Mercurial > hg > orthanc

comparison OrthancServer/Sources/main.cpp @ 4785:61da49321754 openssl-3.x

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
integration mainline->openssl-3.x
author Sebastien Jodogne <s.jodogne@gmail.com>
date Mon, 30 Aug 2021 22:21:24 +0200
parents f0038043fb97 ec8aef42a7db
children 70d2a97ca8cb
comparison
equal deleted inserted replaced
4760:b2417ac5055a 4785:61da49321754
265 private: 265 private:
266 ServerContext& context_; 266 ServerContext& context_;
267 bool alwaysAllowEcho_; 267 bool alwaysAllowEcho_;
268 bool alwaysAllowFind_; // New in Orthanc 1.9.0 268 bool alwaysAllowFind_; // New in Orthanc 1.9.0
269 bool alwaysAllowGet_; // New in Orthanc 1.9.0 269 bool alwaysAllowGet_; // New in Orthanc 1.9.0
270 bool alwaysAllowMove_; // New in Orthanc 1.9.7
270 bool alwaysAllowStore_; 271 bool alwaysAllowStore_;
271 272
272 public: 273 public:
273 explicit OrthancApplicationEntityFilter(ServerContext& context) : 274 explicit OrthancApplicationEntityFilter(ServerContext& context) :
274 context_(context) 275 context_(context)
276 { 277 {
277 OrthancConfiguration::ReaderLock lock; 278 OrthancConfiguration::ReaderLock lock;
278 alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true); 279 alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true);
279 alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false); 280 alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false);
280 alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false); 281 alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false);
282 alwaysAllowMove_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowMove", false);
281 alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true); 283 alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true);
282 } 284 }
283 285
284 if (alwaysAllowFind_) 286 if (alwaysAllowFind_)
285 { 287 {
287 } 289 }
288 290
289 if (alwaysAllowGet_) 291 if (alwaysAllowGet_)
290 { 292 {
291 LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities"; 293 LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities";
294 }
295
296 if (alwaysAllowMove_)
297 {
298 LOG(WARNING) << "Security risk in DICOM SCP: C-MOOVE requests are always allowed, even from unknown modalities";
292 } 299 }
293 } 300 }
294 301
295 virtual bool IsAllowedConnection(const std::string& remoteIp, 302 virtual bool IsAllowedConnection(const std::string& remoteIp,
296 const std::string& remoteAet, 303 const std::string& remoteAet,
300 << " on IP " << remoteIp << ", calling AET " << calledAet; 307 << " on IP " << remoteIp << ", calling AET " << calledAet;
301 308
302 if (alwaysAllowEcho_ || 309 if (alwaysAllowEcho_ ||
303 alwaysAllowFind_ || 310 alwaysAllowFind_ ||
304 alwaysAllowGet_ || 311 alwaysAllowGet_ ||
312 alwaysAllowMove_ ||
305 alwaysAllowStore_) 313 alwaysAllowStore_)
306 { 314 {
307 return true; 315 return true;
308 } 316 }
309 else 317 else
352 } 360 }
353 else if (type == DicomRequestType_Get && 361 else if (type == DicomRequestType_Get &&
354 alwaysAllowGet_) 362 alwaysAllowGet_)
355 { 363 {
356 // Incoming C-Get requests are always accepted, even from unknown AET 364 // Incoming C-Get requests are always accepted, even from unknown AET
365 return true;
366 }
367 else if (type == DicomRequestType_Move &&
368 alwaysAllowMove_)
369 {
370 // Incoming C-Move requests are always accepted, even from unknown AET
357 return true; 371 return true;
358 } 372 }
359 else 373 else
360 { 374 {
361 bool checkIp; 375 bool checkIp;