note: privacy will not work when we have more than 1 outstanding rpcs which generates out of order replies which sspi does not allow when privacy is enabled.
adding auth_wrap() and auth_unwrap() to per-message gss token protection required adding these methods to auth_sys and auth_non.
linux server doesnt support v2 kerberos tokens that have rotated data. sspi will always produce such tokens for aes. thus thus code was only tested for v1 kerberos tokens (ie des).
(a) auth_refresh recursively calls clnt_call() which will call
clnt_vc_call() and will try to acquire a lock on the socket which we have
already acquires. thus a change to see if the thread trying to acquire the
lock is the same holding the lock.
(b) authsspi_fresh() needed to check if we were called to refresh the
context due to the error (ie 2nd argument non-null) and if so, destroy
the old context and then reacquire a new sspi context.
it seems that InitializeSecurityContext() also requires new creds as well
so after initially calling AcquireCreds() we don't need to worry about
refreshing credentials.
