Fix Windows lint errcheck/unused and Linux nilerr in console VNC fallback

client/vnc/server/agent_windows.go

@@ -91,12 +91,6 @@ const (
 	wtsDisconnected = 4
 )
 
-type wtsSessionInfo struct {
-	SessionID      uint32
-	WinStationName [66]byte // actually *uint16, but we just need the struct size
-	State          uint32
-}
-
 // getActiveSessionID returns the session ID of the best session to attach to.
 // On a Windows Server with no console display attached, session 1 still
 // reports WTSActive (login screen "owns" the console), so a naive
@@ -176,7 +170,7 @@ func reapOrphanOnPort(portStr string) {
 		log.Warnf("reap on port %d: open PID=%d: %v", port, pid, err)
 		return
 	}
-	defer windows.CloseHandle(h)
+	defer func() { _ = windows.CloseHandle(h) }()
 	if !isOurAgentProcess(h) {
 		log.Warnf("reap on port %d: PID=%d is not a netbird vnc-agent, leaving it alone", port, pid)
 		return
@@ -307,7 +301,7 @@ func getSystemTokenForSession(sessionID uint32) (windows.Token, error) {
 	return dup, nil
 }
 
-const agentTokenEnvVar = "NB_VNC_AGENT_TOKEN"
+const agentTokenEnvVar = "NB_VNC_AGENT_TOKEN" // #nosec G101 -- env var name, not a credential
 
 // injectEnvVar appends a KEY=VALUE entry to a Unicode environment block.
 // The block is a sequence of null-terminated UTF-16 strings, terminated by
@@ -698,7 +692,7 @@ func (m *sessionManager) killAgent() {
 // error output, panic stack traces) are forwarded verbatim so failures
 // during early agent startup remain visible.
 func relogAgentOutput(pipe windows.Handle) {
-	defer windows.CloseHandle(pipe)
+	defer func() { _ = windows.CloseHandle(pipe) }()
 	f := os.NewFile(uintptr(pipe), "vnc-agent-stderr")
 	defer f.Close()
 

client/vnc/server/input_windows.go

@@ -41,12 +41,6 @@ const (
 	keyeventfScanCode    = 0x0008
 )
 
-// winlogonDesktopName is the name of the Windows secure desktop that hosts the
-// logon UI, Ctrl+Alt+Del screen, UAC prompts, and credential dialogs. Its
-// clipboard is isolated from the interactive Default desktop, so pasting via
-// the clipboard API does not work there. We fall back to synthesizing the
-// text as Unicode keystrokes.
-const winlogonDesktopName = "Winlogon"
 
 // maxTypedClipboardChars caps the number of characters we will synthesize as
 // keystrokes when falling back on the Winlogon desktop. Passwords are short;
@@ -258,7 +252,7 @@ func signalSAS() {
 		return
 	}
 	ev := windows.Handle(h)
-	defer windows.CloseHandle(ev)
+	defer func() { _ = windows.CloseHandle(ev) }()
 	if err := windows.SetEvent(ev); err != nil {
 		log.Warnf("SetEvent SAS: %v", err)
 	} else {

client/vnc/server/keysym_typetext.go

@@ -1,3 +1,5 @@
+//go:build !windows
+
 package server
 
 // keysymForASCIIRune maps an ASCII rune to (X11 keysym for the unshifted

client/vnc/server/server_windows.go

@@ -166,7 +166,7 @@ func createSASEvent() (windows.Handle, bool) {
 // signalled, until ctx is cancelled. Recovers from panics inside SendSAS so
 // a future ABI surprise doesn't tear down the service.
 func runSASListenerLoop(ctx context.Context, ev windows.Handle) {
-	defer windows.CloseHandle(ev)
+	defer func() { _ = windows.CloseHandle(ev) }()
 	defer func() {
 		if r := recover(); r != nil {
 			log.Warnf("SAS listener recovered from panic: %v", r)