Fix for Bug #5023 (separate access check from posix_acls code)
The three can_* access check functions in smbd/posix_acls.c that are used in
smbd/open.c and smbd/nttrans.c explicitly called check_posix_acl_group_access()
This lead to errors with nfsv4 acls (e.g. ZFS and GPFS).
This changes the can_* functions to get the nt_acl via VFS layer and call
se_access_check on that. It also removes check_posix_acl_group_access()
which has no more callers.
Michael
Note: This merges the original fix
6f961a23de745aba5dcd4585b731e651b8cbeef4
from branch v3-2-test along with some subsequent improvements:
c61b4222d30288add216fac4da3cfaa537f5cd01 - no double fast pathing
cd62122916defbfb57468c3b82a60b766fc4652e - cosmetic fix
f4f700cf0c1657c36e801fab20fe7b1a4efcb714 - prevent orphaned open files