Added policy for disabling locally managed users.

chrome/browser/chromeos/login/existing_user_controller.cc

Index: chrome/browser/chromeos/login/existing_user_controller.cc
diff --git a/chrome/browser/chromeos/login/existing_user_controller.cc b/chrome/browser/chromeos/login/existing_user_controller.cc
index 505746bb46f2bdca1bcd576c46d83d701346384d..2006de24676d17901660d71d9912593b6209dd83 100644
--- a/chrome/browser/chromeos/login/existing_user_controller.cc
+++ b/chrome/browser/chromeos/login/existing_user_controller.cc
@@ -181,8 +181,10 @@ void ExistingUserController::UpdateLoginDisplay(const UserList& users) {
   if (show_users_on_signin) {
     for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) {
       // TODO(xiyuan): Clean user profile whose email is not in whitelist.
-      if (LoginUtils::IsWhitelisted((*it)->email()) ||
-          (*it)->GetType() != User::USER_TYPE_REGULAR) {
+      if (((*it)->GetType() != User::USER_TYPE_LOCALLY_MANAGED ||

[Denis Kuznetsov (DE-MUC), 2013/06/21 12:28:52]

Please extract this as a boolean var, so that it would be easier to read.

[dzhioev (left Google), 2013/06/21 13:42:29]

Done.

+           UserManager::Get()->AreLocallyManagedUsersAllowed()) &&
+          (LoginUtils::IsWhitelisted((*it)->email()) ||
+           (*it)->GetType() != User::USER_TYPE_REGULAR)) {
         filtered_users.push_back(*it);
       }
     }
@@ -438,6 +440,11 @@ void ExistingUserController::PerformLogin(
   is_login_in_progress_ = true;
   if (gaia::ExtractDomainName(user_context.username) ==
           UserManager::kLocallyManagedUserDomain) {
+    if (!UserManager::Get()->AreLocallyManagedUsersAllowed()) {
+      LOG(ERROR) << "Login attempt of locally managed user detected.";
+      login_display_->SetUIEnabled(true);
+      return;
+    }
     login_performer_->LoginAsLocallyManagedUser(
         UserContext(user_context.username,
                     user_context.password,