--- a/src/auth/auth-interface.h	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/auth/auth-interface.h	Tue Dec 17 05:00:44 2002 +0200
@@ -7,6 +7,7 @@
 #define AUTH_MAX_REPLY_DATA_SIZE	4096
 
 #define AUTH_MAX_USER_LEN		64
+#define AUTH_MAX_VUSER_LEN		256
 #define AUTH_MAX_HOME_LEN		256
 #define AUTH_MAX_MAIL_LEN		256
 
@@ -77,7 +78,8 @@
 	int id;
 	int success; /* FALSE if cookie wasn't found */
 
-	char user[AUTH_MAX_USER_LEN]; /* system user, if available */
+	char system_user[AUTH_MAX_USER_LEN]; /* system user, if available */
+	char virtual_user[AUTH_MAX_VUSER_LEN]; /* for logging etc. */
 	uid_t uid;
 	gid_t gid;
 

--- a/src/auth/userinfo-passwd-file.c	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/auth/userinfo-passwd-file.c	Tue Dec 17 05:00:44 2002 +0200
@@ -87,6 +87,17 @@
 		strcpy(reply->mail, pu->mail);
 	}
 
+	i_assert(sizeof(reply->virtual_user) > strlen(pu->user_realm));
+	strcpy(reply->virtual_user, pu->user_realm);
+
+	if (pu->realm != NULL) {
+		/* ':' -> '@' to make it look prettier */
+		size_t pos;
+
+		pos = (size_t) (pu->realm - (const char *) pu->user_realm);
+		reply->virtual_user[pos] = '@';
+	}
+
 	reply->chroot = pu->chroot;
 	return TRUE;
 }

--- a/src/auth/userinfo-passwd.c	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/auth/userinfo-passwd.c	Tue Dec 17 05:00:44 2002 +0200
@@ -15,13 +15,15 @@
 
 void passwd_fill_cookie_reply(struct passwd *pw, AuthCookieReplyData *reply)
 {
-	i_assert(sizeof(reply->user) > strlen(pw->pw_name));
+	i_assert(sizeof(reply->system_user) > strlen(pw->pw_name));
+	i_assert(sizeof(reply->virtual_user) > strlen(pw->pw_name));
 	i_assert(sizeof(reply->home) > strlen(pw->pw_dir));
 
 	reply->uid = pw->pw_uid;
 	reply->gid = pw->pw_gid;
 
-	strcpy(reply->user, pw->pw_name);
+	strcpy(reply->system_user, pw->pw_name);
+	strcpy(reply->virtual_user, pw->pw_name);
 	strcpy(reply->home, pw->pw_dir);
 }
 

--- a/src/auth/userinfo-vpopmail.c	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/auth/userinfo-vpopmail.c	Tue Dec 17 05:00:44 2002 +0200
@@ -95,12 +95,18 @@
 			strlen(vpw->pw_dir), sizeof(reply->home)-1);
 	}
 
-	if (strlen(vpw->pw_name) >= sizeof(reply->user)) {
+	if (strlen(vpw->pw_name) >= sizeof(reply->system_user)) {
 		i_panic("Username too large (%u > %u)",
-			strlen(vpw->pw_name), sizeof(reply->user)-1);
+			strlen(vpw->pw_name), sizeof(reply->system_user)-1);
 	}
 
-	strcpy(reply->user, vpw->pw_name);
+	if (strlen(vpw->pw_name) >= sizeof(reply->virtual_user)) {
+		i_panic("Username too large (%u > %u)",
+			strlen(vpw->pw_name), sizeof(reply->virtual_user)-1);
+	}
+
+	strcpy(reply->system_user, vpw->pw_name);
+	strcpy(reply->virtual_user, vpw->pw_name);
 	strcpy(reply->home, vpw->pw_dir);
 
 	return TRUE;

--- a/src/lib/restrict-access.c	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/lib/restrict-access.c	Tue Dec 17 05:00:44 2002 +0200
@@ -34,12 +34,12 @@
 			     const char *chroot_dir)
 {
 	if (user != NULL && *user != '\0')
-		env_put(t_strconcat("USER=", user, NULL));
+		env_put(t_strconcat("RESTRICT_USER=", user, NULL));
 	if (chroot_dir != NULL && *chroot_dir != '\0')
-		env_put(t_strconcat("CHROOT=", chroot_dir, NULL));
+		env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL));
 
-	env_put(t_strdup_printf("SETUID=%ld", (long) uid));
-	env_put(t_strdup_printf("SETGID=%ld", (long) gid));
+	env_put(t_strdup_printf("RESTRICT_SETUID=%ld", (long) uid));
+	env_put(t_strdup_printf("RESTRICT_SETGID=%ld", (long) gid));
 }
 
 void restrict_access_by_env(void)
@@ -49,7 +49,7 @@
 	uid_t uid;
 
 	/* chrooting */
-	env = getenv("CHROOT");
+	env = getenv("RESTRICT_CHROOT");
 	if (env != NULL) {
 		/* kludge: localtime() must be called before chroot(),
 		   or the timezone isn't known */
@@ -65,13 +65,13 @@
 
 	/* groups - the getgid() checks are just so we don't fail if we're
 	   not running as root and try to just use our own GID. */
-	env = getenv("SETGID");
+	env = getenv("RESTRICT_SETGID");
 	gid = env == NULL ? 0 : (gid_t) atol(env);
 	if (gid != 0 && (gid != getgid() || gid != getegid())) {
 		if (setgid(gid) != 0)
 			i_fatal("setgid(%ld) failed: %m", (long) gid);
 
-		env = getenv("USER");
+		env = getenv("RESTRICT_USER");
 		if (env == NULL) {
 			/* user not known, use only this one group */
 			(void)setgroups(1, &gid);
@@ -84,7 +84,7 @@
 	}
 
 	/* uid last */
-	env = getenv("SETUID");
+	env = getenv("RESTRICT_SETUID");
 	uid = env == NULL ? 0 : (uid_t) atol(env);
 	if (uid != 0) {
 		if (setuid(uid) != 0)

--- a/src/master/auth-process.c	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/master/auth-process.c	Tue Dec 17 05:00:44 2002 +0200
@@ -78,7 +78,8 @@
 
 	/* auth process isn't trusted, validate all data to make sure
 	   it's not trying to exploit us */
-	if (!VALIDATE_STR(reply->user) || !VALIDATE_STR(reply->mail) ||
+	if (!VALIDATE_STR(reply->system_user) ||
+	    !VALIDATE_STR(reply->virtual_user) || !VALIDATE_STR(reply->mail) ||
 	    !VALIDATE_STR(reply->home)) {
 		i_error("auth: Received corrupted data");
 		auth_process_destroy(process);

--- a/src/master/common.h	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/master/common.h	Tue Dec 17 05:00:44 2002 +0200
@@ -33,7 +33,9 @@
 
 void clean_child_process(void);
 
-MasterReplyResult create_imap_process(int socket, IPADDR *ip, const char *user,
+MasterReplyResult create_imap_process(int socket, IPADDR *ip,
+				      const char *system_user,
+				      const char *virtual_user,
 				      uid_t uid, gid_t gid, const char *home,
 				      int chroot, const char *env[]);
 void imap_process_destroyed(pid_t pid);

--- a/src/master/imap-process.c	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/master/imap-process.c	Tue Dec 17 05:00:44 2002 +0200
@@ -101,7 +101,9 @@
 	return str->str;
 }
 
-MasterReplyResult create_imap_process(int socket, IPADDR *ip, const char *user,
+MasterReplyResult create_imap_process(int socket, IPADDR *ip,
+				      const char *system_user,
+				      const char *virtual_user,
 				      uid_t uid, gid_t gid, const char *home,
 				      int chroot, const char *env[])
 {
@@ -165,10 +167,12 @@
 	if (!found_mail && set_default_mail_env != NULL) {
 		const char *mail;
 
-		mail = expand_mail_env(set_default_mail_env, user, home);
+		mail = expand_mail_env(set_default_mail_env,
+				       virtual_user, home);
 		env_put(t_strconcat("MAIL=", mail, NULL));
 	}
 
+	env_put(t_strconcat("USER=", virtual_user, NULL));
 	env_put(t_strconcat("HOME=", home, NULL));
 	env_put(t_strconcat("MAIL_CACHE_FIELDS=", set_mail_cache_fields, NULL));
 	env_put(t_strconcat("MAIL_NEVER_CACHE_FIELDS=",
@@ -197,13 +201,13 @@
 		env_put("MBOX_READ_DOTLOCK=1");
 
 	if (set_verbose_proctitle && net_ip2host(ip, host) == 0) {
-		i_snprintf(title, sizeof(title), "[%s %s]", user, host);
+		i_snprintf(title, sizeof(title), "[%s %s]", virtual_user, host);
 		argv[2] = title;
 	}
 
 	/* setup access environment - needs to be done after
 	   clean_child_process() since it clears environment */
-	restrict_access_set_env(user, uid, gid, chroot ? home : NULL);
+	restrict_access_set_env(system_user, uid, gid, chroot ? home : NULL);
 
 	restrict_process_size(set_imap_process_size);
 

--- a/src/master/login-process.c	Tue Dec 17 04:21:46 2002 +0200
+++ b/src/master/login-process.c	Tue Dec 17 05:00:44 2002 +0200
@@ -70,7 +70,8 @@
 	else {
 		reply.result = create_imap_process(request->fd,
 						   &request->ip,
-						   cookie_reply->user,
+						   cookie_reply->system_user,
+						   cookie_reply->virtual_user,
 						   cookie_reply->uid,
 						   cookie_reply->gid,
 						   cookie_reply->home,