anonymous and authenticated http smart server on the same host is hard

 affects bzr
 importance medium
 status confirmed

anonymous and authenticated http smart server on the same host is hard:
 - apache etc need to be told to 'ask for auth but permit anonymous'
   on the .bzr/smart url
 - bzr then needs to check for auth details and disable writing if they
   are absent
 - bzr the client needs to know to try again after auth is requested
   without auth

One way to approach this:

We can make this better by defining an explicit anonymous resource -
e.g.
  .bzr/smart-readonly

Then, the following should be decent:
 - if we know we're not writing, try for .bzr/smart-readonly
 - if we don't know whether we're writing or not, try for .bzr/smart
   - if we don't have the correct credentials, fall back to -readonly,
   - which will fail cleanlyish if we do try to write.

Users wanting anonymous servers do:
 - setup wsgi on smart-readonly, no auth

Users wanting writable authenticated only do:
 - setup smart only

Users wanting all users authenticated, but some read and some write
 - setup smart and smart-readonly, but both with auth.

This isn't entirely satisfactory for permission control, as its not fine
grained.

A better approach:
Extend the smart server to be able to inform apache/bzr that the current
user has been denied access to do what they want.

Then:
 - .bzr/smart with no http credentials gets readonly
 - attempts to write trigger some auth-needed codepath (perhaps simply
   by the bzr client interpreting readonly errors as 'you need to
   authenticate'
 - apache needs to be configured with a user database but no requirement
   for authentication.

I suspect the latter approach is better.

--