Merge remote-tracking branch 'origin/topic/awelzel/spicy-ldap-krb-wrap-tokens'

* origin/topic/awelzel/spicy-ldap-krb-wrap-tokens:
  ldap: Remove MessageWrapper with magic 0x30 searching
  ldap: Harden parsing a bit
  ldap: Handle integrity-only KRB wrap tokens

(cherry picked from commit 2ea3a651bd)

testing/btest/Baseline/scripts.base.protocols.ldap.sasl-signed-clear/conn.log

@@ -0,0 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	count	string	count	count	count	count	set[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	tcp	ldap_tcp	63.273503	3963	400107	OTH	0	Dd	12	2595	282	411387	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.199.2.121	59355	10.199.2.111	389	tcp	ldap_tcp	0.007979	2630	3327	OTH	0	Dd	6	990	6	3567	-
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	10.199.2.121	59356	10.199.2.111	389	tcp	ldap_tcp	0.001925	2183	3436	OTH	0	Dd	4	463	5	3636	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.ldap.sasl-signed-clear/ldap.log

@@ -0,0 +1,15 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ldap
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	version	opcode	result	diagnostic_message	object	argument
+#types	time	string	addr	port	addr	port	int	int	string	string	string	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	3	3	bind SASL	success	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.199.2.121	59355	10.199.2.111	389	3	3	bind SASL	success	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	10.199.2.121	59356	10.199.2.111	389	9	3	bind SASL	success	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	10.199.2.121	59356	10.199.2.111	389	12	-	unbind	-	-	-	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.199.2.121	59355	10.199.2.111	389	13	-	unbind	-	-	-	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.ldap.sasl-signed-clear/ldap_search.log

@@ -0,0 +1,27 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ldap_search
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	scope	deref_aliases	base_object	result_count	result	diagnostic_message	filter	attributes
+#types	time	string	addr	port	addr	port	int	string	string	string	count	string	string	string	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	1	base	never	-	1	success	-	(objectclass=*)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	4	base	never	-	1	success	-	(objectClass=*)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	5	base	never	CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=DMC,DC=local	1	success	-	(objectClass=*)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	6	base	never	-	1	success	-	(objectClass=*)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	7	tree	never	CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=DMC,DC=local	2	success	-	(objectCategory=pKIEnrollmentService)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	8	base	never	-	1	success	-	(objectClass=*)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	9	base	never	CN=Schema,CN=Configuration,DC=DMC,DC=local	1	success	-	(objectClass=dMD)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	10	base	never	CN=Schema,CN=Configuration,DC=DMC,DC=local	1	success	-	(objectClass=dMD)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	11	base	never	CN=Aggregate,CN=Schema,CN=Configuration,DC=DMC,DC=local	1	success	-	(objectClass=*)	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.199.2.121	59355	10.199.2.111	389	1	base	never	-	1	success	-	(objectclass=*)	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.199.2.121	59355	10.199.2.111	389	4	base	never	CN=WS01,CN=Computers,DC=DMC,DC=local	1	success	-	(objectclass=*)	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.199.2.121	59355	10.199.2.111	389	5	base	never	CN=WS01,CN=Computers,DC=DMC,DC=local	1	success	-	(objectclass=*)	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.199.2.121	59355	10.199.2.111	389	6	base	never	CN=WS01,CN=Computers,DC=DMC,DC=local	1	success	-	(objectclass=*)	-
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	10.199.2.121	59356	10.199.2.111	389	10	base	never	-	1	success	-	(ObjectClass=*)	-
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	10.199.2.121	59356	10.199.2.111	389	11	base	never	CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=services,CN=Configuration,DC=DMC,DC=local	0	no such object	0000208D: NameErr: DSID-0310028B, problem 2001 (NO_OBJECT), data 0, best match of:??'CN=Services,CN=Configuration,DC=DMC,DC=local'??	(ObjectClass=*)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	12	base	never	CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=DMC,DC=local	1	success	-	(objectClass=*)	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.199.2.121	59327	10.199.2.111	389	13	tree	never	CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=DMC,DC=local	38	success	-	(objectclass=pKICertificateTemplate)	-
+#close XXXX-XX-XX-XX-XX-XX