Mercurial > hg > orthanc
changeset 4772:ec8aef42a7db
new configuration option "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP
author | Alain Mazy <am@osimis.io> |
---|---|
date | Mon, 30 Aug 2021 09:47:47 +0200 |
parents | 9f207131c7f4 |
children | 4757b36cc538 |
files | NEWS OrthancServer/Sources/main.cpp |
diffstat | 2 files changed, 21 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Wed Aug 25 17:20:21 2021 +0200 +++ b/NEWS Mon Aug 30 09:47:47 2021 +0200 @@ -1,6 +1,13 @@ Pending changes in the mainline =============================== +General +------- + +* New configuration options related to DICOM networking: + - "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP + + REST API --------
--- a/OrthancServer/Sources/main.cpp Wed Aug 25 17:20:21 2021 +0200 +++ b/OrthancServer/Sources/main.cpp Mon Aug 30 09:47:47 2021 +0200 @@ -279,6 +279,7 @@ bool alwaysAllowEcho_; bool alwaysAllowFind_; // New in Orthanc 1.9.0 bool alwaysAllowGet_; // New in Orthanc 1.9.0 + bool alwaysAllowMove_; // New in Orthanc 1.9.7 bool alwaysAllowStore_; public: @@ -290,6 +291,7 @@ alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true); alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false); alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false); + alwaysAllowMove_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowMove", false); alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true); } @@ -302,6 +304,11 @@ { LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities"; } + + if (alwaysAllowMove_) + { + LOG(WARNING) << "Security risk in DICOM SCP: C-MOOVE requests are always allowed, even from unknown modalities"; + } } virtual bool IsAllowedConnection(const std::string& remoteIp, @@ -314,6 +321,7 @@ if (alwaysAllowEcho_ || alwaysAllowFind_ || alwaysAllowGet_ || + alwaysAllowMove_ || alwaysAllowStore_) { return true; @@ -368,6 +376,12 @@ // Incoming C-Get requests are always accepted, even from unknown AET return true; } + else if (type == DicomRequestType_Move && + alwaysAllowMove_) + { + // Incoming C-Move requests are always accepted, even from unknown AET + return true; + } else { bool checkIp;