Add a SigninAllowed policy.

chrome/browser/signin/signin_manager.cc

Index: chrome/browser/signin/signin_manager.cc
diff --git a/chrome/browser/signin/signin_manager.cc b/chrome/browser/signin/signin_manager.cc
index f0113767d3d4d78e93e00706b0bdb13726d90184..236d4d8572a2361e3e213911c4e5f6d59b39744b 100644
--- a/chrome/browser/signin/signin_manager.cc
+++ b/chrome/browser/signin/signin_manager.cc
@@ -18,6 +18,7 @@
 #include "chrome/browser/content_settings/cookie_settings.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/profiles/profile_io_data.h"
 #include "chrome/browser/signin/about_signin_internals.h"
 #include "chrome/browser/signin/about_signin_internals_factory.h"
 #include "chrome/browser/signin/signin_global_error.h"
@@ -211,6 +212,9 @@ void SigninManager::Initialize(Profile* profile) {
         base::Bind(&SigninManager::OnGoogleServicesUsernamePatternChanged,
                    base::Unretained(this)));
   }
+  signin_allowed_.Init(prefs::kSigninAllowed, profile_->GetPrefs(),
+                       base::Bind(&SigninManager::OnSigninAllowedPrefChanged,
+                                  base::Unretained(this)));
 
   // If the user is clearing the token service from the command line, then
   // clear their login info also (not valid to be logged in without any
@@ -258,6 +262,26 @@ bool SigninManager::IsAllowedUsername(const std::string& username) const {
   return IsAllowedUsername(username, pattern);
 }
 
+bool SigninManager::IsSigninAllowed() const {
+  return signin_allowed_.GetValue();
+}
+
+// static
+bool SigninManager::IsSigninAllowedOnIOThread(ProfileIOData* io_data) {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
+  return io_data->signin_allowed()->GetValue();
+}
+
+void SigninManager::AddSigninPrefObserver(
+    SigninPrefObserver* signin_pref_observer) {
+  signin_pref_observers_.AddObserver(signin_pref_observer);
+}
+
+void SigninManager::RemoveSigninPrefObserver(
+    SigninPrefObserver* signin_pref_observer) {
+  signin_pref_observers_.RemoveObserver(signin_pref_observer);
+}
+
 void SigninManager::CleanupNotificationRegistration() {
 #if !defined(OS_CHROMEOS)
   content::Source<TokenService> token_service(
@@ -748,6 +772,13 @@ void SigninManager::OnGoogleServicesUsernamePatternChanged() {
   }
 }
 
+void SigninManager::OnSigninAllowedPrefChanged() {
+  if (!IsSigninAllowed())

[Andrew T Wilson (Slow), 2013/02/04 15:41:48]

Is this called during startup? You might want to add code to Initialize() to
sign out the user if signin is not allowed (see the call to IsAllowedUsername()
in that routine).

[Adrian Kuegel, 2013/02/05 10:55:15]

True, I missed that. Thanks for pointing it out. I added it to that condition in
the Initialize() method.

+    SignOut();
+  FOR_EACH_OBSERVER(SigninPrefObserver, signin_pref_observers_,
+                    OnSigninAllowedPrefChange(*signin_allowed_));
+}
+
 void SigninManager::AddSigninDiagnosticsObserver(
     SigninDiagnosticsObserver* observer) {
   signin_diagnostics_observers_.AddObserver(observer);