# HG changeset patch
# User Sebastien Jodogne <s.jodogne@gmail.com>
# Date 1630311950 -7200
# Node ID 79d4e155592bdcc370644ba59cdc353f61a9f71d
# Parent  add0337b928a46a64945a130a00cc10c7054f8f1# Parent  ec6843501db7345613c62c54b51ba82b5c44ac97
merge

diff -r add0337b928a -r 79d4e155592b NEWS
--- a/NEWS	Mon Aug 30 10:24:36 2021 +0200
+++ b/NEWS	Mon Aug 30 10:25:50 2021 +0200
@@ -1,6 +1,12 @@
 Pending changes in the mainline
 ===============================
 
+General
+-------
+
+* New configuration option "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP
+
+
 REST API
 --------
 
diff -r add0337b928a -r 79d4e155592b OrthancServer/Resources/Configuration.json
--- a/OrthancServer/Resources/Configuration.json	Mon Aug 30 10:24:36 2021 +0200
+++ b/OrthancServer/Resources/Configuration.json	Mon Aug 30 10:25:50 2021 +0200
@@ -291,6 +291,12 @@
   // option to "true" implies security risks. (new in Orthanc 1.9.0)
   "DicomAlwaysAllowGet" : false,
 
+  // Whether the Orthanc SCP allows incoming C-MOVE requests, even
+  // from SCU modalities it does not know about (i.e. that are not
+  // listed in the "DicomModalities" option above). Setting this
+  // option to "true" implies security risks. (new in Orthanc 1.9.7)
+  "DicomAlwaysAllowMove" : false,
+
   // Whether Orthanc checks the IP/hostname address of the remote
   // modality initiating a DICOM connection (as listed in the
   // "DicomModalities" option above). If this option is set to
diff -r add0337b928a -r 79d4e155592b OrthancServer/Sources/main.cpp
--- a/OrthancServer/Sources/main.cpp	Mon Aug 30 10:24:36 2021 +0200
+++ b/OrthancServer/Sources/main.cpp	Mon Aug 30 10:25:50 2021 +0200
@@ -279,6 +279,7 @@
   bool            alwaysAllowEcho_;
   bool            alwaysAllowFind_;  // New in Orthanc 1.9.0
   bool            alwaysAllowGet_;   // New in Orthanc 1.9.0
+  bool            alwaysAllowMove_;  // New in Orthanc 1.9.7
   bool            alwaysAllowStore_;
 
 public:
@@ -290,6 +291,7 @@
       alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true);
       alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false);
       alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false);
+      alwaysAllowMove_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowMove", false);
       alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true);
     }
 
@@ -302,6 +304,11 @@
     {
       LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities";
     }
+
+    if (alwaysAllowMove_)
+    {
+      LOG(WARNING) << "Security risk in DICOM SCP: C-MOOVE requests are always allowed, even from unknown modalities";
+    }
   }
 
   virtual bool IsAllowedConnection(const std::string& remoteIp,
@@ -314,6 +321,7 @@
     if (alwaysAllowEcho_ ||
         alwaysAllowFind_ ||
         alwaysAllowGet_ ||
+        alwaysAllowMove_ ||
         alwaysAllowStore_)
     {
       return true;
@@ -368,6 +376,12 @@
       // Incoming C-Get requests are always accepted, even from unknown AET
       return true;
     }
+    else if (type == DicomRequestType_Move &&
+             alwaysAllowMove_)
+    {
+      // Incoming C-Move requests are always accepted, even from unknown AET
+      return true;
+    }
     else
     {
       bool checkIp;