+ if (rpc->fd == -1) {
+ rpc_set_error(rpc, "Failed to open socket");
+ return -1;
+ }
+
+ /* Some systems allow you to set capabilities on an executable
+ * to allow the file to be executed with privilege to bind to
+ * privileged system ports, even if the user is not root.
+ *
+ * Opportunistically try to bind the socket to a low numbered
+ * system port in the hope that the user is either root or the
+ * executable has the CAP_NET_BIND_SERVICE.
+ *
+ * As soon as we fail the bind() with EACCES we know we will never
+ * be able to bind to a system port so we terminate the loop.
+ *
+ * On linux, use
+ * sudo setcap 'cap_net_bind_service=+ep' /path/executable
+ * to make the executable able to bind to a system port.
+ *
+ * On Windows, there is no concept of privileged ports. Thus
+ * binding will usually succeed.
+ */
+ {
+ struct sockaddr_in sin;
+ static int portOfs = 0;
+ const int firstPort = 512; /* >= 512 according to Sun docs */
+ const int portCount = IPPORT_RESERVED - firstPort;
+ int startOfs, port, rc;
+
+ if (portOfs == 0) {
+ portOfs = time(NULL) % 400;
+ }
+ startOfs = portOfs;
+ do {
+ rc = -1;
+ port = htons(firstPort + portOfs);
+ portOfs = (portOfs + 1) % portCount;
+
+ /* skip well-known ports */
+ if (!getservbyport(port, "tcp")) {
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_port = port;
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = 0;
+
+ rc = bind(rpc->fd, (struct sockaddr *)&sin, sizeof(struct sockaddr_in));
+#if !defined(WIN32)
+ /* we got EACCES, so don't try again */
+ if (rc != 0 && errno == EACCES)
+ break;
+#endif
+ }
+ } while (rc != 0 && portOfs != startOfs);
+ }
+
+ set_nonblocking(rpc->fd);