2 * Copyright information at end of file.
5 #include <security/_pam_macros.h>
6 #include <security/pam_modules.h>
10 #include <sys/types.h>
28 #include "passverify.h"
31 #include <selinux/selinux.h>
32 #define SELINUX_ENABLED is_selinux_enabled()>0
34 #define SELINUX_ENABLED 0
38 #define pam_modutil_getpwnam(h,n) getpwnam(n)
39 #define pam_modutil_getspnam(h,n) getspnam(n)
40 #define pam_syslog(h,a,b,c) helper_log_err(a,b,c)
42 #include <security/pam_modutil.h>
43 #include <security/pam_ext.h>
46 #if defined(USE_LCKPWDF) && !defined(HAVE_LCKPWDF)
47 # include "./lckpwdf.-c"
51 strip_hpux_aging(char *hash)
53 static const char valid[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
54 "abcdefghijklmnopqrstuvwxyz"
56 if ((*hash != '$') && (strlen(hash) > 13)) {
57 for (hash += 13; *hash != '\0'; hash++) {
58 if (strchr(valid, *hash) == NULL) {
67 verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
74 strip_hpux_aging(hash);
75 hash_len = strlen(hash);
77 /* the stored password is NULL */
78 if (nullok) { /* this means we've succeeded */
79 D(("user has empty password - access granted"));
82 D(("user has empty password - access denied"));
83 retval = PAM_AUTH_ERR;
85 } else if (!p || *hash == '*' || *hash == '!') {
86 retval = PAM_AUTH_ERR;
88 if (!strncmp(hash, "$1$", 3)) {
89 pp = Goodcrypt_md5(p, hash);
90 if (pp && strcmp(pp, hash) != 0) {
92 pp = Brokencrypt_md5(p, hash);
94 } else if (*hash != '$' && hash_len >= 13) {
95 pp = bigcrypt(p, hash);
96 if (pp && hash_len == 13 && strlen(pp) > hash_len) {
97 _pam_overwrite(pp + hash_len);
101 * Ok, we don't know the crypt algorithm, but maybe
102 * libcrypt knows about it? We should try it.
105 struct crypt_data *cdata;
106 cdata = malloc(sizeof(*cdata));
108 cdata->initialized = 0;
109 pp = x_strdup(crypt_r(p, hash, cdata));
110 memset(cdata, '\0', sizeof(*cdata));
114 pp = x_strdup(crypt(p, hash));
117 p = NULL; /* no longer needed here */
119 /* the moment of truth -- do we agree with the password? */
120 D(("comparing state of pp[%s] and hash[%s]", pp, hash));
122 if (pp && strcmp(pp, hash) == 0) {
123 retval = PAM_SUCCESS;
125 retval = PAM_AUTH_ERR;
131 D(("done [%d].", retval));
137 is_pwd_shadowed(const struct passwd *pwd)
140 if (strcmp(pwd->pw_passwd, "x") == 0) {
143 if ((pwd->pw_passwd[0] == '#') &&
144 (pwd->pw_passwd[1] == '#') &&
145 (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)) {
152 #ifdef HELPER_COMPILE
154 get_account_info(const char *name,
155 struct passwd **pwd, struct spwd **spwdent)
158 get_account_info(pam_handle_t *pamh, const char *name,
159 struct passwd **pwd, struct spwd **spwdent)
162 /* UNIX passwords area */
163 *pwd = pam_modutil_getpwnam(pamh, name); /* Get password file entry... */
167 if (strcmp((*pwd)->pw_passwd, "*NP*") == 0)
169 #ifdef HELPER_COMPILE
170 uid_t save_euid, save_uid;
172 save_euid = geteuid();
174 if (save_uid == (*pwd)->pw_uid)
175 setreuid(save_euid, save_uid);
178 if (setreuid(-1, (*pwd)->pw_uid) == -1) {
181 if(setreuid(-1, (*pwd)->pw_uid) == -1)
182 return PAM_CRED_INSUFFICIENT;
186 *spwdent = pam_modutil_getspnam(pamh, name);
187 if (save_uid == (*pwd)->pw_uid)
188 setreuid(save_uid, save_euid);
191 setreuid(save_uid, -1);
192 setreuid(-1, save_euid);
195 if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
196 return PAM_AUTHINFO_UNAVAIL;
198 /* we must run helper for NIS+ passwords */
199 return PAM_UNIX_RUN_HELPER;
201 } else if (is_pwd_shadowed(*pwd)) {
203 * ...and shadow password file entry for this user,
204 * if shadowing is enabled
206 #ifndef HELPER_COMPILE
207 if (geteuid() || SELINUX_ENABLED)
208 return PAM_UNIX_RUN_HELPER;
210 *spwdent = pam_modutil_getspnam(pamh, name);
211 if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
212 return PAM_AUTHINFO_UNAVAIL;
215 return PAM_USER_UNKNOWN;
220 #ifdef HELPER_COMPILE
222 get_pwd_hash(const char *name,
223 struct passwd **pwd, char **hash)
226 get_pwd_hash(pam_handle_t *pamh, const char *name,
227 struct passwd **pwd, char **hash)
231 struct spwd *spwdent = NULL;
233 #ifdef HELPER_COMPILE
234 retval = get_account_info(name, pwd, &spwdent);
236 retval = get_account_info(pamh, name, pwd, &spwdent);
238 if (retval != PAM_SUCCESS) {
243 *hash = x_strdup(spwdent->sp_pwdp);
245 *hash = x_strdup((*pwd)->pw_passwd);
252 #ifdef HELPER_COMPILE
254 check_shadow_expiry(struct spwd *spent, int *daysleft)
257 check_shadow_expiry(pam_handle_t *pamh, struct spwd *spent, int *daysleft)
262 curdays = (long int)(time(NULL) / (60 * 60 * 24));
263 D(("today is %d, last change %d", curdays, spent->sp_lstchg));
264 if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) {
265 D(("account expired"));
266 return PAM_ACCT_EXPIRED;
268 if (spent->sp_lstchg == 0) {
269 D(("need a new password"));
271 return PAM_NEW_AUTHTOK_REQD;
273 if (curdays < spent->sp_lstchg) {
274 pam_syslog(pamh, LOG_DEBUG,
275 "account %s has password changed in future",
279 if ((curdays - spent->sp_lstchg > spent->sp_max)
280 && (curdays - spent->sp_lstchg > spent->sp_inact)
281 && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact)
282 && (spent->sp_max != -1) && (spent->sp_inact != -1)) {
283 *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays);
284 D(("authtok expired"));
285 return PAM_AUTHTOK_EXPIRED;
287 if ((curdays - spent->sp_lstchg > spent->sp_max) && (spent->sp_max != -1)) {
288 D(("need a new password 2"));
289 return PAM_NEW_AUTHTOK_REQD;
291 if ((curdays - spent->sp_lstchg > spent->sp_max - spent->sp_warn)
292 && (spent->sp_max != -1) && (spent->sp_warn != -1)) {
293 *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays);
294 D(("warn before expiry"));
300 /* passwd/salt conversion macros */
302 #define PW_TMPFILE "/etc/npasswd"
303 #define SH_TMPFILE "/etc/nshadow"
304 #define OPW_TMPFILE "/etc/security/nopasswd"
307 * i64c - convert an integer to a radix 64 character
320 if (i >= 2 && i <= 11)
321 return ('0' - 2 + i);
322 if (i >= 12 && i <= 37)
323 return ('A' - 12 + i);
324 if (i >= 38 && i <= 63)
325 return ('a' - 38 + i);
329 /* <where> must point to a buffer of at least <length>+1 length */
331 crypt_make_salt(char *where, int length)
335 unsigned char tmp[16];
336 unsigned char *src = (unsigned char *)where;
338 #ifdef PAM_PATH_RANDOMDEV
342 if ((rv = fd = open(PAM_PATH_RANDOMDEV, O_RDONLY)) != -1) {
343 while ((rv = read(fd, where, length)) != length && errno == EINTR);
349 * Code lifted from Marek Michalkiewicz's shadow suite. (CG)
350 * removed use of static variables (AGM)
352 * will work correctly only for length <= 16 */
355 gettimeofday(&tv, (struct timezone *) 0);
356 GoodMD5Update(&ctx, (void *) &tv, sizeof tv);
358 GoodMD5Update(&ctx, (void *) &i, sizeof i);
360 GoodMD5Update(&ctx, (void *) &i, sizeof i);
361 GoodMD5Update(&ctx, src, length);
362 GoodMD5Final(tmp, &ctx);
363 #ifdef PAM_PATH_RANDOMDEV
366 for (i = 0; i < length; i++)
367 *where++ = i64c(src[i] & 077);
372 crypt_md5_wrapper(const char *pass_new)
374 unsigned char result[16];
375 char *cp = (char *) result;
377 cp = stpcpy(cp, "$1$"); /* magic for the MD5 */
378 crypt_make_salt(cp, 8);
380 /* no longer need cleartext */
381 cp = Goodcrypt_md5(pass_new, (const char *) result);
388 create_password_hash(const char *password, unsigned int ctrl, int rounds)
391 char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */
394 if (on(UNIX_MD5_PASS, ctrl)) {
395 return crypt_md5_wrapper(password);
397 if (on(UNIX_SHA256_PASS, ctrl)) {
399 } else if (on(UNIX_SHA512_PASS, ctrl)) {
401 } else { /* must be crypt/bigcrypt */
405 crypt_make_salt(salt, 2);
406 if (off(UNIX_BIGCRYPT, ctrl) && strlen(password) > 8) {
407 strncpy(tmppass, password, sizeof(tmppass)-1);
408 tmppass[sizeof(tmppass)-1] = '\0';
411 crypted = bigcrypt(password, salt);
412 memset(tmppass, '\0', sizeof(tmppass));
417 sp = stpcpy(salt, algoid);
418 if (on(UNIX_ALGO_ROUNDS, ctrl)) {
419 sp += snprintf(sp, sizeof(salt) - 3, "rounds=%u$", rounds);
421 crypt_make_salt(sp, 8);
422 /* For now be conservative so the resulting hashes
423 * are not too long. 8 bytes of salt prevents dictionary
424 * attacks well enough. */
425 sp = crypt(password, salt);
426 if (strncmp(algoid, sp, strlen(algoid)) != 0) {
427 /* libc doesn't know the algorithm, use MD5 */
428 memset(sp, '\0', strlen(sp));
429 return crypt_md5_wrapper(password);
437 unix_selinux_confined(void)
439 static int confined = -1;
441 char tempfile[]="/etc/.pwdXXXXXX";
446 /* cannot be confined without SELinux enabled */
447 if (!SELINUX_ENABLED){
452 /* let's try opening shadow read only */
453 if ((fd=open("/etc/shadow", O_RDONLY)) != -1) {
459 if (errno == EACCES) {
464 /* shadow opening failed because of other reasons let's try
465 creating a file in /etc */
466 if ((fd=mkstemp(tempfile)) != -1) {
479 unix_selinux_confined(void)
492 #ifndef HELPER_COMPILE
493 if (unix_selinux_confined()) {
497 /* These values for the number of attempts and the sleep time
498 are, of course, completely arbitrary.
499 My reading of the PAM docs is that, once pam_chauthtok() has been
500 called with PAM_UPDATE_AUTHTOK, we are obliged to take any
501 reasonable steps to make sure the token is updated; so retrying
502 for 1/10 sec. isn't overdoing it. */
504 while((retval = lckpwdf()) != 0 && i < 100) {
509 return PAM_AUTHTOK_LOCK_BUSY;
517 #ifndef HELPER_COMPILE
518 if (unix_selinux_confined()) {
539 save_old_password(const char *forwho, const char *oldpass,
542 static char buf[16384];
543 static char nbuf[16384];
544 char *s_luser, *s_uid, *s_npas, *s_pas, *pass;
546 FILE *pwfile, *opwfile;
550 struct passwd *pwd = NULL;
553 security_context_t prev_context=NULL;
560 if (oldpass == NULL) {
564 oldmask = umask(077);
567 if (SELINUX_ENABLED) {
568 security_context_t passwd_context=NULL;
569 if (getfilecon("/etc/passwd",&passwd_context)<0) {
570 return PAM_AUTHTOK_ERR;
572 if (getfscreatecon(&prev_context)<0) {
573 freecon(passwd_context);
574 return PAM_AUTHTOK_ERR;
576 if (setfscreatecon(passwd_context)) {
577 freecon(passwd_context);
578 freecon(prev_context);
579 return PAM_AUTHTOK_ERR;
581 freecon(passwd_context);
584 pwfile = fopen(OPW_TMPFILE, "w");
586 if (pwfile == NULL) {
591 opwfile = fopen(OLD_PASSWORDS_FILE, "r");
592 if (opwfile == NULL) {
598 if (fstat(fileno(opwfile), &st) == -1) {
605 if (fchown(fileno(pwfile), st.st_uid, st.st_gid) == -1) {
611 if (fchmod(fileno(pwfile), st.st_mode) == -1) {
618 while (fgets(buf, 16380, opwfile)) {
619 if (!strncmp(buf, forwho, strlen(forwho))) {
624 buf[strlen(buf) - 1] = '\0';
625 s_luser = strtok_r(buf, ":", &sptr);
626 s_uid = strtok_r(NULL, ":", &sptr);
627 s_npas = strtok_r(NULL, ":", &sptr);
628 s_pas = strtok_r(NULL, ":", &sptr);
629 npas = strtol(s_npas, NULL, 10) + 1;
630 while (npas > howmany) {
631 s_pas = strpbrk(s_pas, ",");
636 pass = crypt_md5_wrapper(oldpass);
638 snprintf(nbuf, sizeof(nbuf), "%s:%s:%d:%s\n",
639 s_luser, s_uid, npas, pass);
641 snprintf(nbuf, sizeof(nbuf),"%s:%s:%d:%s,%s\n",
642 s_luser, s_uid, npas, s_pas, pass);
644 if (fputs(nbuf, pwfile) < 0) {
648 } else if (fputs(buf, pwfile) < 0) {
656 pwd = getpwnam(forwho);
660 pass = crypt_md5_wrapper(oldpass);
661 snprintf(nbuf, sizeof(nbuf), "%s:%lu:1:%s\n",
662 forwho, (unsigned long)pwd->pw_uid, pass);
664 if (fputs(nbuf, pwfile) < 0) {
670 if (fclose(pwfile)) {
671 D(("error writing entries to old passwords file: %m"));
677 if (rename(OPW_TMPFILE, OLD_PASSWORDS_FILE))
681 if (SELINUX_ENABLED) {
682 if (setfscreatecon(prev_context)) {
686 freecon(prev_context);
694 return PAM_AUTHTOK_ERR;
698 #ifdef HELPER_COMPILE
700 unix_update_passwd(const char *forwho, const char *towhat)
703 unix_update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat)
706 struct passwd *tmpent = NULL;
708 FILE *pwfile, *opwfile;
712 security_context_t prev_context=NULL;
715 oldmask = umask(077);
717 if (SELINUX_ENABLED) {
718 security_context_t passwd_context=NULL;
719 if (getfilecon("/etc/passwd",&passwd_context)<0) {
720 return PAM_AUTHTOK_ERR;
722 if (getfscreatecon(&prev_context)<0) {
723 freecon(passwd_context);
724 return PAM_AUTHTOK_ERR;
726 if (setfscreatecon(passwd_context)) {
727 freecon(passwd_context);
728 freecon(prev_context);
729 return PAM_AUTHTOK_ERR;
731 freecon(passwd_context);
734 pwfile = fopen(PW_TMPFILE, "w");
736 if (pwfile == NULL) {
741 opwfile = fopen("/etc/passwd", "r");
742 if (opwfile == NULL) {
748 if (fstat(fileno(opwfile), &st) == -1) {
755 if (fchown(fileno(pwfile), st.st_uid, st.st_gid) == -1) {
761 if (fchmod(fileno(pwfile), st.st_mode) == -1) {
768 tmpent = fgetpwent(opwfile);
770 if (!strcmp(tmpent->pw_name, forwho)) {
773 const char *const_charp;
776 assigned_passwd.const_charp = towhat;
778 tmpent->pw_passwd = assigned_passwd.charp;
781 if (putpwent(tmpent, pwfile)) {
782 D(("error writing entry to password file: %m"));
786 tmpent = fgetpwent(opwfile);
790 if (fclose(pwfile)) {
791 D(("error writing entries to password file: %m"));
797 if (!rename(PW_TMPFILE, "/etc/passwd"))
798 #ifdef HELPER_COMPILE
803 LOG_NOTICE, "password changed for %s", forwho);
808 if (SELINUX_ENABLED) {
809 if (setfscreatecon(prev_context)) {
813 freecon(prev_context);
821 return PAM_AUTHTOK_ERR;
825 #ifdef HELPER_COMPILE
827 unix_update_shadow(const char *forwho, char *towhat)
830 unix_update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat)
833 struct spwd *spwdent = NULL, *stmpent = NULL;
835 FILE *pwfile, *opwfile;
839 security_context_t prev_context=NULL;
842 spwdent = getspnam(forwho);
843 if (spwdent == NULL) {
844 return PAM_USER_UNKNOWN;
846 oldmask = umask(077);
849 if (SELINUX_ENABLED) {
850 security_context_t shadow_context=NULL;
851 if (getfilecon("/etc/shadow",&shadow_context)<0) {
852 return PAM_AUTHTOK_ERR;
854 if (getfscreatecon(&prev_context)<0) {
855 freecon(shadow_context);
856 return PAM_AUTHTOK_ERR;
858 if (setfscreatecon(shadow_context)) {
859 freecon(shadow_context);
860 freecon(prev_context);
861 return PAM_AUTHTOK_ERR;
863 freecon(shadow_context);
866 pwfile = fopen(SH_TMPFILE, "w");
868 if (pwfile == NULL) {
873 opwfile = fopen("/etc/shadow", "r");
874 if (opwfile == NULL) {
880 if (fstat(fileno(opwfile), &st) == -1) {
887 if (fchown(fileno(pwfile), st.st_uid, st.st_gid) == -1) {
893 if (fchmod(fileno(pwfile), st.st_mode) == -1) {
900 stmpent = fgetspent(opwfile);
903 if (!strcmp(stmpent->sp_namp, forwho)) {
904 stmpent->sp_pwdp = towhat;
905 stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24);
907 D(("Set password %s for %s", stmpent->sp_pwdp, forwho));
910 if (putspent(stmpent, pwfile)) {
911 D(("error writing entry to shadow file: %m"));
916 stmpent = fgetspent(opwfile);
920 if (fclose(pwfile)) {
921 D(("error writing entries to shadow file: %m"));
927 if (!rename(SH_TMPFILE, "/etc/shadow"))
928 #ifdef HELPER_COMPILE
933 LOG_NOTICE, "password changed for %s", forwho);
939 if (SELINUX_ENABLED) {
940 if (setfscreatecon(prev_context)) {
944 freecon(prev_context);
953 return PAM_AUTHTOK_ERR;
957 #ifdef HELPER_COMPILE
960 helper_verify_password(const char *name, const char *p, int nullok)
962 struct passwd *pwd = NULL;
966 retval = get_pwd_hash(name, &pwd, &salt);
968 if (pwd == NULL || salt == NULL) {
969 helper_log_err(LOG_WARNING, "check pass; user unknown");
970 retval = PAM_USER_UNKNOWN;
972 retval = verify_pwd_hash(p, salt, nullok);
976 _pam_overwrite(salt);
980 p = NULL; /* no longer needed here */
986 helper_log_err(int err, const char *format, ...)
990 va_start(args, format);
991 openlog(HELPER_COMPILE, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
992 vsyslog(err, format, args);
998 su_sighandler(int sig)
1000 #ifndef SA_RESETHAND
1001 /* emulate the behaviour of the SA_RESETHAND flag */
1002 if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV )
1003 signal(sig, SIG_DFL);
1013 struct sigaction action; /* posix signal structure */
1016 * Setup signal handlers
1018 (void) memset((void *) &action, 0, sizeof(action));
1019 action.sa_handler = su_sighandler;
1021 action.sa_flags = SA_RESETHAND;
1023 (void) sigaction(SIGILL, &action, NULL);
1024 (void) sigaction(SIGTRAP, &action, NULL);
1025 (void) sigaction(SIGBUS, &action, NULL);
1026 (void) sigaction(SIGSEGV, &action, NULL);
1027 action.sa_handler = SIG_IGN;
1028 action.sa_flags = 0;
1029 (void) sigaction(SIGTERM, &action, NULL);
1030 (void) sigaction(SIGHUP, &action, NULL);
1031 (void) sigaction(SIGINT, &action, NULL);
1032 (void) sigaction(SIGQUIT, &action, NULL);
1036 getuidname(uid_t uid)
1039 static char username[256];
1045 strncpy(username, pw->pw_name, sizeof(username));
1046 username[sizeof(username) - 1] = '\0';
1052 read_passwords(int fd, int npass, char **passwords)
1059 rbytes = read(fd, passwords[i]+offset, MAXPASS-offset);
1062 if (errno == EINTR) continue;
1068 while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes))
1070 rbytes -= pptr - (passwords[i]+offset) + 1;
1076 memcpy(passwords[i], pptr+1, rbytes);
1077 memset(pptr+1, '\0', rbytes);
1084 if (offset > 0 && npass > 0) {
1085 memset(passwords[i], '\0', offset);
1092 /* ****************************************************************** *
1093 * Copyright (c) Jan Rêkorajski 1999.
1094 * Copyright (c) Andrew G. Morgan 1996-8.
1095 * Copyright (c) Alex O. Yuriev, 1996.
1096 * Copyright (c) Cristian Gafton 1996.
1097 * Copyright (c) Red Hat, Inc. 1996, 2007, 2008.
1099 * Redistribution and use in source and binary forms, with or without
1100 * modification, are permitted provided that the following conditions
1102 * 1. Redistributions of source code must retain the above copyright
1103 * notice, and the entire permission notice in its entirety,
1104 * including the disclaimer of warranties.
1105 * 2. Redistributions in binary form must reproduce the above copyright
1106 * notice, this list of conditions and the following disclaimer in the
1107 * documentation and/or other materials provided with the distribution.
1108 * 3. The name of the author may not be used to endorse or promote
1109 * products derived from this software without specific prior
1110 * written permission.
1112 * ALTERNATIVELY, this product may be distributed under the terms of
1113 * the GNU Public License, in which case the provisions of the GPL are
1114 * required INSTEAD OF the above restrictions. (This clause is
1115 * necessary due to a potential bad interaction between the GPL and
1116 * the restrictions contained in a BSD-style copyright.)
1118 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
1119 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1120 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1121 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
1122 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1123 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1124 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1125 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1126 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1127 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1128 * OF THE POSSIBILITY OF SUCH DAMAGE.