FreeRADIUS InkBridge

The if Statement

Syntax
if <condition> {
    [ statements ]
}
Description

The if statement evaluates a condition. When the <condition> evaluates to true, the statements within the subsection are executed. When the <condition> evaluates to false, those statements are skipped.

An if statement can optionally be followed by an else or an elsif statement.

Example
if (User-Name == "bob") {
    reject
}

Expansions in an "if" condition

An if condition may contain a dynamic expansion, such as a call to the SQL module in the following example:

Example of Dynamic Expansion in Condition
if %sql("SELECT reply_message FROM users where username = '%{User-Name}'") {
    reject
}

Unlike a simple check as with if 1==2, this dynamic expansion may fail. This failure can happen when the SQL database is unreachable, for example. Different failures are possible for different functions.

When a dynamic expansion fails, and if statement is followed by a trailing else or elsif statement, then if condition is treated as "false", and the else or `elsif statement is processed.

Otherwise, the failed if statement returns the fail rcode, which is processed according to the rules for the current section.

This distinction between "condition which evaluates to `false`" and "condition which fails to be processed" allow policies to distinguish those two cases.

In previous versions of the server, a failed dynamic expansion was treated as a condition which returned false, which was not always optimal.

Practical Suggestions

There are a number of practical suggestions which make it easier to work with conditions.

Brackets are usually optional.

There is no need to put brackets around a <condition>. The following two examples work identically:

Example With Brackets
if (User-Name == "bob") {
    reject
}

And without:

Example Without Brackes
if User-Name == "bob" {
    reject
}

The same behavior applies to conditions with complex statements using & and ||. So long as the text between the if and the { is a valid condition, it will be parsed correctly.

Multi-line conditions

A <condition> can span multiple lines. There is no need to use \\ at the end of a line. The following condition is valid:

Example With Brackets
if (User-Name ==
     "bob") {
    reject
}

Actions

The last entry in an if section can also be an actions subsection.