├── .browserslistrc
├── babel.config.js
├── .env.local
├── postcss.config.js
├── public
    ├── tux.png
    ├── favicon.ico
    ├── api
    │   ├── user.php
    │   ├── centers.php
    │   ├── computers.php
    │   ├── exemptions.php
    │   ├── exemption_check.php
    │   ├── settings.inc
    │   ├── includes
    │   │   └── jamf.inc
    │   └── issueexemption.php
    └── index.html
├── src
    ├── assets
    │   └── logo.png
    ├── router.js
    ├── main.js
    ├── App.vue
    ├── components
    │   ├── Footer.vue
    │   └── Header.vue
    └── views
    │   └── Home.vue
├── .env
├── vue.config.js
├── .gitignore
├── settings.local.inc
├── package.json
├── README.md
└── Jamf Scripts
    ├── ExemptionRemoval.sh
    └── StartExemption.sh


/.browserslistrc:
--------------------------------------------------------------------------------
1 | > 1%
2 | last 2 versions
3 | not ie <= 8
4 | 


--------------------------------------------------------------------------------
/babel.config.js:
--------------------------------------------------------------------------------
1 | module.exports = {
2 |   presets: [
3 |     '@vue/app'
4 |   ]
5 | }
6 | 


--------------------------------------------------------------------------------
/.env.local:
--------------------------------------------------------------------------------
1 | NODE_ENV=dev
2 | VUE_APP_API_SITE_URL=https://your.dev.server/pivexemption
3 | 


--------------------------------------------------------------------------------
/postcss.config.js:
--------------------------------------------------------------------------------
1 | module.exports = {
2 |   plugins: {
3 |     autoprefixer: {}
4 |   }
5 | }
6 | 


--------------------------------------------------------------------------------
/public/tux.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/therealmacjeezy/piv-exemption-portal/master/public/tux.png


--------------------------------------------------------------------------------
/public/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/therealmacjeezy/piv-exemption-portal/master/public/favicon.ico


--------------------------------------------------------------------------------
/src/assets/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/therealmacjeezy/piv-exemption-portal/master/src/assets/logo.png


--------------------------------------------------------------------------------
/.env:
--------------------------------------------------------------------------------
1 | NODE_ENV=production
2 | VUE_APP_API_SITE_URL=https://your.server/pivexemption
3 | BASE_URL=https://your.server/pivexemption
4 | 


--------------------------------------------------------------------------------
/vue.config.js:
--------------------------------------------------------------------------------
1 | module.exports = {
2 |   publicPath: process.env.NODE_ENV === 'production'
3 |     ? 'https://your.server/pivexemption'
4 |     : '/'
5 | }
6 | 


--------------------------------------------------------------------------------
/public/api/user.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | include_once 'includes/jamf.inc';
 4 | include_once 'settings.inc';
 5 | 
 6 | # Replace SAML_RETURN with the variable your IdP uses to return the username of the person logging in
 7 | $user = $_SERVER['SAML_RETURN'];
 8 | 
 9 | print(json_encode($user));
10 | 
11 | 


--------------------------------------------------------------------------------
/src/router.js:
--------------------------------------------------------------------------------
 1 | import Vue from 'vue'
 2 | import Router from 'vue-router'
 3 | import Home from './views/Home.vue'
 4 | 
 5 | Vue.use(Router)
 6 | 
 7 | export default new Router({
 8 |   mode: 'history',
 9 |   base: '/pivexemption',
10 |   routes: [
11 |     {
12 |       path: '/',
13 |       name: 'home',
14 |       component: Home
15 |     }
16 |   ]
17 | })
18 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .DS_Store
 2 | node_modules
 3 | /dist
 4 | 
 5 | # local env files
 6 | # Uncomment the below line after adding your dev server url
 7 | #.env.local
 8 | .env.*.local
 9 | 
10 | # Log files
11 | npm-debug.log*
12 | yarn-debug.log*
13 | yarn-error.log*
14 | 
15 | # Editor directories and files
16 | .idea
17 | .vscode
18 | *.suo
19 | *.ntvs*
20 | *.njsproj
21 | *.sln
22 | *.sw*
23 | 


--------------------------------------------------------------------------------
/settings.local.inc:
--------------------------------------------------------------------------------
 1 | <?php
 2 | # This file goes on the server itself. Don't forget to add this file to the .gitignore if using git
 3 | 
 4 | $DEV_MODE = false;
 5 | # Jamf Pro API account used in your prod environment
 6 | $PROD_CRED = "api_user:api_pass";
 7 | # Jamf Pro Dev API account used in your dev environment
 8 | $DEV_CRED = "devapi_user:devapi_pass";
 9 | # Static username to mimic the uid of the logged in user
10 | $DEV_USER = "test_user";


--------------------------------------------------------------------------------
/public/api/centers.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | include_once 'includes/jamf.inc';
 4 | include_once 'settings.inc';
 5 | 
 6 | $centers = [];
 7 | $user = $_SERVER['SAML_RETURN'];
 8 | 
 9 | $filteredCenters = array_filter(CENTERS, function ($k) {
10 | 	return CENTERS[$k]['dev'] == DEV_MODE;
11 | }, ARRAY_FILTER_USE_KEY);
12 | 
13 | foreach ($filteredCenters as $k => $v) {
14 | 	$centers[] = array(
15 | 		"value" => $k,
16 | 		"text" => $v['label']
17 | 	);
18 | }
19 | 
20 | #print($user);
21 | print(json_encode($centers));


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "pivexemption",
 3 |   "version": "0.1.0",
 4 |   "private": true,
 5 |   "scripts": {
 6 |     "serve": "vue-cli-service serve",
 7 |     "build": "vue-cli-service build"
 8 |   },
 9 |   "dependencies": {
10 |     "axios": "^0.18.0",
11 |     "bootstrap-vue": "^2.0.0-rc.14",
12 |     "jquery": "^1.9.1",
13 |     "vue": "^2.6.6",
14 |     "vue-router": "^3.0.1"
15 |   },
16 |   "devDependencies": {
17 |     "@vue/cli-plugin-babel": "^3.5.0",
18 |     "@vue/cli-service": "^3.5.0",
19 |     "vue-template-compiler": "^2.5.21"
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/public/api/computers.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | include_once 'includes/jamf.inc';
 4 | include_once 'settings.inc';
 5 | 
 6 | $user = $_GET['user'];
 7 | $selectedCenter = $_GET['selectedCenter'];
 8 | 
 9 | $center = getCenter($selectedCenter);
10 | 
11 | 
12 | 
13 | try {
14 | 	$comps = callAPI($center, 'GET', "users/name/$user", false);
15 | 	if (is_null($comps)) {
16 | 		$error="";
17 | 		print(json_encode($error)); 
18 | 	} else 
19 | 	{
20 | 		$userComputers = $comps->user->links->computers;
21 | 		print(json_encode($userComputers));
22 | 	}
23 | } catch (Exception $e) {
24 | 	print[];
25 | }
26 | 


--------------------------------------------------------------------------------
/public/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 |   <head>
 4 |     <meta charset="utf-8">
 5 |     <meta http-equiv="X-UA-Compatible" content="IE=edge">
 6 |     <meta name="viewport" content="width=device-width,initial-scale=1.0">
 7 |     <link rel="icon" href="<%= BASE_URL %>favicon.ico">
 8 |     <title>pivexemption</title>
 9 |   </head>
10 |   <body>
11 |     <noscript>
12 |       <strong>We're sorry but pivexemption doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
13 |     </noscript>
14 |     <div id="app"></div>
15 |     <!-- built files will be auto injected -->
16 |   </body>
17 | </html>
18 | 


--------------------------------------------------------------------------------
/public/api/exemptions.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | include_once 'settings.inc';
 4 | include_once 'includes/jamf.inc';
 5 | 
 6 | $selectedCenter = $_GET['selectedCenter'];
 7 | 
 8 | $center = getCenter($selectedCenter);
 9 | 
10 | $attributeName = urlencode(PIV_EXEMPTION_ATTRIBUTE);
11 | $attribute = callAPI($center, 'GET', "computerextensionattributes/name/${attributeName}", false);
12 | 
13 | $values = $attribute->computer_extension_attribute->input_type->popup_choices;
14 | print(json_encode(array_values(array_filter($values, function($v) {
15 | 	return (
16 | 		strtoupper(substr($v, 0, 8)) != "TEMP SYS" && 
17 | 		strtoupper(substr($v, 0, 3)) != "RBD"
18 | 	);
19 | }))));
20 | 


--------------------------------------------------------------------------------
/src/main.js:
--------------------------------------------------------------------------------
 1 | import Vue from 'vue'
 2 | import App from './App.vue'
 3 | import router from './router'
 4 | import axios from 'axios'
 5 | import BootstrapVue from 'bootstrap-vue'
 6 | import 'bootstrap/dist/css/bootstrap.css'
 7 | import 'bootstrap-vue/dist/bootstrap-vue.css'
 8 | 
 9 | Vue.config.productionTip = false
10 | Vue.use(BootstrapVue)
11 | Vue.prototype.$http = axios.create({
12 |   baseURL: process.env.VUE_APP_API_SITE_URL,
13 |   withCredentials: false,
14 |   headers: {
15 |     // 'Access-Control-Allow-Origin': '*',
16 |     // 'Content-Type': 'application/json',
17 |   },
18 | })
19 | 
20 | new Vue({
21 |   router,
22 |   render: h => h(App)
23 | }).$mount('#app')
24 | 


--------------------------------------------------------------------------------
/src/App.vue:
--------------------------------------------------------------------------------
 1 | <template>
 2 |   <div id="app">
 3 |     <Header/>
 4 |     <Home/>
 5 |     <Footer/>
 6 |   </div>
 7 | </template>
 8 | 
 9 | <script>
10 | export default {
11 |   name: 'app',
12 |   components: {
13 |     Header: () => import ('@/components/Header.vue'),
14 |     Footer: () => import ('@/components/Footer.vue'),
15 |     Home: () => import ('@/views/Home.vue')
16 |   }
17 | }
18 | </script>
19 | 
20 | <style>
21 | #app {
22 |   font-family: 'Avenir', Helvetica, Arial, sans-serif;
23 |   -webkit-font-smoothing: antialiased;
24 |   -moz-osx-font-smoothing: grayscale;
25 |   text-align: center;
26 |   color: #2c3e50;
27 | }
28 | #nav {
29 |   padding: 30px;
30 | }
31 | 
32 | #nav a {
33 |   font-weight: bold;
34 |   color: #2c3e50;
35 | }
36 | 
37 | #nav a.router-link-exact-active {
38 |   color: #42b983;
39 | }
40 | </style>
41 | 


--------------------------------------------------------------------------------
/src/components/Footer.vue:
--------------------------------------------------------------------------------
 1 | <template>
 2 |   <div class="footer">
 3 |     <hr >
 4 |       <b-row>
 5 |         <b-col sm="auto">
 6 |           <img src="tux.png">
 7 |         </b-col>
 8 |         <!-- <b-col col lg="4">  -->
 9 |         <b-col sm="auto" class="info">
10 |           <b>Created by:</b> Joshua Harvey<br>
11 |           <b>Contact information: </b> <a href="mailto:josh@macjeezy.com">josh@macjeezy.com</a><br>
12 |           <b>Last Updated:</b> Oct 2019<br>
13 |         </b-col>
14 |       </b-row>
15 |   </div>
16 | </template>
17 | 
18 | <script>
19 | export default {
20 |   name: 'footer',
21 | }
22 | </script>
23 | 
24 | <style>
25 | .footer {
26 |     text-align: left;
27 |     /* font-family: Arial, Helvetica, sans-serif; */
28 |     font-size: 14px;
29 |     padding-left: 15px;  
30 | }
31 | 
32 | .footer a {
33 |     color: rgb(19, 114, 158);
34 |     /* font-family: Arial, Helvetica, sans-serif; */
35 |     text-decoration: none;
36 | }
37 | 
38 | .footer .col {
39 |   border: 0px;
40 | }
41 | 
42 | .footer .info {
43 |   padding-top: 5px;
44 | }
45 | </style>


--------------------------------------------------------------------------------
/src/components/Header.vue:
--------------------------------------------------------------------------------
 1 | <template>
 2 |   <b-navbar toggleable="lg" class="navbar-custom">
 3 |     <!-- <b-navbar-nav>
 4 |       <b-nav-item col lg="2" :to="{ name: 'home' }">Home</b-nav-item >
 5 |     </b-navbar-nav> -->
 6 | 
 7 |     <b-col class="justify-content-md-center" size="auto"><h5>PIV Exemption Portal</h5></b-col>
 8 |   </b-navbar>
 9 | </template>
10 | 
11 | <script>
12 | export default {
13 |   name: 'header',
14 | }
15 | </script>
16 | 
17 | <style scoped>
18 | .col { 
19 |   border: 1px solid transparent;
20 |   padding-top: 5px; 
21 | }
22 | 
23 | h5 {
24 |   color: white;
25 |   text-shadow: 1px 2px 6px rgb(0, 0, 0);
26 | }
27 | 
28 | .navbar-custom {
29 |     color: #000;
30 |     background-color: rgb(214, 39, 39);
31 |     margin-bottom: 10px;
32 | }
33 | 
34 | .sitesLabel { 
35 |   padding-right: 5px;
36 | }
37 | 
38 | .navbar-custom .nav-link{
39 |     color: #ffffff;
40 | }
41 | 
42 | .dropdown-menu a:hover{
43 |   background-color: rgb(136, 194, 248);
44 | }
45 | 
46 | .navbar-custom .nav-item.b-nav-dropdown active{
47 |   color: #ff0000 !important;
48 |   font-weight: bold;
49 | }
50 | 
51 | .navbar-custom li.nav-item a:hover{
52 |     color: #ffffff;
53 | }
54 | 
55 | .navbar-custom .nav-link.router-link-exact-active.router-link-active{
56 |     color: #a1f1fc;
57 |     font-weight: bold;
58 | }
59 | </style>


--------------------------------------------------------------------------------
/public/api/exemption_check.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | include_once 'includes/jamf.inc';
 4 | include_once 'settings.inc';
 5 | 
 6 | $selectedCenter = $_GET['selectedCenter'];
 7 | $EA_NAME = "Smartcard-exempt";
 8 | $EAID = "10";
 9 | $computerID = $_GET['id'];
10 | 
11 | $center = getCenter($selectedCenter);
12 | 
13 | function searchForEA($name, $array) {
14 |     foreach ($array as $key => $val) {
15 |         if ($val['name'] === $name) {
16 |             return $key;
17 |         }
18 |     }
19 |     return null;
20 | }
21 | 
22 | 
23 | function EA_search_array($needle, $haystack) {
24 | 	
25 | 	if (in_array($needle, $haystack)) {
26 | 		return true;
27 | 	}
28 | 	
29 | 	foreach ($haystack as $item) {
30 | 		if (is_array($item) && search_array($needle, $item)) 
31 | 		return true;
32 | 	}
33 | 	
34 | 	return false;
35 | 	
36 | }
37 | 
38 | $ea_check = callAPI($center, 'GET', "computers/id/$computerID/subset/extension_attributes", false)->computer->extension_attributes;
39 | 
40 | 
41 | try {
42 |     $ea_array = json_decode(json_encode($ea_check),true);
43 | 
44 |     $array_value = searchForEA("Smartcard-exempt", $ea_array);
45 | 
46 |     if (EA_search_array("0", $ea_array[$array_value])) {
47 |         echo 'Not Exempt';
48 |     } else {
49 |         echo 'Exempted';
50 |     }
51 |     
52 |     // print(json_encode($ea_array[$array_value]));
53 | } catch (exception $e) {
54 | 	print "[]";
55 | }


--------------------------------------------------------------------------------
/public/api/settings.inc:
--------------------------------------------------------------------------------
 1 | <?php
 2 | // this included file is NOT put in git
 3 | include 'settings.local.inc';
 4 | 
 5 | // are we going to act on the dev server or production servers
 6 | define('DEV_MODE', $DEV_MODE);
 7 | 
 8 | define('DEV_USER', $DEV_USER);
 9 | 
10 | // this is where the list of piv exemption reasons comes from. An api call reads the menu options of a jamf EA
11 | define('PIV_EXEMPTION_ATTRIBUTE', 'Smartcard-exempt - Justification Category');
12 | 
13 | // what is the information for the various jamf servers
14 | define('CENTERS', array(
15 |   "JP1" => array(
16 |     "domain" => "your.server1.com",
17 |     "creds" => $PROD_CRED,
18 |     "dev" => false,
19 |     "label" => "Jamf Server 1"
20 |   ),
21 |   "JP2" => array(
22 |     "domain" => "your.server2.com",
23 |     "creds" => $PROD_CRED,
24 |     "dev" => false,
25 |     "label" => "Jamf Server 2"
26 |   ),
27 |   "JP3" => array(
28 |     "domain" => "your.server3.com",
29 |     "creds" => $PROD_CRED,
30 |     "dev" => false,
31 |     "label" => "Jamf Server 3"
32 |   ),
33 |   "DEV" => array(
34 |     "domain" => "your.dev.server.com",
35 |     "creds" => $DEV_CRED,
36 |     "dev" => true,
37 |     "label" => "Dev Server"
38 |   ),
39 | ));
40 | 
41 | function getCenter(&$site) {
42 |   if (DEV_MODE) {
43 |     return CENTERS['DEV'];
44 |   }
45 | 
46 |   if (strpos($site, '#') > 0) {
47 |     $split = explode('#', $site);
48 |     $center = CENTERS[$split[0]];
49 |     $site = $split[1];
50 |     return $center;
51 |   }
52 | 
53 |   return CENTERS[explode('-', $site)[0]];
54 | }


--------------------------------------------------------------------------------
/public/api/includes/jamf.inc:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | include_once 'settings.inc';
 4 | 
 5 | function callAPI($center, $method, $path, $data=NULL, $json_encode=true){
 6 |   if (!is_array($center)) {
 7 |     $fixedCenter = getCenter($center);
 8 |     $center = CENTERS[$fixedCenter];
 9 |   }
10 | 
11 |   $url = "https://{$center['domain']}/JSSResource/{$path}";
12 |   $curl = curl_init();
13 | 
14 |   switch ($method){
15 |     case "POST":
16 |       curl_setopt($curl, CURLOPT_POST, 1);
17 |       if ($data)
18 |         curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
19 |       break;
20 |     case "PUT":
21 |       curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
22 |       if ($data)
23 |         curl_setopt($curl, CURLOPT_POSTFIELDS, $data);			 					
24 |       break;
25 |     default:
26 |       if ($data)
27 |         $url = sprintf("%s?%s", $url, http_build_query($data));
28 |   }
29 | 
30 |   // OPTIONS:
31 |   curl_setopt($curl, CURLOPT_URL, $url);
32 |   curl_setopt($curl, CURLOPT_HTTPHEADER, array(
33 |     'APIKEY: 111111111111111111111',
34 |     'Accept: application/json',
35 |     'Content-Type: application/xml',
36 |   ));
37 |   curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
38 |   curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
39 |   // Change service account before production
40 |   curl_setopt($curl, CURLOPT_USERPWD, $center['creds']);
41 |   curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
42 | 
43 |   // EXECUTE:
44 |   $result = curl_exec($curl);
45 |   $httpcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
46 |   if ($httpcode != 200) {
47 |     $result = "";
48 |   }
49 |   if ($json_encode) {
50 |     $result = json_decode($result);
51 |   }
52 |   curl_close($curl);
53 |   return $result;
54 | }
55 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # pivexemption
 2 | 
 3 | PIV Exemption Portal
 4 | 
 5 | Project setup
 6 | 
 7 | `npm install`
 8 | 
 9 | Compiles and hot-reloads for development
10 | 
11 | `npm run serve`
12 | 
13 | Compiles and minifies for production
14 | 
15 | `npm run build`
16 | 
17 | 
18 | ## Jamf Pro Items
19 | ### Smart Group
20 | 
21 | **- PIV Exemption Portal**
22 | 
23 |     - Smart Computer Group that looks at the "Smartcard-Exempt - Reason" EA for "Jamf Admin:"
24 | 
25 | ### Policies
26 | 
27 | **- Start PIV Exemption**
28 | 
29 |     - Script: StartExemption.sh
30 | 
31 |     - Frequency: Once a week
32 | 
33 |     - Trigger: Check-in
34 | 
35 |     - Scope: PIV Exemption Portal Smart Group
36 | 
37 | **- Remove PIV Exemption**
38 | 
39 |     - Script: ExemptionRemoval.sh
40 | 
41 |     - Search for com.jamf.exemptioncheck.plist and delete if found
42 | 
43 |     - Run Unix command 'rm -f /Library/Scripts/checkDate.sh'
44 | 
45 |     - Frequency: Ongoing
46 | 
47 |     - Trigger: removeExemption
48 | 
49 |     - Scope: PIV Exemption Portal Smart Group
50 | 
51 | 
52 | ### Extension Attributes
53 | 
54 | **- Smartcard-exempt**
55 | 
56 |     - Type: Integer / Pop-up Menu
57 | 
58 |     - Choices:
59 | 
60 |         - 0
61 | 
62 |         - 1
63 | 
64 |     - Used to trigger the Exemption Configuration Profile
65 | 
66 | **- Smartcard-exempt - Justification Category**
67 | 
68 |     - Type: Pop-up Menu
69 | 
70 |     - Add choices to be used. Will also be used with the PIV Exemption Portal
71 | 
72 | **- Smartcard-exempt - Reason**
73 | 
74 |     - Type: Text Field
75 | 
76 |     - Used to store input from the PIV Exemption Portal that is also used in the Smart Computer Group criteria
77 | 
78 | ### Scripts
79 | 
80 | **- ExemptionRemoval.sh**
81 | 
82 |     - Removes the exemption. Used in the Remove PIV Exemption policy
83 | 
84 | **- StartExemption.sh**
85 | 
86 |     - Starts the exemption. Used in the Start PIV Exemption policy


--------------------------------------------------------------------------------
/public/api/issueexemption.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | include_once 'settings.inc';
 4 | include_once 'includes/jamf.inc';
 5 | 
 6 | $_POST = json_decode(file_get_contents('php://input'));
 7 | 
 8 | # Replace SAML_RETURN with the variable your IdP uses to return the username of the person logging in
 9 | $user = !DEV_MODE ? $_SERVER['SAML_RETURN'] : DEV_USER;
10 | $computerID = $_POST->params->id;
11 | $selectedCenter = $_POST->params->selectedCenter;
12 | $reason = $_POST->params->selectedReason;
13 | 
14 | # Replace the path below with a location to save the logs
15 | $LOG_PATH = 'e:\pivexemption\exemptions.log';
16 | 
17 | $center = getCenter($selectedCenter);
18 | $selectedCenter = $center[domain];
19 | 
20 | error_log("---Start New Exemption---\n", 3, $LOG_PATH);
21 | error_log("Center Selected: " . $selectedCenter . "\n", 3, $LOG_PATH);
22 | error_log("Jamf Admin: " . $user . "\n", 3, $LOG_PATH);
23 | error_log("Reason Selected: " . $reason . "\n", 3, $LOG_PATH);
24 | error_log("---End New Exemption---\n", 3, $LOG_PATH);
25 | 
26 | # Replace the below variables with the ones used in your jamf pro
27 | # EA Names
28 | $PIV_EXEMPTION_EA = 'Smartcard-exempt';
29 | $PIV_EXEMPTION_REASON = 'Smartcard-exempt - Justification Category';
30 | $PIV_EXEMPTION_DOCUMENTATION = 'Smartcard-exempt - Reason';
31 | 
32 | $pivDocumentation = "Jamf Admin: ${user}";
33 | 
34 | # This is the data that gets used in the API call. It flips the EA from a 0 to a 1 which triggers the Exemption
35 | $pivXML = "<computer><extension_attributes><extension_attribute><name>$PIV_EXEMPTION_EA</name><type>Integer</type><value>1</value></extension_attribute><extension_attribute><name>$PIV_EXEMPTION_REASON</name><type>String</type><value>$reason</value></extension_attribute><extension_attribute><name>$PIV_EXEMPTION_DOCUMENTATION</name><type>String</type><value>$pivDocumentation</value></extension_attribute></extension_attributes></computer>";
36 | 
37 | callAPI($center, 'PUT', "computers/id/${computerID}/subset/extension_attributes", $pivXML);
38 | 


--------------------------------------------------------------------------------
/Jamf Scripts/ExemptionRemoval.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #################################################
 4 | # Enforce Timed PIV Exemption - Remove
 5 | # Name: checkDate.sh
 6 | # Joshua Harvey | Oct 2019
 7 | # josh@macjeezy.com
 8 | #################################################
 9 | 
10 | if [[ -z $4 ]]; then
11 |     echo "Missing Server Info"
12 |     exit 1
13 | else
14 |     jssURL="$4"
15 | fi
16 | 
17 | udid=$(system_profiler SPHardwareDataType | grep UUID | awk '{print $3}')
18 | PIV_EXEMPTION_EA="Smartcard-exempt"
19 | PIV_EXEMPTION_REASON="Smartcard-exempt - Justification Category"
20 | PIV_EXEMPTION_DOCUMENTATION="Smartcard-exempt - Reason"
21 | 
22 | 
23 | function DecryptString() {
24 |     # Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
25 |     echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
26 | }
27 | 
28 | apiUser=$(DecryptString "$5" '<SALT>' '<HASH>') 
29 | apiPass=$(DecryptString "$6" '<SALT>' '<HASH>')
30 | 
31 | 
32 | echo "Starting EA Section"
33 | 
34 | # curl command to update ea 
35 | setEAStatus() {
36 |   echo "Resetting Extension Attributes"
37 |   curl -sk -u $apiUser:"$apiPass" -X "PUT" "https://$jssURL/JSSResource/computers/udid/$udid/subset/extension_attributes" \
38 |       -H "Content-Type: application/xml" \
39 |       -H "Accept: application/xml" \
40 |       -d "<computer><extension_attributes><extension_attribute><name>$PIV_EXEMPTION_EA</name><type>Integer</type><value>0</value></extension_attribute><extension_attribute><name>$PIV_EXEMPTION_REASON</name><type>String</type><value>""</value></extension_attribute><extension_attribute><name>$PIV_EXEMPTION_DOCUMENTATION</name><type>String</type><value>""</value></extension_attribute></extension_attributes></computer>"
41 | }
42 | # Set Status
43 | setEAStatus
44 | 
45 | if [[ -e "/Library/Scripts/checkDate.sh" ]]; then
46 |     echo "Removing Date Check Script"
47 |     rm -f "/Library/Scripts/checkDate.sh"
48 | fi
49 | 
50 | if [[ -e "/Users/Shared/time.log" ]]; then
51 |     echo "Removing Exemption Receipt"
52 |     rm -f "/Users/Shared/time.log"
53 | fi
54 | 
55 | if [[ -e "/Library/LaunchDaemons/com.jamf.exemptioncheck.plist" ]]; then
56 | 	echo "Stopping Launchd item"
57 |     sudo launchctl stop /Library/LaunchDaemons/com.jamf.exemptioncheck.plist
58 |     echo "Unloading Launchd item"
59 |     sudo launchctl unload /Library/LaunchDaemons/com.jamf.exemptioncheck.plist
60 |     echo "Removing Launchd item"
61 |     sudo rm -f "/Library/LaunchDaemons/com.jamf.exemptioncheck.plist"
62 | fi
63 | 
64 | echo "Exemption files have been unloaded and removed. The computer should now be PIV Enforced."
65 | 
66 | exit 0


--------------------------------------------------------------------------------
/Jamf Scripts/StartExemption.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #################################################
 4 | # Enforce Timed PIV Exemption
 5 | # Create Exemption Check Files
 6 | # Joshua Harvey | Oct 2019
 7 | # josh@macjeezy.com
 8 | #################################################
 9 | 
10 | # Create receipt for when the exemption expires
11 | EXEMPTION_END=$(date -v +2d +"%m-%d")
12 | 
13 | echo "$EXEMPTION_END" > /Users/Shared/time.log 
14 | chflags hidden /Users/Shared/time.log
15 | 
16 | echo "PIV Exemption End Date: $EXEMPTION_END"
17 | 
18 | # Create Date Check Script
19 | echo "Creating Exemption Check Script"
20 | /bin/cat > "/Library/Scripts/checkDate.sh" << 'Check_Date'
21 | #!/bin/bash
22 | 
23 | #################################################
24 | # Enforce Timed PIV Exemption - Check
25 | # Name: checkDate.sh
26 | # Joshua Harvey | Oct 2019
27 | # josh@macjeezy.com
28 | #################################################
29 | 
30 | GET_TIME=$(cat /Users/Shared/time.log)
31 | currTime=$(date +"%m-%d")
32 | 
33 | removeExemption() {
34 | 	echo "Starting Exemption Removal via Jamf Policy"
35 | 	sudo /usr/local/bin/jamf policy -trigger removeExemption
36 | }
37 | 
38 | if [[ "$currTime" = "$GET_TIME" ]]; then
39 | 	echo "Exemption ($GET_TIME) expires today. Time to remove"
40 | 	removeExemption
41 | elif [[ "$currTime" > "$GET_TIME" ]]; then
42 | 	echo "Exemption ($GET_TIME) has expired. Time to remove"
43 | 	removeExemption
44 | else
45 | 	echo "Exemption is still valid until $GET_TIME"
46 | fi
47 | Check_Date
48 | 
49 | /bin/chmod a+x /Library/Scripts/checkDate.sh
50 | /usr/bin/chflags hidden /Library/Scripts/checkDate.sh
51 | echo "Exemption Check Script Created"
52 | 
53 | # Create launchd item to run each day to trigger the script. This is kicked off at 10am
54 | echo "Creating Launchd item"
55 | /bin/cat > "/Library/LaunchDaemons/com.jamf.exemptioncheck.plist" << 'Exemption_Check'
56 | <?xml version="1.0" encoding="UTF-8"?>
57 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
58 | <plist version="1.0">
59 | <dict>
60 |     <key>Label</key>
61 |     <string>com.jamf.exemptioncheck.plist</string>
62 |     <key>ProgramArguments</key>
63 |     <array>
64 |         <string>sh</string>
65 |         <string>/Library/Scripts/checkDate.sh</string>
66 |     </array>
67 |     <key>RunAtLoad</key>
68 |     <true/>
69 |     <key>StartCalendarInterval</key>
70 |     <dict>
71 |         <key>Hour</key>
72 |         <integer>10</integer>
73 |     </dict>
74 |     <key>StandardErrorPath</key>
75 |     <string>/Library/Scripts/error.log</string>
76 | </dict>
77 | </plist>
78 | Exemption_Check
79 | 
80 | sudo /bin/chmod 0644 "/Library/LaunchDaemons/com.jamf.exemptioncheck.plist"
81 | sudo /bin/launchctl load "/Library/LaunchDaemons/com.jamf.exemptioncheck.plist"
82 | sudo /bin/launchctl start "/Library/LaunchDaemons/com.jamf.exemptioncheck.plist"
83 | echo "Launchd item created and loaded"
84 | 


--------------------------------------------------------------------------------
/src/views/Home.vue:
--------------------------------------------------------------------------------
  1 | <template>
  2 |   <div class="home">
  3 |     <b-row class="justify-content-md-center">
  4 |       <b-col col lg="6">
  5 |       <!--Comment out the line below if you aren't capturing the uid of the user logging into the piv exemption portal-->
  6 |       <p><b>Logged In As: </b> <b class="auid">{{ this.userName }}</b></p>
  7 |       <p>To start, select the jamf server for the user. <br> Once the jamf server is selected, you will be able to enter a username and search for any computer that user is assigned to.</p>
  8 |         <b-form-select size="sm" v-model="selectedCenter" :options="centerList" @change="changedCenter">
  9 |           <template slot="first">
 10 |               <option :value="null" disabled selected>Select A Jamf Server..</option>
 11 |           </template>
 12 |         </b-form-select>
 13 |       </b-col>
 14 |     </b-row>
 15 | 
 16 |     <div v-if="selectedCenter" class="centerMenu">
 17 | 
 18 |       <b-row class="justify-content-md-center">
 19 |         <b-col col lg="1">
 20 |           <b>Username:</b>
 21 |         </b-col>
 22 |         <b-col col lg="2">
 23 |             <b-form-input
 24 |             size="sm"
 25 |             id="usernameField" 
 26 |             v-model="userSearch" 
 27 |             type="text" 
 28 |             placeholder="srocket"
 29 |             @input="resetField"/>
 30 |             <b-form-text id="usernameFieldHelp">User's Username</b-form-text>
 31 |         </b-col>
 32 |           <b-col col lg="1">
 33 |             <div v-if="userSearch.length > '4'">
 34 |               <b-button size="sm" @click="onSearch" variant="outline-primary">Search</b-button>
 35 |             </div>
 36 |           </b-col>
 37 |       </b-row>
 38 | 
 39 |       <b-row class="justify-content-md-center">
 40 |         <b-col col lg="4">
 41 |           <div v-if="startSearch === 'yes' && userSearch.length > '4'">
 42 |               <b-table :items="computersList" :fields="fields" striped>
 43 |                 <template slot="show_details" slot-scope="row">
 44 |                   <b-button size="sm" @click="selectComputer(row)" class="mr-2">
 45 |                     Select Computer
 46 |                   </b-button>
 47 |                 </template>
 48 | 
 49 |                 <template slot="row-details" slot-scope="row">
 50 |                   <div v-if="!row.item.exempt">
 51 |                   <b-card>
 52 |                     <div>
 53 |                     <b-row class="mb-2">
 54 |                       <b-col sm="6" class="text-sm-right"><b>Computer Name:</b></b-col>
 55 |                       <b-col>{{ row.item.name }}</b-col>
 56 |                     </b-row>
 57 |                     </div>
 58 | 
 59 |                     <b-row class="mb-2">
 60 |                       <div v-if="exemptionStatus != 'Exempted' && checkStatus != 'checking'" class="exemptionChoices">
 61 |                       <b-form-group label="PIV Exemption Reason">
 62 |                           <b-form-radio-group v-model="selectedReason" :options="exemptionReason" :state="state" name="reasonOptions">
 63 |                           <b-form-invalid-feedback :state="state">Please select one</b-form-invalid-feedback>
 64 |                           <b-form-valid-feedback :state="state">Selected: {{ selectedReason }}</b-form-valid-feedback>
 65 |                         </b-form-radio-group>
 66 |                       </b-form-group>
 67 |                       </div>
 68 |                     </b-row>
 69 |                   
 70 | 
 71 |                     <b-row class="justify-content-md-center">
 72 |                       <div>  
 73 |                         <!--Alert for exemption check-->
 74 |                         <div v-if="checkStatus == 'checking'">
 75 |                           <b-alert
 76 |                             :show="dismissCountDown"
 77 |                             
 78 |                             variant="info"
 79 |                             @dismissed="dismissCountDown=0"
 80 |                             @dismiss-count-down="countDownChanged"
 81 |                           >
 82 |                             <pre>Checking Current PIV Exemption Status for
 83 | {{ row.item.name }}
 84 | Please wait..</pre>
 85 |                             <b-progress
 86 |                               variant="dark"
 87 |                               :max="dismissSecs"
 88 |                               :value="dismissCountDown"
 89 |                               height="0px"
 90 |                             ></b-progress>
 91 |                           </b-alert>
 92 |                         </div>
 93 |                         <div v-if="exemptionStatus == 'Not Exempt' && checkStatus == 'done'">
 94 |                         <b-button size="sm" @click="issueExemption(row)">Issue PIV Exemption</b-button>
 95 |                         </div>  
 96 |                         <div v-if="exemptionStatus == 'Exempted' && checkStatus == 'done'">
 97 |                         <b class="auid">This computer is currently in a PIV Exempt state. Instruct the user to contact their System Administrator Team for troubleshooting if needed.</b>
 98 |                         </div>
 99 |                       </div>
100 |                     </b-row>
101 |                   </b-card>
102 |                   </div>
103 | 
104 |                   <div v-else>
105 |                     <b-card>
106 |                       <b-row class="mb-2">
107 |                         <b-col sm="6" class="text-sm-center"><b>PIV Exemption Completed</b></b-col>
108 |                       </b-row>
109 |                     </b-card>
110 |                   </div>
111 |                 </template>
112 |               </b-table>
113 | 
114 |             </div>
115 |           </b-col>
116 |         </b-row>
117 | 
118 |         <div v-if="this.computersList == 'No Computers Found.'">
119 |             <p class="auid"> No Computers Found for {{ this.userSearch }}.</p>
120 |         </div>
121 | 
122 |     </div>
123 |   </div>
124 | </template>
125 | 
126 | <script>
127 | export default {
128 |   name: 'home',
129 |   computed: {
130 |   state() {
131 |     return Boolean(this.selectedReason)
132 |   },
133 | },
134 |   mounted () {
135 |     this.$http.get('api/user.php')
136 |       .then(resp => {
137 |         this.userName = resp.data
138 |         console.log(this.userName)
139 |       })
140 |     this.$http.get('api/centers.php')
141 |       .then(resp => {
142 |         this.centerList = resp.data    
143 |       })
144 |   },
145 |   methods: {
146 |     changedCenter () {
147 |       this.$http.get('api/exemptions.php', {
148 |         params: {
149 |           selectedCenter: this.selectedCenter
150 |         }
151 |       })
152 |         .then(resp => {
153 |           this.exemptionReason = resp.data //.map(i => { return { text: i, value: i } })
154 |         })
155 |     },
156 |     selectComputer(row) {
157 |       // console.log(this.$refs.tableList)
158 |       this.computersList.forEach(i => {
159 |         this.$set(i, '_showDetails', i.id === row.item.id)
160 |       }),
161 |       console.log(row)
162 |       this.selectedReason = ''
163 |       this.exemptionStatus = ''
164 |       this.checkStatus = "checking"
165 |       this.exemptionStatus = ''
166 |       this.dismissCountDown = this.dismissSecs
167 |       this.$http.get('api/exemption_check.php', {
168 |         params: {
169 |           id: row.item.id,
170 |           selectedCenter: this.selectedCenter
171 |         }
172 |       })
173 |       .then(resp => {
174 |         this.checkStatus = 'done'
175 |         this.exemptionStatus = resp.data
176 |       });
177 |       // this.$set(item, '_showDetails', !item._showDetails)
178 |     },
179 |     onSearch () {
180 |       const pThis = this
181 |       this.startSearch = 'yes'
182 |       this.$http.get('api/computers.php', {
183 |         params: {
184 |           user: this.userSearch,
185 |           selectedCenter: this.selectedCenter
186 |         }
187 |       })
188 |       .then((computers) => {
189 |         console.log(computers);
190 |         if (computers.data == '') {
191 |           this.computersList = "No Computers Found."; }   
192 |         else {
193 |           this.computersList = computers.data.map(i => { return { ...i, _showDetails: false, exempt: false } })
194 |         }
195 |         console.log(this.computersList);     
196 |       });
197 |     },
198 |     resetField () {
199 |       this.computersList = ''
200 |     },
201 |     countDownChanged(dismissCountDown) {
202 |       this.dismissCountDown = dismissCountDown
203 |     },
204 |     issueExemption(row) {
205 |       row.item.exempt = true
206 |       // alert("Testing Mode")
207 |       this.$http.post('api/issueexemption.php', {
208 |         params: {
209 |           id: row.item.id,
210 |           selectedCenter: this.selectedCenter,
211 |           selectedReason: this.selectedReason
212 |         }
213 |       })
214 |       .then((exemption) => {
215 |         console.log(exemption)
216 |         alert("The PIV Exemption for \n \n    User: " + this.userSearch + "\n" + "    Computer: " + row.item.name + "\n \nhas been completed and is PIV Exempted for 48 hours.\n\n Exemption Reason:\n " + this.selectedReason + ".")
217 |         this.selectedReason = ''
218 |         this.checkStatus = ''
219 |       });
220 |     },
221 |   },
222 |   data () {
223 |     return {
224 |       checkStatus: '',
225 |       dismissSecs: 10,
226 |       dismissCountDown: 0,
227 |       showDismissableAlert: false,
228 |       selectedCenter: null,
229 |       exemptionStatus: null,
230 |       userSearch: '',
231 |       startSearch: '',
232 |       selectedReason: null,
233 |       fields: [
234 |         {
235 |           key: 'name',
236 |           label: 'Computer Name',
237 |         },{
238 |           key: 'show_details',
239 |           label: 'Show Details'
240 |         }
241 |       ],
242 |       computersList: [],
243 |       selected: [],
244 |       exemptionReason: [],
245 |       centerList: [],
246 |     }
247 |   }
248 | }
249 | </script>
250 | 
251 | <style>
252 | .centerMenu {
253 |   margin-top: 15px;
254 | }
255 | 
256 | .exemptionChoices {
257 |   border-color:green;
258 | }
259 | 
260 | b.auid {
261 |   color: rgb(214, 39, 39);
262 |   font-weight: bold;
263 |   /* text-shadow: 1px 2px 2px rgb(0, 0, 0); */
264 | }
265 | 
266 | p.auid {
267 |   color: rgb(214, 39, 39);
268 |   font-weight: bold;
269 |   /* text-shadow: 1px 2px 2px rgb(0, 0, 0); */
270 | }
271 | </style>
272 | 


--------------------------------------------------------------------------------