Revert "pam_fprintd: Just return a PAM_AUTH_ERROR on unknown errors"

This reverts commit ecf6b7c323.

The idea of the commit was to make device failures less fatal to the
system. Unfortunately, we can fail quickly in this case, and returning
PAM_AUTH_ERR means that the user might run into a retry limit due to
this.

Go back to reporting PAM_AUTHINFO_UNAVAIL, it appears as the lesser evil
right now. Ideally we want to a way to tell the upper stack to retry
authentication whenever there is a good opportunity, but to not consider
it as an authentication failure.

pam/pam_fprintd.c

@@ -565,7 +565,7 @@ do_verify (sd_bus      *bus,
             }
           else if (str_equal (data->result, "verify-unknown-error"))
             {
-              return PAM_AUTH_ERR;
+              return PAM_AUTHINFO_UNAVAIL;
             }
           else if (str_equal (data->result, "verify-disconnected"))
             {

tests/pam/test_pam_fprintd.py

@@ -97,7 +97,7 @@ class TestPamFprintd(dbusmock.DBusTestCase):
         ]
         self.device_mock.SetVerifyScript(script)
 
-        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTH_ERR)
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
         res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
 
         self.assertRegex(res.info[0], r'Swipe your left little finger across the fingerprint reader')