Scope of changes:

This change adds authorization checks to the killCursors command.
Previously, any user could kill any cursor provided that they knew (or could guess) the cursor ID. With this change, the cursor must have been created by at least one of the currently authenticated users, otherwise killing the cursor will fail.

Additionally, previous behavior would always result in an "ok" response with detail in the "cursorsKilled", "cursorsAlive", "cursorsNotFound" fields. With this change, authorization is checked before any kills are executed, and if any of the authorization checks fails, then no kills will occur and the response will indicate failure (ErrorCodes::Unauthorized). Similarly, if a cursor can not be found during an authorization check, then the entire transaction will fail without any kills being carried out.

Drivers should be aware of the change in failure modes.
Documentation should reflect the additional coAuthorization checks.

Impact to other docs outside of this product:

MVP:

Resources:

Engineering Ticket Description:

A ClientCursor is associated with the set of users that were authenticated when it was created.
A killCursors should only succeed if the intersection of currently authenticated users and the set of users associated with the ClientCursor is nonempty (or the set of users associated with the ClientCursor is empty), or if the user has the killAnyCursor privilege for that collection.