4 files changed, 22 insertions, 6 deletions

diff --git a/ChangeLog b/ChangeLog
index cc6e09ad..65e0f9e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,6 +40,8 @@
    platform.c.
  - (dtucker) [platform.c session.c] Move PAM credential establishment for the
    non-LOGIN_CAP case into platform.c.
+ - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
+   check into platform.c
 
 20101025
  - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
diff --git a/platform.c b/platform.c
index b4fb88e5..f2cf11f5 100644
--- a/platform.c
+++ b/platform.c
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.13 2010/11/05 02:32:53 dtucker Exp $ */
+/* $Id: platform.c,v 1.14 2010/11/05 03:47:01 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Darren Tucker.  All rights reserved.
@@ -17,6 +17,10 @@
  */
 
 #include "config.h"
+
+#include <sys/types.h>
+#include <unistd.h>
+
 #include "platform.h"
 
 #include "openbsd-compat/openbsd-compat.h"
@@ -59,6 +63,18 @@ platform_post_fork_child(void)
 #endif
 }
 
+/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */
+int
+platform_privileged_uidswap(void)
+{
+#ifdef HAVE_CYGWIN
+	/* uid 0 is not special on Cygwin so always try */
+	return 1;
+#else
+	return (getuid() == 0 || geteuid() == 0);
+#endif
+}
+
 /*
  * This gets called before switching UIDs, and is called even when sshd is
  * not running as root.
diff --git a/platform.h b/platform.h
index be66d55c..944d2c34 100644
--- a/platform.h
+++ b/platform.h
@@ -1,4 +1,4 @@
-/* $Id: platform.h,v 1.6 2010/11/05 01:36:15 dtucker Exp $ */
+/* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Darren Tucker.  All rights reserved.
@@ -24,6 +24,7 @@ void platform_pre_listen(void);
 void platform_pre_fork(void);
 void platform_post_fork_parent(pid_t child_pid);
 void platform_post_fork_child(void);
+int  platform_privileged_uidswap(void);
 void platform_setusercontext(struct passwd *);
 void platform_setusercontext_post_groups(struct passwd *);
 char *platform_get_krb5_client(const char *);
diff --git a/session.c b/session.c
index f1f26ef6..58e68128 100644
--- a/session.c
+++ b/session.c
@@ -1471,10 +1471,7 @@ do_setusercontext(struct passwd *pw)
 
 	platform_setusercontext(pw);
 
-#ifndef HAVE_CYGWIN
-	if (getuid() == 0 || geteuid() == 0)
-#endif /* HAVE_CYGWIN */
-	{
+	if (platform_privileged_uidswap()) {
 #ifdef HAVE_LOGIN_CAP
 		if (setusercontext(lc, pw, pw->pw_uid,
 		    (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {