Draft: PAM: When cancelled, return PAM_CONV_ERR not just for the first prompt
It's possible that there are multiple prompts from multiple modules, like a sufficient pam_unix followed by a sufficient pam_sssd which both ask for a password. Previously, the cancel() method returns PAM_CONV_ERR only once to the currently active conversation, but it needs to do this until the authenticate call is done.
Without this patch, cancel() thus skipped only the active module and entering the password afterwards only affected subsequent modules, leading to authentication failure.
Draft because waiting for reporter feedback.