+ if (cred_usage == GSS_C_BOTH) {
+ /* reacquire server creds in order to allow delegation */
+ gss_release_cred(&min, &server_cred);
+ if (!mag_acquire_creds(req, cfg, allowed_mechs,
+ GSS_C_BOTH, &server_cred, NULL)) {
+ continue;
+ }
+ }
+
+ do {
+ /* output and input are inverted here, this is intentional */
+ maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
+ &actual_mechs->elements[i], init_flags,
+ 300, GSS_C_NO_CHANNEL_BINDINGS, &output,
+ NULL, &input, NULL, NULL);
+ if (GSS_ERROR(maj)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req,
+ "%s", mag_error(req, "gss_init_sec_context() "
+ "failed", maj, min));
+ break;
+ }
+ gss_release_buffer(&min, &output);
+ maj = gss_accept_sec_context(&min, &server_ctx, server_cred,
+ &input, GSS_C_NO_CHANNEL_BINDINGS,
+ client, mech_type, &output, NULL,
+ vtime, delegated_cred);
+ if (GSS_ERROR(maj)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req,
+ "%s", mag_error(req, "gss_accept_sec_context()"
+ " failed", maj, min));
+ break;
+ }
+ gss_release_buffer(&min, &input);
+ } while (maj == GSS_S_CONTINUE_NEEDED);
+
+ if (maj == GSS_S_COMPLETE) {
+ ret = true;
+ break;
+ }
+ }