+#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
+ if (cfg->use_s4u2proxy) {
+ cred_usage = GSS_C_BOTH;
+ }
+ if (cfg->cred_store) {
+ maj = gss_acquire_cred_from(&min, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET, cred_usage,
+ cfg->cred_store, &acquired_cred,
+ NULL, NULL);
+ if (GSS_ERROR(maj)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req, "%s",
+ mag_error(req, "gss_acquire_cred_from() failed",
+ maj, min));
+ goto done;
+ }
+ }
+#endif
+
+ if (is_basic) {
+ if (!acquired_cred) {
+ /* Try to acquire default creds */
+ maj = gss_acquire_cred(&min, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET, cred_usage,
+ &acquired_cred, NULL, NULL);
+ if (GSS_ERROR(maj)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req,
+ "%s", mag_error(req, "gss_acquire_cred_from()"
+ " failed", maj, min));
+ goto done;
+ }
+ }
+ maj = gss_inquire_cred(&min, acquired_cred, &server,
+ NULL, NULL, NULL);
+ if (GSS_ERROR(maj)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req,
+ "%s", mag_error(req, "gss_inquired_cred_() "
+ "failed", maj, min));
+ goto done;
+ }
+ /* output and input are inverted here, this is intentional */
+ maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
+ GSS_C_NO_OID, 0, 300,
+ GSS_C_NO_CHANNEL_BINDINGS, &output,
+ NULL, &input, NULL, NULL);
+ if (GSS_ERROR(maj)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req,
+ "%s", mag_error(req, "gss_init_sec_context() "
+ "failed", maj, min));
+ goto done;
+ }
+ }
+
+ maj = gss_accept_sec_context(&min, pctx, acquired_cred,