windows-broker: exclude WinServer2016 from WAM support

mjcheetham · mjcheetham · commit 297d9a4b0f90 · 2022-03-01T14:13:43.000Z
Windows Server 2016 does not support WAM, so we should not try to enable
the broker unless we're on Server 2019 and later.

Also update the Windows (client; non-server) version checks to be
tighter. Previously any major version of 10 or greater was considered
"supported", but this is wrong. Windows 10 build 15063 was the first to
support WAM.
diff --git a/src/shared/Core/Authentication/MicrosoftAuthentication.cs b/src/shared/Core/Authentication/MicrosoftAuthentication.cs
@@ -55,7 +55,7 @@ public static void InitializeBroker()
             IsBrokerInitialized = true;
 
             // Broker is only supported on Windows 10 and later
-            if (!PlatformUtils.IsWindows10OrGreater())
+            if (!PlatformUtils.IsWindowsBrokerSupported())
             {
                 return;
             }
@@ -288,7 +288,7 @@ private async Task<IPublicClientApplication> CreatePublicClientApplicationAsync(
             }
 
             // On Windows 10+ & .NET Framework try and use the WAM broker
-            if (enableBroker && PlatformUtils.IsWindows10OrGreater())
+            if (enableBroker && PlatformUtils.IsWindowsBrokerSupported())
             {
 #if NETFRAMEWORK
                 appBuilder.WithExperimentalFeatures();
@@ -459,8 +459,8 @@ public HttpClient GetHttpClient()
         public static bool CanUseBroker(ICommandContext context)
         {
 #if NETFRAMEWORK
-            // We only support the broker on Windows 10 and require an interactive session
-            if (!context.SessionManager.IsDesktopSession || !PlatformUtils.IsWindows10OrGreater())
+            // We only support the broker on Windows 10+ and in an interactive session
+            if (!context.SessionManager.IsDesktopSession || !PlatformUtils.IsWindowsBrokerSupported())
             {
                 return false;
             }
diff --git a/src/shared/Core/PlatformUtils.cs b/src/shared/Core/PlatformUtils.cs
@@ -21,7 +21,7 @@ public static PlatformInformation GetPlatformInformation()
             return new PlatformInformation(osType, osVersion, cpuArch, clrVersion);
         }
 
-        public static bool IsWindows10OrGreater()
+        public static bool IsWindowsBrokerSupported()
         {
             if (!IsWindows())
             {
@@ -38,7 +38,27 @@ public static bool IsWindows10OrGreater()
                 return false;
             }
 
-            return (int) osvi.dwMajorVersion >= 10;
+            // Windows major version 10 is required for WAM
+            if (osvi.dwMajorVersion < 10)
+            {
+                return false;
+            }
+
+            // Specific minimum build number is different between Windows Server and Client SKUs
+            const int minClientBuildNumber = 15063;
+            const int minServerBuildNumber = 17763; // Server 2019
+
+            switch (osvi.wProductType)
+            {
+                case VER_NT_WORKSTATION:
+                    return osvi.dwBuildNumber >= minClientBuildNumber;
+
+                case VER_NT_SERVER:
+                case VER_NT_DOMAIN_CONTROLLER:
+                    return osvi.dwBuildNumber >= minServerBuildNumber;
+            }
+
+            return false;
         }
 
         /// <summary>
@@ -283,8 +303,31 @@ private unsafe struct RTL_OSVERSIONINFOEX
             internal uint dwBuildNumber;
             internal uint dwPlatformId;
             internal fixed char szCSDVersion[128];
+            internal ushort wServicePackMajor;
+            internal ushort wServicePackMinor;
+            internal short wSuiteMask;
+            internal byte wProductType;
+            internal byte wReserved;
         }
 
+        /// <summary>
+        /// The operating system is Windows client.
+        /// </summary>
+        private const byte VER_NT_WORKSTATION = 0x0000001;
+
+        /// <summary>
+        /// The system is a domain controller and the operating system is Windows Server.
+        /// </summary>
+        private const byte VER_NT_DOMAIN_CONTROLLER = 0x0000002;
+
+        /// <summary>
+        /// The operating system is Windows Server.
+        /// </summary>
+        /// <remarks>
+        /// A server that is also a domain controller is reported as VER_NT_DOMAIN_CONTROLLER, not VER_NT_SERVER.
+        /// </remarks>
+        private const byte VER_NT_SERVER = 0x0000003;
+
         #endregion
     }
 

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ public static void InitializeBroker()`
`55`	`55`	`IsBrokerInitialized = true;`
`56`	`56`
`57`	`57`	`// Broker is only supported on Windows 10 and later`
`58`		`- if (!PlatformUtils.IsWindows10OrGreater())`
	`58`	`+ if (!PlatformUtils.IsWindowsBrokerSupported())`
`59`	`59`	`{`
`60`	`60`	`return;`
`61`	`61`	`}`
`@@ -288,7 +288,7 @@ private async Task<IPublicClientApplication> CreatePublicClientApplicationAsync(`
`288`	`288`	`}`
`289`	`289`
`290`	`290`	`// On Windows 10+ & .NET Framework try and use the WAM broker`
`291`		`- if (enableBroker && PlatformUtils.IsWindows10OrGreater())`
	`291`	`+ if (enableBroker && PlatformUtils.IsWindowsBrokerSupported())`
`292`	`292`	`{`
`293`	`293`	`#if NETFRAMEWORK`
`294`	`294`	`appBuilder.WithExperimentalFeatures();`
`@@ -459,8 +459,8 @@ public HttpClient GetHttpClient()`
`459`	`459`	`public static bool CanUseBroker(ICommandContext context)`
`460`	`460`	`{`
`461`	`461`	`#if NETFRAMEWORK`
`462`		`- // We only support the broker on Windows 10 and require an interactive session`
`463`		`- if (!context.SessionManager.IsDesktopSession \|\| !PlatformUtils.IsWindows10OrGreater())`
	`462`	`+ // We only support the broker on Windows 10+ and in an interactive session`
	`463`	`+ if (!context.SessionManager.IsDesktopSession \|\| !PlatformUtils.IsWindowsBrokerSupported())`
`464`	`464`	`{`
`465`	`465`	`return false;`
`466`	`466`	`}`