Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp182720rdb;
        Thu, 21 Dec 2023 06:26:51 -0800 (PST)
X-Google-Smtp-Source: AGHT+IH5xMV7XwEWpJqQiz9tHJ9u4Lk+waiGNzUsn/A3445P5taRmcGTpdUjPoTbGqqJ+k9tv6Gt
X-Received: by 2002:a17:902:d2c5:b0:1d0:476f:b2ba with SMTP id n5-20020a170902d2c500b001d0476fb2bamr27431386plc.50.1703168810827;
        Thu, 21 Dec 2023 06:26:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1703168810; cv=none;
        d=google.com; s=arc-20160816;
        b=e+3H9JjCcS1yCAMR1YPbpZrke3cAmmuB0ojaOvQOfY00s3clTax6B2Wv6Lo9NR7i9F
         6s6Z9YRQi6LQzYfCEVnMyp8sLlFct4Aau+6URSokWKZL/4aNu5JdYkgw59j+Zfyvd9f4
         sO71n39ZQd3csWWXtWlYOuvk6rVBd4kfoNk8A5W/jqx2jmHYEUkm8Mp723e8aSnrksaT
         siPsn5ifgVWqknU7E596Py3mcchiDr3FuVqC4LH5qKbAjUhYKBYlo/D3qZ9cZvG1Sd/k
         U5Vm0Vg7wmFGmxIS+jDKW3DmBQHXJ1hOVrkxASBJTl/OQ5qZXzOLtH4R5ZBJTxb80DmL
         ndKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:organization:from:references:cc:to:content-language
         :subject:user-agent:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:date:message-id:dkim-signature;
        bh=nvDyKUFC0GqXa4uV0mmUtQ3QwY/3ImUOmACY/eQymUE=;
        fh=KFr1gxDGEKzYO4Nmw/Da49jrbGutWGpefERC1nRelD0=;
        b=H26HTtfqA4Lo9a1+UV20v4gNk4H9sL/DcZz3sq3Xu4BhMsPjmnpbgRqTUJm4ywo/Lu
         KgQA4OHkohtiMi+ndAB3MqkFCvg3tolbNAyjGrNuCzZeTbRgbPygnxPXql194QuP21Ug
         pPS72m2TzBu4KTPKZoTIdEedPmPaUedeMZEzybVbDzXqfje+6gp3hpLukoIWV12h+hBc
         QJYsbjKnHgop5TjnhVkUsw7Zg2j2bHzHBB8rvKBIbPFaDMRYqIEwrTFHG+YKFKSu6DG7
         Pmt6dEGY3L8qUrtRqNTs0nFXEPOcLsAPLriOeVVvvuDg1SSLGuBntHhmBRp/hKjYwiGT
         FAmA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@auristor.com header.s=MDaemon header.b=C3WNTlPS;
       spf=pass (google.com: domain of linux-kernel+bounces-8570-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8570-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=auristor.com
Return-Path: <linux-kernel+bounces-8570-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id l12-20020a170903244c00b001d344a1673asi1614859pls.500.2023.12.21.06.26.50
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 21 Dec 2023 06:26:50 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-8570-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@auristor.com header.s=MDaemon header.b=C3WNTlPS;
       spf=pass (google.com: domain of linux-kernel+bounces-8570-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8570-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=auristor.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7883B283F43
	for <linux.lists.archive@gmail.com>; Thu, 21 Dec 2023 14:26:50 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 7FD803608D;
	Thu, 21 Dec 2023 14:26:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=auristor.com header.i=jaltman@auristor.com header.b="C3WNTlPS"
X-Original-To: linux-kernel@vger.kernel.org
Received: from sequoia-grove.ad.secure-endpoints.com (sequoia-grove.ad.secure-endpoints.com [208.125.0.235])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86BCE539E6
	for <linux-kernel@vger.kernel.org>; Thu, 21 Dec 2023 14:26:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=auristor.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=auristor.com
DKIM-Signature: v=1; a=rsa-sha256; c=simple/relaxed;
	d=auristor.com; s=MDaemon; r=y; t=1703168790; x=1703773590;
	i=jaltman@auristor.com; q=dns/txt; h=Message-ID:Date:
	MIME-Version:User-Agent:Subject:Content-Language:To:Cc:
	References:From:Organization:In-Reply-To:Content-Type; bh=nvDyKU
	FC0GqXa4uV0mmUtQ3QwY/3ImUOmACY/eQymUE=; b=C3WNTlPSJup877sjZdBxeC
	I0PylAt+5pDUh0VEa+j564Wje+GvSfln4KTfWReeUc57g4twuJ9kqybWm6A8imum
	GBJpA08/YEK1d3NchwQoFg5r+lnpTsXaO/IDvCSBaDls1t0cMiRv27f6pTjYP262
	WU050Mu5uUdawb7ZMx5Xw=
X-MDAV-Result: clean
X-MDAV-Processed: sequoia-grove.ad.secure-endpoints.com, Thu, 21 Dec 2023 09:26:30 -0500
Received: from [IPV6:2603:7000:73c:c800:969b:c070:cc58:a112] by auristor.com (IPv6:2001:470:1f07:f77:28d9:68fb:855d:c2a5) (MDaemon PRO v23.5.1) 
	with ESMTPSA id md5001003765418.msg; Thu, 21 Dec 2023 09:26:29 -0500
X-Spam-Processed: sequoia-grove.ad.secure-endpoints.com, Thu, 21 Dec 2023 09:26:29 -0500
	(not processed: message from trusted or authenticated source)
X-MDRemoteIP: 2603:7000:73c:c800:969b:c070:cc58:a112
X-MDHelo: [IPV6:2603:7000:73c:c800:969b:c070:cc58:a112]
X-MDArrival-Date: Thu, 21 Dec 2023 09:26:29 -0500
X-MDOrigin-Country: US, NA
X-Authenticated-Sender: jaltman@auristor.com
X-Return-Path: prvs=17191febf5=jaltman@auristor.com
X-Envelope-From: jaltman@auristor.com
X-MDaemon-Deliver-To: linux-kernel@vger.kernel.org
Message-ID: <2362714a-4f73-4f5c-b26e-7b88bb408bc8@auristor.com>
Date: Thu, 21 Dec 2023 09:26:20 -0500
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v4 0/3] afs: Fix dynamic root interaction with failing DNS
 lookups
Content-Language: en-US
To: David Howells <dhowells@redhat.com>,
 Markus Suvanto <markus.suvanto@gmail.com>,
 Marc Dionne <marc.dionne@auristor.com>
Cc: linux-afs@lists.infradead.org, keyrings@vger.kernel.org,
 linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
References: <20231221134558.1659214-1-dhowells@redhat.com>
From: Jeffrey E Altman <jaltman@auristor.com>
Organization: AuriStor, Inc.
In-Reply-To: <20231221134558.1659214-1-dhowells@redhat.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms020205010406090109050502"
X-MDCFSigsAdded: auristor.com

This is a cryptographically signed message in MIME format.

--------------ms020205010406090109050502
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 12/21/2023 8:45 AM, David Howells wrote:
> Hi Markus, Marc,
>
> Here's a set of fixes to improve the interaction of arbitrary lookups in
> the AFS dynamic root that hit DNS lookup failures[1]:
>
>   (1) Always delete unused (particularly negative) dentries as soon as
>       possible so that they don't prevent future lookups from retrying.
>
>   (2) Fix the handling of new-style negative DNS lookups in ->lookup() to
>       make them return ENOENT so that userspace doesn't get confused when
>       stat succeeds but the following open on the looked up file then fails.
>
>   (3) Fix key handling so that DNS lookup results are reclaimed as soon as
>       they expire rather than sitting round either forever or for an
>       additional 5 mins beyond a set expiry time returning EKEYEXPIRED.
>
> The patches can be found here:
>
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes
>
> Thanks,
> David
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1]
> Link: https://lore.kernel.org/r/20231211163412.2766147-1-dhowells@redhat.com/ # v1
> Link: https://lore.kernel.org/r/20231211213233.2793525-1-dhowells@redhat.com/ # v2
> Link: https://lore.kernel.org/r/20231212144611.3100234-1-dhowells@redhat.com/ # v3
>
> Changes
> =======
> ver #4)
>   - Reduce the negative timeout from 10s to 1s.
>
> ver #3)
>   - Rebased to v6.7-rc5 which has an additional afs patch.
>   - Don't add to TIME64_MAX (ie. permanent) when checking expiry time.
>
> ver #2)
>   - Fix signed-unsigned comparison when checking return val.
>
> David Howells (3):
>    afs: Fix the dynamic root's d_delete to always delete unused dentries
>    afs: Fix dynamic root lookup DNS check
>    keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on
>      expiry
>
>   fs/afs/dynroot.c           | 31 +++++++++++++++++--------------
>   include/linux/key-type.h   |  1 +
>   net/dns_resolver/dns_key.c | 10 +++++++++-
>   security/keys/gc.c         | 31 +++++++++++++++++++++----------
>   security/keys/internal.h   | 11 ++++++++++-
>   security/keys/key.c        | 15 +++++----------
>   security/keys/proc.c       |  2 +-
>   7 files changed, 64 insertions(+), 37 deletions(-)
>
>
> _______________________________________________
> linux-afs mailing list
> http://lists.infradead.org/mailman/listinfo/linux-afs

Reviewed-by: Jeffrey Altman <jaltman@auristor.com>


--------------ms020205010406090109050502
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
DHEwggXSMIIEuqADAgECAhBAAYJpmi/rPn/F0fJyDlzMMA0GCSqGSIb3DQEBCwUAMDoxCzAJ
BgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTEz
MB4XDTIyMDgwNDE2MDQ0OFoXDTI1MTAzMTE2MDM0OFowcDEvMC0GCgmSJomT8ixkAQETH0Ew
MTQxMEQwMDAwMDE4MjY5OUEyRkQyMDAwMjMzQ0QxGTAXBgNVBAMTEEplZmZyZXkgRSBBbHRt
YW4xFTATBgNVBAoTDEF1cmlTdG9yIEluYzELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCkC7PKBBZnQqDKPtZPMLAy77zo2DPvwtGnd1hNjPvbXrpGxUb3
xHZRtv179LHKAOcsY2jIctzieMxf82OMyhpBziMPsFAG/ukihBMFj3/xEeZVso3K27pSAyyN
fO/wJ0rX7G+ges22Dd7goZul8rPaTJBIxbZDuaykJMGpNq4PQ8VPcnYZx+6b+nJwJJoJ46kI
EEfNh3UKvB/vM0qtxS690iAdgmQIhTl+qfXq4IxWB6b+3NeQxgR6KLU4P7v88/tvJTpxIKkg
9xj89ruzeThyRFd2DSe3vfdnq9+g4qJSHRXyTft6W3Lkp7UWTM4kMqOcc4VSRdufVKBQNXjG
IcnhAgMBAAGjggKcMIICmDAOBgNVHQ8BAf8EBAMCBPAwgYQGCCsGAQUFBwEBBHgwdjAwBggr
BgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEIGCCsGAQUF
BzAChjZodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NlcnRzL3RydXN0aWRjYWEx
My5wN2MwHwYDVR0jBBgwFoAULbfeG1l+KpguzeHUG+PFEBJe6RQwCQYDVR0TBAIwADCCASsG
A1UdIASCASIwggEeMIIBGgYLYIZIAYb5LwAGAgEwggEJMEoGCCsGAQUFBwIBFj5odHRwczov
L3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRt
bDCBugYIKwYBBQUHAgIwga0MgapUaGlzIFRydXN0SUQgQ2VydGlmaWNhdGUgaGFzIGJlZW4g
aXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmlj
YXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRp
ZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8v
dmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC90cnVzdGlkY2FhMTMuY3JsMB8GA1UdEQQY
MBaBFGphbHRtYW5AYXVyaXN0b3IuY29tMB0GA1UdDgQWBBQB+nzqgljLocLTsiUn2yWqEc2s
gjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggEBAJwV
eycprp8Ox1npiTyfwc5QaVaqtoe8Dcg2JXZc0h4DmYGW2rRLHp8YL43snEV93rPJVk6B2v4c
WLeQfaMrnyNeEuvHx/2CT44cdLtaEk5zyqo3GYJYlLcRVz6EcSGHv1qPXgDT0xB/25etwGYq
utYF4Chkxu4KzIpq90eDMw5ajkexw+8ARQz4N5+d6NRbmMCovd7wTGi8th/BZvz8hgKUiUJo
Qle4wDxrdXdnIhCP7g87InXKefWgZBF4VX21t2+hkc04qrhIJlHrocPG9mRSnnk2WpsY0MXt
a8ivbVKtfpY7uSNDZSKTDi1izEFH5oeQdYRkgIGb319a7FjslV8wggaXMIIEf6ADAgECAhBA
AXA7OrqBjMk8rp4OuNQSMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRIwEAYDVQQK
EwlJZGVuVHJ1c3QxJzAlBgNVBAMTHklkZW5UcnVzdCBDb21tZXJjaWFsIFJvb3QgQ0EgMTAe
Fw0yMDAyMTIyMTA3NDlaFw0zMDAyMTIyMTA3NDlaMDoxCzAJBgNVBAYTAlVTMRIwEAYDVQQK
EwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTEzMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAu6sUO01SDD99PM+QdZkNxKxJNt0NgQE+Zt6ixaNP0JKSjTd+SG5L
wqxBWjnOgI/3dlwgtSNeN77AgSs+rA4bK4GJ75cUZZANUXRKw/et8pf9Qn6iqgB63OdHxBN/
15KbM3HR+PyiHXQoUVIevCKW8nnlWnnZabT1FejOhRRKVUg5HACGOTfnCOONrlxlg+m1Vjgn
o1uNqNuLM/jkD1z6phNZ/G9IfZGI0ppHX5AA/bViWceX248VmefNhSR14ADZJtlAAWOi2un0
3bqrBPHA9nDyXxI8rgWLfUP5rDy8jx2hEItg95+ORF5wfkGUq787HBjspE86CcaduLka/Bk2
VwIDAQABo4IChzCCAoMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwgYkG
CCsGAQUFBwEBBH0wezAwBggrBgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVu
dHJ1c3QuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29t
L3Jvb3RzL2NvbW1lcmNpYWxyb290Y2ExLnA3YzAfBgNVHSMEGDAWgBTtRBnA0/AGi+6ke75C
5yZUyI42djCCASQGA1UdIASCARswggEXMIIBEwYEVR0gADCCAQkwSgYIKwYBBQUHAgEWPmh0
dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRl
eC5odG1sMIG6BggrBgEFBQcCAjCBrQyBqlRoaXMgVHJ1c3RJRCBDZXJ0aWZpY2F0ZSBoYXMg
YmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIElkZW5UcnVzdCdzIFRydXN0SUQgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20v
Y2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRleC5odG1sMEoGA1UdHwRDMEEwP6A9oDuGOWh0
dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vY3JsL2NvbW1lcmNpYWxyb290Y2ExLmNy
bDAdBgNVHQ4EFgQULbfeG1l+KpguzeHUG+PFEBJe6RQwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQB/7BKcygLX6Nl4a03cDHt7TLdPxCzFvDF2
bkVYCFTRX47UfeomF1gBPFDee3H/IPlLRmuTPoNt0qjdpfQzmDWN95jUXLdLPRToNxyaoB5s
0hOhcV6H08u3FHACBif55i0DTDzVSaBv0AZ9h1XeuGx4Fih1Vm3Xxz24GBqqVudvPRLyMJ7u
6hvBqTIKJ53uCs3dyQLZT9DXnp+kJv8y7ZSAY+QVrI/dysT8avtn8d7k7azNBkfnbRq+0e88
QoBnel6u+fpwbd5NLRHywXeH+phbzULCa+bLPRMqJaW2lbhvSWrMHRDy3/d8HvgnLCBFK2s4
Spns4YCN4xVcbqlGWzgolHCKUH39vpcsDo1ymZFrJ8QR6ihIn8FmJ5oKwAnnd/G6ADXFC9bu
db9+532phSAXOZrrecIQn+vtP366PC+aClAPsIIDJDsotS5z4X2JUFsNIuEgXGqhiKE7SuZb
rFG9sdcLprSlJN7TsRDc0W2b9nqwD+rj/5MN0C+eKwha+8ydv0+qzTyxPP90KRgaegGowC4d
UsZyTk2n4Z3MuAHX5nAZL/Vh/SyDj/ajorV44yqZBzQ3ChKhXbfUSwe2xMmygA2Z5DRwMRJn
p/BscizYdNk2WXJMTnH+wVLN8sLEwEtQR4eTLoFmQvrK2AMBS9kW5sBkMzINt/ZbbcZ3F+eA
MDGCAxQwggMQAgEBME4wOjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEXMBUG
A1UEAxMOVHJ1c3RJRCBDQSBBMTMCEEABgmmaL+s+f8XR8nIOXMwwDQYJYIZIAWUDBAIBBQCg
ggGXMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMTIyMTE0
MjYyMFowLwYJKoZIhvcNAQkEMSIEIOOMUj5Gb4YPiHHtFVfZWrncSotZoNpk8Yw3W8bpqKMS
MF0GCSsGAQQBgjcQBDFQME4wOjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEX
MBUGA1UEAxMOVHJ1c3RJRCBDQSBBMTMCEEABgmmaL+s+f8XR8nIOXMwwXwYLKoZIhvcNAQkQ
AgsxUKBOMDoxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRy
dXN0SUQgQ0EgQTEzAhBAAYJpmi/rPn/F0fJyDlzMMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZI
AWUDBAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEAFZ7k
zc8Fmhs+k8jbW6IjF4E2bT4QkwJXwLNn0ex6U05su+JmRu4jlE5eGlZ8GDhadoIzt5rrOwqH
W+9AbLaysFl3awXfQluU3MQ8fl7Ow+Ymfb+11qY5bWibj9zwfHZa+fanPRsv/aIwmwCdV0G2
x9q751NamXe8/pDBo+LqBE35+76ts2T1ocyynh7UCMF/W3ucUOODsknCza34WiZPiorEbC01
xk8c5QCGkLNNQTh5BytCZbO/OvvztGCQ0JYbx2JhYdIX3VJrbG47X+215pcFxsmmdB+CVtC5
9uJc9q8fhd7+ofNyZ6rRAdShK9nBA1G9PofmcNCbG+FydrAxtgAAAAAAAA==
--------------ms020205010406090109050502--