s4:kdc: let samba_kdc_update_pac() always call samba_kdc_get_upn_info_blob()

There's no reason not to regenerate it, it makes the code more
consistent.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 628b1d891aa5ac0573c97d0028815a7fd24bbc8e..e19f2dd63aa1766179529756ad219fa4b6fbaec8 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -2867,28 +2867,26 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                goto done;
        }
 
-       if (samba_krb5_pac_is_trusted(client)) {
-               nt_status = samba_kdc_get_upn_info_blob(tmp_ctx,
-                                                       user_info_dc_const,
-                                                       &upn_blob);
+       nt_status = samba_kdc_get_upn_info_blob(tmp_ctx,
+                                               user_info_dc_const,
+                                               &upn_blob);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DBG_ERR("samba_kdc_get_upn_info_blob failed: %s\n",
+                       nt_errstr(nt_status));
+               code = KRB5KDC_ERR_TGT_REVOKED;
+               goto done;
+       }
+
+       if (!samba_krb5_pac_is_trusted(client) && is_tgs) {
+               nt_status = samba_kdc_get_requester_sid_blob(tmp_ctx,
+                                                            user_info_dc_const,
+                                                            &requester_sid_blob);
                if (!NT_STATUS_IS_OK(nt_status)) {
-                       DBG_ERR("samba_kdc_get_upn_info_blob failed: %s\n",
+                       DBG_ERR("samba_kdc_get_requester_sid_blob failed: %s\n",
                                nt_errstr(nt_status));
                        code = KRB5KDC_ERR_TGT_REVOKED;
                        goto done;
                }
-
-               if (is_tgs) {
-                       nt_status = samba_kdc_get_requester_sid_blob(tmp_ctx,
-                                                                    user_info_dc_const,
-                                                                    &requester_sid_blob);
-                       if (!NT_STATUS_IS_OK(nt_status)) {
-                               DBG_ERR("samba_kdc_get_requester_sid_blob failed: %s\n",
-                                       nt_errstr(nt_status));
-                               code = KRB5KDC_ERR_TGT_REVOKED;
-                               goto done;
-                       }
-               }
        }
 
        if (regenerate_client_claims) {