Mercurial > hg > orthanc
comparison OrthancServer/Sources/main.cpp @ 4942:bd7ad1cb40b6
Improved DICOM authorization checks when multiple modalities are declared with the same AET
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 16 Mar 2022 10:55:13 +0100 |
parents | 6eff25f70121 |
children | 47d734fa30f6 |
comparison
equal
deleted
inserted
replaced
4931:0b14c766ca7a | 4942:bd7ad1cb40b6 |
---|---|
428 return false; | 428 return false; |
429 } | 429 } |
430 } | 430 } |
431 else | 431 else |
432 { | 432 { |
433 // If there are multiple modalities with the same AET, consider the one matching this IP | 433 // If there are multiple modalities with the same AET, consider the one matching this IP |
434 // or check if the operation is allowed for all modalities | |
435 bool allowedForAllModalities = true; | |
436 | |
434 for (std::list<RemoteModalityParameters>::const_iterator | 437 for (std::list<RemoteModalityParameters>::const_iterator |
435 it = modalities.begin(); it != modalities.end(); ++it) | 438 it = modalities.begin(); it != modalities.end(); ++it) |
436 { | 439 { |
437 if (it->GetHost() == remoteIp) | 440 if (it->IsRequestAllowed(type)) |
438 { | 441 { |
439 if (it->IsRequestAllowed(type)) | 442 if (checkIp && |
443 it->GetHost() == remoteIp) | |
440 { | 444 { |
441 return true; | 445 return true; |
442 } | 446 } |
443 else | 447 } |
444 { | 448 else |
445 ReportDisallowedCommand(remoteIp, remoteAet, type); | 449 { |
446 return false; | 450 allowedForAllModalities = false; |
447 } | |
448 } | 451 } |
449 } | 452 } |
450 | 453 |
451 LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet | 454 if (allowedForAllModalities) |
452 << " on IP " << remoteIp << ": " << modalities.size() | 455 { |
453 << " modalites found with this AET in configuration option " | 456 return true; |
454 << "\"DicomModalities\", but none of them matches the IP"; | 457 } |
455 return false; | 458 else |
459 { | |
460 ReportDisallowedCommand(remoteIp, remoteAet, type); | |
461 | |
462 if (checkIp) | |
463 { | |
464 LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet | |
465 << " on IP " << remoteIp << ": " << modalities.size() | |
466 << " modalites found with this AET in configuration option " | |
467 << "\"DicomModalities\", but the operation is allowed for none " | |
468 << "of them matching the IP"; | |
469 } | |
470 else | |
471 { | |
472 LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet | |
473 << " on IP " << remoteIp << ": " << modalities.size() | |
474 << " modalites found with this AET in configuration option " | |
475 << "\"DicomModalities\", but the operation is not allowed for" | |
476 << "all of them"; | |
477 } | |
478 return false; | |
479 } | |
456 } | 480 } |
457 } | 481 } |
458 } | 482 } |
459 | 483 |
460 | 484 |