authpolicy: Remove sensitive data from logs
Adds an anonymizer that performs removes sensitive data from command
outputs (Samba net logs, kinit trace logs). This approach is taken
instead of regex replacements since Samba and kinit are pretty much
black boxes and finding regular expressions to match all occurances
of sensitive data in their logs would be very cumbersome and insecure
because we cannot guarantee that all code paths are hit. This
sledgehammer approach is more secure.
Also cleans up a bunch of other random places that might log
sensitive data.
CQ-DEPEND=CL:533096
BUG=chromium:732339
TEST=cros_run_unit_tests --board=amd64-generic --packages authpolicy
Change-Id: I7246387a0170c185c76ad42815dce7a336ccf3c1
Reviewed-on: https://chromium-review.googlesource.com/530828
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>
22 files changed
