Mercurial > hg > orthanc
comparison OrthancServer/Sources/main.cpp @ 4942:bd7ad1cb40b6
Improved DICOM authorization checks when multiple modalities are declared with the same AET
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Wed, 16 Mar 2022 10:55:13 +0100 |
| parents | 6eff25f70121 |
| children | 47d734fa30f6 |
comparison
equal
deleted
inserted
replaced
| 4931:0b14c766ca7a | 4942:bd7ad1cb40b6 |
|---|---|
| 428 return false; | 428 return false; |
| 429 } | 429 } |
| 430 } | 430 } |
| 431 else | 431 else |
| 432 { | 432 { |
| 433 // If there are multiple modalities with the same AET, consider the one matching this IP | 433 // If there are multiple modalities with the same AET, consider the one matching this IP |
| 434 // or check if the operation is allowed for all modalities | |
| 435 bool allowedForAllModalities = true; | |
| 436 | |
| 434 for (std::list<RemoteModalityParameters>::const_iterator | 437 for (std::list<RemoteModalityParameters>::const_iterator |
| 435 it = modalities.begin(); it != modalities.end(); ++it) | 438 it = modalities.begin(); it != modalities.end(); ++it) |
| 436 { | 439 { |
| 437 if (it->GetHost() == remoteIp) | 440 if (it->IsRequestAllowed(type)) |
| 438 { | 441 { |
| 439 if (it->IsRequestAllowed(type)) | 442 if (checkIp && |
| 443 it->GetHost() == remoteIp) | |
| 440 { | 444 { |
| 441 return true; | 445 return true; |
| 442 } | 446 } |
| 443 else | 447 } |
| 444 { | 448 else |
| 445 ReportDisallowedCommand(remoteIp, remoteAet, type); | 449 { |
| 446 return false; | 450 allowedForAllModalities = false; |
| 447 } | |
| 448 } | 451 } |
| 449 } | 452 } |
| 450 | 453 |
| 451 LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet | 454 if (allowedForAllModalities) |
| 452 << " on IP " << remoteIp << ": " << modalities.size() | 455 { |
| 453 << " modalites found with this AET in configuration option " | 456 return true; |
| 454 << "\"DicomModalities\", but none of them matches the IP"; | 457 } |
| 455 return false; | 458 else |
| 459 { | |
| 460 ReportDisallowedCommand(remoteIp, remoteAet, type); | |
| 461 | |
| 462 if (checkIp) | |
| 463 { | |
| 464 LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet | |
| 465 << " on IP " << remoteIp << ": " << modalities.size() | |
| 466 << " modalites found with this AET in configuration option " | |
| 467 << "\"DicomModalities\", but the operation is allowed for none " | |
| 468 << "of them matching the IP"; | |
| 469 } | |
| 470 else | |
| 471 { | |
| 472 LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet | |
| 473 << " on IP " << remoteIp << ": " << modalities.size() | |
| 474 << " modalites found with this AET in configuration option " | |
| 475 << "\"DicomModalities\", but the operation is not allowed for" | |
| 476 << "all of them"; | |
| 477 } | |
| 478 return false; | |
| 479 } | |
| 456 } | 480 } |
| 457 } | 481 } |
| 458 } | 482 } |
| 459 | 483 |
| 460 | 484 |