1 files changed, 31 insertions, 25 deletions

diff --git a/sid.mli b/sid.mli
index 69a439e..9730d14 100644
--- a/sid.mli
+++ b/sid.mli
@@ -3,16 +3,16 @@
 type t
 type sub_auths = Stdint.Uint32.t array
 
-val create : ?sa:Stdint.Uint32.t array -> Stdint.Uint64.t -> t option
+val create : Stdint.Uint64.t -> Stdint.Uint32.t array -> t option
 (** [create sas ia] constructs a SID with the identifier authority [ia]
-    and, optionally, the subauthorities [sas]. The operation will return
-    [None] if [sa] contains more than fifteen subauthorities, or if [ia]
+    and the subauthorities [sas]. The operation will return [None] if [sa]
+    contains either zero or more than fifteen subauthorities, or if [ia]
     exceeds 48 bits. *)
 
-val create_unsafe : Stdint.Uint32.t array -> Stdint.Uint64.t -> t
+val create_unsafe : Stdint.Uint64.t -> Stdint.Uint32.t array -> t
 (** [create_unsafe sas ia] constructs a SID with the identifier authority [ia]
-    and, optionally, the sub authorities [sas] without validating the inputs.
-    Use with caution. *)
+    and the sub authorities [sas] without validating the inputs. Use with
+    caution. *)
 
 val equal : t -> t -> bool
 (** [equal sa sb] tests whether [sa] and [sb] are identical. *)
@@ -98,7 +98,13 @@ module WellKnown :
     val elite : t
 
     val nt_authority : t
-    (** The SID {e S-1-5}. *)
+    (** The SID {e S-1-5}.
+    
+        Note that according to the offical grammar as layed out in MS-DTYP
+        2.4.2.1, this SID cannot be converted to “string format” due to its
+        lack of subauthorities. However, it is the same document which also
+        specifies this SID. How to reconcile the two is left as an exercise
+        to the reader. *)
 
     val dialup : t
     (** The SID {e S-1-5-1}. *)
@@ -389,40 +395,40 @@ module WellKnown :
 
     module Prefix :
       sig
-        val security_null_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_null_sid_authority sub_auths ()] constructs a SID
+        val security_null_sid_authority : sub_auths -> t
+        (** [security_null_sid_authority sub_auths] constructs a SID
             {e S-1-0-[sub_auths]…}. *)
 
-        val security_world_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_world_sid_authority sub_auths ()] constructs a SID
+        val security_world_sid_authority : sub_auths -> t
+        (** [security_world_sid_authority sub_auths] constructs a SID
             {e S-1-1-[sub_auths]…}. *)
 
-        val security_local_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_local_sid_authority sub_auths ()] constructs a SID
+        val security_local_sid_authority : sub_auths -> t
+        (** [security_local_sid_authority sub_auths] constructs a SID
             {e S-1-2-[sub_auths]…}. *)
 
-        val security_creator_sid_authority : ?sa:sub_auths -> unit -> t
-        (** [security_creator_sid_authority sub_auths ()] constructs a SID
+        val security_creator_sid_authority : sub_auths -> t
+        (** [security_creator_sid_authority sub_auths] constructs a SID
             {e S-1-3-[sub_auths]…}. *)
 
-        val security_nt_authority : ?sa:sub_auths -> unit -> t
-        (** [security_nt_authority sub_auths ()] constructs a SID
+        val security_nt_authority : sub_auths -> t
+        (** [security_nt_authority sub_auths] constructs a SID
             {e S-1-5-[sub_auths]…}. *)
 
-        val security_app_package_authority : ?sa:sub_auths -> unit -> t
-        (** [security_app_package_authority sub_auths ()] constructs a SID
+        val security_app_package_authority : sub_auths -> t
+        (** [security_app_package_authority sub_auths] constructs a SID
             {e S-1-15-[sub_auths]…}. *)
 
-        val security_mandatory_label_authority : ?sa:sub_auths -> unit -> t
-        (** [security_mandatory_label_authority sub_auths ()] constructs a SID
+        val security_mandatory_label_authority : sub_auths -> t
+        (** [security_mandatory_label_authority sub_auths] constructs a SID
             {e S-1-16-[sub_auths]…}. *)
 
-        val security_scoped_policy_id_authority : ?sa:sub_auths -> unit -> t
-        (** [security_scoped_policy_id_authority sub_auths ()] constructs a SID
+        val security_scoped_policy_id_authority : sub_auths -> t
+        (** [security_scoped_policy_id_authority sub_auths] constructs a SID
             {e S-1-17-[sub_auths]…}. *)
 
-        val security_authentication_authority : ?sa:sub_auths -> unit -> t
-        (** [security_authentication_authority sub_auths ()] constructs a SID
+        val security_authentication_authority : sub_auths -> t
+        (** [security_authentication_authority sub_auths] constructs a SID
             {e S-1-18-[sub_auths]…}. *)
       end
   end