From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 5 Feb 2012 18:36:52 +0000 (-0500)
Subject: regen
X-Git-Tag: SUDO_1_8_4~24
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1bbb59308c3e1a43e6244709d7251202e073ea30;p=sudo

regen

--HG--
branch : 1.8
---

diff --git a/doc/sudo.cat b/doc/sudo.cat
index b28d97d82..b01a63d12 100644
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@@ -380,7 +380,7 @@ PPAATTHHSS
 
 DDEEBBUUGG FFLLAAGGSS
        ssuuddoo versions 1.8.4 and higher support a flexible debugging framework
-       that can help track down what ssuuddoo is doing internally when there is a
+       that can help track down what ssuuddoo is doing internally if there is a
        problem.
 
        A Debug line consists of the Debug keyword, followed by the name of the
@@ -402,13 +402,39 @@ DDEEBBUUGG FFLLAAGGSS
        A future release may add support for per-plugin Debug lines and/or
        support for multiple debugging files for a single program.
 
-       For reference, the priorities supported by the ssuuddoo front end and
-       _s_u_d_o_e_r_s are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g.
+       The priorities used by the ssuuddoo front end, in order of decreasing
+       severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g.
+       Each priority, when specified, also includes all priorities higher than
+       it.  For example, a priority of _n_o_t_i_c_e would include debug messages
+       logged at _n_o_t_i_c_e and higher.
 
-       The following subsystems are defined: _m_a_i_n, _m_e_m_o_r_y, _a_r_g_s, _e_x_e_c, _p_t_y,
-       _u_t_m_p, _c_o_n_v, _p_c_o_m_m, _u_t_i_l, _l_i_s_t, _n_e_t_i_f, _a_u_d_i_t, _e_d_i_t, _s_e_l_i_n_u_x, _l_d_a_p,
-       _m_a_t_c_h, _p_a_r_s_e_r, _a_l_i_a_s, _d_e_f_a_u_l_t_s, _a_u_t_h, _e_n_v, _l_o_g_g_i_n_g, _n_s_s, _r_b_t_r_e_e, _p_e_r_m_s,
-       _p_l_u_g_i_n.  The subsystem _a_l_l includes every subsystem.
+       The following subsystems are used by ssuuddoo:
+
+       _a_l_l       matches every subsystem
+
+       _a_r_g_s      command line argument processing
+
+       _c_o_n_v      user conversation
+
+       _e_d_i_t      sudoedit
+
+       _e_x_e_c      command execution
+
+       _m_a_i_n      ssuuddoo main function
+
+       _n_e_t_i_f     network interface handling
+
+       _p_c_o_m_m     communication with the plugin
+
+       _p_l_u_g_i_n    plugin configuration
+
+       _p_t_y       pseudo-tty related code
+
+       _s_e_l_i_n_u_x   SELinux-specific handling
+
+       _u_t_i_l      utility functions
+
+       _u_t_m_p      utmp handling
 
 RREETTUURRNN VVAALLUUEESS
        Upon successful execution of a program, the exit status from ssuuddoo will
@@ -597,4 +623,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.4                          February  3, 2012                      SUDO(1m)
+1.8.4                          February  5, 2012                      SUDO(1m)
diff --git a/doc/sudo.man.in b/doc/sudo.man.in
index bdd8da06a..76931336c 100644
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "February  3, 2012" "1.8.4" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "February  5, 2012" "1.8.4" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -583,7 +583,7 @@ Defaults to \fI@noexec_file@\fR.
 .IX Header "DEBUG FLAGS"
 \&\fBsudo\fR versions 1.8.4 and higher support a flexible debugging
 framework that can help track down what \fBsudo\fR is doing internally
-when there is a problem.
+if there is a problem.
 .PP
 A \f(CW\*(C`Debug\*(C'\fR line consists of the \f(CW\*(C`Debug\*(C'\fR keyword, followed by the
 name of the program to debug (\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR),
@@ -607,15 +607,52 @@ and the plugins.  A future release may add support for per-plugin
 \&\f(CW\*(C`Debug\*(C'\fR lines and/or support for multiple debugging files for a
 single program.
 .PP
-For reference, the priorities supported by the \fBsudo\fR front end and
-\&\fIsudoers\fR are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR,
-\&\fIinfo\fR, \fItrace\fR and \fIdebug\fR.
-.PP
-The following subsystems are defined: \fImain\fR, \fImemory\fR, \fIargs\fR,
-\&\fIexec\fR, \fIpty\fR, \fIutmp\fR, \fIconv\fR, \fIpcomm\fR, \fIutil\fR, \fIlist\fR,
-\&\fInetif\fR, \fIaudit\fR, \fIedit\fR, \fIselinux\fR, \fIldap\fR, \fImatch\fR, \fIparser\fR,
-\&\fIalias\fR, \fIdefaults\fR, \fIauth\fR, \fIenv\fR, \fIlogging\fR, \fInss\fR, \fIrbtree\fR,
-\&\fIperms\fR, \fIplugin\fR.  The subsystem \fIall\fR includes every subsystem.
+The priorities used by the \fBsudo\fR front end, in order of decreasing
+severity, are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR,
+\&\fItrace\fR and \fIdebug\fR.  Each priority, when specified, also includes
+all priorities higher than it.  For example, a priority of \fInotice\fR
+would include debug messages logged at \fInotice\fR and higher.
+.PP
+The following subsystems are used by \fBsudo\fR:
+.IP "\fIall\fR" 10
+.IX Item "all"
+matches every subsystem
+.IP "\fIargs\fR" 10
+.IX Item "args"
+command line argument processing
+.IP "\fIconv\fR" 10
+.IX Item "conv"
+user conversation
+.IP "\fIedit\fR" 10
+.IX Item "edit"
+sudoedit
+.IP "\fIexec\fR" 10
+.IX Item "exec"
+command execution
+.IP "\fImain\fR" 10
+.IX Item "main"
+\&\fBsudo\fR main function
+.IP "\fInetif\fR" 10
+.IX Item "netif"
+network interface handling
+.IP "\fIpcomm\fR" 10
+.IX Item "pcomm"
+communication with the plugin
+.IP "\fIplugin\fR" 10
+.IX Item "plugin"
+plugin configuration
+.IP "\fIpty\fR" 10
+.IX Item "pty"
+pseudo-tty related code
+.IP "\fIselinux\fR" 10
+.IX Item "selinux"
+SELinux-specific handling
+.IP "\fIutil\fR" 10
+.IX Item "util"
+utility functions
+.IP "\fIutmp\fR" 10
+.IX Item "utmp"
+utmp handling
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 Upon successful execution of a program, the exit status from \fBsudo\fR
diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 043e301da..b98c1e5af 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1621,6 +1621,57 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
        privilege escalation.  In the specific case of an editor, a safer
        approach is to give the user permission to run ssuuddooeeddiitt.
 
+DDEEBBUUGG FFLLAAGGSS
+       Versions 1.8.4 and higher of the _s_u_d_o_e_r_s plugin supports a debugging
+       framework that can help track down what the plugin is doing internally
+       if there is a problem.  This can be configured in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
+       file as described in _s_u_d_o(1m).
+
+       The _s_u_d_o_e_r_s plugin uses the same debug flag format as ssuuddoo itself:
+       _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y.
+
+       The priorities used by _s_u_d_o_e_r_s, in order of decreasing severity, are:
+       _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g.  Each priority,
+       when specified, also includes all priorities higher than it.  For
+       example, a priority of _n_o_t_i_c_e would include debug messages logged at
+       _n_o_t_i_c_e and higher.
+
+       The following subsystems are used by _s_u_d_o_e_r_s:
+
+       _a_l_i_a_s     User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias processing
+
+       _a_l_l       matches every subsystem
+
+       _a_u_d_i_t     BSM and Linux audit code
+
+       _a_u_t_h      user authentication
+
+       _d_e_f_a_u_l_t_s  _s_u_d_o_e_r_s _D_e_f_a_u_l_t_s settings
+
+       _e_n_v       environment handling
+
+       _l_d_a_p      LDAP-based sudoers
+
+       _l_o_g_g_i_n_g   logging support
+
+       _m_a_t_c_h     matching of users, groups, hosts and netgroups in _s_u_d_o_e_r_s
+
+       _n_e_t_i_f     network interface handling
+
+       _n_s_s       network service switch handling in _s_u_d_o_e_r_s
+
+       _p_a_r_s_e_r    _s_u_d_o_e_r_s file parsing
+
+       _p_e_r_m_s     permission setting
+
+       _p_l_u_g_i_n    The equivalent of _m_a_i_n for the plugin.
+
+       _p_t_y       pseudo-tty related code
+
+       _r_b_t_r_e_e    redblack tree internals
+
+       _u_t_i_l      utility functions
+
 SSEECCUURRIITTYY NNOOTTEESS
        _s_u_d_o_e_r_s will check the ownership of its time stamp directory
        (_/_v_a_r_/_a_d_m_/_s_u_d_o by default) and ignore the directory's contents if it is
@@ -1698,4 +1749,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.4                          January  6, 2012                     SUDOERS(4)
+1.8.4                          February  5, 2012                    SUDOERS(4)
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index f6e7b88d3..ef7ddd67c 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -1,4 +1,4 @@
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2011
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
 .\" 	Todd C. Miller <Todd.Miller@courtesan.com>
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -148,7 +148,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "January  6, 2012" "1.8.4" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "February  5, 2012" "1.8.4" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -1972,6 +1972,74 @@ operations (such as changing or overwriting files) that could lead
 to unintended privilege escalation.  In the specific case of an
 editor, a safer approach is to give the user permission to run
 \&\fBsudoedit\fR.
+.SH "DEBUG FLAGS"
+.IX Header "DEBUG FLAGS"
+Versions 1.8.4 and higher of the \fIsudoers\fR plugin supports a
+debugging framework that can help track down what the plugin is
+doing internally if there is a problem.  This can be configured in
+the \fI@sysconfdir@/sudo.conf\fR file as described in \fIsudo\fR\|(@mansectsu@).
+.PP
+The \fIsudoers\fR plugin uses the same debug flag format as \fBsudo\fR
+itself: \fIsubsystem\fR@\fIpriority\fR.
+.PP
+The priorities used by \fIsudoers\fR, in order of decreasing severity,
+are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR
+and \fIdebug\fR.  Each priority, when specified, also includes all
+priorities higher than it.  For example, a priority of \fInotice\fR
+would include debug messages logged at \fInotice\fR and higher.
+.PP
+The following subsystems are used by \fIsudoers\fR:
+.IP "\fIalias\fR" 10
+.IX Item "alias"
+\&\f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR and \f(CW\*(C`Cmnd_Alias\*(C'\fR processing
+.IP "\fIall\fR" 10
+.IX Item "all"
+matches every subsystem
+.IP "\fIaudit\fR" 10
+.IX Item "audit"
+\&\s-1BSM\s0 and Linux audit code
+.IP "\fIauth\fR" 10
+.IX Item "auth"
+user authentication
+.IP "\fIdefaults\fR" 10
+.IX Item "defaults"
+\&\fIsudoers\fR \fIDefaults\fR settings
+.IP "\fIenv\fR" 10
+.IX Item "env"
+environment handling
+.IP "\fIldap\fR" 10
+.IX Item "ldap"
+LDAP-based sudoers
+.IP "\fIlogging\fR" 10
+.IX Item "logging"
+logging support
+.IP "\fImatch\fR" 10
+.IX Item "match"
+matching of users, groups, hosts and netgroups in \fIsudoers\fR
+.IP "\fInetif\fR" 10
+.IX Item "netif"
+network interface handling
+.IP "\fInss\fR" 10
+.IX Item "nss"
+network service switch handling in \fIsudoers\fR
+.IP "\fIparser\fR" 10
+.IX Item "parser"
+\&\fIsudoers\fR file parsing
+.IP "\fIperms\fR" 10
+.IX Item "perms"
+permission setting
+.IP "\fIplugin\fR" 10
+.IX Item "plugin"
+The equivalent of \fImain\fR for the plugin.
+.IP "\fIpty\fR" 10
+.IX Item "pty"
+pseudo-tty related code
+.IP "\fIrbtree\fR" 10
+.IX Item "rbtree"
+redblack tree internals
+.IP "\fIutil\fR" 10
+.IX Item "util"
+utility functions
 .SH "SECURITY NOTES"
 .IX Header "SECURITY NOTES"
 \&\fIsudoers\fR will check the ownership of its time stamp directory