#!/bin/bash
#
# reinstall-jamf-management-framework.sh
#
# Authored by Jean-Sebastien Morisset <https://surniaulula.com/>.
#
# Copyright 2025-2026 Jean-Sebastien Morisset <https://surniaulula.com/> and
# School District 46 <https://sd46.bc.ca/>.
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# See <https://www.gnu.org/licenses/> for the GNU General Public License.
#
function hw_model_name {

	/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/sed -n 's/^ *Model Name: //p'
}

function hw_model_id {

	/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/sed -n 's/^ *Model Identifier: //p'
}

function hw_model_number {

	/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/sed -n 's/^ *Model Number: //p'
}

function hw_serial_number {

	/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/sed -n 's/^ *Serial Number (system): //p'
}

function hw_ip_address {

	for i in `/sbin/ifconfig -l -u inet`	# Only IPv4 interfaces that are UP.
	do
		/usr/sbin/ipconfig getifaddr "$i" && break
	done
}

mount_point="$1"
computer_name="$2"
user_name="$3"
hw_model_name="`hw_model_name`"
hw_model_id="`hw_model_id`"
hw_model_number="`hw_model_number`"
hw_serial_no="`hw_serial_number`"
hw_ip_address="`hw_ip_address`"
hw_hostname="`hostname -s`"

#
# PLEASE NOTE:
#
# The enroll account must be assigned custom privileges based on the
# "Enrollment Only" privilege set: choose privilege set "Enrollment Only", then
# choose privilege set "Custom", then under the custom privileges tab, add the
# Jamf Pro Server Objects > Computers: Update privilege.
#
jss_username='enroll'				# Modify this (to use a different account name).
jss_password='{enroll-account-password}'	# Modify this.
jamf_url='https://{jamf-server-url}/'		# Modify this.

#
# Include basic information about the computer for the Jamf policy log.
#
echo ""
echo ""

/bin/date

echo ""
echo "mount_point = $mount_point"
echo "computer_name = $computer_name"
echo "user_name = $user_name"
echo "hw_model_name = $hw_model_name"
echo "hw_model_id = $hw_model_id"
echo "hw_model_number = $hw_model_number"
echo "hw_serial_no = $hw_serial_no"
echo "hw_ip_address = $hw_ip_address"
echo "hw_hostname = $hw_hostname"
echo ""
echo "MacOS version:"
echo ""

/usr/bin/sw_vers

echo ""

#
# Down to business: retrieve the latest jamf binary, copy it to
# /usr/local/jamf/bin, link it in /usr/local/bin, recreate the Jamf config,
# and then reenroll the computer.
#
/usr/bin/curl -ks "${jamf_url}bin/jamf" -o /tmp/jamf

/bin/mkdir -p /usr/local/jamf/bin /usr/local/bin

/bin/mv /tmp/jamf /usr/local/jamf/bin

/bin/chmod +x /usr/local/jamf/bin/jamf

/bin/ln -fs /usr/local/jamf/bin/jamf /usr/local/bin/jamf

/bin/rm -f /usr/local/jamf/bin/jamfAAD

/usr/local/jamf/bin/jamf createConf -k -url "${jamf_url}"

/bin/cat <<EOF >/tmp/enroll.$$
echo "Enroll Begin"
/usr/local/jamf/bin/jamf enroll -prompt
echo "Enroll End"
EOF

/bin/chmod 700 /tmp/enroll.$$

/usr/bin/expect 2>/dev/null <<EOF
set timeout -1
spawn /tmp/enroll.$$
expect "JSS Username:"
send "$jss_username\n"
expect "JSS Password:"
send "$jss_password\n"
expect "Enroll End"
exit 0
EOF