+ *ccachefile = ccname;
+}
+#endif
+
+static bool parse_auth_header(apr_pool_t *pool, const char **auth_header,
+ gss_buffer_t value)
+{
+ char *auth_header_value;
+
+ auth_header_value = ap_getword_white(pool, auth_header);
+ if (!auth_header_value) return false;
+ value->length = apr_base64_decode_len(auth_header_value) + 1;
+ value->value = apr_pcalloc(pool, value->length);
+ if (!value->value) return false;
+ value->length = apr_base64_decode(value->value, auth_header_value);
+
+ return true;
+}
+
+static bool is_mech_allowed(struct mag_config *cfg, gss_const_OID mech)
+{
+ if (cfg->allowed_mechs == GSS_C_NO_OID_SET) return true;
+
+ for (int i = 0; i < cfg->allowed_mechs->count; i++) {
+ if (gss_oid_equal(&cfg->allowed_mechs->elements[i], mech)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+#define AUTH_TYPE_NEGOTIATE 0
+#define AUTH_TYPE_BASIC 1
+#define AUTH_TYPE_RAW_NTLM 2
+const char *auth_types[] = {
+ "Negotiate",
+ "Basic",
+ "NTLM",
+ NULL
+};
+
+static void mag_set_req_data(request_rec *req,
+ struct mag_config *cfg,
+ struct mag_conn *mc)
+{
+ apr_table_set(req->subprocess_env, "GSS_NAME", mc->gss_name);
+ apr_table_set(req->subprocess_env, "GSS_SESSION_EXPIRATION",
+ apr_psprintf(req->pool,
+ "%ld", (long)mc->expiration));
+ req->ap_auth_type = apr_pstrdup(req->pool,
+ auth_types[mc->auth_type]);
+ req->user = apr_pstrdup(req->pool, mc->user_name);
+ if (cfg->deleg_ccache_dir && mc->delegated) {
+ char *ccname;
+ ccname = mag_gss_name_to_ccache_name(req,
+ cfg->deleg_ccache_dir,
+ mc->gss_name);
+ if (ccname) {
+ mag_set_KRB5CCANME(req, ccname);
+ }
+ }