From 6cd14318f3317105e7044cd9ae0f010782aaa257 Mon Sep 17 00:00:00 2001
From: Dmitry Chapyshev <dmitry@aspia.ru>
Date: Wed, 15 Nov 2023 00:03:25 +0500
Subject: [PATCH] Run host UI without linked token (elevation).

---
 source/host/user_session_manager.cc | 54 +----------------------------
 1 file changed, 1 insertion(+), 53 deletions(-)

diff --git a/source/host/user_session_manager.cc b/source/host/user_session_manager.cc
index 13bf3373ad..312192fac5 100644
--- a/source/host/user_session_manager.cc
+++ b/source/host/user_session_manager.cc
@@ -59,9 +59,7 @@ const wchar_t kDefaultDesktopName[] = L"winsta0\\default";
 //--------------------------------------------------------------------------------------------------
 bool createLoggedOnUserToken(DWORD session_id, base::win::ScopedHandle* token_out)
 {
-    base::win::ScopedHandle user_token;
-
-    if (!WTSQueryUserToken(session_id, user_token.recieve()))
+    if (!WTSQueryUserToken(session_id, token_out->recieve()))
     {
         DWORD error_code = GetLastError();
         if (error_code == ERROR_NO_TOKEN)
@@ -74,56 +72,6 @@ bool createLoggedOnUserToken(DWORD session_id, base::win::ScopedHandle* token_ou
         return false;
     }
 
-    TOKEN_ELEVATION_TYPE elevation_type;
-    DWORD returned_length;
-
-    if (!GetTokenInformation(user_token,
-                             TokenElevationType,
-                             &elevation_type,
-                             sizeof(elevation_type),
-                             &returned_length))
-    {
-        PLOG(LS_ERROR) << "GetTokenInformation failed";
-        return false;
-    }
-
-    switch (elevation_type)
-    {
-        // The token is a limited token.
-        case TokenElevationTypeLimited:
-        {
-            TOKEN_LINKED_TOKEN linked_token_info;
-
-            // Get the unfiltered token for a silent UAC bypass.
-            if (!GetTokenInformation(user_token,
-                                     TokenLinkedToken,
-                                     &linked_token_info,
-                                     sizeof(linked_token_info),
-                                     &returned_length))
-            {
-                PLOG(LS_ERROR) << "GetTokenInformation failed";
-                return false;
-            }
-
-            // Attach linked token.
-            token_out->reset(linked_token_info.LinkedToken);
-        }
-        break;
-
-        case TokenElevationTypeDefault: // The token does not have a linked token.
-        case TokenElevationTypeFull:    // The token is an elevated token.
-        default:
-            token_out->reset(user_token.release());
-            break;
-    }
-
-    DWORD ui_access = 1;
-    if (!SetTokenInformation(token_out->get(), TokenUIAccess, &ui_access, sizeof(ui_access)))
-    {
-        PLOG(LS_ERROR) << "SetTokenInformation failed";
-        return false;
-    }
-
     return true;
 }