From 330936d956cafed79f611d1e484d3e1c0e0db19a Mon Sep 17 00:00:00 2001
From: Alan Parra <alan.parra@goteleport.com>
Date: Tue, 20 Feb 2024 15:36:31 -0300
Subject: [PATCH] fix: Avoid tsh panic on Windows Server 2019

---
 lib/auth/webauthnwin/webauthn_windows.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/auth/webauthnwin/webauthn_windows.go b/lib/auth/webauthnwin/webauthn_windows.go
index fb0872634262c..708b92771ed69 100644
--- a/lib/auth/webauthnwin/webauthn_windows.go
+++ b/lib/auth/webauthnwin/webauthn_windows.go
@@ -57,6 +57,14 @@ func newNativeImpl() *nativeImpl {
 			Debug("WebAuthnWin: failed to load WebAuthn.dll (it's likely missing)")
 		return n
 	}
+	// Load WebAuthNGetApiVersionNumber explicitly too, it avoids a panic on some
+	// Windows Server 2019 installs.
+	if err := procWebAuthNGetApiVersionNumber.Find(); err != nil {
+		log.
+			WithError(err).
+			Debug("WebAuthnWin: failed to load WebAuthNGetApiVersionNumber")
+		return n
+	}
 
 	v, err := webAuthNGetApiVersionNumber()
 	if err != nil {
@@ -66,6 +74,10 @@ func newNativeImpl() *nativeImpl {
 	n.webauthnAPIVersion = v
 	n.isAvailable = v > 0
 
+	if !n.isAvailable {
+		return n
+	}
+
 	n.hasPlatformUV, err = isUVPlatformAuthenticatorAvailable()
 	if err != nil {
 		// This should not happen if dll exists, however we are fine with