func (s *Scanner) advance(n int) bool {
	if n < 0 {
		s.setErr(ErrNegativeAdvance)
		return false
	}
	if n > s.end-s.start {
		s.setErr(ErrAdvanceTooFar)
		return false
	}
	s.start += n
	return true
}

// setErr records the first error encountered.
func (s *Scanner) setErr(err error) {
	if s.err == nil || s.err == io.EOF {
		s.err = err
	}
}

	// Parse credential tag.
	credHeader, s3Err := parseCredentialHeader("Credential="+formValues.Get(xhttp.AmzCredential), region, serviceS3)
	if s3Err != ErrNone {
		return auth.Credentials{}, s3Err
	}

	r := &http.Request{Header: formValues}
	cred, _, s3Err := checkKeyValid(r, credHeader.accessKey)
	if s3Err != ErrNone {
		return cred, s3Err
	}

	// Get signing key.

			fieldDelimiter:  ",",
			sendErr:         nil,
			header:          true,
			wantColumns:     []string{"header1", "header2", "header3"},
			wantFields:      "ok1,ok2,ok3\n" + `a word,"b"""` + "\n",
			wantErr:         io.EOF,
		},
		{
			// This works since LazyQuotes is true:
			file:            "invalid-badstartline.csv",
			recordDelimiter: "\n",
			fieldDelimiter:  ",",
			sendErr:         nil,

		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL)
		return
	}

	cred, owner, s3Err := validateAdminSignature(ctx, r, "")
	if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

	checkDenyOnly := name == cred.AccessKey

	if !globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,

		u, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
		if !ok {
			return nil, nil, false, errInvalidAccessKeyID
		}
		ucred := u.Credentials
		// get embedded claims
		eclaims, s3Err := checkClaimsFromToken(req, ucred)
		if s3Err != ErrNone {
			return nil, nil, false, errAuthentication
		}

		maps.Copy(claims.MapClaims, eclaims)

	Op  tierOp
	Err error
}

func (te tierPermErr) Error() string {
	return fmt.Sprintf("failed to perform %s: %v", te.Op, te.Err)
}

func errIsTierPermError(err error) bool {
	var tpErr tierPermErr
	return errors.As(err, &tpErr)
}

// remoteVersionID represents the version id of an object in the remote tier.
// Its usage is remote tier cloud implementation specific.
type remoteVersionID string

func doesPolicySignatureV2Match(formValues http.Header) (auth.Credentials, APIErrorCode) {
	accessKey := formValues.Get(xhttp.AmzAccessKeyID)

	r := &http.Request{Header: formValues}
	cred, _, s3Err := checkKeyValid(r, accessKey)
	if s3Err != ErrNone {
		return cred, s3Err
	}
	policy := formValues.Get("Policy")
	signature := formValues.Get(xhttp.AmzSignatureV2)
	if !compareSignatureV2(signature, calculateSignatureV2(policy, cred.SecretKey)) {

	go func() {
		defer wg.Done()

		tcpConn, terr := tcpListener.AcceptTCP()
		if terr != nil {
			t.Errorf("failed to accept new connection. %v", terr)
			return
		}
		deadlineconn := New(tcpConn)
		deadlineconn.WithReadDeadline(time.Second)
		deadlineconn.WithWriteDeadline(time.Second)
		defer deadlineconn.Close()

		// Read a line
		b := make([]byte, 12)
		_, terr = deadlineconn.Read(b)
		if terr != nil {

			// behavior.
			if err := send(metaCacheEntry{
				name:     opts.BaseDir,
				metadata: metadata,
			}); err != nil {
				return err
			}
		} else {
			st, sterr := Lstat(pathJoin(volumeDir, opts.BaseDir, xlStorageFormatFile))
			if sterr == nil && st.Mode().IsRegular() {
				return errFileNotFound
			}
		}
	}

	prefix := opts.FilterPrefix
	var scanDir func(path string) error

pkg syscall (netbsd-arm64-cgo), type Timeval struct, Sec int64
pkg syscall (netbsd-arm64-cgo), type Timeval struct, Usec int32
pkg syscall (netbsd-arm64-cgo), type WaitStatus uint32
pkg syscall (netbsd-arm64-cgo), var Stderr int
pkg syscall (netbsd-arm64-cgo), var Stdin int
pkg syscall (netbsd-arm64-cgo), var Stdout int
pkg syscall (netbsd-arm64), const AF_APPLETALK = 16
pkg syscall (netbsd-arm64), const AF_APPLETALK ideal-int