Ticket 47396 - crash on modrdn of tombstone

Bug Description:  a client modrdn operation on a tombstone entry can crash the server

Fix Description:   client modrdns and modifies on tombstone entries should not be
	accepted. Tombstones aer internally kept for eventual conflict resolution, normal
	clients should not touch them.
	an exception would be to force purging of tombstones or a kind of "undo" for
	a delete, which could resurrect a tombstone, but this is not in the scope of this ticket

https://fedorahosted.org/389/ticket/47396

Reviewed by: Rich, thanks

ldap/servers/slapd/back-ldbm/ldbm_modify.c

@@ -485,6 +485,13 @@ ldbm_back_modify( Slapi_PBlock *pb )
 		
 			if ( !is_fixup_operation )
 			{
+				if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE) ) {
+					ldap_result_code = LDAP_UNWILLING_TO_PERFORM;
+                			ldap_result_message = "Operation not allowed on tombstone entry.";
+					slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_modify",
+						"Attempt to modify a tombstone entry %s\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry )));
+					goto error_return;
+				}
 				opcsn = operation_get_csn (operation);
 				if (NULL == opcsn && operation->o_csngen_handler)
 				{

ldap/servers/slapd/back-ldbm/ldbm_modrdn.c

@@ -479,6 +479,13 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
                 goto error_return; /* error result sent by find_entry2modify() */
             }
             e_in_cache = 1; /* e is in the cache and locked */
+	    if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE) ) {
+		ldap_result_code = LDAP_UNWILLING_TO_PERFORM;
+                ldap_result_message = "Operation not allowed on tombstone entry.";
+		slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_modrdn",
+			"Attempt to rename a tombstone entry %s\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry )));
+		goto error_return;
+	    }
             /* Check that an entry with the same DN doesn't already exist. */
             {
                 Slapi_Entry *entry;