Improvements to auth_result and it's usage (more and better results)
The enum auth_result currently implements:
- "undefined": The code comments this as "XXX: ???",
- "ok": client passed the auth backend successfully,
- "failed": client did not pass (because of invalid credentials or because of backend malfunction),
- "released": used internally for on-disconnect handlers,
- "forbidden": unused,
- "no match": client is unknown to this backend,
- "user added", "user exists", "user deleted": used by management functions.
I suggest to change this the following way:
- Make "forbidden" settable by auth backends for permanent no-passes. This would terminate any auth retry. It could be useful for when the client IS identified (credentials match) but the backend forbids access (user has been banned, access has been terminated, ...).
- Add "backend failed" that indicates a problem with the backend, not the credentials. Such failures would include non-responsive backend servers (e.g. with URL auth) or misconfiguration (e.g. invalid file for htpasswd auth).
- Add a "user modified" for management functions as the current set does not allow updating users (only delete-then-add-again patterns).