Add a SigninAllowed policy.

chrome/browser/ui/chrome_pages.cc

Index: chrome/browser/ui/chrome_pages.cc
diff --git a/chrome/browser/ui/chrome_pages.cc b/chrome/browser/ui/chrome_pages.cc
index a2fbf0e8a4471a11e4653bb92321b62a7519a8f3..ddfb24bdaec9285ab3f925b70d70c86a3313b78c 100644
--- a/chrome/browser/ui/chrome_pages.cc
+++ b/chrome/browser/ui/chrome_pages.cc
@@ -185,6 +185,9 @@ void ShowBrowserSignin(Browser* browser, SyncPromoUI::Source source) {
   Profile* original_profile = browser->profile()->GetOriginalProfile();
   SigninManager* manager =
       SigninManagerFactory::GetForProfile(original_profile);
+  // Check if Signin to Chrome is allowed by the policy.
+  if (!manager->IsSigninAllowed())

[sail, 2013/02/08 20:18:57]

Why would this code be reached if signin is not allowed.
If signin in was not allowed and the user did something to trigger this code
then what would the user see now?

[Adrian Kuegel, 2013/02/11 16:47:30]

Yes, I agree this code should never be reached if everything else works properly
(updating the corresponding command in BrowserCommandController for example).
If for example the command in the menu is not updated properly, and the user
clicks on it, nothing would happen.
As suggested by Andrew, I changed the code here into a DCHECK. But I can also
remove it if you want.

[sail, 2013/02/20 23:08:21]

DCHECK is fine.

+    return;
   // If we're signed in, just show settings.
   if (!manager->GetAuthenticatedUsername().empty()) {
     ShowSettings(browser);