From ebf7ebeab6525cd1d475fbb5b0ce9bb677bb378e Mon Sep 17 00:00:00 2001 From: luoluoyuyu Date: Tue, 26 May 2026 17:23:37 +0800 Subject: [PATCH 1/2] Fix alter pipe password check after restart for write-back sink. Skip login lock for internal sessions used by pipe password validation, and avoid ArrayIndexOutOfBounds when parsing user@ip keys during lock cleanup. Co-authored-by: Cursor --- .../java/org/apache/iotdb/db/auth/LoginLockManager.java | 7 +++++-- .../apache/iotdb/db/protocol/session/SessionManager.java | 5 ++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java index aa49484e8b923..6015d1d538f91 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java @@ -314,8 +314,11 @@ public void cleanExpiredLocks() { // Remove outdated failures info.removeOldFailures(cutoffTime); if (info.getFailureCount() == 0) { - String[] parts = entry.getKey().split("@"); - LOGGER.info(DataNodeMiscMessages.IP_UNLOCKED_EXPIRED, parts[1], parts[0]); + final String[] parts = entry.getKey().split("@", 2); + LOGGER.info( + DataNodeMiscMessages.IP_UNLOCKED_EXPIRED, + parts.length == 2 ? parts[1] : "", + parts.length >= 1 ? parts[0] : ""); return true; } return false; diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java index c84ed06bb4b8d..c53c48182d453 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java @@ -138,7 +138,10 @@ public BasicOpenSessionResp login( final long userId = AuthorityChecker.getUserId(username).orElse(-1L); - boolean enableLoginLock = userId != -1; + // Pipe/CQ/Select-Into use InternalClientSession for password validation and should not + // participate in user@ip login lock (empty client address shares one lock bucket). + final boolean enableLoginLock = + userId != -1 && session.getConnectionType() != TSConnectionType.INTERNAL; LoginLockManager loginLockManager = LoginLockManager.getInstance(); if (enableLoginLock && loginLockManager.checkLock(userId, session.getClientAddress())) { // Generic authentication error From 6b40e9ab67229efe557d62ebf364dc95ed8bc98e Mon Sep 17 00:00:00 2001 From: luoluoyuyu Date: Tue, 26 May 2026 17:30:04 +0800 Subject: [PATCH 2/2] spotless --- .../org/apache/iotdb/db/protocol/session/SessionManager.java | 1 + 1 file changed, 1 insertion(+) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java index c53c48182d453..b3fa3c049f363 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java @@ -48,6 +48,7 @@ import org.apache.iotdb.rpc.TSStatusCode; import org.apache.iotdb.service.rpc.thrift.TSConnectionInfo; import org.apache.iotdb.service.rpc.thrift.TSConnectionInfoResp; +import org.apache.iotdb.service.rpc.thrift.TSConnectionType; import org.apache.iotdb.service.rpc.thrift.TSProtocolVersion; import org.apache.tsfile.external.commons.lang3.StringUtils;