Merge remote-tracking branch 'mainline/master' into inc

10 files changed, 200 insertions, 75 deletions

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 5d6074e..a6bdb33 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -652,6 +652,13 @@ function captiveportal_prune_old() {
 	 *	had a chance to iterate over all accounts.
 	 */
 	$unsetindexes = array();
+	$voucher_needs_sync = false;
+	/* 
+	 * Snapshot the time here to use for calculation to speed up the process.
+	 * If something is missed next run will catch it!
+	 */
+	$pruning_time = time();
+	$stop_time = $pruning_time;
 	foreach ($cpdb as $cpentry) {
 
 		$timedout = false;
@@ -659,7 +666,7 @@ function captiveportal_prune_old() {
 
 		/* hard timeout? */
 		if ($timeout) {
-			if ((time() - $cpentry[0]) >= $timeout) {
+			if (($pruning_time - $cpentry[0]) >= $timeout) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
 			}
@@ -667,7 +674,7 @@ function captiveportal_prune_old() {
 
 		/* Session-Terminate-Time */
 		if (!$timedout && !empty($cpentry[9])) {
-			if (time() >= $cpentry[9]) {
+			if ($pruning_time >= $cpentry[9]) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
 			}
@@ -682,7 +689,7 @@ function captiveportal_prune_old() {
 			 *	We "fix" this by setting lastact to the login timestamp. 
 			 */
 			$lastact = $lastact ? $lastact : $cpentry[0];
-			if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
+			if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) {
 				$timedout = true;
 				$term_cause = 4; // Idle-Timeout
 				$stop_time = $lastact; // Entry added to comply with WISPr
@@ -691,15 +698,16 @@ function captiveportal_prune_old() {
 
 		/* if vouchers are configured, activate session timeouts */
 		if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) {
-			if (time() >= ($cpentry[0] + $cpentry[7])) {
+			if ($pruning_time >= ($cpentry[0] + $cpentry[7])) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
+				$voucher_needs_sync = true;
 			}
 		}
 
 		/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */
 		if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) {
-			if (time() >= ($cpentry[0] + $cpentry[7])) {
+			if ($pruning_time >= ($cpentry[0] + $cpentry[7])) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
 			}
@@ -762,6 +770,10 @@ function captiveportal_prune_old() {
 		}
 	}
 
+	if ($voucher_needs_sync == true)
+		/* Triger a sync of the vouchers on config */
+		send_event("service sync vouchers");
+
 	/* write database */
 	if (!empty($unsetindexes))
 		captiveportal_write_db($cpdb, false, $unsetindexes);
@@ -814,7 +826,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
 		$syncport = $config['voucher']['vouchersyncport'];
 		$syncpass = $config['voucher']['vouchersyncpass'];
 		$vouchersyncusername = $config['voucher']['vouchersyncusername'];
-		$remote_status = xmlrpc_sync_voucher_disconnect($dben, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time);
+		$remote_status = xmlrpc_sync_voucher_disconnect($dbent, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time);
 	}
 
 }
@@ -1195,7 +1207,7 @@ function radius($username,$password,$clientip,$clientmac,$type) {
 }
 
 /* read captive portal DB into array */
-function captiveportal_read_db($locked = false) {
+function captiveportal_read_db($locked = false, $index = 5 /* sessionid by default */) {
 	global $g;
 
 	$cpdb = array();
@@ -1209,7 +1221,7 @@ function captiveportal_read_db($locked = false) {
 			if ($line) {
 				$cpe = explode(",", $line);
 				/* Hash by session id */
-				$cpdb[$cpe[5]] = $cpe;
+				$cpdb[$cpe[$index]] = $cpe;
 			}
 		}
 		fclose($fd);
@@ -1229,8 +1241,12 @@ function captiveportal_write_db($cpdb, $locked = false, $remove = false) {
 	if (is_array($remove)) {
 		if (!empty($remove)) {
 			$cpdb = captiveportal_read_db(true);
-			foreach ($remove as $key)
-				unset($cpdb[$key]);
+			foreach ($remove as $key) {
+				if (is_array($key))
+					log_error("Captive portal Array passed as unset index: " . print_r($key, true));
+				else
+					unset($cpdb[$key]);
+			}
 		} else
 			return; //This makes sure no record removal calls
 	}
@@ -1609,6 +1625,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 		}
 	}
 
+	/* Snaphost the timestamp */
+	$allow_time = time();
+
 	foreach ($cpdb as $sid => $cpentry) {
 		/* on the same ip */
 		if($cpentry[2] == $clientip) {
@@ -1619,7 +1638,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 		elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) {
 			// user logged in with an active voucher. Check for how long and calculate 
 			// how much time we can give him (voucher credit - used time)
-			$remaining_time = $cpentry[0] + $cpentry[7] - time();
+			$remaining_time = $cpentry[0] + $cpentry[7] - $allow_time;
 			if ($remaining_time < 0)    // just in case. 
 				$remaining_time = 0;
 
@@ -1713,7 +1732,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 
 			/* encode password in Base64 just in case it contains commas */
 			$bpassword = base64_encode($password);
-			$cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword,
+			$cpdb[] = array($allow_time, $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword,
 				$attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']);
 
 			/* rewrite information to database */
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc
index 7232d14..d5e0f62 100644
--- a/etc/inc/config.lib.inc
+++ b/etc/inc/config.lib.inc
@@ -342,8 +342,10 @@ function conf_mount_rw() {
 function conf_mount_ro() {
 	global $g;
 
+	/* Do not trust $g['platform'] since this can be clobbered during factory reset. */
+	$platform = trim(file_get_contents("/etc/platform"));
 	/* do not umount on cdrom or pfSense platforms */
-	if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
+	if($platform == "cdrom" or $platform == "pfSense")
 		return;
 
 	if($g['booting'])
diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class
index 07fdf95..340fbc1 100644
--- a/etc/inc/dyndns.class
+++ b/etc/inc/dyndns.class
@@ -408,7 +408,7 @@
 		 * Private Function (added 12 July 2005) [beta]
 		 *   Retrieve Update Status
 		 */
-		function _checkStatus($data) {
+		function _checkStatus($ch, $data) {
 			log_error("DynDns: DynDns _checkStatus() starting.");
 			log_error("DynDns: Current Service: {$this->_dnsService}");
 			$successful_update = false;
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index e5bc59a..3ca5d3d 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -505,11 +505,13 @@ function filter_expand_alias($alias_name)
 }
 
 function filter_generate_aliases() {
-	global $config, $FilterIflist;
+	global $config, $FilterIflist, $after_filter_configure_run;
+
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
 		echo "filter_generate_aliases() being called $mt\n";
 	}
+
 	$alias = "#System aliases\n ";
 	$aliases = "loopback = \"{ lo0 }\"\n";
 
@@ -555,9 +557,10 @@ function filter_generate_aliases() {
 			case "network":
 			case "url":
 				$tableaddrs = "{$addrlist}{$extralias}";
-				if(empty($tableaddrs))
+				if(empty($tableaddrs)) {
 					$aliases .= "table <{$aliased['name']}> persist\n";
-				else
+					$after_filter_configure_run[] = "/sbin/pfctl -T flush -t " . escapeshellarg($aliased['name']);
+				} else
 					$aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n";
 
 				$aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n";
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 6993148..3bd0de2 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -91,7 +91,7 @@ $g = array(
 	"disablecrashreporter" => false,
 	"crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php",
 	"debug" => false,
-	"latest_config" => "7.9",
+	"latest_config" => "8.0",
 	"nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "101",
 	"minimum_ram_warning_text" => "128 MB",
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 1858be4..0fe6bfc 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -84,6 +84,46 @@ function does_interface_exist($interface) {
 		return false;
 }
 
+/*
+ * does_vip_exist($vip): return true or false if a vip is
+ * configured.
+ */
+function does_vip_exist($vip) {
+	global $config;
+	
+	if(!$vip)
+		return false;
+
+
+	switch ($vip['mode']) {
+	case "carp":
+	case "carpdev":
+		$realif = "vip{$vip['vhid']}";
+		if (!does_interface_exist($realif)) {
+			return false;
+		}
+		break;
+	case "ipalias":
+		$realif = get_real_interface($vip['interface']);
+		if (!does_interface_exist($realif)) {
+			return false;
+		}
+		break;
+	case "proxyarp":
+		/* XXX: Implement this */
+	default:
+		return false;
+	}
+
+	$ifacedata = pfSense_getall_interface_addresses($realif);
+	foreach ($ifacedata as $vipips) {
+		if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}")
+			return true;
+	}
+
+	return false;
+}
+
 function interface_netgraph_needed($interface = "wan") {
 	global $config;
 
@@ -3277,8 +3317,12 @@ function link_interface_to_vips($int, $action = "") {
 		foreach ($config['virtualip']['vip'] as $vip) {
 			if ($int == $vip['interface']) {
 				if ($action == "update") {
-					interface_vip_bring_down($vip);
-					interfaces_vips_configure($int);
+					if ($vip['mode'] == "carp" && !does_interface_exist("vip{$vip['vhid']}"))
+						interfaces_vips_configure($int);
+					else {
+						interface_vip_bring_down($vip);
+						interfaces_vips_configure($int);
+					}
 				} else
 					return $vip;
 			}
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index bf69eda..f427cec 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -86,7 +86,9 @@ function system_resolvconf_generate($dynupdate = false) {
 
 	$syscfg = $config['system'];
 
-	$resolvconf = "domain {$syscfg['domain']}\n";
+	// Do not create blank domain lines, it breaks tools like dig.
+	if($syscfg['domain'])
+		$resolvconf = "domain {$syscfg['domain']}\n";
 
 	$havedns = false;
 
@@ -739,8 +741,10 @@ function system_webgui_start() {
 	}
 
 	/* generate lighttpd configuration */
+	$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
 	system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
-		$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
+		$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
+		"cert.pem", "ca.pem", $max_procs);
 
 	/* attempt to start lighthttpd */
 	$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
@@ -820,6 +824,7 @@ function system_generate_lighty_config($filename,
 	}
 
 	// Ramp up captive portal max procs
+	//  Work relative to the default of 2, for values that would be >2.
 	if($captive_portal == true)  {
 		if($avail > 65 and $avail < 98) {
 			$max_procs = 1;
@@ -828,38 +833,38 @@ function system_generate_lighty_config($filename,
 			$max_procs = 2;
 		}
 		if($avail > 127 and $avail < 256) {
-			$max_procs = 3;
+			$max_procs += 1;
 		}
 		if($avail > 255 and $avail < 384) {
-			$max_procs = 4;
+			$max_procs += 2;
 		}
 		if($avail > 383) {
-			$max_procs = 5;
+			$max_procs += 3;
 		}
 	}
 
 	if($captive_portal == true)  {	
 		$bin_environment =  <<<EOC
-        "bin-environment" => (
-           "PHP_FCGI_CHILDREN" => "$max_procs",
-           "PHP_FCGI_MAX_REQUESTS" => "500"
-        ), 
+			"bin-environment" => (
+				"PHP_FCGI_CHILDREN" => "$max_procs",
+				"PHP_FCGI_MAX_REQUESTS" => "500"
+			),
 EOC;
 
 	} else if ($avail > 0 and $avail < 128) {
 		$bin_environment = <<<EOC
-		"bin-environment" => (
-			"PHP_FCGI_CHILDREN" => "$max_procs",
-			"PHP_FCGI_MAX_REQUESTS" => "2",
-	),
+			"bin-environment" => (
+				"PHP_FCGI_CHILDREN" => "$max_procs",
+				"PHP_FCGI_MAX_REQUESTS" => "2",
+			),
 
 EOC;
 	} else
 		$bin_environment =  <<<EOC
-        "bin-environment" => (
-           "PHP_FCGI_CHILDREN" => "$max_procs",
-           "PHP_FCGI_MAX_REQUESTS" => "500"
-        ), 
+			"bin-environment" => (
+				"PHP_FCGI_CHILDREN" => "$max_procs",
+				"PHP_FCGI_MAX_REQUESTS" => "500"
+			),
 EOC;
 
 	if($fast_cgi_enable == true) {
@@ -874,7 +879,7 @@ fastcgi.server = ( ".php" =>
 			"socket" => "{$g['tmp_path']}/php-fastcgi.socket",
 			"min-procs" => 0,
 			"max-procs" => {$max_procs},
-			{$bin_environment}			
+{$bin_environment}
 			"bin-path" => "/usr/local/bin/php"
 		)
 	)
@@ -1171,9 +1176,16 @@ function system_ntp_configure() {
 		$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
 		if ($xmlsettings['enable'] == 'on') {
 			$ifaces = explode(',', $xmlsettings['interface']);
-			$ifaces = array_map('get_real_interface', $ifaces);
-			$ifaces = array_filter($ifaces, 'does_interface_exist');
-			$ips = array_map('find_interface_ip', $ifaces);
+			$ips = array();
+			foreach ($ifaces as $if) {
+				if (is_ipaddr($if)) {
+					$ips[] = $if;
+				} else {
+					$if = get_real_interface($if);
+					if (does_interface_exist($if))
+						$ips[] = find_interface_ip($if);
+				}
+			}
 			foreach ($ips as $ip) {
 				if (is_ipaddr($ip))
 					$ntpcfg .= "listen on $ip\n";
@@ -1494,4 +1506,23 @@ function system_get_dmesg_boot() {
 	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
 }
 
+function openntpd_get_listen_ips() {
+	$interfaces = get_configured_interface_with_descr();
+	$carplist = get_configured_carp_interface_list();
+	$listenips = array();
+	foreach ($carplist as $cif => $carpip)
+		$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
+	$aliaslist = get_configured_ip_aliases_list();
+	foreach ($aliaslist as $aliasip => $aliasif)
+		$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+	foreach ($interfaces as $iface => $ifacename) {
+		$tmp["name"]  = $ifacename;
+		$tmp["value"] = $iface;
+		$listenips[] = $tmp;
+	}
+	$tmp["name"]  = "Localhost";
+	$tmp["value"] = "lo0";
+	$listenips[] = $tmp;
+	return $listenips;
+}
 ?>
diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc
index 714e11d..e7e632a 100644
--- a/etc/inc/upgrade_config.inc
+++ b/etc/inc/upgrade_config.inc
@@ -2497,4 +2497,15 @@ function upgrade_078_to_079() {
 	unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd");
 }
 
+function upgrade_079_to_080() {
+	global $config;
+
+	/* Upgrade config in 1.2.3 specifying a username other than admin for synching. */
+	if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) &&
+		is_array($config['installedpackages']['carpsettings']['config'])) {
+		$config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username'];
+		unset($config['system']['username']);
+	}
+}
+
 ?>
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index b353004..e27c1b0 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -1250,29 +1250,30 @@ function is_interface_vlan_mismatch() {
 }
 
 function is_interface_mismatch() {
-        global $config, $g;
+	global $config, $g;
 
-        /* XXX: Should we process only enabled interfaces?! */
-        $do_assign = false;
-        $i = 0;
+	$do_assign = false;
+	$i = 0;
 	if (is_array($config['interfaces'])) {
-        	foreach ($config['interfaces'] as $ifname => $ifcfg) {
-                	if (preg_match("/^enc|^cua|^tun|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
-                        	$i++;
-                	}
-                	else if (does_interface_exist($ifcfg['if']) == false) {
+		foreach ($config['interfaces'] as $ifname => $ifcfg) {
+			if (preg_match("/^enc|^cua|^tun|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
+				// Do not check these interfaces.
+				$i++;
+				continue;
+			}
+			else if (does_interface_exist($ifcfg['if']) == false) {
 				$do_assign = true;
-                	} else
-                        	$i++;
-        	}
+			} else
+				$i++;
+		}
 	}
 
-        if ($g['minimum_nic_count'] > $i) {
-                $do_assign = true;
-        } else if (file_exists("{$g['tmp_path']}/assign_complete"))
-                $do_assign = false;
+	if ($g['minimum_nic_count'] > $i) {
+		$do_assign = true;
+	} else if (file_exists("{$g['tmp_path']}/assign_complete"))
+	$do_assign = false;
 
-        return $do_assign;
+	return $do_assign;
 }
 
 /* sync carp entries to other firewalls */
diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc
index dda49d2..d50269f 100644
--- a/etc/inc/voucher.inc
+++ b/etc/inc/voucher.inc
@@ -29,7 +29,7 @@
 */
 
 /*
-	pfSense_BUILDER_BINARIES:	/usr/local/bin/voucher	/usr/local/bin/minicron
+	pfSense_BUILDER_BINARIES:	/usr/local/bin/voucher
 	pfSense_MODULE:	captiveportal
 */
 
@@ -213,6 +213,9 @@ function voucher_expire($voucher_received) {
 	$a_vouchers_received = split("[\t\n\r ]+",$voucher_received); 
 	$active_dirty = false;
 
+	$cpdb = captiveportal_read_db(false, 4); /* Indexed by Voucher */
+	$unsetindexes[] = array();
+
 	// go through all received vouchers, check their valid and extract
 	// Roll# and Ticket# using the external readvoucher binary
 	foreach ($a_vouchers_received as $voucher) {
@@ -242,6 +245,15 @@ function voucher_expire($voucher_received) {
 				if (!(ord($bitstring[$roll][$pos]) & $mask))
 					$bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask);
 				captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire");
+
+				/* Check if this voucher has any active sessions */
+				if (isset($cpdb[$voucher])) {
+					$cpentry = $cpdb[$voucher];
+					captiveportal_disconnect($cpentry,null,13);
+					captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"FORCLY TERMINATING VOUCHER {$voucher} SESSION");
+					unset($cpdb[$voucher]);
+					$unsetindexes[] = $cpentry[5];
+				}
 			} else
 				captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll");
 		} else
@@ -253,6 +265,9 @@ function voucher_expire($voucher_received) {
 	if ($active_dirty == true) {
 		foreach ($active_vouchers as $roll => $active)
 			voucher_write_active_db($roll, $active);
+
+		/* Triger a sync of the vouchers on config */
+		send_event("service sync vouchers");
 	}
 
 	// Write back the used DB's
@@ -269,6 +284,10 @@ function voucher_expire($voucher_received) {
 
 	unlock($voucherlck);
 
+	/* Write database */
+	if (!empty($unsetindexes))
+		captiveportal_write_db($cpdb, false, $unsetindexes);
+
 	return true;
 }
 
@@ -424,6 +443,9 @@ function voucher_auth($voucher_received, $test = 0) {
 	$active_vouchers[$first_voucher_roll][$first_voucher] = "$timestamp,$minutes";
 	voucher_write_active_db($roll, $active_vouchers[$first_voucher_roll]);
 
+	/* Triger a sync of the vouchers on config */
+	send_event("service sync vouchers");
+
 	unlock($voucherlck);
 
 	return $total_minutes;
@@ -432,9 +454,6 @@ function voucher_auth($voucher_received, $test = 0) {
 function voucher_configure($sync = false) {
 	global $config, $g;
 
-	/* kill any running minicron */
-	killbypid("{$g['varrun_path']}/vouchercron.pid");
-
 	if (!isset($config['voucher']['enable']))
 		return 0;
 
@@ -443,15 +462,6 @@ function voucher_configure($sync = false) {
 	if ($sync == true)
 	    captiveportal_syslog("Writing voucher db from sync data...");
 
-        // start cron if we're asked to save runtime DB periodically
-        // to XML config if it changed
-        $croninterval = $config['voucher']['saveinterval'] * 60; // need seconds. Config has minutes
-        if ($croninterval) {
-            /* start pruning process (interval defaults to 60 seconds) */
-            mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/vouchercron.pid " .
-                    "/etc/rc.savevoucher");
-        }
-
 	$voucherlck = lock('voucher', LOCK_EX);
 
         /* write public key used to verify vouchers */
@@ -548,8 +558,12 @@ function voucher_read_active_db($roll) {
 				}
 			}
 			fclose($fd);
-			if ($dirty) // if we found expired entries, lets save our snapshot
+			if ($dirty) { // if we found expired entries, lets save our snapshot
 				voucher_write_active_db($roll, $active);
+
+				/* Triger a sync of the vouchers on config */
+				send_event("service sync vouchers");
+			}
 		}
 	}
 	return $active;
@@ -620,12 +634,12 @@ function voucher_log($priority, $message) {
 }
 
 /* Save active and used voucher DB into XML config and write it to flash
- * Called during reboot -> system_reboot_cleanup() and minicron
+ * Called during reboot -> system_reboot_cleanup() and every active voucher change
  */
 function voucher_save_db_to_config() {
     global $config, $g;
     
-    if (!isset($config['voucher']['enable']) || $config['voucher']['saveinterval'] == 0) 
+    if (!isset($config['voucher']['enable']))
         return;   // no vouchers or don't want to save DB's
 
     $voucherlck = lock('voucher', LOCK_EX);
@@ -653,7 +667,7 @@ function voucher_save_db_to_config() {
 
     unlock($voucherlck);
 
-    write_config();
+    write_config("Synching vouchers");
     return;
 }