Mercurial > hg > orthanc
changeset 4942:bd7ad1cb40b6
Improved DICOM authorization checks when multiple modalities are declared with the same AET
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 16 Mar 2022 10:55:13 +0100 |
parents | 0b14c766ca7a |
children | 47d734fa30f6 |
files | NEWS OrthancServer/Sources/main.cpp |
diffstat | 2 files changed, 44 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Mon Mar 07 18:56:15 2022 +0100 +++ b/NEWS Wed Mar 16 10:55:13 2022 +0100 @@ -1,6 +1,13 @@ Pending changes in the mainline =============================== +General +------- + +* Improved DICOM authorization checks when multiple modalities are declared with + the same AET. + + Documentation -------------
--- a/OrthancServer/Sources/main.cpp Mon Mar 07 18:56:15 2022 +0100 +++ b/OrthancServer/Sources/main.cpp Wed Mar 16 10:55:13 2022 +0100 @@ -430,29 +430,53 @@ } else { - // If there are multiple modalities with the same AET, consider the one matching this IP + // If there are multiple modalities with the same AET, consider the one matching this IP + // or check if the operation is allowed for all modalities + bool allowedForAllModalities = true; + for (std::list<RemoteModalityParameters>::const_iterator it = modalities.begin(); it != modalities.end(); ++it) { - if (it->GetHost() == remoteIp) + if (it->IsRequestAllowed(type)) { - if (it->IsRequestAllowed(type)) + if (checkIp && + it->GetHost() == remoteIp) { return true; } - else - { - ReportDisallowedCommand(remoteIp, remoteAet, type); - return false; - } + } + else + { + allowedForAllModalities = false; } } - LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet - << " on IP " << remoteIp << ": " << modalities.size() - << " modalites found with this AET in configuration option " - << "\"DicomModalities\", but none of them matches the IP"; - return false; + if (allowedForAllModalities) + { + return true; + } + else + { + ReportDisallowedCommand(remoteIp, remoteAet, type); + + if (checkIp) + { + LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet + << " on IP " << remoteIp << ": " << modalities.size() + << " modalites found with this AET in configuration option " + << "\"DicomModalities\", but the operation is allowed for none " + << "of them matching the IP"; + } + else + { + LOG(WARNING) << "DICOM authorization rejected for AET " << remoteAet + << " on IP " << remoteIp << ": " << modalities.size() + << " modalites found with this AET in configuration option " + << "\"DicomModalities\", but the operation is not allowed for" + << "all of them"; + } + return false; + } } } }