Mercurial > hg > orthanc

changeset 2375:3ec85ff48374

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New security-related options: "DicomAlwaysAllowEcho"
author Sebastien Jodogne <s.jodogne@gmail.com>
date Fri, 25 Aug 2017 16:45:08 +0200
parents 7087141c74b9
children c33ff8a7ffa9
files NEWS OrthancServer/main.cpp Resources/Configuration.json
diffstat 3 files changed, 20 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Wed Aug 23 16:17:54 2017 +0200
+++ b/NEWS	Fri Aug 25 16:45:08 2017 +0200
@@ -1,6 +1,7 @@
 Pending changes in the mainline
 ===============================
 
+* New security-related options: "DicomAlwaysAllowEcho"
 * Fix issue 64 (OpenBSD support)
 
 
--- a/OrthancServer/main.cpp	Wed Aug 23 16:17:54 2017 +0200
+++ b/OrthancServer/main.cpp	Fri Aug 25 16:45:08 2017 +0200
@@ -152,12 +152,14 @@
 {
 private:
   ServerContext& context_;
+  bool           alwaysAllowEcho_;
   bool           alwaysAllowStore_;
 
 public:
   OrthancApplicationEntityFilter(ServerContext& context) :
     context_(context)
   {
+    alwaysAllowEcho_ = Configuration::GetGlobalBoolParameter("DicomAlwaysAllowEcho", true);
     alwaysAllowStore_ = Configuration::GetGlobalBoolParameter("DicomAlwaysAllowStore", true);
   }
 
@@ -168,7 +170,8 @@
     LOG(INFO) << "Incoming connection from AET " << remoteAet
               << " on IP " << remoteIp << ", calling AET " << calledAet;
 
-    return (alwaysAllowStore_ ||
+    return (alwaysAllowEcho_ ||
+            alwaysAllowStore_ ||
             Configuration::IsKnownAETitle(remoteAet, remoteIp));
   }
 
@@ -180,10 +183,16 @@
     LOG(INFO) << "Incoming " << Orthanc::EnumerationToString(type) << " request from AET "
               << remoteAet << " on IP " << remoteIp << ", calling AET " << calledAet;
     
-    if (type == DicomRequestType_Store &&
-        alwaysAllowStore_)
+    if (type == DicomRequestType_Echo &&
+        alwaysAllowEcho_)
     {
-      // Incoming store requests are always accepted, even from unknown AET
+      // Incoming C-Echo requests are always accepted, even from unknown AET
+      return true;
+    }
+    else if (type == DicomRequestType_Store &&
+             alwaysAllowStore_)
+    {
+      // Incoming C-Store requests are always accepted, even from unknown AET
       return true;
     }
     else if (!Configuration::IsKnownAETitle(remoteAet, remoteIp))
--- a/Resources/Configuration.json	Wed Aug 23 16:17:54 2017 +0200
+++ b/Resources/Configuration.json	Fri Aug 25 16:45:08 2017 +0200
@@ -171,6 +171,12 @@
     // "clearcanvas" : [ "CLEARCANVAS", "192.168.1.1", 104, "ClearCanvas" ]
   },
 
+  // Whether the Orthanc SCP allows incoming C-Echo requests, even
+  // from SCU modalities it does not know about (i.e. that are not
+  // listed in the "DicomModalities" option above). Orthanc 1.3.0
+  // is the only version to behave as if this argument was set to "false".
+  "DicomAlwaysAllowEcho" : true,
+
   // Whether the Orthanc SCP allows incoming C-Store requests, even
   // from SCU modalities it does not know about (i.e. that are not
   // listed in the "DicomModalities" option above)