escaped _ in mysqlquery, as its a query wildcard. this fixes errors where users with usernames matching start of other usernames getting to much access.

mysql-dbadm.c

@@ -1,5 +1,5 @@
 /*
- * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.7 2002-06-05 08:01:31 tlan Exp $
+ * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.8 2003-04-03 22:30:40 lkarsten Exp $
  *
  * mysql-dbadm.c
  *
@@ -143,8 +143,11 @@ list(MYSQL *pmysql)
 	break;
 
     wild = malloc(strlen(*cp)+3);
-    sprintf(wild, "%s_%%", *cp);
+    sprintf(wild, "%s\_%%", *cp);
 
+#ifdef DEBUG
+    printf("dbadm: wildcard: %s\n", wild);
+#endif
     res = mysql_list_dbs(pmysql, wild);
     rows = mysql_num_rows(res);
 

mysql-useradm.c

@@ -1,5 +1,5 @@
 /*
- * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.5 2002-03-10 17:43:53 lkarsten Exp $
+ * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.6 2003-04-03 22:30:45 lkarsten Exp $
  *
  * mysql-useradm.c
  *
@@ -179,7 +179,7 @@ list(MYSQL *pmysql)
   struct passwd *p;
 
   p = getpwuid(getuid());
-  sprintf(query, "select user from user where user='%s' or user like '%s_%%'",
+  sprintf(query, "select user from user where user='%s' or user like '%s\_%%'",
 	  p->pw_name, p->pw_name);
 
   numgroups = 0;
@@ -187,10 +187,14 @@ list(MYSQL *pmysql)
   usrgroups = get_group_names(&numgroups);
   cp = usrgroups;
   while (*cp) {
-    sprintf(&query[strlen(query)], " or user='%s' or user like '%s_%%'", *cp, *cp);
+    sprintf(&query[strlen(query)], " or user='%s' or user like '%s\_%%'", *cp, *cp);
     cp++;
   }
 
+#ifdef DEBUG
+  printf("about to run query: %s", query);
+#endif
+
   if (mysql_query(pmysql, query))
     {
       dberror(pmysql, "Failed to look up %s's users.", p->pw_name);