Request: Help in setting up Allow/Deny Access Control Rules based on Client ID

[nischal-subedi]

So my devices use their Serial Number as a client ID when connecting to the Mosquitto Broker. I want to setup Allow/Deny Rules where the username and client_id is checked, if client_id is available in the db table then the client should be allowed access otherwise denied.

Also depending upon the network connection medium (WIFI/CELLULAR) the devices add either a _WI or a _CE respectively at the ends of their client_id. Eg: For a device that connects via WIFI their client_id would be SERIALNUMBER_WI, similarly for a device that connects via Cellular the client_id would be SERIALNUMBER_CE.

I'm trying to figure out a SQL Query for my needs, this is what i've made until now: select distinct (d.serial || '_WI' OR d.serial || '_CE') from "public"."Mqtt_User" mu inner join "public"."Devices" d on d.serial = mu.username where mu.username = $1 and $2 = $2 limit 1;

[iegomez]

Hey! I'm sorry, but I don't understand what's the question here.

[nischal-subedi]

Hi sorry for the delayed reply.

I wanted to block access to all MQTT clients except the ones whose client_id is seeded in my database table. I went through the file postgres.go and found out that a username can be matched against a client_id.

So I just wanted to know how i should setup the ACL query so that it allows/blocks access to the MQTT Server depending upon the client_id.

[iegomez]

The plugin can't block connections, those are handled by the Mosquitto broker and then the plugin just handles authentication and authorization. You can certainly deny them auth in several ways, but that depends in your app's logic.

So, again, I don't know how I can help here and it doesn't seem to be an issue with the plugin.

[nischal-subedi]

Ah thank you for clarifying , my issue does lie seem to lie outside the plugin's scope. I'll investigate further on my end.

Appreciate your guidance!