ntHash = new byte[0];
                    writeString(password, lmHash, 0);
                }
                accountName = auth.username;
                if (useUnicode) {
                    accountName = accountName.toUpperCase();
                }
                primaryDomain = auth.domain.toUpperCase();
            } else if (cred instanceof byte[]) {

                        this.accountName = a.getUsername();
                        if (this.isUseUnicode()) {
                            this.accountName = this.accountName.toUpperCase();
                        }
                        this.primaryDomain = a.getUserDomain() != null ? a.getUserDomain().toUpperCase() : "?";
                    } else {
                        this.accountName = "";

        String accountName = (String) getField(obj, "accountName");
        String primaryDomain = (String) getField(obj, "primaryDomain");

        // The actual implementation keeps lowercase for guest when Unicode is not enabled
        assertEquals("guest", accountName);
        assertEquals("DOM", primaryDomain);

			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.BypassGovernanceRetentionAction,
			BucketName:      bucketName,
			ObjectName:      objectName,
			ConditionValues: conditions,
			IsOwner:         owner,
			Claims:          cred.Claims,
		})
	}
	if globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,

		if err != nil {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
	}

	accountName := cred.AccessKey
	if cred.IsTemp() || cred.IsServiceAccount() {
		// For derived credentials, check the parent user's permissions.
		accountName = cred.ParentUser
	}

	roleArn := policy.Args{Claims: cred.Claims}.GetRoleArn()

    @Test
    void toStringContainsKeyFields() {
        SmbSession session = new SmbSession(addr, 445, inet, 0, auth);
        String s = session.toString();
        assertTrue(s.contains("accountName="), "toString should contain accountName");
        assertTrue(s.contains("primaryDomain="), "toString should contain primaryDomain");
        assertTrue(s.contains("uid="), "toString should contain uid");
    }

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	if userDN != "" && userDN != cred.ParentUser {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.ListServiceAccountsAdminAction,
			ConditionValues: getConditionValues(r, "", cred),
			IsOwner:         owner,

		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL)
		return
	}

	// Empty DN list and not self, list access keys for all users
	if isAll {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.ListUsersAdminAction,
			ConditionValues: getConditionValues(r, "", cred),
			IsOwner:         owner,
			Claims:          cred.Claims,

                /*
                 * Session Setup And X Request / Response
                 */

                if (LogStream.level >= 4) {
                    SmbTransport.log.println("sessionSetup: accountName=" + auth.username + ",primaryDomain=" + auth.domain);
                }

                /* We explicitly set uid to 0 here to prevent a new
                 * SMB_COM_SESSION_SETUP_ANDX from having it's uid set to an

		n := 0
		// Use the following trick to filter in place
		// https://github.com/golang/go/wiki/SliceTricks#filter-in-place
		for _, bucketInfo := range bucketsInfo {
			if globalIAMSys.IsAllowed(policy.Args{
				AccountName:     cred.AccessKey,
				Groups:          cred.Groups,
				Action:          policy.ListBucketAction,
				BucketName:      bucketInfo.Name,
				ConditionValues: getConditionValues(r, "", cred),