auth/gensec: first check GENSEC_FEATURE_SESSION_KEY before returning NOT_IMPLEMENTED

Preferr NT_STATUS_NO_USER_SESSION_KEY as return value of gensec_session_key().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index ea6286179719710699a09cf138d431b74a8a44e2..9a8f0ef15ac1ac7ed85422a7cb3e6952037138f5 100644 (file)
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -155,13 +155,14 @@ _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
                                     TALLOC_CTX *mem_ctx,
                                     DATA_BLOB *session_key)
 {
-       if (!gensec_security->ops->session_key) {
-               return NT_STATUS_NOT_IMPLEMENTED;
-       }
        if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SESSION_KEY)) {
                return NT_STATUS_NO_USER_SESSION_KEY;
        }
 
+       if (!gensec_security->ops->session_key) {
+               return NT_STATUS_NOT_IMPLEMENTED;
+       }
+
        return gensec_security->ops->session_key(gensec_security, mem_ctx, session_key);
 }