Index: dev/pci/if_lmc.h
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/if_lmc.h,v
retrieving revision 1.19
diff -u -p -r1.19 if_lmc.h
--- dev/pci/if_lmc.h	5 Apr 2010 07:20:26 -0000	1.19
+++ dev/pci/if_lmc.h	19 Jan 2012 01:10:06 -0000
@@ -971,7 +971,7 @@ typedef int intr_return_t;
 # define TOP_UNLOCK(sc)		mutex_spin_exit(&(sc)->top_lock)
 # define BOTTOM_TRYLOCK(sc)	__cpu_simple_lock_try(&(sc)->bottom_lock)
 # define BOTTOM_UNLOCK(sc)	__cpu_simple_unlock  (&(sc)->bottom_lock)
-# define CHECK_CAP		kauth_authorize_generic(curlwp->l_cred, KAUTH_GENERIC_ISSUSER, NULL)
+# define CHECK_CAP		kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE, sc->ifp, NULL, NULL)
 # define DISABLE_INTR		int spl = splnet()
 # define ENABLE_INTR		splx(spl)
 # define IRQ_NONE		0
Index: netsmb/smb_conn.c
===================================================================
RCS file: /cvsroot/src/sys/netsmb/smb_conn.c,v
retrieving revision 1.27
diff -u -p -r1.27 smb_conn.c
--- netsmb/smb_conn.c	17 Dec 2010 13:05:29 -0000	1.27
+++ netsmb/smb_conn.c	19 Jan 2012 01:10:07 -0000
@@ -87,7 +87,7 @@ __KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v
 
 static struct smb_connobj smb_vclist;
 static int smb_vcnext = 1;	/* next unique id for VC */
-
+static kauth_listener_t smb_listener;
 
 MALLOC_DEFINE(M_SMBCONN, "SMB conn", "SMB connection");
 
@@ -100,6 +100,106 @@ static void smb_vc_gone(struct smb_conno
 static smb_co_free_t smb_share_free;
 static smb_co_gone_t smb_share_gone;
 
+static int
+smb_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	int result, ismember = 0;
+	enum kauth_network_req req;
+
+	if (action != KAUTH_NETWORK_SMB)
+		return KAUTH_RESULT_DEFER;
+
+	result = KAUTH_RESULT_DEFER;
+	req = (enum kauth_network_req)arg0;
+
+	switch (req) {
+	case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS: {
+		struct smb_share *ssp = arg1;
+		mode_t mode = (mode_t)(uintptr_t)arg2;
+
+		/* Owner can access. */
+		if (kauth_cred_geteuid(cred) == ssp->ss_uid) {
+			result = KAUTH_RESULT_ALLOW;
+			break;
+		}
+
+		/* Try group permissions if member or other if not. */
+		mode >>= 3;
+		if (kauth_cred_ismember_gid(cred, ssp->ss_grp, &ismember) != 0 ||
+		    !ismember)
+			mode >>= 3;
+
+		if ((ssp->ss_mode & mode) == mode)
+			result = KAUTH_RESULT_ALLOW;
+
+		break;
+		}
+
+	case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE: {
+		struct smb_sharespec *shspec = arg1;
+
+		/*
+		 * Only superuser can create shares with different uid and gid
+		 */
+		if (shspec->owner != SMBM_ANY_OWNER &&
+		    shspec->owner != kauth_cred_geteuid(cred))
+			break;
+		if (shspec->group != SMBM_ANY_GROUP &&
+		    (kauth_cred_ismember_gid(cred, shspec->group, &ismember) != 0 || !ismember))
+			break;
+
+		result = KAUTH_RESULT_ALLOW;
+
+		break;
+		}
+
+	case KAUTH_REQ_NETWORK_SMB_VC_ACCESS: {
+		struct smb_vc *vcp = arg1;
+		mode_t mode = (mode_t)(uintptr_t)arg2;
+
+		/* Owner can access. */
+		if (kauth_cred_geteuid(cred) == vcp->vc_uid) {
+			result = KAUTH_RESULT_ALLOW;
+			break;
+		}
+
+		/* Try group permissions if member or other if not. */
+		mode >>= 3;
+		if (kauth_cred_ismember_gid(cred, vcp->vc_grp, &ismember) != 0 ||
+		    !ismember)
+			mode >>= 3;
+
+		if ((vcp->vc_mode & mode) == mode)
+			result = KAUTH_RESULT_ALLOW;
+
+		break;
+		}
+
+	case KAUTH_REQ_NETWORK_SMB_VC_CREATE: {
+		struct smb_vcspec *vcspec = arg1;
+
+		/*
+		 * Only superuser can create VCs with different uid and gid
+		 */
+		if (vcspec->owner != SMBM_ANY_OWNER &&
+		    vcspec->owner != kauth_cred_geteuid(cred))
+			break;
+		if (vcspec->group != SMBM_ANY_GROUP &&
+		    (kauth_cred_ismember_gid(cred, vcspec->group, &ismember) != 0 || !ismember))
+			break;
+
+		result = KAUTH_RESULT_ALLOW;
+
+		break;
+		}
+
+	default:
+		break;
+	}
+
+	return result;
+}
 
 int
 smb_sm_init(void)
@@ -109,6 +209,8 @@ smb_sm_init(void)
 	mutex_enter(&smb_vclist.co_interlock);
 	smb_co_unlock(&smb_vclist);
 	mutex_exit(&smb_vclist.co_interlock);
+	smb_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+	    smb_listener_cb, NULL);
 	return 0;
 }
 
@@ -122,6 +224,7 @@ smb_sm_done(void)
 		panic("%d connections still active", smb_vclist.co_usecount - 1);
 #endif
 	smb_co_done(&smb_vclist);
+	kauth_unlisten_scope(smb_listener);
 	return 0;
 }
 
@@ -418,20 +521,14 @@ smb_vc_create(struct smb_vcspec *vcspec,
 	gid_t gid = vcspec->group;
 	uid_t realuid;
 	char *domain = vcspec->domain;
-	int error, isroot, ismember = 0;
+	int error;
 
-	realuid = kauth_cred_geteuid(cred);
-	isroot = (smb_suser(cred) == 0);
-	/*
-	 * Only superuser can create VCs with different uid and gid
-	 */
-	if (uid != SMBM_ANY_OWNER && uid != realuid && !isroot)
+	error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
+	    KAUTH_REQ_NETWORK_SMB_VC_CREATE, vcspec, NULL, NULL);
+	if (error)
 		return EPERM;
 
-	if (gid != SMBM_ANY_GROUP &&
-	    (kauth_cred_ismember_gid(cred, gid, &ismember) != 0 || !ismember) &&
-	    !isroot)
-		return EPERM;
+	realuid = kauth_cred_geteuid(cred);
 
 	vcp = smb_zmalloc(sizeof(*vcp), M_SMBCONN, M_WAITOK);
 	smb_co_init(VCTOCP(vcp), SMBL_VC, "smb_vc");
@@ -599,15 +696,14 @@ int
 smb_vc_access(struct smb_vc *vcp, struct smb_cred *scred, mode_t mode)
 {
 	kauth_cred_t cred = scred->scr_cred;
-	int ismember = 0;
+	int error;
 
-	if (smb_suser(cred) == 0 || kauth_cred_geteuid(cred) == vcp->vc_uid)
-		return 0;
-	mode >>= 3;
-	if (kauth_cred_ismember_gid(cred, vcp->vc_grp, &ismember) != 0 ||
-	    !ismember)
-		mode >>= 3;
-	return (vcp->vc_mode & mode) == mode ? 0 : EACCES;
+	error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
+	    KAUTH_REQ_NETWORK_SMB_VC_ACCESS, vcp, KAUTH_ARG(mode), NULL);
+	if (error)
+		return EACCES;
+
+	return 0;
 }
 
 static int
@@ -728,19 +824,15 @@ smb_share_create(struct smb_vc *vcp, str
 	uid_t realuid;
 	uid_t uid = shspec->owner;
 	gid_t gid = shspec->group;
-	int error, isroot, ismember = 0;
+	int error;
 
-	realuid = kauth_cred_geteuid(cred);
-	isroot = smb_suser(cred) == 0;
-	/*
-	 * Only superuser can create shares with different uid and gid
-	 */
-	if (uid != SMBM_ANY_OWNER && uid != realuid && !isroot)
-		return EPERM;
-	if (gid != SMBM_ANY_GROUP &&
-	    (kauth_cred_ismember_gid(cred, gid, &ismember) != 0 || !ismember) &&
-	    !isroot)
+	error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
+	    KAUTH_REQ_NETWORK_SMB_SHARE_CREATE, shspec, NULL, NULL);
+	if (error)
 		return EPERM;
+
+	realuid = kauth_cred_geteuid(cred);
+
 	error = smb_vc_lookupshare(vcp, shspec, scred, &ssp);
 	if (!error) {
 		smb_share_put(ssp, scred);
@@ -846,15 +938,14 @@ int
 smb_share_access(struct smb_share *ssp, struct smb_cred *scred, mode_t mode)
 {
 	kauth_cred_t cred = scred->scr_cred;
-	int ismember = 0;
+	int error;
 
-	if (smb_suser(cred) == 0 || kauth_cred_geteuid(cred) == ssp->ss_uid)
-		return 0;
-	mode >>= 3;
-	if (kauth_cred_ismember_gid(cred, ssp->ss_grp, &ismember) != 0 ||
-	    !ismember)
-		mode >>= 3;
-	return (ssp->ss_mode & mode) == mode ? 0 : EACCES;
+	error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
+	    KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS, ssp, KAUTH_ARG(mode), NULL);
+	if (error)
+		return EACCES;
+
+	return 0;
 }
 
 int
Index: netsmb/smb_subr.h
===================================================================
RCS file: /cvsroot/src/sys/netsmb/smb_subr.h,v
retrieving revision 1.20
diff -u -p -r1.20 smb_subr.h
--- netsmb/smb_subr.h	17 Dec 2010 13:05:29 -0000	1.20
+++ netsmb/smb_subr.h	19 Jan 2012 01:10:07 -0000
@@ -71,6 +71,7 @@ void m_dumpm(struct mbuf *m);
 	 SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) ||	\
 	 SIGISMEMBER(set, SIGQUIT))
 
+/* smb_suser() is not used in NetBSD. */
 #define	smb_suser(cred)	kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)
 
 /*