Fix for ConnDead status

xsd/xsd.go

@@ -286,21 +286,28 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, //nolint:funlen
 
 	if interactive {
 		if useSysLogin {
-			// Use the server's login binary (post-auth, which
-			// is still done via our own bcrypt file)
-			//
-			// Note login will drop privs to the intended user for us
+			// Use the server's login binary (post-auth)
 			//
 			// Things UNIX login does, like print the 'motd',
 			// and use the shell specified by /etc/passwd, will be done
 			// automagically, at the cost of another external tool
 			// dependency.
 			//
+			// One drawback of using 'login' is that the remote side
+			// cannot give us back the shell's exit code, since it
+			// exits back to 'login', which usually returns its own
+			// 0 status back to us.
+			//
+			// Note login will drop privs to the intended user for us.
+			//
 			c = exec.Command(xs.GetTool("login"), "-f", "-p", who) //nolint:gosec
 		} else {
-			// Using our separate login via local passwd file
+			// Run shell directly (which allows nonzero exit codes back to
+			// the local system upon shell exit, whereas 'login' does not.)
 			//
-			// Note we must drop privs ourselves for the user shell
+			// Note we must drop privs ourselves for the user shell since
+			// we aren't using 'login' on the remote end which would do it
+			// for us.
 			//
 			c = exec.Command(xs.GetTool("bash"), "-i", "-l") //nolint:gosec
 			c.SysProcAttr = &syscall.SysProcAttr{}
@@ -412,7 +419,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, //nolint:funlen
 			}
 			conn.SetStatus(xsnet.CSOType(exitStatus))
 		} else {
-			logger.LogDebug("*** Main proc has exited. ***") //nolint:errcheck
+			logger.LogDebug(fmt.Sprintf("*** Main proc has exited (%d) ***", c.ProcessState.ExitCode())) //nolint:errcheck
 			// Background jobs still may be running; close the
 			// pty anyway, so the client can return before
 			// wg.Wait() below completes (Issue #18)