Set Acct-Session-Id from os_get_random() instead of os_get_time()

So that systems with bad clocks will send random session IDs,
instead of always ones starting at the same second.

If os_get_random() isn't available, use os_get_time(). But also
mix in now.tv_usec, so that the accounting session ID is more
likely to be globally and temporally unique.

Signed-off-by: Alan DeKok <aland@freeradius.org>

src/ap/accounting.c

@@ -459,10 +459,14 @@ int accounting_init(struct hostapd_data *hapd)
 {
 	struct os_time now;
 
-	/* Acct-Session-Id should be unique over reboots. If reliable clock is
-	 * not available, this could be replaced with reboot counter, etc. */
+	/* Acct-Session-Id should be unique over reboots. Using a random number
+	 * is preferred. If that is not available, take the current time. Mix
+	 * in microseconds to make this more likely to be unique. */
 	os_get_time(&now);
-	hapd->acct_session_id_hi = now.sec;
+	if (os_get_random((u8 *) &hapd->acct_session_id_hi,
+			  sizeof(hapd->acct_session_id_hi)) < 0)
+		hapd->acct_session_id_hi = now.sec;
+	hapd->acct_session_id_hi ^= now.usec;
 
 	if (radius_client_register(hapd->radius, RADIUS_ACCT,
 				   accounting_receive, hapd))