My project (github.com/spieglt/flyingcarpet) is written in Go, is cross-platform (Mac/Win/Linux), and uses cgo/Objective-C for certain network functions on macOS. It needs to perform 3 privileged actions: Add a wireless network to the top of the preferred networks list, later remove that network from the preferred networks list, and remove that network's password from all Keychains. I wouldn't need to touch the Keychain at all except that CWInterface's associateToNetwork method adds Keychain entries automatically, but let me know if there's a way to prevent this.
For the preferred network operations, I can use SFAuthorization's obtainWithRight method, which leads to my first question: What are the possible values for obtainWithRight's rightNames parameter, and where are they documented? rightNames' type is AuthorizationString, which is just an alias for a UTF-8 char pointer, and I know that "system.preferences" is a vaild value. But I don't know how to find what others might be, and my search of Apple's docs has turned up nothing.
My second question: How is one supposed to remove a wireless network password from all Keychains? There is a CWKeychainDeleteWiFiPassword function in CoreWLAN, but it can't remove a password from the System Keychain unless running as root, and I don't want or need to run my whole application as root. I see many people use AuthorizationExecuteWithPrivileges for this purpose, but this has been deprecated since 10.7. Apple seems to only recommend SMJobBless as its replacement, but it requires code signing, which I can't use because this is a Go project (thus not compiled with XCode). I don't want to pay for an Apple Developer ID just to change a setting anyway, and this method also requires a privileged helper daemon (which I wouldn't want as my program is intended to be a standalone utility, not an installed application).
To summarize, I need to prompt the user for their password a maximum of one time, and use that authorization to perform the three privileged actions I mentioned at the top. Thanks to anyone who can help!
Functions mentioned:
https://developer.apple.com/documentation/securityfoundation/sfauthorization/1417652-obtainwithright
https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg
https://developer.apple.com/library/content/samplecode/SMJobBless/Introduction/Intro.html