socks_sspi.c: further cleanup

  ssize_t written;

  int result;

  /* Needs GSSAPI authentication */

  SECURITY_STATUS sspi_status;

  SECURITY_STATUS status;

  unsigned long sspi_ret_flags = 0;

  int gss_enc;

  SecBuffer sspi_send_token, sspi_recv_token, sspi_w_token[3];

  cred_handle.dwLower = 0;

  cred_handle.dwUpper = 0;

  sspi_status = s_pSecFn->AcquireCredentialsHandleA( NULL,

  status = s_pSecFn->AcquireCredentialsHandleA(NULL,

                                               (char *)"Kerberos",

                                               SECPKG_CRED_OUTBOUND,

                                               NULL,

                                               &cred_handle,

                                               &expiry);

  if(check_sspi_err(conn, sspi_status, "AcquireCredentialsHandleA")) {

  if(check_sspi_err(conn, status, "AcquireCredentialsHandleA")) {

    failf(data, "Failed to acquire credentials.");

    free(service_name);

    service_name=NULL;

    Curl_safefree(service_name);

    s_pSecFn->FreeCredentialsHandle(&cred_handle);

    return CURLE_COULDNT_CONNECT;

  }

  /* errors, keep sending it...                                            */

  for(;;) {

    sspi_status = s_pSecFn->InitializeSecurityContextA(

                                    &cred_handle,

    status = s_pSecFn->InitializeSecurityContextA(&cred_handle,

                                                  context_handle,

                                                  service_name,

                                                  ISC_REQ_MUTUAL_AUTH |

      sspi_recv_token.cbBuffer = 0;

    }

    if(check_sspi_err(conn, sspi_status, "InitializeSecurityContextA")) {

      free(service_name);

      service_name=NULL;

    if(check_sspi_err(conn, status, "InitializeSecurityContextA")) {

      Curl_safefree(service_name);

      s_pSecFn->FreeCredentialsHandle(&cred_handle);

      s_pSecFn->DeleteSecurityContext(&sspi_context);

      s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);

      code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);

      if((code != CURLE_OK) || (4 != written)) {

        failf(data, "Failed to send SSPI authentication request.");

        free(service_name);

        service_name=NULL;

        Curl_safefree(service_name);

        s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);

        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);

        s_pSecFn->FreeCredentialsHandle(&cred_handle);

                              sspi_send_token.cbBuffer, &written);

      if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {

        failf(data, "Failed to send SSPI authentication token.");

        free(service_name);

        service_name=NULL;

        Curl_safefree(service_name);

        s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);

        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);

        s_pSecFn->FreeCredentialsHandle(&cred_handle);

    s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);

    sspi_recv_token.pvBuffer = NULL;

    sspi_recv_token.cbBuffer = 0;

    if(sspi_status != SEC_I_CONTINUE_NEEDED) break;

    if(status != SEC_I_CONTINUE_NEEDED)

      break;

    /* analyse response */

    result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);

    if(result != CURLE_OK || actualread != 4) {

      failf(data, "Failed to receive SSPI authentication response.");

      free(service_name);

      service_name=NULL;

      Curl_safefree(service_name);

      s_pSecFn->FreeCredentialsHandle(&cred_handle);

      s_pSecFn->DeleteSecurityContext(&sspi_context);

      return CURLE_COULDNT_CONNECT;

    if(socksreq[1] == 255) { /* status / message type */

      failf(data, "User was rejected by the SOCKS5 server (%d %d).",

            socksreq[0], socksreq[1]);

      free(service_name);

      service_name=NULL;

      Curl_safefree(service_name);

      s_pSecFn->FreeCredentialsHandle(&cred_handle);

      s_pSecFn->DeleteSecurityContext(&sspi_context);

      return CURLE_COULDNT_CONNECT;

    if(socksreq[1] != 1) { /* status / messgae type */

      failf(data, "Invalid SSPI authentication response type (%d %d).",

            socksreq[0], socksreq[1]);

      free(service_name);

      service_name=NULL;

      Curl_safefree(service_name);

      s_pSecFn->FreeCredentialsHandle(&cred_handle);

      s_pSecFn->DeleteSecurityContext(&sspi_context);

      return CURLE_COULDNT_CONNECT;

    sspi_recv_token.pvBuffer = malloc(us_length);

    if(!sspi_recv_token.pvBuffer) {

      free(service_name);

      service_name=NULL;

      Curl_safefree(service_name);

      s_pSecFn->FreeCredentialsHandle(&cred_handle);

      s_pSecFn->DeleteSecurityContext(&sspi_context);

      return CURLE_OUT_OF_MEMORY;

    if(result != CURLE_OK || actualread != us_length) {

      failf(data, "Failed to receive SSPI authentication token.");

      free(service_name);

      service_name=NULL;

      Curl_safefree(service_name);

      s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);

      s_pSecFn->FreeCredentialsHandle(&cred_handle);

      s_pSecFn->DeleteSecurityContext(&sspi_context);

    context_handle = &sspi_context;

  }

  free(service_name);

  service_name=NULL;

  Curl_safefree(service_name);

  /* Everything is good so far, user was authenticated! */

  sspi_status = s_pSecFn->QueryCredentialsAttributes( &cred_handle,

  status = s_pSecFn->QueryCredentialsAttributes(&cred_handle,

                                                SECPKG_CRED_ATTR_NAMES,

                                                &names);

  s_pSecFn->FreeCredentialsHandle(&cred_handle);

  if(check_sspi_err(conn, sspi_status, "QueryCredentialAttributes")) {

  if(check_sspi_err(conn, status, "QueryCredentialAttributes")) {

    s_pSecFn->DeleteSecurityContext(&sspi_context);

    s_pSecFn->FreeContextBuffer(names.sUserName);

    failf(data, "Failed to determine user name.");

    memcpy(socksreq+2, &us_length, sizeof(short));

  }

  else {

    sspi_status = s_pSecFn->QueryContextAttributesA( &sspi_context,

    status = s_pSecFn->QueryContextAttributesA(&sspi_context,

                                               SECPKG_ATTR_SIZES,

                                               &sspi_sizes);

    if(check_sspi_err(conn, sspi_status, "QueryContextAttributesA")) {

    if(check_sspi_err(conn, status, "QueryContextAttributesA")) {

      s_pSecFn->DeleteSecurityContext(&sspi_context);

      failf(data, "Failed to query security context attributes.");

      return CURLE_COULDNT_CONNECT;

      s_pSecFn->DeleteSecurityContext(&sspi_context);

      return CURLE_OUT_OF_MEMORY;

    }

    sspi_status = s_pSecFn->EncryptMessage( &sspi_context,

    status = s_pSecFn->EncryptMessage(&sspi_context,

                                      KERB_WRAP_NO_ENCRYPT,

                                      &wrap_desc,

                                      0);

    if(check_sspi_err(conn, sspi_status, "EncryptMessage")) {

    if(check_sspi_err(conn, status, "EncryptMessage")) {

      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);

      s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);

      s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer);

    sspi_w_token[1].cbBuffer = 0;

    sspi_w_token[1].pvBuffer = NULL;

    sspi_status = s_pSecFn->DecryptMessage( &sspi_context,

    status = s_pSecFn->DecryptMessage(&sspi_context,

                                      &wrap_desc,

                                      0,

                                      &qop);

    if(check_sspi_err(conn, sspi_status, "DecryptMessage")) {

    if(check_sspi_err(conn, status, "DecryptMessage")) {

      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);

      s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);

      s_pSecFn->DeleteSecurityContext(&sspi_context);