From ae1d2350562b50f99397d1faecbb03bf3027514f Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Thu, 20 Aug 2015 10:37:42 -0700
Subject: [PATCH] Don't defer revocation when sealing, and clear out
 response/auth if there is a token use error

---
 vault/core.go | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/vault/core.go b/vault/core.go
index 358260910c..10c6c92140 100644
--- a/vault/core.go
+++ b/vault/core.go
@@ -410,6 +410,8 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r
 			// Attempt to use the token (decrement num_uses)
 			if err := c.tokenStore.UseToken(te); err != nil {
 				c.logger.Printf("[ERR] core: failed to use token: %v", err)
+				retResp = nil
+				retAuth = nil
 				retErr = ErrInternalError
 			}
 		}()
@@ -965,20 +967,25 @@ func (c *Core) Seal(token string) (retErr error) {
 	// Validate the token is a root token
 	_, te, err := c.checkToken(logical.WriteOperation, "sys/seal", token)
 	if te != nil {
-		defer func() {
-			// Attempt to use the token (decrement num_uses)
-			if err := c.tokenStore.UseToken(te); err != nil {
-				c.logger.Printf("[ERR] core: failed to use token: %v", err)
-				retErr = ErrInternalError
-			}
-		}()
+		// Attempt to use the token (decrement num_uses)
+		if err := c.tokenStore.UseToken(te); err != nil {
+			c.logger.Printf("[ERR] core: failed to use token: %v", err)
+			retErr = ErrInternalError
+		}
 	}
 	if err != nil {
 		return err
 	}
 
 	// Seal the Vault
-	return c.sealInternal()
+	err = c.sealInternal()
+	if err == nil && retErr == ErrInternalError {
+		c.logger.Printf("[ERR] core: core is successfully sealed but another error occurred during the operation")
+	} else {
+		retErr = err
+	}
+
+	return
 }
 
 // sealInternal is an internal method used to seal the vault.