// errDiskAccessDenied - we don't have write permissions on disk.
var errDiskAccessDenied = StorageErr("drive access denied")

// errFileNotFound - cannot find the file.
var errFileNotFound = StorageErr("file not found")

// errFileNotFound - cannot find requested file version.
var errFileVersionNotFound = StorageErr("file version not found")

// errTooManyOpenFiles - too many open files.

	fi

	for ((i = 0; i < 20; i++)); do
		test -f ${WORK_DIR}/$1/1/.minio.sys/format.json
		v1=$?
		nextInES=$(($1 + 1)) && [ $nextInES -gt 3 ] && nextInES=1
		foundFiles1=$(find ${WORK_DIR}/$1/1/ | grep -v .minio.sys | grep xl.meta | wc -l)
		foundFiles2=$(find ${WORK_DIR}/$nextInES/1/ | grep -v .minio.sys | grep xl.meta | wc -l)
		test $foundFiles1 -eq $foundFiles2
		v2=$?
		[ $v1 == 0 -a $v2 == 0 ] && return 0
		sleep 10
	done

		defaultSha256Cksum = emptySHA256
		v, ok = r.Header[xhttp.AmzContentSha256]
	}

	// We found 'X-Amz-Content-Sha256' return the captured value.
	if ok {
		return v[0]
	}

	// We couldn't find 'X-Amz-Content-Sha256'.
	return defaultSha256Cksum
}

// isValidRegion - verify if incoming region value is valid with configured Region.
func isValidRegion(reqRegion string, confRegion string) bool {

// afterVersion returns the payload after the version, if any.
func (x xlMetaInlineData) afterVersion() []byte {
	if len(x) == 0 {
		return x
	}
	return x[1:]
}

// find the data with key s.
// Returns nil if not for or an error occurs.
func (x xlMetaInlineData) find(key string) []byte {
	if len(x) == 0 || !x.versionOK() {
		return nil
	}
	sz, buf, err := msgp.ReadMapHeaderBytes(x.afterVersion())
	if err != nil || sz == 0 {

	// This filter has tags configured but this object
	// does not have any tag, skip this object
	if len(tagsMap) == 0 {
		return false
	}

	// Both filter and object have tags, find a match,
	// skip this object otherwise
	for k, cv := range f.cachedTags {
		v, ok := tagsMap[k]
		if ok && v == cv {
			return true
		}
	}

	return false

// Standard path where an app would find cross domain policy information.
const crossDomainXMLEntity = "/crossdomain.xml"

// A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player

					ctx, done := context.WithTimeout(context.Background(), 2*time.Second)
					ok := cache.load(ctx, er, bucket+slashSeparator+dataUsageCacheName) == nil
					done()
					if ok {
						root := cache.find(bucket)
						if root == nil {
							// We dont have usage information for this bucket in this
							// set, go to the next set
							continue
						}

function prepare_block_devices() {
	set -e
	mkdir -p ${WORK_DIR}/disks/ ${WORK_DIR}/mnt/
	sudo modprobe loop
	for i in 1 2 3 4; do
		dd if=/dev/zero of=${WORK_DIR}/disks/img.${i} bs=1M count=2000
		device=$(sudo losetup --find --show ${WORK_DIR}/disks/img.${i})
		sudo mkfs.ext4 -F ${device}
		mkdir -p ${WORK_DIR}/mnt/disk${i}/
		sudo mount ${device} ${WORK_DIR}/mnt/disk${i}/
		sudo chown "$(id -u):$(id -g)" ${device} ${WORK_DIR}/mnt/disk${i}/
	done

		exit 1
		;;
	esac
}

assert_check_golang_env() {
	if ! which go >/dev/null 2>&1; then
		echo "Cannot find go binary in your PATH configuration, please refer to Go installation document at https://golang.org/doc/install"
		exit 1
	fi

	installed_go_version=$(go version | sed 's/^.* go\([0-9.]*\).*$/\1/')

Now, the STS certificate-based authentication happens in 4 steps:

- Client sends HTTP `POST` request over a TLS connection hitting the MinIO TLS STS API.
- MinIO verifies that the client certificate is valid.
- MinIO tries to find a policy that matches the `CN` of the client certificate.
- MinIO returns temp. S3 credentials associated to the found policy.