ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04

Bug #1686618 reported by Frank Heimes on 2017-04-27
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Critical
Unassigned
openssh (Ubuntu)
Status tracked in Artful
Zesty
Critical
Dimitri John Ledkov
Artful
Critical
Dimitri John Ledkov

Bug Description

[ Impact ]

* Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl.

[ Proposed solution ]

* Cherrypick upstream fixes for:
  - sandboxing code on big endian
  - allowing hw accel iocls in the sandbox

short:
after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04:
- 5f1596e11d55539678c41f68aed358628d33d86f
- 9e96b41682aed793fadbea5ccd472f862179fb02
on master branch in https://github.com/openssh/openssh-portable
that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor."
__________

[Test case]

long:

enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this:
sudo apt-get install openssl-ibmca libica-utils libica2
sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample
sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf
sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf

afterwards ssh login attempts fail:
$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Connection to zlin42 closed by remote host.
Connection to zlin42 closed.

the normal logs don't provide any interesting details:

mit log:
  Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=80000016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0

Verbose:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/fheimes/.ssh/config
debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming"
debug1: /home/fheimes/.ssh/config line 7: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22.
debug1: Connection established.
debug1: identity file /home/fheimes/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/fheimes/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10
debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.245.208.7:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: <email address hidden>
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: <email address hidden> MAC: <implicit> compression: none
debug1: kex: client->server cipher: <email address hidden> MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk
debug1: Host '10.245.208.7' is known and matches the ECDSA host key.
debug1: Found key in /home/fheimes/.ssh/known_hosts:87
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/fheimes/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/fheimes/.ssh/id_dsa
debug1: Trying private key: /home/fheimes/.ssh/id_ecdsa
debug1: Trying private key: /home/fheimes/.ssh/id_ed25519
debug1: Next authentication method: password
ubuntu@10.245.208.7's password:
debug1: Authentication succeeded (password).
Authenticated to 10.245.208.7 ([10.245.208.7]:22).
debug1: channel 0: new [client-session]
debug1: Requesting <email address hidden>
debug1: Entering interactive session.
debug1: pledge: network
debug1: channel 0: free: client-session, nchannels 1
Connection to 10.245.208.7 closed by remote host.
Connection to 10.245.208.7 closed.
Transferred: sent 2084, received 1596 bytes, in 0.0 seconds
Bytes per second: sent 10518567.4, received 8055486.4
debug1: Exit status -1

but loglevel verbose points to this issue:
"fatal: privsep_preauth: preauth child terminated by signal 31"

syslog:
Apr 26 12:39:18 s1lp15 kernel: [12676.655977] audit: type=1326 audit(1493224758.414:99): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=12380 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=80000016 syscall=201 compat=0 ip=0x3ff850bfb32 code=0x0

authlog:
Apr 26 12:38:40 s1lp15 sshd[12323]: Connection from 10.172.194.66 port 51512 on 10.245.236.15 port 22
Apr 26 12:38:40 s1lp15 sshd[12323]: Failed publickey for ubuntu from 10.172.194.66 port 51512 ssh2: RSA SHA256:joGsdfW7NbJRkg17sRyXaegoR0iZEdDWdR9Hpbc2KIw
Apr 26 12:38:43 s1lp15 sshd[12323]: Accepted password for ubuntu from 10.172.194.66 port 51512 ssh2
Apr 26 12:38:43 s1lp15 sshd[12323]: fatal: privsep_preauth: preauth child terminated by signal 31

Apr 26 12:39:15 s1lp15 sshd[12379]: Connection from 10.172.194.66 port 51534 on 10.245.236.15 port 22
Apr 26 12:39:16 s1lp15 sshd[12379]: Failed publickey for ubuntu from 10.172.194.66 port 51534 ssh2: RSA SHA256:joGsdfW7NbJRkg17sRyXaegoR0iZEdDWdR9Hpbc2KIw
Apr 26 12:39:18 s1lp15 sshd[12379]: Accepted password for ubuntu from 10.172.194.66 port 51534 ssh2
Apr 26 12:39:18 s1lp15 sshd[12379]: fatal: privsep_preauth: preauth child terminated by signal 31

compared to a system with hw cryto disabled (means ssh working):

syslog:
Apr 26 12:42:04 s1lp15 systemd[1]: Started Session 30 of user ubuntu.

authlog:
Apr 26 12:42:01 s1lp15 sshd[12542]: Connection from 10.172.194.66 port 51658 on 10.245.236.15 port 22
Apr 26 12:42:02 s1lp15 sshd[12542]: Failed publickey for ubuntu from 10.172.194.66 port 51658 ssh2: RSA SHA256:joGsdfW7NbJRkg17sRyXaegoR0iZEdDWdR9Hpbc2KIw
Apr 26 12:42:04 s1lp15 sshd[12542]: Accepted password for ubuntu from 10.172.194.66 port 51658 ssh2
Apr 26 12:42:04 s1lp15 sshd[12542]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Apr 26 12:42:04 s1lp15 systemd-logind[1167]: New session 30 of user ubuntu.
Apr 26 12:42:09 s1lp15 sshd[12542]: User child is on pid 12605
Apr 26 12:42:09 s1lp15 sshd[12605]: Starting session: shell on pts/5 for ubuntu from 10.172.194.66 port 51658 id 0

Workaround:
in /etc/ssh/sshd_config
change:
#UsePrivilegeSeparation sandbox
to:
UsePrivilegeSeparation yes

So it's an issue with the sandbox / seccomp
that got fixed in openssh 7.5
release notes: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor."
corresponding patches/commits:
master branch https://github.com/openssh/openssh-portable
- 5f1596e11d55539678c41f68aed358628d33d86f
- 9e96b41682aed793fadbea5ccd472f862179fb02

Changed in openssh (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Dimitri John Ledkov (xnox)
milestone: none → ubuntu-17.05
Changed in ubuntu-z-systems:
status: New → Triaged
Dimitri John Ledkov (xnox) wrote :
Changed in openssh (Ubuntu Artful):
status: Triaged → Fix Released
Changed in openssh (Ubuntu Zesty):
assignee: nobody → Dimitri John Ledkov (xnox)
milestone: none → zesty-updates
status: New → Triaged
importance: Undecided → High
description: updated
Changed in openssh (Ubuntu Zesty):
status: Triaged → In Progress
Changed in ubuntu-z-systems:
status: Triaged → In Progress
bugproxy (bugproxy) on 2017-05-04
tags: added: architecture-s39064 bugnameltc-153940 severity-high targetmilestone-inin1704

Hello Frank, or anyone else affected,

Accepted openssh into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:7.4p1-10ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in openssh (Ubuntu Zesty):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Frank Heimes (frank-heimes) wrote :
Download full text (5.8 KiB)

ubuntu@zlin42:~$ sudo sh -c "echo 'deb http://ports.ubuntu.com/ubuntu-ports $(lsb_release -sc)-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list"
ubuntu@zlin42:~$ sudo apt -y update -qq
12 packages can be upgraded. Run 'apt list --upgradable' to see them.
ubuntu@zlin42:~$ apt list --upgradable
Listing... Done
linux-firmware/zesty-proposed 1.164.1 all [upgradable from: 1.164]
linux-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22]
linux-headers-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22]
linux-image-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22]
linux-libc-dev/zesty-proposed 4.10.0-21.23 s390x [upgradable from: 4.10.0-20.22]
openssh-client/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10]
openssh-server/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10]
openssh-sftp-server/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10]
snap-confine/zesty-proposed 2.25+17.04 s390x [upgradable from: 2.24.1+17.04]
snapd/zesty-proposed 2.25+17.04 s390x [upgradable from: 2.24.1+17.04]
sosreport/zesty-proposed 3.4-1~ubuntu17.04.1 s390x [upgradable from: 3.3+git50-g3c0349b-2]
unattended-upgrades/zesty-proposed 0.93.1ubuntu2.1 all [upgradable from: 0.93.1ubuntu2]
ubuntu@zlin42:~$
###
ubuntu@zlin42:~$ sudo vi /etc/ssh/sshd_config
ubuntu@zlin42:~$ sudo systemctl restart sshd
ubuntu@zlin42:~$ apt-cache policy openssh-server
openssh-server:
  Installed: 1:7.4p1-10
  Candidate: 1:7.4p1-10ubuntu0.1
  Version table:
     1:7.4p1-10ubuntu0.1 500
        500 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x Packages
 *** 1:7.4p1-10 500
        500 http://us.ports.ubuntu.com/ubuntu-ports zesty/main s390x Packages
        100 /var/lib/dpkg/status
ubuntu@zlin42:~$

me@WS:~$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Welcome to Ubuntu 17.04 (GNU/Linux 4.10.0-20-generic s390x)

 * Documentation: https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support: https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.

Last login: Fri May 5 03:22:00 2017 from 10.172.66.66
ubuntu@zlin42:~$ exit
logout
Connection to zlin42 closed.
me@WS:~$

### activate hw crypto for ssl / ibmca engine
ubuntu@zlin42:~$ sudo vi /etc/ssl/openssl.cnf
# set: openssl_conf = openssl_def

ubuntu@zlin42:~$ openssl engine
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
ubuntu@zlin42:~$

### negative test - expecting the problem to occur

me@WS:~$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Connection to zlin42 closed by remote host.
Connection to zlin42 closed.
me@WS:~$

ubuntu@zlin42:~$ sudo apt install openssh-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  openssh-client openssh-sftp-server
Suggested packages:
  keychain libpam-ssh monkeysphere ssh-askpass molly-guard rssh
The following packages will be upgraded:
  openssh-client openssh-server openssh-sftp-server
3 upgraded, 0 newly installed, 0 t...

Read more...

tags: added: verification-failed
removed: verification-needed
Dimitri John Ledkov (xnox) wrote :

This does not appear to work with 7.5 either

Changed in openssh (Ubuntu Artful):
status: Fix Released → Triaged
Dimitri John Ledkov (xnox) wrote :

May 05 10:45:13 s1lp15 sshd[138567]: debug3: send packet: type 52 [preauth]
May 05 10:45:13 s1lp15 sshd[138567]: debug1: Enabling compression at level 6. [preauth]
May 05 10:45:13 s1lp15 sshd[138567]: debug3: mm_request_send entering: type 26 [preauth]
May 05 10:45:13 s1lp15 sshd[138567]: debug3: mm_send_keystate: Finished sending state [preauth]
May 05 10:45:13 s1lp15 sshd[138567]: fatal: ssh_sandbox_violation: unexpected system call (arch:0x80000016,syscall:201 @ 0x3ffb853fb32) [preauth]
May 05 10:45:13 s1lp15 sshd[138567]: debug1: monitor_read_log: child log fd closed
May 05 10:45:13 s1lp15 sshd[138567]: fatal: privsep_preauth: preauth child exited with status 1
May 05 10:45:13 s1lp15 sshd[138567]: debug1: do_cleanup
May 05 10:45:13 s1lp15 sshd[138567]: debug3: PAM: sshpam_thread_cleanup entering

Dimitri John Ledkov (xnox) wrote :

May 05 10:45:13 s1lp15 sshd[138567]: fatal: ssh_sandbox_violation: unexpected system call (arch:0x80000016,syscall:201 @ 0x3ffb853fb32) [preauth]

Syscall 201 is
{ "geteuid", 201 },
from seccomp sources.

It seems like more syscalls are used, when encryption enabled, at least on Ubuntu, when hardware accelerated crypto is enabled.

------- Comment From <email address hidden> 2017-05-08 10:17 EDT-------
I can reproduce it:
The geteuid() which is blocked by seccomp is part of the libica initialization.
It is not related to any crypto operation - just the pure init of the libica shared
library fails, because libica is calling geteuid().
I'll try to provide a fix...

regards H.Freudenberger

------- Comment on attachment From <email address hidden> 2017-05-09 05:35 EDT-------

Here is a patch which enables the geteuid syscall in sshd sandbox on s390.

Background: during initialization of the libica shared lib a system call to find the real user id is invoced. So when the by openssh required library chain comes into live (openssl - ibmca engine - libica) and it looks like the ibmca engine initialzation and so the libica initialization is now triggered somewhere later during running in the seccomp environment, this call was filtered out with signal 31 caused the authentification process to fail.

Fixed by allowing the geteuid syscall within openssh's seccomp sandbox only for the s390 platform.

Please note, this fix is on top of 3 other patches required:

0001-Fix-weakness-in-seccomp-bpf-sandbox-arg-inspection.patch
0002-support-ioctls-for-ICA-crypto-card-on-Linux-s390.patch
0003-Missing-header-on-Linux-s390.patch

Please note also that the upstream patch will be different to this one as there has been some rework on the seccomp macros. I'll send the upstream patch to Eduardo dos Santos Barretto for contributing to openssh.

regards H.Freudenberger

Dimitri John Ledkov (xnox) wrote :

Excellent.

We need patch for 7.5p as well, because that is the release in artful, current development series. If you could forward that one as well to us, that would be great.

Regards,

Dimitri.

------- Comment on attachment From <email address hidden> 2017-05-10 02:38 EDT-------

Here is the upstream patch I've sent to Eduardo for further distribution to the openssh community.

------- Comment From <email address hidden> 2017-05-11 09:08 EDT-------
On May 09th, some patches were sent to the OpenSSH community, including the fix for geteuid.
We are now waiting for some feedback and code review.
As soon as we get a reply I'll be including it here.

Changed in openssh (Ubuntu Artful):
status: Triaged → Fix Committed
Changed in openssh (Ubuntu Zesty):
status: Fix Committed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:7.5p1-3ubuntu1

---------------
openssh (1:7.5p1-3ubuntu1) artful; urgency=medium

  * On s390x, allow geteuid syscall in the sandbox, to allow openssh
    connections to work when hw accelerated cryptography is enabled. This
    patch is to be replaced by the one accepted upstream, when
    reviewed. LP: #1686618

 -- Dimitri John Ledkov <email address hidden> Mon, 22 May 2017 13:13:59 +0100

Changed in openssh (Ubuntu Artful):
status: Fix Committed → Fix Released

As part of a recent change in the Stable Release Update verification policy we would like to inform that for a bug to be considered verified for a given release a verification-done-$RELEASE tag needs to be added to the bug where $RELEASE is the name of the series the package that was tested (e.g. verification-done-xenial). Please note that the global 'verification-done' tag can no longer be used for this purpose.

Thank you!

------- Comment From <email address hidden> 2017-07-20 10:30 EDT-------
*** Bug 156865 has been marked as a duplicate of this bug. ***

Changed in openssh (Ubuntu Artful):
status: Fix Released → Triaged
importance: High → Critical
Changed in openssh (Ubuntu Zesty):
status: In Progress → Confirmed
importance: High → Critical
Changed in ubuntu-z-systems:
status: Fix Committed → Triaged
importance: High → Critical
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2017-07-28 08:57 EDT-------
It is being more than two months waiting for some feedback from the OpenSSH community about the patches sent (https://www.spinics.net/lists/openssh-unix-dev/msg04133.html). They don't seem to be reviewing any patches sent to the mailing list yet.

As we can no longer keep waiting on them we are wondering if the three patches can be included in the openssh package distributed with Ubuntu.

The URL sent above also describes each package and why we need them. One of the patches will solve this ticket and the other two patches will allow us to progress on the ibmpkcs11 project development and release it.

If you need more information just let me know.

Thanks,
Eduardo

Dimitri John Ledkov (xnox) wrote :

I am preparing a test build of openssh as part of merging changes from Debian, with the updated patchset that opens up more syscalls. This will land in artful shortly - but currently artful is very busy with many migration thus it may take some time before the package migrates from proposed into the released pocket. This should be done for artful by end of next week the latest. After that I will prepare an updated SRU into zesty that previously failed verification with all the cherrypicks from 7.5 and the updated not-yet-merged patchset for all the extra syscalls. So zesty will get these fixes later in August.

Changed in openssh (Ubuntu Artful):
status: Triaged → Fix Committed
Changed in ubuntu-z-systems:
status: Triaged → In Progress

------- Comment on attachment From <email address hidden> 2017-05-10 02:38 EDT-------

Here is the upstream patch I've sent to Eduardo for further distribution to the openssh community.

Colin Watson (cjwatson) wrote :

If the patch isn't getting any review on the upstream mailing list, then please open a bug on https://bugzilla.mindrot.org/ so that it doesn't fall through the cracks permanently.

------- Comment From <email address hidden> 2017-07-28 16:01 EDT-------
(In reply to comment #23)
> If the patch isn't getting any review on the upstream mailing list, then
> please open a bug on https://bugzilla.mindrot.org/ so that it doesn't fall
> through the cracks permanently.

Done:
https://bugzilla.mindrot.org/show_bug.cgi?id=2752

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:7.5p1-5ubuntu1

---------------
openssh (1:7.5p1-5ubuntu1) artful; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Cherrypick updated patchset to open up sandbox, when openssl engine calls
    into OpenCryptoki for hardware accelerated encryption. LP: #1686618

openssh (1:7.5p1-5) unstable; urgency=medium

  * Upload to unstable.
  * Fix syntax error in debian/copyright.

openssh (1:7.5p1-4) experimental; urgency=medium

  * Drop README.Debian section on privilege separation, as it's no longer
    optional.
  * Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
    (LP: #1689299).
  * Fix incoming compression statistics (thanks, Russell Coker; closes:
    #797964).
  * Relicense debian/* under a two-clause BSD licence for bidirectional
    compatibility with upstream, with permission from Matthew Vernon and
    others.

 -- Dimitri John Ledkov <email address hidden> Fri, 28 Jul 2017 14:13:11 +0100

Changed in openssh (Ubuntu Artful):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.