1 files changed, 7 insertions, 23 deletions

diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c
index b9c2cf7d6..0171ec52b 100644
--- a/lib/vauth/spnego_sspi.c
+++ b/lib/vauth/spnego_sspi.c
@@ -59,12 +59,6 @@ bool Curl_auth_is_spnego_supported(void)
                                               TEXT(SP_NAME_NEGOTIATE),
                                               &SecurityPackage);
 
-  /* Release the package buffer as it is not required anymore */
-  if(status == SEC_E_OK) {
-    s_pSecFn->FreeContextBuffer(SecurityPackage);
-  }
-
-
   return (status == SEC_E_OK ? TRUE : FALSE);
 }
 
@@ -113,7 +107,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
     /* We finished successfully our part of authentication, but server
      * rejected it (since we're again here). Exit with an error since we
      * can't invent anything better */
-    Curl_auth_cleanup_spnego(nego);
+    Curl_auth_spnego_cleanup(nego);
     return CURLE_LOGIN_DENIED;
   }
 
@@ -171,7 +165,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
                                          nego->p_identity, NULL, NULL,
                                          nego->credentials, &expiry);
     if(nego->status != SEC_E_OK)
-      return CURLE_AUTH_ERROR;
+      return CURLE_LOGIN_DENIED;
 
     /* Allocate our new context handle */
     nego->context = calloc(1, sizeof(CtxtHandle));
@@ -257,25 +251,14 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
     char buffer[STRERROR_LEN];
     failf(data, "InitializeSecurityContext failed: %s",
           Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
-
-    if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY)
-      return CURLE_OUT_OF_MEMORY;
-
-    return CURLE_AUTH_ERROR;
+    return CURLE_OUT_OF_MEMORY;
   }
 
   if(nego->status == SEC_I_COMPLETE_NEEDED ||
      nego->status == SEC_I_COMPLETE_AND_CONTINUE) {
     nego->status = s_pSecFn->CompleteAuthToken(nego->context, &resp_desc);
     if(GSS_ERROR(nego->status)) {
-      char buffer[STRERROR_LEN];
-      failf(data, "CompleteAuthToken failed: %s",
-            Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
-
-      if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY)
-        return CURLE_OUT_OF_MEMORY;
-
-      return CURLE_AUTH_ERROR;
+      return CURLE_RECV_ERROR;
     }
   }
 
@@ -324,7 +307,7 @@ CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
 }
 
 /*
- * Curl_auth_cleanup_spnego()
+ * Curl_auth_spnego_cleanup()
  *
  * This is used to clean up the SPNEGO (Negotiate) specific data.
  *
@@ -333,7 +316,7 @@ CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
  * nego     [in/out] - The Negotiate data struct being cleaned up.
  *
  */
-void Curl_auth_cleanup_spnego(struct negotiatedata *nego)
+void Curl_auth_spnego_cleanup(struct negotiatedata *nego)
 {
   /* Free our security context */
   if(nego->context) {
@@ -360,6 +343,7 @@ void Curl_auth_cleanup_spnego(struct negotiatedata *nego)
   /* Reset any variables */
   nego->status = 0;
   nego->token_max = 0;
+  nego->state = GSS_AUTHNONE;
   nego->noauthpersist = FALSE;
   nego->havenoauthpersist = FALSE;
   nego->havenegdata = FALSE;