Don't defer revocation when sealing, and clear out response/auth if there is a token use error

This commit is contained in:
Jeff Mitchell 2015-08-20 10:37:42 -07:00
parent 0e8e3660ff
commit db79dd8c22

View file

@ -410,6 +410,8 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r
// Attempt to use the token (decrement num_uses) // Attempt to use the token (decrement num_uses)
if err := c.tokenStore.UseToken(te); err != nil { if err := c.tokenStore.UseToken(te); err != nil {
c.logger.Printf("[ERR] core: failed to use token: %v", err) c.logger.Printf("[ERR] core: failed to use token: %v", err)
retResp = nil
retAuth = nil
retErr = ErrInternalError retErr = ErrInternalError
} }
}() }()
@ -965,20 +967,25 @@ func (c *Core) Seal(token string) (retErr error) {
// Validate the token is a root token // Validate the token is a root token
_, te, err := c.checkToken(logical.WriteOperation, "sys/seal", token) _, te, err := c.checkToken(logical.WriteOperation, "sys/seal", token)
if te != nil { if te != nil {
defer func() { // Attempt to use the token (decrement num_uses)
// Attempt to use the token (decrement num_uses) if err := c.tokenStore.UseToken(te); err != nil {
if err := c.tokenStore.UseToken(te); err != nil { c.logger.Printf("[ERR] core: failed to use token: %v", err)
c.logger.Printf("[ERR] core: failed to use token: %v", err) retErr = ErrInternalError
retErr = ErrInternalError }
}
}()
} }
if err != nil { if err != nil {
return err return err
} }
// Seal the Vault // Seal the Vault
return c.sealInternal() err = c.sealInternal()
if err == nil && retErr == ErrInternalError {
c.logger.Printf("[ERR] core: core is successfully sealed but another error occurred during the operation")
} else {
retErr = err
}
return
} }
// sealInternal is an internal method used to seal the vault. // sealInternal is an internal method used to seal the vault.