CDRIVER-4489 refactor URI auth finalization by authentication mechanism (#1896)

* CDRIVER-3517 promote empty authSource to client error
* CDRIVER-4128 promote invalid or unsupported CANONICALIZE_HOST_NAME values to client error
* CDRIVER-5773 further remove support and testing of MONGODB-CR
* CDRIVER-5776 avoid assertions for null fields
* CDRIVER-5811 remove test skip for MONGODB-AWS username and password validation
* CDRIVER-5812 remove workaround for incorrect MONGODB-AWS authSource
* Modernize test code for URI and connection strings
* Remove obsolete(?) comment concerning GSSAPISERVICENAME overwrites
* Update wording for NEWS entries

Author: eramongodb

NEWS

@@ -34,6 +34,26 @@ Instead, the names must be prefixed with the parent directory: `mongoc/mongoc.h`
 ```
 
 
+Changes:
+
+  * URI authentication credentials validation (only applicable during creation of a new `mongoc_uri_t` object from a connection string):
+    * `authMechanism` is now validated and returns a client error for invalid or unsupported values.
+    * `authSource` is now validated and returns a client error for invalid or unsupported values for the specified `authMechanism`.
+    * `authSource` is now correctly defaulted to `"$external"` for MONGODB-AWS (instead of the database name or `"admin"`).
+    * The requirement that a password is provided is now enforced when the authentication mechanism is specified for:
+      * PLAIN
+      * SCRAM-SHA-1
+      * SCRAM-SHA-256
+    * The requirement that neither or both a username and password is provided (optionally with a `AWS_SESSION_TOKEN`) is now enforced for MONGODB-AWS.
+    * `authMechanismProperties` is now prohibited (instead of ignored) when the authentication mechanism is specified for:
+      * PLAIN
+      * SCRAM-SHA-1
+      * SCRAM-SHA-256
+      * MONGODB-X509
+    * `authMechanismProperties` is now validated and returns a client error for invalid or unsupported fields when the authentication mechanism is specified for:
+      * GSSAPI: supported fields are SERVICE_NAME, CANONICALIZE_HOST_NAME, SERVICE_REALM, and SERVICE_HOST.
+      * MONGODB-AWS: supported fields are AWS_SESSION_TOKEN.
+
 libmongoc 1.30.2
 ================
 

src/libmongoc/src/mongoc/mongoc-sasl.c

@@ -110,9 +110,18 @@ _mongoc_sasl_set_properties (mongoc_sasl_t *sasl, const mongoc_uri_t *uri)
       canonicalize = bson_iter_bool (&iter);
    }
 
+   /* newer "authMechanismProperties" URI syntax takes precedence */
    if (bson_iter_init_find_case (&iter, &properties, "CANONICALIZE_HOST_NAME") && BSON_ITER_HOLDS_UTF8 (&iter)) {
-      /* newer "authMechanismProperties" URI syntax takes precedence */
-      canonicalize = !strcasecmp (bson_iter_utf8 (&iter, NULL), "true");
+      const char *const value = bson_iter_utf8 (&iter, NULL);
+
+      const bool is_true = strcasecmp (value, "true") == 0;
+
+      // CDRIVER-4128: only legacy boolean values are currently supported.
+      if (!is_true && strcasecmp (value, "false") != 0) {
+         MONGOC_WARNING ("Unsupported value for \"CANONICALIZE_HOST_NAME\": \"%s\"", value);
+      } else {
+         canonicalize = is_true;
+      }
    }
 
    sasl->canonicalize_host_name = canonicalize;