From ce2a948d41287a56e7b525154efbdc7cf1ec9dfe Mon Sep 17 00:00:00 2001 From: Carsten Date: Thu, 18 Dec 2025 20:11:19 +0100 Subject: [PATCH] auth: Update CacheDB handling for AV state management and logging --- modules/auth_aka/aka_av_mgm.c | 7 +++---- modules/auth_aka/auth_aka.c | 8 ++++++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/modules/auth_aka/aka_av_mgm.c b/modules/auth_aka/aka_av_mgm.c index c92a57767d..0a8071c1ef 100644 --- a/modules/auth_aka/aka_av_mgm.c +++ b/modules/auth_aka/aka_av_mgm.c @@ -801,10 +801,9 @@ int aka_av_add(str *pub_id, str *priv_id, int algmask, ret = 1; LM_DBG("adding av %p\n", av); - /* Store AV in CacheDB for cross-node synchronization */ - if (aka_cdb_store_av(pub_id, priv_id, av) < 0) { - LM_WARN("failed to store AV in cachedb, cross-node auth may fail\n"); - } + /* Note: Don't store AV in CacheDB here with state=NEW. + * The AV will be stored when it's marked as USING in aka_av_get_new(). + * This ensures cross-node lookups always find AVs in a valid state. */ end: aka_user_release(user); return ret; diff --git a/modules/auth_aka/auth_aka.c b/modules/auth_aka/auth_aka.c index 0063f4215a..284be1aa79 100644 --- a/modules/auth_aka/auth_aka.c +++ b/modules/auth_aka/auth_aka.c @@ -905,13 +905,17 @@ static int aka_authorize(struct sip_msg *_msg, str *_realm, if (user == NULL) { /* User not found locally - check CacheDB if configured */ if (aka_cdb && digest->nonce.len) { - LM_DBG("user not found locally, checking CacheDB for nonce %.*s\n", + LM_DBG("user not found locally, checking CacheDB for %.*s/%.*s nonce %.*s\n", + public_id->len, public_id->s, private_id->len, private_id->s, digest->nonce.len, digest->nonce.s); av = aka_cdb_fetch_av(public_id, private_id, &digest->nonce); if (av) { + LM_DBG("AV fetched from CacheDB: state=%d algmask=%d alg=%d\n", + av->state, av->algmask, av->alg); /* Check state - only USING or USED states are valid */ if (av->state != AKA_AV_USING && av->state != AKA_AV_USED) { - LM_DBG("AV found in CacheDB but invalid state %d\n", av->state); + LM_WARN("AV from CacheDB has invalid state %d (expected USING=%d or USED=%d)\n", + av->state, AKA_AV_USING, AKA_AV_USED); shm_free(av); return STALE_NONCE; }