sid: sid_test: make subauthorities mandatory

Both the constructor “Sid.create” and the string format parser must
reject inputs lacking a subauthorities array of at least size one. Since
the array is no longer optional, reorder the the constructor arguments
to match the data representation.

It is still possible to create SIDs without subauthorities via the
“Sid.create_unsafe” constructor. Also, the packet representation will
happily accept them because their definition (as well as that that of
the identical RPC version) does not specify a minimum count.

This is all rather ambiguous and exacerbated by the fact that [MS-DTYP]
happily specifies an invalid SID “S-1-5” as the “NT_AUTHORITY”. However,
both the grammar and the Win API “ConvertStringSidToSidA()” function
reject SA-less inputs as invalid, so we should too.

1 files changed, 31 insertions, 25 deletions

diff --git a/sid.mli b/sid.mli
index 69a439e..9730d14 100644
--- a/sid.mli
+++ b/sid.mli
@@ -3,16 +3,16 @@
 type t
 type sub_auths = Stdint.Uint32.t array
 
-val create : ?sa:Stdint.Uint32.t array -> Stdint.Uint64.t -> t option
+val create : Stdint.Uint64.t -> Stdint.Uint32.t array -> t option
 (** [create sas ia] constructs a SID with the identifier authority [ia]
-    and, optionally, the subauthorities [sas]. The operation will return
-    [None] if [sa] contains more than fifteen subauthorities, or if [ia]
+    and the subauthorities [sas]. The operation will return [None] if [sa]
+    contains either zero or more than fifteen subauthorities, or if [ia]
     exceeds 48 bits. *)
 
-val create_unsafe : Stdint.Uint32.t array -> Stdint.Uint64.t -> t
+val create_unsafe : Stdint.Uint64.t -> Stdint.Uint32.t array -> t
 (** [create_unsafe sas ia] constructs a SID with the identifier authority [ia]
-    and, optionally, the sub authorities [sas] without validating the inputs.
-    Use with caution. *)
+    and the sub authorities [sas] without validating the inputs. Use with
+    caution. *)
 
 val equal : t -> t -> bool
 (** [equal sa sb] tests whether [sa] and [sb] are identical. *)
@@ -98,7 +98,13 @@ module WellKnown :
     val elite : t
 
     val nt_authority : t
-    (** The SID {e S-1-5}. *)
+    (** The SID {e S-1-5}.
+    
+        Note that according to the offical grammar as layed out in MS-DTYP
+        2.4.2.1, this SID cannot be converted to “string format” due to its
+        lack of subauthorities. However, it is the same document which also
+        specifies this SID. How to reconcile the two is left as an exercise
+        to the reader. *)
 
     val dialup : t
     (** The SID {e S-1-5-1}. *)
@@ -389,40 +395,40 @@ module WellKnown :
 
     module Prefix :
       sig
-        val security_null_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_null_sid_authority sub_auths ()] constructs a SID
+        val security_null_sid_authority : sub_auths -> t
+        (** [security_null_sid_authority sub_auths] constructs a SID
             {e S-1-0-[sub_auths]…}. *)
 
-        val security_world_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_world_sid_authority sub_auths ()] constructs a SID
+        val security_world_sid_authority : sub_auths -> t
+        (** [security_world_sid_authority sub_auths] constructs a SID
             {e S-1-1-[sub_auths]…}. *)
 
-        val security_local_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_local_sid_authority sub_auths ()] constructs a SID
+        val security_local_sid_authority : sub_auths -> t
+        (** [security_local_sid_authority sub_auths] constructs a SID
             {e S-1-2-[sub_auths]…}. *)
 
-        val security_creator_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_creator_sid_authority sub_auths ()] constructs a SID
+        val security_creator_sid_authority : sub_auths -> t
+        (** [security_creator_sid_authority sub_auths] constructs a SID
             {e S-1-3-[sub_auths]…}. *)
 
-        val security_nt_authority : ?sa:sub_auths -> unit -> t
-        (** [security_nt_authority sub_auths ()] constructs a SID
+        val security_nt_authority : sub_auths -> t
+        (** [security_nt_authority sub_auths] constructs a SID
             {e S-1-5-[sub_auths]…}. *)
 
-        val security_app_package_authority : ?sa:sub_auths -> unit -> t
-        (** [security_app_package_authority sub_auths ()] constructs a SID
+        val security_app_package_authority : sub_auths -> t
+        (** [security_app_package_authority sub_auths] constructs a SID
             {e S-1-15-[sub_auths]…}. *)
 
-        val security_mandatory_label_authority : ?sa:sub_auths -> unit -> t
-        (** [security_mandatory_label_authority sub_auths ()] constructs a SID
+        val security_mandatory_label_authority : sub_auths -> t
+        (** [security_mandatory_label_authority sub_auths] constructs a SID
             {e S-1-16-[sub_auths]…}. *)
 
-        val security_scoped_policy_id_authority : ?sa:sub_auths -> unit -> t
-        (** [security_scoped_policy_id_authority sub_auths ()] constructs a SID
+        val security_scoped_policy_id_authority : sub_auths -> t
+        (** [security_scoped_policy_id_authority sub_auths] constructs a SID
             {e S-1-17-[sub_auths]…}. *)
 
-        val security_authentication_authority : ?sa:sub_auths -> unit -> t
-        (** [security_authentication_authority sub_auths ()] constructs a SID
+        val security_authentication_authority : sub_auths -> t
+        (** [security_authentication_authority sub_auths] constructs a SID
             {e S-1-18-[sub_auths]…}. *)
       end
   end