Mercurial > hg > orthanc

changeset 4942:bd7ad1cb40b6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Improved DICOM authorization checks when multiple modalities are declared with the same AET
author Alain Mazy <am@osimis.io>
date Wed, 16 Mar 2022 10:55:13 +0100
parents 0b14c766ca7a
children 47d734fa30f6
files NEWS OrthancServer/Sources/main.cpp
diffstat 2 files changed, 44 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Mon Mar 07 18:56:15 2022 +0100
+++ b/NEWS	Wed Mar 16 10:55:13 2022 +0100
@@ -1,6 +1,13 @@
 Pending changes in the mainline
 ===============================
 
+General
+-------
+
+* Improved DICOM authorization checks when multiple modalities are declared with
+  the same AET.
+
+
 Documentation
 -------------
 
--- a/OrthancServer/Sources/main.cpp	Mon Mar 07 18:56:15 2022 +0100
+++ b/OrthancServer/Sources/main.cpp	Wed Mar 16 10:55:13 2022 +0100
@@ -430,29 +430,53 @@
       }
       else
       {
-        // If there are multiple modalities with the same AET, consider the one matching this IP
+        // If there are multiple modalities with the same AET, consider the one matching this IP 
+        // or check if the operation is allowed for all modalities
+        bool allowedForAllModalities = true;
+
         for (std::list<RemoteModalityParameters>::const_iterator
                it = modalities.begin(); it != modalities.end(); ++it)
         {
-          if (it->GetHost() == remoteIp)
+          if (it->IsRequestAllowed(type))
           {
-            if (it->IsRequestAllowed(type))
+            if (checkIp &&
+                it->GetHost() == remoteIp)
             {
               return true;
             }
-            else
-            {
-              ReportDisallowedCommand(remoteIp, remoteAet, type);
-              return false;
-            }
+          }
+          else
+          {
+            allowedForAllModalities = false;
           }
         }
 
-        LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet
-                     << " on IP " << remoteIp << ": " << modalities.size()
-                     << " modalites found with this AET in configuration option "
-                     << "\"DicomModalities\", but none of them matches the IP";
-        return false;
+        if (allowedForAllModalities)
+        {
+          return true;
+        }
+        else
+        {
+          ReportDisallowedCommand(remoteIp, remoteAet, type);
+
+          if (checkIp)
+          {
+            LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet
+                         << " on IP " << remoteIp << ": " << modalities.size()
+                         << " modalites found with this AET in configuration option "
+                         << "\"DicomModalities\", but the operation is allowed for none "
+                         << "of them matching the IP";
+          }
+          else
+          {
+            LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet
+                         << " on IP " << remoteIp << ": " << modalities.size()
+                         << " modalites found with this AET in configuration option "
+                         << "\"DicomModalities\", but the operation is not allowed for"
+                         << "all of them";
+          }
+          return false;
+        }
       }
     }
   }