Add a function for making secure session tokens.

Right now it uses a SHA-1 sum of 30 random bits. I hope that's secure enough.

4 files changed, 15 insertions, 5 deletions

diff --git a/_oasis b/_oasis
index 6075221..72a06dc 100644
--- a/_oasis
+++ b/_oasis
@@ -101,7 +101,7 @@ Executable "vyconfd"
   Path: src
   MainIs: vyconfd.ml
   CompiledObject: best
-  BuildDepends: ppx_deriving.runtime, ppx_deriving_yojson.runtime, lwt, lwt.unix, lwt.ppx, toml, fileutils, ocaml-protoc, ocplib-endian, vyconf
+  BuildDepends: ppx_deriving.runtime, ppx_deriving_yojson.runtime, lwt, lwt.unix, lwt.ppx, toml, fileutils, ocaml-protoc, ocplib-endian, sha, vyconf
 
 Executable "vytree_test"
   Path: test
diff --git a/_tags b/_tags
index f10f691..0941514 100644
--- a/_tags
+++ b/_tags
@@ -1,5 +1,5 @@
 # OASIS_START
-# DO NOT EDIT (digest: 961843de21a9e59181cb630343a7c107)
+# DO NOT EDIT (digest: 47626218d7b75810502e6588e70b6c85)
 # Ignore VCS directories, you can use the same kind of rule outside
 # OASIS_START/STOP if you want to exclude directories that contains
 # useless stuff for the build process
@@ -58,6 +58,7 @@ true: annot, bin_annot
 <src/vyconfd.{native,byte}>: pkg_ocplib-endian
 <src/vyconfd.{native,byte}>: pkg_ppx_deriving.runtime
 <src/vyconfd.{native,byte}>: pkg_ppx_deriving_yojson.runtime
+<src/vyconfd.{native,byte}>: pkg_sha
 <src/vyconfd.{native,byte}>: pkg_toml
 <src/vyconfd.{native,byte}>: use_vyconf
 <src/*.ml{,i,y}>: pkg_fileutils
@@ -68,6 +69,7 @@ true: annot, bin_annot
 <src/*.ml{,i,y}>: pkg_ocplib-endian
 <src/*.ml{,i,y}>: pkg_ppx_deriving.runtime
 <src/*.ml{,i,y}>: pkg_ppx_deriving_yojson.runtime
+<src/*.ml{,i,y}>: pkg_sha
 <src/*.ml{,i,y}>: pkg_toml
 <src/*.ml{,i,y}>: use_vyconf
 # Executable vytree_test
diff --git a/setup.ml b/setup.ml
index c343339..b824045 100644
--- a/setup.ml
+++ b/setup.ml
@@ -1,7 +1,7 @@
 (* setup.ml generated for the first time by OASIS v0.4.8 *)
 
 (* OASIS_START *)
-(* DO NOT EDIT (digest: d662f8d4da0a60b09228a8655e62c2a8) *)
+(* DO NOT EDIT (digest: d101ddd9cd7b727a76e7808be5789066) *)
 (*
    Regenerated by OASIS v0.4.8
    Visit http://oasis.forge.ocamlcore.org for more information and
@@ -9435,6 +9435,7 @@ let setup_t =
                            FindlibPackage ("fileutils", None);
                            FindlibPackage ("ocaml-protoc", None);
                            FindlibPackage ("ocplib-endian", None);
+                           FindlibPackage ("sha", None);
                            InternalLibrary "vyconf"
                         ];
                       bs_build_tools = [ExternalTool "ocamlbuild"];
@@ -11341,7 +11342,7 @@ let setup_t =
        };
      oasis_fn = Some "_oasis";
      oasis_version = "0.4.8";
-     oasis_digest = Some "#Iza,I\028\140\r \250\017\0166\000C";
+     oasis_digest = Some "\145\tx\137\198B\145\133>\250a\1802\146V\t";
      oasis_exec = None;
      oasis_setup_args = [];
      setup_update = false
@@ -11349,7 +11350,7 @@ let setup_t =
 
 let setup () = BaseSetup.setup setup_t;;
 
-# 11353 "setup.ml"
+# 11354 "setup.ml"
 let setup_t = BaseCompat.Compat_0_4.adapt_setup_t setup_t
 open BaseCompat.Compat_0_4
 (* OASIS_STOP *)
diff --git a/src/vyconfd.ml b/src/vyconfd.ml
index f8dde8c..0e3340f 100644
--- a/src/vyconfd.ml
+++ b/src/vyconfd.ml
@@ -2,6 +2,9 @@ open Lwt
 open Defaults
 open Vyconf_config
 
+(* On UNIX, self_init uses /dev/random for seed *)
+let () = Random.self_init ()
+
 let () = Lwt_log.add_rule "*" Lwt_log.Info
 
 (* Default VyConf configuration *)
@@ -11,6 +14,7 @@ let log_file = ref None
 
 (* Global data *)
 
+
 (* Command line arguments *)
 let args = [
     ("--no-daemon", Arg.Unit (fun () -> daemonize := false),
@@ -23,6 +27,9 @@ let args = [
     ]
 let usage = "Usage: " ^ Sys.argv.(0) ^ " [options]"
 
+let make_session_token () =
+    Sha1.string (string_of_int (Random.bits ())) |> Sha1.to_hex
+
 let rec handle_connection ic oc () =
     let open Vyconf_pb in
     try%lwt