Mercurial > hg > orthanc
comparison OrthancServer/Sources/main.cpp @ 4772:ec8aef42a7db
new configuration option "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP
author | Alain Mazy <am@osimis.io> |
---|---|
date | Mon, 30 Aug 2021 09:47:47 +0200 |
parents | 82a314325351 |
children | 61da49321754 656784ac6759 434843934307 fc2ba1ce6538 |
comparison
equal
deleted
inserted
replaced
4771:9f207131c7f4 | 4772:ec8aef42a7db |
---|---|
277 private: | 277 private: |
278 ServerContext& context_; | 278 ServerContext& context_; |
279 bool alwaysAllowEcho_; | 279 bool alwaysAllowEcho_; |
280 bool alwaysAllowFind_; // New in Orthanc 1.9.0 | 280 bool alwaysAllowFind_; // New in Orthanc 1.9.0 |
281 bool alwaysAllowGet_; // New in Orthanc 1.9.0 | 281 bool alwaysAllowGet_; // New in Orthanc 1.9.0 |
282 bool alwaysAllowMove_; // New in Orthanc 1.9.7 | |
282 bool alwaysAllowStore_; | 283 bool alwaysAllowStore_; |
283 | 284 |
284 public: | 285 public: |
285 explicit OrthancApplicationEntityFilter(ServerContext& context) : | 286 explicit OrthancApplicationEntityFilter(ServerContext& context) : |
286 context_(context) | 287 context_(context) |
288 { | 289 { |
289 OrthancConfiguration::ReaderLock lock; | 290 OrthancConfiguration::ReaderLock lock; |
290 alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true); | 291 alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true); |
291 alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false); | 292 alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false); |
292 alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false); | 293 alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false); |
294 alwaysAllowMove_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowMove", false); | |
293 alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true); | 295 alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true); |
294 } | 296 } |
295 | 297 |
296 if (alwaysAllowFind_) | 298 if (alwaysAllowFind_) |
297 { | 299 { |
299 } | 301 } |
300 | 302 |
301 if (alwaysAllowGet_) | 303 if (alwaysAllowGet_) |
302 { | 304 { |
303 LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities"; | 305 LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities"; |
306 } | |
307 | |
308 if (alwaysAllowMove_) | |
309 { | |
310 LOG(WARNING) << "Security risk in DICOM SCP: C-MOOVE requests are always allowed, even from unknown modalities"; | |
304 } | 311 } |
305 } | 312 } |
306 | 313 |
307 virtual bool IsAllowedConnection(const std::string& remoteIp, | 314 virtual bool IsAllowedConnection(const std::string& remoteIp, |
308 const std::string& remoteAet, | 315 const std::string& remoteAet, |
312 << " on IP " << remoteIp << ", calling AET " << calledAet; | 319 << " on IP " << remoteIp << ", calling AET " << calledAet; |
313 | 320 |
314 if (alwaysAllowEcho_ || | 321 if (alwaysAllowEcho_ || |
315 alwaysAllowFind_ || | 322 alwaysAllowFind_ || |
316 alwaysAllowGet_ || | 323 alwaysAllowGet_ || |
324 alwaysAllowMove_ || | |
317 alwaysAllowStore_) | 325 alwaysAllowStore_) |
318 { | 326 { |
319 return true; | 327 return true; |
320 } | 328 } |
321 else | 329 else |
364 } | 372 } |
365 else if (type == DicomRequestType_Get && | 373 else if (type == DicomRequestType_Get && |
366 alwaysAllowGet_) | 374 alwaysAllowGet_) |
367 { | 375 { |
368 // Incoming C-Get requests are always accepted, even from unknown AET | 376 // Incoming C-Get requests are always accepted, even from unknown AET |
377 return true; | |
378 } | |
379 else if (type == DicomRequestType_Move && | |
380 alwaysAllowMove_) | |
381 { | |
382 // Incoming C-Move requests are always accepted, even from unknown AET | |
369 return true; | 383 return true; |
370 } | 384 } |
371 else | 385 else |
372 { | 386 { |
373 bool checkIp; | 387 bool checkIp; |