Mercurial > hg > orthanc
comparison OrthancServer/Sources/main.cpp @ 4646:4beebbb3636e
Fix regression in the handling of "DicomCheckModalityHost" configuration option
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Wed, 28 Apr 2021 17:50:26 +0200 |
| parents | 66109d24d26e |
| children | e915102093de |
comparison
equal
deleted
inserted
replaced
| 4645:1f90fe0fa13f | 4646:4beebbb3636e |
|---|---|
| 322 OrthancConfiguration::ReaderLock lock; | 322 OrthancConfiguration::ReaderLock lock; |
| 323 return lock.GetConfiguration().IsKnownAETitle(remoteAet, remoteIp); | 323 return lock.GetConfiguration().IsKnownAETitle(remoteAet, remoteIp); |
| 324 } | 324 } |
| 325 } | 325 } |
| 326 | 326 |
| 327 static void ReportDisallowedCommand(const std::string& remoteIp, | |
| 328 const std::string& remoteAet, | |
| 329 DicomRequestType type) | |
| 330 { | |
| 331 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet | |
| 332 << " on IP " << remoteIp << ": The DICOM command " | |
| 333 << EnumerationToString(type) << " is not allowed for this modality " | |
| 334 << "according to configuration option \"DicomModalities\""; | |
| 335 } | |
| 336 | |
| 337 | |
| 327 virtual bool IsAllowedRequest(const std::string& remoteIp, | 338 virtual bool IsAllowedRequest(const std::string& remoteIp, |
| 328 const std::string& remoteAet, | 339 const std::string& remoteAet, |
| 329 const std::string& calledAet, | 340 const std::string& calledAet, |
| 330 DicomRequestType type) ORTHANC_OVERRIDE | 341 DicomRequestType type) ORTHANC_OVERRIDE |
| 331 { | 342 { |
| 356 // Incoming C-Get requests are always accepted, even from unknown AET | 367 // Incoming C-Get requests are always accepted, even from unknown AET |
| 357 return true; | 368 return true; |
| 358 } | 369 } |
| 359 else | 370 else |
| 360 { | 371 { |
| 361 OrthancConfiguration::ReaderLock lock; | 372 bool checkIp; |
| 362 | |
| 363 std::list<RemoteModalityParameters> modalities; | 373 std::list<RemoteModalityParameters> modalities; |
| 364 if (lock.GetConfiguration().LookupDicomModalitiesUsingAETitle(modalities, remoteAet)) | 374 |
| 365 { | 375 { |
| 366 if (modalities.size() == 1) // don't check the IP if there's only one modality with this AET | 376 OrthancConfiguration::ReaderLock lock; |
| 377 lock.GetConfiguration().LookupDicomModalitiesUsingAETitle(modalities, remoteAet); | |
| 378 checkIp = lock.GetConfiguration().GetBooleanParameter("DicomCheckModalityHost", false); | |
| 379 } | |
| 380 | |
| 381 if (modalities.empty()) | |
| 382 { | |
| 383 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet | |
| 384 << " on IP " << remoteIp << ": This AET is not listed in " | |
| 385 << "configuration option \"DicomModalities\""; | |
| 386 return false; | |
| 387 } | |
| 388 else if (modalities.size() == 1) | |
| 389 { | |
| 390 // DicomCheckModalityHost is true: check if the IP match the configured IP | |
| 391 if (checkIp && | |
| 392 remoteIp != modalities.front().GetHost()) | |
| 367 { | 393 { |
| 368 return modalities.front().IsRequestAllowed(type); | 394 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet |
| 395 << " on IP " << remoteIp << ": Its IP address should be " | |
| 396 << modalities.front().GetHost() | |
| 397 << " according to configuration option \"DicomModalities\""; | |
| 398 return false; | |
| 369 } | 399 } |
| 370 else // if there are multiple modalities with the same AET, check the one matching this IP | 400 else if (modalities.front().IsRequestAllowed(type)) |
| 371 { | 401 { |
| 372 for (std::list<RemoteModalityParameters>::const_iterator it = modalities.begin(); it != modalities.end(); ++it) | 402 return true; |
| 403 } | |
| 404 else | |
| 405 { | |
| 406 ReportDisallowedCommand(remoteIp, remoteAet, type); | |
| 407 return false; | |
| 408 } | |
| 409 } | |
| 410 else | |
| 411 { | |
| 412 // If there are multiple modalities with the same AET, consider the one matching this IP | |
| 413 for (std::list<RemoteModalityParameters>::const_iterator | |
| 414 it = modalities.begin(); it != modalities.end(); ++it) | |
| 415 { | |
| 416 if (it->GetHost() == remoteIp) | |
| 373 { | 417 { |
| 374 if (it->GetHost() == remoteIp) | 418 if (it->IsRequestAllowed(type)) |
| 375 { | 419 { |
| 376 return it->IsRequestAllowed(type); | 420 return true; |
| 421 } | |
| 422 else | |
| 423 { | |
| 424 ReportDisallowedCommand(remoteIp, remoteAet, type); | |
| 425 return false; | |
| 377 } | 426 } |
| 378 } | 427 } |
| 379 | |
| 380 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet | |
| 381 << " on IP " << remoteIp << ", " << modalities.size() | |
| 382 << " modalites found with this AET but none of them matching the IP"; | |
| 383 } | 428 } |
| 384 return false; | 429 |
| 385 } | 430 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet |
| 386 else | 431 << " on IP " << remoteIp << ": " << modalities.size() |
| 387 { | 432 << " modalites found with this AET in configuration option " |
| 433 << "\"DicomModalities\", but none of them matches the IP"; | |
| 388 return false; | 434 return false; |
| 389 } | 435 } |
| 390 } | 436 } |
| 391 } | 437 } |
| 392 | 438 |