍ,/3ºüüøx9»»YL¯¿ –ÿ¡)^ êg÷ëÕ»9Ó Â•T*1à áÏJ8+N—ðA¤œÜ‰Lld~J§`—Sº“YÁ…ÓµËd%@1¶¹Nh«÷Î/B ¢ +RIvT€Äº–uÕOEèÊJÚÐY \¹².ó0ªzN‹Œ‹\ÙýÉÐËËíÿ¢›!ÒŒV‚¶R&•£´ª¼úÚÍj†)ùÜ±ÖùÓ&×ÅÎ€«Áø!„UŒ\ÛHÄÔ Ë"åÌ¹þ„79jÒ£oÌ,G¥·!–Û†ô†³Ýêb³…í[>¹D™4@ÊâÇÖRt¦Â*dTgÍÕº(A&ï½l±uf'ChÏÍÌ˜‹ÑìOF¤ SP½6?ðÍcpÈ +Ù>ÔÊoŠm„ ÕL€ÉX‰e8Yê†<8®÷a*4êœOªÌÒ¯B _Õ÷ž ˜²¶‚Ccßéä¢kêëG%„ ³ ˜x<ºF¡²6aæŠÊ0™@øBÚ@ŠàÊ[±È=[àJ™µ†4–Ì‰y££„E‡Gï—q¥IS¤(˜˜Æq!§×8#>es›+°¾® ûébÔùt1yŸzVŒtÜD9y…áÖW.Ft?¿£ÕCß¹ëº”3 +ø GÿÒ)¦±3€7+ØH–†GÎÈ7Ž-Ý4G‹{Ñ@‡½q¬º²cyÇèŽŽÒur Hä¯ÖîrH˜]Qä«žzˆôAlfÊYß„Ê² £ÓâQUûù´G/¥g±Ìs¼nØ¾×‰t-ƒr$dêï5Ò2Ê!“Óô,TÂ÷ªZ³;À‘«7Ï¦®fã7qwñÂ·Àqþ*óL&ôÍ ‡ŸéëÃâöÛrÆSën£g`ØŽZ=xåºKÎÁµzùLË›Å—.aþ*Q1©µ7ÄÇd@ãs7‰¯.ï®. ]á''c¦ÃÂ ß³Rùß(8Þ>ï^°ÿc¨Žña1êWNŒ†,wîŸüuò/ö !endstream +endobj +1796 0 obj<>/XObject<<>>>>/Annots 1113 0 R>>endobj +1797 0 obj<>stream +xVÛrÛ6}×Wìä¥òŒDI´.NfòàXvë™$V,¥íLÕˆMÔ$Àdõë{e[‰›ZÖ…$v»çìYüÝ›Ð¯ -b:SRöÆÑ˜f¯øœžñgŒw-)ãXzø¸ý¹7'Ñœ¦³8šRIÓÅ":W£ÉtÅÇŽÞmz£«)M&´É8èülA›Ô¹Ó&éß®.ès•ŠF¾!ü¾Ý|^-£Ëß/O6õ†°Â¢´_ãr89EÜÚ\¬F×«ƒé¯×«ïN¿5¼•©ªeÒ˜úÑøvyû=ë™·Æ3Æsä¸ç…5RµVé;ú°¦›¶yoÌ=©†”¥TZU‹]!©1¤´mDQP“KºybP¦¾F´É±¿¨{²©hoÚWI®´ätÇÙfµ))úŽcfØºÐ$¿6R§2¥JÖÊ¤ôK¾©^ÓmJè”ýº ['m•HdÕV™J„nÈVR¦muÔ9I"KUËæÁÔ÷¤¥ºËw¦Î ‚ZY?±íèê5MoÔ†§S_°x¡Ž¿)šKñ¼Z{#Z‰äžboÙQ–ñDcˆs . +¼ü"kQ kmöB#=¨&?òºŠ#ºÑ’L†Z¨$'£‹=‰ª’¢†—Çƒ&h-Ê8J—S‘5Ã–Û`).ªÚdª@8Ü}žÂ*¦¤PR7(£œÝÓÔ”Bé¯°¶-Ù:É9\Êr‡XØ6óÄ;Ð®mÜ5¶6•HD*Ô½DN&I@Ðs˜ºúsíM¯5™:õé„Ä¹ØÖašµ\ýWbÛ¾+Ü“É„c–@´Z^lOß-cÙ¢x¹øâ(<ºš…Öïx&’‚l[U¦nè-¨øú>‰”ùŒ-q!¸ðdsÆßÃ™`ÂÅ”TQ2Í»œ"ºæê¡¸øçý¦FËÁÀ0ÔÎºÃÊ“ñ€¤/qbÊª„$v°³äX]SûŽpŽBxÚöÏ]Ii)µ’éöä(2waRKˆ•mÑ¨ +™%¦RÈ¨D£)UöŽ–7Î¯?FÌ>¨ïd@ÏoÄ’MEÑö$BAeP [î¢ÄèlÛŸ}º„RTâå„j”ÅLe#TÈ\”ËT2`,+§Ë>AW8öð¼„à1x•¨E)pîA¸Ò‡þ£»ÂìDqT’ÇÕ(u-)Û +JæZÐ5(Æ¿‚eGí sÃ…y`T¸Ÿ\PˆÖÑÁ³æßà˜^EŠƒ"Qøû#À÷g·µ1Ft§{Þ}WRó–Fò+w¬~`ÔÁ-€ê[ÏÇãtSiö6‹Ú¼ÐR<8^È$L½.~ÛN>‚ðaÁfcÉ®uµî¨ÁzßÓú±yŸ%äI5{†I*žµÞ‘<@äZº+I˜éà0¨©}‹{xíúÉÒúz9€þ§®!9ˆ×I¾Ïb‹~rjŒ¶*A xè¯Ï?¼;ßn¤ÃÇQX¤Z¨`&¸Ê2Ôö,Ä„ å˜˜^ž|Oz‡ý"1‘¸_žMÒ« ©S…WGa1,ó˜ÞïP6e!6Ìn8e«—eÔ?í†gš0ˆ³×4‹ƒ‚Û G-”J`¿¶2Úº³JÅÜ p|je½_,—P6µÐãO6^™qPæàn%È$Î/Þs É°â¨:¼^é¤hÁ¡ç%x2åžâ@¯®0ÐèªMáŠ=ºš‡éóÄæãÍæ’Þøã“:5@Þ87TŸ /;[x…nž¦å‘ï´S†‘îŽÌï¥›ýîäÐˆÎÂ&s¯ÏNi6sãI«Úü…“(ìÀ}bNvØ-.ÆP¯´ÿ¿QÓùY4ŸÅþÈ<™ÍØÓå¦÷©÷/Rµ¢ñendstream +endobj +1798 0 obj<>/XObject<<>>>>/Annots 1122 0 R>>endobj +1799 0 obj<>stream +xW]oÛ6}÷¯¸ÈKS V,Ûqœ<-íÖ®@[lÛb@_h‰²XK¢FRÖüïw.)ÙŠÒbCá$2u¿Î9÷^öïIL3ü‹évN‹%ådÍðÍéÇ§·“x½Šf´Z®£5•4WÑ]÷TÐãdøŒÓ›E´œÂæ7°\®oñ÷#)›Ìoc¼¸¼›y§Ëø6ºížØ)›-×±ÿùÄŒw«h>ö·Z «ùÝ:Zúc¼žzwóõ:Zñ¾Œû,æì8<±Ù«Íäú ¼Îh“¤Õíš6©Çß$—¯sQ;iVô»nÉiJtY«BÒãÃ‡W/7ßa¿¤8öÓùî7éå_º¡DT¤·N¨Š\.ÉŠr+ÈêÆ$@Çèrðm+·V9ÑF÷&‚Ry…®KY9:Hc•®®èsàMãE—ê¶*´H» Þûë/¤ 5VU;2öX%QH÷ŽâÛ.ÝÅ`"]ÔGô$ÒZz&šèTÒA ‚»“9lébh{s8xW9£Ó&qHõ94š^çÊöÕÉ”€#UËŠduPFW\rD¿†úQ9Šœ}»|«¤1†1ù0áòÖÉòÛK4Bæ"Ée²WÕlEa5í+`EÂÒ˜,•»€U%Ûž®7 +¼°tFéÆúØ[#*8³ž×$áÑBþ@gTTº:–½a`€% *ëL€‡€4ŠP¿ËHÄæY¸àÄs³œ^TêTeŠ#Hg^KOÜgº©RŽrçêûëk/¿H›]øë:9Ø(weñœÔx ‰yäkï”ùŸÜü„ß Ê,E’«ªS<‡$ÓTœxÝl•Ç;µE1FÖú×æH$åfó}:Æ…Z¨ÂŸö j‘ìÅNÚ+`œMÊ¢ð©^éCa)}WÍ¼mvè³\bF |\«‘04ØŠ£e$CtvÀÑ9=+ b’æ>VvÄu®;7Ö`œk>h®®•ÐðÏìïgGÏŽìSÀP&ø…±A_¿~¥Ñ-åÒX$EG?-ãÀS¢+‡æáJG…¨*U•6¢ º´Ü—ŒÀ€Ñ7|ZïY^á•ƒâñDíYäC{á½‡uì¾—y?ÂNUs“ +»J (=£n™tÄ˜ÕÑóÖéþÇ©öÞû&úŒÂ™~þôžîŸ·D²SÓª¸)NÌ`Lþ„M4ÅC•Ìlþ›J_T°á4Æ| +ª´)<œQR(?ÿ<‘;u<õË&ÉÑú,shtAšUÉGØ4#2SMrù JÃGÝ8jsnìsF"*³¸—²f/%5ø)Ð—}Nxšy‡¥í”1rÅµ‘™ÄÜN©”.×é¹ÓHe¾nÆÓÒCa½ÒŽ¾7Öá –¥ÙË¼Úó»AfýäpÒ„Ã9ÀúŠj°9|ûtžz ?QFÛ¶QrI„r®#Ÿ?î!µQ½îEw9ØIó[íÃèDýÐD™k¹FŒeTÇVo?~¦·¼çÍ„nëï·—}ÔÙå¡»|~<÷vFÔ¹Jª .´R~fPÏo¡zi2¸ä¬ªÛ%˜ÚÞÑ‰Ã÷(d<ò‚©…MÐsç5~ÀN<×ý¤Û=Oá÷&¸Ûñî¦‹ë¼@™AÞþœk¦yªùÑîd ½Á²à‘LòQÖªœßÖ6%”æäþhH/éD×Ç~súU1TJï[’Fd3<:Dº¥@Öß@‚Xm³Å¼r'‘ÛºOÜH6ÝÆ¢J”’p5?üw¸'`‚ƒ9òU§Ïh`öà„«2ïqyá;¯×þ-Æê¾~s3‚ÝzbÏÓ”îë°ïñüËéVpÏ#Ôh´-æ¾òr¾sô¾a1CC„ua:¿¡éÍþ¯€ôþÏ½{¹ÂmÿfÞÕs³bw¿m&NþHàendstream +endobj +1800 0 obj<>/XObject<<>>>>/Annots 1127 0 R>>endobj +1801 0 obj<>stream +xVMÛ6½ï¯¤‡:@%[–¿vOÝm’6‡¢iÖhQ @@K”ÅD"’òÆÿ¾oHÉñ:IIÄXŠä|¼yo†®2šá_Fë9å+*Ú«Y:£ÅjÉ¿›5~çøo%U¼£§Ÿ×¿†£ùõuº¢–²Õ*ÝP\5t•oføžoVé»ùuØ «°{¶ni1Ïq*žåÝó5v×Ù£]0ÇÍe€wÛ«é‹em+NfµYÓ¶!Ïh[Lþ®¥&åI¸÷ŽŽ¦§ÊXÔ çŒ-É;IO·ï`%¬LŠƒ‹_F»“”×3J²<Ãüäu¯É×’ +Ó¶B—ñôr¸ssFç`‰’’n:'íAÚ¬v¢Ý‰ÔØýÍKkŒ‡ +_{MÎmkåèA5 V +/‘B©¬,¼±G*DÓÈ2š€-í…ÒJïC„ ;?ì9ÓÛ‚£.%½™¨T¦áÌoÏoŸ]$èÅ~“ÿÎ +]Ôož¦‚(zk¥ö Üüå:£KGÞK9ÊTÊƒlL×ây+eÀî<—_þºŒJG0Zâ†¦$³ãøá|w¤Þ yDdÄX!Jìc¬&„2Àu3„H‹ÞR£€€©§ŸgºÑez˜2±ÀOž}Êæ X³G|UH5ŒäŽœòÁ “×¬üÐ3ä(˜7Îbnç…™ƒPV6R¸X—eÓ7@@Ri´|„Ü4æqØž¾ø.ú%–îo¿»};;ÿ"!°l±ŒìÏÓ |J²å&2u¨lÐØƒàÚj¥`*B901¯¨…Þ£ú=²f}–UÖ´ ¼¯ãí#ø'ÜD2|¾+Y1Ðaò*u …œ[¤ºˆIM_\S†RAÄKJÖAÆóD* +éFB>R”£ƒdÝQ‡•ï;b%¯£Ÿ¡¤§6@¢q†äÇÎXDt'Š÷,=Ó)ÖGE›:Á»÷XA,-þx¾™N?ó1íúÝôdš¥œrÔB}lMïÆø/M†´¾hÎNF§)½‘™’æ£p#"V{Ôœp%¥{DÎUÛµie:óE6ÁRº2,ÇpzlÄcƒÝÂL©œ( Ü™:O¹2L.h±àd-i4]×w9‰Þ›VxUº²®€rcÐTi¤i£ÞË‹Ð¸¥‘.aä`G¡\èÂ©÷À0p0ƒ´ò +6•výzíH6$_D%!5ì®WM96ñ;¥…¾Jªá¬ ÷UÊ‚/v˜P5{+ÚxsÈ„Ò)"¬Ô¾·!±O#t2Êu˜' ÉÕ¡3@C*< Îl!•qLÞó¨`òZ28)wt^¶ LúE-Ìï]€´”Ö¦í?L=÷;¢ùMœé|nàyúdhŽx0q™YòPÏ?CT=ä`Ó×nNñrÃåx3v˜ÿ!Äöß¹œÞw›tÙ +OäMN«ÕïQ+LNzeÍ;<Èè™)z~ü€é&˜NÆÉzvÍç¿qœ,V›tµœGBgË5‡ý|{õçÕ¿PH”endstream +endobj +1802 0 obj<>/XObject<<>>>>>>endobj +1803 0 obj<>stream +xV[oÛ6~Ï¯8kæ•bÉ—8öàÔ ¬]»Ä0 À@‹”ÍZ"]ŠJš¿ï’[‹b‚ÄÒá¹}úëQFCüdtšÓhJE}4L‡4™Òg§ø?Ç¯ST†£l’ž¾ô"Ç‹ÉK/ÆÓçÏÏ—G'(šÑ²Dñéì”–’Px8¤e1pÖú×ÇË/Êº ÊNº”ƒZliÓxQUµ01nÜÅ%10É§é˜ƒÿ´^‘ßOº¤{Û’À(íní„ÔfM¥u$hçÔ¶mC·Ê5Ú²%]‹z%Â‰Z¯7ž*ªÞÒÖØ»˜ÐoÙJö‡œâ^†”d£4çâ±ÒF8ºÓUE+…UQ+‰Ï~ƒÚ¯RäxEê›W†k§ôº,„¡µ¥•(¶\”=k’Äá›ÜÏý+ÄÐÊù¯¯[Z©Dú°!AR7¢ñÊý3œQ†…3šÉ(‹»£4Kéwºâu7a©aòyáõ¢…vªðÖÝSÓîvöi?È–37—ÅIåxEÈ§e[\÷ ÞÐŒÂŠ»(Ò‘O€-Hà¨¹GëõoÜ:šå\&áo‡ÚÇË%m•[)g’XTewµ2Lƒ•‹xÞ@G]v*R *@ÜjÅüŒbnŽSZÉÒµO°å:PÅXOwÖmSŽã°i:œNú?í”ù°˜~¹¹p&y6Ùe€;Lv(É²Ð½kHËHá$U¶žA ˜[«+á½ +É„PÀÂ”zÝâ´Ýqdßl§€$a°“[M~_\^õ³ôêœ— PÀËµæA® ñ†³érÒƒ_´)ªVª“X;íDÐ;À€´§µ2Ê ä r£ŒÁä€='=ëX›#k_Kº+z?ÿûÝ¿\O(ë‡ÂAG„qrÑ·À˜ÆX¬íH«ó«k<¬Lj‰}{ +ò +¼äE=àWRìSú`í–áê6PÙ5cè›í°-h´¹' Š€oè&€prÁvö›ä³G‚…d/£½²fe§¾¶ªì™Üã\¨•~ê¿,ØÎz?ŠÙ«…Ó–¶ªìéQyÆ[Ð”“@ˆýt{1„™‹$é§Ú“ÿ¬—uçFùOw¥ä{ñÄ#°Øb(¬¨ÙØ—BðÜ:•‚I¾ì3¡sV8äDv3àëh«ö7Ç/ŠM4ãÀg„®Ã=ò½ðà\ˆ_©B°qƒ¬ôè |:˜V4¬˜d¿¸½²-H©£Ä»hoQ™[í¬a›|ªóÃ-ØÙÑŸ#¨[hÇ7²Üq-î©÷óµ +*ªqÙ–ôv‘wdžudÎ¦øÆ2Ñt’¥ÓÉˆÕz=ÿx>§ÏÎ~ÁEC[´ÜaØ8ï¾$§CXüï[k<¡f¿¤d“g·<úëè?zÝùendstream +endobj +1804 0 obj<>/XObject<<>>>>>>endobj +1805 0 obj<>stream +x•WïOÛHýÎ_1ðåR81ùô>Q•Þ!µ”ƒœªJ•N{M–Ø^wwMÈoví$˜DåZQØyïÍ›ÉÏƒ˜øÓÙ) '”ƒh@ãñ :¥Ñù¾?Å?#)ó¿˜£Q÷ç¦ýOŸÑ4C¨ÉyLÓ”f0 iÒ;D£ˆî0N•äæ’l1KI”)•øæÝô÷Gãß?9=‹&ˆÐû®k*jë(™km%9M–£¼¼NR!¤!a)²Ð¥%m(3ºÇMà©RºÎk½ˆ>êò7GÎ¬8~ªi¦Ýü®BÐ•®9 +’Š‡I%¢¤ªÆ…¹,‘Â#ÐgßóoD‰.³—eõ|¹sñ„2ø¦/D¦¤KJeÁPÌVoÉ÷˜‹CVÄy4|¼Mõ|t}¢ÿ\ŽL9ÖëúÒ%}“D¹NDÞ©;’)ºo/®ût\ŽrKí!²d5K™ä!ä5>ºhTG?ÛpARÀÃ’ +Ì,Òãæ¥~mMß[Ußrï÷gªìûùâ¿´ì¢sÖg'>¼$ðXÒƒðñ/‚s+ûÁÕHnkr 'ánù,Œªä™ $à½^Ÿûq|FAõ3é–š«Kõ,ašâ!D‚<á|L>Ÿ„_m¢yÅˆ¶öfr=Ô*•Ýâ†}O÷à¨yƒDÎ¼ +êj£{ê°þX?zèŽ0j¸–± lçÇ;ÎbW{ûðû«ùê¹Z^„ÿ#{È®ã`Âo[Æzl6Ï!@Y°?Z8jÞÒ×0TÀ)Í «õ@b?cbŽTé¤ÉlëˆÂ¼c` G¿øaUÉDe0h¿¾eK‘[ÎnËJü‚$]!ì‚ä»q:¢»ºõl¦‘ÊxõPÍ”ÚÔ‰õÀwKã¼©ßyè£0[9™Ñ"MÖ-;Žœ{0úŸÚG¶Ü5Ô‚ÙÄ%@(=ñG·ÖØ T! ÆNY».°=¬åÝ.¶S˜TGsŠÝƒ;Ú)ìfT"˜yê-;˜vSÀVÇ¶ÓeõðððÛåÝÍõÍŸøŽ¾`_h{@—p]‘$²BêFCâ4æ]Eà)ˆ}×š³Cú{e‡åétØ.¤@ct +öÎ[)+ÊV,¤µ0UÍåWJajlÎ®7Ãf:ð]A61ªrÇþèz]ì¼Î¼}en®·sêa{%EH§»S%Í“œy¯·Øx¼:è¯nýÌåòýXS%‚æ9f8LA¯{ö¼½èf¹n%ÙÛñ9½ÍÃšMvÊ†F¼šx?Gƒ,ež7Z?o&w<Á ó!M†£`ì÷—_>\ÒÑP(>:${Á;G?i/œœ 0ÛÒ7}öMÎ£ÉøŸ|p!_p «éÁßÿ¯ý"“endstream +endobj +1806 0 obj<>/XObject<<>>>>>>endobj +1807 0 obj<>stream +xTM›0½çWLÕUËga÷–Õn¤úT©GÇL6ØNm“&ÿ~Ç˜t“´=´ $üfÞ¼÷†“ºS˜g0-€‹I%ÏæQ y9§÷Œ°™ÜU“xyiÕ† EI/5Ðñ$ŠYåQÁ¢³¨%³íoÁX¦m+¡µÀ0¨ +%ßTOT+‡4õµÂlNµ‚JyØÁ Þ£>GÁQõ`Õw5pÌ"4\·;F ´ëÔµ[¤%ñìP7lg€³®óD|sšùÔ<F™k?5b}É.ˆN€›ÙBÃd J\ZÄ0}¼FB\‚qÆãã§êáÞo†œöÆ¥aõíkNRIíV:†GcQxÍ\ž;Ž‘UÐ)µfœïÿK <0±ëÐÄf¯ópP¶ß]Òv‰;%Ù/>˜¾r)ƒ uoå õð<Æl—£ûiA_N!ËoñjñánŸµzBná^ñ^ ´´Ü~‡Ã œ'´õ?ÿò¢ŒŠYF¿§Eâ&z¨&_&ÏkMendstream +endobj +1808 0 obj<>/XObject<<>>>>/Annots 1136 0 R>>endobj +1809 0 obj<>stream x}W]Û6|÷¯X(z.ò·Ï h›¦Iô¡MòBK+‹9JTIê|þ÷%%ŸO¹ÉÙú —³³³CúßÉœfø7§›-7”×“Y6Ã“óÇÇ“Åò6ÛÒf¾ÎTÓr±É–ý¡O“õ*[Ñf¶Èfx9ßndh¼“—ÛÛlM«Ù*½¼Ýbfº“—X„–·+D]mop-!S9™Ï—ò QVs}ƒién˜¶XËˆÑ´·»Éôý--f´+‘ÓæfK»"¦‚'ùÕ¯•j;ZÜdô‘[ë‚nô¶;ø—»¯qæü&Í|µP»â CçýÑg‹.Ú6ièŠæó~(†ldè®bâZiCª({O¥u´ïHIÖJ÷>¨½a<2¬<{Òž¼ª÷êçø™YwÈÑ“9Ê´•:O3z†"B_ÙÎt°l @@ -4198,10 +4200,10 @@ Fî¹ XÁ—úºZëµÿ‰vbðøÏîDº–ÝI5ßtjß&ºÉMW0 çBôŽ3h²P%Œ^-jÄË}‘ Õ —`™Òq?¨\4s”Þ¤°-qXXá%I‰r#*ÍH%þyH^a×íH~WGËŒÞ±`6bqýöÿŒŽ@Ä•‘²§©æ” †´°»Äl’²÷¿È`+•GšB\šÑÖ±ß——qˆg… G]¡Ë…¶ ²ô£òÄÑ¢ñ Ëãf«G(;#é ZqAÚàe*†ˆyJõúí˜–QtóáüpÄ´g–"æÒâAë4J‰Ÿú=%>ˆ9Äm«`l—æ”‰…œÄ±«MûP¡ýùVåßìÛ;±ÍTßâ±02[€Mß¯ûóÖÕE6oÒ«¡lWçnMÏq¦G´+l™´ÝhxFŸ/í°ÔÉµ¡RŸ” ¦).Î0=Ò’_;4«md×†Qâ[äyÇÜ"úFÔ(É=C†q!q()ž¸°òëúíp¸”³5Îkgô†æ³ÈGíþe<®½¡içÝÔXœýz;5zûCöC=š4´õÿÌHë'>uÙxÞÁRŽMÉ%Ó€¾'þY0çÀ=UiÎcq'|Ñ¿}!6%}Ð(œ _\‰ôàÞ¢‘h=ŒŠ„äØŽápÈM+Ûxs¢a}Øh]£Lédx„ÿ]Gw…;Õ8Á%XÏÈîÕ¥öJ*ByÅiãv«Œ±Ç´òŽU8ÂÖ¢‹º,aZ¸õœwN=ùÀ5¶\´]<þôfErqÆAs éöñÉò&iæû?wV›m¶Y/ð3 -šo–æ·ÝäïÉ£Xîendstream +šoææ·ÝäïÉ£Dìendstream endobj -1819 0 obj<>/XObject<<>>>>>>endobj -1820 0 obj<>stream +1810 0 obj<>/XObject<<>>>>>>endobj +1811 0 obj<>stream x•WÁn7½û+¦ºTbY’eÙ)ÐƒƒÚ€&Mµ@_¸»Ü#.©’\Éúû¾™ÝµÜµ}(‚ —äÌ¼yoõÏÉŒ¦ø3£«9],)¯O¦“)]^_L®iq}…Ïñ7h*åÃüb6Y¼õa6ÿøö‰Å>NÎï4›ÑªDðåõ Bàé”Vù¸VùÚ8=9]ý8™ÒÙ|‰«b¼Zkâ¥ó;ä+GÇ±Î&¹we»Üß8&íR8´‹—ý^²¾"«wÚÒ¯Ãý&R<8ïµo"íMZSB´7¯)tÖTïÜ“Ö*ÑZEÊ´vÔD]qäm¡‡D1³‹Éœ‹Ùéw‘|IßT)R›ù¤qO Tú@™Ê7{ŠH¹¯·*™ÌX“|´€Jcu"v¹ŒÿÃNÙFsÆåA+Îÿàb-RÊ}(HQ4•3¥É•KöÐïä¤[P•@Tñ’q( FÊÞõÉõÜ¡²ÚÇôb·ßê {£„ÕœOä4ò@\ß¹6ÕZT¦]Lè‹Vy(¤ˆÆ#,gšRj|.‘`ß_„LgÓ8•øÀ6è @@ -4213,33 +4215,32 @@ B ôýèÚÍÈ‚“>¤^:=&ß¡É¸öå¾DßUCk¿§äùLðE“CÇÀÈ”´õ1¤1¡¯’ÕjÃ»P«Ý;á@‹.ÞŠÊ’”¥)„} S‰ýi¥¶[¨X¡š?aG›¬0€2y%qjÇ…=E ·Âö>Qf$ë¯tm$(²çÛ„Ÿ]’÷VFçëFUtÐs³lo…~áçw½a¼pžªÈZºqAí®Þk^ìREÁ-ÁoƒQ ]Wiì|{šu$X¡e|%OªG]CŠí0(¼û™MráM(ùt Q‘=˜|Ú °a¿bÒ1¤lN¦#—ÇPAÍqGñˆs©ÀfzÂ€¦Êhk[ÀGzªúu9¡›€;WªzW`ä˜â¯™ÞÙÖ_ìê©q 8‰#¹qæIGn‰ëC2yól¿ñu‰¬qÍm`ŒÚF€ŒÙ ,Åüjê-Âçpa&&7üœ–ç¯ÐªÆØtqƒÂ#È§"r‘CÿžC›"Òf‚u¦ÃØç2F»f+ÁƒÁàðI¢wà@aŒÛèy6|½ÿmÔ‘ƒïeOÇÒ³WAn©‰~E£\Ôˆç+xŽW«´K#Wf–€¬6¸¬YpåÞ£ú;sÈU‚×ñ®£‘£eVH×ò#ðYçm¿ß~Ô,á|›~Ÿ+ÄÉ4t=ÊGŽŠQBÌbÕEt¼4O?õs/j€×7f&‡él’¡jóêçò¾Q–tÖ´Ëý ó¼ÇK³ÓÔ;ïmn¾Í–³#} ˆÂÞ`d¾-_ÂMè3›'„-ÆZaSCrªÂ# H€Ó0Zyðk¿›m|Ó‹Qñ¶ƒYsÿ-H1É$8ÎÕý\Æ!ÇÖ›Ïï®»7³%~©]_Ðòr‰_axX~»ùüé†¾ÿ–K¿ùØîQÇÑÏúgWÓ¼ÿÝgëby=Y^ÎñÄÅ®ÙRP¸]üyò/Êdendstream -endobj -1821 0 obj<>/XObject<<>>>>>>endobj -1822 0 obj<>stream -xVÛnÜ6}÷Wö¥.k¯ñ ÈÃÆ^'Ø»®¥4 Š>p%ÊbM‰*)y³ß3¤”Úª†[ÎåÌ™3üëhJüLélFóSJË£I4¡ÅÅEtN‹ó3ü=Ã¯•”ûƒéÙ$š½u0?N‡ß?&Gã›šM(Éãôìœ’Œà‚/éñU!êFZšG”’œ(w‚ÒB¦OZ¹æçäO}z®ŸÌdÇ°ŸF´®k²6m”©‚é‚¦ÓÎtv†l`šÊQ®´¤ÔTP•#AìœLNt£ƒi)ÕÒæÆ–ÔzZe¢‘|f)öi9iŸ¥EØ†„v—µ—÷…h¨AþZ=I}à\&t2‡dSÑ:é£Á¢¶f§eIHJå¤Ê…‚QÈT½Ì]#k‡XÞ¦ÎIiÍQpòÆß»€/v+vú@{cŸTõ8H!W•Œºo³ÓhÁÀ|CÕ®0Î(3´¼½õxÏïHUþ?c3tVû*¢¯’ -ñŒàVÉŒAJ…•y«5-Œá´ -Td4³]’¦ú G*j±SZ5 -…V•³Ó.¬V«ÞÃ0o@Â s²Ê^@ÖQ§š(ß7˜Q%É_pxà¯#€•éªŸÔ™÷æ«Úa´6{®¼ ÈØ0Ò©ÌZŒƒ‡ß§Päë;t®µµU.=l¿ÜÛ“’w¡n§J¥…²–à”Ûz¨ÑtdŸ¢ËUã†.ÖžÒ~Æ^ÖóT™½/¸¥Ÿ´W<£½ >`/ÀF&GÝ•»óžc‚h¯07Á‘ïjoêºšeŽš²Eô‘eÿ±»ÈCN»á„IÅ-¬ñÿêc_²ãñÍ„.zIZ„Éûþè£N ²˜F¨SYú€~–µ±Â¼l9ZÖ¢)`6†—á‘•‚‡ùò Iü¼ŠW¾ƒ1-ãøËÝŠ@…x½ÝÐÐí2;¶7”|^Q¼¼û¸¤øË:YEoaµ½»[n®ã>NêâÏÛ¯º^_Óf›Ðê·uœÐzC«åXõÐGéoõJt¯¥€$Ô˜6 @ùY_Yi-xSJçÄ#HÃãfe*Õ³ôâÈºùÊ§¢Þ°&.xÝf•ÜI´hr[åÐ³*fì¼SÄ\YÌº_D?<Ñúž<õ¬tF·>K8MEF î;ÙP[G$/éN€$‚°A1Ç²IÇÞË³giØOµQ.ÜG ë¦+e…PËïØ]Ã‰YbA´ƒ2Âˆ¥ÈKÚõ&FZ¼·H¤)Pôc8¬¢ xQ.Crà®0’ƒ*zž‡ìQN«‘>&p”aÉB'¿3 +ƒaJànÇê¹Gysð†°,‹ -BXÆjõÛûq¼ÿRÊ9œòòþa åÆÉ|ö>ÔtÎ¶¢i0{%¥>/XObject<<>>>>>>endobj -1824 0 obj<>stream +¼Ý¡räß[Î8!’„19ÓaÍ#§môq8ºÒÙ_+éÈ{>u9¡›€;WªzW`ä˜â¯™ÞÙÖ_ìê©q 8‰#¹qæIGn‰ëC2yól¿ñu‰¬qÍm`ŒÚF€ŒÙ ,Åüjê-Âçpa&&7üœ–ç¯ÐªÆØtqƒÂ#È§"r‘CÿžC›"Òf‚u¦ÃØç2F»f+ÁƒÁàðI¢wà@aŒÛèy6|½ÿmÔ‘ƒïeOÇÒ³WAn©‰~E£\Ôˆç+xŽW«´K#Wf–€¬6¸¬YpåÞ£ú;sÈU‚×ñ®£‘£eVH×ò#ðYçm¿ß~Ô,á|›~Ÿ+ÄÉ4t=ÊGŽŠQBÌbÕEt¼4O?õs/j€×7f&‡él’¡jóêçò¾Q–tÖ´Ëý ó¼ÇK³ÓÔ;ïmn¾Í–³#} ˆÂÞ`d¾-_ÂMè3›'„-ÆZaSCrªÂ# H€Ó0Zyðk¿›m|Ó‹Qñ¶ƒYsÿ-H1É$8ÎÕý\Æ!ÇÖ›Ïï®»7³%~©]_Ðòr‰_axX~»ùüé†¾ÿ–K¿ùØîQÇÑÏúgWÓ¼ÿÝgëby=Y^ÎñÄÅ®ÙrÎ§oW'žüÊPendstream +endobj +1812 0 obj<>/XObject<<>>>>>>endobj +1813 0 obj<>stream +xVÛnÜ6}÷WüRh´×úäac¯“ì]×RšE¸åeM‰*Iy³ß3¤”Úª†[ÎåÌ™3üëhBcüLèlJ³SÊ«£q2¦ùÅErNóó3ü=Å¯•T†ƒÉÙ8™¾u0;ON‡ß?dG£›šŽ)+ãôìœ²‚àŒ/ùÉÕN4^Zšž'”í$9Qmå;™?iåüÙŸáúä,^7›#tVœÀ~’ÐªöÖmî•©£éœ&“Îtz†l`ší”£RiI¹©½Pµ#AìœLI^:ïè`ZÊEM´¥±yCÏB«BxÉg–Ò–“öYZ„õ$´3¸¬u¼¼ß Oùkõ$õsÓ»É,&›‹ÖÉ 5[-+BRª$å© +^D} S÷V0w^6±‚M#œ“0Òš£à4æ¿kv_ìVlõöÆ>©úqB©j™tß¦§ÉœùŠªÝÎ´º ÂÐâö6T<ÿDªÿ[ ;°Ú× }‘´Ïn•,¤\XY¶Qó1œÖ• äl—¤©ÿÃ‘‹Fl•V^¡0ÀªJvÚ…•ÂjÕ{æ H¸aNÖÅÈ:êT@å‡3ª$ùüõ`Fºú€:†E¼…ÂjƒvÍžëo(26Œt.‹ãà©Dùúkmc•ƒ‹À˜·û±6V¡ž‰—¤ ©§ -œk«†)ÂnÞàôª\`ƒR‘‘ J[ÅÐ±Yây»Ö8þ°ú˜.~]>Ý_õ'‹«ÛÕrÑÖøÝ |4‡ÙõhMÛP¶L³›Ï÷Ãöd‘äF¨Û©Jia¬%8å¶4ÙçèríÝÐÅ*P:ÌØËzžj³×¢ +“‚öŠg´Äì;°‘ PwÕ6Á¼—˜ Ú+ÌMtºÚ›º®æA™Ç¾jŽúÚ‰‚( +FøØ]ä!§ípÂ¤âDÖ„ÿõ±/ÙñèfL½$ÍãäýŽôQÇPYL#Ô©ª½G?«ÆXaA¶ -áw0ÁËðÈJÁC‰|Où¢$~Z¦ËÐÁ”iúùnI BºÚ¬i–°öoèv‘›Ê>-)]Ü}XPúy•-J7°¿ÚÜÝ-Ö×iŸ@'ué§Í—5]¯®i½ÉhùÛ*Íhµ¦åâ¬zè£ô·z%º×R@L½ ?ë#+o*éœxixÜ¬Ì¥z–AY7_™ààAÔ=kräBÐmVÉD‹)·u =«`ÆÎ;E,•Å¬‡EôÝî)PÏJgt²„ÓÜXdäqßIOm“|¼¤;’@ +âÄIŸ‚—çÀÒ¸Ÿ£0\xˆ×MWË:¡–ß°»†³À>‚hGe„KQ´ëuŠ´xo‘Ès ÆpXEð¢\†åxà¯0’ƒ*zžÇìQN«‘>&ð¸À’…N~cÖÃ”ÁÝ–Õsóæà `Y„>fkÖoï÷˜ãý—RÎà”—÷wH(¿0ÞÍÆqïCMgüH`+šD³WRÊS!åJÅ4˜8Ö¸Êw‘øÔ½úœB?‘mãEZ^!o$ßïîž`ê¿À[î/¶x$j'ZüR)ÕckEàXx¼¦RàÃ°õkãå%«öt?Ü¨5Ö‘69¶1¯ÖË $,Hñ‘thž\¯á9¡}Ó¾uvÄþô(Üiµ7ÏÿywÍ/¢Èý§Ýü/ÆŸ§èZ19±¯evôËÑßôæO‰endstream +endobj +1814 0 obj<>/XObject<<>>>>>>endobj +1815 0 obj<>stream x½W[OÛH~çWùeA“h¥>¥+$–eK´R%^Æö˜L±gÒ›Äÿ~¿sÆ†`ØíÛAÁžÛùngòsgJ|MédFGsÊëI:¡“)~Ÿžàçß^S¹s¾Ø9üú‘¦Ç´(1e~Š_ ÂðÉ„ùîì4=Jg)-thh¶·øÑÇ4ÆÑ³ŒÞýÖZj–šrW×Ê”¬Œ} ó«ßï.¿ý}ù-¡Ò»ZFÜ^ÐË€³‹ë«Ë›ÅÖëÖš en“ÒUIk©pö·†tÃ;Oè`ŠÃðŽŠžTe ”VÎÍ‹[žáiqq{xuKÁ•ÍZ¡DÈºgó^çMÕ‘±¡QU¥‹´_t6O¹èÝ×ðBª‘×¦ªÈj]Pã3|CŠ’ÂZ¡šU“ÐÚØÂÉÅâQz@ÁÕ×îëA%X¥Ö!¨MAuT²t—YºÖ 9OÁÔ¦R~«®/7w/EaÄ¡nòCž¨4ÕPç§—ªƒnÚpm•Ád˜ÔŸ8¨:S¨§Yº¶!ÞIÛÆ¥±S´Ò^ÈË+ƒ·û”aè©ÚZ÷dv_ª'…ÿfE¯k±¨+y&"cäÎÌ£¼VP¯—LµyX1e*®Èˆ^< ”ømåkz2JÐ7«rŠš•÷àUÞïñèmßM£ˆÅ°G½aâ°_6ÔY¤•®·ÛkûÅ—^€Jª‚] -WÚƒê L(ÖTXÂvãr2•?Ž™}å í=¤68#w¶:DQÄÈF9W 8°›àxžaÉ°uG"8 ‹TAP/¾¶b¸yJö£ÿÚvâ½$fKÍ‡‚P-áœRœÜgÊ“V3 ëŠ·ØÇ²@JK?Žö^÷ùâéÍÌ6H‘ì‚•òu"nkt½r^yƒò`G)Û g©J@A²ÿhã¾œ;1öM…ol÷Šœ5[¤'«ÞëKþ×Ù+4ÕY1$E:‰´L^|õç&Ã¾p7…€üÁº0 '2ƒSo ¸êÞ__g*[Ê™”¸o?jû1ê^Ær}8Yf\8!ïÐØ¸ë__Ý-.o¸K ƒô4b0ÿM*ùOá'•4‘Hc|EÞkÌÞx~ŽPøªQzI öDïˆã·:àâL³ÐZ["âmQAõ²—A+y¶R¦sž%ØÅVƒh†&/¾€NUEº$øg¨¡6.:¯ìQéZúT£7/¤Ë¶+ŽHé¬ -®'LÌÆÖ3êˆ™ûÝÁŒ÷{Ò¦B‡ÌØIÅG»'#g±ˆÌ'¸ËµôŠ¼qÒ÷ÖˆnÐÜµF°3:•C¨ã‚S9HˆOHo€c‚2›oŠl[g±ÉÅ{êziò¥TIì”È-‡J¡ÄH@øZˆtœµæ«S9»rT Šc ÊUˆ n ©Çˆ-0 iÀ.bÙwûO¼Þá× }®wÇ±©Pÿ/^78(é3]_ûOÒS¾@½&Ù„q›Í&Ýú>ìº™–á:€ÓCM¥BãDÈ¼Ïô=6“×÷Î9ïw{²ÊŠûH›˜èÊæX£?ÔªÀ58pjŽ …hYrPmãjôõÇî¨ñÊ†ŠÝŒöX‡÷×ÏÊ¹w4R…ZA1ø¿@šÎp¹Æ×láÖ(S÷’œ!E†ÜàÎÿIRà—º493ïúâ‘ºñ‰ŽÅ¾µø/…# G–fƒ¾œ³÷{’&‡_OûYÓ94uzDó“ñÃÏÝÙçgtëÝÄ}q9.àˆ>†€!>&œL`äâÏpÇóÓtþa†Ï{x=ÏyÚåbç¯¨Y¢Üendstream +®'LÌÆÖ3êˆ™ûÝÁŒ÷{Ò¦B‡ÌØIÅG»'#g±ˆÌ'¸ËµôŠ¼qÒ÷ÖˆnÐÜµF°3:•C¨ã‚S9HˆOHo€c‚2›oŠl[g±ÉÅ{êziò¥TIì”È-‡J¡ÄH@øZˆtœµæ«S9»rT Šc ÊUˆ n ©Çˆ-0 iÀ.bÙwûO¼Þá× }®wÇ±©Pÿ/^78(é3]_ûOÒS¾@½&Ù„q›Í&Ýú>ìº™–á:€ÓCM¥BãDÈ¼Ïô=6“×÷Î9ïw{²ÊŠûH›˜èÊæX£?ÔªÀ58pjŽ …hYrPmãjôõÇî¨ñÊ†ŠÝŒöX‡÷×ÏÊ¹w4R…ZA1ø¿@šÎp¹Æ×láÖ(S÷’œ!E†ÜàÎÿIRà—º493ïúâ‘ºñ‰ŽÅ¾µø/…# G–fƒ¾œ³÷{’&‡_OûYÓ94uzDó“ñÃÏÝÙçgtëÝÄ}q9.àˆ>†€!>&œL`äâÏpÇóÓtþa†Ï{x=ó´ËÅÎ_;ÿ¨E¢Úendstream endobj -1825 0 obj<>/XObject<<>>>>>>endobj -1826 0 obj<>stream +1816 0 obj<>/XObject<<>>>>>>endobj +1817 0 obj<>stream x…V]OÛH}çWÜåº"&_„°oÒRËfÁZi%$4¶ÇñÛ“ÎŒÉòï÷Ü™IH]ZTAbßsÏ9÷~;ÑÿFt>¦ÉŒòæ`˜éìâ?§sþ9Æ#©ô_L§³düÖ“ñ(™¿õÅì,™ö?¿LN?Mi4¢´DòÙüœÒ‚x8¤4?^´ÚUÒP®›F·”‹ÎJÒ%áCüâ6š¤1ÚXR–*ñ¬ÚYÝHWño¢6R/dº¶å¿`£Ñäâ„l—W$,Ý‹&Ò¯CŒ&è(-ŽŽ•üƒl“wûzitCª•®ØF~ø@Úì%¬Õ“¤j¥œ¨,-…«6Ú<Ù„®*™?Ñ‹îLˆäº-©Tµì¥Îd©±3/\±Ód@É¾T+¨Hœr@£%ñ¬ê¡Z;Æ¥4uF8¥Ûßbäñ¨£©E[Ð‹t$"¤kmÊjAEZ*…ª;dG ôú>¥ ·¿©dËx±ÍS#ì‚tÊÍgF‹"q‹ÂHk{ýXé:Aåˆ«Ú\#s—Ð²–Ì=.®Î§@|:iJ‘KºYÒ"F¾Ë]²×ÏîCU_PÕ¯RÇÄ¾pŸÎÏœ±à–¯©~! #‹È-š®õ*i›Ì*á§Ÿ.h@™ƒÉ(`;ž'“dšP*Ä4<öJêÁ˜I}|×…ÌeÆïqkŸº5 .éòæÏûë»®ïèññ~ñårñøx˜Ð¿º#[é®.hìy@$BÍsbJõúYiž!œLäO¾nT»eÂ Ýù-¡OõÝ€†jA½º–ÅÏØ«BÈƒÉèÕÁZ•'Ì‹íH{µöî«Š‘¨•uÒK„ïŠõV¦çýÊÿjA™`k£A^Ò†\€”kfuªfodë¼0`á§j-Œ€GHØ,1ÝŽ¤F€„nÊ^Õ°ï0þQ¦-~Á]œ„öt+ü&ÙÜ¨5C :CàNCß¨Uåh//wÍÀùG_å†E†ý„a!â®ðÔY4×cžò+ßWŸo®oS:úýèÇhÑ2Þ`ßòÊî3ÐÓ€1÷ å‘ªf{,Ý†Õ±^^af<Ázhïôè‰žõ.(ÿ §ZÁî8G‹AÆ}@¼1º]õIƒê¶ÍZúÔ0*]?KzV‚>ÞÞs¨–xµpÌï¶×I´‘i¼ê õwÆ5‹ãšýð[†ð‹q4þå R&¨SÀbBîí´c"Ø7²6òYé°Qe\ûõaˆ˜ñ{ž9òk…,EWã…ÿö&ý(¡µ]“ÁvàL·ÒeJÛÓôj D+mÝNn[›Î†i¬u‹áŠÚÁëVUXÊ«·dè×ñ®®ë^Z$áêÂëVB¢AÍ‹•éá@OÁ\°ƒ÷Øl¥¤Cæ€ÕXåê©ô“ƒ/ÈÊCj°ÑÄJö·šW¬•0XQ‡ÖÞ w-ãVœBUª…áhÄ÷û± 'ïÈQ«A;QðàŽ‰w&|ŒT|Ñ9ÝÀst•W¢U¶×1d V¸ô"Ž3‘ÿ¥¡ à.w[Ù’^óÄ{3Á¡n´³í0µöÂRø²€vÍžÀN^)å73ˆÁçÅ`ú¡p6Î¸Ú@]¶‘h+žæñDñ²MlT]S+y©c±D}cÙÆêñ!îO¢wJð~yÇVöë rd‰ùxU‰8ð}EamâlìS» -vëµ‰“ðÅ£éáøN–PêŽ÷_,}rzzøà‹:ý4ö?šá‚ŸOh6ã:Ç9âZý}Ôy·[™<ÓÁö…Áùð‚ŸÿñÆ™ÎæÉìlŒC_ãq~í:=øûàdZïendstream +vëµ‰“ðÅ£éáøN–PêŽ÷_,}rzzøà‹:ý4ö?šá‚ŸOh6ã:Ç9âZý}Ôy·[™<ÓÁö…Áùð‚ŸÿñÆ™ÎæÉìlŒC_f~+]§üdFïendstream endobj -1827 0 obj<>/XObject<<>>>>>>endobj -1828 0 obj<>stream +1818 0 obj<>/XObject<<>>>>>>endobj +1819 0 obj<>stream x}WïoÛ6ýž¿â `˜Ôvì$Ž[tš®¬mÖd ä-Q‰TIÉŽÿû½#)Yvš%àXäýx÷îÝéÇÉŒNñ;£Ë9-(NN'§tv>Ÿ,è|y‰ÏsüYIùÉÕÝÉôã+šÓ]Ž+‹%>d„ã§§t—ŽæËÉÙärBwÒ5tùâî;NŸÓlNç—8=úÚjj I©©*¡³pê"ž‘«Vi©¤nh:½ºþãöÃ×>|Þ}º947šÐ7Ó’+L[flOÓJRmMU72£ÜXTç¶Æfþ,ß?¥ñìl2ç0âÍÖIMw”LîÿijZ±ƒÜK³^Ã®ÒñÏ[iei«šbB×¹?¹¸Â'~BBgœwÖ}Ü"ó ÐøozhQÉ7dêF€1-Œhí/C„Ÿèy®1:5á¸±zÁds½F·Ó‰n ¹¾!|*(@N=-º5$A1]¬Iâ7 äÌE¶˜½`HZOU§X¬áÍ{_¿ÞÿO4:høÄ\yZ›ôûç[FøÀÖ_»èÐùAÆíf|*`©¬ ã°›'Ú3áG™=P½¸FBþ|“á¬¤LlÇëŠÈãº®Á¬NHwÇ“¶›©G¼à &nÌã?aŠWO±ù° h(·mTÚ¢^R%ÐM-¶YŸhò?Ì¶›={õº9èC-fÖÒÝ¿ˆ®»áõ®tæ%3š»†éî—%¯•¹Hyg‚jzd;ÜV £¯–•?Zê“ã¹Î£b°ë†•ˆ$¯,Ò Ö>Lw#…‰]ùÆöSr[¨´ð*7xÃ¼ÏÿßÈ´J¤…_¤¿¡;c¬Ž2¾¸a!ÆÂÑÍÔÿ¶$lÙ -M!Á$ÄBEb´±*Jµá|;(Ä’Ã’5Ýa_èØ~‚qÕ£•£Q‡qz ævC/ù`UÅxÛÀc^¨ _-Ûjí±Çs±¯½Ä»(ÇÉ‚‚ÿ°P4v;˜}O?.ã{ßl÷Ìå-.—¼ÂÝ¾ûtõŽn¬ù^Ðï&m+ÜÈX<>¾<}åW¾'/žç‹ådq1álá‡å‡»“¿Nþþµ¾endstream -endobj -1829 0 obj<>/XObject<<>>>>/Annots 1146 0 R>>endobj -1830 0 obj<>stream -xWÛnÛF}÷WLõˆiQ’)9€Ñ:møÁ®k+ ŠºVäRbBî²\ÒŠþ¾gf©í^D¡Hî™Û™3£¿ŽBàoH“!"Š‹£A0 hCO'¸â_¥)•ãéi0}íÁh<}ýÄ0Ñ+'`5´×GgCÇ§ø,(œLaÅËéñ(ŒB8ŽØ•‚†QLÚoüôÃìèäjLaH³¡DÓ ÍAÐ,î/«] òÜ®(ÍrDb+ZÛ¦¢8Ï´©é©®™]¿#]ÇÁÓÛ·³¯À<ƒóx¸LúÃi0 -ÎšiWÓ™mgúxÈ¦û¡z©)¶E¡Lâß:mììPã4}OOøóáæúñòá·Ë‡§§Ùíý!d? ßmCni›<¡¹¦²²EYëD‚PT*çV¶JØœá ÚWe@Çáé„CXTÔkýa¿Ê\3ŠkâX;—6y¾îQKµÐÝ¤dl½èþgr6W -DÈe&¶U¥ã:_ãÚÕH.ÀlÕ1+IvÅ<ˆIÎT¨oæ'oõ¤J$Uê’F!¡D8™-(ÏŒf³´EcOZ'‚Öì0ò5º©ß8 9K¥u.›£äõRI8ätõÌ°Ê¼© ™ûF¶Á?FI*2ªÀÛ–íÄ')Uõ¶8ŠØS@q'‡«ô¢¶J¤â4õöœ>¡Æw·—=Fç³ÔEù'@ã:³†lºm…À5õv'ZkŒÄþuÌI\iM’™Å}KæD½.u"Uåoi†ìJiöYÅ¥Y8‰´Pk°¥d7æPª²Ä+³¶dÇ_æžŠl±Ý8ÿ ,#Å -l—HÛ¶³ìqÚ$Ž´‰«µÐzã7 -/ÙÝ¥z–ˆO®vÔ¾¿¥¿£óŽwÆò,ô™<þ„D”¢¿áRçM»©e5ÍU~ —-’ö]BýgQ€ÌyU‡€èÃÿ'Å<·ö[SÒñ-Í.g×¿|êê¨ÊäØ>Þ0Qxqº™Ö‹ÊˆsÎÎìITàQsµéNôgpÂ®úÜ¡h¹"hKˆäƒ-ÜÜH^A.˜¸|§P®FûÌ+ àHlÇ®”ëÙÚ¤RëÄr[Ïë§ÎÛî@Ÿ±LŽR ›?+THm¦©¥eÛþÄ]ôË×ú<×ÜŽ…ßcVkR•é…¬›Wgy.ø`_ÊáldÃW†Z ‘ Ù·€o¦)2 -ã;‘ -èv_å^¥rYéTCKeJìÕ©Mè9µ;äSŸù¨h§8¨m3…Ð—£®B–«º)ÿ‹¶á†¶á¡™-m¯0rüàÄ0Ãx@ZGøà‹-å÷²*„Á(ÝgW;º !ZUœfK{2ÏP$H8™ÛXåÒlùâg4µF&¹RÇYšA«öþôö€³%êo)± _AzÚ–Ô^ÏtìúpD‚üèÜxê–˜;¬Mí\ÍÌ³Ê³d+G=BE±S WýPNDòý5.žðlÝ1[5Æ0¯Ðw3±îÉŠ4Žì’¾í^a÷…aRteÒ[ªy–g5˜>=.VöŽé\?ëœ§QSñ»…Mx àjáˆè·Î~WKÛì«ñöÔy+)Œ½/½wý‚ot¾=ñB¿[Aúr7ûr«bL¨vlv-ÑsáÍFÅ…¢ï°„ Rõ—Ùptq5»|ý9AB™;MYÚª«¼#¾ðÔ—~åJ0¹¿y§ñ|„X±òz<oWÆq@".P ©#Ôtt?fJZË26¶·P;>á ˆýD¯œh»DŠBÊ[šK£UN ¬pýàž3Yêµ¹ÝRÐçÜ?išÅ^õ]Úâ³{â#Ö°#ñn¼D›±¢pcÿ$ŸäÁZñUX[ÍùÒC3ß–,½ð¥™»¸Êxðyû7³KÍ- -ŽßCôÍµ~MËº.ßŸœl½ðWm›ð‚·}ÍöÛdbciF~•*1âüƒ/~sÈjFøá3Q4ú>^Ü~¸ ûÊ~å¥ð£›¿o@|òxsàx28{ýgÂ8šÑéÄ@uÃH~:\ÎŽ~=úQ£;endstream -endobj -1831 0 obj<>endobj -1832 0 obj<>endobj -1833 0 obj<>endobj -1834 0 obj<>endobj -1835 0 obj<>endobj -1836 0 obj<>endobj -1837 0 obj<>endobj -1838 0 obj<>endobj -1839 0 obj<>endobj -1840 0 obj<>endobj -1841 0 obj<>endobj -1842 0 obj<>endobj -1843 0 obj<>endobj -1844 0 obj<>endobj -1845 0 obj<>endobj -1846 0 obj<>endobj -1847 0 obj<>endobj -1848 0 obj<>endobj -1849 0 obj<>endobj -1850 0 obj<>endobj -1851 0 obj<>endobj -1852 0 obj<>endobj -1853 0 obj<>endobj -1854 0 obj<>endobj -1855 0 obj<>endobj -1856 0 obj<>endobj -1857 0 obj<>endobj -1858 0 obj<>endobj -1859 0 obj<>endobj -1860 0 obj<>endobj -1861 0 obj<>endobj -1862 0 obj<>endobj -1863 0 obj<>endobj -1864 0 obj<>endobj -1865 0 obj<>endobj -1866 0 obj<>endobj -1867 0 obj<>endobj -1868 0 obj<>endobj -1869 0 obj<>endobj -1870 0 obj<>endobj -1871 0 obj<>endobj -1872 0 obj<>endobj -1873 0 obj<>endobj -1874 0 obj<>endobj -1875 0 obj<>endobj -1876 0 obj<>endobj -1877 0 obj<>endobj -1878 0 obj<>endobj -1879 0 obj<>endobj -1880 0 obj<>endobj -1881 0 obj<>endobj -1882 0 obj<>endobj -1883 0 obj<>endobj -1884 0 obj<>endobj -1885 0 obj<>endobj -1886 0 obj<>endobj -1887 0 obj<>endobj -1888 0 obj<>endobj -1889 0 obj<>endobj -1890 0 obj<>endobj -1891 0 obj<>endobj -1892 0 obj<>endobj -1893 0 obj<>endobj -1894 0 obj<>endobj -1895 0 obj<>endobj -1896 0 obj<>endobj -1897 0 obj<>endobj -1898 0 obj<>endobj -1899 0 obj<>endobj -1900 0 obj<>endobj -1901 0 obj<>endobj -1902 0 obj<>endobj -1903 0 obj<>endobj -1904 0 obj<>endobj -1905 0 obj<>endobj -1906 0 obj<>endobj -1907 0 obj<>endobj -1908 0 obj<>endobj -1909 0 obj<>endobj -1910 0 obj<>endobj -1911 0 obj<>endobj -1912 0 obj<>endobj -1913 0 obj<>endobj -1914 0 obj<>endobj -1915 0 obj<>endobj -1916 0 obj<>endobj -1917 0 obj<>endobj -1918 0 obj<>endobj -1919 0 obj<>endobj -1920 0 obj<>endobj -1921 0 obj<>endobj -1922 0 obj<>endobj -1923 0 obj<>endobj -1924 0 obj<>endobj -1925 0 obj<>endobj -1926 0 obj<>endobj -1927 0 obj<>endobj -1928 0 obj<>endobj -1929 0 obj<>endobj -1930 0 obj<>endobj -1931 0 obj<>endobj -1932 0 obj<>endobj -1933 0 obj<>endobj -1934 0 obj<>endobj -1935 0 obj<>endobj -1936 0 obj<>endobj -1937 0 obj<>endobj -1938 0 obj<>endobj -1939 0 obj<>endobj -1940 0 obj<>endobj -1941 0 obj<>endobj -1942 0 obj<>endobj -1943 0 obj<>endobj -1944 0 obj<>endobj -1945 0 obj<>endobj -1946 0 obj<>endobj -1947 0 obj<>endobj -1948 0 obj<>endobj -1949 0 obj<>endobj -1950 0 obj<>endobj -1951 0 obj<>endobj -1952 0 obj<>endobj -1953 0 obj<>endobj -1954 0 obj<>endobj -1955 0 obj<>endobj -1956 0 obj<>endobj -1957 0 obj<>endobj -1958 0 obj<>endobj -1959 0 obj<>endobj -1960 0 obj<>endobj -1961 0 obj<>endobj -1962 0 obj<>endobj -1963 0 obj<>endobj -1964 0 obj<>endobj -1965 0 obj<>endobj -1966 0 obj<>endobj -1967 0 obj<>endobj -1968 0 obj<>endobj -1969 0 obj<>endobj -1970 0 obj<>endobj -1971 0 obj<>endobj -1972 0 obj<>endobj -1973 0 obj<>endobj -1974 0 obj<>endobj -1975 0 obj<>endobj -1976 0 obj<>endobj -1977 0 obj<>endobj -1978 0 obj<>endobj -1979 0 obj<>endobj -1980 0 obj<>endobj -1981 0 obj<>endobj -1982 0 obj<>endobj -1983 0 obj<>endobj -1984 0 obj<>endobj -1985 0 obj<>endobj -1986 0 obj<>endobj -1987 0 obj<>endobj -1988 0 obj<>endobj -1989 0 obj<>endobj -1990 0 obj<>endobj -1991 0 obj<>endobj -1992 0 obj<>endobj -1993 0 obj<>endobj -1994 0 obj<>endobj -1995 0 obj<>endobj -1996 0 obj<>endobj -1997 0 obj<>endobj -1998 0 obj<>endobj -1999 0 obj<>endobj -2000 0 obj<>endobj -2001 0 obj<>endobj -2002 0 obj<>endobj -2003 0 obj<>endobj -2004 0 obj<>endobj -2005 0 obj<>endobj -2006 0 obj<>endobj -2007 0 obj<>endobj -2008 0 obj<>endobj -2009 0 obj<>endobj -2010 0 obj<>endobj -2011 0 obj<>endobj -2012 0 obj<>endobj -2013 0 obj<>endobj -2014 0 obj<>endobj -2015 0 obj<>endobj -2016 0 obj<>endobj -2017 0 obj<>endobj -2018 0 obj<>endobj -2019 0 obj<>endobj -2020 0 obj<>endobj -2021 0 obj<>endobj -2022 0 obj<>endobj -2023 0 obj<>endobj -2024 0 obj<>endobj -2025 0 obj<>endobj -2026 0 obj<>endobj -2027 0 obj<>endobj -2028 0 obj<>endobj -2029 0 obj<>endobj -2030 0 obj<>endobj -2031 0 obj<>endobj -2032 0 obj<>endobj -2033 0 obj<>endobj -2034 0 obj<>endobj -2035 0 obj<>endobj -2036 0 obj<>endobj -2037 0 obj<>endobj -2038 0 obj<>endobj -2039 0 obj<>endobj -2040 0 obj<>endobj -2041 0 obj<>endobj -2042 0 obj<>endobj -2043 0 obj<>endobj -2044 0 obj<>endobj -2045 0 obj<>endobj -2046 0 obj<>endobj -2047 0 obj<>endobj -2048 0 obj<>endobj -2049 0 obj<>endobj -2050 0 obj<>endobj -2051 0 obj<>endobj -2052 0 obj<>endobj -2053 0 obj<>endobj -2054 0 obj<>endobj -2055 0 obj<>endobj -2056 0 obj<>endobj -2057 0 obj<>endobj -2058 0 obj<>endobj -2059 0 obj<>endobj -2060 0 obj<>endobj -2061 0 obj<>endobj -2062 0 obj<>endobj -2063 0 obj<>endobj -2064 0 obj<>endobj -2065 0 obj<>endobj -2066 0 obj<>endobj -2067 0 obj<>endobj -2068 0 obj<>endobj -2069 0 obj<>endobj -2070 0 obj<>endobj -2071 0 obj<>endobj -2072 0 obj<>endobj -2073 0 obj<>endobj -2074 0 obj<>endobj -2075 0 obj<>endobj -2076 0 obj<>endobj -2077 0 obj<>endobj -2078 0 obj<>endobj -2079 0 obj<>endobj -2080 0 obj<>endobj -2081 0 obj<>endobj -2082 0 obj<>endobj -2083 0 obj<>endobj -2084 0 obj<>endobj -2085 0 obj<>endobj -2086 0 obj<>endobj -2087 0 obj<>endobj -2088 0 obj<>endobj -2089 0 obj<>endobj -2090 0 obj<>endobj -2091 0 obj<>endobj -2092 0 obj<>endobj -2093 0 obj<>endobj -2094 0 obj<>endobj -2095 0 obj<>endobj -2096 0 obj<>endobj -2097 0 obj<>endobj -2098 0 obj<>endobj -2099 0 obj<>endobj -2100 0 obj<>endobj -2101 0 obj<>endobj -2102 0 obj<>endobj -2103 0 obj<>endobj -2104 0 obj<>endobj -2105 0 obj<>endobj -2106 0 obj<>endobj -2107 0 obj<>endobj -2108 0 obj<>endobj -2109 0 obj<>endobj -2110 0 obj<>endobj -2111 0 obj<>endobj -2112 0 obj<>endobj -2113 0 obj<>endobj -2114 0 obj<>endobj -2115 0 obj<>endobj -2116 0 obj<>endobj -2117 0 obj<>endobj -2118 0 obj<>endobj -2119 0 obj<>endobj -2120 0 obj<>endobj -2121 0 obj<>endobj -2122 0 obj<>endobj -2123 0 obj<>endobj -2124 0 obj<>endobj -2125 0 obj<>1<>8<>9<>13<>14<>16<>20<>24<>36<>37<>39<>41<>43<>60<>63<>66<>69<>70<>73<>83<>88<>91<>93<>104<>121<>134<>143<>146<>147<>151<>154<>156<>157<>159<>162<>166<>170<>172<>]>>>>endobj +M!Á$ÄBEb´±*Jµá|;(Ä’Ã’5Ýa_èØ~‚qÕ£•£Q‡qz ævC/ù`UÅxÛÀc^¨ _-Ûjí±Çs±¯½Ä»(ÇÉ‚‚ÿ°P4v;˜}O?.ã{ßl÷Ìå-.—¼ÂÝ¾ûtõŽn¬ù^Ðï&m+ÜÈX<>¾<}åW¾'/žç‹ådq1ál±`wîNþ:ùþ¡¾endstream +endobj +1820 0 obj<>/XObject<<>>>>/Annots 1141 0 R>>endobj +1821 0 obj<>stream +xWÛnÛF}÷WLõˆiQ’%9€Ñ:møÁ®k3 ŠºVäRbBî²\ÒŠþ¾gf©í^DY‘;÷3gF…4Àß¦CM(.ŽÁ€&ÓI0¤ñlŠóÿ*M©¼ÏNƒÙk/FãÙëÃpL^‘€Õ`Ð~<\ !ŽOñYP8ÁŠÿ–ÓãQ8 áD8bW +N&Á´ýÆo?DG'Wc +CŠR„2™M)JDû€¢¸¿´®vÊs»¢4Ë‰hm›Šâ<Ó¦¦§>¸fntýŽtOoßF_¡ó.xÇ£0À1égÁ(8(Ò®¦3mgúxÈ¦û¡z©)¶E¡Lâo¶ö v¨qš¾¿§'üùpsýxùðÛåÃÓSt{¨²Ðï¶!·´MžÐ\SYÙ¢¬u"A(*•s+[%lÎpPíUÖ2 ãp„tÂ¡,*êµþ°_e®Y‹kâX;—6y¾îQ£Zè€nR2¶Þ*èþgr6W +@Èe&¶U¥ã:_ãìj$ÊlÕ1+IvÅ<ˆIä*Ô7 óÐ'·zR%’*õI#‹P"HfÊ3£Ù,mµ±'Akv8ñ5º©ß8hr–Jë\6GÉë¥’pÈéê™Õ*ó¦&dîÙ~’TdTÛ–íÄ')Uõ¶Eì)Tq'‡«íE'l•H=Äiê‰Úsú„ß]Ü^öX;ËþQåŸP×™5dÓ]h+®©·“h±&ö¯cN²àJk’Ì,6Ú·À`LÔëR'RUþ–fÈ®D‘fß‘UÍÂI¤…Z(%;¸1‡R•%®tÌÚ’™{*²Åpãü°¬)V@»”@jÝ¶5@Ó&q¤M\Ö¿Q@xÉî.Õ³D|rµë öþþŽÎ;ÞËv´ÐgðøG aŠþK›(vSÊjš«ø@/[$í»„úÏ¤šó¬¢ÿ-óÜÚoMIÇ·]>F×¿|êò ÊàØ¾Þ QpqºÖ‹ÊBçœÙ£©À£*æjÓœèÏÀ„]9ô¹CÑr+@:à¦É[¸¹'€¼]0pùI¡\ö™WÐ‚ÿA±»Rþg/`“JËm }ž?uÞvúŒi +Xp”*p8ÐüY¡B +h3M--Ûö'ž¢_¾6àç¹æŽpLü^gµ&µP™‘^Èº©qu–ç¢èK9œ mâÊPË!$kö-à[‡aŠŒÂøŽ¤ºÝg¹W¡\V:ÕàR™{ujzNkíñÔgøbKù= +`0J÷ÑÕŽ.PˆV'‡ÑÒJæŠ &s«¼š-^üŒfQkdb+uœ¥¸j/áOo0úQÂþ–Ûð ÔÓ¶4TíõLÇ®G(ÈÎ§n‰¹ƒq€ÉÜÔÎÕÌ<«úð@º˜Ù;¦sý¬sžFMÅw›ðÀÕ‚ˆð·Î~WKÛì³ñVê¼¥Ö½O½wý£ƒox¾•xÁß-!}¹‹¾Üªª›]Kø\p³aqè;,!HƒTýe6]\E—²ÿ 'H(c§)K[u¹€wÄ×<õ¥_¹ŒFîoÞ)<!VF¬€¼†ÆÛ•qÐ£XBêvÝ‡™’–Ã²Œ-âƒlÇ€ØOôÊ ·K¤(¤ÜÒ\rj`…ë÷œÉRÏÍí–‚>çþIÓ,ÎpÕwi«ŸýØ#±†‰8ôÆK´3 +7öOòØj…<+Þ¡ +`«9½jÆÛ’©¾4sW¯>oÿfv©¹E¡†ã÷ªVzŽæZ@MËº.ßŸœl½ð§6€Í +xÁÛÇ>gûm2±±4k~–*1â¡ø_üæÕ œà‡ÏlD“ÁÐ×ðñâöÃÝWö+/…mÜøå xbÉãÀñtpöúÏ„ñdLN‡ª‹ë,výzô7Q;endstream +endobj +1822 0 obj<>endobj +1823 0 obj<>endobj +1824 0 obj<>endobj +1825 0 obj<>endobj +1826 0 obj<>endobj +1827 0 obj<>endobj +1828 0 obj<>endobj +1829 0 obj<>endobj +1830 0 obj<>endobj +1831 0 obj<>endobj +1832 0 obj<>endobj +1833 0 obj<>endobj +1834 0 obj<>endobj +1835 0 obj<>endobj +1836 0 obj<>endobj +1837 0 obj<>endobj +1838 0 obj<>endobj +1839 0 obj<>endobj +1840 0 obj<>endobj +1841 0 obj<>endobj +1842 0 obj<>endobj +1843 0 obj<>endobj +1844 0 obj<>endobj +1845 0 obj<>endobj +1846 0 obj<>endobj +1847 0 obj<>endobj +1848 0 obj<>endobj +1849 0 obj<>endobj +1850 0 obj<>endobj +1851 0 obj<>endobj +1852 0 obj<>endobj +1853 0 obj<>endobj +1854 0 obj<>endobj +1855 0 obj<>endobj +1856 0 obj<>endobj +1857 0 obj<>endobj +1858 0 obj<>endobj +1859 0 obj<>endobj +1860 0 obj<>endobj +1861 0 obj<>endobj +1862 0 obj<>endobj +1863 0 obj<>endobj +1864 0 obj<>endobj +1865 0 obj<>endobj +1866 0 obj<>endobj +1867 0 obj<>endobj +1868 0 obj<>endobj +1869 0 obj<>endobj +1870 0 obj<>endobj +1871 0 obj<>endobj +1872 0 obj<>endobj +1873 0 obj<>endobj +1874 0 obj<>endobj +1875 0 obj<>endobj +1876 0 obj<>endobj +1877 0 obj<>endobj +1878 0 obj<>endobj +1879 0 obj<>endobj +1880 0 obj<>endobj +1881 0 obj<>endobj +1882 0 obj<>endobj +1883 0 obj<>endobj +1884 0 obj<>endobj +1885 0 obj<>endobj +1886 0 obj<>endobj +1887 0 obj<>endobj +1888 0 obj<>endobj +1889 0 obj<>endobj +1890 0 obj<>endobj +1891 0 obj<>endobj +1892 0 obj<>endobj +1893 0 obj<>endobj +1894 0 obj<>endobj +1895 0 obj<>endobj +1896 0 obj<>endobj +1897 0 obj<>endobj +1898 0 obj<>endobj +1899 0 obj<>endobj +1900 0 obj<>endobj +1901 0 obj<>endobj +1902 0 obj<>endobj +1903 0 obj<>endobj +1904 0 obj<>endobj +1905 0 obj<>endobj +1906 0 obj<>endobj +1907 0 obj<>endobj +1908 0 obj<>endobj +1909 0 obj<>endobj +1910 0 obj<>endobj +1911 0 obj<>endobj +1912 0 obj<>endobj +1913 0 obj<>endobj +1914 0 obj<>endobj +1915 0 obj<>endobj +1916 0 obj<>endobj +1917 0 obj<>endobj +1918 0 obj<>endobj +1919 0 obj<>endobj +1920 0 obj<>endobj +1921 0 obj<>endobj +1922 0 obj<>endobj +1923 0 obj<>endobj +1924 0 obj<>endobj +1925 0 obj<>endobj +1926 0 obj<>endobj +1927 0 obj<>endobj +1928 0 obj<>endobj +1929 0 obj<>endobj +1930 0 obj<>endobj +1931 0 obj<>endobj +1932 0 obj<>endobj +1933 0 obj<>endobj +1934 0 obj<>endobj +1935 0 obj<>endobj +1936 0 obj<>endobj +1937 0 obj<>endobj +1938 0 obj<>endobj +1939 0 obj<>endobj +1940 0 obj<>endobj +1941 0 obj<>endobj +1942 0 obj<>endobj +1943 0 obj<>endobj +1944 0 obj<>endobj +1945 0 obj<>endobj +1946 0 obj<>endobj +1947 0 obj<>endobj +1948 0 obj<>endobj +1949 0 obj<>endobj +1950 0 obj<>endobj +1951 0 obj<>endobj +1952 0 obj<>endobj +1953 0 obj<>endobj +1954 0 obj<>endobj +1955 0 obj<>endobj +1956 0 obj<>endobj +1957 0 obj<>endobj +1958 0 obj<>endobj +1959 0 obj<>endobj +1960 0 obj<>endobj +1961 0 obj<>endobj +1962 0 obj<>endobj +1963 0 obj<>endobj +1964 0 obj<>endobj +1965 0 obj<>endobj +1966 0 obj<>endobj +1967 0 obj<>endobj +1968 0 obj<>endobj +1969 0 obj<>endobj +1970 0 obj<>endobj +1971 0 obj<>endobj +1972 0 obj<>endobj +1973 0 obj<>endobj +1974 0 obj<>endobj +1975 0 obj<>endobj +1976 0 obj<>endobj +1977 0 obj<>endobj +1978 0 obj<>endobj +1979 0 obj<>endobj +1980 0 obj<>endobj +1981 0 obj<>endobj +1982 0 obj<>endobj +1983 0 obj<>endobj +1984 0 obj<>endobj +1985 0 obj<>endobj +1986 0 obj<>endobj +1987 0 obj<>endobj +1988 0 obj<>endobj +1989 0 obj<>endobj +1990 0 obj<>endobj +1991 0 obj<>endobj +1992 0 obj<>endobj +1993 0 obj<>endobj +1994 0 obj<>endobj +1995 0 obj<>endobj +1996 0 obj<>endobj +1997 0 obj<>endobj +1998 0 obj<>endobj +1999 0 obj<>endobj +2000 0 obj<>endobj +2001 0 obj<>endobj +2002 0 obj<>endobj +2003 0 obj<>endobj +2004 0 obj<>endobj +2005 0 obj<>endobj +2006 0 obj<>endobj +2007 0 obj<>endobj +2008 0 obj<>endobj +2009 0 obj<>endobj +2010 0 obj<>endobj +2011 0 obj<>endobj +2012 0 obj<>endobj +2013 0 obj<>endobj +2014 0 obj<>endobj +2015 0 obj<>endobj +2016 0 obj<>endobj +2017 0 obj<>endobj +2018 0 obj<>endobj +2019 0 obj<>endobj +2020 0 obj<>endobj +2021 0 obj<>endobj +2022 0 obj<>endobj +2023 0 obj<>endobj +2024 0 obj<>endobj +2025 0 obj<>endobj +2026 0 obj<>endobj +2027 0 obj<>endobj +2028 0 obj<>endobj +2029 0 obj<>endobj +2030 0 obj<>endobj +2031 0 obj<>endobj +2032 0 obj<>endobj +2033 0 obj<>endobj +2034 0 obj<>endobj +2035 0 obj<>endobj +2036 0 obj<>endobj +2037 0 obj<>endobj +2038 0 obj<>endobj +2039 0 obj<>endobj +2040 0 obj<>endobj +2041 0 obj<>endobj +2042 0 obj<>endobj +2043 0 obj<>endobj +2044 0 obj<>endobj +2045 0 obj<>endobj +2046 0 obj<>endobj +2047 0 obj<>endobj +2048 0 obj<>endobj +2049 0 obj<>endobj +2050 0 obj<>endobj +2051 0 obj<>endobj +2052 0 obj<>endobj +2053 0 obj<>endobj +2054 0 obj<>endobj +2055 0 obj<>endobj +2056 0 obj<>endobj +2057 0 obj<>endobj +2058 0 obj<>endobj +2059 0 obj<>endobj +2060 0 obj<>endobj +2061 0 obj<>endobj +2062 0 obj<>endobj +2063 0 obj<>endobj +2064 0 obj<>endobj +2065 0 obj<>endobj +2066 0 obj<>endobj +2067 0 obj<>endobj +2068 0 obj<>endobj +2069 0 obj<>endobj +2070 0 obj<>endobj +2071 0 obj<>endobj +2072 0 obj<>endobj +2073 0 obj<>endobj +2074 0 obj<>endobj +2075 0 obj<>endobj +2076 0 obj<>endobj +2077 0 obj<>endobj +2078 0 obj<>endobj +2079 0 obj<>endobj +2080 0 obj<>endobj +2081 0 obj<>endobj +2082 0 obj<>endobj +2083 0 obj<>endobj +2084 0 obj<>endobj +2085 0 obj<>endobj +2086 0 obj<>endobj +2087 0 obj<>endobj +2088 0 obj<>endobj +2089 0 obj<>endobj +2090 0 obj<>endobj +2091 0 obj<>endobj +2092 0 obj<>endobj +2093 0 obj<>endobj +2094 0 obj<>endobj +2095 0 obj<>endobj +2096 0 obj<>endobj +2097 0 obj<>endobj +2098 0 obj<>endobj +2099 0 obj<>endobj +2100 0 obj<>endobj +2101 0 obj<>endobj +2102 0 obj<>endobj +2103 0 obj<>endobj +2104 0 obj<>endobj +2105 0 obj<>endobj +2106 0 obj<>endobj +2107 0 obj<>endobj +2108 0 obj<>endobj +2109 0 obj<>endobj +2110 0 obj<>endobj +2111 0 obj<>endobj +2112 0 obj<>endobj +2113 0 obj<>endobj +2114 0 obj<>1<>8<>9<>13<>14<>16<>20<>24<>36<>37<>38<>40<>42<>59<>62<>64<>66<>67<>70<>80<>85<>88<>90<>101<>118<>131<>140<>143<>144<>148<>151<>153<>154<>156<>159<>163<>168<>170<>]>>>>endobj xref -0 2126 +0 2115 0000000000 65535 f 0000000015 00000 n 0000000247 00000 n @@ -4673,14 +4674,14 @@ xref 0000013798 00000 n 0000013902 00000 n 0000014006 00000 n -0000014110 00000 n -0000014214 00000 n +0000014109 00000 n +0000014213 00000 n 0000014317 00000 n -0000014421 00000 n -0000014525 00000 n -0000014629 00000 n -0000014732 00000 n -0000014835 00000 n +0000014420 00000 n +0000014523 00000 n +0000014626 00000 n +0000014730 00000 n +0000014834 00000 n 0000014938 00000 n 0000015042 00000 n 0000015146 00000 n @@ -4697,9 +4698,9 @@ xref 0000016290 00000 n 0000016394 00000 n 0000016498 00000 n -0000016602 00000 n -0000016706 00000 n -0000016810 00000 n +0000016601 00000 n +0000016705 00000 n +0000016809 00000 n 0000016913 00000 n 0000017017 00000 n 0000017121 00000 n @@ -4707,1988 +4708,1977 @@ xref 0000017329 00000 n 0000017432 00000 n 0000017534 00000 n -0000017636 00000 n -0000017997 00000 n -0000018100 00000 n -0000018204 00000 n -0000018308 00000 n -0000018411 00000 n -0000018515 00000 n -0000018619 00000 n -0000018723 00000 n -0000018826 00000 n -0000018930 00000 n -0000019034 00000 n -0000019137 00000 n -0000019241 00000 n -0000019345 00000 n -0000019449 00000 n -0000019553 00000 n -0000019657 00000 n -0000019761 00000 n -0000019865 00000 n -0000019969 00000 n -0000020073 00000 n -0000020177 00000 n -0000020281 00000 n -0000020385 00000 n -0000020489 00000 n -0000020593 00000 n -0000020697 00000 n -0000020801 00000 n -0000020905 00000 n -0000021009 00000 n -0000021113 00000 n -0000021217 00000 n -0000021321 00000 n -0000021425 00000 n -0000021528 00000 n -0000021632 00000 n -0000021736 00000 n -0000021840 00000 n -0000021944 00000 n -0000022048 00000 n -0000022152 00000 n -0000022256 00000 n -0000022359 00000 n -0000022712 00000 n -0000022815 00000 n -0000022919 00000 n -0000023023 00000 n -0000023127 00000 n -0000023231 00000 n -0000023335 00000 n -0000023439 00000 n -0000023543 00000 n -0000023647 00000 n -0000023751 00000 n -0000023855 00000 n -0000023959 00000 n -0000024063 00000 n -0000024167 00000 n -0000024271 00000 n -0000024375 00000 n -0000024479 00000 n -0000024583 00000 n -0000024686 00000 n -0000024790 00000 n -0000024894 00000 n -0000024998 00000 n -0000025102 00000 n -0000025206 00000 n -0000025310 00000 n -0000025414 00000 n -0000025518 00000 n -0000025622 00000 n -0000025726 00000 n -0000025830 00000 n -0000025934 00000 n -0000026037 00000 n -0000026141 00000 n -0000026245 00000 n -0000026349 00000 n -0000026453 00000 n -0000026557 00000 n -0000026661 00000 n -0000026765 00000 n -0000026869 00000 n -0000026972 00000 n -0000027074 00000 n -0000027176 00000 n -0000027278 00000 n -0000027647 00000 n -0000027750 00000 n -0000027854 00000 n -0000027958 00000 n -0000028062 00000 n -0000028166 00000 n -0000028270 00000 n -0000028374 00000 n -0000028478 00000 n -0000028582 00000 n -0000028685 00000 n -0000028789 00000 n -0000028893 00000 n -0000028997 00000 n -0000029101 00000 n -0000029205 00000 n -0000029309 00000 n -0000029413 00000 n -0000029516 00000 n -0000029620 00000 n -0000029724 00000 n -0000029828 00000 n -0000029932 00000 n -0000030036 00000 n -0000030140 00000 n -0000030243 00000 n -0000030347 00000 n -0000030451 00000 n -0000030554 00000 n -0000030657 00000 n -0000030761 00000 n -0000030865 00000 n -0000030969 00000 n -0000031073 00000 n -0000031177 00000 n -0000031281 00000 n -0000031384 00000 n -0000031488 00000 n -0000031592 00000 n -0000031696 00000 n -0000031799 00000 n -0000031901 00000 n -0000032003 00000 n -0000032356 00000 n -0000032459 00000 n -0000032563 00000 n -0000032667 00000 n -0000032771 00000 n -0000032875 00000 n -0000032979 00000 n -0000033083 00000 n -0000033187 00000 n -0000033291 00000 n -0000033394 00000 n -0000033498 00000 n -0000033602 00000 n -0000033706 00000 n -0000033810 00000 n -0000033914 00000 n -0000034018 00000 n -0000034122 00000 n -0000034226 00000 n -0000034329 00000 n -0000034433 00000 n -0000034537 00000 n -0000034641 00000 n -0000034745 00000 n -0000034849 00000 n -0000034953 00000 n -0000035056 00000 n -0000035160 00000 n -0000035264 00000 n -0000035368 00000 n -0000035472 00000 n -0000035576 00000 n -0000035680 00000 n -0000035784 00000 n -0000035888 00000 n -0000035992 00000 n -0000036096 00000 n -0000036200 00000 n -0000036304 00000 n -0000036408 00000 n -0000036512 00000 n -0000036616 00000 n -0000036961 00000 n -0000037014 00000 n -0000037101 00000 n -0000037155 00000 n -0000037241 00000 n -0000037296 00000 n -0000037383 00000 n -0000037450 00000 n -0000037536 00000 n -0000037639 00000 n -0000037743 00000 n -0000037847 00000 n -0000037951 00000 n -0000038055 00000 n -0000038159 00000 n -0000038263 00000 n -0000038367 00000 n -0000038471 00000 n -0000038575 00000 n -0000038679 00000 n -0000038783 00000 n -0000038887 00000 n -0000038991 00000 n -0000039095 00000 n -0000039199 00000 n -0000039303 00000 n -0000039407 00000 n -0000039511 00000 n -0000039615 00000 n -0000039719 00000 n -0000039823 00000 n -0000039927 00000 n -0000040031 00000 n -0000040134 00000 n -0000040238 00000 n -0000040342 00000 n -0000040446 00000 n -0000040550 00000 n -0000040654 00000 n -0000040758 00000 n -0000040861 00000 n -0000040963 00000 n -0000041065 00000 n -0000041386 00000 n -0000041490 00000 n -0000041594 00000 n -0000041698 00000 n -0000041802 00000 n -0000041906 00000 n -0000042010 00000 n -0000042114 00000 n -0000042218 00000 n -0000042322 00000 n -0000042426 00000 n -0000042530 00000 n -0000042634 00000 n -0000042738 00000 n -0000042842 00000 n -0000042946 00000 n -0000043050 00000 n -0000043154 00000 n -0000043258 00000 n -0000043362 00000 n -0000043466 00000 n -0000043570 00000 n -0000043674 00000 n -0000043778 00000 n -0000043882 00000 n -0000043986 00000 n -0000044089 00000 n -0000044193 00000 n -0000044297 00000 n -0000044401 00000 n -0000044505 00000 n -0000044609 00000 n -0000044713 00000 n -0000044817 00000 n -0000044921 00000 n -0000045025 00000 n -0000045129 00000 n -0000045233 00000 n -0000045337 00000 n -0000045441 00000 n -0000045545 00000 n -0000045649 00000 n -0000045753 00000 n -0000045857 00000 n -0000045961 00000 n -0000046065 00000 n -0000046169 00000 n -0000046273 00000 n -0000046377 00000 n -0000046480 00000 n -0000046582 00000 n -0000046684 00000 n -0000047109 00000 n -0000047213 00000 n -0000047317 00000 n -0000047421 00000 n -0000047525 00000 n -0000047629 00000 n -0000047733 00000 n -0000047837 00000 n -0000047941 00000 n -0000048045 00000 n -0000048149 00000 n -0000048253 00000 n -0000048357 00000 n -0000048461 00000 n -0000048565 00000 n -0000048669 00000 n -0000048773 00000 n -0000048877 00000 n -0000048981 00000 n -0000049085 00000 n -0000049189 00000 n -0000049293 00000 n -0000049397 00000 n -0000049501 00000 n -0000049605 00000 n -0000049709 00000 n -0000049813 00000 n -0000049917 00000 n -0000050021 00000 n -0000050125 00000 n -0000050229 00000 n -0000050333 00000 n -0000050437 00000 n -0000050541 00000 n -0000050645 00000 n -0000050749 00000 n -0000050853 00000 n -0000050957 00000 n -0000051061 00000 n -0000051165 00000 n -0000051269 00000 n -0000051373 00000 n -0000051477 00000 n -0000051581 00000 n -0000051685 00000 n -0000051789 00000 n -0000051893 00000 n -0000051997 00000 n -0000052101 00000 n -0000052204 00000 n -0000052306 00000 n -0000052408 00000 n -0000052833 00000 n -0000052937 00000 n -0000053041 00000 n -0000053145 00000 n -0000053249 00000 n -0000053353 00000 n -0000053457 00000 n -0000053561 00000 n -0000053665 00000 n -0000053769 00000 n -0000053872 00000 n -0000053976 00000 n -0000054080 00000 n -0000054184 00000 n -0000054288 00000 n -0000054392 00000 n -0000054496 00000 n -0000054600 00000 n -0000054704 00000 n -0000054808 00000 n -0000054912 00000 n -0000055016 00000 n -0000055120 00000 n -0000055224 00000 n -0000055328 00000 n -0000055432 00000 n -0000055536 00000 n -0000055640 00000 n -0000055744 00000 n -0000055848 00000 n -0000055952 00000 n -0000056056 00000 n -0000056160 00000 n -0000056264 00000 n -0000056368 00000 n -0000056472 00000 n -0000056576 00000 n -0000056680 00000 n -0000056784 00000 n -0000056888 00000 n -0000057217 00000 n -0000057320 00000 n -0000057424 00000 n -0000057528 00000 n -0000057632 00000 n -0000057736 00000 n -0000057840 00000 n -0000057944 00000 n -0000058048 00000 n -0000058152 00000 n -0000058256 00000 n -0000058360 00000 n -0000058463 00000 n -0000058567 00000 n -0000058671 00000 n -0000058775 00000 n -0000058879 00000 n -0000058983 00000 n -0000059087 00000 n -0000059190 00000 n -0000059294 00000 n -0000059398 00000 n -0000059502 00000 n -0000059606 00000 n -0000059710 00000 n -0000059814 00000 n -0000059918 00000 n -0000060022 00000 n -0000060126 00000 n -0000060230 00000 n -0000060334 00000 n -0000060438 00000 n -0000060542 00000 n -0000060646 00000 n -0000060750 00000 n -0000060854 00000 n -0000060958 00000 n -0000061062 00000 n -0000061166 00000 n -0000061270 00000 n -0000061374 00000 n -0000061478 00000 n -0000061581 00000 n -0000061683 00000 n -0000061785 00000 n -0000062154 00000 n -0000062258 00000 n -0000062283 00000 n -0000062332 00000 n -0000062419 00000 n -0000062444 00000 n -0000062500 00000 n -0000062587 00000 n -0000062656 00000 n -0000062743 00000 n -0000062794 00000 n -0000062881 00000 n -0000062966 00000 n -0000063053 00000 n -0000063109 00000 n -0000063196 00000 n -0000063246 00000 n -0000063333 00000 n -0000063385 00000 n -0000063471 00000 n -0000063544 00000 n -0000063600 00000 n -0000063687 00000 n -0000063735 00000 n -0000063821 00000 n -0000063869 00000 n -0000063956 00000 n -0000063997 00000 n -0000064038 00000 n -0000064125 00000 n -0000064169 00000 n -0000064256 00000 n -0000064301 00000 n -0000064388 00000 n -0000064432 00000 n -0000064519 00000 n -0000064563 00000 n -0000064650 00000 n -0000064692 00000 n -0000064779 00000 n -0000064827 00000 n -0000064914 00000 n -0000064987 00000 n -0000065035 00000 n -0000065120 00000 n -0000065145 00000 n -0000065198 00000 n -0000065282 00000 n -0000065307 00000 n -0000065410 00000 n -0000065514 00000 n -0000065618 00000 n -0000065722 00000 n -0000065826 00000 n -0000065929 00000 n -0000066032 00000 n -0000066136 00000 n -0000066240 00000 n -0000066344 00000 n -0000066448 00000 n -0000066552 00000 n -0000066656 00000 n -0000066760 00000 n -0000066864 00000 n -0000066968 00000 n -0000067072 00000 n -0000067176 00000 n -0000067280 00000 n -0000067384 00000 n -0000067488 00000 n -0000067591 00000 n -0000067695 00000 n -0000067799 00000 n -0000067903 00000 n -0000068007 00000 n -0000068111 00000 n -0000068215 00000 n -0000068319 00000 n -0000068423 00000 n -0000068527 00000 n -0000068630 00000 n -0000068734 00000 n -0000068838 00000 n -0000068942 00000 n -0000069046 00000 n -0000069150 00000 n -0000069254 00000 n -0000069358 00000 n -0000069462 00000 n -0000069566 00000 n -0000069668 00000 n -0000069770 00000 n -0000069872 00000 n -0000070241 00000 n -0000070345 00000 n -0000070370 00000 n -0000070418 00000 n -0000070505 00000 n -0000070530 00000 n -0000070578 00000 n -0000070665 00000 n -0000070710 00000 n -0000070796 00000 n -0000070839 00000 n -0000070925 00000 n -0000070966 00000 n -0000071052 00000 n -0000071101 00000 n -0000071187 00000 n -0000071233 00000 n -0000071319 00000 n -0000071364 00000 n -0000071450 00000 n -0000071502 00000 n -0000071588 00000 n -0000071638 00000 n -0000071724 00000 n -0000071770 00000 n -0000071856 00000 n -0000071899 00000 n -0000071985 00000 n -0000072029 00000 n -0000072115 00000 n -0000072158 00000 n -0000072244 00000 n -0000072289 00000 n -0000072375 00000 n -0000072413 00000 n -0000072499 00000 n -0000072541 00000 n -0000072627 00000 n -0000072670 00000 n -0000072756 00000 n -0000072794 00000 n -0000072880 00000 n -0000072922 00000 n -0000073008 00000 n -0000073052 00000 n -0000073138 00000 n -0000073185 00000 n -0000073271 00000 n -0000073319 00000 n -0000073406 00000 n -0000073599 00000 n -0000073648 00000 n -0000073734 00000 n -0000073759 00000 n -0000073806 00000 n -0000073893 00000 n -0000073918 00000 n -0000074033 00000 n -0000074120 00000 n -0000074145 00000 n -0000074227 00000 n -0000074314 00000 n -0000074399 00000 n -0000074486 00000 n -0000074541 00000 n -0000074628 00000 n -0000074684 00000 n -0000074771 00000 n -0000074820 00000 n -0000074868 00000 n -0000074955 00000 n -0000075029 00000 n -0000075116 00000 n -0000075184 00000 n -0000075271 00000 n -0000075325 00000 n -0000075412 00000 n -0000075480 00000 n -0000075567 00000 n -0000075641 00000 n -0000075728 00000 n -0000075776 00000 n -0000075863 00000 n -0000075920 00000 n -0000076007 00000 n -0000076088 00000 n -0000076143 00000 n -0000076230 00000 n -0000076311 00000 n -0000076398 00000 n -0000076431 00000 n -0000076484 00000 n -0000076571 00000 n -0000076596 00000 n -0000076644 00000 n -0000076731 00000 n -0000076773 00000 n -0000076860 00000 n -0000076903 00000 n -0000076990 00000 n -0000077040 00000 n -0000077127 00000 n -0000077175 00000 n -0000077262 00000 n -0000077319 00000 n -0000077362 00000 n -0000077449 00000 n -0000077503 00000 n -0000077590 00000 n -0000077635 00000 n -0000077722 00000 n -0000077763 00000 n -0000077820 00000 n -0000077907 00000 n -0000078003 00000 n -0000078089 00000 n -0000078122 00000 n -0000078225 00000 n -0000078329 00000 n -0000078433 00000 n -0000078537 00000 n -0000078641 00000 n -0000078745 00000 n -0000078849 00000 n -0000078953 00000 n -0000079057 00000 n -0000079161 00000 n -0000079265 00000 n -0000079369 00000 n -0000079473 00000 n -0000079577 00000 n -0000079681 00000 n -0000079785 00000 n -0000079889 00000 n -0000079993 00000 n -0000080097 00000 n -0000080200 00000 n -0000080304 00000 n -0000080408 00000 n -0000080512 00000 n -0000080616 00000 n -0000080720 00000 n -0000080824 00000 n -0000080928 00000 n -0000081032 00000 n -0000081136 00000 n -0000081239 00000 n -0000081343 00000 n -0000081447 00000 n -0000081551 00000 n -0000081654 00000 n -0000081758 00000 n -0000081862 00000 n -0000081965 00000 n -0000082069 00000 n -0000082173 00000 n -0000082277 00000 n -0000082381 00000 n -0000082484 00000 n -0000082586 00000 n -0000082688 00000 n -0000083057 00000 n -0000083161 00000 n -0000083265 00000 n -0000083369 00000 n -0000083473 00000 n -0000083577 00000 n -0000083681 00000 n -0000083785 00000 n -0000083889 00000 n -0000083993 00000 n -0000084097 00000 n -0000084201 00000 n -0000084305 00000 n -0000084409 00000 n -0000084513 00000 n -0000084617 00000 n -0000084720 00000 n -0000084824 00000 n -0000084928 00000 n -0000085032 00000 n -0000085136 00000 n -0000085240 00000 n -0000085344 00000 n -0000085448 00000 n -0000085552 00000 n -0000085655 00000 n -0000085759 00000 n -0000085863 00000 n -0000085967 00000 n -0000086071 00000 n -0000086175 00000 n -0000086279 00000 n -0000086383 00000 n -0000086487 00000 n -0000086591 00000 n -0000086695 00000 n -0000086799 00000 n -0000086903 00000 n -0000087007 00000 n -0000087111 00000 n -0000087215 00000 n -0000087319 00000 n -0000087423 00000 n -0000087526 00000 n -0000087630 00000 n -0000087734 00000 n -0000087838 00000 n -0000087942 00000 n -0000088046 00000 n -0000088149 00000 n -0000088251 00000 n -0000088353 00000 n -0000088778 00000 n -0000088882 00000 n -0000088986 00000 n -0000089090 00000 n -0000089194 00000 n -0000089297 00000 n -0000089401 00000 n -0000089505 00000 n -0000089609 00000 n -0000089713 00000 n -0000089817 00000 n -0000089921 00000 n -0000090025 00000 n -0000090129 00000 n -0000090232 00000 n -0000090335 00000 n -0000090439 00000 n -0000090543 00000 n -0000090647 00000 n -0000090751 00000 n -0000090855 00000 n -0000090959 00000 n -0000091063 00000 n -0000091167 00000 n -0000091271 00000 n -0000091375 00000 n -0000091478 00000 n -0000091582 00000 n -0000091686 00000 n -0000091790 00000 n -0000091894 00000 n -0000091998 00000 n -0000092102 00000 n -0000092206 00000 n -0000092309 00000 n -0000092413 00000 n -0000092517 00000 n -0000092621 00000 n -0000092725 00000 n -0000092829 00000 n -0000092933 00000 n -0000093036 00000 n -0000093140 00000 n -0000093244 00000 n -0000093605 00000 n -0000093653 00000 n -0000093740 00000 n -0000093787 00000 n -0000093873 00000 n -0000093920 00000 n -0000094006 00000 n -0000094047 00000 n -0000094092 00000 n -0000094179 00000 n -0000094224 00000 n -0000094310 00000 n -0000094343 00000 n -0000094389 00000 n -0000094474 00000 n -0000094520 00000 n -0000094603 00000 n -0000094636 00000 n -0000094680 00000 n -0000094767 00000 n -0000094818 00000 n -0000094905 00000 n -0000094954 00000 n -0000095041 00000 n -0000095089 00000 n -0000095175 00000 n -0000095224 00000 n -0000095279 00000 n -0000095365 00000 n -0000095390 00000 n -0000095443 00000 n -0000095530 00000 n -0000095580 00000 n -0000095667 00000 n -0000095700 00000 n -0000095819 00000 n -0000095905 00000 n -0000095948 00000 n -0000096035 00000 n -0000096078 00000 n -0000096165 00000 n -0000096206 00000 n -0000096269 00000 n -0000096356 00000 n -0000096414 00000 n -0000096501 00000 n -0000096595 00000 n -0000096681 00000 n -0000096722 00000 n -0000096765 00000 n -0000096851 00000 n -0000096899 00000 n -0000096986 00000 n -0000097027 00000 n -0000097114 00000 n -0000097158 00000 n -0000097245 00000 n -0000097289 00000 n -0000097375 00000 n -0000097432 00000 n -0000097478 00000 n -0000097565 00000 n -0000097590 00000 n -0000097639 00000 n -0000097726 00000 n -0000097780 00000 n -0000097867 00000 n -0000097918 00000 n -0000098005 00000 n -0000098059 00000 n -0000098146 00000 n -0000098196 00000 n -0000098281 00000 n -0000098338 00000 n -0000098388 00000 n -0000098475 00000 n -0000098539 00000 n -0000098626 00000 n -0000098659 00000 n -0000098736 00000 n -0000098822 00000 n -0000098912 00000 n -0000098998 00000 n -0000099087 00000 n -0000099173 00000 n -0000099214 00000 n -0000099285 00000 n -0000099371 00000 n -0000099503 00000 n -0000099589 00000 n -0000099663 00000 n -0000099749 00000 n -0000099846 00000 n -0000099932 00000 n -0000099981 00000 n -0000100046 00000 n -0000100133 00000 n -0000100158 00000 n -0000100223 00000 n -0000100311 00000 n -0000100338 00000 n -0000100401 00000 n -0000100490 00000 n -0000100517 00000 n -0000100567 00000 n -0000100656 00000 n -0000100683 00000 n -0000100732 00000 n -0000100821 00000 n -0000100872 00000 n -0000100958 00000 n -0000101003 00000 n -0000101089 00000 n -0000101134 00000 n -0000101179 00000 n -0000101267 00000 n -0000101318 00000 n -0000101406 00000 n -0000101457 00000 n -0000101545 00000 n -0000101595 00000 n -0000101683 00000 n -0000101731 00000 n -0000101819 00000 n -0000101882 00000 n -0000101972 00000 n -0000102060 00000 n -0000102124 00000 n -0000102212 00000 n -0000102248 00000 n -0000102310 00000 n -0000102398 00000 n -0000102425 00000 n -0000102481 00000 n -0000102570 00000 n -0000102597 00000 n -0000102701 00000 n -0000102806 00000 n -0000102911 00000 n -0000103016 00000 n -0000103121 00000 n -0000103226 00000 n -0000103331 00000 n -0000103435 00000 n -0000103540 00000 n -0000103645 00000 n -0000103750 00000 n -0000103855 00000 n -0000103960 00000 n -0000104065 00000 n -0000104170 00000 n -0000104275 00000 n -0000104380 00000 n -0000104485 00000 n -0000104590 00000 n -0000104695 00000 n -0000104800 00000 n -0000104905 00000 n -0000105009 00000 n -0000105114 00000 n -0000105219 00000 n -0000105324 00000 n -0000105429 00000 n -0000105534 00000 n -0000105639 00000 n -0000105744 00000 n -0000105849 00000 n -0000105953 00000 n -0000106058 00000 n -0000106163 00000 n -0000106268 00000 n -0000106373 00000 n -0000106478 00000 n -0000106583 00000 n -0000106687 00000 n -0000106792 00000 n -0000106897 00000 n -0000107002 00000 n -0000107107 00000 n -0000107212 00000 n -0000107316 00000 n -0000107419 00000 n -0000107522 00000 n -0000107963 00000 n -0000108068 00000 n -0000108173 00000 n -0000108278 00000 n -0000108383 00000 n -0000108488 00000 n -0000108593 00000 n -0000108698 00000 n -0000108779 00000 n -0000108835 00000 n -0000108923 00000 n -0000108992 00000 n -0000109080 00000 n -0000109156 00000 n -0000109245 00000 n -0000109316 00000 n -0000109404 00000 n -0000109484 00000 n -0000109573 00000 n -0000109636 00000 n -0000109719 00000 n -0000109807 00000 n -0000109883 00000 n -0000109972 00000 n -0000110046 00000 n -0000110135 00000 n -0000110214 00000 n -0000110303 00000 n -0000110357 00000 n -0000110406 00000 n -0000110495 00000 n -0000110522 00000 n -0000110571 00000 n -0000110660 00000 n -0000110687 00000 n -0000110737 00000 n -0000110826 00000 n -0000110890 00000 n -0000110979 00000 n -0000111043 00000 n -0000111132 00000 n -0000111187 00000 n -0000111276 00000 n -0000111330 00000 n -0000111399 00000 n -0000111487 00000 n -0000111543 00000 n -0000111632 00000 n -0000111668 00000 n -0000111717 00000 n -0000111806 00000 n -0000111871 00000 n -0000111960 00000 n -0000112016 00000 n -0000112105 00000 n -0000112153 00000 n +0000017887 00000 n +0000017990 00000 n +0000018094 00000 n +0000018198 00000 n +0000018302 00000 n +0000018405 00000 n +0000018509 00000 n +0000018613 00000 n +0000018716 00000 n +0000018820 00000 n +0000018924 00000 n +0000019028 00000 n +0000019132 00000 n +0000019236 00000 n +0000019340 00000 n +0000019444 00000 n +0000019548 00000 n +0000019652 00000 n +0000019756 00000 n +0000019860 00000 n +0000019964 00000 n +0000020068 00000 n +0000020172 00000 n +0000020276 00000 n +0000020380 00000 n +0000020484 00000 n +0000020588 00000 n +0000020692 00000 n +0000020796 00000 n +0000020900 00000 n +0000021004 00000 n +0000021107 00000 n +0000021211 00000 n +0000021315 00000 n +0000021419 00000 n +0000021523 00000 n +0000021627 00000 n +0000021731 00000 n +0000021835 00000 n +0000021939 00000 n +0000022042 00000 n +0000022146 00000 n +0000022249 00000 n +0000022351 00000 n +0000022453 00000 n +0000022822 00000 n +0000022925 00000 n +0000023029 00000 n +0000023133 00000 n +0000023237 00000 n +0000023341 00000 n +0000023445 00000 n +0000023549 00000 n +0000023653 00000 n +0000023757 00000 n +0000023861 00000 n +0000023965 00000 n +0000024069 00000 n +0000024173 00000 n +0000024277 00000 n +0000024380 00000 n +0000024484 00000 n +0000024588 00000 n +0000024692 00000 n +0000024796 00000 n +0000024900 00000 n +0000025004 00000 n +0000025108 00000 n +0000025212 00000 n +0000025316 00000 n +0000025420 00000 n +0000025524 00000 n +0000025628 00000 n +0000025731 00000 n +0000025835 00000 n +0000025939 00000 n +0000026043 00000 n +0000026147 00000 n +0000026251 00000 n +0000026355 00000 n +0000026459 00000 n +0000026563 00000 n +0000026666 00000 n +0000026769 00000 n +0000026873 00000 n +0000026977 00000 n +0000027081 00000 n +0000027184 00000 n +0000027286 00000 n +0000027388 00000 n +0000027757 00000 n +0000027860 00000 n +0000027964 00000 n +0000028068 00000 n +0000028172 00000 n +0000028276 00000 n +0000028379 00000 n +0000028483 00000 n +0000028587 00000 n +0000028691 00000 n +0000028795 00000 n +0000028899 00000 n +0000029003 00000 n +0000029107 00000 n +0000029210 00000 n +0000029314 00000 n +0000029418 00000 n +0000029522 00000 n +0000029626 00000 n +0000029730 00000 n +0000029834 00000 n +0000029937 00000 n +0000030041 00000 n +0000030145 00000 n +0000030248 00000 n +0000030351 00000 n +0000030455 00000 n +0000030559 00000 n +0000030663 00000 n +0000030767 00000 n +0000030871 00000 n +0000030975 00000 n +0000031078 00000 n +0000031182 00000 n +0000031286 00000 n +0000031390 00000 n +0000031494 00000 n +0000031598 00000 n +0000031702 00000 n +0000031806 00000 n +0000031909 00000 n +0000032011 00000 n +0000032113 00000 n +0000032466 00000 n +0000032569 00000 n +0000032673 00000 n +0000032777 00000 n +0000032881 00000 n +0000032985 00000 n +0000033088 00000 n +0000033192 00000 n +0000033296 00000 n +0000033400 00000 n +0000033504 00000 n +0000033608 00000 n +0000033712 00000 n +0000033816 00000 n +0000033920 00000 n +0000034024 00000 n +0000034127 00000 n +0000034231 00000 n +0000034335 00000 n +0000034439 00000 n +0000034543 00000 n +0000034647 00000 n +0000034751 00000 n +0000034854 00000 n +0000034958 00000 n +0000035062 00000 n +0000035166 00000 n +0000035270 00000 n +0000035374 00000 n +0000035478 00000 n +0000035582 00000 n +0000035686 00000 n +0000035790 00000 n +0000035894 00000 n +0000035998 00000 n +0000036102 00000 n +0000036206 00000 n +0000036310 00000 n +0000036414 00000 n +0000036735 00000 n +0000036788 00000 n +0000036875 00000 n +0000036929 00000 n +0000037015 00000 n +0000037070 00000 n +0000037157 00000 n +0000037224 00000 n +0000037310 00000 n +0000037413 00000 n +0000037517 00000 n +0000037621 00000 n +0000037725 00000 n +0000037829 00000 n +0000037933 00000 n +0000038037 00000 n +0000038141 00000 n +0000038245 00000 n +0000038349 00000 n +0000038453 00000 n +0000038557 00000 n +0000038661 00000 n +0000038765 00000 n +0000038869 00000 n +0000038973 00000 n +0000039077 00000 n +0000039181 00000 n +0000039285 00000 n +0000039389 00000 n +0000039493 00000 n +0000039597 00000 n +0000039701 00000 n +0000039805 00000 n +0000039908 00000 n +0000040012 00000 n +0000040116 00000 n +0000040220 00000 n +0000040324 00000 n +0000040428 00000 n +0000040532 00000 n +0000040635 00000 n +0000040737 00000 n +0000040839 00000 n +0000041160 00000 n +0000041264 00000 n +0000041368 00000 n +0000041472 00000 n +0000041576 00000 n +0000041680 00000 n +0000041784 00000 n +0000041888 00000 n +0000041992 00000 n +0000042096 00000 n +0000042200 00000 n +0000042304 00000 n +0000042408 00000 n +0000042512 00000 n +0000042616 00000 n +0000042720 00000 n +0000042824 00000 n +0000042928 00000 n +0000043032 00000 n +0000043136 00000 n +0000043240 00000 n +0000043344 00000 n +0000043448 00000 n +0000043552 00000 n +0000043656 00000 n +0000043758 00000 n +0000043862 00000 n +0000043966 00000 n +0000044070 00000 n +0000044174 00000 n +0000044278 00000 n +0000044382 00000 n +0000044486 00000 n +0000044590 00000 n +0000044694 00000 n +0000044798 00000 n +0000044902 00000 n +0000045006 00000 n +0000045110 00000 n +0000045214 00000 n +0000045318 00000 n +0000045422 00000 n +0000045526 00000 n +0000045630 00000 n +0000045734 00000 n +0000045838 00000 n +0000045942 00000 n +0000046046 00000 n +0000046150 00000 n +0000046254 00000 n +0000046358 00000 n +0000046461 00000 n +0000046563 00000 n +0000046665 00000 n +0000047106 00000 n +0000047210 00000 n +0000047314 00000 n +0000047418 00000 n +0000047522 00000 n +0000047626 00000 n +0000047730 00000 n +0000047834 00000 n +0000047938 00000 n +0000048042 00000 n +0000048146 00000 n +0000048250 00000 n +0000048354 00000 n +0000048458 00000 n +0000048562 00000 n +0000048666 00000 n +0000048770 00000 n +0000048874 00000 n +0000048978 00000 n +0000049082 00000 n +0000049186 00000 n +0000049290 00000 n +0000049394 00000 n +0000049498 00000 n +0000049602 00000 n +0000049706 00000 n +0000049810 00000 n +0000049914 00000 n +0000050018 00000 n +0000050122 00000 n +0000050226 00000 n +0000050330 00000 n +0000050434 00000 n +0000050538 00000 n +0000050642 00000 n +0000050746 00000 n +0000050850 00000 n +0000050954 00000 n +0000051058 00000 n +0000051162 00000 n +0000051266 00000 n +0000051370 00000 n +0000051474 00000 n +0000051578 00000 n +0000051682 00000 n +0000051786 00000 n +0000051890 00000 n +0000051994 00000 n +0000052098 00000 n +0000052201 00000 n +0000052303 00000 n +0000052405 00000 n +0000052830 00000 n +0000052934 00000 n +0000053038 00000 n +0000053142 00000 n +0000053246 00000 n +0000053350 00000 n +0000053454 00000 n +0000053557 00000 n +0000053661 00000 n +0000053765 00000 n +0000053869 00000 n +0000053973 00000 n +0000054077 00000 n +0000054181 00000 n +0000054285 00000 n +0000054389 00000 n +0000054493 00000 n +0000054597 00000 n +0000054701 00000 n +0000054805 00000 n +0000054909 00000 n +0000055013 00000 n +0000055117 00000 n +0000055221 00000 n +0000055325 00000 n +0000055429 00000 n +0000055533 00000 n +0000055637 00000 n +0000055741 00000 n +0000055845 00000 n +0000055949 00000 n +0000056053 00000 n +0000056157 00000 n +0000056261 00000 n +0000056365 00000 n +0000056469 00000 n +0000056573 00000 n +0000056878 00000 n +0000056981 00000 n +0000057085 00000 n +0000057189 00000 n +0000057293 00000 n +0000057397 00000 n +0000057501 00000 n +0000057605 00000 n +0000057709 00000 n +0000057813 00000 n +0000057917 00000 n +0000058021 00000 n +0000058124 00000 n +0000058228 00000 n +0000058332 00000 n +0000058436 00000 n +0000058540 00000 n +0000058644 00000 n +0000058748 00000 n +0000058851 00000 n +0000058955 00000 n +0000059059 00000 n +0000059163 00000 n +0000059267 00000 n +0000059371 00000 n +0000059475 00000 n +0000059579 00000 n +0000059683 00000 n +0000059787 00000 n +0000059891 00000 n +0000059995 00000 n +0000060099 00000 n +0000060203 00000 n +0000060307 00000 n +0000060411 00000 n +0000060515 00000 n +0000060619 00000 n +0000060723 00000 n +0000060827 00000 n +0000060931 00000 n +0000061035 00000 n +0000061139 00000 n +0000061242 00000 n +0000061344 00000 n +0000061446 00000 n +0000061815 00000 n +0000061919 00000 n +0000061944 00000 n +0000061993 00000 n +0000062080 00000 n +0000062105 00000 n +0000062161 00000 n +0000062248 00000 n +0000062317 00000 n +0000062404 00000 n +0000062455 00000 n +0000062542 00000 n +0000062627 00000 n +0000062714 00000 n +0000062770 00000 n +0000062857 00000 n +0000062907 00000 n +0000062994 00000 n +0000063046 00000 n +0000063132 00000 n +0000063205 00000 n +0000063261 00000 n +0000063348 00000 n +0000063396 00000 n +0000063482 00000 n +0000063530 00000 n +0000063617 00000 n +0000063658 00000 n +0000063699 00000 n +0000063786 00000 n +0000063830 00000 n +0000063917 00000 n +0000063962 00000 n +0000064049 00000 n +0000064093 00000 n +0000064180 00000 n +0000064224 00000 n +0000064311 00000 n +0000064353 00000 n +0000064440 00000 n +0000064488 00000 n +0000064575 00000 n +0000064648 00000 n +0000064696 00000 n +0000064781 00000 n +0000064806 00000 n +0000064859 00000 n +0000064943 00000 n +0000064968 00000 n +0000065071 00000 n +0000065175 00000 n +0000065279 00000 n +0000065383 00000 n +0000065487 00000 n +0000065590 00000 n +0000065693 00000 n +0000065797 00000 n +0000065901 00000 n +0000066005 00000 n +0000066109 00000 n +0000066213 00000 n +0000066317 00000 n +0000066421 00000 n +0000066525 00000 n +0000066629 00000 n +0000066733 00000 n +0000066837 00000 n +0000066941 00000 n +0000067045 00000 n +0000067149 00000 n +0000067252 00000 n +0000067356 00000 n +0000067460 00000 n +0000067564 00000 n +0000067668 00000 n +0000067772 00000 n +0000067876 00000 n +0000067980 00000 n +0000068084 00000 n +0000068188 00000 n +0000068291 00000 n +0000068395 00000 n +0000068499 00000 n +0000068603 00000 n +0000068707 00000 n +0000068811 00000 n +0000068915 00000 n +0000069019 00000 n +0000069123 00000 n +0000069227 00000 n +0000069330 00000 n +0000069434 00000 n +0000069537 00000 n +0000069906 00000 n +0000069954 00000 n +0000070041 00000 n +0000070066 00000 n +0000070114 00000 n +0000070201 00000 n +0000070246 00000 n +0000070332 00000 n +0000070375 00000 n +0000070461 00000 n +0000070502 00000 n +0000070588 00000 n +0000070637 00000 n +0000070723 00000 n +0000070769 00000 n +0000070855 00000 n +0000070900 00000 n +0000070986 00000 n +0000071038 00000 n +0000071124 00000 n +0000071174 00000 n +0000071260 00000 n +0000071306 00000 n +0000071392 00000 n +0000071435 00000 n +0000071521 00000 n +0000071565 00000 n +0000071651 00000 n +0000071694 00000 n +0000071780 00000 n +0000071825 00000 n +0000071911 00000 n +0000071949 00000 n +0000072035 00000 n +0000072077 00000 n +0000072163 00000 n +0000072206 00000 n +0000072292 00000 n +0000072330 00000 n +0000072416 00000 n +0000072458 00000 n +0000072544 00000 n +0000072588 00000 n +0000072674 00000 n +0000072721 00000 n +0000072807 00000 n +0000072855 00000 n +0000072942 00000 n +0000073135 00000 n +0000073184 00000 n +0000073270 00000 n +0000073295 00000 n +0000073342 00000 n +0000073429 00000 n +0000073454 00000 n +0000073569 00000 n +0000073656 00000 n +0000073681 00000 n +0000073763 00000 n +0000073850 00000 n +0000073935 00000 n +0000074022 00000 n +0000074077 00000 n +0000074164 00000 n +0000074220 00000 n +0000074307 00000 n +0000074356 00000 n +0000074404 00000 n +0000074491 00000 n +0000074565 00000 n +0000074652 00000 n +0000074720 00000 n +0000074807 00000 n +0000074861 00000 n +0000074948 00000 n +0000075016 00000 n +0000075103 00000 n +0000075177 00000 n +0000075264 00000 n +0000075312 00000 n +0000075399 00000 n +0000075456 00000 n +0000075543 00000 n +0000075624 00000 n +0000075679 00000 n +0000075766 00000 n +0000075847 00000 n +0000075934 00000 n +0000075967 00000 n +0000076020 00000 n +0000076107 00000 n +0000076132 00000 n +0000076180 00000 n +0000076267 00000 n +0000076309 00000 n +0000076396 00000 n +0000076439 00000 n +0000076526 00000 n +0000076576 00000 n +0000076663 00000 n +0000076711 00000 n +0000076798 00000 n +0000076855 00000 n +0000076898 00000 n +0000076985 00000 n +0000077039 00000 n +0000077126 00000 n +0000077171 00000 n +0000077258 00000 n +0000077315 00000 n +0000077401 00000 n +0000077497 00000 n +0000077582 00000 n +0000077639 00000 n +0000077742 00000 n +0000077846 00000 n +0000077950 00000 n +0000078054 00000 n +0000078158 00000 n +0000078262 00000 n +0000078366 00000 n +0000078470 00000 n +0000078574 00000 n +0000078678 00000 n +0000078782 00000 n +0000078886 00000 n +0000078990 00000 n +0000079094 00000 n +0000079198 00000 n +0000079302 00000 n +0000079406 00000 n +0000079510 00000 n +0000079614 00000 n +0000079717 00000 n +0000079821 00000 n +0000079925 00000 n +0000080029 00000 n +0000080133 00000 n +0000080237 00000 n +0000080341 00000 n +0000080445 00000 n +0000080549 00000 n +0000080653 00000 n +0000080756 00000 n +0000080860 00000 n +0000080964 00000 n +0000081068 00000 n +0000081171 00000 n +0000081275 00000 n +0000081379 00000 n +0000081482 00000 n +0000081586 00000 n +0000081690 00000 n +0000081794 00000 n +0000081898 00000 n +0000082001 00000 n +0000082103 00000 n +0000082205 00000 n +0000082574 00000 n +0000082678 00000 n +0000082782 00000 n +0000082886 00000 n +0000082990 00000 n +0000083094 00000 n +0000083198 00000 n +0000083302 00000 n +0000083406 00000 n +0000083510 00000 n +0000083614 00000 n +0000083718 00000 n +0000083822 00000 n +0000083926 00000 n +0000084030 00000 n +0000084134 00000 n +0000084237 00000 n +0000084341 00000 n +0000084445 00000 n +0000084549 00000 n +0000084653 00000 n +0000084757 00000 n +0000084861 00000 n +0000084965 00000 n +0000085069 00000 n +0000085172 00000 n +0000085276 00000 n +0000085380 00000 n +0000085484 00000 n +0000085588 00000 n +0000085692 00000 n +0000085796 00000 n +0000085900 00000 n +0000086004 00000 n +0000086108 00000 n +0000086212 00000 n +0000086316 00000 n +0000086420 00000 n +0000086524 00000 n +0000086628 00000 n +0000086732 00000 n +0000086836 00000 n +0000086940 00000 n +0000087043 00000 n +0000087147 00000 n +0000087251 00000 n +0000087355 00000 n +0000087459 00000 n +0000087563 00000 n +0000087666 00000 n +0000087768 00000 n +0000087870 00000 n +0000088295 00000 n +0000088399 00000 n +0000088503 00000 n +0000088607 00000 n +0000088711 00000 n +0000088814 00000 n +0000088918 00000 n +0000089022 00000 n +0000089126 00000 n +0000089230 00000 n +0000089334 00000 n +0000089438 00000 n +0000089542 00000 n +0000089646 00000 n +0000089749 00000 n +0000089852 00000 n +0000089956 00000 n +0000090060 00000 n +0000090164 00000 n +0000090268 00000 n +0000090372 00000 n +0000090476 00000 n +0000090580 00000 n +0000090684 00000 n +0000090788 00000 n +0000090892 00000 n +0000090995 00000 n +0000091099 00000 n +0000091203 00000 n +0000091307 00000 n +0000091411 00000 n +0000091515 00000 n +0000091619 00000 n +0000091723 00000 n +0000091826 00000 n +0000091930 00000 n +0000092034 00000 n +0000092138 00000 n +0000092242 00000 n +0000092346 00000 n +0000092450 00000 n +0000092553 00000 n +0000092657 00000 n +0000092761 00000 n +0000093122 00000 n +0000093170 00000 n +0000093257 00000 n +0000093304 00000 n +0000093390 00000 n +0000093437 00000 n +0000093523 00000 n +0000093564 00000 n +0000093609 00000 n +0000093696 00000 n +0000093741 00000 n +0000093827 00000 n +0000093860 00000 n +0000093906 00000 n +0000093992 00000 n +0000094038 00000 n +0000094121 00000 n +0000094154 00000 n +0000094198 00000 n +0000094285 00000 n +0000094336 00000 n +0000094423 00000 n +0000094472 00000 n +0000094559 00000 n +0000094607 00000 n +0000094693 00000 n +0000094742 00000 n +0000094797 00000 n +0000094883 00000 n +0000094908 00000 n +0000094961 00000 n +0000095048 00000 n +0000095098 00000 n +0000095185 00000 n +0000095218 00000 n +0000095337 00000 n +0000095423 00000 n +0000095466 00000 n +0000095553 00000 n +0000095596 00000 n +0000095683 00000 n +0000095724 00000 n +0000095787 00000 n +0000095874 00000 n +0000095932 00000 n +0000096019 00000 n +0000096113 00000 n +0000096199 00000 n +0000096240 00000 n +0000096283 00000 n +0000096369 00000 n +0000096417 00000 n +0000096504 00000 n +0000096545 00000 n +0000096632 00000 n +0000096676 00000 n +0000096763 00000 n +0000096807 00000 n +0000096893 00000 n +0000096950 00000 n +0000096996 00000 n +0000097083 00000 n +0000097108 00000 n +0000097157 00000 n +0000097244 00000 n +0000097298 00000 n +0000097385 00000 n +0000097436 00000 n +0000097523 00000 n +0000097577 00000 n +0000097664 00000 n +0000097714 00000 n +0000097799 00000 n +0000097856 00000 n +0000097906 00000 n +0000097993 00000 n +0000098057 00000 n +0000098144 00000 n +0000098177 00000 n +0000098254 00000 n +0000098340 00000 n +0000098430 00000 n +0000098516 00000 n +0000098605 00000 n +0000098691 00000 n +0000098732 00000 n +0000098803 00000 n +0000098889 00000 n +0000099021 00000 n +0000099107 00000 n +0000099181 00000 n +0000099267 00000 n +0000099364 00000 n +0000099450 00000 n +0000099499 00000 n +0000099564 00000 n +0000099651 00000 n +0000099676 00000 n +0000099741 00000 n +0000099828 00000 n +0000099853 00000 n +0000099915 00000 n +0000100002 00000 n +0000100027 00000 n +0000100076 00000 n +0000100164 00000 n +0000100191 00000 n +0000100240 00000 n +0000100329 00000 n +0000100380 00000 n +0000100466 00000 n +0000100511 00000 n +0000100597 00000 n +0000100642 00000 n +0000100687 00000 n +0000100775 00000 n +0000100826 00000 n +0000100914 00000 n +0000100965 00000 n +0000101053 00000 n +0000101103 00000 n +0000101191 00000 n +0000101239 00000 n +0000101327 00000 n +0000101390 00000 n +0000101480 00000 n +0000101568 00000 n +0000101632 00000 n +0000101720 00000 n +0000101756 00000 n +0000101818 00000 n +0000101906 00000 n +0000101933 00000 n +0000101989 00000 n +0000102078 00000 n +0000102105 00000 n +0000102209 00000 n +0000102314 00000 n +0000102419 00000 n +0000102524 00000 n +0000102629 00000 n +0000102734 00000 n +0000102839 00000 n +0000102943 00000 n +0000103048 00000 n +0000103153 00000 n +0000103258 00000 n +0000103363 00000 n +0000103468 00000 n +0000103573 00000 n +0000103678 00000 n +0000103783 00000 n +0000103888 00000 n +0000103993 00000 n +0000104098 00000 n +0000104203 00000 n +0000104308 00000 n +0000104413 00000 n +0000104517 00000 n +0000104622 00000 n +0000104727 00000 n +0000104832 00000 n +0000104937 00000 n +0000105042 00000 n +0000105147 00000 n +0000105252 00000 n +0000105357 00000 n +0000105462 00000 n +0000105566 00000 n +0000105671 00000 n +0000105776 00000 n +0000105881 00000 n +0000105986 00000 n +0000106091 00000 n +0000106196 00000 n +0000106300 00000 n +0000106405 00000 n +0000106510 00000 n +0000106615 00000 n +0000106720 00000 n +0000106824 00000 n +0000106927 00000 n +0000107030 00000 n +0000107471 00000 n +0000107576 00000 n +0000107681 00000 n +0000107786 00000 n +0000107891 00000 n +0000107996 00000 n +0000108101 00000 n +0000108206 00000 n +0000108311 00000 n +0000108401 00000 n +0000108457 00000 n +0000108545 00000 n +0000108614 00000 n +0000108702 00000 n +0000108778 00000 n +0000108867 00000 n +0000108938 00000 n +0000109026 00000 n +0000109106 00000 n +0000109195 00000 n +0000109258 00000 n +0000109341 00000 n +0000109429 00000 n +0000109505 00000 n +0000109594 00000 n +0000109668 00000 n +0000109757 00000 n +0000109836 00000 n +0000109925 00000 n +0000109979 00000 n +0000110028 00000 n +0000110117 00000 n +0000110144 00000 n +0000110193 00000 n +0000110282 00000 n +0000110309 00000 n +0000110359 00000 n +0000110448 00000 n +0000110512 00000 n +0000110601 00000 n +0000110665 00000 n +0000110754 00000 n +0000110809 00000 n +0000110898 00000 n +0000110952 00000 n +0000111021 00000 n +0000111109 00000 n +0000111165 00000 n +0000111254 00000 n +0000111290 00000 n +0000111339 00000 n +0000111428 00000 n +0000111493 00000 n +0000111582 00000 n +0000111638 00000 n +0000111727 00000 n +0000111775 00000 n +0000111864 00000 n +0000111918 00000 n +0000111973 00000 n +0000112062 00000 n +0000112117 00000 n +0000112206 00000 n 0000112242 00000 n -0000112296 00000 n -0000112351 00000 n -0000112440 00000 n -0000112495 00000 n -0000112584 00000 n -0000112620 00000 n -0000112656 00000 n -0000112692 00000 n -0000118297 00000 n -0000118342 00000 n -0000118387 00000 n -0000118432 00000 n -0000118477 00000 n -0000118522 00000 n -0000118567 00000 n -0000118612 00000 n -0000118657 00000 n -0000118702 00000 n -0000118747 00000 n -0000118792 00000 n -0000118837 00000 n -0000118882 00000 n -0000118927 00000 n -0000118972 00000 n -0000119017 00000 n -0000119062 00000 n -0000119107 00000 n -0000119152 00000 n -0000119197 00000 n -0000119242 00000 n -0000119287 00000 n -0000119332 00000 n -0000119377 00000 n -0000119422 00000 n -0000119467 00000 n -0000119512 00000 n -0000119557 00000 n -0000119602 00000 n -0000119647 00000 n -0000119692 00000 n -0000119737 00000 n -0000119782 00000 n -0000119827 00000 n -0000119872 00000 n -0000119917 00000 n -0000119962 00000 n -0000120007 00000 n -0000120052 00000 n -0000120097 00000 n -0000120142 00000 n -0000120187 00000 n -0000120232 00000 n -0000120277 00000 n -0000120322 00000 n -0000120367 00000 n -0000120412 00000 n -0000120457 00000 n -0000120502 00000 n -0000120547 00000 n -0000120592 00000 n -0000120637 00000 n -0000120682 00000 n -0000120727 00000 n -0000120772 00000 n -0000120817 00000 n -0000120862 00000 n -0000120907 00000 n -0000120952 00000 n -0000120997 00000 n -0000121042 00000 n -0000121087 00000 n -0000121132 00000 n -0000121177 00000 n -0000121222 00000 n -0000121267 00000 n -0000121312 00000 n -0000121357 00000 n -0000121402 00000 n -0000121447 00000 n -0000121492 00000 n -0000121537 00000 n -0000121582 00000 n -0000121627 00000 n -0000121672 00000 n -0000121717 00000 n -0000121762 00000 n -0000121807 00000 n -0000121852 00000 n -0000121897 00000 n -0000121942 00000 n -0000121987 00000 n -0000122032 00000 n -0000122077 00000 n -0000122122 00000 n -0000122167 00000 n -0000122212 00000 n -0000122257 00000 n -0000122302 00000 n -0000122347 00000 n -0000122392 00000 n -0000122437 00000 n -0000122482 00000 n -0000122527 00000 n -0000122572 00000 n -0000122617 00000 n -0000122662 00000 n -0000122707 00000 n -0000122752 00000 n -0000122797 00000 n -0000122842 00000 n -0000122887 00000 n -0000122932 00000 n -0000122977 00000 n -0000123022 00000 n -0000123067 00000 n -0000123112 00000 n -0000123157 00000 n -0000123202 00000 n -0000123247 00000 n -0000123292 00000 n -0000123337 00000 n -0000123382 00000 n -0000123427 00000 n -0000123472 00000 n -0000123517 00000 n -0000123562 00000 n -0000123607 00000 n -0000123652 00000 n -0000123697 00000 n -0000123742 00000 n -0000123787 00000 n -0000123832 00000 n -0000123877 00000 n -0000123922 00000 n -0000123967 00000 n -0000124012 00000 n -0000124057 00000 n -0000124102 00000 n -0000124147 00000 n -0000124192 00000 n -0000124237 00000 n -0000124282 00000 n -0000124327 00000 n -0000124372 00000 n -0000124417 00000 n -0000124462 00000 n -0000124507 00000 n -0000124552 00000 n -0000124597 00000 n -0000124642 00000 n -0000124687 00000 n -0000124732 00000 n -0000124777 00000 n -0000124822 00000 n -0000124867 00000 n -0000124912 00000 n -0000124957 00000 n -0000125002 00000 n -0000125047 00000 n -0000125092 00000 n -0000125137 00000 n -0000125182 00000 n -0000125227 00000 n -0000125272 00000 n -0000125317 00000 n -0000125362 00000 n -0000125407 00000 n -0000125452 00000 n -0000125497 00000 n -0000125542 00000 n -0000125587 00000 n -0000125632 00000 n -0000125677 00000 n -0000125722 00000 n -0000125767 00000 n -0000125812 00000 n -0000125857 00000 n -0000125902 00000 n -0000125947 00000 n -0000125992 00000 n -0000126037 00000 n -0000126082 00000 n -0000126127 00000 n -0000126172 00000 n -0000126217 00000 n -0000126262 00000 n -0000126307 00000 n -0000126352 00000 n -0000126397 00000 n -0000126442 00000 n -0000126487 00000 n -0000126532 00000 n -0000126577 00000 n -0000126622 00000 n -0000126667 00000 n -0000126712 00000 n -0000126757 00000 n -0000126802 00000 n -0000126847 00000 n -0000126892 00000 n -0000126937 00000 n -0000126982 00000 n -0000127027 00000 n -0000127072 00000 n -0000127117 00000 n -0000127162 00000 n -0000127207 00000 n -0000127252 00000 n -0000127297 00000 n -0000127342 00000 n -0000127387 00000 n -0000127432 00000 n -0000127477 00000 n -0000127522 00000 n -0000127567 00000 n -0000127612 00000 n -0000127657 00000 n -0000127702 00000 n -0000127747 00000 n -0000127792 00000 n -0000127837 00000 n -0000127882 00000 n -0000127927 00000 n -0000127972 00000 n -0000128017 00000 n -0000128062 00000 n -0000128107 00000 n -0000128152 00000 n -0000128197 00000 n -0000128242 00000 n -0000128287 00000 n -0000128332 00000 n -0000128377 00000 n -0000128422 00000 n -0000128467 00000 n -0000128512 00000 n -0000128557 00000 n -0000128602 00000 n -0000128647 00000 n -0000128692 00000 n -0000128737 00000 n -0000128782 00000 n -0000128827 00000 n -0000128872 00000 n -0000128917 00000 n -0000128962 00000 n -0000129007 00000 n -0000129052 00000 n -0000129097 00000 n -0000129142 00000 n -0000129187 00000 n -0000129232 00000 n -0000129277 00000 n -0000129322 00000 n -0000129367 00000 n -0000129412 00000 n -0000129457 00000 n -0000129502 00000 n -0000129547 00000 n -0000129592 00000 n -0000129637 00000 n -0000129682 00000 n -0000129727 00000 n -0000129772 00000 n -0000129817 00000 n -0000129862 00000 n -0000129907 00000 n -0000129952 00000 n -0000129997 00000 n -0000130042 00000 n -0000130087 00000 n -0000130132 00000 n -0000130177 00000 n -0000130222 00000 n -0000130267 00000 n -0000130312 00000 n -0000130357 00000 n -0000130402 00000 n -0000130447 00000 n -0000130492 00000 n -0000130537 00000 n -0000130582 00000 n -0000130627 00000 n -0000130672 00000 n -0000130717 00000 n -0000130762 00000 n -0000130807 00000 n -0000130852 00000 n -0000130897 00000 n -0000130942 00000 n -0000130987 00000 n -0000131032 00000 n -0000131077 00000 n -0000131122 00000 n -0000131167 00000 n -0000131212 00000 n -0000131257 00000 n -0000131302 00000 n -0000131347 00000 n -0000131392 00000 n -0000131437 00000 n -0000131482 00000 n -0000131527 00000 n -0000131572 00000 n -0000131617 00000 n -0000131662 00000 n -0000131707 00000 n -0000131752 00000 n -0000131797 00000 n -0000131842 00000 n -0000131887 00000 n -0000131932 00000 n -0000131977 00000 n -0000132022 00000 n -0000132067 00000 n -0000132112 00000 n -0000132157 00000 n -0000132202 00000 n -0000132247 00000 n -0000132292 00000 n -0000132337 00000 n -0000132382 00000 n -0000132427 00000 n -0000132472 00000 n -0000132517 00000 n -0000132562 00000 n -0000132607 00000 n -0000132652 00000 n -0000132697 00000 n -0000132742 00000 n -0000132787 00000 n -0000132832 00000 n -0000132877 00000 n -0000132922 00000 n -0000132967 00000 n -0000134609 00000 n -0000134770 00000 n -0000134939 00000 n -0000135132 00000 n -0000139029 00000 n -0000139223 00000 n -0000143650 00000 n -0000143844 00000 n -0000148198 00000 n -0000148392 00000 n -0000152436 00000 n -0000152630 00000 n -0000156208 00000 n -0000156402 00000 n -0000159997 00000 n -0000160191 00000 n -0000163343 00000 n +0000112278 00000 n +0000112314 00000 n +0000117919 00000 n +0000117964 00000 n +0000118009 00000 n +0000118054 00000 n +0000118099 00000 n +0000118144 00000 n +0000118189 00000 n +0000118234 00000 n +0000118279 00000 n +0000118324 00000 n +0000118369 00000 n +0000118414 00000 n +0000118459 00000 n +0000118504 00000 n +0000118549 00000 n +0000118594 00000 n +0000118639 00000 n +0000118684 00000 n +0000118729 00000 n +0000118774 00000 n +0000118819 00000 n +0000118864 00000 n +0000118909 00000 n +0000118954 00000 n +0000118999 00000 n +0000119044 00000 n +0000119089 00000 n +0000119134 00000 n +0000119179 00000 n +0000119224 00000 n +0000119269 00000 n +0000119314 00000 n +0000119359 00000 n +0000119404 00000 n +0000119449 00000 n +0000119494 00000 n +0000119539 00000 n +0000119584 00000 n +0000119629 00000 n +0000119674 00000 n +0000119719 00000 n +0000119764 00000 n +0000119809 00000 n +0000119854 00000 n +0000119899 00000 n +0000119944 00000 n +0000119989 00000 n +0000120034 00000 n +0000120079 00000 n +0000120124 00000 n +0000120169 00000 n +0000120214 00000 n +0000120259 00000 n +0000120304 00000 n +0000120349 00000 n +0000120394 00000 n +0000120439 00000 n +0000120484 00000 n +0000120529 00000 n +0000120574 00000 n +0000120619 00000 n +0000120664 00000 n +0000120709 00000 n +0000120754 00000 n +0000120799 00000 n +0000120844 00000 n +0000120889 00000 n +0000120934 00000 n +0000120979 00000 n +0000121024 00000 n +0000121069 00000 n +0000121114 00000 n +0000121159 00000 n +0000121204 00000 n +0000121249 00000 n +0000121294 00000 n +0000121339 00000 n +0000121384 00000 n +0000121429 00000 n +0000121474 00000 n +0000121519 00000 n +0000121564 00000 n +0000121609 00000 n +0000121654 00000 n +0000121699 00000 n +0000121744 00000 n +0000121789 00000 n +0000121834 00000 n +0000121879 00000 n +0000121924 00000 n +0000121969 00000 n +0000122014 00000 n +0000122059 00000 n +0000122104 00000 n +0000122149 00000 n +0000122194 00000 n +0000122239 00000 n +0000122284 00000 n +0000122329 00000 n +0000122374 00000 n +0000122419 00000 n +0000122464 00000 n +0000122509 00000 n +0000122554 00000 n +0000122599 00000 n +0000122644 00000 n +0000122689 00000 n +0000122734 00000 n +0000122779 00000 n +0000122824 00000 n +0000122869 00000 n +0000122914 00000 n +0000122959 00000 n +0000123004 00000 n +0000123049 00000 n +0000123094 00000 n +0000123139 00000 n +0000123184 00000 n +0000123229 00000 n +0000123274 00000 n +0000123319 00000 n +0000123364 00000 n +0000123409 00000 n +0000123454 00000 n +0000123499 00000 n +0000123544 00000 n +0000123589 00000 n +0000123634 00000 n +0000123679 00000 n +0000123724 00000 n +0000123769 00000 n +0000123814 00000 n +0000123859 00000 n +0000123904 00000 n +0000123949 00000 n +0000123994 00000 n +0000124039 00000 n +0000124084 00000 n +0000124129 00000 n +0000124174 00000 n +0000124219 00000 n +0000124264 00000 n +0000124309 00000 n +0000124354 00000 n +0000124399 00000 n +0000124444 00000 n +0000124489 00000 n +0000124534 00000 n +0000124579 00000 n +0000124624 00000 n +0000124669 00000 n +0000124714 00000 n +0000124759 00000 n +0000124804 00000 n +0000124849 00000 n +0000124894 00000 n +0000124939 00000 n +0000124984 00000 n +0000125029 00000 n +0000125074 00000 n +0000125119 00000 n +0000125164 00000 n +0000125209 00000 n +0000125254 00000 n +0000125299 00000 n +0000125344 00000 n +0000125389 00000 n +0000125434 00000 n +0000125479 00000 n +0000125524 00000 n +0000125569 00000 n +0000125614 00000 n +0000125659 00000 n +0000125704 00000 n +0000125749 00000 n +0000125794 00000 n +0000125839 00000 n +0000125884 00000 n +0000125929 00000 n +0000125974 00000 n +0000126019 00000 n +0000126064 00000 n +0000126109 00000 n +0000126154 00000 n +0000126199 00000 n +0000126244 00000 n +0000126289 00000 n +0000126334 00000 n +0000126379 00000 n +0000126424 00000 n +0000126469 00000 n +0000126514 00000 n +0000126559 00000 n +0000126604 00000 n +0000126649 00000 n +0000126694 00000 n +0000126739 00000 n +0000126784 00000 n +0000126829 00000 n +0000126874 00000 n +0000126919 00000 n +0000126964 00000 n +0000127009 00000 n +0000127054 00000 n +0000127099 00000 n +0000127144 00000 n +0000127189 00000 n +0000127234 00000 n +0000127279 00000 n +0000127324 00000 n +0000127369 00000 n +0000127414 00000 n +0000127459 00000 n +0000127504 00000 n +0000127549 00000 n +0000127594 00000 n +0000127639 00000 n +0000127684 00000 n +0000127729 00000 n +0000127774 00000 n +0000127819 00000 n +0000127864 00000 n +0000127909 00000 n +0000127954 00000 n +0000127999 00000 n +0000128044 00000 n +0000128089 00000 n +0000128134 00000 n +0000128179 00000 n +0000128224 00000 n +0000128269 00000 n +0000128314 00000 n +0000128359 00000 n +0000128404 00000 n +0000128449 00000 n +0000128494 00000 n +0000128539 00000 n +0000128584 00000 n +0000128629 00000 n +0000128674 00000 n +0000128719 00000 n +0000128764 00000 n +0000128809 00000 n +0000128854 00000 n +0000128899 00000 n +0000128944 00000 n +0000128989 00000 n +0000129034 00000 n +0000129079 00000 n +0000129124 00000 n +0000129169 00000 n +0000129214 00000 n +0000129259 00000 n +0000129304 00000 n +0000129349 00000 n +0000129394 00000 n +0000129439 00000 n +0000129484 00000 n +0000129529 00000 n +0000129574 00000 n +0000129619 00000 n +0000129664 00000 n +0000129709 00000 n +0000129754 00000 n +0000129799 00000 n +0000129844 00000 n +0000129889 00000 n +0000129934 00000 n +0000129979 00000 n +0000130024 00000 n +0000130069 00000 n +0000130114 00000 n +0000130159 00000 n +0000130204 00000 n +0000130249 00000 n +0000130294 00000 n +0000130339 00000 n +0000130384 00000 n +0000130429 00000 n +0000130474 00000 n +0000130519 00000 n +0000130564 00000 n +0000130609 00000 n +0000130654 00000 n +0000130699 00000 n +0000130744 00000 n +0000130789 00000 n +0000130834 00000 n +0000130879 00000 n +0000130924 00000 n +0000130969 00000 n +0000131014 00000 n +0000131059 00000 n +0000131104 00000 n +0000131149 00000 n +0000131194 00000 n +0000131239 00000 n +0000131284 00000 n +0000131329 00000 n +0000131374 00000 n +0000131419 00000 n +0000131464 00000 n +0000131509 00000 n +0000131554 00000 n +0000131599 00000 n +0000131644 00000 n +0000131689 00000 n +0000131734 00000 n +0000131778 00000 n +0000131823 00000 n +0000131868 00000 n +0000131913 00000 n +0000131958 00000 n +0000132003 00000 n +0000132048 00000 n +0000132093 00000 n +0000132138 00000 n +0000132183 00000 n +0000132228 00000 n +0000132273 00000 n +0000132318 00000 n +0000132363 00000 n +0000132408 00000 n +0000132453 00000 n +0000132498 00000 n +0000132543 00000 n +0000132588 00000 n +0000134212 00000 n +0000134373 00000 n +0000134542 00000 n +0000134735 00000 n +0000138632 00000 n +0000138826 00000 n +0000143256 00000 n +0000143450 00000 n +0000147800 00000 n +0000147994 00000 n +0000151993 00000 n +0000152187 00000 n +0000155810 00000 n +0000156004 00000 n +0000159812 00000 n +0000160006 00000 n +0000162906 00000 n +0000163067 00000 n +0000163301 00000 n 0000163504 00000 n -0000163738 00000 n -0000163941 00000 n -0000166521 00000 n -0000166696 00000 n -0000170340 00000 n -0000170515 00000 n -0000173018 00000 n -0000173193 00000 n -0000174969 00000 n -0000175130 00000 n -0000175318 00000 n -0000175521 00000 n -0000178152 00000 n -0000178327 00000 n -0000178592 00000 n -0000178795 00000 n -0000180229 00000 n -0000180446 00000 n -0000181900 00000 n -0000182097 00000 n -0000183949 00000 n -0000184109 00000 n -0000184604 00000 n -0000184774 00000 n -0000186514 00000 n -0000186702 00000 n -0000188191 00000 n -0000188370 00000 n -0000190346 00000 n -0000190525 00000 n -0000191467 00000 n -0000191696 00000 n -0000193565 00000 n -0000193762 00000 n -0000195301 00000 n -0000195498 00000 n -0000196994 00000 n -0000197217 00000 n -0000199386 00000 n -0000199589 00000 n -0000201482 00000 n -0000201696 00000 n -0000202997 00000 n -0000203229 00000 n -0000204902 00000 n -0000205115 00000 n -0000207019 00000 n -0000207227 00000 n -0000208505 00000 n -0000208744 00000 n -0000210263 00000 n -0000210451 00000 n -0000211763 00000 n -0000211951 00000 n -0000212498 00000 n -0000212659 00000 n -0000212849 00000 n -0000213052 00000 n -0000216173 00000 n -0000216348 00000 n -0000216696 00000 n -0000216885 00000 n -0000218508 00000 n -0000218696 00000 n -0000220068 00000 n -0000220238 00000 n -0000222193 00000 n -0000222353 00000 n -0000223034 00000 n -0000223247 00000 n -0000224669 00000 n -0000224883 00000 n -0000226452 00000 n -0000226650 00000 n -0000228572 00000 n -0000228837 00000 n -0000230548 00000 n -0000230761 00000 n -0000232329 00000 n -0000232536 00000 n -0000234565 00000 n -0000234797 00000 n -0000236825 00000 n -0000237038 00000 n -0000239006 00000 n -0000239218 00000 n -0000241199 00000 n -0000241453 00000 n -0000243716 00000 n -0000243946 00000 n -0000245991 00000 n -0000246222 00000 n -0000248131 00000 n -0000248342 00000 n -0000250218 00000 n -0000250387 00000 n -0000252226 00000 n -0000252448 00000 n -0000254446 00000 n -0000254697 00000 n -0000256661 00000 n -0000256830 00000 n -0000258360 00000 n -0000258554 00000 n -0000260133 00000 n -0000260313 00000 n -0000262054 00000 n -0000262243 00000 n -0000263444 00000 n -0000263623 00000 n -0000264712 00000 n -0000264909 00000 n -0000266280 00000 n -0000266459 00000 n -0000267185 00000 n -0000267417 00000 n -0000268891 00000 n -0000269094 00000 n -0000270903 00000 n -0000271087 00000 n -0000271622 00000 n -0000271783 00000 n -0000271974 00000 n -0000272186 00000 n -0000275133 00000 n -0000275308 00000 n -0000277928 00000 n -0000278103 00000 n -0000279934 00000 n -0000280132 00000 n -0000281493 00000 n -0000281691 00000 n -0000283380 00000 n -0000283568 00000 n -0000285250 00000 n -0000285429 00000 n -0000287531 00000 n -0000287710 00000 n -0000289483 00000 n -0000289662 00000 n -0000291343 00000 n -0000291532 00000 n -0000293380 00000 n -0000293593 00000 n -0000295624 00000 n -0000295837 00000 n -0000297389 00000 n -0000297578 00000 n -0000298852 00000 n -0000299059 00000 n -0000300832 00000 n -0000301030 00000 n -0000302793 00000 n -0000303006 00000 n -0000304714 00000 n -0000304917 00000 n -0000306297 00000 n -0000306486 00000 n -0000307375 00000 n -0000307563 00000 n -0000309089 00000 n -0000309292 00000 n -0000311000 00000 n -0000311203 00000 n -0000312020 00000 n -0000312233 00000 n -0000313719 00000 n -0000313899 00000 n -0000314663 00000 n -0000314927 00000 n -0000316651 00000 n -0000316897 00000 n -0000318788 00000 n -0000319011 00000 n -0000320801 00000 n -0000321024 00000 n -0000322899 00000 n -0000323078 00000 n -0000324302 00000 n -0000324534 00000 n -0000326203 00000 n -0000326382 00000 n -0000327962 00000 n -0000328141 00000 n -0000329688 00000 n -0000329867 00000 n -0000331371 00000 n -0000331550 00000 n -0000333215 00000 n -0000333385 00000 n -0000334131 00000 n -0000334329 00000 n -0000336147 00000 n -0000336380 00000 n -0000338436 00000 n -0000338625 00000 n -0000340281 00000 n -0000340451 00000 n -0000341213 00000 n -0000341383 00000 n -0000342488 00000 n -0000342658 00000 n -0000343478 00000 n -0000343648 00000 n -0000344465 00000 n -0000344635 00000 n -0000345797 00000 n -0000346020 00000 n -0000347673 00000 n -0000347899 00000 n -0000349582 00000 n -0000349827 00000 n -0000351718 00000 n -0000351887 00000 n -0000353633 00000 n -0000353818 00000 n -0000355568 00000 n -0000355824 00000 n -0000357801 00000 n -0000358000 00000 n -0000360224 00000 n -0000360435 00000 n -0000362202 00000 n -0000362403 00000 n -0000363421 00000 n -0000363610 00000 n -0000365304 00000 n -0000365483 00000 n -0000367228 00000 n -0000367416 00000 n -0000369252 00000 n -0000369447 00000 n -0000371359 00000 n -0000371591 00000 n -0000373693 00000 n -0000373906 00000 n -0000375343 00000 n -0000375557 00000 n -0000377006 00000 n -0000377213 00000 n -0000378450 00000 n -0000378629 00000 n -0000379616 00000 n -0000379804 00000 n -0000380936 00000 n -0000381124 00000 n -0000382625 00000 n -0000382813 00000 n -0000383895 00000 n -0000384084 00000 n -0000385416 00000 n -0000385586 00000 n -0000387260 00000 n -0000387439 00000 n -0000389223 00000 n -0000389402 00000 n -0000391047 00000 n -0000391216 00000 n -0000392530 00000 n -0000392718 00000 n -0000394284 00000 n -0000394472 00000 n -0000396091 00000 n -0000396279 00000 n -0000397679 00000 n -0000397849 00000 n -0000399482 00000 n -0000399652 00000 n -0000400665 00000 n -0000400862 00000 n -0000402073 00000 n -0000402277 00000 n -0000403623 00000 n -0000403809 00000 n -0000404285 00000 n -0000404473 00000 n -0000405961 00000 n -0000406131 00000 n -0000407638 00000 n -0000407808 00000 n -0000409207 00000 n -0000409377 00000 n -0000410926 00000 n -0000411095 00000 n -0000412058 00000 n -0000412279 00000 n -0000413813 00000 n -0000414034 00000 n -0000415641 00000 n -0000415863 00000 n -0000417113 00000 n -0000417292 00000 n -0000418837 00000 n -0000419016 00000 n -0000420253 00000 n -0000420457 00000 n -0000421869 00000 n -0000422064 00000 n -0000424693 00000 n -0000424869 00000 n -0000425319 00000 n -0000425498 00000 n -0000427026 00000 n -0000427214 00000 n -0000428182 00000 n -0000428352 00000 n -0000428682 00000 n -0000428878 00000 n -0000430608 00000 n -0000430822 00000 n -0000432506 00000 n -0000432701 00000 n -0000434408 00000 n -0000434621 00000 n -0000436109 00000 n -0000436304 00000 n -0000437886 00000 n -0000438109 00000 n -0000439474 00000 n -0000439671 00000 n -0000441208 00000 n -0000441396 00000 n -0000442275 00000 n -0000442479 00000 n -0000444215 00000 n -0000444403 00000 n -0000446145 00000 n -0000446324 00000 n -0000447723 00000 n -0000447902 00000 n -0000449600 00000 n -0000449779 00000 n -0000451259 00000 n -0000451438 00000 n -0000453224 00000 n -0000453428 00000 n -0000455079 00000 n -0000455138 00000 n -0000455241 00000 n -0000455406 00000 n -0000455488 00000 n -0000455596 00000 n -0000455719 00000 n -0000455831 00000 n -0000456009 00000 n -0000456130 00000 n -0000456290 00000 n -0000456408 00000 n -0000456505 00000 n -0000456657 00000 n -0000456797 00000 n -0000456975 00000 n -0000457130 00000 n -0000457232 00000 n -0000457332 00000 n -0000457541 00000 n -0000457642 00000 n -0000457785 00000 n -0000457931 00000 n +0000166084 00000 n +0000166268 00000 n +0000169848 00000 n +0000170023 00000 n +0000172517 00000 n +0000172692 00000 n +0000174374 00000 n +0000174535 00000 n +0000174723 00000 n +0000174926 00000 n +0000177557 00000 n +0000177732 00000 n +0000177997 00000 n +0000178200 00000 n +0000179634 00000 n +0000179851 00000 n +0000181305 00000 n +0000181502 00000 n +0000183354 00000 n +0000183514 00000 n +0000184009 00000 n +0000184179 00000 n +0000185919 00000 n +0000186107 00000 n +0000187596 00000 n +0000187775 00000 n +0000189751 00000 n +0000189930 00000 n +0000190872 00000 n +0000191101 00000 n +0000192970 00000 n +0000193167 00000 n +0000194706 00000 n +0000194903 00000 n +0000196399 00000 n +0000196622 00000 n +0000198791 00000 n +0000198994 00000 n +0000200887 00000 n +0000201101 00000 n +0000202402 00000 n +0000202634 00000 n +0000204307 00000 n +0000204520 00000 n +0000206424 00000 n +0000206632 00000 n +0000207910 00000 n +0000208149 00000 n +0000209668 00000 n +0000209856 00000 n +0000211168 00000 n +0000211356 00000 n +0000211903 00000 n +0000212064 00000 n +0000212254 00000 n +0000212466 00000 n +0000215515 00000 n +0000215704 00000 n +0000217327 00000 n +0000217515 00000 n +0000218887 00000 n +0000219057 00000 n +0000221012 00000 n +0000221172 00000 n +0000221853 00000 n +0000222066 00000 n +0000223488 00000 n +0000223702 00000 n +0000225271 00000 n +0000225469 00000 n +0000227391 00000 n +0000227656 00000 n +0000229367 00000 n +0000229580 00000 n +0000231148 00000 n +0000231355 00000 n +0000233384 00000 n +0000233616 00000 n +0000235644 00000 n +0000235857 00000 n +0000237825 00000 n +0000238037 00000 n +0000240018 00000 n +0000240272 00000 n +0000242535 00000 n +0000242765 00000 n +0000244810 00000 n +0000245041 00000 n +0000246950 00000 n +0000247161 00000 n +0000249037 00000 n +0000249206 00000 n +0000251045 00000 n +0000251267 00000 n +0000253265 00000 n +0000253516 00000 n +0000255480 00000 n +0000255649 00000 n +0000257180 00000 n +0000257374 00000 n +0000258953 00000 n +0000259133 00000 n +0000260874 00000 n +0000261063 00000 n +0000262264 00000 n +0000262461 00000 n +0000263778 00000 n +0000263966 00000 n +0000264835 00000 n +0000265067 00000 n +0000266490 00000 n +0000266725 00000 n +0000268641 00000 n +0000268802 00000 n +0000268993 00000 n +0000269205 00000 n +0000272152 00000 n +0000272327 00000 n +0000274947 00000 n +0000275122 00000 n +0000276953 00000 n +0000277151 00000 n +0000278513 00000 n +0000278711 00000 n +0000280400 00000 n +0000280588 00000 n +0000282270 00000 n +0000282449 00000 n +0000284550 00000 n +0000284729 00000 n +0000286502 00000 n +0000286681 00000 n +0000288362 00000 n +0000288551 00000 n +0000290399 00000 n +0000290612 00000 n +0000292643 00000 n +0000292856 00000 n +0000294408 00000 n +0000294597 00000 n +0000295870 00000 n +0000296077 00000 n +0000297826 00000 n +0000298024 00000 n +0000299752 00000 n +0000299965 00000 n +0000301652 00000 n +0000301865 00000 n +0000303414 00000 n +0000303583 00000 n +0000304163 00000 n +0000304351 00000 n +0000305877 00000 n +0000306080 00000 n +0000307788 00000 n +0000307991 00000 n +0000308808 00000 n +0000309021 00000 n +0000310507 00000 n +0000310687 00000 n +0000311450 00000 n +0000311714 00000 n +0000313438 00000 n +0000313684 00000 n +0000315575 00000 n +0000315798 00000 n +0000317588 00000 n +0000317811 00000 n +0000319686 00000 n +0000319865 00000 n +0000321089 00000 n +0000321321 00000 n +0000322990 00000 n +0000323169 00000 n +0000324749 00000 n +0000324928 00000 n +0000326473 00000 n +0000326652 00000 n +0000328156 00000 n +0000328335 00000 n +0000330001 00000 n +0000330171 00000 n +0000330917 00000 n +0000331115 00000 n +0000332933 00000 n +0000333166 00000 n +0000335221 00000 n +0000335410 00000 n +0000337066 00000 n +0000337236 00000 n +0000337998 00000 n +0000338168 00000 n +0000339273 00000 n +0000339443 00000 n +0000340263 00000 n +0000340433 00000 n +0000341250 00000 n +0000341420 00000 n +0000342582 00000 n +0000342805 00000 n +0000344459 00000 n +0000344685 00000 n +0000346367 00000 n +0000346612 00000 n +0000348503 00000 n +0000348672 00000 n +0000350418 00000 n +0000350602 00000 n +0000352352 00000 n +0000352608 00000 n +0000354585 00000 n +0000354784 00000 n +0000357007 00000 n +0000357218 00000 n +0000358986 00000 n +0000359187 00000 n +0000360205 00000 n +0000360394 00000 n +0000362087 00000 n +0000362266 00000 n +0000364011 00000 n +0000364199 00000 n +0000366035 00000 n +0000366229 00000 n +0000368141 00000 n +0000368373 00000 n +0000370477 00000 n +0000370690 00000 n +0000372127 00000 n +0000372341 00000 n +0000373790 00000 n +0000373997 00000 n +0000375234 00000 n +0000375413 00000 n +0000376400 00000 n +0000376588 00000 n +0000377720 00000 n +0000377908 00000 n +0000379409 00000 n +0000379597 00000 n +0000380680 00000 n +0000380869 00000 n +0000382202 00000 n +0000382372 00000 n +0000384046 00000 n +0000384225 00000 n +0000386009 00000 n +0000386188 00000 n +0000387833 00000 n +0000388002 00000 n +0000389317 00000 n +0000389505 00000 n +0000391071 00000 n +0000391259 00000 n +0000392878 00000 n +0000393066 00000 n +0000394465 00000 n +0000394635 00000 n +0000396269 00000 n +0000396439 00000 n +0000397452 00000 n +0000397649 00000 n +0000398860 00000 n +0000399064 00000 n +0000400410 00000 n +0000400596 00000 n +0000401072 00000 n +0000401260 00000 n +0000402750 00000 n +0000402920 00000 n +0000404427 00000 n +0000404597 00000 n +0000405996 00000 n +0000406166 00000 n +0000407716 00000 n +0000407885 00000 n +0000408848 00000 n +0000409069 00000 n +0000410603 00000 n +0000410824 00000 n +0000412430 00000 n +0000412652 00000 n +0000413901 00000 n +0000414080 00000 n +0000415625 00000 n +0000415804 00000 n +0000417041 00000 n +0000417245 00000 n +0000418655 00000 n +0000418850 00000 n +0000421553 00000 n +0000421729 00000 n +0000422199 00000 n +0000422378 00000 n +0000423906 00000 n +0000424094 00000 n +0000425062 00000 n +0000425232 00000 n +0000425563 00000 n +0000425759 00000 n +0000427488 00000 n +0000427702 00000 n +0000429386 00000 n +0000429581 00000 n +0000431288 00000 n +0000431501 00000 n +0000432989 00000 n +0000433184 00000 n +0000434766 00000 n +0000434989 00000 n +0000436353 00000 n +0000436541 00000 n +0000437709 00000 n +0000437906 00000 n +0000439456 00000 n +0000439644 00000 n +0000440288 00000 n +0000440492 00000 n +0000442228 00000 n +0000442416 00000 n +0000444159 00000 n +0000444338 00000 n +0000445736 00000 n +0000445915 00000 n +0000447613 00000 n +0000447792 00000 n +0000449273 00000 n +0000449452 00000 n +0000451238 00000 n +0000451442 00000 n +0000453091 00000 n +0000453150 00000 n +0000453253 00000 n +0000453418 00000 n +0000453500 00000 n +0000453608 00000 n +0000453731 00000 n +0000453843 00000 n +0000454021 00000 n +0000454142 00000 n +0000454302 00000 n +0000454420 00000 n +0000454517 00000 n +0000454669 00000 n +0000454809 00000 n +0000454987 00000 n +0000455142 00000 n +0000455244 00000 n +0000455344 00000 n +0000455553 00000 n +0000455654 00000 n +0000455797 00000 n +0000455943 00000 n +0000456059 00000 n +0000456226 00000 n +0000456338 00000 n +0000456512 00000 n +0000456615 00000 n +0000456788 00000 n +0000456909 00000 n +0000457039 00000 n +0000457165 00000 n +0000457280 00000 n +0000457388 00000 n +0000457535 00000 n +0000457640 00000 n +0000457759 00000 n +0000457888 00000 n 0000458047 00000 n -0000458214 00000 n -0000458326 00000 n -0000458500 00000 n -0000458603 00000 n -0000458776 00000 n -0000458897 00000 n -0000459027 00000 n -0000459153 00000 n -0000459268 00000 n -0000459376 00000 n -0000459523 00000 n -0000459628 00000 n -0000459747 00000 n -0000459876 00000 n -0000460035 00000 n -0000460169 00000 n -0000460306 00000 n -0000460438 00000 n -0000460587 00000 n -0000460719 00000 n -0000460867 00000 n -0000460968 00000 n -0000461096 00000 n -0000461214 00000 n -0000461368 00000 n -0000461499 00000 n -0000461645 00000 n -0000461746 00000 n -0000461844 00000 n -0000461968 00000 n -0000462080 00000 n -0000462257 00000 n -0000462366 00000 n -0000462491 00000 n -0000462637 00000 n -0000462739 00000 n -0000462911 00000 n -0000463110 00000 n -0000463221 00000 n -0000463336 00000 n -0000463480 00000 n -0000463688 00000 n -0000463822 00000 n -0000463976 00000 n -0000464101 00000 n -0000464232 00000 n -0000464365 00000 n -0000464496 00000 n -0000464671 00000 n -0000464806 00000 n -0000464959 00000 n -0000465104 00000 n -0000465329 00000 n -0000465440 00000 n -0000465555 00000 n -0000465748 00000 n -0000465891 00000 n -0000466007 00000 n -0000466165 00000 n -0000466322 00000 n -0000466453 00000 n -0000466574 00000 n -0000466751 00000 n -0000466885 00000 n -0000467033 00000 n -0000467151 00000 n -0000467281 00000 n -0000467451 00000 n -0000467545 00000 n -0000467672 00000 n -0000467799 00000 n -0000467895 00000 n -0000468081 00000 n -0000468207 00000 n -0000468342 00000 n -0000468475 00000 n -0000468602 00000 n -0000468714 00000 n -0000468906 00000 n -0000469004 00000 n -0000469190 00000 n -0000469294 00000 n -0000469418 00000 n -0000469540 00000 n -0000469652 00000 n -0000469848 00000 n -0000469964 00000 n -0000470088 00000 n -0000470206 00000 n -0000470324 00000 n -0000470429 00000 n -0000470618 00000 n -0000470841 00000 n -0000470980 00000 n -0000471143 00000 n -0000471280 00000 n -0000471383 00000 n -0000471589 00000 n -0000471748 00000 n -0000471896 00000 n -0000472024 00000 n -0000472205 00000 n -0000472315 00000 n -0000472430 00000 n -0000472575 00000 n -0000472739 00000 n -0000472889 00000 n -0000473107 00000 n -0000473212 00000 n -0000473344 00000 n -0000473465 00000 n -0000473672 00000 n -0000473800 00000 n -0000473885 00000 n -0000474051 00000 n -0000474155 00000 n -0000474312 00000 n -0000474423 00000 n -0000474568 00000 n -0000474710 00000 n -0000474860 00000 n -0000474977 00000 n -0000475141 00000 n -0000475252 00000 n -0000475392 00000 n -0000475519 00000 n -0000475636 00000 n -0000475775 00000 n -0000475881 00000 n -0000476015 00000 n -0000476147 00000 n -0000476292 00000 n -0000476419 00000 n -0000476551 00000 n -0000476681 00000 n -0000476806 00000 n -0000476914 00000 n -0000477085 00000 n -0000477189 00000 n -0000477324 00000 n -0000477452 00000 n -0000477626 00000 n -0000477728 00000 n -0000477878 00000 n -0000478028 00000 n -0000478153 00000 n -0000478359 00000 n -0000478459 00000 n -0000478577 00000 n -0000478742 00000 n -0000478833 00000 n -0000478994 00000 n -0000479120 00000 n -0000479263 00000 n -0000479390 00000 n -0000479530 00000 n -0000479666 00000 n -0000479774 00000 n -0000479948 00000 n -0000480054 00000 n -0000480174 00000 n -0000480286 00000 n -0000480403 00000 n -0000480505 00000 n -0000480682 00000 n -0000480794 00000 n -0000480925 00000 n -0000481049 00000 n -0000481216 00000 n -0000481333 00000 n -0000481463 00000 n -0000481603 00000 n -0000481740 00000 n -0000481876 00000 n -0000482012 00000 n -0000482149 00000 n -0000482261 00000 n -0000482432 00000 n -0000482554 00000 n -0000482714 00000 n -0000482813 00000 n -0000482928 00000 n -0000483030 00000 n -0000483191 00000 n -0000483295 00000 n -0000483394 00000 n -0000483525 00000 n -0000483700 00000 n -0000483803 00000 n -0000483923 00000 n -0000484038 00000 n -0000484152 00000 n -0000484267 00000 n -0000484381 00000 n -0000484496 00000 n -0000484614 00000 n -0000484731 00000 n -0000484837 00000 n -0000485015 00000 n -0000485118 00000 n -0000485274 00000 n -0000485382 00000 n -0000485508 00000 n -0000485628 00000 n -0000485729 00000 n -0000485836 00000 n -0000486000 00000 n -0000486104 00000 n -0000486237 00000 n -0000486369 00000 n -0000486491 00000 n -0000486620 00000 n -0000486727 00000 n -0000486893 00000 n -0000487015 00000 n -0000487125 00000 n -0000487239 00000 n -0000487400 00000 n -0000487496 00000 n -0000487610 00000 n -0000487720 00000 n -0000487851 00000 n -0000487984 00000 n -0000488085 00000 n -0000488263 00000 n -0000488373 00000 n -0000488527 00000 n -0000488696 00000 n -0000488884 00000 n -0000489065 00000 n -0000489221 00000 n -0000489387 00000 n -0000489519 00000 n -0000489666 00000 n -0000489805 00000 n -0000489939 00000 n -0000490063 00000 n -0000490184 00000 n -0000490303 00000 n -0000490473 00000 n -0000490635 00000 n -0000490741 00000 n -0000490858 00000 n -0000491009 00000 n -0000491136 00000 n -0000491292 00000 n -0000491410 00000 n -0000491540 00000 n -0000491704 00000 n -0000491808 00000 n -0000491926 00000 n -0000492044 00000 n -0000492165 00000 n -0000492301 00000 n -0000492400 00000 n -0000492555 00000 n -0000492659 00000 n -0000492776 00000 n -0000492926 00000 n -0000493026 00000 n -0000493140 00000 n -0000493254 00000 n -0000493368 00000 n -0000493482 00000 n -0000493596 00000 n -0000493710 00000 n -0000493824 00000 n -0000493938 00000 n -0000494054 00000 n -0000494156 00000 n -0000494270 00000 n +0000458181 00000 n +0000458318 00000 n +0000458450 00000 n +0000458599 00000 n +0000458731 00000 n +0000458879 00000 n +0000458980 00000 n +0000459108 00000 n +0000459226 00000 n +0000459380 00000 n +0000459511 00000 n +0000459657 00000 n +0000459758 00000 n +0000459856 00000 n +0000459980 00000 n +0000460092 00000 n +0000460269 00000 n +0000460378 00000 n +0000460503 00000 n +0000460649 00000 n +0000460751 00000 n +0000460923 00000 n +0000461122 00000 n +0000461233 00000 n +0000461348 00000 n +0000461492 00000 n +0000461700 00000 n +0000461834 00000 n +0000461988 00000 n +0000462113 00000 n +0000462244 00000 n +0000462377 00000 n +0000462508 00000 n +0000462683 00000 n +0000462818 00000 n +0000462971 00000 n +0000463116 00000 n +0000463341 00000 n +0000463452 00000 n +0000463567 00000 n +0000463760 00000 n +0000463903 00000 n +0000464019 00000 n +0000464177 00000 n +0000464334 00000 n +0000464465 00000 n +0000464586 00000 n +0000464763 00000 n +0000464873 00000 n +0000465003 00000 n +0000465173 00000 n +0000465267 00000 n +0000465394 00000 n +0000465521 00000 n +0000465617 00000 n +0000465803 00000 n +0000465929 00000 n +0000466062 00000 n +0000466189 00000 n +0000466301 00000 n +0000466493 00000 n +0000466591 00000 n +0000466777 00000 n +0000466881 00000 n +0000467005 00000 n +0000467127 00000 n +0000467239 00000 n +0000467435 00000 n +0000467551 00000 n +0000467675 00000 n +0000467793 00000 n +0000467911 00000 n +0000468016 00000 n +0000468205 00000 n +0000468428 00000 n +0000468567 00000 n +0000468730 00000 n +0000468867 00000 n +0000468970 00000 n +0000469176 00000 n +0000469335 00000 n +0000469483 00000 n +0000469611 00000 n +0000469792 00000 n +0000469902 00000 n +0000470017 00000 n +0000470162 00000 n +0000470326 00000 n +0000470476 00000 n +0000470694 00000 n +0000470799 00000 n +0000470931 00000 n +0000471052 00000 n +0000471259 00000 n +0000471387 00000 n +0000471472 00000 n +0000471638 00000 n +0000471742 00000 n +0000471899 00000 n +0000472010 00000 n +0000472155 00000 n +0000472297 00000 n +0000472447 00000 n +0000472564 00000 n +0000472728 00000 n +0000472839 00000 n +0000472979 00000 n +0000473106 00000 n +0000473223 00000 n +0000473362 00000 n +0000473468 00000 n +0000473602 00000 n +0000473734 00000 n +0000473879 00000 n +0000474006 00000 n +0000474138 00000 n +0000474268 00000 n +0000474393 00000 n +0000474501 00000 n +0000474672 00000 n +0000474776 00000 n +0000474911 00000 n +0000475039 00000 n +0000475213 00000 n +0000475315 00000 n +0000475465 00000 n +0000475615 00000 n +0000475740 00000 n +0000475946 00000 n +0000476046 00000 n +0000476164 00000 n +0000476329 00000 n +0000476420 00000 n +0000476581 00000 n +0000476707 00000 n +0000476850 00000 n +0000476977 00000 n +0000477117 00000 n +0000477253 00000 n +0000477361 00000 n +0000477535 00000 n +0000477641 00000 n +0000477761 00000 n +0000477873 00000 n +0000477990 00000 n +0000478092 00000 n +0000478269 00000 n +0000478381 00000 n +0000478512 00000 n +0000478636 00000 n +0000478803 00000 n +0000478920 00000 n +0000479050 00000 n +0000479190 00000 n +0000479327 00000 n +0000479463 00000 n +0000479599 00000 n +0000479736 00000 n +0000479848 00000 n +0000480019 00000 n +0000480141 00000 n +0000480301 00000 n +0000480400 00000 n +0000480515 00000 n +0000480617 00000 n +0000480778 00000 n +0000480882 00000 n +0000480981 00000 n +0000481112 00000 n +0000481287 00000 n +0000481390 00000 n +0000481510 00000 n +0000481625 00000 n +0000481739 00000 n +0000481854 00000 n +0000481968 00000 n +0000482083 00000 n +0000482201 00000 n +0000482318 00000 n +0000482424 00000 n +0000482602 00000 n +0000482705 00000 n +0000482861 00000 n +0000482969 00000 n +0000483095 00000 n +0000483215 00000 n +0000483316 00000 n +0000483423 00000 n +0000483587 00000 n +0000483691 00000 n +0000483824 00000 n +0000483956 00000 n +0000484078 00000 n +0000484207 00000 n +0000484314 00000 n +0000484480 00000 n +0000484602 00000 n +0000484712 00000 n +0000484826 00000 n +0000484987 00000 n +0000485083 00000 n +0000485197 00000 n +0000485307 00000 n +0000485438 00000 n +0000485571 00000 n +0000485672 00000 n +0000485850 00000 n +0000485960 00000 n +0000486114 00000 n +0000486283 00000 n +0000486471 00000 n +0000486652 00000 n +0000486808 00000 n +0000486974 00000 n +0000487106 00000 n +0000487253 00000 n +0000487392 00000 n +0000487526 00000 n +0000487650 00000 n +0000487771 00000 n +0000487890 00000 n +0000488060 00000 n +0000488222 00000 n +0000488328 00000 n +0000488445 00000 n +0000488596 00000 n +0000488761 00000 n +0000488886 00000 n +0000489042 00000 n +0000489160 00000 n +0000489290 00000 n +0000489454 00000 n +0000489558 00000 n +0000489676 00000 n +0000489794 00000 n +0000489915 00000 n +0000490051 00000 n +0000490150 00000 n +0000490305 00000 n +0000490409 00000 n +0000490526 00000 n +0000490676 00000 n +0000490776 00000 n +0000490890 00000 n +0000491004 00000 n +0000491118 00000 n +0000491232 00000 n +0000491346 00000 n +0000491460 00000 n +0000491574 00000 n +0000491688 00000 n +0000491804 00000 n +0000491906 00000 n +0000492020 00000 n trailer -<<44d39a97f681ab9eaa30845c7407c375>]>> +<<1e4bf6963641260076121f20f04b0c49>]>> startxref -495224 +492974 %%EOF diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index 887ecd74c2..a98fe14e31 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -14,67 +14,10 @@ This is a rough guide to setting up Samba 3.0 with kerberos authentication again Windows2000 KDC. -Pieces you need before you begin: - - -a Windows 2000 server. -samba 3.0 or higher. -the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work. -the OpenLDAP development libraries. - - - - -Installing the required packages for Debian - -On Debian you need to install the following packages: - - -libkrb5-dev -krb5-user - - - - - -Installing the required packages for RedHat - -On RedHat this means you should have at least: - - -krb5-workstation (for kinit) -krb5-libs (for linking with) -krb5-devel (because you are compiling from source) - - - -in addition to the standard development environment. - -Note that these are not standard on a RedHat install, and you may need -to get them off CD2. - - - -Compile Samba -If your kerberos libraries are in a non-standard location then - remember to add the configure option --with-krb5=DIR. +Setup your <filename>smb.conf</filename> -After you run configure make sure that include/config.h it - generates contains - lines like this: - - -#define HAVE_KRB5 1 -#define HAVE_LDAP 1 - - -If it doesn't then configure did not find your krb5 libraries or - your ldap libraries. Look in config.log to figure out why and fix - it. - -Then compile and install Samba as usual. You must use at least the - following 3 options in smb.conf: +You must use at least the following 3 options in smb.conf: realm = YOUR.KERBEROS.REALM @@ -93,13 +36,13 @@ In case samba can't figure out your ads server using your realm name, use the You do *not* need a smbpasswd file, and older clients will be authenticated as if "security = domain", although it won't do any harm and allows you to have local users not in the domain. - I expect that the above - required options will change soon when we get better active - directory integration. - + I expect that the above required options will change soon when we get better + active directory integration. + + -Setup your /etc/krb5.conf +Setup your <filename>/etc/krb5.conf</filename> The minimal configuration for krb5.conf is: @@ -187,12 +130,11 @@ specify the -k option to choose kerberos authentication. Notes -You must change administrator password at least once after DC install, - to create the right encoding types +You must change administrator password at least once after DC +install, to create the right encoding types w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in their defaults DNS setup. Maybe fixed in service packs? - diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml index 49aafebec0..ac98f34a32 100644 --- a/docs/docbook/projdoc/Compiling.sgml +++ b/docs/docbook/projdoc/Compiling.sgml @@ -217,6 +217,64 @@ on this system just substitute the correct package name if you find this version a disaster! + + + Compiling samba with Active Directory support + + In order to compile samba with ADS support, you need to have installed + on your system: + + the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work. + the OpenLDAP development libraries. + + + If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR. + + After you run configure make sure that include/config.h it generates contains lines like this: + + +#define HAVE_KRB5 1 +#define HAVE_LDAP 1 + + + If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it. + + + Installing the required packages for Debian + + On Debian you need to install the following packages: + + + libkrb5-dev + krb5-user + + + + + + Installing the required packages for RedHat + + On RedHat this means you should have at least: + + + krb5-workstation (for kinit) + krb5-libs (for linking with) + krb5-devel (because you are compiling from source) + + + + in addition to the standard development environment. + + Note that these are not standard on a RedHat install, and you may need + to get them off CD2. + + + + + diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index b178bfd2c2..8ac3520384 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -45,9 +45,7 @@ security = line in the [global] section of your smb.conf to read: - security = domain or - security = ads depending on if the PDC is - NT4 or running Active Directory respectivly. + security = domain Next change the workgroup = line in the [global] section to read: @@ -86,7 +84,7 @@ In order to actually join the domain, you must run this command: - root# net join -S DOMPDC + root# net rpc join -S DOMPDC -UAdministrator%password as we are joining the domain DOM and the PDC for that domain @@ -123,19 +121,6 @@ clients to begin using domain security! - -Samba and Windows 2000 Domains - - - -Many people have asked regarding the state of Samba's ability to participate in -a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows -2000 domain operating in mixed or native mode. The steps above apply -to both NT4 and Windows 2000. - - - - Why is this better than security = server? @@ -178,11 +163,11 @@ to both NT4 and Windows 2000. reply, the Samba server gets the user identification information such as the user SID, the list of NT groups the user belongs to, etc. - NOTE: Much of the text of this document + Much of the text of this document was first published in the Web magazine LinuxWorld as the article Doing - the NIS/NT Samba. + the NIS/NT Samba. diff --git a/docs/docs-status b/docs/docs-status index 28b88f428f..7b1eaa4bfd 100644 --- a/docs/docs-status +++ b/docs/docs-status @@ -1,6 +1,7 @@ If you'd like to work on any of these, please contact jerry@samba.org or jelmer@samba.org. Outdated docs: +Manifest docs/announce - out of date (announces 2.2.0) - should it go away? docs/history - needs updating (is current up to 1998 - merge with 10year.html ?) docs/docbook/manpages/net.8.sgml - Still not finished @@ -8,8 +9,6 @@ docs/docbook/manpages/rpcclient.1.sgml - Command documentation might be outdated docs/docbook/manpages/samba.7.sgml - Listing of samba programs is not complete docs/docbook/manpages/smbcontrol.1.sgml - Document -s, samsync, samrepl, pool-usage, dmalloc-mark, dmalloc-log-changed, shutdown, change_id docs/docbook/manpages/smb.conf.5.sgml - 'restrict anonymous' isn't documented properly -docs/docbook/projdoc/DOMAIN_MEMBER.sgml - Needs update to 3.0 -docs/docbook/projdoc/ADS-HOWTO.sgml - seems outdated (it says we require 'ads server' when in ads mode, though that's not true, according to the manpages...) docs/docbook/projdoc/Integrating-with-Windows.sgml - Should slowly go a way. Contains a little bit information about wins, a little bit about domain membership, a little about winbind, etc docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml docs/docbook/projdoc/Printing.sgml - Cups is not documented, smbprint, printing /to/ a windows server... - Kurt Pfeifle diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index d9125d5aad..ea080fbd79 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -353,42 +353,38 @@ HREF="#ADS" >

8.1. Installing the required packages for DebianSetup your smb.conf
8.2. Installing the required packages for RedHatSetup your /etc/krb5.conf
8.3. Compile Samba
8.4. Setup your /etc/krb5.conf
8.5. Create the computer account
8.6. 8.4. Test your server setup
8.7. 8.5. Testing with smbclient
8.8. 8.6. Notes

9.1. Joining an NT Domain with Samba 3.0
9.2. Samba and Windows 2000 Domains
9.3. Why is this better than security = server?

10.1. Agenda
10.2. Name Resolution in a pure Unix/Linux world
10.3. Name resolution as used within MS Windows networking
10.4. How browsing functions and how to deploy stable and dependable browsing using Samba
10.5. MS Windows security options and how to configure Samba for seemless integration
10.6. Conclusions

11.1. Viewing and changing UNIX permissions using the NT security dialogs
11.2. How to view file security on a Samba share
11.3. Viewing file ownership
11.4. Viewing file or directory permissions
11.5. Modifying file or directory permissions
11.6. Interaction with the standard Samba create mask parameters
11.7. Interaction with the standard Samba file attribute mapping
10. Integrating MS Windows networks with SambaSystem Policies: 10.1. Agenda
10.2. Name Resolution in a pure Unix/Linux worldBasic System Policy Info
10.2.1. /etc/hosts
10.2.2. /etc/resolv.conf
10.2.3. /etc/host.conf
10.2.4. /etc/nsswitch.conf10.1.1. Creating Group Prolicy Files
10.3. Name resolution as used within MS Windows networking10.2. Roaming Profiles
10.3.1. The NetBIOS Name Cache
10.3.2. The LMHOSTS file10.2.1. Windows NT Configuration
10.3.3. HOSTS file10.2.2. Windows 9X Configuration
10.3.4. DNS Lookup10.2.3. Win9X and WinNT Configuration
10.3.5. WINS Lookup10.2.4. Windows 9X Profile Setup
10.4. How browsing functions and how to deploy stable and -dependable browsing using Samba10.2.5. Windows NT Workstation 4.0
10.5. MS Windows security options and how to configure -Samba for seemless integration10.2.6. Windows NT/200x Server
10.5.1. Use MS Windows NT as an authentication server10.2.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations
10.5.2. Make Samba a member of an MS Windows NT security domain10.2.8. Windows NT 4
10.5.3. Configure Samba as an authentication server10.2.9. Windows 2000/XP
10.6. Conclusions
11.1. Viewing and changing UNIX permissions using the NT security dialogs
11.2. How to view file security on a Samba share
11.3. Viewing file ownership
11.4. Viewing file or directory permissions
11.4.1. File Permissions
11.4.2. Directory Permissions
11.5. Modifying file or directory permissions
11.6. Interaction with the standard Samba create mask parameters
11.7. Interaction with the standard Samba file attribute mapping
12. Group mapping HOWTO
13. Configuring PAM for distributed but centrally managed authentication
12.1. 13.1. Samba and PAM
12.2. 13.2. Distributed Authentication
12.3. 13.3. PAM Configuration in smb.conf
13. Hosting a Microsoft Distributed File System tree on Samba
13.1. Instructions
13.1.1. Notes
14. Printing Support
14.1. Introduction
14.2. Configuration
14.2.1. Creating [print$]
14.2.2. Setting Drivers for Existing Printers
14.2.3. Support a large number of printers
14.2.4. Adding New Printers via the Windows NT APW
14.2.5. Samba and Printer Ports
14.3. The Imprints Toolset
14.3.1. What is Imprints?
14.3.2. Creating Printer Driver Packages
14.3.3. The Imprints server
14.3.4. The Installation Client
14.4. Diagnosis
14.4.1. Introduction
14.4.2. Debugging printer problems
14.4.3. What printers do I have?
14.4.4. Setting up printcap and print servers
14.4.5. Job sent, no output
14.4.6. Job sent, strange output
14.4.7. Raw PostScript printed
14.4.8. Advanced Printing
14.4.9. Real debugging
15.1. Introduction
15.2. CUPS - RAW Print Through Mode
15.3. The CUPS Filter Chains
15.4. CUPS Print Drivers and Devices
15.4.1. Further printing steps
15.5. Limiting the number of pages users can print
15.6. Advanced Postscript Printing from MS Windows
15.7. Auto-Deletion of CUPS spool files
16.1. Abstract
16.2. Introduction
16.3. What Winbind Provides
16.3.1. Target Uses
16.4. How Winbind Works
16.4.1. Microsoft Remote Procedure Calls
16.4.2. Microsoft Active Directory Services
16.4.3. Name Service Switch
16.4.4. Pluggable Authentication Modules
16.4.5. User and Group ID Allocation
16.4.6. Result Caching
16.5. Installation and Configuration
16.5.1. Introduction
16.5.2. Requirements
16.5.3. Testing Things Out
16.6. Limitations
16.7. Conclusion
17. Improved browsing in sambaIntegrating MS Windows networks with Samba
17.1. Overview of browsingName Resolution in a pure Unix/Linux world
17.2. Browsing support in samba17.1.1. /etc/hosts
17.3. Problem resolution17.1.2. /etc/resolv.conf
17.4. Browsing across subnets17.1.3. /etc/host.conf
17.4.1. How does cross subnet browsing work ?17.1.4. /etc/nsswitch.conf
17.5. Setting up a WINS server
17.6. Setting up Browsing in a WORKGROUP17.2. Name resolution as used within MS Windows networking
17.7. Setting up Browsing in a DOMAIN17.2.1. The NetBIOS Name Cache
17.8. Forcing samba to be the master17.2.2. The LMHOSTS file
17.9. Making samba the domain master17.2.3. HOSTS file
17.10. Note about broadcast addresses17.2.4. DNS Lookup
17.11. Multiple interfaces17.2.5. WINS Lookup
18. Stackable VFS modulesImproved browsing in samba
18.1. Introduction and configurationOverview of browsing
18.2. Included modules
18.2.1. audit
18.2.2. recycleBrowsing support in samba
18.2.3. netatalk18.3. Problem resolution
18.3. VFS modules available elsewhere18.4. Browsing across subnets
18.3.1. DatabaseFS
18.3.2. vscan18.4.1. How does cross subnet browsing work ?
19. Group mapping HOWTO
20. Samba performance issues
20.1. Comparisons18.5. Setting up a WINS server
20.2. Socket options18.6. Setting up Browsing in a WORKGROUP
20.3. Read size18.7. Setting up Browsing in a DOMAIN
20.4. Max xmit18.8. Forcing samba to be the master
20.5. Log level18.9. Making samba the domain master
20.6. Read raw18.10. Note about broadcast addresses
20.7. Write raw18.11. Multiple interfaces
20.8. Slow Clients19. Hosting a Microsoft Distributed File System tree on Samba
20.9. Slow Logins19.1. Instructions
20.10. Client tuning19.1.1. Notes
21. Creating Group Prolicy Files20. Stackable VFS modules
21.1. Windows '9x20.1. Introduction and configuration
21.2. Windows NT 420.2. Included modules
21.2.1. Side bar Notes
21.2.2. Mandatory profiles20.2.1. audit
21.2.3. moveuser.exe20.2.2. recycle
21.2.4. Get SID20.2.3. netatalk
21.3. Windows 2000/XP20.3. VFS modules available elsewhere
20.3.1. DatabaseFS
20.3.2. vscan
22. 21. Securing Samba
22.1. 21.1. Introduction
22.2. 21.2. Using host based protection
22.3. 21.3. Using interface protection
22.4. 21.4. Using a firewall
22.5. 21.5. Using a IPC$ share deny
22.6. 21.6. Upgrading Samba
23. 22. Unicode/Charsets
23.1. 22.1. What are charsets and unicode?
23.2. 22.2. Samba and charsets
Chapter 10. Integrating MS Windows networks with Samba
Chapter 10. System Policies
10.1. Agenda10.1. Basic System Policy Info
To identify the key functional mechanisms of MS Windows networking -to enable the deployment of Samba as a means of extending and/or -replacing MS Windows NT/2000 technology.
Much of the information necessary to implement System Policies and +Roaming User Profiles in a Samba domain is the same as that for +implementing these same items in a Windows NT 4.0 domain. +You should read the white paper Implementing +Profiles and Policies in Windows NT 4.0 available from Microsoft.
We will examine:
Here are some additional details:
Name resolution in a pure Unix/Linux TCP/IP - environment +> What about Windows NT Policy Editor? +
To create or edit ntconfig.pol you must use + the NT Server Policy Editor, poledit.exe which + is included with NT Server but not NT Workstation. + There is a Policy Editor on a NTws + but it is not suitable for creating Domain Policies. + Further, although the Windows 95 + Policy Editor can be installed on an NT Workstation/Server, it will not + work with NT policies because the registry key that are set by the policy templates. + However, the files from the NT Server will run happily enough on an NTws. + You need poledit.exe, common.adm and winnt.adm. It is convenient + to put the two *.adm files in c:\winnt\inf which is where + the binary will look for them unless told otherwise. Note also that that + directory is 'hidden'.
Name resolution as used within MS Windows - networking +> The Windows NT policy editor is also included with the Service Pack 3 (and + later) for Windows NT 4.0. Extract the files using servicepackname /x, + i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, + poledit.exe and the associated template files (*.adm) should + be extracted as well. It is also possible to downloaded the policy template + files for Office97 and get a copy of the policy editor. Another possible + location is with the Zero Administration Kit available for download from Microsoft.
How browsing functions and how to deploy stable - and dependable browsing using Samba +> Can Win95 do Policies? +
Install the group policy handler for Win9x to pick up group + policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. + Install group policies on a Win9x client by double-clicking + grouppol.inf. Log off and on again a couple of + times and see if Win98 picks up group policies. Unfortunately this needs + to be done on every Win9x machine that uses group policies.... +
If group policies don't work one reports suggests getting the updated + (read: working) grouppol.dll for Windows 9x. The group list is grabbed + from /etc/group.
MS Windows security options and how to - configure Samba for seemless integration +> How do I get 'User Manager' and 'Server Manager'
Configuration of Samba as:
Since I don't need to buy an NT Server CD now, how do I get + the 'User Manager for Domains', the 'Server Manager'? +
Microsoft distributes a version of these tools called nexus for + installation on Windows 95 systems. The tools set includes +
A stand-alone server
Server Manager
An MS Windows NT 3.x/4.0 security domain member -
User Manager for Domains
An alternative to an MS Windows NT 3.x/4.0 Domain Controller -
Event Viewer
Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE +
The Windows NT 4.0 version of the 'User Manager for + Domains' and 'Server Manager' are available from Microsoft via ftp + from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE +
10.1.1. Creating Group Prolicy Files
10.1.1.1. Windows '9x
You need the Win98 Group Policy Editor to +set Group Profiles up under Windows '9x. It can be found on the Original +full product Win98 installation CD under +tools/reskit/netadmin/poledit. You install this +using the Add/Remove Programs facility and then click on the 'Have Disk' +tab.
Use the Group Policy Editor to create a policy file that specifies the +location of user profiles and/or the My Documents etc. +stuff. You then save these settings in a file called +Config.POL that needs to be placed in +the root of the [NETLOGON] share. If your Win98 is configured to log onto +the Samba Domain, it will automatically read this file and update the +Win9x/Me registry of the machine that is logging on.
All of this is covered in the Win98 Resource Kit documentation.
If you do not do it this way, then every so often Win9x/Me will check the +integrity of the registry and will restore it's settings from the back-up +copy of the registry it stores on each Win9x/Me machine. Hence, you will +occasionally notice things changing back to the original settings.
10.2. Name Resolution in a pure Unix/Linux world10.2. Roaming Profiles
The key configuration files covered in this section are:
NOTE! Roaming profiles support is different for Win9X and WinNT.
Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features.
Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory.
WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT.
10.2.1. Windows NT Configuration
To support WinNT clients, in the [global] section of smb.conf set the +following (for example):
/etc/hosts
logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath
/etc/resolv.conf
The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable.
/etc/host.conf
/etc/nsswitch.conf
MS Windows NT/2K clients at times do not disconnect a connection to a server +between logons. It is recommended to NOT use the homes +meta-service name as part of the profile share path.
10.2.1. /etc/hosts10.2.2. Windows 9X Configuration
Contains a static list of IP Addresses and names. -eg:
To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use /home" now works as well, and it, too, relies +on the "logon home" parameter.
By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file:
127.0.0.1 localhost localhost.localdomain - 192.168.1.1 bigbox.caldera.com bigbox alias4box
logon home = \\%L\%U\.profiles
The purpose of /etc/hosts is to provide a -name resolution mechanism so that uses do not need to remember -IP addresses.
Network packets that are sent over the physical network transport -layer communicate not via IP addresses but rather using the Media -Access Control address, or MAC address. IP Addresses are currently -32 bits in length and are typically presented as four (4) decimal -numbers that are separated by a dot (or period). eg: 168.192.1.1
then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden).
MAC Addresses use 48 bits (or 6 bytes) and are typically represented -as two digit hexadecimal numbers separated by colons. eg: -40:8e:0a:12:34:56
Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home".
10.2.3. Win9X and WinNT Configuration
Every network interfrace must have an MAC address. Associated with -a MAC address there may be one or more IP addresses. There is NO -relationship between an IP address and a MAC address, all such assignments -are arbitary or discretionary in nature. At the most basic level all -network communications takes place using MAC addressing. Since MAC -addresses must be globally unique, and generally remains fixed for -any particular interface, the assignment of an IP address makes sense -from a network management perspective. More than one IP address can -be assigned per MAC address. One address must be the primary IP address, -this is the address that will be returned in the ARP reply.
You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example:
When a user or a process wants to communicate with another machine -the protocol implementation ensures that the "machine name" or "host -name" is resolved to an IP address in a manner that is controlled -by the TCP/IP configuration control files. The file -/etc/hosts is one such file.
logon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U
When the IP address of the destination interface has been -determined a protocol called ARP/RARP is used to identify -the MAC address of the target interface. ARP stands for Address -Resolution Protocol, and is a broadcast oriented method that -uses UDP (User Datagram Protocol) to send a request to all -interfaces on the local network segment using the all 1's MAC -address. Network interfaces are programmed to respond to two -MAC addresses only; their own unique address and the address -ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will -contain the MAC address and the primary IP address for each -interface.
The /etc/hosts file is foundational to all -Unix/Linux TCP/IP installations and as a minumum will contain -the localhost and local network interface IP addresses and the -primary names by which they are known within the local machine. -This file helps to prime the pump so that a basic level of name -resolution can exist before any other method of name resolution -becomes available.
I have not checked what 'net use /home' does on NT when "logon home" is +set as above.
10.2.2. /etc/resolv.conf10.2.4. Windows 9X Profile Setup
This file tells the name resolution libraries:
When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders.
The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file.
The name of the domain to which the machine - belongs +> On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot.
The name(s) of any domains that should be - automatically searched when trying to resolve unqualified - host names to their IP address +> On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot.
The name or IP address of available Domain - Name Servers that may be asked to perform name to address - translation lookups -
10.2.3. /etc/host.conf
Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me.
/etc/host.conf is the primary means by -which the setting in /etc/resolv.conf may be affected. It is a -critical configuration file. This file controls the order by -which name resolution may procede. The typical structure is:
You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password.
order hosts,bind - multi on
Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'.
then both addresses should be returned. Please refer to the -man page for host.conf for further details.
10.2.4. /etc/nsswitch.conf
Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created.
This file controls the actual name resolution targets. The -file typically has resolver object specifications as follows:
These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set.
# /etc/nsswitch.conf - # - # Name Service Switch configuration file. - # - - passwd: compat - # Alternative entries for password authentication are: - # passwd: compat files nis ldap winbind - shadow: compat - group: compat - - hosts: files nis dns - # Alternative entries for host name resolution are: - # hosts: files dns nis nis+ hesoid db compat ldap wins - networks: nis files dns - - ethers: nis files - protocols: nis files - rpc: nis files - services: nis files
If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server.
Of course, each of these mechanisms requires that the appropriate -facilities and/or services are correctly configured.
If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time".
It should be noted that unless a network request/message must be -sent, TCP/IP networks are silent. All TCP/IP communications assumes a -principal of speaking only when necessary.
Starting with version 2.2.0 samba has Linux support for extensions to -the name service switch infrastructure so that linux clients will -be able to obtain resolution of MS Windows NetBIOS names to IP -Addresses. To gain this functionality Samba needs to be compiled -with appropriate arguments to the make command (ie: make -nsswitch/libnss_wins.so). The resulting library should -then be installed in the /lib directory and -the "wins" parameter needs to be added to the "hosts:" line in -the /etc/nsswitch.conf file. At this point it -will be possible to ping any MS Windows machine by it's NetBIOS -machine name, so long as that machine is within the workgroup to -which both the samba machine and the MS Windows machine belong.
vfs_recycle_bin:keeptree: Done. You now have a profile that can be editted using the samba-3.0.0 -profiles tool.
FIXME
vfs_recycle_bin:versions: FIXME
vfs_recycle_bin:touch
Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable.
FIXME
vfs_recycle_bin:touch: Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable.
vfs_recycle_bin:maxsize: FIXME
vfs_recycle_bin:exclude: FIXME
vfs_recycle_bin:exclude_dir: FIXME
vfs_recycle_bin:noversions: FIXME

	Potentially outdated or incorrect material follows
	I think this is all bogus, but have not deleted it. (Richard Sharpe)

	Possibly Outdated Material
	This appendix was originally authored by John H Terpstra of - the Samba Team and is included here for posterity. -

`20.2.3. netatalk`

A netatalk module, that will ease co-existence of samba and +netatalk file sharing services.

Advantages compared to the old netatalk module: +

it doesn't care about creating of .AppleDouble forks, just keeps ones in sync

if share in smb.conf doesn't contain .AppleDouble item in hide or veto list, it will be added automatically

This is a security check new to Windows XP (or maybe only -Windows XP service pack 1). It can be disabled via a group policy in -Active Directory. The policy is:
"Computer Configuration\Administrative Templates\System\User -Profiles\Do not check for user ownership of Roaming Profile Folders"
...and it should be set to "Enabled". -Does the new version of samba have an Active Directory analogue? If so, -then you may be able to set the policy through this.
If you cannot set group policies in samba, then you may be able to set -the policy locally on each machine. If you want to try this, then do -the following (N.B. I don't know for sure that this will work in the -same way as a domain group policy):
On the XP workstation log in with an Administrator account.
Click: "Start", "Run"
Type: "mmc"
Click: "OK"
A Microsoft Management Console should appear.
Click: File, "Add/Remove Snap-in...", "Add"
Double-Click: "Group Policy"
Click: "Finish", "Close"
Click: "OK"
In the "Console Root" window:

`20.3. VFS modules available elsewhere`

Expand: "Local Computer Policy", "Computer Configuration",

This section contains a listing of various other VFS modules that +have been posted but don't currently reside in the Samba CVS +tree for one reason ot another (e.g. it is easy for the maintainer +to have his or her own CVS tree). "Administrative Templates", "System", "User Profiles"

No statemets about the stability or functionality any module +should be implied due to its presence here. 20.3.1. DatabaseFS Double-Click: "Do not check for user ownership of Roaming Profile

URL: http://www.css.tayloru.edu/~elorimer/databasefs/index.php Folders"

By Eric Lorimer. Select: "Enabled"

I have created a VFS module which implements a fairly complete read-only +filesystem. It presents information from a database as a filesystem in +a modular and generic way to allow different databases to be used +(originally designed for organizing MP3s under directories such as +"Artists," "Song Keywords," etc... I have since applied it to a student +roster database very easily). The directory structure is stored in the +database itself and the module makes no assumptions about the database +structure beyond the table it requires to run. Click: OK"

Any feedback would be appreciated: comments, suggestions, patches, +etc... If nothing else, hopefully it might prove useful for someone +else who wishes to create a virtual filesystem.

`20.3.2. vscan`

Close the whole console. You do not need to save the settings (this -refers to the console settings rather than the policies you have -changed).

URL: http://www.openantivirus.org/ Reboot

samba-vscan is a proof-of-concept module for Samba, which +uses the VFS (virtual file system) features of Samba 2.2.x/3.0 +alphaX. Of couse, Samba has to be compiled with VFS support. +samba-vscan supports various virus scanners and is maintained +by Rainer Link.

Chapter 22. Securing SambaChapter 21. Securing Samba22.1. Introduction21.1. Introduction This note was attached to the Samba 2.2.8 release notes as it contained an @@ -17123,8 +16501,8 @@ CLASS="SECT1" > 22.2. Using host based protection21.2. Using host based protection In many installations of Samba the greatest threat comes for outside @@ -17155,8 +16533,8 @@ CLASS="SECT1" > 22.3. Using interface protection21.3. Using interface protection By default Samba will accept connections on any network interface that @@ -17191,8 +16569,8 @@ CLASS="SECT1" > 22.4. Using a firewall21.4. Using a firewall Many people use a firewall to deny access to services that they don't @@ -17221,8 +16599,8 @@ CLASS="SECT1" > 22.5. Using a IPC$ share deny21.5. Using a IPC$ share deny If the above methods are not suitable, then you could also place a @@ -17260,8 +16638,8 @@ CLASS="SECT1" > 22.6. Upgrading Samba21.6. Upgrading Samba Please check regularly on http://www.samba.org/ for updates and @@ -17276,14 +16654,14 @@ CLASS="CHAPTER" >Chapter 23. Unicode/CharsetsChapter 22. Unicode/Charsets 23.1. What are charsets and unicode?22.1. What are charsets and unicode? Computers communicate in numbers. In texts, each number will be @@ -17332,8 +16710,8 @@ CLASS="SECT1" > 23.2. Samba and charsets22.2. Samba and charsets As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, @@ -17408,6 +16786,65 @@ CLASS="TOC" >Table of Contents 23. Samba performance issues 23.1. Comparisons 23.2. Socket options 23.3. Read size 23.4. Max xmit 23.5. Log level 23.6. Read raw 23.7. Write raw 23.8. Slow Clients 23.9. Slow Logins 23.10. Client tuning 24. Portability24.1. HPUX 24.2. SCO Unix 24.3. DNIX 24.4. RedHat Linux Rembrandt-II 24.5. AIX 24.5.1. Sequential Read Ahead 25.1. Macintosh clients? 25.2. OS2 Client 25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? 25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba? 25.2.3. Are there any other issues when OS/2 (any version) is used as a client? 25.2.4. How do I get printer driver download working for OS/2 clients? 25.3. Windows for Workgroups 25.3.1. Use latest TCP/IP stack from Microsoft 25.3.2. Delete .pwl files after password change 25.3.3. Configure WfW password handling 25.3.4. Case handling of passwords 25.3.5. Use TCP/IP as default protocol 25.4. Windows '95/'98 25.5. Windows 2000 Service Pack 2 26.1. Access Samba source code via CVS 26.1.1. Introduction 26.1.2. CVS Access to samba.org 26.2. Accessing the samba sources via rsync and ftp 26.3. Building the Binaries 26.3.1. Compiling samba with Active Directory support 26.4. Starting the smbd and nmbd 26.4.1. Starting from inetd.conf 26.4.2. Alternative: starting it as a daemon 27.1. Introduction 27.2. General info 27.3. Debug levels 27.4. Internal errors 27.5. Attaching to a running process 27.6. Patches 28.1. Introduction 28.2. Assumptions 28.3. Tests 28.3.1. Test 1 28.3.2. Test 2 28.3.3. Test 3 28.3.4. Test 4 28.3.5. Test 5 28.3.6. Test 6 28.3.7. Test 7 28.3.8. Test 8 28.3.9. Test 9 28.3.10. Test 10 28.3.11. Test 11 28.4. Still having troubles? Chapter 23. Samba performance issues 23.1. Comparisons The Samba server uses TCP to talk to the client. Thus if you are +trying to see if it performs well you should really compare it to +programs that use the same protocol. The most readily available +programs for file transfer that use TCP are ftp or another TCP based +SMB server. If you want to test against something like a NT or WfWg server then +you will have to disable all but TCP on either the client or +server. Otherwise you may well be using a totally different protocol +(such as Netbeui) and comparisons may not be valid. Generally you should find that Samba performs similarly to ftp at raw +transfer speed. It should perform quite a bit faster than NFS, +although this very much depends on your system. Several people have done comparisons between Samba and Novell, NFS or +WinNT. In some cases Samba performed the best, in others the worst. I +suspect the biggest factor is not Samba vs some other system but the +hardware and drivers used on the various systems. Given similar +hardware Samba should certainly be competitive in speed with other +systems. 23.2. Socket options There are a number of socket options that can greatly affect the +performance of a TCP based server like Samba. The socket options that Samba uses are settable both on the command +line with the -O option, or in the smb.conf file. The "socket options" section of the smb.conf manual page describes how +to set these and gives recommendations. Getting the socket options right can make a big difference to your +performance, but getting them wrong can degrade it by just as +much. The correct settings are very dependent on your local network. The socket option TCP_NODELAY is the one that seems to make the +biggest single difference for most networks. Many people report that +adding "socket options = TCP_NODELAY" doubles the read performance of +a Samba drive. The best explanation I have seen for this is that the +Microsoft TCP/IP stack is slow in sending tcp ACKs. 23.3. Read size The option "read size" affects the overlap of disk reads/writes with +network reads/writes. If the amount of data being transferred in +several of the SMB commands (currently SMBwrite, SMBwriteX and +SMBreadbraw) is larger than this value then the server begins writing +the data before it has received the whole packet from the network, or +in the case of SMBreadbraw, it begins writing to the network before +all the data has been read from disk. This overlapping works best when the speeds of disk and network access +are similar, having very little effect when the speed of one is much +greater than the other. The default value is 16384, but very little experimentation has been +done yet to determine the optimal value, and it is likely that the best +value will vary greatly between systems anyway. A value over 65536 is +pointless and will cause you to allocate memory unnecessarily. 23.4. Max xmit At startup the client and server negotiate a "maximum transmit" size, +which limits the size of nearly all SMB commands. You can set the +maximum size that Samba will negotiate using the "max xmit = " option +in smb.conf. Note that this is the maximum size of SMB request that +Samba will accept, but not the maximum size that the *client* will accept. +The client maximum receive size is sent to Samba by the client and Samba +honours this limit. It defaults to 65536 bytes (the maximum), but it is possible that some +clients may perform better with a smaller transmit unit. Trying values +of less than 2048 is likely to cause severe problems. In most cases the default is the best option. 23.5. Log level If you set the log level (also known as "debug level") higher than 2 +then you may suffer a large drop in performance. This is because the +server flushes the log file after each operation, which can be very +expensive. 23.6. Read raw The "read raw" operation is designed to be an optimised, low-latency +file read operation. A server may choose to not support it, +however. and Samba makes support for "read raw" optional, with it +being enabled by default. In some cases clients don't handle "read raw" very well and actually +get lower performance using it than they get using the conventional +read operations. So you might like to try "read raw = no" and see what happens on your +network. It might lower, raise or not affect your performance. Only +testing can really tell. 23.7. Write raw The "write raw" operation is designed to be an optimised, low-latency +file write operation. A server may choose to not support it, +however. and Samba makes support for "write raw" optional, with it +being enabled by default. Some machines may find "write raw" slower than normal write, in which +case you may wish to change this option. 23.8. Slow Clients One person has reported that setting the protocol to COREPLUS rather +than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s). I suspect that his PC's (386sx16 based) were asking for more data than +they could chew. I suspect a similar speed could be had by setting +"read raw = no" and "max xmit = 2048", instead of changing the +protocol. Lowering the "read size" might also help. 23.9. Slow Logins Slow logins are almost always due to the password checking time. Using +the lowest practical "password level" will improve things a lot. You +could also enable the "UFC crypt" option in the Makefile. 23.10. Client tuning Often a speed problem can be traced to the client. The client (for +example Windows for Workgroups) can often be tuned for better TCP +performance. See your client docs for details. In particular, I have heard rumours +that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a +large impact on performance. Also note that some people have found that setting DefaultRcvWindow in +the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a +big improvement. I don't know why. My own experience wth DefaultRcvWindow is that I get much better +performance with a large value (16384 or larger). Other people have +reported that anything over 3072 slows things down enourmously. One +person even reported a speed drop of a factor of 30 when he went from +3072 to 8192. I don't know why. It probably depends a lot on your hardware, and the type of unix box +you have at the other end of the link. Paul Cochrane has done some testing on client side tuning and come +to the following conclusions: Install the W2setup.exe file from www.microsoft.com. This is an +update for the winsock stack and utilities which improve performance. Configure the win95 TCPIP registry settings to give better +perfomance. I use a program called MTUSPEED.exe which I got off the +net. There are various other utilities of this type freely available. +The setting which give the best performance for me are: MaxMTU Remove RWIN Remove MTUAutoDiscover Disable MTUBlackHoleDetect Disable Time To Live Enabled Time To Live - HOPS 32 NDI Cache Size 0 I tried virtually all of the items mentioned in the document and +the only one which made a difference to me was the socket options. It +turned out I was better off without any!!!!! In terms of overall speed of transfer, between various win95 clients +and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE +drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT. The figures are: Put Get +P166 client 3Com card: 420-440kB/s 500-520kB/s +P100 client 3Com card: 390-410kB/s 490-510kB/s +DX4-75 client NE2000: 370-380kB/s 330-350kB/s I based these test on transfer two files a 4.5MB text file and a 15MB +textfile. The results arn't bad considering the hardware Samba is +running on. It's a crap machine!!!! The updates mentioned in 1 and 2 brought up the transfer rates from +just over 100kB/s in some clients. A new client is a P333 connected via a 100MB/s card and hub. The +transfer rates from this were good: 450-500kB/s on put and 600+kB/s +on get. Looking at standard FTP throughput, Samba is a bit slower (100kB/s +upwards). I suppose there is more going on in the samba protocol, but +if it could get up to the rate of FTP the perfomance would be quite +staggering. Chapter 24. Portability 24.1. HPUX 24.2. SCO Unix 24.3. DNIX 24.4. RedHat Linux Rembrandt-II 24.5. AIX24.5.1. Sequential Read Ahead 25.1. Macintosh clients? 25.2. OS2 Client25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? 25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba? 25.2.3. Are there any other issues when OS/2 (any version) is used as a client? 25.2.4. How do I get printer driver download working for OS/2 clients? 25.3. Windows for Workgroups 25.3.1. Use latest TCP/IP stack from Microsoft 25.3.2. Delete .pwl files after password change 25.3.3. Configure WfW password handling 25.3.4. Case handling of passwords 25.3.5. Use TCP/IP as default protocol 25.4. Windows '95/'98 25.5. Windows 2000 Service Pack 2 26.1. Access Samba source code via CVS 26.1.1. Introduction 26.1.2. CVS Access to samba.org 26.1.2.1. Access via CVSweb 26.1.2.2. Access via cvs 26.2. Accessing the samba sources via rsync and ftp 26.3. Building the Binaries 26.3.1. Compiling samba with Active Directory support 26.3.1.1. Installing the required packages for Debian 26.3.1.2. Installing the required packages for RedHat 26.4. Starting the smbd and nmbd 26.4.1. Starting from inetd.conf 26.4.2. Alternative: starting it as a daemon 27.1. Introduction 27.2. General info 27.3. Debug levels 27.4. Internal errors 27.5. Attaching to a running process 27.6. Patches 28.1. Introduction 28.2. Assumptions 28.3. Tests 28.3.1. Test 1 28.3.2. Test 2 28.3.3. Test 3 28.3.4. Test 4 28.3.5. Test 5 28.3.6. Test 6 28.3.7. Test 7 28.3.8. Test 8 28.3.9. Test 9 28.3.10. Test 10 28.3.11. Test 11 28.4. Still having troubles? Date: Wed, 2 Apr 2003 13:34:53 +0000 Subject: Clean up ntlm_auth a bit, and add a --diagnositics swtich, to check that the returned session key is the one that we expect to get for that each of login. Andrew Bartlett (This used to be commit fa47e44b9caba98e0b85782f3057e6cb8a5763ff) --- source3/utils/ntlm_auth.c | 528 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 417 insertions(+), 111 deletions(-) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index d924f92cce..243700cedd 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -4,7 +4,7 @@ Winbind status program. Copyright (C) Tim Potter 2000-2002 - Copyright (C) Andrew Bartlett 2003 + Copyright (C) Andrew Bartlett 2003 Copyright (C) Francesco Chemolli 2000 This program is free software; you can redistribute it and/or modify @@ -39,22 +39,17 @@ enum squid_mode { extern int winbindd_fd; static const char *helper_protocol; -static const char *username; -static const char *domain; -static const char *workstation; -static const char *hex_challenge; -static const char *hex_lm_response; -static const char *hex_nt_response; -static unsigned char *challenge; -static size_t challenge_len; -static unsigned char *lm_response; -static size_t lm_response_len; -static unsigned char *nt_response; -static size_t nt_response_len; +static const char *opt_username; +static const char *opt_domain; +static const char *opt_workstation; +static const char *opt_password; +static DATA_BLOB opt_challenge; +static DATA_BLOB opt_lm_response; +static DATA_BLOB opt_nt_response; static int request_lm_key; static int request_nt_key; +static int diagnostics; -static char *password; static char winbind_separator(void) { @@ -178,42 +173,92 @@ static BOOL check_plaintext_auth(const char *user, const char *pass, BOOL stdout return (result == NSS_STATUS_SUCCESS); } -static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state) +/* authenticate a user with an encrypted username/password */ + +static NTSTATUS contact_winbind_auth_crap(const char *username, + const char *domain, + const char *workstation, + const DATA_BLOB *challenge, + const DATA_BLOB *lm_response, + const DATA_BLOB *nt_response, + uint32 flags, + uint8 lm_key[16], + uint8 nt_key[16], + char **error_string) { + NTSTATUS nt_status; + NSS_STATUS result; struct winbindd_request request; struct winbindd_response response; - NSS_STATUS result; - /* Send off request */ + + static uint8 zeros[16]; ZERO_STRUCT(request); ZERO_STRUCT(response); - fstrcpy(request.data.auth_crap.user, ntlmssp_state->user); + request.data.auth_crap.flags = flags; - fstrcpy(request.data.auth_crap.domain, ntlmssp_state->domain); - fstrcpy(request.data.auth_crap.workstation, ntlmssp_state->workstation); - - memcpy(request.data.auth_crap.chal, ntlmssp_state->chal.data, - MIN(ntlmssp_state->chal.length, 8)); - - memcpy(request.data.auth_crap.lm_resp, ntlmssp_state->lm_resp.data, - MIN(ntlmssp_state->lm_resp.length, sizeof(request.data.auth_crap.lm_resp))); - - memcpy(request.data.auth_crap.nt_resp, ntlmssp_state->nt_resp.data, - MIN(ntlmssp_state->nt_resp.length, sizeof(request.data.auth_crap.nt_resp))); - - request.data.auth_crap.lm_resp_len = ntlmssp_state->lm_resp.length; - request.data.auth_crap.nt_resp_len = ntlmssp_state->nt_resp.length; + fstrcpy(request.data.auth_crap.user, username); + + fstrcpy(request.data.auth_crap.domain, domain); + fstrcpy(request.data.auth_crap.workstation, workstation); + + memcpy(request.data.auth_crap.chal, challenge->data, MIN(challenge->length, 8)); + + if (lm_response && lm_response->length) { + memcpy(request.data.auth_crap.lm_resp, lm_response->data, MIN(lm_response->length, sizeof(request.data.auth_crap.lm_resp))); + request.data.auth_crap.lm_resp_len = lm_response->length; + } + if (nt_response && nt_response->length) { + memcpy(request.data.auth_crap.nt_resp, nt_response->data, MIN(nt_response->length, sizeof(request.data.auth_crap.nt_resp))); + request.data.auth_crap.nt_resp_len = nt_response->length; + } + result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); /* Display response */ if ((result != NSS_STATUS_SUCCESS) && (response.data.auth.nt_status == 0)) { - return NT_STATUS_UNSUCCESSFUL; + nt_status = NT_STATUS_UNSUCCESSFUL; + if (error_message) + *error_string = smb_xstrdup("Reading winbind reply failed!"); + return nt_status; + } + + nt_status = (NT_STATUS(response.data.auth.nt_status)); + if (!NT_STATUS_IS_OK(nt_status)) { + if (error_string) + *error_string = smb_xstrdup(response.data.auth.error_string); + return nt_status; } - return NT_STATUS(response.data.auth.nt_status); + if ((flags & WINBIND_PAM_LMKEY) && lm_key + && (memcmp(zeros, response.data.auth.first_8_lm_hash, + sizeof(response.data.auth.first_8_lm_hash)) != 0)) { + memcpy(lm_key, response.data.auth.first_8_lm_hash, + sizeof(response.data.auth.first_8_lm_hash)); + } + if ((flags & WINBIND_PAM_NTKEY) && nt_key + && (memcmp(zeros, response.data.auth.nt_session_key, + sizeof(response.data.auth.nt_session_key)) != 0)) { + memcpy(nt_key, response.data.auth.nt_session_key, + sizeof(response.data.auth.nt_session_key)); + } + return nt_status; +} + +static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state) +{ + return contact_winbind_auth_crap(ntlmssp_state->user, ntlmssp_state->domain, + ntlmssp_state->workstation, + &ntlmssp_state->chal, + &ntlmssp_state->lm_resp, + &ntlmssp_state->nt_resp, + 0, + NULL, + NULL, + NULL); } static void manage_squid_ntlmssp_request(enum squid_mode squid_mode, @@ -356,72 +401,283 @@ static void squid_stream(enum squid_mode squid_mode) { static BOOL check_auth_crap(void) { - struct winbindd_request request; - struct winbindd_response response; - char *lm_key; - char *nt_key; + NTSTATUS nt_status; + uint32 flags = 0; + char lm_key[8]; + char nt_key[16]; + char *hex_lm_key; + char *hex_nt_key; + char *error_string; + static uint8 zeros[16]; - NSS_STATUS result; - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - if (request_lm_key) - request.data.auth_crap.flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_LMKEY; if (request_nt_key) - request.data.auth_crap.flags |= WINBIND_PAM_NTKEY; + flags |= WINBIND_PAM_NTKEY; + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &opt_challenge, + &opt_lm_response, + &opt_nt_response, + flags, + lm_key, + nt_key, + &error_string); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } - fstrcpy(request.data.auth_crap.user, username); + if (request_lm_key + && (memcmp(zeros, lm_key, + sizeof(lm_key)) != 0)) { + hex_encode(lm_key, + sizeof(lm_key), + &hex_lm_key); + d_printf("LM_KEY: %s\n", hex_lm_key); + SAFE_FREE(hex_lm_key); + } + if (request_nt_key + && (memcmp(zeros, nt_key, + sizeof(nt_key)) != 0)) { + hex_encode(nt_key, + sizeof(nt_key), + &hex_nt_key); + d_printf("NT_KEY: %s\n", hex_nt_key); + SAFE_FREE(hex_nt_key); + } - fstrcpy(request.data.auth_crap.domain, domain); - fstrcpy(request.data.auth_crap.workstation, workstation); + return True; +} + +/* + Authenticate a user with a challenge/response, checking session key + and valid authentication types +*/ + +static const DATA_BLOB get_challenge(void) +{ + static DATA_BLOB chal; + if (opt_challenge.length) + return opt_challenge; - memcpy(request.data.auth_crap.chal, challenge, MIN(challenge_len, 8)); + chal = data_blob(NULL, 8); - memcpy(request.data.auth_crap.lm_resp, lm_response, MIN(lm_response_len, sizeof(request.data.auth_crap.lm_resp))); - - memcpy(request.data.auth_crap.nt_resp, nt_response, MIN(nt_response_len, sizeof(request.data.auth_crap.nt_resp))); - - request.data.auth_crap.lm_resp_len = lm_response_len; - request.data.auth_crap.nt_resp_len = nt_response_len; + generate_random_buffer(chal.data, chal.length, False); + return chal; +} - result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); +static BOOL test_lm(void) +{ + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB lm_response = data_blob(NULL, 24); - /* Display response */ + uchar lm_key[8]; + uchar lm_hash[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + flags |= WINBIND_PAM_LMKEY; + + SMBencrypt(opt_password,chall.data,lm_response.data); + E_deshash(opt_password, lm_hash); + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation, + &chall, + &lm_response, + NULL, + flags, + lm_key, + NULL, + &error_string); + + data_blob_free(&lm_response); - if ((result != NSS_STATUS_SUCCESS) && (response.data.auth.nt_status == 0)) { - d_printf("Reading winbind reply failed! (0x01)\n"); - } - - d_printf("%s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); - - if (response.data.auth.nt_status == 0) { - if (request_lm_key - && (memcmp(zeros, response.data.auth.first_8_lm_hash, - sizeof(response.data.auth.first_8_lm_hash)) != 0)) { - hex_encode(response.data.auth.first_8_lm_hash, - sizeof(response.data.auth.first_8_lm_hash), - &lm_key); - d_printf("LM_KEY: %s\n", lm_key); - SAFE_FREE(lm_key); - } - if (request_nt_key - && (memcmp(zeros, response.data.auth.nt_session_key, - sizeof(response.data.auth.nt_session_key)) != 0)) { - hex_encode(response.data.auth.nt_session_key, - sizeof(response.data.auth.nt_session_key), - &nt_key); - d_printf("NT_KEY: %s\n", nt_key); - SAFE_FREE(nt_key); + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + return False; + } + + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + } + return True; +} + +static BOOL test_lm_ntlm(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB lm_response = data_blob(NULL, 24); + DATA_BLOB nt_response = data_blob(NULL, 24); + DATA_BLOB session_key = data_blob(NULL, 16); + + uchar lm_key[8]; + uchar nt_key[16]; + uchar lm_hash[16]; + uchar nt_hash[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_NTKEY; + + SMBencrypt(opt_password,chall.data,lm_response.data); + E_deshash(opt_password, lm_hash); + + SMBNTencrypt(opt_password,chall.data,nt_response.data); + + E_md4hash(opt_password, nt_hash); + SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &lm_response, + &nt_response, + flags, + lm_key, + nt_key, + &error_string); + + data_blob_free(&lm_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + pass = False; + } + if (memcmp(session_key.data, nt_key, + sizeof(nt_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, session_key.data, session_key.length); + pass = False; + } + return pass; +} + +static BOOL test_ntlm(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB nt_response = data_blob(NULL, 24); + DATA_BLOB session_key = data_blob(NULL, 16); + + char nt_key[16]; + char nt_hash[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + flags |= WINBIND_PAM_NTKEY; + + SMBNTencrypt(opt_password,chall.data,nt_response.data); + E_md4hash(opt_password, nt_hash); + SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + NULL, + &nt_response, + flags, + NULL, + nt_key, + &error_string); + + data_blob_free(&nt_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + + if (memcmp(session_key.data, nt_key, + sizeof(nt_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, session_key.data, session_key.length); + pass = False; + } + return pass; +} + +/* + Tests: + + - LM only + - NT and LM + - NT + - NTLMv2 + - NTLMv2 and LMv2 + - LMv2 + + check we get the correct session key in each case + check what values we get for the LM session key + +*/ + +struct ntlm_tests { + BOOL (*fn)(); + const char *name; +} test_table[] = { + {test_lm, "test LM"}, + {test_lm_ntlm, "test LM and NTLM"}, + {test_ntlm, "test NTLM"} +/* {test_lm_ntlmv2, "test NTLMv2"}, */ +/* {test_lm_ntlmv2, "test NTLMv2 and LMv2"}, */ +/* {test_lm_ntlmv2, "test LMv2"} */ +}; + +static BOOL diagnose_ntlm_auth(void) +{ + unsigned int i; + BOOL pass = True; + + for (i=0; test_table[i].fn; i++) { + if (!test_table[i].fn()) { + DEBUG(1, ("Test %s failed!\n", test_table[i].name)); + pass = False; } } - return result == NSS_STATUS_SUCCESS; + return pass; } /* Main program */ @@ -436,26 +692,47 @@ enum { OPT_NT, OPT_PASSWORD, OPT_LM_KEY, - OPT_NT_KEY + OPT_NT_KEY, + OPT_DIAGNOSTICS }; int main(int argc, const char **argv) { int opt; + static const char *hex_challenge; + static const char *hex_lm_response; + static const char *hex_nt_response; + char *challenge; + char *lm_response; + char *nt_response; + size_t challenge_len; + size_t lm_response_len; + size_t nt_response_len; + poptContext pc; + + /* NOTE: DO NOT change this interface without considering the implications! + This is an external interface, which other programs will use to interact + with this helper. + */ + + /* We do not use single-letter command abbreviations, because they harm future + interface stability. */ + struct poptOption long_options[] = { POPT_AUTOHELP { "helper-protocol", 0, POPT_ARG_STRING, &helper_protocol, OPT_DOMAIN, "operate as a stdio-based helper", "helper protocol to use"}, - { "username", 0, POPT_ARG_STRING, &username, OPT_USERNAME, "username"}, - { "domain", 0, POPT_ARG_STRING, &domain, OPT_DOMAIN, "domain name"}, - { "workstation", 0, POPT_ARG_STRING, &domain, OPT_WORKSTATION, "workstation"}, + { "username", 0, POPT_ARG_STRING, &opt_username, OPT_USERNAME, "username"}, + { "domain", 0, POPT_ARG_STRING, &opt_domain, OPT_DOMAIN, "domain name"}, + { "workstation", 0, POPT_ARG_STRING, &opt_workstation, OPT_WORKSTATION, "workstation"}, { "challenge", 0, POPT_ARG_STRING, &hex_challenge, OPT_CHALLENGE, "challenge (HEX encoded)"}, { "lm-response", 0, POPT_ARG_STRING, &hex_lm_response, OPT_LM, "LM Response to the challenge (HEX encoded)"}, { "nt-response", 0, POPT_ARG_STRING, &hex_nt_response, OPT_NT, "NT or NTLMv2 Response to the challenge (HEX encoded)"}, - { "password", 0, POPT_ARG_STRING, &password, OPT_PASSWORD, "User's plaintext password"}, + { "password", 0, POPT_ARG_STRING, &opt_password, OPT_PASSWORD, "User's plaintext password"}, { "request-lm-key", 0, POPT_ARG_NONE, &request_lm_key, OPT_LM_KEY, "Retreive LM session key"}, { "request-nt-key", 0, POPT_ARG_NONE, &request_nt_key, OPT_NT_KEY, "Retreive NT session key"}, + { "diagnostics", 0, POPT_ARG_NONE, &diagnostics, OPT_DIAGNOSTICS, "Perform diagnostics on the authentictaion chain"}, POPT_COMMON_SAMBA POPT_TABLEEND }; @@ -481,29 +758,40 @@ enum { while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { case OPT_CHALLENGE: - challenge_len = strlen(hex_challenge); - challenge = smb_xmalloc((challenge_len+1)/2); - if ((challenge_len = strhex_to_str(challenge, challenge_len, hex_challenge)) != 8) { - fprintf(stderr, "hex decode of %s failed (only got %u bytes)!\n", + challenge = smb_xmalloc((strlen(hex_challenge)+1)/2); + if ((challenge_len = strhex_to_str(challenge, + strlen(hex_challenge), + hex_challenge)) != 8) { + x_fprintf(x_stderr, "hex decode of %s failed (only got %u bytes)!\n", hex_challenge, challenge_len); exit(1); } + opt_challenge = data_blob(challenge, challenge_len); + SAFE_FREE(challenge); break; case OPT_LM: - lm_response_len = strlen(hex_lm_response); - lm_response = smb_xmalloc((lm_response_len+1)/2); - if ((lm_response_len = strhex_to_str(lm_response, lm_response_len, hex_lm_response)) != 24) { - fprintf(stderr, "hex decode of %s failed!\n", hex_lm_response); + lm_response = smb_xmalloc((strlen(hex_lm_response)+1)/2); + lm_response_len = strhex_to_str(lm_response, + strlen(hex_lm_response), + hex_lm_response); + if (lm_response_len != 24) { + x_fprintf(x_stderr, "hex decode of %s failed!\n", hex_lm_response); exit(1); } + opt_lm_response = data_blob(lm_response, lm_response_len); + SAFE_FREE(lm_response); break; case OPT_NT: - nt_response_len = strlen(hex_nt_response); - nt_response = smb_xmalloc((nt_response_len+1)/2); - if ((nt_response_len = strhex_to_str(nt_response, nt_response_len, hex_nt_response)) < 24) { - fprintf(stderr, "hex decode of %s failed!\n", hex_nt_response); + nt_response = smb_xmalloc((strlen(hex_nt_response)+1)/2); + nt_response_len = strhex_to_str(nt_response, + strlen(hex_nt_response), + hex_nt_response); + if (nt_response_len < 24) { + x_fprintf(x_stderr, "hex decode of %s failed!\n", hex_nt_response); exit(1); } + opt_nt_response = data_blob(nt_response, nt_response_len); + SAFE_FREE(nt_response); break; } } @@ -516,27 +804,45 @@ enum { } else if (strcmp(helper_protocol, "squid-2.4-basic")== 0) { squid_stream(SQUID_2_4_BASIC); } else { - fprintf(stderr, "unknown helper protocol [%s]\n", helper_protocol); + x_fprintf(x_stderr, "unknown helper protocol [%s]\n", helper_protocol); exit(1); } } - if (domain == NULL) { - domain = get_winbind_domain(); + if (!opt_username) { + x_fprintf(x_stderr, "username must be specified!\n\n"); + poptPrintHelp(pc, stderr, 0); + exit(1); } - if (workstation == NULL) { - workstation = ""; + if (opt_domain == NULL) { + opt_domain = get_winbind_domain(); } - if (challenge) { + if (opt_workstation == NULL) { + opt_workstation = ""; + } + + if (opt_challenge.length) { if (!check_auth_crap()) { exit(1); } - } else if (password) { + exit(0); + } + + if (!opt_password) { + opt_password = getpass("password: "); + } + + if (diagnostics) { + if (!diagnose_ntlm_auth()) { + exit(1); + } + } else { fstring user; - snprintf(user, sizeof(user)-1, "%s%c%s", domain, winbind_separator(), username); - if (!check_plaintext_auth(user, password, True)) { + + snprintf(user, sizeof(user)-1, "%s%c%s", opt_domain, winbind_separator(), opt_username); + if (!check_plaintext_auth(user, opt_password, True)) { exit(1); } } -- cgit From 0d01c00f0740da97bb328e8390c2b8fc6ce3166d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Apr 2003 13:49:51 +0000 Subject: error_string, not error_message... (This used to be commit ce197eae8d254114a295142b522cc028c375ae88) --- source3/utils/ntlm_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 243700cedd..82e6127d55 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -221,7 +221,7 @@ static NTSTATUS contact_winbind_auth_crap(const char *username, if ((result != NSS_STATUS_SUCCESS) && (response.data.auth.nt_status == 0)) { nt_status = NT_STATUS_UNSUCCESSFUL; - if (error_message) + if (error_string) *error_string = smb_xstrdup("Reading winbind reply failed!"); return nt_status; } -- cgit From f1c4fb5cf5e425e5a07348ed174f7ed4f5b315c9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Apr 2003 13:54:06 +0000 Subject: Update ntlm_auth and winbind manpages. Andrew Bartlett (This used to be commit 441d6952bdaff94e387a11f5f524359f3bbbeefb) --- docs/docbook/manpages/ntlm_auth.1.sgml | 14 ++------------ docs/docbook/manpages/winbindd.8.sgml | 21 +++++++++++++++------ 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/docs/docbook/manpages/ntlm_auth.1.sgml b/docs/docbook/manpages/ntlm_auth.1.sgml index 52ab1db9e4..08a7d4aa88 100644 --- a/docs/docbook/manpages/ntlm_auth.1.sgml +++ b/docs/docbook/manpages/ntlm_auth.1.sgml @@ -11,25 +11,15 @@ ntlm_auth - tool for executing client side - MS-RPC functions + tool to allow external access to Winbind's NTLM authentication function ntlm_auth - -A authfile - -c <command string> -d debuglevel - -h -l logfile - -N -s <smb config file> - -U username[%password] - -W workgroup - -N - -I destinationIP - server @@ -75,7 +65,7 @@ --workstation=WORKSTATION - Specify workstation of user to authenticate + Specify the workstation the user authenticated from diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index 0beddf0ea5..e0489c43c4 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -316,12 +316,6 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok winbindd to become aware of new trust relationships between servers, it must be sent a SIGHUP signal. - Client processes resolving names through the winbindd - nsswitch module read an environment variable named - $WINBINDD_DOMAIN. If this variable contains a comma separated - list of Windows NT domain names, then winbindd will only resolve users - and groups within those Windows NT domains. - PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system. @@ -386,6 +380,21 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok root. + + $LOCKDIR/winbindd_privilaged/pipe + The UNIX pipe over which 'privilaged' clients + communicate with the winbindd program. For security + reasons, access to some winbindd functions - like those needed by + the ntlm_auth utility - is restricted. By default, + only users in the 'root' group will get this access, however the administrator + may change the group permissions on $LOCKDIR/winbindd_privilaged to allow + programs like 'squid' to use ntlm_auth. + Note that the winbind client will only attempt to connect to the winbindd daemon + if both the $LOCKDIR/winbindd_privilaged directory + and $LOCKDIR/winbindd_privilaged/pipe file are owned by + root. + + /lib/libnss_winbind.so.X Implementation of name service switch library. -- cgit From 22c6b5be5ac67219694ad90b20aaf2f56dd4ed01 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 14:11:51 +0000 Subject: Fix searching master ip by bcast when old master has gone away (based on patch by Stephan Kulow ) (This used to be commit 5c0e4b4dc630bd304f53c37f2340f954190b7aef) --- source3/utils/smbtree.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index 52de5ab467..d245c324dd 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -90,10 +90,12 @@ static struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip /* Return the IP address and workgroup of a master browser on the network. */ -static BOOL find_master_ip_bcast(pstring workgroup, struct in_addr *server_ip) +static struct cli_state *get_ipc_connect_master_ip_bcast(pstring workgroup, struct user_auth_info *user_info) { struct in_addr *ip_list; + struct cli_state *cli; int i, count; + struct in_addr server_ip; /* Go looking for workgroups by broadcasting on the local network */ @@ -107,7 +109,7 @@ static BOOL find_master_ip_bcast(pstring workgroup, struct in_addr *server_ip) if (!name_status_find("*", 0, 0x1d, ip_list[i], name)) continue; - if (!find_master_ip(name, server_ip)) + if (!find_master_ip(name, &server_ip)) continue; pstrcpy(workgroup, name); @@ -115,10 +117,13 @@ static BOOL find_master_ip_bcast(pstring workgroup, struct in_addr *server_ip) DEBUG(4, ("found master browser %s, %s\n", name, inet_ntoa(ip_list[i]))); - return True; + if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info))) + continue; + + return cli; } - return False; + return NULL; } /**************************************************************************** @@ -136,19 +141,21 @@ static BOOL get_workgroups(struct user_auth_info *user_info) pstrcpy(master_workgroup, lp_workgroup()); - if (use_bcast || !find_master_ip(lp_workgroup(), &server_ip)) { - DEBUG(4, ("Unable to find master browser for workgroup %s\n", + if (!use_bcast && !find_master_ip(lp_workgroup(), &server_ip)) { + DEBUG(4, ("Unable to find master browser for workgroup %s, falling back to broadcast\n", master_workgroup)); - if (!find_master_ip_bcast(master_workgroup, &server_ip)) { + use_bcast = True; + } else if(!use_bcast) { + if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info))) + return False; + } + + if (!(cli = get_ipc_connect_master_ip_bcast(master_workgroup, user_info))) { DEBUG(4, ("Unable to find master browser by " "broadcast\n")); return False; - } } - if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info))) - return False; - if (!cli_NetServerEnum(cli, master_workgroup, SV_TYPE_DOMAIN_ENUM, add_name, &workgroups)) return False; -- cgit From 8d9962f1d3093eb7d2524362685b858b68b6c9d5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 14:59:21 +0000 Subject: Only link in libs when they are actually used. Works great here and on one of my other boxes. I'll watch the buildfarm. (This used to be commit 266c3970df9f5f9f617c49eee666c1db8e10c855) --- source3/Makefile.in | 66 ++++++++++++++++++++++++++++------------------------ source3/configure.in | 29 +++++++++++++++++++---- 2 files changed, 59 insertions(+), 36 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 8a7abe6bf7..fa302b5120 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -4,6 +4,7 @@ # Copyright (C) 2001 by Martin Pool # Copyright Andrew Bartlett 2002 # Copyright (C) 2003 Anthony Liguori +# Copyright (C) 2002-2003 Jelmer Vernooij ########################################################################### prefix=@prefix@ @@ -28,6 +29,9 @@ TERMLIBS=@TERMLIBS@ PRINTLIBS=@PRINTLIBS@ AUTHLIBS=@AUTHLIBS@ ACLLIBS=@ACLLIBS@ +PASSDBLIBS=@PASSDBLIBS@ +ADSLIBS=@ADSLIBS@ +KRB5LIBS=@KRB5_LIBS@ LINK=$(CC) $(FLAGS) $(LDFLAGS) @@ -717,12 +721,12 @@ bin/.dummy: bin/smbd@EXEEXT@: $(SMBD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \ - $(AUTHLIBS) $(ACLLIBS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(ADSLIBS) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \ + $(AUTHLIBS) $(ACLLIBS) $(PASSDBLIBS) $(LIBS) @BUILD_POPT@ bin/nmbd@EXEEXT@: $(NMBD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) bin/wrepld@EXEEXT@: $(WREPL_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @@ -731,19 +735,19 @@ bin/wrepld@EXEEXT@: $(WREPL_OBJ) @BUILD_POPT@ bin/.dummy bin/swat@EXEEXT@: $(SWAT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \ - $(AUTHLIBS) $(LIBS) @BUILD_POPT@ + $(AUTHLIBS) $(LIBS) $(PASSDBLIBS) @BUILD_POPT@ $(KRB5LIBS) bin/rpcclient@EXEEXT@: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@ $(ADSLIBS) bin/smbclient@EXEEXT@: $(CLIENT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) bin/net@EXEEXT@: $(NET_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@ $(ADSLIBS) bin/profiles@EXEEXT@: $(PROFILES_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @@ -755,7 +759,7 @@ bin/editreg@EXEEXT@: utils/editreg.o @BUILD_POPT@ bin/.dummy bin/smbspool@EXEEXT@: $(CUPS_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/smbmount@EXEEXT@: $(MOUNT_OBJ) bin/.dummy @echo Linking $@ @@ -787,23 +791,23 @@ bin/smbcontrol@EXEEXT@: $(SMBCONTROL_OBJ) bin/.dummy bin/smbtree@EXEEXT@: $(SMBTREE_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(PASSDBLIBS) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ bin/samtest@EXEEXT@: $(SAMTEST_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(PASSDBLIBS) $(ADSLIBS) bin/smbgroupedit@EXEEXT@: $(SMBGROUPEDIT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(PASSDBLIBS) $(LDFLAGS) $(DYNEXP) $(LIBS) bin/nmblookup@EXEEXT@: $(NMBLOOKUP_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @@ -811,7 +815,7 @@ bin/nmblookup@EXEEXT@: $(NMBLOOKUP_OBJ) @BUILD_POPT@ bin/.dummy bin/smbtorture@EXEEXT@: $(SMBTORTURE_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) bin/talloctort@EXEEXT@: $(TALLOCTORT_OBJ) bin/.dummy @echo Linking $@ @@ -819,35 +823,35 @@ bin/talloctort@EXEEXT@: $(TALLOCTORT_OBJ) bin/.dummy bin/masktest@EXEEXT@: $(MASKTEST_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/msgtest@EXEEXT@: $(MSGTEST_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/smbcacls@EXEEXT@: $(SMBCACLS_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) bin/locktest@EXEEXT@: $(LOCKTEST_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/nsstest@EXEEXT@: $(NSSTEST_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/vfstest@EXEEXT@: $(VFSTEST_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(AUTHLIBS) $(ACLLIBS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(AUTHLIBS) $(ACLLIBS) $(LIBS) @BUILD_POPT@ $(ADSLIBS) bin/locktest2@EXEEXT@: $(LOCKTEST2_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/rpctorture@EXEEXT@: $(RPCTORTURE_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(RPCTORTURE_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(RPCTORTURE_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/debug2html@EXEEXT@: $(DEBUG2HTML_OBJ) bin/.dummy @echo Linking $@ @@ -855,11 +859,11 @@ bin/debug2html@EXEEXT@: $(DEBUG2HTML_OBJ) bin/.dummy bin/smbfilter@EXEEXT@: $(SMBFILTER_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/smbw_sample@EXEEXT@: $(SMBW_OBJ) utils/smbw_sample.o bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBW_OBJ) utils/smbw_sample.o $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBW_OBJ) utils/smbw_sample.o $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/smbsh@EXEEXT@: $(SMBSH_OBJ) bin/.dummy @echo Linking $@ @@ -868,21 +872,21 @@ bin/smbsh@EXEEXT@: $(SMBSH_OBJ) bin/.dummy bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) bin/.dummy @echo Linking shared library $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(PICOBJS) $(LIBS) \ - @SONAMEFLAG@`basename $@` + @SONAMEFLAG@`basename $@` $(KRB5LIBS) bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32) @echo Linking shared library $@ @$(SHLD) -32 $(LDSHFLAGS) -o $@ $(PICOBJS32) $(LIBS) \ - @SONAMEFLAG@`basename $@` + @SONAMEFLAG@`basename $@` $(KRB5LIBS) bin/libsmbclient.@SHLIBEXT@: $(LIBSMBCLIENT_PICOBJS) @echo Linking libsmbclient shared library $@ $(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_PICOBJS) $(LDFLAGS) $(LIBS) \ - @SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR) + @SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR) $(KRB5LIBS) bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS) @echo Linking libsmbclient non-shared library $@ - -$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS) + -$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS) $(KRB5LIBS) bin/libbigballofmud.@SHLIBEXT@: $(LIBBIGBALLOFMUD_PICOBJS) @echo Linking bigballofmud shared library $@ @@ -943,7 +947,7 @@ nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ) bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(LINK) -o $@ $(WINBINDD_OBJ) $(IDMAP_OBJ) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(LINK) -o $@ $(WINBINDD_OBJ) $(IDMAP_OBJ) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(ADSLIBS) nsswitch/libns_winbind.@SHLIBEXT@: $(WINBIND_NSS_PICOBJS) @echo "Linking $@" @@ -995,7 +999,7 @@ bin/mysql.@SHLIBEXT@: $(MYSQL_OBJ) bin/ldapsam.@SHLIBEXT@: passdb/pdb_ldap.o @echo "Building plugin $@" - @$(SHLD) $(LDSHFLAGS) -o $@ passdb/pdb_ldap.o \ + @$(SHLD) $(LDSHFLAGS) @LDAP_LIBS@ -o $@ passdb/pdb_ldap.o \ @SONAMEFLAG@`basename $@` bin/tdbsam.@SHLIBEXT@: passdb/pdb_tdb.o @@ -1136,7 +1140,7 @@ python_ext: $(PYTHON_OBJS) echo Use the option --with-python to configure python; \ exit 1; fi PYTHON_OBJS="$(PYTHON_OBJS)" PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS) $(FLAGS)" \ - LIBS="$(LIBS)" \ + LIBS="$(LIBS) $(PASSDBLIBS) $(KRB5LIBS)" \ $(PYTHON) python/setup.py build python_install: $(PYTHON_OBJS) diff --git a/source3/configure.in b/source3/configure.in index 3a6641d44a..d0c3e8e1fd 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -153,6 +153,10 @@ AC_SUBST(LIBSMBCLIENT) AC_SUBST(PRINTLIBS) AC_SUBST(AUTHLIBS) AC_SUBST(ACLLIBS) +AC_SUBST(ADSLIBS) +AC_SUBST(PASSDBLIBS) +AC_SUBST(KRB5_LIBS) +AC_SUBST(LDAP_LIBS) AC_SUBST(SHLIB_PROGS) AC_SUBST(SMBWRAPPER) AC_SUBST(EXTRA_BIN_PROGS) @@ -2065,6 +2069,11 @@ AC_MSG_RESULT($with_ads_support) FOUND_KRB5=no if test x"$with_ads_support" = x"yes"; then +ac_save_CFLAGS="$CFLAGS" +ac_save_LIBS="$LIBS" +CFLAGS="" +LIBS="" + ################################################# # check for krb5-config from recent MIT and Heimdal kerberos 5 AC_PATH_PROG(KRB5_CONFIG, krb5-config) @@ -2229,6 +2238,8 @@ fi AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5"; AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])]) +KRB5_LIBS="$LIBS"; KRB5_CFLAGS="$CFLAGS" +LIBS="$ac_save_LIBS"; CFLAGS="$ac_save_CFLAGS" fi ######################################################## @@ -2248,6 +2259,8 @@ AC_ARG_WITH(ldap, AC_MSG_RESULT($with_ldap_support) if test x"$with_ldap_support" = x"yes"; then +ac_save_CFLAGS="$CFLAGS"; ac_save_LIBS="$LIBS" +CFLAGS=""; LIBS="" ################################################################## # we might need the lber lib on some systems. To avoid link errors @@ -2272,6 +2285,12 @@ if test x"$with_ldap_support" = x"yes"; then AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc]) fi +LDAP_LIBS="$LIBS";LDAP_CFLAGS="$CFLAGS" +LIBS="$ac_save_LIBS"; CFLAGS="$ac_save_CFLAGS" +fi + +if test x"$with_ads_support" = x"yes"; then + ADSLIBS="$LDAP_LIBS $KRB5_LIBS" fi ######################################################## @@ -2433,7 +2452,7 @@ AC_ARG_WITH(ldapsam, [ case "$withval" in yes) AC_MSG_RESULT(yes) - AC_DEFINE(WITH_LDAP_SAMCONFIG,1,[Whether to include 2.2 compatibel LDAP SAM configuration]) + AC_DEFINE(WITH_LDAP_SAMCONFIG,1,[Whether to include 2.2 compatible LDAP SAM configuration]) ;; *) AC_MSG_RESULT(no) @@ -3327,7 +3346,7 @@ if test x"$INCLUDED_POPT" = x"yes"; then FLAGS1="-I$srcdir/popt" else AC_MSG_RESULT(no) - LIBS="$LIBS -lpopt" + BUILD_POPT="-lpopt" fi AC_SUBST(BUILD_POPT) AC_SUBST(FLAGS1) @@ -3399,11 +3418,11 @@ AC_ARG_WITH(shared-modules, fi ]) SMB_MODULE(pdb_xml, modules/xml.o, bin/xml.so, PDB, - [ LIBS="$LIBS $XML_LIBS" ] ) + [ PASSDBLIBS="$PASSDBLIBS $XML_LIBS" ] ) SMB_MODULE(pdb_mysql, modules/mysql.o, bin/mysql.so, PDB, - [ LIBS="$LIBS $MYSQL_LIBS" ] ) + [ PASSDBLIBS="$PASSDBLIBS $MYSQL_LIBS" ] ) SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, bin/ldapsam.so, PDB, - [ LIBS="$LIBS $LDAP_LIBS" ] ) + [ PASSDBLIBS="$PASSDBLIBS $LDAP_LIBS" ] ) SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, bin/smbpasswd.so, PDB) SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, bin/tdbsam.so, PDB) SMB_MODULE(pdb_nisplussam, passdb/pdb_nisplus.o, bin/nisplussam.so, PDB) -- cgit From de8a78e7223f351838ef81085a7ec42f54a3740c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Apr 2003 15:03:07 +0000 Subject: Print out the 'freindly' error message from winbind. Also print useful information into it re the privilaged pipe. Also clean up some bugs in winbindd_pam.c Andrew Bartlett (This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c) --- source3/nsswitch/wbinfo.c | 10 ++++++---- source3/nsswitch/winbindd_pam.c | 19 ++++++++++++++++--- source3/utils/ntlm_auth.c | 10 ++++++---- 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 5ec8e534aa..61c54b3738 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -447,9 +447,10 @@ static BOOL wbinfo_auth(char *username) (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, - response.data.auth.nt_status); + response.data.auth.nt_status, + response.data.auth.error_string); return result == NSS_STATUS_SUCCESS; } @@ -502,9 +503,10 @@ static BOOL wbinfo_auth_crap(char *username) (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, - response.data.auth.nt_status); + response.data.auth.nt_status, + response.data.auth.error_string); return result == NSS_STATUS_SUCCESS; } diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index d408a8b3ae..e65d2bb0f6 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -140,7 +140,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) uni_group_cache_store_netlogon(mem_ctx, &info3); done: - + + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); @@ -176,6 +181,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) if (!state->privilaged) { DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n")); + /* send a better message than ACCESS_DENIED */ + push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap"); result = NT_STATUS_ACCESS_DENIED; goto done; } @@ -282,15 +289,21 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */); } if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) { - memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */); + memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */); } } done: + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); - push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result)); + if (!*state->response.data.auth.error_string) + push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 82e6127d55..88913c8051 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -157,17 +157,19 @@ static BOOL check_plaintext_auth(const char *user, const char *pass, BOOL stdout d_printf("Reading winbind reply failed! (0x01)\n"); } - d_printf("%s (0x%x)\n", + d_printf("%s: %s (0x%x)\n", response.data.auth.nt_status_string, + response.data.auth.error_string, response.data.auth.nt_status); } else { if ((result != NSS_STATUS_SUCCESS) && (response.data.auth.nt_status == 0)) { DEBUG(1, ("Reading winbind reply failed! (0x01)\n")); } - DEBUG(3, ("%s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status)); + DEBUG(3, ("%s: %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.error_string, + response.data.auth.nt_status)); } return (result == NSS_STATUS_SUCCESS); -- cgit From 75c1bf29a8d14e2d0458b8f89e347a5e374d3ea5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Apr 2003 15:04:47 +0000 Subject: Map a useless error code to a useful one... (This used to be commit 1afb2695a020424d014c4dee9c6a73620281aaa8) --- source3/auth/auth_domain.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 256c4532ed..7dca5914f0 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -175,6 +175,11 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, &dest_ip, 0, "IPC$", "IPC", "", "", "",0, retry); if (!NT_STATUS_IS_OK(result)) { + /* map to something more useful */ + if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + release_server_mutex(); return result; } -- cgit From 388af6585777b529877848b97c2b9c2fa9e35e06 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 15:08:31 +0000 Subject: Only link in popt when we need it (This used to be commit a5a980eb3efb37a6becacf043692361bdb4174b0) --- source3/Makefile.in | 42 +++++++++++++++++++++--------------------- source3/configure.in | 5 ++++- 2 files changed, 25 insertions(+), 22 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index fa302b5120..60ba100633 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -722,40 +722,40 @@ bin/.dummy: bin/smbd@EXEEXT@: $(SMBD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(ADSLIBS) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \ - $(AUTHLIBS) $(ACLLIBS) $(PASSDBLIBS) $(LIBS) @BUILD_POPT@ + $(AUTHLIBS) $(ACLLIBS) $(PASSDBLIBS) $(LIBS) @POPTLIBS@ bin/nmbd@EXEEXT@: $(NMBD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) + @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) bin/wrepld@EXEEXT@: $(WREPL_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(WREPL_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(WREPL_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ bin/swat@EXEEXT@: $(SWAT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \ - $(AUTHLIBS) $(LIBS) $(PASSDBLIBS) @BUILD_POPT@ $(KRB5LIBS) + $(AUTHLIBS) $(LIBS) $(PASSDBLIBS) @POPTLIBS@ $(KRB5LIBS) bin/rpcclient@EXEEXT@: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@ $(ADSLIBS) + @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(ADSLIBS) bin/smbclient@EXEEXT@: $(CLIENT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) + @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) bin/net@EXEEXT@: $(NET_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@ $(ADSLIBS) + @$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(ADSLIBS) bin/profiles@EXEEXT@: $(PROFILES_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PROFILES_OBJ) $(LDFLAGS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(PROFILES_OBJ) $(LDFLAGS) $(LIBS) @POPTLIBS@ -bin/editreg@EXEEXT@: utils/editreg.o @BUILD_POPT@ bin/.dummy +bin/editreg@EXEEXT@: $(EDITREG_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ utils/editreg.o $(LDFLAGS) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ utils/editreg.o $(LDFLAGS) $(LIBS) @POPTLIBS@ bin/smbspool@EXEEXT@: $(CUPS_OBJ) bin/.dummy @echo Linking $@ @@ -775,7 +775,7 @@ bin/smbumount@EXEEXT@: $(UMOUNT_OBJ) bin/.dummy bin/testparm@EXEEXT@: $(TESTPARM_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ bin/testprns@EXEEXT@: $(TESTPRNS_OBJ) bin/.dummy @echo Linking $@ @@ -783,7 +783,7 @@ bin/testprns@EXEEXT@: $(TESTPRNS_OBJ) bin/.dummy bin/smbstatus@EXEEXT@: $(STATUS_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ bin/smbcontrol@EXEEXT@: $(SMBCONTROL_OBJ) bin/.dummy @echo Linking $@ @@ -791,7 +791,7 @@ bin/smbcontrol@EXEEXT@: $(SMBCONTROL_OBJ) bin/.dummy bin/smbtree@EXEEXT@: $(SMBTREE_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy @echo Linking $@ @@ -799,11 +799,11 @@ bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(PASSDBLIBS) $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ bin/samtest@EXEEXT@: $(SAMTEST_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(PASSDBLIBS) $(ADSLIBS) + @$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDBLIBS) $(ADSLIBS) bin/smbgroupedit@EXEEXT@: $(SMBGROUPEDIT_OBJ) bin/.dummy @echo Linking $@ @@ -811,7 +811,7 @@ bin/smbgroupedit@EXEEXT@: $(SMBGROUPEDIT_OBJ) bin/.dummy bin/nmblookup@EXEEXT@: $(NMBLOOKUP_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@ + @$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ bin/smbtorture@EXEEXT@: $(SMBTORTURE_OBJ) bin/.dummy @echo Linking $@ @@ -831,7 +831,7 @@ bin/msgtest@EXEEXT@: $(MSGTEST_OBJ) bin/.dummy bin/smbcacls@EXEEXT@: $(SMBCACLS_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@ $(KRB5LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) bin/locktest@EXEEXT@: $(LOCKTEST_OBJ) bin/.dummy @echo Linking $@ @@ -843,7 +843,7 @@ bin/nsstest@EXEEXT@: $(NSSTEST_OBJ) bin/.dummy bin/vfstest@EXEEXT@: $(VFSTEST_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(AUTHLIBS) $(ACLLIBS) $(LIBS) @BUILD_POPT@ $(ADSLIBS) + @$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(AUTHLIBS) $(ACLLIBS) $(LIBS) @POPTLIBS@ $(ADSLIBS) bin/locktest2@EXEEXT@: $(LOCKTEST2_OBJ) bin/.dummy @echo Linking $@ @@ -947,7 +947,7 @@ nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ) bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(LINK) -o $@ $(WINBINDD_OBJ) $(IDMAP_OBJ) $(DYNEXP) $(LIBS) @BUILD_POPT@ $(ADSLIBS) + @$(LINK) -o $@ $(WINBINDD_OBJ) $(IDMAP_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) nsswitch/libns_winbind.@SHLIBEXT@: $(WINBIND_NSS_PICOBJS) @echo "Linking $@" @@ -1061,13 +1061,13 @@ bin/wbinfo@EXEEXT@: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \ $(UBIQX_OBJ) $(SECRETS_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \ - $(UBIQX_OBJ) $(SECRETS_OBJ) $(LIBS) @BUILD_POPT@ + $(UBIQX_OBJ) $(SECRETS_OBJ) $(LIBS) @POPTLIBS@ bin/ntlm_auth@EXEEXT@: $(NTLM_AUTH_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \ $(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(LINK) -o $@ $(NTLM_AUTH_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \ - $(UBIQX_OBJ) $(LIBS) @BUILD_POPT@ + $(UBIQX_OBJ) $(LIBS) @POPTLIBS@ bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ) @echo "Linking shared library $@" diff --git a/source3/configure.in b/source3/configure.in index d0c3e8e1fd..266dffa38b 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3343,12 +3343,15 @@ AC_MSG_CHECKING(whether to use included popt) if test x"$INCLUDED_POPT" = x"yes"; then AC_MSG_RESULT(yes) BUILD_POPT='$(POPT_OBJS)' + POPTLIBS='$(POPT_OBJS)' FLAGS1="-I$srcdir/popt" else AC_MSG_RESULT(no) - BUILD_POPT="-lpopt" + BUILD_POPT="" + POPTLIBS="-lpopt" fi AC_SUBST(BUILD_POPT) +AC_SUBST(POPTLIBS) AC_SUBST(FLAGS1) ################################################# -- cgit From b5c7e3377f91a811e1da03ccb18d62ce37f14950 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 15:25:19 +0000 Subject: Add EDITREG_OBJ (This used to be commit fef586d6cd9a4a754da858a29409ed2a7824cad1) --- source3/Makefile.in | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 60ba100633..4d11f1e988 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -294,6 +294,7 @@ GROUPDB_OBJ = groupdb/mapping.o PROFILE_OBJ = profile/profile.o PROFILES_OBJ = utils/profiles.o +EDITREG_OBJ = utils/editreg.o OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o @@ -755,7 +756,7 @@ bin/profiles@EXEEXT@: $(PROFILES_OBJ) @BUILD_POPT@ bin/.dummy bin/editreg@EXEEXT@: $(EDITREG_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ utils/editreg.o $(LDFLAGS) $(LIBS) @POPTLIBS@ + @$(CC) $(FLAGS) -o $@ $(EDITREG_OBJ) $(LDFLAGS) $(LIBS) @POPTLIBS@ bin/smbspool@EXEEXT@: $(CUPS_OBJ) bin/.dummy @echo Linking $@ @@ -1123,7 +1124,7 @@ installdat: installdirs installswat: installdirs @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir) -installclientlib: +installclientlib: bin/libsmbclient.@SHLIBEXT@ -$(INSTALLCLIENTCMD_SH) bin/libsmbclient.@SHLIBEXT@ $(DESTDIR)${prefix}/lib -$(INSTALLCLIENTCMD_A) bin/libsmbclient.a $(DESTDIR)${prefix}/lib -$(INSTALLCMD) -d $(DESTDIR)${prefix}/include -- cgit From c64d654797ea7bd975bdf488a1447a0ad10f096b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 15:42:44 +0000 Subject: Link in lib/snprintf.o with editreg for use on systems that don't have snprintf (This used to be commit 7cd2c4474579114318554bc3b87b518fed218a93) --- source3/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 4d11f1e988..cd0dc11ded 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -294,7 +294,7 @@ GROUPDB_OBJ = groupdb/mapping.o PROFILE_OBJ = profile/profile.o PROFILES_OBJ = utils/profiles.o -EDITREG_OBJ = utils/editreg.o +EDITREG_OBJ = utils/editreg.o lib/snprintf.o OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o -- cgit From 35d546ecd1efee9b5284cdbb9680363223d34a6d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 15:46:25 +0000 Subject: Add KRB5LIBS to smbmount (This used to be commit cdaa3bf12e656dbd797882e89ce39ad76c45f6b6) --- source3/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index cd0dc11ded..fbe8f1c165 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -764,7 +764,7 @@ bin/smbspool@EXEEXT@: $(CUPS_OBJ) bin/.dummy bin/smbmount@EXEEXT@: $(MOUNT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) bin/smbmnt@EXEEXT@: $(MNT_OBJ) bin/.dummy @echo Linking $@ -- cgit From 494f339ca8c726e1c91ce95c61eae2cb765c35b5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 17:04:33 +0000 Subject: Add const (from a patch by Stephan Kulow ) (This used to be commit 8b5ad24231e5001e612c5fd4bbde2762caef5856) --- source3/include/libsmbclient.h | 9 +++++---- source3/libsmb/libsmb_cache.c | 8 ++++---- source3/libsmb/libsmbclient.c | 21 +++++++++++---------- 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h index 0c905edcbc..a9f83cfbd3 100644 --- a/source3/include/libsmbclient.h +++ b/source3/include/libsmbclient.h @@ -257,8 +257,8 @@ typedef int (*smbc_remove_unused_server_fn)(SMBCCTX * c, SMBCSRV *srv); * */ typedef int (*smbc_add_cached_srv_fn) (SMBCCTX * c, SMBCSRV *srv, - char * server, char * share, - char * workgroup, char * username); + const char * server, const char * share, + const char * workgroup, const char * username); /**@ingroup callback @@ -277,8 +277,9 @@ typedef int (*smbc_add_cached_srv_fn) (SMBCCTX * c, SMBCSRV *srv, * @return pointer to SMBCSRV on success. NULL on failure. * */ -typedef SMBCSRV * (*smbc_get_cached_srv_fn) (SMBCCTX * c, char * server, - char * share, char * workgroup, char * username); +typedef SMBCSRV * (*smbc_get_cached_srv_fn) (SMBCCTX * c, const char * server, + const char * share, const char * workgroup, + const char * username); /**@ingroup callback diff --git a/source3/libsmb/libsmb_cache.c b/source3/libsmb/libsmb_cache.c index b1620042f3..67dc686b48 100644 --- a/source3/libsmb/libsmb_cache.c +++ b/source3/libsmb/libsmb_cache.c @@ -50,8 +50,8 @@ struct smbc_server_cache { * This function is only used if the external cache is not enabled */ static int smbc_add_cached_server(SMBCCTX * context, SMBCSRV * new, - char * server, char * share, - char * workgroup, char * username) + const char * server, const char * share, + const char * workgroup, const char * username) { struct smbc_server_cache * srvcache = NULL; @@ -108,8 +108,8 @@ static int smbc_add_cached_server(SMBCCTX * context, SMBCSRV * new, * returns server_fd on success, -1 on error (not found) * This function is only used if the external cache is not enabled */ -static SMBCSRV * smbc_get_cached_server(SMBCCTX * context, char * server, - char * share, char * workgroup, char * user) +static SMBCSRV * smbc_get_cached_server(SMBCCTX * context, const char * server, + const char * share, const char * workgroup, const char * user) { struct smbc_server_cache * srv = NULL; diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index f74a0be7f3..1da55ed4bd 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -350,7 +350,7 @@ int smbc_remove_unused_server(SMBCCTX * context, SMBCSRV * srv) */ SMBCSRV *smbc_server(SMBCCTX *context, - char *server, char *share, + const char *server, const char *share, char *workgroup, char *username, char *password) { @@ -358,7 +358,8 @@ SMBCSRV *smbc_server(SMBCCTX *context, int auth_called = 0; struct cli_state c; struct nmb_name called, calling; - char *p, *server_n = server; + char *p; + const char *server_n = server; fstring group; pstring ipenv; struct in_addr ip; @@ -1524,27 +1525,27 @@ static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) if (!context || !context->internal || !context->internal->_initialized) { - fprintf(stderr, "no valid context\n"); + DEBUG(4, ("no valid context\n")); errno = EINVAL; return NULL; } if (!fname) { - fprintf(stderr, "no valid fname\n"); + DEBUG(4, ("no valid fname\n")); errno = EINVAL; return NULL; } if (smbc_parse_path(context, fname, server, share, path, user, password)) { - fprintf(stderr, "no valid path\n"); + DEBUG(4, ("no valid path\n")); errno = EINVAL; return NULL; } - fprintf(stderr, "parsed path: fname='%s' server='%s' share='%s' path='%s'\n", fname, server, share, path); + DEBUG(4, ("parsed path: fname='%s' server='%s' share='%s' path='%s'\n", fname, server, share, path)); if (user[0] == (char)0) fstrcpy(user, context->user); @@ -1571,10 +1572,10 @@ static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) if (server[0] == (char)0) { struct in_addr server_ip; - fprintf(stderr, "empty server\n"); + DEBUG(4, ("empty server\n")); if (share[0] != (char)0 || path[0] != (char)0) { - fprintf(stderr, "share %d path %d\n", share[0], path[0]); + DEBUG(4,("share %d path %d\n", share[0], path[0])); errno = EINVAL; if (dir) { SAFE_FREE(dir->fname); @@ -2759,7 +2760,7 @@ SMBCCTX * smbc_init_context(SMBCCTX * context) slprintf(context->netbios_name, 16, "smbc%s%d", context->user, pid); } } - DEBUG(0,("Using netbios name %s.\n", context->netbios_name)); + DEBUG(1,("Using netbios name %s.\n", context->netbios_name)); if (!context->workgroup) { @@ -2771,7 +2772,7 @@ SMBCCTX * smbc_init_context(SMBCCTX * context) context->workgroup = strdup("samba"); } } - DEBUG(0,("Using workgroup %s.\n", context->workgroup)); + DEBUG(1,("Using workgroup %s.\n", context->workgroup)); /* shortest timeout is 1 second */ if (context->timeout > 0 && context->timeout < 1000) -- cgit From 46a6e1f0de1a0c366f4d80289804d0638fcede8c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 17:10:05 +0000 Subject: Add static (This used to be commit 674d0ca5d84b64be395fbeff773c8dd8aeb1518c) --- source3/passdb/pdb_interface.c | 2 +- source3/smbd/vfs.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 95f587b076..8adcd9dbfa 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -61,7 +61,7 @@ BOOL smb_register_passdb(const char *name, pdb_init_function init, int version) return True; } -struct pdb_init_function_entry *pdb_find_backend_entry(const char *name) +static struct pdb_init_function_entry *pdb_find_backend_entry(const char *name) { struct pdb_init_function_entry *entry = backends; pstring stripped; diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index adbde4994d..06aca51322 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -138,7 +138,7 @@ static struct vfs_ops default_vfs_ops = { maintain the list of available backends ****************************************************************************/ -struct vfs_init_function_entry *vfs_find_backend_entry(const char *name) +static struct vfs_init_function_entry *vfs_find_backend_entry(const char *name) { struct vfs_init_function_entry *entry = backends; pstring stripped; -- cgit From 4f59ed8e91a749b84b21187f6c65180ada2b13f4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 17:54:25 +0000 Subject: Use entity for percent sign (This used to be commit 94eaa378dab7d15ad3896b89d2584309ea2d8c69) --- docs/docbook/global.ent | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent index 659c448ed1..5f89a97593 100644 --- a/docs/docbook/global.ent +++ b/docs/docbook/global.ent @@ -6,6 +6,7 @@ + @@ -30,6 +31,7 @@ + -- cgit From d00b6f125fd98d1842cba57c7b509d52470c82d7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 18:07:52 +0000 Subject: Regenerate docs (This used to be commit 20ee66b661e295cc9fb66f00b16de3b382a7e723) --- docs/faq/faq-errors.html | 4 +- docs/faq/faq-printing.html | 2 +- docs/htmldocs/ads.html | 165 +---- docs/htmldocs/appendixes.html | 176 +++-- docs/htmldocs/browsing-quick.html | 85 ++- docs/htmldocs/bugreport.html | 12 +- docs/htmldocs/compiling.html | 142 +++- docs/htmldocs/diagnosis.html | 30 +- docs/htmldocs/domain-security.html | 63 +- docs/htmldocs/groupmapping.html | 26 +- docs/htmldocs/improved-browsing.html | 104 +-- docs/htmldocs/integrate-ms-networks.html | 602 +++-------------- docs/htmldocs/introduction.html | 74 ++- docs/htmldocs/msdfs.html | 34 +- docs/htmldocs/optional.html | 611 ++++++++--------- docs/htmldocs/other-clients.html | 28 +- docs/htmldocs/pam.html | 212 +++--- docs/htmldocs/passdb.html | 56 +- docs/htmldocs/portability.html | 22 +- docs/htmldocs/printing.html | 58 +- docs/htmldocs/samba-bdc.html | 22 +- docs/htmldocs/samba-howto-collection.html | 563 ++++++++-------- docs/htmldocs/samba-pdc.html | 1015 ++--------------------------- docs/htmldocs/securing-samba.html | 38 +- docs/htmldocs/securitylevels.html | 295 ++++++++- docs/htmldocs/speed.html | 68 +- docs/htmldocs/type.html | 162 ++--- docs/htmldocs/unix-permissions.html | 101 +-- docs/htmldocs/vfs.html | 56 +- docs/htmldocs/winbind.html | 70 +- 30 files changed, 1993 insertions(+), 2903 deletions(-) diff --git a/docs/faq/faq-errors.html b/docs/faq/faq-errors.html index 20eca6adea..75f60aa326 100644 --- a/docs/faq/faq-errors.html +++ b/docs/faq/faq-errors.html @@ -132,7 +132,7 @@ Windows NT in the chapter "Portability" of the samba HOWTO collection No, it does not ignore -N, it is just that your server rejected the null password in the connection, so smbclient prompts for a password diff --git a/docs/faq/faq-printing.html b/docs/faq/faq-printing.html index cfe93d8ee8..a806b15de8 100644 --- a/docs/faq/faq-printing.html +++ b/docs/faq/faq-printing.html @@ -109,7 +109,7 @@ BORDER="0" > The setdriver call will fail if the printer doesn't already exist in samba's view of the world. Either create the printer in cups and diff --git a/docs/htmldocs/ads.html b/docs/htmldocs/ads.html index ef019915d8..f37bbf0abc 100644 --- a/docs/htmldocs/ads.html +++ b/docs/htmldocs/ads.html @@ -13,7 +13,7 @@ REL="UP" TITLE="Type of installation" HREF="type.html"> This is a rough guide to setting up Samba 3.0 with kerberos authentication against a Windows2000 KDC. Pieces you need before you begin: a Windows 2000 server. samba 3.0 or higher. the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work. the OpenLDAP development libraries. 8.1. Installing the required packages for Debian On Debian you need to install the following packages: libkrb5-dev krb5-user 8.2. Installing the required packages for RedHat On RedHat this means you should have at least: krb5-workstation (for kinit) krb5-libs (for linking with) krb5-devel (because you are compiling from source) in addition to the standard development environment. Note that these are not standard on a RedHat install, and you may need -to get them off CD2. 8.3. Compile Samba8.1. Setup your smb.conf If your kerberos libraries are in a non-standard location then - remember to add the configure option --with-krb5=DIR. After you run configure make sure that include/config.h it - generates contains - lines like this: #define HAVE_KRB5 1 -#define HAVE_LDAP 1 If it doesn't then configure did not find your krb5 libraries or - your ldap libraries. Look in config.log to figure out why and fix - it. Then compile and install Samba as usual. You must use at least the - following 3 options in smb.conf: You must use at least the following 3 options in smb.conf: You do *not* need a smbpasswd file, and older clients will be authenticated as if "security = domain", although it won't do any harm and allows you to have local users not in the domain. - I expect that the above - required options will change soon when we get better active - directory integration. 8.4. Setup your /etc/krb5.conf8.2. Setup your /etc/krb5.conf The minimal configuration for krb5.conf is: 8.5. Create the computer account8.3. Create the computer account As a user that has write permission on the Samba private directory @@ -291,8 +180,8 @@ CLASS="SECT2" > 8.5.1. Possible errors8.3.1. Possible errors 8.6. Test your server setup8.4. Test your server setup On a Windows 2000 client try 8.7. Testing with smbclient8.5. Testing with smbclient On your Samba server try to login to a Win2000 server or your Samba @@ -349,12 +238,12 @@ CLASS="SECT1" > 8.8. Notes8.6. Notes You must change administrator password at least once after DC install, - to create the right encoding types You must change administrator password at least once after DC +install, to create the right encoding types w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in their defaults DNS setup. Maybe fixed in service packs? How to Act as a Backup Domain Controller in a Purely Samba Controlled DomainSamba Backup Domain Controller to Samba Domain ControlNextTable of Contents23. Samba performance issues 23.1. Comparisons 23.2. Socket options 23.3. Read size 23.4. Max xmit 23.5. Log level 23.6. Read raw 23.7. Write raw 23.8. Slow Clients 23.9. Slow Logins 23.10. Client tuning 24. Portability24.1. HPUX 24.2. SCO Unix 24.3. DNIX 24.4. RedHat Linux Rembrandt-II 24.5. AIX 24.5.1. Sequential Read Ahead 25.1. Macintosh clients? 25.2. OS2 Client 25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? 25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba? 25.2.3. Are there any other issues when OS/2 (any version) is used as a client? 25.2.4. How do I get printer driver download working for OS/2 clients? 25.3. Windows for Workgroups 25.3.1. Use latest TCP/IP stack from Microsoft 25.3.2. Delete .pwl files after password change 25.3.3. Configure WfW password handling 25.3.4. Case handling of passwords 25.3.5. Use TCP/IP as default protocol 25.4. Windows '95/'98 25.5. Windows 2000 Service Pack 2 26.1. Access Samba source code via CVS 26.1.1. Introduction 26.1.2. CVS Access to samba.org 26.2. Accessing the samba sources via rsync and ftp 26.3. Building the Binaries 26.3.1. Compiling samba with Active Directory support 26.4. Starting the smbd and nmbd 26.4.1. Starting from inetd.conf 26.4.2. Alternative: starting it as a daemon 27.1. Introduction 27.2. General info 27.3. Debug levels 27.4. Internal errors 27.5. Attaching to a running process 27.6. Patches 28.1. Introduction 28.2. Assumptions 28.3. Tests 28.3.1. Test 1 28.3.2. Test 2 28.3.3. Test 3 28.3.4. Test 4 28.3.5. Test 5 28.3.6. Test 6 28.3.7. Test 7 28.3.8. Test 8 28.3.9. Test 9 28.3.10. Test 10 28.3.11. Test 11 28.4. Still having troubles? NextPortabilitySamba performance issues 2.2. Use of the "Remote Announce" parameter2.2. How browsing functions and how to deploy stable and +dependable browsing using SambaAs stated above, MS Windows machines register their NetBIOS names +(i.e.: the machine name for each service type in operation) on start +up. Also, as stated above, the exact method by which this name registration +takes place is determined by whether or not the MS Windows client/server +has been given a WINS server address, whether or not LMHOSTS lookup +is enabled, or if DNS for NetBIOS name resolution is enabled, etc. In the case where there is no WINS server all name registrations as +well as name lookups are done by UDP broadcast. This isolates name +resolution to the local subnet, unless LMHOSTS is used to list all +names and IP addresses. In such situations Samba provides a means by +which the samba server name may be forcibly injected into the browse +list of a remote MS Windows network (using the "remote announce" parameter). Where a WINS server is used, the MS Windows client will use UDP +unicast to register with the WINS server. Such packets can be routed +and thus WINS allows name resolution to function across routed networks. During the startup process an election will take place to create a +local master browser if one does not already exist. On each NetBIOS network +one machine will be elected to function as the domain master browser. This +domain browsing has nothing to do with MS security domain control. +Instead, the domain master browser serves the role of contacting each local +master browser (found by asking WINS or from LMHOSTS) and exchanging browse +list contents. This way every master browser will eventually obtain a complete +list of all machines that are on the network. Every 11-15 minutes an election +is held to determine which machine will be the master browser. By the nature of +the election criteria used, the machine with the highest uptime, or the +most senior protocol version, or other criteria, will win the election +as domain master browser. Clients wishing to browse the network make use of this list, but also depend +on the availability of correct name resolution to the respective IP +address/addresses. Any configuration that breaks name resolution and/or browsing intrinsics +will annoy users because they will have to put up with protracted +inability to use the network services. Samba supports a feature that allows forced synchonisation +of browse lists across routed networks using the "remote +browse sync" parameter in the smb.conf file. This causes Samba +to contact the local master browser on a remote network and +to request browse list synchronisation. This effectively bridges +two networks that are separated by routers. The two remote +networks may use either broadcast based name resolution or WINS +based name resolution, but it should be noted that the "remote +browse sync" parameter provides browse list synchronisation - and +that is distinct from name to address resolution, in other +words, for cross subnet browsing to function correctly it is +essential that a name to address resolution mechanism be provided. +This mechanism could be via DNS, /etc/hosts, +and so on. 2.3. Use of the "Remote Announce" parameter The "remote announce" parameter of smb.conf can be used to forcibly ensure @@ -198,8 +265,8 @@ CLASS="SECT1" > 2.3. Use of the "Remote Browse Sync" parameter2.4. Use of the "Remote Browse Sync" parameter The "remote browse sync" parameter of smb.conf is used to announce to @@ -221,8 +288,8 @@ CLASS="SECT1" > 2.4. Use of WINS2.5. Use of WINS Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly @@ -284,8 +351,8 @@ CLASS="SECT1" > 2.5. Do NOT use more than one (1) protocol on MS Windows machines2.6. Do NOT use more than one (1) protocol on MS Windows machines A very common cause of browsing problems results from installing more than @@ -327,8 +394,8 @@ CLASS="SECT1" > 2.6. Name Resolution Order2.7. Name Resolution Order Resolution of NetBIOS names to IP addresses can take place using a number diff --git a/docs/htmldocs/bugreport.html b/docs/htmldocs/bugreport.html index ccac1c5779..0711f00f80 100644 --- a/docs/htmldocs/bugreport.html +++ b/docs/htmldocs/bugreport.html @@ -80,7 +80,7 @@ CLASS="SECT1" > 27.1. Introduction 27.2. General info 27.3. Debug levels 27.4. Internal errors 27.5. Attaching to a running process 27.6. Patches 26.1. Access Samba source code via CVS 26.1.1. Introduction 26.1.2. CVS Access to samba.org 26.1.2.1. Access via CVSweb 26.1.2.2. Access via cvs 26.2. Accessing the samba sources via rsync and ftp 26.3. Building the Binaries if you find this version a disaster! 26.3.1. Compiling samba with Active Directory support In order to compile samba with ADS support, you need to have installed + on your system: + the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work. the OpenLDAP development libraries. + + If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR. After you run configure make sure that include/config.h it generates contains lines like this: #define HAVE_KRB5 1 +#define HAVE_LDAP 1 + If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it. 26.3.1.1. Installing the required packages for Debian On Debian you need to install the following packages: libkrb5-dev krb5-user + 26.3.1.2. Installing the required packages for RedHat On RedHat this means you should have at least: krb5-workstation (for kinit) krb5-libs (for linking with) krb5-devel (because you are compiling from source) + in addition to the standard development environment. Note that these are not standard on a RedHat install, and you may need + to get them off CD2. 26.4. Starting the smbd and nmbd 26.4.1. Starting from inetd.conf 26.4.2. Alternative: starting it as a daemon 28.1. Introduction 28.2. Assumptions 28.3. Tests 28.3.1. Test 1 28.3.2. Test 2 28.3.3. Test 3 28.3.4. Test 4 28.3.5. Test 5 28.3.6. Test 6 28.3.7. Test 7 28.3.8. Test 8 28.3.9. Test 9 28.3.10. Test 10 28.3.11. Test 11 28.4. Still having troubles? 9.1. Joining an NT Domain with Samba 3.0 security = domain or - security = ads depending on if the PDC is - NT4 or running Active Directory respectivly. Next change the root# net join -S DOMPDC +>net rpc join -S DOMPDC -UAdministrator%password 9.2. Samba and Windows 2000 Domains Many people have asked regarding the state of Samba's ability to participate in -a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows -2000 domain operating in mixed or native mode. The steps above apply -to both NT4 and Windows 2000. 9.3. Why is this better than security = server?9.2. Why is this better than security = server? Currently, domain security in Samba doesn't free you from @@ -341,13 +322,27 @@ CLASS="COMMAND" authenticating to a PDC means that as part of the authentication reply, the Samba server gets the user identification information such as the user SID, the list of NT groups the user belongs to, etc. NOTE: Much of the text of this document was first published in the Web magazine Doing the NIS/NT Samba. Optional configurationAdvanced Configuration PrevNextChapter 19. Group mapping HOWTOChapter 12. Group mapping HOWTO Starting with Samba 3.0 alpha 2, a new group mapping function is available. The @@ -185,7 +186,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevNextStackable VFS modulesUNIX Permission Bits and Windows NT Access Control ListsSamba performance issuesConfiguring PAM for distributed but centrally +managed authentication PrevNextChapter 17. Improved browsing in sambaChapter 18. Improved browsing in samba17.1. Overview of browsing18.1. Overview of browsing SMB networking provides a mechanism by which clients can access a list @@ -109,8 +109,8 @@ CLASS="SECT1" > 17.2. Browsing support in samba18.2. Browsing support in samba Samba facilitates browsing. The browsing is supported by nmbd @@ -152,8 +152,8 @@ CLASS="SECT1" > 17.3. Problem resolution18.3. Problem resolution If something doesn't work then hopefully the log.nmb file will help @@ -199,8 +199,8 @@ CLASS="SECT1" > 17.4. Browsing across subnets18.4. Browsing across subnets Since the release of Samba 1.9.17(alpha1) Samba has been @@ -230,8 +230,8 @@ CLASS="SECT2" > 17.4.1. How does cross subnet browsing work ?18.4.1. How does cross subnet browsing work ? Cross subnet browsing is a complicated dance, containing multiple @@ -441,8 +441,8 @@ CLASS="SECT1" > 17.5. Setting up a WINS server18.5. Setting up a WINS server Either a Samba machine or a Windows NT Server machine may be set up @@ -524,8 +524,8 @@ CLASS="SECT1" > 17.6. Setting up Browsing in a WORKGROUP18.6. Setting up Browsing in a WORKGROUP To set up cross subnet browsing on a network containing machines @@ -556,10 +556,10 @@ options in the [global] section of the smb.conf file : domain master = yes - local master = yes - preferred master = yes - os level = 65domain master = yes +local master = yes +preferred master = yes +os level = 65 The domain master browser may be the same machine as the WINS @@ -576,10 +576,10 @@ smb.conf file : domain master = no - local master = yes - preferred master = yes - os level = 65domain master = no +local master = yes +preferred master = yes +os level = 65 Do not do this for more than one Samba server on each subnet, @@ -598,10 +598,10 @@ options in the [global] section of the smb.conf file : domain master = no - local master = no - preferred master = no - os level = 0domain master = no +local master = no +preferred master = no +os level = 0 17.7. Setting up Browsing in a DOMAIN18.7. Setting up Browsing in a DOMAIN If you are adding Samba servers to a Windows NT Domain then @@ -628,10 +628,10 @@ file : domain master = no - local master = yes - preferred master = yes - os level = 65domain master = no +local master = yes +preferred master = yes +os level = 65 If you wish to have a Samba server fight the election with machines @@ -660,8 +660,8 @@ CLASS="SECT1" > 17.8. Forcing samba to be the master18.8. Forcing samba to be the master Who becomes the "master browser" is determined by an election process @@ -708,8 +708,8 @@ CLASS="SECT1" > 17.9. Making samba the domain master18.9. Making samba the domain master The domain master is responsible for collating the browse lists of @@ -781,8 +781,8 @@ CLASS="SECT1" > 17.10. Note about broadcast addresses18.10. Note about broadcast addresses If your network uses a "0" based broadcast address (for example if it @@ -795,8 +795,8 @@ CLASS="SECT1" > 17.11. Multiple interfaces18.11. Multiple interfaces Samba now supports machines with multiple network interfaces. If you @@ -820,7 +820,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevNextUnified Logons between Windows NT and UNIX using WinbindIntegrating MS Windows networks with SambaStackable VFS modulesHosting a Microsoft Distributed File System tree on Samba PrevNextChapter 10. Integrating MS Windows networks with Samba10.1. Agenda Chapter 17. Integrating MS Windows networks with SambaTo identify the key functional mechanisms of MS Windows networking -to enable the deployment of Samba as a means of extending and/or -replacing MS Windows NT/2000 technology. We will examine:This section deals with NetBIOS over TCP/IP name to IP address resolution. If you +your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this +section does not apply to your installation. If your installation involves use of +NetBIOS over TCP/IP then this section may help you to resolve networking problems. Name resolution in a pure Unix/Linux TCP/IP - environment - Name resolution as used within MS Windows - networking - How browsing functions and how to deploy stable - and dependable browsing using Samba - MS Windows security options and how to - configure Samba for seemless integration - NetBIOS over TCP/IP has nothing to do with NetBEUI. NetBEUI is NetBIOS + over Logical Link Control (LLC). On modern networks it is highly advised + to NOT run NetBEUI at all. Note also that there is NO such thing as + NetBEUI over TCP/IP - the existence of such a protocol is a complete + and utter mis-apprehension. Configuration of Samba as:Since the introduction of MS Windows 2000 it is possible to run MS Windows networking +without the use of NetBIOS over TCP/IP. NetBIOS over TCP/IP uses UDP port 137 for NetBIOS +name resolution and uses TCP port 139 for NetBIOS session services. When NetBIOS over +TCP/IP is disabled on MS Windows 2000 and later clients then only TCP port 445 will be +used and UDP port 137 and TCP port 139 will not. A stand-alone server An MS Windows NT 3.x/4.0 security domain member - An alternative to an MS Windows NT 3.x/4.0 Domain Controller - When using Windows 2000 or later clients, if NetBIOS over TCP/IP is NOT disabled, then +the client will use UDP port 137 (NetBIOS Name Service, also known as the Windows Internet +Name Service or WINS), TCP port 139 AND TCP port 445 (for actual file and print traffic). When NetBIOS over TCP/IP is disabled the use of DNS is essential. Most installations that +disable NetBIOS over TCP/IP today use MS Active Directory Service (ADS). ADS requires +Dynamic DNS with Service Resource Records (SRV RR) and with Incremental Zone Transfers (IXFR). +Use of DHCP with ADS is recommended as a further means of maintaining central control +over client workstation network configuration. 10.2. Name Resolution in a pure Unix/Linux world17.1. Name Resolution in a pure Unix/Linux world The key configuration files covered in this section are: 10.2.1. 17.1.1. /etc/hosts 10.2.2. 17.1.2. /etc/resolv.conf10.2.3. 17.1.3. /etc/host.conf10.2.4. 17.1.4. /etc/nsswitch.conf10.3. Name resolution as used within MS Windows networking17.2. Name resolution as used within MS Windows networking MS Windows networking is predicated about the name each machine @@ -491,8 +499,8 @@ CLASS="SECT2" > 10.3.1. The NetBIOS Name Cache17.2.1. The NetBIOS Name Cache All MS Windows machines employ an in memory buffer in which is @@ -518,8 +526,8 @@ CLASS="SECT2" > 10.3.2. The LMHOSTS file17.2.2. The LMHOSTS file This file is usually located in MS Windows NT 4.0 or @@ -621,8 +629,8 @@ CLASS="SECT2" > 10.3.3. HOSTS file17.2.3. HOSTS file This file is usually located in MS Windows NT 4.0 or 2000 in @@ -643,8 +651,8 @@ CLASS="SECT2" > 10.3.4. DNS Lookup17.2.4. DNS Lookup This capability is configured in the TCP/IP setup area in the network @@ -663,8 +671,8 @@ CLASS="SECT2" > 10.3.5. WINS Lookup17.2.5. WINS Lookup A WINS (Windows Internet Name Server) service is the equivaent of the @@ -699,416 +707,6 @@ CLASS="REPLACEABLE" of the WINS server. 10.4. How browsing functions and how to deploy stable and -dependable browsing using Samba As stated above, MS Windows machines register their NetBIOS names -(i.e.: the machine name for each service type in operation) on start -up. Also, as stated above, the exact method by which this name registration -takes place is determined by whether or not the MS Windows client/server -has been given a WINS server address, whether or not LMHOSTS lookup -is enabled, or if DNS for NetBIOS name resolution is enabled, etc. In the case where there is no WINS server all name registrations as -well as name lookups are done by UDP broadcast. This isolates name -resolution to the local subnet, unless LMHOSTS is used to list all -names and IP addresses. In such situations Samba provides a means by -which the samba server name may be forcibly injected into the browse -list of a remote MS Windows network (using the "remote announce" parameter). Where a WINS server is used, the MS Windows client will use UDP -unicast to register with the WINS server. Such packets can be routed -and thus WINS allows name resolution to function across routed networks. During the startup process an election will take place to create a -local master browser if one does not already exist. On each NetBIOS network -one machine will be elected to function as the domain master browser. This -domain browsing has nothing to do with MS security domain control. -Instead, the domain master browser serves the role of contacting each local -master browser (found by asking WINS or from LMHOSTS) and exchanging browse -list contents. This way every master browser will eventually obtain a complete -list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By the nature of -the election criteria used, the machine with the highest uptime, or the -most senior protocol version, or other criteria, will win the election -as domain master browser. Clients wishing to browse the network make use of this list, but also depend -on the availability of correct name resolution to the respective IP -address/addresses. Any configuration that breaks name resolution and/or browsing intrinsics -will annoy users because they will have to put up with protracted -inability to use the network services. Samba supports a feature that allows forced synchonisation -of browse lists across routed networks using the "remote -browse sync" parameter in the smb.conf file. This causes Samba -to contact the local master browser on a remote network and -to request browse list synchronisation. This effectively bridges -two networks that are separated by routers. The two remote -networks may use either broadcast based name resolution or WINS -based name resolution, but it should be noted that the "remote -browse sync" parameter provides browse list synchronisation - and -that is distinct from name to address resolution, in other -words, for cross subnet browsing to function correctly it is -essential that a name to address resolution mechanism be provided. -This mechanism could be via DNS, /etc/hosts, -and so on. 10.5. MS Windows security options and how to configure -Samba for seemless integration MS Windows clients may use encrypted passwords as part of a -challenege/response authentication model (a.k.a. NTLMv1) or -alone, or clear text strings for simple password based -authentication. It should be realized that with the SMB -protocol the password is passed over the network either -in plain text or encrypted, but not both in the same -authentication requets. When encrypted passwords are used a password that has been -entered by the user is encrypted in two ways: An MD4 hash of the UNICODE of the password - string. This is known as the NT hash. - The password is converted to upper case, - and then padded or trucated to 14 bytes. This string is - then appended with 5 bytes of NULL characters and split to - form two 56 bit DES keys to encrypt a "magic" 8 byte value. - The resulting 16 bytes for the LanMan hash. - You should refer to the Password Encryption chapter in this HOWTO collection -for more details on the inner workings MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x -and version 4.0 pre-service pack 3 will use either mode of -password authentication. All versions of MS Windows that follow -these versions no longer support plain text passwords by default. MS Windows clients have a habit of dropping network mappings that -have been idle for 10 minutes or longer. When the user attempts to -use the mapped drive connection that has been dropped, the client -re-establishes the connection using -a cached copy of the password. When Microsoft changed the default password mode, they dropped support for -caching of the plain text password. This means that when the registry -parameter is changed to re-enable use of plain text passwords it appears to -work, but when a dropped mapping attempts to revalidate it will fail if -the remote authentication server does not support encrypted passwords. -This means that it is definitely not a good idea to re-enable plain text -password support in such clients. The following parameters can be used to work around the -issue of Windows 9x client upper casing usernames and -password before transmitting them to the SMB server -when using clear text authentication. passsword level = integer - username level = integer By default Samba will lower case the username before attempting -to lookup the user in the database of local system accounts. -Because UNIX usernames conventionally only contain lower case -character, the username level parameter -is rarely even needed. However, password on UNIX systems often make use of mixed case -characters. This means that in order for a user on a Windows 9x -client to connect to a Samba server using clear text authentication, -the password level must be set to the maximum -number of upper case letter which could appear -is a password. Note that is the server OS uses the traditional -DES version of crypt(), then a password level -of 8 will result in case insensitive passwords as seen from Windows -users. This will also result in longer login times as Samba -hash to compute the permutations of the password string and -try them one by one until a match is located (or all combinations fail). The best option to adopt is to enable support for encrypted passwords -where ever Samba is used. There are three configuration possibilities -for support of encrypted passwords: 10.5.1. Use MS Windows NT as an authentication server This method involves the additions of the following parameters -in the smb.conf file: encrypt passwords = Yes - security = server - password server = "NetBIOS_name_of_PDC" There are two ways of identifying whether or not a username and -password pair was valid or not. One uses the reply information provided -as part of the authentication messaging process, the other uses -just and error code. The down-side of this mode of configuration is the fact that -for security reasons Samba will send the password server a bogus -username and a bogus password and if the remote server fails to -reject the username and password pair then an alternative mode -of identification of validation is used. Where a site uses password -lock out after a certain number of failed authentication attempts -this will result in user lockouts. Use of this mode of authentication does require there to be -a standard Unix account for the user, this account can be blocked -to prevent logons by other than MS Windows clients. 10.5.2. Make Samba a member of an MS Windows NT security domain This method involves additon of the following paramters in the smb.conf file: encrypt passwords = Yes - security = domain - workgroup = "name of NT domain" - password server = * The use of the "*" argument to "password server" will cause samba -to locate the domain controller in a way analogous to the way -this is done within MS Windows NT. In order for this method to work the Samba server needs to join the -MS Windows NT security domain. This is done as follows: On the MS Windows NT domain controller using - the Server Manager add a machine account for the Samba server. - Next, on the Linux system execute: - smbpasswd -r PDC_NAME -j DOMAIN_NAME - Use of this mode of authentication does require there to be -a standard Unix account for the user in order to assign -a uid once the account has been authenticated by the remote -Windows DC. This account can be blocked to prevent logons by -other than MS Windows clients by things such as setting an invalid -shell in the /etc/passwd entry. An alternative to assigning UIDs to Windows users on a -Samba member server is presented in the Winbind Overview chapter in -this HOWTO collection. 10.5.3. Configure Samba as an authentication server This mode of authentication demands that there be on the -Unix/Linux system both a Unix style account as well as an -smbpasswd entry for the user. The Unix system account can be -locked if required as only the encrypted password will be -used for SMB client authentication. This method involves addition of the following parameters to -the smb.conf file: ## please refer to the Samba PDC HOWTO chapter later in -## this collection for more details -[global] - encrypt passwords = Yes - security = user - domain logons = Yes - ; an OS level of 33 or more is recommended - os level = 33 - -[NETLOGON] - path = /somewhare/in/file/system - read only = yes in order for this method to work a Unix system account needs -to be created for each user, as well as for each MS Windows NT/2000 -machine. The following structure is required. 10.5.3.1. Users A user account that may provide a home directory should be -created. The following Linux system commands are typical of -the procedure for creating an account. # useradd -s /bin/bash -d /home/"userid" -m "userid" - # passwd "userid" - Enter Password: <pw> - - # smbpasswd -a "userid" - Enter Password: <pw> 10.5.3.2. MS Windows NT Machine Accounts These are required only when Samba is used as a domain -controller. Refer to the Samba-PDC-HOWTO for more details. # useradd -s /bin/false -d /dev/null "machine_name"\$ - # passwd -l "machine_name"\$ - # smbpasswd -a -m "machine_name" 10.6. Conclusions Samba provides a flexible means to operate as... A Stand-alone server - No special action is needed - other than to create user accounts. Stand-alone servers do NOT - provide network logon services, meaning that machines that use this - server do NOT perform a domain logon but instead make use only of - the MS Windows logon which is local to the MS Windows - workstation/server. - An MS Windows NT 3.x/4.0 security domain member. - An alternative to an MS Windows NT 3.x/4.0 - Domain Controller. - PrevNextOptional configurationUnified Logons between Windows NT and UNIX using WinbindUNIX Permission Bits and Windows NT Access Control ListsImproved browsing in samba 2.2. Use of the "Remote Announce" parameterHow browsing functions and how to deploy stable and +dependable browsing using Samba 2.3. Use of the "Remote Browse Sync" parameterUse of the "Remote Announce" parameter 2.4. Use of WINSUse of the "Remote Browse Sync" parameter 2.5. Do NOT use more than one (1) protocol on MS Windows machinesUse of WINS 2.6. Do NOT use more than one (1) protocol on MS Windows machines 2.7. Name Resolution Order 3.1. Introduction 3.2. Important Notes About Security 3.2.1. Advantages of SMB Encryption 3.2.2. Advantages of non-encrypted passwords 3.3. The smbpasswd Command 3.4. Plain text 3.5. TDB 3.6. LDAP 3.6.1. Introduction 3.6.2. Introduction 3.6.3. Supported LDAP Servers 3.6.4. Schema and Relationship to the RFC 2307 posixAccount 3.6.5. Configuring Samba with LDAP 3.6.6. Accounts and Groups management 3.6.7. Security and sambaAccount 3.6.8. LDAP specials attributes for sambaAccounts 3.6.9. Example LDIF Entries for a sambaAccount 3.7. MySQL 3.7.1. Building 3.7.2. Creating the database 3.7.3. Configuring 3.7.4. Using plaintext passwords or encrypted password 3.7.5. Getting non-column data from the table 3.8. Passdb XML plugin 3.8.1. Building 3.8.2. Usage PrevNextChapter 13. Hosting a Microsoft Distributed File System tree on SambaChapter 19. Hosting a Microsoft Distributed File System tree on Samba13.1. Instructions19.1. Instructions The Distributed File System (or Dfs) provides a means of @@ -213,8 +212,8 @@ CLASS="SECT2" > 13.1.1. Notes19.1.1. Notes PrevNextConfiguring PAM for distributed but centrally -managed authenticationImproved browsing in sambaPrinting SupportStackable VFS modules Optional configurationAdvanced ConfigurationNextIII. Optional configuration III. Advanced ConfigurationIntroduction 10. Integrating MS Windows networks with SambaSystem Policies 10.1. Agenda 10.2. Name Resolution in a pure Unix/Linux worldBasic System Policy Info 10.2.1. /etc/hosts 10.2.2. /etc/resolv.conf 10.2.3. /etc/host.conf 10.2.4. /etc/nsswitch.conf10.1.1. Creating Group Prolicy Files 10.3. Name resolution as used within MS Windows networking10.2. Roaming Profiles 10.3.1. The NetBIOS Name Cache 10.3.2. The LMHOSTS file10.2.1. Windows NT Configuration 10.3.3. HOSTS file10.2.2. Windows 9X Configuration 10.3.4. DNS Lookup10.2.3. Win9X and WinNT Configuration 10.3.5. WINS Lookup10.2.4. Windows 9X Profile Setup 10.4. How browsing functions and how to deploy stable and -dependable browsing using Samba10.2.5. Windows NT Workstation 4.0 10.5. MS Windows security options and how to configure -Samba for seemless integration10.2.6. Windows NT/200x Server 10.5.1. Use MS Windows NT as an authentication server10.2.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations 10.5.2. Make Samba a member of an MS Windows NT security domain10.2.8. Windows NT 4 10.5.3. Configure Samba as an authentication server10.2.9. Windows 2000/XP 10.6. Conclusions 11.1. Viewing and changing UNIX permissions using the NT security dialogs 11.2. How to view file security on a Samba share 11.3. Viewing file ownership 11.4. Viewing file or directory permissions 11.4.1. File Permissions 11.4.2. Directory Permissions 11.5. Modifying file or directory permissions 11.6. Interaction with the standard Samba create mask parameters 11.7. Interaction with the standard Samba file attribute mapping 12. Group mapping HOWTO 13. Configuring PAM for distributed but centrally managed authentication 12.1. 13.1. Samba and PAM 12.2. 13.2. Distributed Authentication 12.3. 13.3. PAM Configuration in smb.conf 13. Hosting a Microsoft Distributed File System tree on Samba 13.1. Instructions 13.1.1. Notes 14. Printing Support14.1. Introduction 14.2. Configuration 14.2.1. Creating [print$] 14.2.2. Setting Drivers for Existing Printers 14.2.3. Support a large number of printers 14.2.4. Adding New Printers via the Windows NT APW 14.2.5. Samba and Printer Ports 14.3. The Imprints Toolset 14.3.1. What is Imprints? 14.3.2. Creating Printer Driver Packages 14.3.3. The Imprints server 14.3.4. The Installation Client 14.4. Diagnosis 14.4.1. Introduction 14.4.2. Debugging printer problems 14.4.3. What printers do I have? 14.4.4. Setting up printcap and print servers 14.4.5. Job sent, no output 14.4.6. Job sent, strange output 14.4.7. Raw PostScript printed 14.4.8. Advanced Printing 14.4.9. Real debugging 15.1. Introduction 15.2. CUPS - RAW Print Through Mode 15.3. The CUPS Filter Chains 15.4. CUPS Print Drivers and Devices 15.4.1. Further printing steps 15.5. Limiting the number of pages users can print 15.6. Advanced Postscript Printing from MS Windows 15.7. Auto-Deletion of CUPS spool files 16.1. Abstract 16.2. Introduction 16.3. What Winbind Provides 16.3.1. Target Uses 16.4. How Winbind Works 16.4.1. Microsoft Remote Procedure Calls 16.4.2. Microsoft Active Directory Services 16.4.3. Name Service Switch 16.4.4. Pluggable Authentication Modules 16.4.5. User and Group ID Allocation 16.4.6. Result Caching 16.5. Installation and Configuration 16.5.1. Introduction 16.5.2. Requirements 16.5.3. Testing Things Out 16.6. Limitations 16.7. Conclusion 17. Improved browsing in sambaIntegrating MS Windows networks with Samba 17.1. Overview of browsingName Resolution in a pure Unix/Linux world 17.2. Browsing support in samba17.1.1. /etc/hosts 17.3. Problem resolution17.1.2. /etc/resolv.conf 17.4. Browsing across subnets17.1.3. /etc/host.conf 17.4.1. How does cross subnet browsing work ?17.1.4. /etc/nsswitch.conf 17.5. Setting up a WINS server 17.6. Setting up Browsing in a WORKGROUP17.2. Name resolution as used within MS Windows networking 17.7. Setting up Browsing in a DOMAIN17.2.1. The NetBIOS Name Cache 17.8. Forcing samba to be the master17.2.2. The LMHOSTS file 17.9. Making samba the domain master17.2.3. HOSTS file 17.10. Note about broadcast addresses17.2.4. DNS Lookup 17.11. Multiple interfaces17.2.5. WINS Lookup 18. Stackable VFS modulesImproved browsing in samba 18.1. Introduction and configurationOverview of browsing 18.2. Included modules 18.2.1. audit 18.2.2. recycleBrowsing support in samba 18.2.3. netatalk18.3. Problem resolution 18.3. VFS modules available elsewhere18.4. Browsing across subnets 18.3.1. DatabaseFS 18.3.2. vscan18.4.1. How does cross subnet browsing work ? 19. Group mapping HOWTO 20. Samba performance issues 20.1. Comparisons18.5. Setting up a WINS server 20.2. Socket options18.6. Setting up Browsing in a WORKGROUP 20.3. Read size18.7. Setting up Browsing in a DOMAIN 20.4. Max xmit18.8. Forcing samba to be the master 20.5. Log level18.9. Making samba the domain master 20.6. Read raw18.10. Note about broadcast addresses 20.7. Write raw18.11. Multiple interfaces 20.8. Slow Clients19. Hosting a Microsoft Distributed File System tree on Samba 20.9. Slow Logins19.1. Instructions 20.10. Client tuning19.1.1. Notes 21. Creating Group Prolicy Files20. Stackable VFS modules 21.1. Windows '9x20.1. Introduction and configuration 21.2. Windows NT 420.2. Included modules 21.2.1. Side bar Notes 21.2.2. Mandatory profiles20.2.1. audit 21.2.3. moveuser.exe20.2.2. recycle 21.2.4. Get SID20.2.3. netatalk 21.3. Windows 2000/XP20.3. VFS modules available elsewhere 20.3.1. DatabaseFS 20.3.2. vscan 22. 21. Securing Samba 22.1. 21.1. Introduction 22.2. 21.2. Using host based protection 22.3. 21.3. Using interface protection 22.4. 21.4. Using a firewall 22.5. 21.5. Using a IPC$ share deny 22.6. 21.6. Upgrading Samba 23. 22. Unicode/Charsets 23.1. 22.1. What are charsets and unicode? 23.2. 22.2. Samba and charsets NextIntegrating MS Windows networks with SambaSystem Policies 25.1. Macintosh clients? 25.2. OS2 Client25.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? 25.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba? 25.2.3. Are there any other issues when OS/2 (any version) is used as a client? 25.2.4. How do I get printer driver download working for OS/2 clients? 25.3. Windows for Workgroups25.3.1. Use latest TCP/IP stack from Microsoft 25.3.2. Delete .pwl files after password change 25.3.3. Configure WfW password handling 25.3.4. Case handling of passwords 25.3.5. Use TCP/IP as default protocol 25.4. Windows '95/'98 25.5. Windows 2000 Service Pack 2 PrevNextChapter 12. Configuring PAM for distributed but centrally +>Chapter 13. Configuring PAM for distributed but centrally managed authentication 12.1. Samba and PAM13.1. Samba and PAM A number of Unix systems (eg: Sun Solaris), as well as the @@ -119,6 +119,45 @@ or by editing individual files that are located in /etc/pam.d. If the PAM authentication module (loadable link library file) is located in the + default location then it is not necessary to specify the path. In the case of + Linux, the default location is /lib/security. If the module + is located other than default then the path may be specified as: + + eg: "auth required /other_path/pam_strange_module.so" + + The following is an example #%PAM-1.0 -# The PAM configuration file for the `login' service -# -auth required pam_securetty.so -auth required pam_nologin.so -# auth required pam_dialup.so -# auth optional pam_mail.so -auth required pam_pwdb.so shadow md5 -# account requisite pam_time.so -account required pam_pwdb.so -session required pam_pwdb.so -# session optional pam_lastlog.so -# password required pam_cracklib.so retry=3 -password required pam_pwdb.so shadow md5 #%PAM-1.0 + # The PAM configuration file for the `login' service + # + auth required pam_securetty.so + auth required pam_nologin.so + # auth required pam_dialup.so + # auth optional pam_mail.so + auth required pam_pwdb.so shadow md5 + # account requisite pam_time.so + account required pam_pwdb.so + session required pam_pwdb.so + # session optional pam_lastlog.so + # password required pam_cracklib.so retry=3 + password required pam_pwdb.so shadow md5 PAM allows use of replacable modules. Those available on a @@ -155,19 +194,19 @@ sample system include: $ /bin/ls /lib/security -pam_access.so pam_ftp.so pam_limits.so -pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so -pam_cracklib.so pam_group.so pam_listfile.so -pam_nologin.so pam_rootok.so pam_tally.so -pam_deny.so pam_issue.so pam_mail.so -pam_permit.so pam_securetty.so pam_time.so -pam_dialup.so pam_lastlog.so pam_mkhomedir.so -pam_pwdb.so pam_shells.so pam_unix.so -pam_env.so pam_ldap.so pam_motd.so -pam_radius.so pam_smbpass.so pam_unix_acct.so -pam_wheel.so pam_unix_auth.so pam_unix_passwd.so -pam_userdb.so pam_warn.so pam_unix_session.so $ /bin/ls /lib/security + pam_access.so pam_ftp.so pam_limits.so + pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so + pam_cracklib.so pam_group.so pam_listfile.so + pam_nologin.so pam_rootok.so pam_tally.so + pam_deny.so pam_issue.so pam_mail.so + pam_permit.so pam_securetty.so pam_time.so + pam_dialup.so pam_lastlog.so pam_mkhomedir.so + pam_pwdb.so pam_shells.so pam_unix.so + pam_env.so pam_ldap.so pam_motd.so + pam_radius.so pam_smbpass.so pam_unix_acct.so + pam_wheel.so pam_unix_auth.so pam_unix_passwd.so + pam_userdb.so pam_warn.so pam_unix_session.so The following example for the login program replaces the use of @@ -230,13 +269,13 @@ source distribution. #%PAM-1.0 -# The PAM configuration file for the `login' service -# -auth required pam_smbpass.so nodelay -account required pam_smbpass.so nodelay -session required pam_smbpass.so nodelay -password required pam_smbpass.so nodelay #%PAM-1.0 + # The PAM configuration file for the `login' service + # + auth required pam_smbpass.so nodelay + account required pam_smbpass.so nodelay + session required pam_smbpass.so nodelay + password required pam_smbpass.so nodelay The following is the PAM configuration file for a particular @@ -247,13 +286,13 @@ CLASS="FILENAME" > #%PAM-1.0 -# The PAM configuration file for the `samba' service -# -auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit -account required /lib/security/pam_pwdb.so audit nodelay -session required /lib/security/pam_pwdb.so nodelay -password required /lib/security/pam_pwdb.so shadow md5 #%PAM-1.0 + # The PAM configuration file for the `samba' service + # + auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit + account required /lib/security/pam_pwdb.so audit nodelay + session required /lib/security/pam_pwdb.so nodelay + password required /lib/security/pam_pwdb.so shadow md5 In the following example the decision has been made to use the @@ -264,16 +303,36 @@ program. #%PAM-1.0 -# The PAM configuration file for the `samba' service -# -auth required /lib/security/pam_smbpass.so nodelay -account required /lib/security/pam_pwdb.so audit nodelay -session required /lib/security/pam_pwdb.so nodelay -password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf #%PAM-1.0 + # The PAM configuration file for the `samba' service + # + auth required /lib/security/pam_smbpass.so nodelay + account required /lib/security/pam_pwdb.so audit nodelay + session required /lib/security/pam_pwdb.so nodelay + password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf Note: PAM allows stacking of authentication mechanisms. It is +> PAM allows stacking of authentication mechanisms. It is also possible to pass information obtained within one PAM module through to the next module in the PAM stack. Please refer to the documentation for your particular system implementation for details regarding the specific @@ -290,14 +349,18 @@ CLASS="FILENAME" on the basis that it allows for easier administration. As with all issues in life though, every decision makes trade-offs, so you may want examine the PAM documentation for further helpful information. 12.2. Distributed Authentication13.2. Distributed Authentication The astute administrator will realize from this that the @@ -308,16 +371,9 @@ CLASS="FILENAME" winbindd, and rsync (see -http://rsync.samba.org/) -will allow the establishment of a centrally managed, distributed +>, and a distributed +passdb backend, such as ldap, will allow the establishment of a +centrally managed, distributed user/password database that can also be used by all PAM (eg: Linux) aware programs and applications. This arrangement can have particularly potent advantages compared with the @@ -329,8 +385,8 @@ CLASS="SECT1" > 12.3. PAM Configuration in smb.conf13.3. PAM Configuration in smb.conf There is an option in smb.conf called . The following is from the on-line help for this option in SWAT; When Samba 2.2 is configure to enable PAM support (i.e. +>When Samba is configured to enable PAM support (i.e. --with-pamPrevNextUNIX Permission Bits and Windows NT Access Control ListsGroup mapping HOWTOHosting a Microsoft Distributed File System tree on SambaPrinting Support 3.1. Introduction 3.2. Important Notes About Security 3.2.1. Advantages of SMB Encryption 3.2.2. Advantages of non-encrypted passwords 3.3. The smbpasswd Command 3.4. Plain text 3.5. TDB 3.6. LDAP3.6.1. Introduction 3.6.2. Introduction 3.6.3. Supported LDAP Servers 3.6.4. Schema and Relationship to the RFC 2307 posixAccount 3.6.5. Configuring Samba with LDAP3.6.5.1. OpenLDAP configuration 3.6.5.2. Configuring Samba 3.6.6. Accounts and Groups management 3.6.7. Security and sambaAccount 3.6.8. LDAP specials attributes for sambaAccounts 3.6.9. Example LDIF Entries for a sambaAccount 3.7. MySQL 3.7.1. Building 3.7.2. Creating the database 3.7.3. Configuring 3.7.4. Using plaintext passwords or encrypted password 3.7.5. Getting non-column data from the table 3.8. Passdb XML plugin 3.8.1. Building 3.8.2. Usage Prev 24.1. HPUX 24.2. SCO Unix 24.3. DNIX 24.4. RedHat Linux Rembrandt-II 24.5. AIX 24.5.1. Sequential Read Ahead PrevAppendixesSamba performance issuesPrev 14.1. Introduction 14.2. Configuration 14.2.1. Creating [print$] 14.2.2. Setting Drivers for Existing Printers 14.2.3. Support a large number of printers 14.2.4. Adding New Printers via the Windows NT APW 14.2.5. Samba and Printer Ports 14.3. The Imprints Toolset 14.3.1. What is Imprints? 14.3.2. Creating Printer Driver Packages 14.3.3. The Imprints server 14.3.4. The Installation Client 14.4. Diagnosis 14.4.1. Introduction 14.4.2. Debugging printer problems 14.4.3. What printers do I have? 14.4.4. Setting up printcap and print servers 14.4.5. Job sent, no output 14.4.6. Job sent, strange output 14.4.7. Raw PostScript printed 14.4.8. Advanced Printing 14.4.9. Real debugging PrevHosting a Microsoft Distributed File System tree on SambaConfiguring PAM for distributed but centrally +managed authenticationHow to Act as a Backup Domain Controller in a Purely Samba Controlled DomainSamba Backup Domain Controller to Samba Domain ControlChapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled DomainChapter 7. Samba Backup Domain Controller to Samba Domain Control 7.1. Prerequisite Reading 7.2. Background 7.3. What qualifies a Domain Controller on the network? 7.3.1. How does a Workstation find its domain controller? 7.3.2. When is the PDC needed? 7.4. Can Samba be a Backup Domain Controller to an NT PDC? 7.5. How do I set up a Samba BDC? 7.5.1. How do I replicate the smbpasswd file? 7.5.2. Can I do this all with LDAP? 2.2. Use of the "Remote Announce" parameterHow browsing functions and how to deploy stable and +dependable browsing using Samba 2.3. Use of the "Remote Browse Sync" parameterUse of the "Remote Announce" parameter 2.4. Use of WINSUse of the "Remote Browse Sync" parameter 2.5. Do NOT use more than one (1) protocol on MS Windows machinesUse of WINS 2.6. Do NOT use more than one (1) protocol on MS Windows machines 2.7. Name Resolution Order 3.1. Introduction 3.2. Important Notes About Security 3.3. The smbpasswd Command 3.4. Plain text 3.5. TDB 3.6. LDAP 3.7. MySQL 3.8. Passdb XML plugin 4.1. Stand Alone Server 4.2. Domain Member Server 4.3. Domain Controller 5. Samba as Stand-Alone server (User and Share security level)Samba as Stand-Alone Server 5.1. User and Share security level 6. 6.1. Prerequisite Reading 6.2. Background 6.3. Configuring the Samba Domain Controller 6.4. Creating Machine Trust Accounts and Joining Clients to the Domain 6.5. Common Problems and Errors 6.6. System Policies and Profiles 6.7. What other help can I get? 6.8. 6.7. Domain Control for Windows 9x/ME 6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled DomainSamba Backup Domain Controller to Samba Domain Control 7.1. Prerequisite Reading 7.2. Background 7.3. What qualifies a Domain Controller on the network? 7.4. Can Samba be a Backup Domain Controller to an NT PDC? 7.5. How do I set up a Samba BDC? 8.1. Installing the required packages for DebianSetup your smb.conf 8.2. Installing the required packages for RedHatSetup your /etc/krb5.conf 8.3. Compile Samba 8.4. Setup your /etc/krb5.conf 8.5. Create the computer account 8.6. 8.4. Test your server setup 8.7. 8.5. Testing with smbclient 8.8. 8.6. Notes 9.1. Joining an NT Domain with Samba 3.0 9.2. Samba and Windows 2000 Domains 9.3. Why is this better than security = server? III. Optional configurationAdvanced Configuration 10. Integrating MS Windows networks with SambaSystem Policies 10.1. AgendaBasic System Policy Info 10.2. Name Resolution in a pure Unix/Linux world 10.3. Name resolution as used within MS Windows networking 10.4. How browsing functions and how to deploy stable and -dependable browsing using Samba 10.5. MS Windows security options and how to configure -Samba for seemless integration 10.6. ConclusionsRoaming Profiles 11.1. Viewing and changing UNIX permissions using the NT security dialogs 11.2. How to view file security on a Samba share 11.3. Viewing file ownership 11.4. Viewing file or directory permissions 11.5. Modifying file or directory permissions 11.6. Interaction with the standard Samba create mask parameters 11.7. Interaction with the standard Samba file attribute mapping 12. Group mapping HOWTO 13. Configuring PAM for distributed but centrally managed authentication 12.1. 13.1. Samba and PAM 12.2. 13.2. Distributed Authentication 12.3. 13.3. PAM Configuration in smb.conf 13. Hosting a Microsoft Distributed File System tree on Samba 13.1. Instructions 14. Printing Support14.1. Introduction 14.2. Configuration 14.3. The Imprints Toolset 14.4. Diagnosis 15.1. Introduction 15.2. CUPS - RAW Print Through Mode 15.3. The CUPS Filter Chains 15.4. CUPS Print Drivers and Devices 15.5. Limiting the number of pages users can print 15.6. Advanced Postscript Printing from MS Windows 15.7. Auto-Deletion of CUPS spool files 16.1. Abstract 16.2. Introduction 16.3. What Winbind Provides 16.4. How Winbind Works 16.5. Installation and Configuration 16.6. Limitations 16.7. Conclusion 17. Integrating MS Windows networks with Samba 17.1. Name Resolution in a pure Unix/Linux world 17.2. Name resolution as used within MS Windows networking 18. Improved browsing in samba 17.1. 18.1. Overview of browsing 17.2. 18.2. Browsing support in samba 17.3. 18.3. Problem resolution 17.4. 18.4. Browsing across subnets 17.5. 18.5. Setting up a WINS server 17.6. 18.6. Setting up Browsing in a WORKGROUP 17.7. 18.7. Setting up Browsing in a DOMAIN 17.8. 18.8. Forcing samba to be the master 17.9. 18.9. Making samba the domain master 17.10. 18.10. Note about broadcast addresses 17.11. 18.11. Multiple interfaces 18. Stackable VFS modules19. Hosting a Microsoft Distributed File System tree on Samba 18.1. Introduction and configuration 18.2. Included modules 18.3. VFS modules available elsewhere19.1. Instructions 19. Group mapping HOWTO 20. Samba performance issuesStackable VFS modules 20.1. ComparisonsIntroduction and configuration 20.2. Socket optionsIncluded modules 20.3. Read size 20.4. Max xmit 20.5. Log level 20.6. Read raw 20.7. Write raw 20.8. Slow Clients 20.9. Slow Logins 20.10. Client tuningVFS modules available elsewhere 21. Creating Group Prolicy Files 21.1. Windows '9x 21.2. Windows NT 4 21.3. Windows 2000/XP 22. Securing Samba 22.1. 21.1. Introduction 22.2. 21.2. Using host based protection 22.3. 21.3. Using interface protection 22.4. 21.4. Using a firewall 22.5. 21.5. Using a IPC$ share deny 22.6. 21.6. Upgrading Samba 23. 22. Unicode/Charsets 23.1. 22.1. What are charsets and unicode? 23.2. 22.2. Samba and charsets 23. Samba performance issues 23.1. Comparisons 23.2. Socket options 23.3. Read size 23.4. Max xmit 23.5. Log level 23.6. Read raw 23.7. Write raw 23.8. Slow Clients 23.9. Slow Logins 23.10. Client tuning 24. Portability24.1. HPUX 24.2. SCO Unix 24.3. DNIX 24.4. RedHat Linux Rembrandt-II 24.5. AIX 25.1. Macintosh clients? 25.2. OS2 Client 25.3. Windows for Workgroups 25.4. Windows '95/'98 25.5. Windows 2000 Service Pack 2 26.1. Access Samba source code via CVS 26.2. Accessing the samba sources via rsync and ftp 26.3. Building the Binaries 26.4. Starting the smbd and nmbd 27.1. Introduction 27.2. General info 27.3. Debug levels 27.4. Internal errors 27.5. Attaching to a running process 27.6. Patches 28.1. Introduction 28.2. Assumptions 28.3. Tests 28.4. Still having troubles? 6.1. Prerequisite Reading 6.2. Background domain logons for Windows NT 4.0 / 200x / XP Professional clients. +> Domain logons for Windows NT 4.0 / 200x / XP Professional clients. placing Windows 9x / Me clients in user level security +> Placing Windows 9x / Me clients in user level security retrieving a list of users and groups from a Samba PDC to +> Retrieving a list of users and groups from a Samba PDC to Windows 9x / Me / NT / 200x / XP Professional clients roaming user profiles +> Roaming Profiles Windows NT 4.0-style system policies +> Network/System Policies Roaming Profiles and System/Network policies are advanced network administration topics +that are covered separately in this document. The following functionalities are new to the Samba 3.0 release: 6.3. Configuring the Samba Domain Controller 6.4. Creating Machine Trust Accounts and Joining Clients to the Domain 6.4.1. Manual Creation of Machine Trust Accounts 6.4.2. "On-the-Fly" Creation of Machine Trust Accounts 6.4.3. Joining the Client to the Domain 6.5. Common Problems and Errors I joined the domain successfully but after upgrading to a newer version of the Samba code I get the message, "The system - can not log you on (C000019B), Please try a gain or consult your + can not log you on (C000019B), Please try again or consult your system administrator" when attempting to logon. This occurs when the domain SID stored in - private/WORKGROUP.SID is - changed. For example, you remove the file and smbd automatically - creates a new one. Or you are swapping back and forth between - versions 2.0.7, TNG and the HEAD branch code (not recommended). The - only way to correct the problem is to restore the original domain - SID or remove the domain client from the domain and rejoin. +> This occurs when the domain SID stored in the secrets.tdb database + is changed. The most common cause of a change in domain SID is when + the domain name and/or the server name (netbios name) is changed. + The only way to correct the problem is to restore the original domain + SID or remove the domain client from the domain and rejoin. The domain + SID may be reset using either the smbpasswd or rpcclient utilities. 6.6. System Policies and Profiles Much of the information necessary to implement System Policies and -Roving User Profiles in a Samba domain is the same as that for -implementing these same items in a Windows NT 4.0 domain. -You should read the white paper Implementing -Profiles and Policies in Windows NT 4.0 available from Microsoft. Here are some additional details: What about Windows NT Policy Editor? - To create or edit ntconfig.pol you must use - the NT Server Policy Editor, poledit.exe which - is included with NT Server but not NT Workstation. - There is a Policy Editor on a NTws - but it is not suitable for creating Domain Policies. - Further, although the Windows 95 - Policy Editor can be installed on an NT Workstation/Server, it will not - work with NT policies because the registry key that are set by the policy templates. - However, the files from the NT Server will run happily enough on an NTws. - You need poledit.exe, common.adm and winnt.adm. It is convenient - to put the two *.adm files in c:\winnt\inf which is where - the binary will look for them unless told otherwise. Note also that that - directory is 'hidden'. - The Windows NT policy editor is also included with the Service Pack 3 (and - later) for Windows NT 4.0. Extract the files using servicepackname /x, - i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, - poledit.exe and the associated template files (*.adm) should - be extracted as well. It is also possible to downloaded the policy template - files for Office97 and get a copy of the policy editor. Another possible - location is with the Zero Administration Kit available for download from Microsoft. - Can Win95 do Policies? - Install the group policy handler for Win9x to pick up group - policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. - Install group policies on a Win9x client by double-clicking - grouppol.inf. Log off and on again a couple of - times and see if Win98 picks up group policies. Unfortunately this needs - to be done on every Win9x machine that uses group policies.... - If group policies don't work one reports suggests getting the updated - (read: working) grouppol.dll for Windows 9x. The group list is grabbed - from /etc/group. - How do I get 'User Manager' and 'Server Manager' - Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager'? - Microsoft distributes a version of these tools called nexus for - installation on Windows 95 systems. The tools set includes - Server Manager User Manager for Domains Event Viewer Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE - The Windows NT 4.0 version of the 'User Manager for - Domains' and 'Server Manager' are available from Microsoft via ftp - from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE - 6.7. What other help can I get?6.6. What other help can I get? There are many sources of information available in the form @@ -1684,62 +1527,27 @@ CLASS="SECT1" > 6.8. Domain Control for Windows 9x/ME6.7. Domain Control for Windows 9x/ME The following section contains much of the original -DOMAIN.txt file previously included with Samba. Much of -the material is based on what went into the book Special -Edition, Using Samba, by Richard Sharpe. A domain and a workgroup are exactly the same thing in terms of network browsing. The difference is that a distributable authentication database is associated with a domain, for secure login access to a network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server (NT server and -other systems based on NT server support this, as does at least Samba TNG now). The SMB client logging on to a domain has an expectation that every other server in the domain should accept the same authentication information. -Network browsing functionality of domains and workgroups is -identical and is explained in BROWSING.txt. It should be noted, that browsing -is totally orthogonal to logon support. Issues related to the single-logon network model are discussed in this section. Samba supports domain logons, network logon scripts, and user profiles for MS Windows for workgroups and MS Windows 9X/ME clients -which will be the focus of this section. When an SMB client in a domain wishes to logon it broadcast requests for a logon server. The first one to reply gets the job, and validates its @@ -1818,8 +1626,8 @@ CLASS="SECT2" > 6.8.1. Configuration Instructions: Network Logons6.7.1. Configuration Instructions: Network Logons The main difference between a PDC and a Windows 9x logon @@ -1919,703 +1727,6 @@ for its domain. 6.8.2. Configuration Instructions: Setting up Roaming User Profiles NOTE! Roaming profiles support is different -for Win9X and WinNT. Before discussing how to configure roaming profiles, it is useful to see how -Win9X and WinNT clients implement these features. Win9X clients send a NetUserGetInfo request to the server to get the user's -profiles location. However, the response does not have room for a separate -profiles location field, only the user's home share. This means that Win9X -profiles are restricted to being in the user's home directory. WinNT clients send a NetSAMLogon RPC request, which contains many fields, -including a separate field for the location of the user's profiles. -This means that support for profiles is different for Win9X and WinNT. 6.8.2.1. Windows NT Configuration To support WinNT clients, in the [global] section of smb.conf set the -following (for example): logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. [lkcl 26aug96 - we have discovered a problem where Windows clients can -maintain a connection to the [homes] share in between logins. The -[homes] share must NOT therefore be used in a profile path.] 6.8.2.2. Windows 9X Configuration To support Win9X clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use/home" now works as well, and it, too, relies -on the "logon home" parameter. By using the logon home parameter, you are restricted to putting Win9X -profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your -smb.conf file: logon home = \\%L\%U\.profiles then your Win9X clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden). Not only that, but 'net use/home' will also work, because of a feature in -Win9X. It removes any directory stuff off the end of the home directory area -and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home". 6.8.2.3. Win9X and WinNT Configuration You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example: logon home = \\%L\%U\.profiles -logon path = \\%L\profiles\%U I have not checked what 'net use /home' does on NT when "logon home" is -set as above. 6.8.2.4. Windows 9X Profile Setup When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders. The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file. On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me. You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password. Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created. These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set. If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the Unix file -permissions and ownership rights on the profile directory contents, -on the samba server. If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". instead of logging in under the [user, password, domain] dialog, - press escape. - run the regedit.exe program, and look in: - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - [Exit the registry editor]. - WARNING - before deleting the contents of the - directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - search for the user's .PWL password-caching file in the c:\windows - directory, and delete it. - log off the windows 95 client. - check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports. If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace. 6.8.2.5. Windows NT Workstation 4.0 When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter. [lkcl 10aug97 - i tried setting the path to -\\samba-server\homes\profile, and discovered that this fails because -a background process maintains the connection to the [homes] share -which does _not_ close down in between user logins. you have to -have \\samba-server\%L\profile, where user is the username created -from the [homes] share]. There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter. The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension) -[lkcl 10aug97 - i found that the creation of the .PDS directory failed, -and had to create these manually for each user, with a shell script. -also, i presume, but have not tested, that the full profile path must -be browseable just as it is for w95, due to the manner in which they -attempt to create the full profile path: test existence of each path -component; create path component]. In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown. You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one. [lkcl 10aug97 - i notice that NT Workstation tells me that it is -downloading a profile from a slow link. whether this is actually the -case, or whether there is some configuration issue, as yet unknown, -that makes NT Workstation _think_ that the link is a slow one is a -matter to be resolved]. [lkcl 20aug97 - after samba digest correspondence, one user found, and -another confirmed, that profiles cannot be loaded from a samba server -unless "security = user" and "encrypt passwords = yes" (see the file -ENCRYPTION.txt) or "security = server" and "password server = ip.address. -of.yourNTserver" are used. Either of these options will allow the NT -workstation to access the samba server using LAN manager encrypted -passwords, without the user intervention normally required by NT -workstation for clear-text passwords]. [lkcl 25aug97 - more comments received about NT profiles: the case of -the profile _matters_. the file _must_ be called NTuser.DAT or, for -a mandatory profile, NTuser.MAN]. 6.8.2.6. Windows NT Server There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords. 6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0 Potentially outdated or incorrect material follows I think this is all bogus, but have not deleted it. (Richard Sharpe) The default logon path is \\%N\%U. NT Workstation will attempt to create -a directory "\\samba-server\username.PDS" if you specify the logon path -as "\\samba-server\username" with the NT User Manager. Therefore, you -will need to specify (for example) "\\samba-server\username\profile". -NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which -is more likely to succeed. If you then want to share the same Start Menu / Desktop with W95, you will -need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 -this has its drawbacks: i created a shortcut to telnet.exe, which attempts -to run from the c:\winnt\system32 directory. this directory is obviously -unlikely to exist on a Win95-only host]. If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory. [lkcl 25aug97 - there are some issues to resolve with downloading of -NT profiles, probably to do with time/date stamps. i have found that -NTuser.DAT is never updated on the workstation after the first time that -it is copied to the local workstation profile directory. this is in -contrast to w95, where it _does_ transfer / update profiles correctly]. 6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba Possibly Outdated Material This appendix was originally authored by John H Terpstra of - the Samba Team and is included here for posterity. - NOTE : -The term "Domain Controller" and those related to it refer to one specific -method of authentication that can underly an SMB domain. Domain Controllers -prior to Windows NT Server 3.1 were sold by various companies and based on -private extensions to the LAN Manager 2.1 protocol. Windows NT introduced -Microsoft-specific ways of distributing the user authentication database. -See DOMAIN.txt for examples of how Samba can participate in or create -SMB domains based on shared authentication database schemes other than the -Windows NT SAM. Windows NT Server can be installed as either a plain file and print server -(WORKGROUP workstation or server) or as a server that participates in Domain -Control (DOMAIN member, Primary Domain controller or Backup Domain controller). -The same is true for OS/2 Warp Server, Digital Pathworks and other similar -products, all of which can participate in Domain Control along with Windows NT. To many people these terms can be confusing, so let's try to clear the air. Every Windows NT system (workstation or server) has a registry database. -The registry contains entries that describe the initialization information -for all services (the equivalent of Unix Daemons) that run within the Windows -NT environment. The registry also contains entries that tell application -software where to find dynamically loadable libraries that they depend upon. -In fact, the registry contains entries that describes everything that anything -may need to know to interact with the rest of the system. The registry files can be located on any Windows NT machine by opening a -command prompt and typing: C:\WINNT\> dir %SystemRoot%\System32\config The environment variable %SystemRoot% value can be obtained by typing: C:\WINNT>echo %SystemRoot% The active parts of the registry that you may want to be familiar with are -the files called: default, system, software, sam and security. In a domain environment, Microsoft Windows NT domain controllers participate -in replication of the SAM and SECURITY files so that all controllers within -the domain have an exactly identical copy of each. The Microsoft Windows NT system is structured within a security model that -says that all applications and services must authenticate themselves before -they can obtain permission from the security manager to do what they set out -to do. The Windows NT User database also resides within the registry. This part of -the registry contains the user's security identifier, home directory, group -memberships, desktop profile, and so on. Every Windows NT system (workstation as well as server) will have its own -registry. Windows NT Servers that participate in Domain Security control -have a database that they share in common - thus they do NOT own an -independent full registry database of their own, as do Workstations and -plain Servers. The User database is called the SAM (Security Access Manager) database and -is used for all user authentication as well as for authentication of inter- -process authentication (i.e. to ensure that the service action a user has -requested is permitted within the limits of that user's privileges). The Samba team have produced a utility that can dump the Windows NT SAM into -smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and -/pub/samba/pwdump on your nearest Samba mirror for the utility. This -facility is useful but cannot be easily used to implement SAM replication -to Samba systems. Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers -can participate in a Domain security system that is controlled by Windows NT -servers that have been correctly configured. Almost every domain will have -ONE Primary Domain Controller (PDC). It is desirable that each domain will -have at least one Backup Domain Controller (BDC). The PDC and BDCs then participate in replication of the SAM database so that -each Domain Controlling participant will have an up to date SAM component -within its registry. Samba as Stand-Alone server (User and Share security level)Samba as Stand-Alone ServerHow to Act as a Backup Domain Controller in a Purely Samba Controlled DomainSamba Backup Domain Controller to Samba Domain Control PrevChapter 22. Securing SambaChapter 21. Securing Samba22.1. Introduction21.1. Introduction This note was attached to the Samba 2.2.8 release notes as it contained an @@ -93,8 +93,8 @@ CLASS="SECT1" > 22.2. Using host based protection21.2. Using host based protection In many installations of Samba the greatest threat comes for outside @@ -125,8 +125,8 @@ CLASS="SECT1" > 22.3. Using interface protection21.3. Using interface protection By default Samba will accept connections on any network interface that @@ -161,8 +161,8 @@ CLASS="SECT1" > 22.4. Using a firewall21.4. Using a firewall Many people use a firewall to deny access to services that they don't @@ -191,8 +191,8 @@ CLASS="SECT1" > 22.5. Using a IPC$ share deny21.5. Using a IPC$ share deny If the above methods are not suitable, then you could also place a @@ -230,8 +230,8 @@ CLASS="SECT1" > 22.6. Upgrading Samba21.6. Upgrading Samba Please check regularly on http://www.samba.org/ for updates and @@ -256,7 +256,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevCreating Group Prolicy FilesStackable VFS modulesSamba as Stand-Alone server (User and Share security level)Samba as Stand-Alone ServerChapter 5. Samba as Stand-Alone server (User and Share security level)Chapter 5. Samba as Stand-Alone Server In this section the function and purpose of Samba's security +modes are described. 5.1. User and Share security level A SMB server tells the client at startup what "security level" it is running. There are two options "share level" and "user level". Which @@ -85,6 +102,14 @@ strange, but it fits in with the client/server approach of SMB. In SMB everything is initiated and controlled by the client, and the server can only tell the client what is available and whether an action is allowed. 5.1.1. User Level Security I'll describe user level security first, as its simpler. In user level security the client will send a "session setup" command directly after @@ -117,6 +142,15 @@ requests. When the server responds it gives the client a "uid" to use as an authentication tag for that username/password. The client can maintain multiple authentication contexts in this way (WinDD is an example of an application that does this) 5.1.2. Share Level Security Ok, now for share level security. In share level security the client authenticates itself separately for each share. It will send a @@ -139,6 +173,15 @@ home directories) and any users listed in the "user =" smb.conf line. The password is then checked in turn against these "possible usernames". If a match is found then the client is authenticated as that user. 5.1.3. Server Level Security Finally "server level" security. In server level security the samba server reports to the client that it is in user level security. The @@ -167,6 +210,254 @@ requests to another "user mode" server. This requires an additional parameter "password server =" that points to the real authentication server. That real authentication server can be another Samba server or can be a Windows NT server, the later natively capable of encrypted password support. 5.1.3.1. Configuring Samba for Seemless Windows Network Integration MS Windows clients may use encrypted passwords as part of a challenege/response +authentication model (a.k.a. NTLMv1) or alone, or clear text strings for simple +password based authentication. It should be realized that with the SMB protocol +the password is passed over the network either in plain text or encrypted, but +not both in the same authentication requests. When encrypted passwords are used a password that has been entered by the user +is encrypted in two ways: An MD4 hash of the UNICODE of the password + string. This is known as the NT hash. + The password is converted to upper case, + and then padded or trucated to 14 bytes. This string is + then appended with 5 bytes of NULL characters and split to + form two 56 bit DES keys to encrypt a "magic" 8 byte value. + The resulting 16 bytes for the LanMan hash. + MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x and version 4.0 +pre-service pack 3 will use either mode of password authentication. All +versions of MS Windows that follow these versions no longer support plain +text passwords by default. MS Windows clients have a habit of dropping network mappings that have been idle +for 10 minutes or longer. When the user attempts to use the mapped drive +connection that has been dropped, the client re-establishes the connection using +a cached copy of the password. When Microsoft changed the default password mode, support was dropped for caching +of the plain text password. This means that when the registry parameter is changed +to re-enable use of plain text passwords it appears to work, but when a dropped +service connection mapping attempts to revalidate it will fail if the remote +authentication server does not support encrypted passwords. This means that it +is definitely not a good idea to re-enable plain text password support in such clients. The following parameters can be used to work around the issue of Windows 9x client +upper casing usernames and password before transmitting them to the SMB server +when using clear text authentication. passsword level = integer + username level = integer By default Samba will lower case the username before attempting to lookup the user +in the database of local system accounts. Because UNIX usernames conventionally +only contain lower case character, the username level parameter +is rarely needed. However, passwords on UNIX systems often make use of mixed case characters. +This means that in order for a user on a Windows 9x client to connect to a Samba +server using clear text authentication, the password level +must be set to the maximum number of upper case letter which could +appear is a password. Note that is the server OS uses the traditional DES version +of crypt(), then a password level of 8 will result in case +insensitive passwords as seen from Windows users. This will also result in longer +login times as Samba hash to compute the permutations of the password string and +try them one by one until a match is located (or all combinations fail). The best option to adopt is to enable support for encrypted passwords +where ever Samba is used. There are three configuration possibilities +for support of encrypted passwords: 5.1.3.2. Use MS Windows NT as an authentication server This method involves the additions of the following parameters in the smb.conf file: encrypt passwords = Yes + security = server + password server = "NetBIOS_name_of_PDC" There are two ways of identifying whether or not a username and +password pair was valid or not. One uses the reply information provided +as part of the authentication messaging process, the other uses +just and error code. The down-side of this mode of configuration is the fact that +for security reasons Samba will send the password server a bogus +username and a bogus password and if the remote server fails to +reject the username and password pair then an alternative mode +of identification of validation is used. Where a site uses password +lock out after a certain number of failed authentication attempts +this will result in user lockouts. Use of this mode of authentication does require there to be +a standard Unix account for the user, this account can be blocked +to prevent logons by other than MS Windows clients. 5.1.4. Domain Level Security When samba is operating in security = domain mode this means that +the Samba server has a domain security trust account (a machine account) and will cause +all authentication requests to be passed through to the domain controllers. 5.1.4.1. Samba as a member of an MS Windows NT security domain This method involves additon of the following paramters in the smb.conf file: encrypt passwords = Yes + security = domain + workgroup = "name of NT domain" + password server = * The use of the "*" argument to "password server" will cause samba to locate the +domain controller in a way analogous to the way this is done within MS Windows NT. +This is the default behaviour. In order for this method to work the Samba server needs to join the +MS Windows NT security domain. This is done as follows: On the MS Windows NT domain controller using + the Server Manager add a machine account for the Samba server. + Next, on the Linux system execute: + smbpasswd -r PDC_NAME -j DOMAIN_NAME + Use of this mode of authentication does require there to be a standard Unix account +for the user in order to assign a uid once the account has been authenticated by +the remote Windows DC. This account can be blocked to prevent logons by other than +MS Windows clients by things such as setting an invalid shell in the +/etc/passwd entry. An alternative to assigning UIDs to Windows users on a Samba member server is +presented in the Winbind Overview chapter +in this HOWTO collection. 5.1.5. ADS Level Security For information about the configuration option please refer to the entire section entitled +Samba as an ADS Domain Member. PrevNextChapter 20. Samba performance issuesChapter 23. Samba performance issues20.1. Comparisons23.1. Comparisons The Samba server uses TCP to talk to the client. Thus if you are @@ -111,8 +111,8 @@ CLASS="SECT1" > 20.2. Socket options23.2. Socket options There are a number of socket options that can greatly affect the @@ -139,8 +139,8 @@ CLASS="SECT1" > 20.3. Read size23.3. Read size The option "read size" affects the overlap of disk reads/writes with @@ -165,8 +165,8 @@ CLASS="SECT1" > 20.4. Max xmit23.4. Max xmit At startup the client and server negotiate a "maximum transmit" size, @@ -188,8 +188,8 @@ CLASS="SECT1" > 20.5. Log level23.5. Log level If you set the log level (also known as "debug level") higher than 2 @@ -202,8 +202,8 @@ CLASS="SECT1" > 20.6. Read raw23.6. Read raw The "read raw" operation is designed to be an optimised, low-latency @@ -224,8 +224,8 @@ CLASS="SECT1" > 20.7. Write raw23.7. Write raw The "write raw" operation is designed to be an optimised, low-latency @@ -241,8 +241,8 @@ CLASS="SECT1" > 20.8. Slow Clients23.8. Slow Clients One person has reported that setting the protocol to COREPLUS rather @@ -258,8 +258,8 @@ CLASS="SECT1" > 20.9. Slow Logins23.9. Slow Logins Slow logins are almost always due to the password checking time. Using @@ -271,8 +271,8 @@ CLASS="SECT1" > 20.10. Client tuning23.10. Client tuning Often a speed problem can be traced to the client. The client (for @@ -389,7 +389,7 @@ WIDTH="33%" ALIGN="left" VALIGN="top" >PrevNextGroup mapping HOWTOAppendixesUpCreating Group Prolicy FilesPortability Introduction 4.1. Stand Alone Server 4.2. Domain Member Server 4.3. Domain Controller 4.3.1. Domain Controller Types 5. Samba as Stand-Alone server (User and Share security level)Samba as Stand-Alone Server 5.1. User and Share security level 5.1.1. User Level Security 5.1.2. Share Level Security 5.1.3. Server Level Security 5.1.4. Domain Level Security 5.1.5. ADS Level Security 6. Samba as an NT4 or Win2k Primary Domain Controller6.1. Prerequisite Reading 6.2. Background 6.3. Configuring the Samba Domain Controller 6.4. Creating Machine Trust Accounts and Joining Clients to the Domain 6.4.1. Manual Creation of Machine Trust Accounts 6.4.2. "On-the-Fly" Creation of Machine Trust Accounts 6.4.3. Joining the Client to the Domain 6.5. Common Problems and Errors 6.6. System Policies and Profiles 6.7. What other help can I get? 6.8. 6.7. Domain Control for Windows 9x/ME 6.8.1. 6.7.1. Configuration Instructions: Network Logons 6.8.2. Configuration Instructions: Setting up Roaming User Profiles 6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled DomainSamba Backup Domain Controller to Samba Domain Control 7.1. Prerequisite Reading 7.2. Background 7.3. What qualifies a Domain Controller on the network? 7.3.1. How does a Workstation find its domain controller? 7.3.2. When is the PDC needed? 7.4. Can Samba be a Backup Domain Controller to an NT PDC? 7.5. How do I set up a Samba BDC? 7.5.1. How do I replicate the smbpasswd file? 7.5.2. Can I do this all with LDAP? 8.1. Installing the required packages for DebianSetup your smb.conf 8.2. Installing the required packages for RedHatSetup your /etc/krb5.conf 8.3. Compile Samba 8.4. Setup your /etc/krb5.conf 8.5. Create the computer account 8.5.1. 8.3.1. Possible errors 8.6. 8.4. Test your server setup 8.7. 8.5. Testing with smbclient 8.8. 8.6. Notes 9.1. Joining an NT Domain with Samba 3.0 9.2. Samba and Windows 2000 Domains 9.3. Why is this better than security = server? PrevNext11.1. Viewing and changing UNIX permissions using the NT security dialogs New in the Samba 2.0.4 release is the ability for Windows - NT clients to use their native security settings dialog box to - view and modify the underlying UNIX permissions.Windows NT clients can use their native security settings + dialog box to view and modify the underlying UNIX permissions. Note that this ability is careful not to compromise the security of the UNIX host Samba is running on, and @@ -100,11 +98,11 @@ CLASS="SECT1" > 11.2. How to view file security on a Samba share From an NT 4.0 client, single-click with the right +>From an NT4/2000/XP client, single-click with the right mouse button on any file or directory in a Samba mounted drive letter or UNC path. When the menu pops-up, click on the Properties entry at the bottom of - the menu. This brings up the normal file properties dialog - box, but with Samba 2.0.4 this will have a new tab along the top - marked Security. Click on this tab and you +> and you will see three buttons, 11.3. Viewing file ownership There is an NT chown command that will work with Samba and allow a user with Administrator privilege connected - to a Samba 2.0.4 server as root to change the ownership of + to a Samba server as root to change the ownership of files on both a local NTFS filesystem or remote mounted NTFS or Samba drive. This is available as part of the 11.4. Viewing file or directory permissions 11.4.1. File Permissions 11.4.2. Directory Permissions 11.5. Modifying file or directory permissions "Add" - button will not return a list of users in Samba 2.0.4 (it will give + button will not return a list of users in Samba (it will give an error message of "The remote procedure call failed @@ -500,13 +497,14 @@ CLASS="SECT1" > 11.6. Interaction with the standard Samba create mask parameters Note that with Samba 2.0.5 there are four new parameters - to control this interaction. These are : There are four parameters + to control interaction with the standard Samba create mask parameters. + These are : create mask parameter to provide compatibility with Samba 2.0.4 - where this permission change facility was introduced. To allow a user to - modify all the user/group/world permissions on a file, set this parameter +> parameter. To allow a user to modify all the + user/group/world permissions on a file, set this parameter to 0777. Next Samba checks the changed permissions for a file against @@ -602,8 +599,7 @@ CLASS="PARAMETER" >force create mode parameter to provide compatibility - with Samba 2.0.4 where the permission change facility was introduced. +> parameter. To allow a user to modify all the user/group/world permissions on a file with no restrictions set this parameter to 000. force directory mode parameter to provide - compatibility with Samba 2.0.4 where the permission change facility - was introduced. parameter. In this way Samba enforces the permission restrictions that an administrator can set on a Samba share, whilst still allowing users @@ -691,37 +685,13 @@ CLASS="PARAMETER" CLASS="PARAMETER" >force directory security mode = 0 As described, in Samba 2.0.4 the parameters : create mask force create mode directory mask force directory mode were used instead of the parameters discussed here. 11.7. Interaction with the standard Samba file attribute mapping PrevNextIntegrating MS Windows networks with SambaSystem PoliciesConfiguring PAM for distributed but centrally -managed authenticationGroup mapping HOWTO PrevNextChapter 18. Stackable VFS modulesChapter 20. Stackable VFS modules18.1. Introduction and configuration20.1. Introduction and configuration Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -121,16 +121,16 @@ CLASS="SECT1" > 18.2. Included modules20.2. Included modules 18.2.1. audit20.2.1. audit A simple module to audit file access to the syslog @@ -167,8 +167,8 @@ CLASS="SECT2" > 18.2.2. recycle20.2.2. recycle A recycle-bin like modules. When used any unlink call @@ -238,8 +238,8 @@ CLASS="SECT2" > 18.2.3. netatalk20.2.3. netatalk A netatalk module, that will ease co-existence of samba and @@ -271,8 +271,8 @@ CLASS="SECT1" > 18.3. VFS modules available elsewhere20.3. VFS modules available elsewhere This section contains a listing of various other VFS modules that @@ -287,8 +287,8 @@ CLASS="SECT2" > 18.3.1. DatabaseFS20.3.1. DatabaseFS URL: 18.3.2. vscan20.3.2. vscan URL: PrevNextImproved browsing in sambaHosting a Microsoft Distributed File System tree on SambaGroup mapping HOWTOSecuring Samba Next16.1. Abstract 16.2. Introduction 16.3. What Winbind Provides 16.3.1. Target Uses 16.4. How Winbind Works 16.4.1. Microsoft Remote Procedure Calls 16.4.2. Microsoft Active Directory Services 16.4.3. Name Service Switch 16.4.4. Pluggable Authentication Modules 16.4.5. User and Group ID Allocation 16.4.6. Result Caching 16.5. Installation and Configuration 16.5.1. Introduction 16.5.2. Requirements 16.5.3. Testing Things Out 16.5.3.1. Configure and compile SAMBA 16.5.3.2. Configure nsswitch.conf16.5.3.3. Configure smb.conf 16.5.3.4. Join the SAMBA server to the PDC domain 16.5.3.5. Start up the winbindd daemon and test it! 16.5.3.6. Fix the init.d startup scripts 16.5.3.6.1. Linux 16.5.3.6.2. Solaris 16.5.3.6.3. Restarting 16.5.3.7. Configure Winbind and PAM 16.5.3.7.1. Linux/FreeBSD-specific PAM configuration 16.5.3.7.2. Solaris-specific configuration 16.6. Limitations 16.7. Conclusion NextImproved browsing in sambaIntegrating MS Windows networks with Samba Date: Wed, 2 Apr 2003 18:32:31 +0000 Subject: Commit some more fixes for Coolo ... (This used to be commit e1a159c55fdeaa1620a3147105be4efd205560ba) --- source3/Makefile.in | 4 +-- source3/include/libsmbclient.h | 10 +++---- source3/libsmb/clirap.c | 2 +- source3/libsmb/libsmbclient.c | 67 +++++++++++++++--------------------------- 4 files changed, 31 insertions(+), 52 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index fbe8f1c165..e38e54bc83 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1087,7 +1087,7 @@ bin/t_strcmp@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_strcmp.o bin/t_stringoverflow@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_stringoverflow.o $(CC) $(FLAGS) -o $@ torture/t_stringoverflow.o -L./bin -lbigballofmud -install: installbin installman installscripts installdat installswat installmodules +install: installbin installman installscripts installdat installswat installmodules installclientlib # DESTDIR is used here to prevent packagers wasting their time # duplicating the Makefile. Remove it and you will have the privelege @@ -1127,7 +1127,7 @@ installswat: installdirs installclientlib: bin/libsmbclient.@SHLIBEXT@ -$(INSTALLCLIENTCMD_SH) bin/libsmbclient.@SHLIBEXT@ $(DESTDIR)${prefix}/lib -$(INSTALLCLIENTCMD_A) bin/libsmbclient.a $(DESTDIR)${prefix}/lib - -$(INSTALLCMD) -d $(DESTDIR)${prefix}/include + @$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)${prefix}/include -$(INSTALLCMD) include/libsmbclient.h $(DESTDIR)${prefix}/include # Python extensions diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h index a9f83cfbd3..f5d653f697 100644 --- a/source3/include/libsmbclient.h +++ b/source3/include/libsmbclient.h @@ -257,10 +257,9 @@ typedef int (*smbc_remove_unused_server_fn)(SMBCCTX * c, SMBCSRV *srv); * */ typedef int (*smbc_add_cached_srv_fn) (SMBCCTX * c, SMBCSRV *srv, - const char * server, const char * share, + const char * server, const char * share, const char * workgroup, const char * username); - /**@ingroup callback * Look up a server in the cache system * @@ -277,10 +276,9 @@ typedef int (*smbc_add_cached_srv_fn) (SMBCCTX * c, SMBCSRV *srv, * @return pointer to SMBCSRV on success. NULL on failure. * */ -typedef SMBCSRV * (*smbc_get_cached_srv_fn) (SMBCCTX * c, const char * server, - const char * share, const char * workgroup, - const char * username); - +typedef SMBCSRV * (*smbc_get_cached_srv_fn) (SMBCCTX * c, const char * server, + const char * share, const char * workgroup, + const char * username); /**@ingroup callback * Check if a server is still good diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index 224c37046c..f05a65762b 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -233,7 +233,7 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, SIVAL(p,0,stype); p += 4; - p += push_pstring_base(p, workgroup, param); + push_ascii(p, workgroup, sizeof(pstring)-PTR_DIFF(p,param)-1, STR_TERMINATE|STR_UPPER); if (cli_api(cli, param, PTR_DIFF(p,param), 8, /* params, length, max */ diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index 1da55ed4bd..06885c55e0 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -351,8 +351,8 @@ int smbc_remove_unused_server(SMBCCTX * context, SMBCSRV * srv) SMBCSRV *smbc_server(SMBCCTX *context, const char *server, const char *share, - char *workgroup, char *username, - char *password) + fstring workgroup, fstring username, + fstring password) { SMBCSRV *srv=NULL; int auth_called = 0; @@ -813,27 +813,6 @@ static int smbc_close_ctx(SMBCCTX *context, SMBCFILE *file) } - if (!file->file) { - - return context->closedir(context, file); - - } - - if (!cli_close(&file->srv->cli, file->cli_fd)) { - DEBUG(3, ("cli_close failed on %s. purging server.\n", - file->fname)); - /* Deallocate slot and remove the server - * from the server cache if unused */ - errno = smbc_errno(context, &file->srv->cli); - srv = file->srv; - DLIST_REMOVE(context->internal->_files, file); - SAFE_FREE(file->fname); - SAFE_FREE(file); - context->callbacks.remove_unused_server_fn(context, srv); - - return -1; - } - DLIST_REMOVE(context->internal->_files, file); SAFE_FREE(file->fname); SAFE_FREE(file); @@ -1087,12 +1066,16 @@ static off_t smbc_lseek_ctx(SMBCCTX *context, SMBCFILE *file, off_t offset, int case SEEK_END: if (!cli_qfileinfo(&file->srv->cli, file->cli_fd, NULL, &size, NULL, NULL, - NULL, NULL, NULL) && - !cli_getattrE(&file->srv->cli, file->cli_fd, NULL, &size, NULL, NULL, - NULL)) { - + NULL, NULL, NULL)) + { + SMB_BIG_UINT b_size = size; + if (!cli_getattrE(&file->srv->cli, file->cli_fd, NULL, &b_size, NULL, NULL, + NULL)) + { errno = EINVAL; return -1; + } else + size = b_size; } file->offset = size + offset; break; @@ -1290,12 +1273,15 @@ static int smbc_fstat_ctx(SMBCCTX *context, SMBCFILE *file, struct stat *st) } if (!cli_qfileinfo(&file->srv->cli, file->cli_fd, - &mode, &size, &c_time, &a_time, &m_time, NULL, &ino) && - !cli_getattrE(&file->srv->cli, file->cli_fd, - &mode, &size, &c_time, &a_time, &m_time)) { + &mode, &size, &c_time, &a_time, &m_time, NULL, &ino)) { + SMB_BIG_UINT b_size = size; + if (!cli_getattrE(&file->srv->cli, file->cli_fd, + &mode, &b_size, &c_time, &a_time, &m_time)) { errno = EINVAL; return -1; + } else + size = b_size; } @@ -1524,8 +1510,7 @@ static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) if (!context || !context->internal || !context->internal->_initialized) { - - DEBUG(4, ("no valid context\n")); + DEBUG(4, ("no valid context\n")); errno = EINVAL; return NULL; @@ -1535,14 +1520,12 @@ static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) DEBUG(4, ("no valid fname\n")); errno = EINVAL; return NULL; - } if (smbc_parse_path(context, fname, server, share, path, user, password)) { - DEBUG(4, ("no valid path\n")); + DEBUG(4, ("no valid path\n")); errno = EINVAL; return NULL; - } DEBUG(4, ("parsed path: fname='%s' server='%s' share='%s' path='%s'\n", fname, server, share, path)); @@ -1571,9 +1554,7 @@ static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) if (server[0] == (char)0) { struct in_addr server_ip; - - DEBUG(4, ("empty server\n")); - + DEBUG(4, ("empty server\n")); if (share[0] != (char)0 || path[0] != (char)0) { DEBUG(4,("share %d path %d\n", share[0], path[0])); errno = EINVAL; @@ -1582,7 +1563,6 @@ static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) SAFE_FREE(dir); } return NULL; - } /* We have server and share and path empty ... so list the workgroups */ @@ -1680,7 +1660,7 @@ static SMBCFILE *smbc_opendir_ctx(SMBCCTX *context, const char *fname) srv = smbc_server(context, buserver, "IPC$", workgroup, user, password); if (!srv) { - + DEBUG(0, ("got no contact to IPC$\n")); if (dir) { SAFE_FREE(dir->fname); SAFE_FREE(dir); @@ -2760,8 +2740,8 @@ SMBCCTX * smbc_init_context(SMBCCTX * context) slprintf(context->netbios_name, 16, "smbc%s%d", context->user, pid); } } - DEBUG(1,("Using netbios name %s.\n", context->netbios_name)); - + + DEBUG(1, ("Using netbios name %s.\n", context->netbios_name)); if (!context->workgroup) { if (lp_workgroup()) { @@ -2772,7 +2752,8 @@ SMBCCTX * smbc_init_context(SMBCCTX * context) context->workgroup = strdup("samba"); } } - DEBUG(1,("Using workgroup %s.\n", context->workgroup)); + + DEBUG(1, ("Using workgroup %s.\n", context->workgroup)); /* shortest timeout is 1 second */ if (context->timeout > 0 && context->timeout < 1000) -- cgit From 0ae1b49b21204e05eb265f30a52e1c15d03bdcb7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 18:45:47 +0000 Subject: Only use cflags and libs from krb5 when they appear to be working - fixes build on BSD machines that have a krb5-config that returns @INCLUDE_des@ for --cflags (This used to be commit e05d78699c6cf6a8340f85e4f55c871fbc100ebf) --- source3/configure.in | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/source3/configure.in b/source3/configure.in index 266dffa38b..9ca12866a2 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2067,6 +2067,7 @@ fi AC_MSG_RESULT($with_ads_support) FOUND_KRB5=no +KRB5_LIBS="" if test x"$with_ads_support" = x"yes"; then ac_save_CFLAGS="$CFLAGS" @@ -2230,15 +2231,15 @@ fi ######################################################## # now see if we can find the krb5 libs in standard paths # or as specified above - AC_CHECK_LIB(krb5, krb5_mk_req_extended, [LIBS="$LIBS -lkrb5"; + AC_CHECK_LIB(krb5, krb5_mk_req_extended, [KRB5_LIBS="$LIBS -lkrb5"; + KRB5_CFLAGS="$CFLAGS"; AC_DEFINE(HAVE_KRB5,1,[Whether KRB5 is available])]) ######################################################## # now see if we can find the gssapi libs in standard paths - AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5"; + AC_CHECK_LIB(gssapi_krb5, gss_display_status, [KRB5_LIBS="$KRB5_LIBS -lgssapi_krb5"; AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])]) -KRB5_LIBS="$LIBS"; KRB5_CFLAGS="$CFLAGS" LIBS="$ac_save_LIBS"; CFLAGS="$ac_save_CFLAGS" fi -- cgit From 48dff2870c48ee61c77b04c6aa83cf1bd80eb0ce Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 18:49:36 +0000 Subject: There's no need to use LDAP_CFLAGS, just use CFLAGS (This used to be commit 5d2fd222a9e4cccd232e492d1aea1dc7a64a1400) --- source3/configure.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/configure.in b/source3/configure.in index 9ca12866a2..5d880caef3 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2260,8 +2260,8 @@ AC_ARG_WITH(ldap, AC_MSG_RESULT($with_ldap_support) if test x"$with_ldap_support" = x"yes"; then -ac_save_CFLAGS="$CFLAGS"; ac_save_LIBS="$LIBS" -CFLAGS=""; LIBS="" +ac_save_LIBS="$LIBS" +LIBS="" ################################################################## # we might need the lber lib on some systems. To avoid link errors @@ -2286,8 +2286,8 @@ CFLAGS=""; LIBS="" AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc]) fi -LDAP_LIBS="$LIBS";LDAP_CFLAGS="$CFLAGS" -LIBS="$ac_save_LIBS"; CFLAGS="$ac_save_CFLAGS" +LDAP_LIBS="$LIBS"; +LIBS="$ac_save_LIBS"; fi if test x"$with_ads_support" = x"yes"; then -- cgit From e9a20f741965e9fff1645045cc385ddc68fcbd39 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Wed, 2 Apr 2003 20:17:28 +0000 Subject: More of coolo's changes for UTF-8 and some minor fixes of mine. (This used to be commit 21a99fdec321c44e31b69589248ff8d1cb927577) --- source3/libsmb/libsmbclient.c | 54 +++++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 17 deletions(-) diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index 06885c55e0..41a6755953 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -65,7 +65,7 @@ hex2int( unsigned int _char ) } static void -decode_urlpart(char *segment) +decode_urlpart(char *segment, size_t sizeof_segment) { int old_length = strlen(segment); int new_length = 0; @@ -121,9 +121,14 @@ decode_urlpart(char *segment) } new_segment [ new_length ] = 0; + free(new_usegment); + + /* realloc it with unix charset */ + pull_utf8_allocate((void**)&new_usegment, new_segment); + /* this assumes (very safely) that removing %aa sequences only shortens the string */ - strncpy(segment, new_segment, old_length); + strncpy(segment, new_usegment, sizeof_segment); free(new_usegment); } @@ -243,15 +248,15 @@ smbc_parse_path(SMBCCTX *context, const char *fname, char *server, char *share, } pstrcpy(path, p); - + all_string_sub(path, "/", "\\", 0); decoding: - decode_urlpart(path); - decode_urlpart(server); - decode_urlpart(share); - decode_urlpart(user); - decode_urlpart(password); + decode_urlpart(path, sizeof(pstring)); + decode_urlpart(server, sizeof(fstring)); + decode_urlpart(share, sizeof(fstring)); + decode_urlpart(user, sizeof(fstring)); + decode_urlpart(password, sizeof(fstring)); return 0; } @@ -1334,6 +1339,13 @@ static int add_dirent(SMBCFILE *dir, const char *name, const char *comment, uint { struct smbc_dirent *dirent; int size; + char *u_name = NULL, *u_comment = NULL; + size_t u_name_len = 0, u_comment_len = 0; + + if (name) + u_name_len = push_utf8_allocate(&u_name, name); + if (comment) + u_comment_len = push_utf8_allocate(&u_comment, comment); /* * Allocate space for the dirent, which must be increased by the @@ -1341,8 +1353,7 @@ static int add_dirent(SMBCFILE *dir, const char *name, const char *comment, uint * The null on the name is already accounted for. */ - size = sizeof(struct smbc_dirent) + (name?strlen(name):0) + - (comment?strlen(comment):0) + 1; + size = sizeof(struct smbc_dirent) + u_name_len + u_comment_len + 1; dirent = malloc(size); @@ -1391,14 +1402,17 @@ static int add_dirent(SMBCFILE *dir, const char *name, const char *comment, uint dir->dir_end->dirent = dirent; dirent->smbc_type = type; - dirent->namelen = (name?strlen(name):0); - dirent->commentlen = (comment?strlen(comment):0); + dirent->namelen = u_name_len; + dirent->commentlen = u_comment_len; dirent->dirlen = size; - strncpy(dirent->name, (name?name:""), dirent->namelen + 1); + strncpy(dirent->name, (u_name?u_name:""), dirent->namelen + 1); dirent->comment = (char *)(&dirent->name + dirent->namelen + 1); - strncpy(dirent->comment, (comment?comment:""), dirent->commentlen + 1); + strncpy(dirent->comment, (u_comment?u_comment:""), dirent->commentlen + 1); + + SAFE_FREE(u_comment); + SAFE_FREE(u_name); return 0; @@ -2158,6 +2172,7 @@ static int smbc_rmdir_ctx(SMBCCTX *context, const char *fname) static off_t smbc_telldir_ctx(SMBCCTX *context, SMBCFILE *dir) { + off_t ret_val; /* Squash warnings about cast */ if (!context || !context->internal || !context->internal->_initialized) { @@ -2181,7 +2196,11 @@ static off_t smbc_telldir_ctx(SMBCCTX *context, SMBCFILE *dir) } - return (off_t) dir->dir_next; + /* + * We return the pointer here as the offset + */ + ret_val = (int)dir->dir_next; + return ret_val; } @@ -2221,8 +2240,9 @@ struct smbc_dir_list *smbc_check_dir_ent(struct smbc_dir_list *list, static int smbc_lseekdir_ctx(SMBCCTX *context, SMBCFILE *dir, off_t offset) { - struct smbc_dirent *dirent = (struct smbc_dirent *)offset; - struct smbc_dir_list *list_ent = NULL; + long int l_offset = offset; /* Handle problems of size */ + struct smbc_dirent *dirent = (struct smbc_dirent *)l_offset; + struct smbc_dir_list *list_ent = (struct smbc_dir_list *)NULL; if (!context || !context->internal || !context->internal->_initialized) { -- cgit From ab0bd4b63c2d08d336fb087705ec258d3ee04abc Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2003 21:48:33 +0000 Subject: winbindd should depend on IDMAP_OBJ too, not just link with it (This used to be commit 3e2b73fcc1b1a202df27a653c48fc43c2fc28bbb) --- source3/Makefile.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index e38e54bc83..8ac2a053fc 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -11,7 +11,7 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ mandir=@mandir@ -LIBS=@LIBS@ +LIBS=@LIBS@ CC=@CC@ SHLD=@SHLD@ CFLAGS=@CFLAGS@ @@ -596,7 +596,7 @@ WINBINDD_OBJ = \ $(WINBINDD_OBJ1) $(PASSDB_GET_SET_OBJ) \ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ - $(PROFILE_OBJ) $(UNIGRP_OBJ) \ + $(PROFILE_OBJ) $(UNIGRP_OBJ) $(IDMAP_OBJ) \ $(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o $(POPT_LIB_OBJ) @@ -948,7 +948,7 @@ nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ) bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(LINK) -o $@ $(WINBINDD_OBJ) $(IDMAP_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) + @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) nsswitch/libns_winbind.@SHLIBEXT@: $(WINBIND_NSS_PICOBJS) @echo "Linking $@" -- cgit From 28ff00ab40089882957d230161c4e9ededf0965d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Apr 2003 01:51:11 +0000 Subject: Fixup swat warning. Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" noticed the problem. Jeremy. (This used to be commit 214b217b276f43edfddd1664afaae0fa6b2c319f) --- source3/nsswitch/winbindd_dual.c | 6 ++++++ source3/web/swat.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c index 207757bcea..3597171005 100644 --- a/source3/nsswitch/winbindd_dual.c +++ b/source3/nsswitch/winbindd_dual.c @@ -159,6 +159,12 @@ void do_dual_daemon(void) return; } close(fdpair[1]); + + /* tdb needs special fork handling */ + if (tdb_reopen_all() == -1) { + DEBUG(0,("tdb_reopen_all failed.\n")); + _exit(0); + } if (!winbind_setup_common()) _exit(0); diff --git a/source3/web/swat.c b/source3/web/swat.c index 9a133e1330..fa319bb3ae 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -1262,7 +1262,7 @@ static void printers_page(void) int main(int argc, char *argv[]) { int opt; - char *page; + const char *page; poptContext pc; struct poptOption long_options[] = { POPT_AUTOHELP -- cgit From 77dc0bc6bfdd2323cea3b7368abf8d7accba0697 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 3 Apr 2003 03:30:25 +0000 Subject: The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com): This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files. (This used to be commit 87c7c582c60521da3a93d997386fe79935012aea) --- examples/LDAP/samba.schema | 12 +- source3/Makefile.in | 9 +- source3/include/includes.h | 4 + source3/include/smb_ldap.h | 59 +++ source3/lib/ldap.c | 718 +++++++++++++++++++++++++++++ source3/nsswitch/winbindd_idmap.c | 2 +- source3/nsswitch/winbindd_idmap_ldap.c | 394 ++++++++++++++++ source3/passdb/pdb_ldap.c | 797 ++++----------------------------- 8 files changed, 1282 insertions(+), 713 deletions(-) create mode 100644 source3/include/smb_ldap.h create mode 100644 source3/lib/ldap.c create mode 100644 source3/nsswitch/winbindd_idmap_ldap.c diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index e801e0b847..a4435564ec 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -167,11 +167,11 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY ## ## Used for Winbind experimentation ## -#objectclass ( 1.3.6.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY -# DESC 'Pool for allocating UNIX uids' -# MUST ( uidNumber $ cn ) ) +objectclass ( 1.3.6.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY + DESC 'Pool for allocating UNIX uids' + MUST ( uidNumber $ cn ) ) -#objectclass ( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY -# DESC 'Pool for allocating UNIX gids' -# MUST ( gidNumber $ cn ) ) +objectclass ( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY + DESC 'Pool for allocating UNIX gids' + MUST ( gidNumber $ cn ) ) diff --git a/source3/Makefile.in b/source3/Makefile.in index 8ac2a053fc..9b2cffe86c 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -275,7 +275,7 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ passdb/machine_sid.o passdb/util_sam_sid.o passdb/pdb_compat.o \ - passdb/privileges.o @PDB_STATIC@ + passdb/privileges.o lib/ldap.o @PDB_STATIC@ XML_OBJ = modules/xml.o MYSQL_OBJ = modules/mysql.o @@ -581,6 +581,7 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_group.o \ nsswitch/winbindd_idmap.o \ nsswitch/winbindd_idmap_tdb.o \ + nsswitch/winbindd_idmap_ldap.o \ nsswitch/winbindd_util.o \ nsswitch/winbindd_cache.o \ nsswitch/winbindd_pam.o \ @@ -597,7 +598,8 @@ WINBINDD_OBJ = \ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ $(PROFILE_OBJ) $(UNIGRP_OBJ) $(IDMAP_OBJ) \ - $(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) + $(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ + lib/ldap.o WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o $(POPT_LIB_OBJ) @@ -948,7 +950,8 @@ nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ) bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) + @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) \ + @LDAP_LIBS@ nsswitch/libns_winbind.@SHLIBEXT@: $(WINBIND_NSS_PICOBJS) @echo "Linking $@" diff --git a/source3/include/includes.h b/source3/include/includes.h index de87f82709..bf71ed54cf 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -856,6 +856,10 @@ struct functable { struct printjob; +struct smb_ldap_privates; + +struct smb_ldap_privates; + /***** automatically generated prototypes *****/ #ifndef NO_PROTO_H #include "proto.h" diff --git a/source3/include/smb_ldap.h b/source3/include/smb_ldap.h new file mode 100644 index 0000000000..1a30b853e7 --- /dev/null +++ b/source3/include/smb_ldap.h @@ -0,0 +1,59 @@ +/* + Unix SMB/CIFS implementation. + LDAP protocol helper functions for SAMBA + Copyright (C) Jean FranÃ§ois Micouleau 1998 + Copyright (C) Gerald Carter 2001 + Copyright (C) Shahms King 2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#ifndef SMB_LDAP_H +#define SMB_LDAP_H + +#ifdef HAVE_LDAP + +#include +#include + +struct smb_ldap_privates { + + /* Former statics */ + LDAP *ldap_struct; + LDAPMessage *result; + LDAPMessage *entry; + int index; + + time_t last_ping; + /* retrive-once info */ + const char *uri; + + BOOL permit_non_unix_accounts; + + uint32 low_nua_rid; + uint32 high_nua_rid; + + char *bind_dn; + char *bind_secret; + + struct smb_ldap_privates *next; +}; + +#endif +#endif diff --git a/source3/lib/ldap.c b/source3/lib/ldap.c new file mode 100644 index 0000000000..73ff50e159 --- /dev/null +++ b/source3/lib/ldap.c @@ -0,0 +1,718 @@ +/* + Unix SMB/CIFS implementation. + LDAP protocol helper functions for SAMBA + Copyright (C) Jean FranÃ§ois Micouleau 1998 + Copyright (C) Gerald Carter 2001 + Copyright (C) Shahms King 2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "includes.h" + +#ifdef HAVE_LDAP +/* TODO: +* persistent connections: if using NSS LDAP, many connections are made +* however, using only one within Samba would be nice +* +* Clean up SSL stuff, compile on OpenLDAP 1.x, 2.x, and Netscape SDK +* +* Other LDAP based login attributes: accountExpires, etc. +* (should be the domain of Samba proper, but the sam_password/SAM_ACCOUNT +* structures don't have fields for some of these attributes) +* +* SSL is done, but can't get the certificate based authentication to work +* against on my test platform (Linux 2.4, OpenLDAP 2.x) +*/ + +/* NOTE: this will NOT work against an Active Directory server +* due to the fact that the two password fields cannot be retrieved +* from a server; recommend using security = domain in this situation +* and/or winbind +*/ + +#include "smb_ldap.h" + +/* We need an internal mapping of LDAP * -> smb_ldap_privates so we implement + it in terms of a VK list. It's a little backwards but its quite efficent */ +static struct smb_ldap_privates *head; + +static struct smb_ldap_privates *get_internal(LDAP *ldap_struct) +{ + struct smb_ldap_privates *ret = head; + + while (NULL != ret && ret->ldap_struct != ldap_struct) { + ret = ret->next; + } + + return ret; +} + +#define SMB_LDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */ + +/******************************************************************* + find the ldap password +******************************************************************/ +static BOOL smb_ldap_fetch_pw(char **dn, char** pw) +{ + char *key = NULL; + size_t size; + + *dn = smb_xstrdup(lp_ldap_admin_dn()); + + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { + SAFE_FREE(*dn); + DEBUG(0, ("smb_ldap_fetch_pw: asprintf failed!\n")); + } + + *pw=secrets_fetch(key, &size); + if (!size) { + /* Upgrade 2.2 style entry */ + char *p; + char* old_style_key = strdup(*dn); + char *data; + fstring old_style_pw; + + if (!old_style_key) { + DEBUG(0, ("smb_ldap_fetch_pw: strdup failed!\n")); + return False; + } + + for (p=old_style_key; *p; p++) + if (*p == ',') *p = '/'; + + data=secrets_fetch(old_style_key, &size); + if (!size && size < sizeof(old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + + strncpy(old_style_pw, data, size); + old_style_pw[size] = 0; + + SAFE_FREE(data); + + if (!secrets_store_ldap_pw(*dn, old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + if (!secrets_delete(old_style_key)) { + DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); + } + + SAFE_FREE(old_style_key); + + *pw = smb_xstrdup(old_style_pw); + } + + return True; +} + +/******************************************************************* + open a connection to the ldap server. +******************************************************************/ +int smb_ldap_open_connection (struct smb_ldap_privates *ldap_state, + LDAP ** ldap_struct) +{ + int rc = LDAP_SUCCESS; + int version; + BOOL ldap_v3 = False; + +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) + DEBUG(10, ("smb_ldap_open_connection: %s\n", ldap_state->uri)); + + if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) { + DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); + return rc; + } + +#else + + /* Parse the string manually */ + + { + int port = 0; + fstring protocol; + fstring host; + const char *p = ldap_state->uri; + SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); + + /* skip leading "URL:" (if any) */ + if ( strncasecmp( p, "URL:", 4 ) == 0 ) { + p += 4; + } + + sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port); + + if (port == 0) { + if (strequal(protocol, "ldap")) { + port = LDAP_PORT; + } else if (strequal(protocol, "ldaps")) { + port = LDAPS_PORT; + } else { + DEBUG(0, ("unrecognised protocol (%s)!\n", protocol)); + } + } + + if ((*ldap_struct = ldap_init(host, port)) == NULL) { + DEBUG(0, ("ldap_init failed !\n")); + return LDAP_OPERATIONS_ERROR; + } + + if (strequal(protocol, "ldaps")) { +#ifdef LDAP_OPT_X_TLS + int tls = LDAP_OPT_X_TLS_HARD; + if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) + { + DEBUG(0, ("Failed to setup a TLS session\n")); + } + + DEBUG(3,("LDAPS option set...!\n")); +#else + DEBUG(0,("smb_ldap_open_connection: Secure connection not supported by LDAP client libraries!\n")); + return LDAP_OPERATIONS_ERROR; +#endif + } + } +#endif + + if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) + { + if (version != LDAP_VERSION3) + { + version = LDAP_VERSION3; + if (ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { + ldap_v3 = True; + } + } else { + ldap_v3 = True; + } + } + + if (lp_ldap_ssl() == LDAP_SSL_START_TLS) { +#ifdef LDAP_OPT_X_TLS + if (ldap_v3) { + if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS) + { + DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", + ldap_err2string(rc))); + return rc; + } + DEBUG (3, ("StartTLS issued: using a TLS connection\n")); + } else { + + DEBUG(0, ("Need LDAPv3 for Start TLS\n")); + return LDAP_OPERATIONS_ERROR; + } +#else + DEBUG(0,("smb_ldap_open_connection: StartTLS not supported by LDAP client libraries!\n")); + return LDAP_OPERATIONS_ERROR; +#endif + } + + DEBUG(2, ("smb_ldap_open_connection: connection opened\n")); + return rc; +} + + +/******************************************************************* + a rebind function for authenticated referrals + This version takes a void* that we can shove useful stuff in :-) +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else +static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, + int *methodp, int freeit, void *arg) +{ + struct smb_ldap_privates *ldap_state = arg; + + /** @TODO Should we be doing something to check what servers we rebind to? + Could we get a referral to a machine that we don't want to give our + username and password to? */ + + if (freeit) { + SAFE_FREE(*whop); + memset(*credp, '\0', strlen(*credp)); + SAFE_FREE(*credp); + } else { + DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", + ldap_state->bind_dn)); + + *whop = strdup(ldap_state->bind_dn); + if (!*whop) { + return LDAP_NO_MEMORY; + } + *credp = strdup(ldap_state->bind_secret); + if (!*credp) { + SAFE_FREE(*whop); + return LDAP_NO_MEMORY; + } + *methodp = LDAP_AUTH_SIMPLE; + } + return 0; +} +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + a rebind function for authenticated referrals + This version takes a void* that we can shove useful stuff in :-) + and actually does the connection. +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +static int rebindproc_connect_with_state (LDAP *ldap_struct, + LDAP_CONST char *url, + ber_tag_t request, + ber_int_t msgid, void *arg) +{ + struct smb_ldap_privates *ldap_state = arg; + int rc; + DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n", + ldap_state->bind_dn)); + + /** @TODO Should we be doing something to check what servers we rebind to? + Could we get a referral to a machine that we don't want to give our + username and password to? */ + + rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); + + return rc; +} +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + Add a rebind function for authenticated referrals +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else +# if LDAP_SET_REBIND_PROC_ARGS == 2 +static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, + int *method, int freeit ) +{ + return rebindproc_with_state(ldap_struct, whop, credp, + method, freeit, get_internal(ldap_struct)); + +} +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + a rebind function for authenticated referrals + this also does the connection, but no void*. +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +# if LDAP_SET_REBIND_PROC_ARGS == 2 +static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, + ber_int_t msgid) +{ + return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid, + get_internal(ld)); +} +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + connect to the ldap server under system privilege. +******************************************************************/ +int smb_ldap_connect_system(struct smb_ldap_privates *ldap_state, + LDAP * ldap_struct) +{ + int rc; + char *ldap_dn; + char *ldap_secret; + + if (NULL == get_internal(ldap_struct)) { + ldap_state->next = head; + } + + /* get the password */ + if (!smb_ldap_fetch_pw(&ldap_dn, &ldap_secret)) + { + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); + return LDAP_INVALID_CREDENTIALS; + } + + ldap_state->bind_dn = ldap_dn; + ldap_state->bind_secret = ldap_secret; + + /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite + (OpenLDAP) doesnt' seem to support it */ + + DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", + ldap_state->uri, ldap_dn)); + +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +# if LDAP_SET_REBIND_PROC_ARGS == 2 + ldap_set_rebind_proc(ldap_struct, &rebindproc_connect); +# endif +# if LDAP_SET_REBIND_PROC_ARGS == 3 + ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state); +# endif +#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ +# if LDAP_SET_REBIND_PROC_ARGS == 2 + ldap_set_rebind_proc(ldap_struct, &rebindproc); +# endif +# if LDAP_SET_REBIND_PROC_ARGS == 3 + ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state); +# endif +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + + rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + + if (rc != LDAP_SUCCESS) { + char *ld_error; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, + &ld_error); + DEBUG(0, + ("failed to bind to server with dn= %s Error: %s\n\t%s\n", + ldap_dn, ldap_err2string(rc), + ld_error)); + free(ld_error); + return rc; + } + + DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n")); + return rc; +} + +/********************************************************************** +Connect to LDAP server +*********************************************************************/ +int smb_ldap_open(struct smb_ldap_privates *ldap_state) +{ + int rc; + SMB_ASSERT(ldap_state); + +#ifndef NO_LDAP_SECURITY + if (geteuid() != 0) { + DEBUG(0, ("smb_ldap_open: cannot access LDAP when not root..\n")); + return LDAP_INSUFFICIENT_ACCESS; + } +#endif + + if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMB_LDAP_DONT_PING_TIME) < time(NULL))) { + struct sockaddr_un addr; + socklen_t len; + int sd; + if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 && + getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { + /* the other end has died. reopen. */ + ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_state->ldap_struct = NULL; + ldap_state->last_ping = (time_t)0; + } else { + ldap_state->last_ping = time(NULL); + } + } + + if (ldap_state->ldap_struct != NULL) { + DEBUG(5,("smb_ldap_open: allready connected to the LDAP server\n")); + return LDAP_SUCCESS; + } + + if ((rc = smb_ldap_open_connection(ldap_state, &ldap_state->ldap_struct))) { + return rc; + } + + if ((rc = smb_ldap_connect_system(ldap_state, ldap_state->ldap_struct))) { + ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_state->ldap_struct = NULL; + return rc; + } + + + ldap_state->last_ping = time(NULL); + DEBUG(4,("The LDAP server is succesful connected\n")); + + return LDAP_SUCCESS; +} + +/********************************************************************** +Disconnect from LDAP server +*********************************************************************/ +NTSTATUS smb_ldap_close(struct smb_ldap_privates *ldap_state) +{ + if (!ldap_state) + return NT_STATUS_INVALID_PARAMETER; + + if (ldap_state->ldap_struct != NULL) { + ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_state->ldap_struct = NULL; + } + + DEBUG(5,("The connection to the LDAP server was closed\n")); + /* maybe free the results here --metze */ + + return NT_STATUS_OK; +} + +static int smb_ldap_retry_open(struct smb_ldap_privates *ldap_state, int *attempts) +{ + int rc; + + SMB_ASSERT(ldap_state && attempts); + + if (*attempts != 0) { + /* we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds */ + msleep((((*attempts)*(*attempts))/2)*1000); + } + (*attempts)++; + + if ((rc = smb_ldap_open(ldap_state))) { + DEBUG(0,("Connection to LDAP Server failed for the %d try!\n",*attempts)); + return rc; + } + + return LDAP_SUCCESS; +} + + +int smb_ldap_search(struct smb_ldap_privates *ldap_state, + const char *base, int scope, const char *filter, + const char *attrs[], int attrsonly, + LDAPMessage **res) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + + SMB_ASSERT(ldap_state); + + while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { + + if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_search_s(ldap_state->ldap_struct, base, scope, + filter, attrs, attrsonly, res); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smb_ldap_close(ldap_state); + } + + return rc; +} + +int smb_ldap_modify(struct smb_ldap_privates *ldap_state, char *dn, + LDAPMod *attrs[]) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + + if (!ldap_state) + return (-1); + + while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { + + if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_modify_s(ldap_state->ldap_struct, dn, attrs); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smb_ldap_close(ldap_state); + } + + return rc; +} + +int smb_ldap_add(struct smb_ldap_privates *ldap_state, const char *dn, + LDAPMod *attrs[]) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + + if (!ldap_state) + return (-1); + + while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { + + if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_add_s(ldap_state->ldap_struct, dn, attrs); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smb_ldap_close(ldap_state); + } + + return rc; +} + +int smb_ldap_delete(struct smb_ldap_privates *ldap_state, char *dn) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + + if (!ldap_state) + return (-1); + + while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { + + if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_delete_s(ldap_state->ldap_struct, dn); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smb_ldap_close(ldap_state); + } + + return rc; +} + +int smb_ldap_extended_operation(struct smb_ldap_privates *ldap_state, + LDAP_CONST char *reqoid, + struct berval *reqdata, + LDAPControl **serverctrls, + LDAPControl **clientctrls, char **retoidp, + struct berval **retdatap) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + + if (!ldap_state) + return (-1); + + while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { + + if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smb_ldap_close(ldap_state); + } + + return rc; +} + +/******************************************************************* +search an attribute and return the first value found. +******************************************************************/ +BOOL smb_ldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, + const char *attribute, pstring value) +{ + char **values; + + if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) { + value = NULL; + DEBUG (10, ("smb_ldap_get_single_attribute: [%s] = []\n", attribute)); + + return False; + } + + pstrcpy(value, values[0]); + ldap_value_free(values); +#ifdef DEBUG_PASSWORDS + DEBUG (100, ("smb_ldap_get_single_attribute: [%s] = [%s]\n", attribute, value)); +#endif + return True; +} + + +/************************************************************************ +Routine to manage the LDAPMod structure array +manage memory used by the array, by each struct, and values + +************************************************************************/ +void smb_ldap_make_a_mod (LDAPMod *** modlist, int modop, + const char *attribute, const char *value) +{ + LDAPMod **mods; + int i; + int j; + + mods = *modlist; + + if (attribute == NULL || *attribute == '\0') + return; + + if (value == NULL || *value == '\0') + return; + + if (mods == NULL) + { + mods = (LDAPMod **) malloc(sizeof(LDAPMod *)); + if (mods == NULL) + { + DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n")); + return; + } + mods[0] = NULL; + } + + for (i = 0; mods[i] != NULL; ++i) { + if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute)) + break; + } + + if (mods[i] == NULL) + { + mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *)); + if (mods == NULL) + { + DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n")); + return; + } + mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod)); + if (mods[i] == NULL) + { + DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n")); + return; + } + mods[i]->mod_op = modop; + mods[i]->mod_values = NULL; + mods[i]->mod_type = strdup(attribute); + mods[i + 1] = NULL; + } + + if (value != NULL) + { + j = 0; + if (mods[i]->mod_values != NULL) { + for (; mods[i]->mod_values[j] != NULL; j++); + } + mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values, + (j + 2) * sizeof (char *)); + + if (mods[i]->mod_values == NULL) { + DEBUG (0, ("smb_ldap_make_a_mod: Memory allocation failure!\n")); + return; + } + mods[i]->mod_values[j] = strdup(value); + mods[i]->mod_values[j + 1] = NULL; + } + *modlist = mods; +} + +#endif diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index 4b4d9eb8d2..23f4b4d081 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -28,7 +28,7 @@ static struct { struct winbindd_idmap_methods *methods; } builtin_winbindd_idmap_functions[] = { { "tdb", winbind_idmap_reg_tdb, NULL }, - /* { "ldap", winbind_idmap_reg_ldap, NULL },*/ + { "ldap", winbind_idmap_reg_ldap, NULL }, { NULL, NULL, NULL } }; diff --git a/source3/nsswitch/winbindd_idmap_ldap.c b/source3/nsswitch/winbindd_idmap_ldap.c new file mode 100644 index 0000000000..b0b260e34d --- /dev/null +++ b/source3/nsswitch/winbindd_idmap_ldap.c @@ -0,0 +1,394 @@ +/* + Unix SMB/CIFS implementation. + + Winbind daemon - user related function + + Copyright (C) Jim McDonough 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "winbindd.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +#ifdef HAVE_LDAP + +#include +#include + +#include "smb_ldap.h" + +/* Globals */ +static struct smb_ldap_privates *ldap_state; + +static const char *attr[] = { "uid", "rid", "domain", "uidNumber", + "gidNumber", NULL }; + +static const char *pool_attr[] = {"uidNumber", "gidNumber", "cn", NULL}; + +static const char *group_attr[] = {"gidNumber", "ntSid", NULL}; + +static long ldap_allocate_id(BOOL is_user) +{ + int rc, count; + LDAPMessage *result; + int scope = LDAP_SCOPE_SUBTREE; + long ret = 0; + int sanity = 0; + + do { + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, is_user?"cn=UID Pool":"cn=GID Pool", pool_attr, 0, &result); + + if (LDAP_SUCCESS != rc) { + DEBUG(0,("ldap_allocate_id: No ID pool found in directory\n")); + return 0; + } + + count = ldap_count_entries(ldap_state->ldap_struct, result); + + if (1 < count) { + DEBUG(0,("ldap_allocate_id: Multiple UID pools found in directory?\n")); + break; + } else if (1 == count) { + LDAPMessage *entry = + ldap_first_entry(ldap_state->ldap_struct, + result); + LDAPMod **mods = NULL; + pstring temp; + + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, is_user?"uidNumber":"gidNumber", temp)) { + return False; + } + ret = atol(temp); + smb_ldap_make_a_mod(&mods, LDAP_MOD_DELETE, + is_user?"uidNumber":"gidNumber", + temp); + slprintf(temp, sizeof(temp) - 1, "%i", ret + 1); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, is_user?"uidNumber":"gidNumber", temp); + slprintf(temp, sizeof(temp) - 1, "cn=%cID Pool,%s", is_user?'U':'G', lp_ldap_user_suffix()); + rc = smb_ldap_modify(ldap_state, temp, mods); + ldap_mods_free(mods, 1); + } else { + DEBUG(0,("ldap_allocate_id: unexpected number of entries returned\n")); + break; + } + } while (LDAP_NO_SUCH_ATTRIBUTE == rc && ++sanity < 100); + + return ret; +} + +/***************************************************************************** + Initialise idmap database. +*****************************************************************************/ +static BOOL ldap_idmap_init(void) +{ + static struct smb_ldap_privates state; + ldap_state = &state; + +#ifdef WITH_LDAP_SAMCONFIG + { + int ldap_port = lp_ldap_port(); + + /* remap default port if not using SSL */ + if (lp_ldap_ssl() != LDAP_SSL_ON && ldap_port == 636) { + ldap_port = 389; + } + + ldap_state->uri = asprintf("%s://%s:d", + lp_ldap_ssl() == LDAP_SSL_ON ? "ldaps" : "ldap", + lp_ldap_server(), ldap_port); + if (!ldap_state->uri) { + DEBUG(0,("Out of memory\n")); + return False; + } + } +#else + ldap_state->uri = "ldap://localhost"; +#endif + return True; +} + +static BOOL ldap_get_sid_from_uid(uid_t uid, DOM_SID * sid) +{ + pstring filter; + int scope = LDAP_SCOPE_SUBTREE; + int rc, count; + LDAPMessage *result; + + slprintf(filter, sizeof(filter) - 1, "uidNumber=%i", uid); + + DEBUG(2, ("ldap_get_sid_from_uid: searching for:[%s]\n", filter)); + + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); + if (LDAP_SUCCESS != rc) { + DEBUG(0,("ldap_get_sid_from_uid: user search failed\n")); + return False; + } + + count = ldap_count_entries(ldap_state->ldap_struct, result); + if (1 < count) { + DEBUG(0,("More than one user exists where: %s\n", filter)); + ldap_msgfree(result); + return False; + } else if (1 == count) { + /* we found the user, get the users RID */ + LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, + result); + pstring temp, domain; + uint32 rid; + struct winbindd_domain *wb_dom; + + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "domain", domain)) { + return False; + } + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp)) { + return False; + } + rid = (uint32)atol(temp); + wb_dom = find_domain_from_name(domain); + + if (!wb_dom) { + DEBUG(0,("ldap_get_sid_from_uid: could not find domain %s\n", domain)); + return False; + } + + sid_copy(sid, &wb_dom->sid); + sid_append_rid(sid, rid); + } else { + /* 0 entries? that ain't right */ + DEBUG(0,("ldap_get_sid_from_uid: not user entry found for %s\n", filter)); + } + + return True; +} + +static BOOL ldap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) +{ + pstring filter; + int scope = LDAP_SCOPE_SUBTREE; + int rc, count; + LDAPMessage *result; + uint32 rid = 0; + struct winbindd_domain *wb_dom; + DOM_SID dom_sid; + + sid_copy(&dom_sid, sid); + + if (!sid_split_rid(&dom_sid, &rid)) { + DEBUG(0,("ldap_get_uid_from_sid: sid does not contain an rid\n")); + return False; + } + + if (!(wb_dom = find_domain_from_sid(&dom_sid))) { + DEBUG(0,("ldap_get_uid_from_sid: cannot lookup domain from sid\n")); + return False; + } + + slprintf(filter, sizeof(filter) - 1, "rid=%d,domain=%s,objectClass=sambaAccount", rid, wb_dom->name); + + DEBUG(2, ("ldap_get_uid_from_sid: searching for:[%s]\n", filter)); + + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); + if (LDAP_NO_SUCH_OBJECT == rc) { + LDAPMod **mods = NULL; + pstring temp; + fstring dom, name; + int sid_type; + + winbindd_lookup_name_by_sid(sid, dom, name, + (enum SID_USE_TYPE *)&sid_type); + slprintf(temp, sizeof(temp) - 1, "%i", rid); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "rid", temp); + + *uid = ldap_allocate_id(True); + slprintf(temp, sizeof(temp) - 1, "%i", *uid); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "uidNumber", temp); + + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "uid", name); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "sambaAccount"); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "account"); + slprintf(temp, sizeof(temp) - 1, "uid=%s,%s", name, lp_ldap_user_suffix()); + rc = smb_ldap_modify(ldap_state, temp, mods); + + ldap_mods_free(mods, 1); + if (LDAP_SUCCESS != rc) { + return False; + } + } else if (LDAP_SUCCESS == rc) { + count = ldap_count_entries(ldap_state->ldap_struct, result); + if (1 < count) { + DEBUG(0,("More than one user exists where: %s\n", filter)); + ldap_msgfree(result); + return False; + } else if (1 == count) { + /* we found the user, get the idNumber */ + LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, result); + pstring temp; + + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) { + return False; + } + *uid = atol(temp); + } else { + DEBUG(0,("ldap_get_uid_from_sid: zero entries returned?\n")); + return False; + } + } else { + DEBUG(0,("ldap_get_uid_from_sid: unknown error querying user info\n")); + return False; + } + + return True; +} + +static BOOL ldap_get_sid_from_gid(gid_t gid, DOM_SID * sid) +{ + pstring filter; + int scope = LDAP_SCOPE_SUBTREE; + int rc, count; + LDAPMessage *result; + + slprintf(filter, sizeof(filter) - 1, "gidNumber=%i,objectClass=sambaGroupMapping", gid); + + DEBUG(2, ("ldap_get_sid_from_gid: searching for:[%s]\n", filter)); + + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); + if (LDAP_SUCCESS != rc) { + DEBUG(0,("ldap_get_sid_from_gid: user search failed\n")); + return False; + } + + count = ldap_count_entries(ldap_state->ldap_struct, result); + if (1 < count) { + DEBUG(0,("More than one group exists where: %s\n", filter)); + ldap_msgfree(result); + return False; + } else if (1 == count) { + LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, + result); + pstring str_sid; + + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", str_sid)) { + return False; + } + + string_to_sid(sid, str_sid); + } else { + /* 0 entries? that ain't right */ + DEBUG(0,("ldap_get_sid_from_gid: not group entry found for %s\n", filter)); + } + + return True; +} + +static BOOL ldap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) +{ + pstring filter; + int scope = LDAP_SCOPE_SUBTREE; + int rc, count; + LDAPMessage *result; + fstring str_sid; + + sid_to_string(str_sid, sid); + + slprintf(filter, sizeof(filter) - 1, "ntSid=%d,objectClass=sambaGroupMapping", str_sid); + + DEBUG(2, ("ldap_get_gid_from_sid: searching for:[%s]\n", filter)); + + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); + if (LDAP_NO_SUCH_OBJECT == rc) { + LDAPMod **mods = NULL; + pstring temp; + + *gid = ldap_allocate_id(False); + slprintf(temp, sizeof(temp) - 1, "%i", *gid); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "gidNumber", temp); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "sambaGroupMapping"); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "account"); + slprintf(temp, sizeof(temp) - 1, "gidNumber=%i,%s", *gid, lp_ldap_user_suffix()); + rc = smb_ldap_modify(ldap_state, temp, mods); + + ldap_mods_free(mods, 1); + if (LDAP_SUCCESS != rc) { + return False; + } + } else if (LDAP_SUCCESS == rc) { + count = ldap_count_entries(ldap_state->ldap_struct, result); + if (1 < count) { + DEBUG(0,("More than one group exists where: %s\n", filter)); + ldap_msgfree(result); + return False; + } else if (1 == count) { + LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, result); + pstring temp; + + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) { + return False; + } + *gid = atol(temp); + } else { + DEBUG(0,("ldap_get_gid_from_sid: zero entries returned?\n")); + return False; + } + } else { + DEBUG(0,("ldap_get_gid_from_sid: unknown error querying user info\n")); + return False; + } + + return True; +} + +static BOOL ldap_idmap_close(void) +{ + smb_ldap_close(ldap_state); + ldap_state = 0; + return True; +} + +static void ldap_idmap_status(void) +{ + DEBUG(0, ("winbindd idmap status:\n")); + DEBUG(0, ("Using LDAP\n")); +} + +struct winbind_idmap_methods ldap_idmap_methods = { + ldap_idmap_init, + + ldap_get_sid_from_uid, + ldap_get_sid_from_gid, + + ldap_get_uid_from_sid, + ldap_get_gid_from_sid, + + ldap_idmap_close, + + ldap_idmap_status +}; + +#endif + +BOOL winbind_idmap_reg_ldap(struct winbind_idmap_methods **meth) +{ +#ifdef HAVE_LDAP + *meth = &ldap_idmap_methods; + + return True; +#else + DEBUG(0,("winbind_idmap_reg_ldap: LDAP support not compiled\n")); + return False; +#endif +} diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 264de8d0f0..eaef7f37a7 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -6,6 +6,7 @@ Copyright (C) Shahms King 2001 Copyright (C) Andrew Bartlett 2002 Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -51,36 +52,13 @@ #include #include +#include "smb_ldap.h" + #ifndef SAM_ACCOUNT #define SAM_ACCOUNT struct sam_passwd #endif -struct ldapsam_privates { - - /* Former statics */ - LDAP *ldap_struct; - LDAPMessage *result; - LDAPMessage *entry; - int index; - - time_t last_ping; - /* retrive-once info */ - const char *uri; - - BOOL permit_non_unix_accounts; - - uint32 low_nua_rid; - uint32 high_nua_rid; - - char *bind_dn; - char *bind_secret; -}; - -#define LDAPSAM_DONT_PING_TIME 10 /* ping only all 10 seconds */ - -static struct ldapsam_privates *static_ldap_state; - -static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state); +static uint32 ldapsam_get_next_available_nua_rid(struct smb_ldap_privates *ldap_state); /******************************************************************* find the ldap password @@ -157,496 +135,17 @@ static const char *attr[] = {"uid", "pwdLastSet", "logonTime", "uidNumber", "gidNumber", "homeDirectory", NULL }; -/******************************************************************* - open a connection to the ldap server. -******************************************************************/ -static int ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP ** ldap_struct) -{ - int rc = LDAP_SUCCESS; - int version; - BOOL ldap_v3 = False; - -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) - DEBUG(10, ("ldapsam_open_connection: %s\n", ldap_state->uri)); - - if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) { - DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); - return rc; - } - -#else - - /* Parse the string manually */ - - { - int port = 0; - fstring protocol; - fstring host; - const char *p = ldap_state->uri; - SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); - - /* skip leading "URL:" (if any) */ - if ( strncasecmp( p, "URL:", 4 ) == 0 ) { - p += 4; - } - - sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port); - - if (port == 0) { - if (strequal(protocol, "ldap")) { - port = LDAP_PORT; - } else if (strequal(protocol, "ldaps")) { - port = LDAPS_PORT; - } else { - DEBUG(0, ("unrecognised protocol (%s)!\n", protocol)); - } - } - - if ((*ldap_struct = ldap_init(host, port)) == NULL) { - DEBUG(0, ("ldap_init failed !\n")); - return LDAP_OPERATIONS_ERROR; - } - - if (strequal(protocol, "ldaps")) { -#ifdef LDAP_OPT_X_TLS - int tls = LDAP_OPT_X_TLS_HARD; - if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) - { - DEBUG(0, ("Failed to setup a TLS session\n")); - } - - DEBUG(3,("LDAPS option set...!\n")); -#else - DEBUG(0,("ldapsam_open_connection: Secure connection not supported by LDAP client libraries!\n")); - return LDAP_OPERATIONS_ERROR; -#endif - } - } -#endif - - if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) - { - if (version != LDAP_VERSION3) - { - version = LDAP_VERSION3; - if (ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { - ldap_v3 = True; - } - } else { - ldap_v3 = True; - } - } - - if (lp_ldap_ssl() == LDAP_SSL_START_TLS) { -#ifdef LDAP_OPT_X_TLS - if (ldap_v3) { - if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS) - { - DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", - ldap_err2string(rc))); - return rc; - } - DEBUG (3, ("StartTLS issued: using a TLS connection\n")); - } else { - - DEBUG(0, ("Need LDAPv3 for Start TLS\n")); - return LDAP_OPERATIONS_ERROR; - } -#else - DEBUG(0,("ldapsam_open_connection: StartTLS not supported by LDAP client libraries!\n")); - return LDAP_OPERATIONS_ERROR; -#endif - } - - DEBUG(2, ("ldapsam_open_connection: connection opened\n")); - return rc; -} - - -/******************************************************************* - a rebind function for authenticated referrals - This version takes a void* that we can shove useful stuff in :-) -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -#else -static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, - int *methodp, int freeit, void *arg) -{ - struct ldapsam_privates *ldap_state = arg; - - /** @TODO Should we be doing something to check what servers we rebind to? - Could we get a referral to a machine that we don't want to give our - username and password to? */ - - if (freeit) { - SAFE_FREE(*whop); - memset(*credp, '\0', strlen(*credp)); - SAFE_FREE(*credp); - } else { - DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", - ldap_state->bind_dn)); - - *whop = strdup(ldap_state->bind_dn); - if (!*whop) { - return LDAP_NO_MEMORY; - } - *credp = strdup(ldap_state->bind_secret); - if (!*credp) { - SAFE_FREE(*whop); - return LDAP_NO_MEMORY; - } - *methodp = LDAP_AUTH_SIMPLE; - } - return 0; -} -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - a rebind function for authenticated referrals - This version takes a void* that we can shove useful stuff in :-) - and actually does the connection. -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -static int rebindproc_connect_with_state (LDAP *ldap_struct, - LDAP_CONST char *url, - ber_tag_t request, - ber_int_t msgid, void *arg) -{ - struct ldapsam_privates *ldap_state = arg; - int rc; - DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n", - ldap_state->bind_dn)); - - /** @TODO Should we be doing something to check what servers we rebind to? - Could we get a referral to a machine that we don't want to give our - username and password to? */ - - rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); - - return rc; -} -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - Add a rebind function for authenticated referrals -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -#else -# if LDAP_SET_REBIND_PROC_ARGS == 2 -static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, - int *method, int freeit ) -{ - return rebindproc_with_state(ldap_struct, whop, credp, - method, freeit, static_ldap_state); - -} -# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - a rebind function for authenticated referrals - this also does the connection, but no void*. -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -# if LDAP_SET_REBIND_PROC_ARGS == 2 -static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, - ber_int_t msgid) -{ - return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid, - static_ldap_state); -} -# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - connect to the ldap server under system privilege. -******************************************************************/ -static int ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ldap_struct) -{ - int rc; - char *ldap_dn; - char *ldap_secret; - - /* The rebind proc needs this *HACK*. We are not multithreaded, so - this will work, but it's not nice. */ - static_ldap_state = ldap_state; - - /* get the password */ - if (!fetch_ldapsam_pw(&ldap_dn, &ldap_secret)) - { - DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); - return LDAP_INVALID_CREDENTIALS; - } - - ldap_state->bind_dn = ldap_dn; - ldap_state->bind_secret = ldap_secret; - - /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite - (OpenLDAP) doesnt' seem to support it */ - - DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", - ldap_state->uri, ldap_dn)); - -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -# if LDAP_SET_REBIND_PROC_ARGS == 2 - ldap_set_rebind_proc(ldap_struct, &rebindproc_connect); -# endif -# if LDAP_SET_REBIND_PROC_ARGS == 3 - ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state); -# endif -#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ -# if LDAP_SET_REBIND_PROC_ARGS == 2 - ldap_set_rebind_proc(ldap_struct, &rebindproc); -# endif -# if LDAP_SET_REBIND_PROC_ARGS == 3 - ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state); -# endif -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - - rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, - &ld_error); - DEBUG(0, - ("failed to bind to server with dn= %s Error: %s\n\t%s\n", - ldap_dn ? ld_error : "(unknown)", ldap_err2string(rc), - ld_error)); - SAFE_FREE(ld_error); - return rc; - } - - DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n")); - return rc; -} - -/********************************************************************** -Connect to LDAP server -*********************************************************************/ -static int ldapsam_open(struct ldapsam_privates *ldap_state) -{ - int rc; - SMB_ASSERT(ldap_state); - -#ifndef NO_LDAP_SECURITY - if (geteuid() != 0) { - DEBUG(0, ("ldapsam_open: cannot access LDAP when not root..\n")); - return LDAP_INSUFFICIENT_ACCESS; - } -#endif - - if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + LDAPSAM_DONT_PING_TIME) < time(NULL))) { - struct sockaddr_un addr; - socklen_t len; - int sd; - if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 && - getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { - /* the other end has died. reopen. */ - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); - ldap_state->ldap_struct = NULL; - ldap_state->last_ping = (time_t)0; - } else { - ldap_state->last_ping = time(NULL); - } - } - - if (ldap_state->ldap_struct != NULL) { - DEBUG(5,("ldapsam_open: allready connected to the LDAP server\n")); - return LDAP_SUCCESS; - } - - if ((rc = ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct))) { - return rc; - } - - if ((rc = ldapsam_connect_system(ldap_state, ldap_state->ldap_struct))) { - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); - ldap_state->ldap_struct = NULL; - return rc; - } - - - ldap_state->last_ping = time(NULL); - DEBUG(4,("The LDAP server is succesful connected\n")); - - return LDAP_SUCCESS; -} - -/********************************************************************** -Disconnect from LDAP server -*********************************************************************/ -static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state) -{ - if (!ldap_state) - return NT_STATUS_INVALID_PARAMETER; - - if (ldap_state->ldap_struct != NULL) { - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); - ldap_state->ldap_struct = NULL; - } - - DEBUG(5,("The connection to the LDAP server was closed\n")); - /* maybe free the results here --metze */ - - return NT_STATUS_OK; -} - -static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts) -{ - int rc; - - SMB_ASSERT(ldap_state && attempts); - - if (*attempts != 0) { - /* we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds */ - msleep((((*attempts)*(*attempts))/2)*1000); - } - (*attempts)++; - - if ((rc = ldapsam_open(ldap_state))) { - DEBUG(0,("Connection to LDAP Server failed for the %d try!\n",*attempts)); - return rc; - } - - return LDAP_SUCCESS; -} - - -static int ldapsam_search(struct ldapsam_privates *ldap_state, - const char *base, int scope, const char *filter, - const char *attrs[], int attrsonly, - LDAPMessage **res) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - SMB_ASSERT(ldap_state); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_search_s(ldap_state->ldap_struct, base, scope, - filter, attrs, attrsonly, res); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - ldapsam_close(ldap_state); - } - - return rc; -} - -static int ldapsam_modify(struct ldapsam_privates *ldap_state, char *dn, LDAPMod *attrs[]) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_modify_s(ldap_state->ldap_struct, dn, attrs); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - ldapsam_close(ldap_state); - } - - return rc; -} - -static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAPMod *attrs[]) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_add_s(ldap_state->ldap_struct, dn, attrs); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - ldapsam_close(ldap_state); - } - - return rc; -} - -static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_delete_s(ldap_state->ldap_struct, dn); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - ldapsam_close(ldap_state); - } - - return rc; -} - -static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - ldapsam_close(ldap_state); - } - - return rc; -} - /******************************************************************* run the search by name. ******************************************************************/ -static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, const char *filter, LDAPMessage ** result) +static int ldapsam_search_one_user (struct smb_ldap_privates *ldap_state, const char *filter, LDAPMessage ** result) { int scope = LDAP_SCOPE_SUBTREE; int rc; DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter)); - rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope, filter, attr, 0, result); + rc = smb_ldap_search(ldap_state, lp_ldap_suffix (), scope, filter, attr, 0, result); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; @@ -665,7 +164,7 @@ static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, const c /******************************************************************* run the search by name. ******************************************************************/ -static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, const char *user, +static int ldapsam_search_one_user_by_name (struct smb_ldap_privates *ldap_state, const char *user, LDAPMessage ** result) { pstring filter; @@ -696,7 +195,7 @@ static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, /******************************************************************* run the search by uid. ******************************************************************/ -static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state, +static int ldapsam_search_one_user_by_uid(struct smb_ldap_privates *ldap_state, int uid, LDAPMessage ** result) { @@ -730,7 +229,7 @@ static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state, /******************************************************************* run the search by rid. ******************************************************************/ -static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, +static int ldapsam_search_one_user_by_rid (struct smb_ldap_privates *ldap_state, uint32 rid, LDAPMessage ** result) { @@ -750,111 +249,11 @@ static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, return rc; } -/******************************************************************* -search an attribute and return the first value found. -******************************************************************/ -static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, - const char *attribute, pstring value) -{ - char **values; - - if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) { - value = NULL; - DEBUG (10, ("get_single_attribute: [%s] = []\n", attribute)); - - return False; - } - - pstrcpy(value, values[0]); - ldap_value_free(values); -#ifdef DEBUG_PASSWORDS - DEBUG (100, ("get_single_attribute: [%s] = [%s]\n", attribute, value)); -#endif - return True; -} - -/************************************************************************ -Routine to manage the LDAPMod structure array -manage memory used by the array, by each struct, and values - -************************************************************************/ -static void make_a_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) -{ - LDAPMod **mods; - int i; - int j; - - mods = *modlist; - - if (attribute == NULL || *attribute == '\0') - return; - -#if 0 - /* Why do we need this??? -- vl */ - if (value == NULL || *value == '\0') - return; -#endif - - if (mods == NULL) - { - mods = (LDAPMod **) malloc(sizeof(LDAPMod *)); - if (mods == NULL) - { - DEBUG(0, ("make_a_mod: out of memory!\n")); - return; - } - mods[0] = NULL; - } - - for (i = 0; mods[i] != NULL; ++i) { - if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute)) - break; - } - - if (mods[i] == NULL) - { - mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *)); - if (mods == NULL) - { - DEBUG(0, ("make_a_mod: out of memory!\n")); - return; - } - mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod)); - if (mods[i] == NULL) - { - DEBUG(0, ("make_a_mod: out of memory!\n")); - return; - } - mods[i]->mod_op = modop; - mods[i]->mod_values = NULL; - mods[i]->mod_type = strdup(attribute); - mods[i + 1] = NULL; - } - - if (value != NULL) - { - j = 0; - if (mods[i]->mod_values != NULL) { - for (; mods[i]->mod_values[j] != NULL; j++); - } - mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values, - (j + 2) * sizeof (char *)); - - if (mods[i]->mod_values == NULL) { - DEBUG (0, ("make_a_mod: Memory allocation failure!\n")); - return; - } - mods[i]->mod_values[j] = strdup(value); - mods[i]->mod_values[j + 1] = NULL; - } - *modlist = mods; -} - /******************************************************************* Delete complete object or objectclass and attrs from object found in search_result depending on lp_ldap_delete_dn ******************************************************************/ -static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, +static NTSTATUS ldapsam_delete_entry(struct smb_ldap_privates *ldap_state, LDAPMessage *result, const char *objectclass, const char **attrs) @@ -877,7 +276,7 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, if (lp_ldap_delete_dn()) { NTSTATUS ret = NT_STATUS_OK; - rc = ldapsam_delete(ldap_state, dn); + rc = smb_ldap_delete(ldap_state, dn); if (rc != LDAP_SUCCESS) { DEBUG(0, ("Could not delete object %s\n", dn)); @@ -901,7 +300,7 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, for (attrib = attrs; *attrib != NULL; attrib++) { if (StrCaseCmp(*attrib, name) == 0) { DEBUG(10, ("deleting attribute %s\n", name)); - make_a_mod(&mods, LDAP_MOD_DELETE, name, NULL); + smb_ldap_make_a_mod(&mods, LDAP_MOD_DELETE, name, NULL); } } @@ -912,9 +311,9 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, ber_free(ptr, 0); } - make_a_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass); + smb_ldap_make_a_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass); - rc = ldapsam_modify(ldap_state, dn, mods); + rc = smb_ldap_modify(ldap_state, dn, mods); ldap_mods_free(mods, 1); if (rc != LDAP_SUCCESS) { @@ -938,7 +337,7 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, /********************************************************************** Initialize SAM_ACCOUNT from an LDAP query (unix attributes only) *********************************************************************/ -static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, +static BOOL get_unix_attributes (struct smb_ldap_privates *ldap_state, SAM_ACCOUNT * sampass, LDAPMessage * entry) { @@ -967,15 +366,15 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, } ldap_value_free(ldap_values); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir)) + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir)) return False; - if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) return False; uid = (uid_t)atol(temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) return False; gid = (gid_t)atol(temp); @@ -993,7 +392,7 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, Initialize SAM_ACCOUNT from an LDAP query (Based on init_sam_from_buffer in pdb_tdb.c) *********************************************************************/ -static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, +static BOOL init_sam_from_ldap (struct smb_ldap_privates *ldap_state, SAM_ACCOUNT * sampass, LDAPMessage * entry) { @@ -1054,7 +453,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, return False; } - get_single_attribute(ldap_state->ldap_struct, entry, "uid", username); + smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "uid", username); DEBUG(2, ("Entry found for user: %s\n", username)); pstrcpy(nt_username, username); @@ -1066,12 +465,12 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_domain(sampass, domain, PDB_DEFAULT); pdb_set_nt_username(sampass, nt_username, PDB_SET); - get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp); + smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp); user_rid = (uint32)atol(temp); pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) { group_rid = 0; } else { group_rid = (uint32)atol(temp); @@ -1119,42 +518,42 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdLastSet", temp)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "pwdLastSet", temp)) { /* leave as default */ } else { pass_last_set_time = (time_t) atol(temp); pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "logonTime", temp)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "logonTime", temp)) { /* leave as default */ } else { logon_time = (time_t) atol(temp); pdb_set_logon_time(sampass, logon_time, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "logoffTime", temp)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "logoffTime", temp)) { /* leave as default */ } else { logoff_time = (time_t) atol(temp); pdb_set_logoff_time(sampass, logoff_time, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "kickoffTime", temp)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "kickoffTime", temp)) { /* leave as default */ } else { kickoff_time = (time_t) atol(temp); pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdCanChange", temp)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "pwdCanChange", temp)) { /* leave as default */ } else { pass_can_change_time = (time_t) atol(temp); pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdMustChange", temp)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "pwdMustChange", temp)) { /* leave as default */ } else { pass_must_change_time = (time_t) atol(temp); @@ -1167,9 +566,9 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, * that fits your needs; using cn then displayName rather than 'userFullName' */ - if (!get_single_attribute(ldap_state->ldap_struct, entry, + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "displayName", fullname)) { - if (!get_single_attribute(ldap_state->ldap_struct, entry, + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "cn", fullname)) { /* leave as default */ } else { @@ -1179,7 +578,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_fullname(sampass, fullname, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDrive", dir_drive)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "homeDrive", dir_drive)) { pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx, lp_logon_drive(), username, domain, @@ -1189,7 +588,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_dir_drive(sampass, dir_drive, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "smbHome", homedir)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "smbHome", homedir)) { pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx, lp_logon_home(), username, domain, @@ -1199,7 +598,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_homedir(sampass, homedir, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "scriptPath", logon_script)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "scriptPath", logon_script)) { pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx, lp_logon_script(), username, domain, @@ -1209,7 +608,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_logon_script(sampass, logon_script, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "profilePath", profile_path)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "profilePath", profile_path)) { pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx, lp_logon_path(), username, domain, @@ -1219,13 +618,13 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, pdb_set_profile_path(sampass, profile_path, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", acct_desc)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "description", acct_desc)) { /* leave as default */ } else { pdb_set_acct_desc(sampass, acct_desc, PDB_SET); } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "userWorkstations", workstations)) { + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "userWorkstations", workstations)) { /* leave as default */; } else { pdb_set_workstations(sampass, workstations, PDB_SET); @@ -1237,7 +636,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, hours_len = 21; memset(hours, 0xff, hours_len); - if (!get_single_attribute (ldap_state->ldap_struct, entry, "lmPassword", temp)) { + if (!smb_ldap_get_single_attribute (ldap_state->ldap_struct, entry, "lmPassword", temp)) { /* leave as default */ } else { pdb_gethexpwd(temp, smblmpwd); @@ -1247,7 +646,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, ZERO_STRUCT(smblmpwd); } - if (!get_single_attribute (ldap_state->ldap_struct, entry, "ntPassword", temp)) { + if (!smb_ldap_get_single_attribute (ldap_state->ldap_struct, entry, "ntPassword", temp)) { /* leave as default */ } else { pdb_gethexpwd(temp, smbntpwd); @@ -1257,7 +656,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, ZERO_STRUCT(smbntpwd); } - if (!get_single_attribute (ldap_state->ldap_struct, entry, "acctFlags", temp)) { + if (!smb_ldap_get_single_attribute (ldap_state->ldap_struct, entry, "acctFlags", temp)) { acct_ctrl |= ACB_NORMAL; } else { acct_ctrl = pdb_decode_acct_ctrl(temp); @@ -1325,7 +724,7 @@ static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing, the old value, should it exist. */ if ((newval != NULL) && (strlen(newval) > 0)) { - make_a_mod(mods, LDAP_MOD_ADD, attribute, newval); + smb_ldap_make_a_mod(mods, LDAP_MOD_ADD, attribute, newval); } if (values == NULL) { @@ -1340,7 +739,7 @@ static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing, deny the complete operation if somebody changed the attribute behind our back. */ - make_a_mod(mods, LDAP_MOD_DELETE, attribute, values[0]); + smb_ldap_make_a_mod(mods, LDAP_MOD_DELETE, attribute, values[0]); ldap_value_free(values); } @@ -1348,7 +747,7 @@ static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing, Initialize SAM_ACCOUNT from an LDAP query (Based on init_buffer_from_sam in pdb_tdb.c) *********************************************************************/ -static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, +static BOOL init_ldap_from_sam (struct smb_ldap_privates *ldap_state, LDAPMessage *existing, LDAPMod *** mods, const SAM_ACCOUNT * sampass, BOOL (*need_update)(const SAM_ACCOUNT *, @@ -1534,7 +933,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, /********************************************************************** Connect to LDAP server and find the next available RID. *********************************************************************/ -static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid) +static uint32 check_nua_rid_is_avail(struct smb_ldap_privates *ldap_state, uint32 top_rid) { LDAPMessage *result; uint32 final_rid = (top_rid & (~USER_RID_TYPE)) + RID_MULTIPLIER; @@ -1565,7 +964,7 @@ static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 /********************************************************************** Extract the RID from an LDAP entry *********************************************************************/ -static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry) { +static uint32 entry_to_user_rid(struct smb_ldap_privates *ldap_state, LDAPMessage *entry) { uint32 rid; SAM_ACCOUNT *user = NULL; if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) { @@ -1588,7 +987,7 @@ static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage /********************************************************************** Connect to LDAP server and find the next available RID. *********************************************************************/ -static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state) +static uint32 search_top_nua_rid(struct smb_ldap_privates *ldap_state) { int rc; pstring filter; @@ -1609,7 +1008,7 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state) #endif DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter)); - rc = ldapsam_search(ldap_state, lp_ldap_suffix(), + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE, final_filter, attr, 0, &result); @@ -1658,7 +1057,7 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state) /********************************************************************** Connect to LDAP server and find the next available RID. *********************************************************************/ -static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state) { +static uint32 ldapsam_get_next_available_nua_rid(struct smb_ldap_privates *ldap_state) { uint32 next_nua_rid; uint32 top_nua_rid; @@ -1675,14 +1074,14 @@ Connect to LDAP server for password enumeration *********************************************************************/ static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; int rc; pstring filter; pstrcpy(filter, lp_ldap_filter()); all_string_sub(filter, "%u", "*", sizeof(pstring)); - rc = ldapsam_search(ldap_state, lp_ldap_suffix(), + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE, filter, attr, 0, &ldap_state->result); @@ -1710,7 +1109,7 @@ End enumeration of the LDAP password list *********************************************************************/ static void ldapsam_endsampwent(struct pdb_methods *my_methods) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; if (ldap_state->result) { ldap_msgfree(ldap_state->result); ldap_state->result = NULL; @@ -1723,13 +1122,9 @@ Get the next entry in the LDAP password database static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; BOOL bret = False; - /* The rebind proc needs this *HACK*. We are not multithreaded, so - this will work, but it's not nice. */ - static_ldap_state = ldap_state; - while (!bret) { if (!ldap_state->entry) return ret; @@ -1750,7 +1145,7 @@ Get SAM_ACCOUNT entry from LDAP by username static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *user, const char *sname) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; LDAPMessage *result; LDAPMessage *entry; int count; @@ -1794,8 +1189,8 @@ Get SAM_ACCOUNT entry from LDAP by rid static NTSTATUS ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *user, uint32 rid) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = + (struct smb_ldap_privates *)my_methods->private_data; LDAPMessage *result; LDAPMessage *entry; int count; @@ -1850,7 +1245,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd, char *dn, LDAPMod **mods, int ldap_op, BOOL pdb_add) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; int rc; if (!my_methods || !newpwd || !dn) { @@ -1864,11 +1259,11 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, switch(ldap_op) { case LDAP_MOD_ADD: - make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account"); - rc = ldapsam_add(ldap_state, dn, mods); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account"); + rc = smb_ldap_add(ldap_state, dn, mods); break; case LDAP_MOD_REPLACE: - rc = ldapsam_modify(ldap_state, dn ,mods); + rc = smb_ldap_modify(ldap_state, dn ,mods); break; default: DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); @@ -1915,7 +1310,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, ber_free(ber,1); - if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_X_MODIFY_PASSWD, + if ((rc = smb_ldap_extended_operation(ldap_state, LDAP_EXOP_X_MODIFY_PASSWD, bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) { DEBUG(0,("LDAP Password could not be changed for user %s: %s\n", pdb_get_username(newpwd),ldap_err2string(rc))); @@ -1938,7 +1333,7 @@ Delete entry from LDAP for username *********************************************************************/ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct) { - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; const char *sname; int rc; LDAPMessage *result; @@ -1985,7 +1380,7 @@ Update SAM_ACCOUNT static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; int rc; char *dn; LDAPMessage *result; @@ -2057,7 +1452,7 @@ Add SAM_ACCOUNT to LDAP static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; int rc; pstring filter; LDAPMessage *result = NULL; @@ -2136,7 +1531,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO return NT_STATUS_UNSUCCESSFUL; } - make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount"); + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount"); ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, True); if (NT_STATUS_IS_ERR(ret)) { @@ -2153,15 +1548,15 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO static void free_private_data(void **vp) { - struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp; + struct smb_ldap_privates **ldap_state = (struct smb_ldap_privates **)vp; - ldapsam_close(*ldap_state); + smb_ldap_close(*ldap_state); if ((*ldap_state)->bind_secret) { memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret)); } - ldapsam_close(*ldap_state); + smb_ldap_close(*ldap_state); SAFE_FREE((*ldap_state)->bind_dn); SAFE_FREE((*ldap_state)->bind_secret); @@ -2176,7 +1571,7 @@ static const char *group_attr[] = {"cn", "ntSid", "ntGroupType", "displayName", "description", NULL }; -static int ldapsam_search_one_group (struct ldapsam_privates *ldap_state, +static int ldapsam_search_one_group (struct smb_ldap_privates *ldap_state, const char *filter, LDAPMessage ** result) { @@ -2185,7 +1580,7 @@ static int ldapsam_search_one_group (struct ldapsam_privates *ldap_state, DEBUG(2, ("ldapsam_search_one_group: searching for:[%s]\n", filter)); - rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope, + rc = smb_ldap_search(ldap_state, lp_ldap_suffix (), scope, filter, group_attr, 0, result); if (rc != LDAP_SUCCESS) { @@ -2203,7 +1598,7 @@ static int ldapsam_search_one_group (struct ldapsam_privates *ldap_state, return rc; } -static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, +static BOOL init_group_from_ldap(struct smb_ldap_privates *ldap_state, GROUP_MAP *map, LDAPMessage *entry) { pstring temp; @@ -2214,7 +1609,7 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, return False; } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) { DEBUG(0, ("Mandatory attribute gidNumber not found\n")); return False; @@ -2223,14 +1618,14 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, map->gid = (gid_t)atol(temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", temp)) { DEBUG(0, ("Mandatory attribute ntSid not found\n")); return False; } string_to_sid(&map->sid, temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "ntGroupType", + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "ntGroupType", temp)) { DEBUG(0, ("Mandatory attribute ntGroupType not found\n")); return False; @@ -2243,11 +1638,11 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, return False; } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "displayName", + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "displayName", temp)) { DEBUG(3, ("Attribute displayName not found\n")); temp[0] = '\0'; - if (!get_single_attribute(ldap_state->ldap_struct, entry, "cn", + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "cn", temp)) { DEBUG(0, ("Attributes cn not found either " "for gidNumber(%i)\n",map->gid)); @@ -2256,7 +1651,7 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, } fstrcpy(map->nt_name, temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", + if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "description", temp)) { DEBUG(3, ("Attribute description not found\n")); temp[0] = '\0'; @@ -2298,8 +1693,8 @@ static NTSTATUS ldapsam_getgroup(struct pdb_methods *methods, const char *filter, GROUP_MAP *map) { - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; + struct smb_ldap_privates *ldap_state = + (struct smb_ldap_privates *)methods->private_data; LDAPMessage *result; LDAPMessage *entry; int count; @@ -2378,7 +1773,7 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, return ldapsam_getgroup(methods, filter, map); } -static int ldapsam_search_one_group_by_gid(struct ldapsam_privates *ldap_state, +static int ldapsam_search_one_group_by_gid(struct smb_ldap_privates *ldap_state, gid_t gid, LDAPMessage **result) { @@ -2393,8 +1788,8 @@ static int ldapsam_search_one_group_by_gid(struct ldapsam_privates *ldap_state, static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; + struct smb_ldap_privates *ldap_state = + (struct smb_ldap_privates *)methods->private_data; LDAPMessage *result = NULL; LDAPMod **mods = NULL; @@ -2444,10 +1839,10 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, return NT_STATUS_UNSUCCESSFUL; } - make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", + smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "sambaGroupMapping"); - rc = ldapsam_modify(ldap_state, dn, mods); + rc = smb_ldap_modify(ldap_state, dn, mods); ldap_mods_free(mods, 1); if (rc != LDAP_SUCCESS) { @@ -2467,8 +1862,8 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; + struct smb_ldap_privates *ldap_state = + (struct smb_ldap_privates *)methods->private_data; int rc; char *dn; LDAPMessage *result; @@ -2504,7 +1899,7 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, return NT_STATUS_UNSUCCESSFUL; } - rc = ldapsam_modify(ldap_state, dn, mods); + rc = smb_ldap_modify(ldap_state, dn, mods); ldap_mods_free(mods, 1); @@ -2524,8 +1919,8 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, DOM_SID sid) { - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; + struct smb_ldap_privates *ldap_state = + (struct smb_ldap_privates *)methods->private_data; pstring sidstring, filter; LDAPMessage *result; int rc; @@ -2553,12 +1948,12 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, BOOL update) { - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = + (struct smb_ldap_privates *)my_methods->private_data; const char *filter = "(objectClass=sambaGroupMapping)"; int rc; - rc = ldapsam_search(ldap_state, lp_ldap_suffix(), + rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE, filter, group_attr, 0, &ldap_state->result); @@ -2590,13 +1985,9 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods, GROUP_MAP *map) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + struct smb_ldap_privates *ldap_state = (struct smb_ldap_privates *)my_methods->private_data; BOOL bret = False; - /* The rebind proc needs this *HACK*. We are not multithreaded, so - this will work, but it's not nice. */ - static_ldap_state = ldap_state; - while (!bret) { if (!ldap_state->entry) return ret; @@ -2664,7 +2055,7 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { NTSTATUS nt_status; - struct ldapsam_privates *ldap_state; + struct smb_ldap_privates *ldap_state; if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { return nt_status; @@ -2691,7 +2082,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co /* TODO: Setup private data and free */ - ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct ldapsam_privates)); + ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct smb_ldap_privates)); if (!ldap_state) { DEBUG(0, ("talloc() failed for ldapsam private_data!\n")); @@ -2729,7 +2120,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { NTSTATUS nt_status; - struct ldapsam_privates *ldap_state; + struct smb_ldap_privates *ldap_state; uint32 low_nua_uid, high_nua_uid; if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) { -- cgit From b5989bdb1c5b3bb40e993f8ced85696c27e498dc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 3 Apr 2003 06:16:53 +0000 Subject: Fix a compile warning in slprintf format string. Possible typo: winbind_idmap_methods -> winbindd_idmap_methods Fix wrong format char when generating a ldap filter string. (This used to be commit f9cb23e68753337676876b97b145e04ad423e184) --- source3/nsswitch/winbindd_idmap_ldap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/nsswitch/winbindd_idmap_ldap.c b/source3/nsswitch/winbindd_idmap_ldap.c index b0b260e34d..7ffddf9ac4 100644 --- a/source3/nsswitch/winbindd_idmap_ldap.c +++ b/source3/nsswitch/winbindd_idmap_ldap.c @@ -77,7 +77,7 @@ static long ldap_allocate_id(BOOL is_user) smb_ldap_make_a_mod(&mods, LDAP_MOD_DELETE, is_user?"uidNumber":"gidNumber", temp); - slprintf(temp, sizeof(temp) - 1, "%i", ret + 1); + slprintf(temp, sizeof(temp) - 1, "%ld", ret + 1); smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, is_user?"uidNumber":"gidNumber", temp); slprintf(temp, sizeof(temp) - 1, "cn=%cID Pool,%s", is_user?'U':'G', lp_ldap_user_suffix()); rc = smb_ldap_modify(ldap_state, temp, mods); @@ -305,7 +305,7 @@ static BOOL ldap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) sid_to_string(str_sid, sid); - slprintf(filter, sizeof(filter) - 1, "ntSid=%d,objectClass=sambaGroupMapping", str_sid); + slprintf(filter, sizeof(filter) - 1, "ntSid=%s,objectClass=sambaGroupMapping", str_sid); DEBUG(2, ("ldap_get_gid_from_sid: searching for:[%s]\n", filter)); @@ -365,7 +365,7 @@ static void ldap_idmap_status(void) DEBUG(0, ("Using LDAP\n")); } -struct winbind_idmap_methods ldap_idmap_methods = { +struct winbindd_idmap_methods ldap_idmap_methods = { ldap_idmap_init, ldap_get_sid_from_uid, @@ -381,7 +381,7 @@ struct winbind_idmap_methods ldap_idmap_methods = { #endif -BOOL winbind_idmap_reg_ldap(struct winbind_idmap_methods **meth) +BOOL winbind_idmap_reg_ldap(struct winbindd_idmap_methods **meth) { #ifdef HAVE_LDAP *meth = &ldap_idmap_methods; -- cgit From 536eda24033cadebb7db47e5affa9a6d118ea109 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Thu, 3 Apr 2003 09:50:33 +0000 Subject: More doco updates. Another few days and it will be cooked. (This used to be commit 79e66288f96b029208d11b3aa095002de9447020) --- docs/docbook/projdoc/AdvancedNetworkAdmin.sgml | 759 +------------------------ docs/docbook/projdoc/PolicyMgmt.sgml | 261 +++++++++ docs/docbook/projdoc/ProfileMgmt.sgml | 631 ++++++++++++++++++++ docs/docbook/projdoc/samba-doc.sgml | 4 + 4 files changed, 914 insertions(+), 741 deletions(-) create mode 100644 docs/docbook/projdoc/PolicyMgmt.sgml create mode 100644 docs/docbook/projdoc/ProfileMgmt.sgml diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml index 5180901fd3..18fda67123 100644 --- a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml +++ b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml @@ -9,772 +9,49 @@ - - - April 1 2003 + April 3 2003 -System Policies +Advanced Network Manangement Information -Basic System Policy Info - - -Much of the information necessary to implement System Policies and -Roaming User Profiles in a Samba domain is the same as that for -implementing these same items in a Windows NT 4.0 domain. -You should read the white paper Implementing -Profiles and Policies in Windows NT 4.0 available from Microsoft. - - - -Here are some additional details: - - - - - - What about Windows NT Policy Editor? - - - - To create or edit ntconfig.pol you must use - the NT Server Policy Editor, poledit.exe which - is included with NT Server but not NT Workstation. - There is a Policy Editor on a NTws - but it is not suitable for creating Domain Policies. - Further, although the Windows 95 - Policy Editor can be installed on an NT Workstation/Server, it will not - work with NT policies because the registry key that are set by the policy templates. - However, the files from the NT Server will run happily enough on an NTws. - You need poledit.exe, common.adm and winnt.adm. It is convenient - to put the two *.adm files in c:\winnt\inf which is where - the binary will look for them unless told otherwise. Note also that that - directory is 'hidden'. - - - - The Windows NT policy editor is also included with the Service Pack 3 (and - later) for Windows NT 4.0. Extract the files using servicepackname /x, - i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, - poledit.exe and the associated template files (*.adm) should - be extracted as well. It is also possible to downloaded the policy template - files for Office97 and get a copy of the policy editor. Another possible - location is with the Zero Administration Kit available for download from Microsoft. - - - - - - Can Win95 do Policies? - - - - Install the group policy handler for Win9x to pick up group - policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. - Install group policies on a Win9x client by double-clicking - grouppol.inf. Log off and on again a couple of - times and see if Win98 picks up group policies. Unfortunately this needs - to be done on every Win9x machine that uses group policies.... - - - - If group policies don't work one reports suggests getting the updated - (read: working) grouppol.dll for Windows 9x. The group list is grabbed - from /etc/group. - - - - - - How do I get 'User Manager' and 'Server Manager' - - - - Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager'? - - - - Microsoft distributes a version of these tools called nexus for - installation on Windows 95 systems. The tools set includes - - - - Server Manager - - User Manager for Domains - - Event Viewer - - - - Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE - - - - The Windows NT 4.0 version of the 'User Manager for - Domains' and 'Server Manager' are available from Microsoft via ftp - from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE - - - - - -Creating Group Prolicy Files - - -Windows '9x - -You need the Win98 Group Policy Editor to -set Group Profiles up under Windows '9x. It can be found on the Original -full product Win98 installation CD under -tools/reskit/netadmin/poledit. You install this -using the Add/Remove Programs facility and then click on the 'Have Disk' -tab. - - - -Use the Group Policy Editor to create a policy file that specifies the -location of user profiles and/or the My Documents etc. -stuff. You then save these settings in a file called -Config.POL that needs to be placed in -the root of the [NETLOGON] share. If your Win98 is configured to log onto -the Samba Domain, it will automatically read this file and update the -Win9x/Me registry of the machine that is logging on. - - - -All of this is covered in the Win98 Resource Kit documentation. - - - -If you do not do it this way, then every so often Win9x/Me will check the -integrity of the registry and will restore it's settings from the back-up -copy of the registry it stores on each Win9x/Me machine. Hence, you will -occasionally notice things changing back to the original settings. - - - - - - - -Roaming Profiles - - - -NOTE! Roaming profiles support is different for Win9X and WinNT. - - - - -Before discussing how to configure roaming profiles, it is useful to see how -Win9X and WinNT clients implement these features. - - - -Win9X clients send a NetUserGetInfo request to the server to get the user's -profiles location. However, the response does not have room for a separate -profiles location field, only the user's home share. This means that Win9X -profiles are restricted to being in the user's home directory. - - - - -WinNT clients send a NetSAMLogon RPC request, which contains many fields, -including a separate field for the location of the user's profiles. -This means that support for profiles is different for Win9X and WinNT. - - - -Windows NT Configuration - - -To support WinNT clients, in the [global] section of smb.conf set the -following (for example): - - - -logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath - - - -The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. - - - - -MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the homes -meta-service name as part of the profile share path. - - - - - - -Windows 9X Configuration - - -To support Win9X clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter. - - - -By using the logon home parameter, you are restricted to putting Win9X -profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your -smb.conf file: - - - -logon home = \\%L\%U\.profiles - - - -then your Win9X clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden). - - - -Not only that, but 'net use/home' will also work, because of a feature in -Win9X. It removes any directory stuff off the end of the home directory area -and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home". - - - - - - -Win9X and WinNT Configuration - - -You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example: - - - -logon home = \\%L\%U\.profiles -logon path = \\%L\profiles\%U - - - - -I have not checked what 'net use /home' does on NT when "logon home" is -set as above. - - - - - -Windows 9X Profile Setup - - -When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders. - - - -The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file. - - - - - - On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - - - - - - - On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - - - - - - -Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me. - - - -You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password. - - - -Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. - - - -Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created. - - - -These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set. - - - -If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the Unix file -permissions and ownership rights on the profile directory contents, -on the samba server. - - - -If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". - - - - - - instead of logging in under the [user, password, domain] dialog, - press escape. - - - - - - run the regedit.exe program, and look in: - - - - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - - - - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - +Remote Server Administration - - [Exit the registry editor]. - - - - - - WARNING - before deleting the contents of the - directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - - - - This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - - - - - - search for the user's .PWL password-caching file in the c:\windows - directory, and delete it. - - - - - - - log off the windows 95 client. - - - - - - check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - - - - - - -If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports. - - - -If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace. - - - - - -Windows NT Workstation 4.0 - - -When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter. - - - -There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter. - - - -The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension -for those situations where it might be created.) - -In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown. +How do I get 'User Manager' and 'Server Manager' -You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one. +Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains', +the 'Server Manager'? -The case of the profile is significant. The file must be called -NTuser.DAT or, for a mandatory profile, NTuser.MAN. - - - - - -Windows NT/200x Server - - -There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords. - - - - - -Sharing Profiles between W9x/Me and NT4/200x/XP workstations - - -Sharing of desktop profiles between Windows versions is NOT recommended. -Desktop profiles are an evolving phenomenon and profiles for later versions -of MS Windows clients add features that may interfere with earlier versions -of MS Windows clients. Probably the more salient reason to NOT mix profiles -is that when logging off an earlier version of MS Windows the older format -of profile contents may overwrite information that belongs to the newer -version resulting in loss of profile information content when that user logs -on again with the newer version of MS Windows. - - - -If you then want to share the same Start Menu / Desktop with W9x/Me, you will -need to specify a common location for the profiles. The smb.conf parameters -that need to be common are logon path and -logon home. - - - -If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory. - - - - - - -Windows NT 4 - - -Unfortunately, the Resource Kit info is Win NT4 or 200x specific. - - - -Here is a quick guide: +Microsoft distributes a version of these tools called nexus for installation on Windows 95 +systems. The tools set includes: + Server Manager + + User Manager for Domains - -On your NT4 Domain Controller, right click on 'My Computer', then -select the tab labelled 'User Profiles'. - - - -Select a user profile you want to migrate and click on it. - - -I am using the term "migrate" lossely. You can copy a profile to -create a group profile. You can give the user 'Everyone' rights to the -profile you copy this to. That is what you need to do, since your samba -domain is not a member of a trust relationship with your NT4 PDC. - - -Click the 'Copy To' button. - -In the box labelled 'Copy Profile to' add your new path, eg: -c:\temp\foobar - -Click on the button labelled 'Change' in the "Permitted to use" box. - -Click on the group 'Everyone' and then click OK. This closes the -'chose user' box. - -Now click OK. - - - -Follow the above for every profile you need to migrate. - - - -Side bar Notes - - -You should obtain the SID of your NT4 domain. You can use smbpasswd to do -this. Read the man page. - - -With Samba-3.0.0 alpha code you can import all you NT4 domain accounts -using the net samsync method. This way you can retain your profile -settings as well as all your users. - - - - - -Mandatory profiles - - -The above method can be used to create mandatory profiles also. To convert -a group profile into a mandatory profile simply locate the NTUser.DAT file -in the copied profile and rename it to NTUser.MAN. - - - - - -moveuser.exe - - -The W2K professional resource kit has moveuser.exe. moveuser.exe changes -the security of a profile from one user to another. This allows the account -domain to change, and/or the user name to change. - - - - - -Get SID - - -You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 -Resource Kit. - - - -Windows NT 4.0 stores the local profile information in the registry under -the following key: -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - - - -Under the ProfileList key, there will be subkeys named with the SIDs of the -users who have logged on to this computer. (To find the profile information -for the user whose locally cached profile you want to move, find the SID for -the user with the GetSID.exe utility.) Inside of the appropriate user's -subkey, you will see a string value named ProfileImagePath. - - - - - - - -Windows 2000/XP - - -You must first convert the profile from a local profile to a domain -profile on the MS Windows workstation as follows: - - - - -Log on as the LOCAL workstation administrator. - - - -Right click on the 'My Computer' Icon, select 'Properties' - - - -Click on the 'User Profiles' tab - - - -Select the profile you wish to convert (click on it once) - - - -Click on the button 'Copy To' - - - -In the "Permitted to use" box, click on the 'Change' button. - - - -Click on the 'Look in" area that lists the machine name, when you click -here it will open up a selection box. Click on the domain to which the -profile must be accessible. - - -You will need to log on if a logon box opens up. Eg: In the connect -as: MIDEARTH\root, password: mypassword. - - - -To make the profile capable of being used by anyone select 'Everyone' - - - -Click OK. The Selection box will close. - - - -Now click on the 'Ok' button to create the profile in the path you -nominated. - + Event Viewer -Done. You now have a profile that can be editted using the samba-3.0.0 -profiles tool. +Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE - -Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable. +The Windows NT 4.0 version of the 'User Manager for +Domains' and 'Server Manager' are available from Microsoft via ftp +from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE - - - - - -This is a security check new to Windows XP (or maybe only -Windows XP service pack 1). It can be disabled via a group policy in -Active Directory. The policy is: -"Computer Configuration\Administrative Templates\System\User -Profiles\Do not check for user ownership of Roaming Profile Folders" - -...and it should be set to "Enabled". -Does the new version of samba have an Active Directory analogue? If so, -then you may be able to set the policy through this. - - - -If you cannot set group policies in samba, then you may be able to set -the policy locally on each machine. If you want to try this, then do -the following (N.B. I don't know for sure that this will work in the -same way as a domain group policy): - - - - - -On the XP workstation log in with an Administrator account. - - -Click: "Start", "Run" -Type: "mmc" -Click: "OK" - -A Microsoft Management Console should appear. -Click: File, "Add/Remove Snap-in...", "Add" -Double-Click: "Group Policy" -Click: "Finish", "Close" -Click: "OK" - -In the "Console Root" window: -Expand: "Local Computer Policy", "Computer Configuration", -"Administrative Templates", "System", "User Profiles" -Double-Click: "Do not check for user ownership of Roaming Profile -Folders" -Select: "Enabled" -Click: OK" - -Close the whole console. You do not need to save the settings (this -refers to the console settings rather than the policies you have -changed). - -Reboot - - - - + diff --git a/docs/docbook/projdoc/PolicyMgmt.sgml b/docs/docbook/projdoc/PolicyMgmt.sgml new file mode 100644 index 0000000000..d9d2495673 --- /dev/null +++ b/docs/docbook/projdoc/PolicyMgmt.sgml @@ -0,0 +1,261 @@ + + + + John HTerpstra + + Samba Team + + jht@samba.org + + + + April 3 2003 + +Policy Management - Hows and Whys + + +System Policies + + +Under MS Windows platforms, particularly those following the release of MS Windows +NT4 and MS Windows 95) it is possible to create a type of file that would be placed +in the NETLOGON share of a domain controller. As the client logs onto the network +this file is read and the contents initiate changes to the registry of the client +machine. This file allows changes to be made to those parts of the registry that +affect users, groups of users, or machines. + + + +For MS Windows 9x/Me this file must be called Config.POL and may +be generated using a tool called poledit.exe, better known as the +Policy Editor. The policy editor was provided on the Windows 98 installation CD, but +dissappeared again with the introduction of MS Windows Me (Millenium Edition). From +comments from MS Windows network administrators it would appear that this tool became +a part of the MS Windows Me Resource Kit. + + + +MS Windows NT4 Server products include the System Policy Editor +under the Start->Programs->Administrative Tools menu item. +For MS Windows NT4 and later clients this file must be called NTConfig.POL. + + + +New with the introduction of MS Windows 2000 was the Microsoft Management Console +or MMC. This tool is the new wave in the ever changing landscape of Microsoft +methods for management of network access and security. Every new Microsoft product +or technology seems to obsolete the old rules and to introduce newer and more +complex tools and methods. To Microsoft's credit though, the MMC does appear to +be a step forward, but improved functionality comes at a great price. + + + +Before embarking on the configuration of network and system policies it is highly +advisable to read the documentation available from Microsoft's web site from + +Implementing Profiles and Policies in Windows NT 4.0 available from Microsoft. +There are a large number of documents in addition to this old one that should also +be read and understood. Try searching on the Microsoft web site for "Group Policies". + + + +What follows is a very discussion with some helpful notes. The information provided +here is incomplete - you are warned. + + + +Creating and Managing Windows 9x/Me Policies + + +You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me. +It can be found on the Original full product Win98 installation CD under +tools/reskit/netadmin/poledit. You install this using the +Add/Remove Programs facility and then click on the 'Have Disk' tab. + + + +Use the Group Policy Editor to create a policy file that specifies the location of +user profiles and/or the My Documents etc. stuff. You then +save these settings in a file called Config.POL that needs to +be placed in the root of the [NETLOGON] share. If your Win98 is configured to log onto +the Samba Domain, it will automatically read this file and update the Win9x/Me registry +of the machine that is logging on. + + + +Further details are covered in the Win98 Resource Kit documentation. + + + +If you do not do it this way, then every so often Win9x/Me will check the +integrity of the registry and will restore it's settings from the back-up +copy of the registry it stores on each Win9x/Me machine. Hence, you will +occasionally notice things changing back to the original settings. + + + +Install the group policy handler for Win9x to pick up group policies. Look on the +Win98 CD in \tools\reskit\netadmin\poledit. +Install group policies on a Win9x client by double-clicking +grouppol.inf. Log off and on again a couple of times and see +if Win98 picks up group policies. Unfortunately this needs to be done on every +Win9x/Me machine that uses group policies. + + + + +Creating and Managing Windows NT4 Style Policy Files + + +To create or edit ntconfig.pol you must use the NT Server +Policy Editor, poledit.exe which is included with NT4 Server +but not NT Workstation. There is a Policy Editor on a NT4 +Workstation but it is not suitable for creating Domain Policies. +Further, although the Windows 95 Policy Editor can be installed on an NT4 +Workstation/Server, it will not work with NT clients. However, the files from +the NT Server will run happily enough on an NT4 Workstation. + + + +You need poledit.exe, common.adm and winnt.adm. +It is convenient to put the two *.adm files in the c:\winnt\inf +directory which is where the binary will look for them unless told otherwise. Note also that that +directory is normally 'hidden'. + + + +The Windows NT policy editor is also included with the Service Pack 3 (and +later) for Windows NT 4.0. Extract the files using servicepackname /x, +i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, +poledit.exe and the associated template files (*.adm) should +be extracted as well. It is also possible to downloaded the policy template +files for Office97 and get a copy of the policy editor. Another possible +location is with the Zero Administration Kit available for download from Microsoft. + + + +Registry Tattoos + + +With NT4 style registry based policy changes, a large number of settings are not +automatically reversed as the user logs off. Since the settings that were in the +NTConfig.POL file were applied to the client machine registry and that apply to the +hive key HKEY_LOCAL_MACHINE are permanent until explicitly reveresd. This is known +as tattooing. It can have serious consequences down-stream and the administrator must +be extreemly careful not to lock out the ability to manage the machine at a later date. + + + + + + +Creating and Managing MS Windows 200x Policies + + +Windows NT4 System policies allows setting of registry parameters specific to +users, groups and computers (client workstations) that are members of the NT4 +style domain. Such policy file will work with MS Windows 2000 / XP clients also. + + + +New to MS Windows 2000 Microsoft introduced a new style of group policy that confers +a superset of capabilities compared with NT4 style policies. Obviously, the tool used +to create them is different, and the mechanism for implementing them is much changed. + + + +The older NT4 style registry based policies are known as Administrative Templates +in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security +configurations, enforce Internet Explorer browser settings, change and redirect aspects of the +users' desktop (including: the location of My Documents files (directory), as +well as intrinsics of where menu items will appear in the Start menu). An additional new +feature is the ability to make available particular software Windows applications to particular +users and/or groups. + + + +Remember: NT4 policy files are named NTConfig.POL and are stored in the root +of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password +and selects the domain name to which the logon will attempt to take place. During the logon +process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating +server, modifies the local registry values according to the settings in this file. + + + +Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of +a Windows 200x policy file is stored in the Active Directory itself and the other part is stored +in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active +Directory domain controllers. The part that is stored in the Active Directory itself is called the +group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is +known as the group policy template (GPT). + + + +With NT4 clients the policy file is read and executed upon only aas each user log onto the network. +MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine +startup (machine specific part) and when the user logs onto the network the user specific part +is applied. In MS Windows 200x style policy management each machine and/or user may be subject +to any number of concurently applicable (and applied) policy sets (GPOs). Active Directory allows +the administrator to also set filters over the policy settings. No such equivalent capability +exists with NT4 style policy files. + + + +Administration of Win2K Policies + + +Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the +executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console +(MMC) snap-in as follows: + + + + + + Go to the Windows 200x / XP menu Start->Programs->Adminsitrative Tools + and select the MMC snap-in called "Active Directory Users and Computers" + + + + + + Select the domain or organizational unit (OU) that you wish to manage, then right click + to open the context menu for that object, select the properties item. + + + + + + Now left click on the Group Policy tab, then left click on the New tab. Type a name + for the new policy you will create. + + + + + + Now left click on the Edit tab to commence the steps needed to create the GPO. + + + + + +All policy configuration options are controlled through the use of policy administrative +templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP. +Beware however, since the .adm files are NOT interchangible across NT4 and Windows 200x. +The later introduces many new features as well as extended definition capabilities. It is +well beyond the scope of this documentation to explain how to program .adm files, for that +the adminsitrator is referred to the Microsoft Windows Resource Kit for your particular +version of MS Windows. + + + + +The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used +to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you +use this powerful tool. Please refer to the resource kit manuals for specific usage information. + + + + + + diff --git a/docs/docbook/projdoc/ProfileMgmt.sgml b/docs/docbook/projdoc/ProfileMgmt.sgml new file mode 100644 index 0000000000..ffbc65f767 --- /dev/null +++ b/docs/docbook/projdoc/ProfileMgmt.sgml @@ -0,0 +1,631 @@ + + + + John HTerpstra + + Samba Team + + jht@samba.org + + + + April 3 2003 + + +Profile Management + + +Roaming Profiles + + + +NOTE! Roaming profiles support is different for Win9X and WinNT. + + + + +Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features. + + + +Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory. + + + + +WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT. + + + +Windows NT Configuration + + +To support WinNT clients, in the [global] section of smb.conf set the +following (for example): + + + +logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath + + + +The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable. + + + + +MS Windows NT/2K clients at times do not disconnect a connection to a server +between logons. It is recommended to NOT use the homes +meta-service name as part of the profile share path. + + + + + + +Windows 9X Configuration + + +To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use /home" now works as well, and it, too, relies +on the "logon home" parameter. + + + +By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file: + + +logon home = \\%L\%U\.profiles + + + +then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden). + + + +Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home". + + + + + + +Win9X and WinNT Configuration + + +You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example: + + + +logon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U + + + + +I have not checked what 'net use /home' does on NT when "logon home" is +set as above. + + + + + +Windows 9X Profile Setup + + +When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders. + + + +The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file. + + + + + + On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. + + + + + + On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. + + + + + + +Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me. + + + +You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password. + + + +Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'. + + + +Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created. + + + +These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set. + + + +If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server. + + + +If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time". + + + + + + instead of logging in under the [user, password, domain] dialog, + press escape. + + + + + run the regedit.exe program, and look in: + + + + HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList + + + + you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. + + + + [Exit the registry editor]. + + + + + + WARNING - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). + + + + This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. + + + + + + search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. + + + + + + + log off the windows 95 client. + + + + + + check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. + + + + + + +If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports. + + + +If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace. + + + + + +Windows NT Workstation 4.0 + + +When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter. + + + +There is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter. + + + +The entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension +for those situations where it might be created.) + + + +In the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown. + + + +You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one. + + + +The case of the profile is significant. The file must be called +NTuser.DAT or, for a mandatory profile, NTuser.MAN. + + + + + +Windows NT/200x Server + + +There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords. + + + + + +Sharing Profiles between W9x/Me and NT4/200x/XP workstations + + +Sharing of desktop profiles between Windows versions is NOT recommended. +Desktop profiles are an evolving phenomenon and profiles for later versions +of MS Windows clients add features that may interfere with earlier versions +of MS Windows clients. Probably the more salient reason to NOT mix profiles +is that when logging off an earlier version of MS Windows the older format +of profile contents may overwrite information that belongs to the newer +version resulting in loss of profile information content when that user logs +on again with the newer version of MS Windows. + + + +If you then want to share the same Start Menu / Desktop with W9x/Me, you will +need to specify a common location for the profiles. The smb.conf parameters +that need to be common are logon path and +logon home. + + + +If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory. + + + + + + +Windows NT 4 + + +Unfortunately, the Resource Kit info is Win NT4 or 200x specific. + + + +Here is a quick guide: + + + + + +On your NT4 Domain Controller, right click on 'My Computer', then +select the tab labelled 'User Profiles'. + + + +Select a user profile you want to migrate and click on it. + + +I am using the term "migrate" lossely. You can copy a profile to +create a group profile. You can give the user 'Everyone' rights to the +profile you copy this to. That is what you need to do, since your samba +domain is not a member of a trust relationship with your NT4 PDC. + + +Click the 'Copy To' button. + +In the box labelled 'Copy Profile to' add your new path, eg: +c:\temp\foobar + +Click on the button labelled 'Change' in the "Permitted to use" box. + +Click on the group 'Everyone' and then click OK. This closes the +'chose user' box. + +Now click OK. + + + +Follow the above for every profile you need to migrate. + + + +Side bar Notes + + +You should obtain the SID of your NT4 domain. You can use smbpasswd to do +this. Read the man page. + + +With Samba-3.0.0 alpha code you can import all you NT4 domain accounts +using the net samsync method. This way you can retain your profile +settings as well as all your users. + + + + + +Mandatory profiles + + +The above method can be used to create mandatory profiles also. To convert +a group profile into a mandatory profile simply locate the NTUser.DAT file +in the copied profile and rename it to NTUser.MAN. + + + + + +moveuser.exe + + +The W2K professional resource kit has moveuser.exe. moveuser.exe changes +the security of a profile from one user to another. This allows the account +domain to change, and/or the user name to change. + + + + + +Get SID + + +You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 +Resource Kit. + + + +Windows NT 4.0 stores the local profile information in the registry under +the following key: +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList + + + +Under the ProfileList key, there will be subkeys named with the SIDs of the +users who have logged on to this computer. (To find the profile information +for the user whose locally cached profile you want to move, find the SID for +the user with the GetSID.exe utility.) Inside of the appropriate user's +subkey, you will see a string value named ProfileImagePath. + + + + + + + +Windows 2000/XP + + +You must first convert the profile from a local profile to a domain +profile on the MS Windows workstation as follows: + + + + +Log on as the LOCAL workstation administrator. + + + +Right click on the 'My Computer' Icon, select 'Properties' + + + +Click on the 'User Profiles' tab + + + +Select the profile you wish to convert (click on it once) + + + +Click on the button 'Copy To' + + + +In the "Permitted to use" box, click on the 'Change' button. + + + +Click on the 'Look in" area that lists the machine name, when you click +here it will open up a selection box. Click on the domain to which the +profile must be accessible. + + + +You will need to log on if a logon box opens up. Eg: In the connect +as: MIDEARTH\root, password: mypassword. + + + +To make the profile capable of being used by anyone select 'Everyone' + + + +Click OK. The Selection box will close. + + + +Now click on the 'Ok' button to create the profile in the path you +nominated. + + + + +Done. You now have a profile that can be editted using the samba-3.0.0 +profiles tool. + + + + +Under NT/2K the use of mandotory profiles forces the use of MS Exchange +storage of mail data. That keeps desktop profiles usable. + + + + + + +This is a security check new to Windows XP (or maybe only +Windows XP service pack 1). It can be disabled via a group policy in +Active Directory. The policy is: + +"Computer Configuration\Administrative Templates\System\User +Profiles\Do not check for user ownership of Roaming Profile Folders" + +...and it should be set to "Enabled". +Does the new version of samba have an Active Directory analogue? If so, +then you may be able to set the policy through this. + + + +If you cannot set group policies in samba, then you may be able to set +the policy locally on each machine. If you want to try this, then do +the following (N.B. I don't know for sure that this will work in the +same way as a domain group policy): + + + + + +On the XP workstation log in with an Administrator account. + + +Click: "Start", "Run" +Type: "mmc" +Click: "OK" + +A Microsoft Management Console should appear. +Click: File, "Add/Remove Snap-in...", "Add" +Double-Click: "Group Policy" +Click: "Finish", "Close" +Click: "OK" + +In the "Console Root" window: +Expand: "Local Computer Policy", "Computer Configuration", +"Administrative Templates", "System", "User Profiles" +Double-Click: "Do not check for user ownership of Roaming Profile +Folders" +Select: "Enabled" +Click: OK" + +Close the whole console. You do not need to save the settings (this +refers to the console settings rather than the policies you have +changed). + +Reboot + + + + + + diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index c002214b77..db421bc690 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -27,6 +27,8 @@ + + ]> @@ -115,6 +117,8 @@ part each cover one specific feature. &PRINTER-DRIVER2; &CUPS; &WINBIND; +&PolicyMgmt; +&ProfileMgmt; &IntegratingWithWindows; &BROWSING; &MS-Dfs-Setup; -- cgit From 5a3e48d10060dfe952deb16111350dde7c55a54d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 14:11:09 +0000 Subject: Fix typo (This used to be commit 028b05e1bb366fa075541177a253749bb38f5ea7) --- docs/docbook/projdoc/PolicyMgmt.sgml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docbook/projdoc/PolicyMgmt.sgml b/docs/docbook/projdoc/PolicyMgmt.sgml index d9d2495673..6eb3a09a97 100644 --- a/docs/docbook/projdoc/PolicyMgmt.sgml +++ b/docs/docbook/projdoc/PolicyMgmt.sgml @@ -236,7 +236,7 @@ executable name poledit.exe), GPOs are created and managed using a Microsoft Man Now left click on the Edit tab to commence the steps needed to create the GPO. - + All policy configuration options are controlled through the use of policy administrative -- cgit From 4a514a493f7cf7ff51f829ec465ed7583d535b7f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 14:33:59 +0000 Subject: Remove compile info (This used to be commit 0aba351a6218ac4d33db7fbbfba4e8c3097cb68a) --- docs/docbook/projdoc/passdb.sgml | 32 ++++---------------------------- 1 file changed, 4 insertions(+), 28 deletions(-) diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml index fa2d75bd34..8e7a409167 100644 --- a/docs/docbook/projdoc/passdb.sgml +++ b/docs/docbook/projdoc/passdb.sgml @@ -830,18 +830,6 @@ ntPassword: 878D8014606CDA29677A44EFA1353FC7 MySQL - -Building - -To build the plugin, run make bin/pdb_mysql.so -in the source/ directory of samba distribution. - - -Next, copy pdb_mysql.so to any location you want. I -strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/ - - - Creating the database @@ -862,7 +850,7 @@ contains the correct queries to create the required tables. Use the command : Add a the following to the passdb backend variable in your smb.conf: -passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins] +passdb backend = [other-plugins] mysql:identifier [other-plugins] @@ -978,35 +966,23 @@ Or, set 'identifier:workstations column' to : -Passdb XML plugin - - -Building +XML This module requires libxml2 to be installed. -To build pdb_xml, run: make bin/pdb_xml.so in -the directory source/. - - - - -Usage - The usage of pdb_xml is pretty straightforward. To export data, use: -pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename +pdbedit -e xml:filename (where filename is the name of the file to put the data in) To import data, use: -pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb +pdbedit -i xml:filename -e current-pdb Where filename is the name to read the data from and current-pdb to put it in. - -- cgit From 313258fc6d7a197cf98f463f5c6ccf881591d62b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 15:41:36 +0000 Subject: Add documentation for new messages in 3.0 (This used to be commit c44cc1be750b86a0bc9dd8063aef13c9c19176f6) --- docs/docbook/manpages/smbcontrol.1.sgml | 278 ++++++++++++++++++++------------ 1 file changed, 176 insertions(+), 102 deletions(-) diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index 6632e07269..e19aabedc7 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -1,4 +1,6 @@ - + %globalentities; +]> @@ -16,6 +18,7 @@ smbcontrol -i + -s @@ -44,6 +47,8 @@ OPTIONS + &stdarg.help; + &stdarg.configfile; -i Run interactively. Individual commands @@ -70,107 +75,12 @@ message-type - One of: close-share, - debug, - force-election, ping - , profile, - debuglevel, profilelevel, - or printnotify. - - The close-share message-type sends a - message to smbd which will then close the client connections to - the named share. Note that this doesn't affect client connections - to any other shares. This message-type takes an argument of the - share name for which client connections will be closed, or the - "*" character which will close all currently open shares. - This may be useful if you made changes to the access controls on the share. - This message can only be sent to smbd. - - The debug message-type allows - the debug level to be set to the value specified by the - parameter. This can be sent to any of the destinations. - - The force-election message-type can only be - sent to the nmbd destination. This message - causes the nmbd daemon to force a new browse - master election. - - The ping message-type sends the - number of "ping" messages specified by the parameter and waits - for the same number of reply "pong" messages. This can be sent to - any of the destinations. - - The profile message-type sends a - message to an smbd to change the profile settings based on the - parameter. The parameter can be "on" to turn on profile stats - collection, "off" to turn off profile stats collection, "count" - to enable only collection of count stats (time stats are - disabled), and "flush" to zero the current profile stats. This can - be sent to any smbd or nmbd destinations. - - The debuglevel message-type sends - a "request debug level" message. The current debug level setting - is returned by a "debuglevel" message. This can be - sent to any of the destinations. - - The profilelevel message-type sends - a "request profile level" message. The current profile level - setting is returned by a "profilelevel" message. This can be sent - to any smbd or nmbd destinations. - - The printnotify message-type sends a - message to smbd which in turn sends a printer notify message to - any Windows NT clients connected to a printer. This message-type - takes the following arguments: - - - - - queuepause printername - Send a queue pause change notify - message to the printer specified. - - - - queueresume printername - Send a queue resume change notify - message for the printer specified. - - - - jobpause printername unixjobid - Send a job pause change notify - message for the printer and unix jobid - specified. - - - - jobresume printername unixjobid - Send a job resume change notify - message for the printer and unix jobid - specified. - - - - jobdelete printername unixjobid - Send a job delete change notify - message for the printer and unix jobid - specified. - - - - - Note that this message only sends notification that an - event has occured. It doesn't actually cause the - event to happen. - - This message can only be sent to smbd. - - - - - + Type of message to send. See + the section MESSAGE-TYPES for details. + + + parameters any parameters required for the message-type @@ -180,10 +90,174 @@ + + MESSAGE-TYPES + + Available message types are: + + + close-share + Order smbd to close the client + connections to the named share. Note that this doesn't affect client + connections to any other shares. This message-type takes an argument of the + share name for which client connections will be closed, or the + "*" character which will close all currently open shares. + This may be useful if you made changes to the access controls on the share. + This message can only be sent to smbd. + + + + + debug + Set debug level to the value specified by the + parameter. This can be sent to any of the destinations. + + + + + force-election + This message causes the nmbd daemon to + force a new browse master election. + + + + ping + + Send specified number of "ping" messages and + wait for the same number of reply "pong" messages. This can be sent to + any of the destinations. + + + + + profile + Change profile settings of a daemon, based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any smbd or nmbd destinations. + + + + debuglevel + + Request debuglevel of a certain daemon and write it to stdout. This + can be sent to any of the destinations. + + + + + profilelevel + + Request profilelevel of a certain daemon and write it to stdout. + This can be sent to any smbd or nmbd destinations. + + + + + printnotify + + Order smbd to send a printer notify message to any Windows NT clients + connected to a printer. This message-type takes the following arguments: + + + + + + queuepause printername + Send a queue pause change notify + message to the printer specified. + + + + queueresume printername + Send a queue resume change notify + message for the printer specified. + + + + jobpause printername unixjobid + Send a job pause change notify + message for the printer and unix jobid + specified. + + + + jobresume printername unixjobid + Send a job resume change notify + message for the printer and unix jobid + specified. + + + + jobdelete printername unixjobid + Send a job delete change notify + message for the printer and unix jobid + specified. + + + + + Note that this message only sends notification that an + event has occured. It doesn't actually cause the + event to happen. + + + This message can only be sent to smbd. + + + + + samsync + Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to smbd. + Not working at the moment + + + + + samrepl + Send sam replication message, with specified serial. Can only be sent to smbd. Should not be used manually. + + + + dmalloc-mark + Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. + + + + dmalloc-log-changed + + Dump the pointers that have changed since the mark set by dmalloc-mark. + Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. + + + + shutdown + Shut down specified daemon. Can be sent to both smbd and nmbd. + + + + tallocdump and pool-usage + Print a human-readable description of all + talloc(pool) memory usage by the specified daemon/process. Available + for both smbd and nmbd. + + + + drvupgrade + Force clients of printers using specified driver + to update their local version of the driver. Can only be + sent to smbd. + + + + + VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. -- cgit From 101b52e0bef0b21282d5fd0503acde89bc680bb1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 15:43:16 +0000 Subject: Give warning if 'drvupgrade' doesn't get a parameter (This used to be commit 55d9ef08a7585f69466cd4c0b30ce33841d52b33) --- source3/utils/smbcontrol.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c index d622edd69f..ec4f41cad6 100644 --- a/source3/utils/smbcontrol.c +++ b/source3/utils/smbcontrol.c @@ -633,6 +633,11 @@ static BOOL do_command(char *dest, char *msg_name, int iparams, char **params) return False; break; case MSG_PRINTER_DRVUPGRADE: + if (!params || !params[0]) { + fprintf(stderr,"drvupgrade needs a parameter\n"); + return(False); + } + if (!send_message(dest, MSG_PRINTER_DRVUPGRADE, params[0], 0, False)) return False; break; -- cgit From dc1245b6187b675a981f1485c24774c178475dc7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 17:09:33 +0000 Subject: Update for 3.0 (This used to be commit 28ba8dabb3abba2e787f424ab4e7550e5f8b6524) --- docs/docbook/manpages/smbmount.8.sgml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml index d17e4e6bcf..12f64c7354 100644 --- a/docs/docbook/manpages/smbmount.8.sgml +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -99,6 +99,11 @@ password = <value> + + krb + Use kerberos (Active Directory). + + netbiosname=<arg> sets the source NetBIOS name. It defaults @@ -140,7 +145,7 @@ password = <value> dmask=<arg> - sets the directory mask. This determines the + Sets the directory mask. This determines the permissions that remote directories have in the local filesystem. The default is based on the current umask. @@ -148,7 +153,7 @@ password = <value> debug=<arg> - sets the debug level. This is useful for + Sets the debug level. This is useful for tracking down SMB connection problems. A suggested value to start with is 4. If set too high there will be a lot of output, possibly hiding the useful output. @@ -157,7 +162,7 @@ password = <value> ip=<arg> - sets the destination host or IP address. + Sets the destination host or IP address. @@ -165,14 +170,14 @@ password = <value> workgroup=<arg> - sets the workgroup on the destination + Sets the workgroup on the destination sockopt=<arg> - sets the TCP socket options. See the Sets the TCP socket options. See the smb.conf 5 socket options option. @@ -181,15 +186,14 @@ password = <value> scope=<arg> - sets the NetBIOS scope + Sets the NetBIOS scope guest - don't prompt for a password + Don't prompt for a password - ro mount read-only -- cgit From e3e9e4fbc54d50ff931d83d9fc29b188ba8128aa Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 17:26:13 +0000 Subject: Update for 3.0 (This used to be commit 4e2828165b664ed90ddde308acc06fffb9db4947) --- docs/docbook/manpages/smbtar.1.sgml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml index ffb5087347..0492a3a574 100644 --- a/docs/docbook/manpages/smbtar.1.sgml +++ b/docs/docbook/manpages/smbtar.1.sgml @@ -16,20 +16,20 @@ smbtar + -r + -i + -a + -v -s server -p password -x services -X + -N filename + -b blocksize -d directory + -l loglevel -u user -t tape - -t tape - -b blocksize - -N filename - -i - -r - -l loglevel - -v filenames @@ -100,6 +100,11 @@ + + -a + Reset DOS archive bit mode to + indicate file has been archived. + -t tape -- cgit From c8b342144458e48ee4f94116778684af651c6122 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 17:26:55 +0000 Subject: Update to 3.0 (This used to be commit 2259117e6505c0ccb1b4ece78e2355b7493d1b2f) --- docs/docbook/manpages/smbmnt.8.sgml | 7 ++++++- docs/docbook/manpages/smbsh.1.sgml | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.sgml index 6d48b12b9b..8c07ed2eb4 100644 --- a/docs/docbook/manpages/smbmnt.8.sgml +++ b/docs/docbook/manpages/smbmnt.8.sgml @@ -1,4 +1,6 @@ - + %globalentities; +]> @@ -23,6 +25,7 @@ -f <mask> -d <mask> -o <options> + -h @@ -88,6 +91,8 @@ + &stdarg.help; + diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml index 5a53c53be3..78b4f0ad16 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -70,7 +70,8 @@ - &popt.common.samba; + &stdarg.configfile; + &stdarg.debug; &stdarg.resolve.order; -- cgit From c57096cb03951c9e849858d5b10f56ed462e936a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 17:44:51 +0000 Subject: Update manpages for 3.0 (This used to be commit edd15d36f528b64f3ab961908bcd43111e08244b) --- docs/Samba-Developers-Guide.pdf | 4 +- docs/Samba-HOWTO-Collection.pdf | 10073 ++++++++++---------- docs/docbook/manpages/smbspool.8.sgml | 14 +- docs/docbook/manpages/testprns.1.sgml | 2 +- docs/docs-status | 16 +- docs/htmldocs/Samba-HOWTO-Collection.html | 13613 ++++++++++++++-------------- docs/manpages/findsmb.1 | 2 +- docs/manpages/lmhosts.5 | 2 +- docs/manpages/net.8 | 2 +- docs/manpages/nmbd.8 | 2 +- docs/manpages/nmblookup.1 | 2 +- docs/manpages/pdbedit.8 | 2 +- docs/manpages/rpcclient.1 | 6 +- docs/manpages/samba.7 | 2 +- docs/manpages/smb.conf.5 | 92 +- docs/manpages/smbcacls.1 | 2 +- docs/manpages/smbclient.1 | 6 +- docs/manpages/smbcontrol.1 | 132 +- docs/manpages/smbd.8 | 2 +- docs/manpages/smbgroupedit.8 | 2 +- docs/manpages/smbmnt.8 | 2 +- docs/manpages/smbmount.8 | 2 +- docs/manpages/smbpasswd.5 | 2 +- docs/manpages/smbpasswd.8 | 2 +- docs/manpages/smbsh.1 | 2 +- docs/manpages/smbspool.8 | 2 +- docs/manpages/smbstatus.1 | 2 +- docs/manpages/smbtar.1 | 2 +- docs/manpages/smbumount.8 | 2 +- docs/manpages/swat.8 | 2 +- docs/manpages/testparm.1 | 2 +- docs/manpages/testprns.1 | 2 +- docs/manpages/vfstest.1 | 2 +- docs/manpages/wbinfo.1 | 2 +- docs/manpages/winbindd.8 | 22 +- 35 files changed, 12146 insertions(+), 11882 deletions(-) diff --git a/docs/Samba-Developers-Guide.pdf b/docs/Samba-Developers-Guide.pdf index ca67bef976..ffd8bd128d 100644 --- a/docs/Samba-Developers-Guide.pdf +++ b/docs/Samba-Developers-Guide.pdf @@ -1,6 +1,6 @@ %PDF-1.3 %âãÏÓ -1 0 obj<>endobj +1 0 obj<>endobj 2 0 obj<>endobj 3 0 obj<>endobj 4 0 obj<>endobj @@ -2728,7 +2728,7 @@ xref 0000186776 00000 n 0000186871 00000 n trailer -<<93af2445d6880037f24b021f8ddba00f>]>> +<<189abffedc06aaee73d71f659ae7c647>]>> startxref 187413 %%EOF diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf index b2fbe18a31..8cbf9dbcd4 100644 --- a/docs/Samba-HOWTO-Collection.pdf +++ b/docs/Samba-HOWTO-Collection.pdf @@ -1,6 +1,6 @@ %PDF-1.3 %âãÏÓ -1 0 obj<>endobj +1 0 obj<>endobj 2 0 obj<>endobj 3 0 obj<>endobj 4 0 obj<>endobj @@ -20,48 +20,48 @@ endobj 16 0 obj<]/Interpolate true/Filter/FlateDecode/Width 24/Height 24/BitsPerComponent 8/Length 223 >>stream xUQ‡‚05âÀâ8@‹´öÿÍÚ4¥¦wo%w•R+©8¸çóCŒ+N"]×‚*³ÏW ,D¶1Ž|áÂŠØi"%õ~öÄ0íÈ)ûÜ1ªlN!3€Ž1ˆìTÆ4HÔ†ÞË<ê <~õZ>ynõ¯.ŒHãê«>LÜê…K·ùbØŽ¼ÑŸ'4¦øËûŽžY}Íü-?f&tïA¿Â{2é“»7L}On4žïàKùIÿˆ" Ÿä õP†B‡hÃ¯G]áz˜$>—ÐÔ³å.mcoendstream endobj -17 0 obj<>endobj -18 0 obj<>endobj -19 0 obj<>endobj -20 0 obj<>endobj -21 0 obj<>endobj -22 0 obj<>endobj -23 0 obj<>endobj -24 0 obj<>endobj -25 0 obj<>endobj -26 0 obj<>endobj -27 0 obj<>endobj -28 0 obj<>endobj -29 0 obj<>endobj -30 0 obj<>endobj -31 0 obj<>endobj -32 0 obj<>endobj -33 0 obj<>endobj -34 0 obj<>endobj -35 0 obj<>endobj -36 0 obj<>endobj -37 0 obj<>endobj -38 0 obj<>endobj -39 0 obj<>endobj -40 0 obj<>endobj -41 0 obj<>endobj -42 0 obj<>endobj -43 0 obj<>endobj -44 0 obj<>endobj -45 0 obj<>endobj -46 0 obj<>endobj -47 0 obj<>endobj -48 0 obj<>endobj -49 0 obj<>endobj -50 0 obj<>endobj -51 0 obj<>endobj -52 0 obj<>endobj -53 0 obj<>endobj -54 0 obj<>endobj -55 0 obj<>endobj -56 0 obj<>endobj -57 0 obj<>endobj -58 0 obj<>endobj +17 0 obj<>endobj +18 0 obj<>endobj +19 0 obj<>endobj +20 0 obj<>endobj +21 0 obj<>endobj +22 0 obj<>endobj +23 0 obj<>endobj +24 0 obj<>endobj +25 0 obj<>endobj +26 0 obj<>endobj +27 0 obj<>endobj +28 0 obj<>endobj +29 0 obj<>endobj +30 0 obj<>endobj +31 0 obj<>endobj +32 0 obj<>endobj +33 0 obj<>endobj +34 0 obj<>endobj +35 0 obj<>endobj +36 0 obj<>endobj +37 0 obj<>endobj +38 0 obj<>endobj +39 0 obj<>endobj +40 0 obj<>endobj +41 0 obj<>endobj +42 0 obj<>endobj +43 0 obj<>endobj +44 0 obj<>endobj +45 0 obj<>endobj +46 0 obj<>endobj +47 0 obj<>endobj +48 0 obj<>endobj +49 0 obj<>endobj +50 0 obj<>endobj +51 0 obj<>endobj +52 0 obj<>endobj +53 0 obj<>endobj +54 0 obj<>endobj +55 0 obj<>endobj +56 0 obj<>endobj +57 0 obj<>endobj +58 0 obj<>endobj 59 0 obj[17 0 R 18 0 R 19 0 R @@ -104,48 +104,48 @@ endobj 56 0 R 57 0 R 58 0 R]endobj -60 0 obj<>endobj -61 0 obj<>endobj -62 0 obj<>endobj -63 0 obj<>endobj -64 0 obj<>endobj -65 0 obj<>endobj -66 0 obj<>endobj -67 0 obj<>endobj -68 0 obj<>endobj -69 0 obj<>endobj -70 0 obj<>endobj -71 0 obj<>endobj -72 0 obj<>endobj -73 0 obj<>endobj -74 0 obj<>endobj -75 0 obj<>endobj -76 0 obj<>endobj -77 0 obj<>endobj -78 0 obj<>endobj -79 0 obj<>endobj -80 0 obj<>endobj -81 0 obj<>endobj -82 0 obj<>endobj -83 0 obj<>endobj -84 0 obj<>endobj -85 0 obj<>endobj -86 0 obj<>endobj -87 0 obj<>endobj -88 0 obj<>endobj -89 0 obj<>endobj -90 0 obj<>endobj -91 0 obj<>endobj -92 0 obj<>endobj -93 0 obj<>endobj -94 0 obj<>endobj -95 0 obj<>endobj -96 0 obj<>endobj -97 0 obj<>endobj -98 0 obj<>endobj -99 0 obj<>endobj -100 0 obj<>endobj -101 0 obj<>endobj +60 0 obj<>endobj +61 0 obj<>endobj +62 0 obj<>endobj +63 0 obj<>endobj +64 0 obj<>endobj +65 0 obj<>endobj +66 0 obj<>endobj +67 0 obj<>endobj +68 0 obj<>endobj +69 0 obj<>endobj +70 0 obj<>endobj +71 0 obj<>endobj +72 0 obj<>endobj +73 0 obj<>endobj +74 0 obj<>endobj +75 0 obj<>endobj +76 0 obj<>endobj +77 0 obj<>endobj +78 0 obj<>endobj +79 0 obj<>endobj +80 0 obj<>endobj +81 0 obj<>endobj +82 0 obj<>endobj +83 0 obj<>endobj +84 0 obj<>endobj +85 0 obj<>endobj +86 0 obj<>endobj +87 0 obj<>endobj +88 0 obj<>endobj +89 0 obj<>endobj +90 0 obj<>endobj +91 0 obj<>endobj +92 0 obj<>endobj +93 0 obj<>endobj +94 0 obj<>endobj +95 0 obj<>endobj +96 0 obj<>endobj +97 0 obj<>endobj +98 0 obj<>endobj +99 0 obj<>endobj +100 0 obj<>endobj +101 0 obj<>endobj 102 0 obj[60 0 R 61 0 R 62 0 R @@ -188,48 +188,46 @@ endobj 99 0 R 100 0 R 101 0 R]endobj -103 0 obj<>endobj -104 0 obj<>endobj -105 0 obj<>endobj -106 0 obj<>endobj -107 0 obj<>endobj -108 0 obj<>endobj -109 0 obj<>endobj -110 0 obj<>endobj -111 0 obj<>endobj -112 0 obj<>endobj -113 0 obj<>endobj -114 0 obj<>endobj -115 0 obj<>endobj -116 0 obj<>endobj -117 0 obj<>endobj -118 0 obj<>endobj -119 0 obj<>endobj -120 0 obj<>endobj -121 0 obj<>endobj -122 0 obj<>endobj -123 0 obj<>endobj -124 0 obj<>endobj -125 0 obj<>endobj -126 0 obj<>endobj -127 0 obj<>endobj -128 0 obj<>endobj -129 0 obj<>endobj -130 0 obj<>endobj -131 0 obj<>endobj -132 0 obj<>endobj -133 0 obj<>endobj -134 0 obj<>endobj -135 0 obj<>endobj -136 0 obj<>endobj -137 0 obj<>endobj -138 0 obj<>endobj -139 0 obj<>endobj -140 0 obj<>endobj -141 0 obj<>endobj -142 0 obj<>endobj -143 0 obj<>endobj -144 0 obj[103 0 R +103 0 obj<>endobj +104 0 obj<>endobj +105 0 obj<>endobj +106 0 obj<>endobj +107 0 obj<>endobj +108 0 obj<>endobj +109 0 obj<>endobj +110 0 obj<>endobj +111 0 obj<>endobj +112 0 obj<>endobj +113 0 obj<>endobj +114 0 obj<>endobj +115 0 obj<>endobj +116 0 obj<>endobj +117 0 obj<>endobj +118 0 obj<>endobj +119 0 obj<>endobj +120 0 obj<>endobj +121 0 obj<>endobj +122 0 obj<>endobj +123 0 obj<>endobj +124 0 obj<>endobj +125 0 obj<>endobj +126 0 obj<>endobj +127 0 obj<>endobj +128 0 obj<>endobj +129 0 obj<>endobj +130 0 obj<>endobj +131 0 obj<>endobj +132 0 obj<>endobj +133 0 obj<>endobj +134 0 obj<>endobj +135 0 obj<>endobj +136 0 obj<>endobj +137 0 obj<>endobj +138 0 obj<>endobj +139 0 obj<>endobj +140 0 obj<>endobj +141 0 obj<>endobj +142 0 obj[103 0 R 104 0 R 105 0 R 106 0 R @@ -267,54 +265,54 @@ endobj 138 0 R 139 0 R 140 0 R -141 0 R -142 0 R -143 0 R]endobj -145 0 obj<>endobj -146 0 obj<>endobj -147 0 obj<>endobj -148 0 obj<>endobj -149 0 obj<>endobj -150 0 obj<>endobj -151 0 obj<>endobj -152 0 obj<>endobj -153 0 obj<>endobj -154 0 obj<>endobj -155 0 obj<>endobj -156 0 obj<>endobj -157 0 obj<>endobj -158 0 obj<>endobj -159 0 obj<>endobj -160 0 obj<>endobj -161 0 obj<>endobj -162 0 obj<>endobj -163 0 obj<>endobj -164 0 obj<>endobj -165 0 obj<>endobj -166 0 obj<>endobj -167 0 obj<>endobj -168 0 obj<>endobj -169 0 obj<>endobj -170 0 obj<>endobj -171 0 obj<>endobj -172 0 obj<>endobj -173 0 obj<>endobj -174 0 obj<>endobj -175 0 obj<>endobj -176 0 obj<>endobj -177 0 obj<>endobj -178 0 obj<>endobj -179 0 obj<>endobj -180 0 obj<>endobj -181 0 obj<>endobj -182 0 obj<>endobj -183 0 obj<>endobj -184 0 obj<>endobj -185 0 obj<>endobj -186 0 obj<>endobj -187 0 obj<>endobj -188 0 obj<>endobj -189 0 obj[145 0 R +141 0 R]endobj +143 0 obj<>endobj +144 0 obj<>endobj +145 0 obj<>endobj +146 0 obj<>endobj +147 0 obj<>endobj +148 0 obj<>endobj +149 0 obj<>endobj +150 0 obj<>endobj +151 0 obj<>endobj +152 0 obj<>endobj +153 0 obj<>endobj +154 0 obj<>endobj +155 0 obj<>endobj +156 0 obj<>endobj +157 0 obj<>endobj +158 0 obj<>endobj +159 0 obj<>endobj +160 0 obj<>endobj +161 0 obj<>endobj +162 0 obj<>endobj +163 0 obj<>endobj +164 0 obj<>endobj +165 0 obj<>endobj +166 0 obj<>endobj +167 0 obj<>endobj +168 0 obj<>endobj +169 0 obj<>endobj +170 0 obj<>endobj +171 0 obj<>endobj +172 0 obj<>endobj +173 0 obj<>endobj +174 0 obj<>endobj +175 0 obj<>endobj +176 0 obj<>endobj +177 0 obj<>endobj +178 0 obj<>endobj +179 0 obj<>endobj +180 0 obj<>endobj +181 0 obj<>endobj +182 0 obj<>endobj +183 0 obj<>endobj +184 0 obj<>endobj +185 0 obj<>endobj +186 0 obj<>endobj +187 0 obj[143 0 R +144 0 R +145 0 R 146 0 R 147 0 R 148 0 R @@ -355,54 +353,54 @@ endobj 183 0 R 184 0 R 185 0 R -186 0 R -187 0 R -188 0 R]endobj -190 0 obj<>endobj -191 0 obj<>endobj -192 0 obj<>endobj -193 0 obj<>endobj -194 0 obj<>endobj -195 0 obj<>endobj -196 0 obj<>endobj -197 0 obj<>endobj -198 0 obj<>endobj -199 0 obj<>endobj -200 0 obj<>endobj -201 0 obj<>endobj -202 0 obj<>endobj -203 0 obj<>endobj -204 0 obj<>endobj -205 0 obj<>endobj -206 0 obj<>endobj -207 0 obj<>endobj -208 0 obj<>endobj -209 0 obj<>endobj -210 0 obj<>endobj -211 0 obj<>endobj -212 0 obj<>endobj -213 0 obj<>endobj -214 0 obj<>endobj -215 0 obj<>endobj -216 0 obj<>endobj -217 0 obj<>endobj -218 0 obj<>endobj -219 0 obj<>endobj -220 0 obj<>endobj -221 0 obj<>endobj -222 0 obj<>endobj -223 0 obj<>endobj -224 0 obj<>endobj -225 0 obj<>endobj -226 0 obj<>endobj -227 0 obj<>endobj -228 0 obj<>endobj -229 0 obj<>endobj -230 0 obj<>endobj -231 0 obj<>endobj -232 0 obj<>endobj -233 0 obj<>endobj -234 0 obj[190 0 R +186 0 R]endobj +188 0 obj<>endobj +189 0 obj<>endobj +190 0 obj<>endobj +191 0 obj<>endobj +192 0 obj<>endobj +193 0 obj<>endobj +194 0 obj<>endobj +195 0 obj<>endobj +196 0 obj<>endobj +197 0 obj<>endobj +198 0 obj<>endobj +199 0 obj<>endobj +200 0 obj<>endobj +201 0 obj<>endobj +202 0 obj<>endobj +203 0 obj<>endobj +204 0 obj<>endobj +205 0 obj<>endobj +206 0 obj<>endobj +207 0 obj<>endobj +208 0 obj<>endobj +209 0 obj<>endobj +210 0 obj<>endobj +211 0 obj<>endobj +212 0 obj<>endobj +213 0 obj<>endobj +214 0 obj<>endobj +215 0 obj<>endobj +216 0 obj<>endobj +217 0 obj<>endobj +218 0 obj<>endobj +219 0 obj<>endobj +220 0 obj<>endobj +221 0 obj<>endobj +222 0 obj<>endobj +223 0 obj<>endobj +224 0 obj<>endobj +225 0 obj<>endobj +226 0 obj<>endobj +227 0 obj<>endobj +228 0 obj<>endobj +229 0 obj<>endobj +230 0 obj<>endobj +231 0 obj<>endobj +232 0 obj[188 0 R +189 0 R +190 0 R 191 0 R 192 0 R 193 0 R @@ -443,52 +441,52 @@ endobj 228 0 R 229 0 R 230 0 R -231 0 R -232 0 R -233 0 R]endobj -235 0 obj<>endobj -236 0 obj<>endobj -237 0 obj<>endobj -238 0 obj<>endobj -239 0 obj<>endobj -240 0 obj<>endobj -241 0 obj<>endobj -242 0 obj<>endobj -243 0 obj<>endobj -244 0 obj<>endobj -245 0 obj<>endobj -246 0 obj<>endobj -247 0 obj<>endobj -248 0 obj<>endobj -249 0 obj<>endobj -250 0 obj<>endobj -251 0 obj<>endobj -252 0 obj<>endobj -253 0 obj<>endobj -254 0 obj<>endobj -255 0 obj<>endobj -256 0 obj<>endobj -257 0 obj<>endobj -258 0 obj<>endobj -259 0 obj<>endobj -260 0 obj<>endobj -261 0 obj<>endobj -262 0 obj<>endobj -263 0 obj<>endobj -264 0 obj<>endobj -265 0 obj<>endobj -266 0 obj<>endobj -267 0 obj<>endobj -268 0 obj<>endobj -269 0 obj<>endobj -270 0 obj<>endobj -271 0 obj<>endobj -272 0 obj<>endobj -273 0 obj<>endobj -274 0 obj<>endobj -275 0 obj<>endobj -276 0 obj<>endobj -277 0 obj[235 0 R +231 0 R]endobj +233 0 obj<>endobj +234 0 obj<>endobj +235 0 obj<>endobj +236 0 obj<>endobj +237 0 obj<>endobj +238 0 obj<>endobj +239 0 obj<>endobj +240 0 obj<>endobj +241 0 obj<>endobj +242 0 obj<>endobj +243 0 obj<>endobj +244 0 obj<>endobj +245 0 obj<>endobj +246 0 obj<>endobj +247 0 obj<>endobj +248 0 obj<>endobj +249 0 obj<>endobj +250 0 obj<>endobj +251 0 obj<>endobj +252 0 obj<>endobj +253 0 obj<>endobj +254 0 obj<>endobj +255 0 obj<>endobj +256 0 obj<>endobj +257 0 obj<>endobj +258 0 obj<>endobj +259 0 obj<>endobj +260 0 obj<>endobj +261 0 obj<>endobj +262 0 obj<>endobj +263 0 obj<>endobj +264 0 obj<>endobj +265 0 obj<>endobj +266 0 obj<>endobj +267 0 obj<>endobj +268 0 obj<>endobj +269 0 obj<>endobj +270 0 obj<>endobj +271 0 obj<>endobj +272 0 obj<>endobj +273 0 obj<>endobj +274 0 obj<>endobj +275 0 obj[233 0 R +234 0 R +235 0 R 236 0 R 237 0 R 238 0 R @@ -527,52 +525,55 @@ endobj 271 0 R 272 0 R 273 0 R -274 0 R -275 0 R -276 0 R]endobj -278 0 obj<>endobj -279 0 obj<>endobj -280 0 obj<>endobj -281 0 obj<>endobj -282 0 obj<>endobj -283 0 obj<>endobj -284 0 obj<>endobj -285 0 obj<>endobj -286 0 obj<>endobj -287 0 obj<>endobj -288 0 obj<>endobj -289 0 obj<>endobj -290 0 obj<>endobj -291 0 obj<>endobj -292 0 obj<>endobj -293 0 obj<>endobj -294 0 obj<>endobj -295 0 obj<>endobj -296 0 obj<>endobj -297 0 obj<>endobj -298 0 obj<>endobj -299 0 obj<>endobj -300 0 obj<>endobj -301 0 obj<>endobj -302 0 obj<>endobj -303 0 obj<>endobj -304 0 obj<>endobj -305 0 obj<>endobj -306 0 obj<>endobj -307 0 obj<>endobj -308 0 obj<>endobj -309 0 obj<>endobj -310 0 obj<>endobj -311 0 obj<>endobj -312 0 obj<>endobj -313 0 obj<>endobj -314 0 obj<>endobj -315 0 obj<>endobj -316 0 obj<>endobj -317 0 obj<>endobj -318 0 obj<>endobj -319 0 obj<>endobj -320 0 obj[278 0 R +274 0 R]endobj +276 0 obj<>endobj +277 0 obj<>endobj +278 0 obj<>endobj +279 0 obj<>endobj +280 0 obj<>endobj +281 0 obj<>endobj +282 0 obj<>endobj +283 0 obj<>endobj +284 0 obj<>endobj +285 0 obj<>endobj +286 0 obj<>endobj +287 0 obj<>endobj +288 0 obj<>endobj +289 0 obj<>endobj +290 0 obj<>endobj +291 0 obj<>endobj +292 0 obj<>endobj +293 0 obj<>endobj +294 0 obj<>endobj +295 0 obj<>endobj +296 0 obj<>endobj +297 0 obj<>endobj +298 0 obj<>endobj +299 0 obj<>endobj +300 0 obj<>endobj +301 0 obj<>endobj +302 0 obj<>endobj +303 0 obj<>endobj +304 0 obj<>endobj +305 0 obj<>endobj +306 0 obj<>endobj +307 0 obj<>endobj +308 0 obj<>endobj +309 0 obj<>endobj +310 0 obj<>endobj +311 0 obj<>endobj +312 0 obj<>endobj +313 0 obj<>endobj +314 0 obj<>endobj +315 0 obj<>endobj +316 0 obj<>endobj +317 0 obj<>endobj +318 0 obj<>endobj +319 0 obj<>endobj +320 0 obj<>endobj +321 0 obj[276 0 R +277 0 R +278 0 R 279 0 R 280 0 R 281 0 R @@ -613,53 +614,53 @@ endobj 316 0 R 317 0 R 318 0 R -319 0 R]endobj -321 0 obj<>endobj -322 0 obj<>endobj -323 0 obj<>endobj -324 0 obj<>endobj -325 0 obj<>endobj -326 0 obj<>endobj -327 0 obj<>endobj -328 0 obj<>endobj -329 0 obj<>endobj -330 0 obj<>endobj -331 0 obj<>endobj -332 0 obj<>endobj -333 0 obj<>endobj -334 0 obj<>endobj -335 0 obj<>endobj -336 0 obj<>endobj -337 0 obj<>endobj -338 0 obj<>endobj -339 0 obj<>endobj -340 0 obj<>endobj -341 0 obj<>endobj -342 0 obj<>endobj -343 0 obj<>endobj -344 0 obj<>endobj -345 0 obj<>endobj -346 0 obj<>endobj -347 0 obj<>endobj -348 0 obj<>endobj -349 0 obj<>endobj -350 0 obj<>endobj -351 0 obj<>endobj -352 0 obj<>endobj -353 0 obj<>endobj -354 0 obj<>endobj -355 0 obj<>endobj -356 0 obj<>endobj -357 0 obj<>endobj -358 0 obj<>endobj -359 0 obj<>endobj -360 0 obj<>endobj -361 0 obj<>endobj -362 0 obj<>endobj -363 0 obj[322 0 R -324 0 R -326 0 R -328 0 R +319 0 R +320 0 R]endobj +322 0 obj<>endobj +323 0 obj<>endobj +324 0 obj<>endobj +325 0 obj<>endobj +326 0 obj<>endobj +327 0 obj<>endobj +328 0 obj<>endobj +329 0 obj<>endobj +330 0 obj<>endobj +331 0 obj<>endobj +332 0 obj<>endobj +333 0 obj<>endobj +334 0 obj<>endobj +335 0 obj<>endobj +336 0 obj<>endobj +337 0 obj<>endobj +338 0 obj<>endobj +339 0 obj<>endobj +340 0 obj<>endobj +341 0 obj<>endobj +342 0 obj<>endobj +343 0 obj<>endobj +344 0 obj<>endobj +345 0 obj<>endobj +346 0 obj<>endobj +347 0 obj<>endobj +348 0 obj<>endobj +349 0 obj<>endobj +350 0 obj<>endobj +351 0 obj<>endobj +352 0 obj<>endobj +353 0 obj<>endobj +354 0 obj<>endobj +355 0 obj<>endobj +356 0 obj<>endobj +357 0 obj<>endobj +358 0 obj<>endobj +359 0 obj<>endobj +360 0 obj<>endobj +361 0 obj<>endobj +362 0 obj<>endobj +363 0 obj<>endobj +364 0 obj[323 0 R +325 0 R +327 0 R 329 0 R 330 0 R 331 0 R @@ -693,62 +694,62 @@ endobj 359 0 R 360 0 R 361 0 R -362 0 R]endobj -364 0 obj<>endobj -365 0 obj<>endobj -366 0 obj<>endobj -367 0 obj<>endobj -368 0 obj<>endobj -369 0 obj<>endobj -370 0 obj<>endobj -371 0 obj<>endobj -372 0 obj<>endobj -373 0 obj<>endobj -374 0 obj<>endobj -375 0 obj<>endobj -376 0 obj<>endobj -377 0 obj<>endobj -378 0 obj<>endobj -379 0 obj<>endobj -380 0 obj<>endobj -381 0 obj<>endobj -382 0 obj<>endobj -383 0 obj<>endobj -384 0 obj<>endobj -385 0 obj<>endobj -386 0 obj<>endobj -387 0 obj<>endobj -388 0 obj<>endobj -389 0 obj<>endobj -390 0 obj<>endobj -391 0 obj<>endobj -392 0 obj<>endobj -393 0 obj<>endobj -394 0 obj<>endobj -395 0 obj<>endobj -396 0 obj<>endobj -397 0 obj<>endobj -398 0 obj<>endobj -399 0 obj<>endobj -400 0 obj<>endobj -401 0 obj<>endobj -402 0 obj<>endobj -403 0 obj<>endobj -404 0 obj<>endobj -405 0 obj<>endobj -406 0 obj<>endobj -407 0 obj<>endobj -408 0 obj<>endobj -409 0 obj<>endobj -410 0 obj<>endobj -411 0 obj<>endobj -412 0 obj<>endobj -413 0 obj<>endobj -414 0 obj<>endobj -415 0 obj<>endobj -416 0 obj<>endobj -417 0 obj[364 0 R -365 0 R +362 0 R +363 0 R]endobj +365 0 obj<>endobj +366 0 obj<>endobj +367 0 obj<>endobj +368 0 obj<>endobj +369 0 obj<>endobj +370 0 obj<>endobj +371 0 obj<>endobj +372 0 obj<>endobj +373 0 obj<>endobj +374 0 obj<>endobj +375 0 obj<>endobj +376 0 obj<>endobj +377 0 obj<>endobj +378 0 obj<>endobj +379 0 obj<>endobj +380 0 obj<>endobj +381 0 obj<>endobj +382 0 obj<>endobj +383 0 obj<>endobj +384 0 obj<>endobj +385 0 obj<>endobj +386 0 obj<>endobj +387 0 obj<>endobj +388 0 obj<>endobj +389 0 obj<>endobj +390 0 obj<>endobj +391 0 obj<>endobj +392 0 obj<>endobj +393 0 obj<>endobj +394 0 obj<>endobj +395 0 obj<>endobj +396 0 obj<>endobj +397 0 obj<>endobj +398 0 obj<>endobj +399 0 obj<>endobj +400 0 obj<>endobj +401 0 obj<>endobj +402 0 obj<>endobj +403 0 obj<>endobj +404 0 obj<>endobj +405 0 obj<>endobj +406 0 obj<>endobj +407 0 obj<>endobj +408 0 obj<>endobj +409 0 obj<>endobj +410 0 obj<>endobj +411 0 obj<>endobj +412 0 obj<>endobj +413 0 obj<>endobj +414 0 obj<>endobj +415 0 obj<>endobj +416 0 obj<>endobj +417 0 obj<>endobj +418 0 obj[365 0 R 366 0 R 367 0 R 368 0 R @@ -799,60 +800,60 @@ endobj 413 0 R 414 0 R 415 0 R -416 0 R]endobj -418 0 obj<>endobj -419 0 obj<>endobj -420 0 obj<>endobj -421 0 obj<>endobj -422 0 obj<>endobj -423 0 obj<>endobj -424 0 obj<>endobj -425 0 obj<>endobj -426 0 obj<>endobj -427 0 obj<>endobj -428 0 obj<>endobj -429 0 obj<>endobj -430 0 obj<>endobj -431 0 obj<>endobj -432 0 obj<>endobj -433 0 obj<>endobj -434 0 obj<>endobj -435 0 obj<>endobj -436 0 obj<>endobj -437 0 obj<>endobj -438 0 obj<>endobj -439 0 obj<>endobj -440 0 obj<>endobj -441 0 obj<>endobj -442 0 obj<>endobj -443 0 obj<>endobj -444 0 obj<>endobj -445 0 obj<>endobj -446 0 obj<>endobj -447 0 obj<>endobj -448 0 obj<>endobj -449 0 obj<>endobj -450 0 obj<>endobj -451 0 obj<>endobj -452 0 obj<>endobj -453 0 obj<>endobj -454 0 obj<>endobj -455 0 obj<>endobj -456 0 obj<>endobj -457 0 obj<>endobj -458 0 obj<>endobj -459 0 obj<>endobj -460 0 obj<>endobj -461 0 obj<>endobj -462 0 obj<>endobj -463 0 obj<>endobj -464 0 obj<>endobj -465 0 obj<>endobj -466 0 obj<>endobj -467 0 obj<>endobj -468 0 obj<>endobj -469 0 obj[418 0 R -419 0 R +416 0 R +417 0 R]endobj +419 0 obj<>endobj +420 0 obj<>endobj +421 0 obj<>endobj +422 0 obj<>endobj +423 0 obj<>endobj +424 0 obj<>endobj +425 0 obj<>endobj +426 0 obj<>endobj +427 0 obj<>endobj +428 0 obj<>endobj +429 0 obj<>endobj +430 0 obj<>endobj +431 0 obj<>endobj +432 0 obj<>endobj +433 0 obj<>endobj +434 0 obj<>endobj +435 0 obj<>endobj +436 0 obj<>endobj +437 0 obj<>endobj +438 0 obj<>endobj +439 0 obj<>endobj +440 0 obj<>endobj +441 0 obj<>endobj +442 0 obj<>endobj +443 0 obj<>endobj +444 0 obj<>endobj +445 0 obj<>endobj +446 0 obj<>endobj +447 0 obj<>endobj +448 0 obj<>endobj +449 0 obj<>endobj +450 0 obj<>endobj +451 0 obj<>endobj +452 0 obj<>endobj +453 0 obj<>endobj +454 0 obj<>endobj +455 0 obj<>endobj +456 0 obj<>endobj +457 0 obj<>endobj +458 0 obj<>endobj +459 0 obj<>endobj +460 0 obj<>endobj +461 0 obj<>endobj +462 0 obj<>endobj +463 0 obj<>endobj +464 0 obj<>endobj +465 0 obj<>endobj +466 0 obj<>endobj +467 0 obj<>endobj +468 0 obj<>endobj +469 0 obj<>endobj +470 0 obj[419 0 R 420 0 R 421 0 R 422 0 R @@ -901,40 +902,43 @@ endobj 465 0 R 466 0 R 467 0 R -468 0 R]endobj -470 0 obj<>endobj -471 0 obj<>endobj -472 0 obj<>endobj -473 0 obj<>endobj -474 0 obj<>endobj -475 0 obj<>endobj -476 0 obj<>endobj -477 0 obj<>endobj -478 0 obj<>endobj -479 0 obj<>endobj -480 0 obj<>endobj -481 0 obj<>endobj -482 0 obj<>endobj -483 0 obj<>endobj -484 0 obj<>endobj -485 0 obj<>endobj -486 0 obj<>endobj -487 0 obj<>endobj -488 0 obj<>endobj -489 0 obj<>endobj -490 0 obj<>endobj -491 0 obj<>endobj -492 0 obj<>endobj -493 0 obj<>endobj -494 0 obj<>endobj -495 0 obj<>endobj -496 0 obj<>endobj -497 0 obj<>endobj -498 0 obj<>endobj -499 0 obj<>endobj -500 0 obj<>endobj -501 0 obj[470 0 R -471 0 R +468 0 R +469 0 R]endobj +471 0 obj<>endobj +472 0 obj<>endobj +473 0 obj<>endobj +474 0 obj<>endobj +475 0 obj<>endobj +476 0 obj<>endobj +477 0 obj<>endobj +478 0 obj<>endobj +479 0 obj<>endobj +480 0 obj<>endobj +481 0 obj<>endobj +482 0 obj<>endobj +483 0 obj<>endobj +484 0 obj<>endobj +485 0 obj<>endobj +486 0 obj<>endobj +487 0 obj<>endobj +488 0 obj<>endobj +489 0 obj<>endobj +490 0 obj<>endobj +491 0 obj<>endobj +492 0 obj<>endobj +493 0 obj<>endobj +494 0 obj<>endobj +495 0 obj<>endobj +496 0 obj<>endobj +497 0 obj<>endobj +498 0 obj<>endobj +499 0 obj<>endobj +500 0 obj<>endobj +501 0 obj<>endobj +502 0 obj<>endobj +503 0 obj<>endobj +504 0 obj<>endobj +505 0 obj[471 0 R 472 0 R 473 0 R 474 0 R @@ -963,56 +967,55 @@ endobj 497 0 R 498 0 R 499 0 R -500 0 R]endobj -502 0 obj<>endobj -503 0 obj<>endobj -504 0 obj<>endobj -505 0 obj<>endobj -506 0 obj<>endobj -507 0 obj<>endobj -508 0 obj<>endobj -509 0 obj<>endobj -510 0 obj<>endobj -511 0 obj<>endobj -512 0 obj<>endobj -513 0 obj<>endobj -514 0 obj<>endobj -515 0 obj<>endobj -516 0 obj<>endobj -517 0 obj<>endobj -518 0 obj<>endobj -519 0 obj<>endobj -520 0 obj<>endobj -521 0 obj<>endobj -522 0 obj<>endobj -523 0 obj<>endobj -524 0 obj<>endobj -525 0 obj<>endobj -526 0 obj<>endobj -527 0 obj<>endobj -528 0 obj<>endobj -529 0 obj<>endobj -530 0 obj<>endobj -531 0 obj<>endobj -532 0 obj<>endobj -533 0 obj<>endobj -534 0 obj<>endobj -535 0 obj<>endobj -536 0 obj<>endobj -537 0 obj<>endobj -538 0 obj<>endobj -539 0 obj<>endobj -540 0 obj<>endobj -541 0 obj<>endobj -542 0 obj<>endobj -543 0 obj<>endobj -544 0 obj<>endobj -545 0 obj<>endobj -546 0 obj[502 0 R +500 0 R +501 0 R +502 0 R 503 0 R -504 0 R -505 0 R -506 0 R +504 0 R]endobj +506 0 obj<>endobj +507 0 obj<>endobj +508 0 obj<>endobj +509 0 obj<>endobj +510 0 obj<>endobj +511 0 obj<>endobj +512 0 obj<>endobj +513 0 obj<>endobj +514 0 obj<>endobj +515 0 obj<>endobj +516 0 obj<>endobj +517 0 obj<>endobj +518 0 obj<>endobj +519 0 obj<>endobj +520 0 obj<>endobj +521 0 obj<>endobj +522 0 obj<>endobj +523 0 obj<>endobj +524 0 obj<>endobj +525 0 obj<>endobj +526 0 obj<>endobj +527 0 obj<>endobj +528 0 obj<>endobj +529 0 obj<>endobj +530 0 obj<>endobj +531 0 obj<>endobj +532 0 obj<>endobj +533 0 obj<>endobj +534 0 obj<>endobj +535 0 obj<>endobj +536 0 obj<>endobj +537 0 obj<>endobj +538 0 obj<>endobj +539 0 obj<>endobj +540 0 obj<>endobj +541 0 obj<>endobj +542 0 obj<>endobj +543 0 obj<>endobj +544 0 obj<>endobj +545 0 obj<>endobj +546 0 obj<>endobj +547 0 obj<>endobj +548 0 obj<>endobj +549 0 obj[506 0 R 507 0 R 508 0 R 509 0 R @@ -1051,10 +1054,9 @@ endobj 542 0 R 543 0 R 544 0 R -545 0 R]endobj -547 0 obj<>endobj -548 0 obj<>endobj -549 0 obj[547 0 R +545 0 R +546 0 R +547 0 R 548 0 R]endobj 550 0 obj<>endobj 551 0 obj<>endobj @@ -1116,52 +1118,52 @@ endobj 593 0 obj<>endobj 594 0 obj<>endobj 595 0 obj[594 0 R]endobj -596 0 obj<>endobj -597 0 obj<>endobj -598 0 obj<>endobj -599 0 obj<>endobj -600 0 obj<>endobj -601 0 obj<>endobj -602 0 obj<>endobj -603 0 obj<>endobj -604 0 obj<>endobj -605 0 obj<>endobj -606 0 obj<>endobj -607 0 obj<>endobj -608 0 obj<>endobj -609 0 obj<>endobj -610 0 obj<>endobj -611 0 obj<>endobj -612 0 obj<>endobj -613 0 obj<>endobj -614 0 obj<>endobj -615 0 obj<>endobj -616 0 obj<>endobj -617 0 obj<>endobj -618 0 obj<>endobj -619 0 obj<>endobj -620 0 obj<>endobj -621 0 obj<>endobj -622 0 obj<>endobj -623 0 obj<>endobj -624 0 obj<>endobj -625 0 obj<>endobj -626 0 obj<>endobj -627 0 obj<>endobj -628 0 obj<>endobj -629 0 obj<>endobj -630 0 obj<>endobj -631 0 obj<>endobj -632 0 obj<>endobj -633 0 obj<>endobj -634 0 obj<>endobj -635 0 obj<>endobj -636 0 obj<>endobj -637 0 obj<>endobj -638 0 obj<>endobj -639 0 obj<>endobj -640 0 obj<>endobj -641 0 obj<>endobj +596 0 obj<>endobj +597 0 obj<>endobj +598 0 obj<>endobj +599 0 obj<>endobj +600 0 obj<>endobj +601 0 obj<>endobj +602 0 obj<>endobj +603 0 obj<>endobj +604 0 obj<>endobj +605 0 obj<>endobj +606 0 obj<>endobj +607 0 obj<>endobj +608 0 obj<>endobj +609 0 obj<>endobj +610 0 obj<>endobj +611 0 obj<>endobj +612 0 obj<>endobj +613 0 obj<>endobj +614 0 obj<>endobj +615 0 obj<>endobj +616 0 obj<>endobj +617 0 obj<>endobj +618 0 obj<>endobj +619 0 obj<>endobj +620 0 obj<>endobj +621 0 obj<>endobj +622 0 obj<>endobj +623 0 obj<>endobj +624 0 obj<>endobj +625 0 obj<>endobj +626 0 obj<>endobj +627 0 obj<>endobj +628 0 obj<>endobj +629 0 obj<>endobj +630 0 obj<>endobj +631 0 obj<>endobj +632 0 obj<>endobj +633 0 obj<>endobj +634 0 obj<>endobj +635 0 obj<>endobj +636 0 obj<>endobj +637 0 obj<>endobj +638 0 obj<>endobj +639 0 obj<>endobj +640 0 obj<>endobj +641 0 obj<>endobj 642 0 obj[596 0 R 597 0 R 598 0 R @@ -1208,7 +1210,7 @@ endobj 639 0 R 640 0 R 641 0 R]endobj -643 0 obj<>endobj +643 0 obj<>endobj 644 0 obj[643 0 R]endobj 645 0 obj<>endobj 646 0 obj<>endobj @@ -1366,50 +1368,50 @@ endobj 755 0 R 757 0 R 759 0 R]endobj -761 0 obj<>endobj -762 0 obj<>endobj -763 0 obj<>endobj -764 0 obj<>endobj -765 0 obj<>endobj -766 0 obj<>endobj -767 0 obj<>endobj -768 0 obj<>endobj -769 0 obj<>endobj -770 0 obj<>endobj -771 0 obj<>endobj -772 0 obj<>endobj -773 0 obj<>endobj -774 0 obj<>endobj -775 0 obj<>endobj -776 0 obj<>endobj -777 0 obj<>endobj -778 0 obj<>endobj -779 0 obj<>endobj -780 0 obj<>endobj -781 0 obj<>endobj -782 0 obj<>endobj -783 0 obj<>endobj -784 0 obj<>endobj -785 0 obj<>endobj -786 0 obj<>endobj -787 0 obj<>endobj -788 0 obj<>endobj -789 0 obj<>endobj -790 0 obj<>endobj -791 0 obj<>endobj -792 0 obj<>endobj -793 0 obj<>endobj -794 0 obj<>endobj -795 0 obj<>endobj -796 0 obj<>endobj -797 0 obj<>endobj -798 0 obj<>endobj -799 0 obj<>endobj -800 0 obj<>endobj -801 0 obj<>endobj -802 0 obj<>endobj -803 0 obj<>endobj -804 0 obj<>endobj +761 0 obj<>endobj +762 0 obj<>endobj +763 0 obj<>endobj +764 0 obj<>endobj +765 0 obj<>endobj +766 0 obj<>endobj +767 0 obj<>endobj +768 0 obj<>endobj +769 0 obj<>endobj +770 0 obj<>endobj +771 0 obj<>endobj +772 0 obj<>endobj +773 0 obj<>endobj +774 0 obj<>endobj +775 0 obj<>endobj +776 0 obj<>endobj +777 0 obj<>endobj +778 0 obj<>endobj +779 0 obj<>endobj +780 0 obj<>endobj +781 0 obj<>endobj +782 0 obj<>endobj +783 0 obj<>endobj +784 0 obj<>endobj +785 0 obj<>endobj +786 0 obj<>endobj +787 0 obj<>endobj +788 0 obj<>endobj +789 0 obj<>endobj +790 0 obj<>endobj +791 0 obj<>endobj +792 0 obj<>endobj +793 0 obj<>endobj +794 0 obj<>endobj +795 0 obj<>endobj +796 0 obj<>endobj +797 0 obj<>endobj +798 0 obj<>endobj +799 0 obj<>endobj +800 0 obj<>endobj +801 0 obj<>endobj +802 0 obj<>endobj +803 0 obj<>endobj +804 0 obj<>endobj 805 0 obj[761 0 R 762 0 R 763 0 R @@ -1454,57 +1456,57 @@ endobj 802 0 R 803 0 R 804 0 R]endobj -806 0 obj<>endobj -807 0 obj<>endobj -808 0 obj<>endobj -809 0 obj<>endobj -810 0 obj<>endobj -811 0 obj<>endobj -812 0 obj<>endobj -813 0 obj<>endobj -814 0 obj<>endobj -815 0 obj<>endobj -816 0 obj<>endobj -817 0 obj<>endobj -818 0 obj<>endobj -819 0 obj<>endobj -820 0 obj<>endobj -821 0 obj<>endobj -822 0 obj<>endobj -823 0 obj<>endobj -824 0 obj<>endobj -825 0 obj<>endobj -826 0 obj<>endobj -827 0 obj<>endobj -828 0 obj<>endobj -829 0 obj<>endobj -830 0 obj<>endobj -831 0 obj<>endobj -832 0 obj<>endobj -833 0 obj<>endobj -834 0 obj<>endobj -835 0 obj<>endobj -836 0 obj<>endobj -837 0 obj<>endobj -838 0 obj<>endobj -839 0 obj<>endobj -840 0 obj<>endobj -841 0 obj<>endobj -842 0 obj<>endobj -843 0 obj<>endobj -844 0 obj<>endobj -845 0 obj<>endobj -846 0 obj<>endobj -847 0 obj<>endobj -848 0 obj<>endobj -849 0 obj<>endobj -850 0 obj<>endobj -851 0 obj<>endobj -852 0 obj<>endobj -853 0 obj<>endobj -854 0 obj<>endobj -855 0 obj<>endobj -856 0 obj<>endobj +806 0 obj<>endobj +807 0 obj<>endobj +808 0 obj<>endobj +809 0 obj<>endobj +810 0 obj<>endobj +811 0 obj<>endobj +812 0 obj<>endobj +813 0 obj<>endobj +814 0 obj<>endobj +815 0 obj<>endobj +816 0 obj<>endobj +817 0 obj<>endobj +818 0 obj<>endobj +819 0 obj<>endobj +820 0 obj<>endobj +821 0 obj<>endobj +822 0 obj<>endobj +823 0 obj<>endobj +824 0 obj<>endobj +825 0 obj<>endobj +826 0 obj<>endobj +827 0 obj<>endobj +828 0 obj<>endobj +829 0 obj<>endobj +830 0 obj<>endobj +831 0 obj<>endobj +832 0 obj<>endobj +833 0 obj<>endobj +834 0 obj<>endobj +835 0 obj<>endobj +836 0 obj<>endobj +837 0 obj<>endobj +838 0 obj<>endobj +839 0 obj<>endobj +840 0 obj<>endobj +841 0 obj<>endobj +842 0 obj<>endobj +843 0 obj<>endobj +844 0 obj<>endobj +845 0 obj<>endobj +846 0 obj<>endobj +847 0 obj<>endobj +848 0 obj<>endobj +849 0 obj<>endobj +850 0 obj<>endobj +851 0 obj<>endobj +852 0 obj<>endobj +853 0 obj<>endobj +854 0 obj<>endobj +855 0 obj<>endobj +856 0 obj<>endobj 857 0 obj[806 0 R 807 0 R 808 0 R @@ -1556,37 +1558,42 @@ endobj 854 0 R 855 0 R 856 0 R]endobj -858 0 obj<>endobj -859 0 obj<>endobj -860 0 obj<>endobj -861 0 obj<>endobj -862 0 obj<>endobj -863 0 obj<>endobj -864 0 obj<>endobj -865 0 obj<>endobj -866 0 obj<>endobj -867 0 obj<>endobj -868 0 obj<>endobj -869 0 obj<>endobj -870 0 obj<>endobj -871 0 obj<>endobj -872 0 obj<>endobj -873 0 obj<>endobj -874 0 obj<>endobj -875 0 obj<>endobj -876 0 obj<>endobj -877 0 obj<>endobj -878 0 obj<>endobj -879 0 obj<>endobj -880 0 obj<>endobj -881 0 obj<>endobj -882 0 obj<>endobj -883 0 obj<>endobj -884 0 obj<>endobj -885 0 obj<>endobj -886 0 obj<>endobj -887 0 obj<>endobj -888 0 obj[858 0 R +858 0 obj<>endobj +859 0 obj<>endobj +860 0 obj<>endobj +861 0 obj<>endobj +862 0 obj<>endobj +863 0 obj<>endobj +864 0 obj<>endobj +865 0 obj<>endobj +866 0 obj<>endobj +867 0 obj<>endobj +868 0 obj<>endobj +869 0 obj<>endobj +870 0 obj<>endobj +871 0 obj<>endobj +872 0 obj<>endobj +873 0 obj<>endobj +874 0 obj<>endobj +875 0 obj<>endobj +876 0 obj<>endobj +877 0 obj<>endobj +878 0 obj<>endobj +879 0 obj<>endobj +880 0 obj<>endobj +881 0 obj<>endobj +882 0 obj<>endobj +883 0 obj<>endobj +884 0 obj<>endobj +885 0 obj<>endobj +886 0 obj<>endobj +887 0 obj<>endobj +888 0 obj<>endobj +889 0 obj<>endobj +890 0 obj<>endobj +891 0 obj<>endobj +892 0 obj<>endobj +893 0 obj[858 0 R 859 0 R 860 0 R 861 0 R @@ -1615,221 +1622,222 @@ endobj 884 0 R 885 0 R 886 0 R -887 0 R]endobj -889 0 obj<>endobj -890 0 obj<>endobj -891 0 obj<>endobj -892 0 obj<>endobj -893 0 obj[890 0 R +887 0 R +888 0 R +889 0 R +890 0 R +891 0 R 892 0 R]endobj -894 0 obj<>endobj -895 0 obj<>endobj -896 0 obj[895 0 R]endobj -897 0 obj<>endobj -898 0 obj<>endobj +894 0 obj<>endobj +895 0 obj<>endobj +896 0 obj<>endobj +897 0 obj<>endobj +898 0 obj[895 0 R +897 0 R]endobj 899 0 obj<>endobj -900 0 obj<>endobj -901 0 obj[898 0 R -900 0 R]endobj -902 0 obj<>endobj -903 0 obj<>endobj -904 0 obj<>endobj -905 0 obj<>endobj -906 0 obj<>endobj -907 0 obj<>endobj -908 0 obj<>endobj -909 0 obj<>endobj -910 0 obj[903 0 R -905 0 R +900 0 obj<>endobj +901 0 obj<>endobj +902 0 obj<>endobj +903 0 obj[900 0 R +902 0 R]endobj +904 0 obj<>endobj +905 0 obj<>endobj +906 0 obj<>endobj +907 0 obj<>endobj +908 0 obj<>endobj +909 0 obj<>endobj +910 0 obj<>endobj +911 0 obj<>endobj +912 0 obj[905 0 R 907 0 R -909 0 R]endobj -911 0 obj<>endobj -912 0 obj<>endobj -913 0 obj<>endobj -914 0 obj<>endobj -915 0 obj[912 0 R -914 0 R]endobj -916 0 obj<>endobj -917 0 obj<>endobj -918 0 obj<>endobj -919 0 obj<>endobj -920 0 obj<>endobj -921 0 obj<>endobj -922 0 obj[917 0 R -919 0 R -921 0 R]endobj -923 0 obj<>endobj -924 0 obj<>endobj -925 0 obj<>endobj -926 0 obj<>endobj -927 0 obj<>endobj -928 0 obj<>endobj -929 0 obj<>endobj -930 0 obj<>endobj +909 0 R +911 0 R]endobj +913 0 obj<>endobj +914 0 obj<>endobj +915 0 obj<>endobj +916 0 obj<>endobj +917 0 obj[914 0 R +916 0 R]endobj +918 0 obj<>endobj +919 0 obj<>endobj +920 0 obj<>endobj +921 0 obj<>endobj +922 0 obj<>endobj +923 0 obj<>endobj +924 0 obj[919 0 R +921 0 R +923 0 R]endobj +925 0 obj<>endobj +926 0 obj<>endobj +927 0 obj<>endobj +928 0 obj<>endobj +929 0 obj<>endobj +930 0 obj<>endobj 931 0 obj<>endobj -932 0 obj<>endobj -933 0 obj[924 0 R -926 0 R +932 0 obj<>endobj +933 0 obj<>endobj +934 0 obj<>endobj +935 0 obj[926 0 R 928 0 R 930 0 R -932 0 R]endobj -934 0 obj<>endobj -935 0 obj<>endobj -936 0 obj[935 0 R]endobj -937 0 obj<>endobj -938 0 obj<>endobj -939 0 obj<>endobj -940 0 obj<>endobj -941 0 obj<>endobj -942 0 obj<>endobj -943 0 obj<>endobj -944 0 obj<>endobj -945 0 obj<>endobj -946 0 obj<>endobj -947 0 obj[938 0 R -940 0 R +932 0 R +934 0 R]endobj +936 0 obj<>endobj +937 0 obj<>endobj +938 0 obj[937 0 R]endobj +939 0 obj<>endobj +940 0 obj<>endobj +941 0 obj<>endobj +942 0 obj<>endobj +943 0 obj<>endobj +944 0 obj<>endobj +945 0 obj<>endobj +946 0 obj<>endobj +947 0 obj<>endobj +948 0 obj<>endobj +949 0 obj[940 0 R 942 0 R 944 0 R -946 0 R]endobj -948 0 obj<>endobj -949 0 obj<>endobj -950 0 obj<>endobj -951 0 obj<>endobj -952 0 obj[949 0 R -951 0 R]endobj -953 0 obj<>endobj -954 0 obj<>endobj -955 0 obj<>endobj -956 0 obj<>endobj -957 0 obj<>endobj -958 0 obj<>endobj -959 0 obj[954 0 R -956 0 R -958 0 R]endobj -960 0 obj<>endobj -961 0 obj<>endobj -962 0 obj<>endobj -963 0 obj<>endobj -964 0 obj<>endobj -965 0 obj<>endobj -966 0 obj<>endobj -967 0 obj<>endobj -968 0 obj[961 0 R -963 0 R +946 0 R +948 0 R]endobj +950 0 obj<>endobj +951 0 obj<>endobj +952 0 obj<>endobj +953 0 obj<>endobj +954 0 obj[951 0 R +953 0 R]endobj +955 0 obj<>endobj +956 0 obj<>endobj +957 0 obj<>endobj +958 0 obj<>endobj +959 0 obj<>endobj +960 0 obj<>endobj +961 0 obj[956 0 R +958 0 R +960 0 R]endobj +962 0 obj<>endobj +963 0 obj<>endobj +964 0 obj<>endobj +965 0 obj<>endobj +966 0 obj<>endobj +967 0 obj<>endobj +968 0 obj<>endobj +969 0 obj<>endobj +970 0 obj[963 0 R 965 0 R -967 0 R]endobj -969 0 obj<>endobj -970 0 obj<>endobj -971 0 obj[970 0 R]endobj -972 0 obj<>endobj -973 0 obj<>endobj -974 0 obj[973 0 R]endobj -975 0 obj<>endobj -976 0 obj<>endobj -977 0 obj[976 0 R]endobj -978 0 obj<>endobj -979 0 obj<>endobj -980 0 obj[979 0 R]endobj -981 0 obj<>endobj -982 0 obj<>endobj -983 0 obj<>endobj -984 0 obj<>endobj -985 0 obj<>endobj -986 0 obj<>endobj -987 0 obj[982 0 R -984 0 R -986 0 R]endobj -988 0 obj<>endobj -989 0 obj<>endobj -990 0 obj<>endobj -991 0 obj<>endobj -992 0 obj<>endobj -993 0 obj<>endobj -994 0 obj<>endobj -995 0 obj<>endobj -996 0 obj<>endobj -997 0 obj<>endobj -998 0 obj[989 0 R -991 0 R +967 0 R +969 0 R]endobj +971 0 obj<>endobj +972 0 obj<>endobj +973 0 obj[972 0 R]endobj +974 0 obj<>endobj +975 0 obj<>endobj +976 0 obj[975 0 R]endobj +977 0 obj<>endobj +978 0 obj<>endobj +979 0 obj[978 0 R]endobj +980 0 obj<>endobj +981 0 obj<>endobj +982 0 obj[981 0 R]endobj +983 0 obj<>endobj +984 0 obj<>endobj +985 0 obj<>endobj +986 0 obj<>endobj +987 0 obj<>endobj +988 0 obj<>endobj +989 0 obj[984 0 R +986 0 R +988 0 R]endobj +990 0 obj<>endobj +991 0 obj<>endobj +992 0 obj<>endobj +993 0 obj<>endobj +994 0 obj<>endobj +995 0 obj<>endobj +996 0 obj<>endobj +997 0 obj<>endobj +998 0 obj<>endobj +999 0 obj<>endobj +1000 0 obj[991 0 R 993 0 R 995 0 R -997 0 R]endobj -999 0 obj<>endobj -1000 0 obj<>endobj -1001 0 obj<>endobj -1002 0 obj<>endobj -1003 0 obj<>endobj -1004 0 obj<>endobj -1005 0 obj[1000 0 R -1002 0 R +997 0 R +999 0 R]endobj +1001 0 obj<>endobj +1002 0 obj<>endobj +1003 0 obj<>endobj +1004 0 obj<>endobj +1005 0 obj[1002 0 R 1004 0 R]endobj -1006 0 obj<>endobj -1007 0 obj<>endobj -1008 0 obj<>endobj -1009 0 obj<>endobj -1010 0 obj[1007 0 R -1009 0 R]endobj -1011 0 obj<>endobj -1012 0 obj<>endobj -1013 0 obj[1012 0 R]endobj -1014 0 obj<>endobj -1015 0 obj<>endobj -1016 0 obj[1015 0 R]endobj -1017 0 obj<>endobj -1018 0 obj<>endobj -1019 0 obj<>endobj -1020 0 obj<>endobj -1021 0 obj<>endobj -1022 0 obj<>endobj -1023 0 obj<>endobj -1024 0 obj<>endobj -1025 0 obj<>endobj -1026 0 obj<>endobj -1027 0 obj<>endobj -1028 0 obj<>endobj -1029 0 obj<>endobj -1030 0 obj<>endobj -1031 0 obj<>endobj -1032 0 obj<>endobj -1033 0 obj<>endobj -1034 0 obj<>endobj -1035 0 obj<>endobj -1036 0 obj<>endobj -1037 0 obj<>endobj -1038 0 obj<>endobj -1039 0 obj<>endobj -1040 0 obj<>endobj -1041 0 obj<>endobj -1042 0 obj<>endobj -1043 0 obj<>endobj -1044 0 obj<>endobj -1045 0 obj<>endobj -1046 0 obj<>endobj -1047 0 obj<>endobj -1048 0 obj<>endobj -1049 0 obj<>endobj -1050 0 obj<>endobj -1051 0 obj<>endobj -1052 0 obj<>endobj -1053 0 obj<>endobj -1054 0 obj<>endobj -1055 0 obj<>endobj -1056 0 obj<>endobj -1057 0 obj<>endobj -1058 0 obj<>endobj -1059 0 obj<>endobj -1060 0 obj<>endobj -1061 0 obj<>endobj -1062 0 obj<>endobj -1063 0 obj<>endobj -1064 0 obj[1017 0 R -1018 0 R -1019 0 R -1020 0 R -1021 0 R -1022 0 R -1023 0 R -1024 0 R +1006 0 obj<>endobj +1007 0 obj<>endobj +1008 0 obj<>endobj +1009 0 obj<>endobj +1010 0 obj<>endobj +1011 0 obj<>endobj +1012 0 obj[1007 0 R +1009 0 R +1011 0 R]endobj +1013 0 obj<>endobj +1014 0 obj<>endobj +1015 0 obj<>endobj +1016 0 obj<>endobj +1017 0 obj[1014 0 R +1016 0 R]endobj +1018 0 obj<>endobj +1019 0 obj<>endobj +1020 0 obj[1019 0 R]endobj +1021 0 obj<>endobj +1022 0 obj<>endobj +1023 0 obj[1022 0 R]endobj +1024 0 obj<>endobj +1025 0 obj<>endobj +1026 0 obj<>endobj +1027 0 obj<>endobj +1028 0 obj<>endobj +1029 0 obj<>endobj +1030 0 obj<>endobj +1031 0 obj<>endobj +1032 0 obj<>endobj +1033 0 obj<>endobj +1034 0 obj<>endobj +1035 0 obj<>endobj +1036 0 obj<>endobj +1037 0 obj<>endobj +1038 0 obj<>endobj +1039 0 obj<>endobj +1040 0 obj<>endobj +1041 0 obj<>endobj +1042 0 obj<>endobj +1043 0 obj<>endobj +1044 0 obj<>endobj +1045 0 obj<>endobj +1046 0 obj<>endobj +1047 0 obj<>endobj +1048 0 obj<>endobj +1049 0 obj<>endobj +1050 0 obj<>endobj +1051 0 obj<>endobj +1052 0 obj<>endobj +1053 0 obj<>endobj +1054 0 obj<>endobj +1055 0 obj<>endobj +1056 0 obj<>endobj +1057 0 obj<>endobj +1058 0 obj<>endobj +1059 0 obj<>endobj +1060 0 obj<>endobj +1061 0 obj<>endobj +1062 0 obj<>endobj +1063 0 obj<>endobj +1064 0 obj<>endobj +1065 0 obj<>endobj +1066 0 obj<>endobj +1067 0 obj<>endobj +1068 0 obj<>endobj +1069 0 obj<>endobj +1070 0 obj<>endobj +1071 0 obj[1024 0 R 1025 0 R 1026 0 R 1027 0 R @@ -1868,34 +1876,34 @@ endobj 1060 0 R 1061 0 R 1062 0 R -1063 0 R]endobj -1065 0 obj<>endobj -1066 0 obj<>endobj -1067 0 obj<>endobj -1068 0 obj<>endobj -1069 0 obj<>endobj -1070 0 obj<>endobj -1071 0 obj<>endobj -1072 0 obj<>endobj -1073 0 obj<>endobj -1074 0 obj<>endobj -1075 0 obj<>endobj -1076 0 obj<>endobj -1077 0 obj<>endobj -1078 0 obj<>endobj -1079 0 obj<>endobj -1080 0 obj<>endobj -1081 0 obj<>endobj -1082 0 obj<>endobj -1083 0 obj<>endobj -1084 0 obj[1065 0 R +1063 0 R +1064 0 R +1065 0 R 1066 0 R 1067 0 R 1068 0 R 1069 0 R -1070 0 R -1071 0 R -1072 0 R +1070 0 R]endobj +1072 0 obj<>endobj +1073 0 obj<>endobj +1074 0 obj<>endobj +1075 0 obj<>endobj +1076 0 obj<>endobj +1077 0 obj<>endobj +1078 0 obj<>endobj +1079 0 obj<>endobj +1080 0 obj<>endobj +1081 0 obj<>endobj +1082 0 obj<>endobj +1083 0 obj<>endobj +1084 0 obj<>endobj +1085 0 obj<>endobj +1086 0 obj<>endobj +1087 0 obj<>endobj +1088 0 obj<>endobj +1089 0 obj<>endobj +1090 0 obj<>endobj +1091 0 obj[1072 0 R 1073 0 R 1074 0 R 1075 0 R @@ -1906,412 +1914,417 @@ endobj 1080 0 R 1081 0 R 1082 0 R -1083 0 R]endobj -1085 0 obj<>endobj -1086 0 obj<>endobj -1087 0 obj<>endobj -1088 0 obj<>endobj -1089 0 obj<>endobj -1090 0 obj<>endobj -1091 0 obj<>endobj -1092 0 obj<>endobj -1093 0 obj<>endobj -1094 0 obj<>endobj -1095 0 obj[1086 0 R +1083 0 R +1084 0 R +1085 0 R +1086 0 R +1087 0 R 1088 0 R -1090 0 R -1092 0 R -1094 0 R]endobj -1096 0 obj<>endobj -1097 0 obj<>endobj -1098 0 obj<>endobj -1099 0 obj<>endobj -1100 0 obj<>endobj -1101 0 obj<>endobj -1102 0 obj<>endobj -1103 0 obj<>endobj -1104 0 obj[1097 0 R +1089 0 R +1090 0 R]endobj +1092 0 obj<>endobj +1093 0 obj<>endobj +1094 0 obj<>endobj +1095 0 obj<>endobj +1096 0 obj<>endobj +1097 0 obj<>endobj +1098 0 obj<>endobj +1099 0 obj<>endobj +1100 0 obj<>endobj +1101 0 obj<>endobj +1102 0 obj[1093 0 R +1095 0 R +1097 0 R 1099 0 R -1101 0 R -1103 0 R]endobj -1105 0 obj<>endobj -1106 0 obj<>endobj -1107 0 obj[1106 0 R]endobj -1108 0 obj<>endobj -1109 0 obj<>endobj -1110 0 obj[1109 0 R]endobj -1111 0 obj<>endobj -1112 0 obj<>endobj -1113 0 obj<>endobj -1114 0 obj<>endobj -1115 0 obj<>endobj -1116 0 obj<>endobj -1117 0 obj<>endobj -1118 0 obj<>endobj -1119 0 obj[1112 0 R -1114 0 R -1116 0 R -1118 0 R]endobj -1120 0 obj<>endobj -1121 0 obj<>endobj -1122 0 obj<>endobj -1123 0 obj<>endobj -1124 0 obj[1121 0 R -1123 0 R]endobj -1125 0 obj<>endobj -1126 0 obj<>endobj -1127 0 obj<>endobj -1128 0 obj<>endobj -1129 0 obj<>endobj -1130 0 obj<>endobj -1131 0 obj<>endobj -1132 0 obj<>endobj -1133 0 obj[1126 0 R -1128 0 R -1130 0 R -1132 0 R]endobj -1134 0 obj<>endobj -1135 0 obj<>endobj -1136 0 obj<>endobj -1137 0 obj<>endobj -1138 0 obj[1135 0 R -1137 0 R]endobj -1139 0 obj<>endobj -1140 0 obj<>endobj -1141 0 obj<>endobj -1142 0 obj<>endobj -1143 0 obj<>endobj -1144 0 obj<>endobj -1145 0 obj<>endobj -1146 0 obj<>endobj -1147 0 obj<>endobj -1148 0 obj<>endobj -1149 0 obj<>endobj +1101 0 R]endobj +1103 0 obj<>endobj +1104 0 obj<>endobj +1105 0 obj<>endobj +1106 0 obj<>endobj +1107 0 obj<>endobj +1108 0 obj<>endobj +1109 0 obj<>endobj +1110 0 obj<>endobj +1111 0 obj[1104 0 R +1106 0 R +1108 0 R +1110 0 R]endobj +1112 0 obj<>endobj +1113 0 obj<>endobj +1114 0 obj[1113 0 R]endobj +1115 0 obj<>endobj +1116 0 obj<>endobj +1117 0 obj[1116 0 R]endobj +1118 0 obj<>endobj +1119 0 obj<>endobj +1120 0 obj<>endobj +1121 0 obj<>endobj +1122 0 obj<>endobj +1123 0 obj<>endobj +1124 0 obj<>endobj +1125 0 obj<>endobj +1126 0 obj[1119 0 R +1121 0 R +1123 0 R +1125 0 R]endobj +1127 0 obj<>endobj +1128 0 obj<>endobj +1129 0 obj<>endobj +1130 0 obj<>endobj +1131 0 obj[1128 0 R +1130 0 R]endobj +1132 0 obj<>endobj +1133 0 obj<>endobj +1134 0 obj<>endobj +1135 0 obj<>endobj +1136 0 obj<>endobj +1137 0 obj<>endobj +1138 0 obj<>endobj +1139 0 obj<>endobj +1140 0 obj[1133 0 R +1135 0 R +1137 0 R +1139 0 R]endobj +1141 0 obj<>endobj +1142 0 obj<>endobj +1143 0 obj<>endobj +1144 0 obj<>endobj +1145 0 obj[1142 0 R +1144 0 R]endobj +1146 0 obj<>endobj +1147 0 obj<>endobj +1148 0 obj<>endobj +1149 0 obj<>endobj 1150 0 obj<>endobj -1151 0 obj<>endobj -1152 0 obj<>endobj -1153 0 obj<>endobj -1154 0 obj<>endobj -1155 0 obj<>endobj -1156 0 obj<>endobj -1157 0 obj<>endobj -1158 0 obj<>endobj -1159 0 obj<>endobj -1160 0 obj<>endobj -1161 0 obj<>endobj -1162 0 obj<>endobj -1163 0 obj<>endobj -1164 0 obj<>endobj -1165 0 obj<>endobj -1166 0 obj<>endobj -1167 0 obj<>endobj -1168 0 obj<>endobj -1169 0 obj<>endobj -1170 0 obj<>endobj -1171 0 obj<>endobj -1172 0 obj<>endobj -1173 0 obj<>endobj -1174 0 obj<>endobj -1175 0 obj<>endobj -1176 0 obj<>endobj -1177 0 obj<>endobj -1178 0 obj<>endobj -1179 0 obj<>endobj -1180 0 obj<>endobj -1181 0 obj<>endobj -1182 0 obj<>endobj -1183 0 obj<>endobj -1184 0 obj<>endobj -1185 0 obj<>endobj -1186 0 obj<>endobj -1187 0 obj<>endobj -1188 0 obj<>endobj -1189 0 obj<>endobj -1190 0 obj<>endobj -1191 0 obj<>endobj -1192 0 obj<>endobj -1193 0 obj<>endobj -1194 0 obj<>endobj -1195 0 obj<>endobj -1196 0 obj<>endobj -1197 0 obj<>endobj -1198 0 obj<>endobj -1199 0 obj<>endobj -1200 0 obj<>endobj -1201 0 obj<>endobj -1202 0 obj<>endobj -1203 0 obj<>endobj -1204 0 obj<>endobj -1205 0 obj<>endobj -1206 0 obj<>endobj -1207 0 obj<>endobj -1208 0 obj<>endobj -1209 0 obj<>endobj -1210 0 obj<>endobj -1211 0 obj<>endobj -1212 0 obj<>endobj -1213 0 obj<>endobj -1214 0 obj<>endobj -1215 0 obj<>endobj -1216 0 obj<>endobj -1217 0 obj<>endobj -1218 0 obj<>endobj -1219 0 obj<>endobj -1220 0 obj<>endobj -1221 0 obj<>endobj -1222 0 obj<>endobj -1223 0 obj<>endobj -1224 0 obj<>endobj -1225 0 obj<>endobj -1226 0 obj<>endobj -1227 0 obj<>endobj -1228 0 obj<>endobj -1229 0 obj<>endobj -1230 0 obj<>endobj -1231 0 obj<>endobj -1232 0 obj<>endobj -1233 0 obj<>endobj -1234 0 obj<>endobj -1235 0 obj<>endobj -1236 0 obj<>endobj -1237 0 obj<>endobj -1238 0 obj<>endobj -1239 0 obj<>endobj -1240 0 obj<>endobj -1241 0 obj<>endobj -1242 0 obj<>endobj -1243 0 obj<>endobj -1244 0 obj<>endobj -1245 0 obj<>endobj -1246 0 obj<>endobj -1247 0 obj<>endobj -1248 0 obj<>endobj -1249 0 obj<>endobj -1250 0 obj<>endobj -1251 0 obj<>endobj -1252 0 obj<>endobj -1253 0 obj<>endobj -1254 0 obj<>endobj -1255 0 obj<>endobj -1256 0 obj<>endobj -1257 0 obj<>endobj -1258 0 obj<>endobj -1259 0 obj<>endobj -1260 0 obj<>endobj -1261 0 obj<>endobj -1262 0 obj<>endobj -1263 0 obj<>endobj -1264 0 obj<>endobj -1265 0 obj<>endobj -1266 0 obj<>endobj -1267 0 obj<>endobj -1268 0 obj<>endobj -1269 0 obj<>endobj -1270 0 obj<>endobj -1271 0 obj<>endobj -1272 0 obj<>endobj -1273 0 obj<>endobj -1274 0 obj<>endobj -1275 0 obj<>endobj -1276 0 obj<>endobj -1277 0 obj<>endobj -1278 0 obj<>endobj -1279 0 obj<>endobj -1280 0 obj<>endobj -1281 0 obj<>endobj -1282 0 obj<>endobj -1283 0 obj<>endobj -1284 0 obj<>endobj -1285 0 obj<>endobj -1286 0 obj<>endobj -1287 0 obj<>endobj -1288 0 obj<>endobj -1289 0 obj<>endobj -1290 0 obj<>endobj -1291 0 obj<>endobj -1292 0 obj<>endobj -1293 0 obj<>endobj -1294 0 obj<>endobj -1295 0 obj<>endobj -1296 0 obj<>endobj -1297 0 obj<>endobj -1298 0 obj<>endobj -1299 0 obj<>endobj -1300 0 obj<>endobj -1301 0 obj<>endobj -1302 0 obj<>endobj -1303 0 obj<>endobj -1304 0 obj<>endobj -1305 0 obj<>endobj -1306 0 obj<>endobj -1307 0 obj<>endobj -1308 0 obj<>endobj -1309 0 obj<>endobj -1310 0 obj<>endobj -1311 0 obj<>endobj -1312 0 obj<>endobj -1313 0 obj<>endobj -1314 0 obj<>endobj -1315 0 obj<>endobj -1316 0 obj<>endobj -1317 0 obj<>endobj -1318 0 obj<>endobj -1319 0 obj<>endobj -1320 0 obj<>endobj -1321 0 obj<>endobj -1322 0 obj<>endobj -1323 0 obj<>endobj -1324 0 obj<>endobj -1325 0 obj<>endobj -1326 0 obj<>endobj -1327 0 obj<>endobj -1328 0 obj<>endobj -1329 0 obj<>endobj -1330 0 obj<>endobj -1331 0 obj<>endobj -1332 0 obj<>endobj -1333 0 obj<>endobj -1334 0 obj<>endobj -1335 0 obj<>endobj -1336 0 obj<>endobj -1337 0 obj<>endobj -1338 0 obj<>endobj -1339 0 obj<>endobj -1340 0 obj<>endobj -1341 0 obj<>endobj -1342 0 obj<>endobj -1343 0 obj<>endobj -1344 0 obj<>endobj -1345 0 obj<>endobj -1346 0 obj<>endobj -1347 0 obj<>endobj -1348 0 obj<>endobj -1349 0 obj<>endobj -1350 0 obj<>endobj -1351 0 obj<>endobj -1352 0 obj<>endobj -1353 0 obj<>endobj -1354 0 obj<>endobj -1355 0 obj<>endobj -1356 0 obj<>endobj -1357 0 obj<>endobj -1358 0 obj<>endobj -1359 0 obj<>endobj -1360 0 obj<>endobj -1361 0 obj<>endobj -1362 0 obj<>endobj -1363 0 obj<>endobj -1364 0 obj<>endobj -1365 0 obj<>endobj -1366 0 obj<>endobj -1367 0 obj<>endobj -1368 0 obj<>endobj -1369 0 obj<>endobj -1370 0 obj<>endobj -1371 0 obj<>endobj -1372 0 obj<>endobj -1373 0 obj<>endobj -1374 0 obj<>endobj -1375 0 obj<>endobj -1376 0 obj<>endobj -1377 0 obj<>endobj -1378 0 obj<>endobj -1379 0 obj<>endobj -1380 0 obj<>endobj -1381 0 obj<>endobj -1382 0 obj<>endobj -1383 0 obj<>endobj -1384 0 obj<>endobj -1385 0 obj<>endobj -1386 0 obj<>endobj -1387 0 obj<>endobj -1388 0 obj<>endobj -1389 0 obj<>endobj -1390 0 obj<>endobj -1391 0 obj<>endobj -1392 0 obj<>endobj -1393 0 obj<>endobj -1394 0 obj<>endobj -1395 0 obj<>endobj -1396 0 obj<>endobj -1397 0 obj<>endobj -1398 0 obj<>endobj -1399 0 obj<>endobj -1400 0 obj<>endobj -1401 0 obj<>endobj -1402 0 obj<>endobj -1403 0 obj<>endobj -1404 0 obj<>endobj -1405 0 obj<>endobj -1406 0 obj<>endobj -1407 0 obj<>endobj -1408 0 obj<>endobj -1409 0 obj<>endobj -1410 0 obj<>endobj -1411 0 obj<>endobj -1412 0 obj<>endobj -1413 0 obj<>endobj -1414 0 obj<>endobj -1415 0 obj<>endobj -1416 0 obj<>endobj -1417 0 obj<>endobj -1418 0 obj<>endobj -1419 0 obj<>endobj -1420 0 obj<>endobj -1421 0 obj<>endobj -1422 0 obj<>endobj -1423 0 obj<>endobj -1424 0 obj<>endobj -1425 0 obj<>endobj -1426 0 obj<>endobj -1427 0 obj<>endobj -1428 0 obj<>endobj -1429 0 obj<>endobj -1430 0 obj<>endobj -1431 0 obj<>endobj -1432 0 obj<>endobj -1433 0 obj<>endobj -1434 0 obj<>endobj -1435 0 obj<>endobj -1436 0 obj<>endobj -1437 0 obj<>endobj -1438 0 obj<>endobj -1439 0 obj<>endobj -1440 0 obj<>endobj -1441 0 obj<>endobj -1442 0 obj<>endobj -1443 0 obj<>endobj -1444 0 obj<>endobj -1445 0 obj<>endobj -1446 0 obj<>endobj -1447 0 obj<>endobj -1448 0 obj<>endobj -1449 0 obj<>endobj -1450 0 obj<>endobj -1451 0 obj<>endobj -1452 0 obj<>endobj -1453 0 obj<>endobj -1454 0 obj<>endobj -1455 0 obj<>endobj -1456 0 obj<>endobj -1457 0 obj<>endobj -1458 0 obj<>endobj -1459 0 obj<>endobj -1460 0 obj<>endobj -1461 0 obj<>endobj -1462 0 obj<>endobj -1463 0 obj<>endobj -1464 0 obj<>endobj -1465 0 obj<>endobj -1466 0 obj<>endobj -1467 0 obj<>endobj -1468 0 obj<>endobj -1469 0 obj<>endobj +1152 0 obj<>endobj +1153 0 obj<>endobj +1154 0 obj<>endobj +1155 0 obj<>endobj +1156 0 obj<>endobj +1157 0 obj<>endobj +1158 0 obj<>endobj +1159 0 obj<>endobj +1160 0 obj<>endobj +1161 0 obj<>endobj +1162 0 obj<>endobj +1163 0 obj<>endobj +1164 0 obj<>endobj +1165 0 obj<>endobj +1166 0 obj<>endobj +1167 0 obj<>endobj +1168 0 obj<>endobj +1169 0 obj<>endobj +1170 0 obj<>endobj +1171 0 obj<>endobj +1172 0 obj<>endobj +1173 0 obj<>endobj +1174 0 obj<>endobj +1175 0 obj<>endobj +1176 0 obj<>endobj +1177 0 obj<>endobj +1178 0 obj<>endobj +1179 0 obj<>endobj +1180 0 obj<>endobj +1181 0 obj<>endobj +1182 0 obj<>endobj +1183 0 obj<>endobj +1184 0 obj<>endobj +1185 0 obj<>endobj +1186 0 obj<>endobj +1187 0 obj<>endobj +1188 0 obj<>endobj +1189 0 obj<>endobj +1190 0 obj<>endobj +1191 0 obj<>endobj +1192 0 obj<>endobj +1193 0 obj<>endobj +1194 0 obj<>endobj +1195 0 obj<>endobj +1196 0 obj<>endobj +1197 0 obj<>endobj +1198 0 obj<>endobj +1199 0 obj<>endobj +1200 0 obj<>endobj +1201 0 obj<>endobj +1202 0 obj<>endobj +1203 0 obj<>endobj +1204 0 obj<>endobj +1205 0 obj<>endobj +1206 0 obj<>endobj +1207 0 obj<>endobj +1208 0 obj<>endobj +1209 0 obj<>endobj +1210 0 obj<>endobj +1211 0 obj<>endobj +1212 0 obj<>endobj +1213 0 obj<>endobj +1214 0 obj<>endobj +1215 0 obj<>endobj +1216 0 obj<>endobj +1217 0 obj<>endobj +1218 0 obj<>endobj +1219 0 obj<>endobj +1220 0 obj<>endobj +1221 0 obj<>endobj +1222 0 obj<>endobj +1223 0 obj<>endobj +1224 0 obj<>endobj +1225 0 obj<>endobj +1226 0 obj<>endobj +1227 0 obj<>endobj +1228 0 obj<>endobj +1229 0 obj<>endobj +1230 0 obj<>endobj +1231 0 obj<>endobj +1232 0 obj<>endobj +1233 0 obj<>endobj +1234 0 obj<>endobj +1235 0 obj<>endobj +1236 0 obj<>endobj +1237 0 obj<>endobj +1238 0 obj<>endobj +1239 0 obj<>endobj +1240 0 obj<>endobj +1241 0 obj<>endobj +1242 0 obj<>endobj +1243 0 obj<>endobj +1244 0 obj<>endobj +1245 0 obj<>endobj +1246 0 obj<>endobj +1247 0 obj<>endobj +1248 0 obj<>endobj +1249 0 obj<>endobj +1250 0 obj<>endobj +1251 0 obj<>endobj +1252 0 obj<>endobj +1253 0 obj<>endobj +1254 0 obj<>endobj +1255 0 obj<>endobj +1256 0 obj<>endobj +1257 0 obj<>endobj +1258 0 obj<>endobj +1259 0 obj<>endobj +1260 0 obj<>endobj +1261 0 obj<>endobj +1262 0 obj<>endobj +1263 0 obj<>endobj +1264 0 obj<>endobj +1265 0 obj<>endobj +1266 0 obj<>endobj +1267 0 obj<>endobj +1268 0 obj<>endobj +1269 0 obj<>endobj +1270 0 obj<>endobj +1271 0 obj<>endobj +1272 0 obj<>endobj +1273 0 obj<>endobj +1274 0 obj<>endobj +1275 0 obj<>endobj +1276 0 obj<>endobj +1277 0 obj<>endobj +1278 0 obj<>endobj +1279 0 obj<>endobj +1280 0 obj<>endobj +1281 0 obj<>endobj +1282 0 obj<>endobj +1283 0 obj<>endobj +1284 0 obj<>endobj +1285 0 obj<>endobj +1286 0 obj<>endobj +1287 0 obj<>endobj +1288 0 obj<>endobj +1289 0 obj<>endobj +1290 0 obj<>endobj +1291 0 obj<>endobj +1292 0 obj<>endobj +1293 0 obj<>endobj +1294 0 obj<>endobj +1295 0 obj<>endobj +1296 0 obj<>endobj +1297 0 obj<>endobj +1298 0 obj<>endobj +1299 0 obj<>endobj +1300 0 obj<>endobj +1301 0 obj<>endobj +1302 0 obj<>endobj +1303 0 obj<>endobj +1304 0 obj<>endobj +1305 0 obj<>endobj +1306 0 obj<>endobj +1307 0 obj<>endobj +1308 0 obj<>endobj +1309 0 obj<>endobj +1310 0 obj<>endobj +1311 0 obj<>endobj +1312 0 obj<>endobj +1313 0 obj<>endobj +1314 0 obj<>endobj +1315 0 obj<>endobj +1316 0 obj<>endobj +1317 0 obj<>endobj +1318 0 obj<>endobj +1319 0 obj<>endobj +1320 0 obj<>endobj +1321 0 obj<>endobj +1322 0 obj<>endobj +1323 0 obj<>endobj +1324 0 obj<>endobj +1325 0 obj<>endobj +1326 0 obj<>endobj +1327 0 obj<>endobj +1328 0 obj<>endobj +1329 0 obj<>endobj +1330 0 obj<>endobj +1331 0 obj<>endobj +1332 0 obj<>endobj +1333 0 obj<>endobj +1334 0 obj<>endobj +1335 0 obj<>endobj +1336 0 obj<>endobj +1337 0 obj<>endobj +1338 0 obj<>endobj +1339 0 obj<>endobj +1340 0 obj<>endobj +1341 0 obj<>endobj +1342 0 obj<>endobj +1343 0 obj<>endobj +1344 0 obj<>endobj +1345 0 obj<>endobj +1346 0 obj<>endobj +1347 0 obj<>endobj +1348 0 obj<>endobj +1349 0 obj<>endobj +1350 0 obj<>endobj +1351 0 obj<>endobj +1352 0 obj<>endobj +1353 0 obj<>endobj +1354 0 obj<>endobj +1355 0 obj<>endobj +1356 0 obj<>endobj +1357 0 obj<>endobj +1358 0 obj<>endobj +1359 0 obj<>endobj +1360 0 obj<>endobj +1361 0 obj<>endobj +1362 0 obj<>endobj +1363 0 obj<>endobj +1364 0 obj<>endobj +1365 0 obj<>endobj +1366 0 obj<>endobj +1367 0 obj<>endobj +1368 0 obj<>endobj +1369 0 obj<>endobj +1370 0 obj<>endobj +1371 0 obj<>endobj +1372 0 obj<>endobj +1373 0 obj<>endobj +1374 0 obj<>endobj +1375 0 obj<>endobj +1376 0 obj<>endobj +1377 0 obj<>endobj +1378 0 obj<>endobj +1379 0 obj<>endobj +1380 0 obj<>endobj +1381 0 obj<>endobj +1382 0 obj<>endobj +1383 0 obj<>endobj +1384 0 obj<>endobj +1385 0 obj<>endobj +1386 0 obj<>endobj +1387 0 obj<>endobj +1388 0 obj<>endobj +1389 0 obj<>endobj +1390 0 obj<>endobj +1391 0 obj<>endobj +1392 0 obj<>endobj +1393 0 obj<>endobj +1394 0 obj<>endobj +1395 0 obj<>endobj +1396 0 obj<>endobj +1397 0 obj<>endobj +1398 0 obj<>endobj +1399 0 obj<>endobj +1400 0 obj<>endobj +1401 0 obj<>endobj +1402 0 obj<>endobj +1403 0 obj<>endobj +1404 0 obj<>endobj +1405 0 obj<>endobj +1406 0 obj<>endobj +1407 0 obj<>endobj +1408 0 obj<>endobj +1409 0 obj<>endobj +1410 0 obj<>endobj +1411 0 obj<>endobj +1412 0 obj<>endobj +1413 0 obj<>endobj +1414 0 obj<>endobj +1415 0 obj<>endobj +1416 0 obj<>endobj +1417 0 obj<>endobj +1418 0 obj<>endobj +1419 0 obj<>endobj +1420 0 obj<>endobj +1421 0 obj<>endobj +1422 0 obj<>endobj +1423 0 obj<>endobj +1424 0 obj<>endobj +1425 0 obj<>endobj +1426 0 obj<>endobj +1427 0 obj<>endobj +1428 0 obj<>endobj +1429 0 obj<>endobj +1430 0 obj<>endobj +1431 0 obj<>endobj +1432 0 obj<>endobj +1433 0 obj<>endobj +1434 0 obj<>endobj +1435 0 obj<>endobj +1436 0 obj<>endobj +1437 0 obj<>endobj +1438 0 obj<>endobj +1439 0 obj<>endobj +1440 0 obj<>endobj +1441 0 obj<>endobj +1442 0 obj<>endobj +1443 0 obj<>endobj +1444 0 obj<>endobj +1445 0 obj<>endobj +1446 0 obj<>endobj +1447 0 obj<>endobj +1448 0 obj<>endobj +1449 0 obj<>endobj +1450 0 obj<>endobj +1451 0 obj<>endobj +1452 0 obj<>endobj +1453 0 obj<>endobj +1454 0 obj<>endobj +1455 0 obj<>endobj +1456 0 obj<>endobj +1457 0 obj<>endobj +1458 0 obj<>endobj +1459 0 obj<>endobj +1460 0 obj<>endobj +1461 0 obj<>endobj +1462 0 obj<>endobj +1463 0 obj<>endobj +1464 0 obj<>endobj +1465 0 obj<>endobj +1466 0 obj<>endobj +1467 0 obj<>endobj +1468 0 obj<>endobj +1469 0 obj<>endobj +1470 0 obj<>endobj +1471 0 obj<>endobj +1472 0 obj<>endobj +1473 0 obj<>endobj +1474 0 obj<>endobj +1475 0 obj<>endobj +1476 0 obj<>endobj +1477 0 obj<>endobj +1478 0 obj<>endobj +1479 0 obj<>endobj -1470 0 obj<>/XObject<<>>>>>>endobj -1471 0 obj<>stream +1480 0 obj<>/XObject<<>>>>>>endobj +1481 0 obj<>stream x+ä2T0BCs#c3…ä\.§.}7K#…4K=3cS’¢` g`NÖvôurT(ÊÏJM.QpÉO.ÍMÍ+I,ÉÌÏÓÉâr á ä«endstream endobj -1472 0 obj<>/XObject<<>>>>/Annots 59 0 R>>endobj -1473 0 obj<>stream -xÍ[ÛrG}÷WLåe“ª=÷>mÉ–UUb'&·ô’Š¢,Æ$GË‹/¿@7€!©-9‘l%U.ž9ÓÝF£Gÿ}–%)þÏ’&OŠ:™.Ÿ¥ƒOôŸw?Ó“¤.‡øw™ÃAÀ"=sp™4usp™dU6¨|Ãš:-ªA‹N›j@:ˆ†i>:’…I‡ƒíÊ”(ÔŽ¨ª-XÎFsŠÐ¨”òQÒ`ÔÚHî±ª5«†¬b ƒé £dIÅ€(%B4Kç ô.©Kmçà2ik˜Æ8!f6„1ô,Ì%´[ÁÖdOÇ:¼Lò´Ž-hšªŒ¬ Ur•«bp™‡ÔN9À\ÛexŒ!•ô˜Ê`_Ç:v˜cª0Mä7"(pÜ¢+é1ºÅA$e«/—Ã”gºiÑ»êÖA4Ì -44Òcê–fÛ±ƒm -Ð±ƒÅè¾g©iØÓE&Rà²,‡G—J²‰Êºd×d PE®ÉHX~‘;5iÒé1XÌeíY‡ÁbMÁ€Ú±Ç¢gáYè19 Ï„¶õl^“Œu,/NcÅ<ê¼%3DàÄÊ9qó†´†“ª%M©6õlÒÌë0XUŽuÊd[Œe -²lpü’)8‘^9U%ƒ2¡eVÖ4Æ:Œ¶{¾±“2ì/Æ:LÊð¼)ë1Í[Þ×c°Ã~Ïc?‚À×´gÁVkc+«ÊX‡is¡ØçÚ2ÌKÙ(ö•l×Pø7ÎADuŠ‹Æ9(“ã;¥É‰,6`ßÔc1?† Ä«(#Ëa›áxÆ€×¹A4L[ZçJzL"Qä7–cR1l!IèV€v¹,£wŒ¤©€+’óòö(€Ú9vKãx·ŒíàQuè„Ú9A¡Æãˆô,RŸY‡ÁK¸Ÿkë0Ü/¥uh¬Ç`ó!tr¬Ã`[¶‚Jå1ì€ì§rm=[Ór³žyýUkî'€ôá 9ÊaÐ-¿I¤4,+vy“5ò5ØW9É(Hé1XdØW›z¶¥ýÉ±“}ÙúÚÖc°YÕkë1Ø²íIå1Xh€¹±ž;$‹8ÖaX=cÖµÇäÁÍ±#pÀ÷1Êz»A¯g -+EA›Lˆëlz×P"dœƒ+lC~‘Ú9óÃ!Ž’ƒ-Yc‹¥àõ˜ÌOƒõ,ž†ÜT÷Û‚©8‘]9£*Ê‰*¡]]IUcE•ØQl¬ÃP%mÈHÊzqs¦¬(ŠTY÷â‚)8ÑL9£¢Ê‰¢¡]·‡e•äs¤Â|¡mA€¹ºÅr1ÎA¤è´Hs¶Cüôzã·®©Ç`jzm‹¼4óm¼ÀÃîpKßÖcr¿ -«Ðò,b’—Êc¬`>4Z[Á"µñR‰ù±‘ÓnÊ!4g`æö$Œ©œƒdDZiFz©aáXÚ0sˆÎÜ°‘7ÌÈñiœƒ|¼Ä¬i;/#$ièe¤Ç`±8zCRÊ1°:¼3@àè”U‡7YVnˆÍ—5r -´SÎAHÃYˆ‘ƒ²œ6õìŠÆr“ã§‰‘ˆó¤È‘AJì?ô/‘£[ø5Öa°Øñ{¬ÃðÌœ¦ÕÚŠHœf„¤Jr)pAFN¤ÈŠÆ:ŒA3 -aÖ±Ç´Xxj[vø¬uÇ~4*ûä8¢ç ¬S€4Òc²m-ÆÊ8«‹Ñq¹eÛËCü¢uäDˆ£Xcœô‰•¥ÞGË¬v}ä¼…“vHu½S)~ ²Aµ3ãròfoÊèL -„òHý „’ìY.'UiÈÀ.4TRbó"«ICÖ0pÖGƒ\€Þ$ÒcÈƒ ë0Ø!¥¢Æò Ø>Èª<&ÿÖ!“áÌWÐ¦#6uPôOs(£ùv<@ø)’ÅÚÚ9HË*…n:žƒàpL/g|ŸÎkÖÎ 6''+Ž ®±ƒ«â¡9*¥„rØ‘SÇ$Åi°vI¹Ó§‚¶zãß*H`24J9ˆÁ¡K]°;Ç‰²q!”kÂ‡êà -ü[ Œœ•rƒa±¡ÐIÀ‚Ä`˜nTé"ÇƒAPõuþƒ&“Â ½Æ$¹2¥œApHâqÜVÎ BE9Áa»wíXÈ\Ži¼8ø· -:?a¿£×XHƒQHãXÈØ.€íLÛ$x#TÎ`´¤¶Ã†>sÄRìG±Ý‹ñ³ç¯‘¨¤ÉøÙ<êöM™Œ¯øV§?Ž'—‹YÒ]'/»Õv¶Ún~ÿ‰VòHjušäÔìÇÑé¯/Né $ MNx˜ü¶îþœM·üÕ¡ržŸuÓÝ}N¶ónE,å-…ƒïó_&êa» -ê!=¯ eÕ³§Â\Ðc<›,©oÛ–ßUþC«lÂÒ<9¤<_§—›íz¦Šê‰ ¨?ÉÉÚ'¬ºœØ…iýëçÙj¶ž,è1.Jê"LM2_m¶“ÅBÝ¹(š'¦zÍ:âNÌfë|µ]wW»i\.UûÄdÞŸ®†u€˜:I/o&·ÛÙšžÓáGBDÆ“‡E'ðßÝ'zEÎè’É¶£'8¼³"’s™GîYmŸOVWÜ:”mzÏ6€Piµ4\Á=¾éÊ’|Ï_[˜©qUéâª-bÑGLòör;™¯æ«÷Ôåz5LÐ¥¨oãŒ«ÆÙL–—6ÊÁÑ”û÷h˜Ç¦QZLE‘l_Wì5×ó÷»u—=•.j/¿n1&ï=:•p£ÓŸ@Ô3X-ïÃ¯®æÛ ’+œ,ÃÜnof4#H£Q Ï6ËËÁvàéFb7–äz¾ˆo«Uî!æÃ¼æßèžHó'3èU]œŽIt”BžÐ¦’¥$Ó òŒ¼·ÚŠ}¯¿ðŒøEµ˜otöpSPÇ`utön&ëçJt9_Äiòq2_PFÅ³Š2oL!$ÿAš¡ËúK·ã0ÙX›Ùú£DOÜ>¤Uàa¦V{ FÂ±ÊOryÁaWÈôâºÅ)7{Tòi¾½!¡O‘Æ‡ÇL·[Í?¼8]Ì‘(òãzcJüH?‚!¨ÊÐw—êoÚâzÝIÂXPžƒ2.ÛõÁÙÛÑ?Yc*XË&pq}ñžŸ!|”EtÀ‹ùjøY—1‚àñ›±<ö[-çß~;zžóS,µm§0.K2LÝÕMnmâß9 Áš½eWïÛñâf'¹jâ`çq¸KõÑø.&Ë¡QÝé¬[ý#¶ob6pÑ?ü‹4@‰¹ -}Þ)éƒçß'TÈìïˆõbW—ãŒ¦Ý-‡¬nóƒó3Ö|Qsù$è„à¾J‡ûÀ/ÝôCÜòžLŠ- -øS,]>Â5ã¹è®45d*qáý¾›O?°k¡R¤©æËu·áëÍâhw¹š±sbí6ºy¼XwŸ6Á@8þë'Ï©_T`Ô¹wKÞý~Ýínùuç"É=¿ßÍ¯ÄËà“ùWž!²‚r©kÏöÑ1æ=HfbÔ:›o¦»Í&òñuÃÊàß¢Ò Ö–æ41£qJØ‘ÄBö¥Ÿ¼bPkòv½[ñ)Ý ôÌ±lý&œvðÕƒö Ç‹nW³ÛEÇi "™½‰³lH(¹5£OŽ „f««ø:êÛmwŸ;UÙEïÄÚ¨Ú°„“‘ž"ðu]»•²’œä¤Äçj.Þcãß÷ÿÙH*‹ë¦*zK'áÞôŽ¥ ?¼›-»$RX}UL±NW«ÖŸýÀ)V“ÛÉz²œ…Ó'®LpÉ"Ûê±÷·Ÿäü†s¬ƒ<êlÀKŸMƒ+¾Œ -ÙÃèËjÊfA`Ê‹»ÌÒDæo›`¯ƒ¬b¯Èña?`¤S÷4ÉÅù›u ¿oŠõìù=`Ð³i|<9HuÎ¤žá|oÞŽY\*èœíÂ -Á¥T<¬'Ën-ñÛ¿¸½™¬¸µ"ÝJÖ—?ÆüñcöÇOô&•65£º]wÛnÚ-ˆ@eÆ;<™üÊF§zƒ`‘S^a£Æ¸p±Ër2E¦&¡á&û³”I%¬@,î»M³MÞ`y³ p6Š9iòn¶é;-™¡&„Ru(©¬¯Âa -wqŸýö# -úl¥øûd#!œÆl«FNŒÈ(õÄ9_]wë¥•:ÛÁ°‰ ®&Ø:&â`˜²øûrÖÒŒ¹|‚¾a÷ó\–Âê ßAî;ÝD:ÁwnëÃrßYÏ—·Ýz;‘C-êy–U¼Á¶ÆK©·ŸŸ^v;IÙ>âÁ£ÙU²$¸á‹U¾;¥{H"hJ÷‹{ªžlN¯>BÕÉ{Q÷º^xd¿ýú‚×1®Î5«~µš®¿ÜÆuŒö†q?¤Nû}e¡àU÷ƒÍçáYçë”\u«“™(5ãz5NÇm¬ÛÉfó©[_ILÅÁàQŠA½ßoô¦ð Q‡ -¥OÔP¡d)Yx|{Tj`yÙ-—!ÿÄ™†®Ù]÷û¨8Î¾ùî©vý¶@]=¸›¿¶³Ï¼Ú|YýQåýšÎs)câ“–žjyÔøLÖ‘•¾f”oñnÐ!¤óÒ¥_ÎN£I¢rêS -÷j¤ å¢½I9Vç9ØÀ8º|û5¢Âó ³Wpr=çž¨øRiÛ_BYïjbwK[¯]Ä'KˆÔÉp Ô`6âš;Ça|ÅU}ÛK×\®º³p×¿C y‘@ÖSlz3[r™‚ž¦öÇ*ïfrý½¹™VŽŽÔŽÀß½~Éa„3ê¼HùÎ×KuÛmæŸO§SœÊ9¢âþ4×é;àýP0 }ó¿3$úÁÿßM¢Ö0zå”£÷Ñ1ppVo¹Ÿ´í8íi>¯åDÒëlO_ù0æÇ&þgªŠ3S$N¶k$gô1M)¾³ÍÚÇ²yId»d"¯–CW¯—ãú“é1õøvØ;¾7ª³ÌÓ›ß¨Jœû›@{0mÑ§pCjÁfs;›Î'™ Þ"Þn×óË]8ôJŠ8à‘-{Çyoî¬ÁŸœ>ðù.õäá½ cx ê«Ï“åm¸ôÄWwZÜøåìü5‡ø›V>_á+—y¸;Å×¨Zõ8¦æÁ™×›zÆw°s.H</žÃGbøë2Ã7–üçñ3±øÙ[rð™[ -XIÒ¤CúªlN’¾?ûýÙÿN-U×endstream -endobj -1474 0 obj<>/XObject<<>>>>/Annots 102 0 R>>endobj -1475 0 obj<>stream -xÕ[ÛrG}÷WLíSöAôÜ‡³/[¾ÄYoEY'RÊûJ“”Ä„‡¢’øï÷t7€!)—Ë’7©²yæL_Ð@hôø·'E–ãÿ"ëÊ¬j³éêI>ÊñDÿøé;>ÉÚºÇŸ«¬êGEËìì‰ƒ«¬Éœƒ«¬«Gc×ÎÁUVTÕ€ôl7t[µœNÕ †,GMœŽƒ«¬/F•çj¶+ËQ‹vèÓÀvbÀRV²‘†y?ªµ¡k¹¢à;’SÊC;ÖaJÙŽJÇÊ MÏ‡q¶è ‰c·Ufdh8®D["W#ÀF®È;¬‘c>¢oÇ:¶ï ‹c^e%V q¬Ç`®ƒµõlßzÇqÚ^´Ä`âD®(jª¤Ç\^.ˆc¦8T±cÆ”Š1´`¬Ç`«Jw¬Ãv<˜•oÓ´b„bPWÙ˜ömœƒ˜n!ÂH/lè1Øºâ -*VÕ|¶‚‘vodhXåÎXÃÈÐ7–OInŸ&çžæ\iÂTÂ—tœ¨r®2˜äWÎAô™7ðFr¼ºëDÀ†æÇª)ðBt]µRâºŒ®Ë8q]‰ÛØH1™ªÀÀŽulËÝéX‡ÁbŽë¨±êÚàtÅ:7ÎÙ«¼HÎA®Ž,’ƒeºÊ†!ËÚ²`CF®ÏG]fœƒèª÷¤Ç`Û&dMÃ0dK€ ¹0†rrÈ1‡TRŒµê¹S£¿€ŠÛH\Q´°#=æ\ë!ë0Xø…Æµ¥uU]!ês -€c:Ë8±®Ô;‘W:a;Áh Æ9È™r\#=æL,±²æœƒŸ¬yºæ‰C‚Lò¢,AL§fŸÊ9ˆ.kGzÌÉÊRiSÁŽk®²A—u#”'@&ÄÀ]E®ÈKìƒ€HzŒna•…gæ”¤¬m´¢©&`ƒF®È[6TÒcZsJÆ:aÓW6Š´þ)H*À\QÐ WJzÌAÇÔš±sPºFcÃ ð¡ô2aP6häâÖPÒct[‹9ë0Ø SeeÐ²wÙW:hâ -øüiß$é1%e?'qt°5v;ß$é1&OTxÖa°ðE8Õ[[‡9aæIÆz9Ï€u˜šå‰ÆÚq$®Åh‚œ‰9žRúE‡1a ÎÖÔc°Hë;ßÖa°Èž ¬Œ#=;‹qŒuÂbïc‘••Ë=¤‰RìW\^âähnœƒ²Î¹FÒ‹LÈá 4g,„I˜ÓeÁØ0!xPu!t§µXD˜Pä`fèE9Ñ)Ü:UÒc°ðW¾©Ç`Å§¹¶ƒE°l}Ïƒ…&<„Áö`’f/ÀV7r’ëÓÑ•"¨ƒœnÇé*é1§ËÌÁ±ƒ…ò¡kë0!§‰*l»ÇGq5…N×AZÑÆ”ôÝæbŸÊzôm=‹q`ÛÚ–) oZ§¤0ò›ó1óe$‰m$}QÆW•¡K)ÁÁxÎ &ˆóTeíWŽ`™f_¶ŒŠ:žƒô1ÎApX®±µ‹»³¤üV{ŠLÈG”rº£PN:lÃ9R,T~k‡‘ …RÒñ…i¼4’ßÚ(2²%•1„9 v¨Ù 6rŠé°ˆÆ¤b˜³q©&ÒÊ9HÅútœ”ƒ¬ApØ.¨¼¤yÊþ@AAò›ÈîˆOe¨Éð5Î …c>jœAp(£²¢í‚ƒGhg‚s»i;)8]ŠqÁ…ÚQÏAXÎ_¨¸$N‡5k)Y~«à‘‰Y0_‚ó8Ÿ¸B²LåRp–#µKÁ!9B6¡írQô•{~þäé+æ%Ùù…DÐ¥ò®ÎÎgRÞÇãé7ç“wËy¶¹È^lÖ»ùzwý÷ó_Ð -.²`«^4;)Ùì›W“÷»ù–ïÐÝ€@'³o²jÄGhàÏ×á,nWõñáb}±Ù®&»ÅfÍ—1ï¾K f“ÝäÝäzG -ƒó¾Ž¢ãbh^õn~¾Žó.±›Ë´#ß/'lú?w´:¸¶$Qö~r}ýÇf;g€ÒCÓµQoÙûð¯}QÅGóõtû^a&½@ÉebR7±{Ü|Ý’Ë1{„K‚[ØS\s úwó]²J–XÒ†[oÖ'ÓÍòfµf_pFu“ì•¶É‡L¹Tð‹íf%‘}Ô²áÈ–bïhÞÖ_Æ¬ÓÀ³;ß8Ù±Í’Œo ÆÙ;Î‘Ç¶¨°ÿžŠÃdûñýòær!KcX²ƒÇò£Q<œƒ†êEmê@½_ãì¹î'ûŽ±û@„Ÿ¯'—Ábp£ñøNÅ´^Š>@•§EÉ^¿‡Š¬×ù‡÷A˜á¸K^ã‚‹1ð‹õõn²\Z:€ -J£ƒÍà1U¹h'ehÅ„^ï¶›ÙÍÔò˜ûqj_HÔª)š±Ip[Â†&q?lVpíÐÐÍV4Šë’*ù3$Œ=›o©!ê¬o&’âª²Jöž…å72ƒ¢ý‘þg¬0âýëRb7®óü6‡&Å`¼äûÏúËòjùáolƒ+R³þ’ç‘&ÆÏÙ0µT4NJÜ>îo“Ãlì6«=fŠÁ’¹:8å·jàŸnÈ¨°#é£f\|Ëá•VÍy±Y¢iãˆâRöf»A‰~%§Hì}Û¤Çöþ·Ûíf+¯âZU/6ÑsçkÙ.£Z¯z.ç»JK|WÝ²¿úÁo{·–#5ê?¡(›ê@HE÷…ó®¾Ìã¥ #ÔŒwÓ|†mù¾Í6$;±¯þÏ§§ßJ¨j$³ºmÆ÷ñ¼ŽÉ<¿øxz\áø»”hiÕZoÚ_£î¾ ÕëëP|ÜŠ#¹ìØì‡ù×~’±bè÷›ËÍZÖqî¾‹€õ~2_vÈ.!fºf¸XUþñ|žyÞ˜;Ò›q‘®>Í:>–mã\¨y„úB³K¨|Vðñ®ÅlP+ÿâöi$SrEí -_Ø{£H&á*¾ÿGÙ{o˜½ãë¬ýÍýgïQ‚aöŽöE8ê°CŽ¶¸X„“A>&ePü›K=[š™},oGb©[?„B¸LÝïÇRuðâçù¥]~yKòqmJþóçÇ¸:‡~ì_›?¸YÊÙz¶ KƒŠmÃƒ¥y†ÛE½¡Ã–Ðe»€O—nsçá €¥±ä~f×$î³©^#„ÂçÉ§$!ÿÊßMHå÷;.ÌaBûöj¾p!£±z!î©åzëzL»o^¾H‹ªYÞz>ŸÍg">ÅÑtè¯ÈñÉm‚àO_Ó'_È²ê¢ÃgjüŸ|=;}þŒ)Û/óé.{¹™ÞàVÒt[!`çU•tø¸¯/ïÛó'?>ùïP6endstream -endobj -1476 0 obj<>/XObject<<>>>>/Annots 144 0 R>>endobj -1477 0 obj<>stream -xÅ[]wÇ }÷¯àcú Š»ÜîCO?êÔ=©u^)Š¶‹¢JRQüï{/0`IÚQäPiÏiu÷rfƒÁŒÿ÷¬ŒðßbÐ–ƒq3˜-Ÿ†#|±ÿùñ{~4U‡ÿ]ÆÝ°Hàzpö,Àå õ¸—ƒI=,C»—ƒ¢¬z #Ûì°/eÑÇ¡ãˆÁ–“>œÅÛŒ‡Ul04õÙˆÁVåpÚŽi\ã#Qëh¤—ƒvl?$ TÕÃ64Œl1á2›FL#6TÆÙ€iD×Ù€aˆQÑ*b°ÕdØ…ž#¦G4±õ1Xè¥Šl7êi1L\t=VM\–ÃÆL,ÀMœ¸¶ÁOã\0"ä1.@p ÇsÎ!_ôÈˆiüš3nM#;Óëœ ˜SC§ lÀ`!œµ+ÎÔ¨ƒð%qâKÑpTrÖŒŒ,– lälÀ`KqRg‹e/u6`°m×7`Ì8T‡·XÛˆÁÖuO*Q¶†Ê¬¬S6s]‡Ÿ8 Â¢j1X8YÙ€ÁŽ'0·w1Øš>Ø€Á¶Œ[ ªtDgcë†Ÿb¬j*16sT0ÅXç$Ææv]KQeö $1x91mÀEØ€Á¢Ë^Û€UËØV–p]Ó÷R”T@‘$JfnÂ â\€—ËÉÉˆMƒÝ&eÒ˜EÅ±½ -T1He¸@‰S ŒÐ22 ”Z&+ÖÎlÓÒŒU`bº¼šD€”¸ Am\€ˆíŒlUqHk1ØIÑcu -FK§@$þ(DClOÔÈˆ9¨ÞXÕ3iûe-ÀõLV z5.@ì–+Ì¸1 ö¿6ƒ…i#+âTØ Ì1˜8™›0¡p°L`{'#æŒäÎê-§?Ít%À‡L|8ÇHQ!ÒX6¦€Í$RdNBƒs¦HáœDŠÜNBƒsB‰NF¶ì¨¿ÈFq"‹Œ©lÀ`¡,,émf©a&g#æ¶ÑrR¬ZvÌˆ—-+À-›¸IKyª2ì91XqöÀS qãˆ©ê„†p6`ªÊõçlÄ`Ë–Î`mUUäÏî·\ÕÄIT ¼+Å¹i±¼5Œ¬d2Þ4bš¡¢°Þ6`°]IE Š"%lÄ`‘nÆž¹&Æ×"G…1ˆ:\ZUºT˜po(}¶ÜááDÌiÆØ§PûJ›õX)Y‚ -ÑLÆ6.@Ä®’2 EaüvRfy<.E¿š)‰™e‡i];'ë:·+Jî©NFL«RÆP³9Û–½¶²)0?gÂÖƒ–Ø2@4ÄôÂrFFÌAyÞ lÀ`Ž!°· ˜ë„»˜³j#x«Ì—E€Û(q<«ÀéŽ¿MÆ Èø"+š–˜.0QMiš9»'þRº ÝÊöØ€©Ã¹³:(g:˜*ÀM\ÔÈˆ9(]´t6`®0f›Îê &Û:¨4qš2—FF¬„.ÎJ -,öoˆälÀ\Ö<Á8«"Õ<Œd;p‘—ô62b³ƒ³j‡Üá;0ÄHã¬Š„UN7S+ p‘—D02bŠÄt¨t6`Ê–³ƒÅB†§Y[ éŽ»¨)qI##æÔÉÙ€U¤"°:h¡‰³ÚA€š¸¢d )Œƒ"šõØ€Á"ù€HÞ6`ˆÀ—Œ,z‚ÀÎŒ¨m7b°“²×V••¤:OºW6qÉ¢FFl“î¬Nzn‹QàüÆÊ rs~6hæt'#ÖiE}OúaSî]j6t°H€T€iïÒ’“½+·C†P‡vRIÎ·7Œ,êN=6`°°{ÛL¿ïzÃF¶jûlÀ`åTãRELo`®çlÄ`1MQfÙi -t/‰;ƒ‡1“ClñXÙ¹¡*NBã@FL3qëó¦ƒ•sJ`¦!±œ,vrÌHO#¦™˜š6`Ù?üÅÚFL31h6`°ˆª0¢·å!˜)—œsÅjÜˆ‰“¥¨?$ Ìðã\€j`Xß:¥3‹2Ïn##åß -0Xø;&Ç{,¤€ù –ðêlÄ`q*ãª§!€2 ~Abn¤Ä©k Bi/6Œ,ªéÒšê£tv’!ø‰Ó1ŒÐ†42 ™Z(ÂC gFÛ–…±ÀLû1ctV‚d§ÇÙ…äo -ë}ŽXŠ3*@€Ñ8éP‚EŠôò·u˜ ±Fˆ‘uãÄ Md -åo3gbT#£D‡ÐåcvÁf‚ÃIåaã‚Câ‡¯qaGø'ªÃ™!âÍÏäo21Åh‚©1*@ -2ÂÄ8çh8‡à°x"çB"õg±bQ”ÁáR"rÁ!©ŒœCÄ!3p¢8v,;4Èß¦xbTS£ÌŠ;'Šçv¢©s³âÎ‰â©jj\€œ9fÎ9¤âRw :b0‡Pñ§üÌ½8vú‰íhpþYNr¸¿h«Áù¥Üýáóì»óéÅõ|°ú0x¹ºÙÎo¶›¿œÿŒVØ> -¶:IÍNJ6ûîåÕôv;_ó7L$Ð:¹ünÐù MžM—Sù–I•ôb:ûtw+Ÿq(ºôãW«åtqÃÏVi™?SžõêúZGCÐDê—ZlW:Ú°+Æ_ñë]³“Ó×ˆCªiÉ*-Ô%ÓNñœ%+Ô|¿^i†_Ûâ¼C©n1Sµ±ƒÙ±ò5JšÃvü49[“* -™1©©š'õÇÕt™õÃÞaÑš°î!BÃ•íHøuã“Mú ®¶3o¸À–eç ‰Äåê^¤Ç±Çsê{î~8Åv€òð“äÕy’Pùg>™'©‡hÕý”Â/Ë}ðþ´;î&g³ßŒ)Šæ´ÒÃìŽVª+K¶À¦7²ó±Veß0«:½àº¯*êVíQƒKV—öý ‚‡~vÆÓ––l ±Në5œŸrÍÉì}´?²žÈ?öôÔSÞÎD>tÑ½_?m¶–ÁàU«Ï<^{‹;c¡?E%¦‘ÿ„ÿÔcw*õ”÷0OñœåWÊ·¾^;>“,“Ÿq†‚ŒÜ†àŒåSÃsî½#÷Þ¾‘ýº»Ó½›¯—” õ„„§^l{±Ðë]>ÉÊg'å•æÄü9$È›\IIžvX‚÷|6›o4YÂ›[Øšx{KçJ±ÒÞ¿›$n&éQMÇnCþÎ»_ëxù+Q™µùïb~Ÿ3½˜ÉZž3œ?æ#-´ct°µ_Dßšu½ÖáÚèn“ºÁ¼š«,UHÍ¾xš¿\L¯W³½ÇÕÃ«×jµ6‰¶ÚÉŠÝ8¸]þ&•ØËL›ù|Â¿¨‰úç#nn7ˆÚ2jj“úXe2_ Ç€S¤;‰ßt®ƒÆXÝßÌ×›«…<‚ÀC‘ª~¢ëÄ½¸–Ôã?˜ê«§IÜ#ÕÓºfŽ—‹õ|¶]ådÈ!—¥v—î"_i%¿BÆÓõÖœx/uåÁUœ(;Ä{lÍëÝRô=ýCV×{>.ÆÒY7î‰¯z“¡…ê}¥ÆÕñ§¢ož¬^xõÝQsmsÇV—‹Ÿs|ŽµÁÃëíÿ†atÜ:r«fŠ®¿{iîm*£ˆ8_O½†ˆ}Ú¦î`yüÐm(N7—Óµ–TQw.Ò×ÒgvÍŠä}4ÊEêåt#wH1='¾®§Ë9dÔ%âÙ7Y-E)÷]Aó÷?Õ.lºÝ®¸kf¸è%;ËéímöU½I Ißõj¥°uúÏØÓã<O+<ÌiäßÚàÉÚÙó^>/XObject<<>>>>/Annots 189 0 R>>endobj -1479 0 obj<>stream -xÍ[MsÇ½ëWì!§*€wö{O)Z´l¥,›©RªR9€H®M`|ÐÎ¿Ïëî™é^,$Q%’²]eãíÛ™éîééééYþ÷…KRüë’:Kò*™¯^¤ÓOâÞþ@O’ªhñßU’·SçÁmrþÂÀUR–ÓÊp®’¦–†3p•¸<Ÿ6†´l“ºei²Ï‚4TÏÉð‘3}º’FŒ¤Å`‹œFTÖ`°U:-,kð*ÉÐ3ÛZV4UÖ`°uC–VÖ`èš ¥²˜,QL3Ó6¯¨«´…¨˜î—™ÉÀUÒ¦ÓÚ¿HœPMrCZ6/§ayÈ² ‡R@2pÎ¥èVIÂ™ÇèZ†•n›œÝE/h·žk -Ìšr¢S¸¯3¤Å`y -µ©Å˜–”ÜSYrÀ²¬Ô<¼Ç§œ°zå œd×S¢¤>§²d ðy1”Œ¤4ÌÉ¸aBhCÏ9¸ÄQ² ]Í&‡19¨¡5+àJZLfuƒ¦%wËÖD@ành·žs®¡†‘´Ý–9 ª¬Á4(EÃLsÙÚZ¶ Ö¶,p%A±†œË\DI‹ÉJ$’e“:d Ã–G7¬Á¤Mœ²ƒ…#Y©DºfGu¨:žsùxI‹!ƒ*k0X„ëk0©SÁ·M[ƒ!°Ë`e-[Ö¤N×b°uIfTÖ`„Gª0¬˜¢"Ë‡™e ¦ðœs‰I‹¡B`eYƒÁV âœik0™‚â¹²¼Z‹Òñ¢ã8'€D2p•@EHÄ/g :Å:µ¤Å`±R0dl*VÈÉ¬Á -Ô -ž£ ÓGÒbtwÁ Ê¶¢½VYCÔsLŠHZLºÔ¤‹²ƒE‚VÖ`ZyadE$çÌÂ` "yÎ¥"lI‹1hqÀ¶¦mDÛò yK‘Î_@4p2ˆ’“*ˆmXƒÉ”(ËN–7¥:™”,p4H“’bw^S˜Ò2Pi=ç -2£¼É½rCô§;g ='é„’C¬›ZLÃaB•Û"šÓ–É‘.g ƒzNYI‹1hQcvk0‰DnoXƒ‰±ø-«l[’ÀQ(n©ÎÀ@öœl…y$-F·¹#‘”5lM¹ža ‹%‚‰Ó¶“…)4+k1Ø¢"o‰mE'G±?UÇsqVŠ¤Å)+±—Ö`R¶¥ÙÑ¶‹²Î°"RJ±(¸És^„HZERVD -máðRe F[ìÝ°adY¤¬•£[I@)p.%?TÒbt‹ÌÒYÖ`°˜FËÊ µdP:¨çÈ—*l«ô&‘£[¤Ua¥ÛJ’é–vë9/{$-&](še‘%sf˜Wš4N®P¯ú£§rœk‡vMMàNX…/£|PI‹ÁbÀî±)GÏ,“Ô¡²1 n DCÎÄ•”†Î¤ðmè¹†2åä3„‰ípfô DDI‹ÁâôƒÉŠM-·„Í•5˜>%‘ÊŠ*©9TdTÏq^¢œi8æ$6´l^ NÖ`°¼(Ë9L2•'xDÇÆTÎ@tŠðV`P/ÔÐb°‰kXƒI -~†5öÃrG}%öÌEr‡Ð¨¼nçØ g "’bŠtÝ*k0Ø†öCeÅFF´ ‹¨<×ÒŸ6¶ŠÍ` :…S—†´˜¢Ü@›Z¶ÊI Ø±Å`[7ìÙ`ò@JÁµÅ`áÖ`°PFŒãŠ!°Ç³4íñàÄ.žs˜6X"’‹²0…²P>`°¹PVYƒIÊ•µ˜Ô¡a ‹UubÏ¢4Ž'|Z;Ï¨ã9‡8…A#i1æƒ¢a ‹PWÓ¶ƒE&SYÖ`R–²mKñœ"~ŒçÈ9žŽ¸r"æÐP9I -LJZ9*ÌÇãó’2˜d¥\\Y‹ibho3¬Á`±oaÊcÏƒÅêÇ¤*k0ö5¬++•Å`Kv¦Ø–§Å¾¸’ùw\ÈžÁ±"M"Ãm¢ÓóïØÆ3²iEŠ!ÖF×âß±‘g²P*¥·ˆQccKB5P‚CrŒ*ià8&bŽ)‚säß¾C‚„!ù¨.†×ˆ2æv¸È±ì8ˆ›ñ:àßQvÏ4„ˆŒ"’¶êH£ ÀAs‡t¾A7ü;ÊîòCì±ôË®PŒa9ØÆCòIÞ -C;Á)m¢ûîâÅ·¯Ë¤ÉÅ„ÄšEÁ½.’‹WóñxþÍÅìòv™ôWÉË~½[®wÛ¿^üŠVðMG&¾Ù$£fß¼¼™Ýí–z‡'úC'‹o`)=CXO~Øôû;~¥94–÷V³»»n}MÏqF¢îŸÿøËû‹_ø)×2“§Óçû§.hð‰«Ûd‚¸øq]óC]aº«îz¿ñšakAØkvvò†ºÎêiÝÖþÙUÏ„µôÙ¢Ûî6Ýå~·\Ðûðÿ:ö§ôÁ¨*‚}ç˜«ÍìööÄÀ–Yì}5[Ï®¥&Ë,Øx¶ßÝ Q7Ÿíº~MÍµãÔ|ÔÖuI¯û -1I¼"GnQÂ9(îbþñÇFÉüÔ%ç³ÕåŒa³ªÚðt¶fåH‘<¸D0ö¸&»ÉGeyZR4´ð£œxwTîô`®pFÓr26rõüJÕ5™~â ™ÕD|7jŒuÛïÞ¬nRL‹š.i¥wì9(®äiãmW—Ó9–‰ÂoÞ<Û4Šž&ZÑÅL ?¹†‹Ã5|†Õ»¡ ‘¼òÓ–œïïîú /@2'"ÄWöÑº9XŒ.Ejo§5Çáj|XÑ/öó°ðKï®O»–Ô»h3©kã¦ˆfCùÇ.‰Àó'ÑÁ+€-z°ÔH™Ê?Cxx¹YbYù Gªÿ}Gþ÷—ÿpÈD5¸ßƒlø¨/y}ètsàTs<-V¡óå.èƒ‹ë¸›$§›î~¹ád u6¡°õacªÃ -ûþÄSod(ÂûÀÂk2ô‚ªuQª¯tÖ¤1[wà‡0*k@Àý†ÆMÞîpçôv¶¹^R·¸UP¬÷«KŸAUÓ<¬Dd`ô&âjëBêÀ.Ô‡?á{Œ'= éÍ»DKk„“Å"Ìû‰l?/g}qèÂîp0‰mÜIî;¶² d(lûì}·^ô¿³+!ÏQóü|Á¯"5Ž;9{Ïãc¥~ÃúB_ñVA5ûÀ/ÊñRxxÊCkÝû€MÎ°Ï°žp˜¢yÒÙ>4K“‘áí#'n%Ã…Ÿ!®¢ï¾^±«Êá<SÎ‹¾¿Ý.yïDt¨ÜWH…¢¢MÎòwšár$L¿¿™±ÐH#4Lu¬®=cJ‚â§®é@“û$*ŽúL?¼rñã`ÂF9òÔîB~’6ƒ¼]¢9?FÉ Äí³Ùü7œ4dÚ±9¸'Îû‚’¨x”‡éÏrÔírƒíŠÄ‡ùWÙ|ƒv¨ñ.Àqø=ªÜz»Ã0¦í¥9–¼¼ípôcýP·‡ÈgrÎé4è†"ùP7Ñ,GN»ÙõºßÊJÃ"BÑîxŸ«~S'%®Lµgz£”µÂ¯WÊ?Ž§ËËýõµßãQËÖ´Æ§% ²iÓ¸»MRÒJÂâÐ3”®M`çÂÇ>‡j£ÂÑÈî5bÉQ'Ô¤lÑ“–(GL^ÓˆbÊq3»_røGÕ »ç3úkS±;Ò×‡zÆ‡òt©ÑY Ùó™ÔîðÙa¬++ÞðË$ª£Zi’h*æÄ)è ·ý`ƒƒ´½˜ŽÓ³ô—<™(ƒ×L¶ŠóâgY(q¬G³ÞïwwRƒÃ,_øÜðñ…ï7¾¦ƒ]Ö¦/(¶ö÷‡«Ššãl-‡\æhÒnFðySÑiÐŸ5Gš¾É_¢ÄyÖowçóMwÇû.Æ¢ü‰,t®A"¿‰åë/œ™7o¸r¸z1Ôév²¸Ÿç¾‹;³bp,§/Ä¢ô9£Ž*´9d;RåírvËËÌÎÓÂî0˜¦˜VëÏ÷K”1•Dþqõ“•D‰4ææãå»³sRËhÙôìåEÔ>ÒÒ›ŸOs©iIbSàwyf.exNc¢6Ên¾vj£öU†E¤Cùã¡6W…¸?!àãŸ2,´·'RNÀ]h"Ù—Qe ‰trqƒë®ëzŽ"±æJoú…T€àÞ¯ë¨¨OðËkO_{Ø¤_. pìqÔ(¯º[_ª Ãp¨À%¸ìÖ²Ã#˜…á úX—/YøêÁ¡â¨Z¼GÓø¡ªå±ÔçtyßÍåð‹œ1–µ>&ïãpOð×à‚OŽ”2^í7»_kÂ2ŽÅIÞ -Ã&bË˜ÛÝòŽ'3¥Ç‘üA½DõòA’0ÐOÝª5c$Àºˆ¡,Më ªø%×PÏÜ×î‘ÐŠI°ŽbÕk>[óHH(c±“Ênå^<Í ¨åX=Ép¯)nO‡üÃÙÒ£¦G¨´Æ(f7)|ï£—ØW›~Kô 7¼Ë .¥m©eäÇ½+siN2LèãËÁIèÝ÷»~rº¼]†û.|VÒä¡ }¤Ò~4DlïP½dmà»êneÑ£NƒÚžþ¼‡ÏîI“šð'IMÄ%LjònÝ]u’Q®.~ê¯{ÍÊBºŸ\.w¿/—ìå´Æâ%Žfiâê+òö„å#'þü#´“w?¿þ©„û!ï·>aå5ñ»Œt‰ò?½]à³pó>«äR>#›¼&ÇŸe ¢&üÿÀy.éP4ç=‹àÏ“ØPôô -Mð‰‰ÝÞQ[*ñ§ÍÏ‚ƒû^”\†âÒX_à2·Ü9múûná7bs{ø ÍæÑ^ -z*ð¤Û¸:xAWƒâb¦ þn+jÐÎûÄµôO)Ž/iÑMFßà¼9œ«{9‚#ùˆ[Ã¦ê}¿ù÷QZù_¥ÈÎj«nŸÇnã¹zÓÍ7ý¶¿âéBQZÕ|»\õ;N7l˜À#qlßo˜ÁÁVOî/QŸ—Dâñn(Í¤×ðÛWøÀW>Øªñ1»Ã_uóßnà;žó“7ß¤¿.ç»ä´ŸïW¨…Å»ƒœ.¢)NÖHbðzwOÞðýÅ‹¾ø?ÕükQendstream -endobj -1480 0 obj<>/XObject<<>>>>/Annots 234 0 R>>endobj -1481 0 obj<>stream -xÍ[Ûv[7}ÏWœÇÎƒñÜõ4+—Iâ5±‰é¼Ê²œ¨±t\]’öï»Ž¤ÄíØ3³Vë}H ‚ ûû“ ñÿ5yVÔÙdþd8âýÇû×ôKV—#üsž£Aˆà*;}âà<«ªAí8çÙ¨äŽspž…bØ#=Û„Aéšz<ÏòÐöÚz¶¨û¬Ã`«zÐ¸ž=Û6ƒÊ³Ã¡êIå1ØjÔë¹*É„E5haÂ¶$™ S@Y%É ƒsÉX‡!ð°Ño©cÁ–}VDÊsLY‰‰¹ŠA‘ÕJz‘Ø/ë0Ø6ïµ•A‡#È™e`ƒF.,¦¤ÇèvÄ^h¬Ã¤)ÛLY´‘'ÄAè ‰0`›é1ÍkˆíX‡ÁV 4u¬Ã`áÃµg†Àù°7®Ü¼àØ=*&päœ0dFzL"•ðcáûÃ¬ªGì„U«€ºu Ãtá/‰$œkË·ƒ‘gF[¬lXIÛŠ.XhêfÓ%r¡¤en¤4,©·4k¬aäBÙ’””†RRCÖ0rf‡A”ô˜¬GnïX‡Á6´pŒÛ††§LŒÉ€ulhR””†ÃÂM -k9š˜]I’½lhMÇ ,€ÚqPNGaãLÂ)Â¥–{Ú8uë1Y€Â£kë0¹th¬Ç‹rÏ"6%–ƒ†µe•5EMì1ä·ÔD‰C€öœƒ· SYCÁÂ‡ *Áª:.Úkë0¢%UÃP¦È{={¶¤¸¶eß-+Š}ÑwL”cUùCæB ,È:³†Ò)ô×Í§d`&Ž{1Î Ù€B5”NóÒÖuÉÀ:M÷bœAtZR\°†Ò)Vˆ®ù’uš8îÅ8ƒè´¦]Ý²û#J¢û NÙ›Çþbœƒè´ j¤Ç¤G…!ë0 DóáX‡Ábïª<ë0éMp¬Çä>´GXÏKŠ2r,[·h+s.jÝÄ…aIƒò—DzLÊ’'9Öa°MÝg†ÀØa}Ï"6CuÍ‚‰¹(‚’cPÌ#ÒWc&‘(/5VÅ'º%lÐÈ…œ3Òct‹0[8VºÅÌ«ó¬ÛÈd&˜5%=F·Xž•nE4{)X·‘“ÍßHÉD9Y^›ÒöQ%!åýBõê`Ìéãí#µ£I€}¸jè1H–c‹ÔµÇ:–³5kËk8I²ŠÙfhTÑ]×HÁ²cËI»±2h#ÉªŒÂÀ\À¦\e¹’£[öÇ:Lƒá‡ŽulK±ÐX NcYÎÀDŠÂUÎAtZÒ´)"½¡MGôd`F.ê¥¤Ç¤'…ÈÜX‡Á"#„”e·Îa -]ùhPÞé†-™€¿$Òc4`:Öa°Ø¨Ï:¶¥ØêÚ:ŒP…ž ŽŽë1X¤÷¹g¦¸ÌÖ¶baœ(âˆ…˜…#7 -X¹rB\¬3(£¤Ç`ù”æX‡ÁbÊ!®µulÃ3§¬ˆ‹(’‰¸LÜÈ‰|Ê9¨â*Å-Rd¬ÃhËçZÇ:LâiÞ¬Ã°=˜7eE™!`’2L™È‰ôÊ9¨Ê(•‰-£2ÆŠ2‰áuX•1V”‰me»Ï•eeg&QªLâF´Ëç †Ì)ìé1XäÁ³ƒEx*<ë0XœÊ³ƒEò¬(Ã¾—”a`ÊDN¤WÎAt*Ê(é1Ø2';ë0XY`c†#a›ö¬ˆ[S¸ž£Cª0 qDÞÞàãÄ"ƒ‘ƒåÈ±“@”m+qY' ÄÀŠœl‚”·•‘“¨Ve,e”éhµO5D@ƒkDŽSãDµÝ?¤vb<ì–p!%=&PØu¬ÃdÚŒõ,>¾Ç`ë -1Àµul[÷¤ò©4V L¯2{–rŽ¥,CŠGÉ±¹²D¦àpš¸r2½‘T&¹3ÿMÍxKŒŒ´RŠæ' - -o,f—³é‰*LÛÄ/ßv»Ú<þ|>]Nô9Ì”&þþëlqÑ}åïqèhjº - Ïx<¤yút¼àÑP1+µÛÇ‡ÿcP&ª’h›Õlñ‘~…ë´!5ÇHçŒ~ú -XÔ§ê*å°]`d¨gdm©*—ú<šM–Ýª»\S{HŠ2Júl²ž}™²ôM~9[N'ënù'7(£a2Åétùe6™Š§‹VšîûHSiðƒ0 -[ú;úç¬CoQ ,JÊº!ñÓI;ý:[O>E•›²øIòÃªExnoæÊÍÞ]m>~¤EÀKSúl³þ„1›Œ×³Ž=‘Äæõ¨»Ø\É,¡˜_Ôqb¿!Ô]~V…PíØÖ§ÚÑçÃJÖ'ª›•ÎT\¨ÔÔê˜¯—Ýæš'É/ŽÃ—ôR€B×Ë³««ÎŒ€²ãÏsI5"Éq@éY%Øøå÷~ºÚ\ñÚ£‚pš‹ìÅxò)®u -WIuåÁþPuè*°¯ŽÌ`žVÿábµ_]©Ï¡&¢Afß,"l_Î>n–Úyžà!ôSÕ -Ô˜·U;îy¸X/±reMá¸›ô{i÷Œ‘@vµ-þnœ?ý}ƒÈ=O;%¶‡0ötýóÂ•¯“QÞ[#Õ`7„ŸMWë´S˜;£"› ’ÞaŠí'^N¸*Ëè›?_!é…5»íU²úuÁ¼Ígkö~VÂëí±þ -AvØ)Cß·^ªVñä -yI\¶æKr7êàSBºk…:(Æ|?)%]RˆÅ?ýH¡Jò/$Ë£³ƒìè”7$ÄÉ3¿•û-+vËÏ<Ý½Tig´õiZx:žŸ©kÔúªês©x‹òÉ"JV½ˆ2Ež÷¦QØ¼º«Dä¯H¶%Í-Ø(ÈAua².”¦o®7KIÍà5£”f#ýþãéÛÙbóu@§ÍÀa»+É”aþ”)Û|ßý¯h˜*ì˜#îqÖŸN×“§Ÿº•;°G§°tw)nßC’÷ç;âÇÁ‹¿¤éû2˜`#&[×¨ºF¾½·m‰÷$ÃA rœ8ä‰qKð²“éUrsØën;øÚ%É{I3v/õbµâ†JŽëìÇ±9 -*boœ‹¶ì-ž¢~ïÊg×Ñ•OÜûÆÝp{lr³’ã4^9Ùò$HôßL‘ª—©GMqÜÔ¸£i -ÉCœãî¸ß'£äTì;!.øv2Â³O¾J™zä8ž®ŸžðŽ€Zy §x¸×Š”å§ÃiÝ>ÌÚy.|c[ÅÝ¬qŸŠoÞœœž±Š½ð|9“£(êNôï´²~¬qÈQó±ØnN©* o5§‚úÙIq_‡¼d}ðmÇw‹/yBðDWâÛ®ûÏÉœÅ=^ˆ¨.{‚Ín!à×CQ†ƒ.,§ ŠÉ£‡Y,ûf3êâÓJ”Ñáq7f•-GŸUÎ¯—Ý Ž¸(-Î—(ÆÀF‰¢ÆBM«Fši4MÄ ~Êö ~Ï¿áÉ&ù§Ë"©âêWŠNý$òäU§_©©•Ç½U\ú©·iôL€ÇuÌïY‹›»‹z`sp'UìÛ}Ýžû)C¹KÓøÕæúº[J‰Ç^u&5Vf:“¨ƒ—i›»YÀ{úBõDÙÓªVmL¾4x·ìPrœóâvDÕÜÊp{=jÈiHF$”œÖz$zªFßœ¹1UÆWÔUì´H¼Úœ#õßXïštÜjúp[$Ú…²7Yx[¶“¦¼éxÁakÐ:bvÑI¸—’©º¸öµ"ª¨ËV@NÛ¤{ŒÞúô™péë^'ÿ¤_ððO±b7¼ÇdCÐud/ÅuxžN×éøŽµÅOÙ"Qk×sç ºwCBµáŒ5Å…WÏ¯·šÍÛ5Â“aVôÃîV¡éïkþÍ¥°'ZíZéäý¿_¿?ùðŽç sºd»zßk…—I2ëÃ";*¹·õ;éþòäèÙá1É„‡ºv¾§Â¹PÄ4Øú“/Y†F·WÝr3 º·Ôõ«›M/ËZw¤6bÛ•ÎåS¸èë%þ[¸¦,óñ*Ý¯¢²ü`rÜd³'Ð«¦õ?ê{ÂÑøóØa†Ý|O¬nïé÷·wœÝš«Òx]³¥4*œdÜ ¦ãóq·–3¦ÿãóNÊäøÐæ1}|1ÁDR( ÚÕîøâü*Þ¢(—üëIïLcËŠó»u'Šä2f—¦ê®Òf×ñBJ\Úß¼Ç»ihVÿ¼Øt³ÊQ'‚ÀÝ$òn¤ûÀ‹XÓð¢Ü<áÂ½Â3¥G<`n9Am•×X¡Ý7Þ\ÌxW„ëaÇ}TÉÝºS¿ÃËL~öE˜ÿA1ÿçxôuúìèù³gößðf+{ÙM6ô@Ÿ\ˆÌeh²ƒf8¢7b_È‹ÿuöä?Oþi|õendstream -endobj -1482 0 obj<>/XObject<<>>>>/Annots 277 0 R>>endobj -1483 0 obj<>stream -xÕ[K“G¾Ï¯èÃ bGtõ»OãaY&Â Æ.Ô02’z,iï¯ß/3«*³52Œw—kG€>}ª¬ÊGee=øíÄ%)þwI%y•ÌV'é$Å7ñ—ÿ o’ªhñç*ÉÛ‰ó`™LO\%e9©gà*qi1Éi1Ø¬žÔ–5lÕŽ4 ¼œ4PÃrÐ€DC×à7òK"Kn˜e2Ð†žs™£†‘Ì+ê1m'–M,T!„¦“Öÿ…*$%Ý¨¡Å¤déÒ5µx•d.%»ó¸SÒ¤l+ØÔk"€;%‹ÎÁC¥GÚ°ÉÑ<4d =ç\F]D’‚ ,+6{]µ3Ðr¡]ÛÂ:ÊýáBgH6yYQ¼É°dòÀ9Ç ù—<òU™§lö•mè¹¦Ž?$Î@Œ&mh4üK"-–±Be1ö€ÁÂf¹aEG½Mè€<'#ˆœš5$4’ƒiê)+]¦9Ï±íÒsÒGä\%m9YFÎ@²€£#ÉmÊáÁ -ˆŽ{PÎ@ß¡rÜahç2 -@%-Æp -rºa &ëÐäQV[×Z¬ç\ZÃ‚JZL¦˜ZÊòKšã>MH*Ï~†(Ç3$p®p$S²^9 ÃÇNÁ@‡ê9ä½*QÎ@4MIØÐb°yƒà5¬Á`Ëz$Øb¤%H†Ý£d±lFc Ãe Ãõ"¥NŠÈHÃmêJZ¶¨ÉB±) ožíÈP®°¾¡Gù!qÜ¬¦,ï•3 Š%Ð;K9vVà0ê&QÎ@²eh%-‹Q–í–cÞD» ˆvœ¬hJJÃ¢ÔPÎhCÏ±…•3£Éh)UR„æ™fÐœ -õ´(å„Pä”±¡uREp†È¨PÏñªœ"# Eh*•€e B=W7šv‹eŒ ¬þ•oÐ/·ý§«~#Á‚ùt?FÀá+é°>ÜÒÒÝòÒcøèm·í%~‘liaøØ›Öû>º=K>ngÝšÔÍ¼Õ`Ô;ö -4 ›mP`“'¸\úR¾ïØ|ÓÏn6‹õ{ˆÔ§i·zÛÑ·8ÆNC:šî8V•c’k[3½ÜD‹Óëb½Û 7Îv‹W9æ¢á¼"§u=¾Ä]þ«wI†Å'æ«a»#+Ð•QðHB3kÎßbkÓ†Åâz3ìú¨=Žûî)5D='AQ‡ÎGÓÌMöRáaeXV7ïº™ä6zYˆÌ[ºeE.A«½óOQ=sÛ$‚â„àW\É3‡èyÈýï›þS·\òŒÃþá~2ùÍTÄqÛXÃò?ÒðâÅù_8NË -[Ÿe¶W¬^8mnÃ—ó~ý;ÿU J^¿8Òÿ5‰êËw6š¥Õžâ×ï7Ý<$OœÄé“'æo[ÞtŽâµ±Ë‚–æäW—IKf¹xµ^Ì†yÿífÛKÕ‹C›¦=n~uEF{ô$.ô”ÀF-67cç½¾ê$™¢ö®Cäù`„Â®ñ—ÌŒª8P¢[sÞÅsÆ7bŸ¿ÑhPÃUµOZ#‡|àMpê*ÔúcÍ÷—œØUm(Hi3R·üØÝÿdÖŠ>Ö= -áÃ?³±Eoëàº³ëë~=_|–Þ)Ôµß9¡ßËß8påŒƒûÆ;MLYBÍÄT§âáCágcr%tØ¬ºµ,£¸TÑet±ÝÞˆaè] ^úÜ«k1Æý»_(à8v}ñêr 9è·ûÙ«sŠëÑ·c-¦çÏ9 -¡^ŒBl=ÃÊ\…”ãª#½¥èiìš½jéñOì¤÷ï£nµÖZàÒy¬Ä^yô²Ÿ?•3…hÑ÷ãb}#Þ±–/ûÕÛ 6–»Ó‹ò'öM8ú±»Ï®äsc\Çáq¬Ø^‘tæsÏû ;©ŽÑ“ùÞLåŠó ?ùÍ\O¦ýo7XZwð¦‹;üƒ%ÓÙ•¯áñv/#îqè•²)¼MïÂÅo&…Þúúó*z›pÆ1ìpYÆ‰ÅVXçþf/âõÇÌT(8Ó [;¹ë¿ú‘+oeíŸè¿Ç3ægÝÇåÃöŠtùÜ«ÁçQôŠ«¼·ó¨CFðºò[3;q8^žOÙ -Ø…Åýpbª“ZÃúP?÷ü]P‹¯6ukIJÉêl'èS_ci‹‡ÿþ†û–Ô…[I˜yÉlX¿[¼¿ñ—½8æJCX?Ÿ>kÙûu·¹ö¡®G–x¬°Æµ}w1ª“g$êž÷îB‡×=¡Šìø(c$ìÖu‡Äe_LQ8¬¢ïðF_ÏdyzKãëâVëç ž<ï•„Õwc>ä3¦zó`=ÈÉ‚Ý›{/½yøW2]Þ…»çä W¹ù—x€[6¶¤¾,9àãlÂk¶É¥_u@‚6Ì1WrG§9âŒê -©€¬ùÏ$~i¨yxÅBYY6¾xJ¿íäht¼® Üž8™“L[}àeÄš#Ìžð4à›¾3ä›,î¼?ö›-æÞ<$!8ù×=ùB"o4â5ìM¸…µçFwŸ ß¸,*ðnç+ç°Ñàx{y+Þ¥Z³?”oæÇ¿ßló^*Z@\ã¡@xÅ„«¹xk2ß,`+65ì3Ø|ø´^rBˆ'}šî> ›aCi³Ð¡à;è¯Ñª†4ó§nY¼ý=ÁƒjÿV‹ÞÒ9¼qåmçÓ³g?œ%/6Ã¯H–Éãav³BMÕ…Ç9å6Šõ:mé}ÕÇéþ÷Ë“žüAD8îendstream -endobj -1484 0 obj<>/XObject<<>>>>/Annots 320 0 R>>endobj -1485 0 obj<>stream -xÕ[MsG½ëWÌ-ÙƒèùþØË–,¯³>¤Êi×gš"-Æ$G;$åÊ¿ß ÀÔ*µ%ÉrR•øÍ›Fh4€î¡ÿs–%)þÍ’&OŠ:™ÏÒIŠ'úŸß~¡'I]vøï:)ºIÀ*¹:spTÕ¤vœƒë¤K'ã\'Y–MrGzsÄùiJÁÖõH°Ç`»nR9ÉEM¢Š -C n«€ä:ˆi>éÂ›<©Ã`³–Ä²fÛÔdŽ²UIóä9œ³NÚ’84ÒAš´$ç*é1Ø"³ƒÉ(7Öa°{Ø$;¼Nò¬šn¬Ç`ëŒŒÕ±bNÚMJ5‡™¸b›¤VÒc2§³ƒH¾ë0Ø6'…M²ÃP8¯)•õ˜ÌIÉeÙœª£%«#@Í‰\Vdk¤Ç¤pÿ;ÖaLšX;c=[–0ÇXQ©-6Q%¦Rà²´…—*%=†JØ²PØX‡Áò²:Öa¨”Q°+*ÕoÚŠ©8‰Y#=Æ¤ØË]âX‡É‡ùP{¶H%c†Ây‰e5–wzUQ$„.€æ9ÙéFzL -—ˆRcElYpð‹&6pAŒ’ClNÁ_ë0Øšä;ÖaòCC–ÚX‡Áv”Œ¥Ü]e ‡'k¤¯ƒ!wÇ¹;ŽkSR‡…ðzD^§hœƒÐ;Vê@Á6” -×b£hn®˜k‡Ü…RÎAE æ•ô,â!d¬Ã¤ïc+Ž5ÖaÚ/ØÊò~)Qå4ç`ÿ‘Ý‘ËÊÎ5R6 o´’ œìu#=†¶%‹c&?PÌ±Ã–”l,/LY“Öa+ Ð…‰\–Ry5ÒcLŠ -»Y õXT…Jƒm[D’ë0)\’Â*Ùc°ˆÂÊ³ƒ(Ñ¹±ƒEõ¬¸iŠ23oÿ’¹"pè;à~å„1¨‹PHIÉlŒ²(Ž´-$ X@ŽRtUÒcˆ…wà#c&ÿ6´6Æ:/ ¸a²“8žuýbJÈÆŠy—F20Û!ªœƒäA*Fz¶ ªèX‡ÁV”ë09¢Iïc:mvJæýÀe9«¤¤Ç[òÎ0Öa°Çº²vîbùe?°N(¶~ŸŸØþf’µq¥´fÝ¬–›/4‚6w¶âÓ=ÒÛGwˆáñ¾-÷r*á“§E¡×§Ý -ý‚D#)Ú&ËöG’IÃözË¼Dµ)äÈJÉ—~Oíá6ë”-Ùx3_L÷+Þ’² ëÝÐïúYÏÛ÷ÝsìUoôDnÇ Y–õÑ„üSW½ù©k9jqÅ¬þä©e¤î£ ÚCŸ#Æ¡*Kø¨Eè›S6‡™”Ë«ùp¿œIA.BI>Æ$ì#=§ÑXºúÒìægUE“ú6Ç<˜cÇÿîjÞ½®øGÿíÐú]OOFá;ë×wÈÍô©§Ôú|uñëÛzŠ-ÞfÏjp@|ŒëišýÍ{×lÐ]¿¥,\Ê°É³Ù|ËÑÊ‰õC8kéÙöû!Ä«[³þ†]cx•ÅÞç~Éí\›éðË_‘z¨f ¾?÷N Î8§!‡.8îI>lvC³Ÿí–ý†”ÄÅ~LÒÑ»/üÿ¨K]êx;ŠèZìDí^XZçBÕ-u¿“~àbJ%¹mÙ³›Ä×ç‘báA”†j»Ø3¡§Õ…[CO©ÑÖæPbW"Ý'±S:lÿØÌ8Tá{í´Ãi7!µv—‹ÝÏ¿ÇVìé|†›f~žçG}x`x»_®n¢{Ð^h£|Ê?o—›é°”Î7Ûzˆy:Åÿ¬¤h`F7.ãÀ•ÞqgÅi7š‰ÓCL±Éé%ÿ¶ÜÝò*âS–Æú¶ø½¤nÜùêâ¾[óÙ®þ tèŠË™l÷wwý{•ôIÊ>öËÊâ›ùáÇÕn:ìb›‹\Ž>EŠò©•Ý®?Ëa«/ž -ÛM|‘ªÃs'b 8Ÿ³áô[”ñ‚c-øƒÆŸ<é-7óÝÍd†ã¯!nW›,Áf¶Ô¡iÇ ûb…SÜfJ±øWR—ºnmƒq¼µEG²Š‡ä%G!~'RÇüw¢·æºÛ¸u3¯¥¨Ñúù\‚ÛF²Äµat_W<Ú†5¼ò® ûmN[.„=>¨Z‹õvÿ…s8}xˆw2>À^øÏøŒØ¬>ÅùÕÇY–ÓRvÔh¼ì|Ø?Á”óÆŸ„ðUw¬þ/óÍ|˜ÆZ…²-éh¹YpŸŒ»2üÎæEsÊƒ&©EÝxG¢Áõnþy/ ¾$¬æ÷ó•>%ã"ò%åÿaÔAå@ Q†‘¥ªešC?ˆYèqŸ/7H´›.óýÿ ÁÙïÈãN™¬¡})àÖ¯«p)óÝŠ6U;ìÓÊ÷Ç' -w‹¯É ’¼~~dÐñg“ñ^{]+ô€AÇß9NÄ£_—A|7|¼BÇŸ4NÄ£ƒ¤cðßhNÄ7Ä?„Ar*|Ô ¾#{]±CNšG â«¡Â Ž»‚G â+Ÿ×e\¬¥müêŽò9Ý“ÄƒíÉM”ñMG–OªWQ[ññ›ËP“ÔU|µúsöp«ðêìiÛ‘=Ü«Ýr%?˜Àa¡‹žn§÷ñŒç?]áëÎ?Úþü¿Ëuñò=QX¬7ïÛð‹ ¸½-ð·ÑpYÖÒïø+bòqèÇtò®Ÿí×ø® -Ã%þæY…÷Ï›´£×ï—K²éï×gÿ<û/_Øíendstream -endobj -1486 0 obj<>/XObject<<>>>>>>endobj -1487 0 obj<>stream +1482 0 obj<>/XObject<<>>>>/Annots 59 0 R>>endobj +1483 0 obj<>stream +xÍ[ÛrG}÷WLåe“ª=÷ËÓ–lÙYU%vbqK/y¡(ÊbLr´¼Äößçè0$²ÉVRåâ™3Ý Ñh4zôÿ'Y’âÿ,iò¤¨“éòI:JñDÿyó#=Iê²Ã¿Ë¤èFM‹äâ‰ƒË¤©œƒË$«²QåÖÔiQZtÚT£,êÔA4LóQçH&íF%Ú•)Q¨QU[°œþæ¡Q)å5¢¤Á¨µ‘ÜcUjVu¬b ƒé(£dIÅ€(%B4Kç ô.©Kmçà2ik˜Æ8!fÖÁ˜FzfÚÇ`k²§c^&yZ +Ç4MUFÖ„*9Ê€U1¸LºŽÚ)˜k»1¤’“@ìëX‡Áv9¦ÚXÓD~#10—Á- º’£[ÌDR¶*ñrÙ¥<ÓM‹ÞP·¢aV ¡‘S·4ÛŽulSÀ€Žu,F÷=‹HMÃž.200‘—e9<ºT’MTÖ%»&›H€š(rMFÂò‹Ü©AH“fØHÁb.kÏ:k +ÔŽ==ÏBïˆÉy&´Ç`óšld¬Ã`yq+†@àQç-˜!'†PÎAˆ›ç0¤5ô˜T-iJµ©Ç`ë”fÆX‡Ár¨r¬ÃP&£Øb¬(Seƒã—L™À‰ôÊ9¨Ê(” -³²¦™0Öa´Øóu˜”a1ÖaR†çMYiÞòÁ¸ƒí†={Œý_Óž=[U´®u¬¬*c¦Í…bŸkË0/e3 ØW2° \Cáß8Õ).ç LŽï”&'b°Ø€}SÅüX&¯¢Œ,‡m†ã^çÑ0mi+é1‰D‘ßXŽIE×B’Ðí6rYFïI;RW$çåíQµs0ì–ÆñnÛÁ£êÐ µs‚BŒÇ#é1X¤8>³ƒíJ¸Ÿkë0Ü/¥uh¬Ç`ó:9Öa°-[A¥òv@öS¹¶ƒi¹YÏ¼þ‹ª5÷@úpå0è–ß$R–»‚¼ÉÀùì«œƒä¤ô,2ì«M=ÛÒþäX‡É¾l}më1Ø¬´õlÙ¤ò,4ÀÜXÏƒíÈ"ŽuÖGÏ˜umë1ypFsc¬Ãð}L€²ƒÅn0è™ÂJQÐ&âº›žÀ5”ç Â +Û_¤vÂüp`ˆ£¤Ç`KVÅX‡Áb)øA=&óSÆ`=‹§!7Õý¶``ªNdWÎÁ¨Šr¢JhDWÒcUÅXQ%¶E„ë0TI2’²ƒEÜÃœ)+Š"UÖ½¸``ŠN4SÎÁ¨¨r¢hh—ÁíaY%yÀ©0Dh[ F®n±\Œs):-Rã„í?}§ƒÅøkê1X„šA[‡Á"/Í|[‡ÁB'/°Ç°;ÜÒ·õ˜Ü¯Â*4…<‹˜ä¥ò+˜ÖÖc°Hm¼Tb~lä´›rÍ˜ù‡= c*ç ‘Vš‘ƒEjX8–6Ìb„37¬À€Fä 3r¼Cç /1kÚÇËI:Bé1X,ŽÁ¤r¬/À8:eÕáM–•"G3Çe` ‡œí”sÒpb¤Ç`«†,§M=ÛQQÂXÎ`râ41@qž92H‰ý‡þ%ÒctßÃ Æ:;þ€už™Ó´Z[‰ÓŒTIŽa".ˆÀÈ‰YÁX‡1hF!Ì:ö˜/CmËŸµîØ/€FeÿG4ã„r +FzL6¢ÅX'bu1:.·l{2pˆZGÎA„8Š5ÆIŸXYê}´Ìj×gàÐIÎKP8i‡$Q×;eâ"Kà´Q;3Ža!'oö¦ŒÎ¤@(ÔJ(É.årR•†¬aàBC%¥!6/²š4d` —a}4ÈèM"=†<Ù0€±ƒí(5–ÅöAVå1ù·˜g¾‚6±©ƒ¢ê8˜#@Í·ÃàÂO‘,ÖÖÎAZV)tÓñ‡czé8ƒäût^³v± 89Yquü[ÍQ‘(å ”ÃŽœ:Î )N[€µ3HÊe˜>åX´ÕcÿVA“q QÊA†ä…\ê‚ÝÁ 8N”3A \kíX>TWàß*H`ä4¨”ƒ‹ …NrÄ Ãt£J9‚ª¯óo,0™Nè5îÐ iÍ•)å‚Cã¶rI +,Ê9Û½kÇBærLãÅÁ¿UÈÀÐù û½ÆBŒBÇBÆvplgÚÎ )À¡r£%µ6ô™#–b?ŠížŸ<}‰D%MÆ7ÈæQ·oÊd|Í·x<ý~<¹ZÌ’þ&yÞ¯¶³ÕvóÃøw´ªGR«“Ðì$§fß_œþüì”Þ@’Ðätá€‡É/ëþ÷ÙtËÏQ*»ðü¬Ÿî–ès²÷+b)o)„}›ÿ2QÛUPéy-¬ž=ýæ‚ãÙdIíxÛ¶ü¦òZ-hd–æÉ $åù:½Úl×“058PTLøCuøINÖ>)X`Õå|Ä.4Jóè_?ÎV³õdAqQRaj’ùj³,êvXÈEÑ<2ÕkÖwb6[ç«íº¿ÞMãr©ÚG&óþt5¬ÄÔIz~;¹ÛÎÖôœ78"2ž<,:ÿíßÓ+(rF—L¶==ÁáµËBˆHÎe¹3dµi|>Y]sëtT¶yèq<ÛpB¥Õ:Ðp÷øª+·%ùž¾´0SãªÒÅT[Ä 5¢˜äõÕv2_ÍWo©)Êõj˜ -JQßÆW³™,¯&l”ƒ£)÷'îÁ0+ŽM£´˜Š"Ù¾®Øknæowë ?.{*]Ô^~ÝbLÞÏèXTÂÎpQÏ`µ¼¿¸žoƒNH®p²s»½ÑŒ FU$<Û,¯FSØ§‰qÜX’›ù"¾Vù1ïç•0ø~@÷Dš?™A¯êÅåé˜DG)äQm* u‚D#,·bßÇë<%~U-æ>\Ô1Z¾ÛÉzÆÉÝÎqKšü1™/(¥âiE7æ’!ÏÐuý±ßqœD¬Ílý‡„O\?¤Uà~æÖõ"VÂÁÊOsù96‚Ë®ëÅ•‹snv©äý|{KjC¡"Ùn·š8xqº˜#UäÇõ(F'òýKP¡aè0Õ?4ÆÍº—œ±¡8Ö<ÇeÜ·ëƒ³×ÿf•©f-ûÀåÍå[~†RÑ/ç«îƒ>.cÁãWcyìw[<Îß¾ýúâiÎOqB°ìv¶Â¶,*1ytX7¸¸‰“ü³ –,pØ¬¼zß—·“8ÍUG;ç8ˆ^ªÆ·p2YaêPgýê_±}3‚Ë~ýî?¤ÊÌUèó/D½g*Kiè*f÷Ä{1¬Ës.¦ýG,ps„ó3Ö›|Quù™#è„2à¾J‡{ÁOýô]ÜöMš- +ø“,]@Â5ãÙèS©jÈVâÊûu7Ÿ¾c×BµHÓÍçë~Ã36˜Å‹ÝÕjÆÎ‰ÅÛèþñlÝ¿ß¡ 3œ<¥~Q…Qç>Þ-y÷Ûu¿»ã×‹$Ÿìùín~-^ŸÌ¿ð‘ñùË¥¯<Û‡Ç˜û ¡‰aël¾™î6›pÐÇ*+‰J'X[š×Ä¬Æ)aÇ‹ÙW~òŠQ ÜÍnÅ'5vƒÒ3Ç2öÛpâÁ—Úƒy,º]Ïî=g&ˆdö&Î³!§@èÖ¬>96z˜®ãë¨q·eÜ~>©Ê.z'ÖFÕ†%œ\èI_ØµûQ)+8è•ødÍÅ{lýûñþIgqåTEoé%ÜûÃÞ±Dá»7³e¿•\ +«¯ŠYÖéjÕÃú³ïxA Ë*cºq7YO–³pÅµ .Zd_=ãþñ³`ƒœ¿ÓpŽuI=€ xé³iPgÅ×Q!}¸ø¸š²Y˜òâSfi"óM°×AV²WäøŠp0ò©Ï4Éåù«ê~ß!íÙó[À gÓøxrêœIMÃû^½³:¸XÐ9Û…‚‹©x`O–ýZâ·q{;YqkEú•¬/’ùíûì·èM*ojFu·î·ý´_êŒ vx8ù™N5=Ä"©¼Æ>FqébE–ådŠLMÎB%ÂMö7f)«¨Û“±xè6Í~4y…åMïÒñ(&¥É›Ù¦_ì´l†ºÊÕ¡¬²¾ç)ÜÄ}öë{Œ(è³”ã?' á4f#X5rhDF©‡Îùê¦_/ÜÙŽº&6¸ž`ë˜ˆƒavÊâìË× ]>Aß±ûy.ËaµÐo ÷'ÝD:Á·nëÃ rßYÏ—wýz;‘c-jz–U¼Â¶ÆKi°ŸŸ^õ;IÙ>âÁ³)*e[I +pË+}Ÿ”î>‰ )Ý1î©zx²9½þªNÞŠb(º×môÂ#ûýÅÏÏxãú\³ê«éúã]\Çøp¯‹ëø>uÚï+E¯z|h>Ï:_¦äª_ÌD©×¬q:nó˜`ÝM6›÷ýúZb*Röêåø†c0…‰Ú8T)}¢†*%KÉÂãû£RËó~¹ù'Î4tÈîºoÜÅqæðÝ÷@µƒüë—jëÁÝìøµ}àÕæKë*ï—tžI=ŸµT;È£Æg²Ž¬Äð%£|wƒ&!Ã˜.ýtvúMUTS¸W#M(LÊ±:ÏÁÆÑåë¯ž ˜õ¸‚“ë‘8÷8ÅÏ¥Ò¶/¾„²ÁõÄîŽ¶^ ºˆO–©“á@©Áì‚Ëî‡ñ%Wõu/^s¾ÂÇ|º•²bÓÛÙ’ëÈô4µ?V x3“+ðÍíü°rt¤öpìþæås›øC„˜QçEÊùœ—ê®ßÌ?œN§8•sDÅþi®3tÀÏCÁ$ôÝÿ~Ìèÿ«ÛDaÊ)Go*¢càd¡ÞòyÒþ½·â´¤øÄ–I¯c°m<}å]Ì!ŽMüT+g¦ +Hœ8l×HÎèƒšR|k›µeó‚:ÉZwÍDÑFu^½AŽëO¦ÇÔãbïløæ¨zÈ2Ï`~£R(qîoíÁ´EŸÂ-©›ÍÝl:Ÿ,d‚‹x»]Ï¯vád0()â€G¶ç½¸³vzÏç»¼ä)Ì‘‡6Œî@Õ&Ë»pï‰/ï´¸ñÓÙùKê%d»ü~/]æáú_¤jÕã˜š—f^oêßVÜ{ÀÎ¹ ñô%¾zŠá/8ÊßYòŸÄOÅâ§oÉÁ§n*`%9H“vôeÙœ$}1~òë“?Vªendstream +endobj +1484 0 obj<>/XObject<<>>>>/Annots 102 0 R>>endobj +1485 0 obj<>stream +xÕ[ÛrG}÷WLíSöAôÜ‡³/[¾ÄYoE^'RÊûJS”Í„ä8•Ä¿ç »I¹,[–½I•¥ÃÃ¾ ÑèÖïŠ,ÇÿEÖ•YÕfóõƒ|’ãýççøIÖÖ=þ]gU?)"Xeg\gM>â\g]=™ºv®³¢ªF¤Ç`»é¨ÛªåtªM0d9i"àt\g}1©²lŽulßAÇ:¼ÎJL¦q¬Ç`êÁÚz¶ï'½cƒ8ÓJlH´Ý0q"W5UÒcª—=8ÖaŠCm;ÖaL©˜B™Æz¶ª±FŽu˜ÂNG³lÚÞl0Š#6˜¸®Ÿt™qô¤¦®Ä +šglæ ¼¬£öä‹ä\gXA¬·rBy_1RÆ+:Ñz#+"€}’ªû\¼A¼8Ž>ž8ñbãÄpâ)Fz¶* ¨cÛÒàë0XX~šƒL‰N_whN49×Ù4g¯òEr¢StïHÁÖ2]m*k\·µx`C€ 9(±ËÂÉ9ˆN«1é1Ø¶DïÖ4Ùa½Új6däÂÊ9È!§œ’âz5LˆñR\/vê -Õ#ß$é1çZY‡ÁÂÕ0[m+Ö“fØÖ%€Ý:·ŒZ¹`]±Ý´¡r”s±âç gZŒH9Ó†êÑnEçUÏØ·“Tç‰CdÏ!¿(ª3ˆéÔèÓ81 v™Ú‘s²T•5õì”æg¬¬eMp+–Å@&Ä--qE^ÂŒôÝÂ*Ï:Ì)1î[Û0hG¥¦AØ ‘+ò– •ô˜ƒÖœ’±ƒE$Çô• ƒ"ìên] °A#W9U¤¤ÇtJõë0e@16Z7b¶A½lÐÈ×¨”ôÝÖbÆ:6¬©²aÐŠ‘ ©W€ ¹"¯¨^%=¦¤ÜOë0%e2VŒ›—T²À1Œþiœøg€µôOãŒþiœøgjW%Oô˜rÐ?ë0ØZ¬ÜÚ:it`¬ÃØÄKÊk¬Ç`±ÿŒX‡¡#$~Î5Ê>$“²9@:ˆ)Izf¤Ç§ƒ Ý"i`Üý°n#Ç+ÏJ%CÃ6¤‹¡¡k¹ØPI1¨ó1Öa° ÓÇ:V¶lÇ:õÂ +×6L¸ a˜°›päúŠí”sCJ’f¤Ç`Z+×ÔcL(¯[¬Ç´Z’c‹xR{Öa°0‹Q[‡aIðâÎµõ˜vÆìÎÆõ,ÆÁª«2$t”pXÌP‰¾WÌô˜ëJ—s¬ÃTc7f¦§´ ™‡õ,hÄ:ækÓ¶Aœ²µ˜_ +0q"Çý+é1&ŒHau,bth¬Ãœ0÷wc=+ŸcæÊò`l§Ù~X&Nä +ü„–”ô–ÍÙ±ƒEZµ³¶ƒÅ~ +auìT¢±CXø>”¬lðØœ»mŠM(NpàÈÉ¡µTÎAYçÔ‘’a°rÆB˜„9]ÆEceB”ÉÌ Pâ`f…›‡ÌÍ :E¨é1X˜‰oê1X‰i6¨Ç`±Y¶¾g‡Áb%<„‘$( #À„‰œäú!["ç §ÛqºÚÐcN—Û•cE6žu˜ÆÃDØ6ª¦gpJbê‰+pP-%·¢|ÑmNû´¦ƒÅ}[Ábß–) 7š§ä0pFB¹Ì}s0¦4ÆIJ“ú,Jî`Fzõ!ŒX‡1W*×Öc°åtÌCî(KÙ2‚Ø¸3èŒYÁBƒS×6XYé˜…³²È…4ÅHiIÆ†n%ÓIÆ+Àº\È6Bg²0SÊA +ÇlÕ8ƒàPNgâEë8ƒœv¡}:HÁéXÆ'•%ãÂq:«¬Þ†³¶ˆ*¿«à‘ ö¡”ƒ¬>3Î —jk:¡;© +³Ê¤R¸‡('ÖŒH·ù]22²¨åñ[2}Eèçýå 8œ#P½SÎ 8l6(A*g*E¾Aè_‚¨¶sÎG¨$¦>'ù±qÁA<7ÁÁhÜ\äzKu2'ªD]ù©ø·ü®ªŒ*+-*2ø–¨RŽ‘9f¡Œ!0-¾nŒ"ª8”bwRÅô{mæ 8ø ëM©AªŸîfœAprÎQ.d}®n`¶>1xAh$¾”ƒà°Yàd’š9ç$tÊ‡© rÁ!j"ÅTÎ Ö’â¼’8ÁÁ<Ü\Ÿ?xøýäÙù¥¤ž9n_º:;¿#|<ÿî|özµÈ†ËìÉ°Ù-6»«¿ŸÿŠVÈ- +¶:aÆŠf'%›}÷äíìÝn±åw¸Kƒ@'ßeÕ„¡I€¿\…ï îtU?\n.‡íz¶[~.Ýw©ÁÅl7{=»Z„Á±†ÁYˆ(08b|Éq ±0+Wa¨Ó÷g?ý(óa:/ŸM¾ÿÊ–S;©º±…HAí$1žlÐÌæ ¿Ž¤»ê(ßî(FVôeüÌk‹— X›û<ŠÆM|o…ÊCé†ÍåòÍõ6 +Ø ðñõ×* +0-ÆkLÙ¯Í/WqÞ%\¡Læün5[ÂcþÚÉ’*Qönvuõç°½OB@oº6®Û Žƒ€×Uüh±™oßÃ¥.¤,r™˜ÔMìww³ÈeÇáÏð©½…«î‡Å.Y%{ÉZ7Ãæd>¬®×öO®›d¯´M~ÈÌT¿ÜkùY÷-Q`%öŽæmýeÌ:)aÑ–©È7K2þ÷TÂŠ3„o'¬„™A\¬F}œK*™¢åóçA&Tšói´·ó÷ï‚~!è´KvyÉÅÙårsµ›VQªcüù6ôPN9éV`—&ôf·.®ç¶ÍÜÛ|!¡Ë^¤h¦&ÁM{lðNÝc_k¬ÐõVV×@Uòìç+z¶ØþwnÔ¯ò´—Ð $R¡NUâIÉým$UÁ9>|¦»=S ‘+ö}òl7ÛH¤ÄÁnª6ýh5l‚Q÷nãtò¢ˆßŸdÇl%H+æ:’1l–.î<ÖØX¨7mÏ?]¬_‡åCzÉŸMJnN_&`gï³$\:cÊ×p…¸¿„7ˆÇìs;¬VQDœð¾úŠMªR|·Rû2æo+–¥¼êx´e$ˆ÷hžA0·qÀÌFAô¦ÔÄ %L6;›_ËfÜ ¨ÓÆ9“p‚[ÃFs%ñÛõSÛò*¥þfÁ8Ø´w”äì™çqXU@jßzõ`ƒ¢“ú`ŒI(XÚ~övÂ2V·ëÓF{µ˜# Þ½ïFW¤ÕâÅŠŸ"ïéî?7š8a Î›:phêGuð£ +àå=ËÛW_'ëOâµ…&ÊvxP9¾l!ÃÍ}nžÉ¢U´ÑÖIáÏ1ÎÓPÌL‡’e¸:KÒ¸÷ñ³ª%þòŽ?©P¸Ã“Ê ø#¤Ã^“’ªû*ŒQ5Q¶CAÖ;²GOÏ$6¸zÁGÈÕNºü+¬ä«¤êá÷—ö#òÛö7—Ù†ÊÁCÔªM6ýâ\LÙˆíAñð÷ z}µÜ”¿±1*Ñz€}¹]®g[ Ñ¸ŽQ71ûbþ¥;Û8oáaû¹:¯ä€îòâÏ"]R…"Áþ¶ôr»Ø.~¿^^-w’£Xê¦óóbv¼.ÿJ6‘\+Hw‚w_‹QÚ—èñlþÛ›ípÒýæëìiÎãŸQÜå Ó…iì½ÌUõ,›ÂÅ¯ÖúÌîFÇ±ÝÕ°‰”'{7¨ +gí/}$ÆÈþºÝXÇ<Íß.Ã1 Åw¼"‰9äùöúJJh¨õ[rüh>ÇÚ‡b4®íÍ˜åZÿ–›dàØ’"²'«e*h#µÔ*i¶$`ø²È±õpšG5¿õî^…£½¼YJ:Øú:Û\Ï$Ä%L•ì=êóQYøÈÿ34Ì x·ä:§ŽOpéÝ+)ã%ÿÛ6'PÿÉ³Õû¿± .kÌúïI~œGšxù‡©¥¢qRâRißM³±›¬ö˜)K¦vpÊoÕÀooÈ¨áb+þÒGÍ¨¼Qñ‹Va}2¬×Ñ´qÄNûRör; ¼–S$|ßj—Ç|ÿûívØÊWq#¦÷QŸ³ˆ·i›Åëýñ‚Ç\Æd}õv¢>ÒSß€µ–+Ä>óù·‹Õ;Yj”Àu˜Ç,hôÜù\ÜeRëeÂ›ÅîŸÒofú[Ç«Û~Ówk9R£þŠ²©„Tt£pÑÕ—¹â¾F)5£ÃÕ!?ÃÃHSÒ·‹áÏd'v§Òÿõðô{éUdV7Íø.>¯c2Ï‡¸£Hg$ñ.¥ZZG5¤Ö‹Ðç¨»oCõúê”vq$Í^,v¸X’Œu´‡þ8¼6¢ìsw]¬÷“ù²Cv 1Ó5ÃMÅ¢¸äZç9Z,bžw-æŽôfZ¤¬À¬ãCÙ6Î…šGh,4;°„ÊgîZÌ¹òÝ§–LÉ%ï|Àî"™„«øþeïA¼qöŽK§}çþ†³÷(Á8{Ç3±}Žìß‘£-/—áÂd”Iž©gK3³åíH,ÕõÃVˆ©þ~,Ø„ qžÏó;È[RŒº)ù7+.ŽQ;‡qì_ÃŸt¤rv ¾‚jP±17îS29ò¾«…ä–(Y4 ›ª&Z>¾>“ä8iÜkI;ÙR›Qða½7:…FÆOTÔvñnµœÏB‘Œñ[_ÛsÆ«õky„# Åc–}¹\-Ä<ðø©/¾ÐÝ]#Gè‡Ïð"<¼†›¢ÊÓvxÁÇ?¬ÀûŽ³G§ñ¸ôëb¾Ëžók¼°¸Z!YÎ«*;éðt__.©ÅïÏüôà2tõôendstream +endobj +1486 0 obj<>/XObject<<>>>>/Annots 142 0 R>>endobj +1487 0 obj<>stream +xÍ[MsÇ½ëWì!ç@û½8¤R”hÙLY2c2QªR9€$Â&%ûßç½ž™î^”%J“T%|x;3Ý===Ý½«ÿ>É³!þ›gm‘•M6Y<†øEÿç§ïøKÖT#üï"+Gƒ<‚Ûìò‰ƒ‹¬ö8YW +7ÎÁE–Uo Ç`›ÖáEVäÍ t{¶èú,plS*?Öah:ì³ƒŠAçÆÖTÖøq‘µ94’ƒ‹l4¢Ê9U‡õ q¤Ç`óÅÕ¡ƒ-;•€‹z¶Î{"y¶ÛÌÓÄÃÞºâCÊ’ÜA€¹CäÂþ+ç`rå‚;Äq£–¢*ç $6ÔRIiƒao¨Ç`º°ëpÐÒ/[r¡zÔ`·àÙÅ Ž€j:U†p±ð 9)n‰ñFzœ”ñ¬_3¯8ƒ±A ®„XI &Pä‚Ê9¨)Š#ƒ5kÇŠ@‰mZì¹±A ‘.L"ÀŠ\Ç³Q+ç ÒBJz¶ª¸¤±ƒíò+g°®i¶x @r—çFzÌEÅð2‡=+Fƒ¤§Ó3r85˜U9qì[„8ãÄ‚E3hé1X˜Ö³Axº9¦'rc_ ¤‹\Ž3 çRÒc.ÙPZeÃ’yë\O€-9øÚ(«•c¤¨F\)FŠÄ¨¼G'¡Á8c¤0N"E'¡Á8¡ƒD +#=¦ÉGÊ±ƒEpo=ë0Ø¶…%ÝX‡Gj8Š±ƒ[lŠ±bÙ +¨o –M\×R^yœƒT•aÏHÁŠ³;Öa°Øjˆ«{LU;ÂX‡©*ÏŸ±ƒ-Z8ƒ±AU\Þê·•S5r-ŸqÂxRŒsfËë¤ƒ-Šm¨Ç4CEam¬Ã`G5Öa(:3(ë1XÜª~f9%¯8®JMÐ +.²F”QÎAêRqÃ•”9e3 F\Nç$UâÐhî)ÉÝWSãÄrbX#=‹Ì0wC=¦Œ°c6Öc°-¥5V|¤l™«@&4ˆD8¥FÆ9N+GzÏvŽU4vŒQ¥3Pä‚E”sP¼²FFÈI8^™ Í“ÃïŒôlSôY‡ÁvŒCn¬Ã0bVZ‡Ëz¶jû¬Ã`åê´™=† +c=‹ûÑk6¤"iÓØ¦EnÔÑÇ”sªâÒ(é1ÍÄ$Ë†zV®Ç:LCðë1Ø–©c¦™ÿë0+ž¯ +yL3•½±ƒE$…m,3‡E²;qufÄÈÁ°¦râT0G1ÎÁ``X_ÒÀ ƒE”JësIÁÂ(éYaÇæØÌƒ…0¿±ÃÀ8«~fÁ"õñlð4D#ÌH‘®¥œƒ#TUÒc°ãXRYY²@¼g#)]2q²†q¦%K¦‘9ŠÒaæX‡1¶eõåX‡i¿Nf¬¤ÀŒªgH´ ±1,Ä´C–|áIÙR‡i†EcÃ´M(†Â´8ÒADLÂšJzU6·Ž%XA€7rùf¡¤Ç\”ÍÇ:×$µ±ƒ…Ï:óâ¢96Œ‹S°`G.vÜ5%=¦HCîš±ƒE|Å¢Æ:§«Ç:qÎ ŽŽõlÅìX‡Á¢`é±#`Á¨ž ¦ã›†3Eä¢êJz¬¦06˜" ªë°šÂØ`Š86ª®¬ÇÜYV3!ÜPdi +¦Žu¦@èÄöéÌrV¤ŽÇd¨Ài„•Ä‚Ê9ˆ³Ê»ÜÆ9H•ô~è1ÀËXJ“·¥ @¥Iœ,oœƒ˜©hgá@Áâfk<ë0XÄŽÊ³Ã²˜9w¬ÇÜÊmByÌ]aˆp¬ÃtÐ¾TÓŒ~6VÜ—¢j\€ÚJ˜Or‰Vtj$·sª¢U:Òc°’ùÛ´aI¤aRë‰*lÉÈ±Ç´JCöÄBkØWÙ0-•¦_, +‘6h9jìšrrKé·Fz¬[ªC©DˆóhraÓ””€P€9`ä‚Ç)ç ´Kj˜—QŸãPÙ'H»2)3R€íÕ”¿Õª‘¡ç™R2H’à½äo™¼`vh”4y™¸ÅËµáß$— È‡vö(SÊAZ’Õ€rr¯Bq&}2…üF&µ§ð)1!î5´\8…p¹ƒŠqq–pA¹q‚“ŒYÇ‰¨bPDHù[…ŒL^ð ¥¤E(ˆãR:«qÁI"oœA*ÀQÎApð'‹(€¤Š" +Èßª@dr=¸ø˜XÒ A„CxVÎ 8Ä_Ï¤ìWØ8ƒ2/x‘§9‡6"¾rÁµ’í(gÇ FÁ½•¸gWOž¾ÀÃìê â¢Îš¶Ê®¦ò‚?O¾¹_ßÎ²Õ›ìùj¹-·›?_ýŒQ8n9GÄa'‡}óüf|·ù¯6Ì‡I¦ßdí€?aH€—ãÅõXÂ¡«ÒCÏÆ“_îïägìO>ŠŸãù’?WØ"ýLyÖ«ÛÛ°*ä-qÄvVŒòòƒ+~xjNòôYÐ´@¬ æIÎN´BÐ¢Nt›´x>YáU›ô=çTHTœi`¶½™‹iÑ}kÔ"ãÛ[ÑÄ=÷~¾½áoˆ<å°‹ÚýpvzñWþŠ+%o¢Îƒ#ÿ§rEç +®»¢ÎNø|Ðºq†q°±î¸x"j2ÙéÙ¥XÂª¾‚#Ž‹'Úg1[\?M4Û‘í3¨ó` õ ¦4Pr nS°!OÆlŽº£îïo«{9SÌ±Óön×ƒÉjù†køƒql˜?({‚\ÄëŽ*êO×ïél;yúËúºV- PrC= ÅÑ~Nê±~íí`¹»ƒÏ×³ñvÆ])Ñ÷mâ¾noä'XÍâøÛdµ¸»Ñ/®ŠQ‰ñd²º_neŽjP×1ŒM¹ý‰UÝ]ƒ¿úpw±Úlæ¸"DØ ƒ'ÏÖëÕZ1]¹ˆ†Ø_ê«üR”o×;«Ý½»šmÄêÈUÝ&=|¸5€ofëw!¢À#š"š_%|2!¦ø*î.¢×8{.âÔ‡tž/ßÊþ¡Y”êÁ{1gr;GÀ§YÕ%#í®þ5°j(W‚S±ÙUñÕj;Kžõû~ÂAw—v£¿wŽ‚ž)É8œT}Ä=úêªâ~¢>¶»v%÷ .*Ôm1*½ž/‹_ÄM“ÒsáÖÍqŒ^—”ÆghÈdÕ~îúÁßVó¥¹º%ž!cë)ûêŠs£‘c9›%‹È-,Š<(¶è§C’¡‘)³Vƒ²9z<Ö9ÉÑ*Â¡vfÙ»“_ßüF±ø••nvLF‘pwéV:˜¡^Ï¶ñC”oõÛÞÄ,ØÒÍlr¿žoe1´×ê6]Žáò¨7Õ«Bt -˜ÇÒù¬ÅýÝáC[×Nßùùyð#RµÅéôÝx9™M)8ÊËÔP•¼™¿½_·óÕ’,šÙ]}\ù“üÿº¦4pJp‡[ÎYDMï'IÜú+åÆ”õa²nDH©NÚ·ïWï¹g½+Q»J¦Ü;˜tï¹7óP õ’‡5 þ‰ÜC3oisàå»nÆádbs3^ËqGÞÖÕÇ:¹Ñ\EŽœ¯g°P÷É`9×Ac¬Þ/gëÍÍ\z}8YUýeCçÃ÷Ç.Õã'@}õBiøHõBîœ»rq:_Ï&ÛÕZr|-¨}Ý£ƒ~×ñoàFS'èÿ÷¶ùŸ\™ü®3f,Ù‹äÌHrRÎêbk:ïê¬»>>NÊà“Ÿçò·Øõúœõ6/b4TÛ…‘”*«ãoEß>I¼wï»c¨ÚÕ_®¦ó7¿¥øìóÏÃçí3X[«4±73êß^¡ŠW•‘¨ÎÖcËSqOëÖ,Á]1›-.»ñ:¤í¨mò¸ÁÙá;ÑVš<Ãa*„ãäŠèÆZžu7^3È¼éÙgY-E>0ë»Bx•ò‡Úå “·ÛõüýÌ½dg1¾»K¾ +£7ñÎè»þ' ¦ä®^+%ÉÿýŠ`¯òýn½Š/œ´áÕŽ¤a™—¥º¾ˆúþÇ×W?ri¼ÿÄW÷JÚ>AÍ½G›XÂ¡þûºî÷¥cew¯èíýÈÅéKIc| ò†¿Á´VÖOY2È&ËBVÝê;l½<ïß_MP9ñ+\{¾Å½@iõ6ÖÏHû5ßãÜ.·ó‰VVx+[³gÿC#µ¡+˜J¼õg©¶ÜozvŸúCùp2Þ¿<2[÷’~îßAÓ“‘¿¾ñf©¯ÜÙÎ^IÝütßÈŸ¬§OÓÑ_Nr¾’ëoÓNn™Œïˆý>.*-zÃëb¤–ª÷^—•ƒ²{\ÑõUƒž.\ñƒ¦*©ó`¥»÷~âb=ÇÙÍz~Ú ÙåýÝÝj-æü£Þ’™ušÝîEŽÑËÏR¶©§q¯õÐ5‹ +mNÚÖåË)»Tù÷]RÞö>¦´7;~¡¿¢øz½£Fös~yƒ™¼Ìw +þ}GÿûÓxnñ9—ºßò¦‰úð_šì8ÂÜ^s‰&uÔ‡Ý½èÏÖs¼Ä“„ N´úýHºúp1iããÛ_OÓ$þ=§œÉ4>O=âOÐæcmcÝ6ò½îa˜¾Îqö$T¶×\¸¯ß†6.sµÀò>}0fb©Mµ•|m€¸j/BÅ%’úå¸/=ÛX+ðºø;ƒFÑÒát:M;æÞl¾Š=¼îÒüg-7‹õÞÛª,|«U¥6ú4µN/^ó¡·Ô ?¾oõ! Vyú_YÆ²Ðåå->æ‚§òS¥ËÓ—ÏN³‹õêg´!²³ÕäžMmÍ±J|kVÓ«ÚáˆÏçsŠøíÕ“¿?ùK¡“lendstream +endobj +1488 0 obj<>/XObject<<>>>>/Annots 187 0 R>>endobj +1489 0 obj<>stream +xÍ[ÛrG}÷WÌc¶jÅÌ•3ó´¥Hë¬·b¯V’ËûJQ”Ä„ä(¼È•¿ß Àpè‹IÎnUJ‡gº@£Ñfüû«,Iñÿ,©ó¤'Óå«t”âýÏùÏôK2.[üw™í(`‘\¼rp™TÕhì8—I[*Ç9¸L²¢ÕŽ¬JZ°¨F lÊQ-è fãQëHiZ–‡ç¡¡ƒ7£Âul[.:¶“HyŽ¡g£€æup™Ô5IÄç ‰Û'=[ñ’:T¬¶£RÀÀ¬¸,Ka©±’cÚ<%‰Œuì˜¬l,/ZµcØ<˜^€.¹,/1‘“.5,åX‡Á6äKŽux™äEo0VDj +‰"10‘—¥%|³RÒc,Zî±ƒØÁÆÊ¢ãÖ\°b`‹.,¢¤Çd‡1¶Ï†zLv ¯2–¬Âu2´(;YähHËO2I¦*s&mà²2#yÙÀ"uÛÍÀŽÎ¶[I¡Î0Öalh–Ñ†*+¶ÅY° e`‹N¹RÒc,ZÖÛ±“HäöŽu˜Ø‡ß³†Á¶ ¬ëŠÀ)yHô@&pà²¬!‘”ôÓ‰d¬Ã`ë”5Öa°8"Ø8c&ç½™=[ŽÉ[t,«S¶)»ÇSªNä²4‡•Œô"åBºc&e[˜Â±‹²™cE$Ku%)pA%=V‘Œ‘âX¸@šØÄä"c,Ò:VDÓí6½d`".KÉôÓâ„¦:Ôc°ØFÏÊ¢UfG£d`‹Ž|iœé1¦åpd¬L[ÔæÀ%›6pAv%=&](šÙP67m'%šÕÁÇy@X¶&è8±^ÞÐ–(é1XØ]YŽžEK'0\ÑHŽž‘Ë2Ú#e`S±ÑåI60p e…rr~ƒJ9ä7’”ˆé1XdVg·,=ë0ü¦7VT©3ÞhQ…©8‰6)”sK¦ ÙGIÁ%â”cË‘ßX’è•V00'ÆTÎALŠð(é1Ø’Å5Öaˆ‚Ÿë0ì—Ò®Ë¥(+viH\I$ŠÇFzé¦åyh¨Ç`º!ë1Çe`6 +\Û’ÿ)ç DÑØHI r Ç:v\@:±Ç`Û¬?³Ãä”‚ÛXÁÂ9z¬Ã`±g0¢®+†€e)120C.Ã¶ÁJz,ÊÂÆBÙˆÁ"äBYc&uè–7ÖcR'×™H(Áò=ccEˆJiƒ¨ÃÀÔ \–³*é1Fu‘Œu,B=ìd¬Ã`‘É òë0)KY±ÏóZ +àH^C<7Žãy‡º)“Ð8IŠØ6Ðc°8¥g&Y)°ÛXic¨bq¬Ã`qoÕžu,îœÊ³ã^Ã¹òRy¶"g²uyËs„=ÊtË#‡k +¶æÙ¼Tä(ÕóØ¸ÀÉÝe¤,ˆÝQËØÀÀ!za&z8ayÜO#=‹\9s,ÇÈ.K!ƒ¢€0-¶!p$+ŒÃˆHÉHcE?Ê&ø´ÐÙ+YZ±dNâ(ç iBCŒô,<;CE“ÔU?9Ó$pä¨˜VIÅ@=‹˜—îKë1Ø2%mtf)ƒjm$@EŠœˆ`¤Ç$*Ç:ŒE‘±–Žõ˜Dê³"×Ça¿¥X6‘—Á°E¨¤e¿ C$n ÙPÁbýXY º:eëãè»94Ž_´¯”ôÓâŽÌ<ë°vÐ±²(«5e`šŽÒâ†PñO±(<ÓêPÁ"7€¦Æ:AoìY‡!0z7~]wªÖ(”åÎJ“°a¤Ç$RIÞ¢Cù(f¹T!|öÄ@tž ?);Ng)Ž”tÝ±œÎ+‹«VÒ±¢6Ÿ?pÒÃ“³DÔüh)¼…qü·Œd‰JñjÈÃ´Þä¿uP`¨w–&J9HF#ï6Î í"5 +•c{"1ÖKÿfÙ¹“(L†J-RDñ ,½øoÚôè1¢~º|õãë<¹¼„H 0c]&—×ÜÑÅÏÓ.'W‹YÒÝ$'Ýj;[m7»ü£à: +ÃŽröÃÉÝä~;[Ó3ØH´Ð,ÆÏpÑý†ì/þr¶ž¯¶óÕ-ýŒ6S3‡G/v÷÷Ýz+Ë`ËeêAÕ–£„3bBÄ,ž”Ò„8ëÅdy5áÕaÒ6SNV×¼:êŠ¢¿ñúARÿìÖfÑ±,›0ÃèEþW$%,Šü£ê©Z°¢yÔçònÆúàJ¬¢æo–÷dQ·Dš·AÑË®[lflÏ-ã,ØùE4Ú_¤.YCnçû,FÙ`+?ÜMXh„ÇªŽÎ1gýàÅiSý¢âÿ ©Ñ¥-ŠÀì/þÜ8(GþØW/¨w²žMÔÿq9}Ñ1O×ó‡à¯DÑ g“éo“Û™l;jÂ,ø÷s)•Dñ2PR¼ÔÇG9êf¶ +æ¨\c(ÇsüuC¿£¯›h¦Áåt>¹]u9iè#q™?g]q©ÐýÞ×bBÞ¬¶ëîz7ÕÝ@¥õ½µ +à]Î¾üÃq:»ÚÝÞ†Km ëõöJ5>Þ¯;\×K ˆCáx¼7¢ó®PÅ´¡ï`d±äHf +½Ø®;š÷~tÄä ý€¤9+Âp7y˜qø§ƒU½äW×¢82˜ýíŒ‹Ù6F|ÜÄ-2&IŽv÷û²1¦þÞv·ñ²;”ÉðÃ4ªÙ*îx"ÑTÌ‰ø¯ýhƒ¶Ÿž¡Hìü¿»+Vy¬tµý{?ÏéûJWƒ]ïvÛû]ŸÑç¦úéº!A2Ü²þ~G5ñ'TÝl×“Õ-gt¨©ª¬ &p +·£öeSÑQÔyô5šžO>òöá¥¢žÈ³n³½˜®ç÷¼a¨^UþD:'äèj‰ð§÷æ+'¨[ÙBœÀA¨jº_?LVÓK-Š2žÙ3W¾ \•éKFS5j3pÈv Êùl²ìÓµ¿a ¦Õ¶ÄËý%ÊôjKTyˆ«Ü!ù\u)‘ÆU—'ïÏ.HY´{¨l”˜â÷ìS%'ªÖ´ +'ðå4ç•š”$þñµÖ¼Y‘»Ã‡·¼§š¨ ²›ïÚ˜½D•£ºîÉ/ ŽÊ¯{„ú}÷èˆl€÷¸UþéÄD:¹¼[w»Û;ú°åJo»k®9Ü» )ƒ‰úíéÅO +ðª¿‡ª£ƒFy=_„¦ +ÃZù¢Ù2_É `s„gPèsS69wDßW÷ŠŠƒjñyl£Ô¹¢Þ±q(õ9=Ì§Rü"·ñ¤NÞ§áš KÝ«Cðöç@+ãõn½½Ù:Ž±–ú|†ôQØÎn¶³{¶>ïÓLéi$ÿªYT½¢w€%Ìêþe¾œÇ„ñÔ1”¥mE<Î´·Ú-¯‚ |vßÝð“øÔIO÷}ìgàÀZæ»CB+&Á9Òâ`:Yñx$”š7±UÙ2¤ÏSµ«ÐaïHÒ@5Ð§³¤GK`'bþ’BêŸ§±È¹YwKÖ +¦ôö"¨?Ö >ÌW×ÝG6U‰O#ë'6@[ÒŠGôn°—?á¨ö£ÛñnÛÎ³X}£WÝšÜ÷ý`ŒØÜ£}ÉjûÈw3_È©G£+ÈýþUžýÍµÜxpÉ ¿™ûšäDœÂ%'ïWó›¹ä”½SÿKwÛ…xŽ`þäj¶ý8›±ŸÓ)Ó€è7m½Bß]ŸÐÈ‘„Ø‰÷ÚÒNÞ¿{ó?z--ë"ï6!áì5Y½Xé +^EOÃ¥ +zìµ\&»Ô¦À‹œ^àÄØsŸ+ª‹¦|Íãüurñ Ñè/ýþR_‹¿pŽ4èåhˆÌ}ù¶j¼;p¯;¦×ÝÃü:ÜÆø,$ö7¾ùÈ}ãÀ Ø OÊ {„—“õmx;âÚêï7¢Ý¿ÏÜQÿ²–mH6ÒÁ™ÙË²þÕI%îoˆOlÖ‡nýßtü¿K¯=èÊñ[<ë5 ¦>°[oçÓu·én8, 9m7áùlÙm¥‰â2ÁälÝ¡|ß™éUð'èÓKB¯ãÓG‡´/o›>UÄçžý`Aï0CÆ]*§èÓ£ý Â+µå{:_Ï¦Ûný‡g|@—Æ×„x¡¢é1þ…E¼|U°§û£ ]•^¶pØý}7Y²xÉc9[•á“þ‹óí”K:ôŠêò%ª·žQ¢^”ŠîïÝ°Á{¶@»žÞ—óVØ«“¹ÐÞýÌ§úbÉù.*Ô]HhP¹>ï«¯¨Ñgökù]>u–5¿>TˆýŒÒ[ºÕ>›xsJ†À«zKØ‹Î¬€wQÏé•a+³T²uú¸·—³’ƒ;·ç³Ín!y‡‹ÉÉdzk5d1ï¹Ë‹U‡¾qì;å^öæ3o#í">ñ¸™ßîÖæ¥ø¼õ%/U^zì«6¼»ÙÕw¿Ø{½‡Úå@¨?Ÿý¾Cð^Æ¯jÆ|¿?2µ~B—ËÒŒÎëjvÇ¾UïÝ÷l+üS/l•\^—tB$ÀçNi,öþ#ïmðýpY¾è5bœ¨Îì¾WíìÜÑ`ïg%ÜÛû'4ó7N…VïN-=qý +×L?gÇ)ž.PÈ ¾@øÆ…ŸpXÐáÇ×ø,‘¿ëÂ§NMW[ôÖïâøíOÇ”²ýŠŒ&9í¦;: +|YÓRX¨ÑÕÁãó2È?/_ý÷Õÿ¬¢—endstream +endobj +1490 0 obj<>/XObject<<>>>>/Annots 232 0 R>>endobj +1491 0 obj<>stream +xÅ[]sSG}çWÜÇìƒæ~IzÚ +°l¨!‹"¯²-À‰e±’áßï9Ý3Ý}%lLR•ptîÌt÷ôôtÏÿ{”ªþMÕ¸®š¾:Y<íð‹ýçõ¿ùKÕ·SüwQ5Óý”Áyuø(ÀEÕuû}à\T“ñ ]€‹*ui¿ #ÛÝFv2²/ª:ÃFÒÃ¸MOE›nE»‰*à¢š6ìU>$ jFìÔÈ®e?u )a…v¿Î€ DÃºÝŸ2b°mCI?l1ØéhØ6`êI•¼mÄ`ûñ~Ù€1ß£vÐVÕM÷[SG€«“¹,¾‘›:Îªz¥ŠïlÀ¦Ž±YÜ¶ÆLÁþÎŒ¶09¦ÎÙ€¡l’)06b°êìÆŠ)ºi)Í3«ÀLQ8UÝÉˆ‹)+¦°¶¢z`†:¦«œ,$l#0Øñ’‡¶Ó=æÝYÆ€®ŸÊÒ;( ®æàœÄ€Ò¢§Ü Û+@¶>²»®—e#‹Oˆ†£Ä^åK’ƒm&Vç6÷í°¥¬F…hX‹uŒŒlKÁ¼iÄ°lJ´–µÕAÜQø ™Ëƒ1í8Î¬®€ 3VMcHR¼S€š¹”¸˜;##VBgaÐ‚ÁŽÅÃœ "á[ˆd¬Š4jÄ‰ÔÚ\¤Ìe½ŒØìà¬Ú¡´‹€ÎL+u”±"RO´è¬ÀD*œŠàdÄ‰þØ€9hƒälÄ`k:†³*Òxì.Ú +p‘2—E02bNM¢HÎ¬"¥Àê =·§ì-4s©N”ÖÈˆ1(–æ€ ìtL‘¼mÀ q¤ lÄ`Ñ¶¶#ZÕÍ`ÜˆÁNêA[UI‡-V€+›¹lQ##¶IwV'½´Å(“Ê;ÖA›±;+ÀÍ\ÄÈˆuZG•7e\noÏ$+`¯æ¸ìœÄåÒ.¡}—{aÃˆ1"B +‘1„ ˜òŒ‡m¦o‹ç[ÛˆÁ¶cÎš³ƒÅ¬5•¡™ÒÁrv¦€2ÉŽP8ä–#Ø‚’Êp]91Ø–+°ƒÅ3h0 Á¼#´ Ê4õ çˆÁö\TÞV|¥™tî +D®QãDUùÐUÍíR=Ájó†Ú)¢³[‰¾ï´pÒ©siƒKÉj§0¿ÅÏF€wZ8éÅ9‡4;£§7ÔN%ªIx§…“^œsˆNûžóa¤º¦ÁÝG;…Xð˜Ì©¿ :m¸yé—l1õè8¤5˜É|80Ø)3¹Ð6`8Hbôs6bºOcòSªˆ™ÉqËó¶j]lúýnÝÌ%¤þÔÈˆ©,CY`;fúØ€!ðˆÕ ³*¶fwM.Ræ²FFŒA1XÎL‘Xž:+ƒÖÓP˜)°AÇ-nR91ºE˜m«Ý"—¶“‰v«¡ˆkW!"weÄ1#‹5Yí>mt-À¥Í\Ât'¸¿”nF··Bg¹}p£¥áe¿PÀ†æíÃ9Ù>J;Nì#½¨"Ž9"KÓÀ¶¯‡lÀ`¥¸ò¶²†ë: +8ª¬áÂ©_81ºEmµ¥5‘c +ÌSguÐ¤%ƒŽ"ÀÍ\Bš×a©òKµƒctûÀOœ ˜ƒ2 lÀ`'ÜàU‘FZP¨H\¤Ìa„¢ÆˆN[™&#¥Ó$á.ï¯ +¬ÓÂ©žNFL="0X”]`ÅÓ8” +8¨ìQ…K£ LàdÄ4Á¸ ,6êqd;al mF¨BOPG$¤Pƒí˜Á6`ÆeZØYµ°gpgnš°(ôœ‹\€á ÊXÃˆÁÂ¿`g‹)‡¸ÎV”tVÅEXg$/cÌWßÇa"®qš¸Ffqs¯<éƒ@ÎŒ¶pg¦¸læ+~Ã™NNÂ*ØçoHÊ/¿-ÏÏN>Ë‡H?Æ¼(â‡³‹Ù»ù‘Â×ö™Ùã«Îø—å'‘G©£zšœ]œò3zµ“òá›÷ŸË‡mÓè‡û÷ÿOJ#ýø9 5 Oâ`l’5uƒ ’X¡.’~^oæ¶‚ žËJˆiÎæ"4œ¡é2qÿ2ßºÇ¬ÜªœmT'žùŸ®æ³ÍÙÅ;*ÖÂí›v8;(7ý7™ðò1îŠŠ²Õ›³‹Ó<ÅH$¦)Ï\5ýûñÁ\lýf`3œdOïa¢‹Ò5jÆÛj×2•§öË£–JãŠÎMq¸ù|.¦ÀþÔôe¡„•…³5ûùùÙ¹ºNÍpgòMëgwb]Ûi¾“A9$}ÆÈu®Zäo1RËùÒ€2pøWú6ÍËJÉwY°ê½/GÀÉN\-ßbN(0r¯.M²Ä;!0Õãoš"óþŒŸò… –0XéÕPß£ÚëålQ4ŽŽ&Yøê7Õ·„µ¾¿‡%zÕö³n{œ"o+´Ô®ó¹—Gâž(],Ba§|{öîr… ¸¼ ‹dœÛª8ä]$¾¹mÑ‰'©;³´²®Sjú‡(Õï§iÙ«v•B 4}é‹Jí†(¥òsSýâÞƒ/uúâ.ËDggúšñw\‚ÈÒiî½„;‰OlwÂêWLZ^rì'Ã½Mæá|sù¿bãhšš, ¶\wk5¯Xpo–«¿Ö[n8&ñyG^,¾ŒE~·ÈóâÛGHét&¥ZÆÈþ+4|\v2”’žÎW5·FÎkûýmäºÓ78ÐT¥ÚñVØ×¤>æ@‡ïg«û±¦¦–ÖoÅ~'Žç›Oó¹DIe÷o,Íc‰cIaÎï$2#±×ã?~£œ¨È|Ïùäž!ûÎæº¼ÏÞd“¢vÃ5²í®º™GÍ¯[•W¸«¬v”ð³%\¥gÑ-ñ|v[·é^:ÊVÇ,ue§¿jÄïõ[JcNzÈÇxrÇùº1!S=CIúî;îÚZº`õT;g¡x¶SË8á8îK{¦×Q,\³x$út¶yÏ™[Áz8[Ïø+²»ÛºæmŒ‰‡6j/GQF ºLµÕ£/g-'PR[:úz¾^ž_–TGq-J}ÍÏdÝâ†½•äUtoÛ¾ûár¥}ântZRÁß/Îþ~üëÙÅ¥¤ë<¦/¾SÁvçZÃÃü¥†¿Â·ý&fG^;æÈy_ÞÏ7'ß/×zèø„ï ‰û²&EþñV²ÀÙÌ^Åéû¸‚¤†þ€ç—Åƒ¿<Ì÷`S-{ñÞNØ¡ì9‘‹²Óô&y÷ý·ïëu.’#ƒò]Rçô,J}±^c©Ÿ¼7ÉñVãÇØ‡äœó=yäÃ<ÂØ-V¾¸Ž|Ä²âþÕL¢¾ÈËõ\—m< `ÈÓ Ò"¾¢¤ÏÑ´„d„ö&W$×OÖ—™b”šÇáÛFÙûŽÞKøÂ;ÏB^Î7O^¼:¤mqäiõ•ñóéìD»@ÒÖO&€¤ºÖ‰Ç…ü¶Š»UàU*þzðË«Ã#QqžË‰îý-èÙÞ÷Ê¦ºQÅ0ÛŠíV‚¦®›,;©‚ +æ¾÷*äWt†ÇÚ¢Ïöènå÷ì¥LžòÛJüu¹üKK9Þß=Œw]£Ÿé"IR“pÂÝœò…*ÃÀ`é}ÐçÞsºp¥6Y—˜Vâ2 wSV‰›NhÌ*VËQùú‰Êñ +ÇÛå ‰¢oZZ5µLkmi"Êø’[])ùýþ˜j©ýâùÂfXyÐw+‰|…õãÙüÍÀü·Î{#îÄ2qÓ˜/yú9$»ÂDYOì”É7x>n“Oâ”á*ÄÒøõå‡ËÕ† +âÔÉV§Í¤ÅÊÊf·pvdx…Dßç'Ó³mzjì´Bå:nýäf +8~½¶•àŒöú1NÆir$”’ÖZÌáýß-gnv²Z®×2q˜î&'™Õúò©‡þŽÀz×¤ã›fÓ´Kí`²ðpr'œâ6”:`kð‚ót™/|bJfêòÎÈ¯ª+Vˆ·jƒõ3V¸2^ìäŸü¯doyÀr{›à±1»ÞãM<ö¸8Íº±˜ãâ`³”ï(¨=~ê‰›X[š;…ê›«6¤õàÈùŽ‡À×XïãEu¾j®ç‰ß ùµAìŠhµk¥W¯ÿóï×¯~—£6” vÅüwøÏîtÖGxm:Ô]Z÷g¯~~ñ’2áá—;hxSÓÔä4ïh†ÐóG3ÀóåêäªcWÛlYÖfIÇ6ÇZäàož–ä¢ÚäÂ'^-fx° ¯;ÒCœ§gáÕ§.\¤my‚â™!f}…®Ððt¹˜åŠ5ìã½íeÉMÓw7Þ”ÆÃÉ-¥ñ÷Žiš!AOâ^.7zÊãÿìxy)) >¤³ÓL¤82^VØ™ûìôüZ7 ŽŠYï¦ÈÍáty~Çƒ’œÉeÎ.]ÕƒËóÍÙ½7çë’6Ã7ßÎNLþ¾xò3zü9?ÙTÏ–'—|Ég³üïmÂ-âx4å‹¸t»=úï£ÿ>eÛÄendstream +endobj +1492 0 obj<>/XObject<<>>>>/Annots 275 0 R>>endobj +1493 0 obj<>stream +xÕ[M“·½ï¯˜CÊa©Á|Ï)µ^EÑVY‘"®¬\Gä¬–?Ö$W’ýëóº@÷éd+)“Š]µæ›7h ÑF£þåÂ%)þuI%y•ÌVé$Å“øçÝßèIR-þ®’¼8–ÉôÂÀUR–“Êp®—“ÌƒÍêImYƒÁVí@p^Ñ€òrÒ`@e È@4t%–ß$Òb°y †5lKò••N³# 2ÐN=×¶¤hä¤.ÛInÈ² Á§í¤€Ð†gˆ 5 ñ8¼É=RÃ²Ð•o( 6œs ÔP’{,›ÍCCÚÐs.sÔ0’¬ KÄIÀ£!®I',T!Ô€Ðð&‘ƒrL„Šµx•d.…1•MÊŠ Â“U2PM/%Î@šmrIR‰´,º, +]ò~ºd ]zë9‡¢´±2G&E¿¾9åßÄ(Bo8òE!8Ìvc8…à`¥\9r˜JöRvþMyo‰|ßÂp( +[¬"ôƒ çž@HcçÓKä‚CD2" ¤±Sæeòc41Áâß<…œ C›Q†‘òìÈåé(à9ˆt#$þz†ÍE‡# r.ÀxmÊ>Ì¦CÂ*GEh„¼[F ‡d9…à°U",Æv +Á!)F¬‰œBJP8žÎ@p99Glg 8œõŒLÁ5”ûj;…8aþ¢B‚ÃbEl‹œBpEfu7R 3NÁUCe*×PhSNá*)P‘0úc1ýýp{ñü%úH“Û;,683¼².’Û9Jðxöì¶û¸ì“Í]r½Yïûõ~÷çÛŸÑ +ÂQ«Kßì2£fÏ®ï»‡}¿¥wháA„ÌŸašÐ3láÉtßÍ>“lz^ â4µ÷§—Sz†Uf¶ÚÌ—=÷ÔY‚<Ÿœò—×4®ç/:½îy† d:BEÇJf™ôÍz¿Å¸gûÅfM-‘o#{²[ÏéÊU|6Û¬ïŸ·]h›×èƒçðªz Ù¦å@31ŸÑl¶|œ÷¬ÂÒ¯•±Î%æéTc?:=A!$0õX!1E\²{œ/öÞõÂÃ£bOû0(„s¬ƒ˜Åê°íg¿ÎdQQáU;í€z ¦0Ö ç%c5X÷ûnß-?“!r$žôŽÑ4˜K$ì˜P»àeôqY„È•MZ„C‰|fE r¥1¢u_ºÅ2Æ?l•oÐ/wý×û~+G†ÓLBPÒ!‹8Ðòp¼€>v»^b5»æ™Wº·ÑÁJGx>ð±/»YÇ!9ó³~R:ÚrIr2»³"#Kp²ôïöVñB»·ö³Çíbý‰È0ÒÆûÖ´[}ìxa!UîÑáœâ!ªl¢rÜPÛÖ,/¤wl¸¸¼öÓï#ºM&^‘Ëº´i¾ßy“dH´b¸ßìdÏA5X$¡•Å›+}/jCbô°Ýìû˜M' êAQ‡Î*ÊâC[Wvr{×Í$¶!qÈ‚gè–ùÉs‡¨ŠÄ6Ðã„úíxe¡¦ó¹»Å¶ÿÚ-—¼âŠSEr5×‘_AET_†–ÿ•†7o¯ÿDÚ¡Ì˜WaÛÝw²{áiÎûõ¯ü&¾=%-DýúÇöm“vkGŠ?|ÚvóÜwLqÎ¬ƒçyg„Â®ñç‘dfTÅAE‰cÇ²G™Ÿ¿ÐhÃUµZƒü!ÀOÁ¥«ð9c¨ùhs‰Î‰òIÕ†è1mª£¾Œóþù2·hc' Ž>|óÛ×“¶¦»zxè×óÅ7©àëw}–jÀìªGœ§ø§,L ÁfaªQñ½ÇÔl¡›íª[Ë6Š»n£‹ÝîQ&†2Ü}9©i1ÆñŠ' +Pd¸d¯7«‡n»ØmÖ\ÝAyþ¼Q'ØÕër‰*¾]x8 Ç?ÝÌ>÷t+oó@5V í˜égùoT©1i*6î¡BïúNRO0eð¹Ýâ7ÎÙ¨\ñ,:Œ; :!ùÐƒy9Î×^wßÈ1Q¢kß¸“o+_ì1‰÷XúY0nŒÿ_è„šG::ÀJRÌÂqÝ4ïd¬V*D(¾6!Ð›y;ýOo){¦A5&ƒ¿ûmI¢ˆÉ›Þn¶¨N.–‹=9q³ìÜg;™®ð•¾XöB‚hsT†žùêíû’M™Ü +<ïo¯Îe9:¢àæÎP‹éõöBœÚ¢âèvæ*|,<¯:Ò{P +ßèA£gK/þ~Ã¦Axÿ>òV;{AÜqú×¨œõ®Ÿ¿’ƒ3nhÒ÷ãbý(Ö±ËwýêãËýåÍ Ùç&”~lçÜoWrÝŸ)QA*6J’®¼qN|z’ê=MÂ›É\Q·ð‹ß¬õdÚÿòˆuÑqrkºxÂ?š2]ÝûWyq/â„‡@¯” ámú„.Y“ áÇ¾¾žAIoj›=>–q`±µòë‹·‘âç™ÉPp™7žd®ÿé%W”²ÆÜ †Ë×ÝåòÍîžtØÜ«Áõ(ºêSž¬ul¼n—|!É®F\WjôfÊ³€SX<'&;Á·>ÖÏ‰ŸµF_ÝI)1”] ¯|:Œ-ÿýFœ[R¾rHÀTÏKÂù ‚2WÜúÍô¹Ì–¬è¶ÞÕµd‰‹9k|¢ç¸s½:ÙðªÀõ5=ó>]hAâp±-d‘—2Â>wˆ_†ñ[&(VÑ3\ÙÖš,/oq`<.8.˜&ÜµÉpÔUøŸ©ø.1>‡N¯^ÿp•¼Ýn~†òÉ‹Íìq…¯Îä4VÚ»ë´¥ë9_4ˆ¿Þ^üãâ_ Y1endstream +endobj +1494 0 obj<>/XObject<<>>>>/Annots 321 0 R>>endobj +1495 0 obj<>stream +xÕ[KsÛÈ¾ûWà¶vUD/È%%ËñÆ‡8+%¾øBóaqM +HÊÙŸ¯»gºeUR’VÞ²ùáÃ4¦ÓÝ3€ÿý"MÆø?Mª,É'Élób<ãŠþñëÏt%™ þÜ$y3JX'—/Ü$e9š8ÎÁMÒŒGµãÜ$išŽ2GzÏˆÏ§Gzv2é ölÓŒJ'¹,HT^bÈ&©z*’ë ŽëQáHÁf“>ë0Ø<£)©`ÁVÕ¨ò¬Ã›$çd_ë1Ø|<Ê=ë0±5)kc[²un½9{Ïñ¦ò,BÃÛÊc°“rÔ¸YyÚ{[y¶)zúz¼IŠqÓ“ì1Ø¢êYC\ŸeÑèzæúÀ¥pÌ¨¤ÇäúšLa¬Ã`‹ MÉX‡ÉõY¬Ãäz^:Öc°ÊX‡É¹yO²Ç`«²§‘Ç0rÊFVÉƒÍ +r®±ƒ…‘Æ:!æmå1XY¹6Öa°MÝ³¤¸/Ô}Ì}+UIÉ}/cçÂõŽå%\c&çr"2Öar.åë1¹/£¼¤c=Û¤äc†¡ÆUo¬Ç`‘‹à ë1¹ îi”O ªl&ð²y€Œì ”gðŽÜI¤Ç`S2›cCeŽeÏ–uŽ§……)@=¹9*Å´èNy¨aˆEŽê±ƒEªýX‡ÁÂ¢˜’IvöOKØÐXÁNRRVÇŠ:“‹ê00u—Bl•”JzLêP™p¬Ã`±² +Ï:¶&§»±cÂ(VÇzLêŒI•¨SÒ¨S'piž’X%=¦ ×dcÆC¹êë1X¬3¨£ceJEn© d`S +œ,}#=Æ”P¶0aê1Xq«±cJ)›²2%®’ÑJlJ1¬¤Çx(Z,+c&¦dCc[—ÿÆ:Œ #mÃÊÊJO)uÄ•Î€&,+=pae+é1M˜Rb©¬ˆ…7)øE¸ FI!Å buì„\ïX‡ÉT÷ë0Ø†ó€J¦Ö¶@BU…{Y4_Ckk·¶q\=ÆpãDÛK+Ñ81¬˜Ê‘ƒ¨=µ¡lÚbBƒi¨i#‡ÜÕ$Æ9¡ƒ‰#=‹%–zÖašì1X6¬c¦õBm,¯—ñ«9_)Ã}xäÒ‚jŸ‘2¹P³kÁÀNÖº‘c¶ûE‡zLvÈISc†.èÓ ‹²â6ltsLàÒ1•×BIñPt"ð·±Ë”zc1¥ˆÁÖTÇÝX‡iÂMX%{QXzÖa°%%:7Öa°¨¢žS`7GË‰—ÁÀL8lË°,”sÊ .bBJzL†`e”å€ f‘–‡Ž ˆÈQªJ¹Ì¤{pb±°Ï:Lö ß{+ ¸sÇzL6¢%kc=¦î2±lÁ©[ó²µ`ä°¼&‰q’©Pé1XlÏ:¶¤šàÆ:L† m¢±býŠÏÀ¬¸4ã))é1Äb›„‡ë0Ø†bÝXy(ÂK[’œ=4pTNKìBèN"=†XìŠà6cMá6c%¶¢dôÈ&c†ËQ^*Çz)Í?—m:0×êÑ%F%È8.A1[N-Fza@ËÖFÔZ1° -=¨©¤D'oeÂúÎØÀÀI8*ç f“òã•d¡*#¹cÃC@…FgF©ã$¡´å°"K3QÆÀ„SÃ•sB3j4Œ¡Ø¦j Î˜ÐÀIWg¤Ç4×’ÄêPå¡PÓXL"b°hÏ1_c‹é×Ž• s©ˆ¦e`ÎY0#åø¼M!){Æ!)0„¤q’‘Ãö· +{ ç YÀž@¤Ç`1?T´H¥ß—a`ZNÂ5SR"Ãš¿ØÀÀQôdX¶t'‘<’¼.:0rH +8;å™cXIûË #e@œƒPÑß ÑDzLæ¡’a,'<ò¼&<&6pA#'6²"VY‹=RI˜ØÀ±Jz¬³UVÄ¢ºjE¦Ò+†#.ˆQÒc«¬ˆEÑ–‘jˆœˆØÀ1Jz¬b•±8CÑ +–20#.ˆQÒc«,‹ÅªRño‘¡”ƒQ¢r,°–ÎŠÕåß*00"A)£@åX ÎÔKü[F$(å`¨D +`ÿÐñÿfŠhé ”ƒà²ÓQŽ¢X²gHÿV J9*'ù@úÉ#±30´IPo#cHæŽô)zT€à0ÛÆ¸7W/^¿'WKp(µ8W¬ŠäjÎ¯Vpyöòjúy½HÚerÑn÷‹í~÷êê7Œ*a#u†e4ìåÅõôf¿èèÊÁ!ó—(O#º†¢¯\N7Ÿ§|ªw¯N·sº–a³Zgal»¿‰´¿nªpõâý»K¾‹b\‡‹³õÊ¦XèS¼êÈ+Ì•ÎŸ1BóÂ3¢³†øð¿µßX"Zð¼ˆ§[º†Ô;NãSÞÓ¼[IóxS»]®¾º8jÆqî¿|±Ltq“I¸ýã´»á‹Õ(éÍY(§+ô8™O/·ížï‚-ªxœ°]ÌöŸ^ý‰¨…4‹RO> +'†|'š#•ŒÆŽ;_´ì0J£*e£ÿÝ´waßSÅg²ÿB7Ò›h´Qø%’¨³»ûª<2>0ÿ¹Ø¦š7Á*äz¶*ö…•^nçÉ!Æã3‹˜ºŒV\ív‡ÅŽnÎÝYûízÁnE÷`Êœ4à§—áa´ÑÕà»]t»U»ýôŠUÇ¶V™?Œ:‡:Fêa· Æi´Úw*÷y“ój¨œJÍl^Ì¾ÈBDóÿVƒãàîîÇ{10ø©xŸ·lYô6Ñ„ƒhÿ²à¸Dü¤MŒó›n…ì ëm¼È¼[ÁVÑþº‚æí·íº²Y°‹²åöí¾®¶_Ø¬PYÍu*øNú+d‰ITaÑuâŠÚ/÷Œ'±šEe?®¶P€H‹ý»“ü…¾tíá†o§ª¼É+þÄóëRÔ+ÅÚê‡ºöAXüsÇ+÷ÖºŽÖÓýb'é=¡¦£«‹¯ß`oá5Á$f©Ý~:ûÊN÷kqÙµ¾èóë/«Y×îÚ%Ë¦“jÔ‘7OÔŸÎ”Ž*ÂÀoëÅžm€S¦"æºÑÍ·5O?†Árµ©ït%L—a aX¸™îvˆm xô™š/f×ÓíyÞù!A=d æÓ´ÏN*?ÌÂ¨0®–áÅ©ÆÀÇåGÖßW;õ‚Zóµät²áCj&²¢~t¼x”ôNç^L%¼QP,íøÙ¢ÓRÙ.Iã^aŒËòGG2]ÀÃkæ%ª–H!-Ë–§Öð‹õD%š/–ÓÃš—dŽ¢ÁzÓµûvÖò2ÀÉrókÕ+=RQL}5·Þ›jÊ×?55G-N?Ñ>xjéM÷^õ¡—×ýD,.¼W#ìþÇ¬'2é/Ýíj&9YX»¤1 ûHçn®›‰ +Ôn÷ûvÆ¡ê·oáè;uÛ.÷¼ÑÆ‘"^Ý?tHã%Mâ,£ëúö9Ú0¼9¬ÖóhÄ‡6Ê§ìófµv+é,ñÒK·–îìÁ¢‚)9+8\£œv£šØ=Ä›œvù·Õþš½ˆ·ÜëçXâ·’ºý>òíªÃ±GÛñ¾¿wÂ²;ÜÜ´]ìUÆRÖðxŸÓ)~Ôy\î§Ý>¶¹Èåºé?åÙÝæ³ lõÆSa»7RuxìDìÝŽÃSë;+hÐdÞ©üÉÞj»ØÏG3l/èØõWÕ–`ÓKêXµaÂ>_c·R,þ™¦K]·¶ÁØÞšÓ‘¬âIÉŠ£ŸéIß‰ÞzpÊ3Ÿ.6RÔp†öˆ&ÁÛÒÄµa8f#/ßÛ†5ÇmØ¯Zr!ìñ…µXo_8‡Ó;Éx€ëì‰ãû8ÑY;.¼¥÷ÞÇ5+§¥lÐh<í¼Û>A•³Êï„pTÚŸþÏ‹í¢›Æ Z‰²-{„ÕvÉ}2Öñ Þ“æ”;URšþŠÄN¯ÔÛÅçƒ ú’°^Ü.ÖløÊo-ž2QþJUeq¾Ç-Ó¢ëÚNÔBû„òN•Fé„wgøà§W ‘=úŽ:ßãàï:vþ\÷DW;H„Ýa»¥ÑCFœ:è&ß$”OrÞÂÖˆŠÓ;®~Ö˜ôÿ0ÝÏ®CËfán‹>-Ôp™YŠà}™]¥O·¿’†ž^LkcÝ]î9Øcöu½’Ccl¸ÿ¸¤ƒæQ O0œ?¡æSX—^ÀôªÀ9Þzmnh¯Ì‰ÇÅåioø´à‹3¼°ö]T8ÊùWxÝ YÐNº†âþ¸+QìýŠ;eÒ†bëÆŽk¸5Á×;åÿòŠê15Ž:•möÙ3Ãþø¤Bálñ9)TÕÏ + _{œTˆ×ÚóòÐ + ßsœTˆG?/…ølxè¡á+“ +ñèB!é(WÇžü¤B|BüC($_ôÜ«Ÿ‘=/…ØÆÃ“· ÷*ÄGC?„B²o¿W!>òy^ +ÉÁê mã³ÊçtNòÝE”òI¾ú*ŸEmÅËo.C•ûª^Á·¡S¸Wnž>uÝëŽ6¸—ûÕZ>˜Àf¡‰ßÎ]OoãÏ¿ºÂÛ¾3Üñw;øz)~uñ˜íÎiÙÁY¯ßÕáóAþxÿ:™¿¾ÇÛJ~‹˜|èÚßp"¼mg‡ ¾9ÄQa8ÄÃ¿b.ó<9«Æ }Øw»Z‘óÿzõâ/þ"“Õendstream +endobj +1496 0 obj<>/XObject<<>>>>>>endobj +1497 0 obj<>stream x…ŽA‚0…ïûï¨g;æ˜Gˆz3Ñ¸?@ÆH$"ÁÿoN^LÓ¤é{ïk_ŠARŒÜ sˆ"MpÙA[XŸËl¤Ç„fió+”Aí/GBh„årPC8$›¸y×²ÀmÚ'œ†øîR?UÓsè·¡ýFÙ.Ñ]Æ‚õš ©ê‹ójqÖéùÀ?®õ¤½·òxyÆœƒº«•ã;Òendstream endobj -1488 0 obj<>/XObject<<>>>>/Annots 363 0 R>>endobj -1489 0 obj<>stream -x}™]SÛJ†ïùS¹Ùœª ,ÉŸçf—„M[HìSìEnd[€KòJrÿ~Ÿî±59»•ªÀëwº§çí‘ÌNb7à_ì&‰KÇnUž¢Ÿôÿ}ýtÇi4v£Ù8¸Ò%ñ$šîÑÆÍe½M>+Ýd ÷@¨é4J{.žÅNWöv©X—.Å²R‘pâf8*7EÉe`éfÓ(¶ÜP–ŽËXÂô@]Hœ3±Ó…ÂH,±ÄH‹a“Y¿‡˜Z,çpck0ìtÍ‹<#7L'ˆ™Ž„T¤Ž Ç#‰8°ÃÎf"X` &aÈj=ûm“!&˜¢'§U¤ÛKB ±g½i#ä@IEjj0l:ýk0ì(•mk0ìt(ÛÖ`Î“hÖ{ÖbØa,§ ¬Á°•ÊbØ™ŠÑÛêqSŠLkTçQ8nÏŽ&„lXƒ9F©'µ5–m‡–5˜ è·Ø°Ëq‡T\ðìCF/iGŸ¡T‘ ùÀúk°ä –mk°°3ÙÖ°KÈc9nÏZ,!O©xÃË€xakpéÒxJvƒÅ°£D’Ðïk1ìTÛ°—n8HÑ,°Ã¦ñ[/ó$öK¹¦ŠTfƒ‘*I%äÀ;‹5XdN£‰e ™GroK) Ühª=I%A -$&q;ˆÅmOZ›Êh0¬Á°”®ul±,sÊØ,§"T¿¯Å°cû†5X2/WD`-†Me–ÖçGï -9ÐLHE¢…'ÓÄ·u,?SE>ycÊœE©ÀKC“€À,§•9X‹a Šlõ¶Ãrqr` †¥'^°{¥(©ÞV”:`QJ®GÃKï r°5˜.`òZ,† û}´äTHDð£HÆ²´ëÔ…F¾R³©"ÍÁ¨Ï$5X’+÷¦a †åCå`k0:&r÷ÖbXÖ’¿ÞVË&™%Ú^±†èQ¹g5DÃ|Ù°ro«!Ö`‚Òr ¬Å°Ã!Ö`XN01¬?^Eå¤ÈèÀúÖ`l™àlÛ³Þ1íëïÍ¡ìªÈ;SJjjYƒÅñ˜r4¶àdauòÖ`Ø™Ì]ÃìuVt<`X}Ä¶ÃŽ§}r"‹Ee©tck0,föDÓ~C©®`k±4çø…’^fîZÒäY‘Æ`ñ«»Ö`X:”˜k0úëÃp`ý¶ƒýkÈ@^EºÁ²í@ŽXƒqLÿXVÇdÌ'G®EÔ17÷ã8•[>°Þ”[ß´ácE½NŠŠ¨óÔ£@'^DÛgè,(\æÚ•dŽ×>E‘ÁD„ÑÔ²ÃNä¨ÆV†Nœø×.<&{ ~ ”‚ó…3P_å†–S7è¯¤ibE¬Á„ÃÎ„Xƒa©y¢¬Á°<RÏªô³ý«”:ºi€ØÑ"Ã§»·S—ÌkÊ}â¨Ë1£%cÃ7!z;uI#úDŠKÁå›ÈÝØsÚÖ\ÒR‘Ä8sú»XT:žìG ˆ(xáõ^èVÂo÷N#äÍëPÁcÞÈjFAï!fKvIÚQ ˜ª[Õj³“´?Ý£ -à“ßÖ»f•‡H¹÷)Iéõ¬«ÓMAÂ2X*îy£ò}{¯ï÷mÏ¶›¨ûu°8Ôè‡Çœ„¾C4t”Ï>rûöõ/'RÉÙr“Ë¹>ÔUGhÚ_tÊ!‚Ë¨×«¨ÚŽâT…Å3ß¨öÆ‘û£~’R¾ô«\F–9u6?ÿüþüõz,n–R’Eõ ‹÷îjúôæŽ‰$Üûâa×üïE)NOmÈ¾,’fki :ógVlü¹+÷Lj¨Ä†ê—}NæÌWïcUW•ô7núÄîªâ—[m -4{ßè•Ù}S—Š‹›ù;ww÷ÀÿE5û¥?®ú#ùñÎÝÌÏ’w.ïVQç/ƒGîNÆÃå=-LL»¨«¿uî®n~ü]Ï`óV_vÅê‡ûÐÔmëæ»e•wî}S?µrž³ýçbüÐÔ»m vÅZký¥;ÒuQ´«]+ÃâX2¾Ôòù_6¸ßU:‘:xô¥±Î·›úÙQER}Bð Ó@aoº“ÄÕ~z½+Éþ“ÎõýéÞ|ÍËºËÝyU1¥V¹Ì&cR¾Î1/"iªånþ\Ž¬Mð.Õß]^Ïbåjw}³p;¢+k?ÙýLþö6fÆl›º«¹?d`~žKU¬ÉSzEjóã!œD“È]s÷5oëÍNï’›†™¦’ØDyEFÒ}Ý”~rËeK&¯,~¹–¤^V]S¯wš¬£ƒðd_në¦Ë¸(®Ñ¶uçËšhžs£ßÊÑÒrår›µíÓšŽ-K2¾XIn7´¿ëò~ˆ†_¤áçâý«€PöêâüöÕçèóùyþåê1eY/Ý¿?_¹íf÷Pøêå/BýðºdÈ-ž·ZHÿoÈò57/Ó>ëäº¦îæ:BÔZ³fõFè;G»µ;ßÈ}ìKÁ»€Ô‹ÜÐîs^.¹©ÂB#ß]õëdl7òøñºPÎß>m/›Ÿoncä©Jk¹ÑvœË¤d,úäºMþ3×g‘SkBú ¸Ä®C¹¤)áä‡»mŠ2cüîó2Ì³¼uéM¤þø[“ÞEöamÈËt:ä‘ŽK*¥þ¹8ùrò_!Šendstream -endobj -1490 0 obj<>/XObject<<>>>>/Annots 417 0 R>>endobj -1491 0 obj<>stream -x•ZÑrÛF|×WìcîÁ4‚$øpu%ÛqNWgGg1ç{…HHBL -Ú§¿¿îb·!¹’\¥Êq«1³3½3³È¿]daŠÿ²°ÌÃl6û‹édŠŸÄ?>ýtQ–“yX”‹É4ìCVÌ'‹3Ú…›Å`Ë9žògÉºé2Ÿ”gS†9_ÁŸûihð;`°‹l’++ìj6Y)+xòY>É„U¶Ì&3a=âb1)ÔlŠÿ/YP‚Á.3J‘XÁj9fcÙb:YŠb° EÏŠÁ®æc[Áû0Ë)h²UëªgÅ`çKJ×Uë@ªÈºT³v†ReÜyC.UÂ”jÎe+˜RÍ¹lb#Ý|É½¬/›£D¹lV°8 Ù²‚Á"[ì_bƒ]Xa$V0ØrŠª[Ád-¨d+!OK¦Yyºð6ÈÜ>C²`5³‚Á.WÜ‚d+˜Jå#V1ØyA1¢mQ@Ö9Z…í·\ `ŒI Ír„”HÅ`ç¬(aS‰)¶6±ŠÁfBV0XD8²¶d²b+µšQ¨ÄÚÌ±…ÖÖ6ÃÙFB6Ãë¦î7H<: sC4uÊ¦bœ2¿VŒŽ)«\XÁ`±Ï"Ù -¦Œ5‰U’—Ê -»`‹ˆ`ÊÈA$¬`È˜³fëé¢‹lžO9iæ†,]ÁTÊö'±‚]8N,Ä°‹ kMàìjŸµu#¡çn²UÌtÙ„Â -»*¹Eq]Å¬©Œ•YÅ”jl«ì¼d=F[“ÍÎ>4ŠÊ×MÂH7Ÿ3äÄ -‹Ó mœXÁ`–°‚Á.¬u“`²«±`H…Š„ÑV17£5±>kÐl?.˜À}(W¬ÕÈ Ü (ŠÈ D°˜µØõH*;çy.¬`°«bdë{ƒü¬á3¶sC¾7 ÃtVÒ4±… ´ÁŽ¡~dÍq?}XÐ‘£ä8²æXXs<°9ÃRlÝñ²ð¶ÌyaÈfÄKH!¬`°¸ !¨d+»jC5±¾,®bVÄÖý…![V0—Í±±Â -‹“Ë&[Áª±¾lQZ1e9°Âg›0L1®gÊ -»šŽXw<›Ÿ7~AÒ[ 8a¹yV³È <—pâ¬„;«ÙÄ D4P;c+X&‚ÁB°©²‚ÁB0D²Ì’XW7›ñ8PL†\Þ„kYXÁ`q˜l3¨œé&Ï‚Yj<û«,î H7Ú*‹Ó;YKˆ—WŸµ<¼¹Ê #(Œ‘•²‚™.§“Ø -‹KÁÈV0ÓB±Œ1G5*Å`MÖd«ì’7ÆÄfqâ¬µ‰™f+Éò.“ÈbÅlÊ£ŠgäÐP 9a‰1‡g1Sm®9iÈ+ÆXÔ$L¬`8ÆÕk¦¬`$:åA˜l}Y\+¬PQÅplÈ–Ç˜h™°žª½)¡™Kfc€–aho|‰T-ÄMƒ…z)±‚‘ ý…°ŠÁâ6\£b°˜”êY1X´÷ˆÌ{ -Iòì*fÃ/Õœrfº<Õ…6²Ì„8’b°xAÈq]Åï,º®bO›m™à°XôŽzV“b$[ÁûPàÂ7x¢.ÕôüÂ›-éØI%bøþ%V0…Ì(Ubƒ]p\+R¹ÑV1XB‰ÌMàUXÁ`qýÓ¨ƒÅ…TÑ³‰‘cŠYÓã4*QxD©n"‹v[(+˜uÃþK¶îámmŽ ‰ãuG‰LY®yb#L,YÅ®Å\X -‹!˜2S;fž`n.[—‡Ð™‰fÊ -Æ²vM¶ŠÔ -“>±fPz©å«`qŠžcj±ä²‰ãÙ&V0–Å9Q«,ÒƒÊÑV1XT®«íggU²UvÁ‘žXO÷ÕáEé²Â°wxÇ1ÝÄzºƒ§—XÁ1ÝÈžÓ=ÛžÓK¬§?°8gVU.˜éÎ™P´U‡"ê&²¨e@ŒM6îá(VÌV ’ÅÀƒÛH*¦w ²î6^áyÉÍ ™Š.†)¾éAãÄ -kï’Â -kw[aCcÔ9BŽž³¤RŒJ1X{Ý[Á,¾V%ÖŠÆ¿Å"(ûÔæÈÒÌ„ø‘RXÁ`QëŽK¥Íp!…©!s,Ø³-„uSøóL^ûé=÷¾µk¿c¬ -—seƒµ#VlcY”‚Šžmç9¬ ørï€ã-e€pYJ!=^¼ÙD¶³*3DK'2`‰fv®›DfçW5t;1d" ¦)oíÂ -‹9•¢¯j#¤½g†èØÅë„åÉ#ÉþN·ÎV&t¤2˜åð`L÷Â”¿H¡æì\@“ñw Ãàä/-œ›Ù××È%ÈÕØêÉ.Ap¸ó·ƒÏ±Áö%(rÁA>ü`°3½p]³“Ât7À²±\Á“ q ‚³H\‚XÎÄœ-‡·#+pSÅ€-gª¶ -W>h\‚ÌÜîf‘KpX.ÚùêgŸ¹½DÎBAAû5…ÓÔ€-‡M8C,‡#–— ‡‚A9„r†à0Ø0ò#— 7ÈÙÀ äñûh´nÉ×ÐÄ%=Žóvðùf}ñúýÅÖwü%Þ¢\†õÖ~7 ëÍ¸9OÂuWwõo§æØôuøTWÛæpÿ—õ¯ÓðÊ6½Åsù$¼©6_î»ötØ¾`g“ð¶=Ü5÷§Æ¡¨ÃMµ¿Â»v_5’}×îvu÷Â´€iWW=í>T›‡æP‡uw:öár³Ábý1T‡møGÛøÈÛ]Sóg}k«¸:}5 -wÎ€öûö€ìÚÛ]½w/?v]Û_Ä°˜„ÏUZÞ…‡z÷6Õ!\…ûºÿÛ‹§—“gi…»¶Ÿ›Ã¶ýv«ÿ¾þð£„ß˜Faã‚PÄÓã3Ð… }O2z;ús;†{ÐóS…pß;çüÛ©Ú5wM ¾äfêþ[Û}y®>Bg(å‘ßÖðñ{ âÉëpýî9Çƒû{û-l[È~¬û‘ªA³Á@…(E+F~ùî¦Vkûzëu6~ºÝÔ=Ü>µ§.P××ïyà°5~8îo'T°ÿxè))¼…üžýëºß¼þÒÝÎÿÈ;…å^›®›vÿxê±û•×ºÕÍhU¼®Ñô±î¾âaÈszä££'! Ÿd“|kú‡€”6Ö,/¢Þ?¶}mðJUZDý¸.‚Wvþå÷ÕÅ¹>‰-ê»|î|ÅËßŒžéÍ*| - úÜÖ=ÕèàãXo0Mú§ðWü•y{Ñ`ŠÅ®ºººš„Ëí×ê°©·qa–´®¤™á2nžŽ}½×í®Ù à¿ó²xS›ÍèÑ§pu¸kŸ…ˆýS[í)8†Ì]³ûŽ øF~ùxõŸp]wûæxDdáMsžiÃÈ@O`ÖÕÇã0'Ã?›cÿ2¾Œ*ÿ»©¿qIÅ tº'°%ãÇp:òÇl]8Jn›j×Þ?ŸüŽáÍ‡ôîsIVyèÄãCÕÕÏ•À+k -ËLÛo‡º;>4V¤ÚæX -=¤àÏvaÛtõ¦o»§ )¼\þ¡Ý6wOLíÿ´EÅ_PZÕ†Åá BuŽ=t¬ºíyÒl¼5÷ÕñKx¬ºj_ÃÆÛDz Y`žÿeÕ÷]s‹6ûêñÁ3µQÛác_ø 'ëãðDøûÏŸ×??—àÙ){}ùÁNž-ŠÅØ,68 »j·{‚·CuÎ¨NÈõÐ7›ï·ÆŒuå=Êª‚ß—+#Âw²Îåªîê¸V ¼áR`ë\tÎŽ%@]\ãò`óëæôøØv=£õ0>Óšî]»=ÙFš’º2îÔ<ùý*³?ØÖØú«ý#×;†uÛî0RŸçŒ9s®îí±ñÃ+Æ/×75nd/£Öð©éìëUøtùÙ="FTÄýkþEËáC¸'a¼ovœšopÕzÑÜø:£†w]ƒYê×¡wõ×sç…Šø1ÁÚ7¶ì“Ã‰‡jhïÐ÷¸+œ0’vI2éáõ{¼ÚiŠ;è´Ä«N™ã²ùÃÍå‡7—œ¿¢ÉqÅØœö¨Å¸7¯øñ‰¿ZNW|þòåŒ>¥Ï¯deYàß ˜ñ'?®/þuñ?®Ãµ®endstream -endobj -1492 0 obj<>/XObject<<>>>>/Annots 469 0 R>>endobj -1493 0 obj<>stream -x}YMsÛÆ¼ëWì!‡¼ƒ`âƒxJÙòS¢Š%+¢½+HBb’à@IÉ¯O÷ˆˆL*UNµ3Ûó±³»ôÿÏB7Á¡Ë"§n¹9›üÍðÇÝÏg³$˜¸4OñçÆ…É${´vó3‹ÁæY0µ¬ÁEi03¬Å`§“ ±¬Á`ÓllkðÆÅádÄªä, -rJNùÿTH6l–0 ÏŒe' E ¬Å`ã©ñ¬Á(yNf”1)DåS&J5IÑßxÒb°0‚¤ÁÔb -ŽFŽ-æAfl-f89Ã<[6MGëZvm F}â1«õIèÅÒ`‚˜%a‘œ†Ìš O"AÒŒòÿTþ”ÊÓ”_Ö`ž„l™ÁVW¤Ú2¡ô± ql05e¬g ›çÌÓÀŠã)ÒÁ²‡ +ÇSqŠòÖ`–‡©ð¬:Î¹kè˜{k*hÈÓ›D’¨¤ ’Ò‰Ó)ÓKtÌÄ)Iƒ Ùm†5˜‚Ùm†5˜)žŽ<[ÓÁŠ -®k1XérÏj°>²££ˆ¢‰dƒ! -û1²¬Á`ó˜’½Á`g’cÏQaBÉk1XT%ð¬Á`gÓ‘f (b'aY @ èÀ¦œSÏÌ€¢ ¶¬ÁX5@2[‹ÁÆC†5,ò¶3 ž†5;>ÉGëjË!lVÄŽ4 -`´"!Ôv -?ÖÔb¦"ÄÄõ¶šcltÙpŒhIŽ †)NäÉ³ƒÅöµ¶â8ÁF— $ŽyÇ›MQÃLÅ)À°#Å×¡auYP² 06a*H—õ˜Ž¹«=«¦i¨í¦ŠÅ6ãHI pÇZˆIÏL{Î@8•¶õ¤ÅŒ…×ÃÌ'Ì™(à¢3ÒŒYò¬Á`q²¢,‹3Mám æCc¬JE%ýCC&V,ˆ¢4K‘^ø:²$€œˆ×KÄ:ƒ…(X]3ì/Ïr?ŽÑ¯Þ—Ã4ãÅ°#TÜª‘ˆÁVOú‹·LµX86˜Žy„{VL£Y-Ù-ŠÄÔ`†3Å1¬Á`g'†5˜…åHõ¬d˜“”WµTÆjî$ÃÂmÄ)¡_ -É2FB2$‡Š<‰å÷£>N%˜ˆûQ1ü&|=Ö`°¸yB®x[ƒÞ–Õb`é¡%Ë2ËØ4Á}„Ã-’XCƒá8ä½Í³êÐ£E2Ž,ÞÈ“g FbÕ1ÞÞz)Ç‚Œã«Ž®^Ší²\¹ÛºíÚeSí:wÛTÛ®Ú>¹Ç¦Þ¸ë¹{¨¶«úµýÏýgçwŽDEpE<ì»úüs¹.»ªÞºúÑ]|»»vW×k÷XK5Ãï•Þë~ÛV–ýR?ÕÛÖ-Êîµ,·‡•ÜÍ½+¶+÷íæênßR4, ƒÞù -¡aÑvM±ìÈZiîjÛ5õj¿¤¾ãâÀ=<ÝÁ?‚¯_ªU¯zì+ Ü/õëðåCÝ|—àÆ_M¹bÛëu!aõö±zÚ7ò7Ç/Õ¦ê„>N3C@Ë5R¡1œrA–OôTùŠ¹-òJ™îµêžÝ¼Ø,Š£f2xSlJwW¶õz/ª«+Ünß”¬ÔÛ‡/Õvÿæàj-°ã0èÍo^´(ÊËeáêXtRÈ8Žqlv(, :ŽÑÀ¼=©¸¯/eóR•¯l¼ƒÉûãÇÀ}:øk÷»]Ýt#¿6œš»`±.7Î‡tìí08-–MÝ¶®Ý/ñ£¦È4Å¼ì¤:û2ûpuƒ=éesìí`>Ö’<|½ûõç»¯ßnÍÐÿhöùëõÇ«ÚŒ60fà.ëfÉDK–]Wc3ºî¹t›¢íNÉ›îºøn,ðíªÞÐ÷O&8ïÝMÝ•®XÔûŽ…*VK¸wÅj…·'¶ª‹ò^ï×]µ[—¨´<ËSã‚~Áô¢¢Â]W,EýØ¹Ï†BµØwè¦K"7ÿm\×”¥Ã¨:½pdëntb/ÜÜ¼+–ß´ˆûýrî6/ý ³ûŠ/?~d¨-ÿeÀD&¶ú -²c[7|…5+»â¥¨Ö¢§\·åësÙ”Rì‘ˆ™—Ë=¦ûÓéàq½ü®ËxJavË¾|FÊÝ¢à.Ç–íÊSóßC¨~?Tð_?Ç¦ÒÏMùŠ1z¬»éðÑÕíÅ®}.0¨VåöÏ÷>/XObject<<>>>>/Annots 501 0 R>>endobj -1495 0 obj<>stream -xmWÉrÛF½ó+úæä –ÁvJIrd«ÊŽ“ŽsAH‚M -Êößçui’*W©üðæõ>ÿ[„à_HYDqJÕn˜_æ?Ÿß- -kJów†¹ hKË…Æ`“ÀäŠ- -“PšEø2*X*H¤ -ƒMáT±¶`KIaR–‰ˆ¥.$›+vS¶+È“q”aÆ!rñzÖ†&S¬³q$ £öSAÞnºdâ€IAbWaH“œãõ¬Â;Š"Ë1Í¬xMŠØ¥Æ¦ ‡Ø°Ô!ÉÙÛŽrŽÈæ„Ï€sñ¤ÆœLvÌ*Ìñ²s¥Ulž Àžuñ¦™+°åB'‚¤ -³”çY'Mx¢@† Ç$H¤ -ƒµ‰‰ë¤–dœqH‚Dª0Ø$bÃžUåx´<ë£2iÎ exbSžÇdf4´ÒœCL‚”tbÓ½zVaD\d(‰bæ‘ÖÎZ™-xbfÖM¦ç?‹¹ˆ8&1M–“™9†›I¹Àxf¥6Ïû&éÔ!òØIfajÂ\‡pF¢U™b@¥ÕlÌ){¿ƒÅH'Šu!gÖF!· -sÈ) -¬X…Á"m$àµ -ssØƒg5?Ú²Æ`±©òlYc°8‘,+¼£½ •Ö¥‹™sCÎ·‚$ÝØcN—÷˜bæIÈ³Ö¶\1Oä{V¾+Va°ÈuôZ…Ù-ŸPŠU˜«,!ÏZÙ6Nd)WQÇ¤ Ìbg!`OòÉd1ûr>%¼e¥AŽP"U‚¦T'VNÏJ•â"qåÇ†É!‘*ÌR¾<ë¤rÔ;¯¸©M^'6åûÁ³NŠ3KnÂ˜/ãX“zÌ^¹‚ŠU˜Y¾º5ë1X”4Ó¬Âè îÞ@±.(l!)1ölJ± J[÷`@¨ -`NAøÄ‹ÙÌ¤Æ`å^÷¬ó‰sR¦_Úb»Ž 4%äÉ`zLðYšÉÂÝf|«;ÄdˆyÂ_—ŠU˜+ÎkY{½Z\Þ¦¸ iõÀO³4Ïhµ‘gY@«ê·#bh¹í~Ð‡î±i‡ßWß]àía!óa`èfÛÔíHã¾mÚG^r7ž_d ÝwýX®›m3þbþ„ ½¿ÿò¯(µuk"x¿ùD_Úæç©kkbCoÿºÙ± -?×›÷åHšvÿ`·îËv3^ÜÝ½â$1tåÌÇïËr·. RêÆ§º§›»Û%U’®Ôâ(¼^},«¦»áiZöÇià8-}ZF‡²ÓÈëkÓnº=t=}íúï}·:ÕÄ Õií›"¹|SäçöÇ´& -ðê^ÖýKSÕt_Vß)’‚å‘¢èøØQÕíž›mMË«×W¼ðdò½ªªz…º}ÃU·©é¥)éæŸ¥˜×1§œ¾SaZe¥AªìÄƒûáW[IÝÆçÓŒRîüõ¾Ùn&×M[öM}^ l64q,ûqZ:ìÖ1Üâ?ç¹g<:Ï˜V^½<ï2„†îÚ±ï6ûjlºö,Cì@Cïê¶îË-5íCwš@&£[¯÷´_ê8Ñ5Ê8lø¨û&ê¾ïúWÖðÜŽcY=In•Ôï[Þ‚ôÜwÜ•s¿hí}9VO‡Rµ37´š›%Õ÷m3ŒlãdÙ+ùëàñ“ Ã~÷Ìå9‹"çìWõ0¾ÂH·ší–žÊÉ -s¿ÞÖƒl¢ËÛüpTá‚ò˜l˜ó)$ÓI÷}÷®FzÛUûŽ£rîMˆ÷ /¿È‚‚×_‡±/+IÍâ‡Cž[ü6‘p²®/þ°KWendstream -endobj -1496 0 obj<>/XObject<<>>>>>>endobj -1497 0 obj<>stream +1498 0 obj<>/XObject<<>>>>/Annots 364 0 R>>endobj +1499 0 obj<>stream +x}™]SÛJ†ïùS¹Ùœª ,ÉŸçf—„M[ Ø)ÎEnd[€KòJrÿ~Ÿî±59{*U×ïtOÏÛ#™ÿžÄnÀ¿ØM—ŽÝª<D>éÿûòá$ŽÓhìF³q4p¥KâI4Ý£›Ëz7š&|VºÉ8îPÓi”ö\<Š®ìíR±.]<Še¥"áÄÍpC©"òõ!Ö`ÉA,ÛÖ`ag²a–ÇrÜžµXBžRñ†5–ñÌÖàÒ¥ñ”ì[‹aG‰$¡ß×bØ©4¶a .Ýp¢Y`-†Mãg¶^æIì[7–rM©Ì#U’JÈ5v41k°ÈœFË,2$äÞ–R@¹ÑT{’J‚HLâv‹Ûž´6•Ñ`Xƒa)]ëØb Xæ”±5XNE¨~_‹aÇ2ö k°d^®ˆÀZ›Ê, ¬ÏÞr ™ŠDO¦‰oëX~¦Š|òÆ”9‹R5–†&5XN+s*°ÃÙêm-†åâ äÀKOÖÚ¤d'Nº3Ú*6\€p3¢·S—4“&C}(.ÜDî·žÓÖä¢•ª"Æ™ÓßÅ* Òñt> +L@DÁƒ¯èâ@· +ŽàxC?p!oO‡*óVP3Šr1ãÙXÞ¸\€p*/Ä= ‚X»é¦$&ÌÞÎ¤ýƒÎ9ù½?5ÓZºAÏ©¿[ñpÏ<9§m¸áx¥æVèí„#'LòžP†ÁDÆí3Ž–aP÷\€p¼ù1»ÜÛÅÉÙ{ÖÜâŽ/iÆ“©[¬õ»>Y½>_¶]“ºßßYGûÄ~Ý)V¾þ˜µûº]g]î×ÐºæµûÝÝæk÷Ÿ¬¢"„¸SÅX-ŠÖ-ëú‡ãgæVõf“¯º¢®\}çþ¸¾]\óñzyW»yV.3·®W»2¯ºÌ/û™7®{ÈÝSž5mä.]×<Éâ¼jwM•u.Ûlöûê$bßjµkü¼qË]çÚºÌ»¢Ì[u¦Ál²æçßë¥x!¢*wÛ¼i n,³‚ Š*r¶/kŽßä+:Bj÷Gè8ßÑÖ‡øÕÉ2wwõ®Z;¢|èºíïggQ+'êæþŒ]5¢WöØ¯Ü6»Ï#w³É³6wmŽ‡jOüõÑ†ßó¦yúWïÒÕœ)ß”y>‹þ*-‡@½ÐH².¨µH1ï…ÿpõÕ}È«¼É6îf·Ü+÷±@âúöúÃÍÇo¿õ‚$‘;'ÇÛ'É.I; +S5c«¢Zmv’öÇ¢{P|òÛz×¬ò 2÷>%)½žuuº)HX¦KÅ2oT¾kïTãý¾íÙývu¿‡}÷“Ð7ˆ†ŽòÙ{nÐ¾þåC*9[nr9×»ºê¨Mû³N9DpõzUÛQœª°xæ[Ñ>Ð8rÔRÊ—~•ËÈò"§ÎæçŸÞž¿\ÅõRJ²¨îuñÞ½@Mÿ‘ÞÜ1‘„{WÜïšÿ¿(¥Âé© Ù—EÒlí DgþÌŠ?wåžH •ØPý²Ï©Ñœùê}¬êª’þÆMŸØ]Uür«Mf/â½0»kê’Aqq=ãnïnïù¿¨f¿ôÇÕB$?Þ¸ëùYòÆåÝ*Š"ãüyPãÈÝÊx¸¼£…‰©uuõÎÝÖÍêl>Ðêó®XýpïšºmÝ|·¬òÎ½mêÇVÎs¶ÿ\Œï›z· Ôý®Xk?wGº.ŠvµkeXKÆS>ÿËÃw»J'#²S¾4ÖùvS?9ªHªO>a(ìMwá‘¸ÚO/w%Ù_é\ßŸîÕ—¼¬»ÜWSj•ËÜi2&åËó2ñ—¦*PîæOÕêÈÚïC½ñíåÕü(VÐªvW×·#º²ö“ÝÏäo¯cfÌ¶©»šûCæ§¹TÅšÌ0¥W¤6?ÂI4‰Ü'q_ò¶Þìô.¹n˜i*‰M”W¤a$ÝÕMé‡!·\¶dòÊâçkIêeÕ5õz§É::Oðå¶nºŒ‹â +m[w¾¬¹€æ9÷QÑé€1ÊðÍ= -W.·YÛ>®éØ²$Óè³•$àfCû».ï‡Øaèðe~.Þ¾e?^œß¼ø}>=Í?|AL#÷ç'ýø”¿ãôãê’±¶xÚjéüÝX#È+îZæ{ÖÉM¥Íuh¨µæÉ*:ŒPtŽZkw¾‘Ø/>>öñlÈ;Êt:ä!Žk)¥þ½8ù|ò?îžy%endstream +endobj +1500 0 obj<>/XObject<<>>>>/Annots 418 0 R>>endobj +1501 0 obj<>stream +xZÑrÛF|×WìcîÁ4‚$øpu%Ûq¢«³ã³˜ó½B$$!íøï¯{†ØmH¹$•*%ÆÌÎôÎÌ. üz‘…9þÉÂ:‹UØµóÙ¿‰?>þpQ–³eX•«Ù<´!+–³Õ=„ëÅ`Ë%žògÉºé:Ÿ•gS†¹ÜÀŸûihô;b°«l–++ìf1Û(+¸ ù"ŸeÂ*[f³…°q±šj1Ç¿W†,(Á`×¥H¬`µž²‚±l1ŸÅV1XÈ€„¢gÅ`7Ë©à6,r +šlƒÅºêY1ØåšRÅuƒÅ:*².Õb¡TwÞK•0¥ZrÙÄ +¦TK.›XÁH7_sï#ëËæ(Q.›,NC¶¬`°Èû—XÁ`WV‰¶œ£jÅV0Y*Ù +FÈó’éFÖCž¯¼ ò·Ï…,˜A-¦¬`°ë · Ù +¦Rù„UvYPŒh[u‰VaûWØcˆE³!%R1Ø%+JXÁTbŽM¬b°Y†„Nlƒ-™¬Ø +Ff*±¶Kl¡µµÍ0G¶‚‘Í°ÄºéŠû ÎÃÒM„²©—†Ì¯£c +Å*V0Xì3¤H¶‚)#GMbƒ…ä¥²‚Á®Ø"b+˜2r +2æ¬™Äzºè"›çsNš¥!KW0•²ýI¬`Ž1Fìb ¨ÄZ8»ÙÄgm]ÁHhÁ¹›l3]6¡°‚ÁnJnQ\W1k*c¥GV1¥šÚ*»,YÑÖ…Äd³³ †¢2äu“0ÒÍ—9±‚ÁâtC'V0Ø‚e+¬`°+kÝd+˜ìfj+R¡"!F´UÌMàhM¬Ï´ÛÏ‡‹f+° å†µ9mÀŠ¢ˆœ@‹Y‹]¤b°KžçÂ +»)&¶¾7ÈÏ>ãa»4ä{“0L%M[Ø@máêGÖøéÃ‚Ž%Ç‘5ÇÂšã‘Íq–bëŽ×…·eÎÈCæX0#^C +aƒÅmA%[ÁØUª‰õeq³"¶î/Ù²‚¹lŽV0Xœ¼X6Ù +fPå„õe‹ÒŠ)Ëy€†<Û„aŠq½PV0ØÍ|ÂºãÅò¼ñ+’†èØJ¸À ËÍ³šu@Nà¹„g%<ÚYÍ&N ¢ºØ[Á2‚Í•‚¡ ’`æÉ*V0{•÷‘Äº +¸ÁØŒÇ€b2äò&Ì XËÂ +‹Ãlb+˜AåL7yÌRãÙŸXÅ`qEºÑV1XœØ¹ÈZB¼¼ú¬åáåÈUNAaŒl”Ìt9ÄV0X\ +&¶‚™îbˆ`„Œ9ªQ)k²&[Å`×¼1&63ˆÛg½H,0[L–w™DÆ`SÃ–v4H¦¤bÄƒy·SÅ`1z'ŽyuZà—6ñî‚Tyµ%L9Ø„L‘øFXÏ—–ñº¤¥úÈlx+L¤b°¸K-”Ì¬"¢cÅ ç:”ˆ¬b°¸0@ïÄ +‹äPk‰så‰UìZ,…õ P-þŠ-”² Ðˆ#ææ²u…ßÊ +Æ²vGM¶Š'^b=(hvvÙ{*·Uð x¦9¦k.›XÁ`ËjYXÁXGA!¬b°H*GÏŠÁ¢jt]Åh?;Ž’b°«Õ$*O#6½¦óå¶ÐtGÖÓK¬à˜nb=Ý³í9½È*Žé&ÖÓmq9ÞØ+·G•fºK&mƒÅÉ†º‰,j7p¾iàªb5ÀÍˆt0ðà6’Š¹ów ²îÓØÚÃ¤!+Á0Åg;”Pbƒµ×Eaƒµë«°‚¡"ê!GÏŠ©ñ4*Å`í^l³høæ”X/šìüQÂ¾¦å†,]ÁLˆ7aƒõF¶æØ¿ãÒ”GÞ| {¶…°nZú¯ßì3Cfj7{ÇpŒß/íç¹Ìƒµ#VlcYì9‚Šžmç™†ßßpU¼ˆŒn!K)¤Ç‹B·’±³ŠCnnç$^€l2â™A "ºuÒÊnÑíXÄgš0Ø%/æÂ +‹9 £;ÎÎ¯yöþ›¢cOÔæ;:‡IfÀMñ*‘ŠÑzbjkâE$©` æ‰‹ãøV´à¥Ò%ÈPä¹C¸\pÓ— —cÃ'.Apøìˆ?ÃDŸ b›í“Oä‚ƒˆ«dg Aü]‡êH›1rÏƒÄ%ˆP¬— –3™#gËáŽhó2à-gªŒ6J"— 3ç -q ŽËEÎW?ûÌír9odöÕªã&C`¡$ÈMð7±‘KÐCÁ5&Ú!”3‡ñÆ÷»Ñ.AnÇYärƒø!4q ‚[ûûæÙ§@pètÜäÆõ,=,c¥‰ïˆ<,½™/‰KÐÃÄøíæ2Lž³‰KÎVµK'Sˆv¯¶/ß®Ðva{Ë?*®ÊuØîíŠó°Ý}‡kþ,|èë¾þõÔ›¡ëjßîþ¶ýåb^ØÙîñ\>¯ªÝç»¾;öÏØÅ,¼î·ÍÝ©‡qîëp]µ7UxÓµUs 9ôÝÃCÝ?3-`Ú×Õ@»wÕî¾9ÔaÛŸŽC¸Üí°ØpÕaþÙ5>òú¡©ù»¡³UÜ?¾˜„»d@mÛ]wóP·îåû¾ïúã³V³ðé¾B‡Àûp_?<†]uWá®þñìéõìIZá¶ëÃ§æ°ï¾Ãæ·—ï¾·€ðÜ( l\Šxz|âº0¡ß“Œž¦ŽþÚŽáótÇT!\NÏ9ÿzªšÛ¦†@¿äfêák×~ª>^Bg(å‘ßÔðñG âÉ÷ÛðáÍks4;öc÷5ì;È~¬‡‘ªQ³Ñ@…(GE+F~ùæ¦VkmÝÞxM‡n×õ·ßºS¨ëË·85¾;¶7³*Ø=vŒ”^™þÈþe=ì^~îo–æ…Âr¯M×]×>žì~åµnu3Yok4ƒ}¬û/xòœùèäIÈ'Ù$_›á> ¥5Ës§¨÷÷ÝP[#¼P•6Qßo‹à•þcuq ™Åõ]>w¾…âå±˜ÍŸiÊ*ü4ô=~ÜÔÕîáãXï0M†oáïøOæíEƒ)»êêêj.÷_ªÃ®ÞÇ „YÒ¸’f†¹˜ž|ïåŒys¨wu‹‰®èâöÿÙ"½uÍPC¶—ûé8ôÑb"$>d„Ÿß_ý7|¨û¶9QxÕœgÙ8*Ð˜qõñ8ÎÇð/x´]™„žQÝÿ4õWî-‡áúÜØq‰c8ùk¶,œG÷MõÐÝ={üØâM‡ÙóîÃmóP'+„ŽO„ú´ýé©ON×—ïìÄÙ³ül}À2a‡2î«‡‡oðv¨îÐÕ ¹†f‹tRWÖ•÷&« +~Ÿ¯ŒßÈ:—Ï<ª>x¡Àuá—[7à óu*êâ. 6·®O]?0ŠI øëƒéÞwû“m¤)©+ãÊÏß¯ 1Ûéˆm‹¿j¹Þ1l»î£ôiÎxa`ÎÕÝ¡;6ÏG$>)„×?¸þó¨qa|µ†„ïag_/ÂÇËOî1¢"îîYóÏZ?ó$,‚·Í§åë{\±ž57>!i áMß`†ú5èMý¥ÁÜy¦"¾–Ì0ƒÚÆvƒ}r8ñ0 Ý-Úâw„FñÑ.G&âSíð¦#cöC‡i¶ë›Ç!‰uÛwmxw=^—èàå[¼ûÚ1Œ;ö¼ÄÿQSæ¸¥~w}ùîÕ%,»_0%p7Ù8¨ãæ¾à'6>þb=ßðùËŽãmh·Ð²,ð?ÓXp•ï·ÿ¾øsèÿendstream +endobj +1502 0 obj<>/XObject<<>>>>/Annots 470 0 R>>endobj +1503 0 obj<>stream +x}YËrÛVÝë+îbÉB4ñ «)['ª±d(EÙ‚$$!& Jò|ýœÓ â6D:•ªTŽÎí¾ý¾ æ¿g›âŸÀ¥¡‹·ÜœM'Süeø×íogy<™º$Kðï’p’õhíægƒMãI`Yƒ7.œÆ“Ø°ƒ‚áj¶ì,iŽsš‘Ò˜Ëf“Y(i L +§“Äƒå4Iôˆ;Óàp¤Øb°A6I¬Åt'£;ƒf‹Á&Éè^‹ÁæÑXÖà‹¢1«ùá óI¶Ñ!%cÞFoFM'¡.$‰@Á`A +ƒÁ&ïXƒað4˜äFVo RFQ(6˜6¥Ìg ›eŒÓÀªâi"ibQ,HL‹¦Ç³3=ŠÅ3ÄY‚ˆåNÑ§Y6Õ *)ˆ¤Tâ,I%ˆøkâ3ÅS˜íI‹–¿a ›fcYƒÁæ¬5#k0\ ã‘QêêŒuÑ0Dn&Hbh0Ø„åYõUü@×EèÈ™ñÕCÆ,*OêÐ5šP« ¹3ò¢23<«w Ñ‘ðTˆ6`7Ö`°]¸ÖËÌž4[Ì²˜¼¬Å`ejxV½EOh_…4JFØcz2Pž5,b“=k0Øœ5lXƒa…Éƒ¬Å`Ñ (qÏ6Ÿl‡bô¢–PäØ„“Ù°Ó¡åfXƒq-rÖb°‹ÑËZDnYƒéŸ/#k0&jœî•’‹Q‡|\à{êÐ[á†_±¾O i1XJlX¹“ãC&®|(¢^ýØ”°a †«ø0I«ŠÑ™ºQò™ ‰byhÃ&¼Ï©aUÅ(Ó+`µ„‚DÔ`º3C;Ö`°Ø³3ËÌÄr¤zY0zœ«¼ öj±°#Þžd¹ÅËs¨1$’Bì4J²ÿBAâŒÁ`c~Ö`°Ød’P¯„)×UR–ùo2ñ>Ò2œ¬”'^Èç7(ŒƒØ F¡ðÉ¬Ag÷P÷1üx‚ßÝ}ø‚Àîî‘¿&YêîVòKáÔÝ-áØœ¸û®>ÿ\®Ë®ª·®~t÷7s×îêzí«uÙþz÷×Ù9~i<ÇÍ!üÃÝý¶z¬Ê•ûZ?ÕÛÖ-Êîµ,·î¡Ú®ê×Ö]ß¹b»r÷×—º}[mŸÈ,@RÙ;]lX´]S,;²ÓÑEáÄ]n»¦^í—´ïø@4qÏEwÐïnšú¥ZõVuÅ÷{ý:œ|¨›ïâÜøÔŒ7¶]±^úqQo«§}#9¶ñøZmªNh×X'ÂË5B¡>Œã ú¦^WËîªØOå¦ÜvîœÆ¶Æ‡ç¢u¸t‚ÀÍ´]¹QéêTª2¨njæÑè>Jà‰»‹ 3ÕŸ?‘÷\’Q>18x5ò½EþN÷ZuÏn^lÅÑ%˜,w]lJw[¶õz/Ñ¶®p»}S²¢Þ>|¶û7Uk©E4C/Þxñ¢Ey¡y-T[;iÈ(ÞxÝåf‡Bä¢A”é ÄÛSvã4ìþöR6/UùÊ9ˆ¼+„…ŸúÚýnW7ÝH¯ñ§Qºˆõbz—Ž•¢l¥Å²©ÛÖµû"þ¾x¡Å;/;ÉÎ~‡È>\^£—azÙ+FÙšÃÃ’’‡o·ÿþíöÛýÍ±ªõ§bŸ¿]}¼¼¦ÌùØWÔá—ºY2Ðe×Õ®{.Ý¦@ Ÿ0ÕvU|78»ª7ìû™6!w]w¥+õ¾c¢ŠÕê]±Z!ÄíñX`v‘Þ«ýº«vh’j[‹å‰^ +qî÷º•àîªb*êÇÎ}®0¼ªÅ¾C5}a£õMÙ5eé0ROv”AM£“í¸Ýðˆ›wÅò{q|™» Æ`?í(ÀAÑåÇ¤Låß-ˆÈdÅHZÁl£x”7üò7±7»â¥¨ÖbO¹nË×ç²)%Ù#s 3/—û†©;í<%?›ëØ!aÞ½ôå3Bî»-Û•§ÞœÇ¥z~ÈàßGSéñ\S¾bÜ¿¯tüŽë]Þ\üÃµÏÕªÜþ8ªp|Ôàð£q5r{º™ÃƒÐíÐu³)¶K4DÛîOž…•õfW4U‹ à½Iø¸ƒ¶zù½ì\½ã¨?q9»-‹•k«ÿIÙ‘-ýÿæÞð°k‡X=Üº|)%q¾`å•E¿L³ËŽì*óWŸ>rÌþ…ÂqŸëåžëðŽŸøXçñótšs·±›HŒÿ”e1þg+ˆ˜6üëîì?gÿ')µHendstream +endobj +1504 0 obj<>/XObject<<>>>>/Annots 505 0 R>>endobj +1505 0 obj<>stream +xmWËrÛF¼ó+ææä 5ÞSJ’#[Uv¬˜tœ+B,PP¶ÿ>=³vHª\%«ÕÛ³3½³ü·òÉÃ?ŸÒ€Â„ÊýÊ3þ²üøò~•GÆ£$KðsO¾Ÿ›hB Wƒ s(ÖJÓÀd, |&‰Ta°‘o|ÅZiœ›DfÍ˜dguÒ88b4J(H_† +RÒ™=ä–,lž›˜’0D¢œpÎqÙ„›À%ÅF9G +ø =kÄR›’—LF$WÐBÆy8•š"‹l¾#.\J+qãÌ³¥þ·ÈÅMR[LÈƒbAWaÄ3ŒR¬Â{ +‚ˆsZ´vÖ˜ûR?49Å‚8°øGìëž2ÉHs +²GRËBj6H¹RÇ*Ìù²[ŠUlÃ`ÇÚ|@z)âÕ‰ +³”Î±VêGS/Åœ“ ‘úCÅ&T¬•¢Hé¥0å”‰Ta.'àÀŽUö{ÜZŽ•ÀQ–Yû%E.ðÂ&¼k¥idûÐJ)éÌ&>FEŽUç)¦W¬ÂÜ0¼´ŽÕ˜ÙãXé˜áyyÒ&ZÀ9)ˆnŠ¸Èœ‚HÍ(Rc68ç„©õ!Ê¦}“0)H|¶ÒH³5cöÁ_hF¥h¸´DÖlÈ½¡X…Á¢¥cÅÚ”ÃØ¶öR$Ó*Ì)'l°c‹ÎAŽU˜‡›Ã±ƒÅ<:²Æ`qB å%²Æ`q…EVxO!šßWZ[.UÎ˜PV^”«0—Ë‡MäX…y…$å…µ½¡t Øa°²p‘c‹«0OË'”bf—%åE+[ ÌcÙy-àœDX¹4É‡p(ç*È˜·¬E¢G€=øÍ¥Î˜¥|9V\ +Ñ7b?6„O‰Ta–òàX+¦K_Í³â©1³ ßŽµRrPã1Y©Ã<+;¨X…™å«Z³ƒ…¥(ÖEVkƒž.¬MÊŸžØ£ …‚8)»pž}0À[0§ æÄ‹Õ,¤Æ`å^w¬Ì sÅ~YV‹8®%Óé1…‹(äÈd~LðYr$œ²/#¾ÕALú¸×fÌñ»A± +³ƒþ2–µW›ÕÛ›oÚÜó[2ÉRÚìäéÑ¦ü-@gúR;ê‹¿o¾¯<ºÀÃ!À(&SCßúz¬^g3Cë¦ûA×M]µãp.Ï§»‡º}…÷=3‰i<´uûÀ!.ðàu9 ½»®‹mÝÔã/æOhßÐ‡»¯ÿŠR'Ÿ˜³_¦¯mýó4µÄ„†Þýu+²cUÄ~ì>#}¬ÛÃO€ý¶/ÚÝxq{ûÊ$±¡Kæ8o8·.öÛ‚ ¥n|¬zº¾½YSé¼:*ÏCŸŠ²nÇnxœ‡ýqš8ßÐçu0ÙvN£®ou»ë~tßõôëŸúîð,î_èRSƒRç±oòøí›<;‡úæ1‡OuÕ¿ÔeEwEùDrTzâZbì¨ìöÏuSÑúòÓÕ%<‡z/Ë²†É¨¡;ô\v»Š^ê‚®ÿYKx3^Ã³ +ÝB°•qÙŠöÃ¯¶ßïÇçÓŠ2^ù«CÝìæWu[ôuun®c,âXôãJmÔZÞ‚ôÜw¼*çóòV,Æòq²J†Ú,‹!åSS#Ç8öJý*yÄá†Ãþ™í9Í<–oS g§ 6ñjÕMCÅ‹T…¾ß6Õ ›èíM6ƒ¸Í½oÙ˜¿;pÌIÒ]ß}¯Ê‘ÞuåaÓ¬XVÇÇë‰©—óøËí0öE)ÅEø,É²Ÿê b.÷ÏÍêïÕÿwÒ†3endstream +endobj +1506 0 obj<>/XObject<<>>>>>>endobj +1507 0 obj<>stream x+ä2T0BCs#c3…ä\.§.}7K#…4 Œ™¹…BHŠ‚žP$YÃSOÁ=5/µ(1G!3¯¸$1''±$3?O3$¨ÍBÁÐ¢M¢Ÿr= !)f \C¸¹˜T&lendstream endobj -1498 0 obj<>/XObject<<>>>>/Annots 546 0 R>>endobj -1499 0 obj<>stream -x…YÛnÛH}÷Wæe3@Âˆ%JO;N²œ«4ð>Ì-Ñ67"©%©$þû=§šì.I™YÁÉa]ºn]ü÷"– þ‹%Kd:—Mu1‰&øÿÇ×÷‹(‘ÙrM¤’i-°“Õ…•¤Ó(6œ•d)ÄÊXÉrê 3°’8N£©´ì,Ž–†%ÑLf‹>Bí’œU Õ.é«'-;ŸF©e »L;£óe4‡Ñx²äAÑªÅ`Ó ô,‚ŠhÎæ°Á„ÃŠTÔ`Š.èq` »œ0LFÒÍÉ$;’uf‘Ÿ„f“Œ+¢Ywœ)*d¦þ* g 'zïI‹ÁÆª6°ƒ…÷D` »Lèo` ®$™Ì'ÏZ6Yye1Ø™¦ÇËºÃÆLÃxXá°'1ö¤Å<Î”á¬FÓa°0Šr -¬Á`1XƒyØÅ‘fçðdªÅæÒ¡ 8 q½Ì°C9³Ó,ïOÃÅH"ãebléZŽú2çÎî:Ç½Ô†blá ÎìYƒ¡åˆÓzÖbšåBoXƒÁ¢+q /ëœÂsÆ•2W>f\[Æ(©{§ëœe1µa6°Óe.íµ˜.s/7¬Át™èÀê ‰QJœâ‹kFó£ÇAzuÒ¢žRQà)ŒH—Vî¨ -\V=“8Íé(‡èMƒœZÃb£ Õw´oME¡Qq -ÔZ€ªû…fŒx€š>¨Yc”3!ÓŸB< 8ü‡§¶çDoã%ƒÇòÈé R·°Å¸œñœ pAñn{ñÈH7§0çå§9\€à1îÞƒNy}€Œœ»;†¥‡ÃqÝ%‡Á5 8‰iŠ›c¤—ê-6rWë‹×ï–H²~ÀO¤ól!ëþ2Š¿Ù¼¸©û¶Ù6}ÙÔ¿¯ÿƒo1Kc÷í+Hðõ‹õSÙÉ>o{Ù4uŸ—u'E]´ùNÊú¡‘¦–§æ‡ô `×ç»tyuŸK^oG‚åã¡-¤*TW'ÍÃðÝss%Äª¦ëéÅD^éÝÛ»ò[±{–º(¶‘|¾}{¹z+m‘o¡§ì"ç2ºÑ»ÌÛ“.ç÷»‚ÞÀã¢î;÷%.™ñËÑ@É¿œó7ƒót{]t½¬.?\]R¿){‡Ð¢‘|ºgÊúQÏ8œšP~rtbD?4GëÅÉÛmÙó†©«î#NÊ]ñ¥P»º»\“yu¬jÉº}–]ÙeOy[t’ÏËN-|+]Ñ~/Ú3õ©Sûuò€K?ÊþIý:ÔåOÙìJÄõLlv&öÐ6•ärýiõRîîñgY/êÿ>®õÉ·—òiõ:y)E¿‰¢È(ejMÉÝSÞËÍƒ (ëÇN®›ú½Ü5í·Ò—ã0`eFˆ6Í¾›k-mˆàm³ùMDüóÏ3¨/‡róMÞ´M×Éêp_½\µÍŽÁx=ü=-?¶Ía¨ÇC¹ÕtYg4¹×e·9tÝÐköhxs¹:¼ <jíJ¤,´Ñ¶ØïšgA“±¼IàoŠz«Ð‹ÔÃ{ð$?¸§#ù£ÓÎ`…ýöµ¨š¾Ëºn`¯ø™WEVX²~)©)dõ\oþNe1˜½»ù¸:ó -y½näã§µà\ÕèœÈkL–Bþ|ÿù»ìÛ¦o6ÍŽÃæÃŠ%´E&¤Ê7¨ƒBs{Ï,’8‰|-ºfwà|“OíÖë¨[\DZem•ë—ÛÎ»³,âß†"9™¦¦°žƒ¯öMÛçu/ÛN.ï›†I±9´eÿ|Z¥ÒËíwHäøSkõáJÞÖ›öy?æ#0s,Q7õ«ÂI[d±ë~4íÖÅÅÖ!èèP7\ô«-FSU¡”N’‚<ÂÀÝaÌI_ü?¥öâß†;Àÿ .Þ¢èçÃžñÅ)iqåø:mn\¸ôµy**w}-všÛî©Üóªbù}÷÷$“}Ó•?/74ÁùIñ[ÊñüÖÎrãp<ëQzæœSƒ6×¾ï9!X52\ÏMº‹‚kD;[¯’¿öiá-Ý¾Ø”ùvú¾-ï¬¸‡cí?:ñ‹4-q×üÌ«=æÈíõÍ;”ÄÙüHšÂ'_?<¯¾Üž§¿aDru(wÛa¨E¯„÷·¿–l§|Š\›[óìØy9T8Œ÷,SVi(|AÎûáJÛ÷E¯þ°‡0bU-tKôæbè¸ýEƒÏè´í½üûÃ-¼8<–Ã…Ç’.7ü\¤KÉiõ§øk±H±–acÉ¨ÿíúâËÅÿ• :endstream -endobj -1500 0 obj<>/XObject<<>>>>/Annots 549 0 R>>endobj -1501 0 obj<>stream -x=Ínƒ0„ï~Š966þ!ksjõP©mÜˆ€DDT -ïŸ5¥•å‘ÖßììÊßÊ@Ë1ðŽQuJ“–—ù<ª‚)€“Fã<åkuÇi…ÞŠE õÄà¥JPbÀìDóàEÜ±ÁE•Qmc/i4X/c5bõä(!”s{¯Ûþº‰7¥‘GVlµ„¯ŸóµIh{kT±#Üî×xÚ¿•{¼Ã©&<ÕÜ5ýtžÚ¡O}™aÙJü™×E -~í§q¨çêÏM!äòACjy‰êC=ëHendstream -endobj -1502 0 obj<>/XObject<<>>>>/Annots 552 0 R>>endobj -1503 0 obj<>stream +1508 0 obj<>/XObject<<>>>>/Annots 549 0 R>>endobj +1509 0 obj<>stream +x…YËrÛÈÝë+ºfO•/\¥$KvTeIc‘)e1ˆ%DÀ mý}Î¹Mt_’Ê¤¦ÆöÑá}?º›úÏYh&ø/4Ydâ©YÖg“`‚Ÿ¸?¾žåAdÒÙ4˜˜ÚÄaïÁÆÌÏ¬M¡â¬M–@Ü*¡œ‚µ™ÅÎ9k†I+AÁ¦a0Sl©Ió>BíŒœQë!ÕÎè«#5;ƒD³ +ƒ%ŠÑé,˜Âh8™1PA´ª1ØdB‹¤"›éÖ@"™pXˆ*LÑœ{Va°³ ÓäY`m¯9šd²Ö,êÑl”ÑcA4kÃ‰Ñ 3ñW9!8™Ð{Gj6µžU,¼G"<«0ØYD=«pm¢IÊ<9Vc°Q~à•Æ`S)“µÁ†,Ã¬ìž£;Rc†3ýž•lZFÑNžUl2XÏ*Ì`óÍÖáI,ÍfË!À;¼çö:Rc:œÒ¨g¦ÃŽg¦ÃÒ[žU‡|óš5›LÙ—NVc°˜GTÖ³ +sõLYÇj6‘ ãY…ÁN3v…g;K9Ž•$'!ŽeÆNµ@’ìamòþzNA¤)š žÔ˜È‚L³ +ƒÍfp×ËÊÀ&Y¶Ø”¤ zFSq·=kE§LÈ˜«+DQnö$å# ÍR +ÖfšÒYù 9±fsÚsœ‚t†äIÉr kÖc°‰wŠ5F«`„µYÁfé]é„Ç„×lË€íI +b¬–Œ˜TôÁD9á/Ž$É‘ƒòPR¬Â`ÑèÈ„—UÑ 1Q'Çj'$ö¬Â`1p¬Â6OèQ/‹¼,:í³ÆÈ"V6jëd5æHE©Ò7…0wv˜HÁâT×šm ÂPº?‹XwR1Ž1+à8÷·ÏÉåÀB¤Ç2ì5;é¬gf‚',cÅÙS Ç'½³À9;râçÜ;ë9qv”³ÎyRc8+=©X…áì$³žÕ,|ÏkCÉÙh} E€eÏYß§ Ây“Ž´J3¦{%§ATª rÀñœ‚TÊëŽ'5³‹«0Ø”K[± +ƒE¾RÍ*V."JVaä/ŽÐFžÕ˜Âk‹b‹+¦ŽHcn,^½¬Æ`±#umŠSîeÌÄ„V0Å +2Q"èHÁN¹b•(ƒƒÓ¼4"RP¨UA9QpÇáP!tF¼&{Òº +q9PU˜D–ÄªØßæÁ ‡‘!µŠ Gj·`xàY…ÁÊmÞ³r^Æ¸bÊa §E´*Qìp(–Ï +«0Ø|ÊŠzVaöŠt¡cÅl„v’—€˜±È›u¬˜Q¬ÂczÖ6á(ár™`±Ó5KŠ#Ü6XTÌaŽ£“€œ‚ˆ{~ªHÁb;hÖªÚ'#†èoQë!†œ· ÏY9ü)‡ÜI¹r5¶Ï,œpUuÚìEûwTÊ1äÉpÿÚ±¤ Oâ%# ˆ»ÜD’w©3HÞ«0òŽæ?ë³Jód²H+×k<Áå³Â*LÅ< =«1Øˆ™W¬Âlb‹ÆI4«0X\%«0€ÜÝ<+3û.±ï‹Æ€ÂÈ"P„+HX…aoU¤Ê±3 ŽgYYTÌ2oÍvmÙ,{Ì,³ñ«0X¹ë(Va˜EE´fkWvy@ãxIq‡ ²f=¦YžŸŠUŠQ.dÆÉZÅ¸¥K;ÊËœwv;9ö¥n1ã!fÇ*ÅhGDëXi–zÅ*S‰€œ¬u +ÏÛÊ¼Úð1cÇ2DKØ9åYëÔ(‹ ³žU˜.óÒîYé2ïåŠU˜.óíYY$!Z‰[<ÏÙ3X å•Mï§F€-ƒcå<'…å¢ØË‰J¬Viy,pÖp±±åKM€X“‡ÛÈáE:Qœ‡Ì_ÍNNAæ…#î9Áák¶™â<Äã¹¢ä$‰ãÆC›}k“â 8¹üzÎCºÃœã‡ÁÅw £NÁ!cøÊÀq2ùþcä¤®‰½<ÊXþM/¹ÁåÛÈ{ +kÿw¥YŸ].Î>}™a˜Å_tN³Ü,Vòý&~²üpÓ]»Ú-‡ªm~_üŸÅFígÏ‘ËŸþ°x©z³-ºÁ,Ûf(ª¦7ÏeSvÅÆTÍº5mc^ÚŸfhû¡ØlL_ÔO…)šÕH@p]=ïàÒðRŠ®Þ´ëýçÞÚùYA¬nû^LÌ¹œP°½©^ËÍ›iÊr˜?¾]_Ì¯X±‚žª¬Ë˜)ç2Ï@º\wmß›ùî©)sÙµ?{&ãÓþç´üÜµ»§žwÕJÊ¥‘â^Uýr×÷ûYÓ¡áådûði4°Þ52•(™£U¹Ý´oCÆö&Ÿ”ÍJ Ý‰‡sÎàQ}pÚæŸ½L;ì·‡²n‡Ò\4M{åoÍ¢.‡“†ÀUé]IIHiæoÍò¯„Ñ{³7wó¯P×«ÖÜÝ/ÌÎÕì‰¢Áf)ÍŸÂ?7Û®Úe»á²¹³…V¨„©‹%ú ”Úæ3Ì"1eßnvÜoæ¾[Ù¸¦Åf¤“UÖÕ…|rU ÃEREü†'0Ç;Sõ.ÙàëmÛ E3˜;ä¶7OíË¤\îºjx;îRŠ@éÅê$Šg|[k~{i®›e÷¶ó‘˜9”hÚæ¼´å +UìûŸm·²yÑ}ˆg6&Ô.ùÔ +«©®ÑJGEÁ¯€°p7Xsf(:.#Psuy"„J~»ºøã4J™Å¿Lùÿ“\¼(1Ï»-ó‹(iyåú:nœ¨ô¾|)k{=”©mÿRmyT±ý¾|ÆÉ<ÉÌ¶í«_Ë%†à4R|#r¸¿e²ì:c=(Ï”{j¯ÍŽïWnvkƒ +×§{“î¢aÇ‘É–£äû”ÛD›~[.«b;ÃÐUO;vÜºÅZçøN¼S¦Îš_E½Åùvuóíñ½lq Má£‰¯·oóïßNËŒo",œÐîàÑ³t&<òzâ$î˜\\·[6"ûÐ·¶A§ÿŽôÁ×r8%X"»º1tËÈÙÄN…úN Èò¿n%ÌO_ðŒ‘Ëƒä"á»ãŽNð Sž'¸jÌ¨ñzqöýì¿K›ñ$endstream +endobj +1510 0 obj<>/XObject<<>>>>/Annots 552 0 R>>endobj +1511 0 obj<>stream x•V]OãF}Ï¯¸Ú— œ8 I¨Ô‡Á6j‚Z´TÕØ;ÓØwÆ&äß÷Ü;„¶*+±$s¿Ï¹gæï^HCüi6¢ñ”â¢7†øf÷ëîKïlœÒt8 †TP8<fí§œî{ûŸq:îlÝéÞgœÎçoN‘…N§§Áœ&óþæFRÊ5Ðd6&ï„ãQ0:<8_öWg4Ò2E?ÓÙœ–‰kßÄý‹•¨ji(èG½¡ZÓ¢´µÈseBKikºÿ|}þùhù—‹Î|œ“ñ¹–I?àzÕB•ªÌœ—òø£E$¼ï„Â°õÍ‚)ûž«R˜-U"^‹LZÒ©w fUçM"üA"/4*å–~VeóBÚÐC©^(Q¶6*jj¥Ë€–+ Gv¹Õdu!9÷NÂ±¯v—J<•‹(‡iMõJ¶‰Wp©PKë6šbÒ(t‘ÒV7TJ”ƒÅº¨\]w”] WcbyLñJÆkPT•Ñ•Q¢FŽª’e‚zc?îà½qºLa0 èB—©Êóß¼çù~gQ‘÷<R–lŸk®ˆ6¡e£<4ÝØ0oÁ+«cöUô¨þ@ÖñÀõ8°moÑAÙo}öF=h¬ä:y#WÑGqzÄxcQ’T¨×LÃ‚F¸b¾±2O÷DÎËÃÑ¥dÒÀ…ËØK^0U2#ª•BÀLçÖ·íØÑL¶‰W$øLÒFF'‘°nlØ‰TÄ€x#êv`(fÇÉ Êôð¿B üxÃNÆ¡' C‰Ý¸D+\ë¿px;K8Ž°[I¹#1F_¡ù·Øò<XO¾8ÀÝD‰22ê[F’ßîÆ6–¬vL6R€É+YÌ-ÆxÒ†iýaÊ3&VJZ±8 ¨®˜a–2¡f_ÎW×*–ÝÃ˜ ;ƒh3Ö“=o73n¸]¯%ìâfQ^c¹‚wº¦nò„"ØbKA5WkN§ì÷Ï:™x¨ýùšå:ù]ÃCˆ+¦Ýãÿ6ëÌè¦¢èúñËÝíÃ/ñ(ôzµgü••Â~#l³†ûÑkÄ+õÇyaéàÐ%ÆÞ™®º%cFM}±°yÕŽ#$àF Ô$Ñ–’WÂ±óq¬›%xBXiž¥9nw§Ý4À¢å:Š¥(€°[idí4ó“kõS·%H;ã€žú7çeÑÊ®ôŠú:Owê¤Š¥©%¥ž*çw·¿Ý/n¾õKÝ¨Õj&N"q±äöé¨C¢eÌ.)?¸:í$´!ÚÈŸusìc, a©ëîœÄ¡â}$s¼t^£vW CßP¢N›I}Í•Ø—ïQÕ´×Ì¾w›ŠE—Tå¬7lk+«TíäÛ÷±“eÌ¶÷ÔçKd*š=BÓ4pÕk¶Ûƒ“ÇŠ²ß‘û÷û ÉÓÑa›WWà®A@D.ü$"~Œq‡ÕÐY³BÌaÌE¶ÛCvÅrŒ½‡êb Rˆ Švmè¸)dyÈ‰‡›ÅïÞ_^<Ü-–Ì™WùÝ=.æûòvF©Õ¥¸©± £SÁ7×)Ó¢Æå eÒ¦X$Gd†ˆ]Ï"Wø-_C.ÇXßbT»ˆÜnW„TãÚ*Â“c÷¥iJ{€âíOœW}íiã!ä -ÊµàGS»¥Örœo 3õŒ÷.Zc9i-DúÔWî">g'äã¡ÜÅwcý²ºtÏ©Hd`jtŒ×Poš¿>ÿ&s/§ÿçí9™C°çÜ¯í3Æå²÷kïäpŒendstream -endobj -1504 0 obj<>/XObject<<>>>>>>endobj -1505 0 obj<>stream -xVkoÛ6ýž_qWl˜Ä²e»~äÃ€l]€}mñó>Ðm±‘H•¤âúßï\Rrl'†%Hk‹Ò}œ{Î¹úz‘Ò¿)ÍF4žRV]“!MgÓdD“ùŸGø³’6á`²Xàë3ãqšLž;H§ãd~~ðóòbp3¡4¥åÙ§ó-sBæá–YïºÜ‰½#ÛhòÒùZØŠÄV(M»BjÚ›†²Bè¤×Ë/ˆ„úC¤ž«ÖIfô&^îô¾‹ß”NbÂ~¨v™÷Òd„_º½»^ž>3¤þˆ‹êñ)G‚vrÝ_'sRÚK»™$_O…,k«Bnµm—ÕZÄÀT©máIOkIâA¨R¬K‰(x¼½““#e:ìHZ‹ì^ =šµT—ÂoŒ.iÝx~P“µ´ÂKjïMès)Qf%òx‡Ú*¡ë6RfªZ•Jo/ÁyQòç³ÄBçÄr8%Ç16ÖTäLc3™´÷¦˜6 -]*E£³"@H_çÃØ0"Kñ`¬B‰@ŽÖÖìœ´ÄjIyBðW…÷õÕ`PšL”…qþj1L¯ú]¢ëLÆ±ˆnÂt¸/t3>o§|Ð¢„›ð™›o0µ0&\:tÈƒb Õæå3A¹Úl¤•(»‹t†FÙ«íôªH¾þ -Ñ{ä¼‰à˜…ÞÓ»Ï<-3®U¸Eiß^å²ãÍvÅaÛ›ÎJd ¦í*4jjTŠ¤µpnglNN£9*Üá¢£*K&¬ã¦[®fiÉ<G¦îNÙÈˆÁ ´¹°˜ûãIäFšŒZÚ=•ÊyØ^|¨é ‚ŽâàÂÆ¡vz"L¦L´ïãIÚò`‘Œß ù¬T\cÿ}¼g}à -³)ÅDˆg]ú!@¿£ñŸpW˜¦Ìi+!SÈãº™?îßkNè]¤Nnôž»ÔPK%=æ¶eëP:3Öbœåhú¦î¨ÑÉý‘xÆ?j C¦Hé¡aÛÁÌœêì9]M`ò –é-½úƒÐÐ=Àq´ê¹dŽ8RËÝæn»zÝUÔÒv”ÆÀRÝR)d‰28ƒßÇ6™É•ØØÃžƒºnƒœ¬üÚÀ¸Ù5,[K8\ÏGfpQìY9±/'mO7o=Lûtœ=ö9¤‚e" åÒÃd]‚¦;á2ìÉb—º‘ ÃÀW‹ÝŸÕ%ò¼£°©=Ë¨ÿÇE²% ŽÀZ‚ò<Ã ¶|(ìß`IÚè~„'rÝ^Ç.žÕÎ$jçHò_k´úÖÎ5ø_z‰>Še08–Ë«Ä>¨Î_ÐÍr_+Ø6x}˜Õ£S‡‹Éº(= ÂZ±¾cŸf¹ò–Sxtí¢’ypB„öÚ!(#ÿd]<ßF/lt}>ä¶å¹€w‚H`vXø¡ÐS´_zÛ€J¦œ!ˆê =¶+&lÉ_Ð_œÂýÍº -¬Rú4É‘R_x¹9—î ¿‰ªæWŒ`L( 5×¨ -{8”Wš-Ü=Öç°WÐ.#'ä÷µ¼zRQçÿÁ”ƒnÀqcœŽí?n‹7Oß.¹·Ÿn/‰} -ÿ*½øþû¸¼äx¼"†qßàltIŸn£K’>K’äD%QŽ¶ -Ï¨2ë)Wîž!·/7üËÕju÷îãÛOw·«ÕO±Ÿn%ÍÓdÑî$Ï¤üŠVø‰rg„ãç§ªŠÏÖ—Uãý‹Ë:*hÞÚ`:Å{ù|LÓé".ÇÛë?_Ógk¾€EôÖdM……(˜P\c¿{ ?.xgž½õNf“d6Ç}šù‘_—¿]üá¾°`endstream -endobj -1506 0 obj<>/XObject<<>>>>>>endobj -1507 0 obj<>stream -xW]oÛ6}Ï¯¸ËKS VbÇ³“Ý4 `]ÚÆ›1À(@ITÌZ"U‘ªê¿sIÊq”nèŠ®%ÞsÏ9—þz0¦SüÓ|Bg3ÊªƒÓä”f“³dJÓó9>Oð#©ð¦ç“dò£góç'®'7>¦E$³ó9-rB‚ÓSZdGo^VËÛ?¯ï–÷«Õo/_ðö8¾}>N.~Å™E~¤¥£ÖJ*k7~E+ügeóM6ZTŸkcJþBe2„èŽBŒÑd†Êç'ÓÕÒŽ -UJNBNcUÏBÊR¦pò˜LCVêœ*I‚Òö˜Õ¦q¿„4FïÂèlÊ'³„–káè¶ ÅZéK×F¿p´4Íæ÷§‰qn2OfÜÆb-5mMK•zX;¤9¹5„ŠéÝÝrqGÙZÔN6tÄƒ6VY¨Œ_º¹ü˜p>>/0UëTYâï6ÛðsM®ÙòÎŽœã3L9+¡JH¥²Ž;Õ²³ikZ•ÆlHá$Âz{yýþ-x%—‡ìêeB÷¢J…¥T"…m³LZ[´e¹ÅAëDYÊœ„$ukÓZnÉd•“–:Ó”y§ràm Ub›¢SI£%I°À'Y+Çý5T7&-eå›çì¤Éð6)—Ð?@ 3m™²Š‘™nÜÏr¹ô™É²™Ð” -¥¬mQªâw,w7ÊÕƒ´.‰ÁzÊ-ûYê»9–Ä¯ÜÌ"«Ž¨.¥°®>q{ÔÖ9H¶K™›¬¤vÂ)£1æÎ$:Êåê%—Ë„ - >=ŒÉ"ŽÒ²AôÆ×ÈCöœÜ€¶N íø‘¶cÌ43µ¤ÛkZéâyÊŒ¹Ú‚…hKÇHACJK¡7À2œN˜øšÁD?·NéÜt`‹ùŽ3UÎù©¬Å7/®ÇƒÖn¯wä†,˜^€–T6zô´n8¨©c!h "Æ×y¶/à=©26ü‚l•&™ÑÅ ¯©y ]ö|x®îô¥G¶€2Ò9–ëÄ1H joP=åe²¬ÁTÌ8ßaeÿ&“„þ0Ùaÿc"w $/¨[«líeãT€3ágã gÈì¦2²y±–°¶ ×rÛ:02¾ãöB™µlÐaHÓ-Ð¿…ÎÙ¹yìlX &‹t‡Ül“÷iè†z1Næ„ ¬T >CÆ‰ñE#ôƒçzºeÀŠ^Ú;bHe‘P2ÒH|˜K½¥ -R±‡øì°–™*”BÇÁ^€#ùô¤~4Yv*³Ôê6ü—†úqCª(#¯˜ÆT~ÎÇË €„þ†,Á,þ”à©©À+zçƒ8\ƒú÷ ¬aø¾È´+WGp†–k±[ëà‹+8ª +ÊµàGS»¥Örœo 3õŒ÷.Zc9i-DúÔWî">g'äã¡ÜÅwcý²ºtÏ©Hd`jtŒ×Poš¿>ÿ&s/§ÿçí9™C°çÜ¯í9ãrÙûµ÷äfŒ¬endstream +endobj +1512 0 obj<>/XObject<<>>>>>>endobj +1513 0 obj<>stream +xV]oÛ6}Ï¯¸+6ÌbÙ²]ÇÎÃ€t]€ýÚâ!æ=Ðm±‘H•¤âúß÷\Rrl'†%Hk‹Òý8÷œsõõ,¥!~SºÑxJYu6L†4½˜&#šÌ.ðy„?+i&ó9¾>s0§Éä¹ƒt:Nf§ogƒë ¥)-ÖÈ>]Ð"'di‘õ®ÊØ9²&/¯…Hl„Ò´-¤¦i(+„ÞHz½ø‚H¨?Dê¹j•dF¯ãå.Aï‡ø}Né$&ì‡jy/MFø¥Û»«Åñ3Cê¸¨‘r$h+Wý•p2'¥½´k‘Iò…ðTÈ²v±*äV›p9QDL•Úž´ñ´’$„*Åª”ˆ‚ÇÛ;99R¦cÀŽ¤µÈîÚ3¡YKu)üÚØêœVç9YK+¼¤öÞ„>—ÕaV"·¨ºn#e¦ªU©ôæœ%>I,tN 7SrcmMEÎ46“I{ÿhŠi£Ð…¡R4:+„ô¥q>Œ #²´Æ*”äheÍÖIKœ¡6@”'Ux__¥ÉDYç/çÃtð*¡?$ºÎd‹è&LûûâA7ãð¶Ê-*@¸Ÿ¹ùScÈ¥C‡<(Z_>”«õZZ‰²»H'Èa”í°ÚNO¡úh€DàKà¯À½@Î›^€YèÝ|æh™ypÂ-JË0øö*—oÆ°+ÛÞtRøð 1mP¡QS£R$…s[csrÍqPáömUY2a7Ýr5CHKæ82u·ÊFF®¡-È…ÅÜO"7ÒdœÐÂî¨TÎsøÀöàCM{t76µÓsa2e¢ýOÒ–ódü¹pÉg¥âûïã=«=W˜…L)&B<ëèÒúÿ‚£¸Â4eN ™B~×Íüqÿ^sB7‘:¹Ñ?{îRC-•ô˜Û†CéÌX‹q–; é›º£F'÷GjàGü¨™"¥3<„†m3s¨³çt5ÉGX¤·ô^èBC÷|ÇÑ²çM8â@-wë»ÍòuWQHÛQVKAvK¥|% +Èà~Ûd&WbG`{êº r²òkãf×Ü³l%á`p=™ÀE±'åÄ¾`œh´=\¿ÙOt?íãqöØç +–‰$”K“u šî´†Ë°k$ˆ]êD6_=,vwR—ÈóŽÂ¦ö,£þŸ?q0É–€ü9k ÊóƒzØò¡°{|ƒ%i£ûžÈu·|»xV;“¨Éï}Ñê[;×àé%>ú(–ÁàP.¬û :ÿ}A7‹]`Ûàõ~VN}.&ë¢ô€ +k Äfø}šåÊ[LáÑµ‹Jæ1ÀÚkû Œü“uñ|½°ÑõéÛ–CæÞ "Ùaá‡BÑ~émj(™p>† ª'ôØ®˜°%C|Ap +÷ë*°Jéã$J}áåæTº×€ü&ªš_1‚1¡fL€Ô\A¢*ìáP^i6p÷XŸÃ^A»Œ|œßÕòòIEKüSBºÇq:¶·ü¸-Þ>/XObject<<>>>>>>endobj +1515 0 obj<>stream +xW]oÛ6}Ï¯¸ËKS VlÇ³“Ý6 `]ÚÆ›1À(@ITÌY"U‘ªê¿sIÊq”nèŠ®%ÞsÏ9—þr4¡1þLh1¥ó9eÕÑ8Ó|zžÌhv±Àç)þo$þÁìbšL¿÷àürñüÄ›åÑÙ ‚OhY ÉübAËœ`<¦evòöÕz½ºýãúnu¿^ÿòrùÞžÄ·/&ÉåÏ8³ÌO´tÔZIeí&¯hÿ¬l¾ÊF‹JâsmLÉ_¨L†}ÂQˆ1šÎQâü`ººQÚQ¡JÉ BÈY¬êYHYÊ´Nž’iÈJS%IPÚ>³Ú4î§à’&èAÏB9“džÐj#Ý´Ü(ý`éÚèŽV¦Ùþú41ÎMÉœÛXn¤¦i©R‡4"'·Á€P1ýv·ZÞQ¶µ“ ]+ñ U–*ã—n®>&œÏLÕ:U–ø»Í¶ü\“kvü³#çäÓFÎJ¨R©¬ãNµììCcÚšÖ'¥1[R8‰ðŸÞ]]¿G^É¥Ã!»~™Ð½¨RAa)•HaÛ,“ÖmYîpÐ:Q–2'áIÝÆ´…[2Yå¤¥Î4eÞ©x[C•Ø¥hÁTÒhI,ðI6Êq ÕIKYùæ9»i2¼MÊ%ô7ÈL[æƒ¬¢Dd¦÷³Z|fr†l&4¥@)k[ƒªøËÝrõ Kb°žr«~V…úæ_Ž%ñkg7óÈªªK)ì€k'OÜµu’íSæ&k+©pÊhŒ€¹‡†3‰Žr¹~Éå2$¡ÂAƒOc²ˆ£´l½ñ5ò}#g7 -¤h;y¤í3ÍL-éöÚ†Vzxž2cÞìÀ€B´¥‹ã¤ !¥¥Ð[`N'L|Í‡`¢Ÿ[§tn:°Å|Ã™ªçüT6â«×cˆAk·×{rCL¯N@Ë@ƒ*H=zZ7ÔÔ±´ãë<ÛðžT +~A¶J“Ìèb×Ô<ˆ„®ú>¼WúÒ#[@éË‰uâ¤µ·¨žrƒ2YÖ`*fœï±²ÿ?“iB¿›l‹°ÿ1‘;’ÔmT¶ñ²qªÀ™ð³qÐ3ävS Ù¼ÜHXÛ†ë¹]ßŽq{¡ÌZ6è°¤éèß¿ƒÎÙ¹yìlX &‹tÇÜl“÷iè†z1Næ„ ¬T >CÆ‰ñE#ôƒçzºcÀŠ^Ú;bHe‘P2ÒH|œK½£ +R±Çøì°–™*”BÇÁ^€#ùô¤~4Yv*³Ôê6ü§†úqCª(#¯˜ÆT~ÎÇ« €„þ‚,Á,þ”à©©À+z +çƒ8\ƒú ¬aø¾È´+×'p†–k±;ëà‹+8ª þÃ~ÂŽ‰¡ ŠdN¥ëØÆ µ„¹Ø(i6Kæ1hŒÆ˜å-Ê„›J !J^_ Æ1ùJ)xP…Èž/E„z2\ÏÐ|äÓ!’‹ -9'ŸÏ&lr“Ï³é1ì “ÌY†ðPÎ‰uwï‹tíqë™n4¬Å¶5/xØÔ.Þ'b‹²žßŒCm¬U,/Ô¡à-X¾æF~Åb¶,R,..1¡›(APŒ9ŒõƒÀR=FxÞ‹x„<Àž½ ð©!iÃÔ˜:|9IvL° f&‰“~eè˜0qzž—[s`ÞŒÅÈG´BÏ^{ðG,]c@Þ&*öLs -z?1"Ç»Ëß¼—Æ0ÒNrÇ^AÁ³ Â6¾vÃq-ÓÖå[¦Ø>ŠË@Ù·7²¸¹”9®aÅ&ÏÓåÛW+3ËÄê@¾kpµ ZƒÑ$ð¼ëZè—!ï”[sïƒ~PÐž´yƒDüU{–ésà¦äo?Ö5¸yë,á²rLÉ³Ô¯XQVÆ¯[„fûÒ’¯jõ -¿é÷î„QïÁ;Y6¨Þå•z òJlÀÂ°O|“;È¶G€?2Â¤ŠÝûj˜ü*q§*¡g /NN»Ûc1¯7rù½.U¦üÈì&Tì·ShçWw á/È°±´ébÞ»_Ó6ìZ÷+×q˜?k‚®éG£RÊ_LAB?\YÁ®íwP>ê±µœã°ò¾{]¾ˆÝŽW ÌäÄ¶c<»pçþ×Gôµ] oxà7;º\á¿!(Ë±Âüÿ–-Ù2\c£$?/XéÚFû»)o²>2ã{rs/Áã~lžŸÑlîåÜ_¾¿º¤ùÂKãzÿÂËçFýë£ùéß7â×Ôt>Mæ³óð£r<æ0oþØMÞ°endstream +9§ŸÏ§lrÓÏóÙ)ì “ÌY†ðPÎ‰uwï‹tíqë™n4¬Å¶5/xØÔ>Þ'b‹²žßŒCm¬U,/Ô¡à-X¾æF~Áb¶,R,..1¡›(APŒ9ŒõƒÀR=ExÞ‹x„<Àž½ ð©!iÃÔ˜:|9IöL° f&‰“~eè˜0qzž—;ó€`ÞŒÅÈG´BÏ^ðG,]c@Þ&*öLs +z‘Óýå‚ï ÞKci§¹c¯Ç àÙa_»áž¸–iëò-ÓNìžÅe ÚYÜ\Ê×0 ƒb“çéòíÇ«•™¿câu ß5¸Ú-‚ˆÁhxÞu-ôËwÊm¸÷A?(è@Ú¼A"þª‚=Ëô9pSò·ëÜ¼Šu–pY9¦äYêW¬(+ã×-B³}iÉW5z…ßôwÂ¨÷à¬ÔïòÊ=Py%¶`aØ'¾É=dÛ#ÀaRÅþ}5Ì ~•¸ÓG•Ð³‹†'§Ýï±˜×¹üV—*S~dv*öÛ)´sŠ«;ÐðäØXÚt1ï}¯ivˆû•¿ï8ÌŸ5ÁF×ô½Ñ)å/¦ ¡ŸG®¬`×@‰ö{(õØZÎqÜ?y ß=Ž._Än‡Ç«frbÛ1ž]¸sÿë#úÚ¾GÐ7<ð›]®Opƒß€”åXaþŠËŠl®±Q’…¬tm£ýÝ”7Y™ñ=»¹ˆ—àÉ?6/Îi¾ð¿rî¯Þ¿¹¢ù‡—Æõá…—Ïú×G‹ñ%ß7à×Ôl1Kó‹ð£r2æ0ï–GþØCÞ¯endstream endobj -1508 0 obj<>/XObject<<>>>>>>endobj -1509 0 obj<>stream -x]R]o›0}çWõe´PH°§‰,DªÖ%[‹íirÌe¸16ÃÎ"þý.Œ½TÉÆ÷ø|ñ;ˆñ#[c“BvAFHã(\#É3^¯ùM°‚‡}‚8FÕ0$Í3T5x<ŠPÉ{)´vðž´†ÔŠŒç}+<è £o•ùåpü¾¯^ƒ«u&|Ç}ÕIkjÆ ç`h+/Àóñ]MfDgkrw!à‚e9ò8¢ïµ’Â+kpkÉ@yØžŒƒ@£4±´…6Þ°9¦ÉÓÐ)C<Ï*ýØÓL-¤$áZ{Õ5ÎL¤µ½Q §º«öÂ½:=â¦|Ë,ŒašÅb`Aî‚ÆowåáÇÏÃñP~À¼|.‹Ý²<=?V%ìðï xzš]²ÃÉ¥ÐÎÂõ$•àhm×³Í³ÒÊ/‘¼¡™ª`¹3Åþó–ÓY6»ãËœýÃ>_zŒSî8ß Ï§D^Š¯ÛßûJÒcgåµãçL'ŠÕÿéU}œæã0 qšÂ{l¸îË1Ê¼ó8ÙáòiÂ$YfiÎ?Ì4¿ž>•Uð=ø³.¿Vendstream +1516 0 obj<>/XObject<<>>>>>>endobj +1517 0 obj<>stream +x]R]o›0}çWõe´PH°§‰,DªÖ%[‹íirÌe¸16ÃÎ"þý.Œ½TÉÆ÷ø|ñ;ˆñ#[c“BvAFHã(\#É3^¯ùM°‚‡}‚8FÕ0$Í3T5x<ŠPÉ{)´vðž´†ÔŠŒç}+<è £o•ùåpü¾¯^ƒ«u&|Ç}ÕIkjÆ ç`h+/Àóñ]MfDgkrw!à‚e9ò8¢ïµ’Â+kpkÉ@yØžŒƒ@£4±´…6Þ°9¦ÉÓÐ)C<Ï*ýØÓL-¤$áZ{Õ5ÎL¤µ½Q §º«öÂ½:=â¦|Ë,ŒašÅb`Aî‚ÆowåáÇÏÃñP~À¼|.‹Ý²<=?V%ìðï xzš]²ÃÉ¥ÐÎÂõ$•àhm×³Í³ÒÊ/‘¼¡™ª`¹3Åþó–ÓY6»ãËœýÃ>_zŒSî8ß Ï§D^Š¯ÛßûJÒcgåµãçL'ŠÕÿéU}œæã0 qšÂ{l¸îË1Ê¼ó8ÙáòiÂ$YfiÎ?Ì4OŸÊ*øü³$¿Uendstream endobj -1510 0 obj<>/XObject<<>>>>>>endobj -1511 0 obj<>stream +1518 0 obj<>/XObject<<>>>>>>endobj +1519 0 obj<>stream x•WMoÛ8½çWzi4Nì¸qvo›vØ¦éÚ‹\z¡%ÚbC‘Z’Šë¿oHêÃJ/‹ @"‘óñæÍ›Ñ¿gsºÄÏœVºº¦¢>»œ]ÒÇ«³ZÞ¬ð÷¿NÒ.½˜Ï–Óç·›³‹»ßhqI›L]¯nhSÌ\âIñîS%š ìÐ·VÏôÉYïiÝntëìÁ+³§‹ôüýæÇÙ%/–°ñîÉºç½³m3Û·ª”|èânIóyry¾¸™-øÂ¦RžJ[´µ4|e[]ÒV"~Q’2TXó£5EPÖÐA…j°+LIµ8òá ž¥!á)TH[ø@Á Ä]S°9ÄùUò©êFKöÇYl»tD³ô1KOlþ‚¬£üüÐeæéû;<.m-”ñßßÏèéþaMHƒ½o%{·VÓÎº‰_'½ÕmLÅîèA†Ûû¯k2¢–¸kéþ‘DYJï¥l>|Ý†«_dÄ#†+I+¸©£æäÏB6¶G:ˆãÄ)<±vëÁµ¦ÁµY>¹¸CPŠäïôeMOÊ”¨1ø>0Z0 alTd§öC<°iéð6ÕæákŸ•}ÁÍ§Ç‹ûÇE½çW“ÈËB{K¾mëÃ,k[JBìÉ>ª£eÖÎW™BWË÷b6ŸÑgå‹Ö{d/§T[Í®9¿;å|ÐÇ$´§ RsqH8Þ ÌÀ¶õ—[Tz-gò¸‰½¤[m‹çïïó)OJ>=I¯Ù±´§ì·±ƒ: @@ -2766,10 +2748,10 @@ alTd äå>½zQb1(¢j¥…ãt =Ìº sAüÑã8ÑZ}d#’ËWXÍœB+$¶fL)®k‰K’ "ƒ9|O‡JbE èD2‚ÏýåSwYTÆj»‡€ñi¦Eƒ‘£¶†êm™Ã$ÅS1BœÖH´ìýY‹¢Rø/Ï„¨ÐÉ—õ#Ã“ $…?²%²2ýH˜¸“æE9kŸïw¸YT]š]•8Ã‘@Æ‰¥Â[OöEaLÓ"ÅëÆ€Aê˜Pï×ÚcææÑ”˜ÐÇÇa³rEÙ›£¦°±®öµÞD¿³b’fÏåHÆ£mÝÀ”ÒrZ{ ƒgðG8sPhç’ç Ü[ð nuPç™Ó=z-Á€¬úãPû$&qòøŸ§44¤ïv ¤ Œ‘‹¶;NÓø5Úu“*%âd£!#±x2HV<ˆ¤ÛV?w<³*Pn+‘NaëZ… Ë´…°ƒj>('Y)Kfch1F»1ÇëTÊ«}ÈØù=¥w…Å431ÍÎ#ô£ˆ;žKax¤ŠÀeÀÓÇ6´DG„+&1«„cÕ ÷±Ê€›rDt¶rR}t#'«´Êbñ* ðJ¼ÈH‰ÛH lf¯ûÄGaãhM)Lqä AdõÀ x7EãgV°f¡J]#Œ¹1ñÊºc=Õ¸³~1ÐEÌK!o>cŠòPˆP§&B_h…ýðºöÐ¸,B§e -‚ª[`~*qˆŠä3ÖMüÙÝL$Ë+CmÃŒ¯_Œ¤î"(-¼¢2¹ó®ÌyŒÓÐK®ú©ýÌ/ð TBw0Æ@ }ÄÐÌ¤Ÿ.,ž`9JÓ`Mh1Í¢éñšõUXE¡oÕ.®kR#ïPÚ¿%_H#œ²X½s-»fù#?NCˆ;”«1j )è,àNkÌ`nHº5Nj%xÚàìÉvTbEùºKb×EìaB"e0û_°Æ²5F¢¶8‹†æ©VÛC\T=t$4i¿_(¨´¥ã‘(_!ÌQä‘¸€ídâœ¿~E%–½3þ )X’X3vDlÝÍtÁˆh^ÜÝi×‹ôÁôÿ>é©ûT>ÖúÀåj9[]ßà«ù<~ü¹9ûvöí(ñ„endstream +‚ª[`~*qˆŠä3ÖMüÙÝL$Ë+CmÃŒ¯_Œ¤î"(-¼¢2¹ó®ÌyŒÓÐK®ú©ýÌ/ð TBw0Æ@ }ÄÐÌ¤Ÿ.,ž`9JÓ`Mh1Í¢éñšõUXE¡oÕ.®kR#ïPÚ¿%_H#œ²X½s-»fù#?NCˆ;”«1j )è,àNkÌ`nHº5Nj%xÚàìÉvTbEùºKb×EìaB"e0û_°Æ²5F¢¶8‹†æ©VÛC\T=t$4i¿_(¨´¥ã‘(_!ÌQä‘¸€ídâœ¿~E%–½3þ )X’X3vDlÝÍtÁˆh^ÜÝi×‹ôÁôÿ>é©ûT>ÖúÀåj9[]ßà«ù|Á©ü¹9ûvöíñƒendstream endobj -1512 0 obj<>/XObject<<>>>>>>endobj -1513 0 obj<>stream +1520 0 obj<>/XObject<<>>>>>>endobj +1521 0 obj<>stream xWÛnÛ8}ÏWú”Ž|IÖIìC²iÑÛË®]ôa³((‰²ØH¤KJqü÷{†¤dE1P`[ô*‰3sæœ3ÃŸ'sšáçœ.t¾¤¬>™%øçr–,èâê_à—•TœÜ¬O¦ïßÐü’Ö>Y^Íi^ŸÍh.’EBÌŽRkvNé Îe´#¡s*ñ¨1”Ëmeöä‘V’¼^ÿ8™ÑÙb–\à¼S<—:÷ûƒZÜJÔ©à·§ï/hŽàœÅÙâ2Yòw×ŽÏldN"5rBWôMé¹P-²RiéPÇF¹FZjJ©,}’ÍÍÝçiQãáý©Jdò–Ÿu_ø'TKGÄLççÀ´*“Ôì·’”&³•Vp½÷¯ÉhÎÆ6Ônº®œ™'Èqä“ÈªeSšœÒ=íJ••È@¹:$Ž…oÄ’ÞV)àõ\¢®UÆsp$êDæÚ4¾¤Y¥¤n¦\Þ)‘Y*¥¦zÄï‚¾Ý}ZQx8Š)òÜJç&ÈóÙù~üðyµ^QeÌC»åt¤ææÎ@t‹Æ!âè†3UËˆ=ûB6Yã.–wÚ— '94èÈÕùºµæK¢ª^":ÚI<ÂŸÜì˜(þ‡äFKÆþëí—Q¹ È´IhÍ-QÈë{Ó§^s7+“‰Š\›jÙL¨Õ°¢|ß:tïV aŸiPÇÝ8v„Zº„P½kA§šÖÌ‘×myT9ò €Î’äX/±¡êZìÑinD¦Òj?ªVé2c)ëñDYœ®)ÅÊÚ4r(-Tº3öâ "e^Å×„Ö _ÑVX ‚Þ¿·ö›oä3Ò1ªÉqÞÒN¡“x;”wˆaíÕ½S ‹H™ÑÅíÔ»bD·"{£LhÆšÖÜª)[>£ØCî®|BúŒH°²ƒcÿø„h“!ÀáS Œ=”ê|¹©,ïy&A%#VÅ7{/g·A–ðc@q`Ý‚;9™¡fÿó‡gF7ÖTÌÔ+"ŽFÅôÞÅ’¹Ë‡Áj9ª¯ÿ(’÷§ë T¸~×[!|«°¦î”{?ŒŽNò)+…Þð7CÕpXX-Dì dJxî~„\€O4^U{2iÃø @@ -2777,10 +2759,10 @@ x ¤¥o,Ï«f!G?l:ðN<§Ç“…Œë…•†ñçÚíÖXØ· ÉtŽÍcÜ^g¥ÑÊùÑÉ8Šoz72ñõ‚vÝl‹gðáƒñÆk 7ÇÕiÂhS¡*µïQê&7›zp$ÿþ17ÁM÷ó·£¯Õ8ÉÊŸ-ëePW¨ÚöeÇdQÎÀbR«ò Œó»Ã›-3XÈ(¸“<Á¹]Ø0ü˜³ÞÒ8¾Žã¾›{pÏ ’0ö0§ÂE)ö·üÅ$ÑØfG!¾¤¤ üÒ´0,Xf Îôy3ò¿èO¿1 °ö|9 Ggìö!CÐ ×š0¼6Ñ(;eÜh'þFàëÇ~”ceæõ7p-,ˆ£°>!Ï¹Áb‘ïèjFtì -KfhTÀòhØy")W3J±îüèˆ>¼™u¨>Â¡±³Oˆ³œ¾ÇÐß·N§XÎ§%¬×…ÝEì÷ ‹3Ú[çð¦xv~ÖøEržÐ×ÎÑ¬¿Ã>yýrQ|~üàž·4ùÈ‚ÉúîÕ×:¸Š×I·÷ârâ†f0åa!òwAVÛ¨Aè6föÇŽeÉÃöX8žÂ 8Ð²ûð™g¸·ÊoºKmŒâÑBM¿“Hà0INÿÈ¤H6Iù/%I¾ë ƒæ¯Æßý"\Å>Î—¸Ù_ÓrynÏ«ë7×ôÅ¾ÐÉÚDóŽÉ_žuœ]Îcþ¿/û|ýÿÕõþâò"¹\^ár@óŽÿn}ò×É£n›Îendstream +KfhTÀòhØy")W3J±îüèˆ>¼™u¨>Â¡±³Oˆ³œ¾ÇÐß·N§XÎ§%¬×…ÝEì÷ ‹3Ú[çð¦xv~ÖøEržÐ×ÎÑ¬¿Ã>yýrQ|~üàž·4ùÈ‚ÉúîÕ×:¸Š×I·÷ârâ†f0åa!òwAVÛ¨Aè6föÇŽeÉÃöX8žÂ 8Ð²ûð™g¸·ÊoºKmŒâÑBM¿“Hà0INÿÈ¤H6Iù/%I¾ë ƒæ¯Æßý"\Å>Î—¸Ù_ÓrynÏ«ë7×ôÅ¾ÐÉÚDóŽÉ_žuœ]Îcþ¿/û|ýÿÕõþâò"¹\^ár@ósŽÿn}ò×É£d›Íendstream endobj -1514 0 obj<>/XObject<<>>>>>>endobj -1515 0 obj<>stream +1522 0 obj<>/XObject<<>>>>>>endobj +1523 0 obj<>stream x•WÛnÛ8}ÏWòÒ¨Ûqœ´À>$èeƒÍ¥[»›EAK´ÅF"]R²ë¿ï™¡d;JP`ÛÆu$q.gÎœý8Pt6¤“1¥åA?éÓiÿŸ£sþâÇkšË“áy2îÞ¸œìÓ[šÎaj|Ž/ÁL¿OÓôˆš?^—®Ò¤¬uµM5ýA*™%i’ßß}ùëÓ—»¯Ÿé_Ì“E’ï.ýGI’¼ž~‡‡ ÑEo8†‹£u®½~oŽ÷o&#¾Ý˜‡ÇŒ»O !ßÞà$òÃ&6>èúæ’Ž®]ª ºQ¡ÂåKïÖAû‡×tõ™T–y¹øøÌ;•¥¡Ú]Ÿ‹™&e««µó’FÏ¥~·u÷ª¢ÁÛa2Ÿ'ƒdÐÓo}¥®.2šiZ˜•¶¤ÂÞãÃÓS4Ä ü•*<’ œïžGB]êŒ*Çv†#š™* QOÚŸþÃë„îsx` :E+µ`–J•i¶ÂÄäR×Y‹ÑKX^i¿¡Ü´µ) 8J5ò"Wû-EØ[HhšÃ#þYgÂFªÉuÒsç5»ìí%XÛLãÕ¬@\u…87œ©…ñš95eŽnï¦ôhÝZRØ¯è“hÁƒ†|-¿zû¤Ù÷·¼rËÊ8&1Se9¢†kœ[[bz,¼«—±è ‚{GË ºšÓÆÕTÀŸKú{Ùï¬XUÊ—Lð1+(ßêêòênŒÒÜX€„3!C#PÄR8÷hì‚ @@ -2792,23 +2774,24 @@ x lšç½µ/aoºs^˜ŒX:Ž¥½Tê6çV‰epA#i|$½W1Ù˜œELX›°8¬xE •Q3Nþ-T(0öõ¢+‡<ÁÍ¢ö8uX”¼q†Cš›‚IÈìå‰ DìòPd¼cE¡—q V³ 9eÆuz‘A¢NR@6‹Hk¿t`Î ž)“²Y4¤°»@hÉzÁŽ1˜_aã•ÿb`»»hÂ‹ñOŒJ±ó÷òú’¹R!¼ pgFïüþÂK—ð-×Å2FË¸ leæX“yPÀJB—]83=7ÖÈ'%“íW?€‡"qpŠz ehìv)Lè–_ÿrŽñÅèd›ÁjþçÕí§yÖvIqÝˆÞ´çºâÛ™ ï€¨‹…bX -Qk“‚ò94MZ{SIžÇÏ›÷ÈÁï¾ç'x›ÅÊÉ+ãäâæò‚>{÷S‹Þ»oRX‹Ž´×èõùý÷èÿoª£³Qr6>Ç+4ŽNÙê‡éÁß¿©!endstream +Qk“‚ò94MZ{SIžÇÏ›÷ÈÁï¾ç'x›ÅÊÉ+ãäâæò‚>{÷S‹Þ»oRX‹Ž´×èõùý÷èÿoª£³Qr6>Ç+4ŽFlõÃôàïƒ_©endstream endobj -1516 0 obj<>/XObject<<>>>>>>endobj -1517 0 obj<>stream +1524 0 obj<>/XObject<<>>>>>>endobj +1525 0 obj<>stream xWÛnÛF}÷WLýRiÝ,Éú`'Na –Üˆi4E±$—ÒÆä®º»´¢¿ï™%)[´…o2É9sfæÌðï£õñ5 éFJË£~Ô§ñÅ Óx6Åç!~¬¤<ÜŒÑ¬{ã*>:{7¦Á€â¶&³)ÅÁN¿Oqz"õƒ²F—R{Ú®U!É¯%½½½‚Ù\ZGÞ„+¥p^ZJöÖ>æÆRbÍÖI*”ó¤4®”Â+£Éèb½Š¿õét8Ú8;ùˆMNŸnæKÚª¢ ±÷0hL}±gHåtýûõ‡/”Š!ÅoîÎnîhc7©)Èy‘ÞÓZ8J¤Ô'W«ÊÊŒqVðôßÁ(²ßàÐIû í™‹èRïZã~-|°¥ÿ½rm¡FÎ,(]Á[í”Ãíx3"KA%Âž¥¥+0ekŽ_)v4çÈi%=›½×fK"1ˆõÝh¶zTŠt´Dnp¾ãw-$q<µ/ÉÔl•_“xF.TQƒC‘eV:G…1÷Õ†„÷²ÜxðŒÌ€T¤>dÄ[,ŠŽc~F¢$@r"8»ÈV(‘¦lZZk¬ëÖElÓHKQ&‚ÞC¸ß* „t¼UÚ‘«6c=ýB;éŽÛueqAPÎeüÇª0‰(ÜŸäP_(Êÿà4´´½DZE¨)€GY²3•¥$ž^Æuön²oÑ}Ç¼]Ð|‡†`#m|J=A^þTç,d¾áìÚ°^¥U!,ºK¦rJ¯Pn?»f³Õ„.lJ$¢åF¦*ßñÓDhç:íºLB/¢B;nYëª¸ ä‡uèt4®eaM"zkB¤|¢äBa³ˆHúz2øúê±ý!-·Kú¤tÝi@ûµ¡¶+©bšF‚K‚ ‡LYÂN ‚4ŒCÈ$…,jÀUJ?·¦„¬!€¢à¡í5 Æ€övÙ!AÙvk·ü®˜¹ôW7‹eûyq¾æÌÀ1šNBë§,¸Ž™¥÷è¯'ÜŠj0$ƒµÁ9•Ð%/YçP÷‚ÛAU[áø‚ +AÊq5…¤e—`¡Æf(!xÞ@¡U&uŠAÑGêŽîí5HÙq“‰Žg[ÕÇê‡– yô L‰ bÙJ#GZ´¾«”HNkº>\™JùÆŽAeòëª-ŒvXéîr]f—ìf"†—nÌÊqnªÕVþ˜jy#Å=Ý0ÞæOKÆ™Ò`0©’ÍøY²™DÑ¡£þâû>¨ý< MÕŒ>ÎñÍÝç¶‘(¾Â°õ-5S“Õ°ÂÑ¶4»L0ž}¤¡iÁy’ûâq$Ó»Ç¤]‹ÍFj×ã Íf^€ÊøCîÝN¼AŠÑñãz_Î Éä‡G|hyy{uIwÖ|ÃxÆ"“Vü.ö^vr:˜à=m6¢Óiÿ‚ŸÿÿûN;'‚ª§ãh:™a“‚ÍÁ„]]ÇG¿ý‡Ê˜Œendstream +;åýyJ—×´˜¿ÿ‚_×t÷a/Þ,Þÿh:O#šóîúA:STa[ð``¤‡`š1ûäAàh{˜÷_dÃ<Ù#ðŠÁÉ#64³Y@éªLêÑSb1Y]\{e©³Ú¡ŠMâª§ùÝF¢P_NP¡¯ù0Þ¢FÃ°Ìð·ySxª4a*½1EÃÌ¬YÎ“óhr> Éä‡G|hyy{uIwÖ|ÃxÆ"“Vü.ö^vr:˜à=m6¢Óiÿ‚ŸÿÿûN;'‚ª§ãh:™a“‚ÍÁ9»ºŽ~;ú‡À˜‹endstream endobj -1518 0 obj<>/XObject<<>>>>>>endobj -1519 0 obj<>stream -xTMoÛ0½çW9¹@£ØùpÜ;´èŠ–¶C\ì Pd9Vk‹™$7Í¿%7]»¤;,‰C"ÉÇGþê%Ó7ÙÆ)ˆ¦³˜Þ26†I6£÷=FBÙ»Ì{Ãë $ ä%$l2AšMÙ4Í /€Üâr}Ÿ»]ä‹sP¬ãN àº€Š›BÃ•vô°“ü±Ã IYœN !º4ÈÁ;‡ÖJ÷WwÁSp %a±~– yC·\´–t¬\7R;P]rƒÑŒe”$A_ÔNM¹{#¹¶€eÀé@[§PƒÒ¢niÏ}fCéÄ°Bëì»ÊNÊ: )×\<ÙàÁí6’ K<¨÷ê¦#‰Ã±Q¡VƒÎ]ZK%)^ÿôIs®w`•#n¶\;Ï51æŒ(ÔˆOí†ˆ£fì ø3ªV{â(q†—¥òJBß¿¯bÌ±ûž )¤éÃ†²!®}ó‰âµ‘ÜA%ë ýÙáØ àÅ_»=ê[oà„v¯c8óº#ÅŒ&lâ›êÓùè_`«¨¹u+¯&ðï>í?âõ ©‡x@óÐ]ý<„Ï2’µj©‹˜ï"½SÔåÉ'q=…,y[;bêß”èëy-±+7ý$ƒgúÞ«OX¥46ïÉ WaaýØ‘váú^«°;ëdã¥¤šM-ýˆ…Ëµ$ëV;ßƒeÔÕé‡ùUe«E˜)ÁëÚwä@?¦¡ƒÔÎ`]wáöè6Kô6iŒÌÊuE§pÌZ[»UNTÇ<¼à?ú¼K4ÄêD|Ì7ŒÚð:Û/½”b6†ñèŒeSÒc-.æ—pgðQú9CÑz’hÓ öAi½u.ƒYìG,ed7·¹§¤æ¸ŠVj Ë(YžÀÆ C5Á|?•.pkisŠJii=îd6a3Z¼´q‹(™ù£¯yïGï7ªýÈendstream +1526 0 obj<>/XObject<<>>>>>>endobj +1527 0 obj<>stream +xTMoÛ0½çW9¹@ãØùpÜ;´èŠ–¶C\ì Pd9V+‹™$7Í¿%7]»¤;,‰C"ÉÇGþê¥Ð7…ÙÆð¦—Ä ½åñ&ùŒÞGôUï²è ¯'¦PTÆ“ñ²|O³ŠÈ-I àÑ÷ù·ÛE±8iÁ:æ$¦K¨™)Á!4LjGO|R<ö¤YœdSBˆ. ²’3ëÎ¡µÂÂýÕ]ðäLƒFGIXTÏ4kè–qƒÖÒaƒN€ëFhgê Kn0šÅ9%IÐÊ £)roÓ° +8hë$jš«¶öÜgv1Žk´Î¾«ìô ¬Ó²büÉ†n·]áA½W7IÖˆ%ð%°jtîÂZ*I2õÐ'5Î™Þ•Ž¸Ù2í<×Ä˜3’; P ŸÚ GÍØ°g”%¬öÄPâ«*Éc(j}Oü¾ŠqˆÝ÷M)L6Ì qí›O¯`j¡6ôgD‡cw$€íö¨o½=‚Ú1¼NàÌëŽ3šÄßTŸÎGGø[IÍUMh¬¼šÀ¿û´ÿˆ×ƒdâÍCwõ?ð>ËH(ÙHR1ßEz§¨Ë“Oâz:KQ±V9bêß”èëy-±+7ý$R[Ï<ô½WŸ°*al Þ“ÿ6®ÆÒú±#5ìÂõ½–/`wÖ‰ÆKI6%üˆ…Ëµ ëV;ßƒeÔÕé‡ùUU«y˜)Î”ò]'9ÐO£iè`µ3¨Tnßn³Do““Yõ±®èŽYkk·Òñú˜‡üGŸw‰†Xˆù†Q^çû¥—ÑBÌÇ0Åù”ôXF‹‹ùåÜ|~Î·ž$Ú4¨}PZoË`–ûQœÅd7·…§¤æ¸šVjË(]žÀÆ CŽŠŽ`¾€ŸR—¸µ´9y-µ°w2›Ä3Z¼´qË(ÍüÑ×¢÷£÷ªóÈ¬endstream endobj -1520 0 obj<>/XObject<>>>>>endobj -1521 0 obj<>stream +1528 0 obj<>/XObject<>>>>>endobj +1529 0 obj<>stream xWÛnÛ8}ÏWúÒpßj§‹E/lÆiÙúBK”ÅµD*$W¿gHÉ±U/°(Š9—3gÎŒž.&4Æ¿ -§4[PZ]Œ“1Í§ãdAó›%~OñßJÊ/žh²L¦ñ8ÿ˜$7xÂGpëúódAŸ}»ø°¾¸¾}GÓ1s^,oh¬Žñ$½üXˆÚKK³„¾;üU:7¶^M™ðb#œ|³þ'Ø˜,£«ÙþÖÙå,™$ôY{k²&å+ñäœ&“îät‰Àqò¾Ìh¯tföŽÒRIí9©3ªK¡4yùÓS-œÛ›92ÏˆÄW¬LèATA©Ð”2Ýñ'ŽoZJm[{¥·À˜®&³ NV$à&5U-,ðåŠ¼ æá rÞX™!ñð¨Ñê'5ŒDŸ}ÒÙœ.’9§²’{¼=›ŒÔ!X{ÉåÇ¥3W©(K<ý"t…,8 ÕšØ»t?Þœ¦;B$ÎK‘ R1ùY¬Z'˜œ? »WeIF—mÄø\Xƒ•92e0¥¸>$3¢F—Ò9FJYÜß*çmK OöRìd6Á” @@ -2820,29 +2803,31 @@ u/ ÑÅÅ0è†*R¨—Â»8šYÐ¶,K"MƒÚ³¾Á'`îÒÞë–cE2Ðr§_hÜH>pvÚì1õ¶Ðm É/D™CÁér>Â{–¢¢µ´¹LYHkãœ‚D$\Üú¢A¡Ä àÛA;£DCà”ð§*Ã3càšg¦sµ ó-£(#e&êU{*1šSÊ4Û‚Ù‚ýx0™N“éxdófVUVYÎàlXC±Í±,?€×*åuÍ°a ½í*œÉ\4¥ƒœ¬T$#‰Ñ¡º¹‰qÎ†0OTè0Ë®o‡éÄ‹¯¬c@›U™—à5~9S6a3Gƒö wEÄ–ƒ·ŽìfWGØ–;Ø³òJêÐÝg²Â~êÀY?^Ùèjx,J¼ád=TÅ¬áh³˜ÌÌ÷ÈÒJq&(F5ÈÒS"Ò8è¯üY¨MH‚ç´æYÁ—ÒiÙd2ôÝOÑn…–è}àë0FB×Þ=rG8açjjžÐ”7hèÌT¬‡èÑ0žC7šÔ”˜¢ìá¶Ô-X(ÐþaEŒV¤~VÖh^=ºç•–£¹çuý(Œ¿¾ÒŸX=ãˆZÝ¯Éuu±„5ÎÐ&É$ç¡#;Ì|º U7f;UŸí¡îpˆ™êT - ˆƒ@òƒ˜amä¯•>‡E2^¼åŸžè´ƒ™3šŠÌ+×‘ë[|›†oÂ«é,YÌæt5Ã_|Ofÿût¾œ'ËÅ ¾aqirÃáý±¾øvñ/%!endstream + ˆƒ@òƒ˜amä¯•>‡E2^¼åŸžè´ƒ™3šŠÌ+×‘ë[|›†oÂ«é,YÌæt5Ã_|Ofÿût¾œ'ËÅ ¾aqi²äðþX_|»ø% endstream endobj -1522 0 obj<>/XObject<<>>>>>>endobj -1523 0 obj<>stream +1530 0 obj<>/XObject<<>>>>>>endobj +1531 0 obj<>stream xW]Sã6}çWÜ·ÍÎ“/’Ð7BËLùXœÝíN·Š-'ZdË•d ÿ¾çÊv:0Ä–t?Ï9Wùû`Hüi6¢ñ”’ü` h<G#šÌgø<ÂŸ•”……ÑdðöÂp<Ž¦ÝŸ–Gi™ÑÆšÎ'Ñp|LË”ài0 eÒû¦ŠÔ<::™ÓŸNþõqùó`@ýá4LyãnýJ¾»ôÇ-ýfò°ÞF“ñˆú£Y4Çœ_n¿ÑÚ<ªbMÒ:e G&£«˜ZçY¥õ–\U–ÆzJM.TAN&•U~K¥5Þ$F»ˆCxå¡5r½¤qtüôn˜XŸD^î¿™áˆ+rkM&Ç(ô»–°ó‰bi‘ÍÑiú ŠD¦Íó»gP¤®í£‹iÓŸ×e»6^Ò/lmßÅÞ©Ö„šXYxÀBKád(¤J¬q&ó_}::»¼ˆ)Ñ ›Ü®¤¢ò¼P‰ðH” ¼àýmÀ:´ël#´–ÅZÝIW¢S’r™lD¡\N©t‰U+$»‘VF´(ÄJs[ÄbÉË'OO©‘Ž ƒ¦*‡Í’Ýv\Š•ÒÜf@‚cªC'o¨«R Àƒ,»-=¼¿ôPŽŽ¦Ñ„Sx†«¶Š+'˜g{K¥pîÑX˜Ô¦àŒdA(•š1Rj79¶¼•}ÉUé!L[S7Á…(ÚÒ*ŽÝÊµrÞn‰ë¸–¼Q¾eŸ”£ëÅ×Å]jÑr£\§Z¹ ßÏ5 Ù f_¿TH|î)1E!n6@°1•Ni%°”Ñ,¢’?z+kîeñã#™„½Ž¿P5Þ¸+ö¶¡PØ•W9â±Ò™Ê&ü’Â¯E–!Ü9Ó·$DÑeè9»œl@Øµ°Q«»Xv‘pIdÇ|]&”ÙÓG_âÝ\tR]\ŸÝ}¿].Îéö4Ž¿ÝÜÇtS¼¼»¹þõ÷ïtzþõ2^œ7ÆNh¸eÀÝ( †ÔZÍCÑ0¢ ^¬Á`\a„Ñv½gv«ió žÀðí;èTâê3˜õuÞM×#ŠÑa™*Ç´ÜÃÁ -°VÁdüY9VÈïÖ¾m£µaMS9úºŸ-Ý^Œh+7©øàI«{°Lèûæ´Øá€1_…þ¥‘…¯;geVA@úÈŸ^¡³˜ª¥£}Qµ3Ìœ·¤åƒÔˆ¢'¹IÁôÖ‰*È ôó˜ÉK¢”ÂÉÌ¾LÖV&êÆñøh *!*ÏÈvñPx&ú[âroa’©®)†gG[Sq7P6NÐySÂŽáÏœ7—¼:óºì ˜€„]xmY¡á<ÓÛrH~ €vÅ-µ@â ë¹zt±CtÇ—€u]˜Ú×jrCÐ«ÿ‹ì{Y†V@£îQ<€Q_ß,Eä–æ27vûº_xæ® …2…#À>ôÐRU¨§€E•ðÎ mÂš6keW™/wdØ]`•É[[`|…Ã?zíq/5È×žGUëþCÑ–·Hl‚$8vH@)om@—w‰áÇ(PXµKZ©5±h5 M›j›v¼W¡q ;—¯BIR:3yŽT_ŠÎ.Íem¿»òõ`$µNåJó°b_[:n®1½ºôû=2¶»o[Ö½ŒçY[‘»ÀO¾züÕ‡¹F¸R®¶¾;¢žõ[êªç"¿NW´ \stÑ†úì¾°K¸Ò`M4—’~#0¬ |K6•gö{‘à²ÅJ¡M" 5ù*å -Õ?,°ž|p{l¾R+‰ëWVÏ}Ú²067¯2ã-}m}¡ny;oÊ?œâ;Ã|LÓÙI4žáâŸöâÓ«O§|ñüÉó÷Ü$UŽI.œ-îùõ‘þlpÂûÿãäšÌ&Ñl:Ç—œž°©ÅòàóÁ?íœðendstream -endobj -1524 0 obj<>/XObject<<>>>>>>endobj -1525 0 obj<>stream -x…V]oÛF|÷¯X¢-J²dE¤n€ã6 -Ò¿œÈ“t1u§Üðßwv¤%ÅI`ØHÀÛÝÙÙÙ/g9ð“Ó|L“Û³Q6¢Éd‚¿Ó«9þŽñë5äÃx:ÍfÏ}Èg×ÙôôÃëÅÙÅ›KÊsZ¬dv5§EI0Ñ¢„ír§BØ—/ŸñpÚ>ÐFŠM…Ú©¥©Ll(:*6Ê®5‰‰óe gé“±¥Ûº]PÐþQû@÷ƒ¸1ü±jhïüC ýF[öÇaF4Ì'Ù8^©uˆ„ÇAÛÈ!8(\Ýy³U¾¡·UÆÒŸÎFïªJ{2+j\M -„c×¤,Û´okÀxz÷/³6êx~uáÈ×–úÜ ¹*²ÎoUElMŸk€ŠÍNÓo‰”§epØyù5}ÉÛ/×ÙäÃ}ï÷Øt(/zó÷UIÞ½îa¶:wy>Í®[‡¿ƒGUÕš6¹ÉyÚ˜aÄÚ[¦ÔáÃÙXGxÎñ‡£žò®v£CQºÄnõ^Ý±0PåŸ"³0d'>ûØçõN«H?0Ë³¼KÝë¡dßÇH°;¡óô¸ÿVhàì[²J§™H[‹MÒtí=«-±¢óº¤èŒ cœ3¹¬Ä¸wÔ‡Tâ½+Š £9Ð³ãœ³¥¨½/.íMU‰é²U.OU äÆ>º`Y6¬hPo,÷€H•'ÒTªªÜ^Ê·§Î”¶ƒ. a··ôAm—ªGñLDîDãT½Cfâ®08Ã7õ Î.gÑ!Ê¯ë-ø;§°Ó…Y5ÜìAŒÚBƒ4‹è„ŸN|ÒÁ{Pn¨dtë"çÈ´`h²ÀzBÔ—sçÝv¥l¨U±ÑÅƒ€huP”>¨Ô›«S£ß™A.þ"èØÄ-§Ã“Ëa>bú:¿v1¦ÊÿôXh=²½{ØÇ¢ð¼+u0k‹b#6ÏH_ðá¼+! ¬Úbü*ÈÑÑÇÛ·ÿ Ë ²IrÞÍøAöÍ@wþøÝAÍN(úÆ¤pÛ-P„SÝ¼á[4 rˆÊT²ê2#ž&ìiþ^¯ PdÄ²A`ÆZÙo:TT®ª½jçÏ/J½2ÖDƒ*ˆ¥¶…nY¿¦WÛp2Mã}’M3º«xmDý5ÇÆ»ñûsú}U/,èI¬Ü£]0P½Ñ(ÚXTÃhÑ ¢Úš¯és©¢Z*T‚ë+kh«¡àÐ2ÀÛ+£+lÎÞÕÊTšÈnË.t,.ÍÅw5„"ºæ‚?3Ð¦ói6Ÿ]¥ƒs>/XObject<<>>>>/Annots 567 0 R>>endobj -1527 0 obj<>stream +Õ?,°ž|p{l¾R+‰ëWVÏ}Ú²067¯2ã-}m}¡ny;oÊ?œâ;Ã|LÓÙI4žáâŸöâÓ«O§|ñüÉó÷Ü$UŽI.œ-îùõ‘þlpÂûÿãäšÌ&Ñl:Ç—œÎÙÔbyðùàí’ïendstream +endobj +1532 0 obj<>/XObject<<>>>>>>endobj +1533 0 obj<>stream +x…V]oÛF|÷¯X¢-Z²dE¤n€ã6 +Ò¿œÈ“y1u§Üðßwv¤%ÅI`ØHÀÛÝÙÙÙ/'9Mð“Óâœ¦s*6'“lBÓég—ü=Ç¯×´–ç³Y6îC>¿ÊfÇ^/OÎÞ\PžÓr óË-KB€É„–Å(lV[Â®|¹üŒ‡³îáˆ*(Vš +µU+S›ØRtTTÊÞkçË@ÎÒ'cK·t³¤ ý£öîF±2ü±niçüC ]¥-ûã0çÓì8F^itˆ„ÇAÛÈ!8(\Ýz³Q¾¥k·QÆÒŸÎFïêZ{2kj]C +„cïIY¶éÞ6€ñ" ï^f]Ôó9øAÔ¥#ßXr'äªÈ:¿Q5±5}n*¶[M¿%bPžŽÁqïå×ô%ï¾\eÓ÷ƒßCÓ±¼Ìß×%}x÷z€ÙêÝåù,»êþ.HUÝhª4r“óT™aÄÆ[¦ÔáÃÙXGxÎñÇ£ò¾v¢CQúÄnôNÝ²0PåŸ"³0dG>‡Ø½çõV«H?0Ï³¼OÝë±d?ÄH°{¡ŽóôxÿVhàì;²J§™H‹*iºñžÕ–ØÑy]ÒtÆ +èX§L.+1î ¡•øßàJ«¢b4{zv\‚S¶µÅ¥©k1]uªÕå±*ÜØG÷,«– êåI¢ÒâDšJÕµÛ @ùöÔ™ÒvÐ4ìv–>¨ÍJ (ž‰È}€hœªwÈLÜ gø¦´ÀÙFã,:DùûfþN)luaÖ-w {c«6Ð`å‚fñÓ‹O:xgêÑ•Œn\á\™ RXOˆ†rn½Ûl£” µ**]<ˆN÷{E‚J½¹: údàâ(‚ŽQAÜr:<¹†á#¦¯ó÷.ÆTYãŸûCvãûP´#žw¥æÞ¢ØˆÍ3ÅüAøïÊB«6¿ +rtôñæíÂr‚€l’œ÷3~”€}3Ð?|·GP»Š¾1)ÜfáX7o@øMƒ¢2µl&€ÌÃ£§ {œ¿×k(±l˜±Vv•A‡ŠÊU½SmàüùE©×ÆšhP±Ô¶ÐëW”c£ñjOgi¼O³YF·5¯¨¿ÆÃØxw¾ÀþÄœ~_—ÁºFk÷hToô#J#‚6•ÇðÀ#ZCt‚¨±ækú\ª¨V +•àzÁÊÆÚj)8ôÌ°ÇöÚè›spµ6µ¦²ß2£3‹3Asö] ¡ÏZ}g£gô‰§ÒÐàÐ·ÒÒPãÄÒµªuyÊ‹„”æ$Úùýˆý‹Œ–×ÒùOÅíi&(ºªúŽÝ&Nyó¦høF¿ÀÉ/8%–Þ<ŒëŽhìsúÈjƒúh¥Š êy0Ø¼¿4•m²Re É+œ]›ûÆKUwß|zÍÒ‡×n/ð06D$.©ýJ·ïïëW·?bež?I%ƒjq‰$ÕN’§Ù<Ë3zËwNÙ4½íWP(ç£-]!C˜çHáÍ +K®â•àX•<®9•`¢Á4¦šyKq«¢p VážÈX‹^õ´±ª“úYÕkíntq÷’XÉÈ@Î9ÜÀ‡éÆóœ{ØkÅí¦jþG+÷¥Bñ‚)¨ÑìZì»{ôáÉ+ô6bp£Ö|œ*™šlð”$„vbt%Ãª¥adí%ÊÇk_’½þT¾ÀYÚR9ÜuÇ¢Ñá”¶µæn?˜`k\¦i›X¦yyöæ²»ó9nøË)Íç“4 >¼z÷ú.\÷Qpµ¦JŠ²8uÜ4É`¼˜\qÁŸh³Å,[Ì/ÓÁ™_±Ù_Ë“Nþ.!×,endstream +endobj +1534 0 obj<>/XObject<<>>>>/Annots 567 0 R>>endobj +1535 0 obj<>stream xXËnÛÈÝû+ ÞŒH”¨·¸M<“1à$º±psÚ´È¦Ôc’Ít7èïçT7)Ór2@‰ Sý¨×9§ŠúzÓÿbZŒi2§¤¸E#|rþõùýÕí"šÑ|9FTÐ8žD·ÍSNWñ,æçÅ8ZbuÏÎO¼:EsšOçÑ‹ËQ4nxóXP<ÉÎâlÅ4Ã>ßÎàAxò6q´ Ù|ûØ£Y4ižx•/šM§X›.ø{Œ#)»ŠáÍ’¦¸lÎ—.c˜OþÒÎ3.ßb×Ëj÷«“åëÕÎ3Vç#¸Û9á >äüMFKÎ?´ÎNØË_Û\ ÿ˜RÓ&ãÂÌ—Ú¤¾.#Ú$½O•,îVkÐÁ¹ê×áðxQ!Téð#SÚè~_ŠDiz§ëJŠÚ{õïÊÌ?n¨P{d AMŒªœ¥Ìè‚îï~_=ü?”ÞÒÈu!J±—T[‰ÌŠ2¥½/¤pA,‹‹ÌúÄøxèNs,p½tFç9•è2Sû:8ðÝXZPvP{K1°’!u; ûœ±3‰æÑ8¢{¾=Ž‰}y!ê=fõ6F´…ËO}ÀC–gW\×²LÌ©rT k¸ÔÒè$í5GéúÅ6‚xz’öl± ÊìµÉe*—}Ÿ-I¢ëÒ]$H•nÑ”ÀgÐúí¥(pðáÃEjý`¤í¿|D‰j8UðÇ\ŽÆ e¹Ø[øvRúTtoAÔñ8à 8ÝÅ[L·½Ùöæ{Eø +! @ª¬HŸÀº€waEƒéi•cn(w œ9Q.ÌÞ3¡ãYY;†X0¶íù´½xëº¶ÕnoÉu8xíç÷³ƒ~Ìâ¶Ýä³c3ÕI]€÷~\º,Ïæ¥eS&Ti€ÞóoÌ±Óµ©Ðý~ºT©öR‡™ó<^;ü2Û@ú¢2]&6c–§×«004×6ú•oé4«]1 æž¥%Tù•rûá%ÿ‚v®–_]F´Â¤Å¼k•Ý–û^ÃóŽøÊ+®*;5”.†&üSW·ÊÛÒulçÌ‹Ä¨ä¡[àï‚ d4ÀÍCçãã£çÀzõ’œÖ9Fzx¿~`XóÀåu5ÓUsµ3YeÉóVô®yÙò™\¯îèQgîÈ“î¶×yÛ®Dšû_–»?õ‘§àÐSS‰+06 ©2¹ùé¹€‡wâš<ùq™¯ßÉÏ@XÁ»Ú_ð 2MV—Æø -d´Äwó8¼¹?®>ü¶¢µÑa¶ÄëV‡+l}Ð,F·ÿðÆ4]L£Å|¾.Ç|ô÷ÍÕ¯þýyOendstream +d´Äwó8¼¹?®>ü¶¢µÑa¶ÄëV‡+l}Ð,F·ÿðÆ4]L£Å|¾.øèï›«ÿ^ý ýoNendstream endobj -1528 0 obj<>/XObject<<>>>>/Annots 574 0 R>>endobj -1529 0 obj<>stream +1536 0 obj<>/XObject<<>>>>/Annots 574 0 R>>endobj +1537 0 obj<>stream x…WÛrÛ6}÷WìL3cyÆ¦u³d÷©Ž•‹ÛÄI-yÚÎè$! 1I°hEß³)SŒÆ‘lJÀîÙÅÙ³‹ÔÇÏ€¦CM(ÉúQŸìßî?†ƒhJ“Á$SNãñ¿ÃSFs^O“þ(â»)/ ÍWW#|6¾œbÙ/#iu4¸ºÂúÑïÍi8½Ä’ðÔlÂçewÛÛÅÑùû+Œi±èÉ%þH=Ö>-’Þ(šD£ˆæUYjãdJŸf×_i.Í“4ödñ ›Ç4„ÍgÃ)6÷–Y‘§1%:•¤ F#ZöD‘R&œ4ËÚK±”¥òIfº„þÚIË¾*«Š59˜ûRÊÂ{æp÷Î@ŸÎœ)8N2%G™Š0JÚˆ PÈÂnt•¥pH"Î$9M[mi«Ü†î¤³‰(å±¥™22qÚìê8=¤Úö|öGÔñúQoÞœRZy›™HI¯|ŒßjZ |8pP¯XW¤f$‰ÎK0Òm¬wWëÝ|€\h‡ÅÇa¼••úÑíŠvºòæáPÀ[Èô”ÊL @@ -2866,32 +2851,34 @@ P ˆ÷®õPnÓOÂº¹t¼L¯u±P(Á7/™ô8É¯ZÂ2zTÉ£Þ?ÁÚ(n6¢XÃáñseÝþY$‰{Ÿ‰µý©ýTÙ2»;–‚7dóø£ömðkfpVüibT‰8 pc4s(<ý8è·ÓØUAšþ‚¤XXî ©Äü`tUÞÎðAªs".OBŽõsÒèg›ŠäÙ¼—JÐ:Žõ±Kð w_ng1Ö½…P¼ó5h°"¡¤!Ã¶J6ÌÜL®EÆµ É€ ÙŽÊ*Î”ÝÈt/3ÎˆÂ²ˆ{ÓuÑ…=ÈAz(©4›7:Ôd²l[Å¹rÞF®SµRØÚ®`ÀA£PGwj[Cî`üï`aë¸dr"E,ˆ*—¢`ºÎÝ($‘Om»QÜ¢Áe2Gû`—|ŽÈ!{8¿‹sé’ó`7|Ót¾aŸÙBê;Â³ÇÃ²u¨B¤½k¿öáîöo€@m–Â6Úˆ®ƒP7Æà@ÂlõÃCuxfZï@¸]8JnœŸ.Sõ¤Ò =b‡,mÚbDû–‡àNæšåâà³ÔO- ËžŒÖëz~H¸ÆòL”)œ£¶úàÓ•ó½Œq Wp«`¢#rü¹Q‚j]4ÝÐá¶ H“4Ï‡ÎýŽö¥¼BÕ|Þyøð…œÝ°O9MpùÜlpx0ÈÉé»¯ÞæˆØækÁ¡Á f€X^2Z¹‰¹€Ú:~×±cáà\~vœ†~ä=)áwA•Š”;ÿM="ípêYf¼?žµtå¶ù²·<9%é"ŒÑò¤N6W³YøzíøâRf¹¯Ä¼Ú(+ö³ÛÝ|¾w¬ É2PÓ³ªŠ„Ç—mxüÊvµ_&¢åBÕ«ŽÓvçâ‘sé8ÓVÕÓ](v>÷€ï…‚âô3¸SŠ+W'šõÙ§š3ÚñùŠ‰»Û9óZÃÑÒùÁdñB©šØ@`È'4JS%³ÙÏç¨‹ˆnt±RëÊp–B@~reSŒÒ`‡“8`>/XObject<<>>>>/Annots 589 0 R>>endobj -1531 0 obj<>stream +1538 0 obj<>/XObject<<>>>>/Annots 589 0 R>>endobj +1539 0 obj<>stream x¥VMoÛ8½ûW‹Ä²%;–|èÁýH`7í&ÞÓz± $ÚaK‰Š(Õñ¿ßGŠúˆ›»I‚¦‡óf8óÞ#Ÿføõ)h¾¤$Í¼Íý™Ð" ñ9À_ÉigØÚý»»Í—Æ\zKÊèráÜBÒýh°Ìh¹òæ[ãçÞ¢ó³‹ÞÏÙ¢ ƒÎfýüÕ ¹¹xÍ¢ókmÑ%¶ô¶Á2£U„<{[ƒ™“´˜vÑc:[4Gº~gküÂÀ‹:?»èýœ-\y>ùñ»\õ5óí¢÷s¶ðÒÄël¾oêëÏçöð~èT»2žï7£éÕŒV´Ù¡›ËRÛ«m’ñÙMy•LUÁs™²bª%+R/Qùî|óm4£Ià#ŸMjvêägŒvBrMÛq¢Jî¹ï„kQò”â#¥|ÇjYmÏH‘'²N9 ~NÂÛÓôÏiäœ§³S%i–Ål$ªÎ«W‡Ò"oÏñJTªÜ¼Ô*w%y%”=ÑsˆAê-7ŠøŸ=¯pòâ³l;~A§°é@¨E‰Âw¨¢ÍXpŒ+Ò6fÅ¡é/aw˜ƒL‡Dçº#9Ãu£!54û—íè«7è$S ´ÔQ&Å J€sl[uRÐ³³¦¤¨ÀmÅ¼´év‰ö‡o¶íÿÛ¶$œºoÐ)ZÆMÄ?]š Ó+LøN[v–Î½¥‡ËÌ£Öb_Û¢Ü6›Ãœˆ±aÝ3¡S¬d¯0´ÈÔ•ý`B²XZ]é,¶—æDõÐ€2—Å˜&óíÄ\ ÒócL#Sk;ìSëN…ÀÀ:U©ÍØêŒ&SKZË7qQ'¡™W ´ –!=jß©¿Aàå^¾„¥h“æo„Ñõn'žÞ‚» {#ˆ¹þÄ$ˆ<Õ74‚$ gR®ÌdŒV'¬–7Ûñ%î›Œå`Ù{1Gµ0ÆsUQÌ1Ú -Î*x>p<#è³:p´ê‚˜™ÈÛ&A¨2ÕØ{ä6¹Á3ËnÅs"J†3Ç®ÍúþóæÓõ——éûÞ^:ïèv}w{³nN9ÉøK¼Ô£9-Ã°¹ï×¿¿_Ó×R™›Ž>ª¤6ï V e >i&áÌ<ÇÍ˜ùyÈ4µ7…7áÂ—Q£Í`n¾ú´ý1úHTjˆendstream -endobj -1532 0 obj<>/XObject<<>>>>/Annots 592 0 R>>endobj -1533 0 obj<>stream -x•WÛnÛ8}ÏWRìÆbÅv¼¶³@ÒKÚ.šËÖŠüBK”ÍT"U’Š›¿ß3¤|‰àmƒ&¶)ÎÎœs8þvÔ§~ú4ÐÅˆÒò¨—ôhØ›$#NÆx=À+)ƒþ$X@Œ¤×üúü><:bcI£ËdLáuAÓ£Ý»’ú½a2Ù-½žßôè’f9Æœh–…¸=š¥â¯¨ÈD<…ð2£JXQJ/;=õ¨;è÷,Û<œÉ\iI~%éíyCµ“´^IM¥3¥—ü¯fÊÊÔûLNÚ§]¼~wñfx´ÎÍ(7{•ãÐø'‡€¥4¹r‘¤Fç Ñg–”o0¶b–µó´HŒ?Ï@È°N°?$Ê¨»&Þx~#bm:N¦Vúj?m*Ö9á£„ü| Ã©8bµ²ED>wŒåŸ-(W…ÜyX9…Y‰'3}LO¢¨å¦Ì#¤+¡—ÒÅrl´VEAZ¢ €†Z‰3&‡ ½ÈEWtœê«©(‚n…KiÏL}UISò,K¯/ñc—ÇM¼VçÉU2Uùs8Ë§·×McOŒó´¡yüuá,L*xi~úC„‘À'Vb‘ FðvÇ½éô™Ê+£#ù@ ºâß¡Ü¯€ôÄäùÉxá…õä‡7àß‰Ñ'»sÌOÞ@¾Ýôž`*Ã‰¢d¶4utŽOò²z#˜ë0þH&}ü”!ë]L.Üoë‚‰ÜÒµ“Â¦«PÙ}Y‚HçêèFànÉsiQvòVJ2yØ´Ä6ä*‘Ê¿÷k‡&´19cÙõªB(ýh‚²nÐ2vš›Î[¶Žùã-¡ã ýƒ´’òõ¥–5(€CZº›N›®oA,ßŸ`?ëjÖª/•séÓsVW¸i'ö™o™ùi»‡5Mƒßãf—,ë‹¤Ç×‰ŒGÚã.¹gçeÉªbýg+ªŒƒ†ãášñ\J¡A§•ðMàR|mWµv¸Z¸œ'Ä5ÞçtB7pYmÖJ.zº›u_BÊ ¢¾P“eaà1:Ñª*_3Eƒµ©CKÆ‘Õ,äqBS™ÖVùçPú}ApØžaÔA·~mH•ì§Ô«ŒÒñž³²”å¾æ L¹´†¡ó(ç˜UÙÏF ¯U vlqëLÛé)´õüfÔ8î„îF¥w,¤— ;˜8êSœÐŠòa3ZqÍýöÝVúÍB¡PªµÔ©}®xÜ¿›i£;N&<æÂ+æƒÑ¸§6 Ãb·ß¸ÒA˜`·Yƒºç¡è’ý“’ëP·_ÆþKÐ6ÎÜL’þå®†h.¤±¯VÂáƒÐìªÁ4*¿{’ßj…a ÃŒ E¡0|s˜Ã@ X¼Ñ˜Ÿr>K°[S{Ê¤UO Z=6V-•u÷RÁ¼ñ°‹")1ú‚˜ŠË¨t“)•I/¬Œút{~7kã?àlbx¼•õÝÝ›Ïÿ=Ì>Þß†L4Únôì¢ûáþËì¾ûÆÏSF·}ef½”Y¼¤seáô˜y#Ç•sµŒ.³PŽ·“ûîËŽ°-×—%¦¡‰ ù`ú<µÀÏ;‘ï5<ìÄ‰£™‚âÚ¦Õùi3úÇš…„P-f0n3]±—zÑLŽ\ÛÖ×–„¾ð—›øï+©Y1×¤ÁÑá{Ýä‚F˜«bz}ûúš¬áyƒÞš´æ)!t‘wv7ºã¾žýÆ1“ñhµ7r°w³£þJ¢€âendstream -endobj -1534 0 obj<>/XObject<<>>>>/Annots 595 0 R>>endobj -1535 0 obj<>stream -xÅX[SÛF~çWœ¡u:¶° Ø&3<8fBƒ;ÉLÝ‡µ´¶•H»Êî -Çÿ¾ßÙ•l#Cš´|Ñê\¾ó›>ô¨‹ß ût< 8?èF]:íD}: ñ¾?#iÎptóïÝ¯þè1ŸÏ©×=‰†ä?dtwðbrptuB½Mæ? i’ø›»4‰[,ÓJs/M›RG©¥B[›Î2INSiñ²”›×;'Œ›¼¾£×—ã[’_œT‰LHÒ—jE©òç‹LÄ’ôÜŸ»‹èZ=›|<èR§wo&IK¦k(V¶iKpÌ:£Õ"[S’ÚX—F, Và£ð-až•qiR·¦i‹e]V¾µ²DdmFçÐ<kÇ[ÓgQeB° 7Ú±sÂy‹Ù¡;*Œv:ÖãÈÂÈX8Ø¯æâ^öˆáàÃ÷Ç´Acˆˆ^é•dTŽóío©<€Y:3Â¬áxše¬ü>M$\,‹BGshäó:K€U.ÝRëyZP¬ó¼T)ŒdìgÒ¤Tg©TÎ6•T¶M$&ÐXµ?Q¡ë}/CL-_ÜC,):"ÉS•"\P|ïÙa,ÍÎi)@%¸ã -aíJ›ßÙ%¼âë ›Ø¹$ÊN›uDŽo,ØJ´bÁ,ˆOÍu–é_¼æx°¤£+¤‹çuËf¢H"¸ÐŒûóúàYà§ÂÿÓO$X¦è¹ãÝ¢D’ˆcim›f¥Ôš8”k6IfVÖ^t£)fŒ„sÆžgùmåz[¹úmãâŸ˜®Îcu~'ò™ 1ÃÚÖåy!u‘ÉvŸ#‘RõQû÷Ú,iî7 ¨…ýÂÁñ®Î¨–sÆwŽQÒ:ŽÑ( -‰k§"³ÞàNrx@6ËfŒcä^ÅŸÝÊÑésåhy²ìœ#=ûˆÆ|æ´'QA¸(„\ÙFŽÑ Ê6A ÑCµëÔY¹/n“ÀÏCæoÞŒo¶Üê :³5ò˜9†4ÒŠü¢L±CÞÎcê†,Y¢FUŒ–òò.Ns‘q Ë|†]Å½:ÃhÔ£ºvMûƒaƒþúÆ‡‡QßbØ ->ÜL¶ö{»k'¾Ù~Ú±¸áËa±J^ëî¤Û‹G?UN.¬KsþP•”T¡è÷Î†]Z-Q‡8oƒ€Mš>]âòÔ8üŒ;mdK)ZItÐÁ÷ïâ‡„vW™Xøú |]¦6˜»¡Wlc4Ü‘ÔösÉíµ=þ$¥?þÜ’Käs†Ñ¼Ö±ã‘-ã%3øwô7t_3}Ö¦÷Ó -é'Ìß|˜¶Jr]aå—" ˜/2”—ÓVÕ5“ªóýc6gz¡Õ±Þ#ÃuE„{‘•’Ð8²í»T°< Ç¦FŽ¤õdþÔ ÆçóªòSúÑ:‘fB],…Zü8l¡ôMiÝÖºÔ¹¼4˜ö8ä[Ñp?c•AUGÂ‚Q½“so+kíì¨åû}îí‡°Ûq8]é³ùÌ,ÓÖéô\T8²àYÃ:Ž±E¾m=ZÐêžùdBŸEÎ8›´À(â–{ø3:ÛË<ƒb–Çt]ƒðWîsUúÙRp-ÜÚ¦èâÍ%þ¿üð²MÚ4"½Ohžf’G{…rÁâô^¦ÎƒDÿ²ò Ûc³Q1Ôžt 'ªþþ€š×ó Ö—&Ðã…o±»aÜ/í†•v©ËeJ†8°ÆÝ:Áàïð¿.N5Ö9týMì¶5ªÔ?amÇ+§ÅtÚ\¤2§áèç÷ýœøÛ’UW¤'KÖi?,U¡÷Û¡g ›á«Êz|y´n~ÛbÒj„i¬ õø»¿Wp±ª’xSÃ°X(ÇÊ` {w}ùÄ4öm&;ŠYÿŠY³¸¾ÜÃ„õEqM J --XLý¥Ïˆ ñë#[F§?ŠzgÛÅÓ3µ6Zm*0v2t4x<äíÐoaíENaSóƒ1on·—l”À#€Ë/`3U‹å‚ßà±—ÐÁ-WoßOÞúO¤)–[<Yò~¯±“ªyº(a@Ðè7ÄÛ&]5ZáñS–ñÈ½) GW£jì ðntLƒ¡ßùïÆo^ŒéÖhÞ}!".ózÃd;õñÎ°‹ÿpû>âIÞ`„ú§,øåäà·ƒ¿¶õ(_endstream -endobj -1536 0 obj<>/XObject<<>>>>>>endobj -1537 0 obj<>stream +Î*x>p<#è³:p´ê‚˜™ÈÛ&A¨2ÕØ{ä6¹Á3ËnÅs"J†3Ç®ÍúþóæÓõ——éûÞ^:ïèv}w{³nN9ÉøK¼Ô£9-Ã°¹ï×¿¿_Ó×R™›Ž>ª¤6ï V e >i&áÌ<ÇÍ˜ùyÈ4µ7…7áÂ—Q£Í 0_}ÚŒþýHJj‡endstream +endobj +1540 0 obj<>/XObject<<>>>>/Annots 592 0 R>>endobj +1541 0 obj<>stream +x•WÛnÛ8}ÏWRìÆbùº¶³@ÒKÚ.šËÖŠüBK´ÍT"U’Š›¿ß3¤|‰àmƒ&¶)ÎÎœs8þvÒ£.~z4îÓ`DiqÒMº4ìN’ 'c¼îã¿•´ýÞ$éY@Œ¤[ÿúü><:bcA£ËdLáuNÓ“ý»‚zÝa2Ù/½žtnºtI³%Æœh–…¸]š¥-â¯(ÏD <¹ð2£RXQH/;Ÿ=žt©Ýï÷,Û>œÉ¥Ò’üZÒÛ;ò†*'i³–šJgJ¯ø3^Í”•©7ö™œ´Oûx½. îãÍðh)œÛ›ÑÒXìUŽCã·6žB–ÒäŠE’½Lˆ>d°¤|±³¨œ§…DbüyB†u†ý!QFí ñÆÎˆµi9™ZéËMü´®XëŒòóŽ§âˆåÚ +ùÜ1–K|¶ ¥Ê%à~\†•ÓPh‘x2Ó§ô$òJnËÜ8Bºz%ÝE,Ç®@•ç¤% +h8¡•8crÚ‹\tE§©¾šŠb!èVh±’öÂTW¥4e./²ôÊñ¿0vuZÇktž\)Sµ|gùôöú¡nì™£µq^ƒ64o¢Ê½c€¹I/ÍÏˆ0røÄZ,’€"„ãÞî¹7~"Szet$ˆ¡A·cü;–ûž™åòì¼ðÂzò¹ÃðïÌè³ý9æç?ïr ßí?ú@0¥áDQ25[ê::Ç'yY½Ìƒ…u$“Œ>ý ÊõŠ“ËãÛº`"7tí¤°é:TöPÖÇ`Ò¹j¹Tß™r¿Ë°•ÔÒŠ<«™í)‚`AÁšØÌ×cj3«„yëÏy«RÙÕZÙ2‹G°$Í¡ÚHùë45•Cççö›Kê £a¶=6ªA2ÂÕO::£÷ÖT¥£"H©:QçfH=la³m÷Ç¼÷Ú±?ZlŠyðÆ·AÃk[5Þ× èã=›ŠÜÚTyF…ÉX}ü‰ü®s}[‚A0öV°¬X„áÉƒ3)rÚ(¿¦‰„÷V-*/ÝÖAú£gÏZ·‚.;D +VÇ¦qö#;p®¾ÊÆñú`6·ÁÌÆQ•#@|@ü©ßÃ@@7wËr)-ÊNÞJIf6-± ¹R¤òïÃÚ¡ DLÎØEv½2J?š`…ì€;´Šæ¦ó–‡cþxKèxBÿ ¤|}©U +à–î¦ÓÀ¦‡ëÛ@Ë÷'ØÆºŠu€*ÅK¥#}Úau…¶qbŸù–™Ÿ7{øQÓ4ø=nvÉ²$]¾Nd<ÒwÉ=;/Vë?#XQi4ŸÐŒïäB + :…¯âk³ª•ÃÕÂýà>/XObject<<>>>>/Annots 595 0 R>>endobj +1543 0 obj<>stream +xÅX[oÛF~÷¯8pV)$Z’IàÅŽ‰ãU$@µ#r(1!gØ™¡ýûýÎ)É”Ý¦Ý"kÃÖ…ÃsùÎwnüýh@}üh<¤ÓÅÅQ?êÓËÁY4¤³Éï‡ø3’R¾€£ÛñGOù|AƒþY4&ÿ!§û£×³£“ë3h–Büh2¦YâoîÓ,î°L+Íƒ4]Êe–Jmm¶È%9M•ÅËJn_ï0nöîžÞ]MïH~sR%2!]J#\¦eÊŸ/sKÒ©?wÑz1ûrÔ§ÞàÞÌ’ŽÌ ÖP,¬ìÒFW$à˜uF«e¾¡$³±®ŒXB6¬ÀGá ZÁ<+ãÊdnCóË<¹~YûÖÉQ’µ9]@s.6Žwæ/¢Ú„á(:cnµcç„ó³C÷Tít¬sÆ!‘¥‘±p°^¥âAöˆáàÃ§´EãˆˆÞêµdT[ŽóíJ©<€y¶0Âlàx–ç¬ü!K$\¬ÊRG)4òy'Àªn¥uZC –ë¢¨T#û…tk)Åy&•³-ÅB%u m‰tVíOÔèzß«SËAÀKJ«žHŠLe?xvK©Ñ¨w`\)¬]k“à;»‚W|½e;—d@Ùi³‰hÆñ{B‰V,˜ñ©Tç¹^ó§éå;ŽK:¹Fºx^wl.Ê$‚í¸¿jžþ÷†g!ü?ýD‚ezñÇž;Þ-JÔ1‰8–ÖviQ9ð@mˆC¹a“dneãE?š0‘ÂaÆH8gìE^ÜÕ®w•kÞ¶î!þY€éêâ8V÷¢Xš2¬]]]”R—¹ì&ñ)S_´¯Íò˜Öà~Û€FØÏñäúœ`9g|ï%ÓhM¢¸¶”q&rë Îà$‡d³lÆ4FîÕüÙ¯½!WŽŽ'ËÞ9Ò‹/`œÃgNp„‹BÈ•]ä l”=T»^“•;ðBà¶ ü*dÞôöýôvÇÁ¨·Ø ™cH#m XÀ/ŠÁD;äá<¶ nÈ˜%š`ÔÅh%¿!ïâ¬9× °ÌgÈÉu\Ó«7Ž&jj×|8·øç¯o}xõ†àÃílg¿·»qâ»í§=‹[¾üö—ëä°î^ºƒpô3åäÀº¬àué@ÙÊŠþà|Ü§õ +uˆó6Ø¦é³Ñ%.OÃÏÁ¸×Fv”¢µD ìqÿ[üÐî:K_B…/ ËÔs·ãŠm’†{!’Úþ^q;Cm¿Jgé·ÿìHÈ%ò9Ã(mtìyd«xÅþý Ý×Ì_téÓ¼ƒBúÕó7Ÿç…’ÜTXùÌBæ‹åÕ¼SwÍ¤î|›Í¹^j5C¬ÈpSáAä•$4ƒ,Cû®,OÂñÇ)„‘#é<›?M‚±Æ4ý¡*¿fñ×iv)ÔåJ¨åÃJßWÖý`+]È+ƒYá€C¾¥—‹„ÏP.n4Ôõ*C:àMÑŽüz{ Ú;Ôzna¸Ï'œ¿#XÇ^FqÉz$·€ÿÞ\=3}ŸI¥ÁŽb6¿`Ö,o®0aý ¸!P-…–,¦ùÒgDøÇ#[ƒFo8‰ç»ÅÓ³_´6Zm+0v2t4x<äíÐoaíENaSóƒ1onwW—l”À#€Ë/`3u‹å‚ßâ±—ÐÃ-½·>Í>øO¤–[<Yñ~¯±“ª4[V0 hôâ]“®‚šKðø)ÏyäÞ–†“ëI½Fx79¥ÑØïü÷Ó÷¯§tg4ï¾WE³a²…½æxoÜÇƒ‡¿¹}Ÿñ$o4Á Ã3üfvôï£ÿ¶ë(^endstream +endobj +1544 0 obj<>/XObject<<>>>>>>endobj +1545 0 obj<>stream xµVïoê6ýÎ_qUiO*! ! HýÀÏ¶Rû^·2mÓº&1à6ØÌvJÙ´ÿ}×6)mÚ¾×îi ¤Û×çž{î±ÿlàã7€$„NÙºá{>týÈ‹!J|ñ'),ÃY£= `¶À%qšÀ,œîû0ËšQbËø¢”@´–l^jª€àrÁ‹(-$ÍaËô ôŠ‚"ë9d™(¹ÊµÜ[Ø‘{R”û•\ðVN¤,4¸×ýO³Û‚m…±!†¦ZÏÏÄšš×íi¶GØJ¼Ô$‡ã7aœ€ðÛÁVÐñB “l£¯ˆ^ý÷…X þ}!V˜ÄX²ûeÒ @@ -2899,54 +2886,47 @@ S/ êÁ/+DI TT'kŒr4§ÙÝîÈÁQ …•g.Ö„ñcóì‘*þÜõ-6v«¦$÷Âà&ÑŠ»›»·ç®'ö*?”èS˜"fjºÉ6PŒ£’å'6Ì±(O6T˜"åÙ‰í<ó äòÈäÁ”k.„gÒÏ=8[zOå±kI|ýØÑìM.°g K¯mlÙnaÑ¿Ÿ¦ ‘È¼Æ ì¡T•Ü$Ã]Ó@) g*[É4µº]±jÀr&i†>´«‹úˆwT¨8¤%ð½ÄAâè<è¦I½¥g+uùeøÛ¾J7Ÿ<—bô$cNàì©ãÅ^Ïƒ‰ë¸ŸOa‚nÇÅ…@«|f„.LåS&4>Ûœ!ÈƒÅšrÀVÈ;Ô|4UÆ³¢TLð=ó°Š=T.+æ·˜~V`ŸZmO}èíñ†‘Ã›ó>Ý,Ñ‚uxÏ”ƒU`üVX¡x*v}/5(9š¨R,ïCš¤ãÔ¢ØGãAØ‹“dE“é èt;ÓQR[ºÙæ—¥Ò#ä{IûQ¥8z1O²5‘»S)ÊÍù¸AèµPÅú€¢Û {~èw‚ád<éáîƒqguºÃnùÑdR[Š(.ˆÒ×Tcd¿I/£Ú$ëM3¶F˜~mÈñ;²ü¾(«1Ì=QÈoÁµw,»‹…ÿ&$Ëô´ KÕ‡ßþªÏµ`é7cIƒ%èù~\[dŒ¯*bS}zÀó÷uer'Iw¢…£Q§sì(ÛlÏÎ}s¼%Qú‘fD¢Y|H¥_©_Î*|÷-¨§T’"‡‘Ý¡ÆÍ÷hìÛ -~&£§ìÔP<›÷”ÖÚ¼wÊÅ|‡Öù;“»þg¸¹émúÓÝ_(¦Z\'cW‚—CŸËõœÊ> ´ê}’¡Ç|•^±düzE‹¢í9ãí9Qörö¤‡Þ%î%Ë+ÁïëµW>/XObject<>>>>>endobj -1539 0 obj<>stream -xWÛnã6}ÏWLq€H–lù’ }È^è.v».Ðb³((‰²¹‘DG¤6ñß÷)9¶ã´AÄÈá\Ïœ¡îObŠðÓlDã)eÕIF4ÍÃ)%óžGøk$nc’ðÒ‘$¹x¾qOñ,yü‡sŠ'ø†áM<¥wš>Ÿ¼Yœ¯#º EÙé9Á(¢E6¨í'aÌƒnòKšÏæïæQœL£éÛwW£‹élv•$ï¯¯âñd|ývv¶øU0ëuãºãpÒ‡Í—Ï¿m°ÎÆ‚q„@;‘8¤7*sU/½\BqÜÉ 1,4¥,Av%i]¶KUŸSÓÖ^|Ò‰¨w’RU×yúwµ1÷ehô¾Î©Ú©ñË(350ºm29<ÎU#3«› é‚Œ¨RA¹2¶Qik•®C–G8£iè"þ(í9ez½¡]Èjõ†J >FÝÒƒ¨mH7mº^–T;ÓU%ë.+Ê !eÙáŸ?ýþþúæÏa©RÒMg4£¶ÈÎ°5 ï](Æ6×±wŽË1 -ém#áTs2saE*ŒÜ›#r‰ÿ~JÁ†2Q“‘–Ú5{ß~@EZJD–“YËL§³P¥ªE% ¾MÝŒD}d©¨ÐÎtÙV®0ÚGäÎÞž!TjôŽÊB´¥õ&CZÀ÷BÁ¸w|[Fù(ªu) #`èà¿Ã¼ÖûAP§Ú -äºs¤áRäö¾•òqdœ7ïL#ï[xä˜þè¼är:.½©d2)hýzÚ£Ñ5ì¡x°:\ic -vAm5®»¦åó;íë|LÇ/]ãÞ«áZØÕÐêP¯Èéhmº.Ô²mþ¥¹WÊtMM¥Èî]IZjS®³a]×œƒ,‹’pÂ ™•n¸A -í2¾Ó‰WyNÂÃQ—œ¼æ…Ã\sÆò”R˜FïùÝžôC4Ê¡]èpï¶€3UGÅÁ¹[v F‰oÂ}kô+}ÕÜ^g5óËÄå°ç -®Ã¶…@g—*GBš¬9<»ïƒK†cOôÊÎ!nä”»vÃÔÃya6*Õ<'aÀQXÁO®¥©O-ú\”Kz¸”>i3Ì‹.‚Îq,ò“ßvœVgè%œx -ˆn -g¿' -M®ÐÁ;"F"vmˆ"œîgðôÜ%¤j)]ývpþaÉUQ75°²Ížù‰óµÅì,JÒk~0Žô«¥ú!yj4¿¯¹g nž|]–:å7d¶ ;óu‹€'.A÷6û~‹{öœrO€ŽRO%Ÿ;íbˆ#LwÌ‚gÊùà%9f¢c>P°oÙÍ˜ÿ´ÚÓÍ3ÿKÛš›üØg_ÛxM_N‡ŸUÇ´¸µ€>"ÍŒM´c7ØºùÀ-Âé1ûý5…£(æI&c7ˆ¿(àÛï³¾s¾Ò.ÉÌ]¸Q`ztÈÙƒ“‡3xÅu÷ç|êÅú»éï¦ FSîXJ×¸Hô|ÈY³+aùª£|{áÉ ð‹àÐÂ~Æ,(ÚnÀ°h~°U–Ì…z„€ÑÝU'Ø zîƒæ´¹žf“~šC?wŒ¸¤ßnN€pòª¼ÙÍš§* üt¨z% \¨ÆØÛ³itç¥^âFeª×)ß-r_ìíàâö¬ÏÛó` -\Åk4Ü©ìîe¯ÑÀˆÁøð%ëÐ•Wk`rÏV¢^‡{á¼ZCÕÂ‡c*^£!Çtu¬*Á4…êæv0šLp¿¨Õ£*Ÿz¹B¹®pQ;®õ¨ÞL/w¦ï¹µ‰ènNã}È]ûã)Þ«æc¼ü$a40ƒ~¹úðæŠ>5ú;x/J;ö/è³ˆ_˜^r’YÎ¦s¼â`kä^ŒÞ/N>Ÿü,˜2¤endstream -endobj -1540 0 obj<>/XObject<<>>>>>>endobj -1541 0 obj<>stream -x¥WmOã8þÞ_1ßR¤6ô¶ðåËö®°¬ZtwR¥“IœÖKgm‡Ò3Niê”Õ5%žgfžyõÏVzøÛ‡É†c¶žßƒátê`4àóÿ‡È¾'þÈõâòÒŸÖÿ³lÏzp ËUŒ§øÂ÷z°Ú"ä‰‘àê*1i®¶åÈ8Û&PùéÂ+SÁ†©U{pq±:ƒ.<,ßÎ–?Z=èö{¨VQ£,Žr†§Á—‘oÞH´3Êa+ší0÷)o@R$”2³iÆ¦¡¯."±-·BñÀHµ/„Vm¾¾ï+ouÖ¬)–k™€”HÍ±'/n˜ 6‰˜ƒ‘ ²P>ˆ†4FvžÂ®E²ÆwÍªS%-Œµö(àÕäÆ¥lFfA` ä:8öÈšÅòzñe>/“ -BfX³†T/Ú0#d¢•8lÿ³*@i³4!{Èãª-<<ÝÝA„,ŽOÅ,K^¹Ã¨E×¨s(?höj›%kbR³¸Žêæí·f¬L„Œ² » ³j_Úôµ…a9™ß"(yÊûõ^+™¥ˆÂ§°˜ÅnËÌ-óÛf*råM°nÔ\æjÌ’-¦PÊ´#]ý‡'Ú§\ÅD›-ÇšnÀ§@:,ÿÐQˆîN §1¸Ð€áo¹U§M·= ‰QÒ‘ÌùWžOJ¾,¢¡39‹£Í¼æ]7¯®Ð¡ç•â8Qb™) 1¶ÛZ°Uö«(¥_Ÿ£|êW‰…+ÄÑ§|©øUÁ:Ÿ ßÏ÷ƒî`Lüë+Î“ûà¾{™Ùf™fcË\µ¯°u°È`#5þ>²9Ãá”ëîà$øM#Mq:åˆöötaöÝ,Å>ÏË@ qÝAåv‚Ù7Ô^ Þ°ç˜ûðwa ‹µ|L¤ÙÐ¹gŽa‰6vé»;ÊÓ0HÉý†Û´´jHSSþÌ£BŸÞœÏ.¡?*¸öqíB‡>î_>>/XObject<<>>>>>>endobj -1543 0 obj<>stream -xS]o›0}çWœG*ƒ!’·FÛÞ&mÓ^*M6‰;À©±Õößï:5éúP!$K÷Ü{>®ýqdôqT9Šíe,CÉ×¬Æª®èœÓoºhÛDé×5ø -MG-eM ‚gš6.XÍ8ÃÖë^êqÓ<|Îgx’W›ƒž0é{ES½¶jB¯wÏCŸÃìô89Ñ÷J²0#C’—,PÅ •Ãtåî5ÜÂúq3}Zˆbâ¯ÂNé‚b“¹ÖÜAAyëŒ}Á NbãÉxÛªôMÛIÎeIÁgaÁzÎðk{uÝÔ/¾|¨Ãtgý (ŽV9÷‚ÉY¡÷×û$¬d ¯êùh¬ƒNÜR¯úÏ)TR;$'R¢âËCPÇÞïõ¸IýdSÊ6Ä°yl:Ý«QoÄÆ¸Ÿ*,{©…!©€ ÂÃ9ÔÂ¦ŽÞÍ)’>Jôþ&8¿Þ–>ê@ãÃšÉ.Zo]B \çãw0°H9çñ®²`•¯:kˆQ^N?¥”õ¸\€z¹&¼¤çQàõš•!öŸwß¶wønÍ]+|6H¤pÚŒAPrnHªlðï¼˜UµbUYÓó¢z¾m_šèGô–~endstream -endobj -1544 0 obj<>/XObject<<>>>>>>endobj -1545 0 obj<>stream -x+ä2T0BCs#c3…ä\.§.}7K#…4 Œ™¹…BHŠ‚žP$YÃÓSO!¤² U!?M!3¯¸$1''±$3?O3$¨ÏBÁÐ¢O¢¯zs=s3 -!)Æ #\C¸¹øÂ&áendstream -endobj -1546 0 obj<>/XObject<<>>>>/Annots 642 0 R>>endobj -1547 0 obj<>stream +~&£§ìÔP<›÷”ÖÚ¼wÊÅ|‡Öù;“»þg¸¹émúÓÝ_(¦Z\'cW‚—CŸËõœÊ> ´ê}’¡Ç|•^±düzE‹¢í9ãí9Qörö¤‡Þ%î%Ë+ÁïëµW>/XObject<>>>>>endobj +1547 0 obj<>stream +xWÛnÛF}÷WLŸ$%ên£}pì5 ¬ (â X‘Kiã%Wæ’qô÷=³K*”D%FÄ!È™3·33»Ïg! ð'¤ÙFSŠÒ³A0 élLi<Ÿáyˆ¹¤Ä}˜ŒùÕÁ‡g +gÁÐãðCÌi8™á7àú÷á”n }<{³8ëß è’ d§s<Äkƒ-¢nV|Ö¾˜<¾¢ùl~;„ãé`zs{=¼œÎf×ãñŸw×áh2º»™/¾êf=Vo4VwÌz·}øøv'€÷l¬7 žJ$è&—¢PÙŠŠµ¤Xb)¬ôJc +ÃJiø¸û)I*æ‰Œ¬,¨ÜÐÖ”9™—Œ «%‰,&»‘‘J¶3QRÇ”‰TZ*mâå¿éÖ>kzìZ)i)µy¡ÄäN82ºL36OÃ2³N÷ñœ SZé•‰(uáM´€ï‰‚qï8ŠèïÊï"Ýhiû°ÚwVýï .ÓÍ~]ŠLV•ÁK E&ÏeTxò\Ê\ù8"Î›w&—Ï¥Êeì½±}ª¼ŒLšr:®¼©IíùôJÿ~Y¿Gt9{(Þ[®-Z« vˆ›ŠH¬ßÈh]ç6Œß«$†µWý(ÖýÂôH—¢ÿŠœ‚Ž;¶…ÁŽC°Íd‰Z•9çC:âØb,mt¹Ri=Y²&•´2&¦ØDe*Q¥B™ì‚–eAà¢$h8!»6yA*KŒË8N½ùë8&áéh4çoøÅa®9cñ’–0-³xßÉ.}¹r,‡wŽ÷^`G8›.ð(9Ð«°ëøÞpìýÚ·FÐgÃíÕó °_;OZ=É–´Áü¯ +¤XÚ¬S€ÿZ€^Ðî.o?Ð,™„œ›Uð"g?óŸÑL…È"44vÐ}âì×S"E'+´iCÄBÄ®×éÎ~š:N]hHeRº"5lcÈð˜ˆU’€±Ëžýò³ÁÅdšÌ†¬›lÈÕJ}“ië¼tá×…õc>ñø¼Òf)ôLÂˆ•_ã2ÿðàÊ·>70µýôÈ}âÆ¼ ØO977;ÚDBóÇNëÖ +j}~Øô§äxÜ´ù@½}Ë®ïiµž)GˆÿmÃÜö³6 ¦§ÓáRŠ{×£÷H3s“‹é…«%À-Âé±¾¢õ”ƒá ÄX™ã‘ÛM +üvúuÖw»ÌWÚ%™TaxETÌÙ£“§3†W‰E™Š'Ç>ÕbuˆÕBt«û'v£Èd›Ö 3ç3¼å%¸ì*Çëà/‚³`û!˜³˜ÃÅcÍ-õ¢´æ)‘¨ï°¦âs¯ôÜÍis=Í>ú• |î qy|ìÞw¾aàÄ1 ¼Û ¯NPø‡RôZ@8Q¹-ÏOÎÊÏµY˜S¨^Þ,r¾ÝËÇó:oÇÀ +ßñ„'=†x 3;“€OR‡®¼‡{´Ù +¼ÙçÕi Ú ^ƒÀçqÕV Â(ÁÊtþØN&8Äõ¨ÌÔwGTÖ:]¡Ø¤8µ£¶â¾_`{9ºç6CÄ¸eÌûá˜X?q¿ÅwØ¨N{ž”ZŸÈHä¤Ýñ˜ƒŸ^óI(V8}»cr“óxnÁþÄ©f-VâcÜil–ˆs,½Vð&¶+â-¼FÚ¶RbpœèåêŠ:]u~Õz¸¸ßŽgã`6ãv‹OCw øsqöñì?æˆÅ:endstream +endobj +1548 0 obj<>/XObject<<>>>>>>endobj +1549 0 obj<>stream +x¥WÛnâH}ç+ê "a‡[€äe•™«HIfG!Ú] iÔØmÜ»›ô%„¿ßªÆNŒ1dµ;£É˜¸ûÔ©S§ª›—Vzø·“Çå^ØƒÑô"áÏ >ðŸæøÃá(7½è_ÒÚÚŽ/óÖù¬—0O0ÆxŠ1 ~¯ó¨#b.H×W¹“+C,X‘Ê\.¡ò'€W¦£”éEgpq±8ƒ~;›ÿjõ è÷Â)‚V±œˆ0J¸„´‹Î¥Gy’â œáno`ÑÁ‹³ãÀ«ÿ¼ÒÊ7ŸÂö$Ì± <ÌwÄooN0öÁÁ6£îŸBÍ˜Ì™„53¦AèT.#½][,peëFéø8siáS!OÆ(¶nN ¯3&Ž&Ð„î7Xþ¶cuš:‹"‹ºH«Uƒ™÷ü‡T}ácfÙq-œ|–j#aØ 6iQ1t±ô8V¦VJbŸ½6•nëD‹¥Êi—Ÿ3:Ræuñ9Ê§y•X8ÁÆÇqÎg#è÷wÓ)Œi|{Å¡äX–m»°U"rº³À¥[t®pt°ÄâÐ°)Ér*Î¢´ˆÝ…M*ð“A™²ÌšG"ÙúÕ9«À±è¼,Ô0PðMŠ’ú7B®üË–áï‚ ËŒz”Ê¦´nÉñ¿¸ÄGŽ=Kÿr$ZåþÎZ$´Y¸¹|ÉRqHoÎg—ÐÚûx Áa8 ‡!<Š{Ø”†n§ QöÊ¾Ô»ƒ="WÙ i"ô[qÏ›‚4mÐ…Tmø+×Õ¡Å˜o~Uä3ï¸Þ&¾€_„L<ã*”7Ân¡]9‘*“ª(kª\]³?¤Ú5=1Zûáéî®žÙ‹f°>¹§,7d¢œçU{mb\5=¢ƒC¬ðI-tC†¾¦x`ÖÔ!=fº@zP¸j¾ÍO&Â<„©1$è˜'Ìeö´ÛF!üÎ¥<¥’A‘ý¾}“P€&“YkeŒÀN"ASöŠm«°¥± <žžöÊ’¡ T˜œ=SL£°½Û(¶±LÚv]ÅùýåëŒ²n¥Äe™;ò¾ªÞ¬ç³‹bütàë÷‡¯×óEg&´±?iy· íî£ÓþÃîî°Ÿ_áóïØõØuÏÈØ +$þn_Ìý ,ôP¹ù‘ïÚñ~ûøãb¹‡£G…3ÏÞ±QVŽ×‹¤]dÍGE±Ïéæà±˜Óþºo9Ák%Îï–\Åk¥ù‹šãA#–oy6 âáT‹,ã»1U±ô=åQ¡Ù/â&_|ÚÒ°ab•Zd¾a:Fg*¬ÝZië]Ð¥Ùp ÂðXX8 ÚU"ðÐÃÚìKÖ¡O¹®ór5‘ ƒ•g=Ó;JˆÎ–Ò|˜Úû±ìS$)òKRì‘$Ò‘Ók`uÎcÏÃóªrD^š³Ý‘BB[é²]Sþ<¡&© —¹ VB˜îîñ»ÁtãÑ`gƒÇëû/×ð‡V¿8Þ•nªÆ¢PA¹!˜ôè+Ãÿ8vF“Q8OÑƒ3˜ú·yëGëSðêendstream +endobj +1550 0 obj<>/XObject<<>>>>>>endobj +1551 0 obj<>stream +x+ä2T0BCs#c3…ä\.§.}7K#…4 Œ™¹…BHŠ‚žP$YÃÓSO!¤² U!?M!3¯¸$1''±$3?O3$¨ÏBÁÐ¢O¢¯zs=s3 -!)F #\C¸¹ù&èendstream +endobj +1552 0 obj<>/XObject<<>>>>/Annots 642 0 R>>endobj +1553 0 obj<>stream x™IsÉ…ïüs’„Ð6_Zm9$YÒ¡36EXšj4¥Ñ¿÷÷²º«¤,93¡àã«\*3++»øå¬Sþ+Â¢Õ™†}XT“j»pqæà>,ëÉÜqîCQÌ'…#=†ëÉÌ±³RpYN–˜\NeÒ€L:ˆàt9Y8Òc©Êõ$ÕÎW¸¹«©$ HƒVSy›Haç…6šØ¨v6ŸÔI¬vàŠj5Y…Y&çlpVW8)›µHC’ô–hâQfÞ‡²(åQb-cìA#¨5 µîùµâœ8±XÔl(“ÃÖ3ùžE-c$Y[Ìå™t°ÏäNâDiY+Õ‰ô–°{Qa—3¹›d©Wü›V–ë¢´ ²Ø:¬½,†Ì:,Ås9•XS\S.ÊvQÎH^DQqÆ°³‚s¬Ã°è˜96*^,b5”Êam(*ÎXŠkvçX‡¥X»ÎlT<¯bYÕ†L±•]Äˆc|Ê¬Ã”ÙTG1³QñljI/Š•6kÈ;Œâz®ýdÖaX’7u¬íµZXî¬`kRëàP¿™³úpæ dæ¤¥,©¤Ì9ˆ/SA2è1lU*™uva Ï¬Ã ŸŽ–õv¶â„gÖºJÍ‰°:C””²à:ŒÙz¥ð%6ŠE¬$–B’¨‘Õj«ÁÈˆF½ÓX«nÇ:ŒÕÙ‚í8ÖaXŠ£ð¬Ãl–öQ96:EOSûXiÏ•ùä j«È¤Ç°Ö™ë°â_S¡™õ¶¬´dÖã˜Y²5bX;qNÖá}¨°ë5{[ T²ë1,vTbíÈU”•®°¢ªä„!ËžÃ°Uf†¥áTfV0–r*±+ºŒë°‚¡“—Ùèòly>“¨!sÙaD§Ê2³ÃKÅ"Éz,§tDë0,fæY‡•ƒå‰lt™³î¶ÊPŒrÆÄ±ÖâX‡•s9Ë:¬˜Ë™uXÁÐ›5{ËÈD¨’lQlšLÖaÌ’wbœXµ¡…¶›Y‡µ¡âTÖaØX¹YÖa]–ÛÄÆíÃ—ƒq4·›1b€&C™uXÛµC™Y‡aíJv²ãr¡¾ÙXpÌàÃ‡8V È'>ÄGˆÚ©DzK9’Ì:KL)‹Ì:;¯NeÆaFçÑ9å1lÜzÒì1ì¼Ô!É¬Ã°†N“Y‡aéž'²+·Ù³¬…Q=zøTåõÃ€…Q]bä¸—ŽsVŸ3YÎAXWR&=V€Õ4ë0,#Ü‰¬Ã ¿Âàd†Å‹Â±VÄ…U†ÌêŒF‹8c™Õ4áX‡a¹jÏ:ËûÊ‰f‡aùÒ˜yY‡UêÙ®ÇÊºæÛÌÆ qY*Ô C¶!‡1KT‰cf†Ôfë0,4sÏ:ËP|"ë0,¥‡ËÙ®ÃlÈ:rfu ëõAc¦Ýºh;ß¹™³ïÜQŽ ƒ¦Dr/r™ã+‚} öT„> z¬h"Îl<4V\vúö‰%#“"8ÕST&Ì’RË– I4ªµ±fTk «¸Am"µ#Ë'µØ¨– ]ÍLú˜4 µÊ[«¿DzËtÍF3ë0¬Í™µê´U¸JíÅ€l:ÇSÄ4sæë2~«ÛYµŸ-êéƒòYüYLF¨ãÒZdÊA8”;ÎLÍã—ÿRÁ±Ÿ-( !ÄœSeÊA)Ô]3…öö4>Ój1…ÄœûWñ·J¶ŸEd4>ßh•˜øze¬Š“LF˜Ñ”˜Œ¬%ëcÐFˆCÄsÙH)D„ãžáe%qr\¹oxÒ9Û-'XÝ‡ñˆùY?ÛnRøô –(á˜ý˜ƒpö,œå2„c¼ä‚Í9ˆ“…M#ç úÍ‚t%¹ç—gO_ë —7<úÏËpymoýüfóäÍ¡ïÚëûM¿mºü7k9¸E\{Ž’’ÕO.Öû«uØ¬¡½kºuß„í!|]wÛöþ.Þ=‡¦ÿÖvŸ“py»=†»u×‡M{è×ÛÃ‘µ7m·_ËBà~³ýtßmŸÂÑCÚäÂ4œÛè„áæðuÛµ‡}sè“èg3¹§É”U—ë«]Ú›ð“ZWÒ‘Æ•£¾zÞ·hÛìÖý}g2M÷µéÂå÷»ÆäøƒH2Ï·Ì$\ôëÃux¶kMˆ‹¥þÜyÉ3 /Û=» ïšýêòÂ“uUZ'W»v·k:i;5ZÉì /¯Ë.žów›äã-ŠkR!WÏºê•ó3 ÿ:â¡6uq»&ÇfC6úïa×|mvÝ‘Ä(óVØ[\¯•nwZH¢Î_®$Cä¹”¤ ÁøåR‚ñìåEx¼î$ds2júýe¨ÀÛCù9|è¶ûu÷}´˜Ãÿ0.Œ]V7]óå~{Ür&~oÖ×õƒ°03NÂóõæó§®½?\?b FÒ‰èo©2Ëç£x$J`^t ‹“ôn½¹ÝR¡—Ýý±Ï6ŒõGËòßÛíAK^ì¶:¡oƒ¬Dý·eEÿn}¸_ïõ:·7ÿÅÂœb¿¿ýãpŽó×»ï¿ýJËè·œ¾?výÜ7×¥‚¹ßãð‡®¥)ìc^u]ÛÙévõÊ¼7 o×}h±Ð…Ûfwg=îMøÔôy´±E*Ã¡(‚úUsÝ~;†ÕOß½zÌ…ªdÌoloÇ¾‹ ÷øçð>vÎð¶ýÔÌÅ“RÅh¬UÐýÝã²TH~T/]1Gþ‡re.ýI¹r³1ûBylo¶ þS$@Y®‹¥O”Ô—¿µßÂuk*>êöèc€niØR¨×±¥nR«|˜éÁÝ·Í!píÈä‡—/0Û\7×¶ø¤>xs!œø°«ßWë ÒU¹Úáo‡£ûá ´äf=¦j8Ý±uÞ¸cDºæn·Ýè&•ÓÇýÕÝúxüvn¶»æñ.f£ãoˆ ìu½Û…oÛþ6¼}ùìCôÏß -Ë±n¸ÖÖ‡`îí~zXL4=»øÞÞwAüÓ×LÐv>Á¿ Y¸‰¿þÁ½Êœð3ù§M¿yú¹»šýJ‹š¡:ZË¦ÝßÝ÷º«b;{ìµ•Ñ‡öxÜjhÒ1?I;SsIC[´½qùéÂ'i÷wÒèÒÊWk\©viÑeçk›Zéï|¾”4Kôqh8±·:‰ýÉíòÓ$ð`˜›^¬½Ø££+±h«É4fOKŽ™æ%Ë&¡‡Ó\½à½o¾dîcLª -I¾º<ûçÙ×³Öendstream +Ë±n¸ÖÖ‡`îí~zXL4=»øÞÞwAüÓ×LÐv>Á¿ Y¸‰¿þÁ½Êœð3ù§M¿yú¹»šýJ‹š¡:ZË¦ÝßÝ÷º«b;{ìµ•Ñ‡öxÜjhÒ1?I;SsIC[´½qùéÂ'i÷wÒèÒÊWk\©viÑeçk›Zéï|¾”4Kôqh8±·:‰ýÉíòÓ$ð`˜›^¬½Ø££+±h«É4fOKŽ™æ%Ë&¡‡Ó\½à½o¾dîcL*W’|uyöÏ³ÿ×J³Ýendstream endobj -1548 0 obj<>/XObject<<>>>>/Annots 644 0 R>>endobj -1549 0 obj<>stream -xUQMO!½ó+Þ±ŠÀî{0¦ñ`¢–Äs¥4ÝÆÝ”5é¿wÐÚÐy¼yo†™/&!èH…JÃ÷LpA/çëí‘5Š7ÐVs¦æö>±bìakÞ\{HQ]²°ÄÄVòBZbb›š«Â¸ÄÄ¶ò¢¥÷PBQßÝçº%&¶2Ü,ýÚhªV[CqÖÆ€-[:vý !%Ü6J[·ù“€ó³–+Ž÷ÝÝiG×GH)DŠ×ÁO±KGÜP¿C¼½r{ò³'¿ü[a+(Ež³Õây¹ÀK÷Á'Ü~êÃÖ©‡,›KMQöÜˆ6ç? )Ž›Éÿ'Ô´£-m•ÈJeÍ½c¯ìDpqendstream +1554 0 obj<>/XObject<<>>>>/Annots 644 0 R>>endobj +1555 0 obj<>stream +xUQMO!½ó+Þ±ŠÀî{0¦ñ`¢–Äs¥4ÝÆÝ”5é¿wÐÚÐy¼yo†™/&!èH…JÃ÷LpA/çëí‘5Š7ÐVs¦æö>±bìakÞ\{HQ]²°ÄÄVòBZbb›š«Â¸ÄÄ¶ò¢¥÷PBQßÝçº%&¶2Ü,ýÚhªV[CqÖÆ€-[:vý !%Ü6J[·ù“€ó³–+Ž÷ÝÝiG×GH)DŠ×ÁO±KGÜP¿C¼½r{ò³'¿ü[a+(Ež³Õây¹ÀK÷Á'Ü~êÃÖ©‡,›KMQöÜˆ6ç? )Ž›Éÿ'Ô´£-m•ÈJdÍ½c¯ìD\qendstream endobj -1550 0 obj<>/XObject<<>>>>>>endobj -1551 0 obj<>stream +1556 0 obj<>/XObject<<>>>>>>endobj +1557 0 obj<>stream xWÛnÛ8}ÏWòä|h·i°š4[»è‹_h‰¶¹‘H/IÙõß÷))¶’Ø’ŽIÍíœ93úû¬O=üôi2 á˜Òâ¬—ôht=L®ht5Áçþ¬¤U8è'ÏÞÏÏº·×4èÑ|[ãÉÍ3‚¾I;6bë¥¥QB÷¦:Í…/aÑ¬h&í'óÃVº‹ù_03¢~?š¹\%êL³BiçðÆ:~êN¥Ö8³ò¤¥ßûÈßz©æ Ö¼!¿‘p°”J¯ñÙJI™ZáLjOÎØŠ¾Ýö‹Ì/ãdÄîf^èŒ¦¹Ñ²Š/F–V‘]¢\4\]Æ:;^ö‡1ôS¥éNK³ýÏÖ>íÉsiÛ¡?XU{ ÊíéÅîm“A¿Ÿô†Ã:‡×½VÕq“Å{‘>–ÛÿÛêôföïL^Éd2¡×Pñe˜;ýkºœ\Wª™B‚É¤*6Ñ~cH9Z‰BåJXÚ+¿aò8I`láˆ©À—öÊá[¦V¡Ö`"Î K%nÎD±¸‘çŒGšºíÓÍÐ£6{XøçÈt!…AQIüá“È‘kêOª^Ž"9GI?¡_1ô¸w&É˜k3ßÄL¢ÁqEá¹@rH!Þ¨MtˆÃCÂUÔU·„,ikÍNe’r“ŠœD‰¬´W©ðÊ TL¤©tŽ8•V(”xV+)-.F' +vBåb™Cm¬)Hù„>iZK--ù : ÏpÝÑé(aˆXÊ„Kádx¾0V¶ñ2ÝhD£ó+¸:¶üBvTˆt£ Á™Ià>*< «³ÙÓ¯©0YÛ1*[ßf¿†S`ÙÜ•kNPð´´Êˆ“™´„rz™Q©3NP¹´twP½µ°¤®•äyc‚9OˆÉàŠe\VÎJKp™QÛ + @@ -2956,53 +2936,52 @@ x {ú=2ežq}nÊBÃ@ká¥à0NM¶š¡6ð=•Ö „ª®I|…å7~t?+]þ wëh `lÖ¨oËÙ¢Ó•>í†khrKá_Èš`qN¬|ÔJ©ªî®øZ=àî>™°MÝnél7ðïæjÙÝZµƒŠ<=ÇBãSÓç›é-±êú'^î”4à¹††]¢g[yÕ¸|øt;ëÎîÞW¼Žcï„0¿›ëƒ¤Þ†^Øë±Ìlm&;faÚeÉ S¢ž+½3ù.ÌÖºê·â8º~×&,ë¦‰Z¹²+ì© Ì9U`¤ÏŸ±šG Žš)^1*šîçÃîŠvü1è•J²Ã` ¼‡ÅE+ÑÈø@Þ -¢~U+OÖXžF9ºQÂd°sW²è`¯E—ÛRk+èÛ#¥ð+h‡7 ikõ®_Þ¡5¬x·è¿æˆº·õ¶v$Q_xn—£¡¹MÝýi.±¼6»Z«ô5§ñŒ“y°E#Â Q~^ˆ$«3ŠA\=½ 'qýïs£É(™Œ¯â›ÆpÈ&?ÎÏþ<û àÕ©7endstream -endobj -1552 0 obj<>/XObject<<>>>>>>endobj -1553 0 obj<>stream -x…V]oã6|Ï¯Xä¥+vìØNßœK-p—¤°Š{ PPeó"‘:’²ã³”ä8ò¥E>ÝÙÙÙYþ8Ó_cš_ÓdFiy6ŠFts;Çïé‚_ãÇJÊ›£E4ûÕñÍ8ºîß¸‹Ï®>Ïh<¦8G’ÙbNqFH0Qœ„M7ÊËÔ×ˆï¤ÝJK~#<)G®®*c½Ì(ÙÓJ”‰ˆ(ÞàF*4%’¾Ü/Ÿèy[SÒc%5~¾¸$ciUëß©§Bhéq%¿ˆ¿Ÿh8žaœ ¤ÿ&ñ^Yä6ñCîK’>øá«ÏÓèáõ,šòkO…N‚Šœa eÐ©WF¾ÿ4;\LÎÕšë ˜I8ôdU)æÞ”Biúd´·¦(FèŒr@.•=”JãF)Bx+×ÂfJ¯icvœ;µRx‰ÐY²`RãBššZûóí¦,äj ¢, -F†ÿ“ô8§Ô")dS6÷ã» ßAºïU2=-:®—Ñµ¼.Š}/§·µkû¬|Kÿ-!ÖÌp2mèŸF“è”ÁÓnÍ¡Otë±“¤½ÖQU'…J©’6•sê Ú±ØÞwýÀÈÜ€"/^dh/T'ŠÒ8OåÞy•Š‚´`áÄGêº“ U‚cJ¬Ðé†”FíŸ”ÌÉÖVÉÝGÙ‘–‰Ë!³ã†û}%V(ë š±¼h³Ó¿7d€;èµánüÆÝøìQÌÑßsˆW&×4¼^„¿¬ûÔÛõqf7ÌùH_êªG(d~òàò~õë§†]öy´ -ÄŒ7a0Þldðñ8½/dÀ^ðtÿ‰ªBì1†šTÉ–"0?‰Æ®¿®è›Ò™Ù9zˆ'a$âi‹¯ƒÞZG;ºtì\—”Ôž´m5K¡uçdÎ>îI¾V° -¶009)³¦Õ=ùeÂ‹>ÓKü<T ëY7,1œA9o÷Ï¸ò]µô"÷Í@åö¢5Z¹ÆOÚ ÝxÖˆ¨YÓ<½ÄžNæ>@ÃÐup¹á$â¥ÑjW$ªP~Ïwkø%”Y%; -þ™Û˜¢-ß‰žreœŒ‰+ä8¿/úL¬–_áû+™Ö–³,[Çû*´XK:ÄxÊÀÛZ;¢÷|Ñ´ÙÑÂçÀÍréQàÐ:•+¬¢›+“ˆ¾©}A-?¯„s;¬,TŒ‚ÏCO¶¢P™Öu”N‹:;Ñ4"¶ïú,ª„"®:XµãñwÖÖZ½¶Ï¿mA[]ô’š¨O«CÄ5oÄ–;uþ¯®Å9vož«×´SÂ"á€>úÉ»8ÒÐtëóÍ~Ê"úæ‰nZÚ›9à@gWa{0Ý;…E„µ€À;<ãÑûûì'7âëendstream -endobj -1554 0 obj<>/XObject<<>>>>>>endobj -1555 0 obj<>stream -xWMoÛ8½çW|©ÄNì8vºÀÚí(°ÛÅ"^ô’-Q6‰TI*®ÿý¾J¶¬øP´I+‹œ7oÞŒ\Íèf´šÓý’²êênzGËû÷ø½x\á÷?^S!/æ‹éüÒ‹ùãìòå…×W·ŸßÓüŽÖœ/W´Î ŽïðI6þc§ê¨==LéIUE*ÐST6Ÿ|(Õô¤ý«ö×ëï°² Ù,Y™ÌÚ:±w&PÐY4Ž}cÓ¬PÝøÚM®Höß…dkÙÚóÕÆ›x8÷1¦Êå:ø7óf£ói:óžf«6ŽûÅtÁqR–nßç-ÈÊ]8¹ŸxÛ1÷/¦)îR;àÊœGÃ½C0]CÐ‰6'¶Æ‡ˆl ¦ªKí¨K§Or˜¹(¦yÜÐAƒúCÊf®ª8çSXCØÊ]æJ²zë¸0Â]0¸Ê ”ÄmU•«U{çsižúªj0‚ñÍ2]GrBù<…W’Scƒ·1x«6Æ¶þ¿ºˆ>âƒø›+ª-t,÷€YG&×J*<ðžxˆ*fcƒ*ƒ%?Ž“´•»¡s‘À£w‘6Š;îF)ÛýeZê:ÉqÚßØ=fÄd¾LDá«o’äCh2”<ƒFüŒÇ£´ð¥ +¢~U+OÖXžF9ºQÂd°sW²è`¯E—ÛRk+èÛ#¥ð+h‡7 ikõ®_Þ¡5¬x·è¿æˆº·õ¶v$Q_xn—£¡¹MÝýi.±¼6»Z«ô5§ñŒ“y°E#Â Q~^ˆ$«3ŠA\=½ 'qýïs£É(™Œ¯â›Æ°Ï&?ÎÏþ<û àÁ©5endstream +endobj +1558 0 obj<>/XObject<<>>>>>>endobj +1559 0 obj<>stream +x…VÛnã6}ÏWòRˆßb;}s6]´@7›Â*ö%@AI”ÍDjIÊŽÿ¾g(ÉqäM‹\ËÌ™3gÎðÇÅ˜FøÓbBÓ9¥åÅ(ÑíÝ¿gKþ=Á•”77FËhþ³ãÛq4éß¸/n>Ïi<¦8G’ùrAqFH0Qœ„M·ÊËÔ×ˆï¤ÝIK~+<)G®®*c½Ì(9ÐZ”‰ˆ(ÞâF*4%’þ|X=Ñó ·¦¤¯•ÔüùùêšŒ¥uq¤ž +¡¥Ç•ü*þ~1¢áx +„q6x”þ›@Æe‘ÛXÄ¹¯Iú4â‡o>ÏŽ ‡“y4ã×ž +)œ9Ã4@Ê S¯Œ&|ÿnö¸˜« ×0“p$èÉªR Íƒ)…ÒôÉhoMQ ŒÐå€\+{(•ÆR„ðVn„Í”ÞÐÖì9wj¥ð¡³&d)À¤Æ…45µö!æÛMY&ÈÕD{YŒ þ'éiN©ERÈ¦lîÇ1w¾ƒtß ªdzZt\%.£ky]‡^Nok×öYù–þ;C*¬™átÖÐ?‹¦Ñ9ƒçÝZ@ŸèÖ×FL’RXGU*¥JÚTVÌ©ƒ.hÏb{ßôW#KpŠ¼x‘¡½P(Jã<•çU* +Ò‚…Ÿ¨ë^‚V Ž)±B§[Rµ|R2'X;%÷eGZ&.‡<Ìžî•X¡¬£jÎÄò¢Í^ÿÚî ×†»ñwãŸ°G1GÏ!^™Nh8Y†¿¬ûÔÛõqæ·Ìù½H_êªG(d~öàêaýó§†]öE´ +ÄŒ·a0Þldðñ8½/dÀ^ðôð‰ªB0†šTÉ–"0?‰Æ®¿¬é›Ò™Ù;zŒ§a$ãY‹¯ƒÞZG;ºtê\×”Ôž´m5K¡uçdÎ>H¾V° +¶009)³¦Õ=ùeÂ‹>ÓKü<T ëY7,1œA9oÏW¸ò]µô"Í@å¢5Z¹ÆOÚ ÝxÖˆ¨YÓ<½ÄžNæ>BÃÐup¹á4â¥ÑjW$ªPþÀwkø%”Y%; +þ™Ûš¢-ß‰žreœŒ‰+ä8(úL¬W_àûk™Ö–³¬ZÇû"´ØH:ÄxÊÀÛZ;¢÷|Õ´ÙÑÂçÀÍréQàÐ:•+¬¢›+“ˆ¾©}A-¿¬„s{¬,TŒ‚/COv¢P™Öu”N‹:;Ó4"¶ïú,ª„"®:XµãñwƒÖÖZ½¶Ï¿mA[]ôšš¨O«CÄ5oÅŽ;uù®Å%vož«×´SÂ"á€>úÉ»8ÒÐtëóÍ~Ê"úæ‰nZÚ›9à@g×a{0Ý{…E„µ€À;<ãÑ<[×œäæO¥ëWè›¢ì¶ÂUÖìT†´‚jÃÝ š£LæX‡Pö[æ|íz<":˜m©¶ãsÏù/k;á-çþÍrÂv^ÃûW¥ìé8–€Žï›çG-w¡y=ö9(êJ¬!,´ÛƒÖÂlpöèÞ$ØMè ®‰c'7%æ»¹ÃKMŒ¼•q6A`n +ôRvÍ K¯P/["hÊÇèï¼9\x½EÙüþY4»É{‰ÛZ½Á‘¡vÌñVm¶(Ud<·«€¾=B¥áÓ…b ¹Æ!¹00&Šp2âú¡\ÅvÃòý0ïiÈŽÊÊ2µt!*:‡ƒW8€•Lž`ú¾W®8Þ +ÉõãÓã×~S…CLJà$ mp{‚Ÿn¼÷å‰ô¢çñ-yóyÙž]Çsß—SºÍ£»»p†ÅÜ¯°@Íwl#¬¸´fe}Ø½2\Œîxû~|èš-fÑb¾Ä M'œù·øâ¯‹7Îëendstream +endobj +1560 0 obj<>/XObject<<>>>>>>endobj +1561 0 obj<>stream +xWMoÛ8½çW|©ÄNl'vºÀÚí(°ÛÅ"^ô’-Q6‰TI*®ÿý¾J¶¬øP´I+‹œ7oÞŒ\Íèf´šÓbIYuu7½£åâ=~ß?®ð{Ž¯©óûéüÒ‹ùãìòå…×W·ŸßÓüŽÖœ/W´Î ŽïðI6þc§ê¨==LéIUE*ÐST6Ÿ|(Õô¤ý«ö×ëï°rO³Y²2™?"´u>þb)îL ³h? úÆ¦X¡ºñµš\‘ì¿ÉÖ²µ5æ«7ñpîcL•Ëu 8ðoæÍFçÓtæ=ÍVm‹ûé=Çñ0Mé¿€DØéÓŽ¯u†©Ô¯º<7G“ùjºä«èéï8ÌyRÔe$‹¬4ÚFR‘BT>65íwx[‘‰„ü}c±Û)w®Ù}Ü;r5£pK"’@F üÏ BxÔpèéõ”¾íL¶cÄ€& cCŒk‘×™6¯MQõí^úgpµð§¢#Õðs4™ŠzàÜÄ ËbJ_"å§Ã\ÄòÐ: ç1Û°Úz ôÏcÏ×â¯ó›¸Ó‚(–:œ`›^¬Ûã8p2Rþ^ö!ze·ú†6 €ŒT "2–ö&îzÝ¶¦U]{§:(Œ[)*ìð`·\ cM4H66dÎFïÊaYÏý ×9ËÏ«LYr00'z¡$À‹zU¦T›åF ÷;ËÌ?R‰þ|¤,Ý¾Ï[•»p²˜xÛ1÷/¦)îR;àÊœGÃ½C0]CÐ‰6'¶Æ‡ˆl ¦ªKí¨K§Or˜¹(¦yÜÐAƒúCÊf®ª8çSXCØÊ]æJ²zë¸0Â]0¸Ê ”ÄmU•«U{çsižúªj0‚ñÍ2]GrBù<…W’Scƒ·1x«6Æ¶þ¿ºˆ>âƒø›+ª-t,÷€YG&×J*<ðžxˆ*fcƒ*ƒ%?Ž“´•»¡s‘À£w‘6Š;îF)ÛýeZê:ÉqÚßØ=fÄd¾LDá«o’äCh2”<ƒFüŒÇ£´ð¥ Ýb ä’=ÐÊˆ¤â†)¼«Î,Í“¥Éüáäÿ‹¨QW”C’ž7Qqši´®ôÏ: •£ JÎ¤*×°¾BW¶Ïã&p8Šcéµè(z¨®`ÓÒÃêà †MqkÔ•^ÔìèSŠbsÈBm¶;´…pƒ‘ßf”ü(¤‰Aô‡&îÑ¶ZSé~0Ó/N¹eU‡>ò—N«š24èÐ Èý£Ñ!ž-š.yjgsnoÚÊ @@ƒºá…Ábò£œ8YV§Ó4àGHh—Û(õdkŽ±BsSùÀóÀ:÷<†HºôŒçñ7c?}ˆ,æ‰b‰âyÇÑÕuÉƒJBãÚÉ0á«Ï×ìŠw™Ù%iÓØÿ%ýçåÝ¾—Ì{³EIê+zyé…T¿ƒ÷„$Fg¥°P+ÙIàŠkVb¨ãH7÷Á‘¾âvìÅÌpè™rù ÿ_ŠL:èùZø~œÞ >4<¿“– -Ô‘;yš¸Z#âV¨û‘šè¼»˜LÒ8ÁeiÆžB•°nÍu©ÂÛTÚiDÈÚ¡Pi…‰ ä²²ÃÂq‹ËÖuº'`˜4hÉöÊ‚`Ñ üâŽ ƒF´¼€h}dxœ$äqG<Ø´G^˜ÃÇ¥C´A××5Ïö¤÷Z €Û®Žá4 ÁFú O–½#ßÒþ“P%š$0H"NÔXósØµ!ÛéjØõXA°wBX{ÞN‹„2¿ëñ6ç>€·+êq~Ž:ºv’ö7+u">¯û—¶âqHælRÀÄâRÊ"-x÷•ÐÖæ«*M>ÀôX~^1¤;Œ»ï,ØW±?0Zpw<¿ŠJ„v££wïÃ¨§)±[Ä&ý<Ã)Ä8«¯röÌ+:œ‹;&–l7-ÝSöøôÂ–€fF@ES²Züï˜’iÇr¼ËcðñÖÅ…à$’·ÞLâé÷…j3…ðˆÆ¢Ö§CŒ©!i?ÙK{·ñvàYmyQ“ÁÜ¸Œ6…qÑ0Z`šçÉ4§ß*$^œ‘-ÍÛv_†Ý~~<}«\=ð"óë_I«Åtµ|LûÏý'ñçúêß«ÿ|µ£endstream +Ô‘;yš¸Z#âV¨û‘šè¼»˜LÒ8ÁeiÆžB•°nÍu©ÂÛTÚiDÈÚ¡Pi…‰ ä²²ÃÂq‹ËÖuº'`˜4hÉöÊ‚`Ñ üâŽ ƒF´¼€h}dxœ$äqG<Ø´G^˜ÃÇ¥C´A××5Ïö¤÷Z €Û®Žá4 ÁFú O–½#ßÒþ“P%š$0H"NÔXósØµ!ÛéjØõXA°wBX{ÞN‹„2¿ëñ6ç>€·+êq~Ž:ºv’ö7+u">¯û—¶âqHælRÀÄâRÊ"-x÷•ÐÖæ«*M>ÀôX~^1¤;Œ»ï,ØW±?0Zpw<¿ŠJ„v££wïÃ¨§)±[Ä&ý<Ã)Ä8«¯röÌ+:œ‹;&–l7-ÝSöøôÂ–€fF@ES²Züï˜’iÇr¼ËcðñÖÅ…à$’·ÞLâé÷…j3…ðˆÆ¢Ö§CŒ©!i?ÙK{·ñvàYmyQ“ÁÜ¸Œ6…qÑ0Z`šçÉ4§ß*$^œ‘-ÍÛv_†Ý~~<}«\=ð"óë_IïW÷ÓÕò1í?‹'ñçúêß«ÿ|¡¡endstream endobj -1556 0 obj<>/XObject<<>>>>>>endobj -1557 0 obj<>stream +1562 0 obj<>/XObject<<>>>>>>endobj +1563 0 obj<>stream x…XÛnÛ8}ÏWü”±b;Ží,Ð‡ô,twÅ}¡%Úf#‘*IÅñ~ýž!)Ù–[mÇ"çræÌ™Q~\Œi„cšOèfFyu1ÊF4-²Ms|žàÇJZ_¼[^\º£ñ”–k\™-ð¡ h™_Þfãì&£'i_¤¥ù"Kü’7Vùý›åwÜÒxï'sÜ½ü¤´(Ë= \¼Tò¥¹t+£?5~ öÂ£î ù$'ª•hŸ[Yëyžå¥’Úã£ð¤ðß‘ÒÔÀG2¢áø&›p§f3ZÂnwWj*Œt$8@ç”áh|SH8*¤ËZÉ‚¤°ðfãå“ ¼xÆuÄÚóÊhQÉëZ8·3¶ˆrRÉ¹“º€c]ð^VuÌ¬4¤‘Rt—#DZíŸ.”Þ|¹²ç¾ Hü$ µ1žÖÖT|3ƒ2¬c€©4é¿pžËïYÚ]À° (CùÄátrç(7ZËÜoÆÞ@³@žHJx5°hééñ]¢Co”‹Ó9C,Kç&³Œ¹|ù¯iÈmMSöÒ‚]3Ø˜ Œ½°žÌšÃÂ·Ê]Ñîù$HéêeYF§© ;fbKì[ f/T¥¯˜°Áý™µæg®©#×¥Îí¾Ž8¡DxèŠ0t{Ä< Cù-ølÁ,Sõ\‚µg¹œôÁN…4¹b WHº-dèªaml•ƒ¸/€Ã ’UÊ¶UwpÞóyH¤«Vp-eÀ¥µ¾±ò*kd¼J{ü 'kaŠåªUÁ°_öÈ´èyu~‡‡À»|@õ ³±¢Þª¬,LÐ ([%1*éL×ó=Ç©Oßb¢µ—VœVÂF/¬ƒ[àòë”#” < øsßÆv‡é«BCBâ>/S®˜Ä³¤ãÇkîÖžsò¶]Ju7lQÞâ„gôÞèµÚ`2£l±Äh]kY•˜s‡`$XeŸ1…½D/0¶œÉé OÒùøÔ]k9R‰}çóPQ.Ç5Š*Jù4Znä5JYÍš~J æTÙƒñÛ¥Èž3‘´‡Ç—ñ·7„$Di4´‚±-1˜ÉËWtŒçTTÛOmËÓJ8ˆÎ©» i –\mõŸ,zþC‡…áRñð©ñ&7<$òK³=ø_áÍˆŸé„¬„>á+´N]²’…hdÙUè#Ì¡žï&_cc¤gxµMÔï÷¯<:ë]Œ(dÝ$º/aTß¢T+n‹8Ùa¯¡Õ‘ÚÁ‡Ú‰½ûƒÃÅ:9l'ë½¦ÇS6¶eö²/Ÿÿ|ÿ×‡í¯\±X©¿áàY›š;Ž1ôÛHÏÓB9œgÞc1Â¿Mfsbï–†‡ÝÆ·„ëÎÌcÙ@U|<˜¬(GJÄqƒ8Q£,Þ6©xkðjï¥KÆ¨YùN¯Zf5Ûl¹9ñÏ_˜þJ)-«XA®.!¬P"§ÑÛðÕ‡OPö}P©„: ö4˜¼áUº[i†í…á|tÇ2ö»?fLçÓl>[Ä™s3c?./þ¹ø„Ò-endstream -endobj -1558 0 obj<>/XObject<<>>>>/Annots 649 0 R>>endobj -1559 0 obj<>stream -xW]oÛ6}Ï¯¸è“ÔŠ¿f;úÐ,ÍV`M»ÙA7 @AKtÌF"]’râ¿sIJvTÝÃÚ&µ%ê~œ{Î½WßÎ†4Àß!ÍF4žR^ ²®´¿þü•¯Ðt2Ï&TÑ|Ø~)iogÙ·f?á¿iøÒÜšŒÙˆ&óáÇJZ‡g†ó Ÿ¸qy™Í»×¯–g7i¹F¬ÓùŒ–Eq@Ë¼·ÜÀª)Kó¤ôm…•ôÒ:Ê…¦•¤ÚÉ‚¼¡'cIXSk|Å3Ê¹Z’YÓg¥óäèò™òRIí©Þn¥ÅóŽ-ây«aÓ/¿ž ¨?#§eÑ°³ÎÁn?kƒì¼ÚUÊ{~N*vÌÎ®vv0û´‘FùD^JaÉËgO¢Æ1íU.¼2:c_7ºŒ9÷GÀ§ì0z,åN–|¬Go(ñxOi/¤íÚ€-l4 Ñ5qÀ¾?š²…«=r-êÒÓBT+AOª, ˆ¨¤ÜºIØïeµÈ6õ¶=HJ‡Ï…ðb%\¨Kir2<Ýí¬ÈsÔÑ»Œ®d.à‰înßÿÕºDíÞ1œF‹²Ü“Ñø…k^ÀÏQœùtÉÁ–×ì½A12×šãëG1´°XÙ;ð¼"+¬„C-e!‹PK<>šÆþ˜Àƒ×-yÂ‹ñÇìð}íÁ‘J<™£•z‹ÁHImÌÈ~¹·J‚tˆ_xFlDÀÆNÔ"¤Ã®Ä Æƒ¦€GËÜ3cE*kbìÈz»F(NbWÕÎ³RÞ™<•xVU]‘®«Ò&%x*±T¾‰5›¦îÐCuYÄ‹ m{$ g X‰õŒng¦2l]ms)ùŽñ ò.T$]¿[Êè@1/·û¿ïÝŸ4rŒA´5€TwLX˜GYéXW¨$W»ŸÒNj‡v²MI9Â¬©ÚÚ²ü†yŠÒtàÆzi4zÄðÀÒSèol'Êy#\öˆô Õ¶Á¹´UíC¯bºtÚ·ÜÝ¸Az»ç{x'iÅB¥¡Ë•¨„Ï7\º½ï{ÆôÚI:7ÕJéäk-TyÞÕÔÅYI°È Á ÌáŸÙ:>K-V%* -ëY¸*¯MØŽ;3z8‹3á€§cÁ:ã;Pu'4¿±Š4zjB¤qNT‰*SöÕøN'Üþ™rÙ¸þˆg-ÚìOÙ0Ã°Éè²ÿ°hK{»äRaº½‰±Ñ\Cþ£Æ“š…ß˜ôÚ™r—h-ŠÈê¶’'Ç)Ó„eQ2N˜Öª”)öïç¥?)ß#ßÐß‡Qš&RsÚÉ¼¶Êï1Ñ¢ú¸;çš’5}C¯n¥¿zÿqñ…'õ³þòéú—W'`XÛb’ÂZ ö!oUð¼Xï™¹ REÛ±¤ fs; §[ï[¡Ð…PŠ(U‘Ngô‘9žZF“@Ú¬Üb.( V€ýÌÔ5;¸.¸¢Ø]Àà(¦Ni!O' T,8ÖäøÚ™fpö•›(KNZ‹¸sSÈS*Á¦£û£#0¼ÂÉÐÁ^°˜…ƒj¯1ñ=2¹©•Â£éÆöªNÆ-X© -Z™‡:è*lU!äæb{˜óP++îÓéq–´•_Ã°BŒH?˜êx~±Ÿ…R!!hÿJŒn(è¢Mö©üiÿbð9öBN5nBî8GK{$S£"åhj”K–Ã@ãT¸î/?J[£¯¡qz6gÊÝò–]·ºwqk -Ï5YuŒŠ·ò[xW ¹ ;bò -rx l²wZ=7ûU(:Ó€3ãRZ½:ù¦]{ÅÁ!)XÝZ4RìÒ0Ìîýì‘É¤›Y\¹c67è‚h}¼æ÷ÇÃCœdtm*^Þ~çµ—‰ˆÅaŒr¯ãwƒÊ¤É…Í+ÔÚQ:>pXŽ:N¼´Ø‹üˆ˜Ö,†$R?ÑF jìbˆ¼ -›+fÀ|£Ð,¤÷çA¡æq©Å,ìòƒ«‡A4€Â1ýï Þk6Œ;bë8NañúkñžÄkAÌò_FÎc'¥Òªd³ƒ½¬ÆP“jJý%x?=aìÄí‰íÈÆñÄ·þ·™sq3Ocv8ÅKé|LÓ¿½‚3‹·®ÞÒ'kB_¹6y]¾AÿœV¿y ?à¥¬Î`bx©ûž–“Ù$›Mç`2glãÝòì³Öcúnendstream -endobj -1560 0 obj<>/XObject<<>>>>/Annots 654 0 R>>endobj -1561 0 obj<>stream -x}U]sÚF}çWÜáÉÍ! Y@gú@Bh=LZäÉKg:‹´À:Ò.Ñ®ÀüûžÝ•p¬¦µŒ´÷ãÜsÏ½ú6ˆ(ÄoDÓ˜&)åÕ B<¹]þümL¢ ¡$‰q(™ÆAÚÞ•´µö”Äó ¶gkènnGÑÜ>›MaãSsÚ;ŸI2 fýƒ÷Ù`¼ -iNÙ¨Ò¾LHY~GíæySs¥_©Pò§ìyÒ( -1+nvU=Ôª9Áp(YÅIíé1k†ÿáubZÃ³ Íë3¯áûÎZŽW E‘6ŠS›';rj´‹jðuønH¬>4—†Œ¢a/Ò.¢,)gÖG³jÇ¬U©rf8Ù¾Ê•4µ*Kä’]Øµƒ:ÍHÌ$+ÕA5Ú°ž0Á¡ …’x p+i½¥/Bê¢Qw@Ykâ’ñ=kJC;~dg¡š:h“Ä)†$’À@ìUíƒWÜUasZf]â+£eJr^8HÏ -¹m’7ùAhÛ7_è O¯:WÓÈ[–@þ‹=†6Aº¶ùQìs×h!¤oä´P+ -°Z±qby®4ÌWÉ{X¾¯Ï4^åFÐoDQÛ’¿âtJÖùU'îü†ú‘¿˜ŸIyìŸ„l^H_µáñðb¸«s¼ºoÃß‘®vNAjú¼üð÷ãbý‘FÏ´Ü¬îÖg| ³RÜýÏ(žÑü•Ç§NºM¥ -§cÖ mÒhRk¡¸ÆÈ~kæ'öª ð§ “Ã˜>/XObject<>>>/Annots 657 0 R>>endobj -1563 0 obj<>stream +ï3{~§Bå7ÆôÇ©*¤àŒ˜Js¨mÛr6®Áî›(ÐåúÓ" „ñ¹XÜÐl6ŽïùO÷ïîéok¾ãÅ’>˜¼áUº[i†í…á|tÇ2ö»?fLçÓl>[Ä™s3e?./þ¹øpÒ+endstream +endobj +1564 0 obj<>/XObject<<>>>>/Annots 649 0 R>>endobj +1565 0 obj<>stream +xW]oÛ6}Ï¯¸è“ÔŠí¸¶3 ÍÒlÖ´›t´DÇl$Ò#)'þ÷;—¤d[õÐ=¬mR[¢îÇ¹çÜ{õ÷Ùø;¤éˆ.'”Wgƒl€+í¯?~á+4Ï²1U4¶_JšÇ[—Ól‚[Ó7øo¾4·Æ—ƒlDãÙðc%Â3ÃÙ‡OÜ¸ºÊfÝë×‹³‹Û1 ‡´X!ÖÉlJ‹"„8 EÞ[¬aÕ”¥yVú‘6ÂŠJziåBÓRRídAÞÐ³±O$¬©5¾âå\-É¬è‹Ò…yvtõBy©¤öTo6ÒâyÇñ¼Õ°éÎßÎÔ^"§EÑ°³ÎÁn?+ƒì¼ÚUÊ{~N*vÌÎæ¯ v¶0û¼–FùD^JaÉËO¢Æ1íU.¼2:c_·ºŠ9÷GcÀ§ì0z,åV–|¬Go)ñxOi/¥íÚ€-l4 Ñ5±Ç¾?š°…ër%êÒÓ\TKAÏª, ˆ¨¤ÜºIØïeµ‰È6Oõ¦=HJ‡Ï…ðb)\¨Kir2<Ýí¬ÈsÔÑ»Œ®e.à‰îï>üÙºDíÞ2œF‹²Ü‘Ñø…k^ÀÏAœùtÉÁ–×ì½A12×šãë1´°íYÙÛó¼"+¬„C-e!‹PK<>šÄþ +˜Àƒ×-yÂ‹ñÇìð}åÁ‘J<™£•z‹ÁHImÌÈ~±†·J‚tˆ_xFlDÀÆNÔ"¤Ã®Ä Æƒ¦€GËÜ3cE*kbìÈz»F(NbWÕÎ³RÞ™<•xQU]‘®«%Ò&%x*±T¾Ž5›¤îÐCuYÄ‹ m{$ g X‰õŒîŒg¦2l]ms)ùOsŽñ ò.T$Ý¼ŸÊè@1/·»è=œ4rŒA´5€ìUwHX˜EYéXW¨$W»ŸÒNj‡¶²MI9Â¬¬©ÚÚ²ü†yŠÒtàÆzi4zÄðÈÒSèol'Êy-\ö€ô Õ¦Á¹´UíC¯bºtÚ·ÜÝ¸Az»ã{x'iÉB¥¡Ë•¨„Ï×\º½zÆôÚI:7ÕRéäk%TùpÞÕÔÅYJ°È Á ÌáŸÙ:>K-–%* +ëY¸*¯MØŽ;3z8‹3á€§cÁ:ã;Pu'4¿¶Š4z¥kB¤qN-U‰*SöÕøN'Üþ™rÕ¸þˆg-Úì›l˜aØdtÙœ·¥½[p©0ÝŽ‡Fbl4×ÿ ñ¤fá×¦½¶¦Ü&Z‹"²ºäÉqÊ4aYTËŒ¦•*eŠýû9EéOÊ÷ä·ô×~”¦‰Ôœv2¯ò;L´¨¾îÎ¹¦dFßÒ«;é¯?|šåIýÕ¬¾~¾ùùÕ $Ö¶˜äŸ±ˆ]È[ G"7õ±R8ƒ¡s0ýÑ˜Â^ÕÉ¸+µSAKóX]…*„Ü\ls*aeÅ}:=Îò’¶ò[VˆéSÏGûY(‚fð¯Äøà†‚.ÚdŸÊŸö/Æ#5©í_b ´àTã&äŽs´´'25*‚QŽ¦F¹´aùØ4N…ë~´øQÚ’}x {ß³9Sî–O°ìºÕ½[Sx®Éªc¼0P¼•×ŠwÕº#&¯ ç—À&{¯ÕK³_…¢3 Ø13!¥Õ«“oÚµ—’‚ÕE#Å.ÃLáÞÏ™Lú°™Å•;fsq‹.ˆÖÇk~ÿr¸ï‚ãŒnLÅËÛo¼öÒ<‘£ØQîuünÐC™4¹°™"bƒa…:B;JÇöëÂAÇ)‚ƒc‹½Èˆé~ÍbH"õ-10a´ªÆ.ÖÈÛ Ð¸¹bÖñÌ× +Í"AúpÄj—ZÌÂ.?¸ztA(Óñ^ã½æqÍ¸#¶Žã¯¿ïI¼Ä,ÿeäŒ1vRz!J6;Øqå0†šTSêÇàýhô„±·'´3t Ç[ßúßfÎÅí,Ùá/¥³KšLùíœ™¿ûxýŽ>[úÊÉë +ô úç´úÍýé/eÍpÃKÝ÷´OÇÙt2“qøò Ûx¿8ûýìÖOúlendstream +endobj +1566 0 obj<>/XObject<<>>>>/Annots 654 0 R>>endobj +1567 0 obj<>stream +x}U]sÚF}çWÜáÉÍT Y@gú@Bh=LZäÉKg:‹´À:Ò.Ñ®ÀüûžÝ•p¬¦µŒ´÷ãÜsÏ½ú6ˆhŒßˆ¦1MRÊ«Á8ãÉíòçoƒd… %IŒkEÉ4Óö®¤µ§$ž‡±=›XCws;ŠæöÙl +³ŸšÓÞùL’i8ë¼Ï£Õ˜æ”í*áKáÀŒ)Ëï¨ýÑ>/XObject<>>>/Annots 657 0 R>>endobj +1569 0 obj<>stream x¥VMs"7½ó+úè 3|:7Ä‰+eÇk“J¾gF³’€åßçµ4ƒ{+ñ¦\ÆFÝ×ïõë¯”úøIi’Ñ`L²ìô“>>Ù¿<þÚ™¦IF£ñ0™RIéh€¿ñ]AOü8F#¼§¼føµŠ¯”Np.DçR HÆIz·éˆ® }î\Î:½›sÊú4[àáñdJ³<äÇ'òìj%j¯,zå\p$*ºŸ ÉXúKWÙ=X] »û4ûÒéS7"ÀÙµ)…®èÊTÞš¢P–¿åDé$&ê¸<9NÒ!”U_×Úi¯èQ‰\WËxbHiÚœÈ&É˜O\ª…ÁwfMñuµV¸r8CÈéWÚ‘ŒuÿDu¡„STŠEnc~%|8+ðFš±¼˜Š¶Ú¯8àB/×ùi.œ–ÍÒA¬v¡åÈ)»Ñÿ +ç Ÿ,9Ì–¼!U…ˆü‰ÈK]iÇÖÂ¹±9¾–vW{m*pMh¶RýÖ B¥;ÉËÝ§<ÞRQDì µ•<Ÿž?£wªZ,U??îCèØ8ÉºòeiÍºÊÏs_ôg¯°^K`fÖ¾Ð—½¼^ÕŽ*`ø@@öÏWÑÃõUB·žêõy·E‚€ÒKÃdn±ç{Ój„Ç]¢Å¥b,CˆM‹u%_Qh¿w†¸ºÙ89$ga–¦r¡L97[^ÓêAýoøó÷¨i¸PF²ÐÈäeƒ|w’LYÇàæs6ž4}i™¾Ü_â¡’+m3žsš;01FæÖ®qE*ÔF š}ÐVïæGò=*oµÚpJAˆHf2°Žsâf£ikJ|fìi…=FçfÈAwÞÃ)’è¸ì¶›ßEªíÒ£Î24€U÷^°ÿ†ù½‚ªìKïiŠ–ô` @@ -3010,19 +2989,21 @@ x ³e8¥Bi• c‹E)0.FçÏ\Ì¡zZ^°V;Ìyo×Îÿ]ä<ñ^n´Bþ“up'*Œ-TMåCiºÙ4I¹oôÿ‹û?f.f£s´j¾{ä OwðdŠ rˆ@|ãƒŽžÏt¢’#µ£Øî~vÒÿKÃŽ-‡0ûœhÇû*ë³‘çš¿OŠ÷Nµm±¿+;WÖÄ™ÁÇ1¦¯µUÒ»{¿šïIó´#Ñ +çÞÜ"ØNÆ0…3åëŒd=àyëàìªDiŽÇšhéÈÎƒÀñxo,*ÚÁ¸j…ÆÉ‚ÿÚ¸X°Ào¤)ïÜº®±%ì±:ÿÖu~ûkØß ¯†Ý(¨3×‹Ìºò'Í£–÷§ÇÃúäwõi¤°J =s¥*\lq% (¾)Ää:ÆÄë²5õñÁªÔÐýîi_4¬,€¨r7¸¨Lû/ˆìärƒéÀ0×Ê–hX}tïÆ[»ãU¡É~{hÍ‡î"±B†í*ÜjŽëë¨7]¡”ÍyÜ'Þ˜7VÊý†ö:°àYŒs«P vJ~·{ç½#ïK!WXZ˜>°C!%ö©Í(°4Z7F5œ#Þ÷(–¥ÓÍcì°m‰%j -–Þf:Š3ˆqz7Óv™ÈFÔeI:ñBñüí°áLÃÉ0™Œ§–Á9ôË¬ó¹óý[Äendstream -endobj -1564 0 obj<>/XObject<<>>>>/Annots 702 0 R>>endobj -1565 0 obj<>stream -x•W[sÚV~çWìK§Ž'Ý ™LÇ‰ã$µÝ˜™N'Îƒ£DÒQ¤Cˆûëûí LÒ)«Ý³—oo‡¯#\üyûD”#×q)Š¼‡³ï>þkEkf@tÿöáíÈ#gJÓyìDTùNÜR9Ý†tA9Þ€;¤Áõcg6ähp§ž¸¾ƒSêø0;‹œ°%Äªð¼Š]ˆL…ØóÂGTPÂ¢%z^ì‰NÏqüBõÌÈ¥s -ÑóÂ¹` Î„Bô_ˆ=Ï›ÛàÃ±X¢çÅ6xAÛ¢çE³Þž'DÏCÙO«Sˆž‡¤10V§=Ï %v‰ÏbÏ›³¡$}’ïÌ "Â‚âù3‚Y¯£ÉUüi±FD³˜+©r—éÙb£Pû þµÁW*²R×´R&Éò†šmº¡¤¡mVUëu–«æ95QU:ÏÒŒ(“:ŽCïôN}Sõs‚ªÆj-µ¡R¥ªi’:ËŸ->\£|¸qÖT*ÍÖYJFSBwI±Lèöò5›,ZÓPõ(þÕ*OŒZ±è_Y¹Ò»†®Ðmvºþ’•”ê2U•i62¹š“‡P9æqÀÍs‘8ôZ—ëìa[ó(o^ê"ÉJfšZç¹ª’¸± -%œYguc T„CiÃêê|éCÉöx[®Ž$%üÇù*©“B<ÚƒóÈššbé Œ5 DZŽÀÚQÜ+ÃÕ÷*gÔ™Mb®T#€«é4S‘”0ÿ %`ãótAXlà,Øê{RT¹"f§ÔÎY§â™3Z£`’Ô€óœÀßº£ó6~›¹^&ù§.4=ã„×z•4(”<Ç‡a• KÊ8{0R¾Ì4„Ì=£—« ‰½³Û›·7Çt§9CµÞV§^_|¸~qpxlÍËûÞW$£Ùèm¾âÐ¹^9+[Dœå\§I°Q#5-kT«-©ÃPEŽŽÉ;_¢¿qƒ´±VµZ«šóhUu‚J€H¶¶ÿKlè×‘²“q6*E«˜Ç}>èþ¬Ø¢øe$ì¹/…¾Æ*CìD:c|Ž¿Ÿ´¦Ê´~¬¸Ë«¤iª -Šçô×mV«B•Æ—ÙSk‚þxg¶ì¤Õf[Uº6]úrý Ëu×"Ü³¹ð~¦w'³½Ú †èïO}ÅðÜl:§ïñúåúþ¾›¼ ¶Ì;…µÆ,–~mh£Ô$PKaCei…ÚÊÍ-z[2â‰ù¡O«:û¶oµwÒÜƒÊ³~³±¡ßLÛVþ©×vÀ9zP¥ªÑÿV]“ÖÌ–<—ˆŽ+Þ ³AÈµ,8Jçç—7wçç%JnÍ˜¢ùú%õ#øÝ.9á¤Åêê/£[TŠ³m‘`ˆöÈ¬Þ§S?Ù6õDšuÒðZœäÙrÒÅÀG:±~V¤K»]E9Ù¡‡åYcºÐøsrÕMÌÒ$+¬~ûÐµcô¨Ê^Xà$J.h^x%}äÕÇ®jeØ…ƒH±ÉÐ}¬—IiÚCGºžDXê# ÙÁ(æ¤ùÂFÁ\÷Hªo†ÁØ -ö÷¤.ôˆ—ÓBÚØŽ¡‹›Q¯qùÉJ#»yƒÍõÖ§]ÇÉ»—¯#rÏÀÕ@—²mñóc¿nßœ˜t2WÑ‘ªL–¹Z9t…ÍZðèèîcºDSï¸¦W\Ö®^² ð¤‹´½Y½¹~ýáïÛÅû›kgcŠ¼½¥í.ãÇˆGÝ-ìÞâvƒÎZ/Àvàwß3ÂÝÅ¯.è¶ÖŸ1MèR§[Å[{tgc;øÿ_µÂ8tâh†Û‡’·7‹ÑŸ£ñÁÐÎendstream -endobj -1566 0 obj<>/XObject<<>>>>>>endobj -1567 0 obj<>stream +–Þf:Š3ˆqz7Óv™ÈFÔeI:ñBñüí°áLÃÉ0™Œ§–Á„?úeÖùÜùýGÄendstream +endobj +1570 0 obj<>/XObject<<>>>>/Annots 702 0 R>>endobj +1571 0 obj<>stream +x•W[sÚV~çWìK§Ž']@‚f2'Ž“<Ôvcf:8BŒI‡èBÜ_ßo÷HH`’NñXíž½|{;|äã/ $¤(¦¬øžOqá}D&Bìyã)GTR<†EGt¼$?åø…ê˜±/Jg¢ãg‚83¢ã‰(u…Øó¢){QRDÐí¨Ž9 ;ƒ‘/äåÕK]¦yÅL[ë¢PµSÒ7D¡dŽ3«¼6–Â†p(«UjY]J/](¹a·ÕRáHZÁœß¤uZ*‹G{pY“)ÂXJ¤å¬µÀ}cY£ú¾)Øã#uvZ+ÓÈàjDZÍT¦Ì?(A Ø„<]$8¶úž–›B‘ƒ³Sjç¬UqˆÌP0iæÀyNàoíÑY“°ÉÀÇ‡B/ÒâSš€qÂë½J J¥ÏñaY¥aI‡Ã FÊ¹r€¹gô²q5%±wv{óöæØƒö4gè¡ÖÛÍé£×®ß_:óò¾÷É0k½-–:×+çaéŠˆ³\è,-6j¤¦Eju%u +¢(Ð1EëK<æoÜ M¬›ZTÍytªZÁG%Àô$Ûÿ%Ö÷ëHÙÉ8ÊÐ*öqŸº?+·(~ {îK¡ïŸ±ÊÃ[‘ÖŸãï'©*«7Üå›Ô¤j‰‚âù„ýu›×ªT•uÇeöÔZ£ ;Þšm;iÕl7]Û6}…~ÐÕ‰ºkîØ\x?Ó»“ÙŠ^5V#ˆƒ!úûSßE1<·ëÖé{¼~¹¾¿o'/¨-óNFá¬q‹¥_ u‰šjìcˆ¢,PS¹¹¥…¢Ro+F<µ?ôiYçßööNš»WyÎo6Ö÷›i×Ê?õÚm8GªR5úß©3YcÐÉl) +‰è¸âÝÐ°k„,QË‚€£t~~ysw~.Pò¨äÖüˆ©!š?¡oQR?‚ßÙm‘^V.O þ¢7ºE¥8Û †xoôÀêüxêA?õ£©GÒ¬#ÃkqTä‹QíéÄúY’®ÜvíeOd‡VTäÆ¶¡ñçèª˜•M—Xýî¡ïÆèQ•½pÀI”\Ð¼ðJúÈ«mÕÊ°? +‘b“¡ûFX/£Ê6‡Žt=‰°ÒG²ƒQÌ©ùÂFÁ}ÿHªk†ÁÄ v÷¤6ô˜—Ó\ÚØ¡‹›Q¯pùÉ++»yÍõÖ§[Çé»—¯#rÏÀÕ@W²mñóc¿nßœ˜t2WÑ‘ªJ…Zzt…ÍZòèhïcºBSï¸¦—\Ö9®^² ð¤´¹Y½¹~ýáïÛùû›komË¢¹eÍ.âÇH@í-ì>Œ“fƒN Âváwß3ÂÝÅ¯.è¶ÖŸ1MèRg[Å[ô§ ;øÿ_µÆÉØKâ)nk8MYç›ùàÏÁ¿òÐÕendstream +endobj +1572 0 obj<>/XObject<<>>>>>>endobj +1573 0 obj<>stream xXÛ’Û6}Ÿ¯èò“\%Q·‰¤ñ›<¶+Ù²“ÙD»›T&µ’I09í×ïi\(‰%W¼›”my†ÐÝ§OŸnð÷›)MðgJËÍ”•7“dBßÜ-ñy»âÏþIÛ›·››ñ‡[šNi³åµ‹Õ’69aýdB›l°ÙK²Ò£tké{Ù´y¢·lSU;¸’µ%,ˆFé .dE›ËœªÙc£²”+Û•¶î{xÖ3˜ËF¨Â&×0š-’Û/À4š’é¾™%+^ò“(SAsäZoá6£L—u!±âÿO>ê-íŒnk*E]s)b’²ê û~ãødÿ£R/=ŸÝvK b4RÅ‘~oÌ9»Š±Î=ùRÌü 3ÊÖ"“¯CÌw4·`Äh~ëFÜ ÝãÔ†ýû$²½ª$mÓreºïÜß´ªxÉ½Ë²…½àêlâOâÜ½söGšÁØl™,º5€ðg@x„¸y\ã£f/~ÞZ›hq~Õ¸`qÏµxÜãÀ|í]æñõÉÇHröÑÛñ¼Lè»S2@ðRUÕuzBÁþS¥8‘|u4·\˜äU„ °gƒãka-x›ƒØ¼ŒWd*0ÄzW¶9ä 3²qõ„[È’[¶Ìt,?‡ø¬–îuÕ]Ò$´áRpˆºƒTs¤-ÒËG‚#µ‘Ï\¥€©TmÔqt´³cE)¹ß~÷ÃOTñ/[£Ë=?Rp A)Xµv`!sÉ”–©¿ä¼Œ}I„DÛä¬†4›L^†ôó=½Å^„.ŠžQŸ{GÎí|í Ý¹w/4¦O8÷[Hâ ¹¦J7 }+«L‘®(e¼¥gõÊŒr8 vÂI¥,Süæ2àHe&5)Vw‰õº¡Z[Ë¸|ÃžeF´ÙC÷ L¥{Œéf'*„s¢¶»ðÞÝ“m´?yE–ÎkÄäG¹c}=&´ö54š$ «k"Äjƒ `r½â+ès•HXšHI©ÈžF!ç¢Ácö’)w…£pŠËF*Û¢QÝfñë*Ê‹§k å^;þ°8õçQ„È–)ê÷ûQÁ4rHxu6SŠ¶ @@ -3031,10 +3012,10 @@ x $‡‹dÜZ3æ‹1d%ãB¥ãp‰ž_P»ÂE<–Mæ7tìr²™ßù¾r6ÜÄ¬úá&ölŸW$ößUëæÓxÆÉu’é¢gé¬rYƒ€ #N£=ô•ËlèŒœ{äW*Ë¡ŒÎ„9òú©µµÌÔ6ª{°óªBìÐü—.ËFT;ù*îæRCËr˜ÌB:¢ž™ëât©¿žÊþDùG©üÚyéù˜š&O‘ò>OF vª*¢p™§<2T\÷®óG×C…y)ò§D;_AB7ùªëÐ:þyž\×ÎxÛsÕgøIQ•ÜBÆ]®À“à¿×1¯xêç–ÆÉ“s>®Óég”FXÀâÅ íë×d© ZrÐßÆˆ\±.ˆ‚¼5ò““*PÚ™þ+’t6 õæøhŽWu|Lõ3ú¦“W3Pæ›×Æ/ïÀK˜T!d;Ê£|ÆÛØ$¢$¹qG£‡{)äYÂÅ$Jä<ÿãç³}8ÕðùÄÈn¹’itXc{êdÖmÿê1dè×]¡SÔæo<Å9÷õÜKXý¿œ°X4¨gE.ê«eµ®èã»õŠ‰çæ¨>¸hñlëØ'ý?ÿ2x2ˆ‘Ì’»7Ä§¿{ÁÞkÛôâ@C +0æ:)[Sï-”ù¥FG´¿Sì½!¦k,]ÊÄ˜‡.Ó÷N¾ƒ ÑFÀÞ®Ps1LõÂñ å¿d>_-¥+QÄé ÞcòÂtÄ³ÑöúÀâð+Çta°õ¶èQMn\ÁK„nH‰B1„³;½/B÷†fð9®æ>ŠêD‡gI\:»K -FÊ=Ç®˜GFçô¾á¬F;ýŠþÀñ^+4Ì¸<ÄÀ$\À4TáâÊµÖwàEÜ÷öÈ›5nJðÝÖºÊY(xdŠýÚt¬ÑdùÊ|j%—!žF/´À|hÝÕÉH÷ªÂ‚u˜¸›<«ðŽÃoºd}ÿË*›Óù*YÝÍi—Hü.aýéíšï:Üp{>{ÁÁ§Ž¦¼WZÍi´œÜñú?q[wÈŸîç·ËÛd¹Xù—C·S¶ö~só÷›ÿ-Pøqendstream +FÊ=Ç®˜GFçô¾á¬F;ýŠþÀñ^+4Ì¸<ÄÀ$\À4TáâÊµÖwàEÜ÷öÈ›5nJðÝÖºÊY(xdŠýÚt¬ÑdùÊ|j%—!žF/´À|hÝÕÉH÷ªÂ‚u˜¸›<«ðŽÃoºd}ÿË*›Óù*YÝÍi—Hü.aýéíšï:Üp{>{ÁÁ§Ž¦¼WZÍi´œÜñú?q[wÈŸîç·ËÛd¹Xù—Có;¶ö~só÷›ÿ-•øxendstream endobj -1568 0 obj<>/XObject<>>>/Annots 705 0 R>>endobj -1569 0 obj<>stream +1574 0 obj<>/XObject<>>>/Annots 705 0 R>>endobj +1575 0 obj<>stream xWkoÚHýž_q7[ ZÅ„oI³]uµm· UµR¤Õ`0=Cýaýž;36†¤I»JI‰=÷uî¹ùvQ?t:¢8;ê‡}:›œ†NÆø>À'—´à8Úüúô»=:èÃe4á?÷GJ×Gß(‡§›¿DÐõ'8½·Ñˆ®}<ºœõÞ)Šh¶`û£É˜f‰µÒ§YÜÕR&TŠs)JI/g_qîÚóÝž,ãÞZÅ&qojM]’ºÌ•,Â›—ü&€ê`0 ‡PÞ$âø”C±-Z2¯”Æ«¼*Jql*]SVÒÖñNèJ¤Î-etH—¦\Q¹’t-²¹ ¡ŠMžËbmt¢ô’>ku_ë³Æ]H Í·´ÂñÐEûØ‚q8áÔÀß›Áhì#¯ã³/ƒèÀâÀñÀt°H·Ç-—§÷æÑ H$ªÒd¢T±HÓÙzä£(9$v¬OµRe€ºãTeVóÕ2›'~ž@¥$7Ý7&§BÆU®Êí dpÿøL.c“eR'Ëd¹2 2E³ÆžÀ0[šÃËŒä ÎlŠÒí£ÀÖ\ha{Nè±O&atNÁ@ftÁš0 Égü5›CÆÉ,ðÈqef¹rá¹âòXg @@ -3045,10 +3026,10 @@ q »žÏÑþfØÔá÷f&ksL«çf+íE6wú¦;q‹ênáüØDÔÅŠ=á½õ'Ûic;j9Oš–ZÇÔ85ïZéÙ°]'YS·û„d·Þñ<`b«nŠz{ÅCÍs¾Æ¶ÙV ZJÉ[J»Ù·0[ä&³rŸw*¾¿%ú’«±ÂA?óÎÃÉ`Ä½à¬®Vßf=ñÝK ;j¢àEºu´à‰&aÿÍ'éºÕ°^ ™Bß!¾[£`«‹Ûzk¬ä·JÝ‰”÷iÀb7 «‡¶‚¯qÚ+'Â6*è‹Ò‰Ùëýuõº±„j¿¶/°b)óctýB»ÊÛ‚–•ÍJÅî2ÓÊG½g{€¬èî G{Ž[ð=€ö„ëÍRÚÇáì†ØÖT¹¿80$wUÊÙŸc¯ƒ=ly -3¤J°V²F¦-`—S@°Cçç-¦ZÁ³µÝ8Cº°h)Í×%rh¡åôds™5I[áØ~g·J2®ˆl§^*ò%†¬\æR²8oðÝ‡oZÈ"**ì0ÃZû·©Ü|µÍm#r\¦~aµ½7¸4Û«n4†“É÷ã~8˜Xæ^_¼»„÷¹ùŠiŽÛt\ñ¬ivž áö>9¥`Ü·,ý?÷˜áxŽGwØ§ßfGþ³Öûjendstream +3¤J°V²F¦-`—S@°Cçç-¦ZÁ³µÝ8Cº°h)Í×%rh¡åôds™5I[áØ~g·J2®ˆl§^*ò%†¬\æR²8oðÝ‡oZÈ"**ì0ÃZû·©Ü|µÍm#r\¦~aµ½7¸4Û«n4†“É÷ã~8˜Xæ^_¼»„÷¹ùŠiŽÛt\ñ¬ivž áö>9¥`Ü·,ý?÷˜áxŽGwöÙ§ßfGþ³Âûhendstream endobj -1570 0 obj<>/XObject<<>>>>/Annots 708 0 R>>endobj -1571 0 obj<>stream +1576 0 obj<>/XObject<<>>>>/Annots 708 0 R>>endobj +1577 0 obj<>stream xWkoGýÎ¯¸r[™HfaaÍCéC¶·®š>bª|¨ûaØÌ$»;df×˜ßsç ¡VUE–0;÷yÎ¹—”øKi2¤Ñ˜òª3H4žÎ’Œ²éï‡ø7’–|€Gw/oìŒ²)Ï§üZáú8‡O%Ývö?ãÆ&û§{Ÿ+ÊÒ,™írÙd–LAé(åãO£»œwú×3J3š/‘Ðx<ÅåyáÐ<ïŽ“,&tò[ÝkV²w]nOèÊHÑ(]“^Ò‘¯T-inZÛÐEžë¶nì‹ù{ØÍ(M½ÝÞp«ÝùJ’•¹®ºë ¼|¨*Y²¸{A±e“¹3_ßSl7Î¶¶IY²ªZ—[j4‰²ÔBht+ª…€yó ûP/%Cö‹çœQÉV$,ÕRÂ'mV²v—óRÉºaÓï5Ò)Ø4-t%T{CTƒíÝª:—$^ðz4Rd÷±UFZ”kƒ7kd®ØŸµz¤ÏN+Ù¬tAKmH´ \6*GbÛƒ4v…áÈömpÜmù Ùv½F2ÅKÄ¯w1 êKußš]çØˆ( @@ -3056,10 +3037,10 @@ x ÙÞ#øš)+wuq5sŠŸ³+Ý–G`eã¤– µ\" e,'â[uèÌZ+Ñ nßê(%Ý¾lò¾»îzñ4%ºœ©Ùž¹H0%Z£š-4DX]{X1nL8t+ßéÆW&”ÿx—C ÚÏ"QçfëµŽo3^d(tË.WPž{_Í£G ºô$jè·›¥ËÉêÃYÕ®W64T5ÐC ØBÕ€ºH®<«7I¦)æº›qwÃñ$Ô:’Ï÷ÒìÜOÁÈ’_ç¾%Qz{u½y&EÌg…EðRŒnvM°œcÎÞR5ï4ØüÊ¶`0ž~}ÊøÃöÖT†q1RkYtºÿ »{×m¶k¿êAð=+ÿ‹P;ö3ÙG%Ök·R'tm¤¼¼}uÐJ¿{ktÔNÃNdà\×§M\–…ß Ý´ßå‹[ÊÐ^®Ÿ¶c4óÛëÆ4ÈU:B§f#g^n/Þ\^pÞcÊÓ+·P‹Æé‡CD:Æ/©éˆz“ö4¿ìü¿ß"Ù$K&ã)~áÀL6bë¯ç?:ÿ·UH®endstream +´O-1¸2¯€‹{H†{ë!|%AUj¨è-Ú„vƒ#_Éüƒ«õB?Ò‰Û7À6º½[°!î4Á‹\rB7ž‹ŸÃÒ•‘»|¼Q¸ ÙqÃ'»'Ÿ[ž-¬BÀþÿ_¨z¬q_¨la°€‘úåF†,<™BÈŠðbyß)âV·^ÈÜZ‚ù~”¢ìŠQ—Œ(An=ó¢Îb˜-ðOýÊÚÝ#Æ$öÍ%äbš¤3Ø=8NÎFQÐþnô¢”ëAA¯Ñ&¬‘>nvM°œcÎÞR5ï4ØüÊ¶`0ž~}ÊøÃöÖT†q1RkYtºÿ »{×m¶k¿êAð=+ÿ‹P;ö3ÙG%Ök·R'tm¤¼¼}uÐJ¿{ktÔNÃNdà\×§M\–…ß Ý´ßå‹[ÊÐ^®Ÿ¶c4óÛëÆ4ÈU:B§f#g^n/Þ\^pÞcÊÓ+·P‹Æé‡CD:Æ/©éˆz“ö4¿ìü¿ß"Ù$K&ã)~áÀL–²õ×óÎ·AH¬endstream endobj -1572 0 obj<>/XObject<<>>>>>>endobj -1573 0 obj<>stream +1578 0 obj<>/XObject<<>>>>>>endobj +1579 0 obj<>stream xXÛnÛ8}ÏWÌ]Ä]$ò%iìäa¹4€Q4é6.‚”DÛl$Q%©ºþû=CR‰ì&‹m€Ö¡ä¹œ9sfØï{CàgHãŸRVî]Îöú7'4ÒlÁG§“1Ír$ƒÁ€fYo¶’T²$eIWÅ†TE./(©±2'§©Ò?•3›C¼›Iæò”£µ6–ji2sÅ&¡{M™‘ÂIogßöŽt4gìÃô8…@ý:þ¬ªÁôö˜ú5 ®_\¹T¶+_˜|ccÝ©ñG^wc§<ýÇEòK'8ú?ú•±:Ù¶÷h¡PÈ°—ì¸ël)mEó<š–¢¡¾¼ÔaûåÆ† GOµïxíŒU×Yö×-ÃsjœQëÂK% -Ág-án¥»œÞÝ½{%ù·@£æÀ¼G* ]ÚÑ—¶Ñ¿²å7„ùÊ[˜Qò¾ ½âtøBÁ@¥Kk_º¬´*ìeA¾\`¡©¥®‹_òòE2²ÖÆyøxªxöa°±¢Ú&å¬÷•Ë³Ó ˆ³Á/8¼QÔFo7ôêNé|[Ä†Nh‡7°ŒqÅÝÙ‰ãs¶Ù[pü²ðžMx÷~UxGÃaØƒ¢Æ™Í{16pÅó»ö÷‰0WÒ;é?Œ>„Û›Cƒéê0®"¸„-DÊ÷´r³“vK™TræÊ²Jå;*ýËšð¢ða=¿øˆÉU@Q „Í’Éê1JFÉ€9RúMôoá ~6Ä]›àìK‹.yÐ°\gM…€ã( —¾î@Ü¤Cp³ ”ˆRå‡Vçæ°ãKÃóªŠ›U™æ `?'æpž‚Ê%J²s|úQ›÷F§lÈûœ¾Ü~¸½{¸¥÷Ÿ?ß}öƒˆ/™þ~Ñé¤ßY¸gßý›í=x|öË<‰Ú?<ž$“³cz7Ž¸û‹—ôÉèo¼º\ë¬)Ñ¾òlúhx:N“c:Î˜tøP¦ý»ê0Ý›}ºâ{}\c?ÆûãÌß/â¼`S'ã“d|:ÁÿGÀÌÉ ½Ÿíý½÷/Yendstream +Ág-án¥»œÞÝ½{%ù·@£æÀ¼G* ]ÚÑ—¶Ñ¿²å7„ùÊ[˜Qò¾ ½âtøBÁ@¥Kk_º¬´*ìeA¾\`¡©¥®‹_òòE2²ÖÆyøxªxöa°±¢Ú&å¬÷•Ë³Ó ˆ³Á/8¼QÔFo7ôêNé|[Ä†Nh‡7°ŒqÅÝÙ‰ãs¶Ù[pü²ðžMx÷~UxGÃaØƒ¢Æ™Í{16pÅó»ö÷‰0WÒ;é?Œ>„Û›Cƒéê0®"¸„-DÊ÷´r³“vK™TræÊ²Jå;*ýËšð¢ða=¿øˆÉU@Q „Í’Éê1JFÉ€9RúMôoá ~6Ä]›àìK‹.yÐ°\gM…€ã( —¾î@Ü¤Cp³ ”ˆRå‡Vçæ°ãKÃóªŠ›U™æ `?'æpž‚Ê%J²s|úQ›÷F§lÈûœ¾Ü~¸½{¸¥÷Ÿ?ß}öƒˆ/™þ~Ñé¤ßY¸gßý›í=x|öË<‰Ú?<ž$“³cz7Ž¸û‹—ôÉèo¼º\ë¬)Ñ¾òlúhx:N“c:Î˜tøP¦ý»ê0Ý›}ºâ{}\c?ÆûãÌß/â¼`S'ã“d|:ÁÿGÀÌÉˆÞÏöþÞûYendstream endobj -1574 0 obj<>/XObject<<>>>>/Annots 713 0 R>>endobj -1575 0 obj<>stream +1580 0 obj<>/XObject<<>>>>/Annots 713 0 R>>endobj +1581 0 obj<>stream x•W]oÛÈ}÷¯¸/)€D}Z’÷¥pâ¸ °I·kAÅˆR“3Ü™¡i£íßsgHI¦w‹6ŽIÞsÏ=÷ò×«Íñ· í’VJ««y2§ëÕu²£õn‹ÏK¼¬¤œ/àèéí—?_-·ÛdM‹ëU²¡ŠV»Õé[IW«ëerM‹õ¿V´Þ¬q*~ã«ï÷W³{Ü¼ }Îž7»-í³`Nût|ë)WÖy:H’Ú5Á|‡ŸŽ’'HSÓhï¨Uþønÿ &á1˜“«µp®Íh*é>þC<Ò{O`H9Âml%Êò…2£å„Mç4]¬’%‚·G©éÅ4”Z)¼$¡©óœðQœ\n$N~Òdl&-ÇÚû„E€YôS[ƒà+R Ö ¥Fçª¹eNœâï\bæ{¼5%å¥(`*^FCÖAÏ¤Ogµ¨’læDuC;¹ÂQnÊÒ´îÇÞÐ „SZÇ”¨û×….üÚ(+³þw¸øg-m¥|âÌk'°²Ú€HLl…öŒ••‘~o…ÍTU¯ªTþ…„™{É3Wšúèºâþ§¨ªò#G¢Œá\@RçTàùC£mvx“Ç8¡ýQ‚/g*I‡¦obNÞ†ˆÿ ÊF«ç·c¼YK™qnQ2''¯iÏ¶™ó•ACX™J ø$S|Ë#»¸žŽ³ûZ ™rF¯®Ž›d“Ð×£ðd`ÊÒQ–5¥ ò'*¤ÿÓ›Ê-·èWTîœy%ôÒol*»U:ç¶ñ…xª½‰²r¨|‰¡Î¥Ò•Êy¤õËý® Z"3iS!‘px€8˜BÀ`‡-,Gjd°gÕ¡ Þ¹'˜OÀä… c2’Ïu)t°b-¤†\@x>¿½jÓ®Ih€×ƒE3 àJHV¯P§& ž¨)QhÔ…MzcJ@ÖP3C™WBÜ™ œ/M¼ @1"y¯b)r¥ßòAV¿SžNqþªe¤H)ÁŽs8]4(D¢à2tDïeÍâd™'ôÖ·>npš‘©Ý@lï ±¾f¡’š?pÏÖ2Uùµ\³QL¼”O²~h @@ -3086,18 +3067,18 @@ xs ¿Ûßg»w<ÃÐoödõÃÝ±÷³OŒ4. 8Á‚¸ë[yÀ×QœG/Ö¸ÌByÜQÕñ±&ÜšwuÌr‘QˆÀ»S«ñr†œÃPi &9«$6Å…la-ê@”ŒF ²"m.Rž¨¼!TÊ¥iXŸI8Þ~ÏTŠ2Ý~›0ë çw)"Fã±*Äs¡=ß{GYYu±¹`³…4öÒ\šü°8sŸc5Y E>Õ>êš,'ô²‡g–BàÙs9nRÄÍ¥µ âÜáp±Ìr¼J»ÀÀ‹vß&»žq—ñyæq‰®cÏ³û~E¦«›°5ÿó43X{:Œ¾¼fäˆ§ -Zù}=+>ž¡²=©nž9÷n÷;éNðÓ©Î)ˆ]§J‹Õ.ÙÝ¬h³íž]n?¿¿ÅT4ß.Ý].Ý¡R‹ òw+šnçxòËÆÿÃcÂz»N¶›]T¾õ5›ù¸¿úÛÕoËL&“endstream +Zù}=+>ž¡²=©nž9÷n÷;éNðÓ©Î)ˆ]§J‹Õ.ÙÝ¬h³íž]n?¿¿ÅT4ß.Ý].Ý¡R‹ òw+šnçxòËÆÿÃcÂz»N¶›]T¾õŠÍ|Ü_ýíê7Ë8&‘endstream endobj -1576 0 obj<>/XObject<<>>>>/Annots 730 0 R>>endobj -1577 0 obj<>stream +1582 0 obj<>/XObject<<>>>>/Annots 730 0 R>>endobj +1583 0 obj<>stream xÝXMsÛF½ëWôRRR"HHù²%‰‘£ZËöšÌºRÅ‰‰ŒˆÒeû¾n|¢R‰7Þ=ì–],3Óßïu¾œø4Â?Ÿfcše'#o„7ÝÏ§·'~à{4žÞœ2OÏožRZžÌÆÞˆÆã)~±8›ò¢<ñ¢?šy3ò/g^ «#oÒ<ñêØa·?ŸzS¬NFï•'9\B?ó½1¯Bmû$gGü|1½h€$y’Õy€S>öÈÙ`Óë'YÐ\ˆQ“^”^»^o§äû´ÚrD‚ùŒV±dD«èì.·.LSï(W.39á˜ÓûíMù€E§ñ¦T_*]*K!E¦*REfKÖ©Âz´JmMšš=K K~*Iw‚¿_ýz2¢?ñ«øì}æˆ0Â7½<§}¢£r3Èßk—Ð½ŽJcÍÖÑgÇfoÙœ¥*UI8vÎ6¾Ús¬fEŸ{àXmiQšHYK61UÓF‘Õ™NÃR¬6.è±ì5|ì0¤Út~1Õ‘¶½NSPA D¤¼6ð¥ÔDžnˆw,GŽîmñ}’iñ.×N#oÏôl*ÕîLx:…µœBº7ØŒŒ¬ŒI‘@èºÚ©ÜrÙÐ.¶¡Øà¥¶¬å2h¾5½taéh€T8‡\[üycrWš”>†¹JñÜ*åMå£F¨ñò*ŽYÞð6j qàûÞh2RáËz|1¢z½-Ôf¹«™¥JUäÄÚ?v‹=ŒR=°ƒ§þv*ÁûóÊoDê"ÖDö…óß¨å \NH¯æEßåõ²OTN(ä¬p*þ7õ@f—Áì€Ç+Vª-Fçµþ¡["{ NÔ“¶64‰Å £œ}·üe¹úñþÓ‡«ïÖëå38!›Œ×ë\P¾^ÿàýð2µg¨²½áw=N°Õ&½D(S µ²l ÒôüXe–•]¯w<’»ì#¡Ìƒ=,ŸiñîÝ©Œóyf*umæ‘5E=(Gq•ç‚—ZQçs®¾²à5JÉ”1¥KA\MN‰"ù¶‡þó¬·ºDà…ZŽ¤´H`ë½`¶xoP¾EÔeÕ£Ã†A>bóÿÒ‡þŸðÝË9w¶ÿÈß›=lñ,…P»«‹ŽÿÞ_gTó`¾æPÓlús"-€V¨2Ó–;.Ú“•Ò•ÊŽ”„¯(uèê¯DïvJúq¯†q¦s°U‰ÑåQQ©w‰³u¯Ð¡Ÿe•7ð?†íêÐD*dŒv´|ù$"Z54"ó“´Ú,un 'oGnÏÖk±X8S(¡cÏïedÁ@z1ƒa|-Sj"Ä!®Ç¥‘Q\ÂeŒ2BÝMÈÑ0ô–£z¤Y8EçÖ²zÈÃþu‚Ø4C€‡öþºfB™™A›è4‘!Ë>À²‡éPI¥•l)Qi±RúùÓ»z.©§/£ö Û§¥Ÿ0ò@¶³M(y§Ä¹âÍphùgÊGŸ%!rR¦Ë3O®0Øñˆô–÷çgxQÚÆGõ¨RSdÈt½Ô/g_Tñû¶èj›k“,LCA¯óŒ)eŒÊÞ¤*óèSµ9'-"{œÞžA§pIX·é¸6P†n.@N dj'ixín;ƒÿÎÈÕ|K…X¢–‘qŽîUYò‰Y¹JQy\×‹ŒÏˆ·F Ãc‹›äì÷{Ï>è¢xöÐk‡Èmõ4´ÙfÙÎx‰ËÒo·õ*u˜æw áî†;W ÓÌ o&aŒhXŠÃg¦–>.nÎi›cºóÁ’áùA©B¸±–€]œÓ~À4@d]um0…<*á@ö”§âÊ«ºi‡aj'ÓÐ’0bŸÕ )÷ÚF$ø`”ÞÜÝ.ÁÙbé~[å£;,L&_ë~ÎõS¼MDÙ‹6¾‡ëÛðŸéC”sãïoÓz»úXcœuš”g¨åý5ÙBEö m÷øõ²ö¦(úD”Ã¸Ü 9:_eÅ`2öf3\Õ§|½– æãÚþî3oîcdÆå=à?àÈ;Ú¡}1¸žƒÂ¹g’³¥´Ì@·ð¡€×ù²R^e8Ø‘[©b1½åÑ[ÜÌLûŽôÎw¡f>/XObject<<>>>>/Annots 735 0 R>>endobj -1579 0 obj<>stream +1584 0 obj<>/XObject<<>>>>/Annots 735 0 R>>endobj +1585 0 obj<>stream xXÛrÛÈ}×Wtž$§Hˆ‰”ò’’íõF•ÒF‰XÙ¤¢<9ö`†;3Íýú=Ý0míÖ¦l«`.Ý§OŸîögSšàÏ”–3š/¨lÎ&ÅoŽ?þöíÙbRÜÐ|º(®¨¡éõõñÉÒÓÙl~UÌi>™3|]/ŠI÷Ä_qÞÍ±ãêfÉ¿ã_ÐTŸ½_]~º¢é”V5ß½¸YÒª’{'´*/îì^"Ö6ºYë@i«~hªô‹¶~§C$…“^¼m]Òxñçƒ¼t>ÑN™Š”«ò[‡]áÝêóÙ„ÆS6uU]lZï¥äi|Õ–š6†dÊÖª@µV©Å%¸úÕûd]Ð;ÿFÖ89_ë˜hÓêÏù¶ñà:¶†mÛPãƒ.xÁå§²Ã`<“ùœf3¬{ž]O(/éaêVŒç·Å‚—t5Ú%ãí"¸ùÁ×U³Vtð`ÒF¾˜uŒ Jü*bÒ ™´[çðê§ÖU:ôO·¾µƒµVk{€çp—£´Õ/“¢.Ù˜Èàê@±Y¥w5ÕÆêCiµÊ»Nò»¼Õ8ú×Æâ ûoÎà×5Ž¥Ç(¶»é·ƒwïHU•äv¢ÃnDFl'¿N ¡èI|1Š>üý‰z¼…*iªàláØ©SåV—_p†IäÛ·ìî)ù3Aïy± @@ -3106,10 +3087,10 @@ x zd}Fí)1(aQV™žbÆw¬Á=í|»Ù2Ç6wŽ2"é¯Ð îÔjP²³}e>á*w9”êü^ûêÐãÑE© ¶ç&â•ŒÑXANhÛn ¤ôgˆsNþŒ;¹f f!ñœF*s„vrÙëþU ˜8JV&ÌÔþRŸãÙUq»XÒ±Sú“ßÃ,ºMñuæä+§ºKúüé×“0K¬u,>hJý<B©ÿÑ¨ƒˆñ¹ÚYæ “hßEsé~šÜÒì[Áw›Òî——¢ž…„¡ðË¸5%$_:ŽHÁè{c$Ã²˜!ÙûU»ë£Z<åþ)¿î½½I‡µoíö±OÒVh}¸ ¸“S¡Åà¢¨5ÐÈ7„Säk€îPmr¥êE¢OÉ\¢È3Pƒ0wø2 ¬èŸ[@ _j(M®¾Z#PlÕ]t}@Œ›“ÖYþEZL´´%?ÔðûAF.„Ê_EÖƒA¯¾,n¦t;ë;uP-»~KSŒ15ÈsSLo1j€D"ó‹bY _ZŽÓ4o¥@|o\å÷‘n¿^>|ó>iÙ5ú ¯låð*T¨ðe|»“Æ^E¹…LÉ–GN'éÿ „¼‡ÖwArjWmu@Ó†Ž¦CA`U¡t£f· Ý>Ðl™"Ž08€•Âk.Øbô¥FH¥d‰b‹Gâ%†î›P.`•*hQÎ0ÌR6úÑ]žíCÙÊ[—Á(:ŒXodx“†«<¢×„}t²<‹çÀf8°I`Jo[G°¿è÷€'ÂóñŽ “¦}Ýž‰qäÀÊêÃõünu9ûsÔQB@Å§‡÷œ”œþ¸@ þà,ÖÑ.¸[ô@úëº—!–Óyt…^âZLSbjoE·±›Ê¥tq/ŽÆ€àà‡þ¤‘[ úî„T·NÆ8e ºdh{¾‰íÃüØÓão•)! Èàb^‰ÏðÆæ!JÃ›¾vee¸H{rBøcÙ¢¸£št™ 9z/]ñœÌËÍi3ž|B±Ù>â«,ÃÜ…z0>r‚uÃö}Œ¢¸V -…±\pC¬ç}5q¬$^ggV!H7üÝÀØÍªì2çÂ ½åX4àýÁè‘w ¯?æ5Û<:CšÐA ˜ÆƒPðúÁ×Ût‚2I¦7<*ðdÃ^Öè%D%^¹µè¦«ÓþóæfN‹ÅUÖ³§»‡÷wôügžé>víˆ„”wŽû ãåä–ÛÜ_¬WË«b¹¸ÁIa×Õ’ûfuö×³Ÿç”endstream +…±\pC¬ç}5q¬$^ggV!H7üÝÀØÍªì2çÂ ½åX4àýÁè‘w ¯?æ5Û<:CšÐA ˜ÆƒPðúÁ×Ût‚2I¦7<*ðdÃ^Öè%D%^¹µè¦«ÓþóæfN‹ÅUÖ³§»‡÷wôügžé>víˆ„”wŽû ãåä–ÛÜ_¬WË«b¹¸ÁIa×Õ5öÍêì¯g?ïç’endstream endobj -1580 0 obj<>/XObject<>>>>>endobj -1581 0 obj<>stream +1586 0 obj<>/XObject<>>>>>endobj +1587 0 obj<>stream xXkoÛÆýî_1À½@À¢%Ù–ä¶¸€Ÿ€:qc¥i}Y‘+sc’«p—Vôïï™Y®,Ñ.R4@âcgæÌ™33úz0 >þh<¤“¥åA?éÓI”Œèt2Æç!þ×š–_i0N†áqþ0H&48;Çm¼u<ŒèÚÒï—³ƒãÛSh¶ÄÃ£É˜fáÔ~Ÿféáç\W¤*z¸»¤´0ºòdp2[*|X—kGÞRamEÆÓ¢¶*K•ópãk£w´´5^ O8]?ë:¡Y'MÇl¥qÀ»Ù—ƒ>õ'pu–ÖzUlèQãm'¿ØÅÜÈèY&S6 n”sk[gÔ8S=Ò:ÇœN¥NsUWÊËª\(RYipÉ×ÊÃ\¹ŽES9¯ŠBg M$·Î™E¡i~¸h<áÜ 9ß¬L6Ç§µ†¹,r àÙÛA¼Tå4UYO.WµÎh¡ýZëªc< âŽÈ$:á36„§I/—:õæYÄùôXÛfEíÃˆ>y#¡ã•ÒéâÀ(Æ×S³RžaÙIãnº‘gº´ÀàíÜ®I58®Â xŸ“êèkcjfàOÍXÖ¶$F%-,Ìn`ãÙÂzFø¼e‡KÚ(‡£ä”“ú)º T–¯©apcJÁ°R=iþR·ÍA7$sÍ„€‘H|£ iÀÂ±Ì®«$n-¯j-Q§ùÉ´{òv%Ï/µ×ª¦è¥å5ª©Ò<¤ µ“Úji`-È2ì 2ü‘{¡Üðù:g_kŸð¶ò!+ôÙTðÍÑù·ã»›¦N¤+]Ãt Ä~äûPŠ^ÌÁÁ¶…¼TŠ·þMïw @@ -3119,72 +3100,68 @@ k «Ú²º„L•††Ë0þ·„JÜ #•MšwŒ–,œÒNFÓâÄðüÏm¯¸ûô0CÎdÛªå œˆ13PtýÍêHö³¨ÿYÑ¾á×[\Û>Öº~ðÄBhy Ûø.Ïbt+¶Mï5ÜÚUÈ˜Ôs=>Oè×ßT¹*ô‘ˆTHý|¾ÄÌ1Ÿ'[7¦KÆ»·3i1Ö[`yèº‡!Äð©èr ý+üFßÇïÍ x#¹Ò´'‘ÝRa¨;|á*üêÃûÛé/Éý‡ßB®lˆËtÅPÇMåŒm„¡ßrÕax#Î¨“ãçñí9 0Ê,ÑOÏ¨wzt~”ŒÈÿÕ^oŸîôö¹Pe¾’æ¸;u÷†ËNr• £SL¢‡µí®½G¹îšªcvÏ•]ÿ(Ô¯ZœŒö× ŒÕL.,¨/Æ‡}8õ0›,V4Ù¿æïâÆÔêš~´6#X?1 Ù„þÂÚêrÛÜµJ].¸:y¦gà -‚caSîÄMç?ƒ7ƒíô²‘ï äs¤Ëƒ2mFiŠ‹.),Vô«kF¸Ýã°†¸üV³m'8=? -IÐÌ&“!~&£‰hÚÃÅÝåÝ×ö¦'üZ”6¬JBP~·7á§É õÆ}‘±ÕOÇ§Éx4 ätÂßÌ~?ø?Ú$endstream -endobj -1582 0 obj<>/XObject<<>>>>>>endobj -1583 0 obj<>stream -xmTakÛ0üž_q)¤ªí8‰3£iW¬¥£†}ÉÅ–c5±”Zr³üû½çØi #,GïÞÝ½“Þ!ú…˜G˜ÌUƒ@˜Æ¡˜ NæôÑS+ƒe:¸yˆ†HD‘ˆ‚³d*¦³iª¤ÙèþÒäð¥ÂýãRàÁÖ´ÐŽP¤³fíA«wUqÐNÁ[dÖzÓP.{‘ÕZ‚qÜæ*}¸Žf"¦n£'{ÀZf[.æí\£`‹3’6È$ÚÖP+‰Êæ´J˜”4:•5µöG|ãõPàgÑWvMÃ‰ˆ¸ii]KýÌ–Tv¸æùò¸6jR ½äÜÌâ]ît.½jû0Q£2¯!cÞå¼³Cþ\ô%·$ -™y¦ìálÕK¨dVjC+Óº`”?Øz‹Õˆ=î¥s´Î;JÃÕ¶Æ™@NËµmü‰Kë•\ô=ÍU,_Ø^ÆõºRL•hT÷¾Hä¶’$™´ùÚîvªàI}vÁîUÍ&Ð·Óî‹¦í€ú¡´Ž`È¢6µmöCìe-+åÉÑª¡i¬‰#_N)0ôWÏò69k}J{V«Ñ¡ÔYÉý®)JýTåŽ‚™QRÚþ£`ŒZoJÿ}uÕí#˜R†TÁNöyøœ¹µýËñmcL›>Ûö=×GäªÐF·981xæØP¥ÛÞ…9ŒDÎ6ë8ãh¸Ò6»rwGwætq¢È(²Œ§Hg§½ëÜìæ!éŽxÇ"I"„Ó©ˆ'íx¹}\Þâ¹¶¯”\ÜÛ¬©”ñ’É·®†3º1’ ®çÁ‚ÌLÌE(p×îv#~çë¦M¾ûŠ§.²¿ìÆÇ(ñ<sºSè2ÉGñ‚?ýH¿ÿO.}[endstream -endobj -1584 0 obj<>/XObject<<>>>>/Annots 738 0 R>>endobj -1585 0 obj<>stream -x•WÛnÛ8}÷WÐ—°Ûql§@QäÒìö¡i·6àÒ>Ðms#‘ŠHÅõßï’²%Y`4¨$r.gÎœ™ÍWˆi<™Ò<ó¡àMzr½¥“Mš‰b)èJ¤uI7¦JÓµÑ®2yŽÎ¼ŸÿÓéSo8‚…“púù1>ÀÎ“à¬w6B8²ýr»2”„9`ª -šã^pÑò{DáJ–¹’6°@8Gf…AÂchMíöžº„/$‹óoË\¤H†gŽÔRY™•Â e[¾‰³€S8ºªóœ|nðÜäšÐ%ÞzNƒô‚†~¨–/M&Àf0>¶¦— +IÐÌ&“!~&£‰hÚÃÅÝåÝ×ö¦'üZ”6¬JBP~·7á§É õÆ}‘±ÕOÇ§Éx4 ätÄßÌ~?ø?Æ$endstream +endobj +1588 0 obj<>/XObject<<>>>>>>endobj +1589 0 obj<>stream +xmTÑjã0|ÏWƒRÕvœÄ=8Ž¦½BáZzÔp/yQl9VK©%7—¿ï®c§%Á`9ÚÙ™Ù‘Þ!ú…˜G˜ÌUƒ@˜Æ¡˜ NæôÑS+ƒE:¸º†HD‘ˆ‚³d*¦³iª¤ÙèîÒäð¥ÂÝãBàÞÖ´ÐŽP¤³fíA«wU°×NÁ[dÖzÝP.{‘ÕJ‚qÜ æ"}¸Œf"¦n£'»ÇJf.æí\£`‹’6kÈO$ÚÖP+‰Êæ´J˜”4:•5µöüàõPà¡è+»¦áDDÜ´´®¥~bK*;\s„|y\€@HH5)Ð†^rnfñ.·:—^µ}˜¨Q™×Ö1orÞYŠ!Îú’[…Ì031¡ÀmwºÛx0Î×M›|÷O]dÛµ5ŽQây,æt§Ðe’â9ú•þ>O}Yendstream +endobj +1590 0 obj<>/XObject<<>>>>/Annots 738 0 R>>endobj +1591 0 obj<>stream +x•WÛnÛ8}÷WÐ—°Ûql§@QäÒìö¡— x$´DÛÜH¤"Rqý÷{†¤lGIX *‰œË™3g&Oõñ3 ÉÎÆ”~ÒÇ›ý¯ŸtgÓdDç“iÒ§‚†£ódŸršñy:O“!¦üˆ•¤•ÿ0¸'ã·>L0Òºp5ïœÞ^Ð°OóbO¦4Ï|(x“ž\oDédE“„f¢X +ºéc]Ò)„Òtm´«Lžã„3ïçÿtúÔŽ`á$œ~yŒ°³Á$8ëO’AB?*YÉ§ZYå$ý”"SznŒh0ˆ7†¤†WreðÎÔ”"¥k üB\n£,¥!ö.•¹VR!%Ù×ÜF8Wà!5l9±Ì%m•Û°Á•Z×ü“ˆI ÎB¤!7×$,eÒ¦•ZÊ,¸”¢¾öþü¾˜OÞJØ£3I†‰‡r]™Zg¿MsÁ"ñðOô%~*DºQ:fÅ‡9gHh»Ear³6à<ÕÒ:K«Ê´5Õ£uÂ)£-ßNs¡tf¶–¾Í£ã„©å3ì ªm0ËWÙ_,w3 =¼`dµLßj!û’*Ì(¡3 ühi£ñFÂh“ì_‹Bú¥°>²ýr»2”„9`ª +šã^pÑò{DáJ–¹’6°@8Gf…AÂchMíöžº„/$‰óoË\¤H†gŽÔRY™•Â e[¾‰³€S8ºªóœ|nðÜäšÐ%ÞzNƒô‚†~¨–/M&Àf0>¶¦— ´¨gúsOåË¯ž Ü²ch º !pn -·5ôXFàei˜2LŽwO l˜ráØºD+«BT»—[ùÿS½ -E³PALÐaœpfµR©‚†EYb4@éÃ¸ó ABÁSŽ!!.Úíåïê¡í¢Ó¼næ×QË5:9ìcÜ3äg&U'VkëúÃG€lbAÈ˜ÊW—8ï_íE>å{ (xÕm!b *PŠ -·Ñ^èÙôý:7K‘ÿêY(#ç[ÅË„ghÌ0z7Vºlõô¶OÍµ`eçùUÒÇ[ã¾5jSˆMù‘vrO‘ç'"¬û§·ÇßÏû‘“A<0›-å -]ÐýyÚ_a^Ð½–ÎüEvÃD¹5P†‰tðl0Øý¤Ç#VXâŠ24Q©›DâÐ‡ÀmŽEšýQV1Ù¸ˆ>&¹U,àèxK ‚n¶93)ê«ÝígÜúµÈÕŠ§Ñ+³¿é¤ÊEø*tZ\“>#€’o-/…y@,šçZ£g•\+/¬ÑtW_¾Í(Tž™ÙBË_}7HÄ|eñånè+Ã€ì%ÊQ‘A]0dƒ2æsŠbN…÷õkBðÍÑrXk…Ýf˜Ÿž1ˆå«AÛþï -ôn°Ê†1Ïm_IlÖ€Òò÷œ×Hc‹ãP%Â&ÌòƒêñD ˜¦ÜH™‰;…Þ…w•Ì!²ØY°T½Ø¥e\0¾ª´2Ö¬\ËûM"Å;“),&~sFÜÇÚ/:bmy}jxÁãeâÉÄÎNo§‡…ûbîëÿñ‡@Òi\°Øòh2J&ã)þÎ€<œ÷ùÕçyç¯Î¿Ð4endstream -endobj -1586 0 obj<>/XObject<<>>>>>>endobj -1587 0 obj<>stream +·5ôXFàui˜2LŽwO l˜ráØºD+«BT»×[ùßŸ Wîßû:0hÜÖ¿K÷'W|#Ô“Û»JJ¡À…°,V©)w7¿š²lß39~§ zŒ„^è5@;.*JÉ©zXÃw¦#JYÇ3ÍüÕÆÐRR†tZÉ¢ Ù!‚F=›bèö-ÍJr^ãzFç»WI‚á¯øµ;RA%¢&0ÅwœlK|¯ÕˆZš +p #êœ²tÆÀ98®ÏBå,3 ÝdZù:…Õ ¬ápfXi¬eÚ)K0Â;>ÉXÒ½.Í´ü¡Ï¥z±6–¼ØÅàÛdŸ)^…¢Y¨ &è0N8³Z©TÁÇÃ¢,1 ôaÜyÐ ¡à)ÇÖíöòw õÐÎvÑi^7óë¨åö1îò¿0“ª“¿«µuýá€£G@6± dLå«Kœ÷¯ö"Ÿò=P¼ê¶±(E…Ûh/ôlún›¥ÈzÊÈ¹ÇV±Å2áÙ3ŒÞ•î[=½íÓE3ƒGA-XÙy~•ô1ÄÖ¸ïcÍ€šÄbS~¤ÜSäå‰ëþÄéíñÄ÷ó~Æ£GädÌfK¹Â@t·Ažö!ÌºÓÒyƒd7L4‘[eØ1HÏƒÝOz>/XObject<<>>>>>>endobj +1593 0 obj<>stream xWËnÛH¼û+ØCÀ¢õ²$çø‘ >¬“…µðeDŽ$ÆäŒÂYÖ~ýVÍ2MÛ»À"0"i†ý¨®®nþ:Hÿ2Êh"iyÔOúr:ë'CÏ¦ø<Ä_¥eÆg§ÉøµƒáÙøåó£“/g2Ë| '“>dý¾ÌÓ÷Ód”ùjw’YíDÉ[Ý;¯|n,s“IîÎJ•Iñ•- ]}ú0ÿ Ãc¢áÞp ÃïÏåf.»– <å×º1p{þûÅ9~P^vÊÀ°’Â¦ªÓ•x+-j‹ŒÏSåu&kåø{ˆäÉ½÷¥7!ax}ŠK–¶’à%‘ksòëÜÉb/¹YÁãö×ßnÅ¨RË¯®öá)Z_Uv»‰ÁÈoƒ”v:î”sÛ`…<´J×b—!ËŸsƒ“ÜËJ#½…JïeYÙ2ÓWÎSæýRQ;Uÿ»Ð(ìÊšŽçJÃ†ó.‘¹c½Ø6âtºr¿—µ-`~aý:øk×Æ™¡Ó…N ìÝûù·«oCéÏ®.%][§ÍÝ‡ŽßW‚mUI"0Q%r¾ô,%KL›í`9‹žXîwNÒJg,µ*âa™X“ŽoF¾ä°”Ý} h÷EDÇ¢Ü=L¨Í¦²ªHh«ÍÿÞh€æeHüa"?@5Öƒ&¿#£Qö»y[? = 9ŒˆÒµ2+-Ì õ6ñµæ/xY£MU» %<Ð¾ù@7÷6zu¾ÁÞš®Âvˆà¿¦¤°=þbª¥r¬Rj7ûÚ5“avêÇ6S)h]§p©VnýVÅþYç6ó^ƒGƒ0!O•nP™z£qS™q"—èƒ[U.TP¹@¡1¯¢]dˆlÀÍ›yÅ°mÎ×j˜LXú9úUt”¸a2 $Të½—Þïol@£=¾¤ÜL^m‡†Üfu¿F³dv6’É$¬Áam”ï•ý sØ¯R¼Ø`É£eÆÕLðþ9IoÚ?kÖæÿý¾8žŽ“éd†e¸Ÿèàóüè£®‘¾Òendstream +Z”¶Øæá1Ì¸çí gÈh8-ÑÆnWë—ï8«o‡ÀTšbœ„÷’ðÚp("ßPXÌ ÿÌr ßVÍ®ñœ2§ÃdÆmàMÊLÂ²@¾D9,2mÄ3HÐAÊE]î'Jý{y;É> $Të½—Þïol@£=¾¤ÜL^m‡†Üfu¿F³dv6’É$¬Áam”ï•ý sØ¯R¼Ø`É£eÆÕLðþ9IoÚ?kÖæÿý¾8žŽ“éd†e¸Ïèàóüè£®Ö¾Ùendstream endobj -1588 0 obj<>/XObject<<>>>>>>endobj -1589 0 obj<>stream +1594 0 obj<>/XObject<<>>>>>>endobj +1595 0 obj<>stream x•V]oã6|÷¯X Éb¥8¶óp(ò‰hÓ´6PMQPeñN"’Šëûõ7KINâó(‚ Nø±³³3Ã<bšà+¦yB§3ÊêÑ$šÐYGš.æøœàÛJ*ÂÂé,Æ¯’ù,Jö.W£·SŠcZ|ûl1§UN¨0™Ð*;¾Ð[ÒÒWfm4¹R L)yC©DÍ¦R™ð2§Âšš|)éáúŠWùãåõUD«R9Ê„æý¹Ñ’j¡[QUÛw«O£ ãS€ZåÇ›Rjù,-¡”B©ÌªÆ;â‚Y)ôZæ'd,)ÿæ2ÑzS¸u×…-m”/W§pn“ïUs[•Öhõ‡ŽxùÃmÖó0žG‹˜’Y4edÉlNÝ†¨q²ˆâsŸ%˜¶Ü*ÍN†¶_qT˜Vç”ÙûÙùPÒ »œô^éuWnBç<°”L;,|ÁÚš¶¡äDŠ¡¯I$`¯Îƒ†¤Íá až¶Ò½m‹Í¸'\ÃÿZW&Õßc'3¦ŠL10eFÃï/Ã®Åg …t £1+×* â¿jQKZ^üryñCœ ðƒûãî~ 2,ÑiC5i%kb îßEØ"è^úË»_—ÔÑŠùRx^¬¥Ð*Ù+”Ü„’1„Ú@u8„fƒ`³RiÉ0$5Â>“{ô-×GT›½j^.·k¯nÏAJ›Re%·$¨Õê©•»&| ·2pŸÁÜøƒUµ°[ºî~e´·¦ªÀV7ÎsŠ!Þ Ó¸ÓÎ<:‹âˆ~2‘î^Ü.Ü9… UÉ»[½³(8ŽïÿVÅÂA¦ÙIí”WÏ ìÎ¿²B°ÿÎç«C”pC #˜½¹=¼Ê†¨`K-(8r˜üllÞÇ÷z}Û ˜ï``½Î¨å¾"†`ƒCŽ)¼Ô\]KŒÜaì!8.:î!‚i<<ŠF*¶ª—ÿú—žäS«žE%µw'œuuë¤Îì¶áÌ5—ÌÝFÙo8c±¦§7‚ƒ‘ƒ…/`v=ÂÓßIoîGA|(ÓzU)7szFÝNã=Yóvçz={+´kŒõQø›òNVÅá=&”Y&Oï9-Þ÷7‡£EŸæ¦õ,Ø±ÃLXŒÎo¹‡@ìýo7$]ÁäwìÏïB¼{;~¾¾xøž˜Y§ê¦’P—ÛNþy³ŒhÉ‰ÌÍÓª\4”™{Û† p”*ôèwpq¥>èN‚Z7 - Dåö5YÀÞ°®• Äb=l¶’/ 4Uûª`é„ÇTK™‡r(£jmrUð“Ífòp*^¤ÂÁÇ÷ÆÖg„;ê!Ð†tB®ç,àe‰š,k-žØâñ]Oü¢QãþOYœÒ4 }H>d˜ù„G–µ5ÄPñ(ÇÃöñ|‚0?þßÑ5O£ùl§§Ï¾ôf5úmôÛíòKendstream + Dåö5YÀÞ°®• Äb=l¶’/ 4Uûª`é„ÇTK™‡r(£jmrUð“Ífòp*^¤ÂÁÇ÷ÆÖg„;ê!Ð†tB®ç,àe‰š,k-žØâñ]Oü¢QãþOYœÒ4 }H>d˜ù„G–µ5ÄPñ(ÇÃöñ|‚0?þßÑ5O£ùl§§Ï&|éÍjôÛè+ÛÙòIendstream endobj -1590 0 obj<>/XObject<<>>>>>>endobj -1591 0 obj<>stream +1596 0 obj<>/XObject<<>>>>>>endobj +1597 0 obj<>stream x•VÛn7|÷Wø¥Jà¬u³$(PÇV ‰ÝÚ £îµKií’’kU(úïC®,ëµ-Á—ç2gfÈï'jã·CÃ.õ”–'í¤MƒÞ%Þû£!Þ»xYI³°Ðï\^¸%ƒCzƒýï?LNÎ½¤n›&3äG4ÉyÛø&m]ç¢òÒÒ(¡QN G‚®n(3¥PšJYN¥}3ù†0}êtb˜wÝQÒE Ö$WŽð'ÈšzžÓ¼V™$oÈIï•žS]5{èe©|NiÑ`Oís©½J…WF“˜#Ÿóõ‡Ò™Yº.×øéæ:‰Ù/©3l²÷úIŸ³’ê–IV¦¶ì4¶\9MR£gûÕö?ššÊ9k'Ix*¤ÀTE3SfÉ ôÈT\ÚÔ´Žø>†lÓå¦"ÂøDQÒÏôx÷õ>ù4¾ÿ0¾¿{HîÇWŸ¿ð¦6½ë´B‹RZ[åWxï-KÚUå©Î-Íž[I·ßNhæ£¦T æ˜ ý“§™š×à“©}H †“ö¯w`‹%kQÊ³€ˆ9.š·h³q;{«AàÄÐ{Í‘N/rd ÚÎÎ#n²qÇ˜l²&M«ßL»/óÌ½ÕÆ¿%-e2!{À/:#Sd@ -èçÀÊ¢ )°á#ïÄÀgtújDQ§gœœÇØ´' Ÿî+OKÃ¨£¡W”[†t‚¹ä¸VF.ž%&ƒm¡ZæÓ.¦Hè#É¿+™2AK^Só¦ò*³•ßkeQëš¡¡“4zhj ÑRÒ\ztèYé"õ -dØ˜zcWHíåÜ SZ÷˜ÒÎ¥OÏvzq\o4R*JôÎÂdvFñÏŒ¥—ý0”’ãÏ@V÷×z/Z¢CŠ}þ9ð$ág‘¥GÈµ%S¢@¸‰„_ ÅvhºÂYX‚NèÔÓ×‡ñýíÕ—ñ/ÁN!Jµ99Öf˜p±–yðÓ4•0æl]|Ã5„g2À ·Ì1 ZâíÝdüžè¨ê`o w]UÒ²?„¿ÚðVŠÂ™h„RoGÑÎˆÓ€»ÜÜ>€¼fË¿¸˜¿Á2+#3‹`°iÓ‚ž…'ØYvix“c¸ ZŠÊ±JBÝç(‹ò9‘–~ªpnp8NÅß!=µ”LÂ§Ü8VÃA£M£§ÜÂ{‘æ2{zC`FÄMBÅÒjñY«ƒã‘µ5Cøî¢9AM8Dób)0-C ¤¬~–¡çÓªyÑ‡NØÄõ;lð%€¨˜$Üåaˆ|§3…Ý¯Q‚‘„‰ö¥ôˆ¬ƒ)ÛàE6“´ÖØÓh\8„V¾Ú¡ ƒ½#œ.F:´·¶mP½ªŒ >CŽÎË‘b<·P9oE€Éœ—]À—pþ¿Ç€ñ°µïinÍ¥.9õ^^ö$Ò°œëS\1²cv×Kè]úH½Ô”UÝ35µöŒûö}¨¹Q\ñUˆmÍÁ¹sœ"Kœð’ ¾R9ÇF7ñ¾UYõÌY6~üÔª] W¸R’ÚZ7v¸91åp&óDb1£ÍÁÛF/ø—»þ°Ÿ#Üq1¹èqÈñää÷“ÿºJendstream -endobj -1592 0 obj<>/XObject<<>>>>>>endobj -1593 0 obj<>stream -xuTïÒ@ýÎ_1ñ‹œ±+¥¥pŸÌÝq&~8=scBB–í”®´»uˆü÷În‹¨BaçÍ¼yof¿R˜Ð;…ù²D;š° é5[@¾˜Óó”>¡Š³,eù¿òYÁ¦ÿ:Èf9+.nW£7ï®!ÍaUQõbA%PåÉVb¼`KX˜•E#Q9pæØƒfƒDcPèÀ[„W°¦WŸž¾k"xžÌà«ö`kí›2ˆØèÝ.ÊéjøÝkø¥½ègR(ÄRª8 {¥D°ãÖ´)¼¯H>/XObject<<>>>>/Annots 749 0 R>>endobj -1595 0 obj<>stream +dØ˜zcWHíåÜ SZ÷˜ÒÎ¥OÏvzq\o4R*JôÎÂdvFñÏŒ¥—ý0”’ãÏ@V÷×z/Z¢CŠ}þ9ð$ág‘¥GÈµ%S¢@¸‰„_ ÅvhºÂYX‚NèÔÓ×‡ñýíÕ—ñ/ÁN!Jµ99Öf˜p±–yðÓ4•0æl]|Ã5„g2À ·Ì1 ZâíÝdüžè¨ê`o w]UÒ²?„¿ÚðVŠÂ™h„RoGÑÎˆÓ€»ÜÜ>€¼fË¿¸˜¿Á2+#3‹`°iÓ‚ž…'ØYvix“c¸ ZŠÊ±JBÝç(‹ò9‘–~ªpnp8NÅß!=µ”LÂ§Ü8VÃA£M£§ÜÂ{‘æ2{zC`FÄMBÅÒjñY«ƒã‘µ5Cøî¢9AM8Dób)0-C ¤¬~–¡çÓªyÑ‡NØÄõ;lð%€¨˜$Üåaˆ|§3…Ý¯Q‚‘„‰ö¥ôˆ¬ƒ)ÛàE6“´ÖØÓh\8„V¾Ú¡ ƒ½#œ.F:´·¶mP½ªŒ >CŽÎË‘b<·P9oE€Éœ—]À—pþ¿Ç€ñ°µïinÍ¥.9õ^^ö$Ò°œëS\1²cv×Kè]úH½Ô”UÝ35µöŒûö}¨¹Q\ñUˆmÍÁ¹sœ"Kœð’ ¾R9ÇF7ñ¾UYõÌY6~üÔª] W¸R’ÚZ7v¸91åp&óDb1£ÍÁÛF/ø—»þ°Ÿ#Üq1¹èpÈñää÷“ÿ¦Jendstream +endobj +1598 0 obj<>/XObject<<>>>>>>endobj +1599 0 obj<>stream +xuT]oÚ@|çW¬úRZÕWŒ!OQZ©iS…ªª„„Žó_°ïÜû(Í¿ïÞÙ4¦ „ávvggvïç(… ½S˜O!+@´£ ›@‘^°ä‹9=Oécªx0ËR–¿tÏ +6}é ›å¬8?¸^Þ¼€4‡UEÕ‹=”@•'X‰ñ‚e,ep§•ÛÑÆ¾Y=ª€4íQÉtN¨ñ««å=XßuÚ8PÚÐm',AªW=&0Ô`’fÄ“`÷¼Ýrh½u°EjPhUÉ7„[ ¶úR¦ð\Ô¸~\•1pH¿·|OA r¼i¨žuô"+‡\¡~2yªºG³E£-4rkcÂy‰†žIã!–¬çM +Q‹$x–“òD|Ár+$ÞÚ°h~Q-‹Îw§ÝRÙéœ´'Ì"ß¥*õÁÂ4¨,‰Ê3=h6H4…¼Exkzõéé»&‚§ùÇ~h¶Ö¾)ƒˆÞí¢ìp®†¿½†_Ú»€~&…B,¥ÚÓ°Wú@;níA›’Á§ŠÄ“*.tT`¼:gºo$©à¤Ø£¦ãè4q[Ê2(;ê‡QPéhË Ú%,5ZçÔjNæ“©¨„î9>vº‚å‡ûäæú&¹]Îà²§sôˆ:{rhÖ;Ú‹RØvÛ~ªà©CÑÎ~,SÉ é*UxˆFû†êæ_”·¡îß’qÊŽ^ÄÁzfÂ72úY¤%ç=oÞÁÖ;° +Yƒ!ÙƒîœÔ‘†¨µ&Ü1'p"xˆ8›Ý] +ŸµÃ3³žÉ*î¤¨¹Ú‘ e+¹l¸£^Üm™¯• ¸mË›ãþ¼Z ƒÜa$oä®v§fF¡nÑ/Õaº‡’fA½¦¾Û³›c¯lãË.*ºiJÞ±• e¤+îgaù™®¤°‘nù#F%ÇÍ8Û`£¤:.öv¨Å°‰iA·ï"ƒ,Ïú%¾¿º½¾‚;£P8š\á[R=jÒ&G@2Ÿ\ôÅÿnÑ|ž³y± ›—î†Ù4 ?¬F_G¼óÔÑendstream +endobj +1600 0 obj<>/XObject<<>>>>/Annots 749 0 R>>endobj +1601 0 obj<>stream xWaoÛ6ýî_qÀ0ÀÕ²åØ°iÓÐt«½Ã²´DÛl%Ñ%©¸þ÷{GR±¢¤X ’ÐäßÝ½{Ç|¤4ÂWJ³1M.(¯£d„O~¼ÿy¦‹dNÓÉ<É¨¢t1Æï°*i9Xd¼LÇÉˆ7'ÓdW¼Ù]c7ËØ‘?Ë»³4™R6]$c6O“E\yÓÎ:8Îº»S@¤Éœbw¾HÒ¸ò¶uEcm8ëwÓŒm³Qˆç"c[¿ò»5¦ÕY½˜ÍiUødâ“|øz'öNZ$´ÕZ°$èv•‘6ôAÕãOTèJ¨úÅêã`DçãæÃJVkiø#öÎ‚ïóI†«±ÈúE«ZÕ[5ÜÑ•wBåvñ¢I2 2JÓè`¾fD #éã áC°·+>@ÓIˆ%DO¹(KYôÝ_½{Ûs~F‡Êw€Íyüõêõ7…'î9óHÝAÓZäŸš}¬åºvF±=°>)Ý”Øg¿ºzýlJÂå©"œ÷!%ñÊñ¨ŠR]+c]y<óÅªëHÊñÊôï¶Õ:öÍÝpz÷¢ïw£JIN““%(ï©7v§›² Z¨±²M€•yc”;ö±€ÌõVÒÝåEq÷ÂÃ7‰– P°¦ŸúJUKR5¹¤¿¶¥^‹òo>î”®™\>¨6 k¤(~^¦ÇÔœ.êôÐËë.ßãÉ[ùÅQÐãò>âƒ6Ÿ¶Fƒÿ ò¿"ì8¦'\ænø@f·S–ðÍ¹i›ÿŽýq@“žZª_˜?ÑÈž¢´:´4Ûî…AÛB~úË:7Ç½Ãk±ð9ˆjÂz±'|ýÀ#ƒ04‰j§rá˜yì«Ó÷Œº…¦ìsjˆŠ®UºP›#è&ú´´ªõ?×ï‰{®"‹NhÞ4þî5q§°«D[qå|=Œª„9zÙùªäÄæ<(ô©pNV¨²É¢$rÇíÞËp/½¾ íÌñ¾.îø‘*Šž. ¢Fïg¡œT‰#Dí! ñ àÉZ*ˆQkÐ»Ù=w/é¶¨u‡ Üí¥Æž¨4X;NªÛgÄe ×Â©{É¼P^),¨EÉ† Èdu¨`ÒW¬6|µŠPãŒìÈ;[²î¼½Ãê‹\øÆàVõZóµ¤¯+ÔSþüüŒFØ+ºu§P¿,õÁF*Dòêà8$Ëã¸’,iÊVøH8î¦BK›PÇI<Ðkƒ|çÂºþDC×"Ó8ðMñÃà¬!afŸûW/ÛÎ=ÿ=X¬ÛyuY€( ²N›ïÛŠ=.ÓyðÛÕëÇ‚Ü …/ -Ô‰µ‚•Ñ(¦ðnÈÔ5JY¡ KQ?~Ò0vÑ+y.-k(£èift²¼|ûP,#Ò”‰«ÿd¾}KˆÃvø”z‹ÒøÄ¹6!ÏõHÍHuu8=Ê8¶Z2~Vº½Q÷xxàÑ±žÇˆý€à£!œ„nX‰¾mãÃß4¥W /^Vú z¹¨ø–Œ™Ÿ^“þé¾ùõ^j_ÜÙ,Kfó@¢é”Kðf5ømðH±ë>endstream +Ô‰µ‚•Ñ(¦ðnÈÔ5JY¡ KQ?~Ò0vÑ+y.-k(£èift²¼|ûP,#Ò”‰«ÿd¾}KˆÃvø”z‹ÒøÄ¹6!ÏõHÍHuu8=Ê8¶Z2~Vº½Q÷xxàÑ±žÇˆý€à£!œ„nX‰¾mãÃß4¥W /^Vú z¹¨ø–Œ™Ÿ^“þé¾ùõ^j_ÜÙ,Kfó@¢é„Kðf5ømðHë>/XObject<>>>/Annots 760 0 R>>endobj -1597 0 obj<>stream +1602 0 obj<>/XObject<>>>/Annots 760 0 R>>endobj +1603 0 obj<>stream xWÛrÛ6}×WlŸìÌØÔýÖ™NÇ‰ãŽ;qêØJÝÎø"! (hYýúžH‰¦“>t2‘ Ø=»{öÂo>õð¯OÓ '”^ÒÃ›ÃÏÝoþh’Li2ž'*¨?V9ÝóyMÆü;›âw€ÿVÒª3è òoAƒQ×âŠ¯5×¼;oí×ØÎ“aã.–}zÉˆñ„¿qÅ‚›kìŽ¦É¸:Ë»ß€x‚ÍüÐOfÝ3¶¼{ÝÓ¥¡Oáx8c6ª Q¿‡ý°` éˆï sìã™wŽ«‚æ@<ìW@4Á˜ÃVc‰½ {ð°÷vÑé^!8}Z¬y2›Ò"±éÑ"=ýÝ(-3ÊL!”¦Ë?n’7‹/¸1ªnœ’±_ÕBê;'÷ïïþìŸ7ˆ•È:¹ùûîýÅ‡›“—"zt>˜ÀÍ‹ì*ö¦´ä¥-”9í”ÎÌ.¡{)Éo$iéOgo¨š¶b @a@†Lz¡rð5D.6ÊÑÖšT:G_`‚œ´OŠ¯*ëvÊoLéi#ž”^ó^ à>j.Dº+ÈÛÒyijJíÉè íöòÛµ}f",YJ“¡³ïJM2ZÉx¬)×› ©VS+Ø çvÆf”BÌ…%Þ¤&?ãÓšvVù ]³£ÇS©¦x|Ó‚óC±ì>Ï.ºÅRPå¥a¼ •Ê%!&ìy' @@ -3192,242 +3169,165 @@ x +W%{Ä`#Ày°»Š<›Ò&ÑgG¾?tç…õ1mb3!š~Éh]„“æJjk²FKÇD¯è_#ÿ)zvŽ*kÂ9ªIHÏy2Hèaƒè³Gð³”©ŠgfAmø/‹~}¡)ª;’ã]i-€0þ–næUe2CŸxZY¤>üˆS¼NÍ@ú¬ÕsˆW°ÍÊ-Ü¶Vx8¨p÷!C’Ç …zP O!E(±_Õùf»Ò¡>>aöÒÔÓJg¦‰¡iÙÙBMŽÉ2õLK™U¡)Zv²[2Þ´pÈ*cƒS˜<‘€•mÊµt£îÉ©Bå¢®‡dòÆÖ¨*B&C·£|†: 7ŽÙÎÔ…ïU¥Q”ˆ‹ö*^¡€Zù‹ÙA¡à;ú¸8Ö"c¬?;QåH}l>æþsXÍªK-…U;…ns)œ„ö38ô´äÞ/¹6*ß"VdgÈæ¶ôèŠlFL]§Öš>¼þ‹J…È…ôãoZpj¸°ñ2öÕŠ•Üà´«b•²Ç‘fâ -(„6ã¢c¶ó{‰rŸn@3£¹zÂ£òÞYKém§òœKqažjöD'ä8ctÛQx_dOB{î·ðTär¬~GB„šPAhE˜QC¿s‡¹0¨x¡Ï´P7áÐÝí»ÐµÌ¹PÈg‘¢ˆ¼¤j×ö"'3CÊ¿ÈïšÞ<´“B‡l\µå à`AÕÿÌ'ÜFmÝ±Hì`š³JdrŠY „"ËbÖ´lŽe€¥†Œ@)ÃH”¢ùF®0¯0¡Ä©¤áN¥Ê™x ÕRp{xqƒJ ®né¬ÇJŽµYp+ÎX¤<&%–Ð½æÀW•!¨ô)·¨4Ñë±Gñøt˜96h~0ø«”[¼LÖ5Ø(³Å ´ºQHÐÇ¢ãBÚBVnðŠe2!*}¹pb‘çd–§Z./ }µÏ8«€äF¥Ö8³ò-å‡à†LOrc ¶h¤›Y52÷¨þÛ1 --ÿÑÆìØ‡¡A|—9uç¯tUN#D³ûE‚‹ZÃ;ÈZø³±@l˜oG—F†qiŠ³mxÌlÙa-gct%fL h©<^0çŽûJ¾šÔ/@ìU=× ³ùnÇÃ'fªð/Ò»¸šÚEPÙhâ¸²å! y ½yGCå¹„9Ñ,´ÆØÞÆ›q[Õ-¬Ù%\ÉSqãìýõe”—+t9³j¹<ŠEÿ(}‰¯×œg$}Rq0H½>>•¦Él>1nXQ4 LÏ•yhfÒ2´‡`¬”…Öm¹„v|éÔ}K8t-þáošJ—ÏÆb2À[á;•b<¾ÄçF&¸æãõ}Àƒ‡¼îÕ¬ªýÑ(™Í4™L’ÁpÈóÞýÅÍÛºµæRR"¼P@YÓyø$ é|Ú›óùÿ1gŽ¦£d:™á÷Çû~ÑùÔùèŸ=-endstream -endobj -1598 0 obj<>/XObject<<>>>>>>endobj -1599 0 obj<>stream -x+ä2T0BCs#c3…ä\.§.}7K#…4 Œ™¹…BHŠ‚žP$YÃÓÓSOÁ1¥,1/95EÁ9?/-3½´(±$3?O3$¨ÕBÁÐ¢U¢—s=s3 ]!)¦æ S\C¸¹o)endstream -endobj -1600 0 obj<>/XObject<<>>>>/Annots 805 0 R>>endobj -1601 0 obj<>stream -xXMsÛÈ½ëWÌ!‡ÍÁ4¾IžR^{½ëªØ«¬™ÈU© ’“€–õïóº@?RJvËUr=¾éïžžüç*þÅa™„´ÛÃU´ˆðËüç·Ÿ¯ât± -ùºXDá²%þ3°Ÿ¯Â*_$Äå+YºJ =q -DÎ–Ž\¯ù¸RHÆ‡gëEÊ,a°ÅZ¼›ÇQ"Nà×Vã,[Ä#RÍ„Á.s¬²µÊ>„$ŽKbƒMsñYíˆ¬›‹LÌF‘ŠT1a°éJœ"V]ÎR8..ç®"sÙ1Ø"ÍÎ†SI!9kÉHQN×¬ˆ4Ol‰]g ‹æ‘kšãB‹§ÙbrEª™0|Î3)‰³„Á®4Î†Ý\²B²f7JÇòjnQDk8Kv×¢#w–°ÄI[9«v³udõÕr»3«5!–04£Ùãà,c°È\A¬µs¶\Ro"»»’-J,a±»„ïÄZDEf½‘Ê6ÊY#W°Yg ‹æÞ9Ël.›ŒXÂ`—Ò9Ä>„4]¢Ûe#‰Ù1W¹T>[Q®&Öjâ,aÈêPÉœµ\Á*Òu™"Ò<±È:âuV¦g–dÚ8™ìt"IðÖ²Ä9‚p(ÎÄ¤jQ“„Á¦©$ÂYÂ`—ê³„Á®e>“,a”Ûž53[$ç,a°Ö~³]Yk'£t°ª@â!(Á²Cf’1Ø\;ÓYÂ`1=ag Ã%LF„3³ŒÁ.£3»Œ-Ö,áM½ˆaÍŒÁf2Ý.c°8v&M’MTº–Óç¦Ì{ÂDÇHéœ#(IÌÏHÆ`ÓMê¢ŒÁj"ˆ%,)N±e‰%^ÄÌFÑ ì2c°y‚˜]³%b%"V:&U0wŒAÅáÌ$c°hKÜnfÖÔ.cÝÌ¦V«¹QÍL2†Z¶ˆÔYÂbt-F%ly@YÕ“Â3½>$ n†Ä©˜04/U³®UÖd1îìú°”<)R7´ Ãn$sÄYKšAï‘œ©"SìXÂÕns–0X\‡ ØYÂâ²F,a8…q…pgYs -Ç¤ŽñHnr©"sÊ±˜Å¬³„Á"vdÙYÂ`WkqÊYÂR!íã™eÊvƒÅñˆ€\–0¶;®Xì•…É) §,\EîÄZxÎžÃuÖÂd-Ï¬]˜c<‹ôÔAnWhsAæ•c«dE-',>k6œ%»hŸŒd‹Ï²±\3c°è -Däš-“mZÀTª!s>}v¯ %v½”<;KX|Öˆf–1XÌpxå,a°È0âu–0X^TßYÂØî°{æ•Å‹g¡ö¤>¬å¹ñêê‰Õ‡5±„/®ÂÈ³Ë–xåwV7u¬³Uòk@:ƒ Ôâ] A]©mCXJ ƒžX'_RãP¬He C§4;KXÂ‘ @¬jÖWHÝ -T¯CpÕ…½¶”s(Y:Ë§×™³Íƒû¸ö!z8—»úØ†aOŸ–Î9·Ž„sCa7ÿX•(°Üˆ‰‰Ã“!2`1Ì~âŽW8§…D#ØeJ¿âP15—ÙEX¶˜¼Q¦™¤ê¡£ÃW€Ê9D@ qá -¶Éý¸¹zý8 -›;|t,–«°Ùé·Fü²ýáC3tíî´ê¶ùóæßX‹Î‰mí+íŒÍî‡Ïåá¶eúê[Õ•ûpW•Ã©«ú0<”CxjOáPß?á±l†Ðv#jÚñ—¡ §¾Z„ÍC¶åq¨º>Ô ¤ë>ËnU¹}ÛÚÅ‹(¼ÒÓ¶Û¦ -ý±ÚÖwõv2»0O±±fOåLÂêMy»¯B{Þ¶ÍP5Co+±õ§•“^4]øüÔÕ!\·ûz[WºßcgÓX/ÂeË¼ô)|hîZÑül5Ö¿í›º¹?wíé®;ÑþÞ×{³ðêB(Y„ßÚò X{7-{¶ -ªoêf×>öáÓFâ»«ïOLYá(eð/_¾þòûËS]Ž•e³;ÄDvfbt>|®†Óñ¢ˆêQîË¡ý¦í¾öƒº0Y_(Xà5.ß¡¼{Þ"ª}‰r>”§1ÜVÃcU5áfýýõÇJCû´ÉTÓë/×áÑ]ÐÚ_¦pÅöCö’‹k_ÿ"h•U¯ðaß»…ûû§_ÂuÕê¾G½ÂõÐO™ž*úf»ú^-þZ÷Ö½gKGþ£®%N)vSs/@Mg=6œü<`Ç!Û}µ=uõðvu¹oïŸ…‹!º¿´;õÔéC—‚Ëe°)Ð#ÉÕe*ð t·T´}l°Çjí„WœÙx¾™B°µÜêªíÐvOB+Ñã~°ÐDÙ|!|û^„w³NÏ¼®=ß˜ð‹ð±ÝÕwO’°ßõè"4)f(†¢ŽÐðXštôv³+»Ý˜¶L…*Êþ«¼òPÉ|žG´ñQ§^–ÃÐÕ·'U{<Âyí½³Œ! 6†¥®¿üz³ùõÒ,Š7ÍIÁõ›áC|‡4»3a‹Šá¿BMy_íByB5C½ÇÐ™uÜå±+õð^…Þç–µPnçÍ3Ü;©ô™¸7¹kó'I¸]l1Ÿ§Ýv± #ùóéxl»A9ªmuy²am¨3£/èÀÇÿÿ<ŠÕ?ýë2dQ… 1&Õ¥w]‰ÖkÂúŽŒkDô…þYd`{r_v÷UhN‡Ûª“cOmþA$âÍn'ê?aƒkNÄð·ºÔ†¥ÃåÍõÍK^cŸP1ÍEžÍ©ó]…O^vÜ8¨O}Ø´í¾¯^Ê½¶É\$p˜ÖÿE<8Ûk¢‰›Ï×1‚`×åö+šòÙž±K_úY‰$É%åCƒý»ß[{½Ý×hrõç¢k°ú]]Þ7m_«Ýg4âÿ·•Mªêöt¯S|¬êØâ"sP¥¯ßãÊ×=WðiB¯:—z3<ÿ–Å -w<Üƒò•¸ûÓæêoWÿ+Üendstream -endobj -1602 0 obj<>/XObject<<>>>>/Annots 857 0 R>>endobj -1603 0 obj<>stream -xYÛnãF}÷WôcXÓ¼KzZxÆ;‰cÏ¬¥÷•’h‰‰D*¼ØÉßï9Õ$»( ÙE€AŽO×½ºº›úý&0>þÌ,4Qj6Çßóñ—ñŸ—Ÿo?ôB“ÎSÏ7G„óÌòFc°iâÍûµÂ*v¶ðRÍ*V,X;"«ðÑ„AûŠµ^ÍBØƒl”P³ ‘Ul¼ð"Í*L»g¬Â°ëÏ'š5…ÞLiÖl:›Úµ>'Ìì†¾·0© ›I‡ésìšUl2›Ê*ÌˆæôÊi¶vãÔ‹]AÊîÀZ;ŽUšQ1øìX…Y#ŸvkíF:²aÌL -²v¦æˆñ:VaVaFÍŽµš‘AéÉxŽÈRA¢YafcÆžt¬•õSÛ9aÂ~d½r˜^ÅÔìØBÉ"’"3~(©àÑÌ#ÈÙ…äd"‚‰`2'œû¶:ès˜DIK¢‘˜BÔ52‰ÑÊháÑ,˜Ç)H‹â÷(¨1Xl‡@‰jÛ9Y…YòráXënÂÌÍŒ^'è®‚P‹Š&ŠÔ,ö/"E5›.&ŠÑØ—‚Ú p9ê¹ `å’‘Ôj¶“b:YëD¯9”Q²ÒdIÈì0qXÒ,ƒÒ9Va¶>Ç¯cm°ûRŠP/Š>@¨ÅŸ!8’ƒEpH…c›ØçŠUìÂguœ¬Âl‰tÂj6Š'š5‹™…V5Û`ýÀ¬Ï‘˜’,*Ì€6”c¶.# ÇÂåÓe¦Ó±ÓeIÆ(«1XŒˆA½—ct¡=-9e,—C‡áT4G@ŠUlÊX…ÏCÅ*Ì€Ò3Ítžò°ÄvOz@ŸÄ„áL¶É)“˜"pH´Ø`¦»éDÆ`ç<(•¬Âp=Ž`FÍ3ÿŠU,Ž¾‰¬Â`SÖVÝÌm)Û%Àx,'g–9r$Æ’ÌaÎ·X@Ÿ¥2KSRcf)A·8Q{¹ŠCÆ›#2I†Q8Yë\Âý„E³ûcâ’ƒt‰ñ:Rcª ™ÞQÔº¡ŸdtÅ<=-—†,¶D³ -³p,º“Õ˜…ã-Å±½]4†ÜR¬AÊîÀÎ¸¿"Ç*ÍhTx5²ƒMC”À±½]çˆÍ¯‰]…ÁÊ}V± -ƒE³A³“•Ñ%ýÍ·lA¢Yax…ƒyYm®bÅö>ÇýíS¬ Ñ¬0¼ŠYIÅ*‡M Y…ûHÉ*¯pø¡ -Î®7ìï·¨>dÙL:L»‘•ÍalIñ1+HD†¨-‰c¦Ë¼@YM"kòûKh*.rlˆÓ@öÊ™`f)vÖ_#žÓ¡ af@>©X…ÁÊ£Â±n˜Ú‹d€{ó}IDÅ–D{Ø\)ÈZEx!Lsaæú= §`µÉÉtÐ!T´ˆR…á,:X«Õ˜ æQ² -£'äp¬Ef"\byCâ’ƒP¥É‘ƒÅ8€Ã£¨Æ`Ö\± -ƒÅp€ÃNVa8ŒîAòGVcn¼ÅÄåÀç±Ë‡Ž<;g¼É[$i–c€£“Oe(Ø²ZÙgªÔ«bô‘’…F–iœÃs"²’FlSI£c.À ‚²RÔ*Ì4òn¦X…ÁÊäR¬Â`¼7(Va›"ŽÕ¬l;Å*|Äfå×±vºñ,IÆé»‚$"…é3/!ŠU˜>Ì†“U˜IY ÇÊ¨pÝ““ÏÚ¤ì¬Ì/»VX…aW¶»bæ€7:°¸çá£‹ [#‡ÁâÕŸkeÑZr Æ{¬ ë•ÃÅe¹r¬È.†Û7®ku„ä^TŒ`›0ÿh¥™ýJ9!h¥ 8<µ”˜‚àpá“Õ÷*ñe§¿n@%?Š â£ƒTÉã×éå¤ýå^Jtp*3¼d†pR¥¼FÎAp¸[à)2pbNÞxr©ÄiË÷5âŠÙ#a³á¸(ÂÜ•ƒG|à|8\15¹Ðú8B¨´‡ÌÀ}ZÝÜ}AGfõÆOzé|fV[ùœç›Õæ'>s¼È3¯û¬5§º(Û¼nÌ¶2fŸ½çÿøÛê×›[ßÜ¢v!íúØ3Ë¼m‹rgº“•Úd'“•[L“×ïÐCásÙÄ3ÿªÖXQ¶7eeª®=uíU3©^Ú´uVîrµþ\óÌ3/Ù‡ù^5írS§!ží57æž¹ß¾gå&ßšïÁ\[·€Ò<;˜m¾îv»~Ñ-é2‚ˆ>ÿø¾Õ˜ew:UµÄ„/¨zaà™Ç²«m·i‹ª<7ˆýÜëº5/÷¯V£YíëªÛíÍSµÍ/ò„"VäÖ…/Åõ3Ÿ÷YQ^d?A¥•§æ¡.X$)ÛCþ^lr9slÏ|éêvÅÒ ,{Óæ'Y}{¶ÉøZé ˆ˜²;®!X½™S¶ËÓ¡5³ÉJ«ë2(º+JÙØR52ouu4OKóZ”ÛêãJhƒû®nòCÎ$Ó¶Ô§9UÕÁ¼çÔs˜ýQoÚákµ«ÊÆ¬óö#ÏËÁy^I¦~¬1Ë¢ÝìÏ»‚6Ä÷¶`¶>ä,ð¤ØdRaìŒ®¯ê¹ô#ÒRKé~Æ>:™Çs8TVôš%´ÂKÞt‡oöÃ–?«0ô>–M‹”X8û>Wå[±ëjùË•®À÷¿*/à%ÿ½CöŽˆð¢¿qI—Ÿ7²ÅVô¯1ßú zæ$"‘Í(]Q…Ÿ7´³FÓ=Ó*ß1 ´»Ût¦ÄÞ`”ko–Ùq]Ä‹Gd_\d³:tR©¢4™9±›°Ûþ¸ûZ”Ýª—»ˆòÐ@½w_p”ì§»¼ÝÜí9,1mºî”DK^“¬éÊ»·A¥þZyMž–ÿi4ë5é²i¤¿¯h8Ï<ü—!ÛÜe2=·’säñ²}«NšBf‘'ÄsÞ~zü¶´zÙÚršL‡[·]üõé—oËÕRÆ%C9_†üLL. ´Š<>/XObject<<>>>>/Annots 888 0 R>>endobj -1605 0 obj<>stream -x}XËrÔH¼ÏWÔa»½§ ÀkplXÆ,gY#ãÁ3#VÒààï7³ZV—<† ‚ˆœ¬ªÎzµ:üß*’ÿ")bIriö«0ñËüßÇ7«(ŒƒXò2BÙKgA9¡¬WƒMË °¬Á`‹tÉ¼—8ÌƒÈøZ6çZ‘rëk0Ø2^øf%RÉþ¸—* -’ 0!8Ì(I-5YƒÁFÉÂÕb–"b²Þ×`–"ž50²“”UÈâQ’/iâ&I3i1Âfhäž5l®¹zÖ`²UY_ƒYÿéÌ¾Npšé,X¿,D„FA’"#•ÔdÑñPREÊ²ãiÌkÏP4Ñq^g†cuÒ°tUÐ&:¤Ž$“ŠîÓÕá9½:¹¢ÉRÕŒLPúÌ²ƒ-Ó«¥OðõgÜ) -ü¡ÅeP‰³ÔC FØ"_°.,>¬ž«À‡8¤›à]ECr2“xAº ™{e¹ -|Ð‰sQfÎ@9¿ÉLZVÀ°3KvÜ³N¾:Ô˜/Š´@30ß:†å%ñôšÉX<ôta#÷p@¿Uæé!‚bûRCZÌ#y#yW‹ÁæiÃÌeI8bó±N~Ô§ß9‰Jª<¤¤Š¹Ì¤Å”Ä-ó,%Äønaó´Ÿ,oßÊíêÕõêÅEŽ}—ë[¾¼ó²ë¾ºC¹n~°µAÈÛîA6];HÓwÃ ÃñæÐŽrÓwÃöðEºþ^þüãúëêo÷3¼Fc„¡wÈºG¿I-Ÿ/ßehûïmOópaœ/Œ_=Fßèøþãßo>¾ÿôáÔø…Ûùû«——ïN}Ê@.º¾¡®¡ÞßÔ2vrÓÊx×Ê¾ÆçÔU\Õ÷Æ¶›n_CÞÏ\ðh‘wÝØJ}Óµ^õ¦Ax©7›¾†vÐš-«€O±\wãöÛ®•íZnëf²\T‚ÞvƒÖ¶–«-[ÓÝŽr¾Æ~{sÛ\lcý íeìÛVºƒ¬™/Ï}Ç^àzlÆmwPe'°a>N6æen5¾ª²ëæ¾¾Á‰ÿ^¬eßmŽ;giÃÀP{ðz’Ô‡4ÝávûåØ×<ûI»àS[³;nÓÏãÅH}ÜlÇç" Fß6?š]û›‚‘®ÇzwOz1ÇÚ$%õ÷z»ÓTÛÝÐ>Üµ½}’(v;sÄ¼©‡öb}z,ö$ïCSkÊg‹‚ÂuÝ6Çž÷lËpÁ>©äÓpòI7ôƒ"”±‘o=:¨•?µGšÎ~ž»_š§æµÜnûö¡ÞíNcâ -p1k¹üðú7îjÜ=›öðãÔ7À§o_úz³ÈzÙætØ6Ý¦}ñ¡†v<™U¼PšÏw56 g5“™NÚÑùême.¬…viB¿¸(§+2ÂK8,ñÔùÂÂ·~yõê¥|è»¯(©œwÍqß0FÓŸExÛÒá¬+Ú_üà3}>ÎŠ¼Ä_>@æ!úëzõÏê¼ÀÜ¿endstream -endobj -1606 0 obj<>/XObject<<>>>>/Annots 893 0 R>>endobj -1607 0 obj<>stream -x¥W]“Û6|ß_1o«\íR¢¾å—Tâì^¶Îö9‘'W|HHÂ- ðÒZýûëH.Äø.•Š]V™03èééþç&¦ þÆ´šÒlIiq3‰&xÓÿüü÷›å*ZÓb½ÆoAñlÍÚ§œ¶7á3V—›ëÕà«ëU´ ÏÏM§‹h¬†ÏX-û(ØoøŒÕuÂ³Á3V7›(Wƒç‚fñ"Z†«ñ,šÒ|…—Í—ëhâØë÷»›ñã†¦ÚÛrµ¦]æÐÂ›tôö$ÊZVO"Ú^l-úhr•*i¿ÙýÛWþèýl/»l„½qDß«Ò«3zÒãÍ)ŽÛcSŽÇÞ7é‰Ìê“$…U!je4i™JkEu¡Ú*Ê\R×W– ÑÏFJé“EÈ+sP9V”&A[QìûžÐ½ƒ3S,*ë|ZQHüQÜ¿úb“ˆÊJr{Ph~V:3gKv4ªÞ`D¿™†ìÉ4yF•ÙÀ-_ð|‚*E‰@Ÿº;±Ÿ>j¾O5_aàJ|*û\Ò¡2½Wie¬9ÔQëlºŒæŒê²ÂðÏ¾^–)Uä”ÉìŸe›TÌ}wô3!ö¦©Cç.¦=À©¾õ§Ãl¶~w†RÜ—’›ÉoEeºÄt}PÇ¨4ùµ•]€_ÑØš`Îpß¬¾pV™}û;pÑÙ$Øb_‘|‘C›@üRŽ¶”Nó&“U} -üì›Ú[è‘65oølªg[;n|D´;1Ü ”¸”ÀcÃ -ÐÀØcA0¶QµÏ)@sðÃ0~ð¬u@ôeØe`ÑcS²êŽD^ƒƒÇ“C°£Ïf1ˆ,šö ¥qÃXºÀõàÚcŸ‹;¾ÇYå¹CæXz‘§°œŠ.‰•<*[£ŽŸ%jäâ›Ý^MeM{^FuøT£ÚÊD²ýhÎ$¸sË¾¸û¯)âBªMÐ®Rå’ÚÁÀ9ÐÄ9%¾^µÄm=Ö=G:ÝQjŠÂèHd…ßÕCî¤gpò¬´®¿²7¢'—{pÿ‹ÔŠ…ªV‚|‡úìä1€äolƒzxIß$‰ó”$PÌaXã!6ÌJv°Wš…Ô!”óìt5R ñ3Ð,ƒ7ÕYYÙ‰I'˜êYäÖÀ´Áýdª’)¤àÂ”¾=©,“ú¶;ØIÉ¾;¢„ÚÌr©²Î¢\Øæu)r¸Ì3•Jú(ÒgšQ2bQd.TÉ7.ôW›|ù7¨qD/u%R‡°±}A½Šš{)áDs¿Ñ#¹ëÞ¶mïõô‡znË¥ÀŽ—¯uQ¶ ÷¸ÆR8™`!÷¯ ù3ºÆ0VÂZ“*`ƒÇ¶bZÞ$#Ç"@Öö¤½$é¡Áft¼³Ìó–˜Ã°\bJcâVª¢ÝéÜVLö:¨ÑÖ#wÏu³rÕqDUTPyé:üÕ};ºt<ûÒ -Âzë87©À'Ôìû_²2ô]†ŽÏ²â×ÿI -Z#âèþZŸ?¦më¸ÇDS¼áég”L—«V -:õwË÷Ó8ö#Î[ˆ&¸1ÍLß¥ÿw3|òrê;V¦);ÜNÈ^Ž‹2`lïÅ©M°'Ø è,DŒïÎ›×ôö'k§YA $ImLn“¤’öYÕI¢Ñò®$ú\|žƒm ×®}÷òñ¥¹ý…ÏÎ2Ó€!÷XNŸyŽ¹ŽjäÂkô{â‹A‹ƒc -‹ô‘§2¦KƒaÏFí„g%Úë¡½~ _H B¹>¢O¾q§°† -îqÌÐvqADÈ‘›G7/NdÚrÔ«ì±û= -×õÌ±¬Ó±3çbÿ])ÄüuôÿŠßInÀ4g.‚'¾ÝºÉû½Ðâ(«[—Ð[?,P÷’#?vÍ“%°Ãl‹ aÈ#åú1g¨¹ÀN0™ôÚœïè:fÔ®œ»’ò£’½uÃªa\®zÃpú‘š2Ö…ÁIH ‰åïÿ©Â*W¥~^Òò¥±Îy;Cy]Âþ>7²îKÊv¤édo‡KxcX¶íÐ5œp,¿ÆÓÃÙËj2›áCÎen1ië°ƒ»]î¿€Ât…ˆý5«mjúEÉ³t ¸õñÝOçÑâÛø–õ„üüòÚ|\‘ˆ -5ú…éŒ¯<:Ôå›ñ¿QÑ -aboñM”«ýøýöÝãÓ»‡íøÃÃ¯Ÿ¶ÑÃ¯ƒ;ú0_xZÀºkÓuoÚfæ+ã¾ç«y´Z®}.–1»{ØÝütó_±¤âendstream -endobj -1608 0 obj<>/XObject<>>>/Annots 896 0 R>>endobj -1609 0 obj<>stream -xW]oÚH}Ï¯¸ûP…JÁ€¡@*íCš¯FMHènWeU ö¦±=Ô3NÊ¿ßsgl‡8•¶‰âÄA?à—N)¬Ê×tYèrKªhG*•¦ÙîàA !£SoÅæšÃãŸ~m %¯{Gÿè’r)c‡6OkWÞÓy¬,P³šŒ´õ£B'!¢2ßž§€®,E"§¤ñ˜P ”¢æm¡Ö*)%ešÒ¶ÐqY¶ƒP+Ò‰cëéYåÃ§ž»t;VëÔô -iî•íåÒŠ8Syo«S‰ˆŸ§Û ˆÓ¬Ì¶±…DcÌ„9‰ãÞÌôƒd°×…È%"R©²;G,Ê)Bî«Äèð½Àê3eîÉŠUP9¨åª‚mX#®0HGKËÈb½°d¶2R‰ÎXª#˜]2©™¯ˆÜãaQ£›]+Ù3•™ÌmÅš’6 -ÈØ2Ia•ä€hLéNdIú€ãªlŽmk¬¡˜á6¸èÅîˆ-æ$á`GFÃ«ÅÇ&†‚¢—95•[¹.˜è•z6)2¿À ÝqÀF{hž(â‘íDtß…FDzûÒ$¢t› ·‘vOaUHô^æ‘<âZ· -æ×Q$Xë]Ñ»ZHœYmDîÀç˜Ž®%§&³CÒ 0„3Á0ëGü†ÝiMY³¸NóŒW -†AØ@IƒþÐ ˆÙíâü¿è‰öµ‘¦]M¹ÝêÂråc•$(}nÝdâ²|qƒ»ÙÂE×½`0LC(_Üy'1Æ$öš¨4N·6ú‘slšÝã¯}:ÞÃtrËk”ÄÛZ>YØjyØ›|*Û¦’uƒq„$,4›iSÑ[«lÀX#h&-áKi¯òD£m~” M]<áŒÖ˜/\&7Ð©Ž½>ÐA?2“©[„@0[#´XC/¹6,^‘Ìa+ÍVÜÄ/£Íe‡hþ½6:ƒðyÅY°dRä,ÆÂÍ—=||Þa>Dpk*²^‘V’yíl›U!#ôÐîPâDóÊùÉÍµ^£eî>žÖXÑãF¡@ËgÊDÎƒY”>Ò2fÿ{ ¸‡ŒLGŽoÒìÅ[§PªÍÇ«zÕïÑûéôÃÍ÷tö ùìTë“Ÿ*%ê‡~ÞaØèÏ=°ºj-ì|p¸]§z%RL@;¬r&[áœ–ã¦b_¢ÓT?2ZËç# -&ÿòõ[ï¶OÇ•V„•V@çak+ì†þ¤%~j³Ÿ>2‘šO¼|¹|õy¹ÌÐÌÕþòercnúêËD”©× -'ðzëÒ3Ùí«™7X;¢\dŒæg†‡ oµå’ŒŸ5ÁpE¥[7{Å6Fñ5mq~üa]ýl`®|Û|å†1¯Û]iw¦ö,ÐMc‰kL&X ˜Szú–•Æ~kùÎÄ½¿®›£Ÿ\m÷Š°*ð: ùüîzªÐ/'^¦oæ{Ôê…š.Ã™Ë*¤ÐÌRH¬Îs°SÝ1o VÜJN¸VÒ>JÌT€q‡_åNWÝ=}@ëú{5Àœ`•ãÀ}¹ë‘Ò&Ãÿst ;Vt+T]UI@fH5§+½X9*ºÔ{ÓjV F£`: ñ’7 ÆSÇ(É»mß9¿ú`Ø4Xw0Æ›àtHÝIŒo^+þ÷d4“ñÓ›Æ!çr¾8øtð ï¦Íendstream -endobj -1610 0 obj<>/XObject<>>>>>endobj -1611 0 obj<>stream -x¥WmoÛ6þž_q30¸lÅ²Û)ÐI³Åš´E\tÃ<´DÙl$Ñ%©¸úã÷)ùEí¶bkaÄ‰È{yî¹çNŸÏbàLÓ!&”gƒh@“Ùe4¦ñlŠïC|Œ¤Ì?OâhÖ~ð™âi4vø†øsç¯âºÑôÎß ‡QÜ¾=?;yIñ˜æ¬L&3˜§„Hš'OâAk}Peª·–.£ºÌÔª2Â)]>‚…1Åq°ÐNqÿÉ\“6mßÄ¥$W²t¶G;]QQYG••äÖ’:¹^é’ÖºÚ# -é¤‰è^KAka©Ô[ZJYR¦¾È”¬Æ=á¨SJÇîÔGÈnÙæy°Ä—¶ÚDÒ¨™‘Ö•8Äë4m*çø^Àbct¦r8WÁ9¢6]ë T™8mvQ+µëÊÑV(÷Í×#vñà!MDÉˆFô*ó¿[é|”™Îs½eßµ³?V¹^ŠüO²ðƒ’öÙb%(-PÎå³P×]6eŽ²~Nüûù5>ï‹¨É*ÜÑKä*¿ˆbó¿{€eiàÕôIhvF‡¦iòãöá°* -¡b‚”Fã‘×µWÐÁG !t”¬eò€úl¹¤ +ƒèu)ÕAÒù–ûí(«äP,AÅVû×Ñ$š ¡æiÐþñ‰ö¿ ÒE÷ÒU›Ó¨‘oÐþìYp³h‰Ô#/vPð¡ž#ÐaÔ‰ÅÆn®æ,j ¸ Õ„Z#Np–Jc©sï¦É,«N¯UÆÎ´No:=ê Âfˆíxúuî¤[kv¸$´QÖ~¦b`Ñ¥ãñúz)©fÅ +”ŒÃÌ5Ô¥å½fÑ]@zÃh÷äÙb±å‹CŠs§ ”ÌÊÏ¼1,ªDSº½$Q¡&?ÎŒ.HŠdz£åÜËf)áã…•‡£Ük»Þpß´ æ«:gžÓNZÉ®y2ïa@ÍŸ¶²´Ê)\~Þr^êg« *Ãþ¡J‡¼l”9åhG.þä]%°Å/,~µ¤Õè4õmK0ªu …' ×>P6Î–QÅØDb™H´o=ý¶Ê¢nšd íJ$0žó -à‹[Ê´2dÛž‘Þu€ØD·Wwa‹ÀÔàá Úå`?wˆ0o&à0_ò aë7CåMöû¸lÉZ•²G+ÜÓ,’ÎèœÞŠRæô?ÅtIQÌ1°}âïÕ§b‰eÉ?m%Á p +EŠ’<Â* 0Z< ˆ`ãókv©¦Ðš5Ö(¶“è£9”ÛÈ¥ÖÎ'ØÇÞ×,_qDþòßsF»ò@Eö/üÂèÅÿV%F[9ª[úÊžúG›8° AÝ×zå>/XObject<<>>>>>>endobj -1613 0 obj<>stream -x•XÛnÛF}÷Wôbdù&Çy)œ[ÔvÓFmZ”A±"—ÒF$WÝ%-ëï{fvIÑì($rÄÝ™9sæœaþ<:£~Îèúœ.æ”–G¯G§ï/éìŒ9¾™¿¼¦EF³él6£Ezò›mhgŠ‚*»£ÜTÕkUãM÷&uÖÛ¼¦]ï¬Ûxº³+SÑÒ>Qj«Z™ÊÓï×nL[å=žÉÆ”Ù_|!|Yk•‘Íékãë‹¯G3šœ]LÏ‘ÀÉàØ—)-ö[CÚ«r©?jwìã•T©RSrb©jO9ºö« ÒÇQKúÉøzLË¦¦¥V—ÏjääCýKMªÁ•UmRUëŒÔŠëc(L—>[gsShþ·]UX•áÙÜÙ’âš<à@„.ìÊV±*òÍvk]íq,y1&ID -äüênAÆ‹ÎçÓKï‡*Õ‚“œZ+Z5nnÒT{Ÿ7E±§GU˜ŒË“ŸQ¶Ýyº¹¢R¥kSéP¶©rëJÚƒÒøã:ß][ÙaßPÃ -£Ž¥ÆI}Œ^+rð¨ŸÿÚ¿ænxõxH”r:×N#}ÿ }Ò…Nk:Þkü¯öòNƒî€y%Ào¶R#ÒÍ´ßÔv;–Ð~m›"Cv¤–‚3%šò`ÚâÏ¬ÄÑAƒ2ã‘u{ò[šÜ ÒÈÈQhÞVÕëWÏqû,ÀV“ïüÀèmÈl4¦Ñ§Z¹šîuÕŒÆƒ°£Î®œ*ýHnaÜÖÖf#Êm‘içiÍ0J‹S§¹§C¸kíu÷¸Ì3HÑhTPØT1#bÖÆ±„j¶BÚ÷R’t¥2@9f-ö“¨ŽkP'b†:KBVÙÄV²äòqÙ«IòbJº”E&$R,Tã)o¹®L8ÚèêIÚÔžù)¤>@Oª-µ[…Çñ’N÷Æ´cÌ€íLÓªàš:ÐÃAàÈZmLµø*½ÓŒ¶o<‡B‚Jh4P[ø!LŽ´ša–ûÚ‹N!Í,9œÿ‚2èUœ?(úJ×¤³ è ¦ÝÍÕ ŠV pa 8'ÍŸÈ”ÅÔ¤êZ—[ †é´@",â‹.m[ §ôZyè(h'šÈšÀ• b³ŒÇf5[8ÑV¨Æ§äçÊ< ´Õ®4Þâ”!Æ•µÙ’3«5Ox`täÃ ò¡Ñ-ÆíþTÿW“p1¦ô$,fÈðÄx -ª -Ð Ý’=?ÈEÕ -S*Pƒ*0±¥.ì® ÜÚåç0 p" "#Vé§š;…UÒû}çd5„ÃØìI9ÍÂ»W¬g#w —qlp¦Ô# ˆaÒzLÏ¾{G› -‚$g~ðýÌ(ÀF€º=iŸª–Û'ØA°sd'gSâvà×npMè–ÓpSOõ“p‰U1(Uaí¹¿Š}l³üîûw¿ýq÷Ã›Û»?îoß|÷áá]’DËH’7ƒ×Ô¿€ I’|Î}‡ apMð,ÌŒèz†cÔe d`u0$§xÇGøÀ”˜òÌþ–DÁVÐ¥ÞC=³ÑÐDŒÍR¨?é-@é«$ÙSN’–4IÂx à@ºœÁ%c¾´_²³÷gç -kCËœ¡ßß=a„Ãc+Tsc„ûÒ5åæ<¬ç¡/§ïçq]”Í®¦sîÚçÛŸ><|ËÈÊš 6^àÂH´Âç€àËÎYäp°Õ~9É‰¬Z@oˆÛÿƒ Ë×‹…L<~ì“µÆ”,2 -KDSKP -ƒe2Ø5¡ëÛq#žðââ%\| -þ§þ÷Ë}^`¬BÑR¥¬0ÈPVYI4$™Ù>n¥5–Lø)Çj{»àÕTüOlƒ›¬óœ—*0•ù±íGœää` k“e¼3îÑŽRB'/D\¦oo¬Rð ›ÈÓC;E·v“«àø!Ð("É‹O·|< 7ÜŸèt'¯oÂ{ÂÅA+ZšzìõðÐVÄ¢¨N?~¾ëæ ¯>\;÷9C½‰{VÌ#„G n…êò¼í¤MV#®5Ž/ïÔax~úêï§F6Y^0¡^c{D,P3¬œ4uf ¶ª¥}y`×ë©ã ½³®åI›´|uûàè7†ÉÊöÒ§¤ÓAOºrÚ{æ¡¢ÉùM.n‚,`oÍ“.xU¦€ñ™Š-¿‹•Âð2½lVì@TèG<±ÞñKË…¸÷Ù,Èü)Ï›BÝé†}Ó)¼ìD¢èˆžµ/ÝfM¹å³`[i+öžopÅÝ®Á/©®7LýLÉ‹§ /xXÄw¶¨È¹¸&{:&ØY~¹Xµ‹OØE¤ -d" ì6‘îž6rë½ÚàmåYÁð8OïÅ…?oÁå>*ü>…çPÙl»¡tæÐ.îÜéû—®Ï¯§³—øÏ€sVöO·÷¯oÙY¾²t¼µi«U ÓãŸ\ÏnÄ¿gÓsüP÷nö+½±UnVë]^_N¯ç/ƒáÏ/ùžw‹£þ;Ý—endstream -endobj -1614 0 obj<>/XObject<<>>>>>>endobj -1615 0 obj<>stream -xW]oÛ6}Ï¯¸ðË\À‘?âÚNßÒeÅú,ƒ dŒDÙl(Q#);þ÷;—”dGH×¡h“Zâý8<÷œë.¦4ÁŸ)-gtµ ´¸˜$Z,ÉŒæ«%~Ÿá¯•”‡Wþè³ÕìýËU²èø¼¹™ÓtJ›É«%m2BâÉ„6é0Sy.,SéH õAùù$ùOöBËÒ“Å³ oE*“›ïˆwMÓyŒwy5Mðk6œN’Yò1¡GUfæàè~CÆ¾8/¼2%Í“IÖê£É“ ´SÎŠ1eîPÐ)cnÔëìTôO|jqîSãÙdòJëp‹ðÜ.B;Qß!h@œ®öÆ8Ž´Ðá Aûù¡V/Qó…î6 -k”û¥Æ(¬D£rÄQ{¥Á¢E(œåVö‡8!2ÑväåˆÞøÃúî3¬„ æ^µF{ñ¬—6¾I®®*c1`Øì±‚¹¢KçÆfî'H/ZïD 6T‚¯ÚažýAÂô¯_Çw2HÑýf®aü×!l»6Azç>ÚÀ1‹ÕyŠÞ,"h•–’?6Ø¯RS`2^;æH”=äÞè=ßo…]Y2Ê0€††.ðScé°ÔeCiwën{Iµ‚aŠ²Œr¬'µáq„7á(¯a½¼ÁU ‚8ü³È /Ïf‡Œ–àDÈŠŽ…‹ÇýêõT80á*úyy%kÓä9š¥^<ØgýqÎè„`pvâqƒopg4ÏÌ·—R•ñ`ðb¦÷³dnýçàØRN #WkÏ7]ÔÆ¹ó|ç¡šÜl¹, ˆËs×ËöM¾Ò@¸ÎÊß¦|ÓoßL¾æA P(ÎCØØ8h6éL“ÆíB®8aê‘>\JG)»3ÖôYÙ© «#cÔÒ1Êª+ž´{h·Ö†qmxVÛ—†düeÑ|OòíÖ²ø¤]Û‡Lü÷_æí±÷òp -+„f€–×Ø>ž¡c~ñœ«ÇªÆ×|ž»3wˆŠÒ¸cºA+9Ûø»m!”4þ²j:ò—¬Õ-¦×øî„¯ë›»Ï7>/XObject<>>>>>endobj -1617 0 obj<>stream -x¥WÛnÛ8}ÏWòâˆKvl·oi.Û Í¥³A-Ó·’¨’T]ÿýž¡$[ñ&èE‘F±È¹žsfüã ¤þ…4‰h8¦$?øAá$ˆêOùa8 ¦t:â¼=¹OéBÓçƒA0 Ñà4˜Ðh:Ás„#ié_Ã0¾ô"‚¡_„“Óÿ¾x?;8¹zKáˆfKD4žâaAð<Ð,9 -ALzRÅB¯-ÝÎhôföîŒ(ë;ýh‚;GÅRWÂÉlsL.•ôEZ]™DÒGåHá=)Ë¦`fDÚP4ü"[ÊD-U°Ýõ£qÀ1}Èçý¨TòV•ZÈw|UÜžº+hÞâ…ÎŒŸëÂeÒ“Q«ÔQ’±]Pïfƒ×yY9iz>Æ‚¬Ìdâ|¼NÌ)s‰»ê=Ziš˜Â!Ú„˜î^ªLÚžöä*iŠÐGCjOÅÑxBÏ«äßoƒ~¨] -ªà‚ÊÚ(çAkQ M¹Z’D±ØE¯œwEA4Qú°®Iä°¥ŠU†496&)Ó9nú -‰((ÑåemýÂ]b¤÷F+£«r/éæÜîþJý”Þ‘¿wùSš.d¯®¶åø¹û}ÎË»t)ÚétÛè¶\³T–Öü›å‡‘…>&$üàSCVäs}“q¾ÐYä2Ÿ£ˆzI‚ãîAag*ëÀ˜L8¥›ª’ÖÊ¥;ÀÜ_œï7rèØãI0ªkûj3§ ãø”QqîáÅ)÷Î¹´3Ý£yåœ.ö{€X‹£WÍ¶Á_¾ˆsý«Ioþ¾Á‹ƒ±XÔérM¥pé1ÉÕ»|OÑ£ä];™—q¼Ôz.<ª÷Áûÿ¢ªS“8Û:Çnx©(VÀHÈïïDå\ÝM€åÎÔä™wUê ¹·À·ïÇÝÇ€fŒ¸÷'Iñìi‡ýQ,·z½sT“ý¹¼VÐ~4 Â·;»‚TÁ‡'æÌ‚Œ’dN=cPKŠ†ÖM¡Ü[žÖºÙHvÐ“ÐnºÕNÚç‚ÔZ–›ê*[ž;VPŽåáú‚Iå™Çr]ón'h'Ù|^ -k× [qOÙª/|#(‡Ö”b%}¬‡OLÂfsðY™ -hÂeþ³F©¼Ä4Á›Ì´‹€D’èªp¶#x…t¬vS$Ð—êEë²e“ÂZl¶öô™úôZ¡²Ò9h(FÄC€7ûÛªGÝ‡Âé]û^¯ülÛó:jŸùÜãÓ—´‘eÔqÏ"Â²ð†rëPa!¬ùÐæ¢ -(Ô±½ú²¦C^ó2Û`D$¬ÿÜ÷ÛÙ#†Rpq6#u-—!à -ši0ªžQ/u¿uÁ °¾Òàg"’´Ã>Éí¦*{Ã{@n"÷ãdg–¥—ÿê`¤r*3‚ø ]–gF“«(A÷Ò(–sÏ6:ö2ê«f%Øp´v/€Ÿ"«dSË¦ð×9ÆÁ=Ö”†Óf|…Ø·Ó!¾~`Ñ®—ª‡³›÷g„{ÿðv~¡“*G·=ÌØO¿½ÒŸÞòBõÚ7•ÑdLÆS|·Á¡ñ˜ï^Î>üÇ9#=endstream -endobj -1618 0 obj<>/XObject<>>>>>endobj -1619 0 obj<>stream -xW]oÚH}Ï¯¸â…D -6H^V4»Q“&M¨¶+ùe°˜ÆžñzìPþýž;¶ Ðm7 -«„ì™¹_çœ{çïŸºøóiPo@QzÐõº4y}ê†øà?—4;ø›ü¡TËùGoè¨?<Å7¶Üø§tièóë|,è †^ï Ë‚þîi&'×gä÷i2ƒíÁ`„“˜àf·K“èÐïzwæÑŸJÇfi)Àó“¯G“oØØ'ß¯6v‚!¶þeJJK[ÐLåøŽŒ~‘yAÅBR–›™JinR”˜H$ë‡…Á£Ø¤Béõ3£Ý¾»§µí¥ÉŸm! -…WÂ²]êø=$¦g&Iàà9?Fª;Á9Æó[3'·Þv{1¾¥ƒâTie‹\&÷ª¸¢:®jÀÄ1a0ÒvÔîåÚþ£š/q¢¢g¶Ç!·ïVtaÒ¬,dÞ¦dã˜¬LdTPû!7R£¤m¿ßæÅ–µ/Væ„s9Í¶M…˜¾ÿä§ÊÍÍÂPÛ¥²B±šÂ†‡ë€U°#½ßèV8Ó²(Çö…ÉV41{dé¦ªFëAæ©* -s¥•-ššïÇ;%»X=—mªÌï‡`Ú·Æ<“Ò-¹‡((è¬ÃI*¢…Ò’´Hå1-R'»JíBBÜ¥Jf4• Nrgý¬˜ˆÉ£-ã5¯ôr¡"ÔoƒŽ¬SI"Š¤µjšHrxA×‰€ñž£3Û¹ e•À¤â•š92Ï+ËÎA=ºšŸSy E3èEÅÎ ·ïn.¯Æ“?Â07¦8¦LXrÆç”®šß»5èA› ;§}/¨\û)5YÌ§ÌÞ‰¡T<ËÐ#‘ ÄKfFS©ôœ!ÓtEB¯ªÑ0õ -Æö@`UŽûMûŠ[uª¤F‰±UæO®ß#>ŸÌrÇ÷Ï †_ºb;|(‚(mÚ@±(ÞÍ÷/5°Œ<ÿìUm/‘(,.-Ä µVtûH£’d\Q±´œzöÄŠt*:=;dÝ,@c’Ÿ ò‹Ž¡wŸ&'ÁG·åãZ¦ -R¾z=dfr {sšÊÕ÷ÈQ,‹y½W%‹B8“80aŸ¥Ì,ÅÒ>&{=½´#·ƒûN?ðú5èÊ>PŠÊ\+ŠíAË%¥i©_(<49<_!1F'«ÍWõ¡ -ìôÃ#n -fÿ†wuJcå<‰éE çJ‘ôˆ¤‡ÆQ¡PŽK•ƒ‹ÈOÆæýššMßl5-LÏÔ¼DƒfÃpüÚ0ù¼‰L³¸±aø´²…LÃp«…!ÆmÐ]ì¨-ß Á,µÌíBe\ÂG#€ÅyÓËèÚ$(µm5¢×¸èyŠÍâh¦L@^f-Æ C+ÍU‰[¦¦ºöœvpÙ2ó`Åá†èÙÙñOhÁ+åotƒæ˜ÁT©4ªÆv”À°³Ï[å½X -sÖ\eDX´ÿq”Óy¡9?¼s£f˜¸jÎË7›sSðƒ%šÊNuŸ‚*ÃK¡]² -…¬ÍÄÆQ¥¨¸áá'ïvaBÓmð€©Íu´%Z“#5ïvJÖ”¨™ÊxÒâ0j‚KZ"]‚9Qw¥ˆWá‘›Þv%ÐïŸV#ÞO…Þ?UÃÞ}e ŒÚñ¸UÁ‡¥‚ÔA}6Œ ÐùL©Wœ]Ëo›üœºŸSë©yÑ:¦Öc©VßwÜd•Iœ–¦Ñ‡4>ÝÜã1Ý©(7ÖÌ -ºæ2•@ôÀ4Îšt"Ë¤Øgr®}½ÆØŠäãøäQ¦Òò¤EÖQ4ç¬âÅ±\šzÐiòò»ÇGÒ=NmŽ»æ+Ä‚½¼àNþ?œ¸Wánê‰·©Ô#†«ðÏW¸¥ØÛ€~õ=ƒÞ›·îò¶nu9úú¶³Ý3ZÇ,ÿÅ†Q}éòý78pKö½Ó>ŸÆwÆÜ¾ñyi¢’èú‘÷ßî¨Ga÷ŒÇ½_\ZûÃ¾7ŒªKÝ`ÈÛ¯&Ÿþdƒ‡Zendstream -endobj -1620 0 obj<>/XObject<<>>>>>>endobj -1621 0 obj<>stream -x¥SAnÛ0¼ëŸ b(Z–äÞœ:¹EÓXE[À…\EL$®+Ò5òû,;‡"½ÔQÚáÌjgø;É@ò•A©`V€)$Ì+)W%¯ß#B›\ÕÉåMYuË¡¤‚¢š‹yQAm€÷I µžN–f°Îú06ÁþA¨qØöM@?ù“õ³8ÄÕw#ÜŽÔÚžKõ#³ë#{ZŠ*6V›éF%¼VOÚ‡bšÍ„Š€íî{L?õV?}„ÉŠÀQÝ¡~‚–FØEÚ;}g·@-ÜQÃ >œÄÿ_ú†zÃ´g4¿Æuà¶¯]ÃaÎ :àëç³8È#„aßQ Éy~ -øE;0¯“uˆoØÛõÓÃf:ë9,-%BbõHñ†ŠÓ–ðæg¤cB×¸|Kì£EÏ¬ØE Í¥4›ñžQ§ü3&ªyŒÉÞ…÷(þŽYua–¢X(~›‹jvÈÚzùåjsóÈ®ÁŠôn@8æä"sš|bª¤¥\DÑL -%~XghïAñ¹üy±y™‹’OÎA½¨â§ë:ù–¼Ñüô»endstream -endobj -1622 0 obj<>/XObject<<>>>>>>endobj -1623 0 obj<>stream -x•WÛR9}ç+ºxrªÀsÍ¾ -v³•"Ùà\x‘gdF›i"qü÷{º¥¹x€TmQPÆ£éëéÓG?÷Ži†Ÿcº˜ÓÉ9eÕÞl:£³ÙåtN§—ø<Ç¯×´’'g'ÓËñƒw‹½£Û·4ŸÑb[ç—´È vfø&›\ªn´§ãã)}¹{ÿ>i_™Œ³ôÎ4”Íé›±¹Ûº[¼Yü»7£Ãù)ŒL®²L‡@×Î6Þ•ôÁ„&ðöw|ýžœ"X†¸øjôÆØG±šÊ>ò?â·îüZþº)ôÀãl*>ƒÎÖÞ4[Ê*ÝcòwŠø“¿ùÅôœýõ1SVm‘J¦,Lk6lºSåP á–šw‹Ü‘Úz4R¾J]< ÆF©ÑÔìmLSH2Þ< UŽû»\7 \±7»% ÑçÆëi Ü]£úàuÛèœrÏÈ(L^ýrwMµjŠ)}+´•¶kª]×õÇ†`àÐŠI'DNè“w(rcô«(€A;]Qlð8.8›Ò‚!³ô‚Ñu-QÄvÐÒõ &jÔr×}š¤ø}Û„‰€gëÖ(-p4Ðão,j8Ø5.h±ßÇ8ÑÑ;ºZç†gmäZ€»kB7VûP˜zt˜ëñ¬Ö¯n!)eŠ1¢4ÓÞ£Å˜L=jºþ\ë°ÃA~5@‰Á´Ç´ÐeNËÈ‘böª®µòdâ Â>Çóp@ÓÕp¦^ªíÛ¦0Yã#Ï ãäb¾,1^{ÇŒ<ÉsR©°’ð”‚÷8ª8£¨@ 0ËƒÂƒ? Û¶©;^#óÆ¬ìájm³ÛB•qw<‚ù7¦Òhoôâl¹e"f¾‹°:èç¬§ò>éÅÑmÒ4âÒPî–‚G®°vãQ ÚâiâH –ÌõÚþ–½Nú iãeðñLkF¦,òîó&´ßÁw„ß“ý@w0Í£Ë’ÍÊ$ŽÜÆÆâ=‚š¬tS&€h?ŒU•Žó‹¤ÓÊX9_Ñ1ˆAçi3íßß|þzóùáAû0ùààœí<¼EÎÉ§—À†-‰«Žï¢¡q¶Œ˜nÞ½ÿx/–ÛÈâ -C›ž´OTÑ[ãp^±%‘JªÃ(ßn -7*IW?îë€hzO;9¿â2×!ó¦ŽÂ¡a*&“wü™3Lõ³(7 ˆõƒ’óÊá‡Þ\¼E¶2Ì#ÃjÂÆyì!ÞV=Ø¥ó]ÛÅ ¨Þ…Ñ2´øÂðƒö™HŽ8¼c]ò>²U<:Ž¥ôµ± ©Û`]×Î7/²€i&>b56Y©òy\¨C,F?aVC>µ4®ì»ß&; äýfë¬t2ÎnÑ.ŠÖÈ„ê‡~uµ´¥ëØ%r -"rÙe™Ìï¦Ø>`\rÂ!œõA—+z˜ˆ6Ha¤vƒÄEnB]*PW»˜X– -êKp•D‚€‹ã€xp^ÇãðÌ0CåÒB‚äez\ -:~•+ÔøP;1"³ -@g›;¹¶ëb’º½Cè@UÃðÎUÆyàV=)Sª%t§ì€nM/˜¼sÏ Æ‰Oé -:™UMª¦:mÙê|C‘máVÕQHó%ã…n)ö:ˆ¬m§š–IåT[ìàqmÅ}‡l’£‘ÏZÏ›ï@¢(³H\Ô™Q†W|Ù’ë˜}fOÛõ&Hõ»³¢ûnŒòËœµ¿ID$y9—çkþ;psyÈÔ‚·«Ë°ðï·÷ù°…`‚x/"fÜxZ]-ç²X!QÙISp-:l 0‘lo´cèÖÒ$5Û4¾»fà±WPÖ\¡œ ÑFÅøk«ÚÒV,?qoŒj¡U…ýÐ³â«£¢Â0¦ÈWMkHûzt{ÙK–ùY¼èýÏk5½v•>½8^œ_ââŽ+íù[Îãf±÷ÏÞf®Pendstream -endobj -1624 0 obj<>/XObject<<>>>>>>endobj -1625 0 obj<>stream -xWMsÚH½ûWtqTaƒ³—-Û±·\µ‰½MöàË ÖÄB£Efý¾ž‘@ÎG¹ìÏ¨?^¿~Ýú÷dBcüLh1¥³9EÛ“ñhLó‹w£Í.ø<Å¯‘´ñ³óóÑÅkÓÉt4íàìüØÒÕêäíí;š,hµóùœ®b‚ëñ˜VÑ`2ÍFôYÉReO´Q©$m(VFFN›åÒl•µJgöÍê+ŒÍh2 ÆN§²Š«D’K”‰i]8§3Rße¸^ÝPïá`«×66¨žÑuª¢gf`ÓÒÚà›¥"'°DªŸh_p&ÙD—¸¡]RûÓéäl4å¨‘“Èb¾A¼û‡t™ICzãÿs”ñˆ8pîceóTìdLŠBu´ÙÒoíÜàu:øðÚ[Þ|ú|óéñ±°pò8øS#—Llåã›NÎ‡¾$ÒTp‰=\ÁP§-}”îêî~é-×©,Åv-n¿I3Ï¬q8ß±å#åkC%ÿß2ÑüPUã‹ë©2d`»žZ9Çe,mdTîÔ7IÖq…IÅ2sj³ãÏŒs…_¸Ešî€{"VEøãæú~Ù‰l£d·RÈ…µ¥-cáÄZXÔ`T=T—ë.° ù»¢l™#¥d‹<×Æ½’•Žœ¦p‚îö½1ØˆÔVûeÀYUò]æYXª4¥5@“3Ú+Ÿ}°Y÷O£½Tx§3ÙaÔ`Ïó&÷\À|ï¶€ßk9£Ó^n€¦…€l«bµÙ€³™ó•1ž Ö»¯¥CI;$«é®O¡ÞÈ“+[ -T“!hø¨ÊR÷®€:o£Œu>H¯eè3Ö²Ó3H·œ—°ÉˆnÙæÃAcÚÕâvƒ -µ²Ä`ÆžêoŸŒ.ò· HFæ°U«F¤‘6×YÌäì)âÞz¥QNòù"£P°„ØVä9ôd½£Ð±* 1R’Lå°Štyý'•*hõMHý8ªþKŸÖÊÙÚ–7l;0¶‡ÉâAç|þ!éÆY3ÌÚ4=¥z-RÌCõ]vÖälÃ?¢ƒÓT—!sæAª¬ã~m9®®@eCm|lXƒ03û(Ñ2ÕâZKd¾ö Ñh‡FU†»xõ‰TG€aïý0ädª`xBÚ|o¼šs§N°0J{†úˆ¼Ûn¿^2²]¸z°…Q†Ä:ë;æ ´<‹ôv‹ìPEV|e‹èN–@òn nE‰ÈžŽeHW£¦Ö.Ìþ §“5PöòÓñt²°…—}†à’ECÁÌÜ¨—™Xç³X¢Øè2Š¤µGrYM€Q‰çdÞ«ÂQÉëFÂ‹ñ§«Cbeº"âö4gÂhq**RQÚÏ5_F^´Bë¡(P´}¡ßé.Ã›KÛ¥^Û[Ox€HæìVC›€rY¥0ó"Õ"®ÇËQWâ¹«÷<Ÿl¢ò#ÔX—„ƒ¢aÛ“XqÊDC[)2?Î3OÇÇ7>(#y|¢™!Õ míd:éÚD|«‚ãÞíÝÅQdÚ³``^•°%ÚèL¤c1‚4ºáYn¦Z?£äø"è?iôêðù['šGôA³ºH'TjÃªÊ_#Å‹2Ê‘(TÂ¯¯5_Ÿ |‚þd’MGô~¿~?ütœÕw1o9/YhïÛe˜±vgÜ2ŽÈ¼Ô z5¸ƒ:´å7è¬·|Ügå¬!·ÜœÌ7ì6õøß_+ÓÍ0À€bÔ}˜ëõFÍã}ï2ƒ]‹tªó°qöÓ—Nõ¡£Û¥²âÁ2¢ãÜµÇ1ÉñfÃùY^ŒyeñÎËè/,/ÃýÆƒ!²Fû…±ÝZ¡ªìjû]ÕY±o ŒkhÐ6¨X÷²H÷ìLûÑÑ¼Ô†U ‰9¤_)éÒ*Ãû v¸ø %{þŒÇßíjXyñáøÜë·ÊRX³*»ÝÌ«÷˜§b"x>Ô×Q«fN¬²(7¶)#]a¼ø T¡˜œ\Ä,’]½áS&Ëvû5 Íå;Ú&¼Ä…DcW}Qÿ“9Þæ/Îð¶=õoÛƒåå‡«Kz0ú+z¯£‚w<á öiýÀébün¿ÑþúKùl1-æØ‰±Þ.Ælòfuò×ÉÿÀa'4endstream -endobj -1626 0 obj<>/XObject<<>>>>/Annots 901 0 R>>endobj -1627 0 obj<>stream -x•WMsÛ6½ûWìèeÆ–-[–œÞœºi3ùp«Ó|HPBL@šÖ¿ï[¤(Òi'#™ÅÛÝ·o?NætsZ]ÒÕ’’âäbvA—«+|/nVüŒ•”ñ,í¾¾ýz²˜ßÌ®èúzvI-®ßá¯ÿONÞÌ‚÷t¹Ä*ÿÌ/Þ¯OÎ?¼£ùŠÖN^ÞÌiz»´N¦óùìzF_Lª²½Ò[ÊT.ÉXJ••IeìžJiåœ2Ú½]‡±Íaƒ]®fK˜›ö¾n€”#áÈ©¢Ä1xJvBoùÜj'±Å•¹ØË´&)_ŠÜlic^NŸ_!8œOKr•ÞîdR[U‹•ç” •ã á:œÐ&±—íÉm’HçèNj%ÓÉcwb+‡Ž¯A¯LY;OCÚT’]òYØã§4¹MÇæs\@¥Vµ…›à l#kLÇœ I~œª*¬Þªg0G“´Öø¸÷|Š ±‚[Y0ÖÒšD¦5¨—ˆ-°Y“ª”Ý!ù‚ØVr”Ç·3Zïàj!EKë½©aF“Ñùží£Z•u.p$ÂBÈ–• {v¾µ¦.Ïcóã"e÷fT«ñ`ÔB Ì{ÂN0ýG`¼‘y>8Š€#](E>œáõ*%fëÏ¯ÿQ£ÍpÃtƒçG†*bÁyœJ°ÕÌ¾œ’wæ”ÕÎ;ôø–éÀÁ~†+™5…÷¿ÍlO[?¿®z–¥,R¼WSÃ_xåõþÓ0KQ•CiÁbgäkNYæà;kæD›~H&’ê£âT*gÿ‘à*èYÉÆ¯î»#¶"fnd™Gðå RXFKôu=öiäR–‹-TÒQ*]%“é“Ø Ø-IòÜ4Ž{‰K¶É“ÿý•et"ý¾@‘µÊ"¤QNtHLQ ‡ô¹u‚tÐ²×;9¥I3ñe7y™ÐFUx ºiD„nþÌÁgdð`ùÇNðzjîê*çj¯ò&w2‡,³zƒ8µîðSÂµåíâ+fœP[m,Þx’µ‰dòš£¿ Ýû‹BŠ+VÂ>°Wô7cð -ÃÂ /û‹!mwƒ%±ÓI -j3Ô—Tf¢ÎÑi"¥}?ƒúcòp^þ½]´Þnñ„†pCXº†;3¥P&~(jèo“dš¼Rpß$f‹dØ2ûÁ{ùã¨x0#:{ë(îQý£gHE7†ŒKcTîÃ¤„’…ÿÓ‚‰$F£Ï‚îU)Œ$GZÜQ9ÐÄGDì)ÊÝNmw9>Üý†8ìäNâç¨vÕù‡¶ÿ¢~óº8 -Ihˆ^DýlÊ,Â/à¾,=›J™@0GáYcrÔè}£ÑIwªyÈý03†j:Â|?ÚJvÁ©ÏA:>»Z„A cñ¬;Ìqž˜Œq‰•Ü)y„‹\^Ý”õïsóº›;3S[:ì` - ð*kr›&ÿŠžÖ¶›þ‚ÞÎzPv(ìô©ïCÁjHëa…IÛ<µ»»"íêÅâÈÎkk£ÅÃäØCvÏºpÏÌÉ-_é£¬'–½ÏÖ,.Žd±Cã‰LUWG“Î€™ö¼9¡ØC@úp 5ÐîyŒí4(Ün Ð}ˆ(\ò×,ßvýH*Cá - -¢zœ¬iÛ”6c‡èMéŸÑ-¦oß üŒÛðÇ_¸|7á» ~à¹ÑW®¡7ó7áxAÚ+B¸É«s4ËVúØ˜ž—±°nâa¾ÄÍöæŠ–+¾³âòpûåý-ýnÍwô6º3I] iøk=k7œ.Þñúÿ}K]¬³ÕòwTì^ÍÙè/ë“?NþùÕç?endstream -endobj -1628 0 obj<>/XObject<<>>>>/Annots 910 0 R>>endobj -1629 0 obj<>stream +-ÿÑÆìØ‡¡A|—9uç¯tUN#D³ûE‚‹ZÃ;ÈZø³±@l˜oG—F†qiŠ³mxÌlÙa-gct%fL h©<^0çŽûJ¾šÔ/@ìU=× ³ùnÇÃ'fªð/Ò»¸šÚEPÙhâ¸²å! y ½yGCå¹„9Ñ,´ÆØÞÆ›q[Õ-¬Ù%\ÉSqãìýõe”—+t9³j¹<ŠEÿ(}‰¯×œg$}Rq0H½>>•¦Él>1nXQ4 LÏ•yhfÒ2´‡`¬”…Öm¹„v|éÔ}K8t-þáošJ—ÏÆb2À[á;•b<¾ÄçF&¸æãõ}Àƒ‡¼îÕ¬ªýÑ(™Í4™L’ÁpÈóÞýÅÍÛºµæRR"¼P@YÓyø$ é|Ú›óùÿ1gŽ¦£d:™á÷Ç#û~ÑùÔùè‹=+endstream +endobj +1604 0 obj<>/XObject<<>>>>>>endobj +1605 0 obj<>stream +x+ä2T0BCs#c3…ä\.§.}7K#…4 Œ™¹…BHŠ‚žP$YÃÓÓSOÁ1¥,1/95EÁ9?/-3½´(±$3?O3$¨ÕBÁÐ¢U¢—s=s3 ]!)¦¦ S\C¸¹[)endstream +endobj +1606 0 obj<>/XObject<<>>>>/Annots 805 0 R>>endobj +1607 0 obj<>stream +xY]oãÆ}÷¯˜‡>¤@—!EŠ’žg7›¸ènÜµR(ú@K´Ä®Hª$e×ÿ¾çÜKÍ\ÊÎ¶øèÌýþ˜‘òï«ÄÅø'q‹™Ks·©¯â(Æ'þ__~¾JÒhéæ«<Š]ÿF«ÜÝ•µ[M9k—äó(7‚×n6‹§j—06_Î`jÓh1š4jgóhfH‹Á®2¯‡¢I¾‚'µËf”@Î@˜Ì¢ÌpBi’E©!-›¦ÑÜ²ƒ]äÌ‚7j1ÝeÀ†5˜9šO4[6ŸMYƒÁ.Y½ y.ùçˆÁæ´*@ò ƒÍ£ÄƒEù¨Å`—KfØ+¶.e’(ÏZvOìZ¬áXÍïŒk—Æ’ +¯Ùb°šÛxe1Ø…ô“—ÕDÁÕµL˜bL”H¢”Îs2‰s¦É“ƒMgì‰ÀVXƒ™â”sXƒÁÂ/°#‰³lâ•Å`ç3¦ÉËj"RæîÜ1BÇŒ\‚!C8ž´.¡-Q)ÏªZ4™ºtž€ väF5ž´jgÒ¦5˜FW4Xƒ5(k`Ñ>83jžqû¢Sƒ]ˆæÀŠl¶Še°’l¸‰¬Á°sVR‘-ÒjIÌU$¢«SP,gÏN1ØtNÅ5˜./áœa †SXWÃªS9×(DcnÎL:0Í&4XƒÁ"ö¹e »\Ñ© k0+Ä>¬Å`Ñ©Ö®Å`‘ä5[ŒqG#Z¯4Üy,í8†+È„{f5¼ÀìÃ ¬†{–Õðk°×³c¸£ì,]bä³ÀÌpW(°#\\³èÏÊ}˜¥éôŒ›O£5›/§V9HÎ@„:[2ÿžT¥X.¼[°À Ø"|Î@(Mzã-›',j` ‹Ž†·5˜Ùºd1Ø³øÃsžÖ`øŒg|ö¬7Ö‡u‚ÙB‰³ î[)QÎSŠ‹Ž–4cÕ®N"a f‰ø°4¬Áp +33‘•pØÓD²5‰fi Ïb“--k0ËË&0²Ó+6µa fñ™HÃªWxJéü±ø|WŽi–Íš3î*ÃL»¬Á,[2ÈZÌ\ña ›s«-É]!7•üÎ¡H3)y?³2†5>Ï¹# k0#âF1¬æJ|`Õ® c÷ÌªÀYTvk0kÄ5¬ÚõM™à!…L +R»S3ouÃÌ*ðånXÑ,?Å@W^¦?ÓˆÞÁ¡µ—†9|Y×Éå+W€úã!Ýá›5pÜi¹>ÂXÿ¦T@ãKN‘‘×(“`I!™s\2Èã”*ÓçÊˆ3ÿ}¼‘Á{/Ó3ÇëÏú3e Å{7p2Q|U.@Ö•ôœn)}©é•Ã¿éb@Pˆ’a§ž)ÁÉ#7p‚“/äžûq}õýG\¼±[?âÇÉ|±tëü&‰O6ßÝ4C×nO›¡j›?®ÿ…³n>=ûNVÓzûÝ]Q?n_ô®/ŸÊ®8¸Ç²N]Ù»a_î¥=¹ºÚí÷\4ƒk»5íøÉÐºS_Fn½/Ýf_‡²ë]Õ@ºêÝ±èW›½Û´ÐN/b÷Nv:l·Méúc¹©«ÍÙl¤ž¢¡½§¼¥pz]<J×>º÷m3”ÍÐëIŒÍùäY/FÍ]oŸŠfSnÝçrxn»¯îSÑÍ®¬!énšÇ¶«‹sbðƒ®÷ ²Iä¾”u;”î®ìà5tÕUSõCç%ÞMD ðÛç›¿»Û²««¾GºÝÕÐ»¢ÙºûªÙ¶Ï½û¼v×›MÙ÷â~×Ü_ Qb¸Ðm«ÊçªÙ‰ä´Ùˆ‰£7Ñ#íüx@Þ¡¼/7§®^Ü¶*íN›Tó;Sä~iŸêõõî±B6½\.œöB¿/ºò¢ROƒ["Ú>7¨ô¾:òè»©©ìòl·ºr3´Ý‹3!Pô"z¼`#÷‘¾…l¾‘ûàu^œ½,ÏõnÝ¶‡¾|+÷Ò&÷¼Np'œÏÿ@&³F•HœOðÓºÛbóMùj¦(véK/›ûuŒø’;zÝ`~m¯÷‡ +M.þ\t N¨Š]Óö•Ø}E£!¾ÝVº©Ê‡ÓN¶øX?Ô±ÅuV¿Œ$V’5žíÝ¶u7¸£ŸÊ·r†ÇXh6,‘ÚG¹=`Íó{ÓJþçö'šáO®i]{Ž'MÅt<ð µGyâ:5ç/cÑ})Ð†m?Ümºê8Œ½»}]¼öÌ};ó[çV¼›ñHÙž*EÃÿ” 8"zÿÛíÝÿÞ øaéÛÅÃ›wÔõÎ}¹¾Wxè`ßîö¼Qäšœ´0~ÐþpaÈÝû}Q5’ýï?â >/XObject<<>>>>/Annots 857 0 R>>endobj +1609 0 obj<>stream +xYËrÛÆÝë+f™»…7É¥m]'ª²d]“.{KQ„„$”ì¿Ï9Ýº!²|S©JåäL¿3 þ>‹C„â0MBZ„õö,šDø?Ã¿¾ü~–Ï&Q(fþ½ ³Ù$íÀ&,Î“‹ãtR8Òãmˆshõ¬Ã`‹ù ‰Š=Þ†$*&3/%<=Mð!›Š¬ ‘uìt:Éº³Â:LÍ¦‰¬›ÏÈ6Ì%rä„Ú8£é1X‡Të0Ø"žÌ=ë0ØyÄ›¬Ãp8.F¬Ç`Ól¤Ùc°Ð;ÍlV ?0e$Ižf@ñ$÷¬Ãê22Y¸Ücºœ±ë1]–dë0Ø©4°êrš"÷0›H[—›Î±ƒ-ftÊX‡PÎf5ÖaT¼ÑÌîLØßÛÍ™(ôÉALOÆ®8LJ‡Òcº[ŒÔzv–L¦^Öa¸‹G0ƒf™ÿhd×c°ùt,ë0Øù˜ÕêÈ°öÓ#€‰.ŸsEÀá8GÊ9£'’¥(äÈ!K=d–‘ô˜YÊÑw&ËtçÅTÛÃ‘E"ë0dá`îXõ7§9¸ÄîÏˆKéRŒ˜Œô˜jåXu)‹tueSæA¸ä0dg)Íë0Ç¢ë17±]*’©æ_írv{vÊÅ—ë04£QáÕÀz¶HX‚íìÊ +@Dh6ø,HK`,Ê‡lë0X44«™Œb-.6lrA¢ÙaxKžÖcÍj4°ês†Ëµç–É‚"Ñì0Ø,GFë0X\6±gfDì#'ë0¼BÝ#ÏJ¼¢^z ei& Ó®!²ÒÌ®>1+HDcÃ•éYUÌ ²X„³ «Ne\¦-ÄeAŽMs-Ê —96áv¢]ÞÓ™ µk˜EL¤±ƒÍ1ÙÆj¸ÑL3ó2ÊQ±)âÐ\T¤V!“b}2œŒëZ9a×cR‹ý9QÁf|¸˜bÁb‚F²ƒEWz§4y=aåÆHC*€>9Á„“‘Úäi®ïºÁÅA‘„ã0]âÝäX‡9\bV4QÖco“õ,¶ûÔ³oCŠz£:ƒæÎgI¼R9Ÿ{V}4ÖáÁçí|îd;ÕzvÊë?5Öaøñùf¬Ç`ñºñ²ƒÍy™l/*'½ªñ +rñö¬Æg¬ÃC¼ÛÅÛÉ& G%5ÖaÈNã1ë0Ø9;ÈÉ:ÌxùL6Ÿ0„÷“Ì—£Æƒ;©‡(nÄKÛHíó¨{ø!ÇèeA’ ‡!*=ÏòŸàM*{:ífÑ0;»PÏ +ë0bÅê/<+Û/Aýe%«fANsÏb7Â®±SsŽ”8V5£†RyyÖ'‚D³ÃðÝ‰øŒu,FìY‡a7gF¬ÚÅå)û\#ä"êYÀX‡aWžz‰±3^>€«vqÈÃ^í +rv{Vkb¬ÃÐK¼ë1XdX°D^•ðYí +rv{V¾õ¬°Ó.ï+ÇjD¸|úoTÄ+HdñÚcØ•oRÇ:LÍk4Èz;ë0Xù~r¬ÃœÎ)»}õ,&Ù³š+>ÃtqnY®VjâX‡/®¨™—•\ÅØýÖuŠœæžEÖt5Ïj&© ++‰ƒ¯$üš!€œƒxÃó3ÎA8„ÁÎé±ºëÕÒýƒÅb™zY‡Qù¬3³²Çø!ŸÜƒ +è."ë!Ô¦¬º‘ƒÅ²„Ã¢Gsd,zI1Öa°xÎÃac†ÃxÿÍë1»m>ø(v#>txK—#ó=r,î+Œ3{ò7NtÊÇ/8ÜÈü „³¢Ó 8ÜVøè8‘“_ðÀáVÄs?ï©/'Å8‘Ãë·GR€Ú å8e÷~yvñ]‡å-fÓ°¼—_@£°\ÿ†‡|6 ¾Þ.ÂmSíÚpÙT/e³«Ý}¸,_ªu¹ÿÏòÏ3ˆžãq“@XeâIøxhÚ§² Ï¬vaß–ÏrúüÍñ|>UÛJA$ìÛ;ÖáyõXîÃaO“ëÕNuÑ`4²WLÂ»û—Õn]Þ‡Ûzßî×MõÜªË´üÐÔÛp½ßªÝ}ý*>ŒL¡àÐÖç—å¦l«zGÛõþ¹®7á¡ÚhœcÏaöë®z¨`õSýXïöá®l_Ër× +7KÉÔ×›«ïˆ‚®À…;xq”4<ªáÃÝ¾mVë–ì¹÷Ëp®vmSßÖtðm0Í“ðíiÕö|ýRÝŸ(ÂÖrÕ<–møº?ÊþGý:hûV7W½DU×Õº©÷õC¾”Ûº-i¥84eø°Úl´æãpðfórïÔK.«¦\·uó3,Êfh®·’ˆôfµ-û3añZµë§ãŒàŽœ„ÛÍáñqu·)Yà§¸^I…¯‘Ê®ªo ‘–FJ÷{SžÃÕex·ÙÔ*zÊZáK¹?lZD¼~B¡¥„£>ÇËî[¤D]à}¨wÕã¡‘ÿC¡#$ø×•ÇAë½-"<êoZFÒ–å^FlIÿöáóAûìAD"Ã(P…QÏë ÚYÛp< oëMµþ®W;L/ +çì%]ßž~÷>}&añb«ÒÕ‰¾å!ûÐ”p “Äì‰n¬8ÙaþãâýG:£9¢$ë×:n–YX´?Ñ2]$ûñ÷BUHêiU¶kðûsôcìþÚdËr†|55ŒKØQàQ×«-cíÎ§‘§p®Ûr\>GÝå#àq$£?>ÿþÿsÉT;œdòñ_ÿÆ†Ð™èƒ]”íáùí$Ñ#IÚeï´:.ø1ú”Ö.$ÝÜesê0Úsñ´Âdi´¥ÍÃÐÐ¢éâûmxåêSŽÆ£‚f?d§¬Îíü‹ •§ÎG€3óò‘›Þ¹ÚáR¡{î),VÛ»ÅGs‹?mu[k¨ÞdÅU»° +Ï\Ã¸¦~\|ªv‡gs|ýP¨÷â#Þò øí¢l×O¼P•è_ +¾‹(‰.:%ÙÐ•—É+î×òh«Sò´ü/¤Ñ`§¤wû½\'4ŒWX]îÄaÍÝJž÷’säñ¸(¾©BÂ,.ñ†¹)Û÷WŸzSñN(yzœ8<{õð§ë?>/–ygœ:†üŒŒ–ýG.ox†Ôp¬®F'.>â“BêÌ?ïÍø‡my¿-Þ]¿Ç%ó'îâpY¯Üá2‚ôí<Æ”xü|ÍùÞ{{9ñWùi1ÃÖAæSÊüwyö¿³.pjendstream +endobj +1610 0 obj<>/XObject<<>>>>/Annots 893 0 R>>endobj +1611 0 obj<>stream +x}XËrÛF¼ó+öCrŒ÷ã”²(Q¥d9¦ŸA²h‘„‚‡TþûtÏ‚ØH»\eW«wz{gf+ÿ· +Œ?ÉB¥¦Ú¯|ÏÇOæ¿>ý¹ +"/7ižz¾Ù›$÷² ìÌz¥àÞ~èÅŠÔ,tt¨Æ`ãÄT,„}“f!¶¶ÂÅ„¸+…˜Â±jVa°I6¯C8)¼Ô RÂG6*¼hZ+¬Âö¡a•„Ulò<³²=Oœ"A{SäŒÀHˆÃàLÚÀ(ÂAÚƒR~l3ÿŽU±™OGŽ…Ò¢ÖTVY(+LSRvÇ*Lå˜•u¬Â{ú)÷YÁÆÅb_ÁB ™r± +ƒEŽµg›*lÇž)ÖN€äØAö¥ÙfRc°hTª1Sð°.Va¦"dõfV,%E$Ý&–,˜-9kÁ‘C½åÅ*6åá«0ÙÂK¬ÃÌ¿ã¸Xk8÷mŸŠ®gxâ&ƒ3©ñlØ±Öð1Öt¬Â³aÅŠá)6X»dfá4“ûQ¤ø' †„l˜ñ¤3©1XÜmdØ± +ó8¼ÍŠU˜†sæßÅ*ŒûÁBÙNbü]Ê›ÃÒ0¯¤#5³Ó«0Ø,[Æ*KÏ–˜·M#Bt/NžQW-)YŒVXšIÁ¢Œ©ff$ÿs¬ÝE±ƒX,â®ï0ÏZ°tŽå)ÓDšT#Ç1o +ç De8Rc°¶L³¬Æ`³œs¬ÂLo0ûã¶ƒ$Ks¬Æ`ñDG8Va°ØÅ™Yk &™[‰ ›Cø8g,Gÿ ËÆ˜§¬9òM`ÊÓ¢Ø¾v!9!ŠÉ+RüÄRv¸©ØBì¨0ý$Ôu¬Â`ö…c0¾:òù,x.Ô-¤,¿TŽä‹!.)’²H,Y6äUb,?± Åú¹ä(@çâ¬‚ÈŠ¥¨H¤36¨ä„lP óŽÔlÊ˜bFÁ}Î>ÅŠá>&"@Ýbc‘3aàËaQq¯:"aYñ(™ÞqômÆATœãLql ãEžbRD‹$PÈÐ>§dVDÈ)¯H²0“ƒEêqNÇ*6¬M}`SvnÓ‰Â¿h&5†l–.X+‹ÉÃìYYNvâPt$hæäIÂ)¢aa_Y"jÁ,zäDÅq +B4äw¤Æ`å*(Važ’ÝíXkG—r¢¿@ +¢£@a +ó£XvPˆÁÍ‘ ƒÅieñ™gc¢^P çt¢P±"5æ–ü +¹PÁ¦Ì£bæe‰ÐbŽµ–¢éiÀwN(€–P#¤¥‚g™Ii‰·Ì±bƒÃÀÖ–ºÆÜ¯ÞÝÞ\¥¸ïæî¿T¥yfîjù]Ê7wÕ¯˜•æzÿÔµÏMm6]ûÒo_Íö`úr¿)»û¶Âo`â!Â¸:ðÌísÓ=o›ÓÞÏ!\é/†žywÔëÇ§§¶ºËÕ‘g>víf×ìa»owã°m§¢±-«®í{Ó›C3ôg¬Æ4ûWûbê¶é^=Û6/m÷h~gðÅ«ƒ&žY7ÃÀtŒO¦4_®?¬M“7Ý©¯t±x>7òˆÀÛOÿùéöóÇÓ°ì'a—·7o¯?œÆäž¹j»Š¾¤FfhÍ¦1ÃCcöe?œsWxæ¦|TX[·ûö~‚Ç˜ùÐ)7í80_e]AÞ”uõ$übYD<1ÌÍ¸¶O»µ†—û²šV.²+ué%·¥¹Ù²4íý`.·ýÐm7ã€^¼ÚBcýÚ›¡kÓÌúlO,óõ¡cÅ®9m®ÀžÇÚÆ,¸žF£®‡²z,Ñ}æß«µÙ·õ¸³+®ñÜæFC^v2å¡6U{¸ß~»ò\Çâ;Ïj7Ö8Ó…EºëíðºàT€F×Tß«]sŽÅÕÁ(‡r÷HzÙÇ˜ûž>”)ŸËíNŽÚìúæå¡éDôÕA1³>/XObject<<>>>>/Annots 898 0 R>>endobj +1613 0 obj<>stream +xTMoÛ0½ûWð–häÏZv/C—&[€$Åb·ëaÅV¶ÔYJ²þûQŽÝ¤Å0tƒa'&ÅÇÇGÒ?<¼| „1µã-/ågÇ§”…I n½î‚ÌIB!LCä?†A„ÑgS¹VMÍŒPÒÚ-¾OøÃ0B~x}K^+Ã!ãÍ“\•µB›æ$4ßïBJbúEí¡T0…n`p«1Ò2yàÍ˜,aÐÁõÆ‡è(F(Xâ”JHŽ¥«í3ÂÀ"ïi®Aªý9lNóš °f¸V5RÎ¡õˆtÚø¶3˜µ§õ±×¬c3E£´Z(bµ5\TF£’ ÖTsä¨* «*$,ù¯nsc^ƒ¶V;Àóß„,Õ^CzúY^k9²nÃßpÒ¨$ŠQmK®/Gpô2ºÓñ¶^wRtj)Iìäb]ßƒ˜ÂÁÛkÝ:‡}á§:UëÿÇ;=¸|Ï›A ñÓc…£J°á¸8¨š¬Ãa@µXSlÄ…^‹ +÷Å<]º.>IÝw‹ªv3l[%Vî<›M¦³qæ.Æ÷·ß--»–¶}cpÂ"\Ã×ýýËPýq¸‘ ’Ü1Q±•%Ø¨ºKÙË~œ«`¶‚öÐûKÉ–wùÍÍì¥w’W)L»}~ï‡Þ|"'‡ºH-÷qî|u~¨özlendstream +endobj +1614 0 obj<>/XObject<<>>>>>>endobj +1615 0 obj<>stream +x•WÛRã8}ç+ºxÊTAáºûÆP°;[S0;d.¼(¶‚µcKÉ!›¿ßÓ-ùSµEA…XîëéÓG?÷Ži†Ÿcº˜ÓÉ9eÕÞl:£³ÙåtN§—ø<Ç¯×´’'g'ÓËñƒ÷‹½£Ûßh>£Å +¶Î/.i‘ìÌðM6¹.TÝhOÇÇSúr÷á;}Ò¾2!gé½i)›Ó7cs· t·x·øgoF‡óS™\e™®m¼+é£ Màìïø"ú;<9E°8pñÕè±Ob5+”}âÄoÝù ´üuSèÇÙT|½i¶”Uº§äïñ'ó‹é9ûëc¦¬4Ú"•LY˜ÖlØx²ª1Ïš:ƒA7 Ü†d™–î_j=#b ·r¹Ym%ªµÍµ/·8êq|“g2mëu£¿s »W þÔviJÎ3åõj]’uxæ(sUí!ÑöAº• ~ +zPÕR±¿¶–«æì„S–£ðÜRoáµ,ÅÈÊ”šú²ÃB©CŒN%»*¯ŒE[½jœ—ú¡J’Ô¸ÇÒôx>¥?Ý¦+œøèJLµ–C„#X^iÞ-rGhÿéÑH=úþ)uñ€¥>DS³´1M!ÉxóT4T9îïrÝ4pÅÞì–$DŸ¯3¤rwaŒêƒ×m£sÊ=#£ 0xõËÝ5Õª)¦ôÐVüUÚ®©vu8\×‚C@+&už9¡OÞ¡ÈÑ#¬N D4ítE±Áã¸àlJ†ÌÒF×µD[Ø9@wJ×ƒ˜¨QËq\i’â÷m&ž[£´ÀIÐ@¿±¨á`×¸ Å~OãDGïLèjžµ‘kî®ý Ýo¬ö¡0õè0×ãEß0Ü"BRÊcD8h.0¦½G‹+0™zÒt:ý¹Ö0`‡ƒüj€ƒ3hi¡Ëœ–‘"Å0ìU]kåÉÄA…+|Žçá€¦«áL0¼TÛ·Ma²ÇGž @ ÆÉÅ|Yb¼öŽy’ç¤Ra% à(ïqTqFQ@Ÿ`–…@·mSw¼$FæYÙÃÕÚf ¶…*ã0îx7òoL¥ÑÞèÅÙrËDÌ|auÐÎYOå}Ò‹£Û¤iÄ¥¡Ü,\aìÆ¢´ÅÓÄ,™ëµý%{ô*ÒÆëàã ˜ÖŒLYäÝ—9Lh¿ƒïþ¿-&ûî` ›G—%›•I,¹Å{5Yé¦L?Ð~«*çI§•±r¾¢ßcƒÏÓfÚ¸ùüõæóã£ öqòÑÁ9Ûy|7Šœ“O/ [WßECãl0Ý¼ÿpÿ –ÛÈâ +C›žµOTÑ[ãpÞ°%‘JªÃ(ßn +7*IW?îë€hzO;9¿á2×!ó¦ŽÂ¡a*&“wü™3Lõ³(7 ˆõƒ’óÊá‡Ü\ß?Œ"[æ‘a +µ +aã<öo«€ìÒyŒ®íâTïÂh™NZ|aøÁûL$GÞ±.ùÙªVÇÒ‹úÚØ†T†m°®kç›WŠYÀ4Ÿ@±Š›¬Tù2.Ô!£Ÿ°«¡@ŸZšWöÝo“òþ ³uV:g·hEkdBõC¿¹ZÚÒuì9…G9Šl²LfwSl0.9áÎú Ë=ND$†0R»Aâ"7¡.¨«ÝL¬Kõ%¸J"AÀÅq@< 8¯ãqxf˜¡ri!Aò2=.¿‚J†j|¨€†ˆ‘Y…ÇN ³Í\Ûu1IÝ^ˆ!t ªaxg*ã>/XObject<<>>>>>>endobj +1617 0 obj<>stream +xWMSÛH½ó+º|Á©26`“½l-ª6 Þd\ÆÒM5Ú™Q„÷×ïë-Éä£((›õÇë×¯[ÿLè?šOédFÉúàx|L³ówãS:=Ÿãó¿FÒÊœžÏ_;˜N¦ãÙk'gû–.ooÞÑdN‹œÏflt‘\Ó"N&ãÓ1}V²VÅT.IJ•‘‰ÓfC¥4keÒ…}³ø +c§4™cGÓ9Y¤ÃE&ÉeÊ¤´¬œÓ)‹ï2Ü?kîip¿³5è6OŽé*WÉ3‡3°iiiðÍRU’@X"×O´Ô/8Žl¦kÜÐ.‹þŽéhr2žrTÈI)ß ¿?ÞþCº.¤!½òÿÙËxLœN¸÷©²e.62%Å¡:Ú¬é·nnð:|x<\ú|ýéñ±²pò8üS#—B¬åã›^Î‡¾dÒ4p‰-\ÁP§-}”îòöîÁ[Ž©<ˆõRÜ~“fžÛYãp¾cËGÊ!FC%ÿß:ÓüPUã‹ë©2b`ûž:9Çe*mbTéÔ7IÖq…I¥²pjµáÏŒsƒ_¸Ežo€{…"6Eøãúêî¡ÙJÉ<í¤P +kk Z¦Â‰¥°¨Á¸y(–ë6° ù»Ñ¶Â‘Hr²UYjã^ÉÆJGNS8AwûÞ®Dn›‚Æ~rV …|—yÖ*Ïi Àä‚D€öãÂglÆþiÕ`p +ot!{ŒnyÞæþž˜ÜTð{¥gt>èƒÂ Ð¶í4CªV+p¶p¾2Æ³Áz÷Q:”´#²šná)Ôyrekj2-MYbï +Èà®óVÊXçƒôZ†>c-;:tqËy ›Œé†mÞï4¦[-n7¨`P+ë@\fl©þöÉèª|º€D`d [Q5mŒ´¥.R&çÀH‘F4¨r’?È™Tøøƒ„‚E „ÄÖ¢,¡'Ë …ŽU$‘’d.×€•P¤‹«?©VAÛèÐŽè°ÆŽêðå–ÊÙhË›¶=»Ãdñ s>ÿtë¬f4MO¹^ŠœóP}—‘œ]ø‡#tpžë:dÎ<È•uÜ¯ÇÍ¨l¨kfÆ`E«3:¦:Bk‰ÁwÃ¶m×¨*Áða¯>‘ë0l½ï&âüƒLOH›ïWsîÕ©vFiËP‘wÛï×æA± Ww¶0 +ÀT‡ŽyíÏ½^#;T‘ßBÙ’ºÓ‡%¼_Â½[I&Š§}ÒÍ¨‰Ú…Ù¿‚àô²Ê^~z^‚NV¶ò²ÏìR²hˆ ˜¥‘+õ²#ëü~¨vºHiíž\6Ó`4bã9Ù‡÷²rTóº‘qãbü©ÖêX…î„ˆ¸=Í™Ã‚0ZœJª\4„ösÍ—‘Ðz( +ÔmßCèwº-p+Å&ÁÁviÐõ6à Ã…9»ÖÐf`€\Ñ(ŒÆ¼ÈµHãxÙ«ãB<÷µãŽç“ÍT¹‡ë’pP4l{+N)p¨b-EáÇyáéøøÆe$O´ ó/¤¤›L/}@›‰oq!ØïÝÁÝ^lE¦=æU I¦-€€Î$º2#H£ž%áf®õ3JŽ/‚þ“F(†ÏßzÑ´X8¦šÕE:¡rVUþš(^”QŽL¡~}|}‚ð Jø“I6Óûíú}ÿÓqïbÞr ^²ÐÞ7aÆÚurÍ8"óZƒèÍàêÐ•ß ³~Üòq_œ•o°–Ürs2üÝ°ÛÄñ¿¾Væ«Q€Åˆ½›ëq£æñ¾õ‡ YÀ®E:ÍyX÷8ûéK¯úÀÐÑÖmrÙðàQ‚qîºã˜ä‹Hx³áü,/Æ¼²øFçeô–—ÑvãÁY¢ýÂØî¬PMvÑ~_uì[B#ÓÍÚcß!‹|ËÞÆ´í»AmX%Ð˜S@ú•’î! +¼Ÿ`×I{€;²çßÈxùÝ.ÂÊŒÇçß*k]aÍjìö3oÞc6žŠ‰àù¯£VíœXeQnlSFºÊxñA©B09¹ˆ=$X$ûzÂ§BÖÝ¶kšËw´Íx‰ ‰Æn:ú¼Yÿ'3¼ÍŸŸàm{êß¶‡./èÞè¯Xè½N*Þñ„ƒX0ØGñ£ùñ»íFûë/å§óÓñ|vŽëílÂ&¯üÀ`'4endstream +endobj +1618 0 obj<>/XObject<<>>>>/Annots 903 0 R>>endobj +1619 0 obj<>stream +x•WMsÛ6½ûWìèeÆ–-Y–œÞ”ºi3ùp«Ó|HPBL@šÖ¿ï[”(Òi'#™ÅÛÝ·o?Î¦t…SZÎèzAIqv5¹¢ÙòßóÛ%?ãc%eüK_ß~=›Oo'×ts3™QAó›wøëÿ“Óƒ73ç½ÍXåŸùÅûõÙå‡w4]Ò:ÃÉ‹Û)So÷ŠÖÉx:ÜLè‹IU¶WzK™Ê%K©²2©ŒÝS)m¡œSF»·ëï06§)l°±‹Ùr²€¹qo¿ÐéëH9Žœ*Jƒ§d'ô–Ïv[\™‹½L»g’Òñ¥ÈÍ–6æåœaàðé5€Ãù´$WÉS´PÞD”cºÿtŠ{L›ºªŒžÐo¦‘ÏÒžóˆ¹À'W…ªDÅÞâWQ‘ ÚIKZÊ¿Ú`]Ã+MvN|´Èé!Rº’V$ÁJ£ª÷ÀUX.lJ¢ØˆŽT÷„ÀÀX!Ê’Ý0ÝÝ?¨*«€VF0Œ‚Að™@Ò;¶OR#^¼ IL«I\JÌ9T3¤VC`Ä!Tþ&9¹º,ÂÛ6ÝcNž“ŸÞ€Çžãx<˜#9Æ|†O{vB¥ßÇÛLj«ªbQ£òœ2¡rÌ™©-w0Px•59Èv˜&ÿŠŽÖ¶›þ‚ÞÎzPv(<èS×‡80‚ÕÖã +“¶yjwŠ´³ª‹;¯“cÙ=ëzÀ=3c$;´|¥²ž@Zö>[G²¸8’aÄŒ'2}R]atL:=fÚËæò…béÃ5Ô@»ç1ö Aávî‚@Dá’¿fù¶ëGRúWPÕÓd±íAi3vŒÞø˜þ 0}ûågÜ†ï8þÂå» ßmðÏ¾r ½™¾ ÇóÒ^ÂHfX£Y¶ÒÇôÀt¼Œ…u/Ón¶·×´Xò÷‡Õ—÷+úÝšïèmtg’º@Óð×.6zÑn¸X^½ãõÿû–:_Î'ËÅ-î¨Ø½˜±Ñ_ÖgœýùÔç?endstream +endobj +1620 0 obj<>/XObject<<>>>>/Annots 912 0 R>>endobj +1621 0 obj<>stream xµWÁnÛF½ë+¹Xlš”dI.ÐƒƒÄ…MÚZzðeE.MH®Â]FV¿¾ovIŠ¢˜¸uQ@.wvæÍ›7³_G…ø‹h1¡éœâ|!Þ´?ü2š,£`FóÙ¿9M£ë ¬Ÿ2zuŸ±:›Óîêì&¸¦y8–¼w±à½îÉíí<ç4‹–G«Ýg¬Î–%Þë½ºž,‚9[—Á ù'g¹óÌ^M°·³Úyf¯¦AÔYEð4¹áß°À¼`³ü2ZÌðn¶äP&ø/%¥£·«ÑÕÝŒ¢ˆV)ðœ/´JŒ!âñ{cda•È²ýý%KMke ©‚ìFž¯>c³¨7ÉÈ¸*•ÝS.Ì¿ØX»wøÙÓZ’-¥°2!aH`—%z»0J•‘%)ã÷Ï[ã…¶}“ðJï`Æj^ é2š¸?Ž7¢x’$Š„t!½mxíFþmO¡ƒ ò»‚ÚÖ„Y[÷)áhç¥|Þf*V6ÛÃ„2´¥È¥uîº¬v¶ ÞÒ7‘U’#*vñÂÔÚh¥½wÀÈarf®•îù£6¤«§RWÛ«.³„¶²Ì•1J0ÀLª2 Â€÷ü‡ãáœîÅþA>[zùZqÁÔ8›OuYÛ'ñ$Taøˆx>o˜0ØKøÓÐF'5§ÚtrÚæ¶‹˜†v#,í$ës*ð›X—¥4[ì#0÷¥‹YÓYtæ]9Ê3Ã¹â¿glŠ£BhM¾2¬q‡:/—„°´ÛÈ¢GrŸ}U<ì$¹åø†‹,Û‰½ñ‰ ’ÎtqÖðÿ ºOpC÷“ôvpèÒ½hM~zÝi§ìµ3¶T±uÕðÃ>(«©rPö¾«Š/’¼ƒR.Š-tÆéš+"ÏmðµBž¿`¹.Yöý½su˜¨RÆV—ûºxw 5€+¹3éJãðx€#‰4q©Ö¬ÊkýÍDSÑò9–[b²Õr6T™ýÈnJ| 3°ZH¥Nû~´Í©{ƒÇzèÜî l¿çÊ?Èb?Üòl‘Vëh½GbRQeÈ{[À\Û/ö˜ÃQCÝ¸=ì@Á³Îð)‡&‰9ÁµÃæÿà}/‘=/¡½FÑ9µŸ†{žU$°.Y8ó¾›šä±D¸N"Ð5“\ Ú!PPã ‹‡SZßÍ5Ë 2ãF”œÆrå¹ƒk‡•§êFÊ8‘ó][a½rm%ÞÑ¬“¨RÚë -Aè´ÚùTmQ°ÎŒÝîXSšVp$Ö…-uÆrèCN <¼V¥› J^Õ:5TPÒR¢¥)Î¬o£ø~ÏÎª¸ÊDY÷j×x;n>lßCÉç§šG9†¨%æñ‰éµžPÛ!Ïäë¥ãëÇs/ÍØ0v~·Jé11[«TÅÜ.Yõè§cõ@tÍÌw 7Š“~v³QMÁæ“=à{_50íùÐÃlü#“C[@÷ÆøÕÝ y?¬_Ng~F¢`Ð}QTøØ\×cdEòD™ÔÔç „E'\WÖÕ‡z39rpŒ%¯óU£°ç;¾‚iŒ¸˜Úùˆw&}²Ç¦Š7<ý¾Á¨ËCx¶óxŽŒ€«¼çÓ‡û?;ÔÇ|šÖÝƒªµÆ±ès)0Ãb#z(AŒ0I‘|ÌãOv'Á&6Ü/'&Ü7%ÜZ›ƒýä®{zg³È0xŒæw‡W¿4?âÆÁbãTÇ ÆFïÕ RM˜ÄsÆ„ÃHÄ±4†+È¥w_,0ß²„˜ÚÄ1¢À³ç,{Ù¦üØ]à'ÖÜß}ô}b´U«Xs£©£ÎßcøþTOÕ…åÉÞ/Õtö\YÖÕÍq·\âK9óåö×··ô[©?£âèŽ«—I7rð¾ËæóËExÃß¿–ÆM"Øè—ÜÅ|‰«,.&üêýjôûèoŽ@ +Aè´ÚùTmQ°ÎŒÝîXSšVp$Ö…-uÆrèCN <¼V¥› J^Õ:5TPÒR¢¥)Î¬o£ø~ÏÎª¸ÊDY÷j×x;n>lßCÉç§šG9†¨%æñ‰éµžPÛ!Ïäë¥ãëÇs/ÍØ0v~·Jé11[«TÅÜ.Yõè§cõ@tÍÌw 7Š“~v³QMÁæ“=à{_50íùÐÃlü#“C[@÷ÆøÕÝ y?¬_Ng~F¢`Ð}QTøØ\×cdEòD™ÔÔç „E'\WÖÕ‡z39rpŒ%¯óU£°ç;¾‚iŒ¸˜Úùˆw&}²Ç¦Š7<ý¾Á¨ËCx¶óxŽŒ€«¼çÓ‡û?;ÔÇ|šÖÝƒªµÆ±ès)0Ãb#z(AŒ0I‘|ÌãOv'Á&6Ü/'&Ü7%ÜZ›ƒýä®{zg³È0xŒæw‡W¿4?âÆÁbãTÇ ÆFïÕ RM˜ÄsÆ„ÃHÄ±4†+È¥w_,0ß²„˜ÚÄ1¢À³ç,{Ù¦üØ]à'ÖÜß}ô}b´U«Xs£©£ÎßcøþTOÕ…åÉÞ/Õtö\YÖÕÍq·\âK9óåö×··ô[©?£âèŽ«—I7rð¾ËæóËExÃß¿–ÆM"Øè—ÜÅ|‰«,Î§üêýjôûèoŽ? endstream endobj -1630 0 obj<>/XObject<<>>>>>>endobj -1631 0 obj<>stream -xSMoÛ0½ûW=¥ÀâØIj§Çv[€aØj`—^hYŽÕÊR&É üïG:v–v=tƒaY)òé½§_Q - =)äKXe Ú(‰¸ºÎi\ox\Òë$ÔÑm-¶kHS(jÚ’mr(* ô$BÌ”©-(hlh¤ƒ€e|Ym˜çÉ5û6Mã<†O†ÈFÁYdÐòŸLx‡m‰G7œˆƒ÷ûQ€u¾ŽólC– -æ+îó±ˆ~D¿%þ6>endstream -endobj -1632 0 obj<>/XObject<<>>>>>>endobj -1633 0 obj<>stream -x•WÛnÛF}÷WLó"hI–-Ç/EÇmÑ4iA¿¬È•¸6Éew—–õ÷=³—˜"\7…aÃ"wvfÎ9sÑß'sšágN«_R^ŸÌ2|œÍ²-¯Vø_#i{òãúäìö--f´ÞÂäruEë‚p|†'ùø])Z' Íýdt×R-ÚV5;úùÓ—õ§Óõ=Ì—4Ÿóéâ -.ÖÅø³Æñ±½r%}õFÐ9|Šª--&$¨‘{Ú]¹íšÜ)Ý²$…ªÄ¦’KIygŒlÕÒ•º »q¥du §9„MççÁq^Šf'ïNñ¡6b'ÉÁÞ;²þbï8×5Þ”‹ª’EHã"¦1&[o¼,”;NqœE‹ËlÉ‰rp[e¬#U×8/œ°Â"DÐÙžû¯Ðá ßoÞM8W -Ç!c(t-5þúh‘Þ†'`6ÁŸP@Y®›x ñ3fìºñ¸âc+Œ¨ x/,Ç[pÜ;õ¯”ux„çÆR¥WŒÈ¨]é,qš¥T&¢’üïµy°N0™6£_œ¿ÜêZƒÊÉºn» ©[U· ’-àhÓ9*TÑŒY8“ô( ^Êª¢6ÚÚJ>‘•®kí‹’Bò©º™*¸æX8Ðë³/‹_'œ_)|~È?Ä³…$±‡Œ¾”l}U±€ƒÛ‹A’Läp#DMdkô R8iÉçdÉ)fôQ;è†ñè¦Xá´±£pUÂçÁ…¸F -^7þ®à 5êQUr‡\þZ±Q•r\%êÂ?-X£|³S@¨âõƒÂ¢9pð¹´ÆpWš¬õÝé Ó5 £øÊ¨E^ª ¬aJ#/¡Pµ¬7€I³†çŽSwe7Ì|¤šRåF¯#‰„Ä·E±îµ|!Sx64§Õ Ûcz¾²n-Q7òIä.riQOË¯¶CÍz¹‰¤²ˆ ãt¯¥/FA¡L¨èƒî©Gµ2HïÍMè/Š(â<ÈÝÇ“QÁÇ¿3‘xê•tFï}YÈP[‘É—Ãx’=¦15“×A{.ÌJïv=ÝõƒŠ~RcþKw$0â¸ßíuS@4€Ž{ä^Tˆ¯KÄ~Ð!°†Å°„J}9·A.CÀ¿Ç¬ndyTæÀÁŽ!>/XObject<>>>>>endobj -1635 0 obj<>stream -x•WÛn7}÷WâU€xW7[N€>äf @$°úfÀ¥v)‰5—TH®eåë{†Ü•VªäºkÀ¶(ræÌ™33Ügêãg@“!®¨¨Î~Ð`’ Ó*ÿ3È®iYú~öaz–ß¼¥aŸ¦sl¾š\Ó´¤~Öïc¥è}\ŠUŽ£Œ>Z3W‹Ú)³ oï¿ÒÜ:*•NÍê KÂï×Ó¿Ïút1ÃH¯&8¡õ†*aÄ;D–XT…ÊÞÌ¾“äûb4N„³AF·¢š ¦dgiï˜ƒfïp’]ñÞ÷dêj„vNõD~ãƒ¬<ÝõäâÝÖ†nNù»×oHxZKù/Ðž·Ÿh.*˜ìëeê§7dìšê ´ú)yg€E€ßt½Xˆ™–ô~/"újËZKvÌw¯a¸€°¡`iåì£*%‘"€f¬S?#/‡“ÞÖ®8ô\Xpj5yéU!}FßœB`ŸRümYL/30N¥,”ç%l«= @Z ü="Àt81G+áýÚºò æR18|×KÉ€Úb2z¹EOÅ3ùM›¦XÛZ—ääZ¹Heâ!¢ÀÅì€©…ÈaXŠ°åÍËÚ›\;&nëb‰`‹¥3ceFˆ‘ü£N¼çƒ[§Â¿K^¶’¶ÕÈuÛ›ÃMGø×. [5…²iå>³&Êá -2çzkäc%‹¥0ÊW‰"T!„ad¢®‘¤–¬]Xsgy·¤Ú”Òé ªø€ÉýêÌ÷5©ÌÜ Ô:´U; Ùò·±' ¸¥‚u(qél½X’5’æ -%’x:TK•ñÑô]Ëi‡‚»^§j¡ïÙ†d©·eJ…Bª…Žö•¨K[4 Qæ¤ÓC…Fž‡ÃlØ mM²ëQ,ð/óH¹Ï -U±ÂQÚŠ2¶Ìi5sÂm""¨ÌtÀ0ë¥œ‹Z‡´KTÀV&á¢»±Ké=[d}®P¿sü;+–}A)ãCÁõˆ*jšÖQ?€r˜€Í[ìg Ó1t^î@j¢î„eáŒ“VÒ††•‹1¢çoh!FìŠ›[W}zÛ6ñqR75wìWLxó¹ieú˜GŸ÷lí¦º‡…YÈû.óöÕ~0m^G×Ù0åu -ÒæVk»ŽJB)’O¢Z=£Ó2?Vþ[å§–ÍJÏhºC½¥@ÌèfvÅÝØƒ¿Ckm -[U˜ˆ,ZÏµ:ƒ¤6˜>}:ª“ -"ñAžçè†s%$“˜Áq¢¤€ÐÈX6óZcÕÌƒl²NbLì‘dôÙ{ÌqZ3èŽ“!‘è1cž!DÔÌ!lUdë€°¹ -,µFYÚ”Ž¶ò;qsöVër†œí§¬ë1¿9-‘ó_Q”ƒ¬ßÆÔÇ½ ²•Ð9’ cwj[Ó.AqÀpðÅèk§è)S'Ö;^÷UJ(Qh“‡•aÓ„ÈÁ }‰c#ÒÓFÎcjƒ§vÐ6“°”Hk½z¹$X´×æáx*¡ôi/ ¥É7yÔ.WUyy‚^„T¶6¡qéõ*Èœ *ùœ½óÇIéÈïHn<Š‚›tûKñóÎ!®®c¤jTä÷t çÛËXrFáÐÐÑaÙnóûè±íÅîAdiw¥WÃxïŽ£‘©7J!'WZ±i¥ŽŒ¶2]Z¾n>B=ñP*È§~Û\7•)t]ÊæÎuºð¡|¦LŽÆ’Î¯# dÍBFÜÛÀ^˜®‚6ü´¦U¥B»)NÊÖL±ºgGlÍ!¶à÷×0’v.Ÿ³ÖÍZÄ¶À©‹Ž=h¼\ÅÁAŸÌju¿kM¤ÎÚ`vÁ²µÀÍ}»ôŒµRšÝ>>©¼¯¹ÜZæxiÍÒ3ÖVÒáæ4Ÿì¶F>±¥zþokÛ^ÖžÜÕP:±=,m…ë¢‹^[~sÝyu¼Ê£Kÿóí–^òF;žŒ³ÉÕ5Þ¥á`›ÜçéÙ÷³j€Jendstream -endobj -1636 0 obj<>/XObject<>>>>>endobj -1637 0 obj<>stream +1622 0 obj<>/XObject<<>>>>>>endobj +1623 0 obj<>stream +xSMoÛ0½ûW=¥ÀâØ‰k»Çv[€aØj`—^YŽÕÊR&É5òïGÚI–v=tƒaY)òé½§_Q + =)KXå º(‰¸º.hÌJ—ô: Mt[E‹ui +UC[ò²€ªJO¨ÄL™Æ‚2€Æ†V:¸‰/«‡(ù23Êýl1@h•:IÍ¯ª†¾ì`h«hÑl%G$ì¤ë”÷Êú·€ZÛ—ú‰rœÄPé=ô^™-}ÓU¼ä¾^ŠÞ©°‡Z¡¶Ûw ´ž³ë«Ã‰fpñíóÅ´v<åŒ[ne€ ŠGž3"ÐÔè¨kNmúÀHqs*NQÎ3ÿÐÅÚáì#Ú±Ø× +¥5xBÃ(¥Ÿ“s„È„ÌÑ{¸Ÿá‘]ÃÄ½"g‘B;Ê2ávœÜp":ÜídEyI– +æ÷ùXE?¢ß%ý6>endstream +endobj +1624 0 obj<>/XObject<<>>>>>>endobj +1625 0 obj<>stream +x•WÛnÛF}÷WLó"h‰¾Æ/EÇmÑ4iA¿¬È•¸6Éew—–õ÷=³—˜"\7…aÃ"wvfÎ9sÑßGKZàgI—9^PÑ-2|\,²œÎ®.ñŽ_#isôãêèäö-åZm`rqyE«’p|'Åô]%:' -óŒ~2ºï¨]§Ú-ýüéËêÓñêæg´\óy~«rúÙ ãøØN¹Š>‹f-è>EÝU‚ò jåŽ¶Wnú¶pJ·¤,‰G¡j±®eF«JRÑ#[Gt•.énZ«YïÉiaAóåip\T¢ÝÊ»c¼A¨ØJr°÷Ž¬¿Ø;.tƒ·%¢®eÒ8iLÉ6ko KåSœfÑ_~‘q¢ÜFëH5 Î'¬°Èôvàþ+tx'è÷›w3ŽÇUÂqˆãJÝ…ƒeƒ¿>šQ$¤7á ˜Mð'@Vè6HüLÙ_«»n=®øØ #*(Þ Ëñ–÷V=†Àkeá¹±TkÀ#2j[9Kœf%•‰¨$ÿ;m¬L¦Íèç/·º‘À`« +²®ßlBêV5ˆd8Z÷ŽJU¶GÎ$=Jƒ—²®i£ ¶®–Od¥ë;;æâƒd|êj†®B¦ +®9ôãêäKþëŒó«„Ïù‡x6¢”$vbŸÑ—JB€-¢¯kp°b{1J’ƒén„¢ €ìŒÞT* '-ù¼‚,¹ ÅŒ>j}CÂ0žüÀ4k#œ6v¡Jø<¸°#×HÁëÆßtF=ªZnákÃ_+ÖªVŽ«„B]ø§%k”ov +hU¼~P@X´{¾Ö¢ÂîZ³€µ¾;`ú¶etÿQ(*”5Niâ%ê¯‘Í0iÀøÜaê®êÇ™OT[I£Üäc$‘°€ø6(¶É½–Ï!bJÁZ‚FÀá¢e{HÏWvÂêF>‰ÂE.-ê‰byàÕÈv¬Y/7‘Tdœî5 ôÅ((ô‚•½aÐ=õè£Vé½¹ ½âEEœG¡ûx2Ê2øøw&Oƒ’Îè½/Ëj+2ùr#ÏA²‡4¦fòš"hÇ…Yëív »aPÑOjÌéžF÷»nKˆÐqO€Ü +ñu‰Ø÷º7Ö0¢–P©/ç6Êeø÷˜UÂM,O€rÀØ{Â1„ç)° >(®oÕS(tT[o{o‚¾ÅNNnSWŸžHWœ¼4îŽgTKvÇSŒ[ë¤lØ~Ž‘€^N—™¿¿ŽHQzY¹ +*l0û!m/¦Ç8[K:L/£[´([0)ú:†2Škv¯+tH4•F˜ýl„“Gãüä‡ÝiÕZ?øŽvpyË»Æ3??38¤}ýt}¾È¯S03$˜¤ùÇ œ^fŒö~É¸œ/Â5¿‰¥PÂ} nµ¯Ngß¢ž· i4\ï)uIÆ7n1‹´kpq“.4/è ªíš÷~ŸÝqRéŠÓÔ>/XObject<>>>>>endobj +1627 0 obj<>stream +x•WÛn7}×WâU€xuµäèCn4@«o\j—’XsI…äZV¾¾gÈ]i¥J®»l‹"gÎœ93ÃýÑP?ši4¡¼ìü Á4¦Uþg]Óxô6ó—½/ƒ+údé{çÃ¬Ó»yKÃ>ÍØ<™^Ó¬ ~Öïc%ï~\‰uŽ£Œ>Z³PËÊ)³¤oï¿ÒÂ:*”NÍ« Âï×³¿;}ºŽa¤›KœÐzK¥0b‰¢ ++,ª\e ofßƒiò}9'ÂÙ £[QÎ S°³´wLƒA½w8Í&¼÷=™ªœ¡]ÐŸF=‘ßú KOw]¹|G·•¡[«…Sþîõž6Rkþ$ô„çÃí'ZˆR&ûúC™êé »¡*(~JÞYÇ`à7]-—b®%½?ˆˆ¾Ú¢Ò’óÝkÎa#l)XZ;û¨ +I`äˆà‚ëÔÏÈKÄá¤·•Ë=çœZM^ºG•KŸÑ7§Øç€[T9ÓËŒŒS!såy Û*(V0NÌÑZx¿±®8Š¹AÌßuS2 ¶˜ŒnO†¼OÅ3½›&M]0°±•.ÈÉ•r‘ÊÄCD€-> +ŠÙSK'Ã°aÇ›—9´¶G¸öLÜVù +Áæ+fjÇÊoá%¡Ôù&ºÀåª,®ÎÐ‹òÜV&Ôî#½^Ù‚T)Ÿspþ4)-ùÈGQp“nžS)~ÞÂÄÕ¶qŠTŠüžäbwK@NÁÈZ::¬ ûÁm!¶¹Ø½ ¨£,í¯tàjïÝq4r#õñF‰!ääZ‹<6Ô‘ÑVf+Ë×ÍG¨'~JùÔoëë¦2¹® +Yß¹Îþ/Ô›+ÓCcéÏ¯ dÍBFÜÛÀ^X®‚&ü´¦U©B³)NÊ3ÖL¾¾gGlÍ!¶à×0’ö.Ÿ³ÖÎZÄ¶Ä©Ž=h¼\ÅÁAŸÍjy¿ou¤ÎÚ`öÁ²µÀÍ}·ôŒµBšý>>©¼¯¸ÜæxnõÒ3ÖÖÒáú4Ÿl·F>±¥zþok»^ÖœÜ×P:±=¬l‰ë¢‹^[ïæºõê8É£+ÿóí–^òF;žŽ³éäïÒp0™°÷Ï³Î÷Î?jJendstream +endobj +1628 0 obj<>/XObject<>>>>>endobj +1629 0 obj<>stream xÝXßoÛ6~Ï_qÀ04jÙrÜ8{ØCÚ®@hQï@G‹”ÅVURŠãÿ~ß‘¢,;qšaÅ0¬y¨@S÷ó»»ïôí,¥þRZÎéâ’²êì¥ËdNù!M®(§É‚œ¾K_ÒCÎ^Î¦ogôrÜ½¼Âƒ¤Y2›Íh•Sÿ¯Õçf+×‰3á„\¡ÊÒ GÄg]ïö'ÏW_Îf4IgÐ½’ÒT}»¿Ço–R4ûòÒ*ÓÊýÙ#Ò¬º‹¦xÛªu#\< ÒØ¶Ï"ËZ/òiÛB©2ê^}][ô‡ÃëØ²‰Hëœ²CäøÍ°u”ÎÑ¤9åœ6ü‹›¾]Pš†¼Læ—ÀU¡(7ei¶ºÞºUSò‰¥¿”f£kj¬ÙXQ‘UM)2åüO°Lîƒh@Å‹>gå}f•žSedñÛBgA‚½¤`‘Û¹VUpq0V’Xhût~¤hªÚlâu¤è=tÕBší“®n¬éš£›ŸžÓV·…w98r¨„aÙûÀ!p^Žä¹OEµ{7Cp2S·B×!Ö7:³Æ™¼¥›7RufwM«ä#V0Ò^Ô‘KhUh·—‹g×‹×RG”½¥ÎÙii2QN5m¬¾šö¾lå‘+/NFÀç&9ù2e°åPÆùþÍDžVLR5ª–ZSû”ø0EB3š+…P¶¨ëé,ýºþ®ëîŽÜ8XêØ’Ç³ØcaE}Üj‰À®w}2o•å²;²fžÌ“”.S›Ð»–2QÓZQfªF—A‚kT¦ó{†…à¼ŒµE“ cp22-Üˆ…}N¦a_P¦j²]]³$œg.Ü•:‚à–ëMg{}{i.³ºiz³+ Cs¨B<ûÈJõõßçüØ¶³ä”ò9“&ëöé°Ñ!s™BÁµu,^j«2`|;“w›Â‹$µk^wž$ÚÜO©É|16(?ýüþúf’&3¾øÀÀùÉw»ºbHãÐ>ÿôýóÜµ·:ó±}HÔ <úaéÿ³ê[e<‚{m¤*Åî”°,3]ÝÆwÑËÿ°~ªüaC£ïÅ=Ý²ïŽ3Ô&EdI ‡ÚVg]),ÝoRå¢+Q¦Æ·Z;Ã(·ý‡'ß¿„7ßpÞr0-õzêTÖYÝî|ùEÞVw _#ò(ÌWbõ}>Q‡—Uœ:Âã¥>^,#H>Q^ïz%_pÄŠr<ë]R÷©T¢ãó¼ LnŒôíJHtHÃÉCx˜¡ûy®nq‰È‘ÎÈ§>Æ§§!ÜA0ütæ{SB;Ð.P¨-¡”$Jt!¯32¿@«ê'jI[»-:‡W@c³‘½™1„¨@/<+D½Aïê\?Øy‡ äòÿU }þV[~"ÒþÛõpßqÂÈ_y]Â§‡Õ2Cš¥(™e²¸ðË·n6&¯"ûêù^Ž36UŠá¥]ÒR…¶ï1Ý,?kÌc@ñxÈ]ÖÌ¯•g´#3»1u=ÉkìPã«±VwmÜeiñ3Æ[˜ÐûRñºbU†Ý¿q@tØéÉH'×œ§¥£YÔoAX©`xé #¬'ÀÜBkDÈD#ÖºÄ´Âv…#èmÔ~nÔb_ÖÖÔÌ¿ÐL¥úÈ:RC(®÷>ä,´@÷87÷–ÌaßkÑÆ4"›v©Ø/"!õëŠ nÈdc()Í:ÍÙOY£ÚÂHßd»–>Ð¥¾cJukx³ },>nÜd™MÀ=øÂ‰C®5ò,d¥@çé%]ƒ€ó²wG×!ÈB©sîçŒ%¿:Q€~â:ôæJ|åõŸ!ÔÄä¹i6Œ´ém¨/ë@°Ï gùc~2ä6,á«J“wÇq1ù¾ûâsŽ_áÓÅ"¹ºšÓåò"¹ -…øñúæÕ5½·æ6¾óŒx»‡sz¹LfW4YÎø{ÏùëB`EµjD¯û\rñ²¡¶ŒóÒÓa…Ä–;øWž‡5ÎJËE²¼¼ÂG%(X^òÑo«³gªˆ°yendstream +…øñúæÕ5½·æ6¾óŒx»‡sz¹LfW4YÎø{ÏùëB`EµjD¯û\rñ²¡¶ŒóÒÓa…Ä–;øWž‡5ÎJËE²¼¼ÂG%(¸\òÑo«³gª‡°yendstream endobj -1638 0 obj<>/XObject<<>>>>/Annots 915 0 R>>endobj -1639 0 obj<>stream +1630 0 obj<>/XObject<<>>>>/Annots 917 0 R>>endobj +1631 0 obj<>stream x…UMoã6½ûWÌ+þPd{‹œ¦ÛKSlk{ PŒ$Úâ®Dª$¯ûëûF’»Š 0,ˆ"ùæÍ›7äß“Íñ[ÐzI«„²j2æ”l¶QLñf÷%þNÑ±¸_ÇQòÎ0¢yÿøó×É"Yaÿýr‰gEà$ý¨¤ýd8®h9ßF«ÁìpŒÙdm‡³«|âx-¼L¶Ñ¦ òp\Ñj±r·Vf‡cÌ.×¯gcÌÆq´ìUV›ùÛä“»[Z¬ép„IrF‡¼ÕcN‡lºÕˆµN§MP9íšP(tÆA[ssø„˜‹a ¦‡Bû€-Äy¥ p°ŽÎº,Q.õ?¨‹³…B{<8à¡(³UªMNöH]Ô¸ 0¹úËWiÍÞGÞ¾Ž>½íÆ÷×Åˆe€•çãuÄ&'–¯sšIŠÂ8$)øyJ)g_•ÉoÉ7Yt¨Ì¹¾íRà²´ç–±òÓRû¢‚.Â™)Ã›ÃŠUlø¤1€n¼rwñl]N9½êÉØ—ÞRªërJ/—ôi÷DÏSuú@¿iÓ|{¾!>3Œ^;{r\ù.Ãº.û:ùˆy™csR-o‰Tð Ø¡ºMÉôk$)Î_Ø$â¥>X&gŠ6ð’¬Ÿtæ¬·Ç@»,h=j§2”ü2ŠºWîEg üw{0×†à‘(äÛÈ³Îa˜…Œ Pç+ñ+÷D>uI„¡‘gh´XŠŠâ®¢VŸ9êS -¸Ä¬Ò(ÃÇnïû†¢ð&”±õxe¨d°©‚L\¹4IË½Uî¶âmNÒ[R™Y©¢B•5–8hø¦0ßÃí?ï?ö.“.©Ïh@Ús•²K’¸KÊÀ‹ªÍØ7um]€Î:RÑ¸“f3)àÌ_0}¾¹m)‰¸RAõ=‹8ÁÙ’Î…BŸºžÓµ{‡±¡gåÛ”½4pê0Ël#FBãyå½Ô kÖ|yk˜¦W.WGnÊ×Ã’ØrBXé€QXéÑ0+üÔ7„xmk`c ‹ýúd,JÊ_zBØû–OD¿Ã÷]¶:¢ryæ‹ïá|+¶E†ÇÚMšfV&s—:@Ö®Ó=ýD—kÂð¸[ö!Ò…¬lÞ”Ò~lDçkmÛ…8}|ÖÖ ÜˆI¥²‚qWè#•Ã(=µ@«¥·z…¼½2GÍÚFÃ™yuâcW§²óîã÷ƒ÷Ý¦@¾¦?²7ý½HpIoV¸ìúkc¿{zØÑ'g¿àè G›5âÿ®šÙuÃl=ßöýý¿÷SŒklp¿á@X¯…ë/‡É“«„Ùendstream -endobj -1640 0 obj<>/XObject<>>>/Annots 922 0 R>>endobj -1641 0 obj<>stream -x•WMSÛH½ûWôª5UX²Ørn„„]vØ©Ö9Œ¥žDÒd/ùõûz4cŒcö£–FýñúõëÖc/¢!~"Çt:¢´ì ƒ!®l?>ýÚGÁ˜Î‡“`D%ÅÃ$8uß -šö¢³®Ÿ%§AÌwG“ rßø.ìP‡¿ZRÞ{¤hk6.þ' -Šã >^xè¦Ö6L³»¿õÂ+8Ò,‡‘Ñ8¡Yf3Â•´¹«FÖt_«ªQÕMÛÕJ×Íñì›}6wÏNÏà–õq8 -èºjjµi£tÕ=£(rGã12ÁÑ·òAUÝ¨fIÍR"³.·B -#Oh*Ê… Ó¹4öD%µ–ôEU™Þº›ÑÊ‡VÊt)*eJCª\²”U#3v?¤AÄ°ÃéZ º>Ý_Ò¼¯X«Óûn¦SªD)3Z©•œsÒrtkh-kƒLéÜÅ¤«âÉ†'nDu+ªm({>SQ&pãjŒ@fHWd™bˆDAy[Y´D¡š'Òk•Áðâ©ËZnÈÇèà U¥E›Ió† ƒ‘oÙ•ˆr]@ª --2FÙ…zf5¬)W…¦z‹åä<œ$áÝ,Œ‡ vZ(àg¨]éŠ2YŠ*³)„W©+å`$ÜHfÆÄq„W¾ÐöæöÏ+ |àEM¸ú;E½È²Žsô‹ú!êåº¸ÿ2?&dÅ‡¯Kk†3Ði)¹Sèy¿–9žF‚Ë¦Y½ C‚©b£Û:•€çA•lPê.ô—‰yÆ¼šÛ!¼92GQÇ2ë“á·,gÒ% CÓFÔÍ;ÞsH²>¡÷U[þ®fÞŸŸlÒ óTJN×‘ÇÇt;}w‡Ú¦-s‰ÆçYš¬ -J•ÖÚè¼ R]†–¥†h¨ -y—Ý#xÊÁ~¿ÆÝ‹ûëùñ!x|ö¯ÂsÊ2nìÒíz‘¦ÒºÔ,Ý(’¡¶—7\[×C¨›^|“ic¹þo”c‚è5zÈ7÷ƒ¬?¶²•R«U[th4ËZ·µFr¯£¥mu¸A3ÑˆTÉX,Í -¬ûI\¾éÅ.À‡b÷<Û †FOhà›-% -¶YRVdtÉåƒ` šTWyËšDb¡Û†6KÔ2ƒ‚*C¥+t,®K”hÖTé†~qÓã±UµUHNg]¤N(¬F,Øµià€²W§ƒKm`²‚ý¬ë5ö–öyËmg;Q è‚£0¸=×r«û™Ø5WYàÓG¢z¢€a5ù‡™\KH‘ç&z°ƒbK&@7ÖŸ07Ð|ÁÅw4˜e*xÆîw‰ë†#Ì˜zRIi-&‘Ç{ò×v^¢ã¸=|±yDìžö·Ù&–‹=—¢³ Z›ÎÖÔs›¥Âq;‚A3‹l`Ñi+ÏÓ -m!ŒÙ 1õ';´ÀºµÈÇãv¿6ü´µ€žŸØÁáÅh»m¹IÄ½|Xo½¨3ï‘¶ -]mÅ–ï{Žî0Çï}îr´„`Ÿ³Z´‚õ®ÒPh§ÍJ¦*ï¶'o”Ûõ}¹$*[P·†BI]TÐ)èôs¯>ÿ+§.ãçT¶»p:¨2™L0–ÃÛƒÄ²´Ëß@À89GÒÝvâåt'Z2GËû–‹ƒ3ýc»ú%“˜=ú|&Ë<ë_Ðv²}}¡ëô÷ÄŠ`Ùb>äªÆ',V¦4ïžzóè«ß’ý˜œÁ•À–¥íÊŒÐØlr³Cøì›Â/XüY1®qÐÂÔ=Œã í¿àÝEÄyß¢|ÄãÓq½Ý8v„S¼V%¸{:ŸãQÒíÃã„-½Ÿõ>öþZœqLendstream -endobj -1642 0 obj<>/XObject<>>>/Annots 933 0 R>>endobj -1643 0 obj<>stream +¸Ä¬Ò(ÃÇnïû†¢ð&”±õxe¨d°©‚L\¹4IË½Uî¶âmNÒ[R™Y©¢B•5–8hø¦0ßÃí?ï?ö.“.©Ïh@Ús•²K’¸KÊÀ‹ªÍØ7um]€Î:RÑ¸“f3)àÌ_0}¾¹m)‰¸RAõ=‹8ÁÙ’Î…BŸºžÓµ{‡±¡gåÛ”½4pê0Ël#FBãyå½Ô kÖ|yk˜¦W.WGnÊ×Ã’ØrBXé€QXéÑ0+üÔ7„xmk`c ‹ýúd,JÊ_zBØû–OD¿Ã÷]¶:¢ryæ‹ïá|+¶E†ÇÚMšfV&s—:@Ö®Ó=ýD—kÂð¸[ö!Ò…¬lÞ”Ò~lDçkmÛ…8}|ÖÖ ÜˆI¥²‚qWè#•Ã(=µ@«¥·z…¼½2GÍÚFÃ™yuâcW§²óîã÷ƒ÷Ý¦@¾¦?²7ý½HpIoV¸ìúkc¿{zØÑ'g¿àè G›5âÿ®šÙuÃl=ßöýý¿÷SŒklp¿á@H6Âõ—ÃäÉ¿ª„Ùendstream +endobj +1632 0 obj<>/XObject<>>>/Annots 924 0 R>>endobj +1633 0 obj<>stream +x•WÛRÛH}÷WôUkª°d ãKÞ »ì!±SyXça,ð$’Æh${¯ßÓ£c³—\XõåôéÓ§ND}üD4Šé|HIÑé}\Ù}|úµ3Š‚]ô'Á +ŠûãàÜ}ËiÚ‰C\ŒÏƒ˜ï'Aä¾ñ]Ø¡x2|g&îÛîÞxlŸñ9üU’²ÎE#X³qñ?Q0¦8žàá…7ÑÞiúhmÃ4»{ñøÛY'¼†£>Í2ŽÆ4KmF¸’t¯–bUËŠ¢A@•*kU>Ò´YtUŸÎ¾Ùg£Qûlï|ÿ³´‹ÃQ@7e]é´Ij¥Ëöè€¢ÈGÈGßÊGU–lt£ê%ÕK‰ÌÚÜr)Œ<£©(‚LëÒØ¥¨ÕZÒU¦zcè~F+Z!“¥(•)©b•ËB–µLÙ}ŸzÃ§k%ènÚûôpEó® +d`N>|¸N©…Li¥Vr~ÊIËµÒ¡µ¬21¤3“.óOÜŠòN”»P|&"ÏMà.ÆCÔÌ®HSÅ‰œ²¦´h‰\Õ[Òk•ÂðbÛf-7äctp*“¼I¥yÃ†ÁÈž·ìJD™® •¹)£lB=Ó +V”©\S½ÃrrNÆáý,Œû v’+àg¨Yé’RYˆ2µ)„×‰+eoŒ¹)Ì<Žˆã¯}¡íÍìŸW> +@ø2À‹špõ÷Šz™¦-çèõCT)Êuùðe~JÈŠßÖg s2ÒRr¯Ðón%3<—u½z† SÅF7U"Ï£JY£Ômè/óŒy5·cxsdŽ¢ŽeÖ'ÃoYÎ$K†¦µ¨êw:yàduFïË¦ø]/Ì¼;?=#Y'A ç©”œ®#énúîµMæ8:%µÏ³0i*©´ÑY$º- + ÑP%ò.ÚGð”ƒý<~»—7óÓcðøì_…çœeÜØ§#Úõ2I¤1t¥Y"rºU$Cm¯n¹¶®‡P7½ø&“Úsýß(ÇÑkôoî[ Xjd# ¤V«&oÑ¨—•n[jŒä^GKÛêpƒ¦¢¨’±XšX÷“¸|Ó‹}€Åî+x¶^žPÏ7[Jl ²,¤,Éè‚ËÁ@4‰.³†5‰ÄB75m–¨?dU† +) VèX\—(1Ð¬¨Ô5)üâ¦ÇS£*«œÎ»8wÙf€Qžë wñÝ”þx«µJrDZ `®Øò,e¾"•ÑV7Ös*¡ç~ÀyyÛ—W+ÞáõÐIj—~Ó¤tÙžšvXÞkúl€8¬„\†}lãYŽ¡Œ>!'‡®RJá®†ß¡KÒ„£ñ$ŒÂþEp9}hÍN°yÿ+§6ãçTv»p:¨R™L0–Ã;€Ä²´Íß@À89GÒý¶âåt'Z2CËû–‹ƒ1f<úÇv)6ô+&1{ô=ø2L–4xÚ½9¢ídóúB×êï™Á¢Á|ÈT…OY¬LiÞ=ôæÉW¿%û19ƒ+€-JÛ–ÿ ±SØäf‡ðÙ7…_°ø³b\ã …©}ÇAÚ-¿àÝEÄy×¢|ÂãÓq½Ý‚0vìçx[àþímh0£á¸Ý‡‡¶ô~ÖùØùZ›qLendstream +endobj +1634 0 obj<>/XObject<>>>/Annots 935 0 R>>endobj +1635 0 obj<>stream xWkoÛFý®_q[°Dõ–Ö(PÇ±»6®b©h‹z±‘c‘ ÉafH+úã{îÌbT%X%H4Þ×¹ç>ô©7¤†4ÑxFQÞƒOÚî çÁ&C<£œ&ã`â{cNÓe°ìÜ-Ã`Nãå,X@n8™áÒX°{ÆílÌº·3n—#xp”]Ø—ç!<Áåp c{²Š;gÜŽC=ÞvÎ|»wçöxÆítÆNµ·ŸHŒ^üeÈvG|lƒûá”Þ*zß›Œ–Á˜Fž2^Ó^s'XçŒÛÙoG#hÔ1‹²yw°’Ç# ž²œ}‘ï:Çœæss¼ëSÈP/ÏÆ´€ç.¤™éÍ¦7¸›jÚ<#þÙbN›Ø’$¤MtYÓö@¿¥E¬ö†6Tê´¨ÈHý"µ¡JázIcI¦.K¥+zVÚ½$5Å:ÅkÙ"S"~z¼Ú|è…ÔÍÉ&¾üCÕdUg1å*NŸT%Peµ_2ù6ˆTñLÏi&Ù˜ˆcûÆ.S[‘Q)´ÈeÅžˆ7Š"-E…W¡åYe™Ú§ÅÎJ{ÃÃ1òÃ&ZÒÓ¥z¦HÕÚÈ×dT. g–mÓ‹Èjip[G C¥¨’bi¡·i¥…>Xã>Œ$-ËLD@nŸVÉ‰]Q/`ÈN:Õ°| “VòéÕ¿XbpÒÒå¤"Z¬þtAÿ·Ñ‚~ˆ„ð¹¢\æ[†Áû_T"ÎÓ‚vZÕeƒ0\ÛLž•÷Øº„94¬ÚD²ÓRW©4g¥µR¥†Ò¼ÌÒ(2@¤˜*H¿uåâŒà/Ðô“wÛ¿:¢LáŸö½ÎÎÉ€à 6z©Hd#òxÍç¼Ý!©;œ g«AuÉH}õ,&U Ì¯)¹B6‹ˆ‰XÙð…¹œîj n€J–×Ì¹‚ö’ )ã3@]1œ{ ~P–šê" ºIdôÑñœkÃL%sB’òÔ˜T¶6sññ|º |p¾‰üGEG¢€{åÁ‹¶•Èek÷\é98¯8ï hÆ¢B}K¯ØÇ–¢g¸:™Q$?#Œó‚|ÿuŽ` o^³aÖÚíiè5L¢Mb‘Ü ßí.é¨ãK™KÉ¶>Žˆ›ˆ£0\Ö¢BG£L¾ÈŒ_¹~±DàÎiÅciP)ã5hªË˜«ž[Y¤ïFª°™´< h-]kºßÓåôéåHP)vÜ×4š%ò—øšÃ#ˆãoC®¦ã9Ú™Ó– À¼Ouªe.‘xèpáO[`þY"G@/)–¥,b TÂhpÚæÅ¸5^È8`Ö0F0ËígW£a£'€ÿ•jÒï1°à!Æ†“5×3Ì˜Ê3ÉV9ªìµ´!îšxÖ†C™e°pÉ¿®«Di”Uy4C¯i4\áíÖ²Ä2ØªåpªD ³=3 \œQèbãIðE\¨€A€›FÈ¸ \L6”“¨Ý¨Ã jæ‹À´Ìxã:ºŸ…n¼A&°¥]‚þ!2î ØCóÀ0I™_µ·VÍ‰¹UTsŒìR3S;†[Yv"D2Ê0”<öŽ · ªÐ²˜é˜‚ýÒÓ³°%h¯ôG7dñ’jUXúí A!úP£/ïAvÄÏ*þj{¹¥ªÆJëS\lùhÀ¬[³yôTjk’—#£óàChùy¬8[QÝÐÂ^rŒcìm1[Ø?ØØ‘k—¨Kî|';m?ÒÌ‰_‘c'Ôp Æ|3ÒÙI[ÆÈê^fY@ïÐ¹±sxhê=ÄTÎž ikà¸£Äêe+Q×\a¨Ð|Áÿz—ÔïÐ"ÖÖÉI±¡E ‡4èLv”ÜJtbÖûrq^a™ëølÛŽ[!¹ `AEÓo2äõ5‹ìƒüÜ:m1ñ^c¡Õhç[ÉS„/šeÆ/´õ²kß–Ã>5IißãÎ¬…ˆ>š(;»!ï‡õ~_Ìø»ÿ\Ñ÷Bÿ¼˜}ÿuÙû‡IØÈñÿÙåt°\|Ct<ºþÏêß×tGì:+ñ¿ëßWßÔðî~µntCÃã$ÃoJ¯V7Gáé•ÚK½º±òÇšnëbLüüØln6÷¿<|G·ï½¼}K«ÛÇw÷ë5®¹ÁÝÂÏÏád,#šÍfÁxbW÷õõ»7×´Òê¨Œ_^QÍ½ÏNn–ígó \Œ©?íºIDÉ›óp@ -[4—ÖÚýÀbÉ¿.gübÃÌš/ùÑí¦÷¾÷7…ºMendstream +[4—ÖÚýÀbÉ¿.gübÃÌš‡üèvÓ{ßû…'ºDendstream endobj -1644 0 obj<>/XObject<<>>>>/Annots 936 0 R>>endobj -1645 0 obj<>stream +1636 0 obj<>/XObject<<>>>>/Annots 938 0 R>>endobj +1637 0 obj<>stream xW]oÛF|×¯X¢-É²$÷¥°ã¤;n¤ (ê>œÈ“t1ÉSx¤õ×wvïHS²S´A`Çä‘û1;;»üÚÒÿ†4ÑÙ„â¬3ˆ¸Óüúôkçl:‰Îi2>”Ñx8ˆfá*¥y§}ÓñÙÁ)Ñù`Mi<›âï~ M+vC³Itq|ÿjÑ9}7¦á+¢Ñ`H“Ùyt>™Ñ"‘À´ˆ{ïs²E¢*-ÅUQè¼L÷¤’„åzGIaýéÞV4WÙRÑÆºò„l®É®¨ÜáE›'¦46w”U®ÄiBeQéŸ_/¾t€G4‰ÆðÛ[l4©8¶U^Rå4ž’·s—üg‰ã'Á˜zÄ;T™„Ý è¾g"áNamY»ÍžNßÅ!ãþ4šqIàò~4™’?ñÃþð,ý`LKŽ(ÓÙÐ0í¨à¾GÛÂä%NU’™üÐû€×©qeôRäul/ßÍ¢áõÏ.¢ ‡ÿqü«Âéµ`4m³”Ä•&MikÓÎñÿÄ¹Ò+“j¹`ø]µLL¶0Úqlx—:×ªÜÐŸ’ÞOEôIÊB5àƒ‘Û¨6ñ‹œ–Ò¾*´BótÿŠ–{JôJU©O¾/ü%(Ì™ÔäckbÆm¸ú1ÞåŒ8¾B_ÒÄÅ£Áã*GÎÎÙØÈÃ‡‰œ3ÙÔNíQ´¹v”#›Cá*gòuÍ²ûž-|™þS…{÷¯ôW…Í`æw“'vçèvAãhp:z 85h¶ˆ>nuNÝ[F*Žb¹Õf½Y¢ºk“.:•º7{ ÏÒ]ªPÆ®$¾,`‚€G›°LmÜ`éS=9rš«G³Æ3uCvï<—]E]xH!ýâ¸ÐéN3ødrh€J‰IÍØ¡1B€\ÌŽL•ñ†™†2Öýá‰rÈar”ØæÌ¢% ¡Y.h9a5èŸ ½²ÇT.¢¹.Åûµ—DÞ~!Õ™øZÖr+£iÿ–…ÉÀ}å¨6€¡÷™°6· +ð¨S R @@ -3439,10 +3339,10 @@ j OYŸD™øûGð÷–‡zþÖ´|¿ %r(ÈS÷ãû¸”´›Û;´ž#Ë`#:¨h·5)¾Í&Ý“'äZ'G‡¬R“9f.£K¥ZÖªPGÑ"±§Vu—ÎUØTÖâÍÝf‘®î[¨Tê,7¡Zbîg61«}Èçç®Š7G)@>.ß|À®®'G-î‡°WßKûíYè´ãÔÊÄŽm–¡E<àò¦m°›žAË;ÙÇ ÂÌe W¶ ®…õ"rpÂ/ô_æZòÀÐß…ÙÌF^~XfdÄAšüb›Xè(ßÎÔŽ…S¦“Ñ•ìF2…8f6/âTr„ïeØ[‡5µcÇüSbQ×áX6±FyØÐ È^œðñ"ß -=—-#,‘+»ž‘½g¨#&¬¹ÚO|gIY3Î2ò[dÃ‡+é×´ß\5Ò#1Ô„Ð l”°¯’_Q¹£!]ù¾±À5 µ\óKXènæýOwoÂ”x~uæ½±ÂòAÃóKN¹;Bû™‡\5ïÑª±ø®aƒ…U+tf±D‰oYQyxã~(dU~ &(Bf°àêÈu3F±4·Râ¼kS´Æ7Ça*vÛö"9z‹µv¯¶.ítšö0˜rZ¶ÚJmOßÍ†|bÎÎh2F£É9oFóË›«KðÜ~a ¾¶1ÐÊKˆ˜•úôëWúÓÁ?ÿ¿·±ñtMñm*ª;0oß:ÿ«ðÀendstream +=—-#,‘+»ž‘½g¨#&¬¹ÚO|gIY3Î2ò[dÃ‡+é×´ß\5Ò#1Ô„Ð l”°¯’_Q¹£!]ù¾±À5 µ\óKXènæýOwoÂ”x~uæ½±ÂòAÃóKN¹;Bû™‡\5ïÑª±ø®aƒ…U+tf±D‰oYQyxã~(dU~ &(Bf°àêÈu3F±4·Râ¼kS´Æ7Ça*vÛö"9z‹µv¯¶.ítšö0˜rZ¶ÚJmOßÍ†|bÎÎh2F£É9oFóË›«KðÜ~a ¾¶1ÐÊKˆ˜•úôëWúÓÁ?ÿ¿·±ñtMñm*ª;2oß:ÿªðÀendstream endobj -1646 0 obj<>/XObject<<>>>>/Annots 947 0 R>>endobj -1647 0 obj<>stream +1638 0 obj<>/XObject<<>>>>/Annots 949 0 R>>endobj +1639 0 obj<>stream xµXmOÛHþÎ¯¡;5•ˆ±¤ž” zåÔGÒö¤¤{CÜÚ^Ÿ×!p¿þžÙõ&K ºžÔ‚@lvwæ™g^—¿÷" @@ -3450,81 +3350,84 @@ z išt`Eôš¬ªJÕ ÊE}+©\7²&µ ªÎÊFÖúåô$õá<+©!©sYJÊ´^Ij–¢¡¥Ð$êLË’ÒnÞâcI©¼“¹ª Y6TáˆdÁQÜDVŒûæT)eJ"ÝbIëìRµ.s%Rƒ ¤® sh^¨š¢0|¡}”}ÐNë§¬Ä]MS_}b-ZrÍ0ÅúëZÔV›x0ÚóL7/¨PˆtS’*%[íélÉ€‰’VEZ°Ñ =`Y–*Dš¡ªCu•$yãUË¦µ+QE!Êô1¯J ø†¥·dÈÆÀk/ U’‰Fš{²uÖ, W³R7"ÏqÙÞh ,Tž«5ä½(ªÜø`©ÖŽÏµÊSÖ+àª@ÆR¦'[HÇÎåî þâÎÆ.ªÔ¢îª•j~Õ2©º›Ð¾DYzŸ¯0àY§ªYùjv1¾¾8¦ËÉ«Ù‡2»ÿLYÃï¯f› Â®È7½ÏŒ˜ëdÌ<ßnÛ©¸²¡K§6ÎË…¢Èåá þjO\À‘'4{{Eï¤õ°5"dD™Ôt5q€¡!Fÿ\ ýIvˆŸ÷=aÁÿr¥«?Ò—ÎYÆ‹\Üê“Yx?íaèè~t¦d'Íæøººüýr>_V]ƒëÉÃ©ÔIUM¦Ê“™=¿{ïàâ’N¯Ï?ž]ÓøãøüÝøõ»3zsyMÓ·çºº>¿˜ž]<)Si}2s»..¾‹Õù|'%~³ie2g['œ}4Ÿï?™Øü^™¬’Dj½Xåù×.Ú A¡¶™MÏƒ -Ø@¿ýt{(‰©í:ý€ÆiÊ5éB®©Í$Mw™0ÏKmTo+è›îóú½e!VysÐöµX YJ ë\¤—(×šf%êbVšß`º²Z7A¢ÊÅc%>ÉÝkßa‚`ŸKi*k`ÏµB)E×0eµt¾äŽMUµg]ó-JSg1}ÊþáV”-ÖÜ¬Ö@9Ö\¡U ò3£`7Ø*Ì…—J™ pÃ¨Y“¸Ai7]Ôóœ¼—ÉªAu/é²’ekÐÙý¼Ãy„›(¸ó—ÐÊM$-²fÕ¢Aÿe³º^ŸAªÝe¹¼¡óNÈÀÔ|Rµ%O8N7ìq;ÌÎ_¶‘‘´Ç»Ã`„9ån†œ<³¿±Ü°"À!Ððpà†ÃWô w•`²Û0yF3f¡´ã©uÖ15o)?ÇPPÃýL07Ë–kpo"…=·K=Ã Øm¤ZÖ½ÁÙÚ¶¦=9&x)VšÇ®; Ù„øÈWðHU«ÛZ´Tê+™³ÚOiÖÄô8"—úA7²h=lç²ÅS}(›äÐÜLDµãbðD¢‚vìc\¡‚F#Ä0ñ|wú-±ê#ê/PíbÿÓævcâµ*À´/Æî[2M)ÀD‰è-UcÓ÷À"ßŽk(ßLe&]!{ç‘Çø#Çè“þƒ‹ÁC-+QsèXÒLÇsç¹ªÄ!ÔÀ;CE¹J˜^vZ‰2ê´CÍ8kÜÉÐÀ êÊP&¢\ d]ÃwÐ÷Ç¦‚Ð©,3™îó}Ìu«š‹hÙ’Ð…20Y?ÍÍWŽÖT—e¨´»Ã}K5ÊZiÒ æ¡Ô5ò¾adlÓãÊw`üéÂ%C½¶0ñ<»*›Ýø™.¥eÃó®ä>Ž8³À¶~Me.aš£õgòS¤–…ºãVAfZ4ñÈHŸì\<Ïã!açô]HÿY:dg¸/4µ¯+?ÄFYá.æ¼ð}”ÛG™‰›ík‚W‹æå‡ˆ0O«µB$Ê´Íu1hK”£û²ó^œâ]õ‡³dÉ1Å‡QàÐ‚ÁÜ´åh€ÿ<Œð_‰aÛ&ã÷¯Çh›ê:ªdeœÆ³ßìºÝaˆK;e|÷Û¶gøp0ÂWGK<›îý¹÷/÷ò!&endstream +Ø@¿ýt{(‰©í:ý€ÆiÊ5éB®©Í$Mw™0ÏKmTo+è›îóú½e!VysÐöµX YJ ë\¤—(×šf%êbVšß`º²Z7A¢ÊÅc%>ÉÝkßa‚`ŸKi*k`ÏµB)E×0eµt¾äŽMUµg]ó-JSg1}ÊþáV”-ÖÜ¬Ö@9Ö\¡U ò3£`7Ø*Ì…—J™ pÃ¨Y“¸Ai7]Ôóœ¼—ÉªAu/é²’ekÐÙý¼Ãy„›(¸ó—ÐÊM$-²fÕ¢Aÿe³º^ŸAªÝe¹¼¡óNÈÀÔ|Rµ%O8N7ìq;ÌÎ_¶‘‘´Ç»Ã`„9ån†œ<³¿±Ü°"À!Ððpà†ÃWô w•`²Û0yF3f¡´ã©uÖ15o)?ÇPPÃýL07Ë–kpo"…=·K=Ã Øm¤ZÖ½ÁÙÚ¶¦=9&x)VšÇ®; Ù„øÈWðHU«ÛZ´Tê+™³ÚOiÖÄô8"—úA7²h=lç²ÅS}(›äÐÜLDµãbðD¢‚vìc\¡‚F#Ä0ñ|wú-±ê#ê/PíbÿÓævcâµ*À´/Æî[2M)ÀD‰è-UcÓ÷À"ßŽk(ßLe&]!{ç‘Çø#Çè“þƒ‹ÁC-+QsèXÒLÇsç¹ªÄ!ÔÀ;CE¹J˜^vZ‰2ê´CÍ8kÜÉÐÀ êÊP&¢\ d]ÃwÐ÷Ç¦‚Ð©,3™îó}Ìu«š‹hÙ’Ð…20Y?ÍÍWŽÖT—e¨´»Ã}K5ÊZiÒ æ¡Ô5ò¾adlÓãÊw`üéÂ%C½¶0ñ<»*›Ýø™.¥eÃó®ä>Ž8³À¶~Me.aš£õgòS¤–…ºãVAfZ4ñÈHŸì\<Ïã!açô]HÿY:dg¸/4µ¯+?ÄFYá.æ¼ð}”ÛG™‰›ík‚W‹æå‡ˆ0O«µB$Ê´Íu1hK”£û²ó^œâ]õ‡³dÉ1Å‡QàÐ‚ÁÜ´åh€ÿ<Œð_‰aÛ&ã÷¯Çh›ê:ªdeœÆ³ßìºÝaˆK;e|÷Û¶gøp0ÂW‡1K<›îý¹÷/÷ñ!&endstream endobj -1648 0 obj<>/XObject<<>>>>>>endobj -1649 0 obj<>stream +1640 0 obj<>/XObject<<>>>>>>endobj +1641 0 obj<>stream xVkOã8ýÞ_q·¤#VÛ&Mú©He Z`»i5Ò~7v©g;c;¤ýñ{í$¥Ãc‡-6ö½Çç>ê{¾·BèãO“cH²VßÇÇÑÈÂp:ÁÏþ)«ÖqÜ Î††¯Ðe<@LÍû}ˆ“}³f°YË”A®dÂ´#a#Õ7ÿ×ø+zöá tìECéþÞ/Á’‹@¯AzQèÝ:Ü$ŠçÆp¡™2@@° sa˜&ŒzÀ-ÜwK ÉýT&$€Â¾?u@ÍgðÂîEŒu¡ÐŒA²HŸ2íæwìî®{Ô½&˜Ž]çšœÝ•TpÁEq¿1@CúñÃ.P…ç«göG]°‘.EÅÝU’¿ã žÌ±rå–*J»Æ]Øpqp¿ÅªL¶Øq¹$ßè#ß0›3‡_3ÁbàšÑOø†›ÚÅï*²Í6e+Ý@]\Ÿ_Åç‹YÀL¼XÉ“y|:ûB‰að[çs'ëÐ^çSç²só¥y±˜¥ycíúô&ž_Ç³6¶’ËQšSlimˆ2íÊv9üÎXŽý–Èü¡“äàÕœ?ùž%×0Ýƒ9¥Ok`{yëÜ0fÉZB» ÿõutô ¤ýã…‡ãëíà¯‚j:îˆ t.e`6/zñ˜·€f÷³þa–â?½~¬NÓ[@Ó|Z®M²%qÌ]³ÞÈÏ•8|LÎ ëÆ0²HÖÐ~ ˜,/šPê{DGÂFÕ±èÞÅâÿYfß(W°Sœ£3Ia‚÷öë–5É×,÷\{¡ ÿ Yj0ª¼£wyÞå=|—÷è]ÞãŸóöª›íç¼÷àJšòNçv^p ø+£Œ6ÊS6ÿNï§|èlé'R¬{Ígø,noBÅL¡Þ²w$-p/ç@25£(Ü@ÆˆÐNA @xn®—è‰¬¾ÎkKv}Ë%8;€e‡•.½jºýÈùpc¯ ‚Â¢ÐnZ=<½È žý¿¸ r£á*"+}ÜUv´0¥QIh™p;§H9æ7Ü¬¼;œ!S>Äk†TH•‘4}cG«à8É3;º/qxØ8ð#{ìÇ?.qÎÎ/Nñ ¦ï×Ì³B£BJµÄbæN[X4,JÂPD! ]{BâðGRH°×‡ãÔ>+R¤¦R¤ÛÁW‰mV×‰ í2sO³ÖFn÷\ãqÒÖW?hÃ²š(•( l‰s‘W)â¤¢(yŒlívAHÙvÀ%èý½àŠe(mtuA’”ãÊ¶Y¢q©2±Émz±J¶[Ï$«ýŽL¹¸m[¡É”pŒ&®,aùmÙ¬™ 3•·ü‰ü¬ÒV¥×‘Öšß -TšØü¦™çV'WeA€ºô©$–$%"Á£1-°"<‰½UÉèi%ÀÃ1Šóéex¿Œóf~y<Ç–_YbàD&…MSŠ6«½Ú¡7é£S÷'C2žâ7í§‘…9[¶þðš†Lendstream -endobj -1650 0 obj<>/XObject<<>>>>/Annots 952 0 R>>endobj -1651 0 obj<>stream -x¥WMsÛ6½ëWìQžF´¾%÷ÒÉw=m7a&=ø‘„„´£üú¾%š’íñL3iÒ `ï½}»ü>˜Ð&´šÒlIY9'c<éþùøv0[-“%-×ËdL%Íg“d~ôiÐÿ·ëVùµüÑrÉÏæëþâo-i;˜NÉš+]"ô"™‡_qÛb9Á³“m|Þ|Æ'=ðb¶˜&Ó‡^Lóû/^¤ƒó7sšL(Ý‚åzEiÞÞ|Li6¼ÜÒÁ4Hö{£±ÛGeS8U’*S;KI¹Ü*-sÚšš¬)%Ökô3:K¿âx Û?´å&ÉŒÞúÇ1êY+ù?þ•ˆ;Hê¦ôq2S–BçÇ{Ç4šÌp«4ÞîU¶§LhÎ¨±HÇ™á¡üádEAUmvµ(ý]vRËZ8ŽL…²Né™m¸™ÑxjÖÉ2ña/h|¨Ñl^v2Of ¥{I—eU+ DRc -+Ý½L§L3¶-vXLXÍyÝ¨¼ÍäóûË‰!¿…ÔŽ3rðEéÜÜZzŸÒó<§+Ž&k<þ)ê<¡7@ '9v¥AM)œbR°@Xæh‹ÍÀˆîr¿•²ÊIÑ{çªßÏÏU¸WbMSg'íd¢¥;'aéVÿ‡œÄÌMÖ”È¾JJgE“ƒ”[åömÈx,ÃÇRøkµi8ITYÀ’ñ/ìA£‹C ¼lj%[!]ÓÕ&oü¦p³®©+@Œ·¼cz6¹Ê"›“„¾°Ð‘AÜñÇdòúøž× - _!e¦Œeàk¢©XÃ,.{g^˜6{ØÍhºôÁ¯Zð*äj¨µ–(åL}„‰x¼ç¼´' -T],Î/Ö€ÉK#¯Õ H®DöMì¤õ—ÈBqVÉš×¸ž.W¡XcU¶/»âºK/ào¦e†¢ÈyQ†šïnØÁòH"€_ËE´u¢(¼Ä²Bq±xð’Ù8¡PÄÀ%¬÷>ÐZÇ4¡—ºXÑ¯m<€k^ê/z§®€-ÔÇæîZv£†6'-{ZxêšõÑ&äB[jjå”íeö€”›BæO(e…¾Ä^¶®õˆZÞTŠ¾Ïwïnö2P7BœX€ÂG‰ãX¯qÆƒF>›ÑŸ¾¤’*@gèëå~Ý«8ù„V•Äû[úTÊši»5,@È™è÷H(³Û1µiIW²Æ•Õªr¿Ðä Ëô¯ßˆË/'Ìˆ&JH¿m¥[%ŒG¡«ÿ:6ƒ>8Ñx=ƒ¡©äú,Î@OüáëäNöa(8s·¶®²×ÓE˜,§á;ØK83¬õÓ`› w˜1 ¶†+h‡Mè®Ï|"ëád‰O¾õiÿÉóéù»Ïñ`¾âzÕ¸yç(nÆHç©o•ùjž¬–k?®g|ÂëtðÏà?Ø_¼‹endstream -endobj -1652 0 obj<>/XObject<<>>>>>>endobj -1653 0 obj<>stream -x…WkoÛ6ýž_q‘O)Ë¸±S`Ò´Yƒ5k¶¸è€zh‰¶™P¢BRVŒaÿ}ç’Rb«ÖüïëÜs¯ŸŽ†4Àß!MFtvNi~4Hx7I¦4žNð~„ÿVÒòèýì¨= š-aq>Å›Œpz0 Yzò÷›ÙÃÑ€zÃ,gÙ ñŸaBdË4ÕJþý"=ùµ$Q–Ö”V /©*µeÊÊÔ»¥C~Ø—)‚•¹™“v#í¡³#Ätù¢ù5úç°™U°¡¥ÒÒ²<ÛÏöÆ¹J:]fÙU…—öCp1?™¿¡ÛûÞwW?ÿ4ŸGÃäœQp¹ïñãóŽ7ò†Dê+¡õ¶ã™!HdÈ¸ Çùð¡þõ˜†ÃØ•Þ(„ýRH2Ëæ Yh™;’Ej*¶‘ÕkYÊK<@cT± -GoòàÕ!£°§Zà¢"ä¥H%©ˆÊBúZÊ¢Mò,q¹a•©¹ª,õˆÛ@Â¦kåÑáÊJ—Ðµ±$Ÿ'pJßT‘™ÚÑo3REª«ŒAo›Å‘3:¾,q´ì³ ¾Y¸µtsó?ióv˜Lpöâõâ-¥€Ó‘òŽÐ~§@¤€rmèž~txÜ„'c®o€Z›š;öXàµ^ßV‰†çb#i˜–£’%*m÷ºD©ÎWh*Z›¡ZiÝ©Œ—ùÏ<‡àvì Öð’î0PÒzì2%´Ya^ôöÐØ<ŽnÀ†=mý2réÄ}ªTúHÚ˜G¸éÆCÜÖy™#ó•r“+<{`Ø¡cîÓ¯Ÿoçóû`0Ÿ_UÖ‚wW¦ðÖè{éñU|?Ÿ‡‚æóÅFYS0=£Ó=ŽG§Œ¢o¤Ð›\„®ÅÖQåCr5ã‹Ñ?üCqàø†V¢|p58îƒ.h‰¶u1Ùc× #X ‡((¡O¦FÚö”îE¾× ÆGÂ ÝNÀ&ßˆ„@G+ÑSS1…TmMÅE¨™Ô2pår(¡™qÛHOU8—2û¹‰¼KxÉãÓË²Œrr´Ê•ž -Ÿ0Mž3Ðô¢(ÂAIÅ -E7Oã×œs§ð«÷ºƒÉ¾xÛ¿˜v(Ì2Å¸¯FR/…Aõó ûï__ÐpÒèåÙ8riˆ×„>(±*ŒSázç0ö|ÛõÎQÐÃ9\kÈÌš¬J¹úèt— ðÎbÁ °–¹5Ä_jUðžxdrQb5,.Æ(×µ"Üg¸‰æ€¶kÙlß< Î^—ÖäÈãþö}+Q|Ñ4ì‹Wéi` -ZÁB„®‹#‹rÍOxÖ,Èåd X'v#è®ÿöåR¸Å–V_OÉ™@ÖZ€ÔÈ&ñ›ý´bê`µ¥»«ÀøØIôšcºº -C¤Šì<p±Xvì[{ÑbüÀžíkpSH½<ÅAÆY¦‘Y®²w&æ¬¹ÿ8Î¬…•ƒóWÈ_õüêßU‹(IÓ¬>«IT*^ObÕ9\ã¥ R¸VÊÂ”|ŽZ@Ç½NÐÔäÈ4;Nè_àæËëªJFYw»4CüzmN;9: ©€ÌpL 4Oo] ž/c›rè¬ÔrÃnÍOêµJ×!>Æ¢ÒY¸a:©#¥æÊi}ƒ^B3°y +ß±ÁÎ6Ú5sÌkÑ÷•6¡ÿjÝîî¤x¼ôÀi´N„å0²Ð•Ø‚¯˜0ÐåµX²v±ÂÆ¬è©’ÆâXÜ4q\—6ß÷ÐZ¹ÁÆ èÁ,¦þ=d–ÿgeªñõ±ˆõC*}]f}Ç·LDlW¥ÂªÈM^MÍÝ´T(¬y`DXkÄÂTþÐ¦Xo)˜P¯ SoJTÓ$MX>"òž˜Ï´Ù†øÅ1˜žágE³JÞ_Þ¾¿äµæ[#}0iÅ×_¸mØ²×ô&þ!rr@ÀÇ“q29ŸB¾ñ|:f³³£ßþ*|!êendstream -endobj -1654 0 obj<>/XObject<<>>>>>>endobj -1655 0 obj<>stream -x¥WmOÜFþÎ¯˜’Ð)ç{…#´ %QS© --WUðamïl¯Ù]s9Uýï}f×6‡mÔr/Ø·;óÌË33ë»1ðÓ|BÓCJŠQ4¢ÙhMhv4Çõ#i¹óv±3ü0¢7´XBâð)a÷hD‹dŸš¿»ZÖÒH[’]¢L‰d0ŽUF•NÒ&\’ßÿjqÝ3ƒòÁäÊ÷ßE•Ëã°ÜA&³hÆë-¦WÚ¡Ð°¶f«r˜W†xŸïU´gYÍˆãQt´-Ww,Ñ#é;Fø7iS<ˆ?’ÆB+}ó¶÷¾µ}V£Âû“o®þ· -d Dò‹@_ˆ"d3]ç)Yépau)â\R*—¢Î¥%ræ2 SSYÉ2UåŠtI]²ëdAnSÉ××ŽÞ¶üÎQ’eîõF”.¢ü+•ÚÛÁ©˜‚fHd]2U ÌeÂ±FÊÄ½$§É¥¸m`Ù€\'"G¼ï”.mD‹¬‹m]ùZllP²¬ó|ÓÆ®Á³•LÔRÉ”*á²RÒ¾&a‡l‘ÆTˆ ›Ù˜áŒ‘‰£ó³Åt/òZÚ¨Q:9lü=“> 8/èFÇìAˆ-.bÙ°?}ÍáY«<ÎÄVÄ®ÒF˜ <«6¤—>~[1°ÆÚƒÕªì9Ä/›Ú²×° áèDÄÕ¬&³l4J§ -AÌ–KQ"ºFn8ŽM½èŠ¥AÐÓ"ó>+ÑÙÙƒ÷VC»‘…¾‡B±ä÷ö€%ßÓÇewCK¡ré¬B2GKCs¹t7¸Ë¥%Åþƒ.]"ïNükœI@™¥>¦Û%Ì¤æª„ƒpr—WÖE,Í.HaÕŠcätÖó>tˆ7^ØVZçÒô¹ÁÁÝ;Í¥Ð$ÐOw‘mw!Ê¯PséDl2cd•‹°kå2Ue4 „“ ÷hÍdƒµ¯ŒóìÙ¸gY³E^¶Õ±“Ìyæ_{›}Ðƒ1!X z€C8æ¼-ôŸuõ°Y¦ad ×ÞÍs +TšØü¦™çV'WeA€ºô©$–$%"Á£1-°"<‰½UÉèi%ÀÃ1Šóéex¿Œóf~y<Ç–_YbàD&…MSŠ6«½Ú¡7é£S÷'C2žâ7í's·þlýð™†Lendstream +endobj +1642 0 obj<>/XObject<<>>>>/Annots 954 0 R>>endobj +1643 0 obj<>stream +x¥WËrÛ8¼ë+æ(×F´ÔÃ{ÙÊË‰kóð&Le¾@$$!!†(_¿=@S²]®ÚT6Ù `Ý==Ãƒ ñgBË)Í”ƒq4Æ“îŸOo³å"ZÐbµˆÆTP<›DKÿ+§Ïƒþo¼]Í°Êå·8ˆ~¯–øwŠ¿•¤Í`:G+š_,qtÐó(ö¿Â¶ùb‚g'Ûø¼xÆ'=ðb6ŸFÓ‡^Lçñý/’ÁùeL“ %@°X-)ÉÚ›)I‡W:˜Éþh2¶;a©hr«Ê\Ri*[ÓZR&7JËŒ6¦¢ÚëEmô3:K¾áx Û?¬‹u”½qCÔ!ªkÉÿ‘p¯DØAR7…‹“š¢:;Þ;¦Ñd†[%Ùp¿SéŽR¡9£¦F:ÖøÌåO++-r*+³Dáî²•ZVÂrdÊUm•Þ’Ùø›§õ¡¶²ˆ\Øšj4‹ÁÂNâhQ²“tU”•Ò@$1&¯¥½—é”iÆ–£Å‹ «9¯[•µ™|ùpõ/1ä·"—ÚrF¾*™}MzžetÍÑd…Ç¿D•Et ô˜±’c÷°QÔÂ*&DÍm°ñÑ]î{¹¦ZYI zgmùçù¹ò÷ŠjÓT©ÄI[iiÏIÔ´—yÎÿÇ!'13“6²o£’ÒiÞd e¯ì® Ž…bøXÊ¥Ö 'É€ª°¤ü{Äèü@/ëJÉVHG×´•É·Éßl#…m*À +Ã-ïØ…ŽM®²Àæ$¢¯,tdvüõ™¼>¼çµèç¹O™)c¸šhJÖ0‹‹ÁÞ¦Ív3š.\ðëV¼ +G¹ +j$ŠCYSaG"oÁ9/í‰ÕAóó‹`rÒÈ*u’K‘~[Y»K¤¾¸FËhÅÆ‡kÜLK_¬¡*Û—]qÝ¥Æp7Ó2EÑ +d†¼(EÍw7ì`y$OÀïe‚¢Vº¶"ÏÄÒ\q±8p’Y[¡PÄÀÅ¯ß½»ÙC>È@Ý +•sb +%Œc½Æ¹lFo?~M>F¥‡(8ÏÐÕËýºWaòñ<(Ã‹!ô·ä©”65Ó¶7,@È™è÷H(³Û1µiI×²Â•Vª´¿Ñä Ëäï?ˆË/#Ìˆ%&JH¿m¥ÅG¡Ëÿ:4ƒ>8Ñx3kƒ¡©äæ,Ì@>/XObject<<>>>>>>endobj +1645 0 obj<>stream +x…WÛn7}×WüäÖêbÙ’…ãÄÑ¸qk)õÚ¥$ÚÜåšäJŠþ{Ï»¶´VÑ\ ËrngÎŽž:êãï€ÆC:=§4ïô“>Þ“ &c¼â¿•´è|˜vz×}º éç¼É§û}š¦Ç¿›>túÔôa9ÍŽ‰ÿ"[¦©V²ðïééÉ¯$‰²´¦´JxIU©È(SV¦ÞØ-òÃ¾LlÌ Ìœ´ki"¦ËçMÌoÑ?‡Í¬‚ -”–îåé~¶7ÎUÒ‘(è2Ëî¬*¼´ƒ‹ÙñìÝÞwÿ¸»jùù§þ<$çŒÂè€Ë}Ÿžw¼‘7$R_ ·-ÏAj%CÆµ=Î‡õ®G4Ä®t‡!ì×B’YÔÍ\ËÜ‘,RS±Ìh³’©¼Ä4FËpô&^²0{Ú|@´Bä€¼©$Q™K¿‘²h’$“#œ½x½8£p:RÞÚïˆ°Q® ÝÓ[‡GuÈáy2âú¦ù(€ •ÙpÇ¼nVÂ7ÕF¢á¹XKš¦šå¨dÊEÓ½„.QªóšŠÖf(d£´nÕ ÆË|ŽgžCp;v«yIw(i½v™Ú,1/zû +hlG7àFÍž¦~¹´â>U*}$mÌ#Ü´ãŽ +në¼Ì‘ùR9Éž=°FìÐ1÷ù×/·³Ù}0˜Í®*kÁ»+Sxkô½ôø*¾ŸÍBA³Ù§b¬)˜žÑéÇ£SÆ +Ñ×RèˆÍ.BoÄÖQåCrÕã‹®Ð?üCqàø[C+Q>¸·€A´DÛÚ˜ì±ë ÈVÂ! +Jè³Ù m{B÷"Ÿƒë +ã#an+`ƒV€ïDB £•è)†ˆ©˜Bª¶¦â¢ÔLj8‹r9”ÐÌ¸m¤§*œ‡K™ý\GÞ%<€äq +ƒéeYF¹@9ZåÊÏ…O„:Ï€hzQ”á $b‰¢ë§¹ñ+Î¹Uø ŠÕ{ÝÁd_œõ.&- +³Lg1îk§‘ÔKaP}ë|Âþ{×4×zy:Š\à5¡J,ãT¸Â9Œ=ßvÝÓ~ôp×2³&«R®>:Ý%(¼³Xp¬en1$À—ZU¼€g-™œWËX ‹‹1ÊõF‘@î3ÜDó9@Ûµl¶oPg¯kräqû¡‘(¾hjöÅ«ô$°‚G`!B×…Å‘E¹æ'«IT*^ObÕ9\ã¥ R¸FÊÂ”|ŽZ@G½VÐÔäÈ4;Jè;_àúËëªJFY·»4EüÍÊ v suR™á˜@hž4Þº<_Ä6åÐY©åš;Ü›oV*]…ø‹Jgá†i¥Ž”ê+§ñIz ÍÀæ%¬|Ï;ÛhwXÏ1¯ID?–ÚÌ…þ«q»»“âñ>lÐ§Ñ:–ÃÈBWb:¼bÂ@—OÔ`ÉØÅS°¢§JVˆcupÓÄq]Ú|ßChåƒ 3?˜ú9XþŸ• ¨ÆOÔÃ"Ö©ôt™õß2±]• +«"7ya´6î& ¥BaÍ#ÂZ#æ¦òÿƒ6ÅzKÁ„z˜zS¢š:iÂò‘ðÄ|&õ®0À/Žþä?+êUòþòöÃ%¯5Øé£I+¾þÂmÃ–ÝÆ ;îó‘ã>’ñùòçã36û4íüÞù*{!êendstream +endobj +1646 0 obj<>/XObject<<>>>>>>endobj +1647 0 obj<>stream +x¥WmOÜFþÎ¯˜’Ð)ç{ GhA""QS© +-WUðamïl¯Ù]s9Uýï}f×6‡mÔr/Ø·;óÌË33ë»1ðÓ|BÓJŠQ4¢ÙhMhv8Çõ#i¹ón±3ü0¢·´XBâà)a÷hD‹dŸš¿»ZÖÒH[’]¢L‰d0ŽUF•NÒ&\’ßÿjqÝ3ƒòÁäÊ÷ßE•Ë£°ÜA&³hÆë-¦WÚ¡Ó°¶f«r˜W†xŸïU´gYÍˆãQt¸-Ww,Ñ#é;Fø7iS<ˆ?’ÆB+}ó¶÷¾µ}V£Âû“o®þ· +d Dò‹@_ˆ"d3]ç)Yépau)â\R*—¢Î¥%ræ2 SSYÉ2UåŠtI]²ëdAnSÉ××ŽÞ¶üÎQ’eîõF”.¢ü+•ÚÛÁ©˜‚fHd]2U ÌeÂ±FÊÄ½$§É¥¸m`Ù€\'"G¼ï”.mD‹¬‹m]ùZllP²¬ó|ÓÆ®Á³•LÔRÉ”*á²RÒ¾&a‡l‘ÆTˆ ›Ù˜áŒ‘‰£óÓÅt/òZÚ¨Q:9lü=“> 8/èFÇìAˆ-.bÙ°?}ÍáY«<ÎÄVÄ®ÒF˜ <«6¤—>~[1°ÆÚƒÕªì9Ä/›Ú²×° áèDÄÕ¬&³l4J§ +AÌ–KQ"ºFn8ŽM½èŠ¥AÐÓ"ó>+ÑÙÙƒ÷VC»‘…¾‡B±ä÷ö€%ßÓÇewCK¡ré¬B2GKCs¹t7¸Ë¥%Åþƒ.]"ïNükœI@™¥>¦Û%Ì¤æª„ƒpr—WÖE,Í.HaÕŠcätÖó>tˆ7^ØVZçÒô¹ÁÁÝ;É¥Ð$ÐOw‘mw!Ê¯PséDl2cd•‹°kå2Ue4 „“ ÷hÍdƒµ¯ŒóìÙ¸gY³E^¶Õ±“Ìyæ_{›}Ðƒ1!X z€C8æ¼-ôŸuõ°Y¦ad ×ÞÍs E|©$ãŽ -ì¥Ñh*PÄ K+•a†ÞÐ#€Ñ`:õ7ÆTˆ&½“q½Zqwjàñ_£“~<3sî>Ÿxô.Ö”e¸Ú -r×ÂjbÈtˆ'CÀ¸Þí³e3‰Ê¶‰QU[;¨`m|{Af…AYb_f´6çh’ÆÑYÅ‘dŒ!°í–ËÇÀ&K¡¦âÿ08]Q -Zo@Ýžš“qäg2OÄßøéÚmlÚ¬/h-Cw³5ØîIŽ_˜ùœOã«´5OÈvã[¥4¨ètÈVáy«žð`¦ý²=tp@ÙB'Áð¥¬XÉ§/ÚñÛ[>Ÿl¯E¶«GÑÖà{Â¦Î‰îòrL/'49=ýöK‡³ÒzÑŽ“ -ÔÓ³ÀwZ& Bëþ“'–ï¢]³rþ„A¥”©§0š4Ÿ%*´ôWí–™-eëC3"Ùë Ö»:4ôw"ô¼gÏeÙì˜þœMþ¢=’I¦)SM3Õ¢4T ;§¼Óq’+PŸ†C?å3mÝ0_Ïz""M½ñè¤K´HRÕ NtüšQœëÚÛÉÁ•…°·'¸ŠÚÏ¨§î~8Soá.„*O.Ï.g¿.®éÓÅÉåo¥ú|MÒ`J\†>‰óq4¿î Ã™cºº: „|Â¿pÝÌq +ì¥Ñh*PÄ K+•a†ÞÒ#€Ñ`:õ7ÆTˆ&É¸^¸;5ðø¯ÑÉ +?™9wŸOH<úkÊ²\m¹ka51d:Ä“!`ÜVïöÙ²™DeÛÄ¨ªT°6>Œ½ ³Â ,±¯ 3Z›ó?4É ãŠˆè”¬âH2Æ@ØvËåã`“¥PSñœ®¨†7 nOÍÉ8ò3™'â‹oütí6¶Nm Ö´–¡»Ùl÷$Ç/Ì|Î§ñUÚš'd»ñRTt2d«ð‰¼UOx0S‡~Ù:8 l¡Ç“Æ`x€RV¬äSmøíŸO¶Wƒ"ÛUÈ£hkð=aSçDwy9¦—šœœ|û¥CYé½hÇIÈ…êi‚Yà;-P¡uÿÉËwÑ®Y9Â RÊÔSMšÏZú+H‰vËÌ–²õ¡‘ìuë]ú»zÞ³ç²lvDÎ&ÑÉ$Ó”©&‰™jQª„SÞi‹8É¨OÃ¡Ÿò™¶n˜¯g=‘¦ÞxtÒ%Z$©ê':~Í(N„uííäÍ*aoqµŸQOÝ9:üq8¢ÞÂ™.„*/O/§¿.®éÓÅñåo¥ú|MÒ`J_†>‰óq4¿î Ã™#ºº: „|Â¿pÝÌq ¹¸Û-| -ÉÔ`s7?>‡ê×[fo¸xiê¿›¯«·¹³?e"sbáÞ–÷¾¤ÂzÎnðô ÇèÞ)Ìì |…ÎŸZZ™>§ã);ùY5'Ý£æ‘b|ˆG™£)žZšG‡‹³ŸßžÑ¹Ñ7|ª{§ß†Ÿ{rÐ -æ#~ÎÙÿºá2›Ï¢ùá¦DŽXÓûÅÎ/;UT#7endstream +ÉÔ`<3ÑÕ>Æoã¡½z…Ù€¾|æn~|Õ'®·8ÍÞrñÒÔ7_-Vosg"ÊDæÄÂ½-ï}I…õœÝà)èAŽÐ½S˜Ùø +?µ*µ2}NÇSvò³jNº‡Í#Åø2‡S<µ4§?¿;¥s£oøTw¦ß†Ÿ{rÐ +æ#~ÎÙÿºá2›Ï¢ùÁ!¦Dæ¬éýbç—¿US#7endstream endobj -1656 0 obj<>/XObject<<>>>>>>endobj -1657 0 obj<>stream -xWkoÛFüî_±ßèõ´¬Š š6*ŠŠy”Î&yôiEE~|g÷Hêa»MÛ$ÅÛÛ›™]=ži„ÿcºšÐtNIq6ŠG4ŸÎã9ÍW¸žàÇiÊäƒÙåe¼xéƒé(žœ>ÿ°<ÞÌh<¦e†=æ‹+Z¦„ø£-“óåFS”ØTÓ("S¦&QµöToT_šîíŠ¶ÊcóÂ>é4&^Ø¢ÐeM«¼ã‹U’~`<)Z™š +1648 0 obj<>/XObject<<>>>>>>endobj +1649 0 obj<>stream +xWkoÛFüî_±ßèõ´äŠ š6*ŠŠy”Î&yôiEE~|g÷Hêa»MÛ$ÅÛÛ›™]=ži„ÿcZLh:§¤8Å#šOçñœfW\Oðã4eòÁìò2¾zéƒé(žœ>ÿ°<ÞÌh<¦e†=æWZ¦„ø£-“óåFS”ØTÓ("S¦&QµöToT_šîíŠ¶ÊcóÂ>é4&^Ø¢ÐeM«¼ã‹U’~`<)Z™š ãsRS®É–xÉøøÍòþlDƒñ9.Óó¿lC‰*É®¼vOZq\U¦d›ºjjâKäPÊEníµI ë¢âŸ¸r»f&ÇzK^kÚv‰;í›¼F>N¿¶õcc’‡|‡õaO2™¤Q9»ÊuÁÕlM½¡mÉV\ßùZ1ýšÕHÒ¶Âî…Úuí*dnÜIÑC]'C‰”¨*ämZ;àå-=£õ¤œ±;Òc£ÐÞ¼¥ñ,œã`:Žq™žgñ,žÆô'.¡µó”Zº•¤~à 0˜0zø pêuåJqk§ F4Ùèä¡ƒ¶G˜kG¥*4CÃSãætb×¥ùG§ÌŽ/ªX©SøoP²þª àv!˜Èã:¤:¢·m‰”Æ¹þuéu%Ò”Ï‹œóBÙ^X¶Ö 'ØÐcoÊÌºBÕ2gðVh„ÜÚÛ†˜:¦Ö.Ð=³yn·\oË9œôÉ9‡ØdŸô×Ú©¤$»~_µõzÁÓd‡8Eè`Môm¸2åšî+VGLâÂ£YL_t]smMÕ/ý r´êüs¼{RjG¥FNÍq¼S:ä=œ ©pyqù§}æöÝ ¤ÝG$ÚáÞ‚~íîy>×~s |¡Q ÀÊâIñNZSYnð·ÜE„ñ½ñÿÂ½ë2ÄL.÷wÎ¡R‘öþDÜ³ŠÌ8…¯•CÃ€fÒ"õATkÜì9}âX¢Ó’K9P7iÑ*¦^Ø7°gLm|õ ¢Ö A¨-s,´6mRA¿|þ@·Ž.œçý¢¼J`äá3ñ·È-Éµs"3¯È×ö…4%ÁvXº ŒY1~5lg’Œgœ -<Tß\¯d~‚¡Ô!ãjd‘ÌÀ2 ¾žùï»Ìy–(ah~c›>/XObject<<>>>>>>endobj -1659 0 obj<>stream +1650 0 obj<>/XObject<<>>>>>>endobj +1651 0 obj<>stream x…W]OÛJ}çWŒÔ¨L!¡¼ÑR¤^µ”T½•Ð•6öo±½fwM‰ÏÌÚÄµÚÞ~HŽ³;gÎœ™<îÌhŠ¿3ZÒÑ‚ÒjgšLñtœÌi~²Äó!þ;MùÎÛÛƒ‹74›ÓmŽ+‹¨:ÕýQ¿ñ`À(/•U¦ÆA4"âã¸òOF¯ÅÊKå…È´ÔpÒ7§PÃOÏÝØÑsUaºv¸rø#×ìlmÛ2#ý£ÑiL™ôUV«J$ÙF—›óþrùáÚåxv© LÝp™Ú!£^@hä¸CP¥¡àŒÿM‰ÒŒž”;~:(›ì '-Ñ«Øe”‡¬Û¼¨˜Ö;ž&'‘ô ½§ßþy©Ä5¤qßS–ŸM§³jS@GùÌÏr+MÃ%ò… ;’ÀÞ:èÛ’X–Ñ0Ÿ¯ñ““‘5ô3O è¡©A¯²DåUg§¶»±Ã*Š^d[Ò0©!ÞQ³%TLõ^!ÌÎâ¦ Rõè½CZúe8öfQGd-†ƒˆ¹\ßƒõšFŸ¹/˜€2_úFohÏdrÃ#O½¶Îm¤£WÜë@•? Ýc¶µIu¹7ö-¨*ÓŽ§ŒqÖ‚ÕZÞAÏÔ½öLšî)T]£0ñ=*±*UýÐ}ìÆ¦ÔØÏ`>ôÃdh¨F¬™#:pî’Aª²M0ˆ²W*ÄÑ½A¼(^nî1Å²Q¹ÁŽÑÔ¡‹Eí¶'‘b0ÄO}Aw{Ì>§½§B«Œ¹aúw¯;ï±û#›G¾_Ê—Û²´k©ˆ(ôÅ;êüjÅ¼µ;¥$I8¤ßôÒ0!é“F“%.ÎÉ_ãŽdqY+sŒIåm‡uÇ¡Qr÷LˆÌT2A˜³ª #À¤¬^CpÆµí)ÐmUFf<ëjG/µßî0ýÆ$ëZë£@:ýØBà|·{®ae X¬¼Í6/4ãnS'^Ô¥äMmqîy†:cßjs–_·uÜÂl ‰ ?h’mtLJEÜ0‚²#Áöå!5¢]"¤2@&™Ù.Q[hG˜_ARoRgš >Ì¥h|OHU¶44ˆXïë–9U#¼æ?™ÔÙàA)R¯CBp¨ªá['Î~5õ›ã‘g\î™ùõ‡¡tÅÕÎ?wt©*ý|·w-›ã»Ò¤w¯¯ §P[£qYyÉêù,{bþeÏ¿!»ðÄ²k/ dÓÂZŒ]À§è]påþ¹‹4’‘ÁóWBýš¯xMß y¡æ¶äál'„Á!z(ÃïG ÄiÃ5ä=`ÈsL tý{Î–hÞÕK¢‹«¯)/\pµ&G)nË`P6ƒMkä>/XObject<<>>>>>>endobj -1661 0 obj<>stream -x…TÑn›@|÷W¬*UI¥˜‚M0~t”FêC«´¡}<`m“Àå–¤ôë;wà¸r“V¶%ÃÞÍÌÎìÝYD!>´L¨hfaR’®ƒ˜ât…ÿü:¦íXã y©p&/âå%N ®²Ùû›5E1e[°'I¤”•î0¤¬8â V}UOtk¬Ü]Õ -µ]¥…ËwÙ=öÇEãþùb…ÝçÙ¾²„¯Â:“×Üì•¸7½íU]T¨ÞrIù@\Éž;,à”lkL]éÙÁ -¶¶½ˆ{¬ôÖt’Êh˜Û`EuBfëd„4–ÁÂÑ±îM>R7êí‘ÄVúÁ¿q‹¼XáŸBÛªæ2 ¦ï¦>;²UÓBvi€¢íÛÖtrB|4( ï¦§F ¤}Š!Ö -NÐÙ¦ãº(èÆ·C×,\¸®ÎýÉŒöã™/#L:ô©¤mÊG¥Üº<àÒ+|6Â£À‡ù5óœE(ÝA‘ìa]*½u–{1•«éÑ÷'„å={ã€ -Ó4J—oÈ´®ƒ;PIìžëš¬Ðµqà#‚* -Ó{é.Vvpô²^€Kòí· Ý¹è& -ˆÉ#ŸÐŽ‚³í…[àrv™=Ï\¯ÜÁñ`¡]¯íÅá`I§ -Ôºc>±0›J‚á·#›²ê0§¦¦¾ÒéÔG .§tI‹d:~w›OWL¤¹Çz„]ô kñähæ‡ óU¸~æ^1ñ -wP’â‚Âì§©CùÍ¾Ì~@ž·endstream -endobj -1662 0 obj<>/XObject<<>>>>>>endobj -1663 0 obj<>stream +@«Úš}í÷ö—S,ÄÙÿýŒš/çÉrq‚ß_8»>/XObject<<>>>>>>endobj +1653 0 obj<>stream +x…TÑn›@|÷W¬*UI¥˜‚M?:J#õ¡UÚÐ‡>žam“Àå–¤ôë;wà¸r“V¶%ÃÞÍÌÎìÝYD!>¥Z&T4³0)ÉVALq–âÿ¿Ži;Â8H^*\†ÉË…xy €¨«|öþfEQLùìI’å%;)/Î£8ˆƒ4 ¯ê‰n•»¢«Z¡¶«´pù.¿Çþ˜¢hÜ?_¤Ø}žï+Kø*¬3›š’½÷¦·½ªë +Õ[.i3W²çx%ÛSWzGv°‚m/â+½5]£¤2šæ6XQÙ:!Í£e°pôG¬{³©õÀöHâ +ýàß¸E^¬ðO¡mUó™ŽÓwSŸÙªi!»4@ÑFÈömk:9!>ÐwÓS£ÒŒ>Åk'èlÝ‹q]tãÛ¡k.\Wg„Îþd F{ñÌ—¦úT²€Öå£Òn]pé•@>áÑàÃ|NÈšÆyÎ"”î Hö€°.•Þ:Ë½˜ÊÕôèûÂòž½ñ@…i¥Ë7dZ×Á‰¨Œ$vÏuMÖŽ èÚ8ðA…é½t—+;8úVY/À%ùöÛ„î\t…NÄä‘OhGž1€×%ñ#k´øà<8ŒÙ$Jo¿/ÈÐ2¦‰L/:rò+±ÈþûËþ×ñW¯-FÚŒö¹ûO|+*V5lú~-»[/NmÌ#‹IªÖ"A}&gÛ·À58lØeöJp9eKZ$Óñ»[ºZc"Í=Ö#ì¢oX‹ G3?l˜§áêy˜ÿyÅÄ)î $Ã…ÙOWåC>û2û @ž·endstream +endobj +1654 0 obj<>/XObject<<>>>>>>endobj +1655 0 obj<>stream xWMoÛF½ûWLuhœÀ¢,Ù‘”-à¤5â¢IÔXiuKr)mJr™Ý¥ýû¾™%e™-Š ‚(äî|¼yóføådJçø3¥ÅŒ.æ”U'çÉ9]^\$Kº\.ð{†¿NSqòj}2¹~A³sZ¸2_,iŽŸãIvúz«š MŸ'ôúãê–VÎÔÁÔºm›ÆºðtýYLÑÀøâ2™ÁÄ)nLº©ƒ³y›cëxô’¦Óîèl‘Ìùèz«éµ*[ÓÇÚ|>èvïƒ®èî”ýÞ=¥ò”êÌVšîµÛSc›¶TîŒÒ6P°T©zO&ñ¤â‰ L¦J¼µeÂîÏi<½ˆñÁ)Ã§U \ã¤-¨3í‚Bš{@´Q.çt%yUç´µ;ö²³î/Ÿ‡î´oKñëµ®ÉÔðÀ6šê¶Jž-¾‹À` ðªJâ7%?,žô×v=?(\ëƒS!í¶ððö–>™:·;O —C;¤Ü4Z9ª`ÁÑÑÎ„íÀ±Šy¤*ûËu'4i”S?ÞMŸw'góä2ÖÐDt¬Í)Àd8ã dªF]¨õ:'h·˜@(·ÉØ©,Ð[œýŒl€D>Ï7(§ìcíÇ‡z¢ìM©ƒîæj«®4¢éÃx 9g´—äéÍz½’˜nV+Ü´Áf¶DP7BÛ#2t9D£9*ZÙ Ë=Ý…Pw:¥ÔnÔ’3Dr|A2@Þð6„&¾kš#OP#‰Ê’+03æW¬ûpõ©ÏÍƒóF¿¤wï©0%šÔº ©µ/åºÍ°ÓeÉÿÞ¾½ú°\+Ž¹ ,f¶F'yŽfœþÒ‡"ÂŸÐ²ãÖÝSnãØ^;µGä[ÔscîaMìzSð}à2SJÁèÀÕ@²Lô!qÁŠÚ÷%Oè}"¶Îë32ímK @@ -3535,10 +3438,10 @@ F ›„}£}<u§Ç‹dÉóƒòn6_Ðc[òò0ÔÖ8Éo²Ö“i<[&ÓÑ½² 3¬ð8$PØI33«8Ë~ ÉeŽØ(·á¼‹ÿ”±‰z7§ªå†è_çî£ka…Ð:EóH(n¶ÂÙŠ"ÿ˜h…eçüÂ6,«:]Ñ„»fÝpä«4á®à¨Ž¦€ðãMiSUú?QZY[¤xÇ%“ ³›„l1µÿ®VŸøãj‰!èäÿ04,”´>@@ð@¯0*y)@÷ûFg¦0\žC3Æö$=èÏ£©Â/d/1Áë²@×JS¥Ãþ7›Š™ój¦°t—ältƒ&éRG}”ZöâcÂÙ^Jlj21§7ÈàèÒÝéÕêŒÉÛAÉJ‹:ð”PãŠä5‹e„õXü•&u RrwŠ_Üp0èã=)º¸ÙëFÊ›\oeàóÁfwŸ‘íÖ8 >Þm±¿ÓÕúû5[ÄŽ‘‹jˆ‰üyè–±uªk¡ž6§£¨6Xl¼âäFÅu±vØS¯‘r<ÍuænÆ2–·Sx\Cl;E‘°ê^¹CÃK7»TŠì6XÂg!be‚€Ë.HÏ°œ>#•óš¸§»†*–ÌÓ]Zk6"ÉEÖÚœF€b”Ð»Ó0sØ¶ -»´*ïX;¬Ã÷\~UîF”ˆ?—Œb|gÝÇGÌ ‰®QÉY\íxü!ÆÎ~ñŠ÷?5p<º¶ìV?AÈ`yõË¯´ÕÚ±}i5>€ì¨yç{Æu˜>Ž!`„ÙÄå3ÿxí#ÃReÇ®yªw0ðÙq›9Ó`²ª€ÍLŒuÅw¯M#áÞˆw=Ü“ªÕOŠ"+’$$Øéäzyô7ŸTßô±x¹¸LóehËlìçõÉo'¥ÂºFendstream +»´*ïX;¬Ã÷\~UîF”ˆ?—Œb|gÝÇGÌ ‰®QÉY\íxü!ÆÎ~ñŠ÷?5p<º¶ìV?AÈ`yõË¯´ÕÚ±}i5>€ì¨yç{Æu˜>Ž!`„ÙÄå3ÿxí#ÃReÇ®yªw0ðÙq›9Ó`²ª€ÍLŒuÅw¯M#áÞˆw=Ü“ªÕOŠ"+’$$Øéäzyô7ŸTßô±x¹¸LóehËs6öóúä·“¿¥hº=endstream endobj -1664 0 obj<>/XObject<>>>>>endobj -1665 0 obj<>stream +1656 0 obj<>/XObject<>>>>>endobj +1657 0 obj<>stream x•XÑrÛ8|÷WÌ²*uŽË¤DJ–d×ÞV9Þ8•½x£•»{ðLBb `ÒŠîë¯ dšöíÖU$‹ 0Ó=ÓÓÈ÷£”†ø—Ò4£Ñ„òÍÑwJ§I~å/i2£ÉÙ(òÃÁÇôŒ~5ôÇ«Ë²ñ09ÿëeéø,ñG=íönq4¸SšÒb‰£'³)- &ÃáùñZŠBZº J8'ÕkIKUJŠ„#å"ª ©ÚQe•®±47›M£U.je4Ý‹üAê"y»øv”eI6L)Î¦Él”á˜ãß?/Þ_,TôŠ”ö›Gµ‘Inô#6çƒùÄðc½«$~ôÇÁhSÓ‰ÔKcsyB‘Û(‚ýN]îøìxHq:¨8õD”¥Ùº<÷qÅ/›s2þNXÔ$¬UHÜš ÝÜÒ¿”.°Åá,húÞÈF’Û¹Zn|¨¡8›$cÎðË¤–VÔ²à`æWŸ¨à,¢¨…²2çgHn~õ=}ü²=$BÂq ƒkTj["EU•-Ïƒ½êØqÈ›ðÂ¾¦Žúª´ÙêÀ¸ÚàLO%‰Ò™þ‰[U¯:P«ÅÊ§6¸ÎÛÓc”NJ{"ï²É”žŸæŸÿ‚æÆÕ.·ªª[@^àñlÍ¾®™á.…¬P×Ì–Ñ=*¹^ýJæÔc¼Á‘äU‹{ðxóñæ½Ïà^ð»]êN¨kuˆ5¤yÀ!M“áh„†ÛwÙÙ°Cûø@Õó]ÑyS¹øÿÛ>eÉt:¥³ÂäÏ}œÍ’ôœâéyhµèõd¸…- Yq×kÛ„¯\mªÐß¬$wÇÛµêŒg%VÒÒh¯\À"?üY‹éË´ÓOU)ry÷–ûO’ijÈ’¤*KºÇßË Ïb|š(ì‚ƒôph(s44‡Ñ@{ü+Ö#Ô8ëŸN`>ÿÕ¯WÚI¹Ä{6F£?ªMh*^ =ÕPS¿Äß†"eµKèÇ¼Î×¹<åe½ƒCpØŽ_a´J¨¶qNÝ—;Zè—ÐÔè€P4ÿíy÷Mìöòñ‘§‰øA@[qôÍ*(JÀÛ)>„ò’itÍr©~±¬_ùºÀë ²mäkazÄöR’„ÞòdEo~ŠxŸèçáø—7ÑŸÆûƒ!pFÅµ±ÉZ´‚Úž}ºüýÃ×Ëïÿ>ÿ|»¸½úòq¾ˆP„æElj£JaéQXåYÆ¦¬Y…Z.Q¯Ðë\TèõRýÇ?¾{»—îPõgiE®¥;õá5°OÄÌ¸†G€tØªOsn @@ -3547,61 +3450,61 @@ x ¾7Çxäƒh‹tsakYhL6É¸¸ìèÃúà¾öÖyª%0c_\Œ%µUî õ^Î·Æ>Ð£ bÉúè--xp!wÇ+c0óû¢p/ŠŸ°Á÷“ƒÓÞóï !Ü_‡SPÜ*¸wùšƒ~”h”ÒD«åMLiõ”F^¾ª¡ÌK¥±–œ/:Bz¸jx*ŸÃZ‡àÊ"Í&§,w¸¢l»äwu±wdØŒ¶Þ›<(P¢tBOÙ÷¸½h>‰+ŒÅƒ*´`SÁgyÚ}_z{å£[t¿‚¬ŒCïLdˆËwYÐŒ–_\’P´°”Ð'6( ³ù^æ -ëO„Ò´zÉùt{Ž?Ç7,úñ¡+b¶{®’¹Z*L>_¡ÎÃ%;ÎÆážFD'œûµ× úËÃÿ„UÄ±®gíÝ(“Ù,£Ét”œOüM÷öòæÝ%Íù†{þ÷ oø:éåÃç‘N¦Ép6‚_"´âøj-*¶·éY‹Èœ‡kãmSUÆz OÇÉt2wó!oô~qôÇÑ‡g!endstream +ëO„Ò´zÉùt{Ž?Ç7,úñ¡+b¶{®’¹Z*L>_¡ÎÃ%;ÎÆážFD'œûµ× úËÃÿ„UÄ±®gíÝ(“Ù,£Ét”œOüM÷öòæÝ%Íù†{þ÷ oø:éåÃç‘N¦Ép6‚_"´âøj-*¶·éY‹Èœ‡kãmSUÆz OÇÉt2wYÊ½_ýqô_‡g!endstream endobj -1666 0 obj<>/XObject<<>>>>>>endobj -1667 0 obj<>stream +1658 0 obj<>/XObject<<>>>>>>endobj +1659 0 obj<>stream xWÛn7}÷W”9Ð®.–%§@ÜÔjØ[«- ¨]®Äx—Ü\)úñ=C®UÎ¥ j#Ž´"çvÎœ½;Ò¿CšŽèlBYu2H4OÓ3_Lù5þYIÅÉó“þlLÃ!ÍÒÑ`H“‹óô|rAóœpo0 yÖ¯”£RiIµ´®¹tôò÷»{ò†VBçäW0§JÉ²¦v¦^e=2:“¤<9rM–IçŠ¦,·”½–ÖËœ?Å%8¿=P2‘ÔÞ*À¦,Q×ï8µþl@/˜m@z4NÇŒ4"üX|°û9<°§€‚!Jv5¤ÌÛcƒûó‡–¿lðCgp¬6h‹P[.´'¢Ýí©šƒ\(SàY¨=ôÐµ‚Þc¦l#C—L|Ûî¬•EKêh4HD¬³Ë«m‰\3˜ |ë$‡Ó=ó£Á€Ó8‰&œG‹Öè»”®Úš†6a£åÂ„™É%.£_trpáÈ¹ÐÄ˜nÅÍ–Ñåç~Þ¾ÃÿSõ™ç±ø²(dæÕš[ÁI<~ž·ÅjB‘=òG\,Óx*ø^[Ã2lB¯l#o„óå¶Š3Ç–ÂŒg¨Áçýhjÿ™yÕöÍÝ«›7U×ð÷&2!¶ÎN©÷|ü‹áR'A$¾±ÊC¨ó ;Ðpš ·’eEôá,žjaÚ–“fZß…e‰9¢ƒ••Y·ÍœB½edÄI·aA™¡ÀG„,&E#j©R%¸Ûƒle¨E«…aùE|¢’Lè³5Þ÷èY$*ï1ùíþ‰Wž%135¤¨×2ÞÔY( öì¦é£”uäJËBÏ”x×È÷!|G¹NLÀV{ŽbŽÚ“SSãF%4ë›•¥Ng‹<‘Áf!¼±-0êŽ¾kˆÆ:‹``KŒ;0ØA'ç dÀÏØ\‚%ž¯9žÎ]î‰Bnö^K2„€ü™‚V˜Væá5Ó/4…¸P"[aÚÙÓæ(W¾A6»ØA>rdaN„å'Ùçp¹Ë–}yÌë]£”FÄe -¹¡ èFþ¶ …DI²ÖÐ…#çœÆ0®k5§Åqõ¤ã¶D©+a¥gãUˆ£ç°Ñ-±0ø,åÙbö‚†Óv<Ÿµãyxžž1*2u½\¡g]¼t¨KÓ´”‡¢™+±DÛ:Ä´–Àne6ÑX$dÛÊˆ6Ž§[Â³ÿëgWºvYxvü¾íGº´À%K°íîy~è.¥YKHf+dXªÀÏ‡îËË»ëùåÍ‹¥ôA±x§œ]ß\%³×¿Ý^Îï Xìû72>ÕjlŸ*TºÃŠóŒ¼E'2˜ØD’aŠßs&1¿cÓÇvÍ›p sè–»«û;ºã}àÎš‡Ó0Åm>‰›ôg"nlÝû×·WóŸù)>mê&œPÌçÉý0ñÿþªÇ|ôtt¹„{e‰]°ß(»ÞÔOËô!ôgí÷¢áß™.Îh2·'ç¼Þ_Þþp‰Jš·ÜÚ?š¬a± K2Gšì®$Ó–Ý¼û¥OÇéß¹ðe+ï¾²«ùÉ¯'ÿ -4IØendstream -endobj -1668 0 obj<>/XObject<<>>>>>>endobj -1669 0 obj<>stream -xÅV_oÚ0çSœà%Õ–4h¥>Ð4°H-dÄë/nbš´$ÎlS„´¿s[Ë@µeNd%gßïwÿü£æ€&´Úeµ+R;íÛpdŠí.~Ä`[¶m‰Œô‚àÆw{Ä OƒQHBwìä„<Öl0Ûêâ~ÜVŽŸ‘ï¶î.¤â…Üºo•ÿÒ–»áµå~BóXF *ˆS¨™¤EÁbX¤*}ŽÏæ1+N¹‚©àÐ| ƒ„K%£´P; ©/çŠŠÎfT¥<|UÂ@.Qo¶“{b\B½X+A xÈB0œë““\ÛÉûs+Þã^H¼ñvou°†¡ÂYqá´O«È6$Ï˜JÒü¡"¯Þ˜S‹Y0H³ÂšÓt†ÖKÈèî³ùÃz*Í!a‚íU—X®ü‹ôù=0G·ùêæµwç»žžë÷}÷ã¼§ÑÆá¦‚}ÿà…”‚C¢ƒA–'4ÀúAž©ÿö -ŠxVP2*·¾ª>/XObject<<>>>>>>endobj -1671 0 obj<>stream -xµW]sâ6}çWÜq^Hi`3“Î°²žIÀ7O¼[`mlË•Ä²éäÇ÷J†ü‘4ufˆ-KGWç+ÿ]kCÿÚÐ=ƒÎøqí›[kŽZðÜ%¾¸èáM-«Õjë×O@_OÙ¿c~ŸNÝµ˜í–ÕC¨ Ü—#Ü3»îã¯SÁbOR¿)’qOHÂßœ×}–É×¾à³8¨ïI”á Kóú)Rø4•@œ&åùéþ|7¡îÄU/Ž½$ˆhB*÷Ç¾r/DD‚ ,iD`Qx<™)g>‚°x¯_ßqníAßµ'ãæýøÚüåÌÌiæ§ea¦¸ÞÛƒá•BjŽ¼LxuaÉÐÊš¶Z¬…¹4àñRô½(²,k~ú_ BÓÇ“XŽ©P²,&2¤ÉêŽ26³¶Šý¢‰ÒzÜª=àôç‹¿˜U×—ðõû‚ö$l@òò•¼Ê]uŽ‹™˜Mî†îw{|cfÂ2gÎp`ìÁ3a¿U-ÔüÈJŸaõM1ž¬ù°×kO¯òsˆWŠ°ðü’ðGåâ÷^TñP!„òæRºß‡àLí1ÚA~Ô[Ï0f’4ÐÊPM/ŽÆ /†6¹”£Åj§ó–ÊÑÑøò¸`”z”3™¹³ÁÔq Ò[@†€ü¤èï¨òPÎÖ«°§¼U»ù…3&^Ôñˆå$ÞÐ€lŠ¥=KhŸ©'îëò _Ê’¡¬[-f^Ç¹8Y2^$Ø!BC¶µÍlk‹B¬Æ»,ÆhhBdBhv³Ñô4Íq@9ñeôXfv4æÜ*÷~þUþy?T@Â$Ärˆ…f‡®2B"–.,°± -Ëj@RT7Id“%’ÓÅZ‘®âÔ -Q¬o‘bÔxž'%,Å2¹ä,. ÝÒdýk7Üb|eaFA¥¨d„R¦—Íæf³±”:Õû¦º1C¥V(ã¨Xx -SŒ'îðnhœšŽR²æÏ.˜J=tx`:—æHKB`} à®ù‚é!x¬È*HñÌ¥%¢!‡3to‡##ÑzeÒ6J\ð.…(þ1M$x3·'Ÿtm);;×gÉO=É'"ÿ}4,ÂhB¶Q~ *šµØTÒs«sYÀ¸zÿ•ÇÈ?ƒjx95eµo|“µîNæÈ¾Ž&Ó»¾[ŸU§w5—úz.%Ù’3‹diÑ“>%„}Kß:¹íüËUîü‘µ4G=h·Õ·Uû¢kµzüÂj[gJÌ³þÝ·>îJö=®™¿VÖ¤‹…Ê¹`v[ê›¬ÞþÝêXàn«d†ƒÐÃ2£œwÏîE?â°ó×Žjºµ?kÿA”D,endstream -endobj -1672 0 obj<>/XObject<<>>>>>>endobj -1673 0 obj<>stream -x½Vßs¢0~÷¯Ø±/tnˆP=µéƒµè1Ó*'œO¾ ¤B‹„#ñœÎô¿ ô‡EhéÔ6: É—ì·ÙýöoC :ôN ÝoÝ¸p‘§àÜà‡n_|Ðˆ¦iàxÊdm~ìÜ64Puôñ;,ëÊs:iÍ'—døÇ²Ukj;öpfZÎÞüæáCÃû›JOÃ¤`¡œC3a\p/L„± i’R|6Ç«Ê‡÷w/5y6°cVqsS—ãá“;´Fnî'…³5A¯òáG÷)ÒþB ŒÃu¢Z)š7a„Öî=,)$Ñfµ¢>2Mi%)ÈtÆe¾?øiøïÚÓkÃùeNÆê¥17‡†j[ÆÐ™Ã¯cpézw4ö‹û0™:ÆÙ.snìƒ$˜@ª úªå¦â^=RºP¢ðŽ‚³I—,#{q¹§^…JvõAHHÃ¶ ›m¥,s‡Š¾ØJgÀÇœrˆ™ >)šRì¨=âžt²p Ð£âi‹}p´ÿÛBÓÛ$èW„^¶lùàIáM—dâß†"xÅñÙàù'[ð½>È /Á›ÇÀdœ>Å®:2¯ŒÑtv=øºäùúID°„-Ê¯ðgóÙný©Hø÷˜R" Ú -Fsbë<«È¯³6Ÿ³¯hÙø¼6ÂKì•Y“ sM¬…â±˜‹tã .8‰BÏÅTV†ððŽ®ïn:2ñÇAHà5fÜ(Œi%ðîÚ7Þ1»DT -TŠJZŽXŸÌ$eå¥xyîÚn¬<_°¼Ø(;fSå¹ žK¤—\Ã‰2}x®ñ”æÞ^ ’\³ynBÞ*j"UÜéú$B†ÐõA×e«w{Dë·±ŒÕÉ‰T){p}1@¹e·ÔpÉ¼ÍšÆåƒÅ’õiÚÓdá«è?I› âÐ\¯s¥‡aà†q–;½éuûX)ãäÓŽÄ0œÆïÆ{åŠÂendstream -endobj -1674 0 obj<>/XObject<<>>>>>>endobj -1675 0 obj<>stream -x½W_S£0ï§ØÑ—zN¬¶Õo‘Vf´åJ®O¾ Eá´„©›é‡¿@´RH¸ÑN²Ùýí.dÿäwÇ?Ž¡×‡`Ù¹Ä£‘g€øFÈ'Ð5]×Ý}àƒú)#øçõo7#ËEqò(È¯Ý\@>æ9£ÈÐµ!W"°6œû®{{B ,hüÒ½»rˆTãP'7€S70ŽHÆ²€Æ)ŸÁšÐ'ØÈÑæJ¨Mµ[Gó¦·6¾v&cteÏËFžk[ÎÈ±¶ßTŽ¢ñt[Lêöò.×G+Â‡ïgOŠpïOa²€ïJçKª÷ ÿtR}Òcˆ¯mpgÎÛ³*Xu “)¶Ïa/SäÒ8áÇˆÛŸG…zt\Ÿ²?h?óÀÉøñ~ŽŸBÀ+zO -~¸E8ÕÃ¬Ÿ®W@Úž·K ¤Ï«G'°æÂ–g.´ª+Õõþ'WÜã“"Ì? t¿jmu &ÿ<#eÀYC,Â;ƒBÅk} d †ÆŸÓóšøE«Q¯®!'¼gKþ“± ¾%K4rnìÑtvkâš¼ÐVdéÑ®¢HÛŒ¤Y+]£ËtÝÇ2±3¹S{ÖÌq¿ÐÝ4û?¾Ì'WZ«èÝ©"U)’Ôn.¬¯³Ì'©„/¥ä(™60e· –Õ©æ ,Ý”*« -f—Þô®»ŽY´+øáªêÊDE¾Vi¶í;ÔÀPÕâòV E»”}LÞÆðÒ”†ü¿j~+X¹eujÐ/9«uKT]›„³Lª;PNRÛÀž™ï¶‰"šê`…*Yž¢ÛtØõ–AÙA·JèuË”-kŽ{4‚aä·£?Ðôaßí8¯øžy{iòÖ…ü -W$X-Ã„ù,&I.‰ÞÐ@Ïo]ãTëi€£PiÑ5ùqRÔ¤“Á‰6èùõ„3Ÿæ6îüèü4¥¤>/XObject<<>>>>>>endobj -1677 0 obj<>stream -x½W[sÚ8~çWœq–6±I -´;Ùš@ÊLlpóÄ‹°E¬ÄX®$'ÃL~üIŒ‰v›®™Áº~ç|:7ùg ü5¡}ç-µ¯~í´ß€ÏàÏq¢ÕÁF ¯Ñh€ÔÀ<¯üÇZÜfÃëàüžáû7WÏHðD“°<·¯Ã‘ßû’%…g*$ã 4=ü}‚«ã 8CR -^XZ(Í8("fQhÂÓç$ôÙµ–rNà%bAdÖWèŠV˜³^®ìŠö˜-‘¾=pkòP0ôp,®5üiŸX¯K¾ xðÉƒ–±öûºS!rÈñ04ÍçTPíƒÈÜ7_ ‘`Kqø˜põ1§[©uÍIŸ ùªoX}›Ï–¨9‹é JÂ¥õÃ -P‰^¦÷×©ð@ÛÍ* $–Ú^T&(È¤åd¦ÑºÒ‚‡XRô]«4GÈ b"%Z5ÎÝOïÑþâ•‘Ëý<²oØ"uÇZiôÂ´…€#ç"tÇD¨¥ÛÇ(ÁÐ‡i=fOüLÌ¸Ù2ý€´w€mp¯Ð:úÌê±àÆÙƒ‹”^P…å%`‚IÑp/µ£wzrfg&é¾èQù¼Ê}èâ¡™ô„„uŽaÇ\Æ¼ÚW½*®7ÅåÇ~ëïy«·Ó9@•×bb]IÃ{ÈæRÄ†žÎ§zÁš¾ö¬0ÁÃÔiÂÔqWe}=w jPØ[xJ®î©ÈäÉB•]->ˆÅFSs¹ÁL_’·B[½B]-.¼·HÆMó ÐiÝÔ©°ÚUWg3oê°°".kƒý_×v :_‚“®/ÀXè±È¦‚â¿STõ0¯[Ãn¿ªëþ +ÇàA·QoÝz]·LãÓlo°»¶ÇvAŠ¹x¿îº¿wåéãxÈ[¢¶÷ìôv5ù¯ §ý4›úK±Ùj{Î9~/6½3}9™to¿vñ–Åi àš™þò1W}ÜÕ·ÝÐ_˜õæ'ïÜ¯Ö&tì®"ÂS -/Ú^»ÕÁOR\ü¹¥1z~íïÚ?ª¤u«endstream -endobj -1678 0 obj<>/XObject<<>>>>/Annots 959 0 R>>endobj -1679 0 obj<>stream +¹¡ èFþ¶ …DI²ÖÐ…#çœÆ0®k5§Åqõ¤ã¶D©+a¥gãUˆ£ç°Ñ-±0ø,åÙbö‚†Óv<Ÿµãyxžž1*2u½\¡g]¼t¨KÓ´”‡¢™+±DÛ:Ä´–Àne6ÑX$dÛÊˆ6Ž§[Â³ÿëgWºvYxvü¾íGº´À%K°íîy~è.¥YKHf+dXªÀÏ‡îËË»ëùåÍ‹¥ôA±x§œ]ß\%³×¿Ý^Îï Xìû72>ÕjlŸ*TºÃŠóŒ¼E'2˜ØD’aŠßs&1¿cÓÇvÍ›p sè–»«û;ºã}àÎš‡Ó0Åm>‰›ôg"nlÝû×·WóŸù)>mê&œPÌçÉý0ñÿþªÇ|ôtt¹„{e‰]°ß(»ÞÔOËô!ôgí÷¢áß™.Îh2·'ç¼Þ_Þþp‰Jš·ÜÚ?š¬a± K2Gšì®$Ó–Ý¼û¥OÇéß¹ðe+ï^ŒØÆÕüä×“ +3IØendstream +endobj +1660 0 obj<>/XObject<<>>>>>>endobj +1661 0 obj<>stream +xÅVÝoÚ0ç¯8ÁKª-iR°J} i`‘ZÈˆÇ/nbš´$ÎlS„Ô?~ç¶Â@¬êÇœÈJÎ¾;ßï¾ü³æ€3h¶!Êj—¤vÚ·á+.´»øƒmÙ¶ $2Ð‚kßí4< F! Ý±r_³Átl«‹ûq[9ž^DžìÝ]HÅ¹w ^+ÿ¹-“á•åþBó£ŒT*&§P 2I‹‚Å°LUúŸ!ÍcV0œr3Á3 ù + —JFi¡@R!_Î !Ï©Jyøª„\¡Þì ÷Ô¸€z±Q‚ð…`8×§'¸ö“ÿöç^¼Ç½xãý"^ë` C…³âZÃiŸV‘mHž1•¤ù]E^¼05f³`f…4fé—ÑÜ2(æ‹»;ôTšCÂ; +ª.±\û9éã[`Žn<òÍÌ+oâ»žžë÷}÷ý¼¥ÑÆá®‚cÿà…”‚C¢ƒA–'4Àú‹>/XObject<<>>>>>>endobj +1663 0 obj<>stream +xµW]sâ6}çWÜq^H4ÐÌ¤3,¬gpÁÍ/ÆXÛr%±lvòã{%CþÈWSg†Ø²ttuîÑ¹ò?µ6´ð¯ ½3èœƒ×¾ºµæ¸€»Âç}¼ eµZ-pýú èë1û÷–ßÇS÷{f»eõêwåwo™]÷ñ7©`±'©_†” +É¸'$á¯.ê>K„ä_ +ðYœFÔ÷$ Êp¥EýŒ” )|šJ N“r‚¿Æâôp¾ëPwâªÇ^D4!•À‡c_¸—""A†V4"°¬@|;™)g>‚°|¯ßÀqnìáÀµ§“æÝäÊþíÌÍÙ`îŽfea¦¸ÝÙÃÑ¥BjŽ½LxuaÉÐÊšvZ¬…¹4àÛ¥è{QdYÖâô¿A…¦ßNb9B¦BÉrT°˜È&ëc:ÊØÌÚ*ö‹&Jëq§ö€ÓÏ:übV]_>À×# +Ú“°eüÉ·ÊWð"wÕ9.fb>½¹ßìÉµ™ Ëœ;£¡=¶‡O„ýVµPó#+}‚Õ7Åx²æã^/=U ¼ÈÏ1^)ÂÒóïIÀŸ•‹?xQÅC…Ê›Keè~3³'hùQ¯=Ã„IÒ@+C5=;:÷4H¼TÚäRŽ«Î[)GGãËã‚QêQÎtîÎ‡3Ç5@HoMòƒ¢¿ ÊC9Û¬ÃœòVírä'Î˜xQÄ–“xKr´ (–ô ,D,i }¦ž¸¯Ëƒ|.K†²nµ˜EçâdÅ8x‘`ÇYÙÖ6³- +±ï²£¡I‘ ¡ÙÍFÓ_hþšã€râËè°Ììi(Ì¹Sîýü«üóaZ©€„Iˆ=äÍ]e„D,%\X`cA"–Õ€¤¨n’È"&K$§Ë"]Å©¢Xß!Å8¨ñ4OJXŠerÅY\@º¡Éæç~¸ÅøÚÂŒ‚JQÉ¥L/šÍívk)uª÷Muc†$JPÆQ±ð¦˜LÝÑ\Ó85¥dÍ?ž]0•zèðÀt<.Ì±–„À"zOÀÝð%ÓCðX‘Uâ™KKDCŽæèÞGF¢ÍÚ¤ l•¸à] +QücšHðjnO>éÚQvÖÕgÉO=É'"ÿ4,ÂhB¶U~ *šµØTÒ®Õ¹(`\¾ÿÊcäŸA5<Ÿš²Ú7¹ÎZ÷'slßŒÆÓÙíÀ-ŒÏªÓ»šK}=ˆ’lÉ™E²´èIŸÂ¡¥ïœÜvþÇå*wþÈZšã>´ÛêÛª}Þ³Zý~aµ3%æùàöëw%ûŽž +WÌß(kÒÅBåÇÜ0{-õMVoÿnu,pwÕ2C€aèa™Qº½®Õ;ïãGvîwUÓÈýUûA“D,endstream +endobj +1664 0 obj<>/XObject<<>>>>>>endobj +1665 0 obj<>stream +x½Vßs¢0~÷¯Ø±/tn@¨zéƒµè1Ó*'œO¾ ¤B‹„#ñgúÇß&ô‡EhéÔ6: É—ì·ÙýöoÃtO ÝÕ¸t¡?Á½Å¾ kº®ƒë+G ÛìØ½kè ºÖÃï8Ü·íkkÐwÉ¸5_iƒ?¶£ÚÇuSËv÷æK˜‡ ïo*@–,‹Ò +€¹rÍ”2Îü(å%œdiFðÙœW¬*Þß½ÔäißqÍi9Ä!ÌÍ<†‡çTìÐz¹ŸFW„‡Q²Ì‡Ý§ûo5¢Á(Z¥ª¡ùpÅÀ`åmaA ×Ë% IF*IA¦%—ùþdÑ¿CpèLnL÷—5©WæÌ˜ªc›kh ¾ŽÁ…çß“$(nPìÃxâšç»ÌyI‚h ©‚v¨¶—ñ:|¤t®ÄÑ=w-¨${~¹§^…Š¼ú ¤éØ gÛ•îPÑáø˜³# å$ÐŠ¦ûGj¸'§2ô¨xÚbÜ-ÅH7Ðô×)úÄã‘ß„ ]ÇøÂExÓ™xÇ7_q|¾xñÉV|¯bÂKðæ10å£O±«ks8™Þô¿.y¾>GEá4eE‹ò+üÙ|¶›@¿A*Rö=¦”È¨…ö£‚ÑœØ:Ï*òë¬Íçì+šŸÕFx‰½2k¤0×Äš+>MÏÖ>g"€Ó8ò=Lee¸ïèúî¦£PŠ?Ö\¯0ãÆQB*w×¾ñŽÙ%&P„ TÒrÄúd¦õ c(Å‹-x{h»±ò|Áòb£ì˜M•å‚z!^r Óx(õá¹ÆSš{{I@$¹fó½8Ö4íÒ¡&RÅ®O"H„Ö°†! +X£ÓÕô^ËXC;*åôo.û(·ôŽø®¨¿^‘„£|ÐDÐ >-P»º(|ãLkk¨8$×ë\éazQ"“âi÷TëvzX)ãäÞ™À0ÝÆïÆ{äŠÂendstream +endobj +1666 0 obj<>/XObject<<>>>>>>endobj +1667 0 obj<>stream +x½W_S£0ï§ØÑ—zN¬¶=g¼DZ™Ñ–+¹>ù‚µ„©›é‡¿@´RH¸ÑN²Ùýí.dÿäwÇ?Ž¡×‡`Ù¹À£‘ßßóþO kº®ºûÀõ3RFð#çõo7#ËEqò È¯Ý\@>æ9£ÈÐµ!W"°6œû¶{{B ,hüÒ½ÛrˆTãP'7€S70ŽHÆ²€Æ)ŸÁšÐ'ØÈÑæJ¨Mµ[Gó¦76¾r&ctiÏËFžk[ÎÈ±¶ßTŽ¢ñt[Lêöò.×G+Â‡ïgOŠpçOa²€JçKª÷ ÿtR}Òcˆ¯lpgÎÛ³*Xu “)¶Ï`/SäÒ8áÇˆÛŸG…zt\Ÿ²?h?óÀÉøñ~ŽŸBÀ+zG +~¸E8ÕÃ¬_®W@Úž·K ¤Ï«'°æÂ–g.´ª+Õõþ'WÜã“"Ì? t¿jmu &ÿ<#eÀYC,Â;ƒ{BÅk½§d †ÆŸÓ³šøy«Q¯®!'¼gKþ“± ¾%K4r®íÑtvcâš¼ÐVdéÑ®¢HÛŒ¤Y+]£ËtÝkÇ2±3¹S{ÖÌq¿ÐÝ4û?¾Ì'—Z«èÝ©"U)’Ôn.¬¯³Ì'©„/¥ä(™60e· –Õ©æ ,Ý”*« +f—Þô¶»ŽY´+øáªêÊDE>Vi¶í;ÔÀPÕâòV E»”}LÞÆðÒ”†ü¿j~+X¹eujÐ/9«uKT]›„³Lª;PNRÛÀž™ï¶‰"šê`…*Yž¢ÛtØõ–AÙA·JèuË”-kŽ{4‚aä·£?Ðôaßí8¯øžysaòÖ…<†ƒK¬–aÂ|“$—Doh ç·®qªõ4ÀQ(Š´èšÀŠü8)jÒÉàDô‡üzÂ™‡ýÃÆŸ¿4¤¤>/XObject<<>>>>>>endobj +1669 0 obj<>stream +x½W[sÚ8~çWœq–6±$ lw²34,3 Ðàæ‰a‹X‰±\IN†™üø=’t›®™Áº~ç|:7ùGMüµ } +g,j_üZ£ß„?ÁŸãÄE!4½f³ ~P?ó¼~ðkMp[M¯ƒó{†ïß\=#ÁMÂòÜ¾>G~ï3H–ž©Œ'Ðòð÷ ®¾'àðLIž‰€†¨ˆB*D** < R‚âe1–ÜD\*–*n†ß‹Pê½0CP¢‚ˆ†º‘$Œ©UjÔôGÆ]ÐDý½Éx9"ˆ1 ³ŒÅŠ% É"éI¬ó ÁœZ2â/¥@À ²T:ÒgP¯x(#ÁU¤3 qÌ’” $ÅÓJ#Š‚%¯{÷ƒ«Þ¥Æö<Ï€/š;K=‡°êPµùI)xaqh¡4Sà ˆ˜D¡ ÏIè!²k-åœÀKÄ‚È¬¯Ð0g *¼\Ùí1["}{àÖä¡`è%àX\køFŸX¯K¾ xðÉƒ–±öûºS!rÈñ04ÍçTPíƒÈÜ7_ ‘`Kqø˜põ1§[©uÍIŸ ùªoX}›Ï–¨9‹é JÂ¥õÃ +P‰^¦÷×©ð@ÛÍ* $–Ú^T&(È¤åd¦ÑºÒ‚‡XRô]«4GÈ b"%Z5ÎÝOïÑþâ•‘Ëý<²oØ"uÇZiôÂ´…€#g"tÇD¨¥ÛÇ(ÁÐ‡i=fOüLÌ¸Ù2ý€´w€mp¯Ð:úÌê±àÆÙƒ‹”^P…Ÿò0Á¤h¸—ÚÑ;=9³Ós“tß ô¨|^å>tñÐLzBÂ:Ç0Œc.ž$Ì¹°Á6|‘gaŒ\¦¢¢·aªŽ³†Ÿw€/ßé)—û 6Q?Ýöü†7v4/vu·?øÚëîn»þÎþw«zÛŠT¤ÅSù{TèŽÇ_W]06Æ£‰?¹ºŒ#]]{ÿ.÷ÃkÏdÒ )W?Çoc^í«^×›âòc¿õ÷¼ÕÛé Êk1±®¤á=ds)bCOçS½àM_{V˜àaê4aê¸«²¾ž;5(l„-<%W÷Tdòd¡Ê®Äb£©¹Ü`¦/É[¡Þ¡®Þ[$ +ã¦yè´njTXmˆª«³™Ö7uØNX—µÁþ¯k»Ö/ÁI×`,ôXdSAñß)ªz˜×a7_ÕuÐ•cð€ Û¨·n½®[¦q€i¶7Ø]Ûc» Å\¼Î_wÝ‰ß»ƒ¿óôq¼ä-QÛ{vz»šüWF¿–þRl]´½fç¿[Þ©¾œLº·_ºxËâ4PpÍƒLù˜«¾ÎîjƒÛnê/Ìzë“wæWk:ö‚Wa‰)…çís¯}ÑÁOR\ÜikŒž_ûVûª£u«endstream +endobj +1670 0 obj<>/XObject<<>>>>/Annots 961 0 R>>endobj +1671 0 obj<>stream xWÛnÛF}÷W˜+©Iê.ÙEZ¸¶ä¨hbµRR0¬È•Ä˜ä²»K+*òñ=³¤|Qì\ÐÊ°-r9³3gÎœYþ}Ð¢&~Z4hS§OQvÐšÔkõƒ>u‡|oãWKZº…Î tY€ YÿùãÂ=Ú†u›2j÷‚UW)Íªµæ^3jxŸ¶»Úµz=g×î ƒcª®xí—ùA8nÒ1Í—¸?Ä—ØíÚ¤yÔxFîó®ú÷?=Ÿ8h’ßjCx«ha¬ÔVñb8ÕŽ £2i×I¾ªn×4¾´Óãîél®/É«6¢X'7R{WÏŸðõ7OXz79ù³éèl2žœÑOþŸžð‰Ûïu²ÑµÌãýµ¯]Ó›Ëùè„.’¬ð§:É-‰<&.8)»–š::ö§BÛ?NRpÃ ~ir-i^ê…r&¨^Å˜ÏèDtöv:s.G³)¹§§ZQ‘–+?Éiƒ$}éC¹²2¾–Ú³ÿëÃ…côã ê?¿ÓåŽiA‚*Á ¹sGfãÒ=—7I$MeÚ¥V«6mÐô0v¸˜uRÚ$vM+¥{YJ[Z*M¯¦ô›0Rÿ*-Ùm!©àêÿ€þR%E"§$7V¤)¡Nu#‘00NSµ1'¼5TÍo÷¡ZØ1-Dœs¿ ”¶‹:òo¨ŽdzÆò&LrD~vû`PŽYá8ªSñÁåŽ¯Úý=LÔoƒÖñÝÞW9bôüÌ#ƒt£5’FàZZÈé2ðvQñf-µÊÜ}ä˜ÇBÇxºP&±Jo@ ¿•4r(HÐtznŽ8æaBŠà6ë»9´b!Í-8‘øÕac¸ú4ÂÒèÐ¬…–aT&ÌT,Ó‡©5:å>È……t¥Û#Ú¢™ØRi8Åé^¡X•–V†Ë$•f}ÍÂBØuhUèørŸÉ01!áM;®ž;†;â¡€,ü~§UÕÒQ¯Ð¸Ô®I7 ÏÈL‘Ž¡8M7bv¦FQ¤rS¦`SGX±#Hå”&yùqç-Pzå f’i©,ƒÂ o“X¨Ò¢ÞJÅ ¹Æ2·:T—-YìØ‰„vä\[[œ„áf³ >!¬mÞ§‰±A´Jj„w¶ DÄÈTF–‹¡É•Íµa”&Ñ5'æÍÖjã¹Þ9D6Bs¯’€Üü+‰Äe9Õ*4¦Ò×|Ï5(;Þ+Û& jGhQA¼ôBåòEÅœþŽ]wVø„ã04¢„'PsÖð-ti’W9E\¡«†w_º4Eczî³ÁÞË’ñù.À °z_£Î€ÿŒâçeörÐk5»Ÿ£?¯{\ðR–`>±´†0 f×5F…cCiÁtOîLRßmU3lõõ¥óyÕêíÅ{™W¤wZ}h\õ]3`ËÃ£",êQK+Ð¸¸/UÍzÀÃipÃÛ58TóŸyMá„n„NTé:ñž‰¸‹l-”JˆùJæRNdÀµ«–£—»ƒ–E$Üy”÷x< §xêÚÍª`„-1G [ÄÎj=º¥½Õ"7˜2·ÐÌ]©´&ßgR2b*ÇZ.‰ÖJ¹×%PZÖ?ˆÆÀ.`m’$Iw"¿‘Ÿ5(&HLI Åþ;RœˆTèâíäÁ"kÆˆ%ƒ`w"Ø Ãã¥®‚¼«D€û—þk([äqFðæ ¯k‚h VZdÍöef/[>=U¢ã]ì*êê ¡þ\K×ÏdÄ²{¢($È™9M&dåGðôÅ*?tjJ^TÚÃü°ÀéÜƒ ™ /Ó}Å„4É‚g\¤´.Ë=°ó;€:ˆbo ´€|»‘5¬„øy<™@´Ð8BHþàz m~{ -»—¯òY±h*wÓëþ ãÅjÈe[?™ôÁ#ßwêÂ³ž]†ãa-“>Þ¼†¼åt«7“Ùéë_NqvTXàÏUT"&ëÆ[ú;Ðä÷¢o>—uÝ`ÐV‡˜ãûÍ~?øž<jendstream +»—¯òY±h*wÓëþ ãÅjÈe[?™ôÁ#ßwêÂ³ž]†ãa-“>Þ¼†¼åt«7“Ùéë_NqvTXàÏUT"&ëÆ[ú;Ðä÷¢o>—uÝ`ÐV‡˜á}æ¿üž;jendstream endobj -1680 0 obj<>/XObject<>>>/Annots 968 0 R>>endobj -1681 0 obj<>stream +1672 0 obj<>/XObject<>>>/Annots 970 0 R>>endobj +1673 0 obj<>stream x•WÉnÛH½û+ :²cn²6É8 ‚$e¬9àK‹lŠm“l¦»)YóõóªI-#g±A\º–W¯^•~\$ã?¡Ùˆn¦”VqãÎáãÏO|‡&·S|V”Ìãð¶¿*éÞ?OâpŽgãÙ8œQwÅÏ~P2G}þ’à›évà&úœLèNÓwob4½ 6ïÝtW{ó£$oðlt{Ž©»âgï—ÑÇ1% -s8™Îg´Ì|ä1-Óá²5©Ú:Q–ä IQµ“æÍåòcºíÎ£1Ì.³!áoP6"«TMAC¥°Ò®“ñŸâñL[&JÃþR“ðD 2†…«Ê3ªÓ~? ÉµN†ªÎ5ÂŽçB®[†÷W½>5¹Ty)#?ƒ¿è˜Z;ŠãQ´ìÝDgÁœLö+(ä•çéa`tD¶PfP7ƒä¼œî ‰K®Eêû–©>€±À©J‚$ëÂï'c½n1î^|Ðâ£æzôšçGSë¸7tÃï¥…ÀSõF—¾>ókÿßk~ìÔøœ÷mU ³£€xšðòåOÂ1úñ¤/ßÑ ïw ×ŒlôQô‹àåÆëXw¿S „e‰I¾ÁˆÖíºà)á ‘vùèa¸jÑÖ¾³¯t-¯XË0Úš)nÕîá²/g‚x:áiÉàô†ßE¨ŸµÃ…4%f èÃÒí7×Ÿ®0Öóå¸¹\Äƒ/6Å±WP!ã~S#ÓÖ/â:©(³’©èuH¤ 7];ÑÄ%f(3 h,RÝÈçèAœÙ{XvØ¥¯ß{ðLz¹0Dç}â ~ -L' M§HìXdÃûwßÞ¿£…ÑÌøuÐ ×3ï%™ÎÂx~CÁ,Æöž “I8»º-x»§;¿Ÿ` !¥;¹Q©ô\ô¿L¦süJÀ¡Û9Ûú°¼ø~ñ/;„.,endstream -endobj -1682 0 obj<>/XObject<>>>/Annots 971 0 R>>endobj -1683 0 obj<>stream -xW]oÛÊ}÷¯ð%r*R–d9@páÄr*4¶•HnPÀ@±"WÒÚ$—á.¥¨÷·÷Ì.eSº½-Ð‘DrwçÌÌ™3ÃŸg=êâ¯G—}ºQœý¤ÞeÔ÷wùG/Ó°7ˆ†ü°3í éFÓ·³nÔÅÆ×ï_ÎÆC¬ô‡ÑeÔôñí¯Ršórê ÆQãKüîã)iuöiqÖ¹P¯G‹l .ú4ÂIÃÑ˜‰3Ð¥EÜú²ÑÆš¸T…¥÷Yeìû6%²y¢ò5éœìFRRª,;™NdÚ¦XçV¨œLUº´´Ò% Šeéî‰ÜªXôÔ†ÌFïrZî)X›óÅóYØ¥°wïI+ÜOçî¦‡Q0ñhêíÆÂHÒ+‡!ØêÙ5–6íuE¹” L7}N£tÞ¦ÝFÅÚCàö‰LçkcIY òÈ±ÙƒuÐÈàðFtÅÃøËJëLXmØßŠT%´nD2ÖY&ò$U¹¤®Ò„–i.¨©z‘pI™ì|ç¶KWœ#Øï¢»OþCøIaòézñù¯øž]¿¾˜ÞÌ¯o'ßqýíq:Yàûþavý8ŸPhn&Ÿ~ž|„ÃõOOlƒ]ë‚DoGûÇ¡™>›¹,´.¼ð€Z3±–sõ/y³ƒ7U‘Ê_Wû›|¯&^õÇðï˜4''Ëÿcylæ»4:,r||h{6ÿp'%fÚ(~|oš•§Úoƒ7ˆÁ£‘•Å‚Ûú_!«ªT~)ô§ê¬ßúÝyé -îßk+ÛÈ¶°´SvCŸgs5œ~#Íf°ß*ÒÊÐL–©[W…ñd{:w¬OtþÎ:î³ñmÇ2™-eéøÑ?P$±È)ÞhRâZ[¡R±L%¥Ê-é‚ƒeð¬¬¸–§õƒšÃÀÃ„=1¬Ó" U©3šÌgïD!Ëd+‘¦ûF}ÍØÆ¬ÔdôÊîD‰X@-þv3Á–àÅ!%Š7¿Ü?ÜáöÙ6…Œ^å^œ$¿Š -rxä"»“K¬±²\‰XÒV ÚT¨ÄkÏ9”ºˆÛiª‘‘©Œ9”É¼2‘{ÞÈç¸V¦•ËA…hð¼©=NòR£©H÷ËìkáÔ[•@l ƒaö4¯cALRÅÖ0A$eââÅzÇ®´OÁ˜S]{á¿±¶øÐéìv»ˆ9érÝ9„9ÚØÌIu˜AªY˜½}¶Í“©.¼+P¬ê—KäŸO|:÷R‹ÔÑº¥@pq¨¶[Îq(|4ª -«Á”_Vëp¥~É¤M2ßˆ<Æ.æ½±œ‡³µj³ï‚nK)›q…ÛCÓyÕn×u~¿@¯¬%œ_"Í†Š”»ÓVä*MAèûÇæa'†Ñ2‡èrà,wŠßûÝ®KYå+Í•l¤µ||Õë¯\Q~M€Knë~öj¤³#mÜáZuI„Ijå¿úØ†„‡Èæ*^èkFå[DQXt|x«³e'Õk¬,K]þ—'§ºjA²øv¯˜¥®À2Dá+©Y¨K1ãÀGj&ÂæÛŽÓ’hÉM²(*«C»/°3yQ-Fì«2U/º›ÞM‹0(úZ_á±(1m²U'rŽažx¾©ØÍ¤²S¯,b*`>ƒ•JÑ‚F×ãi•‡/zEàYñßO ²J%OŸrå¤ÜÞ²™©Lr2·Xñ'çwn¯0ÿóœwàßÆzßSzË#úª2Ì-ð›]Î+×Å™æÐÃ"‹ÖÀÜåâ8½€ŽâqÕ.°w%…êjØ¡Œ8¨o]³é¡”i-¦Zš½±2c¼ÃFWBÍE¶èÓ“‘“îÄéã)#–x#8aãf‰BÌø5{uš0Gød šÞëò=ºäá=œ…M"ÁxNšÕ V\–œ»•W”§ý°Bs¨J~SÕðÓv°ñKÀ'`æ÷ƒÂ~ño;¾ÃwnÇ‡W¤zÁø‚FÃ^tÙs³òüúîÓ57égLx;‹+Œ%ágO0Îo /»˜à“Öÿ—ÇÁå ºÄ[™›–¯®8¨“ÅÙ·³ÍÝkendstream -endobj -1684 0 obj<>/XObject<<>>>>>>endobj -1685 0 obj<>stream +L' M§HìXdÃûwßÞ¿£…ÑÌøuÐ ×3ï%™ÎÂx~CÁ,Æöž “I8»º-x»§;¿Ÿ` !¥;¹Q©ô\ô¿L¦süJÀ¡ù-Ûú°¼ø~ñ/;ƒ.,endstream +endobj +1674 0 obj<>/XObject<>>>/Annots 973 0 R>>endobj +1675 0 obj<>stream +xW]oÛÊ}×¯ð%r*R–d9@páÄr*4¶•HnPÀ@±"WÒÚ$—á.¥¸÷·÷Ì.eSº½-Ð‘DrwçÌÌ™3ÃŸ>õð×§‹)ÎZ?© ü]þÑ&4ê£?ìÎú#ºÖôÕ‹zØøúñýKk2ÂÊá`]RFƒáßþ*¥/§þpõi8¹Àïþ—’ÖOËV÷fHý>-×°5<Ð'ÆZ&Î@–qûËVkâR–Þg•±ï;”ÈBæ‰Ê7¤s²[II©v²ìf:‘i‡b[¡r2UQèÒÒZ—$(–¥»$r§bÐc[2[½ÏiõBÁÆœ-ŸZaÂþ9¼_&íp<ž¹›^8FÀÄ£™·#I¯†`[¨'ÔX:ô¢+Ê¥L`ºép¥óí·*ÞÒ·Od:ßKÊ•GŽÍ¬ƒÖ@ç€—0¢(Æ_ÖZgÂª8èÀþN¤*¡M#’±Î2‘'©Ê%íu•&´’H‹pAMÕ³„KÊ|`ç»7=ºäÁþ` Ù}òÿÂO +“OWËÏÅ÷üêûÕÝýìzqu3ýŽëo³éßw÷ó«‡Å”Bs=ýûìóô#®x|dìZ$z;Ú?ÍìÉ,d‰ }táõ€„Ôž‹\¨É#˜m¼®ŠTþúx¼Úßä{0ñr0G0xË¤99á\xXþ'Ëc3ß¥Ñie‘ããC;óÅ‡[™(1×Fñãx³¼¨ì"Õöx¼AŒ¼¯,Ü\Óÿ +Y½P¥òcH¡?íPgƒA4èõ‘ÈWppÿN[ÙA¶…¥½²[úü0_¨Ñàô™h>‡ýv‘V†æ²LÝÂ¸*Œ'Ûã™c}¢ówÖqŸ7hk58–Él%KÇ¯ˆþ"‰ENñVk”×²Ø •ŠU*©(UnI,ƒgeÅµô0«Ô&ì‰©`“KÑt1g +Y&ËX‰4}iÔ×œmÌKMF¯í^”ˆÔâo×Sl žY¢ˆpóËÝý-nÿÁ}fSXÀèUîÅIyð«( ‡G.²{¹Â+Ëµˆ%í” m…J¹öœÓI©‹0(±¦™Ê˜CA™Ì+¹ç|NjeZ»TˆfÏ›Úã$/5š*€ôp¿Ì¿vN½S Ä28æ…u,IªØ&ˆ¤LÅy‡8øá„˜ ìteƒËrœ*DË8ÛáâuPÉ:AiÁÂLãÀD¢tR07‘àó†OVùZs%i-__õæ+W”_`Ç’ÛºŸ½éìJw¹VÝGa’ZûÅ¯>v á!2†¹ŠúšQù$QÞîîDÙMõÆ+ËR—ÿÄåÉ©®Z,¾ÝÀã+f¥+°EøJªCêRÁ_Ì8ðÑ…š‰ðŸù¶ç´$Zr,ŠÊêÐ¾Ø€¼¨#^~«2U/ºÝN ‹0(úZŸ á±(1m²U'rŽažx¾©ØÍ¤²S¯,b*`>ƒµJÑ‚F×ãi•‡/zEàYñßO ²J%OŸrí¤ÜÞ²™©Lr2wXñ'çwo.1ÿóœwàß9ÆzßSúË#úª2Ì-ð›]Î+×Å™æÐÃ"‹ÖÀÜåâ8½€ŽâsÕ.±w-…êjØ£Œ8¨o]³é¡”i-¦Z™ceÆx‡®„"Zˆl%Ð§&#'&Ý‹¤§ŒXâà„MŒ›% +1â×ìÕiÂá“jz¯Ë÷è’‡kôpJ4‰ã9iV7XqYrîrT^Qž +ôýÍ¡*ùMTÃOLÛÁVÄÏŸ€™ß^x_ømÄ¿íøß½™^‘Æè“súÑEßÍÊ‹«ÛOWÜ¤Ÿ0àí,®0X”„Ÿ=Á8¿%¼èa‚OÚÿ_‡ÃèoenZ¾ìqP§ËÖ·Ö¿Íƒkendstream +endobj +1676 0 obj<>/XObject<<>>>>>>endobj +1677 0 obj<>stream x•WmOÜFþÎ¯˜úKaßÇA"¥RAÊ[EÄEm%¤hÏÞ»Û`{ï:æò¡¿½ÏÌÚ5!UC${vgæ™gžÝ›Ð?:ÒñœÒbï|±7ºœÑdB‹ÞÌÏNi‘Ñ8Ç´H÷ÏO~£kMÆÑ«OW×t³ÿÊ…-éSiîèª6¥7åš®·Îëâæ V®©*[{GÑ×Æzå¢„>Ê?(U%-5-•Óág¾kw°ø²7¦xrœLá~ß®è‹]:²5[À?•M±ÔøßŠ*µÖòfiýæˆT™‘Bx®ReÉ¨rKÞš*]›ÑÖ6ÔªÒ'é<™±Åá/ÂÑwª¨rM)ãû6¶¥ÚZOmòŒœö¤¨âLI²!SJ–ðî\S¯¸Å8B,l© 2ptÑs~;ºÓ³€~<…àˆòJe¸™â*øì/-CKqHñÅ|<;C¹ºW·qn ã_LÆÓYÿŒAÛ=¯÷E§ó"!e¹ô7]oQ r p‡”¼íp˜Àß®âéÝ9W'S^"íÆ¤>Î˜¢\+S;s@ñ$…ŠpÉ•ó„<NÄéÔ–™Ã=ô\mµ¾±º}ý.A!$bJmƒÚ¤¶®uêóí‘PF[„^jÛ8vÔKÞÉÁ¨rÞV.Bt¹×õPºnÙ=çrP”5E±á‡È7š€Ù×È1àÂîe¶üÕg¸èf_¯Ÿ“)Pö¤pX†¶b$,Ü1ë:ÒeXýAåVmbªP¹³ThUº#x¶ÈU{…beµêèpßàáôíÙS7¡Iº®Js£¸¢j€7C& Ž®U±T|C9pì*ksf<Þ!ò°BŸ×ª«ItB¹Vß:›‚PÛ€ Ù•è©vÿöæà¤Ès–¢À·Mb†¡vCà½µ¿ˆðœ+Ìv \Éë´6œÕ¶B¦L) 8 ¶nlZkÔ‡áÛìr t£Ê`Z˜@T*qsB¨;’³=ä,1H¼Œx+l¦ó#‘¦>òUVfVŽ£ÉÙõ ¬ÎaÑ)S\k•m9ðB!ï–?0i‡wkë[›Ó½S2ÿžˆögfµ`G—ÈÀ³¤ò9-üc#¢÷ÕóÑ¨mÛ´iîä6xMl½uWÎ¡œIº6ìãá4ê„é\#D-ðÄ“?s†Žgâµ•7 sÖ tÀ÷2³`ÔÈ/¤1úqò‡)3Û:êhÁÀÉ6MÁšÉBO‡óì†Y¬rt¦“gæmêFÜ$¥wÇ…íZÊ™L‡©%\cìqç\öÐwÃNÕÀ]!ÔÙ!_„ä7¨4Æ®¼Æ ˆcÊt…àšv ]]]Dè-~h²`e2jkã¡;¿ÑÕÛ÷Q¼“ ÜÐi´ ˆãü!¢¢ñTÀv§ÃîÖT‚CPV‘“µ¥Ì°.c,µ‡>Ù¶†üë:"çÑõ?Ðznc±/¿-[U‡ÙÎûD_õH:èqÕå¾ä¿/FÓw£?¯úÚ‹hÇa É€…i…ÖnËÜ*Ù5#ò€×iS9¡3+—(â'±c íN ÃÉú{Â¤·!EzÃNéµ>@ò°1ö³»Ñ‡×}¸ ñJf¼¬“dv<¥xzšœá7–šß@‡u£jì;ƒ€3•ºb—„òvÕí=Î“ñü„O>:ˆ]²Ìª"eì:$À5¡íÐ¼äìP MÒÉ¤G˜ØÔÚ2*vó’÷”O Çã„Ö–éúzJ×ÉÿNI¶ 0ºï»Š&:Ä¾%ÆG¨ò„aš K‘ZB¤ÖX›j§Øv–¦T¢Hs°QÊDg 1T–¹bÉ´ýªjÌQt¯F} Ý,l6%š"Ïy|Š}§Ô`±’ø¸k2¡y·àÑïE·ÂçvÕ7,Ö÷O°!Â|‡üî“S¼üd[…ÐãÏaøèVß>™qrÆ&lô‰7IæÍ“o1üÞ\<ùzÁë=¢êgÉ“†R[äÐ}>üÔîþ#µ•¹ÿ$y¾¢%:ƒ)jÊVƒ5WS‘ÊoØÏèò¬û¨šÌO“ñÙ1ÍO§Éô›~¶ýòÃùK€e¿@éÂ¦M -mø,Z$‰OÇb?9INzÏk}h>#A :–@ìoÌRA…¯™ÍÏ’ùÉ_up‰…Ÿ½^ì}Üû¾Su¾endstream -endobj -1686 0 obj<>/XObject<<>>>>/Annots 974 0 R>>endobj -1687 0 obj<>stream -xµW]oÛ6}Ï¯¸Ðšf‘,ÉŽóñ2´k·eX»¬qÑ ËPÐm1‘H•¤âº¿~çR’“&Å6`h'±LÞÏsÎ%?ìe”â;£ãœ¦s*š½4Iñd÷ëÍ{Ùñ,É(;'sjh:Í’|xWÓåÞóÅÞä‡e-V°4?9¦E¤´(ö’V’r$4ÉÞŠÂ“YQ³¥ïß^\’“öVÚ'ŽZ±–ïk³¦•ª%yCª®;‡õï*I+cáa¥$¥‹º+%þñ²qgO× ¥ÓÞœÏ’"Ø§áKé•ñ²x~™§ù1ÝtÖÓ,¥?ó|òÚÜNò4ÍÏ²éYvr–NéÛ4KÓ¿PŽœè›FØé•^³‹”â,MNþ¯åü«Yž~5Ë³¯fùè«Yž?¶|¥q>çN.* s#ýl–tþ‚¢YRk•öÀ—Ñ}Žžˆ–[êZŠGX+h3véÆJÃ{aZ%÷%-fYŽ(š‚>ð ŒGw‹’$äóÀï*~U‹#cÉUÆúÂ4€#Œ‚S`…•ßñž,™MsŠóãäÙ4c4œkÑ ±4·’Æây’ÎxU •¢®·¶ÓÞ¦…D‘£¥„3:h)¤sŽ§É™•ßÀÿ]í¯ /ð•íÂÎèÍùEtõ”@ZÄ†Gà<þÛyo«S…¨‘’”pêº‚í¯:¤–â¶7*ûrò›RÞªBR“Z±ÅAQèZ4´©X0BåÇ}G¾êm“éXm†ºfƒ0< má2q¶¬NKT ¢½ü´o¤=o¢ÐßP¡ˆ6h%9~Wf¬ÔºCHµ`R…Çèl®wEGµéCg<074‘šÄúFüƒË¡´Ú õò£t”GP†Öê¶—Â¥qØL•Zs•ƒ1öjME-í z€ý®k[dõ°üìimM×ºÝ'»è°«‘B†€Pä‚µR{ZŠZh´6"„ZÆ]‘îš%"Aþã²ÔãÜ{êT}‡y;u-žŽ@è8dt¯ÐK‰þôSÁIÐ‰):„*dTéÐí¡ÞŸ£\ôN{,—R+&DhûRApÜ‚Ç(Št÷¥‘N?ñ´–:¡(@ JÒZ$ß°Ìú•5M˜dc²Æ£´ïJTÔ -¥‹ÃÆX·h BBQ`|üˆ¾ÏCÑJüpñ—Òyr[‡q76pj]oz†‚°CÔ ¯ªC`ªmoeÏŽ:]"°HÖ¦åGah>ò{‡sfRhÀƒXF´Å êï"àP:/ê*••…w‡uyB›‚l€‰—3’Xi‚luñ jæò"œ:ÄŽÕƒ± w`=ØÅëî˜Aˆ7ë/Àwœñ’g™IçìÄUˆqÂ›ô¬q“~Ãx+ÛgfÜ3ÉSbÚ§7\ŸNÓÙü8IO¦4?Æ`ñMn¿‡ó…5×PyzaŠŽ'ˆðÊhö‚e¿%>Nq+÷³£ä(¡_T£øê¸|w@àƒy9Lù ðlf6?IæG9.l"ÍøÙËÅÞo{s²‡«endstream -endobj -1688 0 obj<>/XObject<>>>>>endobj -1689 0 obj<>stream -xXkoã¶ýž_1.°IË¯ØqRà^d×I»h7Iaß›M?P³‘E—¤âúßß3$åÈÎf[X$"53çÌŒöÏ£>õðÓ§ó Ç”¯Žþ¤þy:Où—~:¡ñpˆqØýÜÑTÓ/_½6¥ý¿¿6 a÷o û½ât0ý§ÃôbßçÇùQ÷¦G4_ Ûñ¿ÔK{½Íóc"Êëµ-Ì‹I‹²<™ÿqÔ£Ži^4§µzÿ,]–k~«{sFý>;ÒA¯OÁyz6ÀÛñÕ|~};ÿ|w{IE-Éi”ÕO¤+IŸþ{?##K)¬¤uí,¹¥¤`ó9Ä·ŽŽIU°up·[[ÓµKad·0êEÛÝóãÊ 0UY'EAzñ +ìüSÇ)Í5m´y&at]^ÙSÊõzÛ]éäŠdª”$N2uU©ê‰sPV,IÚeO+V™H92Q– ÙÜ¨µ£•¨jü½eðØ¦QOKGëRäò² –¸38KÏ8;Ô–Ë»¦¯@Ò Ú>ûF¢ˆs0I'ãÛ#Gªä&Ôî^[7A¼ §ymŒ¬âÍT%Ì¶£«r{Š¢;Z)©Òdumr ¨ -Éo¬~Q…,èñx+Ýã µ 2 ‰®ø6Ã|IÊÑRXÊ¤¬¨/²ÔkØ(·ô-e¹æÒ2^_Tn´ÕGSO -šÆû†~‚™Çãéô§ÇUÁh¶|æzµFý¢ÙW3ÿS¡™«¥iœÒgÇUÚQ2›¦P“&¬xÒ•.ïzõïºMÂ„„D*', µuV(Ô„Kî‹ððùö¬ço=¿NÆ”QåKi9à5 ‡ñlãî‘EaWY‚è,Ì‰N€šÍÆ·è~ŠŸ1ëò·©®>@ÇÚ^—~î°òEéÚ–[Ç>ØmpÙêb˜ +UhWìºŽ9ýó¾®]¯v^*Ni9–â}¹X.s§ÍÖÏ?mX–`¬÷ÕpòÀ—ïy¢vzw¹Ÿš%J0¶¤uÜøü|†‘'DÑ< qÌÄ%\‚¨Þ©êð’f;þ_áHƒÐ²–X28 †ïÀ‹Ô¿<¦…F'y3M-'×æÙ.òØ"SÛ<õ(7Óâƒšå2‚ì–vôeô]U’€äYv;bo~{²ÒõF/ÚH…ÎÉÄ'æ[! úsXîö”é‹˜…ôŸ%v¨±@ ‘”B\„ÆCÁß‡q'bÓvë7 Íâæí‰;–Q~á{Å|/ì|ŸV -ÿäÀorÏ Ó -£EõéíFÏ‹”Ìœ0Ž:ÓL:%YÿÇ'4s£Kº•,ý“%nÙ~¯ëÀ{þŒõ8,{‡ˆ3‘??…“!ÂÜ„bàWŒº7ˆÜ8%m’Ò•P¡D©±u##û}sŸ“M¦aQF½Dö=ü2 —XHÚïDÐÿ¨üE#+&à±L¦‘ Xgœ®R0Á¯¾ô¼†Îö"nÔžóŒ·Eˆ ¢áR)±É…™ -^0@Ï5Wy]bùŠÑu:~ž4½rGKp¡1eÑAÃFÜ¶¥4ÝjW¨¦äA'ª×nº¿¯Ø:Ï¥µ‹šØš,½ŸoDÏ‘ƒ§>…sÛ¯‚‹]9”(‚Ã»Ááï+ˆÉÏOYp–P`!ù“"ƒ˜diåÆ÷»&C¿¾Ðwó;ú¤K&ú5h¡)_Šêé¢š; GøXÂ~b(aÐ´>'áƒðËÅ3—!Èd% -~qôï òµ~… ŸXÒaŽ÷hoòŠ{é:¡˜ö?ü¸{3‰Ÿ–ýñyÚ›i|>N‡“ ÞÌ®¾|¼býüÁzšê¼^ažûžÊïvšW:ç=þ–>îÒQJ?«•ò©sJU½Ê AìÅkñz‚£Xü¹†6s6ž¤ãÿ›è øÙõüè—£ÿrÌH2endstream -endobj -1690 0 obj<>/XObject<<>>>>>>endobj -1691 0 obj<>stream -xXïo¹ýî¿b*àÙðJ–dËvû¡ˆc·Í5Î©°‚ÞµKIŒwÉÍr×²ú×÷Í+¯ûŠŠÃ%ˆDÎ7oÞõýhDgøoD—cšL)-ŽÎg4™LðçùÕ%þãÿJÓêèf~4üË9F4_ñÙéÕ%Í3Âù³3š§}ëh£¼Ï5mM½¡z£éCæ–šî¾~þp<ÿ†Ûi¼\®Øñ<ë/ÆÓK -ß¶¶åËd4ŒùÀf¿7Ú×ÆYêm7±eŽ>ÑZ×Áçí/7w'ƒÊ*ó¤+Z™\{ZU®øsï÷Gñ’M0ëiÑÏt©mfìš -(+ck¸œÍn H¸Ô¨Zg{8ŠÅ1¹U-•MMŠf?¦VnË¡%g´OÛÇÅpêåÌùú!LYS©ªýwâT²DHõ¦ñrƒ³&_ãœþcî*V ?ºy zÿ§d4žœ_üÚ#WñWXïjŸªR¿{ßX_#-¾÷Óf½Åñ€æã)ÇÇˆÏIˆ¿Î(Sºzª©]½+KRU¨ÿƒÓ8Fy@'I'ÌíäÌ)YWƒ¦ßƒ¬ù -[U#{¥¯]é{|˜+¤ùR«G*ÛZ§kR•Ÿ’© ‘ÂûíV¤ÒkUe¨'"à ×ÚêÊ¤tÿéþŽ¼¦ž*ËV˜›ÃåòR®Þ)-¹àášøƒk#¹{ä+KiSúÁ“Í’ŽÉÅñ)m7&•>«ôŠ“P¹w¯!.Õ§©klÍ°šu+;|RÕ0wë!;òùá_½gªC8]ý¬ÒšŠ¦X?”–Ïú?Ád(6Éš¢ØÉdåÜAVLˆQá…54¨<³Ôf@–¼®›rqÌ—¥âz<8ÿmµ8»LùÇd'ö?4)ÔØ•\¡_¯0>I]™uSéž”³Ó^RYiÝåŽù°èçæí¤ë€¢P£ƒ¢±*ƒÔ ×ó³»÷\æßPMWÑC©u´H1 -¯Ì\U«¥ÉM½Ã±PU”,Ï¤˜0x£4ÎRsA«–htø,+—jPÞÔo#8žþ'×/Š‡ J×Ô¬\^C™€Ì?ÍÜÖSš|"À2úrÙëŠÅwkòœ0Öª´5étßsÿ'ÜCÒ]ÿKg±âunwdßñEÛöFí„ˆáž&¨l¥ÁñÀÝ=Ç™¥œWÛRÔNS±™ï«¡9M…Õþ-ÿ?ð÷MY‚+AGP…0{V¤²Ì0·!(a´TG‘8rŠ¾Ì‡ãÇá¯3Ž~,Þ)ùb‚^±ªh •lÛs©,/ô=ZÌfÛie-0µ‡ÐŸï¸êÌx•ç:;À_…IÑŒrd¸ds§2–¶&3²©ÇØ'¹ZêãIúÎb;*úæ– w:ˆPŽwíA×§5‰Zï‚g¼èï÷–à‚Û*BÞ…¸ñzÕäôi6cÇ¤êº2Ð÷PöWª šƒø+.Æƒ«ßÔµé^ÔÞéÉWœ06Í*`åtÞRï„µýg·œ›ôQ×=ð¼(¤aCÐZêµ±Ö`© &:2 K`’¹ -U¢äì/$:ïÁV¶³Ä¨\™xú‡(]Ò+îPs&Óah_"#<á3ã&@·;rpXQgä† ‹²æ5ë7X²Œ0[È›¢„„˜µå)ÊúfZ|wcm‹É@¼SVùV¿—-ŒB+“ç¢Üf‚…î<£ÚäÑ¶5sµ¨4V,®‡wÀsÑÇTXbB +rg×°NšÊ×t£¡Yñ†¸·£ÁøÚ¼À5ðXQ2¾Œ®)9¿Cd„i<À~R6E4Ì¡°ÑŒwdn7ÞÈéþ¡"¡;Ú'x1Ž¦>Ç½¾6ã´íx‡~YŠ£ŒˆLç²ú—t‰~ñ1ƒîU±Œë#DfÔ¢ÿ F2âÁ«€?ÛœM/øþ –3$·BÆhù8Ð~X¤µ[ég=õðJ•÷PàJ†Gæd åý@²ºr¹ .aÇ¹‹§ôïÃ÷8mëlÒù(ÓO@ˆp‡ ¢É¹ÁœÝâH³uÕ#§ú’ ä¬U€–Ûãá×ý®Gyù3…#mx²ƒƒjýp¥+´²1ý¿^[ÑI…¯Ò»Ò¤`ˆÁUçÆMo*ÖŽžÁxÃœïaãÄ#EbíÞCE+‹>Ú/9¥»‡ÃYÂJôv‚_"§@»Ð›>>ƒu&HwTçShá-qUŽsõ1jÑ^¹À¼÷K2çÓY|q7lÆ¡v{%>@9¶0:Ÿ-ñÓMl<Ôg‰Ž»q\ùÛðrÃ2¹AWñ‹Ñ?F]Mð«Ódp9a¶?|¸¿ù€yâ¾ñÒ~ëÒ†·y|sI{#¹<»æó¿o&O¯Ó‹qø±jt6aÓwó£ý°Û1²endstream -endobj -1692 0 obj<>/XObject<>>>>>endobj -1693 0 obj<>stream +mø,Z$‰OÇb?9INzÏk}h>#A :–@ìoÌRA…¯™Î’Óù¾êàòÙ„½^ì}ÜûIˆuœendstream +endobj +1678 0 obj<>/XObject<<>>>>/Annots 976 0 R>>endobj +1679 0 obj<>stream +xµW]oÛ6}Ï¯¸Ðšf‘,ÉŽäeh×nË°vYã¢Ö¡ %Úb#‘*IÅuýÎ¥$'MŠmÀÐ$Nb™¼ŸçœK~8È(ÅwF‹œ¦s*šƒ4IñdÿëÕÙb–d”Í“954fI>¼«éêàéò`òÃŒ²Œ–kXšŸ.hY)-‹ÃŸ¤•¤ Mò£·¢ðdÖÔìèû×—Wä¤½‘ö‘£Vlä»ÚlhjIÞªëÎa½Ç»JÒÚØFxX)Ié¢îJ‰¼lÜùãå{ÒYï?ÎgÉÒð¥ôÚxY¼»¸ÊÓ|A×õ4KéÏ<Ÿ¼47“ùj–ç-ßEiœÏ¹“Ë +ÈÜ +G?›]<£h–FÇÔZ¥=ðe4EŸ£'¢ÕŽ:€–"ÆÖ +šÇŒ]zãF¥á½0’Œû’V³,GMAøÆ£[ˆEI’òyà7¿®ÅÖ‘±ä*c}aÀFÁ)°ÂÊïxO–Ì¦9Åù"9Å_6 Â çZ4ÈC¬Ìä…1ƒxž¤ó^h¥¨ë‚í´wi!däh%áŒŽZk +éœcÆirfí·ðDo7†øÊvagôêâ2zû˜@ZÄ†Gà<þÛ{o«S…¨‘’”pêº‚í¯;¤–â¦7*ûrò›RÞ¨BR“Z³ÅAQè½hh[±`„ÊûN|ÕÛ&Ó±ÚuÍÿ`xÚÂeâlYV¨.D{ùißH{ÞD¡¿¡BmÑJr>ü®Ì6,X«M‡ kÁ4¤ +Ñ;Ø]ï‹ŽjÓ‡Îx`nh"94‰õø3—CiµAëåGè( mÔM/…+ã°™*µá*cì/ÔšŠZÚkôû]×¶Èê~ùÙÓÆš®uûOöÑaW#… +È):k¥ö´µÐhlDµŒ»6"Ý5+D‚üÇe!¨‡¹÷Ô©úóvêZ:;ÐpÈèN¡Wýé§‚“ S*tUÈ0¨Ò¡ÛC½?G¹èöX.¥VLˆÐö•,‚à¸PéîK#~äi#1tBQ€.@”¤µH¾`™õkkš0ÉÆdŒFiß•¨¨J‡±6>nÑ@…„¢Àøø}Ÿ†¢•øáâ¯¤óävãnlà6ÔºÞ%ôa‡¨^U‡ÀTÚÞÈžuºD4`‘¬MËÂÐ|à÷çÌ¤Ð€ ±8Œh%ŠkÔßEÀ' t^Ô×T*+îëò„6#Ø/g$±Ò!Ùéâ^Õ¶ +ÌåE8%tˆ=« b@ïÀz°‹×Ý2=8‚x kœ7-;Ù{DFoîöx˜6e Q PcPÆž~õŽ7})D³ ƒT`á¸{à[ rOc„¢ô‡õá@8#Š^i#N”7L¦QýûÎ@3S³˜ ®ŒÆ&O(íChýŠ8n•yÄÊÅ`¸^a.ÜË1]Pi˜×Š'ônðÌ +±‹½‰™Ea°íL7æ4ÐI×%Z¯ïº?LGô«4[]n!¢(-ôÎ†ã ëiVyßžO&Ûí6) ^‰±›É8’Ê7uB@k£“GÇÝófïÅR]14GC½C¿ØlX)EaQ–à{No”F”Ž^.'ùõä÷KºgKÏ†p¡ WO^<}Â6Ù|:¾ç2;Ë¡ÏQBK$É‡]žÑÚ}öÈ âc†•@ÙsÒ[Ã¾×-Î%à°ñ¤ÓŸT·LWå{ Z°Ôy˜+ûúÇÓòÏDi ¢®ÇÐoÏ½wÖÔÉÚí+úÅ5Œæß–4ÃéäóöO.Lª/ßX„0OX#¥Æ%"t»D%!y~u öbüç¨áüBÑóËCŽÆ„ƒf%VrLö ©c4;ˆ+ÆŽ/|(¬jýñýÐ—^µŒé·‡=%ÐS(Å’uPBà]e6¶¨uÌì0×:èµÂdñA¼Y9¾ãŒ—¬x<ËL:g'®BŒ.Ø¤g›ôÆ[Ù!3ãŽIžÓ>½áút:˜Îæ‹$=Ò|Á:ã›ÜaçKkÞCåé™):ž Â+£Ù”ý–x‘â +Vf'ÉIB¿¨FñÕ)pùö€À#ó(r˜òAáÙÌwÌÅüH˜8ËùÑóåÁoìì‡‰endstream +endobj +1680 0 obj<>/XObject<>>>>>endobj +1681 0 obj<>stream +xWkO#ÇýÎ¯(®´áñC¤{Å®!Y%Dö½D +ùÐ3ÓÆÆÓNwŽÿý=ÕÝcÆfÙDHfzêqêœªê?úÔÃOŸÎ4S¾:ú“úçé <å?úé„ÆÃ!~ãe÷sDSM¿|õØht–öÿþØp4„Ý¿µ6ì÷þ‰ÓÁhôOœ^Ó‹}ŸçGÝ›]Ð|lÇüQP/íõz4Ï‰(¯×¶0/&-ÊòdþÇQ:>¤yÑ¼ÕûïÒe¹æ¯º7gÔï³“Á ôúÔœ§gÃ¼_Íç×·óÏw·—TÔ’œ&AYýDº’ôé¿÷32²”ÂJZ×Î’[J +Q0oñ˜C|ëè˜T[g»µ5]»Fv£^¤±Ýýø8?®S•uR¤ß°ÂÎß1uœÒ\ÓF›gF×Uà•=¥\¯·Ý•~A®Hf¡JIbá¤!SW•ªžø1ÕiÅ’¤]öÔ±b•‰”#e™ÍZ;Z‰ªÆÿ[mõ´t´.E./b‰;ƒ³ôŒ³Cm¹¼kú +$ ¢íwßHq&édÍ0_’r´–2)+*ä‹,õ6Ê-=FKY®¹´Œ×•mõÂÑÔ“‚¦ñ¼¡Ÿ`æñx:ýéñ„DU0š-Ÿ¹^Q¿höÕÌÿ”EAhæêBi§ôÙq`•v”ƒÌ¦)TÄ¤ ÏXR>¢-V”¥ÞÀ¸ÓneQÀ+Ph³ÔàPÌ¥Ò¿a@gHm‹)ýƒ`ý)§½eI¥z–(E£2Æ#)Ôb‘@@~Û¶ÁgP–Oÿpÿó) +x¶™.Ø* °›Ë +²E\ûpF¼¤Á†D3Ä²l“>¢Kmh©VÝ%ä*ËE£Œ“ï*0e«k”š‚ˆ|TQ#DÙíZ[«2d»Së…‰¤Ö'A“oPOZJÙSCòxâ¥WŠƒŒ@rDvè[¡ÍX¼,ý¶6èMÿú|#½6K•/”UWb V<éJ—w½úwÝ&aBB"•HÚ:+jÂ%÷Exø|{Öó§†ƒ_'cÊŒ¨ò¥´p†š‡†Ãx¶q÷Hˆ¢°«,AtæD‰'@Í„æÆ·è~ŠŸ1ëò·©®>@ÇÚ¡™]Ò½¨déŸì,qËö{]Þóg¬ÇaÙ;d@t˜‰üù)læ&¿Ò`üÓ½AäÆ)i“”®¼€ +%JÙï›óœl2 ‹2ê%²ïá—!8H¸ÄBÒþ&‚ÆøoDåç@(zY1e2lÀ:ãt•‚ ~…ô¥çÅ0t¾°q£öœoí`¼-@l —J‰M.ÌTð‚iz®¸ÊëËWŒ®Óñó¤é•;Z‚)‹6òà¶-µh¥éV»B5%zx<‰P½vÓý}ÅÖy.]ÔÌÀÖdaèýl}#zÖˆ<õ)ä˜ËØ~,XŒìÈá DÞ-&ß¯ &??eÁYB…ä+E1ÉÒÊïwM†~}¡ïæwôI—L(ôkÐBS¾ÕÓ!)D4wŽð/°„ýÄPÂ i]'áBøÀåâ™Ëd²’…‹_}àã;¨|_aEÂuK:ÌñíM^q/=@'Óþ‡wo&ñjÙŸ§½ÉÆçãt8™ðõfvõåãëçÖÓTçõ +óÜ÷Tþ¶Ó|Ò9ïñ]ú¸?JG)ý¬VÊ§Î)Uõ*ƒ±¯Åè Žbñçz`ØÌÙùYz>žàJC~t=?úåèÿ+Hendstream +endobj +1682 0 obj<>/XObject<<>>>>>>endobj +1683 0 obj<>stream +xXïo¹ýî¿b*àÙðÊ–äHvû¡ˆc·ÍÕÎ©°‚ÞµKIŒwÉÍr×²ú×÷Í+¯ûŠŠÃ%ˆDÎ7oÞõýhHçøoHÓ'”GçƒsÇøóârŠ?Gø¿Ò´:ºžýå‚†Cš¯øìärJóŒpþüœæiß:Ú(ïsM[So¨Þhú˜¹¥¦Û¯wçßp;·“éà’Ï³þb4™Rø¶µ-_&Ãñ`ÄÞ0û½Ñ¾6ÎRo»Ñˆ-sô™Öº>o~¹¾=œPV™']ÑÊäÚÓªrÅŸ{¿?Š—l‚YO‹~¦Km3c×„Pø@Y[ÃålvC@Â¥FÕ:ÛÃQ,ŽÉjm©ljR4ûùŽ6Ze¸a,‡–œÓ>mlkÃ©C–3çë‡´2eM¥ªöß‰SÉ!Õ›ÆË Îš|s>ø¹«Xþðú5èýŸ’áh|ñá×¹Š¿êÄrxWûT•úÝûÆúiqð½Ÿþ0{è-Ž4ßO9>F|NBüôuö@™ÒÐSMíê]ÉX2ªBíøœÆA0Ê:I:©`n'gNÉº4ýÞÔ`Í'PØª1Ø+}íJßãÃ\! åÈ—Z=RÁØÖ:ÝX“ªü”LMˆæØo·"•^«*C=¹ÖVW&¥ûÏ÷·„à5õTYæ°ÂÜ<+Q./åêÒ’®‰?¸9ò—»I¾²”6¥<Ù,é˜\ŸÒvcRé³J¯8 •{÷âRñqšºÆÖK Y·²gOª:ËÝúŒœñùá_½gªC8]ý¬ÒšŠ¦X?”–Ïú?Ád(6Éš¢ØÉdåÜAVLˆaá…54¨<³Ôf@–¼®›rqÌ—¥âj4¸ømµ8ÿ0˜ð Ž#ÈNìhR¨±+¹.B¿^a|’:»2ë¦Ò=)g§½¤²ÒºËóaÑÏÍ#ÚI×E¡FEcU©A¯ç;fwï¸*Ì¿¡š®¢‡Rëh‘b^˜¹ªVK“›z‡c¡ª(YžI1aðFiœ¥æ‚6V-ÑèðYV.Õ ¼©ßFp4ù/Ž¯^@"”®©Y¹¼†2™›¹§47øD€eôå²×‹ïÖä9a¬U)h#jÒé6¾çþO¸‡¤»þ—ÎbÅêÜîÈ¾ã%Š¶íŒ"Ú Ã=MPÙJƒã»{Ž3K9¯¶9¤¨¦b3ßWCsš +-ªý[þàï›²W‚Ž +aö¬He™anCPÂ4h©Ž"qä(}™ŸÏ~ql]ðcñNÉ7ôŠUEH¨dÛžKe!x¡ïÑ`6ÛN(k ¨=ll„¶ø|ÇUgÆ«<×Ùþ*Ljôˆf”#»À%›;•±´5±˜‘M=Æ>ÉÕRçOÒÇpÛQÑ7·L¸«ÐA„r¸kr¸>Ýè¬AHÔzÄ8ãE¿·ÜVò.Ä×«&§Ï³;&U×•¾‡²¿RhÕÔÐŒÀ·Xña4¸üM]›ìEíž|Å cÓÐa VN×ê-õNXÛvË¹IuÝÏ‹B6Ôá¥^k –š`¢#²T&™;A¡Peà!JÎþB²¡CÐùle;KŒÊ•‘‰§Ÿ±qˆÒ%¸â8g2†fð%2Â>3ht»#‡uFn˜°hÀ ;a^³~ƒÕê Ëˆ³…¼)JHˆY[ž¢, oÖªÈw7Ö¶˜Ä;Õjõ`õ{ÙâÀ(„°1y.Êm&XèNÁ3ªíAm[3WQ‹JcÅâzx<}L…%&º"wvíkà¤©|M×šoˆq;ŒÞ ÝÈ;\Ñ€%£ËÁðŠ’‹i"CLãæð“²)¢a…]ˆf¼#s»ñFN÷í ÝÑ>À‹Q4u÷úvÚ|ŠÓ´ãúe)Ž2 2Ëê_:Ð%úÅÇºWÅ2®™Q‹þ7hÉˆ¯¾3¶yÆJL_y¦àœ¶"s²oq X2 Ì\q'.ÂDæœâ¾WX'ø{1ºW ß,ýëTÁ×ó$^6TŸ‹obïD¯;1p›¶Óø ‹Ýô)>T¸ä$ ö9Þ +ü„’`tÅï›%X5ûtGfE;×à…‡ëÊÒßfíÉ’ûâ¶íiÅ[éªR€lDm°û³‚y¡a*h½¢“¿†…ú¤‹g,*ïQŒWœVÁovöp9zàfÖÏg7 ÿ…bäé›Siu<&K<]`¬R;J7Î¤Qh89+ûÉ&à¼ÛÝ +„š2ÎVT“NFfÛ¾#†TÁ PB_s-1ìcv†¢ÿcÂ÷†ƒ‹ñHˆ~‰¿±»~Â•‹ïtaUj?Ú}é\Î8"ú)“|28Ÿ|àû×XÎÜ +£åãd@ûa Ön¥œõÔÃ+UÞC+u˜c%”ôÉêÊå‚º„ç.žÒ?¼;Üã´³Iç£L?e Â6ˆ¶&?äsvƒs ÍÖUœêK6³VZl7Ž‡O\÷»ååÏŽ´á1ÈªõÃ•®ÐÊÆôwlLüzmE'¾JïJ“‚ W34½©XK8zã ·28p¾‡,‰ ´{D,úh¿ä”n>ÍV¢—°ü¢9Ú…Þôñ¬3Aº£:ŸCo±ˆs¨rœCè¬aP‹&ðÊàå¸_’9ŸÎâ‹»a3µÛ+ñÊ±…Ñùìl‰Ÿnbã¡>KìpÜàÊß†—–ÉýºŒ?X'ø1êrŒ_Æƒé˜Ùþðñþú#æ‰ûÆKûKÞjäñÍ$ídz~ÅçßLº˜^¦“ËðcÕÕ[¾ýãè?€1endstream +endobj +1684 0 obj<>/XObject<>>>>>endobj +1685 0 obj<>stream xWkoÛFü®_±`Ô,êiÉ6Pv\#.šD±e¤EÝ'òh2:ò˜»£ýûÎÞ‘‰Â&ER$ê»3³³Ë÷ƒ ñoBË)Í””ƒ÷4YÆÓð”?LâSZÌÎð?~ÝLt¥éÍ`i~¶Œ—4?]âóFR6¸\F×sšLhá”Åé’Ö)aùxLëäè&£½nh'*GNS)¶’\.)5Å“4–R½«”©Ø(œ¦ÿ1Q…¬œåÏEIS[‘¦¶ÜDTX>ÎPf°"éÆÑ®PŠ¬tMýlýn0¦ád†4Öé_óWmŠÊýø7Ù\ \]ùóïD¹”këcÚHd"Ò=Çg¥y v1pL‚¢ZãUJþÄ¨M€ŠÊ:¡”p…®b`:§ã §Ëøtæãx›GÖ!GK…pN$¹LáõÃnÃÈObz´Î%¯ÂŸÕ¥Œé²qÇô¼Bô6—ÒÐóÕ=Õz‡OŒo"*Ú4{ªôXîí1çiexŽ¼u‚³H [¨}L¸¢‡VàyûxºˆçË[©Ô1™ÇíùýênÀ³E*ô¹`ÄtÀ%p\íÃ7&˜Eæ`O|Clqmô¤ïÃ!•”i/ Ï†£¦üV&Ð{v=íò"É}r©&Ñ8]‚€„XH´JT _¹+\îãÎ @@ -3674,52 +3582,52 @@ P õËmé7½¹fýVÒ}Êýž3^ÚÝÿŸS^ŠâäËgý±m1"Ð{ :¼´pÈ ê€ýÅ‹Ì£• Yêª£0ñÅ®Ð‡¹Òa¯5 {`«m-2é‰#{´¤\ê2í3ÀÖ¥ü§´ ‡.¸¹":‡³Ê¼ƒsyyÉþË,ÐrÐkÐY%ŸÄ%“él~õÝ;<_D$]·Q·åzàA@¡½ ^nad‹²PÂø|QAŒ Vé06GmˆË»«áï««^ò—3(k¯o®yïúlÊ(Aù”q ·¼L@‡ÿ…S×ç(q$ŸHÀ·ÒJõ~RéWòÏ¿©8Ž¿”Û+±Ûp„AQ_É°•-ŒÇž~Ç1ÐÀŽÚb*Å‡¢l`1M¹A£ídþˆémq+Ñë‘z ñR¯«Äû—ÞvÌ—øÂ -LÃ&Z†á{=µ#¶7Ùº1ÜE2ö.ÞL9LZÛ¾™U]#¯äŽ§tfÌP1²á¶˜« w?d:ž ¹gsæqý$LÁ¡×ð1,?iûiùZÎ§’ëî»PòþŽGhp¬-÷pÎÙeMå–P…£h§ÍÎ4¸ÇŒûB}8˜‹…²(š4-¸ñ ?þ³áÌ£–ï•4÷0Nhu|ðpÅ¯xîUÕòÖµös‰QoHyØÓäg0. ªÂl–È48<¬üs˜~s&ýÛúüiûF4YàmétF‹ìþdæÇŒ‹——<¼1Šx»Jšó”ƒàh†Ý–árŒ^‘}ÇX3_œÆ‹~›ã}ã9Ÿ÷ëzðfðlüƒÐendstream -endobj -1694 0 obj<>/XObject<>>>>>endobj -1695 0 obj<>stream -xuU]ÚF}çW\¹]eWÂÆ6` Q6Ù®©m6ZúP E{˜¬=ãõŒ—RõÇ÷\a[!Àóq?Î¹ç^?ŠñIh–Ò8£¢}H¦tgéÓ ÆÆx¶ˆšÌgxNñmï–ƒÑý„’„–kOÆ)eói4Íæ´”³8¦eq-èQT¹]•KÚmu±%í¨°UK%Il„6ÎSPê¼hkÐêúýVOd ýªMûå{jZc´Ùà–”ô¥÷Â¿«››å×ALa’Eq6EèóˆQaÍšœòžíš‚ºÑ¦[üL]¸×ÖÆújNYÿBÔtæ#£Y¶ 0]DiŸÆïÖ«!ùð¤ þµpŠDYR¢¦ÅjÏ Ò1±°Q¥ð`á‚t ¤ÔOêúq;3£v@”õóéLÕMõýº-ÂÜd›î’rmuÚ]Ý@uõÆØFÉ‹È8òÝÚ¶”„;U—ÿV¼(¬€s]¶Ê -…>t6T/ •ÜÛ¶ù1b¿ašFiœ€±Y4‡váÃšïÑNOÞ’´ÌšÙ8:5„òêRÀ?Òx]KVÊys'ƒˆ–[uˆtÃ|_@ûFv%ö´³ÍXgTæ RQŽëÁ\Ý‰YÕ€ÊšBIWtåÞ¨¿‚”ÙP0Œì"¦QJvT@½iM˜‚?m›í¨´ -öíû? l:Þ€³7(Së@ODÞ¤–’¤µ5 GR¹¢Ñ9òïD¨˜KªÅF¹K!H©ëWrµµ%Ñ¤îXï\Á]©@FDq½ÙiJû'å-Òùx–°ÓMÀU-Ýè[^ðÀèr¶5‹ä»œEn_Ô%G¸è*Èº²y©*7¤Úb”°?ÛúºõÜñXTï~âØ£û˜<µ˜øIO<m . -_èó4R¾ñ|è~d?þ9Ýøñ!ÆÐDÙþÃÚñÔaH½6¦“§àóÛ Oé8I;1°ÏÕµ¢Æ`~ë˜Ö‹’«›NÒg˜È £½þ»ïŠ¾b,Ò‚ À—ùPUí÷TjƒjòYÿ´Ó~{Dr#ÜPsÙØ-yn²ƒÀˆ'ˆè0J¡mÈIð0©EáÑ²û®J£ûùñ…áe1Ó8YDñlËëÇÛßÞÝÒCc¿*˜ÜÙƒÇxÁ -ç$0Á{“pw÷“i4‹è¶õ6¼cÙ±ðQÐ®ÎÔÉ¶“leS~™!NOyï—åàÓà_kÅ-µendstream -endobj -1696 0 obj<>/XObject<<>>>>>>endobj -1697 0 obj<>stream -x¥WMoÛF½ûWrrP[‘d[vzK‚0Ð8n =ä²"—âÖä.Ã%Å(¿¾ïí’M-ÚÂ6l“»óñæÍ›Ñ×“…Ìñµë¥\¬$)Oæ³¹\-®f—rys¿—ø©µdáÅr¾œ¦/Þ®O^½-Ë¹¬3ØZ]ßÈ:Ø™ãIrú.WU£kY¬fòÉšÌèT~u[g½ltÓimå³±©ë¼Ü_®ÿ<™Ëùò&N•MåÓÝíÒzc·<µÁA¡¿Åuôw~q9[ò8,fòfã›Z%M¥JrcQƒun¼T -Ç%Õ>©ÍI3¤Q ÀÚ¡Ö~ï]ž‰þVðÍópÖÚ„ÈªÂ4{1 ß;H1Gx/àSf¶-øïßt®~ôb@Ý÷‹ý,’ái„¦A,g’×À/ø‹G‚°»†N;]òh]‡’çªù‡†ÈÕNKj²”¿J—ê"²¶Ö=O™/á&Æ“blÑMÒËËXeÖ‡G&äÖ¡Í@f;hÕ ö…‚dèòÐˆ¥J5ácX&i‹už8&rlz*ÑtNb‘ˆ)I`<í¹z/¥²V×a‚µ‚B6>ZÍ¾*AC‹D^Á[ªöGI'“ZÓŠøŒ‚‰{CªÀ%I\Ëf‡kÀb°#0ð9bè³ C¸^¼ºZž÷1è©%™AcñNUAUØ=Gå¥ 1$;08à{Lu@Ëdµ+=iâî:½Ó5HŠöOS–†nÀD-öÛ ×Ì6´¡£èXR9&uJr‡aCK¡FýµJyHqokýµ5Ü€¬v¹$ÊJ¡n²¸6r[ó=²¬—'yO<ø”dŒ8»Cé!·²ÐéÔ°C5¨šárðsÀE¡ÌÖZ‹/ÑØèš!ÖŸ fò‘›¦W“wëC£aêLZ‹×_½Oúqq~=»á¬“¿,W×ß¢^ôk,Ä¨ëÄ›ÿï†ïû:J’+»%gçÿ±¾¼™-^1ºM5å‘C8ú -T5¬•Úz2Ì{Ä¥sm‘öZ°ç\ ¥T‡‘ê!úMîÚ0ŽG¢Ÿ¶U1Œ.pr¬q Í¡Ã•'Ç{KQ.B¡“âˆFy(>ñáÝHF"?r©ÒÓ…ët]€u„³n`IlAú Ür£;8ÍQG3¬6(‡ºÊûG“oåd´+D¸HäT‚Ñÿ°þv„]`Ãà07¸óÉ}?*ŸÒv4Ë†ƒÑU?Ð™ûˆ]½îRàÕ6,*² uv]?jðÆ}£„D… -Y[àK]n€"²SØY%®3ùh±˜4Üðb;–F;FyÔ·- >Ö2jX{é0Z1.HÜ‰ßÑ–r¼ -®sbÄúOL‚‘rÈ•-×%R‰kTœqøßÝ>üÄˆyrâÅ]ú=wSl¼«NdÒÈÛ*g0,óä%G²Ý“]Ü59ùËX1I@x>{Š‡ -úŽ})Èï¡ã ñÃJ¿A"ˆtºV0ÚÙLÞêD!¸esDV¶¸G?K -ÈsÑï0´vº/§;£Bìwa[ˆa‡e|’0¶.®Æ,+#x'…ÙÔªÞy‰ÿ;†#dXþˆÏi1ÊGÙ¬Ùµ…ŽX_aÂÚ¦ïÍ›ã§§Ë«?Öý»Osà=i zß¤Ìæru3[]-ãDZÌW|öËúä·“¿¹Í9endstream -endobj -1698 0 obj<>/XObject<<>>>>>>endobj -1699 0 obj<>stream -x…WMsÓH½çWtq2U‰cçÃ1GC–Z Yb -¹´¤±4Dš3’µÞ_¿¯g$ÛQ²µ5ÓÝ¯ß{Ýþ}2§~Íéæ‚.”V'³éŒ®/çøyµ¼ÁÏüqŠ6áƒËålzñÖ‹ëéÕ[,—¯|\Ÿœ¾¢ùœÖ_,ohÏf´N'ß½rž¬¡¦PôýþËOª8-´Q”rxh¨õŠî×ò—#6åÎ¶5®”'örpGmË,¼ùÎp£·ê]¼,¼5}¿þu2£³ù%Ò[g“µœëÓÂv†6ºÄMÞâ&nâuð‘Ê(ÙIìÌV¬C&’¬#µU†J›ãY#çF©K–®5£°SúyöC›Ìvä•÷•£>Ž0¤{±Ê1]TîÈ&[m[O8®STPCÊ¸/Á3Òž¥M.8„ÿ…‚ÞÄágòÞXWò¼ýz·úrÿô´?8<ÀOi] ~•¢v;©@7Äei;¿ÏÀdªQ®’f†LœÊ´SiLÜâö §Ö4Î–%º ›Å M€T³ktÚ–ì¾}é®ÐiAk½¼Ùß²ÇÂ©rÊ¤*ãºÊ2-¹ ïÝé>íÚÙÎ„ZèL‹Ö„Œ`ƒ€[öÅH@ZÑ÷ÿ¡lóœ“RÑêÅ¡Qw6k…mO“‡ÕÝÓ{ò;$] ‰ú¸ã˜[Í(ü@A¼ÉfG8MÊH¼Œ¸®Ë>E»3 -šrÍ‰.u³ËË-ÂcÇ+²daÒÂY£ÿöÔì}g]&lj:¦Ç,¡ ¥ÏGïˆT|cÑ[€ñª§8‘“Òö>Mz©¿jöÓûÐŸóÏhÚ‹WœÁ™‚æ‹éåtŽÚØåª¡ïPŽ”xì+gâ+“#)4áeÁ§dsFu¡R=¼E)†ÔßÚ7R60NX„30Èl{Ð*mZÔ:ÝS þ1‚¸ÓD[¤'.Ÿ}Óy…;pºéžgŒA2Ò XÜ(GQO]Ú]¸níøòN7…EX$e ñªFüŠšá•¦©mMƒ2Ž«êÅœ;Å Æë -TÚèÈQPÎ d`…ëà¯dQN¡8þÄL%úëÚnÁÝã2_)ÒX`ÝCóNÅ¶t¼bEä;…~Õ°=Œ(7Q{ÃVšB²Ž…£ßÄœbð ‰ýz˜ +Qø$Òc£‡à2µCV¡°pÈÒNõvÓô¼1P‹4†Bk‘U°¼#=ÊwëÈ+®àÁRT. C)È^¤ºO;²PE’$öGÉ\í%s5¥?1fIüÜ$øH6ÓÅ0dº~Žô¦…ê\Æ cæÂj™ÒRÞóHg<Æ¬nÐ(dJ+èÀä3àBuÝOþ P S*{™Â„2VJ-A-eB‚G£ôc³W¥·é3, cX7bÉ\pêw²„ž°s §ÐZ$µÿDL*WF‰ÂLïCgá¥£žÄ"edb“2æpÌKL™}Žg4p(Œ•ü@Ï3!‰(JU86ÔÌÐ=åS§¼jcJ².AcŒÏCCßðÀ+ñÀë¾7(ûAÌÄ¢>!³·:,ýý -¹.•ð4Ú¨ŽvŠ?%µ†/øa"nF+'²Ãî³eVŽG®¦58J•ªÙÙP\¦R›©á¥ˆìE¨X—"‡ÿ'oLÄ»ÇoŸö3±·¦¢ÒïÊ¢‚^l£˜N•¡Ã¶–VCA‡`éòbóý†)RKË6¹ˆeÅ†óÐ®Sé vŽÃ\1ŠØÛBmm‰{ RÜ8/p7*Tê²Ç@}`-$eeÂ×àX¸'È^ñNW²UÝÆ¥óÓ~…Æq+xmZv*„ -Í:••¬C,±Úî´*3Ð)±6É …ÎEW•Ux0Q8špÝºÚbÒŽ©>ø ðñCë)ô;5(Å)ÓVAlÃ00£žÂÿ‰mU”@¨£j9‘!'«/Ö³ö¯DºñÆ)}œîE&Ç… ä‡f†o½¥rkì(hZ°ÉÃxq‡•gJw7YtžàvB!§ C[‚1ÉÅÁCâ7ŒÞ¡¶Ó½T\=/xÓúxbÇð5e„;ºûð=çüó²·Üù_é–—´˜ÏÄWwWâ¿d~ÞÚ-Âš *‘ªÏ†×ÏnfäýÿXº®Ëéâúë™¼3»‘³¬Oþ:ù)«Ç®endstream -endobj -1700 0 obj<>/XObject<<>>>>>>endobj -1701 0 obj<>stream -x•X]oÛ6}Ï¯¸ÈK3 QlÇqÒ¾¥Í -[¼lv±½ ´DÙl(Q%©xÞ¯ß¹$åÈrŠv($’x?Î=÷ÜË~=ÓÿÆt3¡«åÕÉ(Ñl4Ëf4½½ÁïüXIex1ž]gÓá‹÷Ë“Ëoi<¥e [³[üRìŒF´ÌÏÆ³lšM2zP¹5Î”žîr¯ž%Ý++soìŽÒ>«\ºŸ–_`jJãq4u1¹©³…ªsIZxI“Ñh|NQm„£µPµ,Èo$‰•ÒÊïÈRµ—Väž¶ÊozŽÿTua¶ŽŒ¨uª^“òŽÞÌÄÞGt1¾Ê&ìõÁò 5Öx“íÎÉ +LÃ&Z†á{=µ#¶7Ùº1ÜE2ö.ÞL9LZÛ¾™U]#¯äŽ§tfÌP1²á¶˜« w?d:ž ¹gsæqý$LÁ¡×ð1,?iûiùZÎ§’ëî»PòþŽGhp¬-÷pÎÙeMå–P…£h§ÍÎ4¸ÇŒûB}8˜‹…²(š4-¸ñ ?þ³áÌ£–ï•4÷0Nhu|ðpÅ¯xîUÕòÖµös‰QoHyØÓäg0. ªÂl–È48<¬üs˜~s&ýÛúüiûF4YàmétF‹ìþdæÇŒ‹——<¼1Šx»Jšó”ƒàh†Ý–árŒ^‘}ÇX3_ÎãåâcßÙ ÷ëzðfðêƒ®endstream +endobj +1686 0 obj<>/XObject<>>>>>endobj +1687 0 obj<>stream +xuUmoÛ6þî_qÐ4,Y’ßWìCÚ,@mMïÃ£(%Ò6‰TDÊž‡ýø='Ùµël‹ywÏË_z ÅøKh–ÒhJyÙ{¡d¥Ý.?$Ñœ¦É<ŠùåðC2¡{KŸz16F³E”Ðx>ÃsŠOhÝ{·ì Æ”$´\ãòx”Òt>‰&Ó9-%áZÓ2¿ô$ÊL„®Ì$í·:ß’v”Û²Ò…’$6Bç)(t–7•huû~«òg²†~Õ¦ù‹²Õ1ÚlpJJúÒEá€_‚U¿¿üÚ‹)L¦Q< õeÆ(·fMNyÏ·íš‚ªÖ¦]üLmº×·õ[UŸ«þŸ¹¨è"FG³é‚Ât¥]¿[¯ä·Â“6øfÔÂ)EA]ŠR˜«H§ÂÂZÂƒP„ÒB?«cé§í`pª|í€:(ª—óK0UÕå÷ëJ4HÛCÊ5åywÕ'uõÆØZÉ«¨8êÝÚ¦„3e[ÿVìVÀ¹.er¡… ÕTBÉƒmêo#Ž¦i”Æ ›Esx>¬ùí…ñä-IË¬™£Q8¯*â£Œ×Z²S.Îœ"ZnÕ1ÿ)ó}íÙ¥8ÐÞÖÏ`Q™7(E9Öƒ\õÄ,ˆ+5à„¢¢PÒÍ#Ý¸·êo`eL#»Êi”’-po:ÆLÁŸÀ¿¶õÆ¶” +^{ŒöýO6o ØÈÔ8ÐÑ‘7©eë¤#iMEÂ‘T.¯u†ú[*æ’*±QîÚ@HÒejû•\emAk4©;é)„+Èˆè#Ž×{ CißâÄKAYƒr>^ì´D°ª9ò¢}m‹+]¦À¶f“|W³ÈìN]st„Ûš®„Má+›ªtª,F Ç³¯ÏÕÙõî'Î=|ˆiÁS‹‰wÄÑæ¢pGŸ ¡òùçCûOv#àŸó‰ObMÈö·O½!†ÔëËtŽ|~t%&ikŽ¹ºRTÂoÓÂ~QrÕo-}‰œ0Úë¿»®èc“æL>Ì‡*+ B¨Éïº§½öÛ’ãáF€ë˜ËÚî´ä¹É#ža¢ã(…·a'ÁÃ¤¹GËZ•†óÓÂ?ó’EOÀ¶¼}ºûíÝ=Öö«Â•{›cð/Øá\&xw%œÅíùdÍ"ºk¼ ïÙvl|Ú6Â…;ùîx6ÆøCPäYLyë—eïSï_?-“endstream +endobj +1688 0 obj<>/XObject<<>>>>>>endobj +1689 0 obj<>stream +x¥WMoÛF½ûWzrP[±dErzK‚0Ð8n =ä²"—âÖä.Ã%Å¨¿¾ïí’M-ÚÂ6l“»óñæÍ›Ñ×³¹\ák.ë…\¯$)Ï®fWòjþj¶”åÍ/ðSkÉÂ‹ÅÕb¶š¾x»9{ùþµ,®d“ÁÖj}#›T`ç +O’ów¹ª]Ë|5“OÖdF§ò‹Û9ëe«›Nk+ŸM]çånóbóÇÙ•\.–0q®l*Ÿîn—Ö»ã©-òýÍ×Ñßåõr¶àq8˜ÏäÍÖ7µJšxl)óyl±Fè8vk½«Ucœ—EôôÁ$µó.kFáH“×®Ýå¢¤íC/ºäŠÑ#ôy˜T×HJÉ¹+ã¦ø¡Ïd~ƒ3¸£ƒÛi«]ëq±¬Ú†yi»7µ³¥¶—ÌÕ0T8éÇÅåzvÃY&Y¬Öß¢^õk,Ä¨ëÄ›ÿï†ïû:J’+»#gçÿ±¹¸™Í_Ÿ0ºM5å‘C8ú +T5¬#•Úz2Ì{Ä¥sm‘öZpà\ ¥T[Ç‘ê!úMîÚ0ŽG¢Ÿ¶U1Œ.pr¬q Í±Ã•'Ç{KQ.B¡“âˆFy(>ñáÝHF"?r©ÒÓ…ët]€u„³n`IlAú Ür£;8ÍQG3¬6(‡ºÊûG“ïåd´+D¸HäT‚Ñ·þv„]cÃà07¸óÉ}?*ŸÒv4Ë†ƒÑU?Ð™ûˆ]½îRàÕ.,*² uv]?jðÖ}£„D… +Y[àK]n"²SØY%®3ùh±˜4Üðb;•F;FyÔ·- >Õ2jXé0Z1.HÜ‰ßÑ–rº +®sbÄúOL‚‘rÈ•-×%R‰kTœqøßÝ>üÈˆyrâÅ]ú½tSl¼«NdÒÈÛ*g0,óä%G²=]Ü59ùËX1I@x>{Š‡ +úŽ})Èï±ã ñÃJ¿A"ˆtºV0ÚÙLÞêD!¸#esDV¶¸G?K +ÈsÑï0´öº/ç{£Bìwa[ˆa‡e|’0¶.®Æ,+#x'…ÙÖª>|yÿ;†#dXþˆÏœh1ÊGÙ¬Ùµ…ŽX_aÂÚ¦ïÍ›Ó§§å«?Öý»Osà=i zß¤Ìf¹^ÎÖ«›8‘^¯ùèçÍÙ¯gìÇÍendstream +endobj +1690 0 obj<>/XObject<<>>>>>>endobj +1691 0 obj<>stream +x…WÁrÓH½ç+º8…ªÄ±ã˜£!K-‡„,q +¹´¤±4Dš13’µÞ¯ß×3’ì(ÙÚÈšéî×ï½nÿ>™Ñ¿ft}IWJ«“édJ®fø9_^ãç%þ8E›ðÁÕr:¹|ëƒËÅ‡Éü–Ë×>O.¾Ìi6£õÁËkZg„ÀÓ)ÓÓG¯œ'k¨.=Þ}ýI§…6ŠR 5^ÑÝZþrÄ&£ÜÙfK†+å‰½ÜSk›2o¾3\ëz/oMÞ¯Lé|v…ôÖÙéZNÈõia[C]â&oq×ñ:øHe”ì%vf+Ö!IÖ‘Ú)C¥Íñ¬–s£Ô%K×˜QXŽ)ý<ÿ¡Mf[òÊ{ÊQGèÓ½\å˜.*÷d“¶'×)ª¨!eÜ—àiO‰Ò&ÂÿBAoâVó³ +yo¬«FyÞ|»]}½{zöðZ„ßF¥¨€Ý^*Ð5qYÚÖÙ˜LÕÊUÒÌ‰S™v*‰[âQÜäÔšÚÙ²D·¤eS£¤ ¶ìj6%;€oŸÁAº-tZPí/ov·X8µQN™Tec\WY¦%ä½?ÒÞ:»Ó™PiÐZƒlp§Ó®˜ H+ºþß—MžsR*Z½84ªñÖf°íéô~uûôžüIWB¢.î8æN3 +?Po²ÙN“2/#ÞnË.E»3 +šò–]êz–—;„Æ" ŽWd7ÈÂ¤…³Fÿ#ìÙ²÷u™°©n˜³„F4p”>½#RñµEoÆ«žâDLJÛAøtÚIýU³ŸÞ‡þ\|ùH3Ð^¼âÎ0[L®&3ÔÆ.W5=B9Râ±¯œ_Š¯œI¡/>5$›3ªm”êñ¨àJ1¤þÖ¾–²qÂ"œžAfãØƒViÝ ÆÐéŽjðÄö ºØ =q1øìë. È+ÜÓMžµ0ÉH7`q£E=ÛÒîÃuãhÇ—·º.,Â¢ )IˆWÕâWŒ°Ð×¨4Mmcj”q\U'æÜ)®a0^W ÒFG†Œ‚r%+\%‹r +Å™ð'f*Ñ_×pŽè—ùJ‘Æèšw*¶¥å½+"ß*ôk`D¹‰/Xi +É:Ž:t~sŠÁƒT$ö}è~&¬DDá“H^Ž2‚Ël² +m„€C–nuê¬·›ºãZ¤1Z‹¬‚àEéQ¾#Xû@^qg–¢rJAö"Õ!íÈByIzØ%3$3ŸÐŸ3½$~Hn|$›É¢2m7G:S‚…Âu.c1saµLi©ïE¤3cV×è2¡t`òp!†úÐMþS ¦Tö2…SÊXU(µµ” j|ÐÍN•Þ¦Ï°€–aÝˆ%sÁ©ß ÈzÂÎœBk‘Ôð‰˜T®Œ)„™.Þ=<„ÎÂKG=‰EÊÈÄ&eÌá˜—8˜2/zúÏhàP+[øžgBQ”ªp¬¯˜¡{Ê§N'xÔÆ”d]‚ÆŸ‡†¾ásñÀë¾7(û^ÌÄ¢>#³·:,ýý¹.•ð4Ú¨–öŠ?#µ†/øa"nF+'²Ãî³cVŽ®¦58J•ªÙÙP\¦R›©þ¥ˆìE¨X—"‡ÿ'oLÄÛ‡ï÷Ÿ‡™ØYÓ‹QéweQA'¶QL§ÊÐa»•VCA‡`éòbóÝ†)RKË&¹ˆeÅ†óÐ®3é vŽÃ\1ŠØÙÂÖÚ÷@¥¸q^àn0T¨ÔeúÀZHÊÊ:„)®Á°p È ø{§+ÙªnâÒùyØ‡F¡±CÜ^›Æ„ŠÃ„¡B³Îd%+ÄK¬¶{ÊtcJl†MrC¡sÑUeîMTŽ&¼mÜÖbÒŽ©Þû ðñ}ë)ô;5(Å)ÓTAlý00£žÂÿ‰mU”@¨£j9‘!'«/Ö³ö¯DºñÆ }œîE&Ç… ä‡f†o¥r«í(hZ°ÉÃxq‡•gBŸö7YtžàöB!§ C[‚1ÉÅÁCâ7ŒÞ¾¶³Á *ÞŽ=/xÓúxb÷Çð5e„;ºûð=çâË²³ÜÙ_é–W´˜MÅV·ŸVâ¿d~ÞØ-Âš *‘ªÏû×Ï¯§åýÿXºæ×óÉõb‰õï|\ÊÑ?Ö'übèÇŒendstream +endobj +1692 0 obj<>/XObject<<>>>>>>endobj +1693 0 obj<>stream +x•X]oÛ6}Ï¯¸ÈK3 QlÇu’¾¥Í +[¼lv±½ ´DÙl(Q%©xÞ¯ß¹$åÈrŠv($’x?Î=÷ÜË~=ÓÿÆt=¡«åÕÉ(Ñl4Ëf4½¹ÆïüXIex1ž½Í¦Ãï—'—oi<¥e [³üRìŒF´ÌÏÆ³lšM2zP¹5Î”žîr¯ž%Ý++soìŽÒ>«\ºŸ–_`jJãq4u1¹†©³…ªsIZxI“Ñh|NQm„£µPµ,Èo$‰•ÒÊïÈRµ—Väž¶ÊozŽÿTua¶ŽŒ¨uª^“òŽÞÌÄÞGt1¾Ê&ìõÁò 5Öx“íÎÉ ¸±ð%êàp¾œÒÈ¥è3úLþz÷H¢.èiW9Ÿ“ ÂT•*YáÙ¶®á}àq«ê"¤dÝVÈ)·°ï‚½µ5mãÉF®ÈÛ‰JÒVìpBŠ“'Êµ’5Ò7.à6qÈDqì>«øQÕæªª-ËRåÁŸÅ_(—¬‹PU–\8Sg±n/¸¸ƒ&À0Ôþ*£9Ç˜ªLT%ß|£ÖKdôÊ×çd,Í‹sRœe)…o'jáùIc¥ã„aQïèóüÓ_d‹ìvÎËÊeôÉ“Ð ?ÀñÒØ*äDŽÁ¤ã|ðQETPã¼NÆ‚pi{+‰vqF?ƒ–¥5 ðYD7ôiZÎgô©¡ )3Åy`.´©eLckìž1Ðˆ`×YOI¸þ`AZ…MI%šfà¶TïúÂ$SH›\h oRÝQ-={ÆGÃJepô€´ñÜn)ßW"úfŠcbLñ›/;Ü¢>,XÄ@ œZ'µÜB3˜¤œ”ÈsÓ¢Å:aêú¾§˜Qþ"mÓÒje$>ØGƒÕ‡òÆü;’8ðRÄó•È7øï(&«”“¡RÇÆ `Õ²“àF·Ü½OÛBŠî9zÝoL»ÞpKìh‹žM\ á ÐeQ_ãUcU²6µ·&¶V )$ŒõŠ]~ÄÜ ƒîìRúü²v.c†V(ãÝ$<˜2 “>c+ñÄb6}m%ÚÒ›A …Á[mÌSÛ„^ÿ@]Iøa˜&ÿ7š Œr]¶ÅCC@ÑC1â8$¿k$Ôðxà¤P%&wn’¾Üi#€Bqzh€¡"Æ€‹ÁÃ €O©cB©‹UÛd´ä>aÕpÂ†]#1Û\ -ýp”ÕS¥KÃº`Y÷PÕ¢¦[ž<ÆÒbª”!ø{rÐ”B¹wêëÞ†“Ô(~E¸Ã$~Ý± §]A2¹s^ª¹UšyÆÒ¬@œ˜äE«¹Ý´FÜÃ"ƒ—øëþÂŸ¹Àœ—õëÕáY‰³«¸iDƒ‡†zíÏæ:“©¨ÇF¹:Ga;Ô¬±Ò„à%ºžE)bD¿ª˜úhôÌ‘ôü§1„yÐÖXW0PÂþ‡ög¤:#8=ê-~›8™Ño¼jöžp·îç9?ß#~äcc Ï2v…¿zíz¬04a?l’þrO?K*…ƒaîs¯tã–7è^ÑÇp×Á‘k)VöA¼ tÁjŒ`£iý!‰iå;®$œD~t¤=cP²¢ Ódê4†¿ûq ÄÆ1H!k ä–7åFc,¾J°S¦`·¶EÙëy””ï¬´ÓŒu»^‹ì®eó¾Û!BÛ}ë.ó½c˜ê‹úSm¶@ÍÑãÝCÚyÓŽÊ4+çù~ÃËƒ8ôŽ<(ñÆªã†ãe¾©6k( ¯¸ vÒ©…Šû´qNqn FËr÷²Ç]V@1D6p½_}»Õ°× -±9 x·Ïœ\á>hª*“ßÿˆ#J°5àƒš•-ôîÈå^Î6Ô‹Â´ZXjÖ¼ØF/àae±*»rØ¼M }‰Ìv'/¯Q3¬€°p1«ö{vÒ ¸ú©ÇèZO+ ðb8m/{ÅI»['ølpËÍh ApÒêž8|›†Íx†ëüíÍ®oâwq÷ðþŽù‚ÛÝ›7Ît£cÝ‹›ÑÛýeîÇ/òÓÙm6»žàø"8ºe›?/O~?ùêÂj"endstream +ýp”ÕS¥KÃº`Y÷PÕ¢¦[ž<ÆÒbª”!ø{rÐ”B¹wê·½ '©Q<ü.Šp‡IüºcAO»‚drç¼Ts«4óŒ¥Y81É‹Vs»i¸‡E.ñÖý„?s9/ë×ªÃ³gWqÓˆ õÚŸÍu&SQruŽÂ.v¨#4Xc¥ ÁKt=‹RÄˆ~U1õÑè=þ˜#éùOcó ±®` „ýíÏHuF qzÔ[ü6q2£ßxÕì=ánÝÏs~¾GüÈ;ÇÆžeì +õÚõX+`>hÂ~Ø$ýåž~–T +1ÂÜç^éÆ,oÐ½<¢á®ƒ :"×R¬ìƒxAè‚ÕÀFÓú!C9ÒÊw\I8 ˆüèH{Æ dEA§ÉÔi;~÷ãˆcB×È-oÊÆX|•`!¦LÁnm Š²×ó()ßYi§=êv½+4Ø]Ëæ}·C<„¶ûÖ]æ{Ç0Õ5õ§Úlš£Ç»‡´ó¦•i VÎóý†—qèyPâŒUÿÆ ÇË|SmÖP@^/p?ì¤S÷iãœâÜ@ —åîeº¬$€bˆlàz¿úv«a¯bsðn#ž9¸Â}ÐT T& ¿ÿ9G”`kÀ5+[èÝ‘Ë½œl¨…iµ°Ô¬y± 9^ÀÃÊb T4vå°y›ú™í O^^ ¢fX!aábVí÷ì¤Aqõ RÑ´žV@àÅpÚ^öŠ“v·þN<ð Øà–›Ñ@/‚à¤Õ=qø& ›ñ×ù›+š½½ŽÜÅÝÃû;z´ænwtorÜ8ÓŽ}\t.®G·ûËÜ_ä§×ÓìzvƒÿÀ²}{Ë&^žü~ò›jendstream endobj -1702 0 obj<>/XObject<<>>>>/Annots 977 0 R>>endobj -1703 0 obj<>stream +1694 0 obj<>/XObject<<>>>>/Annots 979 0 R>>endobj +1695 0 obj<>stream xXQS7~çWì[È¶CÞJ Ii›„&ÎÐ‡Ìtä“lî$GºÃøß÷ÛÕ¹2í08øNÒî~ûí·«|ßÓ?c:›Ðñ”ÊzoTŒèôxŒÏ“ó3|Nð-äÅñéqqþÒ‹ÉxZL^xÃ‹Q÷ñùýÞxrZ¼¡ñô‡Ö49>/ÆÝ·Š¾ˆ…ñø¤˜æ½í½;¡ñ˜fx;=?£™–“G4+÷o›[§©&R³2¤Z|ºÆ–ª±ÞQœZšOHaÙZÅ¸ñAŸß\| ëª4Ôxù²ª1¯gw{#:#¾™f[Úo"}œ±¹y¡'E_?^ÿMqS4[ÙHªªxá³ X^ù%ö±™ncÊ•upîÍs“ƒhŒ&µTÖEDB±µšW†n‚UØÒ•¯ñŽ.½k‚¯*ØMçi©œŠžÊ•rKD¹26ìÐ€ÃNgÁ®Ô/C0ýuoÈ,¦lHÛ€ª-aýç^t§N¦Å C(XãHïvÙÄ4ßÒ:ø«[òsvŸ¶B:&žŒyÉ‡½e…ûG¦)Öª.ôQzÓÓdŸ>°ärÒõ`K¡ˆj²HƒùÞ"žŒ9Ý‚G&{Ž‚øÞ$ÈÔJ€×UÏ9A¤*=^wA\fF+;œ·ÊûûHíºƒz?SDÐ²fvlVª¡Úë–)-+¼Ä7à ³¾\™ò^ó¼5³Ž HAOÔ¯‘aPAK*9³Écï`xûÊ{0Ã¨¸=`ÚÃ8êŒÑâæ3Bk``U–1P)s»œ"ÿlRMÑ§—OiMðþÒ¯-Ø$²Ž€ìQ4el³}Æ.²§ôÉÆd S™áØ‘G%íZCÄ²TyÑƒUÔ@_Œ”1íµ/[Ö¡¤KLÐÚ‡¼Þ‘pe«X¤ —¨–½C¨²´ö¤8-è+œ’¿ì¹¾¢hN½QÃæ kæ~â³ÁúR62”ÁHD)†šÅä€Ø¤sY~È!‚šW¨‚ @"¬fµ]Xlý¶ÿùúêÛë¤˜8+Vv¹bÑÐ*X’‘>ÏÍÊ¢VW @@ -3727,10 +3635,10 @@ HAOÔ¯ 0–ÀÎA€a¡“(1À}.R\s/bêù¢.sý*ër»}¬±Ã†Mm‹ÝE¿€…ÛûLôÕðf¢rÅ,l€è5¶6Ì 3£O4áÕÎ<6)µf|-gHj¥1‘ä ÂMFÒY.›®iÍðh«&¦d6Ä‹y)0c¶,†Ç‡î¢+ ,û…P 5WhÈ+SiyMžSÿø'ec\D—ìj@¨È»(ûêa†²=ælçmÔö?DdZÐg Š.eY2¸ÃQ«“œ\J©§‡x–XgxB‚ÑÊ…Ê³Èq-rsk×¨±™€ºåñJÈÑ`»‡»`TbÌ…°ÛÚK)—:‹C™\¥ˆ¨î‡/ÙÈÍÙÁNÌIB-30¶i™’2uCf&xú•ðI(Y'Å¦iƒƒ9nøtsu)u Ò£ž‹ªò ÅÆ6+¬ÊÜÉË@6<–ÁÁÁI@óÍlÎ:ˆ57‘ds@ñ †Ãu¢\ÒÅ]™Q;‰yì¡Æè¤ÐAVÆgÃš:ë±y\c6Ò’¸,œ¤2 aÏ®Ê!³[új‡uýËÁævR8ôB{amD2É{HO¹ÿd\ÌÍ¦€²¨µ¥Âo …<}aÖb:gëºYëvï0Ì§ -CƒMmúd×¦Ñ¤¯1¬CŠØÒe7÷Êö4«7\Ð¨?pÑõ&C8ö»_9š‹©èó1ÿñKtjÍƒ æ8@+Òù4G3^¿}º}êä‰ÆHÄ"qùmÃ»´T›X;Gü† /M³«?6%4ÀâHBëë–uõ•HbŽ·ƒq´»diÁŒºõm ?kiîQàrï+ig2õnDÉïPW(ô·¸œòOñåAé´s€¤‡ƒqÆ[®l9¡ô'-ý‘™oˆIbª·ÐTý&à3Ün»+a:ŠVn¬À½Tk¹ÄöO¹{F™êûÛÁ Mv÷>V_î˜é–‡;jf6í™ü!ÊÅöU0Ë¶Rá¨‘r{¹Ä„ªÁ’uÝ¬1bEÚ4UÞ˜àï7u8ï.eã)þãàü˜¦ÓóT iõMðw|q¼Áìáa¿áðlô†“ñÜ˜žN0ó¦Ñ>ì×ÙÞ_{ÿÏç|åendstream +CƒMmúd×¦Ñ¤¯1¬CŠØÒe7÷Êö4«7\Ð¨?pÑõ&C8ö»_9š‹©èó1ÿñKtjÍƒ æ8@+Òù4G3^¿}º}êä‰ÆHÄ"qùmÃ»´T›X;Gü† /M³«?6%4ÀâHBëë–uõ•HbŽ·ƒq´»diÁŒºõm ?kiîQàrï+ig2õnDÉïPW(ô·¸œòOñåAé´s€¤‡ƒqÆ[®l9¡ô'-ý‘™oˆIbª·ÐTý&à3Ün»+a:ŠVn¬À½Tk¹ÄöO¹{F™êûÛÁ Mv÷>V_î˜é–‡;jf6í™ü!ÊÅöU0Ë¶Rá¨‘r{¹Ä„ªÁ’uÝ¬1bEÚ4UÞ˜àï7u8ï.eã)þãàü˜¦ÓóT iõMðw|q¼Áìáa¿áðlô†“ñÜ˜žN0ó¦Ñˆûu¶÷×Þ¿Ï|Üendstream endobj -1704 0 obj<>/XObject<<>>>>/Annots 980 0 R>>endobj -1705 0 obj<>stream +1696 0 obj<>/XObject<<>>>>/Annots 982 0 R>>endobj +1697 0 obj<>stream x…XMsÛ8½ûWôž¢TIÔ—-Ùµ‡-'ï¤RŽ½‰¶rñ$!cÐ¤¹ú÷ûºAÒãÌT*¶eî×¯_7üçÅ’ø·¤íŠÖJŠ‹E´ «Åe´¡Ëë-~^á©iÏØÚùöï‹íM´¤õz¨ åbÝ´Ÿrú~1üŒÕË«h;\|Æêf]WŸ±z³ˆÖƒUöpµ¾Â×Ÿ=¤›mt9þý‡ÝÅüî’–KÚíìæzK»TBYÐ.™ì2ãé÷‡»Ê”§XkKMiª ß÷¥+HÑ»o:ý]U³DÛª4É;:êÒuR™=%ïÈìéäjR@ªöÆHYWeº¤ÔxœˆëÊ8;}¿ûãbA³åˆíÒ Ÿ(Ô ·¾hª.5ûá‹c5ì;ëa¿ÐM¦*Þ³7ø† ÎáüùÔ¸òÙG|ÍünÓŒ´ÎV ‚d'ò™«ó”>³µ ¡ÿ+lÅ§ß-À¨¿RÎÇ\³}¾0„ðÈ’KôƒàC˜ gJñƒõ4Ù+S"‡Zy“ŸžÞƒ}•>0t¤ÿ‡L³ÕäRÂ?Îœ³Â¥ñ]C`§ˆ>Bç#Ú1±½2é”T'óëŽ°úx{ëQh•TXW,{×Õˆ>±Fµ–|ŠcÀO\ð‰S l$ÐL{T™ò}œ'9äpâˆÆlu-oh&Ê,7ÑU´Šè›þ³6¥Àî)†%Ä3iS$lT²ˆ%ÎîÍ¡º\ œ! 8>–¤.Kdé!‰¢Q9OèÃíÇ/ôyGÿ}üÇù½“–¯”É™…§X(ÏèŠ½êÄ„b•„°£ÞFÖ¸-¡5€î© 0aæËÀ8¦/–Ï A™†´°µÃô2ÊŒgû’‹®wµ¬ˆ³f.áÜÄ¥* *ˆuööÝ¡[Ft‡ôA™xcÞÚ>êÑï¶ÑrÚçWÙD3E…0pq8ó»¾äpÿlm/g«UXék.\3àVWzbÆiÈt~Ü×¹´¤œÇEŒwHžgª_tîŽÜ¾ÁÓäTõ\˜o8![åJØßu-p`½CŸ4¬5”nr9a¬ãr~¨«óhXE¥m}Ðà>R]©’´!qÒcäpb=„àö{¦¶„È…y:ÐU+V[Ë÷¶ùªbÒ¢/íqöb@Y~]u’G¾ˆÛ¾Ó#ß6‹×=ö=\=c[˜œÇ>áèP>Ü0@ð|xŽ5ZÚ&3FÌÜKñ50ã³£xxw˜ðQíÀÔ¦ªL¥ðÚló²–¢ÔšÌ$ùúˆÁEÜÑc.Œ»qÊ ‡÷|¤ø‘å„°üpmµUØ¾^‚X0çUÃI§,˜ÂÀÔ]ä¬¡K(6í«f^ûrŽÁwtŸ“nçÀ79S(Ú×'Û„PRûŒnon ×&g]UGÑ¢§µ±Í¤dººBÂ ¨ƒÔi'ÔÝ›LÞ<]bú~ÄÖ2ŒRP2cyh(A'k¯€)N\xaLg’r‡ÌL©8µy‘¤ñåý AcÉÆßV A„<ïþ+© o÷,1¢A-ó;(Gû@æ‰Wž‹r,#úØNa>éb´ÏóË"Ò>6wí|Úe¦„³aúí>/XObject<<>>>>/Annots 987 0 R>>endobj -1707 0 obj<>stream -xW]oÛ6}÷¯¸@ê¢1eÉŽ£Û€t]‹<´Ý¿Ã@I”Í†=RŠ`?~÷òÃ–íx]“ Ž-’çžûu.ý÷(…)þ¦p•Ále3š²)\æ—ø:Ï¯ð5Ã?# viž>º€l^~?Êfs6ƒ4ËX d¯R6ŸÜŽ2‚½ôkišã÷a·4KY†ÇòžrïiåÍr”¼›Â+XÖÈw‘ã›ÊÂ²»g/–_pOê÷Ì2<kÕ˜÷.u[ûå1që“tŠÖqÏoø€R Þ>Á4@äŠ•¼\‹§Â°Ä£ôæÉäËSÍ»8ÈÖv\)IM)!˜Ù‚B¹\K[©ÔP‰š÷ª»€pn¯?¼¹ÆOixˆqÒ[“(]r•XÞüÐÂ˜ÁÐ4{”J—}#ÚŽwR· kxÐ=›Â$a !›-o;èô‘y«±],k¡¬`pÓ9ÆÀ•ÕPôRUÎÔV¶…l« -ÄWQö/”ÞV da¸‘Â2ÏòUˆÚÍr,;´›.Ø%C~v™ÇœÓ°yÜZ»•]¹fûâŒ@cg†¼ ö&ãB©M\ÜÅ~´BT½Ð`ú–œñç.£ñ\â¡â¢Á`vk£ûÕ"IHpö‚ÞH¸ÒÀÆè04<¥’Òb/ÀjoeÆ•Ë€ô ïöÔÊ 0æ« ±º7¥H"Cïÿ -aa˜.ztèÄÿÆ§´Ö=¦MvèE)¬åæ\qMA®µR!W`šB+Yb$Û»×ßG[µ0±ŽÎ–§Yv–ùu[QÓ¸:,¹ k¸ÅTZ°ôìÓ¸¹“Å)ðí÷ØKÃ0Kq6L¯¼¶>š?:4‰{wíxÞÌžÁa~Ígó”åÓì[æ÷p'ã˜E˜SfGæÏgè£Þ^·@1 åÙµˆ¨°Òƒ6NDWîªxÐñQBÇT(¬z½Æõÿ -[p¨o$5¡÷î¥•$CµÑÍi[ú/j—ç±7ãû›Á‡‡ï§XK´¬´¾ÃöÀ™Ø‘ÒóºCºä2öÏ®*Ã˜žds/N~6E¯zí>M -§±D“Ø‡y÷Û5¯ôv¸ÿÌF+¿N€“wÑ' gÕçÕPsƒÒ,#Ù£{Dƒš†#J=PZp~ ¨´˜¸GôUU~XÇßÝœ™V|í¢7aZu²TJ…Èv¢Á‹WÕ…Zôé¼æ¸bàó˜&•]¥Ûç¤lAîÝ‰Ï/Â8ÄU:×ð¶'Ú»ý?%N,Î¿$º“{øVFl†Y; -nFÈ”ôÕWÙa;G‡ßs©ÜœÅ¨ÆvÍ Êµ¶Pðò8à% -ÿãôÿ›3x6œÁ¶)é¾ÁÄ¸÷Âpnx#0ÒXâ8»Ã< ‚Q\©Ìug´ry-ÄšßKmP±½{ûÉ=:r{@Ð¯&e¼ÈD“GGa¹8ˆb%lidájížtÎ8E¢ñÏãË+}\áåçT ÎÙrý¿å–8¤¦Ñ•¬Ã@¶¥ê+SÛÕ¨a!|¬”.¸ú¬(éŽ°«ÊcÙˆ£Á¡:üÀûé±…gKÙë0$Ø°h“:…TµÅŒbUukxþòù…±·Ÿ>\ß||— 0»ÚQZ„Ôîš3†á%íœ·:ÍzF† —6*It:ÅªÌ½©±,)²è"9Äˆæ€ðÉC˜¸ãô(y—‡kT:Çï\ùWÿ%Æ_Š5ú†Þ/ÇŽlºÀ/^x`r5¥oOñŽ -KaI¼±”ðÕÂ§ÞÉÒ|‘³Åe´iên¿,G¿þO÷\endstream -endobj -1708 0 obj<>/XObject<<>>>>/Annots 998 0 R>>endobj -1709 0 obj<>stream -xVkoÛ6ýž_q×¢ˆ‹Å²¬ØŽ`’&)2 M·¸(ô-Ñ¶R‰TI)žýøKR¶«$Š.ÃÉû8÷ÜÃûõ`H1~‡t’Ðñ„Òò Žb¼Ù~üõö 9‰bšœœD •4D£ðPÐ]X£ Ö†É{&îi·8ES·xŠM÷´[LŽÕáð˜Íº§Ýâ0ÁK˜>éžxÁÑ$>ÆçhÊ¡%ø7’naïÓîÂÅì`pÓ)ÍHv2Å—ÌåÓ,íÿ¼¤ÆJZæ™¥…Ñì?TkJÜ—…6”éRäŠ–F7•}=»GòÔÆp7Ëzë\Ís•±^êÑoÞDßçWýýíÁ§( -½&©šRQçZ‘^Pk -K‚~×%çèŠ=o¤û?ÏíÝ™ÛÛüTxËüAvÃÔ¢ »’EAŸ{ZRRf2£|AõJnh%pª–…’5‰4•Ö~~Ý…«–eUˆZÒJ—2ËM‹Ù€Ÿ@@ÕƒW—ƒWya/í9Àö Ì…]ñ‹Áõ) ‡\j—RâÊ3œDã‹è"Nº;wqN€íA.4¿ûpù&”Ù[Kˆ aâ£ÐWªæýØ¼Ð\½\-)ÕeÉu‚•R|Aò]ó÷Óƒ#Z¯¤‘Þ~ztyûîüæý·Þ{”[gS‰Ò`@¸qø²Ñ¡O Ÿ^Û–¤ˆ¦kù<+s•ÛDÓïÁu›žs Ú³L%§QHÐowŠÉP™ü!/äRZò0²—½p|DÞ7tÅÕa=£uýÒ¯Ž·9k…NE1°¢œ‹—“Ùã`ëß¹²ô?Òw2Øs1ø•Ñ’0ÒVZ¡¯CyÛ:Ù•nŠŒæòŒ^0@^.™¾‹Û“yñƒÕãu òv‰kðjyËÉL=ÛoÇÝÕÂÔÔT.Ò eB–P G>ikÊë_|ümi÷€¹zªn 9›#æ-¼ªv¼ÕY¾Øx.ÙrN–ÝÁ›MM^¹¢©!€uŽ2¡çsõ Ó;ÁtÒË}¿i@l¨‚YË*ÚÝÑ¼áÐ™æ•¶6Ÿ¾dœ‘ÆÒ}ƒ/\¡à -»ŒSËEnlÑLûxO×{enóRt±}¾Áw&è™‡ð§èÛ‚òl5>ùÈ2J…"…[@V“i7Öa†:µÅ-u&‘ä -ð¸š9\¼!'Lw–Yiy„‰Qñ[…²kÙe -ˆÖøÚÞpÛ1¶©HWò07–UŒuí¨¦´È½'_STSe¬ç[KG'“‚À«Ù`—ðõ¡²Ð¸{‡¸L"4û¨)–’ÉRsîNqnHºá+¦¦I×‚àßºé8g¨¥L¯.À4‡¥,ã¬û‡Å( ÿ'+¨ñ,1nKpa-6ha„ÒyæR+rî·pÃØ‰2ÖA€ ßËhLB!‹(úA®,õ…¤1lÈªm´p‰>/XObject<<>>>>>>endobj -1711 0 obj<>stream -x½VmoâFþÎ¯¥Hp:°1BN:UIwQ/n«J÷e±×°‰½Ëí®Ã¡þùÎîÚ@À JU„½³óö<óò½@?\u¡7€(«u¼ôº}oýáþîâ¿¤ÔnÃš?îÀ5„ ÞñG(Ýé@5ïî'ïŸu›ÄïÂçZÚAÇ¢€}ÿ"çz¡+BõÀ5•œêß•FÀ÷!œ‰vw`4Læ¯Lä*Ý´à–ä•'!Û@,2Â84Ðx7ïœR(iÂšñ9ÃEWD-¬4)h¼ox…wÝ×7Fÿ9D„£ÐK - --‚RƒHðãÐTÃBŠ|Œ'BfD3Á!‘"³—¦£»ÎmÖÚ˜X«_ -¡r‡Ki¯‹'˜Ê¸éçJú©ˆHê£Ý9ñ1_‰€öâÆ¶½õ&Ù#—“›8c\QíƒQœ›„Ÿ9þ”S¥Ïœß‰l•#tgE¸–"M«…î(&sšÏS¦–Õ³hI3'¹7ÔYI¦èi™O©HY´;I `²æ…Å -¶…ˆv’óÈBÙ@„)× K.Ö0§+ä^~ÎYÂðƒÐÊPc.ô,t–ŽÈ#/•}²TQ„rcøQbÓóºõS%ˆD–!™·ÜÙ«‡#ò\n‰î\…Qjm‹ð ¸¯ÕRäilÙK¬ëè Ñè¶xQøüBa#r %Ñœù¦OuäWio:ÎLÆÜFWÖ¦Í0/3“Àéú òœÅªû½Xh1“4B¤u‰‹iBòT2%MÕa©Äl}ºº4U‹0Å‚#ˆ¶Ë:öçA™Ý·ÑaÃ*+¯2’ku¹›×{mjèr¼K¯ç <³¶0Î´‡½G©±K¨H²•«*|]vÒmOØÞ<øÂxþÃY:jˆ°;ÙùWt¹Ü›šaKâ”ÆÊÖzè -I°xJúã&•Í´ ò -1g!Ãq!sÎ‘ËHv$BF¯L¡£A¶íï5Q/-Ã8ë¥q21K‰2gJÌrSm”¦j_ÒµgjN#ùÇÎUœivŒ8Þ: |îmN±ýsóÆ¬ÂŸ¯4þŒZÌ49§É4æc]0¢sF¸W@m¢!q\rÎBÀø«À3™(áÁ†µ+)Vn -î¹£è÷œòˆzð¸9 ’{T§sä,ˆC™ -[&êC¹SÔÚŽ9wa—ïŠéåDöˆ\&»¬tå¶æÓÅøÆ®)r´ßªL·²ØM¶eµ|k~{öÖ(þ~yx}¼˜=Þ^œ Ñ§.‡úÅÌT±éÏus -ùÊ"ª>À©«EñUŽsSfPG»£É4|˜<ÍN˜ÿzþ~óåcýççÆ½G.´§ÿ=4C,¨£ÝZ÷_Äö‡ÛíNåÿ?‚n¿ *åëaùãaÑˆ‚nÓÃ.ÎÅf<»y¼½©Ï8ì`$¢<Ã]ÃîÑvy¡}Õ1«v³âffhš5TÁ$·›u0ô—]·AAÏ¨¸k¿Öþ6öc;endstream -endobj -1712 0 obj<>/XObject<<>>>>>>endobj -1713 0 obj<>stream -x½VmoÛ6þî_ñÔ6gˆ$Kv·€1$h]Ûm1¶q‡ÊU±‘HU¤âËþûŽ””9^”E1~y/Ïïžãç)½}˜…ˆ‹ÁÔ"gîóÅ±ùOŸŠ!œ®ÞÙÏ±JI#\ÐŸ$=bOÐ¾XœÉÃÕ§ÁŽ?u$s·u‰ñ¯¯V¿ü‡}&NÔ-ÿZ™µ+ïñô)´¬ãÞuTy¹Œ¯>/XObject<<>>>>>>endobj -1715 0 obj<>stream -xV]oG}çW\9•B*˜eI*»Ž¥>¸Ikªª’¥jØ`ÌîÌffdµùï9ó±ƒÛ:•…wæ~{Î½û¹“Ò?)M‡4šPVvl@Ãñ¿Ç³©ûŽ´ôétÊÆÇ—óNr= ·4_ÂÕd†/9ÁÍ`@ó¬ûåÍü¾3 þ0et_ÑmÍMØZWT k…EˆÏ4"§¥6dy¹àd…Ù -sdžq+èì»ôŒ¤::zmã×woâótÀf>âñÿô!—5ÕkW…Tˆ^k² ž=èÆÀ1¯¥Vt×x½¶=Úi³YÝT=Zk[ÿg‘u(UªÝÞ\^¥ADIcMRèŒ‰/9YH•Ør‘SÿŠú–îîNm`öŒ!ŒX¦Õ2ÞoÁ~šÄÏ/OBµIßÄ–»jV.ó“Ê^”àïRœ®¸(uÛÞ¶Ï•íðÚ£üª÷ïàCtuJxÞÈ¢pd$Wø©§ý±kÎ¿C.ßŸ0iø~ýfùJ¼£DÔY"•¬YèÁ‚"è/òL§¿ñ"úrvšÑ¾ô=ayæ®%×cJÓ ÕþÐ+òbÅ¥ê‘\:úƒçM‘CáTaÕ(å /(÷½¡Rç¢ÕVÏDp¼ýáSZIËžI¡ N²™‘UM|¡·‚v²^¿û¿q¨Lß¶S*–žNØ9± >ô«ð¨Bÿ€ÓO î¹ÃÅóh—Zv<ÖÔíßi vx‡¸ò¬J®}RéànÄßwLZª´TuÏ·Î®}ï˜¾} Jd¸©Ût1‰ÓºîNYâðH¹.A*E¹†îôížk€“WÔ€Š¬Åô‘O³Ð÷ë”Ñ˜IrÕÀ²Õ6J¥O7Ï`l#ÊkŽ¦—<äG5 -]rÊÜ(½C9 ÅÈáiÊÊj7tk½è’aî¸òX {ÿ‹èÉ…1°•ˆËØªZfa¸½¤7¿—$ÖV6BTÐÏÑœxIn»š£,°`”ÀjƒóÅq`^ÔÀ5ÇÒ í´µ¨¶Î•Ì}OˆÝ€qÉ!ÊÏ6MeI{6"'#WRA˜Qìr¯î®ŸH‡Efµ²ïÒÒeôƒÃDi0'×€ø Ìöói8 ùÃMÌÉP÷µb4jÀô±NŽqxö3‡zÍ¼7Ð5Óe…¤" -ûq²çUËXÆ‹ ‰DY‹Ùú)º”ã"«µy Å0Ýê@t1Ê½ÌZ”Ü{I¬Îh]¿ -îEèoc%@óÏHfu¸;‹x§¼,ÍFxýIƒºn/n./è“Ñ÷N€W:kJ°ÉsÂYö[ƒþtà^˜ºQ34ÇxqäNjeécã{3žÌØä|ˆ÷+w5=w.>Ì;¿t¾E³Þÿendstream -endobj -1716 0 obj<>/XObject<<>>>>>>endobj -1717 0 obj<>stream +Þ´XòáO»‹ÿ\üÍqäendstream +endobj +1698 0 obj<>/XObject<<>>>>/Annots 989 0 R>>endobj +1699 0 obj<>stream +xW[oÛ6~÷¯8@â¢1uñ%j± H×µÈCÚmñÛ:”DÙl(Ñ¥¸öãw/¶lÇëšql‘üÎwnß¡ÿ%ãoW)LPÔ£˜Å0Ïæø:Ë®ð5Å¿V@e’,yr1Xì_~ÿ0J§36…$MY5¤¯6óŸÜR‚»µ$Épý°[š&,ÅcÙOÙ÷´òv9ŠÞÇð–ò]dø¦´FcXãVëîÅËåÜ“¸=ÓOãZ9æ}§ÝTnÙCLìú$‰Ñ:îù¯ó5¿P(Á›ç"´5¹b/Öâ¹0,r(}ûlòå¹æmdc:®”ÃÀ¤&”ÌtA¡\®¥TêòG(EÅ{Õ]‚?w×·o¯ñbõ¦”.¸Š¯s~haÌàNèÖjŽ‡J©‹¾MÇ;©<êžÎÅ0I¦XCÈfË›:}dÞèZl×ËZ(#Üt–1pe4ä½T¥5µ•M.›²ñU}Çs%€7%(™·¼•Â0ÇòµÚM3,;´›,Øœ!?ÛÌcÎ¼Ç‰ß’+¶ )È•VJ#ä +Ìck%Œdsÿæûh«&ÆÒ9Ãòô1KÏ2¿nJj[‡7tw˜J£–žy7Ûc2?%®ýžZbÉa¦ Î†øÊië“ù³ C“°w×ŽçÍìæ÷Ø|:KX§ß2¿‡;©Ë,Àœ2;2>Cõö¸Š)Ï®ED‰•v´q$ºbWÅƒŽ:¦‚DaÕ[èhmÿ¯°7€úFRã{ïAI2Tµº>mëAÿír<öf\3¸}ü~Š•DËJë{lœ‰)=¯:¤K.cÿìªÒéI:sâþgÃQôÊ7ö¡Ñ¤°K4‰½ŸÇa¿YóRo‡ûÏl´±rûà8zü·ÒpV-q^ 5×K!Í2’=ºGÔ¨i8¢Ô#¥çŠJƒ‰{B_Ué†õqüí ÀšiÄ×.xã§U'kA¥Ô¢™NÔxñÊ±ºPCó¾#ýÂ€WWZø<¦IDeWêæ‚”ÍË½=ñù¥‡¸JçjÞôD{— ÿ§Ä‘ÁùW`òÿÀª›aÖŽ‚†2%}5ÇUvØŽÇÑá\*;g1ª¡„m3ˆb ä¼¸x‰Âÿ¸ýÿæžg°©ó'ºo01îÄƒh¹‚ oy-0ÒXâ8»ý<õ‚Pl©Ìu×jeóš‹5ºEÅvîí'[ðèÈíA·2˜”á"L…åZàp Š¥0E+s[“Pkû¤Ãp†)ŒgXXèã +/?§JpÎ–íÿ-7Äa 5µ.eåo²)T_º›Ú~¬ óáûc¥tÎÕŸ`DAw„]UËFØÕáÆØOO-¼@XÊ^‡!Á†E›Ô)¤ª f«ª[ÃÅ«‹K'bï>Ý^ß||– 0½Ú‘Z€Ôöš3†áíœ·ZÍzA† —%6*ItãUHjßTXžY´‘bs@ødÈ"Lìqz½Ïü5*™áw®l +‹«…ûã.Å¿¶ú†Þ /Ç–l²À/^x`rÓ·§pG…¥0$ÞXJøjàSoei¶ÈØbîmÛ9øËrôÛè_Oö\endstream +endobj +1700 0 obj<>/XObject<<>>>>/Annots 1000 0 R>>endobj +1701 0 obj<>stream +xVkoÛ6ýž_q×¢ˆ‹Å²,?â†¤IŠhÓ-.ŠýBK´T"UR²g`?~ç’”í*m¢ËÃ°Dò>Î=÷ð~>RŒß!'4šRZžÄQŒ7û¿^Ÿ$çQLÓóó(¡’fÓh +ºk“I4ÅÚ0cÏÔ=Çãhæ_`ÓÔ=“‘³:ŽØ¬{:,¼„Ù8á“î‰Mã>Ç3-Á¿‘´tcxŸu.ç'ƒ›˜^Ð|‰d§3|É\Ž1ÍÓñÏSj¬¤UžYZÍNñCµ¦Ä}YjC™.E®hetSÙçó$Oýawó¬·ÍÕ"W[à¥ýæMôÝy~Õ?Þ|Š¢Ð[’ª)¥u®é%µ¦±$Øèw]òqŽÞ¸ ØóNº¯ñãðÜÞƒ¹£Í_o•od7@- +²kYô±§U±#%e&3Ê—T¯åŽÖ§jY(Y“HSiíÇç]¸jYV…¨%u)³Ü´˜ øyT=xv5xöžŽòØŸsìOúÁBØ5¿Ü¼ áKíRJ\y†Óhcý¡QCÄI÷o./°m¤áBó»wW¯B™½¥q°„&> +}jÞÍKÍÕËÕŠR]–\'X)Å'$ß5ÿÐ:=88£íZéýˆà§GWwo.nß~é½G¹u6•(Ý„á€/;ÝúòémIŠhº–/²2W¹A4íðÜ´é9¢=ËTBp…ý§˜•É7y!WÒ’‡‘½…ã{$ò¾¡+®Gèë§~u²ÏyÐX3(t*ŠåB¸œÌ[ÿÞ•¥ÿž¾“Á‘‹9À¯Œ®„‘¶Ò +}ÊÛÖÉ®uSd´/é óäå’ùà»¸}µ"O~°z\£TÞ.qM^-o9™™g[àí$¢ûZ˜ššÊE$"£LÈªáÈ'mMyý‹¿-í0×©ê’³;cÎ ±ÑÂ[¡jÇ[åËç’-dÙ¼ÙÔä•Û!šXç(z>W˜Þ ¦“&XîûMbCÌZV¹Ð~ìæŒ ‡Î4¯´µù¢ð%ãŒ4–|á +WØeœZ.scëˆæÚÇxºÞƒ,s›ç¢3ˆí·û|g‚¾ôþ}[P¾Y>²ŒR¡Há…ÕdÅuš¡NmqKÉS$¹<®fNcoFÈ ÓeVZÞabTüV¡ìVv™‡¢5>7€7ÜvŒm*Òµ<Ìec]kûê£)-r`‡ÂAïÉ×ÔÕTëùÞäÑÉd§ ðjvØ%|A}¨,4®ÆÞ!.“Í¾5ÅJ2YjÎÝ‰ Î¢Iw|Å4Ð4éš@ð ü[7çµT‚éÕ˜°”eœõiÿò´£4âÿdõ/¿IŒÛÓ\ØŠšA¡tž¹ÔŠœû-Ü0¶A¢Œu`Ã÷2¤PÈ"Š~P„+K}!é_²j-\"_ÇÆŽž‚†Y“¢`M]¡k}À¨ÜY ŽƒõQ†ú´wë(N&ô;ÅñK÷÷EGBöVo‘^K0—8æ ©™[šV¸;, ´XÈ¢Å¹`)aÌü`…WîæÄ•ìkñsýŽ;k©©ï(w¸Y¢vˆ…›G¦¸^"ýD0±Ê-;QAÜ}þ(ÖˆnÐXò +ízë’å¬öãH‡ôm»ìùÆà>¦u7Ñ¼º¾ûõÑÕŠÀÛÑ–×É0ñµ¦ÃÐË+¯YF<€³p£§Ëg#ÚafòZÿÎè™Öt¥SÌ»èm.Ÿì·úç1æ½pëÑ¦¹#ZYºkœ£ñtM' &yÞØÄõüäÏ“ÿIÈÓÚendstream +endobj +1702 0 obj<>/XObject<<>>>>>>endobj +1703 0 obj<>stream +x½V[oâF~çW¥H°Z°¹…•VUÂnÔM ‹ÛªÒ¾Œí1LbÏ°3ã°¨¾gfl æ¢JU„=gÎíûÎå{ütáªý!DYãu ßxCŒ®ðwÿ%…¤vÔüI®!HðÆp„?b@éN‚¨yw?}ÿ¬Û$~<×:Ðîv¼ +Ø÷/2Ô}ä P\SÉ©þMQiüÉº]g¢Ý Óð•‰\¥›<À’¼Rà$£1dˆEF‡oáæSB +%MX32Ú ‰øküJ´o4¶í7É»œÜÄãªˆjŒâÜ$üÌñ§œ*}æüNd«¡;+Âµiz\èŽb2gy˜2µ<.1–4#p2{C•dŠž–ùdÑ™‰”E¸“Ô¦k^X<Â¶ÑNrY(ˆ0åºa©ÀÅB +¹Bîàçœ%15B¡—`¡³tDy©ì“¥Šò Ã›¾×3¨'˜*l]@$²É¼åÎ^=çrKtç*¬ˆRk[„•àv¼VK‘§±e/±®£7D£ÛâEáó…È%”Dsæ›>Õ‘L{Óépþc2B]Y›.ü5Ã¼`ÌL§ëJä9‹Uö{)°Ðb&i„H1êÓ„ä©dJšªj©Äl}ºº4U‹0Å‚#ˆ¶Ë:öçA™Ý·ÑaÃ*+¯2’ku¹›×{mjärÛz—^ßz0a?l`œi{&Rc—P‘d+WUþäºì¤Ûž°½ßõàãùgé !bÀîdç_Ñå*¸7!&4Ã–Ä)•!õÐ’`ñ”,ô';M*´ «ù1g!Ãq!sÎ‘ËHv$BF¯L¡£A¶íï5Q/-Ã8ë¥q21K‰*™3%f¹©6JÓµ/éÆÚ35§‘|Ècç*Î4;Fo>÷6§Øþ¹ycVáÏWF-fšœÓdó¡.ÓîP›hH—œ³0þ*°ÄL&Jxp„amÀJŠ•›‚{î(ú=§<¢2½œÈ‘Ëd—•Ž£ÜÖ|º±˜BÃßØuâ"E®‚ö[•Éã¶S»É¶¢¬–oÍoïà/ãÂÞZÅß/OãóÇÛ‹4ZâÔåP¿˜›*6ý¹n.áB!_YDÕ8uµ(¾£ãÜ”ÔÑîx:¦Oóæ¿Þ¿ß|ùXÿùÄ¹qïÄ‘íéÍêh÷…Öû±ýáv»Sùÿ Û/ˆ#Œrˆõ‹°üÉ¨hDÝ!nÓ£>.ÎÅf<¿y¼½™Ï8ì`,¢<Ã]ÃîÑvy¡}Õ1«v³àffh˜5TÁ4·›õ`8ò†—=·Av;£â>¨ýZû6õc;endstream +endobj +1704 0 obj<>/XObject<<>>>>>>endobj +1705 0 obj<>stream +x½VmoÓHþž_ñD4=Õ¯IÝ€ZA¥Šîht÷¡á„coðR{7x× Õ•ÿÎìÚ.i®.!åÅ»óòÌìÌ3û±À§w€£ãIÑó]a4v'˜LÌú”«ÞÉ¼çúx‚ùŠ4¢)ýIAÒ¾y2BóbI&÷çz>œÀw§$s»uá›çó¿ÿ€Ã>’ 'nÂÿŒ›•·xüZVIï*.½\&—žª–êZyªXâæ‹E‡?BTû›%ÓU)Z;BŸÍ³w:AÔ!;adÂ9[áZVØÈ*O‘óKFøPV.–\¤)¸@ZÅ9Ò˜R ); ®ó8!áŒ‘–`µõÛ|:á„R¾•FÙ«”:Î=ËØ#^ë©!ù7^Ø§¸XçñR^1B§³§?Ã)œ“¿®Y§s £:”9ØSZ®÷°ªD¢9%#‹b$²,™ZK‘rñLèòÚdQe•F*75~ÅÊ+ž0’”h)/U“îŒ«ÎHŒ»Åh±ÿ0»UøâìÕ³YÿüåI¿CÀT0ªŠþ9ÁÑ …44šhA=E—þ%Ïóu)P}¦>šºþÞ±ÿ@Õø_ýüâ[øÃÙðOÝ,]Iüi‡°Ý*÷pR}ãî@~˜´ÊÎê^ÒzàÌÑïJÈ÷PÕ“–œ¦ +"÷Ð»‘º8—y\re|ßÃi¯T-p`ÉM0–š†$êâ+jMjäZ“F…eÃ‘ÇtâqÁµ›ÖÄäšÎ`å]#(—ºZC%%_kg•"rÌ¯!}Ù}ËœÎØ šÎ±]oJK"•YºrSk|%[-%Y99‹‰è,M“å<§0¸¸}ËÏ}äºÀ ~Å‰G!‘BÇdV0z¨‡ÀC¬4³[õ7Ô8·²vg·×Î¾ÂÁIa!ÓÀÛ‹tF¢ÂÛ¿«!5f%4ëâ$ö‰ë›+¾ƒ£å¶šaïº1{6Y".(í†™R‹S‹ý»âš§³wmDÞZÑÐÇM‡¬Õ¹•}OãÎÃà;A"ë{ÊûøÍóöš'¸æá]‡Óô‡²G3jMØÛˆÓ¬ïtÚtDÑmi:Ft4§ßùñË“cüYÊ,Ñx&“ª A›)h4VÁ9òÍUjÔt+æLÙ¡37µ¥ðº²§2‰¦ntÒµÉˆú‡ÆÄóyï¯Þêþ•ãendstream +endobj +1706 0 obj<>/XObject<<>>>>>>endobj +1707 0 obj<>stream +xV]oÛ6}÷¯¸HÔlÊ²Ùm†dn€=díÃ€-Ñ6c‰TIÉF°õ¿÷”lÇÎ¶tœ8"ï×¹çÜ«Ï˜ø‰i2¤QBiÑ° Ç#üO'î;>FÐÒÄ“ Ÿ\Ï;ÑÍ€ÞÒ| WÉ_2‚›Á€æi÷Ë›ùCg@ýaÌt_Ñ]ÅMÙJ—T +k…EˆÏµ4"£¥6dy±àd…Ù +sbžr+èâ»ø‚¤:9zmã×÷ošçñ€M}ÄÓÿéC&+ªÖ®r©½Òdk<{Ôµc8Ês^Iè¾[òjm{´Óf³2º.{´Ö¶úÏ("]ëPªT+º»½ž¤ADQmM”ë”ç‘/9ZHÙb‘QF}K÷÷ç60{ÆF,ÕjÙÜoÁ~šÄÏ/OBµIäßÄ–»jV.ó³Ê^”àïRŒf\ºmoÛÆçÊvxí‚QvÕû÷'p€!º<'Œ%RÜÔmº˜Äñˆ ]wŽ§,qx¤L ¢XCµúvO5ÀÉ+ªAEÖbzàÓ4ô½uÂèGÌ$¹ªaÙj¥Ò§«Ûg0¶ ÊkŽ¦<äG5 +]rÊÜ(½C9 ÅÈá×Ð”#”ÕnèVz%Ð%Ã¨qºãÊcì]ü#,O(ŒD\^ÃVU2 ‹Àí%í¼ù½$±¶z´¢„x†hŒæàlÉrsØÕÜØÉF ¬68_œæy\3,ÐN[‰’aëÌdæ{jDÓ ¢\ðtS—–´g#r2r%„Å.÷êîúétXÃ¬Vö]ZºŒ~p˜( ædŸÀ„Ù~> “Ð™?ÜtÀœÅp_+Æ@¨LýpjuŒÃ³§˜9”ÐËÆÌ{]S]”HªAa?Nö¼jËXd±¡S)k#]?¥Q—2¼C¤•6´x¦[ˆ€Î F±—Y‹’{/iª3ZW¯‚»ƒ=âm¬hþÙ…YîN¼ã/KÓ^â ®»«Ûë+údôƒàL§u6yN8Ë~kÐŸÜS·ÑÍ1^y“ZYúXûÞŒ“)K.‡x¿rW‰sñaÞù¥óE²Þÿendstream +endobj +1708 0 obj<>/XObject<<>>>>>>endobj +1709 0 obj<>stream xX]o9}Ï¯¸Ò¾P) IIºRZu«´U»+UfÆ7›ÚžRþýžka˜LË~@”(‚ñý:çÜ{Í×³)Mð3¥›KºšQYŸMŠ Í.¯Škº¾½Áÿ—øu’–goægãw×4Ò|‰#³ÛšW„Ç'š—£¥³5…•¤ó/x6ãƒ£¢{Û¸R¦÷³UÊÉ2X·-hþüØZÔŸ7Ê,”© oûg—JKò+ÛèŠ’J»V²¢`cÚ–"(kÈ.i×d–cº˜^—ˆ{ûäeÙ8¶TÛªÑÒôÁP½¥¿dõ»ä·>Èú6•§ðCÙµZŒ³~”aøÁjá”g{’à¾P6’ƒAÑ½ª$)Ó¯è¸ñîg~‹GFI_Î'’vÖ†_Ò§/3>T®‰1õB´H÷ÊÕøðúŠ^%>ìœLgÅËâª¸)¦ý¡Ló}üÎIùæáí…_ËR-UI_¿ff©¡:¬\Œ˜ãàÅX†’Ã*ªòáÉEfTVz26‘‰Ì‘•0²*èž¾4>–Ë å#@Wù×\¼]Z×©v¢ +ÂËÉ¯ ˜[ñÿü:¨I,˜¢|iÁ/÷M•ò.é‚-°ufá¤¸åEYÚÆ„íJPäêEêç@˜Áàõ=S8¤Òí&r²ñ’%ÓªŽPaˆƒ–&¨VRmJ´‘è Ldc]-tN«—¶ -ÈOho!×O#ëHP®VFhå=Túé!µ‘€„A ÂT´ë6 ƒ1WIÇ —F,` –nŽ?ïÙS-¶`ƒÔ™‰1(¤äH2 .&Øw…xª¢JdØ÷¬˜Cz3Ëk™žgN÷Ž|zQä~Ejì{±Æ*Ê eŸäƒkÊÐ8yÎáÅîS -$ËI ¤¢áûh"ãTâ^p\éÃl:2æ•ƒoš@Ò?ÏM?è¦ê9<¶“wh?˜ì{H+¶ÝÙm*×»ßM’€Û–6Ö=ÑÚÙµtz{¶QZ“ÐPc.T¨¸£•øÆÍµRßTÕ€Ž¹Y3+–°Í°T¶€ ¹>jB;)ª-¼‡PpKv&¤tç kÛp¢•a,Ï;Ð½^k@bAÄð@L…2ß1¬ÐxyWIÃKË»X=ä1Å¤sw¾A-d”-§šI;àÙ7KÌXÅ¤šN‡KÕ°‰#Áÿ›·ë˜Ñ•ÔÚ·»^7¬vDþŸÌö&ŽñÏGw;¾Ö1¬•k ¹ý\IqNö´˜Ÿž–Œh„Yû –í{DL|¦´?)§ã+CØ€¸§Á èyÄDcÔw^¿ šÏqø¼~×¿ŸætœÈ;âqNA¨Ôž«GÒü±÷&N——ã•×ÞÓ=†: £cÔ®ùˆéÆ¯çM¸ÝL[dxßY¿Î±7‹ªâ¥yÕÞe÷ƒ2ßÁë¹¯C´ö¾F ïo˜7‰Á¥oÑ„´±üÀçÚ.Ú;(ø¢Ö×_×‰XX^wvm‹MÄ§ŸïƒíÖMø<-=Ø|yâ‹RÜ›R"õ›}ÊûlÓ'·í…r:Ã··Wø~ ^9^¿óš>:û—}zkË¦ÆdÚ]ú.òã7,Õ¨½=Ò\úÀ›Ì|…¿ž>4Ý\Ïn‹ÙËK|ýÀNgüÞoó³?ÏþH;pendstream +$ËI ¤¢áûh"ãTâ^p\éÃl:2æ•ƒoš@Ò?ÏM?è¦ê9<¶“wh?˜ì{H+¶ÝÙm*×»ßM’€Û–6Ö=ÑÚÙµtz{¶QZ“ÐPc.T¨¸£•øÆÍµRßTÕ€Ž¹Y3+–°Í°T¶€ ¹>jB;)ª-¼‡PpKv&¤tç kÛp¢•a,Ï;Ð½^k@bAÄð@L…2ß1¬ÐxyWIÃKË»X=ä1Å¤sw¾A-d”-§šI;àÙ7KÌXÅ¤šN‡KÕ°‰#Áÿ›·ë˜Ñ•ÔÚ·»^7¬vDþŸÌö&ŽñÏGw;¾Ö1¬•k ¹ý\IqNö´˜Ÿž–Œh„Yû –í{DL|¦´?)§ã+CØ€¸§Á èyÄDcÔw^¿ šÏqø¼~×¿ŸætœÈ;âqNA¨Ôž«GÒü±÷&N——ã•×ÞÓ=†: £cÔ®ùˆéÆ¯çM¸ÝL[dxßY¿Î±7‹ªâ¥yÕÞe÷ƒ2ßÁë¹¯C´ö¾F ïo˜7‰Á¥oÑ„´±üÀçÚ.Ú;(ø¢Ö×_×‰XX^wvm‹MÄ§ŸïƒíÖMø<-=Ø|yâ‹RÜ›R"õ›}ÊûlÓ'·í…r:Ã··Wø~ ^9^¿óš>:û—}zkË¦ÆdÚ]ú.òã7,Õ¨½=Ò\úÀ›Ì|…¿ž>4Ý\Ïn‹ÙËK|ýÀNnø½ßægžý H€;pendstream endobj -1718 0 obj<>/XObject<<>>>>>>endobj -1719 0 obj<>stream +1710 0 obj<>/XObject<<>>>>>>endobj +1711 0 obj<>stream xµWÛŽâF}ç+JKiðoa“¬„¢Q&Š iÔ´Û¸Wv··/;ë|}ªmÀ°fÃ2›îS§N]\ý¹B€!LG0Ž€æ½À ŠÆxÌ¦xá¿bôÞ¯{þ‡CX'¸%šMa.XÓŸñ¯µŠ›Ò/Hþlÿêi V³ç„+mž¢õÝúâLjœd\0 ‰a LÊö¿6VðÂÅ–‹a.î3vÌ€â1Èˆ²äb±´Û¬Â `Ž½2Jæ…ÑHŽÈ‹T±öö°s˜ï½Ž"oâV‡‘÷à½©7ò`%3¢¸ê‚Qžp TŠ„ï¬"†KqJ Ž"°NøÌP'…ç6€`,Ö€”·hJÄŽÅ,›¯è=Grïq‚øŸ¡jëf}¦A¹+AlöüO N`~(a¥SWÛWdq+Í+bc+Æ~X#~œÀüP ú° TZLÔ·×~½ñÈÍJÍ7f|Ûj¸Ê]Í «À.µ”C0dÆô¾X;©yT1×¢ªÏ9ÇôüÌo¦ûmthÓþ–:\½±m²ÞF‡.ÜMòá"èuèÃŠáüÙÕ¥ÔÐÒõÆ£R¿Yšöá©p¯çÕoˆ5³1ÎníÍ1;¯7äó=×qôîõrŒM£Úér Ö+•‘´E!•©Î¿3µe8¯Á_Õ›âh^Ú¬ 2wS®›9ÝÛ¬ÞÜ9#þ‡Y}¸ #<@ÍÆxTªg¼Õâñýž”üÄ¨ÁÙžZÓž"†Í†á4ÀóH{5ÓÆÍîë¯þ°ÆšD3/záYÌ- §îÙoëÞŸ½à1K¶endstream -endobj -1720 0 obj<>/XObject<<>>>>>>endobj -1721 0 obj<>stream -xµV]oÛ6}÷¯¸@÷±lÙŽíì-MÀ@d±‡ía@@K”ÌV"U’Šëßs))NTØ€&Ÿ¶IÞsÏ9Ô×ALc|Ç´˜ÐtNI9Gcº˜Ì£ Í–¼žà×JÊÂÂt|-O-LÆ³O|ÜF·cº¤M†ó%^¤„øã1m’³¿n>Æ4ŒÇ¹IÏ>ØÂäJ“¨ýŽLå•Ñ¢ ¢Qíì¨PÛ‘“Im•?Œ~Y¯F•(Ÿ¾ØíEäL“·‡§LYçŸ*á\?rø="§¾Bñõµ¿“ö]"÷kOSk„þ¿ßGº«ö'ÆrÒ9pá§ÔÅäØ›þ¿`'Ø5ºQ7ÄNæÌß‰Âi*S½3T(-Id³Ä@i¯ôVéämV¼¡\z² -¥e$´6¥sJM½-$UÖ”•w”Û>…Ü´kÈEí”;ã…{³‡lÖÓÁÔ–Ö¢Ü -DN¹2JŒÖ2ñœÃï¬©ó]³KTU¡ÁâÃ‚gys¦òÚ¢/è“Ë‡ø"þ4dÝ^R¼h±˜Îšüñ<šGôI•Ê‡hA“oQ[D·¿(h'`Óu¹F¡8žå´ -ýCÿV‚¢VR8”ó,màF(u/ig*IÀÒ`!1¥äƒYíQz·6‚û?‡ña†MÝ]5ê%[q £ñG<UÆPø¤týíœÖ¦ûÛÕãêoKZ4 lÝÁyYºsPÃïÊ•±þÅŸÚ!rÁAå?$ëM¤õBq •PAD·(ÁÕÉ!·¼E]…—Ï PXùµV8Íãºîu7µ,Ê¼’0ùúÙ9ª«+Î¶Ýº–öY%ø¿Wé¹ç‡¢Îs¦—å -FŽiutº3i]H×aÑfÐð³•£UîÖ”%È2Ü¯×Mü«;Ê@WL/Àöœþ¼ðÏR§Æ6ZÝ&B‡‹hãNk®™&óqˆ#ÃúpØ¸%T€zã>¤fb6ô¸º H‡T* µkã±=…´‹ÜàrÚ•h·`¶˜TV(a‚hzeÃ…Àstµß)YkÎ -J×œ&Œ7‡,+° -˜8)5m/®A+Îzà™§*ËTR‘ÁÌf>O«—íuKl2ØÜ¶ÑuKª!C¦Àph›)×ØOIƒóecx›këÊ£ZÔ™Âe¬9È´5ƒ·°wºúWØ§— \7ÚtLÉÖé³/qà… ãíÅ6Zí5Óé‚àí_àyÁ¾x¸œ|Uöñ`k´ -h4fÊF×â¹e¨ÔÀ"5ü0–slm8«4„-0Š¡äŠn®ù¥d¤y‹¸Õû+,:çN–Q|IÃYkŠ°ÏED×F'EÍ÷–°xjš´™¯XÛp‘£sY¨»“ù ýžÅK§å -ëÒiL ª5•UÂKºS‰5Îdž®‰¹ïàäÏ,ˆÂìŸxV‰“¢„ 0£¼ÌÙ%1Èìæˆy/kjJ6Vpˆ†ÁMÓì&ìyŽ•€ ÈGbª¸³ê0eVã!RXÂð‘U&ÆÁø2²µlTªo²ßp -ó . ¥g–µ^¶Ïñ¬¼œÒì2Ü¾ë«»Wô`Íg\²tc’º„†n¹«a·}¸óCñÙÉÛr6_Fó‹ yG¼ä“¿o¾~³ÄNendstream -endobj -1722 0 obj<>/XObject<>>>>>endobj -1723 0 obj<>stream +©Ú—Jml ÜåÔ¹¦¥°œŒ>ïq‚øŸ¡jëf}¦A¹+AlöüO N`~(a¥SWÛWdq+Í+bc+Æ~X#~œÀüP ú° TZLÔ·×~½ñÈÍJÍ7f|Ûj¸Ê]Í «À.µ”C0dÆô¾X;©yT1×¢ªÏ9ÇôüÌo¦ûmthÓþ–:\½±m²ÞF‡.ÜMòá"èuèÃŠáüÙÕ¥ÔÐÒõÆ£R¿Yšöá©p¯çÕoˆ5³1ÎníÍ1;¯7äó=×qôîõrŒM£Úér Ö+•‘´E!•©Î¿3µe8¯Á_Õ›âh^Ú¬ 2wS®›9ÝÛ¬ÞÜ9#þ‡Y}¸ #<@ÍÆxTªg¼Õâñýž”üÄ¨ÁÙžZÓž"†Í†á4ÀóH{5ÓÆÍîë¯þ°ÆšD3/záYÌ- fîÙoëÞŸ½à0K¶endstream +endobj +1712 0 obj<>/XObject<<>>>>>>endobj +1713 0 obj<>stream +xµVÛnã6|÷W`û±,_âKß²IØiì¢}(ÐesW"µ$e¯ÿ~çPRœh] 6¹Ú&y.sf†úÚRŒï!ÍF4žRRôâ(¦«Ñ4Ñd>Ãë~¤,,Œã«h~naO~<ñqÝÜÅ´ u†Ó9^¤„øqLëäâÃ¯ëÏ½˜úÃ!×éÅ››Ò$*¿#Sze´È‰hP9;ÈÕfàdRYåƒ_–«ëA)Šç/vs9 ÉÛãs¦¬óÏ¥p®¹ü‘SßÄF¡øz‡ÚßIû.‘»µ'‰©´?Aÿ_€ï"ÝVûc9é¸ðSêbrŒMÿ_°3ìÜMh8¬‰ÝM™¿K¹3$ÒT¦$:g(WZ’È,ˆp–7gj[Yô}rù_ÄŸ†¬ƒ» g ãI8¦}R…ò!ZÐä[ÔfQÀí¯ +Ú ØtUl€@ÈOg9BÿÐ¿• ¨•¹åì¥ Ü¥$íL) X,$¦|0«Ì°®»F½dËd4þˆ½P¹àq`…OJWß.iera±Ÿ±]>-ÿ¹¤EÓÀÖ—…»5ü. \ë_ü©"TþÃA°ÞDZ/—PHDt‡\•ìðâqËÔPxù’…•_+…Ó<®›N÷pS+À ÌË “¯›£ºªäaÛƒ +i÷*ÁÿƒòHÏ=?æÕvËÀt²\ÃÈ1–N÷&réZL"Zï~6£b´ +ÃÝš¢ù@†‡ÕªŽ}O[ÐÓI#°}K>ø½Ô©±µwI£Ðþ,šq§Õ×Ì?£éŒ8Ä‰Œa½? l\*@=ŽñRs@1kzZÞ¤C*•†ÚµñØžBÚùÖàrÚh7g¶˜T–(a‚h:eÃ…ÀstuØ)YiÎ +JWœ&ŒwY–`0qRjÚ_\ƒ–œõÈ3OU–©¤Ê1"ƒ™'Ì|žV'Ûë–Ød°¹i£í–TM†LáÐ6S®¶ž’ç‹Úð61ÖV¥Gµ¨3…ËXs”icoaouõ¯°µ ÜÔÚtLÉÆé³/qà… ãíÅ6ZÍ5Óê‚àí_àyÁ¾x¸œ|Utñ`k´ +h4fÊF×à¹a¨ÔÀ"5ü0–Kl9«4„-0’¡äŠooø¥d¤y‹a£÷WX´ÎÙÍ£á‚ú“ÆaŸ³ˆnŒNòŠî-añÔ4j62_[°j·á"kGç²Pw+ó3ú½<‰—ÎËÖ¥Ó™@TkJ«„—t¯kœÉ<==ÞsßÁÉ÷,ˆÜŸØ+ÈÄIQÀ˜Q^nÙ%1Èìæ„y'kj +6FpˆšÁuÓì&ìyŽ•€ ÈGbª¸³ª0eVã!RXÂð‘U&ÆÁø2²•lT¨o²Ûp +ó . ¥g–5ž73œâYy>¦É"Ü¾«ëû×ôhÍg\²tk’ª€†n¹«~»½?‹ù¡øâìm9™Î£éÕÎ¼#^ðÉß×½?zß~²ÄNendstream +endobj +1714 0 obj<>/XObject<<>>>>/Annots 1005 0 R>>endobj +1715 0 obj<>stream +x•WßoÛ6~Ï_qØK] ‘#Ç±—]Ú´Ãæ´k<Ãºš¢m.’è‰T\ÿ÷ûî(ÉŠŠ+ŠÆ¦IÞÏï¾;þ{–Ò%þ¥4ŸÐÕŒtqv™\â—îÏ§wg“é<™ÑUšâoÏI’6«œÎúkìNožïöÖØÍ“yÿno]Ðôò:¹êíö×ØMg¬·¿Æî,M®ûw{kìÎÉMoîÑäf‘LáOz•,š‹•«kü6]ÌùþW†6g?¯ÎÆw74¹¤Õ›Í´Ê$PøEnwjLEé<¡.·úHKUª)Lè‚Þ»ƒ'Ufôywô/Wÿˆ°t…]\M“ Äp;Mèáèƒ)¢kšÓSJÓæô„óÓ”4.è³-3–¿ÏUØ¸ªðç´WU°ºÎU•)ìœ‡.ÏÝÁ–[¬ œÊÂ¯nÓ—p¿šŠ•Ë¶ñ’.±¬Uqsýå%Ù@Úœ÷v +ŽteT0¤(÷"scyc§\g´6l6ÙRôß¿]ýöáÝ‡{ò;…ÃE™+”-šµ+CÓM•Ðk/wun9ª¹ÛzÂ®“K®zÄwØ&êñ ³2qˆ]fI¸ça‚ –íÕ;Un „F•ÙZªãÀØ&×£ÖBé-MB«N‘âÀú¾4¸[¨LBƒÏù€±QR«b µÙ¨ö¦òçÕÛÊÕ{¹·ÉU,ø¤9;™È€Ãöz`¸ù:^r +Úhµœ k‘¾<¾CéªF·®ÜØmòñÃoq£…ÛH¢W¨#_ÝšÒTˆ[cGH·sy#ñ¹ÀtöúlHÌW3}¡«æ±t‡’TÌnS>oqÇ!ç+d"¸¢Xœ<àà¾rO6ƒ%.Â©Ãç‚uô´ÛÒx¬‚ÅÉÛ7PYÊ¬÷j¿7@à±èè`ÃNÒlnYåÂóê@<¿Œ–ñ+m][©_^&tW¹b X»‚kXÄ^?1-PUVˆÀ›‚Se[*Ñ°ˆ IŸym´*¸ÂI-¾[¦°ô“ñ®®´¡_ûÆ¶*=˜pÅ?˜ê Y@LÙo®×ŒÞ]“±Y“gÜt”¸jUª…—ºË-ÆzIypââÕÇÊm+Uø‹W¯O±°O†V€Õ€÷F„hÖˆ’)îçPoYY†‘äzOåÿ-„ûÕwKaÅ{sø_°™\¢¥2h™E–VWÎ»Mè÷¨ô¨®îåò¶¡NûS¨e–Q²b…85\j8{Âe\•9ÚŒ×*òðI]aÀDà%Å©5á µ6^ºÔ@7º®l8&ôšŽ¢ÿ$¸ ŒÞ•¼|$oL!ÄêÖìÈ–-whUƒr¹‚vÛj§Œ@©—4>T8´Ó>7_…oâÝÆÄÊbú$Œ’F)Á×z»;!_Þ¢µ°N)yV2S„.»xŠàT•E–°³bS—B*GØ–â¦-·=ÔÕfŽŸ d2ÅZUœ–†¨Ð„@´5Šž ©}øêcçºCçoíÎnwèâ*{²^5 W[Sb½€eN×Ì:QºzR6—‘ƒZè!L³&bŠìôG—ï±¡¨JnŸ1ÌBÆbJÙ÷«AÔ¦’¾§‹Álnò +Ø¬¶Hu]¬X8ßÚËœ#¡r‚¤\-®dä ÊÍ³f•{If×ç…{C‘1"8ÃDÄÒaÅA¥1–Äƒ8ÒŠñ2:ùq@<0PšÝ@“6[Ú¹³ó“Á‡ÁC b¦ÅÅ€VÓáDšË[+ýxªÐnÿHX)—ùiGo“YÝÓë½)µ9ç„Gt/zã¼ÝAc?ü ŸÎÉìzVÅí4½dÉoWg¿Ÿý$þw£endstream +endobj +1716 0 obj<>/XObject<<>>>>>>endobj +1717 0 obj<>stream +x¥X]SÛÈ}çWô[œ[ @ŒÙ7–À&µ|Ý‹·²{KU[cilÏ"Íx5#Œÿýžî‘,£§$@diºûôéÓGü}4¦þŒé|B§SÊÊ£Q2¢éx”LèlvŽŸ'øWiZÊ§S¾ôÎ“OÉYÿƒŸçGÃ›3i¾Déìœæ9!ÀhDól°5EA.Ë”7Îª¢Ø‘uÁdšÂÚØ•§lì +?ÑBeÏ®kr•Á5U×!ðmÉÇù_G#:™L‘À<|µ>à0¹yU¹zCW˜lG8-/tEKWÑ7c/^ùÈÁÑ¸çàN£}B·Î=“³r +ß<£«Ïd,ÇÞ¯¦¤“ñ)€BÔ4 Î>M+íŸMHS«ƒÊKcÓáunB|´EcP›èÛÐT5ùe…Ñ6ÐbG¹«…>Á…ìEÿ0 9c—ß¼u+rË%‰²R†ceÀ¨°K +¦Ô^>öZ“YJ3ÁÈ¿ð-¿Y j«‚F+ÑCOVëÜ3Ì,‚XÒ/ºÚÅ‡wšJ•¡ÛÜs¨öˆÿiïðæ‚Æè.³èät=>OÆÉ$¡«J+f‚$~§¬Î i¹ÛzºŸŸÑSØ¡ÀÇHƒShÿfSs0w”ñiL3â¦Ñ[¤6dÎ.Í*ÆoÏÐÎÕTÖ^ªÞÜÏéIW(· }]uüÔhÀüäX‰~Õý3·k“ H›u®s¾áó ëXb´¨žM÷§c¦p}sÕ3#`ÔzAš¯5&QÔÛL#Áƒ§ 1Èp{q´¯MPàf/12rÏÖ.£Ï®dæI?0lß¥sSW˜ôê˜TÖ®^Û)”†^|ê%™)Ëü2qîuä¶eTz91Œ9æBD†¸”- ÂÿQŠ³%øâ¶LÙcIbÉä¡eåÊ^‡åª¶P™ÍÆ»^hm¥žmÉìÐ¾€ýñàô¹w@“cmY:›@bzðÉÄkLAh ïÜ ’>‚Ó/ÚŠÖ°$¢¿¬´aëè?üÅª£úoêEÊ~JS‰–¦ß+å¦Ò&`G{^o…z|ÒªÎŸðR(X}™Bø ¤Út–‘½Å•jk¼NèÞaNUá]kQùÒÅ²V¥,™k“çÚ~èã>Gj´[ƒ'‰ðp Ô~#O8of/G^R§”X^hH•~lwM£Dt–ŒÚ¨j^¿†Jeñˆsí÷3Ói„Q6bU©iøÚë;¨œ®ûC3RÝÓ÷áÌo¦ +w¼¾ó¨dÙ Ž@S%¢ðƒžná€™½¬„Œ’òÞe¨ät¹a|Z¥!Àòv´³¬#(¸YyÚê¢h™*=Ø8ï $Œèµ8ÛÂ)è¤0yñâïd^=,—èÙÅ¹ä·ÒAÖàf'KÙ6ÆÞ't uíp9îE-\&ºÊ$ùà‚ÿ¯+G—ìŒG‡YwéW¨zQ¦`ÁÔÛ„£¤Ü™¬rÞ-ƒD–^ë3&³7KoœÐÿôŠOÞÑ\xžŒòJkÑ·vGxYƒUûÜByàÔ”*^K{h.¸[4Ùº\ d¸‚Öh‘Â’`Tu€‚Ã©É8U¬Ž|Z…Â{Ø`£Wg¸98„ž°Çx×ëîT™Ô, h·îçWqÇ>>Ü +GÀD†®Â¡±Ñ6Þ¨±½¨ûy%? &Äg×æEÓ³ÞÑ—_¯ÿøóöáêòöÏ»Ë«/_ï¯¥È†TX¶^µ ¦:3'HµÚçý1ž³ÝÁßg + +ÒL²P—wÔZ!*à0®†·uÖë¿k 8<¬ÑÖž —Z•ÝÀtÔ_ÅW,úàò˜h]"½YÖ…´E‚‘p¯Ž«…)LâQ•BoÿÖwÁuqË!W”ãkÇ¼wíÖéìÖÝÓ^;'£Ñë–;³RŒV§³pg; D„€ÎlÜÚ1÷íÜ¨ +â‡\ññFgCÌ=e’ºb£ÅzÄÃÕ1ÒAÃÞõòžÈ°¬ÔL{f« ÄÞ'ŽM.¦®aÈš¡a½Ž«³½Ð€eDCúý±µ²PZµÃz¯·\Qw +És{eÀ +•ËëŒ6aÛ¤‡||3Ûo4–½*£àÒÀi Šºziej ÂÐ3l`Re¬+^ê•÷¢‡Åó·ØE?Ä/=¿ŒecÁ®’G!7KDÇATdûô-5«Žñ0¼a±t‰ÛÙÊ·g”ŒvÔ¦ýÈµPÍÁbX·KtÏ”qN¡µíh2Ã›ÎŽŠ4&tÞ¬§ž €|¿-Ãß{hþ"/œqï<,þ‚Ýñ°¿<>€eq§ÆYkü”_-ÈŽWNº†T¹ +˜,*¾·ê ËÈ¯ÓÐQô-+¡Â!Å†î2H(Ç;lp$ÓDG~’qØoºH£Å3p·£Ï.«¹“ßA N:Ø³ô#ÈW<grÃÇ›L2ŠÞÕ°éºäå +o%× +t‰Ëâ)¨*`jmÍø^Ú^?Tû&¿]YYâÝ®ÀNÖÀìKõŒÿïw3¦ûÆ*$ÞÇ[^}fÉ"Š_Þm»{{ÁMÆ{zGqjäuÖ¼ù×)³SšNgÉŒ_@Ÿ.ï~¾¤ÇÊ1sö8îßÚNÚNÎG|ÿ¿}>Càé§ ^«ù°ñ˜+¸žý÷è¦sÓ‡endstream +endobj +1718 0 obj<>/XObject<>>>>>endobj +1719 0 obj<>stream +xµXÛnI}ÏW”xJ${âKpH!@„–8v‘òÒ™iÛMf¦‡îï×ï©êñmí®VZ¡'}©ªS§NUûçQŸzø×§ó G”G½¤GgÃq2¢³ñ9>ðã4ÍŽ~Rÿ<Äíü¡ŸŒ©?áN~ì¿¤w–>ËùW½äeûøÛéÑé‡3ê÷i:Ã%£ñ9M3‚µ^¦éñ]èâA»×4™žQes“®hfríIÁ|© +ÑÉô.»rÉñdziË™™'·7ŸâÒúþcRe&}°'MIa¡ÉYÈÎäóäýôÓÍÕÍ„üø|ºý!â™fÇ6îÏl¡p4µep6Ïµó ]Ðï¦ÌìÒ‹§µ×Žt°DŠø7vµƒÏ•ò~iÜ€+^ç: ^7—ò¾–Õ`i¹0éB¶åv/–&ÏI… ‹*ÖƒzÔTå*Õ ½«)ç;›+gSí£•47p‹ +•.L‰ÈµÊd¡erCÁ›fÎÏD $ªe0© +lÿÒ®C…ÍÌÌ [snS•ÃäÜøàV-‹¿T^sVÓàˆÿˆ +‡¼|£¹2^¼IšÃƒQrÆyYC?ø®no"7`TÑ*Ô Š| Mz%éŸÜLiŸûiïS0î-'ÌP-o7{½§]ZÜ¿ø" æ—¦wÆ!Ó.™€¬Ï$ýŸÝÚÙ;«"3º?SZæ®P *èìþ„~Ù¼.4Û”æ;ï¾ß}»ùD3›gÚqØ›üÂþUN{æ2‡#tà`$bËâ×§°!È„… +ÿ>dØÞqrîl]±ãëQR@üþøêöòþ¤Ó²ÏÕÂ¡ýÙ-(ºµ± X,íAG6îÙçBÊgË*;3½?9¤[XH™ÇjŠ÷íˆCÂ•%IÖO:‘)ª+ nË„(Â€²˜ãÏ\Äˆ¯Ôêð˜Ðõ]Ë—CÊq]± +5®* hP$„¡Ÿ¨»-ƒ¦øa_´¯qøs –øª×UËèýñZ)|¥S”r*ëø¶%J^¼¹Cþ íòÞŒŠ¾$ô±ü‡h}XåH}TÿB•jŽ¶†káÐ©uÒBèÚQ?ü@Õ±@ªrEeÍBß +äK!eàÔ°S©z€=)¼µ—ˆ¸±AòÂÒf–jŠ»'Se…)Yì*_¼È½eEk9€†&ÂB³äàÖ”h_Bã,ëŸµRrð©ªÔƒÉMX‘~‚¦ÐÐr/é–ÂàÓ¯6¶;GéD÷î'CüÐÅÖ[ÃLqGƒ¢Þ2îà;½Û«»kõýXúÀlÇ‰Ú¯[O°6_WàŒ»vñ¶½Ï0yÑaÊR4ÀšÆÞtœXAœ“nÜ+9-| Á.ÈÆ–ø)*ËŽ‰9ƒ÷]›ÔYog®·lº´¥Ç]°|} "_ªªkÊ–M”.¤”SüšW0mp¸B Ç*Þ«ÕSúã–À×º=¨ÜqÉußÜ:;wªðÝ7’o˜/Ü3¦€°…ºL0-â!¼ãk·7ØèûW4gT`¹„\@šœÁWž~HztÏ“qS\zî£óÆõõ %ë›¸ïdŠš!l·n®Jó'"±%º~]JNo¾Xé+[ƒ°CmÒÓáJ´êùBÔ)}ä5[EiÍ C?aa\g\]ÜŠ¬Ô{§™«Ä#è_¥]`4à_Sÿ1Ò‰]R®Aˆ'ÜkfŸ+édR&+LbM ‡'zÉëèÈ« +ê ãkã<+ÿ²#˜ÍãnD +:2úÿˆ€«‘=cÀ¹ u™jA%[y¸¦3T/JQÉg]ÁÜž?ÃVœþ«mµ\ ¢&B$ózÍ´gá©ø¿ØÚ8Í2bs÷Ìó8£ß°Ú4Çwd–ËfÝË1”Cw°S°…íBa§¢g!ŸA—6;ô€qŒ'M~m Ò—Nâüå ¤z«—Ü~v©eØ…¸4°ÉµÏ™åýŸ†ŸéB•sÃF±Å—×å®- ‚x6q|ÊÙ¬Æ0Ï%ƒ†>5.àÚ¸Û +UÂãüez†v$ošê X†8 öA¯,<àîåSTÃx~ÌlŠ)Sšœô&&ƒð™¨3V±–í-m•òå’³(u(^™—fÚñ›wñ†D¯Ñø¢½þ då’GaÄ Ý¤u®\Ë4RÂ9å®ïÖ +cƒdÐëƒ‰±¡¼ëÀ“M4à×çž9æ!‚ÊðoÛØæ``—&zç a4«%`i{pGpØ¢È²Ã—²Œyeí1;ó„7O@\r`}{ÿå;ôÝéY3þywç™ÊŠÁ%"‰«@OÇÙµ„ns°„³Y0«V9w9G›™ö˜¹Z›[ +áC#xùË¼v–ŒÇõð=ÀpÈ‚pwqýö‚Ðêd {·K&ñ¾?Â· +ã!uÏ{¯x3–Ð%Ï\Ò¬ù—mB#<·;#ÊÙßR¼äo$øšþ€¯?=ú|ôk4mMendstream +endobj +1720 0 obj<>/XObject<>>>>>endobj +1721 0 obj<>stream +x•WaoÛ6ýî_q ÔlÅ’Û°K×ÅZ¯m\l@=´DY\$Ò©¸ù÷{GJ¶ãtk— €,É»wï½c>÷bá7¦YBã)¥Uï3Å³( où!Žæ4Í#ÿåÅ«xJ?z×E#šL§Ñ%Mæ3<'ø«%å_]?Æú˜7ÇúËÃúd>®N×óÆÓ8Ÿ¾¿^ö.~¹¢dDËÙMgsZf„èÞ¤ýç…Ø:YS<èmmrUJz#´ØÈJj÷lù·_ÏÂêáx‚Ò–YáqDï¨”ÞtmŸRsx’DÉ(¦arÆ~Õâ÷å‹'!hÒõ÷›lÃé–l³ÝšÚ‘²”©<—5¡ÜÔô‡ÒW’Ð?-–ï4ìNðçfýk‰`‰µ6m¬åü +³#g(5:W›ßÕmâÝ™Rþ¼ÆÊ¼)9ÖJé—œIi©Ž¯tDÃxàPÕ¶ô€‘+¤E;¥p8Çú—L£ §vk÷À(EÐBºVÖ¿J÷JçløÜHë8 l† úýÁ§ÄK¼A’õSK]îTšT8etD/ÍN"xÀaÎQ†Hfk4RËŒ´¤£BÜ1¦òØ +´µpòñÆ”+Yf2º¼?Î 0ò+D-#ZhW%…¶ˆž8G§‡º÷cÊ´®V©“×¶–Ü'¥mŸ©Z¦ÎÔ÷_r±ìÚqåÍOo^›ÑôþíóËí +•L'R¬„¾UY´^§e“ñùG ø’™¹àdòã|»ò±g4“¸‹ú>z³tcP‡¥;Å=‹¼ø ? š™%àð¼¥¶'ÂC…1ý ß¬¿«[iaåxß~¾ac¾ê`cç¯ƒŸD<Ò’}×[ ÓœiwéÆÿN•%eS¸rÀ$€^ÕcXºQ³ÞÏ@¦³ßÈgqxÍ.#³¶elû´`Ô®hxèÝr'pFE…Ê2©WÏN§êƒvÌðeœž‚l°g×SòY‹TdŽ!D¦‚É‡ÔDwïáÌ}Ã½ÜkY™;Žgî!gëš>/XObject<>>>>>endobj +1723 0 obj<>stream +xWkoÛ8üž_±0pp +Øªí8¯Å¡½\âúD]ôuQÐe³‘H•¤âè¿YR´¥=—Àˆ#‰ÜÝÙÙáèëÑ”&øÒùŒNÎ(¯¾Òô<›Å«üeš]Ðéùi6á›ŸOOéÊÐÛ£ .œžÍ³Kš_œãû+©Š‰Nè2å9Ï¸ÜãýÖô˜–øùí>ï—Ë,åœÂLïn;Xžå¥w!™Í²ÙdJÀ%›Ÿ„<ŸÓFÜHÒÆS¾‘ùµ,h»ž†Zzj¤‡\è +¼P6 ßn¤¾‹‚r Gbendƒ¦fŽSÔ“³ìb†Ö±›óÐÍÂl¡¥obSèôms7kÀù#NËR©¬óÀ)Í™Ý^#â>q‹Ã£ÙÕ“!ÅÜJáe1 +y2çLU 34xçXñRêv0Jøvm\IwíM3Ñ®ÑN×uý•ôcŠAF‹P…²2÷Æ*ÅüDÊRn´TÚªª¢•¤ZÚ5ƒ¬Ð2N³2¹¨zQoèT±Fù£år+\.÷ f(4(Æ¸våä×Ñ¥p×Ì]ŽSÀ…ùviMMRä›Œ0½à!Q-Ö›À^ýq]™•¨>‘ixÐZcQ´urâÓt’ÛÄ »3ÎJxÚIí”WXü¸\›Ah§Eg8~-”öø J£¼¨¨Â8rÓp)„Ê[Œ)þú–L*íÐIý ld +Å[ †-Ð"„{„hZÄÕòí¡ƒNÈRZ©s‰ñ}^Ò-td«úfHjˆG.ÁFf>"<<Î¡)ØKÙ^…wCGˆmöòÉ+ð¬)$ +Áºš¶VyìŸ#ºãˆ~s¾¡ ˆî®¢×:d½€SÀ–o”–#Zca‘ôÖTôFhYÑwüunkl‰êdâ†-Þ£ð4‰*Væ‘ïöŠ`,¸ÊhÉ vÖˆšévE†Ý8ÿ×hÕzÈ}†Ö|f¨Í6ÄÌMÝ´è)'jåÊ +CÄ“˜N3âpåÿ×ŒqEÉ×¨þ îAü_ªÜgJOÝmGß9Òø@ÉQÀž ¾0k9¤A¼2LÓa=5\yñ,£Ô«jao k°Mî3è»Ÿ¶ÝCu[x…™ÿ%ígÃñì”Æ§³xz¼×ý0½JÐð4t4î-h¥p8®Yb"# 8¹D5wf&z’©(4Â]ã¬HU¤.²•‰é)qìivŸ:Ì8HãÊ|ÇP¸¬?#“¨# Éäý u^Š‚súÒºþÀ÷–}×oÉÂË]w¢^±2îÐÍ¸% \ÃöqÆƒ6ÝºÖ Oü¦œÒ°’ÂbÃx”ƒ9ùD‹-µW9Ÿêøb<ºx\v\êSF!.°cŸï…îˆªJÞg_>…"È18->/:PûM{nœBúØ¤•„‘qmÐö²ª[º•*¢=aD/wZËV|ìÔá$ +‰xx·-”õ~ ì60@+‰•0rœ/¸åÂ×Ò¡æØ +røTÐ^ú~ïâ þ´Âƒ¼£‡ój¢¶Aþã)¢¥…pˆ·UÁ#-Vðk|ŠÄ@¿°›º2y[Cvï¥ã´d|>Ák_÷ô+o´ó³ÄàWk^53 .ŽÞýà#jendstream +endobj +1724 0 obj<>/XObject<<>>>>>>endobj +1725 0 obj<>stream +x•WÑnÛH|÷W4ô²6 Ñ’lËvÞœ8¹5.öú6Ú5QŒÈ‘8ÉÑÎ’õ÷WÝÃ¡de¸Ã"YšawWUW7ÿ:ÑÿèzLJË“a2¤ñø:¹¤Ë›kþŒNÓâäýôäüÓ%F4]àÊäæš¦áøpHÓôôaA;ÛP®6šJ•iªsÜ²E¦§sZ˜B{G4×…ÝÆÀ‘¥f¶ÎA„èJ¿ÖÌ8ª„û ïsðÝà¸’°;R .9ISQoaä³0Îãˆ)uOBÁƒXª©| µ‘]^m*èQî~åbú´VÞoËú”ÙR™êeF!~AÝž´OÕZËÓ>¤žŽb\ñg§B×=;½Ô™©ý*ZZ:UQ¤]!÷wG„üúÏÿþþù·wŸ¿?Þ}øõáéãlöbªÌnýlö¡qÔþ ]@&³Ùsçgãë£Ç0U‚ÝwpÍAº”?‚:² öÏªÎzbÉ3±QD|BXZéÍN³ÒèU´Í\sÄÁAß¥ïf³mÌ´)rfT+UêÙYÛÎ™.t…z_²½÷W=g’eTNäñëÇW´p8¶Då<#lÝ·Ž”ÛqP÷8ðrþiÒº”04¼J&ÌÚËÝïOOÿà:ö>vJÔ˜4ôŒDYa?‚»~+R…ùÜa9³S?ÆíÿƒMyñŠ’1vÁSÙkLÉ&£ªºµSKp +ãº–ë¦j%;OÂ _+WÃ«& ÿÿ‡å¾-°T+FHÑ\¥«fÍr^¢¸={üQXnÝJëLg³³@ÀˆÜNÙD·26P½XÀØø‰ìÈ›ÈG°œÙé~€ä&Ëà)~:J =;º¿›¶ôw”M«Ó=â[[iƒQÁñC ^kn½>õ*]çÖfüq^Ošº‡çq‹û^œt&¯oÃxºØ{E”©×Ê¡%£‰µ¦š<¿|îÜhÀ¦Êµ3¤Qk÷¦t|Ûd0.¸3ªË}ð(XÀay1º½¢´0°Œ··¯~¾½do£œ¨ Îá^kê!¤ÉßôXš©3s¨UÍíFìmñÀ‡„¹³ÂÚ¡×ÈOwOŽCàú²?IÒéà']9±øI¨h0¾¢ÁÅm°ŒDŒyÒ…‡€•)0øLÅ#Ë(ÅÀËô¼Yò¡Bop28b½Õà…(a46Žì‰‡BÝéŠç¦Si7Žäèè€…—®³¦\ó]¨´Ïƒ¹Áw»ƒ]ÀKuÍt8ÛUšòð‚qcDÅsÔ7@ŠM ”ÎÚ¶;Àp™M`6¢JYäºØ˜ß¨Zäø%áóO·4ÂÄËëàbFÆè&%z;s9…ëVhô#—.“!GÞÏÆ›÷ÞSYhTØf ‹7ý¿¼™ðÄ~Úï/²út9¹I&Wãö-d$¯Â§'ÿ:ù ï$gendstream +endobj +1726 0 obj<>/XObject<>>>>>endobj +1727 0 obj<>stream +x¥WßOÛH~ç¯ñ*'! ¼Q(*ª ô’ªW‰—½N\l¯»»&ä¿¿oÆv¾r=Ý ]Ï|óÍ7?üó ¤¾Bši4¡(?:‚gS|âÛjJä`|v†?q0<; ÆÝƒŸNƒaí€?Œ¦°ŽÆ8êß„§teèËÁûÅAÿzLaH‹·'³)-bÁ€ÑÑñë´X‘*K¬#oh©ÉycuLiA~)¸¿šSœZáßÛcRŽ¼£²²¥qšRGQe.|¶¥ªx,Ì¦Þ-~èd8ôE|ôÝT©‚*Üg›óó:§KSxk2ºW…ÎØydÊ-)ÊL¤2*IÒL.üÓ©|‰ŸÚ>iKGNkº[ÐG•¸Ñ^vçÀÖ8G ÎPeÆU©–l/¡$µvU +šÈ~äÅOa¬‰ü—(cikª‡w-IA²›Žó¼À$¨]+l*gÏwPaƒ«‹‡Ýüu{qG¾²¸¬ÚxE‚ÏÁºbþ«î²Ë8"j³Û‡À]º*Ò$÷¾Æ+8óÊyN4XÎè=0ÆG¨èÅccî¸ÙhÁÓ¿>£Éf™ŒÂ:ïá,ƒI@ßÒ"6Oýá`ðLsÉ"ÜWçÉÕy„pP_4êdÉ´“+u”&[m±¥RùuM-fé#Ê ð™‘d¬0Ù®×ã„ +«qS³ÕNd‘©²¸õT[ß§õ¥B •×º<&æ¸€*ß¾o‹²q@Ä¥ÖHg·´]U–Æ¢ÀtÙmé‘ R9·16v¿azÐ|DÚ÷uñ8¤Ùo´.èÛÙsÿVKõÞ-Æ’†þŸ÷³ÎQî|´&Ác¬Ý#g¢‘Äžõ&Á¨M'rGúî>/ øÈä¨XÇ]uŸVÈ³*:4è'“=q~Ëµ.že–Ñsv>9Á™òàwç Ðnç;•EYŠªCÅ1%Z¡¤tCz®¶\QÚ&XÇï&…”Ðñðï,z—h&[QZ¡=‰WD¬sU#þ<}~N¸tý"LHcµâ˜M’ Ø..ì½øXŒ&‹Täh+8nØAEx<‡j@ÐÆ¦¾jZÔr¯“¾´Ô¬MÀ3P¡7/ "WežÑ¡/fÆ¹}û¦ß´áˆÄ.×]'\D +HéJÁœÎñ¼vù*Þn»»I¤à)<ÆÆ¨d_Œ Ì¯¬§[]TÔßÉN|Õe UçYÇ(0¶P74+ÖtU¹ë&¬>ÜÊ±n«._yP °Fqyî¶b—”)é_Oš±|ÄÙ#ÜËê“v`±ð}yÊè\~ƒ§µzbfxhÏ#¯wf97Ma!AýâœÑ{-íRf×ÝÞtàááÚé(D7,0´ývâî¶ôöd˜íO¿Ž‡×™_Y¾*€Œ13ùhg*iú”zàI€s–!Sg4º¼|lÆ‹¢ŸU=ÒªJc}ÎÎ±¦íV–Ï³cÅâ•ÉY¬Íº’iI›®ÖžÐi`¹ëÝnqœ—2ßŒèÌx«`¼^-Ñ²Pe>/XObject<>>>>>endobj +1729 0 obj<>stream +x¥W]oÚJ}Ï¯õ…TÒ7š¤·(!Mƒ{s+Yª{ml¯ë]Jù÷÷Ìú‚UjU¥qìõ|œ9gfüã¤G]üëÑÈ§þ¢ô¤ëui8z> Æ#\ûø)$-ÝƒóqÏ¿ø ×ùÁ`pþò|î ŽMý Þž]H|ÑáåûDdgÓÞ9]iú|ò>89û0 ^‚%Ç# +bBäÝ.Ñé$zKv-I,ôO¯’?e±£¼ÐK•HÚé eRÆd5¥jU+½·Áw˜½hÌvü1"âÓÞØCø¡¹Š%-DAwÚJS¾°£ãË¾ÂºYëM“^X¡2Ë|zEzÉ®ñ~0 X§xäŸŽDF#É¤‹\³uÅï)ãÑƒ¸tRËÅªŒµKÃGe×4éBtúWP$ùZP¤.§ÊæUšëÂâIâní# Ez“YƒT¶rŽ2iÉˆÔì²ˆRi×:vðÀ% +í3("£Ø5öé2uéÕ0i-L8+á¿« +Î·0¿EÝ÷h&²XX½/ßëÈMÍË¨]æÉ¾¤Q!QjÆñÈ"Â2Ú£@´TP´*ô&o(£2pEì_åêàÑ¤œ“%:bG\´»à2õ®&9îUtˆt®Tý"‚Î2‘JR–iY½6›Üý£¾G)xÎ€zò—|•—ŒÎ£ã|Jc”ÎD§ŒŒ$=Áï:4õÜ0Ek‘¤qim +ewÌiÑ¤±,tz„ŒÎþ'%2 H +Íôô¶´Vq°-}µñJ|ý2’œ 9ˆšç¿ÅfàÑ? 3Ä÷*,µ!îÌªåÎùbµ.v•$`3¶Ä º*‹9ú»€æ²ehá=ÔhÞ([K¦noðQJWX2[’C•¡a¥Â¢>T‘¥+e,°Ébxb0–®Ë±`ŸäîÝæo®¿~»ýt9¹ý6›\~œÞ]‡áüÓ‡àqò€«™Š +môÒ†á>¦0¼Ü` ý²„ë0¼/›å-n’[‘9á1ÿÛÎð‘ë*r7Nöfëœ8²±*2¼ð-M3Ã3£ÊUä3/·&sËTµ]u¨‰±r(íQ?E²‘–ðÓãà^Øõ^˜Y<;ýÞÁøºð¨.µ1yöß=Û>œ¢Ÿ§è)‹!Ý +ü_wÃCˆD eƒ;ª%jõÖµà"¢4³yã{«‹'cKj‹ãÒ–Œ6ŽËXFšév«WÌ´&¶æXMÏÅ©ÊX<$*¢jŒw°AðŽƒÌB8¢çY»‡ÍH{P«52NTôäøgÙŽ.+Æµh +4Údd"#K-T Ç PÒ´J«âóò™7TUÖ´ÈŠÅŸ[ž—aÎ±\hp?æÂÓ&aôE2|ûçNŸ¥³ØX‹ºµ.u¾Ãdý”¦%‘ÞÜË"UÖ–³zCý«}T²K7¤ZTºÿ>ròè™órUä²m×**{h-2'V´ZLPžé‹¤Ü}ßó»=ˆï»•íB¨_´Zæ¹âùëÒ3q€Xs®WïÐ¿œè@üŒI/Ju„=›^]O‚aXhmÛXO±¾ê"~Gé®¾>®A+*–÷óç—¡½*ÍáØÏÝ¾‰E]<•Uz$r|¹».$OBP"æ©-²oµR¯y÷Ç¿``YŽO7¼¹`~9mUµ*AŒ—ãD_l>ãª5õúHî¢¯-|c•IÎ'³÷nßì+mRd×.]zC|’ûÔu/”êË¤i¯ØE|pÜ†çü!Å‡z#¾wœ|>ù#e9Ëendstream +endobj +1730 0 obj<>/XObject<>>>>>endobj +1731 0 obj<>stream +xWÛnÛF}÷Wôˆh‘Ö…ÎKáka¤v›A[@/kr%nLî2Ü¥ý}Ï,ÉXQ•"° +Û°ÄÛ™™3üzÒ?!Í":žRZ|¥pDíSþ1M£ià®Ã ]ú´Slƒu¼ˆ(ŸÆÁ ã>Gø«%-Î’ƒ£«1…!%¶<g”dùÑˆ’ôðÖ¬(-TúDF“Ë%½ùøô†çø»¡´–ÂIRÕf¡ +Iª¬„ËimÒ¦TBYð6ùkigm8b;ÉçÑtFíiïË0Šƒð„†yÌ"FË€þöúV”‹gI‚z“.ŽR¡éQ’Ì”ƒ1j¬ÒKï˜å£œ„î†…ï¦ðEQB‚;Ç›ú¬3YÓmr}ð÷+É,¨:3ÎÔë%S§º—Nèæ.¿¥¹ÐKIÂÿý]UP&œð&G4)l%ìù“”•¥LÚ'gªí…ô7€Ìpãé¤½¤,áW•iS+·¦4—ÀHËƒò§‚§+KÝÑüÐÔð|Ä]¬7¬¬ŸU*©¸Îßtíƒ ïº”fÊ{’Ñ³0º¬M7 ÊbÍhŸ¦NŽUË”óP‚„ôçö}§´GrpnÊªqHñ¹Ñµljá”Ñóùi†BQÖñwèKdY¨;Ÿ?¬“å|þ>Ó][gxŒÐÀûØƒPo…`VZÖ6WÃpoL,{te +@m|gˆ¸{ƒ Ø¤ÙÜ4EÆue¥ãÜ.5£’ 4`‡=§ýz[ñõÖ•è¿³³åŸÐ¢0ËFþF×¸iÞq1iß7@í²56ìí¿äÕå@a™C\Y_"›þCwàãüðÍ Ì¼jÞË_6W˜T¨D(EšoQâ‘âþì¯„öÉrhv°3“ß*SfÅ8Ìoƒ3Ü¢Ìè7èiÃ8ÚÃÉ75ß¦•*Š¢¾qV¦~êG B‘´Bº÷DfJø6"^Ïßú"Üž=áxÒváŽùã‡Ó0œÄíøùØ5t¶Î—,9öa¥0ê0}6 +Aˆ45vœmË?›zÕn8œóà}Oƒ'j7xGƒûFûZ}ºd]Ih+Ët%½O?ì¡ä”nTZkŽnÐKYJTæ5¨ö®éDUIQïŸ¿+°’wšeG÷²4-ZTC¥ÑæœUìË…iÐ¡Ã>/¿ûáxç‡ãZ{uW<söò¼0Vþ÷îºmŒð©{cÜõÏ|³³Å~Ð/¿U˜·¨Í?xÌ :‚èÒÈÑ÷~àŒÁ;¯ëÀ¾›n8Ù-áð§(gôo•ÉNê¢ÿ"«×GºÉr¯ËÕƒ,@íÀ§'¿×;Óö^Uè[ÁSÉ*çy‘¶ÕØ®‡ &=-±2mò¦ÈXÐs,HÇ“J- láÓNÅw)pcÂJ’cõ%uË-÷7)Ó¬_FÛ/Ãµ+7=ký”húÍã^>¢¥v©Øî¤¸[£Ã/'Mx=‰y?|8½9;å%çPÃš’6<^=e±æa8Å;@|LÃÙè„åC¬ÚA|_o³àoÓ ¿„°Pó³ËäàÓÁ?Õ€ "endstream +endobj +1732 0 obj<>/XObject<>>>>>endobj +1733 0 obj<>stream xWßoÚH~Ï_1D - poihtHùÑr=xYìöbvé®MÂßìÚ»©Ô;]+T×ÌîÌ|óÍÌÇ÷³˜ºøÓ°Gý+J¶gß)F½ð–âhD——=<áËÎ4¾¤‰¡¯š p²_7ëF]êÇ£hLƒÑÏ=|¬¤Õ»?~ñi~Ö¹S¯Kó¢¸ŽhžÌ»x“´n6b—KËAÒTçrmE®ôšîgôMéÔ¼:Ò25öÅÑ«Ê7çó¿ÏºÔî pKk&¶KÁo:·Šãà¡Ý!9|;ß(GN&¹2šR)²p=ÈüÓôqFf¿ó›/éÒb+)7„G‘¦V:‡´œÉ ->ŒÈVt0ìidI¦¤Î]SÜ~yxœSbôJ+S¾¹pxûç|#5åµPDÒ&'±Ûe>ëý*ír‘e€ç="Ûp}jCJïM¶Ç]ìÚ¬~ÑûVh#³O¾={YUµiøÜY³ÌäÖEü¾bucÔgú¾ -å¼>Á .RãKëüü<ªBýjÇïÌZ%"£;¥_QÜ[“Ñ¢uww³8èQÓÖ¤Òê*rG*ç7j½¬"Ý+JÃÅ²…>º€>Ë†É%žœA}ð•²²á–#|$W$®!ÒAf2Ò¨ñ«Í§I¾)—KørøC‚_nDŽ«8³Ýe’Ýê”ŠÁÛ`|Å®rmÃJðÆ1¼Á¸Ïûa¯Š‘I‹ÐàÁIkõ¸,;ãœB!¹ Æ‰• ÈéqšÂcQÒªH^¡¹B=›R:zž|¡±9Åý!Œ=–Û÷ã{8ø®lx,ÏkçaÊà ýí^%ÒEôûìƒè÷T9ÔSÂ‰“¼=:(DÃ!Zƒ£ì}FXã…ÐB2ƒÁ%€Ê2ZJ)õÑ×RåêÍãþ8˜£çÒD>øÂqª©èƒbµh.H}Üçž§óc¢!lfGÈ£‘¢žÇF-êE«ÂïÇå,`{ZäE›WÍôçK« y¢[Ð‡NiŽoÓ‡Ùâü¢ÉõÃäýCºh1CD’+ª2Œ;~SnÅj¥4>gÒþ±~©üz9,'3fh„ ¯¦Á½q˜'C˜SÅX(ÉSq«äé’ÉMŠáÊ@²kô#ÆêDYl(cœHóz4"Â?˜¾ßX8šÐ*!Ž‹›°2o¸{ÂÒ*,ÿI&Æ¦·Ížþ §§Å¹GËêÄÊ-òŽ-in…v+iÙ|úç-Œ#zKcò;XíOq8ª¹ë¼Ùâª”YÎlUX hi+q%o@}ðaî&ðiá›ÑkN ùŸûíVMìã ;Se)ËEßD^@;Ä2ÌIÎ?,m” -áì°~éY«·vFñÆ^2ßÏuÅ0Œ®‚bô"u¿žjï %®mklûßBd@^‚@wµ{W!´ŽÌ“ÎÌñÀun“Ò¦ýÈR 2eÑ»Rýÿåqâû;ü,ÜG¬)‚í¾‰£ù?îÑÎÉæ—ïBåP®ÀEñ˜Úýø¤|(`È+.ZMèN¶xåƒXÌ:(£Í‘a½2ç â®ƒŠCçð@ïðëc©Æ•X,9DåŸÊâ4ŠËÿg‚ƒ!£ãSäŸRÃÌæ˜y9w¡ªÒñ–q/Š¯fyÏR—æ-ÂUP$ˆmƒexO˜ J¸L§©‰ *cG{é¬*¾ý©O0¬sHŒ½J1.ƒÌõTòÂ]šl„VnK•ÈÁtÂ>4^j ¾ç¦Ê±”·<:¶K´ø»V¶¥QÅ{, -nhÚ‰äEæå¤daÌã4(#¶»ÍÁyE‡áí1´ó=Þ²˜.…† $Kâ½5¿´,òf|Â °-ÙÉ½Lqê:pTéÄRå_`ÑýõM¥ú!õkÜAÄIa-‚Æ‚‡ ]*$ƒI½?F:·£“Ÿã¨¸ù/ÖÐñ§Ì´¹ºälàS9»Ïó³¯gÿL?xendstream -endobj -1724 0 obj<>/XObject<<>>>>>>endobj -1725 0 obj<>stream + poihtHùÑr=xYìöbvé®MÂßìÚ»©Ô;]+T×ÌîÌ|óÍÌÇ÷³˜ºøÓ°Gý+J¶gß)F½ð–âhD——=<áËÎ4¾¤‰¡¯š p²_7ëF]êÇ£hLƒÑÏ=|¬¤Õ»?~ñi~Ö¹S¯Kó¢¸ŽhžÌ»x“´n6b—K‹³Mu.×VäJ¯é~Fß”NÍ«#-óWc_½ª|s>ÿû¬KíÞ·´fb»ü¦s; 8Ú½’Ã·óräd’+£)•"7ÐƒÌ?Mgdöð;¿ùÒ™~!-¶’rCxij¥sHË™¬àÃˆlESðÇžF–dJêÜ•1ÅýàW‡Ç9%F¯Ôº°2å›‡·xÎ7RS^ÕH$mr»]và³Þ¯Ò.YxÞ#² ×§6¤ôÞd{ÜÅ®Íê½oÅ62Ûù„áÛÃ°—UP›†Ï5ËLn]Äï{ V7F}†Ñ¨ï«ðQÎáÜp¡á"5¾´>ÀÏÏÓ¨z Ô¯vüÎ¬U"2ºSú¥ÅÑ¹5-Zww7‹óˆ5mM*®"w¤r¾q£ÖÀ*Ò½r¡4\,[è£[è³a˜\âÉÔïP)+n9ÂGrE²á"dÆ!#¿Ú|šä›r¹Ô‰/‡?$ðå&Aä¸J€3Û]&ÙN©ÈÑì° ÆWìÚ*×1¬oSÁüˆûL±öª™´}œ´V»0À²3Î)’Â`œXéÐ€œ· )<%€Ôêš+Ô³Ùq ¥£çÉÚ›SÜÒÊØc¹}?¾w`€ƒOàÊ†Çòü¸v¦ÚßîU"]Dß¸Ï>ˆŽqO•H=%œ8ÉÛ£ƒB4¢18ÊÞg„5ÎQ-$3\¨,£¥dR}-U®îÑ<îƒ9zþ'Mäƒ/W šŠ>8 V‹æ‚ÔÇ}îy:?&zÂfv„<)úèylÔ¢^´*üx\Î¶¡E^´yÕL¾´ +’'º}èô™æØú6}˜-Î/ê\?LÞ_0¤‹3D$y°R *Ã¸³à7åV¬V*Aãs&íÛá—ÊÏ¡—Ãrò0cf€F˜ðJ`Ü‡ùq2„9UŒ…’<·Hž.™Ü¤®ì$»F?b¬N”Å†2öPÁ‰4¯'@#"üƒéû½€…£É-¡â¸¸ +ó†»',Â¢ñŸdblêpÛìézzZœ{´üÑ©N¬Ü"/àø—Ñ’æVh·’–Í§ÞÂ8¢ç°4&¿ƒÕþ‡£š»Á›-®J™å<ÀV…Š–¶WòÖÙ +ÔænŸN±ý°öà’_ñ¹ßnÕÄ>nÐ°ó8U–ñ°\ôýAäe´CŒ!ÃœäüÃÒF©Îë—žµzë`goì%óý\WÃè*(I/òP÷ë©æðrYâÚÚ¶Æ¶ÿ-Dä%tW»wBëÈ<élÀ\ç6)mÚØ,Õ S½«!Õoð_'¾¿ÃÏÂ}Äš"Øþç›8šÿãíx‘l~ù.TåZœQ©ÝOÊ‡†¼âÒªÕ„îTái‹W>ˆÅ¬ƒ2ÊÑÖ+s*î:¨8t ôï¹>–j\‰Å’CTþ‰¡\ N£¸üf 82:>Eþ)5ÌlŽ™—sª!o÷¢ø +i–÷,ÕziÞ"\E"€Ø6X†÷„ ª„À$`pšê‘˜ 2v´—ÁªâÛO‘jñÃ:‡ÄØ«ã2È\O%/lÑ¥ÉFhå¶T‰L'ìCãõ§–à{nªKyË£c»D‹¿ke`[U¼Ç¢à†¦H^d^NJÆÅñ˜³û>/XObject<<>>>>>>endobj +1735 0 obj<>stream xWÛnÛ8}ÏWú²)PË–í:Ž÷)½(°m³‹}É-Q6‰tI*Žÿ¾gHÑ%6MÐD&çvÎœýºÈi„9]i2£¢¹e#šä×Ùœ¦ó+ü>Æ•T…òù8¿ôÁdöüù»åÅðvJyNË >fó+Z–û£-‹K¡K°ì÷[UˆºÞÓÖJ'µ—xî¨2¥ûËéýk*e¡Q“n›•´ŽüFøpÕÉ°‚/¬ö$¨47Œ¥´Ê”÷¯3’ëå³y–_³<Ë_/^Œh0žeSÄrùùæ=Ý”%Ü:é¨u©ÑJyÍÌ`ÖK‡žÇjåY´~g¨Tkåi#ŸD/àÎk>Aàõ,êÂÔF»èt´˜ËÅH,òñb2]¼õÂýø(íž´„3û@ •²•…¤¦up,%%NJÄ¤2ºqÎ*”h§üE:ù…” {ZI2?¶kcpàÓ]2(é2\RŽ¾|1jáØ¨-lø”šc8Þˆ¥;õú†6¹¶@4Î©µn€¹ëùeb(2¢¥r…•ìŠ(MZøÖJ$è9j*°NTËGY©R…išVƒd!Tòâhok®\ë”^÷|ŸTfô]iœ4"y±ÄœíO¦!?)¥ó ÈqDâ^Ú@µW,¥„25¨1„œ‰%fÇ@:üÆ¸Â?àãõÒU%¨«ªP‰Sæ%ïÐ„µDá‚þÁ1DæœGëñØ°IÒé£Ð†(ïº(bƒÂµè9]Y#ÊBDcUBôƒø%DêèÇ‡;†Ì¹Â‹µ %ÃÀýÈ9[ -€)FÄ>DÊßÚ 6‡öurz7HS(7ÛÈÿr§µÈèËÙ@:åæ¸šPXæáÖ $‚¡ÑKù\ÑŒ®÷³;…ŽÚiŠ‚vhSÖ5†>µmU-Î¿Ã`ˆÍJ[Q<¡¨Kšáé¹N -}Ïô‡Jó'1)e—Ïu% ,ÑÇÇÒöÙ»ÄEvú¿ZéÏ|ÄÎ¡Ë@kàÑ÷C«§á?J·OÔõ!Ý’pEgÄñðmÓ6ÀÕåÔK›³ `µà›çÐˆrÒsŒkWûT–´Úžv…À*¶`ÿ 8;¥ÿä9ÉÃÅsæYoƒf²ƒNÛfK¬ «ÖÙd…pQãbwñÈOŠG°Döõ3:í-õ‚‰•„`s®BÕbÕÉÑðöšr¬j¼?&yÜÚò+¬rã¬ƒ7ïD¥‹Â›±TFôûç`Ìûçå1m/ë:Î¢~>µZYp6‚½ø°12Âé¤„†>/XObject<<>>>>>>endobj -1727 0 obj<>stream -xWMoã6½çWÜC½h"[NÖÉî-i»ÀÝÂz PÐmq#‘*IÙñ¿ï’’oÜm‚Ä¶<œyó8ó†üç"§)~sºÑõœŠæbšMi–¿Ãÿ›»[~?+i}ñ°¼˜|xGù -×X2¿Ã›’`>Ò²ç·YžÝdôfù vy²O¤/&Ú¹òE•F¯£Á åytt5»…£ñ²RŽÖª–#oMíÈW’Dá;Q“gêÎ+£É»‘Þe´„MXå÷*D]ï©.šn¥%³ú&O®•…ZÃ€W;ŽQLé*¿Îf}mêÚìÜûnJïzl7§9¦ôó½ž»šfw/Lû§Ïé3'³v« -¼f8éµÚt6eçÖ§ç³<›ÇkX.ß÷Há±i…?ç„îk/F¸$ Â•ýÆRpclI¢ÿÚ'ÎHXØy-Ó¸hˆ#‡$ilk]Š–vJ¯”.Ïr•(Íî¢ßXÓµÛ—©žòRçÝ‘1WK„Uê¡¾Û£sô°·ïªñ?¹y?FGä@Èù…*”µ*©\¥<ºÎ¡ÓÒïŒ}’bŠ¿gªCb3í°‚Bô°æÌ~´ÖxS sCŒ3ö¶-Ž8þ±Ë¿wÿÏäÃ±<„*ÿ²;uò’¤(*2k–'©‘E%€®á¦ÿ§S |#|Ty´V •…ª•ç:ºœ Ô{\Ûðn-”¢Þ÷ &eèS–}CÎæQ>BV*ÓÕ%$iãew† ”ö)à’ÎO<@îPCXãÐ^—´üõëäã×ÞëÆ¡FµÏÐ¤õ œdk:}¤g®ƒwÄD²ºP-$AõÄ“Ò2º¸C;#LÁ(ìþ4›$Õ³-ô¨"H§ce¬ÿN4+tõ¥»gr]Ûëƒ^Èg/5Û‚vHZ¸¥(ü¤ôÚ -çm9·ò$'Çë°cup^Ô -¹;à¨kfI¬0àÚ¬¼Púx ÃOú¢é¦ÏÒ?|ü²Í°€Ôû²D=8ÉƒÂœDÝ°7¦N§žå±§EHVKY/@Àz† )#5â¨¦0…À;£M¹7â)Ø7(1z«¨™“oã®9Á´ŸŒ“Zðþoˆ¤Ë\€zh‚ñã›8èKW‡M‚¹Å&öÈJÍ\aµÇÔ›LÓ>Û1‡aŽ|S‰–)¼3ÆO'<Óo1¶03PBjDYrÙÇE©ñF2–P 1ÜÁÎã8ûèžºÖ¥=©aŽ¥®ì‹£5Î©T -W¯Ðûã¢h fµ‡ŸEÒ?çZ½$`mx1ö‘±ÿV -<„¨˜+p˜Cœý®RÐ¤•Aç€ÀÔ/½—Dë«°$Ç ÎV8 ñÙêê:;p¨šeñ¼ptøÌÎ¥ršC¤›M£@%ý-/÷f·ñðpXÛ“È¼[Y²¼ ŒX™.Êièì ¿}n°Üà¡¹>ñ>àõI›¦°Êtî;I}3%Ð)ˆ†r¨îã›È¾¤·[ - ›3º¤QŒ½óçC^!`z´R&àÏ‹O'eE%øÆ´h¤ˆ; uƒÀ`_“öñÊçB¶á¤ ‘á€ïi³¬†@WEÍvÐ¾“ÀqRÑ¡^0y8DiV Æ»;Â †£Ð£h‡˜V†î7 S¢áøìá$fÐðX”ª';ƒC¢)x–‘‹—ªÉ1ä3ÎÜp›ã:P¡éàrÜÍI_E¬ùÜW'1c.T+<Á”ÄçP¯àÈAh éHÜ“˜Ê[QwÌ>º:*Îõƒ·²ÆsœK›t0Žä„>N"ùb..Ô12¦CO“ÆÀ@•ðÏÜööq®ñ)£Ÿb¸\D'áŒb„Ä0×q|MBúötÈ.a¯A«5][|Œ+,æ»AqÅ‹AA¹K‚žÏqE»»Æe,µüâþÓÃ=}µ&Üz~3EO;†~Õ/¸ºâŠS·¶×o57ó»lþvEbÓYÎ.~_^üyñ/pkQendstream -endobj -1728 0 obj<>/XObject<<>>>>>>endobj -1729 0 obj<>stream -x¥X]S¹}çWtå‰l-Æ6¬a·r· -ˆ“u]\l*÷yF¶f¤‰¤Áðïïéž‘m&U{“Ú|€±¥þ8}útßÔÇß édDYyÐïáÇÑ wJ§çgx=Ä¯iyp9?8þÔ§ßi¾ÄÑ9^ä„Óý>Í³CjÿaÃŸµÕÞd4UÙÚXÄ‰øèñ0…kñããûŸ°:”p¯•*›¢þŸDýåöþßŸïoî>óGW*ƒ´UˆÀäÒ» <´1½Ñ>¤Ÿ½««C}ç¦ÿÄë•aw:§Å+©¢ R—í¹%moþ ¶ç>²½D®œÞ[;f¦n…²65?n3g›×.SE›Ÿ°¡ÙÆÄ"S«cÃ†{\ö‰•ãO§44”? -Ô“HaíêÈh².¢¸VQ@J<*z¶-Ž8¢'·±Ä¤U¨&Þ&µpÏºGó5hÎÿ,=£Ô ‡“Þœ1hx›¢£ùÕÝñäCDeT4ÎÚ¬Q-Â™ÜðøàU¬‡WÔ±$•—Æ¢¤^EçicPÑ\#m¼‹þ²rôXÇìxíBD•ÁÿöÈÇ›å*ª… -.‘v›|«\f²1qM âTyîu½DÙ´ÝÂñ²ö@ÀSåŒL¬PÞ,M&IuqþU¢d3,DMYwA7¤zÒÒÊry4qà^gÎçrÇu£Ê»g“ëÐ|8•‘s£øZ1BKçË&*©ötF_ŒÍÑ‹ˆÙhÌr]ix•Q£¼Œ¸kb¹%]àû§¥z6ië¼G–ô‹*+Ä{±%†À½V¼H¹-’£ïâ â`v!(äËÒqÙ4Ç¤}@ê%Òi|¥@v»r8Jî¢ü-ˆ md¥§(VjÜÔèñðÙ(Rÿ ã…w*ÏÀìÇ÷„«¤m]j°o,=©›ùµzÖÛ¾’æCnõk „sˆJÇ§×˜Mè!t -c‘X¤:LÅ‡ÈŒ‡ŽŽ5„!O ’bÃ;z‰ãÛa£C¾¬ 8¯iÇs›@ö¸çuÎ´A€3Sƒ$#Ç¤Ù•£ä»Þ™ã„äünãüÓŠEÿz–Þ5¥~"•‚x,ëÀ¦ñóÐ¾$ûBƒ"£`VVZO¸e'Cº6„‡ „@0«½‰5ê€µ¤ÕûÜ„ºr¤¬rpÙ¡ýÈ[ã‚Èw½ÁVÞ”Ê¿"ç}ûQPæÙxgK®¦Ä…ê Q+ýQtGüíÉ‚êè›ÝcÙî¤º¥›B*P® -òjèE¦'¢iu<¥þ«hÌŠÁ<Ô @úã)L dÐ[ŽjÀŽÈ¾Ö A·!*è'0ÊÑ/O–FÄì¯‹û1Mo?Ž·ßK -%d%‹u’VÜ7ù¶è$BÁu3ÒxkE}³vÌ žÆ{‰mó—)tè•\%"œ±n jd-‚T+¨«}˜ï%þÆ;|ÞVc¯”¬ö5÷à·ÚxÎ¢OñßÐŸJA"os+JvGÍžHî¡"T‡ -[N…Û*¥†mÆWiŠªRo¯KŒþ$Mì0àƒZ¶()âjXþŽ.ÒŠ‚¹‹x5kvÝi{ç“ã ˜M/¡ˆã0ÿãÀ$Ç¥¦›AÆŽç›vïÞ:“Ý–[.UÀâ;±Ué¶Žüm&»3*ÝkCÛLU¡Æn±õu}}…¨®Ý -2Ðí˜kcŸ¨]ëôÖùçF4 -ßLC4T]D©Vd‡‡1~˜À^íE=~‰Iw²}`"Èö¶T÷·y¨"8V?<:6,œ¼û/,§mÍsw*{Âî7~ÉÖÊ®`e?:PŠµxí8¾=ÐA~H4 -€Ø¢·uØ.j @?Èå¼ãLd”æÍ2Ä/ù9KòkÜý ù·¬Ð7™cF½@»=öè’ŒÈµÌßR3&&”m3™Üƒ*6zlŠ..“ŒWévló—&GÃ`am';J¾'‹rv•Ä~üéw`EäÇÌ£~Å¶88ë {ƒ¦“RÒ7<õ¯°H¼]ÕÏøÒj´×ûÛô5òv˜Y–ù‰‡Ñ²¨—KpdKXD°*#@Ée#Ü•“»NaÚ5C,©…k=6ñ¤<ð¡—ò%éËCÊÚòxMÀI9eðñÊ?è ~#,Uuä%cÒÝ*RÐ¤—ØœyåQãKç¸[QšÈR8´ô®”ìxY-À^ ÉÑ–f:Z9¼õbµýû^pxµ0+ýüïØÓB5lWÿ o‘ !°Q¨‡D2çÝD$o6a1NÍ;ÛÂ…½›ÝˆŠ\+~$ÃýRÔŠ¶,ê°F¨ÛÌÅ¸´’@¥"ž•šI§[=àH[i–§š7Õ“ ‰ õâ+vàÎN?·O'ƒ~…r~B£³Ó†Æ³‹éåÝy'Ç?ºË®2ÃùæQºptÖçß¯üíOGç½ÑoCô -ÙÌx~ðŸƒÿ®w½Rendstream -endobj -1730 0 obj<>/XObject<<>>>>>>endobj -1731 0 obj<>stream -x•XkoÛ6ýž_qá|IØµ,b‡³HÜ,ÖV0Ðs‘H•¤’x¿~ç’²ãxP»5(ÐJâ}œsîƒùº7¢!~Ft:¦£Êª½á`H'ã£Á1Ÿâßcüµ’Š½ËdïãÍ1F”8rrvJINø|8¤$;ðª’}ÓxÊe)Vn@j ŸhêiQIRŽ”&¿””‰l)Éñ••Î”WFSiÌSSÓ‹*KrM–I™ÒVù`…ƒJ³ý!ùkoHýÑÑ`Œ(´ñÒÕFçJ–ð…oh°mã¼^éG*Œ¥ÆIë¨L*ÏA Ê–ÂŠÌK«œW™"8«ñ&3å u5>$p• »9}Q:7/Žv©ü -G„'Q–üL¾ŠJi8EBµ™ô—ÓÏó˜o€}g8 sêé…w^øÇ.i.ª…ØIP~mÔ³(¥öÑ"£¹u¾ZDàz!Ú7ç4B°LSÿhãÆø nï~ù¿g?ké -ìdÂ#`¹Á,¡cˆèŽYxmBVA+WŸÒôËt6KÒtþÇ<™ÜÓôúaúûäaž¦“äê}$t¾“f´J»@Íôž.ò|ƒ=¿“F”š†T]™zeÕãÒSz¥ht~~Fw*³Æ™Âãµ×ÎFÃÁs·9¼y÷y,+È‰ªÉÛŠà"ÉiÁš†Ô7ž xGW%ç‡PZd:=˜gi)¹ºÿ8½GÐPwö -°›ó³®“]ÏcÌžwbh‘w\o„H(Å”™™ªnPÛ,×i{“b _ˆ&è6„díŠÜÒ4% ‘ô$kT †î ó\=«•*µì$!ˆï-²-cu)²XMŒt¥zÄ[6•TÜJ64tžÛö=Vßv²Qôk}®ë„¿hÑè´ù–“5Z#W<Ô€þVJ Z°«:—¼‹è©·ß{ë¤¶¡¹G©¥ utšr‰þ-ƒÜ ZÚ²©ª¨5'ãKùš~tÕn"°¥:Éèì]¿c”Ð¾(Œå—[Ep{1£;¡Å#Ô=¼¶ -§²Zç»ÃbÙÆfeŠ‚'P Î®n»žÐ6—Ã÷\N~žÎþ¼¸M&³‹ä{‘Lf×ÿõÛ4¾jv£î×Vé0È7+B]ëÓ]u=§› øB¯Ú2o÷“ÐcïÌÒÆ™£ÃÜ‹ËI& ÞNë|0¶Èm£¶Ð¥ÈC±ã ¿“*lº\¡ -Ñ”þ0S,Ûmž×É¸ás;ËÛhÌQ Ì)_Á všàlkÍ*„*Ýÿ/’mÐÚü68õö·ÖCcxŒH çL¦ÐE8íNÄ"ZkQ¨h32S…Š h^î7<»PI¶Ë¥yù¦å…ÅN,¸–æÍÿ{V0^È¥xÆ†£×u,õ³²FsßáÁ¬Qî›™äÒoRÍcß`H"N‡·M-á× ÌÈ@”¼ç9m¶½Ýª'VÊ~Â” ÓdDØ_Ë¬Ûë@”(=ÆÕã’=†=jéŒÚD»Ñô²”q;Ó%[VSèÿ+eˆ[qsëíÿ»Ÿ´E„%S„s{¸¹Ú,[Æ—IwIãâPøÖ;pÁhx -Þ”òÖµå¡(•¹ Èo”¯¸å`«õ1 -o#KÐo³«þBp1R‡qçç<»IÌXÜ¢TãP;)âj@·d^nñ–7‹ Oi;1Ç•Šcº¸ýrñ.Û‚Â‰„õ>ÊwÆwkÿˆ7’NEpq ZÐlùhTÞšÁ¶òÖÆ+ÜxY‚RseQ“êùÛÐ)æy¸q`—/I½ºY”*ëq)òS¾AñZÆ9?*¾ìŒüVhŒæyŒ¿ÄeŽWÂÞ¬)Ë9jÓuÎ¾\pblŽ$,n´íÝ’×ÆNAðNT¬ñâñŽÏpcu®€ËU‹Õ“\1[†¿NÃiÚºOS·r^Viš5Xì´çU×šÒIWmÛJÓRèJèÈTšòŽVI´{—¦®]Ì6 Û½’´H[ù¤,Â+@ŽÁ~´¡£å?€Y$ÁìØÈîÇ›³ö‚7:Á/ -ÎŽð+'|™_Ü]^Ð½5A tm²†;j¸3ýõþéŸüà[wÓã“³ÁÉc\eùÃñ˜${¿îýÇîÙendstream -endobj -1732 0 obj<>/XObject<<>>>>>>endobj -1733 0 obj<>stream -x•WmOÛHþÎ¯Á‡£ä ß€„»HrÄ½ê$KÕÆÞ-ö®Ùµù÷÷ÌÚÎ›ê-%ëÝÙ™gžyfüzÐ¥~ºtÑ£³EéA§Õ¡³ó~k@ýË|îá×Jšû½óÁÏt»WØ·wâ&8hßuèŠ‚9î\âCL°ßéPSõïèSðã C§ÝNë6ë,$ÝŒþO¾“Ð1&Ãï×÷ÁèirŒèE®ÞŒ‰$1o”I®²GÆ“Ûû¯ÃQ£]—‹\¦RçŽrC3IÏÖ™ŒñíYæi[tWä”~†9WD‘tn^$¤t”±l4ü¦’„"Q8I0Sšå+¼ ·š6ÓÒnuBÚèÓÌ*Ã'ŠÂŠ(—Öá2ÍÈt&ã(M©È2ìr4[5Ú+ër¸e¸ŽÙ&û;‘ùÍøË”´H%[z-RF»~®©`Høc£á0ì¼k wËƒ>øLFj¾"AùNK‘`“±øþó ~¥¾Ï “€Ý“ï"e …Ë-RíBfÎž#5ò=—ÚqXŸ›âhZ§n§×Bq\áÿ…ç¯](mj*ÓÑãÓˆŽ†_>k™ƒœ/ìáKI†? o?`×°ÍC¤Ò'ƒ×nÿp}ÑÖ‡#Ç‹„°™œ´Ki?rCïŒmd&+a·Ì•1ì,8SØ…ðaÛ]Mb"‘8»Ü²åñÙúÎÐHæ-Ùù¿ -k¬’‰µ84o¬Äˆ†aíafÅ,QVÒ…q¹ûØqŸûß8»#_MW4ÓX{„ÄÌ,™Ãžä¾.×49¬RD‘Ñ¹P¼§ŠV×ZÂ¯ ˆÌ·ÊlEŽC/¾‡5Xë[x'®°ÍjY™üžxœàCÚŽ R®ts®ÀgàFkPÒ¸Ñuk‚ê¶kÁG¸TÝ²dB¡–ø…É*©4W,^hN£}·rhì]¡ÅR¨DÌùûê419·‘ûô½-œ(=q” ‹+Ö³VD&-“Ñ$E´ Ä˜—";ivÒ J|o^è–µnm 0 J•Vi‘’ïP*Í,“(“u— -5‡ÅMØJlr9ci'/•c4¼¾ÃðñÐœ ‚€‹†}kA¢µ{q†uÆCÜ¾»¢n¿œNÏº<t/Z½ÖY‹þú2 ¦~'›lßõ©‹ç\Ô¡T -4 _+³4³Ðï\¢ð’aéëðqï®õ–ð“Æ–,ÜµÔzb{„£+f?dä©!™\ªgy™óPZã_{ÂûönŽ ÒgÀ[ŸC¢ýš9qRé¿8Ü?”š¼bx–Ñó‰C¶YÁ6(\Vƒ®¨Ø»,Þƒ‰ÍKeðŽ_ÊA5¦4õ3/™w#Hqë¬Õ§'µ›k±¯Š -â´Æ¸> ¤âŸIåVuœ·J/~Y×åžð¸ÖÄ±]@{špjÊªd,'±,ñ -·ó¨ÛétÛøÓÛêç“›ÉtÅð¸NêÎ LHZ9h’ËÑuJÆpòKÁ„F¡Ó°~úG¨Nª•Ï -Í:Å)jyß»7J”×µr¨¯¬ø…Àû’Ä+Î³Zâ/Ì&’Yo´ÜIäF¾+è/«FÑàeùòŒ/NÓë‡›kz´Æ}h¢‚%Õk;uZo?½èð[qCoë.[ƒó*“·ôú|tü}ðD”–jendstream -endobj -1734 0 obj<>/XObject<<>>>>>>endobj -1735 0 obj<>stream -xRMOƒ@½ó+Þ¬,P@“Ú¨±«ãqKKSØÊ‚íÏwJRãGŒl6ÙïÍ¼73o‡K‡#òà‡È*Ëe.&aÀBqDon#QXóÔº¼À9Ò‚(a!ÍAp×EšÙ©B¦ê¢\w„NDµhV/‹e-›wÙ ÝP.µÛ©CY¯±¨dKñZÊ\Œ<—¹yðEº¥º$±¯këjÅL!<Ê±Q”;y=b¯‰Ž°€DÚ8}TSCwû½jZLñ*õç4./4„ïÍtún45ÁX"eÝû…ÿKéR¡$»,þêhhíÇã‘ÝÌ6²‘Ã?1¶õwª’fCÃXåä!Oìƒû>-55™=ÌgxjÔVf-nTÖU²nE[ªÚ0‘àD. 0·yÄ<æ3Ü?&iÒ·ÍÀ‚0fáÄ£ 4obb·©õl}*äÊÕendstream -endobj -1736 0 obj<>/XObject<<>>>>>>endobj -1737 0 obj<>stream -xWMOÜH½ó+J\Ò`˜$7 i3a…¥iÕc·Ç½±»½ÝöLæßçUµ=†Ã*"»êÕ«W¯ÚÿLé -ÿ¦t;£ù eõÉUrE×óyrG×w·ø<Ã×TÈ7wÉl|ý!=¹üú‰fW”us{GiNs…+ÙÙ—R5ö4½Kè©n¼[ëœ–Þm‚±+2–‚ª—ê<ýW¢Loc”‹ù52¥ù›&ô}ýÚè ¹b÷l|äš¦Óþ‘ÙmrÃ¼|{ «Ûó?9§4¹¤¨ÖY©¬ 5-·´)MVRVmÛ@™²¤²L¾¯2¡åTµÊJcñ(`ª!æ„í]Lçcp™ª*Ôu*…i pšPZšƒeÎ¶ÊØ°Ù–ª%f½Vù–Z‡„x*L¥IÙüÒy@7¶¥Àµ™ÜÓ–Úsåéw(7¦\Â-V†Ð~K¹CëZ”’U]®÷@"@b?´”uÚjKj @•;d -?C2Jž"ÙAÑ„‚KÖºÀF¤ª"îIOuB_œ-Ìªóª5Î2ÏüíN¥ -´ÔÚrã€¡Æ]n\upµ¦Ö'òa‚¼6dæ9;hoèšÆyžöC}Ï,e‚ -•™Ê´˜Ì^/öŽ~¶Å©õAãTÛz™Ë ª -ŽÞz'6ˆ¡w —+Î‰ŠF„„z™°F£Ù½ž zûk¯g_Ï_Ï“~¶£/Ã)Å—|v°›ZÞ+ ú`¯¼ëÄ"PK®hûžsHÉá¤ÜÕÜÆÊ1OLÈ¼i°P›uRke*VäXÄÑ#S ²h±‡(Œ¾…Úï‡ØkÑü@æ2è…¬Ž@<‰#«·D0Õ¨ T`ÙñbÙ-¬anx«aÃq}Þ£‰È%-³#N„%g£Ôc©á]|”å%~Ë¡'½ %ûÙšŽ*n·®ó»Œì GÓ=fxÁ£'äà9 -¥ëª\f'è¶—ªÆ qÏi+C¢ðvá[qêˆŠ²ìˆßEJ"ŠÏ„™Õ8¼¥uBŒ¨îø¨`aFš@©À³c(ƒ`Ä{©NFI½^)ŸW|ÁäoJ œ¾'u‘NújYî;Ÿ`³á›Z -½·ððJ“úsÄ˜á¿÷ËL¿Ýv2{<¡ek‘åÅkÐj>7)/§˜ÐèÌ†Dr:˜®ñ?šÐÁr^¤×¨ç€‚ïóµÂnÏ‡K²»q¿çrr;ÞÎÀ+"ãè#Ž™íe -p4¿s‘^r<þo>ŒŠx€Ø„¶kãç‡ U¯{/¬¶wt?Jº“/«Å÷ÍdÞW´G{-SM4-£CPÎÆQ^{ ïdDXÕŽÒ²<9#ËQŽ¬Rþ#ºV¤‚å¿#«/¬ÔÑ -Ó6,Þ|rjàVÇÝë;Kq%$íTE"v6Ü3”ºsëÓ~OÀHFà‡uÀÉúÍ‚‘€›ìžíËXòkKQ£°ð\1F«•ÅÃ/ÇÅ¢«†ÌÑ%Ž(AÊx7mÐ¶¤¶+žEÑóh†ni5[*OÂÿ”Œ[‘×Šô„äýCg…´Ôt¾q8J}FëpŠÒ,=ÜÏ£ÀÚËk´“w6›þ¥ê[ -s¢é´?·qN£[ï7-^pÈV«¸Õ.¿Þí_¥n?ñiùÿ¿º]ãÅðæã¯üÊ6»a2þHOþ:ù ¨¬Â‚endstream -endobj -1738 0 obj<>/XObject<<>>>>>>endobj -1739 0 obj<>stream -xWÑrÛ6|÷WÜx:S{F¢-É–ì¼ÅNÒú!Ž©Mü’ „˜$X€´ê¿ïÞTÆÓiâdd öv÷ö ¿ftŽ¿3ZÍi±¤¬::OÎiq9OætqµÂë9þ9M…|pýÊû7›£³×4[Ñ¦ÀVË«mrÂ6çç´ÉNfWÉ"¡gÓRWØÉÛ²kO7ßðÜÍ°œŸ›ÎWÉOžÜäm¥Û©·”[íë_[Ú[÷DíN×´³.º²|á_©´Û¤®R*L©ioÊ’vºlèÅvÔ:•=aƒ}-+›€ ¡{!E¹N»-cÀÉ³ªÅÉ¥~Ö%Ù‚æd-¨Àÿ…©s÷ ½-½¥Ú¶ÛªVöÎ:çtÝRêìÞ”ñ-u¾SŒr«[O¾µNçdEÿÓòÆÿ¢F¤ŠamØ+ÉU›ÄUóerÁ0ïg›‚Lû#GŒÕOW-<øíÊ˜T“‚ÔZj_.A“×îY;ªU…==âÏúýç¿ÞÄWVªV[¬jà|TŽ_U‹ -ýÇñØÜø¦TQ,æôªgeJáw -Ž¸†üÔhÛ(ó¸` -<èQD¦:ð/¨žý±SÏ¡˜miSUÒñ¶Ó8Le™íêö5B)ÝŸUiòþýþàÞŸu¥«Tj‹ÊÞ=ÜþB™k±iq$>`}} Nð“ñCØ“s'ÂF»ë¼(Pu€"ûóeÕˆÛˆU0}X#êþqM_À,Fsn.f¼köÊåíÊíM»£µªRõxJ™ªYm`/Ì¶c÷¡~¨wÙ=žµõKeðñÄè7ôÓõ: ìhÚ£b˜~ND¹„î"%™òZI!Ô¤¦mÑ»i¨"÷Mk-h¬_¨QÍŠ®ó$žd™+|’Ãš K‘‰ù¨Lä >ló„-äÒZg‘üB" ¡…8h -@í^3i1 Ùóèíšæslí[r>{šÓüñt2:^þ~ -o;½n§÷ñ„ë½ÞÂÈ£×P[¨# -³G÷;ª¤¨òIó°¨É›µøE‚ÉçFçB •ÃžÐü€%*Ï¡•Ÿ`ÔpWŸ³‡¥AôàX©µÎuÞÇDÀ¦8JÍa2ô%}ÎŒÆá`°ê;„þXà¨”â9s÷@ ±wÝñxâ™Âè±ŠÒãLÞ±áØ-X«ã^ Tâ«T~Á ’Šs+¦§ÜØ1Îa5öü¥·.pF¶y6Š¯x²hûóÝ2+{BÝˆK±Ül±bD£Mû!(p`ë¹^5<m:&™{±ëBue‹xÇUëVßcÆã á/g+A'ãŒ‰ó³Ï¢þÊ"1^i°‰å@—É``aƒ§Â(åá6¸Ê]<^›øò';|—äâ£š9ˆàEŒŒ ×P›¸´ÏËþZ5.QåkÁÃrH4"=ÐØš0tÀy9\‚®/'‡×÷›±¡Zˆ¡àj¼¸'¼sý¨ïÖ<óà{T¬+Œÿû-úSúcÂ¡71oqÃ±Ò_·‚³OØ<¸´]_J&á€¢ -ˆÎ?aºÆîÇW¤F»I6!dx‡ƒ„‘>TÐÄ¼Ÿ”5:w´e?äFï"WñF9[âkÝÕ‚–çòukýöãÍ[þ~öÛíÍº -w/ÁÏgLûåÓÕù5ûø¯ïsË«dy9Ç·9^8_ñï7Gý°¶\endstream -endobj -1740 0 obj<>/XObject<<>>>>>>endobj -1741 0 obj<>stream -xX]oâF}Ï¯¸o!Zp0d Û— -’ºR“m“H}Aª{€ÙõØ Hùñ=w>Œ1!U«Éž™;÷ãÜsïä¯³˜úø‹éz@Ã%ë³éóÙåÝŠ¯èy™Ñƒ”úQ¿ß§ç¤£«(Žè½£TKCI¡!SÍsYÒ¼Ð;£ò%ítñB?_<ÿ€°+Šc'¬7¸†°ÎÍ»[”!A‰^o2•ˆR¦”Š<‘]¼ÊK¡r–º®²Rm2Ik½åßQ”&¢o%„¡R¼Èœîk¤%Þ§^<Œ|¨‘[YˆŒ^¥(°VÓú–+ ù©Ä@”$’•Â*Ì® L¢‹B&e—DžÒ“XÏebih.W -oTNF¯%‰B -èà(Ó:51‡ÂzqÊQ+èjY0ÚŸš½F^Ò`q:7:7*•œO[ÿXPm¦/t–Áóô“óxŸ¾‡_¹ÝôÏŸYçö~:»ô£1{°ï!þsâ^`4 Sßø1†·×_?Foa%5‡Íqc½”ÕûoŸ“òÔñÀŽ÷ºŒNkõ Z}:X{ò‡]zR·Ç>yÔU‰à¿£‡Ÿ@üÛãà?ýo8è¤U~â´‡¬ï_Ö¾ñño‡ûWÇbNGÝï:½`?säu¹æ³ H+¹Fe=8Xr¤éÃ€³Odžœ+øªó„}^aàÓ -£T<}KGšz+_³Îßž\ -Òî¨fS2q‚Ž†ž³ Í:q—]Î.˜‰rˆhþJ`*,îxÑ#V=°¦Ç´i$èŸr]‚„Áÿ ~‘&Â0?¹Z=3E¦5“lŽÕ9)kž¾ª§ë‰¡¥öýDDc*ðîB–¾× áœ™œ <Ëœn£ëCAÖM²E˜Kfr®F@*óê6o`0Ÿ`”GªTPÙ ÀÌ."ºw6%>Øámˆé˜þ÷Äónõ…Û §ò”k%¾g%#ø‚v -ê'`rT?«‘¦’2·ÖöÖh<µl¶¬.+8±A8eÐ–4ï,Ò0¾¨Ïõ¬å¢B.¡Ö`¡*èA–ÓoßŸ(‡¿”.Wí“Ëvíš ´‡Ðž4×šÁVmº$3O¡ÊYS×ÎIÎ(ØÖ9\ái“‰5'‰00’9xåª²¥‡éc!â¡àb·S8À®ËÒÖk¤·6[SCêµ…2HÀ½äz—s•Ît‚¤m™2<ËíŒJªLw6‡"§&§†€„t+Ð --±S¡–m°½ñÞAM;YÙ·ï‚³Èïïx=´#¦»7Ûeã’ôb™•(˜„‹*±8jHe˜ñÚ2’‘i%ðfçç "¢çÌ¶@ñIjq„¾NªM2«>™½œÒ‹”è©Zgc‡.Ò€¶…H<ã°·¤àÎZ=¬cÍ0Á9Ì»xßj.ŒÝe£ÖH÷ˆîtÑRÁ5¥Â %ã269/hN¹=¸Ûh›5FKÀƒH6Ç©Ñ:œõoƒ*ºôýh×n?…=«lè\a4*íg‘ýç¢*WºP¥(•s›ÿË¨v7ï#hh«Ð–Û¼ªÃè]Ž3æ2",‚w´Û\ÚNÁ…åIl9c]!˜{‡ÙÂ,û(]åª²Ñt^#Ós‹ºsÐ²Z(¾,œ%FWE"ƒÇÃæ¾Q<mûcM.iÞÍ}à·0ÈÕœvîÊÁuÆg¸§>ƒ’»m“)Wú9;/Uð}™½:W†^ àÚ‚±ã¨æ:ïF6Øî4Î"Äi£•-á|¾äeZ¿4o7³ÂÆáÂ‰gèUW¨ÜU–²R\Ïñ¢¼Ô -^.Õr5×ÅJk\âv/±¬ˆ4M*‘-°¯DÇ³Cáe™—wÇ×¬'×úì{²©-ò¡äýŠ< - -ù–kF÷[hßb„÷ü»µÇÓ¸4î`V~OPÍpK³Ïû¼µO{)»¼û[y<ºŽúã!®ãÈ¶‰O“ûé„~+ôÄ=KªAÙáÒÌZôÂ†Þu·ÌôßÿGàj4ŽFŸøçïŒYê×ç³ßÏþÃ*Ñendstream -endobj -1742 0 obj<>/XObject<<>>>>>>endobj -1743 0 obj<>stream -xíWÛnÛF}×WÌ£]HŒH¹²R-$Ëi4²+ð‹ƒ—µÅXâ:»K«î×÷Ì,)Ò¬ -Heƒ\^vîsÎðS/¤!þB:Žh4¦tÓ›-{¯Þé5-oñ`<Á"£a0i™\–I¡\D»ß"º™í.°Àõ´ÏÇ™Oä8?\~ì i…Áâ*)£fßbt3o® e$RF"etÃRðKyõæˆÂÐ7ˆDÚB;En;Â¿[å–t^àj½Æ¥"+6[Š Öê!6±S}*4mât•Š°Ã*UPœmñ^ñDú¶½5¨íGlÿBoIýox³—NQ@SˆÑb¬øO+,•ê [§hÓx Ö)C‰Ñ[‹sîp_ß[ºÕ†bšëMœÕK•ÒpD¬´Þâ4Ù§"]]äÃx-"Ö¹u´ÍÝ* 3G™VÖ‡#y¢O¥2Oyq'–\-.á±y„×ÈÕüúP`3Ï.:zã,3ŠÃbNsÄ."i¡Üììü’ŠN^¿ûÛûó¿„³ŸZr&äÁ0êÖ)“¬a=ÞÕŽ®Nt`\xsãØ©™©u¼FV’h”BÖÍÖy‘*Ÿ‘ûQ9µSUžŸÅ½§ÖkËY’ú‚CŸÍ$Øq¦®öØª"ãðÇôN -`Zº„]…B}ˆÓ{…zEŒéÃüåk…£Iõ@² ½E;ïÖÇ–%O½ªŸ5!9—’äÓ¢ÜD„ê[WYñ^5Y¨Œ¢YU•\b0˜ýÞ5‘/Î§ÄCBÙQ'ºtI¼YxÖ®æ]TJUþ(µ©¾ è¶éJeå¯ÆMMÄ.GË…GñÃpVÌÆ£¶%¹À_4è´žF-u@À!ÓègÞßê'ÛÑÌÝŠF»Wô?iAå :òèà1²g>¬u‰þ@'Ôb‡Á„›{ ¿Ö£:â>¯:{¼ž°ÙÄÍÒ\ECAÑPPÏ€¢áÍ\Ž§}êHkoÜ»fd¿>øáúP }Ö,Ošå\–•äçhÿRÎ«íµ©}“½-ËÍrgœoîž~ÞÔS›Þ¤Wª±ÅR|¨®ÔZ¡‹A\º•6¹C ?*J+Øµ‡ã¦Ï˜x[!îtÄæ†ÀÌ[mîqÎïV‰6+3Bwx ²`yLà1‚ð:½mùÕÍÑ¯+£"¯m'‡F•Çrt±ftó}ã9Ey‹ô¶ÖÞå%·)³†åÖe„F·ªGÀ!c,šV§iiÀ5LŒæŒ;´…ëu”dŒB‘‰ˆ'ˆ–‰ñJ›óæÇ< q³æŽÊ6†I©jUõµ›ïþ-ž~Õêø}5Þ`Fáƒj³Üá ‹®$wxøßB÷¦¾:a/&°oÏk4Þçßêº®ÐÜ–EÀêSÖkbø"¬7TÂõ))ÙÑ¨B–IõuŽƒádDcœý7ßôÝlJFT©ÃôŸ–<ûÊøÆê ƒã!r„“à(ú°/Ÿ2þãÌà'4&?!¼_YÂÑxŒŒðÑÊ»£×|ïtÙû³÷Œ:8•endstream -endobj -1744 0 obj<>/XObject<<>>>>>>endobj -1745 0 obj<>stream -x¥WÛnÛF}×Wú¹h‘²e¥@ìØ4J-Šº0VäRÚ˜ÜU¹Ëê×÷Ì./ -4ujÃ4o;sæÌÌ™å_£˜føé"¡ù‚Òr4‹f4ŸÍq<[^à˜à¯’”®Ö£ÓÛ3ŠcZçX²X^Ð:#¼>›Ñ:ß*-Šâ0!·“T˜TT -ëdE›ÊÉŒ8ˆ]íþMž#=DK…²ÎH…1¸~”ô¯:½ÑëÀá49‹Îþ] …ºŸ+Ï½ýsËY´ä5SÿÓ -7š#îóÙ`Mð÷‹˜ÌþŠ×—>^ùã¼öÇ› ¬/üâ9R|y?þþþ8ÛÝé›þô:œ¾Øô¼7=ïMÏQ—ùC0ÝXNâhÑSôxY -:àõG¦ y¸~1>Ù"›ýi‡/nðÁ~üpã_x±“ÿGÂ¼{¶ú+Ëfý‘IÀ/Æ÷-$L^ìå?WYc¹+¯Ü¥¶G¥’ÈY³ÐÉ¥o{môTÔng*mPP-Jˆ›:–ÃiªB¶«ŒVãe£-m¤{’Rÿ‹¢±}I/õHvJ×P4C&MëjB›gòãvÊB–L]dð8Ô3«\íáxÔPÍddçmN±#ÞÊÔö‡˜õíCB¹P…õ sSæ‰eÔ+µ‡àuã¢3´bNÈä”šrÏ–p¡IB?ÉªLòÖFŒˆ4•åMÁŒ©)¯Ä¶„67ñ>ë¾ÃÔ–g†°mE4b_ lA jœ´˜öZ£Zªíncêjgèe1öÁO1¾Ú™G^Ðp§‹ãÒ9Yîdƒx-SÇ§Ànèû@=-Ì—OL@áéð´qœ‘vzä•)9šéÑìbf^‚;yŽ‰4º£¹gU‘Öôç Ù”ÜooWwÍHm®I«.¾r83ˆ8ä©yÍ'S¹çià!&:b?P¦ŸeSeMaŠz¬ŒÈR2ZIwõöýï 0‚jn’ˆÖ`@æ9Ø³ÖªR]h™w;ÁÑ _¼«%ã¥ë.ª.Ñm™Ïa§·¯)Æ¦%G¾Ïiºhæh¼ŒÎ#º“m¶¥z[G=ïó‹0GnBãºåF´{n¬W:Ãž‡VkØõ{f+×<Í{ öÄ[#g`Â€s‡»Þê úÖâõM~´’¦¦²É"Ë|šû¾5{f¹©c²å&Bi£ RÍ÷A¾•ÈG²Z¾Ãj´i¯?¶…ÙˆÂþ‰©·Úº+Ð®«ón‹ØµäòTï÷¦rô#¤/¥|IúÚá…YÌî+Rs½Ž¿àQÙ{Q¡ÏX¶2™‹ºð -Û¡˜€\} Sdx{ÀÏMèXUu½ˆÞ`Uuó-ºÃÖÛÄ>1ó¶ëý¶P6_{ØtBÀZ_@báó@…äêç¼òöÀ=,½Òæ§i~šÓnA‡Êý®ÝšúÙõÝçÌ¿Æ÷ø»ÐõRr¹³>/XObject<<>>>>>>endobj -1747 0 obj<>stream +}Ïô‡Jó'1)e—Ïu% ,ÑÇÇÒöÙ»ÄEvú¿ZéÏ|ÄÎ¡Ë@kàÑ÷C«§á?J·OÔõ!Ý’pEgÄñðmÓ6ÀÕåÔK›³ `µà›çÐˆrÒsŒkWûT–´Úžv…À*¶`ÿ 8;¥ÿä9ÉÃÅsæYoƒf²ƒNÛfK¬ «ÖÙd…pQãbwñÈOŠG°Döõ3:í-õ‚‰•„`s®BÕbÕÉÑðöšr¬j¼?&yÜÚ°œæÙ8ëàÍ»Qé¢ðf,•ýãþ9óþyyLÛËºŽ³¨ŸOVV@Ü‚`/>lŒL«p:)¡áÏ\9`‘*ŒZ`µ[wº[t‚<¸Êæ¼s#’ûñìªK"E>¤E19»¿ä¹eðÈqC–ÜÆ´5¦ú²õø‹˜¹‡ [l ;ž“Þî±ÈpÝ\BsÿjE*%ËQs,Ô‚@¬éy.)Ú?¦“fvJ‡çåÑdÈ+Nb=¿0Á¾K‹…·Ë´[R…{ˆÊ†Lk"ÏFHR)o…v±SÑjæ¡Ý¾Ç)$Þ Æüò@ƒé4›1h|“—ÉÇµ;¡^šÁüÂ¨w˜Å'‡òa£Üµk$B?kr ê1v×= +¦NÈÒ…%^TÖ=Yfô)¬ý1WX8Ò[&Âü?Q–/l$±;Œ-1ñrÓoöŒ©SÈ“˜1î^èzÄrÞ¶ïìÚÐV¬Ì×]k§±µ©ûŠ.ÃÚòf¥ô¤#¼–„t¬ik¯0S#-S)ÃC9±ÊByÒÔ‚¾;&íšÝÕR`¶²â¥ŒE_Š4ÆØË5Øz6üUµ'ðN"1¶j&ÏðvÞ5x>Ã[ó|B³YxÙû~óùÝ o ?è]´<ÜÃìà¨éøàj„btü‚¸õæÃS¼ÈÎÞŽ£zäã?û¸¼ø÷â7mÀ&endstream +endobj +1736 0 obj<>/XObject<<>>>>>>endobj +1737 0 obj<>stream +xWÛnã6}ÏWÜ‡zÑD¾$ëd÷-i»ÀÝKa} PÐmq#‘*IÙñß÷IÉŽ6î6Ab[Îœ9œ9Cþs1£)~gt;§ëåõÅ4›Ò|öÿoînù=þ¬¤ÍÅÃêbòáÍnhµÁ’ÅÞóé”VùKfÙMFoVß`7Kvã‰ôùD;·W>/³ÜèM4¸¡Ù,:ºšßÂÑxU*GUI‚‘·¦räKI"÷¨H‹Z†3Uë•Ñä…ÝJï2ZÁ&¬ò‡Få¢ªT +MwÒ’Y“¹'×È\m`À« Ç(¦t5»Îæ}cªÊìÝûnJï:l7§9¦ôó½ž»šfw/L»Ãçô™“YJ»S9^3œôFm[†Œ²sëÓóù,[œÆkX.ÞwHá±n„?ç„î+/F¸$ Â•ýÆRpclA¢ÿÚ'ÎHXØy-Ó¸¨#‡$ilkUˆ†öJ¯•.Îr¥(Ìþ¢ßZÓ6GÛ—©y)óîÄ˜«%Â*t_ßíÑ9zØÛwÕøŸÜ¼Œ£#r äüB%ÊZT¬S=]çÐié÷Æ>õI1Å½ß3Õ!±™¶_A!zXsf?k¼ÉÑ…‰¹>Æ{Ûä'ÿØ¿‹åß¹‰gòáTB•Ù€Ö:yIRä%™ Ëƒ“TË¼@WsÓÿÓ*ˆ¾>ªGƒ<«„‡Jˆ\UÊs]LPê®mx·JQº“2t)‹®!ç‹¨ !+¥i«‚Ö’´ñ²ˆ[CJûpIç'5‹- ·¨!¬qh¯KZýúuòñkgŒuãP£ÚghÒj'Y£ÅêVŸè™ká1‘¬ÎUÉCP=ñ¤ô–Œ†.îÑÎ“3 +{f³„¤z¶…•ét¬³óŒõß‰z-‚®þ¡tûL®mc}Ðùì¥f[ÐnéA«·…Ÿ”ÞXá¼m!çVrr¼;Vçy¥»Žªb–Ä3®ÍÚ¥O‡2ü´¤¿ *nú,ýÃÇ/ËÐœH½/ +Ôƒ“<(Ì ê–½ù0uZó\(-C²ZÊ"xÖ3lH©'5…)ÞmÊ½OÁ¾F‰ÑãXEÍœ|x{wÝÈ ¦ÝdœTj÷C$]æÔcŒßÄA‡\Ú*lÌ-6±+@Vjæ +«=f †ÜdšÆðaØŽ9Ópâ› +´Lî œ1fxð4bL#H¼ÅØÂÌ@ ©EÁe7~¥nÄÉXB5ÄpG?8Œãì£{n`èZc”ö¤ú9–º²+ŽÆ8§R4\½BN‹¢†V0˜õ>~>I÷œkõ’P€•áÅØG.Äî[Õ+p b^¬ÀaqöûRA“ÖS¿t^¯Â’7´b8[á$Äg««ëtìÀ¡jžÅóÂÉá0[—ÊhŽ=vn>•ô´¼Üs˜ßÆÃÃqm'@L"óneÁò‚0bmÚ(§¡³ƒüv¹Ár‹„æúÄû`€×'möšvÂ*Óºï$õqÌ”@§ ÊA> ºo"û’FÜnm(4lÎè’F]0öÎŸy…€éÑZ™€?/?=Ê8,ŠJðiQKwêÁ¾&íã”Ï¹lÂI"ÃÞÓfçX )€®ŠŠì¨}ƒÀqRÑ±^0y8DajV Æ»;Âõ†£Ð£h‡˜V†î7 S¢æøìa3hx,JÕˆÁ!Ñä<‹ÈÅKÕäògn¸á:P¢ésàrÜÍI[_F¬³…/1{c.T+<Á”ÄçP¯àÈAh éHÜ“˜Ê;QµÌ>º:*Îuƒw²ÂsœKët0Žä BŸ&‘|1„-ê™öÓ¡£‚Ic` ÇJøgn;û8×ø”ÑM1\."ÈA`8Àc§X!1Ìu_“¾ÙâU#h¢¦kKq…Å|7a#®x1è.(wIÐg\Ñî®qK-¿¼ÿôpO_ ·žßLÆSàŽ¡_u®n§¸âýíõ[ÍÍâ.[¼C‘Øt>c¿¯.þ¼ø•…kWendstream +endobj +1738 0 obj<>/XObject<<>>>>>>endobj +1739 0 obj<>stream +x¥X]S;}çWtå‰l]Ûp ÙÊn’ëZ\l*ûÀ‹<#Û +3ÒDÒ`ø÷{ºgd›IÕ½Im>ÀØRœ>}º‡ïCàïNGt<¦¬<ôñãxØ?¡“³S¼á¿×´<¸˜}Ðš/qc|†9áô`@óìÚ?Ö|¯5Ýèx1¹Ñ*uøçûù·ƒõ†ƒþ.mÏ¦;ÓóË?&7W7çÓ«ƒÁ¿é_4ÓþY{ùf2M&¯5vEÎÒÞñ_1|Ì†¿h«½Éhª²µ±ˆñÑãa +×âÇÇ÷¿`u$á^+;U6Eüÿõ×Ûûÿ|¹¿}¸û8\pÌŸ\©ÒV!“ï6ðÐÆ8öÇû~ñ®®~õ›Áh¯W†Ýéœ¯¤Š‚J].´ä–´½ù7@mÏ}f{‰\:½+ +¶vÄL)Ü +emj~ÞfÎ6¯]¦Š6¿`C³‰E¦VÇ† ÷:¸ì+GŸOh8l(ß Ô“HaíêÈh².¢¸VQ@J<*z¶-Ž8¢'·±Ä¤U¨&Þ&µpÏºOó5hÎÿ,=£Ô ‡ãþˆœ1hx›¢£ùåÝÑäCDeT4ÎÚ¬Q-Â™ÜðøàU¬‡WÔ±$•—Æ¢¤^EçicPÑ\#m¼‹þ²rôHÇìhíBD•Á†ÿöÈ§›å*ª… +.‘v›|«\f²1qM âTyîuýDÙ1´ÝÂñ²ö@ÀSåŒL¬PÞ,M&IuqþM¢d3,DMYwA7¤zÒÒÊry4qà^gÎçrÇu£Ê»g“ëÐ|8•‘s£øZ1BKçË&*©ötF_ÍÑ‹ˆÙhÌr]ix•Q£¼Œ¸kb¹%]àû§¥z6ië¼Oç–ô‹*+Ä{±%†À½V¼H¹-’£â â`v!(äËÒqÙ4Ç¤}Ÿ@ê%Òi|¥@v»r8Jî¢ü-ˆ md¥§(VjÜÔèñðÙ(Rÿ ã…w*ÏÀìÇ÷„«¤m]j°o,=©›ùµzÖÛ¾’æCnõÖ ç•ŽO¯1›ÐCè2Æ"°Hu˜Š‘kCž$Å†w +ôÇ·ÃF‡>}]p^ÒŽç6€ìqÏë +œiƒg¦IFŽI³+FÉ½3Ç ÉùÝÆù§‹þ;ô,½kJýD20*ñXÖMãæ) }Hö…EFÁ¬¬´ŸpËN ‡t%l`V{1"<jÔkI«÷¹ uåHYåà²Cû‘·Æ‘zƒ#¬¼)•EÎûö[£ Ì³ñÎ–\M‰Õ¢VZû^t=þŽöäAuôÍn„±lwRÝÒM!(Wy5ô"ÓÑ´:žRÿM4fÅ‹…`jP }Èñ¦2è-G5`Gdßj Ûôåè—'Ëƒ#böÇùýMo?]m->¾—JÈ4Jë$ÿ¬¸oòmÑI„‚ëf¤ñ"ÖŠúfí˜<÷Ûæ/S"èÐ+¹J:E8cÝ6ÔÈZ©V.4P!W9ú0»º—ø;ïðy[½R²Ú×Üƒßkã9‹<Å/|CV(}ˆ¼Í(AØ5{"¹‡ŠP*l9in«”¶o\y¤)ª^H½½.1ú“4u²Ã€jÚ¢¤ˆ«a=ú;ºH#|( +æ,âÕ¬Ùu§íLŽ'p`6½€"6ŒÃü“—šn;žoÚ½{ëLv[n=ºP‹ïÄVu¤Û:ò·™ìÌ¨t¯m3U…»ÅÖ×õõ%¢ºv+È@·c®}¢vCÐ[ç=Îh"¾™†h¨ºˆRÈãêaGxµõÕK„Lê¼“íA¶·¥Ê°¸¿ÍCÁ±úáÑ°aáäÝa9m{lžÃ¸SÙv¿«—lì +Vvñ£¥X‹×ŽãØäWˆD£€-z[‡í¢–ðôë€\Ì;®ÁDFiÞ,Cü’Ÿ³$¿ÆÝ_ÛÙÈ +}“9fÔ´Ûcÿ€.ÉHA\QËü-5cbB‰Ñ6“É±Á=¨b£Ç¦èâ1Éx•n7À6Y`r4Öv²£ä{²(`WIìGŸ?Ð+"?föŽùIÛâðCÔ6”’¾á©‰å@ºàíª~Ê—ÎQ£½Þß¦¯‘·ÃÌ²ÌO<Ø8Œ–E½\‚#[Â"Â€U©ðJ.9à®œÜu +Ó®¹bI-4Xë±‰'•à½”/I_ÖàêPÖ–ÇkNÊ)ƒWþá 7ü°TÕ‘—ŒIw{D¨HA“^bsæ]”G[D,}œãnEi"KáÐÒ»R²ãeµ{$GXšAêhåðÖ‹ÕZôïGÁáÕÂ¬0ôó¿bOÕ¨]ý'¼E&0„ÀF¡AÈœw‘¼Ù„Å8-4ïlkön^lt#*rpø‘GôKeP·>(Ú²¨Ã¡n3ãÒJ•ŠxVj&nõ€#m¥YžjÞTO&$$&Ô‹oØ}€;;=ú|Ö>ÇøÊÙ1OOÏÎ§çtçÿä2,»6Êç›½t¡w:àß¯üíOÆgýñï#ô +ØÌÕüàÏƒÿµM½Vendstream +endobj +1740 0 obj<>/XObject<<>>>>>>endobj +1741 0 obj<>stream +x•XkoÛ6ýž_qá|IØµ,MŠa@Îf q³X[Q@À@KTÌE"U’JâýúKÊŽãAíÚ @+‰÷qÎ¹æëÞˆ†øÑ‡1PVí C: Žéøôþ=Æ_+©Ø»HöÞ_ÓhDI#'§(É Ÿ‡”d^U²oO¹,ÅÊ H äà#M½#-*IÊ‘Òä—’2‘-å!9C"¾²Ò™²ñÊh*yljzVeI®É2)óCZÀ*¬pPi6 ß%ï ©?:ŒÅ6AºÚè|@É¾ð -¶mœ·Â+ý@…±Ô8iõƒIå9(AÙRX‘yi•ó*#Sgµ5Þd¦´®Æ'€®r;§ÏJçæÙÂ.•_áˆð$Ê’ŸÉQ) §H¨µ6“þbúió °ïdN=½ðÎßãØ%ÍEµ; Ê¯z¥Ô>Zd4·ÎW‹\/DûþúŒF–iêbÜ£³Á?ÁÃÍíoŸæÉœ +UJv´ÍkÌ¼"MØç÷ì§q "]Lx"· ˜%t‘Ý1k/£MÈ*håàòcš~žÎfIšÎ¿Ì“ÉíÑ8M¯î§Nîçi:I.ßÆp@Bç;ùgF{¡´ÔLïè<ÏÁ7ØÓùiD©iHÅCd9ÕBYh‘aÝ ªÅ`×uH¹–b©mÓ¶‘7„8DG%êš5f¬G2ßUÍ +^ÕŠ gÍ££R=Êë ÎZ¶ÆÇ‘-jÿìÓ¥©WV=,=¥YúŽFgg§t«2kœ)<^Ûzíl4œ2w›ÃëwŸÇ±‚œ¨j¼.’œ¬iH}ã ŠwtYr~¥E¦Óƒy’–’Ë»÷Ó; ug¡Ûº9;í:Ùõ<Æèy#†yÇuñJˆ„RA™™©êµÍÂp¶7ù Öðå€h‚nCHÖ®È-MSI²Fjè:ÏÕ“ÊQ RËN‚ø^#Û2V—"‹ÕÄHPªG¼eSi@ÅdCCgà™±mßcõm'E¿ÖçºNø‹N›¯Ù:Y£5rÅC èo¥Ñ »¡sÉ{±ˆžzû½×NÚiš{ZÚPAg )—èß2È B±¡Å¡-›ªŠZs2¾”/àGWí&r![ú®“ŒÎÀÞô;F í{ÂxV~¹U7ç3ºZ<@ÝãÁK«p*«¥q¾;,–mlV¦(xÂÇÌ›|ñR;N,4l»%Ûx(öý»ûÉw¾¸útûñçÜTè¢¿|çÓéìòæ« ýÌas9|ïÀÅä×éì¯ó›dr?;O¾Édvõ¿MÓá‹Öh7Úè~m•ƒ|3°±"Ôµ±>}×•Q×sºÞ€/ôª-óv? =&ðÎ,mœ9ê1Ì½¸œdêí´Îcë€¼Ñ6j]Š<;žðë0©Â&0 ‹j MéÃ1Åb±ÝæyÝÙ˜Œû>Ç°³Ü¹ÆŒÊœòÜ`§ Î¶Ö¬B¨Òýx‘lƒÖæ·Á©·¿°ÃCDJ8g2….Âiw"ÑÚX‹BE›‘™*Tl@kõr¿áÙ…JÊ°].Íó7-/,v2`Á-°4hÞøß“Ê€ñB.Å6½®c©Ÿ”5šûo frgØÌ$—~Dx“jûCq:¤¸mj ¿N`¦@¢ä8Ïi³ííV=±âøSö¦L˜&k$ÂþZ>cÝ^ +¤Dé1®–ì1ìÑPKgüÐ&Úý³¦ç¥ŒÛù«.Ùú“’˜B?®”y nÅÍ·ÿß~Ò–,LÎíþúr³la_$Ý%‹CáŸYïÀ£á1xUÊk× +”‡¢`,Væ"€"¿QZ¼â–ƒÖÇ(¼Ž,AÌ.ûÁuÆHÆŸóì&1cq‹RýƒCí¤ˆ«5Ü’y¹Å[Þ,‚<¥íÄW*Žéüæóù\(¶…;6 ë}”ï<ŒïÖþo$Šàâ@µ ÙòÑ¨¼5ƒmåW¸[ñ²<¥æÊ¢&ÕÓ7¶¡)RÌóp7âÀ._’zu³(UÖãRä§|ƒâµ4Œs +~T|ÙùÐÍó‰Ë¯„½YS–sÔ¦ëœ}¹àÄØI2:YÜhÛ»%¯‚à¨X)âÅã ŸáÆê\—««G¹b¶ †Ó´uŸ¦nå¼¬Ò4k°ØiÏ«®5¥“¯Ú¶•¦¥Ð•Ð‘©4å’h÷.M5\»˜m@¶{%i‘¶òHY„;W€ƒýhCGË³0H‚Ù±‘Ý÷×§íot‚_œáW? Nø2?¿½8§;kþ†èÊd wÔp!fúëýC\|òƒoÝMON'?q•åÇGl`’ìý¾÷/å!îÝendstream +endobj +1742 0 obj<>/XObject<<>>>>>>endobj +1743 0 obj<>stream +x•WmOÛHþÎ¯Á‡£äý$ÜE‚”#îU'Yª6ö†l±wÍ® äßß3k;oª{´”¬wggžyæ™ñËA—:øéÒyúCŠÒƒN«Cý³AkHƒ‹s|îá×JZø½³áÏt»—Ø·wâ:8hßvè’‚î^àCL°ßéPSõïèSðã C§ÝNë6ë,%]ÿœL¿“Ð1§£ïWwÁøqzŒéY®ÞŒ‰$1o”I®²G&Ó›»¯£q£]—‹\¦RçŽrCsIOÖ™ŒñíIæKi[t¥Wä”~‚9WD‘tnQ$¤t”±l4ü¦’„"Q8I0Sšå+¼ ·š6ÓÒnuBÚèÓÌ*Ã'Š–ÂŠ(—Öá2ÍÈt.ã(M©È2ìr4_5Ú](ër¸e¸ŽÙ&û;•ùõäËŒ´H%[z)RF»~®©`Høc£á0ì¼k wËƒ>øLFj±"AKùN¯")À&cñýçAý>J|_&»'ßEÊ4@. +—[¤Ú3„Ì‚=Gjä{.µã°>7ÅÑ´NÝN¯…â¸ÄÿsÏ_»TÚÔT¦£‡Ç1¾ÜÖ29ŸÙ!:Â—’8Ý|À8®a›‡H¥O1®ÝÁáú¢GŽ a39i_¥ýÈ ½>ÛÈLV$Ân™+cØYp¦° +áÃ¶»›ÄD"qöuË–Çgë;C#™·Ldçÿ*¬1°J&ÖâÐ¼± †µ‡a˜óDEXI—ÆåîcÇ}îãìŽ|5]Ñ´NísóÊö$÷u¹¦Éa•"ŠŒÎ…Òà=Uäh´ºÖ.xEd¾Uf+rzñ=¬ÁZßÂ;q…mVƒÌÊÄä÷Ä›àzÐvlr¥›&87j]ƒ’Æ®CXT·]>Â ê–%2µÄ/LVI¥…bYð2@›pí»•C›`ï +-^…JÄ<‘¿¯NS“s;¹OßÛÒÀ‰ÒG™°ˆ°b=kEdÒ²1MRDKJŒy.²“f' ú dÁ÷æuN`YëÖ–“ Ti•)ù¥ÒÌ2‰2iQw©ÐQsXÜ„Ä6 —3vñ«rŒ†×w˜Þ"Þš3¡@pÑ°o!H´v/Î°ÎÀxˆÛ·—Ô”“Ãi¿ËƒFŒ^«ß¢¿¾Ì‚™ßÉ&Û·êâ9§½sÞ,+K>w®ð|`úækºŸÑ7¥cóæhÐƒÔ§Çc j ´‰‘ÈÛ<¾ù†ß&Ói†³gÁø¾ßÃÑãäŸñã,ÇWóÇLô:Ò~«Çî¬«‘ù?y «8¶(Ö%%ºë¦"–p4hÒ-šìšz™gnÑ°b’‚ôÞJ/¬@ï+¢¼àÄéO(– gÆ€dKLNìWpóÐ†#R¿*k4sÁƒëõqDØB&%ÍzÂ¨B}¥{ò¥Pèôl¥l»ôU«÷öÒÅû>Âm™GíµênCÙD†xQÑaÐ¢ÑtFw¾J~E‡Hdb®•¯vãbp¶âw2/2Ö4Q?¨ù +?ÑBDÞò³h\1º— É0<”#Õ&_ê—B¢îØ™rtÁyö’))ZøÔ½·¥‚(W¦M0¤‹•žT3ÛÞÅS#¥«ö0*¦’Ur'(\¹´Ù‡‹:”J¦Áãke–æúKC2,}=ìÝµÞ~òÑøÑ’…»–ZOl/€pctÅü‡Œ<502“K•ãã,/JkükOxßÞÍRúxëH´¿@3'N*à‡»ûR3WÏ2zf>#qÈ6+Ø…‹jÐ5{7‚Å{`0±y©Þ1ãK¹#¨ÆŒf~fâ%3çn)®b—¢ºñô¤vs-öUQAœÖ×§Cü3©ÜªŽ³VéÅ/ËãªÜ×š8Ñ hOSNMÂãñO•Œå$–%¾Uávu;nz[ý|z=í¡×IÝ¹ éA+Mr9ºNÉN~)˜Ð(tÖOÿUÀIµòI¡YC§X E-ï{÷F‰òºVN•â•¿x_’xÅyR¯ø³‰dÖ-w¹‘ï +ú‹ªQt‡xY¾èÓpèÅivu}EÖx¢LT°¤zí`§Nëí§ç~+nèmƒáEkxÖCeò–Þ€Žƒƒ¿þ`´–rendstream +endobj +1744 0 obj<>/XObject<<>>>>>>endobj +1745 0 obj<>stream +xRËnƒ0¼ós¤\^qH¥µUshš +¤ªGLBpŠ¡Éçw AJÕ‡ªbY²–™Ý™Ý}³<¸t<Œ}ii¹ÌÅˆ‡Œ#ŒÆôöéÖ¹5O¬ëûž‡$' +ÆH2Üu‘¤v¢ª*/6-¡cQ®…µ„ÀËbCËú]Öh¶”Kí÷êXTD-JÙP¼’2Ó#ËdfÞ|•ì¨.IìêÚº\3S§rläÅ^ÞØI/ÑñC’HçjjèöpPuƒ)^¥þœÆ…ãsCøÞL«ÿèFCPŒ%òQTAø¿”.•Jò<—E_õât:±‹ûƒ¹ãVÖ²ÿ'†¶þNµQÐlh‹D–ÕRk¨¼‹\Ì–õ9£sNÓúD¼ e¢¦Æ³Çù«ZídÚàV¥m)«F4…ªÓÎØ¥f¶7a>žâ$îÚf`!ù´âLì.±ž+@Ê×endstream +endobj +1746 0 obj<>/XObject<<>>>>>>endobj +1747 0 obj<>stream +xWQOÛH~çWŒx)HÁ„Ú7(W éšrÂRé´±×ñ^í]ß®4ÿ¾ßÌÚ!1<œ*Jˆí™o¾ùæ›õ'SºÂ¿)ÝÌh¾ ¬>¹J®èz>OnéúöŸgøñš +¹°¸MfãïïÓ“Ë¯ŸhvEiP‹›[JsB˜+|“})UÓjë =ÖwÓÊ»m0vMÆRPõJ§ÿJ”éMŒr1¿F¦4?ÃcÓ„¾o´ß½%WìŸ\ÓtÚ?2»IüÈó·{²ºÝ:ÿ“SpJ“ë@Šj•ÊšPÓjGÛÒd%e•Ñ¶ ”)K*Ëtàû*ZNU«¬4¦bNHÐ^ÑÅt1w‘©ªB]§R˜–§ ¥¥ 1Xæl«Œ ¯!ÛRµ¤À¬×*ßQë°O…©4)›_:èÆ¶¸v “{ÚR{®ü ýåÖ´€K¸eÀÊ:Ào)w`]‹R²ªËõ+ÈØ-eÇ‡¶Ú‘ZPåNY«ÂÏŒ’§HvP4¡àR«A„.p§©ªˆ{ÒSÐg³î¼j³Ì3_ÝK¢TVZ[n0Ô¸+£Â«®ÖôÌÚáD>L×f€Ìœç.ëjÔ1 -’k–Æ·gúalñAÐ'x¦JAžhj æ/†¼˜^bm¬4¡‡Uæ‰i©ÛûÇïÏ]{J¿<]>> Y}ü²£§âVí¸/ødêF3QX…Ê¼®ê„ —³Nfåaù|ùçÃÝÓåÝÃóËyD„neèÖ¨)H¹B7ÄOè~¼AW–ßSâ1!S¼ÉZxWKczyÉ ¢ÁÇ§Q:•ç€ °½ÊŠÎf>s=Ä”¡ â‡=¦D[–_.CŠ~<.ŸâziÖ%†â]>ç±%Ê 3Ðãw®a¾°M€E&»¯Šöu$1„ËJñºvFö5Kj±LãŠ‡z_Çú§Ý5z”ÓXÈ—uµK‡YPÌ=DÕ»S»#Ç£Rð +T>Ò‚Èn{è“¢løäì ½¡kçyÚýõ=³” *Tf*Ób0{½DØ;úÙ§ÔSmëU.C‚v¨*8xëØ †Þ5\®8'*êUÂf÷r4èí¿{9ûørþržô³}N)¾ìà³ƒÝÔ*ð^µÐ«xí]×$ZqE»÷œCJÆ$å®æ6VnÍˆybBæMƒ€Ú¬Û’Ú(S±"Ç"Žþ#™•õ@ûˆ=Daô-Ô~?Ä^‹.à2—hD/duâIX½%‚©FM ËŽË~a sÃ[ ;ŽëóMDv(i™q",‘8¥ûK ï*à£,/ñ[=éíìh(ÙÏVÐtT¡p»sßgd=šî1ÃK=!ÏQ(]Wå2;A·½DP5‰{~LûX…·ßŠSG,P”eGü.SzQ|&Ì¬Æ1à-bDuÇG3Ò¼JîœC#~•êd”ÔëµòyÅGLþ¶ÔÀé{R—é¤¯–å¾÷ 6¾ù¸ð¨¥Ð{¯4©?GŒþû•b™é·ÛNfïÀ'´ê`-²¼x ZÍç&åå™ÂðHŽCçÓ5^âA:XÎËôõâÜPð]¾QØíùð•ìn|ßs9¹ogà‘qôÇÌö28š_ˆ¹L/9ÿ7FE<@lBÛñÎŠóC +Ð*×V ÛÎ;º%ÝË—ÕÎâûf2ï‚+Ú£½–©&š–Ñ¡G(gã‹(¯W ïdDXÕŽÒ²<9#ËQŽ¬Rþ#ºV¤‚å¿'«/¬ÔÑÓ6,Þ|rjàVÇÝë;Kq%$íTE"v6Ü3”ºwëÓ~OÀHFà‡uÀÉúÍ‚‘€›ìŸíËXñkKQ£°ð\1F«•ÅÃ/ÇÅ¢«†ÌÑ%Ž(AÊx7mÐ¶¤¶/žEÑóh†ne5[*OÂÿ”Œ[‘×Šô„äýCg…´Ôt¾q8J}FëpŠÒ,=ÜÏ£ÀÚËk´“w6›þ¥ê[ +s¢é´?·qN£[¿nZ¼àÖq«]~½}}•ºùÄ§åÿÿêvÃÅÇ^ÿðØt¶`2þHOþ:ù ©Âfendstream +endobj +1748 0 obj<>/XObject<<>>>>>>endobj +1749 0 obj<>stream +xW]sÛ6|÷¯¸ñt¦öŒDëÃ–ì¼ÅNÒú!Ž©Mü‘ „˜$X´ªß½¨0Œ§ÓÄÉÈìíîíAŸLi‚¿SZÎh¾ ´<™$š_Í’]^/ñz†¦\>¸yåýÛõÉÅ‡š.ic«Åõ”Öa›É„ÖéÙl’Ìzlì¦Ð%vr¶h½±Õùúž»¤)–ósãÙ2YàÉ³ûœœ-µß™jK™Õ®úÕÓÞ6Ïäwº¢uÞÅ¥Ân“ªÜPn +M{S´ÓEMÛ’oTúŒ ö•¬¬‚„ÖÍezÓnNžÎQ-N.ô‹.Èæ4#ÛÐœrüŸ›*c ñq—ÐÛÂYª¬×ØVyÙ;m›FWž6Ý;€2ÎSëZÅ(·Ú;rÞ6:#(úÏ—ü‹*R<†µa¯$S>‰«f‹ä’a>Ï69ÿ#GŒÕW%<¸m‹˜&!È[ò‡šKÐätó¢ªT‰=áÏêýç¿ÞÄW–ªR[¬jà|TŽ_U•‰ +ÝÇñØÌ¸ºPQ,æôªe +áv +Ž¸‚üTk[(ó¸`r<èPDªZðTÏþØ©—PÌ¶°UÐé¶Õ8L¥©m+Š¡”…î/ª0Y÷~wpg€ÏºÔåFj‹ÊÞ?ÞýB©*²iq$>`}] Nð“qCØ“sGÂ†ßµN([@„Ýù²jÀmÄ*˜.>,zuÿ¸¢/`£73ÞÖ{ÕdíÊíßÑJ•õtN©ªXm`ÏÍ¶e÷¡~¨wÙ=žµÕ¡´øtfôúézö4íP1L¿'¢\B÷‘’T9-ž£Ê‹¯@;§R¥èhp"¡$àª¡»Vo/îî?¬(-·“ôs:Øæa±ßÐ]èÿmh,¬ƒ'-ýÝj4øgÕÍ×Aá4àAÌ¡¯ ’q¹–y-ÏÃ§u¿‹bËÇâxkUìÇ[T‘ãþré…hs>I!ÔlŒ÷èÝM¨"÷·4VªUƒfE×9O²Ì%>É`MPŒ¥ÈÄlP&òú,aK ¹4ßd$¿HCh!j…P£ßkÀ`&m-æD 5»ãa½}Cãl†×*ã³ÇÍžÎGƒãåáï§ð¶ã[ávü@¸>è=!Œz µ…:¢0{tC%‚U>ku#yS_$(|Íà\¤2Øº‚ £De´r#ŒâÒâsö°´5H€+•Ö™Îº˜èxÍ” €†6æ8ºÀ’>gFãp0XõBw,p”Ê=óœ¹¤ˆ†…Ø7ÝñtæjšÜè¡ŠÒãLÞ©áØÍY«ÓN TâÊütÎ<ôóx~æ&òeB·<«¤ÓÆ¢¹]»(žêû6Žå•©Ò±.4¨by$lhšÜ$Ó%"¨¨wjŠ¼oïÐã¶P[cŠ…Ò•ä>¦Äsm]Û&ŒÐF×…I•øÌæ?kØÍU´c/mï™jZNÌ“ÚêAéàYrW`€å‚“£^º;6‚ù>87Ó.mÌ®Ø!31nœ\+PEilŸÌä¹–pÿ4ÒÖü¬î_¢CÐmï/`ƒ(DrÒYÊhn8&‘ÐØVú^ìf_ ßÑcƒpÊs“B¾É$â"€›tD +!2¾Ü?¬p_˜‘ÞàÈíø¡wXÅ7Œíoï?$”ÝOÎ†Õ_ÅìõœX•+‚ÜøƒJ( +Ì¬˜œrcÇ8‡ÕØó”FÜÚ»ÀAÙæÅ(¾âÉ íÏwÈ¬ôu#.ÅrÓù’ 6í†T ;XÏõªþÑhÓ!ÉÜëŒ]çª-<âWÿY}‡5„¿[ +:gÌHœŸ]uW‰ñRƒM,Š¸L<F)·ÞPîâñÚÄ—? Üþó¸$€ &î1¨™ƒ^ÄÈzõµ‰K»¼ì®U#áU¾<,‡Dó1Ò CœÃñts5:¾~X]ÕBW»àýã=±çE˜ëG}·æ…ŸØ£d]aüßïÐŸÒ#m¼‰y‹þ€•îºœýtÆæÁ¥íæJ2 ¯U@tþ Ó5v?¾"ÕºñH²!ÓÀ;$Œt¡‚&æý¤¬Á¹ƒ-») 7òx¹Ž7Êé_ë®ç´˜È×ÕÛ·oùûÙ7n·w6mKÜ½?Ÿ1î–—“þöñ_ßç.×Éâj†osX8-yƒ÷ë“?Nþpþ¶Gendstream +endobj +1750 0 obj<>/XObject<<>>>>>>endobj +1751 0 obj<>stream +xXÛnã6}ÏWÌ[¬XvÖÉö¥°“ º@“m“}1PÐms#‹®(Åï^dYŽR´¨È´HçræÌ0Ä4Ä_L—#O(ÙœÌžNÎo¿P|AOKÌL®0Hi ‡CzJz£atÅý¢w”ji()´1dªE.KZzgT¾¢.žéç³§vAqì„ F—Ö»~w‹2$(Ñ›m¦QÊ”R‘'²Wy)TÎR7UVªm&i£_ø÷V¥‰è[Ika¨Ï2§;ÅéeÉ‡i£jä‹,DF¯RX«i}Ëµ„üTb JÉZaf×P&ÑE!“²O"OéQl‚2±2´k…7*'£7’D!tp”išˆX@a½ìrÔ:ÃÄ¥ZUŒö§f¯‘—4šDÞµÎJe'ÁÓÖ¿T[‚éKeð<ýä<>¤/Áán7ýógÞ»¹›ÍÏ‚ÃèŠ=Øwÿ9u/0š…)Œ¯ýÃ›Æë¯ £·°’šÃæ¸±‚Þ:e þÛ§SÞ:Øñ^×ƒQ·VŸ Õ§ƒµ?ìÒNuÞbøäAW%‚ÿŽ~fño£üô¿ità N«üD·‡¬ï_Ö¾ññoÇûWÇbº£îwu/ØÏyÝA®ùlÒJ®QY–iz?â¬Áƒ'ç +¾ê<áŸcŸWø´Â($OßÐ‘¦ÞÊÆ×¼÷Ç·ûG—Â‡´;©Ä”Lœ £±çlCó^Ü§QŸÆó3f¢¤"Z¼X† +‹;^ô€U#¬0m ú§\— að?ˆ_¤‰0LÇ®ÄAcOÀLÑŸiÃ$›ƒcuN +äZÇŸ§/êézbl©}?ÑÔ˜ +¼»Ô…¥ï H8g&gÏ2§[ëèúPu“lQ’™œë€Ê¼º‚Í[Ì'eë‘*T6(0ó³ˆîœ d‰vxb:¦ÿ=±Ã¼½A!ÃvÃ©<ãZ‰ïyOÉ¾ ‚ú ˜ÕÏjd«©¤LÁµ½µ†šO-›m«Ë +NglD´%Í;‹4Œ/jÇs=k¹¨+h€5X¨ +º—åìÛ÷GÊá/¥Ëuûä²]»¦(í!4‡'-´f°UÛ>ÉÀS¨rÖÔs’s +¶uWxÚf"AAÍI"Œd^¹.¤léáÂ@zÄXˆx(¸ØíNk°ï²´õ©Á-€ÍÂÖÔ˜C¡RãpÏ¹Þå\¥3 i[æÏr;£’*ÀÍ¡È©É©! !}h…VŒØÖ©PË6HXÈÞxï ¦¬ˆì[ˆwÁÙä÷w¼ÚÓß›í²ñIz¹ŒÌZLBŒE•X5ƒÀ¤2ÌxmÉÈ´x³ósÑÓf[ ø$µ8B_'Õ‹M2«>™½œÒ³”è©Zgc‡.Ò€¶¥H<ã°·¤àÎZ=¬cÍ0Á9Ì»xßj!ŒÝe£ÖH÷ˆnuÑRÁ5¥Â %ã269/hºÜÜm´ÍÆ£Ö%àA$›ãÔhÎú·Á]ú~´o·waÏ*:WJcûYdÿ©¨Êµ.T)JDåÔæ`'Ç2ªÝÍûzQhËm^Õaô.Ç™ˆ +Á;ˆ +Úm.m]payG[ÎØTæÞa¶pË>Ê@FW¹®lô–äÈôÔ¢î´¬–Š/§@‰ÑU‘Èàñp‡¹kOGÛþXF“KšwsøÃ²@5§»rpñ™îi€Ï ä¾´É”+ý‚—*ø¾Ì^+C/pmÁ‡ØqTs#ì wš)gâ´ÕÊ–ð>_ò2Ÿ›·›yaãpáÄ3ôª+Tî*KY)®çxQ^j/—jµ^èb5.qK»—‚ÆØVDˆ&‡ÈØW¢ãÙ¡ð²ÌóÛãkÖ£k}ö=ÙÌùPò‰~E…ü Ë5£û-´ïN1Â{þÝÚãÎi\w0+ ¿§¨f¸¥Ùçµ}ÞØ§½”ß^ù[y<¹Œ†Wcš\Æ‘m§w³)ýVèˆ3z–Tƒ²Ã¥™µ„ ƒË!n™é¿ÿÀÅä*š|áŸØ®Xê×§“ßOþN°Ñendstream +endobj +1752 0 obj<>/XObject<<>>>>>>endobj +1753 0 obj<>stream +xíWÛnÛF}×WÌ£]H/®¬EÉrZ#ìÆ +übÀàem1–¸wiÕýúž™%EšU‚À@©lËËÎ}Î~äã/ ã¢1¥›Ál9xõÆ§×´¼Åƒñ‹Œ|Ï÷}Z¦—UR(Òî·of»,p=òq&Ç9Î—>ÂÀC\-%j÷-¢›y{)‘H‰DJtÃRðKyõæˆ‚À7 +EÚB[Ev[Â¿]å†t^àj½Æ¥"#6ŠK¬ÕC\ÆV ©Ð´‰ÓU^(Â£TAqZjƒ÷Š'Ò·Ý^cÿØ;bûzKê¯xÃ›t +=šBŒÖcÄZa‘¨ToØ:EkÆkè4V•””zkpÎ-îë{C·º¤˜æzçEýR4ˆ¼•6[¬&óT¤«Rùß0ÞB‹H£un,ms»òèÌR¦•qáHžèS¥Ê§¼¸K®Î—ð¸|„×ÈÕüúP`3Ï.zzã,+‡Åæˆ]&:DÒBÙÙÙù%1œ¼:ÿö·÷ç.~ f?{´äLÈƒ-Qª;X§ÊŒ` ëq®ötõ¢ã‚›ÇNýËtHmâ0²’D£²~¶Î‹T¹ŒÜˆºÈiœªóü,îÝäXµ^Î’Ôúl&‘Àž3Me°ÇF‡?¦wRÓ¢ÐìÚ(êCœÞ+Ô+bLæ(ßÒRMê’Mè-ºy7.&°,yêéÍPý¬ É¹”$ŸÕ&$TßºÎŠóªÍBmÍêªäƒÁì÷®‰\¹p>%Êžâ8Ñ•õHâÍÂ³n5ï¢ZªTåR›êÑ€n“®TVñjÜÓÔ6@ls´\©Pà(~ÎŠÙxÔ¶$˜àâ‹½•ÖÓ¨¥žh8dýÌû;ýdzš¹[Ñh÷Š~â'¨…GFvàÌ…µ 2Ñè„F¬ïM¸¹Gòëìq7ê#îóª·Çé ÚMÜ,íP4 Eñ(ÜÌåx:¤ž´îÆ½kFöëƒ®Ògíò¤]ÎeYK~Žö/åŒ ŽÐ^›º7ÙÛÆ¸Ü.wöÁùöîéçM}1uéMz¥îÐ‹ Q,Å‡êÚHºÅ•]é2·¨áG%Pi»öpÜô³Uo#ÄÁÂ€Ø¼$0óV—÷8çw«D—+3Bw8 2`yLà1‚ðz½møÕÍ1l*£&§m'‡¢Z‚e9ºX3º¹¾qœ"‚œEzÛhïƒò’Û”YÃpë2B£[Õ#à1M«Ó´*Á5LŒ¬7ÄðEXo©„(RRY ³¥¨F–IýuŒ=Ñg÷Í7}7›ÒE©?ªÔbúO+ž}e|cGÍ†Ñ±ÏŸœ¡ïyG¿öåSÆ}œ9Ü„Æä'„÷+K8O¼ñ!>Z±;_ó½ÓåàÏÁ?Š<8Žendstream +endobj +1754 0 obj<>/XObject<<>>>>>>endobj +1755 0 obj<>stream +x¥WÛnÛF}×Wò¹h‘²e§@ìØÔJ-Šº0VäRÚ˜ÜU¹ËÊ×÷Ì./ +4ujÃ4o;sæÌÌ™åß£˜føé,¡ù‚Òr4‹f4ŸÍq<9?Ã1Á_%)]®FÇ7'Ç´Ê±dq~F«ŒðúlF«t|£´(Šý„ÜVRaRQP)¬“+ódñ?7Ùz¥£„îÇËäáòþˆžTQÝë”ÄF(k·õ62SòõÀÖÅoïŽVG3šÆó(Œ±ÐY°TÉTÉOÒ[(•µJoÎ?Á¿Ô®RÒFÔ@¥)ñ2aI€ŠlÂI`S9i×éVi‰ç ’¥ù$3â ¶µø7yŽX8ô-Ê: Æ<âúQÒ¼êøfFo‡Óä$:aøwê~.=gt$úæZ—³èœ×LýO·‚(ÜhŽ¸Ïgƒ5ÁOÜ/b2û+"\_LøxéoýñÊ¯'4°v¸ð«çHñÅýø‡û#àlw§oûÓ«púbÓóÞô¼7=Gm4^æÁtc9‰£EOuÒãedý(è€×™‚äáêÅø@d‹lö§¾¸ÁûñÃµáÅNþ ó>ì%Øê¯@,˜õG&o¼ß÷0y±—ÿ\eå®¼.p—BrÚ•J"gÍB'—¾íµÑSQ»©´AAY´(!"lêP§I¨.Ù¶2Z}ÆËF[ZK÷$¥þEc úš^6ê‘í”®¡h†LšÖÕ„ÖÏäÇm•…,™ºÈàq¨gV¹ÚÃñ¨¡šÉ"ÈÎ»œ$bG¼•©9ì1ëÛ‡„r¡ +ëAç¦(ÌË¨WjÁëÆEghÉœÉ)5åŽ-áB“„~’U™ä'¬i*!Êë<‚S=R^‰M mnâ|Ö}‡?¨-ÏaÛŠhÄ¾0@Ù‚Ô8i'0í=´FµT›íÚÔÕÖÐËbìƒŸb|µ3#Ž¼ áNÇ…s²Ü +ÈñZ¦ŽOÝÐ÷zZ˜/Ÿ˜€ÂÓáhã8#íôÈ+Sr4ÓƒÙÅÌ¼wò7itGsÏ(ª"èÏA³)=¸ßß-ïš‘Ú\“V]ì}åpfqÈSóšO¦rÏÓÀC>LtÄ¾§:L[?Ë¦ÊšÃõX‘¥d´”îòÝû;ßA`/ÔÜ$À€Ìs°fU¥*ºÐ2ï¶‚£A¿xW JÆKW]T]¢Û2ŸÂŽoÞPŒMKŽ|ŸÒtÑÌÑdFt'ÚlCõ¶(zÞçgaŽ\‡Æt'Êµh÷ +Ü>X¯t†=-W°ë÷ÍV¯yš-ö@ì‰·ÎÀ„çw½ÕAôÄë›ü`%íMMe ’E–ù4÷}kvÌrSÇdËu„ÒFA(¤šïƒ|+dµ.|‡ÔhÓ^n +³…ý+RoµuW ]W§Ý±k+Èä©ÞíLåè'ÚK_Jù’ô´Ã'²˜ÝU +¤"æ8z![Á¢²w¢BŸ±le2uá[¶#B;0[¹zO¦Èðö€_šÐ.°ªêz½Áªê çt‡7‰}bæm×»M% l¾ö°é„€µ&¾€ÄÂçž +ÉÕÏyå[ì{XzÍkN 6Òü*4§Ý‚•û¶ÝšúÙõêKæÇßâ{ü*tý£”\î,ÜUìö°G-štƒg²BÐí¾¼œ@|«põbà&dÉþÂÊûHM3«š>0¬>ï—×pÂ…â[&¢+CË÷«Ž·ï²©|0Zlá¡šur:”YãµyÖJÇ*ôcP…g]=ì__Z‚-$³‰SÞ5ªJ%¾:¬”¡Ò–«”Ì¤5ÏB?=“™Ä$,PÓKƒ/¯êâ ‰Ò#ºJî +•òGøùk{ä6Lqf‚½ßœ7/ðw>Ç]»E¾¸½¼ _*ó‘çßÕ!&^9mLÏføÉÆßVÐ“Åy´8MðÙˆ×ãùŒÍ\¯F¿ŽþÚ×<~endstream +endobj +1756 0 obj<>/XObject<<>>>>>>endobj +1757 0 obj<>stream x•W]oÓH}Ï¯¸êSAIHÒ6mW©åcU¡–.1âaÙ‡‰=NöŒñØdóï÷ÜùH×Õ !±gîÇ¹çÞsýs0¥ þLérFgsŠ‹Ád<¡³‹ëñ9_]âÿ3ü$¥ƒÛhðêÃ9M§¥¸2¿º¤(!ŸL(ŠOëP¤•¤ZÓJ’‘55%eŠÅº(sù/™f¥ðXª_Y¥U!U=¦C÷Y\i£Ó~ÒÆX‰Ž>@õFâI%Ë<‹Eiõ"ú>˜Ðhz6žÁÿiYéZÇ:7´Å ¾„Rº¦¸©*\ÏwTŠªÎâ¬µähžØ3cº«)3Tjc²UNQÚÔ G^5‰ŽWëk´p.¿Þ=,ÛRˆ‰ ±c,™fJ&Cö¿ÝdñQ"©B;ó6g«ñg;îbÝäIUa€ªukdõKV´jÚ)k…¼¹Î¦?c6ÖÊFüâ¤$l3eP“²ÔUMoh'ÍIÇ/°…¬áåû—³9¸äoR~Á–Ú‘lÛJJ…¢«4[Á„vº¡¢1\ys€4ÏÍØï‹”©5B·fÁ•®~¨žâ±·½Íê=-’¤’ÆNñål… §DÕ~È%!ÇÒQ9–¸W@üAº{¤àÏŸ>y¬²BT;çbiËr{…³!ð·ZÕ•Î;6…’ùhñà²-£G‹èíãha “Läzm8Æ¯™JôÖÐõidæ=DcŠ4Õ‰ô²¥´”áÂµÒð1¶Pã-²©Îs ²¬)5¹¿ùîßë\¯DþìÅÜ—œ¥€SS¬Æ\ûN–@VúƒŸ¾úp±Ÿ"£À&GFÚZ(ðŽÓ:DøÚ]= ÃÕD#õ]áKÄóôúÔfŽó6T>³Ú´üviÿ 1HìP°4³ÜYFôð)¢Û÷´|(˜VÈÆ9=êIè€+z¦O=„$ó4ðØ×•öÄ·M{ÀôÔ!ÙnëcäNOH—¶bB¹÷[µxÍ-ž³¸©b•t"Þr'¥"Ë™/¦FwŒlÙÐÜ„6?L_K%ªLJQÌ‹¤„E‚ç•ÕUê:…L³ -Ó%‘5üáHÿN€ÁOAaÖ€¹0¢¸(¡£®/†~L0^áéCt˜^N"ˆUžÃÜ¦ã“Çœí“¶™wº€G—zIÃÉÿdBíØ}äÌ •¿ãÁ:/ÆáÕ‡kšB½YÆGgçnœO¯Æó1-ØÝzˆ™ÍP›OŸ?þùùÓ—G6ÝÞF³ËñœõSÈ³è÷VêYœ÷"?¸º@2}-²B=—–U%!5L6Äýs†¹Ït/+˜Íÿ~;EùÚáñMý²ã•-OV…ÃØ÷6ßºŸËjˆiXCr×›Œ¢}l¯[aè”¹ØA6¹£¡Ò|{aéÐqÌ¯{¼³Â%`Ù€/rÄ.”ó®Ãaº7Û#-tA¹Žë®ÍÜ_„f¢ÂhW›™í¯.q-·ìæ í;š‚ñuìu¥›rŠsúà;4#$ -z†¥À¢—Xîûx:é†´$–„ÐöÛ°a×ÌŒæD“ƒÏ!5JðgY€©]ðìrÄo`¨Üñ›_Ç/§Qb•À²âá>ŠÒƒÊ›ú? ký„ß/”<ÈÄ!Ìî ¼úóÐ`íýØbÚïÞ.Tè”°Ã8YëÜPÇ4²'xì$ˆK\“~³%ÐÙÑª%¨¸oªcg®zí;>¹)ØÃ.á5Èó¦o›àóÇúüúp„]f9‚ãAå×vÏªùYä‚„YUà“Ýá9˜¾æ±*ÅƒÞª° U ¬u^x¥]ÀÑÏb×;vø[¨LèÚô™éÇIîAá¯§ÉøŠgöQF}< -è2?3úA«s$•ã#b~Ñ»U‡gA÷I¶Ú‡Y¡žKË*Œ’&›â‰þ9ÃÜgº†Ìæ‰¿¢|íÖÆðx‰¦~ÙñÊ'«Âaì{›oÝˆÏe5Ä4¬!¹ëMFÑ¾¶×…0tÊ\ì ›ÜÑÐi¾½°tè8æWŽ=ÞYá°l@ˆ9bÊy×á0ÝŒmƒ‘–Vº \Ç‚u×fî/B3Qa´«ÍÌöW—¸–[vsöÍFÁø:öºÒM9Å9}ðš=ÃR`ÑK,÷}<tCZKBhûmX„°kfFs¢ÉÁç%xƒ³,@Ô.xv9â70TnŠøÍ¯ã—Ó(±J`YñpEéAåÍýVˆµ~ÂïJdâfwÞ}Èyh°ö~l1íwo*tJØaœ¬ƒun¨cÙ¼vÄ%®I¿Ùèì‹hÕTÜ7Õ±3×½v†ŸÜ”ìa—ðäyÓ·Mðùc }~}8Â.³Áñ ò‹k»ÇçÕüŠ,rAÂÇˆ¬*ðÉîðL_óX•âAoÕVØ†ªHÖºƒ/¼Ò.àèÖç@±ë;ü-T&tíGúÌôã$÷ ð×Ód|Å3û(£¾t™Ÿ}‡ Õ9’Êñ1¿èÝªÃ³ û$[m«aV<]Šðe÷x|lýl²Jz1»òÛätŽïÕ«3|™N"-oîooûôw¬¨˜úî“rÿ9 +F—@—œþŽžÏ¯Æó‹§gSNû}4økðÃn:endstream endobj -1748 0 obj<>/XObject<<>>>>>>endobj -1749 0 obj<>stream +1758 0 obj<>/XObject<<>>>>>>endobj +1759 0 obj<>stream xÝW[OãF~Ï¯8â¥ ÇI U©DhQE ›H[©ôal/¶‡õØdóïû™±76—vúR!DÐ\Î™s¾ËÉ—Þ|üi:¢ñ„Â¬ç{>§3oB'³)>ð[HŠ{óUop}BÃ!b™Ì¦´ŠÛ}ŸVááB~-i§*ÒU¥É\W8XnDIR„R1þ‘¤« —¥¦På¥HrM‚2,'¹ÛŠœDX’à•T…"Åº.eAA¡¶cU>÷|êÇÞYò½[U<®U=yt‘ïèvIŸ’<Â Z¬£ßÜF¾?n‚¹4I"H[Q¤`¢9ô6IÓæ‚³¯x.aM‡"-ñÞõ†ß¦qÌ#¾k-K”-Pª”e …P1ÖŽI+JÊ4åªD)PAk¥"J")ø`Å—ðUGÒ}D†øK‘‚P‹g”ã*idÀu‰Ušªm’¯I=•‰BÁ“Ü,ü¹NU Ò¿pOÈMƒ²ÀCsbŠÔåG=¸öéÌö½?:ñN¸æ‘ÊÐ¾º7çxP¤ïÍxC«wç´“º³á©±, .mðk›”¦T>Ë”ÎirjsùÂþhÂ‘.•)§ëãÃ–ØÃ«¬V½ðRƒGÄcÂnÔig[¾>”Y,¤¸ÊÛM‚f%Íjä)‚¸Îç:¨zîÅ£‰Ù -ûö7Ð“(D&Þ‚û¤]®@Â»$6ø®n (@P7Ë<*Q™hj˜$Óºõ9éReõD‚Ìw×•ßÏ ª3Ü$½Ì öjÃó¤¬[ìÊãHøáÞÝ‹¸º[ ›ØHÈF<#ÍÌmèŠ®qV¶i6‹Í6Ñ Þ»Màs¹¹–¥%J4ó½“§H\¨íUÆtyƒWÁ„)KÞÁ }/½:õC¶dìtz±§n8Ö|Nsp}FC¨<Ë}lH?œyS–îý@Ëœ5™kÁ¦Ë»Û‹›…=»ÏÒ)ìÀ2ðÄ.q\Lé÷hÑ~§—É,`f»ùØIRÃ@PSÏÊ‹O¸ÁÚÍ,ÄDº;ÍS‰{7sõ…ÿ9,Ç+Å#÷“HÉ2^Ù5,@AHf0Là7v‚¾Ê¾=§ü^—¤W}ñ´ùöÁï)´lsôªùÑK»›¹û‡|ó™i2=µÆeap_¨Ï˜— ¿a•I|{á©™Ñ¯ô§>Æäèð_ÛäÉß´NG0X>5ñmW«Þï½¿¥ÓdRendstream +ûö7Ð“(D&Þ‚û¤]®@Â»$6ø®n (@P7Ë<*Q™hj˜$Óºõ9éReõD‚Ìw×•ßÏ ª3Ü$½Ì öjÃó¤¬[ìÊãHøáÞÝ‹¸º[ ›ØHÈF<#ÍÌmèŠ®qV¶i6‹Í6Ñ Þ»Màs¹¹–¥%J4ó½“§H\¨íUÆtyƒWÁ„)KÞÁ }/½:õC¶dìtz±§n8Ö|Nsp}FC¨<Ë}lH?ò½©GK÷~ eÎšÌµàÓåÝíÅÍÂžÝgévžºî +¨¡ˆ">µOLÍ}è¢÷—Vbšþe•.pBÛªóÆ1:åm‹TÍJšï(’±¨RXV+â}‘d¢ØÕ‘?À£ +è'ØÉ¢‚ÚŒrPZÊäwÑäv½´-‹[>¸àYÆ¤€çäkç8A!Å#%q÷i…\'ì¨0gïï<µm!ËùÍÝ’Lª‡¶3? ç??Yût³X¢k¸UDµôß_~è2òï®-[!8‹%hÄi°²:¯ÙðÍr wÒeÂ†ûÕî6\ÖHá»ï@5z¥Ã" d´çˆËP®}UmtæŸ<°úÿãˆŽiµ:Z=m—,†~Û ¡qc|ÍlS+.cÝÉ.+nÝOF<¢SBãÕûŽNÃÖ³¢=Ã=eññ,Ëeeæ?€ªˆ°³b“‡q3ivNÛ‰ÛF?f3lîˆµ¦¨ò=b,›Y,’=S 3û4Ýzx= \ß}üp³ø…–·óZÝÑüªpõëÝ^,WW`xb—8®¦ô{´h?‹ÓËd0³Ý|ì$©a ¨©gå‚‹Å'Ü`íf–Nb"ÝŠæ©Ä½›¹úÂÿŒã•â‘ûI¤d¯Çì ¤ +3&ðÆ;A_eßžS~¯KÒ«¾xÚ|ûÀà÷ÖÚV¶9zÕüè¥ÝÍÜýÃ ¾ùÌÆ4™žZã²0¸/ÔgÌKß°Ê$¾½ðÔÌ…è×úScrtø¯mòd‚oZ§#,N Ç#¾íjÕû½÷7p6dDendstream endobj -1750 0 obj<>/XObject<<>>>>>>endobj -1751 0 obj<>stream +1760 0 obj<>/XObject<<>>>>>>endobj +1761 0 obj<>stream xWÛnÛF}÷WLõä6£‹uñCl4Œ6J© -øeE®ÄÉ]•KZÑßçÌ,)Kk¥(;!¹œ9sæÌ…ÿ^ ¨ŸM‡4šPZ^õ“>Mf÷ÉÝÍ¦øÿ¿•¦<N¸Œ<.¯>~¾§Á”–ØšLÆÉŒ–ÁR¿OËôz0Kf }vUjì–¼*×ŠjGkMu®©T¾ÖÕ‡å7X¹£Á X¹N“ ¬\¯r>™ºR{9Þçi]¹½×UŒ§LÃBi¬Îh} eI:³´«\ª½§Æ³k¼£²þ|BŸTšÏ±÷>ÝFÉ}îTú¢kJ•±žÙ¦\ëŠÜ†vªR%ûó´Ï lãZÕð¨Si›jz¾^åŸ?àýÜùš|îš"£\½j2–£‰üv°z<ÀîF5EMá«ñˆ_Ñ«®T¸ý©e3Øj<îó¡Îèrô_µv þÚƒ³½NZ¿Ã ÒŒxŸ6tp í•íÜáÕ= žØÊµ Ö<˜á¼õ<êW]ôh[¸µ*Èí„s¼çËuö6Á›mò‡ïŽë§º‹T÷ú[r5º£½ÐUªÐUU'˜Ø %ˆ*òH©ïú{ªwuw— Œ˜'ý/Ï"*NãBº‡ŠµFŽW›Õ|f´2ö~|CkÐk]M_|'ƒ0i¾ü8üº¼„NEHNRæJN„W¹¢@H’w¡™FÃŽ».oK)Ÿï¦lJê²Áõ0£°N3|,À *RŸ•*Æ×ªª›Ý çW]²!ë®*TX¨¿ÿNzcï }/i•¼7H¢—BPäèúÌ^¡?µÕ$y Ý¹ZÛÚ@\çeÏ½‰PèLLü]ä8z‰µÅMËºªsJaé†”'JA Õ{'…ë¡¨}®Ebøƒ·(Iôý˜\…tGžqOxFõƒT¼Å—%š"ß¬-ˆ]#FaX ôŽA)Fõum2vº2.3°Pp—ËD'Æ6|¹˜Âôû$C`®Ê -˜UðhçŒÅ‚»(#ôqE½Vºçï÷Zä(_pŽÎèÊRÛ*’ôqÓQ…wBÂ[üQ,Ádá¶lµBa´£DÂd´Á¨®ŒÎ±˜@÷¹+ 2ItE<ÌAGär…›PB€Í¦¥jÓÙE~MíÉííÛ€A¸®P5 ¹~G¤²sÞ›5À 4n—fÛ@Y,»P£˜ohÒUÎ†–vž³‹¤K ã®Ý.¡Ä©x‰ñˆ0^›TâlóEãèe8Ñ¶[™LHyõ fÄè‰Ð.Úmûø˜0Æ›Zc@é!àÙ ÔN…\H£?ñÌÊRE¥UvàôF~/;ãâ Õ¡LÁ®¸#TîÕdšÐoò»a9Ç( ÁqÛiw±ù×¥4Ÿ…JŠë^&Ra¨^¶•C•EyšôuËÍ7T|¾¤ßd¨ÇpV2^Å-Ä÷ž£°Õuëq·î†E1s -A?#kÛ‘²Ö5X;Ñ`‘ÜçëReq1ü6Çì;X`mƒjS¹òb‹ƒV `ÄPù–ñƒaWáDã¢DwŠóv°i^9kÐOÅ³ñ³ÁòžqúÛF;!|úd-å½“4XÁ?HmP&:l„1ì–'‹3ô^}ÞfÒ¥™ìh‹3Aë°\ütŠã}#¯´Ì¶ÍþùÚØ´h²cKàö…‘Ì¶ÊE“5ŠVOóEû:ÇYiÌ$v®ëÇ§¯ŽöãçYûe5˜à£n6¢ÉT6ÿÅÃ—Çú³rßðÁ¥¦ Ë Ã‰o»ã·Óþ=)üßO¹»É,™Œ‡øä—F#ñiyõ×ÕêýÊ=endstream +øeE®ÄÉ]•KZÑßçÌ,)Kk¥(;!¹œ9sæÌ…ÿ^ ¨ŸM‡4šPZ^õ“>Mf÷ÉÝÍ¦øÿ¿•¦<N¸Œ<.¯>~¾§Á”–ØšLÆÉŒ–ÁR¿OËôzØOf }vUjì–¼*×ŠjGkMu®©T¾ÖÕ‡å7X¹£Á X¹N“ ¬\¯r>™ºR{9Þçi]¹½×UŒ§LÃBi¬Îh} eI:³´«\ª½§Æ³k¼£²þ|BŸTšÏ±÷>ÝFÉ}îTú¢kJ•±žÙ¦\ëŠÜ†vªR%ûó´Ï lãZÕð¨Si›jz¾^åŸ?àýÜùš|îš"£\½j2–£‰üv°z<ÀîF5EMá«ñˆ_Ñ«®T¸ý©e3Øj<îó¡Îèrô_µv þÚƒ³½NZ¿Ã ÒŒxŸ6tp í•íÜáÕ= žØÊµ Ö<˜á¼õ<êW]ôh[¸µ*Èí„s¼çËuö6Á›mò‡ïŽë§º‹T÷ú[r5º£½ÐUªÐUU'˜Ø %ˆ*òH©ïú{ªwuw— Œ˜'ý/Ï"*NãBº‡ŠµFŽW›Õ|f´2ö~|CkÐk]M_|'ƒ0i¾ü8üº¼„NEHNRæJN„W¹¢@H’w¡™FÃŽ».oK)Ÿï¦lJê²Áõ0£°N3|,À *RŸ•*Æ×ªª›Ý çW]²!ë®*TX¨¿ÿNzcï }/i•¼7H¢—BPäèúÌ^¡?µÕ$y Ý¹ZÛÚ@\çeÏ½‰PèLLü]ä8z‰µÅMËºªsJaé†”'JA Õ{'…ë¡¨}®Ebøƒ·(Iôý˜\…tGžqOxFõƒT¼Å—%š"ß¬-ˆ]#FaX ôŽA)Fõum2vº2.3°Pp—ËD'Æ6|¹˜Âôû$C`®Ê -˜UðhçŒÅ‚»(#ôqE½Vºçï÷Zä(_pŽÎèÊRÛ*’ôqÓQ…wBÂ[üQ,Ádá¶lµBa´£DÂd´Á¨®ŒÎ±˜@÷¹+ 2ItE<ÌAGär…›PB€Í¦¥jÓÙE~MíÉííÛ€A¸®P5 ¹~G¤²sÞ›5À 4n—fÛ@Y,»P£˜ohÒUÎ†–vž³‹¤K ã®Ý.¡Ä©x‰ñˆ0^›TâlóEãèe8Ñ¶[™LHyõ fÄè‰Ð.Úmûø˜0Æ›Zc@é!àÙ ÔN…\H£?ñÌÊRE¥UvàôF~/;ãâ Õ¡LÁ®¸#TîÕdšÐoò»a9Ç( ÁqÛiw±ù×¥4Ÿ…JŠë^&Ra¨^¶•C•EyšôuËÍ7T|¾¤ßd¨ÇpV2^Å-Ä÷ž£°Õuëq·î†E1s +A?#kÛ‘²Ö5X;Ñ`‘ÜçëReq1ü6Çì;X`mƒjS¹òb‹ƒV `ÄPù–ñƒaWáDã¢DwŠóv°i^9kÐOÅ³ñ³ÁòžqúÛF;!|úd-å½“4XÁ?HmP&:l„1ì–'‹3ô^}ÞfÒ¥™ìh‹3Aë°\ütŠã}#¯´Ì¶ÍþùÚØ´h²cKàö…‘Ì¶ÊE“5ŠVOóEû:ÇYiÌ$v®ëÇ§¯ŽöãçYûe5˜à£n6¢ÉT6ÿÅÃ—Çú³rßðÁ¥¦ Ë Ã‰o»ã·Óþ=)üßO¹»É,™Œ‡øÄKƒÑˆA|Z^ýuõd\Ê(endstream endobj -1752 0 obj<>/XObject<<>>>>>>endobj -1753 0 obj<>stream +1762 0 obj<>/XObject<<>>>>>>endobj +1763 0 obj<>stream x¥VMoÛ8½ûWri -Xªd9¶Ó[ƒnšîÂrÉ…–(›DjEªjþý¾¡>¢(ÙEa–MræÍ¼7þwS„WLÛ%JËEF´¾ŽÃ5w[<¯ð®%åÝB”ðòë…dµ wó…›ÃâÃ—5Å1r$Ùì¶tÈ ¢ˆé¥¥´!ÝæôdššÒBIí, d3ºx¢Æ*}¢cmD– -ëø‹3ÀbMñCÒt7·ßöä£,É¥&×<`£¥V™4mêïß¨-XmPÔ!»ôÙ -“Š‚JÄ•5çh¬ûSGIÇBrº\éŒe¦JÏö/IXR®ÏÅq´0æ8iDAœ„+ÎiîÌ‹œÕ6G-]È[4gØ‡Ä?á—ªÊ‘»kEUImÔI::›"#Ãë¶ U™ì+¡BYtzƒÊH8'Ë -ÝÅi‘¦Ò¢Ïa)=ƒêÎÂõ†Ú^td €ë™’À`üYûª¸UW\°º¢ ¹7Ü”Û| ü!ë%;“åQxÜ¯$Ñ©AÐýíÝžP’?Ä¬ÿ6¿©ÑN¤Î2‰Æi=£…ÒÀlæŒ§ZžÐPYË¬«}QvÖ¶‡™F ÔÅ½š¤ZvŠKƒ˜j™J‘{ï ²Ê‹e"(‘e ,²íÛúI”?QØÀAËs3j¬ÏËâøSUuê„¨Ü¾Ïÿ#b2å¿W?°5Jƒ2çfÂ7ë…jG~ÐëIœÜOG‹!LÁJxÉ©]î¥þáË5Åp¼ãÑo"$DïÂ8 -éÎ8Žg÷ìpÔ“*=þ©u°×~d:éÀ?ZS?2<&ë"º £°Ðçh—C0z¸ÌMMò§(+Xê•:ƒn˜øèá=«SsØN{ÖÕêQÎÔ]Õ†XÂ®ïaˆpKâ ÷€pªMS±D‡Ñ”%»ŒmªÊÔŽS@ÀX0¥1‡ESŸ:›å–Îòzgfçg/c«÷þÊ [£ßÁzÀËü¹Û’dÝ9=÷šÿÚNùâ5†8°?Nófƒ÷Þ´i‡,:Å‚ò¼TÊ!Ø@ƒwˆÙ7>oxÙéY©Z²½¦”÷ÑÅó¹2•S¸C@™-!^kˆ?Õ©Á…‰eH{èrX¸¼µÌR&P…íÛ´ëïãxƒÛ}—P²ºfí?}½ùD×æ»„9~6iSâ>œ—‘Ã`]ÿ–×›]¸¹ZáË?Ys´¿‹ÿGÄ³¡endstream -endobj -1754 0 obj<>/XObject<<>>>>/Annots 1005 0 R>>endobj -1755 0 obj<>stream -xVMÛ6½ûWÐCÀÖZþ\HÝ¤nrŠv]EÝ%ÑItIÊŽÿ}ß’ì(Yš dgæ ç½™1Mð7¦Õ”fKJËÁ$šà—îŸßá_h±ˆ£%•4ŸEóæ£ §ÁÍgIqG‹›ÃéjÍh¾šâJIÓõ<š6_|õö»¤Ùt ÿÁÖŸÞ/¢5ÍkÜÁi|ÏžüŸÞ~ãtîãt§ÛÁÝfMÓ m÷À¶\ÝÓ6óðK:|‹£“†âuDoµuª: ÷*5Úê½£7Ê:£’ÚÉŒ6ª/¶Oçð2|ºX'KrFJÒ=‰2lÀãU8ž1R#BÑ» -þêÔ)]Ù`:G©Óé -°aºÍåW© ¶jCoöv÷‚ŽFŸT&-.¥¨,é=YyFx^ -}P©(è¤ä™÷€û*£L™:m”ôyS<‰º\8ª4Þ$íDø©«áê˜_¬÷Yè€ƒÃÀJ2ÒêÚ¤rðJº³6Ÿ€Û‘( -}¶´Gþ¹:äÒ4µlãŠ“P…HT¡ÜeD¶ÔY$)’äç#0"Þ¨DF‰(D•ò{I—F´ÛRIªB„ÒgF"Ñ5ÞpoGHmgN÷‚^_:Ói]ÊÊù›Qc†Fô/½Í•¥Ö‚S)„ð\ŸáÿYÀã8]/ú£RŸ©i®*I»!Ã†ÁXœ’L…P0×”TEâ9k0½ô|K}•Œ&Y‰¤ôôþqœ‹Þ|³yò•õF”êj¯5—ÃÑY¹œ_ƒ}ßmDÓoCùd\ÚlßëÅ!é#?mD¿V©¤¤V…a×á7í‚F9¡²©¨(‘œ¡S|)šƒä‚6r]G -—£Dë=ÛOÉWò› q[—’©ªBk…«P+Ïž¡-“ˆQ‡Ÿ[R }Ç·l;íO]x£•pœÍùM‰ßÐ óÂkø§…<ÉgÓöû{ýð]Ú=\·ä»°ùM-[ñe½}¡ªO¶ÅÌíY~)]¨”Â©gìQ«ÊqC5´ñÏb1ägQÉOh›«½ÈìˆBò]I?Ö•ªñOßË†‰ñnçK÷±6êÕAdÝ@eÑë¬j(oë6¢¹ôpS¯)"4öè‘‰ÒµN|FìûBüˆF†À JÁ![ýhå -\ô‰‚Ð)¨3êb‡?} »mµzÀ8Xö½ÐyVë\ „Žö¨nDu`µòzúAU‹ázÁiN'“I?Â[iä,ÕPÿxAÝ‘êcÓªíèi¨ ¦1½¯»Í„Öí`™û¶\‘†*ž/[ü“ˆ'ãð¯@Ð¿{?Só‚ž(m©é==¼|xÆôÊeÜ}E—nÐLy{àPÙÞ>ç( Y¯èR«»ƒ%³ò™HWú]ãÜmZ @wÍ–Ü» =¯Ý,¼ÐÕ‘ ÿ‘0ÇQ[†õhÕŸoœü:Ê›ÁÁYÿNãæt¶ˆV¬"¨@š}áÕÑ8ØŽÛ¶ûoGUP¯Â/Óû^¯¥ÎhµXüŸ©-}!+žy¬Ä¾èÍ&ÕÖôû’þÂ¿çÄcç~HòºûÁ‡KBÚ¦é‡ã‘as]YÛ ¬-GiJey) Kêµ)Wh¿ÝtTÐï–WôcÆÖ)Ïfl\º*úã ›QY³ñMÄÔa€‡ä×žLí/^ìüTÀÀ)¬¦JÃÈ€ò{•gêbµ`0²!WŒýF„±§IÃâA/ “…*UØ‹ FXˆK8aá•—ÄI+è¹x„P?® ßÇR& -SÖW— °òy—K£V÷WòÌfLŽï]ÍÛ ¹ÕÄnY™/ï£åb(ÏŒöçíà·Á¿KçõÖendstream -endobj -1756 0 obj<>/XObject<<>>>>>>endobj -1757 0 obj<>stream -xu”AsÚ0…ïüŠ½•ÌÄ¶‰1GÒ”[;í„N/\„¼ÄJ°äJ2ÿû>Ù&mi -ÃŒÇÒî¾ýö-?g -ðMh•R–“¬g‹xAyšÅKZ+<§øY¦ãppŸ¤qz}ð°›Ým—”$´;"W^¬hWò,´“óÒâtêÉ±§¶!_1¹¾>˜“’tRúÕ‘7Ô¥}xÇš}gì+¹JXvÔ›–:¡ý- ]’óÂzzõAÄ7»—Ù‚¢4‡Ú]9ÿîØ:2š.‚IžkïH -MÚtt°¦sD£*Å*„Ó,QŸv³o³_OK‹Sendstream -endobj -1758 0 obj<>/XObject<<>>>>>>endobj -1759 0 obj<>stream -xV]oÛ6}Ï¯¸)K¶äØî€>t[]äa¶x]‡u(hŠŠÙH¢JRqüïw.I%Š‹¡KD/ïÇ¹çžë¯šã{Aë‚ÊÉöbžÍ©¼¾Î6´Ü¬ñ\àÇ*ªÃÁb³ÊÊóƒwùö5sÚÕðµZohWüÌñF^þt½WçÝz!ïÅ¾Qôa{K©†F¹W»/ÁÁbÌÊeVÀÅ%n,2ºé¼…¡ôÚt$ºŠ¤éj}7XÁoâå%-ér±ÎV|ùVwR‘í^P™Í¯Ò£úÞXïÈMSùtùA[?ˆ†¶ÉÝžœWí§Wc†H<øé…sÊ‘òL¾Êyò†S˜ÓlQÆ¬…”Ê9òEC§©f.xÄK;„“ÆˆJUS2Ú´#™Ð’æAYG¢i‚}‚ -ÏÂ€VÑQûÃYdvf°¨žÑ²ªVV¤dÈñUõˆ~t(6yÍ’Ÿb•-º¿Ì@8ÑA<(êA¿Úp{®œo_‘šaQO£÷VXXø—ódó*äÑèîº£J×!%–þQœ¡ÇOç 5ÇÐ¨ÉÁ¢ß¤ÄöJuäÑp't‡f¼ÿõ†Çòæ÷›çµí È¡šPðŠ¤UÂ±X 9ÝêFX†ŒMM§h¯s©n™C¢óÔ+ZÅôFï`É%åÛëDÇKz¨QÒþ‹’¡Ø|;!êÈ—gÇƒ±Ú…ôFÃ{Š®…äPþÐ!™:äôòSŠ¬¶Æ¢Ã¢íuÅshyy†9Î™Ÿè¨ÂÀFž$š¼×Ý±œ9½‡kBñëo1TÚÿ3úœC4@Ÿtøô4hÑ7zCoÙíÊ+áúŒPÞØÓwîsá¸.}Çôn¾ÀsoòeæÌó›T#Þ}ÇáÑ"á Xoè¥ŠGý?*Ý[stgæ/z^i›Çá sÜÃ`¦Ù -dÂÓ)¹^I]kUóx;XYªŒÝ †<=œ±îî¦ì¦”ˆ -&E"ãÅ€~c9d<ùY=€à=‹ÎûAW*d]ŸÊrÈrÁ²,›5ì\ÅaÃk`VÎ£sèxèÃýˆ~uù–„MÎ˜¶Á<Šç¨¨q!¥LéZHÝhŠY›ÓÉus Œ¨A0½SU ò"[–Í° 6ø‹¨a‚8£÷t•ÍW×üû¥1óJ»ô8’äÉä‰º®syTÜª²ýuØl˜ËÆ83žã|èXsy‚€Ð›¥TËbL5€Ôq£ùDLŠc:Ÿax!Æ÷# …?ËÀ4Ñ°™86IÞ/G_ Gak`YGÅŽÂÀU£MÂO6Þ3,ÂJT,QgnG¥Èã7ô½kžMÏkÜ%©YMyÚF˜éÏ)îgÖ$«zãô¨ÏdÂÇ—§¼½ùøË»Òèq6=?÷y¯P¶UI¾G\§7&7)Çà±,³ÅŸ=ªÿ÷9g¹Úd«ëó‹rÍ9¾Û]üvñ/~Ðéendstream -endobj -1760 0 obj<>/XObject<<>>>>/Annots 1010 0 R>>endobj -1761 0 obj<>stream -xVMoÛ8½ûWzÙ°iKŠ?š›»mÅ6E·ñ{(PÐe±‘H•¤ì¨‡ýíû†–[×èe ˆ‹äÌ›÷Þõu”Ð? -SÊ”7£™˜Ñˆ÷ñö~Å“ÜK]K.KÕ^*å.l5ÅxO›J{‘t7ØŽÀ!"ˆÚC-Ûà~Jõ¯ä^ÑV)C…ömAta#ósÊ„ºÇô¨{Ðù42ÀkzmòûÇ{ -NE)˜|‘˜l€ƒŽ©?])±L0cµgÙbˆt3åÀV#"®«Ù!üEvNöéù¥÷ÞYòhÕ¨¢i#žmuCÏ1ËÎD¾d| M?0KØ…Žºik .ŠN1"`-8ˆÁzÄ´ÓÛS?B³nÌD"èzq‹®º¸ÌÜ¨+÷÷‡·7T…ÐÞL§‡ÃAäÞ‹ ûÚºN¨¢›þ«ð¯n”›C¨ÒOµ)Ô£h«v ãÔr/{zítNoG.Yysä4¶ûóÌt¨t^Å‚AšaÖ¨”ÚAtnÞZ…(e1±¸ÿ}›4‚Þ„“¯î¯á.ÑÂr@ÿÒÙ!O5Œ ¾‡á–’Gþ¥‹³f§`”r=S²*tY‚vgdx^Ü^Z²ó(ïÓXØiÃÝGœ»3xÊ^³n'þÆq÷>óÔN‡à¸*Î`bxÜjŒñÙÚ4·?£g÷ûÿTýÁº‚¨ú/më5O‰ÑÄöÕ¹ØWÀ;î0$jÀq=w‚®{X™6pê LC®ËCÇC -¸€[îàlªê2²È¦?ÎWjä -3Àá}×´¬ÊykœbåÛªÞbês˜su8õµO‘v×™K‡ÑE¥RÅVæt8µxµýXÜ°¢ÁÆ y‡Ë!S+C^)ï%°†Š5âñ7¦Ê¶ªìXKÀhô® -e··(AzìŠ2{Û(A|þ¶Ï)X‹c@’½v¡“ØÿÝŠCO¯†—£d7ÄUF‹d.–wìýúîåšÞ;ûv¡W6ï¸žhsF„ëåxb²œ½àý¿º˜¯x/œ§xeÃ†$[ñÁ×›Ñ_£ÿÇJendstream -endobj -1762 0 obj<>/XObject<<>>>>/Annots 1013 0 R>>endobj -1763 0 obj<>stream +Xª>ÛéA·@Mwa¹äBK”ÍF"µ"U5ÿ~ßP’£(ÙEa–MræÍ¼7þwS„WL›„Ò5eÕ" +#Z]ÇáŠVÛ ž¼IE¿¥¼üz!M6áv¾p³_|ø²¢8¦}$ëí†ö9!AÑ>»Ô¢’6¤Û‚žLÛPV*©%lF—OÔZ¥thŒÈ3aqX¬)Hº“îæöÛŽ|”%¹“Ôä:ƒl´Ô©²$“emóñýþûµÉEíóKŸ4™(©B\ÙpŽÎÊf8uÔjq(%§+”ÎIPn*¡ôlÿ’„%å†\GKc€“FÄi˜pNp'^ä¬¶=héBÞ 9ãž8$þ ¿œ¡ª¹ûÆÐIÔµÔ–A¥£“)s2¼Þc:•Ë¡*•u@ç¡·¨Œ„s²ªÑ]œY&-úŒÖ‘Ò3¨î$Ü`¬íEGF¸ž) ÆŸå°¯ŠKúâ‚äŠ‚ô:\sSn‹%0tò‡l–t0îDVTáq¿’D¯A÷·w;BIþ³þÛüfF;‘9OÈ$§õŒ–J³=˜žyDCe#ó¾BôEÙYÛFf8P÷j’jÙ+þ- öbjd&Dî!¼ƒÈj/–‰ Džƒ°È +´oëóLÂ¨ü‰ÂF:ž›³Æ†¼,Ž?UUß©^ˆÊÍáûñü?"&Sþk‘qõ#[géaPæÜLøãf½Pí™ôzF'÷ÓãÑbFS°ÞÀcòBêc—©ørM1¯À8Côë Ñ'QG!ÝÇñLëžŽR¥Ç?µÎö:ŒL/øGgšG†Çd]Dtú<ÛåŒ.Óü)ª–Gz¥Î¡&>zxÏêÔ¶×žuz”3u×!V°ë{"Ü’8è= ÓÖ,@ÑÆa4eÅ.cÛº6ãðLéœ‹Ã¢©O½ÍrKgy½3³ó³—±Õ{å„Ñï`½@àeþÜmIºêž{ ÍmK§|ñC\Ø§y³Á;ï@ÚtcáNAy^*Õl¤@ƒŽwˆÙ=o|Þð²Ó³Rµd{1L)ï£‹çsdj§p‡€2[B¼Öªc‹ªvÐå¸þpyj™¥\:¡J;´i;ÜÇñ·û6¥tõÍÚ}úzó‰þnÌw sül²¶Â},8/# ÆÁ&ºþ-!¯ÖÛp}•àä§+Žö×~ñÏâ?%h³Œendstream +endobj +1764 0 obj<>/XObject<<>>>>/Annots 1012 0 R>>endobj +1765 0 obj<>stream +xVMÛ6½ûWCÀÖZþÜ »IÝä°(Úuq”D[L$Ò);þ÷}CJ²£dQh$9œ™7œ÷fþÄ4Áß˜VSš-)-“h‚_ºþø•¡Å"Ž–TÒ|Í›‚žWŸ%Åq-®§«I4£ùjŠ+%MïæÑ´ùâ«×ß%Í¦Kø¶þôvÝÑ|q‡;8oÙ“ÿâÓëoœÎ}œîôa3¸YßÑtB›°-W·´É<$ü’ßäâàdEÓ8¢wÆ:¥÷$èQ¥•±fçè²®RIídFkUÈ—›Oƒ §sx>“%¹JJ2šžD™6à€ñ*Ï)Œ1Þkø«S§Œ¶ÁtŽR5¦Ó`Ãt“ËoSl;4½ÝÙíK:Tæ¨2i‘p)…¶dvdåATÂÃpðR˜½JEAG%O|¼ØëŒ2UÉÔ™JIŸ0Å³¨Ë…£ÚÊÊÂ›¤]e¾Dêj¸:ägë}&E à`Ç0°’*iM]¥rð-ÝÉTŸÛ‘( +s²´Cþ¹Úç²jjÙÆG¡ +‘¨B¹óˆliŒaÑ›o×O¾²þÂˆR£wj_s9”Ëù5Ø÷ÍZ4ý6¤ñ˜OÆ¥Ív½^’9ðÓFô›N%%µ*Ü»¿j4Ê•M…¦Dp†Nñ¥h’3ÚÈu¹/^Žc +ôl?%_Éï&Äm]J¦ª +®B<{†¶L"F~nI5ôß°í´¿LMàÚká8[›ó›&¿a…Î¯á{8œò(ŸMÛgìïõÃwiGtqÞ’ïÌæWµlEÄw”õö…ÒŸm‹™;Û³ü\&¦P)…SÏØƒQÚqC5´ñÏb1äQ +ÉOh›«½ÈìˆBò]I?ÕÚÕøgïUÃÄx»õ%‰ûX›‡ õê ²n ²èuV5”·uÑ‡\ú¸ªÀ·{ðÈD +i ŽZ'¾#ö}&~ÄJ†À JÁ![ýhå +\ô‰‚Ð)¨3êb‹?} Û—mµzÀ8Xö½ÐyVë\ „Žö¨^ ½gµòzúAéŒÅðnÁiN'“I?Â;YÉŸXª¡6þñ‚º"Õ‡¦UÛÑÓPLc2z_7ë Ýµƒedìm¸" U<7^µø'OÆáÇ@Ð¿{?Só‚ž(cIƒŒôšžîîŸ1½pw_Ó¹4˜„~Ì}Ìvö¹8ÍzM7ZS¹X2+Ÿ‰t¡ß%ÎÍºÕt×lÀ½ÒÑóÚÍÂ3P òsŒµeXVýùÆ‰qÁ/£¼œõ‹p7§³E´Z`A±Óì{/ŽÆÁvÜ¶ÝxÃ8ÒA½z¿NïG½–&£Õbñ¦Zh[úJVî=óX‰ï}Ñ›Mªé%ý•Ï‰‡Îý(äM÷ƒ—„µMÓÇ#Ãæ¦.²¶AX[²*•å¥$,U¨?Ö¦\¡}üJtÕYPA¿[^tÐ[§<›±q]ôÇA7£²fã!›VSk„V`’_{2µ;{±LðS§°†´‘å÷*ÏÔÅjÀ`dC®û•cO“‹c½€NªTa/‚a!,=âˆ„W^G£ ·ÕÙ#„úqmø>ö2Q˜²¾B¸´¹€•Ï»\µº½g6crüèjÞnÈ&vËÊ|y-Ó@¹x¶`´¿l¿þ¤ÂõÁendstream +endobj +1766 0 obj<>/XObject<<>>>>>>endobj +1767 0 obj<>stream +xu”OoÛ0Åïù¼-j7¶SÇ=¶ërÛ°¡vÉE‘™Zm,y’Ãß~OþÓmY— €a‰äãù¹Hh…oB›”²œd½XÅ+ÊÓ,^ÓºØà9ÅÏ2‡ƒÛ$ÓËƒ‡Ýâf»¦$¡Ý¹òbC»’gµ¢\n•§SOŽ=µ ùŠÉõõÁœ”¤“Ò¯Ž¼¡Æ(íÃC8Öì;c_ÉUÂ²£Þ´Ô í¯Iè’œÖÓ“¨"¾Ú½,V¥9ÔîÊåwÇÖ‘Ñôxt‘èLò¤X{GRhÒ¦£ƒ5ã¡ +.‘·Ì! TRB¥=³%áieöûòèbº—’SúyT=ÕN2AíÐ‰ c‡Ãí—]¥dE¢iX £RY–ÞX…Ž¦>Gqû+òâoÛAþx¼¦KÈ`Mc•ðà6_˜ Ln¶w”IG”%#4‰Ã—¾Ï.ÿ&¥ajËJ— ôÆM3—AÉa‚ƒAhIêH‚ËgeZ¡µiux¯Ž@jTIÊQ-JÆÕðÎ"4Ð9+É¡va3:ðv|QÄ{°ïD¢Qž°¦leÈ¢¹›2Ô F +ŽÁàæüSërrb´‰‹„æ"û4ßÐß]çoæùØZ«ð[þàPîóVI¯âðDí†û:Œ›´¨16W™öT<(LÇV +ÇïªÁB”ËÿJ™µnÊ±lò=5mŒcw=ö:¹¨'Yð"œŒ|ÃóãlìIY%Î0y§¹RMX¢ë4lkkn°¥.¬!º54JvêYÃ}ådÐ°Jµ)Õq u¹Ëj\¦Ùíý»æFÿ QLSK²".î2J6i\ZO÷Ÿîé«5/Xz4²1&f2)Éñ/UdmVwáþ?6_çEœß¦Xœ&Y¢>íß¿8¾‹Eendstream +endobj +1768 0 obj<>/XObject<<>>>>>>endobj +1769 0 obj<>stream +xV]oÛ6}Ï¯¸)K¶äØî€>t[]äa¶x]‡u(hŠŠÙH¢JRqüïw.I%Š‹¡KD/ïÇ¹çžë¯šã{Aë‚ÊÉöbžÍ©¼¾Î6´Ü¬ñ\àÇ*ªÃÁb³ÊÊóƒwùö5sÚÕðµZohWüÌñF^þt½W–Š"£[/ä½Ø7Š>lo©5ÕÐ(÷j÷%8X¬£ƒY¹Ì +¸¸ÄEF7·0”^›ŽDW‘4]ï+øM¼¼¤Å"].ÖÙŠ/ßêN*r¢Ý*³ùUztCßë¹i*Ÿ.?hëÑÐV#¹Û“óªýôjÌ‰?½pN9RB€É×A9OÞp +sš-Ê˜µR9Gþ hèô#ÕìÑxi‡pÒQ©jŠBF»ƒv$ZÒ<(ëH4M°OPáYxÐ*:j8‹Ì!cÁÎÕ3ZVÕÊ*`”9¾ªÑÅ&¯YòS¬²%C÷—¨':ˆE½5èWn#pÏÕ Sãí+@ó ,êiôÞ +«ÿržl^…<ÝÝãQwTé:¤äÏÒ?Š“#ôøé<¡æu"9Xâ›”Ø^©ŽÃÍøbîM²Ìœy~“jÄ»ï8>/XObject<<>>>>/Annots 1017 0 R>>endobj +1771 0 obj<>stream +xVMoÛ8½ûWzÙ°iKŠ?š›»mÅ6E·ñ{(PÐe±‘H•¤ì¨‡ýíû†–[×èe ˆ‹äÌ›÷Þõu”Ð? -SÊ”7£™˜ÑŽHL6ÀAÇÔŸ®”Ø ¦˜±Ú³l1Dº™rà«×…U†l†þ";'ûôüÒ{ï,y´jT Ñ4ŒÏ¶ºÖ¡ç˜eg"_2>¦˜‡%lƒBGÝ´µE§‘F°ÄÎ`=bÚéí©!ÈY7f"ô +½¸EWÝFÜ?fnÔŽ•ûûÃÛªBho¦ÓÃá rïE}m]'TÑMÿUøW7ÊM‹!Té§ÚêQ´U;qj¹—=½v:§·Ç#—¬¼9rÛ‡ýyæ:T:¯bÁ Í0kTJí :7oB”²˜XƒGÜÿ¾‡MAoÂÀIˆ× +÷×p—ha¹ élƒ§HÆßÃpKÉ#ÿÒÅY³S°J9Èž©GÙº,A»32[Œg¬Å± É^»ÐIìÿnÅ¡§WÃËQ²Àâ*£E2ËŒ;ö~}÷rMïý»Ð+›w\O´9#Âõr<1YÎ^ðþ_]Ì×¼ÎS¼²aC’øàëÍè¯ÑëkJendstream +endobj +1772 0 obj<>/XObject<<>>>>/Annots 1020 0 R>>endobj +1773 0 obj<>stream xeQÁr›0½óïèÌ–qnÉ´é%¶6íô‹ŒEQj•„iþ¾+ìv:í Á²zûžÞî„#§‡c#PH4}’³œ2^»w‰X3¹–,G.9}/'ì#ëmÁJ”Õ†bAÛi´ÉCd[ðuK -²¢à¸ç¨›•ÈYÁÃÙ7j¸©_\‚ó8¯>ïžîÐ…0ÞeÙ<ÏÌŽzPC0gã&Ï¬û–ÅÂ©¤O^õ•.”0 -£³¶Mi5vhôÐÛãt¢ëY‡}ßbîLÓaòÚ#t_÷x^‘B˜Ô !°õA÷Ï7hµ -“# m¯Âœ%¿Ð±iendstream -endobj -1764 0 obj<>/XObject<<>>>>>>endobj -1765 0 obj<>stream -xWMo7½ûWÌMIáÈúŠìÈ!IÀ@Ó¤°z(µ;Ò2Þ%·$×²þ}ßw%YHÜÂ°£.gæÍ{o&ÿ\Li‚Ÿ)]Ïh¾¤¢¹˜Œ'ôúÍl<£ÅÍ5^Ïð˜6úÅüz9^þè‹él:^œñ~uqõé Í&´Ú Èòú†V%!ÀŸ/>T¦MÒ]°nKw¦Y›—«ïúäô:?ùj¾@>«òŽâðKÁ—]‘¬wùè‚¦Óþèìâèª²‘œOL;É¤dŠŠKJžRÅ9j›oP]Í&²ÆÉH6Qá]2ÖáãÈ6É¸DQÓL{ÚØÇ1*–ðz5çü¬ÛøÐIìäŠŠ iÛÚr”´F².&S×z1mÙq0õøGÕ/úêgcú+ -N•‰ÖH»¤6 ÊçÁ¸uÔ·?‹é7}*‚È6°IŒKS%¯~ƒlQù.E[2í}€EÃ¥ÅIrœv>ÜéýžJÞ˜®Nghä:w¶®É· -«Ë©âêà »×R.iWÙ¢¢†F°‰H¡sÚ§Ø3=pˆï!y¼VÂœ´AÁÉ—D*m@Èz/ ‘àG€GP†Æ)Ðè5Ç–‹¾ìé¡«¥!ëšµ%¸¶ÉÁ/Ž%¾ÀAŽZ`#€Ú˜„x… -ÿ¢Û^ÉÉ‘d~ÕµßPR9|R²ÛÈ·Âšþ† ±Y‘öæXùÈn»‰¶±5"xòIëõ -wÔèÚ´È°õˆ“V¸±ã¶Zˆf6¦wŽøÑH=ÔØm~ñ¯™Œz3Èk‘! m[_½¥)te§4…yL—7Öäjaöoçúv(dÝÈá—Èø¹šä¨§ªî5 ý4-¤:)øîóû¡¿Š¢’kTûÂÔRÜˆ¾½P$üN„Ù´:ÿí¥vAJƒ@ghÉ>€ÜCš½¬{ªÇC13}òX½“tpIx’…f RÞ€å“ïà3Ñw…îLÌÁ(²+ÅŽ À±Ö÷œÔxò¦ÎH FcÂ½ØZB#øÕ6&vâbFà¾u¦áq>Àwÿn‹X.½ƒž¯ƒ¦1( £;ÉRÒÙab‡çøŸ‹Ó•jO½bÍHÜŠ¹vjíƒÔö>;ÇÆ‹g “Ï¨ñ€a„Ž8U¿PíÄ¶¬G´`8Æ[Úsü©àÄÃ¸®ã0)z›ÉäÒñÐÛªÊ;IdgS…é³.$!£~8B†#Š„Å›É¥ü^)÷ÂkëNi -©½o×À1ÂÀjè|”E¡¡{ñÇÙëÅKnULÈPôåN{d0™õK\{\‚f·¹Çî :õMƒ;4ÇøPgˆ)u›Ñt·®{ÞÃqVÅ¨mÛÉHr—ÑÄûl[L=C«O¤1ØTà¶ÞËš…dÈËQÏ€Âc+t.ãîjagq}‹Ù©*_¨3B’…¯áD*j ÆÔ)ƒz7–ùt¯v=§à˜õ'{åév8ìG‹Á¸ŒX&ïžäuõét–ôâgñ –½Ì;éÊñÉLG’¬-yŽÊµx“!Q KïFIUŽ±ÙÂÊÃª„ïmüM¨iUa'+J¿nÙgö´õÂ,Ù\PxM·è–v¾RØ^À9··l§Ø2€Ù÷ÎéÖ—%…=[(ÉÃ>£¬ºæ|¦ˆ:„õýÖˆ¤ùMÉÛv„5i±ôÈ \U¨.>/XObject<<>>>>>>endobj -1767 0 obj<>stream +²¢à¸ç¨›•¬`‚áì5ÜÔ/.ÁùœŠ WŸwOwèBï²lžgfG=¨!˜³q“gÖ}ËbaŽTHÒ§¯úƒJJ…ÑYÛ¦´;4zèíq:Ñõ¬Ã>‚o1w¦é0yí:/{<¯H!Lê„ÖØ¿ú ûç´Z…ÉÐ¶WaN¢ðÂEÞû™Ôu;õ•áC‹Æ÷íE "‹ƒ¦t?ù³ Ý¢ê§q´.0üíâšôÿè•3Ä‹¥ˆ-´#ÃÃ1úî•mb?¼b#‡'3|g—FW×FsI« +ð¼dÕbãþýÃ=>:û¢›€7¶™zMLÁØeDéï‚t“o#þ¿!–²br-hÞtÊ‹mÔ{['Ÿ’_Ô/±mendstream +endobj +1774 0 obj<>/XObject<<>>>>>>endobj +1775 0 obj<>stream +xWMoÛF½ûWÌMIáÐ"¥ÈN’44M +«‡¹¬È•¸1¹Ëî.-óß÷Í,)ÉBâ†‰;3oÞ{3ùç"§9~rº.h±¢²½˜gszý¦È +ZÞ\ãs_¯i+7×«lõ£y‘gËóï×WŸÞP1§õAV×7´®æ¸R¾øP«.jOÅ"£;]öÞØÝ©v£^®¿Ë›ùuzóÕb‰|ÖÕ<šgtk£wU_FãlztIy>>Z\#C<º®M ë¢¦½ +¤bTe+ŠŽbSÔVd7¨®Ñ*hyO2‘Jg£2/(K¦íœÊF +’fhk3Z×šÃÏéU¾Hù»u¾UœØÉµ€ªë£' 5’±!ª¦‘‡ÓÒN[íU“ý¨úåX}‘Ñ_qª]ˆ´AÚuU>Æ¥VÙá,¦ÛŽ©0";¯UÔ84Öü é·Èåëc0•¦ÁõX´º2x’¬Ž{çï3z?P¥·ªoâ©Î½iRe©;Õ¦Tq´w-Ð¤”KÚ×¦¬©ÕÊ£ ˜-G$ß[éì5=hÞCòø,„9iƒ€“ TÍÀ áàG€GÚ£‰S¢ÑM:tº4èË@}Ã Ù4ZZ‚ó‹Hn}±šã3läh60x¡‘‰W2¡ð/ºÝã?9ã¬À¯¦qûJª¦+•¶ÃŒ\Ç¬O˜ÚM†´·gÀò%³ë}"ÚÖ4ˆàÈY$-ÇÜA¢KÓ‚ö€mDœ¤Â)É+»“B$³ŒÞYÒŠë¡ÖìjðKÿšÈ8§7“¼– ’¶åÐ[Ê¡;(;Ë)‡yä«Hk~U@˜ã×…| +™Cwr:…!À!|~®æ)ê©ªGMCG÷M3©N +¾ûü~ê¯ (äš5®T 7£o/ ·ga¶]Î{)]G¹A 3´d@î)ÍQÖ#ÕÃ¡˜BÞ<–Fï8âŸd!Y‚T^oÁ‚êÉ=øLpÌ]¦»¦æ`Ï´ØŽ ãÁ±N•÷:Šñ¤3U“@ŒVù{¶+´„fð=jLˆÚ²W°¸kU«g¤½wþY›#'›1,‘*õÿq™£Œ¾ò3ésÙhø+D3Iše1qáx,Ñw@%-— [HaÎ%ÁVQ+0CÑíÝo zÖ¨Ç×¯_¿ž? €ƒö¾ýït#X¤ùÐû0™Áäù2hZ…r:±ç,9=&Æôðäã:;MY‹öÄ+6‰6×^¬}r‚ÆÜ'çØ:ötò50Ð‘Žõ/Ô¸‰Å±mëmŽñ–~*8ö0Ý4aš£Í$rÉxmUd‡Ž$²7±F˜t„Yç#“Q.ÎáŒBÇañe~ÉóË)åQx]Ó X!sÝ8F˜X Ï’($”`Ïþ`uòzvàJw"&d( úr'=R˜Ì‚ú%Ž=ÎA“ÛÜ²‰cw`º¶Åˆ‡ãG\”¢*Ùf$ÝßíÏ[›æÙ4ÒÉ<&[£÷ƒV¡ñŠžz•ù4ùá·€pœU1ëºn>ãÜy4é!ÆSOÑúÃiL6åu×¼fáÞÒr42 tXÀ +™Ë8„‡»XØY\×avJÇƒÈêgá8Ä‚Š:…1uÊ Ñyþ]Á‰]`Ï)uHúã½òt;œö£åd\Š-Sï‘çuõét–Œâgö N;žwÜ•ã+œ™Œ$^[Òåjð%A"@VÎÎ¢¨c³ƒ?T‡U ÷Ÿü©iDa'+Ê¸n(ÞgÚ9aVZ]PxM¿«é–ö®RØ^À9w´l§Ø2€Ù÷ÞÊÖ—$…#[[(ÉÁ>¯ºê|¦°:˜õãÖˆ¤õš’¶-ì#jÜbî‘B¸*SyŠlTpV¸}õéæ¸v/i¢?¿Ô/±¬^øÏ†¾”9ÿq}ñçÅ¿kÐšendstream +endobj +1776 0 obj<>/XObject<<>>>>>>endobj +1777 0 obj<>stream x…VËnÛ8Ýû+î¢@S –-ù™]¤éèb0Ô]MgAS´ÅF"5$ÁßsI¹~¤ÆˆD—÷qÎ¹‡úo”ÓŸœVÍ–$›Ñ4›Òb¹Â÷|Íß~¢]|P,ólþ³ùjöòÄûÍhòqNyN›Š,×+Ú”„Ó)mäÍ§lGÙ½ -A›=u- Úi§zQ×*ebˆQª¤`éÉØžúJÚ<<’0%}ùðHuÁócœÁsþ÷¶¶ò)£Ï¢ÙŠ7›o£)óYV üMç‚+Ld9UßrÄäã”îRŸãbŽ!Šä“|¶"üŒ ç÷@¦Ù–Ç”Ól}Š[ÿ6M#ßÝeœ™ãæóÅÏãÎK®¿Á4µð¬Q¤=é†!&ðÔs [—Ê€Ü]Ë0Ž ´U$z¦ÁîH‡[ÚëgçP!g£¹¬©ÇÙ8EY&nÒÖÙ`¥IhF*tpPÂù,!|G9ÀRÏˆ‹<[dôÅ3ù‚>=>¼"_q+¥2±Ôå¸«,åp9±µÏŠ*[ú¨#žÆw:ˆmn9&éGÚ®.!o©…ÄIj,Ë®URï´ŒÕ0]ÌzÖD„@û«‘£0!·¦¬Tj/Ñ^ÉÎép ÊÖ*£ C¥é£˜!T»Û!¥òQ¸©\ÜCßºNó”«Ò§#±Ë³ Ø Z£Â:\çCÂ*®ïCÂˆË$ê¥Ò¢wËÛ— ÁH¿Ü¢t+_ý{le=«3UöîåwE–/×Yž/²é¤Àæp|ò_Ÿežé›&SŽ¼ä<2uØGƒ‚5ÄÍNSD$¤5FÉ 9 !b>"JØ‚ +Úv¬jE‰jí¢&®Yþz5c-EPüòÚ¾¾Éèá¬&“zAblÕ^y½ØjT™Ñ}òž3A8xhØ*^´a "E/.ŠFCßèÊšCc;Ø´§Î>ëöæmGPÏªæ•æLØØmx „|RŽk‹pUòà=Šf+Ø÷œš´Â{xZÇÒq‘ý¸ÚgòL§ROi;yDC²ÖP*> ’|FÐëAÖÐ‚Våk,U‹‘@WÜ1çð{öä1~W]GÛàmƒ°% ƒˆ¼\T>Zcˆ´[g{„Äóþ6rÍÆÝÔu†Íä¬>ƒ{U;Qï”*ØékL¢€g.Ã°M£»fgj6€¸†ÂðS†M¬±FSÞ£Á jM®Ç$DšÞšÿuØ%¶Ý;Q²Ëþ¸/·lpÖÇé€W¥äzÝwµpàÖX…Ð¾Lú¾Ï<_«™uûIÔB×–"@u|ñž]=¨3RaV˜ý%¥ðXO¶©+ô~ø¥S±zÚàF”,q¤|§Uz_¡‘søÀ]ÇRƒDÅˆ“ÿ>wµQNluÍnüÂÇO–= ·^Ur~ýYÏhQ,Ò;Ãçû?ßßÓ£³ß°GôÁÊŽ§l7<Ëøx`¼šâ¢¼ùí6‡K.nBDçóèlF¾¯æÿendstream -endobj -1768 0 obj<>/XObject<<>>>>/Annots 1016 0 R>>endobj -1769 0 obj<>stream -xV]oã6|÷¯XÜË)…#ÛòW®EQäÒæš¸k/.®~¡%ÚV#‘:‘Š ?¾³$å]®Š C“Ü™ÙÙ]~LhŒŸ -š.(-ãxŒ•ÃŸïÉâ*žÓl‰E*i:Ç“ð_A÷¼'—ñÍ®–øœà·–´¼] F·o(Ój‹‹å2w3VÒèf/*+kJ’˜þPyª39ÂZm¤5«¿ÜÙÉÒŸ½œÎâ§#lžÄôi/, IÃ~*£Æ_òƒ?<£É$N–ñ‚ßè²jÒPªË’·+)W¤šrƒå˜îYùdÍ¤H÷aÚ¼(h#ÉÖB™g2²šn©ki*²\í¨wÇ´ÚKF0¦ËÉÔƒ.¥P¼Ã2ìî2aL¾S‡«dmÅ e²’*3¤Ç_7º]B‘c-RÖZ£ Âúâœxäãå†#³˜®{¨Â1J…brFJEÂ€–›dl8Ìtä;µxÑs†pï5• lA;Qöõè"¯#l@Ï2ÙævOïd]VS¢álü"*¡$nä£Ž:§È¦ëxÇ4ˆüÌùðnÅbJæ‹HwçÛ}ŽsrŒgk¬®9Oþ&¯°ƒ“[ˆò É'¬"–V’6ÏVÆáúdÏØaÈ}à# -£;@ÝõMUéÚ’|„Ò¥öíÐlÙkpT’]Ñæ©\Gº>n__p~Ê ©Øõu5•H¥3`PŠKÉå7(â 2? úÐ7¬}O‹ù|êÔÝv¥sâ4Èíå‚#tdvAÆ+ #³aŽ©éiÎb¥º)@jŸ«Ò[‡c pè–MasVô¨Ù:ÚÈT=³‰O"w `²’SÒ‹{—ôòtCh¢ÎrÔÆ—Ññ};¢AlQí"/\ap ·mºM¬ë]Los¸&{ðÝP¶@ëŒÔCôKŽã -íY7`g¹äƒËw¤tp‚¦æ#Ó€¥máªk¬y’ªÉ -júàõEù€µ¹ÊtÓ¹T0·Ö˜ÕgJ…¼<ËÒê;£×Ü¾+7¯QTæiÞÚ˜~Ö-_Á“k„•îÁ3¡0¶p»’;msaY>œ8°4)m’¿1å†ªZ[ê‚ ÕÀ£,ã^>/XObject<<>>>>/Annots 1064 0 R>>endobj -1771 0 obj<>stream +A›=u- Úi§zQ×*ebˆQª¤`éÉØžúJÚ<<’0%}ùðHuÁócœÁsþ÷¶¶ò)£Ï¢ÙŠ7›o£)óYV üMç‚+Ld9UßrÄäã”îRŸãbŽ!Šä“|¶"üŒ ç÷@¦Ù–Ç”Ól}Š[ÿ6M#ßÝeœ™ãæóÅÏãÎK®¿Á4µð¬Q¤=é†!&ðÔs [—Ê€Ü]Ë0Ž ´U$z¦ÁîH‡[ÚëgçP!g£¹¬©ÇÙ8EY&nÒÖÙ`¥IhF*tpPÂù,!|G9ÀRÏˆ‹Y¶Èè‹gò}z|xE¾âVJeb©ËqWYÊárbkŸ5*T¶ôQG<ïtÛZÝrLÒ´]]BÞR[‰“ÔX–]«¤Þi«aº˜õ¬‰öW#G%`Bn!MY¨Ô^¢0¼’Óá@•UF†0JÓG1C¨v·BJå£p-R¹4¸‡¾uæ(W¥OGb—;g°´F…u&¸Î‡„U\ß‡„=/–IÔK¥Eï —·/Aƒ‘~¹DÿèV¾ú÷ØÊ zVgª0ìÝ;ÊïŠ,_®³<_dÓIÍ/à øä¿>Ë<Ó;6þL¦yÉyd<ê°4kˆ›¦ˆHHkŒ’A[sBÄ|D”°=@V´íXÕŠÕÚDM\³üõ"jÆ0ZŠ ø7äµ5*|}“ÑÃYM&õ‚ÄØª½òz±Õ¨2£ûä=gƒ8pðÐ°U¼hÃ"DŠ^0\†¾Ñ•5‡Æv±iO}Ö%ìÍÛŽ žUÍ+Í[™°!±Úð@!ù¤×áª8äÁ{ÍV°ï9#5i…÷ð´Ž¥ã"ûqµÏä5˜:N¥žÒvòˆ†d¡T(|@%ùŒ ×ƒ¬¡Ê×Xª#®¸cÎáö>ìÈcü®ºŽ¶ÁÛa7J@9xZ¹¨|´<Æi·Îö‰çýmäš1º¨ë›ÉY}÷ªv¢Þ)T°Ó×˜DÏ\†a›FvÍÎÔlq …á§›8Xc¦¼GƒÔš\Iˆ4;%¼5ÿë°K8l»w¢d—ýq'^nÙà¬5Ò¯JÉ'ôºïjáÀ¬± +¡};™ô}Ÿy¾V3ëö“¨…®-E€êøâ=»z0Pg¤Â¬0!úKJá±žlSWèýðK§bõ´Á(YâHøN«ô¾B#çð».Ž¥;ˆŠ'ÿ}îj£œØêšÝø…Ÿ,{@o=¼ªäüú³žÑ¢X¤w†Ï÷¾¿§Gg¿aèƒ•O%Ønx–ññÀx5Å;DyóÛ[m—\. +Ü„ˆÎçÑÿØŒþ}ÁÐÿendstream +endobj +1778 0 obj<>/XObject<<>>>>/Annots 1023 0 R>>endobj +1779 0 obj<>stream +xV]oã6|÷¯XÜË)…#ÛòW®EQäÒæš¸k/.®~¡%ÚV#‘:‘Š ?¾³$å]®Š C“Ü™ÙÙ]~LhŒŸ -š.(-ãxŒ•ÃŸïÉâ*žÓl‰E*i:Ç“ð_A÷¼'—ñÍ®–øœà·–´¼] F·o(Ój‹‹å2w3VÒèf/*+kJf1ý¡òTgr„µÚHk.V¹³“¥?{9Å NGØ<‰éÓ^X’†ý$TF¿äxF“I8œ,ã¾ÑeÕ ¤¡T—%oVR®H5åË1Ý)²òÉš!I‘îÃ:µyQÐF’…2Îdd5 ÜR×ÒTZe¹ÚQ!-îŽiµ—Œ`L—“©]J¡x‡eØÝeÂ˜|§WÉÚŠÊd%UfH¿nt»„"ÇZ¤¬´ZGA„õÅ9ñÈÇË 5Ff1]÷P…c” +ÅäŒ”Š„-+6È2Øp˜éÈwjñ¢çáÞk$*AØ 1‚2v2¢ìëÑE^GØ€,že²ÍížÞÉº¬¦,DÃÙøETBIÜÈGuN‘M×ðŽiù™óáÝŠÅ4”Ì/îÎ·û9æäÏÖX]sžüM^a'·åA’OXE,$mžŒÃõÉ"ž±ÃûÀGFw€ºë›ªÒµ%ù¥KìÛ¡Ù4²×à¨$»¢ÍS¹Žt}Ü¾¾àü” @3R±ëëj*‘JgÀ —’ËoPÄd~0ô¡oX%úžóùÔ©5ºíJçÄiÛËG8èÈì‚ŒWFfÃSÓÓœÅJuS€Ô>W¤·#2ÆàÐ-›Âæ¬èQ³u´‘©6zfŸDîÀ&d1$§¤÷.éåé‡Ð2Då¨/£;ãûv2DƒØ¢ÚE^¸ÂànÛ8t›X×»˜ÞæpMö(à» lÖ©‡è–ÇÚ³nÀÎrÉ—ïHéàM%ÌG¦KÛÂU/ÖX'ò$U/.’Ô>ô=Àë‹òjs•é¦)r©`n¬1«Ï” +yy–¥!)ÔwF¯¹}W o^£0¨ÌÓZ½µ1ý¬[¾‚'×+ÝƒgBaláv%wÚæÂ²|8q`hRÚ$cÊ Uµ¶:ÕªGYÆ½x„N§¢ñ*{Í%¥ÛÝ +‡@,ª½xpxEÂxAÐèd‹¾ÛÉ³Ž>ÁÞ¯†”ü:¤?C™òñn‘{ÜÜæµo<#Oçœk$˜sIL÷¢Ü7ÛBkƒ±+PÌ˜n¶]cXl¹ÙâÀ4ÃGnîëˆ§#Ï¯AÃ—ƒé‡™¢¸™vÇ›Û}-%AJÛ•C¡ñ<2ßò·ÇqÅCwDÉuîuÀÅWFóÉ®+~8Î&E*²L{×VwRAžüH 3³¢G#xpt{_ÏHô¯D5:„¶çbžªñR=Ið3®Mq+ï0®67küpïßÖXÆ7#GÙ ÄõÕ#Ú1ëÆSI–é¹+ÎßVsìx9 O¥ƒäÞ\½×gOõ´ÒØJÔ%]>Òß´«eE¯²£X¯ÎÕÂ ÓuÕò[‹wtîK±G·Wat{ÛÍ¯üûòæ?^Ò3¼ßóopøtÐendstream +endobj +1780 0 obj<>/XObject<<>>>>/Annots 1071 0 R>>endobj +1781 0 obj<>stream x}Y]sÛF|×¯Ø·ØUL|’¸—+Y9'ªŠ/>KŽîÁ/ J8“€–|¿þºgÌ€T]¥*åf£ggçkÐ_¡[à¿Ð-#gn½¿Xü2ýïó¯a¬\§Aæö.É‚d;w{aàÞ…‹tFZ6Nflº .‹"ü2ÌI ¢]O.ò ¹ÊƒÔeÈa”À/%E˜ælCÃ¨"THg#•ôÂU„½B¸b— @@ -4058,176 +4052,176 @@ C 2ùYŸOe žò«¬Ïï¨õùTÖà)¿;äwÐùUÖçwdÓI¬¬Á°ŒG4”5q–!¤¬Å`±ÎÂh-›el±É²ÅÌ`ÄšTÖ`°Ø=²¯¬ÁÈ*vb-f~³™e‹™ßd!¿q$3,D!V‚|~#ƒ˜iØ‘²ƒõ–•5,Ô¤²#¸³Øu-‹ZÅÌ ôÂdÙb°y4·l0âËð´ƒMÂÙºƒÅþAÕVÎTÃW Ì+ÕÌü®æq–,Æ¯2Ø} 2=8²1oxþYa f¥Tk03ÈëˆÑÌòJjXƒgxeµ3G<|Uk1¢ò¥¬Å`a³nòÙb°˜"Ö+‹ç%ûhÒbœb!\åx‡â%.’P/¤WYƒÁ.åèWVRÄbóÇ é‘O‘bh“,Ö`°(…™Ö`¡JŒÖb°qŒbWË3 , e}ëóWíÐÂ+A¾pÃ+Mx¥¬ÁŒƒa ‹#sfÙ`x…C"3Z‹½Ï3Ë>Î¼rñ ñÙ`zÅÖ`XFQÀ«Ik1ØŒ e‡X¥þ&Œ8ø#A>¿Š±n¶b”5,ŽjìHYƒ±nÄ—7Ãúý¢‰¥bq!‚L],ª>+k0£Òge Æº‹¢¬Å`‘#ËJE8g¤Ø¥m<§Æ²(+¤Hž%ë¥x%‘šó -2Ò‘•A)k0£,ûQÖ`F™×E£5,Þ—!ÕJ¡,üËÞ)°WôÉ@Læ73qâ%Pz`âÄ‚¸sÁ‰”(„x„'ápA½01$ ,ºpD?ƒÁ¢[ñ=b2l1XŒïÈ²#ãxñH-+uÈŽ’:DwÀ² Ÿ7¾a…øÕO?v´GÂâ’pjÒ2#f(d]e ‹9ˆ(k0¯le}(ðž#CØy|ßÍ|)d($³i1Ø˜ï*µ˜¢IÃÌPðEÛ°Ò"ò dÂóC€Q!8\†Sˆ(Èù®:±¹¿\°'øÄL6!±œBf…3cÒÈõx!TN!8ômd8…à0mWÊa’â»¦ÿ"'§ü›^*¾¯MŒ¤¥(E‡uñ‹€"¡pù’Ë2šÛaÏr#›(Eþ;f(ÎIþ›æQÄÏŠõþîâÝà…»Ûâãm¶\¹»|³Å/ë77îêp(ëMõRvoïþƒ§1cBÿô%ÌDxþÍ]ñ°+]³u×MÝ—u?<‰ÚŸ”£Ob|»ÛbÿP¸CÙn›v_ÔëÒU]wôæñáøÒ<0¹?mÕ5µX]ÌøÖšõ·²wÍ¡¯^}~.‹ëªÿ–ÜÀÜ@¸Å‹{ÙWý9™î÷æÑíÊïåîœÍÃmñ|N.wßV}é^eWp{×<»ë]5FkîV><€å«×ö.Ä®?ÖUýH.gÁÃÎ>5m_q¼Ž«MB®ƒfà‡Í¡Î6å¶8îï¦oÖŒ°ùŒÀíYÃøSž¾û)_7¡Æ ~æl¿W˜ÚŸ¾HºrpFæ»oÐû‚ån¯>¾¿:k#ü]¥·^—]7´q×[^7›Ò}¯ -wýçí«*ènê¾m6Ç5§þ©Ë4ŒœA=š‡/O i_•¸/Ž°þÐ þiçýéÄ—¶ûQ¯Ñ·í²i›±Œi~¬v›ÑÂûªÆ±õÊ©ÆG±žkÍXOú—³±ŒÃïsI·éÚûããyOâ/ç)œõÞi÷kY—-Î€ªÞ6§â-•mùphYäÝÜHåÎ!….pë8¿Æ$¸†ei„+è0‰iýwÿºø}6Õendstream -endobj -1772 0 obj<>/XObject<<>>>>/Annots 1084 0 R>>endobj -1773 0 obj<>stream -xm•Ms›0†ïüŠ=¶+!NdÚtrèLÚ0¹Lj§\ÀþüîªÃxlÏëGïîjYÉ¿#_²Ui¥ñ—åãÇ×(õJƒó?ÈŠ'q‚§( ˜Ø)@1f±òh4:Q)8Vä5RcqU@MeBh¤N«,¤FšgTþ’WŠJsåh7)~9\SBEXÚEIB>ÄÙàÏ´—…ê”ÊY $D{L]0)¥`EQÆØo†Ü?V+ÔŽûçê-.UÇ0ÍÞ5(™Ó@cÒÄà*Yx½æ}N^Vw¦â]©äu™lGò° -¼3ïJÅ›ZÙxYÞ™Šw¥âµš›1ÕÌ*ðÎT¼+oœ…½bxg*Þ•ŠÇ‘fbÊË*ðÎT¼+¯6a¯XÞ™Šw¥ìµžÎÞœWÔê]({ª3ì’ÍèH‘×/J¼«FjcìŠ¬e*^G³xYÞ™Šw¡<ÌÖznUæñˆˆ g 1¬¡–¬0ÔHÓô?+›x*ÓÓYŽñÝ×ðÝÑÍ½ÃhP¼Òíå|Åž// Eõ¢UðÐŽuß–'¨û¾ë‡Å[¤agè<{Z“*¸Ç²:ÛŸ0vPBi[ç¾«êaÃâ<–cu¨™í0÷Ð+(5eóR.©~ŽÃHi¯–®ïö—j˜ÿGp¦žn¿ÝÝÂcß½ÕÕŸ»êÒÔíXÎygðF$Ã.Ó9ÍàÃ3>èó¹n÷Ç¿2QÖá¸§1þ3#6–›ý¥ˆ¾Gÿ±£¯Pendstream -endobj -1774 0 obj<>/XObject<<>>>>>>endobj -1775 0 obj<>stream -xV]o7|÷¯Xø)Y’Ù}èCâÆÑÆIkiïŽwÇøŽTHžõ×wvI)ò9ý€a[ÐÉÙ™ÙY~9™Ñ?3ºœÓÅ’Êþd:™Òb>,iqu‰ÏsüzMµ<˜-¿óàõêäüæšOiUc¯åå*Â>S|S>»nÕ:jOó‹ Ý«¾P´Ö¾v¾W¶ÔdBtx¾ú,{Ì.Ó/.“9vy†E³ ]»~¼ Îæ74›å7ç—€Š7WÎÛí78o:ÐêúEGQuò/•Ñ6NhÕLM;7B…ÑïŒmø «&÷Hmu×É›¡uCW1Þ)½˜]$”^«®ÛQ)0±6ò.kï¯ú@±U‘Ñàƒ¦ zÍ¢+]Ç 4õ.DP¬*ƒ=ÔF™N¼”Öƒ+ª ¾‰^ÙPk?:ý°?Ë•ÔqMX£¬Ã‰^8(TÐÝ¿{â˜IÞc¾œ,˜½ÛÄÃVYÁ5 ©F‹ÿÁõ:¶ÌMg4)º[ñöëMÞ+³BÏÖ€§VmÖQe‚Tr¨¢qv„^‰?YÞ;ƒ¤÷ülkÀ«Ô«]¢Ðà“)mÁ[ej0aäÒ§ga([Rît,ô`>='cí’hâ-9¤öß¨ÎTc–Þj«½Çp’ ’ÆÜ(˜Rz€¬ làÕö #…µÖÕ„nA±¸jo7ú2˜¢GLðU÷$·twsFª‹XÛ´øÊ‚²;ê¹êJ¯µ9ÑŒî°°t¯±Bu8Øa0®rR|ë8°·ú¦òÀ Ý¹ úáŒˆŒ½[¡+V¡^éíQ¹ñáD–»€ÉÎÈX›rŸhÚ:Ð›·°SÂŒü¢i6dÊs N)ÁÙ€gø3í‘«³aáèôVùjËýÁ%TÞ ôÀ}Y1I|Îã -‰«0¡·xE%ÁN^ŸNÎš•ÚGô T.Æ2‰:šˆ]¸L‘›¶ðû#´ADá=N?éJ¤ß¡éÊÉ£ùäÚø—ìÐ°‰«AÎñb” –0OƒÀ‰œ7h›Lóq,c¥: -Ž©Üÿ#R…‹±V ó{'â$˜gÐ1J@pÀ^†ÉP!k`C!‹¥yñ>×Æ†™Oå }1)%+¿‡èô1¤Sœ_2¥LŸqØçÜªÑè£Pz«RëÐº<Ä”ˆ$FÙ@[™I¦×€îS"ØÊ[T-ƒæ)IÞ4m’§W’´pþ!Ù0,q<‚Çïs‚è™˜½ù¶gO[ïy$U¥1O*OÅŽ>ñAÒ"Í¡ÒyÏ^`Y0ˆ—$QR˜p¸îã¤s%²HçÆ>‘ŸôçÝûŸÞüòên_f›SFÜˆiËCÒ!}Q3?Ú÷;G‚L25Z/)-×úÎ”ÞWËt<¿ý@!ªòI -gÆ"øJÜS®éÕõÏÿ¸qýÆeó—ôíùÍ?\œR¶Ð©ÍoŸæ`ÈZÁÂ¥¢æ™þ —•p¾õ˜R¸q e=AŒ§ÆR½Ø;Xâ“©¦¥œ|µñHcŽÊ<—rgò½%çBÀX/Õrzá 8;|ú]Úßs)Æ-†¾w(¦r³Ÿ¢inªnï¥Aã®Ð .@è'D8ÌÃrqzøPú¨E¡g4R Í´mëøê µw=¯Y'su”d22™Ÿ#Ü˜Œ|yŒ7Y€Ø“qðõê€ì6®t°àa¥aÏo®¾Ý¢_.Ó-úÿ^ÖË«Éòå×}\g‹—|Ò›ÕÉ¯'B‘8endstream -endobj -1776 0 obj<>/XObject<<>>>>>>endobj -1777 0 obj<>stream -xµVMoã6½çW|i²°µþ”C ÚèvÛÆ@Q J¢,n$R+RqÔ_ß7¤ìudoz(Š$@ ‰3oÞ¼yœ¯W3šâgFë9-bJ««i4¥x6æ´Ü¬ñÿ¤Ü¿XÎo£å¥‹Õòò‰Ù&ŽâK'V›óç÷Û«÷–4›Ñ6ªx³¦mF@4Ò6½ÞÊ’y–M)êZéíMód)‘ÖÑ¾š\!ÉÖRfø,§LÙ':#-I"M¥µ$PŽU•*E3¦B‡7ZðTmZÐ®‘ÂÉD@a¥‰úó¤!Æð2™‹¶tô,ÊÖŸŸÅ‹ÍrLI‹g§ ^jÙ¨Jj'œ28¹PÔ˜qÞN:rÁ´RxÀ•›Ú©J”!ôx€ŸyPŽ—êI–CEóô8{UòqPáÂW ¨ã¬¶³NVàNw{ÑEt×ÀÝ xµ‚vº6JƒAk/$÷±SÑZ 7-£eiRÐF•¬r¶ZKnhTÙyîÞ¸¥4Àb˜,–Åù"ZFôI¼ÐK¥|›N53™¯¡+}çÈ:Ñ¸¶öU¦¥—^V6ŒZËqŠóUâEUmE®Ú"ì +2Ò‘•A)k0£,ûQÖ`F™×E£5,Þ—!ÕJ¡,üËÞ)°WôÉ@Læ73qâ%Pz`âÄ‚¸sÁ‰”(„x„'ápA½01$ ,ºpD?ƒÁ¢[ñ=b2l1XŒïÈ²#ãxñH-+uÈŽ’:DwÀ² Ÿ7¾a…øÕO?v´GÂâ’pjÒ2#f(d]e ‹9ˆ(k0¯le}(ðž#CØy|ßÍ|)d($³i1Ø˜ï*µ˜¢IÃÌPðEÛ°Ò"ò dÂóC€Q!8\†Sˆ(Èù®:±¹¿\°'øÄL6!±œBf…3cÒÈõx!TN!8ômd8…à0mWÊa’â»¦ÿ"'§ü›^*¾¯MŒ¤¥(E‡uñ‹€"¡pù’Ë2šÛaÏr#›(Eþ;f(ÎIþ›æQÄÏŠõþîâÝà…»Ûâãm¶\¹»|³Å/ë77îêp(ëMõRvoïþƒ§1cBÿô%ÌDxþÍ]ñ°+]³u×MÝ—u?<‰ÚŸ”£Oâs·Åþ¡p‡²Ý6í¾¨×¥«ºîèÍãÃñ¥y6`r(Úªkj±º˜ñ¬5ëoeïšC_½úH¸Ïe±q]õß’˜H÷±xq/ûª?'áëïÍ£Û•ßËÝ9› †Ûâùœ\î¾úÒ½Ê®àö®yv×»jŒÖÜ|xËW¯í]2ˆ]¬«ú‘\Î‚÷>5m_¾ìÚ¢Þô—77çfÛ+oåÄ-Œ|,_þuDdªbç“wõ„Š§øã‚¢ì‹ Ë¸¦*[w}óáÖ5®3ëøÐÅ|¯«ºoº§ñ±¿Ÿz‡ó4pÜFCˆIŸ˜Á5ÑC×EínÜº©·Õã±-¡z¹û¢=°êrÂlÍ‰+:W;Ô¿÷_<¸´á¤pâÿ/»¯oê¦—úúög¿ÆåÏ.Ä-ö£àådÓeÐ+xÎè•®¨ô=éžŸÊÚ[ýú†ä÷²íÐh_ß¢iÝ±+7vG¯ï…Á}lDêzh¤jÓV°†ßŸë]ƒ}nÚo(eqWâ8¤Ñ[=É¼¾¯jh;yþÚÇ¶9dHœ=‹l}éJ·+ú²ëÝÝõ§w7Ÿ\×ëonÛ6{÷±Z·M×leœ$Wu”|¹+ÑÍÁáyç¶Õ®D·ÜÃ¡è:ø½që§¢~<0¸J³aPC}ÜoïUÉf76ï<-8± +àóøÇë¸ÚÙ$ä:è(îqØêlSn‹ãŽñnúfÝÈ›Ïˆ%WÃøSž¾û)_7Ïà¿@s¶ß+LíO_$]98¦óÝ7è‹ýÁr·Wß_µÑŠMtµ^—]7´q×[^7›Ò}¯ +wýçí«*ènê¾m6Ç5§þ©Ë4ŒœA=š‡/O i_•8ÅFGXèÿ´óþtâKÛý¨×èÛöÙ´ÍØŠi~¬v›ÑÂûªÆ±õÊ©ÆG±žkÍXO>/XObject<<>>>>/Annots 1091 0 R>>endobj +1783 0 obj<>stream +xm•Mo›@†ïüŠ9¶“ý€e9UŽÚT9TJÔ;Á¤vjÀ\õçw>øØºÈ²×Ï¾3³ÃìúW¤AáKCfÀ:¨šHÅ +Y>¾}ŽR+pÞág¹‹Í$Îð²m\œPŒ™‰=µ²q +Ž9CT'¸* ¦À6Ö! 4R§â,¤FšgTþ’WŠJóØÑnRür,¸&KE$´‹¬%blðgÚËÂ‰ UJå,P¢ÝPtJ)XQTûÍûÇj…Êqÿ¼¥Þ²àR•Á€inyÔ ;)¦Æ¤Vã*Yx½â}N^Vw¦â]©äu™lGò° +¼3ïJÅ›&²[ñ² +¼3ïJÅ›(nÆT3«À;Sñ®T¼&{Å*ðÎT¼+/Ž#ÍÄ”—Uà©xW*^¥Ã^± +¼3ïJÙ›x:{s^Q«w¡ì ¨Ê°KIFGŠ¼~Qâ]5ÒÄ`Wd-Sñ:š˜ÅË*ðÎT¼åaNÏÊ<ä$†ÕÔ’†išþc¥Ã‘XOez:Ëß} ¯Ñ}Ý=8ŒÅ+Ý^ÎgPøòRPTïL'1<¶cÝ·åê¾ïúá}ñ)Øi:ÅÖ¤1ìÇ±¬Ž§öŒ”Ð_Û–Ä¥ïªzØ°¸žÊ±:ÖÌv˜{ hUÅ±†¡l^JÀ%ÕÏói)íÍ2ÍµõÝáZ§®½)ã,l®Í…ðmÈ-fª‡‘ÉMl¼/‚þ?.n}‚fNaÁnAl(å„db'¦[{ÆÐmÁl‚Ùôô[0Ÿ`¾5=*W«M¼4‰»tûq¯Ïãé|†cù›g£ï®/çzø@±îü4yt½*oÁðÿÎÔóþËýžúî®FøØU×¦nÇr~È;7"v™Êi¿ãƒ¾\êöpú#•8÷Ôà?3bp³?Ñ×è/d®æendstream +endobj +1784 0 obj<>/XObject<<>>>>>>endobj +1785 0 obj<>stream +xV]oÛ6}Ï¯¸ÈS¤Ší8Nö°‡6k‚`kÒ-ºJ¢$6’è’”]ï×ïÜKÚu”ìAÃÉsÏ9÷\~=šÒ?Sº˜ÑÙ‚Šîh’Mh>›dš_^àó¿NS%¦‹¼[^ÿ@³ -+ìµ¸¸¤eIØg‚oŠWWZíhvžÑƒêrE+í*ë:ÕšŒ÷ƒö¯—_déEÜãÍÙ<›a—WX4ÍèÊv+åŒ·}zsNÓizsv¨xsÙè´½×nó¯=-¯>R°Tû(ÿñRÑÝ‡Œ–ÍàÉT´µ)TÜÖô5¿å5pUdÂ©§n[yÓ7vhKÆ;¡7Ó³ˆÒiÕ¶[*&ÖÞeålíTç)4*0|ÐäU§ùQ°…m„¦ÎúŠUi°‡Z+Óª¼•—âzpE•Á7Á©ÞWÚNßïÏÅr%UXÖ¨ÞâD'äÊë’>¼CqÌN–ö˜-²9³wyØ¨^° HªV¦Ço;æ¦5šÝ-yûOÕ§:íÆ•õBÏÆ€§FÖRi¼Tr(‚±ý½6’2¼wI÷ülcÀ«Ô©m"×à“)mÁ[i*0a÷äÒçW~(RžîtÈõ`>¿'cí¢hâ-9¤ö_«Ö”c–nt¯Çp¢ M_FŸ¸Û“7¤t.XØÀ©Í^Fò+ËŒnA±¸jg7ú:˜¢GLåðU¥<÷$ïéîúá„T°¶nð•ñe·ÔqÕ¥^é¾ôdE0ºÅÂn\ÐƒÆ +Õâ`»‚ÁD¸Òöâ{Ç°ÑÐ7–éÎ®Ñ'Œ@œ`ú»%êèÅ*TÀk>¾=ª 5>œÈrç0Ù ™žÄ¦Ü'š6Öyôæ-ùì0#¿hêš Y©"À¨“EŠpÖàþŒ{¤*ÅlX8:½Q®Üpp ¥3(Ýs_–LŸ³FÆX„BäÊgtƒwPTÔì¤õñä¤Y¡]@Ÿ@å|| “¨ƒ Ø…Ë¹i¿?AëENÐÃô“®DúÍš¶xÔì*˜ÿ@®©º6±È9\Œ2aÂæ©8óm“h>Œe¬TÁ‘"•ûDªp1¶Õd¾tp$N‚™qz‚DìDi˜%²6²Xš7÷©þ6È|.¯ïò¬°}%Yù¢ã§Žq~Á”2M|Æ~œ?pS¨Z£|á¬JEëòpS"’e me&=™\ºO‰`c(7¨ZÍs’œ©›(O§$iáü}²aXâxÛåÐ1{ý}ÏŽ6Î"!òHªRcž”2žò-}8â½¤EœC…uŽ½À² /I¢Ä0ápÝÅIk0Ô#¬{WøL~vÒŸw÷?½ÿåíÜ¾Ì6§Œ¸Ó–‡¤Eú¢f~´ëwŽx¤Ò.ÚAB—£ÊtìÕowiæôÊ:–WeÉœ,@?";¦Ò˜¼äC¢GGJƒD?K”D +9ÒH[µªñd’©¨±ð’ÒÂ@qLá¬·•LÇÓÛäƒ*™$ßÂpf,¢‡¯Ä=ÅŠÞ^ýüïáq–Ño\†7Ißž^ÿÃÅ)fKÑüöq +†¤\Ð*\**žérYñ§‡)…«ZRàÉÄxl,ÕÙ½ƒÕ*<›jZÊIW‡4æ¨Ls)u&ß[R.xŒõb€Q{N/<'ûO¿K[â{.%Ç¸ÅÐ7ãÅT®wS4ÎMÕâ½8RÜåºÆý„‡yX..AJ5h ôŒF +Ä™¶i,_Ý !b¢r¶ãU#ë$®’LF&ós€“‘/"Oà&;²¾^í±1¢œÝÆõ<, 4ìéõå÷[ôù"Þ¢ÿïe}¾¸Ìç3\÷qyœÎÏù¤÷Ë£_þ„yBendstream +endobj +1786 0 obj<>/XObject<<>>>>>>endobj +1787 0 obj<>stream +xµVMoã6½çW|i²°µþ”C ÚèvÛÆ@Q J¢,n$R+RqÔ_ß7¤ìudoz(Š$@ ‰3oÞ¼yœ¯W3šâgFë9-bJ««i4¥x6æ´Ü¬ñÿ¤Ü¿XÎo£å¥‹Õòò‰Ù&ŽâK'V›óç÷Û«÷–4›Ñ6ªx³¦mF@4Ò6½ÞÊ’y–M)êZéíMód)‘ÖÑ¾š\!ÉÖRfø,§LÙ':#-I"M¥µ$PŽU•*E3¦B‡7ZðTmZÐ®‘ÂÉD@a¥‰úó¤!Æð2™‹¶tô,ÊÖŸŸÅ‹ÍrLI‹g§ ^jÙ¨Jj'œ28¹PÔ˜qÞN:rÁ´RxÀ•›Ú©J”!ôx€ŸyPŽ—êI–CEóô8{UòqPáÂW ¨ã¬¶³NVàNw{ÑEt×ÀÝ xµ‚vº6JƒAk/$÷±SÑZ 7-£eiRÐF•¬r¶ZKnhTÙyîÞ¸¥4Àb˜,–Åù*ZFôI¼ÐK¥|›N53™¯¡+}çÈ:Ñ¸¶öU¦¥—^V6ŒZËqŠóUâEUmE®Ú"ì ù[Ž!+…ö–P‹³>?æîk)ðƒèáÓý ÞÔT·ý…RShÂrÃ@ö!ã[ð ªDgç¢Ö²(ù#ó…Ò4ò-†”$´U¥FçýjPPß[t¿gi1Ô_[žœ! ž’ÚEjó ö0+sqÔÑ»@ñ»PKˆÑ5ôÜjoÐeõÌ3ˆãh¹1ÐC`"aiÏ°lýóAêÂhÓ6\øö‡í£;Ì¾2½F“ÎIK×'œ<Þ„RÃpÔÆZ•À|YÖT$tÑf27MÅcÁã¾W® 1€f1ƒ%{A/%èZ9ÑtÞhxî½=ñœpMóérs:™’á9±:•T7ˆ*{V¡¦Ê ©°ˆÈ%Ì¥ïºŸlv£ß§UD¿˜•HWr1çécîçö äòplŠÒzÒf¯ .5ÊdÒöÑF7T¨¼°¯”ajˆé´-¬¶ÁüÁŠw€ß˜ú\Û=çB§’å„Úð›È@WÝÏs^¶¶è‰`t¹BEÎ}’ClÈ{éaªy.\WÂnµ…*ß$*Žè)2jÄþ»Ãa|U0=4æÈéÙH=˜ MH™qQ2¥ØŽXaÃÚŒú{Dâ~À-Z`z°ði¾Yü¾<¨ ¡¸ˆ1tƒVG—~éçOŠè³æËFÍ]`É¢æÆ7ÅºŽèÏFá6øWµîŸý'¹†(GnÿW½¾Bü¦`4ãvùŽ`Øë+Ö©`ö¹‚G'©lÐ¢—Æ5€]Ë¿Ã´úM½øho{eP -ÁÃÞø®ÀyeÎ›~ñÅØ»7Š·a•y¸ûtG¿5æöRúÉ¤íq/äx“ÃÉzzË«Ïù†´Œ±m¯æX£ðz¶ŒùØÏÛ«ß¯þ¬²Û¬endstream +ÁÃÞø®ÀyeÎ›~ñÅØ»7Š·a•y¸ûtG¿5æöRúÉ¤íq/äx“ÃÉzzË«Ïù†´Œ±m¯æX£ðz¶ŒùØÏÛ«ß¯þÙŽÛ¶endstream endobj -1778 0 obj<>/XObject<<>>>>>>endobj -1779 0 obj<>stream +1788 0 obj<>/XObject<<>>>>>>endobj +1789 0 obj<>stream x…V]oÚH}Ï¯¸â¥©Ô¸•ö!%t‹68Šº›}ì¦±=îÌÃþú=wl§ Í¶Ê‡Àžûuî9÷Î×“ºø iÔ£þâì¤té|4†4ð¹‡?#i]¿è†ÁàøÅ‡èäýÇ -Gák8)J~º]ŠâÓ^?´LuE“TÉÜÙ·ÑX(ÄA¶8ë.JNosI…4Vç´amœLÈm…#+Sù_pÈh§c’Ó4¹½›.®ï—d^>œÓõåÍüò¦G±“$(1"NÅñÂ~Ðãx¶ð®2¸ÛÉ©ÑãéÚèŒÂîÓ{ËÎÃsþôø6h,{CÔËÙÖ±«sÛ*K‹Éûþxh÷áVÂÊäñ-Uè ûÄ©¯µ¡Lã{"œ¨EÊŠu™&oeÐ7Ï‚¬ÊT*Ì«Y×6+ ¤Zžáé‰FTô;åºC"O¨“‰=í3åð¬×Œ;ïHåÖñA½F\‘oŽ‘mn¡ºÖ(¤=TÇ°ê_Ù¡Lm¶ŽDj5meZx»ïépÖÔ ®5âý? ,‡(sD`/+ˆZ‹&,žd"ë2YÏJ–RÒA—¦Í Ñq0‘N¨Ô‚í9Â 5%xþäß²`·R ©¦Ì`²úç‡õÃ¦Ø“ç;%#‘‡ÙÍÕíÃrö×ÔsO–Ó?æÓ›È?b¼otS˜ä&ƒ„^ý¤€K¦u®÷™GÎx@iÆÏ;[ëòz1ž®äZ”©»‹w5Â-þž/‘Ò?Ð)˜ˆ¨j:BzùyMçÁìfFL‚w ìëF_û]LéÚIæäJmZ¢òäâÁ‘èü£§“¶ÚZ·Í˜HW9úz1†cI•ÛÒé6€Ïh#ee¼m›ýNT)Ø¶PîD -M>ž†ÃþxpT¸âñ6˜¡t‹ŠÍ_Žx‘¼æãØÔåZ(˜3òJaQ@V€6=ÀãóÆ8ŠqçßH+™Äè‚‘´Fó‘>÷»@‡A°ŠW€_j@>/z¿†vÆF¯0”ÈBæI35˜^^[ºÂ,{ç¹Édv‡Brx(~O+½çs Ck¶k|5T¡TåOÇM]€k4ÑñÖ ÁK$5Q&ÏAäÐL«/b~Ê{!f>7cS@ÍobÇiiARû[ƒjË¡¶†À„äzØÈeÈ=nLV\UUA¦b£-¦F€<‚°ñ–6NyvpVÇO§øÏ•N¥Ê)y¬ïj«@ÄfSÿL±¯Õ¦ÄÖh\œó”š-@†²ÎÆŒëòrþá’FñÕé¸ä¹[©öûö,âº ƒ³Q÷‚Ï¿~oÇÁð¼×´j0â$¦ÑÉŸ'ÿÉd³endstream -endobj -1780 0 obj<>/XObject<<>>>>>>endobj -1781 0 obj<>stream +Gák8)J~º]ŠâÓÞy0h™êŠ&©’¹³o£/°PˆƒlqÖ!\”œÞæ’ +i¬Îi+,ÂÚ8™Û +GV:§ò ¾àÑNÇ:%§ir{7]\ß/É¼2|8§ëË›ùåM6b'IPbD&œŠ92â…ý Çñl!á]ep·“R£ÇÓµÑ…Ý§÷–‡çüéñmÐXö†¨–3²%¬cWç¶U–“7öýñÐîÃ!„•Éã[ª$Ðö‰S_kC™Æ÷D8Q'Š”ë2M(ÞÊ* ožY•©T˜W³®mVH%´:<ÃÓ1Œ¨èwÊu‡DžP'{ÚgÊáY¯;wÞ‘Êãƒz¸"ß#ÛÜBuQH{¨ŽaÕ¿²C™Úl‰ÔjÚÊ´ðvßÓá¬?¨!.\kÄûx®¤þ F/Í´å•8XJJÉñ4ÖVÚxèb°S™èÞ¶™‚u¦…1Ú/RêM*w2ía[©4m pcAŸT»€>ë²i”/Væb•"°±sÿqB±9®Cºp +ôU¹3OrRùSTÂnÐ(ƒ\™#$çôº>ÖNæÈ§æ-X‹2ŠÁwðÀ¡FÖJ Mì¥P„üêÏÌmðOîEV ñ•'º²ž“ÚžƒÈ¡™V%^Äü”÷BÌ|nÆZ§€šßÄ:ÓÒ‚¤ö·Õ–C3l É<ô°‘Ë"{Ü˜¬¸ªª‚LÅF[Lxa;â +,l>œòìá¬ŽŸNñŸ3*J•SòXßÕVˆÍ¦þ™b':_«M‰Ñ¸8ç)5[€eyÞ”~¿³š^ð»žcSiùâ€¶npwÀPLS™qlÝ/Óé•‡ ÎªÑ*k/nÊ%tóp…¿0 +¼¥º³Ï¥Öý@žk#%h$v¼a¼ƒ£ÀíU¨ŽékàjW~Õ}Çõ}ÃÇöÄïy4ÏÅéÓÌ 5v†ÛîkÉiÇ×ç{ÒfëkG!ã£pzY:}¥lìEŒ\Å‹ýWÍ>¤ Á'Ê+éøbõšåàGËŸ"M×ÜÉ©_Ê¾OÏõœÿÂæŒ>Ý.–Ôï½Èqø£ÕÍÕŒ&·4ZâæCÝçGõù÷ÇÍµ6àæ<îÓð|Œ×ååüÃ%-Œþâ«ÓqÉs·Rí÷íY8Äug£îŸýÞ<Žƒáy¯iÕ`ÄIL£“?Oþç³endstream +endobj +1790 0 obj<>/XObject<<>>>>>>endobj +1791 0 obj<>stream xmUMSÛH½ûWôžBjc1ú°lrƒ[®]¶¼…9ä2–F–@šQfF8üû}=’XÖ‰)(ªi=½÷úuó}“ÀWLë„ÒœŠn!"AYGÊ6küžàÛ*ª7ûÅå}FqLû ä›5íKB»´/.¶äm£Jzi¬dÛ¾~©È×Š¯:GÒ¾1MåÒIê2ŒÆsè SÝ5u²T$©lªJY¥EÞåãþi!h§Q 'éÂÃÎÏÊ“éù%.¢'?X~”¦Äs‘ÛÆQÁà¡åˆXýÁ¿ÄÀµkJe}œÅL çªáä ¡GÙ$5í 5zA…³þßÎ ÂÖu£Õ/2ÍÃúÙ8[Æ8ðLè`Íp¬=šÂF½)ä89ª,&ú4°zÎp,F±ÌÎtj}ˆÖs^¤kÒê4Ï´%íÒ4eµZ>\‰"Ð8œ˜À¦¿õÄÂ×@:á(ÐÑ˜òó™_Ù ±˜ØaP}Øò’r!~Dí¨ü9Ñ¿Œyf?¥'ç±rLä~¿ƒÁ |úÏ|I‡} lãìÅÐcF¥ã}Ü’úÞp`j& Â „0M'Ñ…éöÖxS˜÷Ü› -† 8à¦cÂ€Âšã4õÊV¦“|)O¡ý èû€ëËŠŽÇiõ7Ó%s\ùMJÉz:|×7×´³æ ã¡ÛéDãÍ6/ç–kãQ^$i´‰èNÐ—ñìq[–o¢|•àZâlÃµ»ýâŸÅ¿ó«ð†endstream +† 8à¦cÂ€Âšã4õÊV¦“|)O¡ý èû€ëËŠŽÇiõ7Ó%s\ùMJÉz:|×7×´³æ ã¡ÛéDãÍ6/ç–kãQ^$«hÑ#œ /ãÙã¶,ßDù*Á? +´ÄÙ†kwûÅ?‹ôðˆendstream endobj -1782 0 obj<>/XObject<<>>>>>>endobj -1783 0 obj<>stream -x}VïoÛ6ýž¿â€}ˆ8ŠÅv¶O]Ò.ÚÆC,è<´DÙ\$R%©¸þï÷Ž”âDíÚ"€%‘wïÞ½{ä×“! ðH³§”–'ƒd@ÓÑE2§É|†ß#üYIyø0ž]âñFÓI2ê~ø}urþþ’FZåH2Íi•ð&í]íDå¥¥Ñ$¡¥±^lT¡üáÍê_l›Ðp·æ½Êzw¢ÜÚûèÈhÂO•I²Bo%™œªBøÜØÒÑ¦öäw’”Fø\¤’DQ„7Ç5•5O¼]9ÒÆcÁ^§ÐÙp¦¦¬„W›B&´ÚaeÚ NöBi÷œóÌU2U¹J‘“1`#Ü á((LoIèŒjÇ¿—’ÄJ/i8k*O’ W +1792 0 obj<>/XObject<<>>>>>>endobj +1793 0 obj<>stream +x}VïoÛ6ýž¿â€}ˆ8ŠÅv¶O]Ò.ÚÆC,è<´DÙ\$R%©¸þï÷Ž”âDíÚ"€%‘wïÞ½{ä×“! ðH³§”–'ƒd@ÓÑE2§É|†ß#üYIyø0ž]âñFÓI2ê~ø}urþþ’FZåH2Íi•ð&í]íDå¥¥Ñ4¡¥±^lT¡üáÍê_l›Ðp·æ½Êzw¢ÜÚûèÈhÂO•I²Bo%™œªBøÜØÒÑ¦öäw’”Fø\¤’DQ„7Ç5•5O¼]9ÒÆcÁ^§ÐÙp¦¦¬„W›B&´ÚaeÚ NöBi÷œóÌU2U¹J‘“1`#Ü á((LoIèŒjÇ¿—’ÄJ/i8k*O’ W F† Ý,ï¾'c–LyÉÍòÔ‘*«B–`B>àêª}e´µ¦®°ÌõIÚ> -ÕgÎ…°{J»ƒG*š,œÑný†‹•h¹ÀŸß›)!&åªˆz.}zßpqá±0[”È™œ;NQR)€ä~qíÈÒu¹‘Ö5lp¯˜5ÆˆÞu*|,dÝ[¿a˜b`ú ì }4ÎS“Ed%÷e¿3ô¨Í>¬³¦’J4áñ%dé î¤^÷vLUØ—éô©úc´-_(Çóu¥2®lkXv†˜A¦²ƒ~¯ DVDýÊ!ä ^®'Ùp0õ)úÀ‹u-í—*<)–™v4HEö ºÇ;žDX‹ë>–©tG¥`ªä¥‘ŸNÎ¿I‚N}ùøöáÞÉbhžy^Ö½¶‚KtcŠYPZ[žË›åÙýC30••iQg ÿlä?½¸Oúœ¹“³v54xªÍÆd‡SúB óqMãT,r$ujjžl´Zö!°G ý³h™fß¶VÀÂÖs.â(‚£Ng@™1³,Jf®Ðˆý7êâÓûG‡Ó8¡ëO‹ÿ?œøc0'ÑŽg”-kù6jæçm|j„`qnx¥ÑžVæü®UXÓœhÓölZ…Ì='K…›p]ÁÏ7Vàxä¸bo¬¼;PïÃà€íx26jÙ(“¹¨´Zæ*‡.Ej }ºýònqÝNuHçš.‚ÒÑ“]cá.ÓÑ˜%ŽÙX‡]*vÜSBÑìùÀ–5CE?ÖÃî¼Å‘çù´Ù›çcËªíÎwË\èáÛ«„H\I;g¿m§ Î#K–CË _epC ¼ÖAªèZ„®Ibf`a"¥”ÇNméØpŽYì*Q0fòh/f¦ -cˆºãä{EïÀ-6Ü{ª’p;zJï×vÝe{±l®[ÔüK¶Î¢/M„ñ—a\¹Ú×!Tó¾Ý^š'ù¿LfýlÐÙüb2`Ñp0è‹Ÿ¬Š¡†ýlaÏ_\ˆ§ñø“ôd:O¦#Üº|8¹äïV'žüEåÂFendstream -endobj -1784 0 obj<>/XObject<<>>>>>>endobj -1785 0 obj<>stream +ÕgÎ…°{J»ƒG*š,œÑný†‹•h¹ÀŸß›)!&åªˆz.}zßpqá±0[”È™œ;NQR)€ä~qíÈÒu¹‘Ö5lp¯˜5ÆˆÞu*|,dÝ[¿a˜b`ú ì }4ÎS“Ed%÷e¿3ô¨Í>¬³¦’J4áñ%dé î¤^÷vLUØ—éô©úc´-_(Çóu¥2®lkXv†˜A¦²ƒ~¯ DVDýÊ!ä ^®'Ùp0õ)úÀ‹u-í—*<)–™v4HEö ºÇ;žDX‹ë>–©tG¥`ªä¥‘ŸNÎ¿I‚N}ùøöáÞÉbhžy^Ö½¶‚KtcŠYPZ[žË›åÙýC30••iQg ÿlä?½¸Oúœ¹“³v54xªÍÆd‡SúB óqÄ4„©Xä6HêÔÔ<Ù#h ´ìC`úgÑ2%Ì(¾m€#„7¬ç\ÄQGÎ€2[cfY”Ì"\¡ úy¨öÊïÌWtÂhÌ^fÑ•ºäÌ¤5O-Ö!&½Y¾f*±[µF'ÉÉgáÀ5OX%œÛgëÞÚjàµôÜ2õ÷£²ÆH Ú¦)A«MŽ·HãG<8+dÎ”Ï¯"O' „úB/[äÝJ‚’•Ð0P€K…f/†')øõOMn”ÐÝÕ-Ýkõ¿výÆèš®‡Þh2EFOhÛ+ì®ÝÍêX¹8–`–gQb2ÊŠ \]-ÏK0èÓêãŽ' +Vò¡ò]iÐt +M'ôZÍNÎ,†íýçTG1¦ÆÚºò” /ÈãTrùÑáŽ~ÿBÏL¢ÐÇýíõx~AWFk¤ç:¯â’éîÃ]B”äH^ÌLÆu7ÆÉ÷ŠÞ[l¸1öU%á:wô”Þ¯íºËöbÙ\·¨ù—lœ%D_š-â.Ã¸rµ¯C©æ}»½4Oò+~™ÌúÙ ³ùÅ"dÀ¢á`Ð?YC ûÙ0Âž¿¸Oãð'èÉtžL/F¸uøprÉ1ÞNþ<ù„+ÂPendstream +endobj +1794 0 obj<>/XObject<<>>>>>>endobj +1795 0 obj<>stream xÝV]oÛ6}÷¯¸Húà±"ÙŽìØC²´˜¦[?l@‚¦¨ˆ Eº$UÏÿ~‡”ä:Îìy6KÔå¹çÜK}e”â›ÑbJ³œx=JÜ^/“œæË®§ø³‚Êø`6Kæ§ë·ëÑå‡”®i])_â¢ ¤)ù˜ºOm~¨p9ÿ:vÛ¯o/Xövý4Ji’¥É;†Þ²m0<¿0Øpî‚AöfÀà©ŽÄ…µÆžeoÞ¬¬ðáÊÆ‹tÀÀzž\~˜S–µÙN¦yˆ}Ûxò•t$5~Q,©µ¶(f´;áE#‹äcÃ9*àd:G ’<*³Adß:„“èúå¡´PxñéÏƒ©õìœgizÁ† -p€J/Š!úz¤ÿ%Ï¬ôÂ·‚y©#ÕlƒúFÂíMÖ41çD½pWSã`ÜªáêX9-ÍÌÑi %¦ù‹G¯Usdä+æÉU¦Qm)Ýv! ˆÐ´ë½ÇÄtño‚ ®Ol_¸F®!i-DAÞ+ðS ‡L¬ÎÇÕíÃ=)©EßwŸV"aî¥ÑdÊhõÀê £{ö,Bã$ô—i,ýÜÚ~–LC_ì¤Ra›&eÌ39SôèPò9¤.Ý`Kµ˜¿Ä‚ÇÔ¥74QúeQb¢Á!ÂéÝZ!F2ôv^ dþé÷oïWwà¥5u„:-LkRsÕÂ%Uûàš²E7ƒfÝÀƒ#¡/¢ø Šø(uó7nê·~²Z½`!ün÷„HY£|¿ùx Õ•Úy¦”â@´ƒfHho÷ìKáùeeœÇ²£Ò(evÃ<Äy‹Ù'¾Y r»aü™Îˆfµ8KÎ -S3©ãÍëàcèë0t9kœpÔª±,Š`Fw:<ÀK.‡ÊÖÔV¸6@bµ%“ -†¸©ëFKÎ¼þ!ˆ¬Ó 7ÖBÃjO;é«ÈßÎXt`è#ˆÄŠÒXªÙžX‹ÕïÐâÑx LÚU¦u-`êÂhÙX”M@ÉÎSeT% ž8Úf“Î°Ÿ¿¶QJˆõ&6Ü;º -çP¸å®i™@ñ“‡î$‹âmx¾Z:–Ý4ËrÐ¸œQžÏÛ³üáæþö†þ°æ E¢;Ã›Þ¢tÂÎI¿a²HÃÛÂø?(wžã•äjŠ7ØgWñˆz¿}ýtÑmendstream -endobj -1786 0 obj<>/XObject<<>>>>>>endobj -1787 0 obj<>stream -xm?OÃ0ÄwŠS§2ÄØiâ¸cª‚Ä€Ô«ë8ÅUœ´ùS‰oÏ‹B™eëIþÝÝ»+“t$Š™àJ¦\!ÓÍ)ÝÞ£f;ÃŸ·LM¥%LÂ…€që4ã9Gùòù`Î˜-`²dfª…|;ÛàÃÛ -å½‹*ƒ$×Ù>I)§ZïÃ`MhOÿ«0 óßêÇ©õHzˆB¼ôÝÍl>/XObject<<>>>>/Annots 1095 0 R>>endobj -1789 0 obj<>stream -x¥WÛn7}÷WôbVÖ]ÊKa»v+4¾4R.Ü%1æ’›%×Š^úí=C®$[ -…!AË%93gÎœ=éÐ9þ:4êRoHY~ržœÓ°7Áw<ÂwŸRÒ’_`ëþëýo'I2¡Áx˜Œ)§Á$éÕšfášþpŒÃ9õFxøÕ`œŒêÇœÆ]œ>¼cëý~'âX7wê§ý•½ïíYwÐÃ^¯Ê©?ê&ƒúiwÎ}Ïåü¤}3¡î9Í—€`8Ó|ÄJvvµ…—%u ÍDž -fAÖ¯±v5½™Q¦•4Þ½™Á=}êtâ=î8éâ¦³ùZ9Êê[2k¼PáTË2SK•‘2K[æÂ+k’xÕ„:£úª^?éóUð¡“ÐÈ”ñÖw¦ùÞö@àÀ_Ò%4_W¥K·dì†ÖâY’ˆŽ_¨M3Y>#šLh-ôëÅÇkj‘“’¯=§VwÏ×rK^:OÊ“Xqž>)³°G“Asÿûn0r-„E™Í„–*ü–”sûuá (’W¹$»¤M©¼2«fmµÓ‹ðw6Â‘ð/¢NrÎ@À¡ðóœ¼kTá%LxJ‹T#\<Ð²”’à©ÑV,ðdó`|‡ÍF¦GvÂ=gì!’\àâÁ2P¶PÒKG©”†V¥^oIšµ0™\4Cø8‰zø¤ÕªµTßpD™LW¹x|’üÜ ’€ôŒm->ì76:¯òBËT$qìÏE¥¹ÐOÄ(; |„¦'x^¸›~¦\dk#]ðé8Äú@na9Êe™)\`±? ë$¥]T™„Zƒ?[[1Øee°u ŽÊà2EQ‚—‡¥ pñöÈðÁ.€oå×à'‰Å$°N¸ª(lé¡9_+U2þ&dl6æ(ö -dõN:€ÓsuñÐ§5X«Ú.—p…ng{×¾!ŒƒÈžÄ -†}ŒJ7>àÇl¾>ÜŒ¶¢ï”©¾a9á|µRá¬Û:/s÷øæEî*bí}ñ¶ÝÞl6 xçd®ù²¿‘ë¿7Ê$kŸkv„uíG"ÒMè~Ö¥(ûÀVï<ŠÔ¦Ëeö;òž CSpÄ,Õª[îgí.}eAWÖ™y‡Å~(ºÜ FQòUä?’-ÞweÑÐE(ŒÛ ê¹g)ý -ñ`ŽŸRt$[± ªqÉDiu\R=‹Äèö?ZÊjÓzÔÞÀéÐq^ -§X·ÍÀrÃ5ï×,ì j"ÿ–CB|©‰tÃ…ÀY|ü¯eõñìtzyKR–§o"ÈYÝZ£dÌ Á>v‡#Šow½#¼lí²=¿zhOÀ“Ó©a‰¨°XÿïZèZq9½Ÿ‘eù†´(¡A%ÄÊåõ‡éOÚáÆ×™ š¢MVH{¨ß¥*Ñ6¸l½]IÉXýøEÌ}²TŒ;A]œZA©æi·Èo…FBŽTÔ&ãŽpuëÈ…©„NhºŒTeÁb½ØFáæš^ícÚAö€Œnõëà6pßØÒ -·"üM‚@ð»#«™Ô(€HuèòÀº¾ A6ýÂ%S{Þ˜…bGöUÑÀf&sÌÎ(cà¦ Ðëi!]VªôOÄ"ÐôK…¤ÐGHsí‚5ÈÏq ›Uû~ƒáÇÈñíÃ|–\¾nòð‘=qrîÿxñÐ€ÔñîâaÖ÷[\,G˜Ý]Ïï?^¿ß¾>”ÖÛÌjwÊràØOnïÀÝ@'ž¹H-^Ue‰e5 -ÖCÄ™˜ì†ÎóÑãéâàæ<³’dª<•etÝdA’1ï„‰¡4 âHn£"{Ç9ï˜Õ±¿p§”åãkz$`‡~Z’¶ÐÐ*É¢ø°ÜÚ"vBd m‘ Fäu§ÅB)íˆm¸ãÜEk€‰E“+=}§œo4YªãÜ‰›éÓônzv¬ù$„ÁåS& ç%îýÍFÀ2WÆj»Úæ˜\q?|ÕxbÈ¦Ï §ö0ƒ!ÄzZãáå –ìs -%]1ì€ˆý‡tKÒW47–”zŸSª‘0ÊèÔÄÔE›AD -ž„ä´oÆ‡}8‰}ég&|þe8èFíî¯ç'žüÍ;endstream -endobj -1790 0 obj<>/XObject<<>>>>/Annots 1104 0 R>>endobj -1791 0 obj<>stream -xWßoÛ6~÷_qÈËRÀ¡,ùG’Á´Éš¢I³Øk0,Ã@K´V"5QŠë—ýíûŽ¤bÇEÑ=¬iU[$ï¾ûî»ãåï^LüÄtœÐpBiÙˆÞÅ@hêW³Ï½Å„4Ëñ•¦¦©,çòg^Œ®FÇÅQrÌ›~7sÚZEÍ -Ñ×JÑMžÖÆšECÎoéFj¹T5øIRzSäJ7Î®Ã¶¨MÙù‚/˜\4Õë(ÂS”‘š2ºhítc#oÁF0}s~+>N“HÐ^W;˜ÊÚbk+Ú')týS(Õ®£BêRj±jÊ‚ýïy- èÊ5JÙäFþ®ÀhcðÖ6²(HêŒ|œ¹¥Ô"èZ“$Ý6v¥Š¢O*ËOD^(z|¼O—÷0á^ÖÆ4{~³¼F:L½!³p{-sl¤JÖMî°°g™en½Èµ²¯}:tÚec$X‡´÷'œYÕ´•P_Uçyàó»·“°U«fýÁ -»±ÿi÷S–u{_ˆc44W TÑ*éXd•täÖô)3ú§&0Ë9H‹6SÝ^&ÔrVçOPÏ\¥’É½`Þ.—A3ÐÆöüÖqÐ¤{;Ý5ÁZ£ºÒß²ªv›D¾©¿D:Ëmä+™ Oõ¶þŽ†±çÚÞPÐ9" -<¥Fù#0ÚVYZ¯”öuöxÈ‹ˆÄB\¯8„ƒ´Z’ð@šgç{÷À&™ÐÌ@y·—3út}ù€ò}fðàŠµÇš¹«s›¯ºWÖ´uªè¢6k«êƒ>iã«›ð•¡‘eÉC-¢@ålÅŠGo™£Âó¯€=ßÀy%›t…’?*>ËM$ÂYWÈ²æ¯s”ìvyßsÊ‘TÈœò¸P\OBñ5$!!‡ <¢ñµBÇŸ…ª6óB•¶O¶Rp]ÕŠcÍõ’ -ƒÇTiY†Tíù6óÏ¨MFj³Z.—ÜEËš{€RªB‚Ï)—>7 -~í> ‘ïÙÈã5-ê³…8ƒâ3³Ö…‘±&07c×¼@ì÷r•×¶éSZ+ÐVìŠHÑÂ€ÿ»ûëÛÙÛûO®tÅûEv„Ý™[WDµa…o3e½ÎÝXæó{Œ1âòü/Ç«¥²µ Ù&dØ*t4@B6ŒS°K½V@òºÄÔù2×²xnÎqßé™/°”ÑAŠ¡Ÿ¨lB—U‰mŽ0´³F•ª1¸^yú:ƒ¾u´/˜=Çµã'$Å)Vwa‡¾&[ÎÑ>ôÂUB !y}B#éL•²¢3†]ÉíÅw÷\žßÐÝ¬‡«pgpød+•æ‹ÜÞKƒ‡ÏÞ³Ó'vÏ±±¾»Ûe§{DëHòÄ±H·u³0E®îñ6šŽLô™À¼;ræx8Øyu 2õ”£^xÃÁ7h•XŠ×ôîŽ>HTè{ÔÃøa‚˜^Þ¿¿œ‰—+fç½CVòIAuE“sðÞ!CYU ÎŠFÆŒ~£……S¤ÑÅ&ío–fî™Ù€úŽj/Ù@mæƒ&ŠØmwWÙÃ®dÚ´¨ÏÍËýAùóÖ;µOîTÃ}‡¯‚q¾W¸Jä“Ì_Îýìa´º_,iŸ¯Ug’{ fSÜëm^V€Æ-?Ë¸í…Þµ>¦Ë hÁml½ÊÑsw ïEŽ ‹-½àlÛ21^ò´{4“ n[Üµ¹¥¬ÇÚuàe–ïf•Ýùh8ÀÍ3,Šý†É/TöìÍ]t}‡®$Ó/¾›?«/5 ß~ÆåÃô»žçTÊ½Œ¸—í"eV=ÒßI( x‚ßN†4Áÿðôüæâ÷¶á›‡Þš´-1/»‰”Ña8÷ŽŽý\€ÿÏðñ|Üñ/GãI€£x>/XObject<<>>>>/Annots 1107 0 R>>endobj -1793 0 obj<>stream -xW]OÛH}çW\ñÒ¬Dœï*í$¡B…%nÓ•Vc{œL±=©gLÈ¿ßsÇv‹U¥UÕàñÌÜÏsÏ½þuÒ£.þõè¼Oƒ1…éI×ëÒèâ¿Ã ÿöñ?—»ápìõ?Ú'n@¸×~¾œôpÿœú“±7¤”úÝ¾wQZ9 ýñ{¨îO¼qsãÊ?é\©×#?†ãÉ9ù‘SÙ%?lù[IRäÉüé²s³$cEødh+"J´5¤c -Šñþðžt©Ýg»ü¨u§Â\[œ4ð>‘ÂÈˆDF*s™ÊÌŠ„ŠÝ&‘$«Én¥Êk%ƒ~ûJYúþ2£(WÏ27±%‰°ÒØZ…ÈJso€ðAs¬‹,"Uc»#£¬$a Ï^Zæ…:=ƒ!dF°Š:;™ë9˜Î^e‘Þ›Î®vl¸S»Î>ÞÛAß“/ÒÙ‚„*ÓP sŠ]yž}6•À³ÄI»…öHš0W4ü’v¹™ò{{>«y´{w×p¨’áYß,V÷Ó¯Þìöö¬¡ÒŸß.æ¾7ÿ1?£µ;4˜ŒÏèûâÊ÷ÜÓz…Ä•þÃåtþPÆ•Y-D5äâ~½íRÛ¹¾ 2Ëize’û#A÷h†ô"ÂÞnŸT–‹ØÊœvÂ˜½Î# -·"Û¸D½ÅZ»ÏXkãõ†"¸¤£0ú©Ú+»= -@úo yuÑR1–¥LJÇSœt‰kÐÌ.2õB~!]®—Ó†|Èˆ˜e·*Û0#´º‡Ò'>óÆ/À„ßT¡Hå2´:?”ð\N±“$dí³"Ð…¥LÛ†fvÅ)„,†‰9C|Ùh¸±‘–4pOÊž‘H :è‚MCíT.f€JäfÞÄî|¤³OÀc ©8¼‰¥‹>d ÌP ¦Â¨N¢£ø3’ÏÕ[Jµ¼… -ÎéL6m¹2rªœV£úÁ)j“i_µ87¨xÎDˆE¢7œÇßàpàÑTg±ÚU¯2¾(AüØÎðç»Ep`F®AH)ˆ‰QŠŒ7\òŸ€€–H™'zl¹?“Ç?˜ëë5 <©Û0Ò@SÆ„4øc»&YÍ,/3ºüüøx9»»YL¯¿ –ÿ¡)^ êg÷ëÕ»9Ó Â•T*1à áÏJ8+N—ðA¤œÜ‰Lld~J§`—Sº“YÁ…ÓµËd%@1¶¹Nh«÷Î/B ¢ -RIvT€Äº–uÕOEèÊJÚÐY \¹².ó0ªzN‹Œ‹\ÙýÉÐËËíÿ¢›!ÒŒV‚¶R&•£´ª¼úÚÍj†)ùÜ±ÖùÓ&×ÅÎ€«Áø!„UŒ\ÛHÄÔ Ë"åÌ¹þ„79jÒ£oÌ,G¥·!–Û†ô†³Ýêb³…í[>¹D™4@ÊâÇÖRt¦Â*dTgÍÕº(A&ï½l±uf'ChÏÍÌ˜‹ÑìOF¤ SP½6?ðÍcpÈ -Ù>ÔÊoŠm„ ÕL€ÉX‰e8Yê†<8®÷a*4êœOªÌÒ¯B _Õ÷ž ˜²¶‚Ccßéä¢kêëG%„ ³ ˜x<ºF¡²6aæŠÊ0™@øBÚ@ŠàÊ[±È=[àJ™µ†4–Ì‰y££„E‡Gï—q¥IS¤(˜˜Æq!§×8#>es›+°¾® ûébÔùt1yŸzVŒtÜD9y…áÖW.Ft?¿£ÕCß¹ëº”3 -ø GÿÒ)¦±3€7+ØH–†GÎÈ7Ž-Ý4G‹{Ñ@‡½q¬º²cyÇèŽŽÒur Hä¯ÖîrH˜]Qä«žzˆôAlfÊYß„Ê² £ÓâQUûù´G/¥g±Ìs¼nØ¾×‰t-ƒr$dêï5Ò2Ê!“Óô,TÂ÷ªZ³;À‘«7Ï¦®fã7qwñÂ·Àqþ*óL&ôÍ ‡ŸéëÃâöÛrÆSën£g`ØŽZ=xåºKÎÁµzùLË›Å—.aþ*Q1©µ7ÄÇd@ãs7‰¯.ï®. ]á''c¦ÃÂ ß³Rùß(8Þ>ï^°ÿc¨Žña1êWNŒ†,wîŸüuò/ö !endstream -endobj -1794 0 obj<>/XObject<<>>>>/Annots 1110 0 R>>endobj -1795 0 obj<>stream -xVÛrÛ6}×Wìä¥òŒDI´.NfòàXvë™$V,¥íLÕˆMÔ$Àdõë{e[‰›ZÖ…$v»çìYüÝ›Ð¯ -b:SRöÆÑ˜f¯øœžñgŒw-)ãXzø¸ý¹7'Ñœ¦³8šRIÓÅ":W£ÉtÅÇŽÞmz£«)M&´É8èülA›Ô¹Ó&éß®.ès•ŠF¾!ü¾Ý|^-£Ëß/O6õ†°Â¢´_ãr89EÜÚ\¬F×«ƒé¯×«ïN¿5¼•©ªeÒ˜úÑøvyû=ë™·Æ3Æsä¸ç…5RµVé;ú°¦›¶yoÌ=©†”¥TZU‹]!©1¤´mDQP“KºybP¦¾F´É±¿¨{²©hoÚWI®´ätÇÙfµ))úŽcfØºÐ$¿6R§2¥JÖÊ¤ôK¾©^ÓmJè”ýº ['m•HdÕV™J„nÈVR¦muÔ9I"KUËæÁÔ÷¤¥ºËw¦Î ‚ZY?±íèê5MoÔ†§S_°x¡Ž¿)šKñ¼Z{#Z‰äžboÙQ–ñDcˆs . +p€J/Š!úz¤ÿ%Ï¬ôÂ·‚y©#ÕlƒúFÂíMÖ41çD½pWSã`ÜªáêX9-ÍÌÑi %¦ù‹G¯Usdä+æÉU¦Qm)Ýv! ˆÐ´ë½ÇÄtño‚ ®Ol_¸F®!i-DAÞ+ðS ‡L¬ÎÇÕíÃ=)©EßwŸV"aî¥ÑdÊhõÀê £{ö,Bã$ô—i,ýÜÚ~–LC_ì¤Ra›&eÌ39SôèPò9¤.Ý`Kµ˜¿Ä‚ÇÔ¥74QúeQb¢Á!ÂéÝZ!F2ôv^ dþé÷oïWwà¥5u„:-LkRsÕÂ%Uûàš²E7ƒfÝÀ²Iè‹(~ƒ">JÝü›zcÁŸ¬V¯X`È#¿Û=!RÖ(ßo>ÞFEcCu¥vž)åƒ8í ÚÛ} ûRx~Yç±ì¨4J™Ý0qÞâ_6Å ƒo¨Ün¦³¢Y-Î’³ÂÔLêxó:øú:]Î'µ*B,‹"˜ÑðR£ƒKÆ¡²5µ.¤ ØF-DÉ¤Â‚!nêºÑ’3/‚"ë4ÈµÐ°ÚÓNú*ò·3ú"±¢4–j¶§Öbõ;´x4^“v•i]˜º0Z6eP²óTU` ˆ'Î‡¶Ù¤3ìçÇ¯m”b½‰ ÷Žî„Â9n¹kGB&$Püä¡;Ébë‚xÞ¯–Že7Í²4.g”çóö,¸¹¿½¡?¬yB‘èÎð¦†·(°sÒo˜,Òð¶0þÊçx%¹šâ öÙU<¢Þ¯GŸGÿ{1mendstream +endobj +1796 0 obj<>/XObject<<>>>>>>endobj +1797 0 obj<>stream +xm1oƒ0„wÿŠS¦tÀµ g$J+u¨Ô6º:`RG‘úïûM§Ê²õ$w÷îÊ$‰"ÅF¡ +Lp%S®é‚æ”nthØÎ°Çç-dÓDi Sƒp!`ªuªxÎQ¾|>˜óf˜l™™z!$ÇÁ]'×Þ¶øp¶FùEï¢Ê Éu¶ORÊ©×{?Øcë»Óÿ*LÃü·º…qê’±‚—ØßÜ€Á†£ÅÅÅ¦Áv•ÃàOo|eÛö›/‘ú7R*j«7Ðù²í¡|Ý•x‹ýÙU#ö}5ZÚŽ¾ïfarç“BlÿÚÝûgJs•§Ôƒ:È\ÎŠ'ÃÞÙº3cendstream +endobj +1798 0 obj<>/XObject<<>>>>/Annots 1102 0 R>>endobj +1799 0 obj<>stream +x¥WÛn7}÷WôbVÖÅºä¥°]»_)q +(¸+JbÌ%7K®½ôÛ{†\I¶ +C‚–KrfÎœ93þzÔ¡3üuhØ¥Þ€²üè,9£AoŒïþhˆï.>¥¤¿ÀÖÝ×‡ßŽ:ãdLç£A2¢œÎÇI¯~Ð4 ×ô#Î©7Ä«øÀ¯ÎGÉ°~ÌiÔÅéý;¶Þïw’Žups§~Ú]Ùëðþ·žuÏ{8ÐëñU9õ‡Ýä¼~ÚƒsßÅs9;jßŒ©{F³ G4›‡±’\DáeIÝaBS‘§‚„™“õ+¬]Mn¦”i%w§³/¸§ON¼§Õ%]Üt2[)GY}KfÊ`!œj¹Bfj¡2RfaË\xeM¯SgX_Õë'}¾ +>tº™2ÞºÕÖô/ßÛøKº„f«ªté†Œ]ÓJ¼HÑñ«àµi*ËD“ åœ~½øtM-rRòµgÔê¢õÙJnÈKçIyKÃÓ£2s»v4>oî~ßÍF. …°(³yÐR¥•ßr®b¿.¥èH¶bA6Tã’‰Òê0¸¤z‰Ñí´”Õºô¨½†Ó Ã +¼N±nšå†kÞ¯X6ØÔDþ‡„þøZé†³øø_ËêÓÉñäò–¤,ŸN#ÈYÝZÃdÄ Á>uCŠo·½#¼lm³=»zhOÀ“ã‰a‰¨°XÿïZèZq9¹Ÿ’eù†4/¡A%ÄÊåõÇÉOÚáÆ×ï!š MVH{¨ß…*Ñ6¸l½]JÉXýøEÌ}²TŒ;A]œZA©æy»Èo…FBŽTÔ&ã–puëÈ…©„Nh²ˆTeÁb=ßDáæš^ícÚAöµ€Œnõëà6p_ÛÒ +·"üM‚@ð»«©Ô(€HuèòÀº¾ A6ýÂ%S{Þ˜†bGöUÑÀf&sÈÎ(cà¦ Ðëi.]VªtOÄ"ÐôK…¤ÐGHsí‚5ÈÏa s›U»~ƒáÇÈñíÃlš\¾nòð‘=srîÿxõÐ€ÔñþâaÚw[\,˜Ý]Ïï?]Ø¾?”ÖÛÌjwÌràØOnïÀÝ@'^¸H-_Ue‰e5 +ÖCÄ™˜ì†ÎóÑÃébïæ<³”dª<•etÝdA’1ï„‰¡4 âHn£"{‡9ï˜Õ±¿p§”åÓ kz$`‡~Z’¶ÐÐ*É¢ø°ÜÚ"vBd m‘ Fäu§ÅB)íˆm¸ÃÜEk€‰E“+=}¯œo4YªãÜ‰›éqr7 =;ÖüVÂàò1“„óÆ÷áæ +#`™+cµ]nösÌV®¸¾é<1äÓgÐS»ŸÁb=ñð²Kö9…’.v@ÄþCº%iŒ+šËJ½Ï©ÕHå +tjbê¢M€ "OBrÚ7£ý€>Ç¾ô3>ÿ‡28ïFíîœ_ÏŽþ<úûEendstream +endobj +1800 0 obj<>/XObject<<>>>>/Annots 1111 0 R>>endobj +1801 0 obj<>stream +xWßoÛ6~÷_qÈËRÀ¡,ùG’Á´Éš¢I³Øk0,Ã@K´V"5QŠë—ýíûŽ¤bÇEÑ=¬iU[$ï¾ûî»ãåï^LüÄtœÐpBiÙˆÞœßÒÔr©jð“¤ô¦È•nœ]‡mQ›²ó;_0¹hª×Q„§(;;"5etÑÚéÆFÞ‚`úæüV|œ&‘ )¼®w0•µ)Ä:×V´ORè"ú§Pª]G…Ô¥ÔbÕ”ûßóZÐ•k,”²É&ü]ÑÆàmdQÔù8sK©DÐµ&IºmìJEŸT–7žˆ¼PôøxŸ.ïaÂ½¬iöüfyt˜zCfáö8ZæØH•¬›ÜaaÏ2ËÜz‘ke_ûtè´ËÆH°*iïO28³ªi+¡¾ªÎóÀçwo'a«VÍú‚vcÿÓî§,ëö¾Ç0hh®@¨¢ TÒ±È*éÈ;/¬éSfôOM`–sm¦2º½L¨å¬ÎŸ ž¹J%“zÁþ¼].7‚f íùâ #H÷vºk‚µF[u¥¾;eUí<26‰8|S‰t–ÛÈV2žêmý cÏµ+¼¡ sDxJ4òG`´²´^)íëìñ‰…¸_qiµ$;à4ÏÎ÷*îM2¡™òn/gôéúòåûÌàÁk5sWç(6_1t¯¬iëTÑEmÖVÕ}ÒÆW7á+C#Ë’‡Z:DÊÙŠÞ2G…ç_{¾óJ6é +%ZT|–›H„³®þ9dÍ_ç(-Øíò¾ç•#© 8 äq¡¸ž„âkHBBxDãk+„Ž >Umæ…*mŸl¤àºªÇšë%¨Ò²©ÚómæŸQ›0ŒÔfµ\.¸‹–5÷¥T…ŸS.}nüÚ!|þ@:#ß³‘ÇkZ*Ô;gqÅgf#3bM2`nÆ®;xØï)ä*¯mÓ§´V ¬Ø¢…ÿw÷×·³·÷Ÿþ\éŠ ö‹ì»3 ¶®ˆjÃ +ÞfÊzº5°Ìç÷cÄåù_ŽWKek²MÈ°Uèh€„l§`—z€ +äu7ˆ©óe®eñÜ0œã¾Ó3_`)£ƒC?QÙ„.«Ûahg*;Ucp½ò:ôu};ëh_0{ŽkÇOHŠS¬ +îÂ}M¶œ£}è…«„"Bòú„FÒ™*eEg/º’Û‹3îî¹ =¿¡»Y:WáÎàðÉV*Í¹+¼—Ÿ%¼g§Oìžcc}w·Ë6N÷6ˆÖ‘ä‰c+<nêfaŠ]#Ü;ãm4™è3ywäÌñp°óê@dê)G½ð†ƒoÐ*±¯éÝ}¨Ð÷¨‡ñ:Ã1½¼9/WÌÎ{7†¬ä“‚êŠ&ç>à½C†²ª@#ŒýF§H£‹M Ûß,;Ì8Ü[2³;õÕ^<²Ú*ÌM:±Ûî®²=†]È´iQŸ›—ûƒòç)vjŸÜ©†û_[ã|¯p•È'™¾œ?úÙÃ*hu¿XÒ>_«Î$÷ Ì8¦¸×Û¼¬[~–q#Ú½k}L3–AÑ‚ÛØz•£çîÞ‹[zÁÙ¶eb¼äi÷h&Ü¶¸kr JYµëÀË-ßÍ*»#òÑp€1šgX>ú “_"¨ìÙ›»èú]I¦_|7W_j¾ýŒË‡èw <Ï©”{q/ÛEÊ¬z¤!¾“P@ñ¿9œi‚ÿàéùÍÅ9îmÃ7½5i[b^v)£Ãpî0ú¹ÿŸáãùþ¸?â_ŽÆ ’GñxÈ.g½_{ÿô{endstream +endobj +1802 0 obj<>/XObject<<>>>>/Annots 1114 0 R>>endobj +1803 0 obj<>stream +xWÛnÛ8}ÏWòR/È÷K +ìCb;EÐÄñÆjÝ,(‰²ÙH¢+Rqü÷{†’œDÈ¢À¢¨#Šä\Ïœý:éRÿº4îQDazÒñ:4¼ãw0áßþç’b·1Œ¼ÞGýÁäÃ ÷:ÕÏÃ—“.î©7yJ©×éyÕ*¡•ÓÐõ±÷êîxâšWþIûz@Ý.ù1ÜMÆäGNe‡ü°åo%I‘'ò§ËöÍ’Œá“¡ˆ(ÑÖŽ)(6ÆûÃÿyÒ¡óÛåG;æÚèØâ¤÷‰FF$2RY˜ËTfV$Tì6¹ˆ$YMv+U^+é÷Î¯”¥ï/3Šrõ,sã[’+ÅQq¬4wû4ÇºÈ"ÒY%1¶;2ÊJ–ðì¥µa^¨Ó3øBf«¨½“¹Þ™ƒiïUé½iïŠ QaÛ†;µkïã½í÷<ù"-H¨2 Õ0§ØEçÙhS <ÛJœ´[h¤ sHÃ/i—ë ‘)/°·çS±z‘‘G¹ww ‡*)žõÍbu?ýêÍnoÏ*ýùíbî{óó3Z»CýÉèŒ¾/®|Ï=WH\ùè?\NçÕaÜZù—ÕBdQC.î×Û.µíëê"³Œ‘ó~·Lroì!èÍ^DØÛí“Êr[™ÓN³×yDáVd—¨·X;ï1ÖZëx½¡H#.é(Ì~ê€öÊnþHF^]´TŒe)“ÒÃñ']â4s„‹L½P _H—ëå´á#2"fDÙÊ6ÃH#î¡ô‰Ï¼ñ0á7@(R¹Î%<—Sì$ Y»Dà¬ta)Ó¶¡™]q +!‹abÎPD@_6nl¤% Ü“²g$’DCã†º`ÓP;•‹ R¹Y7±;éì°ÇÇXB*obé¢Ï™(3hD…©0ª“è(þŒä³Dõ–R-o¡BÁ„†s:“M[î‡Œœ*ç£Õ¨~pŠÚdÀG-ÎÀ *ž…sb‘è çñ78ì{4ÕY¬6$BÕ«L€/J?¶óüù®D˜‘kR +bA"D”¢ã —|Å' €%Ræ‰[îÏäñ¦@ÅúzM}Dê6Œ´Ð”1! þØÃ®IVóËËÅŒ.??>^ÎînÓë/¨åhŠ¨úÙýzõngÎ4ˆ°D%•†€JxCø³ÎŠÓ%|i#'w"™ŸÒ)Øå”îdV0dátí²Y @‚m®Úê½óË…¨¨Á†‚T’ ±†®e]õSº²’6tVW®¬Ë<«žÓ"#Ã"Wö@2ôòrû¿èf€4£• ”Iåè*¯¾v³šaJ>wF¬uþ´Éu±3àj0~a#×v15È²H9s®?áMŽšôè3ËQéÇmˆåžCzÃÙnu±ÙÂöŸ\¢L eñck©:Sa2ª³f„j]” “÷^¶Ø:³“¡Š´çffÌEŽhö'#Ò@)¨^›øæ1¸d…ljå7Å6D„j&@‡d,ŠÄ2œ¬uÃF×û0uÎ'UféW!‰†Î¯jŠ{OPLY[Á!„±ïtrÑ5õ‚õ£BÐYL<]£PŒNY›0sEe˜L |!m EpåXäž p¥ÌÚÇVCKæÄ¼Q‹QÂ¢Ã£wË¸Ò¤)RÌLã¸ƒÓkœŸ²¹ŽÍX_WÐýt1lº˜¼O½+F:n¢œ¼Âpë+CºŸßÑê¡ç\ŠuÝFÊ|£éÓX„À›• ì $KCÈ#gäÇ–nš£Å½?‡h ŽC†^‡8V]Ù±¼ˆctGGé:¹$òWkw9 $Ì®(òUO=DúÎ 63å‚¬oBeÙ†Ñiñ(‰ªý|Ú£¿—Ò³Xæ9^7lßëDº–A92u‚÷iåÉiz*a†{UÙàÈÕ› +‰gSW³ñ›¸»xá[à8 •y&úæ†ÃÏôõaqûm9ã©uŸ£g`ØŽZ]xåºKÎÁµzùLË›Å—.aþ*Q1©µ;ÀÇ¤O£±›ÄW—wW—„®ð““1Óaá†oŽY©|„o?w.Øˆÿ1Ô Fø°ö*'†–;÷Oþ:ù3`-endstream +endobj +1804 0 obj<>/XObject<<>>>>/Annots 1117 0 R>>endobj +1805 0 obj<>stream +xVÛrÛ6}×Wìä¥òŒDI´.NfòàXvë™$V,¥íLÕˆMÔ$Àdõë{e[‰›ZÖ…$v»çìYüÝ›Ð¯ -b:SRöÆÑ˜f¯øœžñgŒw-)ãXzø¸ý¹7'Ñœ¦³8šRIÓÅ":W£ÉtÅÇŽÞmz£«)M&´É8èülA›Ô¹Ó&éß®.ès•ŠF¾!ü¾Ý|^-£Ëß/O6õ†°Â¢´_ãr89EÜÚ\¬F×«ƒé¯×«ïN¿5¼•©ªeÒ˜úÑøvyû=ë™·Æ3Æsä¸ç…5RµVé;ú°¦›¶yoÌ=©†”¥TZU‹]!©1¤´mDQP“KºybP¦¾F´É±¿¨{²©hoÚWI®´ätÇÙfµ))úŽcfØºÐ$¿6R§2¥JÖÊ¤ôK¾©^ÓmJè”ýº ['m•HdÕV™J„nÈVR¦muÔ9I"KUËæÁÔ÷¤¥ºËw¦Î ‚ZY?±íèê5MoÔ†§S_°x¡Ž¿)šKñ¼Z{#Z‰äžboÙQ–°˜;ˆs . ¼ü"kQ kmöB#=¨&?òºŠ#ºÑ’L†Z¨$'£‹=‰ª’¢†—Çƒ&h-Ê8J—S‘5Ã–Û`).ªÚdª@8Ü}žÂ*¦¤PR7(£œÝÓÔ”Bé¯°¶-Ù:É9\Êr‡XØ6óÄ;Ð®mÜ5¶6•HD*Ô½DN&I@Ðs˜ºúsíM¯5™:õé„Ä¹ØÖašµ\ýWbÛ¾+Ü“É„c–@´Z^lOß-cÙ¢x¹øâ(<ºš…Öïx&’‚l[U¦nè-¨øú>‰”ùŒ-q!¸ðdsÆßÃ™`ÂÅ”TQ2Í»œ"ºæê¡¸øçý¦FËÁÀ0ÔÎºÃÊ“ñ€¤/qbÊª„$v°³äX]SûŽpŽBxÚöÏ]Ii)µ’éöä(2waRKˆ•mÑ¨ ™%¦RÈ¨D£)UöŽ–7Î¯?FÌ>¨ïd@ÏoÄ’MEÑö$BAeP [î¢ÄèlÛŸ}º„RTâå„j”ÅLe#TÈ\”ËT2`,+§Ë>AW8öð¼„à1x•¨E)pîA¸Ò‡þ£»ÂìDqT’ÇÕ(u-)Û -JæZÐ5(Æ¿‚eGí sÃ…y`T¸Ÿ\PˆÖÑÁ³æßà˜^EŠƒ"Qøû#À÷g·µ1Ft§{Þ}WRó–Fò+w¬~`ÔÁ-€ê[ÏÇãtSiö6‹Ú¼ÐR<8^È$L½.~ÛN>‚ðaÁfcÉ®uµî¨ÁzßÓú±yŸ%äI5{†I*žµÞ‘<@äZº+I˜éà0¨©}‹{xíúÉÒúz9€þ§®!9ˆ×I¾Ïb‹~rjŒ¶*A xè¯Ï?¼;ßn¤ÃÇQX¤Z¨`&¸Ê2Ôö,Ä„ å˜˜^ž|Oz‡ý"1‘¸_žMÒ« ©S…WGa1,ó˜ÞïP6e!6Ìn8e«—eÔ?í†gš0ˆ³×4‹ƒ‚Û G-”J`¿¶2Úº³JÅÜ p|je½_,—P6µÐãO6^™qPæàn%È$Î/Þs É°â¨:¼^é¤hÁ¡ç%x2åžâ@¯®0ÐèªMáŠ=ºš‡éóÄæãÍæ’Þøã“:5@Þ87TŸ /;[x…nž¦å‘ï´S†‘îŽÌï¥›ýîäÐˆÎÂ&s¯ÏNi6sãI«Úü…“(ìÀ}bNvØ-.ÆP¯´ÿ¿QÓùY4ŸÅþÈ<™ÍØÓå¦÷©÷/Rµ¢ñendstream -endobj -1796 0 obj<>/XObject<<>>>>/Annots 1119 0 R>>endobj -1797 0 obj<>stream -xW]oÛ6}÷¯¸ÈKS V,Ûqœ<-íÖ®@[lÛb@_h‰²XK¢FRÖüïw.)ÙŠÒbCá$2u¿Î9÷^öïIL3ü‹évN‹%ådÍðÍéÇ§·“x½Šf´Z®£5•4WÑ]÷TÐãdøŒÓ›E´œÂæ7°\®oñ÷#)›Ìoc¼¸¼›y§Ëø6ºížØ)›-×±ÿùÄŒw«h>ö·Z «ùÝ:Zúc¼žzwóõ:Zñ¾Œû,æì8<±Ù«Íäú ¼Îh“¤Õíš6©Çß$—¯sQ;iVô»nÉiJtY«BÒãÃ‡W/7ßa¿¤8öÓùî7éå_º¡DT¤·N¨Š\.ÉŠr+ÈêÆ$@Çèrðm+·V9ÑF÷&‚Ry…®KY9:Hc•®®èsàMãE—ê¶*´H» Þûë/¤ 5VU;2öX%QH÷ŽâÛ.ÝÅ`"]ÔGô$ÒZz&šèTÒA ‚»“9lébh{s8xW9£Ó&qHõ94š^çÊöÕÉ”€#UËŠduPFW\rD¿†úQ9Šœ}»|«¤1†1ù0áòÖÉòÛK4Bæ"Ée²WÕlEa5í+`EÂÒ˜,•»€U%Ûž®7 -¼°tFéÆúØ[#*8³ž×$áÑBþ@gTTº:–½a`€% *ëL€‡€4ŠP¿ËHÄæY¸àÄs³œ^TêTeŠ#Hg^KOÜgº©RŽrçêûëk/¿H›]øë:9Ø(weñœÔx ‰yäkï”ùŸÜü„ß Ê,E’«ªS<‡$ÓTœxÝl•Ç;µE1FÖú×æH$åfó}:Æ…Z¨ÂŸö j‘ìÅNÚ+`œMÊ¢ð©^éCa)}WÍ¼mvè³\bF |\«‘04ØŠ£e$CtvÀÑ9=+ b’æ>VvÄu®;7Ö`œk>h®®•ÐðÏìïgGÏŽìSÀP&ø…±A_¿~¥Ñ-åÒX$EG?-ãÀS¢+‡æáJG…¨*U•6¢ º´Ü—ŒÀ€Ñ7|ZïY^á•ƒâñDíYäC{á½‡uì¾—y?ÂNUs“ -»J (=£n™tÄ˜ÕÑóÖéþÇ©öÞû&úŒÂ™~þôžîŸ·D²SÓª¸)NÌ`Lþ„M4ÅC•Ìlþ›J_T°á4Æ| -ª´)<œQR(?ÿ<‘;u<õË&ÉÑú,shtAšUÉGØ4#2SMrù JÃGÝ8jsnìsF"*³¸—²f/%5ø)Ð—}Nxšy‡¥í”1rÅµ‘™ÄÜN©”.×é¹ÓHe¾nÆÓÒCa½ÒŽ¾7Öá –¥ÙË¼Úó»AfýäpÒ„Ã9ÀúŠj°9|ûtžz ?QFÛ¶QrI„r®#Ÿ?î!µQ½îEw9ØIó[íÃèDýÐD™k¹FŒeTÇVo?~¦·¼çÍ„nëï·—}ÔÙå¡»|~<÷vFÔ¹Jª .´R~fPÏo¡zi2¸ä¬ªÛ%˜ÚÞÑ‰Ã÷(d<ò‚©…MÐsç5~ÀN<×ý¤Û=Oá÷&¸Ûñî¦‹ë¼@™AÞþœk¦yªùÑîd ½Á²à‘LòQÖªœßÖ6%”æäþhH/éD×Ç~súU1TJï[’Fd3<:Dº¥@Öß@‚Xm³Å¼r'‘ÛºOÜH6ÝÆ¢J”’p5?üw¸'`‚ƒ9òU§Ïh`öà„«2ïqyá;¯×þ-Æê¾~s3‚ÝzbÏÓ”îë°ïñüËéVpÏ#Ôh´-æ¾òr¾sô¾a1CC„ua:¿¡éÍþ¯€ôþÏ½{¹ÂmÿfÞÕs³bw¿m&NþHàendstream -endobj -1798 0 obj<>/XObject<<>>>>/Annots 1124 0 R>>endobj -1799 0 obj<>stream +JæZÐ5(Æ¿‚eGí sÃ…y`T¸Ÿ\PˆÖÑÁ³æßà˜^EŠƒ"Qøû#À÷g·µ1F$¾{Þ}WRó–Fò+w¬~`ÔÁ-€ê[ÏÇãtSiö6‹Ú¼ÐR<8^È$L½.~ÛN>‚ðaÁfcÉ®uµî¨ÁzßÓú±yŸ%äI5{†I*žµÞ‘<@äZº+I˜éà0¨©}‹{xíúÉÒúz9€þ§®!9ˆ×I¾Ïb‹~rjŒ¶*A xè¯Ï?¼;ßn¤ÃÇQX¤Z¨`&¸Ê2Ôö,Ä„ å˜˜^ž|Oz‡ý"1‘¸_žMÒ« ©S…WGa1,ó˜ÞïP6e!6Ìn8e«—eÔ?í†gš0ˆ³×4‹ƒ‚Û G-”J`¿¶2Úº³JÅÜ p|je½_,—P6µÐãO6^™qPæàn%È$Î/Þs É°â¨:¼^é¤hÁ¡ç%x2åžâ@¯®0ÐèªMáŠ=ºš‡éóÄæãÍæ’Þøã“:5@Þ87TŸ /;[x…nž¦å‘ï´S†‘îŽÌï¥›ýîäÐˆÎÂ&s¯ÏNi6sãI«Úü…“(ìÀ}bNvØ-.ÆP¯´ÿ¿QÓùY4ŸÅþÈ<™ÍØÓå¦÷©÷/f3¢õendstream +endobj +1806 0 obj<>/XObject<<>>>>/Annots 1126 0 R>>endobj +1807 0 obj<>stream +xW]oÛ6}÷¯¸ÈKS V,Ùqœ<-íÖ®@[lÛb@_h‰²XK¢FRöüïw.)ÙŠÒbCá$2u¿Î9÷^öïIL3ü‹é6¡ù’Òj2‹føæôãÓÛI¼ZF3Z.VÑŠ*Jâet×=•ô8>ãôfÍ§pDËä–‹Õ-þNð1’òIrãÅÅÝÌ;]Ä·Ñm÷ÄNÙl±ŠýÏ'f|0¿[FÉØßrŽ¬’»U´ð9Æx#<õî’Õ*ZŽæñ¾Œû,vžØìÕzrý^g´ÎÒòvEëÌcƒoÒË×…hœ4”¬"ú]ÈiJuÕ¨RÒãÃ‡W/×ßa¿ 8öS¼˜ÀÃå_º¥TÔ¤7N¨š\!ÉŠj#ÈêÖ¤@ÇèjðíAn¬r2¢µîMer/KÝT²v´—Æ*]_Ñ18æÀ3šÆó.Ó‡ºÔ"ë‚xï¯¿<’6ÔZUoÉØcF!Ý;Šo»tç€‰t‘vÑCšJkéq˜hª3I{%îNæ°a´¦ó íÍáà]íŒÎÚÔ!ÕçÐ hvœ+ÛW'3>ŒT#k’õ^]sÉýêGå(Brôíòµ®ÓÖÆäKÀ„Ë{c€p¦Ÿ?½§ûç-‘nÕt£jnŠ3“?aMñF%s›ÿ¦Òl81Ÿ‚jm* g”–ÊÏ?OäVíAOýªM´>$Ë]’fUò6ÍˆÌLÓA¹âÇ¥áÇ£n +nìsF"*³¸“²a/µø)Ð—}Nxšy‡¥í”1rÅ‘¹ÄÜÎ¨’®ÐÙ¹ÓHå¾nÆÓÒCa½ÖŽ¾·Öá –¥ÙË¼Úó»Ffýäp%Ò„Ã9ÀúŠ°9|ûtžz ?QÆápˆÒ#ˆH#”sùdøq©êåp/ºËÁVú˜/ ØzF'êÏ&ÒÈÝkÄXFulõöãgzûÇ{ÞLè¶nñ~{ÑG ]º‹aÁçÇsokDS¨Àð +Ê±àRA+Ñègõüª—&¸€KÎÁjð¡*°]!1©í8|BÆ#/˜ZØô=w^ã{ì4ÁsÝßAºÝóÎqo‚»-ànJ±¸Î”äíÏ¹æš§šíN6Ø,É$ÿUƒ Êù im[AiAîƒéã%êæØoN¿*†Jé}KÒˆl†Gç¨€@·ÈúH«m7˜W®õ$r»B÷©É¦ÛXT‹Jò®æ§•ÿ÷Lp0C¾êô¹ ÌœpUFâ#./|‡àõÚ¿ÅX a° sô¨O1Òp±Í.qYã x<Ý!?µaˆvýËÇ×onC°[OìyšÑ}Öâ=ž9Ý +îy„¶ÅÜW¾UÎ÷cŽÞ7,fhˆ°ê"L“šÞÜáÿ +HïÿÜ»KÜöo’®ž›%»ûm=ùsò/¶'îendstream +endobj +1808 0 obj<>/XObject<<>>>>/Annots 1131 0 R>>endobj +1809 0 obj<>stream xVMÛ6½ï¯¤‡:@%[–¿vOÝm’6‡¢iÖhQ @@K”ÅD"’òÆÿ¾oHÉñ:IIÄXŠä|¼yo†®2šá_Fë9å+*Ú«Y:£ÅjÉ¿›5~çøo%U¼£§Ÿ×¿†£ùõuº¢–²Õ*ÝP\5t•oføžoVé»ùuØ «°{¶ni1Ïq*žåÝó5v×Ù£]0ÇÍe€wÛ«é‹em+NfµYÓ¶!Ïh[Lþ®¥&åI¸÷ŽŽ¦§ÊXÔ çŒ-É;IO·ï`%¬LŠƒ‹_F»“”×3J²<Ãüäu¯É×’ Ó¶B—ñôr¸ssFç`‰’’n:'íAÚ¬v¢Ý‰ÔØýÍKkŒ‡ _{MÎmkåèA5 V /‘B©¬,¼±G*DÓÈ2š€-í…ÒJïC„ ;?ì9ÓÛ‚£.%½™¨T¦áÌoÏoŸ]$èÅ~“ÿÎ -]Ôož¦‚(zk¥ö Üüå:£KGÞK9ÊTÊƒlL×ây+eÀî<—_þºŒJG0Zâ†¦$³ãøá|w¤Þ yDdÄX!Jìc¬&„2Àu3„H‹ÞR£€€©§ŸgºÑez˜2±ÀOž}Êæ X³G|UH5ŒäŽœòÁ “×¬üÐ3ä(˜7Îbnç…™ƒPV6R¸X—eÓ7@@Ri´|„Ü4æqØž¾ø.ú%–îo¿»};;ÿ"!°l±ŒìÏÓ |J²å&2u¨lÐØƒàÚj¥`*B901¯¨…Þ£ú=²f}–UÖ´ ¼¯ãí#ø'ÜD2|¾+Y1Ðaò*u …œ[¤ºˆIM_\S†RAÄKJÖAÆóD* -éFB>R”£ƒdÝQ‡•ï;b%¯£Ÿ¡¤§6@¢q†äÇÎXDt'Š÷,=Ó)ÖGE›:Á»÷XA,-þx¾™N?ó1íúÝôdš¥œrÔB}lMïÆø/M†´¾hÎNF§)½‘™’æ£p#"V{Ôœp%¥{DÎUÛµie:óE6ÁRº2,ÇpzlÄcƒÝÂL©œ( Ü™:O¹2L.h±àd-i4]×w9‰Þ›VxUº²®€rcÐTi¤i£ÞË‹Ð¸¥‘.aä`G¡\èÂ©÷À0p0ƒ´ò -6•výzíH6$_D%!5ì®WM96ñ;¥…¾Jªá¬ ÷UÊ‚/v˜P5{+ÚxsÈ„Ò)"¬Ô¾·!±O#t2Êu˜' ÉÕ¡3@C*< Îl!•qLÞó¨`òZ28)wt^¶ LúE-Ìï]€´”Ö¦í?L=÷;¢ùMœé|nàyúdhŽx0q™YòPÏ?CT=ä`Ó×nNñrÃåx3v˜ÿ!Äöß¹œÞw›tÙ -OäMN«ÕïQ+LNzeÍ;<Èè™)z~ü€é&˜NÆÉzvÍç¿qœ,V›tµœGBgË5‡ý|{õçÕ¿PH”endstream -endobj -1800 0 obj<>/XObject<<>>>>>>endobj -1801 0 obj<>stream -xV[oÛ6~Ï¯8kæ•bÉ—8öàÔ ¬]»Ä0 À@‹”ÍZ"]ŠJš¿ï’[‹b‚ÄÒá¹}úëQFCüdtšÓhJE}4L‡4™Òg§ø?Ç¯ST†£l’ž¾ô"Ç‹ÉK/ÆÓçÏÏ—G'(šÑ²Dñéì”–’Px8¤e1pÖú×ÇË/Êº ÊNº”ƒZliÓxQUµ01nÜÅ%10É§é˜ƒÿ´^‘ßOº¤{Û’À(íní„ÔfM¥u$hçÔ¶mC·Ê5Ú²%]‹z%Â‰Z¯7ž*ªÞÒÖØ»˜ÐoÙJö‡œâ^†”d£4çâ±ÒF8ºÓUE+…UQ+‰Ï~ƒÚ¯RäxEê›W†k§ôº,„¡µ¥•(¶\”=k’Äá›ÜÏý+ÄÐÊù¯¯[Z©Dú°!AR7¢ñÊý3œQ†…3šÉ(‹»£4Kéwºâu7a©aòyáõ¢…vªðÖÝSÓîvöi?È–37—ÅIåxEÈ§e[\÷ ÞÐŒÂŠ»(Ò‘O€-Hà¨¹GëõoÜ:šå\&áo‡ÚÇË%m•[)g’XTewµ2Lƒ•‹xÞ@G]v*R *@ÜjÅüŒbnŽSZÉÒµO°å:PÅXOwÖmSŽã°i:œNú?í”ù°˜~¹¹p&y6Ùe€;Lv(É²Ð½kHËHá$U¶žA ˜[«+á½ -É„PÀÂ”zÝâ´Ýqdßl§€$a°“[M~_\^õ³ôêœ— PÀËµæA® ñ†³érÒƒ_´)ªVª“X;íDÐ;À€´§µ2Ê ä r£ŒÁä€='=ëX›#k_Kº+z?ÿûÝ¿\O(ë‡ÂAG„qrÑ·À˜ÆX¬íH«ó«k<¬Lj‰}{ -ò -¼äE=àWRìSú`í–áê6PÙ5cè›í°-h´¹' Š€oè&€prÁvö›ä³G‚…d/£½²fe§¾¶ªì™Üã\¨•~ê¿,ØÎz?ŠÙ«…Ó–¶ªìéQyÆ[Ð”“@ˆýt{1„™‹$é§Ú“ÿ¬—uçFùOw¥ä{ñÄ#°Øb(¬¨ÙØ—BðÜ:•‚I¾ì3¡sV8äDv3àëh«ö7Ç/ŠM4ãÀg„®Ã=ò½ðà\ˆ_©B°qƒ¬ôè |:˜V4¬˜d¿¸½²-H©£Ä»hoQ™[í¬a›|ªóÃ-ØÙÑŸ#¨[hÇ7²Üq-î©÷óµ -*ªqÙ–ôv‘wdžudÎ¦øÆ2Ñt’¥ÓÉˆÕz=ÿx>§ÏÎ~ÁEC[´ÜaØ8ï¾$§CXüï[k<¡f¿¤d“g·<úëè?zÝùendstream -endobj -1802 0 obj<>/XObject<<>>>>>>endobj -1803 0 obj<>stream -x•WïOÛHýÎ_1ðåR81ùô>Q•Þ!µ”ƒœªJ•N{M–Ø^wwMÈoví$˜DåZQØyïÍ›ÉÏƒ˜øÓÙ) '”ƒh@ãñ :¥Ñù¾?Å?#)ó¿˜£Q÷ç¦ýOŸÑ4C¨ÉyLÓ”f0 iÒ;D£ˆî0N•äæ’l1KI”)•øæÝô÷Gãß?9=‹&ˆÐû®k*jë(™km%9M–£¼¼NR!¤!a)²Ð¥%m(3ºÇMà©RºÎk½ˆ>êò7GÎ¬8~ªi¦Ýü®BÐ•®9 -’Š‡I%¢¤ªÆ…¹,‘Â#ÐgßóoD‰.³—eõ|¹sñ„2ø¦/D¦¤KJeÁPÌVoÉ÷˜‹CVÄy4|¼Mõ|t}¢ÿ\ŽL9ÖëúÒ%}“D¹NDÞ©;’)ºo/®ût\ŽrKí!²d5K™ä!ä5>ºhTG?ÛpARÀÃ’ -Ì,Òãæ¥~mMß[Ußrï÷gªìûùâ¿´ì¢sÖg'>¼$ðXÒƒðñ/‚s+ûÁÕHnkr 'ánù,Œªä™ $à½^Ÿûq|FAõ3é–š«Kõ,ašâ!D‚<á|L>Ÿ„_m¢yÅˆ¶öfr=Ô*•Ýâ†}O÷à¨yƒDÎ¼ -êj£{ê°þX?zèŽ0j¸–± lçÇ;ÎbW{ûðû«ùê¹Z^„ÿ#{È®ã`Âo[Æzl6Ï!@Y°?Z8jÞÒ×0TÀ)Í «õ@b?cbŽTé¤ÉlëˆÂ¼c` G¿øaUÉDe0h¿¾eK‘[ÎnËJü‚$]!ì‚ä»q:¢»ºõl¦‘ÊxõPÍ”ÚÔ‰õÀwKã¼©ßyè£0[9™Ñ"MÖ-;Žœ{0úŸÚG¶Ü5Ô‚ÙÄ%@(=ñG·ÖØ T! ÆNY».°=¬åÝ.¶S˜TGsŠÝƒ;Ú)ìfT"˜yê-;˜vSÀVÇ¶ÓeõðððÛåÝÍõÍŸøŽ¾`_h{@—p]‘$²BêFCâ4æ]Eà)ˆ}×š³Cú{e‡åétØ.¤@ct -öÎ[)+ÊV,¤µ0UÍåWJajlÎ®7Ãf:ð]A61ªrÇþèz]ì¼Î¼}en®·sêa{%EH§»S%Í“œy¯·Øx¼:è¯nýÌåòýXS%‚æ9f8LA¯{ö¼½èf¹n%ÙÛñ9½ÍÃšMvÊ†F¼šx?Gƒ,ež7Z?o&w<Á ó!M†£`ì÷—_>\ÒÑP(>:${Á;G?i/œœ 0ÛÒ7}öMÎ£ÉøŸ|p!_p «éÁßÿ¯ý"“endstream -endobj -1804 0 obj<>/XObject<<>>>>>>endobj -1805 0 obj<>stream -xTM›0½çWLÕUËga÷–Õn¤úT©GÇL6ØNm“&ÿ~Ç˜t“´=´ $üfÞ¼÷†“ºS˜g0-€‹I%ÏæQ y9§÷Œ°™ÜU“xyiÕ† EI/5Ðñ$ŠYåQÁ¢³¨%³íoÁX¦m+¡µÀ0¨ -%ßTOT+‡4õµÂlNµ‚JyØÁ Þ£>GÁQõ`Õw5pÌ"4\·;F ´ëÔµ[¤%ñìP7lg€³®óD|sšùÔ<F™k?5b}É.ˆN€›ÙBÃd J\ZÄ0}¼FB\‚qÆãã§êáÞo†œöÆ¥aõíkNRIíV:†GcQxÍ\ž;Ž‘UÐ)µfœïÿK <0±ëÐÄf¯ópP¶ß]Òv‰;%Ù/>˜¾r)ƒ uoå õð<Æl—£ûiA_N!ËoñjñánŸµzBná^ñ^ ´´Ü~‡Ã œ'´õ?ÿò¢ŒŠYF¿§Eâ&z¨&_&ÏkMendstream -endobj -1806 0 obj<>/XObject<<>>>>/Annots 1133 0 R>>endobj -1807 0 obj<>stream +]Ôož¦‚(zk¥ö Üüå:£KGÞK9ÊTÊƒlL×ây+eÀî<—_þºŒJG0Zâ†¦$³ãøá|w¤Þ yDdÄX!Jìc¬&„2Àu3„H‹ÞR£€€©§ŸgºÑez˜2±ÀOž}Êæ X³G|UH5ŒäŽœòÁ “×¬üÐ3ä(˜7Îbnç…™ƒPV6R¸X—eÓ7@@Ri´|„Ü4æqØž¾ø.ú%–îo¿»};;ÿ"!°l±ŒìÏÓ |J²å&2u¨lÐØƒàÚj¥`*B901¯¨…Þ£ú=²f}–UÖ´ ¼¯ãí#ø'ÜD2|¾+Y1Ðaò*u …œ[¤ºˆIM_\S†RAÄKJÖAÆóM:‘ŠBº‘åè YwÔEàaå»ÇŽXÉëèghé© hœ!ù±3ÖÝ‰â=KÏtŠõQQkÀ¦NðîÀ=VK‹„¿žo¦ÓÏ|L»~7=™f©§µÐF[Ó»1þK“!/…³“ÑiJ/Ad¦¤„ù(ÜˆˆAã5'\Ié‘sÕãvmZ„…Î|‘Mk0„”®Ë1œñØ`·0S*'Ê(w¦ÎS®“Z¬8YË#$EM×õCN¢÷¦^®¬+ Ü4UiÚ¨÷ò"4.Ai¤KGØ9ØQ(ºðAjÅ=0Ì ¼‚M¥G¿D;’ ÉQI v×«¦›øÒÂ‚ _%ÕÖpV‹û‰*eÁ;L¨Îš½m¼9 +dBéVjßÛØ§:å:ÌŠ“Æ†ÆäêÐ™N !žg¶Ê8&ïyÔ0y-™N‚œ”;:/[P¦ +ý¢ æ÷®@ZJ(<·y^·âˆ>àjî'H*&‚ÇKøg’éqwäù2]/ñÐºÏò¥$©es!Ð$ž= î"\:põ©ã:YpýLç•Ññ-ÁKj±kÐÿÁD,>Ê¢ç¿1ÌVD¢}ªÇe`ço`D»)ý¡1Ú•ÿÑÙŒUkÓvŠŸ&ŒžûÑü&Nô>7ð<}24G<˜¸Ì,y¨çŸ!*‡rH°ék7§x¹ár¼;Ìÿbûï\Nï»Í@ºl…'ò&§Õj†÷(È&'½²ædôÌ=?~ÀtL'ã…d=»æóß8N«MºZÎ#¡³åšÃ~¾½úóê_f„”endstream +endobj +1810 0 obj<>/XObject<<>>>>>>endobj +1811 0 obj<>stream +xV[oÛ6~Ï¯8kæ•bÉ—8öàÔ ¬]»Ä0 À@‹”ÍZ"]ŠJš¿ï’[‹b‚ÄÒá¹}úëQFCüdtšÓhJE}4L‡4™Òg§ø?Ç¯ST†£l’ž¾ô"Ç‹ÉK/ÆÓçÏÏ—G'(šÑ²Dñéì”–’Px8¤e1pÖú×ÇË/Êº ÊNº”ƒZliÓxQUµ01nÜÅ%10É§é˜ƒÿ´^‘ßOº¤{Û’À(íní„ÔfM¥u$hçÔ¶mC·Ê5Ú²%]‹z%Â‰Z¯7ž*ªÞÒÖØ»˜ÐoÙJö‡œâ^†”d£4çâ±ÒF8ºÓUE+…UQ+‰Ï~ƒÚ¯RäxEê›W†k§ôº,„¡µ¥•(¶\”=k’Äá›ÜÏý+ÄÐÊù¯¯[Z©Dú°!AR7¢ñÊý3œQ†…3šÉ(‹»Ïgé(ÍRzkë®xÝMXj˜|^x}«h¡*¼u÷Ô´»}Ú²åÌÁ%@qR9ÞFò©GÙ×}‚74£°bÄnŠtdÁ`8jîÑzý·ŽfG9—IgøÛ¡öñrI[åVÊÙ†$UÙ]Ó`å"ž7ÐQ—Jgë€Tƒ +·ÚF1¿£X«›ã”–@r£t-EÅÅ“l9¤T1ÖÓuÛ”ã8lš§“¾ÁO;e>,æŸ_n.œIžMv$à“J²,´A¯ÆšÒ2R8I•-„gA`PæÖªÆJx¯B2!°0¥^·8mwÙ7Û) IìdëV“ß—Wý,½:ç%ðry+H¼á¬AºœôàmŠª•ê$ÖN;ô0 íiŒrÂyˆ€œÁÇ(c09`ÏIÏ:ÖæãÈÚ×RîŠÞÏÿ~÷ïWçÊú¡†ðDäQD!Dœ\ô-°¦1+G;ÒªÆüêã+“Zbßž‚¼/yQ8…Ç•»Ãã”>X»e¸º TvÍ˜D úf;lmî ˆ"àº œ\@°ý&j0ËN°ìe´WÖ,£ìÔ×B•=“›`œµÒOý—ÛYï'C1â‘ {µpÚÒV•½ã"B"*Ïxšòb±Ÿn/†ð2s‘$ýT{òŸõ²î†Ër¸+%ß‹'îøx¸ýÀk%@1`EÍÆ¶¸‚ïàÖ©LòeŸ ³Â!· ²›_G[m´¿9~yPl¢¡>#tî‘ï…çBüJ‚ˆd¥GåÓÁ´¢aÅ$ûÅíýmAJ} ÞE{ƒxhÊÜjg ÛäSnaÀÎ–ˆ˜øû<°AÝB;†¼ ”åŽkqO½Ÿ¯UPQË¶¤·‹¼#ó¬#s6Å7–Ùˆ¦“,NF¬ÖëùÇó9}vö.ZØ¢åÃÆyÇðÕx$9Â +äàßZãé5óø%%›Ì8û»åÑ_Gÿ/ÈÞendstream +endobj +1812 0 obj<>/XObject<<>>>>>>endobj +1813 0 obj<>stream +x•WaOÛHýÎ¯ør©œ8 !ô>Q•Þ!µ”+9U•*6öš,±½îîšoví$˜Díµ*¢°;;óÞ›7“G1 ð7¦‹!&”Gƒh@ççƒhHãé¾âŸ‘”ù_LFÑ¸ûów³£þ‡KŠ/h–!ÔdÓ,%„h–ô†ÓhÑ½Æ©òÜB’-æ)‰2¥ß¼™=âþ˜b\ãûgÃ‹h‚½oº¦¢¶Ž’…ÖV’Ód9ÊËë$B–R!]ZÒ†2£‹ø¼ Ü#UJ×yÑ{]þæÈ™5ÇO5Íµ[ÓuºÖ5GARñ€ ©D”TÕ¸°"Rxúì{þ(Ñeö²¬ž/w!žPßô…È”tI©,ŠùúWò=åâq o[}'ßÆÃCŸèÂ?—#SŽõº„¾tIß$Q®‘wªÒW@B•x–2DI¥*òå«G:ùèÊ)pÑL,%"@Iƒ‚ 2P`¤H}¹r$æX¯ÂQmA2W^Jà†ƒsÉÉk“âçiÜ‹b."º)9Aèî,òå^V`´vQ“ápiƒáZ„é“(j$¬¡ßÈVT,åHLu÷Øk¡÷PQÛF2-²LQY1Ò-tJÊT’×´R¹'d§$#m¥¡›«‡…Ë×ThÀø£VÉÿ, I•Ê)‘TYÊ„áÈ?jiCé¾wQ¹ï½Q@ðMï´Ð!uû¦eìn?Ï®ÿ F0Óy®W\ gÍd¥*Ë¤‘¥#•yÀ(ÝÞÜŸò—ßY‹ß_ÝqÎ©²Î¨yíàÒ<©¬¢²]¦>j½$€FM·½ŠÛÛ‚"úÊ˜ÛTf¨ ^ä¨Òp–xtÙwIeTÂ8ÿc`eóäû'WKÉ±wÁû6¼ïXZ£-8Ð\i{fmÙ¾õ27F²9kU¡Ð ‘;,]ôë´òÀÙ…®ó”¼›€_@ +÷â\~þ0Ü±‰tðÝ[ùìH¦è¾ƒ¸ÒAp9È´‡È’Õ,e’3„7øè²uüqPuþìÂIHK*0³H›—úµ5}oU}Ë½ßŸ«²ïç‹ÿÒ²3ˆ¦¬ÏN|xIà°¤áâŸçVöƒ«‘ÜÎäMÂ3ÜòY$Uk8È3HÀ{3(¼>ãø$Œ‚êçÒ$4W—êYÂ4[ÅCˆyÂù˜|> ¿ÚFóŠmíÍäz¨U*»-Ä û–îÁQó‰œxÔÕF÷Ô5`ý°¾÷ÐaÔp-cØÎ÷7œÅ¾:öá·WóÕ;s3´¼ÿG<ö}Ç·À„ß¶ŒõØl +žC€²`´pÔ¼¥Ïa¨€S*šA"Ö›Ä~ÆÄœ¨ÒI“ ØÖ …yÇÀ@~1ðÃª’‰Ê`Ð8~sÇ–#·œÝŽ•øIºBØ%Èwã6tD_ê2Ô³F*ãÕC5Sj['Öß-ó¦~çY¢Âlå4æF‹4X·`xì8þ=pîÁèhÙIpßPjd—¡ôÄsÝZc7P…<%;eíºÀö°‘w»\ØfLaR8Ì)v~ìd¯°›Q ˆ`æ©·ì0`ÚM[ÛN—Õããã¯W_nonÿÄwô ûBÛº„ëŠ$‘R7§sÞUž‚Ø÷9{¤PvX~N‡íB +4@§`ï¼•²¢lÅBÚ8SÕìP~¥æ¡Ææàìf3l¦ßd£*wênÖÅÎËáÌ¯¯ÌÍõvN}AXã^IÒénF§TI³À$§GÞë-6¯úëŸ;?s¹|?ÖT‰ yÎ£SPÁëž€=o/ºY®[Iöö|Ž@oó°æ€EÓ£²¡Ñ%¯&ÞÏÑ +™çÖ§ÍäŽ'ø4Ñd4Æ~õéÝÝý…â£Câ±¼Sqô³öÂÙÅ³-ý¥Ï>ãÉ4šœñÉâóKt=;úûè?Ýë"™endstream +endobj +1814 0 obj<>/XObject<<>>>>>>endobj +1815 0 obj<>stream +xTM›0½çWLÕU¾B»·¬v#õÐÏ J=3YØ`;µMšüûcÒMÒöÐ‚@ò›yóÞ~LˆéN`‘Â,.&qC6_„dÅ‚ÞSz4ÂfrWN¢Õ $”‚ä½Ô@ÇãJ¤E˜…iËÎ¢–Ì¶{¼c™¶|„Ö3À f(”|S>Q’Ä×š¦ª”ÊÀ6õõ9 +ŽªÓ¨¾«kd© áºÝY0J m\§®Ý"h (‰ï`‡ºa;œu'â›ÓÌ§æÉ,L]û¬Õ%» àyoYÕ!ülí@6ZÍG9àP5¼=x+~“ƒæJs?ÿw²ƒ3éÜ’ ûÑÕ—JÑª#4LÖ ôÈe µÑJÓG«“7A„–Gš‡ƒX—¶œñ ØlÛ®s³¤ºÌšöQ²¬â´ÓŠ£1h|™–N¼ËÒ»ëc$Äõ±!g<>~*náýfÈio\ +Öß¾f$å‘Ôn¥cx4…×ÌåY°ãYR[`vÀùþ¿”À»Mdö:›Êö»KÚ.q§$û¥ ÑÓ×.e°¡îä žÇ˜íbt?Éiã‹¤Yì-^/?Ü-á³VOÈ-Ü+Þ”––Ûïðô˜.bÚŽúŸY^„ù<¥ß “>/XObject<<>>>>/Annots 1140 0 R>>endobj +1817 0 obj<>stream x}W]Û6|÷¯X(z.ò·Ï h›¦Iô¡MòBK+‹9JTIê|þ÷%%ŸO¹ÉÙú —³³³CúßÉœfø7§›-7”×“Y6Ã“óÇÇ“Åò6ÛÒf¾ÎTÓr±É–ý¡O“õ*[Ñf¶Èfx9ßndh¼“—ÛÛlM«Ù*½¼Ýbfº“—X„–·+D]mop-!S9™Ï—ò -QVs}ƒién˜¶XËˆÑ´·»Éôý--f´+‘ÓæfK»"¦‚'ùÕ¯•j;ZÜdô‘[ë‚nô¶;ø—»¯qæü&Í|µP»â -CçýÑg‹.Ú6ièŠæó~(†ldè®bâZiCª({O¥u´ïHIÖJ÷>¨½a<2¬<{Òž¼ª÷êçø™YwÈÑ“9Ê´•:O3z†"B_ÙÎt°l -õ*p^5:Wæ"h?¥[ Ø¿âòÔSð k|X,¢ -<ªRæž‘ÓÉvä»}©‹Œ2úÅx{Mm -æ™I—„A•ò”Wª9páÈi»@=äMzdªÕ #Ó$)Š`z¤NžÔHJ5Ú×¤y+p9{>/\TX ^wy%ß’C®ùvžM)ÙVlZ -Nåw|l†U3ú$%‘Ú žMÀŸ$rBò 6p1ªÂÁÙ®%[RËtÐ±²toM×†àÆ'ð^“¿ÓÆxRMA\‚Ýà3úG‘³¾‡ö•£Z8OJÚÛ.£¹OÈ`´rk½×{p?²Ã6æZ)DS)ýJ*Às”–†G -Å~ÒÅ:3uH/ -¾gc[v£%K§1Èœ^\”H2™crŒŒã -½³ÔXèÈûNj(³ú•‘‰$š -êÈenë6k 6·Æg¾ÞSÃGßÓ™L‰BŒŽóDÁòvÔ¶hç>ÓÎ·œGnC”a!4g-…c~{T@HSêCç”xÀy 6RL€ÎÅ[¤ …A©™„’²¤¸äØx…š+ü}¹A–„|¾¼¤õ~le¨eç Ûç„ûö‰Ö2èÅsÿ= Cc{-½oÉX{‡x¶;T‘rQbž²ª\^AþÂÖÒO -Fî¹‚ˆ/ÏáxÐ!äûh”zJûÈ{jÕ¶‡«Ú×ÓéÙ÷ÒÕ4b¿ôâèY0ÚEF¸a§é¦ŒüNß?ãÅo“o%ÏŠ.é[hFË‹ôuVí!™±sÖ¡'ÿZtòptˆ†˜<Üîïµ…Êk¤,ÙŒrµ lLì§x‡¥~D;ÖÚ:‚¡ˆ‰Áj¡\1×7ö¡U®–²ÈõSˆbÈ²¥äÖ¡F0Á¬éa\ãß¥ï±^ -XÁ—úºZëµÿ‰vbðøÏîDº–ÝI5ßtjß&ºÉMW0 -çBôŽ3h²P%Œ^-jÄË}‘ Õ —`™Òq?¨\4s”Þ¤°-qXXá%I‰r#*ÍH%þyH^a×íH~WGËŒÞ±`6bqýöÿŒŽ@Ä•‘²§©æ” -†´°»Äl’²÷¿È`+•GšB\šÑÖ±ß——qˆg… G]¡Ë…¶ ²ô£òÄÑ¢ñ Ëãf«G(;#é ZqAÚàe*†ˆyJõúí˜–QtóáüpÄ´g–"æÒâAë4J‰Ÿú=%>ˆ9Äm«`l—æ”‰…œÄ±«MûP¡ýùVåßìÛ;±ÍTßâ±02[€Mß¯ûóÖÕE6oÒ«¡lWçnMÏq¦G´+l™´ÝhxFŸ/í°ÔÉµ¡RŸ” ¦).Î0=Ò’_;4«md×†Qâ[äyÇÜ"úFÔ(É=C†q!q()ž¸°òëúíp¸”³5Îkgô†æ³ÈGíþe<®½¡içÝÔXœýz;5zûCöC=š4´õÿÌHë'>uÙxÞÁRŽMÉ%Ó€¾'þY0çÀ=UiÎcq'|Ñ¿}!6%}Ð(œ _\‰ôàÞ¢‘h=ŒŠ„äØŽápÈM+Ûxs¢a}Øh]£Lédx„ÿ]Gw…;Õ8Á%XÏÈîÕ¥öJ*ByÅiãv«Œ±Ç´òŽU8ÂÖ¢‹º,aZ¸õœwN=ùÀ5¶\´]<þôfErqÆAs éöñÉò&iæû?wV›m¶Y/ð3 -šoææ·ÝäïÉ£Dìendstream -endobj -1808 0 obj<>/XObject<<>>>>>>endobj -1809 0 obj<>stream +QVs}ƒién˜¶XËˆÑ´·»Éôý--f´+‘ÓæfK»"¦‚'ùÕ¯•j;ZÜfô‘[ë‚nô¶;ø—»¯qæü&Í|µP»â +CçýÑg‹.Ú6ièŠæó~èâ&ÛÈÐ]ÅÄµÒ†TQ8öžJëhß’¬•î}P{ÃxdXyö¤=yUïÕÏñ3³î ¢'s”i+už"fô +E„¾²)è`)ØêUà¼jt®ÌEÐ~J·°Åå)¨;¦àA×ø°XDxT¥Ì=#¦“íÈwûZReô‹ñöšÚÌ3“. ƒ*å)¯Tsà!Â‘9ÒvzÈÿš0ôÈT«F¦IRÁôH<©‘”j´¯IòVàsö|^ +¸¨°¼îòJ¾%‡\5òí<›R²Ø´œÊï0øØ«fôIJ"µA=›€?Iä„ä.@làbT…ƒ³]K¶¤–-è ceéÞš® Á!Oà½&§ñ¤š‚¸»Ágô"g}í+Gµpž”´·]FržÁhåÖz¯÷àd‡lÌµRˆ¦Rú•>T€!æ,(, 8Šý ¥‹uf ë^|ÏÆ¶ìFK–Nc9½¸(‘ d2Çä/ Æzg©±Ð‘÷ÔPfõ+#I4Õ‘ËÜÖmÖ:lnÏ|½§†¾§;2™…ç# ˆ:‚åì¨mÐÎ}¦o9Ü†(ÂBhÎZ +1Æüö¨€¦Ô‡Î)ñ€ó@@l¤<˜‹·H +ƒR3; %eIqÈ±ð +5Wøûr%<‚8, ù|yIëüØÊPËÎ$¶Ï ÷íeÐ5Š9æþ3z@†Æö0Zzß’±öñlw¨"å¢Ä&pÃNÒMù¾Æ‹ß&ßJž]þÒ·ÐŒ–'èëÚC2'bç¬COþ)´èäàè 1y¸Ýßk•×HY²åkØ˜ØOñKýˆv¬µtCƒÕB¹b®oìC«\-e‘ë§ÅeKÉC`‚'XÓÃ¸Æ¿Kßc½°‚/õu-´:4ÖkÿíÄàñÿžÝ‰t-»“j¾éÔ¾Mt“›®`Î…èg6Ðd¡J½Z4Ôˆ—û"A"ªA/Á2¥%â~P¹hæ(½/Ha[<â°°ÂK’åFT&š‘J6ýó2¼Â®Û8ü®Ž–½cÁlÄâúíÿ‰+#eOSÍ)iaw‰Ù$eï~+ÁV*4…¸(:4£c¿9.;/ãÎ +ŽºB—m#déGå‰£EãA—ÇÍ2VŽPvFÒA´â‚´ÁËTó”êõÛ1-£èæ3ÂùáˆiÏ,=DÌ¥ÅƒÖi”?õ{J +|sˆÛVÁØ.Í5(9‰c!W›ö¡Bû;òÊ¿Ù·wb›©¾Åcad¶›¾_÷ç«‹lÞ¤WCÙ®ÎÝšžãLhWØ42i»ÑðŒ>_Úa©“k'B¥> )ALS\œaz¤%¿vhVÛÈ® £Ä·ÈóŽ¹Eô¨Q’{0†ã2BâPR>/XObject<<>>>>>>endobj +1819 0 obj<>stream x•WÁn7½û+¦ºTbY’eÙ)ÐƒƒÚ€&Mµ@_¸»Ü#.©’\Éúû¾™ÝµÜµ}(‚ —äÌ¼yoõÏÉŒ¦ø3£«9],)¯O¦“)]^_L®iq}…Ïñ7h*åÃüb6Y¼õa6ÿøö‰Å>NÎï4›ÑªDðåõ Bàé”Vù¸VùÚ8=9]ý8™ÒÙ|‰«b¼Zkâ¥ó;ä+GÇ±Î&¹we»Üß8&íR8´‹—ý^²¾"«wÚÒ¯Ãý&R<8ïµo"íMZSB´7¯)tÖTïÜ“Ö*ÑZEÊ´vÔD]qäm¡‡D1³‹Éœ‹Ùéw‘|IßT)R›ù¤qO Tú@™Ê7{ŠH¹¯·*™ÌX“|´€Jcu"v¹ŒÿÃNÙFsÆåA+Îÿàb-RÊ}(HQ4•3¥É•KöÐïä¤[P•@Tñ’q( FÊÞõÉõÜ¡²ÚÇôb·ßê {£„ÕœOä4ò@\ß¹6ÕZT¦]Lè‹Vy(¤ˆÆ#,gšRj|.‘`ß_„LgÓ8•øÀ6è -äŠþ¾}øNV…JÓÎÛ¦Ö7S¨PII-çwiæ2…Ï.-IçW“Å„î]ÒÁ)K:âéÆ”¾š,™÷¥Zi$I£û/«Û‡/7¿ÓíÃÃ#ªuŒ +äŠþ¾}øNV…JÓÎÛ¦Ö7S¨PII-çwiæ2…Ï.-I!ƒÅ„î]ÒÁ)K:âéÆ”¾š,™÷¥Zi$I£û/«Û‡/7¿ÓíÃÃ#ªuŒ ñA!t!Hté3™„ ìÂµü©€Joœ~Úê<¡n”²ƒâ÷k0…Bã°D¦‰Û½ >S£”«¼—6P©Ë·F+½Êu`bbg_1æœ`›Ãã¸qà¡´owv"|ß Ht“®)ú2ñÒãiw®W= b)öXä @@ -4235,355 +4229,362 @@ B ôýèÚÍÈ‚“>¤^:=&ß¡É¸öå¾DßUCk¿§äùLðE“CÇÀÈ”´õ1¤1¡¯’ÕjÃ»P«Ý;á@‹.ÞŠÊ’”¥)„} S‰ýi¥¶[¨X¡š?aG›¬0€2y%qjÇ…=E ·Âö>Qf$ë¯tm$(²çÛ„Ÿ]’÷VFçëFUtÐs³lo…~áçw½a¼pžªÈZºqAí®Þk^ìREÁ-ÁoƒQ ]Wiì|{šu$X¡e|%OªG]CŠí0(¼û™MráM(ùt Q‘=˜|Ú °a¿bÒ1¤lN¦#—ÇPAÍqGñˆs©ÀfzÂ€¦Êhk[ÀGzªúu9¡›€;WªzW`ä˜â¯™ÞÙÖ_ìê©q 8‰#¹qæIGn‰ëC2yól¿ñu‰¬qÍm`ŒÚF€ŒÙ ,Åüjê-Âçpa&&7üœ–ç¯ÐªÆØtqƒÂ#È§"r‘CÿžC›"Òf‚u¦ÃØç2F»f+ÁƒÁàðI¢wà@aŒÛèy6|½ÿmÔ‘ƒïeOÇÒ³WAn©‰~E£\Ôˆç+xŽW«´K#Wf–€¬6¸¬YpåÞ£ú;sÈU‚×ñ®£‘£eVH×ò#ðYçm¿ß~Ô,á|›~Ÿ+ÄÉ4t=ÊGŽŠQBÌbÕEt¼4O?õs/j€×7f&‡él’¡jóêçò¾Q–tÖ´Ëý ó¼ÇK³ÓÔ;ïmn¾Í–³#} ˆÂÞ`d¾-_ÂMè3›'„-ÆZaSCrªÂ# H€Ó0Zyðk¿›m|Ó‹Qñ¶ƒYsÿ-H1É$8ÎÕý\Æ!ÇÖ›Ïï®»7³%~©]_Ðòr‰_axX~»ùüé†¾ÿ–K¿ùØîQÇÑÏúgWÓ¼ÿÝgëby=Y^ÎñÄÅ®ÙrÎ§oW'žüÊPendstream +¼Ý¡räß[Î8!’„19ÓaÍ#§môq8ºÒÙ_+éÈ{>u9¡›€;WªzW`ä˜â¯™ÞÙÖ_ìê©q 8‰#¹qæIGn‰ëC2yól¿ñu‰¬qÍm`ŒÚF€ŒÙ ,Åüjê-Âçpa&&7üœ–ç¯ÐªÆØtqƒÂ#È§"r‘CÿžC›"Òf‚u¦ÃØç2F»f+ÁƒÁàðI¢wà@aŒÛèy6|½ÿmÔ‘ƒïeOÇÒ³WAn©‰~E£\Ôˆç+xŽW«´K#Wf–€¬6¸¬YpåÞ£ú;sÈU‚×ñ®£‘£eVH×ò#ðYçm¿ß~Ô,á|›~Ÿ+ÄÉ4t=ÊGŽŠQBÌbÕEt¼4O?õs/j€×7f&‡él’¡jóêçò¾Q–tÖ´Ëý ó¼ÇK³ÓÔ;ïmn¾Í–³#} ˆÂÞ`d¾-_ÂMè3›'„-ÆZaSCrªÂ# H€Ó0Zyðk¿›m|Ó‹Qñ¶ƒYsÿ-H1É$8ÎÕý\Æ!ÇÖ›Ïï®»7³%~©]_Ðòr‰_axX~»ùüé†¾ÿ–K¿ùØîQÇÑÏúgWÓ¼ÿÝgëby=Y^ÎñÄÅ®ÙrÎ§oW'žüí(endstream endobj -1810 0 obj<>/XObject<<>>>>>>endobj -1811 0 obj<>stream -xVÛnÜ6}÷WüRh´×úäac¯“ì]×RšE¸åeM‰*Iy³ß3¤”Úª†[ÎåÌ™3üëhBcüLèlJ³SÊ«£q2¦ùÅErNóó3ü=Å¯•T†ƒÉÙ8™¾u0;ON‡ß?dG£›šŽ)+ãôìœ²‚àŒ/ùÉÕN4^Zšž'”í$9Qmå;™?iåüÙŸáúä,^7›#tVœÀ~’ÐªöÖmî•©£éœ&“Îtz†l`ší”£RiI¹©½Pµ#AìœLI^:ïè`ZÊEM´¥±yCÏB«BxÉg–Ò–“öYZ„õ$´3¸¬u¼¼ß Oùkõ$õsÓ»É,&›‹ÖÉ 5[-+BRª$å© -^D} S÷V0w^6±‚M#œ“0Òš£à4æ¿kv_ìVlõöÆ>©úqB©j™tß¦§ÉœùŠªÝÎ´º ÂÐâö6T<ÿDªÿ[ ;°Ú× }‘´Ïn•,¤\XY¶Qó1œÖ• äl—¤©ÿÃ‘‹Fl•V^¡0ÀªJvÚ…•ÂjÕ{æ H¸aNÖÅÈ:êT@å‡3ª$ùüõ`Fºú€:†E¼…ÂjƒvÍžëo(26Œt.‹ãà©Dùúkmc•ƒ‹À˜·û±6V¡ž‰—¤ ©§ -œk«†)ÂnÞàôª\`ƒR‘‘ J[ÅÐ±Yây»Ö8þ°ú˜.~]>Ý_õ'‹«ÛÕrÑÖøÝ |4‡ÙõhMÛP¶L³›Ï÷Ãöd‘äF¨Û©Jia¬%8å¶4ÙçèríÝÐÅ*P:ÌØËzžj³×¢ +1820 0 obj<>/XObject<<>>>>>>endobj +1821 0 obj<>stream +xVÛnÜ6}÷WüRh´×úäac¯“ì]×RšE¸åeM‰*Iy³ß3¤”Úª[ÎåÌ™3üëhBcü›ÐÙ”f§”WGãdLó‹‹äœæçgø}Š+©“³q2}ë`vžœ¿ÈŽF74SV"ÆéÙ9eÁÿ_ò“«h¼´4'”í$9Qmå;™?iåüÙŸáúä,^7›#tVœÀ~’ÐªöÖmî•©£éœ&“Îtz†l`ší”£RiI¹©½Pµ#AìœLI^:ïè`ZÊEM´¥±yCÏB«BxÉg–Ò–“öYZ„õ$´3¸¬u¼¼ß Oùkõ$õsÓ»É,&›‹ÖÉ 5[-+BRª$å© +^D} S÷V0w^6±‚M#œ“0Òš£à4æßkv_ìVlõöÆ>©úqB©j™tß¦§ÉœùŠªÝÎ´º ÂÐâö6T<ÿDª[ ;°Ú× }‘´Ïn•,¤\XY¶Qó1œÖ• äl—¤©ÿÃ‘‹Fl•V^¡0ÀªJvÚ…•ÂjÕ{æ H¸aNÖÅÈ:êT@å‡3ª$ùüõ`Fºú€:†E¼…ÂjƒvÍžëo(26Œt.‹ãà©Dùúkmc•ƒ‹À˜·û±6V¡ž‰—¤ ©§ -œk«†)ÂnÞàôª\`ƒR‘‘ J[ÅÐ±Yây»Ö8þ°ú˜.~]>Ý_õ'‹«ÛÕrÑÖøÝ |4‡ÙõhMÛP¶L³›Ï÷Ãöd‘äF¨Û©Jia¬%8å¶4ÙçèríÝÐÅ*P:ÌØËzžj³×¢ “‚öŠg´Äì;°‘ PwÕ6Á¼—˜ Ú+ÌMtºÚ›º®æA™Ç¾jŽúÚ‰‚( -FøØ]ä!§ípÂ¤âDÖ„ÿõ±/ÙñèfL½$ÍãäýŽôQÇPYL#Ô©ª½G?«ÆXaA¶ -áw0ÁËðÈJÁC‰|Où¢$~Z¦ËÐÁ”iúùnI BºÚ¬i–°öoèv‘›Ê>-)]Ü}XPúy•-J7°¿ÚÜÝ-Ö×iŸ@'ué§Í—5]¯®i½ÉhùÛ*Íhµ¦åâ¬zè£ô·z%º×R@L½ ?ë#+o*éœxixÜ¬Ì¥z–AY7_™ààAÔ=kräBÐmVÉD‹)·u =«`ÆÎ;E,•Å¬‡EôÝî)PÏJgt²„ÓÜXdäqßIOm“|¼¤;’@ -âÄIŸ‚—çÀÒ¸Ÿ£0\xˆ×MWË:¡–ß°»†³À>‚hGe„KQ´ëuŠ´xo‘Ès ÆpXEð¢\†åxà¯0’ƒ*zžÇìQN«‘>&ð¸À’…N~cÖÃ”ÁÝ–Õsóæà `Y„>fkÖoï÷˜ãý—RÎà”—÷wH(¿0ÞÍÆqïCMgüH`+šD³WRÊS!åJÅ4˜8Ö¸Êw‘øÔ½úœB?‘mãEZ^!o$ßïîž`ê¿À[î/¶x$j'ZüR)ÕckEàXx¼¦RàÃ°õkãå%«öt?Ü¨5Ö‘69¶1¯ÖË $,Hñ‘thž\¯á9¡}Ó¾uvÄþô(Üiµ7ÏÿywÍ/¢Èý§Ýü/ÆŸ§èZ19±¯evôËÑßôæO‰endstream -endobj -1812 0 obj<>/XObject<<>>>>>>endobj -1813 0 obj<>stream -x½W[OÛH~çWùeA“h¥>¥+$–eK´R%^Æö˜L±gÒ›Äÿ~¿sÆ†`ØíÛAÁžÛùngòsgJ|MédFGsÊëI:¡“)~Ÿžàçß^S¹s¾Ø9üú‘¦Ç´(1e~Š_ -ÂðÉ„ùîì4=Jg)-thh¶·øÑÇ4ÆÑ³ŒÞýÖZj–šrW×Ê”¬Œ} ó«ßï.¿ý}ù-¡Ò»ZFÜ^ÐË€³‹ë«Ë›ÅÖëÖš en“ÒUIk©pö·†tÃ;Oè`ŠÃðŽŠžTe -”VÎÍ‹[žáiqq{xuKÁ•ÍZ¡DÈºgó^çMÕ‘±¡QU¥‹´_t6O¹èÝ×ðBª‘×¦ªÈj]Pã3|CŠ’ÂZ¡šU“ÐÚØÂÉÅâQz@ÁÕ×îëA%X¥Ö!¨MAuT²t—YºÖ 9OÁÔ¦R~«®/7w/EaÄ¡nòCž¨4ÕPç§—ªƒnÚpm•Ád˜ÔŸ8¨:S¨§Yº¶!ÞIÛÆ¥±S´Ò^ÈË+ƒ·û”aè©ÚZ÷dv_ª'…ÿfE¯k±¨+y&"cäÎÌ£¼VP¯—LµyX1e*®Èˆ^< ”ømåkz2JÐ7«rŠš•÷àUÞïñèmßM£ˆÅ°G½aâ°_6ÔY¤•®·ÛkûÅ—^€Jª‚] -WÚƒê L(ÖTXÂvãr2•?Ž™}å í=¤68#w¶:DQÄÈF9W 8°›àxžaÉ°uG"8 ‹TAP/¾¶b¸yJö£ÿÚvâ½$fKÍ‡‚P-áœRœÜgÊ“V3 ëŠ·ØÇ²@JK?Žö^÷ùâéÍÌ6H‘ì‚•òu"nkt½r^yƒò`G)Û g©J@A²ÿhã¾œ;1öM…ol÷Šœ5[¤'«ÞëKþ×Ù+4ÕY1$E:‰´L^|õç&Ã¾p7…€üÁº0 '2ƒSo ¸êÞ__g*[Ê™”¸o?jû1ê^Ær}8Yf\8!ïÐØ¸ë__Ý-.o¸K ƒô4b0ÿM*ùOá'•4‘Hc|EÞkÌÞx~ŽPøªQzI öDïˆã·:àâL³ÐZ["âmQAõ²—A+y¶R¦sž%ØÅVƒh†&/¾€NUEº$øg¨¡6.:¯ìQéZúT£7/¤Ë¶+ŽHé¬ -®'LÌÆÖ3êˆ™ûÝÁŒ÷{Ò¦B‡ÌØIÅG»'#g±ˆÌ'¸ËµôŠ¼qÒ÷ÖˆnÐÜµF°3:•C¨ã‚S9HˆOHo€c‚2›oŠl[g±ÉÅ{êziò¥TIì”È-‡J¡ÄH@øZˆtœµæ«S9»rT Šc ÊUˆ n ©Çˆ-0 iÀ.bÙwûO¼Þá× }®wÇ±©Pÿ/^78(é3]_ûOÒS¾@½&Ù„q›Í&Ýú>ìº™–á:€ÓCM¥BãDÈ¼Ïô=6“×÷Î9ïw{²ÊŠûH›˜èÊæX£?ÔªÀ58pjŽ …hYrPmãjôõÇî¨ñÊ†ŠÝŒöX‡÷×ÏÊ¹w4R…ZA1ø¿@šÎp¹Æ×láÖ(S÷’œ!E†ÜàÎÿIRà—º493ïúâ‘ºñ‰ŽÅ¾µø/…# G–fƒ¾œ³÷{’&‡_OûYÓ94uzDó“ñÃÏÝÙçgtëÝÄ}q9.àˆ>†€!>&œL`äâÏpÇóÓtþa†Ï{x=ó´ËÅÎ_;ÿ¨E¢Úendstream -endobj -1814 0 obj<>/XObject<<>>>>>>endobj -1815 0 obj<>stream -x…V]OÛH}çWÜåº"&_„°oÒRËfÁZi%$4¶ÇñÛ“ÎŒÉòï÷Ü™IH]ZTAbßsÏ9÷~;ÑÿFt>¦ÉŒòæ`˜éìâ?§sþ9Æ#©ô_L§³düÖ“ñ(™¿õÅì,™ö?¿LN?Mi4¢´DòÙüœÒ‚x8¤4?^´ÚUÒP®›F·”‹ÎJÒ%áCüâ6š¤1ÚXR–*ñ¬ÚYÝHWño¢6R/dº¶å¿`£Ñäâ„l—W$,Ý‹&Ò¯CŒ&è(-ŽŽ•üƒl“wûzitCª•®ØF~ø@Úì%¬Õ“¤j¥œ¨,-…«6Ú<Ù„®*™?Ñ‹îLˆäº-©Tµì¥Îd©±3/\±Ód@É¾T+¨Hœr@£%ñ¬ê¡Z;Æ¥4uF8¥Ûßbäñ¨£©E[Ð‹t$"¤kmÊjAEZ*…ª;dG ôú>¥ ·¿©dËx±ÍS#ì‚tÊÍgF‹"q‹ÂHk{ýXé:Aåˆ«Ú\#s—Ð²–Ì=.®Î§@|:iJ‘KºYÒ"F¾Ë]²×ÏîCU_PÕ¯RÇÄ¾pŸÎÏœ±à–¯©~! #‹È-š®õ*i›Ì*á§Ÿ.h@™ƒÉ(`;ž'“dšP*Ä4<öJêÁ˜I}|×…ÌeÆïqkŸº5 .éòæÏûë»®ïèññ~ñårñøx˜Ð¿º#[é®.hìy@$BÍsbJõúYiž!œLäO¾nT»eÂ -Ýù-¡OõÝ€†jA½º–ÅÏØ«BÈƒÉèÕÁZ•'Ì‹íH{µöî«Š‘¨•uÒK„ïŠõV¦çýÊÿjA™`k£A^Ò†\€”kfuªfodë¼0`á§j-Œ€GHØ,1ÝŽ¤F€„nÊ^Õ°ï0þQ¦-~Á]œ„öt+ü&ÙÜ¨5C -:CàNCß¨Uåh//wÍÀùG_å†E†ý„a!â®ðÔY4×cžò+ßWŸo®oS:úýèÇhÑ2Þ`ßòÊî3ÐÓ€1÷ å‘ªf{,Ý†Õ±^^af<Ázhïôè‰žõ.(ÿ §ZÁî8G‹AÆ}@¼1º]õIƒê¶ÍZúÔ0*]?KzV‚>ÞÞs¨–xµpÌï¶×I´‘i¼ê õwÆ5‹ãšýð[†ð‹q4þå R&¨SÀbBîí´c"Ø7²6òYé°Qe\ûõaˆ˜ñ{ž9òk…,EWã…ÿö&ý(¡µ]“ÁvàL·ÒeJÛÓôj D+mÝNn[›Î†i¬u‹áŠÚÁëVUXÊ«·dè×ñ®®ë^Z$áêÂëVB¢AÍ‹•éá@OÁ\°ƒ÷Øl¥¤Cæ€ÕXåê©ô“ƒ/ÈÊCj°ÑÄJö·šW¬•0XQ‡ÖÞ w-ãVœBUª…áhÄ÷û± 'ïÈQ«A;QðàŽ‰w&|ŒT|Ñ9ÝÀst•W¢U¶×1d V¸ô"Ž3‘ÿ¥¡ à.w[Ù’^óÄ{3Á¡n´³í0µöÂRø²€vÍžÀN^)å73ˆÁçÅ`ú¡p6Î¸Ú@]¶‘h+žæñDñ²MlT]S+y©c±D}cÙÆêñ!îO¢wJð~yÇVöë rd‰ùxU‰8ð}EamâlìS» -vëµ‰“ðÅ£éáøN–PêŽ÷_,}rzzøà‹:ý4ö?šá‚ŸOh6ã:Ç9âZý}Ôy·[™<ÓÁö…Áùð‚ŸÿñÆ™ÎæÉìlŒC_f~+]§üdFïendstream -endobj -1816 0 obj<>/XObject<<>>>>>>endobj -1817 0 obj<>stream -x}WïoÛ6ýž¿â `˜Ôvì$Ž[tš®¬mÖd -ä-Q‰TIÉŽÿû½#)Yvš%àXäýx÷îÝéÇÉŒNñ;£Ë9-(NN'§tv>Ÿ,è|y‰ÏsüYIùÉÕÝÉôã+šÓ]Ž+‹%>d„ã§§t—ŽæËÉÙärBwÒ5tùâî;NŸÓlNç—8=úÚjj -I©©*¡³pê"ž‘«Vi©¤nh:½ºþãöÃ×>|Þ}º947šÐ7Ó’+L[flOÓJRmMU72£ÜXTç¶Æfþ,ß?¥ñìl2ç0âÍÖIMw”LîÿijZ±ƒÜK³^Ã®ÒñÏ[iei«šbB×¹?¹¸Â'~BBgœwÖ}Ü"ó ÐøozhQÉ7dêF€³ã³Yc?_—q¾.¯Ád˜¯_‚ÆÜ¼÷~½ÈEDÂ…=\P'Ú(¹¥{üô³öÐlœ³[U–P3î C$$šcÚz.¢ï%™Áˆð8aƒ· -3f{€0—v%@gÖcXP±ªôô€YÏ>Ht˜W?‘?Æ–íÀ÷Ph½šæ(S†f…ˆ© -f-ñöŒÓ+…hýp‚'S¶¤°³d+½Îœ¥òÔdÓº60ƒe5£Õ oðšÕŽ4ô W LY Yk -¬*Ïh¨jX3ÂX„3.§c4(q>1-Œhí/C„Ÿèy®1:5á¸±zÁds½F·Ó‰n ¹¾!|*(@N=-º5$A1]¬Iâ7 äÌE¶˜½`HZOU§X¬áÍ{_¿ÞÿO4:høÄ\yZ›ôûç[FøÀÖ_»èÐùAÆíf|*`©¬ -ã°›'Ú3áG™=P½¸FBþ|“á¬¤LlÇëŠÈãº®Á¬NHwÇ“¶›©G¼à &nÌã?aŠWO±ù° h(·mTÚ¢^R%ÐM-¶YŸhò?Ì¶›={õº9èC-fÖÒÝ¿ˆ®»áõ®tæ%3š»†éî—%¯•¹Hyg‚jzd;ÜV £¯–•?Zê“ã¹Î£b°ë†•ˆ$¯,Ò Ö>Lw#…‰]ùÆöSr[¨´ð*7xÃ¼ÏÿßÈ´J¤…_¤¿¡;c¬Ž2¾¸a!ÆÂÑÍÔÿ¶$lÙ -M!Á$ÄBEb´±*Jµá|;(Ä’Ã’5Ýa_èØ~‚qÕ£•£Q‡qz ævC/ù`UÅxÛÀc^¨ _-Ûjí±Çs±¯½Ä»(ÇÉ‚‚ÿ°P4v;˜}O?.ã{ßl÷Ìå-.—¼ÂÝ¾ûtõŽn¬ù^Ðï&m+ÜÈX<>¾<}åW¾'/žç‹ådq1ál±`wîNþ:ùþ¡¾endstream -endobj -1818 0 obj<>/XObject<<>>>>/Annots 1138 0 R>>endobj -1819 0 obj<>stream +FøØ]ä!§ípÂ¤âDÖ„¿õ±/ÙñèfL½$ÍãäýŽôQÇPYL#Ô©ª½G?«ÆXaA¶ -áw0ÁËðÈJÁC‰|Où¢$~Z¦ËÐÁ”iúùnI BºÚ¬i–°öoèv‘›Ê>-)]Ü}XPúy•-J7°¿ÚÜÝ-Ö×iŸ@'ué§Í—5]¯®i½ÉhùÛ*Íhµ¦åâ¬zè£ô·z%º×R@L½ ?ë#+o*éœxixÜ¬Ì¥z–AY7_™ààAÔ=kräBÐmVÉD‹)·u =«`ÆÎ;E,•Å¬‡EôÝî)PÏJgt²„ÓÜXdäqßIOm“|¼¤;’@ +âÄIŸ‚—çÀÒ¸Ÿ£0\xˆ×MWË:¡–ß°»†³À>‚hGe„KQ´ëuŠ´xo‘Ès ÆpXEð¢\†åxà¯0’ƒ*zžÇìQN«‘>&ð¸À’…N~cÖÃ”ÁÝ–Õsóæà `Y„>fkÖoï÷˜ãý—RÎà”—÷wH(¿0ÞAEÉñÿŒ lE“höJJyê ¤\i¡¸ƒÇ·Sù.rŸº@ŸS¨õ'²m¼ÈCË+ääûÝÝóLàxËýÅDíD‹_*¥zlÀT +|¶~m¼¼dµÂžîï‡ Æ:Ò&Ç6æÕz”„)>’N Ã“ë5<'´±oÚ·ÎŽØŸ…[#¶ñæù?ï®ùE¹ÿñ´›ŸâÅøó]C+&§3öµÌŽ~9úžO_endstream +endobj +1822 0 obj<>/XObject<<>>>>>>endobj +1823 0 obj<>stream +x½W[OÛH~çWùeA"&h¥>¥+$–eK´R%^Æö˜L±gÒ›Äÿ~¿sÆ†`ØíÛAÁžÛùngòsgFS|ÍèäŽæ”×;ÓtJ¦3ü<>=ÁÏC|{MåÎùbçàëGšÓ¢Ä”ù)~)Ã§SZä»GÓô(=Li¡CC‡{‹}L³Y=9<ÁèÝo¥f©)wulAÉÊØ:¿úýîòÛß—ß*½«eÄí½8»¸¾º¼Yl½nÙPæ6)]•Ô¹– +gkèA7¼ó”&3†wTô¤*S „°r6h^ÜòO‹‹Ûƒ«[ +®lÖ +%š@Ö58›÷:oªŽŒ ª*]¤ý¢‡ó”‹Þ½q /¤ÙzmªŠ¬Ö5Ž0Ã7¤()\ ªY5 -Üš\,¥a \ýxí¾T‚Uj‚zÐTÇ@%Kpù¥km‘óLm*å·êúrs÷RFè&?à™JS uŽpz©:è¦]×†Y¹L†Iý‰ƒª3…zš¥kâ´m¼ÑX;1µAû'í…¼¼2x»O†^‘ +¡uOÖh÷¥zbQðoVôºV‹º’·`!²0FîÀ,1ÊkõzÙ ÀT›‡%S¦âŠŒèÅ“@‰¿ÁƒelKãõl?C—Òwèê¹^WjÃGß·DX3‘åµóCcp<úÙâÈø}ŸVÚ/Õ*PÖ¶sÐÆ©<ÓQýª/#´™År÷»XàÚØ–7æó‡ÑæP¾¦'£}³*×ª¨Yy^ÕéýÞöíähE,†=ê {‡ýÚ°¡Î"4¹Þ6n¯í_2x*© +v%´\hª'0¡XSa ÛËÉTþ8fö•'´÷ÚàŒÜÙê`E}#å\´‚âÀl‚7ây†%ÃÖ‰à4d,RA½øFØŠáBä)ÙþThÛ‰÷’˜--4"@µ„pJq¶rŸ=*OXÌ4¬+ÞbË)],uþ8Ú{Ýç‹§73Û E²VÊ×‰¸ÑõÊyå Êƒe¥l7œY¤6*Éþ£ûrpîÄØ7¾±Ý+rÔl‘ž¬z¯K,ø_g¯ÐTgÅµê$Ò2=xñ9ÔŸ˜ûjtNÀÝò;ëÂ4œÈbL½âª{}ž©P@Nl)gRâ +¼ýX¨}pìÇ¨{Ëõád™qaBÞ¡!°q-Ö¿¾º[\Þp—@éiÄ`þ›&*ùOá'•4‘Hc|EÞkÌÞx~ŽPøªQzI öDïˆã·:àâL³ÐZ["âmQAõ²—A+y¶R¦sž%ØÅVƒh†&/¾€NUEº$øg¨¡6.:¯ìQéZúT£7/¤Ë¶+ŽHé¬ +®'LÌÆÖ3êˆ™ûÝÁŒ÷{Ò¦B‡ÌØIÅG»'#g±ˆÌ'¸ËµôŠ¼qÒ÷ÖˆnÐÜµF°3:•C¨ã‚S9HˆOHo€c‚2›oŠl[g±ÉÅ{êziò¥TIì”È-‡J¡ÄH@øZˆtœµæ«S9»rT Šc ÊUˆ n ©Çˆ-0 iÀ.bÙwûO¼ÞÁ×)}®wÇ±©Pÿ/^78(é3]_ûOÓS¾@½&Ù„q›Í&Ýú>èº™–á:€ÓCM¥BãDÈ¼Ïô=6“×÷Î9ïw{²ÊŠûH›˜èÊæX£?ÔªÀ58pjŽ …hYrPmãjôõÇî¨ñÊ†ŠÝŒöX‡÷×ÏÊ¹w4R…ZA1ø¿@šâr¯ØÂQxþÎ¾bÍçKeqó‹L1Ñlœÿw9^äxûJ X~qtóçá%‡£ä=24ßÞï¸‡±AàJÑïÚ„%C5LÆZu_õDl*Ót’½ßž¯!Ò>úËw‚é8#n3¥ÙÃmÈU´&<âÇq ?o}>¦î%9CŠ¹Áÿ“¤À/+.tirfÞõÅ#uã=?Š}kñ_ +' +F@,Í}-8gï÷$M¾žö³fshêôˆæ'ã‡Ÿ»³?ÎÏèÖ»ˆ+úâr\À}C<&LN¦0rñÎg¸ãùi:ÿpˆÏ{x=›ó´ËÅÎ_;ÿýæ¢Åendstream +endobj +1824 0 obj<>/XObject<<>>>>>>endobj +1825 0 obj<>stream +x…V]OãF}çWÜò[“/ô-°l…ÔÝ¦`Uª„„Æö8™eìIgÆ¤üûž;3 Y/»hµû~œ{Î¹÷ßƒ ñoDçcšÌ¨l†ÙÎ.ÏñszÁ?Çøo%Õá‹ét–ßúb2eo}1;Ë¦ýÏ¯òƒÓOS(¯‘|vqNyEH<R^Ï[ãWÒRišÆ´TŠÎI25áCüâ7†¤µÆ:RŽVâYµKr¦‘~Å¿ m¥¨^ÈvmË#ÀÚXO£Éå ¹®\‘pt/šB|È¿i0š £¼:~8Vò7rMQqÜíëµ5 ©Vújùá»—P«'IÕRy¡-„_mŒ}r]¯dùD/¦³1BVš¶¦ZiÙK]ÈÚbo_¸boÈy’C-¨VP%$8!åFKâÙ(ÔCÚxÆ¥¶óVxeÚ_Räñ¨£©y[Ñ‹ô$¤kãœ*´L "-ÕBéÙ(¿¹ÏiÂíoV²e¼Xæ©î A*:åækDU +‡¸Ue¥s½~œô rÄUmi¬•¥Ïh¡¥ÀË€‹_ R >†½´µ(%Ý.h#ßÕ.Ùëg÷±ªÏ¨êg©SâPxHæÎ8p+Ô¤_ÈÈ*qKÅ¦µYfmS„QeœàôÓ%(³u0El'Ãl’M3Ê%€˜ÆÇ^I=3©ïº’¹Ìø"®6æ©[ÓàŠ®n¿¿¹ûûæŽïçŸ¯æ‡ýc:r+ÓéŠ–ÀžÇDÔ<'¦T¯ïØ™“öÂ)DùêFµ[&Ü†×¨2íQÙ* Tß `¨ÔÓZV?b¯Ša &cPkUž0/¶#íÕÙ»¯*FB+çe(ßUëLÏû•ÿÙ‚2Ñ +ÖÖ€¼¤‹¹)×ÌêTÍßÈÖ`À"4* ÎðÔZX° Xcº‰F€Œnë^Õ°“à0áQ¦-~Á]¼„öL+ü&¹Òª5C +:Cà^ÃßªåÊÓ^^îš¾Ë;;K;ûÃbÄ];ñ©³d®Ç<åW¾Í¯ÿ¸½ù’ÓÑ¯GßGK–ñû×nŸ^Œy¸O¨€”V˜ì±öVÂzq™ñ@vë¡½Óc R|6¸ ¬Â'œj »ã-™ö!ðÆšvÙ' ªÛ6[RÃ¨Œ~–ô¬}ürÏ¡ZâÕÂ1¿Ø^'ÉDaðª‡Ôß×,kö=ÀoÂOÆUÑø§ƒÊ™ ^‹ ¹·?ÐŽcˆ`sÜÈÚÊge:üÁFUtpí×‡!bÆCìy:äÈ¯U²Æ[ÿíM,ùQFsj»¦€íÀ™¾H_(ãNóë]çwrÛÚ|r6LcmZWh¯[®âR†Xƒ%C¿žwµÖ½´HÂÕÅ×„D£š+3Àž¢¹`ï±ÙII‡Ì!«qÊ+4PéßNZ¡ '©ÁFKÙßjA±NÂ`…Ž½Aºà[Æ-9… §¥…åhÂ÷Û± §àÈI«Q;Qðà‰w&|lT|ÑyÓÀKtU®D«\¯cÈ@¬pDœf"ÿ[KBAÀ[]î¶²;$³æˆ÷f‚C%Þ6h fÛaj/ì…µZòeíÚ=¼R*lfƒÏ‹7À/Bálœiµºl#ÉVÍÓ‰d›Ø(©•¼Ô±X’¾±lSõø÷I Ñ»@F%¿N¼c+Œ ûõF9²ÄB¼ªDø¾¢¸6q6öÎ©]»õÎÚÄIøÒÑôp|'k¨u§ûŒ/–>9ƒ?=|E~ºHö?šá‚¿˜Ðl2ÆuŽs$´°æ+2úhÊn·2y¦ƒíƒóá%?ÿý3]d³³1!|=š…t“üuð?Òïendstream +endobj +1826 0 obj<>/XObject<<>>>>>>endobj +1827 0 obj<>stream +x}WmoÛ6þž_q0Ìê÷Äq‹®@ÓµC€µÍšlC|¡%Êf#‘*)Ùñ¿ßs$%ËN³‹¼—çž{îôãlJüNérFó¥åÙd4¡ùùl´ óå%>Ïðg%ågWwgã¯hzNw9®,–øŽO&t—æ“Ñ|t9¢;éjº|q÷§Ïi: §‡³Kœ|m4ÕI©)K¡³pê"ž+Wi¡¤®i<¾ºþãöÃ×>|ß}º967Ñ7ÓÛ˜¦ÈØž¦•¤Êš²ªeF¹±$¨ÎíŒÍüY¾?¡át>šqñfã¤¦=J&÷ÿ‹45 ‚ØÃ‰@î…Y¯aWéÚøçV´2´SõfD×¹?¹¸Â'~BBgOœ·Ö}Ü"ó ÐðozhQÊ7dªZ€R”û(¶“È»Hq2µ²~6à/:•¾ ´Çñq1cÝ×…BŒ øö6‰Äéê˜ý«®Qxó@"–Ö‚W¥tN¬üu~¤ªÉ‰½£Dé(TFZÖàß1 + ûÔç +(„™ #’ ¬•i]ìÉÉº©@5NÃrCŒR£óQt6‹•å:+‘udïù)Ôƒ„½T ŽiìáG[#ŒÈFl%`™Ùy#hG÷dêŠçùÛY'·wµ,ï_Ðª©)S>V +¼@È®©*ckß€È·Äw' !ßôCèBÛŒÓñ)|ÓÌR`d"¹nt®Ö¾-›Ò4¾Ìö BÙ`v0ÖÚïÒTªGôq*Ð÷]ÏC† Y§˜1û*ªÖáÎF½ß‹¦ ˜’üUo(íjÛ¤L'w4O¤—7QpóxÐëM”Qú±€)‘[)ÑîZ(ÐÌHq§¹b‘“´ãvçäë'¡öb@ž'úFïÙá|ÄØÏ×eœ¯Ëãk0æë— 17ï½_/r‘páÔ‰¶Jîè?Ý¬=6çìNÔŒ{ÂPÆ ‰æ˜¶ž‹è{AIf0"üNØF/ÇÂŒÙ!Ì¥] ÐY€õ–Tl…*<= F‚Å³æÕOä±e;ðÝZ¯¦9Ê”¡Y!bª„YKA¼½ãôJ!Z?œàÉM+)¬Ä,ÙJ¯3g©<5{Ù4® Ì`YÍhµGÈ¼fµ# }ÃUCSÈCÃ…« +À3ªÖŒ0á‚Ëé ÊEœO@L7Æ@´—!ÂOô §Ží’ ˜.Ö$ñrf‡"Û +Ì^0$ÆªŠS,Öðæ½¯_çÿ'4 +|b®<ÍV úýó-#|ä ë€¯]´ïü(ãžöö3>Ê°T”ãj°›'Ú3áG™=R½¸FBþ|“þ¬¤ìMlÇëŠÈãºªÀ¬NHwÏ“¶©'¼à &nÌÃ?aŠWO±ù° h(·UÚ ^R)ÐM ¶YŸhò?Ì®=õº8èC-fÖÒÝ¿ˆ®Ûáõ®pæ%3š»†éî—%¯•¹Hyg‚jzd;ÜV £¯–•?ê“ã¹Î£¢·ë†•ˆ$¯(NÒ5Ö +>L{#…‰]ùÆöSr·QéÆ«pÜà oð>ÿ#ÓJ‘nü"ý ØjcuâÑ#çS í/¡^^ª¼ÍÛ~àaL3ò‘áðÅ 1Žv¦þ°%aËVh* &!Z(£UQª-çÛBy$v–$¨éûª@ÇvŒ«œ$ˆ:ÔˆÓK0·zÉ×«*ÆcØ>óBùjmÙFk=nì,˜‹}í%Þ} @9¶Hü‡…¢¶ûØÁì{üqßû¦¼g.ç´¸\ò +wûîÓÕ;º±æ;xA¿›´)q·'cñøðròŠÏ?}ñ<_,G‹‹YØ§‹»ûpwö×Ùd4½ýendstream +endobj +1828 0 obj<>/XObject<<>>>>/Annots 1145 0 R>>endobj +1829 0 obj<>stream xWÛnÛF}÷WLõˆiQ’%9€Ñ:møÁ®k3 ŠºVäRbBî²\ÒŠþ¾gf©í^DY‘;÷3gF…4Àß¦CM(.ŽÁ€&ÓI0¤ñlŠóÿ*M©¼ÏNƒÙk/FãÙëÃpL^‘€Õ`Ð~<\ !ŽOñYP8ÁŠÿ–ÓãQ8 áD8bW N&Á´ýÆo?DG'Wc -CŠR„2™M)JDû€¢¸¿´®vÊs»¢4Ë‰hm›Šâ<Ó¦¦§>¸fntýŽtOoßF_¡ó.xÇ£0À1égÁ(8(Ò®¦3mgúxÈ¦û¡z©)¶E¡Lâo¶ö v¨qš¾¿§'üùpsýxùðÛåÃÓSt{¨²Ðï¶!·´MžÐ\SYÙ¢¬u"A(*•s+[%lÎpPíUÖ2 ãp„tÂ¡,*êµþ°_e®Y‹kâX;—6y¾îQ£Zè€nR2¶Þ*èþgr6W +CŠR„2™M)JDû€¢¸¿´®vÊs»¢4Ë‰hm›Šâ<Ó¦¦§>¸fntýŽtOoßF_¡ó.xÇ£0À1éÁ(8(Ò®¦3mgúxÈ¦û¡z©)¶E¡Lâo¶ö v¨qš¾¿§'üùpsýxùðÛåÃÓSt{¨²Ðï¶!·´MžÐ\SYÙ¢¬u"A(*•s+[%lÎpPíUÖ2 ãp„tÂ¡,*êµþ°_e®Y‹kâX;—6y¾îQ£Zè€nR2¶Þ*èþgr6W @Èe&¶U¥ã:_ãìj$ÊlÕ1+IvÅ<ˆIä*Ô7 óÐ'·zR%’*õI#‹P"HfÊ3£Ù,mµ±'Akv8ñ5º©ß8hr–Jë\6GÉë¥’pÈéê™Õ*ó¦&dîÙ~’TdTÛ–íÄ')Uõ¶Eì)Tq'‡«íE'l•H=Äiê‰Úsú„ß]Ü^öX;ËþQåŸP×™5dÓ]h+®©·“h±&ö¯cN²àJk’Ì,6Ú·À`LÔëR'RUþ–fÈ®D‘fß‘UÍÂI¤…Z(%;¸1‡R•%®tÌÚ’™{*²Åpãü°¬)V@»”@jÝ¶5@Ó&q¤M\Ö¿Q@xÉî.Õ³D|rµë öþþŽÎ;ÞËv´ÐgðøG aŠþK›(vSÊjš«ø@/[$í»„úÏ¤šó¬¢ÿ-óÜÚoMIÇ·]>F×¿|êò ÊàØ¾Þ QpqºÖ‹ÊBçœÙ£©À£*æjÓœèÏÀ„]9ô¹CÑr+@:à¦É[¸¹'€¼]0pùI¡\ö™WÐ‚ÿA±»Rþg/`“JËm }ž?uÞvúŒi Xp”*p8ÐüY¡B h3M--Ûö'ž¢_¾6àç¹æŽpLü^gµ&µP™‘^Èº©qu–ç¢èK9œ mâÊPË!$kö-à[‡aŠŒÂøŽ¤ºÝg¹W¡\V:ÕàR™{ujzNkíñÔgøbKù= `0J÷ÑÕŽ.PˆV'‡ÑÒJæŠ &s«¼š-^üŒfQkdb+uœ¥¸j/áOo0úQÂþ–Ûð ÔÓ¶4TíõLÇ®G(ÈÎ§n‰¹ƒq€ÉÜÔÎÕÌ<«úð@º˜Ù;¦sý¬sžFMÅw›ðÀÕ‚ˆð·Î~WKÛì³ñVê¼¥Ö½O½wý£ƒox¾•xÁß-!}¹‹¾Üªª›]Kø\p³aqè;,!HƒTýe6]\E—²ÿ 'H(c§)K[u¹€wÄ×<õ¥_¹ŒFîoÞ)<!VF¬€¼†ÆÛ•qÐ£XBêvÝ‡™’–Ã²Œ-âƒlÇ€ØOôÊ ·K¤(¤ÜÒ\rj`…ë÷œÉRÏÍí–‚>çþIÓ,ÎpÕwi«ŸýØ#±†‰8ôÆK´3 7öOòØj…<+Þ¡ `«9½jÆÛ’©¾4sW¯>oÿfv©¹E¡†ã÷ªVzŽæZ@MËº.ßŸœl½ð§6€Í -xÁÛÇ>gûm2±±4k~–*1â¡ø_üæÕ œà‡ÏlD“ÁÐ×ðñâöÃÝWö+/…mÜøå xbÉãÀñtpöúÏ„ñdLN‡ª‹ë,výzô7Q;endstream -endobj -1820 0 obj<>endobj -1821 0 obj<>endobj -1822 0 obj<>endobj -1823 0 obj<>endobj -1824 0 obj<>endobj -1825 0 obj<>endobj -1826 0 obj<>endobj -1827 0 obj<>endobj -1828 0 obj<>endobj -1829 0 obj<>endobj -1830 0 obj<>endobj -1831 0 obj<>endobj -1832 0 obj<>endobj -1833 0 obj<>endobj -1834 0 obj<>endobj -1835 0 obj<>endobj -1836 0 obj<>endobj -1837 0 obj<>endobj -1838 0 obj<>endobj -1839 0 obj<>endobj -1840 0 obj<>endobj -1841 0 obj<>endobj -1842 0 obj<>endobj -1843 0 obj<>endobj -1844 0 obj<>endobj -1845 0 obj<>endobj -1846 0 obj<>endobj -1847 0 obj<>endobj -1848 0 obj<>endobj -1849 0 obj<>endobj -1850 0 obj<>endobj -1851 0 obj<>endobj -1852 0 obj<>endobj -1853 0 obj<>endobj -1854 0 obj<>endobj -1855 0 obj<>endobj -1856 0 obj<>endobj -1857 0 obj<>endobj -1858 0 obj<>endobj -1859 0 obj<>endobj -1860 0 obj<>endobj -1861 0 obj<>endobj -1862 0 obj<>endobj -1863 0 obj<>endobj -1864 0 obj<>endobj -1865 0 obj<>endobj -1866 0 obj<>endobj -1867 0 obj<>endobj -1868 0 obj<>endobj -1869 0 obj<>endobj -1870 0 obj<>endobj -1871 0 obj<>endobj -1872 0 obj<>endobj -1873 0 obj<>endobj -1874 0 obj<>endobj -1875 0 obj<>endobj -1876 0 obj<>endobj -1877 0 obj<>endobj -1878 0 obj<>endobj -1879 0 obj<>endobj -1880 0 obj<>endobj -1881 0 obj<>endobj -1882 0 obj<>endobj -1883 0 obj<>endobj -1884 0 obj<>endobj -1885 0 obj<>endobj -1886 0 obj<>endobj -1887 0 obj<>endobj -1888 0 obj<>endobj -1889 0 obj<>endobj -1890 0 obj<>endobj -1891 0 obj<>endobj -1892 0 obj<>endobj -1893 0 obj<>endobj -1894 0 obj<>endobj -1895 0 obj<>endobj -1896 0 obj<>endobj -1897 0 obj<>endobj -1898 0 obj<>endobj -1899 0 obj<>endobj -1900 0 obj<>endobj -1901 0 obj<>endobj -1902 0 obj<>endobj -1903 0 obj<>endobj -1904 0 obj<>endobj -1905 0 obj<>endobj -1906 0 obj<>endobj -1907 0 obj<>endobj -1908 0 obj<>endobj -1909 0 obj<>endobj -1910 0 obj<>endobj -1911 0 obj<>endobj -1912 0 obj<>endobj -1913 0 obj<>endobj -1914 0 obj<>endobj -1915 0 obj<>endobj -1916 0 obj<>endobj -1917 0 obj<>endobj -1918 0 obj<>endobj -1919 0 obj<>endobj -1920 0 obj<>endobj -1921 0 obj<>endobj -1922 0 obj<>endobj -1923 0 obj<>endobj -1924 0 obj<>endobj -1925 0 obj<>endobj -1926 0 obj<>endobj -1927 0 obj<>endobj -1928 0 obj<>endobj -1929 0 obj<>endobj -1930 0 obj<>endobj -1931 0 obj<>endobj -1932 0 obj<>endobj -1933 0 obj<>endobj -1934 0 obj<>endobj -1935 0 obj<>endobj -1936 0 obj<>endobj -1937 0 obj<>endobj -1938 0 obj<>endobj -1939 0 obj<>endobj -1940 0 obj<>endobj -1941 0 obj<>endobj -1942 0 obj<>endobj -1943 0 obj<>endobj -1944 0 obj<>endobj -1945 0 obj<>endobj -1946 0 obj<>endobj -1947 0 obj<>endobj -1948 0 obj<>endobj -1949 0 obj<>endobj -1950 0 obj<>endobj -1951 0 obj<>endobj -1952 0 obj<>endobj -1953 0 obj<>endobj -1954 0 obj<>endobj -1955 0 obj<>endobj -1956 0 obj<>endobj -1957 0 obj<>endobj -1958 0 obj<>endobj -1959 0 obj<>endobj -1960 0 obj<>endobj -1961 0 obj<>endobj -1962 0 obj<>endobj -1963 0 obj<>endobj -1964 0 obj<>endobj -1965 0 obj<>endobj -1966 0 obj<>endobj -1967 0 obj<>endobj -1968 0 obj<>endobj -1969 0 obj<>endobj -1970 0 obj<>endobj -1971 0 obj<>endobj -1972 0 obj<>endobj -1973 0 obj<>endobj -1974 0 obj<>endobj -1975 0 obj<>endobj -1976 0 obj<>endobj -1977 0 obj<>endobj -1978 0 obj<>endobj -1979 0 obj<>endobj -1980 0 obj<>endobj -1981 0 obj<>endobj -1982 0 obj<>endobj -1983 0 obj<>endobj -1984 0 obj<>endobj -1985 0 obj<>endobj -1986 0 obj<>endobj -1987 0 obj<>endobj -1988 0 obj<>endobj -1989 0 obj<>endobj -1990 0 obj<>endobj -1991 0 obj<>endobj -1992 0 obj<>endobj -1993 0 obj<>endobj -1994 0 obj<>endobj -1995 0 obj<>endobj -1996 0 obj<>endobj -1997 0 obj<>endobj -1998 0 obj<>endobj -1999 0 obj<>endobj -2000 0 obj<>endobj -2001 0 obj<>endobj -2002 0 obj<>endobj -2003 0 obj<>endobj -2004 0 obj<>endobj -2005 0 obj<>endobj -2006 0 obj<>endobj -2007 0 obj<>endobj -2008 0 obj<>endobj -2009 0 obj<>endobj -2010 0 obj<>endobj -2011 0 obj<>endobj -2012 0 obj<>endobj -2013 0 obj<>endobj -2014 0 obj<>endobj -2015 0 obj<>endobj -2016 0 obj<>endobj -2017 0 obj<>endobj -2018 0 obj<>endobj -2019 0 obj<>endobj -2020 0 obj<>endobj -2021 0 obj<>endobj -2022 0 obj<>endobj -2023 0 obj<>endobj -2024 0 obj<>endobj -2025 0 obj<>endobj -2026 0 obj<>endobj -2027 0 obj<>endobj -2028 0 obj<>endobj -2029 0 obj<>endobj -2030 0 obj<>endobj -2031 0 obj<>endobj -2032 0 obj<>endobj -2033 0 obj<>endobj -2034 0 obj<>endobj -2035 0 obj<>endobj -2036 0 obj<>endobj -2037 0 obj<>endobj -2038 0 obj<>endobj -2039 0 obj<>endobj -2040 0 obj<>endobj -2041 0 obj<>endobj -2042 0 obj<>endobj -2043 0 obj<>endobj -2044 0 obj<>endobj -2045 0 obj<>endobj -2046 0 obj<>endobj -2047 0 obj<>endobj -2048 0 obj<>endobj -2049 0 obj<>endobj -2050 0 obj<>endobj -2051 0 obj<>endobj -2052 0 obj<>endobj -2053 0 obj<>endobj -2054 0 obj<>endobj -2055 0 obj<>endobj -2056 0 obj<>endobj -2057 0 obj<>endobj -2058 0 obj<>endobj -2059 0 obj<>endobj -2060 0 obj<>endobj -2061 0 obj<>endobj -2062 0 obj<>endobj -2063 0 obj<>endobj -2064 0 obj<>endobj -2065 0 obj<>endobj -2066 0 obj<>endobj -2067 0 obj<>endobj -2068 0 obj<>endobj -2069 0 obj<>endobj -2070 0 obj<>endobj -2071 0 obj<>endobj -2072 0 obj<>endobj -2073 0 obj<>endobj -2074 0 obj<>endobj -2075 0 obj<>endobj -2076 0 obj<>endobj -2077 0 obj<>endobj -2078 0 obj<>endobj -2079 0 obj<>endobj -2080 0 obj<>endobj -2081 0 obj<>endobj -2082 0 obj<>endobj -2083 0 obj<>endobj -2084 0 obj<>endobj -2085 0 obj<>endobj -2086 0 obj<>endobj -2087 0 obj<>endobj -2088 0 obj<>endobj -2089 0 obj<>endobj -2090 0 obj<>endobj -2091 0 obj<>endobj -2092 0 obj<>endobj -2093 0 obj<>endobj -2094 0 obj<>endobj -2095 0 obj<>endobj -2096 0 obj<>endobj -2097 0 obj<>endobj -2098 0 obj<>endobj -2099 0 obj<>endobj -2100 0 obj<>endobj -2101 0 obj<>endobj -2102 0 obj<>endobj -2103 0 obj<>endobj -2104 0 obj<>endobj -2105 0 obj<>endobj -2106 0 obj<>endobj -2107 0 obj<>endobj -2108 0 obj<>endobj -2109 0 obj<>endobj -2110 0 obj<>endobj -2111 0 obj<>endobj -2112 0 obj<>endobj -2113 0 obj<>endobj -2114 0 obj<>1<>8<>9<>13<>14<>16<>20<>25<>37<>38<>40<>42<>46<>57<>60<>62<>64<>65<>68<>76<>81<>82<>85<>96<>113<>126<>133<>142<>144<>147<>149<>150<>152<>156<>159<>163<>168<>170<>]>>>>endobj +xÁÛÇ>gûm2±±4k~–*1â¡ø_üæÕ œà‡ÏlD“ÁÐ×ðñâöÃÝWö+/…mÜøå xbÉãÀñtpöúÏ„ñdLN‡ª‹ë,výzô7‹:óendstream +endobj +1830 0 obj<>endobj +1831 0 obj<>endobj +1832 0 obj<>endobj +1833 0 obj<>endobj +1834 0 obj<>endobj +1835 0 obj<>endobj +1836 0 obj<>endobj +1837 0 obj<>endobj +1838 0 obj<>endobj +1839 0 obj<>endobj +1840 0 obj<>endobj +1841 0 obj<>endobj +1842 0 obj<>endobj +1843 0 obj<>endobj +1844 0 obj<>endobj +1845 0 obj<>endobj +1846 0 obj<>endobj +1847 0 obj<>endobj +1848 0 obj<>endobj +1849 0 obj<>endobj +1850 0 obj<>endobj +1851 0 obj<>endobj +1852 0 obj<>endobj +1853 0 obj<>endobj +1854 0 obj<>endobj +1855 0 obj<>endobj +1856 0 obj<>endobj +1857 0 obj<>endobj +1858 0 obj<>endobj +1859 0 obj<>endobj +1860 0 obj<>endobj +1861 0 obj<>endobj +1862 0 obj<>endobj +1863 0 obj<>endobj +1864 0 obj<>endobj +1865 0 obj<>endobj +1866 0 obj<>endobj +1867 0 obj<>endobj +1868 0 obj<>endobj +1869 0 obj<>endobj +1870 0 obj<>endobj +1871 0 obj<>endobj +1872 0 obj<>endobj +1873 0 obj<>endobj +1874 0 obj<>endobj +1875 0 obj<>endobj +1876 0 obj<>endobj +1877 0 obj<>endobj +1878 0 obj<>endobj +1879 0 obj<>endobj +1880 0 obj<>endobj +1881 0 obj<>endobj +1882 0 obj<>endobj +1883 0 obj<>endobj +1884 0 obj<>endobj +1885 0 obj<>endobj +1886 0 obj<>endobj +1887 0 obj<>endobj +1888 0 obj<>endobj +1889 0 obj<>endobj +1890 0 obj<>endobj +1891 0 obj<>endobj +1892 0 obj<>endobj +1893 0 obj<>endobj +1894 0 obj<>endobj +1895 0 obj<>endobj +1896 0 obj<>endobj +1897 0 obj<>endobj +1898 0 obj<>endobj +1899 0 obj<>endobj +1900 0 obj<>endobj +1901 0 obj<>endobj +1902 0 obj<>endobj +1903 0 obj<>endobj +1904 0 obj<>endobj +1905 0 obj<>endobj +1906 0 obj<>endobj +1907 0 obj<>endobj +1908 0 obj<>endobj +1909 0 obj<>endobj +1910 0 obj<>endobj +1911 0 obj<>endobj +1912 0 obj<>endobj +1913 0 obj<>endobj +1914 0 obj<>endobj +1915 0 obj<>endobj +1916 0 obj<>endobj +1917 0 obj<>endobj +1918 0 obj<>endobj +1919 0 obj<>endobj +1920 0 obj<>endobj +1921 0 obj<>endobj +1922 0 obj<>endobj +1923 0 obj<>endobj +1924 0 obj<>endobj +1925 0 obj<>endobj +1926 0 obj<>endobj +1927 0 obj<>endobj +1928 0 obj<>endobj +1929 0 obj<>endobj +1930 0 obj<>endobj +1931 0 obj<>endobj +1932 0 obj<>endobj +1933 0 obj<>endobj +1934 0 obj<>endobj +1935 0 obj<>endobj +1936 0 obj<>endobj +1937 0 obj<>endobj +1938 0 obj<>endobj +1939 0 obj<>endobj +1940 0 obj<>endobj +1941 0 obj<>endobj +1942 0 obj<>endobj +1943 0 obj<>endobj +1944 0 obj<>endobj +1945 0 obj<>endobj +1946 0 obj<>endobj +1947 0 obj<>endobj +1948 0 obj<>endobj +1949 0 obj<>endobj +1950 0 obj<>endobj +1951 0 obj<>endobj +1952 0 obj<>endobj +1953 0 obj<>endobj +1954 0 obj<>endobj +1955 0 obj<>endobj +1956 0 obj<>endobj +1957 0 obj<>endobj +1958 0 obj<>endobj +1959 0 obj<>endobj +1960 0 obj<>endobj +1961 0 obj<>endobj +1962 0 obj<>endobj +1963 0 obj<>endobj +1964 0 obj<>endobj +1965 0 obj<>endobj +1966 0 obj<>endobj +1967 0 obj<>endobj +1968 0 obj<>endobj +1969 0 obj<>endobj +1970 0 obj<>endobj +1971 0 obj<>endobj +1972 0 obj<>endobj +1973 0 obj<>endobj +1974 0 obj<>endobj +1975 0 obj<>endobj +1976 0 obj<>endobj +1977 0 obj<>endobj +1978 0 obj<>endobj +1979 0 obj<>endobj +1980 0 obj<>endobj +1981 0 obj<>endobj +1982 0 obj<>endobj +1983 0 obj<>endobj +1984 0 obj<>endobj +1985 0 obj<>endobj +1986 0 obj<>endobj +1987 0 obj<>endobj +1988 0 obj<>endobj +1989 0 obj<>endobj +1990 0 obj<>endobj +1991 0 obj<>endobj +1992 0 obj<>endobj +1993 0 obj<>endobj +1994 0 obj<>endobj +1995 0 obj<>endobj +1996 0 obj<>endobj +1997 0 obj<>endobj +1998 0 obj<>endobj +1999 0 obj<>endobj +2000 0 obj<>endobj +2001 0 obj<>endobj +2002 0 obj<>endobj +2003 0 obj<>endobj +2004 0 obj<>endobj +2005 0 obj<>endobj +2006 0 obj<>endobj +2007 0 obj<>endobj +2008 0 obj<>endobj +2009 0 obj<>endobj +2010 0 obj<>endobj +2011 0 obj<>endobj +2012 0 obj<>endobj +2013 0 obj<>endobj +2014 0 obj<>endobj +2015 0 obj<>endobj +2016 0 obj<>endobj +2017 0 obj<>endobj +2018 0 obj<>endobj +2019 0 obj<>endobj +2020 0 obj<>endobj +2021 0 obj<>endobj +2022 0 obj<>endobj +2023 0 obj<>endobj +2024 0 obj<>endobj +2025 0 obj<>endobj +2026 0 obj<>endobj +2027 0 obj<>endobj +2028 0 obj<>endobj +2029 0 obj<>endobj +2030 0 obj<>endobj +2031 0 obj<>endobj +2032 0 obj<>endobj +2033 0 obj<>endobj +2034 0 obj<>endobj +2035 0 obj<>endobj +2036 0 obj<>endobj +2037 0 obj<>endobj +2038 0 obj<>endobj +2039 0 obj<>endobj +2040 0 obj<>endobj +2041 0 obj<>endobj +2042 0 obj<>endobj +2043 0 obj<>endobj +2044 0 obj<>endobj +2045 0 obj<>endobj +2046 0 obj<>endobj +2047 0 obj<>endobj +2048 0 obj<>endobj +2049 0 obj<>endobj +2050 0 obj<>endobj +2051 0 obj<>endobj +2052 0 obj<>endobj +2053 0 obj<>endobj +2054 0 obj<>endobj +2055 0 obj<>endobj +2056 0 obj<>endobj +2057 0 obj<>endobj +2058 0 obj<>endobj +2059 0 obj<>endobj +2060 0 obj<>endobj +2061 0 obj<>endobj +2062 0 obj<>endobj +2063 0 obj<>endobj +2064 0 obj<>endobj +2065 0 obj<>endobj +2066 0 obj<>endobj +2067 0 obj<>endobj +2068 0 obj<>endobj +2069 0 obj<>endobj +2070 0 obj<>endobj +2071 0 obj<>endobj +2072 0 obj<>endobj +2073 0 obj<>endobj +2074 0 obj<>endobj +2075 0 obj<>endobj +2076 0 obj<>endobj +2077 0 obj<>endobj +2078 0 obj<>endobj +2079 0 obj<>endobj +2080 0 obj<>endobj +2081 0 obj<>endobj +2082 0 obj<>endobj +2083 0 obj<>endobj +2084 0 obj<>endobj +2085 0 obj<>endobj +2086 0 obj<>endobj +2087 0 obj<>endobj +2088 0 obj<>endobj +2089 0 obj<>endobj +2090 0 obj<>endobj +2091 0 obj<>endobj +2092 0 obj<>endobj +2093 0 obj<>endobj +2094 0 obj<>endobj +2095 0 obj<>endobj +2096 0 obj<>endobj +2097 0 obj<>endobj +2098 0 obj<>endobj +2099 0 obj<>endobj +2100 0 obj<>endobj +2101 0 obj<>endobj +2102 0 obj<>endobj +2103 0 obj<>endobj +2104 0 obj<>endobj +2105 0 obj<>endobj +2106 0 obj<>endobj +2107 0 obj<>endobj +2108 0 obj<>endobj +2109 0 obj<>endobj +2110 0 obj<>endobj +2111 0 obj<>endobj +2112 0 obj<>endobj +2113 0 obj<>endobj +2114 0 obj<>endobj +2115 0 obj<>endobj +2116 0 obj<>endobj +2117 0 obj<>endobj +2118 0 obj<>endobj +2119 0 obj<>endobj +2120 0 obj<>endobj +2121 0 obj<>endobj +2122 0 obj<>endobj +2123 0 obj<>endobj +2124 0 obj<>endobj +2125 0 obj<>endobj +2126 0 obj<>1<>8<>9<>13<>14<>15<>19<>24<>35<>36<>38<>40<>44<>55<>58<>60<>62<>63<>66<>67<>72<>73<>76<>87<>104<>117<>120<>126<>133<>142<>144<>147<>149<>150<>152<>156<>159<>163<>168<>170<>]>>>>endobj xref -0 2115 +0 2127 0000000000 65535 f 0000000015 00000 n 0000000247 00000 n @@ -4652,23 +4653,23 @@ xref 0000009060 00000 n 0000009163 00000 n 0000009266 00000 n -0000009369 00000 n -0000009472 00000 n -0000009575 00000 n -0000009677 00000 n -0000009779 00000 n +0000009368 00000 n +0000009470 00000 n +0000009572 00000 n +0000009675 00000 n +0000009778 00000 n 0000009881 00000 n 0000009984 00000 n -0000010087 00000 n -0000010190 00000 n -0000010293 00000 n +0000010086 00000 n +0000010189 00000 n +0000010292 00000 n 0000010395 00000 n 0000010498 00000 n 0000010601 00000 n 0000010704 00000 n -0000010807 00000 n -0000010910 00000 n -0000011013 00000 n +0000010806 00000 n +0000010909 00000 n +0000011012 00000 n 0000011115 00000 n 0000011218 00000 n 0000011321 00000 n @@ -4678,9 +4679,9 @@ xref 0000011733 00000 n 0000011836 00000 n 0000011939 00000 n -0000012042 00000 n -0000012145 00000 n -0000012248 00000 n +0000012041 00000 n +0000012144 00000 n +0000012247 00000 n 0000012350 00000 n 0000012453 00000 n 0000012556 00000 n @@ -4690,2017 +4691,2029 @@ xref 0000013175 00000 n 0000013278 00000 n 0000013382 00000 n -0000013486 00000 n -0000013590 00000 n -0000013694 00000 n +0000013485 00000 n +0000013589 00000 n +0000013693 00000 n 0000013797 00000 n 0000013901 00000 n 0000014005 00000 n 0000014109 00000 n 0000014213 00000 n -0000014317 00000 n -0000014421 00000 n -0000014525 00000 n -0000014628 00000 n -0000014732 00000 n -0000014836 00000 n -0000014939 00000 n -0000015042 00000 n -0000015145 00000 n -0000015249 00000 n -0000015353 00000 n -0000015457 00000 n -0000015561 00000 n -0000015665 00000 n -0000015769 00000 n -0000015873 00000 n -0000015977 00000 n -0000016081 00000 n -0000016185 00000 n -0000016289 00000 n -0000016393 00000 n -0000016496 00000 n -0000016600 00000 n -0000016704 00000 n -0000016808 00000 n -0000016912 00000 n -0000017016 00000 n -0000017120 00000 n -0000017224 00000 n -0000017327 00000 n -0000017429 00000 n -0000017774 00000 n -0000017877 00000 n -0000017980 00000 n -0000018084 00000 n -0000018188 00000 n -0000018292 00000 n -0000018395 00000 n -0000018499 00000 n -0000018603 00000 n -0000018707 00000 n -0000018811 00000 n -0000018915 00000 n -0000019019 00000 n -0000019123 00000 n -0000019227 00000 n -0000019331 00000 n -0000019435 00000 n -0000019539 00000 n -0000019643 00000 n -0000019747 00000 n -0000019851 00000 n -0000019955 00000 n -0000020059 00000 n -0000020163 00000 n -0000020267 00000 n -0000020371 00000 n -0000020475 00000 n -0000020579 00000 n -0000020683 00000 n -0000020786 00000 n -0000020890 00000 n -0000020994 00000 n -0000021098 00000 n -0000021202 00000 n -0000021306 00000 n -0000021410 00000 n -0000021514 00000 n -0000021618 00000 n -0000021721 00000 n -0000021825 00000 n -0000021929 00000 n -0000022033 00000 n -0000022136 00000 n -0000022238 00000 n -0000022340 00000 n -0000022709 00000 n -0000022812 00000 n -0000022916 00000 n -0000023020 00000 n -0000023124 00000 n -0000023228 00000 n -0000023332 00000 n -0000023436 00000 n -0000023540 00000 n -0000023644 00000 n -0000023748 00000 n -0000023852 00000 n -0000023956 00000 n -0000024059 00000 n -0000024163 00000 n -0000024267 00000 n -0000024371 00000 n -0000024475 00000 n -0000024579 00000 n -0000024683 00000 n -0000024787 00000 n -0000024891 00000 n -0000024995 00000 n -0000025099 00000 n -0000025203 00000 n -0000025306 00000 n -0000025410 00000 n -0000025514 00000 n -0000025618 00000 n -0000025722 00000 n -0000025826 00000 n -0000025930 00000 n -0000026034 00000 n -0000026138 00000 n -0000026242 00000 n -0000026346 00000 n -0000026450 00000 n -0000026554 00000 n -0000026657 00000 n -0000026761 00000 n -0000026865 00000 n -0000026968 00000 n -0000027071 00000 n -0000027173 00000 n -0000027275 00000 n -0000027644 00000 n -0000027747 00000 n -0000027851 00000 n -0000027955 00000 n -0000028059 00000 n -0000028163 00000 n -0000028267 00000 n -0000028370 00000 n -0000028474 00000 n -0000028578 00000 n -0000028682 00000 n -0000028786 00000 n -0000028890 00000 n -0000028994 00000 n -0000029097 00000 n -0000029201 00000 n -0000029305 00000 n -0000029408 00000 n -0000029511 00000 n -0000029615 00000 n -0000029719 00000 n -0000029823 00000 n -0000029927 00000 n -0000030031 00000 n -0000030135 00000 n -0000030239 00000 n -0000030343 00000 n -0000030447 00000 n -0000030551 00000 n -0000030654 00000 n -0000030758 00000 n -0000030862 00000 n -0000030966 00000 n -0000031070 00000 n -0000031174 00000 n -0000031278 00000 n -0000031381 00000 n -0000031485 00000 n -0000031589 00000 n -0000031693 00000 n -0000031796 00000 n -0000031898 00000 n -0000032000 00000 n -0000032353 00000 n -0000032456 00000 n -0000032560 00000 n -0000032664 00000 n -0000032768 00000 n -0000032872 00000 n -0000032976 00000 n -0000033080 00000 n -0000033184 00000 n -0000033288 00000 n -0000033391 00000 n -0000033495 00000 n -0000033599 00000 n -0000033703 00000 n -0000033807 00000 n -0000033911 00000 n -0000034015 00000 n -0000034119 00000 n -0000034223 00000 n -0000034327 00000 n -0000034430 00000 n -0000034534 00000 n -0000034638 00000 n -0000034742 00000 n -0000034846 00000 n -0000034950 00000 n -0000035054 00000 n -0000035157 00000 n -0000035261 00000 n -0000035365 00000 n -0000035469 00000 n -0000035573 00000 n -0000035677 00000 n -0000035781 00000 n -0000035885 00000 n -0000035989 00000 n -0000036093 00000 n -0000036197 00000 n -0000036301 00000 n -0000036405 00000 n -0000036509 00000 n -0000036613 00000 n -0000036717 00000 n -0000037070 00000 n -0000037123 00000 n -0000037210 00000 n -0000037264 00000 n -0000037350 00000 n -0000037405 00000 n -0000037492 00000 n -0000037559 00000 n -0000037645 00000 n -0000037748 00000 n -0000037852 00000 n -0000037956 00000 n -0000038060 00000 n -0000038164 00000 n -0000038268 00000 n -0000038372 00000 n -0000038476 00000 n -0000038580 00000 n -0000038684 00000 n -0000038788 00000 n -0000038892 00000 n -0000038996 00000 n -0000039100 00000 n -0000039204 00000 n -0000039308 00000 n -0000039412 00000 n -0000039516 00000 n -0000039620 00000 n -0000039724 00000 n -0000039828 00000 n -0000039932 00000 n -0000040036 00000 n -0000040140 00000 n -0000040244 00000 n -0000040348 00000 n -0000040451 00000 n -0000040555 00000 n -0000040659 00000 n -0000040763 00000 n -0000040867 00000 n -0000040970 00000 n -0000041072 00000 n -0000041174 00000 n -0000041495 00000 n -0000041599 00000 n -0000041703 00000 n -0000041807 00000 n -0000041911 00000 n -0000042015 00000 n -0000042119 00000 n -0000042223 00000 n -0000042327 00000 n -0000042431 00000 n -0000042535 00000 n -0000042639 00000 n -0000042743 00000 n -0000042847 00000 n -0000042951 00000 n -0000043055 00000 n -0000043159 00000 n -0000043263 00000 n -0000043367 00000 n -0000043471 00000 n -0000043575 00000 n -0000043679 00000 n -0000043783 00000 n -0000043887 00000 n -0000043991 00000 n -0000044095 00000 n -0000044197 00000 n -0000044301 00000 n -0000044405 00000 n -0000044509 00000 n -0000044613 00000 n -0000044717 00000 n -0000044821 00000 n -0000044925 00000 n -0000045029 00000 n -0000045133 00000 n -0000045237 00000 n -0000045341 00000 n -0000045445 00000 n -0000045549 00000 n -0000045653 00000 n -0000045757 00000 n -0000045861 00000 n -0000045965 00000 n -0000046069 00000 n -0000046173 00000 n -0000046277 00000 n -0000046381 00000 n -0000046485 00000 n -0000046589 00000 n -0000046693 00000 n -0000046796 00000 n -0000046898 00000 n -0000047000 00000 n -0000047441 00000 n -0000047545 00000 n -0000047649 00000 n -0000047753 00000 n -0000047857 00000 n -0000047961 00000 n -0000048065 00000 n -0000048169 00000 n -0000048273 00000 n -0000048377 00000 n -0000048481 00000 n -0000048585 00000 n -0000048689 00000 n -0000048793 00000 n -0000048897 00000 n -0000049001 00000 n -0000049105 00000 n -0000049209 00000 n -0000049313 00000 n -0000049417 00000 n -0000049521 00000 n -0000049625 00000 n -0000049729 00000 n -0000049833 00000 n -0000049937 00000 n -0000050041 00000 n -0000050145 00000 n -0000050249 00000 n -0000050353 00000 n -0000050457 00000 n -0000050561 00000 n -0000050665 00000 n -0000050769 00000 n -0000050873 00000 n -0000050977 00000 n -0000051081 00000 n -0000051185 00000 n -0000051289 00000 n -0000051393 00000 n -0000051497 00000 n -0000051601 00000 n -0000051705 00000 n -0000051808 00000 n -0000051912 00000 n -0000052016 00000 n -0000052120 00000 n -0000052224 00000 n -0000052328 00000 n -0000052432 00000 n -0000052535 00000 n -0000052637 00000 n -0000052739 00000 n -0000053164 00000 n -0000053268 00000 n -0000053372 00000 n -0000053476 00000 n -0000053580 00000 n -0000053684 00000 n -0000053788 00000 n -0000053892 00000 n -0000053996 00000 n -0000054100 00000 n -0000054204 00000 n -0000054308 00000 n -0000054412 00000 n -0000054516 00000 n -0000054620 00000 n -0000054724 00000 n -0000054828 00000 n -0000054932 00000 n -0000055036 00000 n -0000055140 00000 n -0000055244 00000 n -0000055348 00000 n -0000055452 00000 n -0000055556 00000 n -0000055660 00000 n -0000055764 00000 n -0000055868 00000 n -0000055972 00000 n -0000056076 00000 n -0000056180 00000 n -0000056284 00000 n -0000056388 00000 n -0000056653 00000 n -0000056756 00000 n -0000056860 00000 n -0000056964 00000 n -0000057068 00000 n -0000057172 00000 n -0000057276 00000 n -0000057380 00000 n -0000057484 00000 n -0000057588 00000 n -0000057692 00000 n -0000057796 00000 n -0000057899 00000 n -0000058003 00000 n -0000058107 00000 n -0000058211 00000 n -0000058315 00000 n -0000058419 00000 n -0000058523 00000 n -0000058627 00000 n -0000058730 00000 n -0000058834 00000 n -0000058938 00000 n -0000059042 00000 n -0000059146 00000 n -0000059250 00000 n -0000059354 00000 n -0000059458 00000 n -0000059562 00000 n -0000059666 00000 n -0000059770 00000 n -0000059874 00000 n -0000059978 00000 n -0000060082 00000 n -0000060186 00000 n -0000060290 00000 n -0000060394 00000 n -0000060498 00000 n -0000060602 00000 n -0000060706 00000 n -0000060810 00000 n -0000060914 00000 n -0000061017 00000 n -0000061119 00000 n -0000061221 00000 n -0000061590 00000 n -0000061694 00000 n -0000061798 00000 n -0000061831 00000 n -0000061880 00000 n -0000061967 00000 n -0000061992 00000 n -0000062048 00000 n -0000062135 00000 n -0000062204 00000 n -0000062291 00000 n -0000062342 00000 n -0000062429 00000 n -0000062514 00000 n -0000062601 00000 n -0000062657 00000 n -0000062744 00000 n -0000062794 00000 n -0000062881 00000 n -0000062933 00000 n -0000063019 00000 n -0000063092 00000 n -0000063148 00000 n -0000063235 00000 n -0000063283 00000 n -0000063369 00000 n -0000063417 00000 n -0000063504 00000 n -0000063545 00000 n -0000063586 00000 n -0000063673 00000 n -0000063717 00000 n -0000063804 00000 n -0000063849 00000 n -0000063936 00000 n -0000063980 00000 n -0000064067 00000 n -0000064111 00000 n -0000064198 00000 n -0000064240 00000 n -0000064327 00000 n -0000064375 00000 n -0000064462 00000 n -0000064535 00000 n -0000064583 00000 n -0000064668 00000 n -0000064693 00000 n -0000064746 00000 n -0000064830 00000 n -0000064855 00000 n -0000064958 00000 n -0000065062 00000 n -0000065166 00000 n -0000065270 00000 n -0000065374 00000 n -0000065477 00000 n -0000065581 00000 n -0000065685 00000 n -0000065789 00000 n -0000065893 00000 n -0000065997 00000 n -0000066101 00000 n -0000066204 00000 n -0000066308 00000 n -0000066412 00000 n -0000066516 00000 n -0000066620 00000 n -0000066724 00000 n -0000066828 00000 n -0000066932 00000 n -0000067036 00000 n -0000067140 00000 n -0000067244 00000 n -0000067348 00000 n -0000067451 00000 n -0000067555 00000 n -0000067659 00000 n -0000067763 00000 n -0000067867 00000 n -0000067971 00000 n -0000068075 00000 n -0000068179 00000 n -0000068283 00000 n -0000068387 00000 n -0000068490 00000 n -0000068594 00000 n -0000068698 00000 n -0000068802 00000 n -0000068906 00000 n -0000069010 00000 n -0000069114 00000 n -0000069218 00000 n -0000069322 00000 n -0000069425 00000 n -0000069526 00000 n -0000069628 00000 n -0000070013 00000 n -0000070117 00000 n -0000070142 00000 n -0000070189 00000 n -0000070275 00000 n -0000070322 00000 n -0000070408 00000 n -0000070441 00000 n -0000070486 00000 n -0000070573 00000 n -0000070618 00000 n -0000070704 00000 n -0000070737 00000 n -0000070785 00000 n -0000070872 00000 n -0000070897 00000 n -0000070945 00000 n -0000071032 00000 n -0000071077 00000 n -0000071163 00000 n -0000071206 00000 n -0000071292 00000 n -0000071333 00000 n -0000071419 00000 n -0000071468 00000 n -0000071554 00000 n -0000071600 00000 n -0000071686 00000 n -0000071731 00000 n -0000071817 00000 n -0000071869 00000 n -0000071955 00000 n -0000072005 00000 n -0000072091 00000 n -0000072137 00000 n -0000072223 00000 n -0000072266 00000 n -0000072352 00000 n -0000072396 00000 n -0000072482 00000 n -0000072525 00000 n -0000072611 00000 n -0000072656 00000 n -0000072742 00000 n -0000072780 00000 n -0000072866 00000 n -0000072908 00000 n -0000072994 00000 n -0000073037 00000 n -0000073123 00000 n -0000073161 00000 n -0000073247 00000 n -0000073289 00000 n -0000073375 00000 n -0000073419 00000 n -0000073505 00000 n -0000073552 00000 n -0000073638 00000 n -0000073686 00000 n -0000073771 00000 n -0000073964 00000 n -0000074013 00000 n -0000074099 00000 n -0000074124 00000 n -0000074171 00000 n -0000074258 00000 n -0000074283 00000 n -0000074338 00000 n -0000074425 00000 n -0000074481 00000 n -0000074568 00000 n -0000074601 00000 n -0000074649 00000 n -0000074736 00000 n -0000074810 00000 n -0000074897 00000 n -0000074965 00000 n -0000075052 00000 n -0000075106 00000 n -0000075193 00000 n -0000075261 00000 n -0000075348 00000 n -0000075422 00000 n -0000075509 00000 n -0000075557 00000 n -0000075644 00000 n -0000075701 00000 n -0000075788 00000 n -0000075869 00000 n -0000075924 00000 n -0000076011 00000 n -0000076092 00000 n -0000076179 00000 n -0000076212 00000 n -0000076265 00000 n -0000076352 00000 n -0000076377 00000 n -0000076425 00000 n -0000076512 00000 n -0000076554 00000 n -0000076641 00000 n -0000076684 00000 n -0000076771 00000 n -0000076821 00000 n -0000076908 00000 n -0000076956 00000 n -0000077043 00000 n -0000077100 00000 n -0000077143 00000 n -0000077230 00000 n -0000077284 00000 n -0000077371 00000 n -0000077416 00000 n -0000077503 00000 n -0000077560 00000 n -0000077646 00000 n -0000077742 00000 n -0000077827 00000 n -0000077884 00000 n -0000077987 00000 n -0000078091 00000 n -0000078195 00000 n -0000078299 00000 n -0000078403 00000 n -0000078507 00000 n -0000078611 00000 n -0000078715 00000 n -0000078819 00000 n -0000078923 00000 n -0000079027 00000 n -0000079131 00000 n -0000079235 00000 n -0000079338 00000 n -0000079442 00000 n -0000079546 00000 n -0000079650 00000 n -0000079754 00000 n -0000079858 00000 n -0000079962 00000 n -0000080066 00000 n -0000080170 00000 n -0000080274 00000 n -0000080377 00000 n -0000080480 00000 n -0000080584 00000 n -0000080688 00000 n -0000080792 00000 n -0000080895 00000 n -0000080999 00000 n -0000081103 00000 n -0000081207 00000 n -0000081311 00000 n -0000081415 00000 n -0000081519 00000 n -0000081623 00000 n -0000081727 00000 n -0000081831 00000 n -0000081935 00000 n -0000082039 00000 n -0000082143 00000 n -0000082246 00000 n -0000082348 00000 n -0000082450 00000 n -0000082819 00000 n -0000082923 00000 n -0000083027 00000 n -0000083131 00000 n -0000083235 00000 n -0000083339 00000 n -0000083443 00000 n -0000083547 00000 n -0000083650 00000 n -0000083754 00000 n -0000083858 00000 n -0000083962 00000 n -0000084066 00000 n -0000084170 00000 n -0000084274 00000 n -0000084378 00000 n -0000084482 00000 n -0000084585 00000 n -0000084689 00000 n -0000084793 00000 n -0000084897 00000 n -0000085001 00000 n -0000085105 00000 n -0000085209 00000 n -0000085313 00000 n -0000085417 00000 n -0000085521 00000 n -0000085625 00000 n -0000085729 00000 n -0000085833 00000 n -0000085937 00000 n -0000086041 00000 n -0000086145 00000 n -0000086249 00000 n -0000086353 00000 n -0000086456 00000 n -0000086560 00000 n -0000086664 00000 n -0000086768 00000 n -0000086872 00000 n -0000086976 00000 n -0000087080 00000 n -0000087184 00000 n -0000087288 00000 n -0000087392 00000 n -0000087496 00000 n -0000087600 00000 n -0000087703 00000 n -0000087807 00000 n -0000087910 00000 n -0000088012 00000 n -0000088114 00000 n -0000088539 00000 n -0000088643 00000 n -0000088747 00000 n -0000088851 00000 n -0000088955 00000 n -0000089059 00000 n -0000089163 00000 n -0000089267 00000 n -0000089371 00000 n -0000089474 00000 n -0000089578 00000 n -0000089682 00000 n -0000089785 00000 n -0000089889 00000 n -0000089993 00000 n -0000090097 00000 n -0000090201 00000 n -0000090305 00000 n -0000090409 00000 n -0000090513 00000 n -0000090617 00000 n -0000090720 00000 n -0000090824 00000 n -0000090928 00000 n -0000091032 00000 n -0000091136 00000 n -0000091240 00000 n -0000091344 00000 n -0000091447 00000 n -0000091551 00000 n -0000091655 00000 n -0000091912 00000 n -0000092027 00000 n -0000092114 00000 n -0000092196 00000 n -0000092281 00000 n -0000092314 00000 n -0000092399 00000 n -0000092486 00000 n -0000092511 00000 n -0000092557 00000 n -0000092643 00000 n -0000092689 00000 n -0000092772 00000 n -0000092805 00000 n -0000092849 00000 n +0000014316 00000 n +0000014420 00000 n +0000014524 00000 n +0000014627 00000 n +0000014730 00000 n +0000014833 00000 n +0000014937 00000 n +0000015040 00000 n +0000015144 00000 n +0000015248 00000 n +0000015352 00000 n +0000015456 00000 n +0000015560 00000 n +0000015664 00000 n +0000015768 00000 n +0000015872 00000 n +0000015976 00000 n +0000016079 00000 n +0000016182 00000 n +0000016286 00000 n +0000016390 00000 n +0000016494 00000 n +0000016597 00000 n +0000016701 00000 n +0000016805 00000 n +0000016909 00000 n +0000017012 00000 n +0000017114 00000 n +0000017216 00000 n +0000017545 00000 n +0000017648 00000 n +0000017752 00000 n +0000017856 00000 n +0000017960 00000 n +0000018064 00000 n +0000018168 00000 n +0000018272 00000 n +0000018376 00000 n +0000018480 00000 n +0000018584 00000 n +0000018688 00000 n +0000018792 00000 n +0000018896 00000 n +0000019000 00000 n +0000019104 00000 n +0000019208 00000 n +0000019312 00000 n +0000019415 00000 n +0000019519 00000 n +0000019623 00000 n +0000019727 00000 n +0000019831 00000 n +0000019935 00000 n +0000020039 00000 n +0000020143 00000 n +0000020247 00000 n +0000020350 00000 n +0000020454 00000 n +0000020558 00000 n +0000020662 00000 n +0000020766 00000 n +0000020870 00000 n +0000020974 00000 n +0000021078 00000 n +0000021182 00000 n +0000021286 00000 n +0000021390 00000 n +0000021494 00000 n +0000021598 00000 n +0000021702 00000 n +0000021806 00000 n +0000021910 00000 n +0000022014 00000 n +0000022117 00000 n +0000022486 00000 n +0000022589 00000 n +0000022693 00000 n +0000022797 00000 n +0000022901 00000 n +0000023005 00000 n +0000023108 00000 n +0000023212 00000 n +0000023316 00000 n +0000023420 00000 n +0000023524 00000 n +0000023628 00000 n +0000023732 00000 n +0000023836 00000 n +0000023940 00000 n +0000024044 00000 n +0000024148 00000 n +0000024251 00000 n +0000024355 00000 n +0000024459 00000 n +0000024563 00000 n +0000024667 00000 n +0000024771 00000 n +0000024875 00000 n +0000024979 00000 n +0000025083 00000 n +0000025187 00000 n +0000025291 00000 n +0000025395 00000 n +0000025498 00000 n +0000025602 00000 n +0000025706 00000 n +0000025810 00000 n +0000025914 00000 n +0000026018 00000 n +0000026122 00000 n +0000026226 00000 n +0000026330 00000 n +0000026434 00000 n +0000026538 00000 n +0000026642 00000 n +0000026746 00000 n +0000026848 00000 n +0000026950 00000 n +0000027052 00000 n +0000027421 00000 n +0000027524 00000 n +0000027628 00000 n +0000027732 00000 n +0000027836 00000 n +0000027940 00000 n +0000028044 00000 n +0000028148 00000 n +0000028252 00000 n +0000028356 00000 n +0000028459 00000 n +0000028563 00000 n +0000028667 00000 n +0000028771 00000 n +0000028875 00000 n +0000028979 00000 n +0000029083 00000 n +0000029186 00000 n +0000029290 00000 n +0000029394 00000 n +0000029497 00000 n +0000029600 00000 n +0000029704 00000 n +0000029808 00000 n +0000029912 00000 n +0000030016 00000 n +0000030120 00000 n +0000030224 00000 n +0000030328 00000 n +0000030432 00000 n +0000030536 00000 n +0000030640 00000 n +0000030743 00000 n +0000030847 00000 n +0000030951 00000 n +0000031055 00000 n +0000031159 00000 n +0000031263 00000 n +0000031367 00000 n +0000031470 00000 n +0000031573 00000 n +0000031675 00000 n +0000031777 00000 n +0000032130 00000 n +0000032233 00000 n +0000032337 00000 n +0000032441 00000 n +0000032545 00000 n +0000032649 00000 n +0000032753 00000 n +0000032857 00000 n +0000032961 00000 n +0000033065 00000 n +0000033169 00000 n +0000033273 00000 n +0000033377 00000 n +0000033480 00000 n +0000033584 00000 n +0000033688 00000 n +0000033792 00000 n +0000033896 00000 n +0000034000 00000 n +0000034104 00000 n +0000034208 00000 n +0000034312 00000 n +0000034416 00000 n +0000034519 00000 n +0000034623 00000 n +0000034727 00000 n +0000034831 00000 n +0000034935 00000 n +0000035039 00000 n +0000035143 00000 n +0000035246 00000 n +0000035350 00000 n +0000035454 00000 n +0000035558 00000 n +0000035662 00000 n +0000035766 00000 n +0000035870 00000 n +0000035974 00000 n +0000036078 00000 n +0000036182 00000 n +0000036286 00000 n +0000036390 00000 n +0000036494 00000 n +0000036597 00000 n +0000036699 00000 n +0000036801 00000 n +0000037178 00000 n +0000037231 00000 n +0000037318 00000 n +0000037372 00000 n +0000037458 00000 n +0000037513 00000 n +0000037600 00000 n +0000037667 00000 n +0000037753 00000 n +0000037856 00000 n +0000037960 00000 n +0000038064 00000 n +0000038168 00000 n +0000038272 00000 n +0000038376 00000 n +0000038480 00000 n +0000038584 00000 n +0000038688 00000 n +0000038792 00000 n +0000038896 00000 n +0000039000 00000 n +0000039104 00000 n +0000039208 00000 n +0000039312 00000 n +0000039416 00000 n +0000039520 00000 n +0000039624 00000 n +0000039728 00000 n +0000039832 00000 n +0000039936 00000 n +0000040040 00000 n +0000040144 00000 n +0000040248 00000 n +0000040352 00000 n +0000040456 00000 n +0000040558 00000 n +0000040662 00000 n +0000040766 00000 n +0000040870 00000 n +0000040974 00000 n +0000041077 00000 n +0000041179 00000 n +0000041281 00000 n +0000041602 00000 n +0000041706 00000 n +0000041810 00000 n +0000041914 00000 n +0000042018 00000 n +0000042122 00000 n +0000042226 00000 n +0000042330 00000 n +0000042434 00000 n +0000042538 00000 n +0000042642 00000 n +0000042746 00000 n +0000042850 00000 n +0000042954 00000 n +0000043058 00000 n +0000043162 00000 n +0000043266 00000 n +0000043370 00000 n +0000043474 00000 n +0000043578 00000 n +0000043682 00000 n +0000043786 00000 n +0000043890 00000 n +0000043994 00000 n +0000044098 00000 n +0000044202 00000 n +0000044304 00000 n +0000044408 00000 n +0000044512 00000 n +0000044616 00000 n +0000044720 00000 n +0000044824 00000 n +0000044928 00000 n +0000045032 00000 n +0000045136 00000 n +0000045240 00000 n +0000045344 00000 n +0000045448 00000 n +0000045552 00000 n +0000045656 00000 n +0000045760 00000 n +0000045864 00000 n +0000045968 00000 n +0000046072 00000 n +0000046176 00000 n +0000046280 00000 n +0000046384 00000 n +0000046488 00000 n +0000046592 00000 n +0000046696 00000 n +0000046800 00000 n +0000046903 00000 n +0000047005 00000 n +0000047107 00000 n +0000047548 00000 n +0000047652 00000 n +0000047756 00000 n +0000047860 00000 n +0000047964 00000 n +0000048068 00000 n +0000048172 00000 n +0000048276 00000 n +0000048380 00000 n +0000048484 00000 n +0000048588 00000 n +0000048692 00000 n +0000048796 00000 n +0000048900 00000 n +0000049004 00000 n +0000049108 00000 n +0000049212 00000 n +0000049316 00000 n +0000049420 00000 n +0000049524 00000 n +0000049628 00000 n +0000049732 00000 n +0000049836 00000 n +0000049940 00000 n +0000050044 00000 n +0000050148 00000 n +0000050252 00000 n +0000050356 00000 n +0000050460 00000 n +0000050564 00000 n +0000050668 00000 n +0000050772 00000 n +0000050876 00000 n +0000050980 00000 n +0000051084 00000 n +0000051188 00000 n +0000051292 00000 n +0000051396 00000 n +0000051500 00000 n +0000051604 00000 n +0000051708 00000 n +0000051812 00000 n +0000051916 00000 n +0000052020 00000 n +0000052124 00000 n +0000052227 00000 n +0000052331 00000 n +0000052435 00000 n +0000052539 00000 n +0000052642 00000 n +0000052744 00000 n +0000052846 00000 n +0000053271 00000 n +0000053375 00000 n +0000053479 00000 n +0000053583 00000 n +0000053687 00000 n +0000053791 00000 n +0000053895 00000 n +0000053999 00000 n +0000054103 00000 n +0000054207 00000 n +0000054311 00000 n +0000054415 00000 n +0000054519 00000 n +0000054623 00000 n +0000054727 00000 n +0000054831 00000 n +0000054935 00000 n +0000055039 00000 n +0000055143 00000 n +0000055247 00000 n +0000055351 00000 n +0000055455 00000 n +0000055559 00000 n +0000055663 00000 n +0000055767 00000 n +0000055871 00000 n +0000055975 00000 n +0000056079 00000 n +0000056183 00000 n +0000056287 00000 n +0000056391 00000 n +0000056495 00000 n +0000056599 00000 n +0000056703 00000 n +0000056807 00000 n +0000057096 00000 n +0000057199 00000 n +0000057303 00000 n +0000057407 00000 n +0000057511 00000 n +0000057615 00000 n +0000057719 00000 n +0000057823 00000 n +0000057927 00000 n +0000058031 00000 n +0000058135 00000 n +0000058239 00000 n +0000058342 00000 n +0000058446 00000 n +0000058550 00000 n +0000058654 00000 n +0000058758 00000 n +0000058862 00000 n +0000058966 00000 n +0000059070 00000 n +0000059173 00000 n +0000059277 00000 n +0000059381 00000 n +0000059485 00000 n +0000059589 00000 n +0000059693 00000 n +0000059797 00000 n +0000059901 00000 n +0000060005 00000 n +0000060109 00000 n +0000060213 00000 n +0000060317 00000 n +0000060421 00000 n +0000060525 00000 n +0000060629 00000 n +0000060733 00000 n +0000060837 00000 n +0000060941 00000 n +0000061045 00000 n +0000061149 00000 n +0000061253 00000 n +0000061357 00000 n +0000061460 00000 n +0000061562 00000 n +0000061923 00000 n +0000061972 00000 n +0000062059 00000 n +0000062084 00000 n +0000062140 00000 n +0000062227 00000 n +0000062296 00000 n +0000062383 00000 n +0000062434 00000 n +0000062521 00000 n +0000062606 00000 n +0000062693 00000 n +0000062749 00000 n +0000062836 00000 n +0000062886 00000 n +0000062973 00000 n +0000063025 00000 n +0000063111 00000 n +0000063184 00000 n +0000063240 00000 n +0000063327 00000 n +0000063375 00000 n +0000063461 00000 n +0000063509 00000 n +0000063596 00000 n +0000063637 00000 n +0000063678 00000 n +0000063765 00000 n +0000063809 00000 n +0000063896 00000 n +0000063941 00000 n +0000064028 00000 n +0000064072 00000 n +0000064159 00000 n +0000064203 00000 n +0000064290 00000 n +0000064332 00000 n +0000064419 00000 n +0000064467 00000 n +0000064554 00000 n +0000064627 00000 n +0000064675 00000 n +0000064760 00000 n +0000064785 00000 n +0000064838 00000 n +0000064922 00000 n +0000064947 00000 n +0000065050 00000 n +0000065154 00000 n +0000065258 00000 n +0000065362 00000 n +0000065466 00000 n +0000065569 00000 n +0000065673 00000 n +0000065777 00000 n +0000065881 00000 n +0000065985 00000 n +0000066089 00000 n +0000066193 00000 n +0000066296 00000 n +0000066400 00000 n +0000066504 00000 n +0000066608 00000 n +0000066712 00000 n +0000066816 00000 n +0000066920 00000 n +0000067024 00000 n +0000067128 00000 n +0000067232 00000 n +0000067336 00000 n +0000067440 00000 n +0000067543 00000 n +0000067647 00000 n +0000067751 00000 n +0000067855 00000 n +0000067959 00000 n +0000068063 00000 n +0000068167 00000 n +0000068271 00000 n +0000068375 00000 n +0000068479 00000 n +0000068582 00000 n +0000068686 00000 n +0000068790 00000 n +0000068894 00000 n +0000068998 00000 n +0000069102 00000 n +0000069206 00000 n +0000069310 00000 n +0000069414 00000 n +0000069517 00000 n +0000069618 00000 n +0000069720 00000 n +0000070105 00000 n +0000070209 00000 n +0000070234 00000 n +0000070281 00000 n +0000070367 00000 n +0000070414 00000 n +0000070500 00000 n +0000070533 00000 n +0000070578 00000 n +0000070665 00000 n +0000070710 00000 n +0000070796 00000 n +0000070829 00000 n +0000070877 00000 n +0000070964 00000 n +0000070989 00000 n +0000071037 00000 n +0000071124 00000 n +0000071169 00000 n +0000071255 00000 n +0000071298 00000 n +0000071384 00000 n +0000071425 00000 n +0000071511 00000 n +0000071560 00000 n +0000071646 00000 n +0000071692 00000 n +0000071778 00000 n +0000071823 00000 n +0000071909 00000 n +0000071961 00000 n +0000072047 00000 n +0000072097 00000 n +0000072183 00000 n +0000072229 00000 n +0000072315 00000 n +0000072358 00000 n +0000072444 00000 n +0000072488 00000 n +0000072574 00000 n +0000072617 00000 n +0000072703 00000 n +0000072748 00000 n +0000072834 00000 n +0000072872 00000 n +0000072958 00000 n +0000073000 00000 n +0000073086 00000 n +0000073129 00000 n +0000073215 00000 n +0000073253 00000 n +0000073339 00000 n +0000073381 00000 n +0000073467 00000 n +0000073511 00000 n +0000073597 00000 n +0000073644 00000 n +0000073730 00000 n +0000073778 00000 n +0000073863 00000 n +0000074056 00000 n +0000074105 00000 n +0000074191 00000 n +0000074216 00000 n +0000074263 00000 n +0000074350 00000 n +0000074375 00000 n +0000074430 00000 n +0000074517 00000 n +0000074573 00000 n +0000074660 00000 n +0000074693 00000 n +0000074741 00000 n +0000074828 00000 n +0000074902 00000 n +0000074989 00000 n +0000075057 00000 n +0000075144 00000 n +0000075198 00000 n +0000075285 00000 n +0000075353 00000 n +0000075440 00000 n +0000075514 00000 n +0000075601 00000 n +0000075649 00000 n +0000075736 00000 n +0000075793 00000 n +0000075880 00000 n +0000075961 00000 n +0000076016 00000 n +0000076103 00000 n +0000076184 00000 n +0000076271 00000 n +0000076304 00000 n +0000076357 00000 n +0000076444 00000 n +0000076469 00000 n +0000076517 00000 n +0000076604 00000 n +0000076646 00000 n +0000076733 00000 n +0000076776 00000 n +0000076863 00000 n +0000076913 00000 n +0000077000 00000 n +0000077048 00000 n +0000077135 00000 n +0000077192 00000 n +0000077235 00000 n +0000077322 00000 n +0000077376 00000 n +0000077463 00000 n +0000077508 00000 n +0000077595 00000 n +0000077652 00000 n +0000077738 00000 n +0000077834 00000 n +0000077919 00000 n +0000077976 00000 n +0000078079 00000 n +0000078183 00000 n +0000078286 00000 n +0000078390 00000 n +0000078494 00000 n +0000078598 00000 n +0000078702 00000 n +0000078806 00000 n +0000078910 00000 n +0000079014 00000 n +0000079118 00000 n +0000079222 00000 n +0000079325 00000 n +0000079428 00000 n +0000079532 00000 n +0000079636 00000 n +0000079740 00000 n +0000079843 00000 n +0000079947 00000 n +0000080051 00000 n +0000080155 00000 n +0000080259 00000 n +0000080363 00000 n +0000080467 00000 n +0000080571 00000 n +0000080675 00000 n +0000080779 00000 n +0000080883 00000 n +0000080987 00000 n +0000081091 00000 n +0000081195 00000 n +0000081299 00000 n +0000081403 00000 n +0000081507 00000 n +0000081611 00000 n +0000081715 00000 n +0000081819 00000 n +0000081923 00000 n +0000082027 00000 n +0000082131 00000 n +0000082234 00000 n +0000082337 00000 n +0000082439 00000 n +0000082541 00000 n +0000082910 00000 n +0000083014 00000 n +0000083118 00000 n +0000083222 00000 n +0000083326 00000 n +0000083430 00000 n +0000083533 00000 n +0000083637 00000 n +0000083741 00000 n +0000083845 00000 n +0000083949 00000 n +0000084053 00000 n +0000084157 00000 n +0000084261 00000 n +0000084365 00000 n +0000084469 00000 n +0000084573 00000 n +0000084677 00000 n +0000084781 00000 n +0000084885 00000 n +0000084989 00000 n +0000085093 00000 n +0000085197 00000 n +0000085301 00000 n +0000085404 00000 n +0000085508 00000 n +0000085612 00000 n +0000085716 00000 n +0000085820 00000 n +0000085923 00000 n +0000086027 00000 n +0000086131 00000 n +0000086235 00000 n +0000086339 00000 n +0000086443 00000 n +0000086547 00000 n +0000086651 00000 n +0000086755 00000 n +0000086859 00000 n +0000086963 00000 n +0000087066 00000 n +0000087170 00000 n +0000087274 00000 n +0000087378 00000 n +0000087482 00000 n +0000087586 00000 n +0000087690 00000 n +0000087794 00000 n +0000087898 00000 n +0000088001 00000 n +0000088103 00000 n +0000088205 00000 n +0000088630 00000 n +0000088733 00000 n +0000088837 00000 n +0000088941 00000 n +0000089045 00000 n +0000089149 00000 n +0000089253 00000 n +0000089357 00000 n +0000089461 00000 n +0000089565 00000 n +0000089669 00000 n +0000089773 00000 n +0000089877 00000 n +0000089981 00000 n +0000090084 00000 n +0000090188 00000 n +0000090292 00000 n +0000090395 00000 n +0000090499 00000 n +0000090603 00000 n +0000090707 00000 n +0000090811 00000 n +0000090915 00000 n +0000091019 00000 n +0000091123 00000 n +0000091227 00000 n +0000091330 00000 n +0000091434 00000 n +0000091538 00000 n +0000091642 00000 n +0000091746 00000 n +0000091850 00000 n +0000091954 00000 n +0000092057 00000 n +0000092161 00000 n +0000092265 00000 n +0000092562 00000 n +0000092644 00000 n +0000092731 00000 n +0000092816 00000 n +0000092903 00000 n 0000092936 00000 n -0000092987 00000 n -0000093074 00000 n -0000093123 00000 n -0000093210 00000 n -0000093258 00000 n -0000093344 00000 n -0000093393 00000 n -0000093446 00000 n -0000093533 00000 n -0000093583 00000 n -0000093670 00000 n -0000093703 00000 n -0000093766 00000 n -0000093853 00000 n -0000093911 00000 n -0000093998 00000 n -0000094092 00000 n -0000094178 00000 n -0000094219 00000 n -0000094262 00000 n -0000094348 00000 n -0000094396 00000 n -0000094483 00000 n -0000094524 00000 n -0000094611 00000 n -0000094655 00000 n -0000094742 00000 n -0000094786 00000 n -0000094872 00000 n -0000094929 00000 n -0000094975 00000 n -0000095062 00000 n -0000095087 00000 n -0000095136 00000 n -0000095223 00000 n -0000095277 00000 n -0000095364 00000 n -0000095415 00000 n -0000095502 00000 n -0000095556 00000 n -0000095643 00000 n -0000095693 00000 n -0000095778 00000 n -0000095835 00000 n -0000095885 00000 n -0000095972 00000 n -0000096036 00000 n -0000096123 00000 n -0000096156 00000 n -0000096233 00000 n -0000096319 00000 n -0000096409 00000 n -0000096495 00000 n -0000096584 00000 n -0000096670 00000 n -0000096711 00000 n -0000096782 00000 n -0000096868 00000 n -0000097000 00000 n -0000097086 00000 n -0000097160 00000 n -0000097246 00000 n -0000097343 00000 n -0000097429 00000 n -0000097478 00000 n -0000097543 00000 n -0000097630 00000 n -0000097655 00000 n -0000097720 00000 n -0000097807 00000 n -0000097832 00000 n -0000097894 00000 n -0000097981 00000 n -0000098006 00000 n +0000092982 00000 n +0000093068 00000 n +0000093114 00000 n +0000093197 00000 n +0000093230 00000 n +0000093274 00000 n +0000093361 00000 n +0000093412 00000 n +0000093499 00000 n +0000093548 00000 n +0000093635 00000 n +0000093683 00000 n +0000093769 00000 n +0000093818 00000 n +0000093871 00000 n +0000093958 00000 n +0000094008 00000 n +0000094095 00000 n +0000094128 00000 n +0000094191 00000 n +0000094278 00000 n +0000094336 00000 n +0000094423 00000 n +0000094517 00000 n +0000094603 00000 n +0000094644 00000 n +0000094687 00000 n +0000094773 00000 n +0000094821 00000 n +0000094908 00000 n +0000094949 00000 n +0000095036 00000 n +0000095080 00000 n +0000095167 00000 n +0000095211 00000 n +0000095297 00000 n +0000095354 00000 n +0000095400 00000 n +0000095487 00000 n +0000095512 00000 n +0000095561 00000 n +0000095648 00000 n +0000095702 00000 n +0000095789 00000 n +0000095840 00000 n +0000095927 00000 n +0000095981 00000 n +0000096068 00000 n +0000096118 00000 n +0000096203 00000 n +0000096260 00000 n +0000096310 00000 n +0000096397 00000 n +0000096461 00000 n +0000096548 00000 n +0000096581 00000 n +0000096658 00000 n +0000096744 00000 n +0000096834 00000 n +0000096920 00000 n +0000097009 00000 n +0000097095 00000 n +0000097136 00000 n +0000097207 00000 n +0000097293 00000 n +0000097425 00000 n +0000097511 00000 n +0000097585 00000 n +0000097671 00000 n +0000097768 00000 n +0000097854 00000 n +0000097903 00000 n +0000097968 00000 n 0000098055 00000 n -0000098142 00000 n -0000098167 00000 n -0000098215 00000 n -0000098302 00000 n -0000098352 00000 n -0000098436 00000 n +0000098080 00000 n +0000098145 00000 n +0000098232 00000 n +0000098257 00000 n +0000098319 00000 n +0000098406 00000 n +0000098431 00000 n 0000098480 00000 n -0000098564 00000 n -0000098605 00000 n -0000098649 00000 n -0000098735 00000 n -0000098785 00000 n -0000098871 00000 n -0000098921 00000 n -0000099007 00000 n -0000099056 00000 n -0000099142 00000 n -0000099189 00000 n -0000099275 00000 n -0000099332 00000 n -0000099451 00000 n -0000099538 00000 n -0000099582 00000 n -0000099671 00000 n -0000099715 00000 n -0000099804 00000 n -0000099849 00000 n -0000099939 00000 n -0000100027 00000 n -0000100091 00000 n -0000100179 00000 n -0000100215 00000 n -0000100277 00000 n -0000100365 00000 n -0000100392 00000 n -0000100448 00000 n -0000100537 00000 n -0000100564 00000 n -0000100668 00000 n -0000100773 00000 n -0000100878 00000 n -0000100983 00000 n -0000101088 00000 n -0000101193 00000 n -0000101298 00000 n -0000101403 00000 n -0000101508 00000 n -0000101613 00000 n -0000101718 00000 n -0000101822 00000 n -0000101927 00000 n -0000102032 00000 n -0000102137 00000 n -0000102242 00000 n -0000102347 00000 n -0000102452 00000 n -0000102556 00000 n -0000102661 00000 n -0000102766 00000 n -0000102871 00000 n -0000102976 00000 n -0000103081 00000 n -0000103186 00000 n -0000103291 00000 n -0000103396 00000 n -0000103501 00000 n -0000103606 00000 n -0000103711 00000 n -0000103816 00000 n -0000103921 00000 n -0000104026 00000 n -0000104130 00000 n -0000104235 00000 n -0000104340 00000 n -0000104445 00000 n -0000104550 00000 n -0000104655 00000 n -0000104760 00000 n -0000104865 00000 n -0000104970 00000 n -0000105075 00000 n -0000105179 00000 n -0000105283 00000 n -0000105386 00000 n -0000105489 00000 n -0000105930 00000 n -0000106035 00000 n -0000106140 00000 n -0000106245 00000 n -0000106349 00000 n -0000106454 00000 n -0000106559 00000 n -0000106664 00000 n -0000106769 00000 n -0000106874 00000 n -0000106979 00000 n -0000107084 00000 n -0000107189 00000 n -0000107294 00000 n -0000107399 00000 n -0000107504 00000 n -0000107609 00000 n -0000107714 00000 n -0000107819 00000 n -0000107924 00000 n -0000108113 00000 n -0000108169 00000 n -0000108257 00000 n -0000108326 00000 n -0000108414 00000 n -0000108490 00000 n -0000108579 00000 n -0000108650 00000 n -0000108738 00000 n -0000108818 00000 n -0000108907 00000 n -0000108970 00000 n -0000109053 00000 n -0000109141 00000 n -0000109217 00000 n -0000109306 00000 n -0000109380 00000 n -0000109469 00000 n -0000109548 00000 n -0000109637 00000 n -0000109691 00000 n -0000109740 00000 n -0000109829 00000 n -0000109856 00000 n -0000109905 00000 n -0000109994 00000 n -0000110021 00000 n -0000110071 00000 n -0000110160 00000 n -0000110224 00000 n -0000110313 00000 n -0000110377 00000 n -0000110466 00000 n -0000110521 00000 n -0000110610 00000 n -0000110664 00000 n -0000110733 00000 n -0000110821 00000 n -0000110877 00000 n -0000110966 00000 n -0000111002 00000 n -0000111051 00000 n -0000111140 00000 n -0000111205 00000 n -0000111294 00000 n -0000111350 00000 n -0000111439 00000 n -0000111487 00000 n -0000111576 00000 n -0000111630 00000 n -0000111685 00000 n -0000111774 00000 n -0000111829 00000 n -0000111918 00000 n -0000111954 00000 n -0000111990 00000 n -0000112026 00000 n -0000117652 00000 n -0000117697 00000 n -0000117742 00000 n -0000117787 00000 n -0000117832 00000 n -0000117877 00000 n -0000117922 00000 n -0000117967 00000 n -0000118012 00000 n -0000118057 00000 n -0000118102 00000 n -0000118147 00000 n -0000118192 00000 n -0000118237 00000 n -0000118282 00000 n -0000118327 00000 n -0000118372 00000 n -0000118417 00000 n -0000118462 00000 n -0000118507 00000 n -0000118552 00000 n -0000118597 00000 n -0000118642 00000 n -0000118687 00000 n -0000118732 00000 n -0000118777 00000 n -0000118822 00000 n -0000118867 00000 n -0000118912 00000 n -0000118957 00000 n -0000119002 00000 n -0000119047 00000 n -0000119092 00000 n -0000119137 00000 n -0000119182 00000 n -0000119227 00000 n -0000119272 00000 n -0000119317 00000 n -0000119362 00000 n -0000119407 00000 n -0000119452 00000 n -0000119497 00000 n -0000119542 00000 n -0000119587 00000 n -0000119632 00000 n -0000119677 00000 n -0000119722 00000 n -0000119767 00000 n -0000119812 00000 n -0000119857 00000 n -0000119902 00000 n -0000119947 00000 n -0000119992 00000 n -0000120037 00000 n -0000120082 00000 n -0000120127 00000 n -0000120172 00000 n -0000120217 00000 n -0000120262 00000 n -0000120307 00000 n -0000120352 00000 n -0000120397 00000 n -0000120442 00000 n -0000120487 00000 n -0000120532 00000 n -0000120577 00000 n -0000120622 00000 n -0000120667 00000 n -0000120712 00000 n -0000120757 00000 n -0000120802 00000 n -0000120847 00000 n -0000120892 00000 n -0000120937 00000 n -0000120982 00000 n -0000121027 00000 n -0000121072 00000 n -0000121117 00000 n -0000121162 00000 n -0000121207 00000 n -0000121252 00000 n -0000121297 00000 n -0000121342 00000 n -0000121387 00000 n -0000121432 00000 n -0000121477 00000 n -0000121522 00000 n -0000121567 00000 n -0000121612 00000 n -0000121657 00000 n -0000121702 00000 n -0000121747 00000 n -0000121792 00000 n -0000121837 00000 n -0000121882 00000 n -0000121927 00000 n -0000121972 00000 n -0000122017 00000 n -0000122062 00000 n -0000122107 00000 n -0000122152 00000 n -0000122197 00000 n -0000122242 00000 n -0000122287 00000 n -0000122332 00000 n -0000122377 00000 n -0000122422 00000 n -0000122467 00000 n -0000122512 00000 n -0000122557 00000 n -0000122602 00000 n -0000122647 00000 n -0000122692 00000 n -0000122737 00000 n -0000122782 00000 n -0000122827 00000 n -0000122872 00000 n -0000122917 00000 n -0000122962 00000 n -0000123007 00000 n -0000123052 00000 n -0000123097 00000 n -0000123142 00000 n -0000123187 00000 n -0000123232 00000 n -0000123277 00000 n -0000123322 00000 n -0000123367 00000 n -0000123412 00000 n -0000123457 00000 n -0000123502 00000 n -0000123547 00000 n -0000123592 00000 n -0000123637 00000 n -0000123682 00000 n -0000123727 00000 n -0000123772 00000 n -0000123817 00000 n -0000123862 00000 n -0000123907 00000 n -0000123952 00000 n -0000123997 00000 n -0000124042 00000 n -0000124087 00000 n -0000124132 00000 n -0000124177 00000 n -0000124222 00000 n -0000124267 00000 n -0000124312 00000 n -0000124357 00000 n -0000124402 00000 n -0000124447 00000 n -0000124492 00000 n -0000124537 00000 n -0000124582 00000 n -0000124627 00000 n -0000124672 00000 n -0000124717 00000 n -0000124762 00000 n -0000124807 00000 n -0000124852 00000 n -0000124897 00000 n -0000124942 00000 n -0000124987 00000 n -0000125032 00000 n -0000125077 00000 n -0000125122 00000 n -0000125167 00000 n -0000125212 00000 n -0000125257 00000 n -0000125302 00000 n -0000125347 00000 n -0000125392 00000 n -0000125437 00000 n -0000125482 00000 n -0000125527 00000 n -0000125572 00000 n -0000125617 00000 n -0000125662 00000 n -0000125707 00000 n -0000125752 00000 n -0000125797 00000 n -0000125842 00000 n -0000125887 00000 n -0000125932 00000 n -0000125977 00000 n -0000126022 00000 n -0000126067 00000 n -0000126112 00000 n -0000126157 00000 n -0000126202 00000 n -0000126247 00000 n -0000126292 00000 n -0000126337 00000 n -0000126382 00000 n -0000126427 00000 n -0000126472 00000 n -0000126517 00000 n -0000126562 00000 n -0000126607 00000 n -0000126652 00000 n -0000126697 00000 n -0000126742 00000 n -0000126787 00000 n -0000126832 00000 n -0000126877 00000 n -0000126922 00000 n -0000126967 00000 n -0000127012 00000 n -0000127057 00000 n -0000127102 00000 n -0000127147 00000 n -0000127192 00000 n -0000127237 00000 n -0000127282 00000 n -0000127327 00000 n -0000127372 00000 n -0000127417 00000 n -0000127462 00000 n -0000127507 00000 n -0000127552 00000 n -0000127597 00000 n -0000127642 00000 n -0000127687 00000 n -0000127732 00000 n -0000127777 00000 n -0000127822 00000 n -0000127867 00000 n -0000127912 00000 n -0000127957 00000 n -0000128002 00000 n -0000128047 00000 n -0000128092 00000 n -0000128137 00000 n -0000128182 00000 n -0000128227 00000 n -0000128272 00000 n -0000128317 00000 n -0000128362 00000 n -0000128407 00000 n -0000128452 00000 n -0000128497 00000 n -0000128542 00000 n -0000128587 00000 n -0000128632 00000 n -0000128677 00000 n -0000128722 00000 n -0000128767 00000 n -0000128812 00000 n -0000128857 00000 n -0000128902 00000 n -0000128947 00000 n -0000128992 00000 n -0000129037 00000 n -0000129082 00000 n -0000129127 00000 n -0000129172 00000 n -0000129217 00000 n -0000129262 00000 n -0000129307 00000 n -0000129352 00000 n -0000129397 00000 n -0000129442 00000 n -0000129487 00000 n -0000129532 00000 n -0000129577 00000 n -0000129622 00000 n -0000129667 00000 n -0000129712 00000 n -0000129757 00000 n -0000129802 00000 n -0000129847 00000 n -0000129892 00000 n -0000129937 00000 n -0000129982 00000 n -0000130027 00000 n -0000130072 00000 n -0000130117 00000 n -0000130162 00000 n -0000130207 00000 n -0000130252 00000 n -0000130297 00000 n -0000130342 00000 n -0000130387 00000 n -0000130432 00000 n -0000130477 00000 n -0000130522 00000 n -0000130567 00000 n -0000130612 00000 n -0000130657 00000 n -0000130702 00000 n -0000130747 00000 n -0000130792 00000 n -0000130837 00000 n -0000130882 00000 n -0000130927 00000 n -0000130972 00000 n -0000131017 00000 n -0000131062 00000 n -0000131107 00000 n -0000131152 00000 n -0000131197 00000 n -0000131242 00000 n -0000131287 00000 n -0000131332 00000 n -0000131377 00000 n -0000131422 00000 n -0000131467 00000 n -0000131512 00000 n -0000131556 00000 n -0000131601 00000 n -0000131646 00000 n -0000131691 00000 n -0000131736 00000 n -0000131781 00000 n -0000131826 00000 n -0000131871 00000 n -0000131916 00000 n -0000131961 00000 n -0000132006 00000 n -0000132051 00000 n -0000132096 00000 n -0000132141 00000 n -0000132186 00000 n -0000132231 00000 n -0000132276 00000 n -0000132321 00000 n -0000132366 00000 n -0000133990 00000 n -0000134151 00000 n -0000134320 00000 n -0000134513 00000 n -0000138558 00000 n -0000138752 00000 n -0000142590 00000 n -0000142784 00000 n -0000147010 00000 n -0000147204 00000 n -0000151186 00000 n -0000151380 00000 n -0000155280 00000 n -0000155474 00000 n -0000159023 00000 n -0000159217 00000 n -0000162507 00000 n -0000162668 00000 n -0000162902 00000 n -0000163105 00000 n -0000165725 00000 n -0000165909 00000 n -0000169136 00000 n -0000169311 00000 n -0000171915 00000 n -0000172090 00000 n -0000173540 00000 n -0000173701 00000 n -0000173889 00000 n -0000174092 00000 n -0000176851 00000 n -0000177026 00000 n -0000177322 00000 n -0000177525 00000 n -0000178959 00000 n -0000179176 00000 n -0000180630 00000 n -0000180827 00000 n -0000182679 00000 n -0000182839 00000 n -0000183334 00000 n -0000183504 00000 n -0000185244 00000 n -0000185423 00000 n -0000187298 00000 n -0000187486 00000 n -0000189329 00000 n -0000189517 00000 n -0000191227 00000 n -0000191396 00000 n -0000192199 00000 n -0000192428 00000 n -0000194297 00000 n -0000194494 00000 n -0000196033 00000 n -0000196230 00000 n -0000197726 00000 n -0000197949 00000 n -0000200118 00000 n -0000200321 00000 n -0000202214 00000 n -0000202428 00000 n -0000203729 00000 n -0000203961 00000 n -0000205635 00000 n -0000205848 00000 n -0000207750 00000 n -0000207958 00000 n -0000209235 00000 n -0000209474 00000 n -0000210994 00000 n -0000211182 00000 n -0000212494 00000 n -0000212682 00000 n -0000213229 00000 n -0000213390 00000 n -0000213580 00000 n -0000213792 00000 n -0000216648 00000 n -0000216823 00000 n -0000217171 00000 n -0000217360 00000 n -0000219001 00000 n -0000219189 00000 n -0000220682 00000 n -0000220861 00000 n -0000222591 00000 n -0000222771 00000 n -0000224735 00000 n -0000224948 00000 n -0000226722 00000 n -0000226944 00000 n -0000227993 00000 n -0000228238 00000 n -0000229658 00000 n -0000229872 00000 n -0000231409 00000 n -0000231607 00000 n -0000233638 00000 n -0000233903 00000 n -0000235659 00000 n -0000235872 00000 n -0000237449 00000 n -0000237656 00000 n -0000239651 00000 n -0000239883 00000 n -0000241912 00000 n -0000242124 00000 n -0000244105 00000 n -0000244318 00000 n -0000246522 00000 n -0000246752 00000 n -0000248939 00000 n -0000249099 00000 n -0000249836 00000 n -0000250030 00000 n -0000251586 00000 n -0000251766 00000 n -0000253507 00000 n -0000253696 00000 n -0000254897 00000 n -0000255094 00000 n -0000256412 00000 n -0000256600 00000 n -0000257468 00000 n -0000257700 00000 n -0000259123 00000 n -0000259358 00000 n -0000261274 00000 n -0000261435 00000 n -0000261628 00000 n -0000261831 00000 n -0000264448 00000 n -0000264632 00000 n -0000267263 00000 n -0000267438 00000 n -0000269039 00000 n -0000269261 00000 n -0000271148 00000 n -0000271394 00000 n -0000273228 00000 n -0000273439 00000 n -0000275172 00000 n -0000275341 00000 n -0000277331 00000 n -0000277510 00000 n -0000279155 00000 n -0000279376 00000 n -0000280992 00000 n -0000281235 00000 n -0000282833 00000 n -0000283003 00000 n -0000283512 00000 n -0000283719 00000 n -0000285467 00000 n -0000285665 00000 n -0000287393 00000 n -0000287606 00000 n -0000289293 00000 n -0000289506 00000 n -0000291055 00000 n -0000291224 00000 n -0000291805 00000 n -0000291993 00000 n -0000293488 00000 n -0000293708 00000 n -0000295314 00000 n -0000295524 00000 n -0000297191 00000 n -0000297394 00000 n -0000298487 00000 n -0000298751 00000 n -0000300475 00000 n -0000300721 00000 n -0000302611 00000 n -0000302834 00000 n -0000304624 00000 n -0000304847 00000 n -0000306722 00000 n -0000306901 00000 n -0000308125 00000 n -0000308357 00000 n -0000310026 00000 n -0000310205 00000 n -0000311785 00000 n -0000311964 00000 n -0000313511 00000 n -0000313690 00000 n -0000315194 00000 n -0000315373 00000 n -0000317039 00000 n -0000317209 00000 n -0000317955 00000 n -0000318153 00000 n -0000319971 00000 n -0000320204 00000 n -0000322260 00000 n -0000322449 00000 n -0000324105 00000 n -0000324275 00000 n -0000325037 00000 n -0000325207 00000 n -0000326313 00000 n -0000326483 00000 n -0000327303 00000 n -0000327473 00000 n -0000328291 00000 n -0000328461 00000 n -0000329623 00000 n -0000329846 00000 n -0000331499 00000 n -0000331725 00000 n -0000333408 00000 n -0000333653 00000 n -0000335544 00000 n -0000335713 00000 n -0000337458 00000 n -0000337642 00000 n -0000339392 00000 n -0000339648 00000 n -0000341625 00000 n -0000341824 00000 n -0000344048 00000 n -0000344259 00000 n -0000346026 00000 n -0000346227 00000 n -0000347245 00000 n -0000347434 00000 n -0000349128 00000 n -0000349307 00000 n -0000351052 00000 n -0000351240 00000 n -0000353076 00000 n -0000353270 00000 n -0000355183 00000 n -0000355414 00000 n -0000357518 00000 n -0000357730 00000 n -0000359167 00000 n -0000359380 00000 n -0000360829 00000 n -0000361036 00000 n -0000362273 00000 n -0000362452 00000 n -0000363440 00000 n -0000363628 00000 n -0000364760 00000 n -0000364948 00000 n -0000366449 00000 n -0000366637 00000 n -0000367720 00000 n -0000367909 00000 n -0000369242 00000 n -0000369483 00000 n -0000371089 00000 n -0000371287 00000 n -0000373136 00000 n -0000373333 00000 n -0000374955 00000 n -0000375134 00000 n -0000377187 00000 n -0000377366 00000 n -0000379204 00000 n -0000379383 00000 n -0000381094 00000 n -0000381273 00000 n -0000381707 00000 n -0000381877 00000 n -0000383551 00000 n -0000383730 00000 n -0000385514 00000 n -0000385693 00000 n -0000387338 00000 n -0000387507 00000 n -0000388822 00000 n -0000389010 00000 n -0000390576 00000 n -0000390764 00000 n -0000392378 00000 n -0000392566 00000 n -0000393954 00000 n -0000394124 00000 n -0000395758 00000 n -0000395928 00000 n -0000396941 00000 n -0000397155 00000 n -0000398641 00000 n -0000398821 00000 n -0000399584 00000 n -0000399781 00000 n -0000400992 00000 n -0000401196 00000 n -0000402543 00000 n -0000402729 00000 n -0000403206 00000 n -0000403385 00000 n -0000404928 00000 n -0000405107 00000 n -0000406344 00000 n -0000406548 00000 n -0000407960 00000 n -0000408155 00000 n -0000410849 00000 n -0000411025 00000 n -0000411800 00000 n -0000411970 00000 n -0000413478 00000 n -0000413648 00000 n -0000415047 00000 n -0000415217 00000 n -0000416767 00000 n -0000416936 00000 n -0000417899 00000 n -0000418078 00000 n -0000419606 00000 n -0000419794 00000 n -0000420762 00000 n -0000420932 00000 n -0000421263 00000 n -0000421459 00000 n -0000423188 00000 n -0000423402 00000 n -0000425086 00000 n -0000425281 00000 n -0000426988 00000 n -0000427201 00000 n -0000428689 00000 n -0000428884 00000 n -0000430466 00000 n -0000430689 00000 n -0000432053 00000 n -0000432241 00000 n -0000433409 00000 n -0000433606 00000 n -0000435156 00000 n -0000435344 00000 n -0000435988 00000 n -0000436192 00000 n -0000437928 00000 n -0000438116 00000 n -0000439859 00000 n -0000440038 00000 n -0000441436 00000 n -0000441615 00000 n -0000443313 00000 n -0000443492 00000 n -0000444973 00000 n -0000445152 00000 n -0000446938 00000 n -0000447142 00000 n -0000448791 00000 n -0000448850 00000 n -0000448953 00000 n -0000449118 00000 n -0000449200 00000 n -0000449308 00000 n -0000449431 00000 n -0000449543 00000 n -0000449721 00000 n -0000449842 00000 n -0000450002 00000 n -0000450120 00000 n -0000450217 00000 n -0000450369 00000 n -0000450509 00000 n -0000450687 00000 n -0000450842 00000 n -0000450944 00000 n -0000451044 00000 n -0000451253 00000 n -0000451354 00000 n -0000451542 00000 n -0000451685 00000 n -0000451831 00000 n -0000451947 00000 n -0000452114 00000 n -0000452226 00000 n -0000452400 00000 n -0000452503 00000 n -0000452676 00000 n -0000452797 00000 n -0000452927 00000 n -0000453053 00000 n -0000453168 00000 n -0000453276 00000 n -0000453423 00000 n -0000453528 00000 n -0000453647 00000 n -0000453776 00000 n -0000453935 00000 n -0000454069 00000 n -0000454206 00000 n -0000454338 00000 n -0000454487 00000 n -0000454619 00000 n -0000454767 00000 n -0000454868 00000 n -0000454996 00000 n -0000455114 00000 n -0000455268 00000 n -0000455399 00000 n -0000455545 00000 n -0000455646 00000 n -0000455744 00000 n -0000455868 00000 n -0000455980 00000 n -0000456157 00000 n -0000456266 00000 n -0000456391 00000 n -0000456537 00000 n -0000456639 00000 n -0000456815 00000 n -0000456959 00000 n -0000457071 00000 n -0000457198 00000 n -0000457326 00000 n -0000457454 00000 n -0000457565 00000 n -0000457764 00000 n -0000457875 00000 n -0000457990 00000 n -0000458134 00000 n -0000458342 00000 n -0000458476 00000 n -0000458630 00000 n -0000458755 00000 n -0000458886 00000 n -0000459017 00000 n -0000459178 00000 n -0000459299 00000 n -0000459502 00000 n -0000459613 00000 n -0000459728 00000 n -0000459921 00000 n -0000460064 00000 n -0000460180 00000 n -0000460338 00000 n -0000460495 00000 n -0000460626 00000 n -0000460747 00000 n -0000460924 00000 n -0000461034 00000 n -0000461164 00000 n -0000461334 00000 n -0000461428 00000 n -0000461555 00000 n -0000461682 00000 n -0000461778 00000 n -0000461964 00000 n -0000462090 00000 n -0000462223 00000 n -0000462350 00000 n -0000462462 00000 n -0000462627 00000 n -0000462781 00000 n -0000462889 00000 n -0000463035 00000 n -0000463153 00000 n -0000463285 00000 n -0000463422 00000 n -0000463554 00000 n -0000463688 00000 n -0000463818 00000 n -0000463986 00000 n -0000464106 00000 n -0000464215 00000 n -0000464421 00000 n -0000464580 00000 n -0000464728 00000 n -0000464856 00000 n -0000465037 00000 n -0000465147 00000 n -0000465262 00000 n -0000465407 00000 n -0000465571 00000 n -0000465721 00000 n -0000465852 00000 n -0000466070 00000 n -0000466175 00000 n -0000466307 00000 n -0000466428 00000 n -0000466594 00000 n -0000466698 00000 n -0000466855 00000 n -0000466966 00000 n -0000467111 00000 n -0000467253 00000 n -0000467403 00000 n -0000467520 00000 n -0000467684 00000 n -0000467795 00000 n -0000467935 00000 n -0000468062 00000 n -0000468179 00000 n -0000468318 00000 n -0000468424 00000 n -0000468558 00000 n -0000468690 00000 n -0000468835 00000 n -0000468962 00000 n -0000469094 00000 n -0000469224 00000 n -0000469349 00000 n -0000469457 00000 n -0000469628 00000 n -0000469732 00000 n -0000469867 00000 n -0000469995 00000 n -0000470169 00000 n -0000470271 00000 n -0000470421 00000 n -0000470571 00000 n -0000470696 00000 n -0000470902 00000 n -0000471002 00000 n -0000471120 00000 n -0000471285 00000 n -0000471376 00000 n -0000471537 00000 n -0000471663 00000 n -0000471806 00000 n -0000471933 00000 n -0000472073 00000 n -0000472209 00000 n -0000472317 00000 n -0000472491 00000 n -0000472597 00000 n -0000472717 00000 n -0000472829 00000 n -0000472946 00000 n -0000473048 00000 n -0000473240 00000 n -0000473412 00000 n -0000473516 00000 n -0000473640 00000 n -0000473762 00000 n -0000473874 00000 n -0000474056 00000 n -0000474172 00000 n -0000474296 00000 n -0000474414 00000 n -0000474532 00000 n -0000474637 00000 n -0000474814 00000 n -0000474926 00000 n -0000475057 00000 n -0000475181 00000 n -0000475348 00000 n -0000475465 00000 n -0000475595 00000 n -0000475735 00000 n -0000475872 00000 n -0000476008 00000 n -0000476144 00000 n -0000476281 00000 n -0000476393 00000 n -0000476600 00000 n -0000476728 00000 n -0000476813 00000 n -0000476984 00000 n -0000477106 00000 n -0000477266 00000 n -0000477365 00000 n -0000477480 00000 n -0000477582 00000 n -0000477743 00000 n -0000477847 00000 n -0000477946 00000 n -0000478110 00000 n -0000478214 00000 n -0000478347 00000 n -0000478479 00000 n -0000478601 00000 n -0000478730 00000 n -0000478837 00000 n -0000479003 00000 n -0000479125 00000 n -0000479235 00000 n -0000479349 00000 n -0000479524 00000 n -0000479627 00000 n -0000479747 00000 n -0000479862 00000 n -0000479976 00000 n -0000480091 00000 n -0000480205 00000 n -0000480320 00000 n -0000480438 00000 n -0000480555 00000 n -0000480661 00000 n -0000480822 00000 n -0000480918 00000 n -0000481032 00000 n -0000481142 00000 n -0000481273 00000 n -0000481406 00000 n -0000481507 00000 n -0000481685 00000 n -0000481795 00000 n -0000481949 00000 n -0000482118 00000 n -0000482306 00000 n -0000482487 00000 n -0000482643 00000 n -0000482809 00000 n -0000482941 00000 n -0000483088 00000 n -0000483227 00000 n -0000483361 00000 n -0000483485 00000 n -0000483606 00000 n -0000483725 00000 n -0000483895 00000 n -0000484057 00000 n -0000484163 00000 n -0000484280 00000 n -0000484431 00000 n -0000484596 00000 n -0000484721 00000 n -0000484877 00000 n -0000484995 00000 n -0000485125 00000 n -0000485289 00000 n -0000485393 00000 n -0000485511 00000 n -0000485629 00000 n -0000485750 00000 n -0000485886 00000 n -0000485985 00000 n +0000098567 00000 n +0000098592 00000 n +0000098640 00000 n +0000098727 00000 n +0000098777 00000 n +0000098861 00000 n +0000098905 00000 n +0000098989 00000 n +0000099030 00000 n +0000099074 00000 n +0000099160 00000 n +0000099210 00000 n +0000099296 00000 n +0000099346 00000 n +0000099432 00000 n +0000099481 00000 n +0000099567 00000 n +0000099614 00000 n +0000099700 00000 n +0000099758 00000 n +0000099874 00000 n +0000099963 00000 n +0000100079 00000 n +0000100166 00000 n +0000100202 00000 n +0000100322 00000 n +0000100410 00000 n +0000100454 00000 n +0000100543 00000 n +0000100587 00000 n +0000100676 00000 n +0000100721 00000 n +0000100811 00000 n +0000100899 00000 n +0000100963 00000 n +0000101051 00000 n +0000101087 00000 n +0000101149 00000 n +0000101237 00000 n +0000101264 00000 n +0000101320 00000 n +0000101409 00000 n +0000101436 00000 n +0000101540 00000 n +0000101645 00000 n +0000101750 00000 n +0000101855 00000 n +0000101960 00000 n +0000102065 00000 n +0000102170 00000 n +0000102275 00000 n +0000102380 00000 n +0000102485 00000 n +0000102590 00000 n +0000102694 00000 n +0000102799 00000 n +0000102904 00000 n +0000103009 00000 n +0000103114 00000 n +0000103219 00000 n +0000103324 00000 n +0000103428 00000 n +0000103533 00000 n +0000103638 00000 n +0000103743 00000 n +0000103848 00000 n +0000103953 00000 n +0000104058 00000 n +0000104163 00000 n +0000104268 00000 n +0000104373 00000 n +0000104478 00000 n +0000104583 00000 n +0000104688 00000 n +0000104793 00000 n +0000104898 00000 n +0000105002 00000 n +0000105107 00000 n +0000105212 00000 n +0000105317 00000 n +0000105422 00000 n +0000105527 00000 n +0000105632 00000 n +0000105737 00000 n +0000105842 00000 n +0000105947 00000 n +0000106051 00000 n +0000106155 00000 n +0000106258 00000 n +0000106361 00000 n +0000106802 00000 n +0000106907 00000 n +0000107012 00000 n +0000107117 00000 n +0000107221 00000 n +0000107326 00000 n +0000107431 00000 n +0000107536 00000 n +0000107641 00000 n +0000107746 00000 n +0000107851 00000 n +0000107956 00000 n +0000108061 00000 n +0000108166 00000 n +0000108271 00000 n +0000108376 00000 n +0000108481 00000 n +0000108586 00000 n +0000108691 00000 n +0000108796 00000 n +0000108985 00000 n +0000109041 00000 n +0000109129 00000 n +0000109198 00000 n +0000109286 00000 n +0000109362 00000 n +0000109451 00000 n +0000109522 00000 n +0000109610 00000 n +0000109690 00000 n +0000109779 00000 n +0000109842 00000 n +0000109925 00000 n +0000110013 00000 n +0000110089 00000 n +0000110178 00000 n +0000110252 00000 n +0000110341 00000 n +0000110420 00000 n +0000110509 00000 n +0000110563 00000 n +0000110612 00000 n +0000110701 00000 n +0000110728 00000 n +0000110777 00000 n +0000110866 00000 n +0000110893 00000 n +0000110943 00000 n +0000111032 00000 n +0000111096 00000 n +0000111185 00000 n +0000111249 00000 n +0000111338 00000 n +0000111393 00000 n +0000111482 00000 n +0000111536 00000 n +0000111605 00000 n +0000111693 00000 n +0000111749 00000 n +0000111838 00000 n +0000111874 00000 n +0000111923 00000 n +0000112012 00000 n +0000112077 00000 n +0000112166 00000 n +0000112222 00000 n +0000112311 00000 n +0000112359 00000 n +0000112448 00000 n +0000112502 00000 n +0000112557 00000 n +0000112646 00000 n +0000112701 00000 n +0000112790 00000 n +0000112826 00000 n +0000112862 00000 n +0000112898 00000 n +0000118585 00000 n +0000118630 00000 n +0000118675 00000 n +0000118720 00000 n +0000118765 00000 n +0000118810 00000 n +0000118855 00000 n +0000118900 00000 n +0000118945 00000 n +0000118990 00000 n +0000119035 00000 n +0000119080 00000 n +0000119125 00000 n +0000119170 00000 n +0000119215 00000 n +0000119260 00000 n +0000119305 00000 n +0000119350 00000 n +0000119395 00000 n +0000119440 00000 n +0000119485 00000 n +0000119530 00000 n +0000119575 00000 n +0000119620 00000 n +0000119665 00000 n +0000119710 00000 n +0000119755 00000 n +0000119800 00000 n +0000119845 00000 n +0000119890 00000 n +0000119935 00000 n +0000119980 00000 n +0000120025 00000 n +0000120070 00000 n +0000120115 00000 n +0000120160 00000 n +0000120205 00000 n +0000120250 00000 n +0000120295 00000 n +0000120340 00000 n +0000120385 00000 n +0000120430 00000 n +0000120475 00000 n +0000120520 00000 n +0000120565 00000 n +0000120610 00000 n +0000120655 00000 n +0000120700 00000 n +0000120745 00000 n +0000120790 00000 n +0000120835 00000 n +0000120880 00000 n +0000120925 00000 n +0000120970 00000 n +0000121015 00000 n +0000121060 00000 n +0000121105 00000 n +0000121150 00000 n +0000121195 00000 n +0000121240 00000 n +0000121285 00000 n +0000121330 00000 n +0000121375 00000 n +0000121420 00000 n +0000121465 00000 n +0000121510 00000 n +0000121555 00000 n +0000121600 00000 n +0000121645 00000 n +0000121690 00000 n +0000121735 00000 n +0000121780 00000 n +0000121825 00000 n +0000121870 00000 n +0000121915 00000 n +0000121960 00000 n +0000122005 00000 n +0000122050 00000 n +0000122095 00000 n +0000122140 00000 n +0000122185 00000 n +0000122230 00000 n +0000122275 00000 n +0000122320 00000 n +0000122365 00000 n +0000122410 00000 n +0000122455 00000 n +0000122500 00000 n +0000122545 00000 n +0000122590 00000 n +0000122635 00000 n +0000122680 00000 n +0000122725 00000 n +0000122770 00000 n +0000122815 00000 n +0000122860 00000 n +0000122905 00000 n +0000122950 00000 n +0000122995 00000 n +0000123040 00000 n +0000123085 00000 n +0000123130 00000 n +0000123175 00000 n +0000123220 00000 n +0000123265 00000 n +0000123310 00000 n +0000123355 00000 n +0000123400 00000 n +0000123445 00000 n +0000123490 00000 n +0000123535 00000 n +0000123580 00000 n +0000123625 00000 n +0000123670 00000 n +0000123715 00000 n +0000123760 00000 n +0000123805 00000 n +0000123850 00000 n +0000123895 00000 n +0000123940 00000 n +0000123985 00000 n +0000124030 00000 n +0000124075 00000 n +0000124120 00000 n +0000124165 00000 n +0000124210 00000 n +0000124255 00000 n +0000124300 00000 n +0000124345 00000 n +0000124390 00000 n +0000124435 00000 n +0000124480 00000 n +0000124525 00000 n +0000124570 00000 n +0000124615 00000 n +0000124660 00000 n +0000124705 00000 n +0000124750 00000 n +0000124795 00000 n +0000124840 00000 n +0000124885 00000 n +0000124930 00000 n +0000124975 00000 n +0000125020 00000 n +0000125065 00000 n +0000125110 00000 n +0000125155 00000 n +0000125200 00000 n +0000125245 00000 n +0000125290 00000 n +0000125335 00000 n +0000125380 00000 n +0000125425 00000 n +0000125470 00000 n +0000125515 00000 n +0000125560 00000 n +0000125605 00000 n +0000125650 00000 n +0000125695 00000 n +0000125740 00000 n +0000125785 00000 n +0000125830 00000 n +0000125875 00000 n +0000125920 00000 n +0000125965 00000 n +0000126010 00000 n +0000126055 00000 n +0000126100 00000 n +0000126145 00000 n +0000126190 00000 n +0000126235 00000 n +0000126280 00000 n +0000126325 00000 n +0000126370 00000 n +0000126415 00000 n +0000126460 00000 n +0000126505 00000 n +0000126550 00000 n +0000126595 00000 n +0000126640 00000 n +0000126685 00000 n +0000126730 00000 n +0000126775 00000 n +0000126820 00000 n +0000126865 00000 n +0000126910 00000 n +0000126955 00000 n +0000127000 00000 n +0000127045 00000 n +0000127090 00000 n +0000127135 00000 n +0000127180 00000 n +0000127225 00000 n +0000127270 00000 n +0000127315 00000 n +0000127360 00000 n +0000127405 00000 n +0000127450 00000 n +0000127495 00000 n +0000127540 00000 n +0000127585 00000 n +0000127630 00000 n +0000127675 00000 n +0000127720 00000 n +0000127765 00000 n +0000127810 00000 n +0000127855 00000 n +0000127900 00000 n +0000127945 00000 n +0000127990 00000 n +0000128035 00000 n +0000128080 00000 n +0000128125 00000 n +0000128170 00000 n +0000128215 00000 n +0000128260 00000 n +0000128305 00000 n +0000128350 00000 n +0000128395 00000 n +0000128440 00000 n +0000128485 00000 n +0000128530 00000 n +0000128575 00000 n +0000128620 00000 n +0000128665 00000 n +0000128710 00000 n +0000128755 00000 n +0000128800 00000 n +0000128845 00000 n +0000128890 00000 n +0000128935 00000 n +0000128980 00000 n +0000129025 00000 n +0000129070 00000 n +0000129115 00000 n +0000129160 00000 n +0000129205 00000 n +0000129250 00000 n +0000129295 00000 n +0000129340 00000 n +0000129385 00000 n +0000129430 00000 n +0000129475 00000 n +0000129520 00000 n +0000129565 00000 n +0000129610 00000 n +0000129655 00000 n +0000129700 00000 n +0000129745 00000 n +0000129790 00000 n +0000129835 00000 n +0000129880 00000 n +0000129925 00000 n +0000129970 00000 n +0000130015 00000 n +0000130060 00000 n +0000130105 00000 n +0000130150 00000 n +0000130195 00000 n +0000130240 00000 n +0000130285 00000 n +0000130330 00000 n +0000130375 00000 n +0000130420 00000 n +0000130465 00000 n +0000130510 00000 n +0000130555 00000 n +0000130600 00000 n +0000130645 00000 n +0000130690 00000 n +0000130735 00000 n +0000130780 00000 n +0000130825 00000 n +0000130870 00000 n +0000130915 00000 n +0000130960 00000 n +0000131005 00000 n +0000131050 00000 n +0000131095 00000 n +0000131140 00000 n +0000131185 00000 n +0000131230 00000 n +0000131275 00000 n +0000131320 00000 n +0000131365 00000 n +0000131410 00000 n +0000131455 00000 n +0000131500 00000 n +0000131545 00000 n +0000131590 00000 n +0000131635 00000 n +0000131680 00000 n +0000131725 00000 n +0000131770 00000 n +0000131815 00000 n +0000131860 00000 n +0000131905 00000 n +0000131950 00000 n +0000131995 00000 n +0000132040 00000 n +0000132085 00000 n +0000132130 00000 n +0000132175 00000 n +0000132220 00000 n +0000132265 00000 n +0000132310 00000 n +0000132355 00000 n +0000132400 00000 n +0000132445 00000 n +0000132490 00000 n +0000132534 00000 n +0000132579 00000 n +0000132624 00000 n +0000132669 00000 n +0000132714 00000 n +0000132759 00000 n +0000132804 00000 n +0000132849 00000 n +0000132894 00000 n +0000132939 00000 n +0000132984 00000 n +0000133029 00000 n +0000133074 00000 n +0000133119 00000 n +0000133164 00000 n +0000133209 00000 n +0000133253 00000 n +0000133298 00000 n +0000133343 00000 n +0000133388 00000 n +0000133433 00000 n +0000135057 00000 n +0000135218 00000 n +0000135387 00000 n +0000135580 00000 n +0000139621 00000 n +0000139815 00000 n +0000143896 00000 n +0000144090 00000 n +0000148180 00000 n +0000148374 00000 n +0000152107 00000 n +0000152301 00000 n +0000156347 00000 n +0000156541 00000 n +0000159649 00000 n +0000159843 00000 n +0000163786 00000 n +0000163947 00000 n +0000164181 00000 n +0000164384 00000 n +0000166981 00000 n +0000167165 00000 n +0000170445 00000 n +0000170620 00000 n +0000173218 00000 n +0000173393 00000 n +0000174928 00000 n +0000175089 00000 n +0000175277 00000 n +0000175480 00000 n +0000178202 00000 n +0000178405 00000 n +0000179839 00000 n +0000180056 00000 n +0000181509 00000 n +0000181706 00000 n +0000183558 00000 n +0000183718 00000 n +0000184213 00000 n +0000184383 00000 n +0000186123 00000 n +0000186302 00000 n +0000188177 00000 n +0000188365 00000 n +0000190207 00000 n +0000190395 00000 n +0000192105 00000 n +0000192274 00000 n +0000193077 00000 n +0000193306 00000 n +0000195175 00000 n +0000195372 00000 n +0000196911 00000 n +0000197108 00000 n +0000198604 00000 n +0000198827 00000 n +0000200996 00000 n +0000201199 00000 n +0000203092 00000 n +0000203306 00000 n +0000204607 00000 n +0000204839 00000 n +0000206512 00000 n +0000206725 00000 n +0000208629 00000 n +0000208837 00000 n +0000210115 00000 n +0000210354 00000 n +0000211950 00000 n +0000212138 00000 n +0000213396 00000 n +0000213557 00000 n +0000213747 00000 n +0000213959 00000 n +0000216815 00000 n +0000216990 00000 n +0000217338 00000 n +0000217527 00000 n +0000219168 00000 n +0000219356 00000 n +0000220849 00000 n +0000221028 00000 n +0000222758 00000 n +0000222938 00000 n +0000224902 00000 n +0000225115 00000 n +0000226889 00000 n +0000227111 00000 n +0000228160 00000 n +0000228405 00000 n +0000229825 00000 n +0000230039 00000 n +0000231576 00000 n +0000231774 00000 n +0000233805 00000 n +0000234070 00000 n +0000235826 00000 n +0000236039 00000 n +0000237616 00000 n +0000237823 00000 n +0000239818 00000 n +0000240050 00000 n +0000242079 00000 n +0000242291 00000 n +0000244272 00000 n +0000244485 00000 n +0000246689 00000 n +0000246919 00000 n +0000249106 00000 n +0000249266 00000 n +0000250003 00000 n +0000250197 00000 n +0000251753 00000 n +0000251933 00000 n +0000253674 00000 n +0000253863 00000 n +0000255064 00000 n +0000255261 00000 n +0000256579 00000 n +0000256767 00000 n +0000257636 00000 n +0000257868 00000 n +0000259291 00000 n +0000259526 00000 n +0000261442 00000 n +0000261603 00000 n +0000261796 00000 n +0000261999 00000 n +0000264638 00000 n +0000264822 00000 n +0000267495 00000 n +0000267670 00000 n +0000269459 00000 n +0000269663 00000 n +0000270360 00000 n +0000270567 00000 n +0000272315 00000 n +0000272513 00000 n +0000274241 00000 n +0000274454 00000 n +0000276141 00000 n +0000276354 00000 n +0000277903 00000 n +0000278072 00000 n +0000278652 00000 n +0000278840 00000 n +0000280334 00000 n +0000280554 00000 n +0000282159 00000 n +0000282369 00000 n +0000284036 00000 n +0000284239 00000 n +0000285331 00000 n +0000285595 00000 n +0000287319 00000 n +0000287565 00000 n +0000289455 00000 n +0000289678 00000 n +0000291468 00000 n +0000291691 00000 n +0000293566 00000 n +0000293745 00000 n +0000294969 00000 n +0000295201 00000 n +0000296872 00000 n +0000297051 00000 n +0000298631 00000 n +0000298810 00000 n +0000300357 00000 n +0000300536 00000 n +0000302040 00000 n +0000302219 00000 n +0000303885 00000 n +0000304055 00000 n +0000304801 00000 n +0000304999 00000 n +0000306817 00000 n +0000307050 00000 n +0000309105 00000 n +0000309294 00000 n +0000310950 00000 n +0000311120 00000 n +0000311882 00000 n +0000312052 00000 n +0000313157 00000 n +0000313327 00000 n +0000314147 00000 n +0000314317 00000 n +0000315134 00000 n +0000315304 00000 n +0000316466 00000 n +0000316689 00000 n +0000318342 00000 n +0000318568 00000 n +0000320251 00000 n +0000320496 00000 n +0000322387 00000 n +0000322556 00000 n +0000324301 00000 n +0000324485 00000 n +0000326235 00000 n +0000326491 00000 n +0000328467 00000 n +0000328666 00000 n +0000330889 00000 n +0000331100 00000 n +0000332867 00000 n +0000333068 00000 n +0000334084 00000 n +0000334273 00000 n +0000335966 00000 n +0000336145 00000 n +0000337890 00000 n +0000338078 00000 n +0000339914 00000 n +0000340108 00000 n +0000342020 00000 n +0000342251 00000 n +0000344355 00000 n +0000344567 00000 n +0000346003 00000 n +0000346217 00000 n +0000347666 00000 n +0000347873 00000 n +0000349110 00000 n +0000349289 00000 n +0000350276 00000 n +0000350464 00000 n +0000351596 00000 n +0000351784 00000 n +0000353285 00000 n +0000353473 00000 n +0000354556 00000 n +0000354745 00000 n +0000356078 00000 n +0000356282 00000 n +0000358271 00000 n +0000358468 00000 n +0000360584 00000 n +0000360805 00000 n +0000362779 00000 n +0000363010 00000 n +0000364482 00000 n +0000364693 00000 n +0000366522 00000 n +0000366701 00000 n +0000368620 00000 n +0000368850 00000 n +0000370591 00000 n +0000370812 00000 n +0000372412 00000 n +0000372634 00000 n +0000373930 00000 n +0000374171 00000 n +0000375777 00000 n +0000375975 00000 n +0000377824 00000 n +0000378021 00000 n +0000379642 00000 n +0000379821 00000 n +0000381874 00000 n +0000382053 00000 n +0000383891 00000 n +0000384070 00000 n +0000385780 00000 n +0000385959 00000 n +0000386393 00000 n +0000386563 00000 n +0000388236 00000 n +0000388415 00000 n +0000390200 00000 n +0000390379 00000 n +0000392025 00000 n +0000392194 00000 n +0000393509 00000 n +0000393697 00000 n +0000395264 00000 n +0000395452 00000 n +0000397067 00000 n +0000397255 00000 n +0000398643 00000 n +0000398813 00000 n +0000400448 00000 n +0000400618 00000 n +0000401631 00000 n +0000401845 00000 n +0000403332 00000 n +0000403512 00000 n +0000404276 00000 n +0000404473 00000 n +0000405686 00000 n +0000405890 00000 n +0000407236 00000 n +0000407422 00000 n +0000407898 00000 n +0000408077 00000 n +0000409622 00000 n +0000409801 00000 n +0000411038 00000 n +0000411242 00000 n +0000412654 00000 n +0000412849 00000 n +0000415544 00000 n +0000415720 00000 n +0000416495 00000 n +0000416665 00000 n +0000418173 00000 n +0000418343 00000 n +0000419742 00000 n +0000419912 00000 n +0000421462 00000 n +0000421631 00000 n +0000422595 00000 n +0000422774 00000 n +0000424302 00000 n +0000424490 00000 n +0000425458 00000 n +0000425628 00000 n +0000425958 00000 n +0000426154 00000 n +0000427884 00000 n +0000428098 00000 n +0000429782 00000 n +0000429977 00000 n +0000431684 00000 n +0000431897 00000 n +0000433384 00000 n +0000433579 00000 n +0000435161 00000 n +0000435384 00000 n +0000436749 00000 n +0000436937 00000 n +0000438108 00000 n +0000438305 00000 n +0000439856 00000 n +0000440044 00000 n +0000440688 00000 n +0000440892 00000 n +0000442630 00000 n +0000442818 00000 n +0000444560 00000 n +0000444739 00000 n +0000446137 00000 n +0000446316 00000 n +0000448014 00000 n +0000448193 00000 n +0000449674 00000 n +0000449853 00000 n +0000451637 00000 n +0000451841 00000 n +0000453490 00000 n +0000453549 00000 n +0000453652 00000 n +0000453817 00000 n +0000453899 00000 n +0000454007 00000 n +0000454130 00000 n +0000454242 00000 n +0000454420 00000 n +0000454541 00000 n +0000454701 00000 n +0000454819 00000 n +0000454916 00000 n +0000455068 00000 n +0000455208 00000 n +0000455386 00000 n +0000455541 00000 n +0000455643 00000 n +0000455743 00000 n +0000455952 00000 n +0000456053 00000 n +0000456241 00000 n +0000456384 00000 n +0000456530 00000 n +0000456646 00000 n +0000456813 00000 n +0000456925 00000 n +0000457099 00000 n +0000457202 00000 n +0000457375 00000 n +0000457496 00000 n +0000457626 00000 n +0000457752 00000 n +0000457867 00000 n +0000457975 00000 n +0000458122 00000 n +0000458227 00000 n +0000458346 00000 n +0000458475 00000 n +0000458634 00000 n +0000458768 00000 n +0000458905 00000 n +0000459037 00000 n +0000459186 00000 n +0000459318 00000 n +0000459466 00000 n +0000459580 00000 n +0000459698 00000 n +0000459852 00000 n +0000459983 00000 n +0000460077 00000 n +0000460201 00000 n +0000460313 00000 n +0000460490 00000 n +0000460599 00000 n +0000460724 00000 n +0000460870 00000 n +0000460972 00000 n +0000461148 00000 n +0000461292 00000 n +0000461404 00000 n +0000461531 00000 n +0000461659 00000 n +0000461787 00000 n +0000461898 00000 n +0000462097 00000 n +0000462208 00000 n +0000462323 00000 n +0000462467 00000 n +0000462675 00000 n +0000462809 00000 n +0000462963 00000 n +0000463088 00000 n +0000463219 00000 n +0000463350 00000 n +0000463511 00000 n +0000463632 00000 n +0000463835 00000 n +0000463946 00000 n +0000464061 00000 n +0000464254 00000 n +0000464397 00000 n +0000464513 00000 n +0000464671 00000 n +0000464828 00000 n +0000464959 00000 n +0000465080 00000 n +0000465257 00000 n +0000465367 00000 n +0000465497 00000 n +0000465667 00000 n +0000465761 00000 n +0000465888 00000 n +0000466015 00000 n +0000466111 00000 n +0000466297 00000 n +0000466423 00000 n +0000466556 00000 n +0000466683 00000 n +0000466795 00000 n +0000466985 00000 n +0000467091 00000 n +0000467297 00000 n +0000467456 00000 n +0000467604 00000 n +0000467732 00000 n +0000467913 00000 n +0000468023 00000 n +0000468138 00000 n +0000468283 00000 n +0000468447 00000 n +0000468597 00000 n +0000468728 00000 n +0000468946 00000 n +0000469051 00000 n +0000469183 00000 n +0000469304 00000 n +0000469470 00000 n +0000469574 00000 n +0000469731 00000 n +0000469842 00000 n +0000469987 00000 n +0000470129 00000 n +0000470279 00000 n +0000470396 00000 n +0000470560 00000 n +0000470671 00000 n +0000470811 00000 n +0000470938 00000 n +0000471055 00000 n +0000471194 00000 n +0000471300 00000 n +0000471434 00000 n +0000471566 00000 n +0000471711 00000 n +0000471838 00000 n +0000471970 00000 n +0000472100 00000 n +0000472225 00000 n +0000472333 00000 n +0000472504 00000 n +0000472608 00000 n +0000472743 00000 n +0000472871 00000 n +0000473045 00000 n +0000473147 00000 n +0000473297 00000 n +0000473447 00000 n +0000473572 00000 n +0000473778 00000 n +0000473878 00000 n +0000473996 00000 n +0000474161 00000 n +0000474252 00000 n +0000474413 00000 n +0000474539 00000 n +0000474682 00000 n +0000474809 00000 n +0000474949 00000 n +0000475085 00000 n +0000475193 00000 n +0000475367 00000 n +0000475473 00000 n +0000475593 00000 n +0000475705 00000 n +0000475822 00000 n +0000475924 00000 n +0000476107 00000 n +0000476238 00000 n +0000476376 00000 n +0000476536 00000 n +0000476676 00000 n +0000476844 00000 n +0000476976 00000 n +0000477094 00000 n +0000477226 00000 n +0000477363 00000 n +0000477495 00000 n +0000477629 00000 n +0000477759 00000 n +0000477927 00000 n +0000478047 00000 n +0000478156 00000 n +0000478348 00000 n +0000478520 00000 n +0000478624 00000 n +0000478748 00000 n +0000478870 00000 n +0000478982 00000 n +0000479164 00000 n +0000479280 00000 n +0000479404 00000 n +0000479522 00000 n +0000479640 00000 n +0000479745 00000 n +0000479922 00000 n +0000480034 00000 n +0000480165 00000 n +0000480289 00000 n +0000480456 00000 n +0000480573 00000 n +0000480703 00000 n +0000480843 00000 n +0000480980 00000 n +0000481116 00000 n +0000481252 00000 n +0000481389 00000 n +0000481501 00000 n +0000481708 00000 n +0000481836 00000 n +0000481921 00000 n +0000482092 00000 n +0000482214 00000 n +0000482374 00000 n +0000482473 00000 n +0000482588 00000 n +0000482690 00000 n +0000482851 00000 n +0000482955 00000 n +0000483054 00000 n +0000483218 00000 n +0000483322 00000 n +0000483455 00000 n +0000483587 00000 n +0000483709 00000 n +0000483838 00000 n +0000483945 00000 n +0000484111 00000 n +0000484233 00000 n +0000484343 00000 n +0000484457 00000 n +0000484632 00000 n +0000484735 00000 n +0000484855 00000 n +0000484970 00000 n +0000485084 00000 n +0000485199 00000 n +0000485313 00000 n +0000485428 00000 n +0000485546 00000 n +0000485663 00000 n +0000485769 00000 n +0000485930 00000 n +0000486026 00000 n 0000486140 00000 n -0000486244 00000 n -0000486361 00000 n -0000486511 00000 n -0000486611 00000 n -0000486725 00000 n -0000486839 00000 n -0000486953 00000 n -0000487067 00000 n -0000487181 00000 n -0000487295 00000 n -0000487409 00000 n -0000487523 00000 n -0000487639 00000 n -0000487741 00000 n -0000487855 00000 n +0000486250 00000 n +0000486381 00000 n +0000486514 00000 n +0000486615 00000 n +0000486793 00000 n +0000486903 00000 n +0000487057 00000 n +0000487226 00000 n +0000487414 00000 n +0000487595 00000 n +0000487751 00000 n +0000487917 00000 n +0000488049 00000 n +0000488196 00000 n +0000488335 00000 n +0000488469 00000 n +0000488593 00000 n +0000488714 00000 n +0000488833 00000 n +0000489003 00000 n +0000489165 00000 n +0000489271 00000 n +0000489388 00000 n +0000489539 00000 n +0000489704 00000 n +0000489829 00000 n +0000489985 00000 n +0000490103 00000 n +0000490233 00000 n +0000490397 00000 n +0000490501 00000 n +0000490619 00000 n +0000490737 00000 n +0000490858 00000 n +0000490994 00000 n +0000491093 00000 n +0000491248 00000 n +0000491352 00000 n +0000491469 00000 n +0000491619 00000 n +0000491719 00000 n +0000491833 00000 n +0000491947 00000 n +0000492061 00000 n +0000492175 00000 n +0000492289 00000 n +0000492403 00000 n +0000492517 00000 n +0000492631 00000 n +0000492747 00000 n +0000492849 00000 n +0000492963 00000 n trailer -<<90de86fcfbc3ee411d8c68aedcf34015>]>> +<]>> startxref -488808 +493959 %%EOF diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml index f30539601e..dabdcced01 100644 --- a/docs/docbook/manpages/smbspool.8.sgml +++ b/docs/docbook/manpages/smbspool.8.sgml @@ -15,12 +15,12 @@ smbspool - job - user - title - copies - options - filename + job + user + title + copies + options + filename @@ -95,7 +95,7 @@ VERSION - This man page is correct for version 2.2 of the Samba suite. + This man page is correct for version 3.0 of the Samba suite. diff --git a/docs/docbook/manpages/testprns.1.sgml b/docs/docbook/manpages/testprns.1.sgml index 85cc860c4a..3ff1d85055 100644 --- a/docs/docbook/manpages/testprns.1.sgml +++ b/docs/docbook/manpages/testprns.1.sgml @@ -111,7 +111,7 @@ VERSION - This man page is correct for version 2.2 of + This man page is correct for version 3.0 of the Samba suite. diff --git a/docs/docs-status b/docs/docs-status index 7b1eaa4bfd..8f7b80e5f8 100644 --- a/docs/docs-status +++ b/docs/docs-status @@ -7,7 +7,6 @@ docs/history - needs updating (is current up to 1998 - merge with 10year.html ?) docs/docbook/manpages/net.8.sgml - Still not finished docs/docbook/manpages/rpcclient.1.sgml - Command documentation might be outdated docs/docbook/manpages/samba.7.sgml - Listing of samba programs is not complete -docs/docbook/manpages/smbcontrol.1.sgml - Document -s, samsync, samrepl, pool-usage, dmalloc-mark, dmalloc-log-changed, shutdown, change_id docs/docbook/manpages/smb.conf.5.sgml - 'restrict anonymous' isn't documented properly docs/docbook/projdoc/Integrating-with-Windows.sgml - Should slowly go a way. Contains a little bit information about wins, a little bit about domain membership, a little about winbind, etc docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml @@ -23,18 +22,7 @@ docs/textdocs/CUPS-PrintingInfo.txt - needs to be converted to sgml - Kurt Pfeif docs/textdocs/PROFILES.txt - needs to be converted to sgml docs/textdocs/README.jis - Seems to need updating - possibly obsoleted by a newer japanese howto? docs/textdocs/RoutedNetworks.txt - still valid, but shouldn't this go into Other_clients.sgml ? This text originally comes from microsoft, what about copyright? -docs/docbook/manpages/ntlm_auth.1.sgml - Is very basic at the moment, parameters need better descriptions - -These still need to be checked: -docs/docbook/manpages/smbmnt.8.sgml -docs/docbook/manpages/smbmount.8.sgml -docs/docbook/manpages/smbpasswd.8.sgml -docs/docbook/manpages/smbsh.1.sgml -docs/docbook/manpages/smbspool.8.sgml -docs/docbook/manpages/smbstatus.1.sgml -docs/docbook/manpages/smbtar.1.sgml -docs/docbook/manpages/smbumount.8.sgml -docs/docbook/manpages/testprns.1.sgml +docs/docbook/manpages/ntlm_auth.1.sgml - Is very basic at the moment, parameters need better descriptions - abartlet Stuff that needs to be documented: wrepld @@ -43,8 +31,6 @@ Winbind in a samba controlled domain One Time Migration script from a Windows NT 4.0 PDC to a Samba PDC ldap passwd sync -http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html - Not release-critical: docs/docbook/devdoc/* - most of these docs are outdated and need updates... docs/docbook/projdoc/Diagnosis.sgml - Needs extension diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index c902d63bec..73bc3eb60a 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -219,8 +219,8 @@ HREF="#AEN546" >3.8. Passdb XML pluginXML 4.1. Stand Alone Server 4.2. Domain Member Server 4.3. Domain Controller 5.1. User and Share security level 6.1. Prerequisite Reading 6.2. Background 6.3. Configuring the Samba Domain Controller 6.4. Creating Machine Trust Accounts and Joining Clients to the Domain 6.5. Common Problems and Errors 6.6. What other help can I get? 6.7. Domain Control for Windows 9x/ME 7.1. Prerequisite Reading 7.2. Background 7.3. What qualifies a Domain Controller on the network? 7.4. Can Samba be a Backup Domain Controller to an NT PDC? 7.5. How do I set up a Samba BDC? 8.1. Setup your smb.conf 8.2. Setup your /etc/krb5.conf 8.3. Create the computer account 8.4. Test your server setup 8.5. Testing with smbclient 8.6. Notes 9.1. Joining an NT Domain with Samba 3.0 9.2. Why is this better than security = server? 10. System PoliciesAdvanced Network Manangement Information 10.1. Basic System Policy Info 10.2. Roaming ProfilesRemote Server Administration 11.1. Viewing and changing UNIX permissions using the NT security dialogs 11.2. How to view file security on a Samba share 11.3. Viewing file ownership 11.4. Viewing file or directory permissions 11.5. Modifying file or directory permissions 11.6. Interaction with the standard Samba create mask parameters 11.7. Interaction with the standard Samba file attribute mapping 13.1. Samba and PAM 13.2. Distributed Authentication 13.3. PAM Configuration in smb.conf 14.1. Introduction 14.2. Configuration 14.3. The Imprints Toolset 14.4. Diagnosis 15.1. Introduction 15.2. CUPS - RAW Print Through Mode 15.3. The CUPS Filter Chains 15.4. CUPS Print Drivers and Devices 15.5. Limiting the number of pages users can print 15.6. Advanced Postscript Printing from MS Windows 15.7. Auto-Deletion of CUPS spool files 16.1. Abstract 16.2. Introduction 16.3. What Winbind Provides 16.4. How Winbind Works 16.5. Installation and Configuration 16.6. Limitations 16.7. Conclusion 17. Policy Management - Hows and Whys 17.1. System Policies 18. Profile Management 18.1. Roaming Profiles 19. Integrating MS Windows networks with Samba 17.1. 19.1. Name Resolution in a pure Unix/Linux world 17.2. 19.2. Name resolution as used within MS Windows networking 18. 20. Improved browsing in samba 18.1. 20.1. Overview of browsing 18.2. 20.2. Browsing support in samba 18.3. 20.3. Problem resolution 18.4. 20.4. Browsing across subnets 18.5. 20.5. Setting up a WINS server 18.6. 20.6. Setting up Browsing in a WORKGROUP 18.7. 20.7. Setting up Browsing in a DOMAIN 18.8. 20.8. Forcing samba to be the master 18.9. 20.9. Making samba the domain master 18.10. 20.10. Note about broadcast addresses 18.11. 20.11. Multiple interfaces 19. 21. Hosting a Microsoft Distributed File System tree on Samba 19.1. 21.1. Instructions 20. 22. Stackable VFS modules 20.1. 22.1. Introduction and configuration 20.2. 22.2. Included modules 20.3. 22.3. VFS modules available elsewhere 21. 23. Securing Samba 21.1. 23.1. Introduction 21.2. 23.2. Using host based protection 21.3. 23.3. Using interface protection 21.4. 23.4. Using a firewall 21.5. 23.5. Using a IPC$ share deny 21.6. 23.6. Upgrading Samba 22. 24. Unicode/Charsets 22.1. 24.1. What are charsets and unicode? 22.2. 24.2. Samba and charsets 23. 25. Samba performance issues 23.1. 25.1. Comparisons 23.2. 25.2. Socket options 23.3. 25.3. Read size 23.4. 25.4. Max xmit 23.5. 25.5. Log level 23.6. 25.6. Read raw 23.7. 25.7. Write raw 23.8. 25.8. Slow Clients 23.9. 25.9. Slow Logins 23.10. 25.10. Client tuning 24. 26. Portability 24.1. 26.1. HPUX 24.2. 26.2. SCO Unix 24.3. 26.3. DNIX 24.4. 26.4. RedHat Linux Rembrandt-II 24.5. 26.5. AIX 25. 27. Samba and other CIFS clients 25.1. 27.1. Macintosh clients? 25.2. 27.2. OS2 Client 25.3. 27.3. Windows for Workgroups 25.4. 27.4. Windows '95/'98 25.5. 27.5. Windows 2000 Service Pack 2 26. 28. How to compile SAMBA 26.1. 28.1. Access Samba source code via CVS 26.2. 28.2. Accessing the samba sources via rsync and ftp 26.3. 28.3. Building the Binaries 26.4. 28.4. Starting the smbd and nmbd 27. 29. Reporting Bugs 27.1. 29.1. Introduction 27.2. 29.2. General info 27.3. 29.3. Debug levels 27.4. 29.4. Internal errors 27.5. 29.5. Attaching to a running process 27.6. 29.6. Patches 28. 30. The samba checklist 28.1. 30.1. Introduction 28.2. 30.2. Assumptions 28.3. 30.3. Tests 28.4. 30.4. Still having troubles? 3.7.1. Building 3.7.2. Creating the database 3.7.3. 3.7.2. Configuring 3.7.4. 3.7.3. Using plaintext passwords or encrypted password 3.7.5. 3.7.4. Getting non-column data from the table 3.8. Passdb XML plugin 3.8.1. Building 3.8.2. UsageXML 3.7.1. BuildingTo build the plugin, run make bin/pdb_mysql.so -in the source/ directory of samba distribution. Next, copy pdb_mysql.so to any location you want. I -strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/ 3.7.2. Creating the database3.7.1. Creating the database You either can set up your own table and specify the field names to pdb_mysql (see below @@ -3492,8 +3475,8 @@ CLASS="SECT2" > 3.7.3. Configuring3.7.2. Configuring This plugin lacks some good documentation, but here is some short info: : passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins] passdb backend = [other-plugins] mysql:identifier [other-plugins] The identifier can be any string you like, as long as it doesn't collide with @@ -3603,8 +3586,8 @@ CLASS="SECT2" > 3.7.4. Using plaintext passwords or encrypted password3.7.3. Using plaintext passwords or encrypted password I strongly discourage the use of plaintext passwords, however, you can use them: 3.7.5. Getting non-column data from the table3.7.4. Getting non-column data from the table It is possible to have not all data in the database and making some 'constant'. 3.8. Passdb XML plugin3.8. XML 3.8.1. Building This module requires libxml2 to be installed. To build pdb_xml, run: make bin/pdb_xml.so in -the directory source/. 3.8.2. UsageThe usage of pdb_xml is pretty straightforward. To export data, use: pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filenamepdbedit -e xml:filename (where filename is the name of the file to put the data in)To import data, use: pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdbpdbedit -i xml:filename -e current-pdb Where filename is the name to read the data from and current-pdb to put it in. Introduction 4.1. Stand Alone Server 4.2. Domain Member Server 4.3. Domain Controller 4.3.1. Domain Controller Types 5.1. User and Share security level 5.1.1. User Level Security 5.1.2. Share Level Security 5.1.3. Server Level Security 5.1.4. Domain Level Security 5.1.5. ADS Level Security 6.1. Prerequisite Reading 6.2. Background 6.3. Configuring the Samba Domain Controller 6.4. Creating Machine Trust Accounts and Joining Clients to the Domain 6.4.1. Manual Creation of Machine Trust Accounts 6.4.2. "On-the-Fly" Creation of Machine Trust Accounts 6.4.3. Joining the Client to the Domain 6.5. Common Problems and Errors 6.6. What other help can I get? 6.7. Domain Control for Windows 9x/ME 6.7.1. Configuration Instructions: Network Logons 7.1. Prerequisite Reading 7.2. Background 7.3. What qualifies a Domain Controller on the network? 7.3.1. How does a Workstation find its domain controller? 7.3.2. When is the PDC needed? 7.4. Can Samba be a Backup Domain Controller to an NT PDC? 7.5. How do I set up a Samba BDC? 7.5.1. How do I replicate the smbpasswd file? 7.5.2. Can I do this all with LDAP? 8.1. Setup your smb.conf 8.2. Setup your /etc/krb5.conf 8.3. Create the computer account 8.3.1. Possible errors 8.4. Test your server setup 8.5. Testing with smbclient 8.6. Notes 9.1. Joining an NT Domain with Samba 3.0 9.2. Why is this better than security = server? 4.1. Stand Alone Server 4.2. Domain Member Server 4.3. Domain Controller 4.3.1. Domain Controller Types 5.1. User and Share security level 5.1.1. User Level Security 5.1.2. Share Level Security 5.1.3. Server Level Security 5.1.3.1. Configuring Samba for Seemless Windows Network Integration 5.1.3.2. Use MS Windows NT as an authentication server 5.1.4. Domain Level Security 5.1.4.1. Samba as a member of an MS Windows NT security domain 5.1.5. ADS Level Security 6.1. Prerequisite Reading 6.2. Background 6.3. Configuring the Samba Domain Controller 6.4. Creating Machine Trust Accounts and Joining Clients to the Domain 6.4.1. Manual Creation of Machine Trust Accounts 6.4.2. "On-the-Fly" Creation of Machine Trust Accounts 6.4.3. Joining the Client to the Domain 6.5. Common Problems and Errors 6.6. What other help can I get? 6.7. Domain Control for Windows 9x/ME 6.7.1. Configuration Instructions: Network Logons 7.1. Prerequisite Reading 7.2. Background 7.3. What qualifies a Domain Controller on the network? 7.3.1. How does a Workstation find its domain controller? 7.3.2. When is the PDC needed? 7.4. Can Samba be a Backup Domain Controller to an NT PDC? 7.5. How do I set up a Samba BDC? 7.5.1. How do I replicate the smbpasswd file? 7.5.2. Can I do this all with LDAP? 8.1. Setup your smb.conf8.2. Setup your /etc/krb5.conf8.3. Create the computer account 8.3.1. Possible errors 8.4. Test your server setup 8.5. Testing with smbclient 8.6. Notes 9.1. Joining an NT Domain with Samba 3.0 9.2. Why is this better than security = server? Introduction 10. System PoliciesAdvanced Network Manangement Information 10.1. Basic System Policy Info 10.1.1. Creating Group Prolicy Files 10.2. Roaming Profiles 10.2.1. Windows NT Configuration 10.2.2. Windows 9X Configuration 10.2.3. Win9X and WinNT Configuration 10.2.4. Windows 9X Profile Setup 10.2.5. Windows NT Workstation 4.0 10.2.6. Windows NT/200x ServerRemote Server Administration 10.2.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations 10.2.8. Windows NT 4 10.2.9. Windows 2000/XP 11.1. Viewing and changing UNIX permissions using the NT security dialogs 11.2. How to view file security on a Samba share 11.3. Viewing file ownership 11.4. Viewing file or directory permissions 11.4.1. File Permissions 11.4.2. Directory Permissions 11.5. Modifying file or directory permissions 11.6. Interaction with the standard Samba create mask parameters 11.7. Interaction with the standard Samba file attribute mapping 13.1. Samba and PAM 13.2. Distributed Authentication 13.3. PAM Configuration in smb.conf 14.1. Introduction 14.2. Configuration 14.2.1. Creating [print$] 14.2.2. Setting Drivers for Existing Printers 14.2.3. Support a large number of printers 14.2.4. Adding New Printers via the Windows NT APW 14.2.5. Samba and Printer Ports 14.3. The Imprints Toolset 14.3.1. What is Imprints? 14.3.2. Creating Printer Driver Packages 14.3.3. The Imprints server 14.3.4. The Installation Client 14.4. Diagnosis 14.4.1. Introduction 14.4.2. Debugging printer problems 14.4.3. What printers do I have? 14.4.4. Setting up printcap and print servers 14.4.5. Job sent, no output 14.4.6. Job sent, strange output 14.4.7. Raw PostScript printed 14.4.8. Advanced Printing 14.4.9. Real debugging 15.1. Introduction 15.2. CUPS - RAW Print Through Mode 15.3. The CUPS Filter Chains 15.4. CUPS Print Drivers and Devices 15.4.1. Further printing steps 15.5. Limiting the number of pages users can print 15.6. Advanced Postscript Printing from MS Windows 15.7. Auto-Deletion of CUPS spool files 16.1. Abstract 16.2. Introduction 16.3. What Winbind Provides 16.3.1. Target Uses 16.4. How Winbind Works 16.4.1. Microsoft Remote Procedure Calls 16.4.2. Microsoft Active Directory Services 16.4.3. Name Service Switch 16.4.4. Pluggable Authentication Modules 16.4.5. User and Group ID Allocation 16.4.6. Result Caching 16.5. Installation and Configuration 16.5.1. Introduction 16.5.2. Requirements 16.5.3. Testing Things Out 16.6. Limitations 16.7. Conclusion 17. Integrating MS Windows networks with SambaPolicy Management - Hows and Whys 17.1. Name Resolution in a pure Unix/Linux worldSystem Policies 17.1.1. /etc/hostsCreating and Managing Windows 9x/Me Policies 17.1.2. /etc/resolv.confCreating and Managing Windows NT4 Style Policy Files 17.1.3. Creating and Managing MS Windows 200x Policies 18. Profile Management 18.1. Roaming Profiles 18.1.1. Windows NT Configuration 18.1.2. Windows 9X Configuration 18.1.3. Win9X and WinNT Configuration 18.1.4. Windows 9X Profile Setup 18.1.5. Windows NT Workstation 4.0 18.1.6. Windows NT/200x Server 18.1.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations 18.1.8. Windows NT 4 18.1.9. Windows 2000/XP 19. Integrating MS Windows networks with Samba 19.1. Name Resolution in a pure Unix/Linux world 19.1.1. /etc/hosts 19.1.2. /etc/resolv.conf 19.1.3. /etc/host.conf 17.1.4. 19.1.4. /etc/nsswitch.conf 17.2. 19.2. Name resolution as used within MS Windows networking 17.2.1. 19.2.1. The NetBIOS Name Cache 17.2.2. 19.2.2. The LMHOSTS file 17.2.3. 19.2.3. HOSTS file 17.2.4. 19.2.4. DNS Lookup 17.2.5. 19.2.5. WINS Lookup 18. 20. Improved browsing in samba 18.1. 20.1. Overview of browsing 18.2. 20.2. Browsing support in samba 18.3. 20.3. Problem resolution 18.4. 20.4. Browsing across subnets 18.4.1. 20.4.1. How does cross subnet browsing work ? 18.5. 20.5. Setting up a WINS server 18.6. 20.6. Setting up Browsing in a WORKGROUP 18.7. 20.7. Setting up Browsing in a DOMAIN 18.8. 20.8. Forcing samba to be the master 18.9. 20.9. Making samba the domain master 18.10. 20.10. Note about broadcast addresses 18.11. 20.11. Multiple interfaces 19. 21. Hosting a Microsoft Distributed File System tree on Samba 19.1. 21.1. Instructions 19.1.1. 21.1.1. Notes 20. 22. Stackable VFS modules 20.1. 22.1. Introduction and configuration 20.2. 22.2. Included modules 20.2.1. 22.2.1. audit 20.2.2. 22.2.2. recycle 20.2.3. 22.2.3. netatalk 20.3. 22.3. VFS modules available elsewhere 20.3.1. 22.3.1. DatabaseFS 20.3.2. 22.3.2. vscan 21. 23. Securing Samba 21.1. 23.1. Introduction 21.2. 23.2. Using host based protection 21.3. 23.3. Using interface protection 21.4. 23.4. Using a firewall 21.5. 23.5. Using a IPC$ share deny 21.6. 23.6. Upgrading Samba 22. 24. Unicode/Charsets 22.1. 24.1. What are charsets and unicode? 22.2. 24.2. Samba and charsets Chapter 10. System PoliciesChapter 10. Advanced Network Manangement Information10.1. Basic System Policy Info10.1. Remote Server Administration Much of the information necessary to implement System Policies and -Roaming User Profiles in a Samba domain is the same as that for -implementing these same items in a Windows NT 4.0 domain. -You should read the white paper Implementing -Profiles and Policies in Windows NT 4.0 available from Microsoft. Here are some additional details: What about Windows NT Policy Editor? - To create or edit ntconfig.pol you must use - the NT Server Policy Editor, poledit.exe which - is included with NT Server but not NT Workstation. - There is a Policy Editor on a NTws - but it is not suitable for creating Domain Policies. - Further, although the Windows 95 - Policy Editor can be installed on an NT Workstation/Server, it will not - work with NT policies because the registry key that are set by the policy templates. - However, the files from the NT Server will run happily enough on an NTws. - You need poledit.exe, common.adm and winnt.adm. It is convenient - to put the two *.adm files in c:\winnt\inf which is where - the binary will look for them unless told otherwise. Note also that that - directory is 'hidden'. - The Windows NT policy editor is also included with the Service Pack 3 (and - later) for Windows NT 4.0. Extract the files using servicepackname /x, - i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, - poledit.exe and the associated template files (*.adm) should - be extracted as well. It is also possible to downloaded the policy template - files for Office97 and get a copy of the policy editor. Another possible - location is with the Zero Administration Kit available for download from Microsoft. - Can Win95 do Policies? - Install the group policy handler for Win9x to pick up group - policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. - Install group policies on a Win9x client by double-clicking - grouppol.inf. Log off and on again a couple of - times and see if Win98 picks up group policies. Unfortunately this needs - to be done on every Win9x machine that uses group policies.... - If group policies don't work one reports suggests getting the updated - (read: working) grouppol.dll for Windows 9x. The group list is grabbed - from /etc/group. - How do I get 'User Manager' and 'Server Manager' - Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager'? - Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains', +the 'Server Manager'? Microsoft distributes a version of these tools called nexus for - installation on Windows 95 systems. The tools set includes - Microsoft distributes a version of these tools called nexus for installation on Windows 95 +systems. The tools set includes: Click here to download the archived file Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE - The Windows NT 4.0 version of the 'User Manager for - Domains' and 'Server Manager' are available from Microsoft via ftp - from The Windows NT 4.0 version of the 'User Manager for +Domains' and 'Server Manager' are available from Microsoft via ftp +from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE - 10.1.1. Creating Group Prolicy Files Chapter 11. UNIX Permission Bits and Windows NT Access Control Lists 10.1.1.1. Windows '9x You need the Win98 Group Policy Editor to -set Group Profiles up under Windows '9x. It can be found on the Original -full product Win98 installation CD under -tools/reskit/netadmin/poledit. You install this -using the Add/Remove Programs facility and then click on the 'Have Disk' -tab. Use the Group Policy Editor to create a policy file that specifies the -location of user profiles and/or the My Documents etc. -stuff. You then save these settings in a file called -Config.POL that needs to be placed in -the root of the [NETLOGON] share. If your Win98 is configured to log onto -the Samba Domain, it will automatically read this file and update the -Win9x/Me registry of the machine that is logging on.11.1. Viewing and changing UNIX permissions using the NT + security dialogsAll of this is covered in the Win98 Resource Kit documentation.Windows NT clients can use their native security settings + dialog box to view and modify the underlying UNIX permissions. If you do not do it this way, then every so often Win9x/Me will check the -integrity of the registry and will restore it's settings from the back-up -copy of the registry it stores on each Win9x/Me machine. Hence, you will -occasionally notice things changing back to the original settings. Note that this ability is careful not to compromise + the security of the UNIX host Samba is running on, and + still obeys all the file permission rules that a Samba + administrator can set. 10.2. Roaming Profiles11.2. How to view file security on a Samba share From an NT4/2000/XP client, single-click with the right + mouse button on any file or directory in a Samba mounted + drive letter or UNC path. When the menu pops-up, click + on the NOTE!Properties Roaming profiles support is different for Win9X and WinNT. entry at the bottom of + the menu. This brings up the file properties dialog + box. Click on the tab Security and you + will see three buttons, Permissions, + Auditing, and Ownership. + The Auditing button will cause either + an error message A requested privilege is not held + by the client to appear if the user is not the + NT Administrator, or a dialog which is intended to allow an + Administrator to add auditing requirements to a file if the + user is logged on as the NT Administrator. This dialog is + non-functional with a Samba share at this time, as the only + useful button, the Add button will not currently + allow a list of users to be seen. Before discussing how to configure roaming profiles, it is useful to see how -Win9X and WinNT clients implement these features. Win9X clients send a NetUserGetInfo request to the server to get the user's -profiles location. However, the response does not have room for a separate -profiles location field, only the user's home share. This means that Win9X -profiles are restricted to being in the user's home directory. WinNT clients send a NetSAMLogon RPC request, which contains many fields, -including a separate field for the location of the user's profiles. -This means that support for profiles is different for Win9X and WinNT. 10.2.1. Windows NT Configuration 11.3. Viewing file ownershipTo support WinNT clients, in the [global] section of smb.conf set the -following (for example): Clicking on the "Ownership" button + brings up a dialog box telling you who owns the given file. The + owner name will be of the form : logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath "SERVER\user (Long name)" The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). Click on the Close + button to remove this dialog. If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone". MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the The Take Ownership button will not allow + you to change the ownership of this file to yourself (clicking on + it will display a dialog box complaining that the user you are + currently logged onto the NT client cannot be found). The reason + for this is that changing the ownership of a file is a privileged + operation in UNIX, available only to the homesroot -meta-service name as part of the profile share path. 10.2.2. Windows 9X Configuration To support Win9X clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter. By using the logon home parameter, you are restricted to putting Win9X -profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your -smb.conf file: logon home = \\%L\%U\.profiles then your Win9X clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden). + user. As clicking on this button causes NT to attempt to change + the ownership of a file to the current user logged into the NT + client this will not work with Samba at this time. Not only that, but 'net use/home' will also work, because of a feature in -Win9X. It removes any directory stuff off the end of the home directory area -and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home".There is an NT chown command that will work with Samba + and allow a user with Administrator privilege connected + to a Samba server as root to change the ownership of + files on both a local NTFS filesystem or remote mounted NTFS + or Samba drive. This is available as part of the Seclib + NT security library written by Jeremy Allison of + the Samba Team, available from the main Samba ftp site. 10.2.3. Win9X and WinNT Configuration 11.4. Viewing file or directory permissionsYou can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example: The third button is the "Permissions" + button. Clicking on this brings up a dialog box that shows both + the permissions and the UNIX owner of the file or directory. + The owner is displayed in the form : logon home = \\%L\%U\.profiles -logon path = \\%L\profiles\%U "SERVER\user (Long name)" Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). I have not checked what 'net use /home' does on NT when "logon home" is -set as above. If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone" and the + permissions will be shown as NT "Full Control". The permissions field is displayed differently for files + and directories, so I'll describe the way file permissions + are displayed first. 10.2.4. Windows 9X Profile Setup11.4.1. File Permissions When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders. The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file. On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me. You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password. Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created. These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set. If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the Unix file -permissions and ownership rights on the profile directory contents, -on the samba server. If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". instead of logging in under the [user, password, domain] dialog, - press escape. - run the regedit.exe program, and look in: - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - [Exit the registry editor]. - WARNING - before deleting the contents of the - directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - search for the user's .PWL password-caching file in the c:\windows - directory, and delete it. - log off the windows 95 client. - check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - The standard UNIX user/group/world triple and + the corresponding "read", "write", "execute" permissions + triples are mapped by Samba into a three element NT ACL + with the 'r', 'w', and 'x' bits mapped into the corresponding + NT permissions. The UNIX world permissions are mapped into + the global NT group Everyone, followed + by the list of permissions allowed for UNIX world. The UNIX + owner and group permissions are displayed as an NT + user icon and an NT local + group icon respectively followed by the list + of permissions allowed for the UNIX user and group. If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports.As many UNIX permission sets don't map into common + NT names such as "read", "change" or "full control" then + usually the permissions will be prefixed by the words "Special Access" in the NT display list. If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace.But what happens if the file has no permissions allowed + for a particular UNIX user group or world component ? In order + to allow "no permissions" to be seen and modified then Samba + overloads the NT "Take Ownership" ACL attribute + (which has no meaning in UNIX) and reports a component with + no permissions as having the NT "O" bit set. + This was chosen of course to make it look like a zero, meaning + zero permissions. More details on the decision behind this will + be given below. 10.2.5. Windows NT Workstation 4.011.4.2. Directory Permissions When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter. There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter. The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension -for those situations where it might be created.)Directories on an NT NTFS file system have two + different sets of permissions. The first set of permissions + is the ACL set on the directory itself, this is usually displayed + in the first set of parentheses in the normal "RW" + NT style. This first set of permissions is created by Samba in + exactly the same way as normal file permissions are, described + above, and is displayed in the same way. In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown.The second set of directory permissions has no real meaning + in the UNIX permissions world and represents the "inherited" permissions that any file created within + this directory would inherit. You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one. The case of the profile is significant. The file must be called -NTuser.DAT or, for a mandatory profile, NTuser.MAN.Samba synthesises these inherited permissions for NT by + returning as an NT ACL the UNIX permission mode that a new file + created by Samba on this share would receive. 10.2.6. Windows NT/200x Server There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords. 10.2.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations 11.5. Modifying file or directory permissionsSharing of desktop profiles between Windows versions is NOT recommended. -Desktop profiles are an evolving phenomenon and profiles for later versions -of MS Windows clients add features that may interfere with earlier versions -of MS Windows clients. Probably the more salient reason to NOT mix profiles -is that when logging off an earlier version of MS Windows the older format -of profile contents may overwrite information that belongs to the newer -version resulting in loss of profile information content when that user logs -on again with the newer version of MS Windows.Modifying file and directory permissions is as simple + as changing the displayed permissions in the dialog box, and + clicking the OK button. However, there are + limitations that a user needs to be aware of, and also interactions + with the standard Samba permission masks and mapping of DOS + attributes that need to also be taken into account. If you then want to share the same Start Menu / Desktop with W9x/Me, you will -need to specify a common location for the profiles. The smb.conf parameters -that need to be common are logon path and -logon homeIf the parameter nt acl support + is set to false then any attempt to set + security permissions will fail with an "Access Denied" + message. The first thing to note is that the "Add" + button will not return a list of users in Samba (it will give + an error message of "The remote procedure call failed + and did not execute"). This means that you can only + manipulate the current user/group/world permissions listed in + the dialog box. This actually works quite well as these are the + only permissions that UNIX actually has. If a permission triple (either user, group, or world) + is removed from the list of permissions in the NT dialog box, + then when the "OK" button is pressed it will + be applied as "no permissions" on the UNIX side. If you then + view the permissions again the "no permissions" entry will appear + as the NT "O" flag, as described above. This + allows you to add permissions back to a file or directory once + you have removed them from a triple component. As UNIX supports only the "r", "w" and "x" bits of + an NT ACL then if other NT security attributes such as "Delete + access" are selected then they will be ignored when applied on + the Samba server. When setting permissions on a directory the second + set of permissions (in the second set of parentheses) is + by default applied to all files within that directory. If this + is not what you want you must uncheck the "Replace + permissions on existing files" checkbox in the NT + dialog before clicking "OK". If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory.If you wish to remove all permissions from a + user/group/world component then you may either highlight the + component and click the "Remove" button, + or set the component to only have the special "Take + Ownership" permission (displayed as "O" + ) highlighted. 10.2.8. Windows NT 4 Unfortunately, the Resource Kit info is Win NT4 or 200x specific.11.6. Interaction with the standard Samba create mask + parametersHere is a quick guide:There are four parameters + to control interaction with the standard Samba create mask parameters. + These are : security mask On your NT4 Domain Controller, right click on 'My Computer', then -select the tab labelled 'User Profiles'. Select a user profile you want to migrate and click on it. force security mode I am using the term "migrate" lossely. You can copy a profile to -create a group profile. You can give the user 'Everyone' rights to the -profile you copy this to. That is what you need to do, since your samba -domain is not a member of a trust relationship with your NT4 PDC. Click the 'Copy To' button. In the box labelled 'Copy Profile to' add your new path, eg: -c:\temp\foobardirectory security mask Click on the button labelled 'Change' in the "Permitted to use" box. force directory security mode Click on the group 'Everyone' and then click OK. This closes the -'chose user' box. Once a user clicks "OK" to apply the + permissions Samba maps the given permissions into a user/group/world + r/w/x triple set, and then will check the changed permissions for a + file against the bits set in the + security mask parameter. Any bits that + were changed that are not set to '1' in this parameter are left alone + in the file permissions. Now click OK. Essentially, zero bits in the security mask + mask may be treated as a set of bits the user is not + allowed to change, and one bits are those the user is allowed to change. + Follow the above for every profile you need to migrate. 10.2.8.1. Side bar NotesIf not set explicitly this parameter is set to the same value as + the create mask + parameter. To allow a user to modify all the + user/group/world permissions on a file, set this parameter + to 0777. You should obtain the SID of your NT4 domain. You can use smbpasswd to do -this. Read the man page.Next Samba checks the changed permissions for a file against + the bits set in the force security mode parameter. Any bits + that were changed that correspond to bits set to '1' in this parameter + are forced to be set. With Samba-3.0.0 alpha code you can import all you NT4 domain accounts -using the net samsync method. This way you can retain your profile -settings as well as all your users. 10.2.8.2. Mandatory profiles Essentially, bits set in the force security mode + parameter may be treated as a set of bits that, when + modifying security on a file, the user has always set to be 'on'. The above method can be used to create mandatory profiles also. To convert -a group profile into a mandatory profile simply locate the NTUser.DAT file -in the copied profile and rename it to NTUser.MAN. 10.2.8.3. moveuser.exeIf not set explicitly this parameter is set to the same value + as the force + create mode parameter. + To allow a user to modify all the user/group/world permissions on a file + with no restrictions set this parameter to 000. The W2K professional resource kit has moveuser.exe. moveuser.exe changes -the security of a profile from one user to another. This allows the account -domain to change, and/or the user name to change. The security mask and force + security mode parameters are applied to the change + request in that order. For a directory Samba will perform the same operations as + described above for a file except using the parameter directory security mask instead of security + mask, and force directory security mode + parameter instead of force security mode + . The directory security mask parameter + by default is set to the same value as the directory mask + parameter and the force directory security + mode parameter by default is set to the same value as + the force directory mode parameter. In this way Samba enforces the permission restrictions that + an administrator can set on a Samba share, whilst still allowing users + to modify the permission bits within that restriction. If you want to set up a share that allows users full control + in modifying the permission bits on their files and directories and + doesn't force any particular bits to be set 'on', then set the following + parameters in the smb.conf(5) + file in that share specific section : security mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 10.2.8.4. Get SID11.7. Interaction with the standard Samba file attribute + mappingYou can identify the SID by using GetSID.exe from the Windows NT Server 4.0 -Resource Kit.Samba maps some of the DOS attribute bits (such as "read + only") into the UNIX permissions of a file. This means there can + be a conflict between the permission bits set via the security + dialog and the permission bits set by the file attribute mapping. + Windows NT 4.0 stores the local profile information in the registry under -the following key: -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileListOne way this can show up is if a file has no UNIX read access + for the owner it will show up as "read only" in the standard + file attributes tabbed dialog. Unfortunately this dialog is + the same one that contains the security info in another tab. Under the ProfileList key, there will be subkeys named with the SIDs of the -users who have logged on to this computer. (To find the profile information -for the user whose locally cached profile you want to move, find the SID for -the user with the GetSID.exe utility.) Inside of the appropriate user's -subkey, you will see a string value named ProfileImagePath.What this can mean is that if the owner changes the permissions + to allow themselves read access using the security dialog, clicks + "OK" to get back to the standard attributes tab + dialog, and then clicks "OK" on that dialog, then + NT will set the file permissions back to read-only (as that is what + the attributes still say in the dialog). This means that after setting + permissions and clicking "OK" to get back to the + attributes dialog you should always hit "Cancel" + rather than "OK" to ensure that your changes + are not overridden. 10.2.9. Windows 2000/XP Chapter 12. Group mapping HOWTOYou must first convert the profile from a local profile to a domain -profile on the MS Windows workstation as follows: +Starting with Samba 3.0 alpha 2, a new group mapping function is available. The +current method (likely to change) to manage the groups is a new command called +smbgroupedit. The first immediate reason to use the group mapping on a PDC, is that +the domain admin group of smb.conf is +now gone. This parameter was used to give the listed users local admin rights +on their workstations. It was some magic stuff that simply worked but didn't +scale very well for complex setups. Log on as the LOCAL workstation administrator. Let me explain how it works on NT/W2K, to have this magic fade away. +When installing NT/W2K on a computer, the installer program creates some users +and groups. Notably the 'Administrators' group, and gives to that group some +privileges like the ability to change the date and time or to kill any process +(or close too) running on the local machine. The 'Administrator' user is a +member of the 'Administrators' group, and thus 'inherit' the 'Administrators' +group privileges. If a 'joe' user is created and become a member of the +'Administrator' group, 'joe' has exactly the same rights as 'Administrator'. Right click on the 'My Computer' Icon, select 'Properties' When a NT/W2K machine is joined to a domain, during that phase, the "Domain +Administrators' group of the PDC is added to the 'Administrators' group of the +workstation. Every members of the 'Domain Administrators' group 'inherit' the +rights of the 'Administrators' group when logging on the workstation. Click on the 'User Profiles' tab You are now wondering how to make some of your samba PDC users members of the +'Domain Administrators' ? That's really easy. Select the profile you wish to convert (click on it once) Click on the button 'Copy To' create a unix group (usually in /etc/group), let's call it domadm In the "Permitted to use" box, click on the 'Change' button. add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in /etc/group will look like: domadm:x:502:joe,john,mary Click on the 'Look in" area that lists the machine name, when you click -here it will open up a selection box. Click on the domain to which the -profile must be accessible. Map this domadm group to the domain admins group by running the command: smbgroupedit -c "Domain Admins" -u domadm You will need to log on if a logon box opens up. Eg: In the connect -as: MIDEARTH\root, password: mypassword. To make the profile capable of being used by anyone select 'Everyone' You're set, joe, john and mary are domain administrators ! Click OK. The Selection box will close. Like the Domain Admins group, you can map any arbitrary Unix group to any NT +group. You can also make any Unix group a domain group. For example, on a domain +member machine (an NT/W2K or a samba server running winbind), you would like to +give access to a certain directory to some users who are member of a group on +your samba PDC. Flag that group as a domain group by running: Now click on the 'Ok' button to create the profile in the path you -nominated. smbgroupedit -a unixgroup -td Done. You now have a profile that can be editted using the samba-3.0.0 -profiles tool. You can list the various groups in the mapping database like this smbgroupedit -v Chapter 13. Configuring PAM for distributed but centrally +managed authentication 13.1. Samba and PAM A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (/etc/passwd) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: login, +passwd, chown, etc. PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file /etc/pam.conf (Solaris), +or by editing individual files that are located in /etc/pam.d. Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable. If the PAM authentication module (loadable link library file) is located in the + default location then it is not necessary to specify the path. In the case of + Linux, the default location is /lib/security. If the module + is located other than default then the path may be specified as: + + eg: "auth required /other_path/pam_strange_module.so" + + NOTE: editing in the "mime.convs" and the "mime.types" file does not *enforce* -"raw" printing, it only *allows* it.Till Kamppeter from MandrakeSoft is doing an excellent job here that too few +people are aware of. (So if you use it often, please send him a note showing +your appreciation). The following is an example /etc/pam.d/login configuration file. +This example had all options been uncommented is probably not usable +as it stacks many conditions before allowing successful completion +of the login process. Essentially all conditions can be disabled +by commenting them out except the calls to pam_pwdb.so. #%PAM-1.0 + # The PAM configuration file for the `login' service + # + auth required pam_securetty.so + auth required pam_nologin.so + # auth required pam_dialup.so + # auth optional pam_mail.so + auth required pam_pwdb.so shadow md5 + # account requisite pam_time.so + account required pam_pwdb.so + session required pam_pwdb.so + # session optional pam_lastlog.so + # password required pam_cracklib.so retry=3 + password required pam_pwdb.so shadow md5 This is a security check new to Windows XP (or maybe only -Windows XP service pack 1). It can be disabled via a group policy in -Active Directory. The policy is: "Computer Configuration\Administrative Templates\System\User -Profiles\Do not check for user ownership of Roaming Profile Folders" ...and it should be set to "Enabled". -Does the new version of samba have an Active Directory analogue? If so, -then you may be able to set the policy through this. If you cannot set group policies in samba, then you may be able to set -the policy locally on each machine. If you want to try this, then do -the following (N.B. I don't know for sure that this will work in the -same way as a domain group policy): On the XP workstation log in with an Administrator account. Click: "Start", "Run" Type: "mmc" Click: "OK" PAM allows use of replacable modules. Those available on a +sample system include: A Microsoft Management Console should appear. $ /bin/ls /lib/security + pam_access.so pam_ftp.so pam_limits.so + pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so + pam_cracklib.so pam_group.so pam_listfile.so + pam_nologin.so pam_rootok.so pam_tally.so + pam_deny.so pam_issue.so pam_mail.so + pam_permit.so pam_securetty.so pam_time.so + pam_dialup.so pam_lastlog.so pam_mkhomedir.so + pam_pwdb.so pam_shells.so pam_unix.so + pam_env.so pam_ldap.so pam_motd.so + pam_radius.so pam_smbpass.so pam_unix_acct.so + pam_wheel.so pam_unix_auth.so pam_unix_passwd.so + pam_userdb.so pam_warn.so pam_unix_session.so Click: File, "Add/Remove Snap-in...", "Add" Double-Click: "Group Policy" Click: "Finish", "Close" Click: "OK" In the "Console Root" window: Expand: "Local Computer Policy", "Computer Configuration", The following example for the login program replaces the use of +the pam_pwdb.so module which uses the system +password database (/etc/passwd, +/etc/shadow, /etc/group) with +the module pam_smbpass.so which uses the Samba +database which contains the Microsoft MD4 encrypted password +hashes. This database is stored in either +/usr/local/samba/private/smbpasswd, +/etc/samba/smbpasswd, or in +/etc/samba.d/smbpasswd, depending on the +Samba implementation for your Unix/Linux system. The +pam_smbpass.so module is provided by +Samba version 2.2.1 or later. It can be compiled by specifying the +--with-pam_smbpass options when running Samba's +configure script. For more information +on the pam_smbpass module, see the documentation +in the source/pam_smbpass directory of the Samba +source distribution. "Administrative Templates", "System", "User Profiles" #%PAM-1.0 + # The PAM configuration file for the `login' service + # + auth required pam_smbpass.so nodelay + account required pam_smbpass.so nodelay + session required pam_smbpass.so nodelay + password required pam_smbpass.so nodelay Double-Click: "Do not check for user ownership of Roaming Profile The following is the PAM configuration file for a particular +Linux system. The default condition uses pam_pwdb.so. Folders" #%PAM-1.0 + # The PAM configuration file for the `samba' service + # + auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit + account required /lib/security/pam_pwdb.so audit nodelay + session required /lib/security/pam_pwdb.so nodelay + password required /lib/security/pam_pwdb.so shadow md5 Select: "Enabled" In the following example the decision has been made to use the +smbpasswd database even for basic samba authentication. Such a +decision could also be made for the passwd program and would +thus allow the smbpasswd passwords to be changed using the passwd +program. Click: OK" #%PAM-1.0 + # The PAM configuration file for the `samba' service + # + auth required /lib/security/pam_smbpass.so nodelay + account required /lib/security/pam_pwdb.so audit nodelay + session required /lib/security/pam_pwdb.so nodelay + password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf Close the whole console. You do not need to save the settings (this -refers to the console settings rather than the policies you have -changed). RebootPAM allows stacking of authentication mechanisms. It is +also possible to pass information obtained within one PAM module through +to the next module in the PAM stack. Please refer to the documentation for +your particular system implementation for details regarding the specific +capabilities of PAM in this environment. Some Linux implmentations also +provide the pam_stack.so module that allows all +authentication to be configured in a single central file. The +pam_stack.so method has some very devoted followers +on the basis that it allows for easier administration. As with all issues in +life though, every decision makes trade-offs, so you may want examine the +PAM documentation for further helpful information. 13.2. Distributed Authentication The astute administrator will realize from this that the +combination of pam_smbpass.so, +winbindd, and a distributed +passdb backend, such as ldap, will allow the establishment of a +centrally managed, distributed +user/password database that can also be used by all +PAM (eg: Linux) aware programs and applications. This arrangement +can have particularly potent advantages compared with the +use of Microsoft Active Directory Service (ADS) in so far as +reduction of wide area network authentication traffic. 13.3. PAM Configuration in smb.conf There is an option in smb.conf called obey pam restrictions. +The following is from the on-line help for this option in SWAT; When Samba is configured to enable PAM support (i.e. +--with-pam), this parameter will +control whether or not Samba should obey PAM's account +and session management directives. The default behavior +is to use PAM for clear text authentication only and to +ignore any account or session management. Note that Samba always +ignores PAM for authentication in the case of +encrypt passwords = yes. +The reason is that PAM modules cannot support the challenge/response +authentication mechanism needed in the presence of SMB +password encryption. Default: obey pam restrictions = no Chapter 11. UNIX Permission Bits and Windows NT Access Control Lists Chapter 14. Printing Support11.1. Viewing and changing UNIX permissions using the NT - security dialogs14.1. Introduction Windows NT clients can use their native security settings - dialog box to view and modify the underlying UNIX permissions.Beginning with the 2.2.0 release, Samba supports +the native Windows NT printing mechanisms implemented via +MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of +Samba only supported LanMan printing calls. Note that this ability is careful not to compromise - the security of the UNIX host Samba is running on, and - still obeys all the file permission rules that a Samba - administrator can set. 11.2. How to view file security on a Samba share From an NT4/2000/XP client, single-click with the right - mouse button on any file or directory in a Samba mounted - drive letter or UNC path. When the menu pops-up, click - on the Properties entry at the bottom of - the menu. This brings up the file properties dialog - box. Click on the tab Security and you - will see three buttons, Permissions, - Auditing, and Ownership. - The Auditing button will cause either - an error message A requested privilege is not held - by the client to appear if the user is not the - NT Administrator, or a dialog which is intended to allow an - Administrator to add auditing requirements to a file if the - user is logged on as the NT Administrator. This dialog is - non-functional with a Samba share at this time, as the only - useful button, the Add button will not currently - allow a list of users to be seen. 11.3. Viewing file ownership Clicking on the "Ownership" button - brings up a dialog box telling you who owns the given file. The - owner name will be of the form :The additional functionality provided by the new +SPOOLSS support includes: "SERVER\user (Long name)" Where SERVER is the NetBIOS name of - the Samba server, user is the user name of - the UNIX user who owns the file, and (Long name) - is the descriptive string identifying the user (normally found in the - GECOS field of the UNIX password database). Click on the Close - button to remove this dialog.Support for downloading printer driver + files to Windows 95/98/NT/2000 clients upon demand. + If the parameter nt acl support - is set to false then the file owner will - be shown as the NT user "Everyone".Uploading of printer drivers via the + Windows NT Add Printer Wizard (APW) or the + Imprints tool set (refer to http://imprints.sourceforge.net). + The Take Ownership button will not allow - you to change the ownership of this file to yourself (clicking on - it will display a dialog box complaining that the user you are - currently logged onto the NT client cannot be found). The reason - for this is that changing the ownership of a file is a privileged - operation in UNIX, available only to the rootSupport for the native MS-RPC printing + calls such as StartDocPrinter, EnumJobs(), etc... (See + the MSDN documentation at http://msdn.microsoft.com/ - user. As clicking on this button causes NT to attempt to change - the ownership of a file to the current user logged into the NT - client this will not work with Samba at this time. There is an NT chown command that will work with Samba - and allow a user with Administrator privilege connected - to a Samba server as root to change the ownership of - files on both a local NTFS filesystem or remote mounted NTFS - or Samba drive. This is available as part of the Support for NT Access Control Lists (ACL) + on printer objects Improved support for printer queue manipulation + through the use of an internal databases for spooled job + information There has been some initial confusion about what all this means +and whether or not it is a requirement for printer drivers to be +installed on a Samba host in order to support printing from Windows +clients. As a side note, Samba does not use these drivers in any way to process +spooled files. They are utilized entirely by the clients. The following MS KB article, may be of some help if you are dealing with +Windows 2000 clients: Seclib - How to Add Printers with No User +Interaction in Windows 2000 NT security library written by Jeremy Allison of - the Samba Team, available from the main Samba ftp site. http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP 11.4. Viewing file or directory permissions14.2. Configuration The third button is the "Permissions" - button. Clicking on this brings up a dialog box that shows both - the permissions and the UNIX owner of the file or directory. - The owner is displayed in the form : "SERVER\user (Long name)" [print$] vs. [printer$] Where SERVER is the NetBIOS name of - the Samba server, user is the user name of - the UNIX user who owns the file, and (Long name) - is the descriptive string identifying the user (normally found in the - GECOS field of the UNIX password database).Previous versions of Samba recommended using a share named [printer$]. +This name was taken from the printer$ service created by Windows 9x +clients when a printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads. If the parameter However, the initial implementation allowed for a +parameter named nt acl support - is set to false then the file owner will - be shown as the NT user "Everyone" and the - permissions will be shown as NT "Full Control". The permissions field is displayed differently for files - and directories, so I'll describe the way file permissions - are displayed first.printer driver location +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named printer driver provided +a means of defining the printer driver name to be sent to +the client. 11.4.1. File Permissions14.2.1. Creating [print$] The standard UNIX user/group/world triple and - the corresponding "read", "write", "execute" permissions - triples are mapped by Samba into a three element NT ACL - with the 'r', 'w', and 'x' bits mapped into the corresponding - NT permissions. The UNIX world permissions are mapped into - the global NT group Everyone, followed - by the list of permissions allowed for UNIX world. The UNIX - owner and group permissions are displayed as an NT - user icon and an NT local - group icon respectively followed by the list - of permissions allowed for the UNIX user and group.In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download). As many UNIX permission sets don't map into common - NT names such as "read", "change" or "full control" then - usually the permissions will be prefixed by the words "Special Access" in the NT display list.You should modify the server's smb.conf file to add the global +parameters and to create the +following file share (of course, some of the parameter values, +such as 'path' are arbitrary and should be replaced with +appropriate values for your site): But what happens if the file has no permissions allowed - for a particular UNIX user group or world component ? In order - to allow "no permissions" to be seen and modified then Samba - overloads the NT "Take Ownership" ACL attribute - (which has no meaning in UNIX) and reports a component with - no permissions as having the NT "O" bit set. - This was chosen of course to make it look like a zero, meaning - zero permissions. More details on the decision behind this will - be given below. 11.4.2. Directory Permissions [global] + ; members of the ntadmin group should be able + ; to add drivers and set printer properties + ; root is implicitly a 'printer admin' + printer admin = @ntadmin + +[print$] + path = /usr/local/samba/printers + guest ok = yes + browseable = yes + read only = yes + ; since this share is configured as read only, then we need + ; a 'write list'. Check the file system permissions to make + ; sure this account can copy files to the share. If this + ; is setup to a non-root account, then it should also exist + ; as a 'printer admin' + write list = @ntadmin,root Directories on an NT NTFS file system have two - different sets of permissions. The first set of permissions - is the ACL set on the directory itself, this is usually displayed - in the first set of parentheses in the normal "RW" - NT style. This first set of permissions is created by Samba in - exactly the same way as normal file permissions are, described - above, and is displayed in the same way. The write list is used to allow administrative +level user accounts to have write access in order to update files +on the share. See the smb.conf(5) +man page for more information on configuring file shares. The second set of directory permissions has no real meaning - in the UNIX permissions world and represents the The requirement for "inherited" permissions that any file created within - this directory would inherit. Samba synthesises these inherited permissions for NT by - returning as an NT ACL the UNIX permission mode that a new file - created by Samba on this share would receive. guest +ok = yes depends upon how your +site is configured. If users will be guaranteed to have +an account on the Samba host, then this is a non-issue. 11.5. Modifying file or directory permissions Modifying file and directory permissions is as simple - as changing the displayed permissions in the dialog box, and - clicking the OK button. However, there are - limitations that a user needs to be aware of, and also interactions - with the standard Samba permission masks and mapping of DOS - attributes that need to also be taken into account. Author's Note If the parameter nt acl support - is set to false then any attempt to set - security permissions will fail with an The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT +user has already been validated by the Domain Controller in +order to logon to the Windows NT console), then guest access +is not necessary. Of course, in a workgroup environment where +you just want to be able to print without worrying about +silly accounts and security, then configure the share for +guest access. You'll probably want to add "Access Denied" - message. map to guest = Bad User in the [global] section as well. Make sure +you understand what this parameter does before using it +though. --jerry The first thing to note is that the "Add" - button will not return a list of users in Samba (it will give - an error message of "The remote procedure call failed - and did not execute"). This means that you can only - manipulate the current user/group/world permissions listed in - the dialog box. This actually works quite well as these are the - only permissions that UNIX actually has. If a permission triple (either user, group, or world) - is removed from the list of permissions in the NT dialog box, - then when the "OK" button is pressed it will - be applied as "no permissions" on the UNIX side. If you then - view the permissions again the "no permissions" entry will appear - as the NT "O" flag, as described above. This - allows you to add permissions back to a file or directory once - you have removed them from a triple component. As UNIX supports only the "r", "w" and "x" bits of - an NT ACL then if other NT security attributes such as "Delete - access" are selected then they will be ignored when applied on - the Samba server.In order for a Windows NT print server to support +the downloading of driver files by multiple client architectures, +it must create subdirectories within the [print$] service +which correspond to each of the supported client architectures. +Samba follows this model as well. When setting permissions on a directory the second - set of permissions (in the second set of parentheses) is - by default applied to all files within that directory. If this - is not what you want you must uncheck the "Replace - permissions on existing files" checkbox in the NT - dialog before clicking "OK".Next create the directory tree below the [print$] share +for each architecture you wish to support. If you wish to remove all permissions from a - user/group/world component then you may either highlight the - component and click the "Remove" button, - or set the component to only have the special "Take - Ownership" permission (displayed as "O" - ) highlighted. [print$]----- + |-W32X86 ; "Windows NT x86" + |-WIN40 ; "Windows 95/98" + |-W32ALPHA ; "Windows NT Alpha_AXP" + |-W32MIPS ; "Windows NT R4000" + |-W32PPC ; "Windows NT PowerPC" 11.6. Interaction with the standard Samba create mask - parameters There are four parameters - to control interaction with the standard Samba create mask parameters. - These are : security mask ATTENTION! REQUIRED PERMISSIONS force security modeIn order to currently add a new driver to you Samba host, +one of two conditions must hold true: directory security mask force directory security modeThe account used to connect to the Samba host + must have a uid of 0 (i.e. a root account) Once a user clicks "OK" to apply the - permissions Samba maps the given permissions into a user/group/world - r/w/x triple set, and then will check the changed permissions for a - file against the bits set in the The account used to connect to the Samba host + must be a member of the - security maskprinter + admin parameter. Any bits that - were changed that are not set to '1' in this parameter are left alone - in the file permissions. list. Essentially, zero bits in the Of course, the connected account must still possess access +to add files to the subdirectories beneath [print$]. Remember +that all file shares are set to 'read only' by default. Once you have created the required [print$] service and +associated subdirectories, simply log onto the Samba server using +a root (or security mask - mask may be treated as a set of bits the user is printer admin) account +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers +that matches the printer shares defined on your Samba host. 14.2.2. Setting Drivers for Existing Printers The initial listing of printers in the Samba host's +Printers folder will have no real printer driver assigned +to them. This defaults to a NULL string to allow the use +of the local Add Printer Wizard on NT/2000 clients. +Attempting to view the printer properties for a printer +which has this default driver assigned will result in +the error message: notDevice settings cannot be displayed. The driver +for the specified printer is not installed, only spooler +properties will be displayed. Do you want to install the +driver now? - allowed to change, and one bits are those the user is allowed to change. - If not set explicitly this parameter is set to the same value as - the create mask - parameter. To allow a user to modify all the - user/group/world permissions on a file, set this parameter - to 0777. Next Samba checks the changed permissions for a file against - the bits set in the force security mode parameter. Any bits - that were changed that correspond to bits set to '1' in this parameter - are forced to be set.Click "No" in the error dialog and you will be presented with +the printer properties window. The way to assign a driver to a +printer is to either Essentially, bits set in the force security mode - parameter may be treated as a set of bits that, when - modifying security on a file, the user has always set to be 'on'. If not set explicitly this parameter is set to the same value - as the force - create mode parameter. - To allow a user to modify all the user/group/world permissions on a file - with no restrictions set this parameter to 000.Use the "New Driver..." button to install + a new printer driver, or The security mask and force - security mode parameters are applied to the change - request in that order. For a directory Samba will perform the same operations as - described above for a file except using the parameter directory security mask instead of security - mask, and force directory security mode - parameter instead of force security mode - .Select a driver from the popup list of + installed drivers. Initially this list will be empty. The directory security mask parameter - by default is set to the same value as the directory mask - parameter and the force directory security - mode parameter by default is set to the same value as - the force directory mode parameter. If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need +to use the "Sharing" tab of the printer properties dialog. In this way Samba enforces the permission restrictions that - an administrator can set on a Samba share, whilst still allowing users - to modify the permission bits within that restriction.Assuming you have connected with a root account, you +will also be able modify other printer properties such as +ACLs and device settings using this dialog box. If you want to set up a share that allows users full control - in modifying the permission bits on their files and directories and - doesn't force any particular bits to be set 'on', then set the following - parameters in the A few closing comments for this section, it is possible +on a Windows NT print server to have printers +listed in the Printers folder which are not shared. Samba does +not make this distinction. By definition, the only printers of +which Samba is aware are those which are specified as shares in +smb.conf(5) - file in that share specific section : security mask = 0777 force security mode = 0 directory security mask = 0777 smb.conf. force directory security mode = 0Another interesting side note is that Windows NT clients do +not use the SMB printer share, but rather can print directly +to any printer on another Windows NT host using MS-RPC. This +of course assumes that the printing client has the necessary +privileges on the remote host serving the printer. The default +permissions assigned by Windows NT to a printer gives the "Print" +permissions to the "Everyone" well-known group. 11.7. Interaction with the standard Samba file attribute - mapping Samba maps some of the DOS attribute bits (such as "read - only") into the UNIX permissions of a file. This means there can - be a conflict between the permission bits set via the security - dialog and the permission bits set by the file attribute mapping. - One way this can show up is if a file has no UNIX read access - for the owner it will show up as "read only" in the standard - file attributes tabbed dialog. Unfortunately this dialog is - the same one that contains the security info in another tab. 14.2.3. Support a large number of printersWhat this can mean is that if the owner changes the permissions - to allow themselves read access using the security dialog, clicks - "OK" to get back to the standard attributes tab - dialog, and then clicks "OK" on that dialog, then - NT will set the file permissions back to read-only (as that is what - the attributes still say in the dialog). This means that after setting - permissions and clicking "OK" to get back to the - attributes dialog you should always hit One issue that has arisen during the development +phase of Samba 2.2 is the need to support driver downloads for +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the +same driver, the "Cancel"rpcclient's +setdriver command can be used to set the driver +associated with an installed driver. The following is example +of how this could be accomplished: - rather than "OK" to ensure that your changes - are not overridden.$ rpcclient pogo -U root%secret -c "enumdrivers" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] + +[Windows NT x86] +Printer Driver Info 1: + Driver Name: [HP LaserJet 4000 Series PS] + +Printer Driver Info 1: + Driver Name: [HP LaserJet 2100 Series PS] + +Printer Driver Info 1: + Driver Name: [HP LaserJet 4Si/4SiMX PS] + +$ rpcclient pogo -U root%secret -c "enumprinters" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] + flags:[0x800000] + name:[\\POGO\hp-print] + description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] + comment:[] + +$ rpcclient pogo -U root%secret \ +> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\"" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] +Successfully set hp-print to driver HP LaserJet 4000 Series PS. Chapter 12. Group mapping HOWTO -Starting with Samba 3.0 alpha 2, a new group mapping function is available. The -current method (likely to change) to manage the groups is a new command called -smbgroupedit. 14.2.4. Adding New Printers via the Windows NT APWThe first immediate reason to use the group mapping on a PDC, is that -the domain admin group of By default, Samba offers all printer shares defined in smb.conf is -now gone. This parameter was used to give the listed users local admin rights -on their workstations. It was some magic stuff that simply worked but didn't -scale very well for complex setups. Let me explain how it works on NT/W2K, to have this magic fade away. -When installing NT/W2K on a computer, the installer program creates some users -and groups. Notably the 'Administrators' group, and gives to that group some -privileges like the ability to change the date and time or to kill any process -(or close too) running on the local machine. The 'Administrator' user is a -member of the 'Administrators' group, and thus 'inherit' the 'Administrators' -group privileges. If a 'joe' user is created and become a member of the -'Administrator' group, 'joe' has exactly the same rights as 'Administrator'. When a NT/W2K machine is joined to a domain, during that phase, the "Domain -Administrators' group of the PDC is added to the 'Administrators' group of the -workstation. Every members of the 'Domain Administrators' group 'inherit' the -rights of the 'Administrators' group when logging on the workstation. You are now wondering how to make some of your samba PDC users members of the -'Domain Administrators' ? That's really easy. +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if create a unix group (usually in /etc/group), let's call it domadm add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in /etc/group will look like: domadm:x:502:joe,john,mary The connected user is able to successfully + execute an OpenPrinterEx(\\server) with administrative + privileges (i.e. root or printer admin). + Map this domadm group to the domain admins group by running the command: smbgroupedit -c "Domain Admins" -u domadm show + add printer wizard = yes (the default). + You're set, joe, john and mary are domain administrators ! Like the Domain Admins group, you can map any arbitrary Unix group to any NT -group. You can also make any Unix group a domain group. For example, on a domain -member machine (an NT/W2K or a samba server running winbind), you would like to -give access to a certain directory to some users who are member of a group on -your samba PDC. Flag that group as a domain group by running: In order to be able to use the APW to successfully add a printer to a Samba +server, the add +printer command must have a defined value. The program +hook must successfully add the printer to the system (i.e. +/etc/printcap or appropriate files) and +smb.conf if necessary. When using the APW from a client, if the named printer share does +not exist, smbgroupedit -a unixgroup -td smbd will execute the add printer +command and reparse to the smb.conf +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +add printer program is executed under the context +of the connected user, not necessarily a root account. You can list the various groups in the mapping database like this There is a complementary delete +printer command for removing entries from the "Printers..." +folder. smbgroupedit -v The following is an example add printer command script. It adds the appropriate entries to /etc/printcap.local (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work. #!/bin/sh + +# Script to insert a new printer entry into printcap.local +# +# $1, printer name, used as the descriptive name +# $2, share name, used as the printer name for Linux +# $3, port name +# $4, driver name +# $5, location, used for the device file of the printer +# $6, win9x location + +# +# Make sure we use the location that RedHat uses for local printer defs +PRINTCAP=/etc/printcap.local +DATE=`date +%Y%m%d-%H%M%S` +LP=lp +RESTART="service lpd restart" + +# Keep a copy +cp $PRINTCAP $PRINTCAP.$DATE +# Add the printer to $PRINTCAP +echo "" >> $PRINTCAP +echo "$2|$1:\\" >> $PRINTCAP +echo " :sd=/var/spool/lpd/$2:\\" >> $PRINTCAP +echo " :mx=0:ml=0:sh:\\" >> $PRINTCAP +echo " :lp=/usr/local/samba/var/print/$5.prn:" >> $PRINTCAP + +touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 +chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 + +mkdir /var/spool/lpd/$2 +chmod 700 /var/spool/lpd/$2 +chown $LP /var/spool/lpd/$2 +#echo $1 >> "/usr/local/samba/var/print/$5.prn" +#echo $2 >> "/usr/local/samba/var/print/$5.prn" +#echo $3 >> "/usr/local/samba/var/print/$5.prn" +#echo $4 >> "/usr/local/samba/var/print/$5.prn" +#echo $5 >> "/usr/local/samba/var/print/$5.prn" +#echo $6 >> "/usr/local/samba/var/print/$5.prn" +$RESTART >> "/usr/local/samba/var/print/$5.prn" +# Not sure if this is needed +touch /usr/local/samba/lib/smb.conf +# +# You need to return a value, but I am not sure what it means. +# +echo "Done" +exit 0 14.2.5. Samba and Printer Ports Windows NT/2000 print servers associate a port with each printer. These normally +take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the +concept of ports associated with a printer. By default, only one printer port, +named "Samba Printer Port", exists on a system. Samba does not really a port in +order to print, rather it is a requirement of Windows clients. Note that Samba does not support the concept of "Printer Pooling" internally +either. This is when a logical printer is assigned to multiple ports as +a form of load balancing or fail over. If you require that multiple ports be defined for some reason, +smb.conf possesses a enumports +commandChapter 13. Configuring PAM for distributed but centrally -managed authentication which can be used to define an external program +that generates a listing of ports on a system. 13.1. Samba and PAM14.3. The Imprints Toolset A number of Unix systems (eg: Sun Solaris), as well as the -xxxxBSD family and Linux, now utilize the Pluggable Authentication -Modules (PAM) facility to provide all authentication, -authorization and resource control services. Prior to the -introduction of PAM, a decision to use an alternative to -the system password database (/etc/passwd) -would require the provision of alternatives for all programs that provide -security services. Such a choice would involve provision of -alternatives to such programs as: login, -passwd, chown, etc. PAM provides a mechanism that disconnects these security programs -from the underlying authentication/authorization infrastructure. -PAM is configured either through one file /etc/pam.conf (Solaris), -or by editing individual files that are located in /etc/pam.d.The Imprints tool set provides a UNIX equivalent of the + Windows NT Add Printer Wizard. For complete information, please + refer to the Imprints web site at http://imprints.sourceforge.net/ as well as the documentation + included with the imprints source distribution. This section will + only provide a brief introduction to the features of Imprints. 14.3.1. What is Imprints? Imprints is a collection of tools for supporting the goals + of If the PAM authentication module (loadable link library file) is located in the - default location then it is not necessary to specify the path. In the case of - Linux, the default location is /lib/security. If the module - is located other than default then the path may be specified as: - - eg: "auth required /other_path/pam_strange_module.so" - - Providing a central repository information + regarding Windows NT and 95/98 printer driver packages The following is an example /etc/pam.d/login configuration file. -This example had all options been uncommented is probably not usable -as it stacks many conditions before allowing successful completion -of the login process. Essentially all conditions can be disabled -by commenting them out except the calls to pam_pwdb.so.Providing the tools necessary for creating + the Imprints printer driver packages. #%PAM-1.0 - # The PAM configuration file for the `login' service - # - auth required pam_securetty.so - auth required pam_nologin.so - # auth required pam_dialup.so - # auth optional pam_mail.so - auth required pam_pwdb.so shadow md5 - # account requisite pam_time.so - account required pam_pwdb.so - session required pam_pwdb.so - # session optional pam_lastlog.so - # password required pam_cracklib.so retry=3 - password required pam_pwdb.so shadow md5 Providing an installation client which + will obtain and install printer drivers on remote Samba + and Windows NT 4 print servers. 14.3.2. Creating Printer Driver Packages PAM allows use of replacable modules. Those available on a -sample system include:The process of creating printer driver packages is beyond + the scope of this document (refer to Imprints.txt also included + with the Samba distribution for more information). In short, + an Imprints driver package is a gzipped tarball containing the + driver files, related INF files, and a control file needed by the + installation client. 14.3.3. The Imprints server $ /bin/ls /lib/security - pam_access.so pam_ftp.so pam_limits.so - pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so - pam_cracklib.so pam_group.so pam_listfile.so - pam_nologin.so pam_rootok.so pam_tally.so - pam_deny.so pam_issue.so pam_mail.so - pam_permit.so pam_securetty.so pam_time.so - pam_dialup.so pam_lastlog.so pam_mkhomedir.so - pam_pwdb.so pam_shells.so pam_unix.so - pam_env.so pam_ldap.so pam_motd.so - pam_radius.so pam_smbpass.so pam_unix_acct.so - pam_wheel.so pam_unix_auth.so pam_unix_passwd.so - pam_userdb.so pam_warn.so pam_unix_session.so The Imprints server is really a database server that + may be queried via standard HTTP mechanisms. Each printer + entry in the database has an associated URL for the actual + downloading of the package. Each package is digitally signed + via GnuPG which can be used to verify that package downloaded + is actually the one referred in the Imprints database. It is + not recommended that this security check + be disabled. 14.3.4. The Installation Client The following example for the login program replaces the use of -the pam_pwdb.so module which uses the system -password database (/etc/passwd, -/etc/shadow, /etc/group) with -the module pam_smbpass.so which uses the Samba -database which contains the Microsoft MD4 encrypted password -hashes. This database is stored in either -/usr/local/samba/private/smbpasswd, -/etc/samba/smbpasswd, or in -/etc/samba.d/smbpasswd, depending on the -Samba implementation for your Unix/Linux system. The -pam_smbpass.so module is provided by -Samba version 2.2.1 or later. It can be compiled by specifying the ---with-pam_smbpass options when running Samba's -configure script. For more information -on the pam_smbpass module, see the documentation -in the More information regarding the Imprints installation client + is available in the source/pam_smbpass directory of the Samba -source distribution. Imprints-Client-HOWTO.ps + file included with the imprints source package. The Imprints installation client comes in two forms. #%PAM-1.0 - # The PAM configuration file for the `login' service - # - auth required pam_smbpass.so nodelay - account required pam_smbpass.so nodelay - session required pam_smbpass.so nodelay - password required pam_smbpass.so nodelay The following is the PAM configuration file for a particular -Linux system. The default condition uses pam_pwdb.soa set of command line Perl scripts a GTK+ based graphical interface to + the command line perl scripts The installation client (in both forms) provides a means + of querying the Imprints database server for a matching + list of known printer model names as well as a means to + download and install the drivers on remote Samba and Windows + NT print servers. The basic installation process is in four steps and + perl code is wrapped around smbclient + and rpcclient. #%PAM-1.0 - # The PAM configuration file for the `samba' service - # - auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit - account required /lib/security/pam_pwdb.so audit nodelay - session required /lib/security/pam_pwdb.so nodelay - password required /lib/security/pam_pwdb.so shadow md5 +foreach (supported architecture for a given driver) +{ + 1. rpcclient: Get the appropriate upload directory + on the remote server + 2. smbclient: Upload the driver files + 3. rpcclient: Issues an AddPrinterDriver() MS-RPC +} + +4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually + create the printer In the following example the decision has been made to use the -smbpasswd database even for basic samba authentication. Such a -decision could also be made for the passwd program and would -thus allow the smbpasswd passwords to be changed using the passwd -program.One of the problems encountered when implementing + the Imprints tool set was the name space issues between + various supported client architectures. For example, Windows + NT includes a driver named "Apple LaserWriter II NTX v51.8" + and Windows 95 calls its version of this driver "Apple + LaserWriter II NTX" #%PAM-1.0 - # The PAM configuration file for the `samba' service - # - auth required /lib/security/pam_smbpass.so nodelay - account required /lib/security/pam_pwdb.so audit nodelay - session required /lib/security/pam_pwdb.so nodelay - password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf The problem is how to know what client drivers have + been uploaded for a printer. As astute reader will remember + that the Windows NT Printer Properties dialog only includes + space for one printer driver name. A quick look in the + Windows NT 4.0 system registry at HKLM\System\CurrentControlSet\Control\Print\Environment + PAM allows stacking of authentication mechanisms. It is -also possible to pass information obtained within one PAM module through -to the next module in the PAM stack. Please refer to the documentation for -your particular system implementation for details regarding the specific -capabilities of PAM in this environment. Some Linux implmentations also -provide the pam_stack.so module that allows all -authentication to be configured in a single central file. The -pam_stack.so method has some very devoted followers -on the basis that it allows for easier administration. As with all issues in -life though, every decision makes trade-offs, so you may want examine the -PAM documentation for further helpful information.will reveal that Windows NT always uses the NT driver + name. This is ok as Windows NT always requires that at least + the Windows NT version of the printer driver is present. + However, Samba does not have the requirement internally. + Therefore, how can you use the NT driver name if is has not + already been installed? The way of sidestepping this limitation is to require + that all Imprints printer driver packages include both the Intel + Windows NT and 95/98 printer drivers and that NT driver is + installed first. 13.2. Distributed Authentication14.4. Diagnosis The astute administrator will realize from this that the -combination of pam_smbpass.so, -winbindd, and a distributed -passdb backend, such as ldap, will allow the establishment of a -centrally managed, distributed -user/password database that can also be used by all -PAM (eg: Linux) aware programs and applications. This arrangement -can have particularly potent advantages compared with the -use of Microsoft Active Directory Service (ADS) in so far as -reduction of wide area network authentication traffic. 13.3. PAM Configuration in smb.conf There is an option in smb.conf called obey pam restrictions. -The following is from the on-line help for this option in SWAT; When Samba is configured to enable PAM support (i.e. ---with-pam), this parameter will -control whether or not Samba should obey PAM's account -and session management directives. The default behavior -is to use PAM for clear text authentication only and to -ignore any account or session management. Note that Samba always -ignores PAM for authentication in the case of -encrypt passwords = yes. -The reason is that PAM modules cannot support the challenge/response -authentication mechanism needed in the presence of SMB -password encryption. 14.4.1. IntroductionDefault: obey pam restrictions = no Chapter 14. Printing Support 14.1. IntroductionThis is a short description of how to debug printing problems with +Samba. This describes how to debug problems with printing from a SMB +client to a Samba server, not the other way around. For the reverse +see the examples/printing directory. Beginning with the 2.2.0 release, Samba supports -the native Windows NT printing mechanisms implemented via -MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of -Samba only supported LanMan printing calls.Ok, so you want to print to a Samba server from your PC. The first +thing you need to understand is that Samba does not actually do any +printing itself, it just acts as a middleman between your PC client +and your Unix printing subsystem. Samba receives the file from the PC +then passes the file to a external "print command". What print command +you use is up to you. The additional functionality provided by the new -SPOOLSS support includes:The whole things is controlled using options in smb.conf. The most +relevant options (which you should look up in the smb.conf man page) +are: [global] + print command - send a file to a spooler + lpq command - get spool queue status + lprm command - remove a job + [printers] + path = /var/spool/lpd/samba Support for downloading printer driver - files to Windows 95/98/NT/2000 clients upon demand. - The following are nice to know about: Uploading of printer drivers via the - Windows NT Add Printer Wizard (APW) or the - Imprints tool set (refer to http://imprints.sourceforge.net). - queuepause command - stop a printer or print queue + queueresume command - start a printer or print queue Support for the native MS-RPC printing - calls such as StartDocPrinter, EnumJobs(), etc... (See - the MSDN documentation at http://msdn.microsoft.com/ - for more information on the Win32 printing API) - Example: Support for NT Access Control Lists (ACL) - on printer objects print command = /usr/bin/lpr -r -P%p %s + lpq command = /usr/bin/lpq -P%p %s + lprm command = /usr/bin/lprm -P%p %j + queuepause command = /usr/sbin/lpc -P%p stop + queuepause command = /usr/sbin/lpc -P%p start Improved support for printer queue manipulation - through the use of an internal databases for spooled job - informationSamba should set reasonable defaults for these depending on your +system type, but it isn't clairvoyant. It is not uncommon that you +have to tweak these for local conditions. The commands should +always have fully specified pathnames, as the smdb may not have +the correct PATH values. There has been some initial confusion about what all this means -and whether or not it is a requirement for printer drivers to be -installed on a Samba host in order to support printing from Windows -clients. As a side note, Samba does not use these drivers in any way to process -spooled files. They are utilized entirely by the clients.When you send a job to Samba to be printed, it will make a temporary +copy of it in the directory specified in the [printers] section. +and it should be periodically cleaned out. The lpr -r option +requests that the temporary copy be removed after printing; If +printing fails then you might find leftover files in this directory, +and it should be periodically cleaned out. Samba used the lpq +command to determine the "job number" assigned to your print job +by the spooler. The following MS KB article, may be of some help if you are dealing with -Windows 2000 clients: How to Add Printers with No User -Interaction in Windows 2000The %>letter< are "macros" that get dynamically replaced with appropriate +values when they are used. The %s gets replaced with the name of the spool +file that Samba creates and the %p gets replaced with the name of the +printer. The %j gets replaced with the "job number" which comes from +the lpq output. 14.4.2. Debugging printer problems One way to debug printing problems is to start by replacing these +command with shell scripts that record the arguments and the contents +of the print file. A simple example of this kind of things might +be: print command = /tmp/saveprint %p %s + + #!/bin/saveprint + # we make sure that we are the right user + /usr/bin/id -p >/tmp/tmp.print + # we run the command and save the error messages + # replace the command with the one appropriate for your system + /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print http://support.microsoft.com/support/kb/articles/Q189/1/05.ASPThen you print a file and try removing it. You may find that the +print queue needs to be stopped in order to see the queue status +and remove the job: h4: {42} % echo hi >/tmp/hi +h4: {43} % smbclient //localhost/lw4 +added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 +Password: +Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7] +smb: \> print /tmp/hi +putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s) +smb: \> queue +1049 3 hi-17534 +smb: \> cancel 1049 +Error cancelling job 1049 : code 0 +smb: \> cancel 1049 +Job 1049 cancelled +smb: \> queue +smb: \> exit The 'code 0' indicates that the job was removed. The comment +by the smbclient is a bit misleading on this. +You can observe the command output and then and look at the +/tmp/tmp.print file to see what the results are. You can quickly +find out if the problem is with your printing system. Often people +have problems with their /etc/printcap file or permissions on +various print queues. 14.2. Configuration 14.4.3. What printers do I have?You can use the 'testprns' program to check to see if the printer +name you are using is recognized by Samba. For example, you can +use: testprns printer /etc/printcap [print$] vs. [printer$] Previous versions of Samba recommended using a share named [printer$]. -This name was taken from the printer$ service created by Windows 9x -clients when a printer was shared. Windows 9x printer servers always have -a printer$ service which provides read-only access via no -password in order to support printer driver downloads.Samba can get its printcap information from a file or from a program. +You can try the following to see the format of the extracted +information: However, the initial implementation allowed for a -parameter named printer driver location -to be used on a per share basis to specify the location of -the driver files associated with that printer. Another -parameter named printer driver provided -a means of defining the printer driver name to be sent to -the client. testprns -a printer /etc/printcap + + testprns -a printer '|/bin/cat printcap' 14.2.1. Creating [print$]14.4.4. Setting up printcap and print servers In order to support the uploading of printer driver -files, you must first configure a file share named [print$]. -The name of this share is hard coded in Samba's internals so -the name is very important (print$ is the service used by -Windows NT print servers to provide support for printer driver -download).You may need to set up some printcaps for your Samba system to use. +It is strongly recommended that you use the facilities provided by +the print spooler to set up queues and printcap information. You should modify the server's smb.conf file to add the global -parameters and to create the -following file share (of course, some of the parameter values, -such as 'path' are arbitrary and should be replaced with -appropriate values for your site):Samba requires either a printcap or program to deliver printcap +information. This printcap information has the format: [global] - ; members of the ntadmin group should be able - ; to add drivers and set printer properties - ; root is implicitly a 'printer admin' - printer admin = @ntadmin - -[print$] - path = /usr/local/samba/printers - guest ok = yes - browseable = yes - read only = yes - ; since this share is configured as read only, then we need - ; a 'write list'. Check the file system permissions to make - ; sure this account can copy files to the share. If this - ; is setup to a non-root account, then it should also exist - ; as a 'printer admin' - write list = @ntadmin,root name|alias1|alias2...:option=value:... The write list is used to allow administrative -level user accounts to have write access in order to update files -on the share. See the smb.conf(5) -man page for more information on configuring file shares.For almost all printing systems, the printer 'name' must be composed +only of alphanumeric or underscore '_' characters. Some systems also +allow hyphens ('-') as well. An alias is an alternative name for the +printer, and an alias with a space in it is used as a 'comment' +about the printer. The printcap format optionally uses a \ at the end of lines +to extend the printcap to multiple lines. Here are some examples of printcap files: The requirement for guest -ok = yes depends upon how your -site is configured. If users will be guaranteed to have -an account on the Samba host, then this is a non-issue. Author's Note The non-issue is that if all your Windows NT users are guaranteed to be -authenticated by the Samba server (such as a domain member server and the NT -user has already been validated by the Domain Controller in -order to logon to the Windows NT console), then guest access -is not necessary. Of course, in a workgroup environment where -you just want to be able to print without worrying about -silly accounts and security, then configure the share for -guest access. You'll probably want to add map to guest = Bad User in the [global] section as well. Make sure -you understand what this parameter does before using it -though. --jerry pr just printer name In order for a Windows NT print server to support -the downloading of driver files by multiple client architectures, -it must create subdirectories within the [print$] service -which correspond to each of the supported client architectures. -Samba follows this model as well. pr|alias printer name and alias Next create the directory tree below the [print$] share -for each architecture you wish to support. pr|My Printer printer name, alias used as comment [print$]----- - |-W32X86 ; "Windows NT x86" - |-WIN40 ; "Windows 95/98" - |-W32ALPHA ; "Windows NT Alpha_AXP" - |-W32MIPS ; "Windows NT R4000" - |-W32PPC ; "Windows NT PowerPC" pr:sh:\ Same as pr:sh:cm= testing + :cm= \ + testing pr:sh Same as pr:sh:cm= testing + :cm= testing ATTENTION! REQUIRED PERMISSIONS In order to currently add a new driver to you Samba host, -one of two conditions must hold true:Samba reads the printcap information when first started. If you make +changes in the printcap information, then you must do the following: The account used to connect to the Samba host - must have a uid of 0 (i.e. a root account)make sure that the print spooler is aware of these changes. +The LPRng system uses the 'lpc reread' command to do this. The account used to connect to the Samba host - must be a member of the printer - admin list.make sure that the spool queues, etc., exist and have the +correct permissions. The LPRng system uses the 'checkpc -f' +command to do this. Of course, the connected account must still possess access -to add files to the subdirectories beneath [print$]. Remember -that all file shares are set to 'read only' by default. Once you have created the required [print$] service and -associated subdirectories, simply log onto the Samba server using -a root (or printer admin) account -from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or -"My Network Places" and browse for the Samba host. Once you have located -the server, navigate to the "Printers..." folder. -You should see an initial listing of printers -that matches the printer shares defined on your Samba host.You now should send a SIGHUP signal to the smbd server to have +it reread the printcap information. 14.2.2. Setting Drivers for Existing Printers14.4.5. Job sent, no output The initial listing of printers in the Samba host's -Printers folder will have no real printer driver assigned -to them. This defaults to a NULL string to allow the use -of the local Add Printer Wizard on NT/2000 clients. -Attempting to view the printer properties for a printer -which has this default driver assigned will result in -the error message:This is the most frustrating part of printing. You may have sent the +job, verified that the job was forwarded, set up a wrapper around +the command to send the file, but there was no output from the printer. Device settings cannot be displayed. The driver -for the specified printer is not installed, only spooler -properties will be displayed. Do you want to install the -driver now?First, check to make sure that the job REALLY is getting to the +right print queue. If you are using a BSD or LPRng print spooler, +you can temporarily stop the printing of jobs. Jobs can still be +submitted, but they will not be printed. Use: lpc -Pprinter stop Click "No" in the error dialog and you will be presented with -the printer properties window. The way to assign a driver to a -printer is to eitherNow submit a print job and then use 'lpq -Pprinter' to see if the +job is in the print queue. If it is not in the print queue then +you will have to find out why it is not being accepted for printing. Next, you may want to check to see what the format of the job really +was. With the assistance of the system administrator you can view +the submitted jobs files. You may be surprised to find that these +are not in what you would expect to call a printable format. +You can use the UNIX 'file' utitily to determine what the job +format actually is: cd /var/spool/lpd/printer # spool directory of print jobs + ls # find job files + file dfA001myhost Use the "New Driver..." button to install - a new printer driver, or You should make sure that your printer supports this format OR that +your system administrator has installed a 'print filter' that will +convert the file to a format appropriate for your printer. 14.4.6. Job sent, strange output Select a driver from the popup list of - installed drivers. Initially this list will be empty.Once you have the job printing, you can then start worrying about +making it print nicely. If you wish to install printer drivers for client -operating systems other than "Windows NT x86", you will need -to use the "Sharing" tab of the printer properties dialog.The most common problem is extra pages of output: banner pages +OR blank pages at the end. Assuming you have connected with a root account, you -will also be able modify other printer properties such as -ACLs and device settings using this dialog box.If you are getting banner pages, check and make sure that the +printcap option or printer option is configured for no banners. +If you have a printcap, this is the :sh (suppress header or banner +page) option. You should have the following in your printer. A few closing comments for this section, it is possible -on a Windows NT print server to have printers -listed in the Printers folder which are not shared. Samba does -not make this distinction. By definition, the only printers of -which Samba is aware are those which are specified as shares in -smb.conf. printer: ... :sh Another interesting side note is that Windows NT clients do -not use the SMB printer share, but rather can print directly -to any printer on another Windows NT host using MS-RPC. This -of course assumes that the printing client has the necessary -privileges on the remote host serving the printer. The default -permissions assigned by Windows NT to a printer gives the "Print" -permissions to the "Everyone" well-known group.If you have this option and are still getting banner pages, there +is a strong chance that your printer is generating them for you +automatically. You should make sure that banner printing is disabled +for the printer. This usually requires using the printer setup software +or procedures supplied by the printer manufacturer. If you get an extra page of output, this could be due to problems +with your job format, or if you are generating PostScript jobs, +incorrect setting on your printer driver on the MicroSoft client. +For example, under Win95 there is a option: Printers|Printer Name|(Right Click)Properties|Postscript|Advanced| that allows you to choose if a Ctrl-D is appended to all jobs. +This is a very bad thing to do, as most spooling systems will +automatically add a ^D to the end of the job if it is detected as +PostScript. The multiple ^D may cause an additional page of output. 14.2.3. Support a large number of printers14.4.7. Raw PostScript printed One issue that has arisen during the development -phase of Samba 2.2 is the need to support driver downloads for -100's of printers. Using the Windows NT APW is somewhat -awkward to say the list. If more than one printer are using the -same driver, the rpcclient's -setdriver command can be used to set the driver -associated with an installed driver. The following is example -of how this could be accomplished: -$ rpcclient pogo -U root%secret -c "enumdrivers" -Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] - -[Windows NT x86] -Printer Driver Info 1: - Driver Name: [HP LaserJet 4000 Series PS] - -Printer Driver Info 1: - Driver Name: [HP LaserJet 2100 Series PS] - -Printer Driver Info 1: - Driver Name: [HP LaserJet 4Si/4SiMX PS] - -$ rpcclient pogo -U root%secret -c "enumprinters" -Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] - flags:[0x800000] - name:[\\POGO\hp-print] - description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] - comment:[] - -$ rpcclient pogo -U root%secret \ -> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\"" -Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] -Successfully set hp-print to driver HP LaserJet 4000 Series PS. This is a problem that is usually caused by either the print spooling +system putting information at the start of the print job that makes +the printer think the job is a text file, or your printer simply +does not support PostScript. You may need to enable 'Automatic +Format Detection' on your printer. 14.2.4. Adding New Printers via the Windows NT APW14.4.8. Advanced Printing By default, Samba offers all printer shares defined in smb.conf -in the "Printers..." folder. Also existing in this folder is the Windows NT -Add Printer Wizard icon. The APW will be show only if The connected user is able to successfully - execute an OpenPrinterEx(\\server) with administrative - privileges (i.e. root or printer admin). - show - add printer wizard = yes (the default). - In order to be able to use the APW to successfully add a printer to a Samba -server, the add -printer command must have a defined value. The program -hook must successfully add the printer to the system (i.e. -/etc/printcap or appropriate files) and -smb.conf if necessary. When using the APW from a client, if the named printer share does -not exist, smbd will execute the add printer -command and reparse to the smb.conf -to attempt to locate the new printer share. If the share is still not defined, -an error of "Access Denied" is returned to the client. Note that the -add printer program is executed under the context -of the connected user, not necessarily a root account. There is a complementary delete -printer command for removing entries from the "Printers..." -folder. The following is an example add printer command script. It adds the appropriate entries to /etc/printcap.local (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work. #!/bin/sh - -# Script to insert a new printer entry into printcap.local -# -# $1, printer name, used as the descriptive name -# $2, share name, used as the printer name for Linux -# $3, port name -# $4, driver name -# $5, location, used for the device file of the printer -# $6, win9x location - -# -# Make sure we use the location that RedHat uses for local printer defs -PRINTCAP=/etc/printcap.local -DATE=`date +%Y%m%d-%H%M%S` -LP=lp -RESTART="service lpd restart" - -# Keep a copy -cp $PRINTCAP $PRINTCAP.$DATE -# Add the printer to $PRINTCAP -echo "" >> $PRINTCAP -echo "$2|$1:\\" >> $PRINTCAP -echo " :sd=/var/spool/lpd/$2:\\" >> $PRINTCAP -echo " :mx=0:ml=0:sh:\\" >> $PRINTCAP -echo " :lp=/usr/local/samba/var/print/$5.prn:" >> $PRINTCAP - -touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 -chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 - -mkdir /var/spool/lpd/$2 -chmod 700 /var/spool/lpd/$2 -chown $LP /var/spool/lpd/$2 -#echo $1 >> "/usr/local/samba/var/print/$5.prn" -#echo $2 >> "/usr/local/samba/var/print/$5.prn" -#echo $3 >> "/usr/local/samba/var/print/$5.prn" -#echo $4 >> "/usr/local/samba/var/print/$5.prn" -#echo $5 >> "/usr/local/samba/var/print/$5.prn" -#echo $6 >> "/usr/local/samba/var/print/$5.prn" -$RESTART >> "/usr/local/samba/var/print/$5.prn" -# Not sure if this is needed -touch /usr/local/samba/lib/smb.conf -# -# You need to return a value, but I am not sure what it means. -# -echo "Done" -exit 0Note that you can do some pretty magic things by using your +imagination with the "print command" option and some shell scripts. +Doing print accounting is easy by passing the %U option to a print +command shell script. You could even make the print command detect +the type of output and its size and send it to an appropriate +printer. 14.2.5. Samba and Printer Ports14.4.9. Real debugging Windows NT/2000 print servers associate a port with each printer. These normally -take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the -concept of ports associated with a printer. By default, only one printer port, -named "Samba Printer Port", exists on a system. Samba does not really a port in -order to print, rather it is a requirement of Windows clients. Note that Samba does not support the concept of "Printer Pooling" internally -either. This is when a logical printer is assigned to multiple ports as -a form of load balancing or fail over. If you require that multiple ports be defined for some reason, -smb.conf possesses a enumports -command which can be used to define an external program -that generates a listing of ports on a system.If the above debug tips don't help, then maybe you need to bring in +the bug guns, system tracing. See Tracing.txt in this directory. Chapter 15. CUPS Printing Support 14.3. The Imprints Toolset15.1. Introduction The Imprints tool set provides a UNIX equivalent of the - Windows NT Add Printer Wizard. For complete information, please - refer to the Imprints web site at http://imprints.sourceforge.net/ as well as the documentation - included with the imprints source distribution. This section will - only provide a brief introduction to the features of Imprints. 14.3.1. What is Imprints?The Common Unix Print System (CUPS) has become very popular, but to many it is +a very mystical tool. There is a great deal of uncertainty regarding CUPS and how +it works. The result is seen in a large number of posting on the samba mailing lists +expressing frustration when MS Windows printers appear not to work with a CUPS +backr-end. +/para> Imprints is a collection of tools for supporting the goals - ofThis is a good time to point out how CUPS can be used and what it does. CUPS is more +than just a print spooling system - it is a complete printer management system that +complies with HTTP and IPP protocols. It can be managed remotely via a web browser +and it can print using http and ipp protocols. CUPS allows to creation of RAW printers (ie: NO file format translation) as well as +SMART printers (ie: CUPS does file format conversion as required for the printer). In +many ways this gives CUPS similar capabilities to the MS Windows print monitoring +system. Of course, if you are a CUPS advocate, you would agrue that CUPS is better! +In any case, let us now move on to explore how one may configure CUPS for interfacing +with MS Windows print clients via Samba. 15.2. CUPS - RAW Print Through Mode When CUPS printers are configured for RAW print-through mode operation it is the +responsibility of the Samba client to fully render the print job (file) in a format +that is suitable for direct delivery to the printer. In this case CUPS will NOT +do any print file format conversion work. The CUPS files that need to be correctly set for RAW mode printers to work are: + + Providing a central repository information - regarding Windows NT and 95/98 printer driver packages /etc/cups/mime.types Providing the tools necessary for creating - the Imprints printer driver packages. Providing an installation client which - will obtain and install printer drivers on remote Samba - and Windows NT 4 print servers. /etc/cups/mime.convs 14.3.2. Creating Printer Driver Packages The process of creating printer driver packages is beyond - the scope of this document (refer to Imprints.txt also included - with the Samba distribution for more information). In short, - an Imprints driver package is a gzipped tarball containing the - driver files, related INF files, and a control file needed by the - installation client. 14.3.3. The Imprints server The Imprints server is really a database server that - may be queried via standard HTTP mechanisms. Each printer - entry in the database has an associated URL for the actual - downloading of the package. Each package is digitally signed - via GnuPG which can be used to verify that package downloaded - is actually the one referred in the Imprints database. It is - + +Both contain entries that must be uncommented to allow notRAW recommended that this security check - be disabled. 14.3.4. The Installation Client More information regarding the Imprints installation client - is available in the Imprints-Client-HOWTO.ps - file included with the imprints source package. The Imprints installation client comes in two forms. mode +operation. Firstly, to enable CUPS based printing from Samba the following options must be +enabled in your smb.conf file [globals] section: + + a set of command line Perl scripts printing = CUPS a GTK+ based graphical interface to - the command line perl scripts printcap = CUPS The installation client (in both forms) provides a means - of querying the Imprints database server for a matching - list of known printer model names as well as a means to - download and install the drivers on remote Samba and Windows - NT print servers. The basic installation process is in four steps and - perl code is wrapped around smbclient + +When these parameters are specified the print directives in smb.conf (as well as in +samba itself) will be ignored because samba will directly interface with CUPS through +it's application program interface (API) - so long as Samba has been compiled with +CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then +printing will use the System V AT&T command set with the -oraw - and rpcclient. Cupsomatic (an enhanced printing utility that is part of some CUPS implementations) +on the Samba/CUPS server does *not* add any features if a file is really +printed "raw". However, if you have loaded the driver for the Windows client from +the CUPS server, using the "cupsaddsmb" utility, and if this driver is one using +a "Foomatic" PPD, the PJL header in question is already added on the Windows client, +at the time when the driver initially generated the PostScript data and CUPS in true +"-oraw" manner doesn't remove this PJL header and passes the file "as is" to its +printer communication backend. -foreach (supported architecture for a given driver) -{ - 1. rpcclient: Get the appropriate upload directory - on the remote server - 2. smbclient: Upload the driver files - 3. rpcclient: Issues an AddPrinterDriver() MS-RPC -} - -4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually - create the printer One of the problems encountered when implementing - the Imprints tool set was the name space issues between - various supported client architectures. For example, Windows - NT includes a driver named "Apple LaserWriter II NTX v51.8" - and Windows 95 calls its version of this driver "Apple - LaserWriter II NTX"NOTE: editing in the "mime.convs" and the "mime.types" file does not *enforce* +"raw" printing, it only *allows* it. The problem is how to know what client drivers have - been uploaded for a printer. As astute reader will remember - that the Windows NT Printer Properties dialog only includes - space for one printer driver name. A quick look in the - Windows NT 4.0 system registry atPrint files that arrive from MS Windows printing are "auto-typed" by CUPS. This aids +the process of determining proper treatment while in the print queue system. + + Files generated by PCL drivers and directed at PCK printers get auto-typed as + HKLM\System\CurrentControlSet\Control\Print\Environment - application/octet-stream. Unknown file format types also + get auto-typed with this tag. + Files generated by a Postscript driver and directed at a Postscript printer + are auto-typed depending on the auto-detected most suitable MIME type as: + + will reveal that Windows NT always uses the NT driver - name. This is ok as Windows NT always requires that at least - the Windows NT version of the printer driver is present. - However, Samba does not have the requirement internally. - Therefore, how can you use the NT driver name if is has not - already been installed? * application/postscript The way of sidestepping this limitation is to require - that all Imprints printer driver packages include both the Intel - Windows NT and 95/98 printer drivers and that NT driver is - installed first. 14.4. Diagnosis 14.4.1. Introduction * application/vnd.cups-postscript + This is a short description of how to debug printing problems with -Samba. This describes how to debug problems with printing from a SMB -client to a Samba server, not the other way around. For the reverse -see the examples/printing directory."application/postscript" first goes thru the "pstops" filter (where the page counting +and accounting takes place). The outcome will be of MIME type +"application/vnd.cups-postscript". The pstopsfilter reads and uses information from +the PPD and inserts user-provided options into the PostScript file. As a consequence, +the filtered file could possibly have an unwanted PJL header. Ok, so you want to print to a Samba server from your PC. The first -thing you need to understand is that Samba does not actually do any -printing itself, it just acts as a middleman between your PC client -and your Unix printing subsystem. Samba receives the file from the PC -then passes the file to a external "print command". What print command -you use is up to you."application/postscript" will be all files with a ".ps", ".ai", ".eps" suffix or which +have as their first character string one of "%!" or "<04>%". The whole things is controlled using options in smb.conf. The most -relevant options (which you should look up in the smb.conf man page) -are:"application/vnd.cups-postscript" will files which contain the string +"LANGUAGE=POSTSCRIPT" (or similar variations with different capitalization) in the +first 512 bytes, and also contain the "PJL super escape code" in the first 128 bytes +("<1B>%-12345X"). Very likely, most PostScript files generated on Windows using a CUPS +or other PPD, will have to be auto-typed as "vnd.cups-postscript". A file produced +with a "Generic PostScript driver" will just be tagged "application/postscript". Once the file is in "application/vnd.cups-postscript" format, either "pstoraster" +or "cupsomatic" will take over (depending on the printer configuration, as +determined by the PPD in use). [global] - print command - send a file to a spooler - lpq command - get spool queue status - lprm command - remove a job - [printers] - path = /var/spool/lpd/samba The following are nice to know about:A printer queue with *no* PPD associated to it is a "raw" printer and all files +will go directly there as received by the spooler. The exeptions are file types +"application/octet-stream" which need "passthrough feature" enabled. +"Raw" queues don't do any filtering at all, they hand the file directly to the +CUPS backend. This backend is responsible for the sending of the data to the device +(as in the "device URI" notation as lpd://, socket://, smb://, ipp://, http://, +parallel:/, serial:/, usb:/ etc.) queuepause command - stop a printer or print queue - queueresume command - start a printer or print queue Example: "cupsomatic"/Foomatic are *not* native CUPS drivers and they don't ship with CUPS. +They are a Third Party add-on, developed at Linuxprinting.org. As such, they are +a brilliant hack to make all models (driven by Ghostscript drivers/filters in +traditional spoolers) also work via CUPS, with the same (good or bad!) quality +as in these other spoolers. "cupsomatic" is only a vehicle to execute a ghostscript +commandline at that stage in the CUPS filtering chain, where "normally" the native +CUPS "pstoraster" filter would kick in. cupsomatic by-passes pstoraster, "kidnaps" +the printfile from CUPS away and re-directs it to go through Ghostscipt. CUPS accepts this, +because the associated CUPS-O-Matic-/Foomatic-PPD specifies: print command = /usr/bin/lpr -r -P%p %s - lpq command = /usr/bin/lpq -P%p %s - lprm command = /usr/bin/lprm -P%p %j - queuepause command = /usr/sbin/lpc -P%p stop - queuepause command = /usr/sbin/lpc -P%p start Samba should set reasonable defaults for these depending on your -system type, but it isn't clairvoyant. It is not uncommon that you -have to tweak these for local conditions. The commands should -always have fully specified pathnames, as the smdb may not have -the correct PATH values. When you send a job to Samba to be printed, it will make a temporary -copy of it in the directory specified in the [printers] section. -and it should be periodically cleaned out. The lpr -r option -requests that the temporary copy be removed after printing; If -printing fails then you might find leftover files in this directory, -and it should be periodically cleaned out. Samba used the lpq -command to determine the "job number" assigned to your print job -by the spooler. *cupsFilter: "application/vnd.cups-postscript 0 cupsomatic"The %>letter< are "macros" that get dynamically replaced with appropriate -values when they are used. The %s gets replaced with the name of the spool -file that Samba creates and the %p gets replaced with the name of the -printer. The %j gets replaced with the "job number" which comes from -the lpq output.This line persuades CUPS to hand the file to cupsomatic, once it has successfully +converted it to the MIME type "application/vnd.cups-postscript". This conversion will not +happen for Jobs arriving from Windows which are auto-typed "application/octet-stream", +with the according changes in "/etc/cups/mime.types" in place. 14.4.2. Debugging printer problems One way to debug printing problems is to start by replacing these -command with shell scripts that record the arguments and the contents -of the print file. A simple example of this kind of things might -be: CUPS is widely configurable and flexible, even regarding its filtering mechanism. +Another workaround in some situations would be to have +in "/etc/cups/mime.types" entries as follows: print command = /tmp/saveprint %p %s - - #!/bin/saveprint - # we make sure that we are the right user - /usr/bin/id -p >/tmp/tmp.print - # we run the command and save the error messages - # replace the command with the one appropriate for your system - /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print Then you print a file and try removing it. You may find that the -print queue needs to be stopped in order to see the queue status -and remove the job: application/postscript application/vnd.cups-raw 0 - + application/vnd.cups-postscript application/vnd.cups-raw 0 -This would prevent all Postscript files from being filtered (rather, they will go +thru the virtual "nullfilter" denoted with "-"). This could only be useful for +PS printers. If you want to print PS code on non-PS printers an entry as follows +could be useful: h4: {42} % echo hi >/tmp/hi -h4: {43} % smbclient //localhost/lw4 -added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 -Password: -Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7] -smb: \> print /tmp/hi -putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s) -smb: \> queue -1049 3 hi-17534 -smb: \> cancel 1049 -Error cancelling job 1049 : code 0 -smb: \> cancel 1049 -Job 1049 cancelled -smb: \> queue -smb: \> exit The 'code 0' indicates that the job was removed. The comment -by the smbclient is a bit misleading on this. -You can observe the command output and then and look at the -/tmp/tmp.print file to see what the results are. You can quickly -find out if the problem is with your printing system. Often people -have problems with their /etc/printcap file or permissions on -various print queues. 14.4.3. What printers do I have? */* application/vnd.cups-raw 0 -You can use the 'testprns' program to check to see if the printer -name you are using is recognized by Samba. For example, you can -use: and would effectively send *all* files to the backend without further processing. Lastly, you could have the following entry: testprns printer /etc/printcap application/vnd.cups-postscript application/vnd.cups-raw 0 my_PJL_stripping_filterSamba can get its printcap information from a file or from a program. -You can try the following to see the format of the extracted -information:You will need to write a "my_PJL_stripping_filter" (could be a shellscript) that +parses the PostScript and removes the unwanted PJL. This would need to conform to +CUPS filter design (mainly, receive and pass the parameters printername, job-id, +username, jobtitle, copies, print options and possibly the filename). It would +be installed as world executable into "/usr/lib/cups/filters/" and will be called +by CUPS if it encounters a MIME type "application/vnd.cups-postscript". testprns -a printer /etc/printcap - - testprns -a printer '|/bin/cat printcap' CUPS can handle "-o job-hold-until=indefinite". This keeps the job in the queue +"on hold". It will only be printed upon manual release by the printer operator. +This is a requirement in many "central reproduction departments", where a few +operators manage the jobs of hundreds of users on some big machine, where no +user is allowed to have direct access. (The operators often need to load the +proper paper type before running the 10.000 page job requested by marketing +for the mailing, etc.). 14.4.4. Setting up printcap and print servers You may need to set up some printcaps for your Samba system to use. -It is strongly recommended that you use the facilities provided by -the print spooler to set up queues and printcap information. Samba requires either a printcap or program to deliver printcap -information. This printcap information has the format: 15.3. The CUPS Filter ChainsThe following diagrams reveal how CUPS handles print jobs. name|alias1|alias2...:option=value:... For almost all printing systems, the printer 'name' must be composed -only of alphanumeric or underscore '_' characters. Some systems also -allow hyphens ('-') as well. An alias is an alternative name for the -printer, and an alias with a space in it is used as a 'comment' -about the printer. The printcap format optionally uses a \ at the end of lines -to extend the printcap to multiple lines. Here are some examples of printcap files: pr just printer name pr|alias printer name and alias pr|My Printer printer name, alias used as comment pr:sh:\ Same as pr:sh:cm= testing - :cm= \ - testing pr:sh Same as pr:sh:cm= testing - :cm= testing Samba reads the printcap information when first started. If you make -changes in the printcap information, then you must do the following: make sure that the print spooler is aware of these changes. -The LPRng system uses the 'lpc reread' command to do this. make sure that the spool queues, etc., exist and have the -correct permissions. The LPRng system uses the 'checkpc -f' -command to do this. You now should send a SIGHUP signal to the smbd server to have -it reread the printcap information. 14.4.5. Job sent, no output This is the most frustrating part of printing. You may have sent the -job, verified that the job was forwarded, set up a wrapper around -the command to send the file, but there was no output from the printer. First, check to make sure that the job REALLY is getting to the -right print queue. If you are using a BSD or LPRng print spooler, -you can temporarily stop the printing of jobs. Jobs can still be -submitted, but they will not be printed. Use: ######################################################################### +# +# CUPS in and of itself has this (general) filter chain (CAPITAL +# letters are FILE-FORMATS or MIME types, other are filters (this is +# true for pre-1.1.15 of pre-4.3 versions of CUPS and ESP PrintPro): +# +# SOMETHNG-FILEFORMAT +# | +# | +# V +# somethingtops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT +# | +# | +# V +# pstoraster # as shipped with CUPS, independent from any Ghostscipt +# | # installation on the system +# | (= "postscipt interpreter") +# | +# V +# APPLICATION/VND.CUPS-RASTER +# | +# | +# V +# rastertosomething (f.e. Gimp-Print filters may be plugged in here) +# | (= "raster driver") +# | +# V +# SOMETHING-DEVICE-SPECIFIC +# | +# | +# V +# backend +# +# +# ESP PrintPro has some enhanced "rastertosomething" filters as compared to +# CUPS, and also a somewhat improved "pstoraster" filter. +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rastertosomething is noted. +# +######################################################################### lpc -Pprinter stop Now submit a print job and then use 'lpq -Pprinter' to see if the -job is in the print queue. If it is not in the print queue then -you will have to find out why it is not being accepted for printing. Next, you may want to check to see what the format of the job really -was. With the assistance of the system administrator you can view -the submitted jobs files. You may be surprised to find that these -are not in what you would expect to call a printable format. -You can use the UNIX 'file' utitily to determine what the job -format actually is: ######################################################################### +# +# This is how "cupsomatic" comes into play: +# ========================================= +# +# SOMETHNG-FILEFORMAT +# | +# | +# V +# somethingtops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+ +# | | +# | V +# V cupsomatic +# pstoraster (constructs complicated +# | (= "postscipt interpreter") Ghostscript commandline +# | to let the file be +# V processed by a +# APPLICATION/VND.CUPS-RASTER "-sDEVICE=s.th." +# | call...) +# | | +# V | +# rastertosomething V +# | (= "raster driver") +-------------------------+ +# | | Ghostscript at work.... | +# V | | +# SOMETHING-DEVICE-SPECIFIC *-------------------------+ +# | | +# | | +# V | +# backend >------------------------------------+ +# | +# | +# V +# THE PRINTER +# +# +# Note, that cupsomatic "kidnaps" the printfile after the +# "APPLICATION/VND.CUPS-POSTSCRPT" stage and deviates it through +# the CUPS-external, systemwide Ghostscript installation, bypassing the +# "pstoraster" filter (therefor also bypassing the CUPS-raster-drivers +# "rastertosomething", and hands the rasterized file directly to the CUPS +# backend... +# +# cupsomatic is not made by the CUPS developers. It is an independent +# contribution to printing development, made by people from +# Linuxprinting.org. (see also http://www.cups.org/cups-help.html) +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rastertosomething is noted. +# +######################################################################### cd /var/spool/lpd/printer # spool directory of print jobs - ls # find job files - file dfA001myhost You should make sure that your printer supports this format OR that -your system administrator has installed a 'print filter' that will -convert the file to a format appropriate for your printer. 14.4.6. Job sent, strange output Once you have the job printing, you can then start worrying about -making it print nicely. The most common problem is extra pages of output: banner pages -OR blank pages at the end. If you are getting banner pages, check and make sure that the -printcap option or printer option is configured for no banners. -If you have a printcap, this is the :sh (suppress header or banner -page) option. You should have the following in your printer. ######################################################################### +# +# And this is how it works for ESP PrintPro from 4.3: +# =================================================== +# +# SOMETHNG-FILEFORMAT +# | +# | +# V +# somethingtops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT +# | +# | +# V +# gsrip +# | (= "postscipt interpreter") +# | +# V +# APPLICATION/VND.CUPS-RASTER +# | +# | +# V +# rastertosomething (f.e. Gimp-Print filters may be plugged in here) +# | (= "raster driver") +# | +# V +# SOMETHING-DEVICE-SPECIFIC +# | +# | +# V +# backend +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rastertosomething is noted. +# +######################################################################### printer: ... :sh If you have this option and are still getting banner pages, there -is a strong chance that your printer is generating them for you -automatically. You should make sure that banner printing is disabled -for the printer. This usually requires using the printer setup software -or procedures supplied by the printer manufacturer. If you get an extra page of output, this could be due to problems -with your job format, or if you are generating PostScript jobs, -incorrect setting on your printer driver on the MicroSoft client. -For example, under Win95 there is a option: ######################################################################### +# +# This is how "cupsomatic" would come into play with ESP PrintPro: +# ================================================================ +# +# +# SOMETHNG-FILEFORMAT +# | +# | +# V +# somethingtops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+ +# | | +# | V +# V cupsomatic +# gsrip (constructs complicated +# | (= "postscipt interpreter") Ghostscript commandline +# | to let the file be +# V processed by a +# APPLICATION/VND.CUPS-RASTER "-sDEVICE=s.th." +# | call...) +# | | +# V | +# rastertosomething V +# | (= "raster driver") +-------------------------+ +# | | Ghostscript at work.... | +# V | | +# SOMETHING-DEVICE-SPECIFIC *-------------------------+ +# | | +# | | +# V | +# backend >------------------------------------+ +# | +# | +# V +# THE PRINTER +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rastertosomething is noted. +# +######################################################################### Printers|Printer Name|(Right Click)Properties|Postscript|Advanced| that allows you to choose if a Ctrl-D is appended to all jobs. -This is a very bad thing to do, as most spooling systems will -automatically add a ^D to the end of the job if it is detected as -PostScript. The multiple ^D may cause an additional page of output. 14.4.7. Raw PostScript printed This is a problem that is usually caused by either the print spooling -system putting information at the start of the print job that makes -the printer think the job is a text file, or your printer simply -does not support PostScript. You may need to enable 'Automatic -Format Detection' on your printer. 14.4.8. Advanced Printing Note that you can do some pretty magic things by using your -imagination with the "print command" option and some shell scripts. -Doing print accounting is easy by passing the %U option to a print -command shell script. You could even make the print command detect -the type of output and its size and send it to an appropriate -printer. 14.4.9. Real debugging If the above debug tips don't help, then maybe you need to bring in -the bug guns, system tracing. See Tracing.txt in this directory. Chapter 15. CUPS Printing Support 15.1. Introduction The Common Unix Print System (CUPS) has become very popular, but to many it is -a very mystical tool. There is a great deal of uncertainty regarding CUPS and how -it works. The result is seen in a large number of posting on the samba mailing lists -expressing frustration when MS Windows printers appear not to work with a CUPS -backr-end. -/para> This is a good time to point out how CUPS can be used and what it does. CUPS is more -than just a print spooling system - it is a complete printer management system that -complies with HTTP and IPP protocols. It can be managed remotely via a web browser -and it can print using http and ipp protocols. CUPS allows to creation of RAW printers (ie: NO file format translation) as well as -SMART printers (ie: CUPS does file format conversion as required for the printer). In -many ways this gives CUPS similar capabilities to the MS Windows print monitoring -system. Of course, if you are a CUPS advocate, you would agrue that CUPS is better! -In any case, let us now move on to explore how one may configure CUPS for interfacing -with MS Windows print clients via Samba. 15.2. CUPS - RAW Print Through Mode######################################################################### +# +# And this is how it works for CUPS from 1.1.15: +# ============================================== +# +# SOMETHNG-FILEFORMAT +# | +# | +# V +# somethingtops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT-----+ +# | +# +------------------v------------------------------+ +# | Ghostscript | +# | at work... | +# | (with | +# | "-sDEVICE=cups") | +# | | +# | (= "postscipt interpreter") | +# | | +# +------------------v------------------------------+ +# | +# | +# APPLICATION/VND.CUPS-RASTER >-------+ +# | +# | +# V +# rastertosomething +# | (= "raster driver") +# | +# V +# SOMETHING-DEVICE-SPECIFIC +# | +# | +# V +# backend +# +# +# NOTE: since version 1.1.15 CUPS "outsourced" the pstoraster process to +# Ghostscript. GNU Ghostscript needs to be patched to handle the +# CUPS requirement; ESP Ghostscript has this builtin. In any case, +# "gs -h" needs to show up a "cups" device. pstoraster is now a +# calling an appropriate "gs -sDEVICE=cups..." commandline to do +# the job. It will output "application/vnd.cup-raster", which will +# be finally processed by a CUPS raster driver "rastertosomething" +# Note the difference to "cupsomatic", which will *not* output +# CUPS-raster, but a final version of the printfile, ready to be +# sent to the printer. cupsomatic also doesn't use the "cups" +# devicemode in Ghostscript, but one of the classical devicemodes.... +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rastertosomething is noted. +# +################################################################################################################################################## +# +# And this is how it works for CUPS from 1.1.15, with cupsomatic included: +# ======================================================================== +# +# SOMETHNG-FILEFORMAT +# | +# | +# V +# somethingtops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT-----+ +# | +# +------------------v------------------------------+ +# | Ghostscript . Ghostscript at work.... | +# | at work... . (with "-sDEVICE= | +# | (with . s.th." | +# | "-sDEVICE=cups") . | +# | . | +# | (CUPS standard) . (cupsomatic) | +# | . | +# | (= "postscript interpreter") | +# | . | +# +------------------v--------------v---------------+ +# | | +# | | +# APPLICATION/VND.CUPS-RASTER >-------+ | +# | | +# | | +# V | +# rastertosomething | +# | (= "raster driver") | +# | | +# V | +# SOMETHING-DEVICE-SPECIFIC >------------------------+ +# | +# | +# V +# backend +# +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rastertosomething is noted. +# +########################################################################## 15.4. CUPS Print Drivers and Devices When CUPS printers are configured for RAW print-through mode operation it is the -responsibility of the Samba client to fully render the print job (file) in a format -that is suitable for direct delivery to the printer. In this case CUPS will NOT -do any print file format conversion work. The CUPS files that need to be correctly set for RAW mode printers to work are: +>CUPS ships with good support for HP LaserJet type printers. You can install +the driver as follows: lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -m laserjet.ppd + + +(The "-m" switch will retrieve the "laserjet.ppd" from the standard repository +for not-yet-installed-PPDs, which CUPS typically stores in +/etc/cups/mime.types /usr/share/cups/model. Alternatively, you may use +"-P /absolute/filesystem/path/to/where/there/is/PPD/your.ppd"). 15.4.1. Further printing steps Always also consult the database on linuxprinting.org for all recommendations +about which driver is best used for each printer: /etc/cups/mime.convshttp://www.linuxprinting.org/printer_list.cgi - -Both contain entries that must be uncommented to allow There select your model and click on "Show". You'll arrive at a page listing +all drivers working with your model. There will always be *one* +RAWrecommended mode -operation. one. Try this one first. In your case +("HP LaserJet 4 Plus"), you'll arrive here: Firstly, to enable CUPS based printing from Samba the following options must be -enabled in your smb.conf file [globals] section: - - http://www.linuxprinting.org/show_printer.cgi?recnum=75104 printing = CUPS The recommended driver is "ljet4". It has a link to the page for the ljet4 +driver too: printcap = CUPS - -When these parameters are specified the print directives in smb.conf (as well as in -samba itself) will be ignored because samba will directly interface with CUPS through -it's application program interface (API) - so long as Samba has been compiled with -CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then -printing will use the System V AT&T command set with the -oraw -option automatically passing through. http://www.linuxprinting.org/show_driver.cgi?driver=ljet4 Cupsomatic (an enhanced printing utility that is part of some CUPS implementations) -on the Samba/CUPS server does *not* add any features if a file is really -printed "raw". However, if you have loaded the driver for the Windows client from -the CUPS server, using the "cupsaddsmb" utility, and if this driver is one using -a "Foomatic" PPD, the PJL header in question is already added on the Windows client, -at the time when the driver initially generated the PostScript data and CUPS in true -"-oraw" manner doesn't remove this PJL header and passes the file "as is" to its -printer communication backend.On the driver's page, you'll find important and detailed info about how to use +that driver within the various available spoolers. You can generate a PPD for +CUPS. The PPD contains all the info about how to use your model and the driver; +this is, once installed, working transparently for the user -- you'll only +need to choose resolution, paper size etc. from the web-based menu or from +the print dialog GUI or from the commandline... On the driver's page, choose to use the "PPD-O-Matic" online PPD generator +program. Select your model and click "Generate PPD file". When you safe the +appearing ASCII text file, don't use "cut'n'past" (as it could possiblly corrupt +line endings and tabs), but use "Save as..." in your browser's menu. Save it +at "/some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd" Then install the printer: "lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -P /some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd" Note, that for all the "Foomatic-PPDs" from Linuxprinting.org, you also need +a special "CUPS filter" named "cupsomatic". Get the latest version of +"cupsomatic" from: http://www.linuxprinting.org/cupsomatic This needs to be copied to /usr/lib/cups/filter/cupsomatic +and be made world executable. This filter is needed to read and act upon the +specially encoded Foomatic comments, embedded in the printfile, which in turn +are used to construct (transparently for you, the user) the complicated +ghostscript command line needed for your printer/driver combo. You can have a look at all the options for the Ghostscript commandline supported +by your printer and the ljet4 driver by going to the section "Execution details", +selecting your model (Laserjet 4 Plus) and clicking on "Show execution details". +This will bring up this web page: http://www.linuxprinting.org/execution.cgi?driver=ljet4&printer=75104&.submit=Show+execution+details The ingenious thing is that the database is kept current. If there +is a bug fix and an improvement somewhere in the database, you will +always get the most current and stable and feature-rich driver by following +the steps described above. Print files that arrive from MS Windows printing are "auto-typed" by CUPS. This aids -the process of determining proper treatment while in the print queue system. - - The latest and greatest improvement now is support for "custom page sizes" +for all those printers which support it. Files generated by PCL drivers and directed at PCK printers get auto-typed as - application/octet-stream. Unknown file format types also - get auto-typed with this tag. - "cupsomatic" is documented here: Files generated by a Postscript driver and directed at a Postscript printer - are auto-typed depending on the auto-detected most suitable MIME type as: - - http://www.linuxprinting.org/cups-doc.html * application/postscript More printing tutorial info may be found here: * application/vnd.cups-postscript - http://www.linuxprinting.org/kpfeifle/LinuxKongress2002/Tutorial/ "application/postscript" first goes thru the "pstops" filter (where the page counting -and accounting takes place). The outcome will be of MIME type -"application/vnd.cups-postscript". The pstopsfilter reads and uses information from -the PPD and inserts user-provided options into the PostScript file. As a consequence, -the filtered file could possibly have an unwanted PJL header. "application/postscript" will be all files with a ".ps", ".ai", ".eps" suffix or which -have as their first character string one of "%!" or "<04>%".Note, that *all* the Foomatic drivers listed on Linuxprinting.org (now +approaching the "all-time high" number of 1.000 for the supported models) +are using a special filtering chain involving Ghostscript, as described +in this document. "application/vnd.cups-postscript" will files which contain the string -"LANGUAGE=POSTSCRIPT" (or similar variations with different capitalization) in the -first 512 bytes, and also contain the "PJL super escape code" in the first 128 bytes -("<1B>%-12345X"). Very likely, most PostScript files generated on Windows using a CUPS -or other PPD, will have to be auto-typed as "vnd.cups-postscript". A file produced -with a "Generic PostScript driver" will just be tagged "application/postscript". Summary - You need: Once the file is in "application/vnd.cups-postscript" format, either "pstoraster" -or "cupsomatic" will take over (depending on the printer configuration, as -determined by the PPD in use). A "foomatic+something" PPD is not enough to print with CUPS (but it is *one* important component) A printer queue with *no* PPD associated to it is a "raw" printer and all files -will go directly there as received by the spooler. The exeptions are file types -"application/octet-stream" which need "passthrough feature" enabled. -"Raw" queues don't do any filtering at all, they hand the file directly to the -CUPS backend. This backend is responsible for the sending of the data to the device -(as in the "device URI" notation as lpd://, socket://, smb://, ipp://, http://, -parallel:/, serial:/, usb:/ etc.) The "cupsomatic" filter script (Perl) in /usr/lib/cups/filters/ Perl to make cupsomatic run Ghostscript (because it is called and controlled by the PPD/cupsomatic combo in a way to fit your printermodel/driver combo. Ghostscript *must*, depending on the driver/model, contain support for a certain "device" (as shown by "gs -h") In the case of the "hpijs" driver, you need a Ghostscript version, which +has "ijs" amongst its supported devices in "gs -h". In the case of +"hpijs+foomatic", a valid ghostscript commandline would be reading like this: gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs \ + -sIjsServer=hpijsPageSize -dDuplex=Duplex Model \ + -rResolution,PS:MediaPosition=InputSlot -dIjsUseOutputFD \ + -sOutputFile=- - "cupsomatic"/Foomatic are *not* native CUPS drivers and they don't ship with CUPS. -They are a Third Party add-on, developed at Linuxprinting.org. As such, they are -a brilliant hack to make all models (driven by Ghostscript drivers/filters in -traditional spoolers) also work via CUPS, with the same (good or bad!) quality -as in these other spoolers. "cupsomatic" is only a vehicle to execute a ghostscript -commandline at that stage in the CUPS filtering chain, where "normally" the native -CUPS "pstoraster" filter would kick in. cupsomatic by-passes pstoraster, "kidnaps" -the printfile from CUPS away and re-directs it to go through Ghostscipt. CUPS accepts this, -because the associated CUPS-O-Matic-/Foomatic-PPD specifies: *cupsFilter: "application/vnd.cups-postscript 0 cupsomatic" This line persuades CUPS to hand the file to cupsomatic, once it has successfully -converted it to the MIME type "application/vnd.cups-postscript". This conversion will not -happen for Jobs arriving from Windows which are auto-typed "application/octet-stream", -with the according changes in "/etc/cups/mime.types" in place.Note, that with CUPS and the "hpijs+foomatic" PPD (plus Perl and cupsomatic) +you don't need to remember this. You can choose the available print options +thru a GUI print command (like "glp" from ESP's commercially supported +PrintPro software, or KDE's "kprinter", or GNOME's "gtklp" or the independent +"xpp") or the CUPS web interface via human-readable drop-down selection +menus. CUPS is widely configurable and flexible, even regarding its filtering mechanism. -Another workaround in some situations would be to have -in "/etc/cups/mime.types" entries as follows: application/postscript application/vnd.cups-raw 0 - - application/vnd.cups-postscript application/vnd.cups-raw 0 - This would prevent all Postscript files from being filtered (rather, they will go -thru the virtual "nullfilter" denoted with "-"). This could only be useful for -PS printers. If you want to print PS code on non-PS printers an entry as follows -could be useful: */* application/vnd.cups-raw 0 -If you use "ESP Ghostscript" (also under the GPL, provided by Easy Software +Products, the makers of CUPS, downloadable from +http://www.cups.org/software.html, +co-maintained by the developers of linuxprinting.org), you are guaranteed to +have in use the most uptodate, bug-fixed, enhanced and stable version of a Free +Ghostscript. It contains support for ~300 devices, whereas plain vanilla +GNU Ghostscript 7.05 only has ~200. and would effectively send *all* files to the backend without further processing.If you print only one CUPS test page, from the web interface and when you try to +print a windows test page, it acts like the job was never sent: + + Can you print "standard" jobs from the CUPS machine? Are the jobs from Windows visible in the Web interface on CUPS (http://localhost:631/)? Most important: What kind of printer driver are you using on the Windows clients? Lastly, you could have the following entry: application/vnd.cups-postscript application/vnd.cups-raw 0 my_PJL_stripping_filter + +You can try to get a more detailed debugging info by setting "LogLevel debug" in +/etc/cups/cupsd.conf, re-start cupsd and investigate /var/log/cups/error_log +for the whereabouts of your Windows-originating printjobs: You will need to write a "my_PJL_stripping_filter" (could be a shellscript) that -parses the PostScript and removes the unwanted PJL. This would need to conform to -CUPS filter design (mainly, receive and pass the parameters printername, job-id, -username, jobtitle, copies, print options and possibly the filename). It would -be installed as world executable into "/usr/lib/cups/filters/" and will be called -by CUPS if it encounters a MIME type "application/vnd.cups-postscript". what does the "auto-typing" line say? which is the "MIME type" CUPS thinks is arriving from the Windows clients? are there "filter" available for this MIME type? are there "filter rules" defined in "/etc/cups/mime.convs" for this MIME type? CUPS can handle "-o job-hold-until=indefinite". This keeps the job in the queue -"on hold". It will only be printed upon manual release by the printer operator. -This is a requirement in many "central reproduction departments", where a few -operators manage the jobs of hundreds of users on some big machine, where no -user is allowed to have direct access. (The operators often need to load the -proper paper type before running the 10.000 page job requested by marketing -for the mailing, etc.). 15.3. The CUPS Filter Chains15.5. Limiting the number of pages users can print The following diagrams reveal how CUPS handles print jobs.The feature you want is dependent on the real print subsystem you're using. +Samba's part is always to receive the job files from the clients (filtered +*or* unfiltered) and hand it over to this printing subsystem. Of course one could "hack" things with one's own scripts. But there is CUPS (Common Unix Printing System). CUPS supports "quotas". +Quotas can be based on sizes of jobs or on the number of pages or both, +and are spanning any time period you want. This is an example command how root would set a print quota in CUPS, +assuming an existing printer named "quotaprinter": ######################################################################### -# -# CUPS in and of itself has this (general) filter chain (CAPITAL -# letters are FILE-FORMATS or MIME types, other are filters (this is -# true for pre-1.1.15 of pre-4.3 versions of CUPS and ESP PrintPro): -# -# SOMETHNG-FILEFORMAT -# | -# | -# V -# somethingtops -# | -# | -# V -# APPLICATION/POSTSCRIPT -# | -# | -# V -# pstops -# | -# | -# V -# APPLICATION/VND.CUPS-POSTSCRIPT -# | -# | -# V -# pstoraster # as shipped with CUPS, independent from any Ghostscipt -# | # installation on the system -# | (= "postscipt interpreter") -# | -# V -# APPLICATION/VND.CUPS-RASTER -# | -# | -# V -# rastertosomething (f.e. Gimp-Print filters may be plugged in here) -# | (= "raster driver") -# | -# V -# SOMETHING-DEVICE-SPECIFIC -# | -# | -# V -# backend -# -# -# ESP PrintPro has some enhanced "rastertosomething" filters as compared to -# CUPS, and also a somewhat improved "pstoraster" filter. -# -# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to -# CUPS and ESP PrintPro plug-in where rastertosomething is noted. -# -######################################################################### lpadmin -p quotaprinter -o job-quota-period=604800 -o job-k-limit=1024 -o job-page-limit=100This would limit every single user to print 100 pages or 1024 KB of +data (whichever comes first) within the last 604.800 seconds ( = 1 week). For CUPS to count correctly, the printfile needs to pass the CUPS "pstops" filter, +otherwise it uses a "dummy" count of "1". Some printfiles don't pass it +(eg: image files) but then those are mostly 1 page jobs anyway. This also means, +proprietary drivers for the target printer running on the client computers and +CUPS/Samba then spooling these files as "raw" (i.e. leaving them untouched, not +filtering them), will be counted as "1-pagers" too! You need to send PostScript from the clients (i.e. run a PostScript driver there) +for having the chance to get accounting done. If the printer is a non-PostScript model, +you need to let CUPS do the job to convert the file to a print-ready format for the +target printer. This will be working for currently ~1.000 different printer models, see ######################################################################### -# -# This is how "cupsomatic" comes into play: -# ========================================= -# -# SOMETHNG-FILEFORMAT -# | -# | -# V -# somethingtops -# | -# | -# V -# APPLICATION/POSTSCRIPT -# | -# | -# V -# pstops -# | -# | -# V -# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+ -# | | -# | V -# V cupsomatic -# pstoraster (constructs complicated -# | (= "postscipt interpreter") Ghostscript commandline -# | to let the file be -# V processed by a -# APPLICATION/VND.CUPS-RASTER "-sDEVICE=s.th." -# | call...) -# | | -# V | -# rastertosomething V -# | (= "raster driver") +-------------------------+ -# | | Ghostscript at work.... | -# V | | -# SOMETHING-DEVICE-SPECIFIC *-------------------------+ -# | | -# | | -# V | -# backend >------------------------------------+ -# | -# | -# V -# THE PRINTER -# -# -# Note, that cupsomatic "kidnaps" the printfile after the -# "APPLICATION/VND.CUPS-POSTSCRPT" stage and deviates it through -# the CUPS-external, systemwide Ghostscript installation, bypassing the -# "pstoraster" filter (therefor also bypassing the CUPS-raster-drivers -# "rastertosomething", and hands the rasterized file directly to the CUPS -# backend... -# -# cupsomatic is not made by the CUPS developers. It is an independent -# contribution to printing development, made by people from -# Linuxprinting.org. (see also http://www.cups.org/cups-help.html) -# -# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to -# CUPS and ESP PrintPro plug-in where rastertosomething is noted. -# -######################################################################### ######################################################################### -# -# And this is how it works for ESP PrintPro from 4.3: -# =================================================== -# -# SOMETHNG-FILEFORMAT -# | -# | -# V -# somethingtops -# | -# | -# V -# APPLICATION/POSTSCRIPT -# | -# | -# V -# pstops -# | -# | -# V -# APPLICATION/VND.CUPS-POSTSCRIPT -# | -# | -# V -# gsrip -# | (= "postscipt interpreter") -# | -# V -# APPLICATION/VND.CUPS-RASTER -# | -# | -# V -# rastertosomething (f.e. Gimp-Print filters may be plugged in here) -# | (= "raster driver") -# | -# V -# SOMETHING-DEVICE-SPECIFIC -# | -# | -# V -# backend -# -# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to -# CUPS and ESP PrintPro plug-in where rastertosomething is noted. -# -######################################################################### http://www.linuxprinting.org/printer_list.cgiBefore CUPS-1.1.16 your only option was to use the Adobe PostScript +Driver on the Windows clients. The output of this driver was not always +passed thru the "pstops" filter on the CUPS/Samba side, and therefor was +not counted correctly (the reason is that it often --- depending on the +"PPD" being used --- did write a "PJL"-header in front of the real +PostScript which made CUPS to skip the pstops and go directy to +the "pstoraster" stage). From CUPS-1.1.16 onward you can use the "CUPS PostScript Driver +for Windows NT/2K/XP clients" (it is tagged in the download area of +http://www.cups.org/ as the "cups-samba-1.1.16.tar.gz" package). +It is *not* working for Win9x/ME clients. But it: >it guarantees to not write an PJL-header it guarantees to still read and support all PJL-options named in the driver PPD with its own means it guarantees the file going thru the "pstops" filter on the CUPS/Samba server it guarantees to page-count correctly the printfile You can read more about the setup of this combination in the +manpage for "cupsaddsmb" (only present with CUPS installed, only +current with CUPS 1.1.16). These are the items CUPS logs in the "page_log" for every single *page* of a job: ######################################################################### -# -# This is how "cupsomatic" would come into play with ESP PrintPro: -# ================================================================ -# -# -# SOMETHNG-FILEFORMAT -# | -# | -# V -# somethingtops -# | -# | -# V -# APPLICATION/POSTSCRIPT -# | -# | -# V -# pstops -# | -# | -# V -# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+ -# | | -# | V -# V cupsomatic -# gsrip (constructs complicated -# | (= "postscipt interpreter") Ghostscript commandline -# | to let the file be -# V processed by a -# APPLICATION/VND.CUPS-RASTER "-sDEVICE=s.th." -# | call...) -# | | -# V | -# rastertosomething V -# | (= "raster driver") +-------------------------+ -# | | Ghostscript at work.... | -# V | | -# SOMETHING-DEVICE-SPECIFIC *-------------------------+ -# | | -# | | -# V | -# backend >------------------------------------+ -# | -# | -# V -# THE PRINTER -# -# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to -# CUPS and ESP PrintPro plug-in where rastertosomething is noted. -# -######################################################################### * Printer name + * User name + * Job ID + * Time of printing + * the page number + * the number of copies + * a billing info string (optional) Here is an extract of my CUPS server's page_log file to illustrate +the format and included items: ######################################################################### -# -# And this is how it works for CUPS from 1.1.15: -# ============================================== -# -# SOMETHNG-FILEFORMAT -# | -# | -# V -# somethingtops -# | -# | -# V -# APPLICATION/POSTSCRIPT -# | -# | -# V -# pstops -# | -# | -# V -# APPLICATION/VND.CUPS-POSTSCRIPT-----+ -# | -# +------------------v------------------------------+ -# | Ghostscript | -# | at work... | -# | (with | -# | "-sDEVICE=cups") | -# | | -# | (= "postscipt interpreter") | -# | | -# +------------------v------------------------------+ -# | -# | -# APPLICATION/VND.CUPS-RASTER >-------+ -# | -# | -# V -# rastertosomething -# | (= "raster driver") -# | -# V -# SOMETHING-DEVICE-SPECIFIC -# | -# | -# V -# backend -# -# -# NOTE: since version 1.1.15 CUPS "outsourced" the pstoraster process to -# Ghostscript. GNU Ghostscript needs to be patched to handle the -# CUPS requirement; ESP Ghostscript has this builtin. In any case, -# "gs -h" needs to show up a "cups" device. pstoraster is now a -# calling an appropriate "gs -sDEVICE=cups..." commandline to do -# the job. It will output "application/vnd.cup-raster", which will -# be finally processed by a CUPS raster driver "rastertosomething" -# Note the difference to "cupsomatic", which will *not* output -# CUPS-raster, but a final version of the printfile, ready to be -# sent to the printer. cupsomatic also doesn't use the "cups" -# devicemode in Ghostscript, but one of the classical devicemodes.... -# -# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to -# CUPS and ESP PrintPro plug-in where rastertosomething is noted. -# -######################################################################### infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 1 2 #marketing + infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 2 2 #marketing + infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 3 2 #marketing + infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 4 2 #marketing + infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 5 2 #marketing + infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 6 2 #marketing This was Job ID "40", printed on "infotec_IS2027" by user "kurt", a 6-page job +printed in 2 copies and billed to "#marketing"... What flaws or shortcomings are there? the ones named above CUPS really counts the job pages being *processsed in software* + (going thru the "RIP") rather than the physical sheets successfully + leaving the printing device -- if there is a jam while printing + the 5th sheet out of 1000 and the job is aborted by the printer, + the "page count" will still show the figure of 1000 for that job + all quotas are the same for all users (no flexibility to give the + boss a higher quota than the clerk) no support for groups + no means to read out the current balance or "used-up" number of current quota + a user having used up 99 sheets of 100 quota will still be able to send and print a 1.000 sheet job + a user being denied a job because of a filled-up quota doesn't get a meaningful + error message from CUPS other than "client-error-not-possible". + But this is the best system out there currently. And there are +huge improvements under development: page counting will go into the "backends" (these talk + directly to the printer and will increase the count in sync with the + actual printing process -- a jam at the 5th sheet will lead to a stop in the counting) quotas will be handled more flexibly probably there will be support for users to inquire their "accounts" in advance probably there will be support for some other tools around this topic Other than the current stage of the CUPS development, I don't +know any other ready-to-use tool which you could consider. You can download the driver files from +http://www.cups.org/software.html. +It is a separate package from the CUPS base software files, tagged as "CUPS 1.1.16 +Windows NT/2k/XP Printer Driver for SAMBA (tar.gz, 192k)". The filename to +download is "cups-samba-1.1.16.tar.gz". Upon untar-/unzip-ping it will reveal +the files: ######################################################################### -# -# And this is how it works for CUPS from 1.1.15, with cupsomatic included: -# ======================================================================== -# -# SOMETHNG-FILEFORMAT -# | -# | -# V -# somethingtops -# | -# | -# V -# APPLICATION/POSTSCRIPT -# | -# | -# V -# pstops -# | -# | -# V -# APPLICATION/VND.CUPS-POSTSCRIPT-----+ -# | -# +------------------v------------------------------+ -# | Ghostscript . Ghostscript at work.... | -# | at work... . (with "-sDEVICE= | -# | (with . s.th." | -# | "-sDEVICE=cups") . | -# | . | -# | (CUPS standard) . (cupsomatic) | -# | . | -# | (= "postscript interpreter") | -# | . | -# +------------------v--------------v---------------+ -# | | -# | | -# APPLICATION/VND.CUPS-RASTER >-------+ | -# | | -# | | -# V | -# rasterto cups-samba.install + cups-samba.license + cups-samba.readme + cups-samba.remove + cups-samba.ss These have been packaged with the ESP meta packager software "EPM". The +*.install and *.remove files are simple shell script, which untars the +*.ss (which is nothing else than a tar-archive) and puts its contents +into /usr/share/cups/drivers/. Its contents are 3 files: cupsdrvr.dll + cupsui.dll + cups.hlp ATTENTION: due to a bug one CUPS release puts the cups.hlp +into /usr/share/drivers/ instead of +/usr/share/cups/drivers/. To work around this, copy/move +the file after running the "./cups-samba.install" script manually to the right place: cp /usr/share/drivers/cups.hlp /usr/share/cups/drivers/ This new CUPS PostScript driver is currently binary-only, but free +no source code is provided (yet). The reason is this: it has +been developed with the help of the Microsoft Driver Developer Kit (DDK) +and compiled with Microsoft Visual Studio 6. It is not clear to the driver +developers if they are allowed to distribute the whole of the source code +as Free Software. However, they will likely release the "diff" in source +code under the GPL, so anybody with a license of Visual Studio and a DDK +will be able to compile for him/herself. Once you have run the install script (and possibly manually moved the +"cups.hlp" file to "/usr/share/cups/drivers/"), the driver is ready to be +put into Samba's [print$] share (which often maps to "/etc/samba/drivers/" +and contains a subdir tree with WIN40 and W32X86 branches), by running +"cupsaddsmb" (see also "man cupsaddsmb" for CUPS 1.1.16). [Don't forget to +put root into the smbpasswd file by running "smbpasswd" should you run +this whole procedure for the first time.] Once the driver files are in the +[print$] share, they are ready to be downloaded and installed by the +Win NT/2k/XP clients. NOTE 1: Win 9x/ME clients won't work with this driver. For these you'd +still need to use the ADOBE*.* drivers as previously. NOTE 2: It is not harming if you've still the ADOBE*.* driver files from +previous installations in the "/usr/share/cups/drivers/" directory. +The new cupsaddsmb (from 1.1.16) will automatically use the +"newest" installed driver (which here then is the CUPS drivers). NOTE 3: Should your Win clients have had the old ADOBE*.* files and the +Adobe PostScript drivers installed, the download and installation +of the new CUPS PostScript driver for Windows NT/2k/XP will fail +at first. It is not enough to "delete" the printer (as the driver files +will still be kept by the clients and re-used if you try to +re-install the printer). To really get rid of the Adobe driver +files on the clients, open the "Printers" folder (possibly via +"Start --> Settings --> Control Panel --> Printers"), right-click +onto the folder background and select "Server Properties". A +new dialog opens; select the "Drivers" tab; on the list select +the driver you want to delete and click on the "Delete" button. +(This will only work if there is no single printer left which +uses that particular driver -- you need to "delete" all printers +using this driver in the "Printers" folder first.) Once you have successfully downloaded the CUPS PostScript driver +to a client, you can easily switch all printers to this one +by proceeding as described elsewhere in the "Samba HOWTO +Collection" to change a driver for an existing printer. What are the benefits with the "CUPS PostScript driver for Windows NT/2k/XP" +as compared to the Adobe drivers? no hassle with the Adobe EULA + no hassle with the question "where do I get the ADOBE*.* driver files from?" + the Adobe drivers (depending on the printer PPD associated with them) + often put a PJL header in front of the core PostScript part of the print + file (thus the file starts with "something | -# | (= "raster driver") | -# | | -# V | -# SOMETHING-DEVICE-SPECIFIC >------------------------+ -# | -# | -# V -# backend -# -# -# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to -# CUPS and ESP PrintPro plug-in where rasterto1B%-12345X" or "something is noted. -# -##########################################################################escape%-12345X" + instead of "%!PS"). This leads to the CUPS daemon autotyping the + arriving file as a print-ready file, not requiring a pass thru the + "pstops" filter (to speak more technical, it is not regarded as the + generic MIME type "application/postscript", but as the more special + MIME type "application/cups.vnd-postscript"), which therefore also + leads to the page accounting in "/var/log/cups/page_log" not receiving + the exact mumber of pages; instead the dummy page number of "1" is + logged in a standard setup) + the Adobe driver has more options to "mis-configure" the PostScript + generated by it (like setting it inadvertedly to "Optimize for Speed", + instead of "Optimize for Portability", which could lead to CUPS being + unable to process it) + the CUPS PostScript driver output sent by Windows clients to the CUPS + server will be guaranteed to be auto-typed as generic MIME type + "application/postscript", thusly passing thru the CUPS "pstops" filter + and logging the correct number of pages in the page_log for accounting + and quota purposes + the CUPS PostScript driver supports the sending of additional print + options by the Win NT/2k/XP clients, such as naming the CUPS standard + banner pages (or the custom ones, should they be installed at the time + of driver download), using the CUPS "page-label" option, setting a + job-priority and setting the scheduled time of printing (with the option + to support additional useful IPP job attributes in the future). + the CUPS PostScript driver supports the inclusion of the new + "*cupsJobTicket" comments at the beginnig of the PostScript file (which + could be used in the future for all sort of beneficial extensions on + the CUPS side, but which will not disturb any other application as those + will regard it as a comment and simply ignore it). + the CUPS PostScript driver will be the heart of the fully fledged CUPS + IPP client for Windows NT/2k/XP to be released soon (probably alongside + the first Beta release for CUPS 1.2). + 15.4. CUPS Print Drivers and Devices15.6. Advanced Postscript Printing from MS Windows CUPS ships with good support for HP LaserJet type printers. You can install -the driver as follows: - - Let the Windows Clients use a PostScript driver to deliver poistscript to +the samba print server (just like any Linux or Unix Client would also use +PostScript to send to the server) lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -m laserjet.ppd - - -(The "-m" switch will retrieve the "laserjet.ppd" from the standard repository -for not-yet-installed-PPDs, which CUPS typically stores in -/usr/share/cups/model. Alternatively, you may use -"-P /absolute/filesystem/path/to/where/there/is/PPD/your.ppd"). 15.4.1. Further printing stepsMake the Unix printing subsystem to which Samba sends the job convert the +incoming PostScript files to the native print format of the target printers +(would be PCL if you have an HP printer) Always also consult the database on linuxprinting.org for all recommendations -about which driver is best used for each printer:Now if you are afraid that this would just mean using a *Generic* PostScript +driver for the clients that has no Simplex/Duplex selection, and no paper tray +choice, but you need them to be able to set up print jobs, with all the bells +and whistles of your printers:- http://www.linuxprinting.org/printer_list.cgi Not possible with traditional spooling systems But perfectly supported by CUPS (which uses "PPD" files to + describe how to control the print options for PostScript and + non-PostScript devices alike... + There select your model and click on "Show". You'll arrive at a page listing -all drivers working with your model. There will always be *one* -recommended one. Try this one first. In your case -("HP LaserJet 4 Plus"), you'll arrive here: CUPS PPDs are working perfectly on Windows clients who use Adobe PostScript +drivers (or the new CUPS PostScript driver for Windows NT/2K/XP). Clients can use +them to setup the job to their liking and CUPS will use the received job options +to make the (PCL-, ESC/P- or PostScript-) printer behave as required. If you want to have the additional benefit of page count logging and accounting +then the CUPS PostScript driver is the best choice (better than the Adobe one). If you want to make the drivers downloadable for the clients then "cupsaddsmb" is +your friend. It will setup the [print$] share on the Samba host to be ready to serve +the clients for a "point and print" driver installation. http://www.linuxprinting.org/show_printer.cgi?recnum=75104 The recommended driver is "ljet4". It has a link to the page for the ljet4 -driver too: What strings are attached? http://www.linuxprinting.org/show_driver.cgi?driver=ljet4 There are some. But, given the sheer CPU power you can buy nowadays, +these can be overcome easily. The strings: On the driver's page, you'll find important and detailed info about how to use -that driver within the various available spoolers. You can generate a PPD for -CUPS. The PPD contains all the info about how to use your model and the driver; -this is, once installed, working transparently for the user -- you'll only -need to choose resolution, paper size etc. from the web-based menu or from -the print dialog GUI or from the commandline...Well, if the CUPS/Samba side will have to print to many printers serving many users, +you probably will need to set up a second server (which can do automatic load balancing +with the first one, plus a degree of fail-over mechanism). Converting the incoming +PostScript jobs, "interpreting" them for non-PostScript printers, amounts to the work +of a "RIP" (Raster Image Processor) done in software. This requires more CPU and RAM +than for the mere "raw spooling" task your current setup is solving. It all depends +on the avarage and peak printing load the server should be able to handle. 15.7. Auto-Deletion of CUPS spool files On the driver's page, choose to use the "PPD-O-Matic" online PPD generator -program. Select your model and click "Generate PPD file". When you safe the -appearing ASCII text file, don't use "cut'n'past" (as it could possiblly corrupt -line endings and tabs), but use "Save as..." in your browser's menu. Save it -at "/some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd"Samba print files pass thru two "spool" directories. One the incoming directory +managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] +section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. +For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive +"RequestRoot /var/spool/cups". Then install the printer:I am not sure, which one of your directories keeps the files. From what you say, +it is most likely the Samba part. For the CUPS part, you may want to consult: "lpadmin -p laserjet4plus -v parallel:/dev/lp0 -E -P /some/path/on/your/filesystem/somewhere/my-name-for-my-printer.ppd" http://localhost:631/sam.html#PreserveJobFiles and + http://localhost:631/sam.html#PreserveJobHistory and + http://localhost:631/sam.html#MaxJobsNote, that for all the "Foomatic-PPDs" from Linuxprinting.org, you also need -a special "CUPS filter" named "cupsomatic". Get the latest version of -"cupsomatic" from:There are the settings described for your CUPS daemon, which could lead to completed +job files not being deleted. http://www.linuxprinting.org/cupsomatic"PreserveJobHistory Yes" -- keeps some details of jobs in +cupsd's mind (well it keeps the "c12345", "c12346" etc. files +in the CUPS spool directory, which do a similar job as the +old-fashioned BSD-LPD control files). This is set to "Yes" +as a default. This needs to be copied to /usr/lib/cups/filter/cupsomatic -and be made world executable. This filter is needed to read and act upon the -specially encoded Foomatic comments, embedded in the printfile, which in turn -are used to construct (transparently for you, the user) the complicated -ghostscript command line needed for your printer/driver combo."PreserveJobFiles Yes" -- keeps the job files themselves in +cupsd's mind (well it keeps the "d12345", "d12346" etc. files +in the CUPS spool directory...). This is set to "No" as the +CUPS default. You can have a look at all the options for the Ghostscript commandline supported -by your printer and the ljet4 driver by going to the section "Execution details", -selecting your model (Laserjet 4 Plus) and clicking on "Show execution details". -This will bring up this web page:"MaxJobs 500" -- this directive controls the maximum number +of jobs that are kept in memory. Once the number of jobs +reaches the limit, the oldest completed job is automatically +purged from the system to make room for the new one. If all +of the known jobs are still pending or active then the new +job will be rejected. Setting the maximum to 0 disables this +functionality. The default setting is 0. (There are also additional settings for "MaxJobsPerUser" and +"MaxJobsPerPrinter"...) For everything to work as announced, you need to have three things: http://www.linuxprinting.org/execution.cgi?driver=ljet4&printer=75104&.submit=Show+execution+details a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") + a Samba-smb.conf setting of "printing = cups" + another Samba-smb.conf setting of "printcap = cups" + The ingenious thing is that the database is kept current. If there -is a bug fix and an improvement somewhere in the database, you will -always get the most current and stable and feature-rich driver by following -the steps described above. Till Kamppeter from MandrakeSoft is doing an excellent job here that too few -people are aware of. (So if you use it often, please send him a note showing -your appreciation).Note, that in this case all other manually set printing-related +commands (like "print command", "lpq command", "lprm command", +"lppause command" or "lpresume command") are ignored and they +should normally have no influence what-so-ever on your printing. The latest and greatest improvement now is support for "custom page sizes" -for all those printers which support it.If you want to do things manually, replace the "printing = cups" +by "printing = bsd". Then your manually set commands may work +(haven't tested this), and a "print command = lp -d %P %s; rm %s" +may do what you need. "cupsomatic" is documented here:You forgot to mention the CUPS version you're using. If you did +set things up as described in the man pages, then the Samba +spool files should be deleted. Otherwise it may be a bug. On +the CUPS side, you can control the behaviour as described +above. If you have more problems, post the output of these commands: grep -v ^# /etc/cups/cupsd.conf | grep -v ^$ + grep -v ^# /etc/samba/smb.conf | grep -v ^$ | grep -v "^;" (adapt paths as needed). These commands sanitize the files +and cut out the empty lines and lines with comments, providing +the "naked settings" in a compact way. http://www.linuxprinting.org/cups-doc.htmlChapter 16. Unified Logons between Windows NT and UNIX using Winbind 16.1. Abstract Integration of UNIX and Microsoft Windows NT through + a unified logon has been considered a "holy grail" in heterogeneous + computing environments for a long time. We present + winbind, a component of the Samba suite + of programs as a solution to the unified logon problem. Winbind + uses a UNIX implementation + of Microsoft RPC calls, Pluggable Authentication Modules, and the Name + Service Switch to allow Windows NT domain users to appear and operate + as UNIX users on a UNIX machine. This paper describes the winbind + system, explaining the functionality it provides, how it is configured, + and how it works internally. 16.2. Introduction It is well known that UNIX and Microsoft Windows NT have + different models for representing user and group information and + use different technologies for implementing them. This fact has + made it difficult to integrate the two systems in a satisfactory + manner. One common solution in use today has been to create + identically named user accounts on both the UNIX and Windows systems + and use the Samba suite of programs to provide file and print services + between the two. This solution is far from perfect however, as + adding and deleting users on both sets of machines becomes a chore + and two sets of passwords are required both of which + can lead to synchronization problems between the UNIX and Windows + systems and confusion for users. We divide the unified logon problem for UNIX machines into + three smaller problems: More printing tutorial info may be found here:Obtaining Windows NT user and group information + Authenticating Windows NT users + Password changing for Windows NT users + Ideally, a prospective solution to the unified logon problem + would satisfy all the above components without duplication of + information on the UNIX machines and without creating additional + tasks for the system administrator when maintaining users and + groups on either system. The winbind system provides a simple + and elegant solution to all three components of the unified logon + problem. 16.3. What Winbind Provides Winbind unifies UNIX and Windows NT account management by + allowing a UNIX box to become a full member of a NT domain. Once + this is done the UNIX box will see NT users and groups as if + they were native UNIX users and groups, allowing the NT domain + to be used in much the same manner that NIS+ is used within + UNIX-only environments. The end result is that whenever any + program on the UNIX machine asks the operating system to lookup + a user or group name, the query will be resolved by asking the + NT domain controller for the specified domain to do the lookup. + Because Winbind hooks into the operating system at a low level + (via the NSS name resolution modules in the C library) this + redirection to the NT domain controller is completely + transparent. Users on the UNIX machine can then use NT user and group + names as they would use "native" UNIX names. They can chown files + so that they are owned by NT domain users or even login to the + UNIX machine and run a UNIX X-Window session as a domain user. The only obvious indication that Winbind is being used is + that user and group names take the form DOMAIN\user and + DOMAIN\group. This is necessary as it allows Winbind to determine + that redirection to a domain controller is wanted for a particular + lookup and which trusted domain is being referenced. Additionally, Winbind provides an authentication service + that hooks into the Pluggable Authentication Modules (PAM) system + to provide authentication via a NT domain to any PAM enabled + applications. This capability solves the problem of synchronizing + passwords between systems since all passwords are stored in a single + location (on the domain controller). 16.3.1. Target Uses Winbind is targeted at organizations that have an + existing NT based domain infrastructure into which they wish + to put UNIX workstations or servers. Winbind will allow these + organizations to deploy UNIX workstations without having to + maintain a separate account infrastructure. This greatly + simplifies the administrative overhead of deploying UNIX + workstations into a NT based organization. Another interesting way in which we expect Winbind to + be used is as a central part of UNIX based appliances. Appliances + that provide file and print services to Microsoft based networks + will be able to use Winbind to provide seamless integration of + the appliance into the domain. 16.4. How Winbind Works The winbind system is designed around a client/server + architecture. A long running winbindd daemon + listens on a UNIX domain socket waiting for requests + to arrive. These requests are generated by the NSS and PAM + clients and processed sequentially. The technologies used to implement winbind are described + in detail below. 16.4.1. Microsoft Remote Procedure Calls Over the last few years, efforts have been underway + by various Samba Team members to decode various aspects of + the Microsoft Remote Procedure Call (MSRPC) system. This + system is used for most network related operations between + Windows NT machines including remote management, user authentication + and print spooling. Although initially this work was done + to aid the implementation of Primary Domain Controller (PDC) + functionality in Samba, it has also yielded a body of code which + can be used for other purposes. Winbind uses various MSRPC calls to enumerate domain users + and groups and to obtain detailed information about individual + users or groups. Other MSRPC calls can be used to authenticate + NT domain users and to change user passwords. By directly querying + a Windows PDC for user and group information, winbind maps the + NT account information onto UNIX user and group names. http://www.linuxprinting.org/kpfeifle/LinuxKongress2002/Tutorial/ 16.4.2. Microsoft Active Directory Services Note, that *all* the Foomatic drivers listed on Linuxprinting.org (now -approaching the "all-time high" number of 1.000 for the supported models) -are using a special filtering chain involving Ghostscript, as described -in this document. Since late 2001, Samba has gained the ability to + interact with Microsoft Windows 2000 using its 'Native + Mode' protocols, rather than the NT4 RPC services. + Using LDAP and Kerberos, a domain member running + winbind can enumerate users and groups in exactly the + same way as a Win2k client would, and in so doing + provide a much more efficient and + effective winbind implementation. + 16.4.3. Name Service Switch Summary - You need:The Name Service Switch, or NSS, is a feature that is + present in many UNIX operating systems. It allows system + information such as hostnames, mail aliases and user information + to be resolved from different sources. For example, a standalone + UNIX workstation may resolve system information from a series of + flat files stored on the local filesystem. A networked workstation + may first attempt to resolve system information from local files, + and then consult a NIS database for user information or a DNS server + for hostname information. The NSS application programming interface allows winbind + to present itself as a source of system information when + resolving UNIX usernames and groups. Winbind uses this interface, + and information obtained from a Windows NT server using MSRPC + calls to provide a new source of account enumeration. Using standard + UNIX library calls, one can enumerate the users and groups on + a UNIX machine running winbind and see all users and groups in + a NT domain plus any trusted domain as though they were local + users and groups. A "foomatic+something" PPD is not enough to print with CUPS (but it is *one* important component) The "cupsomatic" filter script (Perl) in The primary control file for NSS is + /usr/lib/cups/filters/ Perl to make cupsomatic run Ghostscript (because it is called and controlled by the PPD/cupsomatic combo in a way to fit your printermodel/driver combo. Ghostscript *must*, depending on the driver/model, contain support for a certain "device" (as shown by "gs -h") In the case of the "hpijs" driver, you need a Ghostscript version, which -has "ijs" amongst its supported devices in "gs -h". In the case of -"hpijs+foomatic", a valid ghostscript commandline would be reading like this: /etc/nsswitch.conf. + When a UNIX application makes a request to do a lookup + the C library looks in /etc/nsswitch.conf + for a line which matches the service type being requested, for + example the "passwd" service type is used when user or group names + are looked up. This config line species which implementations + of that service should be tried and in what order. If the passwd + config line is: gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs \ - -sIjsServer=hpijsPageSize -dDuplex=Duplex Model \ - -rResolution,PS:MediaPosition=InputSlot -dIjsUseOutputFD \ - -sOutputFile=- - passwd: files example then the C library will first load a module called + /lib/libnss_files.so followed by + the module /lib/libnss_example.so. The + C library will dynamically load each of these modules in turn + and call resolver functions within the modules to try to resolve + the request. Once the request is resolved the C library returns the + result to the application. Note, that with CUPS and the "hpijs+foomatic" PPD (plus Perl and cupsomatic) -you don't need to remember this. You can choose the available print options -thru a GUI print command (like "glp" from ESP's commercially supported -PrintPro software, or KDE's "kprinter", or GNOME's "gtklp" or the independent -"xpp") or the CUPS web interface via human-readable drop-down selection -menus.This NSS interface provides a very easy way for Winbind + to hook into the operating system. All that needs to be done + is to put libnss_winbind.so in /lib/ + then add "winbind" into /etc/nsswitch.conf at + the appropriate place. The C library will then call Winbind to + resolve user and group names. 16.4.4. Pluggable Authentication Modules If you use "ESP Ghostscript" (also under the GPL, provided by Easy Software -Products, the makers of CUPS, downloadable from -http://www.cups.org/software.html, -co-maintained by the developers of linuxprinting.org), you are guaranteed to -have in use the most uptodate, bug-fixed, enhanced and stable version of a Free -Ghostscript. It contains support for ~300 devices, whereas plain vanilla -GNU Ghostscript 7.05 only has ~200.Pluggable Authentication Modules, also known as PAM, + is a system for abstracting authentication and authorization + technologies. With a PAM module it is possible to specify different + authentication methods for different system applications without + having to recompile these applications. PAM is also useful + for implementing a particular policy for authorization. For example, + a system administrator may only allow console logins from users + stored in the local password file but only allow users resolved from + a NIS database to log in over the network. If you print only one CUPS test page, from the web interface and when you try to -print a windows test page, it acts like the job was never sent: - - Can you print "standard" jobs from the CUPS machine? Are the jobs from Windows visible in the Web interface on CUPS (http://localhost:631/)? Most important: What kind of printer driver are you using on the Windows clients?Winbind uses the authentication management and password + management PAM interface to integrate Windows NT users into a + UNIX system. This allows Windows NT users to log in to a UNIX + machine and be authenticated against a suitable Primary Domain + Controller. These users can also change their passwords and have + this change take effect directly on the Primary Domain Controller. + - -You can try to get a more detailed debugging info by setting "LogLevel debug" in -PAM is configured by providing control files in the directory + /etc/pam.d/ for each of the services that + require authentication. When an authentication request is made + by an application the PAM code in the C library looks up this + control file to determine what modules to load to do the + authentication check and in what order. This interface makes adding + a new authentication service for Winbind very easy, all that needs + to be done is that the /etc/cups/cupsd.conf, re-start cupsd and investigate pam_winbind.so module + is copied to /var/log/cups/error_log -for the whereabouts of your Windows-originating printjobs: /lib/security/ and the PAM + control files for relevant services are updated to allow + authentication via winbind. See the PAM documentation + for more details. 16.4.5. User and Group ID Allocation what does the "auto-typing" line say? which is the "MIME type" CUPS thinks is arriving from the Windows clients? are there "filter" available for this MIME type? are there "filter rules" defined in "/etc/cups/mime.convs" for this MIME type?When a user or group is created under Windows NT + is it allocated a numerical relative identifier (RID). This is + slightly different to UNIX which has a range of numbers that are + used to identify users, and the same range in which to identify + groups. It is winbind's job to convert RIDs to UNIX id numbers and + vice versa. When winbind is configured it is given part of the UNIX + user id space and a part of the UNIX group id space in which to + store Windows NT users and groups. If a Windows NT user is + resolved for the first time, it is allocated the next UNIX id from + the range. The same process applies for Windows NT groups. Over + time, winbind will have mapped all Windows NT users and groups + to UNIX user ids and group ids. The results of this mapping are stored persistently in + an ID mapping database held in a tdb database). This ensures that + RIDs are mapped to UNIX IDs in a consistent way. 16.4.6. Result Caching An active system can generate a lot of user and group + name lookups. To reduce the network cost of these lookups winbind + uses a caching scheme based on the SAM sequence number supplied + by NT domain controllers. User or group information returned + by a PDC is cached by winbind along with a sequence number also + returned by the PDC. This sequence number is incremented by + Windows NT whenever any user or group information is modified. If + a cached entry has expired, the sequence number is requested from + the PDC and compared against the sequence number of the cached entry. + If the sequence numbers do not match, then the cached information + is discarded and up to date information is requested directly + from the PDC. 15.5. Limiting the number of pages users can print16.5. Installation and Configuration The feature you want is dependent on the real print subsystem you're using. -Samba's part is always to receive the job files from the clients (filtered -*or* unfiltered) and hand it over to this printing subsystem. Many thanks to John Trostel jtrostel@snapserver.com +for providing the HOWTO for this section. Of course one could "hack" things with one's own scripts.This HOWTO describes how to get winbind services up and running +to control access and authenticate users on your Linux box using +the winbind services which come with SAMBA 2.2.2. 16.5.1. Introduction But there is CUPS (Common Unix Printing System). CUPS supports "quotas". -Quotas can be based on sizes of jobs or on the number of pages or both, -and are spanning any time period you want.This HOWTO describes the procedures used to get winbind up and +running on my RedHat 7.1 system. Winbind is capable of providing access +and authentication control for Windows Domain users through an NT +or Win2K PDC for 'regular' services, such as telnet a nd ftp, as +well for SAMBA services. This is an example command how root would set a print quota in CUPS, -assuming an existing printer named "quotaprinter": lpadmin -p quotaprinter -o job-quota-period=604800 -o job-k-limit=1024 -o job-page-limit=100This HOWTO has been written from a 'RedHat-centric' perspective, so if +you are using another distribution, you may have to modify the instructions +somewhat to fit the way your distribution works. This would limit every single user to print 100 pages or 1024 KB of -data (whichever comes first) within the last 604.800 seconds ( = 1 week). For CUPS to count correctly, the printfile needs to pass the CUPS "pstops" filter, -otherwise it uses a "dummy" count of "1". Some printfiles don't pass it -(eg: image files) but then those are mostly 1 page jobs anyway. This also means, -proprietary drivers for the target printer running on the client computers and -CUPS/Samba then spooling these files as "raw" (i.e. leaving them untouched, not -filtering them), will be counted as "1-pagers" too! Why should I to this? + You need to send PostScript from the clients (i.e. run a PostScript driver there) -for having the chance to get accounting done. If the printer is a non-PostScript model, -you need to let CUPS do the job to convert the file to a print-ready format for the -target printer. This will be working for currently ~1.000 different printer models, see http://www.linuxprinting.org/printer_list.cgiThis allows the SAMBA administrator to rely on the + authentication mechanisms on the NT/Win2K PDC for the authentication + of domain members. NT/Win2K users no longer need to have separate + accounts on the SAMBA server. + Before CUPS-1.1.16 your only option was to use the Adobe PostScript -Driver on the Windows clients. The output of this driver was not always -passed thru the "pstops" filter on the CUPS/Samba side, and therefor was -not counted correctly (the reason is that it often --- depending on the -"PPD" being used --- did write a "PJL"-header in front of the real -PostScript which made CUPS to skip the pstops and go directy to -the "pstoraster" stage). Who should be reading this document? + From CUPS-1.1.16 onward you can use the "CUPS PostScript Driver -for Windows NT/2K/XP clients" (it is tagged in the download area of -http://www.cups.org/ as the "cups-samba-1.1.16.tar.gz" package). -It is *not* working for Win9x/ME clients. But it: This HOWTO is designed for system administrators. If you are + implementing SAMBA on a file server and wish to (fairly easily) + integrate existing NT/Win2K users from your PDC onto the + SAMBA server, this HOWTO is for you. That said, I am no NT or PAM + expert, so you may find a better or easier way to accomplish + these tasks. + 16.5.2. Requirements If you have a samba configuration file that you are currently +using... BACK IT UP! If your system already uses PAM, +back up the /etc/pam.d directory +contents! If you haven't already made a boot disk, +MAKE ONE NOW! >it guarantees to not write an PJL-header it guarantees to still read and support all PJL-options named in the driver PPD with its own means it guarantees the file going thru the "pstops" filter on the CUPS/Samba server it guarantees to page-count correctly the printfile Messing with the pam configuration files can make it nearly impossible +to log in to yourmachine. That's why you want to be able to boot back +into your machine in single user mode and restore your +/etc/pam.d back to the original state they were in if +you get frustrated with the way things are going. ;-) You can read more about the setup of this combination in the -manpage for "cupsaddsmb" (only present with CUPS installed, only -current with CUPS 1.1.16).The latest version of SAMBA (version 3.0 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +main SAMBA web page or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code. These are the items CUPS logs in the "page_log" for every single *page* of a job:To allow Domain users the ability to access SAMBA shares and +files, as well as potentially other services provided by your +SAMBA machine, PAM (pluggable authentication modules) must +be setup properly on your machine. In order to compile the +winbind modules, you should have at least the pam libraries resident +on your system. For recent RedHat systems (7.1, for instance), that +means pam-0.74-22. For best results, it is helpful to also +install the development packages in pam-devel-0.74-22. 16.5.3. Testing Things Out * Printer name - * User name - * Job ID - * Time of printing - * the page number - * the number of copies - * a billing info string (optional) Before starting, it is probably best to kill off all the SAMBA +related daemons running on your server. Kill off all smbd, +nmbd, and winbindd processes that may +be running. To use PAM, you will want to make sure that you have the +standard PAM package (for RedHat) which supplies the /etc/pam.d +directory structure, including the pam modules are used by pam-aware +services, several pam libraries, and the /usr/doc +and /usr/man entries for pam. Winbind built better +in SAMBA if the pam-devel package was also installed. This package includes +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both pam-0.74-22 and +pam-devel-0.74-22 RPMs installed. 16.5.3.1. Configure and compile SAMBA Here is an extract of my CUPS server's page_log file to illustrate -the format and included items:The configuration and compilation of SAMBA is pretty straightforward. +The first three steps may not be necessary depending upon +whether or not you have previously built the Samba binaries. infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 1 2 #marketing - infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 2 2 #marketing - infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 3 2 #marketing - infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 4 2 #marketing - infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 5 2 #marketing - infotec_IS2027 kurt 40 [22/Nov/2002:13:18:03 +0100] 6 2 #marketing root# autoconf +root# make clean +root# rm config.cache +root# ./configure +root# make +root# make install This was Job ID "40", printed on "infotec_IS2027" by user "kurt", a 6-page job -printed in 2 copies and billed to "#marketing"... What flaws or shortcomings are there? This will, by default, install SAMBA in /usr/local/samba. +See the main SAMBA documentation if you want to install SAMBA somewhere else. +It will also build the winbindd executable and libraries. 16.5.3.2. Configure nsswitch.conf and the +winbind libraries the ones named above CUPS really counts the job pages being *processsed in software* - (going thru the "RIP") rather than the physical sheets successfully - leaving the printing device -- if there is a jam while printing - the 5th sheet out of 1000 and the job is aborted by the printer, - the "page count" will still show the figure of 1000 for that job - all quotas are the same for all users (no flexibility to give the - boss a higher quota than the clerk) no support for groups - no means to read out the current balance or "used-up" number of current quota - a user having used up 99 sheets of 100 quota will still be able to send and print a 1.000 sheet job - a user being denied a job because of a filled-up quota doesn't get a meaningful - error message from CUPS other than "client-error-not-possible". - The libraries needed to run the winbindd daemon +through nsswitch need to be copied to their proper locations, so root# cp ../samba/source/nsswitch/libnss_winbind.so /lib But this is the best system out there currently. And there are -huge improvements under development: page counting will go into the "backends" (these talk - directly to the printer and will increase the count in sync with the - actual printing process -- a jam at the 5th sheet will lead to a stop in the counting) quotas will be handled more flexibly probably there will be support for users to inquire their "accounts" in advance probably there will be support for some other tools around this topic I also found it necessary to make the following symbolic link: root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 Other than the current stage of the CUPS development, I don't -know any other ready-to-use tool which you could consider. You can download the driver files from -http://www.cups.org/software.html. -It is a separate package from the CUPS base software files, tagged as "CUPS 1.1.16 -Windows NT/2k/XP Printer Driver for SAMBA (tar.gz, 192k)". The filename to -download is "cups-samba-1.1.16.tar.gz". Upon untar-/unzip-ping it will reveal -the files: cups-samba.install - cups-samba.license - cups-samba.readme - cups-samba.remove - cups-samba.ss And, in the case of Sun solaris: root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 +root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 +root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2 These have been packaged with the ESP meta packager software "EPM". The -*.install and *.remove files are simple shell script, which untars the -*.ss (which is nothing else than a tar-archive) and puts its contents -into Now, as root you need to edit /usr/share/cups/drivers/. Its contents are 3 files: /etc/nsswitch.conf to +allow user and group entries to be visible from the winbindd +daemon. My /etc/nsswitch.conf file look like +this after editing: cupsdrvr.dll - cupsui.dll - cups.hlp passwd: files winbind + shadow: files + group: files winbind +The libraries needed by the winbind daemon will be automatically +entered into the ldconfig cache the next time +your system reboots, but it +is faster (and you don't need to reboot) if you do it manually: root# /sbin/ldconfig -v | grep winbind ATTENTION: due to a bug one CUPS release puts the This makes cups.hlp -into libnss_winbind available to winbindd +and echos back a check to you. 16.5.3.3. Configure smb.conf Several parameters are needed in the smb.conf file to control +the behavior of winbindd. Configure +/usr/share/drivers/ instead of +>smb.conf These are described in more detail in +the winbindd(8) man page. My /usr/share/cups/drivers/. To work around this, copy/move -the file after running the "./cups-samba.install" script manually to the right place:smb.conf file was modified to +include the following entries in the [global] section: cp /usr/share/drivers/cups.hlp /usr/share/cups/drivers/[global] + <...> + # separate domain and username with '+', like DOMAIN+username + winbind separator = + + # use uids from 10000 to 20000 for domain users + winbind uid = 10000-20000 + # use gids from 10000 to 20000 for domain groups + winbind gid = 10000-20000 + # allow enumeration of winbind users and groups + winbind enum users = yes + winbind enum groups = yes + # give winbind users a real shell (only needed if they have telnet access) + template homedir = /home/winnt/%D/%U + template shell = /bin/bash This new CUPS PostScript driver is currently binary-only, but free -no source code is provided (yet). The reason is this: it has -been developed with the help of the Microsoft Driver Developer Kit (DDK) -and compiled with Microsoft Visual Studio 6. It is not clear to the driver -developers if they are allowed to distribute the whole of the source code -as Free Software. However, they will likely release the "diff" in source -code under the GPL, so anybody with a license of Visual Studio and a DDK -will be able to compile for him/herself. 16.5.3.4. Join the SAMBA server to the PDC domain Once you have run the install script (and possibly manually moved the -"cups.hlp" file to "/usr/share/cups/drivers/"), the driver is ready to be -put into Samba's [print$] share (which often maps to "/etc/samba/drivers/" -and contains a subdir tree with WIN40 and W32X86 branches), by running -"cupsaddsmb" (see also "man cupsaddsmb" for CUPS 1.1.16). [Don't forget to -put root into the smbpasswd file by running "smbpasswd" should you run -this whole procedure for the first time.] Once the driver files are in the -[print$] share, they are ready to be downloaded and installed by the -Win NT/2k/XP clients. Enter the following command to make the SAMBA server join the +PDC domain, where DOMAIN is the name of +your Windows domain and Administrator is +a domain user who has administrative privileges in the domain. root# /usr/local/samba/bin/net join -S PDC -U Administrator NOTE 1: Win 9x/ME clients won't work with this driver. For these you'd -still need to use the ADOBE*.* drivers as previously.The proper response to the command should be: "Joined the domain +DOMAIN" where DOMAIN +is your DOMAIN name. 16.5.3.5. Start up the winbindd daemon and test it! Eventually, you will want to modify your smb startup script to +automatically invoke the winbindd daemon when the other parts of +SAMBA start, but it is possible to test out just the winbind +portion first. To start up winbind services, enter the following +command as root: root# /usr/local/samba/bin/winbindd NOTE 2: It is not harming if you've still the ADOBE*.* driver files from -previous installations in the "/usr/share/cups/drivers/" directory. -The new cupsaddsmb (from 1.1.16) will automatically use the -"newest" installed driver (which here then is the CUPS drivers). Winbindd can now also run in 'dual daemon mode'. This will make it +run as 2 processes. The first will answer all requests from the cache, +thus making responses to clients faster. The other will +update the cache for the query that the first has just responded. +Advantage of this is that responses stay accurate and are faster. +You can enable dual daemon mode by adding '-B' to the commandline: root# /usr/local/samba/bin/winbindd -B NOTE 3: Should your Win clients have had the old ADOBE*.* files and the -Adobe PostScript drivers installed, the download and installation -of the new CUPS PostScript driver for Windows NT/2k/XP will fail -at first. It is not enough to "delete" the printer (as the driver files -will still be kept by the clients and re-used if you try to -re-install the printer). To really get rid of the Adobe driver -files on the clients, open the "Printers" folder (possibly via -"Start --> Settings --> Control Panel --> Printers"), right-click -onto the folder background and select "Server Properties". A -new dialog opens; select the "Drivers" tab; on the list select -the driver you want to delete and click on the "Delete" button. -(This will only work if there is no single printer left which -uses that particular driver -- you need to "delete" all printers -using this driver in the "Printers" folder first.) I'm always paranoid and like to make sure the daemon +is really running... root# ps -ae | grep winbindd Once you have successfully downloaded the CUPS PostScript driver -to a client, you can easily switch all printers to this one -by proceeding as described elsewhere in the "Samba HOWTO -Collection" to change a driver for an existing printer. This command should produce output like this, if the daemon is running What are the benefits with the "CUPS PostScript driver for Windows NT/2k/XP" -as compared to the Adobe drivers? 3025 ? 00:00:00 winbindd Now... for the real test, try to get some information about the +users on your PDC root# /usr/local/samba/bin/wbinfo -u no hassle with the Adobe EULA - +This should echo back a list of users on your Windows users on +your PDC. For example, I get the following response: no hassle with the question "where do I get the ADOBE*.* driver files from?" - CEO+Administrator +CEO+burdell +CEO+Guest +CEO+jt-ad +CEO+krbtgt +CEO+TsInternetUser the Adobe drivers (depending on the printer PPD associated with them) - often put a PJL header in front of the core PostScript part of the print - file (thus the file starts with "1B%-12345X" or "escape%-12345X" - instead of "%!PS"). This leads to the CUPS daemon autotyping the - arriving file as a print-ready file, not requiring a pass thru the - "pstops" filter (to speak more technical, it is not regarded as the - generic MIME type "application/postscript", but as the more special - MIME type "application/cups.vnd-postscript"), which therefore also - leads to the page accounting in "/var/log/cups/page_log" not receiving - the exact mumber of pages; instead the dummy page number of "1" is - logged in a standard setup) - Obviously, I have named my domain 'CEO' and my winbind +separator is '+'. the Adobe driver has more options to "mis-configure" the PostScript - generated by it (like setting it inadvertedly to "Optimize for Speed", - instead of "Optimize for Portability", which could lead to CUPS being - unable to process it) - You can do the same sort of thing to get group information from +the PDC: the CUPS PostScript driver output sent by Windows clients to the CUPS - server will be guaranteed to be auto-typed as generic MIME type - "application/postscript", thusly passing thru the CUPS "pstops" filter - and logging the correct number of pages in the page_log for accounting - and quota purposes - root# /usr/local/samba/bin/wbinfo -g +CEO+Domain Admins +CEO+Domain Users +CEO+Domain Guests +CEO+Domain Computers +CEO+Domain Controllers +CEO+Cert Publishers +CEO+Schema Admins +CEO+Enterprise Admins +CEO+Group Policy Creator Owners the CUPS PostScript driver supports the sending of additional print - options by the Win NT/2k/XP clients, such as naming the CUPS standard - banner pages (or the custom ones, should they be installed at the time - of driver download), using the CUPS "page-label" option, setting a - job-priority and setting the scheduled time of printing (with the option - to support additional useful IPP job attributes in the future). - The function 'getent' can now be used to get unified +lists of both local and PDC users and groups. +Try the following command: the CUPS PostScript driver supports the inclusion of the new - "*cupsJobTicket" comments at the beginnig of the PostScript file (which - could be used in the future for all sort of beneficial extensions on - the CUPS side, but which will not disturb any other application as those - will regard it as a comment and simply ignore it). - root# getent passwd You should get a list that looks like your /etc/passwd +list followed by the domain users with their new uids, gids, home +directories and default shells. the CUPS PostScript driver will be the heart of the fully fledged CUPS - IPP client for Windows NT/2k/XP to be released soon (probably alongside - the first Beta release for CUPS 1.2). - The same thing can be done for groups with the command root# getent group 15.6. Advanced Postscript Printing from MS Windows Let the Windows Clients use a PostScript driver to deliver poistscript to -the samba print server (just like any Linux or Unix Client would also use -PostScript to send to the server) Make the Unix printing subsystem to which Samba sends the job convert the -incoming PostScript files to the native print format of the target printers -(would be PCL if you have an HP printer) Now if you are afraid that this would just mean using a *Generic* PostScript -driver for the clients that has no Simplex/Duplex selection, and no paper tray -choice, but you need them to be able to set up print jobs, with all the bells -and whistles of your printers:- 16.5.3.6. Fix the init.d startup scripts16.5.3.6.1. Linux Not possible with traditional spooling systems But perfectly supported by CUPS (which uses "PPD" files to - describe how to control the print options for PostScript and - non-PostScript devices alike... - The winbindd daemon needs to start up after the +smbd and nmbd daemons are running. +To accomplish this task, you need to modify the startup scripts of your system. They are located at /etc/init.d/smb in RedHat and +/etc/init.d/samba in Debian. +script to add commands to invoke this daemon in the proper sequence. My +startup script starts up smbd, +nmbd, and winbindd from the +/usr/local/samba/bin directory directly. The 'start' +function in the script looks like this: start() { + KIND="SMB" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/smbd $SMBDOPTIONS + RETVAL=$? + echo + KIND="NMB" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS + RETVAL2=$? + echo + KIND="Winbind" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/winbindd + RETVAL3=$? + echo + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ + RETVAL=1 + return $RETVAL +} CUPS PPDs are working perfectly on Windows clients who use Adobe PostScript -drivers (or the new CUPS PostScript driver for Windows NT/2K/XP). Clients can use -them to setup the job to their liking and CUPS will use the received job options -to make the (PCL-, ESC/P- or PostScript-) printer behave as required. If you want to have the additional benefit of page count logging and accounting -then the CUPS PostScript driver is the best choice (better than the Adobe one).If you would like to run winbindd in dual daemon mode, replace +the line + daemon /usr/local/samba/bin/winbindd + +in the example above with: + + daemon /usr/local/samba/bin/winbindd -B . If you want to make the drivers downloadable for the clients then "cupsaddsmb" is -your friend. It will setup the [print$] share on the Samba host to be ready to serve -the clients for a "point and print" driver installation. The 'stop' function has a corresponding entry to shut down the +services and looks like this: stop() { + KIND="SMB" + echo -n $"Shutting down $KIND services: " + killproc smbd + RETVAL=$? + echo + KIND="NMB" + echo -n $"Shutting down $KIND services: " + killproc nmbd + RETVAL2=$? + echo + KIND="Winbind" + echo -n $"Shutting down $KIND services: " + killproc winbindd + RETVAL3=$? + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb + echo "" + return $RETVAL +} What strings are attached? 16.5.3.6.2. Solaris There are some. But, given the sheer CPU power you can buy nowadays, -these can be overcome easily. The strings:On solaris, you need to modify the +/etc/init.d/samba.server startup script. It usually +only starts smbd and nmbd but should now start winbindd too. If you +have samba installed in /usr/local/samba/bin, +the file could contains something like this: ## +## samba.server +## + +if [ ! -d /usr/bin ] +then # /usr not mounted + exit +fi + +killproc() { # kill the named process(es) + pid=`/usr/bin/ps -e | + /usr/bin/grep -w $1 | + /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` + [ "$pid" != "" ] && kill $pid +} + +# Start/stop processes required for samba server + +case "$1" in + +'start') +# +# Edit these lines to suit your installation (paths, workgroup, host) +# +echo Starting SMBD + /usr/local/samba/bin/smbd -D -s \ + /usr/local/samba/smb.conf + +echo Starting NMBD + /usr/local/samba/bin/nmbd -D -l \ + /usr/local/samba/var/log -s /usr/local/samba/smb.conf + +echo Starting Winbind Daemon + /usr/local/samba/bin/winbindd + ;; + +'stop') + killproc nmbd + killproc smbd + killproc winbindd + ;; + +*) + echo "Usage: /etc/init.d/samba.server { start | stop }" + ;; +esac Well, if the CUPS/Samba side will have to print to many printers serving many users, -you probably will need to set up a second server (which can do automatic load balancing -with the first one, plus a degree of fail-over mechanism). Converting the incoming -PostScript jobs, "interpreting" them for non-PostScript printers, amounts to the work -of a "RIP" (Raster Image Processor) done in software. This requires more CPU and RAM -than for the mere "raw spooling" task your current setup is solving. It all depends -on the avarage and peak printing load the server should be able to handle.Again, if you would like to run samba in dual daemon mode, replace + /usr/local/samba/bin/winbindd + +in the script above with: + + /usr/local/samba/bin/winbindd -B 15.7. Auto-Deletion of CUPS spool files 16.5.3.6.3. RestartingSamba print files pass thru two "spool" directories. One the incoming directory -managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] -section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. -For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive -"RequestRoot /var/spool/cups". If you restart the smbd, nmbd, +and winbindd daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user. 16.5.3.7. Configure Winbind and PAM I am not sure, which one of your directories keeps the files. From what you say, -it is most likely the Samba part.If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in +this step. (Did you remember to make backups of your original +/etc/pam.d files? If not, do it now.) For the CUPS part, you may want to consult: http://localhost:631/sam.html#PreserveJobFiles and - http://localhost:631/sam.html#PreserveJobHistory and - http://localhost:631/sam.html#MaxJobsYou will need a pam module to use winbindd with these other services. This +module will be compiled in the ../source/nsswitch directory +by invoking the command There are the settings described for your CUPS daemon, which could lead to completed -job files not being deleted. root# make nsswitch/pam_winbind.so "PreserveJobHistory Yes" -- keeps some details of jobs in -cupsd's mind (well it keeps the "c12345", "c12346" etc. files -in the CUPS spool directory, which do a similar job as the -old-fashioned BSD-LPD control files). This is set to "Yes" -as a default. from the ../source directory. The +pam_winbind.so file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +/lib/security directory. On Solaris, the pam security +modules reside in /usr/lib/security. "PreserveJobFiles Yes" -- keeps the job files themselves in -cupsd's mind (well it keeps the "d12345", "d12346" etc. files -in the CUPS spool directory...). This is set to "No" as the -CUPS default. root# cp ../samba/source/nsswitch/pam_winbind.so /lib/security 16.5.3.7.1. Linux/FreeBSD-specific PAM configuration "MaxJobs 500" -- this directive controls the maximum number -of jobs that are kept in memory. Once the number of jobs -reaches the limit, the oldest completed job is automatically -purged from the system to make room for the new one. If all -of the known jobs are still pending or active then the new -job will be rejected. Setting the maximum to 0 disables this -functionality. The default setting is 0. The /etc/pam.d/samba file does not need to be changed. I +just left this fileas it was: (There are also additional settings for "MaxJobsPerUser" and -"MaxJobsPerPrinter"...) auth required /lib/security/pam_stack.so service=system-auth +account required /lib/security/pam_stack.so service=system-auth For everything to work as announced, you need to have three things:The other services that I modified to allow the use of winbind +as an authentication service were the normal login on the console (or a terminal +session), telnet logins, and ftp service. In order to enable these +services, you may first need to change the entries in +/etc/xinetd.d (or /etc/inetd.conf). +RedHat 7.1 uses the new xinetd.d structure, in this case you need +to change the lines in /etc/xinetd.d/telnet +and /etc/xinetd.d/wu-ftp from enable = no a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") - a Samba-smb.conf setting of "printing = cups" - another Samba-smb.conf setting of "printcap = cups" - to enable = yes Note, that in this case all other manually set printing-related -commands (like "print command", "lpq command", "lprm command", -"lppause command" or "lpresume command") are ignored and they -should normally have no influence what-so-ever on your printing. If you want to do things manually, replace the "printing = cups" -by "printing = bsd". Then your manually set commands may work -(haven't tested this), and a "print command = lp -d %P %s; rm %s" -may do what you need. +For ftp services to work properly, you will also need to either +have individual directories for the domain users already present on +the server, or change the home directory template to a general +directory for all domain users. These can be easily set using +the smb.conf global entry +template homedir. You forgot to mention the CUPS version you're using. If you did -set things up as described in the man pages, then the Samba -spool files should be deleted. Otherwise it may be a bug. On -the CUPS side, you can control the behaviour as described -above. The /etc/pam.d/ftp file can be changed +to allow winbind ftp access in a manner similar to the +samba file. My /etc/pam.d/ftp file was +changed to look like this: If you have more problems, post the output of these commands: auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_shells.so +account sufficient /lib/security/pam_winbind.so +account required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth The /etc/pam.d/login file can be changed nearly the +same way. It now looks like this: grep -v ^# /etc/cups/cupsd.conf | grep -v ^$ - grep -v ^# /etc/samba/smb.conf | grep -v ^$ | grep -v "^;"auth required /lib/security/pam_securetty.so +auth sufficient /lib/security/pam_winbind.so +auth sufficient /lib/security/pam_unix.so use_first_pass +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_nologin.so +account sufficient /lib/security/pam_winbind.so +account required /lib/security/pam_stack.so service=system-auth +password required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth +session optional /lib/security/pam_console.so (adapt paths as needed). These commands sanitize the files -and cut out the empty lines and lines with comments, providing -the "naked settings" in a compact way. In this case, I added the auth sufficient /lib/security/pam_winbind.so +lines as before, but also added the required pam_securetty.so +above it, to disallow root logins over the network. I also added a +sufficient /lib/security/pam_unix.so use_first_pass +line after the winbind.so line to get rid of annoying +double prompts for passwords. Chapter 16. Unified Logons between Windows NT and UNIX using Winbind 16.1. Abstract 16.5.3.7.2. Solaris-specific configurationIntegration of UNIX and Microsoft Windows NT through - a unified logon has been considered a "holy grail" in heterogeneous - computing environments for a long time. We present - winbind, a component of the Samba suite - of programs as a solution to the unified logon problem. Winbind - uses a UNIX implementation - of Microsoft RPC calls, Pluggable Authentication Modules, and the Name - Service Switch to allow Windows NT domain users to appear and operate - as UNIX users on a UNIX machine. This paper describes the winbind - system, explaining the functionality it provides, how it is configured, - and how it works internally.The /etc/pam.conf needs to be changed. I changed this file so that my Domain +users can logon both locally as well as telnet.The following are the changes +that I made.You can customize the pam.conf file as per your requirements,but +be sure of those changes because in the worst case it will leave your system +nearly impossible to boot. # +#ident "@(#)pam.conf 1.14 99/09/16 SMI" +# +# Copyright (c) 1996-1999, Sun Microsystems, Inc. +# All Rights Reserved. +# +# PAM configuration +# +# Authentication management +# +login auth required /usr/lib/security/pam_winbind.so +login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass +# +rlogin auth sufficient /usr/lib/security/pam_winbind.so +rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 +rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +# +dtlogin auth sufficient /usr/lib/security/pam_winbind.so +dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +# +rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 +other auth sufficient /usr/lib/security/pam_winbind.so +other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +# +# Account management +# +login account sufficient /usr/lib/security/pam_winbind.so +login account requisite /usr/lib/security/$ISA/pam_roles.so.1 +login account required /usr/lib/security/$ISA/pam_unix.so.1 +# +dtlogin account sufficient /usr/lib/security/pam_winbind.so +dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 +dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 +# +other account sufficient /usr/lib/security/pam_winbind.so +other account requisite /usr/lib/security/$ISA/pam_roles.so.1 +other account required /usr/lib/security/$ISA/pam_unix.so.1 +# +# Session management +# +other session required /usr/lib/security/$ISA/pam_unix.so.1 +# +# Password management +# +#other password sufficient /usr/lib/security/pam_winbind.so +other password required /usr/lib/security/$ISA/pam_unix.so.1 +dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 +# +# Support for Kerberos V5 authentication (uncomment to use Kerberos) +# +#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1 +#other account optional /usr/lib/security/$ISA/pam_krb5.so.1 +#other session optional /usr/lib/security/$ISA/pam_krb5.so.1 +#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass I also added a try_first_pass line after the winbind.so line to get rid of +annoying double prompts for passwords. Now restart your Samba and try connecting through your application that you +configured in the pam.conf. 16.2. Introduction16.6. Limitations It is well known that UNIX and Microsoft Windows NT have - different models for representing user and group information and - use different technologies for implementing them. This fact has - made it difficult to integrate the two systems in a satisfactory - manner. One common solution in use today has been to create - identically named user accounts on both the UNIX and Windows systems - and use the Samba suite of programs to provide file and print services - between the two. This solution is far from perfect however, as - adding and deleting users on both sets of machines becomes a chore - and two sets of passwords are required both of which - can lead to synchronization problems between the UNIX and Windows - systems and confusion for users. We divide the unified logon problem for UNIX machines into - three smaller problems:Winbind has a number of limitations in its current + released version that we hope to overcome in future + releases: Obtaining Windows NT user and group information - Winbind is currently only available for + the Linux, Solaris and IRIX operating systems, although ports to other operating + systems are certainly possible. For such ports to be feasible, + we require the C library of the target operating system to + support the Name Service Switch and Pluggable Authentication + Modules systems. This is becoming more common as NSS and + PAM gain support among UNIX vendors. Authenticating Windows NT users - The mappings of Windows NT RIDs to UNIX ids + is not made algorithmically and depends on the order in which + unmapped users or groups are seen by winbind. It may be difficult + to recover the mappings of rid to UNIX id mapping if the file + containing this information is corrupted or destroyed. Password changing for Windows NT users - Ideally, a prospective solution to the unified logon problem - would satisfy all the above components without duplication of - information on the UNIX machines and without creating additional - tasks for the system administrator when maintaining users and - groups on either system. The winbind system provides a simple - and elegant solution to all three components of the unified logon - problem. 16.3. What Winbind Provides Winbind unifies UNIX and Windows NT account management by - allowing a UNIX box to become a full member of a NT domain. Once - this is done the UNIX box will see NT users and groups as if - they were native UNIX users and groups, allowing the NT domain - to be used in much the same manner that NIS+ is used within - UNIX-only environments. The end result is that whenever any - program on the UNIX machine asks the operating system to lookup - a user or group name, the query will be resolved by asking the - NT domain controller for the specified domain to do the lookup. - Because Winbind hooks into the operating system at a low level - (via the NSS name resolution modules in the C library) this - redirection to the NT domain controller is completely - transparent. Users on the UNIX machine can then use NT user and group - names as they would use "native" UNIX names. They can chown files - so that they are owned by NT domain users or even login to the - UNIX machine and run a UNIX X-Window session as a domain user. The only obvious indication that Winbind is being used is - that user and group names take the form DOMAIN\user and - DOMAIN\group. This is necessary as it allows Winbind to determine - that redirection to a domain controller is wanted for a particular - lookup and which trusted domain is being referenced. Additionally, Winbind provides an authentication service - that hooks into the Pluggable Authentication Modules (PAM) system - to provide authentication via a NT domain to any PAM enabled - applications. This capability solves the problem of synchronizing - passwords between systems since all passwords are stored in a single - location (on the domain controller).Currently the winbind PAM module does not take + into account possible workstation and logon time restrictions + that may be been set for Windows NT users, this is + instead up to the PDC to enforce. 16.3.1. Target Uses Winbind is targeted at organizations that have an - existing NT based domain infrastructure into which they wish - to put UNIX workstations or servers. Winbind will allow these - organizations to deploy UNIX workstations without having to - maintain a separate account infrastructure. This greatly - simplifies the administrative overhead of deploying UNIX - workstations into a NT based organization. 16.7. ConclusionAnother interesting way in which we expect Winbind to - be used is as a central part of UNIX based appliances. Appliances - that provide file and print services to Microsoft based networks - will be able to use Winbind to provide seamless integration of - the appliance into the domain.The winbind system, through the use of the Name Service + Switch, Pluggable Authentication Modules, and appropriate + Microsoft RPC calls have allowed us to provide seamless + integration of Microsoft Windows NT domain users on a + UNIX system. The result is a great reduction in the administrative + cost of running a mixed UNIX and NT network. Chapter 17. Policy Management - Hows and Whys 16.4. How Winbind Works17.1. System Policies The winbind system is designed around a client/server - architecture. A long running winbindd daemon - listens on a UNIX domain socket waiting for requests - to arrive. These requests are generated by the NSS and PAM - clients and processed sequentially.Under MS Windows platforms, particularly those following the release of MS Windows +NT4 and MS Windows 95) it is possible to create a type of file that would be placed +in the NETLOGON share of a domain controller. As the client logs onto the network +this file is read and the contents initiate changes to the registry of the client +machine. This file allows changes to be made to those parts of the registry that +affect users, groups of users, or machines. The technologies used to implement winbind are described - in detail below. 16.4.1. Microsoft Remote Procedure Calls For MS Windows 9x/Me this file must be called Config.POL and may +be generated using a tool called poledit.exe, better known as the +Policy Editor. The policy editor was provided on the Windows 98 installation CD, but +dissappeared again with the introduction of MS Windows Me (Millenium Edition). From +comments from MS Windows network administrators it would appear that this tool became +a part of the MS Windows Me Resource Kit. MS Windows NT4 Server products include the System Policy Editor +under the Start->Programs->Administrative Tools menu item. +For MS Windows NT4 and later clients this file must be called NTConfig.POL. Over the last few years, efforts have been underway - by various Samba Team members to decode various aspects of - the Microsoft Remote Procedure Call (MSRPC) system. This - system is used for most network related operations between - Windows NT machines including remote management, user authentication - and print spooling. Although initially this work was done - to aid the implementation of Primary Domain Controller (PDC) - functionality in Samba, it has also yielded a body of code which - can be used for other purposes.New with the introduction of MS Windows 2000 was the Microsoft Management Console +or MMC. This tool is the new wave in the ever changing landscape of Microsoft +methods for management of network access and security. Every new Microsoft product +or technology seems to obsolete the old rules and to introduce newer and more +complex tools and methods. To Microsoft's credit though, the MMC does appear to +be a step forward, but improved functionality comes at a great price. Winbind uses various MSRPC calls to enumerate domain users - and groups and to obtain detailed information about individual - users or groups. Other MSRPC calls can be used to authenticate - NT domain users and to change user passwords. By directly querying - a Windows PDC for user and group information, winbind maps the - NT account information onto UNIX user and group names. 16.4.2. Microsoft Active Directory ServicesBefore embarking on the configuration of network and system policies it is highly +advisable to read the documentation available from Microsoft's web site from +Implementing Profiles and Policies in Windows NT 4.0 available from Microsoft. +There are a large number of documents in addition to this old one that should also +be read and understood. Try searching on the Microsoft web site for "Group Policies". Since late 2001, Samba has gained the ability to - interact with Microsoft Windows 2000 using its 'Native - Mode' protocols, rather than the NT4 RPC services. - Using LDAP and Kerberos, a domain member running - winbind can enumerate users and groups in exactly the - same way as a Win2k client would, and in so doing - provide a much more efficient and - effective winbind implementation. - What follows is a very discussion with some helpful notes. The information provided +here is incomplete - you are warned. 16.4.3. Name Service Switch17.1.1. Creating and Managing Windows 9x/Me Policies The Name Service Switch, or NSS, is a feature that is - present in many UNIX operating systems. It allows system - information such as hostnames, mail aliases and user information - to be resolved from different sources. For example, a standalone - UNIX workstation may resolve system information from a series of - flat files stored on the local filesystem. A networked workstation - may first attempt to resolve system information from local files, - and then consult a NIS database for user information or a DNS server - for hostname information. The NSS application programming interface allows winbind - to present itself as a source of system information when - resolving UNIX usernames and groups. Winbind uses this interface, - and information obtained from a Windows NT server using MSRPC - calls to provide a new source of account enumeration. Using standard - UNIX library calls, one can enumerate the users and groups on - a UNIX machine running winbind and see all users and groups in - a NT domain plus any trusted domain as though they were local - users and groups.You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me. +It can be found on the Original full product Win98 installation CD under +tools/reskit/netadmin/poledit. You install this using the +Add/Remove Programs facility and then click on the 'Have Disk' tab. The primary control file for NSS is - Use the Group Policy Editor to create a policy file that specifies the location of +user profiles and/or the /etc/nsswitch.conf. - When a UNIX application makes a request to do a lookup - the C library looks in My Documents etc. stuff. You then +save these settings in a file called /etc/nsswitch.conf - for a line which matches the service type being requested, for - example the "passwd" service type is used when user or group names - are looked up. This config line species which implementations - of that service should be tried and in what order. If the passwd - config line is: Config.POL that needs to +be placed in the root of the [NETLOGON] share. If your Win98 is configured to log onto +the Samba Domain, it will automatically read this file and update the Win9x/Me registry +of the machine that is logging on. passwd: files example Further details are covered in the Win98 Resource Kit documentation. then the C library will first load a module called - /lib/libnss_files.so followed by - the module /lib/libnss_example.so. The - C library will dynamically load each of these modules in turn - and call resolver functions within the modules to try to resolve - the request. Once the request is resolved the C library returns the - result to the application.If you do not do it this way, then every so often Win9x/Me will check the +integrity of the registry and will restore it's settings from the back-up +copy of the registry it stores on each Win9x/Me machine. Hence, you will +occasionally notice things changing back to the original settings. This NSS interface provides a very easy way for Winbind - to hook into the operating system. All that needs to be done - is to put libnss_winbind.so in Install the group policy handler for Win9x to pick up group policies. Look on the +Win98 CD in /lib/ - then add "winbind" into \tools\reskit\netadmin\poledit. +Install group policies on a Win9x client by double-clicking +/etc/nsswitch.conf at - the appropriate place. The C library will then call Winbind to - resolve user and group names. grouppol.inf. Log off and on again a couple of times and see +if Win98 picks up group policies. Unfortunately this needs to be done on every +Win9x/Me machine that uses group policies. 16.4.4. Pluggable Authentication Modules17.1.2. Creating and Managing Windows NT4 Style Policy Files Pluggable Authentication Modules, also known as PAM, - is a system for abstracting authentication and authorization - technologies. With a PAM module it is possible to specify different - authentication methods for different system applications without - having to recompile these applications. PAM is also useful - for implementing a particular policy for authorization. For example, - a system administrator may only allow console logins from users - stored in the local password file but only allow users resolved from - a NIS database to log in over the network. Winbind uses the authentication management and password - management PAM interface to integrate Windows NT users into a - UNIX system. This allows Windows NT users to log in to a UNIX - machine and be authenticated against a suitable Primary Domain - Controller. These users can also change their passwords and have - this change take effect directly on the Primary Domain Controller. - To create or edit ntconfig.pol you must use the NT Server +Policy Editor, poledit.exe which is included with NT4 Server +but not NT Workstation. There is a Policy Editor on a NT4 +Workstation but it is not suitable for creating Domain Policies. +Further, although the Windows 95 Policy Editor can be installed on an NT4 +Workstation/Server, it will not work with NT clients. However, the files from +the NT Server will run happily enough on an NT4 Workstation. PAM is configured by providing control files in the directory - You need /etc/pam.d/ for each of the services that - require authentication. When an authentication request is made - by an application the PAM code in the C library looks up this - control file to determine what modules to load to do the - authentication check and in what order. This interface makes adding - a new authentication service for Winbind very easy, all that needs - to be done is that the poledit.exe, common.adm and pam_winbind.so module - is copied to winnt.adm. +It is convenient to put the two *.adm files in the /lib/security/ and the PAM - control files for relevant services are updated to allow - authentication via winbind. See the PAM documentation - for more details. c:\winnt\inf +directory which is where the binary will look for them unless told otherwise. Note also that that +directory is normally 'hidden'. The Windows NT policy editor is also included with the Service Pack 3 (and +later) for Windows NT 4.0. Extract the files using servicepackname /x, +i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, +poledit.exe and the associated template files (*.adm) should +be extracted as well. It is also possible to downloaded the policy template +files for Office97 and get a copy of the policy editor. Another possible +location is with the Zero Administration Kit available for download from Microsoft. 16.4.5. User and Group ID Allocation When a user or group is created under Windows NT - is it allocated a numerical relative identifier (RID). This is - slightly different to UNIX which has a range of numbers that are - used to identify users, and the same range in which to identify - groups. It is winbind's job to convert RIDs to UNIX id numbers and - vice versa. When winbind is configured it is given part of the UNIX - user id space and a part of the UNIX group id space in which to - store Windows NT users and groups. If a Windows NT user is - resolved for the first time, it is allocated the next UNIX id from - the range. The same process applies for Windows NT groups. Over - time, winbind will have mapped all Windows NT users and groups - to UNIX user ids and group ids. 17.1.2.1. Registry Tattoos The results of this mapping are stored persistently in - an ID mapping database held in a tdb database). This ensures that - RIDs are mapped to UNIX IDs in a consistent way.With NT4 style registry based policy changes, a large number of settings are not +automatically reversed as the user logs off. Since the settings that were in the +NTConfig.POL file were applied to the client machine registry and that apply to the +hive key HKEY_LOCAL_MACHINE are permanent until explicitly reveresd. This is known +as tattooing. It can have serious consequences down-stream and the administrator must +be extreemly careful not to lock out the ability to manage the machine at a later date. 16.4.6. Result Caching17.1.3. Creating and Managing MS Windows 200x Policies An active system can generate a lot of user and group - name lookups. To reduce the network cost of these lookups winbind - uses a caching scheme based on the SAM sequence number supplied - by NT domain controllers. User or group information returned - by a PDC is cached by winbind along with a sequence number also - returned by the PDC. This sequence number is incremented by - Windows NT whenever any user or group information is modified. If - a cached entry has expired, the sequence number is requested from - the PDC and compared against the sequence number of the cached entry. - If the sequence numbers do not match, then the cached information - is discarded and up to date information is requested directly - from the PDC. 16.5. Installation and ConfigurationWindows NT4 System policies allows setting of registry parameters specific to +users, groups and computers (client workstations) that are members of the NT4 +style domain. Such policy file will work with MS Windows 2000 / XP clients also. Many thanks to John Trostel jtrostel@snapserver.comNew to MS Windows 2000 Microsoft introduced a new style of group policy that confers +a superset of capabilities compared with NT4 style policies. Obviously, the tool used +to create them is different, and the mechanism for implementing them is much changed. The older NT4 style registry based policies are known as Administrative Templates -for providing the HOWTO for this section. My Documents files (directory), as +well as intrinsics of where menu items will appear in the Start menu). An additional new +feature is the ability to make available particular software Windows applications to particular +users and/or groups. This HOWTO describes how to get winbind services up and running -to control access and authenticate users on your Linux box using -the winbind services which come with SAMBA 2.2.2. Remember: NT4 policy files are named NTConfig.POL and are stored in the root +of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password +and selects the domain name to which the logon will attempt to take place. During the logon +process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating +server, modifies the local registry values according to the settings in this file. Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of +a Windows 200x policy file is stored in the Active Directory itself and the other part is stored +in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active +Directory domain controllers. The part that is stored in the Active Directory itself is called the +group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is +known as the group policy template (GPT). With NT4 clients the policy file is read and executed upon only aas each user log onto the network. +MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine +startup (machine specific part) and when the user logs onto the network the user specific part +is applied. In MS Windows 200x style policy management each machine and/or user may be subject +to any number of concurently applicable (and applied) policy sets (GPOs). Active Directory allows +the administrator to also set filters over the policy settings. No such equivalent capability +exists with NT4 style policy files. 16.5.1. Introduction This HOWTO describes the procedures used to get winbind up and -running on my RedHat 7.1 system. Winbind is capable of providing access -and authentication control for Windows Domain users through an NT -or Win2K PDC for 'regular' services, such as telnet a nd ftp, as -well for SAMBA services. 17.1.3.1. Administration of Win2K PoliciesThis HOWTO has been written from a 'RedHat-centric' perspective, so if -you are using another distribution, you may have to modify the instructions -somewhat to fit the way your distribution works.Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the +executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console +(MMC) snap-in as follows: Why should I to this? Go to the Windows 200x / XP menu Start->Programs->Adminsitrative Tools + and select the MMC snap-in called "Active Directory Users and Computers" This allows the SAMBA administrator to rely on the - authentication mechanisms on the NT/Win2K PDC for the authentication - of domain members. NT/Win2K users no longer need to have separate - accounts on the SAMBA server. +> Select the domain or organizational unit (OU) that you wish to manage, then right click + to open the context menu for that object, select the properties item. Who should be reading this document? +> Now left click on the Group Policy tab, then left click on the New tab. Type a name + for the new policy you will create. This HOWTO is designed for system administrators. If you are - implementing SAMBA on a file server and wish to (fairly easily) - integrate existing NT/Win2K users from your PDC onto the - SAMBA server, this HOWTO is for you. That said, I am no NT or PAM - expert, so you may find a better or easier way to accomplish - these tasks. +> Now left click on the Edit tab to commence the steps needed to create the GPO. All policy configuration options are controlled through the use of policy administrative +templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP. +Beware however, since the .adm files are NOT interchangible across NT4 and Windows 200x. +The later introduces many new features as well as extended definition capabilities. It is +well beyond the scope of this documentation to explain how to program .adm files, for that +the adminsitrator is referred to the Microsoft Windows Resource Kit for your particular +version of MS Windows. The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used +to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you +use this powerful tool. Please refer to the resource kit manuals for specific usage information. 16.5.2. Requirements Chapter 18. Profile Management18.1. Roaming Profiles If you have a samba configuration file that you are currently -using... BACK IT UP! If your system already uses PAM, -back up the /etc/pam.d directory -contents! If you haven't already made a boot disk, - MAKE ONE NOW!NOTE! Roaming profiles support is different for Win9X and WinNT. Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features. Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory. WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT. 18.1.1. Windows NT Configuration To support WinNT clients, in the [global] section of smb.conf set the +following (for example): logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath Messing with the pam configuration files can make it nearly impossible -to log in to yourmachine. That's why you want to be able to boot back -into your machine in single user mode and restore your -/etc/pam.d back to the original state they were in if -you get frustrated with the way things are going. ;-)The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable. The latest version of SAMBA (version 3.0 as of this writing), now -includes a functioning winbindd daemon. Please refer to the -main SAMBA web page or, -better yet, your closest SAMBA mirror site for instructions on -downloading the source code. To allow Domain users the ability to access SAMBA shares and -files, as well as potentially other services provided by your -SAMBA machine, PAM (pluggable authentication modules) must -be setup properly on your machine. In order to compile the -winbind modules, you should have at least the pam libraries resident -on your system. For recent RedHat systems (7.1, for instance), that -means pam-0.74-22. For best results, it is helpful to also -install the development packages in pam-devel-0.74-22.MS Windows NT/2K clients at times do not disconnect a connection to a server +between logons. It is recommended to NOT use the homes +meta-service name as part of the profile share path. 16.5.3. Testing Things Out18.1.2. Windows 9X Configuration Before starting, it is probably best to kill off all the SAMBA -related daemons running on your server. Kill off all smbd, -nmbd, and winbindd processes that may -be running. To use PAM, you will want to make sure that you have the -standard PAM package (for RedHat) which supplies the /etc/pam.d -directory structure, including the pam modules are used by pam-aware -services, several pam libraries, and the /usr/doc -and /usr/man entries for pam. Winbind built better -in SAMBA if the pam-devel package was also installed. This package includes -the header files needed to compile pam-aware applications. For instance, -my RedHat system has both pam-0.74-22 and -pam-devel-0.74-22 RPMs installed.To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use /home" now works as well, and it, too, relies +on the "logon home" parameter. By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file: logon home = \\%L\%U\.profiles then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden). Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home". 16.5.3.1. Configure and compile SAMBA 18.1.3. Win9X and WinNT ConfigurationThe configuration and compilation of SAMBA is pretty straightforward. -The first three steps may not be necessary depending upon -whether or not you have previously built the Samba binaries.You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example: root# autoconf -root# make clean -root# rm config.cache -root# ./configure -root# make -root# make installlogon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U This will, by default, install SAMBA in /usr/local/samba. -See the main SAMBA documentation if you want to install SAMBA somewhere else. -It will also build the winbindd executable and libraries. I have not checked what 'net use /home' does on NT when "logon home" is +set as above. 16.5.3.2. Configure nsswitch.conf and the -winbind libraries 18.1.4. Windows 9X Profile SetupThe libraries needed to run the winbindd daemon -through nsswitch need to be copied to their proper locations, soWhen a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders. The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file. root# cp ../samba/source/nsswitch/libnss_winbind.so /lib On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. + On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. + Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me. You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password. Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'. Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created. These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set. If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server. I also found it necessary to make the following symbolic link:If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time". root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 And, in the case of Sun solaris: instead of logging in under the [user, password, domain] dialog, + press escape. + root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2 run the regedit.exe program, and look in: + Now, as root you need to edit /etc/nsswitch.conf to -allow user and group entries to be visible from the winbindd -daemon. My /etc/nsswitch.conf file look like -this after editing: HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList + passwd: files winbind - shadow: files - group: files winbind you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. + -The libraries needed by the winbind daemon will be automatically -entered into the ldconfig cache the next time -your system reboots, but it -is faster (and you don't need to reboot) if you do it manually: [Exit the registry editor]. + root# /sbin/ldconfig -v | grep winbind WARNING - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). + This makes libnss_winbind available to winbindd -and echos back a check to you. 16.5.3.3. Configure smb.conf This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. + Several parameters are needed in the smb.conf file to control -the behavior of winbindd. Configure -smb.conf These are described in more detail in -the winbindd(8) man page. My -smb.conf file was modified to -include the following entries in the [global] section: search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. + [global] - <...> - # separate domain and username with '+', like DOMAIN+username - winbind separator = + - # use uids from 10000 to 20000 for domain users - winbind uid = 10000-20000 - # use gids from 10000 to 20000 for domain groups - winbind gid = 10000-20000 - # allow enumeration of winbind users and groups - winbind enum users = yes - winbind enum groups = yes - # give winbind users a real shell (only needed if they have telnet access) - template homedir = /home/winnt/%D/%U - template shell = /bin/bash 16.5.3.4. Join the SAMBA server to the PDC domain log off the windows 95 client. + Enter the following command to make the SAMBA server join the -PDC domain, where DOMAIN is the name of -your Windows domain and Administrator is -a domain user who has administrative privileges in the domain. check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. + root# /usr/local/samba/bin/net join -S PDC -U AdministratorIf all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports. The proper response to the command should be: "Joined the domain -DOMAIN" where DOMAIN -is your DOMAIN name.If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace. 16.5.3.5. Start up the winbindd daemon and test it! Eventually, you will want to modify your smb startup script to -automatically invoke the winbindd daemon when the other parts of -SAMBA start, but it is possible to test out just the winbind -portion first. To start up winbind services, enter the following -command as root: root# /usr/local/samba/bin/winbindd Winbindd can now also run in 'dual daemon mode'. This will make it -run as 2 processes. The first will answer all requests from the cache, -thus making responses to clients faster. The other will -update the cache for the query that the first has just responded. -Advantage of this is that responses stay accurate and are faster. -You can enable dual daemon mode by adding '-B' to the commandline: root# /usr/local/samba/bin/winbindd -B 18.1.5. Windows NT Workstation 4.0I'm always paranoid and like to make sure the daemon -is really running...When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter. root# ps -ae | grep winbinddThere is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter. This command should produce output like this, if the daemon is runningThe entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension +for those situations where it might be created.) 3025 ? 00:00:00 winbinddIn the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown. Now... for the real test, try to get some information about the -users on your PDCYou can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one. root# /usr/local/samba/bin/wbinfo -uThe case of the profile is significant. The file must be called +NTuser.DAT or, for a mandatory profile, NTuser.MAN. 18.1.6. Windows NT/200x Server -This should echo back a list of users on your Windows users on -your PDC. For example, I get the following response:There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords. 18.1.7. Sharing Profiles between W9x/Me and NT4/200x/XP workstations CEO+Administrator -CEO+burdell -CEO+Guest -CEO+jt-ad -CEO+krbtgt -CEO+TsInternetUser Sharing of desktop profiles between Windows versions is NOT recommended. +Desktop profiles are an evolving phenomenon and profiles for later versions +of MS Windows clients add features that may interfere with earlier versions +of MS Windows clients. Probably the more salient reason to NOT mix profiles +is that when logging off an earlier version of MS Windows the older format +of profile contents may overwrite information that belongs to the newer +version resulting in loss of profile information content when that user logs +on again with the newer version of MS Windows. Obviously, I have named my domain 'CEO' and my winbind -separator is '+'.If you then want to share the same Start Menu / Desktop with W9x/Me, you will +need to specify a common location for the profiles. The smb.conf parameters +that need to be common are logon path and +logon home. You can do the same sort of thing to get group information from -the PDC:If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory. 18.1.8. Windows NT 4 root# /usr/local/samba/bin/wbinfo -g -CEO+Domain Admins -CEO+Domain Users -CEO+Domain Guests -CEO+Domain Computers -CEO+Domain Controllers -CEO+Cert Publishers -CEO+Schema Admins -CEO+Enterprise Admins -CEO+Group Policy Creator Owners Unfortunately, the Resource Kit info is Win NT4 or 200x specific. The function 'getent' can now be used to get unified -lists of both local and PDC users and groups. -Try the following command: Here is a quick guide: root# getent passwd You should get a list that looks like your /etc/passwd -list followed by the domain users with their new uids, gids, home -directories and default shells. The same thing can be done for groups with the commandOn your NT4 Domain Controller, right click on 'My Computer', then +select the tab labelled 'User Profiles'. root# getent group 16.5.3.6. Fix the init.d startup scripts Select a user profile you want to migrate and click on it. 16.5.3.6.1. Linux The winbindd daemon needs to start up after the -smbd and nmbd daemons are running. -To accomplish this task, you need to modify the startup scripts of your system. They are located at /etc/init.d/smb in RedHat and -/etc/init.d/samba in Debian. -script to add commands to invoke this daemon in the proper sequence. My -startup script starts up smbd, -nmbd, and winbindd from the -/usr/local/samba/bin directory directly. The 'start' -function in the script looks like this: start() { - KIND="SMB" - echo -n $"Starting $KIND services: " - daemon /usr/local/samba/bin/smbd $SMBDOPTIONS - RETVAL=$? - echo - KIND="NMB" - echo -n $"Starting $KIND services: " - daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS - RETVAL2=$? - echo - KIND="Winbind" - echo -n $"Starting $KIND services: " - daemon /usr/local/samba/bin/winbindd - RETVAL3=$? - echo - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ - RETVAL=1 - return $RETVAL -}I am using the term "migrate" lossely. You can copy a profile to +create a group profile. You can give the user 'Everyone' rights to the +profile you copy this to. That is what you need to do, since your samba +domain is not a member of a trust relationship with your NT4 PDC. Click the 'Copy To' button. In the box labelled 'Copy Profile to' add your new path, eg: +c:\temp\foobar If you would like to run winbindd in dual daemon mode, replace -the line - daemon /usr/local/samba/bin/winbindd - -in the example above with: - - daemon /usr/local/samba/bin/winbindd -B . Click on the button labelled 'Change' in the "Permitted to use" box. The 'stop' function has a corresponding entry to shut down the -services and looks like this:Click on the group 'Everyone' and then click OK. This closes the +'chose user' box. stop() { - KIND="SMB" - echo -n $"Shutting down $KIND services: " - killproc smbd - RETVAL=$? - echo - KIND="NMB" - echo -n $"Shutting down $KIND services: " - killproc nmbd - RETVAL2=$? - echo - KIND="Winbind" - echo -n $"Shutting down $KIND services: " - killproc winbindd - RETVAL3=$? - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb - echo "" - return $RETVAL -} Now click OK. Follow the above for every profile you need to migrate. 16.5.3.6.2. Solaris On solaris, you need to modify the -/etc/init.d/samba.server startup script. It usually -only starts smbd and nmbd but should now start winbindd too. If you -have samba installed in /usr/local/samba/bin, -the file could contains something like this: 18.1.8.1. Side bar Notes ## -## samba.server -## - -if [ ! -d /usr/bin ] -then # /usr not mounted - exit -fi - -killproc() { # kill the named process(es) - pid=`/usr/bin/ps -e | - /usr/bin/grep -w $1 | - /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` - [ "$pid" != "" ] && kill $pid -} - -# Start/stop processes required for samba server - -case "$1" in - -'start') -# -# Edit these lines to suit your installation (paths, workgroup, host) -# -echo Starting SMBD - /usr/local/samba/bin/smbd -D -s \ - /usr/local/samba/smb.conf - -echo Starting NMBD - /usr/local/samba/bin/nmbd -D -l \ - /usr/local/samba/var/log -s /usr/local/samba/smb.conf - -echo Starting Winbind Daemon - /usr/local/samba/bin/winbindd - ;; - -'stop') - killproc nmbd - killproc smbd - killproc winbindd - ;; - -*) - echo "Usage: /etc/init.d/samba.server { start | stop }" - ;; -esac You should obtain the SID of your NT4 domain. You can use smbpasswd to do +this. Read the man page. Again, if you would like to run samba in dual daemon mode, replace - /usr/local/samba/bin/winbindd - -in the script above with: - - /usr/local/samba/bin/winbindd -B With Samba-3.0.0 alpha code you can import all you NT4 domain accounts +using the net samsync method. This way you can retain your profile +settings as well as all your users. 16.5.3.6.3. Restarting 18.1.8.2. Mandatory profilesIf you restart the smbd, nmbd, -and winbindd daemons at this point, you -should be able to connect to the samba server as a domain member just as -if you were a local user.The above method can be used to create mandatory profiles also. To convert +a group profile into a mandatory profile simply locate the NTUser.DAT file +in the copied profile and rename it to NTUser.MAN. 16.5.3.7. Configure Winbind and PAM18.1.8.3. moveuser.exe If you have made it this far, you know that winbindd and samba are working -together. If you want to use winbind to provide authentication for other -services, keep reading. The pam configuration files need to be altered in -this step. (Did you remember to make backups of your original -/etc/pam.d files? If not, do it now.) You will need a pam module to use winbindd with these other services. This -module will be compiled in the ../source/nsswitch directory -by invoking the commandThe W2K professional resource kit has moveuser.exe. moveuser.exe changes +the security of a profile from one user to another. This allows the account +domain to change, and/or the user name to change. 18.1.8.4. Get SID root# make nsswitch/pam_winbind.soYou can identify the SID by using GetSID.exe from the Windows NT Server 4.0 +Resource Kit. from the ../source directory. The -pam_winbind.so file should be copied to the location of -your other pam security modules. On my RedHat system, this was the -/lib/security directory. On Solaris, the pam security -modules reside in /usr/lib/security.Windows NT 4.0 stores the local profile information in the registry under +the following key: +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList root# cp ../samba/source/nsswitch/pam_winbind.so /lib/securityUnder the ProfileList key, there will be subkeys named with the SIDs of the +users who have logged on to this computer. (To find the profile information +for the user whose locally cached profile you want to move, find the SID for +the user with the GetSID.exe utility.) Inside of the appropriate user's +subkey, you will see a string value named ProfileImagePath. 16.5.3.7.1. Linux/FreeBSD-specific PAM configuration 18.1.9. Windows 2000/XPThe /etc/pam.d/samba file does not need to be changed. I -just left this fileas it was:You must first convert the profile from a local profile to a domain +profile on the MS Windows workstation as follows: auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_stack.so service=system-auth The other services that I modified to allow the use of winbind -as an authentication service were the normal login on the console (or a terminal -session), telnet logins, and ftp service. In order to enable these -services, you may first need to change the entries in -/etc/xinetd.d (or /etc/inetd.conf). -RedHat 7.1 uses the new xinetd.d structure, in this case you need -to change the lines in /etc/xinetd.d/telnet -and /etc/xinetd.d/wu-ftp from enable = no Log on as the LOCAL workstation administrator. to Right click on the 'My Computer' Icon, select 'Properties' enable = yes Click on the 'User Profiles' tab -For ftp services to work properly, you will also need to either -have individual directories for the domain users already present on -the server, or change the home directory template to a general -directory for all domain users. These can be easily set using -the smb.conf global entry -template homedir. Select the profile you wish to convert (click on it once) The /etc/pam.d/ftp file can be changed -to allow winbind ftp access in a manner similar to the -samba file. My /etc/pam.d/ftp file was -changed to look like this: Click on the button 'Copy To' auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -auth sufficient /lib/security/pam_winbind.so -auth required /lib/security/pam_stack.so service=system-auth -auth required /lib/security/pam_shells.so -account sufficient /lib/security/pam_winbind.so -account required /lib/security/pam_stack.so service=system-auth -session required /lib/security/pam_stack.so service=system-auth In the "Permitted to use" box, click on the 'Change' button. The /etc/pam.d/login file can be changed nearly the -same way. It now looks like this:Click on the 'Look in" area that lists the machine name, when you click +here it will open up a selection box. Click on the domain to which the +profile must be accessible. auth required /lib/security/pam_securetty.so -auth sufficient /lib/security/pam_winbind.so -auth sufficient /lib/security/pam_unix.so use_first_pass -auth required /lib/security/pam_stack.so service=system-auth -auth required /lib/security/pam_nologin.so -account sufficient /lib/security/pam_winbind.so -account required /lib/security/pam_stack.so service=system-auth -password required /lib/security/pam_stack.so service=system-auth -session required /lib/security/pam_stack.so service=system-auth -session optional /lib/security/pam_console.so In this case, I added the auth sufficient /lib/security/pam_winbind.so -lines as before, but also added the required pam_securetty.so -above it, to disallow root logins over the network. I also added a -sufficient /lib/security/pam_unix.so use_first_pass -line after the winbind.so line to get rid of annoying -double prompts for passwords.You will need to log on if a logon box opens up. Eg: In the connect +as: MIDEARTH\root, password: mypassword. 16.5.3.7.2. Solaris-specific configuration The /etc/pam.conf needs to be changed. I changed this file so that my Domain -users can logon both locally as well as telnet.The following are the changes -that I made.You can customize the pam.conf file as per your requirements,but -be sure of those changes because in the worst case it will leave your system -nearly impossible to boot. To make the profile capable of being used by anyone select 'Everyone' # -#ident "@(#)pam.conf 1.14 99/09/16 SMI" -# -# Copyright (c) 1996-1999, Sun Microsystems, Inc. -# All Rights Reserved. -# -# PAM configuration -# -# Authentication management -# -login auth required /usr/lib/security/pam_winbind.so -login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass -# -rlogin auth sufficient /usr/lib/security/pam_winbind.so -rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 -rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -# -dtlogin auth sufficient /usr/lib/security/pam_winbind.so -dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -# -rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 -other auth sufficient /usr/lib/security/pam_winbind.so -other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -# -# Account management -# -login account sufficient /usr/lib/security/pam_winbind.so -login account requisite /usr/lib/security/$ISA/pam_roles.so.1 -login account required /usr/lib/security/$ISA/pam_unix.so.1 -# -dtlogin account sufficient /usr/lib/security/pam_winbind.so -dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 -dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 -# -other account sufficient /usr/lib/security/pam_winbind.so -other account requisite /usr/lib/security/$ISA/pam_roles.so.1 -other account required /usr/lib/security/$ISA/pam_unix.so.1 -# -# Session management -# -other session required /usr/lib/security/$ISA/pam_unix.so.1 -# -# Password management -# -#other password sufficient /usr/lib/security/pam_winbind.so -other password required /usr/lib/security/$ISA/pam_unix.so.1 -dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 -# -# Support for Kerberos V5 authentication (uncomment to use Kerberos) -# -#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1 -#other account optional /usr/lib/security/$ISA/pam_krb5.so.1 -#other session optional /usr/lib/security/$ISA/pam_krb5.so.1 -#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass Click OK. The Selection box will close. I also added a try_first_pass line after the winbind.so line to get rid of -annoying double prompts for passwords.Now click on the 'Ok' button to create the profile in the path you +nominated. Done. You now have a profile that can be editted using the samba-3.0.0 +profiles tool. Now restart your Samba and try connecting through your application that you -configured in the pam.conf.Under NT/2K the use of mandotory profiles forces the use of MS Exchange +storage of mail data. That keeps desktop profiles usable. 16.6. Limitations Winbind has a number of limitations in its current - released version that we hope to overcome in future - releases: Winbind is currently only available for - the Linux, Solaris and IRIX operating systems, although ports to other operating - systems are certainly possible. For such ports to be feasible, - we require the C library of the target operating system to - support the Name Service Switch and Pluggable Authentication - Modules systems. This is becoming more common as NSS and - PAM gain support among UNIX vendors.This is a security check new to Windows XP (or maybe only +Windows XP service pack 1). It can be disabled via a group policy in +Active Directory. The policy is: "Computer Configuration\Administrative Templates\System\User +Profiles\Do not check for user ownership of Roaming Profile Folders" ...and it should be set to "Enabled". +Does the new version of samba have an Active Directory analogue? If so, +then you may be able to set the policy through this. If you cannot set group policies in samba, then you may be able to set +the policy locally on each machine. If you want to try this, then do +the following (N.B. I don't know for sure that this will work in the +same way as a domain group policy): The mappings of Windows NT RIDs to UNIX ids - is not made algorithmically and depends on the order in which - unmapped users or groups are seen by winbind. It may be difficult - to recover the mappings of rid to UNIX id mapping if the file - containing this information is corrupted or destroyed. On the XP workstation log in with an Administrator account. Currently the winbind PAM module does not take - into account possible workstation and logon time restrictions - that may be been set for Windows NT users, this is - instead up to the PDC to enforce. Click: "Start", "Run" Type: "mmc" Click: "OK" A Microsoft Management Console should appear. Click: File, "Add/Remove Snap-in...", "Add" Double-Click: "Group Policy" Click: "Finish", "Close" Click: "OK" In the "Console Root" window: Expand: "Local Computer Policy", "Computer Configuration", "Administrative Templates", "System", "User Profiles" Double-Click: "Do not check for user ownership of Roaming Profile Folders" Select: "Enabled" Click: OK" Close the whole console. You do not need to save the settings (this +refers to the console settings rather than the policies you have +changed). Reboot 16.7. Conclusion The winbind system, through the use of the Name Service - Switch, Pluggable Authentication Modules, and appropriate - Microsoft RPC calls have allowed us to provide seamless - integration of Microsoft Windows NT domain users on a - UNIX system. The result is a great reduction in the administrative - cost of running a mixed UNIX and NT network. Chapter 17. Integrating MS Windows networks with SambaChapter 19. Integrating MS Windows networks with SambaThis section deals with NetBIOS over TCP/IP name to IP address resolution. If you your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this @@ -14743,8 +14914,8 @@ CLASS="SECT1" > 17.1. Name Resolution in a pure Unix/Linux world19.1. Name Resolution in a pure Unix/Linux world The key configuration files covered in this section are: 17.1.1. 19.1.1. /etc/hosts 17.1.2. 19.1.2. /etc/resolv.conf 17.1.3. 19.1.3. /etc/host.conf 17.1.4. 19.1.4. /etc/nsswitch.conf 17.2. Name resolution as used within MS Windows networking19.2. Name resolution as used within MS Windows networking MS Windows networking is predicated about the name each machine @@ -15087,8 +15258,8 @@ CLASS="SECT2" > 17.2.1. The NetBIOS Name Cache19.2.1. The NetBIOS Name Cache All MS Windows machines employ an in memory buffer in which is @@ -15114,8 +15285,8 @@ CLASS="SECT2" > 17.2.2. The LMHOSTS file19.2.2. The LMHOSTS file This file is usually located in MS Windows NT 4.0 or @@ -15217,8 +15388,8 @@ CLASS="SECT2" > 17.2.3. HOSTS file19.2.3. HOSTS file This file is usually located in MS Windows NT 4.0 or 2000 in @@ -15239,8 +15410,8 @@ CLASS="SECT2" > 17.2.4. DNS Lookup19.2.4. DNS Lookup This capability is configured in the TCP/IP setup area in the network @@ -15259,8 +15430,8 @@ CLASS="SECT2" > 17.2.5. WINS Lookup19.2.5. WINS Lookup A WINS (Windows Internet Name Server) service is the equivaent of the @@ -15302,14 +15473,14 @@ CLASS="CHAPTER" >Chapter 18. Improved browsing in samba Chapter 20. Improved browsing in samba 18.1. Overview of browsing20.1. Overview of browsing SMB networking provides a mechanism by which clients can access a list @@ -15337,8 +15508,8 @@ CLASS="SECT1" > 18.2. Browsing support in samba20.2. Browsing support in samba Samba facilitates browsing. The browsing is supported by nmbd @@ -15380,8 +15551,8 @@ CLASS="SECT1" > 18.3. Problem resolution20.3. Problem resolution If something doesn't work then hopefully the log.nmb file will help @@ -15427,8 +15598,8 @@ CLASS="SECT1" > 18.4. Browsing across subnets20.4. Browsing across subnets Since the release of Samba 1.9.17(alpha1) Samba has been @@ -15458,8 +15629,8 @@ CLASS="SECT2" > 18.4.1. How does cross subnet browsing work ?20.4.1. How does cross subnet browsing work ? Cross subnet browsing is a complicated dance, containing multiple @@ -15669,8 +15840,8 @@ CLASS="SECT1" > 18.5. Setting up a WINS server20.5. Setting up a WINS server Either a Samba machine or a Windows NT Server machine may be set up @@ -15752,8 +15923,8 @@ CLASS="SECT1" > 18.6. Setting up Browsing in a WORKGROUP20.6. Setting up Browsing in a WORKGROUP To set up cross subnet browsing on a network containing machines @@ -15837,8 +16008,8 @@ CLASS="SECT1" > 18.7. Setting up Browsing in a DOMAIN20.7. Setting up Browsing in a DOMAIN If you are adding Samba servers to a Windows NT Domain then @@ -15888,8 +16059,8 @@ CLASS="SECT1" > 18.8. Forcing samba to be the master20.8. Forcing samba to be the master Who becomes the "master browser" is determined by an election process @@ -15936,8 +16107,8 @@ CLASS="SECT1" > 18.9. Making samba the domain master20.9. Making samba the domain master The domain master is responsible for collating the browse lists of @@ -16009,8 +16180,8 @@ CLASS="SECT1" > 18.10. Note about broadcast addresses20.10. Note about broadcast addresses If your network uses a "0" based broadcast address (for example if it @@ -16023,8 +16194,8 @@ CLASS="SECT1" > 18.11. Multiple interfaces20.11. Multiple interfaces Samba now supports machines with multiple network interfaces. If you @@ -16038,14 +16209,14 @@ CLASS="CHAPTER" >Chapter 19. Hosting a Microsoft Distributed File System tree on Samba Chapter 21. Hosting a Microsoft Distributed File System tree on Samba19.1. Instructions21.1. Instructions The Distributed File System (or Dfs) provides a means of @@ -16176,8 +16347,8 @@ CLASS="SECT2" > 19.1.1. Notes21.1.1. Notes Chapter 20. Stackable VFS modulesChapter 22. Stackable VFS modules20.1. Introduction and configuration22.1. Introduction and configuration Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -16258,16 +16429,16 @@ CLASS="SECT1" > 20.2. Included modules22.2. Included modules 20.2.1. audit22.2.1. audit A simple module to audit file access to the syslog @@ -16304,8 +16475,8 @@ CLASS="SECT2" > 20.2.2. recycle22.2.2. recycle A recycle-bin like modules. When used any unlink call @@ -16375,8 +16546,8 @@ CLASS="SECT2" > 20.2.3. netatalk22.2.3. netatalk A netatalk module, that will ease co-existence of samba and @@ -16408,8 +16579,8 @@ CLASS="SECT1" > 20.3. VFS modules available elsewhere22.3. VFS modules available elsewhere This section contains a listing of various other VFS modules that @@ -16424,8 +16595,8 @@ CLASS="SECT2" > 20.3.1. DatabaseFS22.3.1. DatabaseFS URL: 20.3.2. vscan22.3.2. vscan URL: Chapter 21. Securing SambaChapter 23. Securing Samba 21.1. Introduction23.1. Introduction This note was attached to the Samba 2.2.8 release notes as it contained an @@ -16501,8 +16672,8 @@ CLASS="SECT1" > 21.2. Using host based protection23.2. Using host based protection In many installations of Samba the greatest threat comes for outside @@ -16533,8 +16704,8 @@ CLASS="SECT1" > 21.3. Using interface protection23.3. Using interface protection By default Samba will accept connections on any network interface that @@ -16569,8 +16740,8 @@ CLASS="SECT1" > 21.4. Using a firewall23.4. Using a firewall Many people use a firewall to deny access to services that they don't @@ -16599,8 +16770,8 @@ CLASS="SECT1" > 21.5. Using a IPC$ share deny23.5. Using a IPC$ share deny If the above methods are not suitable, then you could also place a @@ -16638,8 +16809,8 @@ CLASS="SECT1" > 21.6. Upgrading Samba23.6. Upgrading Samba Please check regularly on http://www.samba.org/ for updates and @@ -16654,14 +16825,14 @@ CLASS="CHAPTER" >Chapter 22. Unicode/CharsetsChapter 24. Unicode/Charsets 22.1. What are charsets and unicode?24.1. What are charsets and unicode? Computers communicate in numbers. In texts, each number will be @@ -16710,8 +16881,8 @@ CLASS="SECT1" > 22.2. Samba and charsets24.2. Samba and charsets As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, @@ -16786,101 +16957,101 @@ CLASS="TOC" >Table of Contents 23. 25. Samba performance issues 23.1. 25.1. Comparisons 23.2. 25.2. Socket options 23.3. 25.3. Read size 23.4. 25.4. Max xmit 23.5. 25.5. Log level 23.6. 25.6. Read raw 23.7. 25.7. Write raw 23.8. 25.8. Slow Clients 23.9. 25.9. Slow Logins 23.10. 25.10. Client tuning 24. 26. Portability 24.1. 26.1. HPUX 24.2. 26.2. SCO Unix 24.3. 26.3. DNIX 24.4. 26.4. RedHat Linux Rembrandt-II 24.5. 26.5. AIX 24.5.1. 26.5.1. Sequential Read Ahead 25. 27. Samba and other CIFS clients 25.1. 27.1. Macintosh clients? 25.2. 27.2. OS2 Client 25.2.1. 27.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? 25.2.2. 27.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba? 25.2.3. 27.2.3. Are there any other issues when OS/2 (any version) is used as a client? 25.2.4. 27.2.4. How do I get printer driver download working for OS/2 clients? 25.3. 27.3. Windows for Workgroups 25.3.1. 27.3.1. Use latest TCP/IP stack from Microsoft 25.3.2. 27.3.2. Delete .pwl files after password change 25.3.3. 27.3.3. Configure WfW password handling 25.3.4. 27.3.4. Case handling of passwords 25.3.5. 27.3.5. Use TCP/IP as default protocol 25.4. 27.4. Windows '95/'98 25.5. 27.5. Windows 2000 Service Pack 2 26. 28. How to compile SAMBA 26.1. 28.1. Access Samba source code via CVS 26.1.1. 28.1.1. Introduction 26.1.2. 28.1.2. CVS Access to samba.org 26.2. 28.2. Accessing the samba sources via rsync and ftp 26.3. 28.3. Building the Binaries 26.3.1. 28.3.1. Compiling samba with Active Directory support 26.4. 28.4. Starting the smbd and nmbd 26.4.1. 28.4.1. Starting from inetd.conf 26.4.2. 28.4.2. Alternative: starting it as a daemon 27. 29. Reporting Bugs 27.1. 29.1. Introduction 27.2. 29.2. General info 27.3. 29.3. Debug levels 27.4. 29.4. Internal errors 27.5. 29.5. Attaching to a running process 27.6. 29.6. Patches 28. 30. The samba checklist 28.1. 30.1. Introduction 28.2. 30.2. Assumptions 28.3. 30.3. Tests 28.3.1. 30.3.1. Test 1 28.3.2. 30.3.2. Test 2 28.3.3. 30.3.3. Test 3 28.3.4. 30.3.4. Test 4 28.3.5. 30.3.5. Test 5 28.3.6. 30.3.6. Test 6 28.3.7. 30.3.7. Test 7 28.3.8. 30.3.8. Test 8 28.3.9. 30.3.9. Test 9 28.3.10. 30.3.10. Test 10 28.3.11. 30.3.11. Test 11 28.4. 30.4. Still having troubles? Chapter 23. Samba performance issuesChapter 25. Samba performance issues23.1. Comparisons25.1. Comparisons The Samba server uses TCP to talk to the client. Thus if you are @@ -17217,8 +17388,8 @@ CLASS="SECT1" > 23.2. Socket options25.2. Socket options There are a number of socket options that can greatly affect the @@ -17245,8 +17416,8 @@ CLASS="SECT1" > 23.3. Read size25.3. Read size The option "read size" affects the overlap of disk reads/writes with @@ -17271,8 +17442,8 @@ CLASS="SECT1" > 23.4. Max xmit25.4. Max xmit At startup the client and server negotiate a "maximum transmit" size, @@ -17294,8 +17465,8 @@ CLASS="SECT1" > 23.5. Log level25.5. Log level If you set the log level (also known as "debug level") higher than 2 @@ -17308,8 +17479,8 @@ CLASS="SECT1" > 23.6. Read raw25.6. Read raw The "read raw" operation is designed to be an optimised, low-latency @@ -17330,8 +17501,8 @@ CLASS="SECT1" > 23.7. Write raw25.7. Write raw The "write raw" operation is designed to be an optimised, low-latency @@ -17347,8 +17518,8 @@ CLASS="SECT1" > 23.8. Slow Clients25.8. Slow Clients One person has reported that setting the protocol to COREPLUS rather @@ -17364,8 +17535,8 @@ CLASS="SECT1" > 23.9. Slow Logins25.9. Slow Logins Slow logins are almost always due to the password checking time. Using @@ -17377,8 +17548,8 @@ CLASS="SECT1" > 23.10. Client tuning25.10. Client tuning Often a speed problem can be traced to the client. The client (for @@ -17485,7 +17656,7 @@ CLASS="CHAPTER" >Chapter 24. PortabilityChapter 26. Portability Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -17495,8 +17666,8 @@ CLASS="SECT1" > 24.1. HPUX26.1. HPUX HP's implementation of supplementary groups is, er, non-standard (for @@ -17525,8 +17696,8 @@ CLASS="SECT1" > 24.2. SCO Unix26.2. SCO Unix @@ -17542,8 +17713,8 @@ CLASS="SECT1" > 24.3. DNIX26.3. DNIX DNIX has a problem with seteuid() and setegid(). These routines are @@ -17649,8 +17820,8 @@ CLASS="SECT1" > 24.4. RedHat Linux Rembrandt-II26.4. RedHat Linux Rembrandt-II By default RedHat Rembrandt-II during installation adds an @@ -17673,16 +17844,16 @@ CLASS="SECT1" > 24.5. AIX26.5. AIX 24.5.1. Sequential Read Ahead26.5.1. Sequential Read Ahead Disabling Sequential Read Ahead using "vmtune -r 0" improves @@ -17696,7 +17867,7 @@ CLASS="CHAPTER" >Chapter 25. Samba and other CIFS clientsChapter 27. Samba and other CIFS clients This chapter contains client-specific information. 25.1. Macintosh clients?27.1. Macintosh clients? Yes. 25.2. OS2 Client27.2. OS2 Client 25.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN3644" +>27.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? 25.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN3659" +>27.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba? 25.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN3668" +>27.2.3. Are there any other issues when OS/2 (any version) is used as a client? 25.2.4. How do I get printer driver download working +NAME="AEN3672" +>27.2.4. How do I get printer driver download working for OS/2 clients? 25.3. Windows for Workgroups27.3. Windows for Workgroups 25.3.1. Use latest TCP/IP stack from Microsoft27.3.1. Use latest TCP/IP stack from Microsoft Use the latest TCP/IP stack from microsoft if you use Windows @@ -17960,8 +18131,8 @@ CLASS="SECT2" > 25.3.2. Delete .pwl files after password change27.3.2. Delete .pwl files after password change WfWg does a lousy job with passwords. I find that if I change my @@ -17980,8 +18151,8 @@ CLASS="SECT2" > 25.3.3. Configure WfW password handling27.3.3. Configure WfW password handling There is a program call admincfg.exe @@ -17999,8 +18170,8 @@ CLASS="SECT2" > 25.3.4. Case handling of passwords27.3.4. Case handling of passwords Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the 25.3.5. Use TCP/IP as default protocol27.3.5. Use TCP/IP as default protocol To support print queue reporting you may find @@ -18033,8 +18204,8 @@ CLASS="SECT1" > 25.4. Windows '95/'9827.4. Windows '95/'98 When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -18081,8 +18252,8 @@ CLASS="SECT1" > 25.5. Windows 2000 Service Pack 227.5. Windows 2000 Service Pack 2 @@ -18165,7 +18336,7 @@ CLASS="CHAPTER" >Chapter 26. How to compile SAMBAChapter 28. How to compile SAMBA You can obtain the samba source from the 26.1. Access Samba source code via CVS28.1. Access Samba source code via CVS 26.1.1. Introduction28.1.1. Introduction Samba is developed in an open environment. Developers use CVS @@ -18208,8 +18379,8 @@ CLASS="SECT2" > 26.1.2. CVS Access to samba.org28.1.2. CVS Access to samba.org The machine samba.org runs a publicly accessible CVS @@ -18221,8 +18392,8 @@ CLASS="SECT3" > 26.1.2.1. Access via CVSweb28.1.2.1. Access via CVSweb You can access the source code via your @@ -18242,8 +18413,8 @@ CLASS="SECT3" > 26.1.2.2. Access via cvs28.1.2.2. Access via cvs You can also access the source code via a @@ -18347,8 +18518,8 @@ CLASS="SECT1" > 26.2. Accessing the samba sources via rsync and ftp28.2. Accessing the samba sources via rsync and ftp pserver.samba.org also exports unpacked copies of most parts of the CVS tree at 26.3. Building the Binaries28.3. Building the Binaries To do this, first run the program 26.3.1. Compiling samba with Active Directory support28.3.1. Compiling samba with Active Directory support In order to compile samba with ADS support, you need to have installed @@ -18511,8 +18682,8 @@ CLASS="SECT3" > 26.3.1.1. Installing the required packages for Debian28.3.1.1. Installing the required packages for Debian On Debian you need to install the following packages: 26.3.1.2. Installing the required packages for RedHat28.3.1.2. Installing the required packages for RedHat On RedHat this means you should have at least: 26.4. Starting the smbd and nmbd28.4. Starting the smbd and nmbd You must choose to start smbd and nmbd either @@ -18624,8 +18795,8 @@ CLASS="SECT2" > 26.4.1. Starting from inetd.conf28.4.1. Starting from inetd.conf NOTE; The following will be different if @@ -18724,8 +18895,8 @@ CLASS="SECT2" > 26.4.2. Alternative: starting it as a daemon28.4.2. Alternative: starting it as a daemon To start the server as a daemon you should create @@ -18783,14 +18954,14 @@ CLASS="CHAPTER" >Chapter 27. Reporting BugsChapter 29. Reporting Bugs 27.1. Introduction29.1. Introduction The email address for bug reports for stable releases is 27.2. General info29.2. General info Before submitting a bug report check your config for silly @@ -18859,8 +19030,8 @@ CLASS="SECT1" > 27.3. Debug levels29.3. Debug levels If the bug has anything to do with Samba behaving incorrectly as a @@ -18929,8 +19100,8 @@ CLASS="SECT1" > 27.4. Internal errors29.4. Internal errors If you get a "INTERNAL ERROR" message in your log files it means that @@ -18973,8 +19144,8 @@ CLASS="SECT1" > 27.5. Attaching to a running process29.5. Attaching to a running process Unfortunately some unixes (in particular some recent linux kernels) @@ -18990,8 +19161,8 @@ CLASS="SECT1" > 27.6. Patches29.6. Patches The best sort of bug report is one that includes a fix! If you send us @@ -19013,14 +19184,14 @@ CLASS="CHAPTER" >Chapter 28. The samba checklistChapter 30. The samba checklist 28.1. Introduction30.1. Introduction This file contains a list of tests you can perform to validate your @@ -19041,8 +19212,8 @@ CLASS="SECT1" > 28.2. Assumptions30.2. Assumptions In all of the tests it is assumed you have a Samba server called @@ -19079,16 +19250,16 @@ CLASS="SECT1" > 28.3. Tests30.3. Tests 28.3.1. Test 130.3.1. Test 1 In the directory in which you store your smb.conf file, run the command @@ -19109,8 +19280,8 @@ CLASS="SECT2" > 28.3.2. Test 230.3.2. Test 2 Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from @@ -19135,8 +19306,8 @@ CLASS="SECT2" > 28.3.3. Test 330.3.3. Test 3 Run the command "smbclient -L BIGSERVER" on the unix box. You @@ -19206,8 +19377,8 @@ CLASS="SECT2" > 28.3.4. Test 430.3.4. Test 4 Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the @@ -19227,8 +19398,8 @@ CLASS="SECT2" > 28.3.5. Test 530.3.5. Test 5 run the command 28.3.6. Test 630.3.6. Test 6 Run the command 28.3.7. Test 730.3.7. Test 7 Run the command 28.3.8. Test 830.3.8. Test 8 On the PC type the command 28.3.9. Test 930.3.9. Test 9 Run the command 28.3.10. Test 1030.3.10. Test 10 Run the command 28.3.11. Test 1130.3.11. Test 11 From file manager try to browse the server. Your samba server should @@ -19519,8 +19690,8 @@ CLASS="SECT1" > 28.4. Still having troubles?30.4. Still having troubles? Try the mailing list or newsgroup, or use the ethereal utility to diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1 index d45c3ab8fe..e61eacc597 100644 --- a/docs/manpages/findsmb.1 +++ b/docs/manpages/findsmb.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "FINDSMB" "1" "24 March 2003" "" "" +.TH "FINDSMB" "1" "03 april 2003" "" "" .SH NAME findsmb \- list info about machines that respond to SMB name queries on a subnet diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5 index 76d48f8e1e..3042a9c522 100644 --- a/docs/manpages/lmhosts.5 +++ b/docs/manpages/lmhosts.5 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "LMHOSTS" "5" "24 March 2003" "" "" +.TH "LMHOSTS" "5" "03 april 2003" "" "" .SH NAME lmhosts \- The Samba NetBIOS hosts file diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 index 8ade7f5c4a..71e0087d40 100644 --- a/docs/manpages/net.8 +++ b/docs/manpages/net.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NET" "8" "24 March 2003" "" "" +.TH "NET" "8" "03 april 2003" "" "" .SH NAME net \- Tool for administration of Samba and remote CIFS servers. diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 6906231177..bd263fcf15 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NMBD" "8" "30 March 2003" "" "" +.TH "NMBD" "8" "03 april 2003" "" "" .SH NAME nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index 653aa6f663..08ddd1c133 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NMBLOOKUP" "1" "24 March 2003" "" "" +.TH "NMBLOOKUP" "1" "03 april 2003" "" "" .SH NAME nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index 0f48988600..fe32547e92 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "PDBEDIT" "8" "30 March 2003" "" "" +.TH "PDBEDIT" "8" "03 april 2003" "" "" .SH NAME pdbedit \- manage the SAM database diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index a359d6772f..76e606240f 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "RPCCLIENT" "1" "24 March 2003" "" "" +.TH "RPCCLIENT" "1" "03 april 2003" "" "" .SH NAME rpcclient \- tool for executing client side MS-RPC functions @@ -116,10 +116,10 @@ domain = Make certain that the permissions on the file restrict access from unwanted users. .TP -\fB-U|--user=username[&%;password]\fR +\fB-U|--user=username[%password]\fR Sets the SMB username or username and password. -If &%;password is not specified, the user will be prompted. The +If %password is not specified, the user will be prompted. The client will first check the \fBUSER\fR environment variable, then the \fBLOGNAME\fR variable and if either exists, the string is uppercased. If these environmental variables are not diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index 6703cb95ce..e2a6132d18 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SAMBA" "7" "24 March 2003" "" "" +.TH "SAMBA" "7" "03 april 2003" "" "" .SH NAME Samba \- A Windows SMB/CIFS fileserver for UNIX diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index ddcc2d24e5..719bd64512 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMB.CONF" "5" "30 March 2003" "" "" +.TH "SMB.CONF" "5" "03 april 2003" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite @@ -256,12 +256,15 @@ An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines, components (if there are more than one) are separated by vertical bar symbols ('|'). -.PP -NOTE: On SYSV systems which use lpstat to determine what +.sp +.RS +.B "Note:" +On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use "printcap name = lpstat" to automatically obtain a list of printers. See the "printcap name" option for more details. +.RE .SH "PARAMETERS" .PP parameters define the specific attributes of sections. @@ -664,9 +667,6 @@ each parameter for details. Note that some are synonyms. \fIldap delete dn\fR .TP 0.2i \(bu -\fIldap del only sam attr\fR -.TP 0.2i -\(bu \fIldap filter\fR .TP 0.2i \(bu @@ -928,6 +928,9 @@ each parameter for details. Note that some are synonyms. \fIserver string\fR .TP 0.2i \(bu +\fIset primary group script\fR +.TP 0.2i +\(bu \fIshow add printer wizard\fR .TP 0.2i \(bu @@ -3027,9 +3030,12 @@ and the program will extract the servername from before the first ':'. There should probably be a better parsing system that copes with different map formats and also Amd (another automounter) maps. - -\fBNOTE :\fRA working NIS client is required on +.sp +.RS +.B "Note:" +A working NIS client is required on the system for this option to work. +.RE See also \fInis homedir\fR , \fIdomain logons\fR @@ -3139,8 +3145,10 @@ and users who will be allowed access without specifying a password. This is not be confused with \fIhosts allow\fR which is about hosts access to services and is more useful for guest services. \fI hosts equiv\fR may be useful for NT clients which will not supply passwords to Samba. - -\fBNOTE :\fR The use of \fIhosts equiv +.sp +.RS +.B "Note:" +The use of \fIhosts equiv \fR can be a major security hole. This is because you are trusting the PC to supply the correct username. It is very easy to get a PC to supply a false username. I recommend that the @@ -3148,6 +3156,7 @@ get a PC to supply a false username. I recommend that the know what you are doing, or perhaps on a home network where you trust your spouse and kids. And only if you \fBreally\fR trust them :-). +.RE Default: \fBno host equivalences\fR @@ -3354,16 +3363,13 @@ stored in the \fIprivate/secrets.tdb\fR file. See the \fBsmbpasswd\fR(8) man page for more information on how to accmplish this. .TP -\fB>ldap del only sam attr (G)\fR +\fB>ldap delete dn (G)\fR This parameter specifies whether a delete operation in the ldapsam deletes the complete entry or only the attributes specific to Samba. Default : \fBldap delete dn = no\fR .TP -\fB>ldap del only sam attr (G)\fR -Inverted synonym for \fI ldap delete dn\fR. -.TP \fB>ldap filter (G)\fR This parameter specifies the RFC 2254 compliant LDAP search filter. The default is to match the login name with the uid @@ -4667,10 +4673,13 @@ the storage of passwords for users who don't exist in /etc/passwd. This is most often used for machine account creation. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise. - -NOTE: These userids never appear on the system and Samba will never +.sp +.RS +.B "Note:" +These userids never appear on the system and Samba will never \&'become' these users. They are used only to ensure that the algorithmic RID mapping does not conflict with normal users. +.RE Default: \fBnon unix account range = \fR @@ -5139,11 +5148,14 @@ by any method and order described in that parameter. The password server must be a machine capable of using the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user level security mode. - -\fBNOTE:\fR Using a password server +.sp +.RS +.B "Note:" +Using a password server means your UNIX box (running Samba) is only as secure as your password server. \fBDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST\fR. +.RE Never point a Samba server at itself for password serving. This will cause a loop and could lock up your Samba @@ -5500,11 +5512,14 @@ print5|My Printer 5 where the '|' separates aliases of a printer. The fact that the second alias has a space in it gives a hint to Samba that it's a comment. - -\fBNOTE\fR: Under AIX the default printcap +.sp +.RS +.B "Note:" +Under AIX the default printcap name is \fI/etc/qconfig\fR. Samba will assume the file is in AIX \fIqconfig\fR format if the string \fIqconfig\fR appears in the printcap filename. +.RE Default: \fBprintcap name = /etc/printcap\fR @@ -6110,6 +6125,22 @@ Default: \fBserver string = Samba %v\fR Example: \fBserver string = University of GNUs Samba Server\fR .TP +\fB>set primary group script (G)\fR +Thanks to the Posix subsystem in NT a +Windows User has a primary group in addition to the +auxiliary groups. This script sets the primary group +in the unix userdatase when an administrator sets the +primary group from the windows user manager or when +fetching a SAM with \fBnet rpc +vampire\fR. \fI%u\fR will be +replaced with the user whose primary group is to be +set. \fI%g\fR will be replaced with +the group to set. + +Default: \fBNo default value\fR + +Example: \fBset primary group script = /usr/sbin/usermod -g '%g' '%u'\fR +.TP \fB>set directory (S)\fR If \fBset directory = no\fR, then users of the service may not use the setdir command to change @@ -7163,16 +7194,29 @@ your network then you should set this to the WINS server's IP. You should point this at your WINS server if you have a multi-subnetted network. -\fBNOTE\fR. You need to set up Samba to point +If you want to work in multiple namespaces, you can +give every wins server a 'tag'. For each tag, only one +(working) server will be queried for a name. The tag should be +seperated from the ip address by a colon. +.sp +.RS +.B "Note:" +You need to set up Samba to point to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly. +.RE -See the documentation file BROWSING -in the docs/ directory of your Samba source distribution. +See the documentation file Browsing in the samba howto collection. Default: \fBnot enabled\fR -Example: \fBwins server = 192.9.200.1\fR +Example: \fBwins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61\fR + +For this example when querying a certain name, 192.19.200.1 will +be asked first and if that doesn't respond 192.168.2.61. If either +of those doesn't know the name 192.168.3.199 will be queried. + +Example: \fBwins server = 192.9.200.1 192.168.2.61\fR .TP \fB>wins support (G)\fR This boolean controls if the \fBnmbd\fR(8) process in Samba will act as a WINS server. You should diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 index b38c2adf8a..69d9cd9f1a 100644 --- a/docs/manpages/smbcacls.1 +++ b/docs/manpages/smbcacls.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCACLS" "1" "24 March 2003" "" "" +.TH "SMBCACLS" "1" "03 april 2003" "" "" .SH NAME smbcacls \- Set or get ACLs on an NT file or directory names diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 6ba48185a3..72747a74c2 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCLIENT" "1" "24 March 2003" "" "" +.TH "SMBCLIENT" "1" "03 april 2003" "" "" .SH NAME smbclient \- ftp-like client to access SMB/CIFS resources on servers @@ -290,10 +290,10 @@ domain = Make certain that the permissions on the file restrict access from unwanted users. .TP -\fB-U|--user=username[&%;password]\fR +\fB-U|--user=username[%password]\fR Sets the SMB username or username and password. -If &%;password is not specified, the user will be prompted. The +If %password is not specified, the user will be prompted. The client will first check the \fBUSER\fR environment variable, then the \fBLOGNAME\fR variable and if either exists, the string is uppercased. If these environmental variables are not diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index a4fe043f3c..5b612b1b13 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -3,13 +3,13 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCONTROL" "1" "24 March 2003" "" "" +.TH "SMBCONTROL" "1" "03 april 2003" "" "" .SH NAME smbcontrol \- send messages to smbd, nmbd or winbindd processes .SH SYNOPSIS -\fBsmbcontrol\fR [ \fB-i\fR ] +\fBsmbcontrol\fR [ \fB-i\fR ] [ \fB-s\fR ] \fBsmbcontrol\fR [ \fBdestination\fR ] [ \fBmessage-type\fR ] [ \fBparameter\fR ] @@ -22,6 +22,19 @@ This tool is part of the \fBSamba\fR(7) suite. sends messages to a \fBsmbd\fR(8), a \fBnmbd\fR(8), or a \fBwinbindd\fR(8) daemon running on the system. .SH "OPTIONS" .TP +\fB-h|--help\fR +Print a summary of command line options. +.TP +\fB-s \fR +The file specified contains the +configuration details required by the server. The +information in this file includes server-specific +information such as what printcap file to use, as well +as descriptions of all the services that the server is +to provide. See \fIsmb.conf(5)\fR for more information. +The default configuration file name is determined at +compile time. +.TP \fB-i\fR Run interactively. Individual commands of the form destination message-type parameters can be entered @@ -42,57 +55,56 @@ If a single process ID is given, the message is sent to only that process. .TP \fBmessage-type\fR -One of: close-share, -debug, -force-election, ping -, profile, debuglevel, profilelevel, -or printnotify. - -The close-share message-type sends a -message to smbd which will then close the client connections to -the named share. Note that this doesn't affect client connections -to any other shares. This message-type takes an argument of the +Type of message to send. See +the section MESSAGE-TYPES for details. +.TP +\fBparameters\fR +any parameters required for the message-type +.SH "MESSAGE-TYPES" +.PP +Available message types are: +.TP +\fBclose-share\fR +Order smbd to close the client +connections to the named share. Note that this doesn't affect client +connections to any other shares. This message-type takes an argument of the share name for which client connections will be closed, or the "*" character which will close all currently open shares. This may be useful if you made changes to the access controls on the share. This message can only be sent to smbd. - -The debug message-type allows -the debug level to be set to the value specified by the +.TP +\fBdebug\fR +Set debug level to the value specified by the parameter. This can be sent to any of the destinations. - -The force-election message-type can only be -sent to the nmbd destination. This message -causes the \fBnmbd\fR daemon to force a new browse -master election. - -The ping message-type sends the -number of "ping" messages specified by the parameter and waits -for the same number of reply "pong" messages. This can be sent to +.TP +\fBforce-election\fR +This message causes the \fBnmbd\fR daemon to +force a new browse master election. +.TP +\fBping\fR +Send specified number of "ping" messages and +wait for the same number of reply "pong" messages. This can be sent to any of the destinations. - -The profile message-type sends a -message to an smbd to change the profile settings based on the +.TP +\fBprofile\fR +Change profile settings of a daemon, based on the parameter. The parameter can be "on" to turn on profile stats collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats. This can be sent to any smbd or nmbd destinations. - -The debuglevel message-type sends -a "request debug level" message. The current debug level setting -is returned by a "debuglevel" message. This can be -sent to any of the destinations. - -The profilelevel message-type sends -a "request profile level" message. The current profile level -setting is returned by a "profilelevel" message. This can be sent -to any smbd or nmbd destinations. - -The printnotify message-type sends a -message to smbd which in turn sends a printer notify message to -any Windows NT clients connected to a printer. This message-type -takes the following arguments: +.TP +\fBdebuglevel\fR +Request debuglevel of a certain daemon and write it to stdout. This +can be sent to any of the destinations. +.TP +\fBprofilelevel\fR +Request profilelevel of a certain daemon and write it to stdout. +This can be sent to any smbd or nmbd destinations. +.TP +\fBprintnotify\fR +Order smbd to send a printer notify message to any Windows NT clients +connected to a printer. This message-type takes the following arguments: .RS .TP \fBqueuepause printername\fR @@ -118,16 +130,46 @@ Send a job delete change notify message for the printer and unix jobid specified. .RE + Note that this message only sends notification that an event has occured. It doesn't actually cause the event to happen. + This message can only be sent to smbd. .TP -\fBparameters\fR -any parameters required for the message-type +\fBsamsync\fR +Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to smbd. +.sp +.RS +.B "Note:" +Not working at the moment +.RE +.TP +\fBsamrepl\fR +Send sam replication message, with specified serial. Can only be sent to smbd. Should not be used manually. +.TP +\fBdmalloc-mark\fR +Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. +.TP +\fBdmalloc-log-changed\fR +Dump the pointers that have changed since the mark set by dmalloc-mark. +Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. +.TP +\fBshutdown\fR +Shut down specified daemon. Can be sent to both smbd and nmbd. +.TP +\fBtallocdump and pool-usage\fR +Print a human-readable description of all +talloc(pool) memory usage by the specified daemon/process. Available +for both smbd and nmbd. +.TP +\fBdrvupgrade\fR +Force clients of printers using specified driver +to update their local version of the driver. Can only be +sent to smbd. .SH "VERSION" .PP -This man page is correct for version 2.2 of +This man page is correct for version 3.0 of the Samba suite. .SH "SEE ALSO" .PP diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index ef498cbf64..4f99c18f52 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBD" "8" "24 March 2003" "" "" +.TH "SMBD" "8" "03 april 2003" "" "" .SH NAME smbd \- server to provide SMB/CIFS services to clients diff --git a/docs/manpages/smbgroupedit.8 b/docs/manpages/smbgroupedit.8 index df8b4e30db..6b9bd7e37d 100644 --- a/docs/manpages/smbgroupedit.8 +++ b/docs/manpages/smbgroupedit.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBGROUPEDIT" "8" "24 March 2003" "" "" +.TH "SMBGROUPEDIT" "8" "03 april 2003" "" "" .SH NAME smbgroupedit \- Query/set/change UNIX - Windows NT group mapping diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8 index 9d88e28655..c17d15261a 100644 --- a/docs/manpages/smbmnt.8 +++ b/docs/manpages/smbmnt.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBMNT" "8" "24 March 2003" "" "" +.TH "SMBMNT" "8" "03 april 2003" "" "" .SH NAME smbmnt \- helper utility for mounting SMB filesystems diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index f34ec152af..344fc5e0cd 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBMOUNT" "8" "24 March 2003" "" "" +.TH "SMBMOUNT" "8" "03 april 2003" "" "" .SH NAME smbmount \- mount an smbfs filesystem diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 index 0556c8d4dd..1eb8d3f204 100644 --- a/docs/manpages/smbpasswd.5 +++ b/docs/manpages/smbpasswd.5 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBPASSWD" "5" "24 March 2003" "" "" +.TH "SMBPASSWD" "5" "03 april 2003" "" "" .SH NAME smbpasswd \- The Samba encrypted password file diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index 3ebaa4f8c9..8d4598895f 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBPASSWD" "8" "24 March 2003" "" "" +.TH "SMBPASSWD" "8" "03 april 2003" "" "" .SH NAME smbpasswd \- change a user's SMB password diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 0f7ed1d290..d2770d410a 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSH" "1" "30 March 2003" "" "" +.TH "SMBSH" "1" "03 april 2003" "" "" .SH NAME smbsh \- Allows access to Windows NT filesystem using UNIX commands diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8 index 2417a1ee2e..7ee3a465b3 100644 --- a/docs/manpages/smbspool.8 +++ b/docs/manpages/smbspool.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSPOOL" "8" "24 March 2003" "" "" +.TH "SMBSPOOL" "8" "03 april 2003" "" "" .SH NAME smbspool \- send a print file to an SMB printer diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index 5cc6811188..133de67ab6 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSTATUS" "1" "24 March 2003" "" "" +.TH "SMBSTATUS" "1" "03 april 2003" "" "" .SH NAME smbstatus \- report on current Samba connections diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index 20a261a2b3..bef59c21ac 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBTAR" "1" "24 March 2003" "" "" +.TH "SMBTAR" "1" "03 april 2003" "" "" .SH NAME smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8 index 21f5545cea..6a2f04cfd5 100644 --- a/docs/manpages/smbumount.8 +++ b/docs/manpages/smbumount.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBUMOUNT" "8" "24 March 2003" "" "" +.TH "SMBUMOUNT" "8" "03 april 2003" "" "" .SH NAME smbumount \- smbfs umount for normal users diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 index a76db24100..47ad346fd7 100644 --- a/docs/manpages/swat.8 +++ b/docs/manpages/swat.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SWAT" "8" "24 March 2003" "" "" +.TH "SWAT" "8" "03 april 2003" "" "" .SH NAME swat \- Samba Web Administration Tool diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1 index cf91b23295..e9ecd565c9 100644 --- a/docs/manpages/testparm.1 +++ b/docs/manpages/testparm.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "TESTPARM" "1" "24 March 2003" "" "" +.TH "TESTPARM" "1" "03 april 2003" "" "" .SH NAME testparm \- check an smb.conf configuration file for internal correctness diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1 index 66f4a08f56..49ec423986 100644 --- a/docs/manpages/testprns.1 +++ b/docs/manpages/testprns.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "TESTPRNS" "1" "24 March 2003" "" "" +.TH "TESTPRNS" "1" "03 april 2003" "" "" .SH NAME testprns \- check printer name for validity with smbd diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1 index f123fcc9f3..71e07c58e6 100644 --- a/docs/manpages/vfstest.1 +++ b/docs/manpages/vfstest.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "VFSTEST" "1" "24 March 2003" "" "" +.TH "VFSTEST" "1" "03 april 2003" "" "" .SH NAME vfstest \- tool for testing samba VFS modules diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index d3ed336b47..5c4392e80e 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WBINFO" "1" "24 March 2003" "" "" +.TH "WBINFO" "1" "03 april 2003" "" "" .SH NAME wbinfo \- Query information from winbind daemon diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index 0a35a9264d..bccc5e04cd 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WINBINDD" "8" "30 March 2003" "" "" +.TH "WINBINDD" "8" "03 april 2003" "" "" .SH NAME winbindd \- Name Service Switch daemon for resolving names from NT servers @@ -241,7 +241,7 @@ Now replace the account lines with this: \fR .PP The next step is to join the domain. To do that use the -\fBsmbpasswd\fR program like this: +\fBnet\fR program like this: .PP \fBnet join -S PDC -U Administrator\fR .PP @@ -290,11 +290,6 @@ the list of trusted domains for the Windows NT server on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between servers, it must be sent a SIGHUP signal. .PP -Client processes resolving names through the \fBwinbindd\fR -nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR. If this variable contains a comma separated -list of Windows NT domain names, then winbindd will only resolve users -and groups within those Windows NT domains. -.PP PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system. @@ -338,6 +333,19 @@ if both the \fI/tmp/.winbindd\fR directory and \fI/tmp/.winbindd/pipe\fR file are owned by root. .TP +\fB$LOCKDIR/winbindd_privilaged/pipe\fR +The UNIX pipe over which 'privilaged' clients +communicate with the \fBwinbindd\fR program. For security +reasons, access to some winbindd functions - like those needed by +the \fBntlm_auth\fR utility - is restricted. By default, +only users in the 'root' group will get this access, however the administrator +may change the group permissions on $LOCKDIR/winbindd_privilaged to allow +programs like 'squid' to use ntlm_auth. +Note that the winbind client will only attempt to connect to the winbindd daemon +if both the \fI$LOCKDIR/winbindd_privilaged\fR directory +and \fI$LOCKDIR/winbindd_privilaged/pipe\fR file are owned by +root. +.TP \fB/lib/libnss_winbind.so.X\fR Implementation of name service switch library. .TP -- cgit From 0b0c74a3aaddfe0d1445d214fd8be1e6cb7af54e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 18:07:29 +0000 Subject: - Use entities in smbsh.1 - First update of commands in rpcclient.1 (This used to be commit 82664c099d5478bab1f6f6e032e09b539f06631f) --- docs/docbook/manpages/rpcclient.1.sgml | 96 +++++++++++++++++++++++++++++----- docs/docbook/manpages/smbsh.1.sgml | 4 +- 2 files changed, 85 insertions(+), 15 deletions(-) diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index 225bb064ff..3e81711d5d 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -99,7 +99,7 @@ LSARPC - lsaquery + lsaquery - Query info policy lookupsids - Resolve a list of SIDs to usernames. @@ -109,22 +109,90 @@ of usernames to SIDs. - enumtrusts + enumtrusts - Enumerate trusted domains + + enumprivs - Enumerate privileges + + getdispname - Get the privilege name + + lsaenumsid - Enumerate the LSA SIDS + + lsaenumprivsaccount - Enumerate the privileges of an SID + + lsaenumacctrights - Enumerate the rights of an SID + + lsaenumacctwithright - Enumerate accounts with a right + + lsaaddacctrights - Add rights to an account + + lsaremoveacctrights - Remove rights from an account + + lsalookupprivvalue - Get a privilege value given its name + + lsaquerysecobj - Query LSA security object + - + + + LSARPC-DS + + dsroledominfo - Get Primary Domain Information + + + + DFS + + dfsexist - Query DFS support + dfsadd - Add a DFS share + dfsremove - Remove a DFS share + dfsgetinfo - Query DFS share info + dfsenum - Enumerate dfs shares + + + + + REG + + shutdown - Remote Shutdown + abortshutdown - Abort Shutdown + + + + + SRVSVC + + srvinfo - Server query info + + netshareenum - Enumerate shares + + netfileenum - Enumerate open files + + netremotetod - Fetch remote time of day + + + + SAMR - queryuser - querygroup - queryusergroups - querygroupmem - queryaliasmem - querydispinfo - querydominfo - enumdomgroups + queryuser - Query user info + querygroup - Query group info + queryusergroups - Query user groups + querygroupmem - Query group membership + queryaliasmem - Query alias membership + querydispinfo - Query display info + querydominfo - Query domain info + enumdomusers - Enumerate domain users + enumdomgroups - Enumerate domain groups + enumalsgroups - Enumerate alias groups + createdomuser - Create domain user + samlookupnames - Look up names + samlookuprids - Look up names + deletedomuser - Delete domain user + samquerysecobj - Query SAMR security object + getdompwinfo - Retrieve domain password info @@ -189,7 +257,7 @@ Comma Separated list of Files enumjobs <printer> - List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() - function (* This command is currently unimplemented). + function @@ -218,11 +286,11 @@ Comma Separated list of Files - getdata <printername> + getdata <printername> <valuename;> - Retrieve the data for a given printer setting. See the enumdata command for more information. This command corresponds to the GetPrinterData() MS Platform - SDK function (* This command is currently unimplemented). + SDK function. diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml index 78b4f0ad16..f51b5eb34f 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -1,4 +1,6 @@ - + %globalentities; +]> -- cgit From accd7c75a0eda57a9a1b928ebcc10519612d73a1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 18:17:49 +0000 Subject: Fix formatting of rpcclient manpage (This used to be commit 13d79e38a6eaecbf6ce8369aaa5f2eeea7109667) --- docs/docbook/manpages/rpcclient.1.sgml | 262 ++++++++++++++++++--------------- 1 file changed, 140 insertions(+), 122 deletions(-) diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index 3e81711d5d..de4d8d72fc 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -58,7 +58,7 @@ resolved using the name resolve order line from smb.conf 5. - + @@ -97,110 +97,121 @@ COMMANDS - LSARPC - - lsaquery - Query info policy + + LSARPC + + + lsaqueryQuery info policy - lookupsids - Resolve a list + lookupsidsResolve a list of SIDs to usernames. - + - lookupnames - Resolve a list + lookupnamesResolve a list of usernames to SIDs. - + - enumtrusts - Enumerate trusted domains + enumtrustsEnumerate trusted domains - enumprivs - Enumerate privileges + enumprivsEnumerate privileges - getdispname - Get the privilege name + getdispnameGet the privilege name - lsaenumsid - Enumerate the LSA SIDS + lsaenumsidEnumerate the LSA SIDS - lsaenumprivsaccount - Enumerate the privileges of an SID + lsaenumprivsaccountEnumerate the privileges of an SID - lsaenumacctrights - Enumerate the rights of an SID + lsaenumacctrightsEnumerate the rights of an SID - lsaenumacctwithright - Enumerate accounts with a right + lsaenumacctwithrightEnumerate accounts with a right - lsaaddacctrights - Add rights to an account + lsaaddacctrightsAdd rights to an account - lsaremoveacctrights - Remove rights from an account + lsaremoveacctrightsRemove rights from an account - lsalookupprivvalue - Get a privilege value given its name + lsalookupprivvalueGet a privilege value given its name - lsaquerysecobj - Query LSA security object + lsaquerysecobjQuery LSA security object - + + - - - LSARPC-DS - - dsroledominfo - Get Primary Domain Information - + + LSARPC-DS + + + dsroledominfoGet Primary Domain Information + DFS - - dfsexist - Query DFS support - dfsadd - Add a DFS share - dfsremove - Remove a DFS share - dfsgetinfo - Query DFS share info - dfsenum - Enumerate dfs shares - + + dfsexistQuery DFS support + dfsaddAdd a DFS share + dfsremoveRemove a DFS share + dfsgetinfoQuery DFS share info + dfsenumEnumerate dfs shares + - + - REG - - shutdown - Remote Shutdown - abortshutdown - Abort Shutdown - + + REG + + shutdownRemote Shutdown + abortshutdownAbort Shutdown + - + - SRVSVC - - srvinfo - Server query info + + SRVSVC + + + srvinfoServer query info - netshareenum - Enumerate shares + netshareenumEnumerate shares - netfileenum - Enumerate open files + netfileenumEnumerate open files - netremotetod - Fetch remote time of day + netremotetodFetch remote time of day - + - + - SAMR - - queryuser - Query user info - querygroup - Query group info - queryusergroups - Query user groups - querygroupmem - Query group membership - queryaliasmem - Query alias membership - querydispinfo - Query display info - querydominfo - Query domain info - enumdomusers - Enumerate domain users - enumdomgroups - Enumerate domain groups - enumalsgroups - Enumerate alias groups - createdomuser - Create domain user - samlookupnames - Look up names - samlookuprids - Look up names - deletedomuser - Delete domain user - samquerysecobj - Query SAMR security object - getdompwinfo - Retrieve domain password info - - + + SAMR + + + queryuserQuery user info + querygroupQuery group info + queryusergroupsQuery user groups + querygroupmemQuery group membership + queryaliasmemQuery alias membership + querydispinfoQuery display info + querydominfoQuery domain info + enumdomusersEnumerate domain users + enumdomgroupsEnumerate domain groups + enumalsgroupsEnumerate alias groups + createdomuserCreate domain user + samlookupnamesLook up names + samlookupridsLook up names + deletedomuserDelete domain user + samquerysecobjQuery SAMR security object + getdompwinfoRetrieve domain password info + + + - SPOOLSS + + SPOOLSS - - adddriver <arch> <config> - - Execute an AddPrinterDriver() RPC to install the printer driver + + adddriver <arch> <config> + + Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should already exist in the directory returned by getdriverdir. Possible values for @@ -227,130 +238,137 @@ Comma Separated list of Files use of a bi-directional link for communication. This field should be "NULL". On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or - else the RPC will fail. + else the RPC will fail. - addprinter <printername> - <sharename> <drivername> <port> - - Add a printer on the remote server. This printer + addprinter <printername> + <sharename> <drivername> <port> + + Add a printer on the remote server. This printer will be automatically shared. Be aware that the printer driver must already be installed on the server (see adddriver) and the portmust be a valid port name (see enumports. - + - deldriver - Delete the + deldriverDelete the specified printer driver for all architectures. This does not delete the actual driver files from the server, only the entry from the server's list of drivers. - + - enumdata - Enumerate all + enumdataEnumerate all printer setting data stored on the server. On Windows NT clients, these values are stored in the registry, while Samba servers store them in the printers TDB. This command corresponds to the MS Platform SDK GetPrinterData() function (* This - command is currently unimplemented). + command is currently unimplemented). - enumjobs <printer> - - List the jobs and status of a given printer. + enumjobs <printer> + List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() - function + function - enumports [level] - - Executes an EnumPorts() call using the specified + enumports [level] + + Executes an EnumPorts() call using the specified info level. Currently only info levels 1 and 2 are supported. - + - enumdrivers [level] - - Execute an EnumPrinterDrivers() call. This lists the various installed + enumdrivers [level] + + Execute an EnumPrinterDrivers() call. This lists the various installed printer drivers for all architectures. Refer to the MS Platform SDK documentation for more details of the various flags and calling - options. Currently supported info levels are 1, 2, and 3. + options. Currently supported info levels are 1, 2, and 3. - enumprinters [level] - - Execute an EnumPrinters() call. This lists the various installed + enumprinters [level] + Execute an EnumPrinters() call. This lists the various installed and share printers. Refer to the MS Platform SDK documentation for more details of the various flags and calling options. Currently - supported info levels are 0, 1, and 2. + supported info levels are 0, 1, and 2. - getdata <printername> <valuename;> - - Retrieve the data for a given printer setting. See + getdata <printername> <valuename;> + Retrieve the data for a given printer setting. See the enumdata command for more information. This command corresponds to the GetPrinterData() MS Platform - SDK function. + SDK function. - getdriver <printername> - - Retrieve the printer driver information (such as driver file, + getdriver <printername> + + Retrieve the printer driver information (such as driver file, config file, dependent files, etc...) for the given printer. This command corresponds to the GetPrinterDriver() MS Platform SDK function. Currently info level 1, 2, and 3 are supported. - + - getdriverdir <arch> - - Execute a GetPrinterDriverDirectory() + getdriverdir <arch> + + Execute a GetPrinterDriverDirectory() RPC to retrieve the SMB share name and subdirectory for storing printer driver files for a given architecture. Possible values for arch are "Windows 4.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows - Alpha_AXP", and "Windows NT R4000". + Alpha_AXP", and "Windows NT R4000". - getprinter <printername> - - Retrieve the current printer information. This command + getprinter <printername> + Retrieve the current printer information. This command corresponds to the GetPrinter() MS Platform SDK function. - + - openprinter <printername> - - Execute an OpenPrinterEx() and ClosePrinter() RPC + openprinter <printername> + Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer. - setdriver <printername> - <drivername> - - Execute a SetPrinter() command to update the printer driver + setdriver <printername> + <drivername> + Execute a SetPrinter() command to update the printer driver associated with an installed printer. The printer driver must already be correctly installed on the print server. See also the enumprinters and enumdrivers commands for obtaining a list of - of installed printers and drivers. + of installed printers and drivers. - + + - GENERAL OPTIONS + + GENERAL COMMANDS - - debuglevel - Set the current - debug level used to log information. + + debuglevelSet the current + debug level used to log information. - help (?) - Print a listing of all + help (?)Print a listing of all known commands or extended help on a particular command. - + - quit (exit) - Exit rpcclient - . - - + quit (exit)Exit rpcclient + . + + -- cgit From 3cc17a25fd46abc2b080c9135534d851849e7120 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 18:29:34 +0000 Subject: Document remaining commands (This used to be commit 0428827ab1141bb3ce97afe78c0c62d4ce96fa18) --- docs/docbook/manpages/rpcclient.1.sgml | 47 ++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index de4d8d72fc..39a1e512c0 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -264,15 +264,14 @@ Comma Separated list of Files to the MS Platform SDK GetPrinterData() function (* This command is currently unimplemented). - + enumdataexEnumerate printer data for a key enumjobs <printer> List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() function - - + enumkeyEnumerate printer keys enumports [level] @@ -306,6 +305,7 @@ Comma Separated list of Files This command corresponds to the GetPrinterData() MS Platform SDK function. + getdataexGet printer driver data with keyname getdriver <printername> @@ -333,13 +333,12 @@ Comma Separated list of Files corresponds to the GetPrinter() MS Platform SDK function. - + getprintprocdirGet print processor directory openprinter <printername> Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer. - setdriver <printername> <drivername> Execute a SetPrinter() command to update the printer driver @@ -350,10 +349,48 @@ Comma Separated list of Files enumdrivers commands for obtaining a list of of installed printers and drivers. + addformAdd form + setformSet form + getformGet form + deleteformDelete form + enumformsEnumerate form + setprinterSet printer comment + setprinterdataSet REG_SZ printer data + rffpcnexRffpcnex test + + + + NETLOGON + + + + logonctrl2 + Logon Control 2 + + + logonctrl + Logon Control + + + samsync + Sam Synchronisation + + + samdeltas + Query Sam Deltas + + + samlogon + Sam Logon + + + + + GENERAL COMMANDS -- cgit From fdb11bb6551a014db6acc7335e6b35172f39f9cd Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 18:41:28 +0000 Subject: Update docs status. We have only 1 program left to document (wrepld), and 3 manpages to finished (net, smb.conf, ntlm_auth) (This used to be commit abfd78c7e37c6868585d1007bdf010b0eddae624) --- docs/docs-status | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs-status b/docs/docs-status index 8f7b80e5f8..2620aa849d 100644 --- a/docs/docs-status +++ b/docs/docs-status @@ -5,7 +5,6 @@ Manifest docs/announce - out of date (announces 2.2.0) - should it go away? docs/history - needs updating (is current up to 1998 - merge with 10year.html ?) docs/docbook/manpages/net.8.sgml - Still not finished -docs/docbook/manpages/rpcclient.1.sgml - Command documentation might be outdated docs/docbook/manpages/samba.7.sgml - Listing of samba programs is not complete docs/docbook/manpages/smb.conf.5.sgml - 'restrict anonymous' isn't documented properly docs/docbook/projdoc/Integrating-with-Windows.sgml - Should slowly go a way. Contains a little bit information about wins, a little bit about domain membership, a little about winbind, etc @@ -34,6 +33,7 @@ ldap passwd sync Not release-critical: docs/docbook/devdoc/* - most of these docs are outdated and need updates... docs/docbook/projdoc/Diagnosis.sgml - Needs extension +docs/docbook/manpages/rpcclient.1.sgml - Some commands could be documented more extensively Documentation for following smb.conf.5 parameters does not exist: acl compatibility // protocol -- cgit From 754d895cea006ac4f06676d5c03e71576759bf7a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 3 Apr 2003 18:54:40 +0000 Subject: Convert RoutedNetworks to SGML (This used to be commit c38bdb2aa0a96006094d1455b23183e97b2e7b2a) --- docs/docbook/projdoc/Other-Clients.sgml | 10 + docs/docs-status | 2 - docs/manpages/rpcclient.1 | 330 ++++++++++++++++++++++---------- docs/manpages/smbmnt.8 | 5 +- docs/manpages/smbmount.8 | 17 +- docs/manpages/smbsh.1 | 84 ++++++++ docs/manpages/smbspool.8 | 4 +- docs/manpages/smbtar.1 | 6 +- docs/manpages/testprns.1 | 2 +- docs/textdocs/RoutedNetworks.txt | 63 ------ 10 files changed, 345 insertions(+), 178 deletions(-) delete mode 100644 docs/textdocs/RoutedNetworks.txt diff --git a/docs/docbook/projdoc/Other-Clients.sgml b/docs/docbook/projdoc/Other-Clients.sgml index 6ba04b01d3..e4d7e34185 100644 --- a/docs/docbook/projdoc/Other-Clients.sgml +++ b/docs/docbook/projdoc/Other-Clients.sgml @@ -339,4 +339,14 @@ create accounts on the Samba host for Domain users. + +Windows NT 3.1 + +If you have problems communicating across routers with Windows +NT 3.1 workstations, read this Microsoft Knowledge Base article. + + + + + diff --git a/docs/docs-status b/docs/docs-status index 2620aa849d..7ccaa9b9b2 100644 --- a/docs/docs-status +++ b/docs/docs-status @@ -20,7 +20,6 @@ docs/docbook/projdoc/winbind.sgml - needs documentation for ADS docs/textdocs/CUPS-PrintingInfo.txt - needs to be converted to sgml - Kurt Pfeifle docs/textdocs/PROFILES.txt - needs to be converted to sgml docs/textdocs/README.jis - Seems to need updating - possibly obsoleted by a newer japanese howto? -docs/textdocs/RoutedNetworks.txt - still valid, but shouldn't this go into Other_clients.sgml ? This text originally comes from microsoft, what about copyright? docs/docbook/manpages/ntlm_auth.1.sgml - Is very basic at the moment, parameters need better descriptions - abartlet Stuff that needs to be documented: @@ -43,7 +42,6 @@ profile acls // protocol client lanman auth // security client NTLMv2 auth // security idmap backend // security -sam backend // security kernel change notify // tuning lpq cache time // tuning -valid // misc diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index 76e606240f..8f880afcd3 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -172,56 +172,146 @@ options. \fB-h|--help\fR Print a summary of command line options. .SH "COMMANDS" -.PP -\fBLSARPC\fR -.TP 0.2i -\(bu +.SS "LSARPC" +.TP \fBlsaquery\fR -.TP 0.2i -\(bu -\fBlookupsids\fR - Resolve a list +Query info policy +.TP +\fBlookupsids\fR +Resolve a list of SIDs to usernames. -.TP 0.2i -\(bu -\fBlookupnames\fR - Resolve a list +.TP +\fBlookupnames\fR +Resolve a list of usernames to SIDs. -.TP 0.2i -\(bu +.TP \fBenumtrusts\fR +Enumerate trusted domains +.TP +\fBenumprivs\fR +Enumerate privileges +.TP +\fBgetdispname\fR +Get the privilege name +.TP +\fBlsaenumsid\fR +Enumerate the LSA SIDS +.TP +\fBlsaenumprivsaccount\fR +Enumerate the privileges of an SID +.TP +\fBlsaenumacctrights\fR +Enumerate the rights of an SID +.TP +\fBlsaenumacctwithright\fR +Enumerate accounts with a right +.TP +\fBlsaaddacctrights\fR +Add rights to an account +.TP +\fBlsaremoveacctrights\fR +Remove rights from an account +.TP +\fBlsalookupprivvalue\fR +Get a privilege value given its name +.TP +\fBlsaquerysecobj\fR +Query LSA security object +.SS "LSARPC-DS" +.TP +\fBdsroledominfo\fR +Get Primary Domain Information .PP .PP -\fBSAMR\fR -.TP 0.2i -\(bu +\fBDFS\fR +.TP +\fBdfsexist\fR +Query DFS support +.TP +\fBdfsadd\fR +Add a DFS share +.TP +\fBdfsremove\fR +Remove a DFS share +.TP +\fBdfsgetinfo\fR +Query DFS share info +.TP +\fBdfsenum\fR +Enumerate dfs shares +.SS "REG" +.TP +\fBshutdown\fR +Remote Shutdown +.TP +\fBabortshutdown\fR +Abort Shutdown +.SS "SRVSVC" +.TP +\fBsrvinfo\fR +Server query info +.TP +\fBnetshareenum\fR +Enumerate shares +.TP +\fBnetfileenum\fR +Enumerate open files +.TP +\fBnetremotetod\fR +Fetch remote time of day +.SS "SAMR" +.TP \fBqueryuser\fR -.TP 0.2i -\(bu +Query user info +.TP \fBquerygroup\fR -.TP 0.2i -\(bu +Query group info +.TP \fBqueryusergroups\fR -.TP 0.2i -\(bu +Query user groups +.TP \fBquerygroupmem\fR -.TP 0.2i -\(bu +Query group membership +.TP \fBqueryaliasmem\fR -.TP 0.2i -\(bu +Query alias membership +.TP \fBquerydispinfo\fR -.TP 0.2i -\(bu +Query display info +.TP \fBquerydominfo\fR -.TP 0.2i -\(bu +Query domain info +.TP +\fBenumdomusers\fR +Enumerate domain users +.TP \fBenumdomgroups\fR -.PP -.PP -\fBSPOOLSS\fR -.TP 0.2i -\(bu -\fBadddriver \fR -- Execute an AddPrinterDriver() RPC to install the printer driver +Enumerate domain groups +.TP +\fBenumalsgroups\fR +Enumerate alias groups +.TP +\fBcreatedomuser\fR +Create domain user +.TP +\fBsamlookupnames\fR +Look up names +.TP +\fBsamlookuprids\fR +Look up names +.TP +\fBdeletedomuser\fR +Delete domain user +.TP +\fBsamquerysecobj\fR +Query SAMR security object +.TP +\fBgetdompwinfo\fR +Retrieve domain password info +.SS "SPOOLSS" +.TP +\fBadddriver \fR +Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should already exist in the directory returned by \fBgetdriverdir\fR. Possible values for @@ -250,111 +340,149 @@ use of a bi-directional link for communication. This field should be "NULL". On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or else the RPC will fail. -.TP 0.2i -\(bu -\fBaddprinter - \fR -- Add a printer on the remote server. This printer +.TP +\fBaddprinter \fR +Add a printer on the remote server. This printer will be automatically shared. Be aware that the printer driver must already be installed on the server (see \fBadddriver\fR) and the \fIport\fRmust be a valid port name (see \fBenumports\fR. -.TP 0.2i -\(bu -\fBdeldriver\fR - Delete the +.TP +\fBdeldriver\fR +Delete the specified printer driver for all architectures. This does not delete the actual driver files from the server, only the entry from the server's list of drivers. -.TP 0.2i -\(bu -\fBenumdata\fR - Enumerate all +.TP +\fBenumdata\fR +Enumerate all printer setting data stored on the server. On Windows NT clients, these values are stored in the registry, while Samba servers store them in the printers TDB. This command corresponds to the MS Platform SDK GetPrinterData() function (* This command is currently unimplemented). -.TP 0.2i -\(bu -\fBenumjobs \fR -- List the jobs and status of a given printer. +.TP +\fBenumdataex\fR +Enumerate printer data for a key +.TP +\fBenumjobs \fR +List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() -function (* This command is currently unimplemented). -.TP 0.2i -\(bu -\fBenumports [level]\fR -- Executes an EnumPorts() call using the specified +function +.TP +\fBenumkey\fR +Enumerate printer keys +.TP +\fBenumports [level]\fR +Executes an EnumPorts() call using the specified info level. Currently only info levels 1 and 2 are supported. -.TP 0.2i -\(bu -\fBenumdrivers [level]\fR -- Execute an EnumPrinterDrivers() call. This lists the various installed +.TP +\fBenumdrivers [level]\fR +Execute an EnumPrinterDrivers() call. This lists the various installed printer drivers for all architectures. Refer to the MS Platform SDK documentation for more details of the various flags and calling options. Currently supported info levels are 1, 2, and 3. -.TP 0.2i -\(bu -\fBenumprinters [level]\fR -- Execute an EnumPrinters() call. This lists the various installed +.TP +\fBenumprinters [level]\fR +Execute an EnumPrinters() call. This lists the various installed and share printers. Refer to the MS Platform SDK documentation for more details of the various flags and calling options. Currently supported info levels are 0, 1, and 2. -.TP 0.2i -\(bu -\fBgetdata \fR -- Retrieve the data for a given printer setting. See +.TP +\fBgetdata \fR +Retrieve the data for a given printer setting. See the \fBenumdata\fR command for more information. This command corresponds to the GetPrinterData() MS Platform -SDK function (* This command is currently unimplemented). -.TP 0.2i -\(bu -\fBgetdriver \fR -- Retrieve the printer driver information (such as driver file, +SDK function. +.TP +\fBgetdataex\fR +Get printer driver data with keyname +.TP +\fBgetdriver \fR +Retrieve the printer driver information (such as driver file, config file, dependent files, etc...) for the given printer. This command corresponds to the GetPrinterDriver() MS Platform SDK function. Currently info level 1, 2, and 3 are supported. -.TP 0.2i -\(bu -\fBgetdriverdir \fR -- Execute a GetPrinterDriverDirectory() +.TP +\fBgetdriverdir \fR +Execute a GetPrinterDriverDirectory() RPC to retrieve the SMB share name and subdirectory for storing printer driver files for a given architecture. Possible values for \fIarch\fR are "Windows 4.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows Alpha_AXP", and "Windows NT R4000". -.TP 0.2i -\(bu -\fBgetprinter \fR -- Retrieve the current printer information. This command +.TP +\fBgetprinter \fR +Retrieve the current printer information. This command corresponds to the GetPrinter() MS Platform SDK function. -.TP 0.2i -\(bu -\fBopenprinter \fR -- Execute an OpenPrinterEx() and ClosePrinter() RPC +.TP +\fBgetprintprocdir\fR +Get print processor directory +.TP +\fBopenprinter \fR +Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer. -.TP 0.2i -\(bu -\fBsetdriver -\fR -- Execute a SetPrinter() command to update the printer driver +.TP +\fBsetdriver \fR +Execute a SetPrinter() command to update the printer driver associated with an installed printer. The printer driver must already be correctly installed on the print server. See also the \fBenumprinters\fR and \fBenumdrivers\fR commands for obtaining a list of of installed printers and drivers. -.PP -\fBGENERAL OPTIONS\fR -.TP 0.2i -\(bu -\fBdebuglevel\fR - Set the current +.TP +\fBaddform\fR +Add form +.TP +\fBsetform\fR +Set form +.TP +\fBgetform\fR +Get form +.TP +\fBdeleteform\fR +Delete form +.TP +\fBenumforms\fR +Enumerate form +.TP +\fBsetprinter\fR +Set printer comment +.TP +\fBsetprinterdata\fR +Set REG_SZ printer data +.TP +\fBrffpcnex\fR +Rffpcnex test +.SS "NETLOGON" +.TP +\fBlogonctrl2\fR +Logon Control 2 +.TP +\fBlogonctrl\fR +Logon Control +.TP +\fBsamsync\fR +Sam Synchronisation +.TP +\fBsamdeltas\fR +Query Sam Deltas +.TP +\fBsamlogon\fR +Sam Logon +.SS "GENERAL COMMANDS" +.TP +\fBdebuglevel\fR +Set the current debug level used to log information. -.TP 0.2i -\(bu -\fBhelp (?)\fR - Print a listing of all +.TP +\fBhelp (?)\fR +Print a listing of all known commands or extended help on a particular command. -.TP 0.2i -\(bu -\fBquit (exit)\fR - Exit \fBrpcclient +.TP +\fBquit (exit)\fR +Exit \fBrpcclient \fR. .SH "BUGS" .PP diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8 index c17d15261a..5c9a662863 100644 --- a/docs/manpages/smbmnt.8 +++ b/docs/manpages/smbmnt.8 @@ -9,7 +9,7 @@ smbmnt \- helper utility for mounting SMB filesystems .SH SYNOPSIS -\fBsmbmnt\fR \fBmount-point\fR [ \fB-s \fR ] [ \fB-r\fR ] [ \fB-u \fR ] [ \fB-g \fR ] [ \fB-f \fR ] [ \fB-d \fR ] [ \fB-o \fR ] +\fBsmbmnt\fR \fBmount-point\fR [ \fB-s \fR ] [ \fB-r\fR ] [ \fB-u \fR ] [ \fB-g \fR ] [ \fB-f \fR ] [ \fB-d \fR ] [ \fB-o \fR ] [ \fB-h\fR ] .SH "DESCRIPTION" .PP @@ -49,6 +49,9 @@ applied \fB-o options\fR list of options that are passed as-is to smbfs, if this command is run on a 2.4 or higher Linux kernel. +.TP +\fB-h|--help\fR +Print a summary of command line options. .SH "AUTHOR" .PP Volker Lendecke, Andrew Tridgell, Michael H. Warfield diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index 344fc5e0cd..207ec836d6 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -70,6 +70,9 @@ This is preferred over having passwords in plaintext in a shared file, such as \fI/etc/fstab\fR. Be sure to protect any credentials file properly. .TP +\fBkrb\fR +Use kerberos (Active Directory). +.TP \fBnetbiosname=\fR sets the source NetBIOS name. It defaults to the local hostname. @@ -95,30 +98,30 @@ permissions that remote files have in the local filesystem. The default is based on the current umask. .TP \fBdmask=\fR -sets the directory mask. This determines the +Sets the directory mask. This determines the permissions that remote directories have in the local filesystem. The default is based on the current umask. .TP \fBdebug=\fR -sets the debug level. This is useful for +Sets the debug level. This is useful for tracking down SMB connection problems. A suggested value to start with is 4. If set too high there will be a lot of output, possibly hiding the useful output. .TP \fBip=\fR -sets the destination host or IP address. +Sets the destination host or IP address. .TP \fBworkgroup=\fR -sets the workgroup on the destination +Sets the workgroup on the destination .TP \fBsockopt=\fR -sets the TCP socket options. See the \fBsmb.conf\fR(5) \fIsocket options\fR option. +Sets the TCP socket options. See the \fBsmb.conf\fR(5) \fIsocket options\fR option. .TP \fBscope=\fR -sets the NetBIOS scope +Sets the NetBIOS scope .TP \fBguest\fR -don't prompt for a password +Don't prompt for a password .TP \fBro\fR mount read-only diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index d2770d410a..f7ee47949b 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -39,6 +39,90 @@ the user to set the directory prefix for SMB access. The default value if this option is not specified is \fBsmb\fR. .TP +\fB-s \fR +The file specified contains the +configuration details required by the server. The +information in this file includes server-specific +information such as what printcap file to use, as well +as descriptions of all the services that the server is +to provide. See \fIsmb.conf(5)\fR for more information. +The default configuration file name is determined at +compile time. +.TP +\fB-d|--debug=debuglevel\fR +\fIdebuglevel\fR is an integer +from 0 to 10. The default value if this parameter is +not specified is zero. + +The higher this value, the more detail will be +logged to the log files about the activities of the +server. At level 0, only critical errors and serious +warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of +information about operations carried out. + +Levels above 1 will generate considerable +amounts of log data, and should only be used when +investigating a problem. Levels above 3 are designed for +use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. + +Note that specifying this parameter here will +override the log +level file. +.TP +\fB-R \fR +This option is used to determine what naming +services and in what order to resolve +host names to IP addresses. The option takes a space-separated +string of different name resolution options. + +The options are: "lmhosts", "host", "wins" and "bcast". +They cause names to be resolved as follows : +.RS +.TP 0.2i +\(bu +lmhosts: +Lookup an IP address in the Samba lmhosts file. If the +line in lmhosts has no name type attached to the +NetBIOS name +(see the \fBlmhosts\fR(5) for details) +then any name type matches for lookup. +.TP 0.2i +\(bu +host: +Do a standard host name to IP address resolution, using +the system \fI/etc/hosts\fR, NIS, or DNS +lookups. This method of name resolution is operating +system dependent, for instance on IRIX or Solaris this +may be controlled by the \fI/etc/nsswitch.conf\fR file). Note that this method is only used +if the NetBIOS name type being queried is the 0x20 +(server) name type, otherwise it is ignored. +.TP 0.2i +\(bu +wins: +Query a name with the IP address listed in the +\fIwins server\fR parameter. If no +WINS server has been specified this method will be +ignored. +.TP 0.2i +\(bu +bcast: +Do a broadcast on each of the known local interfaces +listed in the \fIinterfaces\fR +parameter. This is the least reliable of the name +resolution methods as it depends on the target host +being on a locally connected subnet. +.RE + +If this parameter is not set then the name resolve order +defined in the \fBsmb.conf\fR(5) file parameter +(\fIname resolve order\fR) will be used. + +The default order is lmhosts, host, wins, bcast. Without +this parameter or any entry in the \fIname resolve order\fR parameter of the \fBsmb.conf\fR(5) file, the name resolution methods +will be attempted in this order. +.TP \fB-L libdir\fR This parameter specifies the location of the shared libraries used by \fBsmbsh\fR. The default diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8 index 7ee3a465b3..8cfa1b2671 100644 --- a/docs/manpages/smbspool.8 +++ b/docs/manpages/smbspool.8 @@ -9,7 +9,7 @@ smbspool \- send a print file to an SMB printer .SH SYNOPSIS -\fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ] +\fBsmbspool\fR \fBjob\fR \fBuser\fR \fBtitle\fR \fBcopies\fR \fBoptions\fR [ \fBfilename\fR ] .SH "DESCRIPTION" .PP @@ -78,7 +78,7 @@ name of the file to print. If this argument is not specified then the print file is read from the standard input. .SH "VERSION" .PP -This man page is correct for version 2.2 of the Samba suite. +This man page is correct for version 3.0 of the Samba suite. .SH "SEE ALSO" .PP \fBsmbd\fR(8) and \fBSamba\fR(7). diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index bef59c21ac..e15af72b65 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -9,7 +9,7 @@ smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives .SH SYNOPSIS -\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR +\fBsmbtar\fR [ \fB-r\fR ] [ \fB-i\fR ] [ \fB-a\fR ] [ \fB-v\fR ] \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-N filename\fR ] [ \fB-b blocksize\fR ] [ \fB-d directory\fR ] [ \fB-l loglevel\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] \fBfilenames\fR .SH "DESCRIPTION" .PP @@ -46,6 +46,10 @@ Default: none The user id to connect as. Default: UNIX login name. .TP +\fB-a\fR +Reset DOS archive bit mode to +indicate file has been archived. +.TP \fB-t tape\fR Tape device. May be regular file or tape device. Default: \fI$TAPE\fR environmental diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1 index 49ec423986..5779d71b19 100644 --- a/docs/manpages/testprns.1 +++ b/docs/manpages/testprns.1 @@ -69,7 +69,7 @@ for errors and warnings. Other messages are self-explanatory. .SH "VERSION" .PP -This man page is correct for version 2.2 of +This man page is correct for version 3.0 of the Samba suite. .SH "SEE ALSO" .PP diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt deleted file mode 100644 index fb55f9f9bf..0000000000 --- a/docs/textdocs/RoutedNetworks.txt +++ /dev/null @@ -1,63 +0,0 @@ -#NOFNR Flag in LMHosts to Communicate Across Routers - - Last reviewed: May 5, 1997 - Article ID: Q103765 - The information in this article applies to: - - Microsoft Windows NT operating system version 3.1 - Microsoft Windows NT Advanced Server version 3.1 - - SUMMARY - - Some of the LAN Manager for UNIX and Pathworks servers may have -problems in communicating across routers with - Windows NT workstations. The use of #NOFNR flag in the LMHosts -file solves the problem. - - MORE INFORMATION - - When you are communicating with a server across a router in a IP -routed environment, the LMHosts file is used to - resolve Workstation name-to-IP address mapping. The LMHosts -entry for a remote machine name provides the IP - address for the remote machine. In Lan Manager 2.x, providing -the LMHosts entry eliminates the need to do a Name - Query broadcast to the local domain and instead a TCP session is -established with the remote machine. Windows NT - performs the same function in a different way. - - When an LMHosts entry exists for a remote server, Windows NT -will not send a Name Query broadcast to the local - subnet and instead send a directed Name Query to the remote -server. If the remote server does not respond to the Name - Query, further communications (TCP SYN, and so on) will not take -place. This was done to eliminate the performance - issues when trying to connect to a remote machine when it was -not available (down). - - Some of the older LAN Manager for UNIX and DEC Pathworks servers -do not respond to directed Name Queries sent - by Windows NT. In that case, the users will see an error 53 -(Path not found), even though they have specified the - LMHosts entries correctly. A new LMHosts flag #NOFNR was added -to solve this problem. By specifying the - #NOFNR flag on the same line where the name resolution -information for the server is provided, the directed Name - Query can be avoided. For example: - - 130.20.1.1 mylmxserver #PRE #NOFNR - - - Note that this will only apply to mylmxserver and not to any -other entries in the LMHosts file. To set - a global flag, an entry could be added in the registry. To -completely remove any directed Name - Queries sent from a Windows NT machine, create the following -value in - -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nbt\Parameters: - - NoDirectedFNR REG_DWORD 1 - - - This will cause the directed Name Queries to not go out for any -- cgit From c98b4b9958e6847d97396c3d3259015e1929f6b9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 4 Apr 2003 00:00:47 +0000 Subject: Abort configure if --with-ads and --without-ldap. (This used to be commit 3ac60d2ceb1495a5ee691810678d29dea2667a7a) --- source3/configure.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/configure.in b/source3/configure.in index 5d880caef3..87626db666 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2288,6 +2288,11 @@ LIBS="" LDAP_LIBS="$LIBS"; LIBS="$ac_save_LIBS"; +else + # Can't have ADS support without LDAP + if test x"$with_ads_support" = x"yes"; then + AC_MSG_ERROR(Active directory support requires LDAP) + fi fi if test x"$with_ads_support" = x"yes"; then -- cgit From e9681cf3b2c1be7afcd78fe1dccdf4b21fac5ebd Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 4 Apr 2003 00:14:02 +0000 Subject: better method of locating autoconf and autoheader; patch by Willi Mann (This used to be commit 4475d471796e505c4b56814615edf58536b1b7cb) --- source3/autogen.sh | 56 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/source3/autogen.sh b/source3/autogen.sh index a2228a6fd9..869f1d2f5e 100755 --- a/source3/autogen.sh +++ b/source3/autogen.sh @@ -2,30 +2,53 @@ # Run this script to build samba from CVS. -## first try the default names -AUTOHEADER="autoheader" -AUTOCONF="autoconf" - -if which $AUTOCONF > /dev/null -then - : -else - echo "$0: need autoconf 2.53 or later to build samba from CVS" >&2 - exit 1 -fi +## insert all possible names (only works with +## autoconf 2.x +TESTAUTOHEADER="autoheader autoheader-2.53" +TESTAUTOCONF="autoconf autoconf-2.53" + +AUTOHEADERFOUND="0" +AUTOCONFFOUND="0" + +## +## Look for autoheader ## -## what version do we need? +for i in $TESTAUTOHEADER; do + if which $i >& /dev/null; then + if [ `$i --version | head -1 | cut -d. -f 2` -ge 53 ]; then + AUTOHEADER=$i + AUTOHEADERFOUND="1" + break + fi + fi +done + +## +## Look for autoconf ## -if [ `$AUTOCONF --version | head -1 | cut -d. -f 2` -lt 53 ]; then - ## maybe it's installed under a different name (e.g. RedHat 7.3) +for i in $TESTAUTOCONF; do + if which $i >& /dev/null; then + if [ `$i --version | head -1 | cut -d. -f 2` -ge 53 ]; then + AUTOCONF=$i + AUTOCONFFOUND="1" + break + fi + fi +done - AUTOCONF="autoconf-2.53" - AUTOHEADER="autoheader-2.53" +## +## do we have it? +## +if [ "$AUTOCONFFOUND" == "0" -o "$AUTOHEADERFOUND" == "0" ]; then + echo "$0: need autoconf 2.53 or later to build samba from CVS" >&2 + exit 1 fi + + echo "$0: running $AUTOHEADER" $AUTOHEADER || exit 1 @@ -34,3 +57,4 @@ $AUTOCONF || exit 1 echo "Now run ./configure and then make." exit 0 + -- cgit From 4af8e4a6a37e366194a111f5568540a6c9b7f1a7 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 4 Apr 2003 00:28:38 +0000 Subject: Fixed compiler warning. (This used to be commit 9c706be7b4417a1dc36866c3bad7a156f30b8af6) --- source3/sam/idmap_tdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c index 72c602664c..ec365b603d 100644 --- a/source3/sam/idmap_tdb.c +++ b/source3/sam/idmap_tdb.c @@ -264,7 +264,7 @@ static NTSTATUS db_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) } /* Get an id from a sid */ -static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid) +static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) { TDB_DATA data, key; fstring keystr; -- cgit From 118712249fe85523bcaed6803484e21ee56c53e3 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 4 Apr 2003 00:30:50 +0000 Subject: Removed unused variables. (This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf) --- source3/nsswitch/winbindd_cache.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 5fb59e7467..5eabcfca20 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -392,7 +392,6 @@ static void centry_put_string(struct cache_entry *centry, const char *s) static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) { - int len; fstring sid_string; centry_put_string(centry, sid_to_string(sid_string, sid)); } @@ -446,7 +445,6 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain, enum SID_NAME_USE type) { struct cache_entry *centry; - uint32 len; fstring uname; fstring sid_string; -- cgit From 41ef3e1c2d0aee53109c5efb41b39344885cd7a4 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 4 Apr 2003 00:36:11 +0000 Subject: Updated warning messages for when configure.in is updated. (This used to be commit 516e6c2e00d17d73bcfacb8dd4eadfb831fef22a) --- source3/Makefile.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 9b2cffe86c..5143c6fc11 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1321,10 +1321,10 @@ finddead: # when configure.in is updated, reconfigure $(srcdir)/configure: $(srcdir)/configure.in - @echo "WARNING: you need to rerun autoconf" + @echo "WARNING: you need to rerun ./autogen.sh" config.status: $(srcdir)/configure - @echo "WARNING: you need to run configure" + @echo "WARNING: you need to run ./configure" Makefile: $(srcdir)/Makefile.in config.status @echo "WARNING: you need to run ./config.status" -- cgit From e23cfba7f946d33cd9391e84ac8f6447e36335d0 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 4 Apr 2003 00:41:07 +0000 Subject: Fix compiler warning - cli_lsa_query_info_policy actually returns the domain name. We were passing in an already initialised string which was causing the warning. (This used to be commit 18685d137e2db6e4e93c655f1c4a97116a36c02c) --- source3/utils/net_rpc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 922fc027e6..69cf28f995 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -1880,7 +1880,7 @@ static int rpc_trustdom_list(int argc, const char **argv) int num_domains, i, pad_len, col_len = 20; DOM_SID *domain_sids; char **trusted_dom_names; - fstring pdc_name; + fstring pdc_name, dummy; /* trusting domains listing variables */ POLICY_HND domain_hnd; @@ -1927,8 +1927,10 @@ static int rpc_trustdom_list(int argc, const char **argv) }; /* query info level 5 to obtain sid of a domain being queried */ - nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd, - 5 /* info level */, domain_name, &queried_dom_sid); + nt_status = cli_lsa_query_info_policy( + cli, mem_ctx, &connect_hnd, 5 /* info level */, + dummy, &queried_dom_sid); + if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", nt_errstr(nt_status))); -- cgit From 0bcc0c343f9ca1616026fb3ee7dae8bd9615ccf9 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 4 Apr 2003 00:52:42 +0000 Subject: SAMR lookupdomain rpc client patches from amber palekar (This used to be commit 67bc6bccc22e22e2a6e5cae7c57a1b2b53f49dfd) --- source3/rpc_client/cli_samr.c | 46 +++++++++++++++++++++++++++++++++++++++++++ source3/rpcclient/cmd_samr.c | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index c451ee2e42..9d0b48796c 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -1464,3 +1464,49 @@ NTSTATUS cli_samr_get_dom_pwinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } + +/* Lookup Domain Name */ + +NTSTATUS cli_samr_lookup_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *user_pol, char *domain_name, + DOM_SID *sid) +{ + prs_struct qbuf, rbuf; + SAMR_Q_LOOKUP_DOMAIN q; + SAMR_R_LOOKUP_DOMAIN r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_samr_q_lookup_domain(&q, user_pol, domain_name); + + if (!samr_io_q_lookup_domain("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SAMR_LOOKUP_DOMAIN, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!samr_io_r_lookup_domain("", &r, &rbuf, 0)) + goto done; + + /* Return output parameters */ + + result = r.status; + + if (NT_STATUS_IS_OK(result)) + sid_copy(sid, &r.dom_sid.sid); + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 866381456b..e2232f0da7 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1487,6 +1487,49 @@ static NTSTATUS cmd_samr_get_dom_pwinfo(struct cli_state *cli, return result; } +/* Look up domain name */ + +static NTSTATUS cmd_samr_lookup_domain(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + POLICY_HND connect_pol, domain_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + fstring domain_name,sid_string; + DOM_SID sid; + + if (argc != 2) { + printf("Usage: %s domain_name\n", argv[0]); + return NT_STATUS_OK; + } + + sscanf(argv[1], "%s", domain_name); + + result = try_samr_connects(cli, mem_ctx, access_mask, &connect_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + access_mask, &domain_sid, &domain_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_samr_lookup_domain( + cli, mem_ctx, &connect_pol, domain_name, &sid); + + sid_to_string(sid_string,&sid); + + if (NT_STATUS_IS_OK(result)) + printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n", + domain_name,sid_string); + +done: + return result; +} + /* List of commands exported by this module */ @@ -1513,5 +1556,6 @@ struct cmd_set samr_commands[] = { { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, PI_SAMR, "Query SAMR security object", "" }, { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, "Retrieve domain password info", "" }, + { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, "Lookup Domain Name", "" }, { NULL } }; -- cgit From b1b9adebb07f43988f467406a3de43cac2ab5d41 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Apr 2003 01:02:50 +0000 Subject: Fix the new storage code to correctly convert from system queue info to pjob info. Ensure we retrieve more than one job from the storage code. Jeremy. (This used to be commit 5dc3150ff3fc05e71faad76e83079c60f62bac4f) --- source3/printing/printing.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 06941c67dd..79cab3d9fa 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -713,9 +713,20 @@ static int traverse_fn_delete(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void pjob_delete(ts->snum, jobid); } else ts->total_jobs++; + return 0; } - else - ts->total_jobs++; + + /* Save the pjob attributes we will store. */ + ts->queue[i].job = jobid; + ts->queue[i].size = pjob.size; + ts->queue[i].page_count = pjob.page_count; + ts->queue[i].status = pjob.status; + ts->queue[i].priority = 1; + ts->queue[i].time = pjob.starttime; + fstrcpy(ts->queue[i].fs_user, pjob.user); + fstrcpy(ts->queue[i].fs_file, pjob.jobname); + + ts->total_jobs++; return 0; } @@ -2088,6 +2099,7 @@ static BOOL get_stored_queue_info(struct tdb_print_db *pdb, int snum, int *pcoun uint32 qcount = 0; uint32 extra_count = 0; int total_count = 0; + size_t len = 0; uint32 i; int max_reported_jobs = lp_max_reported_jobs(snum); BOOL ret = False; @@ -2130,8 +2142,8 @@ static BOOL get_stored_queue_info(struct tdb_print_db *pdb, int snum, int *pcoun goto out; /* Retrieve the linearised queue data. */ + len = 0; for( i = 0; i < qcount; i++) { - size_t len = 0; uint32 qjob, qsize, qpage_count, qstatus, qpriority, qtime; len += tdb_unpack(data.dptr + 4 + len, data.dsize - len, NULL, "ddddddff", &qjob, -- cgit From 31c8c7156fa880c71c7199af58e9e0ba6fbed24d Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Fri, 4 Apr 2003 03:07:07 +0000 Subject: Test harness that exercises check_dos_char() (This used to be commit 346c763fd1f5d7ef51ca3f748a276d9982275bfe) --- source3/torture/t_doschar.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 source3/torture/t_doschar.c diff --git a/source3/torture/t_doschar.c b/source3/torture/t_doschar.c new file mode 100644 index 0000000000..41698350d6 --- /dev/null +++ b/source3/torture/t_doschar.c @@ -0,0 +1,42 @@ +/* + Samba - Unix SMB/CIFS implementation + Test harness for check_dos_char + Copyright (C) Martin Pool 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + + +/* + * Just print out DOS validity or not for every character. + * + * DOS validity for a Unicode character set means that it can be + * represented in DOS codepage, and that the DOS character maps back + * to the same Unicode character. + * + * This depends on which DOS codepage is configured. + */ + int main(void) +{ + smb_ucs2_t i; + + for (i = 0; i < 0xffff; i++) { + printf("%d %d\n", (int) i, (int) check_dos_char(i)); + } + + return 0; +} -- cgit From 0ac3eeaff5debaeeeb2d0332bb9acb69057cfd55 Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Fri, 4 Apr 2003 03:09:42 +0000 Subject: t_doschar: Test harness that exercises check_dos_char() (This used to be commit 54f4df0301f21c91218abf6f17cae097e755fd7f) --- source3/Makefile.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/Makefile.in b/source3/Makefile.in index 5143c6fc11..fa94c582e0 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1090,6 +1090,9 @@ bin/t_strcmp@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_strcmp.o bin/t_stringoverflow@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_stringoverflow.o $(CC) $(FLAGS) -o $@ torture/t_stringoverflow.o -L./bin -lbigballofmud +bin/t_doschar@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_doschar.o + $(CC) $(FLAGS) -o $@ $(LIBS) torture/t_doschar.o -L ./bin -lbigballofmud + install: installbin installman installscripts installdat installswat installmodules installclientlib # DESTDIR is used here to prevent packagers wasting their time -- cgit From 03ccc4ac13651b369a83d003ee4ee50225f74e32 Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Fri, 4 Apr 2003 03:14:48 +0000 Subject: Merge from Subversion: Add example of a test that fails. (This used to be commit 1b1bb8ac37464339a7bffc84eb6d96ee1ae7d33d) --- source3/stf/example.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source3/stf/example.py b/source3/stf/example.py index 1f121fd9af..96e34bf3d3 100755 --- a/source3/stf/example.py +++ b/source3/stf/example.py @@ -26,8 +26,13 @@ class OnePlusOne(comfychair.TestCase): def runtest(self): self.assert_(1 + 1 == 2) +class FailTest(comfychair.TestCase): + def runtest(self): + self.assert_(1 + 1 == 3) + tests = [OnePlusOne] +extra_tests = [FailTest] if __name__ == '__main__': - comfychair.main(tests) + comfychair.main(tests, extra_tests=extra_tests) -- cgit From 94e5719dac45baffc5f5dad6e045ac99999c76e9 Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Fri, 4 Apr 2003 03:16:27 +0000 Subject: Merge from Subversion r50. (This used to be commit 480487355929ec5ec066b33630c06c3a30bcca49) --- source3/stf/comfychair.py | 248 +++++++++++++++++++++++++++++++++------------- 1 file changed, 180 insertions(+), 68 deletions(-) diff --git a/source3/stf/comfychair.py b/source3/stf/comfychair.py index 8ff7726955..522f9bedeb 100644 --- a/source3/stf/comfychair.py +++ b/source3/stf/comfychair.py @@ -31,14 +31,9 @@ For more information, see the file README.comfychair. To run a test suite based on ComfyChair, just run it as a program. """ -# TODO: Put everything into a temporary directory? - -# TODO: Have a means for tests to customize the display of their -# failure messages. In particular, if a shell command failed, then -# give its stderr. - import sys, re + class TestCase: """A base class for tests. This class defines required functions which can optionally be overridden by subclasses. It also provides some @@ -47,6 +42,43 @@ class TestCase: def __init__(self): self.test_log = "" self.background_pids = [] + self._cleanups = [] + self._enter_rundir() + self._save_environment() + self.add_cleanup(self.teardown) + + + # -------------------------------------------------- + # Save and restore directory + def _enter_rundir(self): + import os + self.basedir = os.getcwd() + self.add_cleanup(self._restore_directory) + self.rundir = os.path.join(self.basedir, + 'testtmp', + self.__class__.__name__) + self.tmpdir = os.path.join(self.rundir, 'tmp') + os.system("rm -fr %s" % self.rundir) + os.makedirs(self.tmpdir) + os.system("mkdir -p %s" % self.rundir) + os.chdir(self.rundir) + + def _restore_directory(self): + import os + os.chdir(self.basedir) + + # -------------------------------------------------- + # Save and restore environment + def _save_environment(self): + import os + self._saved_environ = os.environ.copy() + self.add_cleanup(self._restore_environment) + + def _restore_environment(self): + import os + os.environ.clear() + os.environ.update(self._saved_environ) + def setup(self): """Set up test fixture.""" @@ -60,6 +92,12 @@ class TestCase: """Run the test.""" pass + + def add_cleanup(self, c): + """Queue a cleanup to be run when the test is complete.""" + self._cleanups.append(c) + + def fail(self, reason = ""): """Say the test failed.""" raise AssertionError(reason) @@ -138,9 +176,14 @@ why.""" def runcmd_background(self, cmd): import os - name = cmd[0] self.test_log = self.test_log + "Run in background:\n" + `cmd` + "\n" - pid = os.spawnvp(os.P_NOWAIT, name, cmd) + pid = os.fork() + if pid == 0: + # child + try: + os.execvp("/bin/sh", ["/bin/sh", "-c", cmd]) + finally: + os._exit(127) self.test_log = self.test_log + "pid: %d\n" % pid return pid @@ -148,44 +191,78 @@ why.""" def runcmd(self, cmd, expectedResult = 0): """Run a command, fail if the command returns an unexpected exit code. Return the output produced.""" - rc, output = self.runcmd_unchecked(cmd) + rc, output, stderr = self.runcmd_unchecked(cmd) if rc != expectedResult: - raise AssertionError("command returned %d; expected %s: \"%s\"" % - (rc, expectedResult, cmd)) + raise AssertionError("""command returned %d; expected %s: \"%s\" +stdout: +%s +stderr: +%s""" % (rc, expectedResult, cmd, output, stderr)) + + return output, stderr + + + def run_captured(self, cmd): + """Run a command, capturing stdout and stderr. + + Based in part on popen2.py + + Returns (waitstatus, stdout, stderr).""" + import os, types + pid = os.fork() + if pid == 0: + # child + try: + pid = os.getpid() + openmode = os.O_WRONLY|os.O_CREAT|os.O_TRUNC + + outfd = os.open('%d.out' % pid, openmode, 0666) + os.dup2(outfd, 1) + os.close(outfd) + + errfd = os.open('%d.err' % pid, openmode, 0666) + os.dup2(errfd, 2) + os.close(errfd) + + if isinstance(cmd, types.StringType): + cmd = ['/bin/sh', '-c', cmd] + + os.execvp(cmd[0], cmd) + finally: + os._exit(127) + else: + # parent + exited_pid, waitstatus = os.waitpid(pid, 0) + stdout = open('%d.out' % pid).read() + stderr = open('%d.err' % pid).read() + return waitstatus, stdout, stderr - return output def runcmd_unchecked(self, cmd, skip_on_noexec = 0): - """Invoke a command; return (exitcode, stdout)""" - import os, popen2 - pobj = popen2.Popen4(cmd) - output = pobj.fromchild.read() - waitstatus = pobj.wait() + """Invoke a command; return (exitcode, stdout, stderr)""" + import os + waitstatus, stdout, stderr = self.run_captured(cmd) assert not os.WIFSIGNALED(waitstatus), \ - ("%s terminated with signal %d", cmd, os.WTERMSIG(waitstatus)) + ("%s terminated with signal %d" % (`cmd`, os.WTERMSIG(waitstatus))) rc = os.WEXITSTATUS(waitstatus) self.test_log = self.test_log + ("""Run command: %s Wait status: %#x (exit code %d, signal %d) -Output: +stdout: +%s +stderr: %s""" % (cmd, waitstatus, os.WEXITSTATUS(waitstatus), os.WTERMSIG(waitstatus), - output)) + stdout, stderr)) if skip_on_noexec and rc == 127: # Either we could not execute the command or the command # returned exit code 127. According to system(3) we can't # tell the difference. raise NotRunError, "could not execute %s" % `cmd` - return rc, output + return rc, stdout, stderr + def explain_failure(self, exc_info = None): - import traceback - # Move along, nothing to see here - if not exc_info and self.test_log == "": - return - print "-----------------------------------------------------------------" - if exc_info: - traceback.print_exc(file=sys.stdout) + print "test_log:" print self.test_log - print "-----------------------------------------------------------------" def log(self, msg): @@ -201,14 +278,34 @@ class NotRunError(Exception): self.value = value -def runtests(test_list, verbose = 0): - """Run a series of tests. +def _report_error(case, debugger): + """Ask the test case to explain failure, and optionally run a debugger - Eventually, this routine will also examine sys.argv[] to handle - extra options. + Input: + case TestCase instance + debugger if true, a debugger function to be applied to the traceback +""" + import sys + ex = sys.exc_info() + print "-----------------------------------------------------------------" + if ex: + import traceback + traceback.print_exc(file=sys.stdout) + case.explain_failure() + print "-----------------------------------------------------------------" + + if debugger: + tb = ex[2] + debugger(tb) + + +def runtests(test_list, verbose = 0, debugger = None): + """Run a series of tests. Inputs: - test_list sequence of callable test objects + test_list sequence of TestCase classes + verbose print more information as testing proceeds + debugger debugger object to be applied to errors Returns: unix return code: 0 for success, 1 for failures, 2 for test failure @@ -220,37 +317,37 @@ def runtests(test_list, verbose = 0): # flush now so that long running tests are easier to follow sys.stdout.flush() + obj = None try: try: # run test and show result obj = test_class() - if hasattr(obj, "setup"): - obj.setup() + obj.setup() obj.runtest() print "OK" except KeyboardInterrupt: print "INTERRUPT" - obj.explain_failure(sys.exc_info()) + _report_error(obj, debugger) ret = 2 break except NotRunError, msg: print "NOTRUN, %s" % msg.value except: print "FAIL" - obj.explain_failure(sys.exc_info()) + _report_error(obj, debugger) ret = 1 finally: - try: - if hasattr(obj, "teardown"): - obj.teardown() - except KeyboardInterrupt: - print "interrupted during teardown" - obj.explain_failure(sys.exc_info()) - ret = 2 - break - except: - print "error during teardown" - obj.explain_failure(sys.exc_info()) - ret = 1 + while obj and obj._cleanups: + try: + apply(obj._cleanups.pop()) + except KeyboardInterrupt: + print "interrupted during teardown" + _report_error(obj, debugger) + ret = 2 + break + except: + print "error during teardown" + _report_error(obj, debugger) + ret = 1 # Display log file if we're verbose if ret == 0 and verbose: obj.explain_failure() @@ -277,9 +374,10 @@ usage: list them on the command line. options: - --help show usage message - --list list available tests - --verbose show more information while running tests + --help show usage message + --list list available tests + --verbose, -v show more information while running tests + --post-mortem, -p enter Python debugger on error """ % sys.argv[0] @@ -289,9 +387,14 @@ def print_list(test_list): print " %s" % _test_name(test_class) -def main(tests): +def main(tests, extra_tests=[]): """Main entry point for test suites based on ComfyChair. + inputs: + tests Sequence of TestCase subclasses to be run by default. + extra_tests Sequence of TestCase subclasses that are available but + not run by default. + Test suites should contain this boilerplate: if __name__ == '__main__': @@ -305,28 +408,37 @@ Calls sys.exit() on completion. from sys import argv import getopt, sys - verbose = 0 - - opts, args = getopt.getopt(argv[1:], '', ['help', 'list', 'verbose']) - if ('--help', '') in opts: - print_help() - return - elif ('--list', '') in opts: - print_list(tests) - return + opt_verbose = 0 + debugger = None - if ('--verbose', '') in opts: - verbose = 1 + opts, args = getopt.getopt(argv[1:], 'pv', + ['help', 'list', 'verbose', 'post-mortem']) + for opt, opt_arg in opts: + if opt == '--help': + print_help() + return + elif opt == '--list': + print_list(tests + extra_tests) + return + elif opt == '--verbose' or opt == '-v': + opt_verbose = 1 + elif opt == '--post-mortem' or opt == '-p': + import pdb + debugger = pdb.post_mortem if args: + all_tests = tests + extra_tests by_name = {} - for t in tests: + for t in all_tests: by_name[_test_name(t)] = t - which_tests = [by_name[name] for name in args] + which_tests = [] + for name in args: + which_tests.append(by_name[name]) else: which_tests = tests - sys.exit(runtests(which_tests, verbose)) + sys.exit(runtests(which_tests, verbose=opt_verbose, + debugger=debugger)) if __name__ == '__main__': -- cgit