s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl

This was added in e6a5f11865 to adopt the
NFSv4 framework to follow ZFS permission rules. But this is the wrong
place, other filesystems like GPFS do not allow deletion when the user
has SEC_DIR_ADD_FILE.

This patch therefor moves the change from the NFS4 framework into the
ZFS module.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep  9 04:59:51 CEST 2017 on sn-devel-144

(cherry picked from commit 4102697503)

source3/modules/nfs4_acls.c

@@ -352,10 +352,6 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx,
 		DEBUG(10, ("mapped %d to %s\n", ace->who.id,
 			   sid_string_dbg(&sid)));
 
-		if (is_directory && (ace->aceMask & SMB_ACE4_ADD_FILE)) {
-			ace->aceMask |= SMB_ACE4_DELETE_CHILD;
-		}
-
 		if (!is_directory && params->map_full_control) {
 			/*
 			 * Do we have all access except DELETE_CHILD

source3/modules/vfs_zfsacl.c

@@ -66,6 +66,10 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
 		psbuf = &sbuf;
 	}
 
+	if (S_ISDIR(psbuf->st_ex_mode) && (ace->aceMask & SMB_ACE4_ADD_FILE)) {
+		ace->aceMask |= SMB_ACE4_DELETE_CHILD;
+	}
+
 	/* read the number of file aces */
 	if((naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL)) == -1) {
 		if(errno == ENOSYS) {