Merge pull request #39 from LarryLaffer-dev/auth_aka_cluster

auth: Update CacheDB handling for AV state management and logging

Author: LarryLaffer-dev

modules/auth_aka/aka_av_mgm.c

@@ -801,10 +801,9 @@ int aka_av_add(str *pub_id, str *priv_id, int algmask,
 	ret = 1;
 	LM_DBG("adding av %p\n", av);
 
-	/* Store AV in CacheDB for cross-node synchronization */
-	if (aka_cdb_store_av(pub_id, priv_id, av) < 0) {
-		LM_WARN("failed to store AV in cachedb, cross-node auth may fail\n");
-	}
+	/* Note: Don't store AV in CacheDB here with state=NEW.
+	 * The AV will be stored when it's marked as USING in aka_av_get_new().
+	 * This ensures cross-node lookups always find AVs in a valid state. */
 end:
 	aka_user_release(user);
 	return ret;

modules/auth_aka/auth_aka.c

@@ -905,13 +905,17 @@ static int aka_authorize(struct sip_msg *_msg, str *_realm,
 	if (user == NULL) {
 		/* User not found locally - check CacheDB if configured */
 		if (aka_cdb && digest->nonce.len) {
-			LM_DBG("user not found locally, checking CacheDB for nonce %.*s\n",
+			LM_DBG("user not found locally, checking CacheDB for %.*s/%.*s nonce %.*s\n",
+				public_id->len, public_id->s, private_id->len, private_id->s,
 				digest->nonce.len, digest->nonce.s);
 			av = aka_cdb_fetch_av(public_id, private_id, &digest->nonce);
 			if (av) {
+				LM_DBG("AV fetched from CacheDB: state=%d algmask=%d alg=%d\n",
+					av->state, av->algmask, av->alg);
 				/* Check state - only USING or USED states are valid */
 				if (av->state != AKA_AV_USING && av->state != AKA_AV_USED) {
-					LM_DBG("AV found in CacheDB but invalid state %d\n", av->state);
+					LM_WARN("AV from CacheDB has invalid state %d (expected USING=%d or USED=%d)\n",
+						av->state, AKA_AV_USING, AKA_AV_USED);
 					shm_free(av);
 					return STALE_NONCE;
 				}