s3:smb2_server: verify the signature before the session_status

metze

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 5c757c02e09c2297fbaa5f0b0f1f70e5967f53c7..027334ce13534162390745d48b2a6826f5e26e6f 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1789,9 +1789,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 
                signing_key = x->global->channels[0].signing_key;
 
-               if (!NT_STATUS_IS_OK(session_status)) {
-                       return smbd_smb2_request_error(req, session_status);
-               }
 
                req->do_signing = true;
                status = smb2_signing_check_pdu(signing_key,
@@ -1801,6 +1798,10 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
                if (!NT_STATUS_IS_OK(status)) {
                        return smbd_smb2_request_error(req, status);
                }
+
+               if (!NT_STATUS_IS_OK(session_status)) {
+                       return smbd_smb2_request_error(req, session_status);
+               }
        } else if (opcode == SMB2_OP_CANCEL) {
                /* Cancel requests are allowed to skip the signing */
        } else if (signing_required) {