Fix alter pipe password check after restart for write-back sink.

Skip login lock for internal sessions used by pipe password validation,
and avoid ArrayIndexOutOfBounds when parsing user@ip keys during lock cleanup.

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: luoluoyuyu

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java

@@ -314,8 +314,11 @@ public void cleanExpiredLocks() {
               // Remove outdated failures
               info.removeOldFailures(cutoffTime);
               if (info.getFailureCount() == 0) {
-                String[] parts = entry.getKey().split("@");
-                LOGGER.info(DataNodeMiscMessages.IP_UNLOCKED_EXPIRED, parts[1], parts[0]);
+                final String[] parts = entry.getKey().split("@", 2);
+                LOGGER.info(
+                    DataNodeMiscMessages.IP_UNLOCKED_EXPIRED,
+                    parts.length == 2 ? parts[1] : "",
+                    parts.length >= 1 ? parts[0] : "");
                 return true;
               }
               return false;

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java

@@ -138,7 +138,10 @@ public BasicOpenSessionResp login(
 
     final long userId = AuthorityChecker.getUserId(username).orElse(-1L);
 
-    boolean enableLoginLock = userId != -1;
+    // Pipe/CQ/Select-Into use InternalClientSession for password validation and should not
+    // participate in user@ip login lock (empty client address shares one lock bucket).
+    final boolean enableLoginLock =
+        userId != -1 && session.getConnectionType() != TSConnectionType.INTERNAL;
     LoginLockManager loginLockManager = LoginLockManager.getInstance();
     if (enableLoginLock && loginLockManager.checkLock(userId, session.getClientAddress())) {
       // Generic authentication error