From 4e06a1d75d0f692c84f21347d4e1c4242dc1a96e Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sat, 22 Nov 2003 14:25:15 +1100
Subject: [PATCH]  - (dtucker) [auth-sia.c configure.ac] Tru64 update from
 cmadams at hiwaay.net.    Use permanently_set_uid for SIA, only define
 DISABLE_FD_PASSING when SIA    is enabled, rely on SIA to check for locked
 accounts if enabled.  ok djm@

---
 ChangeLog    | 5 ++++-
 auth-sia.c   | 5 +++--
 configure.ac | 5 ++---
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1d723126d..79ce8267b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
  - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
    Move AIX specific password authentication code to port-aix.c, call
    authenticate() until reenter flag is clear.
+ - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
+   Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
+   is enabled, rely on SIA to check for locked accounts if enabled.  ok djm@
 
 20031121
  - (djm) OpenBSD CVS Sync
@@ -1504,4 +1507,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3121 2003/11/22 03:16:56 dtucker Exp $
+$Id: ChangeLog,v 1.3122 2003/11/22 03:25:15 dtucker Exp $
diff --git a/auth-sia.c b/auth-sia.c
index cdd39d670..cd2dcb840 100644
--- a/auth-sia.c
+++ b/auth-sia.c
@@ -31,6 +31,7 @@
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
+#include "uidswap.h"
 
 #include <sia.h>
 #include <siad.h>
@@ -103,8 +104,8 @@ session_setup_sia(struct passwd *pw, char *tty)
 
 	sia_ses_release(&ent);
 
-	if (setreuid(geteuid(), geteuid()) < 0)
-		fatal("setreuid: %s", strerror(errno));
+	setuid(0);
+	permanently_set_uid(pw);
 }
 
 #endif /* HAVE_OSF_SIA */
diff --git a/configure.ac b/configure.ac
index 5f302f5e5..b56d37f4d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.174 2003/11/21 12:48:55 djm Exp $
+# $Id: configure.ac,v 1.175 2003/11/22 03:25:16 dtucker Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -409,14 +409,13 @@ mips-sony-bsd|mips-sony-newsos4)
 			LIBS="$LIBS -lsecurity -ldb -lm -laud"
 		else
 			AC_MSG_RESULT(no)
+			AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
 		fi
 	fi
-	AC_DEFINE(DISABLE_FD_PASSING)
 	AC_DEFINE(BROKEN_GETADDRINFO)
 	AC_DEFINE(SETEUID_BREAKS_SETUID)
 	AC_DEFINE(BROKEN_SETREUID)
 	AC_DEFINE(BROKEN_SETREGID)
-	AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
 	;;
 
 *-*-nto-qnx)