Mercurial > hg > orthanc
comparison OrthancServer/Sources/main.cpp @ 4646:4beebbb3636e
Fix regression in the handling of "DicomCheckModalityHost" configuration option
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Wed, 28 Apr 2021 17:50:26 +0200 |
parents | 66109d24d26e |
children | e915102093de |
comparison
equal
deleted
inserted
replaced
4645:1f90fe0fa13f | 4646:4beebbb3636e |
---|---|
322 OrthancConfiguration::ReaderLock lock; | 322 OrthancConfiguration::ReaderLock lock; |
323 return lock.GetConfiguration().IsKnownAETitle(remoteAet, remoteIp); | 323 return lock.GetConfiguration().IsKnownAETitle(remoteAet, remoteIp); |
324 } | 324 } |
325 } | 325 } |
326 | 326 |
327 static void ReportDisallowedCommand(const std::string& remoteIp, | |
328 const std::string& remoteAet, | |
329 DicomRequestType type) | |
330 { | |
331 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet | |
332 << " on IP " << remoteIp << ": The DICOM command " | |
333 << EnumerationToString(type) << " is not allowed for this modality " | |
334 << "according to configuration option \"DicomModalities\""; | |
335 } | |
336 | |
337 | |
327 virtual bool IsAllowedRequest(const std::string& remoteIp, | 338 virtual bool IsAllowedRequest(const std::string& remoteIp, |
328 const std::string& remoteAet, | 339 const std::string& remoteAet, |
329 const std::string& calledAet, | 340 const std::string& calledAet, |
330 DicomRequestType type) ORTHANC_OVERRIDE | 341 DicomRequestType type) ORTHANC_OVERRIDE |
331 { | 342 { |
356 // Incoming C-Get requests are always accepted, even from unknown AET | 367 // Incoming C-Get requests are always accepted, even from unknown AET |
357 return true; | 368 return true; |
358 } | 369 } |
359 else | 370 else |
360 { | 371 { |
361 OrthancConfiguration::ReaderLock lock; | 372 bool checkIp; |
362 | |
363 std::list<RemoteModalityParameters> modalities; | 373 std::list<RemoteModalityParameters> modalities; |
364 if (lock.GetConfiguration().LookupDicomModalitiesUsingAETitle(modalities, remoteAet)) | 374 |
365 { | 375 { |
366 if (modalities.size() == 1) // don't check the IP if there's only one modality with this AET | 376 OrthancConfiguration::ReaderLock lock; |
377 lock.GetConfiguration().LookupDicomModalitiesUsingAETitle(modalities, remoteAet); | |
378 checkIp = lock.GetConfiguration().GetBooleanParameter("DicomCheckModalityHost", false); | |
379 } | |
380 | |
381 if (modalities.empty()) | |
382 { | |
383 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet | |
384 << " on IP " << remoteIp << ": This AET is not listed in " | |
385 << "configuration option \"DicomModalities\""; | |
386 return false; | |
387 } | |
388 else if (modalities.size() == 1) | |
389 { | |
390 // DicomCheckModalityHost is true: check if the IP match the configured IP | |
391 if (checkIp && | |
392 remoteIp != modalities.front().GetHost()) | |
367 { | 393 { |
368 return modalities.front().IsRequestAllowed(type); | 394 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet |
395 << " on IP " << remoteIp << ": Its IP address should be " | |
396 << modalities.front().GetHost() | |
397 << " according to configuration option \"DicomModalities\""; | |
398 return false; | |
369 } | 399 } |
370 else // if there are multiple modalities with the same AET, check the one matching this IP | 400 else if (modalities.front().IsRequestAllowed(type)) |
371 { | 401 { |
372 for (std::list<RemoteModalityParameters>::const_iterator it = modalities.begin(); it != modalities.end(); ++it) | 402 return true; |
403 } | |
404 else | |
405 { | |
406 ReportDisallowedCommand(remoteIp, remoteAet, type); | |
407 return false; | |
408 } | |
409 } | |
410 else | |
411 { | |
412 // If there are multiple modalities with the same AET, consider the one matching this IP | |
413 for (std::list<RemoteModalityParameters>::const_iterator | |
414 it = modalities.begin(); it != modalities.end(); ++it) | |
415 { | |
416 if (it->GetHost() == remoteIp) | |
373 { | 417 { |
374 if (it->GetHost() == remoteIp) | 418 if (it->IsRequestAllowed(type)) |
375 { | 419 { |
376 return it->IsRequestAllowed(type); | 420 return true; |
421 } | |
422 else | |
423 { | |
424 ReportDisallowedCommand(remoteIp, remoteAet, type); | |
425 return false; | |
377 } | 426 } |
378 } | 427 } |
379 | |
380 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet | |
381 << " on IP " << remoteIp << ", " << modalities.size() | |
382 << " modalites found with this AET but none of them matching the IP"; | |
383 } | 428 } |
384 return false; | 429 |
385 } | 430 LOG(WARNING) << "Unable to check DICOM authorization for AET " << remoteAet |
386 else | 431 << " on IP " << remoteIp << ": " << modalities.size() |
387 { | 432 << " modalites found with this AET in configuration option " |
433 << "\"DicomModalities\", but none of them matches the IP"; | |
388 return false; | 434 return false; |
389 } | 435 } |
390 } | 436 } |
391 } | 437 } |
392 | 438 |