def flush_timeout_to_db(self, tup):
"""called to write the timeout on the account to the db to make sure the user
can't login in again too soon"""
currentTime = int(time.time())
if not tup:
#since the entry dosn't exist, we need to make it
sql = "INSERT INTO badlogin (escalation, timeout, username, ip, active) VALUES (%s, %s, %s, %s, true)"
timeout = currentTime
inj = (0, timeout, self.username, self.transport.getPeer().host)
else:
#update the existing entry
escalation, timeout = tup[0]
#escalate, and find the appropriate timeout
escalation= int(escalation) + 1
if escalation < 2:
timeout = currentTime
elif escalation <= 24:
timeout = currentTime + 2**escalation
else:
timeout = currentTime + 31536000 #one year
#since we are past the timeout threshold and the login failed again, we need to update the db entry
sql = "UPDATE badlogin SET escalation = %s, timeout = %s WHERE username=%s AND active = true"
inj = (escalation, timeout, username)
self.timeout = timeout
d = db.write(sql, inj)
return d
def update_db3(self, tup=None):
"""writes the relays info into the db
@return: deferred of db write (None)"""
#does the relay exist?
if not tup:
#no entry yet- need to insert row
sql = "INSERT INTO Relays (Tor_ID, Owner, Public_Key, auth_blob, Msgnum) VALUES (%s, %s, %s, %s, %s)"
inj = (self.hexId, self.username, self.n, cyborg.Binary(self.authBlob), 0)
d = db.write(sql, inj)
else:
#entry exists, need update row;
#note, the public key is tied to the hexId, so it should be imposible for one to change without the other
sql = "UPDATE Relays SET auth_blob=%s, Msgnum = %s WHERE Tor_ID = %s"
inj = (cyborg.Binary(self.authBlob), 0, self.hexId)
d = db.write(sql, inj)
return d
def update_db1(self):
"""if there was a timeout for this account, get rid of it since a valid username/pw has been supplied"""
if self.timeout:
sql = "UPDATE badlogin SET active = false WHERE Username = %s AND active = true"
inj = (self.username,)
return db.write(sql, inj)
else:
return defer.succeed(None)
def update_account(self, credit):
"""adds any money to the user's account"""
if credit > 0:
sql = "UPDATE Accounts SET Balance = Balance + %s WHERE Username = %s"
inj = (credit, self.user)
d = db.write(sql, inj)
d.addCallback(self.get_balance)
d.addCallback(self.reply)
else:
d = self.get_balance(None)
d.addCallback(self.reply)
def update_account(self, credit):
"""adds any money to the user's account"""
if credit > 0:
sql = "UPDATE Accounts SET Balance = Balance + %s WHERE Username = %s"
inj = (credit, self.user)
d = db.write(sql, inj)
d.addCallback(self.get_balance)
d.addCallback(self.reply)
else:
d = self.get_balance(None)
d.addCallback(self.reply)
def update_account(self, tup):
"""checks to see if the user has enough money to pay for the acoin signature,
though this should be a db constraint-
attempts to deduct the value from the user's account"""
assert len(tup) == 1
balance = int(tup[0][0])
proposedBalance = balance - self.bill
if proposedBalance >= 0:
sql = "UPDATE Accounts SET Balance = %s WHERE Username = %s"
inj = (proposedBalance, self.user)
d = db.write(sql, inj)
d.addCallback(self.send_reply, True, proposedBalance, balance)
return
else:
self.send_reply(None, False, proposedBalance, balance)
def update_account(self, tup):
"""checks to see if the user has enough money to pay for the acoin signature,
though this should be a db constraint-
attempts to deduct the value from the user's account"""
assert len(tup) == 1
balance = int(tup[0][0])
proposedBalance = balance - self.bill
if proposedBalance >= 0:
sql = "UPDATE Accounts SET Balance = %s WHERE Username = %s"
inj = (proposedBalance, self.user)
d = db.write(sql, inj)
d.addCallback(self.send_reply, True, proposedBalance, balance)
return
else:
self.send_reply(None, False, proposedBalance, balance)
def update_db(self, blob):
"""utility function that updates verifies the nonce in the msg and then updates the nonce in the db"""
protocol, blob = Basic.read_byte(blob)
if protocol is not 1:
raise Exception('change protocol')
msgNum, blob = Basic.read_short(blob)
#the msgNum is a nonce to prevent replay attacks-
#the client always increases it by one, we just check that it is bigger
if msgNum > self.previousMsgnum:
#update the msgnum in the db to be this msgnum of course -
#not generally threadsafe
sql = "UPDATE Relays SET Msgnum = %s WHERE tor_id = %s"
inj = (msgNum, self.hexId)
d = db.write(sql, inj)
else:
raise Exception('replay attack or something')
return blob
def update_db(self, blob):
"""utility function that updates verifies the nonce in the msg and then updates the nonce in the db"""
protocol, blob = Basic.read_byte(blob)
if protocol is not 1:
raise Exception('change protocol')
msgNum, blob = Basic.read_short(blob)
#the msgNum is a nonce to prevent replay attacks-
#the client always increases it by one, we just check that it is bigger
if msgNum > self.previousMsgnum:
#update the msgnum in the db to be this msgnum of course -
#not generally threadsafe
sql = "UPDATE Relays SET Msgnum = %s WHERE tor_id = %s"
inj = (msgNum, self.hexId)
d = db.write(sql, inj)
else:
raise Exception('replay attack or something')
return blob
"""
import Crypto.Hash.SHA256
from serverCommon import db
import psycopg2 as cyborg
def hashify(username, pw):
"""hashes the pw with a salt of the username"""
print username, pw
h = Crypto.Hash.SHA256.new(username)
h.update(pw) #take salted hash
return(h.digest())
print "you will need to close anything with an open connection (ie apache) to the database to change table structures!"
sql = 'alter table accounts add column hash bytea'
db.write(sql)
sql = "Select username, password from accounts"
a = db.read(sql, tup = None, fetch='fetchall')
tup=[]
sql = []
for item in a:
username = item[0]
pw = item[1]
pw = hashify(username, pw)
sql.append("update accounts set hash = %s where username = %s")
tup.append((cyborg.Binary(pw), username))
print "writing"
db.write(sql, tup)
