Date: Sun, 20 May 2018 05:13:13 +0000 (UTC) From: Matt Macy <mmacy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r333920 - in head/sys: kern sys Message-ID: <201805200513.w4K5DDHt093193@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mmacy Date: Sun May 20 05:13:12 2018 New Revision: 333920 URL: https://svnweb.freebsd.org/changeset/base/333920 Log: Add additional preinitialized cap_rights Modified: head/sys/kern/subr_capability.c head/sys/kern/vfs_syscalls.c head/sys/sys/capsicum.h Modified: head/sys/kern/subr_capability.c ============================================================================== --- head/sys/kern/subr_capability.c Sun May 20 05:06:42 2018 (r333919) +++ head/sys/kern/subr_capability.c Sun May 20 05:13:12 2018 (r333920) @@ -55,31 +55,47 @@ __FBSDID("$FreeBSD$"); #define assert(exp) KASSERT((exp), ("%s:%u", __func__, __LINE__)) __read_mostly cap_rights_t cap_accept_rights; __read_mostly cap_rights_t cap_bind_rights; +__read_mostly cap_rights_t cap_chflags_rights; __read_mostly cap_rights_t cap_connect_rights; __read_mostly cap_rights_t cap_event_rights; __read_mostly cap_rights_t cap_fchdir_rights; +__read_mostly cap_rights_t cap_fchflags_rights; +__read_mostly cap_rights_t cap_fchmod_rights; +__read_mostly cap_rights_t cap_fchown_rights; __read_mostly cap_rights_t cap_fcntl_rights; __read_mostly cap_rights_t cap_fexecve_rights; __read_mostly cap_rights_t cap_flock_rights; __read_mostly cap_rights_t cap_fpathconf_rights; __read_mostly cap_rights_t cap_fstat_rights; +__read_mostly cap_rights_t cap_fstatfs_rights; +__read_mostly cap_rights_t cap_fsync_rights; __read_mostly cap_rights_t cap_ftruncate_rights; +__read_mostly cap_rights_t cap_futimes_rights; __read_mostly cap_rights_t cap_getpeername_rights; __read_mostly cap_rights_t cap_getsockopt_rights; __read_mostly cap_rights_t cap_getsockname_rights; __read_mostly cap_rights_t cap_ioctl_rights; __read_mostly cap_rights_t cap_listen_rights; +__read_mostly cap_rights_t cap_linkat_source_rights; +__read_mostly cap_rights_t cap_linkat_target_rights; __read_mostly cap_rights_t cap_mmap_rights; -__read_mostly cap_rights_t cap_fsync_rights; +__read_mostly cap_rights_t cap_mkdirat_rights; +__read_mostly cap_rights_t cap_mkfifoat_rights; +__read_mostly cap_rights_t cap_mknodat_rights; __read_mostly cap_rights_t cap_pdgetpid_rights; __read_mostly cap_rights_t cap_pdkill_rights; __read_mostly cap_rights_t cap_pread_rights; __read_mostly cap_rights_t cap_pwrite_rights; __read_mostly cap_rights_t cap_read_rights; __read_mostly cap_rights_t cap_recv_rights; +__read_mostly cap_rights_t cap_renameat_source_rights; +__read_mostly cap_rights_t cap_renameat_target_rights; +__read_mostly cap_rights_t cap_seek_rights; __read_mostly cap_rights_t cap_send_rights; __read_mostly cap_rights_t cap_setsockopt_rights; __read_mostly cap_rights_t cap_shutdown_rights; +__read_mostly cap_rights_t cap_symlinkat_rights; +__read_mostly cap_rights_t cap_unlinkat_rights; __read_mostly cap_rights_t cap_write_rights; __read_mostly cap_rights_t cap_no_rights; @@ -91,18 +107,28 @@ __cap_rights_sysinit1(void *arg) cap_rights_init(&cap_connect_rights, CAP_CONNECT); cap_rights_init(&cap_event_rights, CAP_EVENT); cap_rights_init(&cap_fchdir_rights, CAP_FCHDIR); + cap_rights_init(&cap_fchflags_rights, CAP_FCHFLAGS); + cap_rights_init(&cap_fchmod_rights, CAP_FCHMOD); + cap_rights_init(&cap_fchown_rights, CAP_FCHOWN); cap_rights_init(&cap_fcntl_rights, CAP_FCNTL); cap_rights_init(&cap_fexecve_rights, CAP_FEXECVE); cap_rights_init(&cap_flock_rights, CAP_FLOCK); cap_rights_init(&cap_fpathconf_rights, CAP_FPATHCONF); cap_rights_init(&cap_fstat_rights, CAP_FSTAT); + cap_rights_init(&cap_fstatfs_rights, CAP_FSTATFS); cap_rights_init(&cap_fsync_rights, CAP_FSYNC); cap_rights_init(&cap_ftruncate_rights, CAP_FTRUNCATE); + cap_rights_init(&cap_futimes_rights, CAP_FUTIMES); cap_rights_init(&cap_getpeername_rights, CAP_GETPEERNAME); cap_rights_init(&cap_getsockname_rights, CAP_GETSOCKNAME); cap_rights_init(&cap_getsockopt_rights, CAP_GETSOCKOPT); cap_rights_init(&cap_ioctl_rights, CAP_IOCTL); + cap_rights_init(&cap_linkat_source_rights, CAP_LINKAT_SOURCE); + cap_rights_init(&cap_linkat_target_rights, CAP_LINKAT_TARGET); cap_rights_init(&cap_listen_rights, CAP_LISTEN); + cap_rights_init(&cap_mkdirat_rights, CAP_MKDIRAT); + cap_rights_init(&cap_mkfifoat_rights, CAP_MKFIFOAT); + cap_rights_init(&cap_mknodat_rights, CAP_MKNODAT); cap_rights_init(&cap_mmap_rights, CAP_MMAP); cap_rights_init(&cap_pdgetpid_rights, CAP_PDGETPID); cap_rights_init(&cap_pdkill_rights, CAP_PDKILL); @@ -110,9 +136,14 @@ __cap_rights_sysinit1(void *arg) cap_rights_init(&cap_pwrite_rights, CAP_PWRITE); cap_rights_init(&cap_read_rights, CAP_READ); cap_rights_init(&cap_recv_rights, CAP_RECV); + cap_rights_init(&cap_renameat_source_rights, CAP_RENAMEAT_SOURCE); + cap_rights_init(&cap_renameat_target_rights, CAP_RENAMEAT_TARGET); + cap_rights_init(&cap_seek_rights, CAP_SEEK); cap_rights_init(&cap_send_rights, CAP_SEND); cap_rights_init(&cap_setsockopt_rights, CAP_SETSOCKOPT); cap_rights_init(&cap_shutdown_rights, CAP_SHUTDOWN); + cap_rights_init(&cap_symlinkat_rights, CAP_SYMLINKAT); + cap_rights_init(&cap_unlinkat_rights, CAP_UNLINKAT); cap_rights_init(&cap_write_rights, CAP_WRITE); cap_rights_init(&cap_no_rights); } Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Sun May 20 05:06:42 2018 (r333919) +++ head/sys/kern/vfs_syscalls.c Sun May 20 05:13:12 2018 (r333920) @@ -345,11 +345,10 @@ kern_fstatfs(struct thread *td, int fd, struct statfs struct file *fp; struct mount *mp; struct vnode *vp; - cap_rights_t rights; int error; AUDIT_ARG_FD(fd); - error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSTATFS), &fp); + error = getvnode(td, fd, &cap_fstatfs_rights, &fp); if (error != 0) return (error); vp = fp->f_vnode; @@ -1236,7 +1235,6 @@ kern_mknodat(struct thread *td, int fd, char *path, en struct mount *mp; struct vattr vattr; struct nameidata nd; - cap_rights_t rights; int error, whiteout = 0; AUDIT_ARG_MODE(mode); @@ -1264,7 +1262,7 @@ kern_mknodat(struct thread *td, int fd, char *path, en restart: bwillwrite(); NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | - NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKNODAT), + NOCACHE, pathseg, path, fd, &cap_mknodat_rights, td); if ((error = namei(&nd)) != 0) return (error); @@ -1365,14 +1363,13 @@ kern_mkfifoat(struct thread *td, int fd, char *path, e struct mount *mp; struct vattr vattr; struct nameidata nd; - cap_rights_t rights; int error; AUDIT_ARG_MODE(mode); restart: bwillwrite(); NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | - NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKFIFOAT), + NOCACHE, pathseg, path, fd, &cap_mkfifoat_rights, td); if ((error = namei(&nd)) != 0) return (error); @@ -1498,13 +1495,12 @@ kern_linkat(struct thread *td, int fd1, int fd2, char struct vnode *vp; struct mount *mp; struct nameidata nd; - cap_rights_t rights; int error; again: bwillwrite(); NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, segflg, path1, fd1, - cap_rights_init(&rights, CAP_LINKAT_SOURCE), td); + &cap_linkat_source_rights, td); if ((error = namei(&nd)) != 0) return (error); @@ -1516,7 +1512,7 @@ again: } NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflg, path2, fd2, - cap_rights_init(&rights, CAP_LINKAT_TARGET), td); + &cap_linkat_target_rights, td); if ((error = namei(&nd)) == 0) { if (nd.ni_vp != NULL) { NDFREE(&nd, NDF_ONLY_PNBUF); @@ -1618,7 +1614,6 @@ kern_symlinkat(struct thread *td, char *path1, int fd, char *syspath; struct nameidata nd; int error; - cap_rights_t rights; if (segflg == UIO_SYSSPACE) { syspath = path1; @@ -1631,7 +1626,7 @@ kern_symlinkat(struct thread *td, char *path1, int fd, restart: bwillwrite(); NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | - NOCACHE, segflg, path2, fd, cap_rights_init(&rights, CAP_SYMLINKAT), + NOCACHE, segflg, path2, fd, &cap_symlinkat_rights, td); if ((error = namei(&nd)) != 0) goto out; @@ -1769,13 +1764,12 @@ kern_unlinkat(struct thread *td, int fd, char *path, e struct vnode *vp; struct nameidata nd; struct stat sb; - cap_rights_t rights; int error; restart: bwillwrite(); NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1, - pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td); + pathseg, path, fd, &cap_unlinkat_rights, td); if ((error = namei(&nd)) != 0) return (error == EINVAL ? EPERM : error); vp = nd.ni_vp; @@ -1851,11 +1845,10 @@ int kern_lseek(struct thread *td, int fd, off_t offset, int whence) { struct file *fp; - cap_rights_t rights; int error; AUDIT_ARG_FD(fd); - error = fget(td, fd, cap_rights_init(&rights, CAP_SEEK), &fp); + error = fget(td, fd, &cap_seek_rights, &fp); if (error != 0) return (error); error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ? @@ -1964,7 +1957,6 @@ kern_accessat(struct thread *td, int fd, char *path, e struct ucred *cred, *usecred; struct vnode *vp; struct nameidata nd; - cap_rights_t rights; int error; if (flag & ~AT_EACCESS) @@ -1988,7 +1980,7 @@ kern_accessat(struct thread *td, int fd, char *path, e usecred = cred; AUDIT_ARG_VALUE(amode); NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | - AUDITVNODE1, pathseg, path, fd, cap_rights_init(&rights, CAP_FSTAT), + AUDITVNODE1, pathseg, path, fd, &cap_fstat_rights, td); if ((error = namei(&nd)) != 0) goto out; @@ -2609,13 +2601,12 @@ kern_chflagsat(struct thread *td, int fd, const char * enum uio_seg pathseg, u_long flags, int atflag) { struct nameidata nd; - cap_rights_t rights; int error, follow; AUDIT_ARG_FFLAGS(flags); follow = (atflag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, - cap_rights_init(&rights, CAP_FCHFLAGS), td); + &cap_fchflags_rights, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2637,12 +2628,11 @@ int sys_fchflags(struct thread *td, struct fchflags_args *uap) { struct file *fp; - cap_rights_t rights; int error; AUDIT_ARG_FD(uap->fd); AUDIT_ARG_FFLAGS(uap->flags); - error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_FCHFLAGS), + error = getvnode(td, uap->fd, &cap_fchflags_rights, &fp); if (error != 0) return (error); @@ -2742,13 +2732,12 @@ kern_fchmodat(struct thread *td, int fd, char *path, e mode_t mode, int flag) { struct nameidata nd; - cap_rights_t rights; int error, follow; AUDIT_ARG_MODE(mode); follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, - cap_rights_init(&rights, CAP_FCHMOD), td); + &cap_fchmod_rights, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2770,13 +2759,12 @@ int sys_fchmod(struct thread *td, struct fchmod_args *uap) { struct file *fp; - cap_rights_t rights; int error; AUDIT_ARG_FD(uap->fd); AUDIT_ARG_MODE(uap->mode); - error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHMOD), &fp); + error = fget(td, uap->fd, &cap_fchmod_rights, &fp); if (error != 0) return (error); error = fo_chmod(fp, uap->mode, td->td_ucred, td); @@ -2857,13 +2845,12 @@ kern_fchownat(struct thread *td, int fd, char *path, e int uid, int gid, int flag) { struct nameidata nd; - cap_rights_t rights; int error, follow; AUDIT_ARG_OWNER(uid, gid); follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, - cap_rights_init(&rights, CAP_FCHOWN), td); + &cap_fchown_rights, td); if ((error = namei(&nd)) != 0) return (error); @@ -2905,12 +2892,11 @@ int sys_fchown(struct thread *td, struct fchown_args *uap) { struct file *fp; - cap_rights_t rights; int error; AUDIT_ARG_FD(uap->fd); AUDIT_ARG_OWNER(uap->uid, uap->gid); - error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHOWN), &fp); + error = fget(td, uap->fd, &cap_fchown_rights, &fp); if (error != 0) return (error); error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td); @@ -3072,13 +3058,12 @@ kern_utimesat(struct thread *td, int fd, char *path, e { struct nameidata nd; struct timespec ts[2]; - cap_rights_t rights; int error; if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd, - cap_rights_init(&rights, CAP_FUTIMES), td); + &cap_futimes_rights, td); if ((error = namei(&nd)) != 0) return (error); @@ -3146,14 +3131,13 @@ kern_futimes(struct thread *td, int fd, struct timeval { struct timespec ts[2]; struct file *fp; - cap_rights_t rights; int error; AUDIT_ARG_FD(fd); error = getutimes(tptr, tptrseg, ts); if (error != 0) return (error); - error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp); + error = getvnode(td, fd, &cap_futimes_rights, &fp); if (error != 0) return (error); #ifdef AUDIT @@ -3179,7 +3163,6 @@ kern_futimens(struct thread *td, int fd, struct timesp { struct timespec ts[2]; struct file *fp; - cap_rights_t rights; int error, flags; AUDIT_ARG_FD(fd); @@ -3188,7 +3171,7 @@ kern_futimens(struct thread *td, int fd, struct timesp return (error); if (flags & UTIMENS_EXIT) return (0); - error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp); + error = getvnode(td, fd, &cap_futimes_rights, &fp); if (error != 0) return (error); #ifdef AUDIT @@ -3215,7 +3198,6 @@ kern_utimensat(struct thread *td, int fd, char *path, { struct nameidata nd; struct timespec ts[2]; - cap_rights_t rights; int error, flags; if (flag & ~AT_SYMLINK_NOFOLLOW) @@ -3225,7 +3207,7 @@ kern_utimensat(struct thread *td, int fd, char *path, return (error); NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW) | AUDITVNODE1, pathseg, path, fd, - cap_rights_init(&rights, CAP_FUTIMES), td); + &cap_futimes_rights, td); if ((error = namei(&nd)) != 0) return (error); /* @@ -3342,11 +3324,10 @@ kern_fsync(struct thread *td, int fd, bool fullsync) struct vnode *vp; struct mount *mp; struct file *fp; - cap_rights_t rights; int error, lock_flags; AUDIT_ARG_FD(fd); - error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSYNC), &fp); + error = getvnode(td, fd, &cap_fsync_rights, &fp); if (error != 0) return (error); vp = fp->f_vnode; @@ -3441,7 +3422,6 @@ kern_renameat(struct thread *td, int oldfd, char *old, struct mount *mp = NULL; struct vnode *tvp, *fvp, *tdvp; struct nameidata fromnd, tond; - cap_rights_t rights; int error; again: @@ -3449,11 +3429,11 @@ again: #ifdef MAC NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | AUDITVNODE1, pathseg, old, oldfd, - cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td); + &cap_renameat_source_rights, td); #else NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1, pathseg, old, oldfd, - cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td); + &cap_renameat_source_rights, td); #endif if ((error = namei(&fromnd)) != 0) @@ -3468,7 +3448,7 @@ again: fvp = fromnd.ni_vp; NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | AUDITVNODE2, pathseg, new, newfd, - cap_rights_init(&rights, CAP_RENAMEAT_TARGET), td); + &cap_renameat_target_rights, td); if (fromnd.ni_vp->v_type == VDIR) tond.ni_cnd.cn_flags |= WILLBEDIR; if ((error = namei(&tond)) != 0) { @@ -3517,7 +3497,7 @@ again: * from 'newfd'. */ error = cap_check(&tond.ni_filecaps.fc_rights, - cap_rights_init(&rights, CAP_UNLINKAT)); + &cap_unlinkat_rights); if (error != 0) goto out; } @@ -3605,14 +3585,13 @@ kern_mkdirat(struct thread *td, int fd, char *path, en struct vnode *vp; struct vattr vattr; struct nameidata nd; - cap_rights_t rights; int error; AUDIT_ARG_MODE(mode); restart: bwillwrite(); NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | - NOCACHE, segflg, path, fd, cap_rights_init(&rights, CAP_MKDIRAT), + NOCACHE, segflg, path, fd, &cap_mkdirat_rights, td); nd.ni_cnd.cn_flags |= WILLBEDIR; if ((error = namei(&nd)) != 0) @@ -3681,13 +3660,12 @@ kern_rmdirat(struct thread *td, int fd, char *path, en struct mount *mp; struct vnode *vp; struct nameidata nd; - cap_rights_t rights; int error; restart: bwillwrite(); NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1, - pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td); + pathseg, path, fd, &cap_unlinkat_rights, td); if ((error = namei(&nd)) != 0) return (error); vp = nd.ni_vp; Modified: head/sys/sys/capsicum.h ============================================================================== --- head/sys/sys/capsicum.h Sun May 20 05:06:42 2018 (r333919) +++ head/sys/sys/capsicum.h Sun May 20 05:13:12 2018 (r333920) @@ -407,29 +407,44 @@ extern cap_rights_t cap_bind_rights; extern cap_rights_t cap_connect_rights; extern cap_rights_t cap_event_rights; extern cap_rights_t cap_fchdir_rights; +extern cap_rights_t cap_fchflags_rights; +extern cap_rights_t cap_fchmod_rights; +extern cap_rights_t cap_fchown_rights; extern cap_rights_t cap_fcntl_rights; extern cap_rights_t cap_fexecve_rights; extern cap_rights_t cap_flock_rights; extern cap_rights_t cap_fpathconf_rights; extern cap_rights_t cap_fstat_rights; +extern cap_rights_t cap_fstatfs_rights; +extern cap_rights_t cap_fsync_rights; extern cap_rights_t cap_ftruncate_rights; +extern cap_rights_t cap_futimes_rights; extern cap_rights_t cap_getpeername_rights; extern cap_rights_t cap_getsockopt_rights; extern cap_rights_t cap_getsockname_rights; extern cap_rights_t cap_ioctl_rights; +extern cap_rights_t cap_linkat_source_rights; +extern cap_rights_t cap_linkat_target_rights; extern cap_rights_t cap_listen_rights; +extern cap_rights_t cap_mkdirat_rights; +extern cap_rights_t cap_mkfifoat_rights; +extern cap_rights_t cap_mknodat_rights; extern cap_rights_t cap_mmap_rights; extern cap_rights_t cap_no_rights; -extern cap_rights_t cap_fsync_rights; extern cap_rights_t cap_pdgetpid_rights; extern cap_rights_t cap_pdkill_rights; extern cap_rights_t cap_pread_rights; extern cap_rights_t cap_pwrite_rights; extern cap_rights_t cap_read_rights; extern cap_rights_t cap_recv_rights; +extern cap_rights_t cap_renameat_source_rights; +extern cap_rights_t cap_renameat_target_rights; +extern cap_rights_t cap_seek_rights; extern cap_rights_t cap_send_rights; extern cap_rights_t cap_setsockopt_rights; extern cap_rights_t cap_shutdown_rights; +extern cap_rights_t cap_symlinkat_rights; +extern cap_rights_t cap_unlinkat_rights; extern cap_rights_t cap_write_rights; #define IN_CAPABILITY_MODE(td) (((td)->td_ucred->cr_flags & CRED_FLAG_CAPMODE) != 0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805200513.w4K5DDHt093193>