How to evaluate class membership with 'if' statements?

[David Sotnick]

Hi,

I have a need to be able to restrict clients from booting if their MAC
address is Apple-owned and the DHCP-Vendor-Identifier starts with "MSFT"
-- specifically Intel-based Macs running Windows.

In order to do this, I have something along these lines:

if (( substring (option vendor-class-identifier, 0, 4) = "MSFT") and (binary-to-ascii(16,8,":", substring(hardware,1,3)) = "0:16:cb" )) {
    ignore booting;
    log(info, concat("DENIED BOOT CAMP from: ", binary-to-ascii(16,8,":",substring(hardware,1,6))));
    )));
}

N.B. I used an 'if' statement instead of just using a class so that I
could get the logging to function correctly. When using a class and a
'match if...' statement, followed by a 'deny members of class', I found
the only log entry to be "No free leases".

However, I want to be able to allow some clients to get DHCP addresses,
either by group or by explicitly adding the hosts to a subclass. An
example host would look like so:

    host hybrid-test {
        option host-name "hybrid";
        ddns-hostname "hybrid";
        hardware ethernet 00:16:cb:12:34:56;
    }
    subclass "boot-campers" 1:00:16:cb:12:34:56;

With this, I can have an "allow members of boot-campers" statement, but
this is overridden by the 'no booting' statement in the if statement.

What I need is a way to check for class membership with an if statement,
something like:

if ((substring (option vendor-class-identifier, 0, 4) = "MSFT") \
and (binary-to-ascii(16,8,":", substring(hardware,1,3)) = "0:16:cb") \
and (member-of "boot-campers")) {

But I can't figure out how... Any help/suggestions appreciated!

-David