From c296a35072f3fb630f48aac225e34f35440c1bcb Mon Sep 17 00:00:00 2001
From: John Klug <john.klug@multitech.com>
Date: Mon, 2 Dec 2019 19:02:07 -0600
Subject: Allow some time after submit to shut down lighttpd

---
 etc/init.d/commissioning      |  2 +-
 etc/init.d/php-fpm-commission | 11 ++++++++++-
 www/commission/index.php      | 23 ++++++++++++++++++++++-
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/etc/init.d/commissioning b/etc/init.d/commissioning
index 4f54267..c04a51a 100755
--- a/etc/init.d/commissioning
+++ b/etc/init.d/commissioning
@@ -15,7 +15,7 @@ ENABLED=yes
 if [[ ENABLED == no ]] ; then
     PASSWORDS=$(passwd -Sa | egrep '^[^[:space:]]+[[:space:]]P[[:space:]]' | wc -l)
     if (($PASSWORDS == 0)) ; then
-	# No password, so turn on commissioning
+	# No password, so turn on commissioning (php-fpm-commision will see this)
 	rm /etc/default/$NAME
 	ENABLED="yes"
     fi
diff --git a/etc/init.d/php-fpm-commission b/etc/init.d/php-fpm-commission
index 37cff70..d61584c 100755
--- a/etc/init.d/php-fpm-commission
+++ b/etc/init.d/php-fpm-commission
@@ -20,8 +20,17 @@ php_fpm_PID="/var/run/${NAME}.pid"
 
 
 php_opts="-R --fpm-config $php_fpm_CONF --pid $php_fpm_PID"
-ENABLED="yes"
+ENABLED=yes
 
+[ -f "/etc/default/commissioning" ] && . "/etc/config/commisioning"
+
+# /etc/default/no-${NAME} should point at /etc/default/.no-${NAME}
+# and contain ENABLED="no".
+# This will prevent commissioning on a factory reset
+# but not on an image update for tighter security.
+# If the device is to have no password at all, this file and
+# link must be created, and ENABLED must be set to "no"
+[ -f "/etc/default/no-${NAME}" ] && . "/etc/config/no-${NAME}"
 
 wait_for_pid () {
 	try=0
diff --git a/www/commission/index.php b/www/commission/index.php
index 5721968..23f86cf 100644
--- a/www/commission/index.php
+++ b/www/commission/index.php
@@ -137,10 +137,31 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){
             $result2 = trim(fread($handle, 4192));
             $status2 = pclose($handle);
             syslog(LOG_ALERT, "passwd: status: $status result: $result");
-            if ($status === 0) {
+            if ($status == 0) {
                 $finished = "Commissioning Complete";
                 $password_err = $result2;
                 $username_err = $result;
+                // Disable commissioning
+                $cmd = "ln -sf /var/config/default/commissioning /etc/default/commissioning 2>&1;echo 'ENABLED=\"no\"' >/var/config/default/commissioning 2>&1";
+                $handle = popen($cmd, 'r');
+                $result = trim(fread($handle, 4192));
+                $status = pclose($handle);
+                if ($status > 0) {
+                    syslog(LOG_ALERT, "configure commissioning off failure: command: $cmd");
+                    syslog(LOG_ALERT, "passwd: status: $status result: $result");
+                } else {
+                    // shut off web server
+                    $cmd = "/usr/sbin/start-stop-daemon -S -p /var/run/commissionoff.pid -b -a /bin/bash -- -c " .
+                        "/usr/share/commissioning/off/off.sh";
+                    syslog(LOG_ALERT, "turn off web server: command: $cmd");
+                    $handle = popen($cmd, 'r');
+                    $result = trim(fread($handle, 4192));
+                    $status = pclose($handle);
+                    if ($status > 0) {
+                        syslog(LOG_ALERT, "turn off commissioning service: command: $cmd");
+                        syslog(LOG_ALERT, "stopping service: status: $status result: $result");
+                    }
+                }
             } else {
                 $finished = "Errors: " . $result;
                 $save_password = "";
-- 
cgit v1.2.3