//    https://blog.cloudflare.com/when-tcp-sockets-refuse-to-die/
			// This is a sensitive configuration, it is better to set it to high values, > 60 secs since it can
			// affect clients reading data with a very slow pace  (disappropriate with socket buffer sizes)
			if opts.UserTimeout > 0 {
				_ = syscall.SetsockoptInt(fd, syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT, opts.UserTimeout)
			}

		},
		Extensions: make(map[string]string),
	}, nil
}

func validateClientKeyIsTrusted(c ssh.ConnMetadata, clientKey ssh.PublicKey) (err error) {
	if globalSFTPTrustedCAPubkey == nil {
		return errors.New("public key authority validation requested but no ca public key specified.")
	}

	cert, ok := clientKey.(*ssh.Certificate)
	if !ok {
		return errSftpPublicKeyWithoutCert
	}

cuenta que los custom proprietary headers se pueden añadir <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers" class="external-link" target="_blank">usando el prefijo `X-`</a>.

Pero si tienes custom headers que deseas que un cliente en un navegador pueda ver, necesitas añadirlos a tus configuraciones de CORS ([CORS (Cross-Origin Resource Sharing)](cors.md){.internal-link target=_blank}) usando el parámetro `expose_headers` documentado en <a href="https://www.starlette.dev/mi...

    }

    /**
     * Negotiate password hashes with MSIE clients using NTLM SSP
     *
     * @param req
     *            The servlet request
     * @param resp
     *            The servlet response
     * @param skipAuthentication
     *            If true the negotiation is only done if it is
     *            initiated by the client (MSIE post requests after successful NTLM SSP

	// MinIO verifies the client certificate present by the client
	// when requesting temp. credentials.
	// By default, MinIO always verify the client certificate.
	//
	// The client certificate verification should only be skipped
	// when debugging or testing a setup since it allows arbitrary
	// clients to obtain temp. credentials with arbitrary policy

import jcifs.internal.util.SMBUtil;
import jcifs.util.Hexdump;

/**
 * SMB1 Trans2 Find First 2 transaction request implementation.
 * Initiates directory enumeration operations in SMB1 protocol, allowing clients
 * to search for files and directories matching specified patterns and criteria.
 *
 * @author mbechler
 */
public class Trans2FindFirst2 extends SmbComTransaction {

    // flags

 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.  <p> Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and

	writeSuccessResponseXML(w, encodedSuccessResponse)
}

// AssumeRoleWithCertificate implements user authentication with client certificates.
// It verifies the client-provided X.509 certificate, maps the certificate to an S3 policy
// and returns temp. S3 credentials to the client.
//
// API endpoint: https://minio:9000?Action=AssumeRoleWithCertificate&Version=2011-06-15

import jcifs.internal.util.SMBUtil;
import jcifs.util.Strings;

/**
 * Represents a DFS (Distributed File System) referral entry containing server redirection information.
 * This class handles DFS referral responses that redirect clients to alternate servers for accessing
 * distributed file system resources, supporting multiple DFS versions and referral types.
 */
public class Referral implements Decodable {

    /**

	if m.handlers.hasSubhandler(subID) && !id.isTestHandler() {
		return fmt.Errorf("handler %v, subroute:%v: %w", id.String(), s, ErrHandlerAlreadyExists)
	}
	m.handlers.subSingle[subID] = h
	// Copy so clients can also pick it up for other subpaths.
	m.handlers.subSingle[makeZeroSubHandlerID(id)] = h
	return nil
}

/*
// RegisterStateless will register a stateless handler that serves