silence out pam_openrc on login, and add rc_autostart_users to rc.conf

etc/rc.conf

@@ -15,6 +15,11 @@
 # set to YES.
 #rc_interactive="YES"
 
+# Set to "NO" if you don't want pam_openrc autostarting user services. This
+# effectively disables the pam module, without the need of removing it from
+# the pam configuration files.
+#rc_autostart_user="YES"
+
 # If we need to drop to a shell, you can specify it here.
 # If not specified we use $SHELL, otherwise the one specified in /etc/passwd,
 # otherwise /bin/sh

src/pam_openrc/pam_openrc.c

@@ -13,7 +13,7 @@
 #include "einfo.h"
 
 static int
-exec_openrc(pam_handle_t *pamh, bool opening)
+exec_openrc(pam_handle_t *pamh, bool opening, bool quiet)
 {
 	char *svc_name, *pam_lock, *logins, *script = NULL;
 	const char *username = NULL, *session = NULL;
@@ -23,8 +23,17 @@ exec_openrc(pam_handle_t *pamh, bool opening)
 	struct passwd *user;
 	pid_t pid = -1;
 
+	errno = 0;
+	if (!rc_yesno(rc_conf_value("rc_autostart_user")) && errno == 0)
+		return PAM_SUCCESS;
+
 	setenv("EINFO_LOG", "pam_openrc", true);
 
+	if (quiet) {
+		setenv("EINFO_QUIET", "yes", true);
+		setenv("EERROR_QUIET", "yes", true);
+	}
+
 	if (pam_get_item(pamh, PAM_SERVICE, (const void **)&session) != PAM_SUCCESS) {
 		elog(LOG_ERR, "Failed to get PAM_SERVICE");
 		return PAM_SESSION_ERR;
@@ -123,15 +132,14 @@ exec_openrc(pam_handle_t *pamh, bool opening)
 PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
 	(void) argc;
 	(void) argv;
-	(void) flags;
 
-	return exec_openrc(pamh, true);
+	return exec_openrc(pamh, true, flags & PAM_SILENT);
 }
 
 PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
 	(void) argc;
 	(void) argv;
 	(void) flags;
 
-	return exec_openrc(pamh, false);
+	return exec_openrc(pamh, false, flags & PAM_SILENT);
 }