This patch reserves the last superuser_reserved_connections slots for

connections by the superuser only.

This patch replaces the last patch I sent a couple of days ago.

It closes a connection that has not been authorised by a superuser if it would
leave less than the GUC variable ReservedBackends
(superuser_reserved_connections in postgres.conf) backend process slots free
in the SISeg. This differs to the first patch which only reserved the last
ReservedBackends slots in the procState array. This has made the free slot
test more expensive due to the use of a lock.

After thinking about a comment on the first patch I've also made it a fatal
error if the number of reserved slots is not less than the maximum number of
connections.

Nigel J. Andrews

1 files changed, 11 insertions, 1 deletions

diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index f36c1d981fa..b02e371a818 100644
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.110 2002/08/29 07:22:28 ishii Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.111 2002/08/29 21:02:12 momjian Exp $
  *
  *
  *-------------------------------------------------------------------------
@@ -395,6 +395,16 @@ InitPostgres(const char *dbname, const char *username)
 	/* close the transaction we started above */
 	if (!bootstrap)
 		CommitTransactionCommand();
+
+	/*
+	 * Check a normal user hasn't connected to a superuser reserved slot.
+	 * Do this here since we need the user information and that only happens
+	 * after we've started bringing the shared memory online. So we wait
+	 * until we've registered exit handlers and potentially shut an open
+	 * transaction down for an as safety conscious rejection as possible.
+	 */
+	if (CountEmptyBackendSlots() < ReservedBackends && !superuser())
+		elog(ERROR, "Non-superuser connection limit exceeded");
 }
 
 /*