[scalable-opengroupware.org] / SOGo / SoObjects / SOGo / AgenorUserManager.m

/*
  Copyright (C) 2004-2005 SKYRIX Software AG

  This file is part of OpenGroupware.org.

  OGo is free software; you can redistribute it and/or modify it under
  the terms of the GNU Lesser General Public License as published by the
  Free Software Foundation; either version 2, or (at your option) any
  later version.

  OGo is distributed in the hope that it will be useful, but WITHOUT ANY
  WARRANTY; without even the implied warranty of MERCHANTABILITY or
  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
  License for more details.

  You should have received a copy of the GNU Lesser General Public
  License along with OGo; see the file COPYING.  If not, write to the
  Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
  02111-1307, USA.
*/

#include "AgenorUserManager.h"
#include <NGExtensions/NGExtensions.h>
#include <NGLdap/NGLdap.h>
#include "SOGoLRUCache.h"

@interface AgenorUserManager (PrivateAPI)
- (NGLdapConnection *)ldapConnection;

- (void)_cacheCN:(NSString *)_cn forUID:(NSString *)_uid;
- (NSString *)_cachedCNForUID:(NSString *)_uid;
- (void)_cacheServer:(NSString *)_server forUID:(NSString *)_uid;
- (NSString *)_cachedServerForUID:(NSString *)_uid;
- (void)_cacheEmail:(NSString *)_email forUID:(NSString *)_uid;
- (NSString *)_cachedEmailForUID:(NSString *)_uid;
- (void)_cacheUID:(NSString *)_uid forEmail:(NSString *)_email;
- (NSString *)_cachedUIDForEmail:(NSString *)_email;
  
@end

// TODO: add a timer to flush LRU caches every some hours

@implementation AgenorUserManager

static BOOL     debugOn     = NO;
static BOOL     useLDAP     = NO;
static NSString *ldapHost   = nil;
static NSString *ldapBaseDN = nil;
static NSString *fallbackIMAP4Server  = nil;
static NSString *defaultMailDomain    = @"equipement.gouv.fr";
static NSString *shareLDAPClass       = @"mineqMelBoite";
static NSString *shareLoginSeparator  = @".-.";
static NSString *mailEmissionAttrName = @"mineqMelmailEmission";

static NSArray *fromEMailAttrs = nil;

+ (void)initialize {
  static BOOL didInit = NO;
  NSUserDefaults *ud;

  if (didInit)
    return;
  didInit = YES;
  ud      = [NSUserDefaults standardUserDefaults];
  debugOn = [ud boolForKey:@"SOGoUserManagerDebugEnabled"];
  
  useLDAP = [ud boolForKey:@"SOGoUserManagerUsesLDAP"];
  if (useLDAP) {
    ldapHost   = [[ud stringForKey:@"SOGoLDAPHost"]   copy];
    ldapBaseDN = [[ud stringForKey:@"SOGoLDAPBaseDN"] copy];
    NSLog(@"Note: using LDAP host to manage accounts: %@", ldapHost);
  }
  else
    NSLog(@"Note: LDAP access is disabled.");
  
  fallbackIMAP4Server = [[ud stringForKey:@"SOGoFallbackIMAP4Server"] copy];
  if ([fallbackIMAP4Server length] > 0)
    NSLog(@"Note: using fallback IMAP4 server: '%@'", fallbackIMAP4Server);
  else
    fallbackIMAP4Server = nil;

  fromEMailAttrs = 
    [[NSArray alloc] initWithObjects:mailEmissionAttrName, nil];
}

+ (id)sharedUserManager {
  static AgenorUserManager *mgr = nil;
  if (mgr == nil)
    mgr = [[self alloc] init];
  return mgr;
}

- (id)init {
  self = [super init];
  if(self) {
    self->serverCache     = [[SOGoLRUCache alloc] initWithCacheSize:10000];
    self->cnCache         = [[SOGoLRUCache alloc] initWithCacheSize:10000];
    self->uidCache        = [[SOGoLRUCache alloc] initWithCacheSize:10000];
    self->emailCache      = [[SOGoLRUCache alloc] initWithCacheSize:10000];
    self->shareStoreCache = [[SOGoLRUCache alloc] initWithCacheSize:10000];
    self->shareEMailCache = [[SOGoLRUCache alloc] initWithCacheSize:10000];
  }
  return self;
}

- (void)dealloc {
  [self->shareStoreCache release];
  [self->shareEMailCache release];
  [self->serverCache     release];
  [self->cnCache         release];
  [self->uidCache        release];
  [self->emailCache      release];
  [super dealloc];
}

- (NGLdapConnection *)ldapConnection {
  static NGLdapConnection *ldapConnection = nil;
  if(!ldapConnection) {
    ldapConnection = [[NGLdapConnection alloc] initWithHostName:ldapHost];
#if 0
    [ldapConnection setUseCache:YES];
#endif
  }
  return ldapConnection;
}


/* private cache helpers */
// TODO: this is really unnecessary, no?

- (void)_cacheCN:(NSString *)_cn forUID:(NSString *)_uid {
  if (_cn == nil) return;
  [self->cnCache addObject:_cn forKey:_uid];
}
- (NSString *)_cachedCNForUID:(NSString *)_uid {
  return [self->cnCache objectForKey:_uid];
}

- (void)_cacheServer:(NSString *)_server forUID:(NSString *)_uid {
  if (_server == nil) return;
  [self->serverCache addObject:_server forKey:_uid];
}
- (NSString *)_cachedServerForUID:(NSString *)_uid {
  return [self->serverCache objectForKey:_uid];
}

- (void)_cacheEmail:(NSString *)_email forUID:(NSString *)_uid {
  if (_email == nil) return;
  [self->emailCache addObject:_email forKey:_uid];
}
- (NSString *)_cachedEmailForUID:(NSString *)_uid {
  return [self->emailCache objectForKey:_uid];
}

- (void)_cacheUID:(NSString *)_uid forEmail:(NSString *)_email {
  if (_uid == nil) return;
  [self->uidCache addObject:_uid forKey:_email];
}
- (NSString *)_cachedUIDForEmail:(NSString *)_email {
  return [self->uidCache objectForKey:_email];
}


/* uid <-> email mapping */

/*
 UPDATE: the email excerpt below has been marked by Maxime as being
         wrong. This algorithm can not be expected to work, thus
         the mapping has been replaced with an LDAP query.

 --- snip ---
 The uid field is in bijection this the email adress :
 this field can be construct from the email. Email are uniques.
 
 So, we can use email adresse from identifier. 
 The field is made like this :
 _ if the email is equipement.gouv.fr then the login
 is the part before the @
 for example : fisrtName.lastName
 _ if the email is not equipement.gouv.fr then the login
 is the full email adress where @ is change to . (dot)
 for example : fisrtName.lastName.subDomain.domain.tld
 --- snap ---

 NOTE: mapping email -> uid is easy, but can also generate uid's not known
       to the system (i.e. for private addressbook entries, obvious).
       The reverse mapping can work _only_ if "firstName.lastname." is
       guaranteed, because the second dot would be mapped to '@'. This
       is probably error prone.
       Only LDAP fetches would guarantee correctness in both cases.
*/

- (NSString *)primaryGetAgenorUIDForEmail:(NSString *)_email {
  static NSArray   *uidAttrs = nil;
  NGLdapConnection *conn;
  EOQualifier      *q;
  NSEnumerator     *resultEnum;
  NGLdapEntry      *entry;
  NGLdapAttribute  *uidAttr;
  NSString         *uid;

  if (uidAttrs == nil)
    uidAttrs = [[NSArray alloc] initWithObjects:@"uid", nil];
    
  q = [EOQualifier qualifierWithQualifierFormat:@"mail = %@", _email];
    
  conn       = [self ldapConnection];
  resultEnum = [conn deepSearchAtBaseDN:ldapBaseDN
                     qualifier:q
                     attributes:uidAttrs];
  entry = [resultEnum nextObject];
  if (entry == nil) {
    if(debugOn) {
      [self logWithFormat:@"%s Didn't find LDAP entry for email '%@'!",
            __PRETTY_FUNCTION__,
            _email];
    }
    return nil;
  }
  uidAttr = [entry attributeWithName:@"uid"];
  if (!uidAttr)
    return nil; /* can happen, not unlikely */
  uid = [uidAttr stringValueAtIndex:0];
  return uid;
}

- (NSString *)getUIDForEmail:(NSString *)_email {
  NSString *uid;
  
  if ((uid = [self _cachedUIDForEmail:_email]) != nil)
    return uid;
    
  if (useLDAP) {
    uid = [self primaryGetAgenorUIDForEmail:_email];
  }
  else {
    NSRange r;
    NSString *domain;
    
    if(!_email || [_email length] == 0)
      return nil;
    
    r = [_email rangeOfString:@"@"];
    if (r.length == 0)
      return nil;
    
    domain = [_email substringFromIndex:NSMaxRange(r)];
    if (![domain isEqualToString:defaultMailDomain])
      uid = _email;
    else
      uid = [_email substringToIndex:r.location];
  }
  
  [self _cacheUID:uid forEmail:_email];
  return uid;
}

- (NSString *)primaryGetEmailForAgenorUID:(NSString *)_uid {
  NGLdapConnection *conn;
  EOQualifier      *q;
  NSEnumerator     *resultEnum;
  NGLdapEntry      *entry;
  NGLdapAttribute  *emailAttr;
  NSString         *email;
  unsigned         count;
    
  q = [EOQualifier qualifierWithQualifierFormat:@"uid = %@", _uid];
    
  conn       = [self ldapConnection];
  resultEnum = [conn deepSearchAtBaseDN:ldapBaseDN
                     qualifier:q
                     attributes:fromEMailAttrs];
  entry = [resultEnum nextObject];
  if (entry == nil) {
      if(debugOn) {
        [self logWithFormat:@"%s Didn't find LDAP entry for uid '%@'!",
                              __PRETTY_FUNCTION__,
                              _uid];
      }
      return nil;
  }
  emailAttr = [entry attributeWithName:mailEmissionAttrName];
  if (emailAttr == nil)
    return nil; /* shit happens */
  
  email = nil;
  count = [emailAttr count];
#if 0 // TODO: explain why this is commented out!
  if (count > 1) {
        unsigned i;

        /* in case there are multiple email addresses, select the first
           which doesn't have '@equipement.gouv.fr' in it */
        for (i = 0; i < count; i++) {
          NSString *candidate;
          
          candidate = [emailAttr stringValueAtIndex:i];
          if (![candidate hasSuffix:defaultMailDomain]) {
            // TODO: also check for '@'
            email = candidate;
            break;
          }
        }
  }
#endif
  if (email == nil && count > 0)
    email = [emailAttr stringValueAtIndex:0];
  
  return email;
}

- (NSString *)getEmailForUID:(NSString *)_uid {
  NSString *email;
  
  if (![_uid isNotNull] || [_uid length] == 0)
    return nil;
  if ((email = [self _cachedEmailForUID:_uid]) != nil)
    return email;
  
  if (useLDAP) {
    email = [self primaryGetEmailForAgenorUID:_uid];
  }
  else {
    NSRange r;
    
    r = [_uid rangeOfString:@"@"];
    email = (r.length > 0)
      ? _uid
      : [[_uid stringByAppendingString:@"@"]
               stringByAppendingString:defaultMailDomain];
  }
  
  [self _cacheEmail:email forUID:_uid];
  return email;
}


/* CN */

- (NSString *)primaryGetCNForAgenorUID:(NSString *)_uid {
  static NSArray   *cnAttrs = nil;
  NGLdapConnection *conn;
  EOQualifier      *q;
  NSEnumerator     *resultEnum;
  NGLdapEntry      *entry;
  NGLdapAttribute  *cnAttr;
  NSString         *cn;

  if (cnAttrs == nil)
    cnAttrs = [[NSArray alloc] initWithObjects:@"cn", nil];
  
  q = [EOQualifier qualifierWithQualifierFormat:@"uid = %@", _uid];
  
  conn = [self ldapConnection];
  resultEnum = [conn deepSearchAtBaseDN:ldapBaseDN
                     qualifier:q
                     attributes:cnAttrs];
  entry = [resultEnum nextObject];
  if (entry == nil) {
      if(debugOn) {
        [self logWithFormat:@"%s Didn't find LDAP entry for uid '%@'!",
                              __PRETTY_FUNCTION__,
                              _uid];
      }
      return nil;
  }
  cnAttr = [entry attributeWithName:@"cn"];
  if(cnAttr == nil && debugOn) {
      [self logWithFormat:@"%s LDAP entry for uid '%@' has no common name?",
                            __PRETTY_FUNCTION__,
                            _uid];
      return nil; /* nothing we can do about it */
  }
  cn = [cnAttr stringValueAtIndex:0];
  return cn;
}

- (NSString *)getCNForUID:(NSString *)_uid {
  NSString *cn;

  if ((cn = [self _cachedCNForUID:_uid]) != nil)
    return cn;
  
  if (useLDAP) {
    cn = [self primaryGetCNForAgenorUID:_uid];
  }
  else {
    NSString *s;
    NSRange  r;
    
    s = _uid;
    if ([s length] < 10)
      return s;
    
    // TODO: algorithm might be inappropriate, depends on the actual UID
    r = [s rangeOfString:@"."];
    if (r.length == 0)
      cn = s;
    else
      cn = [s substringToIndex:r.location];
  }
  
  [self _cacheCN:cn forUID:_uid];
  return cn;
}


/* Servers, IMAP */

- (NSString *)getIMAPAccountStringForUID:(NSString *)_uid {
  NSString *server;
  
  server = [self getServerForUID:_uid];
  if (server == nil)
    return nil;
  return [NSString stringWithFormat:@"%@@%@", _uid, server];
}

- (NSArray *)mailServerDiscoveryAttributes {
  static NSArray *attrs = nil;

  if (attrs == nil) {
    attrs = [[NSArray alloc] initWithObjects:
                               @"uid", /* required for shares */
                               @"mineqMelRoutage", 
                               @"mineqMelServeurPrincipal",
                             nil];
  }
  return attrs;
}

- (NGLdapEntry *)_fetchEntryForAgenorUID:(NSString *)_uid {
  // TODO: badly named, this fetches the mail server discovery attributes
  /* called by -primaryGetServerForAgenorUID: */
  NGLdapConnection *conn;
  EOQualifier      *q;
  NSEnumerator     *resultEnum;
  NGLdapEntry      *entry;
  
  q = [EOQualifier qualifierWithQualifierFormat:@"uid = %@", _uid];
  
  conn = [self ldapConnection];
  resultEnum = [conn deepSearchAtBaseDN:ldapBaseDN
                     qualifier:q
                     attributes:[self mailServerDiscoveryAttributes]];
  /* we just expect one entry, thus drop the rest */
  entry = [resultEnum nextObject];
  if (entry == nil) {
      if(debugOn) {
        NSLog(@"%s Didn't find LDAP entry for uid '%@'!",
              __PRETTY_FUNCTION__,
              _uid);
      }
      return nil;
  }
  return entry;
}

- (NSArray *)_serverCandidatesForMineqMelRoutage:(NGLdapAttribute *)attr {
  /*
    eg:
      "Baluh.Hommes.Tests-Montee-En-Charge-Ogo%equipement.gouv.fr@\
       amelie-01.ac.melanie2.i2"
  */
  NSMutableArray *serverCandidates;
  unsigned i, count;

  count            = [attr count];
  serverCandidates = [NSMutableArray arrayWithCapacity:count];
  for (i = 0; i < count; i++) {
    NSRange  r;
    NSString *route;
    unsigned length;
    unsigned start;
    NSRange  serverNameRange;
    NSString *serverName;
    
    route = [attr stringValueAtIndex:i];

    /* check for melanie suffix and ignore other entries */
    
    r = [route rangeOfString:@".melanie2.i2" options:NSBackwardsSearch];
    if (r.length == 0) {
#if 0
      [self logWithFormat:@"found no melanie in route: '%@'", route];
#endif
      continue;
    }

    /* check for @ inside the string, searching backwards (ignoring suffix) */
    
    // be clever: TODO: in what way is this clever?
    length = [route length];
    r = NSMakeRange(0, length - r.length); /* cut of suffix (.melanie2.i2) */
    r = [route rangeOfString:@"@" options:NSBackwardsSearch range:r];
    if (r.length == 0) {
#if 0
      [self logWithFormat:@"found no @ in route: '%@'", route];
#endif
      continue;
    }
    
    /* check for percent sign */
    
    start = NSMaxRange(r); /* start behind the @ */
    
    /* this range covers everything after @: 'amelie-01.ac.melanie2.i2' */
    serverNameRange = NSMakeRange(start, length - start);
    
    /* and this range covers everything to the @ */
    r = NSMakeRange(0, start - 1);
    r = [route rangeOfString:@"%" options:NSBackwardsSearch range:r];
    if (r.length == 0) {
#if 0
      [self logWithFormat:@"found no %% in route: '%@' / '%@'", 
            route, [route substringWithRange:NSMakeRange(0, length - start)]];
#endif
      continue;
    }
    
    serverName = [route substringWithRange:serverNameRange];
    [serverCandidates addObject:serverName];
  }
  return serverCandidates;
}

- (NSString *)serverFromEntry:(NGLdapEntry *)_entry {
  NSString        *server;
  NGLdapAttribute *attr;

  server = nil;
  
  attr = [_entry attributeWithName:@"mineqMelRoutage"];
  if (attr != nil) {
    NSArray *serverCandidates;
    
    serverCandidates = [self _serverCandidatesForMineqMelRoutage:attr];
    if ([serverCandidates count] > 0)
      server = [serverCandidates objectAtIndex:0];
    
    if ([serverCandidates count] > 1) {
      [self logWithFormat:
              @"WARNING: more than one value for 'mineqMelRoutage': %@",
              serverCandidates];
    }
  }
  else {
    [self debugWithFormat:
            @"%s LDAP entry '%@' has no mineqMelRoutage entry?",
            __PRETTY_FUNCTION__, [_entry dn]];
  }
  
  /* last resort */
  if (server == nil) {
    attr = [_entry attributeWithName:@"mineqMelServeurPrincipal"];
    if ([attr count] > 0)
      server = [attr stringValueAtIndex:0];
  }
  
  return server;
}

- (NSString *)primaryGetServerForAgenorUID:(NSString *)_uid {
  /*
   First of all : for a particular user IMAP and SMTP are served on the same
   host.
   
   The name of the machine is determined by applying a regex on every values of
   the mineqMelRoutage LDAP attribute.
   The regex is :   .*%.*@(.*\.melanie2\.i2$)
   It extracts the substring that follows '@', ends with 'melanie2', on
   adresses which have a '%' before the '@'
   
   Example: helge.hesse%opengroupware.org@servername1.melanie2.i2
   -> servername1.melanie2.i2
   
   If only one server name is found by applying the regex on every value of the
   attribute, then this name is the IMAP/SMTP server for that user.
   Note that this is the case when we got a unique (well formed) value for the
   attribute.
   If the regex finds more than one servername when applied to the differents
   values, then the IMAP/SMTP server name is to be found in the
   mineqMelServeurPrincipal attribute of the user.
  */
  NSString    *server;
  NGLdapEntry *entry;
  
  if ((entry = [self _fetchEntryForAgenorUID:_uid]) == nil)
    return nil;
  
  if ((server = [self serverFromEntry:entry]) != nil)
    return server;
  
  [self debugWithFormat:
          @"%s no chance of getting at server info for user '%@', "
          @"tried everything. Sorry.",
          __PRETTY_FUNCTION__, _uid];
  return nil;
}

- (NSString *)getServerForUID:(NSString *)_uid {
  NSString *server;

  if (_uid == nil || [_uid length] == 0)
    return nil;
  
  if ((server = [self _cachedServerForUID:_uid]) != nil)
    return server;
  
  if (useLDAP)
    server = [self primaryGetServerForAgenorUID:_uid];
  else if (fallbackIMAP4Server != nil)
    server = fallbackIMAP4Server;
  else {
    [self logWithFormat:@"ERROR: could not get server for uid '%@', "
          @"neither LDAP (SOGoUserManagerUsesLDAP) nor "
          @"a fallback (SOGoFallbackIMAP4Server) is configured.",
          _uid];
    server = nil;
  }
  
  [self _cacheServer:server forUID:_uid];
  return server;
}

/* shared mailboxes */

- (NSArray *)getSharedMailboxAccountStringsForUID:(NSString *)_uid {
  /*
    Sample:
      "(&(mineqMelPartages=guizmo.g:*)(objectclass=mineqMelBoite))"
      "guizmo.g" is the uid of the user
    
    Login:
      guizmo.g.-.baluh.hommes.tests-montee-en-charge-ogo
      (uid + ".-." + share-uid)
    
    Note: shared mailboxes can be on different hosts!
  */
  NSMutableArray   *shares = nil;
  NGLdapConnection *conn;
  EOQualifier      *q;
  NSString         *sharePattern;
  NSEnumerator     *resultEnum;
  NGLdapEntry      *entry;
  
  if ([_uid length] == 0)
    return nil;
  
  if (!useLDAP) {
    [self logWithFormat:
            @"Note: LDAP access is disabled, returning no shared accounts."];
    return nil;
  }

  /* check cache */
  if ((shares = [self->shareStoreCache objectForKey:_uid]) != nil)
    return shares;
  
  sharePattern = [_uid stringByAppendingString:@":*"];
  
  q = [EOQualifier qualifierWithQualifierFormat:
                     @"(mineqMelPartages = %@) AND (objectclass = %@)",
                     sharePattern, shareLDAPClass];
  
  conn = [self ldapConnection];

  resultEnum = [conn deepSearchAtBaseDN:ldapBaseDN
                     qualifier:q
                     attributes:[self mailServerDiscoveryAttributes]];
  
  while ((entry = [resultEnum nextObject]) != nil) {
    NSString *server, *shareLogin;
    id shareUid;
    
    if ([(server = [self serverFromEntry:entry]) length] == 0) {
      [self errorWithFormat:@"found no mail server host for share: %@",
              [entry dn]];
      continue;
    }
    
    shareUid = [entry attributeWithName:@"uid"];
    if ([shareUid count] < 1) {
      [self errorWithFormat:@"found no 'uid' for share: %@", [entry dn]];
      continue;
    }
    shareUid = [shareUid stringValueAtIndex:0];
    
    shareLogin = [_uid stringByAppendingString:shareLoginSeparator];
    shareLogin = [shareLogin stringByAppendingString:shareUid];
    
    if (shares == nil)
      shares = [NSMutableArray arrayWithCapacity:4];
    
    shareLogin = [shareLogin stringByAppendingString:@"@"];
    shareLogin = [shareLogin stringByAppendingString:server];
    [shares addObject:shareLogin];
  }
  
  /* ensure that ordering is always the same */
  [shares sortUsingSelector:@selector(compare:)];
  
  /* cache */
  shares = (shares == nil) ? [NSArray array] : [[shares copy] autorelease];
  [self->shareStoreCache addObject:shares forKey:_uid];
  return shares;
}

- (NSArray *)getSharedMailboxEMailsForUID:(NSString *)_uid {
  NSMutableArray   *shares = nil;
  NGLdapConnection *conn;
  EOQualifier      *q;
  NSString         *gPattern, *cPattern;
  NSEnumerator     *resultEnum;
  NGLdapEntry      *entry;
  
  if ([_uid length] == 0)
    return nil;
  
  if (!useLDAP) {
    [self logWithFormat:
            @"Note: LDAP access is disabled, returning no shared froms."];
    return nil;
  }
  
  /* check cache */
  if ((shares = [self->shareEMailCache objectForKey:_uid]) != nil)
    return shares;
  
  /* G and C mean "emission access" */
  gPattern = [_uid stringByAppendingString:@":G"];
  cPattern = [_uid stringByAppendingString:@":C"];
  
  q = [EOQualifier qualifierWithQualifierFormat:
                     @"((mineqMelPartages = %@) OR (mineqMelPartages = %@)) "
                     @"AND (objectclass = %@)",
                   gPattern, cPattern, shareLDAPClass];
  
  conn = [self ldapConnection];
  
  resultEnum = [conn deepSearchAtBaseDN:ldapBaseDN
                     qualifier:q
                     attributes:fromEMailAttrs];
  
  while ((entry = [resultEnum nextObject]) != nil) {
    id emissionAttr;
    
    emissionAttr = [entry attributeWithName:mailEmissionAttrName];
    if ([emissionAttr count] == 0) {
      [self logWithFormat:@"WARNING: share has no %@ attr: %@",
              mailEmissionAttrName, [entry dn]];
      continue;
    }
    
    if ([emissionAttr count] > 1) {
      [self logWithFormat:
              @"WARNING: share has more than one value in %@ attr: %@",
              mailEmissionAttrName, [entry dn]];
      continue;
    }
    
    emissionAttr = [emissionAttr stringValueAtIndex:0];
    if (shares == nil) shares = [NSMutableArray arrayWithCapacity:4];
    [shares addObject:emissionAttr];
  }
  
  /* ensure that ordering is always the same */
  [shares sortUsingSelector:@selector(compare:)];
  
  /* cache */
  shares = (shares == nil) ? [NSArray array] : [[shares copy] autorelease];
  [self->shareEMailCache addObject:shares forKey:_uid];
  return shares;
}

/* free busy */

- (NSURL *)getFreeBusyURLForUID:(NSString *)_uid {
  [self logWithFormat:@"TODO(%s): implement", __PRETTY_FUNCTION__];
  return nil;
}

/* defaults */

- (NSUserDefaults *)getUserDefaultsForUID:(NSString *)_uid {
  [self logWithFormat:@"TODO: implement!"];
  return nil;
}

/* debugging */

- (BOOL)isDebuggingEnabled {
  return debugOn;
}

/* description */

- (NSString *)description {
  NSMutableString *ms;
  
  ms = [NSMutableString stringWithCapacity:16];
  [ms appendFormat:@"<0x%08X[%@]>", self, NSStringFromClass([self class])];
  return ms;
}

@end /* AgenorUserManager */