Try to be clearer about sudo's exit value when the -l option is used.

doc/sudo.cat

@@ -231,9 +231,9 @@ DDEESSCCRRIIPPTTIIOONN
 
                  If a _c_o_m_m_a_n_d is specified and is permitted by the security
                  policy, the fully-qualified path to the command is displayed
-                 along with any command line arguments.  If _c_o_m_m_a_n_d is
+                 along with any command line arguments.  If a _c_o_m_m_a_n_d is
-                 specified but not allowed, ssuuddoo will exit with a status value
+                 specified but not allowed by the policy, ssuuddoo will exit with
-                 of 1.
+                 a status value of 1.
 
      --nn, ----nnoonn--iinntteerraaccttiivvee
                  Avoid prompting the user for input of any kind.  If a
@@ -458,15 +458,21 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
 EEXXIITT VVAALLUUEE
      Upon successful execution of a command, the exit status from ssuuddoo will be
      the exit status of the program that was executed.  If the command
-     terminated due to receipt of a signal, ssuuddoo will send itself the signal
+     terminated due to receipt of a signal, ssuuddoo will send itself the same
-     that terminated the command.
+     signal that terminated the command.
 
-     Otherwise, ssuuddoo exits with a value of 1 if there is a
+     If the --ll option was specified without a command, ssuuddoo will exit with a
-     configuration/permission problem or if ssuuddoo cannot execute the given
+     value of 0 if the user is allowed to run ssuuddoo and they authenticated
-     command.  In the latter case, the error string is printed to the standard
+     successfully (as required by the security policy).  If a command is
-     error.  If ssuuddoo cannot stat(2) one or more entries in the user's PATH, an
+     specified with the --ll option, the exit value will only be 0 if the
-     error is printed to the standard error.  (If the directory does not exist
+     command is permitted by the security policy, otherwise it will be 1.
-     or if it is not really a directory, the entry is ignored and no error is
+
+     If there is an authentication failure, a configuration/permission problem
+     or if the given command cannot be executed, ssuuddoo exits with a value of 1.
+     In the latter case, the error string is printed to the standard error.
+     If ssuuddoo cannot stat(2) one or more entries in the user's PATH, an error
+     is printed to the standard error.  (If the directory does not exist or if
+     it is not really a directory, the entry is ignored and no error is
      printed.)  This should not happen under normal circumstances.  The most
      common reason for stat(2) to return "permission denied" is if you are
      running an automounter and one of the directories in your PATH is on a

doc/sudo.man.in

@@ -460,9 +460,9 @@ If a
 is specified and is permitted by the security policy, the fully-qualified
 path to the command is displayed along with any command line
 arguments.
-If
+If a
 \fIcommand\fR
-is specified but not allowed,
+is specified but not allowed by the policy,
 \fBsudo\fR
 will exit with a status value of 1.
 .TP 12n
@@ -896,14 +896,24 @@ Upon successful execution of a command, the exit status from
 will be the exit status of the program that was executed.
 If the command terminated due to receipt of a signal,
 \fBsudo\fR
-will send itself the signal that terminated the command.
+will send itself the same signal that terminated the command.
 .PP
-Otherwise,
+If the
+\fB\-l\fR
+option was specified without a command,
 \fBsudo\fR
-exits with a value of 1 if there is a configuration/permission
+will exit with a value of 0 if the user is allowed to run
-problem or if
 \fBsudo\fR
-cannot execute the given command.
+and they authenticated successfully (as required by the security policy).
+If a command is specified with the
+\fB\-l\fR
+option, the exit value will only be 0 if the command is permitted by the
+security policy, otherwise it will be 1.
+.PP
+If there is an authentication failure, a configuration/permission
+problem or if the given command cannot be executed,
+\fBsudo\fR
+exits with a value of 1.
 In the latter case, the error string is printed to the standard error.
 If
 \fBsudo\fR

doc/sudo.mdoc.in

@@ -419,9 +419,9 @@ If a
 is specified and is permitted by the security policy, the fully-qualified
 path to the command is displayed along with any command line
 arguments.
-If
+If a
 .Ar command
-is specified but not allowed,
+is specified but not allowed by the policy,
 .Nm
 will exit with a status value of 1.
 .It Fl n , -non-interactive
@@ -825,14 +825,24 @@ Upon successful execution of a command, the exit status from
 will be the exit status of the program that was executed.
 If the command terminated due to receipt of a signal,
 .Nm
-will send itself the signal that terminated the command.
+will send itself the same signal that terminated the command.
 .Pp
-Otherwise,
+If the
+.Fl l
+option was specified without a command,
 .Nm
-exits with a value of 1 if there is a configuration/permission
+will exit with a value of 0 if the user is allowed to run
-problem or if
 .Nm
-cannot execute the given command.
+and they authenticated successfully (as required by the security policy).
+If a command is specified with the
+.Fl l
+option, the exit value will only be 0 if the command is permitted by the
+security policy, otherwise it will be 1.
+.Pp
+If there is an authentication failure, a configuration/permission
+problem or if the given command cannot be executed,
+.Nm
+exits with a value of 1.
 In the latter case, the error string is printed to the standard error.
 If
 .Nm