-
Notifications
You must be signed in to change notification settings - Fork 0
/
User_Device_History.sh
128 lines (103 loc) · 3.56 KB
/
User_Device_History.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/bin/bash
#Matthew Prins 2022
#https://github.com/MatthewPrins/Jamf/
#Find all devices or computers assigned at some point to a particular user
######################
#Jamf credentials
username="xxxxxx"
password="xxxxxx"
url="https://xxxxxx.jamfcloud.com"
source credentials.sh
#computers or mobile devices -- if $computers is true then computers, if false then mobile devices
computers=false
#email for user searching for
useremail="xxxxxx@xxxxxx.org"
######################
#Token function -- based on https://developer.jamf.com/jamf-pro/docs/jamf-pro-api-overview
getBearerToken() {
response=$(curl -s -u "$username":"$password" "$url"/api/v1/auth/token -X POST)
bearerToken=$(echo "$response" | plutil -extract token raw -)
tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s")
}
#get token
getBearerToken
#get path for computer or devices
if [[ $computers = true ]]; then
pathtype="computer"
JSSpathtype="computers"
xpathtype="computer_history"
urltype="computerhistory"
else
pathtype="mobile_device"
JSSpathtype="mobiledevices"
xpathtype="mobile_device_history"
urltype="mobiledevicehistory"
fi
#pull XML data from Jamf, change it to a list
#curl: pull XML data based on group ID
#xmllint: keep only the mobile device IDs from the XML (e.g. <id>456</id>)
#1st sed: delete "<id>"s
#2nd sed: replace "</id>"s with spaces
#3rd sed: delete extra final space
devices=$(curl --request GET \
--silent \
--url $url/JSSResource/$JSSpathtype \
--header 'Accept: application/xml' \
--header "Authorization: Bearer ${bearerToken}" \
| xmllint --xpath "//$pathtype/id" - \
| sed 's/<id>//g' \
| sed 's/<\/id>/ /g' \
| sed 's/.$//')
#get total count of devices -- counting the number of "words" in $devices
numberDevices=$(echo -n "$devices" | wc -w)
echo $numberDevices Devices
echo
echo 0 /$numberDevices
#iterate over the IDs
idarray=()
xmlarray=()
counter=0
#shopt -s lastpipe makes last command in the pipeline execute in current shell
#necessary for the for/do pipe to save variables to array
shopt -s lastpipe
for value in $devices
do
#pull history for device $value
#curl: retrieve all device UserLocation History XML data from the current ID
#xmllint: from that XML, pull the Location fields
#1st sed: delete any <location>
#2nd sed: delete any </location>, replace with line break
#while/do: read each line; if email address matches then save line to $xmlarray and ID to $idarray
curl --request GET \
--silent \
--url $url/JSSResource/$urltype/id/$value/subset/UserLocation \
--header 'Accept: application/xml' \
--header "Authorization: Bearer ${bearerToken}" \
| xmllint --xpath "//$xpathtype/user_location/location" - \
| sed 's/<location>//g' \
| sed 's/<\/location>/\n/g' \
| while IFS= read -r line; do if [[ $line == *"<email_address>$useremail</email_address>"* ]]; then xmlarray+=("$line"); idarray+=("$value"); fi; done
#print status every 10
let "counter+=1"
if [[ $(expr $counter % 10) = "0" ]]
then
echo $counter /$numberDevices
fi
#reset token every 500
if [[ $(expr $counter % 500) = "0" ]]
then
getBearerToken
fi
done
echo
echo "ID,date"
#iterate through $xmlarray/$idarray
#seds: delete everything before/after date_time_epoch field
#echo: print ID and the epoch date changed to y/m/d
for i in $(seq 0 $((${#idarray[@]}-1))); do
devicedate=$(echo "${xmlarray[i]}" \
| sed 's/.*<date_time_epoch>//g' \
| sed 's/<\/date_time_epoch>.*//g' )
echo ${idarray[i]},$(date -r $(expr $devicedate / 1000) +'%Y-%m-%d')
done