fix(sspi): only add password and domain if they are provided

Users on windows may want to use their local account for
authentication, bypassing the need to send a password. In these
cases the password must be null, but we were sending a single
byte, null-terminated string here because of the use of
`std::string`.

NODE-1479

Author: mbroadst

src/win32/kerberos_sspi.cc

@@ -71,10 +71,16 @@ auth_sspi_client_init(WCHAR* service,
     if (*user) {
         authIdentity.User = (unsigned short*)user;
         authIdentity.UserLength = ulen;
-        authIdentity.Password = (unsigned short*)password;
-        authIdentity.PasswordLength = plen;
-        authIdentity.Domain = (unsigned short*)domain;
-        authIdentity.DomainLength = dlen;
+
+        if (*password) {
+            authIdentity.Password = (unsigned short*)password;
+            authIdentity.PasswordLength = plen;
+        }
+
+        if (*domain) {
+            authIdentity.Domain = (unsigned short*)domain;
+            authIdentity.DomainLength = dlen;
+        }
 
         authIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
     }