From 456338f39777ef3ce5c6d039dbbf4d9a81c7e58a Mon Sep 17 00:00:00 2001 From: Sascha Wildner Date: Thu, 1 Jan 2009 17:59:35 +0100 Subject: [PATCH 01/16] Regenerate the pciconf(8) database from the following files: Hart: Jan 22, 2008 (version 671) Boemler: Jan 1, 2009 Mares: Dec 27, 2008 --- share/misc/pci_vendors | 287 +++++++++++++++++++++++++++-------------- 1 file changed, 188 insertions(+), 99 deletions(-) diff --git a/share/misc/pci_vendors b/share/misc/pci_vendors index 1018dc48da..4e1f6b267e 100644 --- a/share/misc/pci_vendors +++ b/share/misc/pci_vendors @@ -1,4 +1,3 @@ -; $DragonFly: src/share/misc/pci_vendors,v 1.18 2008/11/02 17:59:37 swildner Exp $ ; ; Automatically generated by src/tools/tools/pciid/mk_pci_vendors.pl ; (with the -l option), using the following source lists: @@ -291,6 +290,13 @@ 005E SAS 3000 series, 6-port with 1066 -StorPort 0060 SAS1078 PCI-X Fusion-MPT SAS 0062 LSISAS1078 PCI-Express Fusion-MPT SAS + 0064 SAS2116 PCI-Express Fusion-MPT SAS-2 [Meteor] + 0065 SAS2116 PCI-Express Fusion-MPT SAS-2 [Meteor] + 0070 SAS2004 PCI-Express Fusion-MPT SAS-2 [Spitfire] + 0072 SAS2008 PCI-Express Fusion-MPT SAS-2 [Falcon] + 0074 SAS2108 PCI-Express Fusion-MPT SAS-2 [Liberator] + 0076 SAS2108 PCI-Express Fusion-MPT SAS-2 [Liberator] + 0077 SAS2108 PCI-Express Fusion-MPT SAS-2 [Liberator] 007C MegaRAID SAS 1078DE 008F 53C810 LSI 53C8xx SCSI host adapter chip 0407 MegaRAID @@ -333,7 +339,7 @@ 0017 ispLSI1032E PROTO-3 PCI, digital I/O with chipselect 0020 ispLSI1032E Universal digital I/O PCI-Interface 9100 INI-9100/9100W SCSI Host -1002 ATI Technologies Inc +1002 ATI Technologies Inc. 0B12 ati 1900 ati 1900 3150 M24 1P Radeon Mobility X600 3151 FIREMV 2400 @@ -407,7 +413,7 @@ 4378 IXP SB400 AC'97 Modem Controller 4379 IXP SB400 Serial ATA Controller 437A IXP SB400 Serial ATA Controller - 437B OEM Intel Corporation& Microsoft UAA Bus Driver for High Definition Audio + 437B Intel Corporation IXP SB450 High Definition Audio Controller 4380 IXP SB600 Serial ATA Controller 4381 IXP SB600 Serial ATA RAID Controller 4382 IXP SB600 AC'97 Audio Controller @@ -448,13 +454,13 @@ 474F Rage XL PCI-66 I Need Driver for the Chip 4750 ATI 3D Rage Pro 215GP ATI 3D Rage Pro 215GP 4751 Rage 3D Pro PCI (PQFP Package, Limited 3D) - 4752 Rage XL PCI sf + 4752 Rage XL PCI ATI On-Board VGA for HP Proliant 350 G3 4753 Rage XC PCI 4754 Mach 64 VT Rage 3D II Graphics Accelerator 4755 Rage 3D II+pci 3d rage 2 + dvd 4756 Rage 3D IIC PCI [Mach64 GT IIC] (PQFP Package) 4757 Rage 3D IIC AGP (BGA Package) - 4758 Mach64 GX (210888GX) + 4758 210888GXControladores ATI 210888GX [Mach64 GX] Mach 64 GT 4759 215r2qzua21 m3d agp card on agp slot 475A Rage 3D IIC AGP (PQFP Package) 4964 Radeon 9000 Series (RV250 Id) @@ -866,7 +872,7 @@ 71C7 RADEON X1650 SERIES 71CD Radeon X1600 Series 71CE Radeon X1600 PRO / X1300XT (RV530 VE) - 71D2 FireGL V3400 FireGL V3400 + 71D2 RV530GL FireGL V3400 71D4 Mobility FireGL V5250 (M56GL) 71D5 Mobility Radeon X1700 (M66-P) 71D6 Mobility Radeon X1700 (M66-XT) @@ -881,7 +887,7 @@ 71E7 RADEON X1650 SERIES SECONDARY 71ED Radeon X1600 Series Secondary 71EE Radeon X1600 PRO / X1300XT Secondary (RV530 VE) - 71F2 FIREGL V3400 Secondary + 71F2 RV530GL ATI FireGL V3400 Secondary 71FA FIREGL V5200 Secondary 71FE RV530 SE Secondary 7205 1106 S3G Unichrome IGP KM400/KN400 @@ -961,7 +967,7 @@ 940A FireGL V8650 940B FireGL V8600 940F FireGL V7600 - 9440 RV770 [Radeon HD 4870] + 9440 Radeon 4870 Graphics adapter 9441 R700 [Radeon HD 4870 X2] 9442 RV770 [Radeon HD 4850] 9443 R700 [Radeon HD 4850] @@ -969,8 +975,10 @@ 944C RV770 LE [Radeon HD 4800 Series] 945A M98 XT [Mobility Radeon HD 4870] 9480 M96 [Mobility Radeon HD 4650] + 9489 M96 XT [Mobility FireGL V5725] 9490 RV730XT [Radeon HD 4670] 9498 RV730 PRO [Radeon HD 4650] + 949F RV730 [FirePro V5700] 94C1 REV_00 ATI Radeon HD 2400 PRO 94C3 RV610 ATI Radeon HD 2400 PRO 94C4 RV610 ATI Radeon HD 3470 PRO AGP @@ -979,7 +987,7 @@ 94C8 Mobility Radeon HD 2400 XT 94C9 Mobility Radeon HD 2400 94CB Radeon E2400 - 94CC RV 610LE PCI [Radeon HD 2400] + 94CC ATI Radeon HD 2400 Series ATI Radeon HD 2400 Series 9501 RV670 ATI Radeon HD 3870 9504 Mobility Radeon HD 3850 9505 Radeon HD 3850 @@ -991,6 +999,8 @@ 9519 RV670 [FireStream 9170] 9540 RV710 [Radeon HD 4550] 954F RV710 [Radeon HD 4350] + 9552 M92 LP [Mobility Radeon HD 4300 Series] + 9553 M92 [Mobility Radeon HD 4500 Series] 9559 Mobility Radeon HD 3600 Series 9581 600458 ATI Mobility Radeon HD2600 9583 Mobility Radeon HD 2600 XT @@ -1021,6 +1031,7 @@ 9612 RS780M/RS780MN [Radeon HD 3200 Graphics] 9613 RS780MC [Radeon HD 3100 Graphics] 9614 Radeon HD 3300 Graphics + 9616 760G [Radeon 3000] 9876 ATI GTC (GT-C2U2) ATI 3D Rage Pro AGP 2X AA00 R600 Audio Device [Radeon HD 2900 Series] AA01 Ati Function driver for high definition audio - AT Ati Mobility Radeon HD 2600 @@ -1572,7 +1583,7 @@ 0525 MGA G450 Dual Head Chip of G450 graphics card 0527 Parhelia AGP 0528 Parhelia Parhelia 128MB/256MB/PCI/HR256 - 0532 MGA G200eW WPCM450 [Hermon] - Winbond/Nuvoton + 0532 MGA G200eW WPCM450 0540 M91XX 0D10 MGA-I Athena (Ultima/Impression board) 1000 MGA-G100 Chipset PCI @@ -1638,7 +1649,7 @@ 0002 PCI to VL98 Bridge 0003 ATM Controller 0004 R4000 PCI bus Bridge - 0005 PCI to 486 like peripheral bus Bridge + 0005 pci 7432 PCI to 486 like peripheral bus Bridge 0006 GUI Accelerator 0007 unknown from Creative.com PCI to ux-bus Bridge 0008 GUI Accelerator (vga equivalent) @@ -2051,12 +2062,13 @@ 8119 na iRDA Compatible Controller 8201 006D103C TI UltraMedia Firmware Loader Device 8204 4610, 4515, 4610FM, 7510 PCI 7510/4510 Cardbus Controller - 8231 PCIe to PCI Bridge + 8231 XIO2000A PCI-Express to PCI/PCI-X bridge 8235 XIO2200(A) IEEE-1394a-2000 Controller (PHY/Link) 823E XIO2213A PCI Express to PCI Bridge 823F XIO2213A 1394b OHCI with 3-Port PHY - 8400 ???? D-Link AirPlus DWL-520+, Uses a TI 802.11b 22 MBPS Chip + 8400 ACX100AGHK D-Link AirPlus DWL-520+, Uses a TI 802.11b 22 MBPS Chip 8401 ACX 100 22Mbps Wireless Interface + 8671 12500 TI Boulevard M/S 8671 Dallas TX 75243-3500 972-644-5580 9000 Wireless Interface (??) 9065 TMX320C6412 Fixed Point Digital Signal Processor 9066 USR5410 U.S. Robotics 802.11g Wireless Turbo PC Card @@ -2069,7 +2081,7 @@ AC10 PCI1050 PC Card Controller AC11 PCI1030/1053 PC Card Controller AC12 PCI1130 PC card CardBus Controller - AC13 PCI9440 PCI\VEN_104C&DEV_803B&SUBSYS_00011179&REV_00\4&6B16D5B&0&5AF0 + AC13 PCI9440 PCI\VEN_104C&DEV_803B&SUBSYS_30AA103C&REV_00\4&33F64D4&0&32F0 AC15 PCI1131 PC Card CardBus Controller AC16 PCI1250 PC Card CardBus Controller AC17 PCI1220 PC Card CardBus Controller @@ -2115,6 +2127,8 @@ AC8D PCI7620 AC8E PCI7420 CardBus Controller AC8F PCI7420/PCI7620 Dual Socket CardBus and Smart Card Cont. w/ 1394a-2000 OHCI Two-Port PHY/Link-Layer Cont. and SD/MS-Pro Sockets + B000 TMS320C645x Device ID: 0xB001 + B001 TMS320DM647-DM648 DSP with a C64x+ core and M/S PCI interface FE00 tsb12lv26 FireWire Host Controller FE03 12C01A FireWire Host Controller 104D Sony Corporation @@ -2166,6 +2180,7 @@ 3012 ColdFusion 3e Chipset Memory Controller Hub 3017 Unassigned Hitachi Shared FC Device 3017 301D PCIe-to-PCIe Bridge with Virtualization IO Assist Feature + 3020 FIVE-EX based Fibre Channel to PCIe HBA 3505 SH7751 SuperH (SH) 32-Bit RISC MCU/MPU Series 350E SH7751R PCI Controller (PCIC) 1055 Standard Microsystems Corp (Was: EFAR Microsystems) @@ -2219,48 +2234,62 @@ 1058 Electronics Telecommunication Research Inc (ETRI) 1059 Kontron Canada (Was: Teknor Microsystems) 105A Promise Technology Inc - 0D30 PDC20265R Promise Ultra100 (tm) IDE Controller (PDC20265) + 0D30 PDC20265/R MBUltra100/MBFastTrack100 Lite 0D38 PDC20263 FastTrak66 Lite EIDE Controller - 1275 PDC20275 FastTrack TX EIDE Controller + 1275 PDC20275 MBUltra133 EIDE Controller + 1960 ? SuperTrak 66/100 RAID + 1962 ? SuperTrak SX 6000 3318 PDC20318(??) FastTrak SATA150 TX4 Controller 3319 PDC20319(??) FastTrak SATA150 TX4 Controller 3371 PDC20371(??) FastTrak SATA150 TX2plus Controller 3373 PDC20378 FastTrak 378/SATA 378 RAID Controller 3375 PDC20375(??) FastTrak SATA150 TX2plus Controller 3376 PDC20376 FastTrak 376 SATA/RAID Controller - 3515 PDC40719 - 3519 PDC40519 FastTrak TX4200 + 3515 PDC40719 FastTrak TX43xx + 3519 PDC40519 FastTrak TX42xx 3570 PDC20771 FastTrak TX2300 SATA300 Controller - 3571 PDC20571 FastTrak TX2200 + 3571 PDC20571 Fasttrack TX2200 3574 Promise SATAII150 579 (tm) IDE Controller 3577 PDC40779 SATA-300 779 3D17 PDC40718-GP SATA 300 TX4 Controller 3D18 Promise SATAII150 518 (tm) IDE Controller - 3D73 PDC20775 SATAII 300 TX2plus IDE Controller + 3D73 PDC40775 SATA-300 TX2plus 3D75 PDC20575 SATAII150 TX2plus - 3F20 PDC42819 [FastTrak TX2650/TX4650] + 3F19 ? FastTrak TX2650/4650/4652 + 3F20 PDC42819 FastTrak TX2650(3F21)/4650(3F22)/PDC42819(3716) 4302 SuperTrak EX Series (tm) Controller - 4D30 PDC20267 FastTrack100 EIDE Controller - 4D33 PDC20246 FastTrak Ultra ATA RAID controller + 4D30 PDC20267 FastTrack100 on Intel MB SE7500CW2 + 4D33 PDC20246 FastTrak/Ultra33 ATA RAID controller 4D38 PDC20262 FastTrak66 EIDE Controller - 4D68 PDC20268 Ultra100 TX2 EIDE Controller + 4D68 PDC20268/R Ultra100TX2/FastTrak100TX/LP 4D69 PDC20269 Ultra133 TX2 EIDE Controller 5275 PDC20276 Ultra133 TX2/FastTrak TX Lite EIDE Controller 5300 DC5300 EIDE Controller - 6268 PDC20268R FastTrak100 TX2/TX4/LP EIDE controller + 6268 PDC20268R FastTrak100 TX2/TX4/LP EIDE Controller 6269 PDC20271 FastTrak TX2000 EIDE controller - 6300 PDC81731 [FastTrak SX8300] + 6300 ? FastTrak SX 8300 + 6301 ? FastTrak SX8300-1 + 6302 ? FastTrak SX 4300 + 6303 ? FastTrak SX 4300-1 + 6304 ? FastTrak SX8300-2 + 6305 ? FastTrak SX8300-3 + 6306 ? FastTrak SX 4300-2 + 6307 ? FastTrak SX 4300-3 6621 PDC20621 (FastTrak S150 SX4/FastTrak SX4000 lite) 6622 PDC20621 [SATA150 SX4] 4 Channel IDE RAID Controller 6624 PDC20621 [FastTrak SX4100] 6626 PDC20618 (Ultra 618) 6629 FastTrak TX4000 Controller + 7250 ? Vitesse 7250 SAS RAID 7275 PDC20277 FastTrak TX/SBFastTrak133 Lite EIDE Controller - 8002 SATAII150 SX8 - 8350 SuperTrak EX Series (tm) Controller - 8650 81384 [SuperTrak EX SAS and SATA RAID Controller] + 8000 ? SATAII150 SX8 + 8002 ? SATAII150 SX8 + 8004 ? SATAII150 SX8 + 8006 ? SATAII150 SX8 + 8350 ? SuperTrak EX8350/16350/8300/16300 + 8650 ? SuperTrak EX SAS RAID C350 SuperTrak EX Series (tm) Controller - E350 80333 [SuperTrak EX24350] + E350 ? SuperTrak EX 243X0 105B Foxconn International Inc. 0C4D SiS AC'97 Sound Controller 105C Wipro Infotech Limited @@ -2331,7 +2360,7 @@ BA56 eXtremeRAID Disk Array BA57 eXtremeRAID 4000/5000 support Device 106A Aten Research Inc. -106B Apple Computer Inc. +106B Apple Computer Inc 0001 Bandit PowerPC Host-PCI Bridge 0002 Grand Central I/O Controller 0003 Control Video @@ -2480,7 +2509,7 @@ 0402 ZFMicro IDE Controller 0403 ZFMicro Expansion Bus 1079 I-Bus -107A Networth +107A Networth controls 107B Gateway 2000 107C LG Electronics / Goldstar Co Ltd 107D Leadtek Research @@ -2705,7 +2734,9 @@ D130 PCI-232/2 2-port RS-232 Serial Interface Board 1094 First International Computers 1095 Silicon Image Inc (Was: CMD Technology Inc) - 0240 Adaptec AAR-1210SA SATA HostRAID Controller + 0240 SIL3112 SATA/Raid controller(2XSATA150) + 0242 SIL3132 SATAII/Raid controller + 0244 SIL3132 eSATA/Raid controller 0640 PCI-0640 EIDE Adapter (Single FIFO) 0641 PCI0640 PCI EIDE Adapter with RAID 1 0642 PCI-0642 EIDE Adapter with RAID 1 @@ -2720,7 +2751,7 @@ 0680 SiI 0680 (Was: PCI-0680) Ultra ATA133 EIDE Controller 1392 1392 INTEL HDMI AUDIO 2455 SI3124 SATALink 4-Port PCI-X Host Controller - 3112 SiI 3112 SATARaid Controller + 3112 SIL3112 SATA/Raid controller(2XSATA150) 3114 Sil 3114 SATALink/SATARaid Controller 3124 SiI 3124 PCI-X to Serial ATA Controller 3132 SiI 3132 PCI Express (1x) to 2 Port SATA300 @@ -2927,7 +2958,7 @@ 1002 Ambassador ATM Adapter 10B7 3COM Corp, Networking Division 0001 3C985 1000BaseSX Gigabit Ethernet Adapter - 0013 3com p/n: 3CRDAG675 3Com� 11a/b/g Wireless PCI Adapter + 0013 3com p/n: 3CRDAG675 3Com11a/b/g Wireless PCI Adapter 0910 3C910-A01 1000 3C905CX-TXNM 3COM 3C905CX-TXNM with 40-0664-003 ASIC 1006 14e4:1645 Broadcom Corporation NetXtreme BCM5701 Gigabit Ethernet @@ -3099,7 +3130,7 @@ 5457 M1563M AC97 Modem controller 5459 56k Voice Modem 545A 56K Voice Modem - 5461 SW\{CD171DE3-69E5-11D2-B56D-0000F8754380}\{9B36589 Microsoft UAA Bus Driver for High Definition Audio + 5461 M5461 High Definition Audio Controller 5471 M1563M Southbridge Memory Stick Host 5473 M1563M Southbridge MMC/SD controller 7101 ALI M7101 Power Management Controller @@ -3188,7 +3219,7 @@ 10D3 Jabil Circuit Inc. 10D4 Hualon Microelectronics 10D5 Autologic Inc. -10D6 Cetia +10D6 Wilson .co .ltd FF51 0x0100 C87899D 10D7 BCM Advanced Research 10D8 Advanced Peripherals Labs @@ -3393,7 +3424,7 @@ 0145 NV43 NVIDIA GeForce 6610 XL 0146 Geforce Go 6600TE/6200TE [NV43] 0147 GeForce 6700 XL - 0148 GeForce Go 6600 [NV43] + 0148 unknown GeForce Go 6600 0149 GeForce Go 6600 [NV43] 014A Quadro NVS 440 014C Quadro FX 540 MXM @@ -3470,7 +3501,7 @@ 01C3 nForce MCP Networking Adapter 01D0 GeForce 7350 LE 01D1 unknown NVIDIA GeForce 7300 LE - 01D3 GeForce 7300 SE + 01D3 nVidia nVidia GeForce 7300 SE 01D6 GeForce Go 7200 01D7 Quadro NVS 110M / GeForce Go 7300 01D8 Quadro NVS 120M / GeForce Go 7400 @@ -3532,7 +3563,7 @@ 0266 MCP51S NVIDIA nForce 430/410 Serial ATA Controller 0267 MCP51S NVIDIA nForce 430/410 Serial ATA Controller 0268 430 NVIDIA nForce Networking Controller - 0269 MCP51 Network Bus Enumerator + 0269 2A34103C MCP51 Ethernet Controller 026A MCP51 MCI 026B MCP51 AC'97 Audio Controller 026C MCP51 High Definition Audio @@ -3557,7 +3588,7 @@ 0293 GeForce 7900 GX2 0294 GeForce 7950 GX2 0295 GeForce 7950 GT - 0297 GeForce Go 7950 GTX + 0297 G71 NVIDIA GeForce Go 7950 GTX 0298 GeForce Go 7900 GS 0299 GeForce Go 7900 GTX 029A Quadro FX 2500M @@ -3661,7 +3692,7 @@ 036E MCP55 MCP55 PATA Controller 036F MCP55 MCP55 SATA/RAID Controller 0370 MCP55 PCI bridge - 0371 ADI 1988 8 Channel High Definition Audio + 0371 ADI 1988 MCP55 High Definition Audio 0372 MCP55 Ethernet 0373 MCP55 Ethernet 0374 MCP55 PCIe bridge @@ -3675,7 +3706,7 @@ 037F MCP55S MCP55 SATA/RAID Controller 0390 GeForce 7650 GS 0391 G73 B1 Ge-Force 7600GT - 0392 GeForce 7600 GS + 0392 NVIDIA GeForce 7600 GS NVIDIA GeForce 7600 GS 0393 UNKOWN NVIDIA GeForce 7300GT 0394 GeForce 7600 LE 0395 GeForce 7300 GT @@ -3684,7 +3715,7 @@ 0399 GeForce Go 7600 GT 039B GeForce Go 7900 SE 039C Quadro FX 550M - 039E Quadro FX 560 + 039E Quadro FX 560 Quadro FX 560 03A0 C55 Host Bridge 03A1 C55 Host Bridge 03A2 C55 Host Bridge @@ -3759,7 +3790,7 @@ 0420 GeForce 8400 SE 0421 G86 GeForce 8500 GT 0422 GeForce 8400 GS - 0423 GeForce 8300 GS + 0423 G86 NVIDIA Geforce 8300 GS 0424 GeForce 8400 GS 0425 GeForce 8600M GS 0426 GeForce 8400M GT @@ -3770,7 +3801,7 @@ 042B 8400 ?? NVIDIA Quadro NVS 135M 042D Quadro FX 360 M Quadro FX 360 M (Mobile) 042E GeForce 9300M G - 042F Quadro NVS 290 + 042F NVS 290 NVIDIA Quadro NVS 290 0440 MCP65 LPC Bridge 0441 MCP65 LPC Bridge 0442 MCP65 LPC Bridge @@ -3849,19 +3880,21 @@ 060C GeForce 8800M GTX 060D GeForce 8800 GS 0610 GeForce 9600 GSO - 0611 GeForce 8800 GT + 0611 8800 GT Alphadog edition from XFX 0612 GeForce 9800 GTX 0614 GeForce 9800 GT 061A Quadro FX 3700 061C Quadro FX 3600M - 0622 nVidia GeForce 9600GT nVidia + 0622 nVidia GeForce 9600GSO nVidia 0623 GeForce 9600 GS + 063A Quadro FX 2700M 0640 G96-300-A1 Nvidia 9500GT graphic controller + 0641 D9M-20 [GeForce 9400 GT] 0644 G96 GeForce 9500 GS 0645 G96 GeForce 9500 GS 0647 GeForce 9600M GT 0648 GeForce 9600M GS - 0649 nVidia nVidia GeForce 9600M GT + 0649 G96 nVidia GeForce 9600M GT 064B GeForce 9500M G 06E2 GeForce 8400 06E4 GeForce 8400 GS @@ -3933,6 +3966,8 @@ 0849 GeForce 8200 084A nForce 730a 084B GeForce 8200 + 084C nForce 780a SLI + 084D nForce 750a SLI 084F GeForce 8100 / nForce 720a 0860 GeForce 9300 0861 GeForce 9400 @@ -3999,6 +4034,10 @@ 0AC8 MCP79 PCI Express Bridge 0AD0 MCP78 SATA Controller IDE mode 0AD4 MCP78S [GeForce 8200] AHCI Controller + 0BC4 MCP? AHCI Controller + 0BC5 MCP? AHCI Controller + 0BCC MCP? Raid Controller + 0BCD MCP? Raid Controller 10DE NV3 Riva 128 21C3 nVidia Corporation G73 [GeForce 7600 GS] (rev a2) C615 G70 [GeForce 7600 GT] @@ -4061,7 +4100,7 @@ 9128 IMS9129 TwinTurbo 128 GUI Accelerator 9135 IMS9135 TwinTurbo 128-3D Display Adapter 10E1 Tekram Technology Corp. Ltd. - 0391 TRM-S1040 + 0391 TRM-S1040 0000 690C DC-690c DC20 DC-290 EIDE Controller DC29 DC-290 @@ -4149,15 +4188,15 @@ 0880 880 High Definition Audio 0883 alc888S Realtek High Definition Audio 0885 ALC885 7.1+2 Channel High-Performance HDA Codec with Content Protection - 0888 realtek high definition audio pavillion a6030n + 0888 realtek high definition audio Realtek Azak´lia chipset 8021 RTL8029AS NIC 8029 RTL8029(as)pci ethernet nic windot XPse 8119 10 32BIT Card Bus 10/100 (10EC-8119) 8129 RTL8139d 10/100 Fast Ethernet Controller 8131 LFE8139ATX - 8136 RTL8100-8101E-8102E-PCIEXPRESS Realtek 8139/810x Family Fast Ethernet NIC + 8136 RTL8100-8101E-8102E-PCIEXPRESS RTL8100E/RTL8101E/RTL8102E-GR 8138 RT8139 (B/C) CardBus Fast Ethernet Adapter - 8139 RTL-8139/8139C/8139C+ 10/100 Mbps Fast Ethernet NIC + 8139 RTL-8139/8139C/8139C+ Realtek RTL8139 Family PCI Fast Ethernet NIC 8167 RTL8169/8110 Family Gigabit Ethernet NIC 8168 RTL8168/8111 PCI-E Gigabit Ethernet NIC 8169 RTL8119 Single Gigabit LOM Ethernet Controller @@ -4203,6 +4242,7 @@ 1677 Multimedia 2013 RS-56 sp-pci Conexant RS-56 PCI Modem 2865 Tyan Thunder K8E S2865 + 5300 Tyan S5380 Mainboard 10F2 Achme Computer Inc. - GONE !!!! 10F3 Alaris Inc. 10F4 S-Mos Systems @@ -4252,7 +4292,7 @@ 0002 INI-920 Ultra SCSI Adapter 1060 INI-A100U2W Orchid Ultra-2 SCSI Controller 134A Ultra SCSI Adapter - 1622 inic1620 S-ATA Adapter + 1622 INIC1620 PCI SATA Controller 9100 INI-9010/9010W Fast Wide SCSI Controller 9400 INIC-940 Fast Wide SCSI Controller 9401 INIC-935 Fast Wide SCSI Controller @@ -4265,7 +4305,7 @@ 0004 Creative SB Audigy 2 ZS (WDM) Audigy Audio Processor 0005 SB0460 SoundBlaster X-FI XtremeMusic 0006 emu10k1x Soundblaster Live! 5.1 - 0007 C6SB0410515017656A Audigy SE + 0007 C6SB0410515017656A Audigy ls 0008 ca0108 sound blaster Audigy 2 0009 [SB X-Fi Xtreme Audio] CA0110-IBG 1017 CT6760 3D Blaster Banshee PCI CT6760 @@ -4285,8 +4325,8 @@ 9838 Ectiva EV1938 1103 Triones Technologies Inc. (HighPoint) 0003 HPT343/5/6,HPT363 UDMA EIDE Controller - 0004 HPT3xx UDMA66/100/133 EIDE Controller - 0005 HPT372x UDMA/ATA133 RAID Controller + 0004 HPT366/368/370/370A ATA Raid Controller + 0005 HPT372/372N PATA133 Raid Controller 0006 HPT302N UDMA/ATA133 RAID Controller 0007 HPT371/N UDMA/ATA133 EIDE Controller 0008 HPT374 Rocket 154x/1640, RocketRAID 154x/1640 RAID EIDE Controller @@ -4644,6 +4684,7 @@ E238 K8T890 PCI-to-PCI Bridge E340 PT900 PCI to PCI Bridge Controller E353 VX800/VX820 PCI Express Root Port + E721 VT1708B 8-channel High Definition Audio CODEC F208 PT890 PCI-to-PCI Bridge F238 K8T890 PCI-to-PCI Bridge F340 PT900 PCI to PCI Bridge Controller @@ -4820,6 +4861,7 @@ 0003 IDT77222/252 MICRO ABR SAR PCI ATM Controller 0004 IDT77V252 MICRO ABR SAR PCI ATM Controller 0005 IDT77V222 155Mbps ATM MICRO ABR SAR Controller + 76B2 92HD71B7 IDT Audio 8018 PES12N3A PCI Express Switch 801C PES24N3A PCI Express Switch 8028 PES4T4 PCI Express Switch @@ -4907,7 +4949,7 @@ 5402 TriMedia TM-1300EH Media Processor 5405 TriMedia TM1500 5406 TriMedia PNX1700 - 7130 73c0a1434628 Philips SAA7130HL Multimedia Capture Device + 7130 73c0a1434628 Philips SAA7135HL Multimedia Capture Device 7133 Pinnacle PCTV 110i Pinnacle PCTV 110i Capture Device 7134 SAA7134HL Multimedia Capture Device 7135 SAA???? Multimedia Device(??) @@ -4982,6 +5024,10 @@ 1136 Momentum Data Systems 0002 PCI-JTAG 1137 Cisco Systems Inc + 0023 PCIe Upstream Port Bridge + 0041 PCIe Downstream Port Bridge + 0043 10G Ethernet NIC + 0045 FCoE HBA 1138 Ziatech Corporation 8905 8905 STD 32 Bridge 1139 Dynamic Pictures Inc @@ -5019,7 +5065,7 @@ 6425 ProMotion AT25 0752 20005 6426 GUI Accelerator 643D AT25 ProMotion-AT3D - 9876 ProMotion AT25 139K76B 9808 + 9876 ProMotion 6422 139K76B 9808 1143 Netpower Inc 1144 Vickers Inc/Cincinnati Milacron 0001 Noservo Controller @@ -5033,6 +5079,7 @@ F020 CardBus ATAPI Host Adapter F021 NPATA32 CardBus CompactFlash Adapter F024 NPATA-32 CardBus CompactFlash Adapter + F103 NinjaPATA-32 Delkin Cardbus UDMA 1146 Force Computers 1147 Interface Corp 1123 123 131dq @@ -5294,7 +5341,7 @@ 13A8 XR17C158/154/152 Multi-channel PCI UART 117A A-Trend Technology 117B LG (Lucky Goldstar) Electronics Inc. - 8320 GCE-8320B CD-R/RW Drive + 8320 NOFM12 USB DEVICE 117C Atto Technology 002C SAS RAID Adapter 0030 Ultra320 SCSI Host Adapter @@ -5485,6 +5532,7 @@ 1FAB Libertas 802.11b/g Wireless LAN Client Adapter 2A01 Libertas 802.11a/b/g Wireless Controller (CB55) 2A02 88W8361 [TopDog] 802.11n Wireless + 2A30 ? PCI-Express 802.11bg Wireless 4101 OLPC Cafe Controller Secure Digital Controller 4320 Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller (Copper) 4340 Yukon 88E8021 PCI-X IPMI Gigabit Ethernet Controller @@ -5496,14 +5544,14 @@ 4346 Yukon 88E8061 PCI-E IPMI Gigabit Ethernet Controller 4347 Yukon 88E8062 PCI-E IPMI Gigabit Ethernet Controller 4350 88E8036 Yukon PCI-E Fast Ethernet Controller - 4351 88E8039 Yukon PCI-E Fast Ethernet Controller + 4351 88E8038 Yukon PCI-E Fast Ethernet Controller 4352 88E8038 Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller 4353 88E8039 - http://www.marvell.com/drivers/driverDis Gigabit 4354 88E8040 Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller 4355 88E8040T Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller 4356 Yukon 88EC033 PCI-E Fast Ethernet Controller 435A 88E8048 PCI-E Fast Ethernet Controller - 4360 88E8052 Yukon PCI-E ASF Gigabit Ethernet Controller + 4360 88E8050 Yukon PCI-E ASF Gigabit Ethernet Controller 4361 88E8036 Marvell Yukon -EC 88E8036 PCI Express Fast Ethernet Controller 4362 88E8053 Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller 4363 88E8053 Yukon PCI-E Gigabit Ethernet Controller @@ -5539,17 +5587,19 @@ 6122 6122 SATA2 Controller 6140 6140 SATA2 Controller 6141 6141 SATA2 Controller - 6145 ? Add-on IC to provide 4x SATA Ports, attached to ICH7 (SthBridge?) via PCI-Express. + 6145 88SE6145 Add-on IC to provide 4x SATA Ports, attached to ICH7 (SthBridge?) via PCI-Express. 6320 GT-64130/131 System Controller for PowerPC Processors + 6440 ? 64xx/63xx SAS 6450 64560 System Controller 6460 MV64360/64361/64362 System Controller - 6480 MV6446x System Controller for PowerPC Processors + 6480 MV64460/64461/64462 System Controller 6485 MV6446x System Controller for PowerPC Processors, Revision B 7042 MV88SXxxxx Family 4-port SATA II PCIe Controller (??) 9653 GT-96100A Advanced Communication Controller F003 GT-64010 Primary Image Piranha Image Generator F004 GT-64120 Primary Image Barracuda Image Generator F006 GT-64120A Primary Image Cruncher Geometry Accelerator + FFFF 88SA8040 PATA2SATA/SATA2PATA Bridge 11AC Canon Information Systems 11AD Lite-On Communications Inc 0001 LC82C168 Fast Ethernet Adapter (??) @@ -5612,7 +5662,7 @@ 11BB Pyramid Technology/DAPHA Electronics Corp 11BC Network Peripherals Inc 0001 NPI NuCard PCI FDDI -11BD Pinnacle Systems Inc. +11BD Pinnacle Systems Inc 0015 FireWire IEEE1394 002E PCTV 40i 0040 Royal TS Function 1 @@ -5676,7 +5726,7 @@ 5803 USS-344 Quadrabus 4-port OpenHCI USB Host Controller 5805 uss344 USB Advanced Host Controller 5811 FW322 1394A PCI PHY/Link Open Host Ctrlr I/F - 5901 FW643 PCI Express1394b Controller (PHY/Link) + 5901 unknown firewire chip for macbook pro 8110 T8110 H.100/H.110 TDM switch 9876 lucent 1646T00 LT WinModem 56K Data+Fax AB10 WL60010 Wireless LAN MAC @@ -5729,7 +5779,7 @@ 1889 AD1980 Sound Chip 1981 AD1981HD SoundMAX Integrated Digital HD Audio 1983 AD1983HD SoundMAX Integrated Digital HD Audio - 1984 AD1984HD sound chip + 1984 Analog Devices ADI 198x Analog Devices ADI 198x Integrated HD Audio 1986 AD1986A SoundMAX Integrated Digital HD Audio 198B AD1988B AD1988B HD Audio CODEC 2192 ADSP-2192 DSP Microcomputer (function #0) @@ -5752,7 +5802,9 @@ 11DC Questra Corp 11DD Crosfield Electronics Ltd 11DE Zoran Corporation + 6017 miroVIDEO DC30 6057 ZR36057/36067 MotionJPEG/TV Card + 6067 zr36067pqc zoran 6120 ZR36120PQC MPEG VideoBVPSXI Capture Card 11DF New Wave PDG 11E0 Cray Communications A/S @@ -5919,6 +5971,7 @@ 71E2 OZ711E2 SmartCardBus Controller 7212 OZ711M2 SmartCardBus MultiMediaBay Controller 7213 OZ6933E CardBus Controller + 7222 unknow pci to pcmcia bridge 7223 OZ711M3 SmartCardBus MultiMediaBay Controller 7233 OZ711MP3/MS3 MemoryCardBus Controller 1218 Hybricon Corp @@ -6098,7 +6151,7 @@ 1968 ES2839 Maestro-2 PCI audio accelerator 1969 ES72222 Solo-1 PCI AudioDrive family 1978 ES1978 Maestro-2E Audiodrive, ES1970 Canyon3D - 1988 ES1988 ESS Allegro PCI Audio (WDM) + 1988 ES1989 ESS Allegro PCI Audio (WDM) 1989 ES1989 Allegro ES56CVM-PI PCI Voice+Fax Modem 1990 ES2898S 1998 ES1980 Maestro-3 PCI Audio Accelerator @@ -6339,7 +6392,7 @@ FFF3 MPG600/Kuroutoshikou ITVC16-STVLP FFFF MPG600/Kuroutoshikou ITVC16-STVLP 12AC MeasureX Corp. -12AD Multidata GmbH +12AD MULTIDATA GmbH 0010 1 HERMES-S0 0020 1 HERMES-PRI 0080 1 HERMES-PRI/PCIX @@ -6654,7 +6707,7 @@ 0003 9060 CompactPCI Interface 000D FPGA PCI Bridge 1311 VideoServer Inc -1312 Robotic Vision Systems Incorporated +1312 Microscan Systems Inc 1313 Yaskawa Electric Co. 1315 Wavesat 1316 Teradyne Inc. @@ -7218,11 +7271,11 @@ 0011 CMI8738 0100 CMI8338/C3DX PCI Audio Device 0101 CMI8338-031 PCI Audio Device - 0111 CMI8738/PCI C3DX C-Media Audio Controller + 0111 PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\2&EBB C-Media Audio Controller 0112 CMI-8378B/PCI-6CH PCI Audio Chip 0211 CMI8738/PCI-SX HSP56 MICROMODEM 0300 0x4005 pci audio driver - 8788 CMI8788 [Oxygen HD Audio] + 8788 CMI8788/PCI-8CH C-Media Oxygen HD 9880 CM9880 13F7 Wildfire Communications 13F8 Ad Lib Multimedia Inc @@ -7596,6 +7649,7 @@ 1480 SCII Telecom 1481 Biopac Systems Inc 1482 Isytec - Integrierte Systemtechnik Gmbh + 0001 PCI-16 Host Interface for ITC-16 1483 Labway Coporation 1484 Logic Coporation 1485 Erma - Electronic GMBH @@ -7820,6 +7874,7 @@ 1639 NetXtreme II BCM5709 Gigabit Ethernet 163A NetXtreme II BCM5709S Gigabit Ethernet 163B NetXtreme II BCM5716 Gigabit Ethernet + 163C NetXtreme II BCM5716S Gigabit Ethernet 1644 BCM5700 NetXtreme Gigabit Ethernet Controller 1645 BCM5701 broadtcomBCM5701 Gigabit Ethernet 1646 BCM5702x1 NetXtreme Gigabit Ethernet @@ -7904,7 +7959,7 @@ 4311 BCM4311 Broadcom Corporation Dell Wireless 1390 WLAN Mini-PCI Card 4312 BCM4310 UART (Wireless Ethernet Adapter) 4313 BCM4310 usb controller, wireless network card - 4315 BCM4312 Broadcom Wireless + 4315 BCM2046 Broadcom Wireless 4318 BCM43XX Broadcom 802.11b/g 4319 Dell Wireless 1470 DualBand WLAN 431A 802.11a Network Adapter @@ -7994,7 +8049,7 @@ 14EE Maspro Kenkoh Corp 14EF Carry Computer Engineering Co Ltd 14F0 Canon Reseach Centre France -14F1 Conexant Systems, Inc. +14F1 Conexant Systems 1002 HCF 56k Modem 1003 HCF 56k Modem 1004 HCF 56k Modem @@ -8108,7 +8163,7 @@ 2F14 US Robotics 56K PCI Software Modem 2F15 US Robotics 56K Fax Host Int 2F20 CX11256 Software data fax modem with SmartCP - 2F30 01 hp/compaq alhena 5-gl6 + 2F30 01 Zyxel OMNI 56K PCI Plus Rev.3 2F40 71030277 Conexant Modem RD02-D490 2F50 Conexant SoftK56 Data/Fax Modem 2F82 cx9510-11z Conexant PCI-E Soft Data/Fax Modem with SmartCP @@ -8131,7 +8186,7 @@ 8803 CX2388x TV Capture Chip 8804 CX2388x TV Capture Chip 8811 CX2388x TV Capture Chip - 8852 0x7717 CX23881 + 8852 0x7717 CX23881-21 14F2 Mobility Electronics, Inc. 0001 Moselle Split Bridge 0002 Capilano Split Bridge @@ -8207,7 +8262,7 @@ 1519 Telefon Aktiebolaget LM Ericsson 2004 0x1 PCI Interface bus 151A Globetek Inc. - 1002 PCI-1002 4383 + 1002 PCI-1002 4370 1004 PCI-1004 1008 PCI-1008 151B Combox Ltd @@ -8375,6 +8430,7 @@ 1575 Voltaire Advanced Data Security Ltd 1576 Viewcast Com 1578 Hitt + 4D34 VPMK4 [Video Processor Mk IV] 5615 VPMK3 [Video Processor Mk III] 1579 Dual Technology Corporation 157A Japan Elecronics Ind. Inc @@ -8454,6 +8510,8 @@ 0740 Virtual Machine Communication Interface 0770 n/a Standard Enhanced PCI to USB Host Controller 0790 PCI bridge + 07B0 VMXNET3 Ethernet Adapter + 07C0 PVSCSI SCSI Controller 0801 Virtual Machine Interface 15AE Amersham Pharmacia Biotech 15B0 Zoltrix International Limited @@ -8583,7 +8641,7 @@ 15F6 Extreme Packet Device Inc 15F7 Banctec 15F8 Koga Electronics Co -15F9 Zenith Electronics Corporation +15F9 Zenith Electronics Corp 15FA Axzam Corporation 15FB Zilog Inc. 15FC Techsan Electronics Co Ltd @@ -8803,11 +8861,12 @@ 001C AR5006 family 802.11abg Wireless NIC 001D AR5007G Wireless Network Adapter 0020 AR5005VL 802.11bg Wireless NIC - 0023 AR5008 Wireless Network Adapter + 0023 AR5416 802.11a/b/g/n Wireless PCI Adapter 0024 AR5008 Atheros 802.11a/b/g/n (pre-N) radio 0027 AR9160 802.11abgn Wireless PCI Adapter 0029 AR922X Wireless Network Adapter 002A AR928X Wireless Network Adapter (PCI-Express) + 002B AR9285 Wireless Network Adapter (PCI-Express) 0033 11a/b/g/n Wireless LAN Mini-PCI Express Adapter 0207 AR5210 1014 AR5212 Atheros AR5212 802.11abg wireless @@ -8910,6 +8969,7 @@ 5602 PMC-VLX110 Reconfigurable Virtex-5 FPGA with plug-in I/O 5603 PMC-VSX95 Reconfigurable Virtex-5 FPGA with plug-in I/O 5604 PMC-VLX155 Reconfigurable Virtex-5 FPGA with plug-in I/O + 5605 PMC-VFX70 Reconfigurable Virtex-5 FPGA with plug-in I/O 16D8 Omnicluster Technologies 16DA Marek Micro GmBH 0011 INES GPIB-PCI @@ -9004,6 +9064,7 @@ 1078 Amilo Pro v2010 1085 Celsius M450 1098 Amilo L 1310G + 10B9 0x00541000 SAS 3000 series, 8-port with 1068 -StorPort 1735 ATEN International Co Ltd 1737 LinkSys 0013 WMP54G Wireless Pci Card @@ -9141,6 +9202,7 @@ 179C Indus TeQ Site Pvt Ltd 0557 DP-PCI-557 [PCI 1553B] 0566 DP-PCI-566 [Intelligent PCI 1553B] + 1152 DP-cPCI-1152 (8–channel Isolated ADC Module) 5031 DP-CPCI-5031-Synchro Module 5121 DP-CPCI-5121-IP Carrier 5211 DP-CPCI-5211-IP Carrier @@ -9306,7 +9368,7 @@ 1810 HCL Technologies Ltd 1811 Wipro Technologies 1812 LANergy -1813 Ambient Technologies Inc. +1813 Ambient Technologies Inc 3059 VT8237 AC97 Enhanced Audio Controller - the 8251 controller is different 4000 MD5628D-L-A intel V.92 HaM Modem 4100 Ambient MD8820 Intel HaM V.92 Modem @@ -9321,6 +9383,7 @@ 0601 RT2800 802.11n PCI 0681 RT2860 Wireless 802.11n PCIe 0701 RT2760 Wireless 802.11n 1T/2R Cardbus + 0781 RT2860/RT2890 Wireless E932 RT2560F 802.11 b/g PCI 1815 devolo AG 1816 Pro Team Computer Corporation @@ -9521,6 +9584,7 @@ 0014 SuperFSCC 0015 SuperFSCC-104 0016 Fastcom FSCC-232 + 0017 SuperFSCC-104-NOUART 18FB Resilience Corporation 1904 Hangzhou Silan Microelectronics Co Ltd 2031 SC92031 PCI Fast Ethernet Adapter @@ -9550,6 +9614,7 @@ 193F Comtech AHA Corp. 0001 AHA36x-PCIX 0363 AHA363-PCIe + 0364 AHA364-PCIe 1942 ClearSpeed Technology plc E511 CSX600 Advance Accelerator Board E521 Advance e620 accelerator card @@ -9610,8 +9675,10 @@ 1966 Orad Hi-Tec Systems 1975 DVG64 family 1969 Attansic (Now owned by Atheros) - 1026 L1 Gigabit Ethernet Adapter + 1026 L1e Gigabit Ethernet Adapter 1048 L1 Gigabit Ethernet 10/100/1000Base-T Ethernet Controller + 1066 L2c Gigabit Ethernet Adapter + 1067 L1c Gigabit Ethernet Adapter 2048 L2 Fast Ethernet 10/100 Base-T Controller 196A Sensory Networks Inc 0101 NodalCore C-1000 Content Classification Accelerator @@ -9639,6 +9706,10 @@ 2382 SD/MMC Host Controller 2383 MS Host Controller 2384 xD Host Controller + 2386 Standard SD Host Controller + 2387 SD/MMC Host Controller + 2388 MS Host Controller + 2389 xD Host Controller 1982 Distant Early Warning Communications Inc 1600 OX16C954 HOST-A 16FF OX16C954 HOST-B @@ -9665,6 +9736,8 @@ 19DA ZOTAC International (MCO) Ltd. 19DE Pico Computing 19E2 Vector Informatik GmbH +19E3 DDRdrive LLC + DD52 DDRdrive X1 19E7 NET (Network Equipment Technologies) 1001 STIX DSP Card 1002 STIX - 1 Port T1/E1 Card @@ -9683,6 +9756,8 @@ 0000 SC15064 1A0E DekTec Digital Video B.V. 0069 DTA-105 +1A17 Force10 Networks, Inc. + 8002 PB-10GE-2P 10GbE Security Card 1A1D GFaI e.V. 1A17 Meta Networks MTP-1G IDPS NIC 1A1E 3Leaf Systems, Inc. @@ -9729,6 +9804,7 @@ 0A41 microEnable IV-FULL x1 0A44 microEnable IV-FULL x4 0E44 microEnable IV-GigE x4 +1AEC Wolfson Microelectronics 1AEE Caustic Graphics Inc. 1AF4 Qumranet, Inc. 1000 Virtio network device @@ -9738,8 +9814,12 @@ 1B13 Jaton Corporation USA 0001 GeForce4 MX 440 nVidia Corporation NV17 1B28 Taicom Data Systems Co Ltd +1B36 Red Hat, Inc. + 1000 Virtio network device + 1001 Virtio block device 1B3E Teradata Corp. 1FA8 BYNET BIC2SE/X +1B40 Schooner Information Technology, Inc. 1B47 Proxim(??) (Possibly Incorrect) 1B55 NetUP Inc. 2A2C Dual DVB-S2-CI card @@ -9903,6 +9983,10 @@ 004F ADM-XRC-4FX Virtex-II Pro PCI-X Bridge 0050 ADM-XRC-5LX Virtex-4LX Bridge 0051 ADM-XRC-5T1 ADM-XRC-5T1 +4150 ONA Electroerosion + 0001 PCI32TLITE FILSTRUP1 PCI to VME Bridge Controller + 0006 PCI32TLITE UART 16550 Opencores + 0007 PCI32TLITE CAN Controller Opencores 415A Auzentech, Inc. 416C Aladdin Knowledge Systems 0100 AlladinCARD @@ -9970,6 +10054,8 @@ 0B02 BU-65569I2 MIL-STD-1553 Data Bus 0B03 BU-65569I3 MIL-STD-1553 Data Bus 0B04 BU-65569I4 MIL-STD-1553 Data Bus +5045 University of Toronto + 4243 BLASTbus PCI Interface Card v1 5046 GemTek Technology corp 1001 PCI Radio 5053 TBS/Voyetra Technologies @@ -10020,7 +10106,7 @@ 88F2 86C968 Vision 968 GUI Accelerator VRAM rev. 2 88F3 86C968 Vision 968 GUI Accelerator VRAM rev. 3 8900 86C775 Trio64V2/DX - 8901 pci\ven_5333dev_8C2E&SUBSYS_00011179&REV_05\4&74C6 Trio64V2/DX-/GX Graphics Drivers + 8901 pci\ven_5333dev_8C2E&SUBSYS_00011179&REV_05\4&74C6 S3 trio64uv+ for windows xp 8902 86C551 SMA Family 8903 TrioV Family 8904 86C365 Trio3D QFP, 86C366 Trio3D BGA @@ -10173,6 +10259,7 @@ 0040 Auburndale/Havendale DRAM Controller 0041 Auburndale/Havendale PCI Express x16 Root Port 0042 Auburndale/Havendale Integrated Graphics Controller + 0050 Auburndale/Havendale Thermal Management Controller 0122 82437FX 430FX (Triton) System Controller 0309 80303 I/O Processor PCI-to-PCI Bridge Unit 030D 80312 I/O Companion Unit PCI-to-PCI Bridge @@ -10367,6 +10454,7 @@ 10C6 82598EB 10 Gigabit AF Dual Port Network Connection 10C7 82598EB 10 Gigabit AF Network Connection 10C8 82598EB 10 Gigabit AT Network Connection + 10C9 82576 Gigabit Network Connection 10CB 82567V Gigabit Network Connection 10CC 82567LM-2 Gigabit Network Connection 10CD 82567LF-2 Gigabit Network Connection @@ -10376,14 +10464,19 @@ 10D6 82575GB Gigabit Network Connection 10D9 82571EB Dual Port Gigabit Mezzanine Adapter 10DA 82571EB Quad Port Gigabit Mezzanine Adapter + 10DB 82598EB 10-Gigabit Dual Port Network Connection 10DD 82598EB 10 Gigabit AT CX4 Network Connection 10DE 82567LM-3 Gigabit Network Connection 10DF 82567LF-3 Gigabit Network Connection + 10E1 82598EB 10-Gigabit AT Dual Port Network Connection 10E2 82575GB Gigabit Network Connection 10E5 82567LM-4 Gigabit Network Connection - 10EC 10 Gigabit AT CX4 Network Connection - 10F4 10 Gigabit AT Network Connection - 10F5 82567LM Intel® 45 Express-Chipsatz + 10E6 82576 Gigabit Network Connection + 10E7 82576 Gigabit Network Connection + 10EC 82598EB 10-Gigabit AT CX4 Network Connection + 10F1 82598EB 10-Gigabit AT Dual Port Network Connection + 10F4 82598EB 10-Gigabit AT Network Connection + 10F5 82567LM Intel® 82567LM-2 Gigabit Network Connection 1100 82815 815/E (Solano) Host to I/O Hub Bridge with 100MHz DRAM Controller 1101 82815 815/E (Solano) PCI to AGP Bridge 1102 82815 815/E (Solano) Internal GUI Accelerator @@ -10405,7 +10498,7 @@ 1223 SAA 7116 H Video Controller 1225 82452KX/GX Orion Extended Express Processor to PCI Bridge 1226 82596 EtherExpress PRO/10 - 1227 82865g LAN Controller with 82562EM/EX PHY PCI + 1227 82801db ich4 LAN Controller with 82562EM/EX PHY PCI 1228 EE PRO/100 Smart Intelligent 10/100 Fast Ethernet Adapter 1229 82550/1/7/8/9 EtherExpress PRO/100(B) Ethernet Adapter 122D 82437FX 430FX (Triton) Cache/DRAM Controller @@ -10657,7 +10750,7 @@ 2662 82801FB/FR/FW/FRW PCI Express Port 2 2664 82801FB (ICH6) PCIe Root Port 3 2666 82801FB/FR/FW/FRW PCI Express Port 4 - 2668 11583659 Realtek High Definition Audio Controllers + 2668 11583659 82801FB (ICH6) High Definition Audio Controller 2669 2028026 jkn 266A 82801FB (ICH6) SMBus Controller 266C 82801FB/FR/FW/FRW LAN Controller @@ -10802,7 +10895,7 @@ 293B 82801IB/IR/IH (ICH9 Family) USB2 Enhanced Host Controller 293C 82801IB/IR/IH (ICH9 Family) USB2 Enhanced Host Controller 293D 82801IB/IR/IH (ICH9 Family) USB2 Enhanced Host Controller - 293E 486486 Microsoft UAA Bus Driver for High Definition Audio + 293E 486486 82801IB/IR/IH (ICH9 Family) HD Audio Controller 2940 82801IB/IR/IH (ICH9 Family) PCIe Root Port 1 2941 82801IB/IR/IH (ICH9 Family) PCIe Root Port 1 2942 82801IB/IR/IH (ICH9 Family) PCIe Root Port 2 @@ -10918,7 +11011,7 @@ 2C10 QuickPath Interconnect Link 0 2C11 QuickPath Interconnect Physical 0 2C14 QuickPath Interconnect Link 1 - 2C15 QPI Physical 1 + 2C15 Core i7 QPI Physical 1 2C18 QuickPath Memory Controller 2C19 QuickPath Memory Controller Target Address Decoder 2C1A QuickPath Memory Controller RAS Registers @@ -10936,6 +11029,7 @@ 2C32 QuickPath Memory Controller Channel 2 Rank Registers 2C33 QuickPath Memory Controller Channel 2 Thermal Control Registers 2C40 QuickPath Architecture Generic Non-Core Registers + 2C41 QuickPath Architecture Generic Non-Core Registers 2C50 QuickPath Architecture Generic Non-Core Registers 2C51 QuickPath Architecture Generic Non-Core Registers 2C52 QuickPath Architecture Generic Non-Core Registers @@ -11016,6 +11110,7 @@ 3341 82855PM Processor to AGP Controller 3342 82855PM Power Management 3363 IOC340 I/O Controller in IOC Mode SAS/SATA + 3382 81342 [Chevelon] I/O Processor (ATUe) 33C3 IOP348 I/O Processor (SL8De) in IOC Mode SAS/SATA 33CB IOP348 I/O Processor (SL8Dx) in IOC Mode SAS/SATA 3400 QuickPath Architecture I/O Hub to ESI Port @@ -11278,7 +11373,7 @@ 4229 Intel 4965AGN Intel® Wireless WiFi Link 4965AGN(supporting 802.11a/b/g/Draft-N) 422D Intel 4965AGN Intel® Wireless WiFi Link 4965AGN 4230 Intel 4965AGN Intel® Wireless WiFi Link 4965AGN - 4232 Wireless WiFi Link 5100 + 4232 unknown Intel® WiFi Link 5100 4233 Intel 4965AGN Intel® Wireless WiFi Link 4965AGN 4235 5300AGN Intel® WiFi Link 5300 AGN 4236 Wireless WiFi Link 5100 @@ -11406,7 +11501,7 @@ 7800 Intel740 AGP Graphics Accelerator 8002 Trusted Execution Technology 8003 Trusted Execution Technology Registers - 8086 park lsdurjlk + 8086 park55 lsdurjlk 8100 System Controller Hub (SCH Poulsbo) 8108 System Controller Hub (SCH Poulsbo) Graphics Controller 8110 System Controller Hub (SCH Poulsbo) PCI Express Port 1 @@ -11877,6 +11972,7 @@ EDD8 ARK Logic, Inc A0A1 Stingray 64 ARK2000MT 64-bit GUI W/DCI Playback A0A9 ARK2000MI Quadro645 GUI Accelerator A0B1 ARK2000MI+ GUI Accelerator +F05B Foxconn International, Inc. (Wrong ID) F1D0 AJA Video C0FE Xena HS/HD-R C0FF Kona/Xena 2 @@ -11887,6 +11983,7 @@ F1D0 AJA Video EFAC KONA SD SMPTE 259M I/O FACD KONA HD SMPTE 292M I/O F5F5 F5 Networks Inc. +F849 ASRock Incorporation (Wrong ID) FA57 Interagon AS (Was: Fast Search & Transfer ASA) 0001 PMC Pattern Matching Chip FAB7 Fabric7 Systems Inc @@ -11899,14 +11996,6 @@ FEDE Fedetec Inc FFFD XenSource Inc 0101 PCI Event Channel Controller FFFE VMWare Inc (Older Product Versions) - 0000 GESP 1.0 - 0002 GESP 1.0 - 0003 GESP 1.0 - 0004 GESP 1.1 - 0006 GESP 1.1 - 0007 GESP 1.1 - 0008 GESP 1.1 - 0009 GESP 1.1 0405 Virtual SVGA 4.0 0710 Virtual SVGA FFFF Illegal Vendor ID -- 2.41.0 From 5825b2265ea18876420a0aa5e62216a0592b0065 Mon Sep 17 00:00:00 2001 From: Michael Neumann Date: Thu, 1 Jan 2009 18:24:10 +0000 Subject: [PATCH 02/16] Refactor sys_jail() and fix bugs. Fixes two issues: * uap->sysmsg_result was not consistently assigned -1 in case of an error. * A version 0 syscall triggered a copyinstr(j.hostname, ...) on an uninitialized struct jail j. --- sys/kern/kern_jail.c | 170 +++++++++++++++++++++++++------------------ 1 file changed, 99 insertions(+), 71 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index b17f4290c4..15e94565da 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -122,6 +122,70 @@ kern_jail_attach(int jid) return(0); } +static int +assign_prison_id(struct prison *pr) +{ + int tryprid; + struct prison *tpr; + + tryprid = lastprid + 1; + if (tryprid == JAIL_MAX) + tryprid = 1; +next: + LIST_FOREACH(tpr, &allprison, pr_list) { + if (tpr->pr_id != tryprid) + continue; + tryprid++; + if (tryprid == JAIL_MAX) { + return (ERANGE); + } + goto next; + } + pr->pr_id = lastprid = tryprid; + + return (0); +} + +static int +kern_jail(struct prison *pr, struct jail *j) +{ + int error; + struct nlookupdata nd; + + error = nlookup_init(&nd, j->path, UIO_USERSPACE, NLC_FOLLOW); + if (error) { + nlookup_done(&nd); + return (error); + } + error = nlookup(&nd); + if (error) { + nlookup_done(&nd); + return (error); + } + cache_copy(&nd.nl_nch, &pr->pr_root); + + varsymset_init(&pr->pr_varsymset, NULL); + prison_ipcache_init(pr); + + error = assign_prison_id(pr); + if (error) { + varsymset_clean(&pr->pr_varsymset); + nlookup_done(&nd); + return (error); + } + + LIST_INSERT_HEAD(&allprison, pr, pr_list); + prisoncount++; + + error = kern_jail_attach(pr->pr_id); + if (error) { + LIST_REMOVE(pr, pr_list); + varsymset_clean(&pr->pr_varsymset); + } + nlookup_done(&nd); + return (error); +} + /* * jail() * @@ -130,45 +194,48 @@ kern_jail_attach(int jid) int sys_jail(struct jail_args *uap) { - struct prison *pr, *tpr; - struct jail j; - struct jail_v0 jv0; struct thread *td = curthread; - int error, tryprid, i; - uint32_t jversion; - struct nlookupdata nd; - /* Multiip */ - struct sockaddr_storage *uips; /* Userland ips */ - struct sockaddr_in ip4addr; + struct prison *pr; struct jail_ip_storage *jip; - /* Multiip */ + struct jail j; + int error; + uint32_t jversion; + + uap->sysmsg_result = -1; error = priv_check(td, PRIV_ROOT); - if (error) { - uap->sysmsg_result = -1; + if (error) return (error); - } + error = copyin(uap->jail, &jversion, sizeof(jversion)); - if (error) { - uap->sysmsg_result = -1; + if (error) return (error); - } + pr = kmalloc(sizeof(*pr), M_PRISON, M_WAITOK | M_ZERO); SLIST_INIT(&pr->pr_ips); switch (jversion) { case 0: /* Single IPv4 jails. */ - + { + struct jail_v0 jv0; + struct sockaddr_in ip4addr; + error = copyin(uap->jail, &jv0, sizeof(jv0)); if (error) - goto bail; + goto out; + + j.path = jv0.path; + j.hostname = jv0.hostname; + jip = kmalloc(sizeof(*jip), M_PRISON, M_WAITOK | M_ZERO); ip4addr.sin_family = AF_INET; ip4addr.sin_addr.s_addr = htonl(jv0.ip_number); memcpy(&jip->ip, &ip4addr, sizeof(ip4addr)); SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries); break; + } + case 1: /* * DragonFly multi noIP/IPv4/IPv6 jails @@ -179,74 +246,35 @@ sys_jail(struct jail_args *uap) error = copyin(uap->jail, &j, sizeof(j)); if (error) - goto bail; - uips = kmalloc((sizeof(*uips) * j.n_ips), M_PRISON, - M_WAITOK | M_ZERO); - error = copyin(j.ips, uips, (sizeof(*uips) * j.n_ips)); - if (error) { - kfree(uips, M_PRISON); - goto bail; - } - for (i = 0; i < j.n_ips; i++) { - jip = kmalloc(sizeof(*jip), M_PRISON, + goto out; + + for (int i = 0; i < j.n_ips; i++) { + jip = kmalloc(sizeof(*jip), M_PRISON, M_WAITOK | M_ZERO); - memcpy(&jip->ip, &uips[i], sizeof(*uips)); SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries); + error = copyin(&j.ips[i], &jip->ip, + sizeof(struct sockaddr_storage)); + if (error) + goto out; } - kfree(uips, M_PRISON); break; default: error = EINVAL; - goto bail; + goto out; } error = copyinstr(j.hostname, &pr->pr_host, sizeof(pr->pr_host), 0); if (error) - goto bail; - error = nlookup_init(&nd, j.path, UIO_USERSPACE, NLC_FOLLOW); - if (error) - goto nlookup_init_clean; - error = nlookup(&nd); - if (error) - goto nlookup_init_clean; - cache_copy(&nd.nl_nch, &pr->pr_root); + goto out; - varsymset_init(&pr->pr_varsymset, NULL); - prison_ipcache_init(pr); - - tryprid = lastprid + 1; - if (tryprid == JAIL_MAX) - tryprid = 1; -next: - LIST_FOREACH(tpr, &allprison, pr_list) { - if (tpr->pr_id != tryprid) - continue; - tryprid++; - if (tryprid == JAIL_MAX) { - error = ERANGE; - goto varsym_clean; - } - goto next; - } - pr->pr_id = lastprid = tryprid; - LIST_INSERT_HEAD(&allprison, pr, pr_list); - prisoncount++; - - error = kern_jail_attach(pr->pr_id); + error = kern_jail(pr, &j); if (error) - goto jail_attach_clean; + goto out; - nlookup_done(&nd); uap->sysmsg_result = pr->pr_id; return (0); -jail_attach_clean: - LIST_REMOVE(pr, pr_list); -varsym_clean: - varsymset_clean(&pr->pr_varsymset); -nlookup_init_clean: - nlookup_done(&nd); -bail: +out: /* Delete all ips */ while (!SLIST_EMPTY(&pr->pr_ips)) { jip = SLIST_FIRST(&pr->pr_ips); @@ -254,7 +282,7 @@ bail: kfree(jip, M_PRISON); } kfree(pr, M_PRISON); - return(error); + return (error); } /* -- 2.41.0 From dcea93a000b5b7ae9ff06da9ab2c770df938a54f Mon Sep 17 00:00:00 2001 From: Sascha Wildner Date: Thu, 1 Jan 2009 20:05:12 +0100 Subject: [PATCH 03/16] Some fixes related to the HAMMER support in the installer. * Add HAMMER related command names to the correct cmdnames.conf and remove the one in contrib/ to avoid future confusion. * Fix array initialization. * Improve wording a bit. --- .../src/backend/installer/conf/cmdnames.conf | 107 ------------------ .../src/backend/installer/flow.c | 4 +- .../src/backend/installer/fn_subpart_hammer.c | 2 +- share/installer/cmdnames.conf | 5 + 4 files changed, 8 insertions(+), 110 deletions(-) delete mode 100644 contrib/bsdinstaller-1.1.6/src/backend/installer/conf/cmdnames.conf diff --git a/contrib/bsdinstaller-1.1.6/src/backend/installer/conf/cmdnames.conf b/contrib/bsdinstaller-1.1.6/src/backend/installer/conf/cmdnames.conf deleted file mode 100644 index 758b31749e..0000000000 --- a/contrib/bsdinstaller-1.1.6/src/backend/installer/conf/cmdnames.conf +++ /dev/null @@ -1,107 +0,0 @@ -# Command names for DragonFly installer backend. -# $Id: cmdnames.conf,v 1.15 2005/04/08 02:29:17 cpressey Exp $ - -# This is in Bourne shell syntax so that it is easily editable; -# it is also sourced by the installer, a C program. - -# Note that file names here should all be relative to the -# installation media. They should NOT include leading slashes. -# They may contain extra command-line options. - -SH=bin/sh -MKDIR=bin/mkdir -CHMOD=bin/chmod -LN=bin/ln -RM=bin/rm -CP=bin/cp -DATE=bin/date -ECHO=bin/echo -DD=bin/dd -MV=bin/mv -CAT=bin/cat -TEST=bin/test - -# XXX 'sysctl' and '[' in the following tests should ideally include -# the full path to the executable. - -# Some operating systems (OpenBSD) have block devices for disks, slices, etc. -# Others don't. - -if [ X`sysctl -n kern.ostype` = "XOpenBSD" ]; then - TEST_DEV="$TEST -b" -else - TEST_DEV="$TEST -c" -fi - -# Some operating systems (DragonFly) have a version of cpdup that supports -u. -# Others don't, and we assume it is installed as a 'port' on those systems. - -if [ X`sysctl -n kern.ostype` = "XDragonFly" ]; then - CPDUP="bin/cpdup -o -vvv -u" - DHCPD=usr/sbin/dhcpd - RPCBIND=usr/sbin/portmap - MOUNTD=sbin/mountd - NFSD=sbin/nfsd -else - CPDUP="usr/local/bin/cpdup -o -vvv" - DHCPD=usr/local/sbin/dhcpd - RPCBIND=usr/sbin/rpcbind - MOUNTD=usr/sbin/mountd - NFSD=usr/sbin/nfsd -fi - -MOUNT=sbin/mount -MOUNT_HAMMER=sbin/mount_hammer -MOUNT_NULL=sbin/mount_null -MOUNT_MFS=sbin/mount_mfs -UMOUNT=sbin/umount -SWAPON=sbin/swapon -DISKLABEL=sbin/disklabel -DISKLABEL64=sbin/disklabel64 -HAMMER=sbin/hammer -NEWFS=sbin/newfs -NEWFS_HAMMER=sbin/newfs_hammer -NEWFS_MSDOS=sbin/newfs_msdos -FDISK=sbin/fdisk -DUMPON=sbin/dumpon -IFCONFIG=sbin/ifconfig -ROUTE=sbin/route -DHCLIENT=sbin/dhclient -SYSCTL=sbin/sysctl - -TOUCH=usr/bin/touch -YES=usr/bin/yes -BUNZIP2=usr/bin/bunzip2 -GREP=usr/bin/grep -KILLALL=usr/bin/killall -BASENAME=usr/bin/basename -SORT=usr/bin/sort -COMM=usr/bin/comm -AWK=usr/bin/awk -SED=usr/bin/sed -BC=usr/bin/bc -TR=usr/bin/tr - -PWD_MKDB=usr/sbin/pwd_mkdb -CHROOT=usr/sbin/chroot -VIDCONTROL=usr/sbin/vidcontrol -KBDCONTROL=usr/sbin/kbdcontrol -PW=usr/sbin/pw -SWAPINFO=usr/sbin/swapinfo -BOOT0CFG=usr/sbin/boot0cfg -FDFORMAT=usr/sbin/fdformat -PKG_ADD=usr/sbin/pkg_add -PKG_DELETE=usr/sbin/pkg_delete -PKG_CREATE=usr/sbin/pkg_create -PKG_INFO=usr/sbin/pkg_info -INETD=usr/sbin/inetd - -TFTPD=usr/libexec/tftpd - -CVSUP=usr/local/bin/cvsup -MEMTEST=usr/local/bin/memtest - -# These aren't commands, but they're configurable here nonetheless. - -DMESG_BOOT=var/run/dmesg.boot -INSTALLER_TEMP="/tmp/" diff --git a/contrib/bsdinstaller-1.1.6/src/backend/installer/flow.c b/contrib/bsdinstaller-1.1.6/src/backend/installer/flow.c index 0691bb2dfa..95a1cebf65 100644 --- a/contrib/bsdinstaller-1.1.6/src/backend/installer/flow.c +++ b/contrib/bsdinstaller-1.1.6/src/backend/installer/flow.c @@ -986,8 +986,8 @@ state_ask_fs(struct i_fn_args *a) switch (dfui_be_present_dialog(a->c, _("Select file system"), _("Use HAMMER|Use UFS|Return to Select Disk"), - _("Please select the file system you want to use with %s\n\n" - "HAMMER is the new %s file system. UFS the traditional BSD file system"), + _("Please select the file system you want to use with %s.\n\n" + "HAMMER is the new %s file system. UFS is the traditional BSD file system."), OPERATING_SYSTEM_NAME, OPERATING_SYSTEM_NAME)) { diff --git a/contrib/bsdinstaller-1.1.6/src/backend/installer/fn_subpart_hammer.c b/contrib/bsdinstaller-1.1.6/src/backend/installer/fn_subpart_hammer.c index 1cd411e660..320478be59 100644 --- a/contrib/bsdinstaller-1.1.6/src/backend/installer/fn_subpart_hammer.c +++ b/contrib/bsdinstaller-1.1.6/src/backend/installer/fn_subpart_hammer.c @@ -76,7 +76,7 @@ static struct dfui_form *make_create_subpartitions_form(struct i_fn_args *); static int show_create_subpartitions_form(struct dfui_form *, struct i_fn_args *); static const char *def_mountpt[7] = {"/", "swap", "/var", "/tmp", "/usr", "/home", NULL}; -static long def_capacity[7] = {-1, 128, 128, 128, 128, 256, 128, 0}; +static long def_capacity[7] = {-1, 128, 128, 128, 256, 128, 0}; static int expert = 0; diff --git a/share/installer/cmdnames.conf b/share/installer/cmdnames.conf index b6bce06a38..f48bebfcd6 100644 --- a/share/installer/cmdnames.conf +++ b/share/installer/cmdnames.conf @@ -52,11 +52,16 @@ else fi MOUNT=sbin/mount +MOUNT_HAMMER=sbin/mount_hammer MOUNT_MFS=sbin/mount_mfs +MOUNT_NULL=sbin/mount_null UMOUNT=sbin/umount SWAPON=sbin/swapon DISKLABEL=sbin/disklabel +DISKLABEL64=sbin/disklabel64 +HAMMER=sbin/hammer NEWFS=sbin/newfs +NEWFS_HAMMER=sbin/newfs_hammer NEWFS_MSDOS=sbin/newfs_msdos FDISK=sbin/fdisk DUMPON=sbin/dumpon -- 2.41.0 From 5cb5194da153cf9dab3ae963229583a4a161b635 Mon Sep 17 00:00:00 2001 From: Sascha Wildner Date: Thu, 1 Jan 2009 23:42:55 +0100 Subject: [PATCH 04/16] Handle 'hammer cleanup' using the output of mount instead of df. This fixes hammer(8) trying to cleanup null mounts which are not HAMMER related. --- sbin/hammer/cmd_cleanup.c | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/sbin/hammer/cmd_cleanup.c b/sbin/hammer/cmd_cleanup.c index ef4e448eef..8cc13f968b 100644 --- a/sbin/hammer/cmd_cleanup.c +++ b/sbin/hammer/cmd_cleanup.c @@ -92,32 +92,31 @@ void hammer_cmd_cleanup(char **av, int ac) { FILE *fp; - char *ptr; - char *path; + char *fs, *ptr, *path; char buf[256]; tzset(); if (ac == 0) { - fp = popen("df -t hammer,null", "r"); + fp = popen("mount -t hammer,null", "r"); if (fp == NULL) - errx(1, "hammer cleanup: 'df' failed"); + errx(1, "hammer cleanup: 'mount' failed"); while (fgets(buf, sizeof(buf), fp) != NULL) { - ptr = strtok(buf, WS); - if (ptr && strcmp(ptr, "Filesystem") == 0) + fs = strtok(buf, WS); + if (fs == NULL) continue; - if (ptr) - ptr = strtok(NULL, WS); - if (ptr) - ptr = strtok(NULL, WS); - if (ptr) - ptr = strtok(NULL, WS); - if (ptr) - ptr = strtok(NULL, WS); - if (ptr) { - path = strtok(NULL, WS); - if (path) - do_cleanup(path); - } + ptr = strtok(NULL, WS); + if (ptr == NULL) + continue; + path = strtok(NULL, WS); + if (path == NULL) + continue; + ptr = strtok(NULL, WS); + if (ptr == NULL) + continue; + if ((strncmp(ptr, "(hammer,", 8) == 0) || + ((strncmp(ptr, "(null,", 6) == 0) && + (strncmp(fs, "/pfs", 4) == 0))) + do_cleanup(path); } fclose(fp); } else { -- 2.41.0 From de5fa51db91ef4d0f59cec7af8553b7342af842d Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 14:21:45 -0500 Subject: [PATCH 05/16] Add a pam_chroot(8) module. Also, let's make pam_module/Makefile a little easier to deal with. Obtained-from: FreeBSD --- lib/pam_module/Makefile | 16 +++- lib/pam_module/pam_chroot/Makefile | 7 ++ lib/pam_module/pam_chroot/pam_chroot.8 | 94 +++++++++++++++++++++ lib/pam_module/pam_chroot/pam_chroot.c | 108 +++++++++++++++++++++++++ 4 files changed, 222 insertions(+), 3 deletions(-) create mode 100644 lib/pam_module/pam_chroot/Makefile create mode 100644 lib/pam_module/pam_chroot/pam_chroot.8 create mode 100644 lib/pam_module/pam_chroot/pam_chroot.c diff --git a/lib/pam_module/Makefile b/lib/pam_module/Makefile index 67c2ea6a12..e5b94c67c0 100644 --- a/lib/pam_module/Makefile +++ b/lib/pam_module/Makefile @@ -1,9 +1,19 @@ # $DragonFly: src/lib/pam_module/Makefile,v 1.4 2008/01/02 17:41:30 matthias Exp $ -SUBDIR= pam_cleartext_pass_ok pam_deny pam_nologin pam_opie pam_opieaccess -SUBDIR+= pam_permit pam_radius pam_ssh pam_tacplus pam_unix +SUBDIR= pam_chroot \ + pam_cleartext_pass_ok \ + pam_deny \ + pam_nologin \ + pam_opie \ + pam_opieaccess \ + pam_permit \ + pam_radius \ + pam_ssh \ + pam_tacplus \ + pam_unix + .if defined(WANT_KERBEROS) && !defined(NO_CRYPT) && !defined(NO_OPENSSL) -SUBDIR+= pam_krb5 +SUBDIR+=pam_krb5 .endif .include diff --git a/lib/pam_module/pam_chroot/Makefile b/lib/pam_module/pam_chroot/Makefile new file mode 100644 index 0000000000..018d7a7e26 --- /dev/null +++ b/lib/pam_module/pam_chroot/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD: src/lib/libpam/modules/pam_chroot/Makefile,v 1.1 2003/03/30 22:58:23 des Exp $ + +LIB= pam_chroot +SRCS= pam_chroot.c +MAN= pam_chroot.8 + +.include diff --git a/lib/pam_module/pam_chroot/pam_chroot.8 b/lib/pam_module/pam_chroot/pam_chroot.8 new file mode 100644 index 0000000000..08cf1c6188 --- /dev/null +++ b/lib/pam_module/pam_chroot/pam_chroot.8 @@ -0,0 +1,94 @@ +.\" Copyright (c) 2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_chroot/pam_chroot.8,v 1.4 2004/07/02 23:52:16 ru Exp $ +.\" +.Dd February 10, 2003 +.Dt PAM_CHROOT 8 +.Os +.Sh NAME +.Nm pam_chroot +.Nd Chroot PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_chroot +.Op Ar arguments +.Sh DESCRIPTION +The chroot service module for PAM chroots users into either a +predetermined directory or one derived from their home directory. +If a user's home directory as specified in the +.Vt passwd +structure returned by +.Xr getpwnam 3 +contains the string +.Dq Li /./ , +the portion of the directory name to the left of that string is used +as the chroot directory, and the portion to the right will be the +current working directory inside the chroot tree. +Otherwise, the directories specified by the +.Cm dir +and +.Cm cwd +options (see below) are used. +.Bl -tag -width ".Cm also_root" +.It Cm also_root +Do not hold user ID 0 exempt from the chroot requirement. +.It Cm always +Report a failure if a chroot directory could not be derived from the +user's home directory, and the +.Cm dir +option was not specified. +.It Cm cwd Ns = Ns Ar directory +Specify the directory to +.Xr chdir 2 +into after a successful +.Xr chroot 2 +call. +.It Cm dir Ns = Ns Ar directory +Specify the chroot directory to use if one could not be derived from +the user's home directory. +.El +.Sh SEE ALSO +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_chroot/pam_chroot.c b/lib/pam_module/pam_chroot/pam_chroot.c new file mode 100644 index 0000000000..512a8fb5e7 --- /dev/null +++ b/lib/pam_module/pam_chroot/pam_chroot.c @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_chroot/pam_chroot.c,v 1.3 2003/04/30 00:40:24 des Exp $ + */ + +#include + +#include +#include +#include +#include + +#define PAM_SM_SESSION + +#include +#include +#include + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + const char *dir, *end, *cwd, *user; + struct passwd *pwd; + char buf[PATH_MAX]; + + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || + user == NULL || (pwd = getpwnam(user)) == NULL) + return (PAM_SESSION_ERR); + if (pwd->pw_uid == 0 && !openpam_get_option(pamh, "also_root")) + return (PAM_SUCCESS); + if (pwd->pw_dir == NULL) + return (PAM_SESSION_ERR); + if ((end = strstr(pwd->pw_dir, "/./")) != NULL) { + if (snprintf(buf, sizeof(buf), "%.*s", + (int)(end - pwd->pw_dir), pwd->pw_dir) > (int)sizeof(buf)) { + openpam_log(PAM_LOG_ERROR, + "%s's home directory is too long", user); + return (PAM_SESSION_ERR); + } + dir = buf; + cwd = end + 2; + } else if ((dir = openpam_get_option(pamh, "dir")) != NULL) { + if ((cwd = openpam_get_option(pamh, "cwd")) == NULL) + cwd = "/"; + } else { + if (openpam_get_option(pamh, "always")) { + openpam_log(PAM_LOG_ERROR, + "%s has no chroot directory", user); + return (PAM_SESSION_ERR); + } + return (PAM_SUCCESS); + } + + openpam_log(PAM_LOG_DEBUG, "chrooting %s to %s", dir, user); + + if (chroot(dir) == -1) { + openpam_log(PAM_LOG_ERROR, "chroot(): %m"); + return (PAM_SESSION_ERR); + } + if (chdir(cwd) == -1) { + openpam_log(PAM_LOG_ERROR, "chdir(): %m"); + return (PAM_SESSION_ERR); + } + pam_setenv(pamh, "HOME", cwd, 1); + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_chroot"); -- 2.41.0 From 0428b37cac603f63530f46f12093631ed336f87e Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 15:24:50 -0500 Subject: [PATCH 06/16] Move WARNS6 into pam_module/Makefile.inc. --- lib/pam_module/Makefile.inc | 1 + lib/pam_module/pam_cleartext_pass_ok/Makefile | 1 - lib/pam_module/pam_deny/Makefile | 1 - lib/pam_module/pam_krb5/Makefile | 1 - lib/pam_module/pam_nologin/Makefile | 1 - lib/pam_module/pam_opie/Makefile | 1 - lib/pam_module/pam_opieaccess/Makefile | 1 - lib/pam_module/pam_permit/Makefile | 1 - lib/pam_module/pam_radius/Makefile | 1 - lib/pam_module/pam_ssh/Makefile | 1 - lib/pam_module/pam_tacplus/Makefile | 1 - lib/pam_module/pam_unix/Makefile | 1 - 12 files changed, 1 insertion(+), 11 deletions(-) diff --git a/lib/pam_module/Makefile.inc b/lib/pam_module/Makefile.inc index 221e3f22ec..7fb2fc54d0 100644 --- a/lib/pam_module/Makefile.inc +++ b/lib/pam_module/Makefile.inc @@ -4,6 +4,7 @@ SHLIB_NAME= ${LIB}.so.${MODULE_SHLIB_MAJOR} SHLIB_MAJOR= ${MODULE_SHLIB_MAJOR} NOINSTALLLIB= yes NOPROFILE= yes +WARNS?= 6 TARGET_LIBDIR= /usr/lib/security TARGET_SHLIBDIR= /usr/lib/security diff --git a/lib/pam_module/pam_cleartext_pass_ok/Makefile b/lib/pam_module/pam_cleartext_pass_ok/Makefile index 1b606cf5eb..bc0f946a08 100644 --- a/lib/pam_module/pam_cleartext_pass_ok/Makefile +++ b/lib/pam_module/pam_cleartext_pass_ok/Makefile @@ -2,7 +2,6 @@ LIB= pam_cleartext_pass_ok SRCS= pam_cleartext_pass_ok.c -WARNS?= 6 NOMAN= DPADD= ${LIBSKEY} diff --git a/lib/pam_module/pam_deny/Makefile b/lib/pam_module/pam_deny/Makefile index 591b41acd5..316ba07ba1 100644 --- a/lib/pam_module/pam_deny/Makefile +++ b/lib/pam_module/pam_deny/Makefile @@ -2,7 +2,6 @@ LIB= pam_deny SRCS= pam_deny.c -WARNS?= 6 MAN= pam_deny.8 .include diff --git a/lib/pam_module/pam_krb5/Makefile b/lib/pam_module/pam_krb5/Makefile index 832d309a48..1d431151f4 100644 --- a/lib/pam_module/pam_krb5/Makefile +++ b/lib/pam_module/pam_krb5/Makefile @@ -2,7 +2,6 @@ LIB= pam_krb5 SRCS= pam_krb5.c -WARNS?= 6 MAN= pam_krb5.8 DPADD= ${LIBKRB5} ${LIBGSSAPI} ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} \ diff --git a/lib/pam_module/pam_nologin/Makefile b/lib/pam_module/pam_nologin/Makefile index 9eb999d432..f4d8835272 100644 --- a/lib/pam_module/pam_nologin/Makefile +++ b/lib/pam_module/pam_nologin/Makefile @@ -27,7 +27,6 @@ LIB= pam_nologin SRCS= pam_nologin.c -WARNS?= 6 MAN= pam_nologin.8 DPADD= ${LIBUTIL} diff --git a/lib/pam_module/pam_opie/Makefile b/lib/pam_module/pam_opie/Makefile index 21d9d445d1..de8b8d4ea0 100644 --- a/lib/pam_module/pam_opie/Makefile +++ b/lib/pam_module/pam_opie/Makefile @@ -2,7 +2,6 @@ LIB= pam_opie SRCS= pam_opie.c -WARNS?= 6 MAN= pam_opie.8 DPADD= ${LIBOPIE} diff --git a/lib/pam_module/pam_opieaccess/Makefile b/lib/pam_module/pam_opieaccess/Makefile index 4743603754..859e064cde 100644 --- a/lib/pam_module/pam_opieaccess/Makefile +++ b/lib/pam_module/pam_opieaccess/Makefile @@ -2,7 +2,6 @@ LIB= pam_opieaccess SRCS= pam_opieaccess.c -WARNS?= 6 MAN= pam_opieaccess.8 DPADD= ${LIBOPIE} diff --git a/lib/pam_module/pam_permit/Makefile b/lib/pam_module/pam_permit/Makefile index d0417fdc44..900ef486f5 100644 --- a/lib/pam_module/pam_permit/Makefile +++ b/lib/pam_module/pam_permit/Makefile @@ -2,7 +2,6 @@ LIB= pam_permit SRCS= pam_permit.c -WARNS?= 6 MAN= pam_permit.8 .include diff --git a/lib/pam_module/pam_radius/Makefile b/lib/pam_module/pam_radius/Makefile index b3e16ecb58..761328149a 100644 --- a/lib/pam_module/pam_radius/Makefile +++ b/lib/pam_module/pam_radius/Makefile @@ -2,7 +2,6 @@ LIB= pam_radius SRCS= pam_radius.c -WARNS?= 6 MAN= pam_radius.8 DPADD= ${LIBRADIUS} diff --git a/lib/pam_module/pam_ssh/Makefile b/lib/pam_module/pam_ssh/Makefile index b409fc7463..2e980b6260 100644 --- a/lib/pam_module/pam_ssh/Makefile +++ b/lib/pam_module/pam_ssh/Makefile @@ -2,7 +2,6 @@ LIB= pam_ssh SRCS= pam_ssh.c -WARNS?= 6 MAN= pam_ssh.8 LDADD= -lssh -lcrypto -lcrypt diff --git a/lib/pam_module/pam_tacplus/Makefile b/lib/pam_module/pam_tacplus/Makefile index c8f079db49..9c50b33b3a 100644 --- a/lib/pam_module/pam_tacplus/Makefile +++ b/lib/pam_module/pam_tacplus/Makefile @@ -2,7 +2,6 @@ LIB= pam_tacplus SRCS= pam_tacplus.c -WARNS?= 6 MAN= pam_tacplus.8 DPADD= ${LIBTACPLUS} diff --git a/lib/pam_module/pam_unix/Makefile b/lib/pam_module/pam_unix/Makefile index 5a9bd08b8d..ff393d9e70 100644 --- a/lib/pam_module/pam_unix/Makefile +++ b/lib/pam_module/pam_unix/Makefile @@ -2,7 +2,6 @@ LIB= pam_unix SRCS= pam_unix.c -WARNS?= 6 MAN= pam_unix.8 DPADD= ${LIBCRYPT} ${LIBUTIL} -- 2.41.0 From 9392c2057695470fab246c4c8acf0e22c7f332bc Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 17:19:37 -0500 Subject: [PATCH 07/16] Add some more pam modules: pam_echo(8) Display args to user. pam_exec(8) Execute a program. pam_ftpusers(8) Enforces /etc/ftpusers. pam_group(8) Accept/reject a user based on their group. pam_guest(8) Allow guest logins. pam_ksu(8) Kerberos 5 auth for su(1). pam_lastlog(8) Record sessions in utmp/wtmp/lastlog. pam_login_access(8) Enforces /etc/login.access. pam_rhosts(8) See rhosts(5). pam_rootok(8) Succeeds if root. pam_securetty(8) Succeeds if use is on a secure tty. pam_self(8) Checks if local and remote user names are equal. Obtained-from: FreeBSD --- lib/pam_module/Makefile | 13 +- lib/pam_module/pam_echo/Makefile | 7 + lib/pam_module/pam_echo/pam_echo.8 | 93 +++++++ lib/pam_module/pam_echo/pam_echo.c | 150 ++++++++++ lib/pam_module/pam_exec/Makefile | 9 + lib/pam_module/pam_exec/pam_exec.8 | 75 +++++ lib/pam_module/pam_exec/pam_exec.c | 194 +++++++++++++ lib/pam_module/pam_ftpusers/Makefile | 7 + lib/pam_module/pam_ftpusers/pam_ftpusers.8 | 99 +++++++ lib/pam_module/pam_ftpusers/pam_ftpusers.c | 114 ++++++++ lib/pam_module/pam_group/Makefile | 7 + lib/pam_module/pam_group/pam_group.8 | 83 ++++++ lib/pam_module/pam_group/pam_group.c | 116 ++++++++ lib/pam_module/pam_guest/Makefile | 7 + lib/pam_module/pam_guest/pam_guest.8 | 98 +++++++ lib/pam_module/pam_guest/pam_guest.c | 113 ++++++++ lib/pam_module/pam_ksu/Makefile | 34 +++ lib/pam_module/pam_ksu/pam_ksu.8 | 122 +++++++++ lib/pam_module/pam_ksu/pam_ksu.c | 257 ++++++++++++++++++ lib/pam_module/pam_lastlog/Makefile | 34 +++ lib/pam_module/pam_lastlog/pam_lastlog.8 | 106 ++++++++ lib/pam_module/pam_lastlog/pam_lastlog.c | 201 ++++++++++++++ lib/pam_module/pam_login_access/Makefile | 31 +++ .../pam_login_access/login.access.5 | 57 ++++ .../pam_login_access/login_access.c | 242 +++++++++++++++++ .../pam_login_access/pam_login_access.8 | 89 ++++++ .../pam_login_access/pam_login_access.c | 100 +++++++ .../pam_login_access/pam_login_access.h | 39 +++ lib/pam_module/pam_rhosts/Makefile | 7 + lib/pam_module/pam_rhosts/pam_rhosts.8 | 95 +++++++ lib/pam_module/pam_rhosts/pam_rhosts.c | 94 +++++++ lib/pam_module/pam_rootok/Makefile | 31 +++ lib/pam_module/pam_rootok/pam_rootok.8 | 75 +++++ lib/pam_module/pam_rootok/pam_rootok.c | 72 +++++ lib/pam_module/pam_securetty/Makefile | 31 +++ lib/pam_module/pam_securetty/pam_securetty.8 | 92 +++++++ lib/pam_module/pam_securetty/pam_securetty.c | 95 +++++++ lib/pam_module/pam_self/Makefile | 31 +++ lib/pam_module/pam_self/pam_self.8 | 96 +++++++ lib/pam_module/pam_self/pam_self.c | 88 ++++++ 40 files changed, 3303 insertions(+), 1 deletion(-) create mode 100644 lib/pam_module/pam_echo/Makefile create mode 100644 lib/pam_module/pam_echo/pam_echo.8 create mode 100644 lib/pam_module/pam_echo/pam_echo.c create mode 100644 lib/pam_module/pam_exec/Makefile create mode 100644 lib/pam_module/pam_exec/pam_exec.8 create mode 100644 lib/pam_module/pam_exec/pam_exec.c create mode 100644 lib/pam_module/pam_ftpusers/Makefile create mode 100644 lib/pam_module/pam_ftpusers/pam_ftpusers.8 create mode 100644 lib/pam_module/pam_ftpusers/pam_ftpusers.c create mode 100644 lib/pam_module/pam_group/Makefile create mode 100644 lib/pam_module/pam_group/pam_group.8 create mode 100644 lib/pam_module/pam_group/pam_group.c create mode 100644 lib/pam_module/pam_guest/Makefile create mode 100644 lib/pam_module/pam_guest/pam_guest.8 create mode 100644 lib/pam_module/pam_guest/pam_guest.c create mode 100644 lib/pam_module/pam_ksu/Makefile create mode 100644 lib/pam_module/pam_ksu/pam_ksu.8 create mode 100644 lib/pam_module/pam_ksu/pam_ksu.c create mode 100644 lib/pam_module/pam_lastlog/Makefile create mode 100644 lib/pam_module/pam_lastlog/pam_lastlog.8 create mode 100644 lib/pam_module/pam_lastlog/pam_lastlog.c create mode 100644 lib/pam_module/pam_login_access/Makefile create mode 100644 lib/pam_module/pam_login_access/login.access.5 create mode 100644 lib/pam_module/pam_login_access/login_access.c create mode 100644 lib/pam_module/pam_login_access/pam_login_access.8 create mode 100644 lib/pam_module/pam_login_access/pam_login_access.c create mode 100644 lib/pam_module/pam_login_access/pam_login_access.h create mode 100644 lib/pam_module/pam_rhosts/Makefile create mode 100644 lib/pam_module/pam_rhosts/pam_rhosts.8 create mode 100644 lib/pam_module/pam_rhosts/pam_rhosts.c create mode 100644 lib/pam_module/pam_rootok/Makefile create mode 100644 lib/pam_module/pam_rootok/pam_rootok.8 create mode 100644 lib/pam_module/pam_rootok/pam_rootok.c create mode 100644 lib/pam_module/pam_securetty/Makefile create mode 100644 lib/pam_module/pam_securetty/pam_securetty.8 create mode 100644 lib/pam_module/pam_securetty/pam_securetty.c create mode 100644 lib/pam_module/pam_self/Makefile create mode 100644 lib/pam_module/pam_self/pam_self.8 create mode 100644 lib/pam_module/pam_self/pam_self.c diff --git a/lib/pam_module/Makefile b/lib/pam_module/Makefile index e5b94c67c0..2cf0269bed 100644 --- a/lib/pam_module/Makefile +++ b/lib/pam_module/Makefile @@ -3,17 +3,28 @@ SUBDIR= pam_chroot \ pam_cleartext_pass_ok \ pam_deny \ + pam_echo \ + pam_exec \ + pam_ftpusers \ + pam_group \ + pam_guest \ + pam_lastlog \ + pam_login_access \ pam_nologin \ pam_opie \ pam_opieaccess \ pam_permit \ pam_radius \ + pam_rhosts \ + pam_rootok \ + pam_securetty \ + pam_self \ pam_ssh \ pam_tacplus \ pam_unix .if defined(WANT_KERBEROS) && !defined(NO_CRYPT) && !defined(NO_OPENSSL) -SUBDIR+=pam_krb5 +SUBDIR+=pam_krb5 pam_ksu .endif .include diff --git a/lib/pam_module/pam_echo/Makefile b/lib/pam_module/pam_echo/Makefile new file mode 100644 index 0000000000..5b123d5613 --- /dev/null +++ b/lib/pam_module/pam_echo/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD: src/lib/libpam/modules/pam_echo/Makefile,v 1.2 2003/03/09 20:06:35 obrien Exp $ + +LIB= pam_echo +SRCS= pam_echo.c +MAN= pam_echo.8 + +.include diff --git a/lib/pam_module/pam_echo/pam_echo.8 b/lib/pam_module/pam_echo/pam_echo.8 new file mode 100644 index 0000000000..0ba857893c --- /dev/null +++ b/lib/pam_module/pam_echo/pam_echo.8 @@ -0,0 +1,93 @@ +.\" Copyright (c) 2001,2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_echo/pam_echo.8,v 1.4 2004/07/02 23:52:16 ru Exp $ +.\" +.Dd February 6, 2003 +.Dt PAM_ECHO 8 +.Os +.Sh NAME +.Nm pam_echo +.Nd Echo PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_echo +.Op Ar arguments +.Sh DESCRIPTION +The echo service module for PAM displays its arguments to the user, +separated by spaces, using the current conversation function. +.Pp +If the +.Cm % +character occurs anywhere in the arguments to +.Nm , +it is assumed to introduce one of the following escape sequences: +.Bl -tag -width 4n +.It Cm %H +The name of the host on which the client runs +.Pq Dv PAM_RHOST . +.\".It Cm %h +.\"The name of the host on which the server runs. +.It Cm %s +The current service name +.Pq Dv PAM_SERVICE . +.It Cm %t +The name of the controlling tty +.Pq Dv PAM_TTY . +.It Cm %U +The applicant's user name +.Pq Dv PAM_RUSER . +.It Cm %u +The target account's user name +.Pq Dv PAM_USER . +.El +.Pp +Any other two-character sequence beginning with +.Cm % +expands to the character following the +.Cm % +character. +.Sh SEE ALSO +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_echo/pam_echo.c b/lib/pam_module/pam_echo/pam_echo.c new file mode 100644 index 0000000000..d1c0ce0e60 --- /dev/null +++ b/lib/pam_module/pam_echo/pam_echo.c @@ -0,0 +1,150 @@ +/*- + * Copyright (c) 2001,2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_echo/pam_echo.c,v 1.4 2003/12/11 13:55:15 des Exp $ + */ + +#include +#include +#include + +#include +#include +#include + +static int +_pam_echo(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + char msg[PAM_MAX_MSG_SIZE]; + const void *str; + const char *p, *q; + int err, i, item; + size_t len; + + if (flags & PAM_SILENT) + return (PAM_SUCCESS); + for (i = 0, len = 0; i < argc && len < sizeof(msg) - 1; ++i) { + if (i > 0) + msg[len++] = ' '; + for (p = argv[i]; *p != '\0' && len < sizeof(msg) - 1; ++p) { + if (*p != '%' || p[1] == '\0') { + msg[len++] = *p; + continue; + } + switch (*++p) { + case 'H': + item = PAM_RHOST; + break; + case 'h': + /* not implemented */ + item = -1; + break; + case 's': + item = PAM_SERVICE; + break; + case 't': + item = PAM_TTY; + break; + case 'U': + item = PAM_RUSER; + break; + case 'u': + item = PAM_USER; + break; + default: + item = -1; + msg[len++] = *p; + break; + } + if (item == -1) + continue; + err = pam_get_item(pamh, item, &str); + if (err != PAM_SUCCESS) + return (err); + if (str == NULL) + str = "(null)"; + for (q = str; *q != '\0' && len < sizeof(msg) - 1; ++q) + msg[len++] = *q; + } + } + msg[len] = '\0'; + return (pam_info(pamh, "%s", msg)); +} + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + if (flags & PAM_PRELIM_CHECK) + return (PAM_SUCCESS); + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_MODULE_ENTRY("pam_echo"); diff --git a/lib/pam_module/pam_exec/Makefile b/lib/pam_module/pam_exec/Makefile new file mode 100644 index 0000000000..d54c31b022 --- /dev/null +++ b/lib/pam_module/pam_exec/Makefile @@ -0,0 +1,9 @@ +# $FreeBSD: src/lib/libpam/modules/pam_exec/Makefile,v 1.2 2003/03/09 20:06:35 obrien Exp $ + +LIB= pam_exec +SRCS= pam_exec.c +MAN= pam_exec.8 + +WARNS?= 1 + +.include diff --git a/lib/pam_module/pam_exec/pam_exec.8 b/lib/pam_module/pam_exec/pam_exec.8 new file mode 100644 index 0000000000..47f3a96a5f --- /dev/null +++ b/lib/pam_module/pam_exec/pam_exec.8 @@ -0,0 +1,75 @@ +.\" Copyright (c) 2001,2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.8,v 1.6 2005/06/15 19:04:04 ru Exp $ +.\" +.Dd February 1, 2005 +.Dt PAM_EXEC 8 +.Os +.Sh NAME +.Nm pam_exec +.Nd Exec PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_exec +.Op Ar arguments +.Sh DESCRIPTION +The exec service module for PAM executes the program designated by its +first argument, with its remaining arguments as command-line +arguments. +The child's environment is set to the current PAM environment list, +as returned by +.Xr pam_getenvlist 3 . +In addition, the following PAM items are exported as environment +variables: +.Ev PAM_RHOST , +.Ev PAM_RUSER , +.Ev PAM_SERVICE , +.Ev PAM_TTY , +and +.Ev PAM_USER . +.Sh SEE ALSO +.Xr pam_get_item 3 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_exec/pam_exec.c b/lib/pam_module/pam_exec/pam_exec.c new file mode 100644 index 0000000000..47466aff7c --- /dev/null +++ b/lib/pam_module/pam_exec/pam_exec.c @@ -0,0 +1,194 @@ +/*- + * Copyright (c) 2001,2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.c,v 1.6 2006/11/10 23:33:25 des Exp $ + */ + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include + +#define ENV_ITEM(n) { (n), #n } +static struct { + int item; + const char *name; +} env_items[] = { + ENV_ITEM(PAM_SERVICE), + ENV_ITEM(PAM_USER), + ENV_ITEM(PAM_TTY), + ENV_ITEM(PAM_RHOST), + ENV_ITEM(PAM_RUSER), +}; + +static int +_pam_exec(pam_handle_t *pamh __unused, int flags __unused, + int argc, const char *argv[]) +{ + int envlen, i, nitems, pam_err, status; + char **envlist, **tmp; + volatile int childerr; + pid_t pid; + + if (argc < 1) + return (PAM_SERVICE_ERR); + + /* + * XXX For additional credit, divert child's stdin/stdout/stderr + * to the conversation function. + */ + + /* + * Set up the child's environment list. It consists of the PAM + * environment, plus a few hand-picked PAM items. + */ + envlist = pam_getenvlist(pamh); + for (envlen = 0; envlist[envlen] != NULL; ++envlen) + /* nothing */ ; + nitems = sizeof(env_items) / sizeof(*env_items); + tmp = realloc(envlist, (envlen + nitems + 1) * sizeof(*envlist)); + if (tmp == NULL) { + openpam_free_envlist(envlist); + return (PAM_BUF_ERR); + } + envlist = tmp; + for (i = 0; i < nitems; ++i) { + const void *item; + char *envstr; + + pam_err = pam_get_item(pamh, env_items[i].item, &item); + if (pam_err != PAM_SUCCESS || item == NULL) + continue; + asprintf(&envstr, "%s=%s", env_items[i].name, item); + if (envstr == NULL) { + openpam_free_envlist(envlist); + return (PAM_BUF_ERR); + } + envlist[envlen++] = envstr; + envlist[envlen] = NULL; + } + + /* + * Fork and run the command. By using vfork() instead of fork(), + * we can distinguish between an execve() failure and a non-zero + * exit code from the command. + */ + childerr = 0; + if ((pid = vfork()) == 0) { + execve(argv[0], (char * const *)argv, (char * const *)envlist); + childerr = errno; + _exit(1); + } + openpam_free_envlist(envlist); + if (pid == -1) { + openpam_log(PAM_LOG_ERROR, "vfork(): %m"); + return (PAM_SYSTEM_ERR); + } + if (waitpid(pid, &status, 0) == -1) { + openpam_log(PAM_LOG_ERROR, "waitpid(): %m"); + return (PAM_SYSTEM_ERR); + } + if (childerr != 0) { + openpam_log(PAM_LOG_ERROR, "execve(): %m"); + return (PAM_SYSTEM_ERR); + } + if (WIFSIGNALED(status)) { + openpam_log(PAM_LOG_ERROR, "%s caught signal %d%s", + argv[0], WTERMSIG(status), + WCOREDUMP(status) ? " (core dumped)" : ""); + return (PAM_SYSTEM_ERR); + } + if (!WIFEXITED(status)) { + openpam_log(PAM_LOG_ERROR, "unknown status 0x%x", status); + return (PAM_SYSTEM_ERR); + } + if (WEXITSTATUS(status) != 0) { + openpam_log(PAM_LOG_ERROR, "%s returned code %d", + argv[0], WEXITSTATUS(status)); + return (PAM_SYSTEM_ERR); + } + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_MODULE_ENTRY("pam_exec"); diff --git a/lib/pam_module/pam_ftpusers/Makefile b/lib/pam_module/pam_ftpusers/Makefile new file mode 100644 index 0000000000..2219dad72f --- /dev/null +++ b/lib/pam_module/pam_ftpusers/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD: src/lib/libpam/modules/pam_ftpusers/Makefile,v 1.2 2003/03/09 20:06:35 obrien Exp $ + +LIB= pam_ftpusers +SRCS= pam_ftpusers.c +MAN= pam_ftpusers.8 + +.include diff --git a/lib/pam_module/pam_ftpusers/pam_ftpusers.8 b/lib/pam_module/pam_ftpusers/pam_ftpusers.8 new file mode 100644 index 0000000000..69642cce95 --- /dev/null +++ b/lib/pam_module/pam_ftpusers/pam_ftpusers.8 @@ -0,0 +1,99 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8,v 1.2 2004/07/02 23:52:17 ru Exp $ +.\" +.Dd April 17, 2002 +.Dt PAM_FTPUSERS 8 +.Os +.Sh NAME +.Nm pam_ftpusers +.Nd ftpusers PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_ftpusers +.Op Ar options +.Sh DESCRIPTION +The +.Pa ftpusers +service module for PAM, +.Nm +provides functionality for only one PAM category: +account management. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li account +feature. +.Ss Ftpusers Account Management Module +The +.Pa ftpusers +account management component +.Pq Fn pam_sm_acct_mgmt , +succeeds if and only if the user is listed in +.Pa /etc/ftpusers . +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm disallow" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm no_warn +suppress warning messages to the user. +These messages include reasons why the user's authentication attempt +was declined. +.It Cm disallow +reverse the semantics; +.Nm +will succeed if and only if the user is not listed in +.Pa /etc/ftpusers . +.El +.Sh SEE ALSO +.Xr ftpusers 5 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_ftpusers/pam_ftpusers.c b/lib/pam_module/pam_ftpusers/pam_ftpusers.c new file mode 100644 index 0000000000..8244a382c0 --- /dev/null +++ b/lib/pam_module/pam_ftpusers/pam_ftpusers.c @@ -0,0 +1,114 @@ +/*- + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c,v 1.1 2002/05/08 00:30:10 des Exp $ + */ + +#include +#include +#include +#include +#include +#include +#include + +#define PAM_SM_ACCOUNT + +#include +#include +#include +#include + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + struct passwd *pwd; + struct group *grp; + const char *user; + int pam_err, found, allow; + char *line, *name, **mem; + size_t len, ulen; + FILE *f; + + pam_err = pam_get_user(pamh, &user, NULL); + if (pam_err != PAM_SUCCESS) + return (pam_err); + if (user == NULL || (pwd = getpwnam(user)) == NULL) + return (PAM_SERVICE_ERR); + + found = 0; + ulen = strlen(user); + if ((f = fopen(_PATH_FTPUSERS, "r")) == NULL) { + PAM_LOG("%s: %m", _PATH_FTPUSERS); + goto done; + } + while (!found && (line = fgetln(f, &len)) != NULL) { + if (*line == '#') + continue; + while (len > 0 && isspace(line[len - 1])) + --len; + if (len == 0) + continue; + /* simple case first */ + if (*line != '@') { + if (len == ulen && strncmp(user, line, len) == 0) + found = 1; + continue; + } + /* member of specified group? */ + asprintf(&name, "%.*s", (int)len - 1, line + 1); + if (name == NULL) { + fclose(f); + return (PAM_BUF_ERR); + } + grp = getgrnam(name); + free(name); + if (grp == NULL) + continue; + for (mem = grp->gr_mem; mem && *mem && !found; ++mem) + if (strcmp(user, *mem) == 0) + found = 1; + } + done: + allow = (openpam_get_option(pamh, "disallow") == NULL); + if (found) + pam_err = allow ? PAM_SUCCESS : PAM_AUTH_ERR; + else + pam_err = allow ? PAM_AUTH_ERR : PAM_SUCCESS; + if (f != NULL) + fclose(f); + return (pam_err); +} + +PAM_MODULE_ENTRY("pam_ftpusers"); diff --git a/lib/pam_module/pam_group/Makefile b/lib/pam_module/pam_group/Makefile new file mode 100644 index 0000000000..7607450dda --- /dev/null +++ b/lib/pam_module/pam_group/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD: src/lib/libpam/modules/pam_group/Makefile,v 1.1 2003/02/06 14:27:48 des Exp $ + +LIB= pam_group +SRCS= pam_group.c +MAN= pam_group.8 + +.include diff --git a/lib/pam_module/pam_group/pam_group.8 b/lib/pam_module/pam_group/pam_group.8 new file mode 100644 index 0000000000..1ee17e87fa --- /dev/null +++ b/lib/pam_module/pam_group/pam_group.8 @@ -0,0 +1,83 @@ +.\" Copyright (c) 2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_group/pam_group.8,v 1.3 2004/07/02 23:52:17 ru Exp $ +.\" +.Dd February 6, 2003 +.Dt PAM_GROUP 8 +.Os +.Sh NAME +.Nm pam_group +.Nd Group PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_group +.Op Ar arguments +.Sh DESCRIPTION +The group service module for PAM accepts or rejects users based on +their membership in a particular file group. +.Pp +The following options may be passed to the +.Nm +module: +.Bl -tag -width ".Cm fail_safe" +.It Cm deny +Reverse the meaning of the test, i.e., reject the applicant if and only +if he or she is a member of the specified group. +This can be useful to exclude certain groups of users from certain +services. +.It Cm fail_safe +If the specified group does not exist, or has no members, act as if +it does exist and the applicant is a member. +.It Cm group Ns = Ns Ar groupname +Specify the name of the group to check. +The default is +.Dq Li wheel . +.It Cm root_only +Skip this module entirely if the target account is not the superuser +account. +.El +.Sh SEE ALSO +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_group/pam_group.c b/lib/pam_module/pam_group/pam_group.c new file mode 100644 index 0000000000..d9e44f34ce --- /dev/null +++ b/lib/pam_module/pam_group/pam_group.c @@ -0,0 +1,116 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_group/pam_group.c,v 1.4 2003/12/11 13:55:15 des Exp $ + */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#define PAM_SM_AUTH + +#include +#include +#include + + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + const char *group, *user; + const void *ruser; + char *const *list; + struct passwd *pwd; + struct group *grp; + + /* get target account */ + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || + user == NULL || (pwd = getpwnam(user)) == NULL) + return (PAM_AUTH_ERR); + if (pwd->pw_uid != 0 && openpam_get_option(pamh, "root_only")) + return (PAM_IGNORE); + + /* get applicant */ + if (pam_get_item(pamh, PAM_RUSER, &ruser) != PAM_SUCCESS + || ruser == NULL || (pwd = getpwnam(ruser)) == NULL) + return (PAM_AUTH_ERR); + + /* get regulating group */ + if ((group = openpam_get_option(pamh, "group")) == NULL) + group = "wheel"; + if ((grp = getgrnam(group)) == NULL || grp->gr_mem == NULL) + goto failed; + + /* check if the group is empty */ + if (*grp->gr_mem == NULL) + goto failed; + + /* check membership */ + if (pwd->pw_gid == grp->gr_gid) + goto found; + for (list = grp->gr_mem; *list != NULL; ++list) + if (strcmp(*list, pwd->pw_name) == 0) + goto found; + + not_found: + if (openpam_get_option(pamh, "deny")) + return (PAM_SUCCESS); + return (PAM_AUTH_ERR); + found: + if (openpam_get_option(pamh, "deny")) + return (PAM_AUTH_ERR); + return (PAM_SUCCESS); + failed: + if (openpam_get_option(pamh, "fail_safe")) + goto found; + else + goto not_found; +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_group"); diff --git a/lib/pam_module/pam_guest/Makefile b/lib/pam_module/pam_guest/Makefile new file mode 100644 index 0000000000..a174e84e48 --- /dev/null +++ b/lib/pam_module/pam_guest/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD: src/lib/libpam/modules/pam_guest/Makefile,v 1.1 2003/05/31 16:52:58 des Exp $ + +LIB= pam_guest +SRCS= pam_guest.c +MAN= pam_guest.8 + +.include diff --git a/lib/pam_module/pam_guest/pam_guest.8 b/lib/pam_module/pam_guest/pam_guest.8 new file mode 100644 index 0000000000..29cf852083 --- /dev/null +++ b/lib/pam_module/pam_guest/pam_guest.8 @@ -0,0 +1,98 @@ +.\" Copyright (c) 2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_guest/pam_guest.8,v 1.4 2004/07/05 06:39:03 ru Exp $ +.\" +.Dd May 26, 2003 +.Dt PAM_GUEST 8 +.Os +.Sh NAME +.Nm pam_guest +.Nd Guest PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_guest +.Op Ar arguments +.Sh DESCRIPTION +The guest service module for PAM allows guest logins. +If successful, the +.Nm +module sets the PAM environment variable +.Ev GUEST +to the login name. +The application can check this variable using +.Xr pam_getenv 3 +to differentiate guest logins from normal logins. +.Pp +The following options may be passed to the +.Nm +module: +.Bl -tag -width ".Cm pass_as_ruser" +.It Cm guests Ns = Ns Ar list +Comma-separated list of guest account names. +The default is +.Dq Li guest . +A typical value for +.Xr ftpd 8 +would be +.Dq Li anonymous,ftp . +.It Cm nopass +Omits the password prompt if the target account is on the list of +guest accounts. +.It Cm pass_as_ruser +The password typed in by the user is exported as the +.Dv PAM_RUSER +item. +This is useful for applications like +.Xr ftpd 8 +where guest users are encouraged to use their email address as +password. +.It Cm pass_is_user +Requires the guest user to type in the guest account name as password. +.El +.Sh SEE ALSO +.Xr pam_getenv 3 , +.Xr pam_get_item 3 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_guest/pam_guest.c b/lib/pam_module/pam_guest/pam_guest.c new file mode 100644 index 0000000000..54b80d0bea --- /dev/null +++ b/lib/pam_module/pam_guest/pam_guest.c @@ -0,0 +1,113 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_guest/pam_guest.c,v 1.1 2003/05/31 16:52:58 des Exp $ + */ + +#include + +#define PAM_SM_AUTH + +#include +#include +#include + +#define DEFAULT_GUESTS "guest" + +static int +lookup(const char *str, const char *list) +{ + const char *next; + size_t len; + + len = strlen(str); + while (*list != '\0') { + while (*list == ',') + ++list; + if ((next = strchr(list, ',')) == NULL) + next = strchr(list, '\0'); + if (next - list == (ptrdiff_t)len && + strncmp(list, str, len) == 0) + return (1); + list = next; + } + return (0); +} + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + const char *authtok, *guests, *user; + int err, is_guest; + + /* get target account */ + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL) + return (PAM_AUTH_ERR); + + /* get list of guest logins */ + if ((guests = openpam_get_option(pamh, "guests")) == NULL) + guests = DEFAULT_GUESTS; + + /* check if the target account is on the list */ + is_guest = lookup(user, guests); + + /* check password */ + if (!openpam_get_option(pamh, "nopass")) { + err = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL); + if (err != PAM_SUCCESS) + return (err); + if (openpam_get_option(pamh, "pass_is_user") && + strcmp(user, authtok) != 0) + return (PAM_AUTH_ERR); + if (openpam_get_option(pamh, "pass_as_ruser")) + pam_set_item(pamh, PAM_RUSER, authtok); + } + + /* done */ + if (is_guest) { + pam_setenv(pamh, "GUEST", user, 1); + return (PAM_SUCCESS); + } + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_guest"); diff --git a/lib/pam_module/pam_ksu/Makefile b/lib/pam_module/pam_ksu/Makefile new file mode 100644 index 0000000000..c000e19b5b --- /dev/null +++ b/lib/pam_module/pam_ksu/Makefile @@ -0,0 +1,34 @@ +# Copyright 2002 FreeBSD, Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/lib/libpam/modules/pam_ksu/Makefile,v 1.6 2004/08/06 07:27:04 cperciva Exp $ + +LIB= pam_ksu +SRCS= pam_ksu.c +MAN= pam_ksu.8 + +DPADD= ${LIBKRB5} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} +LDADD= -lkrb5 -lasn1 -lroken -lcom_err -lcrypt -lcrypto + +.include diff --git a/lib/pam_module/pam_ksu/pam_ksu.8 b/lib/pam_module/pam_ksu/pam_ksu.8 new file mode 100644 index 0000000000..08322b79eb --- /dev/null +++ b/lib/pam_module/pam_ksu/pam_ksu.8 @@ -0,0 +1,122 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.8,v 1.3 2002/12/12 08:19:47 ru Exp $ +.\" +.Dd May 15, 2002 +.Dt PAM_KSU 8 +.Os +.Sh NAME +.Nm pam_ksu +.Nd Kerberos 5 SU PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_ksu +.Op Ar options +.Sh DESCRIPTION +The Kerberos 5 SU authentication service module for PAM, +.Nm +for only one PAM category: authentication. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li auth +feature. +The module is specifically designed to be used with the +.Xr su 1 +utility. +.\" It also provides a null function for session management. +.Ss Kerberos 5 SU Authentication Module +The Kerberos 5 SU authentication component provides functions to verify +the identity of a user +.Pq Fn pam_sm_authenticate , +and determine whether or not the user is authorized to obtain the +privileges of the target account. +If the target account is +.Dq root , +then the Kerberos 5 principal used +for authentication and authorization will be the +.Dq root +instance of +the current user, e.g.\& +.Dq Li user/root@REAL.M . +Otherwise, the principal will simply be the current user's default +principal, e.g.\& +.Dq Li user@REAL.M . +.Pp +The user is prompted for a password if necessary. +Authorization is performed +by comparing the Kerberos 5 principal with those listed in the +.Pa .k5login +file in the target account's home directory +(e.g.\& +.Pa /root/.k5login +for root). +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm use_first_pass" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm use_first_pass +If the authentication module +is not the first in the stack, +and a previous module +obtained the user's password, +that password is used +to authenticate the user. +If this fails, +the authentication module returns failure +without prompting the user for a password. +This option has no effect +if the authentication module +is the first in the stack, +or if no previous modules +obtained the user's password. +.It Cm try_first_pass +This option is similar to the +.Cm use_first_pass +option, +except that if the previously obtained password fails, +the user is prompted for another password. +.El +.Sh SEE ALSO +.Xr su 1 , +.Xr syslog 3 , +.Xr pam.conf 5 , +.Xr pam 8 diff --git a/lib/pam_module/pam_ksu/pam_ksu.c b/lib/pam_module/pam_ksu/pam_ksu.c new file mode 100644 index 0000000000..8194cad28a --- /dev/null +++ b/lib/pam_module/pam_ksu/pam_ksu.c @@ -0,0 +1,257 @@ +/*- + * Copyright (c) 2002 Jacques A. Vidrine + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $ + */ + +#include +#include +#include +#include +#include +#include + +#include + +#define PAM_SM_AUTH +#define PAM_SM_CRED +#include +#include +#include + +static const char superuser[] = "root"; + +static long get_su_principal(krb5_context, const char *, const char *, + char **, krb5_principal *); +static int auth_krb5(pam_handle_t *, krb5_context, const char *, + krb5_principal); + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + krb5_context context; + krb5_principal su_principal; + const char *user; + const void *ruser; + char *su_principal_name; + long rv; + int pamret; + + pamret = pam_get_user(pamh, &user, NULL); + if (pamret != PAM_SUCCESS) + return (pamret); + PAM_LOG("Got user: %s", user); + pamret = pam_get_item(pamh, PAM_RUSER, &ruser); + if (pamret != PAM_SUCCESS) + return (pamret); + PAM_LOG("Got ruser: %s", (const char *)ruser); + rv = krb5_init_context(&context); + if (rv != 0) { + PAM_LOG("krb5_init_context failed: %s", + krb5_get_err_text(context, rv)); + return (PAM_SERVICE_ERR); + } + rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal); + if (rv != 0) + return (PAM_AUTH_ERR); + PAM_LOG("kuserok: %s -> %s", su_principal_name, user); + rv = krb5_kuserok(context, su_principal, user); + pamret = rv ? auth_krb5(pamh, context, su_principal_name, su_principal) : PAM_AUTH_ERR; + free(su_principal_name); + krb5_free_principal(context, su_principal); + krb5_free_context(context); + return (pamret); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int ac __unused, const char *av[] __unused) +{ + + return (PAM_SUCCESS); +} + +/* Authenticate using Kerberos 5. + * pamh -- The PAM handle. + * context -- An initialized krb5_context. + * su_principal_name -- The target principal name, used only for password prompts. + * If NULL, the password prompts will not include a principal + * name. + * su_principal -- The target krb5_principal. + * Note that a valid keytab in the default location with a host entry + * must be available, and that the PAM application must have sufficient + * privileges to access it. + * Returns PAM_SUCCESS if authentication was successful, or an appropriate + * PAM error code if it was not. + */ +static int +auth_krb5(pam_handle_t *pamh, krb5_context context, const char *su_principal_name, + krb5_principal su_principal) +{ + krb5_creds creds; + krb5_get_init_creds_opt gic_opt; + krb5_verify_init_creds_opt vic_opt; + const char *pass; + char *prompt; + long rv; + int pamret; + + prompt = NULL; + krb5_get_init_creds_opt_init(&gic_opt); + krb5_verify_init_creds_opt_init(&vic_opt); + if (su_principal_name != NULL) + asprintf(&prompt, "Password for %s:", su_principal_name); + else + asprintf(&prompt, "Password:"); + if (prompt == NULL) + return (PAM_BUF_ERR); + pass = NULL; + pamret = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt); + free(prompt); + if (pamret != PAM_SUCCESS) + return (pamret); + rv = krb5_get_init_creds_password(context, &creds, su_principal, + pass, NULL, NULL, 0, NULL, &gic_opt); + if (rv != 0) { + PAM_LOG("krb5_get_init_creds_password: %s", + krb5_get_err_text(context, rv)); + return (PAM_AUTH_ERR); + } + krb5_verify_init_creds_opt_set_ap_req_nofail(&vic_opt, 1); + rv = krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, + &vic_opt); + krb5_free_cred_contents(context, &creds); + if (rv != 0) { + PAM_LOG("krb5_verify_init_creds: %s", + krb5_get_err_text(context, rv)); + return (PAM_AUTH_ERR); + } + return (PAM_SUCCESS); +} + +/* Determine the target principal given the current user and the target user. + * context -- An initialized krb5_context. + * target_user -- The target username. + * current_user -- The current username. + * su_principal_name -- (out) The target principal name. + * su_principal -- (out) The target krb5_principal. + * When the target user is `root', the target principal will be a `root + * instance', e.g. `luser/root@REA.LM'. Otherwise, the target principal + * will simply be the current user's default principal name. Note that + * in any case, if KRB5CCNAME is set and a credentials cache exists, the + * principal name found there will be the `starting point', rather than + * the ruser parameter. + * + * Returns 0 for success, or a com_err error code on failure. + */ +static long +get_su_principal(krb5_context context, const char *target_user, + const char *current_user, char **su_principal_name, + krb5_principal *su_principal) +{ + krb5_principal default_principal; + krb5_ccache ccache; + char *principal_name, *ccname, *p; + long rv; + uid_t euid, ruid; + + *su_principal = NULL; + default_principal = NULL; + /* Unless KRB5CCNAME was explicitly set, we won't really be able + * to look at the credentials cache since krb5_cc_default will + * look at getuid(). + */ + ruid = getuid(); + euid = geteuid(); + rv = seteuid(ruid); + if (rv != 0) + return (errno); + p = getenv("KRB5CCNAME"); + if (p != NULL) + ccname = strdup(p); + else + asprintf(&ccname, "%s%lu", KRB5_DEFAULT_CCROOT, (unsigned long)ruid); + if (ccname == NULL) + return (errno); + rv = krb5_cc_resolve(context, ccname, &ccache); + free(ccname); + if (rv == 0) { + rv = krb5_cc_get_principal(context, ccache, &default_principal); + krb5_cc_close(context, ccache); + if (rv != 0) + default_principal = NULL; /* just to be safe */ + } + rv = seteuid(euid); + if (rv != 0) + return (errno); + if (default_principal == NULL) { + rv = krb5_make_principal(context, &default_principal, NULL, current_user, NULL); + if (rv != 0) { + PAM_LOG("Could not determine default principal name."); + return (rv); + } + } + /* Now that we have some principal, if the target account is + * `root', then transform it into a `root' instance, e.g. + * `user@REA.LM' -> `user/root@REA.LM'. + */ + rv = krb5_unparse_name(context, default_principal, &principal_name); + krb5_free_principal(context, default_principal); + if (rv != 0) { + PAM_LOG("krb5_unparse_name: %s", + krb5_get_err_text(context, rv)); + return (rv); + } + PAM_LOG("Default principal name: %s", principal_name); + if (strcmp(target_user, superuser) == 0) { + p = strrchr(principal_name, '@'); + if (p == NULL) { + PAM_LOG("malformed principal name `%s'", principal_name); + free(principal_name); + return (rv); + } + *p++ = '\0'; + *su_principal_name = NULL; + asprintf(su_principal_name, "%s/%s@%s", principal_name, superuser, p); + free(principal_name); + } else + *su_principal_name = principal_name; + + if (*su_principal_name == NULL) + return (errno); + rv = krb5_parse_name(context, *su_principal_name, &default_principal); + if (rv != 0) { + PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name, + krb5_get_err_text(context, rv)); + free(*su_principal_name); + return (rv); + } + PAM_LOG("Target principal name: %s", *su_principal_name); + *su_principal = default_principal; + return (0); +} + +PAM_MODULE_ENTRY("pam_ksu"); diff --git a/lib/pam_module/pam_lastlog/Makefile b/lib/pam_module/pam_lastlog/Makefile new file mode 100644 index 0000000000..911be918bd --- /dev/null +++ b/lib/pam_module/pam_lastlog/Makefile @@ -0,0 +1,34 @@ +# Copyright 2001 Mark R V Murray +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/lib/libpam/modules/pam_lastlog/Makefile,v 1.5 2003/03/09 20:06:36 obrien Exp $ + +LIB= pam_lastlog +SRCS= pam_lastlog.c +MAN= pam_lastlog.8 + +DPADD= ${LIBUTIL} +LDADD= -lutil + +.include diff --git a/lib/pam_module/pam_lastlog/pam_lastlog.8 b/lib/pam_module/pam_lastlog/pam_lastlog.8 new file mode 100644 index 0000000000..0e0415f07f --- /dev/null +++ b/lib/pam_module/pam_lastlog/pam_lastlog.8 @@ -0,0 +1,106 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.8,v 1.7 2005/01/21 10:38:42 ru Exp $ +.\" +.Dd January 24, 2002 +.Dt PAM_LASTLOG 8 +.Os +.Sh NAME +.Nm pam_lastlog +.Nd login accounting PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_lastlog +.Op Ar options +.Sh DESCRIPTION +The login accounting service module for PAM, +.Nm +provides functionality for only one PAM category: +session management. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li session +feature. +.Ss Login Accounting Session Management Module +The login accounting session management component provides functions +to initiate +.Pq Fn pam_sm_open_session +and terminate +.Pq Fn pam_sm_close_session +sessions. +The +.Fn pam_sm_open_session +function records the session in the +.Xr utmp 5 , +.Xr wtmp 5 +and +.Xr lastlog 5 +databases. +The +.Fn pam_sm_close_session +function does nothing. +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm no_warn" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm no_warn +suppress warning messages to the user. +.It Cm no_fail +Ignore I/O failures. +.El +.Sh SEE ALSO +.Xr last 1 , +.Xr w 1 , +.Xr login 3 , +.Xr logout 3 , +.Xr pam.conf 5 , +.Xr utmp 5 , +.Xr lastlogin 8 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the FreeBSD Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_lastlog/pam_lastlog.c b/lib/pam_module/pam_lastlog/pam_lastlog.c new file mode 100644 index 0000000000..5cb931c865 --- /dev/null +++ b/lib/pam_module/pam_lastlog/pam_lastlog.c @@ -0,0 +1,201 @@ +/*- + * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * Copyright (c) 2004 Joe R. Doupnik + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.23 2007/07/22 15:17:29 des Exp $ + */ + +#define _BSD_SOURCE + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define PAM_SM_SESSION + +#include +#include +#include + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc __unused, const char *argv[] __unused) +{ + struct passwd *pwd; + struct utmp utmp; + struct lastlog ll; + time_t t; + const char *user; + const void *rhost, *tty; + off_t llpos; + int fd, pam_err; + + pam_err = pam_get_user(pamh, &user, NULL); + if (pam_err != PAM_SUCCESS) + return (pam_err); + if (user == NULL || (pwd = getpwnam(user)) == NULL) + return (PAM_SERVICE_ERR); + PAM_LOG("Got user: %s", user); + + pam_err = pam_get_item(pamh, PAM_RHOST, &rhost); + if (pam_err != PAM_SUCCESS) { + PAM_LOG("No PAM_RHOST"); + goto err; + } + pam_err = pam_get_item(pamh, PAM_TTY, &tty); + if (pam_err != PAM_SUCCESS) { + PAM_LOG("No PAM_TTY"); + goto err; + } + if (tty == NULL) { + PAM_LOG("No PAM_TTY"); + pam_err = PAM_SERVICE_ERR; + goto err; + } + if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0) + tty = (const char *)tty + strlen(_PATH_DEV); + if (*(const char *)tty == '\0') + return (PAM_SERVICE_ERR); + + fd = open(_PATH_LASTLOG, O_RDWR|O_CREAT, 0644); + if (fd == -1) { + PAM_LOG("Failed to open %s", _PATH_LASTLOG); + goto file_err; + } + + /* + * Record session in lastlog(5). + */ + llpos = (off_t)(pwd->pw_uid * sizeof(ll)); + if (lseek(fd, llpos, L_SET) != llpos) + goto file_err; + if ((flags & PAM_SILENT) == 0) { + if (read(fd, &ll, sizeof ll) == sizeof ll && ll.ll_time != 0) { + t = ll.ll_time; + if (*ll.ll_host != '\0') + pam_info(pamh, "Last login: %.*s from %.*s", + 24 - 5, ctime(&t), + (int)sizeof(ll.ll_host), ll.ll_host); + else + pam_info(pamh, "Last login: %.*s on %.*s", + 24 - 5, ctime(&t), + (int)sizeof(ll.ll_line), ll.ll_line); + } + if (lseek(fd, llpos, L_SET) != llpos) + goto file_err; + } + + bzero(&ll, sizeof(ll)); + ll.ll_time = time(NULL); + + /* note: does not need to be NUL-terminated */ + strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); + if (rhost != NULL && *(const char *)rhost != '\0') + /* note: does not need to be NUL-terminated */ + strncpy(ll.ll_host, rhost, sizeof(ll.ll_host)); + + if (write(fd, (char *)&ll, sizeof(ll)) != sizeof(ll) || close(fd) != 0) + goto file_err; + + PAM_LOG("Login recorded in %s", _PATH_LASTLOG); + + /* + * Record session in utmp(5) and wtmp(5). + */ + bzero(&utmp, sizeof(utmp)); + utmp.ut_time = time(NULL); + /* note: does not need to be NUL-terminated */ + strncpy(utmp.ut_name, user, sizeof(utmp.ut_name)); + if (rhost != NULL && *(const char *)rhost != '\0') + strncpy(utmp.ut_host, rhost, sizeof(utmp.ut_host)); + strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); + login(&utmp); + + return (PAM_SUCCESS); + +file_err: + syslog(LOG_ERR, "%s: %m", _PATH_LASTLOG); + if (fd != -1) + close(fd); + pam_err = PAM_SYSTEM_ERR; +err: + if (openpam_get_option(pamh, "no_fail")) + return (PAM_SUCCESS); + return (pam_err); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + const void *tty; + int pam_err; + + pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty); + if (pam_err != PAM_SUCCESS) + goto err; + if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0) + tty = (const char *)tty + strlen(_PATH_DEV); + if (*(const char *)tty == '\0') + return (PAM_SERVICE_ERR); + if (logout(tty) != 1) + syslog(LOG_ERR, "%s(): no utmp record for %s", + __func__, (const char *)tty); + logwtmp(tty, "", ""); + return (PAM_SUCCESS); + + err: + if (openpam_get_option(pamh, "no_fail")) + return (PAM_SUCCESS); + return (pam_err); +} + +PAM_MODULE_ENTRY("pam_lastlog"); diff --git a/lib/pam_module/pam_login_access/Makefile b/lib/pam_module/pam_login_access/Makefile new file mode 100644 index 0000000000..1d5d959124 --- /dev/null +++ b/lib/pam_module/pam_login_access/Makefile @@ -0,0 +1,31 @@ +# Copyright 2001 Mark R V Murray +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/lib/libpam/modules/pam_login_access/Makefile,v 1.6 2006/03/06 12:31:25 yar Exp $ + +LIB= pam_login_access +SRCS= pam_login_access.c login_access.c +MAN= login.access.5 pam_login_access.8 + +.include diff --git a/lib/pam_module/pam_login_access/login.access.5 b/lib/pam_module/pam_login_access/login.access.5 new file mode 100644 index 0000000000..dfdca191b1 --- /dev/null +++ b/lib/pam_module/pam_login_access/login.access.5 @@ -0,0 +1,57 @@ +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_login_access/login.access.5,v 1.17 2006/09/13 18:34:32 joel Exp $ +.\" +.Dd September 13, 2006 +.Dt LOGIN.ACCESS 5 +.Os +.Sh NAME +.Nm login.access +.Nd login access control table +.Sh DESCRIPTION +The +.Nm +file specifies (user, host) combinations and/or (user, tty) +combinations for which a login will be either accepted or refused. +.Pp +When someone logs in, the +.Nm +is scanned for the first entry that +matches the (user, host) combination, or, in case of non-networked +logins, the first entry that matches the (user, tty) combination. +The +permissions field of that table entry determines whether the login will +be accepted or refused. +.Pp +Each line of the login access control table has three fields separated by a +.Ql \&: +character: +.Ar permission : Ns Ar users : Ns Ar origins +.Pp +The first field should be a "+" (access granted) or "-" (access denied) +character. +The second field should be a list of one or more login names, +group names, or ALL (always matches). +The third field should be a list +of one or more tty names (for non-networked logins), host names, domain +names (begin with "."), host addresses, internet network numbers (end +with "."), ALL (always matches) or LOCAL (matches any string that does +not contain a "." character). +If you run NIS you can use @netgroupname +in host or user patterns. +.Pp +The EXCEPT operator makes it possible to write very compact rules. +.Pp +The group file is searched only when a name does not match that of the +logged-in user. +Only groups are matched in which users are explicitly +listed: the program does not look at a user's primary group id value. +.Sh FILES +.Bl -tag -width /etc/login.access -compact +.It Pa /etc/login.access +login access control table +.El +.Sh SEE ALSO +.Xr login 1 , +.Xr pam_login_access 8 +.Sh AUTHORS +.An Guido van Rooij diff --git a/lib/pam_module/pam_login_access/login_access.c b/lib/pam_module/pam_login_access/login_access.c new file mode 100644 index 0000000000..e4125abd4c --- /dev/null +++ b/lib/pam_module/pam_login_access/login_access.c @@ -0,0 +1,242 @@ +/* + * This module implements a simple but effective form of login access + * control based on login names and on host (or domain) names, internet + * addresses (or network numbers), or on terminal line names in case of + * non-networked logins. Diagnostics are reported through syslog(3). + * + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + * + * $FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.13 2007/05/25 07:50:18 des Exp $ + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "pam_login_access.h" + +#define _PATH_LOGACCESS "/etc/login.access" + + /* Delimiters for fields and for lists of users, ttys or hosts. */ + +static char fs[] = ":"; /* field separator */ +static char sep[] = ", \t"; /* list-element separator */ + + /* Constants to be used in assignments only, not in comparisons... */ + +#define YES 1 +#define NO 0 + +static int from_match(const char *, const char *); +static int list_match(char *, const char *, + int (*)(const char *, const char *)); +static int netgroup_match(const char *, const char *, const char *); +static int string_match(const char *, const char *); +static int user_match(const char *, const char *); + +/* login_access - match username/group and host/tty with access control file */ + +int +login_access(const char *user, const char *from) +{ + FILE *fp; + char line[BUFSIZ]; + char *perm; /* becomes permission field */ + char *users; /* becomes list of login names */ + char *froms; /* becomes list of terminals or hosts */ + int match = NO; + int end; + int lineno = 0; /* for diagnostics */ + + /* + * Process the table one line at a time and stop at the first match. + * Blank lines and lines that begin with a '#' character are ignored. + * Non-comment lines are broken at the ':' character. All fields are + * mandatory. The first field should be a "+" or "-" character. A + * non-existing table means no access control. + */ + + if ((fp = fopen(_PATH_LOGACCESS, "r")) != NULL) { + while (!match && fgets(line, sizeof(line), fp)) { + lineno++; + if (line[end = strlen(line) - 1] != '\n') { + syslog(LOG_ERR, "%s: line %d: missing newline or line too long", + _PATH_LOGACCESS, lineno); + continue; + } + if (line[0] == '#') + continue; /* comment line */ + while (end > 0 && isspace(line[end - 1])) + end--; + line[end] = 0; /* strip trailing whitespace */ + if (line[0] == 0) /* skip blank lines */ + continue; + if (!(perm = strtok(line, fs)) + || !(users = strtok((char *) 0, fs)) + || !(froms = strtok((char *) 0, fs)) + || strtok((char *) 0, fs)) { + syslog(LOG_ERR, "%s: line %d: bad field count", _PATH_LOGACCESS, + lineno); + continue; + } + if (perm[0] != '+' && perm[0] != '-') { + syslog(LOG_ERR, "%s: line %d: bad first field", _PATH_LOGACCESS, + lineno); + continue; + } + match = (list_match(froms, from, from_match) + && list_match(users, user, user_match)); + } + fclose(fp); + } else if (errno != ENOENT) { + syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); + } + return (match == 0 || (line[0] == '+')); +} + +/* list_match - match an item against a list of tokens with exceptions */ + +static int +list_match(char *list, const char *item, + int (*match_fn)(const char *, const char *)) +{ + char *tok; + int match = NO; + + /* + * Process tokens one at a time. We have exhausted all possible matches + * when we reach an "EXCEPT" token or the end of the list. If we do find + * a match, look for an "EXCEPT" list and recurse to determine whether + * the match is affected by any exceptions. + */ + + for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) { + if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ + break; + if ((match = (*match_fn)(tok, item)) != 0) /* YES */ + break; + } + /* Process exceptions to matches. */ + + if (match != NO) { + while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT")) + /* VOID */ ; + if (tok == 0 || list_match((char *) 0, item, match_fn) == NO) + return (match); + } + return (NO); +} + +/* netgroup_match - match group against machine or user */ + +static int +netgroup_match(const char *group, const char *machine, const char *user) +{ + char domain[1024]; + unsigned int i; + + if (getdomainname(domain, sizeof(domain)) != 0 || *domain == '\0') { + syslog(LOG_ERR, "NIS netgroup support disabled: no NIS domain"); + return (NO); + } + + /* getdomainname() does not reliably terminate the string */ + for (i = 0; i < sizeof(domain); ++i) + if (domain[i] == '\0') + break; + if (i == sizeof(domain)) { + syslog(LOG_ERR, "NIS netgroup support disabled: invalid NIS domain"); + return (NO); + } + + if (innetgr(group, machine, user, domain) == 1) + return (YES); + return (NO); +} + +/* user_match - match a username against one token */ + +static int +user_match(const char *tok, const char *string) +{ + struct group *group; + int i; + + /* + * If a token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the username, or if + * the token is a group that contains the username. + */ + + if (tok[0] == '@') { /* netgroup */ + return (netgroup_match(tok + 1, (char *) 0, string)); + } else if (string_match(tok, string)) { /* ALL or exact match */ + return (YES); + } else if ((group = getgrnam(tok)) != NULL) {/* try group membership */ + for (i = 0; group->gr_mem[i]; i++) + if (strcasecmp(string, group->gr_mem[i]) == 0) + return (YES); + } + return (NO); +} + +/* from_match - match a host or tty against a list of tokens */ + +static int +from_match(const char *tok, const char *string) +{ + int tok_len; + int str_len; + + /* + * If a token has the magic value "ALL" the match always succeeds. Return + * YES if the token fully matches the string. If the token is a domain + * name, return YES if it matches the last fields of the string. If the + * token has the magic value "LOCAL", return YES if the string does not + * contain a "." character. If the token is a network number, return YES + * if it matches the head of the string. + */ + + if (tok[0] == '@') { /* netgroup */ + return (netgroup_match(tok + 1, string, (char *) 0)); + } else if (string_match(tok, string)) { /* ALL or exact match */ + return (YES); + } else if (tok[0] == '.') { /* domain: match last fields */ + if ((str_len = strlen(string)) > (tok_len = strlen(tok)) + && strcasecmp(tok, string + str_len - tok_len) == 0) + return (YES); + } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ + if (strchr(string, '.') == 0) + return (YES); + } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ + && strncmp(tok, string, tok_len) == 0) { + return (YES); + } + return (NO); +} + +/* string_match - match a string against one token */ + +static int +string_match(const char *tok, const char *string) +{ + + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ + return (YES); + } else if (strcasecmp(tok, string) == 0) { /* try exact match */ + return (YES); + } + return (NO); +} diff --git a/lib/pam_module/pam_login_access/pam_login_access.8 b/lib/pam_module/pam_login_access/pam_login_access.8 new file mode 100644 index 0000000000..e7e5e9436c --- /dev/null +++ b/lib/pam_module/pam_login_access/pam_login_access.8 @@ -0,0 +1,89 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_login_access/pam_login_access.8,v 1.6 2006/03/06 13:15:12 yar Exp $ +.\" +.Dd January 24, 2002 +.Dt PAM_LOGIN_ACCESS 8 +.Os +.Sh NAME +.Nm pam_login_access +.Nd login.access PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_login_access +.Op Ar options +.Sh DESCRIPTION +The +.Pa login.access +service module for PAM, +.Nm +provides functionality for only one PAM category: +account management. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li account +feature. +.Ss Login.access Account Management Module +The +.Pa login.access +account management component +.Pq Fn pam_sm_acct_mgmt , +returns success if and only the user is allowed to log in on the +specified tty (in the case of a local login) or from the specified +remote host (in the case of a remote login), according to the +restrictions listed in +.Xr login.access 5 . +.Sh SEE ALSO +.Xr login.access 5 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Xr login.access 5 +access control scheme was designed and implemented by +.An Wietse Venema . +.Pp +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_login_access/pam_login_access.c b/lib/pam_module/pam_login_access/pam_login_access.c new file mode 100644 index 0000000000..ae79dea6ca --- /dev/null +++ b/lib/pam_module/pam_login_access/pam_login_access.c @@ -0,0 +1,100 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_login_access/pam_login_access.c,v 1.11 2004/02/10 10:13:21 des Exp $ + */ + +#define _BSD_SOURCE + +#include + +#include +#include + +#define PAM_SM_ACCOUNT + +#include +#include +#include + +#include "pam_login_access.h" + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + const void *rhost, *tty, *user; + char hostname[MAXHOSTNAMELEN]; + int pam_err; + + pam_err = pam_get_item(pamh, PAM_USER, &user); + if (pam_err != PAM_SUCCESS) + return (pam_err); + + if (user == NULL) + return (PAM_SERVICE_ERR); + + PAM_LOG("Got user: %s", (const char *)user); + + pam_err = pam_get_item(pamh, PAM_RHOST, &rhost); + if (pam_err != PAM_SUCCESS) + return (pam_err); + + pam_err = pam_get_item(pamh, PAM_TTY, &tty); + if (pam_err != PAM_SUCCESS) + return (pam_err); + + gethostname(hostname, sizeof hostname); + + if (rhost == NULL || *(const char *)rhost == '\0') { + PAM_LOG("Checking login.access for user %s on tty %s", + (const char *)user, (const char *)tty); + if (login_access(user, tty) != 0) + return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", + user, tty); + } else { + PAM_LOG("Checking login.access for user %s from host %s", + (const char *)user, (const char *)rhost); + if (login_access(user, rhost) != 0) + return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("%s is not allowed to log in from %s", + user, rhost); + } + + return (PAM_AUTH_ERR); +} + +PAM_MODULE_ENTRY("pam_login_access"); diff --git a/lib/pam_module/pam_login_access/pam_login_access.h b/lib/pam_module/pam_login_access/pam_login_access.h new file mode 100644 index 0000000000..95f7dc1942 --- /dev/null +++ b/lib/pam_module/pam_login_access/pam_login_access.h @@ -0,0 +1,39 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_login_access/pam_login_access.h,v 1.2 2002/03/14 23:27:57 des Exp $ + */ + +extern int login_access(const char *, const char *); diff --git a/lib/pam_module/pam_rhosts/Makefile b/lib/pam_module/pam_rhosts/Makefile new file mode 100644 index 0000000000..4aa7731cbf --- /dev/null +++ b/lib/pam_module/pam_rhosts/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD: src/lib/libpam/modules/pam_rhosts/Makefile,v 1.2 2003/03/09 20:06:37 obrien Exp $ + +LIB= pam_rhosts +SRCS= pam_rhosts.c +MAN= pam_rhosts.8 + +.include diff --git a/lib/pam_module/pam_rhosts/pam_rhosts.8 b/lib/pam_module/pam_rhosts/pam_rhosts.8 new file mode 100644 index 0000000000..fa8b80250b --- /dev/null +++ b/lib/pam_module/pam_rhosts/pam_rhosts.8 @@ -0,0 +1,95 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_rhosts/pam_rhosts.8,v 1.3 2004/07/02 23:52:18 ru Exp $ +.\" +.Dd December 5, 2001 +.Dt PAM_RHOSTS 8 +.Os +.Sh NAME +.Nm pam_rhosts +.Nd Rhosts PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_rhosts +.Op Ar options +.Sh DESCRIPTION +The rhosts authentication service module for PAM, +.Nm +provides functionality for only one PAM category: +authentication. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li auth +feature. +.Ss Rhosts Authentication Module +The Rhosts authentication component +.Pq Fn pam_sm_authenticate , +returns success if and only if the target user's UID is not 0 and the +remote host and user are listed in +.Pa /etc/hosts.equiv +or in the target user's +.Pa ~/.rhosts . +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm allow_root" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm no_warn +suppress warning messages to the user. +These messages include reasons why the user's authentication attempt +was declined. +.It Cm allow_root +do not automatically fail if the target user's UID is 0. +.El +.Sh SEE ALSO +.Xr hosts.equiv 5 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_rhosts/pam_rhosts.c b/lib/pam_module/pam_rhosts/pam_rhosts.c new file mode 100644 index 0000000000..ae68c6d839 --- /dev/null +++ b/lib/pam_module/pam_rhosts/pam_rhosts.c @@ -0,0 +1,94 @@ +/*- + * Copyright (c) 2002 Danny Braniss + * All rights reserved. + * Copyright (c) 2001,2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_rhosts/pam_rhosts.c,v 1.3 2003/12/11 13:55:16 des Exp $ + */ + +#include +#include +#include +#include + +#define PAM_SM_AUTH +#include +#include +#include + +#define OPT_ALLOW_ROOT "allow_root" + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + struct passwd *pw; + const char *user; + const void *ruser, *rhost; + int err, superuser; + + err = pam_get_user(pamh, &user, NULL); + if (err != PAM_SUCCESS) + return (err); + + if ((pw = getpwnam(user)) == NULL) + return (PAM_USER_UNKNOWN); + if (pw->pw_uid == 0 && + openpam_get_option(pamh, OPT_ALLOW_ROOT) == NULL) + return (PAM_AUTH_ERR); + + err = pam_get_item(pamh, PAM_RUSER, &ruser); + if (err != PAM_SUCCESS) + return (PAM_AUTH_ERR); + + err = pam_get_item(pamh, PAM_RHOST, &rhost); + if (err != PAM_SUCCESS) + return (PAM_AUTH_ERR); + + superuser = (strcmp(user, "root") == 0); + err = ruserok(rhost, superuser, ruser, user); + if (err != 0) + return (PAM_AUTH_ERR); + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_rhosts"); diff --git a/lib/pam_module/pam_rootok/Makefile b/lib/pam_module/pam_rootok/Makefile new file mode 100644 index 0000000000..12860fef64 --- /dev/null +++ b/lib/pam_module/pam_rootok/Makefile @@ -0,0 +1,31 @@ +# Copyright 2001 Mark R V Murray +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/lib/libpam/modules/pam_rootok/Makefile,v 1.6 2003/03/09 20:06:37 obrien Exp $ + +LIB= pam_rootok +SRCS= pam_rootok.c +MAN= pam_rootok.8 + +.include diff --git a/lib/pam_module/pam_rootok/pam_rootok.8 b/lib/pam_module/pam_rootok/pam_rootok.8 new file mode 100644 index 0000000000..ced6cf442e --- /dev/null +++ b/lib/pam_module/pam_rootok/pam_rootok.8 @@ -0,0 +1,75 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_rootok/pam_rootok.8,v 1.4 2001/08/15 20:05:31 markm Exp $ +.\" +.Dd July 8, 2001 +.Dt PAM_ROOTOK 8 +.Os +.Sh NAME +.Nm pam_rootok +.Nd RootOK PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_rootok +.Op Ar options +.Sh DESCRIPTION +The RootOK authentication service module for PAM, +.Nm +provides functionality for only one PAM category: +authentication. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li auth +feature. +It also provides a null function for session management. +.Ss RootOK Authentication Module +The RootOK authentication component +.Pq Fn pam_sm_authenticate , +always returns success for the superuser; +i.e., +if +.Xr getuid 2 +returns 0. +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm no_warn" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm no_warn +suppress warning messages to the user. +These messages include +reasons why the user's +authentication attempt was declined. +.El +.Sh SEE ALSO +.Xr getuid 2 , +.Xr pam.conf 5 , +.Xr pam 8 diff --git a/lib/pam_module/pam_rootok/pam_rootok.c b/lib/pam_module/pam_rootok/pam_rootok.c new file mode 100644 index 0000000000..d95f065ffb --- /dev/null +++ b/lib/pam_module/pam_rootok/pam_rootok.c @@ -0,0 +1,72 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_rootok/pam_rootok.c,v 1.8 2002/04/12 22:27:23 des Exp $ + */ + +#define _BSD_SOURCE + +#include +#include + +#define PAM_SM_AUTH + +#include +#include +#include + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + if (getuid() == 0) + return (PAM_SUCCESS); + + PAM_VERBOSE_ERROR("Refused; not superuser"); + PAM_LOG("User is not superuser"); + + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_rootok"); diff --git a/lib/pam_module/pam_securetty/Makefile b/lib/pam_module/pam_securetty/Makefile new file mode 100644 index 0000000000..ad0a563337 --- /dev/null +++ b/lib/pam_module/pam_securetty/Makefile @@ -0,0 +1,31 @@ +# Copyright 2001 Mark R V Murray +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/lib/libpam/modules/pam_securetty/Makefile,v 1.5 2003/03/09 20:06:37 obrien Exp $ + +LIB= pam_securetty +SRCS= pam_securetty.c +MAN= pam_securetty.8 + +.include diff --git a/lib/pam_module/pam_securetty/pam_securetty.8 b/lib/pam_module/pam_securetty/pam_securetty.8 new file mode 100644 index 0000000000..66e92a11a6 --- /dev/null +++ b/lib/pam_module/pam_securetty/pam_securetty.8 @@ -0,0 +1,92 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_securetty/pam_securetty.8,v 1.6 2002/03/14 23:27:58 des Exp $ +.\" +.Dd July 8, 2001 +.Dt PAM_SECURETTY 8 +.Os +.Sh NAME +.Nm pam_securetty +.Nd SecureTTY PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_securetty +.Op Ar options +.Sh DESCRIPTION +The SecureTTY service module for PAM, +.Nm +provides functionality for only one PAM category: +account management. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li account +feature. +It also provides null functions for authentication and session +management. +.Ss SecureTTY Account Management Module +The SecureTTY account management component +.Pq Fn pam_sm_acct_mgmt , +returns failure if the user is attempting to authenticate as superuser, +and the process is attached to an insecure TTY. +In all other cases, the module returns success. +.Pp +A TTY is considered secure if it is listed in +.Pa /etc/ttys +and has the +.Dv TTY_SECURE +flag set. +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm no_warn" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm no_warn +suppress warning messages to the user. +These messages include +reasons why the user's +authentication attempt was declined. +.El +.Sh SEE ALSO +.Xr getttynam 3 , +.Xr syslog 3 , +.Xr pam.conf 5 , +.Xr ttys 5 , +.Xr pam 8 diff --git a/lib/pam_module/pam_securetty/pam_securetty.c b/lib/pam_module/pam_securetty/pam_securetty.c new file mode 100644 index 0000000000..d746f94b36 --- /dev/null +++ b/lib/pam_module/pam_securetty/pam_securetty.c @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_securetty/pam_securetty.c,v 1.13 2004/02/10 10:13:21 des Exp $ + */ + +#include +#include +#include +#include +#include + +#define PAM_SM_ACCOUNT + +#include +#include +#include + +#define TTY_PREFIX "/dev/" + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + struct passwd *pwd; + struct ttyent *ty; + const char *user; + const void *tty; + int pam_err; + + pam_err = pam_get_user(pamh, &user, NULL); + if (pam_err != PAM_SUCCESS) + return (pam_err); + if (user == NULL || (pwd = getpwnam(user)) == NULL) + return (PAM_SERVICE_ERR); + + PAM_LOG("Got user: %s", user); + + /* If the user is not root, secure ttys do not apply */ + if (pwd->pw_uid != 0) + return (PAM_SUCCESS); + + pam_err = pam_get_item(pamh, PAM_TTY, &tty); + if (pam_err != PAM_SUCCESS) + return (pam_err); + + PAM_LOG("Got TTY: %s", (const char *)tty); + + /* Ignore any "/dev/" on the PAM_TTY item */ + if (tty != NULL && strncmp(TTY_PREFIX, tty, sizeof(TTY_PREFIX)) == 0) { + PAM_LOG("WARNING: PAM_TTY starts with " TTY_PREFIX); + tty = (const char *)tty + sizeof(TTY_PREFIX) - 1; + } + + if (tty != NULL && (ty = getttynam(tty)) != NULL && + (ty->ty_status & TTY_SECURE) != 0) + return (PAM_SUCCESS); + + PAM_VERBOSE_ERROR("Not on secure TTY"); + return (PAM_AUTH_ERR); +} + +PAM_MODULE_ENTRY("pam_securetty"); diff --git a/lib/pam_module/pam_self/Makefile b/lib/pam_module/pam_self/Makefile new file mode 100644 index 0000000000..1aecd82f18 --- /dev/null +++ b/lib/pam_module/pam_self/Makefile @@ -0,0 +1,31 @@ +# Copyright 2001 Mark R V Murray +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/lib/libpam/modules/pam_self/Makefile,v 1.4 2003/03/09 20:06:37 obrien Exp $ + +LIB= pam_self +SRCS= pam_self.c +MAN= pam_self.8 + +.include diff --git a/lib/pam_module/pam_self/pam_self.8 b/lib/pam_module/pam_self/pam_self.8 new file mode 100644 index 0000000000..8dd9e14a3a --- /dev/null +++ b/lib/pam_module/pam_self/pam_self.8 @@ -0,0 +1,96 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libpam/modules/pam_self/pam_self.8,v 1.11 2004/07/02 23:52:18 ru Exp $ +.\" +.Dd December 5, 2001 +.Dt PAM_SELF 8 +.Os +.Sh NAME +.Nm pam_self +.Nd Self PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_self +.Op Ar options +.Sh DESCRIPTION +The Self authentication service module for PAM, +.Nm +provides functionality for only one PAM category: +authentication. +In terms of the +.Ar module-type +parameter, this is the +.Dq Li auth +feature. +.Ss Self Authentication Module +The Self authentication component +.Pq Fn pam_sm_authenticate , +returns success if and only if the target user's user ID is identical +with the current real user ID. +If the current real user ID is zero, authentication will fail, +unless the +.Cm allow_root +option was specified. +.Pp +The following options may be passed to the authentication module: +.Bl -tag -width ".Cm allow_root" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.It Cm no_warn +suppress warning messages to the user. +These messages include reasons why the user's authentication attempt +was declined. +.It Cm allow_root +do not automatically fail if the current real user ID is 0. +.El +.Sh SEE ALSO +.Xr getuid 2 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/pam_module/pam_self/pam_self.c b/lib/pam_module/pam_self/pam_self.c new file mode 100644 index 0000000000..279f9e63d7 --- /dev/null +++ b/lib/pam_module/pam_self/pam_self.c @@ -0,0 +1,88 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001,2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libpam/modules/pam_self/pam_self.c,v 1.9 2002/04/12 22:27:24 des Exp $ + */ + +#define _BSD_SOURCE + +#include +#include +#include + +#define PAM_SM_AUTH + +#include +#include +#include + +#define OPT_ALLOW_ROOT "allow_root" + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + struct passwd *pwd; + const char *luser; + int pam_err; + uid_t uid; + + pam_err = pam_get_user(pamh, &luser, NULL); + if (pam_err != PAM_SUCCESS) + return (pam_err); + if (luser == NULL || (pwd = getpwnam(luser)) == NULL) + return (PAM_AUTH_ERR); + + uid = getuid(); + if (uid == 0 && !openpam_get_option(pamh, OPT_ALLOW_ROOT)) + return (PAM_AUTH_ERR); + + if (uid == (uid_t)pwd->pw_uid) + return (PAM_SUCCESS); + + PAM_VERBOSE_ERROR("Refused; source and target users differ"); + + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_self"); -- 2.41.0 From 1f66ef71f2e21318d835c3561f8ed71d574c3c6a Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 18:42:36 -0500 Subject: [PATCH 08/16] Reject usernames that are longer than OPIE can handle. Obtained-from: FreeBSD --- lib/pam_module/pam_opie/pam_opie.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/pam_module/pam_opie/pam_opie.c b/lib/pam_module/pam_opie/pam_opie.c index 868aa81cd9..9ebba0ad77 100644 --- a/lib/pam_module/pam_opie/pam_opie.c +++ b/lib/pam_module/pam_opie/pam_opie.c @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_opie/pam_opie.c,v 1.25 2003/05/31 17:19:03 des Exp $ + * $FreeBSD: src/lib/libpam/modules/pam_opie/pam_opie.c,v 1.26 2006/09/15 13:42:38 des Exp $ * $DragonFly: src/lib/pam_module/pam_opie/pam_opie.c,v 1.1 2005/07/12 22:53:20 joerg Exp $ */ @@ -63,7 +63,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int retval, i; const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "}; char challenge[OPIE_CHALLENGE_MAX]; - char *user; + char principal[OPIE_PRINCIPAL_MAX]; + const char *user; char *response; int style; @@ -74,13 +75,22 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, user = pwd->pw_name; } else { - retval = pam_get_user(pamh, (const char **)&user, NULL); + retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) return (retval); } PAM_LOG("Got user: %s", user); + /* + * Watch out: libopie feels entitled to truncate the user name + * passed to it if it's longer than OPIE_PRINCIPAL_MAX, which is + * not uncommon in Windows environments. + */ + if (strlen(user) >= sizeof(principal)) + return (PAM_AUTH_ERR); + strlcpy(principal, user, sizeof(principal)); + /* * Don't call the OPIE atexit() handler when our program exits, * since the module has been unloaded and we will SEGV. @@ -92,8 +102,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, * doesn't have an OPIE key, just fail rather than present the * user with a bogus OPIE challenge. */ - /* XXX generates a const warning because of incorrect prototype */ - if (opiechallenge(&opie, (char *)user, challenge) != 0 && + if (opiechallenge(&opie, principal, challenge) != 0 && openpam_get_option(pamh, PAM_OPT_NO_FAKE_PROMPTS)) return (PAM_AUTH_ERR); -- 2.41.0 From 129f5dc9cfac09cfc204c3e68ecec0b086bf7767 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 18:53:43 -0500 Subject: [PATCH 09/16] Correct documentation of ~/.opiealways Obtained-from: FreeBSD --- lib/pam_module/pam_opieaccess/pam_opieaccess.8 | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/pam_module/pam_opieaccess/pam_opieaccess.8 b/lib/pam_module/pam_opieaccess/pam_opieaccess.8 index b7eb379396..19e0b3d48f 100644 --- a/lib/pam_module/pam_opieaccess/pam_opieaccess.8 +++ b/lib/pam_module/pam_opieaccess/pam_opieaccess.8 @@ -32,10 +32,10 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8,v 1.9 2004/07/02 23:52:17 ru Exp $ +.\" $FreeBSD: src/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8,v 1.10 2007/10/26 07:50:11 des Exp $ .\" $DragonFly: src/lib/pam_module/pam_opieaccess/pam_opieaccess.8,v 1.1 2005/07/12 23:08:53 joerg Exp $ .\" -.Dd January 21, 2002 +.Dd October 26, 2007 .Dt PAM_OPIEACCESS 8 .Os .Sh NAME @@ -89,7 +89,7 @@ The user has OPIE enabled, and the remote host is listed as a trusted host in .Pa /etc/opieaccess , and the user does not have a file named -.Pa opiealways +.Pa \&.opiealways in his home directory. .El .Pp @@ -116,12 +116,14 @@ These messages include reasons why the user's authentication attempt was declined. .El .Sh FILES -.Bl -tag -width ".Pa /etc/opieaccess" +.Bl -tag -width ".Pa $HOME/.opiealways" .It Pa /etc/opieaccess List of trusted hosts or networks. See .Xr opieaccess 5 for a description of its syntax. +.It Pa $HOME/.opiealways +The presence of this file makes OPIE mandatory for the user. .El .Sh SEE ALSO .Xr opie 4 , -- 2.41.0 From 253e39d21c7ecbcf514d7ef272dc394ecba8cb66 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 19:02:14 -0500 Subject: [PATCH 10/16] Also send Access Challenge in pam_radius. Obtained-from: FreeBSD --- lib/pam_module/pam_radius/pam_radius.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/pam_module/pam_radius/pam_radius.c b/lib/pam_module/pam_radius/pam_radius.c index 3804e2b3fd..6a7f95dc80 100644 --- a/lib/pam_module/pam_radius/pam_radius.c +++ b/lib/pam_module/pam_radius/pam_radius.c @@ -33,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.23 2005/06/13 21:18:52 des Exp $ + * $FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.24 2007/01/20 08:52:04 pjd Exp $ * $DragonFly: src/lib/pam_module/pam_radius/pam_radius.c,v 1.1 2005/07/12 23:13:26 joerg Exp $ */ @@ -66,7 +66,7 @@ static int build_access_request(struct rad_handle *, const char *, size_t); static int do_accept(pam_handle_t *, struct rad_handle *); static int do_challenge(pam_handle_t *, struct rad_handle *, - const char *); + const char *, const char *, const char *); /* * Construct an access request, but don't send it. Returns 0 on success, @@ -161,7 +161,8 @@ do_accept(pam_handle_t *pamh, struct rad_handle *radh) } static int -do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user) +do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user, + const char *nas_id, const char *nas_ipaddr) { int retval; int attrtype; @@ -228,8 +229,8 @@ do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user) if ((retval = conv->conv(num_msgs, msg_ptrs, &resp, conv->appdata_ptr)) != PAM_SUCCESS) return (retval); - if (build_access_request(radh, user, resp[num_msgs-1].resp, NULL, - NULL, state, statelen) == -1) + if (build_access_request(radh, user, resp[num_msgs-1].resp, nas_id, + nas_ipaddr, state, statelen) == -1) return (PAM_SERVICE_ERR); memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp)); free(resp[num_msgs-1].resp); @@ -328,7 +329,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, return (PAM_AUTH_ERR); case RAD_ACCESS_CHALLENGE: - retval = do_challenge(pamh, radh, user); + retval = do_challenge(pamh, radh, user, nas_id, + nas_ipaddr); if (retval != PAM_SUCCESS) { rad_close(radh); return (retval); -- 2.41.0 From 6a3bc79667bf29540b5e9b8de0838522d47e0c2f Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 19:26:38 -0500 Subject: [PATCH 11/16] A few bug-fixes for pam_ssh: -Narrow the use of user credentials. -Fix one case where openpam_restore_cred() might be called twice in a row. -Do not use passphraseless keys for authentication unless the nullok option was specified. -Correct the logic for determining whether the user has already entered a password. Obtained-from: FreeBSD --- lib/pam_module/pam_ssh/pam_ssh.8 | 7 +++++- lib/pam_module/pam_ssh/pam_ssh.c | 42 +++++++++++++++++--------------- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/lib/pam_module/pam_ssh/pam_ssh.8 b/lib/pam_module/pam_ssh/pam_ssh.8 index c3024ac9f0..1e8a402171 100644 --- a/lib/pam_module/pam_ssh/pam_ssh.8 +++ b/lib/pam_module/pam_ssh/pam_ssh.8 @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.8,v 1.13 2004/07/02 23:52:18 ru Exp $ +.\" $FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.8,v 1.14 2005/09/22 05:35:24 des Exp $ .\" $DragonFly: src/lib/pam_module/pam_ssh/pam_ssh.8,v 1.1 2005/07/12 23:26:49 joerg Exp $ .\" .Dd November 26, 2001 @@ -94,6 +94,11 @@ This option is similar to the option, except that if the previously obtained password fails, the user is prompted for another password. +.It Cm nullok +Normally, keys with no passphrase are ignored for authentication +purposes. +If this option is set, keys with no passphrase will be taken into +consideration, allowing the user to log in with a blank password. .El .Ss SSH Session Management Module The diff --git a/lib/pam_module/pam_ssh/pam_ssh.c b/lib/pam_module/pam_ssh/pam_ssh.c index 8e8bf567ce..1f53638048 100644 --- a/lib/pam_module/pam_ssh/pam_ssh.c +++ b/lib/pam_module/pam_ssh/pam_ssh.c @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $ + * $FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.45 2007/12/21 12:00:15 des Exp $ * $DragonFly: src/lib/pam_module/pam_ssh/pam_ssh.c,v 1.2 2006/09/29 06:35:03 corecode Exp $ */ @@ -58,6 +58,7 @@ #include "buffer.h" #include "key.h" +#include "buffer.h" #include "authfd.h" #include "authfile.h" @@ -135,9 +136,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc __unused, const char *argv[] __unused) { const char **kfn, *passphrase, *user; + const void *item; struct passwd *pwd; struct pam_ssh_key *psk; - int nkeys, pam_err, pass; + int nkeys, nullok, pam_err, pass; + + nullok = (openpam_get_option(pamh, "nullok") != NULL); /* PEM is not loaded by default */ OpenSSL_add_all_algorithms(); @@ -152,24 +156,25 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, if (pwd->pw_dir == NULL) return (PAM_AUTH_ERR); - /* switch to user credentials */ - pam_err = openpam_borrow_cred(pamh, pwd); - if (pam_err != PAM_SUCCESS) - return (pam_err); - - pass = (pam_get_item(pamh, PAM_AUTHTOK, - (const void **)&passphrase) == PAM_SUCCESS); + nkeys = 0; + pass = (pam_get_item(pamh, PAM_AUTHTOK, &item) == PAM_SUCCESS && + item != NULL); load_keys: /* get passphrase */ pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &passphrase, pam_ssh_prompt); - if (pam_err != PAM_SUCCESS) { - openpam_restore_cred(pamh); + if (pam_err != PAM_SUCCESS) + return (pam_err); + + if (*passphrase == '\0' && !nullok) + goto skip_keys; + + /* switch to user credentials */ + pam_err = openpam_borrow_cred(pamh, pwd); + if (pam_err != PAM_SUCCESS) return (pam_err); - } /* try to load keys from all keyfiles we know of */ - nkeys = 0; for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) { psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase); if (psk != NULL) { @@ -178,6 +183,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } } + /* switch back to arbitrator credentials */ + openpam_restore_cred(pamh); + + skip_keys: /* * If we tried an old token and didn't get anything, and * try_first_pass was specified, try again after prompting the @@ -190,9 +199,6 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, goto load_keys; } - /* switch back to arbitrator credentials before returning */ - openpam_restore_cred(pamh); - /* no keys? */ if (nkeys == 0) return (PAM_AUTH_ERR); @@ -256,10 +262,8 @@ pam_ssh_start_agent(pam_handle_t *pamh) FILE *f; /* get a pipe which we will use to read the agent's output */ - if (pipe(agent_pipe) == -1) { - openpam_restore_cred(pamh); + if (pipe(agent_pipe) == -1) return (PAM_SYSTEM_ERR); - } /* start the agent */ openpam_log(PAM_LOG_DEBUG, "starting an ssh agent"); -- 2.41.0 From 0d96fe5a0ed65ace5a06125976a01848fd041dd2 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Dec 2008 20:20:17 -0500 Subject: [PATCH 12/16] Lock out authentication if the account has been locked by pw(8). In account management, verify whether the account has been locked with `pw lock', so that it's impossible to log into a locked account using an alternative authentication mechanism, such as an ssh key. This change affects only accounts locked with pw(8), i.e., having a `*LOCKED*' prefix in their password hash field, so people still can use a different pattern to disable password authentication only. Also, clean out some (void) casts and use libypclnt. Obtained-from: FreeBSD --- Makefile.inc1 | 2 +- lib/pam_module/pam_unix/Makefile | 8 +++++-- lib/pam_module/pam_unix/pam_unix.8 | 34 +++++++++++++++++++++--------- lib/pam_module/pam_unix/pam_unix.c | 33 +++++++++++++++-------------- share/mk/bsd.libnames.mk | 1 + 5 files changed, 49 insertions(+), 29 deletions(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index a0bcd0b56c..3291955eb8 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -891,7 +891,7 @@ _generic_libs+= kerberos5/lib _prebuild_libs+= lib/libcom_err lib/libcrypt lib/libmd \ lib/libncurses/libncurses lib/libopie lib/libradius \ lib/libsbuf lib/libskey lib/libtacplus lib/libm \ - lib/libpam lib/lib${THREAD_LIB} + lib/libpam lib/libypclnt lib/lib${THREAD_LIB} lib/libopie__L lib/libradius__L lib/libtacplus__L: lib/libmd__L lib/libskey__L: lib/libcrypt__L lib/libmd__L diff --git a/lib/pam_module/pam_unix/Makefile b/lib/pam_module/pam_unix/Makefile index ff393d9e70..e34181834e 100644 --- a/lib/pam_module/pam_unix/Makefile +++ b/lib/pam_module/pam_unix/Makefile @@ -7,6 +7,10 @@ MAN= pam_unix.8 DPADD= ${LIBCRYPT} ${LIBUTIL} LDADD= -lcrypt -lutil -.include +.if !defined(NO_NIS) +CFLAGS+= -DYP +DPADD+= ${LIBYPCLNT} +LDADD+= -lypclnt +.endif -.PATH: ${OPENPAM_DIR}/modules/pam_unix +.include diff --git a/lib/pam_module/pam_unix/pam_unix.8 b/lib/pam_module/pam_unix/pam_unix.8 index 6f11b2fbfb..62947a3681 100644 --- a/lib/pam_module/pam_unix/pam_unix.8 +++ b/lib/pam_module/pam_unix/pam_unix.8 @@ -32,10 +32,10 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.8,v 1.11 2005/01/21 10:44:10 ru Exp $ +.\" $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.8,v 1.13 2007/03/27 09:59:15 yar Exp $ .\" $DragonFly: src/lib/pam_module/pam_unix/pam_unix.8,v 1.1 2005/08/01 16:15:19 joerg Exp $ .\" -.Dd November 26, 2001 +.Dd March 27, 2007 .Dt PAM_UNIX 8 .Os .Sh NAME @@ -52,15 +52,16 @@ The .Ux authentication service module for PAM, .Nm -provides functionality for two PAM categories: -authentication -and account management. +provides functionality for three PAM categories: +authentication, +account management, and password management. In terms of the .Ar module-type parameter, they are the -.Dq Li auth +.Dq Li auth , +.Dq Li account , and -.Dq Li account +.Dq Li password features. It also provides a null function for session management. .Ss Ux Ss Authentication Module @@ -142,8 +143,20 @@ provides a function to perform account management, .Fn pam_sm_acct_mgmt . The function verifies that the authenticated user -is allowed to login to the local user account -by checking the password expiry date. +is allowed to log into the local user account +by checking the following criteria: +.Bl -dash -offset indent +.It +locked status of the account compatible with +.Xr pw 8 +.Cm lock ; +.It +the password expiry date from +.Xr passwd 5 ; +.It +.Xr login.conf 5 +restrictions on the remote host, login time, and tty. +.El .Pp The following options may be passed to the management module: .Bl -tag -width ".Cm use_first_pass" @@ -157,7 +170,7 @@ level. The .Ux password management component -provides a function to perform account management, +provides a function to perform password management, .Fn pam_sm_chauthtok . The function changes the user's password. @@ -199,4 +212,5 @@ password database. .Xr nsswitch.conf 5 , .Xr passwd 5 , .Xr pam 8 , +.Xr pw 8 , .Xr yp 8 diff --git a/lib/pam_module/pam_unix/pam_unix.c b/lib/pam_module/pam_unix/pam_unix.c index bd5e6dbff8..a2cf30cbef 100644 --- a/lib/pam_module/pam_unix/pam_unix.c +++ b/lib/pam_module/pam_unix/pam_unix.c @@ -33,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.51 2005/07/05 18:42:18 des Exp $ + * $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.53 2007/12/21 12:00:16 des Exp $ * $DragonFly: src/lib/pam_module/pam_unix/pam_unix.c,v 1.1 2005/08/01 16:15:19 joerg Exp $ */ @@ -70,6 +70,9 @@ #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ #define SALTSIZE 32 +#define LOCKED_PREFIX "*LOCKED*" +#define LOCKED_PREFIX_LEN (sizeof(LOCKED_PREFIX) - 1) + static void makesalt(char []); static char password_hash[] = PASSWORD_HASH; @@ -126,6 +129,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, if (strcmp(crypt(pass, realpw), realpw) == 0) return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("UNIX authentication refused"); return (PAM_AUTH_ERR); } @@ -175,6 +179,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0) return (PAM_NEW_AUTHTOK_REQD); + if (strncmp(pwd->pw_passwd, LOCKED_PREFIX, LOCKED_PREFIX_LEN) == 0) + return (PAM_AUTH_ERR); + lc = login_getpwclass(pwd); if (lc == NULL) { PAM_LOG("Unable to get login class for user %s", user); @@ -268,7 +275,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, struct passwd *pwd, *old_pwd; const char *user, *old_pass, *new_pass; char *encrypted; - int pfd, tfd, retval = PAM_ABORT; + int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) pwd = getpwnam(getlogin()); @@ -288,23 +295,17 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("PRELIM round"); - if (getuid() == 0 -#if 0 - && (pwd->pw_fields & _PWF_SOURCE) == _PWF_FILES -#endif - ) + if (getuid() == 0 && + (pwd->pw_fields & _PWF_SOURCE) == _PWF_FILES) /* root doesn't need the old password */ return (pam_set_item(pamh, PAM_OLDAUTHTOK, "")); #ifdef YP - if (getuid() == 0 -#if 0 - && (pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS -#endif - ) { + if (getuid() == 0 && + (pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) { yp_domain = yp_server = NULL; - (void)pam_get_data(pamh, "yp_domain", &yp_domain); - (void)pam_get_data(pamh, "yp_server", &yp_server); + pam_get_data(pamh, "yp_domain", &yp_domain); + pam_get_data(pamh, "yp_server", &yp_server); ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_server); if (ypclnt == NULL) @@ -406,8 +407,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, break; case _PWF_NIS: yp_domain = yp_server = NULL; - (void)pam_get_data(pamh, "yp_domain", &yp_domain); - (void)pam_get_data(pamh, "yp_server", &yp_server); + pam_get_data(pamh, "yp_domain", &yp_domain); + pam_get_data(pamh, "yp_server", &yp_server); ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_server); if (ypclnt == NULL) { diff --git a/share/mk/bsd.libnames.mk b/share/mk/bsd.libnames.mk index 11319b05db..fd8c458b54 100644 --- a/share/mk/bsd.libnames.mk +++ b/share/mk/bsd.libnames.mk @@ -110,6 +110,7 @@ LIBUTIL?= ${DESTDIR}${LIBDIR}/libutil.a LIBWRAP?= ${DESTDIR}${LIBDIR}/libwrap.a LIBXPG4?= ${DESTDIR}${LIBDIR}/libxpg4.a LIBY?= ${DESTDIR}${LIBDIR}/liby.a +LIBYPCLNT?= ${DESTDIR}${LIBDIR}/libypclnt.a LIBZ?= ${DESTDIR}${LIBDIR}/libz.a THREAD_LIB?= thread_xu -- 2.41.0 From c541a65d003479235fec01b577d04ce10dc6800d Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Wed, 31 Dec 2008 20:26:28 -0500 Subject: [PATCH 13/16] Avoid namespace pollution for applications that link in libssh. Obtained-from: FreeBSD --- crypto/openssh-5/ssh_namespace.h | 400 +++++++++++++++++++++++++++++++ lib/pam_module/pam_ssh/Makefile | 2 +- secure/Makefile.ssh.common | 2 +- 3 files changed, 402 insertions(+), 2 deletions(-) create mode 100644 crypto/openssh-5/ssh_namespace.h diff --git a/crypto/openssh-5/ssh_namespace.h b/crypto/openssh-5/ssh_namespace.h new file mode 100644 index 0000000000..518b7b22ec --- /dev/null +++ b/crypto/openssh-5/ssh_namespace.h @@ -0,0 +1,400 @@ +/* + * Namespace munging inspired by an equivalent hack in NetBSD's tree: add + * the "ssh_" prefix to every symbol in libssh which doesn't already have + * it. This prevents collisions between symbols in libssh and symbols in + * other libraries or applications which link with libssh, either directly + * or indirectly (e.g. through PAM loading pam_ssh). + * + * A list of symbols which need munging is obtained as follows: + * + * nm libssh.a | awk '$2 == "T" && $3 !~ /^ssh_/ { print "#define", $3, "ssh_" $3 }' + * + * $FreeBSD: src/crypto/openssh/ssh_namespace.h,v 1.4 2008/08/01 02:48:36 des Exp $ + */ + +#define a2port ssh_a2port +#define a2tun ssh_a2tun +#define acss ssh_acss +#define acss_setkey ssh_acss_setkey +#define acss_setsubkey ssh_acss_setsubkey +#define add_host_to_hostfile ssh_add_host_to_hostfile +#define addargs ssh_addargs +#define ask_permission ssh_ask_permission +#define atomicio ssh_atomicio +#define atomiciov ssh_atomiciov +#define auth_request_forwarding ssh_auth_request_forwarding +#define buffer_append ssh_buffer_append +#define buffer_append_space ssh_buffer_append_space +#define buffer_check_alloc ssh_buffer_check_alloc +#define buffer_clear ssh_buffer_clear +#define buffer_compress ssh_buffer_compress +#define buffer_compress_init_recv ssh_buffer_compress_init_recv +#define buffer_compress_init_send ssh_buffer_compress_init_send +#define buffer_compress_uninit ssh_buffer_compress_uninit +#define buffer_consume ssh_buffer_consume +#define buffer_consume_end ssh_buffer_consume_end +#define buffer_consume_end_ret ssh_buffer_consume_end_ret +#define buffer_consume_ret ssh_buffer_consume_ret +#define buffer_dump ssh_buffer_dump +#define buffer_free ssh_buffer_free +#define buffer_get ssh_buffer_get +#define buffer_get_bignum ssh_buffer_get_bignum +#define buffer_get_bignum2 ssh_buffer_get_bignum2 +#define buffer_get_bignum2_ret ssh_buffer_get_bignum2_ret +#define buffer_get_bignum_ret ssh_buffer_get_bignum_ret +#define buffer_get_char ssh_buffer_get_char +#define buffer_get_char_ret ssh_buffer_get_char_ret +#define buffer_get_int ssh_buffer_get_int +#define buffer_get_int64 ssh_buffer_get_int64 +#define buffer_get_int64_ret ssh_buffer_get_int64_ret +#define buffer_get_int_ret ssh_buffer_get_int_ret +#define buffer_get_ret ssh_buffer_get_ret +#define buffer_get_short ssh_buffer_get_short +#define buffer_get_short_ret ssh_buffer_get_short_ret +#define buffer_get_string ssh_buffer_get_string +#define buffer_get_string_ret ssh_buffer_get_string_ret +#define buffer_init ssh_buffer_init +#define buffer_len ssh_buffer_len +#define buffer_ptr ssh_buffer_ptr +#define buffer_put_bignum ssh_buffer_put_bignum +#define buffer_put_bignum2 ssh_buffer_put_bignum2 +#define buffer_put_bignum2_ret ssh_buffer_put_bignum2_ret +#define buffer_put_bignum_ret ssh_buffer_put_bignum_ret +#define buffer_put_char ssh_buffer_put_char +#define buffer_put_cstring ssh_buffer_put_cstring +#define buffer_put_int ssh_buffer_put_int +#define buffer_put_int64 ssh_buffer_put_int64 +#define buffer_put_short ssh_buffer_put_short +#define buffer_put_string ssh_buffer_put_string +#define buffer_uncompress ssh_buffer_uncompress +#define chan_ibuf_empty ssh_chan_ibuf_empty +#define chan_is_dead ssh_chan_is_dead +#define chan_mark_dead ssh_chan_mark_dead +#define chan_obuf_empty ssh_chan_obuf_empty +#define chan_rcvd_ieof ssh_chan_rcvd_ieof +#define chan_rcvd_oclose ssh_chan_rcvd_oclose +#define chan_read_failed ssh_chan_read_failed +#define chan_write_failed ssh_chan_write_failed +#define channel_add_adm_permitted_opens ssh_channel_add_adm_permitted_opens +#define channel_add_permitted_opens ssh_channel_add_permitted_opens +#define channel_after_select ssh_channel_after_select +#define channel_by_id ssh_channel_by_id +#define channel_cancel_cleanup ssh_channel_cancel_cleanup +#define channel_cancel_rport_listener ssh_channel_cancel_rport_listener +#define channel_clear_adm_permitted_opens ssh_channel_clear_adm_permitted_opens +#define channel_clear_permitted_opens ssh_channel_clear_permitted_opens +#define channel_close_all ssh_channel_close_all +#define channel_close_fd ssh_channel_close_fd +#define channel_connect_by_listen_address ssh_channel_connect_by_listen_address +#define channel_connect_to ssh_channel_connect_to +#define channel_find_open ssh_channel_find_open +#define channel_free ssh_channel_free +#define channel_free_all ssh_channel_free_all +#define channel_input_close ssh_channel_input_close +#define channel_input_close_confirmation ssh_channel_input_close_confirmation +#define channel_input_data ssh_channel_input_data +#define channel_input_extended_data ssh_channel_input_extended_data +#define channel_input_ieof ssh_channel_input_ieof +#define channel_input_oclose ssh_channel_input_oclose +#define channel_input_open_confirmation ssh_channel_input_open_confirmation +#define channel_input_open_failure ssh_channel_input_open_failure +#define channel_input_port_forward_request ssh_channel_input_port_forward_request +#define channel_input_port_open ssh_channel_input_port_open +#define channel_input_window_adjust ssh_channel_input_window_adjust +#define channel_lookup ssh_channel_lookup +#define channel_new ssh_channel_new +#define channel_not_very_much_buffered_data ssh_channel_not_very_much_buffered_data +#define channel_open_message ssh_channel_open_message +#define channel_output_poll ssh_channel_output_poll +#define channel_permit_all_opens ssh_channel_permit_all_opens +#define channel_prepare_select ssh_channel_prepare_select +#define channel_register_cleanup ssh_channel_register_cleanup +#define channel_register_confirm ssh_channel_register_confirm +#define channel_register_filter ssh_channel_register_filter +#define channel_request_remote_forwarding ssh_channel_request_remote_forwarding +#define channel_request_rforward_cancel ssh_channel_request_rforward_cancel +#define channel_request_start ssh_channel_request_start +#define channel_send_open ssh_channel_send_open +#define channel_send_window_changes ssh_channel_send_window_changes +#define channel_set_af ssh_channel_set_af +#define channel_set_fds ssh_channel_set_fds +#define channel_setup_local_fwd_listener ssh_channel_setup_local_fwd_listener +#define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener +#define channel_still_open ssh_channel_still_open +#define channel_stop_listening ssh_channel_stop_listening +#define check_host_in_hostfile ssh_check_host_in_hostfile +#define choose_dh ssh_choose_dh +#define chop ssh_chop +#define cipher_blocksize ssh_cipher_blocksize +#define cipher_by_name ssh_cipher_by_name +#define cipher_by_number ssh_cipher_by_number +#define cipher_cleanup ssh_cipher_cleanup +#define cipher_crypt ssh_cipher_crypt +#define cipher_get_keycontext ssh_cipher_get_keycontext +#define cipher_get_keyiv ssh_cipher_get_keyiv +#define cipher_get_keyiv_len ssh_cipher_get_keyiv_len +#define cipher_get_number ssh_cipher_get_number +#define cipher_init ssh_cipher_init +#define cipher_keylen ssh_cipher_keylen +#define cipher_mask_ssh1 ssh_cipher_mask_ssh1 +#define cipher_name ssh_cipher_name +#define cipher_number ssh_cipher_number +#define cipher_set_key_string ssh_cipher_set_key_string +#define cipher_set_keycontext ssh_cipher_set_keycontext +#define cipher_set_keyiv ssh_cipher_set_keyiv +#define ciphers_valid ssh_ciphers_valid +#define cleanhostname ssh_cleanhostname +#define cleanup_exit ssh_cleanup_exit +#define colon ssh_colon +#define compat_cipher_proposal ssh_compat_cipher_proposal +#define compat_datafellows ssh_compat_datafellows +#define convtime ssh_convtime +#define debug ssh_debug +#define debug2 ssh_debug2 +#define debug3 ssh_debug3 +#define decode_reply ssh_decode_reply +#define deny_input_open ssh_deny_input_open +#define derive_ssh1_session_id ssh_derive_ssh1_session_id +#define detect_attack ssh_detect_attack +#define dh_estimate ssh_dh_estimate +#define dh_gen_key ssh_dh_gen_key +#define dh_new_group ssh_dh_new_group +#define dh_new_group1 ssh_dh_new_group1 +#define dh_new_group14 ssh_dh_new_group14 +#define dh_new_group_asc ssh_dh_new_group_asc +#define dh_pub_is_valid ssh_dh_pub_is_valid +#define dispatch_init ssh_dispatch_init +#define dispatch_protocol_error ssh_dispatch_protocol_error +#define dispatch_protocol_ignore ssh_dispatch_protocol_ignore +#define dispatch_range ssh_dispatch_range +#define dispatch_run ssh_dispatch_run +#define dispatch_set ssh_dispatch_set +#define do_log ssh_do_log +#define dump_base64 ssh_dump_base64 +#define enable_compat13 ssh_enable_compat13 +#define enable_compat20 ssh_enable_compat20 +#define error ssh_error +#define evp_acss ssh_evp_acss +#define evp_aes_128_ctr ssh_evp_aes_128_ctr +#define evp_rijndael ssh_evp_rijndael +#define evp_ssh1_3des ssh_evp_ssh1_3des +#define evp_ssh1_bf ssh_evp_ssh1_bf +#define export_dns_rr ssh_export_dns_rr +#define fatal ssh_fatal +#define freeargs ssh_freeargs +#define freerrset ssh_freerrset +#define gen_candidates ssh_gen_candidates +#define get_canonical_hostname ssh_get_canonical_hostname +#define get_local_ipaddr ssh_get_local_ipaddr +#define get_local_name ssh_get_local_name +#define get_local_port ssh_get_local_port +#define get_peer_ipaddr ssh_get_peer_ipaddr +#define get_peer_port ssh_get_peer_port +#define get_remote_ipaddr ssh_get_remote_ipaddr +#define get_remote_name_or_ip ssh_get_remote_name_or_ip +#define get_remote_port ssh_get_remote_port +#define get_u16 ssh_get_u16 +#define get_u32 ssh_get_u32 +#define get_u64 ssh_get_u64 +#define getrrsetbyname ssh_getrrsetbyname +#define host_hash ssh_host_hash +#define hostfile_read_key ssh_hostfile_read_key +#define hpdelim ssh_hpdelim +#define init_rng ssh_init_rng +#define ipv64_normalise_mapped ssh_ipv64_normalise_mapped +#define kex_derive_keys ssh_kex_derive_keys +#define kex_dh_hash ssh_kex_dh_hash +#define kex_finish ssh_kex_finish +#define kex_get_newkeys ssh_kex_get_newkeys +#define kex_input_kexinit ssh_kex_input_kexinit +#define kex_send_kexinit ssh_kex_send_kexinit +#define kex_setup ssh_kex_setup +#define kexdh_client ssh_kexdh_client +#define kexgex_client ssh_kexgex_client +#define kexgex_hash ssh_kexgex_hash +#define key_demote ssh_key_demote +#define key_equal ssh_key_equal +#define key_fingerprint ssh_key_fingerprint +#define key_fingerprint_raw ssh_key_fingerprint_raw +#define key_free ssh_key_free +#define key_from_blob ssh_key_from_blob +#define key_from_private ssh_key_from_private +#define key_generate ssh_key_generate +#define key_load_private ssh_key_load_private +#define key_load_private_pem ssh_key_load_private_pem +#define key_load_private_type ssh_key_load_private_type +#define key_load_public ssh_key_load_public +#define key_load_public_type ssh_key_load_public_type +#define key_names_valid2 ssh_key_names_valid2 +#define key_new ssh_key_new +#define key_new_private ssh_key_new_private +#define key_perm_ok ssh_key_perm_ok +#define key_read ssh_key_read +#define key_save_private ssh_key_save_private +#define key_sign ssh_key_sign +#define key_size ssh_key_size +#define key_ssh_name ssh_key_ssh_name +#define key_to_blob ssh_key_to_blob +#define key_type ssh_key_type +#define key_type_from_name ssh_key_type_from_name +#define key_verify ssh_key_verify +#define key_write ssh_key_write +#define log_facility_number ssh_log_facility_number +#define log_init ssh_log_init +#define log_level_number ssh_log_level_number +#define logit ssh_logit +#define lookup_key_in_hostfile_by_type ssh_lookup_key_in_hostfile_by_type +#define mac_compute ssh_mac_compute +#define mac_init ssh_mac_init +#define mac_valid ssh_mac_valid +#define match_host_and_ip ssh_match_host_and_ip +#define match_hostname ssh_match_hostname +#define match_list ssh_match_list +#define match_pattern ssh_match_pattern +#define match_pattern_list ssh_match_pattern_list +#define match_user ssh_match_user +#define mm_receive_fd ssh_mm_receive_fd +#define mm_send_fd ssh_mm_send_fd +#define mysignal ssh_mysignal +#define packet_add_padding ssh_packet_add_padding +#define packet_close ssh_packet_close +#define packet_connection_is_ipv4 ssh_packet_connection_is_ipv4 +#define packet_connection_is_on_socket ssh_packet_connection_is_on_socket +#define packet_disconnect ssh_packet_disconnect +#define packet_get_bignum ssh_packet_get_bignum +#define packet_get_bignum2 ssh_packet_get_bignum2 +#define packet_get_char ssh_packet_get_char +#define packet_get_connection_in ssh_packet_get_connection_in +#define packet_get_connection_out ssh_packet_get_connection_out +#define packet_get_encryption_key ssh_packet_get_encryption_key +#define packet_get_int ssh_packet_get_int +#define packet_get_keycontext ssh_packet_get_keycontext +#define packet_get_keyiv ssh_packet_get_keyiv +#define packet_get_keyiv_len ssh_packet_get_keyiv_len +#define packet_get_protocol_flags ssh_packet_get_protocol_flags +#define packet_get_raw ssh_packet_get_raw +#define packet_get_ssh1_cipher ssh_packet_get_ssh1_cipher +#define packet_get_state ssh_packet_get_state +#define packet_get_string ssh_packet_get_string +#define packet_have_data_to_write ssh_packet_have_data_to_write +#define packet_is_interactive ssh_packet_is_interactive +#define packet_need_rekeying ssh_packet_need_rekeying +#define packet_not_very_much_data_to_write ssh_packet_not_very_much_data_to_write +#define packet_process_incoming ssh_packet_process_incoming +#define packet_put_bignum ssh_packet_put_bignum +#define packet_put_bignum2 ssh_packet_put_bignum2 +#define packet_put_char ssh_packet_put_char +#define packet_put_cstring ssh_packet_put_cstring +#define packet_put_int ssh_packet_put_int +#define packet_put_raw ssh_packet_put_raw +#define packet_put_string ssh_packet_put_string +#define packet_read ssh_packet_read +#define packet_read_expect ssh_packet_read_expect +#define packet_read_poll ssh_packet_read_poll +#define packet_read_poll_seqnr ssh_packet_read_poll_seqnr +#define packet_read_seqnr ssh_packet_read_seqnr +#define packet_remaining ssh_packet_remaining +#define packet_send ssh_packet_send +#define packet_send_debug ssh_packet_send_debug +#define packet_send_ignore ssh_packet_send_ignore +#define packet_set_authenticated ssh_packet_set_authenticated +#define packet_set_connection ssh_packet_set_connection +#define packet_set_encryption_key ssh_packet_set_encryption_key +#define packet_set_interactive ssh_packet_set_interactive +#define packet_set_iv ssh_packet_set_iv +#define packet_set_keycontext ssh_packet_set_keycontext +#define packet_set_maxsize ssh_packet_set_maxsize +#define packet_set_nonblocking ssh_packet_set_nonblocking +#define packet_set_protocol_flags ssh_packet_set_protocol_flags +#define packet_set_rekey_limit ssh_packet_set_rekey_limit +#define packet_set_server ssh_packet_set_server +#define packet_set_state ssh_packet_set_state +#define packet_start ssh_packet_start +#define packet_start_compression ssh_packet_start_compression +#define packet_write_poll ssh_packet_write_poll +#define packet_write_wait ssh_packet_write_wait +#define percent_expand ssh_percent_expand +#define permanently_drop_suid ssh_permanently_drop_suid +#define permanently_set_uid ssh_permanently_set_uid +#define prime_test ssh_prime_test +#define proto_spec ssh_proto_spec +#define put_host_port ssh_put_host_port +#define put_u16 ssh_put_u16 +#define put_u32 ssh_put_u32 +#define put_u64 ssh_put_u64 +#define pwcopy ssh_pwcopy +#define read_keyfile_line ssh_read_keyfile_line +#define read_passphrase ssh_read_passphrase +#define refresh_progress_meter ssh_refresh_progress_meter +#define replacearg ssh_replacearg +#define restore_uid ssh_restore_uid +#define rijndael_decrypt ssh_rijndael_decrypt +#define rijndael_encrypt ssh_rijndael_encrypt +#define rijndael_set_key ssh_rijndael_set_key +#define rsa_generate_additional_parameters ssh_rsa_generate_additional_parameters +#define rsa_private_decrypt ssh_rsa_private_decrypt +#define rsa_public_encrypt ssh_rsa_public_encrypt +#define sanitise_stdfd ssh_sanitise_stdfd +#define seed_rng ssh_seed_rng +#define set_newkeys ssh_set_newkeys +#define set_nodelay ssh_set_nodelay +#define set_nonblock ssh_set_nonblock +#define shadow_pw ssh_shadow_pw +#define sigdie ssh_sigdie +#define ssh1_3des_iv ssh_ssh1_3des_iv +#define start_progress_meter ssh_start_progress_meter +#define stop_progress_meter ssh_stop_progress_meter +#define strdelim ssh_strdelim +#define sys_tun_open ssh_sys_tun_open +#define temporarily_use_uid ssh_temporarily_use_uid +#define tilde_expand_filename ssh_tilde_expand_filename +#define tohex ssh_tohex +#define tty_make_modes ssh_tty_make_modes +#define tty_parse_modes ssh_tty_parse_modes +#define tun_open ssh_tun_open +#define unset_nonblock ssh_unset_nonblock +#define uudecode ssh_uudecode +#define uuencode ssh_uuencode +#define verbose ssh_verbose +#define verify_host_key_dns ssh_verify_host_key_dns +#define vis ssh_vis +#define x11_connect_display ssh_x11_connect_display +#define x11_create_display_inet ssh_x11_create_display_inet +#define x11_input_open ssh_x11_input_open +#define x11_request_forwarding_with_spoofing ssh_x11_request_forwarding_with_spoofing +#define xasprintf ssh_xasprintf +#define xcalloc ssh_xcalloc +#define xcrypt ssh_xcrypt +#define xfree ssh_xfree +#define xmalloc ssh_xmalloc +#define xmmap ssh_xmmap +#define xrealloc ssh_xrealloc +#define xstrdup ssh_xstrdup +#define fmt_scaled ssh_fmt_scaled +#define scan_scaled ssh_scan_scaled +#define addr_match_list ssh_addr_match_list +#define packet_get_string_ptr ssh_packet_get_string_ptr +#define packet_set_timeout ssh_packet_set_timeout +#define mac_clear ssh_mac_clear +#define mac_setup ssh_mac_setup +#define umac_delete ssh_umac_delete +#define umac_final ssh_umac_final +#define umac_new ssh_umac_new +#define umac_update ssh_umac_update +#define chan_rcvd_eow ssh_chan_rcvd_eow +#define channel_input_status_confirm ssh_channel_input_status_confirm +#define channel_print_adm_permitted_opens ssh_channel_print_adm_permitted_opens +#define channel_register_open_confirm ssh_channel_register_open_confirm +#define channel_register_status_confirm ssh_channel_register_status_confirm +#define buffer_get_string_ptr ssh_buffer_get_string_ptr +#define ms_subtract_diff ssh_ms_subtract_diff +#define ms_to_timeval ssh_ms_to_timeval +#define fatal ssh_fatal +#define debug ssh_debug +#define debug2 ssh_debug2 +#define debug3 ssh_debug3 +#define error ssh_error +#define log_facility_name ssh_log_facility_name +#define log_level_name ssh_log_level_name +#define logit ssh_logit +#define verbose ssh_verbose diff --git a/lib/pam_module/pam_ssh/Makefile b/lib/pam_module/pam_ssh/Makefile index 2e980b6260..d3e53716ef 100644 --- a/lib/pam_module/pam_ssh/Makefile +++ b/lib/pam_module/pam_ssh/Makefile @@ -8,6 +8,6 @@ LDADD= -lssh -lcrypto -lcrypt DPADD= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT} SSHDIR= ${.CURDIR}/../../../crypto/openssh-5 -CFLAGS+= -I${SSHDIR} +CFLAGS+= -I${SSHDIR} -include ssh_namespace.h .include diff --git a/secure/Makefile.ssh.common b/secure/Makefile.ssh.common index 44cc839cc5..f583b3ca98 100644 --- a/secure/Makefile.ssh.common +++ b/secure/Makefile.ssh.common @@ -2,7 +2,7 @@ SSHDIR= ${.CURDIR}/../../../crypto/openssh-5 -CFLAGS+= -I${.CURDIR}/../../lib/libssh -I${SSHDIR} +CFLAGS+= -I${.CURDIR}/../../lib/libssh -I${SSHDIR} -include ssh_namespace.h NOLINT= true -- 2.41.0 From deef488e02ca07b69ad2e4bfdbd03883f357a88e Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Thu, 1 Jan 2009 10:51:45 -0500 Subject: [PATCH 14/16] Change the GCC specific __FUNCTION__ to C99's __func__. Obtained-from: FreeBSD --- lib/libpam/pam_mod_misc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libpam/pam_mod_misc.h b/lib/libpam/pam_mod_misc.h index b13686d258..13a25f0bdf 100644 --- a/lib/libpam/pam_mod_misc.h +++ b/lib/libpam/pam_mod_misc.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/libpam/security/pam_mod_misc.h,v 1.12 2003/05/31 16:56:35 des Exp $ + * $FreeBSD: src/lib/libpam/libpam/security/pam_mod_misc.h,v 1.13 2006/07/17 11:48:52 stefanf Exp $ * $DragonFly: src/lib/libpam/pam_mod_misc.h,v 1.1 2005/07/13 12:34:21 joerg Exp $ */ @@ -52,6 +52,6 @@ __END_DECLS return (arg) #define PAM_VERBOSE_ERROR(...) \ - _pam_verbose_error(pamh, flags, __FILE__, __FUNCTION__, __VA_ARGS__) + _pam_verbose_error(pamh, flags, __FILE__, __func__, __VA_ARGS__) #endif -- 2.41.0 From 9de973a8f165b9add0c92b9632f338705b997529 Mon Sep 17 00:00:00 2001 From: Sepherosa Ziehau Date: Fri, 2 Jan 2009 19:37:42 +0800 Subject: [PATCH 15/16] Add VPD capability register offsets Obtained-from: FreeBSD --- sys/bus/pci/pcireg.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/bus/pci/pcireg.h b/sys/bus/pci/pcireg.h index 8942145981..a1e8d403a4 100644 --- a/sys/bus/pci/pcireg.h +++ b/sys/bus/pci/pcireg.h @@ -383,6 +383,10 @@ #define PCIR_POWER_DATA 0x7 +/* VPD capability registers */ +#define PCIR_VPD_ADDR 0x2 +#define PCIR_VPD_DATA 0x4 + /* PCI Message Signalled Interrupts (MSI) */ #define PCIR_MSI_CTRL 0x2 #define PCIM_MSICTRL_VECTOR 0x0100 -- 2.41.0 From 3b22dc82a2446d6d2b9591d205d4bb923abf2a28 Mon Sep 17 00:00:00 2001 From: Sepherosa Ziehau Date: Fri, 2 Jan 2009 19:52:51 +0800 Subject: [PATCH 16/16] Add age(4) for Attansic/Atheros L1 gigabit ethernet controller. Obtained-from: FreeBSD (yongari@freebsd.org) --- share/man/man4/Makefile | 1 + share/man/man4/age.4 | 165 ++ sys/dev/netif/Makefile | 8 +- sys/dev/netif/age/Makefile | 6 + sys/dev/netif/age/if_age.c | 3009 +++++++++++++++++++++++++++++++++ sys/dev/netif/age/if_agereg.h | 658 +++++++ sys/dev/netif/age/if_agevar.h | 266 +++ 7 files changed, 4109 insertions(+), 4 deletions(-) create mode 100644 share/man/man4/age.4 create mode 100644 sys/dev/netif/age/Makefile create mode 100644 sys/dev/netif/age/if_age.c create mode 100644 sys/dev/netif/age/if_agereg.h create mode 100644 sys/dev/netif/age/if_agevar.h diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 906c91bf30..347d63a221 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -11,6 +11,7 @@ MAN= aac.4 \ acx.4 \ adv.4 \ adw.4 \ + age.4 \ agp.4 \ aha.4 \ ahb.4 \ diff --git a/share/man/man4/age.4 b/share/man/man4/age.4 new file mode 100644 index 0000000000..dc55ac506a --- /dev/null +++ b/share/man/man4/age.4 @@ -0,0 +1,165 @@ +.\" Copyright (c) 2008 Pyun YongHyeon +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/share/man/man4/age.4,v 1.3 2008/09/18 05:08:17 yongari Exp $ +.\" +.Dd January 2, 2009 +.Dt AGE 4 +.Os +.Sh NAME +.Nm age +.Nd Attansic/Atheros L1 Gigabit Ethernet driver +.Sh SYNOPSIS +To compile this driver into the kernel, +place the following lines in your +kernel configuration file: +.Bd -ragged -offset indent +.Cd "device miibus" +.Cd "device age" +.Ed +.Pp +Alternatively, to load the driver as a +module at boot time, place the following line in +.Xr loader.conf 5 : +.Bd -literal -offset indent +if_age_load="YES" +.Ed +.Sh DESCRIPTION +The +.Nm +device driver provides support for Attansic/Atheros L1 PCI Express +Gigabit Ethernet controllers. +.Pp +All LOMs supported by the +.Nm +driver have TCP/UDP/IP checksum offload for both transmit and receive, +hardware VLAN tag stripping/insertion features and +an interrupt moderation mechanism as well as +a 64-bit multicast hash filter. +.Pp +The L1 also supports Jumbo Frames (up to 10240 bytes), +which can be configured via the interface MTU setting. +Selecting an MTU larger than 1500 bytes with the +.Xr ifconfig 8 +utility configures the adapter to receive and transmit Jumbo Frames. +.Pp +The +.Nm +driver supports the following media types: +.Bl -tag -width ".Cm 10baseT/UTP" +.It Cm autoselect +Enable autoselection of the media type and options. +The user can manually override +the autoselected mode by adding media options to +.Xr rc.conf 5 . +.It Cm 10baseT/UTP +Set 10Mbps operation. +.It Cm 100baseTX +Set 100Mbps (Fast Ethernet) operation. +.It Cm 1000baseT +Set 1000baseT operation over twisted pair. +.El +.Pp +The +.Nm +driver supports the following media options: +.Bl -tag -width ".Cm full-duplex" +.It Cm full-duplex +Force full duplex operation. +.It Cm half-duplex +Force half duplex operation. +.El +.Pp +For more information on configuring this device, see +.Xr ifconfig 8 . +.Sh HARDWARE +The +.Nm +driver provides support for LOMs based on +Attansic/Atheros L1 Gigabit Ethernet controller chips, including: +.Pp +.Bl -bullet -compact +.It +ASUS M2N8-VMX +.It +ASUS M2V +.It +ASUS M3A +.It +ASUS P2-M2A590G +.It +ASUS P5B-E +.It +ASUS P5B-MX/WIFI-AP +.It +ASUS P5B-VMSE +.It +ASUS P5K +.It +ASUS P5KC +.It +ASUS P5KPL-C +.It +ASUS P5KPL-VM +.It +ASUS P5K-SE +.It +ASUS P5K-V +.It +ASUS P5L-MX +.It +ASUS P5DL2-VM +.It +ASUS P5L-VM 1394 +.It +ASUS G2S +.El +.Sh SYSCTL VARIABLES +The following variables are available as +.Xr sysctl 8 +variables: +.Bl -tag -width "xxxxxx" +.It Va dev.age%d.int_mod +Maximum amount of time to delay interrupt processing in units of 2us. +The accepted range is 0 to 65000, the default is 50 (100us). +Value 0 completely disables the interrupt moderation. +.It Va dev.age%d.stats +Display lots of useful MAC counters maintained in the driver. +.El +.Sh SEE ALSO +.Xr altq 4 , +.Xr arp 4 , +.Xr miibus 4 , +.Xr netintro 4 , +.Xr ng_ether 4 , +.Xr vlan 4 , +.Xr ifconfig 8 +.Sh HISTORY +The +.Nm +driver was written by +.An Pyun YongHyeon +.Aq yongari@FreeBSD.org . +It first appeared in +.Fx 7.1 . diff --git a/sys/dev/netif/Makefile b/sys/dev/netif/Makefile index f41d02ae26..8221da398e 100644 --- a/sys/dev/netif/Makefile +++ b/sys/dev/netif/Makefile @@ -1,9 +1,9 @@ # $DragonFly: src/sys/dev/netif/Makefile,v 1.34 2008/07/26 14:26:30 sephe Exp $ # -SUBDIR= an acx ale ar ath aue axe bce bfe bge bwi cue dc ed em ep et fwe fxp \ - iwi iwl jme kue lge lnc mii_layer my msk nfe nge pcn ral re rl rtw \ - rue rum sbni sbsh sf sis sk sln sr ste stge \ - ti tl tx txp ural vge vr vx wb wi xe xl +SUBDIR= an acx age ale ar ath aue axe bce bfe bge bwi cue dc ed em ep et fwe \ + fxp iwi iwl jme kue lge lnc mii_layer my msk nfe nge pcn ral re rl \ + rtw rue rum sbni sbsh sf sis sk sln sr ste stge ti tl tx txp ural vge \ + vr vx wb wi xe xl .include diff --git a/sys/dev/netif/age/Makefile b/sys/dev/netif/age/Makefile new file mode 100644 index 0000000000..d4e9458321 --- /dev/null +++ b/sys/dev/netif/age/Makefile @@ -0,0 +1,6 @@ +KMOD= if_age +SRCS= if_age.c +SRCS+= miibus_if.h device_if.h bus_if.h pci_if.h +KMODDEPS= miibus + +.include diff --git a/sys/dev/netif/age/if_age.c b/sys/dev/netif/age/if_age.c new file mode 100644 index 0000000000..c4d521db80 --- /dev/null +++ b/sys/dev/netif/age/if_age.c @@ -0,0 +1,3009 @@ +/*- + * Copyright (c) 2008, Pyun YongHyeon + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice unmodified, this list of conditions, and the following + * disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/sys/dev/age/if_age.c,v 1.6 2008/11/07 07:02:28 yongari Exp $ + */ + +/* Driver for Attansic Technology Corp. L1 Gigabit Ethernet. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include +#include +#include + +#include +#include + +/* "device miibus" required. See GENERIC if you get errors here. */ +#include "miibus_if.h" + +#define AGE_CSUM_FEATURES (CSUM_TCP | CSUM_UDP) + +struct age_dmamap_ctx { + int nsegs; + bus_dma_segment_t *segs; +}; + +static int age_probe(device_t); +static int age_attach(device_t); +static int age_detach(device_t); +static int age_shutdown(device_t); +static int age_suspend(device_t); +static int age_resume(device_t); + +static int age_miibus_readreg(device_t, int, int); +static int age_miibus_writereg(device_t, int, int, int); +static void age_miibus_statchg(device_t); + +static void age_init(void *); +static int age_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); +static void age_start(struct ifnet *); +static void age_watchdog(struct ifnet *); +static void age_mediastatus(struct ifnet *, struct ifmediareq *); +static int age_mediachange(struct ifnet *); + +static void age_intr(void *); +static void age_txintr(struct age_softc *, int); +static void age_rxintr(struct age_softc *, int); +static void age_rxeof(struct age_softc *sc, struct rx_rdesc *); + +static int age_dma_alloc(struct age_softc *); +static void age_dma_free(struct age_softc *); +static void age_dmamap_cb(void *, bus_dma_segment_t *, int, int); +static void age_dmamap_buf_cb(void *, bus_dma_segment_t *, int, + bus_size_t, int); +static int age_check_boundary(struct age_softc *); +static int age_newbuf(struct age_softc *, struct age_rxdesc *, int); +static int age_encap(struct age_softc *, struct mbuf **); +static void age_init_tx_ring(struct age_softc *); +static int age_init_rx_ring(struct age_softc *); +static void age_init_rr_ring(struct age_softc *); +static void age_init_cmb_block(struct age_softc *); +static void age_init_smb_block(struct age_softc *); + +static void age_tick(void *); +static void age_stop(struct age_softc *); +static void age_reset(struct age_softc *); +static int age_read_vpd_word(struct age_softc *, uint32_t, uint32_t, + uint32_t *); +static void age_get_macaddr(struct age_softc *); +static void age_phy_reset(struct age_softc *); +static void age_mac_config(struct age_softc *); +static void age_stats_update(struct age_softc *); +static void age_stop_txmac(struct age_softc *); +static void age_stop_rxmac(struct age_softc *); +static void age_rxvlan(struct age_softc *); +static void age_rxfilter(struct age_softc *); +#ifdef wol_notyet +static void age_setwol(struct age_softc *); +#endif + +static void age_sysctl_node(struct age_softc *); +static int sysctl_age_stats(SYSCTL_HANDLER_ARGS); +static int sysctl_hw_age_int_mod(SYSCTL_HANDLER_ARGS); + +/* + * Devices supported by this driver. + */ +static struct age_dev { + uint16_t age_vendorid; + uint16_t age_deviceid; + const char *age_name; +} age_devs[] = { + { VENDORID_ATTANSIC, DEVICEID_ATTANSIC_L1, + "Attansic Technology Corp, L1 Gigabit Ethernet" }, +}; + +static device_method_t age_methods[] = { + /* Device interface. */ + DEVMETHOD(device_probe, age_probe), + DEVMETHOD(device_attach, age_attach), + DEVMETHOD(device_detach, age_detach), + DEVMETHOD(device_shutdown, age_shutdown), + DEVMETHOD(device_suspend, age_suspend), + DEVMETHOD(device_resume, age_resume), + + /* Bus interface. */ + DEVMETHOD(bus_print_child, bus_generic_print_child), + DEVMETHOD(bus_driver_added, bus_generic_driver_added), + + /* MII interface. */ + DEVMETHOD(miibus_readreg, age_miibus_readreg), + DEVMETHOD(miibus_writereg, age_miibus_writereg), + DEVMETHOD(miibus_statchg, age_miibus_statchg), + + { NULL, NULL } +}; + +static driver_t age_driver = { + "age", + age_methods, + sizeof(struct age_softc) +}; + +static devclass_t age_devclass; + +DECLARE_DUMMY_MODULE(if_age); +MODULE_DEPEND(if_age, miibus, 1, 1, 1); +DRIVER_MODULE(if_age, pci, age_driver, age_devclass, 0, 0); +DRIVER_MODULE(miibus, age, miibus_driver, miibus_devclass, 0, 0); + +/* + * Read a PHY register on the MII of the L1. + */ +static int +age_miibus_readreg(device_t dev, int phy, int reg) +{ + struct age_softc *sc; + uint32_t v; + int i; + + sc = device_get_softc(dev); + if (phy != sc->age_phyaddr) + return (0); + + CSR_WRITE_4(sc, AGE_MDIO, MDIO_OP_EXECUTE | MDIO_OP_READ | + MDIO_SUP_PREAMBLE | MDIO_CLK_25_4 | MDIO_REG_ADDR(reg)); + for (i = AGE_PHY_TIMEOUT; i > 0; i--) { + DELAY(1); + v = CSR_READ_4(sc, AGE_MDIO); + if ((v & (MDIO_OP_EXECUTE | MDIO_OP_BUSY)) == 0) + break; + } + + if (i == 0) { + device_printf(sc->age_dev, "phy read timeout : %d\n", reg); + return (0); + } + + return ((v & MDIO_DATA_MASK) >> MDIO_DATA_SHIFT); +} + +/* + * Write a PHY register on the MII of the L1. + */ +static int +age_miibus_writereg(device_t dev, int phy, int reg, int val) +{ + struct age_softc *sc; + uint32_t v; + int i; + + sc = device_get_softc(dev); + if (phy != sc->age_phyaddr) + return (0); + + CSR_WRITE_4(sc, AGE_MDIO, MDIO_OP_EXECUTE | MDIO_OP_WRITE | + (val & MDIO_DATA_MASK) << MDIO_DATA_SHIFT | + MDIO_SUP_PREAMBLE | MDIO_CLK_25_4 | MDIO_REG_ADDR(reg)); + for (i = AGE_PHY_TIMEOUT; i > 0; i--) { + DELAY(1); + v = CSR_READ_4(sc, AGE_MDIO); + if ((v & (MDIO_OP_EXECUTE | MDIO_OP_BUSY)) == 0) + break; + } + + if (i == 0) + device_printf(sc->age_dev, "phy write timeout : %d\n", reg); + + return (0); +} + +/* + * Callback from MII layer when media changes. + */ +static void +age_miibus_statchg(device_t dev) +{ + struct age_softc *sc = device_get_softc(dev); + struct ifnet *ifp = &sc->arpcom.ac_if; + struct mii_data *mii; + + ASSERT_SERIALIZED(ifp->if_serializer); + + if ((ifp->if_flags & IFF_RUNNING) == 0) + return; + + mii = device_get_softc(sc->age_miibus); + + sc->age_flags &= ~AGE_FLAG_LINK; + if ((mii->mii_media_status & IFM_AVALID) != 0) { + switch (IFM_SUBTYPE(mii->mii_media_active)) { + case IFM_10_T: + case IFM_100_TX: + case IFM_1000_T: + sc->age_flags |= AGE_FLAG_LINK; + break; + default: + break; + } + } + + /* Stop Rx/Tx MACs. */ + age_stop_rxmac(sc); + age_stop_txmac(sc); + + /* Program MACs with resolved speed/duplex/flow-control. */ + if ((sc->age_flags & AGE_FLAG_LINK) != 0) { + uint32_t reg; + + age_mac_config(sc); + + reg = CSR_READ_4(sc, AGE_MAC_CFG); + /* Restart DMA engine and Tx/Rx MAC. */ + CSR_WRITE_4(sc, AGE_DMA_CFG, CSR_READ_4(sc, AGE_DMA_CFG) | + DMA_CFG_RD_ENB | DMA_CFG_WR_ENB); + reg |= MAC_CFG_TX_ENB | MAC_CFG_RX_ENB; + CSR_WRITE_4(sc, AGE_MAC_CFG, reg); + } +} + +/* + * Get the current interface media status. + */ +static void +age_mediastatus(struct ifnet *ifp, struct ifmediareq *ifmr) +{ + struct age_softc *sc = ifp->if_softc; + struct mii_data *mii = device_get_softc(sc->age_miibus); + + ASSERT_SERIALIZED(ifp->if_serializer); + + mii_pollstat(mii); + ifmr->ifm_status = mii->mii_media_status; + ifmr->ifm_active = mii->mii_media_active; +} + +/* + * Set hardware to newly-selected media. + */ +static int +age_mediachange(struct ifnet *ifp) +{ + struct age_softc *sc = ifp->if_softc; + struct mii_data *mii = device_get_softc(sc->age_miibus); + int error; + + ASSERT_SERIALIZED(ifp->if_serializer); + + if (mii->mii_instance != 0) { + struct mii_softc *miisc; + + LIST_FOREACH(miisc, &mii->mii_phys, mii_list) + mii_phy_reset(miisc); + } + error = mii_mediachg(mii); + + return (error); +} + +static int +age_read_vpd_word(struct age_softc *sc, uint32_t vpdc, uint32_t offset, + uint32_t *word) +{ + int i; + + pci_write_config(sc->age_dev, vpdc + PCIR_VPD_ADDR, offset, 2); + for (i = AGE_TIMEOUT; i > 0; i--) { + DELAY(10); + if ((pci_read_config(sc->age_dev, vpdc + PCIR_VPD_ADDR, 2) & + 0x8000) == 0x8000) + break; + } + if (i == 0) { + device_printf(sc->age_dev, "VPD read timeout!\n"); + *word = 0; + return (ETIMEDOUT); + } + + *word = pci_read_config(sc->age_dev, vpdc + PCIR_VPD_DATA, 4); + return (0); +} + +static int +age_probe(device_t dev) +{ + struct age_dev *sp; + int i; + uint16_t vendor, devid; + + vendor = pci_get_vendor(dev); + devid = pci_get_device(dev); + sp = age_devs; + for (i = 0; i < sizeof(age_devs) / sizeof(age_devs[0]); + i++, sp++) { + if (vendor == sp->age_vendorid && + devid == sp->age_deviceid) { + device_set_desc(dev, sp->age_name); + return (0); + } + } + return (ENXIO); +} + +static void +age_get_macaddr(struct age_softc *sc) +{ + uint32_t ea[2], off, reg, word; + int vpd_error, match, vpdc; + + reg = CSR_READ_4(sc, AGE_SPI_CTRL); + if ((reg & SPI_VPD_ENB) != 0) { + /* Get VPD stored in TWSI EEPROM. */ + reg &= ~SPI_VPD_ENB; + CSR_WRITE_4(sc, AGE_SPI_CTRL, reg); + } + + ea[0] = ea[1] = 0; + vpdc = pci_get_vpdcap_ptr(sc->age_dev); + if (vpdc) { + vpd_error = 0; + + /* + * PCI VPD capability exists, but it seems that it's + * not in the standard form as stated in PCI VPD + * specification such that driver could not use + * pci_get_vpd_readonly(9) with keyword 'NA'. + * Search VPD data starting at address 0x0100. The data + * should be used as initializers to set AGE_PAR0, + * AGE_PAR1 register including other PCI configuration + * registers. + */ + word = 0; + match = 0; + reg = 0; + for (off = AGE_VPD_REG_CONF_START; off < AGE_VPD_REG_CONF_END; + off += sizeof(uint32_t)) { + vpd_error = age_read_vpd_word(sc, vpdc, off, &word); + if (vpd_error != 0) + break; + if (match != 0) { + switch (reg) { + case AGE_PAR0: + ea[0] = word; + break; + case AGE_PAR1: + ea[1] = word; + break; + default: + break; + } + match = 0; + } else if ((word & 0xFF) == AGE_VPD_REG_CONF_SIG) { + match = 1; + reg = word >> 16; + } else + break; + } + if (off >= AGE_VPD_REG_CONF_END) + vpd_error = ENOENT; + if (vpd_error == 0) { + /* + * Don't blindly trust ethernet address obtained + * from VPD. Check whether ethernet address is + * valid one. Otherwise fall-back to reading + * PAR register. + */ + ea[1] &= 0xFFFF; + if ((ea[0] == 0 && ea[1] == 0) || + (ea[0] == 0xFFFFFFFF && ea[1] == 0xFFFF)) { + if (bootverbose) + device_printf(sc->age_dev, + "invalid ethernet address " + "returned from VPD.\n"); + vpd_error = EINVAL; + } + } + if (vpd_error != 0 && (bootverbose)) + device_printf(sc->age_dev, "VPD access failure!\n"); + } else { + vpd_error = ENOENT; + if (bootverbose) + device_printf(sc->age_dev, + "PCI VPD capability not found!\n"); + } + + /* + * It seems that L1 also provides a way to extract ethernet + * address via SPI flash interface. Because SPI flash memory + * device of different vendors vary in their instruction + * codes for read ID instruction, it's very hard to get + * instructions codes without detailed information for the + * flash memory device used on ethernet controller. To simplify + * code, just read AGE_PAR0/AGE_PAR1 register to get ethernet + * address which is supposed to be set by hardware during + * power on reset. + */ + if (vpd_error != 0) { + /* + * VPD is mapped to SPI flash memory or BIOS set it. + */ + ea[0] = CSR_READ_4(sc, AGE_PAR0); + ea[1] = CSR_READ_4(sc, AGE_PAR1); + } + + ea[1] &= 0xFFFF; + if ((ea[0] == 0 && ea[1] == 0) || + (ea[0] == 0xFFFFFFFF && ea[1] == 0xFFFF)) { + device_printf(sc->age_dev, + "generating fake ethernet address.\n"); + ea[0] = karc4random(); + /* Set OUI to ASUSTek COMPUTER INC. */ + sc->age_eaddr[0] = 0x00; + sc->age_eaddr[1] = 0x1B; + sc->age_eaddr[2] = 0xFC; + sc->age_eaddr[3] = (ea[0] >> 16) & 0xFF; + sc->age_eaddr[4] = (ea[0] >> 8) & 0xFF; + sc->age_eaddr[5] = (ea[0] >> 0) & 0xFF; + } else { + sc->age_eaddr[0] = (ea[1] >> 8) & 0xFF; + sc->age_eaddr[1] = (ea[1] >> 0) & 0xFF; + sc->age_eaddr[2] = (ea[0] >> 24) & 0xFF; + sc->age_eaddr[3] = (ea[0] >> 16) & 0xFF; + sc->age_eaddr[4] = (ea[0] >> 8) & 0xFF; + sc->age_eaddr[5] = (ea[0] >> 0) & 0xFF; + } +} + +static void +age_phy_reset(struct age_softc *sc) +{ + /* Reset PHY. */ + CSR_WRITE_4(sc, AGE_GPHY_CTRL, GPHY_CTRL_RST); + DELAY(1000); + CSR_WRITE_4(sc, AGE_GPHY_CTRL, GPHY_CTRL_CLR); + DELAY(1000); +} + +static int +age_attach(device_t dev) +{ + struct age_softc *sc = device_get_softc(dev); + struct ifnet *ifp = &sc->arpcom.ac_if; + uint8_t pcie_ptr; + int error; + + error = 0; + sc->age_dev = dev; + if_initname(ifp, device_get_name(dev), device_get_unit(dev)); + + callout_init(&sc->age_tick_ch); + +#ifndef BURN_BRIDGES + if (pci_get_powerstate(dev) != PCI_POWERSTATE_D0) { + uint32_t irq, mem; + + irq = pci_read_config(dev, PCIR_INTLINE, 4); + mem = pci_read_config(dev, AGE_PCIR_BAR, 4); + + device_printf(dev, "chip is in D%d power mode " + "-- setting to D0\n", pci_get_powerstate(dev)); + + pci_set_powerstate(dev, PCI_POWERSTATE_D0); + + pci_write_config(dev, PCIR_INTLINE, irq, 4); + pci_write_config(dev, AGE_PCIR_BAR, mem, 4); + } +#endif /* !BURN_BRIDGE */ + + /* Enable bus mastering */ + pci_enable_busmaster(dev); + + /* + * Allocate memory mapped IO + */ + sc->age_mem_rid = AGE_PCIR_BAR; + sc->age_mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, + &sc->age_mem_rid, RF_ACTIVE); + if (sc->age_mem_res == NULL) { + device_printf(dev, "can't allocate IO memory\n"); + return ENXIO; + } + sc->age_mem_bt = rman_get_bustag(sc->age_mem_res); + sc->age_mem_bh = rman_get_bushandle(sc->age_mem_res); + + /* + * Allocate IRQ + */ + sc->age_irq_rid = 0; + sc->age_irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, + &sc->age_irq_rid, + RF_SHAREABLE | RF_ACTIVE); + if (sc->age_irq_res == NULL) { + device_printf(dev, "can't allocate irq\n"); + error = ENXIO; + goto fail; + } + + /* Set PHY address. */ + sc->age_phyaddr = AGE_PHY_ADDR; + + /* Reset PHY. */ + age_phy_reset(sc); + + /* Reset the ethernet controller. */ + age_reset(sc); + + /* Get PCI and chip id/revision. */ + sc->age_rev = pci_get_revid(dev); + sc->age_chip_rev = CSR_READ_4(sc, AGE_MASTER_CFG) >> + MASTER_CHIP_REV_SHIFT; + if (bootverbose) { + device_printf(dev, "PCI device revision : 0x%04x\n", sc->age_rev); + device_printf(dev, "Chip id/revision : 0x%04x\n", + sc->age_chip_rev); + } + + /* + * XXX + * Unintialized hardware returns an invalid chip id/revision + * as well as 0xFFFFFFFF for Tx/Rx fifo length. It seems that + * unplugged cable results in putting hardware into automatic + * power down mode which in turn returns invalld chip revision. + */ + if (sc->age_chip_rev == 0xFFFF) { + device_printf(dev,"invalid chip revision : 0x%04x -- " + "not initialized?\n", sc->age_chip_rev); + error = ENXIO; + goto fail; + } + device_printf(dev, "%d Tx FIFO, %d Rx FIFO\n", + CSR_READ_4(sc, AGE_SRAM_TX_FIFO_LEN), + CSR_READ_4(sc, AGE_SRAM_RX_FIFO_LEN)); + + /* Get DMA parameters from PCIe device control register. */ + pcie_ptr = pci_get_pciecap_ptr(dev); + if (pcie_ptr) { + uint16_t devctl; + + sc->age_flags |= AGE_FLAG_PCIE; + devctl = pci_read_config(dev, pcie_ptr + PCIER_DEVCTRL, 2); + /* Max read request size. */ + sc->age_dma_rd_burst = ((devctl >> 12) & 0x07) << + DMA_CFG_RD_BURST_SHIFT; + /* Max payload size. */ + sc->age_dma_wr_burst = ((devctl >> 5) & 0x07) << + DMA_CFG_WR_BURST_SHIFT; + if (bootverbose) { + device_printf(dev, "Read request size : %d bytes.\n", + 128 << ((devctl >> 12) & 0x07)); + device_printf(dev, "TLP payload size : %d bytes.\n", + 128 << ((devctl >> 5) & 0x07)); + } + } else { + sc->age_dma_rd_burst = DMA_CFG_RD_BURST_128; + sc->age_dma_wr_burst = DMA_CFG_WR_BURST_128; + } + + /* Create device sysctl node. */ + age_sysctl_node(sc); + + if ((error = age_dma_alloc(sc) != 0)) + goto fail; + + /* Load station address. */ + age_get_macaddr(sc); + + ifp->if_softc = sc; + ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; + ifp->if_ioctl = age_ioctl; + ifp->if_start = age_start; + ifp->if_init = age_init; + ifp->if_watchdog = age_watchdog; + ifq_set_maxlen(&ifp->if_snd, AGE_TX_RING_CNT - 1); + ifq_set_ready(&ifp->if_snd); + + ifp->if_capabilities = IFCAP_HWCSUM | + IFCAP_VLAN_MTU | + IFCAP_VLAN_HWTAGGING; + ifp->if_hwassist = AGE_CSUM_FEATURES; + ifp->if_capenable = ifp->if_capabilities; + + /* Set up MII bus. */ + if ((error = mii_phy_probe(dev, &sc->age_miibus, age_mediachange, + age_mediastatus)) != 0) { + device_printf(dev, "no PHY found!\n"); + goto fail; + } + + ether_ifattach(ifp, sc->age_eaddr, NULL); + + /* Tell the upper layer(s) we support long frames. */ + ifp->if_data.ifi_hdrlen = sizeof(struct ether_vlan_header); + + error = bus_setup_intr(dev, sc->age_irq_res, INTR_MPSAFE, age_intr, sc, + &sc->age_irq_handle, ifp->if_serializer); + if (error) { + device_printf(dev, "could not set up interrupt handler.\n"); + ether_ifdetach(ifp); + goto fail; + } + + ifp->if_cpuid = ithread_cpuid(rman_get_start(sc->age_irq_res)); + KKASSERT(ifp->if_cpuid >= 0 && ifp->if_cpuid < ncpus); + return 0; +fail: + age_detach(dev); + return (error); +} + +static int +age_detach(device_t dev) +{ + struct age_softc *sc = device_get_softc(dev); + + if (device_is_attached(dev)) { + struct ifnet *ifp = &sc->arpcom.ac_if; + + lwkt_serialize_enter(ifp->if_serializer); + sc->age_flags |= AGE_FLAG_DETACH; + age_stop(sc); + bus_teardown_intr(dev, sc->age_irq_res, sc->age_irq_handle); + lwkt_serialize_exit(ifp->if_serializer); + + ether_ifdetach(ifp); + } + + if (sc->age_sysctl_tree != NULL) + sysctl_ctx_free(&sc->age_sysctl_ctx); + + if (sc->age_miibus != NULL) + device_delete_child(dev, sc->age_miibus); + bus_generic_detach(dev); + + if (sc->age_irq_res != NULL) { + bus_release_resource(dev, SYS_RES_IRQ, sc->age_irq_rid, + sc->age_irq_res); + } + if (sc->age_mem_res != NULL) { + bus_release_resource(dev, SYS_RES_MEMORY, sc->age_mem_rid, + sc->age_mem_res); + } + + age_dma_free(sc); + + return (0); +} + +static void +age_sysctl_node(struct age_softc *sc) +{ + int error; + + sysctl_ctx_init(&sc->age_sysctl_ctx); + sc->age_sysctl_tree = SYSCTL_ADD_NODE(&sc->age_sysctl_ctx, + SYSCTL_STATIC_CHILDREN(_hw), OID_AUTO, + device_get_nameunit(sc->age_dev), + CTLFLAG_RD, 0, ""); + if (sc->age_sysctl_tree == NULL) { + device_printf(sc->age_dev, "can't add sysctl node\n"); + return; + } + + SYSCTL_ADD_PROC(&sc->age_sysctl_ctx, + SYSCTL_CHILDREN(sc->age_sysctl_tree), OID_AUTO, + "stats", CTLTYPE_INT | CTLFLAG_RW, sc, 0, sysctl_age_stats, + "I", "Statistics"); + + SYSCTL_ADD_PROC(&sc->age_sysctl_ctx, + SYSCTL_CHILDREN(sc->age_sysctl_tree), OID_AUTO, + "int_mod", CTLTYPE_INT | CTLFLAG_RW, &sc->age_int_mod, 0, + sysctl_hw_age_int_mod, "I", "age interrupt moderation"); + + /* Pull in device tunables. */ + sc->age_int_mod = AGE_IM_TIMER_DEFAULT; + error = resource_int_value(device_get_name(sc->age_dev), + device_get_unit(sc->age_dev), "int_mod", &sc->age_int_mod); + if (error == 0) { + if (sc->age_int_mod < AGE_IM_TIMER_MIN || + sc->age_int_mod > AGE_IM_TIMER_MAX) { + device_printf(sc->age_dev, + "int_mod value out of range; using default: %d\n", + AGE_IM_TIMER_DEFAULT); + sc->age_int_mod = AGE_IM_TIMER_DEFAULT; + } + } +} + +struct age_dmamap_arg { + bus_addr_t age_busaddr; +}; + +static void +age_dmamap_cb(void *arg, bus_dma_segment_t *segs, int nsegs, int error) +{ + struct age_dmamap_arg *ctx; + + if (error != 0) + return; + + KASSERT(nsegs == 1, ("%s: %d segments returned!", __func__, nsegs)); + + ctx = (struct age_dmamap_arg *)arg; + ctx->age_busaddr = segs[0].ds_addr; +} + +/* + * Attansic L1 controller have single register to specify high + * address part of DMA blocks. So all descriptor structures and + * DMA memory blocks should have the same high address of given + * 4GB address space(i.e. crossing 4GB boundary is not allowed). + */ +static int +age_check_boundary(struct age_softc *sc) +{ + bus_addr_t rx_ring_end, rr_ring_end, tx_ring_end; + bus_addr_t cmb_block_end, smb_block_end; + + /* Tx/Rx descriptor queue should reside within 4GB boundary. */ + tx_ring_end = sc->age_rdata.age_tx_ring_paddr + AGE_TX_RING_SZ; + rx_ring_end = sc->age_rdata.age_rx_ring_paddr + AGE_RX_RING_SZ; + rr_ring_end = sc->age_rdata.age_rr_ring_paddr + AGE_RR_RING_SZ; + cmb_block_end = sc->age_rdata.age_cmb_block_paddr + AGE_CMB_BLOCK_SZ; + smb_block_end = sc->age_rdata.age_smb_block_paddr + AGE_SMB_BLOCK_SZ; + + if ((AGE_ADDR_HI(tx_ring_end) != + AGE_ADDR_HI(sc->age_rdata.age_tx_ring_paddr)) || + (AGE_ADDR_HI(rx_ring_end) != + AGE_ADDR_HI(sc->age_rdata.age_rx_ring_paddr)) || + (AGE_ADDR_HI(rr_ring_end) != + AGE_ADDR_HI(sc->age_rdata.age_rr_ring_paddr)) || + (AGE_ADDR_HI(cmb_block_end) != + AGE_ADDR_HI(sc->age_rdata.age_cmb_block_paddr)) || + (AGE_ADDR_HI(smb_block_end) != + AGE_ADDR_HI(sc->age_rdata.age_smb_block_paddr))) + return (EFBIG); + + if ((AGE_ADDR_HI(tx_ring_end) != AGE_ADDR_HI(rx_ring_end)) || + (AGE_ADDR_HI(tx_ring_end) != AGE_ADDR_HI(rr_ring_end)) || + (AGE_ADDR_HI(tx_ring_end) != AGE_ADDR_HI(cmb_block_end)) || + (AGE_ADDR_HI(tx_ring_end) != AGE_ADDR_HI(smb_block_end))) + return (EFBIG); + + return (0); +} + +static int +age_dma_alloc(struct age_softc *sc) +{ + struct age_txdesc *txd; + struct age_rxdesc *rxd; + bus_addr_t lowaddr; + struct age_dmamap_arg ctx; + int error, i; + + lowaddr = BUS_SPACE_MAXADDR; +again: + /* Create parent ring/DMA block tag. */ + error = bus_dma_tag_create( + NULL, /* parent */ + 1, 0, /* alignment, boundary */ + lowaddr, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + BUS_SPACE_MAXSIZE_32BIT, /* maxsize */ + 0, /* nsegments */ + BUS_SPACE_MAXSIZE_32BIT, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_parent_tag); + if (error != 0) { + device_printf(sc->age_dev, + "could not create parent DMA tag.\n"); + goto fail; + } + + /* Create tag for Tx ring. */ + error = bus_dma_tag_create( + sc->age_cdata.age_parent_tag, /* parent */ + AGE_TX_RING_ALIGN, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + AGE_TX_RING_SZ, /* maxsize */ + 1, /* nsegments */ + AGE_TX_RING_SZ, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_tx_ring_tag); + if (error != 0) { + device_printf(sc->age_dev, + "could not create Tx ring DMA tag.\n"); + goto fail; + } + + /* Create tag for Rx ring. */ + error = bus_dma_tag_create( + sc->age_cdata.age_parent_tag, /* parent */ + AGE_RX_RING_ALIGN, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + AGE_RX_RING_SZ, /* maxsize */ + 1, /* nsegments */ + AGE_RX_RING_SZ, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_rx_ring_tag); + if (error != 0) { + device_printf(sc->age_dev, + "could not create Rx ring DMA tag.\n"); + goto fail; + } + + /* Create tag for Rx return ring. */ + error = bus_dma_tag_create( + sc->age_cdata.age_parent_tag, /* parent */ + AGE_RR_RING_ALIGN, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + AGE_RR_RING_SZ, /* maxsize */ + 1, /* nsegments */ + AGE_RR_RING_SZ, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_rr_ring_tag); + if (error != 0) { + device_printf(sc->age_dev, + "could not create Rx return ring DMA tag.\n"); + goto fail; + } + + /* Create tag for coalesing message block. */ + error = bus_dma_tag_create( + sc->age_cdata.age_parent_tag, /* parent */ + AGE_CMB_ALIGN, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + AGE_CMB_BLOCK_SZ, /* maxsize */ + 1, /* nsegments */ + AGE_CMB_BLOCK_SZ, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_cmb_block_tag); + if (error != 0) { + device_printf(sc->age_dev, + "could not create CMB DMA tag.\n"); + goto fail; + } + + /* Create tag for statistics message block. */ + error = bus_dma_tag_create( + sc->age_cdata.age_parent_tag, /* parent */ + AGE_SMB_ALIGN, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + AGE_SMB_BLOCK_SZ, /* maxsize */ + 1, /* nsegments */ + AGE_SMB_BLOCK_SZ, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_smb_block_tag); + if (error != 0) { + device_printf(sc->age_dev, + "could not create SMB DMA tag.\n"); + goto fail; + } + + /* Allocate DMA'able memory and load the DMA map. */ + error = bus_dmamem_alloc(sc->age_cdata.age_tx_ring_tag, + (void **)&sc->age_rdata.age_tx_ring, + BUS_DMA_WAITOK | BUS_DMA_ZERO, + &sc->age_cdata.age_tx_ring_map); + if (error != 0) { + device_printf(sc->age_dev, + "could not allocate DMA'able memory for Tx ring.\n"); + goto fail; + } + ctx.age_busaddr = 0; + error = bus_dmamap_load(sc->age_cdata.age_tx_ring_tag, + sc->age_cdata.age_tx_ring_map, sc->age_rdata.age_tx_ring, + AGE_TX_RING_SZ, age_dmamap_cb, &ctx, 0); + if (error != 0 || ctx.age_busaddr == 0) { + device_printf(sc->age_dev, + "could not load DMA'able memory for Tx ring.\n"); + goto fail; + } + sc->age_rdata.age_tx_ring_paddr = ctx.age_busaddr; + /* Rx ring */ + error = bus_dmamem_alloc(sc->age_cdata.age_rx_ring_tag, + (void **)&sc->age_rdata.age_rx_ring, + BUS_DMA_WAITOK | BUS_DMA_ZERO, + &sc->age_cdata.age_rx_ring_map); + if (error != 0) { + device_printf(sc->age_dev, + "could not allocate DMA'able memory for Rx ring.\n"); + goto fail; + } + ctx.age_busaddr = 0; + error = bus_dmamap_load(sc->age_cdata.age_rx_ring_tag, + sc->age_cdata.age_rx_ring_map, sc->age_rdata.age_rx_ring, + AGE_RX_RING_SZ, age_dmamap_cb, &ctx, 0); + if (error != 0 || ctx.age_busaddr == 0) { + device_printf(sc->age_dev, + "could not load DMA'able memory for Rx ring.\n"); + goto fail; + } + sc->age_rdata.age_rx_ring_paddr = ctx.age_busaddr; + /* Rx return ring */ + error = bus_dmamem_alloc(sc->age_cdata.age_rr_ring_tag, + (void **)&sc->age_rdata.age_rr_ring, + BUS_DMA_WAITOK | BUS_DMA_ZERO, + &sc->age_cdata.age_rr_ring_map); + if (error != 0) { + device_printf(sc->age_dev, + "could not allocate DMA'able memory for Rx return ring.\n"); + goto fail; + } + ctx.age_busaddr = 0; + error = bus_dmamap_load(sc->age_cdata.age_rr_ring_tag, + sc->age_cdata.age_rr_ring_map, sc->age_rdata.age_rr_ring, + AGE_RR_RING_SZ, age_dmamap_cb, &ctx, 0); + if (error != 0 || ctx.age_busaddr == 0) { + device_printf(sc->age_dev, + "could not load DMA'able memory for Rx return ring.\n"); + goto fail; + } + sc->age_rdata.age_rr_ring_paddr = ctx.age_busaddr; + /* CMB block */ + error = bus_dmamem_alloc(sc->age_cdata.age_cmb_block_tag, + (void **)&sc->age_rdata.age_cmb_block, + BUS_DMA_WAITOK | BUS_DMA_ZERO, + &sc->age_cdata.age_cmb_block_map); + if (error != 0) { + device_printf(sc->age_dev, + "could not allocate DMA'able memory for CMB block.\n"); + goto fail; + } + ctx.age_busaddr = 0; + error = bus_dmamap_load(sc->age_cdata.age_cmb_block_tag, + sc->age_cdata.age_cmb_block_map, sc->age_rdata.age_cmb_block, + AGE_CMB_BLOCK_SZ, age_dmamap_cb, &ctx, 0); + if (error != 0 || ctx.age_busaddr == 0) { + device_printf(sc->age_dev, + "could not load DMA'able memory for CMB block.\n"); + goto fail; + } + sc->age_rdata.age_cmb_block_paddr = ctx.age_busaddr; + /* SMB block */ + error = bus_dmamem_alloc(sc->age_cdata.age_smb_block_tag, + (void **)&sc->age_rdata.age_smb_block, + BUS_DMA_WAITOK | BUS_DMA_ZERO, + &sc->age_cdata.age_smb_block_map); + if (error != 0) { + device_printf(sc->age_dev, + "could not allocate DMA'able memory for SMB block.\n"); + goto fail; + } + ctx.age_busaddr = 0; + error = bus_dmamap_load(sc->age_cdata.age_smb_block_tag, + sc->age_cdata.age_smb_block_map, sc->age_rdata.age_smb_block, + AGE_SMB_BLOCK_SZ, age_dmamap_cb, &ctx, 0); + if (error != 0 || ctx.age_busaddr == 0) { + device_printf(sc->age_dev, + "could not load DMA'able memory for SMB block.\n"); + goto fail; + } + sc->age_rdata.age_smb_block_paddr = ctx.age_busaddr; + + /* + * All ring buffer and DMA blocks should have the same + * high address part of 64bit DMA address space. + */ + if (lowaddr != BUS_SPACE_MAXADDR_32BIT && + (error = age_check_boundary(sc)) != 0) { + device_printf(sc->age_dev, "4GB boundary crossed, " + "switching to 32bit DMA addressing mode.\n"); + age_dma_free(sc); + /* Limit DMA address space to 32bit and try again. */ + lowaddr = BUS_SPACE_MAXADDR_32BIT; + goto again; + } + + /* + * Create Tx/Rx buffer parent tag. + * L1 supports full 64bit DMA addressing in Tx/Rx buffers + * so it needs separate parent DMA tag. + */ + error = bus_dma_tag_create( + NULL, /* parent */ + 1, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + BUS_SPACE_MAXSIZE_32BIT, /* maxsize */ + 0, /* nsegments */ + BUS_SPACE_MAXSIZE_32BIT, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_buffer_tag); + if (error != 0) { + device_printf(sc->age_dev, + "could not create parent buffer DMA tag.\n"); + goto fail; + } + + /* Create tag for Tx buffers. */ + error = bus_dma_tag_create( + sc->age_cdata.age_buffer_tag, /* parent */ + 1, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + AGE_TSO_MAXSIZE, /* maxsize */ + AGE_MAXTXSEGS, /* nsegments */ + AGE_TSO_MAXSEGSIZE, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_tx_tag); + if (error != 0) { + device_printf(sc->age_dev, "could not create Tx DMA tag.\n"); + goto fail; + } + + /* Create tag for Rx buffers. */ + error = bus_dma_tag_create( + sc->age_cdata.age_buffer_tag, /* parent */ + 1, 0, /* alignment, boundary */ + BUS_SPACE_MAXADDR, /* lowaddr */ + BUS_SPACE_MAXADDR, /* highaddr */ + NULL, NULL, /* filter, filterarg */ + MCLBYTES, /* maxsize */ + 1, /* nsegments */ + MCLBYTES, /* maxsegsize */ + 0, /* flags */ + &sc->age_cdata.age_rx_tag); + if (error != 0) { + device_printf(sc->age_dev, "could not create Rx DMA tag.\n"); + goto fail; + } + + /* Create DMA maps for Tx buffers. */ + for (i = 0; i < AGE_TX_RING_CNT; i++) { + txd = &sc->age_cdata.age_txdesc[i]; + txd->tx_m = NULL; + txd->tx_dmamap = NULL; + error = bus_dmamap_create(sc->age_cdata.age_tx_tag, 0, + &txd->tx_dmamap); + if (error != 0) { + device_printf(sc->age_dev, + "could not create Tx dmamap.\n"); + goto fail; + } + } + /* Create DMA maps for Rx buffers. */ + if ((error = bus_dmamap_create(sc->age_cdata.age_rx_tag, 0, + &sc->age_cdata.age_rx_sparemap)) != 0) { + device_printf(sc->age_dev, + "could not create spare Rx dmamap.\n"); + goto fail; + } + for (i = 0; i < AGE_RX_RING_CNT; i++) { + rxd = &sc->age_cdata.age_rxdesc[i]; + rxd->rx_m = NULL; + rxd->rx_dmamap = NULL; + error = bus_dmamap_create(sc->age_cdata.age_rx_tag, 0, + &rxd->rx_dmamap); + if (error != 0) { + device_printf(sc->age_dev, + "could not create Rx dmamap.\n"); + goto fail; + } + } +fail: + return (error); +} + +static void +age_dma_free(struct age_softc *sc) +{ + struct age_txdesc *txd; + struct age_rxdesc *rxd; + int i; + + /* Tx buffers */ + if (sc->age_cdata.age_tx_tag != NULL) { + for (i = 0; i < AGE_TX_RING_CNT; i++) { + txd = &sc->age_cdata.age_txdesc[i]; + if (txd->tx_dmamap != NULL) { + bus_dmamap_destroy(sc->age_cdata.age_tx_tag, + txd->tx_dmamap); + txd->tx_dmamap = NULL; + } + } + bus_dma_tag_destroy(sc->age_cdata.age_tx_tag); + sc->age_cdata.age_tx_tag = NULL; + } + /* Rx buffers */ + if (sc->age_cdata.age_rx_tag != NULL) { + for (i = 0; i < AGE_RX_RING_CNT; i++) { + rxd = &sc->age_cdata.age_rxdesc[i]; + if (rxd->rx_dmamap != NULL) { + bus_dmamap_destroy(sc->age_cdata.age_rx_tag, + rxd->rx_dmamap); + rxd->rx_dmamap = NULL; + } + } + if (sc->age_cdata.age_rx_sparemap != NULL) { + bus_dmamap_destroy(sc->age_cdata.age_rx_tag, + sc->age_cdata.age_rx_sparemap); + sc->age_cdata.age_rx_sparemap = NULL; + } + bus_dma_tag_destroy(sc->age_cdata.age_rx_tag); + sc->age_cdata.age_rx_tag = NULL; + } + /* Tx ring. */ + if (sc->age_cdata.age_tx_ring_tag != NULL) { + if (sc->age_cdata.age_tx_ring_map != NULL) + bus_dmamap_unload(sc->age_cdata.age_tx_ring_tag, + sc->age_cdata.age_tx_ring_map); + if (sc->age_cdata.age_tx_ring_map != NULL && + sc->age_rdata.age_tx_ring != NULL) + bus_dmamem_free(sc->age_cdata.age_tx_ring_tag, + sc->age_rdata.age_tx_ring, + sc->age_cdata.age_tx_ring_map); + sc->age_rdata.age_tx_ring = NULL; + sc->age_cdata.age_tx_ring_map = NULL; + bus_dma_tag_destroy(sc->age_cdata.age_tx_ring_tag); + sc->age_cdata.age_tx_ring_tag = NULL; + } + /* Rx ring. */ + if (sc->age_cdata.age_rx_ring_tag != NULL) { + if (sc->age_cdata.age_rx_ring_map != NULL) + bus_dmamap_unload(sc->age_cdata.age_rx_ring_tag, + sc->age_cdata.age_rx_ring_map); + if (sc->age_cdata.age_rx_ring_map != NULL && + sc->age_rdata.age_rx_ring != NULL) + bus_dmamem_free(sc->age_cdata.age_rx_ring_tag, + sc->age_rdata.age_rx_ring, + sc->age_cdata.age_rx_ring_map); + sc->age_rdata.age_rx_ring = NULL; + sc->age_cdata.age_rx_ring_map = NULL; + bus_dma_tag_destroy(sc->age_cdata.age_rx_ring_tag); + sc->age_cdata.age_rx_ring_tag = NULL; + } + /* Rx return ring. */ + if (sc->age_cdata.age_rr_ring_tag != NULL) { + if (sc->age_cdata.age_rr_ring_map != NULL) + bus_dmamap_unload(sc->age_cdata.age_rr_ring_tag, + sc->age_cdata.age_rr_ring_map); + if (sc->age_cdata.age_rr_ring_map != NULL && + sc->age_rdata.age_rr_ring != NULL) + bus_dmamem_free(sc->age_cdata.age_rr_ring_tag, + sc->age_rdata.age_rr_ring, + sc->age_cdata.age_rr_ring_map); + sc->age_rdata.age_rr_ring = NULL; + sc->age_cdata.age_rr_ring_map = NULL; + bus_dma_tag_destroy(sc->age_cdata.age_rr_ring_tag); + sc->age_cdata.age_rr_ring_tag = NULL; + } + /* CMB block */ + if (sc->age_cdata.age_cmb_block_tag != NULL) { + if (sc->age_cdata.age_cmb_block_map != NULL) + bus_dmamap_unload(sc->age_cdata.age_cmb_block_tag, + sc->age_cdata.age_cmb_block_map); + if (sc->age_cdata.age_cmb_block_map != NULL && + sc->age_rdata.age_cmb_block != NULL) + bus_dmamem_free(sc->age_cdata.age_cmb_block_tag, + sc->age_rdata.age_cmb_block, + sc->age_cdata.age_cmb_block_map); + sc->age_rdata.age_cmb_block = NULL; + sc->age_cdata.age_cmb_block_map = NULL; + bus_dma_tag_destroy(sc->age_cdata.age_cmb_block_tag); + sc->age_cdata.age_cmb_block_tag = NULL; + } + /* SMB block */ + if (sc->age_cdata.age_smb_block_tag != NULL) { + if (sc->age_cdata.age_smb_block_map != NULL) + bus_dmamap_unload(sc->age_cdata.age_smb_block_tag, + sc->age_cdata.age_smb_block_map); + if (sc->age_cdata.age_smb_block_map != NULL && + sc->age_rdata.age_smb_block != NULL) + bus_dmamem_free(sc->age_cdata.age_smb_block_tag, + sc->age_rdata.age_smb_block, + sc->age_cdata.age_smb_block_map); + sc->age_rdata.age_smb_block = NULL; + sc->age_cdata.age_smb_block_map = NULL; + bus_dma_tag_destroy(sc->age_cdata.age_smb_block_tag); + sc->age_cdata.age_smb_block_tag = NULL; + } + + if (sc->age_cdata.age_buffer_tag != NULL) { + bus_dma_tag_destroy(sc->age_cdata.age_buffer_tag); + sc->age_cdata.age_buffer_tag = NULL; + } + if (sc->age_cdata.age_parent_tag != NULL) { + bus_dma_tag_destroy(sc->age_cdata.age_parent_tag); + sc->age_cdata.age_parent_tag = NULL; + } +} + +/* + * Make sure the interface is stopped at reboot time. + */ +static int +age_shutdown(device_t dev) +{ + return age_suspend(dev); +} + +#ifdef wol_notyet + +static void +age_setwol(struct age_softc *sc) +{ + struct ifnet *ifp; + struct mii_data *mii; + uint32_t reg, pmcs; + uint16_t pmstat; + int aneg, i, pmc; + + AGE_LOCK_ASSERT(sc); + + if (pci_find_extcap(sc->age_dev, PCIY_PMG, &pmc) == 0) { + CSR_WRITE_4(sc, AGE_WOL_CFG, 0); + /* + * No PME capability, PHY power down. + * XXX + * Due to an unknown reason powering down PHY resulted + * in unexpected results such as inaccessbility of + * hardware of freshly rebooted system. Disable + * powering down PHY until I got more information for + * Attansic/Atheros PHY hardwares. + */ +#ifdef notyet + age_miibus_writereg(sc->age_dev, sc->age_phyaddr, + MII_BMCR, BMCR_PDOWN); +#endif + return; + } + + ifp = sc->age_ifp; + if ((ifp->if_capenable & IFCAP_WOL) != 0) { + /* + * Note, this driver resets the link speed to 10/100Mbps with + * auto-negotiation but we don't know whether that operation + * would succeed or not as it have no control after powering + * off. If the renegotiation fail WOL may not work. Running + * at 1Gbps will draw more power than 375mA at 3.3V which is + * specified in PCI specification and that would result in + * complete shutdowning power to ethernet controller. + * + * TODO + * Save current negotiated media speed/duplex/flow-control + * to softc and restore the same link again after resuming. + * PHY handling such as power down/resetting to 100Mbps + * may be better handled in suspend method in phy driver. + */ + mii = device_get_softc(sc->age_miibus); + mii_pollstat(mii); + aneg = 0; + if ((mii->mii_media_status & IFM_AVALID) != 0) { + switch IFM_SUBTYPE(mii->mii_media_active) { + case IFM_10_T: + case IFM_100_TX: + goto got_link; + case IFM_1000_T: + aneg++; + default: + break; + } + } + age_miibus_writereg(sc->age_dev, sc->age_phyaddr, + MII_100T2CR, 0); + age_miibus_writereg(sc->age_dev, sc->age_phyaddr, + MII_ANAR, ANAR_TX_FD | ANAR_TX | ANAR_10_FD | + ANAR_10 | ANAR_CSMA); + age_miibus_writereg(sc->age_dev, sc->age_phyaddr, + MII_BMCR, BMCR_RESET | BMCR_AUTOEN | BMCR_STARTNEG); + DELAY(1000); + if (aneg != 0) { + /* Poll link state until age(4) get a 10/100 link. */ + for (i = 0; i < MII_ANEGTICKS_GIGE; i++) { + mii_pollstat(mii); + if ((mii->mii_media_status & IFM_AVALID) != 0) { + switch (IFM_SUBTYPE( + mii->mii_media_active)) { + case IFM_10_T: + case IFM_100_TX: + age_mac_config(sc); + goto got_link; + default: + break; + } + } + AGE_UNLOCK(sc); + pause("agelnk", hz); + AGE_LOCK(sc); + } + if (i == MII_ANEGTICKS_GIGE) + device_printf(sc->age_dev, + "establishing link failed, " + "WOL may not work!"); + } + /* + * No link, force MAC to have 100Mbps, full-duplex link. + * This is the last resort and may/may not work. + */ + mii->mii_media_status = IFM_AVALID | IFM_ACTIVE; + mii->mii_media_active = IFM_ETHER | IFM_100_TX | IFM_FDX; + age_mac_config(sc); + } + +got_link: + pmcs = 0; + if ((ifp->if_capenable & IFCAP_WOL_MAGIC) != 0) + pmcs |= WOL_CFG_MAGIC | WOL_CFG_MAGIC_ENB; + CSR_WRITE_4(sc, AGE_WOL_CFG, pmcs); + reg = CSR_READ_4(sc, AGE_MAC_CFG); + reg &= ~(MAC_CFG_DBG | MAC_CFG_PROMISC); + reg &= ~(MAC_CFG_ALLMULTI | MAC_CFG_BCAST); + if ((ifp->if_capenable & IFCAP_WOL_MCAST) != 0) + reg |= MAC_CFG_ALLMULTI | MAC_CFG_BCAST; + if ((ifp->if_capenable & IFCAP_WOL) != 0) { + reg |= MAC_CFG_RX_ENB; + CSR_WRITE_4(sc, AGE_MAC_CFG, reg); + } + + /* Request PME. */ + pmstat = pci_read_config(sc->age_dev, pmc + PCIR_POWER_STATUS, 2); + pmstat &= ~(PCIM_PSTAT_PME | PCIM_PSTAT_PMEENABLE); + if ((ifp->if_capenable & IFCAP_WOL) != 0) + pmstat |= PCIM_PSTAT_PME | PCIM_PSTAT_PMEENABLE; + pci_write_config(sc->age_dev, pmc + PCIR_POWER_STATUS, pmstat, 2); +#ifdef notyet + /* See above for powering down PHY issues. */ + if ((ifp->if_capenable & IFCAP_WOL) == 0) { + /* No WOL, PHY power down. */ + age_miibus_writereg(sc->age_dev, sc->age_phyaddr, + MII_BMCR, BMCR_PDOWN); + } +#endif +} + +#endif /* wol_notyet */ + +static int +age_suspend(device_t dev) +{ + struct age_softc *sc = device_get_softc(dev); + struct ifnet *ifp = &sc->arpcom.ac_if; + + lwkt_serialize_enter(ifp->if_serializer); + age_stop(sc); +#ifdef wol_notyet + age_setwol(sc); +#endif + lwkt_serialize_exit(ifp->if_serializer); + + return (0); +} + +static int +age_resume(device_t dev) +{ + struct age_softc *sc = device_get_softc(dev); + struct ifnet *ifp = &sc->arpcom.ac_if; + uint16_t cmd; + + lwkt_serialize_enter(ifp->if_serializer); + + /* + * Clear INTx emulation disable for hardwares that + * is set in resume event. From Linux. + */ + cmd = pci_read_config(sc->age_dev, PCIR_COMMAND, 2); + if ((cmd & 0x0400) != 0) { + cmd &= ~0x0400; + pci_write_config(sc->age_dev, PCIR_COMMAND, cmd, 2); + } + if ((ifp->if_flags & IFF_UP) != 0) + age_init(sc); + + lwkt_serialize_exit(ifp->if_serializer); + + return (0); +} + +static int +age_encap(struct age_softc *sc, struct mbuf **m_head) +{ + struct age_txdesc *txd, *txd_last; + struct tx_desc *desc; + struct mbuf *m; + struct age_dmamap_ctx ctx; + bus_dma_segment_t txsegs[AGE_MAXTXSEGS]; + bus_dmamap_t map; + uint32_t cflags, poff, vtag; + int error, i, nsegs, prod, si; + + M_ASSERTPKTHDR((*m_head)); + + m = *m_head; + cflags = vtag = 0; + poff = 0; + + si = prod = sc->age_cdata.age_tx_prod; + txd = &sc->age_cdata.age_txdesc[prod]; + txd_last = txd; + map = txd->tx_dmamap; + + ctx.nsegs = AGE_MAXTXSEGS; + ctx.segs = txsegs; + error = bus_dmamap_load_mbuf(sc->age_cdata.age_tx_tag, map, + *m_head, age_dmamap_buf_cb, &ctx, + BUS_DMA_NOWAIT); + if (!error && ctx.nsegs == 0) { + bus_dmamap_unload(sc->age_cdata.age_tx_tag, map); + error = EFBIG; + } + if (error == EFBIG) { + m = m_defrag(*m_head, MB_DONTWAIT); + if (m == NULL) { + m_freem(*m_head); + *m_head = NULL; + return (ENOBUFS); + } + *m_head = m; + + ctx.nsegs = AGE_MAXTXSEGS; + ctx.segs = txsegs; + error = bus_dmamap_load_mbuf(sc->age_cdata.age_tx_tag, map, + *m_head, age_dmamap_buf_cb, &ctx, + BUS_DMA_NOWAIT); + if (error || ctx.nsegs == 0) { + if (!error) { + bus_dmamap_unload(sc->age_cdata.age_tx_tag, + map); + error = EFBIG; + } + m_freem(*m_head); + *m_head = NULL; + return (error); + } + } else if (error != 0) { + return (error); + } + nsegs = ctx.nsegs; + + if (nsegs == 0) { + m_freem(*m_head); + *m_head = NULL; + return (EIO); + } + + /* Check descriptor overrun. */ + if (sc->age_cdata.age_tx_cnt + nsegs >= AGE_TX_RING_CNT - 2) { + bus_dmamap_unload(sc->age_cdata.age_tx_tag, map); + return (ENOBUFS); + } + + m = *m_head; + /* Configure Tx IP/TCP/UDP checksum offload. */ + if ((m->m_pkthdr.csum_flags & AGE_CSUM_FEATURES) != 0) { + cflags |= AGE_TD_CSUM; + if ((m->m_pkthdr.csum_flags & CSUM_TCP) != 0) + cflags |= AGE_TD_TCPCSUM; + if ((m->m_pkthdr.csum_flags & CSUM_UDP) != 0) + cflags |= AGE_TD_UDPCSUM; + /* Set checksum start offset. */ + cflags |= (poff << AGE_TD_CSUM_PLOADOFFSET_SHIFT); + /* Set checksum insertion position of TCP/UDP. */ + cflags |= ((poff + m->m_pkthdr.csum_data) << + AGE_TD_CSUM_XSUMOFFSET_SHIFT); + } + + /* Configure VLAN hardware tag insertion. */ + if ((m->m_flags & M_VLANTAG) != 0) { + vtag = AGE_TX_VLAN_TAG(m->m_pkthdr.ether_vlantag); + vtag = ((vtag << AGE_TD_VLAN_SHIFT) & AGE_TD_VLAN_MASK); + cflags |= AGE_TD_INSERT_VLAN_TAG; + } + + desc = NULL; + for (i = 0; i < nsegs; i++) { + desc = &sc->age_rdata.age_tx_ring[prod]; + desc->addr = htole64(txsegs[i].ds_addr); + desc->len = htole32(AGE_TX_BYTES(txsegs[i].ds_len) | vtag); + desc->flags = htole32(cflags); + sc->age_cdata.age_tx_cnt++; + AGE_DESC_INC(prod, AGE_TX_RING_CNT); + } + /* Update producer index. */ + sc->age_cdata.age_tx_prod = prod; + + /* Set EOP on the last descriptor. */ + prod = (prod + AGE_TX_RING_CNT - 1) % AGE_TX_RING_CNT; + desc = &sc->age_rdata.age_tx_ring[prod]; + desc->flags |= htole32(AGE_TD_EOP); + + /* Swap dmamap of the first and the last. */ + txd = &sc->age_cdata.age_txdesc[prod]; + map = txd_last->tx_dmamap; + txd_last->tx_dmamap = txd->tx_dmamap; + txd->tx_dmamap = map; + txd->tx_m = m; + + /* Sync descriptors. */ + bus_dmamap_sync(sc->age_cdata.age_tx_tag, map, BUS_DMASYNC_PREWRITE); + bus_dmamap_sync(sc->age_cdata.age_tx_ring_tag, + sc->age_cdata.age_tx_ring_map, BUS_DMASYNC_PREWRITE); + + return (0); +} + +static void +age_start(struct ifnet *ifp) +{ + struct age_softc *sc = ifp->if_softc; + struct mbuf *m_head; + int enq; + + ASSERT_SERIALIZED(ifp->if_serializer); + + if ((sc->age_flags & AGE_FLAG_LINK) == 0) { + ifq_purge(&ifp->if_snd); + return; + } + + if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) + return; + + enq = 0; + while (!ifq_is_empty(&ifp->if_snd)) { + m_head = ifq_dequeue(&ifp->if_snd, NULL); + if (m_head == NULL) + break; + + /* + * Pack the data into the transmit ring. If we + * don't have room, set the OACTIVE flag and wait + * for the NIC to drain the ring. + */ + if (age_encap(sc, &m_head)) { + if (m_head == NULL) + break; + ifq_prepend(&ifp->if_snd, m_head); + ifp->if_flags |= IFF_OACTIVE; + break; + } + enq = 1; + + /* + * If there's a BPF listener, bounce a copy of this frame + * to him. + */ + ETHER_BPF_MTAP(ifp, m_head); + } + + if (enq) { + /* Update mbox. */ + AGE_COMMIT_MBOX(sc); + /* Set a timeout in case the chip goes out to lunch. */ + ifp->if_timer = AGE_TX_TIMEOUT; + } +} + +static void +age_watchdog(struct ifnet *ifp) +{ + struct age_softc *sc = ifp->if_softc; + + ASSERT_SERIALIZED(ifp->if_serializer); + + if ((sc->age_flags & AGE_FLAG_LINK) == 0) { + if_printf(ifp, "watchdog timeout (missed link)\n"); + ifp->if_oerrors++; + age_init(sc); + return; + } + + if (sc->age_cdata.age_tx_cnt == 0) { + if_printf(ifp, + "watchdog timeout (missed Tx interrupts) -- recovering\n"); + if (!ifq_is_empty(&ifp->if_snd)) + if_devstart(ifp); + return; + } + + if_printf(ifp, "watchdog timeout\n"); + ifp->if_oerrors++; + age_init(sc); + if (!ifq_is_empty(&ifp->if_snd)) + if_devstart(ifp); +} + +static int +age_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) +{ + struct age_softc *sc = ifp->if_softc; + struct ifreq *ifr; + struct mii_data *mii; + uint32_t reg; + int error, mask; + + ASSERT_SERIALIZED(ifp->if_serializer); + + ifr = (struct ifreq *)data; + error = 0; + switch (cmd) { + case SIOCSIFMTU: + if (ifr->ifr_mtu < ETHERMIN || ifr->ifr_mtu > AGE_JUMBO_MTU) { + error = EINVAL; + } else if (ifp->if_mtu != ifr->ifr_mtu) { + ifp->if_mtu = ifr->ifr_mtu; + if ((ifp->if_flags & IFF_RUNNING) != 0) + age_init(sc); + } + break; + + case SIOCSIFFLAGS: + if ((ifp->if_flags & IFF_UP) != 0) { + if ((ifp->if_flags & IFF_RUNNING) != 0) { + if (((ifp->if_flags ^ sc->age_if_flags) + & (IFF_PROMISC | IFF_ALLMULTI)) != 0) + age_rxfilter(sc); + } else { + if ((sc->age_flags & AGE_FLAG_DETACH) == 0) + age_init(sc); + } + } else { + if ((ifp->if_flags & IFF_RUNNING) != 0) + age_stop(sc); + } + sc->age_if_flags = ifp->if_flags; + break; + + case SIOCADDMULTI: + case SIOCDELMULTI: + if ((ifp->if_flags & IFF_RUNNING) != 0) + age_rxfilter(sc); + break; + + case SIOCSIFMEDIA: + case SIOCGIFMEDIA: + mii = device_get_softc(sc->age_miibus); + error = ifmedia_ioctl(ifp, ifr, &mii->mii_media, cmd); + break; + + case SIOCSIFCAP: + mask = ifr->ifr_reqcap ^ ifp->if_capenable; + + if ((mask & IFCAP_TXCSUM) != 0 && + (ifp->if_capabilities & IFCAP_TXCSUM) != 0) { + ifp->if_capenable ^= IFCAP_TXCSUM; + if ((ifp->if_capenable & IFCAP_TXCSUM) != 0) + ifp->if_hwassist |= AGE_CSUM_FEATURES; + else + ifp->if_hwassist &= ~AGE_CSUM_FEATURES; + } + + if ((mask & IFCAP_RXCSUM) != 0 && + (ifp->if_capabilities & IFCAP_RXCSUM) != 0) { + ifp->if_capenable ^= IFCAP_RXCSUM; + reg = CSR_READ_4(sc, AGE_MAC_CFG); + reg &= ~MAC_CFG_RXCSUM_ENB; + if ((ifp->if_capenable & IFCAP_RXCSUM) != 0) + reg |= MAC_CFG_RXCSUM_ENB; + CSR_WRITE_4(sc, AGE_MAC_CFG, reg); + } + + if ((mask & IFCAP_VLAN_HWTAGGING) != 0 && + (ifp->if_capabilities & IFCAP_VLAN_HWTAGGING) != 0) { + ifp->if_capenable ^= IFCAP_VLAN_HWTAGGING; + age_rxvlan(sc); + } + break; + + default: + error = ether_ioctl(ifp, cmd, data); + break; + } + return (error); +} + +static void +age_mac_config(struct age_softc *sc) +{ + struct mii_data *mii = device_get_softc(sc->age_miibus); + uint32_t reg; + + reg = CSR_READ_4(sc, AGE_MAC_CFG); + reg &= ~MAC_CFG_FULL_DUPLEX; + reg &= ~(MAC_CFG_TX_FC | MAC_CFG_RX_FC); + reg &= ~MAC_CFG_SPEED_MASK; + + /* Reprogram MAC with resolved speed/duplex. */ + switch (IFM_SUBTYPE(mii->mii_media_active)) { + case IFM_10_T: + case IFM_100_TX: + reg |= MAC_CFG_SPEED_10_100; + break; + case IFM_1000_T: + reg |= MAC_CFG_SPEED_1000; + break; + } + if ((IFM_OPTIONS(mii->mii_media_active) & IFM_FDX) != 0) { + reg |= MAC_CFG_FULL_DUPLEX; +#ifdef notyet + if ((IFM_OPTIONS(mii->mii_media_active) & IFM_ETH_TXPAUSE) != 0) + reg |= MAC_CFG_TX_FC; + if ((IFM_OPTIONS(mii->mii_media_active) & IFM_ETH_RXPAUSE) != 0) + reg |= MAC_CFG_RX_FC; +#endif + } + CSR_WRITE_4(sc, AGE_MAC_CFG, reg); +} + +static void +age_stats_update(struct age_softc *sc) +{ + struct ifnet *ifp = &sc->arpcom.ac_if; + struct age_stats *stat; + struct smb *smb; + + stat = &sc->age_stat; + + bus_dmamap_sync(sc->age_cdata.age_smb_block_tag, + sc->age_cdata.age_smb_block_map, BUS_DMASYNC_POSTREAD); + + smb = sc->age_rdata.age_smb_block; + if (smb->updated == 0) + return; + + /* Rx stats. */ + stat->rx_frames += smb->rx_frames; + stat->rx_bcast_frames += smb->rx_bcast_frames; + stat->rx_mcast_frames += smb->rx_mcast_frames; + stat->rx_pause_frames += smb->rx_pause_frames; + stat->rx_control_frames += smb->rx_control_frames; + stat->rx_crcerrs += smb->rx_crcerrs; + stat->rx_lenerrs += smb->rx_lenerrs; + stat->rx_bytes += smb->rx_bytes; + stat->rx_runts += smb->rx_runts; + stat->rx_fragments += smb->rx_fragments; + stat->rx_pkts_64 += smb->rx_pkts_64; + stat->rx_pkts_65_127 += smb->rx_pkts_65_127; + stat->rx_pkts_128_255 += smb->rx_pkts_128_255; + stat->rx_pkts_256_511 += smb->rx_pkts_256_511; + stat->rx_pkts_512_1023 += smb->rx_pkts_512_1023; + stat->rx_pkts_1024_1518 += smb->rx_pkts_1024_1518; + stat->rx_pkts_1519_max += smb->rx_pkts_1519_max; + stat->rx_pkts_truncated += smb->rx_pkts_truncated; + stat->rx_fifo_oflows += smb->rx_fifo_oflows; + stat->rx_desc_oflows += smb->rx_desc_oflows; + stat->rx_alignerrs += smb->rx_alignerrs; + stat->rx_bcast_bytes += smb->rx_bcast_bytes; + stat->rx_mcast_bytes += smb->rx_mcast_bytes; + stat->rx_pkts_filtered += smb->rx_pkts_filtered; + + /* Tx stats. */ + stat->tx_frames += smb->tx_frames; + stat->tx_bcast_frames += smb->tx_bcast_frames; + stat->tx_mcast_frames += smb->tx_mcast_frames; + stat->tx_pause_frames += smb->tx_pause_frames; + stat->tx_excess_defer += smb->tx_excess_defer; + stat->tx_control_frames += smb->tx_control_frames; + stat->tx_deferred += smb->tx_deferred; + stat->tx_bytes += smb->tx_bytes; + stat->tx_pkts_64 += smb->tx_pkts_64; + stat->tx_pkts_65_127 += smb->tx_pkts_65_127; + stat->tx_pkts_128_255 += smb->tx_pkts_128_255; + stat->tx_pkts_256_511 += smb->tx_pkts_256_511; + stat->tx_pkts_512_1023 += smb->tx_pkts_512_1023; + stat->tx_pkts_1024_1518 += smb->tx_pkts_1024_1518; + stat->tx_pkts_1519_max += smb->tx_pkts_1519_max; + stat->tx_single_colls += smb->tx_single_colls; + stat->tx_multi_colls += smb->tx_multi_colls; + stat->tx_late_colls += smb->tx_late_colls; + stat->tx_excess_colls += smb->tx_excess_colls; + stat->tx_underrun += smb->tx_underrun; + stat->tx_desc_underrun += smb->tx_desc_underrun; + stat->tx_lenerrs += smb->tx_lenerrs; + stat->tx_pkts_truncated += smb->tx_pkts_truncated; + stat->tx_bcast_bytes += smb->tx_bcast_bytes; + stat->tx_mcast_bytes += smb->tx_mcast_bytes; + + /* Update counters in ifnet. */ + ifp->if_opackets += smb->tx_frames; + + ifp->if_collisions += smb->tx_single_colls + + smb->tx_multi_colls + smb->tx_late_colls + + smb->tx_excess_colls * HDPX_CFG_RETRY_DEFAULT; + + ifp->if_oerrors += smb->tx_excess_colls + + smb->tx_late_colls + smb->tx_underrun + + smb->tx_pkts_truncated; + + ifp->if_ipackets += smb->rx_frames; + + ifp->if_ierrors += smb->rx_crcerrs + smb->rx_lenerrs + + smb->rx_runts + smb->rx_pkts_truncated + + smb->rx_fifo_oflows + smb->rx_desc_oflows + + smb->rx_alignerrs; + + /* Update done, clear. */ + smb->updated = 0; + + bus_dmamap_sync(sc->age_cdata.age_smb_block_tag, + sc->age_cdata.age_smb_block_map, BUS_DMASYNC_PREWRITE); +} + +static void +age_intr(void *xsc) +{ + struct age_softc *sc = xsc; + struct ifnet *ifp = &sc->arpcom.ac_if; + struct cmb *cmb; + uint32_t status; + + ASSERT_SERIALIZED(ifp->if_serializer); + + status = CSR_READ_4(sc, AGE_INTR_STATUS); + if (status == 0 || (status & AGE_INTRS) == 0) + return; + + /* Disable and acknowledge interrupts. */ + CSR_WRITE_4(sc, AGE_INTR_STATUS, status | INTR_DIS_INT); + + cmb = sc->age_rdata.age_cmb_block; + + bus_dmamap_sync(sc->age_cdata.age_cmb_block_tag, + sc->age_cdata.age_cmb_block_map, BUS_DMASYNC_POSTREAD); + status = le32toh(cmb->intr_status); + if ((status & AGE_INTRS) == 0) + goto done; +again: + sc->age_tpd_cons = (le32toh(cmb->tpd_cons) & TPD_CONS_MASK) >> + TPD_CONS_SHIFT; + sc->age_rr_prod = (le32toh(cmb->rprod_cons) & RRD_PROD_MASK) >> + RRD_PROD_SHIFT; + + /* Let hardware know CMB was served. */ + cmb->intr_status = 0; + bus_dmamap_sync(sc->age_cdata.age_cmb_block_tag, + sc->age_cdata.age_cmb_block_map, BUS_DMASYNC_PREWRITE); + +#if 0 + kprintf("INTR: 0x%08x\n", status); + status &= ~INTR_DIS_DMA; + CSR_WRITE_4(sc, AGE_INTR_STATUS, status | INTR_DIS_INT); +#endif + + if ((ifp->if_flags & IFF_RUNNING) != 0) { + if ((status & INTR_CMB_RX) != 0) + age_rxintr(sc, sc->age_rr_prod); + + if ((status & INTR_CMB_TX) != 0) + age_txintr(sc, sc->age_tpd_cons); + + if ((status & (INTR_DMA_RD_TO_RST | INTR_DMA_WR_TO_RST)) != 0) { + if ((status & INTR_DMA_RD_TO_RST) != 0) + device_printf(sc->age_dev, + "DMA read error! -- resetting\n"); + if ((status & INTR_DMA_WR_TO_RST) != 0) + device_printf(sc->age_dev, + "DMA write error! -- resetting\n"); + age_init(sc); + /* XXX return? */ + } + + if (!ifq_is_empty(&ifp->if_snd)) + if_devstart(ifp); + + if ((status & INTR_SMB) != 0) + age_stats_update(sc); + } + + /* Check whether CMB was updated while serving Tx/Rx/SMB handler. */ + bus_dmamap_sync(sc->age_cdata.age_cmb_block_tag, + sc->age_cdata.age_cmb_block_map, BUS_DMASYNC_POSTREAD); + status = le32toh(cmb->intr_status); + if ((status & AGE_INTRS) != 0) + goto again; +done: + /* Re-enable interrupts. */ + CSR_WRITE_4(sc, AGE_INTR_STATUS, 0); +} + +static void +age_txintr(struct age_softc *sc, int tpd_cons) +{ + struct ifnet *ifp = &sc->arpcom.ac_if; + struct age_txdesc *txd; + int cons, prog; + + bus_dmamap_sync(sc->age_cdata.age_tx_ring_tag, + sc->age_cdata.age_tx_ring_map, BUS_DMASYNC_POSTREAD); + + /* + * Go through our Tx list and free mbufs for those + * frames which have been transmitted. + */ + cons = sc->age_cdata.age_tx_cons; + for (prog = 0; cons != tpd_cons; AGE_DESC_INC(cons, AGE_TX_RING_CNT)) { + if (sc->age_cdata.age_tx_cnt <= 0) + break; + prog++; + ifp->if_flags &= ~IFF_OACTIVE; + sc->age_cdata.age_tx_cnt--; + txd = &sc->age_cdata.age_txdesc[cons]; + /* + * Clear Tx descriptors, it's not required but would + * help debugging in case of Tx issues. + */ + txd->tx_desc->addr = 0; + txd->tx_desc->len = 0; + txd->tx_desc->flags = 0; + + if (txd->tx_m == NULL) + continue; + /* Reclaim transmitted mbufs. */ + bus_dmamap_unload(sc->age_cdata.age_tx_tag, txd->tx_dmamap); + m_freem(txd->tx_m); + txd->tx_m = NULL; + } + + if (prog > 0) { + sc->age_cdata.age_tx_cons = cons; + + /* + * Unarm watchdog timer only when there are no pending + * Tx descriptors in queue. + */ + if (sc->age_cdata.age_tx_cnt == 0) + ifp->if_timer = 0; + bus_dmamap_sync(sc->age_cdata.age_tx_ring_tag, + sc->age_cdata.age_tx_ring_map, BUS_DMASYNC_PREWRITE); + } +} + +/* Receive a frame. */ +static void +age_rxeof(struct age_softc *sc, struct rx_rdesc *rxrd) +{ + struct ifnet *ifp = &sc->arpcom.ac_if; + struct age_rxdesc *rxd; + struct rx_desc *desc; + struct mbuf *mp, *m; + uint32_t status, index, vtag; + int count, nsegs, pktlen; + int rx_cons; + + status = le32toh(rxrd->flags); + index = le32toh(rxrd->index); + rx_cons = AGE_RX_CONS(index); + nsegs = AGE_RX_NSEGS(index); + + sc->age_cdata.age_rxlen = AGE_RX_BYTES(le32toh(rxrd->len)); + if ((status & AGE_RRD_ERROR) != 0 && + (status & (AGE_RRD_CRC | AGE_RRD_CODE | AGE_RRD_DRIBBLE | + AGE_RRD_RUNT | AGE_RRD_OFLOW | AGE_RRD_TRUNC)) != 0) { + /* + * We want to pass the following frames to upper + * layer regardless of error status of Rx return + * ring. + * + * o IP/TCP/UDP checksum is bad. + * o frame length and protocol specific length + * does not match. + */ + sc->age_cdata.age_rx_cons += nsegs; + sc->age_cdata.age_rx_cons %= AGE_RX_RING_CNT; + return; + } + + pktlen = 0; + for (count = 0; count < nsegs; count++, + AGE_DESC_INC(rx_cons, AGE_RX_RING_CNT)) { + rxd = &sc->age_cdata.age_rxdesc[rx_cons]; + mp = rxd->rx_m; + desc = rxd->rx_desc; + /* Add a new receive buffer to the ring. */ + if (age_newbuf(sc, rxd, 0) != 0) { + ifp->if_iqdrops++; + /* Reuse Rx buffers. */ + if (sc->age_cdata.age_rxhead != NULL) { + m_freem(sc->age_cdata.age_rxhead); + AGE_RXCHAIN_RESET(sc); + } + break; + } + + /* The length of the first mbuf is computed last. */ + if (count != 0) { + mp->m_len = AGE_RX_BYTES(le32toh(desc->len)); + pktlen += mp->m_len; + } + + /* Chain received mbufs. */ + if (sc->age_cdata.age_rxhead == NULL) { + sc->age_cdata.age_rxhead = mp; + sc->age_cdata.age_rxtail = mp; + } else { + mp->m_flags &= ~M_PKTHDR; + sc->age_cdata.age_rxprev_tail = + sc->age_cdata.age_rxtail; + sc->age_cdata.age_rxtail->m_next = mp; + sc->age_cdata.age_rxtail = mp; + } + + if (count == nsegs - 1) { + /* + * It seems that L1 controller has no way + * to tell hardware to strip CRC bytes. + */ + sc->age_cdata.age_rxlen -= ETHER_CRC_LEN; + if (nsegs > 1) { + /* Remove the CRC bytes in chained mbufs. */ + pktlen -= ETHER_CRC_LEN; + if (mp->m_len <= ETHER_CRC_LEN) { + sc->age_cdata.age_rxtail = + sc->age_cdata.age_rxprev_tail; + sc->age_cdata.age_rxtail->m_len -= + (ETHER_CRC_LEN - mp->m_len); + sc->age_cdata.age_rxtail->m_next = NULL; + m_freem(mp); + } else { + mp->m_len -= ETHER_CRC_LEN; + } + } + + m = sc->age_cdata.age_rxhead; + m->m_flags |= M_PKTHDR; + m->m_pkthdr.rcvif = ifp; + m->m_pkthdr.len = sc->age_cdata.age_rxlen; + /* Set the first mbuf length. */ + m->m_len = sc->age_cdata.age_rxlen - pktlen; + + /* + * Set checksum information. + * It seems that L1 controller can compute partial + * checksum. The partial checksum value can be used + * to accelerate checksum computation for fragmented + * TCP/UDP packets. Upper network stack already + * takes advantage of the partial checksum value in + * IP reassembly stage. But I'm not sure the + * correctness of the partial hardware checksum + * assistance due to lack of data sheet. If it is + * proven to work on L1 I'll enable it. + */ + if ((ifp->if_capenable & IFCAP_RXCSUM) != 0 && + (status & AGE_RRD_IPV4) != 0) { + m->m_pkthdr.csum_flags |= CSUM_IP_CHECKED; + if ((status & AGE_RRD_IPCSUM_NOK) == 0) + m->m_pkthdr.csum_flags |= CSUM_IP_VALID; + if ((status & (AGE_RRD_TCP | AGE_RRD_UDP)) && + (status & AGE_RRD_TCP_UDPCSUM_NOK) == 0) { + m->m_pkthdr.csum_flags |= + CSUM_DATA_VALID | CSUM_PSEUDO_HDR; + m->m_pkthdr.csum_data = 0xffff; + } + /* + * Don't mark bad checksum for TCP/UDP frames + * as fragmented frames may always have set + * bad checksummed bit of descriptor status. + */ + } + + /* Check for VLAN tagged frames. */ + if ((ifp->if_capenable & IFCAP_VLAN_HWTAGGING) != 0 && + (status & AGE_RRD_VLAN) != 0) { + vtag = AGE_RX_VLAN(le32toh(rxrd->vtags)); + m->m_pkthdr.ether_vlantag = + AGE_RX_VLAN_TAG(vtag); + m->m_flags |= M_VLANTAG; + } + + /* Pass it on. */ + ifp->if_input(ifp, m); + + /* Reset mbuf chains. */ + AGE_RXCHAIN_RESET(sc); + } + } + + if (count != nsegs) { + sc->age_cdata.age_rx_cons += nsegs; + sc->age_cdata.age_rx_cons %= AGE_RX_RING_CNT; + } else { + sc->age_cdata.age_rx_cons = rx_cons; + } +} + +static void +age_rxintr(struct age_softc *sc, int rr_prod) +{ + struct rx_rdesc *rxrd; + int rr_cons, nsegs, pktlen, prog; + + rr_cons = sc->age_cdata.age_rr_cons; + if (rr_cons == rr_prod) + return; + + bus_dmamap_sync(sc->age_cdata.age_rr_ring_tag, + sc->age_cdata.age_rr_ring_map, BUS_DMASYNC_POSTREAD); + + for (prog = 0; rr_cons != rr_prod; prog++) { + rxrd = &sc->age_rdata.age_rr_ring[rr_cons]; + nsegs = AGE_RX_NSEGS(le32toh(rxrd->index)); + if (nsegs == 0) + break; + + /* + * Check number of segments against received bytes. + * Non-matching value would indicate that hardware + * is still trying to update Rx return descriptors. + * I'm not sure whether this check is really needed. + */ + pktlen = AGE_RX_BYTES(le32toh(rxrd->len)); + if (nsegs != ((pktlen + (MCLBYTES - ETHER_ALIGN - 1)) / + (MCLBYTES - ETHER_ALIGN))) + break; + + /* Received a frame. */ + age_rxeof(sc, rxrd); + + /* Clear return ring. */ + rxrd->index = 0; + AGE_DESC_INC(rr_cons, AGE_RR_RING_CNT); + } + + if (prog > 0) { + /* Update the consumer index. */ + sc->age_cdata.age_rr_cons = rr_cons; + + /* Sync descriptors. */ + bus_dmamap_sync(sc->age_cdata.age_rr_ring_tag, + sc->age_cdata.age_rr_ring_map, BUS_DMASYNC_PREWRITE); + + /* Notify hardware availability of new Rx buffers. */ + AGE_COMMIT_MBOX(sc); + } +} + +static void +age_tick(void *xsc) +{ + struct age_softc *sc = xsc; + struct ifnet *ifp = &sc->arpcom.ac_if; + struct mii_data *mii = device_get_softc(sc->age_miibus); + + lwkt_serialize_enter(ifp->if_serializer); + + mii_tick(mii); + callout_reset(&sc->age_tick_ch, hz, age_tick, sc); + + lwkt_serialize_exit(ifp->if_serializer); +} + +static void +age_reset(struct age_softc *sc) +{ + uint32_t reg; + int i; + + CSR_WRITE_4(sc, AGE_MASTER_CFG, MASTER_RESET); + for (i = AGE_RESET_TIMEOUT; i > 0; i--) { + DELAY(1); + if ((CSR_READ_4(sc, AGE_MASTER_CFG) & MASTER_RESET) == 0) + break; + } + if (i == 0) + device_printf(sc->age_dev, "master reset timeout!\n"); + + for (i = AGE_RESET_TIMEOUT; i > 0; i--) { + if ((reg = CSR_READ_4(sc, AGE_IDLE_STATUS)) == 0) + break; + DELAY(10); + } + if (i == 0) + device_printf(sc->age_dev, "reset timeout(0x%08x)!\n", reg); + + /* Initialize PCIe module. From Linux. */ + CSR_WRITE_4(sc, 0x12FC, 0x6500); + CSR_WRITE_4(sc, 0x1008, CSR_READ_4(sc, 0x1008) | 0x8000); +} + +static void +age_init(void *xsc) +{ + struct age_softc *sc = xsc; + struct ifnet *ifp = &sc->arpcom.ac_if; + struct mii_data *mii; + uint8_t eaddr[ETHER_ADDR_LEN]; + bus_addr_t paddr; + uint32_t reg, fsize; + uint32_t rxf_hi, rxf_lo, rrd_hi, rrd_lo; + int error; + + ASSERT_SERIALIZED(ifp->if_serializer); + + mii = device_get_softc(sc->age_miibus); + + /* + * Cancel any pending I/O. + */ + age_stop(sc); + + /* + * Reset the chip to a known state. + */ + age_reset(sc); + + /* Initialize descriptors. */ + error = age_init_rx_ring(sc); + if (error != 0) { + device_printf(sc->age_dev, "no memory for Rx buffers.\n"); + age_stop(sc); + return; + } + age_init_rr_ring(sc); + age_init_tx_ring(sc); + age_init_cmb_block(sc); + age_init_smb_block(sc); + + /* Reprogram the station address. */ + bcopy(IF_LLADDR(ifp), eaddr, ETHER_ADDR_LEN); + CSR_WRITE_4(sc, AGE_PAR0, + eaddr[2] << 24 | eaddr[3] << 16 | eaddr[4] << 8 | eaddr[5]); + CSR_WRITE_4(sc, AGE_PAR1, eaddr[0] << 8 | eaddr[1]); + + /* Set descriptor base addresses. */ + paddr = sc->age_rdata.age_tx_ring_paddr; + CSR_WRITE_4(sc, AGE_DESC_ADDR_HI, AGE_ADDR_HI(paddr)); + paddr = sc->age_rdata.age_rx_ring_paddr; + CSR_WRITE_4(sc, AGE_DESC_RD_ADDR_LO, AGE_ADDR_LO(paddr)); + paddr = sc->age_rdata.age_rr_ring_paddr; + CSR_WRITE_4(sc, AGE_DESC_RRD_ADDR_LO, AGE_ADDR_LO(paddr)); + paddr = sc->age_rdata.age_tx_ring_paddr; + CSR_WRITE_4(sc, AGE_DESC_TPD_ADDR_LO, AGE_ADDR_LO(paddr)); + paddr = sc->age_rdata.age_cmb_block_paddr; + CSR_WRITE_4(sc, AGE_DESC_CMB_ADDR_LO, AGE_ADDR_LO(paddr)); + paddr = sc->age_rdata.age_smb_block_paddr; + CSR_WRITE_4(sc, AGE_DESC_SMB_ADDR_LO, AGE_ADDR_LO(paddr)); + + /* Set Rx/Rx return descriptor counter. */ + CSR_WRITE_4(sc, AGE_DESC_RRD_RD_CNT, + ((AGE_RR_RING_CNT << DESC_RRD_CNT_SHIFT) & + DESC_RRD_CNT_MASK) | + ((AGE_RX_RING_CNT << DESC_RD_CNT_SHIFT) & DESC_RD_CNT_MASK)); + + /* Set Tx descriptor counter. */ + CSR_WRITE_4(sc, AGE_DESC_TPD_CNT, + (AGE_TX_RING_CNT << DESC_TPD_CNT_SHIFT) & DESC_TPD_CNT_MASK); + + /* Tell hardware that we're ready to load descriptors. */ + CSR_WRITE_4(sc, AGE_DMA_BLOCK, DMA_BLOCK_LOAD); + + /* + * Initialize mailbox register. + * Updated producer/consumer index information is exchanged + * through this mailbox register. However Tx producer and + * Rx return consumer/Rx producer are all shared such that + * it's hard to separate code path between Tx and Rx without + * locking. If L1 hardware have a separate mail box register + * for Tx and Rx consumer/producer management we could have + * indepent Tx/Rx handler which in turn Rx handler could have + * been run without any locking. + */ + AGE_COMMIT_MBOX(sc); + + /* Configure IPG/IFG parameters. */ + CSR_WRITE_4(sc, AGE_IPG_IFG_CFG, + ((IPG_IFG_IPG2_DEFAULT << IPG_IFG_IPG2_SHIFT) & IPG_IFG_IPG2_MASK) | + ((IPG_IFG_IPG1_DEFAULT << IPG_IFG_IPG1_SHIFT) & IPG_IFG_IPG1_MASK) | + ((IPG_IFG_MIFG_DEFAULT << IPG_IFG_MIFG_SHIFT) & IPG_IFG_MIFG_MASK) | + ((IPG_IFG_IPGT_DEFAULT << IPG_IFG_IPGT_SHIFT) & IPG_IFG_IPGT_MASK)); + + /* Set parameters for half-duplex media. */ + CSR_WRITE_4(sc, AGE_HDPX_CFG, + ((HDPX_CFG_LCOL_DEFAULT << HDPX_CFG_LCOL_SHIFT) & + HDPX_CFG_LCOL_MASK) | + ((HDPX_CFG_RETRY_DEFAULT << HDPX_CFG_RETRY_SHIFT) & + HDPX_CFG_RETRY_MASK) | HDPX_CFG_EXC_DEF_EN | + ((HDPX_CFG_ABEBT_DEFAULT << HDPX_CFG_ABEBT_SHIFT) & + HDPX_CFG_ABEBT_MASK) | + ((HDPX_CFG_JAMIPG_DEFAULT << HDPX_CFG_JAMIPG_SHIFT) & + HDPX_CFG_JAMIPG_MASK)); + + /* Configure interrupt moderation timer. */ + CSR_WRITE_2(sc, AGE_IM_TIMER, AGE_USECS(sc->age_int_mod)); + reg = CSR_READ_4(sc, AGE_MASTER_CFG); + reg &= ~MASTER_MTIMER_ENB; + if (AGE_USECS(sc->age_int_mod) == 0) + reg &= ~MASTER_ITIMER_ENB; + else + reg |= MASTER_ITIMER_ENB; + CSR_WRITE_4(sc, AGE_MASTER_CFG, reg); + if (bootverbose) + device_printf(sc->age_dev, "interrupt moderation is %d us.\n", + sc->age_int_mod); + CSR_WRITE_2(sc, AGE_INTR_CLR_TIMER, AGE_USECS(1000)); + + /* Set Maximum frame size but don't let MTU be lass than ETHER_MTU. */ + if (ifp->if_mtu < ETHERMTU) + sc->age_max_frame_size = ETHERMTU; + else + sc->age_max_frame_size = ifp->if_mtu; + sc->age_max_frame_size += ETHER_HDR_LEN + + sizeof(struct ether_vlan_header) + ETHER_CRC_LEN; + CSR_WRITE_4(sc, AGE_FRAME_SIZE, sc->age_max_frame_size); + + /* Configure jumbo frame. */ + fsize = roundup(sc->age_max_frame_size, sizeof(uint64_t)); + CSR_WRITE_4(sc, AGE_RXQ_JUMBO_CFG, + (((fsize / sizeof(uint64_t)) << + RXQ_JUMBO_CFG_SZ_THRESH_SHIFT) & RXQ_JUMBO_CFG_SZ_THRESH_MASK) | + ((RXQ_JUMBO_CFG_LKAH_DEFAULT << + RXQ_JUMBO_CFG_LKAH_SHIFT) & RXQ_JUMBO_CFG_LKAH_MASK) | + ((AGE_USECS(8) << RXQ_JUMBO_CFG_RRD_TIMER_SHIFT) & + RXQ_JUMBO_CFG_RRD_TIMER_MASK)); + + /* Configure flow-control parameters. From Linux. */ + if ((sc->age_flags & AGE_FLAG_PCIE) != 0) { + /* + * Magic workaround for old-L1. + * Don't know which hw revision requires this magic. + */ + CSR_WRITE_4(sc, 0x12FC, 0x6500); + /* + * Another magic workaround for flow-control mode + * change. From Linux. + */ + CSR_WRITE_4(sc, 0x1008, CSR_READ_4(sc, 0x1008) | 0x8000); + } + /* + * TODO + * Should understand pause parameter relationships between FIFO + * size and number of Rx descriptors and Rx return descriptors. + * + * Magic parameters came from Linux. + */ + switch (sc->age_chip_rev) { + case 0x8001: + case 0x9001: + case 0x9002: + case 0x9003: + rxf_hi = AGE_RX_RING_CNT / 16; + rxf_lo = (AGE_RX_RING_CNT * 7) / 8; + rrd_hi = (AGE_RR_RING_CNT * 7) / 8; + rrd_lo = AGE_RR_RING_CNT / 16; + break; + default: + reg = CSR_READ_4(sc, AGE_SRAM_RX_FIFO_LEN); + rxf_lo = reg / 16; + if (rxf_lo < 192) + rxf_lo = 192; + rxf_hi = (reg * 7) / 8; + if (rxf_hi < rxf_lo) + rxf_hi = rxf_lo + 16; + reg = CSR_READ_4(sc, AGE_SRAM_RRD_LEN); + rrd_lo = reg / 8; + rrd_hi = (reg * 7) / 8; + if (rrd_lo < 2) + rrd_lo = 2; + if (rrd_hi < rrd_lo) + rrd_hi = rrd_lo + 3; + break; + } + CSR_WRITE_4(sc, AGE_RXQ_FIFO_PAUSE_THRESH, + ((rxf_lo << RXQ_FIFO_PAUSE_THRESH_LO_SHIFT) & + RXQ_FIFO_PAUSE_THRESH_LO_MASK) | + ((rxf_hi << RXQ_FIFO_PAUSE_THRESH_HI_SHIFT) & + RXQ_FIFO_PAUSE_THRESH_HI_MASK)); + CSR_WRITE_4(sc, AGE_RXQ_RRD_PAUSE_THRESH, + ((rrd_lo << RXQ_RRD_PAUSE_THRESH_LO_SHIFT) & + RXQ_RRD_PAUSE_THRESH_LO_MASK) | + ((rrd_hi << RXQ_RRD_PAUSE_THRESH_HI_SHIFT) & + RXQ_RRD_PAUSE_THRESH_HI_MASK)); + + /* Configure RxQ. */ + CSR_WRITE_4(sc, AGE_RXQ_CFG, + ((RXQ_CFG_RD_BURST_DEFAULT << RXQ_CFG_RD_BURST_SHIFT) & + RXQ_CFG_RD_BURST_MASK) | + ((RXQ_CFG_RRD_BURST_THRESH_DEFAULT << + RXQ_CFG_RRD_BURST_THRESH_SHIFT) & RXQ_CFG_RRD_BURST_THRESH_MASK) | + ((RXQ_CFG_RD_PREF_MIN_IPG_DEFAULT << + RXQ_CFG_RD_PREF_MIN_IPG_SHIFT) & RXQ_CFG_RD_PREF_MIN_IPG_MASK) | + RXQ_CFG_CUT_THROUGH_ENB | RXQ_CFG_ENB); + + /* Configure TxQ. */ + CSR_WRITE_4(sc, AGE_TXQ_CFG, + ((TXQ_CFG_TPD_BURST_DEFAULT << TXQ_CFG_TPD_BURST_SHIFT) & + TXQ_CFG_TPD_BURST_MASK) | + ((TXQ_CFG_TX_FIFO_BURST_DEFAULT << TXQ_CFG_TX_FIFO_BURST_SHIFT) & + TXQ_CFG_TX_FIFO_BURST_MASK) | + ((TXQ_CFG_TPD_FETCH_DEFAULT << + TXQ_CFG_TPD_FETCH_THRESH_SHIFT) & TXQ_CFG_TPD_FETCH_THRESH_MASK) | + TXQ_CFG_ENB); + + CSR_WRITE_4(sc, AGE_TX_JUMBO_TPD_TH_IPG, + (((fsize / sizeof(uint64_t) << TX_JUMBO_TPD_TH_SHIFT)) & + TX_JUMBO_TPD_TH_MASK) | + ((TX_JUMBO_TPD_IPG_DEFAULT << TX_JUMBO_TPD_IPG_SHIFT) & + TX_JUMBO_TPD_IPG_MASK)); + + /* Configure DMA parameters. */ + CSR_WRITE_4(sc, AGE_DMA_CFG, + DMA_CFG_ENH_ORDER | DMA_CFG_RCB_64 | + sc->age_dma_rd_burst | DMA_CFG_RD_ENB | + sc->age_dma_wr_burst | DMA_CFG_WR_ENB); + + /* Configure CMB DMA write threshold. */ + CSR_WRITE_4(sc, AGE_CMB_WR_THRESH, + ((CMB_WR_THRESH_RRD_DEFAULT << CMB_WR_THRESH_RRD_SHIFT) & + CMB_WR_THRESH_RRD_MASK) | + ((CMB_WR_THRESH_TPD_DEFAULT << CMB_WR_THRESH_TPD_SHIFT) & + CMB_WR_THRESH_TPD_MASK)); + + /* Set CMB/SMB timer and enable them. */ + CSR_WRITE_4(sc, AGE_CMB_WR_TIMER, + ((AGE_USECS(2) << CMB_WR_TIMER_TX_SHIFT) & CMB_WR_TIMER_TX_MASK) | + ((AGE_USECS(2) << CMB_WR_TIMER_RX_SHIFT) & CMB_WR_TIMER_RX_MASK)); + + /* Request SMB updates for every seconds. */ + CSR_WRITE_4(sc, AGE_SMB_TIMER, AGE_USECS(1000 * 1000)); + CSR_WRITE_4(sc, AGE_CSMB_CTRL, CSMB_CTRL_SMB_ENB | CSMB_CTRL_CMB_ENB); + + /* + * Disable all WOL bits as WOL can interfere normal Rx + * operation. + */ + CSR_WRITE_4(sc, AGE_WOL_CFG, 0); + + /* + * Configure Tx/Rx MACs. + * - Auto-padding for short frames. + * - Enable CRC generation. + * Start with full-duplex/1000Mbps media. Actual reconfiguration + * of MAC is followed after link establishment. + */ + CSR_WRITE_4(sc, AGE_MAC_CFG, + MAC_CFG_TX_CRC_ENB | MAC_CFG_TX_AUTO_PAD | + MAC_CFG_FULL_DUPLEX | MAC_CFG_SPEED_1000 | + ((MAC_CFG_PREAMBLE_DEFAULT << MAC_CFG_PREAMBLE_SHIFT) & + MAC_CFG_PREAMBLE_MASK)); + + /* Set up the receive filter. */ + age_rxfilter(sc); + age_rxvlan(sc); + + reg = CSR_READ_4(sc, AGE_MAC_CFG); + if ((ifp->if_capenable & IFCAP_RXCSUM) != 0) + reg |= MAC_CFG_RXCSUM_ENB; + + /* Ack all pending interrupts and clear it. */ + CSR_WRITE_4(sc, AGE_INTR_STATUS, 0); + CSR_WRITE_4(sc, AGE_INTR_MASK, AGE_INTRS); + + /* Finally enable Tx/Rx MAC. */ + CSR_WRITE_4(sc, AGE_MAC_CFG, reg | MAC_CFG_TX_ENB | MAC_CFG_RX_ENB); + + sc->age_flags &= ~AGE_FLAG_LINK; + /* Switch to the current media. */ + mii_mediachg(mii); + + callout_reset(&sc->age_tick_ch, hz, age_tick, sc); + + ifp->if_flags |= IFF_RUNNING; + ifp->if_flags &= ~IFF_OACTIVE; +} + +static void +age_stop(struct age_softc *sc) +{ + struct ifnet *ifp = &sc->arpcom.ac_if; + struct age_txdesc *txd; + struct age_rxdesc *rxd; + uint32_t reg; + int i; + + ASSERT_SERIALIZED(ifp->if_serializer); + + /* + * Mark the interface down and cancel the watchdog timer. + */ + ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); + ifp->if_timer = 0; + + sc->age_flags &= ~AGE_FLAG_LINK; + callout_stop(&sc->age_tick_ch); + + /* + * Disable interrupts. + */ + CSR_WRITE_4(sc, AGE_INTR_MASK, 0); + CSR_WRITE_4(sc, AGE_INTR_STATUS, 0xFFFFFFFF); + + /* Stop CMB/SMB updates. */ + CSR_WRITE_4(sc, AGE_CSMB_CTRL, 0); + + /* Stop Rx/Tx MAC. */ + age_stop_rxmac(sc); + age_stop_txmac(sc); + + /* Stop DMA. */ + CSR_WRITE_4(sc, AGE_DMA_CFG, + CSR_READ_4(sc, AGE_DMA_CFG) & ~(DMA_CFG_RD_ENB | DMA_CFG_WR_ENB)); + + /* Stop TxQ/RxQ. */ + CSR_WRITE_4(sc, AGE_TXQ_CFG, + CSR_READ_4(sc, AGE_TXQ_CFG) & ~TXQ_CFG_ENB); + CSR_WRITE_4(sc, AGE_RXQ_CFG, + CSR_READ_4(sc, AGE_RXQ_CFG) & ~RXQ_CFG_ENB); + for (i = AGE_RESET_TIMEOUT; i > 0; i--) { + if ((reg = CSR_READ_4(sc, AGE_IDLE_STATUS)) == 0) + break; + DELAY(10); + } + if (i == 0) + device_printf(sc->age_dev, + "stopping Rx/Tx MACs timed out(0x%08x)!\n", reg); + + /* Reclaim Rx buffers that have been processed. */ + if (sc->age_cdata.age_rxhead != NULL) + m_freem(sc->age_cdata.age_rxhead); + AGE_RXCHAIN_RESET(sc); + + /* + * Free RX and TX mbufs still in the queues. + */ + for (i = 0; i < AGE_RX_RING_CNT; i++) { + rxd = &sc->age_cdata.age_rxdesc[i]; + if (rxd->rx_m != NULL) { + bus_dmamap_unload(sc->age_cdata.age_rx_tag, + rxd->rx_dmamap); + m_freem(rxd->rx_m); + rxd->rx_m = NULL; + } + } + for (i = 0; i < AGE_TX_RING_CNT; i++) { + txd = &sc->age_cdata.age_txdesc[i]; + if (txd->tx_m != NULL) { + bus_dmamap_unload(sc->age_cdata.age_tx_tag, + txd->tx_dmamap); + m_freem(txd->tx_m); + txd->tx_m = NULL; + } + } +} + +static void +age_stop_txmac(struct age_softc *sc) +{ + uint32_t reg; + int i; + + reg = CSR_READ_4(sc, AGE_MAC_CFG); + if ((reg & MAC_CFG_TX_ENB) != 0) { + reg &= ~MAC_CFG_TX_ENB; + CSR_WRITE_4(sc, AGE_MAC_CFG, reg); + } + /* Stop Tx DMA engine. */ + reg = CSR_READ_4(sc, AGE_DMA_CFG); + if ((reg & DMA_CFG_RD_ENB) != 0) { + reg &= ~DMA_CFG_RD_ENB; + CSR_WRITE_4(sc, AGE_DMA_CFG, reg); + } + for (i = AGE_RESET_TIMEOUT; i > 0; i--) { + if ((CSR_READ_4(sc, AGE_IDLE_STATUS) & + (IDLE_STATUS_TXMAC | IDLE_STATUS_DMARD)) == 0) + break; + DELAY(10); + } + if (i == 0) + device_printf(sc->age_dev, "stopping TxMAC timeout!\n"); +} + +static void +age_stop_rxmac(struct age_softc *sc) +{ + uint32_t reg; + int i; + + reg = CSR_READ_4(sc, AGE_MAC_CFG); + if ((reg & MAC_CFG_RX_ENB) != 0) { + reg &= ~MAC_CFG_RX_ENB; + CSR_WRITE_4(sc, AGE_MAC_CFG, reg); + } + /* Stop Rx DMA engine. */ + reg = CSR_READ_4(sc, AGE_DMA_CFG); + if ((reg & DMA_CFG_WR_ENB) != 0) { + reg &= ~DMA_CFG_WR_ENB; + CSR_WRITE_4(sc, AGE_DMA_CFG, reg); + } + for (i = AGE_RESET_TIMEOUT; i > 0; i--) { + if ((CSR_READ_4(sc, AGE_IDLE_STATUS) & + (IDLE_STATUS_RXMAC | IDLE_STATUS_DMAWR)) == 0) + break; + DELAY(10); + } + if (i == 0) + device_printf(sc->age_dev, "stopping RxMAC timeout!\n"); +} + +static void +age_init_tx_ring(struct age_softc *sc) +{ + struct age_ring_data *rd; + struct age_txdesc *txd; + int i; + + sc->age_cdata.age_tx_prod = 0; + sc->age_cdata.age_tx_cons = 0; + sc->age_cdata.age_tx_cnt = 0; + + rd = &sc->age_rdata; + bzero(rd->age_tx_ring, AGE_TX_RING_SZ); + for (i = 0; i < AGE_TX_RING_CNT; i++) { + txd = &sc->age_cdata.age_txdesc[i]; + txd->tx_desc = &rd->age_tx_ring[i]; + txd->tx_m = NULL; + } + + bus_dmamap_sync(sc->age_cdata.age_tx_ring_tag, + sc->age_cdata.age_tx_ring_map, BUS_DMASYNC_PREWRITE); +} + +static int +age_init_rx_ring(struct age_softc *sc) +{ + struct age_ring_data *rd; + struct age_rxdesc *rxd; + int i; + + sc->age_cdata.age_rx_cons = AGE_RX_RING_CNT - 1; + rd = &sc->age_rdata; + bzero(rd->age_rx_ring, AGE_RX_RING_SZ); + for (i = 0; i < AGE_RX_RING_CNT; i++) { + rxd = &sc->age_cdata.age_rxdesc[i]; + rxd->rx_m = NULL; + rxd->rx_desc = &rd->age_rx_ring[i]; + if (age_newbuf(sc, rxd, 1) != 0) + return (ENOBUFS); + } + + bus_dmamap_sync(sc->age_cdata.age_rx_ring_tag, + sc->age_cdata.age_rx_ring_map, BUS_DMASYNC_PREWRITE); + + return (0); +} + +static void +age_init_rr_ring(struct age_softc *sc) +{ + struct age_ring_data *rd; + + sc->age_cdata.age_rr_cons = 0; + AGE_RXCHAIN_RESET(sc); + + rd = &sc->age_rdata; + bzero(rd->age_rr_ring, AGE_RR_RING_SZ); + bus_dmamap_sync(sc->age_cdata.age_rr_ring_tag, + sc->age_cdata.age_rr_ring_map, BUS_DMASYNC_PREWRITE); +} + +static void +age_init_cmb_block(struct age_softc *sc) +{ + struct age_ring_data *rd; + + rd = &sc->age_rdata; + bzero(rd->age_cmb_block, AGE_CMB_BLOCK_SZ); + bus_dmamap_sync(sc->age_cdata.age_cmb_block_tag, + sc->age_cdata.age_cmb_block_map, BUS_DMASYNC_PREWRITE); +} + +static void +age_init_smb_block(struct age_softc *sc) +{ + struct age_ring_data *rd; + + rd = &sc->age_rdata; + bzero(rd->age_smb_block, AGE_SMB_BLOCK_SZ); + bus_dmamap_sync(sc->age_cdata.age_smb_block_tag, + sc->age_cdata.age_smb_block_map, BUS_DMASYNC_PREWRITE); +} + +static int +age_newbuf(struct age_softc *sc, struct age_rxdesc *rxd, int init) +{ + struct rx_desc *desc; + struct mbuf *m; + struct age_dmamap_ctx ctx; + bus_dma_segment_t segs[1]; + bus_dmamap_t map; + int error; + + m = m_getcl(init ? MB_WAIT : MB_DONTWAIT, MT_DATA, M_PKTHDR); + if (m == NULL) + return (ENOBUFS); + + m->m_len = m->m_pkthdr.len = MCLBYTES; + m_adj(m, ETHER_ALIGN); + + ctx.nsegs = 1; + ctx.segs = segs; + error = bus_dmamap_load_mbuf(sc->age_cdata.age_rx_tag, + sc->age_cdata.age_rx_sparemap, + m, age_dmamap_buf_cb, &ctx, + BUS_DMA_NOWAIT); + if (error || ctx.nsegs == 0) { + if (!error) { + bus_dmamap_unload(sc->age_cdata.age_rx_tag, + sc->age_cdata.age_rx_sparemap); + error = EFBIG; + if_printf(&sc->arpcom.ac_if, "too many segments?!\n"); + } + m_freem(m); + + if (init) + if_printf(&sc->arpcom.ac_if, "can't load RX mbuf\n"); + return (error); + } + KASSERT(ctx.nsegs == 1, + ("%s: %d segments returned!", __func__, ctx.nsegs)); + + if (rxd->rx_m != NULL) { + bus_dmamap_sync(sc->age_cdata.age_rx_tag, rxd->rx_dmamap, + BUS_DMASYNC_POSTREAD); + bus_dmamap_unload(sc->age_cdata.age_rx_tag, rxd->rx_dmamap); + } + map = rxd->rx_dmamap; + rxd->rx_dmamap = sc->age_cdata.age_rx_sparemap; + sc->age_cdata.age_rx_sparemap = map; + rxd->rx_m = m; + + desc = rxd->rx_desc; + desc->addr = htole64(segs[0].ds_addr); + desc->len = htole32((segs[0].ds_len & AGE_RD_LEN_MASK) << + AGE_RD_LEN_SHIFT); + return (0); +} + +static void +age_rxvlan(struct age_softc *sc) +{ + struct ifnet *ifp = &sc->arpcom.ac_if; + uint32_t reg; + + reg = CSR_READ_4(sc, AGE_MAC_CFG); + reg &= ~MAC_CFG_VLAN_TAG_STRIP; + if ((ifp->if_capenable & IFCAP_VLAN_HWTAGGING) != 0) + reg |= MAC_CFG_VLAN_TAG_STRIP; + CSR_WRITE_4(sc, AGE_MAC_CFG, reg); +} + +static void +age_rxfilter(struct age_softc *sc) +{ + struct ifnet *ifp = &sc->arpcom.ac_if; + struct ifmultiaddr *ifma; + uint32_t crc; + uint32_t mchash[2]; + uint32_t rxcfg; + + rxcfg = CSR_READ_4(sc, AGE_MAC_CFG); + rxcfg &= ~(MAC_CFG_ALLMULTI | MAC_CFG_BCAST | MAC_CFG_PROMISC); + if ((ifp->if_flags & IFF_BROADCAST) != 0) + rxcfg |= MAC_CFG_BCAST; + if ((ifp->if_flags & (IFF_PROMISC | IFF_ALLMULTI)) != 0) { + if ((ifp->if_flags & IFF_PROMISC) != 0) + rxcfg |= MAC_CFG_PROMISC; + if ((ifp->if_flags & IFF_ALLMULTI) != 0) + rxcfg |= MAC_CFG_ALLMULTI; + CSR_WRITE_4(sc, AGE_MAR0, 0xFFFFFFFF); + CSR_WRITE_4(sc, AGE_MAR1, 0xFFFFFFFF); + CSR_WRITE_4(sc, AGE_MAC_CFG, rxcfg); + return; + } + + /* Program new filter. */ + bzero(mchash, sizeof(mchash)); + + LIST_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { + if (ifma->ifma_addr->sa_family != AF_LINK) + continue; + crc = ether_crc32_le(LLADDR((struct sockaddr_dl *) + ifma->ifma_addr), ETHER_ADDR_LEN); + mchash[crc >> 31] |= 1 << ((crc >> 26) & 0x1f); + } + + CSR_WRITE_4(sc, AGE_MAR0, mchash[0]); + CSR_WRITE_4(sc, AGE_MAR1, mchash[1]); + CSR_WRITE_4(sc, AGE_MAC_CFG, rxcfg); +} + +static int +sysctl_age_stats(SYSCTL_HANDLER_ARGS) +{ + struct age_softc *sc; + struct age_stats *stats; + int error, result; + + result = -1; + error = sysctl_handle_int(oidp, &result, 0, req); + + if (error != 0 || req->newptr == NULL) + return (error); + + if (result != 1) + return (error); + + sc = (struct age_softc *)arg1; + stats = &sc->age_stat; + kprintf("%s statistics:\n", device_get_nameunit(sc->age_dev)); + kprintf("Transmit good frames : %ju\n", + (uintmax_t)stats->tx_frames); + kprintf("Transmit good broadcast frames : %ju\n", + (uintmax_t)stats->tx_bcast_frames); + kprintf("Transmit good multicast frames : %ju\n", + (uintmax_t)stats->tx_mcast_frames); + kprintf("Transmit pause control frames : %u\n", + stats->tx_pause_frames); + kprintf("Transmit control frames : %u\n", + stats->tx_control_frames); + kprintf("Transmit frames with excessive deferrals : %u\n", + stats->tx_excess_defer); + kprintf("Transmit deferrals : %u\n", + stats->tx_deferred); + kprintf("Transmit good octets : %ju\n", + (uintmax_t)stats->tx_bytes); + kprintf("Transmit good broadcast octets : %ju\n", + (uintmax_t)stats->tx_bcast_bytes); + kprintf("Transmit good multicast octets : %ju\n", + (uintmax_t)stats->tx_mcast_bytes); + kprintf("Transmit frames 64 bytes : %ju\n", + (uintmax_t)stats->tx_pkts_64); + kprintf("Transmit frames 65 to 127 bytes : %ju\n", + (uintmax_t)stats->tx_pkts_65_127); + kprintf("Transmit frames 128 to 255 bytes : %ju\n", + (uintmax_t)stats->tx_pkts_128_255); + kprintf("Transmit frames 256 to 511 bytes : %ju\n", + (uintmax_t)stats->tx_pkts_256_511); + kprintf("Transmit frames 512 to 1024 bytes : %ju\n", + (uintmax_t)stats->tx_pkts_512_1023); + kprintf("Transmit frames 1024 to 1518 bytes : %ju\n", + (uintmax_t)stats->tx_pkts_1024_1518); + kprintf("Transmit frames 1519 to MTU bytes : %ju\n", + (uintmax_t)stats->tx_pkts_1519_max); + kprintf("Transmit single collisions : %u\n", + stats->tx_single_colls); + kprintf("Transmit multiple collisions : %u\n", + stats->tx_multi_colls); + kprintf("Transmit late collisions : %u\n", + stats->tx_late_colls); + kprintf("Transmit abort due to excessive collisions : %u\n", + stats->tx_excess_colls); + kprintf("Transmit underruns due to FIFO underruns : %u\n", + stats->tx_underrun); + kprintf("Transmit descriptor write-back errors : %u\n", + stats->tx_desc_underrun); + kprintf("Transmit frames with length mismatched frame size : %u\n", + stats->tx_lenerrs); + kprintf("Transmit frames with truncated due to MTU size : %u\n", + stats->tx_lenerrs); + + kprintf("Receive good frames : %ju\n", + (uintmax_t)stats->rx_frames); + kprintf("Receive good broadcast frames : %ju\n", + (uintmax_t)stats->rx_bcast_frames); + kprintf("Receive good multicast frames : %ju\n", + (uintmax_t)stats->rx_mcast_frames); + kprintf("Receive pause control frames : %u\n", + stats->rx_pause_frames); + kprintf("Receive control frames : %u\n", + stats->rx_control_frames); + kprintf("Receive CRC errors : %u\n", + stats->rx_crcerrs); + kprintf("Receive frames with length errors : %u\n", + stats->rx_lenerrs); + kprintf("Receive good octets : %ju\n", + (uintmax_t)stats->rx_bytes); + kprintf("Receive good broadcast octets : %ju\n", + (uintmax_t)stats->rx_bcast_bytes); + kprintf("Receive good multicast octets : %ju\n", + (uintmax_t)stats->rx_mcast_bytes); + kprintf("Receive frames too short : %u\n", + stats->rx_runts); + kprintf("Receive fragmented frames : %ju\n", + (uintmax_t)stats->rx_fragments); + kprintf("Receive frames 64 bytes : %ju\n", + (uintmax_t)stats->rx_pkts_64); + kprintf("Receive frames 65 to 127 bytes : %ju\n", + (uintmax_t)stats->rx_pkts_65_127); + kprintf("Receive frames 128 to 255 bytes : %ju\n", + (uintmax_t)stats->rx_pkts_128_255); + kprintf("Receive frames 256 to 511 bytes : %ju\n", + (uintmax_t)stats->rx_pkts_256_511); + kprintf("Receive frames 512 to 1024 bytes : %ju\n", + (uintmax_t)stats->rx_pkts_512_1023); + kprintf("Receive frames 1024 to 1518 bytes : %ju\n", + (uintmax_t)stats->rx_pkts_1024_1518); + kprintf("Receive frames 1519 to MTU bytes : %ju\n", + (uintmax_t)stats->rx_pkts_1519_max); + kprintf("Receive frames too long : %ju\n", + (uint64_t)stats->rx_pkts_truncated); + kprintf("Receive frames with FIFO overflow : %u\n", + stats->rx_fifo_oflows); + kprintf("Receive frames with return descriptor overflow : %u\n", + stats->rx_desc_oflows); + kprintf("Receive frames with alignment errors : %u\n", + stats->rx_alignerrs); + kprintf("Receive frames dropped due to address filtering : %ju\n", + (uint64_t)stats->rx_pkts_filtered); + + return (error); +} + +static int +sysctl_hw_age_int_mod(SYSCTL_HANDLER_ARGS) +{ + + return (sysctl_int_range(oidp, arg1, arg2, req, AGE_IM_TIMER_MIN, + AGE_IM_TIMER_MAX)); +} + +static void +age_dmamap_buf_cb(void *xctx, bus_dma_segment_t *segs, int nsegs, + bus_size_t mapsz __unused, int error) +{ + struct age_dmamap_ctx *ctx = xctx; + int i; + + if (error) + return; + + if (nsegs > ctx->nsegs) { + ctx->nsegs = 0; + return; + } + + ctx->nsegs = nsegs; + for (i = 0; i < nsegs; ++i) + ctx->segs[i] = segs[i]; +} diff --git a/sys/dev/netif/age/if_agereg.h b/sys/dev/netif/age/if_agereg.h new file mode 100644 index 0000000000..608816c35e --- /dev/null +++ b/sys/dev/netif/age/if_agereg.h @@ -0,0 +1,658 @@ +/*- + * Copyright (c) 2008, Pyun YongHyeon + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice unmodified, this list of conditions, and the following + * disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/sys/dev/age/if_agereg.h,v 1.1 2008/05/19 01:39:59 yongari Exp $ + */ + +#ifndef _IF_AGEREG_H +#define _IF_AGEREG_H + +/* + * Attansic Technology Corp. PCI vendor ID + */ +#define VENDORID_ATTANSIC 0x1969 + +#define AGE_PCIR_BAR PCIR_BAR(0) + +/* + * Attansic L1 device ID + */ +#define DEVICEID_ATTANSIC_L1 0x1048 + +#define AGE_VPD_REG_CONF_START 0x0100 +#define AGE_VPD_REG_CONF_END 0x01FF +#define AGE_VPD_REG_CONF_SIG 0x5A + +#define AGE_SPI_CTRL 0x200 +#define SPI_STAT_NOT_READY 0x00000001 +#define SPI_STAT_WR_ENB 0x00000002 +#define SPI_STAT_WRP_ENB 0x00000080 +#define SPI_INST_MASK 0x000000FF +#define SPI_START 0x00000100 +#define SPI_INST_START 0x00000800 +#define SPI_VPD_ENB 0x00002000 +#define SPI_LOADER_START 0x00008000 +#define SPI_CS_HI_MASK 0x00030000 +#define SPI_CS_HOLD_MASK 0x000C0000 +#define SPI_CLK_LO_MASK 0x00300000 +#define SPI_CLK_HI_MASK 0x00C00000 +#define SPI_CS_SETUP_MASK 0x03000000 +#define SPI_EPROM_PG_MASK 0x0C000000 +#define SPI_INST_SHIFT 8 +#define SPI_CS_HI_SHIFT 16 +#define SPI_CS_HOLD_SHIFT 18 +#define SPI_CLK_LO_SHIFT 20 +#define SPI_CLK_HI_SHIFT 22 +#define SPI_CS_SETUP_SHIFT 24 +#define SPI_EPROM_PG_SHIFT 26 +#define SPI_WAIT_READY 0x10000000 + +#define AGE_SPI_ADDR 0x204 /* 16bits */ + +#define AGE_SPI_DATA 0x208 + +#define AGE_SPI_CONFIG 0x20C + +#define AGE_SPI_OP_PROGRAM 0x210 /* 8bits */ + +#define AGE_SPI_OP_SC_ERASE 0x211 /* 8bits */ + +#define AGE_SPI_OP_CHIP_ERASE 0x212 /* 8bits */ + +#define AGE_SPI_OP_RDID 0x213 /* 8bits */ + +#define AGE_SPI_OP_WREN 0x214 /* 8bits */ + +#define AGE_SPI_OP_RDSR 0x215 /* 8bits */ + +#define AGE_SPI_OP_WRSR 0x216 /* 8bits */ + +#define AGE_SPI_OP_READ 0x217 /* 8bits */ + +#define AGE_TWSI_CTRL 0x218 + +#define AGE_DEV_MISC_CTRL 0x21C + +#define AGE_MASTER_CFG 0x1400 +#define MASTER_RESET 0x00000001 +#define MASTER_MTIMER_ENB 0x00000002 +#define MASTER_ITIMER_ENB 0x00000004 +#define MASTER_MANUAL_INT_ENB 0x00000008 +#define MASTER_CHIP_REV_MASK 0x00FF0000 +#define MASTER_CHIP_ID_MASK 0xFF000000 +#define MASTER_CHIP_REV_SHIFT 16 +#define MASTER_CHIP_ID_SHIFT 24 + +/* Number of ticks per usec for L1. */ +#define AGE_TICK_USECS 2 +#define AGE_USECS(x) ((x) / AGE_TICK_USECS) + +#define AGE_MANUAL_TIMER 0x1404 + +#define AGE_IM_TIMER 0x1408 /* 16bits */ +#define AGE_IM_TIMER_MIN 0 +#define AGE_IM_TIMER_MAX 130000 /* 130ms */ +#define AGE_IM_TIMER_DEFAULT 100 + +#define AGE_GPHY_CTRL 0x140C /* 16bits */ +#define GPHY_CTRL_RST 0x0000 +#define GPHY_CTRL_CLR 0x0001 + +#define AGE_INTR_CLR_TIMER 0x140E /* 16bits */ + +#define AGE_IDLE_STATUS 0x1410 +#define IDLE_STATUS_RXMAC 0x00000001 +#define IDLE_STATUS_TXMAC 0x00000002 +#define IDLE_STATUS_RXQ 0x00000004 +#define IDLE_STATUS_TXQ 0x00000008 +#define IDLE_STATUS_DMARD 0x00000010 +#define IDLE_STATUS_DMAWR 0x00000020 +#define IDLE_STATUS_SMB 0x00000040 +#define IDLE_STATUS_CMB 0x00000080 + +#define AGE_MDIO 0x1414 +#define MDIO_DATA_MASK 0x0000FFFF +#define MDIO_REG_ADDR_MASK 0x001F0000 +#define MDIO_OP_READ 0x00200000 +#define MDIO_OP_WRITE 0x00000000 +#define MDIO_SUP_PREAMBLE 0x00400000 +#define MDIO_OP_EXECUTE 0x00800000 +#define MDIO_CLK_25_4 0x00000000 +#define MDIO_CLK_25_6 0x02000000 +#define MDIO_CLK_25_8 0x03000000 +#define MDIO_CLK_25_10 0x04000000 +#define MDIO_CLK_25_14 0x05000000 +#define MDIO_CLK_25_20 0x06000000 +#define MDIO_CLK_25_28 0x07000000 +#define MDIO_OP_BUSY 0x08000000 +#define MDIO_DATA_SHIFT 0 +#define MDIO_REG_ADDR_SHIFT 16 + +#define MDIO_REG_ADDR(x) \ + (((x) << MDIO_REG_ADDR_SHIFT) & MDIO_REG_ADDR_MASK) +/* Default PHY address. */ +#define AGE_PHY_ADDR 0 + +#define AGE_PHY_STATUS 0x1418 + +#define AGE_BIST0 0x141C +#define BIST0_ENB 0x00000001 +#define BIST0_SRAM_FAIL 0x00000002 +#define BIST0_FUSE_FLAG 0x00000004 + +#define AGE_BIST1 0x1420 +#define BIST1_ENB 0x00000001 +#define BIST1_SRAM_FAIL 0x00000002 +#define BIST1_FUSE_FLAG 0x00000004 + +#define AGE_MAC_CFG 0x1480 +#define MAC_CFG_TX_ENB 0x00000001 +#define MAC_CFG_RX_ENB 0x00000002 +#define MAC_CFG_TX_FC 0x00000004 +#define MAC_CFG_RX_FC 0x00000008 +#define MAC_CFG_LOOP 0x00000010 +#define MAC_CFG_FULL_DUPLEX 0x00000020 +#define MAC_CFG_TX_CRC_ENB 0x00000040 +#define MAC_CFG_TX_AUTO_PAD 0x00000080 +#define MAC_CFG_TX_LENCHK 0x00000100 +#define MAC_CFG_RX_JUMBO_ENB 0x00000200 +#define MAC_CFG_PREAMBLE_MASK 0x00003C00 +#define MAC_CFG_VLAN_TAG_STRIP 0x00004000 +#define MAC_CFG_PROMISC 0x00008000 +#define MAC_CFG_TX_PAUSE 0x00010000 +#define MAC_CFG_SCNT 0x00020000 +#define MAC_CFG_SYNC_RST_TX 0x00040000 +#define MAC_CFG_SPEED_MASK 0x00300000 +#define MAC_CFG_SPEED_10_100 0x00100000 +#define MAC_CFG_SPEED_1000 0x00200000 +#define MAC_CFG_DBG_TX_BACKOFF 0x00400000 +#define MAC_CFG_TX_JUMBO_ENB 0x00800000 +#define MAC_CFG_RXCSUM_ENB 0x01000000 +#define MAC_CFG_ALLMULTI 0x02000000 +#define MAC_CFG_BCAST 0x04000000 +#define MAC_CFG_DBG 0x08000000 +#define MAC_CFG_PREAMBLE_SHIFT 10 +#define MAC_CFG_PREAMBLE_DEFAULT 7 + +#define AGE_IPG_IFG_CFG 0x1484 +#define IPG_IFG_IPGT_MASK 0x0000007F +#define IPG_IFG_MIFG_MASK 0x0000FF00 +#define IPG_IFG_IPG1_MASK 0x007F0000 +#define IPG_IFG_IPG2_MASK 0x7F000000 +#define IPG_IFG_IPGT_SHIFT 0 +#define IPG_IFG_IPGT_DEFAULT 0x60 +#define IPG_IFG_MIFG_SHIFT 8 +#define IPG_IFG_MIFG_DEFAULT 0x50 +#define IPG_IFG_IPG1_SHIFT 16 +#define IPG_IFG_IPG1_DEFAULT 0x40 +#define IPG_IFG_IPG2_SHIFT 24 +#define IPG_IFG_IPG2_DEFAULT 0x60 + +/* station address */ +#define AGE_PAR0 0x1488 +#define AGE_PAR1 0x148C + +/* 64bit multicast hash register. */ +#define AGE_MAR0 0x1490 +#define AGE_MAR1 0x1494 + +/* half-duplex parameter configuration. */ +#define AGE_HDPX_CFG 0x1498 +#define HDPX_CFG_LCOL_MASK 0x000003FF +#define HDPX_CFG_RETRY_MASK 0x0000F000 +#define HDPX_CFG_EXC_DEF_EN 0x00010000 +#define HDPX_CFG_NO_BACK_C 0x00020000 +#define HDPX_CFG_NO_BACK_P 0x00040000 +#define HDPX_CFG_ABEBE 0x00080000 +#define HDPX_CFG_ABEBT_MASK 0x00F00000 +#define HDPX_CFG_JAMIPG_MASK 0x0F000000 +#define HDPX_CFG_LCOL_SHIFT 0 +#define HDPX_CFG_LCOL_DEFAULT 0x37 +#define HDPX_CFG_RETRY_SHIFT 12 +#define HDPX_CFG_RETRY_DEFAULT 0x0F +#define HDPX_CFG_ABEBT_SHIFT 20 +#define HDPX_CFG_ABEBT_DEFAULT 0x0A +#define HDPX_CFG_JAMIPG_SHIFT 24 +#define HDPX_CFG_JAMIPG_DEFAULT 0x07 + +#define AGE_FRAME_SIZE 0x149C + +#define AGE_WOL_CFG 0x14A0 +#define WOL_CFG_PATTERN 0x00000001 +#define WOL_CFG_PATTERN_ENB 0x00000002 +#define WOL_CFG_MAGIC 0x00000004 +#define WOL_CFG_MAGIC_ENB 0x00000008 +#define WOL_CFG_LINK_CHG 0x00000010 +#define WOL_CFG_LINK_CHG_ENB 0x00000020 +#define WOL_CFG_PATTERN_DET 0x00000100 +#define WOL_CFG_MAGIC_DET 0x00000200 +#define WOL_CFG_LINK_CHG_DET 0x00000400 +#define WOL_CFG_CLK_SWITCH_ENB 0x00008000 +#define WOL_CFG_PATTERN0 0x00010000 +#define WOL_CFG_PATTERN1 0x00020000 +#define WOL_CFG_PATTERN2 0x00040000 +#define WOL_CFG_PATTERN3 0x00080000 +#define WOL_CFG_PATTERN4 0x00100000 +#define WOL_CFG_PATTERN5 0x00200000 +#define WOL_CFG_PATTERN6 0x00400000 + +/* WOL pattern length. */ +#define AGE_PATTERN_CFG0 0x14A4 +#define PATTERN_CFG_0_LEN_MASK 0x0000007F +#define PATTERN_CFG_1_LEN_MASK 0x00007F00 +#define PATTERN_CFG_2_LEN_MASK 0x007F0000 +#define PATTERN_CFG_3_LEN_MASK 0x7F000000 + +#define AGE_PATTERN_CFG1 0x14A8 +#define PATTERN_CFG_4_LEN_MASK 0x0000007F +#define PATTERN_CFG_5_LEN_MASK 0x00007F00 +#define PATTERN_CFG_6_LEN_MASK 0x007F0000 + +#define AGE_SRAM_RD_ADDR 0x1500 + +#define AGE_SRAM_RD_LEN 0x1504 + +#define AGE_SRAM_RRD_ADDR 0x1508 + +#define AGE_SRAM_RRD_LEN 0x150C + +#define AGE_SRAM_TPD_ADDR 0x1510 + +#define AGE_SRAM_TPD_LEN 0x1514 + +#define AGE_SRAM_TRD_ADDR 0x1518 + +#define AGE_SRAM_TRD_LEN 0x151C + +#define AGE_SRAM_RX_FIFO_ADDR 0x1520 + +#define AGE_SRAM_RX_FIFO_LEN 0x1524 + +#define AGE_SRAM_TX_FIFO_ADDR 0x1528 + +#define AGE_SRAM_TX_FIFO_LEN 0x152C + +#define AGE_SRAM_TCPH_ADDR 0x1530 +#define SRAM_TCPH_ADDR_MASK 0x00000FFF +#define SRAM_PATH_ADDR_MASK 0x0FFF0000 +#define SRAM_TCPH_ADDR_SHIFT 0 +#define SRAM_PATH_ADDR_SHIFT 16 + +#define AGE_DMA_BLOCK 0x1534 +#define DMA_BLOCK_LOAD 0x00000001 + +/* + * All descriptors and CMB/SMB share the same high address. + */ +#define AGE_DESC_ADDR_HI 0x1540 + +#define AGE_DESC_RD_ADDR_LO 0x1544 + +#define AGE_DESC_RRD_ADDR_LO 0x1548 + +#define AGE_DESC_TPD_ADDR_LO 0x154C + +#define AGE_DESC_CMB_ADDR_LO 0x1550 + +#define AGE_DESC_SMB_ADDR_LO 0x1554 + +#define AGE_DESC_RRD_RD_CNT 0x1558 +#define DESC_RD_CNT_MASK 0x000007FF +#define DESC_RRD_CNT_MASK 0x07FF0000 +#define DESC_RD_CNT_SHIFT 0 +#define DESC_RRD_CNT_SHIFT 16 + +#define AGE_DESC_TPD_CNT 0x155C +#define DESC_TPD_CNT_MASK 0x00003FF +#define DESC_TPD_CNT_SHIFT 0 + +#define AGE_TXQ_CFG 0x1580 +#define TXQ_CFG_TPD_BURST_MASK 0x0000001F +#define TXQ_CFG_ENB 0x00000020 +#define TXQ_CFG_ENHANCED_MODE 0x00000040 +#define TXQ_CFG_TPD_FETCH_THRESH_MASK 0x00003F00 +#define TXQ_CFG_TX_FIFO_BURST_MASK 0xFFFF0000 +#define TXQ_CFG_TPD_BURST_SHIFT 0 +#define TXQ_CFG_TPD_BURST_DEFAULT 4 +#define TXQ_CFG_TPD_FETCH_THRESH_SHIFT 8 +#define TXQ_CFG_TPD_FETCH_DEFAULT 16 +#define TXQ_CFG_TX_FIFO_BURST_SHIFT 16 +#define TXQ_CFG_TX_FIFO_BURST_DEFAULT 256 + +#define AGE_TX_JUMBO_TPD_TH_IPG 0x1584 +#define TX_JUMBO_TPD_TH_MASK 0x000007FF +#define TX_JUMBO_TPD_IPG_MASK 0x001F0000 +#define TX_JUMBO_TPD_TH_SHIFT 0 +#define TX_JUMBO_TPD_IPG_SHIFT 16 +#define TX_JUMBO_TPD_IPG_DEFAULT 1 + +#define AGE_RXQ_CFG 0x15A0 +#define RXQ_CFG_RD_BURST_MASK 0x000000FF +#define RXQ_CFG_RRD_BURST_THRESH_MASK 0x0000FF00 +#define RXQ_CFG_RD_PREF_MIN_IPG_MASK 0x001F0000 +#define RXQ_CFG_CUT_THROUGH_ENB 0x40000000 +#define RXQ_CFG_ENB 0x80000000 +#define RXQ_CFG_RD_BURST_SHIFT 0 +#define RXQ_CFG_RD_BURST_DEFAULT 8 +#define RXQ_CFG_RRD_BURST_THRESH_SHIFT 8 +#define RXQ_CFG_RRD_BURST_THRESH_DEFAULT 8 +#define RXQ_CFG_RD_PREF_MIN_IPG_SHIFT 16 +#define RXQ_CFG_RD_PREF_MIN_IPG_DEFAULT 1 + +#define AGE_RXQ_JUMBO_CFG 0x15A4 +#define RXQ_JUMBO_CFG_SZ_THRESH_MASK 0x000007FF +#define RXQ_JUMBO_CFG_LKAH_MASK 0x00007800 +#define RXQ_JUMBO_CFG_RRD_TIMER_MASK 0xFFFF0000 +#define RXQ_JUMBO_CFG_SZ_THRESH_SHIFT 0 +#define RXQ_JUMBO_CFG_LKAH_SHIFT 11 +#define RXQ_JUMBO_CFG_LKAH_DEFAULT 0x01 +#define RXQ_JUMBO_CFG_RRD_TIMER_SHIFT 16 + +#define AGE_RXQ_FIFO_PAUSE_THRESH 0x15A8 +#define RXQ_FIFO_PAUSE_THRESH_LO_MASK 0x00000FFF +#define RXQ_FIFO_PAUSE_THRESH_HI_MASK 0x0FFF000 +#define RXQ_FIFO_PAUSE_THRESH_LO_SHIFT 0 +#define RXQ_FIFO_PAUSE_THRESH_HI_SHIFT 16 + +#define AGE_RXQ_RRD_PAUSE_THRESH 0x15AC +#define RXQ_RRD_PAUSE_THRESH_HI_MASK 0x00000FFF +#define RXQ_RRD_PAUSE_THRESH_LO_MASK 0x0FFF0000 +#define RXQ_RRD_PAUSE_THRESH_HI_SHIFT 0 +#define RXQ_RRD_PAUSE_THRESH_LO_SHIFT 16 + +#define AGE_DMA_CFG 0x15C0 +#define DMA_CFG_IN_ORDER 0x00000001 +#define DMA_CFG_ENH_ORDER 0x00000002 +#define DMA_CFG_OUT_ORDER 0x00000004 +#define DMA_CFG_RCB_64 0x00000000 +#define DMA_CFG_RCB_128 0x00000008 +#define DMA_CFG_RD_BURST_128 0x00000000 +#define DMA_CFG_RD_BURST_256 0x00000010 +#define DMA_CFG_RD_BURST_512 0x00000020 +#define DMA_CFG_RD_BURST_1024 0x00000030 +#define DMA_CFG_RD_BURST_2048 0x00000040 +#define DMA_CFG_RD_BURST_4096 0x00000050 +#define DMA_CFG_WR_BURST_128 0x00000000 +#define DMA_CFG_WR_BURST_256 0x00000080 +#define DMA_CFG_WR_BURST_512 0x00000100 +#define DMA_CFG_WR_BURST_1024 0x00000180 +#define DMA_CFG_WR_BURST_2048 0x00000200 +#define DMA_CFG_WR_BURST_4096 0x00000280 +#define DMA_CFG_RD_ENB 0x00000400 +#define DMA_CFG_WR_ENB 0x00000800 +#define DMA_CFG_RD_BURST_MASK 0x07 +#define DMA_CFG_RD_BURST_SHIFT 4 +#define DMA_CFG_WR_BURST_MASK 0x07 +#define DMA_CFG_WR_BURST_SHIFT 7 + +#define AGE_CSMB_CTRL 0x15D0 +#define CSMB_CTRL_CMB_KICK 0x00000001 +#define CSMB_CTRL_SMB_KICK 0x00000002 +#define CSMB_CTRL_CMB_ENB 0x00000004 +#define CSMB_CTRL_SMB_ENB 0x00000008 + +/* CMB DMA Write Threshold Register */ +#define AGE_CMB_WR_THRESH 0x15D4 +#define CMB_WR_THRESH_RRD_MASK 0x000007FF +#define CMB_WR_THRESH_TPD_MASK 0x07FF0000 +#define CMB_WR_THRESH_RRD_SHIFT 0 +#define CMB_WR_THRESH_RRD_DEFAULT 4 +#define CMB_WR_THRESH_TPD_SHIFT 16 +#define CMB_WR_THRESH_TPD_DEFAULT 4 + +/* RX/TX count-down timer to trigger CMB-write. */ +#define AGE_CMB_WR_TIMER 0x15D8 +#define CMB_WR_TIMER_RX_MASK 0x0000FFFF +#define CMB_WR_TIMER_TX_MASK 0xFFFF0000 +#define CMB_WR_TIMER_RX_SHIFT 0 +#define CMB_WR_TIMER_TX_SHIFT 16 + +/* Number of packet received since last CMB write */ +#define AGE_CMB_RX_PKT_CNT 0x15DC + +/* Number of packet transmitted since last CMB write */ +#define AGE_CMB_TX_PKT_CNT 0x15E0 + +/* SMB auto DMA timer register */ +#define AGE_SMB_TIMER 0x15E4 + +#define AGE_MBOX 0x15F0 +#define MBOX_RD_PROD_IDX_MASK 0x000007FF +#define MBOX_RRD_CONS_IDX_MASK 0x003FF800 +#define MBOX_TD_PROD_IDX_MASK 0xFFC00000 +#define MBOX_RD_PROD_IDX_SHIFT 0 +#define MBOX_RRD_CONS_IDX_SHIFT 11 +#define MBOX_TD_PROD_IDX_SHIFT 22 + +#define AGE_INTR_STATUS 0x1600 +#define INTR_SMB 0x00000001 +#define INTR_MOD_TIMER 0x00000002 +#define INTR_MANUAL_TIMER 0x00000004 +#define INTR_RX_FIFO_OFLOW 0x00000008 +#define INTR_RD_UNDERRUN 0x00000010 +#define INTR_RRD_OFLOW 0x00000020 +#define INTR_TX_FIFO_UNDERRUN 0x00000040 +#define INTR_LINK_CHG 0x00000080 +#define INTR_HOST_RD_UNDERRUN 0x00000100 +#define INTR_HOST_RRD_OFLOW 0x00000200 +#define INTR_DMA_RD_TO_RST 0x00000400 +#define INTR_DMA_WR_TO_RST 0x00000800 +#define INTR_GPHY 0x00001000 +#define INTR_RX_PKT 0x00010000 +#define INTR_TX_PKT 0x00020000 +#define INTR_TX_DMA 0x00040000 +#define INTR_RX_DMA 0x00080000 +#define INTR_CMB_RX 0x00100000 +#define INTR_CMB_TX 0x00200000 +#define INTR_MAC_RX 0x00400000 +#define INTR_MAC_TX 0x00800000 +#define INTR_UNDERRUN 0x01000000 +#define INTR_FRAME_ERROR 0x02000000 +#define INTR_FRAME_OK 0x04000000 +#define INTR_CSUM_ERROR 0x08000000 +#define INTR_PHY_LINK_DOWN 0x10000000 +#define INTR_DIS_SMB 0x20000000 +#define INTR_DIS_DMA 0x40000000 +#define INTR_DIS_INT 0x80000000 + +/* Interrupt Mask Register */ +#define AGE_INTR_MASK 0x1604 + +#define AGE_INTRS \ + (INTR_SMB | INTR_DMA_RD_TO_RST | INTR_DMA_WR_TO_RST | \ + INTR_CMB_TX | INTR_CMB_RX) + +/* Statistics counters collected by the MAC. */ +struct smb { + /* Rx stats. */ + uint32_t rx_frames; + uint32_t rx_bcast_frames; + uint32_t rx_mcast_frames; + uint32_t rx_pause_frames; + uint32_t rx_control_frames; + uint32_t rx_crcerrs; + uint32_t rx_lenerrs; + uint32_t rx_bytes; + uint32_t rx_runts; + uint32_t rx_fragments; + uint32_t rx_pkts_64; + uint32_t rx_pkts_65_127; + uint32_t rx_pkts_128_255; + uint32_t rx_pkts_256_511; + uint32_t rx_pkts_512_1023; + uint32_t rx_pkts_1024_1518; + uint32_t rx_pkts_1519_max; + uint32_t rx_pkts_truncated; + uint32_t rx_fifo_oflows; + uint32_t rx_desc_oflows; + uint32_t rx_alignerrs; + uint32_t rx_bcast_bytes; + uint32_t rx_mcast_bytes; + uint32_t rx_pkts_filtered; + /* Tx stats. */ + uint32_t tx_frames; + uint32_t tx_bcast_frames; + uint32_t tx_mcast_frames; + uint32_t tx_pause_frames; + uint32_t tx_excess_defer; + uint32_t tx_control_frames; + uint32_t tx_deferred; + uint32_t tx_bytes; + uint32_t tx_pkts_64; + uint32_t tx_pkts_65_127; + uint32_t tx_pkts_128_255; + uint32_t tx_pkts_256_511; + uint32_t tx_pkts_512_1023; + uint32_t tx_pkts_1024_1518; + uint32_t tx_pkts_1519_max; + uint32_t tx_single_colls; + uint32_t tx_multi_colls; + uint32_t tx_late_colls; + uint32_t tx_excess_colls; + uint32_t tx_underrun; + uint32_t tx_desc_underrun; + uint32_t tx_lenerrs; + uint32_t tx_pkts_truncated; + uint32_t tx_bcast_bytes; + uint32_t tx_mcast_bytes; + uint32_t updated; +} __packed; + +/* Coalescing message block */ +struct cmb { + uint32_t intr_status; + uint32_t rprod_cons; +#define RRD_PROD_MASK 0x0000FFFF +#define RD_CONS_MASK 0xFFFF0000 +#define RRD_PROD_SHIFT 0 +#define RD_CONS_SHIFT 16 + uint32_t tpd_cons; +#define CMB_UPDATED 0x00000001 +#define TPD_CONS_MASK 0xFFFF0000 +#define TPD_CONS_SHIFT 16 +} __packed; + +/* Rx return descriptor */ +struct rx_rdesc { + uint32_t index; +#define AGE_RRD_NSEGS_MASK 0x000000FF +#define AGE_RRD_CONS_MASK 0xFFFF0000 +#define AGE_RRD_NSEGS_SHIFT 0 +#define AGE_RRD_CONS_SHIFT 16 + uint32_t len; +#define AGE_RRD_CSUM_MASK 0x0000FFFF +#define AGE_RRD_LEN_MASK 0xFFFF0000 +#define AGE_RRD_CSUM_SHIFT 0 +#define AGE_RRD_LEN_SHIFT 16 + uint32_t flags; +#define AGE_RRD_ETHERNET 0x00000080 +#define AGE_RRD_VLAN 0x00000100 +#define AGE_RRD_ERROR 0x00000200 +#define AGE_RRD_IPV4 0x00000400 +#define AGE_RRD_UDP 0x00000800 +#define AGE_RRD_TCP 0x00001000 +#define AGE_RRD_BCAST 0x00002000 +#define AGE_RRD_MCAST 0x00004000 +#define AGE_RRD_PAUSE 0x00008000 +#define AGE_RRD_CRC 0x00010000 +#define AGE_RRD_CODE 0x00020000 +#define AGE_RRD_DRIBBLE 0x00040000 +#define AGE_RRD_RUNT 0x00080000 +#define AGE_RRD_OFLOW 0x00100000 +#define AGE_RRD_TRUNC 0x00200000 +#define AGE_RRD_IPCSUM_NOK 0x00400000 +#define AGE_RRD_TCP_UDPCSUM_NOK 0x00800000 +#define AGE_RRD_LENGTH_NOK 0x01000000 +#define AGE_RRD_DES_ADDR_FILTERED 0x02000000 + uint32_t vtags; +#define AGE_RRD_VLAN_MASK 0xFFFF0000 +#define AGE_RRD_VLAN_SHIFT 16 +} __packed; + +#define AGE_RX_NSEGS(x) \ + (((x) & AGE_RRD_NSEGS_MASK) >> AGE_RRD_NSEGS_SHIFT) +#define AGE_RX_CONS(x) \ + (((x) & AGE_RRD_CONS_MASK) >> AGE_RRD_CONS_SHIFT) +#define AGE_RX_CSUM(x) \ + (((x) & AGE_RRD_CSUM_MASK) >> AGE_RRD_CSUM_SHIFT) +#define AGE_RX_BYTES(x) \ + (((x) & AGE_RRD_LEN_MASK) >> AGE_RRD_LEN_SHIFT) +#define AGE_RX_VLAN(x) \ + (((x) & AGE_RRD_VLAN_MASK) >> AGE_RRD_VLAN_SHIFT) +#define AGE_RX_VLAN_TAG(x) \ + (((x) >> 4) | (((x) & 7) << 13) | (((x) & 8) << 9)) + +/* Rx descriptor. */ +struct rx_desc { + uint64_t addr; + uint32_t len; +#define AGE_RD_LEN_MASK 0x0000FFFF +#define AGE_CONS_UPD_REQ_MASK 0xFFFF0000 +#define AGE_RD_LEN_SHIFT 0 +#define AGE_CONS_UPD_REQ_SHIFT 16 +} __packed; + +/* Tx descriptor. */ +struct tx_desc { + uint64_t addr; + uint32_t len; +#define AGE_TD_VLAN_MASK 0xFFFF0000 +#define AGE_TD_PKT_INT 0x00008000 +#define AGE_TD_DMA_INT 0x00004000 +#define AGE_TD_BUFLEN_MASK 0x00003FFF +#define AGE_TD_VLAN_SHIFT 16 +#define AGE_TX_VLAN_TAG(x) \ + (((x) << 4) | ((x) >> 13) | (((x) >> 9) & 8)) +#define AGE_TD_BUFLEN_SHIFT 0 +#define AGE_TX_BYTES(x) \ + (((x) << AGE_TD_BUFLEN_SHIFT) & AGE_TD_BUFLEN_MASK) + uint32_t flags; +#define AGE_TD_TSO_MSS 0xFFF80000 +#define AGE_TD_TSO_HDR 0x00040000 +#define AGE_TD_TSO_TCPHDR_LEN 0x0003C000 +#define AGE_TD_IPHDR_LEN 0x00003C00 +#define AGE_TD_LLC_SNAP 0x00000200 +#define AGE_TD_VLAN_TAGGED 0x00000100 +#define AGE_TD_UDPCSUM 0x00000080 +#define AGE_TD_TCPCSUM 0x00000040 +#define AGE_TD_IPCSUM 0x00000020 +#define AGE_TD_TSO_IPV4 0x00000010 +#define AGE_TD_TSO_IPV6 0x00000012 +#define AGE_TD_CSUM 0x00000008 +#define AGE_TD_INSERT_VLAN_TAG 0x00000004 +#define AGE_TD_COALESCE 0x00000002 +#define AGE_TD_EOP 0x00000001 + +#define AGE_TD_CSUM_PLOADOFFSET 0x00FF0000 +#define AGE_TD_CSUM_XSUMOFFSET 0xFF000000 +#define AGE_TD_CSUM_XSUMOFFSET_SHIFT 24 +#define AGE_TD_CSUM_PLOADOFFSET_SHIFT 16 +#define AGE_TD_TSO_MSS_SHIFT 19 +#define AGE_TD_TSO_TCPHDR_LEN_SHIFT 14 +#define AGE_TD_IPHDR_LEN_SHIFT 10 +} __packed; + +#endif /* _IF_AGEREG_H */ diff --git a/sys/dev/netif/age/if_agevar.h b/sys/dev/netif/age/if_agevar.h new file mode 100644 index 0000000000..d81132b10b --- /dev/null +++ b/sys/dev/netif/age/if_agevar.h @@ -0,0 +1,266 @@ +/*- + * Copyright (c) 2008, Pyun YongHyeon + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice unmodified, this list of conditions, and the following + * disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/sys/dev/age/if_agevar.h,v 1.2 2008/10/21 03:18:02 kevlo Exp $ + */ + +#ifndef _IF_AGEVAR_H +#define _IF_AGEVAR_H + +#define AGE_TX_RING_CNT 256 +#define AGE_RX_RING_CNT 256 +#define AGE_RR_RING_CNT (AGE_TX_RING_CNT + AGE_RX_RING_CNT) +/* The following ring alignments are just guessing. */ +#define AGE_TX_RING_ALIGN 16 +#define AGE_RX_RING_ALIGN 16 +#define AGE_RR_RING_ALIGN 16 +#define AGE_CMB_ALIGN 16 +#define AGE_SMB_ALIGN 16 + +#define AGE_TSO_MAXSEGSIZE 4096 +#define AGE_TSO_MAXSIZE (65535 + sizeof(struct ether_vlan_header)) +#define AGE_MAXTXSEGS 32 + +#define AGE_ADDR_LO(x) ((uint64_t) (x) & 0xFFFFFFFF) +#define AGE_ADDR_HI(x) ((uint64_t) (x) >> 32) + +#define AGE_MSI_MESSAGES 1 +#define AGE_MSIX_MESSAGES 1 + +/* TODO : Should get real jumbo MTU size. */ +#define AGE_JUMBO_FRAMELEN 10240 +#define AGE_JUMBO_MTU \ + (AGE_JUMBO_FRAMELEN - EVL_ENCAPLEN - \ + ETHER_HDR_LEN - ETHER_CRC_LEN) + +#define AGE_DESC_INC(x, y) ((x) = ((x) + 1) % (y)) + +#define AGE_PROC_MIN 30 +#define AGE_PROC_MAX (AGE_RX_RING_CNT - 1) +#define AGE_PROC_DEFAULT (AGE_RX_RING_CNT / 2) + +struct age_txdesc { + struct mbuf *tx_m; + bus_dmamap_t tx_dmamap; + struct tx_desc *tx_desc; +}; + +struct age_rxdesc { + struct mbuf *rx_m; + bus_dmamap_t rx_dmamap; + struct rx_desc *rx_desc; +}; + +struct age_chain_data{ + bus_dma_tag_t age_parent_tag; + bus_dma_tag_t age_buffer_tag; + bus_dma_tag_t age_tx_tag; + struct age_txdesc age_txdesc[AGE_TX_RING_CNT]; + bus_dma_tag_t age_rx_tag; + struct age_rxdesc age_rxdesc[AGE_RX_RING_CNT]; + bus_dma_tag_t age_tx_ring_tag; + bus_dmamap_t age_tx_ring_map; + bus_dma_tag_t age_rx_ring_tag; + bus_dmamap_t age_rx_ring_map; + bus_dmamap_t age_rx_sparemap; + bus_dma_tag_t age_rr_ring_tag; + bus_dmamap_t age_rr_ring_map; + bus_dma_tag_t age_cmb_block_tag; + bus_dmamap_t age_cmb_block_map; + bus_dma_tag_t age_smb_block_tag; + bus_dmamap_t age_smb_block_map; + + int age_tx_prod; + int age_tx_cons; + int age_tx_cnt; + int age_rx_cons; + int age_rr_cons; + int age_rxlen; + + struct mbuf *age_rxhead; + struct mbuf *age_rxtail; + struct mbuf *age_rxprev_tail; +}; + +struct age_ring_data { + struct tx_desc *age_tx_ring; + bus_addr_t age_tx_ring_paddr; + struct rx_desc *age_rx_ring; + bus_addr_t age_rx_ring_paddr; + struct rx_rdesc *age_rr_ring; + bus_addr_t age_rr_ring_paddr; + struct cmb *age_cmb_block; + bus_addr_t age_cmb_block_paddr; + struct smb *age_smb_block; + bus_addr_t age_smb_block_paddr; +}; + +#define AGE_TX_RING_SZ \ + (sizeof(struct tx_desc) * AGE_TX_RING_CNT) +#define AGE_RX_RING_SZ \ + (sizeof(struct rx_desc) * AGE_RX_RING_CNT) +#define AGE_RR_RING_SZ \ + (sizeof(struct rx_rdesc) * AGE_RR_RING_CNT) +#define AGE_CMB_BLOCK_SZ sizeof(struct cmb) +#define AGE_SMB_BLOCK_SZ sizeof(struct smb) + +struct age_stats { + /* Rx stats. */ + uint64_t rx_frames; + uint64_t rx_bcast_frames; + uint64_t rx_mcast_frames; + uint32_t rx_pause_frames; + uint32_t rx_control_frames; + uint32_t rx_crcerrs; + uint32_t rx_lenerrs; + uint64_t rx_bytes; + uint32_t rx_runts; + uint64_t rx_fragments; + uint64_t rx_pkts_64; + uint64_t rx_pkts_65_127; + uint64_t rx_pkts_128_255; + uint64_t rx_pkts_256_511; + uint64_t rx_pkts_512_1023; + uint64_t rx_pkts_1024_1518; + uint64_t rx_pkts_1519_max; + uint64_t rx_pkts_truncated; + uint32_t rx_fifo_oflows; + uint32_t rx_desc_oflows; + uint32_t rx_alignerrs; + uint64_t rx_bcast_bytes; + uint64_t rx_mcast_bytes; + uint64_t rx_pkts_filtered; + /* Tx stats. */ + uint64_t tx_frames; + uint64_t tx_bcast_frames; + uint64_t tx_mcast_frames; + uint32_t tx_pause_frames; + uint32_t tx_excess_defer; + uint32_t tx_control_frames; + uint32_t tx_deferred; + uint64_t tx_bytes; + uint64_t tx_pkts_64; + uint64_t tx_pkts_65_127; + uint64_t tx_pkts_128_255; + uint64_t tx_pkts_256_511; + uint64_t tx_pkts_512_1023; + uint64_t tx_pkts_1024_1518; + uint64_t tx_pkts_1519_max; + uint32_t tx_single_colls; + uint32_t tx_multi_colls; + uint32_t tx_late_colls; + uint32_t tx_excess_colls; + uint32_t tx_underrun; + uint32_t tx_desc_underrun; + uint32_t tx_lenerrs; + uint32_t tx_pkts_truncated; + uint64_t tx_bcast_bytes; + uint64_t tx_mcast_bytes; +}; + +/* + * Software state per device. + */ +struct age_softc { + struct arpcom arpcom; + device_t age_dev; + + int age_mem_rid; + struct resource *age_mem_res; + bus_space_tag_t age_mem_bt; + bus_space_handle_t age_mem_bh; + + int age_irq_rid; + struct resource *age_irq_res; + void *age_irq_handle; + + int age_phyaddr; + device_t age_miibus; + + int age_rev; + int age_chip_rev; + uint8_t age_eaddr[ETHER_ADDR_LEN]; + uint32_t age_dma_rd_burst; + uint32_t age_dma_wr_burst; + int age_flags; +#define AGE_FLAG_PCIE 0x0001 +#define AGE_FLAG_PCIX 0x0002 +#define AGE_FLAG_MSI 0x0004 +#define AGE_FLAG_MSIX 0x0008 +#define AGE_FLAG_PMCAP 0x0010 +#define AGE_FLAG_DETACH 0x4000 +#define AGE_FLAG_LINK 0x8000 + + struct callout age_tick_ch; + struct age_stats age_stat; + struct age_chain_data age_cdata; + struct age_ring_data age_rdata; + int age_if_flags; + int age_int_mod; + int age_max_frame_size; + int age_rr_prod; + int age_tpd_cons; + + struct sysctl_ctx_list age_sysctl_ctx; + struct sysctl_oid *age_sysctl_tree; +}; + +/* Register access macros. */ +#define CSR_WRITE_4(_sc, reg, val) \ + bus_space_write_4((_sc)->age_mem_bt, (_sc)->age_mem_bh, (reg), (val)) +#define CSR_WRITE_2(_sc, reg, val) \ + bus_space_write_2((_sc)->age_mem_bt, (_sc)->age_mem_bh, (reg), (val)) + +#define CSR_READ_4(_sc, reg) \ + bus_space_read_4((_sc)->age_mem_bt, (_sc)->age_mem_bh, (reg)) +#define CSR_READ_2(_sc, reg) \ + bus_space_read_2((_sc)->age_mem_bt, (_sc)->age_mem_bh, (reg)) + +#define AGE_COMMIT_MBOX(_sc) \ +do { \ + CSR_WRITE_4(_sc, AGE_MBOX, \ + (((_sc)->age_cdata.age_rx_cons << MBOX_RD_PROD_IDX_SHIFT) & \ + MBOX_RD_PROD_IDX_MASK) | \ + (((_sc)->age_cdata.age_rr_cons << \ + MBOX_RRD_CONS_IDX_SHIFT) & MBOX_RRD_CONS_IDX_MASK) | \ + (((_sc)->age_cdata.age_tx_prod << MBOX_TD_PROD_IDX_SHIFT) & \ + MBOX_TD_PROD_IDX_MASK)); \ +} while (0) + +#define AGE_RXCHAIN_RESET(_sc) \ +do { \ + (_sc)->age_cdata.age_rxhead = NULL; \ + (_sc)->age_cdata.age_rxtail = NULL; \ + (_sc)->age_cdata.age_rxprev_tail = NULL; \ + (_sc)->age_cdata.age_rxlen = 0; \ +} while (0) + +#define AGE_TX_TIMEOUT 5 +#define AGE_RESET_TIMEOUT 100 +#define AGE_TIMEOUT 1000 +#define AGE_PHY_TIMEOUT 1000 + +#endif /* _IF_AGEVAR_H */ -- 2.41.0