According to RFC 2812 the parameter to a WHOIS query may contain a comma-delimited list of masks---
http://tools.ietf.org/html/rfc2812#section-3.6.2
---where each mask may contain wildcards (defined in section 2.5). The RFC isn't completely explicit about what the masks are matched against, but it seems to imply they're matched against nicknames only, and this is indeed the behavior I've found on other servers.
The patch below contains tests that exercise this. I started trying to make them pass, but so far it looks like it would not be a quick task for me. I suspect someone else will accomplish it more efficiently. :)
Dana
--- ngircd-CVSHEAD/src/testsuite/whois-test.e 1969-12-31 16:00:00.000000000 -0800 +++ ngircd-WHOIS-wildcards/src/testsuite/whois-test.e 2008-02-16 14:54:21.000000000 -0800 @@ -0,0 +1,53 @@ +# $Id$ + +spawn telnet localhost 6789 +expect { + timeout { exit 1 } + "Connected" +} + +send "nick nick\r" +send "user user . . :Real Name\r" +expect { + timeout { exit 1 } + "376" +} + +send "whois nick\r" +expect { + timeout { exit 1 } + "311 nick nick ~user localhost * :Real Name\r" +} + +send "whois *\r" +expect { + timeout { exit 1 } + "311 nick nick ~user localhost * :Real Name\r" +} + +send "whois n*\r" +expect { + timeout { exit 1 } + "311 nick nick ~user localhost * :Real Name\r" +} + +send "whois ?ick\r" +expect { + timeout { exit 1 } + "311 nick nick ~user localhost * :Real Name\r" +} + +send "whois ????,n?*k\r" +expect { + timeout { exit 1 } + "311 nick nick ~user localhost * :Real Name\r" + "311 nick nick ~user localhost * :Real Name\r" +} + +send "quit\r" +expect { + timeout { exit 1 } + "ERROR" +} + +# -eof-