Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / rsbac / adf / sim

sim_main.c

Go to the documentation of this file.
00001 /**************************************************** */
00002 /* Rule Set Based Access Control                      */
00003 /* Implementation of the Access Control Decision      */
00004 /* Facility (ADF) - Security Information Modification */
00005 /* File: rsbac/adf/sim/main.c                         */
00006 /*                                                    */
00007 /* Author and (c) 1999-2005: Amon Ott <ao@rsbac.org>  */
00008 /*                                                    */
00009 /* Last modified: 09/Feb/2005                         */
00010 /**************************************************** */
00011 
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 #include <rsbac/network.h>
00020 
00021 /************************************************* */
00022 /*           Global Variables                      */
00023 /************************************************* */
00024 
00025 /************************************************* */
00026 /*          Internal Help functions                */
00027 /************************************************* */
00028 
00029 static enum rsbac_adf_req_ret_t
00030          check_role_sim(  enum  rsbac_target_t          target,
00031                           union rsbac_target_id_t       tid,
00032                                 rsbac_uid_t             owner)
00033   {
00034     union rsbac_target_id_t       i_tid;
00035     union rsbac_attribute_value_t i_attr_val1;
00036     union rsbac_attribute_value_t i_attr_val2;
00037     rsbac_boolean_t inherit;
00038 
00039     /* test target's data_type */
00040     switch(target)
00041       {
00042         case T_FILE:
00043         case T_DIR:
00044         case T_FIFO:
00045         case T_SYMLINK:
00046         case T_NETOBJ:
00047           inherit = TRUE;
00048           break;
00049         default:
00050           inherit = FALSE;
00051       }
00052     if (rsbac_get_attr(SIM,
00053                        target,
00054                        tid,
00055                        A_data_type,
00056                        &i_attr_val1,
00057                        inherit))
00058       {
00059         rsbac_ds_get_error("check_role_sim()", A_data_type);
00060         return(NOT_GRANTED);
00061       }
00062     /* Access to other data_types than SI is always granted */
00063     if (i_attr_val1.data_type != DT_SI)
00064       return(GRANTED);
00065 
00066     /* test owner's sim_role */
00067     i_tid.user = owner;
00068     if (rsbac_get_attr(SIM,
00069                        T_USER,
00070                        i_tid,
00071                        A_sim_role,
00072                        &i_attr_val2,
00073                        TRUE))
00074       {
00075         rsbac_ds_get_error("check_role_sim()", A_sim_role);
00076         return(NOT_GRANTED);
00077       }
00078       
00079     /* Access is granted, if owner's sim_role is security_officer */
00080 
00081     if (i_attr_val2.system_role == SR_security_officer)
00082       return(GRANTED);
00083     else
00084       return(NOT_GRANTED);
00085   }
00086 
00087 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT
00088 static enum rsbac_adf_req_ret_t
00089          check_role_sim_netobj(enum  rsbac_adf_request_t     request,
00090                                union rsbac_target_id_t       tid,
00091                                      rsbac_uid_t             owner)
00092   {
00093     union rsbac_target_id_t       i_tid;
00094     enum  rsbac_attribute_t       i_attr;
00095     union rsbac_attribute_value_t i_attr_val1;
00096     union rsbac_attribute_value_t i_attr_val2;
00097 
00098     if(rsbac_net_remote_request(request))
00099       i_attr = A_remote_data_type;
00100     else
00101       i_attr = A_local_data_type;
00102     /* test target's data_type */
00103     if (rsbac_get_attr(SIM,
00104                        T_NETOBJ,
00105                        tid,
00106                        i_attr,
00107                        &i_attr_val1,
00108                        TRUE))
00109       {
00110         rsbac_ds_get_error("check_role_sim_netobj()", i_attr);
00111         return(NOT_GRANTED);
00112       }
00113     /* Access to other data_types than SI is always granted */
00114     if (i_attr_val1.data_type != DT_SI)
00115       return(GRANTED);
00116 
00117     /* test owner's sim_role */
00118     i_tid.user = owner;
00119     if (rsbac_get_attr(SIM,
00120                        T_USER,
00121                        i_tid,
00122                        A_sim_role,
00123                        &i_attr_val2,
00124                        TRUE))
00125       {
00126         rsbac_ds_get_error("check_role_sim_netobj()", A_sim_role);
00127         return(NOT_GRANTED);
00128       }
00129       
00130     /* Access is granted, if owner's sim_role is security_officer */
00131 
00132     if (i_attr_val2.system_role == SR_security_officer)
00133       return(GRANTED);
00134     else
00135       return(NOT_GRANTED);
00136   }
00137 #endif
00138 
00139 static enum rsbac_adf_req_ret_t
00140   sim_check_sysrole(rsbac_uid_t owner, enum rsbac_system_role_t role)
00141   {
00142     union rsbac_target_id_t i_tid;
00143     union rsbac_attribute_value_t i_attr_val1;
00144 
00145     i_tid.user = owner;
00146     if (rsbac_get_attr(SIM,
00147                        T_USER,
00148                        i_tid,
00149                        A_sim_role,
00150                        &i_attr_val1,
00151                        TRUE))
00152       {
00153         rsbac_ds_get_error("sim_check_sysrole()", A_sim_role);
00154         return(NOT_GRANTED);
00155       }
00156     /* if correct role, then grant */
00157     if (i_attr_val1.system_role == role)
00158       return(GRANTED);
00159     else
00160       return(NOT_GRANTED);
00161   }
00162 
00163 /************************************************* */
00164 /*          Externally visible functions           */
00165 /************************************************* */
00166 
00167 enum rsbac_adf_req_ret_t
00168    rsbac_adf_request_sim (enum  rsbac_adf_request_t     request,
00169                                 rsbac_pid_t             caller_pid,
00170                           enum  rsbac_target_t          target,
00171                           union rsbac_target_id_t       tid,
00172                           enum  rsbac_attribute_t       attr,
00173                           union rsbac_attribute_value_t attr_val,
00174                                 rsbac_uid_t             owner)
00175   {
00176     enum  rsbac_adf_req_ret_t result = DO_NOT_CARE;
00177     union rsbac_target_id_t       i_tid;
00178     union rsbac_attribute_value_t i_attr_val1;
00179 #ifdef CONFIG_RSBAC_SIM_ROLE_PROT
00180     union rsbac_attribute_value_t i_attr_val2;
00181 #endif
00182 
00183     switch (request)
00184       {
00185         case R_ADD_TO_KERNEL:
00186             switch(target)
00187               {
00188                 case T_NONE:
00189                   return(DO_NOT_CARE);
00190 
00191                 /* all other cases are unknown */
00192                 default:
00193                   return(DO_NOT_CARE);
00194               }
00195 
00196 
00197         case R_ALTER:
00198             /* only for IPC */
00199             switch(target)
00200               {
00201                 case T_IPC:
00202                   return(check_role_sim(target,tid,owner));
00203 
00204                 /* all other cases are unknown */
00205                 default: return(DO_NOT_CARE);
00206              }
00207 
00208         case R_APPEND_OPEN:
00209         case R_READ_WRITE_OPEN:
00210             switch(target)
00211               {
00212                 case T_FILE:
00213                 case T_FIFO:
00214                 case T_DEV:
00215                 case T_IPC:
00216                   return(check_role_sim(target,tid,owner));
00217 
00218                 /* all other cases are unknown */
00219                 default: return(DO_NOT_CARE);
00220               }
00221 
00222         case R_CHANGE_GROUP:
00223             switch(target)
00224               {
00225                 case T_FILE:
00226                 case T_DIR:
00227                 case T_FIFO:
00228                 case T_SYMLINK:
00229                 case T_IPC:
00230                   return(check_role_sim(target,tid,owner));
00231 
00232                 /* all other cases */
00233                 default: return(DO_NOT_CARE);
00234               }
00235 
00236         case R_CHANGE_OWNER:
00237             switch(target)
00238               {
00239                 case T_FILE:
00240                 case T_DIR:
00241                 case T_FIFO:
00242                 case T_SYMLINK:
00243                 case T_IPC:
00244                   return(check_role_sim(target,tid,owner));
00245                   
00246                 case T_PROCESS:
00247                   #ifdef CONFIG_RSBAC_SIM_ROLE_PROT
00248                   if(attr != A_owner)
00249                     return(UNDEFINED);
00250                   /* Administrator or secoff? */
00251                   i_tid.user = owner;
00252                   if (rsbac_get_attr(SIM,
00253                                      T_USER,
00254                                      i_tid,
00255                                      A_sim_role,
00256                                      &i_attr_val1,
00257                                      TRUE))
00258                     {
00259                       rsbac_ds_get_error("rsbac_adf_request_sim()", A_sim_role);
00260                       return(NOT_GRANTED);
00261                     }
00262                   /* if general user or secoff, then grant */
00263                   if (   (i_attr_val1.system_role == SR_user)
00264                       || (i_attr_val1.system_role == SR_security_officer)
00265                      )
00266                     return(GRANTED);
00267                   /* old owner is sys-admin */
00268                   /* get target user's role */
00269                   i_tid.user = attr_val.owner;
00270                   if (rsbac_get_attr(SIM,
00271                                      T_USER,
00272                                      i_tid,
00273                                      A_sim_role,
00274                                      &i_attr_val2,
00275                                      TRUE))
00276                     {
00277                       rsbac_ds_get_error("rsbac_adf_request_sim()", A_sim_role);
00278                       return(NOT_GRANTED);
00279                     }
00280                   /* if target is security officer -> deny */
00281                   if(i_attr_val2.system_role == SR_security_officer)
00282                     return(NOT_GRANTED);
00283                   else
00284                     return(GRANTED);
00285                   #endif /* ROLE_PROT */
00286 
00287                   /* fall through */
00288                 case T_NONE:
00289                   return(DO_NOT_CARE);
00290                 /* all other cases are unknown */
00291                 default:
00292                   return(DO_NOT_CARE);
00293               }
00294 
00295         /* Creating dir or (pseudo) file IN target dir! */
00296         case R_CREATE:
00297             switch(target)
00298               {
00299                 case T_DIR: 
00300                   return(check_role_sim(target,tid,owner));
00301                 /* IPC is always granted */
00302                 case T_IPC:
00303                   return(GRANTED);
00304 
00305 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT
00306                 case T_NETTEMP:
00307                   return sim_check_sysrole(owner, SR_security_officer);
00308 
00309                 case T_NETOBJ:
00310                   return(check_role_sim_netobj(request,tid,owner));
00311 #endif
00312 
00313                 /* all other cases are unknown */
00314                 default: return(DO_NOT_CARE);
00315               }
00316 
00317         case R_DELETE:
00318             switch(target)
00319               {
00320                 case T_FILE:
00321                 case T_DIR:
00322                 case T_FIFO:
00323                 case T_SYMLINK:
00324                 case T_IPC:
00325                   return(check_role_sim(target,tid,owner));
00326 
00327 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT
00328                 case T_NETTEMP:
00329                   return sim_check_sysrole(owner, SR_security_officer);
00330 #endif
00331 
00332                 /* all other cases */
00333                 default:
00334                   return(DO_NOT_CARE);
00335               }
00336 
00337         case R_EXECUTE:
00338             switch(target)
00339               {
00340                 default:
00341                   return(DO_NOT_CARE);
00342               }
00343 
00344         case R_GET_STATUS_DATA:
00345             switch(target)
00346               {
00347                 case T_SCD:
00348                   /* target rsbaclog? only for secoff */
00349                   if (tid.scd != ST_rsbaclog)
00350                     return(GRANTED);
00351                   /* Secoff? */
00352                   if(sim_check_sysrole(owner, SR_security_officer) == NOT_GRANTED)
00353                     return sim_check_sysrole(owner, SR_auditor);
00354                   else
00355                     return GRANTED;
00356 
00357                 default:
00358                   return(DO_NOT_CARE);
00359                };
00360 
00361         case R_LINK_HARD:
00362             switch(target)
00363               {
00364                 case T_FILE:
00365                 case T_FIFO:
00366                 case T_SYMLINK:
00367                   return(check_role_sim(target,tid,owner));
00368 
00369                 /* all other cases are unknown */
00370                 default: return(DO_NOT_CARE);
00371               }
00372 
00373         case R_MODIFY_ACCESS_DATA:
00374         case R_RENAME:
00375             switch(target)
00376               {
00377                 case T_FILE:
00378                 case T_DIR:
00379                 case T_FIFO:
00380                 case T_SYMLINK:
00381                   return(check_role_sim(target,tid,owner));
00382 
00383                 /* all other cases are unknown */
00384                 default: return(DO_NOT_CARE);
00385               }
00386 
00387         case R_MODIFY_ATTRIBUTE:
00388             switch(attr)
00389               {
00390                 case A_system_role:
00391                 case A_sim_role:
00392                 case A_data_type:
00393                 case A_local_data_type:
00394                 case A_remote_data_type:
00395                 #ifdef CONFIG_RSBAC_SIM_GEN_PROT
00396                 case A_log_array_low:
00397                 case A_log_array_high:
00398                 case A_log_program_based:
00399                 case A_log_user_based:
00400                 case A_symlink_add_uid:
00401                 case A_symlink_add_rc_role:
00402                 case A_linux_dac_disable:
00403                 case A_fake_root_uid:
00404                 case A_audit_uid:
00405                 case A_auid_exempt:
00406                 #endif
00407                 #ifdef CONFIG_RSBAC_SIM_AUTH_PROT
00408                 case A_auth_may_setuid:
00409                 case A_auth_may_set_cap:
00410                 case A_auth_start_uid:
00411                 case A_auth_program_file:
00412                 case A_auth_learn:
00413                 case A_auth_add_f_cap:
00414                 case A_auth_remove_f_cap:
00415                 #endif
00416                 /* All attributes (remove target!) */
00417                 case A_none:
00418                   /* Security Officer? */
00419                   return sim_check_sysrole(owner, SR_security_officer);
00420 
00421                 default:
00422                   return(DO_NOT_CARE);
00423               }
00424 
00425         case R_MODIFY_PERMISSIONS_DATA:
00426             switch(target)
00427               {
00428                 case T_FILE:
00429                 case T_DIR:
00430                 case T_FIFO:
00431                 case T_SYMLINK:
00432                 case T_IPC:
00433                   return(check_role_sim(target,tid,owner));
00434                   
00435                 case T_SCD:
00436                   #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00437                   if(tid.scd == ST_ioports)
00438                     return GRANTED;
00439                   #endif
00440                   /* Security Officer? */
00441                   i_tid.user = owner;
00442                   if (rsbac_get_attr(SIM,
00443                                      T_USER,
00444                                      i_tid,
00445                                      A_sim_role,
00446                                      &i_attr_val1,
00447                                      TRUE))
00448                     {
00449                       rsbac_ds_get_error("rsbac_adf_request_sim()", A_sim_role);
00450                       return(NOT_GRANTED);
00451                     }
00452                   /* if sec_officer, then grant */
00453                   if (i_attr_val1.system_role == SR_security_officer)
00454                     return(GRANTED);
00455                   /* For booting: if administrator and ioports, then grant */
00456                   if (   (i_attr_val1.system_role == SR_administrator)
00457                       && (tid.scd == ST_ioports) )
00458                     return(GRANTED);
00459                   else
00460                     return(NOT_GRANTED);
00461                   
00462 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00463                 /* switching Linux DAC */
00464                 case T_NONE:
00465                   /* Security Officer? */
00466                   return sim_check_sysrole(owner, SR_security_officer);
00467 #endif
00468 
00469                 /* all other cases are unknown */
00470                 default: return(DO_NOT_CARE);
00471               }
00472 
00473         case R_MODIFY_SYSTEM_DATA:
00474             switch(target)
00475               {
00476                 case T_SCD:
00477                   /* target not rsbaclog? no problem -> grant */
00478                   if (tid.scd != ST_rsbaclog)
00479                     return(GRANTED);
00480                   if(sim_check_sysrole(owner, SR_security_officer) == NOT_GRANTED)
00481                     return sim_check_sysrole(owner, SR_auditor);
00482                   else
00483                     return GRANTED;
00484                   
00485                 /* all other cases are unknown */
00486                 default: return(DO_NOT_CARE);
00487               }
00488 
00489         case R_MOUNT:
00490         case R_UMOUNT:
00491             switch(target)
00492               {
00493                 case T_FILE:
00494                 case T_DIR:
00495                 case T_DEV:
00496                   return(check_role_sim(target,tid,owner));
00497 
00498                 /* all other cases are unknown */
00499                 default: return(DO_NOT_CARE);
00500               }
00501 
00502         case R_SWITCH_LOG:
00503             switch(target)
00504               {
00505                 case T_NONE:
00506                   /* test owner's sim_role */
00507                   return sim_check_sysrole(owner, SR_security_officer);
00508 
00509                 /* all other cases are unknown */
00510                 default: return(DO_NOT_CARE);
00511               }
00512 
00513         case R_SWITCH_MODULE:
00514             switch(target)
00515               {
00516                 case T_NONE:
00517                   /* we need the switch_target */
00518                   if(attr != A_switch_target)
00519                     return(UNDEFINED);
00520                   /* do not care for other modules */
00521                   if(   (attr_val.switch_target != SIM)
00522                      #ifdef CONFIG_RSBAC_SIM_AUTH_PROT
00523                      && (attr_val.switch_target != AUTH)
00524                      #endif
00525                      #ifdef CONFIG_RSBAC_SOFTMODE
00526                      && (attr_val.switch_target != SOFTMODE)
00527                      #endif
00528                      #ifdef CONFIG_RSBAC_FREEZE
00529                      && (attr_val.switch_target != FREEZE)
00530                      #endif
00531                     )
00532                     return(DO_NOT_CARE);
00533                   /* test owner's sim_role */
00534                   return sim_check_sysrole(owner, SR_security_officer);
00535 
00536                 /* all other cases are unknown */
00537                 default: return(DO_NOT_CARE);
00538               }
00539 
00540         case R_TRUNCATE:
00541             switch(target)
00542               {
00543                 case T_FILE:
00544                   return(check_role_sim(target,tid,owner));
00545 
00546                 /* all other cases are unknown */
00547                 default: return(DO_NOT_CARE);
00548               }
00549 
00550         case R_WRITE:
00551             switch(target)
00552               {
00553                 case T_DIR:
00554 #ifdef CONFIG_RSBAC_RW
00555                 case T_FILE:
00556                 case T_FIFO:
00557                 case T_DEV:
00558                 case T_IPC:
00559 #endif
00560                   return(check_role_sim(target,tid,owner));
00561 
00562 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT
00563                 case T_NETTEMP:
00564                   return sim_check_sysrole(owner, SR_security_officer);
00565 
00566                 case T_NETOBJ:
00567                   return(check_role_sim_netobj(request,tid,owner));
00568 #endif
00569 
00570                 /* all other cases are unknown */
00571                 default: return(DO_NOT_CARE);
00572               }
00573 
00574         case R_WRITE_OPEN:
00575             switch(target)
00576               {
00577                 case T_DEV:
00578                 case T_FILE:
00579                 case T_FIFO:
00580                 case T_IPC:
00581                   return(check_role_sim(target,tid,owner));
00582 
00583                 /* all other cases are unknown */
00584                 default: return(DO_NOT_CARE);
00585               }
00586 
00587 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT
00588         case R_BIND:
00589         case R_LISTEN:
00590         case R_ACCEPT:
00591         case R_CONNECT:
00592         case R_SEND:
00593         case R_RECEIVE:
00594             switch(target)
00595               {
00596                 case T_NETOBJ:
00597                   return(check_role_sim_netobj(request,tid,owner));
00598 
00599                 /* all other cases are unknown */
00600                 default: return(DO_NOT_CARE);
00601               }
00602 #endif
00603 
00604 /*********************/
00605         default: return DO_NOT_CARE;
00606       }
00607 
00608     return(result);
00609   }; /* end of rsbac_adf_request_sim() */
00610 
00611 
00612 /*****************************************************************************/
00613 /* If the request returned granted and the operation is performed,           */
00614 /* the following function can be called by the AEF to get all aci set        */
00615 /* correctly. For write accesses that are performed fully within the kernel, */
00616 /* this is usually not done to prevent extra calls, including R_CLOSE for    */
00617 /* cleaning up.                                                              */
00618 /* The second instance of target specification is the new target, if one has */
00619 /* been created, otherwise its values are ignored.                           */
00620 /* On success, 0 is returned, and an error from rsbac/error.h otherwise.     */
00621 
00622 int  rsbac_adf_set_attr_sim(
00623                       enum  rsbac_adf_request_t     request,
00624                             rsbac_pid_t             caller_pid,
00625                       enum  rsbac_target_t          target,
00626                       union rsbac_target_id_t       tid,
00627                       enum  rsbac_target_t          new_target,
00628                       union rsbac_target_id_t       new_tid,
00629                       enum  rsbac_attribute_t       attr,
00630                       union rsbac_attribute_value_t attr_val,
00631                             rsbac_uid_t             owner)
00632   {
00633     union rsbac_target_id_t       i_tid;
00634     union rsbac_attribute_value_t i_attr_val1;
00635     union rsbac_attribute_value_t i_attr_val2;
00636 
00637     switch (request)
00638       {
00639         case R_CREATE:
00640             switch(target)
00641               {
00642                 case T_IPC: 
00643                   /* Get sim_role of process owner... */
00644                   i_tid.user = owner;
00645                   if (rsbac_get_attr(SIM,
00646                                      T_USER,
00647                                      i_tid,
00648                                      A_sim_role,
00649                                      &i_attr_val1,
00650                                      TRUE))
00651                     {
00652                       rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_sim_role);
00653                       return(-RSBAC_EREADFAILED);
00654                     }
00655                   /* Derive data_type for this ipc item from owner's */
00656                   /* sim_role */
00657                   if (i_attr_val1.system_role == SR_security_officer)
00658                     {
00659                       i_attr_val2.data_type = DT_SI;
00660                       /* set data_type for new IPC item */
00661                       if (rsbac_set_attr(SIM,
00662                                          T_IPC,
00663                                          tid,
00664                                          A_data_type,
00665                                          i_attr_val2))
00666                         {
00667                           rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_data_type);
00668                           return(-RSBAC_EWRITEFAILED);
00669                         }
00670                     }
00671                   return(0);
00672 
00673 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT
00674                 case T_NETOBJ: 
00675                   /* Get sim_role of process owner... */
00676                   i_tid.user = owner;
00677                   if (rsbac_get_attr(SIM,
00678                                      T_USER,
00679                                      i_tid,
00680                                      A_sim_role,
00681                                      &i_attr_val1,
00682                                      TRUE))
00683                     {
00684                       rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_sim_role);
00685                       return(-RSBAC_EREADFAILED);
00686                     }
00687                   /* Derive data_type for this netobj item from owner's */
00688                   /* sim_role */
00689                   if (i_attr_val1.system_role == SR_security_officer)
00690                     {
00691                       i_attr_val2.data_type = DT_SI;
00692                       /* set data_type for new IPC item */
00693                       if (rsbac_set_attr(SIM,
00694                                          target,
00695                                          tid,
00696                                          A_local_data_type,
00697                                          i_attr_val2))
00698                         {
00699                           rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_local_data_type);
00700                           return(-RSBAC_EWRITEFAILED);
00701                         }
00702                     }
00703                   return(0);
00704 #endif
00705                   
00706                 /* all other cases are unknown */
00707                 default:
00708                   return(0);
00709               }
00710 
00711 /*********************/
00712         default: return(0);
00713       }
00714 
00715     return(0);
00716   }; /* end of rsbac_adf_set_attr_sim() */
00717 
00718 /* end of rsbac/adf/sim/main.c */
Generated on Fri Jun 17 09:45:20 2005 for RSBAC by  doxygen 1.4.2