changeset 4772:ec8aef42a7db

new configuration option "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP
author Alain Mazy <am@osimis.io>
date Mon, 30 Aug 2021 09:47:47 +0200
parents 9f207131c7f4
children 4757b36cc538
files NEWS OrthancServer/Sources/main.cpp
diffstat 2 files changed, 21 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Wed Aug 25 17:20:21 2021 +0200
+++ b/NEWS	Mon Aug 30 09:47:47 2021 +0200
@@ -1,6 +1,13 @@
 Pending changes in the mainline
 ===============================
 
+General
+-------
+
+* New configuration options related to DICOM networking:
+  - "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP
+
+
 REST API
 --------
 
--- a/OrthancServer/Sources/main.cpp	Wed Aug 25 17:20:21 2021 +0200
+++ b/OrthancServer/Sources/main.cpp	Mon Aug 30 09:47:47 2021 +0200
@@ -279,6 +279,7 @@
   bool            alwaysAllowEcho_;
   bool            alwaysAllowFind_;  // New in Orthanc 1.9.0
   bool            alwaysAllowGet_;   // New in Orthanc 1.9.0
+  bool            alwaysAllowMove_;  // New in Orthanc 1.9.7
   bool            alwaysAllowStore_;
 
 public:
@@ -290,6 +291,7 @@
       alwaysAllowEcho_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowEcho", true);
       alwaysAllowFind_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowFind", false);
       alwaysAllowGet_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowGet", false);
+      alwaysAllowMove_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowMove", false);
       alwaysAllowStore_ = lock.GetConfiguration().GetBooleanParameter("DicomAlwaysAllowStore", true);
     }
 
@@ -302,6 +304,11 @@
     {
       LOG(WARNING) << "Security risk in DICOM SCP: C-GET requests are always allowed, even from unknown modalities";
     }
+
+    if (alwaysAllowMove_)
+    {
+      LOG(WARNING) << "Security risk in DICOM SCP: C-MOOVE requests are always allowed, even from unknown modalities";
+    }
   }
 
   virtual bool IsAllowedConnection(const std::string& remoteIp,
@@ -314,6 +321,7 @@
     if (alwaysAllowEcho_ ||
         alwaysAllowFind_ ||
         alwaysAllowGet_ ||
+        alwaysAllowMove_ ||
         alwaysAllowStore_)
     {
       return true;
@@ -368,6 +376,12 @@
       // Incoming C-Get requests are always accepted, even from unknown AET
       return true;
     }
+    else if (type == DicomRequestType_Move &&
+             alwaysAllowMove_)
+    {
+      // Incoming C-Move requests are always accepted, even from unknown AET
+      return true;
+    }
     else
     {
       bool checkIp;