}
	}

	// TestXLStorage for permission denied.
	if runtime.GOOS != globalWindowsOSName {
		permDeniedDir := createPermDeniedFile(t)
		if err = os.Chmod(permDeniedDir, 0o400); err != nil {
			t.Fatalf("Unable to change permission to temporary directory %v. %v", permDeniedDir, err)
		}

		// Initialize xlStorage storage layer for permission denied error.
		_, err = newLocalXLStorage(permDeniedDir)

		if store.getUsersSysType() == MinIOUsersSysType {
			g, ok := c.iamGroupsMap[group]
			if !ok {
				continue
			}

			// Group is disabled, so we return no policy - this
			// ensures the request is denied.
			if g.Status == statusDisabled {
				continue
			}
		}

		policy, ok := c.iamGroupPolicyMap.Load(group)
		if !ok {
			continue
		}

		policies = append(policies, policy.toSlice()...)

        .build()
    val call = client.newCall(Request(server.url("/")))
    val response = call.execute()
    assertThat(response.body.string()).isEqualTo("Successful auth!")
    val denied = server.takeRequest()
    assertThat(denied.headers["Authorization"]).isNull()
    val accepted = server.takeRequest()
    assertThat(accepted.requestLine).isEqualTo("GET / HTTP/2")

role.search.user.prefix=1
# Prefix for group roles in search.
role.search.group.prefix=2
# Prefix for role roles in search.
role.search.role.prefix=R
# Prefix for denied roles in search.
role.search.denied.prefix=D

# ----------------------------------------------------------
#                                                     Cookie
#                                                     ------

                        }
                        /*
                         * Apparently once a successful NTLMSSP login occurs, the
                         * server will return "Access denied" even if a logoff is
                         * sent. Unfortunately calling disconnect() doesn't always
                         * actually shutdown the connection before other threads

		ConditionValues: getConditionValues(r, "", cred),
		IsOwner:         owner,
		Claims:          cred.Claims,
	}) {
		// If requested user does not exist and requestor is not allowed to list service accounts, return access denied.
		if !ok {
			writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
			return
		}

		requestUser := cred.AccessKey
		if cred.ParentUser != "" {

		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrAccessDenied: {
		Code:           "AccessDenied",
		Description:    "Access Denied.",
		HTTPStatusCode: http.StatusForbidden,
	},
	ErrBadDigest: {
		Code:           "BadDigest",
		Description:    "The Content-Md5 you specified did not match what we received.",

				ObjectName:      "",
				Claims:          cred.Claims,
			}) {
				bucketsInfo[n] = bucketInfo
				n++
			}
		}
		bucketsInfo = bucketsInfo[:n]
		// No buckets can be filtered return access denied error.
		if len(bucketsInfo) == 0 {
			writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL)
			return
		}
	}

	// Generate response.
	response := generateListBucketsResponse(bucketsInfo)

# On Windows, `__cplusplus` is wrongly defined without this switch
# See https://devblogs.microsoft.com/cppblog/msvc-now-correctly-reports-__cplusplus/
build:windows --copt=/Zc:__cplusplus
build:windows --host_copt=/Zc:__cplusplus

# Tensorflow uses M_* math constants that only get defined by MSVC headers if
# _USE_MATH_DEFINES is defined.
build:windows --copt=/D_USE_MATH_DEFINES

// * unsigned char is used for booleans (instead of the 'bool' type).
//   In C++ bool is a keyword while in C99 bool is a macro defined
//   in stdbool.h. It is possible for the two to be inconsistent.
//   For example, neither the C99 nor the C++11 standard force a byte
//   size on the bool type, so the macro defined in stdbool.h could
//   be inconsistent with the bool keyword in C++. Thus, the use