authloopback_marshal() can violate the RPC specification
In a case a user is in a large number of groups, let say 80, and the machine nodename is long enough, let say 100 characters long, the
authloopback_marshal() could create too long authentication body that won't fit to the opaque_auth structure. The size of the auth body is limited to 400 bytes by RFC 5531, but in the example above we will create (and successfully encode and send to the other party) 5 * 4 + 100 + 80 * 4 = 440 bytes of the auth body.
This will happen only in a case the
XDR_INLINE() call in the
authloopback_marshal() function succeeds.