# HG changeset patch # User Sebastien Jodogne # Date 1503672308 -7200 # Node ID 3ec85ff48374803e0e796ba8bf0923f53f591e4b # Parent 7087141c74b98694ed541684f631d1dcebc54a23 New security-related options: "DicomAlwaysAllowEcho" diff -r 7087141c74b9 -r 3ec85ff48374 NEWS --- a/NEWS Wed Aug 23 16:17:54 2017 +0200 +++ b/NEWS Fri Aug 25 16:45:08 2017 +0200 @@ -1,6 +1,7 @@ Pending changes in the mainline =============================== +* New security-related options: "DicomAlwaysAllowEcho" * Fix issue 64 (OpenBSD support) diff -r 7087141c74b9 -r 3ec85ff48374 OrthancServer/main.cpp --- a/OrthancServer/main.cpp Wed Aug 23 16:17:54 2017 +0200 +++ b/OrthancServer/main.cpp Fri Aug 25 16:45:08 2017 +0200 @@ -152,12 +152,14 @@ { private: ServerContext& context_; + bool alwaysAllowEcho_; bool alwaysAllowStore_; public: OrthancApplicationEntityFilter(ServerContext& context) : context_(context) { + alwaysAllowEcho_ = Configuration::GetGlobalBoolParameter("DicomAlwaysAllowEcho", true); alwaysAllowStore_ = Configuration::GetGlobalBoolParameter("DicomAlwaysAllowStore", true); } @@ -168,7 +170,8 @@ LOG(INFO) << "Incoming connection from AET " << remoteAet << " on IP " << remoteIp << ", calling AET " << calledAet; - return (alwaysAllowStore_ || + return (alwaysAllowEcho_ || + alwaysAllowStore_ || Configuration::IsKnownAETitle(remoteAet, remoteIp)); } @@ -180,10 +183,16 @@ LOG(INFO) << "Incoming " << Orthanc::EnumerationToString(type) << " request from AET " << remoteAet << " on IP " << remoteIp << ", calling AET " << calledAet; - if (type == DicomRequestType_Store && - alwaysAllowStore_) + if (type == DicomRequestType_Echo && + alwaysAllowEcho_) { - // Incoming store requests are always accepted, even from unknown AET + // Incoming C-Echo requests are always accepted, even from unknown AET + return true; + } + else if (type == DicomRequestType_Store && + alwaysAllowStore_) + { + // Incoming C-Store requests are always accepted, even from unknown AET return true; } else if (!Configuration::IsKnownAETitle(remoteAet, remoteIp)) diff -r 7087141c74b9 -r 3ec85ff48374 Resources/Configuration.json --- a/Resources/Configuration.json Wed Aug 23 16:17:54 2017 +0200 +++ b/Resources/Configuration.json Fri Aug 25 16:45:08 2017 +0200 @@ -171,6 +171,12 @@ // "clearcanvas" : [ "CLEARCANVAS", "192.168.1.1", 104, "ClearCanvas" ] }, + // Whether the Orthanc SCP allows incoming C-Echo requests, even + // from SCU modalities it does not know about (i.e. that are not + // listed in the "DicomModalities" option above). Orthanc 1.3.0 + // is the only version to behave as if this argument was set to "false". + "DicomAlwaysAllowEcho" : true, + // Whether the Orthanc SCP allows incoming C-Store requests, even // from SCU modalities it does not know about (i.e. that are not // listed in the "DicomModalities" option above)