/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
using (var token = GetToken())
{
if (Open)
{
if (string.IsNullOrEmpty(TypeName))
{
TypeName = SecurityDescriptor?.NtType.Name ?? throw new ArgumentException("Must specify a type name.");
}
WriteObject(NtSecurity.OpenObjectAudit(
SubsystemName, HandleId, TypeName,
Name, SecurityDescriptor, token,
DesiredAccess, GrantedAccess, GetPrivileges(),
Creation, AccessGranted));
}
else if (Close)
{
NtSecurity.CloseObjectAudit(SubsystemName,
HandleId, GenerateOnClose);
}
else if (Delete)
{
NtSecurity.DeleteObjectAudit(SubsystemName,
HandleId, GenerateOnClose);
}
else if (PrivilegeObject)
{
NtSecurity.PrivilegeObjectAudit(SubsystemName,
HandleId, token, DesiredAccess,
GetPrivileges(), AccessGranted);
}
else if (PrivilegeService)
{
NtSecurity.PrivilegedServiceAudit(SubsystemName,
ServiceName, token, GetPrivileges(),
AccessGranted);
}
else
{
throw new ArgumentException("Invalid audit type.");
}
}
}
