What APIs is the `security` cli using?

macos command-line security

in particular the execute-with-privileges subcommand, which uses fingerprint scanning GUI to authenticate and i'm curious whether those could be used if I build a cli.

Details

security is a standard binary that ships with OSX and:

security(1)               BSD General Commands Manual              security(1)

NAME
     security -- Command line interface to keychains and Security framework

SYNOPSIS
     security [-hilqv] [-p prompt] [command] [command_options] [command_args]

Any pointers or reference to documentation would help!

Thanks you!


AuthorizationExecuteWithPrivileges

security uses the deprecated AuthorizationExecuteWithPrivileges function to implement execute-with-privileges:

status = AuthorizationExecuteWithPrivileges(auth_ref,argv[0], 0, (argc > 1) ? &argv[1] : NULL, &communications_pipe);

The function needs an AuthorizationRef, which is the part that confirms who the user is. See the AuthorizationServices framework. Note that AuthorizationServices are not available to sandboxed applications on macOS.

Open Source

security is open source and available on https://opensource.apple.com

macOS 10.15.3's Security-59306.80.4 bundle contains the source code:

  • Security-59306.80.4/SecurityTool/macOS

Related

macOS Catalina: Install Slows and Errors on MacBook Pro (13-inch Mid 2012)
How to update nodejs on mac?
Meaning of "Last Modified" date on files (installed from outside the AppStore)?
Editing a system preferences .plist file (not user preferences .plist file)
In Textedit, is there a way to save all open files at once?
Sluggish mouse cursor with 28" 4K display
Why is my MacBook Air is making ticking sounds?
How can data be restored when I downgrade macOS versions?
Reset Admin password for macOS Mojave
How do I run apple script on a particular instance of Firefox?
Question Marks in iTerm (Font Issue?)
how to know the current Zoom level in D3.js