pam_localuser: forward error values returned by pam_get_user

Starting with commit c2c601f534,
pam_get_user is guaranteed to return one of the following values:
PAM_SUCCESS, PAM_BUF_ERR, PAM_CONV_AGAIN, or PAM_CONV_ERR.

* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not
replace non-PAM_CONV_AGAIN error values returned by pam_get_user with
PAM_SERVICE_ERR.
* modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document
new return values.

modules/pam_localuser/pam_localuser.8.xml

@@ -102,6 +102,25 @@
           </listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term>PAM_BUF_ERR</term>
+          <listitem>
+            <para>
+              Memory buffer error.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_CONV_ERR</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              failed to obtain the username.
+            </para>
+          </listitem>
+        </varlistentry>
+
         <varlistentry>
           <term>PAM_INCOMPLETE</term>
           <listitem>
@@ -116,7 +135,7 @@
           <term>PAM_SERVICE_ERR</term>
           <listitem>
             <para>
-              No username was given.
+              The user name is not valid or the passwd file is unavailable.
             </para>
           </listitem>
         </varlistentry>

modules/pam_localuser/pam_localuser.c

@@ -98,7 +98,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 	/* Obtain the user name.  */
 	if ((ret = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
 		pam_syslog (pamh, LOG_ERR, "cannot determine user name");
-		return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : PAM_SERVICE_ERR;
+		return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : ret;
 	}
 
 	if ((user_len = strlen(user)) == 0) {