*** pgsql/src/backend/utils/init/postinit.c	2010/04/21 00:51:57	1.211
--- pgsql/src/backend/utils/init/postinit.c	2010/04/26 10:52:00	1.212
***************
*** 8,14 ****
   *
   *
   * IDENTIFICATION
!  *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.210 2010/04/20 23:48:47 tgl Exp $
   *
   *
   *-------------------------------------------------------------------------
--- 8,14 ----
   *
   *
   * IDENTIFICATION
!  *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.211 2010/04/21 00:51:57 tgl Exp $
   *
   *
   *-------------------------------------------------------------------------
*************** InitPostgres(const char *in_dbname, Oid
*** 618,623 ****
--- 618,654 ----
  	}
  
  	/*
+ 	 * If we're trying to shut down, only superusers can connect, and
+ 	 * new replication connections are not allowed.
+ 	 */
+ 	if ((!am_superuser || am_walsender) &&
+ 		MyProcPort != NULL &&
+ 		MyProcPort->canAcceptConnections == CAC_WAITBACKUP)
+ 	{
+ 		if (am_walsender)
+ 			ereport(FATAL,
+ 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ 		     	errmsg("new replication connections are not allowed during database shutdown")));
+ 		else
+ 			ereport(FATAL,
+ 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ 				errmsg("must be superuser to connect during database shutdown")));
+ 	}
+ 
+ 	/*
+ 	 * The last few connections slots are reserved for superusers.
+ 	 * Although replication connections currently require superuser
+ 	 * privileges, we don't allow them to consume the reserved slots,
+ 	 * which are intended for interactive use.
+ 	 */
+ 	if ((!am_superuser || am_walsender) &&
+ 		ReservedBackends > 0 &&
+ 		!HaveNFreeProcs(ReservedBackends))
+ 		ereport(FATAL,
+ 				(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
+ 				 errmsg("remaining connection slots are reserved for non-replication superuser connections")));
+ 
+ 	/*
  	 * If walsender, we're done here --- we don't want to connect to any
  	 * particular database.
  	 */
*************** InitPostgres(const char *in_dbname, Oid
*** 779,804 ****
  		CheckMyDatabase(dbname, am_superuser);
  
  	/*
- 	 * If we're trying to shut down, only superusers can connect.
- 	 */
- 	if (!am_superuser &&
- 		MyProcPort != NULL &&
- 		MyProcPort->canAcceptConnections == CAC_WAITBACKUP)
- 		ereport(FATAL,
- 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- 		   errmsg("must be superuser to connect during database shutdown")));
- 
- 	/*
- 	 * Check a normal user hasn't connected to a superuser reserved slot.
- 	 */
- 	if (!am_superuser &&
- 		ReservedBackends > 0 &&
- 		!HaveNFreeProcs(ReservedBackends))
- 		ereport(FATAL,
- 				(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
- 				 errmsg("connection limit exceeded for non-superusers")));
- 
- 	/*
  	 * Now process any command-line switches that were included in the startup
  	 * packet, if we are in a regular backend.	We couldn't do this before
  	 * because we didn't know if client is a superuser.
--- 810,815 ----