From 7b35b724f8a874a200154d1e3626ed14cc5b8245 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz <lkrispen@redhat.com>
Date: Mon, 24 Jun 2013 10:19:53 +0200
Subject: [PATCH 73/99] Ticket 47396 - crash on modrdn of tombstone

    Bug Description:  a client modrdn operation on a tombstone entry can crash the server

    Fix Description:   client modrdns and modifies on tombstone entries should not be
        accepted. Tombstones aer internally kept for eventual conflict resolution, normal
        clients should not touch them.
        an exception would be to force purging of tombstones or a kind of "undo" for
        a delete, which could resurrect a tombstone, but this is not in the scope of this ticket

    https://fedorahosted.org/389/ticket/47396

    Reviewed by: Rich, thanks
(cherry picked from commit d1d6245d6ab894cf56e2529cb5c5dc941f4843cd)
---
 ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index b5cb90b..c539463 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -352,6 +352,13 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         goto error_return; /* error result sent by find_entry2modify() */
     }
     e_in_cache = 1; /* e is in the cache and locked */
+    if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE) ) {
+        ldap_result_code = LDAP_UNWILLING_TO_PERFORM;
+        ldap_result_message = "Operation not allowed on tombstone entry.";
+        slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_modrdn",
+               "Attempt to rename a tombstone entry %s\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry )));
+        goto error_return;
+    }
     /* Check that an entry with the same DN doesn't already exist. */
     {
         Slapi_Entry *entry;
-- 
1.8.1.4