+ cfg->map_to_local = on ? true : false;
+ return NULL;
+}
+
+static const char *mag_conn_ctx(cmd_parms *parms, void *mconfig, int on)
+{
+ struct mag_config *cfg = (struct mag_config *)mconfig;
+ cfg->gss_conn_ctx = on ? true : false;
+ return NULL;
+}
+
+static const char *mag_use_sess(cmd_parms *parms, void *mconfig, int on)
+{
+ struct mag_config *cfg = (struct mag_config *)mconfig;
+ cfg->use_sessions = on ? true : false;
+ return NULL;
+}
+
+static const char *mag_use_s4u2p(cmd_parms *parms, void *mconfig, int on)
+{
+ struct mag_config *cfg = (struct mag_config *)mconfig;
+ cfg->use_s4u2proxy = on ? true : false;
+
+ if (cfg->deleg_ccache_dir == NULL) {
+ cfg->deleg_ccache_dir = apr_pstrdup(parms->pool, "/tmp");
+ if (!cfg->deleg_ccache_dir) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ parms->server, "%s", "OOM setting deleg_ccache_dir.");
+ }
+ }
+ return NULL;
+}
+
+static const char *mag_sess_key(cmd_parms *parms, void *mconfig, const char *w)
+{
+ struct mag_config *cfg = (struct mag_config *)mconfig;
+ struct databuf keys;
+ unsigned char *val;
+ apr_status_t rc;
+ const char *k;
+ int l;
+
+ if (strncmp(w, "key:", 4) != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "Invalid key format, expected prefix 'key:'");
+ return NULL;
+ }
+ k = w + 4;
+
+ l = apr_base64_decode_len(k);
+ val = apr_palloc(parms->temp_pool, l);
+ if (!val) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "Failed to get memory to decode key");
+ return NULL;
+ }
+
+ keys.length = (int)apr_base64_decode_binary(val, k);
+ keys.value = (unsigned char *)val;
+
+ if (keys.length != 32) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "Invalid key lenght, expected 32 got %d", keys.length);
+ return NULL;
+ }
+
+ rc = SEAL_KEY_CREATE(cfg->pool, &cfg->mag_skey, &keys);
+ if (rc != OK) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "Failed to import sealing key!");
+ }
+ return NULL;
+}
+
+#define MAX_CRED_OPTIONS 10
+
+static const char *mag_cred_store(cmd_parms *parms, void *mconfig,
+ const char *w)
+{
+ struct mag_config *cfg = (struct mag_config *)mconfig;
+ gss_key_value_element_desc *elements;
+ uint32_t count;
+ size_t size;
+ const char *p;
+ char *value;
+ char *key;
+
+ p = strchr(w, ':');
+ if (!p) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "%s [%s]", "Invalid syntax for GssapiCredStore option", w);
+ return NULL;
+ }
+
+ key = apr_pstrndup(parms->pool, w, (p-w));
+ value = apr_pstrdup(parms->pool, p + 1);
+ if (!key || !value) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "%s", "OOM handling GssapiCredStore option");
+ return NULL;
+ }
+
+ if (!cfg->cred_store) {
+ cfg->cred_store = apr_pcalloc(parms->pool,
+ sizeof(gss_key_value_set_desc));
+ if (!cfg->cred_store) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "%s", "OOM handling GssapiCredStore option");
+ return NULL;
+ }
+ size = sizeof(gss_key_value_element_desc) * MAX_CRED_OPTIONS;
+ cfg->cred_store->elements = apr_palloc(parms->pool, size);
+ if (!cfg->cred_store->elements) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "%s", "OOM handling GssapiCredStore option");
+ }
+ }
+
+ elements = cfg->cred_store->elements;
+ count = cfg->cred_store->count;
+
+ if (count >= MAX_CRED_OPTIONS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "Too many GssapiCredStore options (MAX: %d)",
+ MAX_CRED_OPTIONS);
+ return NULL;
+ }
+ cfg->cred_store->count++;
+
+ elements[count].key = key;
+ elements[count].value = value;
+
+ return NULL;
+}
+
+static const char *mag_deleg_ccache_dir(cmd_parms *parms, void *mconfig,
+ const char *value)
+{
+ struct mag_config *cfg = (struct mag_config *)mconfig;
+
+ cfg->deleg_ccache_dir = apr_pstrdup(parms->pool, value);
+ if (!cfg->deleg_ccache_dir) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, parms->server,
+ "%s", "OOM handling GssapiDelegCcacheDir option");
+ }
+
+ return NULL;
+}
+
+static const char *mag_use_basic_auth(cmd_parms *parms, void *mconfig, int on)
+{
+ struct mag_config *cfg = (struct mag_config *)mconfig;
+
+ cfg->use_basic_auth = on ? true : false;