Mercurial > hg > orthanc
diff OrthancServer/Sources/main.cpp @ 4482:8efeaba1b7f9
new configuration options: "DicomAlwaysAllowFind" and "DicomAlwaysAllowGet"
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Thu, 28 Jan 2021 15:54:30 +0100 |
| parents | 68f52897c119 |
| children | e3e759cbd19c |
line wrap: on
line diff
--- a/OrthancServer/Sources/main.cpp Thu Jan 28 14:07:49 2021 +0100 +++ b/OrthancServer/Sources/main.cpp Thu Jan 28 15:54:30 2021 +0100 @@ -280,15 +280,31 @@ private: ServerContext& context_; bool alwaysAllowEcho_; + bool alwaysAllowFind_; // New in Orthanc 1.9.0 + bool alwaysAllowGet_; // New in Orthanc 1.9.0 bool alwaysAllowStore_; public: explicit OrthancApplicationEntityFilter(ServerContext& context) : context_(context) { - OrthancConfiguration::ReaderLock lock; - alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true); - alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true); + { + OrthancConfiguration::ReaderLock lock; + alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true); + alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false); + alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false); + alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true); + } + + if (alwaysAllowFind_) + { + LOG(WARNING) << "Security risk in DICOM SCP: C-FIND requests are always allowed, even from unknown modalities"; + } + + if (alwaysAllowGet_) + { + LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities"; + } } virtual bool IsAllowedConnection(const std::string& remoteIp, @@ -299,6 +315,8 @@ << " on IP " << remoteIp << ", calling AET " << calledAet; if (alwaysAllowEcho_ || + alwaysAllowFind_ || + alwaysAllowGet_ || alwaysAllowStore_) { return true; @@ -324,12 +342,24 @@ // Incoming C-Echo requests are always accepted, even from unknown AET return true; } + else if (type == DicomRequestType_Find && + alwaysAllowFind_) + { + // Incoming C-Find requests are always accepted, even from unknown AET + return true; + } else if (type == DicomRequestType_Store && alwaysAllowStore_) { // Incoming C-Store requests are always accepted, even from unknown AET return true; } + else if (type == DicomRequestType_Get && + alwaysAllowGet_) + { + // Incoming C-Get requests are always accepted, even from unknown AET + return true; + } else { OrthancConfiguration::ReaderLock lock;