py:key_credential_list: add kcl_in_list function

This compares the key material and DN of a KeyCredentialLinkDn with a
list of others, which is a different sense of equality than the
default (which considers GUIDs and binary equality).

This will be used by samba-tool to check whether a link is in fact a
duplicate even if it seems not to be due to some insignificant field
being non-identical.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/python/samba/key_credential_link.py b/python/samba/key_credential_link.py
index 64bca98b946951a6f5c5a9054b4c1ea34f617c62..7193e0ddda2b52323f973ee61f160844618b1729 100644 (file)
--- a/python/samba/key_credential_link.py
+++ b/python/samba/key_credential_link.py
@@ -339,3 +339,16 @@ def create_key_credential_link(samdb: SamDB,
 
     k = KeyCredentialLinkDn.from_bytes_and_dn(samdb, kcl_bytes, target)
     return k
+
+def kcl_in_list(kcl: KeyCredentialLinkDn, others: Iterable[KeyCredentialLinkDn]):
+    """True if kcl is in the list, otherwise False, disregarding
+    everything except key material and DN for the comparison.
+    """
+    # this helps us avoid duplicate key credential links, which are
+    # otherwise disallowed only if all fields are identical, but which
+    # are generally useless.
+    km = kcl.key_material()
+    for other in others:
+        if km == other.key_material() and kcl.dn == other.dn:
+            return True
+    return False