CDRIVER-4489 refactor URI auth finalization by authentication mechanism

NEWS

@@ -34,6 +34,26 @@ Instead, the names must be prefixed with the parent directory: `mongoc/mongoc.h`
 ```
 
 
+Changes:
+
+  * URI authentication credentials validation (only applicable during creation of a new `mongoc_uri_t` object from a connection string):
+    * `authMechanism` is now validated and returns a client error for invalid or unsupported values.
+    * `authSource` is now validated and returns a client error for invalid or unsupported values for the specified `authMechanism`.
+    * `authSource` is now correctly defaulted to `"$external"` for MONGODB-AWS (instead of the database name or `"admin"`).
+    * The requirement that a password is provided is now enforced when the authentication mechanism is specified for:
+      * PLAIN
+      * SCRAM-SHA-1
+      * SCRAM-SHA-256
+    * The requirement that neither or both a username and password is provided (optionally with a `AWS_SESSION_TOKEN`) is now enforced for MONGODB-AWS.
+    * `authMechanismProperties` is now prohibited (instead of ignored) when the authentication mechanism is specified for:
+      * PLAIN
+      * SCRAM-SHA-1
+      * SCRAM-SHA-256
+      * MONGODB-X509
+    * `authMechanismProperties` is now validated and returns a client error for invalid or unsupported fields when the authentication mechanism is specified for:
+      * GSSAPI: supported fields are SERVICE_NAME, CANONICALIZE_HOST_NAME, SERVICE_REALM, and SERVICE_HOST.
+      * MONGODB-AWS: supported fields are AWS_SESSION_TOKEN.
+
 libmongoc 1.30.2
 ================
 

src/libmongoc/src/mongoc/mongoc-sasl.c

@@ -110,9 +110,18 @@ _mongoc_sasl_set_properties (mongoc_sasl_t *sasl, const mongoc_uri_t *uri)
       canonicalize = bson_iter_bool (&iter);
    }
 
+   /* newer "authMechanismProperties" URI syntax takes precedence */
    if (bson_iter_init_find_case (&iter, &properties, "CANONICALIZE_HOST_NAME") && BSON_ITER_HOLDS_UTF8 (&iter)) {
-      /* newer "authMechanismProperties" URI syntax takes precedence */
-      canonicalize = !strcasecmp (bson_iter_utf8 (&iter, NULL), "true");
+      const char *const value = bson_iter_utf8 (&iter, NULL);
+
+      const bool is_true = strcasecmp (value, "true") == 0;
+
+      // CDRIVER-4128: only legacy boolean values are currently supported.
+      if (!is_true && strcasecmp (value, "false") != 0) {
+         MONGOC_WARNING ("Unsupported value for \"CANONICALIZE_HOST_NAME\": \"%s\"", value);
+      } else {
+         canonicalize = is_true;
+      }
    }
 
    sasl->canonicalize_host_name = canonicalize;