From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 15 Aug 2025 05:36:11 +0000 (+1200)
Subject: py:key_credential_list: add kcl_in_list function
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=df0cf2556f39ff5062e052ae020fb031c76fd222;p=thirdparty%2Fsamba.git

py:key_credential_list: add kcl_in_list function

This compares the key material and DN of a KeyCredentialLinkDn with a
list of others, which is a different sense of equality than the
default (which considers GUIDs and binary equality).

This will be used by samba-tool to check whether a link is in fact a
duplicate even if it seems not to be due to some insignificant field
being non-identical.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/python/samba/key_credential_link.py b/python/samba/key_credential_link.py
index 64bca98b946..7193e0ddda2 100644
--- a/python/samba/key_credential_link.py
+++ b/python/samba/key_credential_link.py
@@ -339,3 +339,16 @@ def create_key_credential_link(samdb: SamDB,
 
     k = KeyCredentialLinkDn.from_bytes_and_dn(samdb, kcl_bytes, target)
     return k
+
+def kcl_in_list(kcl: KeyCredentialLinkDn, others: Iterable[KeyCredentialLinkDn]):
+    """True if kcl is in the list, otherwise False, disregarding
+    everything except key material and DN for the comparison.
+    """
+    # this helps us avoid duplicate key credential links, which are
+    # otherwise disallowed only if all fields are identical, but which
+    # are generally useless.
+    km = kcl.key_material()
+    for other in others:
+        if km == other.key_material() and kcl.dn == other.dn:
+            return True
+    return False