Use numeric registers to handle conditionals instead of trying

to do it all with text processing.

doc/sudo.man.in

@@ -18,6 +18,10 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\" 
+.nr SL @SEMAN@
+.nr BA @BAMAN@
+.nr LC @LCMAN@
+.\"
 .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
 .\"
 .\" Standard preamble:
@@ -144,7 +148,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "May 11, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,31 +160,31 @@ sudo, sudoedit \- execute a command as another user
 \&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR
 .PP
 \&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR]
-@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
 [\fB\-D\fR\ \fIlevel\fR]
 [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
 [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
 .PP
 \&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
-@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
 [\fB\-D\fR\ \fIlevel\fR]
 [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
 [\fB\-U\fR\ \fIuser\ name\fR] [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] [\fIcommand\fR]
 .PP
 \&\fBsudo\fR [\fB\-AbEHnPS\fR]
-@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
 [\fB\-C\fR\ \fIfd\fR]
 [\fB\-D\fR\ \fIlevel\fR]
-@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
+.if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
 [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
-@SEMAN@[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
+.if \n(SL [\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
 [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
 [\fB\s-1VAR\s0\fR=\fIvalue\fR] [\fB\-i\fR\ |\ \fB\-s\fR] [\fIcommand\fR]
 .PP
 \&\fBsudoedit\fR [\fB\-AnS\fR]
-@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
 [\fB\-C\fR\ \fIfd\fR]
-@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
+.if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
 [\fB\-D\fR\ \fIlevel\fR]
 [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
 [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] file ...
@@ -242,14 +246,16 @@ user's password and output the password to the standard output.  If
 the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the
 path to the helper program.  Otherwise, the value specified by the
 \&\fIaskpass\fR option in \fIsudoers\fR\|(@mansectform@) is used.
-@BAMAN@.IP "\-a \fItype\fR" 12
-@BAMAN@.IX Item "-a type"
-@BAMAN@The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
-@BAMAN@specified authentication type when validating the user, as allowed
-@BAMAN@by \fI/etc/login.conf\fR.  The system administrator may specify a list
-@BAMAN@of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R"
-@BAMAN@entry in \fI/etc/login.conf\fR.  This option is only available on systems
-@BAMAN@that support \s-1BSD\s0 authentication.
+.if \n(BA \{\
+.IP "\-a \fItype\fR" 12
+.IX Item "-a type"
+The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
+specified authentication type when validating the user, as allowed
+by \fI/etc/login.conf\fR.  The system administrator may specify a list
+of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R"
+entry in \fI/etc/login.conf\fR.  This option is only available on systems
+that support \s-1BSD\s0 authentication.
+\}
 .IP "\-b" 12
 .IX Item "-b"
 The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
@@ -264,17 +270,19 @@ above the standard error (file descriptor three).  Values less than
 three are not permitted.  This option is only available if the
 administrator has enabled the \fIclosefrom_override\fR option in
 \&\fIsudoers\fR\|(@mansectform@).
-@LCMAN@.IP "\-c \fIclass\fR" 12
-@LCMAN@.IX Item "-c class"
-@LCMAN@The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
-@LCMAN@with resources limited by the specified login class.  The \fIclass\fR
-@LCMAN@argument can be either a class name as defined in \fI/etc/login.conf\fR,
-@LCMAN@or a single '\-' character.  Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
-@LCMAN@that the command should be run restricted by the default login
-@LCMAN@capabilities for the user the command is run as.  If the \fIclass\fR
-@LCMAN@argument specifies an existing user class, the command must be run
-@LCMAN@as root, or the \fBsudo\fR command must be run from a shell that is already
-@LCMAN@root.  This option is only available on systems with \s-1BSD\s0 login classes.
+.if \n(LC \{\
+.IP "\-c \fIclass\fR" 12
+.IX Item "-c class"
+The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
+with resources limited by the specified login class.  The \fIclass\fR
+argument can be either a class name as defined in \fI/etc/login.conf\fR,
+or a single '\-' character.  Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
+that the command should be run restricted by the default login
+capabilities for the user the command is run as.  If the \fIclass\fR
+argument specifies an existing user class, the command must be run
+as root, or the \fBsudo\fR command must be run from a shell that is already
+root.  This option is only available on systems with \s-1BSD\s0 login classes.
+\}
 .IP "\-D \fIlevel\fR" 12
 .IX Item "-D level"
 Enable debugging of \fBsudo\fR plugins and \fBsudo\fR itself.  The \fIlevel\fR
@@ -435,10 +443,12 @@ The prompt specified by the \fB\-p\fR option will override the system
 password prompt on systems that support \s-1PAM\s0 unless the
 \&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR.
 .RE
-@SEMAN@.IP "\-r \fIrole\fR" 12
-@SEMAN@.IX Item "-r role"
-@SEMAN@The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to 
-@SEMAN@have the role specified by \fIrole\fR.
+.if \n(SL \{\
+.IP "\-r \fIrole\fR" 12
+.IX Item "-r role"
+The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to 
+have the role specified by \fIrole\fR.
+\}
 .IP "\-S" 12
 .IX Item "-S"
 The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
@@ -450,11 +460,13 @@ The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\
 environment variable if it is set or the shell as specified in
 \&\fIpasswd\fR\|(@mansectform@).  If a command is specified, it is passed to the shell
 for execution.  Otherwise, an interactive shell is executed.
-@SEMAN@.IP "\-t \fItype\fR" 12
-@SEMAN@.IX Item "-t type"
-@SEMAN@The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to 
-@SEMAN@have the type specified by \fItype\fR.  If no type is specified, the default
-@SEMAN@type is derived from the specified role.
+.if \n(SL \{\
+.IP "\-t \fItype\fR" 12
+.IX Item "-t type"
+The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to 
+have the type specified by \fItype\fR.  If no type is specified, the default
+type is derived from the specified role.
+\}
 .IP "\-U \fIuser\fR" 12
 .IX Item "-U user"
 The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR
@@ -727,7 +739,7 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
-@LCMAN@\&\fIlogin_cap\fR\|(3),
+.if \n(LC \&\fIlogin_cap\fR\|(3),
 \&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@)
 .SH "AUTHORS"
 .IX Header "AUTHORS"