Merge pull request NixOS#70137 from michaelpj/fix-pam-variable-subst

nixos/system-environment: fix variable substitution
dtzWill · Oct 2, 2019 · 49bc1bf · 49bc1bf
2 parents 5ddf351 + d8b9742
commit 49bc1bf
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/nixos/modules/config/system-environment.nix b/nixos/modules/config/system-environment.nix
@@ -8,11 +8,6 @@ let
 
   cfg = config.environment;
 
-  pamProfiles =
-    map
-      (replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"])
-      cfg.profiles;
-
 in
 
 {
@@ -75,13 +70,20 @@ in
       let
         suffixedVariables =
           flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes:
-            flip concatMap pamProfiles (profile:
+            flip concatMap cfg.profiles (profile:
               map (suffix: "${profile}${suffix}") suffixes
             )
           );
 
+        # We're trying to use the same syntax for PAM variables and env variables.
+        # That means we need to map the env variables that people might use to their
+        # equivalent PAM variable.
+        # Note: PAM_USER is a PAM_ITEM, HOME is an environment variable, they have 
+        # different syntax.
+        replaceEnvVars = replaceStrings ["$HOME" "$USER"] ["\${HOME}" "@{PAM_USER}"];
+
         pamVariable = n: v:
-          ''${n}   DEFAULT="${concatStringsSep ":" (toList v)}"'';
+          ''${n}   DEFAULT="${concatStringsSep ":" (map replaceEnvVars (toList v))}"'';
 
         pamVariables =
           concatStringsSep "\n"