s4:kdc: let samba_kdc_update_pac() always call samba_kdc_get_upn_info_blob()

There's no reason not to regenerate it, it makes the code more
consistent.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

source4/kdc/pac-glue.c

@@ -2867,28 +2867,26 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	if (samba_krb5_pac_is_trusted(client)) {
-		nt_status = samba_kdc_get_upn_info_blob(tmp_ctx,
-							user_info_dc_const,
-							&upn_blob);
+	nt_status = samba_kdc_get_upn_info_blob(tmp_ctx,
+						user_info_dc_const,
+						&upn_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DBG_ERR("samba_kdc_get_upn_info_blob failed: %s\n",
+			nt_errstr(nt_status));
+		code = KRB5KDC_ERR_TGT_REVOKED;
+		goto done;
+	}
+
+	if (!samba_krb5_pac_is_trusted(client) && is_tgs) {
+		nt_status = samba_kdc_get_requester_sid_blob(tmp_ctx,
+							     user_info_dc_const,
+							     &requester_sid_blob);
 		if (!NT_STATUS_IS_OK(nt_status)) {
-			DBG_ERR("samba_kdc_get_upn_info_blob failed: %s\n",
+			DBG_ERR("samba_kdc_get_requester_sid_blob failed: %s\n",
 				nt_errstr(nt_status));
 			code = KRB5KDC_ERR_TGT_REVOKED;
 			goto done;
 		}
-
-		if (is_tgs) {
-			nt_status = samba_kdc_get_requester_sid_blob(tmp_ctx,
-								     user_info_dc_const,
-								     &requester_sid_blob);
-			if (!NT_STATUS_IS_OK(nt_status)) {
-				DBG_ERR("samba_kdc_get_requester_sid_blob failed: %s\n",
-					nt_errstr(nt_status));
-				code = KRB5KDC_ERR_TGT_REVOKED;
-				goto done;
-			}
-		}
 	}
 
 	if (regenerate_client_claims) {