Mercurial > hg > orthanc
changeset 2375:3ec85ff48374
New security-related options: "DicomAlwaysAllowEcho"
| author | Sebastien Jodogne <s.jodogne@gmail.com> | 
|---|---|
| date | Fri, 25 Aug 2017 16:45:08 +0200 | 
| parents | 7087141c74b9 | 
| children | c33ff8a7ffa9 | 
| files | NEWS OrthancServer/main.cpp Resources/Configuration.json | 
| diffstat | 3 files changed, 20 insertions(+), 4 deletions(-) [+] | 
line wrap: on
 line diff
--- a/NEWS Wed Aug 23 16:17:54 2017 +0200 +++ b/NEWS Fri Aug 25 16:45:08 2017 +0200 @@ -1,6 +1,7 @@ Pending changes in the mainline =============================== +* New security-related options: "DicomAlwaysAllowEcho" * Fix issue 64 (OpenBSD support)
--- a/OrthancServer/main.cpp Wed Aug 23 16:17:54 2017 +0200 +++ b/OrthancServer/main.cpp Fri Aug 25 16:45:08 2017 +0200 @@ -152,12 +152,14 @@ { private: ServerContext& context_; + bool alwaysAllowEcho_; bool alwaysAllowStore_; public: OrthancApplicationEntityFilter(ServerContext& context) : context_(context) { + alwaysAllowEcho_ = Configuration::GetGlobalBoolParameter("DicomAlwaysAllowEcho", true); alwaysAllowStore_ = Configuration::GetGlobalBoolParameter("DicomAlwaysAllowStore", true); } @@ -168,7 +170,8 @@ LOG(INFO) << "Incoming connection from AET " << remoteAet << " on IP " << remoteIp << ", calling AET " << calledAet; - return (alwaysAllowStore_ || + return (alwaysAllowEcho_ || + alwaysAllowStore_ || Configuration::IsKnownAETitle(remoteAet, remoteIp)); } @@ -180,10 +183,16 @@ LOG(INFO) << "Incoming " << Orthanc::EnumerationToString(type) << " request from AET " << remoteAet << " on IP " << remoteIp << ", calling AET " << calledAet; - if (type == DicomRequestType_Store && - alwaysAllowStore_) + if (type == DicomRequestType_Echo && + alwaysAllowEcho_) { - // Incoming store requests are always accepted, even from unknown AET + // Incoming C-Echo requests are always accepted, even from unknown AET + return true; + } + else if (type == DicomRequestType_Store && + alwaysAllowStore_) + { + // Incoming C-Store requests are always accepted, even from unknown AET return true; } else if (!Configuration::IsKnownAETitle(remoteAet, remoteIp))
--- a/Resources/Configuration.json Wed Aug 23 16:17:54 2017 +0200 +++ b/Resources/Configuration.json Fri Aug 25 16:45:08 2017 +0200 @@ -171,6 +171,12 @@ // "clearcanvas" : [ "CLEARCANVAS", "192.168.1.1", 104, "ClearCanvas" ] }, + // Whether the Orthanc SCP allows incoming C-Echo requests, even + // from SCU modalities it does not know about (i.e. that are not + // listed in the "DicomModalities" option above). Orthanc 1.3.0 + // is the only version to behave as if this argument was set to "false". + "DicomAlwaysAllowEcho" : true, + // Whether the Orthanc SCP allows incoming C-Store requests, even // from SCU modalities it does not know about (i.e. that are not // listed in the "DicomModalities" option above)
