4 files changed, 17 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index c065225fc..a66669ced 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+20030906
+ - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX.
+
 20030905
  - (dtucker) [Makefile.in] Add distclean target for regress/, fix clean target.
 
@@ -1021,4 +1024,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.2961 2003/09/05 01:35:52 dtucker Exp $
+$Id: ChangeLog,v 1.2962 2003/09/06 06:44:39 dtucker Exp $
diff --git a/acconfig.h b/acconfig.h
index c83a45619..ce79146f4 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.162 2003/08/26 01:58:16 dtucker Exp $ */
+/* $Id: acconfig.h,v 1.163 2003/09/06 06:44:39 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -35,6 +35,12 @@
 /* Define if your platform breaks doing a seteuid before a setuid */
 #undef SETEUID_BREAKS_SETUID
 
+/* Define if your setreuid() is broken */
+#undef BROKEN_SETREUID
+
+/* Define if your setregid() is broken */
+#undef BROKEN_SERREGID
+
 /* Define to a Set Process Title type if your system is */
 /* supported by bsd-setproctitle.c */
 #undef SPT_TYPE
diff --git a/configure.ac b/configure.ac
index bbc00e703..23f3e5e68 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.143 2003/08/26 01:58:16 dtucker Exp $
+# $Id: configure.ac,v 1.144 2003/09/06 06:44:39 dtucker Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -97,6 +97,9 @@ case "$host" in
         AC_CHECK_FUNCS(setauthdb)
         AC_DEFINE(BROKEN_GETADDRINFO)
         AC_DEFINE(BROKEN_REALPATH)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         dnl AIX handles lastlog as part of its login message
         AC_DEFINE(DISABLE_LASTLOG)
         AC_DEFINE(LOGIN_NEEDS_UTMPX)
diff --git a/uidswap.c b/uidswap.c
index e517da21d..3f13f9bf4 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -154,7 +154,7 @@ permanently_set_uid(struct passwd *pw)
 #if defined(HAVE_SETRESGID)
         if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
                 fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#elif defined(HAVE_SETREGID)
+#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
         if (setregid(pw->pw_gid, pw->pw_gid) < 0)
                 fatal("setregid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
 #else
@@ -167,7 +167,7 @@ permanently_set_uid(struct passwd *pw)
 #if defined(HAVE_SETRESUID)
         if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
                 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#elif defined(HAVE_SETREUID)
+#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
         if (setreuid(pw->pw_uid, pw->pw_uid) < 0)
                 fatal("setreuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 #else