def flush_timeout_to_db(self, tup): """called to write the timeout on the account to the db to make sure the user can't login in again too soon""" currentTime = int(time.time()) if not tup: #since the entry dosn't exist, we need to make it sql = "INSERT INTO badlogin (escalation, timeout, username, ip, active) VALUES (%s, %s, %s, %s, true)" timeout = currentTime inj = (0, timeout, self.username, self.transport.getPeer().host) else: #update the existing entry escalation, timeout = tup[0] #escalate, and find the appropriate timeout escalation= int(escalation) + 1 if escalation < 2: timeout = currentTime elif escalation <= 24: timeout = currentTime + 2**escalation else: timeout = currentTime + 31536000 #one year #since we are past the timeout threshold and the login failed again, we need to update the db entry sql = "UPDATE badlogin SET escalation = %s, timeout = %s WHERE username=%s AND active = true" inj = (escalation, timeout, username) self.timeout = timeout d = db.write(sql, inj) return d
def update_db3(self, tup=None): """writes the relays info into the db @return: deferred of db write (None)""" #does the relay exist? if not tup: #no entry yet- need to insert row sql = "INSERT INTO Relays (Tor_ID, Owner, Public_Key, auth_blob, Msgnum) VALUES (%s, %s, %s, %s, %s)" inj = (self.hexId, self.username, self.n, cyborg.Binary(self.authBlob), 0) d = db.write(sql, inj) else: #entry exists, need update row; #note, the public key is tied to the hexId, so it should be imposible for one to change without the other sql = "UPDATE Relays SET auth_blob=%s, Msgnum = %s WHERE Tor_ID = %s" inj = (cyborg.Binary(self.authBlob), 0, self.hexId) d = db.write(sql, inj) return d
def update_db1(self): """if there was a timeout for this account, get rid of it since a valid username/pw has been supplied""" if self.timeout: sql = "UPDATE badlogin SET active = false WHERE Username = %s AND active = true" inj = (self.username,) return db.write(sql, inj) else: return defer.succeed(None)
def update_account(self, credit): """adds any money to the user's account""" if credit > 0: sql = "UPDATE Accounts SET Balance = Balance + %s WHERE Username = %s" inj = (credit, self.user) d = db.write(sql, inj) d.addCallback(self.get_balance) d.addCallback(self.reply) else: d = self.get_balance(None) d.addCallback(self.reply)
def update_account(self, tup): """checks to see if the user has enough money to pay for the acoin signature, though this should be a db constraint- attempts to deduct the value from the user's account""" assert len(tup) == 1 balance = int(tup[0][0]) proposedBalance = balance - self.bill if proposedBalance >= 0: sql = "UPDATE Accounts SET Balance = %s WHERE Username = %s" inj = (proposedBalance, self.user) d = db.write(sql, inj) d.addCallback(self.send_reply, True, proposedBalance, balance) return else: self.send_reply(None, False, proposedBalance, balance)
def update_db(self, blob): """utility function that updates verifies the nonce in the msg and then updates the nonce in the db""" protocol, blob = Basic.read_byte(blob) if protocol is not 1: raise Exception('change protocol') msgNum, blob = Basic.read_short(blob) #the msgNum is a nonce to prevent replay attacks- #the client always increases it by one, we just check that it is bigger if msgNum > self.previousMsgnum: #update the msgnum in the db to be this msgnum of course - #not generally threadsafe sql = "UPDATE Relays SET Msgnum = %s WHERE tor_id = %s" inj = (msgNum, self.hexId) d = db.write(sql, inj) else: raise Exception('replay attack or something') return blob
""" import Crypto.Hash.SHA256 from serverCommon import db import psycopg2 as cyborg def hashify(username, pw): """hashes the pw with a salt of the username""" print username, pw h = Crypto.Hash.SHA256.new(username) h.update(pw) #take salted hash return(h.digest()) print "you will need to close anything with an open connection (ie apache) to the database to change table structures!" sql = 'alter table accounts add column hash bytea' db.write(sql) sql = "Select username, password from accounts" a = db.read(sql, tup = None, fetch='fetchall') tup=[] sql = [] for item in a: username = item[0] pw = item[1] pw = hashify(username, pw) sql.append("update accounts set hash = %s where username = %s") tup.append((cyborg.Binary(pw), username)) print "writing" db.write(sql, tup)