Set Acct-Session-Id from os_get_random() instead of os_get_time()

So that systems with bad clocks will send random session IDs,
instead of always ones starting at the same second.

If os_get_random() isn't available, use os_get_time(). But also
mix in now.tv_usec, so that the accounting session ID is more
likely to be globally and temporally unique.

Signed-off-by: Alan DeKok <aland@freeradius.org>

diff --git a/src/ap/accounting.c b/src/ap/accounting.c
index 7c55146..3312034 100644 (file)
--- a/src/ap/accounting.c
+++ b/src/ap/accounting.c
@@ -459,10 +459,14 @@ int accounting_init(struct hostapd_data *hapd)
 {
        struct os_time now;
 
-       /* Acct-Session-Id should be unique over reboots. If reliable clock is
-        * not available, this could be replaced with reboot counter, etc. */
+       /* Acct-Session-Id should be unique over reboots. Using a random number
+        * is preferred. If that is not available, take the current time. Mix
+        * in microseconds to make this more likely to be unique. */
        os_get_time(&now);
-       hapd->acct_session_id_hi = now.sec;
+       if (os_get_random((u8 *) &hapd->acct_session_id_hi,
+                         sizeof(hapd->acct_session_id_hi)) < 0)
+               hapd->acct_session_id_hi = now.sec;
+       hapd->acct_session_id_hi ^= now.usec;
 
        if (radius_client_register(hapd->radius, RADIUS_ACCT,
                                   accounting_receive, hapd))