--- a/src/lib/env-util.c	Thu Feb 20 23:43:28 2003 +0200
+++ b/src/lib/env-util.c	Fri Feb 21 15:01:55 2003 +0200
@@ -39,6 +39,26 @@
 		i_fatal("Environment full, can't add: %s", env);
 }
 
+void env_remove(const char *env)
+{
+	extern char **environ;
+	size_t len;
+
+	if (environ == NULL)
+		return;
+
+	len = strlen(env);
+	for (; *environ != NULL; environ++) {
+		if (strncmp(*environ, env, len) == 0 &&
+		    (*environ)[len] == '=') {
+			char **p;
+
+			for (p = environ; *p != NULL; p++)
+				p[0] = p[1];
+		}
+	}
+}
+
 void env_clean(void)
 {
 	extern char **environ;

--- a/src/lib/env-util.h	Thu Feb 20 23:43:28 2003 +0200
+++ b/src/lib/env-util.h	Fri Feb 21 15:01:55 2003 +0200
@@ -4,6 +4,8 @@
 /* Add new environment variable. Wrapper to putenv(). Note that calls to this
    function allocates memory which isn't free'd until env_clean() is called. */
 void env_put(const char *env);
+/* Remove environment variable. */
+void env_remove(const char *env);
 /* Clear all environment variables. */
 void env_clean(void);
 

--- a/src/lib/restrict-access.c	Thu Feb 20 23:43:28 2003 +0200
+++ b/src/lib/restrict-access.c	Fri Feb 21 15:01:55 2003 +0200
@@ -42,6 +42,14 @@
 	env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid)));
 }
 
+void restrict_access_clear_env(void)
+{
+	env_remove("RESTRICT_USER");
+	env_remove("RESTRICT_CHROOT");
+	env_remove("RESTRICT_SETUID");
+	env_remove("RESTRICT_SETGID");
+}
+
 void restrict_access_by_env(int disallow_root)
 {
 	const char *env;

--- a/src/lib/restrict-access.h	Thu Feb 20 23:43:28 2003 +0200
+++ b/src/lib/restrict-access.h	Fri Feb 21 15:01:55 2003 +0200
@@ -6,6 +6,9 @@
 void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
 			     const char *chroot_dir);
 
+/* clear the environment variables set by restrict_access_set_env() */
+void restrict_access_clear_env(void);
+
 /* chroot, setuid() and setgid() based on environment variables.
    If disallow_roots is TRUE, we'll kill ourself if we didn't have the
    environment settings and we have root uid or gid. */