docs/tech/7.html

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11-strict.dtd">
<!-- Annoyingly, <u> has been removed, so replacing it with <span style="text-decoration: underline">, as in 2.html -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Style-Type" content="text/css"/>
<style type="text/css">@import "style.css";</style>
<title>IRC Services Technical Reference Manual - 7. Services pseudoclients</title>
</head>

<body>
<h1 class="title" id="top">IRC Services Technical Reference Manual</h1>

<h2 class="section-title">7. Services pseudoclients</h2>

<p class="section-toc">
     7-1. <a href="#s1">Basic features of a pseudoclient</a>
<br/>7-2. <a href="#s2">OperServ</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-2-1. <a href="#s2-1">OperServ core functionality</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-2-2. <a href="#s2-2">Usermask-related functions</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-2-2-1. <a href="#s2-2-1">Common mask data support</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-2-2-2. <a href="#s2-2-2">Autokills</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-2-2-3. <a href="#s2-2-3">S-lines</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-2-3. <a href="#s2-3">Session limiting</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-2-4. <a href="#s2-4">News</a>
<br/>7-3. <a href="#s3">NickServ</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-3-1. <a href="#s3-1">NickServ core functionality</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-3-1-1. <a href="#s3-1-1">Nickname data structures and utility macros</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-3-1-2. <a href="#s3-1-2">Overall module structure</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-3-1-3. <a href="#s3-1-3">The <tt>SET</tt> and <tt>UNSET</tt> commands</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-3-1-4. <a href="#s3-1-4">NickServ utility routines</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-3-1-5. <a href="#s3-1-5">Nickname colliding</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-3-2. <a href="#s3-2">Nickname access lists</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-3-3. <a href="#s3-3">Nickname auto-join lists</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-3-4. <a href="#s3-4">Linking and nickname groups</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-3-5. <a href="#s3-5">E-mail address authentication</a>
<br/>7-4. <a href="#s4">ChanServ</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-4-1. <a href="#s4-1">ChanServ core functionality</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-1-1. <a href="#s4-1-1">Channel data structures</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-1-2. <a href="#s4-1-2">Overall module structure</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-1-3. <a href="#s4-1-3">Channel status checking and modification</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-1-4. <a href="#s4-1-4">The <tt>SET</tt> and <tt>UNSET</tt> commands</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-1-5. <a href="#s4-1-5">ChanServ utility routines</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-4-2. <a href="#s4-2">Channel access list handling</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-2-1. <a href="#s4-2-1">Access list basics</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-2-2. <a href="#s4-2-2">Manipulation via <tt>ACCESS</tt> and <tt>LEVELS</tt></a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-4-2-3. <a href="#s4-2-3">Manipulation via <tt>XOP</tt></a>
<br/>7-5. <a href="#s5">MemoServ</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-5-1. <a href="#s5-1">MemoServ core functionality</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-5-1-1. <a href="#s5-1-1">Memo data structures</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7-5-1-2. <a href="#s5-1-2">The <tt>memoserv/main</tt> module</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-5-2. <a href="#s5-2">Memo ignore lists</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-5-3. <a href="#s5-3">Memo forwarding</a>
<br/>7-6. <a href="#s6">StatServ</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-6-1. <a href="#s6-1">StatServ data structures</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-6-2. <a href="#s6-2">The StatServ module</a>
<br/>7-7. <a href="#s7">Miscellaneous pseudoclients</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-7-1. <a href="#s7-1">HelpServ</a>
<br/>&nbsp;&nbsp;&nbsp;&nbsp;7-7-2. <a href="#s7-2">DevNull</a>
</p>

<p class="backlink"><a href="6.html">Previous section: Database handling</a> | 
<a href="index.html">Table of Contents</a> |
<a href="8.html">Next section: Other modules</a></p>

<!------------------------------------------------------------------------>
<hr/>

<h3 class="subsection-title" id="s1">7-1. Basic features of a pseudoclient</h3>

<p>Pseudoclients are the user-visible part of Services, providing the
actual service functions which IRC users take advantage of.  While the
details of each pseudoclient differ greatly, all pseudoclients share some
common features:</p>

<ul>
<li class="spaced">Register one or more nicknames via the
        "<tt>introduce_user</tt>" callback, through which the pseudoclient
        communicates with IRC clients; see below for details.</li>
<li class="spaced">Receive commands from IRC clients via <tt>PRIVMSG</tt>
        messages.  (According to RFC 1459, pseudoclients <i>must not</i>
        respond to <tt>NOTICE</tt> messages, in order to prevent infinite
        loops in which two pseudoclients repeatedly respond to each others'
        notices.)</li>
<li class="spaced">Communicate to IRC clients via <tt>NOTICE</tt> messages.
        (While not explicitly mandated by the RFC, this is in order to
        avoid potential message loops with other pseudoclients.  Occasional
        requests have been made for Services to allow using
        <tt>PRIVMSG</tt> for communication with users, apparently because
        some IRC programs do not show <tt>NOTICE</tt> messages to users,
        but such requests have been intentionally disregarded for the above
        reason.)</li>
<li class="spaced">Provide a set of commands which users can use to invoke
        the pseudoclient's functions.  (The miscellaneous modules described
        in <a href="#s7">section 7-7</a> are an exception; the HelpServ
        pseudoclient has only one function with no associated command name,
        and the DevNull pseudoclient has none.)  Each message to a
        pseudoclient is interpreted as a command name and parameters, each
        separated by one or more space characters (ASCII 0x20&mdash;note
        that the tab character is <i>not</i> treated as a separator).</li>
</ul>

<p>The "<tt>introduce_user</tt>" callback mentioned above is called by the
same-named function, <tt>introduce_user()</tt>, to request that each module
introduce its nickname(s) to the IRC network by calling
<tt>send_pseudo_nick()</tt> (in <tt>send.c</tt>).  The callback takes a
single <tt>const char&nbsp;*</tt> parameter, which is <tt>NULL</tt> when
the callback is called at startup, or the nickname seen in a <tt>KILL</tt>
message when one is received; accordingly, pseudoclients should introduce
their nicknames only when the parameter either is <tt>NULL</tt> or matches
(case-insensitively, as determined by <tt>irc_stricmp()</tt>) the nickname
to be introduced.  <tt>send_pseudo_nick()</tt> takes three parameters: the
nickname of the pseudoclient to be introduced, the pseudoclient's "real
name" string (usually a description of the pseudoclient), and a flag value,
composed of zero or more of the following flags:</p>
<ul>
<li><tt><b>PSEUDO_OPER</b></tt>: The client requires IRC operator
        privileges.  (This does not necessarily guarantee that the client
        will be given the <tt>+o</tt> user mode; some IRC servers allow any
        Services pseudoclient to use IRC operator functions, and
        <tt>+o</tt> is omitted with such servers.)</li>
<li><tt><b>PSEUDO_INVIS</b></tt>: The client should be marked invisible
        (user mode <tt>+i</tt>).</li>
</ul>

<p>Command processing is typically performed by hooking into the core's
"<tt>m_privmsg</tt>" callback, which is intended specifically for this
purpose.  Depending on the pseudoclient, it may also be necessary to
respond to other events on the IRC network, such as channel joins or mode
changes; these can typically be handled by hooking into the relevant
callback.  In extreme cases, it may be necessary to make use of the
low-level "<tt>receive message</tt>" callback as well; this should be
avoided when possible, however, as it circumvents the standard message
processing and can result in network desynchronization.</p>

<p>For databases maintained by pseudoclients, the following six functions
are typically provided by the pseudoclient for other code that needs direct
access to the database (<tt><span style="text-decoration: underline"><i>type</i></span></tt> is the record data
type, <tt><span style="text-decoration: underline"><i>name</i></span></tt> is a distinguishing name generally
derived from <tt><span style="text-decoration: underline"><i>type</i></span></tt>, and <tt><span style="text-decoration: underline"><i>keytype</i></span></tt>
is the data type of the key field):</p>

<dl>
<dt><tt><span style="text-decoration: underline"><i>type</i></span> *<b>add_<span style="text-decoration: underline"><i>name</i></span></b>(<span style="text-decoration: underline"><i>type</i></span> *<i>record</i>)</tt></dt>
    <dd>Adds the given record to the database, returning a pointer to the
        record structure as stored (which may be different from the pointer
        passed into the function).</dd>

<dt><tt>void <b>del_<span style="text-decoration: underline"><i>name</i></span></b>(<span style="text-decoration: underline"><i>type</i></span> *<i>record</i>)</tt></dt>
    <dd>Deletes the given record from the database.  <tt><i>record</i></tt>
        is assumed to be valid, <i>i.e.</i> a pointer returned by a
        previous call to another database function.</dd>

<dt><tt><span style="text-decoration: underline"><i>type</i></span> *<b>get_<span style="text-decoration: underline"><i>name</i></span></b>(<span style="text-decoration: underline"><i>keytype</i></span> *<i>key</i>)</tt></dt>
    <dd>Returns the record for the given key, or <tt>NULL</tt> if the key
        is not found in the database.</dd>

<dt><tt>void <b>put_<span style="text-decoration: underline"><i>name</i></span></b>(<span style="text-decoration: underline"><i>type</i></span> *<i>record</i>)</tt></dt>
    <dd>Indicates that the given record is no longer in use.  Each call to
        a database's <tt>get()</tt> function must be followed by a
        <tt>put()</tt> call for the same record, unless the record is
        deleted first.  <i>Implementation note: A <tt>put()</tt> function
        was first introduced in 5.0 with the intention that it be used for
        indicating when a record had been updated, for the purpose of
        storing the updated data into persistent storage such as an
        SQL-based database.  DBMS support never materialized, and the
        function's purpose was redefined for version 5.1 to keep track of
        which records are actively in use, but I have no confidence that
        the code does <tt>put()</tt> calls in all necessary cases and no
        others; in fact, it appears that <tt>put_nickgroupinfo()</tt> (at
        least) is called more often than it should be.  It may have been
        better to drop <tt>put()</tt> entirely and use other methods of
        checking whether records are in use before expiring them.</i></dd>

<dt><tt><span style="text-decoration: underline"><i>type</i></span> *<b>first_<span style="text-decoration: underline"><i>name</i></span></b>()</tt>
        <br/><tt><span style="text-decoration: underline"><i>type</i></span> *<b>next_<span style="text-decoration: underline"><i>name</i></span></b>()</tt></dt>
    <dd>Iterates through the database.  <tt>first()</tt> returns the first
        record in the database, and subsequent <tt>next()</tt> calls return
        each successive record, finally returning <tt>NULL</tt> when all
        records have been iterated through (if there are no records at all,
        both <tt>first()</tt> and <tt>next()</tt> return <tt>NULL</tt>).
        The order is database-dependent, but no record will be returned
        more than once from the time <tt>first()</tt> is called to the time
        <tt>next()</tt> returns <tt>NULL</tt>.  It is unspecified whether
        records added while iterating through the database will be
        included in the iteration.  Note that these functions are
        <i>not</i> considered a "get" for the purposes of the
        <tt>put()</tt> function; thus a call to <tt>put()</tt> is not
        required for simple iteration, but if any other database function
        is to be called before the following <tt>next()</tt>, then an
        explicit call to <tt>get()</tt> (and a matching call to
        <tt>put()</tt>) must be made to prevent the record in use from
        being deleted.</dd>
</dl>

<p>The following sections describe each of the Services pseudoclients in
detail.  The reader is assumed to be familiar with the functions of each
pseudoclient from a user's point of view, as described in
<a href="../3.html">section 3 of the user's manual</a>.</p>

<p class="backlink"><a href="#top">Back to top</a></p>

<!------------------------------------------------------------------------>
<hr/>

<h3 class="subsection-title" id="s2">7-2. OperServ</h3>

<p>The OperServ pseudoclient provides services to IRC operators allowing
control of the network and of Services itself.  While not seen by most IRC
users, this pseudoclient is discussed first since it provides functionality
used by most other pseudoclients.</p>

<p>As with most of the Services pseudoclients, OperServ is composed of one
core or "main" module, <tt>operserv/main</tt>, and several optional modules
providing additional functionality.  These are each discussed in separate
sections below.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s2-1">7-2-1. OperServ core functionality</h4>

<p>The core functionality of OperServ is contained in the
<tt>modules/operserv/main.c</tt> source file, compiled into the
<tt>operserv/main</tt> module.  In addition to the implementation of the
core OperServ commands, this file also defines several utility functions
used by several other pseudoclient modules; external declarations of these
functions and associated constants are located in
<tt>modules/operserv/operserv.h</tt>.</p>

<p><tt>main.c</tt> is written using the same general structure as most
module source files.  At the top of the file are variable definitions,
including configuration variables, which are given the same names as their
corresponding configuration directives; these are followed by forward
declarations of individual command routines and the command list.  Next
come database-related structures and routines, followed by the top-level
pseudoclient routines (the "<tt>introduce_user</tt>", "<tt>m_privmsg</tt>",
and "<tt>m_whois</tt>" callback functions), and finally the actual command
routines, along with any utility routines needed.</p>

<p>For OperServ, the first item of note is the list of several commands and
command routines inside <tt>#ifdef DEBUG_COMMANDS</tt>.  These are, as the
conditional name suggests, commands used for debugging Services, and are
only available to the Services super-user; the commands are described in
detail below.</p>

<p>OperServ stores several values to persistent storage, including the
maximum client count, the time at which that maximum was reached, and the
super-user (<tt>SU</tt> command) password.  This data is stored by
aggregating the data into a single structure, <tt>operserv_data</tt>, and
storing that structure as a single database "record" in a table named
"<tt>oper</tt>".  Two exported functions, <tt>get_operserv_data()</tt> and
<tt>put_operserv_data()</tt>, are also provided to allow external modules,
in particular the XML import and export modules (see
<a href="8.html#s4">section 8-4</a>), to access the data as well.</p>

<p>In order to check a client's Services privilege level (Services
operator, Services administrator, or Services super-user), OperServ requires
access to the nickname data, in which each registered nickname group's
privilege level is stored (the <tt>os_priv</tt> member).  However, since
NickServ requires that OperServ be loaded first, OperServ must look up the
symbols for these routines during its normal operation.  Six local functions
are defined, one for each of the imported routines (<tt>get_nickinfo()</tt>,
<tt>put_nickinfo()</tt>, <tt>_get_ngi()</tt>, <tt>put_nickgroupinfo()</tt>,
<tt>first_nickgroupinfo()</tt>, and <tt>next_nickgroupinfo()</tt>), taking
the same parameters and returning the same values as the real routines; the
local versions look up the symbol for each routine and then call the
corresponding address, returning an appropriate error value if the symbol
cannot be resolved (or NickServ is not loaded).</p>

<p>The main processing routine itself, <tt>operserv()</tt>, is registered
as a callback function for the "<tt>m_privmsg</tt>" callback, called for
each <tt>PRIVMSG</tt> received by Services.  The routine first checks that
the message is intended for OperServ; then it ensures that the client that
sent the message is an IRC operator, to avoid any possibility of
non-operator clients exploiting a bug in the OperServ code.  The message
received is then logged in the log file, except that parameters to the
<tt>SU</tt> and <tt>SET SUPASS</tt> commands are replaced with a dummy
string to avoid leaving the super-user password in the log file.  (OperServ
has no way to detect if one of these commands is misspelled, so for
example, a mistaken <tt>SET SUPSAS</tt> will be logged in full, including
the password.)  Next, the command name is extracted from the message
using the <tt>strtok()</tt> function; this also prepares <tt>strtok()</tt>
for the command handler to use in extracting the command parameters (see
below).  After handling CTCP <tt>PING</tt> messages separately, OperServ
calls a "<tt>command</tt>" callback, allowing other modules a chance to
process the command first.  Finally, if no callback function responds to
the command, it is looked up in the command table and the command's handler
function is called (if the command is not found, an error message is sent
instead).</p>

<p>Following this and other callback functions are the privilege check
functions; <tt>is_services_root()</tt>, <tt>is_services_admin()</tt>, and
<tt>is_services_oper()</tt>, which check whether a client has Services
super-user, Services administrator, and Services operator privileges
respectively (any client with a higher privilege level is treated as
having all lower privilege levels as well).  The <tt>is_services_root()</tt>
function relies on the <tt>ServicesRoot</tt> configuration setting, along
with the <tt>UF_SERVROOT</tt> flag in the <tt>User</tt> structure
indicating clients which have successfully used the <tt>SU</tt> command;
lower privilege levels check the <tt>os_priv</tt> field of the nickname
group data structure (see <a href="#s3-1">section 7-3-1</a>) for privilege
determination.  These routines are exported, and used widely throughout the
other pseudoclient modules to perform privilege checks on clients; in
particular, they can be used as privilege check functions in the
<tt>has_priv</tt> member of a <tt>Command</tt> structure.  There is another
routine, <tt>nick_is_services_admin()</tt>, which checks if a particular
nickname can potentially can Services administrator access, ignoring
whether the nickname is actually in use at the time; this is used by
NickServ to prevent certain operations from being performed on such
nicknames by clients without Services administrator privilege.</p>

<p>The command routines themselves are fairly straightforward.  One thing
to note is that the routines all obtain parameters via
<tt>strtok(NULL,...)</tt> and <tt>strtok_remaining()</tt>; this relies on
the fact that <tt>operserv()</tt> leaves the message string in the
<tt>strtok()</tt> buffer after stripping the command name, so that each
routine can parse the command's parameters as appropriate for that command.
<tt>strtok_remaining()</tt> is used when the full remaining string is
desired, such as when sending a global message; this function is preferred
to <tt>strtok(NULL,"")</tt> because the latter can leave leading or
trailing whitespace in the result.</p>

<p>The processing for the <tt>HELP</tt> command, in <tt>do_help()</tt>, is
somewhat tortuous (although still simpler than in other pseudoclients) in
order to give proper help responses depending on how Services is
configured.  In the case of OperServ, some commands may or may not be
available depending on what submodules are loaded; the <tt>COMMANDS</tt>
help text, which lists the available commands, is combined from several
language strings depending on whether the appropriate modules are available
to provide a list of the commands which are actually usable at that
particular time.  Other modules include more complex processing, such as
checking the configuration variable values or protocol features.  For
commands that do not need such special-casing, the <tt>help_cmd()</tt>
routine in the Services core (see <a href="2.html#s10">section 2-10</a>)
sends a help message as defined by the <tt>Command</tt> structure.</p>

<p>The debug commands, defined toward the bottom of <tt>main.c</tt>, are as
follows:</p>

<dl>
<dt><tt><b>LISTSERVERS</b></tt> (<tt>send_server_list()</tt>)</dt>
    <dd>Sends a <tt>NOTICE</tt> for each server in the server list giving
        the contents of the <tt>Server</tt> structure.</dd>

<dt><tt><b>LISTCHANS</b></tt> (<tt>send_channel_list()</tt>)</dt>
    <dd>Sends two <tt>NOTICE</tt>s for each channel in the channel list.
        The first <tt>NOTICE</tt> gives the channel name, creation time,
        modes (as a string), limit, key ("<tt>-</tt>") if none, and
        topic; the second contains each client on the channel along with
        that client's channel user modes on the channel.  Any messages
        which exceed the maximum length of an IRC line are silently
        truncated.</dd>

<dt><tt><b>LISTCHAN</b> <i>channel</i></tt> (<tt>send_channel_info()</tt>)</dt>
    <dd>Sends a <tt>NOTICE</tt> for each client on the given channel with
        the client's channel user modes (as a hexadecimal value) and
        nickname.</dd>

<dt><tt><b>LISTUSERS</b></tt> (<tt>send_user_list()</tt>)</dt>
    <dd>Sends a <tt>NOTICE</tt> for each client on the network, giving
        the client's nickname and usermask, the "fake host" or "<tt>-</tt>"
        if none, the IP address or "<tt>-</tt>" if none, user modes as a
        string, signon timestamp (from the remote server), servicestamp,
        server name, nickname status flags or "<tt>-</tt>" if the nickname
        is not registered, ignore value, and real name field.</dd>

<dt><tt><b>LISTUSER</b> <i>nickname</i></tt> (<tt>send_user_info()</tt>)</dt>
    <dd>Sends three <tt>NOTICE</tt>s describing the state of the given
        client.  The first is identical to the line that <tt>LISTUSERS</tt>
        would output for the client; the second gives the channels which
        the client has currently joined; and the third gives the channels
        which the client has identified to ChanServ for.</dd>

<dt><tt><b>LISTTIMERS</b></tt> (<tt>send_timeout_list()</tt>, in
        <tt>timeout.c</tt>)</dt>
    <dd>Sends a <tt>NOTICE</tt> giving the current time, followed by a
        <tt>NOTICE</tt> for each timeout currently in the list giving the
        timeout pointer, timestamp, function pointer, and function
        argument.  This routine is defined in <tt>timeout.c</tt> because
        the internal timeout fields are hidden from other source
        files.</dd>

<dt><tt><b>MATCHWILD</b> <i>pattern</i> <i>string</i> </tt> (<tt>do_matchwild()</tt>)</dt>
    <dd>Sends a <tt>NOTICE</tt> giving the result of calling
        <tt>match_wild</tt> with the given parameters.</dd>

<dt><tt><b>SETCMODE [<i>channel</i> <i>modes</i> <i>mode-params</i>...]</b></tt> (<tt>do_setcmode()</tt>)</dt>
    <dd>Calls <tt>set_cmode()</tt> with the given parameters, using
        <tt>ServerName</tt> as the message sender.  If no parameters are
        given, calls <tt>set_cmode(NULL,NULL)</tt> to flush out all
        pending mode changes.  Note that the number of mode parameters
        (including the mode string itself) is limited by the
        <tt>SETCMODE_NPARAMS</tt> macro, defined to 10 in the source
        code.</dd>

<dt><tt><b>MONITOR-IGNORE</b> [<i>nickname</i>]</tt> (<tt>do_monitor_ignore()</tt>)</dt>
    <dd>If a nickname is given, starts recording that nickname's ignore
        value to the log file at 100ms intervals; if no nickname is given,
        cancels any previous monitoring.  Note that in order to ensure
        sub-second resolution, the <tt>TimeoutCheck</tt> configuration
        variable is set to 10 (milliseconds) when a nickname is given,
        potentially causing a reduction in performance; the old value is
        <i>not</i> restored when the command is given without a
        nickname.</dd>

<dt><tt><b>GETSTRING</b> <i>language</i> <i>string</i></tt> (<tt>do_getstring()</tt>)</dt>
    <dd>Sends a <tt>NOTICE</tt> containing the text corresponding to the
        given string in the given language.  Both <tt><i>language</i></tt>
        and <tt><i>string</i></tt> can be given as either names or raw
        numbers.</dd>

<dt><tt><b>SETSTRING</b> <i>language</i> <i>string</i> [<i>text</i>]</tt> (<tt>do_setstring()</tt>)</dt>
    <dd>Calls <tt>setstring()</tt> to set the given string in the given
        language to the given text.  If no text is given, the string
        becomes empty.</dd>

<dt><tt><b>MAPSTRING</b> <i>old</i> <i>new</i></tt> (<tt>do_mapstring()</tt>)</dt>
    <dd>Calls <tt>mapstring()</tt> to map one string to another.
        <tt><i>old</i></tt> and <tt><i>new</i></tt> are string names or
        numbers.</dd>

<dt><tt><b>ADDSTRING</b> <i>name</i></tt> (<tt>do_addstring()</tt>)</dt>
    <dd>Calls <tt>addstring()</tt> to add a string with the given name to
        the language table.  On success, sends a <tt>NOTICE</tt> with the
        new string number.</dd>
</dl>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s2-2">7-2-2. Usermask-related functions</h4>

<h5 class="subsubsubsection-title" id="s2-2-1">7-2-2-1. Common mask data support</h5>

<p>One of the major features of OperServ not included in the core module
is the autokill and S-line functionality.  While these are in fact defined
in separate modules, most of the processing for both sets of functions is
subsumed under the <tt>MaskData</tt> structure and its generic processing
routines included in the core OperServ module, located in
<tt>maskdata.c</tt> and <tt>maskdata.h</tt>.  This structure contains the
elements common to all of these features: a mask string (whose
interpretation is left to the particular module), an associated reason
string, the nickname of the client that added the mask, the time the mask
was added, the time it expires, and the last time the mask was applied to a
client; these are stored in the <tt>mask</tt>, <tt>reason</tt>,
<tt>who</tt>, <tt>time</tt>, <tt>expires</tt>, and <tt>lastused</tt>
fields of the structure, respectively.  The remaining fields (other than
the record management fields <tt>next</tt>, <tt>prev</tt>, and
<tt>usecount</tt>) are: <tt>type</tt>, containing an 8-bit value
identifying the type of mask; <tt>num</tt>, giving the user-visible index
number for session exception records (see <a href="#s2-3">section
7-2-3</a>); and <tt>limit</tt>, used for the session limit in session
exception records.</p>

<p>As mentioned above, each <tt>MaskData</tt> record has an associated
type; more accurately, there are multiple sets of <tt>MaskData</tt>
records, one set for each type (the <tt>type</tt> field is only used
internally for loading and saving data from or to persistent storage, and
does not need to be set by the caller).  The available types, defined by
the <tt>MD_*</tt> constants in <tt>maskdata.h</tt>, are:</p>
<ul>
<li><b><tt>MD_AKILL</tt>:</b> An autokill record.</li>
<li><b><tt>MD_EXCLUDE</tt>:</b> An autokill exclusion record.</li>
<li><b><tt>MD_EXCEPTION</tt>:</b> A session exception record.</li>
<li><b><tt>MD_SGLINE</tt>:</b> An SGline record.</li>
<li><b><tt>MD_SQLINE</tt>:</b> An SQline record.</li>
<li><b><tt>MD_SZLINE</tt>:</b> An SZline record.</li>
</ul>
<p>It is worth noting that (as also mentioned in <a href="#s2-2-3">section
7-2-2-3</a> below) the values chosen for <tt>MD_SGLINE</tt>,
<tt>MD_SQLINE</tt>, and <tt>MD_SZLINE</tt> are the ASCII values of the
characters <tt>G</tt>, <tt>Q</tt>, and <tt>Z</tt> respectively; this was
done in order to simplify common code for all three types of S-lines, so
that the type value could be used as is in messages sent to clients rather
than having to make separate tests to determine the appropriate text to
send.  (For example, most of the language file messages for S-line actions
use "<tt>S%cLINE</tt>" in the format string, where the <tt>%c</tt> is
replaced by the type value.)</p>

<p>One other structure, <tt>MaskDataCmdInfo</tt>, can be found in
<tt>maskdata.h</tt>; this structure collects information particular to a
single <tt>MaskData</tt> type for use by the common command processing.
The bulk of the structure consists of language string indices, which are
used in sending responses to commands procesed by the common code.  These
are preceded by: <tt>name</tt>, the command name (such as "<tt>AKILL</tt>"
or "<tt>SGLINE</tt>"); <tt>type</tt>, the record type to be used; and
<tt>def_expiry_ptr</tt>, a pointer to a variable containing the default
expiration period in seconds (a pointer is used so that any changes to the
value can be recognized immediately without having to modify this structure
as well).  There are also five function pointers, all of which are optional
(and should be set to <tt>NULL</tt> if not needed):</p>

<dl>
<dt><tt>void (*<b>mangle_mask</b>)(char *<i>mask</i>)</tt></dt>
    <dd>Makes any necessary changes to a mask before it is operated on.
        Any modifications may be made to the mask as long as they do not
        lengthen it beyond the original string length.  Currently, this
        is used to force case-insensitive masks to lowercase, to avoid the
        possibility of multiple matching masks with differing case from
        being added to the database.</dd>

<dt><tt>int (*<b>check_add_mask</b>)(const User *<i>u</i>, uint8 <i>type</i>, char *<i>mask</i>, time_t *<i>expiry_ptr</i>)</tt></dt>
    <dd>Checks whether the given mask of the given type is allowed to be
        added with the given expiration time (in seconds from the present
        time, passed as a pointer); returns nonzero to allow the mask to be
        added, zero to deny it.  The mask and expiration time may be
        modified by the function, provided that the mask is not lengthened
        beyond the original string length.</dd>

<dt><tt>void (*<b>do_add_mask</b>)(const User *<i>u</i>, uint8 <i>type</i>, MaskData *<i>md</i>)</tt></dt>
    <dd>Performs any extra actions necessary when a mask is added to the
        database, such as sending that mask to the network.</dd>

<dt><tt>void (*<b>do_del_mask</b>)(const User *<i>u</i>, uint8 <i>type</i>, MaskData *<i>md</i>)</tt></dt>
    <dd>Performs any extra actions necessary when a mask is removed from
        the database.</dd>

<dt><tt>int (*<b>do_unknown_cmd</b>)(const User *<i>u</i>, const char *<i>cmd</i>, char *<i>mask</i>)</tt></dt>
    <dd>Processes an unknown subcommand for the associated command,
        returning nonzero if the subcommand was handled, zero otherwise.</dd>
</dl>

<p>The function which implements the mask-related command support is
<tt>do_maskdata_cmd()</tt>, defined below the database support functions in
<tt>maskdata.c</tt>.  This function behaves in the same way as a standard
pseudoclient command handler, taking a single <tt>User&nbsp;*</tt>
parameter giving the client that sent the command, and retrieving command
parameters via <tt>strtok(NULL,...)</tt>.  After obtaining the subcommand
name and its parameters (with double-quote processing for masks), the
routine checks for the known subcommands <tt>ADD</tt>, <tt>DEL</tt>,
<tt>CLEAR</tt>, <tt>LIST</tt>, <tt>VIEW</tt>, <tt>CHECK</tt>, and
<tt>COUNT</tt>, processing each appropriately.  If the subcommand is not
one of these, it is passed to the command's <tt>do_unknown_cmd()</tt>
function; if that function returns zero or does not exist, an error is
sent to the client.</p>

<p>The subcommands themselves are implemented by local routines:
<tt>do_maskdata_add()</tt>, <tt>do_maskdata_del()</tt>, and so on.  These
check the validity of the parameters for the particular subcommand and
perform the appropriate action, using the language string indices in the
<tt>MaskDataCmdInfo</tt> structure to send replies to the client that
issued the command.</p>

<p>There are also three utility functions defined after the command
handler routines:</p>

<dl>
<dt><tt>void *<b>new_maskdata</b>()</tt></dt>
    <dd>Allocates, initializes, and returns a new <tt>MaskData</tt>
        structure.  (The return value is <tt>void&nbsp;*</tt> to avoid a
        type warning in the database table declaration.)</dd>

<dt><tt>void <b>free_maskdata</b>(void *<i>record</i>)</tt></dt>
    <dd>Frees the <tt>MaskData</tt> structure pointed to by
        <tt><i>record</i></tt>,  Does nothing if <tt><i>record</i></tt> is
        <tt>NULL</tt>.</dd>

<dt><tt>char *<b>make_reason</b>(const char *<i>format</i>, const MaskData *<i>data</i>)</tt></dt>
    <dd>Returns the reason string for the given mask and format string.
        If <tt><i>format</i></tt> contains a "<tt>%s</tt>", it will be
        replaced by the mask's reason string in the return value;
        otherwise, the returned string is identical to
        <tt><i>format</i></tt>.  The result string is stored in a static
        buffer, which is overwritten by subsequent calls to
        <tt>make_reason()</tt>.</dd>
</dl>

<p>With respect to the database management routines, <tt>MaskData</tt>
records are stored in variable-length arrays, one array for each of the 256
possible mask types.  (Arrays were chosen over hash tables for simplicity;
since the most common use of these records is searching all records of a
particular type for one that matches a given string, there would be little
benefit to the use of a hash table.)  The <tt>next</tt> and <tt>prev</tt>
fields are not ordinarily required for array handling, but the code stores
the (integer) array index value in the <tt>next</tt> field via a cast to
<tt>void&nbsp;*</tt>, allowing the code to know where in the array a given
record is located without having to search through the array every time
(note that the <tt>num</tt> field is used for a different
purpose&mdash;index numbers for session exceptions&mdash;and is not
available).  Aside from the standard database operations, which take a
<tt>uint8 <i>type</i></tt> parameter in addition to the mask record itself,
the following functions are included:</p>

<dl>
<dt><tt>MaskData *<b>get_matching_maskdata</b>(uint8 <i>type</i>, const char *<i>str</i>)</tt></dt>
    <dd>Searches for and returns (in the same manner as
        <tt>get_maskdata()</tt>, including expiration checks) a mask which
        matches the wildcard pattern given by <tt><i>str</i></tt>.  If more
        than one mask matches, an arbitrary one is returned.</dd>

<dt><tt>MaskData *<b>get_exception_by_num</b>(int <i>num</i>)</tt></dt>
    <dd>Retrieves a mask of the <tt>MD_EXCEPTION</tt> (session exception)
        type by its index number.</dd>

<dt><tt>MaskData *<b>move_exception</b>(MaskData *<i>except</i>, int <i>newnum</i>)</tt></dt>
    <dd>Changes the index number of the given <tt>MD_EXCEPTION</tt> mask.
        (Internally, this reorders the mask array so that entries remain in
        order by index number.)</dd>
</dl>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s2-2-2">7-2-2-2. Autokills</h5>

<p>As mentioned above, one of the main uses of this mask data code is the
autokill module, <tt>operserv/akill</tt>, defined in <tt>akill.c</tt> and
<tt>akill.h</tt>.  While support for the OperServ <tt>AKILL</tt> and
<tt>EXCLUDE</tt> commands simply makes use of the aforementioned
<tt>do_maskdata_cmd()</tt> function, handling for the actual autokills and
autokill exclusions themselves is defined within the autokill module.  This
includes:</p>

<ul>
<li class="spaced"><tt>send_akill()</tt> and <tt>cancel_akill()</tt>, and
        their autokill exclusion companions <tt>send_exclude()</tt> and
        <tt>cancel_exclude()</tt>, which (via callbacks hooked into by
        protocol modules) take care of adding and removing autokills and
        exclusions on the network.  Note that <tt>cancel_akill()</tt> and
        <tt>cancel_exclude()</tt> destroy their <tt>char&nbsp;*</tt>
        parameters, but as they are only called when deleting a record,
        this is not a problem.</li>

<li class="spaced"><tt>do_user_check()</tt>, which hooks into the
        "<tt>user check</tt>" callback to check whether a newly connecting
        client matches any active autokills or exclusions and take
        appropriate action.</li>

<li class="spaced"><tt>create_akill()</tt>, an exported function which
        creates a new autokill record given the usermask, reason, setter
        nickname, and time to expiration.  (There is currently no
        equivalent function for autokill exclusions.)</li>

<li class="spaced">The data structure and helper functions for
        <tt>do_maskdata_cmd()</tt>.  In particular, <tt>check_add_akill</tt>
        uses simple heuristics to check for masks that are so general that
        they would match any conceivable combination of username and
        hostname (for example, "<tt>*@*</tt>" or "<tt>?*@*?.*?*</tt>") and
        disallow such masks, in order to avoid situations where no one
        could connect to the network because every client matched the
        autokill.</li>

<li class="spaced">The <tt>AKILLCHAN</tt> command implementation,
        <tt>do_akillchan()</tt>.  It is worth noting that (as commented in
        the code) there is a race condition that can allow the client to
        reconnect in the miniscule interval between disconnecting the
        client with a <tt>KILL</tt> command and adding an autokill for that
        client; this negligible risk was taken in light of the fact that
        doing it the other way (sending the autokill first) causes some IRC
        servers to automatically kill the client, and OperServ's
        <tt>KILL</tt> would cause a "user not found" message to be logged
        (which did in fact generate some complaints from users).  However,
        once the client is killed, the username and hostname from the
        <tt>User</tt> structure are no longer available, so they must be
        saved ahead of time (the code at one point failed to do this,
        predictably resulting in crashes&mdash;hence the vitriolic comment
        about that mistake).</li>

<li class="spaced">The "<tt>connect</tt>" callback function, which sends
        all autokills to the network on initial connection.</li>

<li class="spaced">The "<tt>expire_maskdata</tt>" timeout function, which
        checks for autokill expiration.  In order to prevent flooding of
        IRC operators, for example when autokills set by an
        <tt>AKILLCHAN</tt> command expire, expiration announcements via
        <tt>WALLOPS</tt> are (if enabled) only sent at the rate of one per
        second, and any further expirations are merged into a single
        "<i>nnn</i> more autokills have expired" message sent after all
        expirations are complete.</li>

<li class="spaced">The OperServ "<tt>HELP</tt>" callback function, which
        is required to display the <tt>AKILL</tt> help message correctly.</li>

<li class="spaced">The OperServ "<tt>STATS ALL</tt>" callback function,
        used to calculate and display autokill memory usage in response to
        a <tt>STATS ALL</tt> command.</li>
</ul>

<p>One item of interest in the module setup code at the bottom of the
source file is the handling of the <tt>EXCLUDE</tt> command.
<tt>EXCLUDE</tt> can be enabled or disabled via a configuration file
option (<tt>EnableExclude</tt>), for reasons discussed below.  Rather than
create two command tables, one with <tt>EXCLUDE</tt> and one without, the
code simply modifies the <tt>EXCLUDE</tt> entry to have an empty command
name if the command is disabled; since command names parsed by OperServ
cannot be empty, the command will never be found.  (In order to locate the
entry again once the name has been cleared, a static variable is used, set
during module initialization to point to the proper element of the command
array.  The name is restored during module cleanup so that a subsequent
initialization will likewise be able to find it.)</p>

<p>The handling of autokill exclusions is trickier than it may seem at
first glance, due to protocols which support network-wide autokill masks
but not exclusion masks.  If one takes the naive approach of simply adding
autokill masks as usual, one will find that the effectiveness of the
autokill exclusions is severely limited.  For example, consider a network
with an autokill for <tt>*@*.example.com</tt> and an exclusion for
<tt>*@oper.example.com</tt>.  As long as the only users in the
<tt>example.com</tt> domain to connect are from the
<tt>oper.example.com</tt> host, the exclusion will function as expected.
However, as soon as a user from another <tt>example.com</tt> host connects,
the autokill will be triggered and sent out to the network&mdash;with the
unintended result that even users from <tt>oper.example.com</tt> are
prevented from connecting, since Services has no way to inform other
servers on the network about the autokill exclusion.</p>

<p>In order to avoid this problem, the <tt>operserv/akill</tt> module will
not make use of a protocol's autokill features if that protocol does not
also support autokill exclusions, and will simply send out a <tt>KILL</tt>
message for each user to be disconnected from the network.  However, this
may not be desirable for networks that have no intention of using the
autokill exclusion functionality.  For this reason, the
<tt>EnableExclude</tt> configuration option was added, allowing such
networks to choose between taking advantage of the protocol's autokill
feature and using exclusions with autokills.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s2-2-3">7-2-2-3. S-lines</h5>

<p>S-lines are the other primary user of the mask data code.  These sets of
client restriction masks (SGlines, SQlines, and SZlines) are implemented by
the <tt>operserv/sline</tt> module, defined in <tt>sline.c</tt> and
<tt>sline.h</tt>.</p>

<p>The S-line module is very similar to the autokill module, both
functionally and internally (in fact, <tt>sline.c</tt> started out as a
copy of <tt>akill.c</tt>).  The primary difference is in the sharing of
data and code between the three mask types.  Since the command names differ
only in a single character, the code takes the shortcut of using that
character as the mask type for use with the <tt>MaskData</tt> support
functions&mdash;this is the reason for the warning comment in
<tt>maskdata.h</tt> about changing the type values&mdash;and including a
<tt>%c</tt> token in relevant messages which is replaced by the mask type.
This enables a single message, such as "<tt>%d masks on the S%cLINE
list.</tt>", to be shared by code for all three sets of masks.  Several
functions are likewise shared by the three mask types, taking a type
parameter to select which data set to operate on.</p>

<p>Naturally, each type of mask is interpreted differently, so the actual
processing for each type is handled separately.  SQlines, in particular,
are checked by the utility routine <tt>check_sqline()</tt>, called from the
callback functions <tt>do_user_check()</tt> and
<tt>do_user_nickchange_after()</tt>, because there are several possible
ways of handling a match:</p>

<ul>
<li class="spaced">If the client is an IRC operator and the
        <tt>SQlineIgnoreOpers</tt> configuration option is enabled, then
        SQlines are not checked at all.  (The <tt><i>new_oper</i></tt>
        parameter is required because, when called from
        <tt>do_user_check()</tt>, the <tt>User</tt> record will not yet
        have been created.)</li>

<li class="spaced">If the SQline is for a guest nick, the client is left
        alone, though the SQline itself is sent to the network.</li>

<li class="spaced">If the <tt>SQlineKill</tt> configuration option is
        <i>not</i> set and the protocol in use supports forced nickname
        changing, the client's nickname is changed to a guest nickname, and
        the SQline is sent to the network.</li>

<li class="spaced">Otherwise, the client is killed, and the SQline is sent
        to the network.</li>
</ul>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s2-3">7-2-3. Session limiting</h4>

<p>The last method of client control, session limiting, is implemented by
the <tt>operserv/sessions</tt> module, defined in <tt>sessions.c</tt>.  The
module consists of two major parts: the actual session maintenance and
limiting code, and session exception mask management via the
<tt>EXCEPTION</tt> command.</p>

<p>The session maintenance functionality is contained within the
<tt>add_session()</tt> and <tt>del_session()</tt> routines, called from
callback functions when clients join or leave the network, respectively.
These routines keep track of each host with one or more clients on the
network by means of a hash table containing <tt>Session</tt> structures,
one per host.  When <tt>add_session</tt> is called, it looks up the
<tt>Session</tt> record for the new client's hostname, creating a new
record with a count of zero if no record for that host already exists, then
increments the host's client count by one; conversely,
<tt>del_session()</tt> decrements the host's client count, deleting the
<tt>Session</tt> structure when the count reaches zero.</p>

<p>The "limiting" part of session limiting is a check in
<tt>add_session()</tt> to determine whether the host has "too many"
clients on the network.  Here, "too many" is defined by either the limit
given in an exception record (see below) or the default limit given in the
<tt>DefSessionLimit</tt> configuration directive; if adding the new client
would cause the host's client count to exceed the relevant limit, then the
client is killed (any clients already connected are left alone).  An
autokill can also be added for thte host depending on the configuration
settings.</p>

<p>The module also provides a <tt>SESSION</tt> command to allow Services
operators to view the contents of the session list; this can be used to
find hosts from which a large number of clients are connecting.  The
<tt>SESSION</tt> command is available even if actual limiting of sessions
is disabled (by setting <tt>DefSessionLimit</tt> to zero).</p>

<p>The second part of the module, session exceptions, allows fine-tuning of
the default limit on client connections.  For example, it may be desirable
to allow extra connections from a particular host known to be used by IRC
operators.  Such exceptions to the default session limit are stored using
<tt>MaskData</tt> structures with the <tt>MD_EXCEPTION</tt> type; each
record is treated as a wildcard pattern against which a connecting client's
hostname is matched, and if a match is found, that limit is used instead of
the default, as described above.  If more than one matching session
exception exists, the first one in the list (from a user's point of view,
the one with the lowest index number) is used.</p>

<p>Session exceptions are maintained using the <tt>EXCEPTION</tt> command.
The processing for this command, in <tt>do_exception()</tt> and its
subroutines, is very similar to other mask-type commands like
<tt>AKILL</tt>; however, session exceptions require a limit value in
addition to the mask, and it was considered simpler to keep the handling
for <tt>EXCEPTION</tt> separate rather than modify
<tt>do_maskdata_cmd()</tt> to handle both command formats.  The
<tt>EXCEPTION</tt> command also includes a <tt>MOVE</tt> subcommand,
allowing one record to be moved relative to another within the list (so,
for example, a newly-added exception can be moved earlier in the list to
take precedence over other exceptions).</p>

<p>A careful look at the initialization code will show that the
"<tt>user check</tt>" callback function, <tt>check_sessions()</tt> (which
in turn calls <tt>add_session()</tt>), is added at a priority of -10.  This
is in order to ensure that the function is called after all other checks
have been performed, as described in <a href="4.html#s5-2">section
4-5-2</a> (and is a poor design choice for the reasons described there).</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s2-4">7-2-4. News</h4>

<p>The last OperServ submodule is the <tt>operserv/news</tt> module,
defined in <tt>news.c</tt> and <tt>news.h</tt>.  This is a fairly simple
module, containing routines to handle news item storage and implement the
<tt>LOGONNEWS</tt> and <tt>OPERNEWS</tt> commands.</p>

<p>News items are stored in a single variable-length array of
<tt>News</tt> structures, <tt>newslist</tt>.  The <tt>News</tt> structure
contains, aside from the text of the news item itself, the news type
(<tt>NEWS_LOGON</tt> or <tt>NEWS_OPER</tt>), an index number used when
deleting the item, the nickname of the client that added the item, and the
time the item was added.  As with <tt>MaskData</tt> structures,
<tt>next</tt> and <tt>prev</tt> fields are included only to mirror other
structures, and the array index is stored in the <tt>next</tt> field.</p>

<p>The two news commands, <tt>LOGONNEWS</tt> and <tt>OPERNEWS</tt>, share
the same code, <tt>do_news()</tt>; this routine is called by the actual
command handlers with one of the news type codes, either
<tt>NEWS_LOGON</tt> or <tt>NEWS_OPER</tt>, and accesses an array of
language string indices (<tt>msgarray[]</tt>) to return proper messages
for each command, similar to <tt>do_maskdata_cmd()</tt>.  Unlike most other
commands (but like the <tt>OPER</tt> and <tt>ADMIN</tt> commands in the
OperServ core), the news commands include a <tt>LIST</tt> command available
to all IRC operators, and other subcommands (<tt>ADD</tt> and <tt>DEL</tt>)
restricted to Services operators; thus, the command handler must perform
privilege checks on its own rather than specifying a privilege check
routine in the command table.</p>

<p class="backlink"><a href="#top">Back to top</a></p>

<!------------------------------------------------------------------------>
<hr/>

<h3 class="subsection-title" id="s3">7-3. NickServ</h3>

<p>NickServ is typically the first pseudoclient IRC users interact with.
It was also the first pseudoclient created during Services' initial design,
on which all other pseudoclients were based.  The current NickServ is
divided into a core module and four submodules implementing additional
features; each module is described in its own section below.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s3-1">7-3-1. NickServ core functionality</h4>

<p>The core NickServ functionality is implemented by the
<tt>nickserv/main</tt> module.  Alongside the primary module source file,
<tt>main.c</tt>, the module makes use of three additional source files:
<tt>collide.c</tt>, handling the disconnection or forced removal of clients
using unauthorized nicknames; <tt>set.c</tt>, implementing the <tt>SET</tt>
command and its subcommands; and <tt>util.c</tt>, containing various
utility routines used by NickServ.</p>

<p>NickServ makes use of two distinct header files.  One,
<tt>nickserv.h</tt>, defines the data structures used for storing nickname
information (<tt>NickInfo</tt> and <tt>NickGroupInfo</tt>, described below)
along with declarations of exported routines and macros used with nickname
records.  The other, <tt>ns-local.h</tt>, contains declarations of routines
used within NickServ, necessarily declared <tt>extern</tt> because they
reside in separate source files but not intended to be used outside the
NickServ modules.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s3-1-1">7-3-1-1. Nickname data structures and utility macros</h5>

<p>Two separate structures are used to store nickname data; this is to
facilitate the implementation of nickname links, as described in
<a href="#s3-4">section 7-3-4</a>.  One structure, <tt>NickInfo</tt>,
contains data that is distinct for each individual nickname; the other,
<tt>NickGroupInfo</tt>, contains data that is shared among each group of
linked nicknames.</p>

<p>The <tt>NickInfo</tt> structure includes the following data:</p>

<dl>
<dt><tt>NickInfo *<b>next</b>, *<b>prev</b></tt></dt>
    <dd>Used to link records together in the internal hash table.</dd>

<dt><tt>int <b>usecount</b></tt></dt>
    <dd>The record's usage count (number of gets minus number of puts).
        <i>(Implementation note:  As noted in <a href="#s1">section 7-1</a>,
        this field currently serves no actual purpose.)</i></dd>

<dt><tt>char <b>nick</b>[NICKMAX]</tt></dt>
    <dd>The actual nickname.  Capitalization is as used when the nickname
        was registered, and does not change due to later actions.  The
        buffer size, <tt>NICKMAX</tt>, is defined in the global header
        file <tt>defs.h</tt>.</dd>

<dt><tt>int16 <b>status</b></tt></dt>
    <dd>The nickname's status.  This is a combination of zero or more of
        the following flags:
        <ul>
        <li><b><tt>NS_VERBOTEN</tt>:</b> The nickname is a forbidden
                nickname set with the <tt>FORBID</tt> command.  ("Verboten"
                is German for "forbidden", but there is no particular
                meaning behind this choice other than a whim of the
                developer as he was writing the code.)</li>
        <li><b><tt>NS_NOEXPIRE</tt>:</b> The nickname is not to be expired
                regardless of how long it remains unused (<tt>SET
                NOEXPIRE</tt>).</li>
        <li><b><tt>NS_KILL_HELD</tt>:</b> The nickname is currently being
                held by an "enforcer" pseudoclient after killing (or
                changing the nickname of) a client that was using the
                nickname without permission.</li>
        <li><b><tt>NS_GUESTED</tt>:</b> An IRC message has been sent to
                change the nickname of the client using the nickname, but
                the nickname change has not yet occurred.</li>
        </ul>
        Of these flags, <tt>NS_VERBOTEN</tt> and <tt>NS_NOEXPIRE</tt> are
        "permanent" flags (collected in the <tt>NS_PERMANENT</tt> mask),
        which are retained across restarts of Services, while
        <tt>NS_KILL_HELD</tt> and <tt>NS_GUESTED</tt> are "temporary" flags
        (collected in the <tt>NS_TEMPORARY</tt> mask), which are cleared
        each time the database is loaded from persistent storage.  Note
        that the value 0x0001 (bit 0) is not used because it served a
        separate purpose in previous versions of Services.</dd>

<dt><tt>char *<b>last_usermask</b></tt></dt>
    <dd>The last <tt><i>user</i>@<i>host</i></tt> mask used by the owner
        of the nickname (<i>i.e.,</i> a client authorized to use the
        nickname).  If the owner is currently online, that client's
        <tt><i>user</i>@<i>host</i></tt> mask is used.  On IRC networks
        where a "fake hostname" is available, that hostname is used
        instead of the client's actual hostname.</dd>

<dt><tt>char *<b>last_realmask</b></tt></dt>
    <dd>Like <tt>last_usermask</tt>, but uses the real hostname instead of
        any "fake hostname".  On networks without such a fake hostname,
        this field is identical to <tt>last_usermask</tt>.</dd>

<dt><tt>char *<b>last_realname</b></tt></dt>
    <dd>The last "real name" string used by the owner of the nickname.</dd>

<dt><tt>char *<b>last_quit</b></tt></dt>
    <dd>The message used the last time the owner quit IRC.  <tt>NULL</tt>
        if not available, such as for newly-registered nicknames.</dd>

<dt><tt>time_t <b>time_registered</b></tt></dt>
    <dd>The timestamp when the nickname was registered.</dd>

<dt><tt>time_t <b>last_seen</b></tt></dt>
    <dd>The timestamp at which the owner most recently used the nickname.
        Only updated when the owner stops using the nickname; if the
        nickname is currently in use, this field should not be relied on.</dd>

<dt><tt>uint32 <b>nickgroup</b></tt></dt>
    <dd>The ID of the nickname group with which this nickname is associated
        (see below).</dd>

<dt><tt>uint32 <b>id_stamp</b></tt></dt>
    <dd>The servicestamp of the client that last identified for the
        nickname.  Used to retain identification status across Services
        restarts.</dd>

<dt><tt>User *<b>user</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  A pointer to the
        <tt>User</tt> structure for the client currently using the
        nickname, or <tt>NULL</tt> if the nickname is not currently in
        used.</dd>

<dt><tt>int16 <b>authstat</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  Zero or more of the
        following flags, indicating the nickname's authentication status:
        <ul>
        <li><b><tt>NA_IDENTIFIED</tt>:</b> The current user of the nickname
                has identified by password as the nickname's owner.
                Mutually exclusive with <tt>NA_IDENT_NOEMAIL</tt>.</li>
        <li><b><tt>NA_IDENT_NOMAIL</tt>:</b> The current user of the
                nickname has identified by password as the nickname's
                owner, but has not registered an E-mail address with the
                nickname when one is required.  Mutually exclusive with
                <tt>NA_IDENTIFIED</tt>.</li>
        <li><b><tt>NA_RECOGNIZED</tt>:</b> The current user of the nickname
                is recognized via the nickname access list (see
                <a href="#s3-2">section 7-3-2</a>).</li>
        </ul></dd>

<dt><tt>int <b>bad_passwords</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  The number of consecutive
        failed password identification attempts for the nickname.  Used to
        determine whether or not to kill a client for attempted password
        cracking.</dd>
</dl>

<p>The <tt>NickGroupInfo</tt> structure includes the following data:</p>

<dl>
<dt><tt>NickGroupInfo *<b>next</b>, *<b>prev</b></tt></dt>
    <dd>Used to link records together in the internal hash table.</dd>

<dt><tt>int <b>usecount</b></tt></dt>
    <dd>The record's usage count (number of gets minus number of puts).
        <i>(Implementation note:  As noted in <a href="#s1">section 7-1</a>,
        this field currently serves no actual purpose.)</i></dd>

<dt><tt>uint32 <b>id</b></tt></dt>
    <dd>The nickname group's ID, a unique 32-bit value.  Typically, this
        value is randomly assigned.  The value zero is not allowed (it is
        used in <tt>NickInfo</tt> records to indicate the lack of an
        associated nickname group, as for forbidden nicknames).</dd>

<dt><tt>nickname_t *<b>nicks</b></tt>
<br/><tt>uint16 <b>nicks_count</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  A variable-length array
        containing the nicknames associated with this nickname group.  Used
        for convenience, to avoid having to search through the nickname
        database every time a list of nicknames is needed.</dd>

<dt><tt>uint16 <b>mainnick</b></tt></dt>
    <dd>The "main nickname" for the group, used to represent the nickname
        group in things such as channel access lists.  Specified as an
        index into the <tt>nicks[]</tt> array.</dd>

<dt><tt>Password <b>pass</b></tt></dt>
    <dd>The password used for identification for the nickname group.</dd>

<dt><tt>char *<b>url</b></tt></dt>
    <dd>A URL associated with the nickname group.  Can be arbitrarily set
        by the owner.</dd>

<dt><tt>char *<b>email</b></tt></dt>
    <dd>An E-mail address associated with the nickname group.  Can be
        arbitrarily set by the owner, and may be required at registration
        time by setting the <tt>NSRequireEmail</tt> configuration option.</dd>

<dt><tt>char *<b>last_email</b></tt></dt>
    <dd>When mail-based authentication (see <a href="#s3-5">section
        7-3-5</a>) is in use, this field is set to the previous contents
        of the <tt>email</tt> field when the owner changes the E-mail
        address, and is cleared when the new address is authenticated; this
        allows the <tt>RESTOREMAIL</tt> command to function.</dd>

<dt><tt>char *<b>info</b></tt></dt>
    <dd>A free-form text string associated with the nickname group.  Can be
        arbitrarily set by the owner.</dd>

<dt><tt>int32 <b>flags</b></tt></dt>
    <dd>A bitmask containing zero or more of the following nickname group
        flags:
        <ul>
        <li><b><tt>NF_KILLPROTECT</tt>:</b> NickServ should prevent other
                clients from using the nickname by either killing them or
                changing their nicknames, depending on the IRC protocol in
                use (<tt>SET KILL ON/QUICK/IMMED</tt>).</li>
        <li><b><tt>NF_SECURE</tt>:</b> NickServ should require password
                identification for the nickname even if the client is on
                the nickname's access list (<tt>SET SECURE</tt>).</li>
        <li><b><tt>NF_MEMO_HARDMAX</tt>:</b> The client is not permitted to
                change the nickname's memo limit (MemoServ <tt>SET LIMIT
                HARD</tt>).</li>
        <li><b><tt>NF_MEMO_SIGNON</tt>:</b> MemoServ should inform the
                client of new memos at signon (MemoServ <tt>SET NOTIFY
                ON/LOGON</tt>).</li>
        <li><b><tt>NF_MEMO_RECEIVE</tt>:</b> MemoServ should inform the
                client of new memos when they are sent (MemoServ <tt>SET
                NOTIFY ON/NEW</tt>).</li>
        <li><b><tt>NF_PRIVATE</tt>:</b> The nickname is hidden from the
                <tt>LIST</tt> and <tt>LISTEMAIL</tt> command output, except
                when used by Services administrators (<tt>SET
                PRIVATE</tt>).</li>
        <li><b><tt>NF_HIDE_EMAIL</tt>:</b> The nickname's E-mail address is
                hidden from the <tt>INFO</tt> and <tt>LISTEMAIL</tt>
                command output, except when used by Services administrators
                (<tt>SET HIDE EMAIL</tt>).</li>
        <li><b><tt>NF_HIDE_MASK</tt>:</b> The nickname's
                <tt><i>user</i>@<i>host</i></tt> mask is hidden from the
                <tt>INFO</tt> and <tt>LIST</tt> command output, except when
                used by Services administrators (<tt>SET HIDE
                USERMASK</tt>).</li>
        <li><b><tt>NF_HIDE_QUIT</tt>:</b> The nickname's last quit message
                is hidden from the <tt>INFO</tt> command output, except
                when used by Services administrators (<tt>SET HIDE
                QUIT</tt>).</li>
        <li><b><tt>NF_KILL_QUICK</tt>:</b> NickServ should allow only 20
                seconds instead of 60 for an unauthorized client to change
                nickname (<tt>SET KILL QUICK/IMMED</tt>).</li>
        <li><b><tt>NF_KILL_IMMED</tt>:</b> NickServ should kill or
                nickchange unauthorized clients immediately with no grace
                period (<tt>SET KILL IMMED</tt>).</li>
        <li><b><tt>NF_MEMO_FWD</tt>:</b> MemoServ should forward received
                memos to the nickname's E-mail address (MemoServ <tt>SET
                FORWARD ON/COPY</tt>).</li>
        <li><b><tt>NF_MEMO_FWDCOPY</tt>:</b> MemoServ should save copies of
                forwarded memos (MemoServ <tt>SET FORWARD COPY</tt>).</li>
        <li><b><tt>NF_SUSPENDED</tt>:</b> The nickname group is suspended
                (<tt>SUSPEND</tt>).</li>
        <li><b><tt>NF_NOOP</tt>:</b> ChanServ should prevent the nickname
                from being added to channel access lists (<tt>SET
                NOOP</tt>).</li>
        </ul>
        Note that the value 0x00000004 (bit 2) is not included in the above
        flags because it served a separate purpose in previous versions of
        Services.  Instead, this value is used as a temporary flag
        (<tt>NF_NOGROUP</tt>) when loading databases from earlier versions
        of Services, to indicate that a nickname group does not yet have an
        ID value assigned.</dd>

<dt><tt>int16 <b>os_priv</b></tt></dt>
    <dd>The nickname group's privilege level with respect to OperServ.
        Can be any value, but typically either zero (no special
        privileges) or one of the following values:
        <ul>
        <li><b><tt>NP_SERVOPER</tt>:</b> Services operator privilege.</li>
        <li><b><tt>NP_SERVADMIN</tt>:</b> Services administrator
                privilege.</li>
        </ul>
        Other values are treated by the OperServ privilege checking code
        (see <a href="#s2-1">section 7-2-1</a>) as having the next lowest
        recognized value.</dd>

<dt><tt>int32 <b>authcode</b></tt></dt>
    <dd>The authentication code set for the nickname group, or zero if no
        code is set.  See <a href="#s3-5">section 7-3-5</a>.</dd>

<dt><tt>time_t <b>authset</b></tt></dt>
    <dd>The timestamp when the nickname group's authentication code was
        set (meaningless if no code is set).</dd>

<dt><tt>int16 <b>authreason</b></tt></dt>
    <dd>The reason the nickname group's current authentication code was
        set (meaningless if no code is set).  One of the following
        constants:
        <ul>
        <li><b><tt>NICKAUTH_REGISTER</tt>:</b> The nickname was newly
                registered, and the E-mail address provided in the
                <tt>REGISTER</tt> command requires authentication.</li>
        <li><b><tt>NICKAUTH_SET_EMAIL</tt>:</b> The nickname group's
                E-mail address was changed with the <tt>SET EMAIL</tt>
                command, and the new address requires authentication.</li>
        <li><b><tt>NICKAUTH_SETAUTH</tt>:</b> Authentication is required as
                the result of a Services administrator using the
                <tt>SETAUTH</tt> command.</li>
        <li><b><tt>NICKAUTH_REAUTH</tt>:</b> Authentication is required as
                the result of the nickname owner using the <tt>REAUTH</tt>
                command.</li>
        </ul></dd>

<dt><tt>char <b>suspend_who</b>[NICKMAX]</tt></dt>
    <dd>The nickname of the client that suspended the nickname group
        (meaningless if the <tt>NF_SUSPENDED</tt> flag is not set).</dd>

<dt><tt>char *<b>suspend_reason</b></tt></dt>
    <dd>The reason the nickname group was suspended (meaningless if the
        <tt>NF_SUSPENDED</tt> flag is not set).</dd>

<dt><tt>time_t <b>suspend_time</b></tt></dt>
    <dd>The timestamp when the nickname group was suspended (meaningless if
        the <tt>NF_SUSPENDED</tt> flag is not set).</dd>

<dt><tt>time_t <b>suspend_expires</b></tt></dt>
    <dd>The timestamp at which the nickname group's suspension expires
        (meaningless if the <tt>NF_SUSPENDED</tt> flag is not set).</dd>

<dt><tt>int16 <b>language</b></tt></dt>
    <dd>The language preferred for messages sent to the nickname group.
        One of the <tt>LANG_*</tt> constants in the Services core's
        <tt>language.h</tt>.</dd>

<dt><tt>int16 <b>timezone</b></tt></dt>
    <dd>The time zone offset specified by the nickname group's owner for
        use in displaying times.  A number of minutes (possibly negative)
        to be added to the UTC timestamps, or <tt>TIMEZONE_DEFAULT</tt> to
        use the Services process' default.</dd>

<dt><tt>int16 <b>channelmax</b></tt></dt>
    <dd>The maximum number of channels the nickname group is allowed to
        register, <tt>CHANMAX_UNLIMITED</tt> for no limit, or
        <tt>CHANMAX_DEFAULT</tt> for the default limit (set by the
        ChanServ <tt>CSMaxReg</tt> configuration setting).</dd>

<dt><tt>char **<b>access</b></tt>
<br/><tt>int <b>access_count</b></tt></dt>
    <dd>The nickname group's access list (see <a href="#s3-2">section
        7-3-2</a>).</dd>

<dt><tt>char **<b>ajoin</b></tt>
<br/><tt>int <b>ajoin_count</b></tt></dt>
    <dd>The nickname group's auto-join list (see <a href="#s3-3">section
        7-3-3</a>).</dd>

<dt><tt>char **<b>ignore</b></tt>
<br/><tt>int <b>ignore_count</b></tt></dt>
    <dd>The nickname group's memo ignore list (see <a href="#s5-2">section
        7-5-2</a>).</dd>

<dt><tt>MemoInfo <b>memos</b></tt></dt>
    <dd>The nickname group's stored memos (see <a href="#s5-1">section
        7-5-1</a>).</dd>

<dt><tt>channame_t *<b>channels</b></tt>
<br/><tt>int <b>channels_count</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  The names of the channels
        currently registered by this nickname group.</dd>

<dt><tt>User **<b>id_users</b></tt>
<br/><tt>int <b>id_users_count</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  Pointers to <tt>User</tt>
        structures for clients which have identified for this nickname
        group.</dd>

<dt><tt>time_t <b>last_sendauth</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  The timestamp when the
        <tt>SENDAUTH</tt> command was last used for this nickname group
        (see <a href="#s3-5">section 7-3-5</a>).</dd>

<dt><tt>int <b>bad_auths</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  The number of times the
        <tt>AUTH</tt> command has been used with a bad authentication code
        for this nickname group (see <a href="#s3-5">section 7-3-5</a>).</dd>
</dl>

<p>In addition, <tt>nickserv.h</tt> declares the following convenience
functions and macros:</p>

<dl>
<dt><tt>int <b>nick_recognized</b>(const NickInfo *<i>ni</i>)</tt>
<br/><tt>int <b>user_recognized</b>(const User *<i>u</i>)</tt></dt>
    <dd>Returns whether the given client is recognized via an access list
        entry, regardless of whether the client has identified for the
        nickname group or not.  The client can be specified by either
        <tt>NickInfo</tt> or <tt>User</tt> structure.  (Nickname
        authorization flags are always cleared when a client disconnects
        from the network, so the <tt>NickInfo</tt> form will always return
        false if used on a nickname not currently in use.)</dd>

<dt><tt>int <b>nick_identified</b>(const NickInfo *<i>ni</i>)</tt>
<br/><tt>int <b>user_identified</b>(const User *<i>u</i>)</tt></dt>
    <dd>Returns whether the given client has identified for its nickname.
        The client can be specified by either <tt>NickInfo</tt> or
        <tt>User</tt> structure.</dd>

<dt><tt>int <b>nick_id_or_rec</b>(const NickInfo *<i>ni</i>)</tt>
<br/><tt>int <b>user_id_or_rec</b>(const User *<i>u</i>)</tt></dt>
    <dd>Returns whether the given client is recognized via access list or
        has identified for its nickname (or both).  The client can be
        specified by either <tt>NickInfo</tt> or <tt>User</tt> structure.</dd>

<dt><tt>int <b>nick_ident_nomail</b>(const NickInfo *<i>ni</i>)</tt>
<br/><tt>int <b>user_ident_nomail</b>(const User *<i>u</i>)</tt></dt>
    <dd>Returns whether the <tt>NA_IDENT_NOMAIL</tt> flag is set for the
        given client; <i>i.e.,</i> evaluates to true when has identified
        for its nickname but the nickname lacks a required E-mail address.
        The client can be specified by either <tt>NickInfo</tt> or
        <tt>User</tt> structure.</dd>

<dt><tt>int <b>ngi_unauthed</b>(const NickGroupInfo *<i>ngi</i>)</tt></dt>
    <dd>Returns whether the given nickname group (more accurately, the
        nickname group's E-mail address) is unauthenticated.  Note that use
        of the <tt>REAUTH</tt> command does not cause the nickname group to
        lose its authenticated status.</dd>

<dt><tt>int <b>valid_ngi</b>(const NickGroupInfo *<i>ngi</i>)</tt></dt>
    <dd>Returns whether the given <tt>NickGroupInfo</tt> structure pointer
        is valid; <i>i.e.,</i> evaluates to true when <tt><i>ngi</i></tt>
        is neither <tt>NULL</tt> nor <tt>NICKGROUPINFO_INVALID</tt>.  (The
        latter value is used in <tt>User</tt> structures to indicate that
        the client has an associated <tt>NickInfo</tt> structure but no
        <tt>NickGroupInfo</tt> structure, as is the case for forbidden
        nicknames.)</dd>

<dt><tt>const char *<b>ngi_mainnick</b>(const NickGroupInfo *<i>ngi</i>)</tt></dt>
    <dd>Returns the given nickname group's main nickname.</dd>

<dt><tt>NickGroupInfo *<b>get_ngi</b>(const NickInfo *<i>ni</i>)</tt>
<br/><tt>NickGroupInfo *<b>get_ngi_id</b>(uint32 <i>id</i>)</tt></dt>
    <dd>Retrieves the <tt>NickGroupInfo</tt> record corresponding to the
        given <tt>NickInfo</tt> or ID value; if there is no corresponding
        record, a warning message is logged and <tt>NULL</tt> is returned.
        (Like any other database "get" routine, the structure must be "put"
        with <tt>put_nickgroupinfo()</tt> when no longer needed.)</dd>

<dt><tt>int <b>check_ngi</b>(const NickInfo *<i>ni</i>)</tt>
<br/><tt>int <b>check_ngi_id</b>(uint32 <i>id</i>)</tt></dt>
    <dd>Returns whether there is a corresponding <tt>NickGroupInfo</tt>
        record for the given <tt>NickInfo</tt> or ID value, logging a
        warning message if not.  (The
        <tt>put_<i>xxx</i>(get_<i>xxx</i>(...))</tt> is a common way of
        checking for the existence of a record, since the
        <tt>put_<i>xxx</i>()</tt> explicitly allow a <tt>NULL</tt>
        parameter.)</dd>
</dl>

<p>The <tt>STANDALONE_NICKSERV</tt> define and (non-macro) utility
functions are discussed in <a href="#s3-1-4">section 7-3-1-4</a>.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s3-1-2">7-3-1-2. Overall module structure</h5>

<p>The overall structure of the NickServ module generally follows the same
pattern as the OperServ module: variable and command declarations, database
handling, <tt>PRIVMSG</tt> and other callbacks, and command routines.</p>

<p>The <tt>nickserv/main</tt> module uses two separate databases, one for
<tt>NickInfo</tt> records and one for <tt>NickGroupInfo</tt> records.  The
database handling code is more or less straightforward, using <tt>hash.h</tt>
to maintain the in-memory tables; however, since most of the record
management routines take additional actions (for example, the "add" and
"get" functions update the record's use count), the base hash functions are
defined with a trailing underscore, like <tt>add_nickinfo_()</tt>, and the
actual functions (like <tt>add_nickinfo()</tt>) are wrapped around these.
NickServ exports all of the <tt>NickInfo</tt> and <tt>NickGroupInfo</tt>
database functions, as well as a "put" function for each record type.</p>

<p>When saving the databases to persistent storage, the <tt>nicks[]</tt>
array and <tt>mainnick</tt> field of <tt>NickGroupInfo</tt> records are not
saved directly; rather, the main nickname itself is saved as a
<tt>NICKMAX</tt>-sized buffer, and the nickname group is initialized with
this nickname when first loaded (the array is subsequently filled in when
the relevant <tt>NickInfo</tt> records are loaded).</p>

<p>NickServ keeps track of clients' status using callback functions for
new clients, clients changing nickname, and disconnecting clients.  The
routines that do the actual processing, <tt>validate_user()</tt> (for a
client starting to use a nickname) and <tt>cancel_user()</tt> (for a client
no longer using a nickname), are located in <tt>util.c</tt>, discussed in
<a href="#s3-1-4">section 7-3-1-4</a>.</p>

<p>The NickServ commands themselves tend to be fairly complex, especially
when compared to the OperServ command handlers.  This is in part due to the
wide range of features available in NickServ, and in part due to the fact
that NickServ and its system of registered nicknames are the primary way by
which clients authenticate themselves, and as such must handle a variety of
circumstances to maintain security, while other pseudoclients simply rely
on the authorization flags set by NickServ.  The following command handlers
are particularly worthy of note:</p>

<dl>
<dt><b><tt>do_help()</tt></b></dt>
    <dd>NickServ's commands include a number whose help text changes based
        on factors such as the requesting client's IRC operator status,
        features available in the IRC protocol in use, and NickServ
        configuration settings.  The code to handle help requests is
        accordingly complex, with many commands unable to rely on the
        <tt>help_cmd()</tt> routine.</dd>

<dt><b><tt>do_register()</tt></b></dt>
    <dd>Just as NickServ is the gateway to the rest of Services' functions,
        the <tt>REGISTER</tt> command is the gateway to NickServ, providing
        one of the two methods by which a client can gain access to
        Services (the other being authentication to a previously registered
        nickname).  The <tt>REGISTER</tt> handler must therefore be
        particularly careful to guard against abuse, both to prevent
        improper access to other Services commands and to prevent the
        <tt>REGISTER</tt> command itself from being abused by arbitrary
        clients.  The command handler takes the following precautions
        before allowing a nickname to be registered:
        <ul>
        <li class="spaced">Prevents the command from being used by any
                particular client more than once every <tt>NSRegDelay</tt>
                seconds.  This stops mass-registration of nicknames by
                automated clients, avoiding both the accompanying load on
                Services itself (more memory usage, more time spent looking
                up nicknames) and any undesirable side effects, such as the
                sending of automated E-mail to arbitrary address when mail
                authentication is in use (see <a href="#s3-5">section
                7-3-5</a>).</li>
        <li class="spaced">Prevents the command from being used by a client
                within <tt>NSInitialRegDelay</tt> seconds of connecting to
                the network.  This prevents automated clients from getting
                around the <tt>NSRegDelay</tt> limitation by repeatedly
                connecting, issuing a <tt>REGISTER</tt> command, and
                disconnecting in rapid succession.  (It is still possible
                to avoid the limitation by connecting a large number of
                clients at once, but as a practical matter it is impossible
                for NickServ to distinguish such attempts from ordinary
                registration requests, and the sudden presence of a large
                number of clients on the network should itself be an
                indication of trouble.)</li>
        <li class="spaced">Prevents "guest" nicknames from being
                registered, which could result in unauthenticated clients
                suddenly gaining Services access after a forced nickname
                change.  (The check itself is performed by the
                <tt>do_reglink_check()</tt> earlier in <tt>main.c</tt>,
                a callback function attached to the "<tt>REGISTER/LINK
                check</tt>" callback; <tt>do_register()</tt> calls this
                callback via the <tt>reglink_check()</tt> function in
                <tt>util.c</tt>.)</li>
        <li class="spaced">Ensures that the nickname is not already
                registered.  Ordinarily, if a nickname is registered then
                the client's <tt>User</tt> structure will have a pointer to
                the record in its <tt>ni</tt> field, but if the nickname is
                missing a corresponding nickname group (a database error
                unless the nickname is forbidden), the <tt>ni</tt> field
                will be <tt>NULL</tt> and the <tt>ngi</tt> field will be
                set to the constant <tt>NICKGROUPINFO_INVALID</tt>, so that
                combination is checked for as well.  Also, just in case,
                <tt>do_register()</tt> performs a final check by accessing
                the database directly, to ensure that the nickname is not
                registered in duplicate.</li>
        <li class="spaced">Checks that the E-mail address, if given, is (1)
                syntactically valid and (2) not disallowed due to a
                <tt>RejectEmail</tt> configuration directive.</li>
        <li class="spaced">Prevents more than <tt>NSRegEmailMax</tt>
                nicknames from being registered to the same address, again
                to avoid undue load on Services from a registration flood.
                This check calls <tt>count_nicks_with_email()</tt> to
                actually count nicknames; this routine has to search the
                entire nickname database, which can take a significant
                amount of time if many nicknames are registered, so this
                check is performed last.</li>
        <li class="spaced">As an adjunct to the previous check (and
                regardless of the setting of <tt>NSRegEmailMax</tt>), also
                prevents a nickname from being registered if the E-mail
                address given is already in use by another nickname which
                is awaiting mail authentication; this acts as a further
                guard to prevent a particular mail address from getting
                "mailbombed" by multiple registration requests that make it
                through the previous checks.</li>
        </ul></dd>

<dt><b><tt>do_dropemail()</tt></b>
<br/><b><tt>do_dropemail_confirm()</tt></b></dt>
    <dd>The <tt>DROPEMAIL</tt> and <tt>DROPEMAIL-CONFIRM</tt> commands are
        the only two commands in Services that require state to be kept
        specifically for those commands.  Due to the potential for data
        loss through an erroneous <tt>DROPEMAIL</tt> command, some form of
        confirmation was desired, such as an "Are you sure?" requester in
        response to a user deleting a file in a GUI.  Since Services'
        interface is limited to single-line commands, however, this can
        only be accomplished through two commands, the second of which
        (<tt>DROPEMAIL-CONFIRM</tt>) serves to confirm the action requested
        by the first (<tt>DROPEMAIL</tt>).  In order for this to be
        effective, the <tt>DROPEMAIL-CONFIRM</tt> handler must know which
        commands have been sent by whom, so that clients cannot send
        arbitrary <tt>DROPEMAIL-CONFIRM</tt> commands to get around the
        confirmation check.  This is accomplished through the file-local
        <tt>dropemail_buffer[]</tt> array, which holds the most recently
        issued, unconfirmed <tt>DROPEMAIL</tt> commands.  (A single state
        record stored in the <tt>User</tt> structure was another
        possibility, but one that was discarded to avoid bloat in that
        structure, particularly since the vast majority of clients would
        never use the command anyway.)  When a valid <tt>DROPEMAIL</tt>
        command is given, the client is told the number of nicknames that
        would be deleted, and the given mask is stored in the buffer array,
        with the oldest unconfirmed mask removed if no slots are empty.  A
        <tt>DROPEMAIL-CONFIRM</tt> for the same mask will then locate the
        appropriate buffer slot, ensure that the same client sent both
        commands and that the elapsed time between the two commands is not
        too long (as defined by the <tt>NSDropEmailExpire</tt> option), and
        performs the actual nickname deletion.</dd>

<dt><tt><b>do_info()</b></tt></dt>
    <dd>The <tt>INFO</tt> command has the ability to show extended
        information about a nickname with the option <tt>ALL</tt> (only
        available to the nickname owner or Services administrators).
        However, not all nicknames have any additional information to be
        displayed.  To prevent the "use <tt>ALL</tt> for more information"
        message from being appended if there is not actually anything else
        to show, the <tt>INFO</tt> command handler uses a method inspired
        by super-user privilege checks in the Linux kernel, which keeps
        track of whether a process has taken advantage of those privileges.
        When the macro <tt>CHECK_SHOW_ALL</tt> is included in a conditional
        test, it will evaluate to true when the <tt>ALL</tt> option is
        present (and the client has permission to use it), but a separate
        flag variable, <tt>used_all</tt>, will also be set regardless of
        the presence of <tt>ALL</tt>; the routine can then determine
        whether there were any items that would have been displayed if
        <tt>ALL</tt> was given.  As noted in the source code comments, the
        macro should be the last test in any conditional expression which
        uses it, to prevent <tt>used_all</tt> from being set for an item
        that will not actually be displayed due to a subsequent test.</dd>

<dt><tt><b>do_set()</b></tt>
<br/><tt><b>do_unset()</b></tt></dt>
    <dd>As the <tt>SET</tt> and <tt>UNSET</tt> commands (<tt>SET</tt> in
        particular) have a large number of options, they are defined in a
        separate source file, <tt>set.c</tt>.  See
        <a href="#s3-1-3">section 7-3-1-3</a> for details.</dd>
</dl> 

<p>NickServ also includes a debug command enabled by the
<tt>DEBUG_COMMANDS</tt> preprocessor symbol: <tt>LISTNICK</tt>, which
displays the <tt>NickInfo</tt> and (if present) <tt>NickGroupInfo</tt> data
for a given nickname.</p>

<p>In addition to the ordinary module setup code, the
<tt>nickserv/main</tt> module supports two command-line options.  One,
<tt>-encrypt-all</tt>, is recognized by the Services core; NickServ's
<tt>init_module()</tt> routine checks the corresponding global flag,
<tt>encrypt_all</tt> and, if it is set, encrypts all nicknames using the
encryption type specified by the core's <tt>EncryptionType</tt> setting.
The other option, <tt>-clear-nick-email</tt>, is NickServ-specific, and is
handled by <tt>do_command_line()</tt>, a callback function for the core's
"<tt>command line</tt>" callback; when the option is encountered, the
callback function clears the E-mail address from all nickname groups.</p>

<p>As several messages used by NickServ can change based on configuration
options or the features available in the IRC server, the initialization and
cleanup code (as well as the reconfiguration handler,
<tt>do_reconfigure()</tt>) call <tt>mapstring()</tt> to adjust the messages
appropriately.  The commands <tt>REGISTER</tt>,
<tt>DROPEMAIL</tt>/<tt>DROPEMAIL-CONFIRM</tt>, and <tt>GETPASS</tt> can
also be disabled by configuration options; the commands are disabled by
setting the <tt>name</tt> field of the corresponding <tt>Command</tt>
structure to the empty string, so that it will not be found when the
command table is searched.  Pointers to the structures are saved in
file-local variables so that the names can be restored at reconfiguration
or module cleanup time.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s3-1-3">7-3-1-3. The <tt>SET</tt> and <tt>UNSET</tt> commands</h5>

<p>The handlers for the <tt>SET</tt> and <tt>UNSET</tt> commands,
<tt>do_set()</tt> and <tt>do_unset()</tt> in <tt>set.c</tt>, work much like
miniature versions of the top-level NickServ message handler
<tt>nickserv()</tt>, in that they check which option name was used with the
command and call an appropriate subroutine to do the actual work.  However,
the <tt>do_set()</tt> routine parses the option parameters itself, rather
than leave such parsing to the individual routines (<tt>UNSET</tt> does not
take any additional parameters, so no such parsing is needed); for this
reason, the setup code in <tt>do_set()</tt> is more complex than that in
<tt>nickserv()</tt>, since the <tt>INFO</tt> option treats the entire line
as a single parameter, <tt>HIDE</tt> takes two single-word parameters
separated by a space, and the other options take a single one-word
parameter.</p>

<p>Additionally, both <tt>SET</tt> and <tt>UNSET</tt> can be used by
Services administrators to set options for other users' nicknames.  For
this reason, the individual option-setting routines take both a
<tt>User&nbsp;*</tt> and a <tt>NickInfo&nbsp;*</tt> parameter, where the
<tt>NickInfo&nbsp;*</tt> parameter is the nickname whose options are to be
changed (if the client giving the command is not a Services administrator
or does not give a target nickname, this will simply be equal to the
<tt>ni</tt> field of the <tt>User</tt> structure).  <i>Implementation note:
This raises an interesting problem&mdash;how does an option's handler
routine tell the difference between <tt>SET <i>option</i></tt>, <tt>SET
!MyNick <i>option</i></tt>, and <tt>SET !OtherNick <i>option</i></tt> when
sending result messages?  The simple answer is that it doesn't: all option
handlers use the "your nick" message style, as mentioned in
<a href="../d.html">Appendix D of the user's manual</a>.  If implemented,
it would probably be reasonable to ignore the distinction between the
<tt>SET <i>option</i></tt> and <tt>SET !MyNick <i>option</i></tt> cases,
and simply judge which message to use by comparing the <tt>NickInfo</tt>
parameter with the <tt>ni</tt> field of the client's <tt>User</tt>
structure.</i></p>

<p>The option handlers themselves are simple for the most part, checking
the option value given and setting or clearing the relevant flag or field
in the <tt>NickInfo</tt> structure or its associated <tt>NickGroupInfo</tt>
structure.  Routines which deserve special mention are:</p>

<dl>
<dt><b><tt>do_set_password()</tt></b></dt>
    <dd>The password setting itself is straightforward (note that the
        memory containing the cleartext password and the temporary copy of
        the encrypted password is cleared as soon as it is no longer
        needed); however, the routine first checks the
        <tt>NSSecureAdmins</tt> option, and disallows the change if the
        target is a (different) Services administrator and the command
        sender is not the Services super-user.</dd>

<dt><b><tt>do_set_email()</tt></b></dt>
    <dd>This routine makes several checks mostly related to mail
        authentication before allowing the E-mail address to be changed:
        <ul>
        <li>The address must be a valid E-mail address.</li>
        <li>The address must not be rejected by a <tt>RejectEmail</tt>
                configuration directive.</li>
        <li>The address must not be in use by a nickname awaiting mail
                authentication (as with <tt>REGISTER</tt>).</li>
        <li>The number of nicknames currently using the address must be
                less than <tt>NSRegEmailMax</tt>, if set.  (Note that if
                the current nickname's group contains other linked
                nicknames, the E-mail address change can cause the nickname
                total to exceed <tt>NSRegEmailMax</tt>.  This is not seen as
                a significant problem, and it avoids the opposite problem in
                which a user who somehow exceeded the limit would no longer
                be able to change their E-mail address at all.)</li>
        <li>The time since the last successful <tt>SET EMAIL</tt> must be
                at least <tt>NSSetEmailDelay</tt> seconds, if set.</li>
        </ul>
        If the above checks all pass, the change is performed, and if the
        client used to have the <tt>NA_IDENT_NOMAIL</tt> status and an
        E-mail address was set, the status is changed to
        <tt>NA_IDENTIFIED</tt>.  The routine also features its own
        callback, "<tt>SET EMAIL</tt>", used by the mail authentication
        code.  Note that this routine does <i>not</i> check the
        <tt>NSRequireEmail</tt> configuration option, and assumes that if
        it is passed a <tt>NULL</tt> value, indicating that the address
        should be unset, then that is valid.  (In fact, <tt>do_unset()</tt>
        checks <tt>NSRequireEmail</tt> before calling
        <tt>do_set_email()</tt>.)</dd>

<dt><b><tt>do_set_timezone()</tt></b></dt>
    <dd><tt>SET TIMEZONE</tt> allows the time zone to be specified as
        either a literal time offset (-5, +6:30, etc.) or a time zone
        name.  Time zone names (other than "GMT+/-<i>n</i>" and
        "UTC+/-<i>n</i>", which are treated as literal offsets) are parsed
        using the <tt>timezones[]</tt> table defined just above the
        <tt>do_set_timezone()</tt> routine itself, which (hopefully)
        includes most common time zones; the table can of course be
        modified to include other time zones as particular networks
        desire.  Once the the time zone has been set, a message is sent to
        the calling client giving the current time in the resulting time
        zone; however, this is tricky if the calling client is a Services
        administrator changing the setting for another nickname, because
        <tt>strftime_lang()</tt> always uses the time zone setting of the
        nickname used to select the language.  To get around this, the
        routine determines the difference between the calling nickname's
        time zone and the target nickname's time zone, adjusting the
        timestamp passed to <tt>strftime_lang()</tt> by that amount
        (multiplied by 60, since the <tt>timezone</tt> field is specified
        in minutes).  Incidentally, support for "daylight saving time"
        as used in some countries was deliberately omitted, partly due to
        the difficulty of supporting the various systems used in different
        countries, and partly because the details of such systems are
        highly dependent upon each country's political landscape and can
        change at any time (witness the abrupt extension to DST proposed,
        and eventually implemented, in the United States of America in
        2006).</dd>
</dl>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s3-1-4">7-3-1-4. NickServ utility routines</h5>

<p>Most of the utility routines used by NickServ are collected in the file
<tt>util.c</tt>.  This file has two functions: aside from providing utility
functions to NickServ itself (several of which are exported for use by
other modules), it can also be <tt>#include</tt>'d in an external source
file to provide definitions of the four routines <tt>new_nickinfo()</tt>,
<tt>free_nickinfo()</tt>, <tt>new_nickgroupinfo()</tt>, and
<tt>free_nickgroupinfo()</tt>, so that such files do not have to define
similar routines themselves.  This latter mode is activated by defining
the <tt>STANDALONE_NICKSERV</tt> preprocessor symbol, as documented in the
comments at the top of <tt>util.c</tt>.  In this case, only the four
routines mentioned above are defined, with the rest of the file commented
out using <tt>#ifndef</tt>; additionally, the <tt>new_nickgroupinfo()</tt>
routine does not check for the presence of the nickname group IDs it
generates, as it cannot assume that <tt>get_nickgroupinfo()</tt> is
available.</p>

<p>With respect to its primary use as part of NickServ, <tt>util.c</tt>
defines the following routines:</p>

<dl>
<dt><tt>NickInfo *<b>new_nickinfo</b>()</tt></dt>
    <dd>Returns a pointer to a newly-allocated and initialized
        <tt>NickInfo</tt> structure.  (For creating a new record in the
        database, <tt>makenick()</tt> is preferred; see below.)</dd>

<dt><tt>void <b>free_nickinfo</b>(NickInfo *<i>ni</i>)</tt></dt>
    <dd>Frees the given <tt>NickInfo</tt> structure and all associated
        data.  (See <tt>delnick()</tt> below for removing a nickname
        record from the database.)</dd>

<dt><tt>NickGroupInfo *<b>new_nickgroupinfo</b>(const char *<i>seed</i>)</tt></dt>
    <dd>Returns a pointer to a newly-allocated and initialized
        <tt>NickGroupInfo</tt> structure.  If <tt><i>seed</i></tt> is not
        <tt>NULL</tt>, then it is used to generate an initial ID value for
        the nickname group; if that ID value is used, new values are
        randomly generated until an unused one is found.  (If the code
        loops <tt>NEWNICKGROUP_TRIES</tt> times without finding an unused
        value, an error is returned; assuming a good random number
        generator, the default value of 1000 should ensure success on
        typical databases.  <tt>NEWNICKGROUP_TRIES</tt> is defined in
        <tt>ns-local.h</tt>.)  If <tt><i>seed</i></tt> is <tt>NULL</tt>,
        then the new nickname group's ID is left at zero.</dd>

<dt><tt>void <b>free_nickgroupinfo</b>(NickGroupInfo *<i>ngi</i>)</tt></dt>
    <dd>Frees the given <tt>NickGroupInfo</tt> structure and all associated
        data.  (See <tt>delgroup()</tt> below for removing a nickname group
        and all its nicknames from the database.)</dd>

<dt><tt>NickGroupInfo *<b>_get_ngi</b>(NickInfo *<i>ni</i>,
        const char *<i>file</i>, int <i>line</i>)</tt>
<br/><tt>NickGroupInfo *<b>_get_ngi_id</b>(uint32 <i>id</i>,
        const char *<i>file</i>, int <i>line</i>)</tt></dt>
    <dd>Implement the <tt>get_ngi()</tt> and <tt>get_ngi_id()</tt> macros,
        respectively.  <tt><i>file</i></tt> and <tt><i>line</i></tt> are
        the source file and line from which the function was called, and
        are filled in by the corresponding macro with <tt>__FILE__</tt> and
        <tt>__LINE__</tt>.</dd>

<dt><tt>int <b>has_identified_nick</b>(const User *<i>u</i>, uint32 <i>group</i>)</tt></dt>
    <dd>Returns whether the given client has identified for the nickname
        group indicated by <tt><i>group</i></tt>.</dd>

<dt><tt>int <b>reglink_check</b>(User *<i>u</i>, const char *<i>nick</i>,
        char *<i>password</i>, char *<i>email</i>)</tt></dt>
    <dd>Calls the "<tt>REGISTER/LINK check</tt>" callback and returns its
        result.  (A utility function is used rather than directly calling
        <tt>call_callback_4()</tt> because the <tt>nickserv/link</tt>
        module needs to make use of the callback as well, and the module
        system does not allow one module to call another's callbacks (which
        would be bad design in any case).</dd>

<dt><tt>void <b>update_userinfo</b>(const User *<i>u</i>)</tt></dt>
    <dd>Updates the user information for the client's nickname.  The
        <tt>NickInfo</tt> fields <tt>last_usermask</tt>,
        <tt>last_realmask</tt>, and <tt>last_realname</tt> are set from
        the corresponding fields of the <tt>User</tt> structure, and the
        <tt>last_seen</tt> field is set to the current time.
        <tt><i>u</i>-&gt;ni</tt> is assumed to be non-<tt>NULL</tt>.</dd>

<dt><tt>int <b>validate_user</b>(User *<i>u</i>)</tt></dt>
    <dd>Sets the <tt>ni</tt> and <tt>ngi</tt> fields of the <tt>User</tt>
        structure to point to the <tt>NickInfo</tt> and associated
        <tt>NickGroupInfo</tt>, if any, for the client's nickname (if an
        error occurs looking up the nickname group, <tt><i>u</i>-&gt;ni</tt>
        is set to <tt>NULL</tt> and <tt><i>u</i>-&gt;ngi</tt> is set to
        <tt>NICKGROUP_INVALID</tt>); then compares the client's information
        with the nickname data and determines what level of access for the
        nickname should be granted to the client.  Returns 1 if the client
        is granted either <tt>NA_IDENTIFIED</tt> or <tt>NA_RECOGNIZED</tt>
        access, otherwise zero.

        <p>This routine, along with the <tt>REGISTER</tt> command handler,
        is one of the two "points of entry" into Services, and as such is a
        critical point for Services security.  This is particularly
        relevant for the section of code conditionally granting full
        (<tt>NA_IDENTIFIED</tt>) nickname access; while
        <tt>has_identified_nick()</tt>, mentioned above, operates purely on
        data which has been seen since Services started (specifically, the
        list of nicknames the client is known to have become identified
        for, maintained by <tt>set_identified()</tt>) and is comparatively
        safe, the second check, which matches the servicestamp, username,
        and hostname of the last client to identify with those of the
        current client, needs special attention to ensure that it does not
        allow clients to gain improper access.  As noted in the comments in
        that section of code, the servicestamp provides a fairly high level
        of protection on servers which support it natively, while that
        level is reduced for servers which do not (such servers are rare
        nowadays).  The entire section of code can be disabled with the
        <tt>NoSplitRecovery</tt> configuration option for added security.</p>

        <p>If the client is determined not to have identified for the
        nickname previously, the routine continues, determining whether to
        give <tt>NA_RECOGNIZED</tt> access.  "Recognized" status is only
        implemented by access lists (see <a href="#s3-2">section 7-3-2</a>),
        and if the corresponding module is not loaded, the
        <tt>NA_RECOGNIZED</tt> flag will never be set on any nickname,
        except when set along with <tt>NA_IDENTIFIED</tt>.  Likewise, if a
        nickname's <tt>NF_SECURE</tt> flag is set, then
        <tt>NA_RECOGNIZED</tt> will not be set (and zero will be returned
        from the routine) even if the client is in fact recognized.</p>

        <p>If the client is not identified or recognized for the nickname,
        <tt>validate_user()</tt> checks whether the client should be
        killed or nick-changed, setting an appropriate timeout or calling
        the collide routines (see <a href="#s3-1-5">section 7-3-1-5</a>
        below) depending on the nickname group settings.  However, if the
        client was recognized (which will only be true if the nickname has
        the <tt>SECURE</tt> option set and thus <tt>NA_RECOGNIZED</tt> was
        not set), the kill checks are not performed, allowing the client to
        identify at its leisure.</p>

        <p>Finally, the routine checks the nickname's expiration time, and
        if it is due to expire "soon" (as defined by the
        <tt>NSExpireWarning</tt> configuration option), a warning notice is
        sent to the client.</p></dd>

<dt><tt>void <b>cancel_user</b>(User *<i>u</i>)</tt></dt>
    <dd>Updates a client's nickname data when the client stops using the
        nickname.  The <tt>last_seen</tt> field is updated if the client
        was either identified or recognized; the <tt>authstat</tt> field
        is cleared along with temporary status flags in the <tt>status</tt>
        field; an enforcer is introduced if the client was killed or
        nick-changed (see <a href="#s3-1-5">section 7-3-1-5</a>); the
        <tt>cancel user</tt>" callback is called; and any active nick
        collide timeouts are removed.  The <tt>ni</tt> and <tt>ngi</tt>
        fields of the client's <tt>User</tt> structure are also reset to
        <tt>NULL</tt>.</dd>

<dt><tt>void <b>set_identified</b>(User *<i>u</i>)</tt></dt>
    <dd>Marks the given client as having identified for the nickname it is
        currently using.  In addition to setting the authentication status
        to <tt>NA_IDENTIFIED&nbsp;| NA_RECOGNIZED</tt> and updating the
        nickname's <tt>id_stamp</tt> field, the routine adds the nickname
        group ID to the list of nickname groups for which the client has
        identified, stored in the <tt>User</tt> structure and checked by
        <tt>has_identified_nick()</tt>.</dd>

<dt><tt>NickInfo *<b>makenick</b>(const char *<i>nick</i>,
        NickGroupInfo **<i>nickgroup_ret</i>)</tt></dt>
    <dd>Creates a new <tt>NickInfo</tt> record with the given nickname,
        adds it to the database, and returns a pointer to the new record.
        If <tt><i>nickgroup_ret</i></tt> is not <tt>NULL</tt>, then a new
        <tt>NickGroupInfo</tt> record is also created for the nickname,
        the nickname's <tt>nickgroup</tt> field is set accordingly, and a
        pointer to the <tt>NickGroupInfo</tt> record (which is also added
        to the database) is stored in the variable pointed to by
        <tt><i>nickgroup_ret</i></tt>.  Returns <tt>NULL</tt> on error.</dd>

<dt><tt>int <b>delnick</b>(NickInfo *<i>ni</i>)</tt></dt>
    <dd>Removes the given nickname from the database and frees all
        resources used by the <tt>NickInfo</tt> structure.  If the nickname
        was the last of its group, then the nickname group is deleted as
        well.  Returns nonzero on success, zero on error.</dd>

<dt><tt>int <b>delgroup</b>(NickGroupInfo *<i>ngi</i>)</tt></dt>
    <dd>Removes the given nickname group from the database, along with all
        associated nicknames.  Returns nonzero on success, zero on error.</dd>

<dt><tt>int <b>drop_nickgroup</b>(NickGroupInfo *<i>ngi</i>,
        const User *<i>u</i>, const char *<i>dropemail</i>)</tt></dt>
    <dd>Removes the given nickname group from the database, like
        <tt>delgroup()</tt>, but first log information about the nicknames
        to be deleted.  <tt><i>u</i></tt> is the <tt>User</tt> structure
        for the client that sent the command resulting in the deletion.
        <tt><i>dropemail</i></tt> should be:
        <ul>
        <li><tt>NULL</tt> if the call is because of a <tt>DROP</tt> command
                from the nickname owner;</li>
        <li><tt>PTR_INVALID</tt> if the call is because of a <tt>DROPNICK</tt>
                command from a Services administrator;</li>
        <li>for a <tt>DROPEMAIL</tt> command, the parameter (address
                wildcard) used with the command.</li>
        </ul></dd>

<dt><tt>void <b>suspend_nick</b>(NickGroupInfo *<i>ngi</i>,
        const char *<i>reason</i>, const char *<i>who</i>,
        const time_t <i>expires</i>)</tt></dt>
    <dd>Suspends the given nickname group, copying the parameters
        <tt><i>reason</i></tt>, <tt><i>who</i></tt>, and
        <tt><i>expires</i></tt> into the suspension data fields.  (If
        <tt><i>expires</i></tt> is zero, then the suspension will not
        expire.)</dd>

<dt><tt>void <b>unsuspend_nick</b>(NickGroupInfo *<i>ngi</i>, int <i>set_time</i>)</tt></dt>
    <dd>Cancels the suspension on the given nickname group.  If
        <tt><i>set_time</i></tt> is nonzero, the last-seen time of each
        nickname in the group will be updated according to
        <tt>NSSuspendGrace</tt> to prevent the nickname from expiring for
        that length of time (if <tt>NSSuspendGrace</tt> or <tt>NSExpire</tt>
        are not set, or if the nickname already has enough time before
        expiration, the last-seen time will not be changed).</dd>

<dt><tt>int <b>nick_check_password</b>(User *<i>u</i>, NickInfo *<i>ni</i>,
        const char *<i>password</i>, const char *<i>command</i>,
        int <i>failure_msg</i>)</tt></dt>
    <dd>Performs a password check for a nickname as part of a NickServ
        command.  If the password is incorrect or an error occurs when
        checking, a notice will be sent to the client; a <tt>WALLOPS</tt>
        will also be sent for repeated bad password attempts on the same
        nickname.  <tt><i>u</i></tt> is the <tt>User</tt> structure for
        the client that issued the command; <tt><i>ni</i></tt> is the
        <tt>NickInfo</tt> structure for the nickname whose password is
        being checked; <tt><i>password</i></tt> is the password given by
        the client, <tt><i>command</i></tt> is the name of the command
        being executed; and <tt><i>failure_msg</i></tt> is the index of the
        message (language string) to be sent if an error occurs when
        checking the password.</dd>

<dt><tt>int <b>count_nicks_with_email</b>(const char *<i>email</i>)</tt></dt>
    <dd>Counts and returns the number of registered nicknames with the
        given E-mail address.  If a nickname has the given address but it
        is awaiting mail authentication, the value returned is negative;
        for example, if there are five nicknames using a given address but
        the address is not authenticated, -5 would be returned.  Note that
        this function must scan through the entire nickname database, so
        care should be taken not to call it too frequently.</dd>
</dl>

<p><tt>util.c</tt> also defines initialization and cleanup routines,
<tt>init_util()</tt> and <tt>exit_util()</tt>, which take care of
registering and unregistering the callbacks used by various utility
functions.  The routines are called as part of the <tt>nickserv/main</tt>
module iniitialization and cleanup.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s3-1-5">7-3-1-5. Nickname colliding</h5>

<p>In the general sense, a "nickname collision" is what happens when a
client on an IRC network attempts to use a nickname that is already in use
by another client.  The original (RFC 1459) solution to this was to kill
both clients, but with the advent of timestamps, most modern servers only
kill one or the other depending on the timestamps of the two colliding
clients.  Early versions of Services took advantage of this behavior to
implement kill protection: by introducing an "enforcer" pseudoclient with
an appropriate timestamp, the old client would be killed and would not be
able to reconnect with the same nickname.</p>

<p>With respect to Services, then, "nickname colliding" is the act of
forcing a client to stop using a particular nickname.  While the nickname
collision method itself has been abandoned, both to avoid depending on
particular collision semantics and to provide a more meaningful disconnect
message to the client ("Nick kill enforced" rather than an arbitrary server
collision message), and although many modern IRC servers allow Services to
forcibly change a client's nickname without going as far as disconnecting
the client altogether, the term "colliding" is still used to refer to this
set of actions.</p>

<p>Nickname colliding functionality is provided by the file
<tt>collide.c</tt>.  This file provides two methods of colliding nicknames:
directly, or via timeouts.  The nickname colliding code also has its own
initialization and cleanup functions (<tt>init_collide()</tt> and
<tt>exit_collide()</tt>), which are called from the <tt>nickserv/main</tt>
module initialization and cleanup routines.</p>

<p>The following routines are used when colliding nicknames directly:</p>

<dl>
<dt><tt>void <b>collide_nick</b>(NickInfo *<i>ni</i>, int <i>from_timeout</i>)</tt></dt>
    <dd>Collides the given nickname, either killing the client using the
        nickname or forcibly changing the client's nickname to a "guest"
        nickname depending on configuration settings.
        <tt><i>from_timeout</i></tt> is used internally with collide
        timeouts, and should always be zero when called externally.  This
        routine automatically calls <tt>introduce_enforcer()</tt> after
        the client has been killed or nick-changed (in the case of a
        forced nickname change, the enforcer is introduced by
        <tt>cancel_user()</tt> upon receipt of the <tt>NICK</tt> message
        indicating that the client's nickname has been changed).  Any
        pending nickname collide or "433" timeouts (see below) on the
        nickname are cancelled by thie routine.</dd>

<dt><tt>void <b>introduce_enforcer</b>(NickInfo *<i>ni</i>)</tt></dt>
    <dd>Introduces an enforcer pseudoclient for the given nickname, to
        prevent other clients from using the nickname.  This routine
        automatically adds a timeout to call <tt>release_nick()</tt> after
        <tt>NSReleaseTimeout</tt> seconds have passed.</dd>

<dt><tt>void <b>release_nick</b>(NickInfo *<i>ni</i>, int <i>from_timeout</i>)</tt></dt>
    <dd>Removes the enforcer pseudoclient for the given nickname, allowing
        other clients to use it again.  As with <tt>collide_nick()</tt>,
        <tt><i>from_timeout</i></tt> is used internally with collide
        timeouts, and should always be zero when called externally.  Any
        pending release timeouts on the nickname are cancelled by this
        routine.</dd>
</dl>

<p>Callers can also establish timeouts to collide or release a nick after
a certain time.  To avoid each caller having to include its own timeout
handlers, <tt>collide.c</tt> provides two wrapper routines around the
generic timeout functions:</p>

<dl>
<dt><tt>void <b>add_ns_timeout</b>(NickInfo *<i>ni</i>, int <i>type</i>,
        time_t <i>delay</i>)</tt></dt>
    <dd>Adds a timeout of the given type on the given nickname to occur in
        <tt><i>delay</i></tt> seconds.  <tt><i>type</i></tt> can be any of
        the following:
        <ul>
        <li><b><tt>TO_COLLIDE</tt>:</b> A timeout for colliding a nickname
                (<tt>collide_nick()</tt> will be called).</li>
        <li><b><tt>TO_RELEASE</tt>:</b> A timeout for releasing the hold on
                a nickname (<tt>release_nick()</tt> will be called).</li>
        <li><b><tt>TO_SEND_433</tt>:</b> A timeout for sending the client
                using the nickname a "433" error message.  (433 is the code
                for the <tt>ERR_NICKCOLLISION</tt> reply to a <tt>NICK</tt>
                message, and will cause most interactive client software to
                request a new nickname from the user.  However, some server
                software has been known to disallow servers from sending
                433 replies to remote clients.)</li>
        </ul></dd>

<dt><tt>void <b>rem_ns_timeout</b>(NickInfo *<i>ni</i>, int <i>type</i>,
        int <i>del_to</i>)</tt></dt>
    <dd>Removes any timeout of the given type on the given nickname;
        <tt><i>ni</i></tt> can be <tt>NULL</tt> to cause timeouts on all
        nicknames (of the given type) to be removed.  <tt><i>type</i></tt>
        can be any of the type values used with <tt>add_ns_timeout()</tt>,
        or -1 to remove timeouts of all types.  <tt><i>del_to</i></tt>
        should always be nonzero when called externally (the parameter is
        used for calling from within a timeout function, where it is not
        necessary to delete the <tt>Timeout</tt> structure as well).</dd>
</dl>

<p>Each of the three timeout types has its own timeout function:
<tt>timeout_collide()</tt>, <tt>timeout_release()</tt>, and
<tt>timeout_send_433()</tt>.  The timeout functions check for any change
in status (such as identification for the nickname) before performing
their respective functions.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s3-2">7-3-2. Nickname access lists</h4>

<p>Nickname access lists are managed by the <tt>nickserv/access</tt>
module, defined in <tt>access.c</tt>.  The module is quite simple,
consisting of a database table, two callback functions, and a NickServ
command (<tt>ACCESS</tt>).  For simplicity, the module (along with other
NickServ submodules) assumes the presence of the <tt>nickserv/main</tt>
module rather than explicitly importing every required NickServ symbol,
although the module's initialization does look up the
<tt>nickserv/main</tt> module handle for use in adding the requisite
callbacks and the <tt>ACCESS</tt> command.</p>

<p>One unusual feature is the use of a static buffer for reading and
writing database records.  Since the access list itself is stored in the
corresponding nickname group's <tt>NickGroupInfo</tt> structure as an
array, the entries must be extracted and made available to the database
subsystem in an independent (normalized) format.  This is done by using a
<tt>{<i>nickgroup-ID</i>,<i>access-mask</i>}</tt> record format, and
providing a single record buffer.  When loading data from persistent
storage, the table's <tt>newrec()</tt> function returns a pointer to this
buffer, taking advantage of the fact that only one record is loaded at a
time (see <a href="6.html#s2-1">section 6-2-1</a>); the <tt>insert()</tt>
routine then looks up the nickname group stored in the buffer and appends
the given access mask to that nickname group's access list, while the
<tt>freerec()</tt> routine frees the access mask string.  When saving data,
the <tt>first()</tt> and <tt>next()</tt> routines call
<tt>first_nickgroupinfo()</tt> and <tt>next_nickgroupinfo()</tt> in turn,
looping through each access mask of each nickname group.</p>

<p>Ideally, the access lists would be stored in memory in the same fashion,
as a distinct table using the nickname group ID as a key.  However, since
the current database implementation does not provide an efficient way to
look up records matching arbitrary criteria (like a <tt>SELECT</tt>
statement in SQL), and since problems would ensue when trying to save the
data using the (deprecated, but still available) <tt>database/version4</tt>
module, the in-memory data structures were left as is.  See the comments in
the <tt>autojoin.c</tt> source file for a more complete description.</p>

<p>Other than this, there is little of note in the module; the
<tt>do_access()</tt> command handler simply adds or removes the requested
mask to or from the access list, and the callback functions take care of
setting an initial access mask on registration and determining whether the
user should be treated as recognized by <tt>validate_user()</tt>.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s3-3">7-3-3. Nickname auto-join lists</h4>

<p>Nickname auto-join lists are managed by the <tt>nickserv/autojoin</tt>
module, defined in <tt>autojoin.c</tt>.  Aside from the details of its
operation, this module is nearly identical to the <tt>nickserv/access</tt>
module, including the hack used for database loading and saving; see the
discussion of that module above (<a href="#s3-2">section 7-3-2</a>) for
details.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s3-4">7-3-4. Linking and nickname groups</h4>

<p>The distinction between "nicknames" and "nickname groups" has been made
several times above.  Ordinarily, this is only of importance as far as
which structure is accessed (<tt>NickInfo</tt> or <tt>NickGroupInfo</tt>);
however, the <tt>nickserv/link</tt> module, defined in <tt>link.c</tt>,
allows nicknames to be linked together by assigning the same nickname group
to both nicknames.  This results in all information in the
<tt>NickGroupInfo</tt> structure being shared among all linked nicknames,
with only the data in the <tt>NickInfo</tt> structure kept separately for
each nickname.</p>

<p>The <tt>nickserv/link</tt> includes three commands: <tt>LINK</tt>,
<tt>UNLINK</tt>, and <tt>LISTLINKS</tt>, as well as one additional
<tt>SET</tt> option, <tt>SET MAINNICK</tt> (linked in through NickServ's
"<tt>SET</tt>" callback).  Of these, <tt>LISTLINKS</tt> and <tt>SET
MAINNICK</tt> are straightforward: <tt>do_listlinks()</tt> simply echoes
the contents of the <tt>nicks[]</tt> array for the calling client's
nickname group (or the specified nickname's group for Services
operators), and <tt>do_set_mainnick()</tt> modifies the nickname
group's <tt>mainnick</tt> field based on the given nickname.</p>

<p>When the <tt>LINK</tt> command is given to link a new nickname to the
caller's nickname group, <tt>do_link()</tt> first ensures that the new
nickname is not already in use and that creating the link would not cause
the caller's total number of nicknames to exceed the <tt>NSRegEmailMax</tt>
limit, if set.  (Note that <tt>LINK</tt> does <i>not</i> abort if the mail
address is not authenticated, simply checking the absolute value of the
return from <tt>count_nicks_with_email()</tt> against the limit; creating
the link does not in itself grant any additional privileges to the user,
and can at most be used to "hide" from other users while maintaining
current privileges.)  If these checks pass, a new <tt>NickInfo</tt>
structure is created, passing <tt>NULL</tt> as the
<tt><i>nickgroup_ret</i></tt> parameter to <tt>makenick()</tt> to indicate
that a new nickname group is not required; updates the <tt>NickInfo</tt>
structure with the calling user's data; stores the nickname group ID in the
new nickname's <tt>nickgroup</tt> field; and appends the new nickname to
the nickname group's <tt>nicks[]</tt> array.</p>

<p><tt>UNLINK</tt> acts similarly to the Services administrator command
<tt>DROPNICK</tt> for a single nickname in a group.  However, since
<tt>UNLINK</tt> is not limited to Services administrators, care must be
taken that an unprivileged client is not allowed to delete nicknames from
other nickname groups; this check is made by ensuring that (1) the target
nickname has a valid associated <tt>NickGroupInfo</tt> structure and (2)
the nickname group IDs of the two nickname groups are equal, and
disallowing the command otherwise if the <tt>FORCE</tt> option is not
given.  (The check is made on the <tt>FORCE</tt> option, disallowed for
unprivileged clients, rather than on the client's privilege level in order
to prevent accidental deletion of others' nicknames by Services
administrators.)  If the command is allowed, the routine then deletes the
nickname by calling <tt>delnick()</tt>; if the nickname group's main
nickname is the one being unlinked, <tt>delnick()</tt> automatically
adjusts the <tt>mainnick</tt> field to the next nickname in the
<tt>nicks[]</tt> array (or the previous nickname, if the deleted nickname
was the last one in the array).</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s3-5">7-3-5. E-mail address authentication</h4>

<p>While it has long been possible to associate an E-mail address with a
registered nickname, there was traditionally no way to ensure that the
address given was in fact a valid one belonging to the nickname owner.
Since Services 5.0, such functionality has been provided by the
<tt>nickserv/mail-auth</tt> module, defined in <tt>mail-auth.c</tt>.  As
described in the user's manual, E-mail address authentication works by
assigning a random "authentication code" to the nickname, then sending an
E-mail message to the registered address containing that code; the owner is
not allowed to identify to the nickname until the code has been entered,
ensuring that the address is one which the owner has (or at least had, at
the time the message was sent) access to.</p>

<p>Internally, this processing is managed with the <tt>authcode</tt>,
<tt>authset</tt>, and <tt>authreason</tt> fields of the
<tt>NickGroupInfo</tt> structure.  When an event occurs requiring E-mail
address authentication, the module generates a random 9-digit numeric code
(100000000 through 999999999 inclusive&mdash;codes with leading zeroes are
not used in order to avoid confusion), stores the code in the nickname
group's <tt>authcode</tt> field, and calls the mail subsystem's
<tt>sendmail()</tt> routine to send a message to the nickname group's
registered E-mail address (see <a href="8.html#s3">section 8-3</a> for
information about how mail is sent).  Additionally, the current timestamp
is stored in the <tt>authset</tt> field, and the reason for setting the
code (one of the <tt>NICKAUTH_*</tt> constants) is stored in the
<tt>authreason</tt> field.  (In early versions of the module, the reason
was stored in two bits of the authentication code; this method was later
rejected, however, as being too kludgey and inflexible as well as leaking
information.)  The presence of a nonzero value in the <tt>authcode</tt>
field indicates that the nickname group is awaiting authentication, and a
nickname identification callback function ensures that clients are not
allowed to identify for such nicknames (nor does <tt>validate_user()</tt>
allow automatic identification if an authentication code is present), thus
effectively preventing their use.  By issuing an AUTH command with the
correct code, a nickname owner can clear the nickname group's
<tt>authcode</tt> field, allowing identification to the nickname(s) once
more.</p>

<p>The module begins with several utility functions:</p>

<dl>
<dt><tt>void <b>make_auth</b>(NickGroupInfo *<i>ngi</i>, int16 <i>reason</i>)</tt></dt>
    <dd>Generates a random authentication code, and sets the nickname
        group's <tt>authcode</tt>, <tt>authset</tt>, and <tt>authreason</tt>
        fields appropriately.  The <tt><i>reason</i></tt> parameter is
        copied directly into the <tt>authreason</tt> field, without checks
        on its value.</dd>

<dt><tt>void <b>clear_auth</b>(NickGroupInfo *<i>ngi</i>)</tt></dt>
    <dd>Clears the given nickname group's authentication code (if any), as
        well as all related nickname group data fields (including the
        previous E-mail address).</dd>

<dt><tt>int <b>send_auth</b>(User *<i>u</i>, NickGroupInfo *<i>ngi</i>,
        const char *<i>nick</i>, int <i>what</i>)</tt></dt>
    <dd>Sends an E-mail to the given nickname group's owner containing the
        nickname's current authentication code.  <tt><i>u</i></tt> is the
        <tt>User</tt> structure for the client whose command caused the
        message to be sent; <tt><i>nick</i></tt> is the specific nickname
        for which the command was issued; and <tt><i>what</i></tt> is
        one of the <tt>IS_*</tt> constants defined for the routine
        (internally a language string index for the mail body or -1 for the
        special case of <tt>SETAUTH</tt>).  The routine itself is defined
        as <tt>send_auth_</tt>, taking a <tt><i>line</i></tt> parameter
        indicating where in the source the routine was called from; this is
        filled in automatically by the <tt>send_auth()</tt> macro.  In
        order to inform the calling client of the success or failure of
        sending the message, <tt>send_auth()</tt> creates a
        <tt>sendauth_data</tt> structure for each message sent, used in the
        two routines listed below.</dd>

<dt><tt>void <b>send_auth_callback</b>(int <i>status</i>, void *<i>data</i>)</tt></dt>
    <dd>The callback function used for <tt>sendmail()</tt> when called from
        <tt>send_auth()</tt>.  This routine uses the <tt>sendauth_data</tt>
        structure for the sent message (passed as the <tt><i>data</i></tt>
        parameter) to send a reply to the client that issued the original
        command, and also to clear the nickname group's
        <tt>last_sendauth</tt> field if the command used was
        <tt>SENDAUTH</tt> and the message could not be sent.  The structure
        is then removed from the global list and freed.</dd>

<dt><tt>int <b>sendauth_userdel</b>(User *<i>user</i>,
        const char *<i>reason</i>, int <i>is_kill</i>)</tt></dt>
    <dd>Used as a callback function for the core's "<tt>user delete</tt>"
        callback.  Iterates through the <tt>sendauth_data</tt> list,
        clearing the <tt>User</tt> pointer of any entries for the user
        being removed; this causes <tt>send_auth_callback()</tt> to skip
        sending a reply when the mail sending completes.</dd>
</dl>

<p>These routines are followed by the command handlers for the commands
supported by the module: <tt>AUTH</tt>, <tt>SENDAUTH</tt>, <tt>REAUTH</tt>,
<tt>RESTOREMAIL</tt>, and the Services administrator commands
<tt>SETAUTH</tt>, <tt>GETAUTH</tt>, and <tt>CLEARAUTH</tt>.  Of these, the
only fairly complex one is the <tt>AUTH</tt> handler, <tt>do_auth()</tt>,
as it must watch for attempts to guess the authentication code.  (Invalid
<tt>AUTH</tt> commands are treated the same as bad passwords to
<tt>IDENTIFY</tt> or other commands, by calling <tt>bad_password()</tt> and
incrementing the nickname group's <tt>bad_auths</tt> field, which itself
can generate a warning via <tt>WALLOPS</tt>.)</p>

<p>Finally, the module includes four callback functions.  Two of these,
<tt>do_registered()</tt> and <tt>do_set_email()</tt>, hook into the
NickServ callbacks for the <tt>REGISTER</tt> and <tt>SET EMAIL</tt>
commands, respectively, dropping the client's identified status and
generating and sending an authentication code.  (Changes to the E-mail
address made by Services administrators are not subject to authentication,
however.)  These are followed by the <tt>IDENTIFY</tt> command callback
function <tt>do_identify()</tt>, which disallows <tt>IDENTIFY</tt> for
nicknames with pending authentication codes, and the expiration check
callback function <tt>do_check_expire()</tt>, which drops a
newly-registered nickname after <tt>NSNoAuthExpire</tt> seconds (if set) if
not authenticated, and also clears any pending <tt>REAUTH</tt> after the
same amount of time (the user can subsequently use a second <tt>REAUTH</tt>
if necessary).</p>

<p>Since the ability to send E-mail is essential for this module to work,
the <tt>init_module()</tt> function checks for the presence of the
<tt>mail/main</tt> module, refusing to load if it is not available.</p>

<p class="backlink"><a href="#top">Back to top</a></p>

<!------------------------------------------------------------------------>
<hr/>

<h3 class="subsection-title" id="s4">7-4. ChanServ</h3>

<p>ChanServ is the most complex of the standard Services pseudoclients,
owing to the variety of operations that can be performed on channels.
There is no easy way to split those operations up into separate modules
(except by individual command, an avenue which has not been pursued), and
as a result, the core ChanServ module is itself the largest module in
Services.</p>

<p>As with NickServ, the core ChanServ module, <tt>chanserv/main</tt>, is
split up over several source files.  These are discussed in
<a href="#s4-1">section 7-4-1</a> and its subsections, with the exception
of the <tt>access.c</tt> source file, which is discussed in
<a href="#s4-2">section 7-4-2</a> along with the access list manipulation
submodules, <tt>chanserv/access-levels</tt> and
<tt>chanserv/access-xop</tt>.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s4-1">7-4-1. ChanServ core functionality</h4>

<p>The core ChanServ module, <tt>chanserv/main</tt>, is built from several
source files, along much the same lines as the core NickServ module:
<tt>main.c</tt>, containing the central module code and most command
handlers; <tt>access.c</tt>, for handling channel access lists;
<tt>check.c</tt>, for checking the status of a channel against registered
data and making appropriate changes; <tt>set.c</tt>, implementing the
<tt>SET</tt> command; and <tt>util.c</tt>, defining various ChanServ
utility functions.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-1-1">7-4-1-1. Channel data structures</h5>

<p>As with NickServ, ChanServ splits its declarations into two header
files: <tt>chanserv.h</tt>, containing structures and routine declarations
intended to be exported to other modules, and <tt>cs-local.h</tt>, for
internal use by ChanServ only.  (There is also a separate header file,
<tt>access.h</tt>, specifically for channel access list definitions; this
is discussed in <a href="#s4-2-1">section 7-4-2-1</a>.)</p>

<p>The channel data structure, <tt>ChannelInfo</tt>, is naturally exported.
As ChanServ does not have the concept of "links" or "channel groups" that
NickServ uses with nicknames, all data for a channel is stored in this
single structure.  <tt>ChannelInfo</tt> does, however, include three
substructures, defined before it in <tt>chanserv.h</tt>:</p>

<dl>
<dt><tt>ChanAccess</tt></dt>
    <dd>Contains the data for an entry on a channel's access list.  Access
        list entries are stored by nickname group ID, rather than by
        nickname, both to optimize checking an access list for a particular
        client and to eliminate the possibility of two or more entries
        matching a single client.  (This is why only registered nicknames
        are allowed on channel access lists, and why channel access list
        entries are always displayed using the nickname group's main
        nickname, regardless of the nickname actually added to the list.)
        Rather than resizing the array every time a change is made to the
        list, deleted entries are left in memory with a nickname group ID
        of zero, and subsequent adds reuse these entries before attempting
        to expand the array.  The <tt>channel</tt> field is used to link
        the record with its associated channel when loading and saving
        data.  There are also a number of access-level related constants
        declared below this structure, such as the maximum and minimum
        access levels and the equivalent access levels for the <tt>XOP</tt>
        commands.</dd>

<dt><tt>AutoKick</tt></dt>
    <dd>Contains the data for an entry on a channel's autokick list.  As
        with access list entries, deleted entries are left in the list
        rather than resizing the array (a <tt>NULL</tt> value for the mask
        string indicates an unused entry), and the <tt>channel</tt> field
        is used when loading and saving data to link the record with its
        associated channel.</dd>

<dt><tt>ModeLock</tt></dt>
    <dd>Contains a channel's mode lock data, including the set of modes
        locked on and off along with parameters for modes that require
        them; with the exception of the presence of two mode sets rather
        than one (modes can be locked on, locked off, or neither), the
        structure's contents are the same as the fields used in channel
        data structures (<tt>Channel</tt> records) to record the channel's
        current mode.  The mode sets are normally maintained as bitmasks,
        but when used in the <tt>convert-db</tt> tool, they are defined as
        strings instead to allow lossless conversion to XML without needing
        to know the specific set of modes supported by the program that
        created the database.  Unlike the <tt>ChanAccess</tt> and
        <tt>AutoKick</tt> structures, there is only one <tt>ModeLock</tt>
        structure per channel, and the data in the structure is saved along
        with the channel record itself, so there is no need for a separate
        channel field.</dd>
</dl>

<p><tt>chanserv.h</tt> also defines constants for each of the channel
privilege levels (indices into the <tt>levels[]</tt> array of the
<tt>ChannelInfo</tt> structure).  As noted in the comment above the list
of definitions, changing the values of any of the constants will cause
malfunctions when using the <tt>database/version4</tt> module, since that
module simply reads in the list of levels as a block.  (This is why the
index 18, formerly used for <tt>CA_AUTOOWNER</tt>, is unused&mdash;to avoid
problems with databases in which that index is used.)</p>

<p>The <tt>ChannelInfo</tt> structure itself contains the following
fields:</p>

<dl>
<dt><tt>ChannelInfo *<b>next</b>, *<b>prev</b></tt></dt>
    <dd>Used to link records together in the internal hash table.</dd>

<dt><tt>int <b>usecount</b></tt></dt>
    <dd>The record's usage count (number of gets minus number of puts).
        <i>(Implementation note:  As noted in <a href="#s1">section 7-1</a>,
        this field currently serves no actual purpose.)</i></dd>

<dt><tt>char <b>name</b>[CHANMAX]</tt></dt>
    <dd>The channel's name.  Capitalization is as used when the channel was
        registered, and does not change due to later actions.  The buffer
        size, <tt>CHANMAX</tt>, is defined in the global header file
        <tt>defs.h</tt>.</dd>

<dt><tt>uint32 <b>founder</b></tt>
<br/><tt>uint32 <b>successor</b></tt></dt>
    <dd>The nickname group ID of the channel's founder and successor,
        respectively.  If the channel does not have a successor set, the
        <tt>successor</tt> field will be zero.</dd>

<dt><tt>Password <b>founderpass</b></tt></dt>
    <dd>The founder password for the channel.</dd>

<dt><tt>char *<b>desc</b></tt></dt>
    <dd>The channel's description, as specified at registration time or
        with a later <tt>SET DESC</tt> command.</dd>

<dt><tt>char *<b>url</b></tt></dt>
    <dd>The URL associated with the channel, as set with the <tt>SET
        URL</tt> command.  <tt>NULL</tt> if no URL has been set.</dd>

<dt><tt>char *<b>email</b></tt></dt>
    <dd>The E-mail address associated with the channel, as set with the
        <tt>SET EMAIL</tt> command.  <tt>NULL</tt> if no E-mail address
        has been set.</dd>

<dt><tt>char *<b>entry_message</b></tt></dt>
    <dd>The channel's entry message (the message sent as a <tt>NOTICE</tt>
        to clients entering the channel), as set with the <tt>SET
        ENTRYMSG</tt> command.  <tt>NULL</tt> if no entry message has been
        set.</dd>

<dt><tt>time_t <b>time_registered</b></tt></dt>
    <dd>The timestamp at which the channel was registered.</dd>

<dt><tt>time_t <b>last_used</b></tt></dt>
    <dd>The timestamp at which the channel was last used (see
        <a href="../3.html#2-3">section 3-2-3 of the user's manual</a> for
        details of how the last-used time is set).</dd>

<dt><tt>char *<b>last_topic</b></tt>
<br/><tt>char <b>last_topic_setter</b>[NICKMAX]</tt>
<br/><tt>time_t <b>last_topic_time</b></tt></dt>
    <dd>The topic most recently set on the channel, along with the nickname
        of the client that set the topic and the timestamp at which it was
        set.  If no topic has been set on the channel, <tt>last_topic</tt>
        will be <tt>NULL</tt>, and the other two fields will be
        undefined.</dd>

<dt><tt>int32 <b>flags</b></tt></dt>
    <dd>A bitmask containing zero or more of the following channel flags:
        <ul>
        <li><b><tt>CF_KEEPTOPIC</tt>:</b> ChanServ should restore the
                channel's previous topic each time the channel is created
                on the IRC network (<tt>SET KEEPTOPIC</tt>).</li>
        <li><b><tt>CF_SECUREOPS</tt>:</b> Clients without a positive access
                level on the channel should be prevented from getting ops
                (<tt>SET SECUREOPS</tt>).</li>
        <li><b><tt>CF_PRIVATE</tt>:</b> The channel is hidden from the
                <tt>LIST</tt> command output, except when used by Services
                administrators (<tt>SET PRIVATE</tt>).</li>
        <li><b><tt>CF_TOPICLOCK</tt>:</b> ChanServ should prevent the topic
                from being changed except by the <tt>SET TOPIC</tt> command
                (<tt>SET TOPICLOCK</tt>).</li>
        <li><b><tt>CF_RESTRICTED</tt>:</b> ChanServ should automatically
                kick and ban any clients without a positive access level
                that attempt to join the channel (<tt>SET
                RESTRICTED</tt>).</li>
        <li><b><tt>CF_LEAVEOPS</tt>:</b> ChanServ should not remove
                server-generated ops for the first client to join a
                channel, even if that client would not normally be
                auto-opped (<tt>SET LEAVEOPS</tt>).</li>
        <li><b><tt>CF_SECURE</tt>:</b> When checking a client's channel
                access level, require the client to have identified to
                NickServ regardless of the setting of the nickname's
                <tt>SECURE</tt> option (<tt>SET SECURE</tt>).</li>
        <li><b><tt>CF_VERBOTEN</tt>:</b> The channel is forbidden
                (<tt>FORBID</tt>).</li>
        <li><b><tt>CF_NOEXPIRE</tt>:</b> The channel does not expire
                (<tt>SET NOEXPIRE</tt>).</li>
        <li><b><tt>CF_OPNOTICE</tt>:</b> ChanServ should send a notice to
                the channel whenever any of the <tt>OP</tt>, <tt>VOICE</tt>,
                or related commands are used (<tt>SET OPNOTICE</tt>).</li>
        <li><b><tt>CF_ENFORCE</tt>:</b> ChanServ should prevent clients
                from removing automatically-set channel user modes such as
                auto-ops (<tt>SET ENFORCE</tt>).</li>
        <li><b><tt>CF_HIDE_EMAIL</tt>:</b> The channel's E-mail address is
                hidden from the <tt>INFO</tt> command output, except when
                used by Services administrators (<tt>SET HIDE
                EMAIL</tt>).</li>
        <li><b><tt>CF_HIDE_TOPIC</tt>:</b> The channel's current or last
                topic is hidden from the <tt>INFO</tt> command output,
                except when used by Services administrators (<tt>SET HIDE
                TOPIC</tt>).</li>
        <li><b><tt>CF_HIDE_MLOCK</tt>:</b> The channel's mode lock is
                hidden from the <tt>INFO</tt> command output, except when
                used by Services administrators (<tt>SET HIDE
                MLOCK</tt>).</li>
        <li><b><tt>CF_SUSPENDED</tt>:</b> The channel is suspended
                (<tt>SUSPEND</tt>).</li>
        <li><b><tt>CF_MEMO_RESTRICTED</tt>:</b> Only users with the
                <tt>MEMO</tt> privilege are permitted to send memos to the
                channel (<tt>SET MEMO-RESTRICTED</tt>).</li>
        </ul>
        The flag values 0x00000100 and 0x00000400 are unused to avoid
        difficulties with databases from earlier versions of Services
        which used these values.</dd>

<dt><tt>char <b>suspend_who</b>[NICKMAX]</tt>
<br/><tt>char *<b>suspend_reason</b></tt>
<br/><tt>time_t <b>suspend_time</b></tt>
<br/><tt>time_t <b>suspend_expires</b></tt></dt>
    <dd>Suspension data for the channel, if the <tt>CF_SUSPENDED</tt> flag
        is set.  Used in the same fashion as the same-named fields in the
        <tt>NickGroupInfo</tt> structure (see <a href="#s3-1-1">section
        7-3-1-1</a>).</dd>

<dt><tt>int16 <b>levels</b>[CA_SIZE]</tt></dt>
    <dd>The channel access levels corresponding to each of the channel
        privileges (<tt>CA_INVITE</tt>, <tt>CA_AKICK</tt>, and so on).
        A value of <tt>ACCLEV_DEFAULT</tt> indicates that the corresponding
        privilege should use the default access level defined in
        <tt>access.c</tt>; a value of <tt>ACCLEV_INVALID</tt> indicates
        that the corresponding privilege is disabled entirely, except with
        respect to the channel founder.</dd>

<dt><tt>ChanAccess *<b>access</b></tt>
<br/><tt>int16 <b>access_count</b></tt></dt>
    <dd>A variable-length array containing the channel's access list.</dd>

<dt><tt>AutoKick *<b>akick</b></tt>
<br/><tt>int16 <b>akick_count</b></tt></dt>
    <dd>A variable-length array containing the channel's autokick list.</dd>

<dt><tt>ModeLock <b>mlock</b></tt></dt>
    <dd>The channel's mode lock data.</dd>

<dt><tt>Channel *<b>c</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  Points to the
        <tt>Channel</tt> structure for the channel if it is currently in
        use.</dd>

<dt><tt>int <b>bad_passwords</b></tt></dt>
    <dd><i>Not saved to persistent storage.</i>  The number of times an
        incorrect password has been given for a channel command (such as
        <tt>IDENTIFY</tt>) since the last correct password.  Used to warn
        about attempts to crack the password.</dd>
</dl>

<p>The <tt>cs-local.h</tt> header file includes three definitions used
internally by ChanServ:</p>

<dl>
<dt><tt>MAX_MLOCK_PARAMS</tt> (constant)</dt>
    <dd>Sets the maximum number of command parameters that the <tt>SET
        MLOCK</tt> command will process.  This constant is used to avoid
        the overhead of dynamically allocating an argument array for every
        invocation of the command; any parameters passed beyond this limit
        will be silently ignored.  The default value, 256, is more
        parameters than are can be passed in an RFC-standard 512-byte line
        (even if every parameter is one character, subtracting out the
        "<tt>SET MLOCK</tt>" leaves space for only 251 parameters, not
        considering the trailing CR/LF and other IRC protocol overhead).</dd>

<dt><tt>ChanOpt</tt> (structure)</dt>
    <dd>Used to define channel option data, for use by the <tt>SET</tt> and
        <tt>INFO</tt> commands.  The structure has the following fields:
        <ul>
        <li><b><tt>name</tt>:</b> The name of the option, as a string.</li>
        <li><b><tt>flag</tt>:</b> The corresponding <tt>ChannelInfo.flags</tt>
                flag value.</li>
        <li><b><tt>namestr</tt>:</b> The option's descriptive name (for use
                in <tt>INFO</tt> output), as a language string index.  If
                -1, the option will not be included in <tt>INFO</tt>
                output.</li>
        <li><b><tt>onstr</tt>, <tt>offstr</tt></b>: Response messages for
                turning the option on and off via <tt>SET</tt>, as language
                string indices.</li>
        <li><b><tt>syntaxstr</tt></b>: The syntax message for setting the
                option, as a language string index.</li>
        </ul></dd>

<dt><tt>RET_*</tt> (constants)</dt>
    <dd>Return values from access list modification routines.  See
        <a href="#s4-2-1">section 7-4-2-1</a> for details.</dd>
</dl>

<p id="s4-1-1-rename">One other point of note in <tt>cs-local.h</tt> is the
renaming of several functions in <tt>set.c</tt> and <tt>util.c</tt> using
<tt>#define</tt> directives, such as renaming <tt>init_set()</tt> to
<tt>init_set_cs()</tt>. This is to avoid conflicts with NickServ, which
includes functions of the same name in its own <tt>set.c</tt> and
<tt>util.c</tt>.  While the functions involved are not used outside of
ChanServ, they must be declared external for the multi-file link to
succeed; as a result, if the functions are not renamed, linking the final
program when using static modules will result in a symbol name clash when
the symbols from both modules are processed.  This problem does not occur
when using dynamic modules, since the presence of conflicting symbols in
dynamic modules is not itself an error, and no attempt is made to reference
either set of symbols from any other module (the references within the
respective modules are resolved at module link time).</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-1-2">7-4-1-2. Overall module structure</h5>

<p>The main source file for ChanServ, <tt>main.c</tt>, follows the same
pattern as its NickServ counterpart; see <a href="#s3-1-2">section
7-3-1-2</a> for a more extensive description.</p>

<p>One of the first things defined in <tt>main.c</tt> is the
<tt>chanopts[]</tt> table, an array of <tt>ChanOpt</tt> structures (see
above) describing on/off options available on channels from a user's
perspective.  This table is used primarily for the <tt>SET</tt> command
(thus only flags which have a corresponding <tt>SET</tt> command are
listed), and secondarily for outputting the channel's option set in
response to the <tt>INFO</tt> command.  Note that the three <tt>HIDE</tt>
options are not listed here, as they are handled specially for the
<tt>SET</tt> command and not listed in the <tt>INFO</tt> output.</p>

<p>In addition to the standard command list in the <tt>cmds[]</tt> array,
two separate arrays are defined, for the <tt>HALFOP</tt>/<tt>DEHALFOP</tt>
and <tt>PROTECT</tt>/<tt>DEPROTECT</tt> command pairs.  These commands can
only be used if the IRC server protocol supports the corresponding feature,
so the module initialization routine checks the protocol's feature flags
and conditionally registers these two pairs of commands.</p>

<p>ChanServ includes a significant number of callback functions for various
IRC events: in addition to watching for newly-created channels and users
joining channels, it must also monitor changes of status such as channel
modes and channel topics to ensure that they remain consistent with the
registered settings and to record changes, as well as take notice of
nickname-related events that can affect channels.  Of these, the
<tt>do_nickgroup_delete()</tt> callback function, called when a nickname
group is deleted, is easily the most complex.  Since channel founders must
be registered nicknames, the disappearance of a nickname group means that
any channels with that group as founder will no longer have a valid founder
group ID.  If the channel has a successor set, the successor may be able to
assume foundership of the channel&mdash;but the code must be careful that
this does not cause the successor to exceed his registered channel limit,
or users could circumvent the limit by registering multiple nicknames,
setting one as founder and another as successor, and deliberately dropping
the founder nickname.  In addition, if the channel was suspended, it is
changed to a forbidden channel to prevent users from getting around a
suspension by dropping and re-registering their nickname.  Because of these
various potentialities, the callback function always logs any actions it
takes in response to the deletion of a nickname group.</p>

<p>Of the command routines, the basic commands (<tt>HELP</tt>,
<tt>REGISTER</tt>, <tt>IDENTIFY</tt>, <tt>DROP</tt>, <tt>DROPCHAN</tt>,
<tt>INFO</tt>, <tt>LIST</tt>) are very similar to their NickServ
counterparts, and are not discussed in detail here.  The two
ChanServ-specific commands whose handlers are fairly complex are
<tt>AKICK</tt> and the <tt>OP</tt>/<tt>VOICE</tt> command set.</p>

<p>The <tt>AKICK</tt> command handler <tt>do_akick()</tt>, despite its
length (including a separate helper routine used with <tt>LIST</tt> and
<tt>VIEW</tt>), is not dissimilar to the OperServ autokill and S-line
commands, or the NickServ <tt>ACCESS</tt> and <tt>AJOIN</tt> handlers.  The
only significant difference is the presence of the <tt>ENFORCE</tt>
subcommand; this is implemented by calling <tt>check_kick()</tt>, the
routine used to check whether newly-joined clients are allowed to join a
channel (see <a href="#s4-1-3">section 7-4-1-3</a>) for each client on the
channel, causing clients which match an entry on the autokill list to be
kickbanned.</p>

<p>The <tt>OP</tt> and <tt>VOICE</tt> family of commands all perform a
common function&mdash;adding or removing a channel user mode&mdash;and for
this reason, all eight commands are handled by a single routine,
<tt>do_opvoice()</tt>, with handlers for each command that call the common
routine with the appropriate command name to indicate the mode of
operation.  The data used by the common routine is stored in
<tt>opvoice_data[]</tt>, an array of structures with the following
fields:</p>

<ul>
<li><b><tt>cmd</tt>:</b> The command name.</li>
<li><b><tt>add</tt>:</b> Nonzero if the command adds a mode, zero if it
        removes a mode.</li>
<li><b><tt>mode</tt>:</b> The mode character added or removed.</li>
<li><b><tt>target_acc</tt>:</b> A channel privilege index (<tt>CA_*</tt>
        constant); if the target client is in this privilege class, the
        command will be refused.</li>
<li><b><tt>success_msg</tt>:</b> The language string index for the message
        to be sent when the command succeeds.</li>
<li><b><tt>already_msg</tt>:</b> The language string index for the message
        to be sent when the client already has the mode added (or lacks the
        mode removed) by the command.</li>
<li><b><tt>failure_msg</tt>:</b> The language string index for the message
        to be sent when the command is rejected.</li>
</ul>

<p>When called, <tt>do_opvoice()</tt> first extracts the data for the
command from the <tt>opvoice_data[]</tt> table, and sets an additional
variable, <tt>target_nextacc</tt>, used for mode-removal commands to set an
upper bound on the target client access level check; this is used to, for
example, allow <tt>DEVOICE</tt> on an auto-op client (since the client can
just give themselves voice status again if necessary).  The routine then
loops through all target nicknames given with the command; a
<tt>do/while</tt> loop is used so that if no nicknames are given at all,
the code will still be run once (in this case the client that gave the
command is used as the target).  For each target client, the standard
permission and channel status checks are performed, and then the routine
determines whether to allow the command:</p>
<ol>
<li>If the target client is the client giving the command, the command is
        allowed.</li>
<li>If the command removes a mode (<tt>DEOP</tt>, <tt>DEVOICE</tt>, etc.)
        and the channel does not have the <tt>ENFORCE</tt> option set, the
        command is allowed.</li>
<li>If a channel privilege check (<tt>target_acc</tt>) is not specified for
        the command, the command is allowed.</li>
<li>If the the target client is not in the privilege class specified for
        the command's privilege check, the command is allowed.</li>
<li>If an upper limit for the privilege check (<tt>target_nextacc</tt>) is
        set for the command and the target client is in that privilege
        class, the command is allowed.</li>
<li>Otherwise, the command is refused.</li>
</ol>

<p>Once the command has been allowed, the routine determines which mode
flags need to be set or cleared for the target client.  (For extensibility,
the code allows for more than one flag to be set or cleared for a single
command, though the data table only allows one mode character.)  If there
are no modes to be set or cleared, a notice to that effect is sent to the
caller; otherwise, the necessary mode changes are performed, a notice of
the mode change is sent to the channel if the <tt>OPNOTICE</tt> option is
enabled, and a success notice is sent to the caller.  In addition, if the
command was an <tt>OP</tt> command, the channel's last-used time is updated
as for auto-ops.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-1-3">7-4-1-3. Channel status checking and modification</h5>

<p>ChanServ's routines for checking and adjusting channel status are
located in the source file <tt>check.c</tt>.  There are six routines
exported from this file; two, <tt>init_check()</tt> and <tt>exit_check()</tt>,
are initialization and cleanup routines called by the module initialization
and cleanup code, respectively.  The remaining routines are:</p>

<dl>
<dt><tt>void <b>check_modes</b>(Channel *<i>c</i>)</tt></dt>
    <dd>Checks the given channel's modes, making any changes necessary.
        For registered channels, the "registered" mode (if any) is always
        added, and other modes are set or cleared according to the mode
        lock; for unregistered channels, the "registered" mode is always
        cleared.  This routine also checks for the "bouncy modes"
        phenomenon in tandem with the channel <tt>MODE</tt> message
        handle (see <a href="2.html#s6-3">section 2-6-3</a>).</dd>

<dt><tt>void <b>check_chan_user_modes</b>(const char *<i>source</i>,
        struct c_userlist *<i>u</i>, Channel *<i>c</i>, int32 <i>oldmodes</i>)</tt></dt>
    <dd>Checks the channel user modes of the given client (<tt><i>u</i></tt>)
        on the given channel, making any changes necessary.  The set of
        "necessary" changes depends not only on the client's current modes,
        but also on the source of the <tt>MODE</tt> message that caused the
        change (passing an empty string for the <tt><i>source</i></tt>
        parameter will cause such checks to be skipped).
        <tt><i>oldmodes</i></tt> is the client's previous set of modes, or
        -1 for a client joining a channel.  The sequence of operations is
        fairly complicated:
        <ul>
        <li class="spaced">If the channel is not registered (or forbidden),
                no changes are made.</li>
        <li class="spaced">If <tt><i>source</i></tt> is Services' server
                name or the ChanServ or OperServ pseudoclient nickname,
                no changes are made (under the assumption that anything
                done by Services has been otherwise checked).</li>
        <li class="spaced">If <tt><i>source</i></tt> is the client whose
                modes are being checked, then no changes are made
                <i>unless</i> the user is either not opped or is about to
                be deopped, in which case the mode changes made by the
                client are reversed.  However, this check is not performed
                for IRC operators (since some IRC servers allow operators
                to set arbitrary modes regardless of chanop status), and on
                servers supporting halfops, the mode change is not reversed
                if the user has halfops and is only changing the halfop or
                voice modes.</li>
        <li class="spaced">If the mode change is the opping by a server of
                the first client to join a channel and the channel does not
                have the <tt>LEAVEOPS</tt> option set, the client's channel
                access level is checked against the auto-op privilege
                level.  If the client has auto-op privileges, then the
                channel's last-used time is updated as for ordinary auto-op
                processing (see below); otherwise, a "channel is
                registered" notice is sent to the client and the client is
                deopped (in that order, so that a human user will see the
                reason for the deop before the mode change itself).</li>
        <li class="spaced">The "<tt>check_chan_user_modes</tt>" callback is
                called, allowing protocol modules to handle modes not
                recognized by the standard processing.</li>
        <li class="spaced">The client's new modes, based on channel
                privilege level, are calculated by calling
                <tt>check_access_cumode()</tt> (see
                <a href="#s4-2-1">section 7-4-2-1</a>).</li>
        <li class="spaced">If the client just joined the channel, the mode
                change was done by a server, or the <tt>ENFORCE</tt> option
                is set on the channel, all missing automatic modes are
                added.  (This has the effect of allowing automatic modes to
                be removed from clients if <tt>ENFORCE</tt> is not set.)
                In addition, if the mode change included a <tt>+o</tt>, the
                channel's last-used time is updated.</li>
        <li class="spaced">If the client is not an IRC operator, any
                necessary mode removals are performed.</li>
        </ul>
        <p>The mode changes in these last two steps are performed by a
        helper routine, <tt>local_set_cumodes()</tt>, which in turn calls
        <tt>set_cmode()</tt> for each mode in the given set.</p></dd>

<dt><tt>int <b>check_kick</b>(User *<i>user</i>, const char *<i>chan</i>,
        int <i>on_join</i>)</tt></dt>
    <dd>Checks whether a client is permitted to be on a channel; if so,
        returns zero, otherwise kickbans the client and returns nonzero.
        This routine is normally called when a client joins a channel,
        before the actual join processing, but setting the
        <tt><i>on_join</i></tt> parameter to zero allows this routine to be
        called for clients already in the channel as well, such as for the
        <tt>AKICK ENFORCE</tt> command.  A client can be denied access to a
        channel for any number of reasons, checked in the following order:
        <ul>
        <li class="spaced">If the channel name is the single character
                "<tt>#"</tt>" and the <tt>CSForbidShortChannel</tt>
                configuration option is set, the client is kickbanned.</li>
        <li class="spaced">If the client is a Services administrator, the
                client is allowed.</li>
        <li class="spaced">If the "<tt>check_kick</tt>" callback returns 1,
                the client is kickbanned; if it returns 2, the client is
                allowed.</li>
        <li class="spaced">If the client is an IRC operator, the client is
                allowed.</li>
        <li class="spaced">If the channel already exists with an
                IRC-operators-only mode, the client is kickbanned.
                (Ordinarily, the IRC server takes care of such processing,
                but this code is included to handle desynchs and other
                network problems.)</li>
        <li class="spaced">If the channel is not registered, then the
                client is kickbanned if the <tt>CSRegisteredOnly</tt>
                configuration option is set, and allowed otherwise.</li>
        <li class="spaced">If the channel is forbidden or suspended, the
                client is kickbanned.</li>
        <li class="spaced">If the channel's mode lock has an
                IRC-operators-only mode set, the client is kickbanned.</li>
        <li class="spaced">If the channel's mode lock includes a
                registered-nicknames-only mode and the client's nickname is
                not registered, the client is kickbanned.  (However, this
                check is skipped if the <tt>CSSkipModeRCeck</tt>
                configuration option is set.)</li>
        <li class="spaced">If the client's
                <tt><i>nick</i>!<i>user</i>@<i>host</i></tt> string
                matches an autokick mask, the client is kickbanned.</li>
        <li class="spaced">If the client matches the <tt>NOJOIN</tt>
                privilege on the channel, the client is kickbanned.
                The client is also kickbanned if it would match the
                <tt>NOJOIN</tt> privilege when identified to its nickname;
                however, this check is skipped if less time than specified
                in the <tt>CSRestrictDelay</tt> configuration option has
                passed since Services startup.</li>
        <li class="spaced">Otherwise, the client is allowed.</li>
        </ul>
        <p>If the client is to be kickbanned, the routine first checks
        whether kicking the client would cause the channel to become empty
        (and thus be deleted, nullifying the effecet of any ban); if so, a
        <tt>JOIN</tt> message is sent to the network to cause ChanServ to
        join the channel, and a timeout for <tt>CSInhabit</tt> seconds is
        added to cause ChanServ to leave the channel after that time.
        Following this, the routine ensures that the ban mask is properly
        formatted (containing a nickname as well as user and host), then
        clears any ban exceptions matching the user and adds the ban mask
        if it is not already present.  Once the ban is present, the client
        is then kicked from the channel, and removed from the internal data
        structures if necessary.</p>
        <p><i>Implementation note: As mentioned in
        <a href="../d.html">Appendix D of the user manual</a>, when
        ChanServ temporarily enters a channel for a kickban, it is not
        added to the internal channel data; as a result, a subsequent
        <tt>UNBAN</tt> or <tt>INVITE</tt> on the channel will return a
        "channel does not exist" error.  It would probably be better to
        add ChanServ to the channel's client list like any ordinary
        client.</i></p>
</dd>

<dt><tt>int <b>check_topiclock</b>(Channel *<i>c</i>, time_t <i>topic_time</i>)</tt></dt>
    <dd>Called on a channel topic change (<tt><i>topic_time</i></tt> is the
        timestamp associated with the topic change) to restore the topic to
        its previous value if the channel's <tt>TOPICLOCK</tt> option is
        set.  Returns nonzero if the topic is changed by the routine,
        otherwise zero.</dd>
</dl>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-1-4">7-4-1-4. The <tt>SET</tt> and <tt>UNSET</tt> commands</h5>

<p>The handlers for the <tt>SET</tt> and <tt>UNSET</tt> commands are
located in the <tt>set.c</tt> source file; as for NickServ, they function
like miniature versions of the main <tt>chanserv()</tt> routine.  One
noteworthy difference is that the on/off options (other than the three
<tt>HIDE</tt> options) are all handled by a single routine,
<tt>do_set_boolean()</tt>; the main <tt>SET</tt> handler, <tt>do_set()</tt>,
looks up the option name in the <tt>chanopts[]</tt> table defined in
<tt>main.c</tt> (checking privileges for the <tt>NOEXPIRE</tt> option),
then calls <tt>do_set_boolean()</tt>, which uses the data from the
<tt>ChanOpt</tt> structure to set channel flags and send responses to the
calling client.</p>

<p>Other noteworthy option handlers are:</p>

<dl>
<dt><tt><b>do_set_founder()</b></tt>
<br/><tt><b>do_set_successor()</b></tt></dt>
    <dd>Both <tt>SET FOUNDER</tt> and <tt>SET SUCCESSOR</tt> follow the
        same general pattern: the given nickname is looked up to retrieve
        its nickname group ID, the ID is checked to ensure that both
        founder and successor are not set to the same nickname group, and
        an informational message is logged to record the change.  The major
        difference is that <tt>SET FOUNDER</tt> checks to ensure that the
        new founder has not reached the channel registration limit, while
        <tt>SET SUCCESSOR</tt> makes no such check.  (Even if it did, the
        check would only make sense at the time the <tt>SET SUCCESSOR</tt>
        command was given, and would not reflect any future channel
        registrations or drops by the successor.  An alternative
        possibility would be to have successor channels count against the
        channel limit as well, as mentioned in <a href="11.html#s1">section
        11-1</a>.)</dd>

<dt><tt><b>do_set_mlock()</b></tt></dt>
    <dd>The <tt>SET MLOCK</tt> handler is fairly complex, as it must parse
        the mode string and parameters to ensure that users cannot
        inadvertently (or maliciously) cause an invalid <tt>MODE</tt>
        message to be sent to the IRC network.  The routine parses the mode
        string character by character; if a mode is found that conflicts
        with an earlier setting in the string, the later occurrence takes
        precedence.  Additionally, in order to simplify cleanup in case a
        problem is found, the new mode lock is accumulated in a temporary
        <tt>ModeLock</tt> structure, which is copied into the channel's
        data when the routine successfully completes.
        <p>In order to support additional modes provided by particular IRC
        protocols, <tt>do_set_mlock()</tt> defines a callback, "<tt>SET
        MLOCK</tt>", which is called once for every mode in the mode
        string; it is also called once after all modes have been processed,
        to allow for a final validity check (for example, to check for
        modes that require other modes to be set, as the Unreal protocol
        module does).</p></dd>
</dl>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-1-5">7-4-1-5. ChanServ utility routines</h5>

<p>ChanServ's utility functions are defined in <tt>util.c</tt>.  As with
NickServ, the preprocessor symbol <tt>STANDALONE_CHANSERV</tt> can be
defined before including <tt>util.c</tt> in another file; this causes the
routines <tt>new_channelinfo()</tt>, <tt>free_channelinfo()</tt>, and
<tt>reset_levels</tt> to be defined as <tt>static</tt>, and eliminates all
other code.  <tt>new_channelinfo()</tt> and <tt>free_channelinfo()</tt> are
used to allocate and free resources for a <tt>ChannelInfo</tt> structure,
like their nickname counterparts; <tt>reset_levels()</tt> resets the
privilege levels for a channel (the <tt>levels[]</tt> array) to default
values.</p>

<p>Aside from these three functions (all exported from ChanServ),
<tt>util.c</tt> defines the following routines, along with the
initialization and cleanup routines <tt>init_util()</tt> and
<tt>exit_util()</tt>:</p>

<dl>
<dt><tt>int <b>check_channel_limit</b>(const NickGroupInfo *<i>ngi</i>, int *<i>max_ret</i>)</tt></dt>
    <dd>Compares the given nickname group's registered channel count with
        the limit applied to that nickname, returning -1 if the limit has
        yet to be reached, 0 if the limit has been reached, and 1 if the
        limit has been exceeded (much like string comparison functions).
        Also stores the registered channel limit in the variable pointed to
        by <tt><i>max_ret</i></tt> if <tt><i>max_ret</i></tt> is not
        <tt>NULL</tt>.  This routine is exported.</dd>

<dt><tt>ChannelInfo *<b>makechan</b>(const char *<i>chan</i>)</tt></dt>
    <dd>Creates a new <tt>ChannelInfo</tt> structure for the given channel
        name, adds it to the database, and returns it.</dd>

<dt><tt>int <b>delchan</b>(ChannelInfo *<i>ci</i>)</tt></dt>
    <dd>Removes the given channel from the database, returning nonzero on
        success, zero on failure.</dd>

<dt><tt>void <b>count_chan</b>(ChannelInfo *<i>ci</i>)</tt></dt>
    <dd>Updates the <tt>NickGroupInfo</tt> record for the given channel's
        founder to indicate that that nickname group owns the channel,
        incrementing the owned-channel count.</dd>

<dt><tt>void <b>uncount_chan</b>(ChannelInfo *<i>ci</i>)</tt></dt>
    <dd>Removes the given channel from its founder's owned-channel list
        and decrements the owned-channel count.</dd>

<dt><tt>int <b>is_founder</b>(const User *<i>user</i>, const ChannelInfo *<i>ci</i>)</tt></dt>
    <dd>Returns whether the given user has founder access to the given
        channel, whether due to being the actual channel founder or to
        identifying for the channel with its founder password.</dd>

<dt><tt>int <b>is_identified</b>(const User *<i>user</i>, const ChannelInfo *<i>ci</i>)</tt></dt>
    <dd>Returns whether the given user has identified for the channel with
        its founder password.  A subset of <tt>is_founder()</tt>.</dd>

<dt><tt>void <b>restore_topic</b>(Channel *<i>c</i>)</tt></dt>
    <dd>Restores the saved topic on a newly-created channel if the
        channel is registered and its <tt>KEEPTOPIC</tt> option is set.</dd>

<dt><tt>void <b>record_topic</b>(ChannelInfo *<i>ci</i>, const char *<i>topic</i>, const char *<i>setter</i>, time_t <i>topic_time</i>)</tt></dt>
    <dd>Records the given topic in the given channel's data structure.</dd>

<dt><tt>void <b>suspend_channel</b>(ChannelInfo *<i>ci</i>, const char *<i>reason</i>, const char *<i>who</i>, const time_t <i>expires</i>)</tt></dt>
    <dd>Suspends the given channel, copying the parameters
        <tt><i>reason</i></tt>, <tt><i>who</i></tt>, and
        <tt><i>expires</i></tt> into the suspension data fields.  (If
        <tt><i>expires</i></tt> is zero, then the suspension will not
        expire.)</dd>

<dt><tt>void <b>unsuspend_channel</b>(ChannelInfo *<i>ci</i>, int <i>set_time</i>)</tt></dt>
    <dd>Cancels the suspension on the given channel.  If
        <tt><i>set_time</i></tt> is nonzero, the last-used time of the
        channel will be updated according to <tt>CSSuspendGrace</tt> to
        prevent the channel from expiring for that length of time (if
        <tt>CSSuspendGrace</tt> or <tt>CSExpire</tt> are not set, or if the
        channel already has enough time before expiration, the last-used
        time will not be changed).</dd>

<dt><tt>void <b>chan_bad_password</b>(User *<i>u</i>, ChannelInfo *<i>ci</i>)</tt></dt>
    <dd>Records a bad password attempt for the given channel, sending out a
        <tt>WALLOPS</tt> if the number of consecutive bad password attempts
        for the channel reaches the limit specified by the
        <tt>BadPassWarning</tt> configuration option (if set).</dd>

<dt><tt>ChanOpt *<b>chanopt_from_name</b>(const char *<i>optname</i>)</tt></dt>
    <dd>Returns the <tt>ChanOpt</tt> corresponding to the given
        (case-insensitive) option name, or <tt>NULL</tt> if no matching
        option is found.</dd>

<dt><tt>char *<b>chanopts_to_string</b>(const ChannelInfo *<i>ci</i>, const NickGroupInfo *<i>ngi</i>)</tt></dt>
    <dd>Returns a string describing the set of options active on the given
        channel in human-readable form.  <tt>ngi</tt> indicates the client
        to which the string will be sent and is used in <tt>getstring()</tt>
        calls.  The returned string is stored in a static buffer, which
        will be overwritten by the next call to this routine.</dd>
</dl>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s4-2">7-4-2. Channel access list handling</h4>

<p>As discussed in the user's manual, user privileges on channels are
maintained via channel access lists.  Channel access list handling in
ChanServ is split into three files.  One, <tt>access.c</tt>, contains
common routines and privilege level definitions, and is included in the
<tt>chanserv/main</tt> module; the other two, <tt>access-levels.c</tt> and
<tt>access-xop.c</tt>, are independent modules which provide two different
ways of manipulating access lists.  A separate header file,
<tt>access.h</tt>, contains definitions related to channel access lists.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-2-1">7-4-2-1. Access list basics</h5>

<p>The <tt>access.c</tt> source file, included as part of the main ChanServ
module, serves two main purposes; to define the set of privileges
associated with channels, and to provide utility routines for performing
common operations related to channel access lists.  It also makes use of
the <tt>access.h</tt> header file for certain structure and constant
definitions.</p>

<p>The list of channel privileges is defined in the <tt>levelinfo[]</tt>
array at the top of the file; each element in the array is a
<tt>LevelInfo</tt> structure that describes one privilege.  (The word
"level" in the identifiers comes from the command, <tt>LEVELS</tt>, used
to modify the settings on a per-channel basis; that command name was
originally used for the meaning of "setting the <i>levels</i> at which
privileges are given".)</p>

<p>The word "privilege" itself is something of a misnomer, as it includes
two "negative privileges", <tt>CA_AUTODEOP</tt> and <tt>CA_NOJOIN</tt>.
While these can be used in the same manner as ordinary privileges, their
primary function is in conjunction with the <tt>SECUREOPS</tt> and
<tt>RESTRICTED</tt> channel options; these cause the respective privilege
levels to be treated as zero, preventing users not on the channel access
list to be auto-deopped or blocked from entering the channel.  However,
these two privileges are not visible to users, so "privilege" is considered
clear enough to use in the documentation</p>

<p>The <tt>LevelInfo</tt> structure, defined in <tt>access.h</tt>, contains
the following fields:</p>

<dl>
<dt><tt>int <b>what</b></tt></dt>
    <dd>The <tt>CA_*</tt> constant used for this privilege.</dd>

<dt><tt>int <b>defval</b></tt></dt>
    <dd>The default channel access level corresponding to this
        privilege.</dd>

<dt><tt>const char *<b>name</b></tt></dt>
    <dd>The user-visible name for this privilege, used in the
        <tt>LEVELS</tt> command.  An empty string makes the privilege
        invisible to users.</dd>

<dt><tt>int <b>desc</b></tt></dt>
    <dd>The message string index giving the privilege's description.</dd>

<dt><tt>int <b>action</b></tt></dt>
    <dd>The "meaning" of the privilege: the action to be performed for
        clients with the appropriate access level.  One of the following
        flags, any of which may be combined (OR'd) with
        <tt>CL_LESSEQUAL</tt> to make the privilege's associated level a
        maximum rather than a minimum:
        <ul>
        <li><b><tt>CL_SET_MODE</tt>:</b> Sets channel user modes on the
                corresponding client.</li>
        <li><b><tt>CL_CLEAR_MODE</tt>:</b> Clears channel user modes from
                the corresponding client.</li>
        <li><b><tt>CL_ALLOW_CMD</tt>:</b> Allows a command or set of
                commands to be used.</li>
        <li><b><tt>CL_OTHER</tt>:</b> Handled separately (or a no-op).</li>
        </ul></dd>

<dt><tt>union {...} <b>target</b></tt></dt>
    <dd>Data used in implementing the privilege.  The union has two
        members:
        <ul>
        <li class="spaced"><tt>struct {...} <b>cumode</b></tt>: Used for
                <tt>CL_SET_MODE</tt> and <tt>CL_CLEAR_MODE</tt>.  Includes
                three fields:
                <ul>
                <li><tt>const char *<b>modes</b></tt>: The string of
                        mode(s) to set on the client.</li>
                <li><tt>int <b>cont</b></tt>: Used to "chain" privileges
                        together, so that only the first applicable mode
                        set is used (used for <tt>AUTOOP</tt>,
                        <tt>AUTOHALFOP</tt>, and <tt>AUTOVOICE</tt>).</li>
                <li><tt>int32 <b>flags</b></tt>: The mode flags equivalent
                        to <tt>modes</tt>.  Set at module initialization
                        time (this field can be left uninitialized).</li>
                </ul></li>
        <li class="spaced"><tt>struct {...} <b>cmd</b></tt>: Used for
                <tt>CL_ALLOW_CMD</tt>.  Includes two string fields:
                <ul>
                <li><tt>const char *<b>main</b></tt>: The relevant command
                        name.</li>
                <li><tt>const char *<b>sub</b></tt>: The relevant subcommand
                        for the given command, or <tt>NULL</tt> if none.</li>
                </ul></li>
        </ul></dd>
</dl>

<p>In addition to the <tt>levelinfo[]</tt> table itself, exported for use
by other modules (particularly the <tt>http/dbaccess</tt> module, described
in <a href="8.html#s2-7">section 8-2-7</a>), the file's initialization
routine <tt>init_access()</tt> copies relevant parts of the table into two
local arrays indexed by privilege (<tt>CA_*</tt> value):
<tt>def_levels[]</tt>, containing each entry's default access level (the
<tt>defval</tt> field), and <tt>lev_is_max[]</tt>, containing a boolean
indication of whether the privilege's access level is a maximum (whether
the <tt>action</tt> field has <tt>CL_LESSEQUAL</tt> set).</p>

<p>The main portion of <tt>access.c</tt> defines the following utility
functions for use by the main ChanServ module and the two access list
manipulation modules.  Several of the routines are exported for use by
external modules as well.</p>

<dl>
<dt><tt>int <b>get_ci_level</b>(const ChannelInfo *<i>ci</i>, int <i>what</i>)</tt></dt>
    <dd><i>Exported routine.</i>  Returns the given channel's level for the
        given privilege, translating <tt>ACCLEV_DEFAULT</tt> in the
        channel's <tt>levels[]</tt> into the appropriate default value.
        Returns <tt>ACCLEV_INVALID</tt> (and logs an error message) on
        invalid parameters.</dd>

<dt><tt>int <b>check_access</b>(const User *<i>user</i>, const ChannelInfo *<i>ci</i>, int <i>what</i>)</tt></dt>
    <dd><i>Exported routine.</i>  Returns whether the given client has the
        given privilege (<tt><i>what</i></tt>) on the given channel.  Due
        to an unfortunate coincidence of terms, this routine can seem
        confusing to call for the <tt>CA_NOJOIN</tt> "privilege": the
        return value will be 1 if the client does <i>not</i> "have access
        to" the channel, <i>i.e.</i> matches the <tt>CA_NOJOIN</tt>
        privilege.</dd>

<dt><tt>int check_access_if_idented(const User *user, const ChannelInfo *ci, int what)</tt></dt>
    <dd><i>Exported routine.</i>  Like <tt>check_access()</tt>, but returns
        what the result would be if the client was identified for its
        nickname.  (If the nickname is not registered, the return value
        will be the same as for <tt>check_access()</tt>.</dd>

<dt><tt>int check_access_cmd(const User *user, const ChannelInfo *ci, const char *command, const char *subcommand)</tt></dt>
    <dd><i>Exported routine.</i>  Returns whether the client is allowed to
        use the given command on the given channel.  If the check is being
        made for a specific subcommand, that subcommand is specified in
        <tt><i>subcommand</i></tt>; otherwise, <tt><i>subcommand</i></tt>
        is <tt>NULL</tt>.</dd>

<dt><tt>int <b>get_access</b>(const User *<i>user</i>, const ChannelInfo *<i>ci</i>)</tt></dt>
    <dd>Returns the given client's access level on the given channel,
        taking into account whether the client has identified for its
        nickname with respect to the nickname and channel <tt>SECURE</tt>
        options.</dd>

<dt><tt>static int get_access_if_idented(const User *user, const ChannelInfo *ci)</tt></dt>
    <dd>Like <tt>get_access()</tt>, but returns the access level associated
        with the client's nickname regardless of whether the client has
        identified or not.</dd>

<dt><tt>int check_access_cumode(const User *user, const ChannelInfo *ci, int32 newmodes, int32 changemask)</tt></dt>
    <dd>Checks the channel user modes of a client on a channel, returning a
        bitmask of modes that are to be changed (in other words, the
        bitwise exclusive-or of the current and resulting mode sets).
        <tt><i>newmodes</i></tt> is the client's current set of modes on
        the channel; <tt><i>changemask</i></tt> indicates which modes
        changed due to the action that caused this function to be called.</dd>

<dt><tt>int access_add(ChannelInfo *ci, const char *nick, int level, int uacc)</tt>
<br/><tt>int access_del(ChannelInfo *ci, const char *nick, int uacc)</tt></dt>
    <dd>Adds (<tt>access_add()</tt>) or deletes (<tt>access_del()</tt>) an
        entry to or from the given channel's access list for the nickname
        group to which <tt><i>nick</i></tt> belongs.  <tt><i>level</i></tt>
        is the access level for the new entry, and <tt><i>uacc</i></tt> is
        the access level of the client making the change.  Both routines
        return one of the following result codes, defined in
        <tt>cs-local.h</tt>:
        <ul>
        <li><b><tt>RET_ADDED</tt></b> (<tt>access_add()</tt> only): The
                target nickname did not previously exist on the channel's
                access list, and was successfully added.</li>
        <li><b><tt>RET_CHANGED</tt></b> (<tt>access_add()</tt> only): The
                target nickname previously had a different access level on
                the channel, and the access level was successfully
                changed.</li>
        <li><b><tt>RET_UNCHANGED</tt></b> (<tt>access_add()</tt> only): The
                target nickname already had the desired access level on the
                channel.</li>
        <li><b><tt>RET_DELETED</tt></b> (<tt>access_del()</tt> only): The
                target nickname was successfully deleted from the channel's
                access list.</li>
        <li><b><tt>RET_LISTED</tt></b> (used by other modules): The target
                nickname was listed.</li>
        <li><b><tt>RET_PERMISSION</tt>:</b> The calling user does not have
                permission to make the requested change.</li>
        <li><b><tt>RET_NOSUCHNICK</tt>:</b> The given nickname is not
                registered.</li>
        <li><b><tt>RET_NICKFORBID</tt>:</b> The given nickname is
                forbidden.</li>
        <li><b><tt>RET_LISTFULL</tt></b> (<tt>access_add()</tt> only): The
                channel's access list is full and the given nickname is not
                already on the list.</li>
        <li><b><tt>RET_NOENTRY</tt></b> (<tt>access_del()</tt> only): The
                given nickname does not exist on the channel's access
                list.</li>
        <li><b><tt>RET_INTERR</tt></b>: An internal error occurred.</li>
        </ul>
        Note that successful return codes are positive, while failure
        return codes are negative (zero is not used as a return code).</dd>
</dl>

<p><tt>access.c</tt> also includes initialization code in the
<tt>init_access()</tt> routine, called from the <tt>chanserv/main</tt>
module's <tt>init_module()</tt>.  This routine initializes the
<tt>def_levels[]</tt> and <tt>lev_is_max[]</tt> arrays, as well as the
<tt>flags</tt> field of the <tt>target.cumode</tt> structure for privileges
that set or clear modes; it also disables (by removing from the table) any
privileges for features not supported by the IRC protocol in use.
<i>Implementation note: This relies on the current design of Services, in
which the protocol module will never be changed while the program is
running.  If this design is changed, the code will need to be updated to
leave the appropriate entries in the table, perhaps by adding a "disabled"
flag or field to each entry.</i></p>

<p>There is also a corresponding <tt>exit_access()</tt> routine; it does
nothing, but is included for completeness.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-2-2">7-4-2-2. Manipulation via <tt>ACCESS</tt> and <tt>LEVELS</tt></h5>

<p>The <tt>chanserv/access-levels</tt> module is one of two modules for
manipulating channel access lists.  It provides direct access to both the
channel access list itself, via the <tt>ACCESS</tt> command, and channels'
privilege level settings, via the <tt>LEVELS</tt> command.</p>

<p>Since the functions available in both commands change depending on
runtime parameters, their help messages are handled by a "<tt>HELP</tt>"
callback function, <tt>do_help()</tt>.  In addition to description of the
two commands, a third help option, <tt>LEVELS DESC</tt> provides
descriptions of the available channel privileges; unlike most other help
messages, the text is generated on the fly from the <tt>levelinfo[]</tt>
array and corresponding description strings.</p>

<p>The <tt>ACCESS</tt> command handler, <tt>do_access()</tt>, calls one of
several subroutines to perform each of the available actions, depending on
the subcommand given.  Two of these, <tt>do_access_add()</tt> and
<tt>do_access_del()</tt>, simply call the <tt>access_add()</tt> and
<tt>access_del()</tt> routines mentioned in <a href="#s4-2-1">section
7-4-2-1</a>, sending appropriate result messages to the calling client
depending on the return codes from those functions.
<tt>do_access_list()</tt> and <tt>do_access_listlevel()</tt> select access
entries for listing based on the given parameters, then call
<tt>access_list()</tt>, defined below the <tt>ACCESS</tt> subcommand
handlers, to actually send the list text to the calling client.  (The
<tt><i>sent_header</i></tt> parameter to <tt>access_list()</tt> is used to
to record whether a list header message has been sent.)  The final
subcommand handler, <tt>do_access_count()</tt>, simply counts up the number
of (active) access entries in the list and sends that in a response message
to the calling client.</p>

<p>The <tt>LEVELS</tt> command also has several subcommands, though these
are all handled within the command handler <tt>do_levels()</tt>.  The
command implementation itself is fairly straightforward, with <tt>SET</tt>
and <tt>DISABLE</tt> searching the <tt>levelinfo[]</tt> array for the named
privilege, and <tt>LIST</tt> iterating through that array to display the
current level for each privilege.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s4-2-3">7-4-2-3. Manipulation via <tt>XOP</tt></h5>

<p>The <tt>chanserv/access-xop</tt> module, defined in <tt>access-xop.c</tt>,
provides the <tt>XOP</tt> command set for managing channel access lists.
While these commands present the access list as several distinct lists
(SOP, AOP, and so on), they are in fact only different views of the same
channel access list, each containing nicknames with a particular predefined
access level.  This has the following side effects:</p>

<ul>
<li class="spaced">A particular nickname cannot be present on two or more
        lists simultaneously (this would require having two entries on the
        access list for the same nickname).  Attempting to add a nickname
        that is already on a different list is treated as an access level
        change.</li>

<li class="spaced">Changes to the access list made by the <tt>ACCESS</tt>
        command will also be reflected in the relevant XOP lists.  If the
        <tt>ACCESS</tt> command is used to add a nickname at a level not
        associated with any <tt>XOP</tt> command, that nickname will be
        invisible from every <tt>XOP</tt> list, even if it would have
        privileges associated with one or more of the lists.
        <i>Implementation note: One could conceivably change the <tt>XOP
        LIST</tt> commands to list all entriess in intermediate or extreme
        ranges; for example, nicknames with an access level between
        <tt>ACCLEV_AOP</tt> and <tt>ACCLEV_SOP</tt> could be shown on the
        AOP list, and nicknames with an access level below
        <tt>ACCLEV_NOP</tt> could be shown on the NOP list.</i></li>

<li class="spaced">If the channel's privilege levels are changed (such as
        with the <tt>LEVELS</tt> command), the <tt>XOP</tt> commands may no
        longer perform as their help messages describe, because the XOP
        lists are associated with hardcoded access levels rather than
        specific privileges.  <i>Implementation note: Attempting to base
        the lists on privilege levels could have unusual results if, for
        example, the auto-op privilege was lowered below auto-voice.</i></li>
</ul>

<p>The commands themselves are handled by a single central routine,
<tt>handle_xop()</tt>, which is called from each command's particular
handler with the appropriate access level.  <tt>handle_xop()</tt> works
much like <tt>do_access()</tt> from <tt>access-levels.c</tt> (in fact, it
is a modified copy of <tt>do_access()</tt>, and its subroutines are
likewise derived from the handlers for the <tt>ACCESS</tt> subcommands).
Response messages include the list name (SOP, AOP, etc.) as a parameter in
the message, and this name is determined based on the command's access
level using the <tt>XOP_LISTNAME</tt> macro at the top of the file.</p>

<p class="backlink"><a href="#top">Back to top</a></p>

<!------------------------------------------------------------------------>
<hr/>

<h3 class="subsection-title" id="s5">7-5. MemoServ</h3>

<p>The MemoServ pseudoclient serves as an adjunct to NickServ, allowing
short messages (memos) to be sent between users and storing those messages
for the recipient.  Like other pseudoclients, the majority of MemoServ's
functionality is implemented in the <tt>memoserv/main</tt> module,
described below in <a href="#s5-1">section 7-5-1</a>; additional modules
allow users to maintain "ignore" lists (<tt>memoserv/ignore</tt>,
<a href="#s5-2">section 7-5-2</a>) and have memos forwarded via E-mail
(<tt>memoserv/forward</tt>, <a href="#s5-3">section 7-5-3</a>).</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s5-1">7-5-1. MemoServ core functionality</h4>

<p>Unlike OperServ, NickServ, and ChanServ, MemoServ only provides
additional functionality to users (nicknames and, to an extent, channels)
already registered with Services.  For this reason, the main MemoServ
code is comparatively simple, and the <tt>memoserv/main</tt> module is
implemented by a single source file, <tt>main.c</tt>.  There is also a
header file, <tt>memoserv.h</tt>, containing structures and definitions
used by MemoServ.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s5-1-1">7-5-1-1. Memo data structures</h5>

<p>The structure used to store memos are defined in the header file
<tt>memoserv.h</tt>.  Each memo is stored in a structure called
(appropriately enough) <tt>Memo</tt>, and the set of memos belonging to a
particular nickname group is stored in a <tt>MemoInfo</tt> structure.  The
<tt>Memo</tt> structure contains the following fields:</p>

<dl>
<dt><tt>uint32 <b>number</b></tt></dt>
    <dd>The index number associated with this memo, for use with MemoServ
        commands such as <tt>READ</tt> and <tt>DEL</tt>.  Note that while
        the array of memos in a <tt>MemoInfo</tt> structure is kept free of
        holes caused by memo deletions, memo index numbers do not change
        except as a result of the <tt>RENUMBER</tt> command, so there is
        not a one-to-one mapping between the two.</dd>

<dt><tt>int16 <b>flags</b></tt></dt>
    <dd>Flags associated with the memo.  Zero or more of the following
        constants, OR'd together:
        <ul>
        <li><b><tt>MF_UNREAD</tt>:</b> The memo has not yet been read.</li>
        <li><b><tt>MF_EXPIREOK</tt>:</b> The memo is allowed to expire.
                <i>Implementation note: The sense of this flag is opposite
                that of MemoServ's design, which expires any memos except
                those explicitly locked with the <tt>SAVE</tt> command.
                This was done to keep compatibility with memos sent using
                old versions of Services, in which memos did not expire;
                rather than explicitly adding a "locked" flag to every memo
                when loading databases from such a version, the flag takes
                advantage of the fact that the corresponding bit in such
                memos is zero.  This way, for a memo to expire, the flag
                must be explicitly enabled by the new version when the memo
                is sent.</i></li>
        </ul></dd>

<dt><tt>time_t <b>time</b></tt></dt>
    <dd>The timestamp when the memo was sent.</dd>

<dt><tt>time_t <b>firstread</b></tt></dt>
    <dd>The time at which the memo was first read by its recipient.  This
        is stored to ensure that an unread memo does not expire immediately
        after it is first read (the <tt>MSExpireDelay</tt> configuration
        option controls how long MemoServ will wait after this timestamp
        before expiring the memo).</dd>

<dt><tt>char <b>sender</b>[NICKMAX]</tt></dt>
    <dd>The nickname of the client that sent the memo.</dd>

<dt><tt>char *<b>channel</b></tt></dt>
    <dd>For memos sent to channels, the name of the channel to which the
        memo was sent.  <tt>NULL</tt> for other memos.</dd>

<dt><tt>char *<b>text</b></tt></dt>
    <dd>The text of the memo.</dd>
</dl>

<p>The <tt>MemoInfo</tt> structure contains:</p>

<dl>
<dt><tt>Memo *<b>memos</b></tt>
<br/><tt>int16 <b>memos_count</b></tt></dt>
    <dd>A variable-length array containing the memos associated with this
        structure.</dd>

<dt><tt>int16 <b>memomax</b></tt></dt>
    <dd>The maximum number of memos this nickname group is allowed to have
        stored.  Either a nonnegative literal value (zero is allowed, and
        means that the nickname group cannot receive any memos at all), or
        one of the following constants:
        <ul>
        <li><b><tt>MEMOMAX_UNLIMITED</tt>:</b> There is no limit on the
                number of nicknames that can be stored.</li>
        <li><b><tt>MEMOMAX_DEFAULT</tt>:</b> The default limit, set by the
                <tt>MSMaxMemos</tt> configuration option, is used.  (If
                <tt>MSMaxMemos</tt> is changed, the new limit will be
                automatically applied.)</li>
        </ul>
        The constant <tt>MEMOMAX_MAX</tt> is also provided to give the
        largest possible maximum value (a side-effect of storing the value
        in 16 bits).</dd>
</dl>

<p>Each <tt>MemoInfo</tt> structure is stored as part of the corresponding
nickname group's <tt>NickGroupInfo</tt> structure (see
<a href="#s3-1-1">section 7-3-1-1</a>).  In previous versions, channels had
associated memo lists as well, but this feature was removed for version 5.1
in favor of the current system of distributing channel memos to privileged
users.</p>

<p>There are two more constants in <tt>memoserv.h</tt>:
<tt>MS_RECEIVE_PRI_CHECK</tt> and <tt>MS_RECEIVE_PRI_DELIVER</tt>.  These
are callback priorities that can be used with <tt>add_callback_pri()</tt>
to allow a "<tt>receive memo</tt>" callback function to ensure it is called
before functions which try to deliver the memo.  Both the
<tt>memoserv/ignore</tt> and <tt>memoserv/forward</tt> modules take
advantage of these constants.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h5 class="subsubsubsection-title" id="s5-1-2">7-5-1-2. The <tt>memoserv/main</tt> module</h5>

<p>The <tt>memoserv/main</tt> module is defined in the file <tt>main.c</tt>,
and aside from the lack of any auxiliary source files, its structure is
more or less the same as that of the other pseudoclients' core modules.</p>

<p>Since, as mentioned above, the <tt>MemoInfo</tt> structures containing
memo data are stored as part of the corresponding <tt>NickGroupInfo</tt>
structures, special handling is required when moving the data to or from
persistent storage.  MemoServ uses iterator functions for the
<tt>MemoInfo</tt> table that in turn iterate through <tt>NickGroupInfo</tt>
structures, and sets up a dummy record containing each record's associated
nickname group ID, much like the <tt>nickserv/access</tt> module (see
<a href="#s3-2">section 7-3-2</a>).  For individial <tt>Memo</tt> records,
an additional iterator is used to loop through each memo in every
<tt>MemoInfo</tt> structure.</p>

<p>Most MemoServ actions are implemented by separate routines in the
"MemoServ private routines" section of the file, rather than directly in
the command handlers.  These functions are:</p>
<ul>
<li><b><tt>send_memo()</tt></b> and <b><tt>send_chan_memo()</tt></b>,
        which send memos to users and channels respectively;</li>
<li><b><tt>list_memo()</tt></b>, which sends the calling client a one-line
        description of a memo, and <b><tt>list_memo_callback()</tt></b>, a
        callback function to do the same thing;</li>
<li><b><tt>read_memo()</tt></b> and <b><tt>read_memo_callback</tt></b>,
        which display the text of a memo;</li>
<li><b><tt>save_memo()</tt></b> and <b><tt>save_memo_callback</tt></b>,
        which mark memos as non-expiring; and</li>
<li><b><tt>del_memo()</tt></b> and <b><tt>del_memo_callback()</tt></b>,
        which delete memos.</li>
</ul>

<p>Other utility routines include:</p>

<dl>
<dt><tt>void <b>check_memos</b>(User *<i>u</i>)</tt></dt>
    <dd>Checks whether the given client's nickname group has any unread
        memos, sending an appropriate message to the client if so (and if
        the <tt>NF_MEMO_SIGNON</tt> flag is set for the nickname group).
        Called by the "<tt>user create</tt>" callback function
        <tt>do_user_create()</tt> if the client is recognized.</dd>

<dt><tt>void <b>expire_memos</b>(MemoInfo *<i>mi</i>)</tt></dt>
    <dd>Deletes all memos in the given <tt>MemoInfo</tt> structure that
        are eligible for expiration.</dd>

<dt><tt>MemoInfo *<b>get_memoinfo</b>(const char *<i>name</i>, NickGroupInfo **<i>owner_ret</i>, int *<i>error_ret</i></tt></dt>
    <dd>Returns the <tt>MemoInfo</tt> structure corresponding to the given
        nickname, or <tt>NULL</tt> on error.  On success,
        <tt>*<i>owner_ret</i></tt> is set to point to the
        <tt>NickGroupInfo</tt> structure for the corresponding nickname
        group; on error, <tt>*<i>error_ret</i></tt> is set to one of the
        following error codes:
        <ul>
        <li><b>GMI_INTERR</b>: An internal error occurred.</li>
        <li><b>GMI_FORBIDDEN</b>: The given nickname is forbidden.</li>
        <li><b>GMI_SUSPENDED</b>: The given nickname is suspended.</li>
        <li><b>GMI_NOTFOUND</b>: The given nickname is not registered.</li>
        </ul>
        <i>Implementation note: This function's primary purpose of handling
        both nicknames and channel names transparently was obsoleted with
        the redesign of channel memo handling; however, the function still
        serves the purpose of checking for unregistered, forbidden, or
        suspended nicknames, eliminating the necessity to include such
        checks directly in every command handler.</i></dd>
</dl>

<p>The command handlers are for the most part simple, only needing to parse
parameters and call the appropriate utility routine.  The two commands
which are implemented directly, <tt>SET</tt> and <tt>INFO</tt>, are mostly
branching trees for the various nickname options and statuses.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s5-2">7-5-2. Memo ignore lists</h4>

<p>The <tt>memoserv/ignore</tt> module was added to allow users a way to
block memos from unwanted senders such as spammers.  The module is
implemented by the source file <tt>ignore.c</tt>.</p>

<p>For the most part, <tt>ignore.c</tt> works in the same way as the
<tt>nickserv/access</tt> and <tt>nickserv/autojoin</tt> modules.  The
one routine unique to <tt>memoserv/ignore</tt> is the
<tt>check_if_ignored()</tt> routine, added as a callback function to the
core MemoServ module's "<tt>receive memo</tt>" callback at priority
<tt>MS_RECEIVE_PRI_CHECK</tt>.  The routine runs through the nickname
group's ignore list twoce: the first time, it treats each entry as a
<tt><i>Nick</i>!<i>user</i>@<i>host</i></tt> mask which is compared against
that of the memo sender, while the second time, it treats each entry as a
nickname, and the memo is blocked if that nickname's nickname group ID
matches that of the sender (thus proventing malicious clients from evading
the block by simply changing to another linked nick).  If thd memo is
blocked, the routine returns the language string index
<tt>MEMO_C_GETS_NO_MEMOS</tt> (the same as is used if the target has a
memo limit of zero), to prevent leaking information about the ignore list
contents.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s5-3">7-5-3. Memo forwarding</h4>

<p>The <tt>memoserv/forward</tt> module, defined in the source file
<tt>forward.c</tt>, provides an interface between memos in Services and an
external mail system.  As such, one of its prerequisite modules (other than
<tt>memoserv/main</tt>, of course) is <tt>nickserv/mail-auth</tt>, to
reduce the possibility of Services being abused to send mail to arbitrary
addresses.</p>

<p>The module includes two methods of forwarding memos: manual and
automatic.  The former, manual forwarding, is done through the
<tt>FORWARD</tt> command, implemented by the <tt>do_forward()</tt> routine
and its subroutines <tt>fwd_memo()</tt> and <tt>fwd_memo_callback()</tt>.
As with other commands that allow users to send mail via Services, the
command handler includes a check that the command is not used more
frequently than the configuration option <tt>MSForwardDelay</tt> specifies.
If this and the other checks pass, the command handler takes one of two
actions, depending on its parameter.  If "<tt>ALL</tt>" was given, then
<tt>fwd_memo()</tt> is called for each memo in the calling client's
<tt>MemoInfo</tt> structure; otherwise, the parameter is passed to
<tt>process_numlist()</tt> to call the <tt>fwd_memo_callback()</tt>
callback function (which in turn calls <tt>fwd_memo()</tt>) for each memo
specified in the index list.</p>

<p><tt>fwd_memo()</tt> itself does not perform the actual sending of the
mail message; rather, it accumulates message body text in its parameters
<tt>char **<i>p_body</i></tt> and <tt>int *<i>p_bodylen</i></tt> (both of
which are modified as a result of the routine).  This allows the caller to
combine multiple memos into a single message without knowing ahead of time
how many or which memos are to be sent.</p>

<p>The second method of forwarding, automatic forwarding on receipt, is
implemented by the <tt>do_receive_memo()</tt> function, attached to the
MemoServ "<tt>receive memo</tt>" callback, along with the
<tt>do_set_forward()</tt> option handler (attached to the "<tt>SET</tt>"
callback) to set forwarding options for a nickname group.  Of the
forwarding options, <tt>ON</tt> (flag <tt>NF_MEMO_FWD</tt>) and
<tt>OFF</tt> (no flags set) are fairly obvious.  For <tt>COPY</tt> (flags
<tt>NF_MEMO_FWD</tt> and <tt>NF_MEMO_FWDCOPY</tt>), however, it is worth
noting that (as also mentioned in the user's manual and help messages)
memos will be rejected when the recipient has a full list of memos.  This
is partly a result of the callback implementation, in the sense that the
check for a full memo list is made before the callback is ever called; but
it also ensures that every memo received by the user is either processed
completely (both forwarded and saved) or not at all.  This can be important
if, for example, a user uses <tt>SET FORWARD COPY</tt> to save copies of
memos to an archival E-mail address, but only uses Services to actually
read the memos.  If a memo that would overflow the list was nonetheless
forwarded and treated as "sent", the sender would be left wondering why the
recipient was not responding to the purportedly delivered memo.</p>

<p class="backlink"><a href="#top">Back to top</a></p>

<!------------------------------------------------------------------------>
<hr/>

<h3 class="subsection-title" id="s6">7-6. StatServ</h3>

<p>The StatServ pseudoclient is intended to record and provide network
statistics; however, mostly due to lack of developer interest, it has
floundered.  The module is defined in the <tt>modules/statserv</tt>
directory by a single source file, <tt>main.c</tt>, and an accompanying
header file, <tt>statserv.h</tt>.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s6-1">7-6-1. StatServ data structures</h4>

<p>The current implementation of StatServ only records data for servers.
This data is stored in a <tt>ServerStats</tt> structure, defined in
<tt>statserv.h</tt> and containing the following fields:</p>

<dl>
<dt><tt>ServerStats *<b>next</b>, *<b>prev</b></tt></dt>
    <dd>Used to maintain the linked list of <tt>ServerStats</tt>
        structures.</dd>

<dt><tt>char *<b>name</b></tt></dt>
    <dd>The name of the server to which this structure applies.</dd>

<dt><tt>time_t <b>t_join</b></tt></dt>
    <dd>The timestamp at which the server most recently joined the network.
        Zero if the server is not currently connected.</dd>

<dt><tt>time_t <b>t_quit</b></tt></dt>
    <dd>The timestamp at which the server last disconnected.  Zero if
        Services has never seen the server disconnect.</dd>

<dt><tt>char *<b>quit_message</b></tt></dt>
    <dd>The quit message used the last time the server disconnected.
        <tt>NULL</tt> if Services has never seen the server disconnect.</dd>

<dt><tt>int <b>usercnt</b>, <b>opercnt</b></tt></dt>
    <dd>The current number of clients and IRC operators on the server.</dd>
</dl>

<p>As the data has no direct references to other data stored persistently,
saving the <tt>ServerStats</tt> records is straightforward.</p>

<p>There are also commented-out definitions for <tt>MinMax</tt> and
<tt>MinMaxHistory</tt> structures, and <tt>MinMaxHistory</tt> fields in
<tt>ServerStats</tt>; these were originally intended for keeping a history
of client and operator counts on each server, but this functionality was
never implemented.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s6-2">7-6-2. The StatServ module</h4>

<p>The module itself, defined in <tt>main.c</tt>, is likewise quite simple.
It follows the general layout of other pseudoclient core modules, though it
only has two commands (other than <tt>HELP</tt>) and a few callback
routines.</p>

<p>The two commands, <tt>SERVERS</tt> and <tt>USERS</tt>, are handled by
<tt>do_servers()</tt> and <tt>do_users()</tt> respectively.  The latter
needs no additional explanation, as it only sends the calling client the
user and operator counts it maintains internally (via the client-related
callbacks mentioned below).  <tt>do_servers()</tt> is only slightly more
complex, handling four distinct subcommands.  Three of these
(<tt>STATS</tt>, <tt>LIST</tt>, and <tt>VIEW</tt>) extract information from
the <tt>ServerStats</tt> structures and send them to the calling client;
the last, <tt>DELETE</tt>, allows a structure to be deleted, and is
protected by an <tt>is_services_admin()</tt> check in the <tt>if</tt>
chain.</p>

<p>In order to keep track of statistics, StatServ naturally relies on
callbacks.  To watch for connecting and disconnecting servers, StatServ
adds callback functions to the core's "<tt>server create</tt>" and
"<tt>server delete</tt>" callbacks; these functions update the relevant
<tt>ServerStats</tt> structures as servers join and leave the network, with
<tt>stats_do_server()</tt> (the "<tt>server create</tt>" handler) creating
a new <tt>ServerStats</tt> structure if it sees a server connect that is
not recorded in the <tt>ServerStats</tt> structure table.</p>

<p>StatServ also uses the "<tt>user create</tt>", "<tt>user delete</tt>",
and "<tt>user MODE</tt>" callbacks to keep track of the number of clients
and IRC operators on the network, stored in the file-scope variables
<tt>usercnt</tt> and <tt>opcnt</tt> respectively.  Note that this overlaps
slightly with the maximum client count maintained by OperServ; a good
argument could be made for moving this functionality to StatServ as well,
but it has been left in OperServ for historical reasons (the maximum client
count monitoring functionality has been part of OperServ since the earliest
versions of Services, long before StatServ existed).</p>

<p class="backlink"><a href="#top">Back to top</a></p>

<!------------------------------------------------------------------------>
<hr/>

<h3 class="subsection-title" id="s7">7-7. Miscellaneous pseudoclients</h3>

<p>Aside from the standard pseudoclients listed above, there are two
additional pseudoclients, HelpServ and DevNull, provided in case they can
be of use.  These pseudoclients are disabled in the default Services
configuration.  These modules are so simple as to not warrant their own
subdirectories, and are stored in the <tt>modules/misc</tt> directory.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s7-1">7-7-1. HelpServ</h4>

<p>The HelpServ pseudoclient, defined in <tt>modules/misc/helpserv.c</tt>,
uses the parameters given in each <tt>PRIVMSG</tt> it receives to form a
pathname for a text file, which (if it exists) is then sent to the calling
client as <tt>NOTICE</tt>s.  The pathname is formed by concatenating the
path given by the <tt>HelpDir</tt> module configuration setting (the
example configuration file uses <tt>helpfiles</tt>, relative to the
Services data directory) with each of its space-separated parameters,
inserting a path separator ("<tt>/</tt>") between each element.  To allow
the parameter to be case-insensitive even when using case-sensitive
filesystems, all uppercase characters in the parameters are lowercased.</p>

<p>Since this involves access to a file specified by an arbitrary
user-specified string, the routine must take care not to allow access to
inappropriate files.  This is done by replacing all slashes and periods in
the string with underscores, to prevent a malicious user from specifying
a parameter like "<tt>../../../../../etc/passwd</tt>".  (If there are
explicit symbolic links to parent directories, of course, HelpServ will
happily follow them.)  <i>Implementation note: As a general rule, when
sanitizing user input like this it is better to make a set of explicitly
allowed characters and delete or convert anything outside that set.
However, pathnames on Unix systems are simple and well defined:
disregarding the effects of symbolic links, only a slash can allow access
to file entries outside of the current directory, and "<tt>.</tt>" and
"<tt>..</tt>" are the only entries that are automatically created within
each directory, so the set of allowed characters is essentially "everything
except <tt>/</tt> and <tt>.</tt>".</i></p>

<p>In the earliest versions of Services, HelpServ was a standard
pseudoclient, and other pseudoclients made use of its functionality to
display their own help messages, which were stored as text files under the
<tt>data/helpfiles</tt> directory.  However, the help messages were later
moved to string data stored directly in the executable file, and then to
the current model of language files, diluting the usefulness of HelpServ
itself.  The module has nonetheless been left in Services in case it is
useful for things such as providing network information.</p>

<p class="backlink"><a href="#top">Back to top</a></p>


<h4 class="subsubsection-title" id="s7-2">7-7-2. DevNull</h4>

<p>The DevNull pseudoclient, defined in <tt>modules/misc/devnull.c</tt>, is
an extremely simple pseudoclient which, like its Unix namesake
<tt>/dev/null</tt>, simply discards any <tt>PRIVMSG</tt>s sent to it.  It
is not particularly useful in the ordinary course of events, but the author
has made use of it as a default <tt>/query</tt> target to prevent messages
from going to unintended users.</p>

<p class="backlink"><a href="#top">Back to top</a></p>

<!------------------------------------------------------------------------>
<hr/>

<p class="backlink"><a href="6.html">Previous section: Database handling</a> | 
<a href="index.html">Table of Contents</a> |
<a href="8.html">Next section: Other modules</a></p>

</body>
</html>
Revision:	3389
Committed:	Fri Apr 25 14:12:15 2014 UTC (11 years, 4 months ago) by michael
Content type:	text/html
File size:	202921 byte(s)
Log Message:	- Imported ircservices-5.1.24