Struct libzmq::auth::AuthClient

pub struct AuthClient { /* fields omitted */ }

A client to configure the AuthServer.

There can be multiple AuthClient associated with the same AuthServer.

Example

use libzmq::{prelude::*, auth::*, *};
use std::{time::Duration, convert::TryInto};

let server_cert = CurveCert::new_unique();
let client_cert = CurveCert::new_unique();

let addr: TcpAddr = "127.0.0.1:*".try_into()?;

let server_creds = CurveServerCreds {
    secret: server_cert.secret().to_owned(),
};

// Creates a server using the `CurveServer` mechanism. Since `CURVE`
// authentication is enabled by default, only sockets whose public key
// is in the whitelist will be allowed to connect.
let server = ServerBuilder::new()
    .bind(&addr)
    .mechanism(server_creds)
    .recv_timeout(Duration::from_millis(200))
    .build()?;

// We need to add the client's public key to the whitelist to be able to
// connect to the server.
let auth = AuthClient::new()?;
auth.add_curve_key(client_cert.public())?;

let bound = server.last_endpoint()?;

let client_creds = CurveClientCreds {
    client: client_cert,
    server: server_cert.public().to_owned(),
};

// Creates a server using the `CurveServer` mechanism. Since `CURVE`
let client = ClientBuilder::new()
    .mechanism(client_creds)
    .connect(bound)
    .build()?;

// The handshake is successfull so we can now send and receive messages.
client.send("").unwrap();
server.recv_msg().unwrap();

Methods

impl AuthClient

pub fn new() -> Result<Self, Error>

Create a AuthClient connected to AuthServer associated with the default global Ctx.

pub fn with_ctx<C>(ctx: C) -> Result<Self, Error> where
    C: Into<Ctx>, 

Create a AuthClient connected to AuthServer associated with the give Ctx.

pub fn add_blacklist<I>(&self, ip: I) -> Result<(), Error> where
    I: Into<IpAddr>, 

Add the ip to the AuthServer's blacklist.

Blacklisted ips will be denied access.

pub fn remove_blacklist<I>(&self, ip: I) -> Result<(), Error> where
    I: Into<IpAddr>, 

Remove the ip from the AuthServer's blacklist, if it is present.

pub fn add_whitelist<I>(&self, ip: I) -> Result<(), Error> where
    I: Into<IpAddr>, 

Add the ip to the AuthServer's whitelist.

If the whitelist is not empty, only ips in present in the whitelist are allowed. The whitelist takes precedence over the blacklist.

pub fn remove_whitelist<I>(&self, ip: I) -> Result<(), Error> where
    I: Into<IpAddr>, 

Remove the ip from the AuthServer's whitelist, if it is present.

pub fn add_plain_creds<C>(&self, creds: C) -> Result<(), Error> where
    C: Into<PlainClientCreds>, 

Add the plain client's credentials to the AuthServer's whitelist.

Only credentials present in the whitelist can successfully authenticate.

pub fn remove_plain_creds<S>(&self, username: S) -> Result<(), Error> where
    S: Into<String>, 

Remove the username's credentials from the AuthServer's whitelist if they exist.

pub fn add_curve_key<K>(&self, key: K) -> Result<(), Error> where
    K: Into<CurveKey>, 

Add the given public CurveKey to the whitelist.

Only public keys present in the whitelist are allowed to authenticate via the CURVE mechanism.

pub fn remove_curve_cert<K>(&self, key: K) -> Result<(), Error> where
    K: Into<CurveKey>, 

Remove the given public CurveKey from the AuthServer's store if it is present.

pub fn set_curve_auth(&self, enabled: bool) -> Result<(), Error>

Sets whether to use authentication for the CURVE mechanism.

If it is set to true, then only sockets whose public key is present in the whitelist will be allowed to authenticate. Otherwise all sockets authenticate successfully.