(bug 39184) LDAP password leakage

Allow AuthPlugin to determine if user passwords should be stored
locally.

* Released as part of 1.20wmf10, 1.19.2, 1.18.5

Change-Id: Ie41bed7ecf5390f8815128c227bae371880a6058

diff --git a/includes/AuthPlugin.php b/includes/AuthPlugin.php
index c7fcf93..2e42439 100644 (file)
--- a/includes/AuthPlugin.php
+++ b/includes/AuthPlugin.php
@@ -176,6 +176,15 @@ class AuthPlugin {
                return true;
        }
 
+       /**
+        * Should MediaWiki store passwords in its local database?
+        *
+        * @return bool
+        */
+       public function allowSetLocalPassword() {
+               return true;
+       }
+
        /**
         * Set the given password in the authentication database.
         * As a special case, the password may be set to null to request

diff --git a/includes/User.php b/includes/User.php
index 13748de..0a3db4c 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -2891,11 +2891,16 @@ class User {
         * @todo Only rarely do all these fields need to be set!
         */
        public function saveSettings() {
+               global $wgAuth;
+
                $this->load();
                if ( wfReadOnly() ) { return; }
                if ( 0 == $this->mId ) { return; }
 
                $this->mTouched = self::newTouchedTimestamp();
+               if ( !$wgAuth->allowSetLocalPassword() ) {
+                       $this->mPassword = '';
+               }
 
                $dbw = wfGetDB( DB_MASTER );
                $dbw->update( 'user',